From: Howard Chu Date: Sat, 24 May 2003 02:44:46 +0000 (+0000) Subject: Change slap_sasl_authorized to take an Operation instead of a Connection, X-Git-Tag: OPENLDAP_REL_ENG_2_2_0ALPHA~52 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=9dace23dec2b93bd07e20e35843149ecdaf96378;p=openldap Change slap_sasl_authorized to take an Operation instead of a Connection, for compatibility with proxyAuthz control --- diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c index d7ad0d1498..20c4545c01 100644 --- a/servers/slapd/controls.c +++ b/servers/slapd/controls.c @@ -740,7 +740,7 @@ static int parseProxyAuthz ( dn.bv_len ? dn.bv_val : "(NULL)", 0 ); #endif - rc = slap_sasl_authorized( op->o_conn, &op->o_ndn, &dn ); + rc = slap_sasl_authorized( op, &op->o_ndn, &dn ); if( rc ) { ch_free( dn.bv_val ); diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index 1516f379a9..f8103f4f9e 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -869,7 +869,7 @@ LDAP_SLAPD_F (void) slap_sasl2dn LDAP_P(( struct berval *saslname, struct berval *dn )); LDAP_SLAPD_F (int) slap_sasl_authorized LDAP_P(( - Connection *conn, + Operation *op, struct berval *authcid, struct berval *authzid )); LDAP_SLAPD_F (int) slap_sasl_regexp_config LDAP_P(( diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c index eb8f337cf3..a8f3eca30f 100644 --- a/servers/slapd/sasl.c +++ b/servers/slapd/sasl.c @@ -752,7 +752,7 @@ slap_sasl_authorize( AC_MEMCPY( &authzDN, auxvals[1].values[0], sizeof(authzDN) ); - rc = slap_sasl_authorized( conn, &authcDN, &authzDN ); + rc = slap_sasl_authorized( conn->c_sasl_bindop, &authcDN, &authzDN ); ch_free( authcDN.bv_val ); if ( rc != LDAP_SUCCESS ) { #ifdef NEW_LOGGING @@ -867,7 +867,7 @@ slap_sasl_authorize( return SASL_NOAUTHZ; } - rc = slap_sasl_authorized(conn, &authcDN, &authzDN ); + rc = slap_sasl_authorized(conn->c_sasl_bindop, &authcDN, &authzDN ); ch_free( authcDN.bv_val ); if( rc ) { #ifdef NEW_LOGGING diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c index 77da7cdd58..56cfc60021 100644 --- a/servers/slapd/saslauthz.c +++ b/servers/slapd/saslauthz.c @@ -490,7 +490,7 @@ CONCLUDED: * The DNs should not have the dn: prefix */ static int -slap_sasl_check_authz( Connection *conn, +slap_sasl_check_authz( Operation *op, struct berval *searchDN, struct berval *assertDN, AttributeDescription *ad, @@ -509,19 +509,19 @@ slap_sasl_check_authz( Connection *conn, assertDN->bv_val, ad->ad_cname.bv_val, searchDN->bv_val); #endif - rc = backend_attribute( conn->c_sasl_bindop, NULL, + rc = backend_attribute( op, NULL, searchDN, ad, &vals ); if( rc != LDAP_SUCCESS ) goto COMPLETE; /* Check if the *assertDN matches any **vals */ for( i=0; vals[i].bv_val != NULL; i++ ) { - rc = slap_sasl_match( conn->c_sasl_bindop, &vals[i], assertDN, authc ); + rc = slap_sasl_match( op, &vals[i], assertDN, authc ); if ( rc == LDAP_SUCCESS ) goto COMPLETE; } rc = LDAP_INAPPROPRIATE_AUTH; COMPLETE: - if( vals ) ber_bvarray_free_x( vals, conn->c_sasl_bindop->o_tmpmemctx ); + if( vals ) ber_bvarray_free_x( vals, op->o_tmpmemctx ); #ifdef NEW_LOGGING LDAP_LOG( TRANSPORT, RESULTS, @@ -645,7 +645,7 @@ FINISHED: * The DNs should not have the dn: prefix */ -int slap_sasl_authorized( Connection *conn, +int slap_sasl_authorized( Operation *op, struct berval *authcDN, struct berval *authzDN ) { int rc = LDAP_INAPPROPRIATE_AUTH; @@ -673,14 +673,14 @@ int slap_sasl_authorized( Connection *conn, } /* Allow the manager to authorize as any DN. */ - if( conn->c_authz_backend && be_isroot( conn->c_authz_backend, authcDN )) { + if( op->o_conn->c_authz_backend && be_isroot( op->o_conn->c_authz_backend, authcDN )) { rc = LDAP_SUCCESS; goto DONE; } /* Check source rules */ if( authz_policy & SASL_AUTHZ_TO ) { - rc = slap_sasl_check_authz( conn, authcDN, authzDN, + rc = slap_sasl_check_authz( op, authcDN, authzDN, slap_schema.si_ad_saslAuthzTo, authcDN ); if( rc == LDAP_SUCCESS ) { goto DONE; @@ -689,7 +689,7 @@ int slap_sasl_authorized( Connection *conn, /* Check destination rules */ if( authz_policy & SASL_AUTHZ_FROM ) { - rc = slap_sasl_check_authz( conn, authzDN, authcDN, + rc = slap_sasl_check_authz( op, authzDN, authcDN, slap_schema.si_ad_saslAuthzFrom, authcDN ); if( rc == LDAP_SUCCESS ) { goto DONE; diff --git a/servers/slapd/tools/mimic.c b/servers/slapd/tools/mimic.c index bebe7f9dd5..2b45be055a 100644 --- a/servers/slapd/tools/mimic.c +++ b/servers/slapd/tools/mimic.c @@ -227,7 +227,7 @@ int slap_sasl_getdn( Connection *conn, Operation *op, char *id, int len, return -1; } -int slap_sasl_authorized( Connection *conn, +int slap_sasl_authorized( Operation *op, struct berval *authcDN, struct berval *authzDN ) { return -1;