+static const char *slap_propnames[] = {
+ "*slapConn", "*authcDN", "*authzDN", NULL };
+
+static Filter *generic_filter;
+
+#define PROP_CONN 0
+#define PROP_AUTHC 1
+#define PROP_AUTHZ 2
+
+typedef struct lookup_info {
+ int last;
+ int flags;
+ const struct propval *list;
+ sasl_server_params_t *sparams;
+} lookup_info;
+
+static int
+sasl_ap_lookup(
+ BackendDB *be,
+ Connection *conn,
+ Operation *op,
+ Entry *e,
+ AttributeName *an,
+ int attrsonly,
+ LDAPControl **ctrls )
+{
+ BerVarray bv;
+ AttributeDescription *ad;
+ Attribute *a;
+ const char *text;
+ int rc, i;
+ slap_callback *tmp = op->o_callback;
+ lookup_info *sl = tmp->sc_private;
+
+ for( i = 0; i < sl->last; i++ ) {
+ const char *name = sl->list[i].name;
+
+ if ( name[0] == '*' ) {
+ if ( sl->flags & SASL_AUXPROP_AUTHZID ) continue;
+ name++;
+ } else if ( !(sl->flags & SASL_AUXPROP_AUTHZID ) )
+ continue;
+
+ if ( sl->list[i].values ) {
+ if ( !(sl->flags & SASL_AUXPROP_OVERRIDE) ) continue;
+ }
+ ad = NULL;
+ rc = slap_str2ad( name, &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG( TRANSPORT, DETAIL1,
+ "slap_auxprop: str2ad(%s): %s\n", name, text, 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "slap_auxprop: str2ad(%s): %s\n", name, text, 0 );
+#endif
+ continue;
+ }
+ a = attr_find( e->e_attrs, ad );
+ if ( !a ) continue;
+ if ( ! access_allowed( be, conn, op, e, ad, NULL, ACL_AUTH, NULL ) )
+ continue;
+ if ( sl->list[i].values && ( sl->flags & SASL_AUXPROP_OVERRIDE ) )
+ sl->sparams->utils->prop_erase( sl->sparams->propctx, sl->list[i].name );
+ for ( bv = a->a_vals; bv->bv_val; bv++ ) {
+ sl->sparams->utils->prop_set( sl->sparams->propctx, sl->list[i].name,
+ bv->bv_val, bv->bv_len );
+ }
+ }
+ return LDAP_SUCCESS;
+}