+#define SASLREGEX_REPLACE 10
+
+typedef struct sasl_regexp {
+ char *sr_match; /* regexp match pattern */
+ char *sr_replace; /* regexp replace pattern */
+ regex_t sr_workspace; /* workspace for regexp engine */
+ regmatch_t sr_strings[SASLREGEX_REPLACE]; /* strings matching $1,$2 ... */
+ int sr_offset[SASLREGEX_REPLACE+2]; /* offsets of $1,$2... in *replace */
+} SaslRegexp_t;
+
+static int nSaslRegexp = 0;
+static SaslRegexp_t *SaslRegexp = NULL;
+
+/* What SASL proxy authorization policies are allowed? */
+#define SASL_AUTHZ_NONE 0
+#define SASL_AUTHZ_FROM 1
+#define SASL_AUTHZ_TO 2
+
+static int authz_policy = SASL_AUTHZ_NONE;
+
+int slap_sasl_setpolicy( const char *arg )
+{
+ int rc = LDAP_SUCCESS;
+
+ if ( strcasecmp( arg, "none" ) == 0 )
+ authz_policy = SASL_AUTHZ_NONE;
+ else if ( strcasecmp( arg, "from" ) == 0 )
+ authz_policy = SASL_AUTHZ_FROM;
+ else if ( strcasecmp( arg, "to" ) == 0 )
+ authz_policy = SASL_AUTHZ_TO;
+ else if ( strcasecmp( arg, "both" ) == 0 )
+ authz_policy = SASL_AUTHZ_FROM | SASL_AUTHZ_TO;
+ else
+ rc = LDAP_OTHER;
+ return rc;
+}
+