ldap/servers/slapd/libglobs.c | 24 ++++++++++++++++--------
1 file changed, 16 insertions(+), 8 deletions(-)
New commits:
commit eab32225c129f6a5115bbd5ac2a3c2035f4393b2
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Wed Jan 8 10:30:04 2014 -0800
Ticket #447 - Possible to add invalid attribute to nsslapd-allowed-to-delete-attrs
Bug description: If given value of nsslapd-allowed-to-delete-attrs are
all invalid attributes, e.g.,
nsslapd-allowed-to-delete-attrs: invalid0 invalid1
they were logged as invalid, but accidentally set to nsslapd-allowed-
to-delete-attrs.
Fix description: This patch checks the validation result and if there
is no valid attributes given to nsslapd-allowed-to-delete-attrs, it
issues a message in the error log:
nsslapd-allowed-to-delete-attrs: Given attributes are all invalid.
No effects.
and it returns an error. The modify operation fails with "DSA is
unwilling to perform".
https://fedorahosted.org/389/ticket/447
Reviewed by rmeggins(a)redhat.com (Thank you, Rich!)
(cherry picked from commit 31cd7a838aef30d80be6efe519cc2e821811c645)
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index 955b1d3..4658730 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -6814,15 +6814,23 @@ config_set_allowed_to_delete_attrs( const char *attrname, char
*value,
/* given value included unknown attribute,
* we need to re-create a value. */
/* reuse the duplicated string for the new attr value. */
- for (s = allowed, d = vcopy; s && *s; s++) {
- size_t slen = strlen(*s);
- memmove(d, *s, slen);
- d += slen;
- memmove(d, " ", 1);
- d++;
+ if (allowed && (NULL == *allowed)) {
+ /* all the values to allow to delete are invalid */
+ slapi_log_error(SLAPI_LOG_FATAL, "config",
+ "%s: Given attributes are all invalid. No
effects.\n",
+ CONFIG_ALLOWED_TO_DELETE_ATTRIBUTE);
+ return LDAP_NO_SUCH_ATTRIBUTE;
+ } else {
+ for (s = allowed, d = vcopy; s && *s; s++) {
+ size_t slen = strlen(*s);
+ memmove(d, *s, slen);
+ d += slen;
+ memmove(d, " ", 1);
+ d++;
+ }
+ *(d-1) = '\0';
+ strcpy(value, vcopy); /* original value needs to be refreshed */
}
- *(d-1) = '\0';
- strcpy(value, vcopy); /* original value needs to be refreshed */
} else {
slapi_ch_free_string(&vcopy);
vcopy = slapi_ch_strdup(value);