X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fsaslauthz.c;h=28044d69936965f608feceb5e7a586688e5306a8;hb=62b6b326338d5162b0f570eaeb8a227fbc5a9c62;hp=520ef9b1a3b05d8bf996d7aba466c7ab72a61bd2;hpb=e1268a943b2a31bde908a6523b261e9c98049a2e;p=openldap diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c index 520ef9b1a3..28044d6993 100644 --- a/servers/slapd/saslauthz.c +++ b/servers/slapd/saslauthz.c @@ -26,7 +26,6 @@ #include -#include #include "lutil.h" #define SASLREGEX_REPLACE 10 @@ -37,6 +36,7 @@ #define LDAP_X_SCOPE_SUBTREE ((ber_int_t) 0x0040) #define LDAP_X_SCOPE_ONELEVEL ((ber_int_t) 0x0050) #define LDAP_X_SCOPE_GROUP ((ber_int_t) 0x0060) +#define LDAP_X_SCOPE_USERS ((ber_int_t) 0x0070) /* * IDs in DNauthzid form can now have a type specifier, that @@ -89,6 +89,10 @@ struct rewrite_info *sasl_rwinfo = NULL; static int authz_policy = SASL_AUTHZ_NONE; +static +int slap_sasl_match( Operation *opx, struct berval *rule, + struct berval *assertDN, struct berval *authc ); + int slap_sasl_setpolicy( const char *arg ) { int rc = LDAP_SUCCESS; @@ -201,13 +205,8 @@ static int slap_parseURI( Operation *op, struct berval *uri, *scope = -1; *filter = NULL; -#ifdef NEW_LOGGING - LDAP_LOG( TRANSPORT, ENTRY, - "slap_parseURI: parsing %s\n", uri->bv_val, 0, 0 ); -#else Debug( LDAP_DEBUG_TRACE, "slap_parseURI: parsing %s\n", uri->bv_val, 0, 0 ); -#endif rc = LDAP_PROTOCOL_ERROR; /* @@ -248,8 +247,10 @@ static int slap_parseURI( Operation *op, struct berval *uri, } } else { - if ( bv.bv_val[ 0 ] != ':' ) + if ( bv.bv_val[ 0 ] != ':' ) { return LDAP_PROTOCOL_ERROR; + } + *scope = LDAP_X_SCOPE_EXACT; bv.bv_val++; } @@ -258,6 +259,11 @@ static int slap_parseURI( Operation *op, struct berval *uri, * and uri was not an URI... HEADS-UP: assuming EXACT */ is_dn: bv.bv_len = uri->bv_len - (bv.bv_val - uri->bv_val); + /* a single '*' means any DN without using regexes */ + if ( ber_bvccmp( &bv, '*' ) ) { + *scope = LDAP_X_SCOPE_USERS; + } + switch ( *scope ) { case LDAP_X_SCOPE_EXACT: case LDAP_X_SCOPE_CHILDREN: @@ -271,6 +277,8 @@ is_dn: bv.bv_len = uri->bv_len - (bv.bv_val - uri->bv_val); case LDAP_X_SCOPE_REGEX: ber_dupbv_x( nbase, &bv, op->o_tmpmemctx ); + + case LDAP_X_SCOPE_USERS: rc = LDAP_SUCCESS; break; @@ -368,21 +376,27 @@ is_dn: bv.bv_len = uri->bv_len - (bv.bv_val - uri->bv_val); group_dn.bv_val++; group_dn.bv_len = uri->bv_len - ( group_dn.bv_val - uri->bv_val ); - fstr->bv_len = STRLENOF( "(&(objectClass=)(=" ) + group_oc.bv_len + member_at.bv_len; + rc = dnNormalize( 0, NULL, NULL, &group_dn, nbase, op->o_tmpmemctx ); + if ( rc != LDAP_SUCCESS ) { + *scope = -1; + return rc; + } + *scope = LDAP_X_SCOPE_GROUP; + + /* FIXME: caller needs to add value of member attribute + * and close brackets twice */ + fstr->bv_len = STRLENOF( "(&(objectClass=)(=" /* )) */ ) + + group_oc.bv_len + member_at.bv_len; fstr->bv_val = ch_malloc( fstr->bv_len + 1 ); - tmp = lutil_strncopy( fstr->bv_val, "(&(objectClass=", STRLENOF( "(&(objectClass=" ) ); + tmp = lutil_strncopy( fstr->bv_val, "(&(objectClass=" /* )) */ , + STRLENOF( "(&(objectClass=" /* )) */ ) ); tmp = lutil_strncopy( tmp, group_oc.bv_val, group_oc.bv_len ); - tmp = lutil_strncopy( tmp, ")(", STRLENOF( ")(" ) ); + tmp = lutil_strncopy( tmp, /* ( */ ")(" /* ) */ , + STRLENOF( /* ( */ ")(" /* ) */ ) ); tmp = lutil_strncopy( tmp, member_at.bv_val, member_at.bv_len ); tmp = lutil_strncopy( tmp, "=", STRLENOF( "=" ) ); - rc = dnNormalize( 0, NULL, NULL, &group_dn, nbase, op->o_tmpmemctx ); - if ( rc != LDAP_SUCCESS ) { - *scope = -1; - } else { - *scope = LDAP_X_SCOPE_GROUP; - } return rc; } @@ -466,16 +480,10 @@ static int slap_sasl_rx_off(char *rep, int *off) } if ( *c == '$' ) { if ( n == SASLREGEX_REPLACE ) { -#ifdef NEW_LOGGING - LDAP_LOG( TRANSPORT, ERR, - "slap_sasl_rx_off: \"%s\" has too many $n " - "placeholders (max %d)\n", rep, SASLREGEX_REPLACE, 0 ); -#else Debug( LDAP_DEBUG_ANY, "SASL replace pattern %s has too many $n " "placeholders (max %d)\n", rep, SASLREGEX_REPLACE, 0 ); -#endif return( LDAP_OTHER ); } @@ -534,8 +542,7 @@ int slap_sasl_regexp_rewrite_config( const char *context ) { int rc; - char *newreplace, *p; - char *argvRule[] = { "rewriteRule", NULL, NULL, "@", NULL }; + char *argvRule[] = { "rewriteRule", NULL, NULL, ":@", NULL }; /* init at first call */ if ( sasl_rwinfo == NULL ) { @@ -559,20 +566,9 @@ int slap_sasl_regexp_rewrite_config( } } - newreplace = ch_strdup( replace ); - - for (p = strchr( newreplace, '$' ); p; p = strchr( p + 1, '$' ) ) { - if ( isdigit( p[1] ) ) { - p[0] = '%'; - } else { - p++; - } - } - argvRule[1] = (char *)match; - argvRule[2] = newreplace; + argvRule[2] = (char *)replace; rc = rewrite_parse( sasl_rwinfo, fname, lineno, 4, argvRule ); - ch_free( newreplace ); return rc; } @@ -598,15 +594,9 @@ int slap_sasl_regexp_config( const char *match, const char *replace ) /* Precompile matching pattern */ rc = regcomp( ®->sr_workspace, reg->sr_match, REG_EXTENDED|REG_ICASE ); if ( rc ) { -#ifdef NEW_LOGGING - LDAP_LOG( TRANSPORT, ERR, - "slap_sasl_regexp_config: \"%s\" could not be compiled.\n", - reg->sr_match, 0, 0 ); -#else Debug( LDAP_DEBUG_ANY, "SASL match pattern %s could not be compiled by regexp engine\n", reg->sr_match, 0, 0 ); -#endif return( LDAP_OTHER ); } @@ -675,7 +665,7 @@ static void slap_sasl_rx_exp( LDAP URI to find the matching LDAP entry, using the pattern matching strings given in the saslregexp config file directive(s) */ -static int slap_sasl_regexp( struct berval *in, struct berval *out, +static int slap_authz_regexp( struct berval *in, struct berval *out, int flags, void *ctx ) { #ifdef SLAP_AUTH_REWRITE @@ -698,15 +688,9 @@ static int slap_sasl_regexp( struct berval *in, struct berval *out, } else { ber_dupbv_x( out, in, ctx ); } -#ifdef NEW_LOGGING - LDAP_LOG( BACK_LDAP, DETAIL1, - "[rw] %s: \"%s\" -> \"%s\"\n", - context, in->bv_val, out->bv_val ); -#else /* !NEW_LOGGING */ Debug( LDAP_DEBUG_ARGS, "[rw] %s: \"%s\" -> \"%s\"\n", context, in->bv_val, out->bv_val ); -#endif /* !NEW_LOGGING */ return 1; case REWRITE_REGEXEC_UNWILLING: @@ -723,13 +707,8 @@ static int slap_sasl_regexp( struct berval *in, struct berval *out, memset( out, 0, sizeof( *out ) ); -#ifdef NEW_LOGGING - LDAP_LOG( TRANSPORT, ENTRY, - "slap_sasl_regexp: converting SASL name %s\n", saslname, 0, 0 ); -#else - Debug( LDAP_DEBUG_TRACE, "slap_sasl_regexp: converting SASL name %s\n", + Debug( LDAP_DEBUG_TRACE, "slap_authz_regexp: converting SASL name %s\n", saslname, 0, 0 ); -#endif if (( saslname == NULL ) || ( nSaslRegexp == 0 )) { return( 0 ); @@ -752,15 +731,9 @@ static int slap_sasl_regexp( struct berval *in, struct berval *out, slap_sasl_rx_exp( reg->sr_replace, reg->sr_offset, sr_strings, saslname, out, ctx ); -#ifdef NEW_LOGGING - LDAP_LOG( TRANSPORT, ENTRY, - "slap_sasl_regexp: converted SASL name to %s\n", - BER_BVISEMPTY( out ) ? "" : out->bv_val, 0, 0 ); -#else Debug( LDAP_DEBUG_TRACE, - "slap_sasl_regexp: converted SASL name to %s\n", + "slap_authz_regexp: converted SASL name to %s\n", BER_BVISEMPTY( out ) ? "" : out->bv_val, 0, 0 ); -#endif return( 1 ); #endif /* ! SLAP_AUTH_REWRITE */ @@ -778,13 +751,8 @@ static int sasl_sc_sasl2dn( Operation *o, SlapReply *rs ) o->o_tmpfree(ndn->bv_val, o->o_tmpmemctx); BER_BVZERO( ndn ); -#ifdef NEW_LOGGING - LDAP_LOG( TRANSPORT, DETAIL1, - "slap_sc_sasl2dn: search DN returned more than 1 entry\n", 0, 0, 0 ); -#else Debug( LDAP_DEBUG_TRACE, "slap_sc_sasl2dn: search DN returned more than 1 entry\n", 0, 0, 0 ); -#endif return -1; } @@ -824,6 +792,24 @@ static int sasl_sc_smatch( Operation *o, SlapReply *rs ) return 0; } +int +slap_sasl_matches( Operation *op, BerVarray rules, + struct berval *assertDN, struct berval *authc ) +{ + int rc = LDAP_INAPPROPRIATE_AUTH; + + if ( rules != NULL ) { + int i; + + for( i = 0; !BER_BVISNULL( &rules[i] ); i++ ) { + rc = slap_sasl_match( op, &rules[i], assertDN, authc ); + if ( rc == LDAP_SUCCESS ) break; + } + } + + return rc; +} + /* * Map a SASL regexp rule to a DN. If the rule is just a DN or a scope=base * URI, just strcmp the rule (or its searchbase) to the *assertDN. Otherwise, @@ -848,24 +834,16 @@ int slap_sasl_match( Operation *opx, struct berval *rule, sm.match = 0; cb.sc_private = &sm; -#ifdef NEW_LOGGING - LDAP_LOG( TRANSPORT, ENTRY, - "slap_sasl_match: comparing DN %s to rule %s\n", - assertDN->bv_val, rule->bv_val,0 ); -#else Debug( LDAP_DEBUG_TRACE, "===>slap_sasl_match: comparing DN %s to rule %s\n", assertDN->bv_val, rule->bv_val, 0 ); -#endif rc = slap_parseURI( opx, rule, &op.o_req_dn, - &op.o_req_ndn, &op.oq_search.rs_scope, &op.oq_search.rs_filter, + &op.o_req_ndn, &op.ors_scope, &op.ors_filter, &op.ors_filterstr ); if( rc != LDAP_SUCCESS ) goto CONCLUDED; - /* Massive shortcut: search scope == base */ - switch ( op.oq_search.rs_scope ) { - case LDAP_SCOPE_BASE: + switch ( op.ors_scope ) { case LDAP_X_SCOPE_EXACT: exact_match: if ( dn_match( &op.o_req_ndn, assertDN ) ) { @@ -883,7 +861,7 @@ exact_match: rc = LDAP_INAPPROPRIATE_AUTH; - if ( d == 0 && op.oq_search.rs_scope == LDAP_X_SCOPE_SUBTREE ) { + if ( d == 0 && op.ors_scope == LDAP_X_SCOPE_SUBTREE ) { goto exact_match; } else if ( d > 0 ) { @@ -899,7 +877,7 @@ exact_match: bv.bv_val = assertDN->bv_val + d; if ( bv.bv_val[ -1 ] == ',' && dn_match( &op.o_req_ndn, &bv ) ) { - switch ( op.oq_search.rs_scope ) { + switch ( op.ors_scope ) { case LDAP_X_SCOPE_SUBTREE: case LDAP_X_SCOPE_CHILDREN: rc = LDAP_SUCCESS; @@ -949,16 +927,16 @@ exact_match: * we need to append the so that the is searched * with scope "base", and the filter ensures that is * member of the group */ - tmp = ch_realloc( op.ors_filterstr.bv_val, - op.ors_filterstr.bv_len + assertDN->bv_len + STRLENOF( "))" ) + 1 ); + tmp = ch_realloc( op.ors_filterstr.bv_val, op.ors_filterstr.bv_len + + assertDN->bv_len + STRLENOF( /*"(("*/ "))" ) + 1 ); if ( tmp == NULL ) { rc = LDAP_NO_MEMORY; goto CONCLUDED; } op.ors_filterstr.bv_val = tmp; - tmp = lutil_strcopy( &tmp[ op.ors_filterstr.bv_len ], assertDN->bv_val ); - tmp = lutil_strcopy( tmp, "))" ); + tmp = lutil_strcopy( &tmp[op.ors_filterstr.bv_len], assertDN->bv_val ); + tmp = lutil_strcopy( tmp, /*"(("*/ "))" ); /* pass opx because str2filter_x may (and does) use o_tmpmfuncs */ op.ors_filter = str2filter_x( opx, op.ors_filterstr.bv_val ); @@ -976,25 +954,27 @@ exact_match: break; } + case LDAP_X_SCOPE_USERS: + if ( !BER_BVISEMPTY( assertDN ) ) { + rc = LDAP_SUCCESS; + } else { + rc = LDAP_INAPPROPRIATE_AUTH; + } + goto CONCLUDED; + default: break; } /* Must run an internal search. */ - if ( op.oq_search.rs_filter == NULL ) { + if ( op.ors_filter == NULL ) { rc = LDAP_FILTER_ERROR; goto CONCLUDED; } -#ifdef NEW_LOGGING - LDAP_LOG( TRANSPORT, DETAIL1, - "slap_sasl_match: performing internal search (base=%s, scope=%d)\n", - op.o_req_ndn.bv_val, op.oq_search.rs_scope, 0 ); -#else Debug( LDAP_DEBUG_TRACE, "slap_sasl_match: performing internal search (base=%s, scope=%d)\n", - op.o_req_ndn.bv_val, op.oq_search.rs_scope, 0 ); -#endif + op.o_req_ndn.bv_val, op.ors_scope, 0 ); op.o_bd = select_backend( &op.o_req_ndn, 0, 1 ); if(( op.o_bd == NULL ) || ( op.o_bd->be_search == NULL)) { @@ -1020,8 +1000,10 @@ exact_match: /* use req_ndn as req_dn instead of non-pretty base of uri */ if( !BER_BVISNULL( &op.o_req_dn ) ) ch_free( op.o_req_dn.bv_val ); ber_dupbv_x( &op.o_req_dn, &op.o_req_ndn, op.o_tmpmemctx ); - op.oq_search.rs_slimit = 1; - op.oq_search.rs_tlimit = -1; + op.ors_slimit = 1; + op.ors_tlimit = SLAP_NO_LIMIT; + op.ors_attrs = slap_anlist_no_attrs; + op.ors_attrsonly = 1; op.o_sync_slog_size = -1; op.o_bd->be_search( &op, &rs ); @@ -1035,16 +1017,11 @@ exact_match: CONCLUDED: if( !BER_BVISNULL( &op.o_req_dn ) ) slap_sl_free( op.o_req_dn.bv_val, opx->o_tmpmemctx ); if( !BER_BVISNULL( &op.o_req_ndn ) ) slap_sl_free( op.o_req_ndn.bv_val, opx->o_tmpmemctx ); - if( op.oq_search.rs_filter ) filter_free_x( opx, op.oq_search.rs_filter ); + if( op.ors_filter ) filter_free_x( opx, op.ors_filter ); if( !BER_BVISNULL( &op.ors_filterstr ) ) ch_free( op.ors_filterstr.bv_val ); -#ifdef NEW_LOGGING - LDAP_LOG( TRANSPORT, ENTRY, - "slap_sasl_match: comparison returned %d\n", rc, 0, 0 ); -#else Debug( LDAP_DEBUG_TRACE, "<===slap_sasl_match: comparison returned %d\n", rc, 0, 0); -#endif return( rc ); } @@ -1066,43 +1043,24 @@ slap_sasl_check_authz( Operation *op, struct berval *authc ) { int i, rc; - BerVarray vals=NULL; + BerVarray vals = NULL; -#ifdef NEW_LOGGING - LDAP_LOG( TRANSPORT, ENTRY, - "slap_sasl_check_authz: does %s match %s rule in %s?\n", - assertDN->bv_val, ad->ad_cname.bv_val, searchDN->bv_val); -#else Debug( LDAP_DEBUG_TRACE, "==>slap_sasl_check_authz: does %s match %s rule in %s?\n", assertDN->bv_val, ad->ad_cname.bv_val, searchDN->bv_val); -#endif - rc = backend_attribute( op, NULL, - searchDN, ad, &vals ); + rc = backend_attribute( op, NULL, searchDN, ad, &vals, ACL_AUTH ); if( rc != LDAP_SUCCESS ) goto COMPLETE; - /* Check if the *assertDN matches any **vals */ - if( vals != NULL ) { - for( i=0; !BER_BVISNULL( &vals[i] ); i++ ) { - rc = slap_sasl_match( op, &vals[i], assertDN, authc ); - if ( rc == LDAP_SUCCESS ) goto COMPLETE; - } - } - rc = LDAP_INAPPROPRIATE_AUTH; + /* Check if the *assertDN matches any *vals */ + rc = slap_sasl_matches( op, vals, assertDN, authc ); COMPLETE: if( vals ) ber_bvarray_free_x( vals, op->o_tmpmemctx ); -#ifdef NEW_LOGGING - LDAP_LOG( TRANSPORT, RESULTS, - "slap_sasl_check_authz: %s check returning %s\n", - ad->ad_cname.bv_val, rc, 0 ); -#else Debug( LDAP_DEBUG_TRACE, "<==slap_sasl_check_authz: %s check returning %d\n", ad->ad_cname.bv_val, rc, 0); -#endif return( rc ); } @@ -1124,27 +1082,21 @@ void slap_sasl2dn( Operation *opx, SlapReply rs = {REP_RESULT}; struct berval regout = BER_BVNULL; -#ifdef NEW_LOGGING - LDAP_LOG( TRANSPORT, ENTRY, - "slap_sasl2dn: converting SASL name %s to DN.\n", - saslname->bv_val, 0, 0 ); -#else Debug( LDAP_DEBUG_TRACE, "==>slap_sasl2dn: " "converting SASL name %s to a DN\n", saslname->bv_val, 0,0 ); -#endif sasldn->bv_val = NULL; sasldn->bv_len = 0; cb.sc_private = sasldn; /* Convert the SASL name into a minimal URI */ - if( !slap_sasl_regexp( saslname, ®out, flags, opx->o_tmpmemctx ) ) { + if( !slap_authz_regexp( saslname, ®out, flags, opx->o_tmpmemctx ) ) { goto FINISHED; } rc = slap_parseURI( opx, ®out, &op.o_req_dn, - &op.o_req_ndn, &op.oq_search.rs_scope, &op.oq_search.rs_filter, + &op.o_req_ndn, &op.ors_scope, &op.ors_filter, &op.ors_filterstr ); if ( !BER_BVISNULL( ®out ) ) slap_sl_free( regout.bv_val, opx->o_tmpmemctx ); if ( rc != LDAP_SUCCESS ) { @@ -1154,9 +1106,7 @@ void slap_sasl2dn( Operation *opx, /* Must do an internal search */ op.o_bd = select_backend( &op.o_req_ndn, 0, 1 ); - /* Massive shortcut: search scope == base */ - switch ( op.oq_search.rs_scope ) { - case LDAP_SCOPE_BASE: + switch ( op.ors_scope ) { case LDAP_X_SCOPE_EXACT: *sasldn = op.o_req_ndn; BER_BVZERO( &op.o_req_ndn ); @@ -1167,9 +1117,11 @@ void slap_sasl2dn( Operation *opx, case LDAP_X_SCOPE_CHILDREN: case LDAP_X_SCOPE_ONELEVEL: case LDAP_X_SCOPE_GROUP: + case LDAP_X_SCOPE_USERS: /* correctly parsed, but illegal */ goto FINISHED; + case LDAP_SCOPE_BASE: case LDAP_SCOPE_ONELEVEL: case LDAP_SCOPE_SUBTREE: #ifdef LDAP_SCOPE_SUBORDINATE @@ -1183,15 +1135,9 @@ void slap_sasl2dn( Operation *opx, assert( 0 ); } -#ifdef NEW_LOGGING - LDAP_LOG( TRANSPORT, DETAIL1, - "slap_sasl2dn: performing internal search (base=%s, scope=%d)\n", - op.o_req_ndn.bv_val, op.oq_search.rs_scope, 0 ); -#else Debug( LDAP_DEBUG_TRACE, "slap_sasl2dn: performing internal search (base=%s, scope=%d)\n", - op.o_req_ndn.bv_val, op.oq_search.rs_scope, 0 ); -#endif + op.o_req_ndn.bv_val, op.ors_scope, 0 ); if(( op.o_bd == NULL ) || ( op.o_bd->be_search == NULL)) { goto FINISHED; @@ -1212,10 +1158,12 @@ void slap_sasl2dn( Operation *opx, #ifdef LDAP_SLAPI op.o_pb = opx->o_pb; #endif - op.oq_search.rs_deref = LDAP_DEREF_NEVER; - op.oq_search.rs_slimit = 1; - op.oq_search.rs_tlimit = -1; - op.oq_search.rs_attrsonly = 1; + op.ors_deref = LDAP_DEREF_NEVER; + op.ors_slimit = 1; + op.ors_tlimit = SLAP_NO_LIMIT; + op.ors_attrs = slap_anlist_no_attrs; + op.ors_attrsonly = 1; + op.o_sync_slog_size = -1; /* use req_ndn as req_dn instead of non-pretty base of uri */ if( !BER_BVISNULL( &op.o_req_dn ) ) ch_free( op.o_req_dn.bv_val ); ber_dupbv_x( &op.o_req_dn, &op.o_req_ndn, op.o_tmpmemctx ); @@ -1226,19 +1174,21 @@ FINISHED: if( !BER_BVISEMPTY( sasldn ) ) { opx->o_conn->c_authz_backend = op.o_bd; } - if( !BER_BVISNULL( &op.o_req_dn ) ) slap_sl_free( op.o_req_dn.bv_val, opx->o_tmpmemctx ); - if( !BER_BVISNULL( &op.o_req_ndn ) ) slap_sl_free( op.o_req_ndn.bv_val, opx->o_tmpmemctx ); - if( op.oq_search.rs_filter ) filter_free_x( opx, op.oq_search.rs_filter ); - if( !BER_BVISNULL( &op.ors_filterstr ) ) ch_free( op.ors_filterstr.bv_val ); + if( !BER_BVISNULL( &op.o_req_dn ) ) { + slap_sl_free( op.o_req_dn.bv_val, opx->o_tmpmemctx ); + } + if( !BER_BVISNULL( &op.o_req_ndn ) ) { + slap_sl_free( op.o_req_ndn.bv_val, opx->o_tmpmemctx ); + } + if( op.ors_filter ) { + filter_free_x( opx, op.ors_filter ); + } + if( !BER_BVISNULL( &op.ors_filterstr ) ) { + ch_free( op.ors_filterstr.bv_val ); + } -#ifdef NEW_LOGGING - LDAP_LOG( TRANSPORT, ENTRY, - "slap_sasl2dn: Converted SASL name to %s\n", - !BER_BVISEMPTY( sasldn ) ? sasldn->bv_val : "", 0, 0 ); -#else Debug( LDAP_DEBUG_TRACE, "<==slap_sasl2dn: Converted SASL name to %s\n", !BER_BVISEMPTY( sasldn ) ? sasldn->bv_val : "", 0, 0 ); -#endif return; } @@ -1259,15 +1209,9 @@ int slap_sasl_authorized( Operation *op, goto DONE; } -#ifdef NEW_LOGGING - LDAP_LOG( TRANSPORT, ENTRY, - "slap_sasl_authorized: can %s become %s?\n", - authcDN->bv_val, authzDN->bv_val, 0 ); -#else Debug( LDAP_DEBUG_TRACE, "==>slap_sasl_authorized: can %s become %s?\n", authcDN->bv_val, authzDN->bv_val, 0 ); -#endif /* If person is authorizing to self, succeed */ if ( dn_match( authcDN, authzDN ) ) { @@ -1305,12 +1249,8 @@ int slap_sasl_authorized( Operation *op, DONE: -#ifdef NEW_LOGGING - LDAP_LOG( TRANSPORT, RESULTS, "slap_sasl_authorized: return %d\n", rc,0,0 ); -#else Debug( LDAP_DEBUG_TRACE, "<== slap_sasl_authorized: return %d\n", rc, 0, 0 ); -#endif return( rc ); }