From 014aaa8b331e9af9f36432000c4c99b9f60687ae Mon Sep 17 00:00:00 2001 From: Mark Reynolds Date: Fri, 13 Dec 2013 11:43:47 -0500 Subject: [PATCH 68/78] Ticket 47620 - Config value validation improvement Bug Description: When setting the replication protocol timeout, it is possible to set a negative number(it should be rejected), and when setting the timeout for an agreement using letters, we get an invalid syntax error, but it should really be an error 53 to be consistent with how the invalid timeout error that is given when updating the replica entry. Fix Description: In the agmt modify code, we did not have the actual modify value during the validation. This allowed the value to be added, which was later caught for the invalid syntax. Then improved the overall logic to the validation to also catch the negative numbers. https://fedorahosted.org/389/ticket/47620 Reviewed by: rmeggins(Thanks!) (cherry picked from commit 8a4bbc7c74a6847d75e4d6e9e0b16859a5da8ec0) (cherry picked from commit 1bbb27b522dd8eb36f09f47c144fd65511c132b5) --- ldap/servers/plugins/replication/repl5_agmtlist.c | 32 ++++++++++++---------- .../plugins/replication/repl5_replica_config.c | 12 +++++--- 2 files changed, 25 insertions(+), 19 deletions(-) diff --git a/ldap/servers/plugins/replication/repl5_agmtlist.c b/ldap/servers/plugins/replication/repl5_agmtlist.c index 04891b7..bd14202 100644 --- a/ldap/servers/plugins/replication/repl5_agmtlist.c +++ b/ldap/servers/plugins/replication/repl5_agmtlist.c @@ -245,6 +245,7 @@ agmtlist_modify_callback(Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry for (i = 0; NULL != mods && NULL != mods[i]; i++) { slapi_ch_free_string(&val); + val = slapi_berval_get_string_copy (mods[i]->mod_bvalues[0]); if (slapi_attr_types_equivalent(mods[i]->mod_type, type_nsds5ReplicaInitialize)) { /* we don't allow delete attribute operations unless it was issued by @@ -268,10 +269,7 @@ agmtlist_modify_callback(Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry } else { - if (mods[i]->mod_bvalues && mods[i]->mod_bvalues[0]) - val = slapi_berval_get_string_copy (mods[i]->mod_bvalues[0]); - else - { + if(val == NULL){ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, "agmtlist_modify_callback: " "no value provided for %s attribute\n", type_nsds5ReplicaInitialize); *returncode = LDAP_UNWILLING_TO_PERFORM; @@ -515,19 +513,23 @@ agmtlist_modify_callback(Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry } } else if (slapi_attr_types_equivalent(mods[i]->mod_type, type_replicaProtocolTimeout)){ - if (val){ - long ptimeout = atol(val); + long ptimeout = 0; - if(ptimeout <= 0){ - *returncode = LDAP_UNWILLING_TO_PERFORM; - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "attribute %s value (%s) is invalid, " - "must be a number greater than zero.\n", - type_replicaProtocolTimeout, val); - rc = SLAPI_DSE_CALLBACK_ERROR; - break; - } - agmt_set_protocol_timeout(agmt, ptimeout); + if (val){ + ptimeout = atol(val); + } + if(ptimeout <= 0){ + *returncode = LDAP_UNWILLING_TO_PERFORM; + PR_snprintf (returntext, SLAPI_DSE_RETURNTEXT_SIZE, + "attribute %s value (%s) is invalid, must be a number greater than zero.\n", + type_replicaProtocolTimeout, val ? val : ""); + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "attribute %s value (%s) is invalid, " + "must be a number greater than zero.\n", + type_replicaProtocolTimeout, val ? val : ""); + rc = SLAPI_DSE_CALLBACK_ERROR; + break; } + agmt_set_protocol_timeout(agmt, ptimeout); } else if (0 == windows_handle_modify_agreement(agmt, mods[i]->mod_type, e)) { diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c index 9452d51..74e1fb7 100644 --- a/ldap/servers/plugins/replication/repl5_replica_config.c +++ b/ldap/servers/plugins/replication/repl5_replica_config.c @@ -497,17 +497,21 @@ replica_config_modify (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* else if (strcasecmp (config_attr, type_replicaProtocolTimeout) == 0 ){ if (apply_mods && config_attr_value && config_attr_value[0]) { - long ptimeout = atol(config_attr_value); + long ptimeout = 0; + + if(config_attr_value){ + ptimeout = atol(config_attr_value); + } if(ptimeout <= 0){ *returncode = LDAP_UNWILLING_TO_PERFORM; PR_snprintf (errortext, SLAPI_DSE_RETURNTEXT_SIZE, "attribute %s value (%s) is invalid, must be a number greater than zero.\n", - config_attr, config_attr_value); + config_attr, config_attr_value ? config_attr_value : ""); slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "replica_config_modify: %s\n", errortext); - } else { - replica_set_protocol_timeout(r, ptimeout); + break; } + replica_set_protocol_timeout(r, ptimeout); } } else -- 1.8.1.4