From dc6077efe1281231e2a5b26c1640fa15fba7664d Mon Sep 17 00:00:00 2001 From: Ilias Stamatis Date: Thu, 13 Jul 2017 03:26:24 +0300 Subject: [PATCH] Issue 49315 - Log a warning whenever unauthenticated binds are enabled Description: Log a warning each time the nsslapd-allow-unauthenticated-binds under cn=config is set to on. https://pagure.io/389-ds-base/issue/49315 Author: Ilias95 Review by: ??? --- ldap/servers/slapd/libglobs.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c index ce065f1..ad990f4 100644 --- a/ldap/servers/slapd/libglobs.c +++ b/ldap/servers/slapd/libglobs.c @@ -6515,18 +6515,25 @@ config_set_outbound_ldap_io_timeout( const char *attrname, char *value, int32_t config_set_unauth_binds_switch( const char *attrname, char *value, - char *errorbuf, int apply ) + char *errorbuf, int apply ) { - int32_t retVal = LDAP_SUCCESS; - slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); + int32_t retVal = LDAP_SUCCESS; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); - retVal = config_set_onoff(attrname, - value, - &(slapdFrontendConfig->allow_unauth_binds), - errorbuf, - apply); + retVal = config_set_onoff(attrname, + value, + &(slapdFrontendConfig->allow_unauth_binds), + errorbuf, + apply); + + if (apply && retVal == LDAP_SUCCESS && config_get_unauth_binds_switch()) { + slapi_log_err(SLAPI_LOG_WARNING, + "config_set_unauth_binds_switch", + "Unauthenticated binds are enabled - this can lead to unexpected results with clients and potential security issues\n" + ); + } - return retVal; + return retVal; } int32_t -- 2.9.4