Lines Matching refs:op
80 int sasl_krb5_authdata_pac( Operation *op);
197 sasl_ap_lookup( Operation *op, SlapReply *rs )
204 lookup_info *sl = (lookup_info *)op->o_callback->sc_private;
237 be_isroot_dn( op->o_bd, &op->o_req_ndn ))
242 if ( ! access_allowed( op, rs->sr_entry, ad, NULL, ACL_AUTH, NULL ) ) {
298 Operation *op = (Operation *)&opbuf;
319 AC_MEMCPY( &op->o_req_ndn.bv_len, sl.list[i].values[0],
320 sizeof( op->o_req_ndn.bv_len ) );
323 op->o_req_ndn.bv_val = (char *)sl.list[i].values[0];
330 AC_MEMCPY( &op->o_req_ndn.bv_len, sl.list[i].values[0],
331 sizeof( op->o_req_ndn.bv_len ) );
334 op->o_req_ndn.bv_val = (char *)sl.list[i].values[0];
369 op->o_bd = select_backend( &op->o_req_ndn, 1 );
371 if ( op->o_bd ) {
373 if ( be_isroot_dn( op->o_bd, &op->o_req_ndn ) &&
374 !BER_BVISEMPTY( &op->o_bd->be_rootpw )) {
378 if ( lutil_passwd_scheme( op->o_bd->be_rootpw.bv_val )) {
379 if ( !strncasecmp( op->o_bd->be_rootpw.bv_val,
383 cbv.bv_len = op->o_bd->be_rootpw.bv_len -
386 cbv.bv_val = op->o_bd->be_rootpw.bv_val +
392 cbv = op->o_bd->be_rootpw;
413 if ( op->o_bd->be_search ) {
415 op->o_hdr = conn->c_sasl_bindop->o_hdr;
416 op->o_controls = opbuf.ob_controls;
417 op->o_tag = LDAP_REQ_SEARCH;
418 op->o_dn = conn->c_ndn;
419 op->o_ndn = conn->c_ndn;
420 op->o_callback = &cb;
421 slap_op_time( &op->o_time, &op->o_tincr );
422 op->o_do_not_cache = 1;
423 op->o_is_auth_check = 1;
424 op->o_req_dn = op->o_req_ndn;
425 op->ors_scope = LDAP_SCOPE_BASE;
426 op->ors_deref = LDAP_DEREF_NEVER;
427 op->ors_tlimit = SLAP_NO_LIMIT;
428 op->ors_slimit = 1;
429 op->ors_filter = &generic_filter;
430 op->ors_filterstr = generic_filterstr;
431 op->o_authz = conn->c_authz;
433 op->ors_attrs = NULL;
435 rc = op->o_bd->be_search( op, &rs );
453 Operation op = {0};
483 AC_MEMCPY( &op.o_req_ndn.bv_len, pr[i].values[0],
484 sizeof( op.o_req_ndn.bv_len ) );
487 op.o_req_ndn.bv_val = (char *)pr[i].values[0];
491 if (!conn || !op.o_req_ndn.bv_val) return SASL_BADPARAM;
493 op.o_bd = select_backend( &op.o_req_ndn, 1 );
495 if ( !op.o_bd || !op.o_bd->be_modify ) return SASL_FAIL;
522 rc = slap_mods_check( &op, modlist, &text, textbuf, textlen, NULL );
525 rc = slap_mods_no_user_mod_check( &op, modlist,
530 op.o_hdr = conn->c_sasl_bindop->o_hdr;
532 op.o_hdr = &oph;
534 operation_fake_init( conn, &op, ldap_pvt_thread_pool_context(), 0 );
536 op.o_tag = LDAP_REQ_MODIFY;
537 op.o_ndn = op.o_req_ndn;
538 op.o_callback = &cb;
539 slap_op_time( &op.o_time, &op.o_tincr );
540 op.o_do_not_cache = 1;
541 op.o_is_auth_check = 1;
542 op.o_req_dn = op.o_req_ndn;
543 op.orm_modlist = modlist;
545 rc = op.o_bd->be_modify( &op, &rs );
588 sasl_authdata_lookup( Operation *op, SlapReply *rs )
600 lookup_info *sl = (lookup_info*)op->o_callback->sc_private;
636 sasl_pws_lookup( Operation *op, SlapReply *rs )
650 lookup_info *sl = (lookup_info*)op->o_callback->sc_private;
702 Operation *op = NULL;
710 op = &opbuf.ob_op;
719 op->o_dn = op->o_ndn = op->o_req_dn = op->o_req_ndn = authdn;
720 op->o_conn->c_listener->sl_url.bv_val = "ldapi://%2Fvar%2Frun%2Fldapi";
721 op->o_conn->c_listener->sl_url.bv_len = strlen("ldapi://%2Fvar%2Frun%2Fldapi");
723 op->o_req_ndn.bv_len = strlen(op->o_req_ndn.bv_val);
725 op->o_bd = select_backend(&op->o_req_ndn, 1);
726 if(!op->o_bd) {
727 Debug(LDAP_DEBUG_TRACE, "%s: could not find backend for: %s\n", __PRETTY_FUNCTION__, op->o_req_ndn.bv_val, 0);
731 op->o_do_not_cache = 1;
732 slap_op_time(&op->o_time, &op->o_tincr);
733 op->o_tag = LDAP_REQ_SEARCH;
734 op->ors_scope = LDAP_SCOPE_BASE;
735 op->ors_deref = LDAP_DEREF_NEVER;
736 op->ors_tlimit = SLAP_NO_LIMIT;
737 op->ors_slimit = 1;
738 op->ors_filter = &generic_filter;
739 op->ors_filterstr = generic_filterstr;
740 op->ors_attrs = NULL;
742 op->o_callback = &authdata_lookup_cb;
744 op->o_bd->be_search(op, &rs);
746 Debug(LDAP_DEBUG_TRACE, "%s: Unable to locate %s (%d)\n", __PRETTY_FUNCTION__, op->o_req_ndn.bv_val, rs.sr_err);
760 Operation op = {0};
782 AC_MEMCPY( &op.o_req_ndn.bv_len, sl.list[i].values[0],
783 sizeof( op.o_req_ndn.bv_len ) );
786 op.o_req_ndn.bv_val = (char *)sl.list[i].values[0];
793 AC_MEMCPY( &op.o_req_ndn.bv_len, sl.list[i].values[0],
794 sizeof( op.o_req_ndn.bv_len ) );
797 op.o_req_ndn.bv_val = (char *)sl.list[i].values[0];
809 op.o_bd = select_backend( &op.o_req_ndn, 1 );
811 if ( op.o_bd ) {
812 if ( op.o_bd->be_search ) {
814 op.o_hdr = conn->c_sasl_bindop->o_hdr;
815 op.o_tag = LDAP_REQ_SEARCH;
816 op.o_dn = conn->c_ndn;
817 op.o_ndn = conn->c_ndn;
818 op.o_callback = &cb;
819 slap_op_time( &op.o_time, &op.o_tincr );
820 op.o_do_not_cache = 1;
821 op.o_is_auth_check = 1;
822 op.o_req_dn = op.o_req_ndn;
823 op.ors_scope = LDAP_SCOPE_BASE;
824 op.ors_deref = LDAP_DEREF_NEVER;
825 op.ors_tlimit = SLAP_NO_LIMIT;
826 op.ors_slimit = 1;
827 op.ors_filter = &generic_filter;
828 op.ors_filterstr = generic_filterstr;
830 op.ors_attrs = NULL;
832 op.o_bd->be_search( &op, &rs );
1301 slapd_rw_cb( Operation *op, SlapReply *rs )
1304 struct slapd_rw_info *si = op->o_callback->sc_private;
1328 Operation *op;
1337 op = &opbuf.ob_op;
1339 op->o_tag = LDAP_REQ_SEARCH;
1340 op->o_req_dn = op->o_req_ndn = sl->base;
1341 op->o_bd = select_backend( &op->o_req_ndn, 1 );
1342 if ( !op->o_bd ) {
1347 op->ors_scope = sl->scope;
1348 op->ors_deref = LDAP_DEREF_NEVER;
1349 op->ors_slimit = 1;
1350 op->ors_tlimit = SLAP_NO_LIMIT;
1352 op->ors_attrs = sl->attrs;
1354 op->ors_attrs = slap_anlist_no_attrs;
1362 ptr = op->ors_filterstr.bv_val = op->o_tmpalloc( rc + 1, op->o_tmpmemctx );
1371 op->ors_filter = str2filter_x( op, op->ors_filterstr.bv_val );
1372 if ( !op->ors_filter ) {
1373 op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
1377 op->ors_attrsonly = 0;
1378 op->o_dn = op->o_bd->be_rootdn;
1379 op->o_ndn = op->o_bd->be_rootndn;
1380 op->o_do_not_cache = 1;
1384 op->o_callback = &cb;
1386 rc = op->o_bd->be_search( op, &rs );
1396 filter_free_x( op, op->ors_filter, 1 );
1397 op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
1793 int slap_sasl_bind( Operation *op, SlapReply *rs )
1796 sasl_conn_t *ctx = op->o_conn->c_sasl_authctx;
1803 op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "",
1804 op->o_conn->c_sasl_bind_in_progress ? "<continuing>" :
1805 op->o_conn->c_sasl_bind_mech.bv_val,
1806 op->orb_cred.bv_len );
1809 send_ldap_error( op, rs, LDAP_UNAVAILABLE,
1819 if ( !op->o_conn->c_sasl_bind_in_progress ) {
1821 if ( op->o_conn->c_sasl_done ) {
1827 if ( ctx != op->o_conn->c_sasl_sockctx ) {
1830 op->o_conn->c_sasl_authctx = NULL;
1832 slap_sasl_open( op->o_conn, 1 );
1833 ctx = op->o_conn->c_sasl_authctx;
1841 op->o_conn->c_sasl_bind_mech.bv_val,
1842 op->orb_cred.bv_val, op->orb_cred.bv_len,
1847 op->orb_cred.bv_val, op->orb_cred.bv_len,
1855 CFDictionaryRef poldict = odusers_copy_effectiveuserpoldict(&op->o_conn->c_sasl_dn);
1857 Debug(LDAP_DEBUG_ANY, "%s: could not retrieve effective policy for: %s\n", __PRETTY_FUNCTION__, op->o_conn->c_sasl_dn.bv_val, 0);
1858 BER_BVZERO( &op->o_conn->c_sasl_dn );
1861 send_ldap_result( op, rs );
1867 Debug(LDAP_DEBUG_ANY, "%s: User is disabled: %s\n", __PRETTY_FUNCTION__, op->o_conn->c_sasl_dn.bv_val, 0);
1869 BER_BVZERO( &op->o_conn->c_sasl_dn );
1879 send_ldap_result( op, rs );
1883 if ( !bvmatch( &gssapi_bv, &op->o_conn->c_sasl_bind_mech )) { /* kdc update loginFailedAttempts for gss/krb5 */
1884 odusers_successful_auth(&op->o_conn->c_sasl_dn, poldict);
1888 ber_dupbv_x( &op->orb_edn, &op->o_conn->c_sasl_dn, op->o_tmpmemctx );
1889 BER_BVZERO( &op->o_conn->c_sasl_dn );
1890 op->o_conn->c_sasl_done = 1;
1895 op->orb_ssf = ssf ? *ssf : 0;
1897 if ( bvmatch( &gssapi_bv, &op->o_conn->c_sasl_bind_mech )) {
1898 sasl_krb5_authdata_pac(op);
1902 if( op->orb_ssf ) {
1903 ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
1904 op->o_conn->c_sasl_layers++;
1913 if ( op->o_conn->c_sasl_sockctx ) {
1914 ctx = op->o_conn->c_sasl_sockctx;
1915 op->o_conn->c_sasl_sockctx = NULL;
1917 op->o_conn->c_sasl_sockctx = op->o_conn->c_sasl_authctx;
1919 ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
1924 send_ldap_sasl( op, rs );
1929 ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
1930 ldap_pvt_sasl_remove( op->o_conn->c_sb );
1931 op->o_conn->c_sasl_sockctx = op->o_conn->c_sasl_authctx;
1932 ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
1939 send_ldap_sasl( op, rs );
1952 } else if(BER_BVISEMPTY(&op->o_conn->c_sasl_authz_dn)) {
1953 dn = op->o_conn->c_sasl_authz_dn;
1954 } else if(BER_BVISEMPTY(&op->o_conn->c_sasl_dn)) {
1955 dn = op->o_conn->c_sasl_dn;
1957 dn = op->o_req_ndn;
1963 if ( !bvmatch( &gssapi_bv, &op->o_conn->c_sasl_bind_mech )) { /* kdc update loginFailedAttempts for gss/krb5 */
1970 BER_BVZERO( &op->o_conn->c_sasl_dn );
1973 send_ldap_result( op, rs );
1982 SASL_CTX *ctx = op->o_conn->c_sasl_authctx;
1985 send_ldap_error( op, rs, LDAP_OTHER,
1988 } else if ( bvmatch( &ext_bv, &op->o_conn->c_sasl_bind_mech ) ) {
1991 if( op->orb_cred.bv_len ) {
1994 send_ldap_result( op, rs );
1997 op->orb_edn = ctx->sc_external_id;
2000 send_ldap_sasl( op, rs );
2004 send_ldap_error( op, rs, LDAP_AUTH_METHOD_NOT_SUPPORTED,
2008 send_ldap_error( op, rs, LDAP_AUTH_METHOD_NOT_SUPPORTED,
2035 slap_sasl_setpass( Operation *op, SlapReply *rs )
2041 assert( ber_bvcmp( &slap_EXOP_MODIFY_PASSWD, &op->ore_reqoid ) == 0 );
2043 rs->sr_err = sasl_getprop( op->o_conn->c_sasl_authctx, SASL_USERNAME,
2055 rs->sr_err = slap_passwd_parse( op->ore_reqdata,
2074 rs->sr_err = sasl_setpass( op->o_conn->c_sasl_authctx, id.bv_val,
2077 rs->sr_text = sasl_errdetail( op->o_conn->c_sasl_authctx );
2111 int slap_sasl_getdn( Connection *conn, Operation *op, struct berval *id,
2126 if ( !op ) {
2127 op = conn->c_sasl_bindop;
2129 assert( op != NULL );
2164 ber_dupbv_x( dn, id, op->o_tmpmemctx );
2244 op->o_tmpmemctx );
2259 ber_dupbv_x( &dn2, dn, op->o_tmpmemctx );
2265 rc = dnNormalize( 0, NULL, NULL, dn, &dn2, op->o_tmpmemctx );
2268 slap_sl_free( dn->bv_val, op->o_tmpmemctx );
2278 slap_sasl2dn( op, dn, &dn2, flags );
2280 slap_sl_free( dn->bv_val, op->o_tmpmemctx );
2290 int sasl_krb5_authdata_pac( Operation *op)
2293 sasl_conn_t *ctx = op->o_conn->c_sasl_authctx;
2313 if (!BER_BVISNULL(&op->orb_edn) &&
2314 strstr (op->orb_edn.bv_val, "proxyuser") == NULL) {
2324 op->o_conn->c_authz.c_sai_krb5_auth_data.bv_len = pvalue->length;
2325 op->o_conn->c_authz.c_sai_krb5_auth_data.bv_val = pvalue->data;
2326 Debug(LDAP_DEBUG_TRACE, "sasl_getprop(110) op->o_conn->c_authz.c_sai_krb5_auth_data.bv_len = [%d]\n", (int)op->o_conn->c_authz.c_sai_krb5_auth_data.bv_len, 0, 0);
2347 ber_str2bv( clientname, 0, 1, &op->o_conn->c_authz.c_sai_krb5_pac_name );
2362 ber_str2bv( sid_str, 0, 1, &op->o_conn->c_authz.c_sai_krb5_pac_id );
2363 op->o_conn->c_authz.c_sai_krb5_auth_data_provisioned = 1;
2381 ber_str2bv( uuid_str, 0, 1, &op->o_conn->c_authz.c_sai_krb5_pac_id );
2382 op->o_conn->c_authz.c_sai_krb5_auth_data_provisioned = 1;
2392 ber_str2bv( realm, 0, 1, &op->o_conn->c_authz.c_sai_krb5_realm );