Home Verkennen Help
Registreren Inloggen
Apq
/
389-ds-base
spiegel van https://github.com/389ds/389-ds-base.git
1
0
Vork 0
Bestanden Issues 0 Wiki
Bladeren bron

Ticket 47613 - Issues setting allowed mechanisms

Bug Description:  Adding an empty value for nsslapd-allowed-sasl-mechanisms blocks all
                  sasl authentication.  Also changing the allowed sasl mechansism does
                  require a restart after making a change.

Fix Description:  Reject an empty values for nsslapd-allowed-sasl-mechanisms, and allow
                  config changes to occur without restarting the server.

https://fedorahosted.org/389/ticket/47613

Reviewed by: nhosoi(Thanks!)
Mark Reynolds 12 jaren geleden
bovenliggende
9f750277b5
commit
43959232f7
2 gewijzigde bestanden met toevoegingen van 7 en 4 verwijderingen
Zij-aan-zij weergave Toon Diff Stats
  1. 0 1
      ldap/servers/slapd/configdse.c
  2. 7 3
      ldap/servers/slapd/libglobs.c

+ 0 - 1
ldap/servers/slapd/configdse.c
Bestand weergeven 

@@ -81,7 +81,6 @@ static const char *requires_restart[] = {
 
 #endif
 
     "cn=config:" CONFIG_RETURN_EXACT_CASE_ATTRIBUTE,
 
     "cn=config:" CONFIG_SCHEMA_IGNORE_TRAILING_SPACES,
 
-    "cn=config:nsslapd-allowed-sasl-mechanisms",
 
     "cn=config,cn=ldbm:nsslapd-idlistscanlimit",
 
     "cn=config,cn=ldbm:nsslapd-parentcheck",
 
     "cn=config,cn=ldbm:nsslapd-dbcachesize",

+ 7 - 3
ldap/servers/slapd/libglobs.c
Bestand weergeven 

@@ -6817,8 +6817,7 @@ config_set_allowed_sasl_mechs(const char *attrname, char *value, char *errorbuf,
 
 {
 
     slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
 
 
-    if(!apply || slapdFrontendConfig->allowed_sasl_mechs){
 
-        /* we only set this at startup, if we try again just return SUCCESS */
 
+    if(!apply){
 
         return LDAP_SUCCESS;
 
     }
 
 
@@ -6833,6 +6832,7 @@ config_set_allowed_sasl_mechs(const char *attrname, char *value, char *errorbuf,
 
     }
 
 
     CFG_LOCK_WRITE(slapdFrontendConfig);
 
+    slapi_ch_free_string(&slapdFrontendConfig->allowed_sasl_mechs);
 
     slapdFrontendConfig->allowed_sasl_mechs = slapi_ch_strdup(value);
 
     CFG_UNLOCK_WRITE(slapdFrontendConfig);
 
 
@@ -7619,7 +7619,11 @@ invalid_sasl_mech(char *str)
 
     int i;
 
 
     if(str == NULL){
 
-        return 0;
 
+        return 1;
 
+    }
 
+    if(strlen(str) < 1){
 
+        /* ignore empty values */
 
+        return 1;
 
     }
 
 
     /*