Change slap_sasl_authorized to take an Operation instead of a Connection,

for compatibility with proxyAuthz control

servers/slapd/controls.c

@@ -740,7 +740,7 @@ static int parseProxyAuthz (
 		dn.bv_len ? dn.bv_val : "(NULL)", 0 );
 #endif
 
-	rc = slap_sasl_authorized( op->o_conn, &op->o_ndn, &dn );
+	rc = slap_sasl_authorized( op, &op->o_ndn, &dn );
 
 	if( rc ) {
 		ch_free( dn.bv_val );

servers/slapd/proto-slap.h

@@ -869,7 +869,7 @@ LDAP_SLAPD_F (void) slap_sasl2dn LDAP_P((
 	struct berval *saslname,
 	struct berval *dn ));
 LDAP_SLAPD_F (int) slap_sasl_authorized LDAP_P((
-	Connection *conn,
+	Operation *op,
 	struct berval *authcid,
 	struct berval *authzid ));
 LDAP_SLAPD_F (int) slap_sasl_regexp_config LDAP_P((

servers/slapd/sasl.c

@@ -752,7 +752,7 @@ slap_sasl_authorize(
 	
 	AC_MEMCPY( &authzDN, auxvals[1].values[0], sizeof(authzDN) );
 
-	rc = slap_sasl_authorized( conn, &authcDN, &authzDN );
+	rc = slap_sasl_authorized( conn->c_sasl_bindop, &authcDN, &authzDN );
 	ch_free( authcDN.bv_val );
 	if ( rc != LDAP_SUCCESS ) {
 #ifdef NEW_LOGGING
@@ -867,7 +867,7 @@ slap_sasl_authorize(
 		return SASL_NOAUTHZ;
 	}
 
-	rc = slap_sasl_authorized(conn, &authcDN, &authzDN );
+	rc = slap_sasl_authorized(conn->c_sasl_bindop, &authcDN, &authzDN );
 	ch_free( authcDN.bv_val );
 	if( rc ) {
 #ifdef NEW_LOGGING

servers/slapd/saslauthz.c

@@ -490,7 +490,7 @@ CONCLUDED:
  * The DNs should not have the dn: prefix
  */
 static int
-slap_sasl_check_authz( Connection *conn,
+slap_sasl_check_authz( Operation *op,
 	struct berval *searchDN,
 	struct berval *assertDN,
 	AttributeDescription *ad,
@@ -509,19 +509,19 @@ slap_sasl_check_authz( Connection *conn,
 	   assertDN->bv_val, ad->ad_cname.bv_val, searchDN->bv_val);
 #endif
 
-	rc = backend_attribute( conn->c_sasl_bindop, NULL,
+	rc = backend_attribute( op, NULL,
 		searchDN, ad, &vals );
 	if( rc != LDAP_SUCCESS ) goto COMPLETE;
 
 	/* Check if the *assertDN matches any **vals */
 	for( i=0; vals[i].bv_val != NULL; i++ ) {
-		rc = slap_sasl_match( conn->c_sasl_bindop, &vals[i], assertDN, authc );
+		rc = slap_sasl_match( op, &vals[i], assertDN, authc );
 		if ( rc == LDAP_SUCCESS ) goto COMPLETE;
 	}
 	rc = LDAP_INAPPROPRIATE_AUTH;
 
 COMPLETE:
-	if( vals ) ber_bvarray_free_x( vals, conn->c_sasl_bindop->o_tmpmemctx );
+	if( vals ) ber_bvarray_free_x( vals, op->o_tmpmemctx );
 
 #ifdef NEW_LOGGING
 	LDAP_LOG( TRANSPORT, RESULTS, 
@@ -645,7 +645,7 @@ FINISHED:
  * The DNs should not have the dn: prefix
  */
 
-int slap_sasl_authorized( Connection *conn,
+int slap_sasl_authorized( Operation *op,
 	struct berval *authcDN, struct berval *authzDN )
 {
 	int rc = LDAP_INAPPROPRIATE_AUTH;
@@ -673,14 +673,14 @@ int slap_sasl_authorized( Connection *conn,
 	}
 
 	/* Allow the manager to authorize as any DN. */
-	if( conn->c_authz_backend && be_isroot( conn->c_authz_backend, authcDN )) {
+	if( op->o_conn->c_authz_backend && be_isroot( op->o_conn->c_authz_backend, authcDN )) {
 		rc = LDAP_SUCCESS;
 		goto DONE;
 	}
 
 	/* Check source rules */
 	if( authz_policy & SASL_AUTHZ_TO ) {
-		rc = slap_sasl_check_authz( conn, authcDN, authzDN,
+		rc = slap_sasl_check_authz( op, authcDN, authzDN,
 			slap_schema.si_ad_saslAuthzTo, authcDN );
 		if( rc == LDAP_SUCCESS ) {
 			goto DONE;
@@ -689,7 +689,7 @@ int slap_sasl_authorized( Connection *conn,
 
 	/* Check destination rules */
 	if( authz_policy & SASL_AUTHZ_FROM ) {
-		rc = slap_sasl_check_authz( conn, authzDN, authcDN,
+		rc = slap_sasl_check_authz( op, authzDN, authcDN,
 			slap_schema.si_ad_saslAuthzFrom, authcDN );
 		if( rc == LDAP_SUCCESS ) {
 			goto DONE;

servers/slapd/tools/mimic.c

@@ -227,7 +227,7 @@ int slap_sasl_getdn( Connection *conn, Operation *op, char *id, int len,
 	return -1;
 }
 
-int slap_sasl_authorized( Connection *conn,
+int slap_sasl_authorized( Operation *op,
 	struct berval *authcDN, struct berval *authzDN )
 {
 	return -1;