upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-04-22 15:06:56 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'its6462' into 'master'

Browse source 
ITS#6462 Add ldap_domain2hostlist_proto and users

See merge request openldap/openldap!855
This commit is contained in:
Ondřej Kuzník 2026-04-10 14:01:07 +00:00
commit 38de851329
6 changed files with 140 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
clients/tools/common.c
View file

@ -1269,7 +1269,7 @@ tool_conn_setup( int dont, void (*private_setup)( LDAP * ) )
goto dnssrv_free;
}
rc = ldap_domain2hostlist( domain, &hostlist );
rc = ldap_domain2hostlist_proto( domain, &hostlist, lud->lud_scheme );
if ( rc ) {
fprintf( stderr,
"DNS SRV: Could not turn "

6
include/ldap.h
View file

@ -1111,6 +1111,12 @@ ldap_domain2hostlist LDAP_P((
LDAP_CONST char *domain,
char** hostlist ));
LDAP_F( int )
ldap_domain2hostlist_proto LDAP_P((
LDAP_CONST char *domain,
char** hostlist,
char* proto ));
/*
* in extended.c:
*/

22
libraries/libldap/dnssrv.c
View file

@ -256,6 +256,18 @@ static void srv_shuffle(srv_record *a, int n) {
int ldap_domain2hostlist(
LDAP_CONST char *domain,
char **list )
{
return ldap_domain2hostlist_proto( domain, list, "ldap" );
}
/*
* Lookup and return LDAP servers for domain (using the DNS
* SRV record _<proto>._tcp.domain).
*/
int ldap_domain2hostlist_proto(
LDAP_CONST char *domain,
char **list,
char *proto )
{
#ifdef HAVE_RES_QUERY
char *request;
@ -272,11 +284,17 @@ int ldap_domain2hostlist(
return LDAP_PARAM_ERROR;
}
request = LDAP_MALLOC(strlen(domain) + sizeof("_ldap._tcp."));
len = strlen(proto);
if ( len < 4 || len > 5 || strncmp( proto, "ldap", 4 ) ||
( len == 5 && proto[4] != 's' ) ) {
return LDAP_PARAM_ERROR;
}
request = LDAP_MALLOC(strlen(domain) + len + sizeof("_._tcp."));
if (request == NULL) {
return LDAP_NO_MEMORY;
}
sprintf(request, "_ldap._tcp.%s", domain);
sprintf(request, "_%s._tcp.%s", proto, domain);
LDAP_MUTEX_LOCK(&ldap_int_resolv_mutex);

5
libraries/libldap/ldap.map.in
View file

@ -604,3 +604,8 @@ OPENLDAP_2.200
*;
};
OPENLDAP_2.201
{
global:
ldap_domain2hostlist_proto;
} OPENLDAP_2.200;

58
servers/slapd/back-dnssrv/referral.c
View file

@ -72,10 +72,12 @@ dnssrv_back_referrals(
Debug( LDAP_DEBUG_TRACE, "DNSSRV: dn=\"%s\" -> domain=\"%s\"\n",
op->o_req_dn.bv_val, domain );
i = ldap_domain2hostlist( domain, &hostlist );
if ( i ) {
i = ldap_domain2hostlist_proto( domain, &hostlist, "ldaps" );
if ( i == LDAP_UNAVAILABLE ) {
goto do_ldap;
} else if ( i ) {
Debug( LDAP_DEBUG_TRACE,
"DNSSRV: domain2hostlist(%s) returned %d\n",
"DNSSRV: domain2hostlist(%s, \"ldaps\") returned %d\n",
domain, i );
rs->sr_text = "no DNS SRV RR available for DN";
rc = LDAP_NO_SUCH_OBJECT;
@ -90,6 +92,54 @@ dnssrv_back_referrals(
goto done;
}
for( i=0; hosts[i] != NULL; i++) {
struct berval url;
url.bv_len = STRLENOF( "ldaps://" ) + strlen( hosts[i] );
url.bv_val = ch_malloc( url.bv_len + 1 );
strcpy( url.bv_val, "ldaps://" );
strcpy( &url.bv_val[STRLENOF( "ldaps://" )], hosts[i] );
if ( ber_bvarray_add( &urls, &url ) < 0 ) {
free( url.bv_val );
rs->sr_text = "problem processing DNS SRV records for DN";
goto done;
}
}
do_ldap:
if ( hosts != NULL ) {
ldap_charray_free( hosts );
hosts = NULL;
}
if ( hostlist != NULL ) {
ch_free( hostlist );
hostlist = NULL;
}
i = ldap_domain2hostlist_proto( domain, &hostlist, "ldap" );
if ( i == LDAP_UNAVAILABLE && urls ) {
/* Allow if no _ldap._tcp but we have some ldaps urls */
goto success;
} else if ( i ) {
Debug( LDAP_DEBUG_TRACE,
"DNSSRV: domain2hostlist(%s, \"ldap\") returned %d\n",
domain, i );
rs->sr_text = "no DNS SRV RR available for DN";
rc = LDAP_NO_SUCH_OBJECT;
goto done;
}
hosts = ldap_str2charray( hostlist, " " );
if( hosts == NULL ) {
Debug( LDAP_DEBUG_TRACE, "DNSSRV: str2charray error\n" );
rs->sr_text = "problem processing DNS SRV records for DN";
rc = LDAP_OTHER;
goto done;
}
for( i=0; hosts[i] != NULL; i++) {
struct berval url;
@ -102,10 +152,12 @@ dnssrv_back_referrals(
if ( ber_bvarray_add( &urls, &url ) < 0 ) {
free( url.bv_val );
rs->sr_text = "problem processing DNS SRV records for DN";
rc = LDAP_OTHER;
goto done;
}
}
success:
Debug( LDAP_DEBUG_STATS,
"%s DNSSRV p=%d dn=\"%s\" url=\"%s\"\n",
op->o_log_prefix, op->o_protocol,

54
servers/slapd/back-dnssrv/search.c
View file

@ -82,7 +82,10 @@ dnssrv_back_search(
Debug( LDAP_DEBUG_TRACE, "DNSSRV: dn=\"%s\" -> domain=\"%s\"\n",
op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "", domain );
if( ( rc = ldap_domain2hostlist( domain, &hostlist ) ) ) {
rc = ldap_domain2hostlist_proto( domain, &hostlist, "ldaps" );
if ( rc == LDAP_UNAVAILABLE ) {
goto do_ldap;
} else if ( rc ) {
Debug( LDAP_DEBUG_TRACE, "DNSSRV: domain2hostlist returned %d\n",
rc );
send_ldap_error( op, rs, LDAP_NO_SUCH_OBJECT,
@ -116,6 +119,55 @@ dnssrv_back_search(
}
}
do_ldap:
if ( hosts != NULL ) {
ldap_charray_free( hosts );
hosts = NULL;
}
if ( hostlist != NULL ) {
ch_free( hostlist );
hostlist = NULL;
}
rc = ldap_domain2hostlist_proto( domain, &hostlist, "ldap" );
if ( rc == LDAP_UNAVAILABLE && urls ) {
/* Allow if no _ldap._tcp but we have some ldaps urls */
goto success;
} else if ( rc ) {
Debug( LDAP_DEBUG_TRACE, "DNSSRV: domain2hostlist returned %d\n",
rc );
send_ldap_error( op, rs, LDAP_NO_SUCH_OBJECT,
"no DNS SRV RR available for DN" );
goto done;
}
hosts = ldap_str2charray( hostlist, " " );
if( hosts == NULL ) {
Debug( LDAP_DEBUG_TRACE, "DNSSRV: str2charray error\n" );
send_ldap_error( op, rs, LDAP_OTHER,
"problem processing DNS SRV records for DN" );
goto done;
}
for( i=0; hosts[i] != NULL; i++) {
struct berval url;
url.bv_len = STRLENOF( "ldap://" ) + strlen(hosts[i]);
url.bv_val = ch_malloc( url.bv_len + 1 );
strcpy( url.bv_val, "ldap://" );
strcpy( &url.bv_val[STRLENOF( "ldap://" )], hosts[i] );
if( ber_bvarray_add( &urls, &url ) < 0 ) {
free( url.bv_val );
send_ldap_error( op, rs, LDAP_OTHER,
"problem processing DNS SRV records for DN" );
goto done;
}
}
success:
Debug( LDAP_DEBUG_STATS,
"%s DNSSRV p=%d dn=\"%s\" url=\"%s\"\n",
op->o_log_prefix, op->o_protocol,