search.c 7.67 KB
Newer Older
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1
/* search.c - /etc/passwd backend search function */
2
/* $OpenLDAP$ */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
3

Kurt Zeilenga's avatar
Kurt Zeilenga committed
4
5
#include "portable.h"

Kurt Zeilenga's avatar
Kurt Zeilenga committed
6
#include <stdio.h>
Kurt Zeilenga's avatar
Kurt Zeilenga committed
7

8
#include <ac/ctype.h>
Kurt Zeilenga's avatar
Kurt Zeilenga committed
9
10
11
12
#include <ac/socket.h>
#include <ac/string.h>
#include <ac/time.h>

Kurt Zeilenga's avatar
Kurt Zeilenga committed
13
#include <pwd.h>
Kurt Zeilenga's avatar
Kurt Zeilenga committed
14

Kurt Zeilenga's avatar
Kurt Zeilenga committed
15
#include "slap.h"
16
#include "external.h"
17
#include <ldap_pvt.h>
Kurt Zeilenga's avatar
Kurt Zeilenga committed
18

19
20
21
22
static Entry *pw2entry(
	Backend *be,
	struct passwd *pw,
	char *rdn);
Kurt Zeilenga's avatar
Kurt Zeilenga committed
23
24
25
26
27
28

int
passwd_back_search(
    Backend	*be,
    Connection	*conn,
    Operation	*op,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
29
30
    const char	*base,
    const char	*nbase,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
31
32
33
34
35
    int		scope,
    int		deref,
    int		slimit,
    int		tlimit,
    Filter	*filter,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
36
    const char	*filterstr,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
37
38
39
40
41
42
43
44
    char	**attrs,
    int		attrsonly
)
{
	struct passwd	*pw;
	Entry		*e;
	char		*s;
	time_t		stoptime;
45
46
47

	int sent = 0;
	int err = LDAP_SUCCESS;
48
49
50
51
52

	char *rdn = NULL;
	char *parent = NULL;
	char *matched = NULL;
	char *user = NULL;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
53

54
55
	AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass;

Kurt Zeilenga's avatar
Kurt Zeilenga committed
56
57
58
59
60
61
	tlimit = (tlimit > be->be_timelimit || tlimit < 1) ? be->be_timelimit
	    : tlimit;
	stoptime = op->o_time + tlimit;
	slimit = (slimit > be->be_sizelimit || slimit < 1) ? be->be_sizelimit
	    : slimit;

62
63
	endpwent();

Kurt Zeilenga's avatar
Kurt Zeilenga committed
64
65
66
67
68
69
#ifdef HAVE_SETPWFILE
	if ( be->be_private != NULL ) {
		(void) setpwfile( (char *) be->be_private );
	}
#endif /* HAVE_SETPWFILE */

70
	/* Handle a query for the base of this backend */
71
	if ( be_issuffix( be,  nbase ) ) {
72
73
74
75
		struct berval	val, *vals[2];

		vals[0] = &val;
		vals[1] = NULL;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
76

77
		matched = ch_strdup( base );
78

79
		if( scope != LDAP_SCOPE_ONELEVEL ) {
80
81
82
			char *type;
			AttributeDescription *desc = NULL;

83
84
85
86
			/* Create an entry corresponding to the base DN */
			e = (Entry *) ch_calloc(1, sizeof(Entry));
			e->e_attrs = NULL;
			e->e_dn = ch_strdup( base );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
87

88
89
90
			e->e_ndn = ch_strdup( e->e_dn );
			(void) dn_normalize( e->e_ndn );

91
92
93
94
			/* Use the first attribute of the DN
		 	* as an attribute within the entry itself.
		 	*/
			rdn = dn_rdn(NULL, base);
95

96
97
			if( rdn == NULL || (s = strchr(rdn, '=')) == NULL ) {
				err = LDAP_INVALID_DN_SYNTAX;
98
				free(rdn);
99
100
				goto done;
			}
101

102
103
			val.bv_val = rdn_attr_value(rdn);
			val.bv_len = strlen( val.bv_val );
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120

			type = rdn_attr_type(rdn);

			{
				int rc;
				const char *text;
				rc = slap_str2ad( type, &desc, &text );

				if( rc != LDAP_SUCCESS ) {
					err = LDAP_NO_SUCH_OBJECT;
					free(rdn);
					goto done;
				}
			}

			attr_merge( e, desc, vals );

121
122
123
124
125
126
127
128
129
130
131
			free(rdn);
			rdn = NULL;

			/* Every entry needs an objectclass. We don't really
			 * know if our hardcoded choice here agrees with the
			 * DN that was configured for this backend, but it's
			 * better than nothing.
			 *
			 * should be a configuratable item
			 */
			val.bv_val = "organizationalUnit";
132
133
			val.bv_len = sizeof("organizationalUnit")-1;
			attr_merge( e, ad_objectClass, vals );
134
	
135
			if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) {
136
				send_search_entry( be, conn, op,
137
					e, attrs, attrsonly, NULL );
138
139
				sent++;
			}
Kurt Zeilenga's avatar
Kurt Zeilenga committed
140
141
		}

142
143
		if ( scope != LDAP_SCOPE_BASE ) {
			/* check all our "children" */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
144

145
146
147
148
149
150
151
152
153
154
155
156
157
			for ( pw = getpwent(); pw != NULL; pw = getpwent() ) {
				/* check for abandon */
				ldap_pvt_thread_mutex_lock( &op->o_abandonmutex );
				if ( op->o_abandon ) {
					ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex );
					endpwent();
					return( -1 );
				}
				ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex );

				/* check time limit */
				if ( slap_get_time() > stoptime ) {
					send_ldap_result( conn, op, LDAP_TIMELIMIT_EXCEEDED,
158
			    		NULL, NULL, NULL, NULL );
159
160
161
162
163
					endpwent();
					return( 0 );
				}

				e = pw2entry( be, pw, NULL );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
164

165
				if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) {
166
167
168
					/* check size limit */
					if ( --slimit == -1 ) {
						send_ldap_result( conn, op, LDAP_SIZELIMIT_EXCEEDED,
169
				    		NULL, NULL, NULL, NULL );
170
171
172
173
						endpwent();
						return( 0 );
					}

174
					send_search_entry( be, conn, op,
175
						e, attrs, attrsonly, NULL );
176
177
178
179
180
					sent++;
				}

				entry_free( e );
			}
Kurt Zeilenga's avatar
Kurt Zeilenga committed
181
182
183
			endpwent();
		}

184
	} else {
185
		parent = dn_parent( be, nbase );
186
187
188
189
190

		/* This backend is only one layer deep. Don't answer requests for
		 * anything deeper than that.
		 */
		if( !be_issuffix( be, parent ) ) {
191
			int i;
192
193
			for( i=0; be->be_nsuffix[i] != NULL; i++ ) {
				if( dn_issuffix( nbase, be->be_nsuffix[i] ) ) {
194
195
196
197
198
199
200
201
202
					matched = ch_strdup( be->be_suffix[i] );
					break;
				}
			}
			err = LDAP_NO_SUCH_OBJECT;
			goto done;
		}

		if( scope == LDAP_SCOPE_ONELEVEL ) {
203
			goto done;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
204
205
		}

206
		rdn = dn_rdn( NULL, base );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
207

208
		if ( (user = rdn_attr_value(rdn)) == NULL) {
209
			err = LDAP_OPERATIONS_ERROR;
210
211
			goto done;
		}
212

213
		if ( (pw = getpwnam( user )) == NULL ) {
214
215
216
			matched = parent;
			parent = NULL;
			err = LDAP_NO_SUCH_OBJECT;
217
218
219
220
221
			goto done;
		}

		e = pw2entry( be, pw, rdn );

222
		if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) {
223
			send_search_entry( be, conn, op,
224
				e, attrs, attrsonly, NULL );
225
			sent++;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
226
227
228
229
		}

		entry_free( e );
	}
230
231

done:
232
233
234
	send_ldap_result( conn, op,
		err, err == LDAP_NO_SUCH_OBJECT ? matched : NULL, NULL,
		NULL, NULL );
235
236
237
238
239

	if( matched != NULL ) free( matched );
	if( parent != NULL ) free( parent );
	if( rdn != NULL ) free( rdn );
	if( user != NULL ) free( user );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
240
241
242
243
244

	return( 0 );
}

static Entry *
245
pw2entry( Backend *be, struct passwd *pw, char *rdn )
Kurt Zeilenga's avatar
Kurt Zeilenga committed
246
247
248
249
250
251
{
	Entry		*e;
	char		buf[256];
	struct berval	val;
	struct berval	*vals[2];

252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
	int rc;
	const char *text;

	AttributeDescription *ad_objectClass = NULL;
	AttributeDescription *ad_cn = NULL;
	AttributeDescription *ad_sn = NULL;
	AttributeDescription *ad_uid = NULL;
	AttributeDescription *ad_description = NULL;

	rc = slap_str2ad( "objectClass", &ad_objectClass, &text );

	if(rc != LDAP_SUCCESS) return NULL;
	rc = slap_str2ad( "cn", &ad_cn, &text );
	if(rc != LDAP_SUCCESS) return NULL;
	rc = slap_str2ad( "sn", &ad_sn, &text );
	if(rc != LDAP_SUCCESS) return NULL;
	rc = slap_str2ad( "uid", &ad_uid, &text );
	if(rc != LDAP_SUCCESS) return NULL;
	rc = slap_str2ad( "description", &ad_description, &text );
	if(rc != LDAP_SUCCESS) return NULL;


Kurt Zeilenga's avatar
Kurt Zeilenga committed
274
275
276
277
	vals[0] = &val;
	vals[1] = NULL;

	/*
278
279
	 * from pw we get pw_name and make it cn
	 * give it an objectclass of person.
Kurt Zeilenga's avatar
Kurt Zeilenga committed
280
281
282
283
284
	 */

	e = (Entry *) ch_calloc( 1, sizeof(Entry) );
	e->e_attrs = NULL;

285
286
287
288
289
290
291
292
293
294
295
296
297
	/* objectclasses should be configuratable items */
	val.bv_val = "top";
	val.bv_len = sizeof("top")-1;
	attr_merge( e, ad_objectClass, vals );

	val.bv_val = "person";
	val.bv_len = sizeof("person")-1;
	attr_merge( e, ad_objectClass, vals );

	val.bv_val = "uidObject";
	val.bv_len = sizeof("uidObject")-1;
	attr_merge( e, ad_objectClass, vals );

298
299
	/* rdn attribute type should be a configuratable item */
	sprintf( buf, "uid=%s,%s", pw->pw_name, be->be_suffix[0] );
300
	e->e_dn = ch_strdup( buf );
301
	e->e_ndn = ch_strdup( buf );
302
	(void) dn_normalize( e->e_ndn );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
303
304
305

	val.bv_val = pw->pw_name;
	val.bv_len = strlen( pw->pw_name );
306
307
308
	attr_merge( e, ad_uid, vals );	/* required by uidObject */
	attr_merge( e, ad_cn, vals );	/* required by person */
	attr_merge( e, ad_sn, vals );	/* required by person */
309

Kurt Zeilenga's avatar
Kurt Zeilenga committed
310
#ifdef HAVE_PW_GECOS
311
312
313
314
315
316
317
318
319
320
	/*
	 * if gecos is present, add it as a cn. first process it
	 * according to standard BSD usage. If the processed cn has
	 * a space, use the tail as the surname.
	 */
	if (pw->pw_gecos[0]) {
		char *s;

		val.bv_val = pw->pw_gecos;
		val.bv_len = strlen(val.bv_val);
321
		attr_merge(e, ad_description, vals);
322
323
324
325
326
327
328
329
330
331

		s = strchr(val.bv_val, ',');
		if (s)
			*s = '\0';
		s = strchr(val.bv_val, '&');
		if (s) {
			int i = s - val.bv_val;
			strncpy(buf, val.bv_val, i);
			s = buf+i;
			strcpy(s, pw->pw_name);
Kurt Zeilenga's avatar
Kurt Zeilenga committed
332
			*s = TOUPPER(*s);
333
334
335
336
337
			strcat(s, val.bv_val+i+1);
			val.bv_val = buf;
		}
		val.bv_len = strlen(val.bv_val);
		if ( strcmp( val.bv_val, pw->pw_name ))
338
			attr_merge( e, ad_cn, vals );
339
340
341
		if ( (s=strrchr(val.bv_val, ' '))) {
			val.bv_val = s + 1;
			val.bv_len = strlen(val.bv_val);
342
			attr_merge(e, ad_sn, vals);
343
344
		}
	}
Kurt Zeilenga's avatar
Kurt Zeilenga committed
345
#endif
346

Kurt Zeilenga's avatar
Kurt Zeilenga committed
347
348
	return( e );
}