zrhoffman / rpms / 389-ds-base

Forked from rpms/389-ds-base 3 years ago
Clone

Blame SOURCES/0068-Ticket-47620-Config-value-validation-improvement.patch

cc3dff
From 014aaa8b331e9af9f36432000c4c99b9f60687ae Mon Sep 17 00:00:00 2001
cc3dff
From: Mark Reynolds <mreynolds@redhat.com>
cc3dff
Date: Fri, 13 Dec 2013 11:43:47 -0500
cc3dff
Subject: [PATCH 68/78] Ticket 47620 - Config value validation improvement
cc3dff
cc3dff
Bug Description:  When setting the replication protocol timeout, it is possible
cc3dff
                  to set a negative number(it should be rejected), and when
cc3dff
                  setting the timeout for an agreement using letters, we get an
cc3dff
                  invalid syntax error, but it should really be an error 53 to
cc3dff
                  be consistent with how the invalid timeout error that is given
cc3dff
                  when updating the replica entry.
cc3dff
cc3dff
Fix Description:  In the agmt modify code, we did not have the actual modify value
cc3dff
                  during the validation.  This allowed the value to be added, which
cc3dff
                  was later caught for the invalid syntax.  Then improved the overall
cc3dff
                  logic to the validation to also catch the negative numbers.
cc3dff
cc3dff
https://fedorahosted.org/389/ticket/47620
cc3dff
cc3dff
Reviewed by: rmeggins(Thanks!)
cc3dff
(cherry picked from commit 8a4bbc7c74a6847d75e4d6e9e0b16859a5da8ec0)
cc3dff
(cherry picked from commit 1bbb27b522dd8eb36f09f47c144fd65511c132b5)
cc3dff
---
cc3dff
 ldap/servers/plugins/replication/repl5_agmtlist.c  | 32 ++++++++++++----------
cc3dff
 .../plugins/replication/repl5_replica_config.c     | 12 +++++---
cc3dff
 2 files changed, 25 insertions(+), 19 deletions(-)
cc3dff
cc3dff
diff --git a/ldap/servers/plugins/replication/repl5_agmtlist.c b/ldap/servers/plugins/replication/repl5_agmtlist.c
cc3dff
index 04891b7..bd14202 100644
cc3dff
--- a/ldap/servers/plugins/replication/repl5_agmtlist.c
cc3dff
+++ b/ldap/servers/plugins/replication/repl5_agmtlist.c
cc3dff
@@ -245,6 +245,7 @@ agmtlist_modify_callback(Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry
cc3dff
 	for (i = 0; NULL != mods && NULL != mods[i]; i++)
cc3dff
 	{
cc3dff
 		slapi_ch_free_string(&val;;
cc3dff
+		val = slapi_berval_get_string_copy (mods[i]->mod_bvalues[0]);
cc3dff
 		if (slapi_attr_types_equivalent(mods[i]->mod_type, type_nsds5ReplicaInitialize))
cc3dff
 		{
cc3dff
             /* we don't allow delete attribute operations unless it was issued by
cc3dff
@@ -268,10 +269,7 @@ agmtlist_modify_callback(Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry
cc3dff
             }
cc3dff
             else
cc3dff
             {
cc3dff
-                if (mods[i]->mod_bvalues && mods[i]->mod_bvalues[0])
cc3dff
-                    val = slapi_berval_get_string_copy (mods[i]->mod_bvalues[0]);
cc3dff
-                else
cc3dff
-                {
cc3dff
+                if(val == NULL){
cc3dff
                     slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, "agmtlist_modify_callback: " 
cc3dff
                                 "no value provided for %s attribute\n", type_nsds5ReplicaInitialize);
cc3dff
                     *returncode = LDAP_UNWILLING_TO_PERFORM;
cc3dff
@@ -515,19 +513,23 @@ agmtlist_modify_callback(Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry
cc3dff
             }
cc3dff
         }
cc3dff
         else if (slapi_attr_types_equivalent(mods[i]->mod_type, type_replicaProtocolTimeout)){
cc3dff
-            if (val){
cc3dff
-                long ptimeout = atol(val);
cc3dff
+            long ptimeout = 0;
cc3dff
 
cc3dff
-                if(ptimeout <= 0){
cc3dff
-                    *returncode = LDAP_UNWILLING_TO_PERFORM;
cc3dff
-                    slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "attribute %s value (%s) is invalid, "
cc3dff
-                                    "must be a number greater than zero.\n",
cc3dff
-                                    type_replicaProtocolTimeout, val);
cc3dff
-                    rc = SLAPI_DSE_CALLBACK_ERROR;
cc3dff
-                    break;
cc3dff
-                }
cc3dff
-                agmt_set_protocol_timeout(agmt, ptimeout);
cc3dff
+            if (val){
cc3dff
+                ptimeout = atol(val);
cc3dff
+            }
cc3dff
+            if(ptimeout <= 0){
cc3dff
+                *returncode = LDAP_UNWILLING_TO_PERFORM;
cc3dff
+                PR_snprintf (returntext, SLAPI_DSE_RETURNTEXT_SIZE,
cc3dff
+                             "attribute %s value (%s) is invalid, must be a number greater than zero.\n",
cc3dff
+                             type_replicaProtocolTimeout, val ? val : "");
cc3dff
+                slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "attribute %s value (%s) is invalid, "
cc3dff
+                                "must be a number greater than zero.\n",
cc3dff
+                                type_replicaProtocolTimeout, val ? val : "");
cc3dff
+                rc = SLAPI_DSE_CALLBACK_ERROR;
cc3dff
+                break;
cc3dff
             }
cc3dff
+            agmt_set_protocol_timeout(agmt, ptimeout);
cc3dff
         }
cc3dff
         else if (0 == windows_handle_modify_agreement(agmt, mods[i]->mod_type, e))
cc3dff
         {
cc3dff
diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c
cc3dff
index 9452d51..74e1fb7 100644
cc3dff
--- a/ldap/servers/plugins/replication/repl5_replica_config.c
cc3dff
+++ b/ldap/servers/plugins/replication/repl5_replica_config.c
cc3dff
@@ -497,17 +497,21 @@ replica_config_modify (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
cc3dff
                 else if (strcasecmp (config_attr, type_replicaProtocolTimeout) == 0 ){
cc3dff
                     if (apply_mods && config_attr_value && config_attr_value[0])
cc3dff
                     {
cc3dff
-                        long ptimeout = atol(config_attr_value);
cc3dff
+                        long ptimeout = 0;
cc3dff
+
cc3dff
+                        if(config_attr_value){
cc3dff
+                            ptimeout = atol(config_attr_value);
cc3dff
+                        }
cc3dff
 
cc3dff
                         if(ptimeout <= 0){
cc3dff
                             *returncode = LDAP_UNWILLING_TO_PERFORM;
cc3dff
                             PR_snprintf (errortext, SLAPI_DSE_RETURNTEXT_SIZE,
cc3dff
                                          "attribute %s value (%s) is invalid, must be a number greater than zero.\n",
cc3dff
-                                         config_attr, config_attr_value);
cc3dff
+                                         config_attr, config_attr_value ? config_attr_value : "");
cc3dff
                             slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "replica_config_modify: %s\n", errortext);
cc3dff
-                        } else {
cc3dff
-                            replica_set_protocol_timeout(r, ptimeout);
cc3dff
+                            break;
cc3dff
                         }
cc3dff
+                        replica_set_protocol_timeout(r, ptimeout);
cc3dff
                     }
cc3dff
                 }
cc3dff
                 else
cc3dff
-- 
cc3dff
1.8.1.4
cc3dff