Added authz-regexp, slapi plugin retrieval

servers/slapd/bconfig.c

@@ -88,9 +88,9 @@ static struct oc_info {
 		"DESC 'OpenLDAP Database-specific options' "
 		"SUP olcConfig STRUCTURAL "
 		"MAY ( olcAccess $ olcDatabase $ olcLastMod $ olcLimits $ "
-		 "olcMaxDerefDepth $ olcReadOnly $ olcReplica $ olcReplogFile $ "
-		 "olcRequires $ olcRestrict $ olcRootDN $ olcRootPW $ olcSchemaDN $ "
-		 "olcSecurity $ olcSizeLimit $ olcSuffix $ olcSyncrepl $ "
+		 "olcMaxDerefDepth $ olcPlugin $ olcReadOnly $ olcReplica $ "
+		 "olcReplogFile $ olcRequires $ olcRestrict $ olcRootDN $ olcRootPW $ "
+		 "olcSchemaDN $ olcSecurity $ olcSizeLimit $ olcSuffix $ olcSyncrepl $ "
 		 "olcTimeLimit $ olcUpdateDN $ olcUpdateRef ) )", &cfOc_database },
 	{ "( OLcfgOc:6 "
 		"NAME 'olcIncludeFile' "

servers/slapd/config.c

@@ -993,7 +993,8 @@ config_generic(ConfigArgs *c) {
 			c->value_string = ch_strdup( slap_sasl_getpolicy());
 			break;
 		case CFG_AZREGEXP:
-			rc = 1;
+			slap_sasl_regexp_unparse( &c->rvalue_vals );
+			if ( !c->rvalue_vals ) rc = 1;
 			break;
 #ifdef HAVE_CYRUS_SASL
 		case CFG_SASLSECP: {
@@ -1107,7 +1108,8 @@ config_generic(ConfigArgs *c) {
 #endif
 #ifdef LDAP_SLAPI
 		case CFG_PLUGIN:	/* FIXME */
-			rc = 1;
+			slapi_int_plugin_unparse( c->be, &c->rvalue_vals );
+			if ( !c->rvalue_vals ) rc = 1;
 			break;
 #endif
 #ifdef SLAP_AUTH_REWRITE

servers/slapd/proto-slap.h

@@ -1173,6 +1173,7 @@ LDAP_SLAPD_F (int) slap_sasl_authorized LDAP_P((
 	struct berval *authzid ));
 LDAP_SLAPD_F (int) slap_sasl_regexp_config LDAP_P((
 	const char *match, const char *replace ));
+LDAP_SLAPD_F (void) slap_sasl_regexp_unparse LDAP_P(( BerVarray *bva ));
 LDAP_SLAPD_F (int) slap_sasl_setpolicy LDAP_P(( const char * ));
 LDAP_SLAPD_F (const char *) slap_sasl_getpolicy LDAP_P(( void ));
 #ifdef SLAP_AUTH_REWRITE

servers/slapd/saslauthz.c

@@ -604,10 +604,6 @@ int slap_sasl_regexp_rewrite_config(
 
 int slap_sasl_regexp_config( const char *match, const char *replace )
 {
-#ifdef SLAP_AUTH_REWRITE
-	return slap_sasl_regexp_rewrite_config( "sasl-regexp", 0,
-			match, replace, AUTHID_CONTEXT );
-#else /* ! SLAP_AUTH_REWRITE */
 	int rc;
 	SaslRegexp_t *reg;
 
@@ -619,6 +615,13 @@ int slap_sasl_regexp_config( const char *match, const char *replace )
 	reg->sr_match = ch_strdup( match );
 	reg->sr_replace = ch_strdup( replace );
 
+#ifdef SLAP_AUTH_REWRITE
+	rc = slap_sasl_regexp_rewrite_config( "sasl-regexp", 0,
+			match, replace, AUTHID_CONTEXT );
+	if ( rc == LDAP_SUCCESS ) nSaslRegexp++;
+	return rc;
+#else /* ! SLAP_AUTH_REWRITE */
+
 	/* Precompile matching pattern */
 	rc = regcomp( &reg->sr_workspace, reg->sr_match, REG_EXTENDED|REG_ICASE );
 	if ( rc ) {
@@ -637,6 +640,35 @@ int slap_sasl_regexp_config( const char *match, const char *replace )
 #endif /* ! SLAP_AUTH_REWRITE */
 }
 
+void slap_sasl_regexp_unparse( BerVarray *out )
+{
+	int i;
+	struct berval bv;
+	BerVarray bva = NULL;
+	char ibuf[32], *ptr;
+	struct berval idx;
+
+	if ( !nSaslRegexp ) return;
+
+	idx.bv_val = ibuf;
+	bva = ch_malloc( (nSaslRegexp+1) * sizeof(struct berval) );
+	BER_BVZERO(bva+nSaslRegexp);
+	for ( i=0; i<nSaslRegexp; i++ ) {
+		idx.bv_len = sprintf( idx.bv_val, "{%d}", i);
+		bva[i].bv_len = idx.bv_len + strlen( SaslRegexp[i].sr_match ) +
+			strlen( SaslRegexp[i].sr_replace ) + 5;
+		bva[i].bv_val = ch_malloc( bva[i].bv_len+1 );
+		ptr = lutil_strcopy( bva[i].bv_val, ibuf );
+		*ptr++ = '"';
+		ptr = lutil_strcopy( ptr, SaslRegexp[i].sr_match );
+		ptr = lutil_strcopy( ptr, "\" \"" );
+		ptr = lutil_strcopy( ptr, SaslRegexp[i].sr_replace );
+		*ptr++ = '"';
+		*ptr = '\0';
+	}
+	*out = bva;
+}
+
 /* Perform replacement on regexp matches */
 static void slap_sasl_rx_exp(
 	const char *rep,

servers/slapd/slapi/plugin.c

@@ -64,8 +64,6 @@ static Slapi_PBlock *pGPlugins = NULL;
 static Slapi_PBlock *
 plugin_pblock_new(
 	int type, 
-	const char *path, 
-	const char *initfunc, 
 	int argc, 
 	char *argv[] ) 
 {
@@ -73,6 +71,9 @@ plugin_pblock_new(
 	Slapi_PluginDesc *pPluginDesc = NULL;
 	lt_dlhandle	hdLoadHandle;
 	int		rc;
+	char **av2 = NULL, **ppPluginArgv;
+	char *path = argv[2];
+	char *initfunc = argv[3];
 
 	pPlugin = slapi_pblock_new();
 	if ( pPlugin == NULL ) {
@@ -90,7 +91,23 @@ plugin_pblock_new(
 		goto done;
 	}
 
-	rc = slapi_pblock_set( pPlugin, SLAPI_PLUGIN_ARGV, (void *)argv );
+	av2 = ldap_charray_dup( argv );
+	if ( !av2 ) {
+		rc = LDAP_NO_MEMORY;
+		goto done;
+	}
+
+	if ( argc > 0 ) {
+		ppPluginArgv = &av2[4];
+	} else {
+		ppPluginArgv = NULL;
+	}
+	rc = slapi_pblock_set( pPlugin, SLAPI_PLUGIN_ARGV, (void *)ppPluginArgv );
+	if ( rc != 0 ) { 
+		goto done;
+	}
+
+	rc = slapi_pblock_set( pPlugin, SLAPI_X_CONFIG_ARGV, (void *)av2 );
 	if ( rc != 0 ) { 
 		goto done;
 	}
@@ -114,6 +131,9 @@ done:
 	if ( rc != 0 && pPlugin != NULL ) {
 		slapi_pblock_destroy( pPlugin );
 		pPlugin = NULL;
+		if ( av2 ) {
+			ldap_charray_free( av2 );
+		}
 	}
 
 	return pPlugin;
@@ -681,7 +701,6 @@ slapi_int_read_config(
 {
 	int		iType = -1;
 	int		numPluginArgc = 0;
-	char		**ppPluginArgv = NULL;
 
 	if ( argc < 4 ) {
 		fprintf( stderr,
@@ -707,11 +726,6 @@ slapi_int_read_config(
 	}
 	
 	numPluginArgc = argc - 4;
-	if ( numPluginArgc > 0 ) {
-		ppPluginArgv = &argv[4];
-	} else {
-		ppPluginArgv = NULL;
-	}
 
 	if ( iType == SLAPI_PLUGIN_PREOPERATION ||
 		  	iType == SLAPI_PLUGIN_EXTENDEDOP ||
@@ -720,8 +734,7 @@ slapi_int_read_config(
 		int rc;
 		Slapi_PBlock *pPlugin;
 
-		pPlugin = plugin_pblock_new( iType, argv[2], argv[3], 
-					numPluginArgc, ppPluginArgv );
+		pPlugin = plugin_pblock_new( iType, numPluginArgc, argv );
 		if (pPlugin == NULL) {
 			return 1;
 		}
@@ -747,6 +760,38 @@ slapi_int_read_config(
 	return 0;
 }
 
+void
+slapi_int_plugin_unparse(
+	Backend *be,
+	BerVarray *out
+)
+{
+	Slapi_PBlock *pp;
+	int i, j, rc;
+	char **argv, ibuf[32], *ptr;
+	struct berval idx, bv;
+
+	*out = NULL;
+	idx.bv_val = ibuf;
+	i = 0;
+	for ( pp=be->be_pb; pp; slapi_pblock_get( pp, SLAPI_IBM_PBLOCK, &pp ) ) {
+		slapi_pblock_get( pp, SLAPI_X_CONFIG_ARGV, &argv );
+		idx.bv_len = sprintf( idx.bv_val, "{%d}", i );
+		bv.bv_len = idx.bv_len;
+		for (j=0; argv[j]; j++) {
+			bv.bv_len += strlen(argv[j]);
+			if ( j ) bv.bv_len++;
+		}
+		bv.bv_val = ch_malloc( bv.bv_len + 1 );
+		ptr = lutil_strcopy( bv.bv_val, ibuf );
+		for (j=0; argv[j]; j++) {
+			if ( j ) *ptr++ = ' ';
+			ptr = lutil_strcopy( ptr, argv[j] );
+		}
+		ber_bvarray_add( out, &bv );
+	}
+}
+
 int
 slapi_int_initialize(void)
 {

servers/slapd/slapi/proto-slapi.h

@@ -287,6 +287,7 @@ extern int slapi_int_register_extop(Backend *pBE, ExtendedOp **opList, Slapi_PBl
 extern int slapi_int_get_extop_plugin(struct berval  *reqoid, SLAPI_FUNC *pFuncAddr );
 extern int slapi_int_read_config(Backend *be, const char *fname, int lineno,
 		int argc, char **argv );
+extern void slapi_int_plugin_unparse(Backend *be, BerVarray *out );
 extern int slapi_int_initialize(void);
 
 

servers/slapd/slapi/slapi.h

@@ -286,6 +286,8 @@ extern Backend * slapi_cl_get_be(char *dn);
 #define SLAPI_X_CONN_SSF			1303
 #define SLAPI_X_CONN_SASL_CONTEXT		1304
 
+#define SLAPI_X_CONFIG_ARGV	1400
+
 #define SLAPD_AUTH_NONE   "none"
 #define SLAPD_AUTH_SIMPLE "simple"
 #define SLAPD_AUTH_SSL    "SSL"

servers/slapd/slapi/slapi_pblock.c

@@ -163,6 +163,7 @@ getPBlockClass( int param )
 	case SLAPI_X_CONN_CLIENTPATH:
 	case SLAPI_X_CONN_SERVERPATH:
 	case SLAPI_X_CONN_SASL_CONTEXT:
+	case SLAPI_X_CONFIG_ARGV:
 	case SLAPI_IBM_CONN_DN_ALT:
 	case SLAPI_IBM_CONN_DN_ORIG:
 	case SLAPI_IBM_GSSAPI_CONTEXT: