X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fsaslauthz.c;h=3fd24ad87d2386f35b584f493090694b036fbfd6;hb=5714f8565ff4228270ed2c97f78f5b31ce085b6e;hp=9b8a07f825719f7405f31bc1714949f185c492e2;hpb=eb9a3c18767fe87d2a1f7fbbc6b3d676779eb5b7;p=openldap diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c index 9b8a07f825..3fd24ad87d 100644 --- a/servers/slapd/saslauthz.c +++ b/servers/slapd/saslauthz.c @@ -1313,7 +1313,8 @@ int slap_sasl_rewrite_config( return rc; } -int slap_sasl_rewrite_destroy( void ) +static int +slap_sasl_rewrite_destroy( void ) { if ( sasl_rwinfo ) { rewrite_info_delete( &sasl_rwinfo ); @@ -1373,38 +1374,59 @@ int slap_sasl_regexp_config( const char *match, const char *replace ) reg = &SaslRegexp[nSaslRegexp]; - reg->sr_match = ch_strdup( match ); - reg->sr_replace = ch_strdup( replace ); - #ifdef SLAP_AUTH_REWRITE rc = slap_sasl_regexp_rewrite_config( "sasl-regexp", 0, match, replace, AUTHID_CONTEXT ); - if ( rc == LDAP_SUCCESS ) nSaslRegexp++; - return rc; #else /* ! SLAP_AUTH_REWRITE */ /* Precompile matching pattern */ - rc = regcomp( ®->sr_workspace, reg->sr_match, REG_EXTENDED|REG_ICASE ); + rc = regcomp( ®->sr_workspace, match, REG_EXTENDED|REG_ICASE ); if ( rc ) { Debug( LDAP_DEBUG_ANY, - "SASL match pattern %s could not be compiled by regexp engine\n", - reg->sr_match, 0, 0 ); + "SASL match pattern %s could not be compiled by regexp engine\n", + match, 0, 0 ); #ifdef ENABLE_REWRITE - /* Dummy block to force symbol references in librewrite */ - if ( slapMode == ( SLAP_SERVER_MODE|SLAP_TOOL_MODE )) { - rewrite_info_init( 0 ); - } + /* Dummy block to force symbol references in librewrite */ + if ( slapMode == ( SLAP_SERVER_MODE|SLAP_TOOL_MODE )) { + rewrite_info_init( 0 ); + } #endif return( LDAP_OTHER ); } - rc = slap_sasl_rx_off( reg->sr_replace, reg->sr_offset ); - if ( rc != LDAP_SUCCESS ) return rc; - - nSaslRegexp++; - return( LDAP_SUCCESS ); + rc = slap_sasl_rx_off( replace, reg->sr_offset ); #endif /* ! SLAP_AUTH_REWRITE */ + if ( rc == LDAP_SUCCESS ) { + reg->sr_match = ch_strdup( match ); + reg->sr_replace = ch_strdup( replace ); + + nSaslRegexp++; + } + + return rc; +} + +void +slap_sasl_regexp_destroy( void ) +{ + if ( SaslRegexp ) { + int n; + + for ( n = 0; n < nSaslRegexp; n++ ) { + ch_free( SaslRegexp[ n ].sr_match ); + ch_free( SaslRegexp[ n ].sr_replace ); +#ifndef SLAP_AUTH_REWRITE + regfree( &SaslRegexp[ n ].sr_workspace ); +#endif /* SLAP_AUTH_REWRITE */ + } + + ch_free( SaslRegexp ); + } + +#ifdef SLAP_AUTH_REWRITE + slap_sasl_rewrite_destroy(); +#endif /* SLAP_AUTH_REWRITE */ } void slap_sasl_regexp_unparse( BerVarray *out ) @@ -1570,24 +1592,25 @@ static int slap_authz_regexp( struct berval *in, struct berval *out, } /* This callback actually does some work...*/ -static int sasl_sc_sasl2dn( Operation *o, SlapReply *rs ) +static int sasl_sc_sasl2dn( Operation *op, SlapReply *rs ) { - struct berval *ndn = o->o_callback->sc_private; + struct berval *ndn = op->o_callback->sc_private; - if (rs->sr_type != REP_SEARCH) return 0; + if ( rs->sr_type != REP_SEARCH ) return LDAP_SUCCESS; /* We only want to be called once */ if ( !BER_BVISNULL( ndn ) ) { - o->o_tmpfree(ndn->bv_val, o->o_tmpmemctx); + op->o_tmpfree( ndn->bv_val, op->o_tmpmemctx ); BER_BVZERO( ndn ); Debug( LDAP_DEBUG_TRACE, - "slap_sc_sasl2dn: search DN returned more than 1 entry\n", 0, 0, 0 ); - return -1; + "%s: slap_sc_sasl2dn: search DN returned more than 1 entry\n", + op->o_log_prefix, 0, 0 ); + return LDAP_OTHER; } - ber_dupbv_x(ndn, &rs->sr_entry->e_nname, o->o_tmpmemctx); - return 0; + ber_dupbv_x( ndn, &rs->sr_entry->e_nname, op->o_tmpmemctx ); + return LDAP_SUCCESS; }