Entry *e, *matched = NULL;
Attribute *a;
int rc;
+ AclCheck ak;
+
+ ak.ak_state = NULL;
/* get entry with reader lock */
monitor_cache_dn2entry( op, rs, &op->o_req_ndn, &e, &matched );
if ( e == NULL ) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
if ( matched ) {
- if ( !access_allowed_mask( op, matched,
- slap_schema.si_ad_entry,
- NULL, ACL_DISCLOSE, NULL, NULL ) )
+ ak.ak_e = matched;
+ ak.ak_desc = slap_schema.si_ad_entry;
+ ak.ak_val = NULL;
+ ak.ak_access = ACL_DISCLOSE;
+ if ( !access_allowed( op, &ak ))
{
/* do nothing */ ;
} else {
return rs->sr_err;
}
- rs->sr_err = access_allowed( op, e, op->oq_compare.rs_ava->aa_desc,
- &op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL );
+ ak.ak_e = e;
+ ak.ak_desc = op->oq_compare.rs_ava->aa_desc;
+ ak.ak_val = &op->oq_compare.rs_ava->aa_value;
+ ak.ak_access = ACL_COMPARE;
+ rs->sr_err = access_allowed( op, &ak );
if ( !rs->sr_err ) {
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
break;
default:
- if ( !access_allowed_mask( op, e, slap_schema.si_ad_entry,
- NULL, ACL_DISCLOSE, NULL, NULL ) )
+ ak.ak_desc = slap_schema.si_ad_entry;
+ ak.ak_val = NULL;
+ ak.ak_access = ACL_DISCLOSE;
+ if ( !access_allowed( op, &ak ))
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
}
monitor_info_t *mi = ( monitor_info_t * )op->o_bd->be_private;
Entry *matched;
Entry *e;
+ AclCheck ak;
Debug(LDAP_DEBUG_ARGS, "monitor_back_modify:\n", 0, 0, 0);
if ( e == NULL ) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
if ( matched ) {
- if ( !access_allowed_mask( op, matched,
- slap_schema.si_ad_entry,
- NULL, ACL_DISCLOSE, NULL, NULL ) )
+ ak.ak_e = matched;
+ ak.ak_desc = slap_schema.si_ad_entry;
+ ak.ak_val = NULL;
+ ak.ak_access = ACL_DISCLOSE;
+ ak.ak_state = NULL;
+ if ( !access_allowed( op, &ak ))
{
/* do nothing */ ;
} else {
}
if ( rc != LDAP_SUCCESS ) {
- if ( !access_allowed_mask( op, e, slap_schema.si_ad_entry,
- NULL, ACL_DISCLOSE, NULL, NULL ) )
+ ak.ak_e = e;
+ ak.ak_desc = slap_schema.si_ad_entry;
+ ak.ak_val = NULL;
+ ak.ak_access = ACL_DISCLOSE;
+ ak.ak_state = NULL;
+ if ( !access_allowed( op, &ak ))
{
rc = LDAP_NO_SUCH_OBJECT;
}
monitor_info_t *mi = ( monitor_info_t * )op->o_bd->be_private;
int rc = LDAP_SUCCESS;
Entry *e = NULL, *matched = NULL;
- slap_mask_t mask;
+ AclCheck ak;
Debug( LDAP_DEBUG_TRACE, "=> monitor_back_search\n", 0, 0, 0 );
-
+ ak.ak_desc = slap_schema.si_ad_entry;
+ ak.ak_val = NULL;
+ ak.ak_state = NULL;
/* get entry with reader lock */
monitor_cache_dn2entry( op, rs, &op->o_req_ndn, &e, &matched );
if ( e == NULL ) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
if ( matched ) {
- if ( !access_allowed_mask( op, matched,
- slap_schema.si_ad_entry,
- NULL, ACL_DISCLOSE, NULL, NULL ) )
+ ak.ak_e = matched;
+ ak.ak_access = ACL_DISCLOSE;
+ if ( !access_allowed( op, &ak ))
{
/* do nothing */ ;
} else {
/* NOTE: __NEW__ "search" access is required
* on searchBase object */
- if ( !access_allowed_mask( op, e, slap_schema.si_ad_entry,
- NULL, ACL_SEARCH, NULL, &mask ) )
+ ak.ak_e = e;
+ ak.ak_access = ACL_SEARCH;
+ if ( !access_allowed( op, &ak ))
{
monitor_cache_release( mi, e );
- if ( !ACL_GRANT( mask, ACL_DISCLOSE ) ) {
+ if ( !ACL_GRANT( ak.ak_mask, ACL_DISCLOSE ) ) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
} else {
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;