New access_allowed()

servers/slapd/back-shell/add.c

@@ -44,9 +44,9 @@ shell_back_add(
     SlapReply	*rs )
 {
 	struct shellinfo	*si = (struct shellinfo *) op->o_bd->be_private;
-	AttributeDescription *entry = slap_schema.si_ad_entry;
 	FILE			*rfp, *wfp;
 	int			len;
+	AclCheck ak = { op->ora_e, slap_schema.si_ad_entry, NULL, ACL_WADD, NULL };
 
 	if ( si->si_add == NULL ) {
 		send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
@@ -54,8 +54,7 @@ shell_back_add(
 		return( -1 );
 	}
 
-	if ( ! access_allowed( op, op->oq_add.rs_e,
-		entry, NULL, ACL_WADD, NULL ) )
+	if ( ! access_allowed( op, &ak ))
 	{
 		send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
 		return -1;

servers/slapd/back-shell/bind.c

@@ -44,10 +44,10 @@ shell_back_bind(
     SlapReply		*rs )
 {
 	struct shellinfo	*si = (struct shellinfo *) op->o_bd->be_private;
-	AttributeDescription *entry = slap_schema.si_ad_entry;
 	Entry e;
 	FILE			*rfp, *wfp;
 	int			rc;
+	AclCheck	ak = { &e, slap_schema.si_ad_entry, NULL, ACL_AUTH, NULL };
 
 	/* allow rootdn as a means to auth without the need to actually
  	 * contact the proxied DSA */
@@ -74,8 +74,7 @@ shell_back_bind(
 	e.e_bv.bv_val = NULL;
 	e.e_private = NULL;
 
-	if ( ! access_allowed( op, &e,
-		entry, NULL, ACL_AUTH, NULL ) )
+	if ( ! access_allowed( op, &ak ))
 	{
 		send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
 		return -1;

servers/slapd/back-shell/compare.c

@@ -44,9 +44,9 @@ shell_back_compare(
     SlapReply	*rs )
 {
 	struct shellinfo	*si = (struct shellinfo *) op->o_bd->be_private;
-	AttributeDescription *entry = slap_schema.si_ad_entry;
 	Entry e;
 	FILE			*rfp, *wfp;
+	AclCheck	ak = { &e, slap_schema.si_ad_entry, NULL, ACL_COMPARE, NULL };
 
 	if ( si->si_compare == NULL ) {
 		send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
@@ -63,8 +63,7 @@ shell_back_compare(
 	e.e_bv.bv_val = NULL;
 	e.e_private = NULL;
 
-	if ( ! access_allowed( op, &e,
-		entry, NULL, ACL_READ, NULL ) )
+	if ( ! access_allowed( op, &ak ))
 	{
 		send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
 		return -1;

servers/slapd/back-shell/delete.c

@@ -44,9 +44,9 @@ shell_back_delete(
     SlapReply	*rs )
 {
 	struct shellinfo	*si = (struct shellinfo *) op->o_bd->be_private;
-	AttributeDescription *entry = slap_schema.si_ad_entry;
 	Entry e;
 	FILE			*rfp, *wfp;
+	AclCheck	ak = { &e, slap_schema.si_ad_entry, NULL, ACL_WDEL, NULL };
 
 	if ( si->si_delete == NULL ) {
 		send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
@@ -63,8 +63,7 @@ shell_back_delete(
 	e.e_bv.bv_val = NULL;
 	e.e_private = NULL;
 
-	if ( ! access_allowed( op, &e,
-		entry, NULL, ACL_WDEL, NULL ) )
+	if ( ! access_allowed( op, &ak ))
 	{
 		send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
 		return -1;

servers/slapd/back-shell/modify.c

@@ -45,11 +45,11 @@ shell_back_modify(
 {
 	Modification *mod;
 	struct shellinfo	*si = (struct shellinfo *) op->o_bd->be_private;
-	AttributeDescription *entry = slap_schema.si_ad_entry;
 	Modifications *ml  = op->orm_modlist;
 	Entry e;
 	FILE			*rfp, *wfp;
 	int			i;
+	AclCheck	ak = { &e, slap_schema.si_ad_entry, NULL, ACL_WRITE, NULL };
 
 	if ( si->si_modify == NULL ) {
 		send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
@@ -66,8 +66,7 @@ shell_back_modify(
 	e.e_bv.bv_val = NULL;
 	e.e_private = NULL;
 
-	if ( ! access_allowed( op, &e,
-		entry, NULL, ACL_WRITE, NULL ) )
+	if ( ! access_allowed( op, &ak ))
 	{
 		send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
 		return -1;

servers/slapd/back-shell/modrdn.c

@@ -44,9 +44,9 @@ shell_back_modrdn(
     SlapReply	*rs )
 {
 	struct shellinfo	*si = (struct shellinfo *) op->o_bd->be_private;
-	AttributeDescription *entry = slap_schema.si_ad_entry;
 	Entry e;
 	FILE			*rfp, *wfp;
+	AclCheck	ak = { &e, slap_schema.si_ad_entry, NULL, ACL_WRITE, NULL };
 
 	if ( si->si_modrdn == NULL ) {
 		send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
@@ -63,9 +63,9 @@ shell_back_modrdn(
 	e.e_bv.bv_val = NULL;
 	e.e_private = NULL;
 
-	if ( ! access_allowed( op, &e, entry, NULL,
-			op->oq_modrdn.rs_newSup ? ACL_WDEL : ACL_WRITE,
-			NULL ) )
+
+	if ( op->oq_modrdn.rs_newSup ) ak.ak_access = ACL_WDEL;
+	if ( ! access_allowed( op, &ak ))
 	{
 		send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
 		return -1;

servers/slapd/back-sock/add.c

@@ -34,12 +34,11 @@ sock_back_add(
     SlapReply	*rs )
 {
 	struct sockinfo	*si = (struct sockinfo *) op->o_bd->be_private;
-	AttributeDescription *entry = slap_schema.si_ad_entry;
 	FILE			*fp;
 	int			len;
+	AclCheck	ak = { op->ora_e, slap_schema.si_ad_entry, NULL, ACL_WADD, NULL };
 
-	if ( ! access_allowed( op, op->oq_add.rs_e,
-		entry, NULL, ACL_WADD, NULL ) )
+	if ( ! access_allowed( op, &ak ))
 	{
 		send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
 		return -1;

servers/slapd/back-sock/bind.c

@@ -34,10 +34,10 @@ sock_back_bind(
     SlapReply		*rs )
 {
 	struct sockinfo	*si = (struct sockinfo *) op->o_bd->be_private;
-	AttributeDescription *entry = slap_schema.si_ad_entry;
 	Entry e;
 	FILE			*fp;
 	int			rc;
+	AclCheck	ak = { &e, slap_schema.si_ad_entry, NULL, ACL_AUTH, NULL };
 
 	e.e_id = NOID;
 	e.e_name = op->o_req_dn;
@@ -48,8 +48,7 @@ sock_back_bind(
 	e.e_bv.bv_val = NULL;
 	e.e_private = NULL;
 
-	if ( ! access_allowed( op, &e,
-		entry, NULL, ACL_AUTH, NULL ) )
+	if ( ! access_allowed( op, &ak ))
 	{
 		send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
 		return -1;

servers/slapd/back-sock/compare.c

@@ -34,9 +34,9 @@ sock_back_compare(
     SlapReply	*rs )
 {
 	struct sockinfo	*si = (struct sockinfo *) op->o_bd->be_private;
-	AttributeDescription *entry = slap_schema.si_ad_entry;
 	Entry e;
 	FILE			*fp;
+	AclCheck	ak = { &e, slap_schema.si_ad_entry, NULL, ACL_COMPARE, NULL };
 
 	e.e_id = NOID;
 	e.e_name = op->o_req_dn;
@@ -47,8 +47,7 @@ sock_back_compare(
 	e.e_bv.bv_val = NULL;
 	e.e_private = NULL;
 
-	if ( ! access_allowed( op, &e,
-		entry, NULL, ACL_COMPARE, NULL ) )
+	if ( ! access_allowed( op, &ak ))
 	{
 		send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
 		return -1;

servers/slapd/back-sock/delete.c

@@ -34,9 +34,9 @@ sock_back_delete(
     SlapReply	*rs )
 {
 	struct sockinfo	*si = (struct sockinfo *) op->o_bd->be_private;
-	AttributeDescription *entry = slap_schema.si_ad_entry;
 	Entry e;
 	FILE			*fp;
+	AclCheck	ak = { &e, slap_schema.si_ad_entry, NULL, ACL_WDEL, NULL };
 
 	e.e_id = NOID;
 	e.e_name = op->o_req_dn;
@@ -47,8 +47,7 @@ sock_back_delete(
 	e.e_bv.bv_val = NULL;
 	e.e_private = NULL;
 
-	if ( ! access_allowed( op, &e,
-		entry, NULL, ACL_WDEL, NULL ) )
+	if ( ! access_allowed( op, &ak ))
 	{
 		send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
 		return -1;

servers/slapd/back-sock/modify.c

@@ -35,11 +35,11 @@ sock_back_modify(
 {
 	Modification *mod;
 	struct sockinfo	*si = (struct sockinfo *) op->o_bd->be_private;
-	AttributeDescription *entry = slap_schema.si_ad_entry;
 	Modifications *ml  = op->orm_modlist;
 	Entry e;
 	FILE			*fp;
 	int			i;
+	AclCheck	ak = { &e, slap_schema.si_ad_entry, NULL, ACL_WRITE, NULL };
 
 	e.e_id = NOID;
 	e.e_name = op->o_req_dn;
@@ -50,8 +50,7 @@ sock_back_modify(
 	e.e_bv.bv_val = NULL;
 	e.e_private = NULL;
 
-	if ( ! access_allowed( op, &e,
-		entry, NULL, ACL_WRITE, NULL ) )
+	if ( ! access_allowed( op, &ak ))
 	{
 		send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
 		return -1;

servers/slapd/back-sock/modrdn.c

@@ -34,9 +34,9 @@ sock_back_modrdn(
     SlapReply	*rs )
 {
 	struct sockinfo	*si = (struct sockinfo *) op->o_bd->be_private;
-	AttributeDescription *entry = slap_schema.si_ad_entry;
 	Entry e;
 	FILE			*fp;
+	AclCheck	ak = { &e, slap_schema.si_ad_entry, NULL, ACL_WRITE, NULL };
 
 	e.e_id = NOID;
 	e.e_name = op->o_req_dn;
@@ -47,9 +47,8 @@ sock_back_modrdn(
 	e.e_bv.bv_val = NULL;
 	e.e_private = NULL;
 
-	if ( ! access_allowed( op, &e, entry, NULL,
-			op->oq_modrdn.rs_newSup ? ACL_WDEL : ACL_WRITE,
-			NULL ) )
+	if ( op->oq_modrdn.rs_newSup ) ak.ak_access = ACL_WDEL;
+	if ( ! access_allowed( op, &ak ))
 	{
 		send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
 		return -1;