Hi,
the attached two patches address issues I found when testing ca management in the topology plugin


Thanks for review,
Ludwig
>From 64a2ca2d87a0513b54cdd7e2d14f4c321994e9f5 Mon Sep 17 00:00:00 2001
From: Ludwig Krispenz <lkris...@redhat.com>
Date: Mon, 24 Aug 2015 13:29:35 +0200
Subject: [PATCH 1/2] reject agreement only if both ends are managed

the creation or deletion of a replication agreemet is rejected if the
servers are managed for the suffix. But bot endpoints need to checked
---
 daemons/ipa-slapi-plugins/topology/topology_util.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/daemons/ipa-slapi-plugins/topology/topology_util.c b/daemons/ipa-slapi-plugins/topology/topology_util.c
index 1e4a67558d5c9d47dcaae6d2633ca5dd9692ccf6..65d50259da6cecee2feef3f7a8e84d6135b027bb 100644
--- a/daemons/ipa-slapi-plugins/topology/topology_util.c
+++ b/daemons/ipa-slapi-plugins/topology/topology_util.c
@@ -1042,7 +1042,8 @@ ipa_topo_util_target_is_managed(Slapi_Entry *e)
     repl_root = slapi_entry_attr_get_charptr(e,"nsDS5ReplicaRoot");
     replica = ipa_topo_cfg_replica_find(repl_root,1);
     if (targethost && replica &&
-        ipa_topo_cfg_host_find(replica, targethost, 1)) {
+        ipa_topo_cfg_host_find(replica, targethost, 1) &&
+        ipa_topo_cfg_host_find(replica, ipa_topo_get_plugin_hostname(), 1)) {
         ret = 1;
     }
     slapi_ch_free_string(&targethost);
-- 
2.4.3

>From 3a31d7bc8cf24c02c223450b50bf7ff85b826c07 Mon Sep 17 00:00:00 2001
From: Ludwig Krispenz <lkris...@redhat.com>
Date: Thu, 17 Sep 2015 10:47:00 +0200
Subject: [PATCH 2/2] update list of managed servers when a suffix becomes
 managed

when a suffix becomes managed for a host, the host needs to
be added to the managed servers, otherwise connectivity check would fail
---
 daemons/ipa-slapi-plugins/topology/topology.h      |  3 +-
 daemons/ipa-slapi-plugins/topology/topology_cfg.c  | 36 ++++++--------------
 daemons/ipa-slapi-plugins/topology/topology_post.c |  5 +--
 daemons/ipa-slapi-plugins/topology/topology_util.c | 38 +++++++++++++++++++++-
 4 files changed, 52 insertions(+), 30 deletions(-)

diff --git a/daemons/ipa-slapi-plugins/topology/topology.h b/daemons/ipa-slapi-plugins/topology/topology.h
index fea8281ac5f0865aca4052f6139e4384f5665b87..d264ed9c1e3e903d7554963b843d1f98385ec47a 100644
--- a/daemons/ipa-slapi-plugins/topology/topology.h
+++ b/daemons/ipa-slapi-plugins/topology/topology.h
@@ -178,7 +178,7 @@ void ipa_topo_lock_conf(void);
 void ipa_topo_unlock_conf(void);
 int ipa_topo_acquire_startup_inprogress(void);
 void ipa_topo_release_startup_inprogress(void);
-void ipa_topo_cfg_host_add(Slapi_Entry *hostentry);
+void ipa_topo_cfg_host_add(TopoReplica *tconf, char *host);
 void ipa_topo_cfg_host_del(Slapi_Entry *hostentry);
 TopoReplicaHost *ipa_topo_cfg_host_find(TopoReplica *tconf, char *host, int lock);
 TopoReplicaHost *ipa_topo_cfg_host_new(char *newhost);
@@ -283,6 +283,7 @@ int ipa_topo_util_setup_servers(void);
 void ipa_topo_util_update_segments_for_host(TopoReplica *conf, char *hostname);
 char *ipa_topo_util_get_ldap_principal(char *repl_root, char *hostname);
 void ipa_topo_util_disable_repl_for_principal(char *repl_root, char *principal);
+void ipa_topo_util_init_hosts(Slapi_Entry *hostentry);
 void ipa_topo_util_add_host(Slapi_Entry *hostentry);
 void ipa_topo_util_delete_host(Slapi_Entry *hostentry);
 void ipa_topo_util_update_host(Slapi_Entry *hostentry, LDAPMod **mods);
diff --git a/daemons/ipa-slapi-plugins/topology/topology_cfg.c b/daemons/ipa-slapi-plugins/topology/topology_cfg.c
index d211f20f6bf267ecf4eca79b423a600e53bc5795..3ca61a8ea7c463c45f3dbf2e13a9790c5079e2d7 100644
--- a/daemons/ipa-slapi-plugins/topology/topology_cfg.c
+++ b/daemons/ipa-slapi-plugins/topology/topology_cfg.c
@@ -471,38 +471,22 @@ ipa_topo_cfg_host_new(char *newhost)
 }
 
 void
-ipa_topo_cfg_host_add(Slapi_Entry *hostentry)
+ipa_topo_cfg_host_add(TopoReplica *replica, char *newhost)
 {
-    char *newhost;
-    char **repl_root = NULL;
     TopoReplicaHost *hostnode = NULL;
-    TopoReplica *replica = NULL;
-    int i;
+    if (replica == NULL || newhost == NULL) return;
 
-    newhost = slapi_entry_attr_get_charptr(hostentry,"cn");
-    if (newhost == NULL) return;
-
-    repl_root = slapi_entry_attr_get_charray(hostentry,"ipaReplTopoManagedSuffix");
-    if (repl_root == NULL || *repl_root == NULL) return;
-
-    for (i=0; repl_root[i];i++) {
-        replica = ipa_topo_cfg_replica_find(repl_root[i], 1);
-        if (replica == NULL) continue;
-
-        slapi_lock_mutex(replica->repl_lock);
-        if (ipa_topo_cfg_host_find(replica, newhost, 0)) {
-            /* log error */
-            slapi_unlock_mutex(replica->repl_lock);
-            continue;
-        }
-        hostnode = ipa_topo_cfg_host_new(slapi_ch_strdup(newhost));
-        hostnode->next = replica->hosts;
-        replica->hosts = hostnode;
+    slapi_lock_mutex(replica->repl_lock);
+    if (ipa_topo_cfg_host_find(replica, newhost, 0)) {
+        /* host already added */
         slapi_unlock_mutex(replica->repl_lock);
+        return;
     }
+    hostnode = ipa_topo_cfg_host_new(slapi_ch_strdup(newhost));
+    hostnode->next = replica->hosts;
+    replica->hosts = hostnode;
+    slapi_unlock_mutex(replica->repl_lock);
 
-    slapi_ch_array_free(repl_root);
-    slapi_ch_free_string(&newhost);
     return;
 }
 
diff --git a/daemons/ipa-slapi-plugins/topology/topology_post.c b/daemons/ipa-slapi-plugins/topology/topology_post.c
index 5ac029a86a2f8ffbda895c5fe2a1af4c45152832..c525d12229bf1a4ebd55faad129e8910e36e352c 100644
--- a/daemons/ipa-slapi-plugins/topology/topology_post.c
+++ b/daemons/ipa-slapi-plugins/topology/topology_post.c
@@ -98,12 +98,11 @@ ipa_topo_post_add(Slapi_PBlock *pb)
         break;
     }
     case TOPO_HOST_ENTRY: {
-        /* add to list of managed hosts */
-        ipa_topo_cfg_host_add(add_entry);
         /* we are adding a new master, there could be
          * a segment which so far was inactive since
          * the host was not managed
          */
+        /* It will also add to list of managed hosts */
         ipa_topo_util_add_host(add_entry);
         break;
     }
@@ -194,6 +193,8 @@ ipa_topo_post_mod(Slapi_PBlock *pb)
         break;
     }
     case TOPO_HOST_ENTRY: {
+        /* check i host needs to be added to the managed hosts
+         * and if segments need to be created */
         ipa_topo_util_update_host(mod_entry, mods);
         break;
     }
diff --git a/daemons/ipa-slapi-plugins/topology/topology_util.c b/daemons/ipa-slapi-plugins/topology/topology_util.c
index 65d50259da6cecee2feef3f7a8e84d6135b027bb..5350f544c05e58a7eae45e66c4669f6d719f033b 100644
--- a/daemons/ipa-slapi-plugins/topology/topology_util.c
+++ b/daemons/ipa-slapi-plugins/topology/topology_util.c
@@ -278,7 +278,7 @@ ipa_topo_util_setup_servers(void)
         } else {
             int i = 0;
             for (i=0;entries[i];i++) {
-                ipa_topo_cfg_host_add(entries[i]);
+                ipa_topo_util_init_hosts(entries[i]);
             }
         }
     }
@@ -1445,12 +1445,48 @@ ipa_topo_util_delete_segments_for_host(char *repl_root, char *delhost)
                     "ipa_topo_util_delete_segments_for_host <-- done\n");
 }
 
+void
+ipa_topo_util_init_hosts(Slapi_Entry *hostentry)
+{
+    char *newhost;
+    char **repl_root = NULL;
+    TopoReplicaHost *hostnode = NULL;
+    TopoReplica *replica = NULL;
+    int i;
+
+    newhost = slapi_entry_attr_get_charptr(hostentry,"cn");
+    if (newhost == NULL) return;
+
+    repl_root = slapi_entry_attr_get_charray(hostentry,"ipaReplTopoManagedSuffix");
+    if (repl_root == NULL || *repl_root == NULL) return;
+
+    for (i=0; repl_root[i];i++) {
+        replica = ipa_topo_cfg_replica_find(repl_root[i], 1);
+        if (replica == NULL) continue;
+
+        slapi_lock_mutex(replica->repl_lock);
+        if (ipa_topo_cfg_host_find(replica, newhost, 0)) {
+            /* log error */
+            slapi_unlock_mutex(replica->repl_lock);
+            continue;
+        }
+        hostnode = ipa_topo_cfg_host_new(slapi_ch_strdup(newhost));
+        hostnode->next = replica->hosts;
+        replica->hosts = hostnode;
+        slapi_unlock_mutex(replica->repl_lock);
+    }
+
+    slapi_ch_array_free(repl_root);
+    slapi_ch_free_string(&newhost);
+    return;
+}
 
 void
 ipa_topo_util_add_managed_host(char *suffix, char *addhost)
 {
     TopoReplica *conf = ipa_topo_cfg_replica_find(suffix,1);
     if (conf) {
+        ipa_topo_cfg_host_add(conf, addhost);
         ipa_topo_util_update_segments_for_host(conf, addhost);
     }
 }
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to