PR#179: Move recognition of a templated attribute to ldap_attribute_to_rdatatype - bind-dyndb-ldap

bind-dyndb-ldap

#179 Move recognition of a templated attribute to ldap_attribute_to_rdatatype

Merged 2 years ago by abbra. Opened 3 years ago by abbra.

abbra/bind-dyndb-ldap locations-defaults-missing into master

Move recognition of a templated attribute to ldap_attribute_to_rdatatype

Alexander Bokovoy • 2 years ago

f542870

src/ldap_convert.c

file modified

+25 -8

		`@@ -372,23 +372,40 @@`
		`{`
		`isc_result_t result;`
		`unsigned len;`
		`+ const char *attribute = NULL;`
		`isc_consttextregion_t region;`

		`len = strlen(ldap_attribute);`
		`if (len <= LDAP_RDATATYPE_SUFFIX_LEN)`
		`return ISC_R_UNEXPECTEDEND;`

		`+`
		`+ /* Before looking up rdtype, we need to see if rdtype is`
		`+ * an LDAP subtype (type;subtype) and if so, strip one of`
		`+ * the known prefixes. We also need to remove 'record' suffix`
		`+ * if it exists. The resulting rdtype text name should have no`
		`+ * 'extra' details: A, AAAA, CNAME, etc. */`
		`+ attribute = ldap_attribute;`
		`+`
		`+ /* Does attribute name start with with TEMPLATE_PREFIX? */`
		`+ if (strncasecmp(LDAP_RDATATYPE_TEMPLATE_PREFIX,`
		`+ ldap_attribute,`
		`+ LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN) == 0) {`
		`+ attribute = ldap_attribute + LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN;`
		`+ len -= LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN;`
		`+ /* Does attribute name start with with UNKNOWN_PREFIX? */`
		`+ } else if (strncasecmp(LDAP_RDATATYPE_UNKNOWN_PREFIX,`
		`+ ldap_attribute,`
		`+ LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN) == 0) {`
		`+ attribute = ldap_attribute + LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN;`
		`+ len -= LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN;`
		`+ }`
		`+`
		`/* Does attribute name end with RECORD_SUFFIX? */`
		`- if (strcasecmp(ldap_attribute + len - LDAP_RDATATYPE_SUFFIX_LEN,`
		`+ if (strcasecmp(attribute + len - LDAP_RDATATYPE_SUFFIX_LEN,`
		`LDAP_RDATATYPE_SUFFIX) == 0) {`
		`- region.base = ldap_attribute;`
		`+ region.base = attribute;`
		`region.length = len - LDAP_RDATATYPE_SUFFIX_LEN;`
		`- /* Does attribute name start with with UNKNOWN_PREFIX? */`
		`- } else if (strncasecmp(ldap_attribute,`
		`- LDAP_RDATATYPE_UNKNOWN_PREFIX,`
		`- LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN) == 0) {`
		`- region.base = ldap_attribute + LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN;`
		`- region.length = len - LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN;`
		`} else`
		`return ISC_R_UNEXPECTED;`

src/ldap_convert.h

file modified

		`@@ -17,6 +17,8 @@`
		`#define LDAP_RDATATYPE_SUFFIX_LEN (sizeof(LDAP_RDATATYPE_SUFFIX) - 1)`
		`#define LDAP_RDATATYPE_UNKNOWN_PREFIX "UnknownRecord;"`
		`#define LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN (sizeof(LDAP_RDATATYPE_UNKNOWN_PREFIX) - 1)`
		`+ #define LDAP_RDATATYPE_TEMPLATE_PREFIX "idnsTemplateAttribute;"`
		`+ #define LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN (sizeof(LDAP_RDATATYPE_TEMPLATE_PREFIX) - 1)`

		`/*`
		`* Convert LDAP DN 'dn', to dns_name_t 'target'. 'target' needs to be`

src/ldap_helper.c

file modified

+14 -7

		`@@ -2396,7 +2396,7 @@`
		`result = setting_find(setting_name, set, isc_boolean_true,`
		`isc_boolean_true, &setting);`
		`if (result != ISC_R_SUCCESS) {`
		`- log_debug(3, "setting '%s' is not defined so it "`
		`+ log_debug(5, "setting '%s' is not defined so it "`
		`"cannot be substituted into template '%s'",`
		`setting_name, str_buf(orig_val));`
		`CLEANUP_WITH(ISC_R_IGNORE);`
		`@@ -2459,23 +2459,22 @@`
		`dns_rdatatype_t rdtype;`
		`dns_rdatalist_t *rdlist = NULL;`
		`isc_boolean_t did_something = ISC_FALSE;`
		`- static const char prefix[] = "idnsTemplateAttribute;";`
		`- static const char prefix_len = sizeof(prefix) - 1;`

		`CHECK(str_new(mctx, &orig_val));`
		`rdclass = ldap_entry_getrdclass(entry);`
		`ttl = ldap_entry_getttl(entry, settings);`

		`while ((attr = ldap_entry_nextattr(entry)) != NULL) {`
		`- if (strncasecmp(prefix, attr->name, prefix_len) != 0)`
		`+ if (strncasecmp(LDAP_RDATATYPE_TEMPLATE_PREFIX,`
		`+ attr->name,`
		`+ LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN) != 0)`
		`continue;`

		`- result = ldap_attribute_to_rdatatype(attr->name + prefix_len,`
		`- &rdtype);`
		`+ result = ldap_attribute_to_rdatatype(attr->name, &rdtype);`
		`if (result != ISC_R_SUCCESS) {`
		`log_bug("%s: substitution into '%s' is not supported",`
		`ldap_entry_logname(entry),`
		`- attr->name + prefix_len);`
		`+ attr->name + LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN);`
		`continue;`
		`}`

		`@@ -2559,6 +2558,14 @@`
		`for (result = ldap_entry_firstrdtype(entry, &attr, &rdtype);`
		`result == ISC_R_SUCCESS;`
		`result = ldap_entry_nextrdtype(entry, &attr, &rdtype)) {`
		`+ /* If we reached this point and found a template attribute,`
		`+ * skip it because it was not translated above due to missing`
		`+ * defaults or some other errors. */`
		`+ if (((entry->class & LDAP_ENTRYCLASS_TEMPLATE) != 0) &&`
		`+ strncasecmp(LDAP_RDATATYPE_TEMPLATE_PREFIX,`
		`+ attr->name,`
		`+ LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN) == 0)`
		`+ continue;`

		`CHECK(findrdatatype_or_create(mctx, rdatalist, rdclass,`
		`rdtype, ttl, &rdlist));`

abbra commented 3 years ago

When substitution of a templated entry attribute fails, we need to fall
back to a static definition of the attribute from the same entry. This
means, however, that ldap_attribute_to_rdatatype() will attempt to parse
an attribute value anyway and will be confused by the templating prefix,
thus reporting in named's logs:

unsupported operation: object class in resource record template DN
'idnsname=$NAME,idnsname=$ZONE.,cn=dns,$BASEDN' changed:
rndc reload might be necessary

Move recognition of a template attribute name to
ldap_attribute_to_rdatatype() so that a proper attribute class is
correctly derived and ignore templated attribute in the fallback code
if case that template expansion is failed.

Resolves: rhbz#1553512