#include "dhcpd.h"
#include <signal.h>
#include <errno.h>
+#include <ctype.h>
+#include <netdb.h>
+#include <net/if.h>
+#include <ifaddrs.h>
+#include <string.h>
#if defined(LDAP_CONFIGURATION)
#include "ldap_casa.h"
#endif
+#if defined(LDAP_USE_GSSAPI)
+#include <sasl/sasl.h>
+#include "ldap_krb_helper.h"
+#endif
+
static LDAP * ld = NULL;
static char *ldap_server = NULL,
*ldap_username = NULL,
static int ldap_port = LDAP_PORT,
ldap_method = LDAP_METHOD_DYNAMIC,
ldap_referrals = -1,
- ldap_debug_fd = -1;
+ ldap_debug_fd = -1,
+ ldap_enable_retry = -1,
+ ldap_init_retry = -1;
#if defined (LDAP_USE_SSL)
static int ldap_use_ssl = -1, /* try TLS if possible */
ldap_tls_reqcert = -1,
*ldap_tls_ciphers = NULL,
*ldap_tls_randfile = NULL;
#endif
+
+#if defined (LDAP_USE_GSSAPI)
+static char *ldap_gssapi_keytab = NULL,
+ *ldap_gssapi_principal = NULL;
+
+struct ldap_sasl_instance {
+ char *sasl_mech;
+ char *sasl_realm;
+ char *sasl_authz_id;
+ char *sasl_authc_id;
+ char *sasl_password;
+};
+
+static struct ldap_sasl_instance *ldap_sasl_inst = NULL;
+
+static int
+_ldap_sasl_interact(LDAP *ld, unsigned flags, void *defaults, void *sin) ;
+#endif
+
static struct ldap_config_stack *ldap_stack = NULL;
typedef struct ldap_dn_node {
static ldap_dn_node *ldap_service_dn_head = NULL;
static ldap_dn_node *ldap_service_dn_tail = NULL;
+static int ldap_read_function (struct parse *cfile);
+
+static struct parse *
+x_parser_init(const char *name)
+{
+ struct parse *cfile;
+ isc_result_t res;
+ char *inbuf;
+
+ inbuf = dmalloc (LDAP_BUFFER_SIZE, MDL);
+ if (inbuf == NULL)
+ return NULL;
+
+ cfile = (struct parse *) NULL;
+ res = new_parse (&cfile, -1, inbuf, LDAP_BUFFER_SIZE, name, 0);
+ if (res != ISC_R_SUCCESS)
+ {
+ dfree(inbuf, MDL);
+ return NULL;
+ }
+ /* the buffer is still empty */
+ cfile->bufsiz = LDAP_BUFFER_SIZE;
+ cfile->buflen = cfile->bufix = 0;
+ /* attach ldap read function */
+ cfile->read_function = ldap_read_function;
+ return cfile;
+}
+
+static isc_result_t
+x_parser_free(struct parse **cfile)
+{
+ if (cfile && *cfile)
+ {
+ if ((*cfile)->inbuf)
+ dfree((*cfile)->inbuf, MDL);
+ (*cfile)->inbuf = NULL;
+ (*cfile)->bufsiz = 0;
+ return end_parse(cfile);
+ }
+ return ISC_R_SUCCESS;
+}
+
+static int
+x_parser_resize(struct parse *cfile, size_t len)
+{
+ size_t size;
+ char * temp;
+
+ /* grow by len rounded up at LDAP_BUFFER_SIZE */
+ size = cfile->bufsiz + (len | (LDAP_BUFFER_SIZE-1)) + 1;
+
+ /* realloc would be better, but there isn't any */
+ if ((temp = dmalloc (size, MDL)) != NULL)
+ {
+#if defined (DEBUG_LDAP)
+ log_info ("Reallocated %s buffer from %zu to %zu",
+ cfile->tlname, cfile->bufsiz, size);
+#endif
+ memcpy(temp, cfile->inbuf, cfile->bufsiz);
+ dfree(cfile->inbuf, MDL);
+ cfile->inbuf = temp;
+ cfile->bufsiz = size;
+ return 1;
+ }
+
+ /*
+ * Hmm... what is worser, consider it as fatal error and
+ * bail out completely or discard config data in hope it
+ * is "only" an option in dynamic host lookup?
+ */
+ log_error("Unable to reallocated %s buffer from %zu to %zu",
+ cfile->tlname, cfile->bufsiz, size);
+ return 0;
+}
static char *
-x_strncat(char *dst, const char *src, size_t dst_size)
+x_parser_strcat(struct parse *cfile, const char *str)
{
- size_t len = strlen(dst);
- return strncat(dst, src, dst_size > len ? dst_size - len - 1: 0);
+ size_t cur = strlen(cfile->inbuf);
+ size_t len = strlen(str);
+ size_t cnt;
+
+ if (cur + len >= cfile->bufsiz && !x_parser_resize(cfile, len))
+ return NULL;
+
+ cnt = cfile->bufsiz > cur ? cfile->bufsiz - cur - 1 : 0;
+ return strncat(cfile->inbuf, str, cnt);
+}
+
+static inline void
+x_parser_reset(struct parse *cfile)
+{
+ cfile->inbuf[0] = '\0';
+ cfile->bufix = cfile->buflen = 0;
+}
+
+static inline size_t
+x_parser_length(struct parse *cfile)
+{
+ cfile->buflen = strlen(cfile->inbuf);
+ return cfile->buflen;
+}
+
+static char *
+x_strxform(char *dst, const char *src, size_t dst_size,
+ int (*xform)(int))
+{
+ if(dst && src && dst_size)
+ {
+ size_t len, pos;
+
+ len = strlen(src);
+ for(pos=0; pos < len && pos + 1 < dst_size; pos++)
+ dst[pos] = xform((int)src[pos]);
+ dst[pos] = '\0';
+
+ return dst;
+ }
+ return NULL;
+}
+
+static int
+get_host_entry(char *fqdnname, size_t fqdnname_size,
+ char *hostaddr, size_t hostaddr_size)
+{
+#if defined(MAXHOSTNAMELEN)
+ char hname[MAXHOSTNAMELEN+1];
+#else
+ char hname[65];
+#endif
+ struct hostent *hp;
+
+ if (NULL == fqdnname || 1 >= fqdnname_size)
+ return -1;
+
+ memset(hname, 0, sizeof(hname));
+ if (gethostname(hname, sizeof(hname)-1))
+ return -1;
+
+ if (NULL == (hp = gethostbyname(hname)))
+ return -1;
+
+ strncpy(fqdnname, hp->h_name, fqdnname_size-1);
+ fqdnname[fqdnname_size-1] = '\0';
+
+ if (hostaddr != NULL)
+ {
+ if (hp->h_addr != NULL)
+ {
+ struct in_addr *aptr = (struct in_addr *)hp->h_addr;
+#if defined(HAVE_INET_NTOP)
+ if (hostaddr_size >= INET_ADDRSTRLEN &&
+ inet_ntop(AF_INET, aptr, hostaddr, hostaddr_size) != NULL)
+ {
+ return 0;
+ }
+#else
+ char *astr = inet_ntoa(*aptr);
+ size_t alen = strlen(astr);
+ if (astr && alen > 0 && hostaddr_size > alen)
+ {
+ strncpy(hostaddr, astr, hostaddr_size-1);
+ hostaddr[hostaddr_size-1] = '\0';
+ return 0;
+ }
+#endif
+ }
+ return -1;
+ }
+ return 0;
+}
+
+static int
+is_iface_address(struct ifaddrs *addrs, struct in_addr *addr)
+{
+ struct ifaddrs *ia;
+ struct sockaddr_in *sa;
+ int num = 0;
+
+ if(addrs == NULL || addr == NULL)
+ return -1;
+
+ for (ia = addrs; ia != NULL; ia = ia->ifa_next)
+ {
+ ++num;
+ if (ia->ifa_addr && (ia->ifa_flags & IFF_UP) &&
+ ia->ifa_addr->sa_family == AF_INET)
+ {
+ sa = (struct sockaddr_in *)(ia->ifa_addr);
+ if (addr->s_addr == sa->sin_addr.s_addr)
+ return num;
+ }
+ }
+ return 0;
+}
+
+static int
+get_host_address(const char *hostname, char *hostaddr, size_t hostaddr_size, struct ifaddrs *addrs)
+{
+ if (hostname && *hostname && hostaddr && hostaddr_size)
+ {
+ struct in_addr addr;
+
+#if defined(HAVE_INET_PTON)
+ if (inet_pton(AF_INET, hostname, &addr) == 1)
+#else
+ if (inet_aton(hostname, &addr) != 0)
+#endif
+ {
+ /* it is already IP address string */
+ if(strlen(hostname) < hostaddr_size)
+ {
+ strncpy(hostaddr, hostname, hostaddr_size-1);
+ hostaddr[hostaddr_size-1] = '\0';
+
+ if (addrs != NULL && is_iface_address (addrs, &addr) > 0)
+ return 1;
+ else
+ return 0;
+ }
+ }
+ else
+ {
+ struct hostent *hp;
+ if ((hp = gethostbyname(hostname)) != NULL && hp->h_addr != NULL)
+ {
+ struct in_addr *aptr = (struct in_addr *)hp->h_addr;
+ int mret = 0;
+
+ if (addrs != NULL)
+ {
+ char **h;
+ for (h=hp->h_addr_list; *h; h++)
+ {
+ struct in_addr *haddr = (struct in_addr *)*h;
+ if (is_iface_address (addrs, haddr) > 0)
+ {
+ aptr = haddr;
+ mret = 1;
+ }
+ }
+ }
+
+#if defined(HAVE_INET_NTOP)
+ if (hostaddr_size >= INET_ADDRSTRLEN &&
+ inet_ntop(AF_INET, aptr, hostaddr, hostaddr_size) != NULL)
+ {
+ return mret;
+ }
+#else
+ char *astr = inet_ntoa(*aptr);
+ size_t alen = strlen(astr);
+ if (astr && alen > 0 && alen < hostaddr_size)
+ {
+ strncpy(hostaddr, astr, hostaddr_size-1);
+ hostaddr[hostaddr_size-1] = '\0';
+ return mret;
+ }
+#endif
+ }
+ }
+ }
+ return -1;
}
static void
return;
}
- x_strncat (cfile->inbuf, "class \"", LDAP_BUFFER_SIZE);
- x_strncat (cfile->inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE);
- x_strncat (cfile->inbuf, "\" {\n", LDAP_BUFFER_SIZE);
+ x_parser_strcat (cfile, "class \"");
+ x_parser_strcat (cfile, tempbv[0]->bv_val);
+ x_parser_strcat (cfile, "\" {\n");
item->close_brace = 1;
ldap_value_free_len (tempbv);
}
+static int
+is_hex_string(const char *str)
+{
+ int colon = 1;
+ int xdigit = 0;
+ size_t i;
+
+ if (!str)
+ return 0;
+
+ if (*str == '-')
+ str++;
+
+ for (i=0; str[i]; ++i)
+ {
+ if (str[i] == ':')
+ {
+ xdigit = 0;
+ if(++colon > 1)
+ return 0;
+ }
+ else if(isxdigit((unsigned char)str[i]))
+ {
+ colon = 0;
+ if (++xdigit > 2)
+ return 0;
+ }
+ else
+ return 0;
+ }
+ return i > 0 && !colon;
+}
static void
ldap_parse_subclass (struct ldap_config_stack *item, struct parse *cfile)
{
struct berval **tempbv, **classdata;
+ char *tmp;
if ((tempbv = ldap_get_values_len (ld, item->ldent, "cn")) == NULL ||
tempbv[0] == NULL)
return;
}
- x_strncat (cfile->inbuf, "subclass ", LDAP_BUFFER_SIZE);
- x_strncat (cfile->inbuf, classdata[0]->bv_val, LDAP_BUFFER_SIZE);
- x_strncat (cfile->inbuf, " ", LDAP_BUFFER_SIZE);
- x_strncat (cfile->inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE);
- x_strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE);
+ x_parser_strcat (cfile, "subclass \"");
+ x_parser_strcat (cfile, classdata[0]->bv_val);
+ if (is_hex_string(tempbv[0]->bv_val))
+ {
+ x_parser_strcat (cfile, "\" ");
+ x_parser_strcat (cfile, tempbv[0]->bv_val);
+ x_parser_strcat (cfile, " {\n");
+ }
+ else
+ {
+ tmp = quotify_string(tempbv[0]->bv_val, MDL);
+ x_parser_strcat (cfile, "\" \"");
+ x_parser_strcat (cfile, tmp);
+ x_parser_strcat (cfile, "\" {\n");
+ dfree(tmp, MDL);
+ }
item->close_brace = 1;
ldap_value_free_len (tempbv);
hwaddr = ldap_get_values_len (ld, item->ldent, "dhcpHWAddress");
- x_strncat (cfile->inbuf, "host ", LDAP_BUFFER_SIZE);
- x_strncat (cfile->inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE);
+ x_parser_strcat (cfile, "host ");
+ x_parser_strcat (cfile, tempbv[0]->bv_val);
+ x_parser_strcat (cfile, " {\n");
- if (hwaddr != NULL && hwaddr[0] != NULL)
+ if (hwaddr != NULL)
{
- x_strncat (cfile->inbuf, " {\nhardware ", LDAP_BUFFER_SIZE);
- x_strncat (cfile->inbuf, hwaddr[0]->bv_val, LDAP_BUFFER_SIZE);
- x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+ if (hwaddr[0] != NULL)
+ {
+ x_parser_strcat (cfile, "hardware ");
+ x_parser_strcat (cfile, hwaddr[0]->bv_val);
+ x_parser_strcat (cfile, ";\n");
+ }
ldap_value_free_len (hwaddr);
}
return;
}
- x_strncat (cfile->inbuf, "shared-network \"", LDAP_BUFFER_SIZE);
- x_strncat (cfile->inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE);
- x_strncat (cfile->inbuf, "\" {\n", LDAP_BUFFER_SIZE);
+ x_parser_strcat (cfile, "shared-network \"");
+ x_parser_strcat (cfile, tempbv[0]->bv_val);
+ x_parser_strcat (cfile, "\" {\n");
item->close_brace = 1;
ldap_value_free_len (tempbv);
return;
}
- x_strncat (cfile->inbuf, "subnet ", LDAP_BUFFER_SIZE);
- x_strncat (cfile->inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE);
+ x_parser_strcat (cfile, "subnet ");
+ x_parser_strcat (cfile, tempbv[0]->bv_val);
- x_strncat (cfile->inbuf, " netmask ", LDAP_BUFFER_SIZE);
+ x_parser_strcat (cfile, " netmask ");
parse_netmask (strtol (netmaskstr[0]->bv_val, NULL, 10), netmaskbuf);
- x_strncat (cfile->inbuf, netmaskbuf, LDAP_BUFFER_SIZE);
+ x_parser_strcat (cfile, netmaskbuf);
- x_strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE);
+ x_parser_strcat (cfile, " {\n");
ldap_value_free_len (tempbv);
ldap_value_free_len (netmaskstr);
{
for (i=0; tempbv[i] != NULL; i++)
{
- x_strncat (cfile->inbuf, "range", LDAP_BUFFER_SIZE);
- x_strncat (cfile->inbuf, " ", LDAP_BUFFER_SIZE);
- x_strncat (cfile->inbuf, tempbv[i]->bv_val, LDAP_BUFFER_SIZE);
- x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+ x_parser_strcat (cfile, "range");
+ x_parser_strcat (cfile, " ");
+ x_parser_strcat (cfile, tempbv[i]->bv_val);
+ x_parser_strcat (cfile, ";\n");
}
+ ldap_value_free_len (tempbv);
}
item->close_brace = 1;
}
+static void
+ldap_parse_subnet6 (struct ldap_config_stack *item, struct parse *cfile)
+{
+ struct berval **tempbv;
+ int i;
+
+ if ((tempbv = ldap_get_values_len (ld, item->ldent, "cn")) == NULL ||
+ tempbv[0] == NULL)
+ {
+ if (tempbv != NULL)
+ ldap_value_free_len (tempbv);
+
+ return;
+ }
+
+ x_parser_strcat (cfile, "subnet6 ");
+ x_parser_strcat (cfile, tempbv[0]->bv_val);
+
+ x_parser_strcat (cfile, " {\n");
+
+ ldap_value_free_len (tempbv);
+
+ if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpRange")) != NULL)
+ {
+ for (i=0; tempbv[i] != NULL; i++)
+ {
+ x_parser_strcat (cfile, "range6");
+ x_parser_strcat (cfile, " ");
+ x_parser_strcat (cfile, tempbv[i]->bv_val);
+ x_parser_strcat (cfile, ";\n");
+ }
+ ldap_value_free_len (tempbv);
+ }
+
+ if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpPermitList")) != NULL)
+ {
+ for (i=0; tempbv[i] != NULL; i++)
+ {
+ x_parser_strcat (cfile, tempbv[i]->bv_val);
+ x_parser_strcat (cfile, ";\n");
+ }
+ ldap_value_free_len (tempbv);
+ }
+
+ item->close_brace = 1;
+}
static void
ldap_parse_pool (struct ldap_config_stack *item, struct parse *cfile)
struct berval **tempbv;
int i;
- x_strncat (cfile->inbuf, "pool {\n", LDAP_BUFFER_SIZE);
+ x_parser_strcat (cfile, "pool {\n");
if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpRange")) != NULL)
{
- x_strncat (cfile->inbuf, "range", LDAP_BUFFER_SIZE);
+ x_parser_strcat (cfile, "range");
for (i=0; tempbv[i] != NULL; i++)
{
- x_strncat (cfile->inbuf, " ", LDAP_BUFFER_SIZE);
- x_strncat (cfile->inbuf, tempbv[i]->bv_val, LDAP_BUFFER_SIZE);
+ x_parser_strcat (cfile, " ");
+ x_parser_strcat (cfile, tempbv[i]->bv_val);
}
- x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+ x_parser_strcat (cfile, ";\n");
ldap_value_free_len (tempbv);
}
{
for (i=0; tempbv[i] != NULL; i++)
{
- x_strncat (cfile->inbuf, tempbv[i]->bv_val, LDAP_BUFFER_SIZE);
- x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+ x_parser_strcat (cfile, tempbv[i]->bv_val);
+ x_parser_strcat (cfile, ";\n");
}
ldap_value_free_len (tempbv);
}
item->close_brace = 1;
}
+static void
+ldap_parse_pool6 (struct ldap_config_stack *item, struct parse *cfile)
+{
+ struct berval **tempbv;
+ int i;
+
+ x_parser_strcat (cfile, "pool {\n");
+
+ if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpRange")) != NULL)
+ {
+ x_parser_strcat (cfile, "range6");
+ for (i=0; tempbv[i] != NULL; i++)
+ {
+ x_parser_strcat (cfile, " ");
+ x_parser_strcat (cfile, tempbv[i]->bv_val);
+ }
+ x_parser_strcat (cfile, ";\n");
+ ldap_value_free_len (tempbv);
+ }
+
+ if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpPermitList")) != NULL)
+ {
+ for (i=0; tempbv[i] != NULL; i++)
+ {
+ x_parser_strcat(cfile, tempbv[i]->bv_val);
+ x_parser_strcat (cfile, ";\n");
+ }
+ ldap_value_free_len (tempbv);
+ }
+
+ item->close_brace = 1;
+}
static void
ldap_parse_group (struct ldap_config_stack *item, struct parse *cfile)
{
- x_strncat (cfile->inbuf, "group {\n", LDAP_BUFFER_SIZE);
+ x_parser_strcat (cfile, "group {\n");
item->close_brace = 1;
}
if ((tempbv = ldap_get_values_len (ld, item->ldent, "cn")) != NULL)
{
- x_strncat (cfile->inbuf, "key ", LDAP_BUFFER_SIZE);
- x_strncat (cfile->inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE);
- x_strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE);
+ x_parser_strcat (cfile, "key ");
+ x_parser_strcat (cfile, tempbv[0]->bv_val);
+ x_parser_strcat (cfile, " {\n");
ldap_value_free_len (tempbv);
}
if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpKeyAlgorithm")) != NULL)
{
- x_strncat (cfile->inbuf, "algorithm ", LDAP_BUFFER_SIZE);
- x_strncat (cfile->inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE);
- x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+ x_parser_strcat (cfile, "algorithm ");
+ x_parser_strcat (cfile, tempbv[0]->bv_val);
+ x_parser_strcat (cfile, ";\n");
ldap_value_free_len (tempbv);
}
if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpKeySecret")) != NULL)
{
- x_strncat (cfile->inbuf, "secret ", LDAP_BUFFER_SIZE);
- x_strncat (cfile->inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE);
- x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+ x_parser_strcat (cfile, "secret ");
+ x_parser_strcat (cfile, tempbv[0]->bv_val);
+ x_parser_strcat (cfile, ";\n");
ldap_value_free_len (tempbv);
}
if ((tempbv = ldap_get_values_len (ld, item->ldent, "cn")) != NULL)
{
- x_strncat (cfile->inbuf, "zone ", LDAP_BUFFER_SIZE);
- x_strncat (cfile->inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE);
- x_strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE);
+ x_parser_strcat (cfile, "zone ");
+ x_parser_strcat (cfile, tempbv[0]->bv_val);
+ x_parser_strcat (cfile, " {\n");
ldap_value_free_len (tempbv);
}
if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpDnsZoneServer")) != NULL)
{
- x_strncat (cfile->inbuf, "primary ", LDAP_BUFFER_SIZE);
- x_strncat (cfile->inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE);
+ x_parser_strcat (cfile, "primary ");
+ x_parser_strcat (cfile, tempbv[0]->bv_val);
- x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+ x_parser_strcat (cfile, ";\n");
ldap_value_free_len (tempbv);
}
strncpy (keyCn, cnFindStart, len);
keyCn[len] = '\0';
- x_strncat (cfile->inbuf, "key ", LDAP_BUFFER_SIZE);
- x_strncat (cfile->inbuf, keyCn, LDAP_BUFFER_SIZE);
- x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+ x_parser_strcat (cfile, "key ");
+ x_parser_strcat (cfile, keyCn);
+ x_parser_strcat (cfile, ";\n");
dfree (keyCn, MDL);
}
}
+static void
+ldap_parse_failover (struct ldap_config_stack *item, struct parse *cfile)
+{
+ struct berval **tempbv, **peername;
+ struct ifaddrs *addrs = NULL;
+ char srvaddr[2][64] = {"\0", "\0"};
+ int primary, split = 0, match;
+
+ if ((peername = ldap_get_values_len (ld, item->ldent, "cn")) == NULL ||
+ peername[0] == NULL)
+ {
+ if (peername != NULL)
+ ldap_value_free_len (peername);
+
+ // ldap with disabled schema checks? fail to avoid syntax error.
+ log_error("Unable to find mandatory failover peering name attribute");
+ return;
+ }
+
+ /* Get all interface addresses */
+ getifaddrs(&addrs);
+
+ /*
+ ** when dhcpFailOverPrimaryServer or dhcpFailOverSecondaryServer
+ ** matches one of our IP address, the following valiables are set:
+ ** - primary is 1 when we are primary or 0 when we are secondary
+ ** - srvaddr[0] contains ip address of the primary
+ ** - srvaddr[1] contains ip address of the secondary
+ */
+ primary = -1;
+ if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpFailOverPrimaryServer")) != NULL &&
+ tempbv[0] != NULL)
+ {
+ match = get_host_address (tempbv[0]->bv_val, srvaddr[0], sizeof(srvaddr[0]), addrs);
+ if (match >= 0)
+ {
+ /* we are the primary */
+ if (match > 0)
+ primary = 1;
+ }
+ else
+ {
+ log_info("Can't resolve address of the primary failover '%s' server %s",
+ peername[0]->bv_val, tempbv[0]->bv_val);
+ ldap_value_free_len (tempbv);
+ ldap_value_free_len (peername);
+ if (addrs)
+ freeifaddrs(addrs);
+ return;
+ }
+ }
+ if (tempbv != NULL)
+ ldap_value_free_len (tempbv);
+
+ if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpFailOverSecondaryServer")) != NULL &&
+ tempbv[0] != NULL)
+ {
+ match = get_host_address (tempbv[0]->bv_val, srvaddr[1], sizeof(srvaddr[1]), addrs);
+ if (match >= 0)
+ {
+ if (match > 0)
+ {
+ if (primary == 1)
+ {
+ log_info("Both, primary and secondary failover '%s' server"
+ " attributes match our local address", peername[0]->bv_val);
+ ldap_value_free_len (tempbv);
+ ldap_value_free_len (peername);
+ if (addrs)
+ freeifaddrs(addrs);
+ return;
+ }
+
+ /* we are the secondary */
+ primary = 0;
+ }
+ }
+ else
+ {
+ log_info("Can't resolve address of the secondary failover '%s' server %s",
+ peername[0]->bv_val, tempbv[0]->bv_val);
+ ldap_value_free_len (tempbv);
+ ldap_value_free_len (peername);
+ if (addrs)
+ freeifaddrs(addrs);
+ return;
+ }
+ }
+ if (tempbv != NULL)
+ ldap_value_free_len (tempbv);
+
+
+ if (primary == -1 || srvaddr[0] == '\0' || srvaddr[1] == '\0')
+ {
+ log_error("Could not decide if the server type is primary"
+ " or secondary for failover peering '%s'.", peername[0]->bv_val);
+ ldap_value_free_len (peername);
+ if (addrs)
+ freeifaddrs(addrs);
+ return;
+ }
+
+ x_parser_strcat (cfile, "failover peer \"");
+ x_parser_strcat (cfile, peername[0]->bv_val);
+ x_parser_strcat (cfile, "\" {\n");
+
+ if (primary)
+ x_parser_strcat (cfile, "primary;\n");
+ else
+ x_parser_strcat (cfile, "secondary;\n");
+
+ x_parser_strcat (cfile, "address ");
+ if (primary)
+ x_parser_strcat (cfile, srvaddr[0]);
+ else
+ x_parser_strcat (cfile, srvaddr[1]);
+ x_parser_strcat (cfile, ";\n");
+
+ x_parser_strcat (cfile, "peer address ");
+ if (primary)
+ x_parser_strcat (cfile, srvaddr[1]);
+ else
+ x_parser_strcat (cfile, srvaddr[0]);
+ x_parser_strcat (cfile, ";\n");
+
+ if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpFailOverPrimaryPort")) != NULL &&
+ tempbv[0] != NULL)
+ {
+ if (primary)
+ x_parser_strcat (cfile, "port ");
+ else
+ x_parser_strcat (cfile, "peer port ");
+ x_parser_strcat (cfile, tempbv[0]->bv_val);
+ x_parser_strcat (cfile, ";\n");
+ }
+ if (tempbv != NULL)
+ ldap_value_free_len (tempbv);
+
+ if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpFailOverSecondaryPort")) != NULL &&
+ tempbv[0] != NULL)
+ {
+ if (primary)
+ x_parser_strcat (cfile, "peer port ");
+ else
+ x_parser_strcat (cfile, "port ");
+ x_parser_strcat (cfile, tempbv[0]->bv_val);
+ x_parser_strcat (cfile, ";\n");
+ }
+ if (tempbv != NULL)
+ ldap_value_free_len (tempbv);
+
+ if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpFailOverResponseDelay")) != NULL &&
+ tempbv[0] != NULL)
+ {
+ x_parser_strcat (cfile, "max-response-delay ");
+ x_parser_strcat (cfile, tempbv[0]->bv_val);
+ x_parser_strcat (cfile, ";\n");
+ }
+ if (tempbv != NULL)
+ ldap_value_free_len (tempbv);
+
+ if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpFailOverUnackedUpdates")) != NULL &&
+ tempbv[0] != NULL)
+ {
+ x_parser_strcat (cfile, "max-unacked-updates ");
+ x_parser_strcat (cfile, tempbv[0]->bv_val);
+ x_parser_strcat (cfile, ";\n");
+ }
+ if (tempbv != NULL)
+ ldap_value_free_len (tempbv);
+
+ if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpFailOverLoadBalanceTime")) != NULL &&
+ tempbv[0] != NULL)
+ {
+ x_parser_strcat (cfile, "load balance max seconds ");
+ x_parser_strcat (cfile, tempbv[0]->bv_val);
+ x_parser_strcat (cfile, ";\n");
+ }
+ if (tempbv != NULL)
+ ldap_value_free_len (tempbv);
+
+ tempbv = NULL;
+ if (primary &&
+ (tempbv = ldap_get_values_len (ld, item->ldent, "dhcpMaxClientLeadTime")) != NULL &&
+ tempbv[0] != NULL)
+ {
+ x_parser_strcat (cfile, "mclt ");
+ x_parser_strcat (cfile, tempbv[0]->bv_val);
+ x_parser_strcat (cfile, ";\n");
+ }
+ if (tempbv != NULL)
+ ldap_value_free_len (tempbv);
+
+ tempbv = NULL;
+ if (primary &&
+ (tempbv = ldap_get_values_len (ld, item->ldent, "dhcpFailOverSplit")) != NULL &&
+ tempbv[0] != NULL)
+ {
+ x_parser_strcat (cfile, "split ");
+ x_parser_strcat (cfile, tempbv[0]->bv_val);
+ x_parser_strcat (cfile, ";\n");
+ split = 1;
+ }
+ if (tempbv != NULL)
+ ldap_value_free_len (tempbv);
+
+ tempbv = NULL;
+ if (primary && !split &&
+ (tempbv = ldap_get_values_len (ld, item->ldent, "dhcpFailOverHashBucketAssignment")) != NULL &&
+ tempbv[0] != NULL)
+ {
+ x_parser_strcat (cfile, "hba ");
+ x_parser_strcat (cfile, tempbv[0]->bv_val);
+ x_parser_strcat (cfile, ";\n");
+ }
+ if (tempbv != NULL)
+ ldap_value_free_len (tempbv);
+
+ item->close_brace = 1;
+}
+
static void
add_to_config_stack (LDAPMessage * res, LDAPMessage * ent)
{
ldap_stack = ns;
}
-
static void
ldap_stop()
{
{
log_error ("Error: Cannot init LDAPS session to %s:%d: %s",
ldapurl->lud_host, ldapurl->lud_port, ldap_err2string (ret));
+ ldap_free_urldesc(ldapurl);
return ret;
}
else
{
log_error ("Error: Cannot start TLS session to %s:%d: %s",
ldapurl->lud_host, ldapurl->lud_port, ldap_err2string (ret));
+ ldap_free_urldesc(ldapurl);
return ret;
}
else
}
#endif
+#if defined(LDAP_USE_GSSAPI)
+ if (ldap_gssapi_principal != NULL) {
+ krb5_get_tgt(ldap_gssapi_principal, ldap_gssapi_keytab);
+ if ((ret = ldap_sasl_interactive_bind_s(ld, NULL, ldap_sasl_inst->sasl_mech,
+ NULL, NULL, LDAP_SASL_AUTOMATIC,
+ _ldap_sasl_interact, ldap_sasl_inst)
+ ) != LDAP_SUCCESS)
+ {
+ log_error ("Error: Cannot SASL bind to ldap server %s:%d: %s",
+ ldap_server, ldap_port, ldap_err2string (ret));
+ char *msg=NULL;
+ ldap_get_option( ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void*)&msg);
+ log_error ("\tAdditional info: %s", msg);
+ ldap_memfree(msg);
+ ldap_stop();
+ }
- if (ldap_username != NULL || *ldap_username != '\0')
+ ldap_free_urldesc(ldapurl);
+ return ret;
+ }
+#endif
+
+ if (ldap_username != NULL && *ldap_username != '\0' && ldap_password != NULL)
{
who = ldap_username;
creds.bv_val = strdup(ldap_password);
+ if (creds.bv_val == NULL)
+ log_fatal ("Error: Unable to allocate memory to duplicate ldap_password");
+
creds.bv_len = strlen(ldap_password);
- }
- if ((ret = ldap_sasl_bind_s (ld, who, LDAP_SASL_SIMPLE, &creds,
- NULL, NULL, NULL)) != LDAP_SUCCESS)
+ if ((ret = ldap_sasl_bind_s (ld, who, LDAP_SASL_SIMPLE, &creds,
+ NULL, NULL, NULL)) != LDAP_SUCCESS)
+ {
+ log_error ("Error: Cannot login into ldap server %s:%d: %s",
+ ldapurl->lud_host, ldapurl->lud_port, ldap_err2string (ret));
+ }
+
+ if (creds.bv_val)
+ free(creds.bv_val);
+ }
+
+ ldap_free_urldesc(ldapurl);
+ return ret;
+}
+
+static int
+_do_ldap_retry(int ret, const char *server, int port)
+{
+ static int inform = 1;
+
+ if (ldap_enable_retry > 0 && ret == LDAP_SERVER_DOWN && ldap_init_retry > 0)
{
- log_error ("Error: Cannot login into ldap server %s:%d: %s",
- ldapurl->lud_host, ldapurl->lud_port, ldap_err2string (ret));
+ if (inform || (ldap_init_retry % 10) == 0)
+ {
+ inform = 0;
+ log_info ("Can't contact LDAP server %s:%d: retrying for %d sec",
+ server, port, ldap_init_retry);
+ }
+ sleep(1);
+ return ldap_init_retry--;
}
- return ret;
+ return 0;
+}
+
+static struct berval *
+_do_ldap_str2esc_filter_bv(const char *str, ber_len_t len, struct berval *bv_o)
+{
+ struct berval bv_i;
+
+ if (!str || !bv_o || (ber_str2bv(str, len, 0, &bv_i) == NULL) ||
+ (ldap_bv2escaped_filter_value(&bv_i, bv_o) != 0))
+ return NULL;
+ return bv_o;
}
static void
int ret, version;
char *uri = NULL;
struct berval creds;
+#if defined(LDAP_USE_GSSAPI)
+ char *gssapi_realm = NULL;
+ char *gssapi_user = NULL;
+ char *running = NULL;
+ const char *gssapi_delim = "@";
+#endif
if (ld != NULL)
return;
ldap_debug_file = _do_lookup_dhcp_string_option (options,
SV_LDAP_DEBUG_FILE);
ldap_referrals = _do_lookup_dhcp_enum_option (options, SV_LDAP_REFERRALS);
+ ldap_init_retry = _do_lookup_dhcp_int_option (options, SV_LDAP_INIT_RETRY);
#if defined (LDAP_USE_SSL)
ldap_use_ssl = _do_lookup_dhcp_enum_option (options, SV_LDAP_SSL);
}
#endif
+#if defined (LDAP_USE_GSSAPI)
+ ldap_gssapi_principal = _do_lookup_dhcp_string_option (options,
+ SV_LDAP_GSSAPI_PRINCIPAL);
+
+ if (ldap_gssapi_principal == NULL) {
+ log_error("ldap_gssapi_principal is not set,"
+ "GSSAPI Authentication for LDAP will not be used");
+ } else {
+ ldap_gssapi_keytab = _do_lookup_dhcp_string_option (options,
+ SV_LDAP_GSSAPI_KEYTAB);
+ if (ldap_gssapi_keytab == NULL) {
+ log_fatal("ldap_gssapi_keytab must be specified");
+ }
+
+ running = strdup(ldap_gssapi_principal);
+ if (running == NULL)
+ log_fatal("Could not allocate memory to duplicate gssapi principal");
+
+ gssapi_user = strtok(running, gssapi_delim);
+ if (!gssapi_user || strlen(gssapi_user) == 0) {
+ log_fatal ("GSSAPI principal must specify user: user@realm");
+ }
+
+ gssapi_realm = strtok(NULL, gssapi_delim);
+ if (!gssapi_realm || strlen(gssapi_realm) == 0) {
+ log_fatal ("GSSAPI principal must specify realm: user@realm");
+ }
+
+ ldap_sasl_inst = malloc(sizeof(struct ldap_sasl_instance));
+ if (ldap_sasl_inst == NULL)
+ log_fatal("Could not allocate memory for sasl instance! Can not run!");
+
+ ldap_sasl_inst->sasl_mech = ber_strdup("GSSAPI");
+ if (ldap_sasl_inst->sasl_mech == NULL)
+ log_fatal("Could not allocate memory to duplicate gssapi mechanism");
+
+ ldap_sasl_inst->sasl_realm = ber_strdup(gssapi_realm);
+ if (ldap_sasl_inst->sasl_realm == NULL)
+ log_fatal("Could not allocate memory to duplicate gssapi realm");
+
+ ldap_sasl_inst->sasl_authz_id = ber_strdup(gssapi_user);
+ if (ldap_sasl_inst->sasl_authz_id == NULL)
+ log_fatal("Could not allocate memory to duplicate gssapi user");
+
+ ldap_sasl_inst->sasl_authc_id = NULL;
+ ldap_sasl_inst->sasl_password = NULL; //"" before
+ free(running);
+ }
+#endif
+
#if defined (LDAP_CASA_AUTH)
if (!load_uname_pwd_from_miCASA(&ldap_username,&ldap_password))
{
}
else if (ldap_use_ssl != LDAP_SSL_OFF)
{
- if ((ret = ldap_start_tls_s (ld, NULL, NULL)) != LDAP_SUCCESS)
+ do
+ {
+ ret = ldap_start_tls_s (ld, NULL, NULL);
+ }
+ while(_do_ldap_retry(ret, ldap_server, ldap_port) > 0);
+
+ if (ret != LDAP_SUCCESS)
{
log_error ("Error: Cannot start TLS session to %s:%d: %s",
ldap_server, ldap_port, ldap_err2string (ret));
}
#endif
- if (ldap_username != NULL && *ldap_username != '\0')
+#if defined(LDAP_USE_GSSAPI)
+ if (ldap_gssapi_principal != NULL) {
+ krb5_get_tgt(ldap_gssapi_principal, ldap_gssapi_keytab);
+ if ((ret = ldap_sasl_interactive_bind_s(ld, NULL, ldap_sasl_inst->sasl_mech,
+ NULL, NULL, LDAP_SASL_AUTOMATIC,
+ _ldap_sasl_interact, ldap_sasl_inst)
+ ) != LDAP_SUCCESS)
+ {
+ log_error ("Error: Cannot SASL bind to ldap server %s:%d: %s",
+ ldap_server, ldap_port, ldap_err2string (ret));
+ char *msg=NULL;
+ ldap_get_option( ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void*)&msg);
+ log_error ("\tAdditional info: %s", msg);
+ ldap_memfree(msg);
+ ldap_stop();
+ return;
+ }
+ } else
+#endif
+
+ if (ldap_username != NULL && *ldap_username != '\0' && ldap_password != NULL)
{
creds.bv_val = strdup(ldap_password);
+ if (creds.bv_val == NULL)
+ log_fatal ("Error: Unable to allocate memory to duplicate ldap_password");
+
creds.bv_len = strlen(ldap_password);
- if ((ret = ldap_sasl_bind_s (ld, ldap_username, LDAP_SASL_SIMPLE,
- &creds, NULL, NULL, NULL)) != LDAP_SUCCESS)
+ do
+ {
+ ret = ldap_sasl_bind_s (ld, ldap_username, LDAP_SASL_SIMPLE,
+ &creds, NULL, NULL, NULL);
+ }
+ while(_do_ldap_retry(ret, ldap_server, ldap_port) > 0);
+ free(creds.bv_val);
+
+ if (ret != LDAP_SUCCESS)
{
log_error ("Error: Cannot login into ldap server %s:%d: %s",
ldap_server, ldap_port, ldap_err2string (ret));
{
char *search[] = {"dhcpOptionsDN", "dhcpSharedNetworkDN", "dhcpSubnetDN",
"dhcpGroupDN", "dhcpHostDN", "dhcpClassesDN",
- "dhcpPoolDN", NULL};
+ "dhcpPoolDN", "dhcpZoneDN", "dhcpFailOverPeerDN", NULL};
+
+ /* TODO: dhcpKeyDN can't be added. It is referenced in dhcpDnsZone to
+ retrive the key name (cn). Adding keyDN will reflect adding a key
+ declaration inside the zone configuration.
+
+ dhcpSubClassesDN cant be added. It is also similar to the above.
+ Needs schema change.
+ */
LDAPMessage * newres, * newent;
struct berval **tempbv;
int i, j, ret;
}
#if defined (DEBUG_LDAP)
- log_info ("Adding contents of subtree '%s' to config stack from '%s' reference", tempbv[j], search[i]);
+ log_info ("Adding contents of subtree '%s' to config stack from '%s' reference", tempbv[j]->bv_val, search[i]);
#endif
for (newent = ldap_first_entry (ld, newres);
newent != NULL;
if (ldap_stack != NULL && ldap_stack->close_brace)
{
- x_strncat (cfile->inbuf, "}\n", LDAP_BUFFER_SIZE);
+ x_parser_strcat (cfile, "}\n");
ldap_stack->close_brace = 0;
}
while (ldap_stack != NULL &&
- (ldap_stack->ldent == NULL ||
- (ldap_stack->ldent = ldap_next_entry (ld, ldap_stack->ldent)) == NULL))
+ (ldap_stack->ldent == NULL || ( ldap_stack->processed &&
+ (ldap_stack->ldent = ldap_next_entry (ld, ldap_stack->ldent)) == NULL)))
{
if (ldap_stack->close_brace)
{
- x_strncat (cfile->inbuf, "}\n", LDAP_BUFFER_SIZE);
+ x_parser_strcat (cfile, "}\n");
ldap_stack->close_brace = 0;
}
if (ldap_stack != NULL && ldap_stack->close_brace)
{
- x_strncat (cfile->inbuf, "}\n", LDAP_BUFFER_SIZE);
+ x_parser_strcat (cfile, "}\n");
ldap_stack->close_brace = 0;
}
}
static isc_result_t
-ldap_parse_entry_options (LDAPMessage *ent, char *buffer, size_t size,
+ldap_parse_entry_options (LDAPMessage *ent, struct parse *cfile,
int *lease_limit)
{
struct berval **tempbv;
int i;
- if (ent == NULL || buffer == NULL || size == 0)
+ if (ent == NULL || cfile == NULL)
return (ISC_R_FAILURE);
if ((tempbv = ldap_get_values_len (ld, ent, "dhcpStatements")) != NULL)
continue;
}
- x_strncat (buffer, tempbv[i]->bv_val, size);
+ x_parser_strcat (cfile, tempbv[i]->bv_val);
switch((int) check_statement_end (tempbv[i]->bv_val))
{
case '}':
case ';':
- x_strncat (buffer, "\n", size);
+ x_parser_strcat (cfile, "\n");
break;
default:
- x_strncat (buffer, ";\n", size);
+ x_parser_strcat (cfile, ";\n");
break;
}
}
{
for (i=0; tempbv[i] != NULL; i++)
{
- x_strncat (buffer, "option ", size);
- x_strncat (buffer, tempbv[i]->bv_val, size);
+ x_parser_strcat (cfile, "option ");
+ x_parser_strcat (cfile, tempbv[i]->bv_val);
switch ((int) check_statement_end (tempbv[i]->bv_val))
{
case ';':
- x_strncat (buffer, "\n", size);
+ x_parser_strcat (cfile, "\n");
break;
default:
- x_strncat (buffer, ";\n", size);
+ x_parser_strcat (cfile, ";\n");
break;
}
}
struct berval **objectClass;
char *dn;
struct ldap_config_stack *entry;
- LDAPMessage * ent, * res;
+ LDAPMessage * ent, * res, *entfirst, *resfirst;
int i, ignore, found;
- int ret;
+ int ret, parsedn = 1;
+ size_t len = cfile->buflen;
if (ld == NULL)
ldap_start ();
if ((objectClass = ldap_get_values_len (ld, entry->ldent,
"objectClass")) == NULL)
return;
-
+
+ entry->processed = 1;
ignore = 0;
found = 1;
for (i=0; objectClass[i] != NULL; i++)
ldap_parse_class (entry, cfile);
else if (strcasecmp (objectClass[i]->bv_val, "dhcpSubnet") == 0)
ldap_parse_subnet (entry, cfile);
+ else if (strcasecmp (objectClass[i]->bv_val, "dhcpSubnet6") == 0)
+ ldap_parse_subnet6 (entry, cfile);
else if (strcasecmp (objectClass[i]->bv_val, "dhcpPool") == 0)
ldap_parse_pool (entry, cfile);
+ else if (strcasecmp (objectClass[i]->bv_val, "dhcpPool6") == 0)
+ ldap_parse_pool6 (entry, cfile);
else if (strcasecmp (objectClass[i]->bv_val, "dhcpGroup") == 0)
ldap_parse_group (entry, cfile);
else if (strcasecmp (objectClass[i]->bv_val, "dhcpTSigKey") == 0)
ldap_parse_key (entry, cfile);
else if (strcasecmp (objectClass[i]->bv_val, "dhcpDnsZone") == 0)
ldap_parse_zone (entry, cfile);
+ else if (strcasecmp (objectClass[i]->bv_val, "dhcpFailOverPeer") == 0)
+ ldap_parse_failover (entry, cfile);
else if (strcasecmp (objectClass[i]->bv_val, "dhcpHost") == 0)
{
if (ldap_method == LDAP_METHOD_STATIC)
else
found = 0;
- if (found && cfile->inbuf[0] == '\0')
+ if (found && x_parser_length(cfile) <= len)
{
ignore = 1;
break;
return;
}
- ldap_parse_entry_options(entry->ldent, cfile->inbuf,
- LDAP_BUFFER_SIZE-1, NULL);
+ ldap_parse_entry_options(entry->ldent, cfile, NULL);
dn = ldap_get_dn (ld, entry->ldent);
-
+ if (dn == NULL)
+ {
+ ldap_stop();
+ return;
+ }
#if defined(DEBUG_LDAP)
- if (dn != NULL)
- log_info ("Found LDAP entry '%s'", dn);
+ log_info ("Found LDAP entry '%s'", dn);
#endif
- if (dn == NULL ||
- (ret = ldap_search_ext_s (ld, dn, LDAP_SCOPE_ONELEVEL,
- "objectClass=*", NULL, 0, NULL, NULL,
+ if ((ret = ldap_search_ext_s (ld, dn, LDAP_SCOPE_ONELEVEL,
+ "(!(|(|(objectClass=dhcpTSigKey)(objectClass=dhcpClass)) (objectClass=dhcpFailOverPeer)))",
+ NULL, 0, NULL, NULL,
NULL, 0, &res)) != LDAP_SUCCESS)
{
- if (dn)
- ldap_memfree (dn);
+ ldap_memfree (dn);
+
+ ldap_stop();
+ return;
+ }
+
+ if ((ret = ldap_search_ext_s (ld, dn, LDAP_SCOPE_ONELEVEL,
+ "(|(|(objectClass=dhcpTSigKey)(objectClass=dhcpClass)) (objectClass=dhcpFailOverPeer))",
+ NULL, 0, NULL, NULL,
+ NULL, 0, &resfirst)) != LDAP_SUCCESS)
+ {
+ ldap_memfree (dn);
+ ldap_msgfree (res);
ldap_stop();
return;
ldap_memfree (dn);
- if ((ent = ldap_first_entry (ld, res)) != NULL)
+ ent = ldap_first_entry(ld, res);
+ entfirst = ldap_first_entry(ld, resfirst);
+
+ if (ent == NULL && entfirst == NULL)
+ {
+ parse_external_dns (entry->ldent);
+ next_ldap_entry (cfile);
+ }
+
+ if (ent != NULL)
{
add_to_config_stack (res, ent);
parse_external_dns (entry->ldent);
+ parsedn = 0;
}
else
+ ldap_msgfree (res);
+
+ if (entfirst != NULL)
{
- ldap_msgfree (res);
- parse_external_dns (entry->ldent);
- next_ldap_entry (cfile);
+ add_to_config_stack (resfirst, entfirst);
+ if(parsedn)
+ parse_external_dns (entry->ldent);
+
}
+ else
+ ldap_msgfree (resfirst);
}
static int
ldap_read_function (struct parse *cfile)
{
- cfile->inbuf[0] = '\0';
- cfile->buflen = 0;
-
- while (ldap_stack != NULL && *cfile->inbuf == '\0')
+ size_t len;
+
+ /* append when in saved state */
+ if (cfile->saved_state == NULL)
+ {
+ cfile->inbuf[0] = '\0';
+ cfile->bufix = 0;
+ cfile->buflen = 0;
+ }
+ len = cfile->buflen;
+
+ while (ldap_stack != NULL && x_parser_length(cfile) <= len)
ldap_generate_config_string (cfile);
- if (ldap_stack == NULL && *cfile->inbuf == '\0')
+ if (x_parser_length(cfile) <= len && ldap_stack == NULL)
return (EOF);
- cfile->bufix = 1;
- cfile->buflen = strlen (cfile->inbuf) - 1;
- if (cfile->buflen > 0)
- ldap_write_debug (cfile->inbuf, cfile->buflen);
-
+ if (cfile->buflen > len)
+ ldap_write_debug (cfile->inbuf + len, cfile->buflen - len);
#if defined (DEBUG_LDAP)
- log_info ("Sending config line '%s'", cfile->inbuf);
+ log_info ("Sending config portion '%s'", cfile->inbuf + len);
#endif
- return (cfile->inbuf[0]);
+ return (cfile->inbuf[cfile->bufix++]);
}
}
-static int
-getfqhostname(char *fqhost, size_t size)
-{
-#if defined(MAXHOSTNAMELEN)
- char hname[MAXHOSTNAMELEN];
-#else
- char hname[65];
-#endif
- struct hostent *hp;
-
- if(NULL == fqhost || 1 >= size)
- return -1;
-
- memset(hname, 0, sizeof(hname));
- if( gethostname(hname, sizeof(hname)-1))
- return -1;
-
- if(NULL == (hp = gethostbyname(hname)))
- return -1;
-
- strncpy(fqhost, hp->h_name, size-1);
- fqhost[size-1] = '\0';
- return 0;
-}
-
-
isc_result_t
ldap_read_config (void)
{
LDAPMessage * ldres, * hostres, * ent, * hostent;
char hfilter[1024], sfilter[1024], fqdn[257];
- char *buffer, *hostdn;
+ char *hostdn;
ldap_dn_node *curr = NULL;
struct parse *cfile;
struct utsname unme;
size_t length;
int ret, cnt;
struct berval **tempbv = NULL;
+ struct berval bv_o[2];
+
+ cfile = x_parser_init("LDAP");
+ if (cfile == NULL)
+ return (ISC_R_NOMEMORY);
+ ldap_enable_retry = 1;
if (ld == NULL)
ldap_start ();
+ ldap_enable_retry = 0;
+
if (ld == NULL)
- return (ldap_server == NULL ? ISC_R_SUCCESS : ISC_R_FAILURE);
-
- buffer = dmalloc (LDAP_BUFFER_SIZE+1, MDL);
- if (buffer == NULL)
- return (ISC_R_FAILURE);
+ {
+ x_parser_free(&cfile);
+ return (ldap_server == NULL ? ISC_R_SUCCESS : ISC_R_FAILURE);
+ }
- cfile = (struct parse *) NULL;
- res = new_parse (&cfile, -1, buffer, LDAP_BUFFER_SIZE, "LDAP", 0);
- if (res != ISC_R_SUCCESS)
- return (res);
-
uname (&unme);
if (ldap_dhcp_server_cn != NULL)
{
+ if (_do_ldap_str2esc_filter_bv(ldap_dhcp_server_cn, 0, &bv_o[0]) == NULL)
+ {
+ log_error ("Cannot escape ldap filter value %s: %m", ldap_dhcp_server_cn);
+ x_parser_free(&cfile);
+ return (ISC_R_FAILURE);
+ }
+
snprintf (hfilter, sizeof (hfilter),
- "(&(objectClass=dhcpServer)(cn=%s))", ldap_dhcp_server_cn);
- }
- else
- {
- if(0 == getfqhostname(fqdn, sizeof(fqdn)))
- {
- snprintf (hfilter, sizeof (hfilter),
- "(&(objectClass=dhcpServer)(|(cn=%s)(cn=%s)))",
- unme.nodename, fqdn);
+ "(&(objectClass=dhcpServer)(cn=%s))", bv_o[0].bv_val);
+
+ ber_memfree(bv_o[0].bv_val);
}
else
{
- snprintf (hfilter, sizeof (hfilter),
- "(&(objectClass=dhcpServer)(cn=%s))", unme.nodename);
+ if (_do_ldap_str2esc_filter_bv(unme.nodename, 0, &bv_o[0]) == NULL)
+ {
+ log_error ("Cannot escape ldap filter value %s: %m", unme.nodename);
+ x_parser_free(&cfile);
+ return (ISC_R_FAILURE);
+ }
+
+ *fqdn ='\0';
+ if(0 == get_host_entry(fqdn, sizeof(fqdn), NULL, 0))
+ {
+ if (_do_ldap_str2esc_filter_bv(fqdn, 0, &bv_o[1]) == NULL)
+ {
+ log_error ("Cannot escape ldap filter value %s: %m", fqdn);
+ ber_memfree(bv_o[0].bv_val);
+ x_parser_free(&cfile);
+ return (ISC_R_FAILURE);
+ }
+ }
+
+ // If we have fqdn and it isn't the same as nodename, use it in filter
+ // otherwise just use nodename
+ if ((*fqdn) && (strcmp(unme.nodename, fqdn))) {
+ snprintf (hfilter, sizeof (hfilter),
+ "(&(objectClass=dhcpServer)(|(cn=%s)(cn=%s)))",
+ bv_o[0].bv_val, bv_o[1].bv_val);
+
+ ber_memfree(bv_o[1].bv_val);
+ }
+ else
+ {
+ snprintf (hfilter, sizeof (hfilter),
+ "(&(objectClass=dhcpServer)(cn=%s))",
+ bv_o[0].bv_val);
+ }
+
+ ber_memfree(bv_o[0].bv_val);
}
- }
- hostres = NULL;
- if ((ret = ldap_search_ext_s (ld, ldap_base_dn, LDAP_SCOPE_SUBTREE,
+ ldap_enable_retry = 1;
+ do
+ {
+ hostres = NULL;
+ ret = ldap_search_ext_s (ld, ldap_base_dn, LDAP_SCOPE_SUBTREE,
hfilter, NULL, 0, NULL, NULL, NULL, 0,
- &hostres)) != LDAP_SUCCESS)
+ &hostres);
+ }
+ while(_do_ldap_retry(ret, ldap_server, ldap_port) > 0);
+ ldap_enable_retry = 0;
+
+ if(ret != LDAP_SUCCESS)
{
log_error ("Cannot find host LDAP entry %s %s",
- ((ldap_dhcp_server_cn == NULL)?(unme.nodename):(ldap_dhcp_server_cn)), hfilter);
+ ((ldap_dhcp_server_cn == NULL)?(unme.nodename):(ldap_dhcp_server_cn)), hfilter);
if(NULL != hostres)
ldap_msgfree (hostres);
ldap_stop();
+ x_parser_free(&cfile);
return (ISC_R_FAILURE);
}
log_error ("Error: Cannot find LDAP entry matching %s", hfilter);
ldap_msgfree (hostres);
ldap_stop();
+ x_parser_free(&cfile);
return (ISC_R_FAILURE);
}
(tempbv = ldap_get_values_len (ld, hostent, "dhcpServiceDN")) == NULL ||
tempbv[0] == NULL)
{
- log_error ("Error: Cannot find LDAP entry matching %s", hfilter);
+ log_error ("Error: No dhcp service is associated with the server %s %s",
+ (hostdn ? "dn" : "name"), (hostdn ? hostdn :
+ (ldap_dhcp_server_cn ? ldap_dhcp_server_cn : unme.nodename)));
if (tempbv != NULL)
ldap_value_free_len (tempbv);
ldap_memfree (hostdn);
ldap_msgfree (hostres);
ldap_stop();
+ x_parser_free(&cfile);
return (ISC_R_FAILURE);
}
log_info ("LDAP: Parsing dhcpServer options '%s' ...", hostdn);
#endif
- cfile->inbuf[0] = '\0';
- ldap_parse_entry_options(hostent, cfile->inbuf, LDAP_BUFFER_SIZE, NULL);
- cfile->buflen = strlen (cfile->inbuf);
- if(cfile->buflen > 0)
+ res = ldap_parse_entry_options(hostent, cfile, NULL);
+ if (res != ISC_R_SUCCESS)
{
- ldap_write_debug (cfile->inbuf, cfile->buflen);
+ ldap_value_free_len (tempbv);
+ ldap_msgfree (hostres);
+ ldap_memfree (hostdn);
+ ldap_stop();
+ x_parser_free(&cfile);
+ return res;
+ }
+ if (x_parser_length(cfile) > 0)
+ {
res = conf_file_subparse (cfile, root_group, ROOT_GROUP);
if (res != ISC_R_SUCCESS)
{
log_error ("LDAP: cannot parse dhcpServer entry '%s'", hostdn);
+ ldap_value_free_len (tempbv);
+ ldap_msgfree (hostres);
ldap_memfree (hostdn);
ldap_stop();
+ x_parser_free(&cfile);
return res;
}
- cfile->inbuf[0] = '\0';
+ x_parser_reset(cfile);
}
ldap_msgfree (hostres);
- /*
- ** attach ldap (tree) read function now
- */
- cfile->bufix = cfile->buflen = 0;
- cfile->read_function = ldap_read_function;
-
res = ISC_R_SUCCESS;
for (cnt=0; tempbv[cnt] != NULL; cnt++)
{
+
+ if (_do_ldap_str2esc_filter_bv(hostdn, 0, &bv_o[0]) == NULL)
+ {
+ log_error ("Cannot escape ldap filter value %s: %m", hostdn);
+ res = ISC_R_FAILURE;
+ break;
+ }
+
snprintf(sfilter, sizeof(sfilter), "(&(objectClass=dhcpService)"
- "(|(dhcpPrimaryDN=%s)(dhcpSecondaryDN=%s)))",
- hostdn, hostdn);
+ "(|(|(dhcpPrimaryDN=%s)(dhcpSecondaryDN=%s))(dhcpServerDN=%s)))",
+ bv_o[0].bv_val, bv_o[0].bv_val, bv_o[0].bv_val);
+
+ ber_memfree(bv_o[0].bv_val);
+
ldres = NULL;
if ((ret = ldap_search_ext_s (ld, tempbv[cnt]->bv_val, LDAP_SCOPE_BASE,
sfilter, NULL, 0, NULL, NULL, NULL,
if ((ent = ldap_first_entry (ld, ldres)) == NULL)
{
- log_error ("Error: Cannot find dhcpService DN '%s' with primary or secondary server reference. Please update the LDAP server entry '%s'",
+ log_error ("Error: Cannot find dhcpService DN '%s' with server reference. Please update the LDAP server entry '%s'",
tempbv[cnt]->bv_val, hostdn);
ldap_msgfree(ldres);
log_fatal ("no memory to remember ldap service dn");
#if defined (DEBUG_LDAP)
- log_info ("LDAP: Parsing dhcpService DN '%s' ...", tempbv[cnt]);
+ log_info ("LDAP: Parsing dhcpService DN '%s' ...", tempbv[cnt]->bv_val);
#endif
add_to_config_stack (ldres, ent);
res = conf_file_subparse (cfile, root_group, ROOT_GROUP);
}
}
- end_parse (&cfile);
+ x_parser_free(&cfile);
ldap_close_debug_fd();
ldap_memfree (hostdn);
struct class **class)
{
int declaration, lease_limit;
- char option_buffer[8192];
enum dhcp_token token;
struct parse *cfile;
isc_result_t res;
const char *val;
lease_limit = 0;
- *option_buffer = '\0';
-
- /* This block of code will try to find the parent of the host, and
- if it is a group object, fetch the options and apply to the host. */
+ cfile = x_parser_init(type == HOST_DECL ? "LDAP-HOST" : "LDAP-SUBCLASS");
+ if (cfile == NULL)
+ return (lease_limit);
+
+ /* This block of code will try to find the parent of the host, and
+ if it is a group object, fetch the options and apply to the host. */
if (type == HOST_DECL)
{
char *hostdn, *basedn, *temp1, *temp2, filter[1024];
if (temp2 != NULL)
{
- snprintf (filter, sizeof(filter),
- "(&(cn=%.*s)(objectClass=dhcpGroup))",
- (int)(temp2 - temp1), temp1);
+ struct berval bv_o;
+
+ if (_do_ldap_str2esc_filter_bv(temp1, (temp2 - temp1), &bv_o) == NULL)
+ {
+ log_error ("Cannot escape ldap filter value %.*s: %m",
+ (int)(temp2 - temp1), temp1);
+ filter[0] = '\0';
+ }
+ else
+ {
+ snprintf (filter, sizeof(filter),
+ "(&(cn=%s)(objectClass=dhcpGroup))",
+ bv_o.bv_val);
+
+ ber_memfree(bv_o.bv_val);
+ }
basedn = strchr (temp1, ',');
if (basedn != NULL)
++basedn;
}
- if (basedn != NULL && *basedn != '\0')
+ if (basedn != NULL && *basedn != '\0' && filter[0] != '\0')
{
ret = ldap_search_ext_s (ld, basedn, LDAP_SCOPE_SUBTREE, filter,
NULL, 0, NULL, NULL, NULL, 0, &groupdn);
{
if ((entry = ldap_first_entry (ld, groupdn)) != NULL)
{
- res = ldap_parse_entry_options (entry, option_buffer,
- sizeof(option_buffer) - 1,
- &lease_limit);
+ res = ldap_parse_entry_options (entry, cfile, &lease_limit);
if (res != ISC_R_SUCCESS)
{
/* reset option buffer discarding any results */
- *option_buffer = '\0';
+ x_parser_reset(cfile);
lease_limit = 0;
}
}
}
}
- res = ldap_parse_entry_options (ent, option_buffer, sizeof(option_buffer) - 1,
- &lease_limit);
- if (res != ISC_R_SUCCESS)
- return (lease_limit);
-
- option_buffer[sizeof(option_buffer) - 1] = '\0';
- if (*option_buffer == '\0')
- return (lease_limit);
-
- cfile = (struct parse *) NULL;
- res = new_parse (&cfile, -1, option_buffer, strlen (option_buffer),
- type == HOST_DECL ? "LDAP-HOST" : "LDAP-SUBCLASS", 0);
+ res = ldap_parse_entry_options (ent, cfile, &lease_limit);
if (res != ISC_R_SUCCESS)
- return (lease_limit);
+ {
+ x_parser_free(&cfile);
+ return (lease_limit);
+ }
-#if defined (DEBUG_LDAP)
- log_info ("Sending the following options: '%s'", option_buffer);
-#endif
+ if (x_parser_length(cfile) == 0)
+ {
+ x_parser_free(&cfile);
+ return (lease_limit);
+ }
declaration = 0;
do
declaration = parse_statement (cfile, group, type, host, declaration);
} while (1);
- end_parse (&cfile);
+ x_parser_free(&cfile);
return (lease_limit);
}
struct host_decl * host;
isc_result_t status;
ldap_dn_node *curr;
+ char up_hwaddr[20];
+ char lo_hwaddr[20];
int ret;
+ struct berval bv_o[2];
+
+ *hp = NULL;
+
if (ldap_method == LDAP_METHOD_STATIC)
return (0);
** FIXME: It is not guaranteed, that the dhcpHWAddress attribute
** contains _exactly_ "type addr" with one space between!
*/
+ snprintf(lo_hwaddr, sizeof(lo_hwaddr), "%s",
+ print_hw_addr (htype, hlen, haddr));
+ x_strxform(up_hwaddr, lo_hwaddr, sizeof(up_hwaddr), toupper);
+
+ if (_do_ldap_str2esc_filter_bv(lo_hwaddr, 0, &bv_o[0]) == NULL)
+ {
+ log_error ("Cannot escape ldap filter value %s: %m", lo_hwaddr);
+ return (0);
+ }
+ if (_do_ldap_str2esc_filter_bv(up_hwaddr, 0, &bv_o[1]) == NULL)
+ {
+ log_error ("Cannot escape ldap filter value %s: %m", up_hwaddr);
+ ber_memfree(bv_o[0].bv_val);
+ return (0);
+ }
+
snprintf (buf, sizeof (buf),
- "(&(objectClass=dhcpHost)(dhcpHWAddress=%s %s))",
- type_str, print_hw_addr (htype, hlen, haddr));
+ "(&(objectClass=dhcpHost)(|(dhcpHWAddress=%s %s)(dhcpHWAddress=%s %s)))",
+ type_str, bv_o[0].bv_val, type_str, bv_o[1].bv_val);
+
+ ber_memfree(bv_o[0].bv_val);
+ ber_memfree(bv_o[1].bv_val);
res = ent = NULL;
for (curr = ldap_service_dn_head;
if (ret == LDAP_SUCCESS)
{
- if( (ent = ldap_first_entry (ld, res)) != NULL)
- break; /* search OK and have entry */
-
+ ent = ldap_first_entry (ld, res);
#if defined (DEBUG_LDAP)
- log_info ("No host entry for %s in LDAP tree %s",
- buf, curr->dn);
+ if (ent == NULL) {
+ log_info ("No host entry for %s in LDAP tree %s",
+ buf, curr->dn);
+ }
+#endif
+ while (ent != NULL) {
+#if defined (DEBUG_LDAP)
+ char *dn = ldap_get_dn (ld, ent);
+ if (dn != NULL)
+ {
+ log_info ("Found dhcpHWAddress LDAP entry %s", dn);
+ ldap_memfree(dn);
+ }
#endif
+
+ host = (struct host_decl *)0;
+ status = host_allocate (&host, MDL);
+ if (status != ISC_R_SUCCESS)
+ {
+ log_fatal ("can't allocate host decl struct: %s",
+ isc_result_totext (status));
+ ldap_msgfree (res);
+ return (0);
+ }
+
+ host->name = ldap_get_host_name (ent);
+ if (host->name == NULL)
+ {
+ host_dereference (&host, MDL);
+ ldap_msgfree (res);
+ return (0);
+ }
+
+ if (!clone_group (&host->group, root_group, MDL))
+ {
+ log_fatal ("can't clone group for host %s", host->name);
+ host_dereference (&host, MDL);
+ ldap_msgfree (res);
+ return (0);
+ }
+
+ ldap_parse_options (ent, host->group, HOST_DECL, host, NULL);
+
+ host->n_ipaddr = *hp;
+ *hp = host;
+ ent = ldap_next_entry (ld, ent);
+ }
if(res)
{
ldap_msgfree (res);
res = NULL;
}
+ return (*hp != NULL);
}
else
{
}
}
- if (res && ent)
- {
-#if defined (DEBUG_LDAP)
- char *dn = ldap_get_dn (ld, ent);
- if (dn != NULL)
- {
- log_info ("Found dhcpHWAddress LDAP entry %s", dn);
- ldap_memfree(dn);
- }
-#endif
-
- host = (struct host_decl *)0;
- status = host_allocate (&host, MDL);
- if (status != ISC_R_SUCCESS)
- {
- log_fatal ("can't allocate host decl struct: %s",
- isc_result_totext (status));
- ldap_msgfree (res);
- return (0);
- }
-
- host->name = ldap_get_host_name (ent);
- if (host->name == NULL)
- {
- host_dereference (&host, MDL);
- ldap_msgfree (res);
- return (0);
- }
-
- if (!clone_group (&host->group, root_group, MDL))
- {
- log_fatal ("can't clone group for host %s", host->name);
- host_dereference (&host, MDL);
- ldap_msgfree (res);
- return (0);
- }
-
- ldap_parse_options (ent, host->group, HOST_DECL, host, NULL);
-
- *hp = host;
- ldap_msgfree (res);
- return (1);
- }
-
-
- if(res) ldap_msgfree (res);
return (0);
}
int ret, lease_limit;
isc_result_t status;
ldap_dn_node *curr;
- char buf[1024];
+ char buf[2048];
+ struct berval bv_class;
+ struct berval bv_cdata;
+ char *hex_1;
if (ldap_method == LDAP_METHOD_STATIC)
return (0);
if (ld == NULL)
return (0);
+ hex_1 = print_hex_1 (data->len, data->data, 1024);
+ if (*hex_1 == '"')
+ {
+ /* result is a quotted not hex string: ldap escape the original string */
+ if (_do_ldap_str2esc_filter_bv((const char*)data->data, data->len, &bv_cdata) == NULL)
+ {
+ log_error ("Cannot escape ldap filter value %s: %m", hex_1);
+ return (0);
+ }
+ hex_1 = NULL;
+ }
+ if (_do_ldap_str2esc_filter_bv(class->name, strlen (class->name), &bv_class) == NULL)
+ {
+ log_error ("Cannot escape ldap filter value %s: %m", class->name);
+ if (hex_1 == NULL)
+ ber_memfree(bv_cdata.bv_val);
+ return (0);
+ }
+
snprintf (buf, sizeof (buf),
"(&(objectClass=dhcpSubClass)(cn=%s)(dhcpClassData=%s))",
- print_hex_1 (data->len, data->data, 60),
- print_hex_2 (strlen (class->name), (u_int8_t *) class->name, 60));
+ (hex_1 == NULL ? bv_cdata.bv_val : hex_1), bv_class.bv_val);
+
+ if (hex_1 == NULL)
+ ber_memfree(bv_cdata.bv_val);
+ ber_memfree(bv_class.bv_val);
+
#if defined (DEBUG_LDAP)
log_info ("Searching LDAP for %s", buf);
#endif
return (0);
}
+int find_client_in_ldap (struct host_decl **hp, struct packet *packet,
+ struct option_state *state, const char *file, int line)
+{
+ LDAPMessage * res, * ent;
+ ldap_dn_node *curr;
+ struct host_decl * host;
+ isc_result_t status;
+ struct data_string client_id;
+ char buf[1024], buf1[1024];
+ int ret;
+
+ if (ldap_method == LDAP_METHOD_STATIC)
+ return (0);
+
+ if (ld == NULL)
+ ldap_start ();
+ if (ld == NULL)
+ return (0);
+
+ memset(&client_id, 0, sizeof(client_id));
+ if (get_client_id(packet, &client_id) != ISC_R_SUCCESS)
+ return (0);
+ snprintf(buf, sizeof(buf),
+ "(&(objectClass=dhcpHost)(dhcpClientId=%s))",
+ print_hw_addr(0, client_id.len, client_id.data));
+
+ /* log_info ("Searching LDAP for %s (%s)", buf, packet->interface->shared_network->name); */
+
+ res = ent = NULL;
+ for (curr = ldap_service_dn_head;
+ curr != NULL && *curr->dn != '\0';
+ curr = curr->next)
+ {
+ snprintf(buf1, sizeof(buf1), "cn=%s,%s", packet->interface->shared_network->name, curr->dn);
+#if defined (DEBUG_LDAP)
+ log_info ("Searching for %s in LDAP tree %s", buf, buf1);
+#endif
+ ret = ldap_search_ext_s (ld, buf1, LDAP_SCOPE_SUBTREE, buf, NULL, 0,
+ NULL, NULL, NULL, 0, &res);
+
+ if(ret == LDAP_SERVER_DOWN)
+ {
+ log_info ("LDAP server was down, trying to reconnect...");
+
+ ldap_stop();
+ ldap_start();
+
+ if(ld == NULL)
+ {
+ log_info ("LDAP reconnect failed - try again later...");
+ return (0);
+ }
+
+ ret = ldap_search_ext_s (ld, buf1, LDAP_SCOPE_SUBTREE, buf,
+ NULL, 0, NULL, NULL, NULL, 0, &res);
+ }
+
+ if (ret == LDAP_SUCCESS)
+ {
+ if( (ent = ldap_first_entry (ld, res)) != NULL) {
+ log_info ("found entry in search %s", buf1);
+ break; /* search OK and have entry */
+ }
+
+#if defined (DEBUG_LDAP)
+ log_info ("No subclass entry for %s in LDAP tree %s", buf, curr->dn);
+#endif
+ if(res)
+ {
+ ldap_msgfree (res);
+ res = NULL;
+ }
+ }
+ else
+ {
+ if(res)
+ {
+ ldap_msgfree (res);
+ res = NULL;
+ }
+
+ if (ret != LDAP_NO_SUCH_OBJECT && ret != LDAP_SUCCESS)
+ {
+ log_error ("Cannot search for %s in LDAP tree %s: %s", buf,
+ curr->dn, ldap_err2string (ret));
+ ldap_stop();
+ return (0);
+ }
+ else
+ {
+ log_info ("did not find: %s", buf);
+ }
+ }
+ }
+
+ if (res && ent)
+ {
+#if defined (DEBUG_LDAP)
+ log_info ("ldap_get_dn %s", curr->dn);
+ char *dn = ldap_get_dn (ld, ent);
+ if (dn != NULL)
+ {
+ log_info ("Found subclass LDAP entry %s", dn);
+ ldap_memfree(dn);
+ } else {
+ log_info ("DN is null %s", dn);
+ }
+#endif
+
+ host = (struct host_decl *)0;
+ status = host_allocate (&host, MDL);
+ if (status != ISC_R_SUCCESS)
+ {
+ log_fatal ("can't allocate host decl struct: %s",
+ isc_result_totext (status));
+ ldap_msgfree (res);
+ return (0);
+ }
+
+ host->name = ldap_get_host_name (ent);
+ if (host->name == NULL)
+ {
+ host_dereference (&host, MDL);
+ ldap_msgfree (res);
+ return (0);
+ }
+ /* log_info ("Host name %s", host->name); */
+
+ if (!clone_group (&host->group, root_group, MDL))
+ {
+ log_fatal ("can't clone group for host %s", host->name);
+ host_dereference (&host, MDL);
+ ldap_msgfree (res);
+ return (0);
+ }
+
+ ldap_parse_options (ent, host->group, HOST_DECL, host, NULL);
+
+ *hp = host;
+ ldap_msgfree (res);
+ return (1);
+ }
+ else
+ {
+ log_info ("did not find clientid: %s", buf);
+ }
+
+ if(res) ldap_msgfree (res);
+ return (0);
+
+}
+
+#if defined(LDAP_USE_GSSAPI)
+static int
+_ldap_sasl_interact(LDAP *ld, unsigned flags, void *defaults, void *sin)
+{
+ sasl_interact_t *in;
+ struct ldap_sasl_instance *ldap_inst = defaults;
+ int ret = LDAP_OTHER;
+ size_t size;
+
+ if (ld == NULL || sin == NULL)
+ return LDAP_PARAM_ERROR;
+
+ log_info("doing interactive bind");
+ for (in = sin; in != NULL && in->id != SASL_CB_LIST_END; in++) {
+ switch (in->id) {
+ case SASL_CB_USER:
+ log_info("got request for SASL_CB_USER %s", ldap_inst->sasl_authz_id);
+ size = strlen(ldap_inst->sasl_authz_id);
+ in->result = ldap_inst->sasl_authz_id;
+ in->len = size;
+ ret = LDAP_SUCCESS;
+ break;
+ case SASL_CB_GETREALM:
+ log_info("got request for SASL_CB_GETREALM %s", ldap_inst->sasl_realm);
+ size = strlen(ldap_inst->sasl_realm);
+ in->result = ldap_inst->sasl_realm;
+ in->len = size;
+ ret = LDAP_SUCCESS;
+ break;
+ case SASL_CB_AUTHNAME:
+ log_info("got request for SASL_CB_AUTHNAME %s", ldap_inst->sasl_authc_id);
+ size = strlen(ldap_inst->sasl_authc_id);
+ in->result = ldap_inst->sasl_authc_id;
+ in->len = size;
+ ret = LDAP_SUCCESS;
+ break;
+ case SASL_CB_PASS:
+ log_info("got request for SASL_CB_PASS %s", ldap_inst->sasl_password);
+ size = strlen(ldap_inst->sasl_password);
+ in->result = ldap_inst->sasl_password;
+ in->len = size;
+ ret = LDAP_SUCCESS;
+ break;
+ default:
+ goto cleanup;
+ }
+ }
+ return ret;
+
+cleanup:
+ in->result = NULL;
+ in->len = 0;
+ return LDAP_OTHER;
+}
+#endif /* LDAP_USE_GSSAPI */
+
+
#endif
projects / thirdparty / dhcp.git / commitdiff
