From 38ca528af83f1874a79ad6744215bd4af1404414 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Thu, 18 Jan 2018 13:17:08 -0500
Subject: [PATCH] Ticket 49541 - repl config should not allow rid 65535 for
 masters

Description:  Reject adding a replica config entry with a rid of 65535 or higher,
              and prevent setting master's rid to 65535 or higher.

https://pagure.io/389-ds-base/issue/49541

Reviewed by: mreynolds(one line commit rule)

(cherry picked from commit ebb00a4180693225cf3c2f4aced54dc33141fa77)
---
 dirsrvtests/tests/suites/replication/replica_config_test.py | 9 +++++----
 ldap/servers/plugins/replication/repl5_replica.c            | 2 +-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/dirsrvtests/tests/suites/replication/replica_config_test.py b/dirsrvtests/tests/suites/replication/replica_config_test.py
index 50ea2ece9..143a12479 100644
--- a/dirsrvtests/tests/suites/replication/replica_config_test.py
+++ b/dirsrvtests/tests/suites/replication/replica_config_test.py
@@ -24,7 +24,7 @@ replica_dict = {'objectclass': 'top nsDS5Replica'.split(),
                 'nsDS5ReplicaRoot': 'dc=example,dc=com',
                 'nsDS5ReplicaType': '3',
                 'nsDS5Flags': '1',
-                'nsDS5ReplicaId': '65535',
+                'nsDS5ReplicaId': '65534',
                 'nsds5ReplicaPurgeDelay': '604800',
                 'nsDS5ReplicaBindDN': 'cn=u',
                 'cn': 'replica'}
@@ -42,7 +42,7 @@ agmt_dict = {'objectClass': 'top nsDS5ReplicationAgreement'.split(),
 
 repl_add_attrs = [('nsDS5ReplicaType', '-1', '4', overflow, notnum, '1'),
                   ('nsDS5Flags', '-1', '2', overflow, notnum, '1'),
-                  ('nsDS5ReplicaId', '0', '65536', overflow, notnum, '1'),
+                  ('nsDS5ReplicaId', '0', '65535', overflow, notnum, '1'),
                   ('nsds5ReplicaPurgeDelay', '-2', too_big, overflow, notnum, '1'),
                   ('nsDS5ReplicaBindDnGroupCheckInterval', '-2', too_big, overflow, notnum, '1'),
                   ('nsds5ReplicaTombstonePurgeInterval', '-2', too_big, overflow, notnum, '1'),
@@ -60,7 +60,8 @@ repl_mod_attrs = [('nsDS5Flags', '-1', '2', overflow, notnum, '1'),
                   ('nsds5ReplicaBackoffMin', '0', too_big, overflow, notnum, '3'),
                   ('nsds5ReplicaBackoffMax', '0', too_big, overflow, notnum, '6')]
 
-agmt_attrs = [('nsds5ReplicaPort', '0', '65536', overflow, notnum, '389'),
+agmt_attrs = [
+              ('nsds5ReplicaPort', '0', '65535', overflow, notnum, '389'),
               ('nsds5ReplicaTimeout', '-1', too_big, overflow, notnum, '6'),
               ('nsds5ReplicaBusyWaitTime', '-1', too_big, overflow, notnum, '6'),
               ('nsds5ReplicaSessionPauseTime', '-1', too_big, overflow, notnum, '6'),
@@ -393,5 +394,5 @@ if __name__ == '__main__':
     # Run isolated
     # -s for DEBUG mode
     CURRENT_FILE = os.path.realpath(__file__)
-    pytest.main("-s %s" % CURRENT_FILE)
+    pytest.main(["-s", CURRENT_FILE])
 
diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c
index e75807a62..bdb8a5167 100644
--- a/ldap/servers/plugins/replication/repl5_replica.c
+++ b/ldap/servers/plugins/replication/repl5_replica.c
@@ -1988,7 +1988,7 @@ _replica_init_from_config(Replica *r, Slapi_Entry *e, char *errortext)
              r->repl_type == REPLICA_TYPE_PRIMARY) {
         if ((val = slapi_entry_attr_get_charptr(e, attr_replicaId))) {
             int64_t rid;
-            if (repl_config_valid_num(attr_replicaId, val, 1, 65535, &rc, errormsg, &rid) != 0) {
+            if (repl_config_valid_num(attr_replicaId, val, 1, 65534, &rc, errormsg, &rid) != 0) {
                 slapi_ch_free_string(&val);
                 return -1;
             }
-- 
2.13.6