add new ber dump routine (behind NEW_LOGGING)

[openldap] / servers / slapd / saslauthz.c

diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
index 1caa446ff7533399664f4a0f8f457ba7075debb7..e4bcdb7c0e58d8e90f394e287159857a6e9475d6 100644 (file)
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -52,7 +52,7 @@ int slap_parseURI( char *uri, char **searchbase, int *scope, Filter **filter )
                return( LDAP_SUCCESS );
        }
 
-       end = index( uri + 7, '/' );
+       end = strchr( uri + 7, '/' );
        if ( end == NULL )
                return( LDAP_PROTOCOL_ERROR );
 
@@ -60,7 +60,7 @@ int slap_parseURI( char *uri, char **searchbase, int *scope, Filter **filter )
 
        /* Grab the searchbase */
        start = end+1;
-       end = index( start, '?' );
+       end = strchr( start, '?' );
        if( end == NULL ) {
                *searchbase = ch_strdup( start );
                dn_normalize( *searchbase );
@@ -73,7 +73,7 @@ int slap_parseURI( char *uri, char **searchbase, int *scope, Filter **filter )
 
        /* Skip the attrs */
        start = end+1;
-       end = index( start, '?' );
+       end = strchr( start, '?' );
        if( end == NULL ) {
                return( LDAP_SUCCESS );
        }
@@ -251,7 +251,7 @@ char *slap_sasl_regexp( char *saslname )
 
 
 /*
- * Given a SASL name (e.g. "UID=name+REALM=company,cn=GSSAPI,cn=AUTHZ")
+ * Given a SASL name (e.g. "UID=name+cn=REALM,cn=MECH,cn=AUTHZ")
  * return the LDAP DN to which it matches. The SASL regexp rules in the config
  * file turn the SASL name into an LDAP URI. If the URI is just a DN (or a
  * search with scope=base), just return the URI (or its searchbase). Otherwise
@@ -295,7 +295,7 @@ char *slap_sasl2dn( char *saslname )
           "slap_sasl2dn: performing internal search (base=%s, scope=%d)\n",
           searchbase, scope, 0 );
 
-       be = select_backend( searchbase );
+       be = select_backend( searchbase, 0 );
        if(( be == NULL ) || ( be->be_search == NULL))
                goto FINISHED;
        searchbase = suffix_alias( be, searchbase );
@@ -383,7 +383,7 @@ int slap_sasl_match( char *rule, char *assertDN, char *authc )
           "slap_sasl_match: performing internal search (base=%s, scope=%d)\n",
           searchbase, scope, 0 );
 
-       be = select_backend( searchbase );
+       be = select_backend( searchbase, 0 );
        if(( be == NULL ) || ( be->be_search == NULL)) {
                rc = LDAP_INAPPROPRIATE_AUTH;
                goto CONCLUDED;
@@ -489,7 +489,8 @@ COMPLETE:
 
 /* Check if a bind can SASL authorize to another identity. */
 
-int slap_sasl_authorized( Connection *conn, char *authcid, char *authzid )
+int slap_sasl_authorized( Connection *conn,
+       const char *authcid, const char *authzid )
 {
        int rc;
        char *saslname=NULL,*authcDN=NULL,*realm=NULL, *authzDN=NULL;
@@ -503,7 +504,7 @@ int slap_sasl_authorized( Connection *conn, char *authcid, char *authzid )
        sasl_getprop( conn->c_sasl_context, SASL_REALM, (void **)&realm );
 
        /* Allocate space */
-       rc = strlen("uid=+realm=,cn=,cn=AUTHZ ");
+       rc = strlen("uid=,cn=,cn=,cn=AUTHZ ");
        if ( realm ) rc += strlen( realm );
        if ( authcid ) rc += strlen( authcid );
        rc += strlen( conn->c_sasl_bind_mech );
@@ -515,7 +516,7 @@ int slap_sasl_authorized( Connection *conn, char *authcid, char *authzid )
        if ( authcid )
                rc += sprintf( saslname+rc, "%sUID=%s", rc?",":"", authcid);
        if ( realm )
-               rc += sprintf( saslname+rc, "%sREALM=%s", rc?"+":"", realm);
+               rc += sprintf( saslname+rc, "%sCN=%s", rc?",":"", realm);
        if ( conn->c_sasl_bind_mech )
                rc += sprintf( saslname+rc, "%sCN=%s", rc?",":"",
                   conn->c_sasl_bind_mech);