From 31a7087a26c153ff3430a1028be34c64839d0fd0 Mon Sep 17 00:00:00 2001
From: Noriko Hosoi <nhosoi@redhat.com>
Date: Wed, 8 Jan 2014 10:30:04 -0800
Subject: [PATCH 78/78] Ticket #447 - Possible to add invalid attribute to
 nsslapd-allowed-to-delete-attrs

Bug description: If given value of nsslapd-allowed-to-delete-attrs are
all invalid attributes, e.g.,
  nsslapd-allowed-to-delete-attrs: invalid0 invalid1
they were logged as invalid, but accidentally set to nsslapd-allowed-
to-delete-attrs.

Fix description: This patch checks the validation result and if there
is no valid attributes given to nsslapd-allowed-to-delete-attrs, it
issues a message in the error log:
  nsslapd-allowed-to-delete-attrs: Given attributes are all invalid.
  No effects.
and it returns an error.  The modify operation fails with "DSA is
unwilling to perform".

https://fedorahosted.org/389/ticket/447

Reviewed by rmeggins@redhat.com (Thank you, Rich!)
(cherry picked from commit 31cd7a838aef30d80be6efe519cc2e821811c645)
(cherry picked from commit eab32225c129f6a5115bbd5ac2a3c2035f4393b2)
(cherry picked from commit c392aa891e67b8be189d3e354a179fc376998642)
---
 ldap/servers/slapd/libglobs.c | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index 64510d6..6df225d 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -6720,15 +6720,23 @@ config_set_allowed_to_delete_attrs( const char *attrname, char *value,
             /* given value included unknown attribute,
              * we need to re-create a value. */
             /* reuse the duplicated string for the new attr value. */
-            for (s = allowed, d = vcopy; s && *s; s++) {
-                size_t slen = strlen(*s);
-                memmove(d, *s, slen);
-                d += slen;
-                memmove(d, " ", 1);
-                d++;
+            if (allowed && (NULL == *allowed)) {
+                /* all the values to allow to delete are invalid */
+                slapi_log_error(SLAPI_LOG_FATAL, "config",
+                        "%s: Given attributes are all invalid.  No effects.\n",
+                        CONFIG_ALLOWED_TO_DELETE_ATTRIBUTE);
+                return LDAP_NO_SUCH_ATTRIBUTE;
+            } else {
+                for (s = allowed, d = vcopy; s && *s; s++) {
+                    size_t slen = strlen(*s);
+                    memmove(d, *s, slen);
+                    d += slen;
+                    memmove(d, " ", 1);
+                    d++;
+                }
+                *(d-1) = '\0';
+                strcpy(value, vcopy); /* original value needs to be refreshed */
             }
-            *(d-1) = '\0';
-            strcpy(value, vcopy); /* original value needs to be refreshed */
         } else {
             slapi_ch_free_string(&vcopy);
             vcopy = slapi_ch_strdup(value);
-- 
1.8.1.4