Commit d10250d9 authored by Pierangelo Masarati's avatar Pierangelo Masarati
Browse files

add authzSyntax for authzTo/authzFrom attributes; add X-ORDERED 'VALUES' if...

add authzSyntax for authzTo/authzFrom attributes; add X-ORDERED 'VALUES' if support for ordered_value_{validate,pretty,normalize} is present; exploit normalization in slap_parseURI (only #ifdef LDAP_DEVEL)
parent 53a4d530
......@@ -908,8 +908,22 @@ ldap_back_cf_gen( ConfigArgs *c )
case LDAP_BACK_CFG_IDASSERT_AUTHZFROM: {
struct berval bv;
#ifdef SLAP_AUTHZ_SYNTAX
struct berval in;
int rc;
ber_str2bv( c->argv[ 1 ], 0, 0, &in );
rc = authzNormalize( 0, NULL, NULL, &in, &bv, NULL );
if ( rc != LDAP_SUCCESS ) {
fprintf( stderr, "%s: %d: "
"\"idassert-authzFrom <authz>\": "
"invalid syntax.\n",
c->fname, c->lineno );
return 1;
}
#else /* !SLAP_AUTHZ_SYNTAX */
ber_str2bv( c->argv[ 1 ], 0, 1, &bv );
#endif /* !SLAP_AUTHZ_SYNTAX */
ber_bvarray_add( &li->idassert_authz, &bv );
} break;
......
......@@ -1337,6 +1337,31 @@ LDAP_SLAPD_F (int) slap_sasl_rewrite_config LDAP_P((
int argc,
char **argv ));
#endif /* SLAP_AUTH_REWRITE */
#ifdef SLAP_AUTHZ_SYNTAX
LDAP_SLAPD_F (int) authzValidate LDAP_P((
Syntax *syn, struct berval *in ));
#if 0
LDAP_SLAPD_F (int) authzMatch LDAP_P((
int *matchp,
slap_mask_t flags,
Syntax *syntax,
MatchingRule *mr,
struct berval *value,
void *assertedValue ));
#endif
LDAP_SLAPD_F (int) authzPretty LDAP_P((
Syntax *syntax,
struct berval *val,
struct berval *out,
void *ctx ));
LDAP_SLAPD_F (int) authzNormalize LDAP_P((
slap_mask_t usage,
Syntax *syntax,
MatchingRule *mr,
struct berval *val,
struct berval *normalized,
void *ctx ));
#endif /* SLAP_AUTHZ_SYNTAX */
/*
* schema.c
......
This diff is collapsed.
......@@ -69,6 +69,11 @@
#define csnIndexer generalizedTimeIndexer
#define csnFilter generalizedTimeFilter
#ifdef SLAP_AUTHZ_SYNTAX
/* FIXME: temporary */
#define authzMatch octetStringMatch
#endif /* SLAP_AUTHZ_SYNTAX */
unsigned int index_substr_if_minlen = SLAP_INDEX_SUBSTR_IF_MINLEN_DEFAULT;
unsigned int index_substr_if_maxlen = SLAP_INDEX_SUBSTR_IF_MAXLEN_DEFAULT;
unsigned int index_substr_any_len = SLAP_INDEX_SUBSTR_ANY_LEN_DEFAULT;
......@@ -3441,6 +3446,13 @@ static slap_syntax_defs_rec syntax_defs[] = {
/* OpenLDAP Void Syntax */
{"( 1.3.6.1.4.1.4203.1.1.1 DESC 'OpenLDAP void' )" ,
SLAP_SYNTAX_HIDE, inValidate, NULL},
#ifdef SLAP_AUTHZ_SYNTAX
/* FIXME: OID is unused, but not registered yet */
{"( 1.3.6.1.4.1.4203.666.2.7 DESC 'OpenLDAP authz' )",
SLAP_SYNTAX_HIDE, authzValidate, authzPretty},
#endif /* SLAP_AUTHZ_SYNTAX */
{NULL, 0, NULL, NULL}
};
......@@ -3886,6 +3898,16 @@ static slap_mrule_defs_rec mrule_defs[] = {
NULL, NULL,
"CSNMatch" },
#ifdef SLAP_AUTHZ_SYNTAX
/* FIXME: OID is unused, but not registered yet */
{"( 1.3.6.1.4.1.4203.666.4.12 NAME 'authzMatch' "
"SYNTAX 1.3.6.1.4.1.4203.666.2.7 )",
SLAP_MR_HIDE | SLAP_MR_EQUALITY, NULL,
NULL, authzNormalize, authzMatch,
NULL, NULL,
NULL},
#endif /* SLAP_AUTHZ_SYNTAX */
{NULL, SLAP_MR_NONE, NULL,
NULL, NULL, NULL, NULL, NULL,
NULL }
......
......@@ -854,8 +854,16 @@ static struct slap_schema_ad_map {
{ "authzTo", "( 1.3.6.1.4.1.4203.666.1.8 "
"NAME ( 'authzTo' 'saslAuthzTo' ) "
"DESC 'proxy authorization targets' "
#ifdef SLAP_AUTHZ_SYNTAX
"EQUALITY authzMatch "
"SYNTAX 1.3.6.1.4.1.4203.666.2.7 "
#else /* ! SLAP_AUTHZ_SYNTAX */
"EQUALITY caseExactMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 "
#endif /* ! SLAP_AUTHZ_SYNTAX */
#ifdef SLAP_ORDERED_PRETTYNORM
"X-ORDERED 'VALUES' "
#endif /* SLAP_ORDERED_PRETTYNORM */
"USAGE distributedOperation )",
NULL, SLAP_AT_HIDE,
NULL, NULL,
......@@ -864,8 +872,16 @@ static struct slap_schema_ad_map {
{ "authzFrom", "( 1.3.6.1.4.1.4203.666.1.9 "
"NAME ( 'authzFrom' 'saslAuthzFrom' ) "
"DESC 'proxy authorization sources' "
#ifdef SLAP_AUTHZ_SYNTAX
"EQUALITY authzMatch "
"SYNTAX 1.3.6.1.4.1.4203.666.2.7 "
#else /* ! SLAP_AUTHZ_SYNTAX */
"EQUALITY caseExactMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 "
#endif /* ! SLAP_AUTHZ_SYNTAX */
#ifdef SLAP_ORDERED_PRETTYNORM
"X-ORDERED 'VALUES' "
#endif /* SLAP_ORDERED_PRETTYNORM */
"USAGE distributedOperation )",
NULL, SLAP_AT_HIDE,
NULL, NULL,
......
......@@ -72,6 +72,7 @@ LDAP_BEGIN_DECL
#define SLAPD_CONF_UNKNOWN_BAILOUT
#define SLAP_ORDERED_PRETTYNORM
#define SLAP_AUTHZ_SYNTAX
#ifdef ENABLE_REWRITE
#define SLAP_AUTH_REWRITE 1 /* use librewrite for sasl-regexp */
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment