From 5acd0c574b70b775155808d1c0b32ce459722264 Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Tue, 1 Mar 2005 20:08:36 +0000 Subject: [PATCH] Added authz-regexp, slapi plugin retrieval --- servers/slapd/bconfig.c | 6 +-- servers/slapd/config.c | 6 ++- servers/slapd/proto-slap.h | 1 + servers/slapd/saslauthz.c | 40 ++++++++++++++++-- servers/slapd/slapi/plugin.c | 67 +++++++++++++++++++++++++----- servers/slapd/slapi/proto-slapi.h | 1 + servers/slapd/slapi/slapi.h | 2 + servers/slapd/slapi/slapi_pblock.c | 1 + 8 files changed, 104 insertions(+), 20 deletions(-) diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c index c8be76a17e..ecbf7cbd24 100644 --- a/servers/slapd/bconfig.c +++ b/servers/slapd/bconfig.c @@ -88,9 +88,9 @@ static struct oc_info { "DESC 'OpenLDAP Database-specific options' " "SUP olcConfig STRUCTURAL " "MAY ( olcAccess $ olcDatabase $ olcLastMod $ olcLimits $ " - "olcMaxDerefDepth $ olcReadOnly $ olcReplica $ olcReplogFile $ " - "olcRequires $ olcRestrict $ olcRootDN $ olcRootPW $ olcSchemaDN $ " - "olcSecurity $ olcSizeLimit $ olcSuffix $ olcSyncrepl $ " + "olcMaxDerefDepth $ olcPlugin $ olcReadOnly $ olcReplica $ " + "olcReplogFile $ olcRequires $ olcRestrict $ olcRootDN $ olcRootPW $ " + "olcSchemaDN $ olcSecurity $ olcSizeLimit $ olcSuffix $ olcSyncrepl $ " "olcTimeLimit $ olcUpdateDN $ olcUpdateRef ) )", &cfOc_database }, { "( OLcfgOc:6 " "NAME 'olcIncludeFile' " diff --git a/servers/slapd/config.c b/servers/slapd/config.c index e6fc4ec4ee..7333f7ad58 100644 --- a/servers/slapd/config.c +++ b/servers/slapd/config.c @@ -993,7 +993,8 @@ config_generic(ConfigArgs *c) { c->value_string = ch_strdup( slap_sasl_getpolicy()); break; case CFG_AZREGEXP: - rc = 1; + slap_sasl_regexp_unparse( &c->rvalue_vals ); + if ( !c->rvalue_vals ) rc = 1; break; #ifdef HAVE_CYRUS_SASL case CFG_SASLSECP: { @@ -1107,7 +1108,8 @@ config_generic(ConfigArgs *c) { #endif #ifdef LDAP_SLAPI case CFG_PLUGIN: /* FIXME */ - rc = 1; + slapi_int_plugin_unparse( c->be, &c->rvalue_vals ); + if ( !c->rvalue_vals ) rc = 1; break; #endif #ifdef SLAP_AUTH_REWRITE diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index 426e5b4b65..baa5b47ff0 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -1173,6 +1173,7 @@ LDAP_SLAPD_F (int) slap_sasl_authorized LDAP_P(( struct berval *authzid )); LDAP_SLAPD_F (int) slap_sasl_regexp_config LDAP_P(( const char *match, const char *replace )); +LDAP_SLAPD_F (void) slap_sasl_regexp_unparse LDAP_P(( BerVarray *bva )); LDAP_SLAPD_F (int) slap_sasl_setpolicy LDAP_P(( const char * )); LDAP_SLAPD_F (const char *) slap_sasl_getpolicy LDAP_P(( void )); #ifdef SLAP_AUTH_REWRITE diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c index b99a0edf45..a30340e31a 100644 --- a/servers/slapd/saslauthz.c +++ b/servers/slapd/saslauthz.c @@ -604,10 +604,6 @@ int slap_sasl_regexp_rewrite_config( int slap_sasl_regexp_config( const char *match, const char *replace ) { -#ifdef SLAP_AUTH_REWRITE - return slap_sasl_regexp_rewrite_config( "sasl-regexp", 0, - match, replace, AUTHID_CONTEXT ); -#else /* ! SLAP_AUTH_REWRITE */ int rc; SaslRegexp_t *reg; @@ -619,6 +615,13 @@ int slap_sasl_regexp_config( const char *match, const char *replace ) reg->sr_match = ch_strdup( match ); reg->sr_replace = ch_strdup( replace ); +#ifdef SLAP_AUTH_REWRITE + rc = slap_sasl_regexp_rewrite_config( "sasl-regexp", 0, + match, replace, AUTHID_CONTEXT ); + if ( rc == LDAP_SUCCESS ) nSaslRegexp++; + return rc; +#else /* ! SLAP_AUTH_REWRITE */ + /* Precompile matching pattern */ rc = regcomp( ®->sr_workspace, reg->sr_match, REG_EXTENDED|REG_ICASE ); if ( rc ) { @@ -637,6 +640,35 @@ int slap_sasl_regexp_config( const char *match, const char *replace ) #endif /* ! SLAP_AUTH_REWRITE */ } +void slap_sasl_regexp_unparse( BerVarray *out ) +{ + int i; + struct berval bv; + BerVarray bva = NULL; + char ibuf[32], *ptr; + struct berval idx; + + if ( !nSaslRegexp ) return; + + idx.bv_val = ibuf; + bva = ch_malloc( (nSaslRegexp+1) * sizeof(struct berval) ); + BER_BVZERO(bva+nSaslRegexp); + for ( i=0; i 0 ) { + ppPluginArgv = &av2[4]; + } else { + ppPluginArgv = NULL; + } + rc = slapi_pblock_set( pPlugin, SLAPI_PLUGIN_ARGV, (void *)ppPluginArgv ); + if ( rc != 0 ) { + goto done; + } + + rc = slapi_pblock_set( pPlugin, SLAPI_X_CONFIG_ARGV, (void *)av2 ); if ( rc != 0 ) { goto done; } @@ -114,6 +131,9 @@ done: if ( rc != 0 && pPlugin != NULL ) { slapi_pblock_destroy( pPlugin ); pPlugin = NULL; + if ( av2 ) { + ldap_charray_free( av2 ); + } } return pPlugin; @@ -681,7 +701,6 @@ slapi_int_read_config( { int iType = -1; int numPluginArgc = 0; - char **ppPluginArgv = NULL; if ( argc < 4 ) { fprintf( stderr, @@ -707,11 +726,6 @@ slapi_int_read_config( } numPluginArgc = argc - 4; - if ( numPluginArgc > 0 ) { - ppPluginArgv = &argv[4]; - } else { - ppPluginArgv = NULL; - } if ( iType == SLAPI_PLUGIN_PREOPERATION || iType == SLAPI_PLUGIN_EXTENDEDOP || @@ -720,8 +734,7 @@ slapi_int_read_config( int rc; Slapi_PBlock *pPlugin; - pPlugin = plugin_pblock_new( iType, argv[2], argv[3], - numPluginArgc, ppPluginArgv ); + pPlugin = plugin_pblock_new( iType, numPluginArgc, argv ); if (pPlugin == NULL) { return 1; } @@ -747,6 +760,38 @@ slapi_int_read_config( return 0; } +void +slapi_int_plugin_unparse( + Backend *be, + BerVarray *out +) +{ + Slapi_PBlock *pp; + int i, j, rc; + char **argv, ibuf[32], *ptr; + struct berval idx, bv; + + *out = NULL; + idx.bv_val = ibuf; + i = 0; + for ( pp=be->be_pb; pp; slapi_pblock_get( pp, SLAPI_IBM_PBLOCK, &pp ) ) { + slapi_pblock_get( pp, SLAPI_X_CONFIG_ARGV, &argv ); + idx.bv_len = sprintf( idx.bv_val, "{%d}", i ); + bv.bv_len = idx.bv_len; + for (j=0; argv[j]; j++) { + bv.bv_len += strlen(argv[j]); + if ( j ) bv.bv_len++; + } + bv.bv_val = ch_malloc( bv.bv_len + 1 ); + ptr = lutil_strcopy( bv.bv_val, ibuf ); + for (j=0; argv[j]; j++) { + if ( j ) *ptr++ = ' '; + ptr = lutil_strcopy( ptr, argv[j] ); + } + ber_bvarray_add( out, &bv ); + } +} + int slapi_int_initialize(void) { diff --git a/servers/slapd/slapi/proto-slapi.h b/servers/slapd/slapi/proto-slapi.h index 2e7ce1c140..c21e1afc81 100644 --- a/servers/slapd/slapi/proto-slapi.h +++ b/servers/slapd/slapi/proto-slapi.h @@ -287,6 +287,7 @@ extern int slapi_int_register_extop(Backend *pBE, ExtendedOp **opList, Slapi_PBl extern int slapi_int_get_extop_plugin(struct berval *reqoid, SLAPI_FUNC *pFuncAddr ); extern int slapi_int_read_config(Backend *be, const char *fname, int lineno, int argc, char **argv ); +extern void slapi_int_plugin_unparse(Backend *be, BerVarray *out ); extern int slapi_int_initialize(void); diff --git a/servers/slapd/slapi/slapi.h b/servers/slapd/slapi/slapi.h index 9f1d1d7407..45c8aea68f 100644 --- a/servers/slapd/slapi/slapi.h +++ b/servers/slapd/slapi/slapi.h @@ -286,6 +286,8 @@ extern Backend * slapi_cl_get_be(char *dn); #define SLAPI_X_CONN_SSF 1303 #define SLAPI_X_CONN_SASL_CONTEXT 1304 +#define SLAPI_X_CONFIG_ARGV 1400 + #define SLAPD_AUTH_NONE "none" #define SLAPD_AUTH_SIMPLE "simple" #define SLAPD_AUTH_SSL "SSL" diff --git a/servers/slapd/slapi/slapi_pblock.c b/servers/slapd/slapi/slapi_pblock.c index 72126361ec..6dcbe7b536 100644 --- a/servers/slapd/slapi/slapi_pblock.c +++ b/servers/slapd/slapi/slapi_pblock.c @@ -163,6 +163,7 @@ getPBlockClass( int param ) case SLAPI_X_CONN_CLIENTPATH: case SLAPI_X_CONN_SERVERPATH: case SLAPI_X_CONN_SASL_CONTEXT: + case SLAPI_X_CONFIG_ARGV: case SLAPI_IBM_CONN_DN_ALT: case SLAPI_IBM_CONN_DN_ORIG: case SLAPI_IBM_GSSAPI_CONTEXT: -- 2.39.5