search.c 7.88 KB
Newer Older
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1
/* search.c - /etc/passwd backend search function */
2
/* $OpenLDAP$ */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
3

Kurt Zeilenga's avatar
Kurt Zeilenga committed
4
5
#include "portable.h"

Kurt Zeilenga's avatar
Kurt Zeilenga committed
6
#include <stdio.h>
Kurt Zeilenga's avatar
Kurt Zeilenga committed
7

8
#include <ac/ctype.h>
Kurt Zeilenga's avatar
Kurt Zeilenga committed
9
10
11
12
#include <ac/socket.h>
#include <ac/string.h>
#include <ac/time.h>

Kurt Zeilenga's avatar
Kurt Zeilenga committed
13
#include <pwd.h>
Kurt Zeilenga's avatar
Kurt Zeilenga committed
14

Kurt Zeilenga's avatar
Kurt Zeilenga committed
15
#include "slap.h"
16
#include "external.h"
17
#include <ldap_pvt.h>
Kurt Zeilenga's avatar
Kurt Zeilenga committed
18

19
20
21
22
static Entry *pw2entry(
	Backend *be,
	struct passwd *pw,
	char *rdn);
Kurt Zeilenga's avatar
Kurt Zeilenga committed
23
24
25
26
27
28

int
passwd_back_search(
    Backend	*be,
    Connection	*conn,
    Operation	*op,
29
30
    struct berval *base,
    struct berval *nbase,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
31
32
33
34
35
    int		scope,
    int		deref,
    int		slimit,
    int		tlimit,
    Filter	*filter,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
36
    const char	*filterstr,
37
    struct berval	**attrs,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
38
39
40
41
42
43
44
    int		attrsonly
)
{
	struct passwd	*pw;
	Entry		*e;
	char		*s;
	time_t		stoptime;
45
46
47

	int sent = 0;
	int err = LDAP_SUCCESS;
48
49
50
51
52

	char *rdn = NULL;
	char *parent = NULL;
	char *matched = NULL;
	char *user = NULL;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
53

54
55
	AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass;

Kurt Zeilenga's avatar
Kurt Zeilenga committed
56
57
58
59
60
61
	tlimit = (tlimit > be->be_timelimit || tlimit < 1) ? be->be_timelimit
	    : tlimit;
	stoptime = op->o_time + tlimit;
	slimit = (slimit > be->be_sizelimit || slimit < 1) ? be->be_sizelimit
	    : slimit;

62
63
	endpwent();

Kurt Zeilenga's avatar
Kurt Zeilenga committed
64
65
66
67
68
69
#ifdef HAVE_SETPWFILE
	if ( be->be_private != NULL ) {
		(void) setpwfile( (char *) be->be_private );
	}
#endif /* HAVE_SETPWFILE */

70
	/* Handle a query for the base of this backend */
71
	if ( be_issuffix( be,  nbase->bv_val ) ) {
72
73
74
75
		struct berval	val, *vals[2];

		vals[0] = &val;
		vals[1] = NULL;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
76

Kurt Zeilenga's avatar
Kurt Zeilenga committed
77
		matched = (char *) base;
78

79
		if( scope != LDAP_SCOPE_ONELEVEL ) {
80
81
82
			char *type;
			AttributeDescription *desc = NULL;

83
84
			/* Create an entry corresponding to the base DN */
			e = (Entry *) ch_calloc(1, sizeof(Entry));
85
86
87
88
			e->e_name.bv_val = ch_strdup( base->bv_val );
			e->e_name.bv_len = base->bv_len;
			e->e_nname.bv_val =  ch_strdup( nbase->bv_val );
			e->e_nname.bv_len = nbase->bv_len;
89
			e->e_attrs = NULL;
90
			e->e_private = NULL;
91

92
93
94
			/* Use the first attribute of the DN
		 	* as an attribute within the entry itself.
		 	*/
95
			rdn = dn_rdn(NULL, base->bv_val);
96

97
98
			if( rdn == NULL || (s = strchr(rdn, '=')) == NULL ) {
				err = LDAP_INVALID_DN_SYNTAX;
99
				free(rdn);
100
101
				goto done;
			}
102

103
104
			val.bv_val = rdn_attr_value(rdn);
			val.bv_len = strlen( val.bv_val );
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121

			type = rdn_attr_type(rdn);

			{
				int rc;
				const char *text;
				rc = slap_str2ad( type, &desc, &text );

				if( rc != LDAP_SUCCESS ) {
					err = LDAP_NO_SUCH_OBJECT;
					free(rdn);
					goto done;
				}
			}

			attr_merge( e, desc, vals );

122
123
124
125
126
127
128
129
130
131
132
			free(rdn);
			rdn = NULL;

			/* Every entry needs an objectclass. We don't really
			 * know if our hardcoded choice here agrees with the
			 * DN that was configured for this backend, but it's
			 * better than nothing.
			 *
			 * should be a configuratable item
			 */
			val.bv_val = "organizationalUnit";
133
134
			val.bv_len = sizeof("organizationalUnit")-1;
			attr_merge( e, ad_objectClass, vals );
135
	
136
			if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) {
137
				send_search_entry( be, conn, op,
138
					e, attrs, attrsonly, NULL );
139
140
				sent++;
			}
Kurt Zeilenga's avatar
Kurt Zeilenga committed
141
142
		}

143
144
		if ( scope != LDAP_SCOPE_BASE ) {
			/* check all our "children" */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
145

146
147
148
149
150
151
152
153
154
155
156
157
158
			for ( pw = getpwent(); pw != NULL; pw = getpwent() ) {
				/* check for abandon */
				ldap_pvt_thread_mutex_lock( &op->o_abandonmutex );
				if ( op->o_abandon ) {
					ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex );
					endpwent();
					return( -1 );
				}
				ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex );

				/* check time limit */
				if ( slap_get_time() > stoptime ) {
					send_ldap_result( conn, op, LDAP_TIMELIMIT_EXCEEDED,
159
			    		NULL, NULL, NULL, NULL );
160
161
162
163
164
					endpwent();
					return( 0 );
				}

				e = pw2entry( be, pw, NULL );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
165

166
				if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) {
167
168
169
					/* check size limit */
					if ( --slimit == -1 ) {
						send_ldap_result( conn, op, LDAP_SIZELIMIT_EXCEEDED,
170
				    		NULL, NULL, NULL, NULL );
171
172
173
174
						endpwent();
						return( 0 );
					}

175
					send_search_entry( be, conn, op,
176
						e, attrs, attrsonly, NULL );
177
178
179
180
181
					sent++;
				}

				entry_free( e );
			}
Kurt Zeilenga's avatar
Kurt Zeilenga committed
182
183
184
			endpwent();
		}

185
	} else {
186
		parent = dn_parent( be, nbase->bv_val );
187
188
189
190
191

		/* This backend is only one layer deep. Don't answer requests for
		 * anything deeper than that.
		 */
		if( !be_issuffix( be, parent ) ) {
192
			int i;
193
			for( i=0; be->be_nsuffix[i] != NULL; i++ ) {
194
				if( dnIsSuffix( nbase, be->be_nsuffix[i] ) ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
195
					matched = be->be_suffix[i]->bv_val;
196
197
198
199
200
201
202
203
					break;
				}
			}
			err = LDAP_NO_SUCH_OBJECT;
			goto done;
		}

		if( scope == LDAP_SCOPE_ONELEVEL ) {
204
			goto done;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
205
206
		}

207
		rdn = dn_rdn( NULL, base->bv_val );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
208

209
		if ( (user = rdn_attr_value(rdn)) == NULL) {
210
			err = LDAP_OPERATIONS_ERROR;
211
212
			goto done;
		}
213

214
		if ( (pw = getpwnam( user )) == NULL ) {
215
216
			matched = parent;
			err = LDAP_NO_SUCH_OBJECT;
217
218
219
220
221
			goto done;
		}

		e = pw2entry( be, pw, rdn );

222
		if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) {
223
			send_search_entry( be, conn, op,
224
				e, attrs, attrsonly, NULL );
225
			sent++;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
226
227
228
229
		}

		entry_free( e );
	}
230
231

done:
232
233
234
	send_ldap_result( conn, op,
		err, err == LDAP_NO_SUCH_OBJECT ? matched : NULL, NULL,
		NULL, NULL );
235
236
237

	if( rdn != NULL ) free( rdn );
	if( user != NULL ) free( user );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
238
239
240
241
242

	return( 0 );
}

static Entry *
243
pw2entry( Backend *be, struct passwd *pw, char *rdn )
Kurt Zeilenga's avatar
Kurt Zeilenga committed
244
{
Kurt Zeilenga's avatar
Kurt Zeilenga committed
245
	size_t pwlen;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
246
247
248
	Entry		*e;
	struct berval	val;
	struct berval	*vals[2];
Kurt Zeilenga's avatar
Kurt Zeilenga committed
249
	struct berval	*bv = NULL;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
250

251
252
253
	int rc;
	const char *text;

Kurt Zeilenga's avatar
Kurt Zeilenga committed
254
	AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass;
255
256
257
258
259
260
261
262
263
264
265
266
267
268
	AttributeDescription *ad_cn = NULL;
	AttributeDescription *ad_sn = NULL;
	AttributeDescription *ad_uid = NULL;
	AttributeDescription *ad_description = NULL;

	rc = slap_str2ad( "cn", &ad_cn, &text );
	if(rc != LDAP_SUCCESS) return NULL;
	rc = slap_str2ad( "sn", &ad_sn, &text );
	if(rc != LDAP_SUCCESS) return NULL;
	rc = slap_str2ad( "uid", &ad_uid, &text );
	if(rc != LDAP_SUCCESS) return NULL;
	rc = slap_str2ad( "description", &ad_description, &text );
	if(rc != LDAP_SUCCESS) return NULL;

Kurt Zeilenga's avatar
Kurt Zeilenga committed
269
	/*
270
271
	 * from pw we get pw_name and make it cn
	 * give it an objectclass of person.
Kurt Zeilenga's avatar
Kurt Zeilenga committed
272
273
	 */

Kurt Zeilenga's avatar
Kurt Zeilenga committed
274
275
276
277
278
279
280
281
282
283
284
285
286
287
	pwlen = strlen( pw->pw_name );
	val.bv_len = (sizeof("uid=,")-1) + ( pwlen + be->be_suffix[0]->bv_len );
	val.bv_val = ch_malloc( val.bv_len + 1 );

	/* rdn attribute type should be a configuratable item */
	sprintf( val.bv_val, "uid=%s,%s",
		pw->pw_name, be->be_suffix[0]->bv_val );

	rc = dnNormalize( NULL, &val, &bv );
	if( rc != LDAP_SUCCESS ) {
		free( val.bv_val );
		return NULL;
	}

Kurt Zeilenga's avatar
Kurt Zeilenga committed
288
	e = (Entry *) ch_calloc( 1, sizeof(Entry) );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
289
290
291
292
	e->e_name = val;
	e->e_nname = *bv;
	free( bv );

Kurt Zeilenga's avatar
Kurt Zeilenga committed
293
294
	e->e_attrs = NULL;

Kurt Zeilenga's avatar
Kurt Zeilenga committed
295
296
297
298
	vals[0] = &val;
	vals[1] = NULL;

	/* objectclasses should be configurable items */
299
300
301
302
303
304
305
306
307
308
309
310
	val.bv_val = "top";
	val.bv_len = sizeof("top")-1;
	attr_merge( e, ad_objectClass, vals );

	val.bv_val = "person";
	val.bv_len = sizeof("person")-1;
	attr_merge( e, ad_objectClass, vals );

	val.bv_val = "uidObject";
	val.bv_len = sizeof("uidObject")-1;
	attr_merge( e, ad_objectClass, vals );

Kurt Zeilenga's avatar
Kurt Zeilenga committed
311
	val.bv_val = pw->pw_name;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
312
	val.bv_len = pwlen;
313
314
315
	attr_merge( e, ad_uid, vals );	/* required by uidObject */
	attr_merge( e, ad_cn, vals );	/* required by person */
	attr_merge( e, ad_sn, vals );	/* required by person */
316

Kurt Zeilenga's avatar
Kurt Zeilenga committed
317
#ifdef HAVE_PW_GECOS
318
319
320
321
322
323
324
325
326
327
	/*
	 * if gecos is present, add it as a cn. first process it
	 * according to standard BSD usage. If the processed cn has
	 * a space, use the tail as the surname.
	 */
	if (pw->pw_gecos[0]) {
		char *s;

		val.bv_val = pw->pw_gecos;
		val.bv_len = strlen(val.bv_val);
328
		attr_merge(e, ad_description, vals);
329
330

		s = strchr(val.bv_val, ',');
331
332
		if (s) *s = '\0';

333
334
		s = strchr(val.bv_val, '&');
		if (s) {
335
			char buf[256];
336
337
338
339
			int i = s - val.bv_val;
			strncpy(buf, val.bv_val, i);
			s = buf+i;
			strcpy(s, pw->pw_name);
Kurt Zeilenga's avatar
Kurt Zeilenga committed
340
			*s = TOUPPER(*s);
341
342
343
344
345
			strcat(s, val.bv_val+i+1);
			val.bv_val = buf;
		}
		val.bv_len = strlen(val.bv_val);
		if ( strcmp( val.bv_val, pw->pw_name ))
346
			attr_merge( e, ad_cn, vals );
347
348
349
		if ( (s=strrchr(val.bv_val, ' '))) {
			val.bv_val = s + 1;
			val.bv_len = strlen(val.bv_val);
350
			attr_merge(e, ad_sn, vals);
351
352
		}
	}
Kurt Zeilenga's avatar
Kurt Zeilenga committed
353
#endif
354

Kurt Zeilenga's avatar
Kurt Zeilenga committed
355
356
	return( e );
}