From 45138bc8c9be932ccd481d18fee6c7c255a008d4 Mon Sep 17 00:00:00 2001 From: Mark Reynolds Date: Wed, 22 Aug 2012 14:59:33 -0400 Subject: [PATCH] Ticket 436 - nsds5ReplicaEnabled can be set with any invalid values. Bug Description: There is no checking of the value for nsds5ReplicaEnabled either at startup or with ldapmodify. Fix Description: Verify the value is either "on" or "off", and report the appropriate error message. https://fedorahosted.org/389/ticket/436 Reviewed by: ? --- ldap/servers/plugins/replication/repl5.h | 2 +- ldap/servers/plugins/replication/repl5_agmt.c | 16 +++++++++++++--- ldap/servers/plugins/replication/repl5_agmtlist.c | 2 +- 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h index fc756b1..26d0298 100644 --- a/ldap/servers/plugins/replication/repl5.h +++ b/ldap/servers/plugins/replication/repl5.h @@ -360,7 +360,7 @@ int get_agmt_agreement_type ( Repl_Agmt *agmt); void* agmt_get_connection( Repl_Agmt *ra); int agmt_has_protocol(Repl_Agmt *agmt); PRBool agmt_is_enabled(Repl_Agmt *ra); -int agmt_set_enabled_from_entry(Repl_Agmt *ra, Slapi_Entry *e); +int agmt_set_enabled_from_entry(Repl_Agmt *ra, Slapi_Entry *e, char *returntext); char **agmt_get_attrs_to_strip(Repl_Agmt *ra); int agmt_set_attrs_to_strip(Repl_Agmt *ra, Slapi_Entry *e); void agmt_set_cleanruv_notified_from_entry(Repl_Agmt *ra, Slapi_Entry *e); diff --git a/ldap/servers/plugins/replication/repl5_agmt.c b/ldap/servers/plugins/replication/repl5_agmt.c index e573d40..9002ff3 100644 --- a/ldap/servers/plugins/replication/repl5_agmt.c +++ b/ldap/servers/plugins/replication/repl5_agmt.c @@ -350,7 +350,11 @@ agmt_new_from_entry(Slapi_Entry *e) } else if(strcasecmp(tmpstr, "on") == 0){ ra->is_enabled = PR_TRUE; } else { - ra->is_enabled = slapi_entry_attr_get_bool(e, type_nsds5ReplicaEnabled); + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Warning invalid value " + "for nsds5ReplicaEnabled (%s), value must be \"on\" or \"off\". Ignoring " + "this repl agreement.\n",tmpstr); + slapi_ch_free_string(&tmpstr); + goto loser; } slapi_ch_free_string(&tmpstr); } else { @@ -2519,7 +2523,7 @@ agmt_is_enabled(Repl_Agmt *ra) } int -agmt_set_enabled_from_entry(Repl_Agmt *ra, Slapi_Entry *e){ +agmt_set_enabled_from_entry(Repl_Agmt *ra, Slapi_Entry *e, char *returntext){ char *attr_val = NULL; int rc = 0; @@ -2536,7 +2540,13 @@ agmt_set_enabled_from_entry(Repl_Agmt *ra, Slapi_Entry *e){ } else if(strcasecmp(attr_val,"on") == 0){ is_enabled = PR_TRUE; } else { - is_enabled = slapi_entry_attr_get_bool(e, type_nsds5ReplicaEnabled); + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "agmt_set_enabled_from_entry: invalid " + "value for nsds5ReplicaEnabled (%s), the value must be \"on\" or \"off\".\n", attr_val); + PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "Invalid value for nsds5ReplicaEnabled, " + "the value must be \"on\" or \"off\".\n"); + slapi_ch_free_string(&attr_val); + PR_Unlock(ra->lock); + return -1; } slapi_ch_free_string(&attr_val); if(is_enabled){ diff --git a/ldap/servers/plugins/replication/repl5_agmtlist.c b/ldap/servers/plugins/replication/repl5_agmtlist.c index c0b9664..537cfd8 100644 --- a/ldap/servers/plugins/replication/repl5_agmtlist.c +++ b/ldap/servers/plugins/replication/repl5_agmtlist.c @@ -492,7 +492,7 @@ agmtlist_modify_callback(Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry } else if (slapi_attr_types_equivalent(mods[i]->mod_type, type_nsds5ReplicaEnabled)) { - if(agmt_set_enabled_from_entry(agmt, e) != 0){ + if(agmt_set_enabled_from_entry(agmt, e, returntext) != 0){ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, "agmtlist_modify_callback: " "failed to set replica agmt state \"enabled/disabled\" for %s\n",agmt_get_long_name(agmt)); *returncode = LDAP_OPERATIONS_ERROR; -- 1.7.1