Commit d03f5dc5 authored by Howard Chu's avatar Howard Chu
Browse files

New access_allowed()

parent 2b01593a
......@@ -44,9 +44,9 @@ shell_back_add(
SlapReply *rs )
{
struct shellinfo *si = (struct shellinfo *) op->o_bd->be_private;
AttributeDescription *entry = slap_schema.si_ad_entry;
FILE *rfp, *wfp;
int len;
AclCheck ak = { op->ora_e, slap_schema.si_ad_entry, NULL, ACL_WADD, NULL };
if ( si->si_add == NULL ) {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
......@@ -54,8 +54,7 @@ shell_back_add(
return( -1 );
}
if ( ! access_allowed( op, op->oq_add.rs_e,
entry, NULL, ACL_WADD, NULL ) )
if ( ! access_allowed( op, &ak ))
{
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
return -1;
......
......@@ -44,10 +44,10 @@ shell_back_bind(
SlapReply *rs )
{
struct shellinfo *si = (struct shellinfo *) op->o_bd->be_private;
AttributeDescription *entry = slap_schema.si_ad_entry;
Entry e;
FILE *rfp, *wfp;
int rc;
AclCheck ak = { &e, slap_schema.si_ad_entry, NULL, ACL_AUTH, NULL };
/* allow rootdn as a means to auth without the need to actually
* contact the proxied DSA */
......@@ -74,8 +74,7 @@ shell_back_bind(
e.e_bv.bv_val = NULL;
e.e_private = NULL;
if ( ! access_allowed( op, &e,
entry, NULL, ACL_AUTH, NULL ) )
if ( ! access_allowed( op, &ak ))
{
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
return -1;
......
......@@ -44,9 +44,9 @@ shell_back_compare(
SlapReply *rs )
{
struct shellinfo *si = (struct shellinfo *) op->o_bd->be_private;
AttributeDescription *entry = slap_schema.si_ad_entry;
Entry e;
FILE *rfp, *wfp;
AclCheck ak = { &e, slap_schema.si_ad_entry, NULL, ACL_COMPARE, NULL };
if ( si->si_compare == NULL ) {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
......@@ -63,8 +63,7 @@ shell_back_compare(
e.e_bv.bv_val = NULL;
e.e_private = NULL;
if ( ! access_allowed( op, &e,
entry, NULL, ACL_READ, NULL ) )
if ( ! access_allowed( op, &ak ))
{
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
return -1;
......
......@@ -44,9 +44,9 @@ shell_back_delete(
SlapReply *rs )
{
struct shellinfo *si = (struct shellinfo *) op->o_bd->be_private;
AttributeDescription *entry = slap_schema.si_ad_entry;
Entry e;
FILE *rfp, *wfp;
AclCheck ak = { &e, slap_schema.si_ad_entry, NULL, ACL_WDEL, NULL };
if ( si->si_delete == NULL ) {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
......@@ -63,8 +63,7 @@ shell_back_delete(
e.e_bv.bv_val = NULL;
e.e_private = NULL;
if ( ! access_allowed( op, &e,
entry, NULL, ACL_WDEL, NULL ) )
if ( ! access_allowed( op, &ak ))
{
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
return -1;
......
......@@ -45,11 +45,11 @@ shell_back_modify(
{
Modification *mod;
struct shellinfo *si = (struct shellinfo *) op->o_bd->be_private;
AttributeDescription *entry = slap_schema.si_ad_entry;
Modifications *ml = op->orm_modlist;
Entry e;
FILE *rfp, *wfp;
int i;
AclCheck ak = { &e, slap_schema.si_ad_entry, NULL, ACL_WRITE, NULL };
if ( si->si_modify == NULL ) {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
......@@ -66,8 +66,7 @@ shell_back_modify(
e.e_bv.bv_val = NULL;
e.e_private = NULL;
if ( ! access_allowed( op, &e,
entry, NULL, ACL_WRITE, NULL ) )
if ( ! access_allowed( op, &ak ))
{
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
return -1;
......
......@@ -44,9 +44,9 @@ shell_back_modrdn(
SlapReply *rs )
{
struct shellinfo *si = (struct shellinfo *) op->o_bd->be_private;
AttributeDescription *entry = slap_schema.si_ad_entry;
Entry e;
FILE *rfp, *wfp;
AclCheck ak = { &e, slap_schema.si_ad_entry, NULL, ACL_WRITE, NULL };
if ( si->si_modrdn == NULL ) {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
......@@ -63,9 +63,9 @@ shell_back_modrdn(
e.e_bv.bv_val = NULL;
e.e_private = NULL;
if ( ! access_allowed( op, &e, entry, NULL,
op->oq_modrdn.rs_newSup ? ACL_WDEL : ACL_WRITE,
NULL ) )
if ( op->oq_modrdn.rs_newSup ) ak.ak_access = ACL_WDEL;
if ( ! access_allowed( op, &ak ))
{
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
return -1;
......
......@@ -34,12 +34,11 @@ sock_back_add(
SlapReply *rs )
{
struct sockinfo *si = (struct sockinfo *) op->o_bd->be_private;
AttributeDescription *entry = slap_schema.si_ad_entry;
FILE *fp;
int len;
AclCheck ak = { op->ora_e, slap_schema.si_ad_entry, NULL, ACL_WADD, NULL };
if ( ! access_allowed( op, op->oq_add.rs_e,
entry, NULL, ACL_WADD, NULL ) )
if ( ! access_allowed( op, &ak ))
{
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
return -1;
......
......@@ -34,10 +34,10 @@ sock_back_bind(
SlapReply *rs )
{
struct sockinfo *si = (struct sockinfo *) op->o_bd->be_private;
AttributeDescription *entry = slap_schema.si_ad_entry;
Entry e;
FILE *fp;
int rc;
AclCheck ak = { &e, slap_schema.si_ad_entry, NULL, ACL_AUTH, NULL };
e.e_id = NOID;
e.e_name = op->o_req_dn;
......@@ -48,8 +48,7 @@ sock_back_bind(
e.e_bv.bv_val = NULL;
e.e_private = NULL;
if ( ! access_allowed( op, &e,
entry, NULL, ACL_AUTH, NULL ) )
if ( ! access_allowed( op, &ak ))
{
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
return -1;
......
......@@ -34,9 +34,9 @@ sock_back_compare(
SlapReply *rs )
{
struct sockinfo *si = (struct sockinfo *) op->o_bd->be_private;
AttributeDescription *entry = slap_schema.si_ad_entry;
Entry e;
FILE *fp;
AclCheck ak = { &e, slap_schema.si_ad_entry, NULL, ACL_COMPARE, NULL };
e.e_id = NOID;
e.e_name = op->o_req_dn;
......@@ -47,8 +47,7 @@ sock_back_compare(
e.e_bv.bv_val = NULL;
e.e_private = NULL;
if ( ! access_allowed( op, &e,
entry, NULL, ACL_COMPARE, NULL ) )
if ( ! access_allowed( op, &ak ))
{
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
return -1;
......
......@@ -34,9 +34,9 @@ sock_back_delete(
SlapReply *rs )
{
struct sockinfo *si = (struct sockinfo *) op->o_bd->be_private;
AttributeDescription *entry = slap_schema.si_ad_entry;
Entry e;
FILE *fp;
AclCheck ak = { &e, slap_schema.si_ad_entry, NULL, ACL_WDEL, NULL };
e.e_id = NOID;
e.e_name = op->o_req_dn;
......@@ -47,8 +47,7 @@ sock_back_delete(
e.e_bv.bv_val = NULL;
e.e_private = NULL;
if ( ! access_allowed( op, &e,
entry, NULL, ACL_WDEL, NULL ) )
if ( ! access_allowed( op, &ak ))
{
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
return -1;
......
......@@ -35,11 +35,11 @@ sock_back_modify(
{
Modification *mod;
struct sockinfo *si = (struct sockinfo *) op->o_bd->be_private;
AttributeDescription *entry = slap_schema.si_ad_entry;
Modifications *ml = op->orm_modlist;
Entry e;
FILE *fp;
int i;
AclCheck ak = { &e, slap_schema.si_ad_entry, NULL, ACL_WRITE, NULL };
e.e_id = NOID;
e.e_name = op->o_req_dn;
......@@ -50,8 +50,7 @@ sock_back_modify(
e.e_bv.bv_val = NULL;
e.e_private = NULL;
if ( ! access_allowed( op, &e,
entry, NULL, ACL_WRITE, NULL ) )
if ( ! access_allowed( op, &ak ))
{
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
return -1;
......
......@@ -34,9 +34,9 @@ sock_back_modrdn(
SlapReply *rs )
{
struct sockinfo *si = (struct sockinfo *) op->o_bd->be_private;
AttributeDescription *entry = slap_schema.si_ad_entry;
Entry e;
FILE *fp;
AclCheck ak = { &e, slap_schema.si_ad_entry, NULL, ACL_WRITE, NULL };
e.e_id = NOID;
e.e_name = op->o_req_dn;
......@@ -47,9 +47,8 @@ sock_back_modrdn(
e.e_bv.bv_val = NULL;
e.e_private = NULL;
if ( ! access_allowed( op, &e, entry, NULL,
op->oq_modrdn.rs_newSup ? ACL_WDEL : ACL_WRITE,
NULL ) )
if ( op->oq_modrdn.rs_newSup ) ak.ak_access = ACL_WDEL;
if ( ! access_allowed( op, &ak ))
{
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
return -1;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment