/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software .
*
* Copyright 1998-2012 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* .
*/
/*
* locate LDAP servers using DNS SRV records.
* Location code based on MIT Kerberos KDC location code.
*/
#include "portable.h"
#include
#include
#include
#include
#include
#include
#include "ldap-int.h"
#ifdef HAVE_ARPA_NAMESER_H
#include
#endif
#ifdef HAVE_RESOLV_H
#include
#endif
int ldap_dn2domain(
LDAP_CONST char *dn_in,
char **domainp)
{
int i, j;
char *ndomain;
LDAPDN dn = NULL;
LDAPRDN rdn = NULL;
LDAPAVA *ava = NULL;
struct berval domain = BER_BVNULL;
static const struct berval DC = BER_BVC("DC");
static const struct berval DCOID = BER_BVC("0.9.2342.19200300.100.1.25");
assert( dn_in != NULL );
assert( domainp != NULL );
*domainp = NULL;
if ( ldap_str2dn( dn_in, &dn, LDAP_DN_FORMAT_LDAP ) != LDAP_SUCCESS ) {
return -2;
}
if( dn ) for( i=0; dn[i] != NULL; i++ ) {
rdn = dn[i];
for( j=0; rdn[j] != NULL; j++ ) {
ava = rdn[j];
if( rdn[j+1] == NULL &&
(ava->la_flags & LDAP_AVA_STRING) &&
ava->la_value.bv_len &&
( ber_bvstrcasecmp( &ava->la_attr, &DC ) == 0
|| ber_bvcmp( &ava->la_attr, &DCOID ) == 0 ) )
{
if( domain.bv_len == 0 ) {
ndomain = LDAP_REALLOC( domain.bv_val,
ava->la_value.bv_len + 1);
if( ndomain == NULL ) {
goto return_error;
}
domain.bv_val = ndomain;
AC_MEMCPY( domain.bv_val, ava->la_value.bv_val,
ava->la_value.bv_len );
domain.bv_len = ava->la_value.bv_len;
domain.bv_val[domain.bv_len] = '\0';
} else {
ndomain = LDAP_REALLOC( domain.bv_val,
ava->la_value.bv_len + sizeof(".") + domain.bv_len );
if( ndomain == NULL ) {
goto return_error;
}
domain.bv_val = ndomain;
domain.bv_val[domain.bv_len++] = '.';
AC_MEMCPY( &domain.bv_val[domain.bv_len],
ava->la_value.bv_val, ava->la_value.bv_len );
domain.bv_len += ava->la_value.bv_len;
domain.bv_val[domain.bv_len] = '\0';
}
} else {
domain.bv_len = 0;
}
}
}
if( domain.bv_len == 0 && domain.bv_val != NULL ) {
LDAP_FREE( domain.bv_val );
domain.bv_val = NULL;
}
ldap_dnfree( dn );
*domainp = domain.bv_val;
return 0;
return_error:
ldap_dnfree( dn );
LDAP_FREE( domain.bv_val );
return -1;
}
int ldap_domain2dn(
LDAP_CONST char *domain_in,
char **dnp)
{
char *domain, *s, *tok_r, *dn, *dntmp;
size_t loc;
assert( domain_in != NULL );
assert( dnp != NULL );
domain = LDAP_STRDUP(domain_in);
if (domain == NULL) {
return LDAP_NO_MEMORY;
}
dn = NULL;
loc = 0;
for (s = ldap_pvt_strtok(domain, ".", &tok_r);
s != NULL;
s = ldap_pvt_strtok(NULL, ".", &tok_r))
{
size_t len = strlen(s);
dntmp = (char *) LDAP_REALLOC(dn, loc + sizeof(",dc=") + len );
if (dntmp == NULL) {
if (dn != NULL)
LDAP_FREE(dn);
LDAP_FREE(domain);
return LDAP_NO_MEMORY;
}
dn = dntmp;
if (loc > 0) {
/* not first time. */
strcpy(dn + loc, ",");
loc++;
}
strcpy(dn + loc, "dc=");
loc += sizeof("dc=")-1;
strcpy(dn + loc, s);
loc += len;
}
LDAP_FREE(domain);
*dnp = dn;
return LDAP_SUCCESS;
}
/*
* Lookup and return LDAP servers for domain (using the DNS
* SRV record _ldap._tcp.domain).
*/
int ldap_domain2hostlist(
LDAP_CONST char *domain,
char **list )
{
#ifdef HAVE_RES_QUERY
#define DNSBUFSIZ (64*1024)
char *request;
char *hostlist = NULL;
int rc, len, cur = 0;
unsigned char reply[DNSBUFSIZ];
assert( domain != NULL );
assert( list != NULL );
if( *domain == '\0' ) {
return LDAP_PARAM_ERROR;
}
request = LDAP_MALLOC(strlen(domain) + sizeof("_ldap._tcp."));
if (request == NULL) {
return LDAP_NO_MEMORY;
}
sprintf(request, "_ldap._tcp.%s", domain);
LDAP_MUTEX_LOCK(&ldap_int_resolv_mutex);
rc = LDAP_UNAVAILABLE;
#ifdef NS_HFIXEDSZ
/* Bind 8/9 interface */
len = res_query(request, ns_c_in, ns_t_srv, reply, sizeof(reply));
# ifndef T_SRV
# define T_SRV ns_t_srv
# endif
#else
/* Bind 4 interface */
# ifndef T_SRV
# define T_SRV 33
# endif
len = res_query(request, C_IN, T_SRV, reply, sizeof(reply));
#endif
if (len >= 0) {
unsigned char *p;
char host[DNSBUFSIZ];
int status;
u_short port;
/* int priority, weight; */
/* Parse out query */
p = reply;
#ifdef NS_HFIXEDSZ
/* Bind 8/9 interface */
p += NS_HFIXEDSZ;
#elif defined(HFIXEDSZ)
/* Bind 4 interface w/ HFIXEDSZ */
p += HFIXEDSZ;
#else
/* Bind 4 interface w/o HFIXEDSZ */
p += sizeof(HEADER);
#endif
status = dn_expand(reply, reply + len, p, host, sizeof(host));
if (status < 0) {
goto out;
}
p += status;
p += 4;
while (p < reply + len) {
int type, class, ttl, size;
status = dn_expand(reply, reply + len, p, host, sizeof(host));
if (status < 0) {
goto out;
}
p += status;
type = (p[0] << 8) | p[1];
p += 2;
class = (p[0] << 8) | p[1];
p += 2;
ttl = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
p += 4;
size = (p[0] << 8) | p[1];
p += 2;
if (type == T_SRV) {
int buflen;
status = dn_expand(reply, reply + len, p + 6, host, sizeof(host));
if (status < 0) {
goto out;
}
/* ignore priority and weight for now */
/* priority = (p[0] << 8) | p[1]; */
/* weight = (p[2] << 8) | p[3]; */
port = (p[4] << 8) | p[5];
if ( port == 0 || host[ 0 ] == '\0' ) {
goto add_size;
}
buflen = strlen(host) + STRLENOF(":65355 ");
hostlist = (char *) LDAP_REALLOC(hostlist, cur + buflen + 1);
if (hostlist == NULL) {
rc = LDAP_NO_MEMORY;
goto out;
}
if (cur > 0) {
/* not first time around */
hostlist[cur++] = ' ';
}
cur += sprintf(&hostlist[cur], "%s:%hu", host, port);
}
add_size:;
p += size;
}
}
if (hostlist == NULL) {
/* No LDAP servers found in DNS. */
rc = LDAP_UNAVAILABLE;
goto out;
}
rc = LDAP_SUCCESS;
*list = hostlist;
out:
LDAP_MUTEX_UNLOCK(&ldap_int_resolv_mutex);
if (request != NULL) {
LDAP_FREE(request);
}
if (rc != LDAP_SUCCESS && hostlist != NULL) {
LDAP_FREE(hostlist);
}
return rc;
#else
return LDAP_NOT_SUPPORTED;
#endif /* HAVE_RES_QUERY */
}