|
 |
cc3dff |
From 26a0d63bcbf280d20bd984fd00fd82e82ed62de5 Mon Sep 17 00:00:00 2001
|
|
|
cc3dff |
From: Mark Reynolds <mreynolds@redhat.com>
|
|
|
cc3dff |
Date: Thu, 12 Dec 2013 12:48:08 -0500
|
|
|
cc3dff |
Subject: [PATCH 66/78] Ticket 47613 - Issues setting allowed mechanisms
|
|
|
cc3dff |
|
|
|
cc3dff |
Bug Description: Adding an empty value for nsslapd-allowed-sasl-mechanisms blocks all
|
|
|
cc3dff |
sasl authentication. Also changing the allowed sasl mechansism does
|
|
|
cc3dff |
require a restart after making a change.
|
|
|
cc3dff |
|
|
|
cc3dff |
Fix Description: Reject an empty values for nsslapd-allowed-sasl-mechanisms, and allow
|
|
|
cc3dff |
config changes to occur without restarting the server.
|
|
|
cc3dff |
|
|
|
cc3dff |
https://fedorahosted.org/389/ticket/47613
|
|
|
cc3dff |
|
|
|
cc3dff |
Reviewed by: nhosoi(Thanks!)
|
|
|
cc3dff |
(cherry picked from commit 43959232f792db2b79e614f6db78f7569920fdc1)
|
|
|
cc3dff |
(cherry picked from commit a1e386188663c9197b80b3b51cca0d58ce0c9181)
|
|
|
cc3dff |
---
|
|
|
cc3dff |
ldap/servers/slapd/configdse.c | 1 -
|
|
|
cc3dff |
ldap/servers/slapd/libglobs.c | 10 +++++++---
|
|
|
cc3dff |
2 files changed, 7 insertions(+), 4 deletions(-)
|
|
|
cc3dff |
|
|
|
cc3dff |
diff --git a/ldap/servers/slapd/configdse.c b/ldap/servers/slapd/configdse.c
|
|
|
cc3dff |
index bd1566e..b54062d 100644
|
|
|
cc3dff |
--- a/ldap/servers/slapd/configdse.c
|
|
|
cc3dff |
+++ b/ldap/servers/slapd/configdse.c
|
|
|
cc3dff |
@@ -81,7 +81,6 @@ static const char *requires_restart[] = {
|
|
|
cc3dff |
#endif
|
|
|
cc3dff |
"cn=config:" CONFIG_RETURN_EXACT_CASE_ATTRIBUTE,
|
|
|
cc3dff |
"cn=config:" CONFIG_SCHEMA_IGNORE_TRAILING_SPACES,
|
|
|
cc3dff |
- "cn=config:nsslapd-allowed-sasl-mechanisms",
|
|
|
cc3dff |
"cn=config,cn=ldbm:nsslapd-idlistscanlimit",
|
|
|
cc3dff |
"cn=config,cn=ldbm:nsslapd-parentcheck",
|
|
|
cc3dff |
"cn=config,cn=ldbm:nsslapd-dbcachesize",
|
|
|
cc3dff |
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
|
|
|
cc3dff |
index a763135..64510d6 100644
|
|
|
cc3dff |
--- a/ldap/servers/slapd/libglobs.c
|
|
|
cc3dff |
+++ b/ldap/servers/slapd/libglobs.c
|
|
|
cc3dff |
@@ -6761,8 +6761,7 @@ config_set_allowed_sasl_mechs(const char *attrname, char *value, char *errorbuf,
|
|
|
cc3dff |
{
|
|
|
cc3dff |
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
|
|
|
cc3dff |
|
|
|
cc3dff |
- if(!apply || slapdFrontendConfig->allowed_sasl_mechs){
|
|
|
cc3dff |
- /* we only set this at startup, if we try again just return SUCCESS */
|
|
|
cc3dff |
+ if(!apply){
|
|
|
cc3dff |
return LDAP_SUCCESS;
|
|
|
cc3dff |
}
|
|
|
cc3dff |
|
|
|
cc3dff |
@@ -6777,6 +6776,7 @@ config_set_allowed_sasl_mechs(const char *attrname, char *value, char *errorbuf,
|
|
|
cc3dff |
}
|
|
|
cc3dff |
|
|
|
cc3dff |
CFG_LOCK_WRITE(slapdFrontendConfig);
|
|
|
cc3dff |
+ slapi_ch_free_string(&slapdFrontendConfig->allowed_sasl_mechs);
|
|
|
cc3dff |
slapdFrontendConfig->allowed_sasl_mechs = slapi_ch_strdup(value);
|
|
|
cc3dff |
CFG_UNLOCK_WRITE(slapdFrontendConfig);
|
|
|
cc3dff |
|
|
|
cc3dff |
@@ -7476,7 +7476,11 @@ invalid_sasl_mech(char *str)
|
|
|
cc3dff |
int i;
|
|
|
cc3dff |
|
|
|
cc3dff |
if(str == NULL){
|
|
|
cc3dff |
- return 0;
|
|
|
cc3dff |
+ return 1;
|
|
|
cc3dff |
+ }
|
|
|
cc3dff |
+ if(strlen(str) < 1){
|
|
|
cc3dff |
+ /* ignore empty values */
|
|
|
cc3dff |
+ return 1;
|
|
|
cc3dff |
}
|
|
|
cc3dff |
|
|
|
cc3dff |
/*
|
|
|
cc3dff |
--
|
|
|
cc3dff |
1.8.1.4
|
|
|
cc3dff |
|