/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* Portions Copyright 2000 Mark Adamson, Carnegie Mellon.
* All rights reserved.
*
#define SASL_AUTHZ_TO 0x02
#define SASL_AUTHZ_AND 0x10
+static const char *policy_txt[] = {
+ "none", "from", "to", "any"
+};
+
static int authz_policy = SASL_AUTHZ_NONE;
static
return rc;
}
+const char * slap_sasl_getpolicy()
+{
+ if ( authz_policy == (SASL_AUTHZ_FROM | SASL_AUTHZ_TO | SASL_AUTHZ_AND) )
+ return "all";
+ else
+ return policy_txt[authz_policy];
+}
+
int slap_parse_user( struct berval *id, struct berval *user,
struct berval *realm, struct berval *mech )
{
rc = ldap_url_parse( uri->bv_val, &ludp );
switch ( rc ) {
case LDAP_URL_SUCCESS:
+ /* FIXME: the check is pedantic, but I think it's necessary,
+ * because people tend to use things like ldaps:// which
+ * gives the idea SSL is being used. Maybe we could
+ * accept ldapi:// as well, but the point is that we use
+ * an URL as an easy means to define bits of a search with
+ * little parsing.
+ */
if ( strcasecmp( ludp->lud_scheme, "ldap" ) != 0 ) {
/*
* must be ldap:///
if ( !BER_BVISNULL( out ) ) {
char *val = out->bv_val;
ber_str2bv_x( val, 0, 1, out, ctx );
- free( val );
+ if ( val != in->bv_val ) {
+ free( val );
+ }
} else {
ber_dupbv_x( out, in, ctx );
}
goto CONCLUDED;
}
+ op.o_hdr = opx->o_hdr;
op.o_tag = LDAP_REQ_SEARCH;
- op.o_protocol = LDAP_VERSION3;
op.o_ndn = *authc;
op.o_callback = &cb;
op.o_time = slap_get_time();
op.o_do_not_cache = 1;
op.o_is_auth_check = 1;
- op.o_threadctx = opx->o_threadctx;
- op.o_tmpmemctx = opx->o_tmpmemctx;
- op.o_tmpmfuncs = opx->o_tmpmfuncs;
-#ifdef LDAP_SLAPI
- op.o_pb = opx->o_pb;
-#endif
- op.o_conn = opx->o_conn;
- op.o_connid = opx->o_connid;
/* use req_ndn as req_dn instead of non-pretty base of uri */
if( !BER_BVISNULL( &base ) ) {
ch_free( base.bv_val );
op.ors_tlimit = SLAP_NO_LIMIT;
op.ors_attrs = slap_anlist_no_attrs;
op.ors_attrsonly = 1;
- op.o_sync_slog_size = -1;
op.o_bd->be_search( &op, &rs );
"converting SASL name %s to a DN\n",
saslname->bv_val, 0,0 );
- sasldn->bv_val = NULL;
- sasldn->bv_len = 0;
+ BER_BVZERO( sasldn );
cb.sc_private = sasldn;
/* Convert the SASL name into a minimal URI */
goto FINISHED;
}
- op.o_conn = opx->o_conn;
- op.o_connid = opx->o_connid;
+ op.o_hdr = opx->o_hdr;
op.o_tag = LDAP_REQ_SEARCH;
- op.o_protocol = LDAP_VERSION3;
op.o_ndn = opx->o_conn->c_ndn;
op.o_callback = &cb;
op.o_time = slap_get_time();
op.o_do_not_cache = 1;
op.o_is_auth_check = 1;
- op.o_threadctx = opx->o_threadctx;
- op.o_tmpmemctx = opx->o_tmpmemctx;
- op.o_tmpmfuncs = opx->o_tmpmfuncs;
-#ifdef LDAP_SLAPI
- op.o_pb = opx->o_pb;
-#endif
op.ors_deref = LDAP_DEREF_NEVER;
op.ors_slimit = 1;
op.ors_tlimit = SLAP_NO_LIMIT;
op.ors_attrs = slap_anlist_no_attrs;
op.ors_attrsonly = 1;
- op.o_sync_slog_size = -1;
/* use req_ndn as req_dn instead of non-pretty base of uri */
if( !BER_BVISNULL( &base ) ) {
ch_free( base.bv_val );
projects / openldap / blobdiff