#!/usr/bin/perl -w

# Brian Masney <masneyb@gftp.org>
# To use this script, set your base DN below. Then run 
# ./dhcpd-conf-to-ldap.pl < /path-to-dhcpd-conf/dhcpd.conf > output-file
# The output of this script will generate entries in LDIF format. You can use
# the slapadd command to add these entries into your LDAP server. You will
# definately want to double check that your LDAP entries are correct before
# you load them into LDAP.

# This script does not do much error checking. Make sure before you run this
# that the DHCP server doesn't give any errors about your config file

# FailOver notes:
#   Failover is disabled by default, since it may need manually intervention.
#   You can try the '--use=failover' option to see what happens :-)
#
#   If enabled, the failover pool references will be written to LDIF output.
#   The failover configs itself will be added to the dhcpServer statements
#   and not to the dhcpService object (since this script uses only one and
#   it may be usefull to have multiple service containers in failover mode).
#   Further, this script does not check if primary or secondary makes sense,
#   it simply converts what it gets...

use Net::Domain qw(hostname hostfqdn hostdomain);
use Getopt::Long;

my $domain = hostdomain();           # your.domain
my $basedn = "dc=".$domain;
   $basedn =~ s/\./,dc=/g;           # dc=your,dc=domain
my $server = hostname();             # hostname (nodename)
my $dhcpcn = 'DHCP Config';          # CN of DHCP config tree
my $dhcpdn = "cn=$dhcpcn, $basedn";  # DHCP config tree DN
my $second = '';                     # secondary server DN / hostname
my $i_conf = '';                     # dhcp.conf file to read or stdin
my $o_ldif = '';                     # output ldif file name or stdout
my @use    = ();                     # extended flags (failover)

sub usage($;$)
{
  my $rc = shift;
  my $err= shift;

  print STDERR "Error: $err\n\n" if(defined $err);
  print STDERR <<__EOF_USAGE__;
usage: 
  $0 [options] < dhcpd.conf > dhcpd.ldif

options:

  --basedn  "dc=your,dc=domain"        ("$basedn")

  --dhcpdn  "dhcp config DN"           ("$dhcpdn")

  --server  "dhcp server name"         ("$server")

  --second  "secondary server or DN"   ("$second")

  --conf    "/path/to/dhcpd.conf"      (default is stdin)
  --ldif    "/path/to/output.ldif"     (default is stdout)

  --use     "extended features"        (see source comments)
__EOF_USAGE__
  exit($rc);
}


sub next_token
{
  local ($lowercase) = @_;
  local ($token, $newline);

  do 
    {
      if (!defined ($line) || length ($line) == 0)
        {
          $line = <>;
          return undef if !defined ($line);
          chop $line;
          $line_number++;
          $token_number = 0;
        }

      $line =~ s/#.*//;
      $line =~ s/^\s+//;
      $line =~ s/\s+$//;
    }
  while (length ($line) == 0);

  if (($token, $newline) = $line =~ /^(.*?)\s+(.*)/)
    {
      if ($token =~ /^"/) {
       #handle quoted token
       if ($token !~ /"\s*$/)
       {
         ($tok, $newline)  = $newline =~ /([^"]+")(.*)/;
         $token .= " $tok";
        }
      }
      $line = $newline;
    }
  else
    {
      $token = $line;
      $line = '';
    }
  $token_number++;

  $token =~ y/[A-Z]/[a-z]/ if $lowercase;

  return ($token);
}


sub remaining_line
{
  local ($block) = shift || 0;
  local ($tmp, $str);

  $str = "";
  while (defined($tmp = next_token (0)))
    {
      $str .= ' ' if !($str eq "");
      $str .= $tmp;
      last if $tmp =~ /;\s*$/;
      last if($block and $tmp =~ /\s*[}{]\s*$/);
    }

  $str =~ s/;$//;
  return ($str);
}


sub
add_dn_to_stack
{
  local ($dn) = @_;

  $current_dn = "$dn, $current_dn";
  $curentry{'current_dn'} = $current_dn;
}


sub
remove_dn_from_stack
{
  $current_dn =~ s/^.*?,\s*//;
}


sub
parse_error
{
  print "Parse error on line number $line_number at token number $token_number\n";
  exit (1);
}

sub
new_entry
{
   if (%curentry) {
     $curentry{'current_dn'} = $current_dn;
     push(@entrystack, {%curentry});
     undef(%curentry);
   }
}

sub
pop_entry
{
  if (%curentry) {
    push(@outputlist, {%curentry});
  }
  $rentry = pop(@entrystack);
  %curentry = %$rentry if $rentry;
}


sub
print_entry
{
  return if (scalar keys %curentry == 0);

  if (!defined ($curentry{'type'}))
    {
      $hostdn = "cn=$server, $basedn";
      print "dn: $hostdn\n";
      print "cn: $server\n";
      print "objectClass: top\n";
      print "objectClass: dhcpServer\n";
      print "dhcpServiceDN: $curentry{'current_dn'}\n";
      if(grep(/FaIlOvEr/i, @use))
        {
          foreach my $fo_peer (keys %failover)
            {
              next if(scalar(@{$failover{$fo_peer}}) <= 1);
              print "dhcpStatements: failover peer $fo_peer { ",
                    join('; ', @{$failover{$fo_peer}}), "; }\n";
            }
        }
      print "\n";

      print "dn: $curentry{'current_dn'}\n";
      print "cn: $dhcpcn\n";
      print "objectClass: top\n";
      print "objectClass: dhcpService\n";
      if (defined ($curentry{'options'}))
        {
          print "objectClass: dhcpOptions\n";
        }
      print "dhcpPrimaryDN: $hostdn\n";
      if(grep(/FaIlOvEr/i, @use) and ($second ne ''))
        {
          print "dhcpSecondaryDN: $second\n";
        }
    }
  elsif ($curentry{'type'} eq 'subnet')
    {
      print "dn: $curentry{'current_dn'}\n";
      print "cn: " . $curentry{'ip'} . "\n";
      print "objectClass: top\n";
      print "objectClass: dhcpSubnet\n";
      if (defined ($curentry{'options'}))
        {
          print "objectClass: dhcpOptions\n";
        }
      
      print "dhcpNetMask: " . $curentry{'netmask'} . "\n";
      if (defined ($curentry{'ranges'}))
        {
          foreach $statement (@{$curentry{'ranges'}})
            {
              print "dhcpRange: $statement\n";
            }
        }
    }
  elsif ($curentry{'type'} eq 'shared-network')
    {
      print "dn: $curentry{'current_dn'}\n";
      print "cn: " . $curentry{'descr'} . "\n";
      print "objectClass: top\n";
      print "objectClass: dhcpSharedNetwork\n";
      if (defined ($curentry{'options'}))
        {
          print "objectClass: dhcpOptions\n";
        }
    }
  elsif ($curentry{'type'} eq 'group')
    {
      print "dn: $curentry{'current_dn'}\n";
      print "cn: group", $curentry{'idx'}, "\n";
      print "objectClass: top\n";
      print "objectClass: dhcpGroup\n";
      if (defined ($curentry{'options'}))
        {
          print "objectClass: dhcpOptions\n";
        }
    }
  elsif ($curentry{'type'} eq 'host')
    {
      print "dn: $curentry{'current_dn'}\n";
      print "cn: " . $curentry{'host'} . "\n";
      print "objectClass: top\n";
      print "objectClass: dhcpHost\n";
      if (defined ($curentry{'options'}))
        {
          print "objectClass: dhcpOptions\n";
        }

      if (defined ($curentry{'hwaddress'}))
        {
          $curentry{'hwaddress'} =~ y/[A-Z]/[a-z]/;
          print "dhcpHWAddress: " . $curentry{'hwaddress'} . "\n";
        }
    }
  elsif ($curentry{'type'} eq 'pool')
    {
      print "dn: $curentry{'current_dn'}\n";
      print "cn: pool", $curentry{'idx'}, "\n";
      print "objectClass: top\n";
      print "objectClass: dhcpPool\n";
      if (defined ($curentry{'options'}))
        {
          print "objectClass: dhcpOptions\n";
        }

      if (defined ($curentry{'ranges'}))
        {
          foreach $statement (@{$curentry{'ranges'}})
            {
              print "dhcpRange: $statement\n";
            }
        }
    }
  elsif ($curentry{'type'} eq 'class')
    {
      print "dn: $curentry{'current_dn'}\n";
      print "cn: " . $curentry{'class'} . "\n";
      print "objectClass: top\n";
      print "objectClass: dhcpClass\n";
      if (defined ($curentry{'options'}))
        {
          print "objectClass: dhcpOptions\n";
        }
    }
  elsif ($curentry{'type'} eq 'subclass')
    {
      print "dn: $curentry{'current_dn'}\n";
      print "cn: " . $curentry{'subclass'} . "\n";
      print "objectClass: top\n";
      print "objectClass: dhcpSubClass\n";
      if (defined ($curentry{'options'}))
        {
          print "objectClass: dhcpOptions\n";
        }
      print "dhcpClassData: " . $curentry{'class'} . "\n";
    }

  if (defined ($curentry{'statements'}))
    {
      foreach $statement (@{$curentry{'statements'}})
        {
          print "dhcpStatements: $statement\n";
        }
    }

  if (defined ($curentry{'options'}))
    {
      foreach $statement (@{$curentry{'options'}})
        {
          print "dhcpOption: $statement\n";
        }
    }

  print "\n";
  undef (%curentry);
}


sub parse_netmask
{
  local ($netmask) = @_;
  local ($i);

  if ((($a, $b, $c, $d) = $netmask =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/) != 4)
    {
      parse_error ();
    }

  $num = (($a & 0xff) << 24) |
         (($b & 0xff) << 16) |
         (($c & 0xff) << 8) |
          ($d & 0xff);

  for ($i=1; $i<=32 && $num & (1 << (32 - $i)); $i++)
    {
    }
  $i--;

  return ($i);
}


sub parse_subnet
{
  local ($ip, $tmp, $netmask);

  new_entry ();
    
  $ip = next_token (0);
  parse_error () if !defined ($ip);

  $tmp = next_token (1);
  parse_error () if !defined ($tmp);
  parse_error () if !($tmp eq 'netmask');

  $tmp = next_token (0);
  parse_error () if !defined ($tmp);
  $netmask = parse_netmask ($tmp);

  $tmp = next_token (0);
  parse_error () if !defined ($tmp);
  parse_error () if !($tmp eq '{');

  add_dn_to_stack ("cn=$ip");
  $curentry{'type'} = 'subnet';
  $curentry{'ip'} = $ip;
  $curentry{'netmask'} = $netmask;
  $cursubnet = $ip;
  $curcounter{$ip} = { pool  => 0, group => 0 };
}


sub parse_shared_network
{
  local ($descr, $tmp);

  new_entry ();

  $descr = next_token (0);
  parse_error () if !defined ($descr);

  $tmp = next_token (0);
  parse_error () if !defined ($tmp);
  parse_error () if !($tmp eq '{');

  add_dn_to_stack ("cn=$descr");
  $curentry{'type'} = 'shared-network';
  $curentry{'descr'} = $descr;
}


sub parse_host
{
  local ($descr, $tmp);

  new_entry ();

  $host = next_token (0);
  parse_error () if !defined ($host);

  $tmp = next_token (0);
  parse_error () if !defined ($tmp);
  parse_error () if !($tmp eq '{');

  add_dn_to_stack ("cn=$host");
  $curentry{'type'} = 'host';
  $curentry{'host'} = $host;
}


sub parse_group
{
  local ($descr, $tmp);

  new_entry ();

  $tmp = next_token (0);
  parse_error () if !defined ($tmp);
  parse_error () if !($tmp eq '{');

  my $idx;
  if(exists($curcounter{$cursubnet})) {
    $idx = ++$curcounter{$cursubnet}->{'group'};
  } else {
    $idx = ++$curcounter{''}->{'group'};
  }

  add_dn_to_stack ("cn=group".$idx);
  $curentry{'type'} = 'group';
  $curentry{'idx'} = $idx;
}


sub parse_pool
{
  local ($descr, $tmp);

  new_entry ();

  $tmp = next_token (0);
  parse_error () if !defined ($tmp);
  parse_error () if !($tmp eq '{');

  my $idx;
  if(exists($curcounter{$cursubnet})) {
    $idx = ++$curcounter{$cursubnet}->{'pool'};
  } else {
    $idx = ++$curcounter{''}->{'pool'};
  }

  add_dn_to_stack ("cn=pool".$idx);
  $curentry{'type'} = 'pool';
  $curentry{'idx'} = $idx;
}


sub parse_class
{
  local ($descr, $tmp);

  new_entry ();

  $class = next_token (0);
  parse_error () if !defined ($class);

  $tmp = next_token (0);
  parse_error () if !defined ($tmp);
  parse_error () if !($tmp eq '{');

  $class =~ s/\"//g;
  add_dn_to_stack ("cn=$class");
  $curentry{'type'} = 'class';
  $curentry{'class'} = $class;
}


sub parse_subclass
{
  local ($descr, $tmp);

  new_entry ();

  $class = next_token (0);
  parse_error () if !defined ($class);

  $subclass = next_token (0);
  parse_error () if !defined ($subclass);

  if (substr($subclass,-1) eq ';') {
    $tmp = ";";
    $subclass = substr($subclass,0,-1);
  } else {
    $tmp = next_token (0); 
    parse_error () if !defined ($tmp);
  }
  parse_error () if !($tmp eq '{' or $tmp eq ';');
  add_dn_to_stack ("cn=$subclass");
  $curentry{'type'} = 'subclass';
  $curentry{'class'} = $class;
  $curentry{'subclass'} = $subclass;

  if ($tmp eq ';') {
    pop_entry ();
    remove_dn_from_stack ();
  }
}


sub parse_hwaddress
{
  local ($type, $hw, $tmp);

  $type = next_token (1);
  parse_error () if !defined ($type);

  $hw = next_token (1);
  parse_error () if !defined ($hw);
  $hw =~ s/;$//;

  $curentry{'hwaddress'} = "$type $hw";
}

    
sub parse_range
{
  local ($tmp, $str);

  $str = remaining_line ();

  if (!($str eq ''))
    {
      $str =~ s/;$//;
      push (@{$curentry{'ranges'}}, $str);
    }
}


sub parse_statement
{
  local ($token) = shift;
  local ($str);

  if ($token eq 'option')
    {
      $str = remaining_line ();
      push (@{$curentry{'options'}}, $str);
    }
  elsif($token eq 'failover')
    {
      $str = remaining_line (1); # take care on block
      if($str =~ /[{]/)
        {
          my ($peername, @statements);

          parse_error() if($str !~ /^\s*peer\s+(.+?)\s+[{]\s*$/);
          parse_error() if(($peername = $1) !~ /^\"?[^\"]+\"?$/);

          #
          # failover config block found:
          # e.g. 'failover peer "some-name" {'
          #
          if(not grep(/FaIlOvEr/i, @use))
            {
              print STDERR "Warning: Failover config 'peer $peername' found!\n";
              print STDERR "         Skipping it, since failover disabled!\n";
              print STDERR "         You may try out --use=failover option.\n";
            }

          until($str =~ /[}]/ or $str eq "")
            {
                $str = remaining_line (1);
                # collect all statements, except ending '}'
                push(@statements, $str) if($str !~ /[}]/);
            }
          $failover{$peername} = [@statements];
        }
      else
        {
          #
          # pool reference to failover config is fine
          # e.g. 'failover peer "some-name";'
          #
          if(not grep(/FaIlOvEr/i, @use))
            {
              print STDERR "Warning: Failover reference '$str' found!\n";
              print STDERR "         Skipping it, since failover disabled!\n";
              print STDERR "         You may try out --use=failover option.\n";
            }
          else
            {
              push (@{$curentry{'statements'}}, $token. " " . $str);
            }
        }
    }
  elsif($token eq 'zone')
    {
      $str = $token;
      while($str !~ /}$/) {
        $str .= ' ' . next_token (0);
      }
      push (@{$curentry{'statements'}}, $str);
    }
  elsif($token =~ /^(authoritative)[;]*$/)
    {
      push (@{$curentry{'statements'}}, $1);
    }
  else
    {
      $str = $token . " " . remaining_line ();
      push (@{$curentry{'statements'}}, $str);
    }
}


my $ok = GetOptions(
    'basedn=s'      => \$basedn,
    'dhcpdn=s'      => \$dhcpdn,
    'server=s'      => \$server,
    'second=s'      => \$second,
    'conf=s'        => \$i_conf,
    'ldif=s'        => \$o_ldif,
    'use=s'         => \@use,
    'h|help|usage'  => sub { usage(0); },
);

unless($server =~ /^\w+/)
  {
    usage(1, "invalid server name '$server'");
  }
unless($basedn =~ /^\w+=[^,]+/)
  {
    usage(1, "invalid base dn '$basedn'");
  }

if($dhcpdn =~ /^cn=([^,]+)/i)
  {
    $dhcpcn = "$1";
  }
$second = '' if not defined $second;
unless($second eq '' or $second =~ /^cn=[^,]+\s*,\s*\w+=[^,]+/i)
  {
    if($second =~ /^cn=[^,]+$/i)
      {
        # relative DN 'cn=name'
        $second = "$second, $basedn";
      }
    elsif($second =~ /^\w+/)
      {
        # assume hostname only
        $second = "cn=$second, $basedn";
      }
    else
      {
        usage(1, "invalid secondary '$second'")
      }
  }

usage(1) unless($ok);

if($i_conf ne "" and -f $i_conf)
  {
    if(not open(STDIN, '<', $i_conf))
      {
        print STDERR "Error: can't open conf file '$i_conf': $!\n";
        exit(1);
      }
  }
if($o_ldif ne "")
  {
    if(-e $o_ldif)
      {
        print STDERR "Error: output ldif name '$o_ldif' already exists!\n";
        exit(1);
      }
    if(not open(STDOUT, '>', $o_ldif))
      {
        print STDERR "Error: can't open ldif file '$o_ldif': $!\n";
        exit(1);
      }
  }


print STDERR "Creating LDAP Configuration with the following options:\n";
print STDERR "\tBase DN: $basedn\n";
print STDERR "\tDHCP DN: $dhcpdn\n";
print STDERR "\tServer DN: cn=$server, $basedn\n";
print STDERR "\tSecondary DN: $second\n"
             if(grep(/FaIlOvEr/i, @use) and $second ne '');
print STDERR "\n";

my $token;
my $token_number = 0;
my $line_number = 0;
my $cursubnet = '';
my %curcounter = ( '' => { pool => 0, group => 0 } );

$current_dn = "$dhcpdn";
$curentry{'current_dn'} = $current_dn;
$curentry{'descr'} = $dhcpcn;
$line = '';
%failover = ();

while (($token = next_token (1)))
  {
    if ($token eq '}')
      {
        pop_entry ();
        if($current_dn =~ /.+?,\s*${dhcpdn}$/) {
          # don't go below dhcpdn ...
          remove_dn_from_stack ();
        }
      }
    elsif ($token eq 'subnet')
      {
        parse_subnet ();
        next;
      }
    elsif ($token eq 'shared-network')
      {
        parse_shared_network ();
        next;
      }
    elsif ($token eq 'class')
      {
        parse_class ();
        next;
      }
    elsif ($token eq 'subclass')
      {
        parse_subclass ();
        next;
      }
    elsif ($token eq 'pool')
      {
        parse_pool ();
        next;
      }
    elsif ($token eq 'group')
      {
        parse_group ();
        next;
      }
    elsif ($token eq 'host')
      {
        parse_host ();
        next;
      }
    elsif ($token eq 'hardware')
      {
        parse_hwaddress ();
        next;
      }
    elsif ($token eq 'range')
      {
        parse_range ();
        next;
      }
    else
      {
        parse_statement ($token);
        next;
      }
  }

pop_entry ();

while ($#outputlist >= 0) {
  $rentry = pop(@outputlist);
  if ($rentry) {
    %curentry = %$rentry;
    print_entry ();
  }
}

close(STDIN)  if($i_conf);
close(STDOUT) if($o_ldif);

print STDERR "Done.\n";