document option '-F'

[openldap] / servers / slapd / saslauthz.c

diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
index 1c0c1339c6c87d752f12b2641748b26363bbc916..a30340e31aa1101e936388543d7b0a0382b96d9a 100644 (file)
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -87,6 +87,10 @@ struct rewrite_info  *sasl_rwinfo = NULL;
 #define        SASL_AUTHZ_TO   0x02
 #define SASL_AUTHZ_AND 0x10
 
+static const char *policy_txt[] = {
+       "none", "from", "to", "any"
+};
+
 static int authz_policy = SASL_AUTHZ_NONE;
 
 static
@@ -113,6 +117,14 @@ int slap_sasl_setpolicy( const char *arg )
        return rc;
 }
 
+const char * slap_sasl_getpolicy()
+{
+       if ( authz_policy == (SASL_AUTHZ_FROM | SASL_AUTHZ_TO | SASL_AUTHZ_AND) )
+               return "all";
+       else
+               return policy_txt[authz_policy];
+}
+
 int slap_parse_user( struct berval *id, struct berval *user,
                struct berval *realm, struct berval *mech )
 {
@@ -592,10 +604,6 @@ int slap_sasl_regexp_rewrite_config(
 
 int slap_sasl_regexp_config( const char *match, const char *replace )
 {
-#ifdef SLAP_AUTH_REWRITE
-       return slap_sasl_regexp_rewrite_config( "sasl-regexp", 0,
-                       match, replace, AUTHID_CONTEXT );
-#else /* ! SLAP_AUTH_REWRITE */
        int rc;
        SaslRegexp_t *reg;
 
@@ -607,6 +615,13 @@ int slap_sasl_regexp_config( const char *match, const char *replace )
        reg->sr_match = ch_strdup( match );
        reg->sr_replace = ch_strdup( replace );
 
+#ifdef SLAP_AUTH_REWRITE
+       rc = slap_sasl_regexp_rewrite_config( "sasl-regexp", 0,
+                       match, replace, AUTHID_CONTEXT );
+       if ( rc == LDAP_SUCCESS ) nSaslRegexp++;
+       return rc;
+#else /* ! SLAP_AUTH_REWRITE */
+
        /* Precompile matching pattern */
        rc = regcomp( &reg->sr_workspace, reg->sr_match, REG_EXTENDED|REG_ICASE );
        if ( rc ) {
@@ -625,6 +640,35 @@ int slap_sasl_regexp_config( const char *match, const char *replace )
 #endif /* ! SLAP_AUTH_REWRITE */
 }
 
+void slap_sasl_regexp_unparse( BerVarray *out )
+{
+       int i;
+       struct berval bv;
+       BerVarray bva = NULL;
+       char ibuf[32], *ptr;
+       struct berval idx;
+
+       if ( !nSaslRegexp ) return;
+
+       idx.bv_val = ibuf;
+       bva = ch_malloc( (nSaslRegexp+1) * sizeof(struct berval) );
+       BER_BVZERO(bva+nSaslRegexp);
+       for ( i=0; i<nSaslRegexp; i++ ) {
+               idx.bv_len = sprintf( idx.bv_val, "{%d}", i);
+               bva[i].bv_len = idx.bv_len + strlen( SaslRegexp[i].sr_match ) +
+                       strlen( SaslRegexp[i].sr_replace ) + 5;
+               bva[i].bv_val = ch_malloc( bva[i].bv_len+1 );
+               ptr = lutil_strcopy( bva[i].bv_val, ibuf );
+               *ptr++ = '"';
+               ptr = lutil_strcopy( ptr, SaslRegexp[i].sr_match );
+               ptr = lutil_strcopy( ptr, "\" \"" );
+               ptr = lutil_strcopy( ptr, SaslRegexp[i].sr_replace );
+               *ptr++ = '"';
+               *ptr = '\0';
+       }
+       *out = bva;
+}
+
 /* Perform replacement on regexp matches */
 static void slap_sasl_rx_exp(
        const char *rep,
@@ -1101,8 +1145,7 @@ void slap_sasl2dn( Operation *opx,
                "converting SASL name %s to a DN\n",
                saslname->bv_val, 0,0 );
 
-       sasldn->bv_val = NULL;
-       sasldn->bv_len = 0;
+       BER_BVZERO( sasldn );
        cb.sc_private = sasldn;
 
        /* Convert the SASL name into a minimal URI */