2 * Copyright (c) 2001-2002 Sendmail, Inc. and its suppliers.
5 * By using this file, you agree to the terms and conditions set
6 * forth in the LICENSE file which can be found at the top level of
7 * the sendmail distribution.
11 SM_RCSID("@(#)$Id: mbdb.c,v 1.40 2003/12/10 03:19:07 gshapiro Exp $")
13 #include <sys/param.h>
22 #include <sm/limits.h>
24 #include <sm/assert.h>
25 #include <sm/bitops.h>
26 #include <sm/errstring.h>
29 #include <sm/string.h>
31 # undef EX_OK /* for SVr4.2 SMP */
33 #include <sm/sysexits.h>
38 # endif /* _LDAP_EXAMPLE_ */
44 int (*mbdb_initialize) __P((char *));
45 int (*mbdb_lookup) __P((char *name, SM_MBDB_T *user));
46 void (*mbdb_terminate) __P((void));
49 static int mbdb_pw_initialize __P((char *));
50 static int mbdb_pw_lookup __P((char *name, SM_MBDB_T *user));
51 static void mbdb_pw_terminate __P((void));
55 static struct sm_ldap_struct LDAPLMAP;
56 static int mbdb_ldap_initialize __P((char *));
57 static int mbdb_ldap_lookup __P((char *name, SM_MBDB_T *user));
58 static void mbdb_ldap_terminate __P((void));
59 # endif /* _LDAP_EXAMPLE_ */
62 static SM_MBDB_TYPE_T SmMbdbTypes[] =
64 { "pw", mbdb_pw_initialize, mbdb_pw_lookup, mbdb_pw_terminate },
67 { "ldap", mbdb_ldap_initialize, mbdb_ldap_lookup, mbdb_ldap_terminate },
68 # endif /* _LDAP_EXAMPLE_ */
70 { NULL, NULL, NULL, NULL }
73 static SM_MBDB_TYPE_T *SmMbdbType = &SmMbdbTypes[0];
76 ** SM_MBDB_INITIALIZE -- specify which mailbox database to use
78 ** If this function is not called, then the "pw" implementation
79 ** is used by default; this implementation uses getpwnam().
82 ** mbdb -- Which mailbox database to use.
83 ** The argument has the form "name" or "name.arg".
84 ** "pw" means use getpwnam().
87 ** EX_OK on success, or an EX_* code on failure.
91 sm_mbdb_initialize(mbdb)
100 SM_REQUIRE(mbdb != NULL);
103 arg = strchr(mbdb, '.');
105 namelen = strlen(name);
108 namelen = arg - name;
112 for (t = SmMbdbTypes; t->mbdb_typename != NULL; ++t)
114 if (strlen(t->mbdb_typename) == namelen &&
115 strncmp(name, t->mbdb_typename, namelen) == 0)
118 if (t->mbdb_initialize != NULL)
119 err = t->mbdb_initialize(arg);
125 return EX_UNAVAILABLE;
129 ** SM_MBDB_TERMINATE -- terminate connection to the mailbox database
131 ** Because this function closes any cached file descriptors that
132 ** are being held open for the connection to the mailbox database,
133 ** it should be called for security reasons prior to dropping privileges
134 ** and execing another process.
146 if (SmMbdbType->mbdb_terminate != NULL)
147 SmMbdbType->mbdb_terminate();
151 ** SM_MBDB_LOOKUP -- look up a local mail recipient, given name
154 ** name -- name of local mail recipient
155 ** user -- pointer to structure to fill in on success
158 ** On success, fill in *user and return EX_OK.
159 ** If the user does not exist, return EX_NOUSER.
160 ** If a temporary failure (eg, a network failure) occurred,
161 ** return EX_TEMPFAIL. Otherwise return EX_OSERR.
165 sm_mbdb_lookup(name, user)
171 if (SmMbdbType->mbdb_lookup != NULL)
172 ret = SmMbdbType->mbdb_lookup(name, user);
177 ** SM_MBDB_FROMPW -- copy from struct pw to SM_MBDB_T
180 ** user -- destination user information structure
181 ** pw -- source passwd structure
188 sm_mbdb_frompw(user, pw)
192 SM_REQUIRE(user != NULL);
193 (void) sm_strlcpy(user->mbdb_name, pw->pw_name,
194 sizeof(user->mbdb_name));
195 user->mbdb_uid = pw->pw_uid;
196 user->mbdb_gid = pw->pw_gid;
197 sm_pwfullname(pw->pw_gecos, pw->pw_name, user->mbdb_fullname,
198 sizeof(user->mbdb_fullname));
199 (void) sm_strlcpy(user->mbdb_homedir, pw->pw_dir,
200 sizeof(user->mbdb_homedir));
201 (void) sm_strlcpy(user->mbdb_shell, pw->pw_shell,
202 sizeof(user->mbdb_shell));
206 ** SM_PWFULLNAME -- build full name of user from pw_gecos field.
208 ** This routine interprets the strange entry that would appear
209 ** in the GECOS field of the password file.
212 ** gecos -- name to build.
213 ** user -- the login name of this user (for &).
214 ** buf -- place to put the result.
215 ** buflen -- length of buf.
221 #if _FFR_HANDLE_ISO8859_GECOS
222 static char Latin1ToASCII[128] =
224 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32,
225 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 33,
226 99, 80, 36, 89, 124, 36, 34, 99, 97, 60, 45, 45, 114, 45, 111, 42,
227 50, 51, 39, 117, 80, 46, 44, 49, 111, 62, 42, 42, 42, 63, 65, 65,
228 65, 65, 65, 65, 65, 67, 69, 69, 69, 69, 73, 73, 73, 73, 68, 78, 79,
229 79, 79, 79, 79, 88, 79, 85, 85, 85, 85, 89, 80, 66, 97, 97, 97, 97,
230 97, 97, 97, 99, 101, 101, 101, 101, 105, 105, 105, 105, 100, 110,
231 111, 111, 111, 111, 111, 47, 111, 117, 117, 117, 117, 121, 112, 121
233 #endif /* _FFR_HANDLE_ISO8859_GECOS */
236 sm_pwfullname(gecos, user, buf, buflen)
237 register char *gecos;
243 register char *bp = buf;
248 /* copy gecos, interpolating & to be full name */
249 for (p = gecos; *p != '\0' && *p != ',' && *p != ';' && *p != '%'; p++)
251 if (bp >= &buf[buflen - 1])
253 /* buffer overflow -- just use login name */
254 (void) sm_strlcpy(buf, user, buflen);
259 /* interpolate full name */
260 (void) sm_strlcpy(bp, user, buflen - (bp - buf));
266 #if _FFR_HANDLE_ISO8859_GECOS
267 if ((unsigned char) *p >= 128)
268 *bp++ = Latin1ToASCII[(unsigned char) *p - 128];
270 #endif /* _FFR_HANDLE_ISO8859_GECOS */
278 ** /etc/passwd implementation.
282 ** MBDB_PW_INITIALIZE -- initialize getpwnam() version
293 mbdb_pw_initialize(arg)
300 ** MBDB_PW_LOOKUP -- look up a local mail recipient, given name
303 ** name -- name of local mail recipient
304 ** user -- pointer to structure to fill in on success
307 ** On success, fill in *user and return EX_OK.
308 ** Failure: EX_NOUSER.
312 mbdb_pw_lookup(name, user)
319 /* DEC Hesiod getpwnam accepts numeric strings -- short circuit it */
323 for (p = name; *p != '\0'; p++)
324 if (!isascii(*p) || !isdigit(*p))
337 ** getpwnam() isn't advertised as setting errno.
338 ** In fact, under FreeBSD, non-root getpwnam() on
339 ** non-existant users returns NULL with errno = EPERM.
340 ** This test won't work.
355 sm_mbdb_frompw(user, pw);
360 ** MBDB_PW_TERMINATE -- terminate connection to the mailbox database
378 ** LDAP example implementation based on RFC 2307, "An Approach for Using
379 ** LDAP as a Network Information Service":
381 ** ( nisSchema.1.0 NAME 'uidNumber'
382 ** DESC 'An integer uniquely identifying a user in an
383 ** administrative domain'
384 ** EQUALITY integerMatch SYNTAX 'INTEGER' SINGLE-VALUE )
386 ** ( nisSchema.1.1 NAME 'gidNumber'
387 ** DESC 'An integer uniquely identifying a group in an
388 ** administrative domain'
389 ** EQUALITY integerMatch SYNTAX 'INTEGER' SINGLE-VALUE )
391 ** ( nisSchema.1.2 NAME 'gecos'
392 ** DESC 'The GECOS field; the common name'
393 ** EQUALITY caseIgnoreIA5Match
394 ** SUBSTRINGS caseIgnoreIA5SubstringsMatch
395 ** SYNTAX 'IA5String' SINGLE-VALUE )
397 ** ( nisSchema.1.3 NAME 'homeDirectory'
398 ** DESC 'The absolute path to the home directory'
399 ** EQUALITY caseExactIA5Match
400 ** SYNTAX 'IA5String' SINGLE-VALUE )
402 ** ( nisSchema.1.4 NAME 'loginShell'
403 ** DESC 'The path to the login shell'
404 ** EQUALITY caseExactIA5Match
405 ** SYNTAX 'IA5String' SINGLE-VALUE )
407 ** ( nisSchema.2.0 NAME 'posixAccount' SUP top AUXILIARY
408 ** DESC 'Abstraction of an account with POSIX attributes'
409 ** MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
410 ** MAY ( userPassword $ loginShell $ gecos $ description ) )
414 # define MBDB_LDAP_LABEL "MailboxDatabase"
416 # ifndef MBDB_LDAP_FILTER
417 # define MBDB_LDAP_FILTER "(&(objectClass=posixAccount)(uid=%0))"
418 # endif /* MBDB_LDAP_FILTER */
420 # ifndef MBDB_DEFAULT_LDAP_BASEDN
421 # define MBDB_DEFAULT_LDAP_BASEDN NULL
422 # endif /* MBDB_DEFAULT_LDAP_BASEDN */
424 # ifndef MBDB_DEFAULT_LDAP_SERVER
425 # define MBDB_DEFAULT_LDAP_SERVER NULL
426 # endif /* MBDB_DEFAULT_LDAP_SERVER */
429 ** MBDB_LDAP_INITIALIZE -- initialize LDAP version
432 ** arg -- LDAP specification
435 ** EX_OK on success, or an EX_* code on failure.
439 mbdb_ldap_initialize(arg)
442 sm_ldap_clear(&LDAPLMAP);
443 LDAPLMAP.ldap_base = MBDB_DEFAULT_LDAP_BASEDN;
444 LDAPLMAP.ldap_host = MBDB_DEFAULT_LDAP_SERVER;
445 LDAPLMAP.ldap_filter = MBDB_LDAP_FILTER;
447 /* Only want one match */
448 LDAPLMAP.ldap_sizelimit = 1;
450 /* interpolate new ldap_base and ldap_host from arg if given */
451 if (arg != NULL && *arg != '\0')
457 len = strlen(arg) + 1;
458 new = sm_malloc(len);
461 (void) sm_strlcpy(new, arg, len);
462 sep = strrchr(new, '@');
466 LDAPLMAP.ldap_host = sep;
468 LDAPLMAP.ldap_base = new;
475 ** MBDB_LDAP_LOOKUP -- look up a local mail recipient, given name
478 ** name -- name of local mail recipient
479 ** user -- pointer to structure to fill in on success
482 ** On success, fill in *user and return EX_OK.
483 ** Failure: EX_NOUSER.
486 #define NEED_FULLNAME 0x01
487 #define NEED_HOMEDIR 0x02
488 #define NEED_SHELL 0x04
489 #define NEED_UID 0x08
490 #define NEED_GID 0x10
493 mbdb_ldap_lookup(name, user)
505 if (strlen(name) >= sizeof(user->mbdb_name))
511 if (LDAPLMAP.ldap_filter == NULL)
513 /* map not initialized, but don't have arg here */
518 if (LDAPLMAP.ldap_pid != getpid())
520 /* re-open map in this child process */
521 LDAPLMAP.ldap_ld = NULL;
524 if (LDAPLMAP.ldap_ld == NULL)
526 /* map not open, try to open now */
527 if (!sm_ldap_start(MBDB_LDAP_LABEL, &LDAPLMAP))
531 sm_ldap_setopts(LDAPLMAP.ldap_ld, &LDAPLMAP);
532 msgid = sm_ldap_search(&LDAPLMAP, name);
535 save_errno = sm_ldap_geterrno(LDAPLMAP.ldap_ld) + E_LDAPBASE;
536 # ifdef LDAP_SERVER_DOWN
537 if (errno == LDAP_SERVER_DOWN)
539 /* server disappeared, try reopen on next search */
540 sm_ldap_close(&LDAPLMAP);
542 # endif /* LDAP_SERVER_DOWN */
548 ret = ldap_result(LDAPLMAP.ldap_ld, msgid, 1,
549 (LDAPLMAP.ldap_timeout.tv_sec == 0 ? NULL :
550 &(LDAPLMAP.ldap_timeout)),
551 &(LDAPLMAP.ldap_res));
553 if (ret != LDAP_RES_SEARCH_RESULT &&
554 ret != LDAP_RES_SEARCH_ENTRY)
559 errno = sm_ldap_geterrno(LDAPLMAP.ldap_ld);
564 entry = ldap_first_entry(LDAPLMAP.ldap_ld, LDAPLMAP.ldap_res);
567 save_errno = sm_ldap_geterrno(LDAPLMAP.ldap_ld);
568 if (save_errno == LDAP_SUCCESS)
581 # if !defined(LDAP_VERSION_MAX) && !defined(LDAP_OPT_SIZELIMIT)
583 ** Reset value to prevent lingering
584 ** LDAP_DECODING_ERROR due to
585 ** OpenLDAP 1.X's hack (see below)
588 LDAPLMAP.ldap_ld->ld_errno = LDAP_SUCCESS;
589 # endif /* !defined(LDAP_VERSION_MAX) !defined(LDAP_OPT_SIZELIMIT) */
592 need = NEED_FULLNAME|NEED_HOMEDIR|NEED_SHELL|NEED_UID|NEED_GID;
593 for (attr = ldap_first_attribute(LDAPLMAP.ldap_ld, entry, &ber);
595 attr = ldap_next_attribute(LDAPLMAP.ldap_ld, entry, ber))
599 vals = ldap_get_values(LDAPLMAP.ldap_ld, entry, attr);
602 errno = sm_ldap_geterrno(LDAPLMAP.ldap_ld);
603 if (errno == LDAP_SUCCESS)
609 /* Must be an error */
615 # if !defined(LDAP_VERSION_MAX) && !defined(LDAP_OPT_SIZELIMIT)
617 ** Reset value to prevent lingering
618 ** LDAP_DECODING_ERROR due to
619 ** OpenLDAP 1.X's hack (see below)
622 LDAPLMAP.ldap_ld->ld_errno = LDAP_SUCCESS;
623 # endif /* !defined(LDAP_VERSION_MAX) !defined(LDAP_OPT_SIZELIMIT) */
625 if (vals[0] == NULL || vals[0][0] == '\0')
628 if (strcasecmp(attr, "gecos") == 0)
630 if (!bitset(NEED_FULLNAME, need) ||
631 strlen(vals[0]) >= sizeof(user->mbdb_fullname))
634 sm_pwfullname(vals[0], name, user->mbdb_fullname,
635 sizeof(user->mbdb_fullname));
636 need &= ~NEED_FULLNAME;
638 else if (strcasecmp(attr, "homeDirectory") == 0)
640 if (!bitset(NEED_HOMEDIR, need) ||
641 strlen(vals[0]) >= sizeof(user->mbdb_homedir))
644 (void) sm_strlcpy(user->mbdb_homedir, vals[0],
645 sizeof(user->mbdb_homedir));
646 need &= ~NEED_HOMEDIR;
648 else if (strcasecmp(attr, "loginShell") == 0)
650 if (!bitset(NEED_SHELL, need) ||
651 strlen(vals[0]) >= sizeof(user->mbdb_shell))
654 (void) sm_strlcpy(user->mbdb_shell, vals[0],
655 sizeof(user->mbdb_shell));
658 else if (strcasecmp(attr, "uidNumber") == 0)
662 if (!bitset(NEED_UID, need))
665 for (p = vals[0]; *p != '\0'; p++)
667 /* allow negative numbers */
668 if (p == vals[0] && *p == '-')
670 /* but not simply '-' */
671 if (*(p + 1) == '\0')
674 else if (!isascii(*p) || !isdigit(*p))
677 user->mbdb_uid = atoi(vals[0]);
680 else if (strcasecmp(attr, "gidNumber") == 0)
684 if (!bitset(NEED_GID, need))
687 for (p = vals[0]; *p != '\0'; p++)
689 /* allow negative numbers */
690 if (p == vals[0] && *p == '-')
692 /* but not simply '-' */
693 if (*(p + 1) == '\0')
696 else if (!isascii(*p) || !isdigit(*p))
699 user->mbdb_gid = atoi(vals[0]);
704 ldap_value_free(vals);
708 errno = sm_ldap_geterrno(LDAPLMAP.ldap_ld);
711 ** We check errno != LDAP_DECODING_ERROR since
712 ** OpenLDAP 1.X has a very ugly *undocumented*
713 ** hack of returning this error code from
714 ** ldap_next_attribute() if the library freed the
715 ** ber attribute. See:
716 ** http://www.openldap.org/lists/openldap-devel/9901/msg00064.html
719 if (errno != LDAP_SUCCESS &&
720 errno != LDAP_DECODING_ERROR)
722 /* Must be an error */
735 if (LDAPLMAP.ldap_res != NULL)
737 ldap_msgfree(LDAPLMAP.ldap_res);
738 LDAPLMAP.ldap_res = NULL;
744 (void) sm_strlcpy(user->mbdb_name, name,
745 sizeof(user->mbdb_name));
759 ** MBDB_LDAP_TERMINATE -- terminate connection to the mailbox database
769 mbdb_ldap_terminate()
771 sm_ldap_close(&LDAPLMAP);
773 # endif /* _LDAP_EXAMPLE_ */
projects / dragonfly.git / blob