Mirrors/ldap2dns
1
0
Fork 0
mirror of https://github.com/bklang/ldap2dns.git synced 2025-10-27 06:14:15 -04:00
Code Issues Packages Projects Releases Wiki Activity

* Replaced deprecated ldap_bind_s function call

Browse Source 
* Improved sanity checking (won't seg if -o isn't passed now)
* Added version number to data output


git-svn-id: https://svn.alkaloid.net/gpl/ldap2dns/trunk@318 06cd67b6-e706-0410-b29e-9de616bca6e9
This commit is contained in:
Ben Klang
2006-06-03 20:40:15 +00:00
parent 221e666036
commit 610105004f
1 changed files with 66 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
ldap2dns.c
View File

@@ -109,6 +109,7 @@ static struct
unsigned short port[MAXHOSTS]; unsigned short port[MAXHOSTS];
char password[128]; char password[128];
int usedhosts; int usedhosts;
int useduris;
int is_daemon; int is_daemon;
unsigned int update_iv; unsigned int update_iv;
unsigned int output; unsigned int output;
@@ -167,7 +168,7 @@ static void print_usage(void)
printf(" -o db\t\tGenerate a BIND compatible zone files\n"); printf(" -o db\t\tGenerate a BIND compatible zone files\n");
printf(" -L [filename]\tPrint output in LDIF format for reimport\n"); printf(" -L [filename]\tPrint output in LDIF format for reimport\n");
printf(" -h host\tHostname of LDAP server, defaults to localhost\n"); printf(" -h host\tHostname of LDAP server, defaults to localhost\n");
printf(" -p port\tPortnumber to connect to LDAP server, defaults to %d\n", LDAP_PORT); printf(" -p port\tPort number to connect to LDAP server, defaults to %d\n", LDAP_PORT);
printf(" -H hostURI\tURI (ldap://hostname or ldaps://hostname of LDAP server\n"); printf(" -H hostURI\tURI (ldap://hostname or ldaps://hostname of LDAP server\n");
printf(" -u numsecs\tUpdate DNS data after numsecs. Defaults to %d. Daemon mode only\n\t\t", UPDATE_INTERVAL); printf(" -u numsecs\tUpdate DNS data after numsecs. Defaults to %d. Daemon mode only\n\t\t", UPDATE_INTERVAL);
printf("\n"); printf("\n");
@@ -185,6 +186,7 @@ static void parse_hosts(char* buf)
char value[128], rest[512]; char value[128], rest[512];
options.usedhosts = 0; options.usedhosts = 0;
options.useduris = 0;
for (i = 0; i<MAXHOSTS; i++) { for (i = 0; i<MAXHOSTS; i++) {
if (!strncasecmp(buf, "ldaps://", 8) || !strncasecmp(buf, "ldap://", 7)) { if (!strncasecmp(buf, "ldaps://", 8) || !strncasecmp(buf, "ldap://", 7)) {
// LDAP-URI is given/found, at the moment only the standard-ports 389 and 636 are supported // LDAP-URI is given/found, at the moment only the standard-ports 389 and 636 are supported
@@ -194,7 +196,7 @@ static void parse_hosts(char* buf)
strncpy(options.urildap[i], value, sizeof(options.urildap[i])); strncpy(options.urildap[i], value, sizeof(options.urildap[i]));
options.urildap[i][ sizeof(options.urildap[i]) -1 ] = '\0'; options.urildap[i][ sizeof(options.urildap[i]) -1 ] = '\0';
options.usedhosts++; options.useduris++;
if (k==1) if (k==1)
break; break;
buf = rest; buf = rest;
@@ -315,7 +317,7 @@ static int parse_options()
case 'H': case 'H':
strncpy(options.urildap[0], optarg, sizeof(options.urildap[0])); strncpy(options.urildap[0], optarg, sizeof(options.urildap[0]));
options.urildap[0][ sizeof( options.urildap[0] ) -1 ] = '\0'; options.urildap[0][ sizeof( options.urildap[0] ) -1 ] = '\0';
options.usedhosts = 1; options.useduris = 1;
break; break;
case 'L': case 'L':
if (optarg==NULL) if (optarg==NULL)
@@ -326,10 +328,11 @@ static int parse_options()
} }
break; break;
case 'o': case 'o':
options.output = 0;
if (strcmp(optarg, "data")==0) if (strcmp(optarg, "data")==0)
options.output |= OUTPUT_DATA; options.output = OUTPUT_DATA;
else if (strcmp(optarg, "db")==0) else if (strcmp(optarg, "db")==0)
options.output |= OUTPUT_DB; options.output = OUTPUT_DB;
break; break;
case 'p': case 'p':
if (sscanf(optarg, "%hd", &options.port[0])!=1) if (sscanf(optarg, "%hd", &options.port[0])!=1)
@@ -722,7 +725,7 @@ static void write_zone(void)
zone.domainname, zone.class, zone.domainname); zone.domainname, zone.class, zone.domainname);
} }
if (namedzone) { if (namedzone) {
fprintf(namedzone, "; Automatically generated by ldap2dns - DO NOT EDIT!\n"); fprintf(namedzone, "; Automatically generated by ldap2dns v%s - DO NOT EDIT!\n", VERSION);
if (zone.ttl[0]) if (zone.ttl[0])
fprintf(namedzone, "$TTL %s\n", zone.ttl); fprintf(namedzone, "$TTL %s\n", zone.ttl);
else else
@@ -776,9 +779,9 @@ static void read_dnszones(void)
int ldaperr; int ldaperr;
if (tinyfile) if (tinyfile)
fprintf(tinyfile, "# Automatically generated by ldap2dns - DO NOT EDIT!\n"); fprintf(tinyfile, "# Automatically generated by ldap2dns v%s - DO NOT EDIT!\n", VERSION);
if (namedmaster) if (namedmaster)
fprintf(namedmaster, "# Automatically generated by ldap2dns - DO NOT EDIT!\n"); fprintf(namedmaster, "# Automatically generated by ldap2dns v%s - DO NOT EDIT!\n", VERSION);
if ( (ldaperr = ldap_search_s(ldap_con, options.searchbase[0] ? options.searchbase : NULL, LDAP_SCOPE_SUBTREE, "objectclass=DNSzone", NULL, 0, &res))!=LDAP_SUCCESS ) if ( (ldaperr = ldap_search_s(ldap_con, options.searchbase[0] ? options.searchbase : NULL, LDAP_SCOPE_SUBTREE, "objectclass=DNSzone", NULL, 0, &res))!=LDAP_SUCCESS )
die_ldap(ldaperr); die_ldap(ldaperr);
for (m = ldap_first_entry(ldap_con, res); m; m = ldap_next_entry(ldap_con, m)) { for (m = ldap_first_entry(ldap_con, res); m; m = ldap_next_entry(ldap_con, m)) {
@@ -918,7 +921,7 @@ static void read_loccodes(void)
int ldaperr; int ldaperr;
if (tinyfile) if (tinyfile)
fprintf(tinyfile, "# Location Codes (if any) - generated by ldap2dns - DO NOT EDIT!\n"); fprintf(tinyfile, "# Location Codes (if any) - generated by ldap2dns v%s - DO NOT EDIT!\n", VERSION);
if ( (ldaperr = ldap_search_s(ldap_con, options.searchbase[0] ? options.searchbase : NULL, if ( (ldaperr = ldap_search_s(ldap_con, options.searchbase[0] ? options.searchbase : NULL,
LDAP_SCOPE_SUBTREE, LDAP_SCOPE_SUBTREE,
@@ -989,50 +992,73 @@ static void read_loccodes(void)
static int do_connect() static int do_connect()
{ {
int i, version, res; int i, version, res;
if (options.usedhosts < 1) { struct berval* creds = malloc(sizeof(struct berval));
struct berval* msgid = malloc(sizeof(struct berval));
if (options.useduris < 1) {
fprintf(stderr, "\n[!!] Must define at least one LDAP host with which to connect.\n\n"); fprintf(stderr, "\n[!!] Must define at least one LDAP host with which to connect.\n\n");
print_usage(); print_usage();
exit(1); exit(1);
} }
for (i = 0; i<options.usedhosts; i++) { for (i = 0; i<options.useduris; i++) {
if ( strlen(options.urildap[i]) > 0) { if ( strlen(options.urildap[i]) > 0) {
res = ldap_initialize(&ldap_con, options.urildap[i]); res = ldap_initialize(&ldap_con, options.urildap[i]);
if (options.verbose&1 && res == LDAP_SUCCESS) { if (options.verbose&1 && res == LDAP_SUCCESS) {
printf("ldap_initialization successful (%s)\n", options.urildap[i]); printf("ldap_initialization successful (%s)\n", options.urildap[i]);
} else if ( res != LDAP_SUCCESS ) { } else if ( res != LDAP_SUCCESS ) {
printf("ldap_initialization to %s failed %d\n", options.urildap[i], ldap_err2string(res)); fprintf(stderr, "ldap_initialization to %s failed %d\n", options.urildap[i], ldap_err2string(res));
ldap_con = NULL; ldap_con = NULL;
return res; return res;
} }
version = LDAP_VERSION3; version = LDAP_VERSION3;
if ( (res = ldap_set_option(ldap_con, LDAP_OPT_PROTOCOL_VERSION, &version)) != LDAP_SUCCESS ) { if ( (res = ldap_set_option(ldap_con, LDAP_OPT_PROTOCOL_VERSION, &version)) != LDAP_SUCCESS ) {
printf("ldap_set_option to %s failed with err %s!\n", options.urildap[i], ldap_err2string(res)); fprintf(stderr, "ldap_set_option to %s failed with err %s!\n", options.urildap[i], ldap_err2string(res));
ldap_con = NULL; ldap_con = NULL;
return res; return res;
} }
if ( options.use_tls[i] && (res = ldap_start_tls_s( ldap_con, NULL, NULL )) != LDAP_SUCCESS ) { if ( options.use_tls[i] && (res = ldap_start_tls_s( ldap_con, NULL, NULL )) != LDAP_SUCCESS ) {
printf("ldap_start_tls_s to %s failed with err %s!\n", options.urildap[i], ldap_err2string(res)); fprintf(stderr, "ldap_start_tls_s to %s failed with err %s!\n", options.urildap[i], ldap_err2string(res));
ldap_con = NULL; ldap_con = NULL;
return res; return res;
} }
} else {
ldap_con = ldap_init(options.hostname[i], options.port[i]); // Yes, you really do use ldap_sasl_bind_s() when doing a simple
res = ldap_simple_bind_s(ldap_con, options.binddn, options.password); // bind. This is apparently the "new" way, if not entirely obvious
if (res == LDAP_SUCCESS) { if (strlen(options.binddn)) {
if (options.verbose&1 && strlen(options.urildap[i]) > 0) { if (strlen(options.password)) {
printf("Connected to %s as \"%s\"\n", options.urildap[i], options.binddn); creds->bv_len = strlen(options.password);
} else if (options.verbose&1) { creds->bv_val = options.password;
printf("Connected to %s:%d as \"%s\"\n", options.hostname[i], options.port[i], options.binddn); }
// FIXME: Allow *real* SASL binds
if ((res = ldap_sasl_bind_s(ldap_con, options.binddn, NULL, creds, NULL, NULL, &msgid)) != LDAP_SUCCESS) {
fprintf(stderr, "LDAP bind problem:\n\t%s\n", ldap_err2string(res));
fprintf(stderr, "Attempting to continue with anonymous credentials.");
res = LDAP_SUCCESS;
} }
return res;
} }
} }
} }
ldap_con = NULL;
return res; return res;
} }
void hosts2uri(void)
{
int i, t;
// Convert any old host:port sets into URIs. This allows us
// to use the more modern ldap_initialize() instead of the
// deprecated ldap_init()
for (i = 0; i<options.usedhosts; i++) {
if ( strlen(options.hostname[i]) > 0) {
t = options.useduris++;
snprintf(options.urildap[t],
sizeof(options.urildap[t]),
"ldap://%s:%d",
options.hostname[i],
options.port[i] ? options.port[i] : LDAP_PORT);
}
}
}
int main(int argc, char** argv) int main(int argc, char** argv)
{ {
@@ -1045,6 +1071,19 @@ int main(int argc, char** argv)
main_argv = argv; main_argv = argv;
parse_options(); parse_options();
if (!options.output) {
fprintf(stderr, "[!!]\tMust select an output type (\"db\" or \"data\")\n");
print_usage();
exit(1);
}
if (!strlen(options.searchbase)) {
fprintf(stderr, "[!!]\tMust provide the base DN for the search.\n");
print_usage();
exit(1);
}
/* Initialization complete. If we're in daemon mode, fork and continue */ /* Initialization complete. If we're in daemon mode, fork and continue */
if (options.is_daemon) { if (options.is_daemon) {
if (options.is_daemon==1 && fork()) { if (options.is_daemon==1 && fork()) {
@@ -1060,6 +1099,9 @@ int main(int argc, char** argv)
set_datadir(); set_datadir();
for (;;) { for (;;) {
int ldaperr = -1; int ldaperr = -1;
hosts2uri();
res = do_connect(); res = do_connect();
if (res != LDAP_SUCCESS || ldap_con == NULL) { if (res != LDAP_SUCCESS || ldap_con == NULL) {
fprintf(stderr, "Warning - Problem while connecting to LDAP server:\n\t%s\n", ldap_err2string(res)); fprintf(stderr, "Warning - Problem while connecting to LDAP server:\n\t%s\n", ldap_err2string(res));