-diff -up dhcp-4.0.0/server/Makefile.am.ldap dhcp-4.0.0/server/Makefile.am
---- dhcp-4.0.0/server/Makefile.am.ldap 2007-05-29 06:32:11.000000000 -1000
-+++ dhcp-4.0.0/server/Makefile.am 2008-01-22 15:09:56.000000000 -1000
-@@ -4,12 +4,10 @@ dist_sysconf_DATA = dhcpd.conf
- sbin_PROGRAMS = dhcpd
- dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c confpars.c db.c class.c failover.c \
- omapi.c mdb.c stables.c salloc.c ddns.c dhcpleasequery.c \
-- dhcpv6.c mdb6.c
-+ dhcpv6.c mdb6.c ldap.c ldap_casa.c
+diff -up dhcp-4.0.1/common/conflex.c.ldap dhcp-4.0.1/common/conflex.c
+--- dhcp-4.0.1/common/conflex.c.ldap 2008-03-07 10:17:52.000000000 -1000
++++ dhcp-4.0.1/common/conflex.c 2009-07-08 07:24:34.000000000 -1000
+@@ -43,6 +43,7 @@ static enum dhcp_token read_string PROTO
+ static enum dhcp_token read_number PROTO ((int, struct parse *));
+ static enum dhcp_token read_num_or_name PROTO ((int, struct parse *));
+ static enum dhcp_token intern PROTO ((char *, enum dhcp_token));
++static int read_function PROTO ((struct parse *));
--# libomapi.a this is here twice to handle circular library dependencies :(
--dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a ../dst/libdst.a \
-- ../dhcpctl/libdhcpctl.a ../minires/libres.a \
-- ../omapip/libomapi.a
-+dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a ../minires/libres.a \
-+ ../dhcpctl/libdhcpctl.a ../dst/libdstnomd5.a -lldap
+ isc_result_t new_parse (cfile, file, inbuf, buflen, name, eolp)
+ struct parse **cfile;
+@@ -73,6 +74,10 @@ isc_result_t new_parse (cfile, file, inb
+ tmp->file = file;
+ tmp->eol_token = eolp;
- man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5
- EXTRA_DIST = $(man_MANS)
-diff -up dhcp-4.0.0/server/mdb.c.ldap dhcp-4.0.0/server/mdb.c
---- dhcp-4.0.0/server/mdb.c.ldap 2007-11-30 11:51:43.000000000 -1000
-+++ dhcp-4.0.0/server/mdb.c 2008-01-22 15:09:56.000000000 -1000
-@@ -600,6 +600,12 @@ int find_hosts_by_haddr (struct host_dec
- const char *file, int line)
++ if (file != -1) {
++ tmp -> read_function = read_function;
++ }
++
+ if (inbuf != NULL) {
+ tmp->inbuf = inbuf;
+ tmp->buflen = buflen;
+@@ -177,9 +182,13 @@ static int get_char (cfile)
+ /* My kingdom for WITH... */
+ int c;
+
+- if (cfile->bufix == cfile->buflen)
+- c = EOF;
+- else {
++ if (cfile->bufix == cfile->buflen) {
++ if (cfile -> read_function) {
++ c = cfile -> read_function (cfile);
++ } else {
++ c = EOF;
++ }
++ } else {
+ c = cfile->inbuf [cfile->bufix];
+ cfile->bufix++;
+ }
+@@ -1422,3 +1431,25 @@ intern(char *atom, enum dhcp_token dfv)
+ }
+ return dfv;
+ }
++
++static int
++read_function (struct parse * cfile)
++{
++ int c;
++
++ ssize_t n = read (cfile -> file, cfile -> inbuf, cfile -> bufsiz);
++ if (n == 0) {
++ c = EOF;
++ cfile -> bufix = 0;
++ cfile -> buflen = 0;
++ } else if (n < 0) {
++ c = EOF;
++ cfile -> bufix = cfile -> buflen = 0;
++ } else {
++ c = cfile -> inbuf [0];
++ cfile -> bufix = 1;
++ cfile -> buflen = n;
++ }
++
++ return c;
++}
+diff -up dhcp-4.0.1/common/print.c.ldap dhcp-4.0.1/common/print.c
+--- dhcp-4.0.1/common/print.c.ldap 2007-10-01 04:47:35.000000000 -1000
++++ dhcp-4.0.1/common/print.c 2009-07-08 07:24:34.000000000 -1000
+@@ -163,9 +163,9 @@ char *print_base64 (const unsigned char
+ }
+
+ char *print_hw_addr (htype, hlen, data)
+- int htype;
+- int hlen;
+- unsigned char *data;
++ const int htype;
++ const int hlen;
++ const unsigned char *data;
{
- struct hardware h;
-+ int ret;
+ static char habuf [49];
+ char *s;
+diff -up dhcp-4.0.1/configure.ac.ldap dhcp-4.0.1/configure.ac
+--- dhcp-4.0.1/configure.ac.ldap 2008-12-23 09:01:39.000000000 -1000
++++ dhcp-4.0.1/configure.ac 2009-07-08 07:24:34.000000000 -1000
+@@ -284,6 +284,33 @@ AC_CHECK_MEMBER(struct msghdr.msg_contro
+ #include <sys/socket.h>
+ ])
+
++# OpenLDAP support in dhcpd is disabled by default
++AC_ARG_WITH(ldap,
++ AC_HELP_STRING([--with-ldap],
++ [enable OpenLDAP support in dhcpd (default is no)]),
++ [ldap=$withval],
++ [ldap=no])
++if test x$ldap = xyes ; then
++ AC_CHECK_LIB([ldap], [ldap_initialize], [],
++ [AC_MSG_FAILURE([*** libldap not usable.])])
++
++ ldap_libs="-lldap"
++ AC_SUBST(LDAP_CFLAGS, [-DLDAP_CONFIGURATION])
++ AC_SUBST(LDAP_LIBS, [$ldap_libs])
++fi
++
++# OpenLDAP with SSL support is optional
++AC_ARG_WITH(ldapcrypto,
++ AC_HELP_STRING([--with-ldapcrypto],
++ [enable OpenLDAP crypto support in dhcpd (default is no)]),
++ [ldapcrypto=$withval],
++ [ldapcrypto=no])
++if test x$ldapcrypto = xyes ; then
++ AC_SUBST(LDAPSSL_CFLAGS, [-DUSE_SSL])
++fi
++
++AM_CONDITIONAL(USE_LDAP, [test x$ldap == xyes])
++
+ # Append selected warning levels to CFLAGS before substitution (but after
+ # AC_TRY_COMPILE & etc).
+ CFLAGS="$CFLAGS $STD_CWARNINGS"
+diff -up dhcp-4.0.1/dst/Makefile.am.ldap dhcp-4.0.1/dst/Makefile.am
+--- dhcp-4.0.1/dst/Makefile.am.ldap 2007-05-29 06:32:10.000000000 -1000
++++ dhcp-4.0.1/dst/Makefile.am 2009-07-08 07:24:34.000000000 -1000
+@@ -2,7 +2,11 @@ AM_CPPFLAGS = -DMINIRES_LIB -DHMAC_MD5
+
+ lib_LIBRARIES = libdst.a
+
+-libdst_a_SOURCES = dst_support.c dst_api.c hmac_link.c md5_dgst.c \
++libdst_a_SOURCES = dst_support.c dst_api.c hmac_link.c \
+ base64.c prandom.c
+
++if USE_LDAP
++libdst_a_SOURCES += md5_dgst.c
++endif
+
+ EXTRA_DIST = dst_internal.h md5.h md5_locl.h
+diff -up dhcp-4.0.1/includes/dhcpd.h.ldap dhcp-4.0.1/includes/dhcpd.h
+--- dhcp-4.0.1/includes/dhcpd.h.ldap 2008-02-08 08:46:34.000000000 -1000
++++ dhcp-4.0.1/includes/dhcpd.h 2009-07-08 07:26:37.000000000 -1000
+@@ -102,6 +102,11 @@ typedef time_t TIME;
+ #include <isc-dhcp/result.h>
+ #include <omapip/omapip_p.h>
+
+#if defined(LDAP_CONFIGURATION)
-+ if ((ret = find_haddr_in_ldap (hp, htype, hlen, haddr, file, line)))
-+ return ret;
++# include <ldap.h>
++# include <sys/utsname.h> /* for uname() */
+#endif
++
+ #if !defined (BYTE_NAME_HASH_SIZE)
+ # define BYTE_NAME_HASH_SIZE 401 /* Default would be ridiculous. */
+ #endif
+@@ -291,6 +296,8 @@ struct parse {
+ size_t bufsiz;
- h.hlen = hlen + 1;
- h.hbuf [0] = htype;
-diff -up /dev/null dhcp-4.0.0/server/ldap_casa.c
---- /dev/null 2008-01-19 23:52:35.158021373 -1000
-+++ dhcp-4.0.0/server/ldap_casa.c 2008-01-22 15:09:56.000000000 -1000
-@@ -0,0 +1,138 @@
-+/* ldap_casa.c
+ struct parse *saved_state;
++
++ int (*read_function) (struct parse *);
+ };
+
+ /* Variable-length array of data. */
+@@ -422,6 +429,32 @@ struct hardware {
+ u_int8_t hbuf [17];
+ };
+
++#if defined(LDAP_CONFIGURATION)
++# define LDAP_BUFFER_SIZE 8192
++# define LDAP_METHOD_STATIC 0
++# define LDAP_METHOD_DYNAMIC 1
++#if defined (USE_SSL)
++# define LDAP_SSL_OFF 0
++# define LDAP_SSL_ON 1
++# define LDAP_SSL_TLS 2
++# define LDAP_SSL_LDAPS 3
++#endif
++
++/* This is a tree of the current configuration we are building from LDAP */
++struct ldap_config_stack {
++ LDAPMessage * res; /* Pointer returned from ldap_search */
++ LDAPMessage * ldent; /* Current item in LDAP that we're processing.
++ in res */
++ int close_brace; /* Put a closing } after we're through with
++ this item */
++ int processed; /* We set this flag if this base item has been
++ processed. After this base item is processed,
++ we can start processing the children */
++ struct ldap_config_stack *children;
++ struct ldap_config_stack *next;
++};
++#endif
++
+ typedef enum {
+ server_startup = 0,
+ server_running = 1,
+@@ -627,6 +660,29 @@ struct lease_state {
+ # define DEFAULT_PING_TIMEOUT 1
+ #endif
+
++#if defined(LDAP_CONFIGURATION)
++# define SV_LDAP_SERVER 57
++# define SV_LDAP_PORT 58
++# define SV_LDAP_USERNAME 59
++# define SV_LDAP_PASSWORD 60
++# define SV_LDAP_BASE_DN 61
++# define SV_LDAP_METHOD 62
++# define SV_LDAP_DEBUG_FILE 63
++# define SV_LDAP_DHCP_SERVER_CN 64
++# define SV_LDAP_REFERRALS 65
++#if defined (USE_SSL)
++# define SV_LDAP_SSL 66
++# define SV_LDAP_TLS_REQCERT 67
++# define SV_LDAP_TLS_CA_FILE 68
++# define SV_LDAP_TLS_CA_DIR 69
++# define SV_LDAP_TLS_CERT 70
++# define SV_LDAP_TLS_KEY 71
++# define SV_LDAP_TLS_CRLCHECK 72
++# define SV_LDAP_TLS_CIPHERS 73
++# define SV_LDAP_TLS_RANDFILE 74
++#endif
++#endif
++
+ #if !defined (DEFAULT_DEFAULT_LEASE_TIME)
+ # define DEFAULT_DEFAULT_LEASE_TIME 43200
+ #endif
+@@ -2036,7 +2092,7 @@ extern int db_time_format;
+ char *quotify_string (const char *, const char *, int);
+ char *quotify_buf (const unsigned char *, unsigned, const char *, int);
+ char *print_base64 (const unsigned char *, unsigned, const char *, int);
+-char *print_hw_addr PROTO ((int, int, unsigned char *));
++char *print_hw_addr PROTO ((const int, const int, const unsigned char *));
+ void print_lease PROTO ((struct lease *));
+ void dump_raw PROTO ((const unsigned char *, unsigned));
+ void dump_packet_option (struct option_cache *, struct packet *,
+@@ -3159,6 +3215,20 @@ OMAPI_OBJECT_ALLOC_DECL (dhcp_failover_l
+
+ const char *binding_state_print (enum failover_state);
+
++/* ldap.c */
++#if defined(LDAP_CONFIGURATION)
++extern struct enumeration ldap_methods;
++#if defined (USE_SSL)
++extern struct enumeration ldap_ssl_usage_enum;
++extern struct enumeration ldap_tls_reqcert_enum;
++extern struct enumeration ldap_tls_crlcheck_enum;
++#endif
++isc_result_t ldap_read_config (void);
++int find_haddr_in_ldap (struct host_decl **, int, unsigned,
++ const unsigned char *, const char *, int);
++int find_subclass_in_ldap (struct class *, struct class **,
++ struct data_string *);
++#endif
+
+ /* mdb6.c */
+ HASH_FUNCTIONS_DECL(ia_na, unsigned char *, struct ia_na, ia_na_hash_t);
+diff -up /dev/null dhcp-4.0.1/includes/ldap_casa.h
+--- /dev/null 2009-07-08 03:35:30.103138421 -1000
++++ dhcp-4.0.1/includes/ldap_casa.h 2009-07-08 07:24:34.000000000 -1000
+@@ -0,0 +1,83 @@
++/* ldap_casa.h
+
-+ CASA routines for DHCPD... */
++ Definition for CASA modules... */
+
+/* Copyright (c) 2004 Internet Systems Consorium, Inc. ("ISC")
+ * Copyright (c) 1995-2003 Internet Software Consortium.
+ */
+
+#if defined(LDAP_CASA_AUTH)
-+#include "ldap_casa.h"
-+#include "dhcpd.h"
-+
-+int
-+load_casa (void)
-+{
-+ if( !(casaIDK = dlopen(MICASA_LIB,RTLD_LAZY)))
-+ return 0;
-+ p_miCASAGetCredential = (CASA_GetCredential_T) dlsym(casaIDK, "miCASAGetCredential");
-+ p_miCASASetCredential = (CASA_SetCredential_T) dlsym(casaIDK, "miCASASetCredential");
-+ p_miCASARemoveCredential = (CASA_RemoveCredential_T) dlsym(casaIDK, "miCASARemoveCredential");
-+
-+ if((p_miCASAGetCredential == NULL) ||
-+ (p_miCASASetCredential == NULL) ||
-+ (p_miCASARemoveCredential == NULL))
-+ {
-+ if(casaIDK)
-+ dlclose(casaIDK);
-+ casaIDK = NULL;
-+ p_miCASAGetCredential = NULL;
-+ p_miCASASetCredential = NULL;
-+ p_miCASARemoveCredential = NULL;
-+ return 0;
-+ }
-+ else
-+ return 1;
-+}
++#ifndef __LDAP_CASA_H__
++#define __LDAP_CASA_H__
+
-+static void
-+release_casa(void)
-+{
-+ if(casaIDK)
-+ {
-+ dlclose(casaIDK);
-+ casaIDK = NULL;
-+ }
++#include <micasa_mgmd.h>
++#include <dlfcn.h>
++#include <string.h>
+
-+ p_miCASAGetCredential = NULL;
-+ p_miCASASetCredential = NULL;
-+ p_miCASARemoveCredential = NULL;
++#define MICASA_LIB "libmicasa.so.1"
+
-+}
++SSCS_TYPEDEF_LIBCALL(int, CASA_GetCredential_T)
++(
++ uint32_t ssFlags,
++ SSCS_SECRET_ID_T *appSecretID,
++ SSCS_SECRET_ID_T *sharedSecretID,
++ uint32_t *credentialType,
++ void *credential,
++ SSCS_EXT_T *ext
++);
++SSCS_TYPEDEF_LIBCALL(int, CASA_SetCredential_T)
++(
++ uint32_t ssFlags,
++ SSCS_SECRET_ID_T *appSecretID,
++ SSCS_SECRET_ID_T *sharedSecretID,
++ uint32_t credentialType,
++ void *credential,
++ SSCS_EXT_T *ext
++);
+
-+int
-+load_uname_pwd_from_miCASA (char **ldap_username, char **ldap_password)
-+ {
-+ int result = 0;
-+ uint32_t credentialtype = SSCS_CRED_TYPE_SERVER_F;
-+ SSCS_BASIC_CREDENTIAL credential;
-+ SSCS_SECRET_ID_T applicationSecretId;
-+ char *tempVar = NULL;
-+
-+ const char applicationName[10] = "dhcp-ldap";
-+
-+ if ( load_casa() )
-+ {
-+ memset(&credential, 0, sizeof(SSCS_BASIC_CREDENTIAL));
-+ memset(&applicationSecretId, 0, sizeof(SSCS_SECRET_ID_T));
-+
-+ applicationSecretId.len = strlen(applicationName) + 1;
-+ memcpy (applicationSecretId.id, applicationName, applicationSecretId.len);
-+
-+ credential.unFlags = USERNAME_TYPE_CN_F;
++SSCS_TYPEDEF_LIBCALL(int, CASA_RemoveCredential_T)
++(
++ uint32_t ssFlags,
++ SSCS_SECRET_ID_T *appSecretID,
++ SSCS_SECRET_ID_T *sharedSecretID,
++ SSCS_EXT_T *ext
++);
++static CASA_GetCredential_T p_miCASAGetCredential = NULL;
++static CASA_SetCredential_T p_miCASASetCredential = NULL;
++static CASA_RemoveCredential_T p_miCASARemoveCredential = NULL;
++static void *casaIDK = NULL;
+
-+ result = p_miCASAGetCredential (0,
-+ &applicationSecretId,NULL,&credentialtype,
-+ &credential,NULL);
++int load_casa(void);
++static void release_casa(void);
++int load_uname_pwd_from_miCASA(char **, char **);
+
-+ if(credential.unLen)
-+ {
-+ tempVar = dmalloc (credential.unLen + 1, MDL);
-+ if (!tempVar)
-+ log_fatal ("no memory for ldap_username");
-+ memcpy(tempVar , credential.username, credential.unLen);
-+ *ldap_username = tempVar;
++#endif /* __LDAP_CASA_H__ */
++#endif /* LDAP_CASA_AUTH */
+
-+ tempVar = dmalloc (credential.pwordLen + 1, MDL);
-+ if (!tempVar)
-+ log_fatal ("no memory for ldap_password");
-+ memcpy(tempVar, credential.password, credential.pwordLen);
-+ *ldap_password = tempVar;
+diff -up dhcp-4.0.1/server/Makefile.am.ldap dhcp-4.0.1/server/Makefile.am
+--- dhcp-4.0.1/server/Makefile.am.ldap 2007-05-29 06:32:11.000000000 -1000
++++ dhcp-4.0.1/server/Makefile.am 2009-07-08 07:24:34.000000000 -1000
+@@ -4,12 +4,11 @@ dist_sysconf_DATA = dhcpd.conf
+ sbin_PROGRAMS = dhcpd
+ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c confpars.c db.c class.c failover.c \
+ omapi.c mdb.c stables.c salloc.c ddns.c dhcpleasequery.c \
+- dhcpv6.c mdb6.c
++ dhcpv6.c mdb6.c ldap.c ldap_casa.c
+
+-# libomapi.a this is here twice to handle circular library dependencies :(
+-dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a ../dst/libdst.a \
+- ../dhcpctl/libdhcpctl.a ../minires/libres.a \
+- ../omapip/libomapi.a
++dhcpd_CFLAGS = $(LDAP_CFLAGS) $(LDAPSSL_CFLAGS)
++dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a ../minires/libres.a \
++ ../dhcpctl/libdhcpctl.a ../dst/libdst.a $(LDAP_LIBS)
+
+ man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5
+ EXTRA_DIST = $(man_MANS)
+diff -up dhcp-4.0.1/server/class.c.ldap dhcp-4.0.1/server/class.c
+--- dhcp-4.0.1/server/class.c.ldap 2007-09-05 07:32:10.000000000 -1000
++++ dhcp-4.0.1/server/class.c 2009-07-08 07:24:34.000000000 -1000
+@@ -84,6 +84,7 @@ int check_collection (packet, lease, col
+ int matched = 0;
+ int status;
+ int ignorep;
++ int classfound;
+
+ for (class = collection -> classes; class; class = class -> nic) {
+ #if defined (DEBUG_CLASS_MATCHING)
+@@ -129,9 +130,15 @@ int check_collection (packet, lease, col
+ class -> submatch, MDL));
+ if (status && data.len) {
+ nc = (struct class *)0;
+- if (class_hash_lookup (&nc, class -> hash,
+- (const char *)data.data,
+- data.len, MDL)) {
++ classfound = class_hash_lookup (&nc, class -> hash,
++ (const char *)data.data, data.len, MDL);
+
-+#if defined (DEBUG_LDAP)
-+ log_info ("Authentication credential taken from CASA");
++#ifdef LDAP_CONFIGURATION
++ if (!classfound && find_subclass_in_ldap (class, &nc, &data))
++ classfound = 1;
+#endif
+
-+ release_casa();
-+ return 1;
-+
-+ }
-+ else
-+ {
-+ release_casa();
-+ return 0;
-+ }
-+ }
-+ else
-+ return 0; //casa libraries not loaded
-+ }
++ if (classfound) {
+ #if defined (DEBUG_CLASS_MATCHING)
+ log_info ("matches subclass %s.",
+ print_hex_1 (data.len,
+diff -up dhcp-4.0.1/server/confpars.c.ldap dhcp-4.0.1/server/confpars.c
+--- dhcp-4.0.1/server/confpars.c.ldap 2008-03-07 10:17:52.000000000 -1000
++++ dhcp-4.0.1/server/confpars.c 2009-07-08 07:24:34.000000000 -1000
+@@ -60,7 +60,17 @@ void parse_trace_setup ()
+
+ isc_result_t readconf ()
+ {
+- return read_conf_file (path_dhcpd_conf, root_group, ROOT_GROUP, 0);
++ isc_result_t res;
+
-+#endif /* LDAP_CASA_AUTH */
++ res = read_conf_file (path_dhcpd_conf, root_group, ROOT_GROUP, 0);
++#if defined(LDAP_CONFIGURATION)
++ if (res != ISC_R_SUCCESS)
++ return (res);
+
-diff -up dhcp-4.0.0/server/dhcpd.c.ldap dhcp-4.0.0/server/dhcpd.c
---- dhcp-4.0.0/server/dhcpd.c.ldap 2007-11-30 11:51:43.000000000 -1000
-+++ dhcp-4.0.0/server/dhcpd.c 2008-01-22 15:09:56.000000000 -1000
-@@ -505,6 +505,14 @@ main(int argc, char **argv) {
++ return ldap_read_config ();
++#else
++ return (res);
++#endif
+ }
+
+ isc_result_t read_conf_file (const char *filename, struct group *group,
+diff -up dhcp-4.0.1/server/dhcpd.c.ldap dhcp-4.0.1/server/dhcpd.c
+--- dhcp-4.0.1/server/dhcpd.c.ldap 2008-03-18 08:29:16.000000000 -1000
++++ dhcp-4.0.1/server/dhcpd.c 2009-07-08 07:24:34.000000000 -1000
+@@ -507,6 +507,14 @@ main(int argc, char **argv) {
/* Add the ddns update style enumeration prior to parsing. */
add_enumeration (&ddns_styles);
add_enumeration (&syslog_enum);
if (!group_allocate (&root_group, MDL))
log_fatal ("Can't allocate root group!");
-diff -up /dev/null dhcp-4.0.0/server/ldap.c
---- /dev/null 2008-01-19 23:52:35.158021373 -1000
-+++ dhcp-4.0.0/server/ldap.c 2008-01-22 15:09:56.000000000 -1000
+diff -up /dev/null dhcp-4.0.1/server/ldap.c
+--- /dev/null 2009-07-08 03:35:30.103138421 -1000
++++ dhcp-4.0.1/server/ldap.c 2009-07-08 07:24:34.000000000 -1000
@@ -0,0 +1,2004 @@
+/* ldap.c
+
+ return;
+ }
+
-+ sprintf("ldap://%s:%d", ldap_server, ldap_port);
++ sprintf(uri, "ldap://%s:%d", ldap_server, ldap_port);
+ ldap_initialize(&ld, uri);
+
+ if (ld == NULL)
+ creds.bv_val = strdup(ldap_password);
+ creds.bv_len = strlen(ldap_password);
+
-+ if ((ret == ldap_sasl_bind_s (ld, ldap_username, LDAP_SASL_SIMPLE,
-+ &creds, NULL, NULL, NULL)) != LDAP_SUCCESS)
++ if ((ret = ldap_sasl_bind_s (ld, ldap_username, LDAP_SASL_SIMPLE,
++ &creds, NULL, NULL, NULL)) != LDAP_SUCCESS)
+ {
+ log_error ("Error: Cannot login into ldap server %s:%d: %s",
+ ldap_server, ldap_port, ldap_err2string (ret));
+ return (EOF);
+
+ cfile->bufix = 1;
-+ cfile->buflen = strlen (cfile->inbuf);
++ cfile->buflen = strlen (cfile->inbuf) - 1;
+ if (cfile->buflen > 0)
+ ldap_write_debug (cfile->inbuf, cfile->buflen);
+
+ return (0);
+ }
+
-+ group_reference (&(*newclass)->group, class->group, MDL);
-+ class_reference (&(*newclass)->superclass, class, MDL);
-+ lease_limit = ldap_parse_options (ent, (*newclass)->group,
-+ CLASS_DECL, NULL, newclass);
-+ if (lease_limit == 0)
-+ (*newclass)->lease_limit = class->lease_limit;
-+ else
-+ class->lease_limit = lease_limit;
-+
-+ if ((*newclass)->lease_limit)
-+ {
-+ (*newclass)->billed_leases =
-+ dmalloc ((*newclass)->lease_limit * sizeof (struct lease *), MDL);
-+ if (!(*newclass)->billed_leases)
-+ {
-+ log_error ("no memory for billing");
-+ class_dereference (newclass, MDL);
-+ ldap_msgfree (res);
-+ return (0);
-+ }
-+ memset ((*newclass)->billed_leases, 0,
-+ ((*newclass)->lease_limit * sizeof (*newclass)->billed_leases));
-+ }
-+
-+ data_string_copy (&(*newclass)->hash_string, data, MDL);
-+
-+ ldap_msgfree (res);
-+ return (1);
-+ }
-+
-+ if(res) ldap_msgfree (res);
-+ return (0);
-+}
-+
-+#endif
-diff -up dhcp-4.0.0/server/confpars.c.ldap dhcp-4.0.0/server/confpars.c
---- dhcp-4.0.0/server/confpars.c.ldap 2007-11-30 11:51:43.000000000 -1000
-+++ dhcp-4.0.0/server/confpars.c 2008-01-22 15:09:56.000000000 -1000
-@@ -60,7 +60,17 @@ void parse_trace_setup ()
-
- isc_result_t readconf ()
- {
-- return read_conf_file (path_dhcpd_conf, root_group, ROOT_GROUP, 0);
-+ isc_result_t res;
-+
-+ res = read_conf_file (path_dhcpd_conf, root_group, ROOT_GROUP, 0);
-+#if defined(LDAP_CONFIGURATION)
-+ if (res != ISC_R_SUCCESS)
-+ return (res);
-+
-+ return ldap_read_config ();
-+#else
-+ return (res);
-+#endif
- }
-
- isc_result_t read_conf_file (const char *filename, struct group *group,
-diff -up dhcp-4.0.0/server/class.c.ldap dhcp-4.0.0/server/class.c
---- dhcp-4.0.0/server/class.c.ldap 2007-09-05 07:32:10.000000000 -1000
-+++ dhcp-4.0.0/server/class.c 2008-01-22 15:09:56.000000000 -1000
-@@ -84,6 +84,7 @@ int check_collection (packet, lease, col
- int matched = 0;
- int status;
- int ignorep;
-+ int classfound;
-
- for (class = collection -> classes; class; class = class -> nic) {
- #if defined (DEBUG_CLASS_MATCHING)
-@@ -129,9 +130,15 @@ int check_collection (packet, lease, col
- class -> submatch, MDL));
- if (status && data.len) {
- nc = (struct class *)0;
-- if (class_hash_lookup (&nc, class -> hash,
-- (const char *)data.data,
-- data.len, MDL)) {
-+ classfound = class_hash_lookup (&nc, class -> hash,
-+ (const char *)data.data, data.len, MDL);
-+
-+#ifdef LDAP_CONFIGURATION
-+ if (!classfound && find_subclass_in_ldap (class, &nc, &data))
-+ classfound = 1;
-+#endif
-+
-+ if (classfound) {
- #if defined (DEBUG_CLASS_MATCHING)
- log_info ("matches subclass %s.",
- print_hex_1 (data.len,
-diff -up dhcp-4.0.0/server/stables.c.ldap dhcp-4.0.0/server/stables.c
---- dhcp-4.0.0/server/stables.c.ldap 2007-11-20 08:34:37.000000000 -1000
-+++ dhcp-4.0.0/server/stables.c 2008-01-22 15:09:56.000000000 -1000
-@@ -238,9 +238,107 @@ static struct option server_options[] =
- { "dhcpv6-pid-file-name", "t", &server_universe, 55, 1 },
- { "limit-addrs-per-ia", "L", &server_universe, 56, 1 },
- { "delayed-ack", "S", &server_universe, 57, 1 },
-+#if defined(LDAP_CONFIGURATION)
-+ { "ldap-server", "t", &server_universe, 58, 1 },
-+ { "ldap-port", "d", &server_universe, 59, 1 },
-+ { "ldap-username", "t", &server_universe, 60, 1 },
-+ { "ldap-password", "t", &server_universe, 61, 1 },
-+ { "ldap-base-dn", "t", &server_universe, 62, 1 },
-+ { "ldap-method", "Nldap-methods.", &server_universe, 63, 1 },
-+ { "ldap-debug-file", "t", &server_universe, 64, 1 },
-+ { "ldap-dhcp-server-cn", "t", &server_universe, 65, 1 },
-+ { "ldap-referrals", "f", &server_universe, 66, 1 },
-+#if defined(USE_SSL)
-+ { "ldap-ssl", "Nldap-ssl-usage.", &server_universe, 67, 1 },
-+ { "ldap-tls-reqcert", "Nldap-tls-reqcert.", &server_universe, 68, 1 },
-+ { "ldap-tls-ca-file", "t", &server_universe, 69, 1 },
-+ { "ldap-tls-ca-dir", "t", &server_universe, 70, 1 },
-+ { "ldap-tls-cert", "t", &server_universe, 71, 1 },
-+ { "ldap-tls-key", "t", &server_universe, 72, 1 },
-+ { "ldap-tls-crlcheck", "Nldap-tls-crlcheck.", &server_universe, 73, 1 },
-+ { "ldap-tls-ciphers", "t", &server_universe, 74, 1 },
-+ { "ldap-tls-randfile", "t", &server_universe, 75, 1 },
-+#else
-+ { "unknown-67", "X", &server_universe, 67, 1 },
-+ { "unknown-68", "X", &server_universe, 68, 1 },
-+ { "unknown-69", "X", &server_universe, 69, 1 },
-+ { "unknown-70", "X", &server_universe, 70, 1 },
-+ { "unknown-71", "X", &server_universe, 71, 1 },
-+ { "unknown-72", "X", &server_universe, 72, 1 },
-+ { "unknown-73", "X", &server_universe, 73, 1 },
-+ { "unknown-74", "X", &server_universe, 74, 1 },
-+ { "unknown-75", "X", &server_universe, 75, 1 },
-+#endif
-+#else
-+ { "unknown-58", "X", &server_universe, 58, 1 },
-+ { "unknown-59", "X", &server_universe, 59, 1 },
-+ { "unknown-60", "X", &server_universe, 60, 1 },
-+ { "unknown-61", "X", &server_universe, 61, 1 },
-+ { "unknown-62", "X", &server_universe, 62, 1 },
-+ { "unknown-63", "X", &server_universe, 63, 1 },
-+ { "unknown-64", "X", &server_universe, 64, 1 },
-+ { "unknown-65", "X", &server_universe, 65, 1 },
-+ { "unknown-66", "X", &server_universe, 66, 1 },
-+#endif
- { NULL, NULL, NULL, 0, 0 }
- };
-
-+#if defined(LDAP_CONFIGURATION)
-+struct enumeration_value ldap_values [] = {
-+ { "static", LDAP_METHOD_STATIC },
-+ { "dynamic", LDAP_METHOD_DYNAMIC },
-+ { (char *) 0, 0 }
-+};
-+
-+struct enumeration ldap_methods = {
-+ (struct enumeration *)0,
-+ "ldap-methods", 1,
-+ ldap_values
-+};
-+
-+#if defined(USE_SSL)
-+struct enumeration_value ldap_ssl_usage_values [] = {
-+ { "off", LDAP_SSL_OFF },
-+ { "on",LDAP_SSL_ON },
-+ { "ldaps", LDAP_SSL_LDAPS },
-+ { "start_tls", LDAP_SSL_TLS },
-+ { (char *) 0, 0 }
-+};
-+
-+struct enumeration ldap_ssl_usage_enum = {
-+ (struct enumeration *)0,
-+ "ldap-ssl-usage", 1,
-+ ldap_ssl_usage_values
-+};
-+
-+struct enumeration_value ldap_tls_reqcert_values [] = {
-+ { "never", LDAP_OPT_X_TLS_NEVER },
-+ { "hard", LDAP_OPT_X_TLS_HARD },
-+ { "demand", LDAP_OPT_X_TLS_DEMAND},
-+ { "allow", LDAP_OPT_X_TLS_ALLOW },
-+ { "try", LDAP_OPT_X_TLS_TRY },
-+ { (char *) 0, 0 }
-+};
-+struct enumeration ldap_tls_reqcert_enum = {
-+ (struct enumeration *)0,
-+ "ldap-tls-reqcert", 1,
-+ ldap_tls_reqcert_values
-+};
-+
-+struct enumeration_value ldap_tls_crlcheck_values [] = {
-+ { "none", LDAP_OPT_X_TLS_CRL_NONE},
-+ { "peer", LDAP_OPT_X_TLS_CRL_PEER},
-+ { "all", LDAP_OPT_X_TLS_CRL_ALL },
-+ { (char *) 0, 0 }
-+};
-+struct enumeration ldap_tls_crlcheck_enum = {
-+ (struct enumeration *)0,
-+ "ldap-tls-crlcheck", 1,
-+ ldap_tls_crlcheck_values
-+};
-+#endif
-+#endif
-+
- struct enumeration_value ddns_styles_values [] = {
- { "none", 0 },
- { "ad-hoc", 1 },
-diff -up dhcp-4.0.0/dst/Makefile.am.ldap dhcp-4.0.0/dst/Makefile.am
---- dhcp-4.0.0/dst/Makefile.am.ldap 2007-05-29 06:32:10.000000000 -1000
-+++ dhcp-4.0.0/dst/Makefile.am 2008-01-22 15:09:56.000000000 -1000
-@@ -2,7 +2,12 @@ AM_CPPFLAGS = -DMINIRES_LIB -DHMAC_MD5
-
- lib_LIBRARIES = libdst.a
-
-+noinst_LIBRARIES = libdstnomd5.a
-+
- libdst_a_SOURCES = dst_support.c dst_api.c hmac_link.c md5_dgst.c \
- base64.c prandom.c
-
-+libdstnomd5_a_SOURCES = dst_support.c dst_api.c hmac_link.c \
-+ base64.c prandom.c
-+
- EXTRA_DIST = dst_internal.h md5.h md5_locl.h
-diff -up dhcp-4.0.0/common/print.c.ldap dhcp-4.0.0/common/print.c
---- dhcp-4.0.0/common/print.c.ldap 2007-10-01 04:47:35.000000000 -1000
-+++ dhcp-4.0.0/common/print.c 2008-01-22 15:09:56.000000000 -1000
-@@ -163,9 +163,9 @@ char *print_base64 (const unsigned char
- }
-
- char *print_hw_addr (htype, hlen, data)
-- int htype;
-- int hlen;
-- unsigned char *data;
-+ const int htype;
-+ const int hlen;
-+ const unsigned char *data;
- {
- static char habuf [49];
- char *s;
-diff -up dhcp-4.0.0/common/conflex.c.ldap dhcp-4.0.0/common/conflex.c
---- dhcp-4.0.0/common/conflex.c.ldap 2007-10-31 09:13:33.000000000 -1000
-+++ dhcp-4.0.0/common/conflex.c 2008-01-22 15:10:31.000000000 -1000
-@@ -43,6 +43,7 @@ static enum dhcp_token read_string PROTO
- static enum dhcp_token read_number PROTO ((int, struct parse *));
- static enum dhcp_token read_num_or_name PROTO ((int, struct parse *));
- static enum dhcp_token intern PROTO ((char *, enum dhcp_token));
-+static int read_function PROTO ((struct parse *));
-
- isc_result_t new_parse (cfile, file, inbuf, buflen, name, eolp)
- struct parse **cfile;
-@@ -76,6 +77,10 @@ isc_result_t new_parse (cfile, file, inb
- tmp->file = file;
- tmp->eol_token = eolp;
-
-+ if (file != -1) {
-+ tmp -> read_function = read_function;
-+ }
-+
- if (inbuf != NULL) {
- tmp->inbuf = inbuf;
- tmp->buflen = buflen;
-@@ -170,9 +175,13 @@ static int get_char (cfile)
- /* My kingdom for WITH... */
- int c;
-
-- if (cfile->bufix == cfile->buflen)
-- c = EOF;
-- else {
-+ if (cfile->bufix == cfile->buflen) {
-+ if (cfile -> read_function) {
-+ c = cfile -> read_function (cfile);
-+ } else {
-+ c = EOF;
-+ }
-+ } else {
- c = cfile->inbuf [cfile->bufix];
- cfile->bufix++;
- }
-@@ -1415,3 +1424,25 @@ intern(char *atom, enum dhcp_token dfv)
- }
- return dfv;
- }
-+
-+static int
-+read_function (struct parse * cfile)
-+{
-+ int c;
-+
-+ ssize_t n = read (cfile -> file, cfile -> inbuf, cfile -> bufsiz);
-+ if (n == 0) {
-+ c = EOF;
-+ cfile -> bufix = 0;
-+ cfile -> buflen = 0;
-+ } else if (n < 0) {
-+ c = EOF;
-+ cfile -> bufix = cfile -> buflen = 0;
-+ } else {
-+ c = cfile -> inbuf [0];
-+ cfile -> bufix = 1;
-+ cfile -> buflen = n;
-+ }
-+
-+ return c;
-+}
-diff -up dhcp-4.0.0/includes/dhcpd.h.ldap dhcp-4.0.0/includes/dhcpd.h
---- dhcp-4.0.0/includes/dhcpd.h.ldap 2007-12-08 09:36:00.000000000 -1000
-+++ dhcp-4.0.0/includes/dhcpd.h 2008-01-22 15:09:56.000000000 -1000
-@@ -101,6 +101,11 @@ typedef time_t TIME;
- #include <isc-dhcp/result.h>
- #include <omapip/omapip_p.h>
-
-+#if defined(LDAP_CONFIGURATION)
-+# include <ldap.h>
-+# include <sys/utsname.h> /* for uname() */
-+#endif
-+
- #if !defined (BYTE_NAME_HASH_SIZE)
- # define BYTE_NAME_HASH_SIZE 401 /* Default would be ridiculous. */
- #endif
-@@ -290,6 +295,8 @@ struct parse {
- size_t bufsiz;
-
- struct parse *saved_state;
-+
-+ int (*read_function) (struct parse *);
- };
-
- /* Variable-length array of data. */
-@@ -421,6 +428,32 @@ struct hardware {
- u_int8_t hbuf [17];
- };
-
-+#if defined(LDAP_CONFIGURATION)
-+# define LDAP_BUFFER_SIZE 8192
-+# define LDAP_METHOD_STATIC 0
-+# define LDAP_METHOD_DYNAMIC 1
-+#if defined (USE_SSL)
-+# define LDAP_SSL_OFF 0
-+# define LDAP_SSL_ON 1
-+# define LDAP_SSL_TLS 2
-+# define LDAP_SSL_LDAPS 3
-+#endif
-+
-+/* This is a tree of the current configuration we are building from LDAP */
-+struct ldap_config_stack {
-+ LDAPMessage * res; /* Pointer returned from ldap_search */
-+ LDAPMessage * ldent; /* Current item in LDAP that we're processing.
-+ in res */
-+ int close_brace; /* Put a closing } after we're through with
-+ this item */
-+ int processed; /* We set this flag if this base item has been
-+ processed. After this base item is processed,
-+ we can start processing the children */
-+ struct ldap_config_stack *children;
-+ struct ldap_config_stack *next;
-+};
-+#endif
-+
- typedef enum {
- server_startup = 0,
- server_running = 1,
-@@ -626,6 +659,29 @@ struct lease_state {
- # define DEFAULT_PING_TIMEOUT 1
- #endif
-
-+#if defined(LDAP_CONFIGURATION)
-+# define SV_LDAP_SERVER 47
-+# define SV_LDAP_PORT 48
-+# define SV_LDAP_USERNAME 49
-+# define SV_LDAP_PASSWORD 50
-+# define SV_LDAP_BASE_DN 51
-+# define SV_LDAP_METHOD 52
-+# define SV_LDAP_DEBUG_FILE 53
-+# define SV_LDAP_DHCP_SERVER_CN 54
-+# define SV_LDAP_REFERRALS 55
-+#if defined (USE_SSL)
-+# define SV_LDAP_SSL 56
-+# define SV_LDAP_TLS_REQCERT 57
-+# define SV_LDAP_TLS_CA_FILE 58
-+# define SV_LDAP_TLS_CA_DIR 59
-+# define SV_LDAP_TLS_CERT 60
-+# define SV_LDAP_TLS_KEY 61
-+# define SV_LDAP_TLS_CRLCHECK 62
-+# define SV_LDAP_TLS_CIPHERS 63
-+# define SV_LDAP_TLS_RANDFILE 64
-+#endif
-+#endif
-+
- #if !defined (DEFAULT_DEFAULT_LEASE_TIME)
- # define DEFAULT_DEFAULT_LEASE_TIME 43200
- #endif
-@@ -2035,7 +2091,7 @@ extern int db_time_format;
- char *quotify_string (const char *, const char *, int);
- char *quotify_buf (const unsigned char *, unsigned, const char *, int);
- char *print_base64 (const unsigned char *, unsigned, const char *, int);
--char *print_hw_addr PROTO ((int, int, unsigned char *));
-+char *print_hw_addr PROTO ((const int, const int, const unsigned char *));
- void print_lease PROTO ((struct lease *));
- void dump_raw PROTO ((const unsigned char *, unsigned));
- void dump_packet_option (struct option_cache *, struct packet *,
-@@ -3158,6 +3214,20 @@ OMAPI_OBJECT_ALLOC_DECL (dhcp_failover_l
-
- const char *binding_state_print (enum failover_state);
-
-+/* ldap.c */
-+#if defined(LDAP_CONFIGURATION)
-+extern struct enumeration ldap_methods;
-+#if defined (USE_SSL)
-+extern struct enumeration ldap_ssl_usage_enum;
-+extern struct enumeration ldap_tls_reqcert_enum;
-+extern struct enumeration ldap_tls_crlcheck_enum;
-+#endif
-+isc_result_t ldap_read_config (void);
-+int find_haddr_in_ldap (struct host_decl **, int, unsigned,
-+ const unsigned char *, const char *, int);
-+int find_subclass_in_ldap (struct class *, struct class **,
-+ struct data_string *);
-+#endif
-
- /* mdb6.c */
- HASH_FUNCTIONS_DECL(ia_na, unsigned char *, struct ia_na, ia_na_hash_t);
-diff -up dhcp-4.0.0/includes/site.h.ldap dhcp-4.0.0/includes/site.h
---- dhcp-4.0.0/includes/site.h.ldap 2006-07-31 12:19:51.000000000 -1000
-+++ dhcp-4.0.0/includes/site.h 2008-01-22 15:09:56.000000000 -1000
-@@ -183,3 +183,13 @@
- traces. */
-
- #define TRACING
-+
-+/* Define this if you want to read your config from LDAP. Read README.ldap
-+ about how to set this up */
++ group_reference (&(*newclass)->group, class->group, MDL);
++ class_reference (&(*newclass)->superclass, class, MDL);
++ lease_limit = ldap_parse_options (ent, (*newclass)->group,
++ CLASS_DECL, NULL, newclass);
++ if (lease_limit == 0)
++ (*newclass)->lease_limit = class->lease_limit;
++ else
++ class->lease_limit = lease_limit;
++
++ if ((*newclass)->lease_limit)
++ {
++ (*newclass)->billed_leases =
++ dmalloc ((*newclass)->lease_limit * sizeof (struct lease *), MDL);
++ if (!(*newclass)->billed_leases)
++ {
++ log_error ("no memory for billing");
++ class_dereference (newclass, MDL);
++ ldap_msgfree (res);
++ return (0);
++ }
++ memset ((*newclass)->billed_leases, 0,
++ ((*newclass)->lease_limit * sizeof (*newclass)->billed_leases));
++ }
+
-+#define LDAP_CONFIGURATION
++ data_string_copy (&(*newclass)->hash_string, data, MDL);
+
-+/* Define this if you want to enable LDAP over a SSL connection. You will need
-+ to add -lcrypto -lssl to the LIBS= line of server/Makefile */
++ ldap_msgfree (res);
++ return (1);
++ }
+
-+#define USE_SSL
-diff -up /dev/null dhcp-4.0.0/includes/ldap_casa.h
---- /dev/null 2008-01-19 23:52:35.158021373 -1000
-+++ dhcp-4.0.0/includes/ldap_casa.h 2008-01-22 15:09:56.000000000 -1000
-@@ -0,0 +1,83 @@
-+/* ldap_casa.h
++ if(res) ldap_msgfree (res);
++ return (0);
++}
++
++#endif
+diff -up /dev/null dhcp-4.0.1/server/ldap_casa.c
+--- /dev/null 2009-07-08 03:35:30.103138421 -1000
++++ dhcp-4.0.1/server/ldap_casa.c 2009-07-08 07:24:34.000000000 -1000
+@@ -0,0 +1,138 @@
++/* ldap_casa.c
+
-+ Definition for CASA modules... */
++ CASA routines for DHCPD... */
+
+/* Copyright (c) 2004 Internet Systems Consorium, Inc. ("ISC")
+ * Copyright (c) 1995-2003 Internet Software Consortium.
+ */
+
+#if defined(LDAP_CASA_AUTH)
-+#ifndef __LDAP_CASA_H__
-+#define __LDAP_CASA_H__
++#include "ldap_casa.h"
++#include "dhcpd.h"
+
-+#include <micasa_mgmd.h>
-+#include <dlfcn.h>
-+#include <string.h>
++int
++load_casa (void)
++{
++ if( !(casaIDK = dlopen(MICASA_LIB,RTLD_LAZY)))
++ return 0;
++ p_miCASAGetCredential = (CASA_GetCredential_T) dlsym(casaIDK, "miCASAGetCredential");
++ p_miCASASetCredential = (CASA_SetCredential_T) dlsym(casaIDK, "miCASASetCredential");
++ p_miCASARemoveCredential = (CASA_RemoveCredential_T) dlsym(casaIDK, "miCASARemoveCredential");
+
-+#define MICASA_LIB "libmicasa.so.1"
++ if((p_miCASAGetCredential == NULL) ||
++ (p_miCASASetCredential == NULL) ||
++ (p_miCASARemoveCredential == NULL))
++ {
++ if(casaIDK)
++ dlclose(casaIDK);
++ casaIDK = NULL;
++ p_miCASAGetCredential = NULL;
++ p_miCASASetCredential = NULL;
++ p_miCASARemoveCredential = NULL;
++ return 0;
++ }
++ else
++ return 1;
++}
+
-+SSCS_TYPEDEF_LIBCALL(int, CASA_GetCredential_T)
-+(
-+ uint32_t ssFlags,
-+ SSCS_SECRET_ID_T *appSecretID,
-+ SSCS_SECRET_ID_T *sharedSecretID,
-+ uint32_t *credentialType,
-+ void *credential,
-+ SSCS_EXT_T *ext
-+);
-+SSCS_TYPEDEF_LIBCALL(int, CASA_SetCredential_T)
-+(
-+ uint32_t ssFlags,
-+ SSCS_SECRET_ID_T *appSecretID,
-+ SSCS_SECRET_ID_T *sharedSecretID,
-+ uint32_t credentialType,
-+ void *credential,
-+ SSCS_EXT_T *ext
-+);
++static void
++release_casa(void)
++{
++ if(casaIDK)
++ {
++ dlclose(casaIDK);
++ casaIDK = NULL;
++ }
+
-+SSCS_TYPEDEF_LIBCALL(int, CASA_RemoveCredential_T)
-+(
-+ uint32_t ssFlags,
-+ SSCS_SECRET_ID_T *appSecretID,
-+ SSCS_SECRET_ID_T *sharedSecretID,
-+ SSCS_EXT_T *ext
-+);
-+static CASA_GetCredential_T p_miCASAGetCredential = NULL;
-+static CASA_SetCredential_T p_miCASASetCredential = NULL;
-+static CASA_RemoveCredential_T p_miCASARemoveCredential = NULL;
-+static void *casaIDK = NULL;
++ p_miCASAGetCredential = NULL;
++ p_miCASASetCredential = NULL;
++ p_miCASARemoveCredential = NULL;
+
-+int load_casa(void);
-+static void release_casa(void);
-+int load_uname_pwd_from_miCASA(char **, char **);
++}
++
++int
++load_uname_pwd_from_miCASA (char **ldap_username, char **ldap_password)
++ {
++ int result = 0;
++ uint32_t credentialtype = SSCS_CRED_TYPE_SERVER_F;
++ SSCS_BASIC_CREDENTIAL credential;
++ SSCS_SECRET_ID_T applicationSecretId;
++ char *tempVar = NULL;
++
++ const char applicationName[10] = "dhcp-ldap";
++
++ if ( load_casa() )
++ {
++ memset(&credential, 0, sizeof(SSCS_BASIC_CREDENTIAL));
++ memset(&applicationSecretId, 0, sizeof(SSCS_SECRET_ID_T));
++
++ applicationSecretId.len = strlen(applicationName) + 1;
++ memcpy (applicationSecretId.id, applicationName, applicationSecretId.len);
++
++ credential.unFlags = USERNAME_TYPE_CN_F;
++
++ result = p_miCASAGetCredential (0,
++ &applicationSecretId,NULL,&credentialtype,
++ &credential,NULL);
++
++ if(credential.unLen)
++ {
++ tempVar = dmalloc (credential.unLen + 1, MDL);
++ if (!tempVar)
++ log_fatal ("no memory for ldap_username");
++ memcpy(tempVar , credential.username, credential.unLen);
++ *ldap_username = tempVar;
++
++ tempVar = dmalloc (credential.pwordLen + 1, MDL);
++ if (!tempVar)
++ log_fatal ("no memory for ldap_password");
++ memcpy(tempVar, credential.password, credential.pwordLen);
++ *ldap_password = tempVar;
++
++#if defined (DEBUG_LDAP)
++ log_info ("Authentication credential taken from CASA");
++#endif
++
++ release_casa();
++ return 1;
++
++ }
++ else
++ {
++ release_casa();
++ return 0;
++ }
++ }
++ else
++ return 0; //casa libraries not loaded
++ }
+
-+#endif /* __LDAP_CASA_H__ */
+#endif /* LDAP_CASA_AUTH */
+
+diff -up dhcp-4.0.1/server/mdb.c.ldap dhcp-4.0.1/server/mdb.c
+--- dhcp-4.0.1/server/mdb.c.ldap 2008-02-08 08:46:35.000000000 -1000
++++ dhcp-4.0.1/server/mdb.c 2009-07-08 07:24:34.000000000 -1000
+@@ -600,6 +600,12 @@ int find_hosts_by_haddr (struct host_dec
+ const char *file, int line)
+ {
+ struct hardware h;
++#if defined(LDAP_CONFIGURATION)
++ int ret;
++
++ if ((ret = find_haddr_in_ldap (hp, htype, hlen, haddr, file, line)))
++ return ret;
++#endif
+
+ h.hlen = hlen + 1;
+ h.hbuf [0] = htype;
+diff -up dhcp-4.0.1/server/stables.c.ldap dhcp-4.0.1/server/stables.c
+--- dhcp-4.0.1/server/stables.c.ldap 2008-02-08 08:46:35.000000000 -1000
++++ dhcp-4.0.1/server/stables.c 2009-07-08 07:24:34.000000000 -1000
+@@ -238,9 +238,109 @@ static struct option server_options[] =
+ { "dhcpv6-lease-file-name", "t", &server_universe, 54, 1 },
+ { "dhcpv6-pid-file-name", "t", &server_universe, 55, 1 },
+ { "limit-addrs-per-ia", "L", &server_universe, 56, 1 },
++#if defined(LDAP_CONFIGURATION)
++ { "ldap-server", "t", &server_universe, 57, 1 },
++ { "ldap-port", "d", &server_universe, 58, 1 },
++ { "ldap-username", "t", &server_universe, 59, 1 },
++ { "ldap-password", "t", &server_universe, 60, 1 },
++ { "ldap-base-dn", "t", &server_universe, 61, 1 },
++ { "ldap-method", "Nldap-methods.", &server_universe, 62, 1 },
++ { "ldap-debug-file", "t", &server_universe, 63, 1 },
++ { "ldap-dhcp-server-cn", "t", &server_universe, 64, 1 },
++ { "ldap-referrals", "f", &server_universe, 65, 1 },
++#if defined(USE_SSL)
++ { "ldap-ssl", "Nldap-ssl-usage.", &server_universe, 66, 1 },
++ { "ldap-tls-reqcert", "Nldap-tls-reqcert.", &server_universe, 67, 1 },
++ { "ldap-tls-ca-file", "t", &server_universe, 68, 1 },
++ { "ldap-tls-ca-dir", "t", &server_universe, 69, 1 },
++ { "ldap-tls-cert", "t", &server_universe, 70, 1 },
++ { "ldap-tls-key", "t", &server_universe, 71, 1 },
++ { "ldap-tls-crlcheck", "Nldap-tls-crlcheck.", &server_universe, 72, 1 },
++ { "ldap-tls-ciphers", "t", &server_universe, 73, 1 },
++ { "ldap-tls-randfile", "t", &server_universe, 74, 1 },
++#else
++ { "unknown-66", "X", &server_universe, 66, 1 },
++ { "unknown-67", "X", &server_universe, 67, 1 },
++ { "unknown-68", "X", &server_universe, 68, 1 },
++ { "unknown-69", "X", &server_universe, 69, 1 },
++ { "unknown-70", "X", &server_universe, 70, 1 },
++ { "unknown-71", "X", &server_universe, 71, 1 },
++ { "unknown-72", "X", &server_universe, 72, 1 },
++ { "unknown-73", "X", &server_universe, 73, 1 },
++ { "unknown-74", "X", &server_universe, 74, 1 },
++#endif
++#else
++ { "unknown-57", "X", &server_universe, 57, 1 },
++ { "unknown-58", "X", &server_universe, 58, 1 },
++ { "unknown-59", "X", &server_universe, 59, 1 },
++ { "unknown-60", "X", &server_universe, 60, 1 },
++ { "unknown-61", "X", &server_universe, 61, 1 },
++ { "unknown-62", "X", &server_universe, 62, 1 },
++ { "unknown-63", "X", &server_universe, 63, 1 },
++ { "unknown-64", "X", &server_universe, 64, 1 },
++ { "unknown-65", "X", &server_universe, 65, 1 },
++#endif
+ { NULL, NULL, NULL, 0, 0 }
+ };
+
++#if defined(LDAP_CONFIGURATION)
++struct enumeration_value ldap_values [] = {
++ { "static", LDAP_METHOD_STATIC },
++ { "dynamic", LDAP_METHOD_DYNAMIC },
++ { (char *) 0, 0 }
++};
++
++struct enumeration ldap_methods = {
++ (struct enumeration *)0,
++ "ldap-methods", 1,
++ ldap_values
++};
++
++#if defined(USE_SSL)
++struct enumeration_value ldap_ssl_usage_values [] = {
++ { "off", LDAP_SSL_OFF },
++ { "on",LDAP_SSL_ON },
++ { "ldaps", LDAP_SSL_LDAPS },
++ { "start_tls", LDAP_SSL_TLS },
++ { (char *) 0, 0 }
++};
++
++struct enumeration ldap_ssl_usage_enum = {
++ (struct enumeration *)0,
++ "ldap-ssl-usage", 1,
++ ldap_ssl_usage_values
++};
++
++struct enumeration_value ldap_tls_reqcert_values [] = {
++ { "never", LDAP_OPT_X_TLS_NEVER },
++ { "hard", LDAP_OPT_X_TLS_HARD },
++ { "demand", LDAP_OPT_X_TLS_DEMAND},
++ { "allow", LDAP_OPT_X_TLS_ALLOW },
++ { "try", LDAP_OPT_X_TLS_TRY },
++ { (char *) 0, 0 }
++};
++
++struct enumeration ldap_tls_reqcert_enum = {
++ (struct enumeration *)0,
++ "ldap-tls-reqcert", 1,
++ ldap_tls_reqcert_values
++};
++
++struct enumeration_value ldap_tls_crlcheck_values [] = {
++ { "none", LDAP_OPT_X_TLS_CRL_NONE},
++ { "peer", LDAP_OPT_X_TLS_CRL_PEER},
++ { "all", LDAP_OPT_X_TLS_CRL_ALL },
++ { (char *) 0, 0 }
++};
++
++struct enumeration ldap_tls_crlcheck_enum = {
++ (struct enumeration *)0,
++ "ldap-tls-crlcheck", 1,
++ ldap_tls_crlcheck_values
++};
++#endif
++#endif
++
+ struct enumeration_value ddns_styles_values [] = {
+ { "none", 0 },
+ { "ad-hoc", 1 },
projects / packages / dhcp.git / blobdiff