#include <ac/stdlib.h>
#include <stdio.h>
-#define SLAPD_TOOLS
#include "slap.h"
-#undef SLAPD_TOOLS
#include "proto-slap.h"
-#ifdef HAVE_STRINGS_H
-#include <strings.h>
-#elif defined (HAVE_STRING_H)
-#include <string.h>
-#endif
+#include <ac/string.h>
#ifdef HAVE_CYRUS_SASL
#include <limits.h>
#include <sasl.h>
#include <ldap_pvt.h>
-
-extern int nSaslRegexp;
-extern SaslRegexp_t *SaslRegexp;
#endif
return( LDAP_SUCCESS );
}
- end = index( uri + 7, '/' );
+ end = strchr( uri + 7, '/' );
if ( end == NULL )
return( LDAP_PROTOCOL_ERROR );
/* Grab the searchbase */
start = end+1;
- end = index( start, '?' );
+ end = strchr( start, '?' );
if( end == NULL ) {
*searchbase = ch_strdup( start );
dn_normalize( *searchbase );
/* Skip the attrs */
start = end+1;
- end = index( start, '?' );
+ end = strchr( start, '?' );
if( end == NULL ) {
return( LDAP_SUCCESS );
}
/* Match the normalized SASL name to the saslregexp patterns */
for( reg = SaslRegexp,i=0; i<nSaslRegexp; i++,reg++ ) {
if ( regexec( ®->workspace, saslname, SASLREGEX_REPLACE,
- reg->strings, 0) == REG_OK )
+ reg->strings, 0) == 0 )
break;
}
/*
- * Given a SASL name (e.g. "UID=name+REALM=company,cn=GSSAPI,cn=AUTHZ")
+ * Given a SASL name (e.g. "UID=name+cn=REALM,cn=MECH,cn=AUTHZ")
* return the LDAP DN to which it matches. The SASL regexp rules in the config
* file turn the SASL name into an LDAP URI. If the URI is just a DN (or a
* search with scope=base), just return the URI (or its searchbase). Otherwise
"slap_sasl2dn: performing internal search (base=%s, scope=%d)\n",
searchbase, scope, 0 );
- be = select_backend( searchbase );
+ be = select_backend( searchbase, 0 );
if(( be == NULL ) || ( be->be_search == NULL))
goto FINISHED;
searchbase = suffix_alias( be, searchbase );
"slap_sasl_match: performing internal search (base=%s, scope=%d)\n",
searchbase, scope, 0 );
- be = select_backend( searchbase );
+ be = select_backend( searchbase, 0 );
if(( be == NULL ) || ( be->be_search == NULL)) {
rc = LDAP_INAPPROPRIATE_AUTH;
goto CONCLUDED;
/* Check if a bind can SASL authorize to another identity. */
-int slap_sasl_authorized( Connection *conn, char *authcid, char *authzid )
+int slap_sasl_authorized( Connection *conn,
+ const char *authcid, const char *authzid )
{
int rc;
char *saslname=NULL,*authcDN=NULL,*realm=NULL, *authzDN=NULL;
sasl_getprop( conn->c_sasl_context, SASL_REALM, (void **)&realm );
/* Allocate space */
- rc = strlen("uid=+realm=,cn=,cn=AUTHZ ");
+ rc = strlen("uid=,cn=,cn=,cn=AUTHZ ");
if ( realm ) rc += strlen( realm );
if ( authcid ) rc += strlen( authcid );
rc += strlen( conn->c_sasl_bind_mech );
if ( authcid )
rc += sprintf( saslname+rc, "%sUID=%s", rc?",":"", authcid);
if ( realm )
- rc += sprintf( saslname+rc, "%sREALM=%s", rc?"+":"", realm);
+ rc += sprintf( saslname+rc, "%sCN=%s", rc?",":"", realm);
if ( conn->c_sasl_bind_mech )
rc += sprintf( saslname+rc, "%sCN=%s", rc?",":"",
conn->c_sasl_bind_mech);
projects / openldap / blobdiff