/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
static struct berval ext_bv = BER_BVC( "EXTERNAL" );
+char *slap_sasl_auxprops;
+
#ifdef HAVE_CYRUS_SASL
+/* Just use our internal auxprop by default */
+static int
+slap_sasl_getopt(
+ void *context,
+ const char *plugin_name,
+ const char *option,
+ const char **result,
+ unsigned *len)
+{
+ if ( strcmp( option, "auxprop_plugin" )) {
+ return SASL_FAIL;
+ }
+ if ( slap_sasl_auxprops )
+ *result = slap_sasl_auxprops;
+ else
+ *result = "slapd";
+ return SASL_OK;
+}
+
int
slap_sasl_log(
void *context,
}
Debug( level, "SASL [conn=%ld] %s: %s\n",
- conn ? conn->c_connid: -1,
+ conn ? (long) conn->c_connid: -1L,
label, message );
* past the scheme name, skip this value.
*/
#ifdef SLAPD_CLEARTEXT
- if ( !ber_bvstrcasecmp( bv, &sc_cleartext ) ) {
+ if ( !strncasecmp( bv->bv_val, sc_cleartext.bv_val,
+ sc_cleartext.bv_len )) {
struct berval cbv;
cbv.bv_len = bv->bv_len - sc_cleartext.bv_len;
if ( cbv.bv_len > 0 ) {
Operation op = {0};
Opheader oph;
SlapReply rs = {REP_RESULT};
- int rc, i, j;
+ int rc, i;
+ unsigned j;
Connection *conn = NULL;
const struct propval *pr;
Modifications *modlist = NULL, **modtail = &modlist, *mod;
*out_len = 0;
Debug( LDAP_DEBUG_ARGS, "SASL Canonicalize [conn=%ld]: %s=\"%s\"\n",
- conn ? conn->c_connid : -1,
+ conn ? (long) conn->c_connid : -1L,
(flags & SASL_CU_AUTHID) ? "authcid" : "authzid",
in ? in : "<empty>");
prop_set( props, names[0], dn.bv_val, dn.bv_len );
Debug( LDAP_DEBUG_ARGS, "SASL Canonicalize [conn=%ld]: %s=\"%s\"\n",
- conn ? conn->c_connid : -1, names[0]+1,
+ conn ? (long) conn->c_connid : -1L, names[0]+1,
dn.bv_val ? dn.bv_val : "<EMPTY>" );
/* Not needed any more, SASL has copied it */
Debug( LDAP_DEBUG_ARGS, "SASL proxy authorize [conn=%ld]: "
"authcid=\"%s\" authzid=\"%s\"\n",
- conn ? conn->c_connid : -1, auth_identity, requested_user );
+ conn ? (long) conn->c_connid : -1L, auth_identity, requested_user );
if ( conn->c_sasl_dn.bv_val ) {
BER_BVZERO( &conn->c_sasl_dn );
}
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, "SASL Proxy Authorize [conn=%ld]: "
"proxy authorization disallowed (%d)\n",
- (long) (conn ? conn->c_connid : -1), rc, 0 );
+ conn ? (long) conn->c_connid : -1L, rc, 0 );
sasl_seterror( sconn, 0, "not authorized" );
return SASL_NOAUTHZ;
Debug( LDAP_DEBUG_TRACE, "SASL Authorize [conn=%ld]: "
" proxy authorization allowed authzDN=\"%s\"\n",
- (long) (conn ? conn->c_connid : -1),
+ conn ? (long) conn->c_connid : -1L,
authzDN.bv_val ? authzDN.bv_val : "", 0 );
return SASL_OK;
}
}
rc = REWRITE_ERR;
}
- filter_free_x( op, op->ors_filter );
+ filter_free_x( op, op->ors_filter, 1 );
op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
return rc;
}
int rc;
static sasl_callback_t server_callbacks[] = {
{ SASL_CB_LOG, &slap_sasl_log, NULL },
+ { SASL_CB_GETOPT, &slap_sasl_getopt, NULL },
{ SASL_CB_LIST_END, NULL, NULL }
};
#endif
}
/* Must send response using old security layer */
- if (response.bv_len) rs->sr_sasldata = &response;
+ rs->sr_sasldata = (response.bv_len ? &response : NULL);
send_ldap_sasl( op, rs );
/* Now dispose of the old security layer.