dlz_ldap_dynamic.c revision 02d54949f0f1db4729e14c3322b207f58d2578a4
279c6ec074be17dce62dd1b2c6ed7c2cc56a7b78David Lawrence * Copyright (C) 2002 Stichting NLnet, Netherlands, stichting@nlnet.nl.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence * Permission to use, copy, modify, and distribute this software for any
279c6ec074be17dce62dd1b2c6ed7c2cc56a7b78David Lawrence * purpose with or without fee is hereby granted, provided that the
279c6ec074be17dce62dd1b2c6ed7c2cc56a7b78David Lawrence * above copyright notice and this permission notice appear in all
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington * THE SOFTWARE IS PROVIDED "AS IS" AND STICHTING NLNET
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington * STICHTING NLNET BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington * USE OR PERFORMANCE OF THIS SOFTWARE.
279c6ec074be17dce62dd1b2c6ed7c2cc56a7b78David Lawrence * The development of Dynamically Loadable Zones (DLZ) for BIND 9 was
bff8ac12a8c099257bdbf7d0c55d2d5b77591926Mark Andrews * conceived and contributed by Rob Butler.
279c6ec074be17dce62dd1b2c6ed7c2cc56a7b78David Lawrence * Permission to use, copy, modify, and distribute this software for any
279c6ec074be17dce62dd1b2c6ed7c2cc56a7b78David Lawrence * purpose with or without fee is hereby granted, provided that the
279c6ec074be17dce62dd1b2c6ed7c2cc56a7b78David Lawrence * above copyright notice and this permission notice appear in all
fd837244be31850a764863688bce11df9ce972f4Andreas Gustafsson * THE SOFTWARE IS PROVIDED "AS IS" AND ROB BUTLER
fd837244be31850a764863688bce11df9ce972f4Andreas Gustafsson * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
fd837244be31850a764863688bce11df9ce972f4Andreas Gustafsson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
a30e7fc23415fd238d067a8a871607bca36068baMichael Graff * ROB BUTLER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
a30e7fc23415fd238d067a8a871607bca36068baMichael Graff * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
a30e7fc23415fd238d067a8a871607bca36068baMichael Graff * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
8d4257cff01b3821abcb9a21f46c6c6a43bb1e72Bob Halley * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
8d4257cff01b3821abcb9a21f46c6c6a43bb1e72Bob Halley * USE OR PERFORMANCE OF THIS SOFTWARE.
8d4257cff01b3821abcb9a21f46c6c6a43bb1e72Bob Halley * Copyright (C) 1999-2001, 2013, 2016 Internet Systems Consortium, Inc. ("ISC")
dc97fe4ed08488d314ab5bc8e99ed839542cf411David Lawrence * This Source Code Form is subject to the terms of the Mozilla Public
dc97fe4ed08488d314ab5bc8e99ed839542cf411David Lawrence * License, v. 2.0. If a copy of the MPL was not distributed with this
8d4257cff01b3821abcb9a21f46c6c6a43bb1e72Bob Halley * file, You can obtain one at http://mozilla.org/MPL/2.0/.
50453ad879d0d93854de5a3385776bd799e8f35cBob Halley * This provides the externally loadable ldap DLZ module, without
50453ad879d0d93854de5a3385776bd799e8f35cBob Halley * update support
a30e7fc23415fd238d067a8a871607bca36068baMichael Graff * Need older API functions from ldap.h.
703e1c0bb66f3cd3d300358ca0c1fdf3cb5fb1c5Brian Wellington * Structure to hold everthing needed by this "instance" of the LDAP
b15c543f7957fbb4284f0fc20b3278f2a411d272Mark Andrews * driver remember, the driver code is only loaded once, but may have
b15c543f7957fbb4284f0fc20b3278f2a411d272Mark Andrews * many separate instances.
0eb2572d79822d02ea05448ce4e5f1759c73d171Michael Grafftypedef struct {
4108eed5092156cf0407a97a9bd8ab7775164694Brian Wellington int method; /*%< security authentication method */
3f123dcc2fe5d2cd08ca91b732741d86a4036906Brian Wellington char *cred; /*%< password for simple authentication method */
3f123dcc2fe5d2cd08ca91b732741d86a4036906Brian Wellington int protocol; /*%< LDAP communication protocol version */
64b92523f9333ba053f4b2860335583be455b0b3Brian Wellington /* Helper functions from the dlz_dlopen driver */
876753d5ce1be48f3218fb4875fac501f8adfd6cDavid Lawrence/* forward references */
ed71ea51c6ecb5d7d659b6e6a20f6b3f5c2678c6David Lawrencedlz_findzonedb(void *dbdata, const char *name);
ed71ea51c6ecb5d7d659b6e6a20f6b3f5c2678c6David Lawrencedlz_findzonedb(void *dbdata, const char *name,
49a2cf8f211213712d452287ae8e121cf59e3178David Lawrenceb9_add_helper(ldap_instance_t *db, const char *helper_name, void *ptr);
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews * Private methods
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews/*% checks that the LDAP URL parameters make sense */
49a2cf8f211213712d452287ae8e121cf59e3178David Lawrenceldap_checkURL(ldap_instance_t *db, char *URL, int attrCnt, const char *msg) {
fd837244be31850a764863688bce11df9ce972f4Andreas Gustafsson ldap_result = ldap_url_parse(URL, &ldap_url);
fd837244be31850a764863688bce11df9ce972f4Andreas Gustafsson if (ldap_result != LDAP_SUCCESS || ldap_url == NULL) {
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews db->log(ISC_LOG_ERROR, "parsing %s query failed", msg);
64b92523f9333ba053f4b2860335583be455b0b3Brian Wellington if (ldap_count_values(ldap_url->lud_attrs) < attrCnt) {
a5d43b72413db3edd6b36a58f9bdf2cf6ff692f2Bob Halley "%s query must specify at least "
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews if (ldap_url->lud_dn == NULL || strlen (ldap_url->lud_dn) < 1) {
fd837244be31850a764863688bce11df9ce972f4Andreas Gustafsson if (ldap_url->lud_exts != NULL || ldap_url->lud_crit_exts != 0) {
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews "%s uses extensions. "
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews "The driver does not support LDAP extensions.", msg);
f8727bd90366af835f551da1b5e1fdfcd2d3d01fBrian Wellington/*% Connects / reconnects to LDAP server */
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrewsldap_connect(ldap_instance_t *dbi, dbinstance_t *dbc) {
203596d27c225ea195e4faad4f19388c6e96ac80Bob Halley /* if we have a connection, get ride of it. */
fd837244be31850a764863688bce11df9ce972f4Andreas Gustafsson /* now connect / reconnect. */
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews /* initialize. */
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews /* set protocol version. */
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews ldap_result = ldap_set_option((LDAP *) dbc->dbconn,
882350d11c90de9de6fc1cead25690c8114b0b95Michael Graff /* "bind" to server. i.e. send username / pass */
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews ldap_result = ldap_bind_s((LDAP *) dbc->dbconn, dbi->user,
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews /* cleanup if failure. */
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews * Properly cleans up a list of database instances.
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews * This function is only used when the driver is compiled for
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews * multithreaded operation.
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews /* get the first DBI in the list */
static dbinstance_t *
int count = 0;
count++;
return (NULL);
static isc_result_t
int len;
int ttl;
return (ISC_R_FAILURE);
ttl = 0;
len = 0;
goto cleanup;
goto cleanup;
if (allnodes)
if (allnodes)
goto cleanup;
goto cleanup;
goto cleanup;
return (result);
static isc_result_t
int ldap_result = 0;
int entries;
#if PTHREADS
return (ISC_R_FAILURE);
goto cleanup;
goto cleanup;
goto cleanup;
switch (query) {
case ALLNODES:
goto cleanup;
case ALLOWXFR:
goto cleanup;
case AUTHORITY:
goto cleanup;
case FINDZONE:
goto cleanup;
case LOOKUP:
goto cleanup;
goto cleanup;
goto cleanup;
goto cleanup;
switch (ldap_result) {
case LDAP_NO_SUCH_OBJECT:
goto cleanup;
case LDAP_SERVER_DOWN:
goto cleanup;
goto cleanup;
switch (query) {
case ALLNODES:
case AUTHORITY:
case LOOKUP:
case ALLOWXFR:
if (entries == 0)
else if (entries > 0)
case FINDZONE:
if (entries == 0)
else if (entries > 0)
return (result);
return (result);
return (result);
return (result);
void **dbdata, ...)
const char *helper_name;
int protocol;
int method;
#if PTHREADS
int dbcount;
char *endp;
return (ISC_R_NOMEMORY);
#if PTHREADS
goto cleanup;
goto cleanup;
goto cleanup;
goto cleanup;
#if PTHREADS
goto cleanup;
switch (argc) {
goto cleanup;
goto cleanup;
goto cleanup;
goto cleanup;
goto cleanup;
goto cleanup;
goto cleanup;
goto cleanup;
#if PTHREADS
goto cleanup;
for (i = 0; i < dbcount; i++) {
switch (argc) {
goto cleanup;
#if PTHREADS
switch (result) {
case ISC_R_SUCCESS:
case ISC_R_NOMEMORY:
#if PTHREADS
goto cleanup;
case ISC_R_NOPERM:
goto cleanup;
case ISC_R_FAILURE:
#if PTHREADS
goto cleanup;
goto cleanup;
#if PTHREADS
return (ISC_R_SUCCESS);
return (result);
#if PTHREADS
#if PTHREADS
return (DLZ_DLOPEN_VERSION);