]>
Commit | Line | Data |
---|---|---|
f1f8128e | 1 | diff -urN bind-9.2.3-orig/bin/named/Makefile.in bind-9.2.3/bin/named/Makefile.in |
2 | --- bind-9.2.3-orig/bin/named/Makefile.in 2001-05-31 18:45:00.000000000 -0600 | |
3 | +++ bind-9.2.3/bin/named/Makefile.in 2003-11-16 14:52:51.000000000 -0700 | |
4 | @@ -26,10 +26,10 @@ | |
5 | # | |
6 | # Add database drivers here. | |
7 | # | |
8 | -DBDRIVER_OBJS = | |
9 | -DBDRIVER_SRCS = | |
10 | +DBDRIVER_OBJS = ldapdb.@O@ | |
11 | +DBDRIVER_SRCS = ldapdb.c | |
12 | DBDRIVER_INCLUDES = | |
13 | -DBDRIVER_LIBS = | |
14 | +DBDRIVER_LIBS = -lldap -llber -lresolv | |
15 | ||
16 | CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include \ | |
17 | ${LWRES_INCLUDES} ${DNS_INCLUDES} \ | |
18 | diff -urN bind-9.2.3-orig/bin/named/include/ldapdb.h bind-9.2.3/bin/named/include/ldapdb.h | |
19 | --- bind-9.2.3-orig/bin/named/include/ldapdb.h 1969-12-31 17:00:00.000000000 -0700 | |
20 | +++ bind-9.2.3/bin/named/include/ldapdb.h 2003-11-16 14:52:51.000000000 -0700 | |
21 | @@ -0,0 +1,6 @@ | |
22 | +#include <isc/types.h> | |
23 | + | |
24 | +isc_result_t ldapdb_init(void); | |
25 | + | |
26 | +void ldapdb_clear(void); | |
27 | + | |
28 | diff -urN bind-9.2.3-orig/bin/named/ldapdb.c bind-9.2.3/bin/named/ldapdb.c | |
29 | --- bind-9.2.3-orig/bin/named/ldapdb.c 1969-12-31 17:00:00.000000000 -0700 | |
30 | +++ bind-9.2.3/bin/named/ldapdb.c 2003-11-16 14:52:51.000000000 -0700 | |
31 | @@ -0,0 +1,552 @@ | |
32 | +/* | |
33 | + * ldapdb.c version 0.9 | |
34 | + * | |
35 | + * Copyright (C) 2002 Stig Venaas | |
36 | + * | |
37 | + * Permission to use, copy, modify, and distribute this software for any | |
38 | + * purpose with or without fee is hereby granted, provided that the above | |
39 | + * copyright notice and this permission notice appear in all copies. | |
40 | + */ | |
41 | + | |
42 | +/* | |
43 | + * If you are using an old LDAP API uncomment the define below. Only do this | |
44 | + * if you know what you're doing or get compilation errors on ldap_memfree(). | |
45 | + */ | |
46 | +/* #define RFC1823API */ | |
47 | + | |
48 | +#include <config.h> | |
49 | + | |
50 | +#include <string.h> | |
51 | +#include <stdio.h> | |
52 | +#include <stdlib.h> | |
53 | +#include <ctype.h> | |
54 | + | |
55 | +#include <isc/mem.h> | |
56 | +#include <isc/print.h> | |
57 | +#include <isc/result.h> | |
58 | +#include <isc/util.h> | |
59 | +#include <isc/thread.h> | |
60 | + | |
61 | +#include <dns/sdb.h> | |
62 | + | |
63 | +#include <named/globals.h> | |
64 | +#include <named/log.h> | |
65 | + | |
66 | +#include <ldap.h> | |
67 | +#include "ldapdb.h" | |
68 | + | |
69 | +/* | |
70 | + * A simple database driver for LDAP | |
71 | + */ | |
72 | + | |
73 | +/* enough for name with 8 labels of max length */ | |
74 | +#define MAXNAMELEN 519 | |
75 | + | |
76 | +static dns_sdbimplementation_t *ldapdb = NULL; | |
77 | + | |
78 | +struct ldapdb_data { | |
79 | + char *hostport; | |
80 | + char *hostname; | |
81 | + int portno; | |
82 | + char *base; | |
83 | + int defaultttl; | |
84 | + char *filterall; | |
85 | + int filteralllen; | |
86 | + char *filterone; | |
87 | + int filteronelen; | |
88 | + char *filtername; | |
89 | +}; | |
90 | + | |
91 | +/* used by ldapdb_getconn */ | |
92 | + | |
93 | +struct ldapdb_entry { | |
94 | + void *index; | |
95 | + size_t size; | |
96 | + void *data; | |
97 | + struct ldapdb_entry *next; | |
98 | +}; | |
99 | + | |
100 | +static struct ldapdb_entry *ldapdb_find(struct ldapdb_entry *stack, | |
101 | + const void *index, size_t size) { | |
102 | + while (stack != NULL) { | |
103 | + if (stack->size == size && !memcmp(stack->index, index, size)) | |
104 | + return stack; | |
105 | + stack = stack->next; | |
106 | + } | |
107 | + return NULL; | |
108 | +} | |
109 | + | |
110 | +static void ldapdb_insert(struct ldapdb_entry **stack, | |
111 | + struct ldapdb_entry *item) { | |
112 | + item->next = *stack; | |
113 | + *stack = item; | |
114 | +} | |
115 | + | |
116 | +static void ldapdb_lock(int what) { | |
117 | + static isc_mutex_t lock; | |
118 | + | |
119 | + switch (what) { | |
120 | + case 0: | |
121 | + isc_mutex_init(&lock); | |
122 | + break; | |
123 | + case 1: | |
124 | + LOCK(&lock); | |
125 | + break; | |
126 | + case -1: | |
127 | + UNLOCK(&lock); | |
128 | + break; | |
129 | + } | |
130 | +} | |
131 | + | |
132 | +/* data == NULL means cleanup */ | |
133 | +static LDAP ** | |
134 | +ldapdb_getconn(struct ldapdb_data *data) | |
135 | +{ | |
136 | + static struct ldapdb_entry *allthreadsdata = NULL; | |
137 | + struct ldapdb_entry *threaddata, *conndata; | |
138 | + unsigned long threadid; | |
139 | + | |
140 | + if (data == NULL) { | |
141 | + /* cleanup */ | |
142 | + /* lock out other threads */ | |
143 | + ldapdb_lock(1); | |
144 | + while (allthreadsdata != NULL) { | |
145 | + threaddata = allthreadsdata; | |
146 | + free(threaddata->index); | |
147 | + while (threaddata->data != NULL) { | |
148 | + conndata = threaddata->data; | |
149 | + free(conndata->index); | |
150 | + if (conndata->data != NULL) | |
151 | + ldap_unbind((LDAP *)conndata->data); | |
152 | + threaddata->data = conndata->next; | |
153 | + free(conndata); | |
154 | + } | |
155 | + allthreadsdata = threaddata->next; | |
156 | + free(threaddata); | |
157 | + } | |
158 | + ldapdb_lock(-1); | |
159 | + return (NULL); | |
160 | + } | |
161 | + | |
162 | + /* look for connection data for current thread */ | |
163 | + threadid = isc_thread_self(); | |
164 | + threaddata = ldapdb_find(allthreadsdata, &threadid, sizeof(threadid)); | |
165 | + if (threaddata == NULL) { | |
166 | + /* no data for this thread, create empty connection list */ | |
167 | + threaddata = malloc(sizeof(*threaddata)); | |
168 | + if (threaddata == NULL) | |
169 | + return (NULL); | |
170 | + threaddata->index = malloc(sizeof(threadid)); | |
171 | + if (threaddata->index == NULL) { | |
172 | + free(threaddata); | |
173 | + return (NULL); | |
174 | + } | |
175 | + *(unsigned long *)threaddata->index = threadid; | |
176 | + threaddata->size = sizeof(threadid); | |
177 | + threaddata->data = NULL; | |
178 | + | |
179 | + /* need to lock out other threads here */ | |
180 | + ldapdb_lock(1); | |
181 | + ldapdb_insert(&allthreadsdata, threaddata); | |
182 | + ldapdb_lock(-1); | |
183 | + } | |
184 | + | |
185 | + /* threaddata points at the connection list for current thread */ | |
186 | + /* look for existing connection to our server */ | |
187 | + conndata = ldapdb_find((struct ldapdb_entry *)threaddata->data, | |
188 | + data->hostport, strlen(data->hostport)); | |
189 | + if (conndata == NULL) { | |
190 | + /* no connection data structure for this server, create one */ | |
191 | + conndata = malloc(sizeof(*conndata)); | |
192 | + if (conndata == NULL) | |
193 | + return (NULL); | |
194 | + (char *)conndata->index = data->hostport; | |
195 | + conndata->size = strlen(data->hostport); | |
196 | + conndata->data = NULL; | |
197 | + ldapdb_insert((struct ldapdb_entry **)&threaddata->data, | |
198 | + conndata); | |
199 | + } | |
200 | + | |
201 | + return (LDAP **)&conndata->data; | |
202 | +} | |
203 | + | |
204 | +static void | |
205 | +ldapdb_bind(struct ldapdb_data *data, LDAP **ldp) | |
206 | +{ | |
207 | + if (*ldp != NULL) | |
208 | + ldap_unbind(*ldp); | |
209 | + *ldp = ldap_open(data->hostname, data->portno); | |
210 | + if (*ldp == NULL) | |
211 | + return; | |
212 | + if (ldap_simple_bind_s(*ldp, NULL, NULL) != LDAP_SUCCESS) { | |
213 | + ldap_unbind(*ldp); | |
214 | + *ldp = NULL; | |
215 | + } | |
216 | +} | |
217 | + | |
218 | +static isc_result_t | |
219 | +ldapdb_search(const char *zone, const char *name, void *dbdata, void *retdata) | |
220 | +{ | |
221 | + struct ldapdb_data *data = dbdata; | |
222 | + isc_result_t result = ISC_R_NOTFOUND; | |
223 | + LDAP **ldp; | |
224 | + LDAPMessage *res, *e; | |
225 | + char *fltr, *a, **vals, **names; | |
226 | + char type[64]; | |
227 | +#ifdef RFC1823API | |
228 | + void *ptr; | |
229 | +#else | |
230 | + BerElement *ptr; | |
231 | +#endif | |
232 | + int i, j, errno, msgid; | |
233 | + | |
234 | + ldp = ldapdb_getconn(data); | |
235 | + if (ldp == NULL) | |
236 | + return (ISC_R_FAILURE); | |
237 | + if (*ldp == NULL) { | |
238 | + ldapdb_bind(data, ldp); | |
239 | + if (*ldp == NULL) { | |
240 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR, | |
241 | + "LDAP sdb zone '%s': bind failed", zone); | |
242 | + return (ISC_R_FAILURE); | |
243 | + } | |
244 | + } | |
245 | + | |
246 | + if (name == NULL) { | |
247 | + fltr = data->filterall; | |
248 | + } else { | |
249 | + if (strlen(name) > MAXNAMELEN) { | |
250 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR, | |
251 | + "LDAP sdb zone '%s': name %s too long", zone, name); | |
252 | + return (ISC_R_FAILURE); | |
253 | + } | |
254 | + sprintf(data->filtername, "%s))", name); | |
255 | + fltr = data->filterone; | |
256 | + } | |
257 | + | |
258 | + msgid = ldap_search(*ldp, data->base, LDAP_SCOPE_SUBTREE, fltr, NULL, 0); | |
259 | + if (msgid == -1) { | |
260 | + ldapdb_bind(data, ldp); | |
261 | + if (*ldp != NULL) | |
262 | + msgid = ldap_search(*ldp, data->base, LDAP_SCOPE_SUBTREE, fltr, NULL, 0); | |
263 | + } | |
264 | + | |
265 | + if (*ldp == NULL || msgid == -1) { | |
266 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR, | |
267 | + "LDAP sdb zone '%s': search failed, filter %s", zone, fltr); | |
268 | + return (ISC_R_FAILURE); | |
269 | + } | |
270 | + | |
271 | + /* Get the records one by one as they arrive and return them to bind */ | |
272 | + while ((errno = ldap_result(*ldp, msgid, 0, NULL, &res)) != LDAP_RES_SEARCH_RESULT ) { | |
273 | + LDAP *ld = *ldp; | |
274 | + int ttl = data->defaultttl; | |
275 | + | |
276 | + /* not supporting continuation references at present */ | |
277 | + if (errno != LDAP_RES_SEARCH_ENTRY) { | |
278 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR, | |
279 | + "LDAP sdb zone '%s': ldap_result returned %d", zone, errno); | |
280 | + ldap_msgfree(res); | |
281 | + return (ISC_R_FAILURE); | |
282 | + } | |
283 | + | |
284 | + /* only one entry per result message */ | |
285 | + e = ldap_first_entry(ld, res); | |
286 | + if (e == NULL) { | |
287 | + ldap_msgfree(res); | |
288 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR, | |
289 | + "LDAP sdb zone '%s': ldap_first_entry failed", zone); | |
290 | + return (ISC_R_FAILURE); | |
291 | + } | |
292 | + | |
293 | + if (name == NULL) { | |
294 | + names = ldap_get_values(ld, e, "relativeDomainName"); | |
295 | + if (names == NULL) | |
296 | + continue; | |
297 | + } | |
298 | + | |
299 | + vals = ldap_get_values(ld, e, "dNSTTL"); | |
300 | + if (vals != NULL) { | |
301 | + ttl = atoi(vals[0]); | |
302 | + ldap_value_free(vals); | |
303 | + } | |
304 | + | |
305 | + for (a = ldap_first_attribute(ld, e, &ptr); a != NULL; a = ldap_next_attribute(ld, e, ptr)) { | |
306 | + char *s; | |
307 | + | |
308 | + for (s = a; *s; s++) | |
309 | + *s = toupper(*s); | |
310 | + s = strstr(a, "RECORD"); | |
311 | + if ((s == NULL) || (s == a) || (s - a >= (signed int)sizeof(type))) { | |
312 | +#ifndef RFC1823API | |
313 | + ldap_memfree(a); | |
314 | +#endif | |
315 | + continue; | |
316 | + } | |
317 | + | |
318 | + strncpy(type, a, s - a); | |
319 | + type[s - a] = '\0'; | |
320 | + vals = ldap_get_values(ld, e, a); | |
321 | + if (vals != NULL) { | |
322 | + for (i = 0; vals[i] != NULL; i++) { | |
323 | + if (name != NULL) { | |
324 | + result = dns_sdb_putrr(retdata, type, ttl, vals[i]); | |
325 | + } else { | |
326 | + for (j = 0; names[j] != NULL; j++) { | |
327 | + result = dns_sdb_putnamedrr(retdata, names[j], type, ttl, vals[i]); | |
328 | + if (result != ISC_R_SUCCESS) | |
329 | + break; | |
330 | + } | |
331 | + } | |
332 | +; if (result != ISC_R_SUCCESS) { | |
333 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR, | |
334 | + "LDAP sdb zone '%s': dns_sdb_put... failed for %s", zone, vals[i]); | |
335 | + ldap_value_free(vals); | |
336 | +#ifndef RFC1823API | |
337 | + ldap_memfree(a); | |
338 | + if (ptr != NULL) | |
339 | + ber_free(ptr, 0); | |
340 | +#endif | |
341 | + if (name == NULL) | |
342 | + ldap_value_free(names); | |
343 | + ldap_msgfree(res); | |
344 | + return (ISC_R_FAILURE); | |
345 | + } | |
346 | + } | |
347 | + ldap_value_free(vals); | |
348 | + } | |
349 | +#ifndef RFC1823API | |
350 | + ldap_memfree(a); | |
351 | +#endif | |
352 | + } | |
353 | +#ifndef RFC1823API | |
354 | + if (ptr != NULL) | |
355 | + ber_free(ptr, 0); | |
356 | +#endif | |
357 | + if (name == NULL) | |
358 | + ldap_value_free(names); | |
359 | + | |
360 | + /* cleanup this result */ | |
361 | + ldap_msgfree(res); | |
362 | + } | |
363 | + | |
364 | + return (result); | |
365 | +} | |
366 | + | |
367 | + | |
368 | +/* callback routines */ | |
369 | +static isc_result_t | |
370 | +ldapdb_lookup(const char *zone, const char *name, void *dbdata, | |
371 | + dns_sdblookup_t *lookup) | |
372 | +{ | |
373 | + return ldapdb_search(zone, name, dbdata, lookup); | |
374 | +} | |
375 | + | |
376 | +static isc_result_t | |
377 | +ldapdb_allnodes(const char *zone, void *dbdata, | |
378 | + dns_sdballnodes_t *allnodes) | |
379 | +{ | |
380 | + return ldapdb_search(zone, NULL, dbdata, allnodes); | |
381 | +} | |
382 | + | |
383 | +static char * | |
384 | +unhex(char *in) | |
385 | +{ | |
386 | + static const char hexdigits[] = "0123456789abcdef"; | |
387 | + char *p, *s = in; | |
388 | + int d1, d2; | |
389 | + | |
390 | + while ((s = strchr(s, '%'))) { | |
391 | + if (!(s[1] && s[2])) | |
392 | + return NULL; | |
393 | + if ((p = strchr(hexdigits, tolower(s[1]))) == NULL) | |
394 | + return NULL; | |
395 | + d1 = p - hexdigits; | |
396 | + if ((p = strchr(hexdigits, tolower(s[2]))) == NULL) | |
397 | + return NULL; | |
398 | + d2 = p - hexdigits; | |
399 | + *s++ = d1 << 4 | d2; | |
400 | + memmove(s, s + 2, strlen(s) - 1); | |
401 | + } | |
402 | + return in; | |
403 | +} | |
404 | + | |
405 | + | |
406 | + | |
407 | +static void | |
408 | +free_data(struct ldapdb_data *data) | |
409 | +{ | |
410 | + if (data->hostport != NULL) | |
411 | + isc_mem_free(ns_g_mctx, data->hostport); | |
412 | + if (data->hostname != NULL) | |
413 | + isc_mem_free(ns_g_mctx, data->hostname); | |
414 | + if (data->filterall != NULL) | |
415 | + isc_mem_put(ns_g_mctx, data->filterall, data->filteralllen); | |
416 | + if (data->filterone != NULL) | |
417 | + isc_mem_put(ns_g_mctx, data->filterone, data->filteronelen); | |
418 | + isc_mem_put(ns_g_mctx, data, sizeof(struct ldapdb_data)); | |
419 | +} | |
420 | + | |
421 | + | |
422 | +static isc_result_t | |
423 | +ldapdb_create(const char *zone, int argc, char **argv, | |
424 | + void *driverdata, void **dbdata) | |
425 | +{ | |
426 | + struct ldapdb_data *data; | |
427 | + char *s, *filter = NULL; | |
428 | + int defaultttl; | |
429 | + | |
430 | + UNUSED(driverdata); | |
431 | + | |
432 | + /* we assume that only one thread will call create at a time */ | |
433 | + /* want to do this only once for all instances */ | |
434 | + | |
435 | + if ((argc < 2) | |
436 | + || (argv[0] != strstr( argv[0], "ldap://")) | |
437 | + || ((defaultttl = atoi(argv[1])) < 1)) | |
438 | + return (ISC_R_FAILURE); | |
439 | + data = isc_mem_get(ns_g_mctx, sizeof(struct ldapdb_data)); | |
440 | + if (data == NULL) | |
441 | + return (ISC_R_NOMEMORY); | |
442 | + | |
443 | + memset(data, 0, sizeof(struct ldapdb_data)); | |
444 | + data->hostport = isc_mem_strdup(ns_g_mctx, argv[0] + strlen("ldap://")); | |
445 | + if (data->hostport == NULL) { | |
446 | + free_data(data); | |
447 | + return (ISC_R_NOMEMORY); | |
448 | + } | |
449 | + | |
450 | + data->defaultttl = defaultttl; | |
451 | + | |
452 | + s = strchr(data->hostport, '/'); | |
453 | + if (s != NULL) { | |
454 | + *s++ = '\0'; | |
455 | + data->base = s; | |
456 | + /* attrs, scope, filter etc? */ | |
457 | + s = strchr(s, '?'); | |
458 | + if (s != NULL) { | |
459 | + *s++ = '\0'; | |
460 | + /* ignore attributes */ | |
461 | + s = strchr(s, '?'); | |
462 | + if (s != NULL) { | |
463 | + *s++ = '\0'; | |
464 | + /* ignore scope */ | |
465 | + s = strchr(s, '?'); | |
466 | + if (s != NULL) { | |
467 | + *s++ = '\0'; | |
468 | + /* filter */ | |
469 | + filter = s; | |
470 | + s = strchr(s, '?'); | |
471 | + if (s != NULL) { | |
472 | + *s++ = '\0'; | |
473 | + } | |
474 | + if (*filter == '\0') { | |
475 | + filter = NULL; | |
476 | + } | |
477 | + } | |
478 | + } | |
479 | + } | |
480 | + if (*data->base == '\0') { | |
481 | + data->base = NULL; | |
482 | + } | |
483 | + | |
484 | + if ((data->base != NULL && unhex(data->base) == NULL) || (filter != NULL && unhex(filter) == NULL)) { | |
485 | + free_data(data); | |
486 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR, | |
487 | + "LDAP sdb zone '%s': bad hex values", zone); | |
488 | + return (ISC_R_FAILURE); | |
489 | + } | |
490 | + } | |
491 | + | |
492 | + /* compute filterall and filterone once and for all */ | |
493 | + if (filter == NULL) { | |
494 | + data->filteralllen = strlen(zone) + strlen("(zoneName=)") + 1; | |
495 | + data->filteronelen = strlen(zone) + strlen("(&(zoneName=)(relativeDomainName=))") + MAXNAMELEN + 1; | |
496 | + } else { | |
497 | + data->filteralllen = strlen(filter) + strlen(zone) + strlen("(&(zoneName=))") + 1; | |
498 | + data->filteronelen = strlen(filter) + strlen(zone) + strlen("(&(zoneName=)(relativeDomainName=))") + MAXNAMELEN + 1; | |
499 | + } | |
500 | + | |
501 | + data->filterall = isc_mem_get(ns_g_mctx, data->filteralllen); | |
502 | + if (data->filterall == NULL) { | |
503 | + free_data(data); | |
504 | + return (ISC_R_NOMEMORY); | |
505 | + } | |
506 | + data->filterone = isc_mem_get(ns_g_mctx, data->filteronelen); | |
507 | + if (data->filterone == NULL) { | |
508 | + free_data(data); | |
509 | + return (ISC_R_NOMEMORY); | |
510 | + } | |
511 | + | |
512 | + if (filter == NULL) { | |
513 | + sprintf(data->filterall, "(zoneName=%s)", zone); | |
514 | + sprintf(data->filterone, "(&(zoneName=%s)(relativeDomainName=", zone); | |
515 | + } else { | |
516 | + sprintf(data->filterall, "(&%s(zoneName=%s))", filter, zone); | |
517 | + sprintf(data->filterone, "(&%s(zoneName=%s)(relativeDomainName=", filter, zone); | |
518 | + } | |
519 | + data->filtername = data->filterone + strlen(data->filterone); | |
520 | + | |
521 | + /* support URLs with literal IPv6 addresses */ | |
522 | + data->hostname = isc_mem_strdup(ns_g_mctx, data->hostport + (*data->hostport == '[' ? 1 : 0)); | |
523 | + if (data->hostname == NULL) { | |
524 | + free_data(data); | |
525 | + return (ISC_R_NOMEMORY); | |
526 | + } | |
527 | + | |
528 | + if (*data->hostport == '[' && | |
529 | + (s = strchr(data->hostname, ']')) != NULL ) | |
530 | + *s++ = '\0'; | |
531 | + else | |
532 | + s = data->hostname; | |
533 | + s = strchr(s, ':'); | |
534 | + if (s != NULL) { | |
535 | + *s++ = '\0'; | |
536 | + data->portno = atoi(s); | |
537 | + } else | |
538 | + data->portno = LDAP_PORT; | |
539 | + | |
540 | + *dbdata = data; | |
541 | + return (ISC_R_SUCCESS); | |
542 | +} | |
543 | + | |
544 | +static void | |
545 | +ldapdb_destroy(const char *zone, void *driverdata, void **dbdata) { | |
546 | + struct ldapdb_data *data = *dbdata; | |
547 | + | |
548 | + UNUSED(zone); | |
549 | + UNUSED(driverdata); | |
550 | + | |
551 | + free_data(data); | |
552 | +} | |
553 | + | |
554 | +static dns_sdbmethods_t ldapdb_methods = { | |
555 | + ldapdb_lookup, | |
556 | + NULL, /* authority */ | |
557 | + ldapdb_allnodes, | |
558 | + ldapdb_create, | |
559 | + ldapdb_destroy | |
560 | +}; | |
561 | + | |
562 | +/* Wrapper around dns_sdb_register() */ | |
563 | +isc_result_t | |
564 | +ldapdb_init(void) { | |
565 | + unsigned int flags = | |
566 | + DNS_SDBFLAG_RELATIVEOWNER | | |
567 | + DNS_SDBFLAG_RELATIVERDATA | | |
568 | + DNS_SDBFLAG_THREADSAFE; | |
569 | + | |
570 | + ldapdb_lock(0); | |
571 | + return (dns_sdb_register("ldap", &ldapdb_methods, NULL, flags, | |
572 | + ns_g_mctx, &ldapdb)); | |
573 | +} | |
574 | + | |
575 | +/* Wrapper around dns_sdb_unregister() */ | |
576 | +void | |
577 | +ldapdb_clear(void) { | |
578 | + if (ldapdb != NULL) { | |
579 | + /* clean up thread data */ | |
580 | + ldapdb_getconn(NULL); | |
581 | + dns_sdb_unregister(&ldapdb); | |
582 | + } | |
583 | +} | |
584 | diff -urN bind-9.2.3-orig/bin/named/main.c bind-9.2.3/bin/named/main.c | |
585 | --- bind-9.2.3-orig/bin/named/main.c 2003-10-09 01:32:33.000000000 -0600 | |
586 | +++ bind-9.2.3/bin/named/main.c 2003-11-16 14:52:51.000000000 -0700 | |
587 | @@ -64,6 +64,7 @@ | |
588 | * Include header files for database drivers here. | |
589 | */ | |
590 | /* #include "xxdb.h" */ | |
591 | +#include <ldapdb.h> | |
592 | ||
593 | static isc_boolean_t want_stats = ISC_FALSE; | |
594 | static char program_name[ISC_DIR_NAMEMAX] = "named"; | |
595 | @@ -544,6 +545,7 @@ | |
596 | * Add calls to register sdb drivers here. | |
597 | */ | |
598 | /* xxdb_init(); */ | |
599 | + ldapdb_init(); | |
600 | ||
601 | ns_server_create(ns_g_mctx, &ns_g_server); | |
602 | } | |
603 | @@ -558,6 +560,7 @@ | |
604 | * Add calls to unregister sdb drivers here. | |
605 | */ | |
606 | /* xxdb_clear(); */ | |
607 | + ldapdb_clear(); | |
608 | ||
609 | isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, | |
610 | ISC_LOG_NOTICE, "exiting"); | |
611 | diff -urN bind-9.2.3-orig/doc/INSTALL.sdb-ldap bind-9.2.3/doc/INSTALL.sdb-ldap | |
612 | --- bind-9.2.3-orig/doc/INSTALL.sdb-ldap 1969-12-31 17:00:00.000000000 -0700 | |
613 | +++ bind-9.2.3/doc/INSTALL.sdb-ldap 2003-11-16 14:53:32.000000000 -0700 | |
614 | @@ -0,0 +1,59 @@ | |
615 | +This is the INSTALL file for 0.9. See | |
616 | +http://www.venaas.no/ldap/bind-sdb/ for updates or other information. | |
617 | + | |
618 | +BUILDING | |
619 | + | |
620 | +You need the source for BIND 9.1.0 or newer (for zone transfers you | |
621 | +will need at least 9.1.1rc3 due to a bug). Basically you need to follow | |
622 | +the instructions in doc/misc/sdb, if my instructions doesn't make sense, | |
623 | +please have a look at that as well. | |
624 | + | |
625 | +Copy ldapdb.c to bin/named and ldapdb.h to bin/named/include in the | |
626 | +source tree. | |
627 | + | |
628 | +Next alter bin/named/Makefile.in. Add ldapdb.@O@ to DBDRIVER_OBJS and | |
629 | +ldapdb.c to DBDRIVER_SRCS. You also need to add something like | |
630 | +-I/usr/local/include to DBDRIVER_INCLUDES and | |
631 | +-L/usr/local/lib -lldap -llber -lresolv to DBDRIVER_LIBS | |
632 | +depending on what LDAP library you have and where you installed it. | |
633 | + | |
634 | +Finally you need to edit bin/named/main.c. Below where it says | |
635 | +"#include "xxdb.h"", add the line "#include <ldapdb.h>". Below where | |
636 | +it says "xxdb_init();" add the line "ldapdb_init();", and finally | |
637 | +below where it says "xxdb_clear();", add "ldapdb_clear();". | |
638 | + | |
639 | +Now you should hopefully be able to build it. If you get an error | |
640 | +message about ldap_memfree() not being defined, you're probably | |
641 | +using an LDAP library with the interface defined in RFC 1823. To | |
642 | +build, uncomment the #define RFC1823API line near the top of ldapdb.c. | |
643 | + | |
644 | + | |
645 | +CONFIGURING | |
646 | + | |
647 | +Before you do any configuring of LDAP stuff, please try to configure | |
648 | +and start bind as usual to see if things work. | |
649 | + | |
650 | +To do anything useful, you need to store a zone in some LDAP server. | |
651 | +From this release on, you must use a schema called dNSZone. Note that | |
652 | +it relies on some attribute definitions in the Cosine schema, so that | |
653 | +must be included as well. The Cosine schema probably comes with your | |
654 | +LDAP server. You can find dNSZone and further details on how to store | |
655 | +the data in your LDAP server at | |
656 | +http://www.venaas.no/ldap/bind-sdb/ | |
657 | + | |
658 | +For an example, have a look at my venaas.com zone. Try a subtree search | |
659 | +for objectClass=* at | |
660 | +ldap ldap://129.241.20.67/dc=venaas,dc=com,o=DNS,dc=venaas,dc=no | |
661 | + | |
662 | +To use it with BIND, I've added the following to named.conf: | |
663 | +zone "venaas.com" { | |
664 | + type master; | |
665 | + database "ldap ldap://129.241.20.67/dc=venaas,dc=com,o=DNS,dc=venaas,dc=no 172800"; | |
666 | +}; | |
667 | + | |
668 | +When doing lookups BIND will do a sub-tree search below the base in the | |
669 | +URL. The number 172800 is the TTL which will be used for all entries that | |
670 | +haven't got the dNSTTL attribute. It is also possible to add an filter to | |
671 | +the URL, say ldap://host/base???(o=internal) | |
672 | + | |
673 | +Stig Venaas <venaas@uninett.no> 2002-04-17 | |
674 | diff -urN bind-9.2.3-orig/doc/README.sdb-ldap bind-9.2.3/doc/README.sdb-ldap | |
675 | --- bind-9.2.3-orig/doc/README.sdb-ldap 1969-12-31 17:00:00.000000000 -0700 | |
676 | +++ bind-9.2.3/doc/README.sdb-ldap 2003-11-16 14:53:18.000000000 -0700 | |
677 | @@ -0,0 +1,40 @@ | |
678 | +This is an attempt at an LDAP back-end for BIND 9 using the new simplified | |
679 | +database interface "sdb". This is the nineth release (0.9) and seems to | |
680 | +be pretty stable. Note that since version 0.4 a new schema is used. | |
681 | +It is not backwards compatible with versions before 0.4. | |
682 | + | |
683 | +In 0.9 the code has been cleaned up a bit and should be slightly faster | |
684 | +than previous versions. It also fixes an error with zone transfers (AXFR) | |
685 | +and entries with multiple relativeDomainName values. The problem was | |
686 | +that it would only use the first value in the result. There's no need | |
687 | +to upgrade unless you use such entries. | |
688 | + | |
689 | +0.8 uses asynchronous LDAP search which should give better performance. | |
690 | +Thanks to Ashley Burston for providing patch. Another new feature is | |
691 | +allowing filters in URLs. The syntax is as in RFC 2255. Few people will | |
692 | +need this, but if you have say an internal and external version of the | |
693 | +same zone, you could stick say o=internal and o=external into different | |
694 | +entries, and specify for instance ldap://host/base???(o=internal) | |
695 | +Some error logging has also been added. | |
696 | + | |
697 | +0.7 allows space and other characters to be used in URLs by use of %-quoting. | |
698 | +For instance space can be written as %20. It also fixes a problem with some | |
699 | +servers and/or APIs that do not preserve attribute casing. | |
700 | + | |
701 | +0.6 fixes some memory leaks present in older versions unless compiled with | |
702 | +the RFC 1823 API. | |
703 | + | |
704 | +The big changes in 0.5 are thread support and improved connection handling. | |
705 | +Multiple threads can now access the back-end simultaneously, and rather than | |
706 | +having one connection per zone, there is now one connection per thread per | |
707 | +LDAP server. This should help people with multiple CPUs and people with a | |
708 | +huge number of zones. One final change is support for literal IPv6 addresses | |
709 | +in LDAP URLs. At least OpenLDAP 2 has IPv6 support, so if you use OpenLDAP 2 | |
710 | +libraries and server, you got all you need. | |
711 | + | |
712 | +If you have bug reports, fixes, comments, questions or whatever, please | |
713 | +contact me. See also http://www.venaas.no/ldap/bind-sdb/ for information. | |
714 | + | |
715 | +See INSTALL for how to build, install and use. | |
716 | + | |
717 | +Stig Venaas <venaas@uninett.no> 2001-12-29 |