Changes from HEAD for beta

[openldap] / servers / slapd / saslauthz.c

diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
index ba66b4249b7b8672de63041dd2981bb24e18306d..258301e38d39b8caf3555e18d22f3a0e129b5e0f 100644 (file)
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -65,8 +65,6 @@ int slap_sasl_setpolicy( const char *arg )
        return rc;
 }
 
-/* URI format: ldap://<host>/<base>[?[<attrs>][?[<scope>][?[<filter>]]]] */
-
 static int slap_parseURI( Operation *op, struct berval *uri,
        struct berval *searchbase, int *scope, Filter **filter )
 {
@@ -84,7 +82,8 @@ static int slap_parseURI( Operation *op, struct berval *uri,
        LDAP_LOG( TRANSPORT, ENTRY, 
                "slap_parseURI: parsing %s\n", uri->bv_val, 0, 0 );
 #else
-       Debug( LDAP_DEBUG_TRACE, "slap_parseURI: parsing %s\n", uri->bv_val, 0, 0 );
+       Debug( LDAP_DEBUG_TRACE,
+               "slap_parseURI: parsing %s\n", uri->bv_val, 0, 0 );
 #endif
 
        /* If it does not look like a URI, assume it is a DN */
@@ -114,8 +113,8 @@ is_dn:      bv.bv_len = uri->bv_len - (bv.bv_val - uri->bv_val);
        if (( ludp->lud_host && *ludp->lud_host )
                || ludp->lud_attrs || ludp->lud_exts )
        {
-               /* host part should be empty */
-               /* attrs and extensions parts should be empty */
+               /* host part must be empty */
+               /* attrs and extensions parts must be empty */
                return LDAP_PROTOCOL_ERROR;
        }
 
@@ -385,7 +384,8 @@ static int sasl_sc_smatch( Operation *o, SlapReply *rs )
  */
 
 static
-int slap_sasl_match(Operation *opx, struct berval *rule, struct berval *assertDN, struct berval *authc )
+int slap_sasl_match( Operation *opx, struct berval *rule,
+       struct berval *assertDN, struct berval *authc )
 {
        int rc; 
        regex_t reg;
@@ -404,7 +404,8 @@ int slap_sasl_match(Operation *opx, struct berval *rule, struct berval *assertDN
                assertDN->bv_val, rule->bv_val, 0 );
 #endif
 
-       rc = slap_parseURI( opx, rule, &op.o_req_ndn, &op.oq_search.rs_scope, &op.oq_search.rs_filter );
+       rc = slap_parseURI( opx, rule,
+               &op.o_req_ndn, &op.oq_search.rs_scope, &op.oq_search.rs_filter );
        if( rc != LDAP_SUCCESS ) goto CONCLUDED;
 
        /* Massive shortcut: search scope == base */
@@ -455,6 +456,9 @@ int slap_sasl_match(Operation *opx, struct berval *rule, struct berval *assertDN
        op.o_threadctx = opx->o_threadctx;
        op.o_tmpmemctx = opx->o_tmpmemctx;
        op.o_tmpmfuncs = opx->o_tmpmfuncs;
+#ifdef LDAP_SLAPI
+       op.o_pb = opx->o_pb;
+#endif
        op.o_conn = opx->o_conn;
        op.o_connid = opx->o_connid;
 
@@ -515,9 +519,11 @@ slap_sasl_check_authz( Operation *op,
        if( rc != LDAP_SUCCESS ) goto COMPLETE;
 
        /* Check if the *assertDN matches any **vals */
-       for( i=0; vals[i].bv_val != NULL; i++ ) {
-               rc = slap_sasl_match( op, &vals[i], assertDN, authc );
-               if ( rc == LDAP_SUCCESS ) goto COMPLETE;
+       if( vals != NULL ) {
+               for( i=0; vals[i].bv_val != NULL; i++ ) {
+                       rc = slap_sasl_match( op, &vals[i], assertDN, authc );
+                       if ( rc == LDAP_SUCCESS ) goto COMPLETE;
+               }
        }
        rc = LDAP_INAPPROPRIATE_AUTH;
 
@@ -573,7 +579,8 @@ void slap_sasl2dn( Operation *opx,
                goto FINISHED;
        }
 
-       rc = slap_parseURI( opx, &regout, &op.o_req_ndn, &op.oq_search.rs_scope, &op.oq_search.rs_filter );
+       rc = slap_parseURI( opx, &regout,
+               &op.o_req_ndn, &op.oq_search.rs_scope, &op.oq_search.rs_filter );
        if( regout.bv_val ) sl_free( regout.bv_val, opx->o_tmpmemctx );
        if( rc != LDAP_SUCCESS ) {
                goto FINISHED;
@@ -616,6 +623,9 @@ void slap_sasl2dn( Operation *opx,
        op.o_threadctx = opx->o_threadctx;
        op.o_tmpmemctx = opx->o_tmpmemctx;
        op.o_tmpmfuncs = opx->o_tmpmfuncs;
+#ifdef LDAP_SLAPI
+       op.o_pb = opx->o_pb;
+#endif
        op.oq_search.rs_deref = LDAP_DEREF_NEVER;
        op.oq_search.rs_slimit = 1;
        op.oq_search.rs_attrsonly = 1;