Line 0
Link Here
|
|
|
1 |
/* ldap.c |
2 |
|
3 |
Routines for reading the configuration from LDAP */ |
4 |
|
5 |
/* |
6 |
* Copyright (c) 2003-2006 Ntelos, Inc. |
7 |
* All rights reserved. |
8 |
* |
9 |
* Redistribution and use in source and binary forms, with or without |
10 |
* modification, are permitted provided that the following conditions |
11 |
* are met: |
12 |
* |
13 |
* 1. Redistributions of source code must retain the above copyright |
14 |
* notice, this list of conditions and the following disclaimer. |
15 |
* 2. Redistributions in binary form must reproduce the above copyright |
16 |
* notice, this list of conditions and the following disclaimer in the |
17 |
* documentation and/or other materials provided with the distribution. |
18 |
* 3. Neither the name of The Internet Software Consortium nor the names |
19 |
* of its contributors may be used to endorse or promote products derived |
20 |
* from this software without specific prior written permission. |
21 |
* |
22 |
* THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND |
23 |
* CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, |
24 |
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF |
25 |
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
26 |
* DISCLAIMED. IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR |
27 |
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
28 |
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
29 |
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF |
30 |
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
31 |
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, |
32 |
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT |
33 |
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
34 |
* SUCH DAMAGE. |
35 |
* |
36 |
* This LDAP module was written by Brian Masney <masneyb@ntelos.net>. Its |
37 |
* development was sponsored by Ntelos, Inc. (www.ntelos.com). |
38 |
*/ |
39 |
|
40 |
#include "dhcpd.h" |
41 |
#include <signal.h> |
42 |
|
43 |
#if defined(LDAP_CONFIGURATION) |
44 |
|
45 |
#if defined(LDAP_CASA_AUTH) |
46 |
#include "ldap_casa.h" |
47 |
#endif |
48 |
|
49 |
static LDAP * ld = NULL; |
50 |
static char *ldap_server = NULL, |
51 |
*ldap_username = NULL, |
52 |
*ldap_password = NULL, |
53 |
*ldap_base_dn = NULL, |
54 |
*ldap_server_cn = NULL, |
55 |
*ldap_debug_file = NULL; |
56 |
static int ldap_port = LDAP_PORT, |
57 |
ldap_method = LDAP_METHOD_DYNAMIC, |
58 |
ldap_debug_fd = -1; |
59 |
static struct ldap_config_stack *ldap_stack = NULL; |
60 |
|
61 |
typedef struct ldap_dn_node { |
62 |
struct ldap_dn_node *next; |
63 |
size_t refs; |
64 |
char *dn; |
65 |
} ldap_dn_node; |
66 |
|
67 |
static ldap_dn_node *ldap_service_dn_head = NULL; |
68 |
static ldap_dn_node *ldap_service_dn_tail = NULL; |
69 |
|
70 |
|
71 |
static void |
72 |
ldap_parse_class (struct ldap_config_stack *item, struct parse *cfile) |
73 |
{ |
74 |
char **tempstr; |
75 |
|
76 |
if ((tempstr = ldap_get_values (ld, item->ldent, "cn")) == NULL || |
77 |
tempstr[0] == NULL) |
78 |
{ |
79 |
if (tempstr != NULL) |
80 |
ldap_value_free (tempstr); |
81 |
|
82 |
return; |
83 |
} |
84 |
|
85 |
strncat (cfile->inbuf, "class \"", LDAP_BUFFER_SIZE); |
86 |
strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE); |
87 |
strncat (cfile->inbuf, "\" {\n", LDAP_BUFFER_SIZE); |
88 |
|
89 |
item->close_brace = 1; |
90 |
ldap_value_free (tempstr); |
91 |
} |
92 |
|
93 |
|
94 |
static void |
95 |
ldap_parse_subclass (struct ldap_config_stack *item, struct parse *cfile) |
96 |
{ |
97 |
char **tempstr, **classdata; |
98 |
|
99 |
if ((tempstr = ldap_get_values (ld, item->ldent, "cn")) == NULL || |
100 |
tempstr[0] == NULL) |
101 |
{ |
102 |
if (tempstr != NULL) |
103 |
ldap_value_free (tempstr); |
104 |
|
105 |
return; |
106 |
} |
107 |
|
108 |
if ((classdata = ldap_get_values (ld, item->ldent, |
109 |
"dhcpClassData")) == NULL || |
110 |
classdata[0] == NULL) |
111 |
{ |
112 |
if (classdata != NULL) |
113 |
ldap_value_free (classdata); |
114 |
ldap_value_free (tempstr); |
115 |
|
116 |
return; |
117 |
} |
118 |
|
119 |
strncat (cfile->inbuf, "subclass ", LDAP_BUFFER_SIZE); |
120 |
strncat (cfile->inbuf, classdata[0], LDAP_BUFFER_SIZE); |
121 |
strncat (cfile->inbuf, " ", LDAP_BUFFER_SIZE); |
122 |
strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE); |
123 |
strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE); |
124 |
|
125 |
item->close_brace = 1; |
126 |
ldap_value_free (tempstr); |
127 |
ldap_value_free (classdata); |
128 |
} |
129 |
|
130 |
|
131 |
static void |
132 |
ldap_parse_host (struct ldap_config_stack *item, struct parse *cfile) |
133 |
{ |
134 |
char **tempstr, **hwaddr; |
135 |
|
136 |
if ((tempstr = ldap_get_values (ld, item->ldent, "cn")) == NULL || |
137 |
tempstr[0] == NULL) |
138 |
{ |
139 |
if (tempstr != NULL) |
140 |
ldap_value_free (tempstr); |
141 |
|
142 |
return; |
143 |
} |
144 |
|
145 |
hwaddr = ldap_get_values (ld, item->ldent, "dhcpHWAddress"); |
146 |
|
147 |
strncat (cfile->inbuf, "host ", LDAP_BUFFER_SIZE); |
148 |
strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE); |
149 |
|
150 |
if (hwaddr != NULL && hwaddr[0] != NULL) |
151 |
{ |
152 |
strncat (cfile->inbuf, " {\nhardware ", LDAP_BUFFER_SIZE); |
153 |
strncat (cfile->inbuf, hwaddr[0], LDAP_BUFFER_SIZE); |
154 |
strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); |
155 |
ldap_value_free (hwaddr); |
156 |
} |
157 |
|
158 |
item->close_brace = 1; |
159 |
ldap_value_free (tempstr); |
160 |
} |
161 |
|
162 |
|
163 |
static void |
164 |
ldap_parse_shared_network (struct ldap_config_stack *item, struct parse *cfile) |
165 |
{ |
166 |
char **tempstr; |
167 |
|
168 |
if ((tempstr = ldap_get_values (ld, item->ldent, "cn")) == NULL || |
169 |
tempstr[0] == NULL) |
170 |
{ |
171 |
if (tempstr != NULL) |
172 |
ldap_value_free (tempstr); |
173 |
|
174 |
return; |
175 |
} |
176 |
|
177 |
strncat (cfile->inbuf, "shared-network \"", LDAP_BUFFER_SIZE); |
178 |
strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE); |
179 |
strncat (cfile->inbuf, "\" {\n", LDAP_BUFFER_SIZE); |
180 |
|
181 |
item->close_brace = 1; |
182 |
ldap_value_free (tempstr); |
183 |
} |
184 |
|
185 |
|
186 |
static void |
187 |
parse_netmask (int netmask, char *netmaskbuf) |
188 |
{ |
189 |
unsigned long nm; |
190 |
int i; |
191 |
|
192 |
nm = 0; |
193 |
for (i=1; i <= netmask; i++) |
194 |
{ |
195 |
nm |= 1 << (32 - i); |
196 |
} |
197 |
|
198 |
sprintf (netmaskbuf, "%d.%d.%d.%d", (int) (nm >> 24) & 0xff, |
199 |
(int) (nm >> 16) & 0xff, |
200 |
(int) (nm >> 8) & 0xff, |
201 |
(int) nm & 0xff); |
202 |
} |
203 |
|
204 |
|
205 |
static void |
206 |
ldap_parse_subnet (struct ldap_config_stack *item, struct parse *cfile) |
207 |
{ |
208 |
char **tempstr, **netmaskstr, netmaskbuf[16]; |
209 |
int i; |
210 |
|
211 |
if ((tempstr = ldap_get_values (ld, item->ldent, "cn")) == NULL || |
212 |
tempstr[0] == NULL) |
213 |
{ |
214 |
if (tempstr != NULL) |
215 |
ldap_value_free (tempstr); |
216 |
|
217 |
return; |
218 |
} |
219 |
|
220 |
if ((netmaskstr = ldap_get_values (ld, item->ldent, |
221 |
"dhcpNetmask")) == NULL || |
222 |
netmaskstr[0] == NULL) |
223 |
{ |
224 |
if (netmaskstr != NULL) |
225 |
ldap_value_free (netmaskstr); |
226 |
ldap_value_free (tempstr); |
227 |
|
228 |
return; |
229 |
} |
230 |
|
231 |
strncat (cfile->inbuf, "subnet ", LDAP_BUFFER_SIZE); |
232 |
strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE); |
233 |
|
234 |
strncat (cfile->inbuf, " netmask ", LDAP_BUFFER_SIZE); |
235 |
parse_netmask (strtol (netmaskstr[0], NULL, 10), netmaskbuf); |
236 |
strncat (cfile->inbuf, netmaskbuf, LDAP_BUFFER_SIZE); |
237 |
|
238 |
strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE); |
239 |
|
240 |
ldap_value_free (tempstr); |
241 |
ldap_value_free (netmaskstr); |
242 |
|
243 |
if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpRange")) != NULL) |
244 |
{ |
245 |
for (i=0; tempstr[i] != NULL; i++) |
246 |
{ |
247 |
strncat (cfile->inbuf, "range", LDAP_BUFFER_SIZE); |
248 |
strncat (cfile->inbuf, " ", LDAP_BUFFER_SIZE); |
249 |
strncat (cfile->inbuf, tempstr[i], LDAP_BUFFER_SIZE); |
250 |
strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); |
251 |
} |
252 |
ldap_value_free (tempstr); |
253 |
} |
254 |
|
255 |
item->close_brace = 1; |
256 |
} |
257 |
|
258 |
|
259 |
static void |
260 |
ldap_parse_pool (struct ldap_config_stack *item, struct parse *cfile) |
261 |
{ |
262 |
char **tempstr; |
263 |
int i; |
264 |
|
265 |
strncat (cfile->inbuf, "pool {\n", LDAP_BUFFER_SIZE); |
266 |
|
267 |
if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpRange")) != NULL) |
268 |
{ |
269 |
strncat (cfile->inbuf, "range", LDAP_BUFFER_SIZE); |
270 |
for (i=0; tempstr[i] != NULL; i++) |
271 |
{ |
272 |
strncat (cfile->inbuf, " ", LDAP_BUFFER_SIZE); |
273 |
strncat (cfile->inbuf, tempstr[i], LDAP_BUFFER_SIZE); |
274 |
} |
275 |
strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); |
276 |
ldap_value_free (tempstr); |
277 |
} |
278 |
|
279 |
if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpPermitList")) != NULL) |
280 |
{ |
281 |
for (i=0; tempstr[i] != NULL; i++) |
282 |
{ |
283 |
strncat (cfile->inbuf, tempstr[i], LDAP_BUFFER_SIZE); |
284 |
strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); |
285 |
} |
286 |
ldap_value_free (tempstr); |
287 |
} |
288 |
|
289 |
item->close_brace = 1; |
290 |
} |
291 |
|
292 |
|
293 |
static void |
294 |
ldap_parse_group (struct ldap_config_stack *item, struct parse *cfile) |
295 |
{ |
296 |
strncat (cfile->inbuf, "group {\n", LDAP_BUFFER_SIZE); |
297 |
item->close_brace = 1; |
298 |
} |
299 |
|
300 |
|
301 |
static void |
302 |
ldap_parse_key (struct ldap_config_stack *item, struct parse *cfile) |
303 |
{ |
304 |
char **tempstr; |
305 |
|
306 |
if ((tempstr = ldap_get_values (ld, item->ldent, "cn")) != NULL) |
307 |
{ |
308 |
strncat (cfile->inbuf, "key ", LDAP_BUFFER_SIZE); |
309 |
strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE); |
310 |
strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE); |
311 |
ldap_value_free (tempstr); |
312 |
} |
313 |
|
314 |
if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpKeyAlgorithm")) != NULL) |
315 |
{ |
316 |
strncat (cfile->inbuf, "algorithm ", LDAP_BUFFER_SIZE); |
317 |
strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE); |
318 |
strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); |
319 |
ldap_value_free (tempstr); |
320 |
} |
321 |
|
322 |
if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpKeySecret")) != NULL) |
323 |
{ |
324 |
strncat (cfile->inbuf, "secret ", LDAP_BUFFER_SIZE); |
325 |
strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE); |
326 |
strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); |
327 |
ldap_value_free (tempstr); |
328 |
} |
329 |
|
330 |
item->close_brace = 1; |
331 |
} |
332 |
|
333 |
|
334 |
static void |
335 |
ldap_parse_zone (struct ldap_config_stack *item, struct parse *cfile) |
336 |
{ |
337 |
char *cnFindStart, *cnFindEnd; |
338 |
char **tempstr; |
339 |
char *keyCn; |
340 |
size_t len; |
341 |
|
342 |
if ((tempstr = ldap_get_values (ld, item->ldent, "cn")) != NULL) |
343 |
{ |
344 |
strncat (cfile->inbuf, "zone ", LDAP_BUFFER_SIZE); |
345 |
strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE); |
346 |
strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE); |
347 |
ldap_value_free (tempstr); |
348 |
} |
349 |
|
350 |
if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpDnsZoneServer")) != NULL) |
351 |
{ |
352 |
strncat (cfile->inbuf, "primary ", LDAP_BUFFER_SIZE); |
353 |
strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE); |
354 |
|
355 |
strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); |
356 |
ldap_value_free (tempstr); |
357 |
} |
358 |
|
359 |
if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpKeyDN")) != NULL) |
360 |
{ |
361 |
cnFindStart = strchr(tempstr[0],'='); |
362 |
if (cnFindStart != NULL) |
363 |
cnFindEnd = strchr(++cnFindStart,','); |
364 |
else |
365 |
cnFindEnd = NULL; |
366 |
|
367 |
if (cnFindEnd != NULL && cnFindEnd > cnFindStart) |
368 |
{ |
369 |
len = cnFindEnd - cnFindStart; |
370 |
keyCn = dmalloc (len + 1, MDL); |
371 |
} |
372 |
else |
373 |
{ |
374 |
len = 0; |
375 |
keyCn = NULL; |
376 |
} |
377 |
|
378 |
if (keyCn != NULL) |
379 |
{ |
380 |
strncpy (keyCn, cnFindStart, len); |
381 |
keyCn[len] = '\0'; |
382 |
|
383 |
strncat (cfile->inbuf, "key ", LDAP_BUFFER_SIZE); |
384 |
strncat (cfile->inbuf, keyCn, LDAP_BUFFER_SIZE); |
385 |
strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); |
386 |
|
387 |
dfree (keyCn, MDL); |
388 |
} |
389 |
|
390 |
ldap_value_free (tempstr); |
391 |
} |
392 |
|
393 |
item->close_brace = 1; |
394 |
} |
395 |
|
396 |
|
397 |
static void |
398 |
add_to_config_stack (LDAPMessage * res, LDAPMessage * ent) |
399 |
{ |
400 |
struct ldap_config_stack *ns; |
401 |
|
402 |
ns = dmalloc (sizeof (*ns), MDL); |
403 |
ns->res = res; |
404 |
ns->ldent = ent; |
405 |
ns->close_brace = 0; |
406 |
ns->processed = 0; |
407 |
ns->next = ldap_stack; |
408 |
ldap_stack = ns; |
409 |
} |
410 |
|
411 |
|
412 |
static void |
413 |
ldap_stop() |
414 |
{ |
415 |
struct sigaction old, new; |
416 |
|
417 |
if (ld == NULL) |
418 |
return; |
419 |
|
420 |
/* |
421 |
** ldap_unbind after a LDAP_SERVER_DOWN result |
422 |
** causes a SIGPIPE and dhcpd gets terminated, |
423 |
** since it doesn't handle it... |
424 |
*/ |
425 |
|
426 |
new.sa_flags = 0; |
427 |
new.sa_handler = SIG_IGN; |
428 |
sigemptyset (&new.sa_mask); |
429 |
sigaction (SIGPIPE, &new, &old); |
430 |
|
431 |
ldap_unbind (ld); |
432 |
ld = NULL; |
433 |
|
434 |
sigaction (SIGPIPE, &old, &new); |
435 |
} |
436 |
|
437 |
|
438 |
static char * |
439 |
_do_lookup_dhcp_string_option (struct option_state *options, int option_name) |
440 |
{ |
441 |
struct option_cache *oc; |
442 |
struct data_string db; |
443 |
char *ret; |
444 |
|
445 |
memset (&db, 0, sizeof (db)); |
446 |
oc = lookup_option (&server_universe, options, option_name); |
447 |
if (oc && |
448 |
evaluate_option_cache (&db, (struct packet*) NULL, |
449 |
(struct lease *) NULL, |
450 |
(struct client_state *) NULL, options, |
451 |
(struct option_state *) NULL, |
452 |
&global_scope, oc, MDL) && |
453 |
db.data != NULL && *db.data != '\0') |
454 |
|
455 |
{ |
456 |
ret = dmalloc (db.len + 1, MDL); |
457 |
if (ret == NULL) |
458 |
log_fatal ("no memory for ldap username"); |
459 |
|
460 |
memcpy (ret, db.data, db.len); |
461 |
ret[db.len] = 0; |
462 |
data_string_forget (&db, MDL); |
463 |
} |
464 |
else |
465 |
ret = NULL; |
466 |
|
467 |
return (ret); |
468 |
} |
469 |
|
470 |
|
471 |
static int |
472 |
_do_lookup_dhcp_int_option (struct option_state *options, int option_name) |
473 |
{ |
474 |
struct option_cache *oc; |
475 |
struct data_string db; |
476 |
int ret; |
477 |
|
478 |
memset (&db, 0, sizeof (db)); |
479 |
oc = lookup_option (&server_universe, options, option_name); |
480 |
if (oc && |
481 |
evaluate_option_cache (&db, (struct packet*) NULL, |
482 |
(struct lease *) NULL, |
483 |
(struct client_state *) NULL, options, |
484 |
(struct option_state *) NULL, |
485 |
&global_scope, oc, MDL) && |
486 |
db.data != NULL && *db.data != '\0') |
487 |
{ |
488 |
ret = strtol (db.data, NULL, 10); |
489 |
data_string_forget (&db, MDL); |
490 |
} |
491 |
else |
492 |
ret = 0; |
493 |
|
494 |
return (ret); |
495 |
} |
496 |
|
497 |
|
498 |
static int |
499 |
_do_lookup_dhcp_enum_option (struct option_state *options, int option_name) |
500 |
{ |
501 |
struct option_cache *oc; |
502 |
struct data_string db; |
503 |
int ret; |
504 |
|
505 |
memset (&db, 0, sizeof (db)); |
506 |
oc = lookup_option (&server_universe, options, option_name); |
507 |
if (oc && |
508 |
evaluate_option_cache (&db, (struct packet*) NULL, |
509 |
(struct lease *) NULL, |
510 |
(struct client_state *) NULL, options, |
511 |
(struct option_state *) NULL, |
512 |
&global_scope, oc, MDL) && |
513 |
db.data != NULL && *db.data != '\0') |
514 |
{ |
515 |
if (db.len == 1) |
516 |
ret = db.data [0]; |
517 |
else |
518 |
log_fatal ("invalid option name %d", option_name); |
519 |
|
520 |
data_string_forget (&db, MDL); |
521 |
} |
522 |
else |
523 |
ret = 0; |
524 |
|
525 |
return (ret); |
526 |
} |
527 |
|
528 |
|
529 |
static void |
530 |
ldap_start (void) |
531 |
{ |
532 |
struct option_state *options; |
533 |
int ret, version; |
534 |
|
535 |
if (ld != NULL) |
536 |
return; |
537 |
|
538 |
if (ldap_server == NULL) |
539 |
{ |
540 |
options = NULL; |
541 |
option_state_allocate (&options, MDL); |
542 |
|
543 |
execute_statements_in_scope ((struct binding_value **) NULL, |
544 |
(struct packet *) NULL, (struct lease *) NULL, |
545 |
(struct client_state *) NULL, (struct option_state *) NULL, |
546 |
options, &global_scope, root_group, (struct group *) NULL); |
547 |
|
548 |
ldap_server = _do_lookup_dhcp_string_option (options, SV_LDAP_SERVER); |
549 |
ldap_server_cn = _do_lookup_dhcp_string_option (options, |
550 |
SV_LDAP_SERVER_CN); |
551 |
ldap_port = _do_lookup_dhcp_int_option (options, SV_LDAP_PORT); |
552 |
ldap_base_dn = _do_lookup_dhcp_string_option (options, SV_LDAP_BASE_DN); |
553 |
ldap_method = _do_lookup_dhcp_enum_option (options, SV_LDAP_METHOD); |
554 |
ldap_debug_file = _do_lookup_dhcp_string_option (options, |
555 |
SV_LDAP_DEBUG_FILE); |
556 |
|
557 |
#if defined (LDAP_CASA_AUTH) |
558 |
if (!load_uname_pwd_from_miCASA(ldap_username,ldap_password)) |
559 |
{ |
560 |
#if defined (DEBUG_LDAP) |
561 |
log_info ("Authentication credential taken from file"); |
562 |
#endif |
563 |
#endif |
564 |
|
565 |
ldap_username = _do_lookup_dhcp_string_option (options, SV_LDAP_USERNAME); |
566 |
ldap_password = _do_lookup_dhcp_string_option (options, SV_LDAP_PASSWORD); |
567 |
|
568 |
#if defined (LDAP_CASA_AUTH) |
569 |
} |
570 |
#endif |
571 |
|
572 |
option_state_dereference (&options, MDL); |
573 |
} |
574 |
|
575 |
if (ldap_server == NULL || ldap_base_dn == NULL) |
576 |
{ |
577 |
log_info ("Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file"); |
578 |
ldap_method = LDAP_METHOD_STATIC; |
579 |
return; |
580 |
} |
581 |
|
582 |
if (ldap_debug_file != NULL && ldap_debug_fd == -1) |
583 |
{ |
584 |
if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY, |
585 |
S_IRUSR | S_IWUSR)) < 0) |
586 |
log_error ("Error opening debug LDAP log file %s: %s", ldap_debug_file, |
587 |
strerror (errno)); |
588 |
} |
589 |
|
590 |
#if defined (DEBUG_LDAP) |
591 |
log_info ("Connecting to LDAP server %s:%d", ldap_server, ldap_port); |
592 |
#endif |
593 |
|
594 |
if ((ld = ldap_init (ldap_server, ldap_port)) == NULL) |
595 |
{ |
596 |
log_error ("Cannot init ldap session to %s", ldap_server); |
597 |
return; |
598 |
} |
599 |
|
600 |
version = LDAP_VERSION3; |
601 |
if ((ret = ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &version)) != LDAP_OPT_SUCCESS) |
602 |
{ |
603 |
log_error ("Cannot set LDAP version to %d: %s", version, |
604 |
ldap_err2string (ret)); |
605 |
} |
606 |
|
607 |
#if defined (USE_SSL) |
608 |
if ((ret = ldap_start_tls_s (ld, NULL, NULL)) != LDAP_SUCCESS) |
609 |
log_error ("Warning: Cannot start TLS session to %s: %s", |
610 |
ldap_server, ldap_err2string (ret)); |
611 |
else |
612 |
log_info ("TLS session successfully started to %s", ldap_server); |
613 |
#endif |
614 |
|
615 |
if (ldap_username != NULL && *ldap_username != '\0') |
616 |
{ |
617 |
if ((ret = ldap_simple_bind_s (ld, ldap_username, |
618 |
ldap_password)) != LDAP_SUCCESS) |
619 |
{ |
620 |
log_error ("Error: Cannot login into ldap server %s: %s", ldap_server, |
621 |
ldap_err2string (ret)); |
622 |
ldap_stop(); |
623 |
return; |
624 |
} |
625 |
} |
626 |
|
627 |
#if defined (DEBUG_LDAP) |
628 |
log_info ("Successfully logged into LDAP server %s", ldap_server); |
629 |
#endif |
630 |
} |
631 |
|
632 |
|
633 |
static void |
634 |
parse_external_dns (LDAPMessage * ent) |
635 |
{ |
636 |
char *search[] = {"dhcpOptionsDN", "dhcpSharedNetworkDN", "dhcpSubnetDN", |
637 |
"dhcpGroupDN", "dhcpHostDN", "dhcpClassesDN", |
638 |
"dhcpPoolDN", NULL}; |
639 |
LDAPMessage * newres, * newent; |
640 |
struct ldap_config_stack *ns; |
641 |
char **tempstr; |
642 |
int i, j, ret; |
643 |
#if defined (DEBUG_LDAP) |
644 |
char *dn; |
645 |
|
646 |
dn = ldap_get_dn (ld, ent); |
647 |
if (dn != NULL) |
648 |
{ |
649 |
log_info ("Parsing external DNs for '%s'", dn); |
650 |
ldap_memfree (dn); |
651 |
} |
652 |
#endif |
653 |
|
654 |
if (ld == NULL) |
655 |
ldap_start (); |
656 |
if (ld == NULL) |
657 |
return; |
658 |
|
659 |
for (i=0; search[i] != NULL; i++) |
660 |
{ |
661 |
if ((tempstr = ldap_get_values (ld, ent, search[i])) == NULL) |
662 |
continue; |
663 |
|
664 |
for (j=0; tempstr[j] != NULL; j++) |
665 |
{ |
666 |
if (*tempstr[j] == '\0') |
667 |
continue; |
668 |
|
669 |
if ((ret = ldap_search_s (ld, tempstr[j], LDAP_SCOPE_BASE, |
670 |
"objectClass=*", NULL, 0, |
671 |
&newres)) != LDAP_SUCCESS) |
672 |
{ |
673 |
ldap_value_free (tempstr); |
674 |
ldap_stop(); |
675 |
return; |
676 |
} |
677 |
|
678 |
#if defined (DEBUG_LDAP) |
679 |
log_info ("Adding contents of subtree '%s' to config stack from '%s' reference", tempstr[j], search[i]); |
680 |
#endif |
681 |
for (newent = ldap_first_entry (ld, newres); |
682 |
newent != NULL; |
683 |
newent = ldap_next_entry (ld, newent)) |
684 |
{ |
685 |
#if defined (DEBUG_LDAP) |
686 |
dn = ldap_get_dn (ld, newent); |
687 |
if (dn != NULL) |
688 |
{ |
689 |
log_info ("Adding LDAP result set starting with '%s' to config stack", dn); |
690 |
ldap_memfree (dn); |
691 |
} |
692 |
#endif |
693 |
|
694 |
add_to_config_stack (newres, newent); |
695 |
/* don't free newres here */ |
696 |
} |
697 |
} |
698 |
|
699 |
ldap_value_free (tempstr); |
700 |
} |
701 |
} |
702 |
|
703 |
|
704 |
static void |
705 |
free_stack_entry (struct ldap_config_stack *item) |
706 |
{ |
707 |
struct ldap_config_stack *look_ahead_pointer = item; |
708 |
int may_free_msg = 1; |
709 |
|
710 |
while (look_ahead_pointer->next != NULL) |
711 |
{ |
712 |
look_ahead_pointer = look_ahead_pointer->next; |
713 |
if (look_ahead_pointer->res == item->res) |
714 |
{ |
715 |
may_free_msg = 0; |
716 |
break; |
717 |
} |
718 |
} |
719 |
|
720 |
if (may_free_msg) |
721 |
ldap_msgfree (item->res); |
722 |
|
723 |
dfree (item, MDL); |
724 |
} |
725 |
|
726 |
|
727 |
static void |
728 |
next_ldap_entry (struct parse *cfile) |
729 |
{ |
730 |
struct ldap_config_stack *temp_stack; |
731 |
|
732 |
if (ldap_stack != NULL && ldap_stack->close_brace) |
733 |
{ |
734 |
strncat (cfile->inbuf, "}\n", LDAP_BUFFER_SIZE); |
735 |
ldap_stack->close_brace = 0; |
736 |
} |
737 |
|
738 |
while (ldap_stack != NULL && |
739 |
(ldap_stack->ldent == NULL || |
740 |
(ldap_stack->ldent = ldap_next_entry (ld, ldap_stack->ldent)) == NULL)) |
741 |
{ |
742 |
if (ldap_stack->close_brace) |
743 |
{ |
744 |
strncat (cfile->inbuf, "}\n", LDAP_BUFFER_SIZE); |
745 |
ldap_stack->close_brace = 0; |
746 |
} |
747 |
|
748 |
temp_stack = ldap_stack; |
749 |
ldap_stack = ldap_stack->next; |
750 |
free_stack_entry (temp_stack); |
751 |
} |
752 |
|
753 |
if (ldap_stack != NULL && ldap_stack->close_brace) |
754 |
{ |
755 |
strncat (cfile->inbuf, "}\n", LDAP_BUFFER_SIZE); |
756 |
ldap_stack->close_brace = 0; |
757 |
} |
758 |
} |
759 |
|
760 |
|
761 |
static char |
762 |
check_statement_end (const char *statement) |
763 |
{ |
764 |
char *ptr; |
765 |
|
766 |
if (statement == NULL || *statement == '\0') |
767 |
return ('\0'); |
768 |
|
769 |
/* |
770 |
** check if it ends with "}", e.g.: |
771 |
** "zone my.domain. { ... }" |
772 |
** optionally followed by spaces |
773 |
*/ |
774 |
ptr = strrchr (statement, '}'); |
775 |
if (ptr != NULL) |
776 |
{ |
777 |
/* skip following white-spaces */ |
778 |
for (++ptr; isspace ((int)*ptr); ptr++); |
779 |
|
780 |
/* check if we reached the end */ |
781 |
if (*ptr == '\0') |
782 |
return ('}'); /* yes, block end */ |
783 |
else |
784 |
return (*ptr); |
785 |
} |
786 |
|
787 |
/* |
788 |
** this should not happen, but... |
789 |
** check if it ends with ";", e.g.: |
790 |
** "authoritative;" |
791 |
** optionally followed by spaces |
792 |
*/ |
793 |
ptr = strrchr (statement, ';'); |
794 |
if (ptr != NULL) |
795 |
{ |
796 |
/* skip following white-spaces */ |
797 |
for (++ptr; isspace ((int)*ptr); ptr++); |
798 |
|
799 |
/* check if we reached the end */ |
800 |
if (*ptr == '\0') |
801 |
return (';'); /* ends with a ; */ |
802 |
else |
803 |
return (*ptr); |
804 |
} |
805 |
|
806 |
return ('\0'); |
807 |
} |
808 |
|
809 |
|
810 |
static isc_result_t |
811 |
ldap_parse_entry_options (LDAPMessage *ent, char *buffer, size_t size, |
812 |
int *lease_limit) |
813 |
{ |
814 |
char **tempstr; |
815 |
int i; |
816 |
|
817 |
if (ent == NULL || buffer == NULL || size == 0) |
818 |
return (ISC_R_FAILURE); |
819 |
|
820 |
if ((tempstr = ldap_get_values (ld, ent, "dhcpStatements")) != NULL) |
821 |
{ |
822 |
for (i=0; tempstr[i] != NULL; i++) |
823 |
{ |
824 |
if (lease_limit != NULL && |
825 |
strncasecmp ("lease limit ", tempstr[i], 12) == 0) |
826 |
{ |
827 |
*lease_limit = (int) strtol ((tempstr[i]) + 12, NULL, 10); |
828 |
continue; |
829 |
} |
830 |
|
831 |
strncat (buffer, tempstr[i], size); |
832 |
|
833 |
switch((int) check_statement_end (tempstr[i])) |
834 |
{ |
835 |
case '}': |
836 |
case ';': |
837 |
strncat (buffer, "\n", size); |
838 |
break; |
839 |
default: |
840 |
strncat (buffer, ";\n", size); |
841 |
break; |
842 |
} |
843 |
} |
844 |
ldap_value_free (tempstr); |
845 |
} |
846 |
|
847 |
if ((tempstr = ldap_get_values (ld, ent, "dhcpOption")) != NULL) |
848 |
{ |
849 |
for (i=0; tempstr[i] != NULL; i++) |
850 |
{ |
851 |
strncat (buffer, "option ", size); |
852 |
strncat (buffer, tempstr[i], size); |
853 |
switch ((int) check_statement_end (tempstr[i])) |
854 |
{ |
855 |
case ';': |
856 |
strncat (buffer, "\n", size); |
857 |
break; |
858 |
default: |
859 |
strncat (buffer, ";\n", size); |
860 |
break; |
861 |
} |
862 |
} |
863 |
ldap_value_free (tempstr); |
864 |
} |
865 |
|
866 |
return (ISC_R_SUCCESS); |
867 |
} |
868 |
|
869 |
|
870 |
static void |
871 |
ldap_generate_config_string (struct parse *cfile) |
872 |
{ |
873 |
char **objectClass, *dn; |
874 |
struct ldap_config_stack *entry; |
875 |
LDAPMessage * ent, * res; |
876 |
int i, j, ignore, found; |
877 |
int ret; |
878 |
|
879 |
if (ld == NULL) |
880 |
ldap_start (); |
881 |
if (ld == NULL) |
882 |
return; |
883 |
|
884 |
entry = ldap_stack; |
885 |
if ((objectClass = ldap_get_values (ld, entry->ldent, |
886 |
"objectClass")) == NULL) |
887 |
return; |
888 |
|
889 |
ignore = 0; |
890 |
found = 1; |
891 |
for (i=0; objectClass[i] != NULL; i++) |
892 |
{ |
893 |
if (strcasecmp (objectClass[i], "dhcpSharedNetwork") == 0) |
894 |
ldap_parse_shared_network (entry, cfile); |
895 |
else if (strcasecmp (objectClass[i], "dhcpClass") == 0) |
896 |
ldap_parse_class (entry, cfile); |
897 |
else if (strcasecmp (objectClass[i], "dhcpSubnet") == 0) |
898 |
ldap_parse_subnet (entry, cfile); |
899 |
else if (strcasecmp (objectClass[i], "dhcpPool") == 0) |
900 |
ldap_parse_pool (entry, cfile); |
901 |
else if (strcasecmp (objectClass[i], "dhcpGroup") == 0) |
902 |
ldap_parse_group (entry, cfile); |
903 |
else if (strcasecmp (objectClass[i], "dhcpTSigKey") == 0) |
904 |
ldap_parse_key (entry, cfile); |
905 |
else if (strcasecmp (objectClass[i], "dhcpDnsZone") == 0) |
906 |
ldap_parse_zone (entry, cfile); |
907 |
else if (strcasecmp (objectClass[i], "dhcpHost") == 0) |
908 |
{ |
909 |
if (ldap_method == LDAP_METHOD_STATIC) |
910 |
ldap_parse_host (entry, cfile); |
911 |
else |
912 |
{ |
913 |
ignore = 1; |
914 |
break; |
915 |
} |
916 |
} |
917 |
else if (strcasecmp (objectClass[i], "dhcpSubClass") == 0) |
918 |
{ |
919 |
if (ldap_method == LDAP_METHOD_STATIC) |
920 |
ldap_parse_subclass (entry, cfile); |
921 |
else |
922 |
{ |
923 |
ignore = 1; |
924 |
break; |
925 |
} |
926 |
} |
927 |
else |
928 |
found = 0; |
929 |
|
930 |
if (found && cfile->inbuf[0] == '\0') |
931 |
{ |
932 |
ignore = 1; |
933 |
break; |
934 |
} |
935 |
} |
936 |
|
937 |
ldap_value_free (objectClass); |
938 |
|
939 |
if (ignore) |
940 |
{ |
941 |
next_ldap_entry (cfile); |
942 |
return; |
943 |
} |
944 |
|
945 |
ldap_parse_entry_options(entry->ldent, cfile->inbuf, |
946 |
LDAP_BUFFER_SIZE-1, NULL); |
947 |
|
948 |
dn = ldap_get_dn (ld, entry->ldent); |
949 |
|
950 |
#if defined(DEBUG_LDAP) |
951 |
if (dn != NULL) |
952 |
log_info ("Found LDAP entry '%s'", dn); |
953 |
#endif |
954 |
|
955 |
if (dn == NULL || |
956 |
(ret = ldap_search_s (ld, dn, LDAP_SCOPE_ONELEVEL, "objectClass=*", |
957 |
NULL, 0, &res)) != LDAP_SUCCESS) |
958 |
{ |
959 |
if (dn) |
960 |
ldap_memfree (dn); |
961 |
|
962 |
ldap_stop(); |
963 |
return; |
964 |
} |
965 |
|
966 |
ldap_memfree (dn); |
967 |
|
968 |
if ((ent = ldap_first_entry (ld, res)) != NULL) |
969 |
{ |
970 |
add_to_config_stack (res, ent); |
971 |
parse_external_dns (entry->ldent); |
972 |
} |
973 |
else |
974 |
{ |
975 |
ldap_msgfree (res); |
976 |
parse_external_dns (entry->ldent); |
977 |
next_ldap_entry (cfile); |
978 |
} |
979 |
} |
980 |
|
981 |
|
982 |
static void |
983 |
ldap_close_debug_fd() |
984 |
{ |
985 |
if (ldap_debug_fd != -1) |
986 |
{ |
987 |
close (ldap_debug_fd); |
988 |
ldap_debug_fd = -1; |
989 |
} |
990 |
} |
991 |
|
992 |
|
993 |
static void |
994 |
ldap_write_debug (const void *buff, size_t size) |
995 |
{ |
996 |
if (ldap_debug_fd != -1) |
997 |
{ |
998 |
if (write (ldap_debug_fd, buff, size) < 0) |
999 |
{ |
1000 |
log_error ("Error writing to LDAP debug file %s: %s." |
1001 |
" Disabling log file.", ldap_debug_file, |
1002 |
strerror (errno)); |
1003 |
ldap_close_debug_fd(); |
1004 |
} |
1005 |
} |
1006 |
} |
1007 |
|
1008 |
static int |
1009 |
ldap_read_function (struct parse *cfile) |
1010 |
{ |
1011 |
cfile->inbuf[0] = '\0'; |
1012 |
cfile->buflen = 0; |
1013 |
|
1014 |
if (ldap_stack == NULL && *cfile->inbuf == '\0') |
1015 |
return (EOF); |
1016 |
|
1017 |
if (ldap_stack != NULL && *cfile->inbuf == '\0') |
1018 |
ldap_generate_config_string (cfile); |
1019 |
|
1020 |
cfile->buflen = strlen (cfile->inbuf); |
1021 |
if (cfile->buflen > 0) |
1022 |
ldap_write_debug (cfile->inbuf, cfile->buflen); |
1023 |
|
1024 |
#if defined (DEBUG_LDAP) |
1025 |
log_info ("Sending config line '%s'", cfile->inbuf); |
1026 |
#endif |
1027 |
|
1028 |
cfile->buflen = strlen (cfile->inbuf); |
1029 |
cfile->bufix = 1; |
1030 |
|
1031 |
return (cfile->inbuf[0]); |
1032 |
} |
1033 |
|
1034 |
|
1035 |
static char * |
1036 |
ldap_get_host_name (LDAPMessage * ent) |
1037 |
{ |
1038 |
char **name, *ret; |
1039 |
|
1040 |
ret = NULL; |
1041 |
if ((name = ldap_get_values (ld, ent, "cn")) == NULL || name[0] == NULL) |
1042 |
{ |
1043 |
if (name != NULL) |
1044 |
ldap_value_free (name); |
1045 |
|
1046 |
#if defined (DEBUG_LDAP) |
1047 |
ret = ldap_get_dn (ld, ent); |
1048 |
if (ret != NULL) |
1049 |
{ |
1050 |
log_info ("Cannot get cn attribute for LDAP entry %s", ret); |
1051 |
ldap_memfree(ret); |
1052 |
} |
1053 |
#endif |
1054 |
return (NULL); |
1055 |
} |
1056 |
|
1057 |
ret = dmalloc (strlen (name[0]) + 1, MDL); |
1058 |
strcpy (ret, name[0]); |
1059 |
ldap_value_free (name); |
1060 |
|
1061 |
return (ret); |
1062 |
} |
1063 |
|
1064 |
|
1065 |
static int |
1066 |
getfqhostname(char *fqhost, size_t size) |
1067 |
{ |
1068 |
#if defined(MAXHOSTNAMELEN) |
1069 |
char hname[MAXHOSTNAMELEN]; |
1070 |
#else |
1071 |
char hname[65]; |
1072 |
#endif |
1073 |
struct hostent *hp; |
1074 |
|
1075 |
if(NULL == fqhost || 1 >= size) |
1076 |
return -1; |
1077 |
|
1078 |
memset(hname, 0, sizeof(hname)); |
1079 |
if( gethostname(hname, sizeof(hname)-1)) |
1080 |
return -1; |
1081 |
|
1082 |
if(NULL == (hp = gethostbyname(hname))) |
1083 |
return -1; |
1084 |
|
1085 |
strncpy(fqhost, hp->h_name, size-1); |
1086 |
fqhost[size-1] = '\0'; |
1087 |
return 0; |
1088 |
} |
1089 |
|
1090 |
|
1091 |
isc_result_t |
1092 |
ldap_read_config (void) |
1093 |
{ |
1094 |
LDAPMessage * ldres, * hostres, * ent, * hostent; |
1095 |
char hfilter[1024], sfilter[1024], fqdn[257]; |
1096 |
char *buffer, **tempstr = NULL, *hostdn; |
1097 |
ldap_dn_node *curr = NULL; |
1098 |
struct parse *cfile; |
1099 |
struct utsname unme; |
1100 |
isc_result_t res; |
1101 |
size_t length; |
1102 |
int ret, cnt; |
1103 |
|
1104 |
if (ld == NULL) |
1105 |
ldap_start (); |
1106 |
if (ld == NULL) |
1107 |
return (ldap_server == NULL ? ISC_R_SUCCESS : ISC_R_FAILURE); |
1108 |
|
1109 |
buffer = dmalloc (LDAP_BUFFER_SIZE+1, MDL); |
1110 |
if (buffer == NULL) |
1111 |
return (ISC_R_FAILURE); |
1112 |
|
1113 |
cfile = (struct parse *) NULL; |
1114 |
res = new_parse (&cfile, -1, buffer, LDAP_BUFFER_SIZE, "LDAP", 0); |
1115 |
if (res != ISC_R_SUCCESS) |
1116 |
return (res); |
1117 |
|
1118 |
uname (&unme); |
1119 |
if (ldap_server_cn != NULL) |
1120 |
{ |
1121 |
snprintf (hfilter, sizeof (hfilter), |
1122 |
"(&(objectClass=dhcpServer)(cn=%s))", ldap_server_cn); |
1123 |
} |
1124 |
else |
1125 |
{ |
1126 |
if(0 == getfqhostname(fqdn, sizeof(fqdn))) |
1127 |
{ |
1128 |
snprintf (hfilter, sizeof (hfilter), |
1129 |
"(&(objectClass=dhcpServer)(|(cn=%s)(cn=%s)))", |
1130 |
unme.nodename, fqdn); |
1131 |
} |
1132 |
else |
1133 |
{ |
1134 |
snprintf (hfilter, sizeof (hfilter), |
1135 |
"(&(objectClass=dhcpServer)(cn=%s))", unme.nodename); |
1136 |
} |
1137 |
|
1138 |
} |
1139 |
hostres = NULL; |
1140 |
if ((ret = ldap_search_s (ld, ldap_base_dn, LDAP_SCOPE_SUBTREE, |
1141 |
hfilter, NULL, 0, &hostres)) != LDAP_SUCCESS) |
1142 |
{ |
1143 |
log_error ("Cannot find host LDAP entry %s %s", |
1144 |
((ldap_server_cn == NULL)?(unme.nodename):(ldap_server_cn)), hfilter); |
1145 |
if(NULL != hostres) |
1146 |
ldap_msgfree (hostres); |
1147 |
ldap_stop(); |
1148 |
return (ISC_R_FAILURE); |
1149 |
} |
1150 |
|
1151 |
if ((hostent = ldap_first_entry (ld, hostres)) == NULL) |
1152 |
{ |
1153 |
log_error ("Error: Cannot find LDAP entry matching %s", hfilter); |
1154 |
ldap_msgfree (hostres); |
1155 |
ldap_stop(); |
1156 |
return (ISC_R_FAILURE); |
1157 |
} |
1158 |
|
1159 |
hostdn = ldap_get_dn (ld, hostent); |
1160 |
#if defined(DEBUG_LDAP) |
1161 |
if (hostdn != NULL) |
1162 |
log_info ("Found dhcpServer LDAP entry '%s'", hostdn); |
1163 |
#endif |
1164 |
|
1165 |
if (hostdn == NULL || |
1166 |
(tempstr = ldap_get_values (ld, hostent, "dhcpServiceDN")) == NULL || |
1167 |
tempstr[0] == NULL) |
1168 |
{ |
1169 |
log_error ("Error: Cannot find LDAP entry matching %s", hfilter); |
1170 |
|
1171 |
if (tempstr != NULL) |
1172 |
ldap_value_free (tempstr); |
1173 |
|
1174 |
if (hostdn) |
1175 |
ldap_memfree (hostdn); |
1176 |
ldap_msgfree (hostres); |
1177 |
ldap_stop(); |
1178 |
return (ISC_R_FAILURE); |
1179 |
} |
1180 |
|
1181 |
#if defined(DEBUG_LDAP) |
1182 |
log_info ("LDAP: Parsing dhcpServer options '%s' ...", hostdn); |
1183 |
#endif |
1184 |
|
1185 |
cfile->inbuf[0] = '\0'; |
1186 |
ldap_parse_entry_options(hostent, cfile->inbuf, LDAP_BUFFER_SIZE, NULL); |
1187 |
cfile->buflen = strlen (cfile->inbuf); |
1188 |
if(cfile->buflen > 0) |
1189 |
{ |
1190 |
ldap_write_debug (cfile->inbuf, cfile->buflen); |
1191 |
|
1192 |
res = conf_file_subparse (cfile, root_group, ROOT_GROUP); |
1193 |
if (res != ISC_R_SUCCESS) |
1194 |
{ |
1195 |
log_error ("LDAP: cannot parse dhcpServer entry '%s'", hostdn); |
1196 |
ldap_memfree (hostdn); |
1197 |
ldap_stop(); |
1198 |
return res; |
1199 |
} |
1200 |
cfile->inbuf[0] = '\0'; |
1201 |
} |
1202 |
ldap_msgfree (hostres); |
1203 |
|
1204 |
/* |
1205 |
** attach ldap (tree) read function now |
1206 |
*/ |
1207 |
cfile->bufix = cfile->buflen = 0; |
1208 |
cfile->read_function = ldap_read_function; |
1209 |
|
1210 |
res = ISC_R_SUCCESS; |
1211 |
for (cnt=0; tempstr[cnt] != NULL; cnt++) |
1212 |
{ |
1213 |
snprintf(sfilter, sizeof(sfilter), "(&(objectClass=dhcpService)" |
1214 |
"(|(dhcpPrimaryDN=%s)(dhcpSecondaryDN=%s)))", |
1215 |
hostdn, hostdn); |
1216 |
ldres = NULL; |
1217 |
if ((ret = ldap_search_s (ld, tempstr[cnt], LDAP_SCOPE_BASE, |
1218 |
sfilter, NULL, 0, &ldres)) != LDAP_SUCCESS) |
1219 |
{ |
1220 |
log_error ("Error searching for dhcpServiceDN '%s': %s. Please update the LDAP entry '%s'", |
1221 |
tempstr[cnt], ldap_err2string (ret), hostdn); |
1222 |
if(NULL != ldres) |
1223 |
ldap_msgfree(ldres); |
1224 |
res = ISC_R_FAILURE; |
1225 |
break; |
1226 |
} |
1227 |
|
1228 |
if ((ent = ldap_first_entry (ld, ldres)) == NULL) |
1229 |
{ |
1230 |
log_error ("Error: Cannot find dhcpService DN '%s' with primary or secondary server reference. Please update the LDAP server entry '%s'", |
1231 |
tempstr[cnt], hostdn); |
1232 |
|
1233 |
ldap_msgfree(ldres); |
1234 |
res = ISC_R_FAILURE; |
1235 |
break; |
1236 |
} |
1237 |
|
1238 |
/* |
1239 |
** FIXME: how to free the remembered dn's on exit? |
1240 |
** This should be OK if dmalloc registers the |
1241 |
** memory it allocated and frees it on exit.. |
1242 |
*/ |
1243 |
|
1244 |
curr = dmalloc (sizeof (*curr), MDL); |
1245 |
if (curr != NULL) |
1246 |
{ |
1247 |
length = strlen (tempstr[cnt]); |
1248 |
curr->dn = dmalloc (length + 1, MDL); |
1249 |
if (curr->dn == NULL) |
1250 |
{ |
1251 |
dfree (curr, MDL); |
1252 |
curr = NULL; |
1253 |
} |
1254 |
else |
1255 |
strcpy (curr->dn, tempstr[cnt]); |
1256 |
} |
1257 |
|
1258 |
if (curr != NULL) |
1259 |
{ |
1260 |
curr->refs++; |
1261 |
|
1262 |
/* append to service-dn list */ |
1263 |
if (ldap_service_dn_tail != NULL) |
1264 |
ldap_service_dn_tail->next = curr; |
1265 |
else |
1266 |
ldap_service_dn_head = curr; |
1267 |
|
1268 |
ldap_service_dn_tail = curr; |
1269 |
} |
1270 |
else |
1271 |
log_fatal ("no memory to remember ldap service dn"); |
1272 |
|
1273 |
#if defined (DEBUG_LDAP) |
1274 |
log_info ("LDAP: Parsing dhcpService DN '%s' ...", tempstr[cnt]); |
1275 |
#endif |
1276 |
add_to_config_stack (ldres, ent); |
1277 |
res = conf_file_subparse (cfile, root_group, ROOT_GROUP); |
1278 |
if (res != ISC_R_SUCCESS) |
1279 |
{ |
1280 |
log_error ("LDAP: cannot parse dhcpService entry '%s'", tempstr[cnt]); |
1281 |
break; |
1282 |
} |
1283 |
} |
1284 |
|
1285 |
end_parse (&cfile); |
1286 |
ldap_close_debug_fd(); |
1287 |
|
1288 |
ldap_memfree (hostdn); |
1289 |
ldap_value_free (tempstr); |
1290 |
|
1291 |
if (res != ISC_R_SUCCESS) |
1292 |
{ |
1293 |
struct ldap_config_stack *temp_stack; |
1294 |
|
1295 |
while ((curr = ldap_service_dn_head) != NULL) |
1296 |
{ |
1297 |
ldap_service_dn_head = curr->next; |
1298 |
dfree (curr->dn, MDL); |
1299 |
dfree (curr, MDL); |
1300 |
} |
1301 |
|
1302 |
ldap_service_dn_tail = NULL; |
1303 |
|
1304 |
while ((temp_stack = ldap_stack) != NULL) |
1305 |
{ |
1306 |
ldap_stack = temp_stack->next; |
1307 |
free_stack_entry (temp_stack); |
1308 |
} |
1309 |
|
1310 |
ldap_stop(); |
1311 |
} |
1312 |
|
1313 |
/* Unbind from ldap immediately after reading config in static mode. */ |
1314 |
if (ldap_method == LDAP_METHOD_STATIC) |
1315 |
ldap_stop(); |
1316 |
|
1317 |
return (res); |
1318 |
} |
1319 |
|
1320 |
|
1321 |
/* This function will parse the dhcpOption and dhcpStatements field in the LDAP |
1322 |
entry if it exists. Right now, type will be either HOST_DECL or CLASS_DECL. |
1323 |
If we are parsing a HOST_DECL, this always returns 0. If we are parsing a |
1324 |
CLASS_DECL, this will return what the current lease limit is in LDAP. If |
1325 |
there is no lease limit specified, we return 0 */ |
1326 |
|
1327 |
static int |
1328 |
ldap_parse_options (LDAPMessage * ent, struct group *group, |
1329 |
int type, struct host_decl *host, |
1330 |
struct class **class) |
1331 |
{ |
1332 |
int i, declaration, lease_limit; |
1333 |
char option_buffer[8192]; |
1334 |
enum dhcp_token token; |
1335 |
struct parse *cfile; |
1336 |
isc_result_t res; |
1337 |
const char *val; |
1338 |
|
1339 |
lease_limit = 0; |
1340 |
*option_buffer = '\0'; |
1341 |
|
1342 |
/* This block of code will try to find the parent of the host, and |
1343 |
if it is a group object, fetch the options and apply to the host. */ |
1344 |
if (type == HOST_DECL) |
1345 |
{ |
1346 |
char *hostdn, *basedn, *temp1, *temp2, filter[1024]; |
1347 |
LDAPMessage *groupdn, *entry; |
1348 |
int ret; |
1349 |
|
1350 |
hostdn = ldap_get_dn (ld, ent); |
1351 |
if( hostdn != NULL) |
1352 |
{ |
1353 |
basedn = NULL; |
1354 |
|
1355 |
temp1 = strchr (hostdn, '='); |
1356 |
if (temp1 != NULL) |
1357 |
temp1 = strchr (++temp1, '='); |
1358 |
if (temp1 != NULL) |
1359 |
temp2 = strchr (++temp1, ','); |
1360 |
else |
1361 |
temp2 = NULL; |
1362 |
|
1363 |
if (temp2 != NULL) |
1364 |
{ |
1365 |
snprintf (filter, sizeof(filter), |
1366 |
"(&(cn=%.*s)(objectClass=dhcpGroup))", |
1367 |
(int)(temp2 - temp1), temp1); |
1368 |
|
1369 |
basedn = strchr (temp1, ','); |
1370 |
if (basedn != NULL) |
1371 |
++basedn; |
1372 |
} |
1373 |
|
1374 |
if (basedn != NULL && *basedn != '\0') |
1375 |
{ |
1376 |
ret = ldap_search_s (ld, basedn, LDAP_SCOPE_SUBTREE, |
1377 |
filter, NULL, 0, &groupdn); |
1378 |
if (ret == LDAP_SUCCESS) |
1379 |
{ |
1380 |
if ((entry = ldap_first_entry (ld, groupdn)) != NULL) |
1381 |
{ |
1382 |
res = ldap_parse_entry_options (entry, option_buffer, |
1383 |
sizeof(option_buffer) - 1, |
1384 |
&lease_limit); |
1385 |
if (res != ISC_R_SUCCESS) |
1386 |
{ |
1387 |
/* reset option buffer discarding any results */ |
1388 |
*option_buffer = '\0'; |
1389 |
lease_limit = 0; |
1390 |
} |
1391 |
} |
1392 |
ldap_msgfree( groupdn); |
1393 |
} |
1394 |
} |
1395 |
ldap_memfree( hostdn); |
1396 |
} |
1397 |
} |
1398 |
|
1399 |
res = ldap_parse_entry_options (ent, option_buffer, sizeof(option_buffer) - 1, |
1400 |
&lease_limit); |
1401 |
if (res != ISC_R_SUCCESS) |
1402 |
return (lease_limit); |
1403 |
|
1404 |
option_buffer[sizeof(option_buffer) - 1] = '\0'; |
1405 |
if (*option_buffer == '\0') |
1406 |
return (lease_limit); |
1407 |
|
1408 |
cfile = (struct parse *) NULL; |
1409 |
res = new_parse (&cfile, -1, option_buffer, strlen (option_buffer), |
1410 |
type == HOST_DECL ? "LDAP-HOST" : "LDAP-SUBCLASS", 0); |
1411 |
if (res != ISC_R_SUCCESS) |
1412 |
return (lease_limit); |
1413 |
|
1414 |
#if defined (DEBUG_LDAP) |
1415 |
log_info ("Sending the following options: '%s'", option_buffer); |
1416 |
#endif |
1417 |
|
1418 |
declaration = 0; |
1419 |
do |
1420 |
{ |
1421 |
token = peek_token (&val, NULL, cfile); |
1422 |
if (token == END_OF_FILE) |
1423 |
break; |
1424 |
declaration = parse_statement (cfile, group, type, host, declaration); |
1425 |
} while (1); |
1426 |
|
1427 |
end_parse (&cfile); |
1428 |
|
1429 |
return (lease_limit); |
1430 |
} |
1431 |
|
1432 |
|
1433 |
|
1434 |
int |
1435 |
find_haddr_in_ldap (struct host_decl **hp, int htype, unsigned hlen, |
1436 |
const unsigned char *haddr, const char *file, int line) |
1437 |
{ |
1438 |
char buf[128], *type_str, **tempstr, *addr_str; |
1439 |
LDAPMessage * res, *ent; |
1440 |
struct host_decl * host; |
1441 |
isc_result_t status; |
1442 |
ldap_dn_node *curr; |
1443 |
int ret; |
1444 |
|
1445 |
if (ldap_method == LDAP_METHOD_STATIC) |
1446 |
return (0); |
1447 |
|
1448 |
if (ld == NULL) |
1449 |
ldap_start (); |
1450 |
if (ld == NULL) |
1451 |
return (0); |
1452 |
|
1453 |
switch (htype) |
1454 |
{ |
1455 |
case HTYPE_ETHER: |
1456 |
type_str = "ethernet"; |
1457 |
break; |
1458 |
case HTYPE_IEEE802: |
1459 |
type_str = "token-ring"; |
1460 |
break; |
1461 |
case HTYPE_FDDI: |
1462 |
type_str = "fddi"; |
1463 |
break; |
1464 |
default: |
1465 |
log_info ("Ignoring unknown type %d", htype); |
1466 |
return (0); |
1467 |
} |
1468 |
|
1469 |
/* |
1470 |
** FIXME: It is not guaranteed, that the dhcpHWAddress attribute |
1471 |
** contains _exactly_ "type addr" with one space between! |
1472 |
*/ |
1473 |
snprintf (buf, sizeof (buf), |
1474 |
"(&(objectClass=dhcpHost)(dhcpHWAddress=%s %s))", |
1475 |
type_str, print_hw_addr (htype, hlen, haddr)); |
1476 |
|
1477 |
res = ent = NULL; |
1478 |
for (curr = ldap_service_dn_head; |
1479 |
curr != NULL && *curr->dn != '\0'; |
1480 |
curr = curr->next) |
1481 |
{ |
1482 |
#if defined (DEBUG_LDAP) |
1483 |
log_info ("Searching for %s in LDAP tree %s", buf, curr->dn); |
1484 |
#endif |
1485 |
ret = ldap_search_s (ld, curr->dn, LDAP_SCOPE_SUBTREE, |
1486 |
buf, NULL, 0, &res); |
1487 |
|
1488 |
if(ret == LDAP_SERVER_DOWN) |
1489 |
{ |
1490 |
log_info ("LDAP server was down, trying to reconnect..."); |
1491 |
|
1492 |
ldap_stop(); |
1493 |
ldap_start(); |
1494 |
if(ld == NULL) |
1495 |
{ |
1496 |
log_info ("LDAP reconnect failed - try again later..."); |
1497 |
return (0); |
1498 |
} |
1499 |
|
1500 |
ret = ldap_search_s (ld, curr->dn, LDAP_SCOPE_SUBTREE, |
1501 |
buf, NULL, 0, &res); |
1502 |
} |
1503 |
|
1504 |
if (ret == LDAP_SUCCESS) |
1505 |
{ |
1506 |
if( (ent = ldap_first_entry (ld, res)) != NULL) |
1507 |
break; /* search OK and have entry */ |
1508 |
|
1509 |
#if defined (DEBUG_LDAP) |
1510 |
log_info ("No host entry for %s in LDAP tree %s", |
1511 |
buf, curr->dn); |
1512 |
#endif |
1513 |
if(res) |
1514 |
{ |
1515 |
ldap_msgfree (res); |
1516 |
res = NULL; |
1517 |
} |
1518 |
} |
1519 |
else |
1520 |
{ |
1521 |
if(res) |
1522 |
{ |
1523 |
ldap_msgfree (res); |
1524 |
res = NULL; |
1525 |
} |
1526 |
|
1527 |
if (ret != LDAP_NO_SUCH_OBJECT && ret != LDAP_SUCCESS) |
1528 |
{ |
1529 |
log_error ("Cannot search for %s in LDAP tree %s: %s", buf, |
1530 |
curr->dn, ldap_err2string (ret)); |
1531 |
ldap_stop(); |
1532 |
return (0); |
1533 |
} |
1534 |
#if defined (DEBUG_LDAP) |
1535 |
else |
1536 |
{ |
1537 |
log_info ("ldap_search_s returned %s when searching for %s in %s", |
1538 |
ldap_err2string (ret), buf, curr->dn); |
1539 |
} |
1540 |
#endif |
1541 |
} |
1542 |
} |
1543 |
|
1544 |
if (res && ent) |
1545 |
{ |
1546 |
#if defined (DEBUG_LDAP) |
1547 |
char *dn = ldap_get_dn (ld, ent); |
1548 |
if (dn != NULL) |
1549 |
{ |
1550 |
log_info ("Found dhcpHWAddress LDAP entry %s", dn); |
1551 |
ldap_memfree(dn); |
1552 |
} |
1553 |
#endif |
1554 |
|
1555 |
host = (struct host_decl *)0; |
1556 |
status = host_allocate (&host, MDL); |
1557 |
if (status != ISC_R_SUCCESS) |
1558 |
{ |
1559 |
log_fatal ("can't allocate host decl struct: %s", |
1560 |
isc_result_totext (status)); |
1561 |
ldap_msgfree (res); |
1562 |
return (0); |
1563 |
} |
1564 |
|
1565 |
host->name = ldap_get_host_name (ent); |
1566 |
if (host->name == NULL) |
1567 |
{ |
1568 |
host_dereference (&host, MDL); |
1569 |
ldap_msgfree (res); |
1570 |
return (0); |
1571 |
} |
1572 |
|
1573 |
if (!clone_group (&host->group, root_group, MDL)) |
1574 |
{ |
1575 |
log_fatal ("can't clone group for host %s", host->name); |
1576 |
host_dereference (&host, MDL); |
1577 |
ldap_msgfree (res); |
1578 |
return (0); |
1579 |
} |
1580 |
|
1581 |
ldap_parse_options (ent, host->group, HOST_DECL, host, NULL); |
1582 |
|
1583 |
*hp = host; |
1584 |
ldap_msgfree (res); |
1585 |
return (1); |
1586 |
} |
1587 |
|
1588 |
|
1589 |
if(res) ldap_msgfree (res); |
1590 |
return (0); |
1591 |
} |
1592 |
|
1593 |
|
1594 |
int |
1595 |
find_subclass_in_ldap (struct class *class, struct class **newclass, |
1596 |
struct data_string *data) |
1597 |
{ |
1598 |
LDAPMessage * res, * ent; |
1599 |
int i, ret, lease_limit; |
1600 |
isc_result_t status; |
1601 |
ldap_dn_node *curr; |
1602 |
char buf[1024]; |
1603 |
|
1604 |
if (ldap_method == LDAP_METHOD_STATIC) |
1605 |
return (0); |
1606 |
|
1607 |
if (ld == NULL) |
1608 |
ldap_start (); |
1609 |
if (ld == NULL) |
1610 |
return (0); |
1611 |
|
1612 |
snprintf (buf, sizeof (buf), |
1613 |
"(&(objectClass=dhcpSubClass)(cn=%s)(dhcpClassData=%s))", |
1614 |
print_hex_1 (data->len, data->data, 60), |
1615 |
print_hex_2 (strlen (class->name), class->name, 60)); |
1616 |
#if defined (DEBUG_LDAP) |
1617 |
log_info ("Searching LDAP for %s", buf); |
1618 |
#endif |
1619 |
|
1620 |
res = ent = NULL; |
1621 |
for (curr = ldap_service_dn_head; |
1622 |
curr != NULL && *curr->dn != '\0'; |
1623 |
curr = curr->next) |
1624 |
{ |
1625 |
#if defined (DEBUG_LDAP) |
1626 |
log_info ("Searching for %s in LDAP tree %s", buf, curr->dn); |
1627 |
#endif |
1628 |
ret = ldap_search_s (ld, curr->dn, LDAP_SCOPE_SUBTREE, |
1629 |
buf, NULL, 0, &res); |
1630 |
|
1631 |
if(ret == LDAP_SERVER_DOWN) |
1632 |
{ |
1633 |
log_info ("LDAP server was down, trying to reconnect..."); |
1634 |
|
1635 |
ldap_stop(); |
1636 |
ldap_start(); |
1637 |
|
1638 |
if(ld == NULL) |
1639 |
{ |
1640 |
log_info ("LDAP reconnect failed - try again later..."); |
1641 |
return (0); |
1642 |
} |
1643 |
|
1644 |
ret = ldap_search_s (ld, curr->dn, LDAP_SCOPE_SUBTREE, |
1645 |
buf, NULL, 0, &res); |
1646 |
} |
1647 |
|
1648 |
if (ret == LDAP_SUCCESS) |
1649 |
{ |
1650 |
if( (ent = ldap_first_entry (ld, res)) != NULL) |
1651 |
break; /* search OK and have entry */ |
1652 |
|
1653 |
#if defined (DEBUG_LDAP) |
1654 |
log_info ("No subclass entry for %s in LDAP tree %s", |
1655 |
buf, curr->dn); |
1656 |
#endif |
1657 |
if(res) |
1658 |
{ |
1659 |
ldap_msgfree (res); |
1660 |
res = NULL; |
1661 |
} |
1662 |
} |
1663 |
else |
1664 |
{ |
1665 |
if(res) |
1666 |
{ |
1667 |
ldap_msgfree (res); |
1668 |
res = NULL; |
1669 |
} |
1670 |
|
1671 |
if (ret != LDAP_NO_SUCH_OBJECT && ret != LDAP_SUCCESS) |
1672 |
{ |
1673 |
log_error ("Cannot search for %s in LDAP tree %s: %s", buf, |
1674 |
curr->dn, ldap_err2string (ret)); |
1675 |
ldap_stop(); |
1676 |
return (0); |
1677 |
} |
1678 |
#if defined (DEBUG_LDAP) |
1679 |
else |
1680 |
{ |
1681 |
log_info ("ldap_search_s returned %s when searching for %s in %s", |
1682 |
ldap_err2string (ret), buf, curr->dn); |
1683 |
} |
1684 |
#endif |
1685 |
} |
1686 |
} |
1687 |
|
1688 |
if (res && ent) |
1689 |
{ |
1690 |
#if defined (DEBUG_LDAP) |
1691 |
char *dn = ldap_get_dn (ld, ent); |
1692 |
if (dn != NULL) |
1693 |
{ |
1694 |
log_info ("Found subclass LDAP entry %s", dn); |
1695 |
ldap_memfree(dn); |
1696 |
} |
1697 |
#endif |
1698 |
|
1699 |
status = class_allocate (newclass, MDL); |
1700 |
if (status != ISC_R_SUCCESS) |
1701 |
{ |
1702 |
log_error ("Cannot allocate memory for a new class"); |
1703 |
ldap_msgfree (res); |
1704 |
return (0); |
1705 |
} |
1706 |
|
1707 |
group_reference (&(*newclass)->group, class->group, MDL); |
1708 |
class_reference (&(*newclass)->superclass, class, MDL); |
1709 |
lease_limit = ldap_parse_options (ent, (*newclass)->group, |
1710 |
CLASS_DECL, NULL, newclass); |
1711 |
if (lease_limit == 0) |
1712 |
(*newclass)->lease_limit = class->lease_limit; |
1713 |
else |
1714 |
class->lease_limit = lease_limit; |
1715 |
|
1716 |
if ((*newclass)->lease_limit) |
1717 |
{ |
1718 |
(*newclass)->billed_leases = |
1719 |
dmalloc ((*newclass)->lease_limit * sizeof (struct lease *), MDL); |
1720 |
if (!(*newclass)->billed_leases) |
1721 |
{ |
1722 |
log_error ("no memory for billing"); |
1723 |
class_dereference (newclass, MDL); |
1724 |
ldap_msgfree (res); |
1725 |
return (0); |
1726 |
} |
1727 |
memset ((*newclass)->billed_leases, 0, |
1728 |
((*newclass)->lease_limit * sizeof (*newclass)->billed_leases)); |
1729 |
} |
1730 |
|
1731 |
data_string_copy (&(*newclass)->hash_string, data, MDL); |
1732 |
|
1733 |
ldap_msgfree (res); |
1734 |
return (1); |
1735 |
} |
1736 |
|
1737 |
if(res) ldap_msgfree (res); |
1738 |
return (0); |
1739 |
} |
1740 |
|
1741 |
#endif |