search.c 6.48 KB
Newer Older
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1
/* search.c - /etc/passwd backend search function */
2
/* $OpenLDAP$ */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
3

Kurt Zeilenga's avatar
Kurt Zeilenga committed
4
5
#include "portable.h"

Kurt Zeilenga's avatar
Kurt Zeilenga committed
6
#include <stdio.h>
Kurt Zeilenga's avatar
Kurt Zeilenga committed
7

8
#include <ac/ctype.h>
Kurt Zeilenga's avatar
Kurt Zeilenga committed
9
10
11
12
#include <ac/socket.h>
#include <ac/string.h>
#include <ac/time.h>

Kurt Zeilenga's avatar
Kurt Zeilenga committed
13
#include <pwd.h>
Kurt Zeilenga's avatar
Kurt Zeilenga committed
14

Kurt Zeilenga's avatar
Kurt Zeilenga committed
15
#include "slap.h"
16
#include "external.h"
17
#include <ldap_pvt.h>
Kurt Zeilenga's avatar
Kurt Zeilenga committed
18

19
20
21
22
static Entry *pw2entry(
	Backend *be,
	struct passwd *pw,
	char *rdn);
Kurt Zeilenga's avatar
Kurt Zeilenga committed
23
24
25
26
27
28
29

int
passwd_back_search(
    Backend	*be,
    Connection	*conn,
    Operation	*op,
    char	*base,
30
    char	*nbase,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
31
32
33
34
35
36
37
38
39
40
41
42
43
44
    int		scope,
    int		deref,
    int		slimit,
    int		tlimit,
    Filter	*filter,
    char	*filterstr,
    char	**attrs,
    int		attrsonly
)
{
	struct passwd	*pw;
	Entry		*e;
	char		*s;
	time_t		stoptime;
45
46
47

	int sent = 0;
	int err = LDAP_SUCCESS;
48
49
50
51
52

	char *rdn = NULL;
	char *parent = NULL;
	char *matched = NULL;
	char *user = NULL;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
53
54
55
56
57
58
59

	tlimit = (tlimit > be->be_timelimit || tlimit < 1) ? be->be_timelimit
	    : tlimit;
	stoptime = op->o_time + tlimit;
	slimit = (slimit > be->be_sizelimit || slimit < 1) ? be->be_sizelimit
	    : slimit;

60
61
	endpwent();

Kurt Zeilenga's avatar
Kurt Zeilenga committed
62
63
64
65
66
67
#ifdef HAVE_SETPWFILE
	if ( be->be_private != NULL ) {
		(void) setpwfile( (char *) be->be_private );
	}
#endif /* HAVE_SETPWFILE */

68
	/* Handle a query for the base of this backend */
69
	if ( be_issuffix( be,  nbase ) ) {
70
71
72
73
		struct berval	val, *vals[2];

		vals[0] = &val;
		vals[1] = NULL;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
74

75
		matched = ch_strdup( base );
76

77
78
79
80
81
		if( scope != LDAP_SCOPE_ONELEVEL ) {
			/* Create an entry corresponding to the base DN */
			e = (Entry *) ch_calloc(1, sizeof(Entry));
			e->e_attrs = NULL;
			e->e_dn = ch_strdup( base );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
82

83
84
85
86
			/* Use the first attribute of the DN
		 	* as an attribute within the entry itself.
		 	*/
			rdn = dn_rdn(NULL, base);
87

88
89
90
91
			if( rdn == NULL || (s = strchr(rdn, '=')) == NULL ) {
				err = LDAP_INVALID_DN_SYNTAX;
				goto done;
			}
92

93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
			val.bv_val = rdn_attr_value(rdn);
			val.bv_len = strlen( val.bv_val );
			attr_merge( e, rdn_attr_type(rdn), vals );

			free(rdn);
			rdn = NULL;

			/* Every entry needs an objectclass. We don't really
			 * know if our hardcoded choice here agrees with the
			 * DN that was configured for this backend, but it's
			 * better than nothing.
			 *
			 * should be a configuratable item
			 */
			val.bv_val = "organizationalUnit";
			val.bv_len = strlen( val.bv_val );
			attr_merge( e, "objectClass", vals );
110
	
111
			if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) {
112
				send_search_entry( be, conn, op,
113
					e, attrs, attrsonly, NULL );
114
115
				sent++;
			}
Kurt Zeilenga's avatar
Kurt Zeilenga committed
116
117
		}

118
119
		if ( scope != LDAP_SCOPE_BASE ) {
			/* check all our "children" */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
120

121
122
123
124
125
126
127
128
129
130
131
132
133
			for ( pw = getpwent(); pw != NULL; pw = getpwent() ) {
				/* check for abandon */
				ldap_pvt_thread_mutex_lock( &op->o_abandonmutex );
				if ( op->o_abandon ) {
					ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex );
					endpwent();
					return( -1 );
				}
				ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex );

				/* check time limit */
				if ( slap_get_time() > stoptime ) {
					send_ldap_result( conn, op, LDAP_TIMELIMIT_EXCEEDED,
134
			    		NULL, NULL, NULL, NULL );
135
136
137
138
139
					endpwent();
					return( 0 );
				}

				e = pw2entry( be, pw, NULL );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
140

141
				if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) {
142
143
144
					/* check size limit */
					if ( --slimit == -1 ) {
						send_ldap_result( conn, op, LDAP_SIZELIMIT_EXCEEDED,
145
				    		NULL, NULL, NULL, NULL );
146
147
148
149
						endpwent();
						return( 0 );
					}

150
					send_search_entry( be, conn, op,
151
						e, attrs, attrsonly, NULL );
152
153
154
155
156
					sent++;
				}

				entry_free( e );
			}
Kurt Zeilenga's avatar
Kurt Zeilenga committed
157
158
159
			endpwent();
		}

160
161
162
163
164
165
166
	} else {
		parent = dn_parent( be, base );

		/* This backend is only one layer deep. Don't answer requests for
		 * anything deeper than that.
		 */
		if( !be_issuffix( be, parent ) ) {
167
			int i;
168
169
			for( i=0; be->be_nsuffix[i] != NULL; i++ ) {
				if( dn_issuffix( nbase, be->be_nsuffix[i] ) ) {
170
171
172
173
174
175
176
177
178
					matched = ch_strdup( be->be_suffix[i] );
					break;
				}
			}
			err = LDAP_NO_SUCH_OBJECT;
			goto done;
		}

		if( scope == LDAP_SCOPE_ONELEVEL ) {
179
			goto done;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
180
181
		}

182
		rdn = dn_rdn( NULL, base );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
183

184
		if ( (user = rdn_attr_value(rdn)) == NULL) {
185
			err = LDAP_OPERATIONS_ERROR;
186
187
			goto done;
		}
188

189
		if ( (pw = getpwnam( user )) == NULL ) {
190
191
192
			matched = parent;
			parent = NULL;
			err = LDAP_NO_SUCH_OBJECT;
193
194
195
196
197
			goto done;
		}

		e = pw2entry( be, pw, rdn );

198
		if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) {
199
			send_search_entry( be, conn, op,
200
				e, attrs, attrsonly, NULL );
201
			sent++;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
202
203
204
205
		}

		entry_free( e );
	}
206
207

done:
208
209
210
	send_ldap_result( conn, op,
		err, err == LDAP_NO_SUCH_OBJECT ? matched : NULL, NULL,
		NULL, NULL );
211
212
213
214
215

	if( matched != NULL ) free( matched );
	if( parent != NULL ) free( parent );
	if( rdn != NULL ) free( rdn );
	if( user != NULL ) free( user );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
216
217
218
219
220

	return( 0 );
}

static Entry *
221
pw2entry( Backend *be, struct passwd *pw, char *rdn )
Kurt Zeilenga's avatar
Kurt Zeilenga committed
222
223
224
225
226
227
228
229
230
231
{
	Entry		*e;
	char		buf[256];
	struct berval	val;
	struct berval	*vals[2];

	vals[0] = &val;
	vals[1] = NULL;

	/*
232
233
	 * from pw we get pw_name and make it cn
	 * give it an objectclass of person.
Kurt Zeilenga's avatar
Kurt Zeilenga committed
234
235
236
237
238
	 */

	e = (Entry *) ch_calloc( 1, sizeof(Entry) );
	e->e_attrs = NULL;

239
240
	/* rdn attribute type should be a configuratable item */
	sprintf( buf, "uid=%s,%s", pw->pw_name, be->be_suffix[0] );
241
	e->e_dn = ch_strdup( buf );
242
	e->e_ndn = ch_strdup( buf );
243
	(void) dn_normalize( e->e_ndn );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
244
245
246

	val.bv_val = pw->pw_name;
	val.bv_len = strlen( pw->pw_name );
247
248
249
250
	attr_merge( e, "uid", vals );	/* required by uidObject */
	attr_merge( e, "cn", vals );	/* required by person */
	attr_merge( e, "sn", vals );	/* required by person */

Kurt Zeilenga's avatar
Kurt Zeilenga committed
251
#ifdef HAVE_PW_GECOS
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
	/*
	 * if gecos is present, add it as a cn. first process it
	 * according to standard BSD usage. If the processed cn has
	 * a space, use the tail as the surname.
	 */
	if (pw->pw_gecos[0]) {
		char *s;

		val.bv_val = pw->pw_gecos;
		val.bv_len = strlen(val.bv_val);
		attr_merge(e, "description", vals);

		s = strchr(val.bv_val, ',');
		if (s)
			*s = '\0';
		s = strchr(val.bv_val, '&');
		if (s) {
			int i = s - val.bv_val;
			strncpy(buf, val.bv_val, i);
			s = buf+i;
			strcpy(s, pw->pw_name);
Kurt Zeilenga's avatar
Kurt Zeilenga committed
273
			*s = TOUPPER(*s);
274
275
276
277
278
279
280
281
282
283
284
285
			strcat(s, val.bv_val+i+1);
			val.bv_val = buf;
		}
		val.bv_len = strlen(val.bv_val);
		if ( strcmp( val.bv_val, pw->pw_name ))
			attr_merge( e, "cn", vals );
		if ( (s=strrchr(val.bv_val, ' '))) {
			val.bv_val = s + 1;
			val.bv_len = strlen(val.bv_val);
			attr_merge(e, "sn", vals);
		}
	}
Kurt Zeilenga's avatar
Kurt Zeilenga committed
286
#endif
287
288

	/* objectclasses should be configuratable items */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
289
290
291
292
	val.bv_val = "person";
	val.bv_len = strlen( val.bv_val );
	attr_merge( e, "objectclass", vals );

293
294
295
	val.bv_val = "uidObject";
	val.bv_len = strlen( val.bv_val );
	attr_merge( e, "objectclass", vals );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
296
297
	return( e );
}