X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fsaslauthz.c;h=a30340e31aa1101e936388543d7b0a0382b96d9a;hb=af866c3b44ba37577671f2bffd482499f4b8bc00;hp=df3cde64ab940c41f6f7e7bd46ef143b9ef3ffa2;hpb=52b878dcc098275672eece1ab8c07eca9fc28a1f;p=openldap

diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
index df3cde64ab..a30340e31a 100644
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -1,7 +1,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
  * Portions Copyright 2000 Mark Adamson, Carnegie Mellon.
  * All rights reserved.
  *
@@ -87,6 +87,10 @@ struct rewrite_info	*sasl_rwinfo = NULL;
 #define	SASL_AUTHZ_TO	0x02
 #define SASL_AUTHZ_AND	0x10
 
+static const char *policy_txt[] = {
+	"none", "from", "to", "any"
+};
+
 static int authz_policy = SASL_AUTHZ_NONE;
 
 static
@@ -113,6 +117,14 @@ int slap_sasl_setpolicy( const char *arg )
 	return rc;
 }
 
+const char * slap_sasl_getpolicy()
+{
+	if ( authz_policy == (SASL_AUTHZ_FROM | SASL_AUTHZ_TO | SASL_AUTHZ_AND) )
+		return "all";
+	else
+		return policy_txt[authz_policy];
+}
+
 int slap_parse_user( struct berval *id, struct berval *user,
 		struct berval *realm, struct berval *mech )
 {
@@ -592,10 +604,6 @@ int slap_sasl_regexp_rewrite_config(
 
 int slap_sasl_regexp_config( const char *match, const char *replace )
 {
-#ifdef SLAP_AUTH_REWRITE
-	return slap_sasl_regexp_rewrite_config( "sasl-regexp", 0,
-			match, replace, AUTHID_CONTEXT );
-#else /* ! SLAP_AUTH_REWRITE */
 	int rc;
 	SaslRegexp_t *reg;
 
@@ -607,6 +615,13 @@ int slap_sasl_regexp_config( const char *match, const char *replace )
 	reg->sr_match = ch_strdup( match );
 	reg->sr_replace = ch_strdup( replace );
 
+#ifdef SLAP_AUTH_REWRITE
+	rc = slap_sasl_regexp_rewrite_config( "sasl-regexp", 0,
+			match, replace, AUTHID_CONTEXT );
+	if ( rc == LDAP_SUCCESS ) nSaslRegexp++;
+	return rc;
+#else /* ! SLAP_AUTH_REWRITE */
+
 	/* Precompile matching pattern */
 	rc = regcomp( &reg->sr_workspace, reg->sr_match, REG_EXTENDED|REG_ICASE );
 	if ( rc ) {
@@ -625,6 +640,35 @@ int slap_sasl_regexp_config( const char *match, const char *replace )
 #endif /* ! SLAP_AUTH_REWRITE */
 }
 
+void slap_sasl_regexp_unparse( BerVarray *out )
+{
+	int i;
+	struct berval bv;
+	BerVarray bva = NULL;
+	char ibuf[32], *ptr;
+	struct berval idx;
+
+	if ( !nSaslRegexp ) return;
+
+	idx.bv_val = ibuf;
+	bva = ch_malloc( (nSaslRegexp+1) * sizeof(struct berval) );
+	BER_BVZERO(bva+nSaslRegexp);
+	for ( i=0; i<nSaslRegexp; i++ ) {
+		idx.bv_len = sprintf( idx.bv_val, "{%d}", i);
+		bva[i].bv_len = idx.bv_len + strlen( SaslRegexp[i].sr_match ) +
+			strlen( SaslRegexp[i].sr_replace ) + 5;
+		bva[i].bv_val = ch_malloc( bva[i].bv_len+1 );
+		ptr = lutil_strcopy( bva[i].bv_val, ibuf );
+		*ptr++ = '"';
+		ptr = lutil_strcopy( ptr, SaslRegexp[i].sr_match );
+		ptr = lutil_strcopy( ptr, "\" \"" );
+		ptr = lutil_strcopy( ptr, SaslRegexp[i].sr_replace );
+		*ptr++ = '"';
+		*ptr = '\0';
+	}
+	*out = bva;
+}
+
 /* Perform replacement on regexp matches */
 static void slap_sasl_rx_exp(
 	const char *rep,
@@ -1101,8 +1145,7 @@ void slap_sasl2dn( Operation *opx,
 		"converting SASL name %s to a DN\n",
 		saslname->bv_val, 0,0 );
 
-	sasldn->bv_val = NULL;
-	sasldn->bv_len = 0;
+	BER_BVZERO( sasldn );
 	cb.sc_private = sasldn;
 
 	/* Convert the SASL name into a minimal URI */