New access_allowed()

[openldap] / servers / slapd / back-monitor / compare.c

diff --git a/servers/slapd/back-monitor/compare.c b/servers/slapd/back-monitor/compare.c
index 954317b568a0656e2a88784f2e0df6a60ccff6d3..602dec40deb3abb5791ee84cff64796f8b232643 100644 (file)
--- a/servers/slapd/back-monitor/compare.c
+++ b/servers/slapd/back-monitor/compare.c
@@ -2,7 +2,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *
@@ -27,27 +27,29 @@
 #include "back-monitor.h"
 
 int
-monitor_back_compare( struct slap_op *op, struct slap_rep *rs)
+monitor_back_compare( Operation *op, SlapReply *rs )
 {
        monitor_info_t  *mi = ( monitor_info_t * ) op->o_bd->be_private;
        Entry           *e, *matched = NULL;
        Attribute       *a;
        int             rc;
+       AclCheck        ak;
+
+       ak.ak_state = NULL;
 
        /* get entry with reader lock */
        monitor_cache_dn2entry( op, rs, &op->o_req_ndn, &e, &matched );
        if ( e == NULL ) {
                rs->sr_err = LDAP_NO_SUCH_OBJECT;
                if ( matched ) {
-#ifdef SLAP_ACL_HONOR_DISCLOSE
-                       if ( !access_allowed_mask( op, matched,
-                                       slap_schema.si_ad_entry,
-                                       NULL, ACL_DISCLOSE, NULL, NULL ) )
+                       ak.ak_e = matched;
+                       ak.ak_desc = slap_schema.si_ad_entry;
+                       ak.ak_val = NULL;
+                       ak.ak_access = ACL_DISCLOSE;
+                       if ( !access_allowed( op, &ak ))
                        {
                                /* do nothing */ ;
-                       } else 
-#endif /* SLAP_ACL_HONOR_DISCLOSE */
-                       {
+                       } else {
                                rs->sr_matched = matched->e_dn;
                        }
                }
@@ -60,8 +62,11 @@ monitor_back_compare( struct slap_op *op, struct slap_rep *rs)
                return rs->sr_err;
        }
 
-       rs->sr_err = access_allowed( op, e, op->oq_compare.rs_ava->aa_desc,
-                       &op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL );
+       ak.ak_e = e;
+       ak.ak_desc = op->oq_compare.rs_ava->aa_desc;
+       ak.ak_val = &op->oq_compare.rs_ava->aa_value;
+       ak.ak_access = ACL_COMPARE;
+       rs->sr_err = access_allowed( op, &ak );
        if ( !rs->sr_err ) {
                rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
                goto return_results;
@@ -74,10 +79,10 @@ monitor_back_compare( struct slap_op *op, struct slap_rep *rs)
                        a = attrs_find( a->a_next, op->oq_compare.rs_ava->aa_desc )) {
                rs->sr_err = LDAP_COMPARE_FALSE;
 
-               if ( value_find_ex( op->oq_compare.rs_ava->aa_desc,
+               if ( attr_valfind( a,
                        SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
                                SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
-                       a->a_nvals, &op->oq_compare.rs_ava->aa_value,
+                       &op->oq_compare.rs_ava->aa_value, NULL,
                        op->o_tmpmemctx ) == 0 )
                {
                        rs->sr_err = LDAP_COMPARE_TRUE;
@@ -97,13 +102,13 @@ return_results:;
                break;
 
        default:
-#ifdef SLAP_ACL_HONOR_DISCLOSE
-               if ( !access_allowed_mask( op, e, slap_schema.si_ad_entry,
-                               NULL, ACL_DISCLOSE, NULL, NULL ) )
+               ak.ak_desc = slap_schema.si_ad_entry;
+               ak.ak_val = NULL;
+               ak.ak_access = ACL_DISCLOSE;
+               if ( !access_allowed( op, &ak ))
                {
                        rs->sr_err = LDAP_NO_SUCH_OBJECT;
                }
-#endif /* SLAP_ACL_HONOR_DISCLOSE */
                break;
        }