summaryrefslogtreecommitdiff
path: root/src/providers
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2013-03-26 16:49:26 +0100
committerJakub Hrozek <jhrozek@redhat.com>2013-05-03 20:22:29 +0200
commit9cb46bc62f22e0104f1b41a423b014c281ef5fc2 (patch)
tree375254d502d24d51072cf9668fe3a09977ce1edc /src/providers
parentc080a11e9e88f35e40aff4e476cabbd971833019 (diff)
downloadsssd-9cb46bc62f22e0104f1b41a423b014c281ef5fc2.tar.gz
sssd-9cb46bc62f22e0104f1b41a423b014c281ef5fc2.tar.bz2
sssd-9cb46bc62f22e0104f1b41a423b014c281ef5fc2.zip
Refactor dynamic DNS updates
Provides two new layers instead of the previous IPA specific layer: 1) dp_dyndns.c -- a very generic dyndns layer on the DP level. Its purpose it to make it possible for any back end to use dynamic DNS updates. 2) sdap_dyndns.c -- a wrapper around dp_dyndns.c that utilizes some LDAP-specific features like autodetecting the address from the LDAP connection. Also converts the dyndns code to new specific error codes.
Diffstat (limited to 'src/providers')
-rw-r--r--src/providers/dp_dyndns.c880
-rw-r--r--src/providers/dp_dyndns.h68
-rw-r--r--src/providers/ipa/ipa_common.h2
-rw-r--r--src/providers/ipa/ipa_dyndns.c1237
-rw-r--r--src/providers/ldap/sdap_dyndns.c498
-rw-r--r--src/providers/ldap/sdap_dyndns.h47
6 files changed, 1568 insertions, 1164 deletions
diff --git a/src/providers/dp_dyndns.c b/src/providers/dp_dyndns.c
new file mode 100644
index 00000000..7e5cc690
--- /dev/null
+++ b/src/providers/dp_dyndns.c
@@ -0,0 +1,880 @@
+/*
+ SSSD
+
+ dp_dyndns.c
+
+ Authors:
+ Stephen Gallagher <sgallagh@redhat.com>
+ Jakub Hrozek <jhrozek@redhat.com>
+
+ Copyright (C) 2013 Red Hat
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <arpa/inet.h>
+#include <net/if.h>
+#include <ifaddrs.h>
+#include <ctype.h>
+#include "util/util.h"
+#include "confdb/confdb.h"
+#include "util/child_common.h"
+#include "providers/data_provider.h"
+#include "providers/dp_backend.h"
+#include "providers/dp_dyndns.h"
+#include "resolv/async_resolv.h"
+
+#ifndef DYNDNS_TIMEOUT
+#define DYNDNS_TIMEOUT 15
+#endif /* DYNDNS_TIMEOUT */
+
+struct sss_iface_addr {
+ struct sss_iface_addr *next;
+ struct sss_iface_addr *prev;
+
+ struct sockaddr_storage *addr;
+};
+
+struct sss_iface_addr *
+sss_iface_addr_add(TALLOC_CTX *mem_ctx, struct sss_iface_addr **list,
+ struct sockaddr_storage *ss)
+{
+ struct sss_iface_addr *address;
+
+ address = talloc(mem_ctx, struct sss_iface_addr);
+ if (address == NULL) {
+ return NULL;
+ }
+
+ address->addr = talloc_memdup(address, ss,
+ sizeof(struct sockaddr_storage));
+ if(address->addr == NULL) {
+ talloc_zfree(address);
+ return NULL;
+ }
+ DLIST_ADD(*list, address);
+
+ return address;
+}
+
+errno_t
+sss_iface_addr_list_as_str_list(TALLOC_CTX *mem_ctx,
+ struct sss_iface_addr *ifaddr_list,
+ char ***_straddrs)
+{
+ struct sss_iface_addr *ifaddr;
+ size_t count;
+ int ai;
+ char **straddrs;
+ const char *ip;
+ char ip_addr[INET6_ADDRSTRLEN];
+ errno_t ret;
+
+ count = 0;
+ DLIST_FOR_EACH(ifaddr, ifaddr_list) {
+ count++;
+ }
+
+ straddrs = talloc_array(mem_ctx, char *, count+1);
+ if (straddrs == NULL) {
+ return ENOMEM;
+ }
+
+ ai = 0;
+ DLIST_FOR_EACH(ifaddr, ifaddr_list) {
+ switch(ifaddr->addr->ss_family) {
+ case AF_INET:
+ errno = 0;
+ ip = inet_ntop(ifaddr->addr->ss_family,
+ &(((struct sockaddr_in *)ifaddr->addr)->sin_addr),
+ ip_addr, INET6_ADDRSTRLEN);
+ if (ip == NULL) {
+ ret = errno;
+ goto fail;
+ }
+ break;
+
+ case AF_INET6:
+ errno = 0;
+ ip = inet_ntop(ifaddr->addr->ss_family,
+ &(((struct sockaddr_in6 *)ifaddr->addr)->sin6_addr),
+ ip_addr, INET6_ADDRSTRLEN);
+ if (ip == NULL) {
+ ret = errno;
+ goto fail;
+ }
+ break;
+
+ default:
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Unknown address family\n"));
+ continue;
+ }
+
+ straddrs[ai] = talloc_strdup(straddrs, ip);
+ if (straddrs[ai] == NULL) {
+ ret = ENOMEM;
+ goto fail;
+ }
+ ai++;
+ }
+
+ straddrs[count] = NULL;
+ *_straddrs = straddrs;
+ return EOK;
+
+fail:
+ talloc_free(straddrs);
+ return ret;
+}
+
+static bool
+ok_for_dns(struct sockaddr *sa)
+{
+ char straddr[INET6_ADDRSTRLEN];
+ struct in6_addr *addr6;
+ struct in_addr *addr;
+
+ switch (sa->sa_family) {
+ case AF_INET6:
+ addr6 = &((struct sockaddr_in6 *) sa)->sin6_addr;
+
+ if (inet_ntop(AF_INET6, addr6, straddr, INET6_ADDRSTRLEN) == NULL) {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ ("inet_ntop failed, won't log IP addresses\n"));
+ snprintf(straddr, INET6_ADDRSTRLEN, "unknown");
+ }
+
+ if (IN6_IS_ADDR_LINKLOCAL(addr6)) {
+ DEBUG(SSSDBG_FUNC_DATA, ("Link local IPv6 address %s\n", straddr));
+ return false;
+ } else if (IN6_IS_ADDR_LOOPBACK(addr6)) {
+ DEBUG(SSSDBG_FUNC_DATA, ("Loopback IPv6 address %s\n", straddr));
+ return false;
+ } else if (IN6_IS_ADDR_MULTICAST(addr6)) {
+ DEBUG(SSSDBG_FUNC_DATA, ("Multicast IPv6 address %s\n", straddr));
+ return false;
+ }
+ break;
+ case AF_INET:
+ addr = &((struct sockaddr_in *) sa)->sin_addr;
+
+ if (inet_ntop(AF_INET, addr, straddr, INET6_ADDRSTRLEN) == NULL) {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ ("inet_ntop failed, won't log IP addresses\n"));
+ snprintf(straddr, INET6_ADDRSTRLEN, "unknown");
+ }
+
+ if (IN_MULTICAST(ntohl(addr->s_addr))) {
+ DEBUG(SSSDBG_FUNC_DATA, ("Multicast IPv4 address %s\n", straddr));
+ return false;
+ } else if (inet_netof(*addr) == IN_LOOPBACKNET) {
+ DEBUG(SSSDBG_FUNC_DATA, ("Loopback IPv4 address %s\n", straddr));
+ return false;
+ } else if ((addr->s_addr & 0xffff0000) == 0xa9fe0000) {
+ /* 169.254.0.0/16 */
+ DEBUG(SSSDBG_FUNC_DATA, ("Link-local IPv4 address %s\n", straddr));
+ return false;
+ } else if (addr->s_addr == htonl(INADDR_BROADCAST)) {
+ DEBUG(SSSDBG_FUNC_DATA, ("Broadcast IPv4 address %s\n", straddr));
+ return false;
+ }
+ break;
+ default:
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Unknown address family\n"));
+ return false;
+ }
+
+ return true;
+}
+
+/* Collect IP addresses associated with an interface */
+errno_t
+sss_iface_addr_list_get(TALLOC_CTX *mem_ctx, const char *ifname,
+ struct sss_iface_addr **_addrlist)
+{
+ struct ifaddrs *ifaces = NULL;
+ struct ifaddrs *ifa;
+ errno_t ret;
+ size_t addrsize;
+ struct sss_iface_addr *address;
+ struct sss_iface_addr *addrlist = NULL;
+
+ /* Get the IP addresses associated with the
+ * specified interface
+ */
+ errno = 0;
+ ret = getifaddrs(&ifaces);
+ if (ret == -1) {
+ ret = errno;
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("Could not read interfaces [%d][%s]\n", ret, strerror(ret)));
+ goto done;
+ }
+
+ for (ifa = ifaces; ifa != NULL; ifa = ifa->ifa_next) {
+ /* Some interfaces don't have an ifa_addr */
+ if (!ifa->ifa_addr) continue;
+
+ /* Add IP addresses to the list */
+ if ((ifa->ifa_addr->sa_family == AF_INET ||
+ ifa->ifa_addr->sa_family == AF_INET6) &&
+ strcasecmp(ifa->ifa_name, ifname) == 0 &&
+ ok_for_dns(ifa->ifa_addr)) {
+
+ /* Add this address to the IP address list */
+ address = talloc_zero(mem_ctx, struct sss_iface_addr);
+ if (!address) {
+ goto done;
+ }
+
+ addrsize = ifa->ifa_addr->sa_family == AF_INET ? \
+ sizeof(struct sockaddr_in) : \
+ sizeof(struct sockaddr_in6);
+
+ address->addr = talloc_memdup(address, ifa->ifa_addr,
+ addrsize);
+ if (address->addr == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+ DLIST_ADD(addrlist, address);
+ }
+ }
+
+ ret = EOK;
+ *_addrlist = addrlist;
+done:
+ freeifaddrs(ifaces);
+ return ret;
+}
+
+errno_t
+be_nsupdate_create_msg(TALLOC_CTX *mem_ctx, const char *realm,
+ const char *zone, const char *servername,
+ const char *hostname, const unsigned int ttl,
+ uint8_t remove_af, struct sss_iface_addr *addresses,
+ char **_update_msg)
+{
+ int ret;
+ char *realm_directive;
+ char ip_addr[INET6_ADDRSTRLEN];
+ const char *ip;
+ struct sss_iface_addr *new_record;
+ char *update_msg;
+ TALLOC_CTX *tmp_ctx;
+
+ /* in some cases realm could have been NULL if we weren't using TSIG */
+ if (zone == NULL || hostname == NULL) {
+ return EINVAL;
+ }
+
+ tmp_ctx = talloc_new(NULL);
+ if (tmp_ctx == NULL) return ENOMEM;
+
+#ifdef HAVE_NSUPDATE_REALM
+ realm_directive = talloc_asprintf(tmp_ctx, "realm %s\n", realm);
+#else
+ realm_directive = talloc_asprintf(tmp_ctx, "");
+#endif
+ if (!realm_directive) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ /* The realm_directive would now either contain an empty string or be
+ * completely empty so we don't need to add another newline here
+ */
+ if (servername) {
+ DEBUG(SSSDBG_FUNC_DATA,
+ ("Creating update message for server [%s], realm [%s] "
+ "and zone [%s].\n", servername, realm, zone));
+
+ /* Add the server, realm and zone headers */
+ update_msg = talloc_asprintf(tmp_ctx, "server %s\n%szone %s.\n",
+ servername, realm_directive, zone);
+ } else {
+ DEBUG(SSSDBG_FUNC_DATA,
+ ("Creating update message for realm [%s] and zone [%s].\n",
+ realm, zone));
+
+ /* Add the realm and zone headers */
+ update_msg = talloc_asprintf(tmp_ctx, "%szone %s.\n",
+ realm_directive, zone);
+ }
+ talloc_free(realm_directive);
+ if (update_msg == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ /* Remove existing entries as needed */
+ if (remove_af & DYNDNS_REMOVE_A) {
+ update_msg = talloc_asprintf_append(update_msg,
+ "update delete %s. in A\nsend\n",
+ hostname);
+ if (update_msg == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+ }
+ if (remove_af & DYNDNS_REMOVE_AAAA) {
+ update_msg = talloc_asprintf_append(update_msg,
+ "update delete %s. in AAAA\nsend\n",
+ hostname);
+ if (update_msg == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+ }
+
+ DLIST_FOR_EACH(new_record, addresses) {
+ switch(new_record->addr->ss_family) {
+ case AF_INET:
+ ip = inet_ntop(new_record->addr->ss_family,
+ &(((struct sockaddr_in *)new_record->addr)->sin_addr),
+ ip_addr, INET6_ADDRSTRLEN);
+ if (ip == NULL) {
+ ret = errno;
+ goto done;
+ }
+ break;
+
+ case AF_INET6:
+ ip = inet_ntop(new_record->addr->ss_family,
+ &(((struct sockaddr_in6 *)new_record->addr)->sin6_addr),
+ ip_addr, INET6_ADDRSTRLEN);
+ if (ip == NULL) {
+ ret = errno;
+ goto done;
+ }
+ break;
+
+ default:
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Unknown address family\n"));
+ ret = EINVAL;
+ goto done;
+ }
+
+ /* Format the record update */
+ update_msg = talloc_asprintf_append(update_msg,
+ "update add %s. %d in %s %s\n",
+ hostname, ttl,
+ new_record->addr->ss_family == AF_INET ? "A" : "AAAA",
+ ip_addr);
+ if (update_msg == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+ }
+
+ update_msg = talloc_asprintf_append(update_msg, "send\n");
+ if (update_msg == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ DEBUG(SSSDBG_TRACE_FUNC,
+ (" -- Begin nsupdate message -- \n%s",
+ update_msg));
+ DEBUG(SSSDBG_TRACE_FUNC,
+ (" -- End nsupdate message -- \n"));
+
+ ret = ERR_OK;
+ *_update_msg = talloc_steal(mem_ctx, update_msg);
+done:
+ talloc_free(tmp_ctx);
+ return ret;
+}
+
+struct nsupdate_get_addrs_state {
+ struct tevent_context *ev;
+ struct be_resolv_ctx *be_res;
+ enum host_database *db;
+ const char *hostname;
+
+ /* Use sss_addr in this request */
+ char **addrlist;
+ size_t count;
+};
+
+static void nsupdate_get_addrs_done(struct tevent_req *subreq);
+
+struct tevent_req *
+nsupdate_get_addrs_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct be_resolv_ctx *be_res,
+ const char *hostname)
+{
+ errno_t ret;
+ struct tevent_req *req;
+ struct tevent_req *subreq;
+ struct nsupdate_get_addrs_state *state;
+
+ req = tevent_req_create(mem_ctx, &state, struct nsupdate_get_addrs_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->be_res = be_res;
+ state->ev = ev;
+ state->hostname = talloc_strdup(state, hostname);
+ if (state->hostname == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ state->db = talloc_array(state, enum host_database, 2);
+ if (state->db == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+ state->db[0] = DB_DNS;
+ state->db[1] = DB_SENTINEL;
+
+ subreq = resolv_gethostbyname_send(state, ev, be_res->resolv, hostname,
+ state->be_res->family_order,
+ state->db);
+ if (subreq == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+ tevent_req_set_callback(subreq, nsupdate_get_addrs_done, req);
+
+ ret = ERR_OK;
+done:
+ if (ret != ERR_OK) {
+ tevent_req_error(req, ret);
+ tevent_req_post(req, ev);
+ }
+ return req;
+}
+
+static void
+nsupdate_get_addrs_done(struct tevent_req *subreq)
+{
+ errno_t ret;
+ size_t count;
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq, struct tevent_req);
+ struct nsupdate_get_addrs_state *state = tevent_req_data(req,
+ struct nsupdate_get_addrs_state);
+ struct resolv_hostent *rhostent;
+ int i;
+ int resolv_status;
+
+ ret = resolv_gethostbyname_recv(subreq, state, &resolv_status, NULL,
+ &rhostent);
+ talloc_zfree(subreq);
+
+ /* If the retry did not match, simply quit */
+ if (ret == ENOENT) {
+ /* If the resolver is set to honor both address families
+ * it automatically retries the other one internally, so ENOENT
+ * means neither matched and we can simply quit.
+ */
+ ret = EOK;
+ goto done;
+ } else if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("Could not resolve address for this machine, error [%d]: %s, "
+ "resolver returned: [%d]: %s\n", ret, sss_strerror(ret),
+ resolv_status, resolv_strerror(resolv_status)));
+ goto done;
+ }
+
+ /* EOK */
+
+ if (rhostent->addr_list) {
+ for (count=0; rhostent->addr_list[count]; count++);
+ } else {
+ /* The address list is NULL. This is probably a bug in
+ * c-ares, but we need to handle it gracefully.
+ */
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ ("Lookup of [%s] returned no addresses. Skipping.\n",
+ rhostent->name));
+ count = 0;
+ }
+
+ state->addrlist = talloc_realloc(state, state->addrlist, char *,
+ state->count + count + 1);
+ if (!state->addrlist) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ for (i=0; i < count; i++) {
+ state->addrlist[state->count + i] = \
+ resolv_get_string_address_index(state->addrlist,
+ rhostent, i);
+
+ if (state->addrlist[state->count + i] == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+ }
+ state->count += count;
+ state->addrlist[state->count] = NULL;
+
+ /* If the resolver is set to honor both address families
+ * and the first one matched, retry the second one to
+ * get the complete list.
+ */
+ if (((state->be_res->family_order == IPV4_FIRST &&
+ rhostent->family == AF_INET) ||
+ (state->be_res->family_order == IPV6_FIRST &&
+ rhostent->family == AF_INET6))) {
+
+ state->be_res->family_order = \
+ (state->be_res->family_order == IPV4_FIRST) ? \
+ IPV6_ONLY : \
+ IPV4_ONLY;
+
+ subreq = resolv_gethostbyname_send(state, state->ev,
+ state->be_res->resolv,
+ state->hostname,
+ state->be_res->family_order,
+ state->db);
+ if (!subreq) {
+ ret = ENOMEM;
+ goto done;
+ }
+ tevent_req_set_callback(subreq, nsupdate_get_addrs_done, req);
+ return;
+ }
+
+ /* The second address matched either immediatelly or after a retry.
+ * No need to retry again. */
+ ret = EOK;
+
+done:
+ if (ret == EOK) {
+ /* All done */
+ tevent_req_done(req);
+ } else if (ret != EAGAIN) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("nsupdate_get_addrs_done failed: [%d]: [%s]\n",
+ sss_strerror(ret)));
+ tevent_req_error(req, ret);
+ }
+ /* EAGAIN - another lookup in progress */
+}
+
+errno_t
+nsupdate_get_addrs_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ char ***_addrlist)
+{
+ struct nsupdate_get_addrs_state *state = tevent_req_data(req,
+ struct nsupdate_get_addrs_state);
+
+ TEVENT_REQ_RETURN_ON_ERROR(req);
+
+ *_addrlist = talloc_steal(mem_ctx, state->addrlist);
+ return EOK;
+}
+
+/* Write the nsupdate_msg into the already forked child, wait until
+ * the child finishes
+ *
+ * This is not a typical tevent_req styled request as it ends either after
+ * a timeout or when the child finishes operation.
+ */
+struct nsupdate_child_state {
+ int pipefd_to_child;
+ struct tevent_timer *timeout_handler;
+
+ int child_status;
+};
+
+static void
+nsupdate_child_timeout(struct tevent_context *ev,
+ struct tevent_timer *te,
+ struct timeval tv, void *pvt);
+static void
+nsupdate_child_handler(int child_status,
+ struct tevent_signal *sige,
+ void *pvt);
+
+static void nsupdate_child_stdin_done(struct tevent_req *subreq);
+
+static struct tevent_req *
+nsupdate_child_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ int pipefd_to_child,
+ pid_t child_pid,
+ char *child_stdin)
+{
+ errno_t ret;
+ struct tevent_req *req;
+ struct tevent_req *subreq;
+ struct nsupdate_child_state *state;
+ struct timeval tv;
+
+ req = tevent_req_create(mem_ctx, &state, struct nsupdate_child_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->pipefd_to_child = pipefd_to_child;
+
+ /* Set up SIGCHLD handler */
+ ret = child_handler_setup(ev, child_pid, nsupdate_child_handler, req);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, ("Could not set up child handlers [%d]: %s\n",
+ ret, sss_strerror(ret)));
+ ret = ERR_DYNDNS_FAILED;
+ goto done;
+ }
+
+ /* Set up timeout handler */
+ tv = tevent_timeval_current_ofs(DYNDNS_TIMEOUT, 0);
+ state->timeout_handler = tevent_add_timer(ev, req, tv,
+ nsupdate_child_timeout, req);
+ if(state->timeout_handler == NULL) {
+ ret = ERR_DYNDNS_FAILED;
+ goto done;
+ }
+
+ /* Write the update message to the nsupdate child */
+ subreq = write_pipe_send(req, ev,
+ (uint8_t *) child_stdin,
+ strlen(child_stdin)+1,
+ state->pipefd_to_child);
+ if (subreq == NULL) {
+ ret = ERR_DYNDNS_FAILED;
+ goto done;
+ }
+ tevent_req_set_callback(subreq, nsupdate_child_stdin_done, req);
+
+ ret = EOK;
+done:
+ if (ret != EOK) {
+ tevent_req_error(req, ret);
+ tevent_req_post(req, ev);
+ }
+ return req;
+}
+
+static void
+nsupdate_child_timeout(struct tevent_context *ev,
+ struct tevent_timer *te,
+ struct timeval tv, void *pvt)
+{
+ struct tevent_req *req =
+ talloc_get_type(pvt, struct tevent_req);
+ struct nsupdate_child_state *state =
+ tevent_req_data(req, struct nsupdate_child_state);
+
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Timeout reached for dynamic DNS update\n"));
+ state->child_status = ETIMEDOUT;
+ tevent_req_error(req, ERR_DYNDNS_TIMEOUT);
+}
+
+static void
+nsupdate_child_stdin_done(struct tevent_req *subreq)
+{
+ errno_t ret;
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq, struct tevent_req);
+ struct nsupdate_child_state *state =
+ tevent_req_data(req, struct nsupdate_child_state);
+
+ /* Verify that the buffer was sent, then return
+ * and wait for the sigchld handler to finish.
+ */
+ DEBUG(SSSDBG_TRACE_LIBS, ("Sending nsupdate data complete\n"));
+
+ ret = write_pipe_recv(subreq);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, ("Sending nsupdate data failed [%d]: %s\n",
+ ret, sss_strerror(ret)));
+ tevent_req_error(req, ERR_DYNDNS_FAILED);
+ return;
+ }
+
+ close(state->pipefd_to_child);
+ state->pipefd_to_child = -1;
+
+ /* Now either wait for the timeout to fire or the child
+ * to finish
+ */
+}
+
+static void
+nsupdate_child_handler(int child_status,
+ struct tevent_signal *sige,
+ void *pvt)
+{
+ struct tevent_req *req = talloc_get_type(pvt, struct tevent_req);
+ struct nsupdate_child_state *state =
+ tevent_req_data(req, struct nsupdate_child_state);
+
+ state->child_status = child_status;
+
+ if (WIFEXITED(child_status) && WEXITSTATUS(child_status) != 0) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("Dynamic DNS child failed with status [%d]\n", child_status));
+ tevent_req_error(req, ERR_DYNDNS_FAILED);
+ return;
+ }
+
+ if (WIFSIGNALED(child_status)) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("Dynamic DNS child was terminated by signal [%d]\n",
+ WTERMSIG(child_status)));
+ tevent_req_error(req, ERR_DYNDNS_FAILED);
+ return;
+ }
+
+ tevent_req_done(req);
+}
+
+static errno_t
+nsupdate_child_recv(struct tevent_req *req, int *child_status)
+{
+ struct nsupdate_child_state *state =
+ tevent_req_data(req, struct nsupdate_child_state);
+
+ *child_status = state->child_status;
+
+ TEVENT_REQ_RETURN_ON_ERROR(req);
+
+ return ERR_OK;
+}
+
+/* Fork a nsupdate child, write the nsupdate_msg into stdin and wait for the child
+ * to finish one way or another
+ */
+struct be_nsupdate_state {
+ int child_status;
+};
+
+static void be_nsupdate_done(struct tevent_req *subreq);
+
+struct tevent_req *be_nsupdate_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ char *nsupdate_msg)
+{
+ int pipefd_to_child[2];
+ pid_t child_pid;
+ errno_t ret;
+ struct tevent_req *req = NULL;
+ struct tevent_req *subreq = NULL;
+ struct be_nsupdate_state *state;
+ char *args[3];
+
+ req = tevent_req_create(mem_ctx, &state, struct be_nsupdate_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->child_status = 0;
+
+ ret = pipe(pipefd_to_child);
+ if (ret == -1) {
+ ret = errno;
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("pipe failed [%d][%s].\n", ret, strerror(ret)));
+ goto done;
+ }
+
+ child_pid = fork();
+
+ if (child_pid == 0) { /* child */
+ args[0] = talloc_strdup(state, NSUPDATE_PATH);
+ args[1] = talloc_strdup(state, "-g");
+ args[2] = NULL;
+ if (args[0] == NULL || args[1] == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ close(pipefd_to_child[1]);
+ ret = dup2(pipefd_to_child[0], STDIN_FILENO);
+ if (ret == -1) {
+ ret = errno;
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("dup2 failed [%d][%s].\n", ret, strerror(ret)));
+ goto done;
+ }
+
+ errno = 0;
+ execv(NSUPDATE_PATH, args);
+ /* The child should never end up here */
+ ret = errno;
+ DEBUG(SSSDBG_CRIT_FAILURE, ("execv failed [%d][%s].\n", ret, strerror(ret)));
+ goto done;
+ } else if (child_pid > 0) { /* parent */
+ close(pipefd_to_child[0]);
+
+ subreq = nsupdate_child_send(state, ev, pipefd_to_child[1],
+ child_pid, nsupdate_msg);
+ if (subreq == NULL) {
+ ret = ERR_DYNDNS_FAILED;
+ goto done;
+ }
+ tevent_req_set_callback(subreq, be_nsupdate_done, req);
+ } else { /* error */
+ ret = errno;
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("fork failed [%d][%s].\n", ret, strerror(ret)));
+ goto done;
+ }
+
+ ret = EOK;
+done:
+ if (ret != EOK) {
+ tevent_req_error(req, ret);
+ tevent_req_post(req, ev);
+ }
+ return req;
+}
+
+static void
+be_nsupdate_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq, struct tevent_req);
+ struct be_nsupdate_state *state =
+ tevent_req_data(req, struct be_nsupdate_state);
+ errno_t ret;
+
+ ret = nsupdate_child_recv(subreq, &state->child_status);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, ("nsupdate child execution failed [%d]: %s\n",
+ ret, sss_strerror(ret)));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ DEBUG(SSSDBG_FUNC_DATA,
+ ("nsupdate child status: %d\n", state->child_status));
+ tevent_req_done(req);
+}
+
+errno_t
+be_nsupdate_recv(struct tevent_req *req, int *child_status)
+{
+ struct be_nsupdate_state *state =
+ tevent_req_data(req, struct be_nsupdate_state);
+
+ *child_status = state->child_status;
+
+ TEVENT_REQ_RETURN_ON_ERROR(req);
+
+ return EOK;
+}
diff --git a/src/providers/dp_dyndns.h b/src/providers/dp_dyndns.h
new file mode 100644
index 00000000..b0020560
--- /dev/null
+++ b/src/providers/dp_dyndns.h
@@ -0,0 +1,68 @@
+/*
+ SSSD
+
+ dp_dyndns.h
+
+ Authors:
+ Jakub Hrozek <jhrozek@redhat.com>
+
+ Copyright (C) 2013 Red Hat
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/* dynamic dns helpers */
+struct sss_iface_addr;
+
+#define DYNDNS_REMOVE_A 0x1
+#define DYNDNS_REMOVE_AAAA 0x2
+
+errno_t
+sss_iface_addr_list_get(TALLOC_CTX *mem_ctx, const char *ifname,
+ struct sss_iface_addr **_addrlist);
+
+struct sss_iface_addr *
+sss_iface_addr_add(TALLOC_CTX *mem_ctx, struct sss_iface_addr **list,
+ struct sockaddr_storage *ss);
+
+errno_t
+sss_iface_addr_list_as_str_list(TALLOC_CTX *mem_ctx,
+ struct sss_iface_addr *ifaddr_list,
+ char ***_straddrs);
+
+errno_t
+be_nsupdate_create_msg(TALLOC_CTX *mem_ctx, const char *realm,
+ const char *zone, const char *servername,
+ const char *hostname, const unsigned int ttl,
+ uint8_t remove_af, struct sss_iface_addr *addresses,
+ char **_update_msg);
+
+/* Returns:
+ * * ERR_OK - on success
+ * * ERR_DYNDNS_FAILED - if nsupdate fails for any reason
+ * * ERR_DYNDNS_TIMEOUT - if the update times out. child_status
+ * is ETIMEDOUT in this case
+ */
+struct tevent_req *be_nsupdate_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ char *nsupdate_msg);
+errno_t be_nsupdate_recv(struct tevent_req *req, int *child_status);
+
+struct tevent_req * nsupdate_get_addrs_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct be_resolv_ctx *be_res,
+ const char *hostname);
+errno_t nsupdate_get_addrs_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ char ***_addrlist);
diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h
index d5c10a51..6e77c997 100644
--- a/src/providers/ipa/ipa_common.h
+++ b/src/providers/ipa/ipa_common.h
@@ -138,7 +138,7 @@ struct ipa_options {
/* id provider */
struct sdap_options *id;
struct ipa_id_ctx *id_ctx;
- struct resolv_ctx *resolv;
+ struct be_resolv_ctx *be_res;
/* auth and chpass provider */
struct dp_option *auth;
diff --git a/src/providers/ipa/ipa_dyndns.c b/src/providers/ipa/ipa_dyndns.c
index 0bd8ad00..79918a26 100644
--- a/src/providers/ipa/ipa_dyndns.c
+++ b/src/providers/ipa/ipa_dyndns.c
@@ -22,863 +22,94 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/ioctl.h>
-#include <arpa/inet.h>
-#include <net/if.h>
-#include <ifaddrs.h>
#include <ctype.h>
#include "util/util.h"
-#include "confdb/confdb.h"
+#include "providers/ldap/sdap_dyndns.h"
#include "providers/ipa/ipa_common.h"
#include "providers/ipa/ipa_dyndns.h"
-#include "util/child_common.h"
#include "providers/data_provider.h"
-#include "providers/ldap/ldap_common.h"
-#include "providers/ldap/sdap_async_private.h"
-#include "resolv/async_resolv.h"
-
-#define IPA_DYNDNS_TIMEOUT 15
-
-#define IPA_DYNDNS_REMOVE_A 0x1
-#define IPA_DYNDNS_REMOVE_AAAA 0x2
-
-struct ipa_ipaddress {
- struct ipa_ipaddress *next;
- struct ipa_ipaddress *prev;
-
- struct sockaddr_storage *addr;
- bool matched;
-};
-
-struct ipa_dyndns_ctx {
- struct ipa_options *ipa_ctx;
- struct sdap_id_op* sdap_op;
- char *hostname;
- struct ipa_ipaddress *addresses;
- bool use_server_with_nsupdate;
- uint8_t remove_af;
- enum restrict_family family_order;
-};
-
-
-static struct tevent_req * ipa_dyndns_update_send(struct ipa_options *ctx);
-
-static void ipa_dyndns_update_done(struct tevent_req *req);
-
-static errno_t
-ipa_ipaddress_list_as_string_list(TALLOC_CTX *mem_ctx,
- struct ipa_ipaddress *ipa_addr_list,
- char ***_straddrs)
-{
- struct ipa_ipaddress *ipa_addr;
- size_t count;
- int ai;
- char **straddrs;
- const char *ip;
- char ip_addr[INET6_ADDRSTRLEN];
- errno_t ret;
-
- count = 0;
- DLIST_FOR_EACH(ipa_addr, ipa_addr_list) {
- count++;
- }
-
- straddrs = talloc_array(mem_ctx, char *, count+1);
- if (straddrs == NULL) {
- return ENOMEM;
- }
-
- ai = 0;
- DLIST_FOR_EACH(ipa_addr, ipa_addr_list) {
- switch(ipa_addr->addr->ss_family) {
- case AF_INET:
- errno = 0;
- ip = inet_ntop(ipa_addr->addr->ss_family,
- &(((struct sockaddr_in *)ipa_addr->addr)->sin_addr),
- ip_addr, INET6_ADDRSTRLEN);
- if (ip == NULL) {
- ret = errno;
- goto fail;
- }
- break;
-
- case AF_INET6:
- errno = 0;
- ip = inet_ntop(ipa_addr->addr->ss_family,
- &(((struct sockaddr_in6 *)ipa_addr->addr)->sin6_addr),
- ip_addr, INET6_ADDRSTRLEN);
- if (ip == NULL) {
- ret = errno;
- goto fail;
- }
- break;
-
- default:
- DEBUG(0, ("Unknown address family\n"));
- continue;
- }
-
- straddrs[ai] = talloc_strdup(straddrs, ip);
- if (straddrs[ai] == NULL) {
- ret = ENOMEM;
- goto fail;
- }
- ai++;
- }
-
- straddrs[count] = NULL;
- *_straddrs = straddrs;
- return EOK;
-
-fail:
- talloc_free(straddrs);
- return ret;
-}
+void ipa_dyndns_update(void *pvt);
errno_t ipa_dyndns_init(struct be_ctx *be_ctx,
struct ipa_options *ctx)
{
errno_t ret;
- ctx->resolv = be_ctx->be_res->resolv;
+ ctx->be_res = be_ctx->be_res;
+ if (ctx->be_res == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, ("Resolver must be initialized in order "
+ "to use the IPA dynamic DNS updates\n"));
+ return EINVAL;
+ }
ret = be_add_online_cb(be_ctx, be_ctx,
ipa_dyndns_update,
ctx, NULL);
if (ret != EOK) {
- DEBUG(1, ("Could not set up online callback\n"));
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Could not set up online callback\n"));
return ret;
}
return EOK;
}
+static struct tevent_req *ipa_dyndns_update_send(struct ipa_options *ctx);
+static errno_t ipa_dyndns_update_recv(struct tevent_req *req);
+
+static void ipa_dyndns_nsupdate_done(struct tevent_req *subreq);
+
void ipa_dyndns_update(void *pvt)
{
struct ipa_options *ctx = talloc_get_type(pvt, struct ipa_options);
struct tevent_req *req = ipa_dyndns_update_send(ctx);
if (req == NULL) {
- DEBUG(1, ("Could not update DNS\n"));
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Could not update DNS\n"));
return;
}
- tevent_req_set_callback(req, ipa_dyndns_update_done, NULL);
-}
-
-static bool ok_for_dns(struct sockaddr *sa)
-{
- char straddr[INET6_ADDRSTRLEN];
-
- if (sa->sa_family == AF_INET6) {
- struct in6_addr *addr = &((struct sockaddr_in6 *) sa)->sin6_addr;
-
- if (inet_ntop(AF_INET6, addr, straddr, INET6_ADDRSTRLEN) == NULL) {
- DEBUG(SSSDBG_MINOR_FAILURE,
- ("inet_ntop failed, won't log IP addresses\n"));
- snprintf(straddr, INET6_ADDRSTRLEN, "unknown");
- }
-
- if (IN6_IS_ADDR_LINKLOCAL(addr)) {
- DEBUG(SSSDBG_FUNC_DATA, ("Link local IPv6 address %s\n", straddr));
- return false;
- } else if (IN6_IS_ADDR_LOOPBACK(addr)) {
- DEBUG(SSSDBG_FUNC_DATA, ("Loopback IPv6 address %s\n", straddr));
- return false;
- } else if (IN6_IS_ADDR_MULTICAST(addr)) {
- DEBUG(SSSDBG_FUNC_DATA, ("Multicast IPv6 address %s\n", straddr));
- return false;
- }
- } else if (sa->sa_family == AF_INET) {
- struct in_addr *addr = &((struct sockaddr_in *) sa)->sin_addr;
-
- if (inet_ntop(AF_INET, addr, straddr, INET6_ADDRSTRLEN) == NULL) {
- DEBUG(SSSDBG_MINOR_FAILURE,
- ("inet_ntop failed, won't log IP addresses\n"));
- snprintf(straddr, INET6_ADDRSTRLEN, "unknown");
- }
-
- if (IN_MULTICAST(ntohl(addr->s_addr))) {
- DEBUG(SSSDBG_FUNC_DATA, ("Multicast IPv4 address %s\n", straddr));
- return false;
- } else if (inet_netof(*addr) == IN_LOOPBACKNET) {
- DEBUG(SSSDBG_FUNC_DATA, ("Loopback IPv4 address %s\n", straddr));
- return false;
- } else if ((addr->s_addr & 0xffff0000) == 0xa9fe0000) {
- /* 169.254.0.0/16 */
- DEBUG(SSSDBG_FUNC_DATA, ("Link-local IPv4 address %s\n", straddr));
- return false;
- } else if (addr->s_addr == htonl(INADDR_BROADCAST)) {
- DEBUG(SSSDBG_FUNC_DATA, ("Broadcast IPv4 address %s\n", straddr));
- return false;
- }
- } else {
- DEBUG(SSSDBG_CRIT_FAILURE, ("Unknown address family\n"));
- return false;
- }
-
- return true;
+ tevent_req_set_callback(req, ipa_dyndns_nsupdate_done, NULL);
}
-static void ipa_dyndns_sdap_connect_done(struct tevent_req *subreq);
-static int ipa_dyndns_add_ldap_iface(struct ipa_dyndns_ctx *state,
- struct sdap_handle *sh);
-static int ipa_dyndns_gss_tsig_update_step(struct tevent_req *req);
-
-static struct tevent_req *
-ipa_dyndns_gss_tsig_update_send(struct ipa_dyndns_ctx *ctx);
-
-static void ipa_dyndns_gss_tsig_update_done(struct tevent_req *subreq);
-
-static struct tevent_req *
-ipa_dyndns_update_send(struct ipa_options *ctx)
+static void ipa_dyndns_nsupdate_done(struct tevent_req *req)
{
- int ret;
- char *iface;
- struct ipa_dyndns_ctx *state;
- struct ifaddrs *ifaces;
- struct ifaddrs *ifa;
- struct ipa_ipaddress *address;
- struct tevent_req *req, *subreq;
- size_t addrsize;
- struct sdap_id_ctx *id_ctx = ctx->id_ctx->sdap_id_ctx;
-
- DEBUG (9, ("Performing update\n"));
-
- req = tevent_req_create(ctx, &state, struct ipa_dyndns_ctx);
- if (req == NULL) {
- return NULL;
- }
- state->ipa_ctx = ctx;
- state->use_server_with_nsupdate = false;
- state->family_order = id_ctx->be->be_res->family_order;
-
- iface = dp_opt_get_string(ctx->basic, IPA_DYNDNS_IFACE);
-
- if (iface) {
- /* Get the IP addresses associated with the
- * specified interface
- */
- errno = 0;
- ret = getifaddrs(&ifaces);
- if (ret == -1) {
- ret = errno;
- DEBUG(0, ("Could not read interfaces [%d][%s]\n",
- ret, strerror(ret)));
- goto failed;
- }
-
- for(ifa = ifaces; ifa != NULL; ifa=ifa->ifa_next) {
- /* Some interfaces don't have an ifa_addr */
- if (!ifa->ifa_addr) continue;
-
- /* Add IP addresses to the list */
- if((ifa->ifa_addr->sa_family == AF_INET ||
- ifa->ifa_addr->sa_family == AF_INET6) &&
- strcasecmp(ifa->ifa_name, iface) == 0 &&
- ok_for_dns(ifa->ifa_addr)) {
-
- /* Add this address to the IP address list */
- address = talloc_zero(state, struct ipa_ipaddress);
- if (!address) {
- goto failed;
- }
-
- addrsize = ifa->ifa_addr->sa_family == AF_INET ? \
- sizeof(struct sockaddr_in) : \
- sizeof(struct sockaddr_in6);
-
- address->addr = talloc_memdup(address, ifa->ifa_addr,
- addrsize);
- if(address->addr == NULL) {
- goto failed;
- }
- DLIST_ADD(state->addresses, address);
- }
- }
-
- freeifaddrs(ifaces);
-
- ret = ipa_dyndns_gss_tsig_update_step(req);
- if (ret != EOK) {
- goto failed;
- }
- }
-
- else {
- /* Detect DYNDNS interface from LDAP connection */
- state->sdap_op = sdap_id_op_create(state, state->ipa_ctx->id_ctx->sdap_id_ctx->conn_cache);
- if (!state->sdap_op) {
- DEBUG(1, ("sdap_id_op_create failed\n"));
- ret = ENOMEM;
- goto failed;
- }
-
- subreq = sdap_id_op_connect_send(state->sdap_op, state, &ret);
- if (!subreq) {
- DEBUG(1, ("sdap_id_op_connect_send failed: [%d](%s)\n",
- ret, strerror(ret)));
-
- goto failed;
- }
-
- tevent_req_set_callback(subreq, ipa_dyndns_sdap_connect_done, req);
- }
-
- return req;
-
-failed:
+ int ret = ipa_dyndns_update_recv(req);
talloc_free(req);
- return NULL;
-}
-
-static void ipa_dyndns_sdap_connect_done(struct tevent_req *subreq)
-{
- struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req);
- struct ipa_dyndns_ctx *state = tevent_req_data(req, struct ipa_dyndns_ctx);
- int ret, dp_error;
-
- ret = sdap_id_op_connect_recv(subreq, &dp_error);
- talloc_zfree(subreq);
-
- if (ret != EOK) {
- if (dp_error == DP_ERR_OFFLINE) {
- DEBUG(9,("No LDAP server is available, dynamic DNS update is skipped in OFFLINE mode.\n"));
- } else {
- DEBUG(9,("Failed to connect to LDAP server: [%d](%s)\n",
- ret, strerror(ret)));
- }
-
- goto failed;
- }
-
- ret = ipa_dyndns_add_ldap_iface(state, sdap_id_op_handle(state->sdap_op));
- talloc_zfree(state->sdap_op);
if (ret != EOK) {
- goto failed;
- }
-
- ret = ipa_dyndns_gss_tsig_update_step(req);
- if (ret != EOK) {
- goto failed;
- }
-
- return;
-
-failed:
- tevent_req_error(req, ret);
-}
-
-static int ipa_dyndns_add_ldap_iface(struct ipa_dyndns_ctx *state,
- struct sdap_handle *sh)
-{
- int ret;
- int fd;
- struct ipa_ipaddress *address;
- struct sockaddr_storage ss;
- socklen_t ss_len = sizeof(ss);
-
- if (!sh) {
- return EINVAL;
- }
-
- /* Get the file descriptor for the primary LDAP connection */
- ret = get_fd_from_ldap(sh->ldap, &fd);
- if (ret != EOK) {
- return ret;
- }
-
- errno = 0;
- ret = getsockname(fd, (struct sockaddr *) &ss, &ss_len);
- if (ret == -1) {
- ret = errno;
- DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to get socket name\n"));
- return ret;
- }
-
- switch(ss.ss_family) {
- case AF_INET:
- case AF_INET6:
- address = talloc(state, struct ipa_ipaddress);
- if (!address) {
- return ENOMEM;
- }
- address->addr = talloc_memdup(address, &ss,
- sizeof(struct sockaddr_storage));
- if(address->addr == NULL) {
- talloc_zfree(address);
- return ENOMEM;
- }
- DLIST_ADD(state->addresses, address);
- break;
- default:
- DEBUG(1, ("Connection to LDAP is neither IPv4 nor IPv6\n"));
- return EIO;
- }
-
- return EOK;
-}
-
-static struct tevent_req *
-ipa_dyndns_update_get_addrs_send(TALLOC_CTX *mem_ctx,
- struct ipa_dyndns_ctx *ctx,
- enum restrict_family family_order);
-static errno_t
-ipa_dyndns_update_get_addrs_recv(struct tevent_req *req,
- TALLOC_CTX *mem_ctx,
- char ***_addrlist);
-
-static errno_t
-ipa_dyndns_gss_tsig_update_setup_check(struct ipa_dyndns_ctx *state);
-static void
-ipa_dyndns_gss_tsig_update_check(struct tevent_req *subreq);
-
-static int ipa_dyndns_gss_tsig_update_step(struct tevent_req *req)
-{
- struct ipa_dyndns_ctx *state = tevent_req_data(req, struct ipa_dyndns_ctx);
- char *ipa_hostname;
- struct tevent_req *subreq;
- errno_t ret;
-
- /* Get the IPA hostname */
- ipa_hostname = dp_opt_get_string(state->ipa_ctx->basic,
- IPA_HOSTNAME);
- if (!ipa_hostname) {
- /* This should never happen, but we'll protect
- * against it anyway.
- */
- return EINVAL;
- }
-
- state->hostname = talloc_strdup(state, ipa_hostname);
- if (state->hostname == NULL) {
- return ENOMEM;
- }
-
- DEBUG(7, ("Checking if the update is needed\n"));
-
- ret = ipa_dyndns_gss_tsig_update_setup_check(state);
- if (ret != EOK) {
- return ret;
- }
-
- subreq = ipa_dyndns_update_get_addrs_send(state, state,
- state->family_order);
- if (subreq == NULL) {
- return ENOMEM;
- }
- tevent_req_set_callback(subreq,
- ipa_dyndns_gss_tsig_update_check,
- req);
- return EOK;
-}
-
-static errno_t
-ipa_dyndns_gss_tsig_update_setup_check(struct ipa_dyndns_ctx *state)
-{
- if (dp_opt_get_string(state->ipa_ctx->basic, IPA_DYNDNS_IFACE)) {
- /* Unless one family is restricted, just replace all
- * address families during the update
- */
- switch (state->family_order) {
- case IPV4_ONLY:
- state->remove_af |= IPA_DYNDNS_REMOVE_A;
- break;
- case IPV6_ONLY:
- state->remove_af |= IPA_DYNDNS_REMOVE_AAAA;
- break;
- case IPV4_FIRST:
- case IPV6_FIRST:
- state->remove_af |= (IPA_DYNDNS_REMOVE_A |
- IPA_DYNDNS_REMOVE_AAAA);
- break;
- }
- } else {
- /* If the interface isn't specified, we ONLY want to have the address
- * that's connected to the LDAP server stored, so we need to check
- * (and later remove) both address families.
- */
- state->family_order = IPV4_FIRST;
- state->remove_af = (IPA_DYNDNS_REMOVE_A |
- IPA_DYNDNS_REMOVE_AAAA);
- }
-
- return EOK;
-}
-
-static void
-ipa_dyndns_gss_tsig_update_check(struct tevent_req *subreq)
-{
- struct tevent_req *req =
- tevent_req_callback_data(subreq, struct tevent_req);
- struct ipa_dyndns_ctx *state = tevent_req_data(req,
- struct ipa_dyndns_ctx);
-
- errno_t ret;
- char **str_dnslist = NULL, **str_local_list = NULL;
- char **dns_only = NULL, **local_only = NULL;
- bool do_update = false;
- int i;
- TALLOC_CTX *tmp_ctx;
-
- tmp_ctx = talloc_new(NULL);
- if (!tmp_ctx) {
- ret = ENOMEM;
- goto fail;
- }
-
- ret = ipa_dyndns_update_get_addrs_recv(subreq, tmp_ctx, &str_dnslist);
- talloc_zfree(subreq);
- if (ret != EOK) {
- DEBUG(3, ("Getting the current list of addresses failed [%d]: %s\n",
- ret, strerror(ret)));
- goto fail;
- }
-
- ret = ipa_ipaddress_list_as_string_list(tmp_ctx,
- state->addresses, &str_local_list);
- if (ret != EOK) {
- DEBUG(3, ("Converting DNS IP addresses to strings failed: [%d]: %s\n",
- ret, strerror(ret)));
- goto fail;
- }
-
- /* Compare the lists */
- ret = diff_string_lists(tmp_ctx, str_dnslist, str_local_list,
- &dns_only, &local_only, NULL);
- if (ret != EOK) {
- DEBUG(3, ("diff_string_lists failed: [%d]: %s\n", ret, strerror(ret)));
- goto fail;
- }
-
- if (dns_only) {
- for (i=0; dns_only[i]; i++) {
- DEBUG(7, ("Address in DNS only: %s\n", dns_only[i]));
- do_update = true;
- }
- }
-
- if (local_only) {
- for (i=0; local_only[i]; i++) {
- DEBUG(7, ("Address on localhost only: %s\n", local_only[i]));
- do_update = true;
- }
- }
-
- if (do_update) {
- DEBUG(6, ("Detected IP addresses change, will perform an update\n"));
- subreq = ipa_dyndns_gss_tsig_update_send(state);
- if(subreq == NULL) {
- ret = ENOMEM;
- goto fail;
- }
- tevent_req_set_callback(subreq,
- ipa_dyndns_gss_tsig_update_done,
- req);
- talloc_free(tmp_ctx);
+ DEBUG(SSSDBG_OP_FAILURE, ("Updating DNS entry failed [%d]: %s\n",
+ ret, sss_strerror(ret)));
return;
}
- DEBUG(6, ("No DNS update needed, addresses did not change\n"));
- tevent_req_done(req);
- talloc_free(tmp_ctx);
- return;
-
-fail:
- talloc_free(tmp_ctx);
- tevent_req_error(req, ret);
+ DEBUG(SSSDBG_OP_FAILURE, ("DNS update finished\n"));
}
-struct ipa_dyndns_update_get_addrs_state {
- struct ipa_dyndns_ctx *dctx;
-
- enum host_database *db;
- enum restrict_family family_order;
-
- char **addrlist;
- size_t count;
+struct ipa_dyndns_update_state {
+ struct ipa_options *ipa_ctx;
};
-static void ipa_dyndns_update_get_addrs_done(struct tevent_req *subreq);
-static errno_t ipa_dyndns_update_get_addrs_step(struct tevent_req *req);
+static void ipa_dyndns_sdap_update_done(struct tevent_req *subreq);
static struct tevent_req *
-ipa_dyndns_update_get_addrs_send(TALLOC_CTX *mem_ctx,
- struct ipa_dyndns_ctx *ctx,
- enum restrict_family family_order)
-{
- errno_t ret;
- struct tevent_req *req;
- struct ipa_dyndns_update_get_addrs_state *state;
- struct sdap_id_ctx *id_ctx = ctx->ipa_ctx->id_ctx->sdap_id_ctx;
-
- req = tevent_req_create(mem_ctx, &state,
- struct ipa_dyndns_update_get_addrs_state);
- if (req == NULL) {
- return NULL;
- }
- state->dctx = ctx;
- state->family_order = family_order;
-
- state->db = talloc_array(state, enum host_database, 2);
- if (state->db == NULL) {
- ret = ENOMEM;
- goto immediate;
- }
- state->db[0] = DB_DNS;
- state->db[1] = DB_SENTINEL;
-
- ret = ipa_dyndns_update_get_addrs_step(req);
- if (ret != EOK) {
- goto immediate;
- }
-
-immediate:
- if (ret != EOK) {
- tevent_req_error(req, ret);
- tevent_req_post(req, id_ctx->be->ev);
- }
- return req;
-}
-
-static errno_t
-ipa_dyndns_update_get_addrs_step(struct tevent_req *req)
-{
- struct tevent_req *subreq;
- struct ipa_dyndns_update_get_addrs_state *state = tevent_req_data(req,
- struct ipa_dyndns_update_get_addrs_state);
- struct ipa_id_ctx *ipa_id_ctx = state->dctx->ipa_ctx->id_ctx;
-
- subreq = resolv_gethostbyname_send(state,
- ipa_id_ctx->sdap_id_ctx->be->ev,
- state->dctx->ipa_ctx->resolv,
- state->dctx->hostname,
- state->family_order,
- state->db);
- if (!subreq) {
- return ENOMEM;
- }
-
- tevent_req_set_callback(subreq, ipa_dyndns_update_get_addrs_done, req);
- return EOK;
-}
-
-static void
-ipa_dyndns_update_get_addrs_done(struct tevent_req *subreq)
+ipa_dyndns_update_send(struct ipa_options *ctx)
{
int ret;
- size_t count;
- struct tevent_req *req =
- tevent_req_callback_data(subreq, struct tevent_req);
- struct ipa_dyndns_update_get_addrs_state *state = tevent_req_data(req,
- struct ipa_dyndns_update_get_addrs_state);
- struct resolv_hostent *rhostent;
+ struct ipa_dyndns_update_state *state;
+ struct tevent_req *req, *subreq;
+ struct sdap_id_ctx *sdap_ctx = ctx->id_ctx->sdap_id_ctx;
+ char *dns_zone;
+ const char *servername;
int i;
- int resolv_status;
-
- ret = resolv_gethostbyname_recv(subreq, state, &resolv_status, NULL,
- &rhostent);
- talloc_zfree(subreq);
-
- /* If the retry did not match, simply quit */
- if (ret == ENOENT) {
- /* If the resolver is set to honor both address families
- * retry the second one
- */
- if (state->family_order == IPV4_FIRST ||
- state->family_order == IPV6_FIRST) {
-
- state->family_order = (state->family_order == IPV4_FIRST) ? \
- IPV6_ONLY : IPV4_ONLY;
-
- ret = ipa_dyndns_update_get_addrs_step(req);
- if (ret != EOK) {
- tevent_req_error(req, ret);
- }
- return;
- }
-
- /* Nothing to retry, simply quit */
- tevent_req_done(req);
- return;
- } else if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE,
- ("Could not resolve address for this machine, error [%d]: %s, "
- "resolver returned: [%d]: %s\n", ret, strerror(ret),
- resolv_status, resolv_strerror(resolv_status)));
- tevent_req_error(req, ret);
- return;
- }
-
- /* EOK */
-
- if (rhostent->addr_list) {
- for (count=0; rhostent->addr_list[count]; count++);
- } else {
- /* The address list is NULL. This is probably a bug in
- * c-ares, but we need to handle it gracefully.
- */
- DEBUG(SSSDBG_MINOR_FAILURE,
- ("Lookup of [%s] returned no addresses. Skipping.\n",
- rhostent->name));
- count = 0;
- }
-
- state->addrlist = talloc_realloc(state, state->addrlist, char *,
- state->count + count + 1);
- if (!state->addrlist) {
- tevent_req_error(req, ENOMEM);
- return;
- }
-
- for (i=0; i < count; i++) {
- state->addrlist[state->count + i] = \
- resolv_get_string_address_index(state->addrlist,
- rhostent, i);
-
- if (state->addrlist[state->count + i] == NULL) {
- tevent_req_error(req, ENOMEM);
- return;
- }
- }
- state->count += count;
- state->addrlist[state->count] = NULL;
-
- /* If the resolver is set to honor both address families
- * and the first one matched, retry the second one to
- * get the complete list.
- */
- if (((state->family_order == IPV4_FIRST &&
- rhostent->family == AF_INET) ||
- (state->family_order == IPV6_FIRST &&
- rhostent->family == AF_INET6))) {
-
- state->family_order = (state->family_order == IPV4_FIRST) ? \
- IPV6_ONLY : IPV4_ONLY;
-
- ret = ipa_dyndns_update_get_addrs_step(req);
- if (ret != EOK) {
- tevent_req_error(req, ret);
- }
- return;
- }
-
- /* The second address matched either immediatelly or after a retry.
- * No need to retry again. */
- tevent_req_done(req);
- return;
-}
-
-static errno_t
-ipa_dyndns_update_get_addrs_recv(struct tevent_req *req,
- TALLOC_CTX *mem_ctx,
- char ***_addrlist)
-{
- struct ipa_dyndns_update_get_addrs_state *state = tevent_req_data(req,
- struct ipa_dyndns_update_get_addrs_state);
-
- TEVENT_REQ_RETURN_ON_ERROR(req);
-
- *_addrlist = talloc_steal(mem_ctx, state->addrlist);
- return EOK;
-}
-
-struct ipa_nsupdate_ctx {
- char *update_msg;
- struct ipa_dyndns_ctx *dyndns_ctx;
- int pipefd_to_child;
- struct tevent_timer *timeout_handler;
- int child_status;
-};
-
-
-static int create_nsupdate_message(struct ipa_nsupdate_ctx *ctx,
- uint8_t remove_af,
- bool use_server_with_nsupdate);
-
-static struct tevent_req *
-fork_nsupdate_send(struct ipa_nsupdate_ctx *ctx);
-
-static void fork_nsupdate_done(struct tevent_req *subreq);
-static struct tevent_req *
-ipa_dyndns_gss_tsig_update_send(struct ipa_dyndns_ctx *ctx)
-{
- int ret;
- struct ipa_nsupdate_ctx *state;
- struct tevent_req *req;
- struct tevent_req *subreq;
+ DEBUG(SSSDBG_TRACE_FUNC, ("Performing update\n"));
- req = tevent_req_create(ctx, &state, struct ipa_nsupdate_ctx);
- if(req == NULL) {
+ req = tevent_req_create(ctx, &state, struct ipa_dyndns_update_state);
+ if (req == NULL) {
return NULL;
}
- state->dyndns_ctx = ctx;
- state->child_status = 0;
-
- /* Format the message to pass to the nsupdate command */
- ret = create_nsupdate_message(state, ctx->remove_af,
- ctx->use_server_with_nsupdate);
- if (ret != EOK) {
- goto failed;
- }
-
- /* Fork a child process to perform the DNS update */
- subreq = fork_nsupdate_send(state);
- if(subreq == NULL) {
- goto failed;
- }
- tevent_req_set_callback(subreq, fork_nsupdate_done, req);
-
- return req;
-
-failed:
- talloc_free(req);
- return NULL;
-}
-
-struct nsupdate_send_ctx {
- struct ipa_nsupdate_ctx *nsupdate_ctx;
- int child_status;
-};
-
-static int create_nsupdate_message(struct ipa_nsupdate_ctx *ctx,
- uint8_t remove_af,
- bool use_server_with_nsupdate)
-{
- int ret, i, ttl;
- char *servername = NULL;
- char *realm;
- char *realm_directive;
- char *zone;
- char ip_addr[INET6_ADDRSTRLEN];
- const char *ip;
- struct ipa_ipaddress *new_record;
- TALLOC_CTX *tmp_ctx;
-
- tmp_ctx = talloc_new(NULL);
- if (!tmp_ctx) return ENOMEM;
-
- realm = dp_opt_get_string(ctx->dyndns_ctx->ipa_ctx->basic, IPA_KRB5_REALM);
- if (!realm) {
- ret = EIO;
- goto done;
- }
-
-#ifdef HAVE_NSUPDATE_REALM
- realm_directive = talloc_asprintf(tmp_ctx, "realm %s\n", realm);
-#else
- realm_directive = talloc_asprintf(tmp_ctx, "");
-#endif
- if (!realm_directive) {
- ret = ENOMEM;
- goto done;
- }
+ state->ipa_ctx = ctx;
- zone = dp_opt_get_string(ctx->dyndns_ctx->ipa_ctx->basic,
- IPA_DOMAIN);
- if (!zone) {
+ dns_zone = dp_opt_get_string(ctx->basic, IPA_DOMAIN);
+ if (!dns_zone) {
ret = EIO;
goto done;
}
@@ -886,333 +117,63 @@ static int create_nsupdate_message(struct ipa_nsupdate_ctx *ctx,
/* The DNS zone for IPA is the lower-case
* version of the IPA domain
*/
- for(i = 0; zone[i] != '\0'; i++) {
- zone[i] = tolower(zone[i]);
+ for (i = 0; dns_zone[i] != '\0'; i++) {
+ dns_zone[i] = tolower(dns_zone[i]);
}
- if (use_server_with_nsupdate) {
- if (strncmp(ctx->dyndns_ctx->ipa_ctx->service->sdap->uri,
- "ldap://", 7) != 0) {
- DEBUG(1, ("Unexpected format of LDAP URI.\n"));
- ret = EIO;
- goto done;
- }
- servername = ctx->dyndns_ctx->ipa_ctx->service->sdap->uri + 7;
- if (!servername) {
- ret = EIO;
- goto done;
- }
-
- DEBUG(SSSDBG_FUNC_DATA,
- ("Creating update message for server [%s], realm [%s] "
- "and zone [%s].\n", servername, realm, zone));
-
- /* Add the server, realm and zone headers */
- ctx->update_msg = talloc_asprintf(ctx, "server %s\n%szone %s.\n",
- servername, realm_directive,
- zone);
- } else {
- DEBUG(SSSDBG_FUNC_DATA,
- ("Creating update message for realm [%s] and zone [%s].\n",
- realm, zone));
-
- /* Add the realm and zone headers */
- ctx->update_msg = talloc_asprintf(ctx, "%szone %s.\n",
- realm_directive, zone);
- }
- if (ctx->update_msg == NULL) {
- ret = ENOMEM;
+ if (strncmp(ctx->service->sdap->uri,
+ "ldap://", 7) != 0) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Unexpected format of LDAP URI.\n"));
+ ret = EIO;
goto done;
}
-
- /* Get the TTL details for the record(s) */
-
- ttl = dp_opt_get_int(ctx->dyndns_ctx->ipa_ctx->basic,
- IPA_DYNDNS_TTL);
- /* Should not happen but just in case set the default */
- if (!ttl) {
- ttl = 1200;
- }
-
- /* Remove existing entries as needed */
- if (remove_af & IPA_DYNDNS_REMOVE_A) {
- ctx->update_msg = talloc_asprintf_append(ctx->update_msg,
- "update delete %s. in A\nsend\n",
- ctx->dyndns_ctx->hostname);
- if (ctx->update_msg == NULL) {
- ret = ENOMEM;
- goto done;
- }
- }
- if (remove_af & IPA_DYNDNS_REMOVE_AAAA) {
- ctx->update_msg = talloc_asprintf_append(ctx->update_msg,
- "update delete %s. in AAAA\nsend\n",
- ctx->dyndns_ctx->hostname);
- if (ctx->update_msg == NULL) {
- ret = ENOMEM;
- goto done;
- }
- }
-
- DLIST_FOR_EACH(new_record, ctx->dyndns_ctx->addresses) {
- switch(new_record->addr->ss_family) {
- case AF_INET:
- ip = inet_ntop(new_record->addr->ss_family,
- &(((struct sockaddr_in *)new_record->addr)->sin_addr),
- ip_addr, INET6_ADDRSTRLEN);
- if (ip == NULL) {
- ret = EIO;
- goto done;
- }
- break;
-
- case AF_INET6:
- ip = inet_ntop(new_record->addr->ss_family,
- &(((struct sockaddr_in6 *)new_record->addr)->sin6_addr),
- ip_addr, INET6_ADDRSTRLEN);
- if (ip == NULL) {
- ret = EIO;
- goto done;
- }
- break;
-
- default:
- DEBUG(0, ("Unknown address family\n"));
- ret = EIO;
- goto done;
- }
-
- /* Format the record update */
- ctx->update_msg = talloc_asprintf_append(
- ctx->update_msg,
- "update add %s. %d in %s %s\n",
- ctx->dyndns_ctx->hostname,
- ttl,
- new_record->addr->ss_family == AF_INET ? "A" : "AAAA",
- ip_addr);
- if (ctx->update_msg == NULL) {
- ret = ENOMEM;
- goto done;
- }
+ servername = ctx->service->sdap->uri + 7;
+ if (!servername) {
+ ret = EIO;
+ goto done;
}
- ctx->update_msg = talloc_asprintf_append(ctx->update_msg, "send\n");
- if (ctx->update_msg == NULL) {
- ret = ENOMEM;
+ subreq = sdap_dyndns_update_send(state, sdap_ctx->be->ev,
+ sdap_ctx->be, sdap_ctx,
+ dp_opt_get_string(ctx->basic,
+ IPA_DYNDNS_IFACE),
+ dp_opt_get_string(ctx->basic,
+ IPA_HOSTNAME),
+ dns_zone,
+ dp_opt_get_string(ctx->basic,
+ IPA_KRB5_REALM),
+ servername,
+ dp_opt_get_int(ctx->basic,
+ IPA_DYNDNS_TTL),
+ true);
+ if (!subreq) {
+ ret = EIO;
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("sdap_id_op_connect_send failed: [%d](%s)\n",
+ ret, sss_strerror(ret)));
goto done;
}
-
- DEBUG(SSSDBG_TRACE_FUNC,
- (" -- Begin nsupdate message -- \n%s",
- ctx->update_msg));
- DEBUG(SSSDBG_TRACE_FUNC,
- (" -- End nsupdate message -- \n"));
+ tevent_req_set_callback(subreq, ipa_dyndns_sdap_update_done, req);
ret = EOK;
-
done:
- talloc_free(tmp_ctx);
- return ret;
-}
-
-static void ipa_dyndns_stdin_done(struct tevent_req *subreq);
-
-static void ipa_dyndns_child_handler(int child_status,
- struct tevent_signal *sige,
- void *pvt);
-
-static void ipa_dyndns_timeout(struct tevent_context *ev,
- struct tevent_timer *te,
- struct timeval tv, void *pvt);
-
-static struct tevent_req *
-fork_nsupdate_send(struct ipa_nsupdate_ctx *ctx)
-{
- int pipefd_to_child[2];
- pid_t pid;
- int ret;
- errno_t err;
- struct timeval tv;
- struct tevent_req *req = NULL;
- struct tevent_req *subreq = NULL;
- struct nsupdate_send_ctx *state;
- char *args[3];
-
- req = tevent_req_create(ctx, &state, struct nsupdate_send_ctx);
- if (req == NULL) {
- return NULL;
- }
- state->nsupdate_ctx = ctx;
- state->child_status = 0;
-
- ret = pipe(pipefd_to_child);
- if (ret == -1) {
- err = errno;
- DEBUG(1, ("pipe failed [%d][%s].\n", err, strerror(err)));
- return NULL;
- }
-
- pid = fork();
-
- if (pid == 0) { /* child */
- args[0] = talloc_strdup(ctx, NSUPDATE_PATH);
- args[1] = talloc_strdup(ctx, "-g");
- args[2] = NULL;
- if (args[0] == NULL || args[1] == NULL) {
- return NULL;
- }
-
- close(pipefd_to_child[1]);
- ret = dup2(pipefd_to_child[0], STDIN_FILENO);
- if (ret == -1) {
- err = errno;
- DEBUG(1, ("dup2 failed [%d][%s].\n", err, strerror(err)));
- return NULL;
- }
-
- errno = 0;
- execv(NSUPDATE_PATH, args);
- err = errno;
- DEBUG(SSSDBG_CRIT_FAILURE, ("execv failed [%d][%s].\n", err, strerror(err)));
- return NULL;
- }
-
- else if (pid > 0) { /* parent */
- close(pipefd_to_child[0]);
-
- ctx->pipefd_to_child = pipefd_to_child[1];
-
- /* Write the update message to the nsupdate child */
- subreq = write_pipe_send(req,
- ctx->dyndns_ctx->ipa_ctx->id_ctx->sdap_id_ctx->be->ev,
- (uint8_t *)ctx->update_msg,
- strlen(ctx->update_msg)+1,
- ctx->pipefd_to_child);
- if (subreq == NULL) {
- return NULL;
- }
- tevent_req_set_callback(subreq, ipa_dyndns_stdin_done, req);
-
- /* Set up SIGCHLD handler */
- ret = child_handler_setup(ctx->dyndns_ctx->ipa_ctx->id_ctx->sdap_id_ctx->be->ev,
- pid, ipa_dyndns_child_handler, req);
- if (ret != EOK) {
- return NULL;
- }
-
- /* Set up timeout handler */
- tv = tevent_timeval_current_ofs(IPA_DYNDNS_TIMEOUT, 0);
- ctx->timeout_handler = tevent_add_timer(
- ctx->dyndns_ctx->ipa_ctx->id_ctx->sdap_id_ctx->be->ev,
- req, tv, ipa_dyndns_timeout, req);
- if(ctx->timeout_handler == NULL) {
- return NULL;
- }
- }
-
- else { /* error */
- err = errno;
- DEBUG(1, ("fork failed [%d][%s].\n", err, strerror(err)));
- return NULL;
- }
-
- return req;
-}
-
-static void ipa_dyndns_timeout(struct tevent_context *ev,
- struct tevent_timer *te,
- struct timeval tv, void *pvt)
-{
- struct tevent_req *req =
- talloc_get_type(pvt, struct tevent_req);
-
- DEBUG(1, ("Timeout reached for dynamic DNS update\n"));
-
- tevent_req_error(req, ETIMEDOUT);
-}
-
-static void ipa_dyndns_stdin_done(struct tevent_req *subreq)
-{
- /* Verify that the buffer was sent, then return
- * and wait for the sigchld handler to finish.
- */
- DEBUG(9, ("Sending nsupdate data complete\n"));
-
- int ret;
- struct tevent_req *req =
- tevent_req_callback_data(subreq, struct tevent_req);
- struct nsupdate_send_ctx *state =
- tevent_req_data(req, struct nsupdate_send_ctx);
-
- ret = write_pipe_recv(subreq);
- talloc_zfree(subreq);
if (ret != EOK) {
- DEBUG(1, ("Sending nsupdate data failed\n"));
tevent_req_error(req, ret);
- return;
+ tevent_req_post(req, sdap_ctx->be->ev);
}
-
- close(state->nsupdate_ctx->pipefd_to_child);
- state->nsupdate_ctx->pipefd_to_child = -1;
-}
-
-static void ipa_dyndns_child_handler(int child_status,
- struct tevent_signal *sige,
- void *pvt)
-{
- struct tevent_req *req = talloc_get_type(pvt, struct tevent_req);
- struct nsupdate_send_ctx *state =
- tevent_req_data(req, struct nsupdate_send_ctx);
-
- state->child_status = child_status;
-
- if (WIFEXITED(child_status) && WEXITSTATUS(child_status) != 0) {
- DEBUG(1, ("Dynamic DNS child failed with status [%d]\n",
- child_status));
- tevent_req_error(req, EIO);
- return;
- }
-
- if WIFSIGNALED(child_status) {
- DEBUG(1, ("Dynamic DNS child was terminated by signal [%d]\n",
- WTERMSIG(child_status)));
- tevent_req_error(req, EIO);
- return;
- }
-
- tevent_req_done(req);
-}
-
-static int ipa_dyndns_child_recv(struct tevent_req *req, int *child_status)
-{
- struct nsupdate_send_ctx *state =
- tevent_req_data(req, struct nsupdate_send_ctx);
-
- *child_status = state->child_status;
-
- TEVENT_REQ_RETURN_ON_ERROR(req);
-
- return EOK;
-}
-
-static int ipa_dyndns_generic_recv(struct tevent_req *req)
-{
- TEVENT_REQ_RETURN_ON_ERROR(req);
-
- return EOK;
+ return req;
}
-static void fork_nsupdate_done(struct tevent_req *subreq)
+static void ipa_dyndns_sdap_update_done(struct tevent_req *subreq)
{
- int ret;
- struct tevent_req *req =
- tevent_req_callback_data(subreq, struct tevent_req);
- struct ipa_nsupdate_ctx *state = tevent_req_data(req,
- struct ipa_nsupdate_ctx);
+ struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req);
+ errno_t ret;
- ret = ipa_dyndns_child_recv(subreq, &state->child_status);
+ ret = sdap_dyndns_update_recv(subreq);
talloc_zfree(subreq);
if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("Dynamic DNS update failed [%d]: %s\n", ret, sss_strerror(ret)));
tevent_req_error(req, ret);
return;
}
@@ -1220,59 +181,9 @@ static void fork_nsupdate_done(struct tevent_req *subreq)
tevent_req_done(req);
}
-static int fork_nsupdate_recv(struct tevent_req *req, int *child_status)
+static errno_t ipa_dyndns_update_recv(struct tevent_req *req)
{
- struct ipa_nsupdate_ctx *state =
- tevent_req_data(req, struct ipa_nsupdate_ctx);
-
- *child_status = state->child_status;
-
TEVENT_REQ_RETURN_ON_ERROR(req);
return EOK;
}
-
-static void ipa_dyndns_gss_tsig_update_done(struct tevent_req *subreq)
-{
- /* Check the return code from the sigchld handler
- * and return it to the parent request.
- */
- int ret;
- int child_status;
-
- struct tevent_req *req =
- tevent_req_callback_data(subreq, struct tevent_req);
- struct ipa_dyndns_ctx *state = tevent_req_data(req, struct ipa_dyndns_ctx);
-
- ret = fork_nsupdate_recv(subreq, &child_status);
- talloc_zfree(subreq);
- if (ret != EOK) {
- if (state->use_server_with_nsupdate == false &&
- WIFEXITED(child_status) && WEXITSTATUS(child_status) != 0) {
- DEBUG(9, ("nsupdate failed, retrying with server name.\n"));
- state->use_server_with_nsupdate = true;
- ret = ipa_dyndns_gss_tsig_update_step(req);
- if (ret != EOK) {
- tevent_req_error(req, ret);
- }
- return;
- } else {
- tevent_req_error(req, ret);
- return;
- }
- }
-
- tevent_req_done(req);
-}
-
-static void ipa_dyndns_update_done(struct tevent_req *req)
-{
- int ret = ipa_dyndns_generic_recv(req);
- talloc_free(req);
- if (ret != EOK) {
- DEBUG(1, ("Updating DNS entry failed\n"));
- return;
- }
-
- DEBUG(1, ("DNS update finished\n"));
-}
diff --git a/src/providers/ldap/sdap_dyndns.c b/src/providers/ldap/sdap_dyndns.c
new file mode 100644
index 00000000..e7fad7ba
--- /dev/null
+++ b/src/providers/ldap/sdap_dyndns.c
@@ -0,0 +1,498 @@
+/*
+ SSSD
+
+ sdap_dyndns.c: LDAP specific dynamic DNS update
+
+ Authors:
+ Jakub Hrozek <jhrozek@redhat.com>
+
+ Copyright (C) 2013 Red Hat
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "util/util.h"
+#include "resolv/async_resolv.h"
+#include "providers/dp_backend.h"
+#include "providers/dp_dyndns.h"
+#include "providers/ldap/sdap_async_private.h"
+#include "providers/ldap/sdap_id_op.h"
+#include "providers/ldap/ldap_common.h"
+
+static struct tevent_req *
+sdap_dyndns_get_addrs_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct sdap_id_ctx *sdap_ctx,
+ const char *iface);
+static errno_t
+sdap_dyndns_get_addrs_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ struct sss_iface_addr **_addresses);
+
+struct sdap_dyndns_update_state {
+ struct tevent_context *ev;
+ struct be_resolv_ctx *be_res;
+
+ const char *hostname;
+ const char *dns_zone;
+ const char *realm;
+ const char *servername;
+ int ttl;
+
+ struct sss_iface_addr *addresses;
+ uint8_t remove_af;
+
+ bool check_diff;
+ bool use_server_with_nsupdate;
+ char *update_msg;
+};
+
+static void sdap_dyndns_update_addrs_done(struct tevent_req *subreq);
+static void sdap_dyndns_addrs_check_done(struct tevent_req *subreq);
+static errno_t sdap_dyndns_update_step(struct tevent_req *req);
+static void sdap_dyndns_update_done(struct tevent_req *subreq);
+
+struct tevent_req *
+sdap_dyndns_update_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct be_ctx *be_ctx,
+ struct sdap_id_ctx *sdap_ctx,
+ const char *ifname,
+ const char *hostname,
+ const char *dns_zone,
+ const char *realm,
+ const char *servername,
+ const int ttl,
+ bool check_diff)
+{
+ errno_t ret;
+ struct tevent_req *req;
+ struct tevent_req *subreq;
+ struct sdap_dyndns_update_state *state;
+
+ req = tevent_req_create(mem_ctx, &state, struct sdap_dyndns_update_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->check_diff = check_diff;
+ state->hostname = hostname;
+ state->dns_zone = dns_zone;
+ state->realm = realm;
+ state->servername = servername;
+ state->use_server_with_nsupdate = false;
+ state->ttl = ttl;
+ state->be_res = be_ctx->be_res;
+ state->ev = ev;
+
+ if (ifname) {
+ /* Unless one family is restricted, just replace all
+ * address families during the update
+ */
+ switch (state->be_res->family_order) {
+ case IPV4_ONLY:
+ state->remove_af |= DYNDNS_REMOVE_A;
+ break;
+ case IPV6_ONLY:
+ state->remove_af |= DYNDNS_REMOVE_AAAA;
+ break;
+ case IPV4_FIRST:
+ case IPV6_FIRST:
+ state->remove_af |= (DYNDNS_REMOVE_A |
+ DYNDNS_REMOVE_AAAA);
+ break;
+ }
+ } else {
+ /* If the interface isn't specified, we ONLY want to have the address
+ * that's connected to the LDAP server stored, so we need to check
+ * (and later remove) both address families.
+ */
+ state->remove_af = (DYNDNS_REMOVE_A | DYNDNS_REMOVE_AAAA);
+ }
+
+ subreq = sdap_dyndns_get_addrs_send(state, state->ev, sdap_ctx, ifname);
+ if (!subreq) {
+ ret = EIO;
+ DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_connect_send failed: [%d](%s)\n",
+ ret, sss_strerror(ret)));
+ goto done;
+ }
+ tevent_req_set_callback(subreq, sdap_dyndns_update_addrs_done, req);
+
+ ret = EOK;
+done:
+ if (ret != EOK) {
+ tevent_req_error(req, ret);
+ tevent_req_post(req, ev);
+ }
+ return req;
+}
+
+static void
+sdap_dyndns_update_addrs_done(struct tevent_req *subreq)
+{
+ errno_t ret;
+ struct tevent_req *req;
+ struct sdap_dyndns_update_state *state;
+
+ req = tevent_req_callback_data(subreq, struct tevent_req);
+ state = tevent_req_data(req, struct sdap_dyndns_update_state);
+
+ ret = sdap_dyndns_get_addrs_recv(subreq, state, &state->addresses);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, ("Can't get addresses for DNS update\n"));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ if (state->check_diff) {
+ /* Check if we need the update at all */
+ subreq = nsupdate_get_addrs_send(state, state->ev,
+ state->be_res, state->hostname);
+ if (subreq == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, ("Can't initiate address check\n"));
+ tevent_req_error(req, ret);
+ return;
+ }
+ tevent_req_set_callback(subreq, sdap_dyndns_addrs_check_done, req);
+ return;
+ }
+
+ /* Perform update */
+ ret = sdap_dyndns_update_step(req);
+ if (ret != EOK) {
+ tevent_req_error(req, ret);
+ return;
+ }
+ /* Execution will resume in sdap_dyndns_update_done */
+}
+
+static void
+sdap_dyndns_addrs_check_done(struct tevent_req *subreq)
+{
+ errno_t ret;
+ int i;
+ struct tevent_req *req;
+ struct sdap_dyndns_update_state *state;
+ char **str_dnslist = NULL, **str_local_list = NULL;
+ char **dns_only = NULL, **local_only = NULL;
+ bool do_update;
+
+ req = tevent_req_callback_data(subreq, struct tevent_req);
+ state = tevent_req_data(req, struct sdap_dyndns_update_state);
+
+ ret = nsupdate_get_addrs_recv(subreq, state, &str_dnslist);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("Could not receive list of current addresses [%d]: %s\n",
+ ret, sss_strerror(ret)));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ ret = sss_iface_addr_list_as_str_list(state,
+ state->addresses, &str_local_list);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("Converting DNS IP addresses to strings failed: [%d]: %s\n",
+ ret, sss_strerror(ret)));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ /* Compare the lists */
+ ret = diff_string_lists(state, str_dnslist, str_local_list,
+ &dns_only, &local_only, NULL);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("diff_string_lists failed: [%d]: %s\n", ret, sss_strerror(ret)));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ if (dns_only) {
+ for (i=0; dns_only[i]; i++) {
+ DEBUG(SSSDBG_TRACE_LIBS,
+ ("Address in DNS only: %s\n", dns_only[i]));
+ do_update = true;
+ }
+ }
+
+ if (local_only) {
+ for (i=0; local_only[i]; i++) {
+ DEBUG(SSSDBG_TRACE_LIBS,
+ ("Address on localhost only: %s\n", local_only[i]));
+ do_update = true;
+ }
+ }
+
+ if (do_update) {
+ DEBUG(SSSDBG_TRACE_FUNC,
+ ("Detected IP addresses change, will perform an update\n"));
+ ret = sdap_dyndns_update_step(req);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, ("Could not start the update [%d]: %s\n",
+ ret, sss_strerror(ret)));
+ tevent_req_error(req, ret);
+ }
+ return;
+ }
+
+ DEBUG(SSSDBG_TRACE_FUNC,
+ ("No DNS update needed, addresses did not change\n"));
+ tevent_req_done(req);
+ return;
+}
+
+static errno_t
+sdap_dyndns_update_step(struct tevent_req *req)
+{
+ errno_t ret;
+ struct sdap_dyndns_update_state *state;
+ const char *servername;
+ struct tevent_req *subreq;
+
+ state = tevent_req_data(req, struct sdap_dyndns_update_state);
+
+ servername = NULL;
+ if (state->use_server_with_nsupdate == true &&
+ state->servername) {
+ servername = state->servername;
+ }
+
+ ret = be_nsupdate_create_msg(state, state->realm, state->dns_zone,
+ servername, state->hostname,
+ state->ttl, state->remove_af,
+ state->addresses,
+ &state->update_msg);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, ("Can't get addresses for DNS update\n"));
+ return ret;
+ }
+
+ /* Fork a child process to perform the DNS update */
+ subreq = be_nsupdate_send(state, state->ev, state->update_msg);
+ if (subreq == NULL) {
+ return EIO;
+ }
+
+ tevent_req_set_callback(subreq, sdap_dyndns_update_done, req);
+ return EOK;
+}
+
+static void
+sdap_dyndns_update_done(struct tevent_req *subreq)
+{
+ errno_t ret;
+ int child_status;
+ struct tevent_req *req;
+ struct sdap_dyndns_update_state *state;
+
+ req = tevent_req_callback_data(subreq, struct tevent_req);
+ state = tevent_req_data(req, struct sdap_dyndns_update_state);
+
+ ret = be_nsupdate_recv(subreq, &child_status);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ /* If the update didn't succeed, we can retry using the server name */
+ if (state->use_server_with_nsupdate == false && state->servername &&
+ WIFEXITED(child_status) && WEXITSTATUS(child_status) != 0) {
+ state->use_server_with_nsupdate = true;
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ ("nsupdate failed, retrying with server name\n"));
+ ret = sdap_dyndns_update_step(req);
+ if (ret == EOK) {
+ return;
+ }
+ }
+
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ tevent_req_done(req);
+}
+
+errno_t
+sdap_dyndns_update_recv(struct tevent_req *req)
+{
+ TEVENT_REQ_RETURN_ON_ERROR(req);
+ return EOK;
+}
+
+/* A request to get addresses to update with */
+struct sdap_dyndns_get_addrs_state {
+ struct sdap_id_op* sdap_op;
+ struct sss_iface_addr *addresses;
+};
+
+static void sdap_dyndns_get_addrs_done(struct tevent_req *subreq);
+static errno_t sdap_dyndns_add_ldap_conn(struct sdap_dyndns_get_addrs_state *state,
+ struct sdap_handle *sh);
+
+static struct tevent_req *
+sdap_dyndns_get_addrs_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct sdap_id_ctx *sdap_ctx,
+ const char *iface)
+{
+ errno_t ret;
+ struct tevent_req *req;
+ struct tevent_req *subreq;
+ struct sdap_dyndns_get_addrs_state *state;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct sdap_dyndns_get_addrs_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if (iface) {
+ ret = sss_iface_addr_list_get(state, iface, &state->addresses);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("Cannot get list of addresses from interface %s\n", iface));
+ }
+ /* We're done. Just fake an async request completion */
+ goto done;
+ }
+
+ /* Detect DYNDNS address from LDAP connection */
+ state->sdap_op = sdap_id_op_create(state, sdap_ctx->conn_cache);
+ if (!state->sdap_op) {
+ ret = ENOMEM;
+ DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n"));
+ goto done;
+ }
+
+ subreq = sdap_id_op_connect_send(state->sdap_op, state, &ret);
+ if (!subreq) {
+ ret = EIO;
+ DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_connect_send failed: [%d](%s)\n",
+ ret, sss_strerror(ret)));
+ goto done;
+ }
+ tevent_req_set_callback(subreq, sdap_dyndns_get_addrs_done, req);
+
+ ret = EAGAIN;
+done:
+ if (ret == EOK) {
+ tevent_req_done(req);
+ tevent_req_post(req, ev);
+ } else if (ret != EAGAIN) {
+ tevent_req_error(req, ret);
+ tevent_req_post(req, ev);
+ }
+
+ /* EAGAIN - resolution in progress */
+ return req;
+}
+
+static void
+sdap_dyndns_get_addrs_done(struct tevent_req *subreq)
+{
+ errno_t ret;
+ int dp_error;
+ struct tevent_req *req;
+ struct sdap_dyndns_get_addrs_state *state;
+
+ req = tevent_req_callback_data(subreq, struct tevent_req);
+ state = tevent_req_data(req, struct sdap_dyndns_get_addrs_state);
+
+ ret = sdap_id_op_connect_recv(subreq, &dp_error);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ if (dp_error == DP_ERR_OFFLINE) {
+ DEBUG(SSSDBG_MINOR_FAILURE, ("No LDAP server is available, "
+ "dynamic DNS update is skipped in offline mode.\n"));
+ ret = ERR_DYNDNS_OFFLINE;
+ } else {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("Failed to connect to LDAP server: [%d](%s)\n",
+ ret, sss_strerror(ret)));
+ }
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ ret = sdap_dyndns_add_ldap_conn(state, sdap_id_op_handle(state->sdap_op));
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, ("Can't get addresses from LDAP connection\n"));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ /* Got the address! Done! */
+ tevent_req_done(req);
+}
+
+static errno_t
+sdap_dyndns_add_ldap_conn(struct sdap_dyndns_get_addrs_state *state,
+ struct sdap_handle *sh)
+{
+ int ret;
+ int fd;
+ struct sss_iface_addr *address;
+ struct sockaddr_storage ss;
+ socklen_t ss_len = sizeof(ss);
+
+ if (sh == NULL) {
+ return EINVAL;
+ }
+
+ /* Get the file descriptor for the primary LDAP connection */
+ ret = get_fd_from_ldap(sh->ldap, &fd);
+ if (ret != EOK) {
+ return ret;
+ }
+
+ errno = 0;
+ ret = getsockname(fd, (struct sockaddr *) &ss, &ss_len);
+ if (ret == -1) {
+ ret = errno;
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to get socket name\n"));
+ return ret;
+ }
+
+ switch(ss.ss_family) {
+ case AF_INET:
+ case AF_INET6:
+ address = sss_iface_addr_add(state, &state->addresses, &ss);
+ if (address == NULL) {
+ return ENOMEM;
+ }
+ break;
+ default:
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("Connection to LDAP is neither IPv4 nor IPv6\n"));
+ return EIO;
+ }
+
+ return EOK;
+}
+
+static errno_t
+sdap_dyndns_get_addrs_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ struct sss_iface_addr **_addresses)
+{
+ struct sdap_dyndns_get_addrs_state *state;
+
+ state = tevent_req_data(req, struct sdap_dyndns_get_addrs_state);
+
+ TEVENT_REQ_RETURN_ON_ERROR(req);
+
+ *_addresses = talloc_steal(mem_ctx, state->addresses);
+ return EOK;
+}
diff --git a/src/providers/ldap/sdap_dyndns.h b/src/providers/ldap/sdap_dyndns.h
new file mode 100644
index 00000000..1602938e
--- /dev/null
+++ b/src/providers/ldap/sdap_dyndns.h
@@ -0,0 +1,47 @@
+/*
+ SSSD
+
+ sdap_dyndns.h: LDAP specific dynamic DNS update
+
+ Authors:
+ Jakub Hrozek <jhrozek@redhat.com>
+
+ Copyright (C) 2013 Red Hat
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef SDAP_DYNDNS_H_
+#define SDAP_DYNDNS_H_
+
+#include "util/util.h"
+#include "providers/dp_backend.h"
+#include "providers/ldap/ldap_common.h"
+
+struct tevent_req *
+sdap_dyndns_update_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct be_ctx *be_ctx,
+ struct sdap_id_ctx *sdap_ctx,
+ const char *ifname,
+ const char *hostname,
+ const char *dns_zone,
+ const char *realm,
+ const char *servername,
+ const int ttl,
+ bool check_diff);
+
+errno_t sdap_dyndns_update_recv(struct tevent_req *req);
+
+#endif /* SDAP_DYNDNS_H_ */