zrhoffman / rpms / 389-ds-base

Forked from rpms/389-ds-base 3 years ago
Clone

Blame SOURCES/0066-Ticket-47613-Issues-setting-allowed-mechanisms.patch

cc3dff
From 26a0d63bcbf280d20bd984fd00fd82e82ed62de5 Mon Sep 17 00:00:00 2001
cc3dff
From: Mark Reynolds <mreynolds@redhat.com>
cc3dff
Date: Thu, 12 Dec 2013 12:48:08 -0500
cc3dff
Subject: [PATCH 66/78] Ticket 47613 - Issues setting allowed mechanisms
cc3dff
cc3dff
Bug Description:  Adding an empty value for nsslapd-allowed-sasl-mechanisms blocks all
cc3dff
                  sasl authentication.  Also changing the allowed sasl mechansism does
cc3dff
                  require a restart after making a change.
cc3dff
cc3dff
Fix Description:  Reject an empty values for nsslapd-allowed-sasl-mechanisms, and allow
cc3dff
                  config changes to occur without restarting the server.
cc3dff
cc3dff
https://fedorahosted.org/389/ticket/47613
cc3dff
cc3dff
Reviewed by: nhosoi(Thanks!)
cc3dff
(cherry picked from commit 43959232f792db2b79e614f6db78f7569920fdc1)
cc3dff
(cherry picked from commit a1e386188663c9197b80b3b51cca0d58ce0c9181)
cc3dff
---
cc3dff
 ldap/servers/slapd/configdse.c |  1 -
cc3dff
 ldap/servers/slapd/libglobs.c  | 10 +++++++---
cc3dff
 2 files changed, 7 insertions(+), 4 deletions(-)
cc3dff
cc3dff
diff --git a/ldap/servers/slapd/configdse.c b/ldap/servers/slapd/configdse.c
cc3dff
index bd1566e..b54062d 100644
cc3dff
--- a/ldap/servers/slapd/configdse.c
cc3dff
+++ b/ldap/servers/slapd/configdse.c
cc3dff
@@ -81,7 +81,6 @@ static const char *requires_restart[] = {
cc3dff
 #endif
cc3dff
     "cn=config:" CONFIG_RETURN_EXACT_CASE_ATTRIBUTE,
cc3dff
     "cn=config:" CONFIG_SCHEMA_IGNORE_TRAILING_SPACES,
cc3dff
-    "cn=config:nsslapd-allowed-sasl-mechanisms",
cc3dff
     "cn=config,cn=ldbm:nsslapd-idlistscanlimit",
cc3dff
     "cn=config,cn=ldbm:nsslapd-parentcheck",
cc3dff
     "cn=config,cn=ldbm:nsslapd-dbcachesize",
cc3dff
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
cc3dff
index a763135..64510d6 100644
cc3dff
--- a/ldap/servers/slapd/libglobs.c
cc3dff
+++ b/ldap/servers/slapd/libglobs.c
cc3dff
@@ -6761,8 +6761,7 @@ config_set_allowed_sasl_mechs(const char *attrname, char *value, char *errorbuf,
cc3dff
 {
cc3dff
     slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
cc3dff
 
cc3dff
-    if(!apply || slapdFrontendConfig->allowed_sasl_mechs){
cc3dff
-        /* we only set this at startup, if we try again just return SUCCESS */
cc3dff
+    if(!apply){
cc3dff
         return LDAP_SUCCESS;
cc3dff
     }
cc3dff
 
cc3dff
@@ -6777,6 +6776,7 @@ config_set_allowed_sasl_mechs(const char *attrname, char *value, char *errorbuf,
cc3dff
     }
cc3dff
 
cc3dff
     CFG_LOCK_WRITE(slapdFrontendConfig);
cc3dff
+    slapi_ch_free_string(&slapdFrontendConfig->allowed_sasl_mechs);
cc3dff
     slapdFrontendConfig->allowed_sasl_mechs = slapi_ch_strdup(value);
cc3dff
     CFG_UNLOCK_WRITE(slapdFrontendConfig);
cc3dff
 
cc3dff
@@ -7476,7 +7476,11 @@ invalid_sasl_mech(char *str)
cc3dff
     int i;
cc3dff
 
cc3dff
     if(str == NULL){
cc3dff
-        return 0;
cc3dff
+        return 1;
cc3dff
+    }
cc3dff
+    if(strlen(str) < 1){
cc3dff
+        /* ignore empty values */
cc3dff
+        return 1;
cc3dff
     }
cc3dff
 
cc3dff
     /*
cc3dff
-- 
cc3dff
1.8.1.4
cc3dff