return rc;
}
-static int
-slap_bv_x_ordered_unparse( BerVarray in, BerVarray *out )
-{
- int i;
- BerVarray bva = NULL;
- char ibuf[32], *ptr;
- struct berval idx;
-
- assert( in != NULL );
-
- for ( i = 0; !BER_BVISNULL( &in[i] ); i++ )
- /* count'em */ ;
-
- if ( i == 0 ) {
- return 1;
- }
-
- idx.bv_val = ibuf;
-
- bva = ch_malloc( ( i + 1 ) * sizeof(struct berval) );
- BER_BVZERO( &bva[ 0 ] );
-
- for ( i = 0; !BER_BVISNULL( &in[i] ); i++ ) {
- idx.bv_len = snprintf( idx.bv_val, sizeof( ibuf ), SLAP_X_ORDERED_FMT, i );
- if ( idx.bv_len >= sizeof( ibuf ) ) {
- ber_bvarray_free( bva );
- return 1;
- }
-
- bva[i].bv_len = idx.bv_len + in[i].bv_len;
- bva[i].bv_val = ch_malloc( bva[i].bv_len + 1 );
- ptr = lutil_strcopy( bva[i].bv_val, ibuf );
- ptr = lutil_strcopy( ptr, in[i].bv_val );
- *ptr = '\0';
- BER_BVZERO( &bva[ i + 1 ] );
- }
-
- *out = bva;
- return 0;
-}
-
int
meta_subtree_free( metasubtree_t *ms )
{
static char *passwd_salt;
static FILE *logfile;
static char *logfileName;
-#ifdef SLAP_AUTH_REWRITE
-static BerVarray authz_rewrites;
-#endif
static AccessControl *defacl_parsed = NULL;
static struct berval cfdir;
NULL, NULL },
{ "authid-rewrite", "rewrite", 2, 0, STRLENOF( "authid-rewrite" ),
#ifdef SLAP_AUTH_REWRITE
- ARG_MAGIC|CFG_REWRITE|ARG_NO_INSERT, &config_generic,
+ ARG_MAGIC|CFG_REWRITE, &config_generic,
#else
ARG_IGNORED, NULL,
#endif
#endif
#ifdef SLAP_AUTH_REWRITE
case CFG_REWRITE:
- if ( authz_rewrites ) {
- struct berval bv, idx;
- char ibuf[32];
- int i;
-
- idx.bv_val = ibuf;
- for ( i=0; !BER_BVISNULL( &authz_rewrites[i] ); i++ ) {
- idx.bv_len = snprintf( idx.bv_val, sizeof( ibuf ), SLAP_X_ORDERED_FMT, i );
- if ( idx.bv_len >= sizeof( ibuf ) ) {
- ber_bvarray_free_x( c->rvalue_vals, NULL );
- c->rvalue_vals = NULL;
- break;
- }
- bv.bv_len = idx.bv_len + authz_rewrites[i].bv_len;
- bv.bv_val = ch_malloc( bv.bv_len + 1 );
- AC_MEMCPY( bv.bv_val, idx.bv_val, idx.bv_len );
- AC_MEMCPY( &bv.bv_val[ idx.bv_len ],
- authz_rewrites[i].bv_val,
- authz_rewrites[i].bv_len + 1 );
- ber_bvarray_add( &c->rvalue_vals, &bv );
- }
- }
- if ( !c->rvalue_vals ) rc = 1;
+ rc = slap_sasl_rewrite_unparse( &c->rvalue_vals );
break;
#endif
default:
/* no-ops, requires slapd restart */
case CFG_PLUGIN:
case CFG_MODLOAD:
- case CFG_REWRITE:
snprintf(c->log, sizeof( c->log ), "change requires slapd restart");
break;
rc = slap_sasl_regexp_delete( c->valx );
break;
+#ifdef SLAP_AUTH_REWRITE
+ case CFG_REWRITE:
+ rc = slap_sasl_rewrite_delete( c->valx );
+ break;
+#endif /* SLAP_AUTH_REWRITE */
+
case CFG_SALT:
ch_free( passwd_salt );
passwd_salt = NULL;
#ifdef SLAP_AUTH_REWRITE
case CFG_REWRITE: {
- struct berval bv;
- char *line;
- int rc = 0;
+ int rc;
if ( c->op == LDAP_MOD_ADD ) {
c->argv++;
c->argc--;
}
- if(slap_sasl_rewrite_config(c->fname, c->lineno, c->argc, c->argv))
- rc = 1;
- if ( rc == 0 ) {
-
- if ( c->argc > 1 ) {
- char *s;
-
- /* quote all args but the first */
- line = ldap_charray2str( c->argv, "\" \"" );
- ber_str2bv( line, 0, 0, &bv );
- s = ber_bvchr( &bv, '"' );
- assert( s != NULL );
- /* move the trailing quote of argv[0] to the end */
- AC_MEMCPY( s, s + 1, bv.bv_len - ( s - bv.bv_val ) );
- bv.bv_val[ bv.bv_len - 1 ] = '"';
-
- } else {
- ber_str2bv( c->argv[ 0 ], 0, 1, &bv );
- }
-
- ber_bvarray_add( &authz_rewrites, &bv );
- }
+ rc = slap_sasl_rewrite_config(c->fname, c->lineno, c->argc, c->argv, c->valx);
if ( c->op == LDAP_MOD_ADD ) {
c->argv--;
c->argc++;
return ptr;
}
+int
+slap_bv_x_ordered_unparse( BerVarray in, BerVarray *out )
+{
+ int i;
+ BerVarray bva = NULL;
+ char ibuf[32], *ptr;
+ struct berval idx;
+
+ assert( in != NULL );
+
+ for ( i = 0; !BER_BVISNULL( &in[i] ); i++ )
+ /* count'em */ ;
+
+ if ( i == 0 ) {
+ return 1;
+ }
+
+ idx.bv_val = ibuf;
+
+ bva = ch_malloc( ( i + 1 ) * sizeof(struct berval) );
+ BER_BVZERO( &bva[ 0 ] );
+
+ for ( i = 0; !BER_BVISNULL( &in[i] ); i++ ) {
+ idx.bv_len = snprintf( idx.bv_val, sizeof( ibuf ), SLAP_X_ORDERED_FMT, i );
+ if ( idx.bv_len >= sizeof( ibuf ) ) {
+ ber_bvarray_free( bva );
+ return 1;
+ }
+
+ bva[i].bv_len = idx.bv_len + in[i].bv_len;
+ bva[i].bv_val = ch_malloc( bva[i].bv_len + 1 );
+ ptr = lutil_strcopy( bva[i].bv_val, ibuf );
+ ptr = lutil_strcopy( ptr, in[i].bv_val );
+ *ptr = '\0';
+ BER_BVZERO( &bva[ i + 1 ] );
+ }
+
+ *out = bva;
+ return 0;
+}
+
static int
config_updatedn(ConfigArgs *c) {
if (c->op == SLAP_CONFIG_EMIT) {
{ NULL, 0, NULL }
};
-static void
-slap_bv_x_ordered_unparse( BerVarray in, BerVarray *out )
-{
- int i;
- BerVarray bva = NULL;
- char ibuf[32], *ptr;
- struct berval idx;
-
- assert( in != NULL );
-
- for ( i = 0; !BER_BVISNULL( &in[i] ); i++ )
- /* count'em */ ;
-
- if ( i == 0 ) {
- return;
- }
-
- idx.bv_val = ibuf;
-
- bva = ch_malloc( ( i + 1 ) * sizeof(struct berval) );
- BER_BVZERO( &bva[ 0 ] );
-
- for ( i = 0; !BER_BVISNULL( &in[i] ); i++ ) {
- idx.bv_len = snprintf( idx.bv_val, sizeof( ibuf ), "{%d}", i );
- if ( idx.bv_len >= sizeof( ibuf ) ) {
- ber_bvarray_free( bva );
- return;
- }
-
- bva[i].bv_len = idx.bv_len + in[i].bv_len;
- bva[i].bv_val = ch_malloc( bva[i].bv_len + 1 );
- ptr = lutil_strcopy( bva[i].bv_val, ibuf );
- ptr = lutil_strcopy( ptr, in[i].bv_val );
- *ptr = '\0';
- BER_BVZERO( &bva[ i + 1 ] );
- }
-
- *out = bva;
-}
-
static int
rwm_bva_add(
BerVarray *bva,
rc = 1;
} else {
- slap_bv_x_ordered_unparse( rwmap->rwm_bva_rewrite, &c->rvalue_vals );
- if ( !c->rvalue_vals ) {
- rc = 1;
- }
+ rc = slap_bv_x_ordered_unparse( rwmap->rwm_bva_rewrite, &c->rvalue_vals );
}
break;
LDAP_SLAPD_F (int) config_generic_wrapper LDAP_P(( Backend *be,
const char *fname, int lineno, int argc, char **argv ));
LDAP_SLAPD_F (char *) anlist_unparse LDAP_P(( AttributeName *, char *, ber_len_t buflen ));
+LDAP_SLAPD_F (int) slap_bv_x_ordered_unparse LDAP_P(( BerVarray in, BerVarray *out ));
LDAP_SLAPD_F (int) slap_keepalive_parse( struct berval *val, void *bc,
slap_cf_aux_table *tab0, const char *tabmsg, int unparse );
const char *fname,
int lineno,
int argc,
- char **argv ));
+ char **argv,
+ int valx ));
+LDAP_SLAPD_F (int) slap_sasl_rewrite_delete LDAP_P(( int valx ));
+LDAP_SLAPD_F (int) slap_sasl_rewrite_unparse LDAP_P(( BerVarray *bva ));
#endif /* SLAP_AUTH_REWRITE */
LDAP_SLAPD_F (void) slap_sasl_regexp_destroy LDAP_P(( void ));
LDAP_SLAPD_F (int) slap_sasl_regexp_delete LDAP_P(( int valx ));
#include "slap.h"
#include "lutil.h"
+#include "config.h"
#define SASLREGEX_REPLACE 10
#include "rewrite.h"
struct rewrite_info *sasl_rwinfo = NULL;
#define AUTHID_CONTEXT "authid"
+static BerVarray authz_rewrites = NULL;
#endif /* SLAP_AUTH_REWRITE */
/* What SASL proxy authorization policies are allowed? */
#endif /* ! SLAP_AUTH_REWRITE */
#ifdef SLAP_AUTH_REWRITE
-int slap_sasl_rewrite_config(
+static int slap_sasl_rewrite_config_argv(
const char *fname,
int lineno,
int argc,
)
{
int rc;
- char *savearg0;
+ char *argv0 = NULL;
+
+ if ( strncasecmp( argv[0], "authid-", STRLENOF( "authid-" ) ) == 0 ) {
+ /* strip "authid-" prefix for parsing */
+ argv0 = argv[0];
+ argv[0] = &argv0[ STRLENOF( "authid-" ) ];
+ }
/* init at first call */
if ( sasl_rwinfo == NULL ) {
sasl_rwinfo = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
}
- /* strip "authid-" prefix for parsing */
- savearg0 = argv[0];
- argv[0] += STRLENOF( "authid-" );
rc = rewrite_parse( sasl_rwinfo, fname, lineno, argc, argv );
- argv[0] = savearg0;
+
+ if ( argv0 )
+ argv[0] = argv0;
return rc;
}
+static int slap_sasl_rewrite_config_bv(
+ const char *fname,
+ int lineno,
+ struct berval bv
+)
+{
+ int rc;
+ ConfigArgs ca = { 0 };
+
+ ca.line = bv.bv_val;
+ ca.argc = 0;
+ config_fp_parse_line( &ca );
+
+ rc = slap_sasl_rewrite_config_argv( fname, lineno, ca.argc, ca.argv );
+
+ ch_free( ca.tline );
+ ch_free( ca.argv );
+
+ return rc;
+}
+
+static void
+slap_sasl_rewrite_bva_add(
+ BerVarray *bva,
+ int idx,
+ int argc,
+ char **argv
+)
+{
+ char *line, *s;
+ struct berval bv;
+
+ if ( argc > 1 ) {
+ /* quote all args but the first */
+ line = ldap_charray2str( argv, "\" \"" );
+ ber_str2bv( line, 0, 0, &bv );
+ s = ber_bvchr( &bv, '"' );
+ assert( s != NULL );
+
+ /* move the trailing quote of argv[0] to the end */
+ AC_MEMCPY( s, s + 1, bv.bv_len - ( s - bv.bv_val ) );
+ bv.bv_val[ bv.bv_len - 1 ] = '"';
+ } else {
+ ber_str2bv( argv[ 0 ], 0, 1, &bv );
+ }
+
+ if ( idx == -1 ) {
+ ber_bvarray_add( bva, &bv );
+ } else {
+ (*bva)[ idx ] = bv;
+ }
+}
+
static int
slap_sasl_rewrite_destroy( void )
{
return 0;
}
+int slap_sasl_rewrite_config(
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv,
+ int valx
+)
+{
+ int rc, i, last;
+ char *line;
+ struct berval bv;
+ struct rewrite_info *rw = sasl_rwinfo;
+
+ for ( last = 0; authz_rewrites && !BER_BVISNULL( &authz_rewrites[ last ] ); last++ )
+ /* count'em */ ;
+
+ if ( valx == -1 || valx >= last ) {
+ valx = -1;
+ rc = slap_sasl_rewrite_config_argv( fname, lineno, argc, argv );
+ if ( rc == 0 ) {
+ slap_sasl_rewrite_bva_add( &authz_rewrites, valx, argc, argv );
+ }
+ return rc;
+ }
+
+ sasl_rwinfo = NULL;
+
+ for ( i = 0; i < valx; i++ )
+ {
+ rc = slap_sasl_rewrite_config_bv( fname, lineno, authz_rewrites[ i ] );
+ assert( rc == 0 );
+ }
+
+ rc = slap_sasl_rewrite_config_argv( fname, lineno, argc, argv );
+ if ( rc != 0 ) {
+ slap_sasl_rewrite_destroy();
+ sasl_rwinfo = rw;
+ return 1;
+ }
+
+ for ( i = valx; authz_rewrites && !BER_BVISNULL( &authz_rewrites[ i ] ); i++ )
+ {
+ rc = slap_sasl_rewrite_config_bv( fname, lineno, authz_rewrites[ i ] );
+ assert( rc == 0 );
+ }
+
+ authz_rewrites = ch_realloc( authz_rewrites,
+ ( last + 2 )*sizeof( struct berval ) );
+ BER_BVZERO( &authz_rewrites[ last + 1 ] );
+
+ for ( i = last - 1; i >= valx; i-- )
+ {
+ authz_rewrites[ i + 1 ] = authz_rewrites[ i ];
+ }
+
+ slap_sasl_rewrite_bva_add( &authz_rewrites, valx, argc, argv );
+
+ if ( rw )
+ rewrite_info_delete( &rw );
+
+ return rc;
+}
+
+int slap_sasl_rewrite_delete( int valx ) {
+ int rc, i;
+
+ if ( valx == -1 ) {
+ slap_sasl_rewrite_destroy();
+ if ( authz_rewrites ) {
+ ber_bvarray_free( authz_rewrites );
+ authz_rewrites = NULL;
+ }
+ return 0;
+ }
+
+ for ( i = 0; !BER_BVISNULL( &authz_rewrites[ i ] ); i++ )
+ /* count'em */ ;
+
+ if ( valx >= i ) {
+ return 1;
+ }
+
+ ber_memfree( authz_rewrites[ i ].bv_val );
+ for ( i = valx; !BER_BVISNULL( &authz_rewrites[ i + 1 ] ); i++ )
+ {
+ authz_rewrites[ i ] = authz_rewrites[ i + 1 ];
+ }
+ BER_BVZERO( &authz_rewrites[ i ] );
+
+ slap_sasl_rewrite_destroy();
+
+ for ( i = 0; !BER_BVISNULL( &authz_rewrites[ i ] ); i++ )
+ {
+ rc = slap_sasl_rewrite_config_bv( "slapd", 0, authz_rewrites[ i ] );
+ assert( rc == 0 );
+ }
+
+ return rc;
+}
+
+int slap_sasl_rewrite_unparse( BerVarray *bva ) {
+ if ( authz_rewrites ) {
+ return slap_bv_x_ordered_unparse( authz_rewrites, bva );
+ }
+ return 0;
+}
+
static int
slap_sasl_regexp_rewrite_config(
struct rewrite_info **rwinfo,
projects / thirdparty / openldap.git / commitdiff
