Mirrors/ldap2dns
1
0
Fork 0
mirror of https://github.com/bklang/ldap2dns.git synced 2025-10-27 22:34:18 -04:00
Code Issues Packages Projects Releases Wiki Activity

+ Bumped version to 0.3.7

Browse Source 
+ Changed default location of ldap.conf to /etc/ldap.conf
+ Added note on potential security vulns in deprecated/webadmin to README
+ Change port declarations and format strings from int to unsigned short to
  match standards
+ Updated doc/README.html



git-svn-id: https://svn.alkaloid.net/gpl/ldap2dns/trunk@216 06cd67b6-e706-0410-b29e-9de616bca6e9
This commit is contained in:
Ben Klang
2005-12-22 20:35:09 +00:00
parent c06e92bc90
commit 830c3395d3
5 changed files with 762 additions and 337 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
ChangeLog
View File

@@ -1,6 +1,13 @@
# $Id$ # $Id$
Version 0.3.6 (latest) Version 0.3.7 (latest)
+ Changed default location of ldap.conf to /etc/ldap.conf
+ Added note on potential security vulns in deprecated/webadmin to README
+ Changed port declarations/format strings from int to unsigned short
to match standards
+ Updated doc/README.html
Version 0.3.6
+ New maintainer: Ben Klang <ben@alkaloid.net> + New maintainer: Ben Klang <ben@alkaloid.net>
+ Fixed bug with duplicate OIDs in dns.schema from partially applied patch + Fixed bug with duplicate OIDs in dns.schema from partially applied patch
+ Renamed schema file to ldap2dns.schema + Renamed schema file to ldap2dns.schema

15
FAQ
View File

@@ -1,6 +1,8 @@
1) What happened to the webadmin directory? 1) What happened to the webadmin directory?
2005-12-07 bklang 2005-12-22 bklang
** See security note at the end of this section regarding the old webadmin **
I have deprecated that code in favor of another project I am working on. It I have deprecated that code in favor of another project I am working on. It
is called Beatnik and is a Horde framework module. The status of the webadmin is called Beatnik and is a Horde framework module. The status of the webadmin
code was unclear and I was not willing to support it so I deprecated it. I code was unclear and I was not willing to support it so I deprecated it. I
@@ -12,6 +14,17 @@ own. You might also contact the author, Jacob Rief (jacob.rief@tiscover.com)
for more information but he is no longer interested in maintaing this work for more information but he is no longer interested in maintaing this work
so do not depend on him. so do not depend on him.
During a routine code audit on the ldap2dns sources a number of potential LDAP
injection vulnerabilities were discovered. Since this code is deprecated no
attempt to correct these flaws has been made.
IF YOU CHOOSE TO RUN THE DEPRECATED WEBADMIN SOFTWARE: Please take all
necessary steps to secure your environment. The author of this package takes no
responsibility for any problems related to the flawed webadmin code.
Thanks to Erik Cabetas for bringing these issues to my attention.
2) Why have you deprecated all that code? 2) Why have you deprecated all that code?
2005-12-07 bklang 2005-12-07 bklang

3
Makefile
View File

@@ -54,7 +54,8 @@ install: all
install -o root -g root -m 644 ldap2dns.schema $(LDAPCONFDIR)/schema/ install -o root -g root -m 644 ldap2dns.schema $(LDAPCONFDIR)/schema/
clean: clean:
rm -f *.o *.o-dbg ldap2dns ldap2dnsd data* *.db core $(SPECFILE) rm -f *.o *.o-dbg ldap2dns ldap2dns-dbg ldap2dnsd data* *.db core \
$(SPECFILE)
tar: clean tar: clean
cd ..; \ cd ..; \

981
doc/README.html
View File

File diff suppressed because it is too large Load Diff

81
ldap2dns.c
View File

@@ -15,7 +15,7 @@
#include <unistd.h> #include <unistd.h>
#define UPDATE_INTERVALL 59 #define UPDATE_INTERVALL 59
#define LDAP_CONF "/etc/ldap/ldap.conf" #define LDAP_CONF "/etc/ldap.conf"
#define OUTPUT_DATA 1 #define OUTPUT_DATA 1
#define OUTPUT_DB 2 #define OUTPUT_DB 2
#define MAXHOSTS 10 #define MAXHOSTS 10
@@ -100,11 +100,11 @@ static struct
char binddn[128]; char binddn[128];
char hostname[MAXHOSTS][128]; char hostname[MAXHOSTS][128];
char urildap[MAXHOSTS][128]; char urildap[MAXHOSTS][128];
int port[MAXHOSTS]; unsigned short port[MAXHOSTS];
char password[128]; char password[128];
int usedhosts; int usedhosts;
int is_daemon; int is_daemon;
int update_iv; unsigned int update_iv;
unsigned int output; unsigned int output;
int verbose; int verbose;
char ldifname[128]; char ldifname[128];
@@ -172,7 +172,8 @@ static void print_usage(void)
static void parse_hosts(char* buf) static void parse_hosts(char* buf)
{ {
int i, port, k; int i, k;
unsigned short port;
char value[128], rest[512]; char value[128], rest[512];
options.usedhosts = 0; options.usedhosts = 0;
@@ -182,13 +183,15 @@ static void parse_hosts(char* buf)
if (!strncasecmp(buf, "ldap://", 7)) if (!strncasecmp(buf, "ldap://", 7))
options.use_tls[i] = 1; options.use_tls[i] = 1;
if ((k = sscanf(buf, "%128s %512[A-Za-z0-9 .:/_+-]", value, rest))>=1) { if ((k = sscanf(buf, "%128s %512[A-Za-z0-9 .:/_+-]", value, rest))>=1) {
strcpy(options.urildap[i], value); strncpy(options.urildap[i], value, sizeof(options.urildap[i]));
options.urildap[i][ sizeof(options.urildap[i]) -1 ] = '\0';
options.usedhosts++; options.usedhosts++;
if (k==1) if (k==1)
break; break;
buf = rest; buf = rest;
} else break; } else break;
} else if ((k = sscanf(buf, "%128s:%d %512[A-Za-z0-9 .:_+-]", value, &port, rest))>=2) { } else if ((k = sscanf(buf, "%128s:%hd %512[A-Za-z0-9 .:_+-]", value, &port, rest))>=2) {
strcpy(options.hostname[i], value); strcpy(options.hostname[i], value);
options.port[i] = port; options.port[i] = port;
options.usedhosts++; options.usedhosts++;
@@ -221,19 +224,23 @@ static int parse_options()
if (ldap_conf = fopen(LDAP_CONF, "r")) { if (ldap_conf = fopen(LDAP_CONF, "r")) {
while(fgets(buf, 256, ldap_conf)!=0) { while(fgets(buf, 256, ldap_conf)!=0) {
int i; int i;
if (sscanf(buf, "BASE %128s", value)==1) if (sscanf(buf, "BASE %128s", value)==1){
strcpy(options.searchbase, value); strncpy(options.searchbase, value, sizeof(options.searchbase));
options.searchbase[sizeof(options.searchbase) -1] = '\0';
}
if (sscanf(buf, "URI %512[A-Za-z0-9 .:/_+-]", value)==1) if (sscanf(buf, "URI %512[A-Za-z0-9 .:/_+-]", value)==1)
parse_hosts(value); parse_hosts(value);
if (sscanf(buf, "HOST %512[A-Za-z0-9 .:_+-]", value)==1) if (sscanf(buf, "HOST %512[A-Za-z0-9 .:_+-]", value)==1)
parse_hosts(value); parse_hosts(value);
if (sscanf(buf, "PORT %d", &len)==1) if (sscanf(buf, "PORT %hd", &len)==1)
for (i = 0; i<MAXHOSTS; i++) for (i = 0; i<MAXHOSTS; i++)
options.port[i] = len; options.port[i] = len;
if (sscanf(buf, "BINDDN %128s", value)==1) { if (sscanf(buf, "BINDDN %128s", value)==1) {
strcpy(options.binddn, value); strncpy(options.binddn, value, sizeof(options.binddn));
options.binddn[ sizeof(options.binddn) -1] = '\0';
if (sscanf(buf, "BINDPW %128s", value)==1) if (sscanf(buf, "BINDPW %128s", value)==1)
strcpy(options.password, value); strncpy(options.password, value, sizeof(options.password));
options.password[ sizeof(options.password) -1 ] = '\0';
} }
} }
fclose(ldap_conf); fclose(ldap_conf);
@@ -261,10 +268,13 @@ static int parse_options()
} }
ev = getenv("LDAP2DNS_BINDDN"); ev = getenv("LDAP2DNS_BINDDN");
if (ev) { if (ev) {
strncpy(options.binddn, ev, 128); strncpy(options.binddn, ev, sizeof(options.binddn));
options.binddn[ sizeof(options.binddn)-1] = '\0';
ev = getenv("LDAP2DNS_PASSWORD"); ev = getenv("LDAP2DNS_PASSWORD");
if (ev) if (ev){
strncpy(options.password, ev, 128); strncpy(options.password, ev, sizeof(options.password));
options.password[ sizeof(options.password) -1 ] = '\0';
}
} }
options.verbose = 0; options.verbose = 0;
options.ldifname[0] = '\0'; options.ldifname[0] = '\0';
@@ -277,7 +287,8 @@ static int parse_options()
} }
switch (len) { switch (len) {
case 'b': case 'b':
strcpy(options.searchbase, optarg); strncpy(options.searchbase, optarg, sizeof(options.searchbase));
options.searchbase[ sizeof(options.searchbase) -1] = '\0';
break; break;
case 'u': case 'u':
if (sscanf(optarg, "%d", &options.update_iv)!=1) if (sscanf(optarg, "%d", &options.update_iv)!=1)
@@ -285,21 +296,26 @@ static int parse_options()
if (options.update_iv<=0) options.update_iv = 1; if (options.update_iv<=0) options.update_iv = 1;
break; break;
case 'D': case 'D':
strcpy(options.binddn, optarg); strncpy(options.binddn, optarg, sizeof(options.binddn));
options.binddn[ sizeof(options.binddn) -1 ] = '\0';
break; break;
case 'h': case 'h':
strcpy(options.hostname[0], optarg); strncpy(options.hostname[0], optarg, sizeof(options.hostname[0]));
options.hostname[0][ sizeof(options.hostname[0]) -1 ] = '\0';
options.usedhosts = 1; options.usedhosts = 1;
break; break;
case 'H': case 'H':
strcpy(options.urildap[0], optarg); strncpy(options.urildap[0], optarg, sizeof(options.urildap[0]));
options.urildap[0][ sizeof( options.urildap[0] ) -1 ] = '\0';
options.usedhosts = 1; options.usedhosts = 1;
break; break;
case 'L': case 'L':
if (optarg==NULL) if (optarg==NULL)
strcpy(options.ldifname, "-"); strcpy(options.ldifname, "-");
else else{
strcpy(options.ldifname, optarg); strncpy(options.ldifname, optarg, sizeof(options.ldifname));
options.ldifname[ sizeof( options.ldifname ) -1 ] = '\0';
}
break; break;
case 'o': case 'o':
if (strcmp(optarg, "data")==0) if (strcmp(optarg, "data")==0)
@@ -308,7 +324,7 @@ static int parse_options()
options.output |= OUTPUT_DB; options.output |= OUTPUT_DB;
break; break;
case 'p': case 'p':
if (sscanf(optarg, "%d", &options.port[0])!=1) if (sscanf(optarg, "%hd", &options.port[0])!=1)
options.port[0] = LDAP_PORT; options.port[0] = LDAP_PORT;
break; break;
case 'v': case 'v':
@@ -321,11 +337,13 @@ static int parse_options()
print_version(); print_version();
exit(0); exit(0);
case 'w': case 'w':
strcpy(options.password, optarg); strncpy(options.password, optarg, sizeof(options.password));
options.password[ sizeof( options.password ) ] = '\0';
memset(optarg, 'x', strlen(options.password)); memset(optarg, 'x', strlen(options.password));
break; break;
case 'e': case 'e':
strcpy(options.exec_command, optarg); strncpy(options.exec_command, optarg, sizeof(options.exec_command));
options.exec_command[ sizeof( options.exec_command ) -1 ] = '\0';
break; break;
default: default:
print_usage(); print_usage();
@@ -443,9 +461,10 @@ static void write_rr(struct resourcerecord* rr, int ipdx, int znix)
} }
if (ipdx==0 && sscanf(rr->ipaddr[0], "%d.%d.%d.%d", &ip[0], &ip[1], &ip[2], &ip[3])==4) { if (ipdx==0 && sscanf(rr->ipaddr[0], "%d.%d.%d.%d", &ip[0], &ip[1], &ip[2], &ip[3])==4) {
/* lazy user, used DNSipaddr for reverse lookup */ /* lazy user, used DNSipaddr for reverse lookup */
sprintf(buf, "%d.%d.%d.%d.in-addr.arpa", ip[3], ip[2], ip[1], ip[0]); snprintf(buf, sizeof(buf), "%d.%d.%d.%d.in-addr.arpa", ip[3], ip[2], ip[1], ip[0]);
} else { } else {
strcpy(buf, rr->dnsdomainname); strncpy(buf, rr->dnsdomainname, sizeof(buf));
buf[ sizeof(buf) -1 ] = '\0';
} }
if (tinyfile) if (tinyfile)
fprintf(tinyfile, "^%s:%s:%s:%s:%s\n", buf, rr->cname, rr->ttl, rr->timestamp, rr->location); fprintf(tinyfile, "^%s:%s:%s:%s:%s\n", buf, rr->cname, rr->ttl, rr->timestamp, rr->location);
@@ -486,7 +505,7 @@ static void parse_rr(struct resourcerecord* rr)
sscanf(rr->rr, "%16s %16s %64s %64s", rr->class, rr->type, word1, word2); sscanf(rr->rr, "%16s %16s %64s %64s", rr->class, rr->type, word1, word2);
if (strcasecmp(rr->type, "NS")==0) { if (strcasecmp(rr->type, "NS")==0) {
if (sscanf(word1, "%d.%d.%d.%d", &ip[0], &ip[1], &ip[2], &ip[3])==4) { if (sscanf(word1, "%d.%d.%d.%d", &ip[0], &ip[1], &ip[2], &ip[3])==4) {
sprintf(rr->ipaddr[0], "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); snprintf(rr->ipaddr[0], sizeof(rr->ipaddr[0]), "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
} else { } else {
int len = strlen(word1); int len = strlen(word1);
expand_domainname(rr->cname, word1, len); expand_domainname(rr->cname, word1, len);
@@ -495,14 +514,14 @@ static void parse_rr(struct resourcerecord* rr)
if (sscanf(word1, "%s", rr->preference)!=1) if (sscanf(word1, "%s", rr->preference)!=1)
rr->preference[0] = '\0'; rr->preference[0] = '\0';
if (sscanf(word2, "%d.%d.%d.%d", &ip[0], &ip[1], &ip[2], &ip[3])==4) { if (sscanf(word2, "%d.%d.%d.%d", &ip[0], &ip[1], &ip[2], &ip[3])==4) {
sprintf(rr->ipaddr[0], "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); snprintf(rr->ipaddr[0], sizeof(rr->ipaddr[0]), "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
} else { } else {
int len = strlen(word2); int len = strlen(word2);
expand_domainname(rr->cname, word2, len); expand_domainname(rr->cname, word2, len);
} }
} else if (strcasecmp(rr->type, "A")==0) { } else if (strcasecmp(rr->type, "A")==0) {
if (sscanf(word1, "%d.%d.%d.%d", &ip[0], &ip[1], &ip[2], &ip[3])==4) if (sscanf(word1, "%d.%d.%d.%d", &ip[0], &ip[1], &ip[2], &ip[3])==4)
sprintf(rr->ipaddr[0], "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); snprintf(rr->ipaddr[0], sizeof(rr->ipaddr[0]), "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
else else
rr->ipaddr[0][0] = '\0'; rr->ipaddr[0][0] = '\0';
} else if (strcasecmp(rr->type, "PTR")==0) { } else if (strcasecmp(rr->type, "PTR")==0) {
@@ -585,7 +604,7 @@ static void read_resourcerecords(char* dn, int znix)
for (ipaddresses = 0; bvals[ipaddresses] && ipaddresses<256; ipaddresses++) { for (ipaddresses = 0; bvals[ipaddresses] && ipaddresses<256; ipaddresses++) {
rr.ipaddr[ipaddresses][0] = '\0'; rr.ipaddr[ipaddresses][0] = '\0';
if (sscanf(bvals[ipaddresses]->bv_val, "%d.%d.%d.%d", &ip[0], &ip[1], &ip[2], &ip[3])==4) { if (sscanf(bvals[ipaddresses]->bv_val, "%d.%d.%d.%d", &ip[0], &ip[1], &ip[2], &ip[3])==4) {
sprintf(rr.ipaddr[ipaddresses], "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); snprintf(rr.ipaddr[ipaddresses], sizeof(rr.ipaddr[ipaddresses]), "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
if (options.ldifname[0]) if (options.ldifname[0])
fprintf(ldifout, "%s: %s\n", attr, rr.ipaddr[ipaddresses]); fprintf(ldifout, "%s: %s\n", attr, rr.ipaddr[ipaddresses]);
} }
@@ -593,7 +612,7 @@ static void read_resourcerecords(char* dn, int znix)
} else if (strcasecmp(attr, "DNScipaddr")==0) { } else if (strcasecmp(attr, "DNScipaddr")==0) {
int ip[4]; int ip[4];
if (sscanf(bvals[0]->bv_val, "%d.%d.%d.%d", &ip[0], &ip[1], &ip[2], &ip[3])==4) { if (sscanf(bvals[0]->bv_val, "%d.%d.%d.%d", &ip[0], &ip[1], &ip[2], &ip[3])==4) {
sprintf(rr.cipaddr, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); snprintf(rr.cipaddr, sizeof(rr.cipaddr), "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
if (options.ldifname[0]) if (options.ldifname[0])
fprintf(ldifout, "%s: %s\n", attr, rr.cipaddr); fprintf(ldifout, "%s: %s\n", attr, rr.cipaddr);
} }
@@ -855,7 +874,7 @@ static void read_dnszones(void)
printf("zonename: %s\n", zone.domainname); printf("zonename: %s\n", zone.domainname);
if (options.output&OUTPUT_DB) { if (options.output&OUTPUT_DB) {
char namedzonename[128]; char namedzonename[128];
sprintf(namedzonename, "%s.db", zone.domainname); snprintf(namedzonename, sizeof(namedzonename), "%s.db", zone.domainname);
if ( !(namedzone = fopen(namedzonename, "w")) ) if ( !(namedzone = fopen(namedzonename, "w")) )
die_exit("Unable to open db-file for writing"); die_exit("Unable to open db-file for writing");
} }