45 #if defined(LDAP_CONFIGURATION)
47 #if defined(LDAP_USE_GSSAPI)
48 #include <sasl/sasl.h>
52 #if defined(LDAP_CASA_AUTH)
53 #include "ldap_casa.h"
56 static LDAP * ld = NULL;
57 static char *ldap_server = NULL,
58 *ldap_username = NULL,
59 *ldap_password = NULL,
61 *ldap_dhcp_server_cn = NULL,
62 *ldap_debug_file = NULL;
63 static int ldap_port = LDAP_PORT,
64 ldap_method = LDAP_METHOD_DYNAMIC,
67 #if defined (LDAP_USE_SSL)
68 static int ldap_use_ssl = -1,
69 ldap_tls_reqcert = -1,
70 ldap_tls_crlcheck = -1;
71 static char *ldap_tls_ca_file = NULL,
72 *ldap_tls_ca_dir = NULL,
73 *ldap_tls_cert = NULL,
75 *ldap_tls_ciphers = NULL,
76 *ldap_tls_randfile = NULL;
78 #if defined (LDAP_USE_GSSAPI)
79 static char *ldap_gssapi_keytab = NULL,
80 *ldap_gssapi_principal = NULL;
82 static struct ldap_sasl_instance {
90 static struct ldap_sasl_instance *ldap_sasl_inst = NULL;
92 static struct ldap_config_stack *ldap_stack = NULL;
94 typedef struct ldap_dn_node {
95 struct ldap_dn_node *next;
100 static ldap_dn_node *ldap_service_dn_head = NULL;
101 static ldap_dn_node *ldap_service_dn_tail = NULL;
105 x_strncat(
char *dst,
const char *src,
size_t dst_size)
107 size_t len = strlen(dst);
108 return strncat(dst, src, dst_size > len ? dst_size - len - 1: 0);
112 ldap_parse_class (
struct ldap_config_stack *item,
struct parse *cfile)
114 struct berval **tempbv;
116 if ((tempbv = ldap_get_values_len (ld, item->ldent,
"cn")) == NULL ||
120 ldap_value_free_len (tempbv);
125 x_strncat (cfile->
inbuf,
"class \"", LDAP_BUFFER_SIZE);
126 x_strncat (cfile->
inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE);
127 x_strncat (cfile->
inbuf,
"\" {\n", LDAP_BUFFER_SIZE);
129 item->close_brace = 1;
130 ldap_value_free_len (tempbv);
135 ldap_parse_subclass (
struct ldap_config_stack *item,
struct parse *cfile)
137 struct berval **tempbv, **classdata;
139 if ((tempbv = ldap_get_values_len (ld, item->ldent,
"cn")) == NULL ||
143 ldap_value_free_len (tempbv);
148 if ((classdata = ldap_get_values_len (ld, item->ldent,
149 "dhcpClassData")) == NULL ||
150 classdata[0] == NULL)
152 if (classdata != NULL)
153 ldap_value_free_len (classdata);
154 ldap_value_free_len (tempbv);
159 x_strncat (cfile->
inbuf,
"subclass ", LDAP_BUFFER_SIZE);
160 x_strncat (cfile->
inbuf, classdata[0]->bv_val, LDAP_BUFFER_SIZE);
161 x_strncat (cfile->
inbuf,
" ", LDAP_BUFFER_SIZE);
162 x_strncat (cfile->
inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE);
163 x_strncat (cfile->
inbuf,
" {\n", LDAP_BUFFER_SIZE);
165 item->close_brace = 1;
166 ldap_value_free_len (tempbv);
167 ldap_value_free_len (classdata);
172 ldap_parse_host (
struct ldap_config_stack *item,
struct parse *cfile)
174 struct berval **tempbv, **hwaddr;
176 if ((tempbv = ldap_get_values_len (ld, item->ldent,
"cn")) == NULL ||
180 ldap_value_free_len (tempbv);
185 hwaddr = ldap_get_values_len (ld, item->ldent,
"dhcpHWAddress");
187 x_strncat (cfile->
inbuf,
"host ", LDAP_BUFFER_SIZE);
188 x_strncat (cfile->
inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE);
190 if (hwaddr != NULL && hwaddr[0] != NULL)
192 x_strncat (cfile->
inbuf,
" {\nhardware ", LDAP_BUFFER_SIZE);
193 x_strncat (cfile->
inbuf, hwaddr[0]->bv_val, LDAP_BUFFER_SIZE);
194 x_strncat (cfile->
inbuf,
";\n", LDAP_BUFFER_SIZE);
195 ldap_value_free_len (hwaddr);
198 item->close_brace = 1;
199 ldap_value_free_len (tempbv);
204 ldap_parse_shared_network (
struct ldap_config_stack *item,
struct parse *cfile)
206 struct berval **tempbv;
208 if ((tempbv = ldap_get_values_len (ld, item->ldent,
"cn")) == NULL ||
212 ldap_value_free_len (tempbv);
217 x_strncat (cfile->
inbuf,
"shared-network \"", LDAP_BUFFER_SIZE);
218 x_strncat (cfile->
inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE);
219 x_strncat (cfile->
inbuf,
"\" {\n", LDAP_BUFFER_SIZE);
221 item->close_brace = 1;
222 ldap_value_free_len (tempbv);
227 parse_netmask (
int netmask,
char *netmaskbuf)
233 for (i=1; i <= netmask; i++)
238 sprintf (netmaskbuf,
"%d.%d.%d.%d", (
int) (nm >> 24) & 0xff,
239 (
int) (nm >> 16) & 0xff,
240 (
int) (nm >> 8) & 0xff,
246 ldap_parse_subnet (
struct ldap_config_stack *item,
struct parse *cfile)
248 struct berval **tempbv, **netmaskstr;
249 char netmaskbuf[
sizeof(
"255.255.255.255")];
252 if ((tempbv = ldap_get_values_len (ld, item->ldent,
"cn")) == NULL ||
256 ldap_value_free_len (tempbv);
261 if ((netmaskstr = ldap_get_values_len (ld, item->ldent,
262 "dhcpNetmask")) == NULL ||
263 netmaskstr[0] == NULL)
265 if (netmaskstr != NULL)
266 ldap_value_free_len (netmaskstr);
267 ldap_value_free_len (tempbv);
272 x_strncat (cfile->
inbuf,
"subnet ", LDAP_BUFFER_SIZE);
273 x_strncat (cfile->
inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE);
275 x_strncat (cfile->
inbuf,
" netmask ", LDAP_BUFFER_SIZE);
276 parse_netmask (strtol (netmaskstr[0]->bv_val, NULL, 10), netmaskbuf);
277 x_strncat (cfile->
inbuf, netmaskbuf, LDAP_BUFFER_SIZE);
279 x_strncat (cfile->
inbuf,
" {\n", LDAP_BUFFER_SIZE);
281 ldap_value_free_len (tempbv);
282 ldap_value_free_len (netmaskstr);
284 if ((tempbv = ldap_get_values_len (ld, item->ldent,
"dhcpRange")) != NULL)
286 for (i=0; tempbv[i] != NULL; i++)
288 x_strncat (cfile->
inbuf,
"range", LDAP_BUFFER_SIZE);
289 x_strncat (cfile->
inbuf,
" ", LDAP_BUFFER_SIZE);
290 x_strncat (cfile->
inbuf, tempbv[i]->bv_val, LDAP_BUFFER_SIZE);
291 x_strncat (cfile->
inbuf,
";\n", LDAP_BUFFER_SIZE);
295 item->close_brace = 1;
300 ldap_parse_pool (
struct ldap_config_stack *item,
struct parse *cfile)
302 struct berval **tempbv;
305 x_strncat (cfile->
inbuf,
"pool {\n", LDAP_BUFFER_SIZE);
307 if ((tempbv = ldap_get_values_len (ld, item->ldent,
"dhcpRange")) != NULL)
309 x_strncat (cfile->
inbuf,
"range", LDAP_BUFFER_SIZE);
310 for (i=0; tempbv[i] != NULL; i++)
312 x_strncat (cfile->
inbuf,
" ", LDAP_BUFFER_SIZE);
313 x_strncat (cfile->
inbuf, tempbv[i]->bv_val, LDAP_BUFFER_SIZE);
315 x_strncat (cfile->
inbuf,
";\n", LDAP_BUFFER_SIZE);
316 ldap_value_free_len (tempbv);
319 if ((tempbv = ldap_get_values_len (ld, item->ldent,
"dhcpPermitList")) != NULL)
321 for (i=0; tempbv[i] != NULL; i++)
323 x_strncat (cfile->
inbuf, tempbv[i]->bv_val, LDAP_BUFFER_SIZE);
324 x_strncat (cfile->
inbuf,
";\n", LDAP_BUFFER_SIZE);
326 ldap_value_free_len (tempbv);
329 item->close_brace = 1;
334 ldap_parse_group (
struct ldap_config_stack *item,
struct parse *cfile)
336 x_strncat (cfile->
inbuf,
"group {\n", LDAP_BUFFER_SIZE);
337 item->close_brace = 1;
342 ldap_parse_key (
struct ldap_config_stack *item,
struct parse *cfile)
344 struct berval **tempbv;
346 if ((tempbv = ldap_get_values_len (ld, item->ldent,
"cn")) != NULL)
348 x_strncat (cfile->
inbuf,
"key ", LDAP_BUFFER_SIZE);
349 x_strncat (cfile->
inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE);
350 x_strncat (cfile->
inbuf,
" {\n", LDAP_BUFFER_SIZE);
351 ldap_value_free_len (tempbv);
354 if ((tempbv = ldap_get_values_len (ld, item->ldent,
"dhcpKeyAlgorithm")) != NULL)
356 x_strncat (cfile->
inbuf,
"algorithm ", LDAP_BUFFER_SIZE);
357 x_strncat (cfile->
inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE);
358 x_strncat (cfile->
inbuf,
";\n", LDAP_BUFFER_SIZE);
359 ldap_value_free_len (tempbv);
362 if ((tempbv = ldap_get_values_len (ld, item->ldent,
"dhcpKeySecret")) != NULL)
364 x_strncat (cfile->
inbuf,
"secret ", LDAP_BUFFER_SIZE);
365 x_strncat (cfile->
inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE);
366 x_strncat (cfile->
inbuf,
";\n", LDAP_BUFFER_SIZE);
367 ldap_value_free_len (tempbv);
370 item->close_brace = 1;
375 ldap_parse_zone (
struct ldap_config_stack *item,
struct parse *cfile)
377 char *cnFindStart, *cnFindEnd;
378 struct berval **tempbv;
382 if ((tempbv = ldap_get_values_len (ld, item->ldent,
"cn")) != NULL)
384 x_strncat (cfile->
inbuf,
"zone ", LDAP_BUFFER_SIZE);
385 x_strncat (cfile->
inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE);
386 x_strncat (cfile->
inbuf,
" {\n", LDAP_BUFFER_SIZE);
387 ldap_value_free_len (tempbv);
390 if ((tempbv = ldap_get_values_len (ld, item->ldent,
"dhcpDnsZoneServer")) != NULL)
392 x_strncat (cfile->
inbuf,
"primary ", LDAP_BUFFER_SIZE);
393 x_strncat (cfile->
inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE);
395 x_strncat (cfile->
inbuf,
";\n", LDAP_BUFFER_SIZE);
396 ldap_value_free_len (tempbv);
399 if ((tempbv = ldap_get_values_len (ld, item->ldent,
"dhcpKeyDN")) != NULL)
401 cnFindStart = strchr(tempbv[0]->bv_val,
'=');
402 if (cnFindStart != NULL)
403 cnFindEnd = strchr(++cnFindStart,
',');
407 if (cnFindEnd != NULL && cnFindEnd > cnFindStart)
409 len = cnFindEnd - cnFindStart;
420 strncpy (keyCn, cnFindStart, len);
423 x_strncat (cfile->
inbuf,
"key ", LDAP_BUFFER_SIZE);
424 x_strncat (cfile->
inbuf, keyCn, LDAP_BUFFER_SIZE);
425 x_strncat (cfile->
inbuf,
";\n", LDAP_BUFFER_SIZE);
430 ldap_value_free_len (tempbv);
433 item->close_brace = 1;
438 add_to_config_stack (LDAPMessage * res, LDAPMessage * ent)
440 struct ldap_config_stack *ns;
447 ns->next = ldap_stack;
455 struct sigaction old, new;
467 new.sa_handler = SIG_IGN;
468 sigemptyset (&
new.sa_mask);
469 sigaction (SIGPIPE, &
new, &old);
471 ldap_unbind_ext_s (ld, NULL, NULL);
474 sigaction (SIGPIPE, &old, &
new);
479 _do_lookup_dhcp_string_option (
struct option_state *options,
int option_name)
485 memset (&db, 0,
sizeof (db));
489 (
struct lease *) NULL,
493 db.data != NULL && *db.data !=
'\0')
498 log_fatal (
"no memory for ldap option %d value", option_name);
500 memcpy (ret, db.data, db.len);
512 _do_lookup_dhcp_int_option (
struct option_state *options,
int option_name)
518 memset (&db, 0,
sizeof (db));
522 (
struct lease *) NULL,
526 db.data != NULL && *db.data !=
'\0')
528 ret = strtol ((
const char *) db.data, NULL, 10);
539 _do_lookup_dhcp_enum_option (
struct option_state *options,
int option_name)
545 memset (&db, 0,
sizeof (db));
549 (
struct lease *) NULL,
553 db.data != NULL && *db.data !=
'\0')
558 log_fatal (
"invalid option name %d", option_name);
568 #if defined(LDAP_USE_GSSAPI)
570 _ldap_sasl_interact(LDAP *ld,
unsigned flags,
void *defaults,
void *sin)
573 struct ldap_sasl_instance *ldap_inst = defaults;
574 int ret = LDAP_OTHER;
577 if (ld == NULL || sin == NULL)
578 return LDAP_PARAM_ERROR;
581 for (in = sin; in != NULL && in->id != SASL_CB_LIST_END; in++) {
584 log_info(
"got request for SASL_CB_USER %s", ldap_inst->sasl_authz_id);
585 size = strlen(ldap_inst->sasl_authz_id);
586 in->result = ldap_inst->sasl_authz_id;
590 case SASL_CB_GETREALM:
591 log_info(
"got request for SASL_CB_GETREALM %s", ldap_inst->sasl_realm);
592 size = strlen(ldap_inst->sasl_realm);
593 in->result = ldap_inst->sasl_realm;
597 case SASL_CB_AUTHNAME:
598 log_info(
"got request for SASL_CB_AUTHNAME %s", ldap_inst->sasl_authc_id);
599 size = strlen(ldap_inst->sasl_authc_id);
600 in->result = ldap_inst->sasl_authc_id;
605 log_info(
"got request for SASL_CB_PASS %s", ldap_inst->sasl_password);
606 size = strlen(ldap_inst->sasl_password);
607 in->result = ldap_inst->sasl_password;
625 ldap_rebind_cb (LDAP *ld, LDAP_CONST
char *url, ber_tag_t request, ber_int_t msgid,
void *parms)
628 LDAPURLDesc *ldapurl = NULL;
632 log_info(
"LDAP rebind to '%s'", url);
633 if ((ret = ldap_url_parse(url, &ldapurl)) != LDAP_SUCCESS)
635 log_error (
"Error: Can not parse ldap rebind url '%s': %s",
636 url, ldap_err2string(ret));
641 #if defined (LDAP_USE_SSL)
642 if (strcasecmp(ldapurl->lud_scheme,
"ldaps") == 0)
644 int opt = LDAP_OPT_X_TLS_HARD;
645 if ((ret = ldap_set_option (ld, LDAP_OPT_X_TLS, &opt)) != LDAP_SUCCESS)
647 log_error (
"Error: Cannot init LDAPS session to %s:%d: %s",
648 ldapurl->lud_host, ldapurl->lud_port, ldap_err2string (ret));
653 log_info (
"LDAPS session successfully enabled to %s", ldap_server);
657 if (strcasecmp(ldapurl->lud_scheme,
"ldap") == 0 &&
658 ldap_use_ssl != LDAP_SSL_OFF)
660 if ((ret = ldap_start_tls_s (ld, NULL, NULL)) != LDAP_SUCCESS)
662 log_error (
"Error: Cannot start TLS session to %s:%d: %s",
663 ldapurl->lud_host, ldapurl->lud_port, ldap_err2string (ret));
668 log_info (
"TLS session successfully started to %s:%d",
669 ldapurl->lud_host, ldapurl->lud_port);
674 if (ldap_username != NULL && *ldap_username !=
'\0')
676 #if defined(LDAP_USE_GSSAPI)
677 if (ldap_gssapi_principal != NULL) {
678 log_error(
"Cannot use gssapi and username / password simultaneously");
683 creds.bv_val = strdup(ldap_password);
684 creds.bv_len = strlen(ldap_password);
686 if ((ret = ldap_sasl_bind_s (ld, ldap_username, LDAP_SASL_SIMPLE,
687 &creds, NULL, NULL, NULL)) != LDAP_SUCCESS)
689 log_error (
"Error: Cannot login into ldap server %s:%d: %s",
690 ldap_server, ldap_port, ldap_err2string (ret));
694 #if defined(LDAP_USE_GSSAPI)
696 if (ldap_gssapi_principal != NULL) {
697 krb5_get_tgt(ldap_gssapi_principal, ldap_gssapi_keytab);
698 if ((ret = ldap_sasl_interactive_bind_s(ld, NULL, ldap_sasl_inst->sasl_mech,
699 NULL, NULL, LDAP_SASL_AUTOMATIC,
700 _ldap_sasl_interact, ldap_sasl_inst)
703 log_error (
"Error: Cannot SASL bind to ldap server %s:%d: %s",
704 ldap_server, ldap_port, ldap_err2string (ret));
706 ldap_get_option( ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, (
void*)&msg);
707 log_error (
"\tAdditional info: %s", msg);
725 #if defined(LDAP_USE_GSSAPI)
726 char *gssapi_realm = NULL;
727 char *gssapi_user = NULL;
728 char *running = NULL;
729 const char *gssapi_delim =
"@";
736 if (ldap_server == NULL)
745 ldap_server = _do_lookup_dhcp_string_option (options, SV_LDAP_SERVER);
746 ldap_dhcp_server_cn = _do_lookup_dhcp_string_option (options,
747 SV_LDAP_DHCP_SERVER_CN);
748 ldap_port = _do_lookup_dhcp_int_option (options, SV_LDAP_PORT);
749 ldap_base_dn = _do_lookup_dhcp_string_option (options, SV_LDAP_BASE_DN);
750 ldap_method = _do_lookup_dhcp_enum_option (options, SV_LDAP_METHOD);
751 ldap_debug_file = _do_lookup_dhcp_string_option (options,
753 ldap_referrals = _do_lookup_dhcp_enum_option (options, SV_LDAP_REFERRALS);
755 #if defined (LDAP_USE_SSL)
756 ldap_use_ssl = _do_lookup_dhcp_enum_option (options, SV_LDAP_SSL);
757 if( ldap_use_ssl != LDAP_SSL_OFF)
759 ldap_tls_reqcert = _do_lookup_dhcp_enum_option (options, SV_LDAP_TLS_REQCERT);
760 ldap_tls_ca_file = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CA_FILE);
761 ldap_tls_ca_dir = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CA_DIR);
762 ldap_tls_cert = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CERT);
763 ldap_tls_key = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_KEY);
764 ldap_tls_crlcheck = _do_lookup_dhcp_enum_option (options, SV_LDAP_TLS_CRLCHECK);
765 ldap_tls_ciphers = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CIPHERS);
766 ldap_tls_randfile = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_RANDFILE);
769 #if defined (LDAP_USE_GSSAPI)
770 ldap_gssapi_keytab = _do_lookup_dhcp_string_option (options, SV_LDAP_GSSAPI_KEYTAB);
771 ldap_gssapi_principal = _do_lookup_dhcp_string_option (options, SV_LDAP_GSSAPI_PRINCIPAL);
773 running = strdup(ldap_gssapi_principal);
774 gssapi_user = strtok(running, gssapi_delim);
775 gssapi_realm = strtok(NULL, gssapi_delim);
776 ldap_sasl_inst = malloc(
sizeof(
struct ldap_sasl_instance));
777 if (ldap_sasl_inst == NULL) {
778 log_error(
"Could not allocate memory for sasl instance! Can not run!");
782 ldap_sasl_inst->sasl_mech = ber_strdup(
"GSSAPI");
783 ldap_sasl_inst->sasl_realm = ber_strdup(gssapi_realm);
784 ldap_sasl_inst->sasl_authz_id = ber_strdup(gssapi_user);
785 ldap_sasl_inst->sasl_authc_id = NULL;
786 ldap_sasl_inst->sasl_password = NULL;
790 #if defined (LDAP_CASA_AUTH)
791 if (!load_uname_pwd_from_miCASA(&ldap_username,&ldap_password))
793 #if defined (DEBUG_LDAP)
794 log_info (
"Authentication credential taken from file");
798 ldap_username = _do_lookup_dhcp_string_option (options, SV_LDAP_USERNAME);
799 ldap_password = _do_lookup_dhcp_string_option (options, SV_LDAP_PASSWORD);
801 #if defined (LDAP_CASA_AUTH)
808 if (ldap_server == NULL || ldap_base_dn == NULL)
810 log_info (
"Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file");
811 ldap_method = LDAP_METHOD_STATIC;
815 if (ldap_debug_file != NULL && ldap_debug_fd == -1)
817 if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC,
818 S_IRUSR | S_IWUSR)) < 0)
819 log_error (
"Error opening debug LDAP log file %s: %s", ldap_debug_file,
823 #if defined (DEBUG_LDAP)
824 log_info (
"Connecting to LDAP server %s:%d", ldap_server, ldap_port);
827 #if defined (LDAP_USE_SSL)
828 if (ldap_use_ssl == -1)
835 int opt = LDAP_OPT_X_TLS_ALLOW;
836 if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_REQUIRE_CERT,
837 &opt)) != LDAP_SUCCESS)
839 log_error (
"Warning: Cannot set LDAP TLS require cert option to 'allow': %s",
840 ldap_err2string (ret));
844 if (ldap_use_ssl != LDAP_SSL_OFF)
846 if (ldap_tls_reqcert != -1)
848 if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_REQUIRE_CERT,
849 &ldap_tls_reqcert)) != LDAP_SUCCESS)
851 log_error (
"Cannot set LDAP TLS require cert option: %s",
852 ldap_err2string (ret));
856 if( ldap_tls_ca_file != NULL)
858 if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTFILE,
859 ldap_tls_ca_file)) != LDAP_SUCCESS)
861 log_error (
"Cannot set LDAP TLS CA certificate file %s: %s",
862 ldap_tls_ca_file, ldap_err2string (ret));
865 if( ldap_tls_ca_dir != NULL)
867 if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTDIR,
868 ldap_tls_ca_dir)) != LDAP_SUCCESS)
870 log_error (
"Cannot set LDAP TLS CA certificate dir %s: %s",
871 ldap_tls_ca_dir, ldap_err2string (ret));
874 if( ldap_tls_cert != NULL)
876 if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CERTFILE,
877 ldap_tls_cert)) != LDAP_SUCCESS)
879 log_error (
"Cannot set LDAP TLS client certificate file %s: %s",
880 ldap_tls_cert, ldap_err2string (ret));
883 if( ldap_tls_key != NULL)
885 if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_KEYFILE,
886 ldap_tls_key)) != LDAP_SUCCESS)
888 log_error (
"Cannot set LDAP TLS certificate key file %s: %s",
889 ldap_tls_key, ldap_err2string (ret));
892 if( ldap_tls_crlcheck != -1)
894 int opt = ldap_tls_crlcheck;
895 if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CRLCHECK,
896 &opt)) != LDAP_SUCCESS)
898 log_error (
"Cannot set LDAP TLS crl check option: %s",
899 ldap_err2string (ret));
902 if( ldap_tls_ciphers != NULL)
904 if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CIPHER_SUITE,
905 ldap_tls_ciphers)) != LDAP_SUCCESS)
907 log_error (
"Cannot set LDAP TLS cipher suite %s: %s",
908 ldap_tls_ciphers, ldap_err2string (ret));
911 if( ldap_tls_randfile != NULL)
913 if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_RANDOM_FILE,
914 ldap_tls_randfile)) != LDAP_SUCCESS)
916 log_error (
"Cannot set LDAP TLS random file %s: %s",
917 ldap_tls_randfile, ldap_err2string (ret));
924 uri = malloc(strlen(ldap_server) + 16);
927 log_error (
"Cannot build ldap init URI %s:%d", ldap_server, ldap_port);
931 sprintf(uri,
"ldap://%s:%d", ldap_server, ldap_port);
932 ldap_initialize(&ld, uri);
936 log_error (
"Cannot init ldap session to %s:%d", ldap_server, ldap_port);
942 version = LDAP_VERSION3;
943 if ((ret = ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &version)) != LDAP_OPT_SUCCESS)
945 log_error (
"Cannot set LDAP version to %d: %s", version,
946 ldap_err2string (ret));
949 if (ldap_referrals != -1)
951 if ((ret = ldap_set_option (ld, LDAP_OPT_REFERRALS, ldap_referrals ?
952 LDAP_OPT_ON : LDAP_OPT_OFF)) != LDAP_OPT_SUCCESS)
954 log_error (
"Cannot %s LDAP referrals option: %s",
955 (ldap_referrals ?
"enable" :
"disable"),
956 ldap_err2string (ret));
960 if ((ret = ldap_set_rebind_proc(ld, ldap_rebind_cb, NULL)) != LDAP_SUCCESS)
962 log_error (
"Warning: Cannot set ldap rebind procedure: %s",
963 ldap_err2string (ret));
966 #if defined (LDAP_USE_SSL)
967 if (ldap_use_ssl == LDAP_SSL_LDAPS ||
968 (ldap_use_ssl == LDAP_SSL_ON && ldap_port == LDAPS_PORT))
970 int opt = LDAP_OPT_X_TLS_HARD;
971 if ((ret = ldap_set_option (ld, LDAP_OPT_X_TLS, &opt)) != LDAP_SUCCESS)
973 log_error (
"Error: Cannot init LDAPS session to %s:%d: %s",
974 ldap_server, ldap_port, ldap_err2string (ret));
980 log_info (
"LDAPS session successfully enabled to %s:%d",
981 ldap_server, ldap_port);
984 else if (ldap_use_ssl != LDAP_SSL_OFF)
986 if ((ret = ldap_start_tls_s (ld, NULL, NULL)) != LDAP_SUCCESS)
988 log_error (
"Error: Cannot start TLS session to %s:%d: %s",
989 ldap_server, ldap_port, ldap_err2string (ret));
995 log_info (
"TLS session successfully started to %s:%d",
996 ldap_server, ldap_port);
1001 if (ldap_username != NULL && *ldap_username !=
'\0')
1003 #if defined(LDAP_USE_GSSAPI)
1004 if (ldap_gssapi_principal != NULL) {
1005 log_error(
"Cannot use gssapi and username / password simultaneously");
1010 creds.bv_val = strdup(ldap_password);
1011 creds.bv_len = strlen(ldap_password);
1013 if ((ret = ldap_sasl_bind_s (ld, ldap_username, LDAP_SASL_SIMPLE,
1014 &creds, NULL, NULL, NULL)) != LDAP_SUCCESS)
1016 log_error (
"Error: Cannot login into ldap server %s:%d: %s",
1017 ldap_server, ldap_port, ldap_err2string (ret));
1021 #if defined(LDAP_USE_GSSAPI)
1023 if (ldap_gssapi_principal != NULL) {
1024 krb5_get_tgt(ldap_gssapi_principal, ldap_gssapi_keytab);
1025 if ((ret = ldap_sasl_interactive_bind_s(ld, NULL, ldap_sasl_inst->sasl_mech,
1026 NULL, NULL, LDAP_SASL_AUTOMATIC,
1027 _ldap_sasl_interact, ldap_sasl_inst)
1030 log_error (
"Error: Cannot SASL bind to ldap server %s:%d: %s",
1031 ldap_server, ldap_port, ldap_err2string (ret));
1033 ldap_get_option( ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, (
void*)&msg);
1034 log_error (
"\tAdditional info: %s", msg);
1043 #if defined (DEBUG_LDAP)
1044 log_info (
"Successfully logged into LDAP server %s", ldap_server);
1050 parse_external_dns (LDAPMessage * ent)
1052 char *search[] = {
"dhcpFailOverPeerDN",
"dhcpOptionsDN",
"dhcpSharedNetworkDN",
"dhcpSubnetDN",
1053 "dhcpGroupDN",
"dhcpHostDN",
"dhcpClassesDN",
1054 "dhcpPoolDN", NULL};
1055 LDAPMessage * newres, * newent;
1056 struct berval **tempbv;
1058 #if defined (DEBUG_LDAP)
1061 dn = ldap_get_dn (ld, ent);
1064 log_info (
"Parsing external DNs for '%s'", dn);
1074 for (i=0; search[i] != NULL; i++)
1076 if ((tempbv = ldap_get_values_len (ld, ent, search[i])) == NULL)
1079 for (j=0; tempbv[j] != NULL; j++)
1081 if (*tempbv[j]->bv_val ==
'\0')
1084 if ((ret = ldap_search_ext_s(ld, tempbv[j]->bv_val, LDAP_SCOPE_BASE,
1085 "objectClass=*", NULL, 0, NULL,
1086 NULL, NULL, 0, &newres)) != LDAP_SUCCESS)
1088 ldap_value_free_len (tempbv);
1093 #if defined (DEBUG_LDAP)
1094 log_info (
"Adding contents of subtree '%s' to config stack from '%s' reference", tempbv[j], search[i]);
1096 for (newent = ldap_first_entry (ld, newres);
1098 newent = ldap_next_entry (ld, newent))
1100 #if defined (DEBUG_LDAP)
1101 dn = ldap_get_dn (ld, newent);
1104 log_info (
"Adding LDAP result set starting with '%s' to config stack", dn);
1109 add_to_config_stack (newres, newent);
1114 ldap_value_free_len (tempbv);
1120 free_stack_entry (
struct ldap_config_stack *item)
1122 struct ldap_config_stack *look_ahead_pointer = item;
1123 int may_free_msg = 1;
1125 while (look_ahead_pointer->next != NULL)
1127 look_ahead_pointer = look_ahead_pointer->next;
1128 if (look_ahead_pointer->res == item->res)
1136 ldap_msgfree (item->res);
1143 next_ldap_entry (
struct parse *cfile)
1145 struct ldap_config_stack *temp_stack;
1147 if (ldap_stack != NULL && ldap_stack->close_brace)
1149 x_strncat (cfile->
inbuf,
"}\n", LDAP_BUFFER_SIZE);
1150 ldap_stack->close_brace = 0;
1153 while (ldap_stack != NULL &&
1154 (ldap_stack->ldent == NULL ||
1155 (ldap_stack->ldent = ldap_next_entry (ld, ldap_stack->ldent)) == NULL))
1157 if (ldap_stack->close_brace)
1159 x_strncat (cfile->
inbuf,
"}\n", LDAP_BUFFER_SIZE);
1160 ldap_stack->close_brace = 0;
1163 temp_stack = ldap_stack;
1164 ldap_stack = ldap_stack->next;
1165 free_stack_entry (temp_stack);
1168 if (ldap_stack != NULL && ldap_stack->close_brace)
1170 x_strncat (cfile->
inbuf,
"}\n", LDAP_BUFFER_SIZE);
1171 ldap_stack->close_brace = 0;
1177 check_statement_end (
const char *statement)
1181 if (statement == NULL || *statement ==
'\0')
1189 ptr = strrchr (statement,
'}');
1193 for (++ptr; isspace ((
int)*ptr); ptr++);
1208 ptr = strrchr (statement,
';');
1212 for (++ptr; isspace ((
int)*ptr); ptr++);
1226 ldap_parse_entry_options (LDAPMessage *ent,
char *
buffer,
size_t size,
1229 struct berval **tempbv;
1232 if (ent == NULL || buffer == NULL || size == 0)
1233 return (ISC_R_FAILURE);
1235 if ((tempbv = ldap_get_values_len (ld, ent,
"dhcpStatements")) != NULL)
1237 for (i=0; tempbv[i] != NULL; i++)
1239 if (lease_limit != NULL &&
1240 strncasecmp (
"lease limit ", tempbv[i]->bv_val, 12) == 0)
1242 *lease_limit = (
int) strtol ((tempbv[i]->bv_val) + 12, NULL, 10);
1246 x_strncat (buffer, tempbv[i]->bv_val, size);
1248 switch((
int) check_statement_end (tempbv[i]->bv_val))
1252 x_strncat (buffer,
"\n", size);
1255 x_strncat (buffer,
";\n", size);
1259 ldap_value_free_len (tempbv);
1262 if ((tempbv = ldap_get_values_len (ld, ent,
"dhcpOption")) != NULL)
1264 for (i=0; tempbv[i] != NULL; i++)
1266 x_strncat (buffer,
"option ", size);
1267 x_strncat (buffer, tempbv[i]->bv_val, size);
1268 switch ((
int) check_statement_end (tempbv[i]->bv_val))
1271 x_strncat (buffer,
"\n", size);
1274 x_strncat (buffer,
";\n", size);
1278 ldap_value_free_len (tempbv);
1281 return (ISC_R_SUCCESS);
1286 ldap_generate_config_string (
struct parse *cfile)
1288 struct berval **objectClass;
1290 struct ldap_config_stack *entry;
1291 LDAPMessage * ent, * res;
1292 int i, ignore, found;
1301 if ((objectClass = ldap_get_values_len (ld, entry->ldent,
1302 "objectClass")) == NULL)
1307 for (i=0; objectClass[i] != NULL; i++)
1309 if (strcasecmp (objectClass[i]->bv_val,
"dhcpSharedNetwork") == 0)
1310 ldap_parse_shared_network (entry, cfile);
1311 else if (strcasecmp (objectClass[i]->bv_val,
"dhcpClass") == 0)
1312 ldap_parse_class (entry, cfile);
1313 else if (strcasecmp (objectClass[i]->bv_val,
"dhcpSubnet") == 0)
1314 ldap_parse_subnet (entry, cfile);
1315 else if (strcasecmp (objectClass[i]->bv_val,
"dhcpPool") == 0)
1316 ldap_parse_pool (entry, cfile);
1317 else if (strcasecmp (objectClass[i]->bv_val,
"dhcpGroup") == 0)
1318 ldap_parse_group (entry, cfile);
1319 else if (strcasecmp (objectClass[i]->bv_val,
"dhcpTSigKey") == 0)
1320 ldap_parse_key (entry, cfile);
1321 else if (strcasecmp (objectClass[i]->bv_val,
"dhcpDnsZone") == 0)
1322 ldap_parse_zone (entry, cfile);
1323 else if (strcasecmp (objectClass[i]->bv_val,
"dhcpHost") == 0)
1325 if (ldap_method == LDAP_METHOD_STATIC)
1326 ldap_parse_host (entry, cfile);
1333 else if (strcasecmp (objectClass[i]->bv_val,
"dhcpSubClass") == 0)
1335 if (ldap_method == LDAP_METHOD_STATIC)
1336 ldap_parse_subclass (entry, cfile);
1346 if (found && cfile->
inbuf[0] ==
'\0')
1353 ldap_value_free_len (objectClass);
1357 next_ldap_entry (cfile);
1361 ldap_parse_entry_options(entry->ldent, cfile->
inbuf,
1362 LDAP_BUFFER_SIZE-1, NULL);
1364 dn = ldap_get_dn (ld, entry->ldent);
1366 #if defined(DEBUG_LDAP)
1368 log_info (
"Found LDAP entry '%s'", dn);
1372 (ret = ldap_search_ext_s (ld, dn, LDAP_SCOPE_ONELEVEL,
1373 "objectClass=*", NULL, 0, NULL, NULL,
1374 NULL, 0, &res)) != LDAP_SUCCESS)
1385 if ((ent = ldap_first_entry (ld, res)) != NULL)
1387 add_to_config_stack (res, ent);
1388 parse_external_dns (entry->ldent);
1393 parse_external_dns (entry->ldent);
1394 next_ldap_entry (cfile);
1400 ldap_close_debug_fd()
1402 if (ldap_debug_fd != -1)
1404 close (ldap_debug_fd);
1411 ldap_write_debug (
const void *buff,
size_t size)
1413 if (ldap_debug_fd != -1)
1415 if (write (ldap_debug_fd, buff, size) < 0)
1417 log_error (
"Error writing to LDAP debug file %s: %s."
1418 " Disabling log file.", ldap_debug_file,
1420 ldap_close_debug_fd();
1426 ldap_read_function (
struct parse *cfile)
1428 cfile->
inbuf[0] =
'\0';
1431 while (ldap_stack != NULL && *cfile->
inbuf ==
'\0')
1432 ldap_generate_config_string (cfile);
1434 if (ldap_stack == NULL && *cfile->
inbuf ==
'\0')
1442 #if defined (DEBUG_LDAP)
1446 return (cfile->
inbuf[0]);
1451 ldap_get_host_name (LDAPMessage * ent)
1453 struct berval **name;
1457 if ((name = ldap_get_values_len (ld, ent,
"cn")) == NULL || name[0] == NULL)
1460 ldap_value_free_len (name);
1462 #if defined (DEBUG_LDAP)
1463 ret = ldap_get_dn (ld, ent);
1466 log_info (
"Cannot get cn attribute for LDAP entry %s", ret);
1473 ret =
dmalloc (strlen (name[0]->bv_val) + 1,
MDL);
1474 strcpy (ret, name[0]->bv_val);
1475 ldap_value_free_len (name);
1482 getfqhostname(
char *fqhost,
size_t size)
1484 #if defined(MAXHOSTNAMELEN)
1485 char hname[MAXHOSTNAMELEN];
1491 if(NULL == fqhost || 1 >= size)
1494 memset(hname, 0,
sizeof(hname));
1495 if( gethostname(hname,
sizeof(hname)-1))
1498 if(NULL == (hp = gethostbyname(hname)))
1501 strncpy(fqhost, hp->h_name, size-1);
1502 fqhost[size-1] =
'\0';
1508 ldap_read_config (
void)
1510 LDAPMessage * ldres, * hostres, * ent, * hostent;
1511 char hfilter[1024], sfilter[1024], fqdn[257];
1512 char *buffer, *hostdn;
1513 ldap_dn_node *curr = NULL;
1514 struct parse *cfile;
1515 struct utsname unme;
1519 struct berval **tempbv = NULL;
1524 return (ldap_server == NULL ? ISC_R_SUCCESS : ISC_R_FAILURE);
1528 return (ISC_R_FAILURE);
1530 cfile = (
struct parse *) NULL;
1531 res =
new_parse (&cfile, -1, buffer, LDAP_BUFFER_SIZE,
"LDAP", 0);
1532 if (res != ISC_R_SUCCESS)
1536 if (ldap_dhcp_server_cn != NULL)
1538 snprintf (hfilter,
sizeof (hfilter),
1539 "(&(objectClass=dhcpServer)(cn=%s))", ldap_dhcp_server_cn);
1543 if(0 == getfqhostname(fqdn,
sizeof(fqdn)))
1545 snprintf (hfilter,
sizeof (hfilter),
1546 "(&(objectClass=dhcpServer)(|(cn=%s)(cn=%s)))",
1547 unme.nodename, fqdn);
1551 snprintf (hfilter,
sizeof (hfilter),
1552 "(&(objectClass=dhcpServer)(cn=%s))", unme.nodename);
1557 if ((ret = ldap_search_ext_s (ld, ldap_base_dn, LDAP_SCOPE_SUBTREE,
1558 hfilter, NULL, 0, NULL, NULL, NULL, 0,
1559 &hostres)) != LDAP_SUCCESS)
1561 log_error (
"Cannot find host LDAP entry %s %s",
1562 ((ldap_dhcp_server_cn == NULL)?(unme.nodename):(ldap_dhcp_server_cn)), hfilter);
1564 ldap_msgfree (hostres);
1566 return (ISC_R_FAILURE);
1569 if ((hostent = ldap_first_entry (ld, hostres)) == NULL)
1571 log_error (
"Error: Cannot find LDAP entry matching %s", hfilter);
1572 ldap_msgfree (hostres);
1574 return (ISC_R_FAILURE);
1577 hostdn = ldap_get_dn (ld, hostent);
1578 #if defined(DEBUG_LDAP)
1580 log_info (
"Found dhcpServer LDAP entry '%s'", hostdn);
1583 if (hostdn == NULL ||
1584 (tempbv = ldap_get_values_len (ld, hostent,
"dhcpServiceDN")) == NULL ||
1587 log_error (
"Error: Cannot find LDAP entry matching %s", hfilter);
1590 ldap_value_free_len (tempbv);
1593 ldap_memfree (hostdn);
1594 ldap_msgfree (hostres);
1596 return (ISC_R_FAILURE);
1599 #if defined(DEBUG_LDAP)
1600 log_info (
"LDAP: Parsing dhcpServer options '%s' ...", hostdn);
1603 cfile->
inbuf[0] =
'\0';
1604 ldap_parse_entry_options(hostent, cfile->
inbuf, LDAP_BUFFER_SIZE, NULL);
1611 if (res != ISC_R_SUCCESS)
1613 log_error (
"LDAP: cannot parse dhcpServer entry '%s'", hostdn);
1614 ldap_memfree (hostdn);
1618 cfile->
inbuf[0] =
'\0';
1620 ldap_msgfree (hostres);
1626 cfile->read_function = ldap_read_function;
1628 res = ISC_R_SUCCESS;
1629 for (cnt=0; tempbv[cnt] != NULL; cnt++)
1631 snprintf(sfilter,
sizeof(sfilter),
"(&(objectClass=dhcpService)"
1632 "(|(dhcpPrimaryDN=%s)(dhcpSecondaryDN=%s)))",
1635 if ((ret = ldap_search_ext_s (ld, tempbv[cnt]->bv_val, LDAP_SCOPE_BASE,
1636 sfilter, NULL, 0, NULL, NULL, NULL,
1637 0, &ldres)) != LDAP_SUCCESS)
1639 log_error (
"Error searching for dhcpServiceDN '%s': %s. Please update the LDAP entry '%s'",
1640 tempbv[cnt]->bv_val, ldap_err2string (ret), hostdn);
1642 ldap_msgfree(ldres);
1643 res = ISC_R_FAILURE;
1647 if ((ent = ldap_first_entry (ld, ldres)) == NULL)
1649 log_error (
"Error: Cannot find dhcpService DN '%s' with primary or secondary server reference. Please update the LDAP server entry '%s'",
1650 tempbv[cnt]->bv_val, hostdn);
1652 ldap_msgfree(ldres);
1653 res = ISC_R_FAILURE;
1666 length = strlen (tempbv[cnt]->bv_val);
1668 if (curr->dn == NULL)
1674 strcpy (curr->dn, tempbv[cnt]->bv_val);
1682 if (ldap_service_dn_tail != NULL)
1683 ldap_service_dn_tail->next = curr;
1685 ldap_service_dn_head = curr;
1687 ldap_service_dn_tail = curr;
1690 log_fatal (
"no memory to remember ldap service dn");
1692 #if defined (DEBUG_LDAP)
1693 log_info (
"LDAP: Parsing dhcpService DN '%s' ...", tempbv[cnt]);
1695 add_to_config_stack (ldres, ent);
1697 if (res != ISC_R_SUCCESS)
1699 log_error (
"LDAP: cannot parse dhcpService entry '%s'", tempbv[cnt]->bv_val);
1705 ldap_close_debug_fd();
1707 ldap_memfree (hostdn);
1708 ldap_value_free_len (tempbv);
1710 if (res != ISC_R_SUCCESS)
1712 struct ldap_config_stack *temp_stack;
1714 while ((curr = ldap_service_dn_head) != NULL)
1716 ldap_service_dn_head = curr->next;
1721 ldap_service_dn_tail = NULL;
1723 while ((temp_stack = ldap_stack) != NULL)
1725 ldap_stack = temp_stack->next;
1726 free_stack_entry (temp_stack);
1733 if (ldap_method == LDAP_METHOD_STATIC)
1747 ldap_parse_options (LDAPMessage * ent,
struct group *
group,
1749 struct class **
class)
1751 int declaration, lease_limit;
1752 char option_buffer[8192];
1754 struct parse *cfile;
1759 *option_buffer =
'\0';
1765 char *hostdn, *basedn, *temp1, *temp2, filter[1024];
1766 LDAPMessage *groupdn, *entry;
1769 hostdn = ldap_get_dn (ld, ent);
1774 temp1 = strchr (hostdn,
'=');
1776 temp1 = strchr (++temp1,
'=');
1778 temp2 = strchr (++temp1,
',');
1784 snprintf (filter,
sizeof(filter),
1785 "(&(cn=%.*s)(objectClass=dhcpGroup))",
1786 (
int)(temp2 - temp1), temp1);
1788 basedn = strchr (temp1,
',');
1793 if (basedn != NULL && *basedn !=
'\0')
1795 ret = ldap_search_ext_s (ld, basedn, LDAP_SCOPE_SUBTREE, filter,
1796 NULL, 0, NULL, NULL, NULL, 0, &groupdn);
1797 if (ret == LDAP_SUCCESS)
1799 if ((entry = ldap_first_entry (ld, groupdn)) != NULL)
1801 res = ldap_parse_entry_options (entry, option_buffer,
1802 sizeof(option_buffer) - 1,
1804 if (res != ISC_R_SUCCESS)
1807 *option_buffer =
'\0';
1811 ldap_msgfree( groupdn);
1814 ldap_memfree( hostdn);
1818 res = ldap_parse_entry_options (ent, option_buffer,
sizeof(option_buffer) - 1,
1820 if (res != ISC_R_SUCCESS)
1821 return (lease_limit);
1823 option_buffer[
sizeof(option_buffer) - 1] =
'\0';
1824 if (*option_buffer ==
'\0')
1825 return (lease_limit);
1827 cfile = (
struct parse *) NULL;
1828 res =
new_parse (&cfile, -1, option_buffer, strlen (option_buffer),
1829 type ==
HOST_DECL ?
"LDAP-HOST" :
"LDAP-SUBCLASS", 0);
1830 if (res != ISC_R_SUCCESS)
1831 return (lease_limit);
1833 #if defined (DEBUG_LDAP)
1834 log_info (
"Sending the following options: '%s'", option_buffer);
1843 declaration =
parse_statement (cfile, group, type, host, declaration);
1848 return (lease_limit);
1854 find_haddr_in_ldap (
struct host_decl **hp,
int htype,
unsigned hlen,
1855 const unsigned char *haddr,
const char *
file,
int line)
1857 char buf[128], *type_str;
1858 LDAPMessage * res, *ent;
1860 isc_result_t status;
1864 if (ldap_method == LDAP_METHOD_STATIC)
1875 type_str =
"ethernet";
1878 type_str =
"token-ring";
1884 log_info (
"Ignoring unknown type %d", htype);
1892 snprintf (buf,
sizeof (buf),
1893 "(&(objectClass=dhcpHost)(dhcpHWAddress=%s %s))",
1897 for (curr = ldap_service_dn_head;
1898 curr != NULL && *curr->dn !=
'\0';
1901 #if defined (DEBUG_LDAP)
1902 log_info (
"Searching for %s in LDAP tree %s", buf, curr->dn);
1904 ret = ldap_search_ext_s (ld, curr->dn, LDAP_SCOPE_SUBTREE, buf, NULL, 0,
1905 NULL, NULL, NULL, 0, &res);
1907 if(ret == LDAP_SERVER_DOWN)
1909 log_info (
"LDAP server was down, trying to reconnect...");
1915 log_info (
"LDAP reconnect failed - try again later...");
1919 ret = ldap_search_ext_s (ld, curr->dn, LDAP_SCOPE_SUBTREE, buf, NULL,
1920 0, NULL, NULL, NULL, 0, &res);
1923 if (ret == LDAP_SUCCESS)
1925 if( (ent = ldap_first_entry (ld, res)) != NULL)
1928 #if defined (DEBUG_LDAP)
1929 log_info (
"No host entry for %s in LDAP tree %s",
1946 if (ret != LDAP_NO_SUCH_OBJECT && ret != LDAP_SUCCESS)
1948 log_error (
"Cannot search for %s in LDAP tree %s: %s", buf,
1949 curr->dn, ldap_err2string (ret));
1953 #if defined (DEBUG_LDAP)
1956 log_info (
"ldap_search_ext_s returned %s when searching for %s in %s",
1957 ldap_err2string (ret), buf, curr->dn);
1965 #if defined (DEBUG_LDAP)
1966 char *dn = ldap_get_dn (ld, ent);
1969 log_info (
"Found dhcpHWAddress LDAP entry %s", dn);
1975 status = host_allocate (&host,
MDL);
1976 if (status != ISC_R_SUCCESS)
1978 log_fatal (
"can't allocate host decl struct: %s",
1979 isc_result_totext (status));
1984 host->
name = ldap_get_host_name (ent);
1985 if (host->
name == NULL)
1987 host_dereference (&host,
MDL);
1995 host_dereference (&host,
MDL);
2008 if(res) ldap_msgfree (res);
2014 find_subclass_in_ldap (
struct class *
class,
struct class **newclass,
2017 LDAPMessage * res, * ent;
2018 int ret, lease_limit;
2019 isc_result_t status;
2023 if (ldap_method == LDAP_METHOD_STATIC)
2031 snprintf (buf,
sizeof (buf),
2032 "(&(objectClass=dhcpSubClass)(cn=%s)(dhcpClassData=%s))",
2035 #if defined (DEBUG_LDAP)
2036 log_info (
"Searching LDAP for %s", buf);
2040 for (curr = ldap_service_dn_head;
2041 curr != NULL && *curr->dn !=
'\0';
2044 #if defined (DEBUG_LDAP)
2045 log_info (
"Searching for %s in LDAP tree %s", buf, curr->dn);
2047 ret = ldap_search_ext_s (ld, curr->dn, LDAP_SCOPE_SUBTREE, buf, NULL, 0,
2048 NULL, NULL, NULL, 0, &res);
2050 if(ret == LDAP_SERVER_DOWN)
2052 log_info (
"LDAP server was down, trying to reconnect...");
2059 log_info (
"LDAP reconnect failed - try again later...");
2063 ret = ldap_search_ext_s (ld, curr->dn, LDAP_SCOPE_SUBTREE, buf,
2064 NULL, 0, NULL, NULL, NULL, 0, &res);
2067 if (ret == LDAP_SUCCESS)
2069 if( (ent = ldap_first_entry (ld, res)) != NULL)
2072 #if defined (DEBUG_LDAP)
2073 log_info (
"No subclass entry for %s in LDAP tree %s",
2090 if (ret != LDAP_NO_SUCH_OBJECT && ret != LDAP_SUCCESS)
2092 log_error (
"Cannot search for %s in LDAP tree %s: %s", buf,
2093 curr->dn, ldap_err2string (ret));
2097 #if defined (DEBUG_LDAP)
2100 log_info (
"ldap_search_ext_s returned %s when searching for %s in %s",
2101 ldap_err2string (ret), buf, curr->dn);
2109 #if defined (DEBUG_LDAP)
2110 char *dn = ldap_get_dn (ld, ent);
2113 log_info (
"Found subclass LDAP entry %s", dn);
2118 status = class_allocate (newclass,
MDL);
2119 if (status != ISC_R_SUCCESS)
2121 log_error (
"Cannot allocate memory for a new class");
2127 class_reference (&(*newclass)->superclass,
class,
MDL);
2128 lease_limit = ldap_parse_options (ent, (*newclass)->group,
2130 if (lease_limit == 0)
2131 (*newclass)->lease_limit =
class->lease_limit;
2133 class->lease_limit = lease_limit;
2135 if ((*newclass)->lease_limit)
2137 (*newclass)->billed_leases =
2139 if (!(*newclass)->billed_leases)
2142 class_dereference (newclass,
MDL);
2146 memset ((*newclass)->billed_leases, 0,
2147 ((*newclass)->lease_limit * sizeof (
struct lease *)));
2156 if(res) ldap_msgfree (res);
struct binding_scope * global_scope
isc_result_t end_parse(struct parse **cfile)
void * dmalloc(unsigned, const char *, int)
struct universe server_universe
char * print_hw_addr(int htype, const int hlen, const unsigned char *data) const
#define print_hex_1(len, data, limit)
int group_reference(struct group **ptr, struct group *bp, const char *file, int line)
void data_string_forget(struct data_string *data, const char *file, int line)
struct group * root_group
int log_error(const char *,...) __attribute__((__format__(__printf__
enum dhcp_token peek_token(const char **rval, unsigned *rlen, struct parse *cfile)
void log_fatal(const char *,...) __attribute__((__format__(__printf__
isc_result_t krb5_get_tgt(const char *, const char *)
void execute_statements_in_scope(struct binding_value **result, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *out_options, struct binding_scope **scope, struct group *group, struct group *limiting_group, struct on_star *on_star)
int option_state_allocate(struct option_state **ptr, const char *file, int line)
int evaluate_option_cache(struct data_string *result, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *cfg_options, struct binding_scope **scope, struct option_cache *oc, const char *file, int line)
void dfree(void *, const char *, int)
struct option_cache * lookup_option(struct universe *universe, struct option_state *options, unsigned code)
int int log_info(const char *,...) __attribute__((__format__(__printf__
int parse_statement(struct parse *, struct group *, int, struct host_decl *, int)
int option_state_dereference(struct option_state **ptr, const char *file, int line)
#define print_hex_2(len, data, limit)
const unsigned char * data
isc_result_t conf_file_subparse(struct parse *, struct group *, int)
void data_string_copy(struct data_string *dest, const struct data_string *src, const char *file, int line)
int clone_group(struct group **gp, struct group *group, const char *file, int line)
isc_result_t new_parse(struct parse **cfile, int file, char *inbuf, unsigned buflen, const char *name, int eolp)