| |
@@ -188,6 +188,11 @@
|
| |
CONFIG_FILTER, replica_config_post_modify);
|
| |
}
|
| |
|
| |
+ #define MSG_NOREPLICARDN "no replica rdn\n"
|
| |
+ #define MSG_NOREPLICANORMRDN "no replica normalized rdn\n"
|
| |
+ #define MSG_CNREPLICA "replica rdn %s should be %s\n"
|
| |
+ #define MSG_ALREADYCONFIGURED "replica already configured for %s\n"
|
| |
+
|
| |
static int
|
| |
replica_config_add(Slapi_PBlock *pb __attribute__((unused)),
|
| |
Slapi_Entry *e,
|
| |
@@ -199,15 +204,48 @@
|
| |
Replica *r = NULL;
|
| |
multimaster_mtnode_extension *mtnode_ext;
|
| |
char *replica_root = (char *)slapi_entry_attr_get_charptr(e, attr_replicaRoot);
|
| |
- char buf[SLAPI_DSE_RETURNTEXT_SIZE];
|
| |
- char *errortext = errorbuf ? errorbuf : buf;
|
| |
+ char *errortext = NULL;
|
| |
+ Slapi_RDN *replicardn;
|
| |
|
| |
- if (errorbuf) {
|
| |
- errorbuf[0] = '\0';
|
| |
+ if (errorbuf != NULL) {
|
| |
+ errortext = errorbuf;
|
| |
}
|
| |
|
| |
*returncode = LDAP_SUCCESS;
|
| |
|
| |
+ /* check rdn is "cn=replica" */
|
| |
+ replicardn = slapi_rdn_new_sdn(slapi_entry_get_sdn(e));
|
| |
+ if (replicardn) {
|
| |
+ char *nrdn = slapi_rdn_get_nrdn(replicardn);
|
| |
+ if (nrdn == NULL) {
|
| |
+ if (errortext != NULL) {
|
| |
+ strcpy(errortext, MSG_NOREPLICANORMRDN);
|
| |
+ }
|
| |
+ slapi_log_err(SLAPI_LOG_ERR, repl_plugin_name, "replica_config_add - "MSG_NOREPLICANORMRDN);
|
| |
+ slapi_rdn_free(&replicardn);
|
| |
+ *returncode = LDAP_UNWILLING_TO_PERFORM;
|
| |
+ return SLAPI_DSE_CALLBACK_ERROR;
|
| |
+ } else {
|
| |
+ if (strcmp(nrdn,REPLICA_RDN)!=0) {
|
| |
+ if (errortext != NULL) {
|
| |
+ PR_snprintf(errortext, SLAPI_DSE_RETURNTEXT_SIZE,MSG_CNREPLICA, nrdn, REPLICA_RDN);
|
| |
+ }
|
| |
+ slapi_log_err(SLAPI_LOG_ERR, repl_plugin_name,"replica_config_add - "MSG_CNREPLICA, nrdn, REPLICA_RDN);
|
| |
+ slapi_rdn_free(&replicardn);
|
| |
+ *returncode = LDAP_UNWILLING_TO_PERFORM;
|
| |
+ return SLAPI_DSE_CALLBACK_ERROR;
|
| |
+ }
|
| |
+ slapi_rdn_free(&replicardn);
|
| |
+ }
|
| |
+ } else {
|
| |
+ if (errortext != NULL) {
|
| |
+ strcpy(errortext, MSG_NOREPLICARDN);
|
| |
+ }
|
| |
+ slapi_log_err(SLAPI_LOG_ERR, repl_plugin_name, "replica_config_add - "MSG_NOREPLICARDN);
|
| |
+ *returncode = LDAP_UNWILLING_TO_PERFORM;
|
| |
+ return SLAPI_DSE_CALLBACK_ERROR;
|
| |
+ }
|
| |
+
|
| |
PR_Lock(s_configLock);
|
| |
|
| |
/* add the dn to the dn hash so we can tell this replica is being configured */
|
| |
@@ -217,8 +255,10 @@
|
| |
PR_ASSERT(mtnode_ext);
|
| |
|
| |
if (mtnode_ext->replica) {
|
| |
- PR_snprintf(errortext, SLAPI_DSE_RETURNTEXT_SIZE, "replica already configured for %s", replica_root);
|
| |
- slapi_log_err(SLAPI_LOG_ERR, repl_plugin_name, "replica_config_add - %s\n", errortext);
|
| |
+ if ( errortext != NULL ) {
|
| |
+ PR_snprintf(errortext, SLAPI_DSE_RETURNTEXT_SIZE, MSG_ALREADYCONFIGURED, replica_root);
|
| |
+ }
|
| |
+ slapi_log_err(SLAPI_LOG_ERR, repl_plugin_name, "replica_config_add - "MSG_ALREADYCONFIGURED, replica_root);
|
| |
*returncode = LDAP_UNWILLING_TO_PERFORM;
|
| |
goto done;
|
| |
}
|
| |
Bug Description:
We should enforce that if an object is of type nsds5replica, it must be named cn=replica.
This has caused some confusion where people have misconfigured their system by trying alternate names.
Fix Description:
Check that rdn of replica dn is exactly REPLICA_RDN
https://pagure.io/389-ds-base/issue/50059
Author: German Parente gparente@redhat.com
Review by: ???