From: Bert Hubert <bert.hubert@netherlabs.nl>
Date: Sun, 9 Mar 2008 15:23:12 +0000 (+0000)
Subject: Norbert has added support for far more record types to LDAP, plus Debian supplied... 
X-Git-Tag: rec-3.1.7.1~89
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=45480ad8a7826087bc8d9ba238a60aec4d29c84c;p=pdns

Norbert has added support for far more record types to LDAP, plus Debian supplied improvements to 'PowerLDAP', plus improved autoconf detection of ldap


git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1152 d19b8d6e-7fed-0310-83ef-9ca221ded41b
---

diff --git a/modules/ldapbackend/Makefile.am b/modules/ldapbackend/Makefile.am
index 0df473127..8709848bb 100644
--- a/modules/ldapbackend/Makefile.am
+++ b/modules/ldapbackend/Makefile.am
@@ -1,15 +1,8 @@
 AM_CPPFLAGS=@THREADFLAGS@
 
-EXTRA_DIST=OBJECTFILES OBJECTLIBS
+EXTRA_DIST = OBJECTFILES OBJECTLIBS
 
 lib_LTLIBRARIES = libldapbackend.la
-libldapbackend_la_CPPFLAGS = -DLDAP_DEPRECATED
-libldapbackend_la_LIBADD = -lldap
-libldapbackend_la_LDFLAGS=-module -avoid-version
-libldapbackend_la_SOURCES = \
-	ldapbackend.cc ldapbackend.hh \
-	powerldap.hh powerldap.cc \
-	utils.hh
-
-
-
+libldapbackend_la_SOURCES = ldapbackend.cc ldapbackend.hh powerldap.hh powerldap.cc utils.hh
+libldapbackend_la_LDFLAGS =-module -avoid-version
+libldapbackend_la_LIBADD =-l@LIBLDAP@
diff --git a/modules/ldapbackend/OBJECTLIBS b/modules/ldapbackend/OBJECTLIBS
index c3182da53..a787b8d2b 100644
--- a/modules/ldapbackend/OBJECTLIBS
+++ b/modules/ldapbackend/OBJECTLIBS
@@ -1 +1 @@
--lldap
\ No newline at end of file
+-lldap_r
\ No newline at end of file
diff --git a/modules/ldapbackend/ldapbackend.cc b/modules/ldapbackend/ldapbackend.cc
index 42f65905f..14e12ad31 100644
--- a/modules/ldapbackend/ldapbackend.cc
+++ b/modules/ldapbackend/ldapbackend.cc
@@ -131,7 +131,7 @@ inline bool LdapBackend::list_simple( const string& target, int domain_id )
 	qesc = toLower( m_pldap->escape( target ) );
 
 	// search for SOARecord of target
-	filter = strbind( ":target:", "associatedDomain=" + qesc, getArg( "filter-axfr" ) );
+	filter = strbind( ":target:", "&(associatedDomain=" + qesc + ")(sOARecord=*)", getArg( "filter-axfr" ) );
 	m_msgid = m_pldap->search( dn, LDAP_SCOPE_SUBTREE, filter, (const char**) ldap_attrany );
 	m_pldap->getSearchEntry( m_msgid, m_result, true );
 
diff --git a/modules/ldapbackend/ldapbackend.hh b/modules/ldapbackend/ldapbackend.hh
index 354c82699..aefb2216b 100644
--- a/modules/ldapbackend/ldapbackend.hh
+++ b/modules/ldapbackend/ldapbackend.hh
@@ -49,6 +49,11 @@ using std::vector;
 
 
 
+/*
+ *  Known DNS RR types
+ *  Types which aren't active are currently not supported by PDNS
+ */
+
 static const char* ldap_attrany[] = {
 	"associatedDomain",
 	"dNSTTL",
@@ -61,15 +66,27 @@ static const char* ldap_attrany[] = {
 	"mXRecord",
 	"tXTRecord",
 	"rPRecord",
+	"aFSDBRecord",
 //	"SigRecord",
-//	"KeyRecord",
+	"KeyRecord",
+//	"gPosRecord",
 	"aAAARecord",
 	"lOCRecord",
-//	"nXTRecord",
 	"sRVRecord",
 	"nAPTRRecord",
-//	"kXRecord",
-//	"certRecord",
+	"kXRecord",
+	"certRecord",
+//	"a6Record",
+//	"dNameRecord",
+//	"aPLRecord",
+	"dSRecord",
+	"sSHFPRecord",
+	"iPSecKeyRecord",
+	"rRSIGRecord",
+	"nSECRecord",
+	"dNSKeyRecord",
+	"dHCIDRecord",
+	"sPFRecord",
 	"modifyTimestamp",
 	NULL
 };
diff --git a/modules/ldapbackend/powerldap.cc b/modules/ldapbackend/powerldap.cc
index 76e49440d..938c02835 100644
--- a/modules/ldapbackend/powerldap.cc
+++ b/modules/ldapbackend/powerldap.cc
@@ -1,42 +1,59 @@
 #include "powerldap.hh"
-// for timeval
+#include <pdns/misc.hh>
 #include <sys/time.h>
 
 
+
 PowerLDAP::PowerLDAP( const string& hosts, uint16_t port, bool tls )
 {
-	int protocol = LDAP_VERSION3;
-
+	int err;
 
-	if( ldap_initialize( &d_ld, hosts.c_str() ) != LDAP_SUCCESS )
+#ifdef HAVE_LDAP_INITIALIZE
+	if( ( err = ldap_initialize( &d_ld, hosts.c_str() ) ) != LDAP_SUCCESS )
 	{
-		if( ( d_ld = ldap_init( hosts.c_str(), port ) ) == NULL )
+		string ldapuris;
+		vector<string> uris;
+		stringtok( uris, hosts );
+
+		for( size_t i = 0; i < uris.size(); i++ )
 		{
-			throw LDAPException( "Error initializing LDAP connection: " + string( strerror( errno ) ) );
+			ldapuris += " ldap://" + uris[i];
 		}
 
-		if( tls && ldap_start_tls_s( d_ld, NULL, NULL ) != LDAP_SUCCESS )
+		if( ( err = ldap_initialize( &d_ld, ldapuris.c_str() ) ) != LDAP_SUCCESS )
 		{
-			ldap_unbind( d_ld );
-			throw( LDAPException( "Couldn't perform STARTTLS" ) );
+				throw LDAPException( "Error initializing LDAP connection to '" + ldapuris + ": " + getError( err ) );
 		}
 	}
+#else
+	if( ( d_ld = ldap_init( hosts.c_str(), port ) ) == NULL )
+	{
+		throw LDAPException( "Error initializing LDAP connection to '" + hosts + "': " + string( strerror( errno ) ) );
+	}
+#endif
 
+	int protocol = LDAP_VERSION3;
 	if( ldap_set_option( d_ld, LDAP_OPT_PROTOCOL_VERSION, &protocol ) != LDAP_OPT_SUCCESS )
 	{
 		protocol = LDAP_VERSION2;
 		if( ldap_set_option( d_ld, LDAP_OPT_PROTOCOL_VERSION, &protocol ) != LDAP_OPT_SUCCESS )
 		{
-			ldap_unbind( d_ld );
+			ldap_unbind_ext( d_ld, NULL, NULL );
 			throw LDAPException( "Couldn't set protocol version to LDAPv3 or LDAPv2" );
 		}
 	}
+
+	if( tls && ( err = ldap_start_tls_s( d_ld, NULL, NULL ) ) != LDAP_SUCCESS )
+	{
+		ldap_unbind_ext( d_ld, NULL, NULL );
+		throw LDAPException( "Couldn't perform STARTTLS: " + getError( err ) );
+	}
 }
 
 
 PowerLDAP::~PowerLDAP()
 {
-	ldap_unbind( d_ld );
+	ldap_unbind_ext( d_ld, NULL, NULL );
 }
 
 
@@ -62,31 +79,45 @@ void PowerLDAP::bind( const string& ldapbinddn, const string& ldapsecret, int me
 {
 	int msgid;
 
+#ifdef HAVE_LDAP_SASL_BIND
+	int rc;
+	struct berval passwd;
+
+	passwd.bv_val = (char *)ldapsecret.c_str();
+	passwd.bv_len = strlen( passwd.bv_val );
+
+	if( ( rc = ldap_sasl_bind( d_ld, ldapbinddn.c_str(), LDAP_SASL_SIMPLE, &passwd, NULL, NULL, &msgid ) ) != LDAP_SUCCESS )
+	{
+		throw LDAPException( "Failed to bind to LDAP server: " + getError( rc ) );
+	}
+#else
 	if( ( msgid = ldap_bind( d_ld, ldapbinddn.c_str(), ldapsecret.c_str(), method ) ) == -1 )
 	{
 		throw LDAPException( "Failed to bind to LDAP server: " + getError( msgid ) );
 	}
+#endif
 
 	waitResult( msgid, timeout, NULL );
 }
 
 
+/**
+ * Depricated, use PowerLDAP::bind() instead
+ */
+
 void PowerLDAP::simpleBind( const string& ldapbinddn, const string& ldapsecret )
 {
-	int err;
-	if( ( err = ldap_simple_bind_s( d_ld, ldapbinddn.c_str(), ldapsecret.c_str() ) ) != LDAP_SUCCESS )
-	{
-		throw LDAPException( "Failed to bind to LDAP server: " + getError( err ) );
-	}
+	this->bind( ldapbinddn, ldapsecret, LDAP_AUTH_SIMPLE, 30 );
 }
 
 
 int PowerLDAP::search( const string& base, int scope, const string& filter, const char** attr )
 {
-	int msgid;
-	if( ( msgid = ldap_search( d_ld, base.c_str(), scope, filter.c_str(), const_cast<char**> (attr), 0 ) ) == -1 )
+	int msgid, rc;
+
+	if( ( rc = ldap_search_ext( d_ld, base.c_str(), scope, filter.c_str(), const_cast<char**> (attr), 0, NULL, NULL, NULL, LDAP_NO_LIMIT, &msgid ) ) != LDAP_SUCCESS )
 	{
-		throw LDAPException( "Starting LDAP search: " + getError() );
+		throw LDAPException( "Starting LDAP search: " + getError( rc ) );
 	}
 
 	return msgid;
@@ -209,14 +240,9 @@ void PowerLDAP::getSearchResults( int msgid, sresult_t& result, bool dn, int tim
 
 const string PowerLDAP::getError( int rc )
 {
-	int ld_errno = rc;
-
-	if( ld_errno == -1 )
-	{
-		getOption( LDAP_OPT_ERROR_NUMBER, &ld_errno );
-	}
+	if( rc == -1 ) { getOption( LDAP_OPT_ERROR_NUMBER, &rc ); }
 
-	return ldap_err2string( ld_errno );
+	return string( ldap_err2string( rc ) );;
 }