From e9c0472558b46963c90168003095a03f4c1b153f Mon Sep 17 00:00:00 2001
From: Sam <ja.github@mailnull.com>
Date: Wed, 3 Jan 2018 20:24:02 +0100
Subject: [PATCH] add ldap_acl_deny bool option

---
 be-ldap.c | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/be-ldap.c b/be-ldap.c
index a0a77b6b..df59bae8 100644
--- a/be-ldap.c
+++ b/be-ldap.c
@@ -48,13 +48,26 @@ struct ldap_backend {
 	char *user_uri;
 	char *superquery;
 	char *aclquery;
+	int acldeny;
 };
 
+static char *get_bool(char *option, char *defval)
+{
+	char *flag = p_stab(option);
+	flag = flag ? flag : defval;
+	if (!strcmp("true", flag) || !strcmp("false", flag)) {
+		return flag;
+	}
+	_log(LOG_NOTICE, "WARN: %s is unexpected value -> %s", option, flag);
+	return defval;
+}
+
 void *be_ldap_init()
 {
 	struct ldap_backend *conf;
 	char *uri;
 	char *binddn, *bindpw;
+	char *opt_flag;
 	int rc, opt, len;
 
 	_log(LOG_DEBUG, "}}}} LDAP");
@@ -83,6 +96,7 @@ void *be_ldap_init()
 	conf->user_uri	= NULL;
 	conf->superquery = NULL;
 	conf->aclquery	= NULL;
+	conf->acldeny = 0;
 
 	conf->ldap_uri = strdup(uri);
 	if (ldap_url_parse(uri, &conf->lud) != 0) {
@@ -120,6 +134,9 @@ void *be_ldap_init()
 	// conf->superquery	= p_stab("superquery");
 	// conf->aclquery		= p_stab("aclquery");
 
+	opt_flag = get_bool("ldap_acl_deny", "false");
+	if (!strcmp("true", opt_flag))
+		conf->acldeny = 1;
 
 	return ((void *)conf);
 }
@@ -260,6 +277,8 @@ int be_ldap_superuser(void *handle, const char *username)
 
 int be_ldap_aclcheck(void *handle, const char *clientid, const char *username, const char *topic, int acc)
 {
-	return BACKEND_ALLOW;
+	struct ldap_backend *conf = (struct ldap_backend *)handle;
+
+	return (conf->acldeny ? BACKEND_DENY : BACKEND_ALLOW);
 }
 #endif /* BE_LDAP */