const char *c;
int rc, n;
SaslRegexp_t *reg;
+ struct berval bv, nbv;
SaslRegexp = (SaslRegexp_t *) ch_realloc( (char *) SaslRegexp,
(nSaslRegexp + 1) * sizeof(SaslRegexp_t) );
reg = &( SaslRegexp[nSaslRegexp] );
- reg->match = ch_strdup( match );
- reg->replace = ch_strdup( replace );
- dn_normalize( reg->match );
- dn_normalize( reg->replace );
+ ber_str2bv( match, 0, 0, &bv );
+ rc = dnNormalize2( NULL, &bv, &nbv );
+ if ( rc ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "sasl", LDAP_LEVEL_ERR,
+ "slap_sasl_regexp_config: \"%s\" could not be normalized.\n",
+ match ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "SASL match pattern %s could not be normalized.\n",
+ match, 0, 0 );
+#endif
+ return( rc );
+ }
+ reg->match = nbv.bv_val;
+
+ ber_str2bv( replace, 0, 0, &bv );
+ rc = dnNormalize2( NULL, &bv, &nbv );
+ if ( rc ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "sasl", LDAP_LEVEL_ERR,
+ "slap_sasl_regexp_config: \"%s\" could not be normalized.\n",
+ replace ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "SASL replace pattern %s could not be normalized.\n",
+ replace, 0, 0 );
+#endif
+ return( rc );
+ }
+ reg->replace = nbv.bv_val;
/* Precompile matching pattern */
rc = regcomp( ®->workspace, reg->match, REG_EXTENDED|REG_ICASE );
* entry, return the DN of that one entry.
*/
-char *slap_sasl2dn( char *saslname )
+void slap_sasl2dn( struct berval *saslname, struct berval *dn )
{
char *uri=NULL;
struct berval searchbase = {0, NULL};
- struct berval dn = {0, NULL};
int rc, scope;
Backend *be;
Filter *filter=NULL;
- slap_callback cb = {sasl_sc_r, sasl_sc_s, sasl_sc_sasl2dn, &dn};
+ slap_callback cb = {sasl_sc_r, sasl_sc_s, sasl_sc_sasl2dn, NULL};
Operation op = {0};
#ifdef NEW_LOGGING
LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY,
- "slap_sasl2dn: converting SASL name %s to DN.\n", saslname ));
+ "slap_sasl2dn: converting SASL name %s to DN.\n", saslname->bv_val ));
#else
Debug( LDAP_DEBUG_TRACE,
- "==>slap_sasl2dn: Converting SASL name %s to a DN\n", saslname, 0,0 );
+ "==>slap_sasl2dn: Converting SASL name %s to a DN\n", saslname->bv_val, 0,0 );
#endif
+ dn->bv_val = NULL;
+ dn->bv_len = 0;
+ cb.sc_private = dn;
/* Convert the SASL name into an LDAP URI */
- uri = slap_sasl_regexp( saslname );
+ uri = slap_sasl_regexp( saslname->bv_val );
if( uri == NULL )
goto FINISHED;
/* Massive shortcut: search scope == base */
if( scope == LDAP_SCOPE_BASE ) {
- dn = searchbase;
+ *dn = searchbase;
searchbase.bv_len = 0;
searchbase.bv_val = NULL;
goto FINISHED;
ldap_pvt_thread_mutex_init( &op.o_abandonmutex );
op.o_tag = LDAP_REQ_SEARCH;
op.o_protocol = LDAP_VERSION3;
- op.o_ndn.bv_val = saslname;
- op.o_ndn.bv_len = strlen(saslname);
+ op.o_ndn = *saslname;
op.o_callback = &cb;
op.o_time = slap_get_time();
#ifdef NEW_LOGGING
LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY,
"slap_sasl2dn: Converted SASL name to %s\n",
- dn.bv_len ? dn.bv_val : "<nothing>" ));
+ dn->bv_len ? dn->bv_val : "<nothing>" ));
#else
Debug( LDAP_DEBUG_TRACE, "<==slap_sasl2dn: Converted SASL name to %s\n",
- dn.bv_len ? dn.bv_val : "<nothing>", 0, 0 );
+ dn->bv_len ? dn->bv_val : "<nothing>", 0, 0 );
#endif
- return( dn.bv_val );
+ return;
}
typedef struct smatch_info {
*/
static
-int slap_sasl_match( char *rule, struct berval *assertDN, char *authc )
+int slap_sasl_match( char *rule, struct berval *assertDN, struct berval *authc )
{
struct berval searchbase = {0, NULL};
int rc, scope;
#ifdef NEW_LOGGING
LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY,
- "slap_sasl_match: comparing DN %s to rule %s\n", assertDN, rule ));
+ "slap_sasl_match: comparing DN %s to rule %s\n", assertDN->bv_val, rule ));
#else
Debug( LDAP_DEBUG_TRACE,
- "===>slap_sasl_match: comparing DN %s to rule %s\n", assertDN, rule, 0 );
+ "===>slap_sasl_match: comparing DN %s to rule %s\n", assertDN->bv_val, rule, 0 );
#endif
rc = slap_parseURI( rule, &searchbase, &scope, &filter );
ldap_pvt_thread_mutex_init( &op.o_abandonmutex );
op.o_tag = LDAP_REQ_SEARCH;
op.o_protocol = LDAP_VERSION3;
- op.o_ndn.bv_val = authc;
- op.o_ndn.bv_len = strlen(authc);
+ op.o_ndn = *authc;
op.o_callback = &cb;
op.o_time = slap_get_time();
* DN's passed in should have a dn: prefix
*/
static int
-slap_sasl_check_authz(char *searchDN, char *assertDN, struct berval *attr, char *authc)
+slap_sasl_check_authz(struct berval *searchDN, struct berval *assertDN, struct berval *attr, struct berval *authc)
{
const char *errmsg;
int i, rc;
#ifdef NEW_LOGGING
LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY,
"slap_sasl_check_authz: does %s match %s rule in %s?\n",
- assertDN, attr, searchDN ));
+ assertDN->bv_val, attr->bv_val, searchDN->bv_val ));
#else
Debug( LDAP_DEBUG_TRACE,
"==>slap_sasl_check_authz: does %s match %s rule in %s?\n",
- assertDN, attr, searchDN);
+ assertDN->bv_val, attr->bv_val, searchDN->bv_val);
#endif
rc = slap_bv2ad( attr, &ad, &errmsg );
if( rc != LDAP_SUCCESS )
goto COMPLETE;
- bv.bv_val = searchDN+3;
- bv.bv_len = strlen(bv.bv_val);
+ bv.bv_val = searchDN->bv_val + 3;
+ bv.bv_len = searchDN->bv_len - 3;
rc = backend_attribute( NULL, NULL, NULL, NULL, &bv, ad, &vals );
if( rc != LDAP_SUCCESS )
goto COMPLETE;
- bv.bv_val = assertDN+3;
- bv.bv_len = strlen(bv.bv_val);
+ bv.bv_val = assertDN->bv_val + 3;
+ bv.bv_len = assertDN->bv_len - 3;
/* Check if the *assertDN matches any **vals */
for( i=0; vals[i].bv_val != NULL; i++ ) {
rc = slap_sasl_match( vals[i].bv_val, &bv, authc );
#ifdef NEW_LOGGING
LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY,
- "slap_sasl_check_authz: %s check returning %s\n", attr, rc ));
+ "slap_sasl_check_authz: %s check returning %s\n", attr->bv_val, rc ));
#else
Debug( LDAP_DEBUG_TRACE,
- "<==slap_sasl_check_authz: %s check returning %d\n", attr, rc, 0);
+ "<==slap_sasl_check_authz: %s check returning %d\n", attr->bv_val, rc, 0);
#endif
return( rc );
static struct berval sasl_authz_dst = {
sizeof(SASL_AUTHZ_DEST_ATTR)-1, SASL_AUTHZ_DEST_ATTR };
-int slap_sasl_authorized( char *authcDN, char *authzDN )
+int slap_sasl_authorized( struct berval *authcDN, struct berval *authzDN )
{
int rc = LDAP_INAPPROPRIATE_AUTH;
#ifdef NEW_LOGGING
LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY,
- "slap_sasl_authorized: can %s become %s?\n", authcDN, authzDN ));
+ "slap_sasl_authorized: can %s become %s?\n", authcDN->bv_val, authzDN->bv_val ));
#else
Debug( LDAP_DEBUG_TRACE,
- "==>slap_sasl_authorized: can %s become %s?\n", authcDN, authzDN, 0 );
+ "==>slap_sasl_authorized: can %s become %s?\n", authcDN->bv_val, authzDN->bv_val, 0 );
#endif
/* If person is authorizing to self, succeed */
- if ( !strcmp( authcDN, authzDN ) ) {
+ if ( dn_match( authcDN, authzDN ) ) {
rc = LDAP_SUCCESS;
goto DONE;
}
projects / openldap / blobdiff