diff options
Diffstat (limited to 'src/ldap_helper.c')
-rw-r--r-- | src/ldap_helper.c | 93 |
1 files changed, 69 insertions, 24 deletions
diff --git a/src/ldap_helper.c b/src/ldap_helper.c index 60b2675..99a8fab 100644 --- a/src/ldap_helper.c +++ b/src/ldap_helper.c @@ -43,6 +43,7 @@ #include <string.h> #include <strings.h> +#include "acl.h" #include "ldap_convert.h" #include "ldap_helper.h" #include "log.h" @@ -144,6 +145,7 @@ struct ldap_instance { struct ldap_entry { LDAPMessage *entry; + char *dn; ldap_attribute_t *last_attr; ldap_attribute_list_t attributes; LINK(ldap_entry_t) link; @@ -186,7 +188,8 @@ static isc_result_t new_ldap_instance(ldap_db_t *ldap_db, ldap_instance_t **ldap_instp); static void destroy_ldap_instance(ldap_instance_t **ldap_instp); static isc_result_t add_or_modify_zone(ldap_db_t *ldap_db, const char *dn, - const char *db_name, dns_zonemgr_t *zmgr); + const char *db_name, const char *update_str, + dns_zonemgr_t *zmgr); static isc_result_t findrdatatype_or_create(isc_mem_t *mctx, ldapdb_rdatalist_t *rdatalist, ldap_entry_t *entry, @@ -222,9 +225,12 @@ static void free_query_cache(ldap_instance_t *inst); static void free_ldap_attributes(isc_mem_t *mctx, ldap_entry_t *entry); static void free_ldap_values(isc_mem_t *mctx, ldap_attribute_t *attr); +static const char * get_dn(ldap_instance_t *ldap_inst, ldap_entry_t *entry); +#if 0 static const LDAPMessage *next_entry(ldap_instance_t *inst); static const char *get_dn(ldap_instance_t *inst); +#endif static ldap_instance_t * get_connection(ldap_db_t *ldap_db); static void put_connection(ldap_instance_t *ldap_inst); @@ -459,8 +465,9 @@ refresh_zones_from_ldap(ldap_db_t *ldap_db, const char *name, { isc_result_t result = ISC_R_SUCCESS; ldap_instance_t *ldap_inst; + ldap_entry_t *entry; char *attrs[] = { - "idnsName", NULL + "idnsName", "idnsUpdatePolicy", NULL }; REQUIRE(ldap_db != NULL); @@ -471,10 +478,30 @@ refresh_zones_from_ldap(ldap_db_t *ldap_db, const char *name, ldap_inst = get_connection(ldap_db); ldap_query(ldap_inst, str_buf(ldap_db->base), LDAP_SCOPE_SUBTREE, - attrs, 0, "(objectClass=idnsZone)"); + attrs, 0, "(&(objectClass=idnsZone)(idnsZoneActive=True))"); + CHECK(cache_query_results(ldap_inst)); - while (next_entry(ldap_inst)) - CHECK(add_or_modify_zone(ldap_db, get_dn(ldap_inst), name, zmgr)); + for (entry = HEAD(ldap_inst->ldap_entries); + entry != NULL; + entry = NEXT(entry, link)) { + const char *dn; + const char *update_str = NULL; + ldap_value_list_t values; + + dn = get_dn(ldap_inst, entry); + + /* Look if there's an update policy. */ + result = get_values(entry, "idnsUpdatePolicy", &values); + if (result == ISC_R_SUCCESS) + update_str = HEAD(values)->value; + + result = add_or_modify_zone(ldap_db, dn, name, update_str, + zmgr); + + /* TODO: move this to the add_or_modify_zone() */ + if (result != ISC_R_SUCCESS) + log_error("failed to add/modify zone %s", dn); + } cleanup: put_connection(ldap_inst); @@ -485,6 +512,20 @@ cleanup: } static const char * +get_dn(ldap_instance_t *ldap_inst, ldap_entry_t *entry) +{ + if (entry->dn) { + ldap_memfree(entry->dn); + entry->dn = NULL; + } + if (ldap_inst->handle) + entry->dn = ldap_get_dn(ldap_inst->handle, entry->entry); + + return entry->dn; +} + +#if 0 +static const char * get_dn(ldap_instance_t *inst) { if (inst->dn) { @@ -498,7 +539,7 @@ get_dn(ldap_instance_t *inst) return inst->dn; } - +#endif void string_deleter(void *arg1, void *arg2) @@ -568,14 +609,10 @@ add_zone_dn(ldap_db_t *ldap_db, dns_name_t *name, const char *dn) /* Now add it. */ CHECK(dns_rbt_addname(rbt, name, (void *)new_dn)); - RWUNLOCK(&ldap_db->zone_rwlock, isc_rwlocktype_write); - - return ISC_R_SUCCESS; - cleanup: RWUNLOCK(&ldap_db->zone_rwlock, isc_rwlocktype_write); - if (new_dn) + if (result != ISC_R_SUCCESS && new_dn != NULL) isc_mem_free(ldap_db->mctx, new_dn); return result; @@ -584,12 +621,11 @@ cleanup: /* FIXME: Better error handling. */ static isc_result_t add_or_modify_zone(ldap_db_t *ldap_db, const char *dn, const char *db_name, - dns_zonemgr_t *zmgr) + const char *update_str, dns_zonemgr_t *zmgr) { isc_result_t result; dns_zone_t *zone; dns_name_t name; - dns_acl_t *updateacl = NULL; const char *argv[2]; REQUIRE(ldap_db != NULL); @@ -613,12 +649,6 @@ add_or_modify_zone(ldap_db_t *ldap_db, const char *dn, const char *db_name, dns_zone_setclass(zone, dns_rdataclass_in); dns_zone_settype(zone, dns_zone_master); CHECK(dns_zone_setdbtype(zone, 2, argv)); - - /* XXX Temporary set update ACLs to any */ - CHECK(dns_acl_any(ldap_db->mctx, &updateacl)); - dns_zone_setupdateacl(zone, updateacl); - dns_acl_detach(&updateacl); - CHECK(dns_zonemgr_managezone(zmgr, zone)); CHECK(dns_view_addzone(ldap_db->view, zone)); CHECK(add_zone_dn(ldap_db, &name, dn)); @@ -626,6 +656,9 @@ add_or_modify_zone(ldap_db_t *ldap_db, const char *dn, const char *db_name, goto cleanup; } + /* Set simple update table. */ + CHECK(acl_configure_zone_ssutable(update_str, zone)); + /* * ACLs: * dns_zone_setqueryacl() @@ -1322,6 +1355,8 @@ free_query_cache(ldap_instance_t *inst) next = NEXT(entry, link); UNLINK(inst->ldap_entries, entry, link); free_ldap_attributes(inst->database->mctx, entry); + if (entry->dn != NULL) + ldap_memfree(entry->dn); isc_mem_put(inst->database->mctx, entry, sizeof(*entry)); entry = next; } @@ -1360,6 +1395,7 @@ free_ldap_values(isc_mem_t *mctx, ldap_attribute_t *attr) } } +#if 0 /* FIXME: this function is obsolete, remove. */ static const LDAPMessage * next_entry(ldap_instance_t *inst) @@ -1378,6 +1414,7 @@ next_entry(ldap_instance_t *inst) return inst->entry; } +#endif #if 0 /* FIXME: Not tested. */ @@ -1536,11 +1573,16 @@ ldap_modify_do(ldap_instance_t *ldap_inst, const char *dn, LDAPMod **mods) REQUIRE(dn != NULL); REQUIRE(mods != NULL); - log_debug(2, "writing to to '%s'", dn); + log_debug(2, "writing to '%s'", dn); ret = ldap_modify_ext_s(ldap_inst->handle, dn, mods, NULL, NULL); if (ret != LDAP_SUCCESS) { - log_error("error writing to ldap: %s", ldap_err2string(ret)); + int err_code; + + ldap_get_option(ldap_inst->handle, LDAP_OPT_RESULT_CODE, + &err_code); + log_error("error writing to ldap: %s", + ldap_err2string(err_code)); return ISC_R_FAILURE; } @@ -1678,11 +1720,14 @@ modify_ldap_common(dns_name_t *owner, ldap_db_t *ldap_db, { isc_result_t result; isc_mem_t *mctx; - ldap_instance_t *ldap_inst; + ldap_instance_t *ldap_inst = NULL; ld_string_t *owner_dn = NULL; - LDAPMod *change[2]; + LDAPMod *change[2] = { NULL, NULL }; - change[0] = change[1] = NULL; + if (rdlist->type == dns_rdatatype_soa) { + result = ISC_R_SUCCESS; + goto cleanup; + } mctx = ldap_db->mctx; ldap_inst = get_connection(ldap_db); |