Commit 1af849c7 authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

DNSSRV use res_query, not res_search

Update configure and depend --enable-dnssrv upon finding res_query
Update back-dnssrv to better handle ManageDSAit control
parent 1aa4b07c
This diff is collapsed.
......@@ -788,27 +788,35 @@ fi
dnl ----------------------------------------------------------------
dnl Check for resolver routines
AC_CHECK_FUNC(res_search,:)
if test $ac_cv_func_res_search = no ; then
AC_CHECK_LIB(bind, res_search)
ac_cv_func_res_search=$ac_cv_lib_bind_res_search
ol_link_dnssrv=no
AC_CHECK_FUNC(res_query,:)
if test $ac_cv_func_res_query = no ; then
AC_CHECK_LIB(bind, res_query)
ac_cv_func_res_query=$ac_cv_lib_bind_res_query
fi
if test $ac_cv_func_res_search = no ; then
AC_CHECK_LIB(bind, __res_search)
ac_cv_func_res_search=$ac_cv_lib_bind___res_search
if test $ac_cv_func_res_query = no ; then
AC_CHECK_LIB(bind, __res_query)
ac_cv_func_res_query=$ac_cv_lib_bind___res_query
fi
if test $ac_cv_func_res_search = no ; then
AC_CHECK_LIB(resolv, res_search)
ac_cv_func_res_search=$ac_cv_lib_resolv_res_search
if test $ac_cv_func_res_query = no ; then
AC_CHECK_LIB(resolv, res_query)
ac_cv_func_res_query=$ac_cv_lib_resolv_res_query
fi
if test "$ac_cv_func_res_search" = yes ; then
AC_DEFINE(HAVE_RES_SEARCH,1,
[define if you have res_search()])
if test "$ac_cv_func_res_query" = yes ; then
AC_DEFINE(HAVE_RES_QUERY,1,
[define if you have res_query()])
if test $ol_enable_dnssrv != no ; then
ol_link_dnssrv=yes
fi
fi
if test "$ol_enable_dnssrv" = yes -a "$ol_link_dnssrv" = no ; then
AC_MSG_ERROR([DNSSRV requires res_query()])
fi
dnl ----------------------------------------------------------------
dnl QUIPU
......@@ -2199,7 +2207,7 @@ if test "$ol_link_bdb2" != no ; then
fi
fi
if test "$ol_enable_dnssrv" != no ; then
if test "$ol_link_dnssrv" != no ; then
AC_DEFINE(SLAPD_DNSSRV,1,[define to support DNS SRV backend])
BUILD_SLAPD=yes
BUILD_DNSSRV=yes
......
......@@ -614,8 +614,8 @@
/* define if you have winsock */
#undef HAVE_WINSOCK
/* define if you have res_search() */
#undef HAVE_RES_SEARCH
/* define if you have res_query() */
#undef HAVE_RES_QUERY
/* define if you have HEIMDAL Kerberos */
#undef HAVE_HEIMDAL_KERBEROS
......
......@@ -109,10 +109,13 @@ int ldap_dn2domain(
return -5;
}
if( domain == NULL ) ndomain[0] = '\0';
if( domain == NULL ) {
ndomain[0] = '\0';
} else {
strcat( ndomain, "." );
}
strcat( ndomain, dc );
strcat( ndomain, "." );
domain = ndomain;
continue;
......@@ -191,7 +194,7 @@ int ldap_domain2hostlist(
LDAP_CONST char *domain,
char **list )
{
#ifdef HAVE_RES_SEARCH
#ifdef HAVE_RES_QUERY
char *request;
char *dn;
char *hostlist = NULL;
......@@ -218,7 +221,7 @@ int ldap_domain2hostlist(
#endif
rc = LDAP_UNAVAILABLE;
len = res_search(request, C_IN, T_SRV, reply, sizeof(reply));
len = res_query(request, C_IN, T_SRV, reply, sizeof(reply));
if (len >= 0) {
unsigned char *p;
char host[1024];
......@@ -300,5 +303,5 @@ int ldap_domain2hostlist(
return rc;
#else
return LDAP_NOT_SUPPORTED;
#endif /* HAVE_RES_SEARCH */
#endif /* HAVE_RES_QUERY */
}
......@@ -288,10 +288,10 @@ struct ldap {
};
#define LDAP_VALID(ld) ( (ld)->ld_valid == LDAP_VALID_SESSION )
#if defined(HAVE_RES_SEARCH) && defined(LDAP_R_COMPILE)
#if defined(HAVE_RES_QUERY) && defined(LDAP_R_COMPILE)
#include <ldap_pvt_thread.h>
extern ldap_pvt_thread_mutex_t ldap_int_resolv_mutex;
#endif /* HAVE_RES_SEARCH && LDAP_R_COMPILE */
#endif /* HAVE_RES_QUERY && LDAP_R_COMPILE */
/*
* in init.c
......
......@@ -64,7 +64,7 @@
# ifndef HAVE_GETHOSTBYADDR_R
static ldap_pvt_thread_mutex_t ldap_int_gethostbyaddr_mutex;
# endif
# ifdef HAVE_RES_SEARCH
# ifdef HAVE_RES_QUERY
ldap_pvt_thread_mutex_t ldap_int_resolv_mutex;
# endif
#endif /* LDAP_R_COMPILE */
......@@ -277,7 +277,7 @@ void ldap_int_utils_init( void )
ldap_pvt_thread_mutex_init( &ldap_int_gethostbyaddr_mutex );
#endif
#ifdef HAVE_RES_SEARCH
#ifdef HAVE_RES_QUERY
ldap_pvt_thread_mutex_init( &ldap_int_resolv_mutex );
#endif
......
......@@ -245,7 +245,7 @@ all-cffiles: slapd
$(SED) -e 's;%SYSCONFDIR%;$(sysconfdir);' \
-e 's;%LOCALSTATEDIR%;$(localstatedir);' \
-e 's;%MODULEDIR%;$(moduledir);' \
$(srcdir)/$$cf > $$tmpcf ; \
< $(srcdir)/$$cf > $$tmpcf ; \
touch all-cffiles
install-schema: FORCE
......
......@@ -69,15 +69,15 @@ dnssrv_back_request(
}
for( i=0; hosts[i] != NULL; i++) {
struct berval *url = ch_malloc( sizeof( struct berval ) );
struct berval *url = ch_malloc( sizeof( struct berval ) );
url->bv_len = sizeof("ldap://") + strlen(hosts[i]);
url->bv_val = ch_malloc( url->bv_len );
url->bv_len = sizeof("ldap://")-1 + strlen(hosts[i]);
url->bv_val = ch_malloc( url->bv_len + 1 );
strcpy( url->bv_val, "ldap://" );
strcpy( &url->bv_val[sizeof("ldap://")-1], hosts[i] );
if( ber_bvecadd( &urls, url ) < 0) {
if( ber_bvecadd( &urls, url ) < 0 ) {
ber_bvfree( url );
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "problem processing DNS SRV records for DN",
......@@ -96,7 +96,33 @@ dnssrv_back_request(
urls[0]->bv_val );
if( manageDSAit ) {
if( op->o_tag != LDAP_REQ_SEARCH ) {
char *refdn, *nrefdn;
rc = ldap_domain2dn(domain, &refdn);
if( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "DNS SRV problem processing manageDSAit control",
NULL, NULL );
goto done;
}
nrefdn = ch_strdup( refdn );
dn_normalize(nrefdn);
if( strcmp( nrefdn, ndn ) != 0 ) {
/* requested dn is subordinate */
Debug( LDAP_DEBUG_TRACE,
"DNSSRV: dn=\"%s\" subordindate to refdn=\"%s\"\n",
dn == NULL ? "" : dn,
refdn == NULL ? "" : refdn,
NULL );
send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT,
refdn, NULL,
NULL, NULL );
} else if( op->o_tag != LDAP_REQ_SEARCH ) {
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
dn, "DNS SRV ManageDSAIT control disallowed",
NULL, NULL );
......@@ -202,6 +228,10 @@ dnssrv_back_request(
send_ldap_result( conn, op, LDAP_SUCCESS,
NULL, NULL, NULL, NULL );
}
free( refdn );
free( nrefdn );
} else {
send_ldap_result( conn, op, LDAP_REFERRAL,
NULL, "DNS SRV generated referrals", urls, NULL );
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment