[389-commits] Branch '389-ds-base-1.3.2' - ldap/servers

[Noriko Hosoi]

 ldap/servers/slapd/libglobs.c |   24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

New commits:
commit eab32225c129f6a5115bbd5ac2a3c2035f4393b2
Author: Noriko Hosoi <nhosoi at redhat.com>
Date:   Wed Jan 8 10:30:04 2014 -0800

    Ticket #447 - Possible to add invalid attribute to nsslapd-allowed-to-delete-attrs
    
    Bug description: If given value of nsslapd-allowed-to-delete-attrs are
    all invalid attributes, e.g.,
      nsslapd-allowed-to-delete-attrs: invalid0 invalid1
    they were logged as invalid, but accidentally set to nsslapd-allowed-
    to-delete-attrs.
    
    Fix description: This patch checks the validation result and if there
    is no valid attributes given to nsslapd-allowed-to-delete-attrs, it
    issues a message in the error log:
      nsslapd-allowed-to-delete-attrs: Given attributes are all invalid.
      No effects.
    and it returns an error.  The modify operation fails with "DSA is
    unwilling to perform".
    
    https://fedorahosted.org/389/ticket/447
    
    Reviewed by rmeggins at redhat.com (Thank you, Rich!)
    (cherry picked from commit 31cd7a838aef30d80be6efe519cc2e821811c645)

diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index 955b1d3..4658730 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -6814,15 +6814,23 @@ config_set_allowed_to_delete_attrs( const char *attrname, char *value,
             /* given value included unknown attribute,
              * we need to re-create a value. */
             /* reuse the duplicated string for the new attr value. */
-            for (s = allowed, d = vcopy; s && *s; s++) {
-                size_t slen = strlen(*s);
-                memmove(d, *s, slen);
-                d += slen;
-                memmove(d, " ", 1);
-                d++;
+            if (allowed && (NULL == *allowed)) {
+                /* all the values to allow to delete are invalid */
+                slapi_log_error(SLAPI_LOG_FATAL, "config",
+                        "%s: Given attributes are all invalid.  No effects.\n",
+                        CONFIG_ALLOWED_TO_DELETE_ATTRIBUTE);
+                return LDAP_NO_SUCH_ATTRIBUTE;
+            } else {
+                for (s = allowed, d = vcopy; s && *s; s++) {
+                    size_t slen = strlen(*s);
+                    memmove(d, *s, slen);
+                    d += slen;
+                    memmove(d, " ", 1);
+                    d++;
+                }
+                *(d-1) = '\0';
+                strcpy(value, vcopy); /* original value needs to be refreshed */
             }
-            *(d-1) = '\0';
-            strcpy(value, vcopy); /* original value needs to be refreshed */
         } else {
             slapi_ch_free_string(&vcopy);
             vcopy = slapi_ch_strdup(value);