Ticket 47582 - agmt_count in Replica could become (PRUint64)-1

Bug Description:  agmt_count can go negative, and lead to a crash.  This can
                  happen when creating an agreement fails, and we lower the count
                  before it was actually incremented.

Fix Description:  Move the agmt incrementing to agmt_new_from_entry(), as
                  this same function can also cause the count to be decremented
                  if something fails.

https://fedorahosted.org/389/ticket/47582

Reviewed by: richm(Thanks!)

ldap/servers/plugins/replication/repl5_agmt.c

@@ -347,8 +347,18 @@ agmt_new_from_entry(Slapi_Entry *e)
 	tmpstr = slapi_entry_attr_get_charptr(e, type_nsds5ReplicaRoot);
 	if (NULL != tmpstr)
 	{
+		Object *repl_obj;
+		Replica *replica;
+
 		ra->replarea = slapi_sdn_new_dn_passin(tmpstr);
 
+		/* now that we set the repl area, when can bump our agmt count */
+		if((repl_obj = replica_get_replica_from_dn(ra->replarea))){
+		    if((replica = (Replica*)object_get_data (repl_obj))){
+		    	replica_incr_agmt_count(replica);
+		    }
+		}
+
 		/* If this agmt has its own timeout, grab it, otherwise use the replica's protocol timeout */
 		ra->protocol_timeout = slapi_entry_attr_get_int(e, type_replicaProtocolTimeout);
 		if(ra->protocol_timeout == 0){

ldap/servers/plugins/replication/repl5_agmtlist.c

@@ -171,7 +171,6 @@ add_new_agreement(Slapi_Entry *e)
     }
 
     rc = replica_start_agreement(replica, ra);
-    replica_incr_agmt_count(replica);
 
     if (repl_obj) object_release(repl_obj);
 

ldap/servers/plugins/replication/repl5_replica.c

@@ -3956,6 +3956,8 @@ void
 replica_decr_agmt_count(Replica *r)
 {
 	if(r){
-		r->agmt_count--;
+		if(r->agmt_count > 0){
+		    r->agmt_count--;
+		}
 	}
 }