Commit 5acd0c57 authored by Howard Chu's avatar Howard Chu
Browse files

Added authz-regexp, slapi plugin retrieval

parent e509e81e
......@@ -88,9 +88,9 @@ static struct oc_info {
"DESC 'OpenLDAP Database-specific options' "
"SUP olcConfig STRUCTURAL "
"MAY ( olcAccess $ olcDatabase $ olcLastMod $ olcLimits $ "
"olcMaxDerefDepth $ olcReadOnly $ olcReplica $ olcReplogFile $ "
"olcRequires $ olcRestrict $ olcRootDN $ olcRootPW $ olcSchemaDN $ "
"olcSecurity $ olcSizeLimit $ olcSuffix $ olcSyncrepl $ "
"olcMaxDerefDepth $ olcPlugin $ olcReadOnly $ olcReplica $ "
"olcReplogFile $ olcRequires $ olcRestrict $ olcRootDN $ olcRootPW $ "
"olcSchemaDN $ olcSecurity $ olcSizeLimit $ olcSuffix $ olcSyncrepl $ "
"olcTimeLimit $ olcUpdateDN $ olcUpdateRef ) )", &cfOc_database },
{ "( OLcfgOc:6 "
"NAME 'olcIncludeFile' "
......
......@@ -993,7 +993,8 @@ config_generic(ConfigArgs *c) {
c->value_string = ch_strdup( slap_sasl_getpolicy());
break;
case CFG_AZREGEXP:
rc = 1;
slap_sasl_regexp_unparse( &c->rvalue_vals );
if ( !c->rvalue_vals ) rc = 1;
break;
#ifdef HAVE_CYRUS_SASL
case CFG_SASLSECP: {
......@@ -1107,7 +1108,8 @@ config_generic(ConfigArgs *c) {
#endif
#ifdef LDAP_SLAPI
case CFG_PLUGIN: /* FIXME */
rc = 1;
slapi_int_plugin_unparse( c->be, &c->rvalue_vals );
if ( !c->rvalue_vals ) rc = 1;
break;
#endif
#ifdef SLAP_AUTH_REWRITE
......
......@@ -1173,6 +1173,7 @@ LDAP_SLAPD_F (int) slap_sasl_authorized LDAP_P((
struct berval *authzid ));
LDAP_SLAPD_F (int) slap_sasl_regexp_config LDAP_P((
const char *match, const char *replace ));
LDAP_SLAPD_F (void) slap_sasl_regexp_unparse LDAP_P(( BerVarray *bva ));
LDAP_SLAPD_F (int) slap_sasl_setpolicy LDAP_P(( const char * ));
LDAP_SLAPD_F (const char *) slap_sasl_getpolicy LDAP_P(( void ));
#ifdef SLAP_AUTH_REWRITE
......
......@@ -604,10 +604,6 @@ int slap_sasl_regexp_rewrite_config(
int slap_sasl_regexp_config( const char *match, const char *replace )
{
#ifdef SLAP_AUTH_REWRITE
return slap_sasl_regexp_rewrite_config( "sasl-regexp", 0,
match, replace, AUTHID_CONTEXT );
#else /* ! SLAP_AUTH_REWRITE */
int rc;
SaslRegexp_t *reg;
......@@ -619,6 +615,13 @@ int slap_sasl_regexp_config( const char *match, const char *replace )
reg->sr_match = ch_strdup( match );
reg->sr_replace = ch_strdup( replace );
#ifdef SLAP_AUTH_REWRITE
rc = slap_sasl_regexp_rewrite_config( "sasl-regexp", 0,
match, replace, AUTHID_CONTEXT );
if ( rc == LDAP_SUCCESS ) nSaslRegexp++;
return rc;
#else /* ! SLAP_AUTH_REWRITE */
/* Precompile matching pattern */
rc = regcomp( &reg->sr_workspace, reg->sr_match, REG_EXTENDED|REG_ICASE );
if ( rc ) {
......@@ -637,6 +640,35 @@ int slap_sasl_regexp_config( const char *match, const char *replace )
#endif /* ! SLAP_AUTH_REWRITE */
}
void slap_sasl_regexp_unparse( BerVarray *out )
{
int i;
struct berval bv;
BerVarray bva = NULL;
char ibuf[32], *ptr;
struct berval idx;
if ( !nSaslRegexp ) return;
idx.bv_val = ibuf;
bva = ch_malloc( (nSaslRegexp+1) * sizeof(struct berval) );
BER_BVZERO(bva+nSaslRegexp);
for ( i=0; i<nSaslRegexp; i++ ) {
idx.bv_len = sprintf( idx.bv_val, "{%d}", i);
bva[i].bv_len = idx.bv_len + strlen( SaslRegexp[i].sr_match ) +
strlen( SaslRegexp[i].sr_replace ) + 5;
bva[i].bv_val = ch_malloc( bva[i].bv_len+1 );
ptr = lutil_strcopy( bva[i].bv_val, ibuf );
*ptr++ = '"';
ptr = lutil_strcopy( ptr, SaslRegexp[i].sr_match );
ptr = lutil_strcopy( ptr, "\" \"" );
ptr = lutil_strcopy( ptr, SaslRegexp[i].sr_replace );
*ptr++ = '"';
*ptr = '\0';
}
*out = bva;
}
/* Perform replacement on regexp matches */
static void slap_sasl_rx_exp(
const char *rep,
......
......@@ -64,8 +64,6 @@ static Slapi_PBlock *pGPlugins = NULL;
static Slapi_PBlock *
plugin_pblock_new(
int type,
const char *path,
const char *initfunc,
int argc,
char *argv[] )
{
......@@ -73,6 +71,9 @@ plugin_pblock_new(
Slapi_PluginDesc *pPluginDesc = NULL;
lt_dlhandle hdLoadHandle;
int rc;
char **av2 = NULL, **ppPluginArgv;
char *path = argv[2];
char *initfunc = argv[3];
pPlugin = slapi_pblock_new();
if ( pPlugin == NULL ) {
......@@ -90,7 +91,23 @@ plugin_pblock_new(
goto done;
}
rc = slapi_pblock_set( pPlugin, SLAPI_PLUGIN_ARGV, (void *)argv );
av2 = ldap_charray_dup( argv );
if ( !av2 ) {
rc = LDAP_NO_MEMORY;
goto done;
}
if ( argc > 0 ) {
ppPluginArgv = &av2[4];
} else {
ppPluginArgv = NULL;
}
rc = slapi_pblock_set( pPlugin, SLAPI_PLUGIN_ARGV, (void *)ppPluginArgv );
if ( rc != 0 ) {
goto done;
}
rc = slapi_pblock_set( pPlugin, SLAPI_X_CONFIG_ARGV, (void *)av2 );
if ( rc != 0 ) {
goto done;
}
......@@ -114,6 +131,9 @@ done:
if ( rc != 0 && pPlugin != NULL ) {
slapi_pblock_destroy( pPlugin );
pPlugin = NULL;
if ( av2 ) {
ldap_charray_free( av2 );
}
}
return pPlugin;
......@@ -681,7 +701,6 @@ slapi_int_read_config(
{
int iType = -1;
int numPluginArgc = 0;
char **ppPluginArgv = NULL;
if ( argc < 4 ) {
fprintf( stderr,
......@@ -707,11 +726,6 @@ slapi_int_read_config(
}
numPluginArgc = argc - 4;
if ( numPluginArgc > 0 ) {
ppPluginArgv = &argv[4];
} else {
ppPluginArgv = NULL;
}
if ( iType == SLAPI_PLUGIN_PREOPERATION ||
iType == SLAPI_PLUGIN_EXTENDEDOP ||
......@@ -720,8 +734,7 @@ slapi_int_read_config(
int rc;
Slapi_PBlock *pPlugin;
pPlugin = plugin_pblock_new( iType, argv[2], argv[3],
numPluginArgc, ppPluginArgv );
pPlugin = plugin_pblock_new( iType, numPluginArgc, argv );
if (pPlugin == NULL) {
return 1;
}
......@@ -747,6 +760,38 @@ slapi_int_read_config(
return 0;
}
void
slapi_int_plugin_unparse(
Backend *be,
BerVarray *out
)
{
Slapi_PBlock *pp;
int i, j, rc;
char **argv, ibuf[32], *ptr;
struct berval idx, bv;
*out = NULL;
idx.bv_val = ibuf;
i = 0;
for ( pp=be->be_pb; pp; slapi_pblock_get( pp, SLAPI_IBM_PBLOCK, &pp ) ) {
slapi_pblock_get( pp, SLAPI_X_CONFIG_ARGV, &argv );
idx.bv_len = sprintf( idx.bv_val, "{%d}", i );
bv.bv_len = idx.bv_len;
for (j=0; argv[j]; j++) {
bv.bv_len += strlen(argv[j]);
if ( j ) bv.bv_len++;
}
bv.bv_val = ch_malloc( bv.bv_len + 1 );
ptr = lutil_strcopy( bv.bv_val, ibuf );
for (j=0; argv[j]; j++) {
if ( j ) *ptr++ = ' ';
ptr = lutil_strcopy( ptr, argv[j] );
}
ber_bvarray_add( out, &bv );
}
}
int
slapi_int_initialize(void)
{
......
......@@ -287,6 +287,7 @@ extern int slapi_int_register_extop(Backend *pBE, ExtendedOp **opList, Slapi_PBl
extern int slapi_int_get_extop_plugin(struct berval *reqoid, SLAPI_FUNC *pFuncAddr );
extern int slapi_int_read_config(Backend *be, const char *fname, int lineno,
int argc, char **argv );
extern void slapi_int_plugin_unparse(Backend *be, BerVarray *out );
extern int slapi_int_initialize(void);
......
......@@ -286,6 +286,8 @@ extern Backend * slapi_cl_get_be(char *dn);
#define SLAPI_X_CONN_SSF 1303
#define SLAPI_X_CONN_SASL_CONTEXT 1304
#define SLAPI_X_CONFIG_ARGV 1400
#define SLAPD_AUTH_NONE "none"
#define SLAPD_AUTH_SIMPLE "simple"
#define SLAPD_AUTH_SSL "SSL"
......
......@@ -163,6 +163,7 @@ getPBlockClass( int param )
case SLAPI_X_CONN_CLIENTPATH:
case SLAPI_X_CONN_SERVERPATH:
case SLAPI_X_CONN_SASL_CONTEXT:
case SLAPI_X_CONFIG_ARGV:
case SLAPI_IBM_CONN_DN_ALT:
case SLAPI_IBM_CONN_DN_ORIG:
case SLAPI_IBM_GSSAPI_CONTEXT:
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment