struct berval pdn;
struct berval realdn = BER_BVNULL;
int colnum;
- slap_mask_t mask;
char textbuf[ SLAP_TEXT_BUFLEN ];
size_t textlen = sizeof( textbuf );
+ AclCheck ak;
+
#ifdef BACKSQL_SYNCPROV
/*
* NOTE: fake successful result to force contextCSN to be bumped up
}
/* check write access */
- if ( !access_allowed_mask( op, op->ora_e,
- slap_schema.si_ad_entry,
- NULL, ACL_WADD, NULL, &mask ) )
+ ak.ak_e = op->ora_e;
+ ak.ak_desc = slap_schema.si_ad_entry;
+ ak.ak_val = NULL;
+ ak.ak_access = ACL_WADD;
+ ak.ak_state = NULL;
+ if ( !access_allowed( op, &ak ))
{
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
e = op->ora_e;
}
/* check "children" pseudo-attribute access to parent */
- if ( !access_allowed( op, &p, slap_schema.si_ad_children,
- NULL, ACL_WADD, NULL ) )
+ ak.ak_e = &p;
+ ak.ak_desc = slap_schema.si_ad_children;
+ if ( !access_allowed( op, &ak ))
{
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
e = &p;
if ( e != NULL ) {
int disclose = 1;
- if ( e == op->ora_e && !ACL_GRANT( mask, ACL_DISCLOSE ) ) {
+ if ( e == op->ora_e && !ACL_GRANT( ak.ak_mask, ACL_DISCLOSE ) ) {
/* mask already collected */
disclose = 0;
- } else if ( e == &p && !access_allowed( op, &p,
- slap_schema.si_ad_entry, NULL,
- ACL_DISCLOSE, NULL ) )
+ } else if ( e == &p )
{
- disclose = 0;
+ ak.ak_e = &p;
+ ak.ak_desc = slap_schema.si_ad_entry;
+ ak.ak_access = ACL_DISCLOSE;
+ if ( !access_allowed( op, &ak ))
+ {
+ disclose = 0;
+ }
}
if ( disclose == 0 ) {
int rc;
int manageDSAit = get_manageDSAit( op );
AttributeName anlist[2];
+ AclCheck ak;
Debug( LDAP_DEBUG_TRACE, "==>backsql_compare()\n", 0, 0, 0 );
*ap = nrs.sr_operational_attrs;
}
- if ( ! access_allowed( op, &e, op->oq_compare.rs_ava->aa_desc,
- &op->oq_compare.rs_ava->aa_value,
- ACL_COMPARE, NULL ) )
+ ak.ak_e = &e;
+ ak.ak_desc = op->oq_compare.rs_ava->aa_desc;
+ ak.ak_val = &op->oq_compare.rs_ava->aa_value;
+ ak.ak_access = ACL_COMPARE;
+ ak.ak_state = NULL;
+ if ( ! access_allowed( op, &ak ))
{
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
break;
default:
+ ak.ak_desc = slap_schema.si_ad_entry;
+ ak.ak_val = NULL;
+ ak.ak_access = ACL_DISCLOSE;
if ( !BER_BVISNULL( &e.e_nname ) &&
- ! access_allowed( op, &e,
- slap_schema.si_ad_entry, NULL,
- ACL_DISCLOSE, NULL ) )
+ ! access_allowed( op, &ak ))
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
rs->sr_text = NULL;
if ( rs->sr_type == REP_SEARCH ) {
backsql_tree_delete_t *btd;
backsql_entryID *eid;
+ AclCheck ak = { rs->sr_entry, slap_schema.si_ad_entry, NULL,
+ ACL_WDEL, NULL };
+ int ret;
btd = (backsql_tree_delete_t *)op->o_callback->sc_private;
- if ( !access_allowed( btd->btd_op, rs->sr_entry,
- slap_schema.si_ad_entry, NULL, ACL_WDEL, NULL )
- || !access_allowed( btd->btd_op, rs->sr_entry,
- slap_schema.si_ad_children, NULL, ACL_WDEL, NULL ) )
+ ret = access_allowed( btd->btd_op, &ak );
+ ak.ak_desc = slap_schema.si_ad_children;
+ if ( !ret || !access_allowed( btd->btd_op, &ak ))
{
btd->btd_rc = LDAP_INSUFFICIENT_ACCESS;
return rs->sr_err = LDAP_UNAVAILABLE;
Entry d = { 0 }, p = { 0 }, *e = NULL;
struct berval pdn = BER_BVNULL;
int manageDSAit = get_manageDSAit( op );
+ AclCheck ak;
Debug( LDAP_DEBUG_TRACE, "==>backsql_delete(): deleting entry \"%s\"\n",
op->o_req_ndn.bv_val, 0, 0 );
goto done;
}
- if ( !access_allowed( op, &d, slap_schema.si_ad_entry,
- NULL, ACL_WDEL, NULL ) )
+ ak.ak_e = &d;
+ ak.ak_desc = slap_schema.si_ad_entry;
+ ak.ak_val = NULL;
+ ak.ak_access = ACL_WDEL;
+ ak.ak_state = NULL;
+ if ( !access_allowed( op, &ak ))
{
Debug( LDAP_DEBUG_TRACE, " backsql_delete(): "
"no write access to entry\n",
(void)backsql_free_entryID( &bsi.bsi_base_id, 0, op->o_tmpmemctx );
/* check parent for "children" acl */
- if ( !access_allowed( op, &p, slap_schema.si_ad_children,
- NULL, ACL_WDEL, NULL ) )
+ ak.ak_e = &p;
+ ak.ak_desc = slap_schema.si_ad_children;
+ if ( !access_allowed( op, &ak ))
{
Debug( LDAP_DEBUG_TRACE, " backsql_delete(): "
"no write access to parent\n",
done:;
if ( e != NULL ) {
- if ( !access_allowed( op, e, slap_schema.si_ad_entry, NULL,
- ACL_DISCLOSE, NULL ) )
+ ak.ak_e = e;
+ ak.ak_desc = slap_schema.si_ad_entry;
+ ak.ak_access = ACL_DISCLOSE;
+ if ( !access_allowed( op, &ak ))
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
rs->sr_text = NULL;
done:;
if ( e != NULL ) {
- if ( !access_allowed( op, e, slap_schema.si_ad_entry, NULL,
- ACL_DISCLOSE, NULL ) )
+ AclCheck ak = { e, slap_schema.si_ad_entry, NULL, ACL_DISCLOSE, NULL };
+ if ( !access_allowed( op, &ak ))
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
rs->sr_text = NULL;
*e = NULL;
int manageDSAit = get_manageDSAit( op );
struct berval *newSuperior = op->oq_modrdn.rs_newSup;
+ AclCheck ak;
Debug( LDAP_DEBUG_TRACE, "==>backsql_modrdn() renaming entry \"%s\", "
"newrdn=\"%s\", newSuperior=\"%s\"\n",
/*
* Check for entry access to target
*/
- if ( !access_allowed( op, &r, slap_schema.si_ad_entry,
- NULL, ACL_WRITE, NULL ) ) {
+ ak.ak_e = &r;
+ ak.ak_desc = slap_schema.si_ad_entry;
+ ak.ak_val = NULL;
+ ak.ak_access = ACL_WRITE;
+ ak.ak_state = NULL;
+ if ( !access_allowed( op, &ak )) {
Debug( LDAP_DEBUG_TRACE, " no access to entry\n", 0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto done;
goto done;
}
- if ( !access_allowed( op, &p, slap_schema.si_ad_children, NULL,
- newSuperior ? ACL_WDEL : ACL_WRITE, NULL ) )
+ ak.ak_e = &p;
+ ak.ak_desc = slap_schema.si_ad_children;
+ if ( newSuperior ) ak.ak_desc = ACL_WDEL;
+ if ( !access_allowed( op, &ak ))
{
Debug( LDAP_DEBUG_TRACE, " no access to parent\n", 0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
n_id.eid_id, 0, 0 );
#endif /* ! BACKSQL_ARBITRARY_KEY */
- if ( !access_allowed( op, &n, slap_schema.si_ad_children,
- NULL, ACL_WADD, NULL ) ) {
+ ak.ak_e = &n;
+ ak.ak_access = ACL_WADD;
+ if ( !access_allowed( op, &ak )) {
Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
"no access to new parent \"%s\"\n",
new_pdn->bv_val, 0, 0 );
done:;
if ( e != NULL ) {
- if ( !access_allowed( op, e, slap_schema.si_ad_entry, NULL,
- ACL_DISCLOSE, NULL ) )
+ ak.ak_e = e;
+ ak.ak_desc = slap_schema.si_ad_entry;
+ ak.ak_access = ACL_DISCLOSE;
+ if ( !access_allowed( op, &ak ))
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
rs->sr_text = NULL;
#ifndef BACKSQL_ARBITRARY_KEY
ID lastid = 0;
#endif /* ! BACKSQL_ARBITRARY_KEY */
+ AclCheck ak = { &base_entry, slap_schema.si_ad_entry, NULL };
Debug( LDAP_DEBUG_TRACE, "==>backsql_search(): "
"base=\"%s\", filter=\"%s\", scope=%d,",
/* fall thru */
default:
+ ak.ak_access = ACL_DISCLOSE;
if ( !BER_BVISNULL( &base_entry.e_nname )
- && !access_allowed( op, &base_entry,
- slap_schema.si_ad_entry, NULL,
- ACL_DISCLOSE, NULL ) )
+ && !access_allowed( op, &ak ))
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
if ( rs->sr_ref ) {
/* NOTE: __NEW__ "search" access is required
* on searchBase object */
{
- slap_mask_t mask;
-
if ( get_assert( op ) &&
( test_filter( op, &base_entry, get_assertion( op ) )
!= LDAP_COMPARE_TRUE ) )
rs->sr_err = LDAP_ASSERTION_FAILED;
}
- if ( ! access_allowed_mask( op, &base_entry,
- slap_schema.si_ad_entry,
- NULL, ACL_SEARCH, NULL, &mask ) )
+ ak.ak_access = ACL_SEARCH;
+ if ( ! access_allowed( op, &ak ))
{
if ( rs->sr_err == LDAP_SUCCESS ) {
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
}
if ( rs->sr_err != LDAP_SUCCESS ) {
- if ( !ACL_GRANT( mask, ACL_DISCLOSE ) ) {
+ if ( !ACL_GRANT( ak.ak_mask, ACL_DISCLOSE ) ) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
rs->sr_text = NULL;
}
projects / thirdparty / openldap.git / commitdiff
