/*
* @brief Decrypt all the secret attributes on an ldb_message
*
* Decrypt all the secret attributes on an ldb_message. Any secret attributes
* are removed from message and decrypted copies of the attributes added.
* In the event of an error the contents of the message will be inconsistent.
*
* @param ldb ldb context, to allow logging.
* @param msg The ldb_message to have it's secret attributes encrypted.
* @param data The context data for this module.
*
* @returns ldb status code
* LDB_SUCESS If the value was successfully encrypted
* LDB_ERR_OPERATIONS_ERROR If there was an error.
*/
static int decrypt_secret_attributes(struct ldb_context *ldb,
struct ldb_message *msg,
struct es_data *data)
{
int i, ret;
if (ldb_dn_is_special(msg->dn)) {
return LDB_SUCCESS;
}
for (i = 0; i < num_secret_attributes; i++) {
struct ldb_message_element *el =
ldb_msg_find_element(msg, secret_attributes[i]);
if (el != NULL) {
const int flags = el->flags;
struct ldb_message_element* dec =
decrypt_element(&ret,
msg->elements,
ldb,
el,
data);
if (ret != LDB_SUCCESS) {
return ret;
}
ldb_msg_remove_element(msg, el);
ret = ldb_msg_add(msg, dec, flags);
if (ret != LDB_SUCCESS) {
return ret;
}
}
}
return LDB_SUCCESS;
}
/* Generate a remote message with a mapped objectClass. */
static void map_objectclass_generate_remote(struct ldb_module *module, const char *local_attr, const struct ldb_message *old, struct ldb_message *remote, struct ldb_message *local)
{
const struct ldb_map_context *data = map_get_context(module);
struct ldb_context *ldb;
struct ldb_message_element *el, *oc;
struct ldb_val val;
bool found_extensibleObject = false;
unsigned int i;
ldb = ldb_module_get_ctx(module);
/* Find old local objectClass */
oc = ldb_msg_find_element(old, "objectClass");
if (oc == NULL) {
return;
}
/* Prepare new element */
el = talloc_zero(remote, struct ldb_message_element);
if (el == NULL) {
ldb_oom(ldb);
return; /* TODO: fail? */
}
/* Copy local objectClass element, reverse space for an extra value */
el->num_values = oc->num_values + 1;
el->values = talloc_array(el, struct ldb_val, el->num_values);
if (el->values == NULL) {
talloc_free(el);
ldb_oom(ldb);
return; /* TODO: fail? */
}
/* Copy local element name "objectClass" */
el->name = talloc_strdup(el, local_attr);
/* Convert all local objectClasses */
for (i = 0; i < el->num_values - 1; i++) {
el->values[i] = map_objectclass_convert_local(module, el->values, &oc->values[i]);
if (ldb_attr_cmp((char *)el->values[i].data, data->add_objectclass) == 0) {
found_extensibleObject = true;
}
}
if (!found_extensibleObject) {
val.data = (uint8_t *)talloc_strdup(el->values, data->add_objectclass);
val.length = strlen((char *)val.data);
/* Append additional objectClass data->add_objectclass */
el->values[i] = val;
} else {
el->num_values--;
}
/* Add new objectClass to remote message */
ldb_msg_add(remote, el, 0);
}
/* Add a message element either to a local or to a remote message,
* depending on whether it goes into the local or remote partition. */
static int ldb_msg_el_partition(struct ldb_module *module, struct ldb_message *local, struct ldb_message *remote, const struct ldb_message *msg, const char *attr_name, /* const char * const names[], */ const struct ldb_message_element *old)
{
const struct ldb_map_context *data = map_get_context(module);
const struct ldb_map_attribute *map = map_attr_find_local(data, attr_name);
struct ldb_message_element *el=NULL;
/* Unknown attribute: ignore */
if (map == NULL) {
ldb_debug(module->ldb, LDB_DEBUG_WARNING, "ldb_map: "
"Not mapping attribute '%s': no mapping found\n",
old->name);
goto local;
}
switch (map->type) {
case MAP_IGNORE:
goto local;
case MAP_CONVERT:
if (map->u.convert.convert_local == NULL) {
ldb_debug(module->ldb, LDB_DEBUG_WARNING, "ldb_map: "
"Not mapping attribute '%s': "
"'convert_local' not set\n",
map->local_name);
goto local;
}
/* fall through */
case MAP_KEEP:
case MAP_RENAME:
el = ldb_msg_el_map_local(module, remote, map, old);
break;
case MAP_GENERATE:
if (map->u.generate.generate_remote == NULL) {
ldb_debug(module->ldb, LDB_DEBUG_WARNING, "ldb_map: "
"Not mapping attribute '%s': "
"'generate_remote' not set\n",
map->local_name);
goto local;
}
/* TODO: if this attr requires context:
* make sure all context attrs are mappable (in 'names')
* make sure all context attrs have already been mapped?
* maybe postpone generation until they have been mapped?
*/
map->u.generate.generate_remote(module, map->local_name, msg, remote, local);
return 0;
}
if (el == NULL) {
return -1;
}
return ldb_msg_add(remote, el, old->flags);
local:
el = talloc(local, struct ldb_message_element);
if (el == NULL) {
map_oom(module);
return -1;
}
*el = *old; /* copy the old element */
return ldb_msg_add(local, el, old->flags);
}
