From: Howard Chu <hyc@openldap.org>
Date: Fri, 11 Dec 2009 11:07:58 +0000 (+0000)
Subject: New access_allowed()
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2b01593a9b99ce8a51af1473d3274b6dbd0459e7;p=thirdparty%2Fopenldap.git

New access_allowed()
---

diff --git a/contrib/slapd-modules/addpartial/addpartial-overlay.c b/contrib/slapd-modules/addpartial/addpartial-overlay.c
index 309391a119..0dde1fc298 100644
--- a/contrib/slapd-modules/addpartial/addpartial-overlay.c
+++ b/contrib/slapd-modules/addpartial/addpartial-overlay.c
@@ -48,6 +48,7 @@ static int addpartial_add( Operation *op, SlapReply *rs)
     Entry *found = NULL;
     slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
     int rc;
+	AclCheck ak = { op->ora_e. slap_schema.si_ad_entry, NULL, ACL_WRITE };
 
     toAdd = op->oq_add.rs_e;
 
@@ -55,8 +56,7 @@ static int addpartial_add( Operation *op, SlapReply *rs)
           addpartial.on_bi.bi_type, toAdd->e_nname.bv_val,0);
 
     /* if the user doesn't have access, fall through to the normal ADD */
-    if(!access_allowed(op, toAdd, slap_schema.si_ad_entry,
-                       NULL, ACL_WRITE, NULL))
+    if(!access_allowed(op, &ak ))
     {
         return SLAP_CB_CONTINUE;
     }
diff --git a/contrib/slapd-modules/lastmod/lastmod.c b/contrib/slapd-modules/lastmod/lastmod.c
index 030bd0ddf8..fdbc1dcd01 100644
--- a/contrib/slapd-modules/lastmod/lastmod.c
+++ b/contrib/slapd-modules/lastmod/lastmod.c
@@ -148,6 +148,7 @@ lastmod_compare( Operation *op, SlapReply *rs )
 	slap_overinst		*on = (slap_overinst *)op->o_bd->bd_info;
 	lastmod_info_t		*lmi = (lastmod_info_t *)on->on_bi.bi_private;
 	Attribute		*a;
+	AclCheck		ak;
 
 	ldap_pvt_thread_mutex_lock( &lmi->lmi_entry_mutex );
 
@@ -158,8 +159,12 @@ lastmod_compare( Operation *op, SlapReply *rs )
 		goto return_results;
 	}
 
-	rs->sr_err = access_allowed( op, lmi->lmi_e, op->oq_compare.rs_ava->aa_desc,
-		&op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL );
+	ak.ak_e = lmi->lmi_e;
+	ak.ak_desc = op->oq_compare.rs_ava->aa_desc;
+	ak.ak_val = &op->oq_compare.rs_ava->aa_value;
+	ak.ak_access = ACL_COMPARE;
+	ak.ak_state = NULL;
+	rs->sr_err = access_allowed( op, &ak );
 	if ( ! rs->sr_err ) {
 		rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
 		goto return_results;