Blob Blame Raw
From 26a0d63bcbf280d20bd984fd00fd82e82ed62de5 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Thu, 12 Dec 2013 12:48:08 -0500
Subject: [PATCH 66/78] Ticket 47613 - Issues setting allowed mechanisms

Bug Description:  Adding an empty value for nsslapd-allowed-sasl-mechanisms blocks all
                  sasl authentication.  Also changing the allowed sasl mechansism does
                  require a restart after making a change.

Fix Description:  Reject an empty values for nsslapd-allowed-sasl-mechanisms, and allow
                  config changes to occur without restarting the server.

https://fedorahosted.org/389/ticket/47613

Reviewed by: nhosoi(Thanks!)
(cherry picked from commit 43959232f792db2b79e614f6db78f7569920fdc1)
(cherry picked from commit a1e386188663c9197b80b3b51cca0d58ce0c9181)
---
 ldap/servers/slapd/configdse.c |  1 -
 ldap/servers/slapd/libglobs.c  | 10 +++++++---
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/ldap/servers/slapd/configdse.c b/ldap/servers/slapd/configdse.c
index bd1566e..b54062d 100644
--- a/ldap/servers/slapd/configdse.c
+++ b/ldap/servers/slapd/configdse.c
@@ -81,7 +81,6 @@ static const char *requires_restart[] = {
 #endif
     "cn=config:" CONFIG_RETURN_EXACT_CASE_ATTRIBUTE,
     "cn=config:" CONFIG_SCHEMA_IGNORE_TRAILING_SPACES,
-    "cn=config:nsslapd-allowed-sasl-mechanisms",
     "cn=config,cn=ldbm:nsslapd-idlistscanlimit",
     "cn=config,cn=ldbm:nsslapd-parentcheck",
     "cn=config,cn=ldbm:nsslapd-dbcachesize",
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index a763135..64510d6 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -6761,8 +6761,7 @@ config_set_allowed_sasl_mechs(const char *attrname, char *value, char *errorbuf,
 {
     slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
 
-    if(!apply || slapdFrontendConfig->allowed_sasl_mechs){
-        /* we only set this at startup, if we try again just return SUCCESS */
+    if(!apply){
         return LDAP_SUCCESS;
     }
 
@@ -6777,6 +6776,7 @@ config_set_allowed_sasl_mechs(const char *attrname, char *value, char *errorbuf,
     }
 
     CFG_LOCK_WRITE(slapdFrontendConfig);
+    slapi_ch_free_string(&slapdFrontendConfig->allowed_sasl_mechs);
     slapdFrontendConfig->allowed_sasl_mechs = slapi_ch_strdup(value);
     CFG_UNLOCK_WRITE(slapdFrontendConfig);
 
@@ -7476,7 +7476,11 @@ invalid_sasl_mech(char *str)
     int i;
 
     if(str == NULL){
-        return 0;
+        return 1;
+    }
+    if(strlen(str) < 1){
+        /* ignore empty values */
+        return 1;
     }
 
     /*
-- 
1.8.1.4