Lines Matching refs:op
23 static int odusers_add_authdata(Operation *op, SlapReply *rs, uuid_t newuuid);
58 static int odusers_delete(Operation *op, SlapReply *rs) {
64 struct berval *dn = &op->o_req_ndn;
66 if(op->o_req_ndn.bv_len < 14 || !(strnstr(op->o_req_ndn.bv_val, "cn=users,", op->o_req_ndn.bv_len)!=NULL || strnstr(op->o_req_ndn.bv_val, "cn=computers,", op->o_req_ndn.bv_len)!=NULL) || strnstr(op->o_req_ndn.bv_val, "cn=authdata", op->o_req_ndn.bv_len)!=NULL) {
75 operation_fake_init(op->o_conn, (Operation*)&opbuf, ldap_pvt_thread_pool_context(), 0);
77 fakeop->o_dn = fakeop->o_ndn = op->o_ndn;
79 dnParent(&op->o_req_ndn, &fakeop->o_req_ndn);
126 static int odusers_search_bridge_authdata(Operation *op, SlapReply *rs, const char *reqattr) {
135 dnNormalize( 0, NULL, NULL, &op->o_req_dn, &op->o_req_ndn, NULL );
136 e = odusers_copy_authdata(&op->o_req_ndn);
138 Debug(LDAP_DEBUG_ANY, "%s: No entry associated with %s\n", __func__, op->o_req_ndn.bv_val, 0);
148 retentry->e_name = op->o_req_dn;
149 retentry->e_nname = op->o_req_ndn;
157 op->ors_slimit = -1;
163 rs->sr_attrs = op->ors_attrs;
165 rs->sr_err = send_search_entry(op, rs);
170 send_ldap_result(op, rs);
182 static int odusers_search_effective_userpolicy(Operation *op, SlapReply *rs) {
185 CFDictionaryRef effectivedict = odusers_copy_effectiveuserpoldict(&op->o_req_ndn);
187 Debug(LDAP_DEBUG_ANY, "%s: Unable to retrieve effective policy for %s\n", __func__, op->o_req_ndn.bv_val, 0);
195 retentry->e_name = op->o_req_dn;
196 retentry->e_nname = op->o_req_ndn;
221 op->ors_slimit = -1;
227 rs->sr_attrs = op->ors_attrs;
229 rs->sr_err = send_search_entry(op, rs);
234 send_ldap_result(op, rs);
242 static int odusers_search_globalpolicy(Operation *op, SlapReply *rs) {
268 retentry->e_name = op->o_req_dn;
269 retentry->e_nname = op->o_req_ndn;
272 op->ors_slimit = -1;
278 rs->sr_attrs = op->ors_attrs;
280 rs->sr_err = send_search_entry(op, rs);
285 send_ldap_result(op, rs);
293 static int odusers_search_pwsprefs(Operation *op, SlapReply *rs) {
334 char *suffix = op->o_req_ndn.bv_val + strlen("cn=passwordserver,cn=config,");
363 e->e_name = op->o_req_dn;
364 e->e_nname = op->o_req_ndn;
385 op->ors_slimit = -1;
391 rs->sr_attrs = op->ors_attrs;
393 rs->sr_err = send_search_entry(op, rs);
395 send_ldap_result(op, rs);
403 static bool odusers_isaccount(Operation *op) {
406 if(strnstr(op->o_req_ndn.bv_val, "cn=users", op->o_req_ndn.bv_len) != NULL) ret = 1;
407 if(strnstr(op->o_req_ndn.bv_val, "cn=computers", op->o_req_ndn.bv_len) != NULL) ret = 1;
412 static int odusers_search(Operation *op, SlapReply *rs) {
415 if(!op || op->o_req_ndn.bv_len == 0) return SLAP_CB_CONTINUE;
416 if(!op->ors_attrs) return SLAP_CB_CONTINUE;
417 if(strnstr(op->o_req_ndn.bv_val, "cn=authdata", op->o_req_ndn.bv_len) != NULL) return SLAP_CB_CONTINUE;
419 isaccount = odusers_isaccount(op);
421 if(isaccount && strncmp(op->ors_attrs[0].an_name.bv_val, "apple-user-passwordpolicy", op->ors_attrs[0].an_name.bv_len) == 0) {
422 return odusers_search_bridge_authdata(op, rs, "apple-user-passwordpolicy");
423 } else if(isaccount && strncmp(op->ors_attrs[0].an_name.bv_val, "apple-user-passwordpolicy-effective", op->ors_attrs[0].an_name.bv_len) == 0) {
424 return odusers_search_effective_userpolicy(op, rs);
425 } else if(isaccount && strncmp(op->ors_attrs[0].an_name.bv_val, "draft-krbPrincipalAliases", op->ors_attrs[0].an_name.bv_len) == 0) {
426 return odusers_search_bridge_authdata(op, rs, "draft-krbPrincipalAliases");
427 } else if(!isaccount && (strncmp(op->o_req_ndn.bv_val, kDirservConfigName, strlen(kDirservConfigName)) == 0) && strncmp(op->ors_attrs[0].an_name.bv_val, "apple-user-passwordpolicy", op->ors_attrs[0].an_name.bv_len) == 0) {
428 return odusers_search_globalpolicy(op, rs);
429 } else if(!isaccount && (strncmp(op->o_req_ndn.bv_val, "cn=passwordserver,cn=config", strlen(kDirservConfigName)) == 0) && strncmp(op->ors_attrs[0].an_name.bv_val, "apple-xmlplist", op->ors_attrs[0].an_name.bv_len) == 0) {
430 return odusers_search_pwsprefs(op, rs);
527 static int odusers_response(Operation *op, SlapReply *rs) {
532 if(op->o_tag == LDAP_REQ_ADD && (strnstr(op->o_req_ndn.bv_val, "cn=authdata", op->o_req_ndn.bv_len) == NULL) && odusers_isaccount(op)) {
533 Debug(LDAP_DEBUG_ANY, "%s: processing response to add of %s\n", __func__, op->o_req_dn.bv_val, 0);
538 a = attr_find( op->ora_e->e_attrs, slap_schema.si_ad_entryUUID );
545 LDAP_SLIST_FOREACH(oex, &op->o_extra, oe_next) {
554 odusers_add_authdata(op, rs, oe->uuid);
556 LDAP_SLIST_REMOVE(&op->o_extra, &oe->oe, OpExtra, oe_next);
565 if ((rs->sr_type != REP_SEARCH) || (op->oq_search.rs_attrs == NULL) ) {
569 if(!op->ors_attrs) return SLAP_CB_CONTINUE;
572 if(op->o_req_ndn.bv_len != 0) return SLAP_CB_CONTINUE;
575 for(i = 0; op->ors_attrs[i].an_name.bv_len > 0; i++) {
576 if(op->ors_attrs[i].an_name.bv_val == NULL) break;
577 if(strncmp(op->ors_attrs[i].an_name.bv_val, "vendorName", op->ors_attrs[i].an_name.bv_len) == 0) {
579 } else if(strncmp(op->ors_attrs[i].an_name.bv_val, "vendorVersion", op->ors_attrs[i].an_name.bv_len) == 0) {
581 } else if(strncmp(op->ors_attrs[i].an_name.bv_val, "operatingSystemVersion", op->ors_attrs[i].an_name.bv_len) == 0) {
583 } else if(strncmp(op->ors_attrs[i].an_name.bv_val, "+", op->ors_attrs[i].an_name.bv_len) == 0) {
594 static int odusers_modify_bridge_authdata(Operation *op, SlapReply *rs) {
600 e = odusers_copy_authdata(&op->o_req_ndn);
602 Debug(LDAP_DEBUG_ANY, "%s: No entry associated with %s\n", __PRETTY_FUNCTION__, op->o_req_ndn.bv_val, 0);
608 fakeop->o_dn = op->o_dn;
609 fakeop->o_ndn = op->o_ndn;
612 fakeop->o_tag = op->o_tag;
613 fakeop->orm_modlist = op->orm_modlist;
621 slap_op_time(&op->o_time, &op->o_tincr);
629 send_ldap_result(op, rs);
636 static int odusers_modify_globalpolicy(Operation *op, SlapReply *rs) {
641 Modifications *m = op->orm_modlist;
646 fakeop->o_dn = op->o_dn;
647 fakeop->o_ndn = op->o_ndn;
651 fakeop->o_tag = op->o_tag;
652 fakeop->orm_modlist = op->orm_modlist;
696 slap_op_time(&op->o_time, &op->o_tincr);
710 send_ldap_result(op, rs);
717 static int odusers_enforce_admin(Operation *op) {
721 if((op->o_conn->c_listener->sl_url.bv_len == strlen("ldapi://%2Fvar%2Frun%2Fldapi")) && (strncmp(op->o_conn->c_listener->sl_url.bv_val, "ldapi://%2Fvar%2Frun%2Fldapi", op->o_conn->c_listener->sl_url.bv_len) == 0)) {
726 policy = odusers_copy_effectiveuserpoldict(&op->o_conn->c_dn);
728 Debug(LDAP_DEBUG_ANY, "%s: Unable to retrieve effective policy for %s\n", __func__, op->o_conn->c_dn.bv_val, 0);
746 static int odusers_rename(Operation *op, SlapReply *rs) {
749 if(!op || op->o_req_ndn.bv_len == 0) return SLAP_CB_CONTINUE;
751 if(strnstr(op->o_req_ndn.bv_val, "cn=authdata", op->o_req_ndn.bv_len) != NULL) return SLAP_CB_CONTINUE;
753 isaccount = odusers_isaccount(op);
788 realmname = odusers_copy_krbrealm(op);
794 newname = strchr(op->orr_newrdn.bv_val, '=');
796 Debug(LDAP_DEBUG_ANY, "%s: Could not determine new name from %s\n", __func__, op->orr_newrdn.bv_val, 0);
801 e = odusers_copy_authdata(&op->o_req_ndn);
803 Debug(LDAP_DEBUG_ANY, "%s: No entry associated with %s\n", __PRETTY_FUNCTION__, op->o_req_ndn.bv_val, 0);
807 oldname = odusers_copy_recname(op);
809 Debug(LDAP_DEBUG_ANY, "%s: could not find recname of %s\n", __PRETTY_FUNCTION__, op->o_req_ndn.bv_val, 0);
839 fakeop->o_dn = op->o_dn;
840 fakeop->o_ndn = op->o_ndn;
894 userfakeop->o_dn = op->o_dn;
895 userfakeop->o_ndn = op->o_ndn;
896 userfakeop->o_req_dn = op->o_dn;
897 userfakeop->o_req_ndn = op->o_ndn;
899 userfakeop->o_req_dn = op->o_req_dn;
900 userfakeop->o_req_ndn = op->o_req_ndn;
961 if((op->o_conn->c_listener->sl_url.bv_len == strlen("ldapi://%2Fvar%2Frun%2Fldapi")) && (strncmp(op->o_conn->c_listener->sl_url.bv_val, "ldapi://%2Fvar%2Frun%2Fldapi", op->o_conn->c_listener->sl_url.bv_len) == 0)) {
971 BackendDB *tmpbd = op->o_bd;
972 op->o_bd = select_backend(&op->o_req_ndn, 1);
973 userrs.sr_err = access_allowed(op, authe, slap_schema.si_ad_entry, &op->o_req_ndn, ACL_WRITE, &acl_state);
974 op->o_bd = tmpbd;
1008 static int odusers_modify(Operation *op, SlapReply *rs) {
1012 if(!op || op->o_req_ndn.bv_len == 0) return SLAP_CB_CONTINUE;
1014 if(strnstr(op->o_req_ndn.bv_val, "cn=authdata", op->o_req_ndn.bv_len) != NULL) return SLAP_CB_CONTINUE;
1016 m = op->orm_modlist;
1019 isaccount = odusers_isaccount(op);
1026 if(odusers_enforce_admin(op) != 0) {
1027 Debug(LDAP_DEBUG_ANY, "%s: no admin privs while attempting policy modification for %s\n", __func__, op->o_req_ndn.bv_val, 0);
1028 send_ldap_error(op, rs, LDAP_INSUFFICIENT_ACCESS, "policy modification not permitted");
1032 return odusers_modify_bridge_authdata(op, rs);
1034 if((odusers_enforce_admin(op) != 0) && (ber_bvcmp(&op->o_ndn, &op->o_req_ndn) != 0)) {
1035 send_ldap_error(op, rs, LDAP_INSUFFICIENT_ACCESS, "No access");
1040 return odusers_modify_bridge_authdata(op, rs);
1041 } else if(!isaccount && (strncmp(op->o_req_ndn.bv_val, kDirservConfigName, strlen(kDirservConfigName)) == 0) && strncmp(m->sml_desc->ad_cname.bv_val, "apple-user-passwordpolicy", m->sml_desc->ad_cname.bv_len) == 0) {
1042 if(odusers_enforce_admin(op) != 0) {
1044 send_ldap_error(op, rs, LDAP_INSUFFICIENT_ACCESS, "global policy modification not permitted");
1048 return odusers_modify_globalpolicy(op, rs);
1057 static char *odusers_copy_pwspubkey(Operation *op) {
1074 fakeop->o_dn = op->o_dn;
1075 fakeop->o_ndn = op->o_ndn;
1132 static int odusers_add_authdata(Operation *op, SlapReply *rs, uuid_t newuuid) {
1153 recname = odusers_copy_recname(op);
1159 if(strnstr(op->o_req_dn.bv_val, "cn=computer", op->o_req_dn.bv_len) != NULL) {
1163 realm = odusers_copy_krbrealm(op);
1167 fakeop->o_dn = op->o_dn;
1168 fakeop->o_ndn = op->o_ndn;
1324 entryUUID = attr_find( op->ora_e->e_attrs, slap_schema.si_ad_entryUUID );
1326 Debug(LDAP_DEBUG_ANY, "%s: couldn't find entryUUID attribute in copy of %s", __func__, op->o_req_ndn.bv_val, 0);
1401 if(odusers_enforce_admin(op) == 0) {
1513 static int odusers_add_aa(Operation *op, SlapReply *rs, uuid_t newuuid) {
1527 recname = odusers_copy_recname(op);
1533 if(strnstr(op->o_req_dn.bv_val, "cn=computer", op->o_req_dn.bv_len) != NULL) {
1537 realm = odusers_copy_krbrealm(op);
1539 pubkey = odusers_copy_pwspubkey(op);
1545 primary_master_ip = odusers_copy_primarymasterip(op);
1594 for(attriter = op->ora_e->e_attrs; attriter->a_next; attriter = attriter->a_next);
1606 static int odusers_add(Operation *op, SlapReply *rs) {
1610 if(!op || op->o_req_ndn.bv_len == 0) return SLAP_CB_CONTINUE;
1611 if(strnstr(op->o_req_ndn.bv_val, "cn=authdata", op->o_req_ndn.bv_len) != NULL) return SLAP_CB_CONTINUE;
1613 m = op->orm_modlist;
1616 isaccount = odusers_isaccount(op);
1625 LDAP_SLIST_INSERT_HEAD(&op->o_extra, &oe->oe, oe_next);
1627 odusers_add_aa(op, rs, oe->uuid);