openldap/servers/slapd/back-passwd/search.c

365 lines
9.0 KiB
C
Raw Normal View History

1998-08-09 08:43:13 +08:00
/* search.c - /etc/passwd backend search function */
/* $OpenLDAP$ */
2003-11-27 09:42:27 +08:00
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
2019-01-15 02:46:16 +08:00
* Copyright 1998-2019 The OpenLDAP Foundation.
2003-11-27 09:42:27 +08:00
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
/* Portions Copyright (c) 1995 Regents of the University of Michigan.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and that due credit is given
* to the University of Michigan at Ann Arbor. The name of the University
* may not be used to endorse or promote products derived from this
* software without specific prior written permission. This software
* is provided ``as is'' without express or implied warranty.
*/
/* ACKNOWLEDGEMENTS:
* This work was originally developed by the University of Michigan
* (as part of U-MICH LDAP). Additional significant contributors
* include:
* Hallvard B. Furuseth
* Howard Chu
* Kurt D. Zeilenga
*/
1998-08-09 08:43:13 +08:00
1998-10-25 09:41:42 +08:00
#include "portable.h"
1998-08-09 08:43:13 +08:00
#include <stdio.h>
1998-10-25 09:41:42 +08:00
#include <ac/ctype.h>
1998-10-25 09:41:42 +08:00
#include <ac/socket.h>
#include <ac/string.h>
#include <ac/time.h>
1998-08-09 08:43:13 +08:00
#include <pwd.h>
1998-10-25 09:41:42 +08:00
1998-08-09 08:43:13 +08:00
#include "slap.h"
#include "back-passwd.h"
1998-08-09 08:43:13 +08:00
2002-05-15 13:44:46 +08:00
static void pw_start( Backend *be );
2005-04-09 09:00:53 +08:00
static int pw2entry(
Backend *be,
struct passwd *pw,
Entry *ep );
1998-08-09 08:43:13 +08:00
int
passwd_back_search(
Operation *op,
SlapReply *rs )
1998-08-09 08:43:13 +08:00
{
struct passwd *pw;
2005-11-07 07:27:09 +08:00
time_t stoptime = (time_t)-1;
2003-04-11 09:29:28 +08:00
LDAPRDN rdn = NULL;
2004-04-07 12:11:43 +08:00
struct berval parent = BER_BVNULL;
1998-08-09 08:43:13 +08:00
AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass;
2005-04-09 09:00:53 +08:00
if ( op->ors_tlimit != SLAP_NO_LIMIT ) {
stoptime = op->o_time + op->ors_tlimit;
}
1998-08-09 08:43:13 +08:00
/* Handle a query for the base of this backend */
if ( be_issuffix( op->o_bd, &op->o_req_ndn ) ) {
2005-04-09 08:29:06 +08:00
struct berval val;
1998-08-09 08:43:13 +08:00
rs->sr_matched = op->o_req_dn.bv_val;
2004-03-09 02:12:45 +08:00
if( op->ors_scope != LDAP_SCOPE_ONELEVEL ) {
2005-04-09 08:29:06 +08:00
AttributeDescription *desc = NULL;
char *next;
2005-04-09 09:00:53 +08:00
Entry e = { 0 };
/* Create an entry corresponding to the base DN */
2005-04-09 09:00:53 +08:00
e.e_name.bv_val = ch_strdup( op->o_req_dn.bv_val );
e.e_name.bv_len = op->o_req_dn.bv_len;
e.e_nname.bv_val = ch_strdup( op->o_req_ndn.bv_val );
e.e_nname.bv_len = op->o_req_ndn.bv_len;
/* Use the first attribute of the DN
* as an attribute within the entry itself.
*/
2005-04-09 08:29:06 +08:00
if( ldap_bv2rdn( &op->o_req_dn, &rdn, &next,
2002-01-10 02:18:36 +08:00
LDAP_DN_FORMAT_LDAP ) )
{
rs->sr_err = LDAP_INVALID_DN_SYNTAX;
goto done;
}
2003-04-11 09:29:28 +08:00
if( slap_bv2ad( &rdn[0]->la_attr, &desc, &rs->sr_text )) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
2002-01-01 17:41:10 +08:00
ldap_rdnfree(rdn);
goto done;
}
2005-04-22 07:36:37 +08:00
attr_merge_normalize_one( &e, desc, &rdn[0]->la_value, NULL );
2002-01-01 17:41:10 +08:00
ldap_rdnfree(rdn);
rdn = NULL;
/* Every entry needs an objectclass. We don't really
* know if our hardcoded choice here agrees with the
* DN that was configured for this backend, but it's
* better than nothing.
*
ITS#8605 - spelling fixes * javascript * kernel * ldap * length * macros * maintained * manager * matching * maximum * mechanism * memory * method * mimic * minimum * modifiable * modifiers * modifying * multiple * necessary * normalized * objectclass * occurrence * occurring * offered * operation * original * overridden * parameter * permanent * preemptively * printable * protocol * provider * really * redistribution * referenced * refresh * regardless * registered * request * reserved * resource * response * sanity * separated * setconcurrency * should * specially * specifies * structure * structures * subordinates * substitution * succeed * successful * successfully * sudoers * sufficient * superiors * supported * synchronization * terminated * they're * through * traffic * transparent * unsigned * unsupported * version * absence * achieves * adamson * additional * address * against * appropriate * architecture * associated * async * attribute * authentication * authorized * auxiliary * available * begin * beginning * buffered * canonical * certificate * charray * check * class * compatibility * compilation * component * configurable * configuration * configure * conjunction * constraints * constructor * contained * containing * continued * control * convenience * correspond * credentials * cyrillic * database * definitions * deloldrdn * dereferencing * destroy * distinguish * documentation * emmanuel * enabled * entry * enumerated * everything * exhaustive * existence * existing * explicitly * extract * fallthru * fashion * february * finally * function * generically * groupname * happened * implementation * including * initialization * initializes * insensitive * instantiated * instantiation * integral * internal * iterate
2017-02-26 15:49:31 +08:00
* should be a configurable item
*/
2005-04-09 08:29:06 +08:00
BER_BVSTR( &val, "organizationalUnit" );
2005-04-22 07:36:37 +08:00
attr_merge_one( &e, ad_objectClass, &val, NULL );
2005-04-09 09:00:53 +08:00
if ( test_filter( op, &e, op->ors_filter ) == LDAP_COMPARE_TRUE ) {
rs->sr_entry = &e;
2004-03-09 02:12:45 +08:00
rs->sr_attrs = op->ors_attrs;
2004-03-17 19:50:15 +08:00
rs->sr_flags = REP_ENTRY_MODIFIABLE;
send_search_entry( op, rs );
rs->sr_flags = 0;
rs->sr_attrs = NULL;
}
2005-04-09 09:00:53 +08:00
entry_clean( &e );
1998-08-09 08:43:13 +08:00
}
2004-03-09 02:12:45 +08:00
if ( op->ors_scope != LDAP_SCOPE_BASE ) {
/* check all our "children" */
1998-08-09 08:43:13 +08:00
ldap_pvt_thread_mutex_lock( &passwd_mutex );
pw_start( op->o_bd );
for ( pw = getpwent(); pw != NULL; pw = getpwent() ) {
2005-04-09 09:00:53 +08:00
Entry e = { 0 };
/* check for abandon */
if ( op->o_abandon ) {
endpwent();
ldap_pvt_thread_mutex_unlock( &passwd_mutex );
return( SLAPD_ABANDON );
}
/* check time limit */
if ( op->ors_tlimit != SLAP_NO_LIMIT
&& slap_get_time() > stoptime )
{
send_ldap_error( op, rs, LDAP_TIMELIMIT_EXCEEDED, NULL );
endpwent();
ldap_pvt_thread_mutex_unlock( &passwd_mutex );
return( 0 );
}
2005-04-09 09:00:53 +08:00
if ( pw2entry( op->o_bd, pw, &e ) ) {
rs->sr_err = LDAP_OTHER;
2002-01-01 17:49:23 +08:00
endpwent();
ldap_pvt_thread_mutex_unlock( &passwd_mutex );
2002-01-01 17:49:23 +08:00
goto done;
}
1998-08-09 08:43:13 +08:00
2005-04-09 09:00:53 +08:00
if ( test_filter( op, &e, op->ors_filter ) == LDAP_COMPARE_TRUE ) {
/* check size limit */
2004-03-09 02:12:45 +08:00
if ( --op->ors_slimit == -1 ) {
send_ldap_error( op, rs, LDAP_SIZELIMIT_EXCEEDED, NULL );
endpwent();
ldap_pvt_thread_mutex_unlock( &passwd_mutex );
return( 0 );
}
2005-04-09 09:00:53 +08:00
rs->sr_entry = &e;
2004-03-09 02:12:45 +08:00
rs->sr_attrs = op->ors_attrs;
2004-03-17 19:50:15 +08:00
rs->sr_flags = REP_ENTRY_MODIFIABLE;
send_search_entry( op, rs );
rs->sr_flags = 0;
rs->sr_entry = NULL;
}
2005-04-09 09:00:53 +08:00
entry_clean( &e );
}
1998-08-09 08:43:13 +08:00
endpwent();
ldap_pvt_thread_mutex_unlock( &passwd_mutex );
1998-08-09 08:43:13 +08:00
}
} else {
2005-04-09 08:29:06 +08:00
char *next;
2005-04-09 09:00:53 +08:00
Entry e = { 0 };
int rc;
if (! be_issuffix( op->o_bd, &op->o_req_ndn ) ) {
dnParent( &op->o_req_ndn, &parent );
}
/* This backend is only one layer deep. Don't answer requests for
* anything deeper than that.
*/
if( !be_issuffix( op->o_bd, &parent ) ) {
int i;
for( i=0; op->o_bd->be_nsuffix[i].bv_val != NULL; i++ ) {
if( dnIsSuffix( &op->o_req_ndn, &op->o_bd->be_nsuffix[i] ) ) {
rs->sr_matched = op->o_bd->be_suffix[i].bv_val;
break;
}
}
rs->sr_err = LDAP_NO_SUCH_OBJECT;
goto done;
}
2004-03-09 02:12:45 +08:00
if( op->ors_scope == LDAP_SCOPE_ONELEVEL ) {
goto done;
1998-08-09 08:43:13 +08:00
}
2005-04-09 08:29:06 +08:00
if ( ldap_bv2rdn( &op->o_req_dn, &rdn, &next,
2002-01-10 02:18:36 +08:00
LDAP_DN_FORMAT_LDAP ))
{
rs->sr_err = LDAP_OTHER;
goto done;
}
ldap_pvt_thread_mutex_lock( &passwd_mutex );
pw_start( op->o_bd );
2005-04-09 09:00:53 +08:00
pw = getpwnam( rdn[0]->la_value.bv_val );
if ( pw == NULL ) {
rs->sr_matched = parent.bv_val;
rs->sr_err = LDAP_NO_SUCH_OBJECT;
ldap_pvt_thread_mutex_unlock( &passwd_mutex );
goto done;
}
2005-04-09 09:00:53 +08:00
rc = pw2entry( op->o_bd, pw, &e );
ldap_pvt_thread_mutex_unlock( &passwd_mutex );
2005-04-09 09:00:53 +08:00
if ( rc ) {
rs->sr_err = LDAP_OTHER;
2002-01-01 17:49:23 +08:00
goto done;
}
2005-04-09 09:00:53 +08:00
if ( test_filter( op, &e, op->ors_filter ) == LDAP_COMPARE_TRUE ) {
rs->sr_entry = &e;
2004-03-09 02:12:45 +08:00
rs->sr_attrs = op->ors_attrs;
2004-03-17 19:50:15 +08:00
rs->sr_flags = REP_ENTRY_MODIFIABLE;
send_search_entry( op, rs );
rs->sr_flags = 0;
rs->sr_entry = NULL;
rs->sr_attrs = NULL;
1998-08-09 08:43:13 +08:00
}
2005-04-09 09:00:53 +08:00
entry_clean( &e );
1998-08-09 08:43:13 +08:00
}
done:
if( rs->sr_err != LDAP_NO_SUCH_OBJECT ) rs->sr_matched = NULL;
send_ldap_result( op, rs );
2002-01-01 17:41:10 +08:00
if( rdn != NULL ) ldap_rdnfree( rdn );
1998-08-09 08:43:13 +08:00
return( 0 );
}
static void
pw_start(
Backend *be
)
{
endpwent();
#ifdef HAVE_SETPWFILE
if ( be->be_private != NULL ) {
(void) setpwfile( (char *) be->be_private );
}
#endif /* HAVE_SETPWFILE */
}
2005-04-09 09:00:53 +08:00
static int
pw2entry( Backend *be, struct passwd *pw, Entry *e )
1998-08-09 08:43:13 +08:00
{
2005-04-09 08:29:06 +08:00
size_t pwlen;
struct berval val;
struct berval bv;
1998-08-09 08:43:13 +08:00
2005-04-09 08:29:06 +08:00
int rc;
1998-08-09 08:43:13 +08:00
/*
* from pw we get pw_name and make it cn
* give it an objectclass of person.
1998-08-09 08:43:13 +08:00
*/
2001-12-28 15:09:12 +08:00
pwlen = strlen( pw->pw_name );
2005-04-09 08:29:06 +08:00
val.bv_len = STRLENOF("uid=,") + ( pwlen + be->be_suffix[0].bv_len );
val.bv_val = ch_malloc( val.bv_len + 1 );
2001-12-28 15:09:12 +08:00
ITS#8605 - spelling fixes * javascript * kernel * ldap * length * macros * maintained * manager * matching * maximum * mechanism * memory * method * mimic * minimum * modifiable * modifiers * modifying * multiple * necessary * normalized * objectclass * occurrence * occurring * offered * operation * original * overridden * parameter * permanent * preemptively * printable * protocol * provider * really * redistribution * referenced * refresh * regardless * registered * request * reserved * resource * response * sanity * separated * setconcurrency * should * specially * specifies * structure * structures * subordinates * substitution * succeed * successful * successfully * sudoers * sufficient * superiors * supported * synchronization * terminated * they're * through * traffic * transparent * unsigned * unsupported * version * absence * achieves * adamson * additional * address * against * appropriate * architecture * associated * async * attribute * authentication * authorized * auxiliary * available * begin * beginning * buffered * canonical * certificate * charray * check * class * compatibility * compilation * component * configurable * configuration * configure * conjunction * constraints * constructor * contained * containing * continued * control * convenience * correspond * credentials * cyrillic * database * definitions * deloldrdn * dereferencing * destroy * distinguish * documentation * emmanuel * enabled * entry * enumerated * everything * exhaustive * existence * existing * explicitly * extract * fallthru * fashion * february * finally * function * generically * groupname * happened * implementation * including * initialization * initializes * insensitive * instantiated * instantiation * integral * internal * iterate
2017-02-26 15:49:31 +08:00
/* rdn attribute type should be a configurable item */
2005-04-09 08:29:06 +08:00
sprintf( val.bv_val, "uid=%s,%s",
pw->pw_name, be->be_suffix[0].bv_val );
2001-12-28 15:09:12 +08:00
2005-04-09 08:29:06 +08:00
rc = dnNormalize( 0, NULL, NULL, &val, &bv, NULL );
2001-12-28 15:09:12 +08:00
if( rc != LDAP_SUCCESS ) {
2005-04-09 08:29:06 +08:00
free( val.bv_val );
2005-04-09 09:00:53 +08:00
return( -1 );
2001-12-28 15:09:12 +08:00
}
2005-04-09 08:29:06 +08:00
e->e_name = val;
e->e_nname = bv;
2001-12-28 15:09:12 +08:00
1998-08-09 08:43:13 +08:00
e->e_attrs = NULL;
2001-12-28 15:09:12 +08:00
/* objectclasses should be configurable items */
2005-04-09 08:29:06 +08:00
BER_BVSTR( &val, "person" );
2005-04-22 07:36:37 +08:00
attr_merge_one( e, slap_schema.si_ad_objectClass, &val, NULL );
2005-04-09 08:29:06 +08:00
BER_BVSTR( &val, "uidObject" );
2005-04-22 07:36:37 +08:00
attr_merge_one( e, slap_schema.si_ad_objectClass, &val, NULL );
2005-04-09 08:29:06 +08:00
val.bv_val = pw->pw_name;
val.bv_len = pwlen;
2005-04-22 07:36:37 +08:00
attr_merge_normalize_one( e, slap_schema.si_ad_uid, &val, NULL ); /* required by uidObject */
attr_merge_normalize_one( e, slap_schema.si_ad_cn, &val, NULL ); /* required by person */
attr_merge_normalize_one( e, ad_sn, &val, NULL ); /* required by person */
2005-08-13 06:28:17 +08:00
#ifdef HAVE_STRUCT_PASSWD_PW_GECOS
/*
* if gecos is present, add it as a cn. first process it
* according to standard BSD usage. If the processed cn has
* a space, use the tail as the surname.
*/
if (pw->pw_gecos[0]) {
char *s;
2015-01-14 20:16:24 +08:00
char buf[1024];
2005-04-09 08:29:06 +08:00
ber_str2bv( pw->pw_gecos, 0, 0, &val );
2005-04-22 07:36:37 +08:00
attr_merge_normalize_one( e, ad_desc, &val, NULL );
s = ber_bvchr( &val, ',' );
2005-04-09 08:29:06 +08:00
if ( s ) *s = '\0';
s = ber_bvchr( &val, '&' );
2005-04-09 08:29:06 +08:00
if ( s ) {
if( val.bv_len + pwlen < sizeof(buf) ) {
int i = s - val.bv_val;
strncpy( buf, val.bv_val, i );
s = buf + i;
strcpy( s, pw->pw_name );
2002-08-27 04:10:45 +08:00
*s = TOUPPER((unsigned char)*s);
2005-04-09 08:29:06 +08:00
strcat( s, val.bv_val + i + 1 );
val.bv_val = buf;
2002-08-27 04:10:45 +08:00
}
}
2005-04-09 08:29:06 +08:00
val.bv_len = strlen( val.bv_val );
2002-08-27 04:10:45 +08:00
2005-04-09 08:29:06 +08:00
if ( val.bv_len && strcasecmp( val.bv_val, pw->pw_name ) ) {
2005-04-22 07:36:37 +08:00
attr_merge_normalize_one( e, slap_schema.si_ad_cn, &val, NULL );
2002-08-27 04:10:45 +08:00
}
2005-04-09 08:29:06 +08:00
if ( ( s = strrchr(val.bv_val, ' ' ) ) ) {
ber_str2bv( s + 1, 0, 0, &val );
2005-04-22 07:36:37 +08:00
attr_merge_normalize_one( e, ad_sn, &val, NULL );
}
}
2005-08-13 06:28:17 +08:00
#endif /* HAVE_STRUCT_PASSWD_PW_GECOS */
2005-04-09 09:00:53 +08:00
return( 0 );
1998-08-09 08:43:13 +08:00
}