1 /* cloak.c - Overlay to hide some attribute except if explicitly requested */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2008-2018 The OpenLDAP Foundation.
6 * Portions Copyright 2008 Emmanuel Dreyfus
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
13 * A copy of this license is available in the file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
18 * This work was originally developed by the Emmanuel Dreyfus for
19 * inclusion in OpenLDAP Software.
24 #ifdef SLAPD_OVER_CLOAK
28 #include "ac/string.h"
29 #include "ac/socket.h"
35 enum { CLOAK_ATTR = 1 };
37 typedef struct cloak_info_t {
39 AttributeDescription *ci_ad;
40 struct cloak_info_t *ci_next;
43 #define CLOAK_USAGE "\"cloak-attr <attr> [<class>]\": "
46 cloak_cfgen( ConfigArgs *c )
48 slap_overinst *on = (slap_overinst *)c->bi;
49 cloak_info_t *ci = (cloak_info_t *)on->on_bi.bi_private;
53 if ( c->op == SLAP_CONFIG_EMIT ) {
56 for ( i = 0; ci; i++, ci = ci->ci_next ) {
60 assert( ci->ci_ad != NULL );
62 if ( ci->ci_oc != NULL )
63 len = snprintf( c->cr_msg,
65 SLAP_X_ORDERED_FMT "%s %s", i,
66 ci->ci_ad->ad_cname.bv_val,
67 ci->ci_oc->soc_cname.bv_val );
69 len = snprintf( c->cr_msg,
71 SLAP_X_ORDERED_FMT "%s", i,
72 ci->ci_ad->ad_cname.bv_val );
74 bv.bv_val = c->cr_msg;
76 value_add_one( &c->rvalue_vals, &bv );
87 } else if ( c->op == LDAP_MOD_DELETE ) {
88 cloak_info_t *ci_next;
92 for ( ci_next = ci, i = 0;
93 ci_next, c->valx < 0 || i < c->valx;
96 ci_next = ci->ci_next;
98 ch_free ( ci->ci_ad );
99 if ( ci->ci_oc != NULL )
100 ch_free ( ci->ci_oc );
104 ci = (cloak_info_t *)on->on_bi.bi_private;
117 ObjectClass *oc = NULL;
118 AttributeDescription *ad = NULL;
120 cloak_info_t **cip = NULL;
121 cloak_info_t *ci_next = NULL;
123 if ( c->argc == 3 ) {
124 oc = oc_find( c->argv[ 2 ] );
129 "unable to find ObjectClass \"%s\"",
131 Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
132 c->log, c->cr_msg, 0 );
137 rc = slap_str2ad( c->argv[ 1 ], &ad, &text );
138 if ( rc != LDAP_SUCCESS ) {
139 snprintf( c->cr_msg, sizeof( c->cr_msg ), CLOAK_USAGE
140 "unable to find AttributeDescription \"%s\"",
142 Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
143 c->log, c->cr_msg, 0 );
147 for ( i = 0, cip = (cloak_info_t **)&on->on_bi.bi_private;
148 c->valx < 0 || i < c->valx, *cip;
149 i++, cip = &(*cip)->ci_next ) {
150 if ( c->valx >= 0 && *cip == NULL ) {
151 snprintf( c->cr_msg, sizeof( c->cr_msg ),
153 "invalid index {%d}\n",
155 Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
156 c->log, c->cr_msg, 0 );
162 *cip = (cloak_info_t *)SLAP_CALLOC( 1, sizeof( cloak_info_t ) );
165 (*cip)->ci_next = ci_next;
180 cloak_search_response_cb( Operation *op, SlapReply *rs )
187 assert( op && op->o_callback && rs );
189 if ( rs->sr_type != REP_SEARCH || !rs->sr_entry ) {
190 return ( SLAP_CB_CONTINUE );
197 * First perform a quick scan for an attribute to cloak
199 for ( ci = (cloak_info_t *)sc->sc_private; ci; ci = ci->ci_next ) {
202 if ( ci->ci_oc != NULL &&
203 !is_entry_objectclass_or_sub( e, ci->ci_oc ) )
206 for ( a = e->e_attrs; a; a = a->a_next )
207 if ( a->a_desc == ci->ci_ad )
215 * Nothing found to cloak
218 return ( SLAP_CB_CONTINUE );
221 * We are now committed to cloak an attribute.
223 rs_entry2modifiable( op, rs, (slap_overinst *) op->o_bd->bd_info );
226 for ( ci = (cloak_info_t *)sc->sc_private; ci; ci = ci->ci_next ) {
230 for ( pa = NULL, a = me->e_attrs;
232 pa = a, a = a->a_next ) {
234 if ( a->a_desc != ci->ci_ad )
237 Debug( LDAP_DEBUG_TRACE, "cloak_search_response_cb: cloak %s\n",
238 a->a_desc->ad_cname.bv_val,
242 pa->a_next = a->a_next;
244 me->e_attrs = a->a_next;
251 return ( SLAP_CB_CONTINUE );
255 cloak_search_cleanup_cb( Operation *op, SlapReply *rs )
257 if ( rs->sr_type == REP_RESULT || rs->sr_err != LDAP_SUCCESS ) {
258 slap_freeself_cb( op, rs );
261 return SLAP_CB_CONTINUE;
265 cloak_search( Operation *op, SlapReply *rs )
267 slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
268 cloak_info_t *ci = (cloak_info_t *)on->on_bi.bi_private;
271 if ( op->ors_attrsonly ||
273 get_manageDSAit( op ) )
274 return SLAP_CB_CONTINUE;
276 sc = op->o_tmpcalloc( 1, sizeof( *sc ), op->o_tmpmemctx );
277 sc->sc_response = cloak_search_response_cb;
278 sc->sc_cleanup = cloak_search_cleanup_cb;
279 sc->sc_next = op->o_callback;
283 return SLAP_CB_CONTINUE;
286 static slap_overinst cloak_ovl;
288 static ConfigTable cloakcfg[] = {
289 { "cloak-attr", "attribute [class]",
290 2, 3, 0, ARG_MAGIC|CLOAK_ATTR, cloak_cfgen,
291 "( OLcfgCtAt:4.1 NAME 'olcCloakAttribute' "
292 "DESC 'Cloaked attribute: attribute [class]' "
293 "EQUALITY caseIgnoreMatch "
294 "SYNTAX OMsDirectoryString "
295 "X-ORDERED 'VALUES' )",
297 { NULL, NULL, 0, 0, 0, ARG_IGNORED }
305 slap_overinst *on = (slap_overinst *)be->bd_info;
306 cloak_info_t *ci = (cloak_info_t *)on->on_bi.bi_private;
309 cloak_info_t *tmp = ci;
314 on->on_bi.bi_private = NULL;
319 static ConfigOCs cloakocs[] = {
321 "NAME 'olcCloakConfig' "
322 "DESC 'Attribute cloak configuration' "
323 "SUP olcOverlayConfig "
324 "MAY ( olcCloakAttribute ) )",
325 Cft_Overlay, cloakcfg },
329 #if SLAPD_OVER_CLOAK == SLAPD_MOD_DYNAMIC
333 cloak_initialize( void ) {
335 cloak_ovl.on_bi.bi_type = "cloak";
336 cloak_ovl.on_bi.bi_db_destroy = cloak_db_destroy;
337 cloak_ovl.on_bi.bi_op_search = cloak_search;
338 cloak_ovl.on_bi.bi_cf_ocs = cloakocs;
340 rc = config_register_schema ( cloakcfg, cloakocs );
344 return overlay_register( &cloak_ovl );
347 #if SLAPD_OVER_CLOAK == SLAPD_MOD_DYNAMIC
348 int init_module(int argc, char *argv[]) {
349 return cloak_initialize();
353 #endif /* defined(SLAPD_OVER_CLOAK) */
projects / openldap / blob