1 diff -urN bind-9.2.3-orig/bin/named/Makefile.in bind-9.2.3/bin/named/Makefile.in
2 --- bind-9.2.3-orig/bin/named/Makefile.in 2001-05-31 18:45:00.000000000 -0600
3 +++ bind-9.2.3/bin/named/Makefile.in 2003-11-16 14:52:51.000000000 -0700
6 # Add database drivers here.
10 +DBDRIVER_OBJS = ldapdb.@O@
11 +DBDRIVER_SRCS = ldapdb.c
14 +DBDRIVER_LIBS = -lldap -llber -lresolv
16 CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include \
17 ${LWRES_INCLUDES} ${DNS_INCLUDES} \
18 diff -urN bind-9.2.3-orig/bin/named/include/ldapdb.h bind-9.2.3/bin/named/include/ldapdb.h
19 --- bind-9.2.3-orig/bin/named/include/ldapdb.h 1969-12-31 17:00:00.000000000 -0700
20 +++ bind-9.2.3/bin/named/include/ldapdb.h 2003-11-16 14:52:51.000000000 -0700
22 +#include <isc/types.h>
24 +isc_result_t ldapdb_init(void);
26 +void ldapdb_clear(void);
28 diff -urN bind-9.2.3-orig/bin/named/ldapdb.c bind-9.2.3/bin/named/ldapdb.c
29 --- bind-9.2.3-orig/bin/named/ldapdb.c 1969-12-31 17:00:00.000000000 -0700
30 +++ bind-9.2.3/bin/named/ldapdb.c 2003-11-16 14:52:51.000000000 -0700
33 + * ldapdb.c version 0.9
35 + * Copyright (C) 2002 Stig Venaas
37 + * Permission to use, copy, modify, and distribute this software for any
38 + * purpose with or without fee is hereby granted, provided that the above
39 + * copyright notice and this permission notice appear in all copies.
43 + * If you are using an old LDAP API uncomment the define below. Only do this
44 + * if you know what you're doing or get compilation errors on ldap_memfree().
46 +/* #define RFC1823API */
56 +#include <isc/print.h>
57 +#include <isc/result.h>
58 +#include <isc/util.h>
59 +#include <isc/thread.h>
63 +#include <named/globals.h>
64 +#include <named/log.h>
70 + * A simple database driver for LDAP
73 +/* enough for name with 8 labels of max length */
74 +#define MAXNAMELEN 519
76 +static dns_sdbimplementation_t *ldapdb = NULL;
91 +/* used by ldapdb_getconn */
93 +struct ldapdb_entry {
97 + struct ldapdb_entry *next;
100 +static struct ldapdb_entry *ldapdb_find(struct ldapdb_entry *stack,
101 + const void *index, size_t size) {
102 + while (stack != NULL) {
103 + if (stack->size == size && !memcmp(stack->index, index, size))
105 + stack = stack->next;
110 +static void ldapdb_insert(struct ldapdb_entry **stack,
111 + struct ldapdb_entry *item) {
112 + item->next = *stack;
116 +static void ldapdb_lock(int what) {
117 + static isc_mutex_t lock;
121 + isc_mutex_init(&lock);
132 +/* data == NULL means cleanup */
134 +ldapdb_getconn(struct ldapdb_data *data)
136 + static struct ldapdb_entry *allthreadsdata = NULL;
137 + struct ldapdb_entry *threaddata, *conndata;
138 + unsigned long threadid;
140 + if (data == NULL) {
142 + /* lock out other threads */
144 + while (allthreadsdata != NULL) {
145 + threaddata = allthreadsdata;
146 + free(threaddata->index);
147 + while (threaddata->data != NULL) {
148 + conndata = threaddata->data;
149 + free(conndata->index);
150 + if (conndata->data != NULL)
151 + ldap_unbind((LDAP *)conndata->data);
152 + threaddata->data = conndata->next;
155 + allthreadsdata = threaddata->next;
162 + /* look for connection data for current thread */
163 + threadid = isc_thread_self();
164 + threaddata = ldapdb_find(allthreadsdata, &threadid, sizeof(threadid));
165 + if (threaddata == NULL) {
166 + /* no data for this thread, create empty connection list */
167 + threaddata = malloc(sizeof(*threaddata));
168 + if (threaddata == NULL)
170 + threaddata->index = malloc(sizeof(threadid));
171 + if (threaddata->index == NULL) {
175 + *(unsigned long *)threaddata->index = threadid;
176 + threaddata->size = sizeof(threadid);
177 + threaddata->data = NULL;
179 + /* need to lock out other threads here */
181 + ldapdb_insert(&allthreadsdata, threaddata);
185 + /* threaddata points at the connection list for current thread */
186 + /* look for existing connection to our server */
187 + conndata = ldapdb_find((struct ldapdb_entry *)threaddata->data,
188 + data->hostport, strlen(data->hostport));
189 + if (conndata == NULL) {
190 + /* no connection data structure for this server, create one */
191 + conndata = malloc(sizeof(*conndata));
192 + if (conndata == NULL)
194 + (char *)conndata->index = data->hostport;
195 + conndata->size = strlen(data->hostport);
196 + conndata->data = NULL;
197 + ldapdb_insert((struct ldapdb_entry **)&threaddata->data,
201 + return (LDAP **)&conndata->data;
205 +ldapdb_bind(struct ldapdb_data *data, LDAP **ldp)
209 + *ldp = ldap_open(data->hostname, data->portno);
212 + if (ldap_simple_bind_s(*ldp, NULL, NULL) != LDAP_SUCCESS) {
219 +ldapdb_search(const char *zone, const char *name, void *dbdata, void *retdata)
221 + struct ldapdb_data *data = dbdata;
222 + isc_result_t result = ISC_R_NOTFOUND;
224 + LDAPMessage *res, *e;
225 + char *fltr, *a, **vals, **names;
232 + int i, j, errno, msgid;
234 + ldp = ldapdb_getconn(data);
236 + return (ISC_R_FAILURE);
237 + if (*ldp == NULL) {
238 + ldapdb_bind(data, ldp);
239 + if (*ldp == NULL) {
240 + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
241 + "LDAP sdb zone '%s': bind failed", zone);
242 + return (ISC_R_FAILURE);
246 + if (name == NULL) {
247 + fltr = data->filterall;
249 + if (strlen(name) > MAXNAMELEN) {
250 + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
251 + "LDAP sdb zone '%s': name %s too long", zone, name);
252 + return (ISC_R_FAILURE);
254 + sprintf(data->filtername, "%s))", name);
255 + fltr = data->filterone;
258 + msgid = ldap_search(*ldp, data->base, LDAP_SCOPE_SUBTREE, fltr, NULL, 0);
260 + ldapdb_bind(data, ldp);
262 + msgid = ldap_search(*ldp, data->base, LDAP_SCOPE_SUBTREE, fltr, NULL, 0);
265 + if (*ldp == NULL || msgid == -1) {
266 + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
267 + "LDAP sdb zone '%s': search failed, filter %s", zone, fltr);
268 + return (ISC_R_FAILURE);
271 + /* Get the records one by one as they arrive and return them to bind */
272 + while ((errno = ldap_result(*ldp, msgid, 0, NULL, &res)) != LDAP_RES_SEARCH_RESULT ) {
274 + int ttl = data->defaultttl;
276 + /* not supporting continuation references at present */
277 + if (errno != LDAP_RES_SEARCH_ENTRY) {
278 + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
279 + "LDAP sdb zone '%s': ldap_result returned %d", zone, errno);
281 + return (ISC_R_FAILURE);
284 + /* only one entry per result message */
285 + e = ldap_first_entry(ld, res);
288 + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
289 + "LDAP sdb zone '%s': ldap_first_entry failed", zone);
290 + return (ISC_R_FAILURE);
293 + if (name == NULL) {
294 + names = ldap_get_values(ld, e, "relativeDomainName");
299 + vals = ldap_get_values(ld, e, "dNSTTL");
300 + if (vals != NULL) {
301 + ttl = atoi(vals[0]);
302 + ldap_value_free(vals);
305 + for (a = ldap_first_attribute(ld, e, &ptr); a != NULL; a = ldap_next_attribute(ld, e, ptr)) {
308 + for (s = a; *s; s++)
310 + s = strstr(a, "RECORD");
311 + if ((s == NULL) || (s == a) || (s - a >= (signed int)sizeof(type))) {
318 + strncpy(type, a, s - a);
319 + type[s - a] = '\0';
320 + vals = ldap_get_values(ld, e, a);
321 + if (vals != NULL) {
322 + for (i = 0; vals[i] != NULL; i++) {
323 + if (name != NULL) {
324 + result = dns_sdb_putrr(retdata, type, ttl, vals[i]);
326 + for (j = 0; names[j] != NULL; j++) {
327 + result = dns_sdb_putnamedrr(retdata, names[j], type, ttl, vals[i]);
328 + if (result != ISC_R_SUCCESS)
332 +; if (result != ISC_R_SUCCESS) {
333 + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
334 + "LDAP sdb zone '%s': dns_sdb_put... failed for %s", zone, vals[i]);
335 + ldap_value_free(vals);
342 + ldap_value_free(names);
344 + return (ISC_R_FAILURE);
347 + ldap_value_free(vals);
358 + ldap_value_free(names);
360 + /* cleanup this result */
368 +/* callback routines */
370 +ldapdb_lookup(const char *zone, const char *name, void *dbdata,
371 + dns_sdblookup_t *lookup)
373 + return ldapdb_search(zone, name, dbdata, lookup);
377 +ldapdb_allnodes(const char *zone, void *dbdata,
378 + dns_sdballnodes_t *allnodes)
380 + return ldapdb_search(zone, NULL, dbdata, allnodes);
386 + static const char hexdigits[] = "0123456789abcdef";
390 + while ((s = strchr(s, '%'))) {
391 + if (!(s[1] && s[2]))
393 + if ((p = strchr(hexdigits, tolower(s[1]))) == NULL)
395 + d1 = p - hexdigits;
396 + if ((p = strchr(hexdigits, tolower(s[2]))) == NULL)
398 + d2 = p - hexdigits;
399 + *s++ = d1 << 4 | d2;
400 + memmove(s, s + 2, strlen(s) - 1);
408 +free_data(struct ldapdb_data *data)
410 + if (data->hostport != NULL)
411 + isc_mem_free(ns_g_mctx, data->hostport);
412 + if (data->hostname != NULL)
413 + isc_mem_free(ns_g_mctx, data->hostname);
414 + if (data->filterall != NULL)
415 + isc_mem_put(ns_g_mctx, data->filterall, data->filteralllen);
416 + if (data->filterone != NULL)
417 + isc_mem_put(ns_g_mctx, data->filterone, data->filteronelen);
418 + isc_mem_put(ns_g_mctx, data, sizeof(struct ldapdb_data));
423 +ldapdb_create(const char *zone, int argc, char **argv,
424 + void *driverdata, void **dbdata)
426 + struct ldapdb_data *data;
427 + char *s, *filter = NULL;
430 + UNUSED(driverdata);
432 + /* we assume that only one thread will call create at a time */
433 + /* want to do this only once for all instances */
436 + || (argv[0] != strstr( argv[0], "ldap://"))
437 + || ((defaultttl = atoi(argv[1])) < 1))
438 + return (ISC_R_FAILURE);
439 + data = isc_mem_get(ns_g_mctx, sizeof(struct ldapdb_data));
441 + return (ISC_R_NOMEMORY);
443 + memset(data, 0, sizeof(struct ldapdb_data));
444 + data->hostport = isc_mem_strdup(ns_g_mctx, argv[0] + strlen("ldap://"));
445 + if (data->hostport == NULL) {
447 + return (ISC_R_NOMEMORY);
450 + data->defaultttl = defaultttl;
452 + s = strchr(data->hostport, '/');
456 + /* attrs, scope, filter etc? */
457 + s = strchr(s, '?');
460 + /* ignore attributes */
461 + s = strchr(s, '?');
465 + s = strchr(s, '?');
470 + s = strchr(s, '?');
474 + if (*filter == '\0') {
480 + if (*data->base == '\0') {
484 + if ((data->base != NULL && unhex(data->base) == NULL) || (filter != NULL && unhex(filter) == NULL)) {
486 + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
487 + "LDAP sdb zone '%s': bad hex values", zone);
488 + return (ISC_R_FAILURE);
492 + /* compute filterall and filterone once and for all */
493 + if (filter == NULL) {
494 + data->filteralllen = strlen(zone) + strlen("(zoneName=)") + 1;
495 + data->filteronelen = strlen(zone) + strlen("(&(zoneName=)(relativeDomainName=))") + MAXNAMELEN + 1;
497 + data->filteralllen = strlen(filter) + strlen(zone) + strlen("(&(zoneName=))") + 1;
498 + data->filteronelen = strlen(filter) + strlen(zone) + strlen("(&(zoneName=)(relativeDomainName=))") + MAXNAMELEN + 1;
501 + data->filterall = isc_mem_get(ns_g_mctx, data->filteralllen);
502 + if (data->filterall == NULL) {
504 + return (ISC_R_NOMEMORY);
506 + data->filterone = isc_mem_get(ns_g_mctx, data->filteronelen);
507 + if (data->filterone == NULL) {
509 + return (ISC_R_NOMEMORY);
512 + if (filter == NULL) {
513 + sprintf(data->filterall, "(zoneName=%s)", zone);
514 + sprintf(data->filterone, "(&(zoneName=%s)(relativeDomainName=", zone);
516 + sprintf(data->filterall, "(&%s(zoneName=%s))", filter, zone);
517 + sprintf(data->filterone, "(&%s(zoneName=%s)(relativeDomainName=", filter, zone);
519 + data->filtername = data->filterone + strlen(data->filterone);
521 + /* support URLs with literal IPv6 addresses */
522 + data->hostname = isc_mem_strdup(ns_g_mctx, data->hostport + (*data->hostport == '[' ? 1 : 0));
523 + if (data->hostname == NULL) {
525 + return (ISC_R_NOMEMORY);
528 + if (*data->hostport == '[' &&
529 + (s = strchr(data->hostname, ']')) != NULL )
532 + s = data->hostname;
533 + s = strchr(s, ':');
536 + data->portno = atoi(s);
538 + data->portno = LDAP_PORT;
541 + return (ISC_R_SUCCESS);
545 +ldapdb_destroy(const char *zone, void *driverdata, void **dbdata) {
546 + struct ldapdb_data *data = *dbdata;
549 + UNUSED(driverdata);
554 +static dns_sdbmethods_t ldapdb_methods = {
556 + NULL, /* authority */
562 +/* Wrapper around dns_sdb_register() */
565 + unsigned int flags =
566 + DNS_SDBFLAG_RELATIVEOWNER |
567 + DNS_SDBFLAG_RELATIVERDATA |
568 + DNS_SDBFLAG_THREADSAFE;
571 + return (dns_sdb_register("ldap", &ldapdb_methods, NULL, flags,
572 + ns_g_mctx, &ldapdb));
575 +/* Wrapper around dns_sdb_unregister() */
577 +ldapdb_clear(void) {
578 + if (ldapdb != NULL) {
579 + /* clean up thread data */
580 + ldapdb_getconn(NULL);
581 + dns_sdb_unregister(&ldapdb);
584 diff -urN bind-9.2.3-orig/bin/named/main.c bind-9.2.3/bin/named/main.c
585 --- bind-9.2.3-orig/bin/named/main.c 2003-10-09 01:32:33.000000000 -0600
586 +++ bind-9.2.3/bin/named/main.c 2003-11-16 14:52:51.000000000 -0700
588 * Include header files for database drivers here.
590 /* #include "xxdb.h" */
593 static isc_boolean_t want_stats = ISC_FALSE;
594 static char program_name[ISC_DIR_NAMEMAX] = "named";
596 * Add calls to register sdb drivers here.
601 ns_server_create(ns_g_mctx, &ns_g_server);
604 * Add calls to unregister sdb drivers here.
609 isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN,
610 ISC_LOG_NOTICE, "exiting");
611 diff -urN bind-9.2.3-orig/doc/INSTALL.sdb-ldap bind-9.2.3/doc/INSTALL.sdb-ldap
612 --- bind-9.2.3-orig/doc/INSTALL.sdb-ldap 1969-12-31 17:00:00.000000000 -0700
613 +++ bind-9.2.3/doc/INSTALL.sdb-ldap 2003-11-16 14:53:32.000000000 -0700
615 +This is the INSTALL file for 0.9. See
616 +http://www.venaas.no/ldap/bind-sdb/ for updates or other information.
620 +You need the source for BIND 9.1.0 or newer (for zone transfers you
621 +will need at least 9.1.1rc3 due to a bug). Basically you need to follow
622 +the instructions in doc/misc/sdb, if my instructions doesn't make sense,
623 +please have a look at that as well.
625 +Copy ldapdb.c to bin/named and ldapdb.h to bin/named/include in the
628 +Next alter bin/named/Makefile.in. Add ldapdb.@O@ to DBDRIVER_OBJS and
629 +ldapdb.c to DBDRIVER_SRCS. You also need to add something like
630 +-I/usr/local/include to DBDRIVER_INCLUDES and
631 +-L/usr/local/lib -lldap -llber -lresolv to DBDRIVER_LIBS
632 +depending on what LDAP library you have and where you installed it.
634 +Finally you need to edit bin/named/main.c. Below where it says
635 +"#include "xxdb.h"", add the line "#include <ldapdb.h>". Below where
636 +it says "xxdb_init();" add the line "ldapdb_init();", and finally
637 +below where it says "xxdb_clear();", add "ldapdb_clear();".
639 +Now you should hopefully be able to build it. If you get an error
640 +message about ldap_memfree() not being defined, you're probably
641 +using an LDAP library with the interface defined in RFC 1823. To
642 +build, uncomment the #define RFC1823API line near the top of ldapdb.c.
647 +Before you do any configuring of LDAP stuff, please try to configure
648 +and start bind as usual to see if things work.
650 +To do anything useful, you need to store a zone in some LDAP server.
651 +From this release on, you must use a schema called dNSZone. Note that
652 +it relies on some attribute definitions in the Cosine schema, so that
653 +must be included as well. The Cosine schema probably comes with your
654 +LDAP server. You can find dNSZone and further details on how to store
655 +the data in your LDAP server at
656 +http://www.venaas.no/ldap/bind-sdb/
658 +For an example, have a look at my venaas.com zone. Try a subtree search
659 +for objectClass=* at
660 +ldap ldap://129.241.20.67/dc=venaas,dc=com,o=DNS,dc=venaas,dc=no
662 +To use it with BIND, I've added the following to named.conf:
665 + database "ldap ldap://129.241.20.67/dc=venaas,dc=com,o=DNS,dc=venaas,dc=no 172800";
668 +When doing lookups BIND will do a sub-tree search below the base in the
669 +URL. The number 172800 is the TTL which will be used for all entries that
670 +haven't got the dNSTTL attribute. It is also possible to add an filter to
671 +the URL, say ldap://host/base???(o=internal)
673 +Stig Venaas <venaas@uninett.no> 2002-04-17
674 diff -urN bind-9.2.3-orig/doc/README.sdb-ldap bind-9.2.3/doc/README.sdb-ldap
675 --- bind-9.2.3-orig/doc/README.sdb-ldap 1969-12-31 17:00:00.000000000 -0700
676 +++ bind-9.2.3/doc/README.sdb-ldap 2003-11-16 14:53:18.000000000 -0700
678 +This is an attempt at an LDAP back-end for BIND 9 using the new simplified
679 +database interface "sdb". This is the nineth release (0.9) and seems to
680 +be pretty stable. Note that since version 0.4 a new schema is used.
681 +It is not backwards compatible with versions before 0.4.
683 +In 0.9 the code has been cleaned up a bit and should be slightly faster
684 +than previous versions. It also fixes an error with zone transfers (AXFR)
685 +and entries with multiple relativeDomainName values. The problem was
686 +that it would only use the first value in the result. There's no need
687 +to upgrade unless you use such entries.
689 +0.8 uses asynchronous LDAP search which should give better performance.
690 +Thanks to Ashley Burston for providing patch. Another new feature is
691 +allowing filters in URLs. The syntax is as in RFC 2255. Few people will
692 +need this, but if you have say an internal and external version of the
693 +same zone, you could stick say o=internal and o=external into different
694 +entries, and specify for instance ldap://host/base???(o=internal)
695 +Some error logging has also been added.
697 +0.7 allows space and other characters to be used in URLs by use of %-quoting.
698 +For instance space can be written as %20. It also fixes a problem with some
699 +servers and/or APIs that do not preserve attribute casing.
701 +0.6 fixes some memory leaks present in older versions unless compiled with
704 +The big changes in 0.5 are thread support and improved connection handling.
705 +Multiple threads can now access the back-end simultaneously, and rather than
706 +having one connection per zone, there is now one connection per thread per
707 +LDAP server. This should help people with multiple CPUs and people with a
708 +huge number of zones. One final change is support for literal IPv6 addresses
709 +in LDAP URLs. At least OpenLDAP 2 has IPv6 support, so if you use OpenLDAP 2
710 +libraries and server, you got all you need.
712 +If you have bug reports, fixes, comments, questions or whatever, please
713 +contact me. See also http://www.venaas.no/ldap/bind-sdb/ for information.
715 +See INSTALL for how to build, install and use.
717 +Stig Venaas <venaas@uninett.no> 2001-12-29