1
/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/cloak/cloak.c,v 1.2.2.1 2009/01/21 01:15:37 quanah Exp $ */
2
/* cloak.c - Overlay to hide some attribute except if explicitely requested */
4
* Copyright 2008 Emmanuel Dreyfus
7
* Redistribution and use in source and binary forms, with or without
8
* modification, are permitted only as authorized by the OpenLDAP
11
* A copy of this license is available in the file LICENSE in the
12
* top-level directory of the distribution or, alternatively, at
13
* <http://www.OpenLDAP.org/license.html>.
17
#ifdef SLAPD_OVER_CLOAK
21
#include <ac/string.h>
22
#include <ac/socket.h>
28
enum { CLOAK_ATTR = 1 };
30
typedef struct cloak_info_t {
32
AttributeDescription *ci_ad;
33
struct cloak_info_t *ci_next;
36
#define CLOAK_USAGE "\"cloak-attr <attr> [<class>]\": "
39
cloak_cfgen( ConfigArgs *c )
41
slap_overinst *on = (slap_overinst *)c->bi;
42
cloak_info_t *ci = (cloak_info_t *)on->on_bi.bi_private;
46
if ( c->op == SLAP_CONFIG_EMIT ) {
49
for ( i = 0; ci; i++, ci = ci->ci_next ) {
53
assert( ci->ci_ad != NULL );
55
if ( ci->ci_oc != NULL )
56
len = snprintf( c->cr_msg,
58
SLAP_X_ORDERED_FMT "%s %s", i,
59
ci->ci_ad->ad_cname.bv_val,
60
ci->ci_oc->soc_cname.bv_val );
62
len = snprintf( c->cr_msg,
64
SLAP_X_ORDERED_FMT "%s", i,
65
ci->ci_ad->ad_cname.bv_val );
67
bv.bv_val = c->cr_msg;
69
value_add_one( &c->rvalue_vals, &bv );
80
} else if ( c->op == LDAP_MOD_DELETE ) {
81
cloak_info_t *ci_next;
85
for ( ci_next = ci, i = 0;
86
ci_next, c->valx < 0 || i < c->valx;
89
ci_next = ci->ci_next;
91
ch_free ( ci->ci_ad );
92
if ( ci->ci_oc != NULL )
93
ch_free ( ci->ci_oc );
97
ci = (cloak_info_t *)on->on_bi.bi_private;
110
ObjectClass *oc = NULL;
111
AttributeDescription *ad = NULL;
113
cloak_info_t **cip = NULL;
114
cloak_info_t *ci_next = NULL;
116
if ( c->argc == 3 ) {
117
oc = oc_find( c->argv[ 2 ] );
122
"unable to find ObjectClass \"%s\"",
124
Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
125
c->log, c->cr_msg, 0 );
130
rc = slap_str2ad( c->argv[ 1 ], &ad, &text );
131
if ( rc != LDAP_SUCCESS ) {
132
snprintf( c->cr_msg, sizeof( c->cr_msg ), CLOAK_USAGE
133
"unable to find AttributeDescription \"%s\"",
135
Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
136
c->log, c->cr_msg, 0 );
140
for ( i = 0, cip = (cloak_info_t **)&on->on_bi.bi_private;
141
c->valx < 0 || i < c->valx, *cip;
142
i++, cip = &(*cip)->ci_next ) {
143
if ( c->valx >= 0 && *cip == NULL ) {
144
snprintf( c->cr_msg, sizeof( c->cr_msg ),
146
"invalid index {%d}\n",
148
Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
149
c->log, c->cr_msg, 0 );
155
*cip = (cloak_info_t *)ch_calloc( 1, sizeof( cloak_info_t ) );
158
(*cip)->ci_next = ci_next;
173
cloak_search_cb( Operation *op, SlapReply *rs )
180
assert( op && op->o_callback && rs );
182
if ( rs->sr_type != REP_SEARCH || !rs->sr_entry ) {
183
slap_freeself_cb( op, rs );
184
return ( SLAP_CB_CONTINUE );
191
* First perform a quick scan for an attribute to cloak
193
for ( ci = (cloak_info_t *)sc->sc_private; ci; ci = ci->ci_next ) {
196
if ( ci->ci_oc != NULL &&
197
!is_entry_objectclass_or_sub( e, ci->ci_oc ) )
200
for ( a = e->e_attrs; a; a = a->a_next )
201
if ( a->a_desc == ci->ci_ad )
209
* Nothing found to cloak
212
return ( SLAP_CB_CONTINUE );
215
* We are now committed to cloak an attribute.
217
if ( rs->sr_flags & REP_ENTRY_MODIFIABLE )
222
for ( ci = (cloak_info_t *)sc->sc_private; ci; ci = ci->ci_next ) {
226
for ( pa = NULL, a = me->e_attrs;
228
pa = a, a = a->a_next ) {
230
if ( a->a_desc != ci->ci_ad )
233
Debug( LDAP_DEBUG_TRACE, "cloak_search_cb: cloak %s\n",
234
a->a_desc->ad_cname.bv_val,
238
pa->a_next = a->a_next;
240
me->e_attrs = a->a_next;
248
if ( rs->sr_flags & REP_ENTRY_MUSTBEFREED )
252
rs->sr_flags |= REP_ENTRY_MODIFIABLE | REP_ENTRY_MUSTBEFREED;
255
return ( SLAP_CB_CONTINUE );
259
cloak_search( Operation *op, SlapReply *rs )
261
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
262
cloak_info_t *ci = (cloak_info_t *)on->on_bi.bi_private;
265
if ( op->ors_attrsonly ||
267
get_manageDSAit( op ) )
268
return SLAP_CB_CONTINUE;
270
sc = op->o_tmpcalloc( 1, sizeof( *sc ), op->o_tmpmemctx );
271
sc->sc_response = cloak_search_cb;
272
sc->sc_cleanup = NULL;
277
return SLAP_CB_CONTINUE;
280
static slap_overinst cloak_ovl;
282
static ConfigTable cloakcfg[] = {
283
{ "cloak-attr", "attribute [class]",
284
2, 3, 0, ARG_MAGIC|CLOAK_ATTR, cloak_cfgen,
285
"( OLcfgCtAt:4.1 NAME 'olcCloakAttribute' "
286
"DESC 'Cloaked attribute: attribute [class]' "
287
"EQUALITY caseIgnoreMatch "
288
"SYNTAX OMsDirectoryString "
289
"X-ORDERED 'VALUES' )",
291
{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
294
static ConfigOCs cloakocs[] = {
296
"NAME 'olcCloakConfig' "
297
"DESC 'Attribute cloak configuration' "
298
"SUP olcOverlayConfig "
299
"MAY ( olcCloakAttribute ) )",
300
Cft_Overlay, cloakcfg },
304
#if SLAPD_OVER_CLOAK == SLAPD_MOD_DYNAMIC
308
cloak_initialize( void ) {
310
cloak_ovl.on_bi.bi_type = "cloak";
311
cloak_ovl.on_bi.bi_op_search = cloak_search;
312
cloak_ovl.on_bi.bi_cf_ocs = cloakocs;
314
rc = config_register_schema ( cloakcfg, cloakocs );
318
return overlay_register( &cloak_ovl );
321
#if SLAPD_OVER_CLOAK == SLAPD_MOD_DYNAMIC
322
int init_module(int argc, char *argv[]) {
323
return cloak_initialize();
327
#endif /* defined(SLAPD_OVER_CLOAK) */