]>
Commit | Line | Data |
---|---|---|
cf6bc0da DH |
1 | /* ldap.c |
2 | ||
3 | Routines for reading the configuration from LDAP */ | |
4 | ||
5 | /* | |
3b5aab88 | 6 | * Copyright (c) 2010-2019 by Internet Systems Consortium, Inc. ("ISC") |
cf6bc0da DH |
7 | * Copyright (c) 2003-2006 Ntelos, Inc. |
8 | * All rights reserved. | |
9 | * | |
10 | * Redistribution and use in source and binary forms, with or without | |
11 | * modification, are permitted provided that the following conditions | |
12 | * are met: | |
13 | * | |
14 | * 1. Redistributions of source code must retain the above copyright | |
15 | * notice, this list of conditions and the following disclaimer. | |
16 | * 2. Redistributions in binary form must reproduce the above copyright | |
17 | * notice, this list of conditions and the following disclaimer in the | |
18 | * documentation and/or other materials provided with the distribution. | |
19 | * 3. Neither the name of The Internet Software Consortium nor the names | |
20 | * of its contributors may be used to endorse or promote products derived | |
21 | * from this software without specific prior written permission. | |
22 | * | |
23 | * THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND | |
24 | * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, | |
25 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF | |
26 | * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
27 | * DISCLAIMED. IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR | |
28 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
29 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT | |
30 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF | |
31 | * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | |
32 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, | |
33 | * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT | |
34 | * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
35 | * SUCH DAMAGE. | |
36 | * | |
37 | * This LDAP module was written by Brian Masney <masneyb@ntelos.net>. Its | |
38 | * development was sponsored by Ntelos, Inc. (www.ntelos.com). | |
39 | */ | |
40 | ||
41 | #include "dhcpd.h" | |
253f67ae | 42 | #if defined(LDAP_CONFIGURATION) |
cf6bc0da DH |
43 | #include <signal.h> |
44 | #include <errno.h> | |
743d6937 TM |
45 | #include <ctype.h> |
46 | #include <netdb.h> | |
47 | #include <net/if.h> | |
253f67ae | 48 | #if defined(HAVE_IFADDRS_H) |
743d6937 | 49 | #include <ifaddrs.h> |
253f67ae | 50 | #endif |
743d6937 | 51 | #include <string.h> |
cf6bc0da | 52 | |
cf6bc0da DH |
53 | #if defined(LDAP_CASA_AUTH) |
54 | #include "ldap_casa.h" | |
55 | #endif | |
56 | ||
743d6937 TM |
57 | #if defined(LDAP_USE_GSSAPI) |
58 | #include <sasl/sasl.h> | |
59 | #include "ldap_krb_helper.h" | |
60 | #endif | |
61 | ||
cf6bc0da DH |
62 | static LDAP * ld = NULL; |
63 | static char *ldap_server = NULL, | |
64 | *ldap_username = NULL, | |
65 | *ldap_password = NULL, | |
66 | *ldap_base_dn = NULL, | |
67 | *ldap_dhcp_server_cn = NULL, | |
68 | *ldap_debug_file = NULL; | |
69 | static int ldap_port = LDAP_PORT, | |
70 | ldap_method = LDAP_METHOD_DYNAMIC, | |
71 | ldap_referrals = -1, | |
743d6937 TM |
72 | ldap_debug_fd = -1, |
73 | ldap_enable_retry = -1, | |
74 | ldap_init_retry = -1; | |
cf6bc0da DH |
75 | #if defined (LDAP_USE_SSL) |
76 | static int ldap_use_ssl = -1, /* try TLS if possible */ | |
77 | ldap_tls_reqcert = -1, | |
78 | ldap_tls_crlcheck = -1; | |
79 | static char *ldap_tls_ca_file = NULL, | |
80 | *ldap_tls_ca_dir = NULL, | |
81 | *ldap_tls_cert = NULL, | |
82 | *ldap_tls_key = NULL, | |
83 | *ldap_tls_ciphers = NULL, | |
84 | *ldap_tls_randfile = NULL; | |
85 | #endif | |
743d6937 TM |
86 | |
87 | #if defined (LDAP_USE_GSSAPI) | |
88 | static char *ldap_gssapi_keytab = NULL, | |
89 | *ldap_gssapi_principal = NULL; | |
90 | ||
91 | struct ldap_sasl_instance { | |
92 | char *sasl_mech; | |
93 | char *sasl_realm; | |
94 | char *sasl_authz_id; | |
95 | char *sasl_authc_id; | |
96 | char *sasl_password; | |
97 | }; | |
98 | ||
99 | static struct ldap_sasl_instance *ldap_sasl_inst = NULL; | |
100 | ||
101 | static int | |
102 | _ldap_sasl_interact(LDAP *ld, unsigned flags, void *defaults, void *sin) ; | |
103 | #endif | |
104 | ||
cf6bc0da DH |
105 | static struct ldap_config_stack *ldap_stack = NULL; |
106 | ||
107 | typedef struct ldap_dn_node { | |
108 | struct ldap_dn_node *next; | |
109 | size_t refs; | |
110 | char *dn; | |
111 | } ldap_dn_node; | |
112 | ||
113 | static ldap_dn_node *ldap_service_dn_head = NULL; | |
114 | static ldap_dn_node *ldap_service_dn_tail = NULL; | |
115 | ||
743d6937 TM |
116 | static int ldap_read_function (struct parse *cfile); |
117 | ||
118 | static struct parse * | |
119 | x_parser_init(const char *name) | |
120 | { | |
121 | struct parse *cfile; | |
122 | isc_result_t res; | |
123 | char *inbuf; | |
124 | ||
125 | inbuf = dmalloc (LDAP_BUFFER_SIZE, MDL); | |
126 | if (inbuf == NULL) | |
127 | return NULL; | |
128 | ||
129 | cfile = (struct parse *) NULL; | |
130 | res = new_parse (&cfile, -1, inbuf, LDAP_BUFFER_SIZE, name, 0); | |
131 | if (res != ISC_R_SUCCESS) | |
132 | { | |
133 | dfree(inbuf, MDL); | |
134 | return NULL; | |
135 | } | |
136 | /* the buffer is still empty */ | |
137 | cfile->bufsiz = LDAP_BUFFER_SIZE; | |
138 | cfile->buflen = cfile->bufix = 0; | |
139 | /* attach ldap read function */ | |
140 | cfile->read_function = ldap_read_function; | |
141 | return cfile; | |
142 | } | |
143 | ||
144 | static isc_result_t | |
145 | x_parser_free(struct parse **cfile) | |
146 | { | |
147 | if (cfile && *cfile) | |
148 | { | |
149 | if ((*cfile)->inbuf) | |
150 | dfree((*cfile)->inbuf, MDL); | |
151 | (*cfile)->inbuf = NULL; | |
152 | (*cfile)->bufsiz = 0; | |
153 | return end_parse(cfile); | |
154 | } | |
155 | return ISC_R_SUCCESS; | |
156 | } | |
157 | ||
158 | static int | |
159 | x_parser_resize(struct parse *cfile, size_t len) | |
160 | { | |
161 | size_t size; | |
162 | char * temp; | |
163 | ||
164 | /* grow by len rounded up at LDAP_BUFFER_SIZE */ | |
165 | size = cfile->bufsiz + (len | (LDAP_BUFFER_SIZE-1)) + 1; | |
166 | ||
167 | /* realloc would be better, but there isn't any */ | |
168 | if ((temp = dmalloc (size, MDL)) != NULL) | |
169 | { | |
170 | #if defined (DEBUG_LDAP) | |
171 | log_info ("Reallocated %s buffer from %zu to %zu", | |
172 | cfile->tlname, cfile->bufsiz, size); | |
173 | #endif | |
174 | memcpy(temp, cfile->inbuf, cfile->bufsiz); | |
175 | dfree(cfile->inbuf, MDL); | |
176 | cfile->inbuf = temp; | |
177 | cfile->bufsiz = size; | |
178 | return 1; | |
179 | } | |
180 | ||
181 | /* | |
182 | * Hmm... what is worser, consider it as fatal error and | |
183 | * bail out completely or discard config data in hope it | |
184 | * is "only" an option in dynamic host lookup? | |
185 | */ | |
186 | log_error("Unable to reallocated %s buffer from %zu to %zu", | |
187 | cfile->tlname, cfile->bufsiz, size); | |
188 | return 0; | |
189 | } | |
cf6bc0da DH |
190 | |
191 | static char * | |
743d6937 | 192 | x_parser_strcat(struct parse *cfile, const char *str) |
cf6bc0da | 193 | { |
743d6937 TM |
194 | size_t cur = strlen(cfile->inbuf); |
195 | size_t len = strlen(str); | |
196 | size_t cnt; | |
197 | ||
198 | if (cur + len >= cfile->bufsiz && !x_parser_resize(cfile, len)) | |
199 | return NULL; | |
200 | ||
201 | cnt = cfile->bufsiz > cur ? cfile->bufsiz - cur - 1 : 0; | |
202 | return strncat(cfile->inbuf, str, cnt); | |
203 | } | |
204 | ||
205 | static inline void | |
206 | x_parser_reset(struct parse *cfile) | |
207 | { | |
208 | cfile->inbuf[0] = '\0'; | |
209 | cfile->bufix = cfile->buflen = 0; | |
210 | } | |
211 | ||
212 | static inline size_t | |
213 | x_parser_length(struct parse *cfile) | |
214 | { | |
215 | cfile->buflen = strlen(cfile->inbuf); | |
216 | return cfile->buflen; | |
217 | } | |
218 | ||
219 | static char * | |
220 | x_strxform(char *dst, const char *src, size_t dst_size, | |
221 | int (*xform)(int)) | |
222 | { | |
223 | if(dst && src && dst_size) | |
224 | { | |
225 | size_t len, pos; | |
226 | ||
227 | len = strlen(src); | |
228 | for(pos=0; pos < len && pos + 1 < dst_size; pos++) | |
229 | dst[pos] = xform((int)src[pos]); | |
230 | dst[pos] = '\0'; | |
231 | ||
232 | return dst; | |
233 | } | |
234 | return NULL; | |
235 | } | |
236 | ||
237 | static int | |
238 | get_host_entry(char *fqdnname, size_t fqdnname_size, | |
239 | char *hostaddr, size_t hostaddr_size) | |
240 | { | |
241 | #if defined(MAXHOSTNAMELEN) | |
242 | char hname[MAXHOSTNAMELEN+1]; | |
243 | #else | |
244 | char hname[65]; | |
245 | #endif | |
246 | struct hostent *hp; | |
247 | ||
248 | if (NULL == fqdnname || 1 >= fqdnname_size) | |
249 | return -1; | |
250 | ||
251 | memset(hname, 0, sizeof(hname)); | |
252 | if (gethostname(hname, sizeof(hname)-1)) | |
253 | return -1; | |
254 | ||
255 | if (NULL == (hp = gethostbyname(hname))) | |
256 | return -1; | |
257 | ||
258 | strncpy(fqdnname, hp->h_name, fqdnname_size-1); | |
259 | fqdnname[fqdnname_size-1] = '\0'; | |
260 | ||
261 | if (hostaddr != NULL) | |
262 | { | |
263 | if (hp->h_addr != NULL) | |
264 | { | |
265 | struct in_addr *aptr = (struct in_addr *)hp->h_addr; | |
266 | #if defined(HAVE_INET_NTOP) | |
267 | if (hostaddr_size >= INET_ADDRSTRLEN && | |
268 | inet_ntop(AF_INET, aptr, hostaddr, hostaddr_size) != NULL) | |
269 | { | |
270 | return 0; | |
271 | } | |
272 | #else | |
273 | char *astr = inet_ntoa(*aptr); | |
274 | size_t alen = strlen(astr); | |
275 | if (astr && alen > 0 && hostaddr_size > alen) | |
276 | { | |
277 | strncpy(hostaddr, astr, hostaddr_size-1); | |
278 | hostaddr[hostaddr_size-1] = '\0'; | |
279 | return 0; | |
280 | } | |
281 | #endif | |
282 | } | |
283 | return -1; | |
284 | } | |
285 | return 0; | |
286 | } | |
287 | ||
253f67ae | 288 | #if defined(HAVE_IFADDRS_H) |
743d6937 TM |
289 | static int |
290 | is_iface_address(struct ifaddrs *addrs, struct in_addr *addr) | |
291 | { | |
292 | struct ifaddrs *ia; | |
293 | struct sockaddr_in *sa; | |
294 | int num = 0; | |
295 | ||
296 | if(addrs == NULL || addr == NULL) | |
297 | return -1; | |
298 | ||
299 | for (ia = addrs; ia != NULL; ia = ia->ifa_next) | |
300 | { | |
301 | ++num; | |
302 | if (ia->ifa_addr && (ia->ifa_flags & IFF_UP) && | |
303 | ia->ifa_addr->sa_family == AF_INET) | |
304 | { | |
305 | sa = (struct sockaddr_in *)(ia->ifa_addr); | |
306 | if (addr->s_addr == sa->sin_addr.s_addr) | |
307 | return num; | |
308 | } | |
309 | } | |
310 | return 0; | |
311 | } | |
312 | ||
313 | static int | |
314 | get_host_address(const char *hostname, char *hostaddr, size_t hostaddr_size, struct ifaddrs *addrs) | |
315 | { | |
316 | if (hostname && *hostname && hostaddr && hostaddr_size) | |
317 | { | |
318 | struct in_addr addr; | |
319 | ||
320 | #if defined(HAVE_INET_PTON) | |
321 | if (inet_pton(AF_INET, hostname, &addr) == 1) | |
322 | #else | |
323 | if (inet_aton(hostname, &addr) != 0) | |
324 | #endif | |
325 | { | |
326 | /* it is already IP address string */ | |
327 | if(strlen(hostname) < hostaddr_size) | |
328 | { | |
329 | strncpy(hostaddr, hostname, hostaddr_size-1); | |
330 | hostaddr[hostaddr_size-1] = '\0'; | |
331 | ||
332 | if (addrs != NULL && is_iface_address (addrs, &addr) > 0) | |
333 | return 1; | |
334 | else | |
335 | return 0; | |
336 | } | |
337 | } | |
338 | else | |
339 | { | |
340 | struct hostent *hp; | |
341 | if ((hp = gethostbyname(hostname)) != NULL && hp->h_addr != NULL) | |
342 | { | |
343 | struct in_addr *aptr = (struct in_addr *)hp->h_addr; | |
344 | int mret = 0; | |
345 | ||
346 | if (addrs != NULL) | |
347 | { | |
348 | char **h; | |
349 | for (h=hp->h_addr_list; *h; h++) | |
350 | { | |
351 | struct in_addr *haddr = (struct in_addr *)*h; | |
352 | if (is_iface_address (addrs, haddr) > 0) | |
353 | { | |
354 | aptr = haddr; | |
355 | mret = 1; | |
356 | } | |
357 | } | |
358 | } | |
359 | ||
360 | #if defined(HAVE_INET_NTOP) | |
361 | if (hostaddr_size >= INET_ADDRSTRLEN && | |
362 | inet_ntop(AF_INET, aptr, hostaddr, hostaddr_size) != NULL) | |
363 | { | |
364 | return mret; | |
365 | } | |
366 | #else | |
367 | char *astr = inet_ntoa(*aptr); | |
368 | size_t alen = strlen(astr); | |
369 | if (astr && alen > 0 && alen < hostaddr_size) | |
370 | { | |
371 | strncpy(hostaddr, astr, hostaddr_size-1); | |
372 | hostaddr[hostaddr_size-1] = '\0'; | |
373 | return mret; | |
374 | } | |
375 | #endif | |
376 | } | |
377 | } | |
378 | } | |
379 | return -1; | |
cf6bc0da | 380 | } |
253f67ae | 381 | #endif /* HAVE_IFADDRS_H */ |
cf6bc0da DH |
382 | |
383 | static void | |
384 | ldap_parse_class (struct ldap_config_stack *item, struct parse *cfile) | |
385 | { | |
386 | struct berval **tempbv; | |
387 | ||
388 | if ((tempbv = ldap_get_values_len (ld, item->ldent, "cn")) == NULL || | |
389 | tempbv[0] == NULL) | |
390 | { | |
391 | if (tempbv != NULL) | |
392 | ldap_value_free_len (tempbv); | |
393 | ||
394 | return; | |
395 | } | |
396 | ||
743d6937 TM |
397 | x_parser_strcat (cfile, "class \""); |
398 | x_parser_strcat (cfile, tempbv[0]->bv_val); | |
399 | x_parser_strcat (cfile, "\" {\n"); | |
cf6bc0da DH |
400 | |
401 | item->close_brace = 1; | |
402 | ldap_value_free_len (tempbv); | |
403 | } | |
404 | ||
743d6937 TM |
405 | static int |
406 | is_hex_string(const char *str) | |
407 | { | |
408 | int colon = 1; | |
409 | int xdigit = 0; | |
410 | size_t i; | |
411 | ||
412 | if (!str) | |
413 | return 0; | |
414 | ||
415 | if (*str == '-') | |
416 | str++; | |
417 | ||
418 | for (i=0; str[i]; ++i) | |
419 | { | |
420 | if (str[i] == ':') | |
421 | { | |
422 | xdigit = 0; | |
423 | if(++colon > 1) | |
424 | return 0; | |
425 | } | |
426 | else if(isxdigit((unsigned char)str[i])) | |
427 | { | |
428 | colon = 0; | |
429 | if (++xdigit > 2) | |
430 | return 0; | |
431 | } | |
432 | else | |
433 | return 0; | |
434 | } | |
435 | return i > 0 && !colon; | |
436 | } | |
cf6bc0da DH |
437 | |
438 | static void | |
439 | ldap_parse_subclass (struct ldap_config_stack *item, struct parse *cfile) | |
440 | { | |
441 | struct berval **tempbv, **classdata; | |
743d6937 | 442 | char *tmp; |
cf6bc0da DH |
443 | |
444 | if ((tempbv = ldap_get_values_len (ld, item->ldent, "cn")) == NULL || | |
445 | tempbv[0] == NULL) | |
446 | { | |
447 | if (tempbv != NULL) | |
448 | ldap_value_free_len (tempbv); | |
449 | ||
450 | return; | |
451 | } | |
452 | ||
453 | if ((classdata = ldap_get_values_len (ld, item->ldent, | |
454 | "dhcpClassData")) == NULL || | |
455 | classdata[0] == NULL) | |
456 | { | |
457 | if (classdata != NULL) | |
458 | ldap_value_free_len (classdata); | |
459 | ldap_value_free_len (tempbv); | |
460 | ||
461 | return; | |
462 | } | |
463 | ||
743d6937 TM |
464 | x_parser_strcat (cfile, "subclass \""); |
465 | x_parser_strcat (cfile, classdata[0]->bv_val); | |
466 | if (is_hex_string(tempbv[0]->bv_val)) | |
467 | { | |
468 | x_parser_strcat (cfile, "\" "); | |
469 | x_parser_strcat (cfile, tempbv[0]->bv_val); | |
470 | x_parser_strcat (cfile, " {\n"); | |
471 | } | |
472 | else | |
473 | { | |
474 | tmp = quotify_string(tempbv[0]->bv_val, MDL); | |
475 | x_parser_strcat (cfile, "\" \""); | |
476 | x_parser_strcat (cfile, tmp); | |
477 | x_parser_strcat (cfile, "\" {\n"); | |
478 | dfree(tmp, MDL); | |
479 | } | |
cf6bc0da DH |
480 | |
481 | item->close_brace = 1; | |
482 | ldap_value_free_len (tempbv); | |
483 | ldap_value_free_len (classdata); | |
484 | } | |
485 | ||
486 | ||
487 | static void | |
488 | ldap_parse_host (struct ldap_config_stack *item, struct parse *cfile) | |
489 | { | |
490 | struct berval **tempbv, **hwaddr; | |
491 | ||
492 | if ((tempbv = ldap_get_values_len (ld, item->ldent, "cn")) == NULL || | |
493 | tempbv[0] == NULL) | |
494 | { | |
495 | if (tempbv != NULL) | |
496 | ldap_value_free_len (tempbv); | |
497 | ||
498 | return; | |
499 | } | |
500 | ||
501 | hwaddr = ldap_get_values_len (ld, item->ldent, "dhcpHWAddress"); | |
502 | ||
743d6937 TM |
503 | x_parser_strcat (cfile, "host "); |
504 | x_parser_strcat (cfile, tempbv[0]->bv_val); | |
505 | x_parser_strcat (cfile, " {\n"); | |
cf6bc0da | 506 | |
743d6937 | 507 | if (hwaddr != NULL) |
cf6bc0da | 508 | { |
743d6937 TM |
509 | if (hwaddr[0] != NULL) |
510 | { | |
511 | x_parser_strcat (cfile, "hardware "); | |
512 | x_parser_strcat (cfile, hwaddr[0]->bv_val); | |
513 | x_parser_strcat (cfile, ";\n"); | |
514 | } | |
cf6bc0da DH |
515 | ldap_value_free_len (hwaddr); |
516 | } | |
517 | ||
518 | item->close_brace = 1; | |
519 | ldap_value_free_len (tempbv); | |
520 | } | |
521 | ||
522 | ||
523 | static void | |
524 | ldap_parse_shared_network (struct ldap_config_stack *item, struct parse *cfile) | |
525 | { | |
526 | struct berval **tempbv; | |
527 | ||
528 | if ((tempbv = ldap_get_values_len (ld, item->ldent, "cn")) == NULL || | |
529 | tempbv[0] == NULL) | |
530 | { | |
531 | if (tempbv != NULL) | |
532 | ldap_value_free_len (tempbv); | |
533 | ||
534 | return; | |
535 | } | |
536 | ||
743d6937 TM |
537 | x_parser_strcat (cfile, "shared-network \""); |
538 | x_parser_strcat (cfile, tempbv[0]->bv_val); | |
539 | x_parser_strcat (cfile, "\" {\n"); | |
cf6bc0da DH |
540 | |
541 | item->close_brace = 1; | |
542 | ldap_value_free_len (tempbv); | |
543 | } | |
544 | ||
545 | ||
546 | static void | |
547 | parse_netmask (int netmask, char *netmaskbuf) | |
548 | { | |
549 | unsigned long nm; | |
550 | int i; | |
551 | ||
552 | nm = 0; | |
553 | for (i=1; i <= netmask; i++) | |
554 | { | |
555 | nm |= 1 << (32 - i); | |
556 | } | |
557 | ||
558 | sprintf (netmaskbuf, "%d.%d.%d.%d", (int) (nm >> 24) & 0xff, | |
559 | (int) (nm >> 16) & 0xff, | |
560 | (int) (nm >> 8) & 0xff, | |
561 | (int) nm & 0xff); | |
562 | } | |
563 | ||
564 | ||
565 | static void | |
566 | ldap_parse_subnet (struct ldap_config_stack *item, struct parse *cfile) | |
567 | { | |
568 | struct berval **tempbv, **netmaskstr; | |
569 | char netmaskbuf[sizeof("255.255.255.255")]; | |
570 | int i; | |
571 | ||
572 | if ((tempbv = ldap_get_values_len (ld, item->ldent, "cn")) == NULL || | |
573 | tempbv[0] == NULL) | |
574 | { | |
575 | if (tempbv != NULL) | |
576 | ldap_value_free_len (tempbv); | |
577 | ||
578 | return; | |
579 | } | |
580 | ||
581 | if ((netmaskstr = ldap_get_values_len (ld, item->ldent, | |
582 | "dhcpNetmask")) == NULL || | |
583 | netmaskstr[0] == NULL) | |
584 | { | |
585 | if (netmaskstr != NULL) | |
586 | ldap_value_free_len (netmaskstr); | |
587 | ldap_value_free_len (tempbv); | |
588 | ||
589 | return; | |
590 | } | |
591 | ||
743d6937 TM |
592 | x_parser_strcat (cfile, "subnet "); |
593 | x_parser_strcat (cfile, tempbv[0]->bv_val); | |
cf6bc0da | 594 | |
743d6937 | 595 | x_parser_strcat (cfile, " netmask "); |
cf6bc0da | 596 | parse_netmask (strtol (netmaskstr[0]->bv_val, NULL, 10), netmaskbuf); |
743d6937 | 597 | x_parser_strcat (cfile, netmaskbuf); |
cf6bc0da | 598 | |
743d6937 | 599 | x_parser_strcat (cfile, " {\n"); |
cf6bc0da DH |
600 | |
601 | ldap_value_free_len (tempbv); | |
602 | ldap_value_free_len (netmaskstr); | |
603 | ||
604 | if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpRange")) != NULL) | |
605 | { | |
606 | for (i=0; tempbv[i] != NULL; i++) | |
607 | { | |
743d6937 TM |
608 | x_parser_strcat (cfile, "range"); |
609 | x_parser_strcat (cfile, " "); | |
610 | x_parser_strcat (cfile, tempbv[i]->bv_val); | |
611 | x_parser_strcat (cfile, ";\n"); | |
cf6bc0da | 612 | } |
743d6937 | 613 | ldap_value_free_len (tempbv); |
cf6bc0da DH |
614 | } |
615 | ||
616 | item->close_brace = 1; | |
617 | } | |
618 | ||
743d6937 TM |
619 | static void |
620 | ldap_parse_subnet6 (struct ldap_config_stack *item, struct parse *cfile) | |
621 | { | |
622 | struct berval **tempbv; | |
623 | int i; | |
624 | ||
625 | if ((tempbv = ldap_get_values_len (ld, item->ldent, "cn")) == NULL || | |
626 | tempbv[0] == NULL) | |
627 | { | |
628 | if (tempbv != NULL) | |
629 | ldap_value_free_len (tempbv); | |
630 | ||
631 | return; | |
632 | } | |
633 | ||
634 | x_parser_strcat (cfile, "subnet6 "); | |
635 | x_parser_strcat (cfile, tempbv[0]->bv_val); | |
636 | ||
637 | x_parser_strcat (cfile, " {\n"); | |
638 | ||
639 | ldap_value_free_len (tempbv); | |
640 | ||
eb2d84b6 | 641 | if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpRange6")) != NULL) |
743d6937 TM |
642 | { |
643 | for (i=0; tempbv[i] != NULL; i++) | |
644 | { | |
645 | x_parser_strcat (cfile, "range6"); | |
646 | x_parser_strcat (cfile, " "); | |
647 | x_parser_strcat (cfile, tempbv[i]->bv_val); | |
648 | x_parser_strcat (cfile, ";\n"); | |
649 | } | |
650 | ldap_value_free_len (tempbv); | |
651 | } | |
652 | ||
653 | if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpPermitList")) != NULL) | |
654 | { | |
655 | for (i=0; tempbv[i] != NULL; i++) | |
656 | { | |
657 | x_parser_strcat (cfile, tempbv[i]->bv_val); | |
658 | x_parser_strcat (cfile, ";\n"); | |
659 | } | |
660 | ldap_value_free_len (tempbv); | |
661 | } | |
662 | ||
663 | item->close_brace = 1; | |
664 | } | |
cf6bc0da DH |
665 | |
666 | static void | |
667 | ldap_parse_pool (struct ldap_config_stack *item, struct parse *cfile) | |
668 | { | |
669 | struct berval **tempbv; | |
670 | int i; | |
671 | ||
743d6937 | 672 | x_parser_strcat (cfile, "pool {\n"); |
cf6bc0da DH |
673 | |
674 | if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpRange")) != NULL) | |
675 | { | |
743d6937 | 676 | x_parser_strcat (cfile, "range"); |
cf6bc0da DH |
677 | for (i=0; tempbv[i] != NULL; i++) |
678 | { | |
743d6937 TM |
679 | x_parser_strcat (cfile, " "); |
680 | x_parser_strcat (cfile, tempbv[i]->bv_val); | |
cf6bc0da | 681 | } |
743d6937 | 682 | x_parser_strcat (cfile, ";\n"); |
cf6bc0da DH |
683 | ldap_value_free_len (tempbv); |
684 | } | |
685 | ||
686 | if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpPermitList")) != NULL) | |
687 | { | |
688 | for (i=0; tempbv[i] != NULL; i++) | |
689 | { | |
743d6937 TM |
690 | x_parser_strcat (cfile, tempbv[i]->bv_val); |
691 | x_parser_strcat (cfile, ";\n"); | |
cf6bc0da DH |
692 | } |
693 | ldap_value_free_len (tempbv); | |
694 | } | |
695 | ||
696 | item->close_brace = 1; | |
697 | } | |
698 | ||
743d6937 TM |
699 | static void |
700 | ldap_parse_pool6 (struct ldap_config_stack *item, struct parse *cfile) | |
701 | { | |
702 | struct berval **tempbv; | |
703 | int i; | |
704 | ||
eb2d84b6 | 705 | x_parser_strcat (cfile, "pool6 {\n"); |
743d6937 | 706 | |
eb2d84b6 | 707 | if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpRange6")) != NULL) |
743d6937 TM |
708 | { |
709 | x_parser_strcat (cfile, "range6"); | |
710 | for (i=0; tempbv[i] != NULL; i++) | |
711 | { | |
712 | x_parser_strcat (cfile, " "); | |
713 | x_parser_strcat (cfile, tempbv[i]->bv_val); | |
714 | } | |
715 | x_parser_strcat (cfile, ";\n"); | |
716 | ldap_value_free_len (tempbv); | |
717 | } | |
718 | ||
719 | if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpPermitList")) != NULL) | |
720 | { | |
721 | for (i=0; tempbv[i] != NULL; i++) | |
722 | { | |
723 | x_parser_strcat(cfile, tempbv[i]->bv_val); | |
724 | x_parser_strcat (cfile, ";\n"); | |
725 | } | |
726 | ldap_value_free_len (tempbv); | |
727 | } | |
728 | ||
729 | item->close_brace = 1; | |
730 | } | |
cf6bc0da DH |
731 | |
732 | static void | |
733 | ldap_parse_group (struct ldap_config_stack *item, struct parse *cfile) | |
734 | { | |
743d6937 | 735 | x_parser_strcat (cfile, "group {\n"); |
cf6bc0da DH |
736 | item->close_brace = 1; |
737 | } | |
738 | ||
739 | ||
740 | static void | |
741 | ldap_parse_key (struct ldap_config_stack *item, struct parse *cfile) | |
742 | { | |
743 | struct berval **tempbv; | |
744 | ||
745 | if ((tempbv = ldap_get_values_len (ld, item->ldent, "cn")) != NULL) | |
746 | { | |
743d6937 TM |
747 | x_parser_strcat (cfile, "key "); |
748 | x_parser_strcat (cfile, tempbv[0]->bv_val); | |
749 | x_parser_strcat (cfile, " {\n"); | |
cf6bc0da DH |
750 | ldap_value_free_len (tempbv); |
751 | } | |
752 | ||
753 | if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpKeyAlgorithm")) != NULL) | |
754 | { | |
743d6937 TM |
755 | x_parser_strcat (cfile, "algorithm "); |
756 | x_parser_strcat (cfile, tempbv[0]->bv_val); | |
757 | x_parser_strcat (cfile, ";\n"); | |
cf6bc0da DH |
758 | ldap_value_free_len (tempbv); |
759 | } | |
760 | ||
761 | if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpKeySecret")) != NULL) | |
762 | { | |
743d6937 TM |
763 | x_parser_strcat (cfile, "secret "); |
764 | x_parser_strcat (cfile, tempbv[0]->bv_val); | |
765 | x_parser_strcat (cfile, ";\n"); | |
cf6bc0da DH |
766 | ldap_value_free_len (tempbv); |
767 | } | |
768 | ||
769 | item->close_brace = 1; | |
770 | } | |
771 | ||
772 | ||
773 | static void | |
774 | ldap_parse_zone (struct ldap_config_stack *item, struct parse *cfile) | |
775 | { | |
776 | char *cnFindStart, *cnFindEnd; | |
777 | struct berval **tempbv; | |
778 | char *keyCn; | |
779 | size_t len; | |
780 | ||
781 | if ((tempbv = ldap_get_values_len (ld, item->ldent, "cn")) != NULL) | |
782 | { | |
743d6937 TM |
783 | x_parser_strcat (cfile, "zone "); |
784 | x_parser_strcat (cfile, tempbv[0]->bv_val); | |
785 | x_parser_strcat (cfile, " {\n"); | |
cf6bc0da DH |
786 | ldap_value_free_len (tempbv); |
787 | } | |
788 | ||
789 | if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpDnsZoneServer")) != NULL) | |
790 | { | |
743d6937 TM |
791 | x_parser_strcat (cfile, "primary "); |
792 | x_parser_strcat (cfile, tempbv[0]->bv_val); | |
cf6bc0da | 793 | |
743d6937 | 794 | x_parser_strcat (cfile, ";\n"); |
cf6bc0da DH |
795 | ldap_value_free_len (tempbv); |
796 | } | |
797 | ||
798 | if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpKeyDN")) != NULL) | |
799 | { | |
800 | cnFindStart = strchr(tempbv[0]->bv_val,'='); | |
801 | if (cnFindStart != NULL) | |
802 | cnFindEnd = strchr(++cnFindStart,','); | |
803 | else | |
804 | cnFindEnd = NULL; | |
805 | ||
806 | if (cnFindEnd != NULL && cnFindEnd > cnFindStart) | |
807 | { | |
808 | len = cnFindEnd - cnFindStart; | |
809 | keyCn = dmalloc (len + 1, MDL); | |
810 | } | |
811 | else | |
812 | { | |
813 | len = 0; | |
814 | keyCn = NULL; | |
815 | } | |
816 | ||
817 | if (keyCn != NULL) | |
818 | { | |
819 | strncpy (keyCn, cnFindStart, len); | |
820 | keyCn[len] = '\0'; | |
821 | ||
743d6937 TM |
822 | x_parser_strcat (cfile, "key "); |
823 | x_parser_strcat (cfile, keyCn); | |
824 | x_parser_strcat (cfile, ";\n"); | |
cf6bc0da DH |
825 | |
826 | dfree (keyCn, MDL); | |
827 | } | |
828 | ||
829 | ldap_value_free_len (tempbv); | |
830 | } | |
831 | ||
832 | item->close_brace = 1; | |
833 | } | |
834 | ||
253f67ae | 835 | #if defined(HAVE_IFADDRS_H) |
743d6937 TM |
836 | static void |
837 | ldap_parse_failover (struct ldap_config_stack *item, struct parse *cfile) | |
838 | { | |
839 | struct berval **tempbv, **peername; | |
840 | struct ifaddrs *addrs = NULL; | |
841 | char srvaddr[2][64] = {"\0", "\0"}; | |
842 | int primary, split = 0, match; | |
843 | ||
844 | if ((peername = ldap_get_values_len (ld, item->ldent, "cn")) == NULL || | |
845 | peername[0] == NULL) | |
846 | { | |
847 | if (peername != NULL) | |
848 | ldap_value_free_len (peername); | |
849 | ||
850 | // ldap with disabled schema checks? fail to avoid syntax error. | |
851 | log_error("Unable to find mandatory failover peering name attribute"); | |
852 | return; | |
853 | } | |
854 | ||
855 | /* Get all interface addresses */ | |
856 | getifaddrs(&addrs); | |
857 | ||
858 | /* | |
859 | ** when dhcpFailOverPrimaryServer or dhcpFailOverSecondaryServer | |
860 | ** matches one of our IP address, the following valiables are set: | |
861 | ** - primary is 1 when we are primary or 0 when we are secondary | |
862 | ** - srvaddr[0] contains ip address of the primary | |
863 | ** - srvaddr[1] contains ip address of the secondary | |
864 | */ | |
865 | primary = -1; | |
866 | if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpFailOverPrimaryServer")) != NULL && | |
867 | tempbv[0] != NULL) | |
868 | { | |
869 | match = get_host_address (tempbv[0]->bv_val, srvaddr[0], sizeof(srvaddr[0]), addrs); | |
870 | if (match >= 0) | |
871 | { | |
872 | /* we are the primary */ | |
873 | if (match > 0) | |
874 | primary = 1; | |
875 | } | |
876 | else | |
877 | { | |
878 | log_info("Can't resolve address of the primary failover '%s' server %s", | |
879 | peername[0]->bv_val, tempbv[0]->bv_val); | |
880 | ldap_value_free_len (tempbv); | |
881 | ldap_value_free_len (peername); | |
882 | if (addrs) | |
883 | freeifaddrs(addrs); | |
884 | return; | |
885 | } | |
886 | } | |
887 | if (tempbv != NULL) | |
888 | ldap_value_free_len (tempbv); | |
889 | ||
890 | if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpFailOverSecondaryServer")) != NULL && | |
891 | tempbv[0] != NULL) | |
892 | { | |
893 | match = get_host_address (tempbv[0]->bv_val, srvaddr[1], sizeof(srvaddr[1]), addrs); | |
894 | if (match >= 0) | |
895 | { | |
896 | if (match > 0) | |
897 | { | |
898 | if (primary == 1) | |
899 | { | |
900 | log_info("Both, primary and secondary failover '%s' server" | |
901 | " attributes match our local address", peername[0]->bv_val); | |
902 | ldap_value_free_len (tempbv); | |
903 | ldap_value_free_len (peername); | |
904 | if (addrs) | |
905 | freeifaddrs(addrs); | |
906 | return; | |
907 | } | |
908 | ||
909 | /* we are the secondary */ | |
910 | primary = 0; | |
911 | } | |
912 | } | |
913 | else | |
914 | { | |
915 | log_info("Can't resolve address of the secondary failover '%s' server %s", | |
916 | peername[0]->bv_val, tempbv[0]->bv_val); | |
917 | ldap_value_free_len (tempbv); | |
918 | ldap_value_free_len (peername); | |
919 | if (addrs) | |
920 | freeifaddrs(addrs); | |
921 | return; | |
922 | } | |
923 | } | |
924 | if (tempbv != NULL) | |
925 | ldap_value_free_len (tempbv); | |
926 | ||
927 | ||
83175640 | 928 | if (primary == -1 || *srvaddr[0] == '\0' || *srvaddr[1] == '\0') |
743d6937 TM |
929 | { |
930 | log_error("Could not decide if the server type is primary" | |
931 | " or secondary for failover peering '%s'.", peername[0]->bv_val); | |
932 | ldap_value_free_len (peername); | |
933 | if (addrs) | |
934 | freeifaddrs(addrs); | |
935 | return; | |
936 | } | |
937 | ||
938 | x_parser_strcat (cfile, "failover peer \""); | |
939 | x_parser_strcat (cfile, peername[0]->bv_val); | |
940 | x_parser_strcat (cfile, "\" {\n"); | |
941 | ||
942 | if (primary) | |
943 | x_parser_strcat (cfile, "primary;\n"); | |
944 | else | |
945 | x_parser_strcat (cfile, "secondary;\n"); | |
946 | ||
947 | x_parser_strcat (cfile, "address "); | |
948 | if (primary) | |
949 | x_parser_strcat (cfile, srvaddr[0]); | |
950 | else | |
951 | x_parser_strcat (cfile, srvaddr[1]); | |
952 | x_parser_strcat (cfile, ";\n"); | |
953 | ||
954 | x_parser_strcat (cfile, "peer address "); | |
955 | if (primary) | |
956 | x_parser_strcat (cfile, srvaddr[1]); | |
957 | else | |
958 | x_parser_strcat (cfile, srvaddr[0]); | |
959 | x_parser_strcat (cfile, ";\n"); | |
960 | ||
961 | if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpFailOverPrimaryPort")) != NULL && | |
962 | tempbv[0] != NULL) | |
963 | { | |
964 | if (primary) | |
965 | x_parser_strcat (cfile, "port "); | |
966 | else | |
967 | x_parser_strcat (cfile, "peer port "); | |
968 | x_parser_strcat (cfile, tempbv[0]->bv_val); | |
969 | x_parser_strcat (cfile, ";\n"); | |
970 | } | |
971 | if (tempbv != NULL) | |
972 | ldap_value_free_len (tempbv); | |
973 | ||
974 | if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpFailOverSecondaryPort")) != NULL && | |
975 | tempbv[0] != NULL) | |
976 | { | |
977 | if (primary) | |
978 | x_parser_strcat (cfile, "peer port "); | |
979 | else | |
980 | x_parser_strcat (cfile, "port "); | |
981 | x_parser_strcat (cfile, tempbv[0]->bv_val); | |
982 | x_parser_strcat (cfile, ";\n"); | |
983 | } | |
984 | if (tempbv != NULL) | |
985 | ldap_value_free_len (tempbv); | |
986 | ||
987 | if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpFailOverResponseDelay")) != NULL && | |
988 | tempbv[0] != NULL) | |
989 | { | |
990 | x_parser_strcat (cfile, "max-response-delay "); | |
991 | x_parser_strcat (cfile, tempbv[0]->bv_val); | |
992 | x_parser_strcat (cfile, ";\n"); | |
993 | } | |
994 | if (tempbv != NULL) | |
995 | ldap_value_free_len (tempbv); | |
996 | ||
997 | if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpFailOverUnackedUpdates")) != NULL && | |
998 | tempbv[0] != NULL) | |
999 | { | |
1000 | x_parser_strcat (cfile, "max-unacked-updates "); | |
1001 | x_parser_strcat (cfile, tempbv[0]->bv_val); | |
1002 | x_parser_strcat (cfile, ";\n"); | |
1003 | } | |
1004 | if (tempbv != NULL) | |
1005 | ldap_value_free_len (tempbv); | |
1006 | ||
1007 | if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpFailOverLoadBalanceTime")) != NULL && | |
1008 | tempbv[0] != NULL) | |
1009 | { | |
1010 | x_parser_strcat (cfile, "load balance max seconds "); | |
1011 | x_parser_strcat (cfile, tempbv[0]->bv_val); | |
1012 | x_parser_strcat (cfile, ";\n"); | |
1013 | } | |
1014 | if (tempbv != NULL) | |
1015 | ldap_value_free_len (tempbv); | |
1016 | ||
1017 | tempbv = NULL; | |
1018 | if (primary && | |
1019 | (tempbv = ldap_get_values_len (ld, item->ldent, "dhcpMaxClientLeadTime")) != NULL && | |
1020 | tempbv[0] != NULL) | |
1021 | { | |
1022 | x_parser_strcat (cfile, "mclt "); | |
1023 | x_parser_strcat (cfile, tempbv[0]->bv_val); | |
1024 | x_parser_strcat (cfile, ";\n"); | |
1025 | } | |
1026 | if (tempbv != NULL) | |
1027 | ldap_value_free_len (tempbv); | |
1028 | ||
1029 | tempbv = NULL; | |
1030 | if (primary && | |
1031 | (tempbv = ldap_get_values_len (ld, item->ldent, "dhcpFailOverSplit")) != NULL && | |
1032 | tempbv[0] != NULL) | |
1033 | { | |
1034 | x_parser_strcat (cfile, "split "); | |
1035 | x_parser_strcat (cfile, tempbv[0]->bv_val); | |
1036 | x_parser_strcat (cfile, ";\n"); | |
1037 | split = 1; | |
1038 | } | |
1039 | if (tempbv != NULL) | |
1040 | ldap_value_free_len (tempbv); | |
1041 | ||
1042 | tempbv = NULL; | |
1043 | if (primary && !split && | |
1044 | (tempbv = ldap_get_values_len (ld, item->ldent, "dhcpFailOverHashBucketAssignment")) != NULL && | |
1045 | tempbv[0] != NULL) | |
1046 | { | |
1047 | x_parser_strcat (cfile, "hba "); | |
1048 | x_parser_strcat (cfile, tempbv[0]->bv_val); | |
1049 | x_parser_strcat (cfile, ";\n"); | |
1050 | } | |
1051 | if (tempbv != NULL) | |
1052 | ldap_value_free_len (tempbv); | |
1053 | ||
1054 | item->close_brace = 1; | |
1055 | } | |
253f67ae | 1056 | #endif /* HAVE_IFADDRS_H */ |
743d6937 | 1057 | |
cf6bc0da DH |
1058 | static void |
1059 | add_to_config_stack (LDAPMessage * res, LDAPMessage * ent) | |
1060 | { | |
1061 | struct ldap_config_stack *ns; | |
1062 | ||
1063 | ns = dmalloc (sizeof (*ns), MDL); | |
88c3ff5d TM |
1064 | if (!ns) { |
1065 | log_fatal ("no memory for add_to_config_stack()"); | |
1066 | } | |
1067 | ||
cf6bc0da DH |
1068 | ns->res = res; |
1069 | ns->ldent = ent; | |
1070 | ns->close_brace = 0; | |
1071 | ns->processed = 0; | |
1072 | ns->next = ldap_stack; | |
1073 | ldap_stack = ns; | |
1074 | } | |
1075 | ||
cf6bc0da DH |
1076 | static void |
1077 | ldap_stop() | |
1078 | { | |
1079 | struct sigaction old, new; | |
1080 | ||
1081 | if (ld == NULL) | |
1082 | return; | |
1083 | ||
1084 | /* | |
1085 | ** ldap_unbind after a LDAP_SERVER_DOWN result | |
1086 | ** causes a SIGPIPE and dhcpd gets terminated, | |
1087 | ** since it doesn't handle it... | |
1088 | */ | |
1089 | ||
1090 | new.sa_flags = 0; | |
1091 | new.sa_handler = SIG_IGN; | |
1092 | sigemptyset (&new.sa_mask); | |
1093 | sigaction (SIGPIPE, &new, &old); | |
1094 | ||
1095 | ldap_unbind_ext_s (ld, NULL, NULL); | |
1096 | ld = NULL; | |
1097 | ||
1098 | sigaction (SIGPIPE, &old, &new); | |
1099 | } | |
1100 | ||
1101 | ||
1102 | static char * | |
1103 | _do_lookup_dhcp_string_option (struct option_state *options, int option_name) | |
1104 | { | |
1105 | struct option_cache *oc; | |
1106 | struct data_string db; | |
1107 | char *ret; | |
1108 | ||
1109 | memset (&db, 0, sizeof (db)); | |
1110 | oc = lookup_option (&server_universe, options, option_name); | |
1111 | if (oc && | |
1112 | evaluate_option_cache (&db, (struct packet*) NULL, | |
1113 | (struct lease *) NULL, | |
1114 | (struct client_state *) NULL, options, | |
1115 | (struct option_state *) NULL, | |
1116 | &global_scope, oc, MDL) && | |
1117 | db.data != NULL && *db.data != '\0') | |
1118 | ||
1119 | { | |
1120 | ret = dmalloc (db.len + 1, MDL); | |
1121 | if (ret == NULL) | |
1122 | log_fatal ("no memory for ldap option %d value", option_name); | |
1123 | ||
1124 | memcpy (ret, db.data, db.len); | |
1125 | ret[db.len] = 0; | |
1126 | data_string_forget (&db, MDL); | |
1127 | } | |
1128 | else | |
1129 | ret = NULL; | |
1130 | ||
1131 | return (ret); | |
1132 | } | |
1133 | ||
1134 | ||
1135 | static int | |
1136 | _do_lookup_dhcp_int_option (struct option_state *options, int option_name) | |
1137 | { | |
1138 | struct option_cache *oc; | |
1139 | struct data_string db; | |
9a2f9db5 | 1140 | int ret = 0; |
cf6bc0da DH |
1141 | |
1142 | memset (&db, 0, sizeof (db)); | |
1143 | oc = lookup_option (&server_universe, options, option_name); | |
1144 | if (oc && | |
1145 | evaluate_option_cache (&db, (struct packet*) NULL, | |
1146 | (struct lease *) NULL, | |
1147 | (struct client_state *) NULL, options, | |
1148 | (struct option_state *) NULL, | |
1149 | &global_scope, oc, MDL) && | |
9a2f9db5 | 1150 | db.data != NULL) |
cf6bc0da | 1151 | { |
9a2f9db5 TM |
1152 | if (db.len == 4) { |
1153 | ret = getULong(db.data); | |
1154 | } | |
1155 | ||
cf6bc0da DH |
1156 | data_string_forget (&db, MDL); |
1157 | } | |
cf6bc0da DH |
1158 | |
1159 | return (ret); | |
1160 | } | |
1161 | ||
1162 | ||
1163 | static int | |
1164 | _do_lookup_dhcp_enum_option (struct option_state *options, int option_name) | |
1165 | { | |
1166 | struct option_cache *oc; | |
1167 | struct data_string db; | |
1168 | int ret = -1; | |
1169 | ||
1170 | memset (&db, 0, sizeof (db)); | |
1171 | oc = lookup_option (&server_universe, options, option_name); | |
1172 | if (oc && | |
1173 | evaluate_option_cache (&db, (struct packet*) NULL, | |
1174 | (struct lease *) NULL, | |
1175 | (struct client_state *) NULL, options, | |
1176 | (struct option_state *) NULL, | |
1177 | &global_scope, oc, MDL) && | |
1178 | db.data != NULL && *db.data != '\0') | |
1179 | { | |
1180 | if (db.len == 1) | |
1181 | ret = db.data [0]; | |
1182 | else | |
1183 | log_fatal ("invalid option name %d", option_name); | |
1184 | ||
1185 | data_string_forget (&db, MDL); | |
1186 | } | |
1187 | else | |
1188 | ret = 0; | |
1189 | ||
1190 | return (ret); | |
1191 | } | |
1192 | ||
1193 | int | |
1194 | ldap_rebind_cb (LDAP *ld, LDAP_CONST char *url, ber_tag_t request, ber_int_t msgid, void *parms) | |
1195 | { | |
1196 | int ret; | |
1197 | LDAPURLDesc *ldapurl = NULL; | |
1198 | char *who = NULL; | |
1199 | struct berval creds; | |
1200 | ||
1201 | log_info("LDAP rebind to '%s'", url); | |
1202 | if ((ret = ldap_url_parse(url, &ldapurl)) != LDAP_SUCCESS) | |
1203 | { | |
1204 | log_error ("Error: Can not parse ldap rebind url '%s': %s", | |
1205 | url, ldap_err2string(ret)); | |
1206 | return ret; | |
1207 | } | |
1208 | ||
1209 | ||
1210 | #if defined (LDAP_USE_SSL) | |
1211 | if (strcasecmp(ldapurl->lud_scheme, "ldaps") == 0) | |
1212 | { | |
1213 | int opt = LDAP_OPT_X_TLS_HARD; | |
1214 | if ((ret = ldap_set_option (ld, LDAP_OPT_X_TLS, &opt)) != LDAP_SUCCESS) | |
1215 | { | |
1216 | log_error ("Error: Cannot init LDAPS session to %s:%d: %s", | |
1217 | ldapurl->lud_host, ldapurl->lud_port, ldap_err2string (ret)); | |
743d6937 | 1218 | ldap_free_urldesc(ldapurl); |
cf6bc0da DH |
1219 | return ret; |
1220 | } | |
1221 | else | |
1222 | { | |
1223 | log_info ("LDAPS session successfully enabled to %s", ldap_server); | |
1224 | } | |
1225 | } | |
1226 | else | |
1227 | if (strcasecmp(ldapurl->lud_scheme, "ldap") == 0 && | |
1228 | ldap_use_ssl != LDAP_SSL_OFF) | |
1229 | { | |
1230 | if ((ret = ldap_start_tls_s (ld, NULL, NULL)) != LDAP_SUCCESS) | |
1231 | { | |
1232 | log_error ("Error: Cannot start TLS session to %s:%d: %s", | |
1233 | ldapurl->lud_host, ldapurl->lud_port, ldap_err2string (ret)); | |
743d6937 | 1234 | ldap_free_urldesc(ldapurl); |
cf6bc0da DH |
1235 | return ret; |
1236 | } | |
1237 | else | |
1238 | { | |
1239 | log_info ("TLS session successfully started to %s:%d", | |
1240 | ldapurl->lud_host, ldapurl->lud_port); | |
1241 | } | |
1242 | } | |
1243 | #endif | |
1244 | ||
743d6937 TM |
1245 | #if defined(LDAP_USE_GSSAPI) |
1246 | if (ldap_gssapi_principal != NULL) { | |
1247 | krb5_get_tgt(ldap_gssapi_principal, ldap_gssapi_keytab); | |
1248 | if ((ret = ldap_sasl_interactive_bind_s(ld, NULL, ldap_sasl_inst->sasl_mech, | |
1249 | NULL, NULL, LDAP_SASL_AUTOMATIC, | |
1250 | _ldap_sasl_interact, ldap_sasl_inst) | |
1251 | ) != LDAP_SUCCESS) | |
1252 | { | |
1253 | log_error ("Error: Cannot SASL bind to ldap server %s:%d: %s", | |
1254 | ldap_server, ldap_port, ldap_err2string (ret)); | |
1255 | char *msg=NULL; | |
1256 | ldap_get_option( ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void*)&msg); | |
1257 | log_error ("\tAdditional info: %s", msg); | |
1258 | ldap_memfree(msg); | |
1259 | ldap_stop(); | |
1260 | } | |
cf6bc0da | 1261 | |
743d6937 TM |
1262 | ldap_free_urldesc(ldapurl); |
1263 | return ret; | |
1264 | } | |
1265 | #endif | |
1266 | ||
1267 | if (ldap_username != NULL && *ldap_username != '\0' && ldap_password != NULL) | |
cf6bc0da DH |
1268 | { |
1269 | who = ldap_username; | |
1270 | creds.bv_val = strdup(ldap_password); | |
743d6937 TM |
1271 | if (creds.bv_val == NULL) |
1272 | log_fatal ("Error: Unable to allocate memory to duplicate ldap_password"); | |
1273 | ||
cf6bc0da | 1274 | creds.bv_len = strlen(ldap_password); |
cf6bc0da | 1275 | |
743d6937 TM |
1276 | if ((ret = ldap_sasl_bind_s (ld, who, LDAP_SASL_SIMPLE, &creds, |
1277 | NULL, NULL, NULL)) != LDAP_SUCCESS) | |
1278 | { | |
1279 | log_error ("Error: Cannot login into ldap server %s:%d: %s", | |
1280 | ldapurl->lud_host, ldapurl->lud_port, ldap_err2string (ret)); | |
1281 | } | |
1282 | ||
1283 | if (creds.bv_val) | |
1284 | free(creds.bv_val); | |
1285 | } | |
1286 | ||
1287 | ldap_free_urldesc(ldapurl); | |
1288 | return ret; | |
1289 | } | |
1290 | ||
1291 | static int | |
1292 | _do_ldap_retry(int ret, const char *server, int port) | |
1293 | { | |
1294 | static int inform = 1; | |
1295 | ||
1296 | if (ldap_enable_retry > 0 && ret == LDAP_SERVER_DOWN && ldap_init_retry > 0) | |
cf6bc0da | 1297 | { |
743d6937 TM |
1298 | if (inform || (ldap_init_retry % 10) == 0) |
1299 | { | |
1300 | inform = 0; | |
1301 | log_info ("Can't contact LDAP server %s:%d: retrying for %d sec", | |
1302 | server, port, ldap_init_retry); | |
1303 | } | |
1304 | sleep(1); | |
1305 | return ldap_init_retry--; | |
cf6bc0da | 1306 | } |
743d6937 TM |
1307 | return 0; |
1308 | } | |
1309 | ||
1310 | static struct berval * | |
1311 | _do_ldap_str2esc_filter_bv(const char *str, ber_len_t len, struct berval *bv_o) | |
1312 | { | |
1313 | struct berval bv_i; | |
1314 | ||
1315 | if (!str || !bv_o || (ber_str2bv(str, len, 0, &bv_i) == NULL) || | |
1316 | (ldap_bv2escaped_filter_value(&bv_i, bv_o) != 0)) | |
1317 | return NULL; | |
1318 | return bv_o; | |
cf6bc0da DH |
1319 | } |
1320 | ||
1321 | static void | |
1322 | ldap_start (void) | |
1323 | { | |
1324 | struct option_state *options; | |
1325 | int ret, version; | |
1326 | char *uri = NULL; | |
1327 | struct berval creds; | |
743d6937 TM |
1328 | #if defined(LDAP_USE_GSSAPI) |
1329 | char *gssapi_realm = NULL; | |
1330 | char *gssapi_user = NULL; | |
1331 | char *running = NULL; | |
1332 | const char *gssapi_delim = "@"; | |
1333 | #endif | |
cf6bc0da DH |
1334 | |
1335 | if (ld != NULL) | |
1336 | return; | |
1337 | ||
1338 | if (ldap_server == NULL) | |
1339 | { | |
1340 | options = NULL; | |
1341 | option_state_allocate (&options, MDL); | |
1342 | ||
437d119b | 1343 | execute_statements_in_scope (NULL, NULL, NULL, NULL, NULL, |
a7341359 SR |
1344 | options, &global_scope, root_group, |
1345 | NULL, NULL); | |
cf6bc0da DH |
1346 | |
1347 | ldap_server = _do_lookup_dhcp_string_option (options, SV_LDAP_SERVER); | |
1348 | ldap_dhcp_server_cn = _do_lookup_dhcp_string_option (options, | |
1349 | SV_LDAP_DHCP_SERVER_CN); | |
1350 | ldap_port = _do_lookup_dhcp_int_option (options, SV_LDAP_PORT); | |
1351 | ldap_base_dn = _do_lookup_dhcp_string_option (options, SV_LDAP_BASE_DN); | |
1352 | ldap_method = _do_lookup_dhcp_enum_option (options, SV_LDAP_METHOD); | |
1353 | ldap_debug_file = _do_lookup_dhcp_string_option (options, | |
1354 | SV_LDAP_DEBUG_FILE); | |
1355 | ldap_referrals = _do_lookup_dhcp_enum_option (options, SV_LDAP_REFERRALS); | |
743d6937 | 1356 | ldap_init_retry = _do_lookup_dhcp_int_option (options, SV_LDAP_INIT_RETRY); |
cf6bc0da DH |
1357 | |
1358 | #if defined (LDAP_USE_SSL) | |
1359 | ldap_use_ssl = _do_lookup_dhcp_enum_option (options, SV_LDAP_SSL); | |
1360 | if( ldap_use_ssl != LDAP_SSL_OFF) | |
1361 | { | |
1362 | ldap_tls_reqcert = _do_lookup_dhcp_enum_option (options, SV_LDAP_TLS_REQCERT); | |
1363 | ldap_tls_ca_file = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CA_FILE); | |
1364 | ldap_tls_ca_dir = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CA_DIR); | |
1365 | ldap_tls_cert = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CERT); | |
1366 | ldap_tls_key = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_KEY); | |
1367 | ldap_tls_crlcheck = _do_lookup_dhcp_enum_option (options, SV_LDAP_TLS_CRLCHECK); | |
1368 | ldap_tls_ciphers = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CIPHERS); | |
1369 | ldap_tls_randfile = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_RANDFILE); | |
1370 | } | |
1371 | #endif | |
1372 | ||
743d6937 TM |
1373 | #if defined (LDAP_USE_GSSAPI) |
1374 | ldap_gssapi_principal = _do_lookup_dhcp_string_option (options, | |
1375 | SV_LDAP_GSSAPI_PRINCIPAL); | |
1376 | ||
1377 | if (ldap_gssapi_principal == NULL) { | |
8b3c6d83 | 1378 | log_info("ldap-gssapi-principal is not set," |
743d6937 TM |
1379 | "GSSAPI Authentication for LDAP will not be used"); |
1380 | } else { | |
1381 | ldap_gssapi_keytab = _do_lookup_dhcp_string_option (options, | |
1382 | SV_LDAP_GSSAPI_KEYTAB); | |
1383 | if (ldap_gssapi_keytab == NULL) { | |
8b3c6d83 | 1384 | log_fatal("ldap-gssapi-keytab must be specified"); |
743d6937 TM |
1385 | } |
1386 | ||
1387 | running = strdup(ldap_gssapi_principal); | |
1388 | if (running == NULL) | |
1389 | log_fatal("Could not allocate memory to duplicate gssapi principal"); | |
1390 | ||
1391 | gssapi_user = strtok(running, gssapi_delim); | |
1392 | if (!gssapi_user || strlen(gssapi_user) == 0) { | |
1393 | log_fatal ("GSSAPI principal must specify user: user@realm"); | |
1394 | } | |
1395 | ||
1396 | gssapi_realm = strtok(NULL, gssapi_delim); | |
1397 | if (!gssapi_realm || strlen(gssapi_realm) == 0) { | |
1398 | log_fatal ("GSSAPI principal must specify realm: user@realm"); | |
1399 | } | |
1400 | ||
1401 | ldap_sasl_inst = malloc(sizeof(struct ldap_sasl_instance)); | |
1402 | if (ldap_sasl_inst == NULL) | |
1403 | log_fatal("Could not allocate memory for sasl instance! Can not run!"); | |
1404 | ||
1405 | ldap_sasl_inst->sasl_mech = ber_strdup("GSSAPI"); | |
1406 | if (ldap_sasl_inst->sasl_mech == NULL) | |
1407 | log_fatal("Could not allocate memory to duplicate gssapi mechanism"); | |
1408 | ||
1409 | ldap_sasl_inst->sasl_realm = ber_strdup(gssapi_realm); | |
1410 | if (ldap_sasl_inst->sasl_realm == NULL) | |
1411 | log_fatal("Could not allocate memory to duplicate gssapi realm"); | |
1412 | ||
1413 | ldap_sasl_inst->sasl_authz_id = ber_strdup(gssapi_user); | |
1414 | if (ldap_sasl_inst->sasl_authz_id == NULL) | |
1415 | log_fatal("Could not allocate memory to duplicate gssapi user"); | |
1416 | ||
1417 | ldap_sasl_inst->sasl_authc_id = NULL; | |
1418 | ldap_sasl_inst->sasl_password = NULL; //"" before | |
1419 | free(running); | |
1420 | } | |
1421 | #endif | |
1422 | ||
cf6bc0da DH |
1423 | #if defined (LDAP_CASA_AUTH) |
1424 | if (!load_uname_pwd_from_miCASA(&ldap_username,&ldap_password)) | |
1425 | { | |
1426 | #if defined (DEBUG_LDAP) | |
1427 | log_info ("Authentication credential taken from file"); | |
1428 | #endif | |
1429 | #endif | |
1430 | ||
1431 | ldap_username = _do_lookup_dhcp_string_option (options, SV_LDAP_USERNAME); | |
1432 | ldap_password = _do_lookup_dhcp_string_option (options, SV_LDAP_PASSWORD); | |
1433 | ||
1434 | #if defined (LDAP_CASA_AUTH) | |
1435 | } | |
1436 | #endif | |
1437 | ||
1438 | option_state_dereference (&options, MDL); | |
1439 | } | |
1440 | ||
1441 | if (ldap_server == NULL || ldap_base_dn == NULL) | |
1442 | { | |
1443 | log_info ("Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file"); | |
1444 | ldap_method = LDAP_METHOD_STATIC; | |
1445 | return; | |
1446 | } | |
1447 | ||
1448 | if (ldap_debug_file != NULL && ldap_debug_fd == -1) | |
1449 | { | |
1450 | if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY, | |
1451 | S_IRUSR | S_IWUSR)) < 0) | |
1452 | log_error ("Error opening debug LDAP log file %s: %s", ldap_debug_file, | |
1453 | strerror (errno)); | |
1454 | } | |
1455 | ||
1456 | #if defined (DEBUG_LDAP) | |
1457 | log_info ("Connecting to LDAP server %s:%d", ldap_server, ldap_port); | |
1458 | #endif | |
1459 | ||
1460 | #if defined (LDAP_USE_SSL) | |
1461 | if (ldap_use_ssl == -1) | |
1462 | { | |
1463 | /* | |
1464 | ** There was no "ldap-ssl" option in dhcpd.conf (also not "off"). | |
1465 | ** Let's try, if we can use an anonymous TLS session without to | |
1466 | ** verify the server certificate -- if not continue without TLS. | |
1467 | */ | |
1468 | int opt = LDAP_OPT_X_TLS_ALLOW; | |
1469 | if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, | |
1470 | &opt)) != LDAP_SUCCESS) | |
1471 | { | |
1472 | log_error ("Warning: Cannot set LDAP TLS require cert option to 'allow': %s", | |
1473 | ldap_err2string (ret)); | |
1474 | } | |
1475 | } | |
1476 | ||
1477 | if (ldap_use_ssl != LDAP_SSL_OFF) | |
1478 | { | |
1479 | if (ldap_tls_reqcert != -1) | |
1480 | { | |
1481 | if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, | |
1482 | &ldap_tls_reqcert)) != LDAP_SUCCESS) | |
1483 | { | |
1484 | log_error ("Cannot set LDAP TLS require cert option: %s", | |
1485 | ldap_err2string (ret)); | |
1486 | } | |
1487 | } | |
1488 | ||
1489 | if( ldap_tls_ca_file != NULL) | |
1490 | { | |
1491 | if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTFILE, | |
1492 | ldap_tls_ca_file)) != LDAP_SUCCESS) | |
1493 | { | |
1494 | log_error ("Cannot set LDAP TLS CA certificate file %s: %s", | |
1495 | ldap_tls_ca_file, ldap_err2string (ret)); | |
1496 | } | |
1497 | } | |
1498 | if( ldap_tls_ca_dir != NULL) | |
1499 | { | |
1500 | if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTDIR, | |
1501 | ldap_tls_ca_dir)) != LDAP_SUCCESS) | |
1502 | { | |
1503 | log_error ("Cannot set LDAP TLS CA certificate dir %s: %s", | |
1504 | ldap_tls_ca_dir, ldap_err2string (ret)); | |
1505 | } | |
1506 | } | |
1507 | if( ldap_tls_cert != NULL) | |
1508 | { | |
1509 | if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CERTFILE, | |
1510 | ldap_tls_cert)) != LDAP_SUCCESS) | |
1511 | { | |
1512 | log_error ("Cannot set LDAP TLS client certificate file %s: %s", | |
1513 | ldap_tls_cert, ldap_err2string (ret)); | |
1514 | } | |
1515 | } | |
1516 | if( ldap_tls_key != NULL) | |
1517 | { | |
1518 | if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_KEYFILE, | |
1519 | ldap_tls_key)) != LDAP_SUCCESS) | |
1520 | { | |
1521 | log_error ("Cannot set LDAP TLS certificate key file %s: %s", | |
1522 | ldap_tls_key, ldap_err2string (ret)); | |
1523 | } | |
1524 | } | |
1525 | if( ldap_tls_crlcheck != -1) | |
1526 | { | |
1527 | int opt = ldap_tls_crlcheck; | |
1528 | if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CRLCHECK, | |
1529 | &opt)) != LDAP_SUCCESS) | |
1530 | { | |
1531 | log_error ("Cannot set LDAP TLS crl check option: %s", | |
1532 | ldap_err2string (ret)); | |
1533 | } | |
1534 | } | |
1535 | if( ldap_tls_ciphers != NULL) | |
1536 | { | |
1537 | if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, | |
1538 | ldap_tls_ciphers)) != LDAP_SUCCESS) | |
1539 | { | |
1540 | log_error ("Cannot set LDAP TLS cipher suite %s: %s", | |
1541 | ldap_tls_ciphers, ldap_err2string (ret)); | |
1542 | } | |
1543 | } | |
1544 | if( ldap_tls_randfile != NULL) | |
1545 | { | |
1546 | if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_RANDOM_FILE, | |
1547 | ldap_tls_randfile)) != LDAP_SUCCESS) | |
1548 | { | |
1549 | log_error ("Cannot set LDAP TLS random file %s: %s", | |
1550 | ldap_tls_randfile, ldap_err2string (ret)); | |
1551 | } | |
1552 | } | |
1553 | } | |
1554 | #endif | |
1555 | ||
1556 | /* enough for 'ldap://+ + hostname + ':' + port number */ | |
1557 | uri = malloc(strlen(ldap_server) + 16); | |
1558 | if (uri == NULL) | |
1559 | { | |
1560 | log_error ("Cannot build ldap init URI %s:%d", ldap_server, ldap_port); | |
1561 | return; | |
1562 | } | |
1563 | ||
1564 | sprintf(uri, "ldap://%s:%d", ldap_server, ldap_port); | |
1565 | ldap_initialize(&ld, uri); | |
1566 | ||
1567 | if (ld == NULL) | |
1568 | { | |
1569 | log_error ("Cannot init ldap session to %s:%d", ldap_server, ldap_port); | |
1570 | return; | |
1571 | } | |
1572 | ||
1573 | free(uri); | |
1574 | ||
1575 | version = LDAP_VERSION3; | |
1576 | if ((ret = ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &version)) != LDAP_OPT_SUCCESS) | |
1577 | { | |
1578 | log_error ("Cannot set LDAP version to %d: %s", version, | |
1579 | ldap_err2string (ret)); | |
1580 | } | |
1581 | ||
1582 | if (ldap_referrals != -1) | |
1583 | { | |
1584 | if ((ret = ldap_set_option (ld, LDAP_OPT_REFERRALS, ldap_referrals ? | |
1585 | LDAP_OPT_ON : LDAP_OPT_OFF)) != LDAP_OPT_SUCCESS) | |
1586 | { | |
1587 | log_error ("Cannot %s LDAP referrals option: %s", | |
1588 | (ldap_referrals ? "enable" : "disable"), | |
1589 | ldap_err2string (ret)); | |
1590 | } | |
1591 | } | |
1592 | ||
1593 | if ((ret = ldap_set_rebind_proc(ld, ldap_rebind_cb, NULL)) != LDAP_SUCCESS) | |
1594 | { | |
1595 | log_error ("Warning: Cannot set ldap rebind procedure: %s", | |
1596 | ldap_err2string (ret)); | |
1597 | } | |
1598 | ||
1599 | #if defined (LDAP_USE_SSL) | |
1600 | if (ldap_use_ssl == LDAP_SSL_LDAPS || | |
1601 | (ldap_use_ssl == LDAP_SSL_ON && ldap_port == LDAPS_PORT)) | |
1602 | { | |
1603 | int opt = LDAP_OPT_X_TLS_HARD; | |
1604 | if ((ret = ldap_set_option (ld, LDAP_OPT_X_TLS, &opt)) != LDAP_SUCCESS) | |
1605 | { | |
1606 | log_error ("Error: Cannot init LDAPS session to %s:%d: %s", | |
1607 | ldap_server, ldap_port, ldap_err2string (ret)); | |
1608 | ldap_stop(); | |
1609 | return; | |
1610 | } | |
1611 | else | |
1612 | { | |
1613 | log_info ("LDAPS session successfully enabled to %s:%d", | |
1614 | ldap_server, ldap_port); | |
1615 | } | |
1616 | } | |
1617 | else if (ldap_use_ssl != LDAP_SSL_OFF) | |
1618 | { | |
743d6937 TM |
1619 | do |
1620 | { | |
1621 | ret = ldap_start_tls_s (ld, NULL, NULL); | |
1622 | } | |
1623 | while(_do_ldap_retry(ret, ldap_server, ldap_port) > 0); | |
1624 | ||
1625 | if (ret != LDAP_SUCCESS) | |
cf6bc0da DH |
1626 | { |
1627 | log_error ("Error: Cannot start TLS session to %s:%d: %s", | |
1628 | ldap_server, ldap_port, ldap_err2string (ret)); | |
1629 | ldap_stop(); | |
1630 | return; | |
1631 | } | |
1632 | else | |
1633 | { | |
1634 | log_info ("TLS session successfully started to %s:%d", | |
1635 | ldap_server, ldap_port); | |
1636 | } | |
1637 | } | |
1638 | #endif | |
1639 | ||
743d6937 TM |
1640 | #if defined(LDAP_USE_GSSAPI) |
1641 | if (ldap_gssapi_principal != NULL) { | |
1642 | krb5_get_tgt(ldap_gssapi_principal, ldap_gssapi_keytab); | |
1643 | if ((ret = ldap_sasl_interactive_bind_s(ld, NULL, ldap_sasl_inst->sasl_mech, | |
1644 | NULL, NULL, LDAP_SASL_AUTOMATIC, | |
1645 | _ldap_sasl_interact, ldap_sasl_inst) | |
1646 | ) != LDAP_SUCCESS) | |
1647 | { | |
1648 | log_error ("Error: Cannot SASL bind to ldap server %s:%d: %s", | |
1649 | ldap_server, ldap_port, ldap_err2string (ret)); | |
1650 | char *msg=NULL; | |
1651 | ldap_get_option( ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void*)&msg); | |
1652 | log_error ("\tAdditional info: %s", msg); | |
1653 | ldap_memfree(msg); | |
1654 | ldap_stop(); | |
1655 | return; | |
1656 | } | |
1657 | } else | |
1658 | #endif | |
1659 | ||
1660 | if (ldap_username != NULL && *ldap_username != '\0' && ldap_password != NULL) | |
cf6bc0da DH |
1661 | { |
1662 | creds.bv_val = strdup(ldap_password); | |
743d6937 TM |
1663 | if (creds.bv_val == NULL) |
1664 | log_fatal ("Error: Unable to allocate memory to duplicate ldap_password"); | |
1665 | ||
cf6bc0da DH |
1666 | creds.bv_len = strlen(ldap_password); |
1667 | ||
743d6937 TM |
1668 | do |
1669 | { | |
1670 | ret = ldap_sasl_bind_s (ld, ldap_username, LDAP_SASL_SIMPLE, | |
1671 | &creds, NULL, NULL, NULL); | |
1672 | } | |
1673 | while(_do_ldap_retry(ret, ldap_server, ldap_port) > 0); | |
1674 | free(creds.bv_val); | |
1675 | ||
1676 | if (ret != LDAP_SUCCESS) | |
cf6bc0da DH |
1677 | { |
1678 | log_error ("Error: Cannot login into ldap server %s:%d: %s", | |
1679 | ldap_server, ldap_port, ldap_err2string (ret)); | |
1680 | ldap_stop(); | |
1681 | return; | |
1682 | } | |
1683 | } | |
1684 | ||
1685 | #if defined (DEBUG_LDAP) | |
1686 | log_info ("Successfully logged into LDAP server %s", ldap_server); | |
1687 | #endif | |
1688 | } | |
1689 | ||
1690 | ||
1691 | static void | |
1692 | parse_external_dns (LDAPMessage * ent) | |
1693 | { | |
1694 | char *search[] = {"dhcpOptionsDN", "dhcpSharedNetworkDN", "dhcpSubnetDN", | |
1695 | "dhcpGroupDN", "dhcpHostDN", "dhcpClassesDN", | |
743d6937 TM |
1696 | "dhcpPoolDN", "dhcpZoneDN", "dhcpFailOverPeerDN", NULL}; |
1697 | ||
1698 | /* TODO: dhcpKeyDN can't be added. It is referenced in dhcpDnsZone to | |
1699 | retrive the key name (cn). Adding keyDN will reflect adding a key | |
1700 | declaration inside the zone configuration. | |
1701 | ||
1702 | dhcpSubClassesDN cant be added. It is also similar to the above. | |
1703 | Needs schema change. | |
1704 | */ | |
cf6bc0da DH |
1705 | LDAPMessage * newres, * newent; |
1706 | struct berval **tempbv; | |
1707 | int i, j, ret; | |
1708 | #if defined (DEBUG_LDAP) | |
1709 | char *dn; | |
1710 | ||
1711 | dn = ldap_get_dn (ld, ent); | |
1712 | if (dn != NULL) | |
1713 | { | |
1714 | log_info ("Parsing external DNs for '%s'", dn); | |
1715 | ldap_memfree (dn); | |
1716 | } | |
1717 | #endif | |
1718 | ||
1719 | if (ld == NULL) | |
1720 | ldap_start (); | |
1721 | if (ld == NULL) | |
1722 | return; | |
1723 | ||
1724 | for (i=0; search[i] != NULL; i++) | |
1725 | { | |
1726 | if ((tempbv = ldap_get_values_len (ld, ent, search[i])) == NULL) | |
1727 | continue; | |
1728 | ||
1729 | for (j=0; tempbv[j] != NULL; j++) | |
1730 | { | |
1731 | if (*tempbv[j]->bv_val == '\0') | |
1732 | continue; | |
1733 | ||
1734 | if ((ret = ldap_search_ext_s(ld, tempbv[j]->bv_val, LDAP_SCOPE_BASE, | |
1735 | "objectClass=*", NULL, 0, NULL, | |
1736 | NULL, NULL, 0, &newres)) != LDAP_SUCCESS) | |
1737 | { | |
1738 | ldap_value_free_len (tempbv); | |
1739 | ldap_stop(); | |
1740 | return; | |
1741 | } | |
1742 | ||
1743 | #if defined (DEBUG_LDAP) | |
743d6937 | 1744 | log_info ("Adding contents of subtree '%s' to config stack from '%s' reference", tempbv[j]->bv_val, search[i]); |
cf6bc0da DH |
1745 | #endif |
1746 | for (newent = ldap_first_entry (ld, newres); | |
1747 | newent != NULL; | |
1748 | newent = ldap_next_entry (ld, newent)) | |
1749 | { | |
1750 | #if defined (DEBUG_LDAP) | |
1751 | dn = ldap_get_dn (ld, newent); | |
1752 | if (dn != NULL) | |
1753 | { | |
1754 | log_info ("Adding LDAP result set starting with '%s' to config stack", dn); | |
1755 | ldap_memfree (dn); | |
1756 | } | |
1757 | #endif | |
1758 | ||
1759 | add_to_config_stack (newres, newent); | |
1760 | /* don't free newres here */ | |
1761 | } | |
1762 | } | |
1763 | ||
1764 | ldap_value_free_len (tempbv); | |
1765 | } | |
1766 | } | |
1767 | ||
1768 | ||
1769 | static void | |
1770 | free_stack_entry (struct ldap_config_stack *item) | |
1771 | { | |
1772 | struct ldap_config_stack *look_ahead_pointer = item; | |
1773 | int may_free_msg = 1; | |
1774 | ||
1775 | while (look_ahead_pointer->next != NULL) | |
1776 | { | |
1777 | look_ahead_pointer = look_ahead_pointer->next; | |
1778 | if (look_ahead_pointer->res == item->res) | |
1779 | { | |
1780 | may_free_msg = 0; | |
1781 | break; | |
1782 | } | |
1783 | } | |
1784 | ||
1785 | if (may_free_msg) | |
1786 | ldap_msgfree (item->res); | |
1787 | ||
1788 | dfree (item, MDL); | |
1789 | } | |
1790 | ||
1791 | ||
1792 | static void | |
1793 | next_ldap_entry (struct parse *cfile) | |
1794 | { | |
1795 | struct ldap_config_stack *temp_stack; | |
1796 | ||
1797 | if (ldap_stack != NULL && ldap_stack->close_brace) | |
1798 | { | |
743d6937 | 1799 | x_parser_strcat (cfile, "}\n"); |
cf6bc0da DH |
1800 | ldap_stack->close_brace = 0; |
1801 | } | |
1802 | ||
1803 | while (ldap_stack != NULL && | |
743d6937 TM |
1804 | (ldap_stack->ldent == NULL || ( ldap_stack->processed && |
1805 | (ldap_stack->ldent = ldap_next_entry (ld, ldap_stack->ldent)) == NULL))) | |
cf6bc0da DH |
1806 | { |
1807 | if (ldap_stack->close_brace) | |
1808 | { | |
743d6937 | 1809 | x_parser_strcat (cfile, "}\n"); |
cf6bc0da DH |
1810 | ldap_stack->close_brace = 0; |
1811 | } | |
1812 | ||
1813 | temp_stack = ldap_stack; | |
1814 | ldap_stack = ldap_stack->next; | |
1815 | free_stack_entry (temp_stack); | |
1816 | } | |
1817 | ||
1818 | if (ldap_stack != NULL && ldap_stack->close_brace) | |
1819 | { | |
743d6937 | 1820 | x_parser_strcat (cfile, "}\n"); |
cf6bc0da DH |
1821 | ldap_stack->close_brace = 0; |
1822 | } | |
1823 | } | |
1824 | ||
1825 | ||
1826 | static char | |
1827 | check_statement_end (const char *statement) | |
1828 | { | |
1829 | char *ptr; | |
1830 | ||
1831 | if (statement == NULL || *statement == '\0') | |
1832 | return ('\0'); | |
1833 | ||
1834 | /* | |
1835 | ** check if it ends with "}", e.g.: | |
1836 | ** "zone my.domain. { ... }" | |
1837 | ** optionally followed by spaces | |
1838 | */ | |
1839 | ptr = strrchr (statement, '}'); | |
1840 | if (ptr != NULL) | |
1841 | { | |
1842 | /* skip following white-spaces */ | |
1843 | for (++ptr; isspace ((int)*ptr); ptr++); | |
1844 | ||
1845 | /* check if we reached the end */ | |
1846 | if (*ptr == '\0') | |
1847 | return ('}'); /* yes, block end */ | |
1848 | else | |
1849 | return (*ptr); | |
1850 | } | |
1851 | ||
1852 | /* | |
1853 | ** this should not happen, but... | |
1854 | ** check if it ends with ";", e.g.: | |
1855 | ** "authoritative;" | |
1856 | ** optionally followed by spaces | |
1857 | */ | |
1858 | ptr = strrchr (statement, ';'); | |
1859 | if (ptr != NULL) | |
1860 | { | |
1861 | /* skip following white-spaces */ | |
1862 | for (++ptr; isspace ((int)*ptr); ptr++); | |
1863 | ||
1864 | /* check if we reached the end */ | |
1865 | if (*ptr == '\0') | |
1866 | return (';'); /* ends with a ; */ | |
1867 | else | |
1868 | return (*ptr); | |
1869 | } | |
1870 | ||
1871 | return ('\0'); | |
1872 | } | |
1873 | ||
1874 | ||
1875 | static isc_result_t | |
743d6937 | 1876 | ldap_parse_entry_options (LDAPMessage *ent, struct parse *cfile, |
cf6bc0da DH |
1877 | int *lease_limit) |
1878 | { | |
1879 | struct berval **tempbv; | |
1880 | int i; | |
1881 | ||
743d6937 | 1882 | if (ent == NULL || cfile == NULL) |
cf6bc0da DH |
1883 | return (ISC_R_FAILURE); |
1884 | ||
1885 | if ((tempbv = ldap_get_values_len (ld, ent, "dhcpStatements")) != NULL) | |
1886 | { | |
1887 | for (i=0; tempbv[i] != NULL; i++) | |
1888 | { | |
1889 | if (lease_limit != NULL && | |
1890 | strncasecmp ("lease limit ", tempbv[i]->bv_val, 12) == 0) | |
1891 | { | |
1892 | *lease_limit = (int) strtol ((tempbv[i]->bv_val) + 12, NULL, 10); | |
1893 | continue; | |
1894 | } | |
1895 | ||
743d6937 | 1896 | x_parser_strcat (cfile, tempbv[i]->bv_val); |
cf6bc0da DH |
1897 | |
1898 | switch((int) check_statement_end (tempbv[i]->bv_val)) | |
1899 | { | |
1900 | case '}': | |
1901 | case ';': | |
743d6937 | 1902 | x_parser_strcat (cfile, "\n"); |
cf6bc0da DH |
1903 | break; |
1904 | default: | |
743d6937 | 1905 | x_parser_strcat (cfile, ";\n"); |
cf6bc0da DH |
1906 | break; |
1907 | } | |
1908 | } | |
1909 | ldap_value_free_len (tempbv); | |
1910 | } | |
1911 | ||
1912 | if ((tempbv = ldap_get_values_len (ld, ent, "dhcpOption")) != NULL) | |
1913 | { | |
1914 | for (i=0; tempbv[i] != NULL; i++) | |
1915 | { | |
743d6937 TM |
1916 | x_parser_strcat (cfile, "option "); |
1917 | x_parser_strcat (cfile, tempbv[i]->bv_val); | |
cf6bc0da DH |
1918 | switch ((int) check_statement_end (tempbv[i]->bv_val)) |
1919 | { | |
1920 | case ';': | |
743d6937 | 1921 | x_parser_strcat (cfile, "\n"); |
cf6bc0da DH |
1922 | break; |
1923 | default: | |
743d6937 | 1924 | x_parser_strcat (cfile, ";\n"); |
cf6bc0da DH |
1925 | break; |
1926 | } | |
1927 | } | |
1928 | ldap_value_free_len (tempbv); | |
1929 | } | |
1930 | ||
1931 | return (ISC_R_SUCCESS); | |
1932 | } | |
1933 | ||
1934 | ||
1935 | static void | |
1936 | ldap_generate_config_string (struct parse *cfile) | |
1937 | { | |
1938 | struct berval **objectClass; | |
1939 | char *dn; | |
1940 | struct ldap_config_stack *entry; | |
743d6937 | 1941 | LDAPMessage * ent, * res, *entfirst, *resfirst; |
cf6bc0da | 1942 | int i, ignore, found; |
743d6937 TM |
1943 | int ret, parsedn = 1; |
1944 | size_t len = cfile->buflen; | |
cf6bc0da DH |
1945 | |
1946 | if (ld == NULL) | |
1947 | ldap_start (); | |
1948 | if (ld == NULL) | |
1949 | return; | |
1950 | ||
1951 | entry = ldap_stack; | |
1952 | if ((objectClass = ldap_get_values_len (ld, entry->ldent, | |
1953 | "objectClass")) == NULL) | |
1954 | return; | |
743d6937 TM |
1955 | |
1956 | entry->processed = 1; | |
cf6bc0da DH |
1957 | ignore = 0; |
1958 | found = 1; | |
1959 | for (i=0; objectClass[i] != NULL; i++) | |
1960 | { | |
1961 | if (strcasecmp (objectClass[i]->bv_val, "dhcpSharedNetwork") == 0) | |
1962 | ldap_parse_shared_network (entry, cfile); | |
1963 | else if (strcasecmp (objectClass[i]->bv_val, "dhcpClass") == 0) | |
1964 | ldap_parse_class (entry, cfile); | |
1965 | else if (strcasecmp (objectClass[i]->bv_val, "dhcpSubnet") == 0) | |
1966 | ldap_parse_subnet (entry, cfile); | |
743d6937 TM |
1967 | else if (strcasecmp (objectClass[i]->bv_val, "dhcpSubnet6") == 0) |
1968 | ldap_parse_subnet6 (entry, cfile); | |
cf6bc0da DH |
1969 | else if (strcasecmp (objectClass[i]->bv_val, "dhcpPool") == 0) |
1970 | ldap_parse_pool (entry, cfile); | |
743d6937 TM |
1971 | else if (strcasecmp (objectClass[i]->bv_val, "dhcpPool6") == 0) |
1972 | ldap_parse_pool6 (entry, cfile); | |
cf6bc0da DH |
1973 | else if (strcasecmp (objectClass[i]->bv_val, "dhcpGroup") == 0) |
1974 | ldap_parse_group (entry, cfile); | |
1975 | else if (strcasecmp (objectClass[i]->bv_val, "dhcpTSigKey") == 0) | |
1976 | ldap_parse_key (entry, cfile); | |
1977 | else if (strcasecmp (objectClass[i]->bv_val, "dhcpDnsZone") == 0) | |
1978 | ldap_parse_zone (entry, cfile); | |
253f67ae | 1979 | #if defined(HAVE_IFADDRS_H) |
743d6937 TM |
1980 | else if (strcasecmp (objectClass[i]->bv_val, "dhcpFailOverPeer") == 0) |
1981 | ldap_parse_failover (entry, cfile); | |
253f67ae | 1982 | #endif |
cf6bc0da DH |
1983 | else if (strcasecmp (objectClass[i]->bv_val, "dhcpHost") == 0) |
1984 | { | |
1985 | if (ldap_method == LDAP_METHOD_STATIC) | |
1986 | ldap_parse_host (entry, cfile); | |
1987 | else | |
1988 | { | |
1989 | ignore = 1; | |
1990 | break; | |
1991 | } | |
1992 | } | |
1993 | else if (strcasecmp (objectClass[i]->bv_val, "dhcpSubClass") == 0) | |
1994 | { | |
1995 | if (ldap_method == LDAP_METHOD_STATIC) | |
1996 | ldap_parse_subclass (entry, cfile); | |
1997 | else | |
1998 | { | |
1999 | ignore = 1; | |
2000 | break; | |
2001 | } | |
2002 | } | |
2003 | else | |
2004 | found = 0; | |
2005 | ||
743d6937 | 2006 | if (found && x_parser_length(cfile) <= len) |
cf6bc0da DH |
2007 | { |
2008 | ignore = 1; | |
2009 | break; | |
2010 | } | |
2011 | } | |
2012 | ||
2013 | ldap_value_free_len (objectClass); | |
2014 | ||
2015 | if (ignore) | |
2016 | { | |
2017 | next_ldap_entry (cfile); | |
2018 | return; | |
2019 | } | |
2020 | ||
743d6937 | 2021 | ldap_parse_entry_options(entry->ldent, cfile, NULL); |
cf6bc0da DH |
2022 | |
2023 | dn = ldap_get_dn (ld, entry->ldent); | |
743d6937 TM |
2024 | if (dn == NULL) |
2025 | { | |
2026 | ldap_stop(); | |
2027 | return; | |
2028 | } | |
cf6bc0da | 2029 | #if defined(DEBUG_LDAP) |
743d6937 | 2030 | log_info ("Found LDAP entry '%s'", dn); |
cf6bc0da DH |
2031 | #endif |
2032 | ||
743d6937 TM |
2033 | if ((ret = ldap_search_ext_s (ld, dn, LDAP_SCOPE_ONELEVEL, |
2034 | "(!(|(|(objectClass=dhcpTSigKey)(objectClass=dhcpClass)) (objectClass=dhcpFailOverPeer)))", | |
2035 | NULL, 0, NULL, NULL, | |
cf6bc0da DH |
2036 | NULL, 0, &res)) != LDAP_SUCCESS) |
2037 | { | |
743d6937 TM |
2038 | ldap_memfree (dn); |
2039 | ||
2040 | ldap_stop(); | |
2041 | return; | |
2042 | } | |
2043 | ||
2044 | if ((ret = ldap_search_ext_s (ld, dn, LDAP_SCOPE_ONELEVEL, | |
2045 | "(|(|(objectClass=dhcpTSigKey)(objectClass=dhcpClass)) (objectClass=dhcpFailOverPeer))", | |
2046 | NULL, 0, NULL, NULL, | |
2047 | NULL, 0, &resfirst)) != LDAP_SUCCESS) | |
2048 | { | |
2049 | ldap_memfree (dn); | |
2050 | ldap_msgfree (res); | |
cf6bc0da DH |
2051 | |
2052 | ldap_stop(); | |
2053 | return; | |
2054 | } | |
2055 | ||
2056 | ldap_memfree (dn); | |
2057 | ||
743d6937 TM |
2058 | ent = ldap_first_entry(ld, res); |
2059 | entfirst = ldap_first_entry(ld, resfirst); | |
2060 | ||
2061 | if (ent == NULL && entfirst == NULL) | |
2062 | { | |
2063 | parse_external_dns (entry->ldent); | |
2064 | next_ldap_entry (cfile); | |
2065 | } | |
2066 | ||
2067 | if (ent != NULL) | |
cf6bc0da DH |
2068 | { |
2069 | add_to_config_stack (res, ent); | |
2070 | parse_external_dns (entry->ldent); | |
743d6937 | 2071 | parsedn = 0; |
cf6bc0da DH |
2072 | } |
2073 | else | |
743d6937 TM |
2074 | ldap_msgfree (res); |
2075 | ||
2076 | if (entfirst != NULL) | |
cf6bc0da | 2077 | { |
743d6937 TM |
2078 | add_to_config_stack (resfirst, entfirst); |
2079 | if(parsedn) | |
2080 | parse_external_dns (entry->ldent); | |
2081 | ||
cf6bc0da | 2082 | } |
743d6937 TM |
2083 | else |
2084 | ldap_msgfree (resfirst); | |
cf6bc0da DH |
2085 | } |
2086 | ||
2087 | ||
2088 | static void | |
2089 | ldap_close_debug_fd() | |
2090 | { | |
2091 | if (ldap_debug_fd != -1) | |
2092 | { | |
2093 | close (ldap_debug_fd); | |
2094 | ldap_debug_fd = -1; | |
2095 | } | |
2096 | } | |
2097 | ||
2098 | ||
2099 | static void | |
2100 | ldap_write_debug (const void *buff, size_t size) | |
2101 | { | |
2102 | if (ldap_debug_fd != -1) | |
2103 | { | |
2104 | if (write (ldap_debug_fd, buff, size) < 0) | |
2105 | { | |
2106 | log_error ("Error writing to LDAP debug file %s: %s." | |
2107 | " Disabling log file.", ldap_debug_file, | |
2108 | strerror (errno)); | |
2109 | ldap_close_debug_fd(); | |
2110 | } | |
2111 | } | |
2112 | } | |
2113 | ||
2114 | static int | |
2115 | ldap_read_function (struct parse *cfile) | |
2116 | { | |
743d6937 TM |
2117 | size_t len; |
2118 | ||
2119 | /* append when in saved state */ | |
2120 | if (cfile->saved_state == NULL) | |
2121 | { | |
2122 | cfile->inbuf[0] = '\0'; | |
2123 | cfile->bufix = 0; | |
2124 | cfile->buflen = 0; | |
2125 | } | |
2126 | len = cfile->buflen; | |
2127 | ||
2128 | while (ldap_stack != NULL && x_parser_length(cfile) <= len) | |
cf6bc0da DH |
2129 | ldap_generate_config_string (cfile); |
2130 | ||
743d6937 | 2131 | if (x_parser_length(cfile) <= len && ldap_stack == NULL) |
cf6bc0da DH |
2132 | return (EOF); |
2133 | ||
743d6937 TM |
2134 | if (cfile->buflen > len) |
2135 | ldap_write_debug (cfile->inbuf + len, cfile->buflen - len); | |
cf6bc0da | 2136 | #if defined (DEBUG_LDAP) |
743d6937 | 2137 | log_info ("Sending config portion '%s'", cfile->inbuf + len); |
cf6bc0da DH |
2138 | #endif |
2139 | ||
743d6937 | 2140 | return (cfile->inbuf[cfile->bufix++]); |
cf6bc0da DH |
2141 | } |
2142 | ||
2143 | ||
2144 | static char * | |
2145 | ldap_get_host_name (LDAPMessage * ent) | |
2146 | { | |
2147 | struct berval **name; | |
2148 | char *ret; | |
2149 | ||
2150 | ret = NULL; | |
2151 | if ((name = ldap_get_values_len (ld, ent, "cn")) == NULL || name[0] == NULL) | |
2152 | { | |
2153 | if (name != NULL) | |
2154 | ldap_value_free_len (name); | |
2155 | ||
2156 | #if defined (DEBUG_LDAP) | |
2157 | ret = ldap_get_dn (ld, ent); | |
2158 | if (ret != NULL) | |
2159 | { | |
2160 | log_info ("Cannot get cn attribute for LDAP entry %s", ret); | |
2161 | ldap_memfree(ret); | |
2162 | } | |
2163 | #endif | |
2164 | return (NULL); | |
2165 | } | |
2166 | ||
2167 | ret = dmalloc (strlen (name[0]->bv_val) + 1, MDL); | |
2168 | strcpy (ret, name[0]->bv_val); | |
2169 | ldap_value_free_len (name); | |
2170 | ||
2171 | return (ret); | |
2172 | } | |
2173 | ||
2174 | ||
cf6bc0da DH |
2175 | isc_result_t |
2176 | ldap_read_config (void) | |
2177 | { | |
2178 | LDAPMessage * ldres, * hostres, * ent, * hostent; | |
2179 | char hfilter[1024], sfilter[1024], fqdn[257]; | |
743d6937 | 2180 | char *hostdn; |
cf6bc0da DH |
2181 | ldap_dn_node *curr = NULL; |
2182 | struct parse *cfile; | |
2183 | struct utsname unme; | |
2184 | isc_result_t res; | |
2185 | size_t length; | |
2186 | int ret, cnt; | |
2187 | struct berval **tempbv = NULL; | |
743d6937 TM |
2188 | struct berval bv_o[2]; |
2189 | ||
2190 | cfile = x_parser_init("LDAP"); | |
2191 | if (cfile == NULL) | |
2192 | return (ISC_R_NOMEMORY); | |
cf6bc0da | 2193 | |
743d6937 | 2194 | ldap_enable_retry = 1; |
cf6bc0da DH |
2195 | if (ld == NULL) |
2196 | ldap_start (); | |
743d6937 TM |
2197 | ldap_enable_retry = 0; |
2198 | ||
cf6bc0da | 2199 | if (ld == NULL) |
743d6937 TM |
2200 | { |
2201 | x_parser_free(&cfile); | |
2202 | return (ldap_server == NULL ? ISC_R_SUCCESS : ISC_R_FAILURE); | |
2203 | } | |
cf6bc0da | 2204 | |
cf6bc0da DH |
2205 | uname (&unme); |
2206 | if (ldap_dhcp_server_cn != NULL) | |
2207 | { | |
743d6937 TM |
2208 | if (_do_ldap_str2esc_filter_bv(ldap_dhcp_server_cn, 0, &bv_o[0]) == NULL) |
2209 | { | |
2210 | log_error ("Cannot escape ldap filter value %s: %m", ldap_dhcp_server_cn); | |
2211 | x_parser_free(&cfile); | |
2212 | return (ISC_R_FAILURE); | |
2213 | } | |
2214 | ||
cf6bc0da | 2215 | snprintf (hfilter, sizeof (hfilter), |
743d6937 TM |
2216 | "(&(objectClass=dhcpServer)(cn=%s))", bv_o[0].bv_val); |
2217 | ||
2218 | ber_memfree(bv_o[0].bv_val); | |
cf6bc0da DH |
2219 | } |
2220 | else | |
2221 | { | |
743d6937 TM |
2222 | if (_do_ldap_str2esc_filter_bv(unme.nodename, 0, &bv_o[0]) == NULL) |
2223 | { | |
2224 | log_error ("Cannot escape ldap filter value %s: %m", unme.nodename); | |
2225 | x_parser_free(&cfile); | |
2226 | return (ISC_R_FAILURE); | |
2227 | } | |
2228 | ||
2229 | *fqdn ='\0'; | |
2230 | if(0 == get_host_entry(fqdn, sizeof(fqdn), NULL, 0)) | |
2231 | { | |
2232 | if (_do_ldap_str2esc_filter_bv(fqdn, 0, &bv_o[1]) == NULL) | |
2233 | { | |
2234 | log_error ("Cannot escape ldap filter value %s: %m", fqdn); | |
2235 | ber_memfree(bv_o[0].bv_val); | |
2236 | x_parser_free(&cfile); | |
2237 | return (ISC_R_FAILURE); | |
2238 | } | |
2239 | } | |
2240 | ||
2241 | // If we have fqdn and it isn't the same as nodename, use it in filter | |
2242 | // otherwise just use nodename | |
2243 | if ((*fqdn) && (strcmp(unme.nodename, fqdn))) { | |
2244 | snprintf (hfilter, sizeof (hfilter), | |
2245 | "(&(objectClass=dhcpServer)(|(cn=%s)(cn=%s)))", | |
2246 | bv_o[0].bv_val, bv_o[1].bv_val); | |
2247 | ||
2248 | ber_memfree(bv_o[1].bv_val); | |
2249 | } | |
2250 | else | |
2251 | { | |
2252 | snprintf (hfilter, sizeof (hfilter), | |
2253 | "(&(objectClass=dhcpServer)(cn=%s))", | |
2254 | bv_o[0].bv_val); | |
2255 | } | |
2256 | ||
2257 | ber_memfree(bv_o[0].bv_val); | |
cf6bc0da DH |
2258 | } |
2259 | ||
743d6937 TM |
2260 | ldap_enable_retry = 1; |
2261 | do | |
2262 | { | |
2263 | hostres = NULL; | |
2264 | ret = ldap_search_ext_s (ld, ldap_base_dn, LDAP_SCOPE_SUBTREE, | |
cf6bc0da | 2265 | hfilter, NULL, 0, NULL, NULL, NULL, 0, |
743d6937 TM |
2266 | &hostres); |
2267 | } | |
2268 | while(_do_ldap_retry(ret, ldap_server, ldap_port) > 0); | |
2269 | ldap_enable_retry = 0; | |
2270 | ||
2271 | if(ret != LDAP_SUCCESS) | |
cf6bc0da DH |
2272 | { |
2273 | log_error ("Cannot find host LDAP entry %s %s", | |
743d6937 | 2274 | ((ldap_dhcp_server_cn == NULL)?(unme.nodename):(ldap_dhcp_server_cn)), hfilter); |
cf6bc0da DH |
2275 | if(NULL != hostres) |
2276 | ldap_msgfree (hostres); | |
2277 | ldap_stop(); | |
743d6937 | 2278 | x_parser_free(&cfile); |
cf6bc0da DH |
2279 | return (ISC_R_FAILURE); |
2280 | } | |
2281 | ||
2282 | if ((hostent = ldap_first_entry (ld, hostres)) == NULL) | |
2283 | { | |
2284 | log_error ("Error: Cannot find LDAP entry matching %s", hfilter); | |
2285 | ldap_msgfree (hostres); | |
2286 | ldap_stop(); | |
743d6937 | 2287 | x_parser_free(&cfile); |
cf6bc0da DH |
2288 | return (ISC_R_FAILURE); |
2289 | } | |
2290 | ||
2291 | hostdn = ldap_get_dn (ld, hostent); | |
2292 | #if defined(DEBUG_LDAP) | |
2293 | if (hostdn != NULL) | |
2294 | log_info ("Found dhcpServer LDAP entry '%s'", hostdn); | |
2295 | #endif | |
2296 | ||
2297 | if (hostdn == NULL || | |
2298 | (tempbv = ldap_get_values_len (ld, hostent, "dhcpServiceDN")) == NULL || | |
2299 | tempbv[0] == NULL) | |
2300 | { | |
743d6937 TM |
2301 | log_error ("Error: No dhcp service is associated with the server %s %s", |
2302 | (hostdn ? "dn" : "name"), (hostdn ? hostdn : | |
2303 | (ldap_dhcp_server_cn ? ldap_dhcp_server_cn : unme.nodename))); | |
cf6bc0da DH |
2304 | |
2305 | if (tempbv != NULL) | |
2306 | ldap_value_free_len (tempbv); | |
2307 | ||
2308 | if (hostdn) | |
2309 | ldap_memfree (hostdn); | |
2310 | ldap_msgfree (hostres); | |
2311 | ldap_stop(); | |
743d6937 | 2312 | x_parser_free(&cfile); |
cf6bc0da DH |
2313 | return (ISC_R_FAILURE); |
2314 | } | |
2315 | ||
2316 | #if defined(DEBUG_LDAP) | |
2317 | log_info ("LDAP: Parsing dhcpServer options '%s' ...", hostdn); | |
2318 | #endif | |
2319 | ||
743d6937 TM |
2320 | res = ldap_parse_entry_options(hostent, cfile, NULL); |
2321 | if (res != ISC_R_SUCCESS) | |
cf6bc0da | 2322 | { |
743d6937 TM |
2323 | ldap_value_free_len (tempbv); |
2324 | ldap_msgfree (hostres); | |
2325 | ldap_memfree (hostdn); | |
2326 | ldap_stop(); | |
2327 | x_parser_free(&cfile); | |
2328 | return res; | |
2329 | } | |
cf6bc0da | 2330 | |
743d6937 TM |
2331 | if (x_parser_length(cfile) > 0) |
2332 | { | |
35b6560b TM |
2333 | ldap_write_debug(cfile->inbuf, cfile->buflen); |
2334 | ||
cf6bc0da DH |
2335 | res = conf_file_subparse (cfile, root_group, ROOT_GROUP); |
2336 | if (res != ISC_R_SUCCESS) | |
2337 | { | |
2338 | log_error ("LDAP: cannot parse dhcpServer entry '%s'", hostdn); | |
743d6937 TM |
2339 | ldap_value_free_len (tempbv); |
2340 | ldap_msgfree (hostres); | |
cf6bc0da DH |
2341 | ldap_memfree (hostdn); |
2342 | ldap_stop(); | |
743d6937 | 2343 | x_parser_free(&cfile); |
cf6bc0da DH |
2344 | return res; |
2345 | } | |
743d6937 | 2346 | x_parser_reset(cfile); |
cf6bc0da DH |
2347 | } |
2348 | ldap_msgfree (hostres); | |
2349 | ||
cf6bc0da DH |
2350 | res = ISC_R_SUCCESS; |
2351 | for (cnt=0; tempbv[cnt] != NULL; cnt++) | |
2352 | { | |
743d6937 TM |
2353 | |
2354 | if (_do_ldap_str2esc_filter_bv(hostdn, 0, &bv_o[0]) == NULL) | |
2355 | { | |
2356 | log_error ("Cannot escape ldap filter value %s: %m", hostdn); | |
2357 | res = ISC_R_FAILURE; | |
2358 | break; | |
2359 | } | |
2360 | ||
cf6bc0da | 2361 | snprintf(sfilter, sizeof(sfilter), "(&(objectClass=dhcpService)" |
743d6937 TM |
2362 | "(|(|(dhcpPrimaryDN=%s)(dhcpSecondaryDN=%s))(dhcpServerDN=%s)))", |
2363 | bv_o[0].bv_val, bv_o[0].bv_val, bv_o[0].bv_val); | |
2364 | ||
2365 | ber_memfree(bv_o[0].bv_val); | |
2366 | ||
cf6bc0da DH |
2367 | ldres = NULL; |
2368 | if ((ret = ldap_search_ext_s (ld, tempbv[cnt]->bv_val, LDAP_SCOPE_BASE, | |
2369 | sfilter, NULL, 0, NULL, NULL, NULL, | |
2370 | 0, &ldres)) != LDAP_SUCCESS) | |
2371 | { | |
2372 | log_error ("Error searching for dhcpServiceDN '%s': %s. Please update the LDAP entry '%s'", | |
2373 | tempbv[cnt]->bv_val, ldap_err2string (ret), hostdn); | |
2374 | if(NULL != ldres) | |
2375 | ldap_msgfree(ldres); | |
2376 | res = ISC_R_FAILURE; | |
2377 | break; | |
2378 | } | |
2379 | ||
2380 | if ((ent = ldap_first_entry (ld, ldres)) == NULL) | |
2381 | { | |
743d6937 | 2382 | log_error ("Error: Cannot find dhcpService DN '%s' with server reference. Please update the LDAP server entry '%s'", |
cf6bc0da DH |
2383 | tempbv[cnt]->bv_val, hostdn); |
2384 | ||
2385 | ldap_msgfree(ldres); | |
2386 | res = ISC_R_FAILURE; | |
2387 | break; | |
2388 | } | |
2389 | ||
2390 | /* | |
2391 | ** FIXME: how to free the remembered dn's on exit? | |
2392 | ** This should be OK if dmalloc registers the | |
2393 | ** memory it allocated and frees it on exit.. | |
2394 | */ | |
2395 | ||
2396 | curr = dmalloc (sizeof (*curr), MDL); | |
2397 | if (curr != NULL) | |
2398 | { | |
2399 | length = strlen (tempbv[cnt]->bv_val); | |
2400 | curr->dn = dmalloc (length + 1, MDL); | |
2401 | if (curr->dn == NULL) | |
2402 | { | |
2403 | dfree (curr, MDL); | |
2404 | curr = NULL; | |
2405 | } | |
2406 | else | |
2407 | strcpy (curr->dn, tempbv[cnt]->bv_val); | |
2408 | } | |
2409 | ||
2410 | if (curr != NULL) | |
2411 | { | |
2412 | curr->refs++; | |
2413 | ||
2414 | /* append to service-dn list */ | |
2415 | if (ldap_service_dn_tail != NULL) | |
2416 | ldap_service_dn_tail->next = curr; | |
2417 | else | |
2418 | ldap_service_dn_head = curr; | |
2419 | ||
2420 | ldap_service_dn_tail = curr; | |
2421 | } | |
2422 | else | |
2423 | log_fatal ("no memory to remember ldap service dn"); | |
2424 | ||
2425 | #if defined (DEBUG_LDAP) | |
743d6937 | 2426 | log_info ("LDAP: Parsing dhcpService DN '%s' ...", tempbv[cnt]->bv_val); |
cf6bc0da DH |
2427 | #endif |
2428 | add_to_config_stack (ldres, ent); | |
2429 | res = conf_file_subparse (cfile, root_group, ROOT_GROUP); | |
2430 | if (res != ISC_R_SUCCESS) | |
2431 | { | |
2432 | log_error ("LDAP: cannot parse dhcpService entry '%s'", tempbv[cnt]->bv_val); | |
2433 | break; | |
2434 | } | |
2435 | } | |
2436 | ||
743d6937 | 2437 | x_parser_free(&cfile); |
cf6bc0da DH |
2438 | ldap_close_debug_fd(); |
2439 | ||
2440 | ldap_memfree (hostdn); | |
2441 | ldap_value_free_len (tempbv); | |
2442 | ||
2443 | if (res != ISC_R_SUCCESS) | |
2444 | { | |
2445 | struct ldap_config_stack *temp_stack; | |
2446 | ||
2447 | while ((curr = ldap_service_dn_head) != NULL) | |
2448 | { | |
2449 | ldap_service_dn_head = curr->next; | |
2450 | dfree (curr->dn, MDL); | |
2451 | dfree (curr, MDL); | |
2452 | } | |
2453 | ||
2454 | ldap_service_dn_tail = NULL; | |
2455 | ||
2456 | while ((temp_stack = ldap_stack) != NULL) | |
2457 | { | |
2458 | ldap_stack = temp_stack->next; | |
2459 | free_stack_entry (temp_stack); | |
2460 | } | |
2461 | ||
2462 | ldap_stop(); | |
2463 | } | |
2464 | ||
2465 | /* Unbind from ldap immediately after reading config in static mode. */ | |
2466 | if (ldap_method == LDAP_METHOD_STATIC) | |
2467 | ldap_stop(); | |
2468 | ||
2469 | return (res); | |
2470 | } | |
2471 | ||
2472 | ||
2473 | /* This function will parse the dhcpOption and dhcpStatements field in the LDAP | |
2474 | entry if it exists. Right now, type will be either HOST_DECL or CLASS_DECL. | |
2475 | If we are parsing a HOST_DECL, this always returns 0. If we are parsing a | |
2476 | CLASS_DECL, this will return what the current lease limit is in LDAP. If | |
2477 | there is no lease limit specified, we return 0 */ | |
2478 | ||
2479 | static int | |
2480 | ldap_parse_options (LDAPMessage * ent, struct group *group, | |
2481 | int type, struct host_decl *host, | |
2482 | struct class **class) | |
2483 | { | |
2484 | int declaration, lease_limit; | |
cf6bc0da DH |
2485 | enum dhcp_token token; |
2486 | struct parse *cfile; | |
2487 | isc_result_t res; | |
2488 | const char *val; | |
2489 | ||
2490 | lease_limit = 0; | |
743d6937 TM |
2491 | cfile = x_parser_init(type == HOST_DECL ? "LDAP-HOST" : "LDAP-SUBCLASS"); |
2492 | if (cfile == NULL) | |
2493 | return (lease_limit); | |
2494 | ||
2495 | /* This block of code will try to find the parent of the host, and | |
2496 | if it is a group object, fetch the options and apply to the host. */ | |
cf6bc0da DH |
2497 | if (type == HOST_DECL) |
2498 | { | |
2499 | char *hostdn, *basedn, *temp1, *temp2, filter[1024]; | |
2500 | LDAPMessage *groupdn, *entry; | |
2501 | int ret; | |
2502 | ||
2503 | hostdn = ldap_get_dn (ld, ent); | |
2504 | if( hostdn != NULL) | |
2505 | { | |
2506 | basedn = NULL; | |
2507 | ||
2508 | temp1 = strchr (hostdn, '='); | |
2509 | if (temp1 != NULL) | |
2510 | temp1 = strchr (++temp1, '='); | |
2511 | if (temp1 != NULL) | |
2512 | temp2 = strchr (++temp1, ','); | |
2513 | else | |
2514 | temp2 = NULL; | |
2515 | ||
2516 | if (temp2 != NULL) | |
2517 | { | |
743d6937 TM |
2518 | struct berval bv_o; |
2519 | ||
2520 | if (_do_ldap_str2esc_filter_bv(temp1, (temp2 - temp1), &bv_o) == NULL) | |
2521 | { | |
2522 | log_error ("Cannot escape ldap filter value %.*s: %m", | |
2523 | (int)(temp2 - temp1), temp1); | |
2524 | filter[0] = '\0'; | |
2525 | } | |
2526 | else | |
2527 | { | |
2528 | snprintf (filter, sizeof(filter), | |
2529 | "(&(cn=%s)(objectClass=dhcpGroup))", | |
2530 | bv_o.bv_val); | |
2531 | ||
2532 | ber_memfree(bv_o.bv_val); | |
2533 | } | |
cf6bc0da DH |
2534 | |
2535 | basedn = strchr (temp1, ','); | |
2536 | if (basedn != NULL) | |
2537 | ++basedn; | |
2538 | } | |
2539 | ||
743d6937 | 2540 | if (basedn != NULL && *basedn != '\0' && filter[0] != '\0') |
cf6bc0da DH |
2541 | { |
2542 | ret = ldap_search_ext_s (ld, basedn, LDAP_SCOPE_SUBTREE, filter, | |
2543 | NULL, 0, NULL, NULL, NULL, 0, &groupdn); | |
2544 | if (ret == LDAP_SUCCESS) | |
2545 | { | |
2546 | if ((entry = ldap_first_entry (ld, groupdn)) != NULL) | |
2547 | { | |
743d6937 | 2548 | res = ldap_parse_entry_options (entry, cfile, &lease_limit); |
cf6bc0da DH |
2549 | if (res != ISC_R_SUCCESS) |
2550 | { | |
2551 | /* reset option buffer discarding any results */ | |
743d6937 | 2552 | x_parser_reset(cfile); |
cf6bc0da DH |
2553 | lease_limit = 0; |
2554 | } | |
2555 | } | |
2556 | ldap_msgfree( groupdn); | |
2557 | } | |
2558 | } | |
2559 | ldap_memfree( hostdn); | |
2560 | } | |
2561 | } | |
2562 | ||
743d6937 | 2563 | res = ldap_parse_entry_options (ent, cfile, &lease_limit); |
cf6bc0da | 2564 | if (res != ISC_R_SUCCESS) |
743d6937 TM |
2565 | { |
2566 | x_parser_free(&cfile); | |
2567 | return (lease_limit); | |
2568 | } | |
cf6bc0da | 2569 | |
743d6937 TM |
2570 | if (x_parser_length(cfile) == 0) |
2571 | { | |
2572 | x_parser_free(&cfile); | |
2573 | return (lease_limit); | |
2574 | } | |
cf6bc0da DH |
2575 | |
2576 | declaration = 0; | |
2577 | do | |
2578 | { | |
2579 | token = peek_token (&val, NULL, cfile); | |
2580 | if (token == END_OF_FILE) | |
2581 | break; | |
2582 | declaration = parse_statement (cfile, group, type, host, declaration); | |
2583 | } while (1); | |
2584 | ||
743d6937 | 2585 | x_parser_free(&cfile); |
cf6bc0da DH |
2586 | |
2587 | return (lease_limit); | |
2588 | } | |
2589 | ||
2590 | ||
2591 | ||
2592 | int | |
2593 | find_haddr_in_ldap (struct host_decl **hp, int htype, unsigned hlen, | |
2594 | const unsigned char *haddr, const char *file, int line) | |
2595 | { | |
2596 | char buf[128], *type_str; | |
2597 | LDAPMessage * res, *ent; | |
2598 | struct host_decl * host; | |
2599 | isc_result_t status; | |
2600 | ldap_dn_node *curr; | |
743d6937 TM |
2601 | char up_hwaddr[20]; |
2602 | char lo_hwaddr[20]; | |
cf6bc0da | 2603 | int ret; |
743d6937 TM |
2604 | struct berval bv_o[2]; |
2605 | ||
2606 | *hp = NULL; | |
2607 | ||
cf6bc0da DH |
2608 | |
2609 | if (ldap_method == LDAP_METHOD_STATIC) | |
2610 | return (0); | |
2611 | ||
2612 | if (ld == NULL) | |
2613 | ldap_start (); | |
2614 | if (ld == NULL) | |
2615 | return (0); | |
2616 | ||
2617 | switch (htype) | |
2618 | { | |
2619 | case HTYPE_ETHER: | |
2620 | type_str = "ethernet"; | |
2621 | break; | |
2622 | case HTYPE_IEEE802: | |
2623 | type_str = "token-ring"; | |
2624 | break; | |
2625 | case HTYPE_FDDI: | |
2626 | type_str = "fddi"; | |
2627 | break; | |
2628 | default: | |
2629 | log_info ("Ignoring unknown type %d", htype); | |
2630 | return (0); | |
2631 | } | |
2632 | ||
2633 | /* | |
2634 | ** FIXME: It is not guaranteed, that the dhcpHWAddress attribute | |
2635 | ** contains _exactly_ "type addr" with one space between! | |
2636 | */ | |
743d6937 TM |
2637 | snprintf(lo_hwaddr, sizeof(lo_hwaddr), "%s", |
2638 | print_hw_addr (htype, hlen, haddr)); | |
2639 | x_strxform(up_hwaddr, lo_hwaddr, sizeof(up_hwaddr), toupper); | |
2640 | ||
2641 | if (_do_ldap_str2esc_filter_bv(lo_hwaddr, 0, &bv_o[0]) == NULL) | |
2642 | { | |
2643 | log_error ("Cannot escape ldap filter value %s: %m", lo_hwaddr); | |
2644 | return (0); | |
2645 | } | |
2646 | if (_do_ldap_str2esc_filter_bv(up_hwaddr, 0, &bv_o[1]) == NULL) | |
2647 | { | |
2648 | log_error ("Cannot escape ldap filter value %s: %m", up_hwaddr); | |
2649 | ber_memfree(bv_o[0].bv_val); | |
2650 | return (0); | |
2651 | } | |
2652 | ||
cf6bc0da | 2653 | snprintf (buf, sizeof (buf), |
743d6937 TM |
2654 | "(&(objectClass=dhcpHost)(|(dhcpHWAddress=%s %s)(dhcpHWAddress=%s %s)))", |
2655 | type_str, bv_o[0].bv_val, type_str, bv_o[1].bv_val); | |
2656 | ||
2657 | ber_memfree(bv_o[0].bv_val); | |
2658 | ber_memfree(bv_o[1].bv_val); | |
cf6bc0da DH |
2659 | |
2660 | res = ent = NULL; | |
2661 | for (curr = ldap_service_dn_head; | |
2662 | curr != NULL && *curr->dn != '\0'; | |
2663 | curr = curr->next) | |
2664 | { | |
2665 | #if defined (DEBUG_LDAP) | |
2666 | log_info ("Searching for %s in LDAP tree %s", buf, curr->dn); | |
2667 | #endif | |
2668 | ret = ldap_search_ext_s (ld, curr->dn, LDAP_SCOPE_SUBTREE, buf, NULL, 0, | |
2669 | NULL, NULL, NULL, 0, &res); | |
2670 | ||
2671 | if(ret == LDAP_SERVER_DOWN) | |
2672 | { | |
2673 | log_info ("LDAP server was down, trying to reconnect..."); | |
2674 | ||
2675 | ldap_stop(); | |
2676 | ldap_start(); | |
2677 | if(ld == NULL) | |
2678 | { | |
2679 | log_info ("LDAP reconnect failed - try again later..."); | |
2680 | return (0); | |
2681 | } | |
2682 | ||
2683 | ret = ldap_search_ext_s (ld, curr->dn, LDAP_SCOPE_SUBTREE, buf, NULL, | |
2684 | 0, NULL, NULL, NULL, 0, &res); | |
2685 | } | |
2686 | ||
2687 | if (ret == LDAP_SUCCESS) | |
2688 | { | |
743d6937 | 2689 | ent = ldap_first_entry (ld, res); |
cf6bc0da | 2690 | #if defined (DEBUG_LDAP) |
743d6937 TM |
2691 | if (ent == NULL) { |
2692 | log_info ("No host entry for %s in LDAP tree %s", | |
2693 | buf, curr->dn); | |
2694 | } | |
2695 | #endif | |
2696 | while (ent != NULL) { | |
2697 | #if defined (DEBUG_LDAP) | |
2698 | char *dn = ldap_get_dn (ld, ent); | |
2699 | if (dn != NULL) | |
2700 | { | |
2701 | log_info ("Found dhcpHWAddress LDAP entry %s", dn); | |
2702 | ldap_memfree(dn); | |
2703 | } | |
cf6bc0da | 2704 | #endif |
743d6937 TM |
2705 | |
2706 | host = (struct host_decl *)0; | |
2707 | status = host_allocate (&host, MDL); | |
2708 | if (status != ISC_R_SUCCESS) | |
2709 | { | |
2710 | log_fatal ("can't allocate host decl struct: %s", | |
2711 | isc_result_totext (status)); | |
2712 | ldap_msgfree (res); | |
2713 | return (0); | |
2714 | } | |
2715 | ||
2716 | host->name = ldap_get_host_name (ent); | |
2717 | if (host->name == NULL) | |
2718 | { | |
2719 | host_dereference (&host, MDL); | |
2720 | ldap_msgfree (res); | |
2721 | return (0); | |
2722 | } | |
2723 | ||
2724 | if (!clone_group (&host->group, root_group, MDL)) | |
2725 | { | |
2726 | log_fatal ("can't clone group for host %s", host->name); | |
2727 | host_dereference (&host, MDL); | |
2728 | ldap_msgfree (res); | |
2729 | return (0); | |
2730 | } | |
2731 | ||
2732 | ldap_parse_options (ent, host->group, HOST_DECL, host, NULL); | |
2733 | ||
2734 | host->n_ipaddr = *hp; | |
2735 | *hp = host; | |
2736 | ent = ldap_next_entry (ld, ent); | |
2737 | } | |
cf6bc0da DH |
2738 | if(res) |
2739 | { | |
2740 | ldap_msgfree (res); | |
2741 | res = NULL; | |
2742 | } | |
743d6937 | 2743 | return (*hp != NULL); |
cf6bc0da DH |
2744 | } |
2745 | else | |
2746 | { | |
2747 | if(res) | |
2748 | { | |
2749 | ldap_msgfree (res); | |
2750 | res = NULL; | |
2751 | } | |
2752 | ||
2753 | if (ret != LDAP_NO_SUCH_OBJECT && ret != LDAP_SUCCESS) | |
2754 | { | |
2755 | log_error ("Cannot search for %s in LDAP tree %s: %s", buf, | |
2756 | curr->dn, ldap_err2string (ret)); | |
2757 | ldap_stop(); | |
2758 | return (0); | |
2759 | } | |
2760 | #if defined (DEBUG_LDAP) | |
2761 | else | |
2762 | { | |
2763 | log_info ("ldap_search_ext_s returned %s when searching for %s in %s", | |
2764 | ldap_err2string (ret), buf, curr->dn); | |
2765 | } | |
2766 | #endif | |
2767 | } | |
2768 | } | |
2769 | ||
cf6bc0da DH |
2770 | return (0); |
2771 | } | |
2772 | ||
2773 | ||
2774 | int | |
2775 | find_subclass_in_ldap (struct class *class, struct class **newclass, | |
2776 | struct data_string *data) | |
2777 | { | |
2778 | LDAPMessage * res, * ent; | |
2779 | int ret, lease_limit; | |
2780 | isc_result_t status; | |
2781 | ldap_dn_node *curr; | |
743d6937 TM |
2782 | char buf[2048]; |
2783 | struct berval bv_class; | |
2784 | struct berval bv_cdata; | |
2785 | char *hex_1; | |
cf6bc0da DH |
2786 | |
2787 | if (ldap_method == LDAP_METHOD_STATIC) | |
2788 | return (0); | |
2789 | ||
2790 | if (ld == NULL) | |
2791 | ldap_start (); | |
2792 | if (ld == NULL) | |
2793 | return (0); | |
2794 | ||
743d6937 TM |
2795 | hex_1 = print_hex_1 (data->len, data->data, 1024); |
2796 | if (*hex_1 == '"') | |
2797 | { | |
2798 | /* result is a quotted not hex string: ldap escape the original string */ | |
2799 | if (_do_ldap_str2esc_filter_bv((const char*)data->data, data->len, &bv_cdata) == NULL) | |
2800 | { | |
2801 | log_error ("Cannot escape ldap filter value %s: %m", hex_1); | |
2802 | return (0); | |
2803 | } | |
2804 | hex_1 = NULL; | |
2805 | } | |
2806 | if (_do_ldap_str2esc_filter_bv(class->name, strlen (class->name), &bv_class) == NULL) | |
2807 | { | |
2808 | log_error ("Cannot escape ldap filter value %s: %m", class->name); | |
2809 | if (hex_1 == NULL) | |
2810 | ber_memfree(bv_cdata.bv_val); | |
2811 | return (0); | |
2812 | } | |
2813 | ||
cf6bc0da DH |
2814 | snprintf (buf, sizeof (buf), |
2815 | "(&(objectClass=dhcpSubClass)(cn=%s)(dhcpClassData=%s))", | |
743d6937 TM |
2816 | (hex_1 == NULL ? bv_cdata.bv_val : hex_1), bv_class.bv_val); |
2817 | ||
2818 | if (hex_1 == NULL) | |
2819 | ber_memfree(bv_cdata.bv_val); | |
2820 | ber_memfree(bv_class.bv_val); | |
2821 | ||
cf6bc0da DH |
2822 | #if defined (DEBUG_LDAP) |
2823 | log_info ("Searching LDAP for %s", buf); | |
2824 | #endif | |
2825 | ||
2826 | res = ent = NULL; | |
2827 | for (curr = ldap_service_dn_head; | |
2828 | curr != NULL && *curr->dn != '\0'; | |
2829 | curr = curr->next) | |
2830 | { | |
2831 | #if defined (DEBUG_LDAP) | |
2832 | log_info ("Searching for %s in LDAP tree %s", buf, curr->dn); | |
2833 | #endif | |
2834 | ret = ldap_search_ext_s (ld, curr->dn, LDAP_SCOPE_SUBTREE, buf, NULL, 0, | |
2835 | NULL, NULL, NULL, 0, &res); | |
2836 | ||
2837 | if(ret == LDAP_SERVER_DOWN) | |
2838 | { | |
2839 | log_info ("LDAP server was down, trying to reconnect..."); | |
2840 | ||
2841 | ldap_stop(); | |
2842 | ldap_start(); | |
2843 | ||
2844 | if(ld == NULL) | |
2845 | { | |
2846 | log_info ("LDAP reconnect failed - try again later..."); | |
2847 | return (0); | |
2848 | } | |
2849 | ||
2850 | ret = ldap_search_ext_s (ld, curr->dn, LDAP_SCOPE_SUBTREE, buf, | |
2851 | NULL, 0, NULL, NULL, NULL, 0, &res); | |
2852 | } | |
2853 | ||
2854 | if (ret == LDAP_SUCCESS) | |
2855 | { | |
2856 | if( (ent = ldap_first_entry (ld, res)) != NULL) | |
2857 | break; /* search OK and have entry */ | |
2858 | ||
2859 | #if defined (DEBUG_LDAP) | |
2860 | log_info ("No subclass entry for %s in LDAP tree %s", | |
2861 | buf, curr->dn); | |
2862 | #endif | |
2863 | if(res) | |
2864 | { | |
2865 | ldap_msgfree (res); | |
2866 | res = NULL; | |
2867 | } | |
2868 | } | |
2869 | else | |
2870 | { | |
2871 | if(res) | |
2872 | { | |
2873 | ldap_msgfree (res); | |
2874 | res = NULL; | |
2875 | } | |
2876 | ||
2877 | if (ret != LDAP_NO_SUCH_OBJECT && ret != LDAP_SUCCESS) | |
2878 | { | |
2879 | log_error ("Cannot search for %s in LDAP tree %s: %s", buf, | |
2880 | curr->dn, ldap_err2string (ret)); | |
2881 | ldap_stop(); | |
2882 | return (0); | |
2883 | } | |
2884 | #if defined (DEBUG_LDAP) | |
2885 | else | |
2886 | { | |
2887 | log_info ("ldap_search_ext_s returned %s when searching for %s in %s", | |
2888 | ldap_err2string (ret), buf, curr->dn); | |
2889 | } | |
2890 | #endif | |
2891 | } | |
2892 | } | |
2893 | ||
2894 | if (res && ent) | |
2895 | { | |
2896 | #if defined (DEBUG_LDAP) | |
2897 | char *dn = ldap_get_dn (ld, ent); | |
2898 | if (dn != NULL) | |
2899 | { | |
2900 | log_info ("Found subclass LDAP entry %s", dn); | |
2901 | ldap_memfree(dn); | |
2902 | } | |
2903 | #endif | |
2904 | ||
2905 | status = class_allocate (newclass, MDL); | |
2906 | if (status != ISC_R_SUCCESS) | |
2907 | { | |
2908 | log_error ("Cannot allocate memory for a new class"); | |
2909 | ldap_msgfree (res); | |
2910 | return (0); | |
2911 | } | |
2912 | ||
2913 | group_reference (&(*newclass)->group, class->group, MDL); | |
2914 | class_reference (&(*newclass)->superclass, class, MDL); | |
2915 | lease_limit = ldap_parse_options (ent, (*newclass)->group, | |
2916 | CLASS_DECL, NULL, newclass); | |
2917 | if (lease_limit == 0) | |
2918 | (*newclass)->lease_limit = class->lease_limit; | |
2919 | else | |
2920 | class->lease_limit = lease_limit; | |
2921 | ||
2922 | if ((*newclass)->lease_limit) | |
2923 | { | |
2924 | (*newclass)->billed_leases = | |
2925 | dmalloc ((*newclass)->lease_limit * sizeof (struct lease *), MDL); | |
2926 | if (!(*newclass)->billed_leases) | |
2927 | { | |
2928 | log_error ("no memory for billing"); | |
2929 | class_dereference (newclass, MDL); | |
2930 | ldap_msgfree (res); | |
2931 | return (0); | |
2932 | } | |
2933 | memset ((*newclass)->billed_leases, 0, | |
0f750c4f | 2934 | ((*newclass)->lease_limit * sizeof (struct lease *))); |
cf6bc0da DH |
2935 | } |
2936 | ||
2937 | data_string_copy (&(*newclass)->hash_string, data, MDL); | |
2938 | ||
2939 | ldap_msgfree (res); | |
2940 | return (1); | |
2941 | } | |
2942 | ||
2943 | if(res) ldap_msgfree (res); | |
2944 | return (0); | |
2945 | } | |
2946 | ||
743d6937 TM |
2947 | int find_client_in_ldap (struct host_decl **hp, struct packet *packet, |
2948 | struct option_state *state, const char *file, int line) | |
2949 | { | |
2950 | LDAPMessage * res, * ent; | |
2951 | ldap_dn_node *curr; | |
2952 | struct host_decl * host; | |
2953 | isc_result_t status; | |
2954 | struct data_string client_id; | |
2955 | char buf[1024], buf1[1024]; | |
2956 | int ret; | |
2957 | ||
2958 | if (ldap_method == LDAP_METHOD_STATIC) | |
2959 | return (0); | |
2960 | ||
2961 | if (ld == NULL) | |
2962 | ldap_start (); | |
2963 | if (ld == NULL) | |
2964 | return (0); | |
2965 | ||
2966 | memset(&client_id, 0, sizeof(client_id)); | |
2967 | if (get_client_id(packet, &client_id) != ISC_R_SUCCESS) | |
2968 | return (0); | |
2969 | snprintf(buf, sizeof(buf), | |
2970 | "(&(objectClass=dhcpHost)(dhcpClientId=%s))", | |
2971 | print_hw_addr(0, client_id.len, client_id.data)); | |
2972 | ||
2973 | /* log_info ("Searching LDAP for %s (%s)", buf, packet->interface->shared_network->name); */ | |
2974 | ||
2975 | res = ent = NULL; | |
2976 | for (curr = ldap_service_dn_head; | |
2977 | curr != NULL && *curr->dn != '\0'; | |
2978 | curr = curr->next) | |
2979 | { | |
2980 | snprintf(buf1, sizeof(buf1), "cn=%s,%s", packet->interface->shared_network->name, curr->dn); | |
2981 | #if defined (DEBUG_LDAP) | |
2982 | log_info ("Searching for %s in LDAP tree %s", buf, buf1); | |
2983 | #endif | |
2984 | ret = ldap_search_ext_s (ld, buf1, LDAP_SCOPE_SUBTREE, buf, NULL, 0, | |
2985 | NULL, NULL, NULL, 0, &res); | |
2986 | ||
2987 | if(ret == LDAP_SERVER_DOWN) | |
2988 | { | |
2989 | log_info ("LDAP server was down, trying to reconnect..."); | |
2990 | ||
2991 | ldap_stop(); | |
2992 | ldap_start(); | |
2993 | ||
2994 | if(ld == NULL) | |
2995 | { | |
2996 | log_info ("LDAP reconnect failed - try again later..."); | |
2997 | return (0); | |
2998 | } | |
2999 | ||
3000 | ret = ldap_search_ext_s (ld, buf1, LDAP_SCOPE_SUBTREE, buf, | |
3001 | NULL, 0, NULL, NULL, NULL, 0, &res); | |
3002 | } | |
3003 | ||
3004 | if (ret == LDAP_SUCCESS) | |
3005 | { | |
3006 | if( (ent = ldap_first_entry (ld, res)) != NULL) { | |
3007 | log_info ("found entry in search %s", buf1); | |
3008 | break; /* search OK and have entry */ | |
3009 | } | |
3010 | ||
3011 | #if defined (DEBUG_LDAP) | |
3012 | log_info ("No subclass entry for %s in LDAP tree %s", buf, curr->dn); | |
3013 | #endif | |
3014 | if(res) | |
3015 | { | |
3016 | ldap_msgfree (res); | |
3017 | res = NULL; | |
3018 | } | |
3019 | } | |
3020 | else | |
3021 | { | |
3022 | if(res) | |
3023 | { | |
3024 | ldap_msgfree (res); | |
3025 | res = NULL; | |
3026 | } | |
3027 | ||
3028 | if (ret != LDAP_NO_SUCH_OBJECT && ret != LDAP_SUCCESS) | |
3029 | { | |
3030 | log_error ("Cannot search for %s in LDAP tree %s: %s", buf, | |
3031 | curr->dn, ldap_err2string (ret)); | |
3032 | ldap_stop(); | |
3033 | return (0); | |
3034 | } | |
3035 | else | |
3036 | { | |
3037 | log_info ("did not find: %s", buf); | |
3038 | } | |
3039 | } | |
3040 | } | |
3041 | ||
3042 | if (res && ent) | |
3043 | { | |
3044 | #if defined (DEBUG_LDAP) | |
3045 | log_info ("ldap_get_dn %s", curr->dn); | |
3046 | char *dn = ldap_get_dn (ld, ent); | |
3047 | if (dn != NULL) | |
3048 | { | |
3049 | log_info ("Found subclass LDAP entry %s", dn); | |
3050 | ldap_memfree(dn); | |
3051 | } else { | |
3052 | log_info ("DN is null %s", dn); | |
3053 | } | |
3054 | #endif | |
3055 | ||
3056 | host = (struct host_decl *)0; | |
3057 | status = host_allocate (&host, MDL); | |
3058 | if (status != ISC_R_SUCCESS) | |
3059 | { | |
3060 | log_fatal ("can't allocate host decl struct: %s", | |
3061 | isc_result_totext (status)); | |
3062 | ldap_msgfree (res); | |
3063 | return (0); | |
3064 | } | |
3065 | ||
3066 | host->name = ldap_get_host_name (ent); | |
3067 | if (host->name == NULL) | |
3068 | { | |
3069 | host_dereference (&host, MDL); | |
3070 | ldap_msgfree (res); | |
3071 | return (0); | |
3072 | } | |
3073 | /* log_info ("Host name %s", host->name); */ | |
3074 | ||
3075 | if (!clone_group (&host->group, root_group, MDL)) | |
3076 | { | |
3077 | log_fatal ("can't clone group for host %s", host->name); | |
3078 | host_dereference (&host, MDL); | |
3079 | ldap_msgfree (res); | |
3080 | return (0); | |
3081 | } | |
3082 | ||
3083 | ldap_parse_options (ent, host->group, HOST_DECL, host, NULL); | |
3084 | ||
3085 | *hp = host; | |
3086 | ldap_msgfree (res); | |
3087 | return (1); | |
3088 | } | |
3089 | else | |
3090 | { | |
3091 | log_info ("did not find clientid: %s", buf); | |
3092 | } | |
3093 | ||
3094 | if(res) ldap_msgfree (res); | |
3095 | return (0); | |
3096 | ||
3097 | } | |
3098 | ||
3099 | #if defined(LDAP_USE_GSSAPI) | |
3100 | static int | |
3101 | _ldap_sasl_interact(LDAP *ld, unsigned flags, void *defaults, void *sin) | |
3102 | { | |
3103 | sasl_interact_t *in; | |
3104 | struct ldap_sasl_instance *ldap_inst = defaults; | |
3105 | int ret = LDAP_OTHER; | |
3106 | size_t size; | |
3107 | ||
3108 | if (ld == NULL || sin == NULL) | |
3109 | return LDAP_PARAM_ERROR; | |
3110 | ||
3111 | log_info("doing interactive bind"); | |
3112 | for (in = sin; in != NULL && in->id != SASL_CB_LIST_END; in++) { | |
3113 | switch (in->id) { | |
3114 | case SASL_CB_USER: | |
3115 | log_info("got request for SASL_CB_USER %s", ldap_inst->sasl_authz_id); | |
3116 | size = strlen(ldap_inst->sasl_authz_id); | |
3117 | in->result = ldap_inst->sasl_authz_id; | |
3118 | in->len = size; | |
3119 | ret = LDAP_SUCCESS; | |
3120 | break; | |
3121 | case SASL_CB_GETREALM: | |
3122 | log_info("got request for SASL_CB_GETREALM %s", ldap_inst->sasl_realm); | |
3123 | size = strlen(ldap_inst->sasl_realm); | |
3124 | in->result = ldap_inst->sasl_realm; | |
3125 | in->len = size; | |
3126 | ret = LDAP_SUCCESS; | |
3127 | break; | |
3128 | case SASL_CB_AUTHNAME: | |
3129 | log_info("got request for SASL_CB_AUTHNAME %s", ldap_inst->sasl_authc_id); | |
3130 | size = strlen(ldap_inst->sasl_authc_id); | |
3131 | in->result = ldap_inst->sasl_authc_id; | |
3132 | in->len = size; | |
3133 | ret = LDAP_SUCCESS; | |
3134 | break; | |
3135 | case SASL_CB_PASS: | |
3136 | log_info("got request for SASL_CB_PASS %s", ldap_inst->sasl_password); | |
3137 | size = strlen(ldap_inst->sasl_password); | |
3138 | in->result = ldap_inst->sasl_password; | |
3139 | in->len = size; | |
3140 | ret = LDAP_SUCCESS; | |
3141 | break; | |
3142 | default: | |
3143 | goto cleanup; | |
3144 | } | |
3145 | } | |
3146 | return ret; | |
3147 | ||
3148 | cleanup: | |
3149 | in->result = NULL; | |
3150 | in->len = 0; | |
3151 | return LDAP_OTHER; | |
3152 | } | |
3153 | #endif /* LDAP_USE_GSSAPI */ | |
3154 | ||
3155 | ||
cf6bc0da | 3156 | #endif |