Attachment #5110 for bug #26309

View | Details | Raw Unified | Return to bug 26309
Collapse All | Expand All

Lines 47-52 static enum dhcp_token read_string PROTO Link Here

(-)dhcp-3.1.3/common/conflex.c.ldap (-15 / +29 lines)
47	static enum dhcp_token read_number PROTO ((int, struct parse *));	47	static enum dhcp_token read_number PROTO ((int, struct parse *));
48	static enum dhcp_token read_num_or_name PROTO ((int, struct parse *));	48	static enum dhcp_token read_num_or_name PROTO ((int, struct parse *));
49	static enum dhcp_token intern PROTO ((char *, enum dhcp_token));	49	static enum dhcp_token intern PROTO ((char *, enum dhcp_token));
		50	static int read_function PROTO ((struct parse *));
50		51
51	isc_result_t new_parse (cfile, file, inbuf, buflen, name, eolp)	52	isc_result_t new_parse (cfile, file, inbuf, buflen, name, eolp)
52	struct parse **cfile;	53	struct parse **cfile;
Lines 74-79 isc_result_t new_parse (cfile, file, inb Link Here
74	tmp -> file = file;	75	tmp -> file = file;
75	tmp -> eol_token = eolp;	76	tmp -> eol_token = eolp;
76		77
		78	if (file != -1) {
		79	tmp -> read_function = read_function;;
		80	}
		81
77	tmp -> bufix = 0;	82	tmp -> bufix = 0;
78	tmp -> buflen = buflen;	83	tmp -> buflen = buflen;
79	if (inbuf) {	84	if (inbuf) {
Lines 113-134 static int get_char (cfile) Link Here
113	int c;	118	int c;
114		119
115	if (cfile -> bufix == cfile -> buflen) {	120	if (cfile -> bufix == cfile -> buflen) {
116	if (cfile -> file != -1) {	121	if (cfile -> read_function) {
117	cfile -> buflen =	122	c = cfile -> read_function (cfile);
118	read (cfile -> file,	123	} else {
119	cfile -> inbuf, cfile -> bufsiz);
120	if (cfile -> buflen == 0) {
121	c = EOF;
122	cfile -> bufix = 0;
123	} else if (cfile -> buflen < 0) {
124	c = EOF;
125	cfile -> bufix = cfile -> buflen = 0;
126	} else {
127	c = cfile -> inbuf [0];
128	cfile -> bufix = 1;
129	}
130	} else
131	c = EOF;	124	c = EOF;
		125	}
132	} else {	126	} else {
133	c = cfile -> inbuf [cfile -> bufix];	127	c = cfile -> inbuf [cfile -> bufix];
134	cfile -> bufix++;	128	cfile -> bufix++;
Lines 1236-1238 static enum dhcp_token intern (atom, dfv Link Here
1236	}	1230	}
1237	return dfv;	1231	return dfv;
1238	}	1232	}
		1233
		1234	static int
		1235	read_function (struct parse * cfile)
		1236	{
		1237	int c;
		1238
		1239	cfile -> buflen = read (cfile -> file, cfile -> inbuf, cfile -> bufsiz);
		1240	if (cfile -> buflen == 0) {
		1241	c = EOF;
		1242	cfile -> bufix = 0;
		1243	} else if (cfile -> buflen < 0) {
		1244	c = EOF;
		1245	cfile -> bufix = cfile -> buflen = 0;
		1246	} else {
		1247	c = cfile -> inbuf [0];
		1248	cfile -> bufix = 1;
		1249	}
		1250
		1251	return c;
		1252	}

Lines 168-176 char *print_base64 (const unsigned char Link Here

(-)dhcp-3.1.3/common/print.c.ldap (-3 / +3 lines)
168	}	168	}
169		169
170	char *print_hw_addr (htype, hlen, data)	170	char *print_hw_addr (htype, hlen, data)
171	int htype;	171	const int htype;
172	int hlen;	172	const int hlen;
173	unsigned char *data;	173	const unsigned char *data;
174	{	174	{
175	static char habuf [49];	175	static char habuf [49];
176	char *s;	176	char *s;





SRC    = dst_support.c dst_api.c hmac_link.c md5_dgst.c base64.c prandom.c
OBJ    = dst_support.o dst_api.o hmac_link.o md5_dgst.o base64.o prandom.o
OBJ_NM5= dst_support.o dst_api.o hmac_link.o base64.o prandom.o
HDRS   = dst_internal.h md5.h md5_locl.h

INCLUDES = $(BINDINC) -I$(TOP)/includes
CFLAGS = $(DEBUG) $(PREDEFINES) $(INCLUDES) $(COPTS) -DHMAC_MD5 -DMINIRES_LIB

all:	libdst.a libdst-nomd5.a

install:


	ar cruv libdst.a $(OBJ)
	$(RANLIB) libdst.a

libdst-nomd5.a:	$(OBJ_NM5)
	rm -f libdst-nomd5.a
	ar cruv libdst-nomd5.a $(OBJ_NM5)
	$(RANLIB) libdst-nomd5.a

depend:
	$(MKDEP) $(INCLUDES) $(PREDEFINES) $(SRC)

clean:
	-rm -f $(OBJ) libdst.a libdst-nomd5.a

realclean: clean
	-rm -f *~ $(CATMANPAGES) $(SEDMANPAGES)

Lines 82-87 typedef struct hash_table class_hash_t; Link Here

(-)dhcp-3.1.3/includes/dhcpd.h.ldap (-1 / +72 lines)
82	#include <isc-dhcp/result.h>	82	#include <isc-dhcp/result.h>
83	#include <omapip/omapip_p.h>	83	#include <omapip/omapip_p.h>
84		84
		85	#if defined(LDAP_CONFIGURATION)
		86	# include <ldap.h>
		87	# include <sys/utsname.h> /* for uname() */
		88	#endif
		89
85	#if !defined (BYTE_NAME_HASH_SIZE)	90	#if !defined (BYTE_NAME_HASH_SIZE)
86	# define BYTE_NAME_HASH_SIZE 401 /* Default would be rediculous. */	91	# define BYTE_NAME_HASH_SIZE 401 /* Default would be rediculous. */
87	#endif	92	#endif
Lines 252-257 struct parse { Link Here
252	char *inbuf;	257	char *inbuf;
253	unsigned bufix, buflen;	258	unsigned bufix, buflen;
254	unsigned bufsiz;	259	unsigned bufsiz;
		260
		261	int (read_function) (struct parse );
255	};	262	};
256		263
257	/* Variable-length array of data. */	264	/* Variable-length array of data. */
Lines 363-368 struct hardware { Link Here
363	u_int8_t hbuf [17];	370	u_int8_t hbuf [17];
364	};	371	};
365		372
		373	#if defined(LDAP_CONFIGURATION)
		374	# define LDAP_BUFFER_SIZE 8192
		375	# define LDAP_METHOD_STATIC 0
		376	# define LDAP_METHOD_DYNAMIC 1
		377	#if defined (USE_SSL)
		378	# define LDAP_SSL_OFF 0
		379	# define LDAP_SSL_ON 1
		380	# define LDAP_SSL_TLS 2
		381	# define LDAP_SSL_LDAPS 3
		382	#endif
		383
		384	/* This is a tree of the current configuration we are building from LDAP */
		385	struct ldap_config_stack {
		386	LDAPMessage * res; /* Pointer returned from ldap_search */
		387	LDAPMessage * ldent; /* Current item in LDAP that we're processing.
		388	in res */
		389	int close_brace; /* Put a closing } after we're through with
		390	this item */
		391	int processed; /* We set this flag if this base item has been
		392	processed. After this base item is processed,
		393	we can start processing the children */
		394	struct ldap_config_stack *children;
		395	struct ldap_config_stack *next;
		396	};
		397	#endif
		398
366	typedef enum {	399	typedef enum {
367	server_startup = 0,	400	server_startup = 0,
368	server_running = 1,	401	server_running = 1,
Lines 559-564 struct lease_state { Link Here
559	# define DEFAULT_PING_TIMEOUT 1	592	# define DEFAULT_PING_TIMEOUT 1
560	#endif	593	#endif
561		594
		595	#if defined(LDAP_CONFIGURATION)
		596	# define SV_LDAP_SERVER 53
		597	# define SV_LDAP_PORT 54
		598	# define SV_LDAP_USERNAME 55
		599	# define SV_LDAP_PASSWORD 56
		600	# define SV_LDAP_BASE_DN 57
		601	# define SV_LDAP_METHOD 58
		602	# define SV_LDAP_DEBUG_FILE 59
		603	# define SV_LDAP_DHCP_SERVER_CN 60
		604	# define SV_LDAP_REFERRALS 61
		605	#if defined (USE_SSL)
		606	# define SV_LDAP_SSL 62
		607	# define SV_LDAP_TLS_REQCERT 63
		608	# define SV_LDAP_TLS_CA_FILE 64
		609	# define SV_LDAP_TLS_CA_DIR 65
		610	# define SV_LDAP_TLS_CERT 66
		611	# define SV_LDAP_TLS_KEY 67
		612	# define SV_LDAP_TLS_CRLCHECK 68
		613	# define SV_LDAP_TLS_CIPHERS 69
		614	# define SV_LDAP_TLS_RANDFILE 70
		615	#endif
		616	#endif
		617
562	#if !defined (DEFAULT_DEFAULT_LEASE_TIME)	618	#if !defined (DEFAULT_DEFAULT_LEASE_TIME)
563	# define DEFAULT_DEFAULT_LEASE_TIME 43200	619	# define DEFAULT_DEFAULT_LEASE_TIME 43200
564	#endif	620	#endif
Lines 1711-1717 extern int db_time_format; Link Here
1711	char quotify_string (const char , const char *, int);	1767	char quotify_string (const char , const char *, int);
1712	char quotify_buf (const unsigned char , unsigned, const char *, int);	1768	char quotify_buf (const unsigned char , unsigned, const char *, int);
1713	char print_base64 (const unsigned char , unsigned, const char *, int);	1769	char print_base64 (const unsigned char , unsigned, const char *, int);
1714	char print_hw_addr PROTO ((int, int, unsigned char ));	1770	char print_hw_addr PROTO ((const int, const int, const unsigned char ));
1715	void print_lease PROTO ((struct lease *));	1771	void print_lease PROTO ((struct lease *));
1716	void dump_raw PROTO ((const unsigned char *, unsigned));	1772	void dump_raw PROTO ((const unsigned char *, unsigned));
1717	void dump_packet_option (struct option_cache , struct packet ,	1773	void dump_packet_option (struct option_cache , struct packet ,
Lines 2822-2824 OMAPI_OBJECT_ALLOC_DECL (dhcp_failover_l Link Here
2822		2878
2823	extern void dhcpd_priv_minimize(const char server_user, const char server_jail);	2879	extern void dhcpd_priv_minimize(const char server_user, const char server_jail);
2824	extern void dhcpd_priv_drop(const char server_user, const char server_jail);	2880	extern void dhcpd_priv_drop(const char server_user, const char server_jail);
		2881
		2882	/* ldap.c */
		2883	#if defined(LDAP_CONFIGURATION)
		2884	extern struct enumeration ldap_methods;
		2885	#if defined (USE_SSL)
		2886	extern struct enumeration ldap_ssl_usage_enum;
		2887	extern struct enumeration ldap_tls_reqcert_enum;
		2888	extern struct enumeration ldap_tls_crlcheck_enum;
		2889	#endif
		2890	isc_result_t ldap_read_config (void);
		2891	int find_haddr_in_ldap (struct host_decl **, int, unsigned,
		2892	const unsigned char , const char , int);
		2893	int find_subclass_in_ldap (struct class , struct class *,
		2894	struct data_string *);
		2895	#endif




/* ldap_casa.h
   
   Definition for CASA modules... */

/* Copyright (c) 2004 Internet Systems Consorium, Inc. ("ISC")
 * Copyright (c) 1995-2003 Internet Software Consortium.
 * Copyright (c) 2006 Novell, Inc.

 * All rights reserved.
 * Redistribution and use in source and binary forms, with or without 
 * modification, are permitted provided that the following conditions are met: 
 * 1.Redistributions of source code must retain the above copyright notice, 
 *   this list of conditions and the following disclaimer. 
 * 2.Redistributions in binary form must reproduce the above copyright notice, 
 *   this list of conditions and the following disclaimer in the documentation 
 *   and/or other materials provided with the distribution. 
 * 3.Neither the name of ISC, ISC DHCP, nor the names of its contributors 
 *   may be used to endorse or promote products derived from this software 
 *   without specific prior written permission. 

 * THIS SOFTWARE IS PROVIDED BY INTERNET SYSTEMS CONSORTIUM AND CONTRIBUTORS 
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 
 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ISC OR CONTRIBUTORS BE LIABLE 
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 
 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
 * POSSIBILITY OF SUCH DAMAGE.

 * This file was written by S Kalyanasundaram <skalyanasundaram@novell.com>
 */

#if defined(LDAP_CASA_AUTH)
#ifndef __LDAP_CASA_H__
#define __LDAP_CASA_H__

#include <micasa_mgmd.h>
#include <dlfcn.h>
#include <string.h>

#define MICASA_LIB     "libmicasa.so.1"

SSCS_TYPEDEF_LIBCALL(int, CASA_GetCredential_T)
(
       uint32_t            ssFlags,
       SSCS_SECRET_ID_T   *appSecretID,
       SSCS_SECRET_ID_T   *sharedSecretID,
       uint32_t           *credentialType,
       void               *credential,
       SSCS_EXT_T         *ext 
);
SSCS_TYPEDEF_LIBCALL(int, CASA_SetCredential_T)
(
       uint32_t            ssFlags,
       SSCS_SECRET_ID_T   *appSecretID,
       SSCS_SECRET_ID_T   *sharedSecretID,
       uint32_t            credentialType,
       void               *credential,
       SSCS_EXT_T         *ext
);

SSCS_TYPEDEF_LIBCALL(int, CASA_RemoveCredential_T)
(
       uint32_t            ssFlags,
       SSCS_SECRET_ID_T   *appSecretID,
       SSCS_SECRET_ID_T   *sharedSecretID,
       SSCS_EXT_T         *ext
);
static CASA_GetCredential_T            p_miCASAGetCredential = NULL;
static CASA_SetCredential_T            p_miCASASetCredential = NULL;
static CASA_RemoveCredential_T         p_miCASARemoveCredential = NULL;
static void                            *casaIDK = NULL;

int load_casa(void);
static void release_casa(void);
int load_uname_pwd_from_miCASA(char **, char **);

#endif /* __LDAP_CASA_H__ */
#endif /* LDAP_CASA_AUTH */





   traces. */

#define TRACING

/* Define this if you want to read your config from LDAP. Read README.ldap
   about how to set this up */

#define LDAP_CONFIGURATION

/* Define this if you want to enable LDAP over a SSL connection. You will need
   to add -lcrypto -lssl to the LIBS= line of server/Makefile */

#define USE_SSL

#define _PATH_DHCPD_DB    "/state/dhcpd.leases"
#define _PATH_DHCLIENT_DB "/var/lib//var/lib/dhcp/dhclient/state/dhclient.leases"




CATMANPAGES = dhcpd.cat8 dhcpd.conf.cat5 dhcpd.leases.cat5
SEDMANPAGES = dhcpd.man8 dhcpd.conf.man5 dhcpd.leases.man5
SRCS   = dhcpd.c dhcp.c bootp.c confpars.c db.c class.c failover.c \
	 omapi.c mdb.c stables.c salloc.c ddns.c dhcpleasequery.c ldap.c ldap_casa.c
OBJS   = dhcpd.o dhcp.o bootp.o confpars.o db.o class.o failover.o \
	 omapi.o mdb.o stables.o salloc.o ddns.o dhcpleasequery.o ldap.o ldap_casa.o
PROG   = dhcpd
MAN    = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5

INCLUDES = -I$(TOP) $(BINDINC) -I$(TOP)/includes
DHCPLIB = ../common/libdhcp.a $(BINDLIB) ../omapip/libomapi.a ../dst/libdst-nomd5.a
CFLAGS = $(DEBUG) $(PREDEFINES) $(INCLUDES) $(COPTS)

all:	$(PROG) $(CATMANPAGES)

		-e "s#RUNDIR#$(VARRUN)#g" < dhcpd.leases.5 >dhcpd.leases.man5

dhcpd:	$(OBJS) $(COBJ) $(DHCPLIB)
	$(CC) -pie $(LFLAGS) -o dhcpd $(OBJS) $(DHCPLIB) $(LIBS) $(LDAPLIB) $(SSLLIB) -lcap

# Dependencies (semi-automatically-generated)




	int matched = 0;
	int status;
	int ignorep;
	int classfound;

	for (class = collection -> classes; class; class = class -> nic) {
#if defined (DEBUG_CLASS_MATCHING)

				   class -> submatch, MDL));
			if (status && data.len) {
				nc = (struct class *)0;
				classfound = class_hash_lookup (&nc, class -> hash,
					(const char *)data.data, data.len, MDL);

#ifdef LDAP_CONFIGURATION
				if (!classfound && find_subclass_in_ldap (class, &nc, &data))
					classfound = 1;
#endif

				if (classfound) {
#if defined (DEBUG_CLASS_MATCHING)
					log_info ("matches subclass %s.",
					      print_hex_1 (data.len,





isc_result_t readconf ()
{
	isc_result_t res;

	res = read_conf_file (path_dhcpd_conf, root_group, ROOT_GROUP, 0);
#if defined(LDAP_CONFIGURATION)
	if (res != ISC_R_SUCCESS)
		return (res);

	return ldap_read_config ();
#else
	return (res);
#endif
}

isc_result_t read_conf_file (const char *filename, struct group *group,

Lines 432-437 int main (argc, argv, envp) Link Here

(-)dhcp-3.1.3/server/dhcpd.c.ldap (+8 lines)
432	/* Add the ddns update style enumeration prior to parsing. */	432	/* Add the ddns update style enumeration prior to parsing. */
433	add_enumeration (&ddns_styles);	433	add_enumeration (&ddns_styles);
434	add_enumeration (&syslog_enum);	434	add_enumeration (&syslog_enum);
		435	#if defined (LDAP_CONFIGURATION)
		436	add_enumeration (&ldap_methods);
		437	#if defined (USE_SSL)
		438	add_enumeration (&ldap_ssl_usage_enum);
		439	add_enumeration (&ldap_tls_reqcert_enum);
		440	add_enumeration (&ldap_tls_crlcheck_enum);
		441	#endif
		442	#endif
435		443
436	if (!group_allocate (&root_group, MDL))	444	if (!group_allocate (&root_group, MDL))
437	log_fatal ("Can't allocate root group!");	445	log_fatal ("Can't allocate root group!");




/* ldap.c

   Routines for reading the configuration from LDAP */

/*
 * Copyright (c) 2003-2006 Ntelos, Inc.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of The Internet Software Consortium nor the names
 *    of its contributors may be used to endorse or promote products derived
 *    from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND
 * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED.  IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * This LDAP module was written by Brian Masney <masneyb@ntelos.net>. Its
 * development was sponsored by Ntelos, Inc. (www.ntelos.com).
 */

#include "dhcpd.h"
#include <signal.h>

#if defined(LDAP_CONFIGURATION)

#if defined(LDAP_CASA_AUTH)
#include "ldap_casa.h"
#endif

static LDAP * ld = NULL;
static char *ldap_server = NULL, 
            *ldap_username = NULL, 
            *ldap_password = NULL,
            *ldap_base_dn = NULL,
            *ldap_dhcp_server_cn = NULL,
            *ldap_debug_file = NULL;
static int ldap_port = LDAP_PORT,
           ldap_method = LDAP_METHOD_DYNAMIC,
           ldap_referrals = -1,
           ldap_debug_fd = -1;
#if defined (USE_SSL)
static int ldap_use_ssl = -1,        /* try TLS if possible */
           ldap_tls_reqcert = -1,
           ldap_tls_crlcheck = -1;
static char *ldap_tls_ca_file = NULL,
            *ldap_tls_ca_dir = NULL,
            *ldap_tls_cert = NULL,
            *ldap_tls_key = NULL,
            *ldap_tls_ciphers = NULL,
            *ldap_tls_randfile = NULL;
#endif
static struct ldap_config_stack *ldap_stack = NULL;

typedef struct ldap_dn_node {
    struct ldap_dn_node *next;
    size_t refs;
    char *dn;
} ldap_dn_node;

static ldap_dn_node *ldap_service_dn_head = NULL;
static ldap_dn_node *ldap_service_dn_tail = NULL;


static char *
x_strncat(char *dst, const char *src, size_t dst_size)
{
  size_t len = strlen(dst);
  return strncat(dst, src, dst_size > len ? dst_size - len - 1: 0);
}

static void
ldap_parse_class (struct ldap_config_stack *item, struct parse *cfile)
{
  struct berval **tempbv;

  if ((tempbv = ldap_get_values_len (ld, item->ldent, "cn")) == NULL ||
      tempbv[0] == NULL)
    {
      if (tempbv != NULL)
        ldap_value_free_len (tempbv);

      return;
    }

  x_strncat (cfile->inbuf, "class \"", LDAP_BUFFER_SIZE);
  x_strncat (cfile->inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE);
  x_strncat (cfile->inbuf, "\" {\n", LDAP_BUFFER_SIZE);

  item->close_brace = 1;
  ldap_value_free_len (tempbv);
}


static void
ldap_parse_subclass (struct ldap_config_stack *item, struct parse *cfile)
{
  struct berval **tempbv, **classdata;

  if ((tempbv = ldap_get_values_len (ld, item->ldent, "cn")) == NULL ||
      tempbv[0] == NULL)
    {
      if (tempbv != NULL)
        ldap_value_free_len (tempbv);

      return;
    }

  if ((classdata = ldap_get_values_len (ld, item->ldent, 
                                  "dhcpClassData")) == NULL || 
      classdata[0] == NULL)
    {
      if (classdata != NULL)
        ldap_value_free_len (classdata);
      ldap_value_free_len (tempbv);

      return;
    }

  x_strncat (cfile->inbuf, "subclass ", LDAP_BUFFER_SIZE);
  x_strncat (cfile->inbuf, classdata[0]->bv_val, LDAP_BUFFER_SIZE);
  x_strncat (cfile->inbuf, " ", LDAP_BUFFER_SIZE);
  x_strncat (cfile->inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE);
  x_strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE);

  item->close_brace = 1;
  ldap_value_free_len (tempbv);
  ldap_value_free_len (classdata);
}


static void
ldap_parse_host (struct ldap_config_stack *item, struct parse *cfile)
{
  struct berval **tempbv, **hwaddr;

  if ((tempbv = ldap_get_values_len (ld, item->ldent, "cn")) == NULL ||
      tempbv[0] == NULL)
    {
      if (tempbv != NULL)
        ldap_value_free_len (tempbv);

      return;
    }

  hwaddr = ldap_get_values_len (ld, item->ldent, "dhcpHWAddress");

  x_strncat (cfile->inbuf, "host ", LDAP_BUFFER_SIZE);
  x_strncat (cfile->inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE);

  if (hwaddr != NULL && hwaddr[0] != NULL)
    {
      x_strncat (cfile->inbuf, " {\nhardware ", LDAP_BUFFER_SIZE);
      x_strncat (cfile->inbuf, hwaddr[0]->bv_val, LDAP_BUFFER_SIZE);
      x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
      ldap_value_free_len (hwaddr);
    }

  item->close_brace = 1;
  ldap_value_free_len (tempbv);
}


static void
ldap_parse_shared_network (struct ldap_config_stack *item, struct parse *cfile)
{
  struct berval **tempbv;

  if ((tempbv = ldap_get_values_len (ld, item->ldent, "cn")) == NULL ||
      tempbv[0] == NULL)
    {
      if (tempbv != NULL)
        ldap_value_free_len (tempbv);

      return;
    }

  x_strncat (cfile->inbuf, "shared-network \"", LDAP_BUFFER_SIZE);
  x_strncat (cfile->inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE);
  x_strncat (cfile->inbuf, "\" {\n", LDAP_BUFFER_SIZE);

  item->close_brace = 1;
  ldap_value_free_len (tempbv);
}


static void
parse_netmask (int netmask, char *netmaskbuf)
{
  unsigned long nm;
  int i;

  nm = 0;
  for (i=1; i <= netmask; i++)
    {
      nm |= 1 << (32 - i);
    }

  sprintf (netmaskbuf, "%d.%d.%d.%d", (int) (nm >> 24) & 0xff, 
                                      (int) (nm >> 16) & 0xff, 
                                      (int) (nm >> 8) & 0xff, 
                                      (int) nm & 0xff);
}


static void
ldap_parse_subnet (struct ldap_config_stack *item, struct parse *cfile)
{
  struct berval **tempbv, **netmaskstr;
  char netmaskbuf[16];
  int i;

  if ((tempbv = ldap_get_values_len (ld, item->ldent, "cn")) == NULL ||
      tempbv[0] == NULL)
    {
      if (tempbv != NULL)
        ldap_value_free_len (tempbv);

      return;
    }

  if ((netmaskstr = ldap_get_values_len (ld, item->ldent, 
                                     "dhcpNetmask")) == NULL || 
      netmaskstr[0] == NULL)
    {
      if (netmaskstr != NULL)
        ldap_value_free_len (netmaskstr);
      ldap_value_free_len (tempbv);

      return;
    }

  x_strncat (cfile->inbuf, "subnet ", LDAP_BUFFER_SIZE);
  x_strncat (cfile->inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE);

  x_strncat (cfile->inbuf, " netmask ", LDAP_BUFFER_SIZE);
  parse_netmask (strtol (netmaskstr[0]->bv_val, NULL, 10), netmaskbuf);
  x_strncat (cfile->inbuf, netmaskbuf, LDAP_BUFFER_SIZE);

  x_strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE);

  ldap_value_free_len (tempbv);
  ldap_value_free_len (netmaskstr);

  if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpRange")) != NULL)
    {
      for (i=0; tempbv[i] != NULL; i++)
        {
          x_strncat (cfile->inbuf, "range", LDAP_BUFFER_SIZE);
          x_strncat (cfile->inbuf, " ", LDAP_BUFFER_SIZE);
          x_strncat (cfile->inbuf, tempbv[i]->bv_val, LDAP_BUFFER_SIZE);
          x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
        }
    }

  item->close_brace = 1;
}


static void
ldap_parse_pool (struct ldap_config_stack *item, struct parse *cfile)
{
  struct berval **tempbv;
  int i;

  x_strncat (cfile->inbuf, "pool {\n", LDAP_BUFFER_SIZE);

  if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpRange")) != NULL)
    {
      for (i=0; tempbv[i] != NULL; i++)
        {
          x_strncat (cfile->inbuf, "range", LDAP_BUFFER_SIZE);
          x_strncat (cfile->inbuf, " ", LDAP_BUFFER_SIZE);
          x_strncat (cfile->inbuf, tempbv[i]->bv_val, LDAP_BUFFER_SIZE);
          x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
        }
      ldap_value_free_len (tempbv);
    }

  if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpPermitList")) != NULL)
    {
      for (i=0; tempbv[i] != NULL; i++)
        {
          x_strncat (cfile->inbuf, tempbv[i]->bv_val, LDAP_BUFFER_SIZE);
          x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
        }
      ldap_value_free_len (tempbv);
    }

  item->close_brace = 1;
}


static void
ldap_parse_group (struct ldap_config_stack *item, struct parse *cfile)
{
  x_strncat (cfile->inbuf, "group {\n", LDAP_BUFFER_SIZE);
  item->close_brace = 1;
}


static void
ldap_parse_key (struct ldap_config_stack *item, struct parse *cfile)
{
  struct berval **tempbv;

  if ((tempbv = ldap_get_values_len (ld, item->ldent, "cn")) != NULL)
    {
      x_strncat (cfile->inbuf, "key ", LDAP_BUFFER_SIZE);
      x_strncat (cfile->inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE);
      x_strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE);
      ldap_value_free_len (tempbv);
    }

  if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpKeyAlgorithm")) != NULL)
    {
      x_strncat (cfile->inbuf, "algorithm ", LDAP_BUFFER_SIZE);
      x_strncat (cfile->inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE);
      x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
      ldap_value_free_len (tempbv);
    }

  if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpKeySecret")) != NULL)
    {
      x_strncat (cfile->inbuf, "secret ", LDAP_BUFFER_SIZE);
      x_strncat (cfile->inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE);
      x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
      ldap_value_free_len (tempbv);
    }

  item->close_brace = 1;
}


static void
ldap_parse_zone (struct ldap_config_stack *item, struct parse *cfile)
{
  char *cnFindStart, *cnFindEnd;
  struct berval **tempbv;
  char *keyCn;
  size_t len;

  if ((tempbv = ldap_get_values_len (ld, item->ldent, "cn")) != NULL)
    {
      x_strncat (cfile->inbuf, "zone ", LDAP_BUFFER_SIZE);
      x_strncat (cfile->inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE);
      x_strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE);
      ldap_value_free_len (tempbv);
    }

  if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpDnsZoneServer")) != NULL)
    {
      x_strncat (cfile->inbuf, "primary ", LDAP_BUFFER_SIZE);
      x_strncat (cfile->inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE);

      x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
      ldap_value_free_len (tempbv);
    }

  if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpKeyDN")) != NULL)
    {
      cnFindStart = strchr(tempbv[0]->bv_val,'=');
      if (cnFindStart != NULL)
        cnFindEnd = strchr(++cnFindStart,',');
      else
        cnFindEnd = NULL;

      if (cnFindEnd != NULL && cnFindEnd > cnFindStart)
        {
          len = cnFindEnd - cnFindStart;
          keyCn = dmalloc (len + 1, MDL);
        }
      else
        {
          len = 0;
          keyCn = NULL;
        }

      if (keyCn != NULL)
        {
          strncpy (keyCn, cnFindStart, len);
          keyCn[len] = '\0';

          x_strncat (cfile->inbuf, "key ", LDAP_BUFFER_SIZE);
          x_strncat (cfile->inbuf, keyCn, LDAP_BUFFER_SIZE);
          x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);

          dfree (keyCn, MDL);
        }

      ldap_value_free_len (tempbv);
     }

  item->close_brace = 1;
}


static void
add_to_config_stack (LDAPMessage * res, LDAPMessage * ent)
{
  struct ldap_config_stack *ns;

  ns = dmalloc (sizeof (*ns), MDL);
  ns->res = res;
  ns->ldent = ent;
  ns->close_brace = 0;
  ns->processed = 0;
  ns->next = ldap_stack;
  ldap_stack = ns;
}


static void
ldap_stop()
{
  struct sigaction old, new;

  if (ld == NULL)
    return;

  /*
   ** ldap_unbind after a LDAP_SERVER_DOWN result
   ** causes a SIGPIPE and dhcpd gets terminated,
   ** since it doesn't handle it...
   */

  new.sa_flags   = 0;
  new.sa_handler = SIG_IGN;
  sigemptyset (&new.sa_mask);
  sigaction (SIGPIPE, &new, &old);

  ldap_unbind_ext_s (ld, NULL, NULL);
  ld = NULL;

  sigaction (SIGPIPE, &old, &new);
}


static char *
_do_lookup_dhcp_string_option (struct option_state *options, int option_name)
{
  struct option_cache *oc;
  struct data_string db;
  char *ret;

  memset (&db, 0, sizeof (db));
  oc = lookup_option (&server_universe, options, option_name);
  if (oc &&
      evaluate_option_cache (&db, (struct packet*) NULL,
                             (struct lease *) NULL,
                             (struct client_state *) NULL, options,
                             (struct option_state *) NULL,
                             &global_scope, oc, MDL) &&
      db.data != NULL && *db.data != '\0')

    {
      ret = dmalloc (db.len + 1, MDL);
      if (ret == NULL)
        log_fatal ("no memory for ldap option %d value", option_name);

      memcpy (ret, db.data, db.len);
      ret[db.len] = 0;
      data_string_forget (&db, MDL);
    }
  else
    ret = NULL;

  return (ret);
}


static int
_do_lookup_dhcp_int_option (struct option_state *options, int option_name)
{
  struct option_cache *oc;
  struct data_string db;
  int ret;

  memset (&db, 0, sizeof (db));
  oc = lookup_option (&server_universe, options, option_name);
  if (oc &&
      evaluate_option_cache (&db, (struct packet*) NULL,
                             (struct lease *) NULL,
                             (struct client_state *) NULL, options,
                             (struct option_state *) NULL,
                             &global_scope, oc, MDL) &&
      db.data != NULL && *db.data != '\0')
    {
      ret = strtol ((const char *) db.data, NULL, 10);
      data_string_forget (&db, MDL);
    }
  else
    ret = 0;

  return (ret);
}


static int
_do_lookup_dhcp_enum_option (struct option_state *options, int option_name)
{
  struct option_cache *oc;
  struct data_string db;
  int ret = -1;

  memset (&db, 0, sizeof (db));
  oc = lookup_option (&server_universe, options, option_name);
  if (oc &&
      evaluate_option_cache (&db, (struct packet*) NULL,
                             (struct lease *) NULL,
                             (struct client_state *) NULL, options,
                             (struct option_state *) NULL,
                             &global_scope, oc, MDL) &&
      db.data != NULL && *db.data != '\0')
    {
      if (db.len == 1) 
        ret = db.data [0];
      else
        log_fatal ("invalid option name %d", option_name);

      data_string_forget (&db, MDL);
    }
  else
    ret = 0;

  return (ret);
}

int
ldap_rebind_cb (LDAP *ld, LDAP_CONST char *url, ber_tag_t request, ber_int_t msgid, void *parms)
{
  int ret;
  LDAPURLDesc *ldapurl = NULL;
  char *who = NULL;
  struct berval creds;

  log_info("LDAP rebind to '%s'", url);
  if ((ret = ldap_url_parse(url, &ldapurl)) != LDAP_SUCCESS)
    {
      log_error ("Error: Can not parse ldap rebind url '%s': %s",
                 url, ldap_err2string(ret));
      return ret;
    }


#if defined (USE_SSL)
  if (strcasecmp(ldapurl->lud_scheme, "ldaps") == 0)
    {
      int opt = LDAP_OPT_X_TLS_HARD;
      if ((ret = ldap_set_option (ld, LDAP_OPT_X_TLS, &opt)) != LDAP_SUCCESS)
        {
          log_error ("Error: Cannot init LDAPS session to %s:%d: %s",
                    ldapurl->lud_host, ldapurl->lud_port, ldap_err2string (ret));
          return ret;
        }
      else
        {
          log_info ("LDAPS session successfully enabled to %s", ldap_server);
        }
    }
  else
  if (strcasecmp(ldapurl->lud_scheme, "ldap") == 0 &&
      ldap_use_ssl != LDAP_SSL_OFF)
    {
      if ((ret = ldap_start_tls_s (ld, NULL, NULL)) != LDAP_SUCCESS)
        {
          log_error ("Error: Cannot start TLS session to %s:%d: %s",
                     ldapurl->lud_host, ldapurl->lud_port, ldap_err2string (ret));
          return ret;
        }
      else
        {
          log_info ("TLS session successfully started to %s:%d",
                    ldapurl->lud_host, ldapurl->lud_port);
        }
    }
#endif


  if (ldap_username != NULL || *ldap_username != '\0')
    {
      who = ldap_username;
      creds.bv_val = strdup(ldap_password);
      creds.bv_len = strlen(ldap_password);
    }

  if ((ret = ldap_sasl_bind_s (ld, who, LDAP_SASL_SIMPLE, &creds,
                               NULL, NULL, NULL)) != LDAP_SUCCESS)
    {
      log_error ("Error: Cannot login into ldap server %s:%d: %s",
                 ldapurl->lud_host, ldapurl->lud_port, ldap_err2string (ret));
    }
  return ret;
}

static void
ldap_start (void)
{
  struct option_state *options;
  int ret, version;
  char *uri = NULL;
  struct berval creds;

  if (ld != NULL)
    return;

  if (ldap_server == NULL)
    {
      options = NULL;
      option_state_allocate (&options, MDL);

      execute_statements_in_scope ((struct binding_value **) NULL,
                 (struct packet *) NULL, (struct lease *) NULL,
                 (struct client_state *) NULL, (struct option_state *) NULL,
                 options, &global_scope, root_group, (struct group *) NULL);

      ldap_server = _do_lookup_dhcp_string_option (options, SV_LDAP_SERVER);
      ldap_dhcp_server_cn = _do_lookup_dhcp_string_option (options,
                                                      SV_LDAP_DHCP_SERVER_CN);
      ldap_port = _do_lookup_dhcp_int_option (options, SV_LDAP_PORT);
      ldap_base_dn = _do_lookup_dhcp_string_option (options, SV_LDAP_BASE_DN);
      ldap_method = _do_lookup_dhcp_enum_option (options, SV_LDAP_METHOD);
      ldap_debug_file = _do_lookup_dhcp_string_option (options,
                                                       SV_LDAP_DEBUG_FILE);
      ldap_referrals = _do_lookup_dhcp_enum_option (options, SV_LDAP_REFERRALS);

#if defined (USE_SSL)
      ldap_use_ssl = _do_lookup_dhcp_enum_option (options, SV_LDAP_SSL);
      if( ldap_use_ssl != LDAP_SSL_OFF)
        {
          ldap_tls_reqcert = _do_lookup_dhcp_enum_option (options, SV_LDAP_TLS_REQCERT);
          ldap_tls_ca_file = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CA_FILE);
          ldap_tls_ca_dir = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CA_DIR);
          ldap_tls_cert = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CERT);
          ldap_tls_key = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_KEY);
          ldap_tls_crlcheck = _do_lookup_dhcp_enum_option (options, SV_LDAP_TLS_CRLCHECK);
          ldap_tls_ciphers = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CIPHERS);
          ldap_tls_randfile = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_RANDFILE);
        }
#endif

#if defined (LDAP_CASA_AUTH)
      if (!load_uname_pwd_from_miCASA(&ldap_username,&ldap_password))
        {
#if defined (DEBUG_LDAP)
          log_info ("Authentication credential taken from file");
#endif
#endif

      ldap_username = _do_lookup_dhcp_string_option (options, SV_LDAP_USERNAME);
      ldap_password = _do_lookup_dhcp_string_option (options, SV_LDAP_PASSWORD);

#if defined (LDAP_CASA_AUTH)
      }
#endif

      option_state_dereference (&options, MDL);
    }

  if (ldap_server == NULL || ldap_base_dn == NULL)
    {
      log_info ("Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file");
      ldap_method = LDAP_METHOD_STATIC;
      return;
    }

  if (ldap_debug_file != NULL && ldap_debug_fd == -1)
    {
      if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY,
                                 S_IRUSR | S_IWUSR)) < 0)
        log_error ("Error opening debug LDAP log file %s: %s", ldap_debug_file,
                   strerror (errno));
    }

#if defined (DEBUG_LDAP)
  log_info ("Connecting to LDAP server %s:%d", ldap_server, ldap_port);
#endif

#if defined (USE_SSL)
  if (ldap_use_ssl == -1)
    {
      /*
      ** There was no "ldap-ssl" option in dhcpd.conf (also not "off").
      ** Let's try, if we can use an anonymous TLS session without to
      ** verify the server certificate -- if not continue without TLS.
      */
      int opt = LDAP_OPT_X_TLS_ALLOW;
      if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_REQUIRE_CERT,
                                  &opt)) != LDAP_SUCCESS)
        {
          log_error ("Warning: Cannot set LDAP TLS require cert option to 'allow': %s",
                     ldap_err2string (ret));
        }
    }

  if (ldap_use_ssl != LDAP_SSL_OFF)
    {
      if (ldap_tls_reqcert != -1)
        {
          if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_REQUIRE_CERT,
                                      &ldap_tls_reqcert)) != LDAP_SUCCESS)
            {
              log_error ("Cannot set LDAP TLS require cert option: %s",
                         ldap_err2string (ret));
            }
        }

      if( ldap_tls_ca_file != NULL)
        {
          if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTFILE,
                                      ldap_tls_ca_file)) != LDAP_SUCCESS)
            {
              log_error ("Cannot set LDAP TLS CA certificate file %s: %s",
                         ldap_tls_ca_file, ldap_err2string (ret));
            }
        }
      if( ldap_tls_ca_dir != NULL)
        {
          if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTDIR,
                                      ldap_tls_ca_dir)) != LDAP_SUCCESS)
            {
              log_error ("Cannot set LDAP TLS CA certificate dir %s: %s",
                         ldap_tls_ca_dir, ldap_err2string (ret));
            }
        }
      if( ldap_tls_cert != NULL)
        {
          if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CERTFILE,
                                      ldap_tls_cert)) != LDAP_SUCCESS)
            {
              log_error ("Cannot set LDAP TLS client certificate file %s: %s",
                         ldap_tls_cert, ldap_err2string (ret));
            }
        }
      if( ldap_tls_key != NULL)
        {
          if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_KEYFILE,
                                      ldap_tls_key)) != LDAP_SUCCESS)
            {
              log_error ("Cannot set LDAP TLS certificate key file %s: %s",
                         ldap_tls_key, ldap_err2string (ret));
            }
        }
      if( ldap_tls_crlcheck != -1)
        {
          int opt = ldap_tls_crlcheck;
          if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CRLCHECK,
                                      &opt)) != LDAP_SUCCESS)
            {
              log_error ("Cannot set LDAP TLS crl check option: %s",
                         ldap_err2string (ret));
            }
        }
      if( ldap_tls_ciphers != NULL)
        {
          if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CIPHER_SUITE,
                                      ldap_tls_ciphers)) != LDAP_SUCCESS)
            {
              log_error ("Cannot set LDAP TLS cipher suite %s: %s",
                         ldap_tls_ciphers, ldap_err2string (ret));
            }
        }
      if( ldap_tls_randfile != NULL)
        {
          if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_RANDOM_FILE,
                                      ldap_tls_randfile)) != LDAP_SUCCESS)
            {
              log_error ("Cannot set LDAP TLS random file %s: %s",
                         ldap_tls_randfile, ldap_err2string (ret));
            }
        }
    }
#endif

  /* enough for 'ldap://+ + hostname + ':' + port number */
  uri = malloc(strlen(ldap_server) + 16);
  if (uri == NULL)
    {
      log_error ("Cannot build ldap init URI %s:%d", ldap_server, ldap_port);
      return;
    }

  sprintf(uri, "ldap://%s:%d", ldap_server, ldap_port);
  ldap_initialize(&ld, uri);

  if (ld == NULL)
    {
      log_error ("Cannot init ldap session to %s:%d", ldap_server, ldap_port);
      return;
    }

  free(uri);

  version = LDAP_VERSION3;
  if ((ret = ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &version)) != LDAP_OPT_SUCCESS)
    {
      log_error ("Cannot set LDAP version to %d: %s", version,
                 ldap_err2string (ret));
    }

  if (ldap_referrals != -1)
    {
      if ((ret = ldap_set_option (ld, LDAP_OPT_REFERRALS, ldap_referrals ?
                                  LDAP_OPT_ON : LDAP_OPT_OFF)) != LDAP_OPT_SUCCESS)
        {
          log_error ("Cannot %s LDAP referrals option: %s",
                     (ldap_referrals ? "enable" : "disable"),
                     ldap_err2string (ret));
        }
    }

  if ((ret = ldap_set_rebind_proc(ld, ldap_rebind_cb, NULL)) != LDAP_SUCCESS)
    {
      log_error ("Warning: Cannot set ldap rebind procedure: %s",
                 ldap_err2string (ret));
    }

#if defined (USE_SSL)
  if (ldap_use_ssl == LDAP_SSL_LDAPS ||
     (ldap_use_ssl == LDAP_SSL_ON && ldap_port == LDAPS_PORT))
    {
      int opt = LDAP_OPT_X_TLS_HARD;
      if ((ret = ldap_set_option (ld, LDAP_OPT_X_TLS, &opt)) != LDAP_SUCCESS)
        {
          log_error ("Error: Cannot init LDAPS session to %s:%d: %s",
                    ldap_server, ldap_port, ldap_err2string (ret));
          ldap_stop();
          return;
        }
      else
        {
          log_info ("LDAPS session successfully enabled to %s:%d",
                    ldap_server, ldap_port);
        }
    }
  else if (ldap_use_ssl != LDAP_SSL_OFF)
    {
      if ((ret = ldap_start_tls_s (ld, NULL, NULL)) != LDAP_SUCCESS)
        {
          log_error ("Error: Cannot start TLS session to %s:%d: %s",
                     ldap_server, ldap_port, ldap_err2string (ret));
          ldap_stop();
          return;
        }
      else
        {
          log_info ("TLS session successfully started to %s:%d",
                    ldap_server, ldap_port);
        }
    }
#endif

  if (ldap_username != NULL && *ldap_username != '\0')
    {
      creds.bv_val = strdup(ldap_password);
      creds.bv_len = strlen(ldap_password);

      if ((ret = ldap_sasl_bind_s (ld, ldap_username, LDAP_SASL_SIMPLE,
                                    &creds, NULL, NULL, NULL)) != LDAP_SUCCESS)
        {
          log_error ("Error: Cannot login into ldap server %s:%d: %s",
                     ldap_server, ldap_port, ldap_err2string (ret));
          ldap_stop();
          return;
        }
    }

#if defined (DEBUG_LDAP)
  log_info ("Successfully logged into LDAP server %s", ldap_server);
#endif
}


static void
parse_external_dns (LDAPMessage * ent)
{
  char *search[] = {"dhcpOptionsDN", "dhcpSharedNetworkDN", "dhcpSubnetDN",
                    "dhcpGroupDN", "dhcpHostDN", "dhcpClassesDN",
                    "dhcpPoolDN", NULL};
  LDAPMessage * newres, * newent;
  struct berval **tempbv;
  int i, j, ret;
#if defined (DEBUG_LDAP)
  char *dn;

  dn = ldap_get_dn (ld, ent);
  if (dn != NULL)
    {
      log_info ("Parsing external DNs for '%s'", dn);
      ldap_memfree (dn);
    }
#endif

  if (ld == NULL)
    ldap_start ();
  if (ld == NULL)
    return;

  for (i=0; search[i] != NULL; i++)
    {
      if ((tempbv = ldap_get_values_len (ld, ent, search[i])) == NULL)
        continue;

      for (j=0; tempbv[j] != NULL; j++)
        {
          if (*tempbv[j]->bv_val == '\0')
            continue;

          if ((ret = ldap_search_ext_s(ld, tempbv[j]->bv_val, LDAP_SCOPE_BASE,
                                       "objectClass=*", NULL, 0, NULL,
                                       NULL, NULL, 0, &newres)) != LDAP_SUCCESS)
            {
              ldap_value_free_len (tempbv);
              ldap_stop();
              return;
            }
    
#if defined (DEBUG_LDAP)
          log_info ("Adding contents of subtree '%s' to config stack from '%s' reference", tempbv[j], search[i]);
#endif
          for (newent = ldap_first_entry (ld, newres);
               newent != NULL;
               newent = ldap_next_entry (ld, newent))
            {
#if defined (DEBUG_LDAP)
              dn = ldap_get_dn (ld, newent);
              if (dn != NULL)
                {
                  log_info ("Adding LDAP result set starting with '%s' to config stack", dn);
                  ldap_memfree (dn);
                }
#endif

              add_to_config_stack (newres, newent);
              /* don't free newres here */
            }
        }

      ldap_value_free_len (tempbv);
    }
}


static void
free_stack_entry (struct ldap_config_stack *item)
{
  struct ldap_config_stack *look_ahead_pointer = item;
  int may_free_msg = 1;

  while (look_ahead_pointer->next != NULL)
    {
      look_ahead_pointer = look_ahead_pointer->next;
      if (look_ahead_pointer->res == item->res)
        {
          may_free_msg = 0;
          break;
        }
    }

  if (may_free_msg) 
    ldap_msgfree (item->res);

  dfree (item, MDL);
}


static void
next_ldap_entry (struct parse *cfile)
{
  struct ldap_config_stack *temp_stack;

  if (ldap_stack != NULL && ldap_stack->close_brace)
    {
      x_strncat (cfile->inbuf, "}\n", LDAP_BUFFER_SIZE);
      ldap_stack->close_brace = 0;
    }

  while (ldap_stack != NULL && 
         (ldap_stack->ldent == NULL ||
          (ldap_stack->ldent = ldap_next_entry (ld, ldap_stack->ldent)) == NULL))
    {
      if (ldap_stack->close_brace)
        {
          x_strncat (cfile->inbuf, "}\n", LDAP_BUFFER_SIZE);
          ldap_stack->close_brace = 0;
        }

      temp_stack = ldap_stack;
      ldap_stack = ldap_stack->next;
      free_stack_entry (temp_stack);
    }

  if (ldap_stack != NULL && ldap_stack->close_brace)
    {
      x_strncat (cfile->inbuf, "}\n", LDAP_BUFFER_SIZE);
      ldap_stack->close_brace = 0;
    }
}


static char
check_statement_end (const char *statement)
{
  char *ptr;

  if (statement == NULL || *statement == '\0')
    return ('\0');

  /*
  ** check if it ends with "}", e.g.:
  **   "zone my.domain. { ... }"
  ** optionally followed by spaces
  */
  ptr = strrchr (statement, '}');
  if (ptr != NULL)
    {
      /* skip following white-spaces */
      for (++ptr; isspace ((int)*ptr); ptr++);

      /* check if we reached the end */
      if (*ptr == '\0')
        return ('}'); /* yes, block end */
      else
        return (*ptr);
    }

  /*
  ** this should not happen, but...
  ** check if it ends with ";", e.g.:
  **   "authoritative;"
  ** optionally followed by spaces
  */
  ptr = strrchr (statement, ';');
  if (ptr != NULL)
    {
      /* skip following white-spaces */
      for (++ptr; isspace ((int)*ptr); ptr++);

      /* check if we reached the end */
      if (*ptr == '\0')
        return (';'); /* ends with a ; */
      else
        return (*ptr);
    }

  return ('\0');
}


static isc_result_t
ldap_parse_entry_options (LDAPMessage *ent, char *buffer, size_t size,
                          int *lease_limit)
{
  struct berval **tempbv;
  int i;

  if (ent == NULL || buffer == NULL || size == 0)
    return (ISC_R_FAILURE);

  if ((tempbv = ldap_get_values_len (ld, ent, "dhcpStatements")) != NULL)
    {
      for (i=0; tempbv[i] != NULL; i++)
        {
          if (lease_limit != NULL &&
              strncasecmp ("lease limit ", tempbv[i]->bv_val, 12) == 0)
            {
              *lease_limit = (int) strtol ((tempbv[i]->bv_val) + 12, NULL, 10);
              continue;
            }

          x_strncat (buffer, tempbv[i]->bv_val, size);

          switch((int) check_statement_end (tempbv[i]->bv_val))
            {
              case '}':
              case ';':
                x_strncat (buffer, "\n", size);
                break;
              default:
                x_strncat (buffer, ";\n", size);
                break;
            }
        }
      ldap_value_free_len (tempbv);
    }

  if ((tempbv = ldap_get_values_len (ld, ent, "dhcpOption")) != NULL)
    {
      for (i=0; tempbv[i] != NULL; i++)
        {
          x_strncat (buffer, "option ", size);
          x_strncat (buffer, tempbv[i]->bv_val, size);
          switch ((int) check_statement_end (tempbv[i]->bv_val))
            {
              case ';':
                x_strncat (buffer, "\n", size);
                break;
              default:
                x_strncat (buffer, ";\n", size);
                break;
            }
        }
      ldap_value_free_len (tempbv);
    }

  return (ISC_R_SUCCESS);
}


static void
ldap_generate_config_string (struct parse *cfile)
{
  struct berval **objectClass;
  char *dn;
  struct ldap_config_stack *entry;
  LDAPMessage * ent, * res;
  int i, ignore, found;
  int ret;

  if (ld == NULL)
    ldap_start ();
  if (ld == NULL)
    return;

  entry = ldap_stack;
  if ((objectClass = ldap_get_values_len (ld, entry->ldent, 
                                      "objectClass")) == NULL)
    return;
    
  ignore = 0;
  found = 1;
  for (i=0; objectClass[i] != NULL; i++)
    {
      if (strcasecmp (objectClass[i]->bv_val, "dhcpSharedNetwork") == 0)
        ldap_parse_shared_network (entry, cfile);
      else if (strcasecmp (objectClass[i]->bv_val, "dhcpClass") == 0)
        ldap_parse_class (entry, cfile);
      else if (strcasecmp (objectClass[i]->bv_val, "dhcpSubnet") == 0)
        ldap_parse_subnet (entry, cfile);
      else if (strcasecmp (objectClass[i]->bv_val, "dhcpPool") == 0)
        ldap_parse_pool (entry, cfile);
      else if (strcasecmp (objectClass[i]->bv_val, "dhcpGroup") == 0)
        ldap_parse_group (entry, cfile);
      else if (strcasecmp (objectClass[i]->bv_val, "dhcpTSigKey") == 0)
        ldap_parse_key (entry, cfile);
      else if (strcasecmp (objectClass[i]->bv_val, "dhcpDnsZone") == 0)
        ldap_parse_zone (entry, cfile);
      else if (strcasecmp (objectClass[i]->bv_val, "dhcpHost") == 0)
        {
          if (ldap_method == LDAP_METHOD_STATIC)
            ldap_parse_host (entry, cfile);
          else
            {
              ignore = 1;
              break;
            }
        }
      else if (strcasecmp (objectClass[i]->bv_val, "dhcpSubClass") == 0)
        {
          if (ldap_method == LDAP_METHOD_STATIC)
            ldap_parse_subclass (entry, cfile);
          else
            {
              ignore = 1;
              break;
            }
        }
      else
        found = 0;

      if (found && cfile->inbuf[0] == '\0')
        {
          ignore = 1;
          break;
        }
    }

  ldap_value_free_len (objectClass);

  if (ignore)
    {
      next_ldap_entry (cfile);
      return;
    }

  ldap_parse_entry_options(entry->ldent, cfile->inbuf,
                           LDAP_BUFFER_SIZE-1, NULL);

  dn = ldap_get_dn (ld, entry->ldent);

#if defined(DEBUG_LDAP)
  if (dn != NULL)
    log_info ("Found LDAP entry '%s'", dn);
#endif

  if (dn == NULL ||
      (ret = ldap_search_ext_s (ld, dn, LDAP_SCOPE_ONELEVEL,
                                "objectClass=*", NULL, 0, NULL, NULL,
                                NULL, 0, &res)) != LDAP_SUCCESS)
    {
      if (dn)
        ldap_memfree (dn);

      ldap_stop();
      return;
    }

  ldap_memfree (dn);

  if ((ent = ldap_first_entry (ld, res)) != NULL)
    {
      add_to_config_stack (res, ent);
      parse_external_dns (entry->ldent);
    }
  else
    {
      ldap_msgfree (res);
      parse_external_dns (entry->ldent);
      next_ldap_entry (cfile);
    }
}


static void
ldap_close_debug_fd()
{
  if (ldap_debug_fd != -1)
    {
      close (ldap_debug_fd);
      ldap_debug_fd = -1;
    }
}


static void
ldap_write_debug (const void *buff, size_t size)
{
  if (ldap_debug_fd != -1)
    {
      if (write (ldap_debug_fd, buff, size) < 0)
        {
          log_error ("Error writing to LDAP debug file %s: %s."
                     " Disabling log file.", ldap_debug_file,
                     strerror (errno));
          ldap_close_debug_fd();
        }
    }
}

static int
ldap_read_function (struct parse *cfile)
{
  cfile->inbuf[0] = '\0';
  cfile->buflen = 0;
 
  while (ldap_stack != NULL && *cfile->inbuf == '\0')
    ldap_generate_config_string (cfile);

  if (ldap_stack == NULL && *cfile->inbuf == '\0')
    return (EOF);

  cfile->bufix = 1;
  cfile->buflen = strlen (cfile->inbuf);
  if (cfile->buflen > 0)
    ldap_write_debug (cfile->inbuf, cfile->buflen);

#if defined (DEBUG_LDAP)
  log_info ("Sending config line '%s'", cfile->inbuf);
#endif

  return (cfile->inbuf[0]);
}


static char *
ldap_get_host_name (LDAPMessage * ent)
{
  struct berval **name;
  char *ret;

  ret = NULL;
  if ((name = ldap_get_values_len (ld, ent, "cn")) == NULL || name[0] == NULL)
    {
      if (name != NULL)
        ldap_value_free_len (name);

#if defined (DEBUG_LDAP)
      ret = ldap_get_dn (ld, ent);
      if (ret != NULL)
        {
          log_info ("Cannot get cn attribute for LDAP entry %s", ret);
          ldap_memfree(ret);
        }
#endif
      return (NULL);
    }

  ret = dmalloc (strlen (name[0]->bv_val) + 1, MDL);
  strcpy (ret, name[0]->bv_val);
  ldap_value_free_len (name);

  return (ret);
}


static int
getfqhostname(char *fqhost, size_t size)
{
#if defined(MAXHOSTNAMELEN)
  char   hname[MAXHOSTNAMELEN];
#else
  char   hname[65];
#endif
  struct hostent *hp;

  if(NULL == fqhost || 1 >= size)
    return -1;

  memset(hname, 0, sizeof(hname));
  if( gethostname(hname, sizeof(hname)-1))
    return -1;

  if(NULL == (hp = gethostbyname(hname)))
    return -1;

  strncpy(fqhost, hp->h_name, size-1);
  fqhost[size-1] = '\0';
  return 0;
}


isc_result_t
ldap_read_config (void)
{
  LDAPMessage * ldres, * hostres, * ent, * hostent;
  char hfilter[1024], sfilter[1024], fqdn[257];
  char *buffer, *hostdn;
  ldap_dn_node *curr = NULL;
  struct parse *cfile;
  struct utsname unme;
  isc_result_t res;
  size_t length;
  int ret, cnt;
  struct berval **tempbv = NULL;

  if (ld == NULL)
    ldap_start ();
  if (ld == NULL)
    return (ldap_server == NULL ? ISC_R_SUCCESS : ISC_R_FAILURE);
 
  buffer = dmalloc (LDAP_BUFFER_SIZE+1, MDL);
  if (buffer == NULL)
    return (ISC_R_FAILURE);

  cfile = (struct parse *) NULL;
  res = new_parse (&cfile, -1, buffer, LDAP_BUFFER_SIZE, "LDAP", 0);
  if (res != ISC_R_SUCCESS)
    return (res);
 
  uname (&unme);
  if (ldap_dhcp_server_cn != NULL)
    {
     snprintf (hfilter, sizeof (hfilter),
                "(&(objectClass=dhcpServer)(cn=%s))", ldap_dhcp_server_cn);
    }
  else
  {
  if(0 == getfqhostname(fqdn, sizeof(fqdn)))
    {
      snprintf (hfilter, sizeof (hfilter),
                "(&(objectClass=dhcpServer)(|(cn=%s)(cn=%s)))", 
                unme.nodename, fqdn);
    }
  else
    {
      snprintf (hfilter, sizeof (hfilter),
                "(&(objectClass=dhcpServer)(cn=%s))", unme.nodename);
    }

  }
  hostres = NULL;
  if ((ret = ldap_search_ext_s (ld, ldap_base_dn, LDAP_SCOPE_SUBTREE,
                                hfilter, NULL, 0, NULL, NULL, NULL, 0,
                                &hostres)) != LDAP_SUCCESS)
    {
      log_error ("Cannot find host LDAP entry %s %s",
		 ((ldap_dhcp_server_cn == NULL)?(unme.nodename):(ldap_dhcp_server_cn)), hfilter);
      if(NULL != hostres)
        ldap_msgfree (hostres);
      ldap_stop();
      return (ISC_R_FAILURE);
    }

  if ((hostent = ldap_first_entry (ld, hostres)) == NULL)
    {
      log_error ("Error: Cannot find LDAP entry matching %s", hfilter);
      ldap_msgfree (hostres);
      ldap_stop();
      return (ISC_R_FAILURE);
    }

  hostdn = ldap_get_dn (ld, hostent);
#if defined(DEBUG_LDAP)
  if (hostdn != NULL)
    log_info ("Found dhcpServer LDAP entry '%s'", hostdn);
#endif

  if (hostdn == NULL ||
      (tempbv = ldap_get_values_len (ld, hostent, "dhcpServiceDN")) == NULL ||
      tempbv[0] == NULL)
    {
      log_error ("Error: Cannot find LDAP entry matching %s", hfilter);

      if (tempbv != NULL)
        ldap_value_free_len (tempbv);

      if (hostdn)
        ldap_memfree (hostdn);
      ldap_msgfree (hostres);
      ldap_stop();
      return (ISC_R_FAILURE);
    }

#if defined(DEBUG_LDAP)
  log_info ("LDAP: Parsing dhcpServer options '%s' ...", hostdn);
#endif

  cfile->inbuf[0] = '\0';
  ldap_parse_entry_options(hostent, cfile->inbuf, LDAP_BUFFER_SIZE, NULL);
  cfile->buflen = strlen (cfile->inbuf);
  if(cfile->buflen > 0)
    {
      ldap_write_debug (cfile->inbuf, cfile->buflen);

      res = conf_file_subparse (cfile, root_group, ROOT_GROUP);
      if (res != ISC_R_SUCCESS)
        {
          log_error ("LDAP: cannot parse dhcpServer entry '%s'", hostdn);
          ldap_memfree (hostdn);
          ldap_stop();
          return res;
        }
      cfile->inbuf[0] = '\0';
    }
  ldap_msgfree (hostres);

  /*
  ** attach ldap (tree) read function now
  */
  cfile->bufix = cfile->buflen = 0;
  cfile->read_function = ldap_read_function;

  res = ISC_R_SUCCESS;
  for (cnt=0; tempbv[cnt] != NULL; cnt++)
    {
      snprintf(sfilter, sizeof(sfilter), "(&(objectClass=dhcpService)"
                        "(|(dhcpPrimaryDN=%s)(dhcpSecondaryDN=%s)))",
                        hostdn, hostdn);
      ldres = NULL;
      if ((ret = ldap_search_ext_s (ld, tempbv[cnt]->bv_val, LDAP_SCOPE_BASE,
                                    sfilter, NULL, 0, NULL, NULL, NULL,
                                    0, &ldres)) != LDAP_SUCCESS)
        {
          log_error ("Error searching for dhcpServiceDN '%s': %s. Please update the LDAP entry '%s'",
                     tempbv[cnt]->bv_val, ldap_err2string (ret), hostdn);
          if(NULL != ldres)
            ldap_msgfree(ldres);
          res = ISC_R_FAILURE;
          break;
        }

      if ((ent = ldap_first_entry (ld, ldres)) == NULL)
        {
          log_error ("Error: Cannot find dhcpService DN '%s' with primary or secondary server reference. Please update the LDAP server entry '%s'",
                     tempbv[cnt]->bv_val, hostdn);

          ldap_msgfree(ldres);
          res = ISC_R_FAILURE;
          break;
        }

      /*
      ** FIXME: how to free the remembered dn's on exit?
      **        This should be OK if dmalloc registers the
      **        memory it allocated and frees it on exit..
      */

      curr = dmalloc (sizeof (*curr), MDL);
      if (curr != NULL)
        {
          length = strlen (tempbv[cnt]->bv_val);
          curr->dn = dmalloc (length + 1, MDL);
          if (curr->dn == NULL)
            {
              dfree (curr, MDL);
              curr = NULL;
            }
          else
            strcpy (curr->dn, tempbv[cnt]->bv_val);
        }

      if (curr != NULL)
        {
          curr->refs++;

          /* append to service-dn list */
          if (ldap_service_dn_tail != NULL)
            ldap_service_dn_tail->next = curr;
          else
            ldap_service_dn_head = curr;

          ldap_service_dn_tail = curr;
        }
      else
        log_fatal ("no memory to remember ldap service dn");

#if defined (DEBUG_LDAP)
      log_info ("LDAP: Parsing dhcpService DN '%s' ...", tempbv[cnt]);
#endif
      add_to_config_stack (ldres, ent);
      res = conf_file_subparse (cfile, root_group, ROOT_GROUP);
      if (res != ISC_R_SUCCESS)
        {
          log_error ("LDAP: cannot parse dhcpService entry '%s'", tempbv[cnt]->bv_val);
          break;
        }
    }

  end_parse (&cfile);
  ldap_close_debug_fd();

  ldap_memfree (hostdn);
  ldap_value_free_len (tempbv);

  if (res != ISC_R_SUCCESS)
    {
      struct ldap_config_stack *temp_stack;

      while ((curr = ldap_service_dn_head) != NULL)
        {
          ldap_service_dn_head = curr->next;
          dfree (curr->dn, MDL);
          dfree (curr, MDL);
        }

      ldap_service_dn_tail = NULL;

      while ((temp_stack = ldap_stack) != NULL)
        {
          ldap_stack = temp_stack->next;
          free_stack_entry (temp_stack);
        }

      ldap_stop();
    }

  /* Unbind from ldap immediately after reading config in static mode. */
  if (ldap_method == LDAP_METHOD_STATIC)
    ldap_stop();

  return (res);
}


/* This function will parse the dhcpOption and dhcpStatements field in the LDAP
   entry if it exists. Right now, type will be either HOST_DECL or CLASS_DECL.
   If we are parsing a HOST_DECL, this always returns 0. If we are parsing a 
   CLASS_DECL, this will return what the current lease limit is in LDAP. If
   there is no lease limit specified, we return 0 */

static int
ldap_parse_options (LDAPMessage * ent, struct group *group,
                         int type, struct host_decl *host,
                         struct class **class)
{
  int declaration, lease_limit;
  char option_buffer[8192];
  enum dhcp_token token;
  struct parse *cfile;
  isc_result_t res;
  const char *val;

  lease_limit = 0;
  *option_buffer = '\0';
 
 /* This block of code will try to find the parent of the host, and
    if it is a group object, fetch the options and apply to the host. */
  if (type == HOST_DECL) 
    {
      char *hostdn, *basedn, *temp1, *temp2, filter[1024];
      LDAPMessage *groupdn, *entry;
      int ret;

      hostdn = ldap_get_dn (ld, ent);
      if( hostdn != NULL)
        {
          basedn = NULL;

          temp1 = strchr (hostdn, '=');
          if (temp1 != NULL)
            temp1 = strchr (++temp1, '=');
          if (temp1 != NULL)
            temp2 = strchr (++temp1, ',');
          else
            temp2 = NULL;

          if (temp2 != NULL)
            {
              snprintf (filter, sizeof(filter),
                        "(&(cn=%.*s)(objectClass=dhcpGroup))",
                        (int)(temp2 - temp1), temp1);

              basedn = strchr (temp1, ',');
              if (basedn != NULL)
                ++basedn;
            }

          if (basedn != NULL && *basedn != '\0')
            {
              ret = ldap_search_ext_s (ld, basedn, LDAP_SCOPE_SUBTREE, filter,
                                       NULL, 0, NULL, NULL, NULL, 0, &groupdn);
              if (ret == LDAP_SUCCESS)
                {
                  if ((entry = ldap_first_entry (ld, groupdn)) != NULL)
                    {
                      res = ldap_parse_entry_options (entry, option_buffer,
                                                      sizeof(option_buffer) - 1,
                                                      &lease_limit);
                      if (res != ISC_R_SUCCESS)
                        {
                          /* reset option buffer discarding any results */
                          *option_buffer = '\0';
                          lease_limit = 0;
                        }
                    }
                  ldap_msgfree( groupdn);
                }
            }
          ldap_memfree( hostdn);
        }
    }

  res = ldap_parse_entry_options (ent, option_buffer, sizeof(option_buffer) - 1,
                                  &lease_limit);
  if (res != ISC_R_SUCCESS)
    return (lease_limit);

  option_buffer[sizeof(option_buffer) - 1] = '\0';
  if (*option_buffer == '\0')
    return (lease_limit);

  cfile = (struct parse *) NULL;
  res = new_parse (&cfile, -1, option_buffer, strlen (option_buffer), 
                   type == HOST_DECL ? "LDAP-HOST" : "LDAP-SUBCLASS", 0);
  if (res != ISC_R_SUCCESS)
    return (lease_limit);

#if defined (DEBUG_LDAP)
  log_info ("Sending the following options: '%s'", option_buffer);
#endif

  declaration = 0;
  do
    {
      token = peek_token (&val, NULL, cfile);
      if (token == END_OF_FILE)
        break;
       declaration = parse_statement (cfile, group, type, host, declaration);
    } while (1);

  end_parse (&cfile);

  return (lease_limit);
}



int
find_haddr_in_ldap (struct host_decl **hp, int htype, unsigned hlen,
                    const unsigned char *haddr, const char *file, int line)
{
  char buf[128], *type_str;
  LDAPMessage * res, *ent;
  struct host_decl * host;
  isc_result_t status;
  ldap_dn_node *curr;
  int ret;

  if (ldap_method == LDAP_METHOD_STATIC)
    return (0);

  if (ld == NULL)
    ldap_start ();
  if (ld == NULL)
    return (0);

  switch (htype)
    {
      case HTYPE_ETHER:
        type_str = "ethernet";
        break;
      case HTYPE_IEEE802:
        type_str = "token-ring";
        break;
      case HTYPE_FDDI:
        type_str = "fddi";
        break;
      default:
        log_info ("Ignoring unknown type %d", htype);
        return (0);
    }

  /*
  ** FIXME: It is not guaranteed, that the dhcpHWAddress attribute
  **        contains _exactly_ "type addr" with one space between!
  */
  snprintf (buf, sizeof (buf),
            "(&(objectClass=dhcpHost)(dhcpHWAddress=%s %s))",
           type_str, print_hw_addr (htype, hlen, haddr));

  res = ent = NULL;
  for (curr = ldap_service_dn_head;
       curr != NULL && *curr->dn != '\0';
       curr = curr->next)
    {
#if defined (DEBUG_LDAP)
      log_info ("Searching for %s in LDAP tree %s", buf, curr->dn);
#endif
      ret = ldap_search_ext_s (ld, curr->dn, LDAP_SCOPE_SUBTREE, buf, NULL, 0,
                               NULL, NULL, NULL, 0, &res);

      if(ret == LDAP_SERVER_DOWN)
        {
          log_info ("LDAP server was down, trying to reconnect...");

          ldap_stop();
          ldap_start();
          if(ld == NULL)
            {
              log_info ("LDAP reconnect failed - try again later...");
              return (0);
            }

          ret = ldap_search_ext_s (ld, curr->dn, LDAP_SCOPE_SUBTREE, buf, NULL,
                                   0, NULL, NULL, NULL, 0, &res);
        }

      if (ret == LDAP_SUCCESS)
        {
          if( (ent = ldap_first_entry (ld, res)) != NULL)
            break; /* search OK and have entry */

#if defined (DEBUG_LDAP)
          log_info ("No host entry for %s in LDAP tree %s",
                    buf, curr->dn);
#endif
          if(res)
            {
              ldap_msgfree (res);
              res = NULL;
            }
        }
      else
        {
          if(res)
            {
              ldap_msgfree (res);
              res = NULL;
            }

          if (ret != LDAP_NO_SUCH_OBJECT && ret != LDAP_SUCCESS)
            {
              log_error ("Cannot search for %s in LDAP tree %s: %s", buf, 
                         curr->dn, ldap_err2string (ret));
              ldap_stop();
              return (0);
            }
#if defined (DEBUG_LDAP)
          else
            {
              log_info ("ldap_search_ext_s returned %s when searching for %s in %s",
                        ldap_err2string (ret), buf, curr->dn);
            }
#endif
        }
    }

  if (res && ent)
    {
#if defined (DEBUG_LDAP)
      char *dn = ldap_get_dn (ld, ent);
      if (dn != NULL)
        {
          log_info ("Found dhcpHWAddress LDAP entry %s", dn);
          ldap_memfree(dn);
        }
#endif

      host = (struct host_decl *)0;
      status = host_allocate (&host, MDL);
      if (status != ISC_R_SUCCESS)
        {
          log_fatal ("can't allocate host decl struct: %s", 
                     isc_result_totext (status)); 
          ldap_msgfree (res);
          return (0);
        }

      host->name = ldap_get_host_name (ent);
      if (host->name == NULL)
        {
          host_dereference (&host, MDL);
          ldap_msgfree (res);
          return (0);
        }

      if (!clone_group (&host->group, root_group, MDL))
        {
          log_fatal ("can't clone group for host %s", host->name);
          host_dereference (&host, MDL);
          ldap_msgfree (res);
          return (0);
        }

      ldap_parse_options (ent, host->group, HOST_DECL, host, NULL);

      *hp = host;
      ldap_msgfree (res);
      return (1);
    }


  if(res) ldap_msgfree (res);
  return (0);
}


int
find_subclass_in_ldap (struct class *class, struct class **newclass, 
                       struct data_string *data)
{
  LDAPMessage * res, * ent;
  int ret, lease_limit;
  isc_result_t status;
  ldap_dn_node *curr;
  char buf[1024];

  if (ldap_method == LDAP_METHOD_STATIC)
    return (0);

  if (ld == NULL)
    ldap_start ();
  if (ld == NULL)
    return (0);

  snprintf (buf, sizeof (buf),
            "(&(objectClass=dhcpSubClass)(cn=%s)(dhcpClassData=%s))",
            print_hex_1 (data->len, data->data, 60),
            print_hex_2 (strlen (class->name), (u_int8_t *) class->name, 60));
#if defined (DEBUG_LDAP)
  log_info ("Searching LDAP for %s", buf);
#endif

  res = ent = NULL;
  for (curr = ldap_service_dn_head;
       curr != NULL && *curr->dn != '\0';
       curr = curr->next)
    {
#if defined (DEBUG_LDAP)
      log_info ("Searching for %s in LDAP tree %s", buf, curr->dn);
#endif
      ret = ldap_search_ext_s (ld, curr->dn, LDAP_SCOPE_SUBTREE, buf, NULL, 0,
                               NULL, NULL, NULL, 0, &res);

      if(ret == LDAP_SERVER_DOWN)
        {
          log_info ("LDAP server was down, trying to reconnect...");

          ldap_stop();
          ldap_start();

          if(ld == NULL)
            {
              log_info ("LDAP reconnect failed - try again later...");
              return (0);
            }

          ret = ldap_search_ext_s (ld, curr->dn, LDAP_SCOPE_SUBTREE, buf,
                                   NULL, 0, NULL, NULL, NULL, 0, &res);
        }

      if (ret == LDAP_SUCCESS)
        {
          if( (ent = ldap_first_entry (ld, res)) != NULL)
            break; /* search OK and have entry */

#if defined (DEBUG_LDAP)
          log_info ("No subclass entry for %s in LDAP tree %s",
                    buf, curr->dn);
#endif
          if(res)
            {
              ldap_msgfree (res);
              res = NULL;
            }
        }
      else
        {
          if(res)
            {
              ldap_msgfree (res);
              res = NULL;
            }

          if (ret != LDAP_NO_SUCH_OBJECT && ret != LDAP_SUCCESS)
            {
              log_error ("Cannot search for %s in LDAP tree %s: %s", buf, 
                         curr->dn, ldap_err2string (ret));
              ldap_stop();
              return (0);
            }
#if defined (DEBUG_LDAP)
          else
            {
              log_info ("ldap_search_ext_s returned %s when searching for %s in %s",
                        ldap_err2string (ret), buf, curr->dn);
            }
#endif
        }
    }

  if (res && ent)
    {
#if defined (DEBUG_LDAP)
      char *dn = ldap_get_dn (ld, ent);
      if (dn != NULL)
        {
          log_info ("Found subclass LDAP entry %s", dn);
          ldap_memfree(dn);
        }
#endif

      status = class_allocate (newclass, MDL);
      if (status != ISC_R_SUCCESS)
        {
          log_error ("Cannot allocate memory for a new class");
          ldap_msgfree (res);
          return (0);
        }

      group_reference (&(*newclass)->group, class->group, MDL);
      class_reference (&(*newclass)->superclass, class, MDL);
      lease_limit = ldap_parse_options (ent, (*newclass)->group, 
                                        CLASS_DECL, NULL, newclass);
      if (lease_limit == 0)
        (*newclass)->lease_limit = class->lease_limit; 
      else
        class->lease_limit = lease_limit;

      if ((*newclass)->lease_limit) 
        {
          (*newclass)->billed_leases = 
              dmalloc ((*newclass)->lease_limit * sizeof (struct lease *), MDL);
          if (!(*newclass)->billed_leases) 
            {
              log_error ("no memory for billing");
              class_dereference (newclass, MDL);
              ldap_msgfree (res);
              return (0);
            }
          memset ((*newclass)->billed_leases, 0, 
                ((*newclass)->lease_limit * sizeof (*newclass)->billed_leases));
        }

      data_string_copy (&(*newclass)->hash_string, data, MDL);

      ldap_msgfree (res);
      return (1);
    }

  if(res) ldap_msgfree (res);
  return (0);
}

#endif




/* ldap_casa.c
   
   CASA routines for DHCPD... */

/* Copyright (c) 2004 Internet Systems Consorium, Inc. ("ISC")
 * Copyright (c) 1995-2003 Internet Software Consortium.
 * Copyright (c) 2006 Novell, Inc.

 * All rights reserved.
 * Redistribution and use in source and binary forms, with or without 
 * modification, are permitted provided that the following conditions are met: 
 * 1.Redistributions of source code must retain the above copyright notice, 
 *   this list of conditions and the following disclaimer. 
 * 2.Redistributions in binary form must reproduce the above copyright notice, 
 *   this list of conditions and the following disclaimer in the documentation 
 *   and/or other materials provided with the distribution. 
 * 3.Neither the name of ISC, ISC DHCP, nor the names of its contributors 
 *   may be used to endorse or promote products derived from this software 
 *   without specific prior written permission. 

 * THIS SOFTWARE IS PROVIDED BY INTERNET SYSTEMS CONSORTIUM AND CONTRIBUTORS 
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 
 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ISC OR CONTRIBUTORS BE LIABLE 
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 
 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
 * POSSIBILITY OF SUCH DAMAGE.

 * This file was written by S Kalyanasundaram <skalyanasundaram@novell.com>
 */

#if defined(LDAP_CASA_AUTH)
#include "ldap_casa.h"
#include "dhcpd.h"

int
load_casa (void)
{
       if( !(casaIDK = dlopen(MICASA_LIB,RTLD_LAZY)))
       	  return 0;
       p_miCASAGetCredential = (CASA_GetCredential_T) dlsym(casaIDK, "miCASAGetCredential");
       p_miCASASetCredential = (CASA_SetCredential_T) dlsym(casaIDK, "miCASASetCredential");
       p_miCASARemoveCredential = (CASA_RemoveCredential_T) dlsym(casaIDK, "miCASARemoveCredential");

       if((p_miCASAGetCredential == NULL) ||
         (p_miCASASetCredential == NULL) ||
         (p_miCASARemoveCredential == NULL))
       {
          if(casaIDK)
            dlclose(casaIDK);
          casaIDK = NULL;
          p_miCASAGetCredential = NULL;
          p_miCASASetCredential = NULL;
          p_miCASARemoveCredential = NULL;
          return 0;
       }
       else
          return 1;
}

static void
release_casa(void)
{
   if(casaIDK)
   {
      dlclose(casaIDK);
      casaIDK = NULL;
   }

   p_miCASAGetCredential = NULL;
   p_miCASASetCredential = NULL;
   p_miCASARemoveCredential = NULL;

}

int
load_uname_pwd_from_miCASA (char **ldap_username, char **ldap_password)
 {
   int                     result = 0;
   uint32_t                credentialtype = SSCS_CRED_TYPE_SERVER_F;
   SSCS_BASIC_CREDENTIAL   credential;
   SSCS_SECRET_ID_T        applicationSecretId;
   char                    *tempVar = NULL;

   const char applicationName[10] = "dhcp-ldap";

   if ( load_casa() )
   {
      memset(&credential, 0, sizeof(SSCS_BASIC_CREDENTIAL));
      memset(&applicationSecretId, 0, sizeof(SSCS_SECRET_ID_T));

      applicationSecretId.len = strlen(applicationName) + 1;
      memcpy (applicationSecretId.id, applicationName, applicationSecretId.len);

      credential.unFlags = USERNAME_TYPE_CN_F;

      result = p_miCASAGetCredential (0,
                 &applicationSecretId,NULL,&credentialtype,
                 &credential,NULL);

      if(credential.unLen)
      {
         tempVar = dmalloc (credential.unLen + 1, MDL);
         if (!tempVar)
             log_fatal ("no memory for ldap_username");
         memcpy(tempVar , credential.username, credential.unLen);
         *ldap_username = tempVar;

         tempVar = dmalloc (credential.pwordLen + 1, MDL);
         if (!tempVar)
             log_fatal ("no memory for ldap_password");
         memcpy(tempVar, credential.password, credential.pwordLen);
         *ldap_password = tempVar;

#if defined (DEBUG_LDAP)
         log_info ("Authentication credential taken from CASA");
#endif

         release_casa();
         return 1;

        }
        else
        {
            release_casa();
            return 0;
        }
      }
      else
          return 0; //casa libraries not loaded
 }

#endif /* LDAP_CASA_AUTH */


Lines 454-459 int find_hosts_by_haddr (struct host_dec Link Here

(-)dhcp-3.1.3/server/mdb.c.ldap (+6 lines)
454	{	454	{
455	struct host_decl *foo;	455	struct host_decl *foo;
456	struct hardware h;	456	struct hardware h;
		457	int ret;
		458
		459	#if defined(LDAP_CONFIGURATION)
		460	if ((ret = find_haddr_in_ldap (hp, htype, hlen, haddr, file, line)))
		461	return ret;
		462	#endif
457		463
458	h.hlen = hlen + 1;	464	h.hlen = hlen + 1;
459	h.hbuf [0] = htype;	465	h.hbuf [0] = htype;




	{ "adaptive-lease-time-threshold", "B",	&server_universe,  50, 1 },
	{ "do-reverse-updates", "f",		&server_universe,  51, 1 },
	{ "fqdn-reply", "f",			&server_universe,  52, 1 },
#if defined(LDAP_CONFIGURATION)
	{ "ldap-server", "t",				&server_universe, 53 },
	{ "ldap-port", "d",					&server_universe, 54 },
	{ "ldap-username", "t",				&server_universe, 55 },
	{ "ldap-password", "t",				&server_universe, 56 },
	{ "ldap-base-dn", "t",				&server_universe, 57 },
	{ "ldap-method", "Nldap-methods.",	&server_universe, 58 },
	{ "ldap-debug-file", "t",			&server_universe, 59 },
	{ "ldap-dhcp-server-cn", "t",		&server_universe, 60 },
	{ "ldap-referrals", "f",			&server_universe, 61 },
#if defined(USE_SSL)
	{ "ldap-ssl", "Nldap-ssl-usage.",	&server_universe, 62 },
	{ "ldap-tls-reqcert", "Nldap-tls-reqcert.",	&server_universe, 63 },
	{ "ldap-tls-ca-file", "t",			&server_universe, 64 },
	{ "ldap-tls-ca-dir", "t",			&server_universe, 65 },
	{ "ldap-tls-cert", "t",				&server_universe, 66 },
	{ "ldap-tls-key", "t",				&server_universe, 67 },
	{ "ldap-tls-crlcheck", "Nldap-tls-crlcheck.",	&server_universe, 68 },
	{ "ldap-tls-ciphers", "t",			&server_universe, 69 },
	{ "ldap-tls-randfile", "t",			&server_universe, 70 },
#else
	{ "unknown-62", "X",			&server_universe, 62 },
	{ "unknown-63", "X",			&server_universe, 63 },
	{ "unknown-64", "X",			&server_universe, 64 },
	{ "unknown-65", "X",			&server_universe, 65 },
	{ "unknown-66", "X",			&server_universe, 66 },
	{ "unknown-67", "X",			&server_universe, 67 },
	{ "unknown-68", "X",			&server_universe, 68 },
	{ "unknown-69", "X",			&server_universe, 69 },
	{ "unknown-70", "X",			&server_universe, 70 },
#endif
#else
	{ "unknown-53", "X",			&server_universe, 53 },
	{ "unknown-54", "X",			&server_universe, 54 },
	{ "unknown-55", "X",			&server_universe, 55 },
	{ "unknown-56", "X",			&server_universe, 56 },
	{ "unknown-57", "X",			&server_universe, 57 },
	{ "unknown-58", "X",			&server_universe, 58 },
	{ "unknown-59", "X",			&server_universe, 59 },
	{ "unknown-60", "X",			&server_universe, 60 },
	{ "unknown-61", "X",			&server_universe, 61 },
#endif
	{ NULL, NULL, NULL, 0, 0 }
};

#if defined(LDAP_CONFIGURATION)
struct enumeration_value ldap_values [] = {
	{ "static", LDAP_METHOD_STATIC },
	{ "dynamic", LDAP_METHOD_DYNAMIC },
	{ (char *) 0, 0 }
};

struct enumeration ldap_methods = {
	(struct enumeration *)0,
	"ldap-methods",
	ldap_values
};

#if defined(USE_SSL)
struct enumeration_value ldap_ssl_usage_values [] = {
	{ "off", LDAP_SSL_OFF },
	{ "on",LDAP_SSL_ON },
	{ "ldaps", LDAP_SSL_LDAPS },
	{ "start_tls", LDAP_SSL_TLS },
	{ (char *) 0, 0 }
};

struct enumeration ldap_ssl_usage_enum = {
	(struct enumeration *)0,
	"ldap-ssl-usage",
	ldap_ssl_usage_values
};

struct enumeration_value ldap_tls_reqcert_values [] = {
	{ "never", LDAP_OPT_X_TLS_NEVER },
	{ "hard", LDAP_OPT_X_TLS_HARD  },
	{ "demand", LDAP_OPT_X_TLS_DEMAND},
	{ "allow", LDAP_OPT_X_TLS_ALLOW },
	{ "try", LDAP_OPT_X_TLS_TRY   },
	{ (char *) 0, 0 }
};
struct enumeration ldap_tls_reqcert_enum = {
	(struct enumeration *)0,
	"ldap-tls-reqcert",
	ldap_tls_reqcert_values
};

struct enumeration_value ldap_tls_crlcheck_values [] = {
	{ "none", LDAP_OPT_X_TLS_CRL_NONE},
	{ "peer", LDAP_OPT_X_TLS_CRL_PEER},
	{ "all",  LDAP_OPT_X_TLS_CRL_ALL },
	{ (char *) 0, 0 }
};
struct enumeration ldap_tls_crlcheck_enum = {
	(struct enumeration *)0,
	"ldap-tls-crlcheck",
	ldap_tls_crlcheck_values
};
#endif
#endif

struct enumeration_value ddns_styles_values [] = {
	{ "none", 0 },
	{ "ad-hoc", 1 },

Lines 1-2 Link Here

(-)old/site.conf (+4 lines)
1	# Put local site configuration stuff here to override the default	1	# Put local site configuration stuff here to override the default
2	# settings in Makefile.conf	2	# settings in Makefile.conf
		3
		4	LDAPLIB = -lldap
		5
		6	SSLLIB = -lcrypto -lssl

Return to bug 26309

Lines 195-197 Link Here

(-)dhcp-3.1.3/includes/site.h.ldap (+13 lines)
195	traces. */	195	traces. */
196		196
197	#define TRACING	197	#define TRACING
		198
		199	/* Define this if you want to read your config from LDAP. Read README.ldap
		200	about how to set this up */
		201
		202	#define LDAP_CONFIGURATION
		203
		204	/* Define this if you want to enable LDAP over a SSL connection. You will need
		205	to add -lcrypto -lssl to the LIBS= line of server/Makefile */
		206
		207	#define USE_SSL
		208
		209	#define _PATH_DHCPD_DB "/state/dhcpd.leases"
		210	#define _PATH_DHCLIENT_DB "/var/lib//var/lib/dhcp/dhclient/state/dhclient.leases"

Lines 23-34 Link Here

(-)dhcp-3.1.3/dst/Makefile.dist.ldap (-2 / +8 lines)
23		23
24	SRC = dst_support.c dst_api.c hmac_link.c md5_dgst.c base64.c prandom.c	24	SRC = dst_support.c dst_api.c hmac_link.c md5_dgst.c base64.c prandom.c
25	OBJ = dst_support.o dst_api.o hmac_link.o md5_dgst.o base64.o prandom.o	25	OBJ = dst_support.o dst_api.o hmac_link.o md5_dgst.o base64.o prandom.o
		26	OBJ_NM5= dst_support.o dst_api.o hmac_link.o base64.o prandom.o
26	HDRS = dst_internal.h md5.h md5_locl.h	27	HDRS = dst_internal.h md5.h md5_locl.h
27		28
28	INCLUDES = $(BINDINC) -I$(TOP)/includes	29	INCLUDES = $(BINDINC) -I$(TOP)/includes
29	CFLAGS = $(DEBUG) $(PREDEFINES) $(INCLUDES) $(COPTS) -DHMAC_MD5 -DMINIRES_LIB	30	CFLAGS = $(DEBUG) $(PREDEFINES) $(INCLUDES) $(COPTS) -DHMAC_MD5 -DMINIRES_LIB
30		31
31	all: libdst.a	32	all: libdst.a libdst-nomd5.a
32		33
33	install:	34	install:
34		35
Lines 37-47 libdst.a: $(OBJ) Link Here
37	ar cruv libdst.a $(OBJ)	38	ar cruv libdst.a $(OBJ)
38	$(RANLIB) libdst.a	39	$(RANLIB) libdst.a
39		40
		41	libdst-nomd5.a: $(OBJ_NM5)
		42	rm -f libdst-nomd5.a
		43	ar cruv libdst-nomd5.a $(OBJ_NM5)
		44	$(RANLIB) libdst-nomd5.a
		45
40	depend:	46	depend:
41	$(MKDEP) $(INCLUDES) $(PREDEFINES) $(SRC)	47	$(MKDEP) $(INCLUDES) $(PREDEFINES) $(SRC)
42		48
43	clean:	49	clean:
44	-rm -f $(OBJ) libdst.a	50	-rm -f $(OBJ) libdst.a libdst-nomd5.a
45		51
46	realclean: clean	52	realclean: clean
47	-rm -f *~ $(CATMANPAGES) $(SEDMANPAGES)	53	-rm -f *~ $(CATMANPAGES) $(SEDMANPAGES)

Line 0 Link Here

(-)dhcp-3.1.3/includes/ldap_casa.h.ldap (+83 lines)
		1	/* ldap_casa.h
		2
		3	Definition for CASA modules... */
		4
		5	/* Copyright (c) 2004 Internet Systems Consorium, Inc. ("ISC")
		6	* Copyright (c) 1995-2003 Internet Software Consortium.
		7	* Copyright (c) 2006 Novell, Inc.
		8
		9	* All rights reserved.
		10	* Redistribution and use in source and binary forms, with or without
		11	* modification, are permitted provided that the following conditions are met:
		12	* 1.Redistributions of source code must retain the above copyright notice,
		13	* this list of conditions and the following disclaimer.
		14	* 2.Redistributions in binary form must reproduce the above copyright notice,
		15	* this list of conditions and the following disclaimer in the documentation
		16	* and/or other materials provided with the distribution.
		17	* 3.Neither the name of ISC, ISC DHCP, nor the names of its contributors
		18	* may be used to endorse or promote products derived from this software
		19	* without specific prior written permission.
		20
		21	* THIS SOFTWARE IS PROVIDED BY INTERNET SYSTEMS CONSORTIUM AND CONTRIBUTORS
		22	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
		23	* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
		24	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ISC OR CONTRIBUTORS BE LIABLE
		25	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
		26	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
		27	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
		28	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
		29	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
		30	* ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
		31	* POSSIBILITY OF SUCH DAMAGE.
		32
		33	* This file was written by S Kalyanasundaram <skalyanasundaram@novell.com>
		34	*/
		35
		36	#if defined(LDAP_CASA_AUTH)
		37	#ifndef __LDAP_CASA_H__
		38	#define __LDAP_CASA_H__
		39
		40	#include <micasa_mgmd.h>
		41	#include <dlfcn.h>
		42	#include <string.h>
		43
		44	#define MICASA_LIB "libmicasa.so.1"
		45
		46	SSCS_TYPEDEF_LIBCALL(int, CASA_GetCredential_T)
		47	(
		48	uint32_t ssFlags,
		49	SSCS_SECRET_ID_T *appSecretID,
		50	SSCS_SECRET_ID_T *sharedSecretID,
		51	uint32_t *credentialType,
		52	void *credential,
		53	SSCS_EXT_T *ext
		54	);
		55	SSCS_TYPEDEF_LIBCALL(int, CASA_SetCredential_T)
		56	(
		57	uint32_t ssFlags,
		58	SSCS_SECRET_ID_T *appSecretID,
		59	SSCS_SECRET_ID_T *sharedSecretID,
		60	uint32_t credentialType,
		61	void *credential,
		62	SSCS_EXT_T *ext
		63	);
		64
65	SSCS_TYPEDEF_LIBCALL(int, CASA_RemoveCredential_T)
66	(
67	uint32_t ssFlags,
68	SSCS_SECRET_ID_T *appSecretID,
69	SSCS_SECRET_ID_T *sharedSecretID,
70	SSCS_EXT_T *ext
71	);
72	static CASA_GetCredential_T p_miCASAGetCredential = NULL;
73	static CASA_SetCredential_T p_miCASASetCredential = NULL;
74	static CASA_RemoveCredential_T p_miCASARemoveCredential = NULL;
75	static void *casaIDK = NULL;
76
77	int load_casa(void);
78	static void release_casa(void);
79	int load_uname_pwd_from_miCASA(char , char );
80
81	#endif /* __LDAP_CASA_H__ */
82	#endif /* LDAP_CASA_AUTH */
83

Lines 25-38 Link Here

(-)dhcp-3.1.3/server/Makefile.dist.ldap (-4 / +4 lines)
25	CATMANPAGES = dhcpd.cat8 dhcpd.conf.cat5 dhcpd.leases.cat5	25	CATMANPAGES = dhcpd.cat8 dhcpd.conf.cat5 dhcpd.leases.cat5
26	SEDMANPAGES = dhcpd.man8 dhcpd.conf.man5 dhcpd.leases.man5	26	SEDMANPAGES = dhcpd.man8 dhcpd.conf.man5 dhcpd.leases.man5
27	SRCS = dhcpd.c dhcp.c bootp.c confpars.c db.c class.c failover.c \	27	SRCS = dhcpd.c dhcp.c bootp.c confpars.c db.c class.c failover.c \
28	omapi.c mdb.c stables.c salloc.c ddns.c dhcpleasequery.c	28	omapi.c mdb.c stables.c salloc.c ddns.c dhcpleasequery.c ldap.c ldap_casa.c
29	OBJS = dhcpd.o dhcp.o bootp.o confpars.o db.o class.o failover.o \	29	OBJS = dhcpd.o dhcp.o bootp.o confpars.o db.o class.o failover.o \
30	omapi.o mdb.o stables.o salloc.o ddns.o dhcpleasequery.o	30	omapi.o mdb.o stables.o salloc.o ddns.o dhcpleasequery.o ldap.o ldap_casa.o
31	PROG = dhcpd	31	PROG = dhcpd
32	MAN = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5	32	MAN = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5
33		33
34	INCLUDES = -I$(TOP) $(BINDINC) -I$(TOP)/includes	34	INCLUDES = -I$(TOP) $(BINDINC) -I$(TOP)/includes
35	DHCPLIB = ../common/libdhcp.a $(BINDLIB) ../omapip/libomapi.a ../dst/libdst.a	35	DHCPLIB = ../common/libdhcp.a $(BINDLIB) ../omapip/libomapi.a ../dst/libdst-nomd5.a
36	CFLAGS = $(DEBUG) $(PREDEFINES) $(INCLUDES) $(COPTS)	36	CFLAGS = $(DEBUG) $(PREDEFINES) $(INCLUDES) $(COPTS)
37		37
38	all: $(PROG) $(CATMANPAGES)	38	all: $(PROG) $(CATMANPAGES)
Lines 106-111 dhcpd.leases.man5: dhcpd.leases.5 Link Here
106	-e "s#RUNDIR#$(VARRUN)#g" < dhcpd.leases.5 >dhcpd.leases.man5	106	-e "s#RUNDIR#$(VARRUN)#g" < dhcpd.leases.5 >dhcpd.leases.man5
107		107
108	dhcpd: $(OBJS) $(COBJ) $(DHCPLIB)	108	dhcpd: $(OBJS) $(COBJ) $(DHCPLIB)
109	$(CC) -pie $(LFLAGS) -o dhcpd $(OBJS) $(DHCPLIB) $(LIBS) -lcap	109	$(CC) -pie $(LFLAGS) -o dhcpd $(OBJS) $(DHCPLIB) $(LIBS) $(LDAPLIB) $(SSLLIB) -lcap
110		110
111	# Dependencies (semi-automatically-generated)	111	# Dependencies (semi-automatically-generated)

Lines 90-95 int check_collection (packet, lease, col Link Here

(-)dhcp-3.1.3/server/class.c.ldap (-3 / +10 lines)
90	int matched = 0;	90	int matched = 0;
91	int status;	91	int status;
92	int ignorep;	92	int ignorep;
		93	int classfound;
93		94
94	for (class = collection -> classes; class; class = class -> nic) {	95	for (class = collection -> classes; class; class = class -> nic) {
95	#if defined (DEBUG_CLASS_MATCHING)	96	#if defined (DEBUG_CLASS_MATCHING)
Lines 135-143 int check_collection (packet, lease, col Link Here
135	class -> submatch, MDL));	136	class -> submatch, MDL));
136	if (status && data.len) {	137	if (status && data.len) {
137	nc = (struct class *)0;	138	nc = (struct class *)0;
138	if (class_hash_lookup (&nc, class -> hash,	139	classfound = class_hash_lookup (&nc, class -> hash,
139	(const char *)data.data,	140	(const char *)data.data, data.len, MDL);
140	data.len, MDL)) {	141
		142	#ifdef LDAP_CONFIGURATION
		143	if (!classfound && find_subclass_in_ldap (class, &nc, &data))
		144	classfound = 1;
		145	#endif
		146
		147	if (classfound) {
141	#if defined (DEBUG_CLASS_MATCHING)	148	#if defined (DEBUG_CLASS_MATCHING)
142	log_info ("matches subclass %s.",	149	log_info ("matches subclass %s.",
143	print_hex_1 (data.len,	150	print_hex_1 (data.len,

Lines 63-69 void parse_trace_setup () Link Here

(-)dhcp-3.1.3/server/confpars.c.ldap (-1 / +11 lines)
63		63
64	isc_result_t readconf ()	64	isc_result_t readconf ()
65	{	65	{
66	return read_conf_file (path_dhcpd_conf, root_group, ROOT_GROUP, 0);	66	isc_result_t res;
		67
		68	res = read_conf_file (path_dhcpd_conf, root_group, ROOT_GROUP, 0);
		69	#if defined(LDAP_CONFIGURATION)
		70	if (res != ISC_R_SUCCESS)
		71	return (res);
		72
		73	return ldap_read_config ();
		74	#else
		75	return (res);
		76	#endif
67	}	77	}
68		78
69	isc_result_t read_conf_file (const char filename, struct group group,	79	isc_result_t read_conf_file (const char filename, struct group group,

Line 0 Link Here

(-)dhcp-3.1.3/server/ldap_casa.c.ldap (+138 lines)
		1	/* ldap_casa.c
		2
		3	CASA routines for DHCPD... */
		4
		5	/* Copyright (c) 2004 Internet Systems Consorium, Inc. ("ISC")
		6	* Copyright (c) 1995-2003 Internet Software Consortium.
		7	* Copyright (c) 2006 Novell, Inc.
		8
		9	* All rights reserved.
		10	* Redistribution and use in source and binary forms, with or without
		11	* modification, are permitted provided that the following conditions are met:
		12	* 1.Redistributions of source code must retain the above copyright notice,
		13	* this list of conditions and the following disclaimer.
		14	* 2.Redistributions in binary form must reproduce the above copyright notice,
		15	* this list of conditions and the following disclaimer in the documentation
		16	* and/or other materials provided with the distribution.
		17	* 3.Neither the name of ISC, ISC DHCP, nor the names of its contributors
		18	* may be used to endorse or promote products derived from this software
		19	* without specific prior written permission.
		20
		21	* THIS SOFTWARE IS PROVIDED BY INTERNET SYSTEMS CONSORTIUM AND CONTRIBUTORS
		22	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
		23	* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
		24	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ISC OR CONTRIBUTORS BE LIABLE
		25	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
		26	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
		27	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
		28	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
		29	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
		30	* ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
		31	* POSSIBILITY OF SUCH DAMAGE.
		32
		33	* This file was written by S Kalyanasundaram <skalyanasundaram@novell.com>
		34	*/
		35
		36	#if defined(LDAP_CASA_AUTH)
		37	#include "ldap_casa.h"
		38	#include "dhcpd.h"
		39
		40	int
		41	load_casa (void)
		42	{
		43	if( !(casaIDK = dlopen(MICASA_LIB,RTLD_LAZY)))
		44	return 0;
		45	p_miCASAGetCredential = (CASA_GetCredential_T) dlsym(casaIDK, "miCASAGetCredential");
		46	p_miCASASetCredential = (CASA_SetCredential_T) dlsym(casaIDK, "miCASASetCredential");
		47	p_miCASARemoveCredential = (CASA_RemoveCredential_T) dlsym(casaIDK, "miCASARemoveCredential");
		48
		49	if((p_miCASAGetCredential == NULL) \|\|
		50	(p_miCASASetCredential == NULL) \|\|
		51	(p_miCASARemoveCredential == NULL))
		52	{
		53	if(casaIDK)
		54	dlclose(casaIDK);
		55	casaIDK = NULL;
		56	p_miCASAGetCredential = NULL;
		57	p_miCASASetCredential = NULL;
		58	p_miCASARemoveCredential = NULL;
		59	return 0;
		60	}
		61	else
		62	return 1;
		63	}
		64
65	static void
66	release_casa(void)
67	{
68	if(casaIDK)
69	{
70	dlclose(casaIDK);
71	casaIDK = NULL;
72	}
73
74	p_miCASAGetCredential = NULL;
75	p_miCASASetCredential = NULL;
76	p_miCASARemoveCredential = NULL;
77
78	}
79
80	int
81	load_uname_pwd_from_miCASA (char ldap_username, char ldap_password)
82	{
83	int result = 0;
84	uint32_t credentialtype = SSCS_CRED_TYPE_SERVER_F;
85	SSCS_BASIC_CREDENTIAL credential;
86	SSCS_SECRET_ID_T applicationSecretId;
87	char *tempVar = NULL;
88
89	const char applicationName[10] = "dhcp-ldap";
90
91	if ( load_casa() )
92	{
93	memset(&credential, 0, sizeof(SSCS_BASIC_CREDENTIAL));
94	memset(&applicationSecretId, 0, sizeof(SSCS_SECRET_ID_T));
95
96	applicationSecretId.len = strlen(applicationName) + 1;
97	memcpy (applicationSecretId.id, applicationName, applicationSecretId.len);
98
99	credential.unFlags = USERNAME_TYPE_CN_F;
100
101	result = p_miCASAGetCredential (0,
102	&applicationSecretId,NULL,&credentialtype,
103	&credential,NULL);
104
105	if(credential.unLen)
106	{
107	tempVar = dmalloc (credential.unLen + 1, MDL);
108	if (!tempVar)
109	log_fatal ("no memory for ldap_username");
110	memcpy(tempVar , credential.username, credential.unLen);
111	*ldap_username = tempVar;
112
113	tempVar = dmalloc (credential.pwordLen + 1, MDL);
114	if (!tempVar)
115	log_fatal ("no memory for ldap_password");
116	memcpy(tempVar, credential.password, credential.pwordLen);
117	*ldap_password = tempVar;
118
119	#if defined (DEBUG_LDAP)
120	log_info ("Authentication credential taken from CASA");
121	#endif
122
123	release_casa();
124	return 1;
125
126	}
127	else
128	{
129	release_casa();
130	return 0;
131	}
132	}
133	else
134	return 0; //casa libraries not loaded
135	}
136
137	#endif /* LDAP_CASA_AUTH */
138

Lines 238-246 static struct option server_options[] = Link Here

(-)dhcp-3.1.3/server/stables.c.ldap (+98 lines)
238	{ "adaptive-lease-time-threshold", "B", &server_universe, 50, 1 },	238	{ "adaptive-lease-time-threshold", "B", &server_universe, 50, 1 },
239	{ "do-reverse-updates", "f", &server_universe, 51, 1 },	239	{ "do-reverse-updates", "f", &server_universe, 51, 1 },
240	{ "fqdn-reply", "f", &server_universe, 52, 1 },	240	{ "fqdn-reply", "f", &server_universe, 52, 1 },
		241	#if defined(LDAP_CONFIGURATION)
		242	{ "ldap-server", "t", &server_universe, 53 },
		243	{ "ldap-port", "d", &server_universe, 54 },
		244	{ "ldap-username", "t", &server_universe, 55 },
		245	{ "ldap-password", "t", &server_universe, 56 },
		246	{ "ldap-base-dn", "t", &server_universe, 57 },
		247	{ "ldap-method", "Nldap-methods.", &server_universe, 58 },
		248	{ "ldap-debug-file", "t", &server_universe, 59 },
		249	{ "ldap-dhcp-server-cn", "t", &server_universe, 60 },
		250	{ "ldap-referrals", "f", &server_universe, 61 },
		251	#if defined(USE_SSL)
		252	{ "ldap-ssl", "Nldap-ssl-usage.", &server_universe, 62 },
		253	{ "ldap-tls-reqcert", "Nldap-tls-reqcert.", &server_universe, 63 },
		254	{ "ldap-tls-ca-file", "t", &server_universe, 64 },
		255	{ "ldap-tls-ca-dir", "t", &server_universe, 65 },
		256	{ "ldap-tls-cert", "t", &server_universe, 66 },
		257	{ "ldap-tls-key", "t", &server_universe, 67 },
		258	{ "ldap-tls-crlcheck", "Nldap-tls-crlcheck.", &server_universe, 68 },
		259	{ "ldap-tls-ciphers", "t", &server_universe, 69 },
		260	{ "ldap-tls-randfile", "t", &server_universe, 70 },
		261	#else
		262	{ "unknown-62", "X", &server_universe, 62 },
		263	{ "unknown-63", "X", &server_universe, 63 },
		264	{ "unknown-64", "X", &server_universe, 64 },
		265	{ "unknown-65", "X", &server_universe, 65 },
		266	{ "unknown-66", "X", &server_universe, 66 },
		267	{ "unknown-67", "X", &server_universe, 67 },
		268	{ "unknown-68", "X", &server_universe, 68 },
		269	{ "unknown-69", "X", &server_universe, 69 },
		270	{ "unknown-70", "X", &server_universe, 70 },
		271	#endif
		272	#else
		273	{ "unknown-53", "X", &server_universe, 53 },
		274	{ "unknown-54", "X", &server_universe, 54 },
		275	{ "unknown-55", "X", &server_universe, 55 },
		276	{ "unknown-56", "X", &server_universe, 56 },
		277	{ "unknown-57", "X", &server_universe, 57 },
		278	{ "unknown-58", "X", &server_universe, 58 },
		279	{ "unknown-59", "X", &server_universe, 59 },
		280	{ "unknown-60", "X", &server_universe, 60 },
		281	{ "unknown-61", "X", &server_universe, 61 },
		282	#endif
241	{ NULL, NULL, NULL, 0, 0 }	283	{ NULL, NULL, NULL, 0, 0 }
242	};	284	};
243		285
		286	#if defined(LDAP_CONFIGURATION)
		287	struct enumeration_value ldap_values [] = {
		288	{ "static", LDAP_METHOD_STATIC },
		289	{ "dynamic", LDAP_METHOD_DYNAMIC },
		290	{ (char *) 0, 0 }
		291	};
		292
		293	struct enumeration ldap_methods = {
		294	(struct enumeration *)0,
		295	"ldap-methods",
		296	ldap_values
		297	};
		298
		299	#if defined(USE_SSL)
		300	struct enumeration_value ldap_ssl_usage_values [] = {
		301	{ "off", LDAP_SSL_OFF },
		302	{ "on",LDAP_SSL_ON },
		303	{ "ldaps", LDAP_SSL_LDAPS },
		304	{ "start_tls", LDAP_SSL_TLS },
		305	{ (char *) 0, 0 }
		306	};
		307
		308	struct enumeration ldap_ssl_usage_enum = {
		309	(struct enumeration *)0,
		310	"ldap-ssl-usage",
		311	ldap_ssl_usage_values
		312	};
		313
		314	struct enumeration_value ldap_tls_reqcert_values [] = {
		315	{ "never", LDAP_OPT_X_TLS_NEVER },
		316	{ "hard", LDAP_OPT_X_TLS_HARD },
		317	{ "demand", LDAP_OPT_X_TLS_DEMAND},
		318	{ "allow", LDAP_OPT_X_TLS_ALLOW },
		319	{ "try", LDAP_OPT_X_TLS_TRY },
		320	{ (char *) 0, 0 }
		321	};
		322	struct enumeration ldap_tls_reqcert_enum = {
		323	(struct enumeration *)0,
		324	"ldap-tls-reqcert",
		325	ldap_tls_reqcert_values
		326	};
		327
		328	struct enumeration_value ldap_tls_crlcheck_values [] = {
		329	{ "none", LDAP_OPT_X_TLS_CRL_NONE},
		330	{ "peer", LDAP_OPT_X_TLS_CRL_PEER},
		331	{ "all", LDAP_OPT_X_TLS_CRL_ALL },
		332	{ (char *) 0, 0 }
		333	};
		334	struct enumeration ldap_tls_crlcheck_enum = {
		335	(struct enumeration *)0,
		336	"ldap-tls-crlcheck",
		337	ldap_tls_crlcheck_values
		338	};
		339	#endif
		340	#endif
		341
244	struct enumeration_value ddns_styles_values [] = {	342	struct enumeration_value ddns_styles_values [] = {
245	{ "none", 0 },	343	{ "none", 0 },
246	{ "ad-hoc", 1 },	344	{ "ad-hoc", 1 },