dlz_ldap_driver.c revision 5d35a7a2fbcf6bd060b0ce7deb349e427cb59fc1
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews/*
a134177ed9f82189504191d90f3ed9e97c2b47cbTinderbox User * Copyright (C) 2002 Stichting NLnet, Netherlands, stichting@nlnet.nl.
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews *
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * Permission to use, copy, modify, and distribute this software for any
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * purpose with or without fee is hereby granted, provided that the
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * above copyright notice and this permission notice appear in all
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * copies.
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews *
28a8f5b0de57d269cf2845c69cb6abe18cbd3b3aMark Andrews * THE SOFTWARE IS PROVIDED "AS IS" AND STICHTING NLNET
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
00b872e4f76587584a2359e9001e9cf08b195ccfMark Andrews * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * STICHTING NLNET BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * USE OR PERFORMANCE OF THIS SOFTWARE.
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews *
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * The development of Dynamically Loadable Zones (DLZ) for BIND 9 was
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * conceived and contributed by Rob Butler.
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews *
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * Permission to use, copy, modify, and distribute this software for any
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaraman * purpose with or without fee is hereby granted, provided that the
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * above copyright notice and this permission notice appear in all
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * copies.
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews *
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * THE SOFTWARE IS PROVIDED "AS IS" AND ROB BUTLER
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * ROB BUTLER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * USE OR PERFORMANCE OF THIS SOFTWARE.
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews */
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews/*
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * Copyright (C) 1999-2001 Internet Software Consortium.
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews *
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * Permission to use, copy, modify, and distribute this software for any
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * purpose with or without fee is hereby granted, provided that the above
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * copyright notice and this permission notice appear in all copies.
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews *
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews */
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#ifdef DLZ_LDAP
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#include <config.h>
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#include <stdio.h>
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#include <string.h>
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#include <stdlib.h>
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaraman#include <dns/log.h>
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#include <dns/sdlz.h>
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#include <dns/result.h>
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#include <isc/mem.h>
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#include <isc/platform.h>
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#include <isc/print.h>
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#include <isc/result.h>
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#include <isc/string.h>
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#include <isc/util.h>
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#include <named/globals.h>
ad1317338af79edad878c9c3e4361798503310baMark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#include <dlz/sdlz_helper.h>
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#include <dlz/dlz_ldap_driver.h>
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews/*
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * Need older API functions from ldap.h.
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews */
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#define LDAP_DEPRECATED 1
ad1317338af79edad878c9c3e4361798503310baMark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#include <ldap.h>
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#define SIMPLE "simple"
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#define KRB41 "krb41"
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#define KRB42 "krb42"
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#define V2 "v2"
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#define V3 "v3"
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
9a859983d7059a6eb9c877c1d2ac6a3a5b7170f7Evan Huntstatic dns_sdlzimplementation_t *dlz_ldap = NULL;
9a859983d7059a6eb9c877c1d2ac6a3a5b7170f7Evan Hunt
9a859983d7059a6eb9c877c1d2ac6a3a5b7170f7Evan Hunt#define dbc_search_limit 30
9a859983d7059a6eb9c877c1d2ac6a3a5b7170f7Evan Hunt#define ALLNODES 1
9a859983d7059a6eb9c877c1d2ac6a3a5b7170f7Evan Hunt#define ALLOWXFR 2
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#define AUTHORITY 3
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#define FINDZONE 4
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#define LOOKUP 5
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews/*%
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * Structure to hold everthing needed by this "instance" of the LDAP
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * driver remember, the driver code is only loaded once, but may have
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * many separate instances.
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews */
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaraman
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrewstypedef struct {
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#ifdef ISC_PLATFORM_USETHREADS
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews db_list_t *db; /*%< handle to a list of DB */
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#else
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews dbinstance_t *db; /*%< handle to db */
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#endif
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews int method; /*%< security authentication method */
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews char *user; /*%< who is authenticating */
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews char *cred; /*%< password for simple authentication method */
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews int protocol; /*%< LDAP communication protocol version */
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews char *hosts; /*%< LDAP server hosts */
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews} ldap_instance_t;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews/* forward references */
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrewsstatic isc_result_t
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrewsdlz_ldap_findzone(void *driverarg, void *dbdata, const char *name);
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaramanstatic void
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrewsdlz_ldap_destroy(void *driverarg, void *dbdata);
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews/*
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * Private methods
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews */
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews/*% checks that the LDAP URL parameters make sense */
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrewsstatic isc_result_t
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrewsdlz_ldap_checkURL(char *URL, int attrCnt, const char *msg) {
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews isc_result_t result = ISC_R_SUCCESS;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews int ldap_result;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews LDAPURLDesc *ldap_url = NULL;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews if (!ldap_is_ldap_url(URL)) {
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaraman DNS_LOGMODULE_DLZ, ISC_LOG_ERROR,
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews "%s query is not a valid LDAP URL", msg);
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews result = ISC_R_FAILURE;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews goto cleanup;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews }
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews ldap_result = ldap_url_parse(URL, &ldap_url);
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews if (ldap_result != LDAP_SUCCESS || ldap_url == NULL) {
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews DNS_LOGMODULE_DLZ, ISC_LOG_ERROR,
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews "parsing %s query failed", msg);
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews result = ISC_R_FAILURE;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews goto cleanup;
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaraman }
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews if (ldap_count_values(ldap_url->lud_attrs) < attrCnt) {
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews DNS_LOGMODULE_DLZ, ISC_LOG_ERROR,
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews "%s query must specify at least "
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews "%d attributes to return",
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews msg, attrCnt);
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews result = ISC_R_FAILURE;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews goto cleanup;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews }
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews if (ldap_url->lud_host != NULL) {
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews DNS_LOGMODULE_DLZ, ISC_LOG_ERROR,
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews "%s query must not specify a host", msg);
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews result = ISC_R_FAILURE;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews goto cleanup;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews }
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaraman
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews if (ldap_url->lud_port != 389) {
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews DNS_LOGMODULE_DLZ, ISC_LOG_ERROR,
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews "%s query must not specify a port", msg);
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews result = ISC_R_FAILURE;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews goto cleanup;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews }
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews if (ldap_url->lud_dn == NULL || strlen (ldap_url->lud_dn) < 1) {
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews DNS_LOGMODULE_DLZ, ISC_LOG_ERROR,
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews "%s query must specify a search base", msg);
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews result = ISC_R_FAILURE;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews goto cleanup;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews }
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews if (ldap_url->lud_exts != NULL || ldap_url->lud_crit_exts != 0) {
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews DNS_LOGMODULE_DLZ, ISC_LOG_ERROR,
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews "%s uses extensions. "
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews "The driver does not support LDAP extensions.",
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews msg);
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews result = ISC_R_FAILURE;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews goto cleanup;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews }
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews cleanup:
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews if (ldap_url != NULL)
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaraman ldap_free_urldesc(ldap_url);
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews return (result);
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews}
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews/*% Connects / reconnects to LDAP server */
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrewsstatic isc_result_t
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrewsdlz_ldap_connect(ldap_instance_t *dbi, dbinstance_t *dbc) {
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews isc_result_t result;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews int ldap_result;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews /* if we have a connection, get ride of it. */
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaraman if (dbc->dbconn != NULL) {
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews ldap_unbind_s((LDAP *) dbc->dbconn);
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews dbc->dbconn = NULL;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews }
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews /* now connect / reconnect. */
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews /* initialize. */
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews dbc->dbconn = ldap_init(dbi->hosts, LDAP_PORT);
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews if (dbc->dbconn == NULL)
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews return (ISC_R_NOMEMORY);
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews /* set protocol version. */
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaraman ldap_result = ldap_set_option((LDAP *) dbc->dbconn,
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews LDAP_OPT_PROTOCOL_VERSION,
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews &(dbi->protocol));
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews if (ldap_result != LDAP_SUCCESS) {
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews result = ISC_R_NOPERM;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews goto cleanup;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews }
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews /* "bind" to server. i.e. send username / pass */
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews ldap_result = ldap_bind_s((LDAP *) dbc->dbconn, dbi->user,
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaraman dbi->cred, dbi->method);
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews if (ldap_result != LDAP_SUCCESS) {
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews result = ISC_R_FAILURE;
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews goto cleanup;
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews }
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews return (ISC_R_SUCCESS);
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews cleanup:
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews /* cleanup if failure. */
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews if (dbc->dbconn != NULL) {
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews ldap_unbind_s((LDAP *) dbc->dbconn);
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaraman dbc->dbconn = NULL;
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews }
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews return (result);
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews}
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews#ifdef ISC_PLATFORM_USETHREADS
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews
3d17a3ba61a303d5c4d9867068d0fbe9f24d2988Mark Andrews/*%
3d17a3ba61a303d5c4d9867068d0fbe9f24d2988Mark Andrews * Properly cleans up a list of database instances.
3d17a3ba61a303d5c4d9867068d0fbe9f24d2988Mark Andrews * This function is only used when the driver is compiled for
3d17a3ba61a303d5c4d9867068d0fbe9f24d2988Mark Andrews * multithreaded operation.
3d17a3ba61a303d5c4d9867068d0fbe9f24d2988Mark Andrews */
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrewsstatic void
ldap_destroy_dblist(db_list_t *dblist) {
dbinstance_t *ndbi = NULL;
dbinstance_t *dbi = NULL;
/* get the first DBI in the list */
ndbi = ISC_LIST_HEAD(*dblist);
/* loop through the list */
while (ndbi != NULL) {
dbi = ndbi;
/* get the next DBI in the list */
ndbi = ISC_LIST_NEXT(dbi, link);
/* release DB connection */
if (dbi->dbconn != NULL)
ldap_unbind_s((LDAP *) dbi->dbconn);
/* release all memory that comprised a DBI */
destroy_sqldbinstance(dbi);
}
/* release memory for the list structure */
isc_mem_put(ns_g_mctx, dblist, sizeof(db_list_t));
}
/*%
* Loops through the list of DB instances, attempting to lock
* on the mutex. If successful, the DBI is reserved for use
* and the thread can perform queries against the database.
* If the lock fails, the next one in the list is tried.
* looping continues until a lock is obtained, or until
* the list has been searched dbc_search_limit times.
* This function is only used when the driver is compiled for
* multithreaded operation.
*/
static dbinstance_t *
ldap_find_avail_conn(db_list_t *dblist) {
dbinstance_t *dbi = NULL;
dbinstance_t *head;
int count = 0;
/* get top of list */
head = dbi = ISC_LIST_HEAD(*dblist);
/* loop through list */
while (count < dbc_search_limit) {
/* try to lock on the mutex */
if (isc_mutex_trylock(&dbi->instance_lock) == ISC_R_SUCCESS)
return (dbi); /* success, return the DBI for use. */
/* not successful, keep trying */
dbi = ISC_LIST_NEXT(dbi, link);
/* check to see if we have gone to the top of the list. */
if (dbi == NULL) {
count++;
dbi = head;
}
}
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_INFO,
"LDAP driver unable to find available connection "
"after searching %d times",
count);
return (NULL);
}
#endif /* ISC_PLATFORM_USETHREADS */
static isc_result_t
ldap_process_results(LDAP *dbc, LDAPMessage *msg, char ** attrs,
void *ptr, isc_boolean_t allnodes)
{
isc_result_t result = ISC_R_SUCCESS;
int i = 0;
int j;
int len;
char *attribute = NULL;
LDAPMessage *entry;
char *endp = NULL;
char *host = NULL;
char *type = NULL;
char *data = NULL;
char **vals = NULL;
int ttl;
/* make sure there are at least some attributes to process. */
REQUIRE(attrs != NULL || attrs[0] != NULL);
/* get the first entry to process */
entry = ldap_first_entry(dbc, msg);
if (entry == NULL) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_INFO,
"LDAP no entries to process.");
return (ISC_R_FAILURE);
}
/* loop through all entries returned */
while (entry != NULL) {
/* reset for this loop */
ttl = 0;
len = 0;
i = 0;
attribute = attrs[i];
/* determine how much space we need for data string */
for (j = 0; attrs[j] != NULL; j++) {
/* get the list of values for this attribute. */
vals = ldap_get_values(dbc, entry, attrs[j]);
/* skip empty attributes. */
if (vals == NULL || ldap_count_values(vals) < 1)
continue;
/*
* we only use the first value. this driver
* does not support multi-valued attributes.
*/
len = len + strlen(vals[0]) + 1;
/* free vals for next loop */
ldap_value_free(vals);
} /* end for (j = 0; attrs[j] != NULL, j++) loop */
/* allocate memory for data string */
data = isc_mem_allocate(ns_g_mctx, len + 1);
if (data == NULL) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_ERROR,
"LDAP driver unable to allocate memory "
"while processing results");
result = ISC_R_FAILURE;
goto cleanup;
}
/*
* Make sure data is null termed at the beginning so
* we can check if any data was stored to it later.
*/
data[0] = '\0';
/* reset j to re-use below */
j = 0;
/* loop through the attributes in the order specified. */
while (attribute != NULL) {
/* get the list of values for this attribute. */
vals = ldap_get_values(dbc, entry, attribute);
/* skip empty attributes. */
if (vals == NULL || vals[0] == NULL) {
/* increment attibute pointer */
attribute = attrs[++i];
/* start loop over */
continue;
}
/*
* j initially = 0. Increment j each time we
* set a field that way next loop will set
* next field.
*/
switch(j) {
case 0:
j++;
/*
* convert text to int, make sure it
* worked right
*/
ttl = strtol(vals[0], &endp, 10);
if (*endp != '\0' || ttl < 0) {
isc_log_write(dns_lctx,
DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ,
ISC_LOG_ERROR,
"LDAP driver ttl must "
"be a postive number");
goto cleanup;
}
break;
case 1:
j++;
type = isc_mem_strdup(ns_g_mctx, vals[0]);
break;
case 2:
j++;
if (allnodes == isc_boolean_true) {
host = isc_mem_strdup(ns_g_mctx,
vals[0]);
} else {
strcpy(data, vals[0]);
}
break;
case 3:
j++;
if (allnodes == isc_boolean_true) {
strcpy(data, vals[0]);
} else {
strcat(data, " ");
strcat(data, vals[0]);
}
break;
default:
strcat(data, " ");
strcat(data, vals[0]);
break;
} /* end switch(j) */
/* free values */
ldap_value_free(vals);
vals = NULL;
/* increment attibute pointer */
attribute = attrs[++i];
} /* end while (attribute != NULL) */
if (type == NULL) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_ERROR,
"LDAP driver unable "
"to retrieve DNS type");
result = ISC_R_FAILURE;
goto cleanup;
}
if (strlen(data) < 1) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_ERROR,
"LDAP driver unable "
"to retrieve DNS data");
result = ISC_R_FAILURE;
goto cleanup;
}
if (allnodes == isc_boolean_true) {
if (strcasecmp(host, "~") == 0)
result = dns_sdlz_putnamedrr(
(dns_sdlzallnodes_t *) ptr,
"*", type, ttl, data);
else
result = dns_sdlz_putnamedrr(
(dns_sdlzallnodes_t *) ptr,
host, type, ttl, data);
if (result != ISC_R_SUCCESS)
isc_log_write(dns_lctx,
DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_ERROR,
"dlz-ldap: putnamedrr failed "
"for \"%s %s %u %s\", %s",
host, type, ttl, data,
isc_result_totext(result));
} else {
result = dns_sdlz_putrr((dns_sdlzlookup_t *) ptr,
type, ttl, data);
if (result != ISC_R_SUCCESS)
isc_log_write(dns_lctx,
DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_ERROR,
"dlz-ldap: putrr failed "
"for \"%s %u %s\", %s",
type, ttl, data,
isc_result_totext(result));
}
if (result != ISC_R_SUCCESS) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_ERROR,
"LDAP driver failed "
"while sending data to BIND.");
goto cleanup;
}
/* free memory for type, data and host for next loop */
isc_mem_free(ns_g_mctx, type);
isc_mem_free(ns_g_mctx, data);
if (host != NULL)
isc_mem_free(ns_g_mctx, host);
/* get the next entry to process */
entry = ldap_next_entry(dbc, entry);
} /* end while (entry != NULL) */
cleanup:
/* de-allocate memory */
if (vals != NULL)
ldap_value_free(vals);
if (host != NULL)
isc_mem_free(ns_g_mctx, host);
if (type != NULL)
isc_mem_free(ns_g_mctx, type);
if (data != NULL)
isc_mem_free(ns_g_mctx, data);
return (result);
}
/*%
* This function is the real core of the driver. Zone, record
* and client strings are passed in (or NULL is passed if the
* string is not available). The type of query we want to run
* is indicated by the query flag, and the dbdata object is passed
* passed in to. dbdata really holds either:
* 1) a list of database instances (in multithreaded mode) OR
* 2) a single database instance (in single threaded mode)
* The function will construct the query and obtain an available
* database instance (DBI). It will then run the query and hopefully
* obtain a result set.
*/
static isc_result_t
ldap_get_results(const char *zone, const char *record,
const char *client, unsigned int query,
void *dbdata, void *ptr)
{
isc_result_t result;
dbinstance_t *dbi = NULL;
char *querystring = NULL;
LDAPURLDesc *ldap_url = NULL;
int ldap_result = 0;
LDAPMessage *ldap_msg = NULL;
int i;
int entries;
/* get db instance / connection */
#ifdef ISC_PLATFORM_USETHREADS
/* find an available DBI from the list */
dbi = ldap_find_avail_conn((db_list_t *)
((ldap_instance_t *)dbdata)->db);
#else /* ISC_PLATFORM_USETHREADS */
/*
* only 1 DBI - no need to lock instance lock either
* only 1 thread in the whole process, no possible contention.
*/
dbi = (dbinstance_t *) ((ldap_instance_t *)dbdata)->db;
#endif /* ISC_PLATFORM_USETHREADS */
/* if DBI is null, can't do anything else */
if (dbi == NULL)
return (ISC_R_FAILURE);
/* set fields */
if (zone != NULL) {
dbi->zone = isc_mem_strdup(ns_g_mctx, zone);
if (dbi->zone == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup;
}
} else {
dbi->zone = NULL;
}
if (record != NULL) {
dbi->record = isc_mem_strdup(ns_g_mctx, record);
if (dbi->record == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup;
}
} else {
dbi->record = NULL;
}
if (client != NULL) {
dbi->client = isc_mem_strdup(ns_g_mctx, client);
if (dbi->client == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup;
}
} else {
dbi->client = NULL;
}
/* what type of query are we going to run? */
switch(query) {
case ALLNODES:
/*
* if the query was not passed in from the config file
* then we can't run it. return not_implemented, so
* it's like the code for that operation was never
* built into the driver.... AHHH flexibility!!!
*/
if (dbi->allnodes_q == NULL) {
result = ISC_R_NOTIMPLEMENTED;
goto cleanup;
} else {
querystring = build_querystring(ns_g_mctx,
dbi->allnodes_q);
}
break;
case ALLOWXFR:
/* same as comments as ALLNODES */
if (dbi->allowxfr_q == NULL) {
result = ISC_R_NOTIMPLEMENTED;
goto cleanup;
} else {
querystring = build_querystring(ns_g_mctx,
dbi->allowxfr_q);
}
break;
case AUTHORITY:
/* same as comments as ALLNODES */
if (dbi->authority_q == NULL) {
result = ISC_R_NOTIMPLEMENTED;
goto cleanup;
} else {
querystring = build_querystring(ns_g_mctx,
dbi->authority_q);
}
break;
case FINDZONE:
/* this is required. It's the whole point of DLZ! */
if (dbi->findzone_q == NULL) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_DEBUG(2),
"No query specified for findzone. "
"Findzone requires a query");
result = ISC_R_FAILURE;
goto cleanup;
} else {
querystring = build_querystring(ns_g_mctx,
dbi->findzone_q);
}
break;
case LOOKUP:
/* this is required. It's also a major point of DLZ! */
if (dbi->lookup_q == NULL) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_DEBUG(2),
"No query specified for lookup. "
"Lookup requires a query");
result = ISC_R_FAILURE;
goto cleanup;
} else {
querystring = build_querystring(ns_g_mctx,
dbi->lookup_q);
}
break;
default:
/*
* this should never happen. If it does, the code is
* screwed up!
*/
UNEXPECTED_ERROR(__FILE__, __LINE__,
"Incorrect query flag passed to "
"ldap_get_results");
result = ISC_R_UNEXPECTED;
goto cleanup;
}
/* if the querystring is null, Bummer, outta RAM. UPGRADE TIME!!! */
if (querystring == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup;
}
/*
* output the full query string during debug so we can see
* what lame error the query has.
*/
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_DEBUG(1),
"\nQuery String: %s\n", querystring);
/* break URL down into it's component parts, if error cleanup */
ldap_result = ldap_url_parse(querystring, &ldap_url);
if (ldap_result != LDAP_SUCCESS || ldap_url == NULL) {
result = ISC_R_FAILURE;
goto cleanup;
}
for (i = 0; i < 3; i++) {
/*
* dbi->dbconn may be null if trying to reconnect on a
* previous query failed.
*/
if (dbi->dbconn == NULL) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_INFO,
"LDAP driver attempting to re-connect");
result = dlz_ldap_connect((ldap_instance_t *) dbdata,
dbi);
if (result != ISC_R_SUCCESS) {
result = ISC_R_FAILURE;
continue;
}
}
/* perform ldap search syncronously */
ldap_result = ldap_search_s((LDAP *) dbi->dbconn,
ldap_url->lud_dn,
ldap_url->lud_scope,
ldap_url->lud_filter,
ldap_url->lud_attrs, 0, &ldap_msg);
/*
* check return code. No such object is ok, just
* didn't find what we wanted
*/
switch(ldap_result) {
case LDAP_NO_SUCH_OBJECT:
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_DEBUG(1),
"No object found matching "
"query requirements");
result = ISC_R_NOTFOUND;
goto cleanup;
break;
case LDAP_SUCCESS: /* on success do nothing */
result = ISC_R_SUCCESS;
i = 3;
break;
case LDAP_SERVER_DOWN:
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_INFO,
"LDAP driver attempting to re-connect");
result = dlz_ldap_connect((ldap_instance_t *) dbdata,
dbi);
if (result != ISC_R_SUCCESS)
result = ISC_R_FAILURE;
break;
default:
/*
* other errors not ok. Log error message and
* get out
*/
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_ERROR,
"LDAP error: %s",
ldap_err2string(ldap_result));
result = ISC_R_FAILURE;
goto cleanup;
break;
} /* close switch(ldap_result) */
} /* end for (int i = 0 i < 3; i++) */
if (result != ISC_R_SUCCESS)
goto cleanup;
switch(query) {
case ALLNODES:
result = ldap_process_results((LDAP *) dbi->dbconn, ldap_msg,
ldap_url->lud_attrs,
ptr, isc_boolean_true);
break;
case AUTHORITY:
case LOOKUP:
result = ldap_process_results((LDAP *) dbi->dbconn, ldap_msg,
ldap_url->lud_attrs,
ptr, isc_boolean_false);
break;
case ALLOWXFR:
entries = ldap_count_entries((LDAP *) dbi->dbconn, ldap_msg);
if (entries == 0)
result = ISC_R_NOPERM;
else if (entries > 0)
result = ISC_R_SUCCESS;
else
result = ISC_R_FAILURE;
break;
case FINDZONE:
entries = ldap_count_entries((LDAP *) dbi->dbconn, ldap_msg);
if (entries == 0)
result = ISC_R_NOTFOUND;
else if (entries > 0)
result = ISC_R_SUCCESS;
else
result = ISC_R_FAILURE;
break;
default:
/*
* this should never happen. If it does, the code is
* screwed up!
*/
UNEXPECTED_ERROR(__FILE__, __LINE__,
"Incorrect query flag passed to "
"ldap_get_results");
result = ISC_R_UNEXPECTED;
}
cleanup:
/* it's always good to cleanup after yourself */
/* if we retrieved results, free them */
if (ldap_msg != NULL)
ldap_msgfree(ldap_msg);
if (ldap_url != NULL)
ldap_free_urldesc(ldap_url);
/* cleanup */
if (dbi->zone != NULL)
isc_mem_free(ns_g_mctx, dbi->zone);
if (dbi->record != NULL)
isc_mem_free(ns_g_mctx, dbi->record);
if (dbi->client != NULL)
isc_mem_free(ns_g_mctx, dbi->client);
#ifdef ISC_PLATFORM_USETHREADS
/* release the lock so another thread can use this dbi */
isc_mutex_unlock(&dbi->instance_lock);
#endif /* ISC_PLATFORM_USETHREADS */
/* release query string */
if (querystring != NULL)
isc_mem_free(ns_g_mctx, querystring );
/* return result */
return (result);
}
/*
* DLZ methods
*/
static isc_result_t
dlz_ldap_allowzonexfr(void *driverarg, void *dbdata, const char *name,
const char *client)
{
isc_result_t result;
UNUSED(driverarg);
/* check to see if we are authoritative for the zone first */
result = dlz_ldap_findzone(driverarg, dbdata, name);
if (result != ISC_R_SUCCESS) {
return (result);
}
/* get all the zone data */
result = ldap_get_results(name, NULL, client, ALLOWXFR, dbdata, NULL);
return (result);
}
static isc_result_t
dlz_ldap_allnodes(const char *zone, void *driverarg, void *dbdata,
dns_sdlzallnodes_t *allnodes)
{
UNUSED(driverarg);
return (ldap_get_results(zone, NULL, NULL, ALLNODES, dbdata, allnodes));
}
static isc_result_t
dlz_ldap_authority(const char *zone, void *driverarg, void *dbdata,
dns_sdlzlookup_t *lookup)
{
UNUSED(driverarg);
return (ldap_get_results(zone, NULL, NULL, AUTHORITY, dbdata, lookup));
}
static isc_result_t
dlz_ldap_findzone(void *driverarg, void *dbdata, const char *name) {
UNUSED(driverarg);
return (ldap_get_results(name, NULL, NULL, FINDZONE, dbdata, NULL));
}
static isc_result_t
dlz_ldap_lookup(const char *zone, const char *name, void *driverarg,
void *dbdata, dns_sdlzlookup_t *lookup)
{
isc_result_t result;
UNUSED(driverarg);
if (strcmp(name, "*") == 0)
result = ldap_get_results(zone, "~", NULL, LOOKUP,
dbdata, lookup);
else
result = ldap_get_results(zone, name, NULL, LOOKUP,
dbdata, lookup);
return (result);
}
static isc_result_t
dlz_ldap_create(const char *dlzname, unsigned int argc, char *argv[],
void *driverarg, void **dbdata)
{
isc_result_t result;
ldap_instance_t *ldap_inst = NULL;
dbinstance_t *dbi = NULL;
int protocol;
int method;
#ifdef ISC_PLATFORM_USETHREADS
/* if multi-threaded, we need a few extra variables. */
int dbcount;
char *endp;
/* db_list_t *dblist = NULL; */
int i;
#endif /* ISC_PLATFORM_USETHREADS */
UNUSED(dlzname);
UNUSED(driverarg);
#ifdef ISC_PLATFORM_USETHREADS
/* if debugging, let user know we are multithreaded. */
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_DEBUG(1),
"LDAP driver running multithreaded");
#else /* ISC_PLATFORM_USETHREADS */
/* if debugging, let user know we are single threaded. */
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_DEBUG(1),
"LDAP driver running single threaded");
#endif /* ISC_PLATFORM_USETHREADS */
if (argc < 9) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_ERROR,
"LDAP driver requires at least "
"8 command line args.");
return (ISC_R_FAILURE);
}
/* no more than 13 arg's should be passed to the driver */
if (argc > 12) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_ERROR,
"LDAP driver cannot accept more than "
"11 command line args.");
return (ISC_R_FAILURE);
}
/* determine protocol version. */
if (strncasecmp(argv[2], V2, strlen(V2)) == 0) {
protocol = 2;
} else if (strncasecmp(argv[2], V3, strlen(V3)) == 0) {
protocol = 3;
} else {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_ERROR,
"LDAP driver protocol must be either %s or %s",
V2, V3);
return (ISC_R_FAILURE);
}
/* determine connection method. */
if (strncasecmp(argv[3], SIMPLE, strlen(SIMPLE)) == 0) {
method = LDAP_AUTH_SIMPLE;
} else if (strncasecmp(argv[3], KRB41, strlen(KRB41)) == 0) {
method = LDAP_AUTH_KRBV41;
} else if (strncasecmp(argv[3], KRB42, strlen(KRB42)) == 0) {
method = LDAP_AUTH_KRBV42;
} else {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_ERROR,
"LDAP driver authentication method must be "
"one of %s, %s or %s",
SIMPLE, KRB41, KRB42);
return (ISC_R_FAILURE);
}
/* multithreaded build can have multiple DB connections */
#ifdef ISC_PLATFORM_USETHREADS
/* check how many db connections we should create */
dbcount = strtol(argv[1], &endp, 10);
if (*endp != '\0' || dbcount < 0) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_ERROR,
"LDAP driver database connection count "
"must be positive.");
return (ISC_R_FAILURE);
}
#endif
/* check that LDAP URL parameters make sense */
switch(argc) {
case 12:
result = dlz_ldap_checkURL(argv[11], 0, "allow zone transfer");
if (result != ISC_R_SUCCESS)
return (result);
case 11:
result = dlz_ldap_checkURL(argv[10], 3, "all nodes");
if (result != ISC_R_SUCCESS)
return (result);
case 10:
if (strlen(argv[9]) > 0) {
result = dlz_ldap_checkURL(argv[9], 3, "authority");
if (result != ISC_R_SUCCESS)
return (result);
}
case 9:
result = dlz_ldap_checkURL(argv[8], 3, "lookup");
if (result != ISC_R_SUCCESS)
return (result);
result = dlz_ldap_checkURL(argv[7], 0, "find zone");
if (result != ISC_R_SUCCESS)
return (result);
break;
default:
/* not really needed, should shut up compiler. */
result = ISC_R_FAILURE;
}
/* allocate memory for LDAP instance */
ldap_inst = isc_mem_get(ns_g_mctx, sizeof(ldap_instance_t));
if (ldap_inst == NULL)
return (ISC_R_NOMEMORY);
memset(ldap_inst, 0, sizeof(ldap_instance_t));
/* store info needed to automatically re-connect. */
ldap_inst->protocol = protocol;
ldap_inst->method = method;
ldap_inst->hosts = isc_mem_strdup(ns_g_mctx, argv[6]);
if (ldap_inst->hosts == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup;
}
ldap_inst->user = isc_mem_strdup(ns_g_mctx, argv[4]);
if (ldap_inst->user == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup;
}
ldap_inst->cred = isc_mem_strdup(ns_g_mctx, argv[5]);
if (ldap_inst->cred == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup;
}
#ifdef ISC_PLATFORM_USETHREADS
/* allocate memory for database connection list */
ldap_inst->db = isc_mem_get(ns_g_mctx, sizeof(db_list_t));
if (ldap_inst->db == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup;
}
/* initialize DB connection list */
ISC_LIST_INIT(*(ldap_inst->db));
/*
* create the appropriate number of database instances (DBI)
* append each new DBI to the end of the list
*/
for (i = 0; i < dbcount; i++) {
#endif /* ISC_PLATFORM_USETHREADS */
/* how many queries were passed in from config file? */
switch(argc) {
case 9:
result = build_sqldbinstance(ns_g_mctx, NULL, NULL,
NULL, argv[7], argv[8],
NULL, &dbi);
break;
case 10:
result = build_sqldbinstance(ns_g_mctx, NULL, NULL,
argv[9], argv[7], argv[8],
NULL, &dbi);
break;
case 11:
result = build_sqldbinstance(ns_g_mctx, argv[10], NULL,
argv[9], argv[7], argv[8],
NULL, &dbi);
break;
case 12:
result = build_sqldbinstance(ns_g_mctx, argv[10],
argv[11], argv[9],
argv[7], argv[8],
NULL, &dbi);
break;
default:
/* not really needed, should shut up compiler. */
result = ISC_R_FAILURE;
}
if (result == ISC_R_SUCCESS) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_DEBUG(2),
"LDAP driver created "
"database instance object.");
} else { /* unsuccessful?, log err msg and cleanup. */
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_ERROR,
"LDAP driver could not create "
"database instance object.");
goto cleanup;
}
#ifdef ISC_PLATFORM_USETHREADS
/* when multithreaded, build a list of DBI's */
ISC_LINK_INIT(dbi, link);
ISC_LIST_APPEND(*(ldap_inst->db), dbi, link);
#else
/*
* when single threaded, hold onto the one connection
* instance.
*/
ldap_inst->db = dbi;
#endif
/* attempt to connect */
result = dlz_ldap_connect(ldap_inst, dbi);
/*
* if db connection cannot be created, log err msg and
* cleanup.
*/
switch(result) {
/* success, do nothing */
case ISC_R_SUCCESS:
break;
/*
* no memory means ldap_init could not
* allocate memory
*/
case ISC_R_NOMEMORY:
#ifdef ISC_PLATFORM_USETHREADS
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_ERROR,
"LDAP driver could not allocate memory "
"for connection number %u",
i+1);
#else
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_ERROR,
"LDAP driver could not allocate memory "
"for connection");
#endif
goto cleanup;
break;
/*
* no perm means ldap_set_option could not set
* protocol version
*/
case ISC_R_NOPERM:
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_ERROR,
"LDAP driver could not "
"set protocol version.");
result = ISC_R_FAILURE;
goto cleanup;
break;
/* failure means couldn't connect to ldap server */
case ISC_R_FAILURE:
#ifdef ISC_PLATFORM_USETHREADS
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_ERROR,
"LDAP driver could not "
"bind connection number %u to server.",
i+1);
#else
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_ERROR,
"LDAP driver could not "
"bind connection to server.");
#endif
goto cleanup;
break;
/*
* default should never happen. If it does,
* major errors.
*/
default:
UNEXPECTED_ERROR(__FILE__, __LINE__,
"dlz_ldap_create() failed: %s",
isc_result_totext(result));
result = ISC_R_UNEXPECTED;
goto cleanup;
break;
} /* end switch(result) */
#ifdef ISC_PLATFORM_USETHREADS
/* set DBI = null for next loop through. */
dbi = NULL;
} /* end for loop */
#endif /* ISC_PLATFORM_USETHREADS */
/* set dbdata to the ldap_instance we created. */
*dbdata = ldap_inst;
/* hey, we got through all of that ok, return success. */
return(ISC_R_SUCCESS);
cleanup:
dlz_ldap_destroy(NULL, ldap_inst);
return(ISC_R_FAILURE);
}
void
dlz_ldap_destroy(void *driverarg, void *dbdata) {
UNUSED(driverarg);
if (dbdata != NULL) {
#ifdef ISC_PLATFORM_USETHREADS
/* cleanup the list of DBI's */
ldap_destroy_dblist((db_list_t *)
((ldap_instance_t *)dbdata)->db);
#else /* ISC_PLATFORM_USETHREADS */
if (((ldap_instance_t *)dbdata)->db->dbconn != NULL)
ldap_unbind_s((LDAP *)
((ldap_instance_t *)dbdata)->db->dbconn);
/* destroy single DB instance */
destroy_sqldbinstance(((ldap_instance_t *)dbdata)->db);
#endif /* ISC_PLATFORM_USETHREADS */
if (((ldap_instance_t *)dbdata)->hosts != NULL)
isc_mem_free(ns_g_mctx,
((ldap_instance_t *)dbdata)->hosts);
if (((ldap_instance_t *)dbdata)->user != NULL)
isc_mem_free(ns_g_mctx,
((ldap_instance_t *)dbdata)->user);
if (((ldap_instance_t *)dbdata)->cred != NULL)
isc_mem_free(ns_g_mctx,
((ldap_instance_t *)dbdata)->cred);
isc_mem_put(ns_g_mctx, dbdata, sizeof(ldap_instance_t));
}
}
static dns_sdlzmethods_t dlz_ldap_methods = {
dlz_ldap_create,
dlz_ldap_destroy,
dlz_ldap_findzone,
dlz_ldap_lookup,
dlz_ldap_authority,
dlz_ldap_allnodes,
dlz_ldap_allowzonexfr,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
};
/*%
* Wrapper around dns_sdlzregister().
*/
isc_result_t
dlz_ldap_init(void) {
isc_result_t result;
/*
* Write debugging message to log
*/
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_DEBUG(2),
"Registering DLZ ldap driver.");
result = dns_sdlzregister("ldap", &dlz_ldap_methods, NULL,
DNS_SDLZFLAG_RELATIVEOWNER |
DNS_SDLZFLAG_RELATIVERDATA,
ns_g_mctx, &dlz_ldap);
if (result != ISC_R_SUCCESS) {
UNEXPECTED_ERROR(__FILE__, __LINE__,
"dns_sdlzregister() failed: %s",
isc_result_totext(result));
result = ISC_R_UNEXPECTED;
}
return (result);
}
/*%
* Wrapper around dns_sdlzunregister().
*/
void
dlz_ldap_clear(void) {
/*
* Write debugging message to log
*/
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_DEBUG(2),
"Unregistering DLZ ldap driver.");
if (dlz_ldap != NULL)
dns_sdlzunregister(&dlz_ldap);
}
#endif