[389-commits] Branch '389-ds-base-1.3.1' - ldap/servers

Thu Dec 12 20:27:26 UTC 2013

ldap/servers/slapd/configdse.c |    1 -
 ldap/servers/slapd/libglobs.c  |   10 +++++++---
 2 files changed, 7 insertions(+), 4 deletions(-)

New commits:
commit a1e386188663c9197b80b3b51cca0d58ce0c9181
Author: Mark Reynolds <mreynolds at redhat.com>
Date:   Thu Dec 12 12:48:08 2013 -0500

    Ticket 47613 - Issues setting allowed mechanisms
    
    Bug Description:  Adding an empty value for nsslapd-allowed-sasl-mechanisms blocks all
                      sasl authentication.  Also changing the allowed sasl mechansism does
                      require a restart after making a change.
    
    Fix Description:  Reject an empty values for nsslapd-allowed-sasl-mechanisms, and allow
                      config changes to occur without restarting the server.
    
    https://fedorahosted.org/389/ticket/47613
    
    Reviewed by: nhosoi(Thanks!)
    (cherry picked from commit 43959232f792db2b79e614f6db78f7569920fdc1)

diff --git a/ldap/servers/slapd/configdse.c b/ldap/servers/slapd/configdse.c
index bd1566e..b54062d 100644
--- a/ldap/servers/slapd/configdse.c
+++ b/ldap/servers/slapd/configdse.c
@@ -81,7 +81,6 @@ static const char *requires_restart[] = {
 #endif
     "cn=config:" CONFIG_RETURN_EXACT_CASE_ATTRIBUTE,
     "cn=config:" CONFIG_SCHEMA_IGNORE_TRAILING_SPACES,
-    "cn=config:nsslapd-allowed-sasl-mechanisms",
     "cn=config,cn=ldbm:nsslapd-idlistscanlimit",
     "cn=config,cn=ldbm:nsslapd-parentcheck",
     "cn=config,cn=ldbm:nsslapd-dbcachesize",
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index a763135..64510d6 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -6761,8 +6761,7 @@ config_set_allowed_sasl_mechs(const char *attrname, char *value, char *errorbuf,
 {
     slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
 
-    if(!apply || slapdFrontendConfig->allowed_sasl_mechs){
-        /* we only set this at startup, if we try again just return SUCCESS */
+    if(!apply){
         return LDAP_SUCCESS;
     }
 
@@ -6777,6 +6776,7 @@ config_set_allowed_sasl_mechs(const char *attrname, char *value, char *errorbuf,
     }
 
     CFG_LOCK_WRITE(slapdFrontendConfig);
+    slapi_ch_free_string(&slapdFrontendConfig->allowed_sasl_mechs);
     slapdFrontendConfig->allowed_sasl_mechs = slapi_ch_strdup(value);
     CFG_UNLOCK_WRITE(slapdFrontendConfig);
 
@@ -7476,7 +7476,11 @@ invalid_sasl_mech(char *str)
     int i;
 
     if(str == NULL){
-        return 0;
+        return 1;
+    }
+    if(strlen(str) < 1){
+        /* ignore empty values */
+        return 1;
     }
 
     /*


