72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * Copyright (C) 2002 Stichting NLnet, Netherlands, stichting@nlnet.nl.
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * Permission to use, copy, modify, and distribute this software for any
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * purpose with or without fee is hereby granted, provided that the
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * above copyright notice and this permission notice appear in all
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * THE SOFTWARE IS PROVIDED "AS IS" AND STICHTING NLNET
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * STICHTING NLNET BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * USE OR PERFORMANCE OF THIS SOFTWARE.
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * The development of Dynamically Loadable Zones (DLZ) for BIND 9 was
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * conceived and contributed by Rob Butler.
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * Permission to use, copy, modify, and distribute this software for any
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * purpose with or without fee is hereby granted, provided that the
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * above copyright notice and this permission notice appear in all
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * THE SOFTWARE IS PROVIDED "AS IS" AND ROB BUTLER
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * ROB BUTLER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * USE OR PERFORMANCE OF THIS SOFTWARE.
02d54949f0f1db4729e14c3322b207f58d2578a4Mark Andrews * Copyright (C) 1999-2001, 2013, 2016 Internet Systems Consortium, Inc. ("ISC")
02d54949f0f1db4729e14c3322b207f58d2578a4Mark Andrews * This Source Code Form is subject to the terms of the Mozilla Public
02d54949f0f1db4729e14c3322b207f58d2578a4Mark Andrews * License, v. 2.0. If a copy of the MPL was not distributed with this
02d54949f0f1db4729e14c3322b207f58d2578a4Mark Andrews * file, You can obtain one at http://mozilla.org/MPL/2.0/.
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * This provides the externally loadable ldap DLZ module, without
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * update support
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * Need older API functions from ldap.h.
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * Structure to hold everthing needed by this "instance" of the LDAP
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * driver remember, the driver code is only loaded once, but may have
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * many separate instances.
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunttypedef struct {
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt int method; /*%< security authentication method */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt char *cred; /*%< password for simple authentication method */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt int protocol; /*%< LDAP communication protocol version */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* Helper functions from the dlz_dlopen driver */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt/* forward references */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Huntb9_add_helper(ldap_instance_t *db, const char *helper_name, void *ptr);
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * Private methods
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt/*% checks that the LDAP URL parameters make sense */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Huntldap_checkURL(ldap_instance_t *db, char *URL, int attrCnt, const char *msg) {
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt if (ldap_result != LDAP_SUCCESS || ldap_url == NULL) {
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt db->log(ISC_LOG_ERROR, "parsing %s query failed", msg);
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt if (ldap_count_values(ldap_url->lud_attrs) < attrCnt) {
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "%s query must specify at least "
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt if (ldap_url->lud_dn == NULL || strlen (ldap_url->lud_dn) < 1) {
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt if (ldap_url->lud_exts != NULL || ldap_url->lud_crit_exts != 0) {
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "%s uses extensions. "
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "The driver does not support LDAP extensions.", msg);
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt/*% Connects / reconnects to LDAP server */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Huntldap_connect(ldap_instance_t *dbi, dbinstance_t *dbc) {
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* if we have a connection, get ride of it. */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* now connect / reconnect. */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* initialize. */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* set protocol version. */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt ldap_result = ldap_set_option((LDAP *) dbc->dbconn,
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* "bind" to server. i.e. send username / pass */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt ldap_result = ldap_bind_s((LDAP *) dbc->dbconn, dbi->user,
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* cleanup if failure. */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * Properly cleans up a list of database instances.
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * This function is only used when the driver is compiled for
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * multithreaded operation.
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* get the first DBI in the list */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* loop through the list */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* get the next DBI in the list */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* release DB connection */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* release all memory that comprised a DBI */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* release memory for the list structure */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * Loops through the list of DB instances, attempting to lock
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * on the mutex. If successful, the DBI is reserved for use
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * and the thread can perform queries against the database.
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * If the lock fails, the next one in the list is tried.
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * looping continues until a lock is obtained, or until
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * the list has been searched dbc_search_limit times.
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * This function is only used when the driver is compiled for
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * multithreaded operation.
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* get top of list */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* loop through list */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* try to lock on the mutex */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt return (dbi); /* success, return the DBI for use. */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* not successful, keep trying */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* check to see if we have gone to the top of the list. */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "LDAP driver unable to find available connection "
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt#endif /* PTHREADS */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Huntldap_process_results(ldap_instance_t *db, LDAP *dbc, LDAPMessage *msg,
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* get the first entry to process */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt db->log(ISC_LOG_INFO, "LDAP no entries to process.");
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* loop through all entries returned */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* reset for this loop */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* determine how much space we need for data string */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* get the list of values for this attribute. */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* skip empty attributes. */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * we only use the first value. this driver
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * does not support multi-valued attributes.
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* free vals for next loop */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* allocate memory for data string */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "LDAP driver unable to allocate memory "
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "while processing results");
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * Make sure data is null termed at the beginning so
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * we can check if any data was stored to it later.
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* reset j to re-use below */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* loop through the attributes in the order specified. */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* get the list of values for this attribute. */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* skip empty attributes. */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* increment attibute pointer */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* start loop over */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * j initially = 0. Increment j each time we
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * set a field that way next loop will set
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * next field.
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt switch (j) {
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * convert text to int, make sure it
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * worked right
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "LDAP driver ttl must "
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "be a postive number");
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* free values */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* increment attibute pointer */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "LDAP driver unable to retrieve DNS type");
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "LDAP driver unable to retrieve DNS data");
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt dns_sdlzallnodes_t *an = (dns_sdlzallnodes_t *) ptr;
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "ldap_dynamic: putnamedrr failed "
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "for \"%s %s %u %s\" (%d)",
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt dns_sdlzlookup_t *lookup = (dns_sdlzlookup_t *) ptr;
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "ldap_dynamic: putrr failed "
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "for \"%s %u %s\" (%s)",
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "LDAP driver failed "
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "while sending data to BIND.");
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* free memory for type, data and host for next loop */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* get the next entry to process */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* de-allocate memory */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * This function is the real core of the driver. Zone, record
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * and client strings are passed in (or NULL is passed if the
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * string is not available). The type of query we want to run
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * is indicated by the query flag, and the dbdata object is passed
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * passed in to. dbdata really holds either:
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * 1) a list of database instances (in multithreaded mode) OR
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * 2) a single database instance (in single threaded mode)
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * The function will construct the query and obtain an available
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * database instance (DBI). It will then run the query and hopefully
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * obtain a result set.
72c86c105a7cf315036d7131a4ef408bc6227639Evan Huntldap_get_results(const char *zone, const char *record,
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* get db instance / connection */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* find an available DBI from the list */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt#else /* PTHREADS */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * only 1 DBI - no need to lock instance lock either
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * only 1 thread in the whole process, no possible contention.
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt#endif /* PTHREADS */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* if DBI is null, can't do anything else */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* set fields */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* what type of query are we going to run? */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * if the query was not passed in from the config file
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * then we can't run it. return not_implemented, so
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * it's like the code for that operation was never
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * built into the driver.... AHHH flexibility!!!
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* same as comments as ALLNODES */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* same as comments as ALLNODES */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt querystring = build_querystring(dbi->authority_q);
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* this is required. It's the whole point of DLZ! */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "No query specified for findzone. "
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "Findzone requires a query");
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* this is required. It's also a major point of DLZ! */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "No query specified for lookup. "
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "Lookup requires a query");
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * this should never happen. If it does, the code is
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * screwed up!
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "Incorrect query flag passed to ldap_get_results");
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* if the querystring is null, Bummer, outta RAM. UPGRADE TIME!!! */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * output the full query string during debug so we can see
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * what lame error the query has.
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt db->log(ISC_LOG_DEBUG(1), "Query String: %s", querystring);
f469d5d440d9580e4c7007632d72a08a92a98d89Evan Hunt /* break URL down into it's component parts, if error cleanup */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt ldap_result = ldap_url_parse(querystring, &ldap_url);
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt if (ldap_result != LDAP_SUCCESS || ldap_url == NULL) {
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt for (i = 0; i < 3; i++) {
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * dbi->dbconn may be null if trying to reconnect on a
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * previous query failed.
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "LDAP driver attempting to re-connect");
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt result = ldap_connect((ldap_instance_t *) dbdata, dbi);
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* perform ldap search syncronously */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * check return code. No such object is ok, just
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * didn't find what we wanted
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "No object found matching query requirements");
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "LDAP driver attempting to re-connect");
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt result = ldap_connect((ldap_instance_t *) dbdata, dbi);
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * other errors not ok. Log error message and
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt result = ldap_process_results(db, (LDAP *) dbi->dbconn,
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt result = ldap_process_results(db, (LDAP *) dbi->dbconn,
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt entries = ldap_count_entries((LDAP *) dbi->dbconn, ldap_msg);
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt else if (entries > 0)
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt entries = ldap_count_entries((LDAP *) dbi->dbconn, ldap_msg);
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt else if (entries > 0)
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * this should never happen. If it does, the code is
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * screwed up!
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "Incorrect query flag passed to ldap_get_results");
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* it's always good to cleanup after yourself */
f469d5d440d9580e4c7007632d72a08a92a98d89Evan Hunt /* if we retrieved results, free them */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* cleanup */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* release the lock so another thread can use this dbi */
f469d5d440d9580e4c7007632d72a08a92a98d89Evan Hunt /* release query string */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* return result */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * DLZ methods
72c86c105a7cf315036d7131a4ef408bc6227639Evan Huntdlz_allowzonexfr(void *dbdata, const char *name, const char *client) {
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* check to see if we are authoritative for the zone first */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt result = dlz_findzonedb(dbdata, name, NULL, NULL);
f469d5d440d9580e4c7007632d72a08a92a98d89Evan Hunt /* get all the zone data */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt result = ldap_get_results(name, NULL, client, ALLOWXFR, dbdata, NULL);
72c86c105a7cf315036d7131a4ef408bc6227639Evan Huntdlz_allnodes(const char *zone, void *dbdata, dns_sdlzallnodes_t *allnodes)
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt return (ldap_get_results(zone, NULL, NULL, ALLNODES, dbdata, allnodes));
72c86c105a7cf315036d7131a4ef408bc6227639Evan Huntdlz_authority(const char *zone, void *dbdata, dns_sdlzlookup_t *lookup) {
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt return (ldap_get_results(zone, NULL, NULL, AUTHORITY, dbdata, lookup));
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt return (ldap_get_results(name, NULL, NULL, FINDZONE, dbdata, NULL));
f469d5d440d9580e4c7007632d72a08a92a98d89Evan Huntisc_result_t dlz_lookup(const char *zone, const char *name,
f469d5d440d9580e4c7007632d72a08a92a98d89Evan Huntisc_result_t dlz_lookup(const char *zone, const char *name,
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt result = ldap_get_results(zone, "~", NULL, LOOKUP,
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt result = ldap_get_results(zone, name, NULL, LOOKUP,
72c86c105a7cf315036d7131a4ef408bc6227639Evan Huntdlz_create(const char *dlzname, unsigned int argc, char *argv[],
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt void **dbdata, ...)
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt#endif /* PTHREADS */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* allocate memory for LDAP instance */
f469d5d440d9580e4c7007632d72a08a92a98d89Evan Hunt /* Fill in the helper functions */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt while ((helper_name = va_arg(ap, const char*)) != NULL)
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt b9_add_helper(ldap, helper_name, va_arg(ap, void*));
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* if debugging, let user know we are multithreaded. */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt ldap->log(ISC_LOG_DEBUG(1), "LDAP driver running multithreaded");
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt#else /* PTHREADS */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* if debugging, let user know we are single threaded. */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt ldap->log(ISC_LOG_DEBUG(1), "LDAP driver running single threaded");
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt#endif /* PTHREADS */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "LDAP driver requires at least "
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "8 command line args.");
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* no more than 13 arg's should be passed to the driver */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "LDAP driver cannot accept more than "
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "11 command line args.");
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* determine protocol version. */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt else if (strncasecmp(argv[2], V3, strlen(V3)) == 0)
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "LDAP driver protocol must be either %s or %s",
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* determine connection method. */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt if (strncasecmp(argv[3], SIMPLE, strlen(SIMPLE)) == 0)
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt else if (strncasecmp(argv[3], KRB41, strlen(KRB41)) == 0)
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt else if (strncasecmp(argv[3], KRB42, strlen(KRB42)) == 0)
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "LDAP driver authentication method must be "
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* multithreaded build can have multiple DB connections */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* check how many db connections we should create */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "LDAP driver database connection count "
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "must be positive.");
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* check that LDAP URL parameters make sense */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "allow zone transfer");
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt result = ldap_checkURL(ldap, argv[10], 3, "all nodes");
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt result = ldap_checkURL(ldap, argv[9], 3, "authority");
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt result = ldap_checkURL(ldap, argv[8], 3, "lookup");
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt result = ldap_checkURL(ldap, argv[7], 0, "find zone");
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* not really needed, should shut up compiler. */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* store info needed to automatically re-connect. */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* allocate memory for database connection list */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* initialize DB connection list */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * create the appropriate number of database instances (DBI)
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * append each new DBI to the end of the list
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt for (i = 0; i < dbcount; i++) {
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt#endif /* PTHREADS */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* how many queries were passed in from config file? */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt result = build_dbinstance(NULL, NULL, NULL, argv[7],
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt result = build_dbinstance(argv[10], NULL, argv[9],
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* not really needed, should shut up compiler. */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "LDAP driver created "
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "database instance object.");
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt } else { /* unsuccessful?, log err msg and cleanup. */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "LDAP driver could not create "
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "database instance object.");
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* when multithreaded, build a list of DBI's */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * when single threaded, hold onto the one connection
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* attempt to connect */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * if db connection cannot be created, log err msg and
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* success, do nothing */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * no memory means ldap_init could not
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * allocate memory
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "LDAP driver could not allocate memory "
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "LDAP driver could not allocate memory "
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "for connection");
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * no perm means ldap_set_option could not set
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * protocol version
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "LDAP driver could not "
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "set protocol version.");
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* failure means couldn't connect to ldap server */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "LDAP driver could not bind "
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "LDAP driver could not "
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt "bind connection to server.");
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * default should never happen. If it does,
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * major errors.
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* set DBI = null for next loop through. */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt#endif /* PTHREADS */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* set dbdata to the ldap_instance we created. */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* cleanup the list of DBI's */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt#else /* PTHREADS */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt /* destroy single DB instance */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt#endif /* PTHREADS */
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * Return the version of the API
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt * Register a helper function from the bind9 dlz_dlopen driver
72c86c105a7cf315036d7131a4ef408bc6227639Evan Huntb9_add_helper(ldap_instance_t *db, const char *helper_name, void *ptr) {