2 Unix SMB/CIFS implementation.
4 bind9 dlz driver for Samba
6 Copyright (C) 2010 Andrew Tridgell
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "param/param.h"
25 #include "lib/events/events.h"
26 #include "dsdb/samdb/samdb.h"
27 #include "dsdb/common/util.h"
28 #include "auth/session.h"
29 #include "auth/gensec/gensec.h"
30 #include "gen_ndr/ndr_dnsp.h"
31 #include "lib/cmdline/popt_common.h"
32 #include "lib/cmdline/popt_credentials.h"
33 #include "ldb_module.h"
34 #include "dlz_minimal.h"
36 struct dlz_bind9_data {
37 struct ldb_context *samdb;
38 struct tevent_context *ev_ctx;
39 struct loadparm_context *lp;
40 bool transaction_started;
42 /* helper functions from the dlz_dlopen driver */
43 void (*log)(int level, const char *fmt, ...);
44 isc_result_t (*putrr)(dns_sdlzlookup_t *handle, const char *type,
45 dns_ttl_t ttl, const char *data);
46 isc_result_t (*putnamedrr)(dns_sdlzlookup_t *handle, const char *name,
47 const char *type, dns_ttl_t ttl, const char *data);
48 isc_result_t (*writeable_zone)(dns_view_t *view, const char *zone_name);
52 static const char *zone_prefixes[] = {
53 "CN=MicrosoftDNS,DC=DomainDnsZones",
54 "CN=MicrosoftDNS,DC=ForestDnsZones",
59 return the version of the API
61 _PUBLIC_ int dlz_version(unsigned int *flags)
63 return DLZ_DLOPEN_VERSION;
67 remember a helper function from the bind9 dlz_dlopen driver
69 static void b9_add_helper(struct dlz_bind9_data *state, const char *helper_name, void *ptr)
71 if (strcmp(helper_name, "log") == 0) {
74 if (strcmp(helper_name, "putrr") == 0) {
77 if (strcmp(helper_name, "putnamedrr") == 0) {
78 state->putnamedrr = ptr;
80 if (strcmp(helper_name, "writeable_zone") == 0) {
81 state->writeable_zone = ptr;
86 format a record for bind9
88 static bool b9_format(struct dlz_bind9_data *state,
90 struct dnsp_DnssrvRpcRecord *rec,
91 const char **type, const char **data)
96 *data = rec->data.ipv4;
101 *data = rec->data.ipv6;
106 *data = rec->data.cname;
111 *data = rec->data.txt;
116 *data = rec->data.ptr;
121 *data = talloc_asprintf(mem_ctx, "%u %u %u %s",
122 rec->data.srv.wPriority,
123 rec->data.srv.wWeight,
125 rec->data.srv.nameTarget);
130 *data = talloc_asprintf(mem_ctx, "%u %s",
131 rec->data.srv.wPriority,
132 rec->data.srv.nameTarget);
137 *data = talloc_asprintf(mem_ctx, "%s %s",
144 *data = rec->data.ns;
149 *data = talloc_asprintf(mem_ctx, "%s %s %u %u %u %u %u",
152 rec->data.soa.serial,
153 rec->data.soa.refresh,
155 rec->data.soa.expire,
156 rec->data.soa.minimum);
160 state->log(ISC_LOG_ERROR, "samba b9_putrr: unhandled record type %u",
169 parse a record from bind9
171 static bool b9_parse(struct dlz_bind9_data *state,
173 struct dnsp_DnssrvRpcRecord *rec,
174 const char **type, const char **data)
180 send a resource recond to bind9
182 static isc_result_t b9_putrr(struct dlz_bind9_data *state,
183 void *handle, struct dnsp_DnssrvRpcRecord *rec,
187 const char *type, *data;
188 TALLOC_CTX *tmp_ctx = talloc_new(state);
190 if (!b9_format(state, tmp_ctx, rec, &type, &data)) {
191 return ISC_R_FAILURE;
195 talloc_free(tmp_ctx);
196 return ISC_R_NOMEMORY;
201 for (i=0; types[i]; i++) {
202 if (strcmp(types[i], type) == 0) break;
204 if (types[i] == NULL) {
206 return ISC_R_SUCCESS;
210 result = state->putrr(handle, type, rec->dwTtlSeconds, data);
211 if (result != ISC_R_SUCCESS) {
212 state->log(ISC_LOG_ERROR, "Failed to put rr");
214 talloc_free(tmp_ctx);
220 send a named resource recond to bind9
222 static isc_result_t b9_putnamedrr(struct dlz_bind9_data *state,
223 void *handle, const char *name,
224 struct dnsp_DnssrvRpcRecord *rec)
227 const char *type, *data;
228 TALLOC_CTX *tmp_ctx = talloc_new(state);
230 if (!b9_format(state, tmp_ctx, rec, &type, &data)) {
231 return ISC_R_FAILURE;
235 talloc_free(tmp_ctx);
236 return ISC_R_NOMEMORY;
239 result = state->putnamedrr(handle, name, type, rec->dwTtlSeconds, data);
240 if (result != ISC_R_SUCCESS) {
241 state->log(ISC_LOG_ERROR, "Failed to put named rr '%s'", name);
243 talloc_free(tmp_ctx);
254 static isc_result_t parse_options(struct dlz_bind9_data *state,
255 unsigned int argc, char *argv[],
256 struct b9_options *options)
260 struct poptOption long_options[] = {
261 { "url", 'H', POPT_ARG_STRING, &options->url, 0, "database URL", "URL" },
264 struct poptOption **popt_options;
267 popt_options = ldb_module_popt_options(state->samdb);
268 (*popt_options) = long_options;
270 ret = ldb_modules_hook(state->samdb, LDB_MODULE_HOOK_CMDLINE_OPTIONS);
271 if (ret != LDB_SUCCESS) {
272 state->log(ISC_LOG_ERROR, "dlz samba: failed cmdline hook");
273 return ISC_R_FAILURE;
276 pc = poptGetContext("dlz_bind9", argc, (const char **)argv, *popt_options,
277 POPT_CONTEXT_KEEP_FIRST);
279 while ((opt = poptGetNextOpt(pc)) != -1) {
282 state->log(ISC_LOG_ERROR, "dlz samba: Invalid option %s: %s",
283 poptBadOption(pc, 0), poptStrerror(opt));
284 return ISC_R_FAILURE;
288 ret = ldb_modules_hook(state->samdb, LDB_MODULE_HOOK_CMDLINE_PRECONNECT);
289 if (ret != LDB_SUCCESS) {
290 state->log(ISC_LOG_ERROR, "dlz samba: failed cmdline preconnect");
291 return ISC_R_FAILURE;
294 return ISC_R_SUCCESS;
299 called to initialise the driver
301 _PUBLIC_ isc_result_t dlz_create(const char *dlzname,
302 unsigned int argc, char *argv[],
305 struct dlz_bind9_data *state;
306 const char *helper_name;
312 struct b9_options options;
314 ZERO_STRUCT(options);
316 state = talloc_zero(NULL, struct dlz_bind9_data);
318 return ISC_R_NOMEMORY;
321 tmp_ctx = talloc_new(state);
323 /* fill in the helper functions */
324 va_start(ap, dbdata);
325 while ((helper_name = va_arg(ap, const char *)) != NULL) {
326 b9_add_helper(state, helper_name, va_arg(ap, void*));
330 state->ev_ctx = s4_event_context_init(state);
331 if (state->ev_ctx == NULL) {
332 result = ISC_R_NOMEMORY;
336 state->samdb = ldb_init(state, state->ev_ctx);
337 if (state->samdb == NULL) {
338 state->log(ISC_LOG_ERROR, "samba dlz_bind9: Failed to create ldb");
339 result = ISC_R_FAILURE;
343 result = parse_options(state, argc, argv, &options);
344 if (result != ISC_R_SUCCESS) {
348 state->lp = loadparm_init_global(true);
349 if (state->lp == NULL) {
350 result = ISC_R_NOMEMORY;
354 if (options.url == NULL) {
355 options.url = talloc_asprintf(tmp_ctx, "ldapi://%s",
356 private_path(tmp_ctx, state->lp, "ldap_priv/ldapi"));
357 if (options.url == NULL) {
358 result = ISC_R_NOMEMORY;
363 ret = ldb_connect(state->samdb, options.url, 0, NULL);
365 state->log(ISC_LOG_ERROR, "samba dlz_bind9: Failed to connect to %s - %s",
366 options.url, ldb_errstring(state->samdb));
367 result = ISC_R_FAILURE;
371 ret = ldb_modules_hook(state->samdb, LDB_MODULE_HOOK_CMDLINE_POSTCONNECT);
372 if (ret != LDB_SUCCESS) {
373 state->log(ISC_LOG_ERROR, "samba dlz_bind9: Failed postconnect for %s - %s",
374 options.url, ldb_errstring(state->samdb));
375 result = ISC_R_FAILURE;
379 dn = ldb_get_default_basedn(state->samdb);
381 state->log(ISC_LOG_ERROR, "samba dlz_bind9: Unable to get basedn for %s - %s",
382 options.url, ldb_errstring(state->samdb));
383 result = ISC_R_FAILURE;
387 state->log(ISC_LOG_INFO, "samba dlz_bind9: started for DN %s",
388 ldb_dn_get_linearized(dn));
392 talloc_free(tmp_ctx);
393 return ISC_R_SUCCESS;
403 _PUBLIC_ void dlz_destroy(void *dbdata)
405 struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
406 state->log(ISC_LOG_INFO, "samba dlz_bind9: shutting down");
412 see if we handle a given zone
414 _PUBLIC_ isc_result_t dlz_findzonedb(void *dbdata, const char *name)
416 struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
418 TALLOC_CTX *tmp_ctx = talloc_new(state);
419 const char *attrs[] = { NULL };
422 for (i=0; zone_prefixes[i]; i++) {
424 struct ldb_result *res;
426 dn = ldb_dn_copy(tmp_ctx, ldb_get_default_basedn(state->samdb));
428 talloc_free(tmp_ctx);
429 return ISC_R_NOMEMORY;
432 if (!ldb_dn_add_child_fmt(dn, "DC=%s,%s", name, zone_prefixes[i])) {
433 talloc_free(tmp_ctx);
434 return ISC_R_NOMEMORY;
437 ret = ldb_search(state->samdb, tmp_ctx, &res, dn, LDB_SCOPE_BASE, attrs, "objectClass=dnsZone");
438 if (ret == LDB_SUCCESS) {
439 talloc_free(tmp_ctx);
440 return ISC_R_SUCCESS;
445 talloc_free(tmp_ctx);
446 return ISC_R_NOTFOUND;
453 static isc_result_t dlz_lookup_types(struct dlz_bind9_data *state,
454 const char *zone, const char *name,
455 dns_sdlzlookup_t *lookup,
458 TALLOC_CTX *tmp_ctx = talloc_new(state);
459 const char *attrs[] = { "dnsRecord", NULL };
461 struct ldb_result *res;
462 struct ldb_message_element *el;
465 for (i=0; zone_prefixes[i]; i++) {
466 dn = ldb_dn_copy(tmp_ctx, ldb_get_default_basedn(state->samdb));
468 talloc_free(tmp_ctx);
469 return ISC_R_NOMEMORY;
472 if (!ldb_dn_add_child_fmt(dn, "DC=%s,DC=%s,%s", name, zone, zone_prefixes[i])) {
473 talloc_free(tmp_ctx);
474 return ISC_R_NOMEMORY;
477 ret = ldb_search(state->samdb, tmp_ctx, &res, dn, LDB_SCOPE_BASE,
478 attrs, "objectClass=dnsNode");
479 if (ret == LDB_SUCCESS) {
483 if (ret != LDB_SUCCESS) {
484 talloc_free(tmp_ctx);
485 return ISC_R_NOTFOUND;
488 el = ldb_msg_find_element(res->msgs[0], "dnsRecord");
489 if (el == NULL || el->num_values == 0) {
490 talloc_free(tmp_ctx);
491 return ISC_R_NOTFOUND;
494 for (i=0; i<el->num_values; i++) {
495 struct dnsp_DnssrvRpcRecord rec;
496 enum ndr_err_code ndr_err;
499 ndr_err = ndr_pull_struct_blob(&el->values[i], tmp_ctx, &rec,
500 (ndr_pull_flags_fn_t)ndr_pull_dnsp_DnssrvRpcRecord);
501 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
502 state->log(ISC_LOG_ERROR, "samba dlz_bind9: failed to parse dnsRecord for %s",
503 ldb_dn_get_linearized(dn));
504 talloc_free(tmp_ctx);
505 return ISC_R_FAILURE;
508 result = b9_putrr(state, lookup, &rec, types);
509 if (result != ISC_R_SUCCESS) {
510 talloc_free(tmp_ctx);
515 talloc_free(tmp_ctx);
516 return ISC_R_SUCCESS;
522 _PUBLIC_ isc_result_t dlz_lookup(const char *zone, const char *name,
523 void *dbdata, dns_sdlzlookup_t *lookup)
525 struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
526 return dlz_lookup_types(state, zone, name, lookup, NULL);
531 see if a zone transfer is allowed
533 _PUBLIC_ isc_result_t dlz_allowzonexfr(void *dbdata, const char *name, const char *client)
535 /* just say yes for all our zones for now */
536 return dlz_findzonedb(dbdata, name);
540 perform a zone transfer
542 _PUBLIC_ isc_result_t dlz_allnodes(const char *zone, void *dbdata,
543 dns_sdlzallnodes_t *allnodes)
545 struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
546 const char *attrs[] = { "dnsRecord", NULL };
549 struct ldb_result *res;
550 TALLOC_CTX *tmp_ctx = talloc_new(state);
552 for (i=0; zone_prefixes[i]; i++) {
553 dn = ldb_dn_copy(tmp_ctx, ldb_get_default_basedn(state->samdb));
555 talloc_free(tmp_ctx);
556 return ISC_R_NOMEMORY;
559 if (!ldb_dn_add_child_fmt(dn, "DC=%s,%s", zone, zone_prefixes[i])) {
560 talloc_free(tmp_ctx);
561 return ISC_R_NOMEMORY;
564 ret = ldb_search(state->samdb, tmp_ctx, &res, dn, LDB_SCOPE_SUBTREE,
565 attrs, "objectClass=dnsNode");
566 if (ret == LDB_SUCCESS) {
570 if (ret != LDB_SUCCESS) {
571 talloc_free(tmp_ctx);
572 return ISC_R_NOTFOUND;
575 for (i=0; i<res->count; i++) {
576 struct ldb_message_element *el;
577 TALLOC_CTX *el_ctx = talloc_new(tmp_ctx);
578 const char *rdn, *name;
579 const struct ldb_val *v;
581 el = ldb_msg_find_element(res->msgs[i], "dnsRecord");
582 if (el == NULL || el->num_values == 0) {
583 state->log(ISC_LOG_INFO, "failed to find dnsRecord for %s",
584 ldb_dn_get_linearized(dn));
589 v = ldb_dn_get_rdn_val(res->msgs[i]->dn);
591 state->log(ISC_LOG_INFO, "failed to find RDN for %s",
592 ldb_dn_get_linearized(dn));
597 rdn = talloc_strndup(el_ctx, (char *)v->data, v->length);
599 talloc_free(tmp_ctx);
600 return ISC_R_NOMEMORY;
603 if (strcmp(rdn, "@") == 0) {
606 name = talloc_asprintf(el_ctx, "%s.%s", rdn, zone);
609 talloc_free(tmp_ctx);
610 return ISC_R_NOMEMORY;
613 for (j=0; j<el->num_values; j++) {
614 struct dnsp_DnssrvRpcRecord rec;
615 enum ndr_err_code ndr_err;
618 ndr_err = ndr_pull_struct_blob(&el->values[j], el_ctx, &rec,
619 (ndr_pull_flags_fn_t)ndr_pull_dnsp_DnssrvRpcRecord);
620 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
621 state->log(ISC_LOG_ERROR, "samba dlz_bind9: failed to parse dnsRecord for %s",
622 ldb_dn_get_linearized(dn));
627 result = b9_putnamedrr(state, allnodes, name, &rec);
628 if (result != ISC_R_SUCCESS) {
635 talloc_free(tmp_ctx);
637 return ISC_R_SUCCESS;
644 _PUBLIC_ isc_result_t dlz_newversion(const char *zone, void *dbdata, void **versionp)
646 struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
648 state->log(ISC_LOG_INFO, "samba dlz_bind9: starting transaction on zone %s", zone);
650 if (state->transaction_started) {
651 state->log(ISC_LOG_INFO, "samba dlz_bind9: transaction already started for zone %s", zone);
652 return ISC_R_FAILURE;
655 state->transaction_started = true;
657 *versionp = (void *) &state->transaction_started;
659 return ISC_R_SUCCESS;
665 _PUBLIC_ void dlz_closeversion(const char *zone, isc_boolean_t commit,
666 void *dbdata, void **versionp)
668 struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
670 if (!state->transaction_started) {
671 state->log(ISC_LOG_INFO, "samba dlz_bind9: transaction not started for zone %s", zone);
676 state->transaction_started = false;
681 state->log(ISC_LOG_INFO, "samba dlz_bind9: committing transaction on zone %s", zone);
683 state->log(ISC_LOG_INFO, "samba dlz_bind9: cancelling transaction on zone %s", zone);
689 see if there is a SOA record for a zone
691 static bool b9_has_soa(struct dlz_bind9_data *state, struct ldb_dn *dn, const char *zone)
693 const char *attrs[] = { "dnsRecord", NULL };
694 struct ldb_result *res;
695 struct ldb_message_element *el;
696 TALLOC_CTX *tmp_ctx = talloc_new(state);
699 if (!ldb_dn_add_child_fmt(dn, "DC=@,DC=%s", zone)) {
700 talloc_free(tmp_ctx);
704 ret = ldb_search(state->samdb, tmp_ctx, &res, dn, LDB_SCOPE_BASE,
705 attrs, "objectClass=dnsNode");
706 if (ret != LDB_SUCCESS) {
707 talloc_free(tmp_ctx);
711 el = ldb_msg_find_element(res->msgs[0], "dnsRecord");
713 talloc_free(tmp_ctx);
716 for (i=0; i<el->num_values; i++) {
717 struct dnsp_DnssrvRpcRecord rec;
718 enum ndr_err_code ndr_err;
720 ndr_err = ndr_pull_struct_blob(&el->values[i], tmp_ctx, &rec,
721 (ndr_pull_flags_fn_t)ndr_pull_dnsp_DnssrvRpcRecord);
722 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
725 if (rec.wType == DNS_TYPE_SOA) {
726 talloc_free(tmp_ctx);
731 talloc_free(tmp_ctx);
736 configure a writeable zone
738 _PUBLIC_ isc_result_t dlz_configure(dns_view_t *view, void *dbdata)
740 struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
745 state->log(ISC_LOG_INFO, "samba dlz_bind9: starting configure");
746 if (state->writeable_zone == NULL) {
747 state->log(ISC_LOG_INFO, "samba dlz_bind9: no writeable_zone method available");
748 return ISC_R_FAILURE;
751 tmp_ctx = talloc_new(state);
753 for (i=0; zone_prefixes[i]; i++) {
754 const char *attrs[] = { "name", NULL };
756 struct ldb_result *res;
758 dn = ldb_dn_copy(tmp_ctx, ldb_get_default_basedn(state->samdb));
760 talloc_free(tmp_ctx);
761 return ISC_R_NOMEMORY;
764 if (!ldb_dn_add_child_fmt(dn, "%s", zone_prefixes[i])) {
765 talloc_free(tmp_ctx);
766 return ISC_R_NOMEMORY;
769 ret = ldb_search(state->samdb, tmp_ctx, &res, dn, LDB_SCOPE_SUBTREE,
770 attrs, "objectClass=dnsZone");
771 if (ret != LDB_SUCCESS) {
775 for (j=0; j<res->count; j++) {
777 const char *zone = ldb_msg_find_attr_as_string(res->msgs[j], "name", NULL);
781 if (!b9_has_soa(state, dn, zone)) {
784 result = state->writeable_zone(view, zone);
785 if (result != ISC_R_SUCCESS) {
786 state->log(ISC_LOG_ERROR, "samba dlz_bind9: Failed to configure zone '%s'",
788 talloc_free(tmp_ctx);
791 state->log(ISC_LOG_INFO, "samba dlz_bind9: configured writeable zone '%s'", zone);
795 talloc_free(tmp_ctx);
796 return ISC_R_SUCCESS;
800 authorize a zone update
802 _PUBLIC_ isc_boolean_t dlz_ssumatch(const char *signer, const char *name, const char *tcpaddr,
803 const char *type, const char *key, uint32_t keydatalen, uint8_t *keydata,
806 struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
808 state->log(ISC_LOG_INFO, "samba dlz_bind9: allowing update of signer=%s name=%s tcpaddr=%s type=%s key=%s keydatalen=%u",
809 signer, name, tcpaddr, type, key, keydatalen);
814 _PUBLIC_ isc_result_t dlz_addrdataset(const char *name, const char *rdatastr, void *dbdata, void *version)
816 struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
818 if (version != (void *) &state->transaction_started) {
819 return ISC_R_FAILURE;
822 state->log(ISC_LOG_INFO, "samba dlz_bind9: adding rdataset %s '%s'", name, rdatastr);
824 return ISC_R_SUCCESS;
827 _PUBLIC_ isc_result_t dlz_subrdataset(const char *name, const char *rdatastr, void *dbdata, void *version)
829 struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
831 if (version != (void *) &state->transaction_started) {
832 return ISC_R_FAILURE;
835 state->log(ISC_LOG_INFO, "samba dlz_bind9: subtracting rdataset %s '%s'", name, rdatastr);
837 return ISC_R_SUCCESS;
841 _PUBLIC_ isc_result_t dlz_delrdataset(const char *name, void *dbdata, void *version)
843 struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
845 if (version != (void *) &state->transaction_started) {
846 return ISC_R_FAILURE;
849 state->log(ISC_LOG_INFO, "samba dlz_bind9: deleting rdataset %s", name);
851 return ISC_R_SUCCESS;
git.samba.org / samba.git / blob