From b4c3a6c30060045878cbc2bded38ca75b7881f09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=A5=D0=B8=D1=80=D0=B5=D1=86=D0=BA=D0=B8=D0=B9=20=D0=9C?= =?UTF-8?q?=D0=B8=D1=85=D0=B0=D0=B8=D0=BB?= Date: Fri, 27 Dec 2019 12:21:12 +0300 Subject: [PATCH] net-dns/bind: 9.14.8[sdb-ldap] --- net-dns/bind/Manifest | 7 +- net-dns/bind/bind-9.11.1_p3-r1.ebuild | 424 --- ...1.0_p5-r1.ebuild => bind-9.14.8-r1.ebuild} | 268 +- .../bind/files/bind-9.10.3_p2-libressl.patch | 110 - .../files/bind-9.11-sdb-ldap-1.1.0-fc14.patch | 1123 -------- .../files/bind-9.11.0_p5-dyndb-dlopen.patch | 97 - net-dns/bind/files/bind-9.14.8-sdb-ldap.patch | 2466 +++++++++++++++++ .../bind/files/bind-sdb-ldap-1.1.0-fc14.patch | 1189 -------- net-dns/bind/files/named.cache | 88 - net-dns/bind/files/named.cache-r3 | 54 +- net-dns/bind/files/named.init-r13 | 3 +- 11 files changed, 2608 insertions(+), 3221 deletions(-) delete mode 100644 net-dns/bind/bind-9.11.1_p3-r1.ebuild rename net-dns/bind/{bind-9.11.0_p5-r1.ebuild => bind-9.14.8-r1.ebuild} (60%) delete mode 100644 net-dns/bind/files/bind-9.10.3_p2-libressl.patch delete mode 100644 net-dns/bind/files/bind-9.11-sdb-ldap-1.1.0-fc14.patch delete mode 100644 net-dns/bind/files/bind-9.11.0_p5-dyndb-dlopen.patch create mode 100644 net-dns/bind/files/bind-9.14.8-sdb-ldap.patch delete mode 100644 net-dns/bind/files/bind-sdb-ldap-1.1.0-fc14.patch delete mode 100644 net-dns/bind/files/named.cache diff --git a/net-dns/bind/Manifest b/net-dns/bind/Manifest index 114a61dd5..7520ba16f 100644 --- a/net-dns/bind/Manifest +++ b/net-dns/bind/Manifest @@ -1,4 +1,3 @@ -DIST bind-9.11.0-P5.tar.gz 9698446 SHA256 1e283f0567b484687dfd7b936e26c9af4f64043daf73cbd8f3eb1122c9fb71f5 SHA512 142407db35a7bba6e676f2b3dc726a3a6ece9df8a27722f108ec309e24c4614da097b6cd31675c4925e68ff147896bc0a16dd71aa74dd73753ba86a2dbd7d3bd WHIRLPOOL a2aba3a52ad3610891733a3c8d93c0f5b263f706e36178a6f642b18e607a665ad0b15bdf679b9a5d149e9262eb5f718e23a09e989b63a418ee8fdfcb7f435186 -DIST bind-9.11.1-P3.tar.gz 9749095 SHA256 52426e75432e46996dc90f24fca027805a341c38fbbb022b60dc9acd2677ccf4 SHA512 bf92ce1e07e5c84cc42b413bdbd3ad97f37712a6dc330dc10182992d948b7a393d5446efa188379b39020c34d810cebe2a7acccc9b8aa6bb564e1f3e6be42e96 WHIRLPOOL 93c139c979a60f9f3d8e54cf9f23e25a6d64180f7c2be6ba8c41488e9eec985c0bd67ab28e7f502c155c57b643b47b4c12d1ee5877077be37e07138adbd93a56 -DIST bind-9.11.2_p1.tar.gz 9783329 SHA256 cec31548832fca3f85d95178d4019b7d702039e8595d4c93914feba337df1212 SHA512 168f27f580e3be2f7ada27afa2f72e715e750eec76831cf01bd32fabc1fa65dc29dab0eb7ed1682b076d3be99269897ddbc2c10551631a3911d9e5ae1aa40597 WHIRLPOOL 02a6ce77ce4158c43e9acc3454dc6818d7854c82c1fc6465fab3cba141004fbc4c0da647d2c14e7b0e3a0b477ba8492ceec1f58b2af4168c5064d71cc8e20ebd -DIST dyndns-samples.tbz2 22866 SHA256 92fb06a92ca99cbbe96b90bcca229ef9c12397db57ae17e199dad9f1218fdbe8 SHA512 83b0bf99f8e9ff709e8e9336d8c5231b98a4b5f0c60c10792f34931e32cc638d261967dfa5a83151ec3740977d94ddd6e21e9ce91267b3e279b88affdbc18cac WHIRLPOOL 08d4e6a817f1d02597631e18152dbd55ea1bc4c82174be150cc77efc9e1f0f03b6471d1cefbe4229cd3161de752ef232a43ca274a07b78e9c974ceb04cfe99a2 +DIST bind-9.11.2_p1.tar.gz 9783329 BLAKE2B 5a3bbd87112064231bd5e6b09ebb4014f9d5cf65cb601c03555ff540a22d87aec3990cd8e37ce5ff09e9a149bdf122d20ecb01f87731e6c79d80379a6926014f SHA512 168f27f580e3be2f7ada27afa2f72e715e750eec76831cf01bd32fabc1fa65dc29dab0eb7ed1682b076d3be99269897ddbc2c10551631a3911d9e5ae1aa40597 +DIST bind-9.14.8.tar.gz 6403140 BLAKE2B 45cb06ce8564880d501c63d25c7af8567184e4e4293e01886620cf655449c972ab55c77c7aded07838c61557bc56d9edac26097715c1121fcfb6b606d7a29365 SHA512 eb52760982ebd246e6e1945684771193fc7364324a6d6a95a0cae33afa0a4fa24ffe8313b5f9094420c7c2ec932b1b1a9fb19f6e673ff3c5583ab5e3ff04eb6a +DIST dyndns-samples.tbz2 22866 BLAKE2B 409890653c6536cb9c0e3ba809d2bfde0e0ae73a2a101b4f229b46c01568466bc022bbbc37712171adbd08c572733e93630feab95a0fcd1ac50a7d37da1d1108 SHA512 83b0bf99f8e9ff709e8e9336d8c5231b98a4b5f0c60c10792f34931e32cc638d261967dfa5a83151ec3740977d94ddd6e21e9ce91267b3e279b88affdbc18cac diff --git a/net-dns/bind/bind-9.11.1_p3-r1.ebuild b/net-dns/bind/bind-9.11.1_p3-r1.ebuild deleted file mode 100644 index c50eea8c8..000000000 --- a/net-dns/bind/bind-9.11.1_p3-r1.ebuild +++ /dev/null @@ -1,424 +0,0 @@ -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -# Re dlz/mysql and threads, needs to be verified.. -# MySQL uses thread local storage in its C api. Thus MySQL -# requires that each thread of an application execute a MySQL -# thread initialization to setup the thread local storage. -# This is impossible to do safely while staying within the DLZ -# driver API. This is a limitation caused by MySQL, and not the DLZ API. -# Because of this BIND MUST only run with a single thread when -# using the MySQL driver. - -EAPI="5" - -PYTHON_COMPAT=( python2_7 python3_{4,5,6} ) - -inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd - -MY_PV="${PV/_p/-P}" -MY_PV="${MY_PV/_rc/rc}" -MY_P="${PN}-${MY_PV}" - -SDB_LDAP_VER="1.1.0-fc14" - -RRL_PV="${MY_PV}" - -NSLINT_DIR="contrib/nslint-3.0a2/" - -# SDB-LDAP: http://bind9-ldap.bayour.com/ - -DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server" -HOMEPAGE="http://www.isc.org/software/bind" -SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz - doc? ( mirror://gentoo/dyndns-samples.tbz2 )" - -LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0" -SLOT="0" -KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -# -berkdb by default re bug 602682 -IUSE="-berkdb +caps dlz dnstap doc filter-aaaa fixed-rrset geoip gost gssapi idn ipv6 -json ldap libressl lmdb mysql nslint odbc postgres python rpz seccomp selinux ssl static-libs -+threads urandom xml +zlib sdb-ldap" -# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687 - -REQUIRED_USE="postgres? ( dlz ) - berkdb? ( dlz ) - mysql? ( dlz !threads ) - odbc? ( dlz ) - ldap? ( dlz ) - gost? ( !libressl ssl ) - threads? ( caps ) - dnstap? ( threads ) - python? ( ${PYTHON_REQUIRED_USE} ) - sdb-ldap? ( dlz )" - -DEPEND=" - ssl? ( - !libressl? ( dev-libs/openssl:0[-bindist] ) - libressl? ( dev-libs/libressl ) - ) - mysql? ( >=virtual/mysql-4.0 ) - odbc? ( >=dev-db/unixODBC-2.2.6 ) - ldap? ( net-nds/openldap ) - idn? ( net-dns/idnkit ) - postgres? ( dev-db/postgresql:= ) - caps? ( >=sys-libs/libcap-2.1.0 ) - xml? ( dev-libs/libxml2 ) - geoip? ( >=dev-libs/geoip-1.4.6 ) - gssapi? ( virtual/krb5 ) - gost? ( >=dev-libs/openssl-1.0.0:0[-bindist] ) - seccomp? ( sys-libs/libseccomp ) - json? ( dev-libs/json-c ) - lmdb? ( dev-db/lmdb ) - zlib? ( sys-libs/zlib ) - dnstap? ( dev-libs/fstrm dev-libs/protobuf-c ) - python? ( - ${PYTHON_DEPS} - dev-python/ply[${PYTHON_USEDEP}] - ) - sdb-ldap? ( net-nds/openldap ) - " - -RDEPEND="${DEPEND} - selinux? ( sec-policy/selinux-bind ) - || ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )" - -S="${WORKDIR}/${MY_P}" - -# bug 479092, requires networking -RESTRICT="test" - -pkg_setup() { - ebegin "Creating named group and user" - enewgroup named 40 - enewuser named 40 -1 /etc/bind named - eend ${?} -} - -src_prepare() { - # bug 600212 - epatch "${FILESDIR}"/${PN}-9.11.0_p5-dyndb-dlopen.patch - - # Adjusting PATHs in manpages - for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do - sed -i \ - -e 's:/etc/named.conf:/etc/bind/named.conf:g' \ - -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \ - -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \ - "${i}" || die "sed failed, ${i} doesn't exist" - done - - if use dlz; then - # sdb-ldap patch as per bug #160567 - # Upstream URL: http://bind9-ldap.bayour.com/ - # New patch take from bug 302735 - if use sdb-ldap; then - #epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch - epatch "${FILESDIR}"/${PN}-9.11.1-sdb-ldap-${SDB_LDAP_VER}.patch - cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/ - cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/ - cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/ - fi - fi - - # should be installed by bind-tools - sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die - - # Disable tests for now, bug 406399 - sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die - - if use nslint; then - sed -i -e 's:/etc/named.conf:/etc/bind/named.conf:' ${NSLINT_DIR}/nslint.{c,8} || die - fi - - # bug #220361 - rm aclocal.m4 - rm -rf libtool.m4/ - eautoreconf -} - -src_configure() { - local myconf="" - - if use urandom; then - myconf="${myconf} --with-randomdev=/dev/urandom" - else - myconf="${myconf} --with-randomdev=/dev/random" - fi - - use geoip && myconf="${myconf} --with-geoip" - - # bug #158664 -# gcc-specs-ssp && replace-flags -O[23s] -O - - # To include db.h from proper path - use berkdb && append-flags "-I$(db_includedir)" - - export BUILD_CC=$(tc-getBUILD_CC) - econf \ - --sysconfdir=/etc/bind \ - --localstatedir=/var \ - --with-libtool \ - --enable-full-report \ - --without-readline \ - $(use_enable caps linux-caps) \ - $(use_enable filter-aaaa) \ - $(use_enable fixed-rrset) \ - $(use_enable ipv6) \ - $(use_enable rpz rpz-nsdname) \ - $(use_enable rpz rpz-nsip) \ - $(use_enable seccomp) \ - $(use_enable threads) \ - $(use_with berkdb dlz-bdb) \ - $(use_with dlz dlopen) \ - $(use_with dlz dlz-filesystem) \ - $(use_with dlz dlz-stub) \ - $(use_with gost) \ - $(use_with gssapi) \ - $(use_with idn) \ - $(use_with json libjson) \ - $(use_with ldap dlz-ldap) \ - $(use_with mysql dlz-mysql) \ - $(use_with odbc dlz-odbc) \ - $(use_with postgres dlz-postgres) \ - $(use_with lmdb) \ - $(use_with python) \ - $(use_with ssl ecdsa) \ - $(use_with ssl openssl "${EPREFIX}"/usr) \ - $(use_with xml libxml2) \ - $(use_with zlib) \ - ${myconf} - - # $(use_enable static-libs static) \ - - # bug #151839 - echo '#undef SO_BSDCOMPAT' >> config.h - - if use nslint; then - cd $NSLINT_DIR - econf - fi -} - -src_compile() { - emake - - if use nslint; then - emake -C $NSLINT_DIR CCOPT="${CFLAGS}" - fi -} - -src_install() { - emake DESTDIR="${D}" install - - if use nslint; then - cd $NSLINT_DIR - dobin nslint - doman nslint.8 - cd "${S}" - fi - - dodoc CHANGES FAQ README - - if use idn; then - dodoc contrib/idn/README.idnkit - fi - - if use doc; then - dodoc doc/arm/Bv9ARM.pdf - - docinto misc - dodoc doc/misc/* - - # might a 'html' useflag make sense? - docinto html - dohtml -r doc/arm/* - - docinto contrib - dodoc contrib/scripts/{nanny.pl,named-bootconf.sh} - - # some handy-dandy dynamic dns examples - pushd "${D}"/usr/share/doc/${PF} 1>/dev/null - tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die - popd 1>/dev/null - fi - - insinto /etc/bind - newins "${FILESDIR}"/named.conf-r8 named.conf - - # ftp://ftp.rs.internic.net/domain/named.cache: - insinto /var/bind - newins "${FILESDIR}"/named.cache-r3 named.cache - - insinto /var/bind/pri - newins "${FILESDIR}"/localhost.zone-r3 localhost.zone - - newinitd "${FILESDIR}"/named.init-r13 named - newconfd "${FILESDIR}"/named.confd-r7 named - - if use gost; then - sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die - else - sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die - fi - - newenvd "${FILESDIR}"/10bind.env 10bind - - # Let's get rid of those tools and their manpages since they're provided by bind-tools - rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1* - rm -f "${D}"/usr/share/man/man8/nsupdate.8* - rm -f "${D}"/usr/bin/{dig,host,nslookup,nsupdate} - rm -f "${D}"/usr/sbin/{dig,host,nslookup,nsupdate} - for tool in dsfromkey importkey keyfromlabel keygen \ - revoke settime signzone verify; do - rm -f "${D}"/usr/{,s}bin/dnssec-"${tool}" - rm -f "${D}"/usr/share/man/man8/dnssec-"${tool}".8* - done - - # bug 405251, library archives aren't properly handled by --enable/disable-static - if ! use static-libs; then - find "${D}" -type f -name '*.a' -delete || die - fi - - # bug 405251 - find "${D}" -type f -name '*.la' -delete || die - - if use python; then - install_python_tools() { - dosbin bin/python/dnssec-{checkds,coverage} - } - python_foreach_impl install_python_tools - - python_replicate_script "${D}usr/sbin/dnssec-checkds" - python_replicate_script "${D}usr/sbin/dnssec-coverage" - fi - - # bug 450406 - dosym named.cache /var/bind/root.cache - - dosym /var/bind/pri /etc/bind/pri - dosym /var/bind/sec /etc/bind/sec - dosym /var/bind/dyn /etc/bind/dyn - keepdir /var/bind/{pri,sec,dyn} - - dodir /var/log/named - - fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn} - fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf} - fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf} - fperms 0750 /etc/bind /var/bind/pri - fperms 0770 /var/log/named /var/bind/{,sec,dyn} - - systemd_newunit "${FILESDIR}/named.service-r1" named.service - systemd_dotmpfilesd "${FILESDIR}"/named.conf - exeinto /usr/libexec - doexe "${FILESDIR}/generate-rndc-key.sh" -} - -pkg_postinst() { - if [ ! -f '/etc/bind/rndc.key' ]; then - if use urandom; then - einfo "Using /dev/urandom for generating rndc.key" - /usr/sbin/rndc-confgen -r /dev/urandom -a - echo - else - einfo "Using /dev/random for generating rndc.key" - /usr/sbin/rndc-confgen -a - echo - fi - chown root:named /etc/bind/rndc.key - chmod 0640 /etc/bind/rndc.key - fi - - einfo - einfo "You can edit /etc/conf.d/named to customize named settings" - einfo - use mysql || use postgres || use ldap && { - elog "If your named depends on MySQL/PostgreSQL or LDAP," - elog "uncomment the specified rc_named_* lines in your" - elog "/etc/conf.d/named config to ensure they'll start before bind" - einfo - } - einfo "If you'd like to run bind in a chroot AND this is a new" - einfo "install OR your bind doesn't already run in a chroot:" - einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named." - einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`" - einfo - - CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT}) - if [[ -n ${CHROOT} ]]; then - elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" - elog "To enable the old behaviour (without using mount) uncomment the" - elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config." - elog "If you decide to use the new/default method, ensure to make backup" - elog "first and merge your existing configs/zones to /etc/bind and" - elog "/var/bind because bind will now mount the needed directories into" - elog "the chroot dir." - fi -} - -pkg_config() { - CHROOT=$(source /etc/conf.d/named; echo ${CHROOT}) - CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT}) - CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP}) - - if [[ -z "${CHROOT}" ]]; then - eerror "This config script is designed to automate setting up" - eerror "a chrooted bind/named. To do so, please first uncomment" - eerror "and set the CHROOT variable in '/etc/conf.d/named'." - die "Unset CHROOT" - fi - if [[ -d "${CHROOT}" ]]; then - ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" - ewarn "To enable the old behaviour (without using mount) uncomment the" - ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config." - ewarn - ewarn "${CHROOT} already exists... some things might become overridden" - ewarn "press CTRL+C if you don't want to continue" - sleep 10 - fi - - echo; einfo "Setting up the chroot directory..." - - mkdir -m 0750 -p ${CHROOT} - mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} - mkdir -m 0750 -p ${CHROOT}/etc/bind - mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ - # As of bind 9.8.0 - if has_version net-dns/bind[gost]; then - if [ "$(get_libdir)" = "lib64" ]; then - mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines - ln -s lib64 ${CHROOT}/usr/lib - else - mkdir -m 0755 -p ${CHROOT}/usr/lib/engines - fi - fi - chown root:named ${CHROOT} ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ ${CHROOT}/etc/bind - - mknod ${CHROOT}/dev/null c 1 3 - chmod 0666 ${CHROOT}/dev/null - - mknod ${CHROOT}/dev/zero c 1 5 - chmod 0666 ${CHROOT}/dev/zero - - if use urandom; then - mknod ${CHROOT}/dev/urandom c 1 9 - chmod 0666 ${CHROOT}/dev/urandom - else - mknod ${CHROOT}/dev/random c 1 8 - chmod 0666 ${CHROOT}/dev/random - fi - - if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then - cp -a /etc/bind ${CHROOT}/etc/ - cp -a /var/bind ${CHROOT}/var/ - fi - - if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then - mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP - fi - - elog "You may need to add the following line to your syslog-ng.conf:" - elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };" -} diff --git a/net-dns/bind/bind-9.11.0_p5-r1.ebuild b/net-dns/bind/bind-9.14.8-r1.ebuild similarity index 60% rename from net-dns/bind/bind-9.11.0_p5-r1.ebuild rename to net-dns/bind/bind-9.14.8-r1.ebuild index 1cd9c7d82..93f9f107d 100644 --- a/net-dns/bind/bind-9.11.0_p5-r1.ebuild +++ b/net-dns/bind/bind-9.14.8-r1.ebuild @@ -1,6 +1,5 @@ -# Copyright 1999-2017 Gentoo Foundation +# Copyright 1999-2019 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -# $Id$ # Re dlz/mysql and threads, needs to be verified.. # MySQL uses thread local storage in its C api. Thus MySQL @@ -11,9 +10,9 @@ # Because of this BIND MUST only run with a single thread when # using the MySQL driver. -EAPI="5" +EAPI=7 -PYTHON_COMPAT=( python2_7 python3_4 ) +PYTHON_COMPAT=( python2_7 python3_{5,6,7} ) inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd @@ -25,60 +24,57 @@ SDB_LDAP_VER="1.1.0-fc14" RRL_PV="${MY_PV}" -NSLINT_DIR="contrib/nslint-3.0a2/" - # SDB-LDAP: http://bind9-ldap.bayour.com/ -DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server" -HOMEPAGE="http://www.isc.org/software/bind" -SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz +DESCRIPTION="Berkeley Internet Name Domain - Name Server" +HOMEPAGE="https://www.isc.org/software/bind" +SRC_URI="https://downloads.isc.org/isc/bind9/${PV}/${P}.tar.gz doc? ( mirror://gentoo/dyndns-samples.tbz2 )" LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0" SLOT="0" -KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +KEYWORDS="alpha amd64 arm arm64 ~hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" # -berkdb by default re bug 602682 -IUSE="-berkdb +caps dlz dnstap doc filter-aaaa fixed-rrset geoip gost gssapi idn ipv6 -json ldap libressl lmdb mysql nslint odbc postgres python rpz seccomp selinux ssl static-libs -+threads urandom xml +zlib sdb-ldap" +IUSE="-berkdb +caps dlz dnstap doc dnsrps fixed-rrset geoip geoip2 gssapi +json ldap libressl lmdb mysql odbc postgres python selinux static-libs +urandom xml +zlib sdb-ldap" +# sdb-ldap - patch broken # no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687 -REQUIRED_USE="postgres? ( dlz ) +REQUIRED_USE=" + ?? ( geoip geoip2 ) + postgres? ( dlz ) berkdb? ( dlz ) - mysql? ( dlz !threads ) + mysql? ( dlz ) odbc? ( dlz ) ldap? ( dlz ) - gost? ( !libressl ssl ) - threads? ( caps ) - dnstap? ( threads ) + python? ( ${PYTHON_REQUIRED_USE} ) sdb-ldap? ( dlz )" -DEPEND=" - ssl? ( - !libressl? ( dev-libs/openssl:0[-bindist] ) - libressl? ( dev-libs/libressl ) - ) - mysql? ( >=virtual/mysql-4.0 ) +DEPEND="!libressl? ( dev-libs/openssl:=[-bindist] ) + libressl? ( dev-libs/libressl:= ) + mysql? ( dev-db/mysql-connector-c:0= ) odbc? ( >=dev-db/unixODBC-2.2.6 ) ldap? ( net-nds/openldap ) - idn? ( net-dns/idnkit ) postgres? ( dev-db/postgresql:= ) caps? ( >=sys-libs/libcap-2.1.0 ) xml? ( dev-libs/libxml2 ) geoip? ( >=dev-libs/geoip-1.4.6 ) + geoip2? ( dev-libs/libmaxminddb ) gssapi? ( virtual/krb5 ) - gost? ( >=dev-libs/openssl-1.0.0:0[-bindist] ) - seccomp? ( sys-libs/libseccomp ) - json? ( dev-libs/json-c ) + json? ( dev-libs/json-c:= ) lmdb? ( dev-db/lmdb ) zlib? ( sys-libs/zlib ) dnstap? ( dev-libs/fstrm dev-libs/protobuf-c ) - python? ( dev-python/ply[${PYTHON_USEDEP}] ) + python? ( + ${PYTHON_DEPS} + dev-python/ply[${PYTHON_USEDEP}] + ) sdb-ldap? ( net-nds/openldap )" RDEPEND="${DEPEND} selinux? ( sec-policy/selinux-bind ) - || ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )" + sys-process/psmisc" S="${WORKDIR}/${MY_P}" @@ -93,6 +89,10 @@ pkg_setup() { } src_prepare() { + default + + export LDFLAGS="${LDFLAGS} -L${EPREFIX}/usr/$(get_libdir) -ldl" + # Adjusting PATHs in manpages for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do sed -i \ @@ -107,7 +107,7 @@ src_prepare() { # Upstream URL: http://bind9-ldap.bayour.com/ # New patch take from bug 302735 if use sdb-ldap; then - epatch "${FILESDIR}"/${PN}-9.11-sdb-ldap-${SDB_LDAP_VER}.patch + eapply "${FILESDIR}"/bind-9.14.8-sdb-ldap.patch cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/ cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/ cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/ @@ -120,26 +120,43 @@ src_prepare() { # Disable tests for now, bug 406399 sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die - if use nslint; then - sed -i -e 's:/etc/named.conf:/etc/bind/named.conf:' ${NSLINT_DIR}/nslint.{c,8} || die - fi - # bug #220361 - rm aclocal.m4 - rm -rf libtool.m4/ + rm aclocal.m4 || die + rm -rf libtool.m4/ || die eautoreconf } src_configure() { - local myconf="" - - if use urandom; then - myconf="${myconf} --with-randomdev=/dev/urandom" - else - myconf="${myconf} --with-randomdev=/dev/random" - fi + local myeconfargs=( + --sysconfdir=/etc/bind + --localstatedir=/var + --with-libtool + --enable-full-report + --without-readline + --with-openssl="${EPREFIX}"/usr + $(use_enable caps linux-caps) + $(use_enable dnsrps) + $(use_enable dnstap) + $(use_enable fixed-rrset) + # $(use_enable static-libs static) + $(use_with berkdb dlz-bdb) + $(use_with dlz dlopen) + $(use_with dlz dlz-filesystem) + $(use_with dlz dlz-stub) + $(use_with gssapi) + $(use_with json libjson) + $(use_with ldap dlz-ldap) + $(use_with mysql dlz-mysql) + $(use_with odbc dlz-odbc) + $(use_with postgres dlz-postgres) + $(use_with lmdb) + $(use_with python) + $(use_with xml libxml2) + $(use_with zlib) + ) - use geoip && myconf="${myconf} --with-geoip" + use geoip && myeconfargs+=( --with-geoip ) + use geoip2 && myeconfargs+=( --with-geoip2 ) # bug #158664 # gcc-specs-ssp && replace-flags -O[23s] -O @@ -148,92 +165,34 @@ src_configure() { use berkdb && append-flags "-I$(db_includedir)" export BUILD_CC=$(tc-getBUILD_CC) - econf \ - --sysconfdir=/etc/bind \ - --localstatedir=/var \ - --with-libtool \ - --enable-full-report \ - --without-readline \ - $(use_enable caps linux-caps) \ - $(use_enable filter-aaaa) \ - $(use_enable fixed-rrset) \ - $(use_enable ipv6) \ - $(use_enable rpz rpz-nsdname) \ - $(use_enable rpz rpz-nsip) \ - $(use_enable seccomp) \ - $(use_enable threads) \ - $(use_with berkdb dlz-bdb) \ - $(use_with dlz dlopen) \ - $(use_with dlz dlz-filesystem) \ - $(use_with dlz dlz-stub) \ - $(use_with gost) \ - $(use_with gssapi) \ - $(use_with idn) \ - $(use_with json libjson) \ - $(use_with ldap dlz-ldap) \ - $(use_with mysql dlz-mysql) \ - $(use_with odbc dlz-odbc) \ - $(use_with postgres dlz-postgres) \ - $(use_with lmdb) \ - $(use_with python) \ - $(use_with ssl ecdsa) \ - $(use_with ssl openssl "${EPREFIX}"/usr) \ - $(use_with xml libxml2) \ - $(use_with zlib) \ - ${myconf} - - # $(use_enable static-libs static) \ + econf "${myeconfargs[@]}" # bug #151839 echo '#undef SO_BSDCOMPAT' >> config.h - - if use nslint; then - cd $NSLINT_DIR - econf - fi -} - -src_compile() { - emake - - if use nslint; then - emake -C $NSLINT_DIR CCOPT="${CFLAGS}" - fi } src_install() { - emake DESTDIR="${D}" install - - if use nslint; then - cd $NSLINT_DIR - dobin nslint - doman nslint.8 - cd "${S}" - fi - - dodoc CHANGES FAQ README + default - if use idn; then - dodoc contrib/idn/README.idnkit - fi + dodoc CHANGES README if use doc; then dodoc doc/arm/Bv9ARM.pdf docinto misc - dodoc doc/misc/* + dodoc -r doc/misc/ # might a 'html' useflag make sense? docinto html - dohtml -r doc/arm/* + dodoc -r doc/arm/ docinto contrib dodoc contrib/scripts/{nanny.pl,named-bootconf.sh} # some handy-dandy dynamic dns examples - pushd "${D}"/usr/share/doc/${PF} 1>/dev/null + pushd "${ED}"/usr/share/doc/${PF} 1>/dev/null || die tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die - popd 1>/dev/null + popd 1>/dev/null || die fi insinto /etc/bind @@ -249,32 +208,26 @@ src_install() { newinitd "${FILESDIR}"/named.init-r13 named newconfd "${FILESDIR}"/named.confd-r7 named - if use gost; then - sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die - else - sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die - fi - newenvd "${FILESDIR}"/10bind.env 10bind # Let's get rid of those tools and their manpages since they're provided by bind-tools - rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1* - rm -f "${D}"/usr/share/man/man8/nsupdate.8* - rm -f "${D}"/usr/bin/{dig,host,nslookup,nsupdate} - rm -f "${D}"/usr/sbin/{dig,host,nslookup,nsupdate} + rm -f "${ED}"/usr/share/man/man1/{dig,host,nslookup}.1* || die + rm -f "${ED}"/usr/share/man/man8/nsupdate.8* || die + rm -f "${ED}"/usr/bin/{dig,host,nslookup,nsupdate} || die + rm -f "${ED}"/usr/sbin/{dig,host,nslookup,nsupdate} || die for tool in dsfromkey importkey keyfromlabel keygen \ - revoke settime signzone verify; do - rm -f "${D}"/usr/{,s}bin/dnssec-"${tool}" - rm -f "${D}"/usr/share/man/man8/dnssec-"${tool}".8* + revoke settime signzone verify; do + rm -f "${ED}"/usr/{,s}bin/dnssec-"${tool}" || die + rm -f "${ED}"/usr/share/man/man8/dnssec-"${tool}".8* || die done # bug 405251, library archives aren't properly handled by --enable/disable-static if ! use static-libs; then - find "${D}" -type f -name '*.a' -delete || die + find "${ED}" -type f -name '*.a' -delete || die fi # bug 405251 - find "${D}" -type f -name '*.la' -delete || die + find "${ED}" -type f -name '*.la' -delete || die if use python; then install_python_tools() { @@ -282,16 +235,16 @@ src_install() { } python_foreach_impl install_python_tools - python_replicate_script "${D}usr/sbin/dnssec-checkds" - python_replicate_script "${D}usr/sbin/dnssec-coverage" + python_replicate_script "${ED}/usr/sbin/dnssec-checkds" + python_replicate_script "${ED}/usr/sbin/dnssec-coverage" fi # bug 450406 dosym named.cache /var/bind/root.cache - dosym /var/bind/pri /etc/bind/pri - dosym /var/bind/sec /etc/bind/sec - dosym /var/bind/dyn /etc/bind/dyn + dosym ../../var/bind/pri /etc/bind/pri + dosym ../../var/bind/sec /etc/bind/sec + dosym ../../var/bind/dyn /etc/bind/dyn keepdir /var/bind/{pri,sec,dyn} dodir /var/log/named @@ -319,8 +272,8 @@ pkg_postinst() { /usr/sbin/rndc-confgen -a echo fi - chown root:named /etc/bind/rndc.key - chmod 0640 /etc/bind/rndc.key + chown root:named /etc/bind/rndc.key || die + chmod 0640 /etc/bind/rndc.key || die fi einfo @@ -373,42 +326,43 @@ pkg_config() { echo; einfo "Setting up the chroot directory..." - mkdir -m 0750 -p ${CHROOT} - mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} - mkdir -m 0750 -p ${CHROOT}/etc/bind - mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ - # As of bind 9.8.0 - if has_version net-dns/bind[gost]; then - if [ "$(get_libdir)" = "lib64" ]; then - mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines - ln -s lib64 ${CHROOT}/usr/lib - else - mkdir -m 0755 -p ${CHROOT}/usr/lib/engines - fi - fi - chown root:named ${CHROOT} ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ ${CHROOT}/etc/bind + mkdir -m 0750 -p ${CHROOT} || die + mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} || die + mkdir -m 0750 -p ${CHROOT}/etc/bind || die + mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ || die + + chown root:named \ + ${CHROOT} \ + ${CHROOT}/var/{bind,log/named} \ + ${CHROOT}/run/named/ \ + ${CHROOT}/etc/bind \ + || die - mknod ${CHROOT}/dev/null c 1 3 - chmod 0666 ${CHROOT}/dev/null + mknod ${CHROOT}/dev/null c 1 3 || die + chmod 0666 ${CHROOT}/dev/null || die - mknod ${CHROOT}/dev/zero c 1 5 - chmod 0666 ${CHROOT}/dev/zero + mknod ${CHROOT}/dev/zero c 1 5 || die + chmod 0666 ${CHROOT}/dev/zero || die if use urandom; then - mknod ${CHROOT}/dev/urandom c 1 9 - chmod 0666 ${CHROOT}/dev/urandom + mknod ${CHROOT}/dev/urandom c 1 9 || die + chmod 0666 ${CHROOT}/dev/urandom || die else - mknod ${CHROOT}/dev/random c 1 8 - chmod 0666 ${CHROOT}/dev/random + mknod ${CHROOT}/dev/random c 1 8 || die + chmod 0666 ${CHROOT}/dev/random || die fi if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then - cp -a /etc/bind ${CHROOT}/etc/ - cp -a /var/bind ${CHROOT}/var/ + cp -a /etc/bind ${CHROOT}/etc/ || die + cp -a /var/bind ${CHROOT}/var/ || die fi if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then - mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP + if use geoip; then + mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP || die + elif use geoip2; then + mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP2 || die + fi fi elog "You may need to add the following line to your syslog-ng.conf:" diff --git a/net-dns/bind/files/bind-9.10.3_p2-libressl.patch b/net-dns/bind/files/bind-9.10.3_p2-libressl.patch deleted file mode 100644 index a38a70d05..000000000 --- a/net-dns/bind/files/bind-9.10.3_p2-libressl.patch +++ /dev/null @@ -1,110 +0,0 @@ -Fix LibreSSL compatibility, patches from OpenBSD - -http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/isc-bind/patches/ - -http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_dst_openssl_h?rev=1.1&content-type=text/plain -http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_openssl_link_c?rev=1.1&content-type=text/plain -http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_openssldh_link_c?rev=1.1&content-type=text/plain -http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_openssldsa_link_c?rev=1.1&content-type=text/plain -http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_opensslrsa_link_c?rev=1.1&content-type=text/plain - ---- lib/dns/dst_openssl.h.orig Wed Sep 16 14:00:47 2015 -+++ lib/dns/dst_openssl.h Wed Sep 16 14:02:42 2015 -@@ -36,7 +36,7 @@ - #define USE_ENGINE 1 - #endif - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - /* - * These are new in OpenSSL 1.1.0. BN_GENCB _cb needs to be declared in - * the function like this before the BN_GENCB_new call: ---- lib/dns/openssl_link.c.orig Wed Sep 16 14:01:23 2015 -+++ lib/dns/openssl_link.c Wed Sep 16 14:01:46 2015 -@@ -88,7 +88,7 @@ entropy_getpseudo(unsigned char *buf, int num) { - return (result == ISC_R_SUCCESS ? 1 : -1); - } - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - static void - entropy_add(const void *buf, int num, double entropy) { - /* -@@ -121,7 +121,7 @@ lock_callback(int mode, int type, const char *file, in - UNLOCK(&locks[type]); - } - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - static unsigned long - id_callback(void) { - return ((unsigned long)isc_thread_self()); -@@ -187,7 +187,7 @@ dst__openssl_init(const char *engine) { - if (result != ISC_R_SUCCESS) - goto cleanup_mutexalloc; - CRYPTO_set_locking_callback(lock_callback); --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - CRYPTO_set_id_callback(id_callback); - #endif - -@@ -287,7 +287,7 @@ dst__openssl_destroy(void) { - CRYPTO_cleanup_all_ex_data(); - #endif - ERR_clear_error(); --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - ERR_remove_state(0); - #endif - ERR_free_strings(); ---- lib/dns/openssldh_link.c.orig Wed Sep 16 14:01:23 2015 -+++ lib/dns/openssldh_link.c Wed Sep 16 14:02:06 2015 -@@ -173,7 +173,7 @@ openssldh_generate(dst_key_t *key, int generator, void - DH *dh = NULL; - #if OPENSSL_VERSION_NUMBER > 0x00908000L - BN_GENCB *cb; --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - BN_GENCB _cb; - #endif - union { -@@ -210,7 +210,7 @@ openssldh_generate(dst_key_t *key, int generator, void - if (dh == NULL) - return (dst__openssl_toresult(ISC_R_NOMEMORY)); - cb = BN_GENCB_new(); --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - if (cb == NULL) { - DH_free(dh); - return (dst__openssl_toresult(ISC_R_NOMEMORY)); ---- lib/dns/openssldsa_link.c.orig Wed Sep 16 14:01:23 2015 -+++ lib/dns/openssldsa_link.c Wed Sep 16 14:02:22 2015 -@@ -359,7 +359,7 @@ openssldsa_generate(dst_key_t *key, int unused, void ( - isc_result_t result; - #if OPENSSL_VERSION_NUMBER > 0x00908000L - BN_GENCB *cb; --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - BN_GENCB _cb; - #endif - union { -@@ -383,7 +383,7 @@ openssldsa_generate(dst_key_t *key, int unused, void ( - if (dsa == NULL) - return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); - cb = BN_GENCB_new(); --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - if (cb == NULL) { - DSA_free(dsa); - return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); ---- lib/dns/opensslrsa_link.c.orig Wed Sep 16 14:01:23 2015 -+++ lib/dns/opensslrsa_link.c Wed Sep 16 14:02:31 2015 -@@ -771,7 +771,7 @@ opensslrsa_generate(dst_key_t *key, int exp, void (*ca - } u; - RSA *rsa = RSA_new(); - BIGNUM *e = BN_new(); --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - BN_GENCB _cb; - #endif - BN_GENCB *cb = BN_GENCB_new(); diff --git a/net-dns/bind/files/bind-9.11-sdb-ldap-1.1.0-fc14.patch b/net-dns/bind/files/bind-9.11-sdb-ldap-1.1.0-fc14.patch deleted file mode 100644 index a00bedabb..000000000 --- a/net-dns/bind/files/bind-9.11-sdb-ldap-1.1.0-fc14.patch +++ /dev/null @@ -1,1123 +0,0 @@ -diff -ruN bind-9.11.0-P3.orig/bin/named/main.c bind-9.11.0-P3/bin/named/main.c ---- bind-9.11.0-P3.orig/bin/named/main.c 2017-01-31 09:17:11.000000000 +0300 -+++ bind-9.11.0-P3/bin/named/main.c 2017-02-16 09:14:50.342182446 +0300 -@@ -88,6 +88,7 @@ - * Include header files for database drivers here. - */ - /* #include "xxdb.h" */ -+#include "ldapdb.h" - - #ifdef CONTRIB_DLZ - /* -@@ -873,6 +874,8 @@ - if (!isc_log_wouldlog(ns_g_lctx, ISC_LOG_DEBUG(99))) - return; - -+ ldapdb_clear(); -+ - isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, - ISC_LOG_DEBUG(99), "Symbol table:"); - -@@ -1163,6 +1166,24 @@ - isc_result_totext(result)); - #endif - -+ result = ldapdb_init(); -+ if (result != ISC_R_SUCCESS) -+ { -+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, -+ ISC_LOG_ERROR, -+ "SDB ldap module initialisation failed: %s.", -+ isc_result_totext(result) -+ ); -+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, -+ ISC_LOG_ERROR, -+ "SDB ldap zone database will be unavailable." -+ ); -+ }else -+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, -+ ISC_LOG_NOTICE, "SDB ldap zone database module loaded." -+ ); -+ -+ - ns_server_create(ns_g_mctx, &ns_g_server); - - #ifdef HAVE_LIBSECCOMP -@@ -1205,6 +1226,8 @@ - - dns_name_destroy(); - -+ ldapdb_clear(); -+ - isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, - ISC_LOG_NOTICE, "exiting"); - ns_log_shutdown(); -diff -ruN bind-9.11.0-P3.orig/bin/named/Makefile.in bind-9.11.0-P3/bin/named/Makefile.in ---- bind-9.11.0-P3.orig/bin/named/Makefile.in 2017-01-31 09:17:11.000000000 +0300 -+++ bind-9.11.0-P3/bin/named/Makefile.in 2017-02-16 09:08:13.629208524 +0300 -@@ -23,10 +23,10 @@ - # - # Add database drivers here. - # --DBDRIVER_OBJS = --DBDRIVER_SRCS = -+DBDRIVER_OBJS = ldapdb.@O@ -+DBDRIVER_SRCS = ldapdb.c - DBDRIVER_INCLUDES = --DBDRIVER_LIBS = -++DBDRIVER_LIBS = -lldap -llber -ldb - - DLZ_DRIVER_DIR = ${top_srcdir}/contrib/dlz/drivers - -diff -ruN bind-9.11.0-P3.orig/bin/tools/Makefile.in bind-9.11.0-P3/bin/tools/Makefile.in ---- bind-9.11.0-P3.orig/bin/tools/Makefile.in 2017-01-31 09:17:11.000000000 +0300 -+++ bind-9.11.0-P3/bin/tools/Makefile.in 2017-02-16 09:21:58.990154269 +0300 -@@ -15,23 +15,28 @@ - CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} ${ISCCFG_INCLUDES} \ - ${LWRES_INCLUDES} ${OMAPI_INCLUDES} ${BIND9_INCLUDES} - --CDEFINES = -DVERSION=\"${VERSION}\" -+CDEFINES = -DVERSION=\"${VERSION}\" -DBIND9 - CWARNINGS = - - DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@ - BIND9LIBS = ../../lib/bind9/libbind9.@A@ -+ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@ -+ISCCCLIBS = ../../lib/isccc/libisccc.@A@ - ISCLIBS = ../../lib/isc/libisc.@A@ @DNS_CRYPTO_LIBS@ - ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ --ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@ - LWRESLIBS = ../../lib/lwres/liblwres.@A@ - - DNSDEPLIBS = ../../lib/dns/libdns.@A@ -+ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@ -+ISCCCDEPLIBS = ../../lib/isccc/libisccc.@A@ --BIND9DEPLIBS = ../../lib/bind9/libbind9.@A@ - ISCDEPLIBS = ../../lib/isc/libisc.@A@ --ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@ - LWRESDEPLIBS = ../../lib/lwres/liblwres.@A@ -+BIND9DEPLIBS = ../../lib/bind9/libbind9.@A@ -+DEPLIBS = ${LWRESDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \ -+ ${ISCCFGDEPLIBS} ${ISCCCDEPLIBS} ${ISCDEPLIBS} -+LIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \ -+ ${ISCCFGLIBS} ${ISCCCLIBS} ${ISCLIBS} ${DBDRIVER_LIBS} @LIBS@ - --LIBS = ${ISCLIBS} @LIBS@ - NOSYMLIBS = ${ISCNOSYMLIBS} @LIBS@ - - SUBDIRS = -@@ -41,17 +47,19 @@ - TARGETS = arpaname@EXEEXT@ named-journalprint@EXEEXT@ \ - named-rrchecker@EXEEXT@ nsec3hash@EXEEXT@ \ - genrandom@EXEEXT@ isc-hmac-fixup@EXEEXT@ mdig@EXEEXT@ \ -- @DNSTAPTARGETS@ @NZDTARGETS@ -+ @DNSTAPTARGETS@ @NZDTARGETS@ ldap2zone@EXEEXT@ \ -+ zone2ldap@EXEEXT@ - - DNSTAPSRCS = dnstap-read.c - NZDSRCS = named-nzd2nzf.c - SRCS = arpaname.c named-journalprint.c named-rrchecker.c \ - nsec3hash.c genrandom.c isc-hmac-fixup.c mdig.c \ -- @DNSTAPSRCS@ @NZDSRCS@ -+ @DNSTAPSRCS@ @NZDSRCS@ ldap2zone.c zone2ldap.c - - MANPAGES = arpaname.1 dnstap-read.1 genrandom.8 \ - isc-hmac-fixup.8 mdig.1 named-journalprint.8 \ -- named-nzd2nzf.8 named-rrchecker.1 nsec3hash.8 -+ named-nzd2nzf.8 named-rrchecker.1 nsec3hash.8 \ -+ ldap2zone.1 zone2ldap.1 - - HTMLPAGES = arpaname.html dnstap-read.html genrandom.html \ - isc-hmac-fixup.html mdig.html named-journalprint.html \ -@@ -104,6 +112,12 @@ - export LIBS0="${ISCCFGLIBS} ${ISCCCLIBS} ${BIND9LIBS} ${DNSLIBS}"; \ - ${FINALBUILDCMD} - -+ldap2zone@EXEEXT@: ldap2zone.@O@ ${DEPLIBS} -+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ ldap2zone.@O@ -lldap -llber ${LIBS} -+ -+zone2ldap@EXEEXT@: zone2ldap.@O@ ${DEPLIBS} -+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ zone2ldap.@O@ -lldap -llber ${LIBS} -+ - doc man:: ${MANOBJS} - - docclean manclean maintainer-clean:: -@@ -140,7 +154,11 @@ - ${DESTDIR}${sbindir} - ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} mdig@EXEEXT@ \ - ${DESTDIR}${bindir} -+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zone2ldap@EXEEXT@ ${DESTDIR}${sbindir} -+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} ldap2zone@EXEEXT@ ${DESTDIR}${sbindir} - ${INSTALL_DATA} ${srcdir}/arpaname.1 ${DESTDIR}${mandir}/man1 -+ ${INSTALL_DATA} ${srcdir}/zone2ldap.1 ${DESTDIR}${mandir}/man1 -+ ${INSTALL_DATA} ${srcdir}/ldap2zone.1 ${DESTDIR}${mandir}/man1 - ${INSTALL_DATA} ${srcdir}/isc-hmac-fixup.8 ${DESTDIR}${mandir}/man8 - ${INSTALL_DATA} ${srcdir}/named-journalprint.8 ${DESTDIR}${mandir}/man8 - ${INSTALL_DATA} ${srcdir}/named-rrchecker.1 ${DESTDIR}${mandir}/man1 -diff -ruN bind-9.11.0-P3.orig/contrib/sdb/ldap/ldap2zone.1 bind-9.11.0-P3/contrib/sdb/ldap/ldap2zone.1 ---- bind-9.11.0-P3.orig/contrib/sdb/ldap/ldap2zone.1 1970-01-01 03:00:00.000000000 +0300 -+++ bind-9.11.0-P3/contrib/sdb/ldap/ldap2zone.1 2017-02-16 09:33:33.854108592 +0300 -@@ -0,0 +1,41 @@ -+.\" Copyright (C) 2004, 2005 Stig Venaas -+.\" -+.\" Permission to use, copy, modify, and distribute this software for any -+.\" purpose with or without fee is hereby granted, provided that the above -+.\" copyright notice and this permission notice appear in all copies. -+.\" Manpage written by Jan Gorig -+.TH ldap2zone 1 "15 March 2010" "BIND9" -+.SH NAME -+ldap2zone - Creates zone file from LDAP dnszone information -+.SH SYNOPSIS -+.B ldap2zone zone-name LDAP-URL default-ttl [serial] -+.SH DESCRIPTION -+ldap2zone is a tool that reads info for a zone from LDAP and constructs a standard plain ascii zone file that is written to the standard output. The LDAP information has to be stored using the dnszone schema. The schema is used by BIND with LDAP back-end. -+ -+\fBzone-name\fR -+.RS 4 -+Name of the zone, eg "mydomain.net." -+.RE -+.PP -+\fBLDAP-URL\fR -+.RS 4 -+LDAP URL to dnszone information -+.RE -+.PP -+\fBdefault-ttl\fR -+.RS 4 -+Default TTL value to be used in zone -+.RE -+.PP -+\fBserial\fR -+.RS 4 -+(optional) Program checks this number to be different than SOA serial number. -+.RE -+ -+.SH "EXIT STATUS" -+Exits with 0 on success or 1 on failure. -+.SH "SEE ALSO" -+named(8) ldap(3) -+http://www.venaas.no/dns/ldap2zone/ -+.SH "COPYRIGHT" -+Copyright (C) 2004, 2005 Stig Venaas -diff -ruN bind-9.11.0-P3.orig/contrib/sdb/ldap/ldap2zone.c bind-9.11.0-P3/contrib/sdb/ldap/ldap2zone.c ---- bind-9.11.0-P3.orig/contrib/sdb/ldap/ldap2zone.c 1970-01-01 03:00:00.000000000 +0300 -+++ bind-9.11.0-P3/contrib/sdb/ldap/ldap2zone.c 2017-02-16 09:34:10.392106190 +0300 -@@ -0,0 +1,411 @@ -+/* -+ * Copyright (C) 2004, 2005 Stig Venaas -+ * $Id: ldap2zone.c,v 1.1 2007/07/24 15:18:00 atkac Exp $ -+ * -+ * Permission to use, copy, modify, and distribute this software for any -+ * purpose with or without fee is hereby granted, provided that the above -+ * copyright notice and this permission notice appear in all copies. -+ */ -+ -+#define LDAP_DEPRECATED 1 -+ -+#include -+#include -+#include -+#include -+ -+#include -+ -+struct string { -+ void *data; -+ size_t len; -+}; -+ -+struct assstack_entry { -+ struct string key; -+ struct string val; -+ struct assstack_entry *next; -+}; -+ -+struct assstack_entry *assstack_find(struct assstack_entry *stack, struct string *key); -+void assstack_push(struct assstack_entry **stack, struct assstack_entry *item); -+void assstack_insertbottom(struct assstack_entry **stack, struct assstack_entry *item); -+void printsoa(struct string *soa); -+void printrrs(char *defaultttl, struct assstack_entry *item); -+void print_zone(char *defaultttl, struct assstack_entry *stack); -+void usage(char *name); -+void err(char *name, const char *msg); -+int putrr(struct assstack_entry **stack, struct berval *name, char *type, char *ttl, struct berval *val); -+ -+struct assstack_entry *assstack_find(struct assstack_entry *stack, struct string *key) { -+ for (; stack; stack = stack->next) -+ if (stack->key.len == key->len && !memcmp(stack->key.data, key->data, key->len)) -+ return stack; -+ return NULL; -+} -+ -+void assstack_push(struct assstack_entry **stack, struct assstack_entry *item) { -+ item->next = *stack; -+ *stack = item; -+} -+ -+void assstack_insertbottom(struct assstack_entry **stack, struct assstack_entry *item) { -+ struct assstack_entry *p; -+ -+ item->next = NULL; -+ if (!*stack) { -+ *stack = item; -+ return; -+ } -+ /* find end, should keep track of end somewhere */ -+ /* really a queue, not a stack */ -+ p = *stack; -+ while (p->next) -+ p = p->next; -+ p->next = item; -+} -+ -+void printsoa(struct string *soa) { -+ char *s; -+ size_t i; -+ -+ s = (char *)soa->data; -+ i = 0; -+ while (i < soa->len) { -+ putchar(s[i]); -+ if (s[i++] == ' ') -+ break; -+ } -+ while (i < soa->len) { -+ putchar(s[i]); -+ if (s[i++] == ' ') -+ break; -+ } -+ printf("(\n\t\t\t\t"); -+ while (i < soa->len) { -+ putchar(s[i]); -+ if (s[i++] == ' ') -+ break; -+ } -+ printf("; Serialnumber\n\t\t\t\t"); -+ while (i < soa->len) { -+ if (s[i] == ' ') -+ break; -+ putchar(s[i++]); -+ } -+ i++; -+ printf("\t; Refresh\n\t\t\t\t"); -+ while (i < soa->len) { -+ if (s[i] == ' ') -+ break; -+ putchar(s[i++]); -+ } -+ i++; -+ printf("\t; Retry\n\t\t\t\t"); -+ while (i < soa->len) { -+ if (s[i] == ' ') -+ break; -+ putchar(s[i++]); -+ } -+ i++; -+ printf("\t; Expire\n\t\t\t\t"); -+ while (i < soa->len) { -+ putchar(s[i++]); -+ } -+ printf(" )\t; Minimum TTL\n"); -+} -+ -+void printrrs(char *defaultttl, struct assstack_entry *item) { -+ struct assstack_entry *stack; -+ char *s; -+ int first; -+ size_t i; -+ char *ttl, *type; -+ int top; -+ -+ s = (char *)item->key.data; -+ -+ if (item->key.len == 1 && *s == '@') { -+ top = 1; -+ printf("@\t"); -+ } else { -+ top = 0; -+ for (i = 0; i < item->key.len; i++) -+ putchar(s[i]); -+ if (item->key.len < 8) -+ putchar('\t'); -+ putchar('\t'); -+ } -+ -+ first = 1; -+ for (stack = (struct assstack_entry *) item->val.data; stack; stack = stack->next) { -+ ttl = (char *)stack->key.data; -+ s = strchr(ttl, ' '); -+ *s++ = '\0'; -+ type = s; -+ -+ if (first) -+ first = 0; -+ else -+ printf("\t\t"); -+ -+ if (strcmp(defaultttl, ttl)) -+ printf("%s", ttl); -+ putchar('\t'); -+ -+ if (top) { -+ top = 0; -+ printf("IN\t%s\t", type); -+ /* Should always be SOA here */ -+ if (!strcmp(type, "SOA")) { -+ printsoa(&stack->val); -+ continue; -+ } -+ } else -+ printf("%s\t", type); -+ -+ s = (char *)stack->val.data; -+ for (i = 0; i < stack->val.len; i++) -+ putchar(s[i]); -+ putchar('\n'); -+ } -+} -+ -+void print_zone(char *defaultttl, struct assstack_entry *stack) { -+ printf("$TTL %s\n", defaultttl); -+ for (; stack; stack = stack->next) -+ printrrs(defaultttl, stack); -+}; -+ -+void usage(char *name) { -+ fprintf(stderr, "Usage:%s zone-name LDAP-URL default-ttl [serial]\n", name); -+ exit(1); -+}; -+ -+void err(char *name, const char *msg) { -+ fprintf(stderr, "%s: %s\n", name, msg); -+ exit(1); -+}; -+ -+int putrr(struct assstack_entry **stack, struct berval *name, char *type, char *ttl, struct berval *val) { -+ struct string key; -+ struct assstack_entry *rr, *rrdata; -+ -+ /* Do nothing if name or value have 0 length */ -+ if (!name->bv_len || !val->bv_len) -+ return 0; -+ -+ /* see if already have an entry for this name */ -+ key.len = name->bv_len; -+ key.data = name->bv_val; -+ -+ rr = assstack_find(*stack, &key); -+ if (!rr) { -+ /* Not found, create and push new entry */ -+ rr = (struct assstack_entry *) malloc(sizeof(struct assstack_entry)); -+ if (!rr) -+ return -1; -+ rr->key.len = name->bv_len; -+ rr->key.data = (void *) malloc(rr->key.len); -+ if (!rr->key.data) { -+ free(rr); -+ return -1; -+ } -+ memcpy(rr->key.data, name->bv_val, name->bv_len); -+ rr->val.len = sizeof(void *); -+ rr->val.data = NULL; -+ if (name->bv_len == 1 && *(char *)name->bv_val == '@') -+ assstack_push(stack, rr); -+ else -+ assstack_insertbottom(stack, rr); -+ } -+ -+ rrdata = (struct assstack_entry *) malloc(sizeof(struct assstack_entry)); -+ if (!rrdata) { -+ free(rr->key.data); -+ free(rr); -+ return -1; -+ } -+ rrdata->key.len = strlen(type) + strlen(ttl) + 1; -+ rrdata->key.data = (void *) malloc(rrdata->key.len); -+ if (!rrdata->key.data) { -+ free(rrdata); -+ free(rr->key.data); -+ free(rr); -+ return -1; -+ } -+ sprintf((char *)rrdata->key.data, "%s %s", ttl, type); -+ -+ rrdata->val.len = val->bv_len; -+ rrdata->val.data = (void *) malloc(val->bv_len); -+ if (!rrdata->val.data) { -+ free(rrdata->key.data); -+ free(rrdata); -+ free(rr->key.data); -+ free(rr); -+ return -1; -+ } -+ memcpy(rrdata->val.data, val->bv_val, val->bv_len); -+ -+ if (!strcmp(type, "SOA")) -+ assstack_push((struct assstack_entry **) &(rr->val.data), rrdata); -+ else -+ assstack_insertbottom((struct assstack_entry **) &(rr->val.data), rrdata); -+ return 0; -+} -+ -+int main(int argc, char **argv) { -+ char *s, *hostporturl, *base = NULL; -+ char *ttl, *defaultttl; -+ LDAP *ld; -+ char *fltr = NULL; -+ LDAPMessage *res, *e; -+ char *a, **ttlvals, **soavals, *serial; -+ struct berval **vals, **names; -+ char type[64]; -+ BerElement *ptr; -+ int i, j, rc, msgid; -+ struct assstack_entry *zone = NULL; -+ -+ if (argc < 4 || argc > 5) -+ usage(argv[0]); -+ -+ hostporturl = argv[2]; -+ -+ if (hostporturl != strstr( hostporturl, "ldap")) -+ err(argv[0], "Not an LDAP URL"); -+ -+ s = strchr(hostporturl, ':'); -+ -+ if (!s || strlen(s) < 3 || s[1] != '/' || s[2] != '/') -+ err(argv[0], "Not an LDAP URL"); -+ -+ s = strchr(s+3, '/'); -+ if (s) { -+ *s++ = '\0'; -+ base = s; -+ s = strchr(base, '?'); -+ if (s) -+ err(argv[0], "LDAP URL can only contain host, port and base"); -+ } -+ -+ defaultttl = argv[3]; -+ -+ rc = ldap_initialize(&ld, hostporturl); -+ if (rc != LDAP_SUCCESS) -+ err(argv[0], "ldap_initialize() failed"); -+ -+ if (argc == 5) { -+ /* serial number specified, check if different from one in SOA */ -+ fltr = (char *)malloc(strlen(argv[1]) + strlen("(&(relativeDomainName=@)(zoneName=))") + 1); -+ sprintf(fltr, "(&(relativeDomainName=@)(zoneName=%s))", argv[1]); -+ msgid = ldap_search(ld, base, LDAP_SCOPE_SUBTREE, fltr, NULL, 0); -+ if (msgid == -1) -+ err(argv[0], "ldap_search() failed"); -+ -+ while ((rc = ldap_result(ld, msgid, 0, NULL, &res)) != LDAP_RES_SEARCH_RESULT ) { -+ /* not supporting continuation references at present */ -+ if (rc != LDAP_RES_SEARCH_ENTRY) -+ err(argv[0], "ldap_result() returned cont.ref? Exiting"); -+ -+ /* only one entry per result message */ -+ e = ldap_first_entry(ld, res); -+ if (e == NULL) { -+ ldap_msgfree(res); -+ err(argv[0], "ldap_first_entry() failed"); -+ } -+ -+ soavals = ldap_get_values(ld, e, "SOARecord"); -+ if (soavals) -+ break; -+ } -+ -+ ldap_msgfree(res); -+ if (!soavals) { -+ err(argv[0], "No SOA Record found"); -+ } -+ -+ /* We have a SOA, compare serial numbers */ -+ /* Only checkinf first value, should be only one */ -+ s = strchr(soavals[0], ' '); -+ s++; -+ s = strchr(s, ' '); -+ s++; -+ serial = s; -+ s = strchr(s, ' '); -+ *s = '\0'; -+ if (!strcmp(serial, argv[4])) { -+ ldap_value_free(soavals); -+ err(argv[0], "serial numbers match"); -+ } -+ ldap_value_free(soavals); -+ } -+ -+ if (!fltr) -+ fltr = (char *)malloc(strlen(argv[1]) + strlen("(zoneName=)") + 1); -+ if (!fltr) -+ err(argv[0], "Malloc failed"); -+ sprintf(fltr, "(zoneName=%s)", argv[1]); -+ -+ msgid = ldap_search(ld, base, LDAP_SCOPE_SUBTREE, fltr, NULL, 0); -+ if (msgid == -1) -+ err(argv[0], "ldap_search() failed"); -+ -+ while ((rc = ldap_result(ld, msgid, 0, NULL, &res)) != LDAP_RES_SEARCH_RESULT ) { -+ /* not supporting continuation references at present */ -+ if (rc != LDAP_RES_SEARCH_ENTRY) -+ err(argv[0], "ldap_result() returned cont.ref? Exiting"); -+ -+ /* only one entry per result message */ -+ e = ldap_first_entry(ld, res); -+ if (e == NULL) { -+ ldap_msgfree(res); -+ err(argv[0], "ldap_first_entry() failed"); -+ } -+ -+ names = ldap_get_values_len(ld, e, "relativeDomainName"); -+ if (!names) -+ continue; -+ -+ ttlvals = ldap_get_values(ld, e, "dNSTTL"); -+ ttl = ttlvals ? ttlvals[0] : defaultttl; -+ -+ for (a = ldap_first_attribute(ld, e, &ptr); a != NULL; a = ldap_next_attribute(ld, e, ptr)) { -+ char *s; -+ -+ for (s = a; *s; s++) -+ *s = toupper(*s); -+ s = strstr(a, "RECORD"); -+ if ((s == NULL) || (s == a) || (s - a >= (signed int)sizeof(type))) { -+ ldap_memfree(a); -+ continue; -+ } -+ -+ strncpy(type, a, s - a); -+ type[s - a] = '\0'; -+ vals = ldap_get_values_len(ld, e, a); -+ if (vals) { -+ for (i = 0; vals[i]; i++) -+ for (j = 0; names[j]; j++) -+ if (putrr(&zone, names[j], type, ttl, vals[i])) -+ err(argv[0], "malloc failed"); -+ ldap_value_free_len(vals); -+ } -+ ldap_memfree(a); -+ } -+ -+ if (ptr) -+ ber_free(ptr, 0); -+ if (ttlvals) -+ ldap_value_free(ttlvals); -+ ldap_value_free_len(names); -+ /* free this result */ -+ ldap_msgfree(res); -+ } -+ -+ /* free final result */ -+ ldap_msgfree(res); -+ -+ print_zone(defaultttl, zone); -+ return 0; -+} -diff -ruN bind-9.11.0-P3.orig/contrib/sdb/ldap/ldapdb.c bind-9.11.0-P3/contrib/sdb/ldap/ldapdb.c ---- bind-9.11.0-P3.orig/contrib/sdb/ldap/ldapdb.c 2017-01-31 09:17:11.000000000 +0300 -+++ bind-9.11.0-P3/contrib/sdb/ldap/ldapdb.c 2017-02-16 09:35:06.651102492 +0300 -@@ -25,6 +25,7 @@ - /* Using LDAPv3 by default, change this if you want v2 */ - #ifndef LDAPDB_LDAP_VERSION - #define LDAPDB_LDAP_VERSION 3 -+#define LDAP_DEPRECATED 1 - #endif - - #include -diff -ruN bind-9.11.0-P3.orig/contrib/sdb/ldap/zone2ldap.c bind-9.11.0-P3/contrib/sdb/ldap/zone2ldap.c ---- bind-9.11.0-P3.orig/contrib/sdb/ldap/zone2ldap.c 2017-01-31 09:17:11.000000000 +0300 -+++ bind-9.11.0-P3/contrib/sdb/ldap/zone2ldap.c 2017-02-16 10:10:52.874053522 +0300 -@@ -13,6 +13,9 @@ - * ditched dNSDomain2 schema support. Version 0.3-ALPHA - */ - -+ -+#define LDAP_DEPRECATED 1 -+ - #include - #include - #include -@@ -24,6 +27,7 @@ - #include - #include - #include -+#include - #include - #include - -@@ -62,16 +66,19 @@ - ldap_info; - - /* usage Info */ --void usage (); -+void usage (void); -+ -+/* Check for existence of (and possibly add) containing dNSZone objects */ -+int lookup_dns_zones( ldap_info *ldinfo); - - /* Add to the ldap dit */ - void add_ldap_values (ldap_info * ldinfo); - - /* Init an ldap connection */ --void init_ldap_conn (); -+void init_ldap_conn (void); - - /* Ldap error checking */ --void ldap_result_check (char *msg, char *dn, int err); -+void ldap_result_check (const char *msg, char *dn, int err); - - /* Put a hostname into a char ** array */ - char **hostname_to_dn_list (char *hostname, char *zone, unsigned int flags); -@@ -80,14 +87,14 @@ - int get_attr_list_size (char **tmp); - - /* Get a DN */ --char *build_dn_from_dc_list (char **dc_list, unsigned int ttl, int flag); -+char *build_dn_from_dc_list (char **dc_list, unsigned int ttl, int flag, char *zone); - - /* Add to RR list */ - void add_to_rr_list (char *dn, char *name, char *type, char *data, - unsigned int ttl, unsigned int flags); - - /* Error checking */ --void isc_result_check (isc_result_t res, char *errorstr); -+void isc_result_check (isc_result_t res, const char *errorstr); - - /* Generate LDIF Format files */ - void generate_ldap (dns_name_t * dnsname, dns_rdata_t * rdata, -@@ -96,11 +103,33 @@ - /* head pointer to the list */ - ldap_info *ldap_info_base = NULL; - --char *argzone, *ldapbase, *binddn, *bindpw = NULL; --char *ldapsystem = "localhost"; --static char *objectClasses[] = -- { "top", "dNSZone", NULL }; --static char *topObjectClasses[] = { "top", NULL }; -+ldap_info * -+locate_by_dn (char *dn); -+void -+init_ldap_conn (); -+void usage(); -+ -+static char *argzone, *ldapbase, *binddn, *bindpw = NULL; -+ -+/* these are needed to placate gcc4's const-ness const-ernations : */ -+static char localhost[] = "localhost"; -+static char *ldapsystem=&(localhost[0]); -+/* dnszone schema class names: */ -+static char topClass [] ="top"; -+static char dNSZoneClass[] ="dNSZone"; -+static char objectClass [] ="objectClass"; -+static char dcObjectClass[]="dcObject"; -+/* dnszone schema attribute names: */ -+static char relativeDomainName[]="relativeDomainName"; -+static char dNSTTL []="dNSTTL"; -+static char zoneName []="zoneName"; -+static char dc []="dc"; -+static char sameZone []="@"; -+/* LDAPMod mod_values: */ -+static char *objectClasses []= { &(topClass[0]), &(dNSZoneClass[0]), NULL }; -+static char *topObjectClasses []= { &(topClass[0]), &(dcObjectClass[0]), &(dNSZoneClass[0]), NULL }; -+static char *dn_buffer [64]={NULL}; -+ - LDAP *conn; - unsigned int debug = 0; - -@@ -124,12 +153,12 @@ - isc_result_t result; - char *basedn; - ldap_info *tmp; -- LDAPMod *base_attrs[2]; -- LDAPMod base; -+ LDAPMod *base_attrs[5]; -+ LDAPMod base, dcBase, znBase, rdnBase; - isc_buffer_t buff; -- char *zonefile; -+ char *zonefile=0L; - char fullbasedn[1024]; -- char *ctmp; -+ char *ctmp, *zn, *dcp[2], *znp[2], *rdn[2]; - dns_fixedname_t fixedzone, fixedname; - dns_rdataset_t rdataset; - char **dc_list; -@@ -142,7 +171,7 @@ - extern char *optarg; - extern int optind, opterr, optopt; - int create_base = 0; -- int topt; -+ int topt, dcn, zdn, znlen; - - if (argc < 2) - { -@@ -150,7 +179,7 @@ - exit (-1); - } - -- while ((topt = getopt (argc, argv, "D:w:b:z:f:h:?dcv")) != -1) -+ while ((topt = getopt ((int) argc, argv, "D:Ww:b:z:f:h:?dcv")) != -1) - { - switch (topt) - { -@@ -173,6 +202,9 @@ - if (bindpw == NULL) - fatal("strdup"); - break; -+ case 'W': -+ bindpw = getpass("Enter LDAP Password: "); -+ break; - case 'b': - ldapbase = strdup (optarg); - if (ldapbase == NULL) -@@ -296,18 +328,54 @@ - printf ("Creating base zone DN %s\n", argzone); - - dc_list = hostname_to_dn_list (argzone, argzone, DNS_TOP); -- basedn = build_dn_from_dc_list (dc_list, 0, NO_SPEC); - -- for (ctmp = &basedn[strlen (basedn)]; ctmp >= &basedn[0]; ctmp--) -+ basedn = build_dn_from_dc_list (dc_list, 0, NO_SPEC, argzone); -+ if (debug) -+ printf ("base DN %s\n", basedn); -+ -+ for (ctmp = &basedn[strlen (basedn)], dcn=0; ctmp >= &basedn[0]; ctmp--) - { - if ((*ctmp == ',') || (ctmp == &basedn[0])) - { - base.mod_op = LDAP_MOD_ADD; -- base.mod_type = "objectClass"; -+ base.mod_type = objectClass; - base.mod_values = topObjectClasses; -- base_attrs[0] = &base; -- base_attrs[1] = NULL; - -+ base_attrs[0] = (void*)&base; -+ -+ dcBase.mod_op = LDAP_MOD_ADD; -+ dcBase.mod_type = dc; -+ dcp[0]=dc_list[dcn]; -+ dcp[1]=0L; -+ dcBase.mod_values=dcp; -+ base_attrs[1] = (void*)&dcBase; -+ -+ znBase.mod_op = LDAP_MOD_ADD; -+ znBase.mod_type = zoneName; -+ for( zdn = dcn, znlen = 0; zdn >= 0; zdn-- ) -+ znlen += strlen(dc_list[zdn])+1; -+ znp[0] = (char*)malloc(znlen+1); -+ znp[1] = 0L; -+ for( zdn = dcn, zn=znp[0]; zdn >= 0; zdn-- ) -+ zn+=sprintf(zn,"%s%s",dc_list[zdn], -+ ((zdn > 0) && (*(dc_list[zdn-1])!='.')) ? "." : "" -+ ); -+ -+ znBase.mod_values = znp; -+ base_attrs[2] = (void*)&znBase; -+ -+ rdnBase.mod_op = LDAP_MOD_ADD; -+ rdnBase.mod_type = relativeDomainName; -+ rdn[0] = strdup(sameZone); -+ rdn[1] = 0L; -+ rdnBase.mod_values = rdn; -+ base_attrs[3] = (void*)&rdnBase; -+ -+ dcn++; -+ -+ base.mod_values = topObjectClasses; -+ base_attrs[4] = NULL; -+ - if (ldapbase) - { - if (ctmp != &basedn[0]) -@@ -323,6 +391,10 @@ - else - sprintf (fullbasedn, "%s", ctmp); - } -+ -+ if( debug ) -+ printf("Full base dn: %s\n", fullbasedn); -+ - result = ldap_add_s (conn, fullbasedn, base_attrs); - ldap_result_check ("intial ldap_add_s", fullbasedn, result); - } -@@ -362,7 +434,7 @@ - * I should probably rename this function, as not to cause any - * confusion with the isc* routines. Will exit on error. */ - void --isc_result_check (isc_result_t res, char *errorstr) -+isc_result_check (isc_result_t res, const char *errorstr) - { - if (res != ISC_R_SUCCESS) - { -@@ -402,14 +474,14 @@ - isc_result_check (result, "dns_rdata_totext"); - data[isc_buffer_usedlength (&buff)] = 0; - -- dc_list = hostname_to_dn_list (name, argzone, DNS_OBJECT); -+ dc_list = hostname_to_dn_list ((char*)name, argzone, DNS_OBJECT); - len = (get_attr_list_size (dc_list) - 2); -- dn = build_dn_from_dc_list (dc_list, ttl, WI_SPEC); -+ dn = build_dn_from_dc_list (dc_list, ttl, WI_SPEC, argzone); - - if (debug) - printf ("Adding %s (%s %s) to run queue list.\n", dn, type, data); - -- add_to_rr_list (dn, dc_list[len], type, data, ttl, DNS_OBJECT); -+ add_to_rr_list (dn, dc_list[len], (char*)type, (char*)data, ttl, DNS_OBJECT); - } - - -@@ -450,6 +522,8 @@ - char ldap_type_buffer[128]; - char charttl[64]; - -+ char *zn; -+ int znlen; - - if ((tmp = locate_by_dn (dn)) == NULL) - { -@@ -469,14 +543,14 @@ - if (tmp->attrs == (LDAPMod **) NULL) - fatal("calloc"); - -- for (i = 0; i < flags; i++) -+ for (i = 0; i < (int)flags; i++) - { - tmp->attrs[i] = (LDAPMod *) malloc (sizeof (LDAPMod)); - if (tmp->attrs[i] == (LDAPMod *) NULL) - fatal("malloc"); - } - tmp->attrs[0]->mod_op = LDAP_MOD_ADD; -- tmp->attrs[0]->mod_type = "objectClass"; -+ tmp->attrs[0]->mod_type = objectClass; - - if (flags == DNS_OBJECT) - tmp->attrs[0]->mod_values = objectClasses; -@@ -491,7 +565,7 @@ - } - - tmp->attrs[1]->mod_op = LDAP_MOD_ADD; -- tmp->attrs[1]->mod_type = "relativeDomainName"; -+ tmp->attrs[1]->mod_type = relativeDomainName; - tmp->attrs[1]->mod_values = (char **) calloc (sizeof (char *), 2); - - if (tmp->attrs[1]->mod_values == (char **)NULL) -@@ -520,7 +594,7 @@ - fatal("strdup"); - - tmp->attrs[3]->mod_op = LDAP_MOD_ADD; -- tmp->attrs[3]->mod_type = "dNSTTL"; -+ tmp->attrs[3]->mod_type = dNSTTL; - tmp->attrs[3]->mod_values = (char **) calloc (sizeof (char *), 2); - - if (tmp->attrs[3]->mod_values == (char **)NULL) -@@ -533,14 +607,25 @@ - if (tmp->attrs[3]->mod_values[0] == NULL) - fatal("strdup"); - -+ znlen=strlen(gbl_zone); -+ if ( *(gbl_zone + (znlen-1)) == '.' ) -+ { /* ldapdb MUST search by relative zone name */ -+ zn = (char*)malloc(znlen); -+ strncpy(zn,gbl_zone,znlen-1); -+ *(zn + (znlen-1))='\0'; -+ }else -+ { -+ zn = gbl_zone; -+ } -+ - tmp->attrs[4]->mod_op = LDAP_MOD_ADD; -- tmp->attrs[4]->mod_type = "zoneName"; -+ tmp->attrs[4]->mod_type = zoneName; - tmp->attrs[4]->mod_values = (char **)calloc(sizeof(char *), 2); - - if (tmp->attrs[4]->mod_values == (char **)NULL) - fatal("calloc"); - -- tmp->attrs[4]->mod_values[0] = gbl_zone; -+ tmp->attrs[4]->mod_values[0] = zn; - tmp->attrs[4]->mod_values[1] = NULL; - - tmp->attrs[5] = NULL; -@@ -625,46 +710,72 @@ - hostname_to_dn_list (char *hostname, char *zone, unsigned int flags) - { - char *tmp; -- static char *dn_buffer[64]; - int i = 0; -- char *zname; -- char *hnamebuff; -- -- zname = strdup (hostname); -- if (zname == NULL) -- fatal("strdup"); -- -- if (flags == DNS_OBJECT) -- { -- -- if (strlen (zname) != strlen (zone)) -- { -- tmp = &zname[strlen (zname) - strlen (zone)]; -- *--tmp = '\0'; -- hnamebuff = strdup (zname); -- if (hnamebuff == NULL) -- fatal("strdup"); -- zname = ++tmp; -- } -- else -- hnamebuff = "@"; -- } -- else -- { -- zname = zone; -- hnamebuff = NULL; -- } -- -- for (tmp = strrchr (zname, '.'); tmp != (char *) 0; -- tmp = strrchr (zname, '.')) -- { -- *tmp++ = '\0'; -- dn_buffer[i++] = tmp; -- } -- dn_buffer[i++] = zname; -- dn_buffer[i++] = hnamebuff; - dn_buffer[i] = NULL; - -+ char *hname=0L, *last=0L; -+ int hlen=strlen(hostname), zlen=(strlen(zone)); -+ -+ /* printf("hostname: %s zone: %s\n",hostname, zone); */ -+ hname=0L; -+ if(flags == DNS_OBJECT) -+ { -+ if( (zone[ zlen - 1 ] == '.') && (hostname[hlen - 1] != '.') ) -+ { -+ hname=(char*)malloc(hlen + 1); -+ hlen += 1; -+ sprintf(hname, "%s.", hostname); -+ hostname = hname; -+ } -+ if(strcmp(hostname, zone) == 0) -+ { -+ if( hname == 0 ) -+ hname=strdup(hostname); -+ last = strdup(sameZone); -+ }else -+ { -+ if( (hlen < zlen) -+ ||( strcmp( hostname + (hlen - zlen), zone ) != 0) -+ ) -+ { -+ if( hname != 0 ) -+ free(hname); -+ hname=(char*)malloc( hlen + zlen + 1); -+ if( *zone == '.' ) -+ sprintf(hname, "%s%s", hostname, zone); -+ else -+ sprintf(hname,"%s",zone); -+ }else -+ { -+ if( hname == 0 ) -+ hname = strdup(hostname); -+ } -+ last = hname; -+ } -+ }else -+ { /* flags == DNS_TOP */ -+ hname = strdup(zone); -+ last = hname; -+ } -+ -+ for (tmp = strrchr (hname, '.'); tmp != (char *) 0; -+ tmp = strrchr (hname, '.')) -+ { -+ if( *( tmp + 1 ) != '\0' ) -+ { -+ *tmp = '\0'; -+ dn_buffer[i++] = ++tmp; -+ }else -+ { /* trailing '.' ! */ -+ dn_buffer[i++] = strdup("."); -+ *tmp = '\0'; -+ if( tmp == hname ) -+ break; -+ } -+ } -+ if( ( last != hname ) && (tmp != hname) ) -+ dn_buffer[i++] = hname; -+ dn_buffer[i++] = last; - return dn_buffer; - } - -@@ -674,24 +785,32 @@ - * exception of "@"/SOA. */ - - char * --build_dn_from_dc_list (char **dc_list, unsigned int ttl, int flag) -+build_dn_from_dc_list (char **dc_list, unsigned int ttl, int flag, char *zone) - { - int size; -- int x; -+ int x, znlen; - static char dn[1024]; - char tmp[128]; -+ char zn[DNS_NAME_MAXTEXT+1]; - - bzero (tmp, sizeof (tmp)); - bzero (dn, sizeof (dn)); - size = get_attr_list_size (dc_list); -+ znlen = strlen(zone); -+ if ( *(zone + (znlen-1)) == '.' ) -+ { /* ldapdb MUST search by relative zone name */ -+ memcpy(&(zn[0]),zone,znlen-1); -+ *(zn + (znlen-1))='\0'; -+ zone = zn; -+ } - for (x = size - 2; x > 0; x--) - { - if (flag == WI_SPEC) - { - if (x == (size - 2) && (strncmp (dc_list[x], "@", 1) == 0) && (ttl)) -- sprintf (tmp, "relativeDomainName=%s + dNSTTL=%d,", dc_list[x], ttl); -++ sprintf (tmp, "zoneName=%s + relativeDomainName=%s,", zone, dc_list[x]); - else if (x == (size - 2)) -- sprintf(tmp, "relativeDomainName=%s,",dc_list[x]); -++ sprintf(tmp, "zoneName=%s + relativeDomainName=%s,", zone, dc_list[x]); - else - sprintf(tmp,"dc=%s,", dc_list[x]); - } -@@ -717,6 +836,7 @@ - init_ldap_conn () - { - int result; -+ char ldb_tag[]="LDAP Bind"; - conn = ldap_open (ldapsystem, LDAP_PORT); - if (conn == NULL) - { -@@ -726,12 +846,12 @@ - } - - result = ldap_simple_bind_s (conn, binddn, bindpw); -- ldap_result_check ("ldap_simple_bind_s", "LDAP Bind", result); -+ ldap_result_check ("ldap_simple_bind_s", ldb_tag , result); - } - - /* Like isc_result_check, only for LDAP */ - void --ldap_result_check (char *msg, char *dn, int err) -+ldap_result_check (const char *msg, char *dn, int err) - { - if ((err != LDAP_SUCCESS) && (err != LDAP_ALREADY_EXISTS)) - { -@@ -770,5 +890,8 @@ - usage () - { - fprintf (stderr, -- "zone2ldap -D [BIND DN] -w [BIND PASSWORD] -b [BASE DN] -z [ZONE] -f [ZONE FILE] -h [LDAP HOST] " -- "[-c Create LDAP Base structure][-d Debug Output (lots !)] \n ");} -+ "zone2ldap -D [BIND DN] [-w BIND PASSWORD | -W:prompt] -b [BASE DN] -z [ZONE] -f [ZONE FILE] -h [LDAP HOST]\n" -+ "\t[-c Create LDAP Base structure][-d Debug Output (lots !)]\n " -+ ); -+} -+ diff --git a/net-dns/bind/files/bind-9.11.0_p5-dyndb-dlopen.patch b/net-dns/bind/files/bind-9.11.0_p5-dyndb-dlopen.patch deleted file mode 100644 index 5fc8f3c18..000000000 --- a/net-dns/bind/files/bind-9.11.0_p5-dyndb-dlopen.patch +++ /dev/null @@ -1,97 +0,0 @@ -From ae903759c205f8a5039458d780c0e0c4442b7291 Mon Sep 17 00:00:00 2001 -From: Mark Andrews -Date: Tue, 30 May 2017 11:31:34 +1000 -Subject: [PATCH] 4530. [bug] "dyndb" is dependent on dlopen - existing / being enabled. [RT #45291] - -From aa3a8979bc7eb1596d044eff572b3c35310584fa Mon Sep 17 00:00:00 2001 -From: Mark Andrews -Date: Tue, 30 May 2017 11:34:37 +1000 -Subject: [PATCH] 4530. [bug] "dyndb" is dependent on dlopen - existing / being enabled. [RT #45291] - -diff --git a/lib/dns/dyndb.c b/lib/dns/dyndb.c -index a477508..dec68a7 100644 ---- a/lib/dns/dyndb.c -+++ b/lib/dns/dyndb.c -@@ -80,7 +80,7 @@ impfind(const char *name) { - return (NULL); - } - --#if HAVE_DLFCN_H -+#if HAVE_DLFCN_H && HAVE_DLOPEN - static isc_result_t - load_symbol(void *handle, const char *filename, - const char *symbol_name, void **symbolp) ---- a/bin/named/server.c -+++ b/bin/named/server.c -@@ -1496,6 +1496,7 @@ configure_peer(const cfg_obj_t *cpeer, isc_mem_t *mctx, dns_peer_t **peerp) { - return (result); - } - -+#ifdef HAVE_DLOPEN - static isc_result_t - configure_dyndb(const cfg_obj_t *dyndb, isc_mem_t *mctx, - const dns_dyndbctx_t *dctx) -@@ -1521,6 +1522,7 @@ configure_dyndb(const cfg_obj_t *dyndb, isc_mem_t *mctx, - name, isc_result_totext(result)); - return (result); - } -+#endif - - - static isc_result_t -@@ -4669,6 +4671,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, - else - (void)cfg_map_get(config, "dyndb", &dyndb_list); - -+#ifdef HAVE_DLOPEN - for (element = cfg_list_first(dyndb_list); - element != NULL; - element = cfg_list_next(element)) -@@ -4686,6 +4689,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, - - CHECK(configure_dyndb(dyndb, mctx, dctx)); - } -+#endif - - /* - * Setup automatic empty zones. If recursion is off then -diff --git a/lib/bind9/check.c b/lib/bind9/check.c -index 097dd96..99b995c 100644 ---- a/lib/bind9/check.c -+++ b/lib/bind9/check.c -@@ -2988,6 +2988,9 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions, - { - const cfg_obj_t *zones = NULL; - const cfg_obj_t *keys = NULL; -+#ifndef HAVE_DLOPEN -+ const cfg_obj_t *dyndb = NULL; -+#endif - const cfg_listelt_t *element, *element2; - isc_symtab_t *symtab = NULL; - isc_result_t result = ISC_R_SUCCESS; -@@ -3041,6 +3044,20 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions, - result = ISC_R_FAILURE; - } - -+#ifndef HAVE_DLOPEN -+ if (voptions != NULL) -+ (void)cfg_map_get(voptions, "dyndb", &dyndb); -+ else -+ (void)cfg_map_get(config, "dyndb", &dyndb); -+ -+ if (dyndb != NULL) { -+ cfg_obj_log(dyndb, logctx, ISC_LOG_ERROR, -+ "dynamic loading of databases is not supported"); -+ if (tresult != ISC_R_SUCCESS) -+ result = ISC_R_NOTIMPLEMENTED; -+ } -+#endif -+ - /* - * Check that the response-policy and catalog-zones options - * refer to zones that exist. --- -2.9.0 - diff --git a/net-dns/bind/files/bind-9.14.8-sdb-ldap.patch b/net-dns/bind/files/bind-9.14.8-sdb-ldap.patch new file mode 100644 index 000000000..13739bc95 --- /dev/null +++ b/net-dns/bind/files/bind-9.14.8-sdb-ldap.patch @@ -0,0 +1,2466 @@ +diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in +index 40f506c..697059f 100644 +--- a/bin/named/Makefile.in ++++ b/bin/named/Makefile.in +@@ -30,10 +30,10 @@ VERSION=@BIND9_VERSION@ + # + # Add database drivers here. + # +-DBDRIVER_OBJS = +-DBDRIVER_SRCS = ++DBDRIVER_OBJS = ldapdb.@O@ ++DBDRIVER_SRCS = ldapdb.c + DBDRIVER_INCLUDES = +-DBDRIVER_LIBS = ++DBDRIVER_LIBS = -lldap -llber -ldb + + DLZ_DRIVER_DIR = ${top_srcdir}/contrib/dlz/drivers + +diff --git a/bin/named/main.c b/bin/named/main.c +index 15dbce2..ec96f14 100644 +--- a/bin/named/main.c ++++ b/bin/named/main.c +@@ -90,6 +90,7 @@ + * Include header files for database drivers here. + */ + /* #include "xxdb.h" */ ++#include "ldapdb.h" + + #ifdef CONTRIB_DLZ + /* +@@ -921,6 +922,8 @@ dump_symboltable(void) { + if (!isc_log_wouldlog(named_g_lctx, ISC_LOG_DEBUG(99))) + return; + ++ ldapdb_clear(); ++ + isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, + NAMED_LOGMODULE_MAIN, ISC_LOG_DEBUG(99), + "Symbol table:"); +@@ -1213,6 +1216,24 @@ setup(void) { + isc_result_totext(result)); + #endif + ++ result = ldapdb_init(); ++ if (result != ISC_R_SUCCESS) ++ { ++ isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, NAMED_LOGMODULE_MAIN, ++ ISC_LOG_ERROR, ++ "SDB ldap module initialisation failed: %s.", ++ isc_result_totext(result) ++ ); ++ isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, NAMED_LOGMODULE_MAIN, ++ ISC_LOG_ERROR, ++ "SDB ldap zone database will be unavailable." ++ ); ++ }else ++ isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, NAMED_LOGMODULE_MAIN, ++ ISC_LOG_NOTICE, "SDB ldap zone database module loaded." ++ ); ++ ++ + named_server_create(named_g_mctx, &named_g_server); + sctx = named_g_server->sctx; + +@@ -1282,6 +1303,8 @@ cleanup(void) { + + dns_name_destroy(); + ++ ldapdb_clear(); ++ + isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, + NAMED_LOGMODULE_MAIN, + ISC_LOG_NOTICE, "exiting"); +diff --git a/bin/tools/Makefile.in b/bin/tools/Makefile.in +index d153097..4de6ce3 100644 +--- a/bin/tools/Makefile.in ++++ b/bin/tools/Makefile.in +@@ -19,7 +19,7 @@ CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} ${ISCCFG_INCLUDES} \ + ${BIND9_INCLUDES} ${MAXMINDDB_CFLAGS} \ + @OPENSSL_INCLUDES@ + +-CDEFINES = -DVERSION=\"${VERSION}\" ++CDEFINES = -DVERSION=\"${VERSION}\" -DBIND9 + CWARNINGS = + + DNSLIBS = ../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@ +@@ -27,13 +27,18 @@ BIND9LIBS = ../../lib/bind9/libbind9.@A@ + ISCLIBS = ../../lib/isc/libisc.@A@ @OPENSSL_LIBS@ + ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LIBS@ + ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@ ++ISCCCLIBS = ../../lib/isccc/libisccc.@A@ + + DNSDEPLIBS = ../../lib/dns/libdns.@A@ + BIND9DEPLIBS = ../../lib/bind9/libbind9.@A@ + ISCDEPLIBS = ../../lib/isc/libisc.@A@ + ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@ ++ISCCCDEPLIBS = ../../lib/isccc/libisccc.@A@ + +-LIBS = ${ISCLIBS} @LIBS@ ++DEPLIBS = ${LWRESDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \ ++ ${ISCCFGDEPLIBS} ${ISCCCDEPLIBS} ${ISCDEPLIBS} ++LIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \ ++ ${ISCCFGLIBS} ${ISCCCLIBS} ${ISCLIBS} ${DBDRIVER_LIBS} @LIBS@ + NOSYMLIBS = ${ISCNOSYMLIBS} @LIBS@ + + SUBDIRS = +@@ -43,17 +48,19 @@ NZDTARGETS = named-nzd2nzf@EXEEXT@ + TARGETS = arpaname@EXEEXT@ named-journalprint@EXEEXT@ \ + named-rrchecker@EXEEXT@ nsec3hash@EXEEXT@ \ + mdig@EXEEXT@ \ +- @DNSTAPTARGETS@ @NZDTARGETS@ ++ @DNSTAPTARGETS@ @NZDTARGETS@ ldap2zone@EXEEXT@ \ ++ zone2ldap@EXEEXT@ + + DNSTAPSRCS = dnstap-read.c + NZDSRCS = named-nzd2nzf.c + SRCS = arpaname.c named-journalprint.c named-rrchecker.c \ + nsec3hash.c mdig.c \ +- @DNSTAPSRCS@ @NZDSRCS@ ++ @DNSTAPSRCS@ @NZDSRCS@ ldap2zone.c zone2ldap.c + + MANPAGES = arpaname.1 dnstap-read.1 \ + mdig.1 named-journalprint.8 \ +- named-nzd2nzf.8 named-rrchecker.1 nsec3hash.8 ++ named-nzd2nzf.8 named-rrchecker.1 nsec3hash.8 \ ++ ldap2zone.1 zone2ldap.1 + + HTMLPAGES = arpaname.html dnstap-read.html \ + mdig.html named-journalprint.html \ +@@ -97,6 +104,12 @@ named-nzd2nzf@EXEEXT@: named-nzd2nzf.@O@ ${NZDDEPLIBS} + export LIBS0="${ISCCFGLIBS} ${ISCCCLIBS} ${BIND9LIBS} ${DNSLIBS}"; \ + ${FINALBUILDCMD} + ++ldap2zone@EXEEXT@: ldap2zone.@O@ ${DEPLIBS} ++ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ ldap2zone.@O@ -lldap -llber ${LIBS} ++ ++zone2ldap@EXEEXT@: zone2ldap.@O@ ${DEPLIBS} ++ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ zone2ldap.@O@ -lldap -llber ${LIBS} ++ + doc man:: ${MANOBJS} + + docclean manclean maintainer-clean:: +@@ -129,7 +142,11 @@ install:: ${TARGETS} installdirs @DNSTAP@ @NZD_TOOLS@ + ${DESTDIR}${sbindir} + ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} mdig@EXEEXT@ \ + ${DESTDIR}${bindir} ++ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zone2ldap@EXEEXT@ ${DESTDIR}${sbindir} ++ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} ldap2zone@EXEEXT@ ${DESTDIR}${sbindir} + ${INSTALL_DATA} ${srcdir}/arpaname.1 ${DESTDIR}${mandir}/man1 ++ ${INSTALL_DATA} ${srcdir}/zone2ldap.1 ${DESTDIR}${mandir}/man1 ++ ${INSTALL_DATA} ${srcdir}/ldap2zone.1 ${DESTDIR}${mandir}/man1 + ${INSTALL_DATA} ${srcdir}/named-journalprint.8 ${DESTDIR}${mandir}/man8 + ${INSTALL_DATA} ${srcdir}/named-rrchecker.1 ${DESTDIR}${mandir}/man1 + ${INSTALL_DATA} ${srcdir}/nsec3hash.8 ${DESTDIR}${mandir}/man8 +diff --git a/contrib/sdb/ldap/INSTALL.ldap b/contrib/sdb/ldap/INSTALL.ldap +new file mode 100644 +index 0000000..9151129 +--- /dev/null ++++ b/contrib/sdb/ldap/INSTALL.ldap +@@ -0,0 +1,83 @@ ++This is the INSTALL file for 1.0-beta. See ++http://www.venaas.no/ldap/bind-sdb/ for updates or other information. ++ ++BUILDING ++ ++You need the source for BIND 9.1.0 or newer (for zone transfers you ++will need at least 9.1.1rc3 due to a bug). Basically you need to follow ++the instructions in doc/misc/sdb, if my instructions don't make sense, ++please have a look at those as well. ++ ++Copy ldapdb.c to bin/named and ldapdb.h to bin/named/include in the ++source tree. ++ ++Next alter bin/named/Makefile.in. Add ldapdb.@O@ to DBDRIVER_OBJS and ++ldapdb.c to DBDRIVER_SRCS. You also need to add something like ++-I/usr/local/include to DBDRIVER_INCLUDES and ++-L/usr/local/lib -lldap -llber -lresolv to DBDRIVER_LIBS ++depending on what LDAP library you have and where you installed it. ++ ++Finally you need to edit bin/named/main.c. Below where it says ++"#include "xxdb.h"", add the line "#include ". Below where ++it says "xxdb_init();" add the line "ldapdb_init();", and finally ++below where it says "xxdb_clear();", add "ldapdb_clear();". ++ ++Now you should hopefully be able to build as usual; first configure ++and then make. If you get an error message about ldap_memfree() not ++being defined, you're probably using an LDAP library with the ++interface defined in RFC 1823. To build, uncomment the "#define ++LDAPDB_RFC1823API" line near the top of ldapdb.c. ++ ++Also, if you're using an LDAPv2 only server, you need to change ++the line "#define LDAPDB_LDAP_VERSION 3" in ldapdb.c. Simply ++replace 3 with 2. Instead of editing the file, you may define ++LDAPDB_LDAP_VERSION yourself. ++ ++If you want to use TLS, you need to uncommed the #define LDAPDB_TLS" ++line near the top of ldapdb.c. ++ ++CONFIGURING ++ ++Before you do any configuring of LDAP stuff, please try to configure ++and start bind as usual to see if things work. ++ ++To do anything useful, you need to store a zone in some LDAP server. ++You must use a schema called dNSZone. Note that it relies on some ++attribute definitions in the Cosine schema, so that must be included ++as well. The Cosine schema probably comes with your LDAP server. You ++can find dNSZone and further details on how to store the data in your ++LDAP server at http://www.venaas.no/ldap/bind-sdb/ ++ ++To make BIND use a zone stored in LDAP, you will have to put something ++like this in named.conf: ++ ++zone "venaas.com" { ++ type master; ++ database "ldap ldap://158.38.160.245/dc=venaas,dc=com,o=DNS,dc=venaas,dc=no 172800"; ++}; ++ ++When doing lookups BIND will do a sub-tree search below the base in the ++URL. The number 172800 is the TTL which will be used for all entries that ++haven't got the dNSTTL attribute. It is also possible to add a filter to ++the URL, say "ldap://host/base???(o=internal)". ++ ++Version 1.0 also has support for simple LDAP bind, that is, binding to ++LDAP using plain text authentication. The bind dn and password is coded ++into the URL as extensions, according to RFC 2255. If you want simple ++bind with say dn "cn=Manager,dc=venaas,dc=no" and password "secret", the ++URL will be something like this: ++ ++ldap://158.38.160.245/dc=venaas,dc=com,o=DNS,dc=venaas,dc=no????!bindname=cn=Manager%2cdc=venaas%2cdc=no,!x-bindpw=secret ++ ++This URL may also include a filter part if you need it. Note that in ++the bind dn, "," is hex-escaped as "%2c". This is necessary since "," ++is the separator between the extension elements. The "!" in front of ++"bindname" and "x-bindpw" can be omitted if you prefer. "x-bindpw" is ++not standardized, but it's used by several other LDAP applications. See ++RFC 2255 for details. ++ ++Finally, if you enabled TLS when compiling, you can also use TLS if ++you like. To do this you use the extension "x-tls", e.g. ++ldap://158.38.160.245/dc=venaas,dc=com,o=DNS,dc=venaas,dc=no????!bindname=cn=Manager%2cdc=venaas%2cdc=no,!x-bindpw=secret,x-tls ++ ++Stig Venaas 2004-08-15 +diff --git a/contrib/sdb/ldap/README.ldap b/contrib/sdb/ldap/README.ldap +new file mode 100644 +index 0000000..b4ea18a +--- /dev/null ++++ b/contrib/sdb/ldap/README.ldap +@@ -0,0 +1,48 @@ ++This is an attempt at an LDAP back-end for BIND 9 using the new simplified ++database interface "sdb". This is release 1.0-beta and should be pretty ++stable. Note that since version 0.4 a new schema is used. It is not ++backwards compatible with versions before 0.4. ++ ++1.0-beta fixes a large memory leak. An extension x-tls for enabling TLS ++has been added. ++ ++1.0-alpha uses LDAPv3 by default and also supports LDAP simple bind. That ++is, one can use plain text password for authentication. The bind dn and ++password is coded into the URL using extensions bindname and x-bindpw ++per RFC 2255. ++ ++In 0.9 the code has been cleaned up a bit and should be slightly faster ++than previous versions. It also fixes an error with zone transfers (AXFR) ++and entries with multiple relativeDomainName values. The problem was ++that it would only use the first value in the result. There's no need ++to upgrade unless you use such entries. ++ ++0.8 uses asynchronous LDAP search which should give better performance. ++Thanks to Ashley Burston for providing patch. Another new feature is ++allowing filters in URLs. The syntax is as in RFC 2255. Few people will ++need this, but if you have say an internal and external version of the ++same zone, you could stick say o=internal and o=external into different ++entries, and specify for instance ldap://host/base???(o=internal) ++Some error logging has also been added. ++ ++0.7 allows space and other characters to be used in URLs by use of %-quoting. ++For instance space can be written as %20. It also fixes a problem with some ++servers and/or APIs that do not preserve attribute casing. ++ ++0.6 fixes some memory leaks present in older versions unless compiled with ++the RFC 1823 API. ++ ++The big changes in 0.5 are thread support and improved connection handling. ++Multiple threads can now access the back-end simultaneously, and rather than ++having one connection per zone, there is now one connection per thread per ++LDAP server. This should help people with multiple CPUs and people with a ++huge number of zones. One final change is support for literal IPv6 addresses ++in LDAP URLs. At least OpenLDAP 2 has IPv6 support, so if you use OpenLDAP 2 ++libraries and server, you got all you need. ++ ++If you have bug reports, fixes, comments, questions or whatever, please ++contact me. See also http://www.venaas.no/ldap/bind-sdb/ for information. ++ ++See INSTALL for how to build, install and use. ++ ++Stig Venaas 2004-08-15 +diff --git a/contrib/sdb/ldap/README.zone2ldap b/contrib/sdb/ldap/README.zone2ldap +new file mode 100644 +index 0000000..dacb56b +--- /dev/null ++++ b/contrib/sdb/ldap/README.zone2ldap +@@ -0,0 +1,17 @@ ++INSTALLATION ++ ++To Compile zone2ldap from contrib/sdb directory: ++ ++ gcc -g `../../../isc-config.sh --cflags isc dns` -c zone2ldap.c ++ gcc -g -o zone2ldap zone2ldap.o `../../../isc-config.sh --libs isc dns` -lldap -llber -lresolv ++ ++USAGE: ++ ++See zone2ldap.1 ++ ++BUGS: ++ ++Jeff McNeil ++ ++ ++ +diff --git a/contrib/sdb/ldap/ldap2zone.1 b/contrib/sdb/ldap/ldap2zone.1 +new file mode 100644 +index 0000000..a48c69f +--- /dev/null ++++ b/contrib/sdb/ldap/ldap2zone.1 +@@ -0,0 +1,41 @@ ++.\" Copyright (C) 2004, 2005 Stig Venaas ++.\" ++.\" Permission to use, copy, modify, and distribute this software for any ++.\" purpose with or without fee is hereby granted, provided that the above ++.\" copyright notice and this permission notice appear in all copies. ++.\" Manpage written by Jan Gorig ++.TH ldap2zone 1 "15 March 2010" "BIND9" ++.SH NAME ++ldap2zone - Creates zone file from LDAP dnszone information ++.SH SYNOPSIS ++.B ldap2zone zone-name LDAP-URL default-ttl [serial] ++.SH DESCRIPTION ++ldap2zone is a tool that reads info for a zone from LDAP and constructs a standard plain ascii zone file that is written to the standard output. The LDAP information has to be stored using the dnszone schema. The schema is used by BIND with LDAP back-end. ++ ++\fBzone-name\fR ++.RS 4 ++Name of the zone, eg "mydomain.net." ++.RE ++.PP ++\fBLDAP-URL\fR ++.RS 4 ++LDAP URL to dnszone information ++.RE ++.PP ++\fBdefault-ttl\fR ++.RS 4 ++Default TTL value to be used in zone ++.RE ++.PP ++\fBserial\fR ++.RS 4 ++(optional) Program checks this number to be different than SOA serial number. ++.RE ++ ++.SH "EXIT STATUS" ++Exits with 0 on success or 1 on failure. ++.SH "SEE ALSO" ++named(8) ldap(3) ++http://www.venaas.no/dns/ldap2zone/ ++.SH "COPYRIGHT" ++Copyright (C) 2004, 2005 Stig Venaas +diff --git a/contrib/sdb/ldap/ldap2zone.c b/contrib/sdb/ldap/ldap2zone.c +new file mode 100644 +index 0000000..80e7919 +--- /dev/null ++++ b/contrib/sdb/ldap/ldap2zone.c +@@ -0,0 +1,411 @@ ++/* ++ * Copyright (C) 2004, 2005 Stig Venaas ++ * $Id: ldap2zone.c,v 1.1 2007/07/24 15:18:00 atkac Exp $ ++ * ++ * Permission to use, copy, modify, and distribute this software for any ++ * purpose with or without fee is hereby granted, provided that the above ++ * copyright notice and this permission notice appear in all copies. ++ */ ++ ++#define LDAP_DEPRECATED 1 ++ ++#include ++#include ++#include ++#include ++ ++#include ++ ++struct string { ++ void *data; ++ size_t len; ++}; ++ ++struct assstack_entry { ++ struct string key; ++ struct string val; ++ struct assstack_entry *next; ++}; ++ ++struct assstack_entry *assstack_find(struct assstack_entry *stack, struct string *key); ++void assstack_push(struct assstack_entry **stack, struct assstack_entry *item); ++void assstack_insertbottom(struct assstack_entry **stack, struct assstack_entry *item); ++void printsoa(struct string *soa); ++void printrrs(char *defaultttl, struct assstack_entry *item); ++void print_zone(char *defaultttl, struct assstack_entry *stack); ++void usage(char *name); ++void err(char *name, const char *msg); ++int putrr(struct assstack_entry **stack, struct berval *name, char *type, char *ttl, struct berval *val); ++ ++struct assstack_entry *assstack_find(struct assstack_entry *stack, struct string *key) { ++ for (; stack; stack = stack->next) ++ if (stack->key.len == key->len && !memcmp(stack->key.data, key->data, key->len)) ++ return stack; ++ return NULL; ++} ++ ++void assstack_push(struct assstack_entry **stack, struct assstack_entry *item) { ++ item->next = *stack; ++ *stack = item; ++} ++ ++void assstack_insertbottom(struct assstack_entry **stack, struct assstack_entry *item) { ++ struct assstack_entry *p; ++ ++ item->next = NULL; ++ if (!*stack) { ++ *stack = item; ++ return; ++ } ++ /* find end, should keep track of end somewhere */ ++ /* really a queue, not a stack */ ++ p = *stack; ++ while (p->next) ++ p = p->next; ++ p->next = item; ++} ++ ++void printsoa(struct string *soa) { ++ char *s; ++ size_t i; ++ ++ s = (char *)soa->data; ++ i = 0; ++ while (i < soa->len) { ++ putchar(s[i]); ++ if (s[i++] == ' ') ++ break; ++ } ++ while (i < soa->len) { ++ putchar(s[i]); ++ if (s[i++] == ' ') ++ break; ++ } ++ printf("(\n\t\t\t\t"); ++ while (i < soa->len) { ++ putchar(s[i]); ++ if (s[i++] == ' ') ++ break; ++ } ++ printf("; Serialnumber\n\t\t\t\t"); ++ while (i < soa->len) { ++ if (s[i] == ' ') ++ break; ++ putchar(s[i++]); ++ } ++ i++; ++ printf("\t; Refresh\n\t\t\t\t"); ++ while (i < soa->len) { ++ if (s[i] == ' ') ++ break; ++ putchar(s[i++]); ++ } ++ i++; ++ printf("\t; Retry\n\t\t\t\t"); ++ while (i < soa->len) { ++ if (s[i] == ' ') ++ break; ++ putchar(s[i++]); ++ } ++ i++; ++ printf("\t; Expire\n\t\t\t\t"); ++ while (i < soa->len) { ++ putchar(s[i++]); ++ } ++ printf(" )\t; Minimum TTL\n"); ++} ++ ++void printrrs(char *defaultttl, struct assstack_entry *item) { ++ struct assstack_entry *stack; ++ char *s; ++ int first; ++ size_t i; ++ char *ttl, *type; ++ int top; ++ ++ s = (char *)item->key.data; ++ ++ if (item->key.len == 1 && *s == '@') { ++ top = 1; ++ printf("@\t"); ++ } else { ++ top = 0; ++ for (i = 0; i < item->key.len; i++) ++ putchar(s[i]); ++ if (item->key.len < 8) ++ putchar('\t'); ++ putchar('\t'); ++ } ++ ++ first = 1; ++ for (stack = (struct assstack_entry *) item->val.data; stack; stack = stack->next) { ++ ttl = (char *)stack->key.data; ++ s = strchr(ttl, ' '); ++ *s++ = '\0'; ++ type = s; ++ ++ if (first) ++ first = 0; ++ else ++ printf("\t\t"); ++ ++ if (strcmp(defaultttl, ttl)) ++ printf("%s", ttl); ++ putchar('\t'); ++ ++ if (top) { ++ top = 0; ++ printf("IN\t%s\t", type); ++ /* Should always be SOA here */ ++ if (!strcmp(type, "SOA")) { ++ printsoa(&stack->val); ++ continue; ++ } ++ } else ++ printf("%s\t", type); ++ ++ s = (char *)stack->val.data; ++ for (i = 0; i < stack->val.len; i++) ++ putchar(s[i]); ++ putchar('\n'); ++ } ++} ++ ++void print_zone(char *defaultttl, struct assstack_entry *stack) { ++ printf("$TTL %s\n", defaultttl); ++ for (; stack; stack = stack->next) ++ printrrs(defaultttl, stack); ++}; ++ ++void usage(char *name) { ++ fprintf(stderr, "Usage:%s zone-name LDAP-URL default-ttl [serial]\n", name); ++ exit(1); ++}; ++ ++void err(char *name, const char *msg) { ++ fprintf(stderr, "%s: %s\n", name, msg); ++ exit(1); ++}; ++ ++int putrr(struct assstack_entry **stack, struct berval *name, char *type, char *ttl, struct berval *val) { ++ struct string key; ++ struct assstack_entry *rr, *rrdata; ++ ++ /* Do nothing if name or value have 0 length */ ++ if (!name->bv_len || !val->bv_len) ++ return 0; ++ ++ /* see if already have an entry for this name */ ++ key.len = name->bv_len; ++ key.data = name->bv_val; ++ ++ rr = assstack_find(*stack, &key); ++ if (!rr) { ++ /* Not found, create and push new entry */ ++ rr = (struct assstack_entry *) malloc(sizeof(struct assstack_entry)); ++ if (!rr) ++ return -1; ++ rr->key.len = name->bv_len; ++ rr->key.data = (void *) malloc(rr->key.len); ++ if (!rr->key.data) { ++ free(rr); ++ return -1; ++ } ++ memcpy(rr->key.data, name->bv_val, name->bv_len); ++ rr->val.len = sizeof(void *); ++ rr->val.data = NULL; ++ if (name->bv_len == 1 && *(char *)name->bv_val == '@') ++ assstack_push(stack, rr); ++ else ++ assstack_insertbottom(stack, rr); ++ } ++ ++ rrdata = (struct assstack_entry *) malloc(sizeof(struct assstack_entry)); ++ if (!rrdata) { ++ free(rr->key.data); ++ free(rr); ++ return -1; ++ } ++ rrdata->key.len = strlen(type) + strlen(ttl) + 1; ++ rrdata->key.data = (void *) malloc(rrdata->key.len); ++ if (!rrdata->key.data) { ++ free(rrdata); ++ free(rr->key.data); ++ free(rr); ++ return -1; ++ } ++ sprintf((char *)rrdata->key.data, "%s %s", ttl, type); ++ ++ rrdata->val.len = val->bv_len; ++ rrdata->val.data = (void *) malloc(val->bv_len); ++ if (!rrdata->val.data) { ++ free(rrdata->key.data); ++ free(rrdata); ++ free(rr->key.data); ++ free(rr); ++ return -1; ++ } ++ memcpy(rrdata->val.data, val->bv_val, val->bv_len); ++ ++ if (!strcmp(type, "SOA")) ++ assstack_push((struct assstack_entry **) &(rr->val.data), rrdata); ++ else ++ assstack_insertbottom((struct assstack_entry **) &(rr->val.data), rrdata); ++ return 0; ++} ++ ++int main(int argc, char **argv) { ++ char *s, *hostporturl, *base = NULL; ++ char *ttl, *defaultttl; ++ LDAP *ld; ++ char *fltr = NULL; ++ LDAPMessage *res, *e; ++ char *a, **ttlvals, **soavals, *serial; ++ struct berval **vals, **names; ++ char type[64]; ++ BerElement *ptr; ++ int i, j, rc, msgid; ++ struct assstack_entry *zone = NULL; ++ ++ if (argc < 4 || argc > 5) ++ usage(argv[0]); ++ ++ hostporturl = argv[2]; ++ ++ if (hostporturl != strstr( hostporturl, "ldap")) ++ err(argv[0], "Not an LDAP URL"); ++ ++ s = strchr(hostporturl, ':'); ++ ++ if (!s || strlen(s) < 3 || s[1] != '/' || s[2] != '/') ++ err(argv[0], "Not an LDAP URL"); ++ ++ s = strchr(s+3, '/'); ++ if (s) { ++ *s++ = '\0'; ++ base = s; ++ s = strchr(base, '?'); ++ if (s) ++ err(argv[0], "LDAP URL can only contain host, port and base"); ++ } ++ ++ defaultttl = argv[3]; ++ ++ rc = ldap_initialize(&ld, hostporturl); ++ if (rc != LDAP_SUCCESS) ++ err(argv[0], "ldap_initialize() failed"); ++ ++ if (argc == 5) { ++ /* serial number specified, check if different from one in SOA */ ++ fltr = (char *)malloc(strlen(argv[1]) + strlen("(&(relativeDomainName=@)(zoneName=))") + 1); ++ sprintf(fltr, "(&(relativeDomainName=@)(zoneName=%s))", argv[1]); ++ msgid = ldap_search(ld, base, LDAP_SCOPE_SUBTREE, fltr, NULL, 0); ++ if (msgid == -1) ++ err(argv[0], "ldap_search() failed"); ++ ++ while ((rc = ldap_result(ld, msgid, 0, NULL, &res)) != LDAP_RES_SEARCH_RESULT ) { ++ /* not supporting continuation references at present */ ++ if (rc != LDAP_RES_SEARCH_ENTRY) ++ err(argv[0], "ldap_result() returned cont.ref? Exiting"); ++ ++ /* only one entry per result message */ ++ e = ldap_first_entry(ld, res); ++ if (e == NULL) { ++ ldap_msgfree(res); ++ err(argv[0], "ldap_first_entry() failed"); ++ } ++ ++ soavals = ldap_get_values(ld, e, "SOARecord"); ++ if (soavals) ++ break; ++ } ++ ++ ldap_msgfree(res); ++ if (!soavals) { ++ err(argv[0], "No SOA Record found"); ++ } ++ ++ /* We have a SOA, compare serial numbers */ ++ /* Only checkinf first value, should be only one */ ++ s = strchr(soavals[0], ' '); ++ s++; ++ s = strchr(s, ' '); ++ s++; ++ serial = s; ++ s = strchr(s, ' '); ++ *s = '\0'; ++ if (!strcmp(serial, argv[4])) { ++ ldap_value_free(soavals); ++ err(argv[0], "serial numbers match"); ++ } ++ ldap_value_free(soavals); ++ } ++ ++ if (!fltr) ++ fltr = (char *)malloc(strlen(argv[1]) + strlen("(zoneName=)") + 1); ++ if (!fltr) ++ err(argv[0], "Malloc failed"); ++ sprintf(fltr, "(zoneName=%s)", argv[1]); ++ ++ msgid = ldap_search(ld, base, LDAP_SCOPE_SUBTREE, fltr, NULL, 0); ++ if (msgid == -1) ++ err(argv[0], "ldap_search() failed"); ++ ++ while ((rc = ldap_result(ld, msgid, 0, NULL, &res)) != LDAP_RES_SEARCH_RESULT ) { ++ /* not supporting continuation references at present */ ++ if (rc != LDAP_RES_SEARCH_ENTRY) ++ err(argv[0], "ldap_result() returned cont.ref? Exiting"); ++ ++ /* only one entry per result message */ ++ e = ldap_first_entry(ld, res); ++ if (e == NULL) { ++ ldap_msgfree(res); ++ err(argv[0], "ldap_first_entry() failed"); ++ } ++ ++ names = ldap_get_values_len(ld, e, "relativeDomainName"); ++ if (!names) ++ continue; ++ ++ ttlvals = ldap_get_values(ld, e, "dNSTTL"); ++ ttl = ttlvals ? ttlvals[0] : defaultttl; ++ ++ for (a = ldap_first_attribute(ld, e, &ptr); a != NULL; a = ldap_next_attribute(ld, e, ptr)) { ++ char *s; ++ ++ for (s = a; *s; s++) ++ *s = toupper(*s); ++ s = strstr(a, "RECORD"); ++ if ((s == NULL) || (s == a) || (s - a >= (signed int)sizeof(type))) { ++ ldap_memfree(a); ++ continue; ++ } ++ ++ strncpy(type, a, s - a); ++ type[s - a] = '\0'; ++ vals = ldap_get_values_len(ld, e, a); ++ if (vals) { ++ for (i = 0; vals[i]; i++) ++ for (j = 0; names[j]; j++) ++ if (putrr(&zone, names[j], type, ttl, vals[i])) ++ err(argv[0], "malloc failed"); ++ ldap_value_free_len(vals); ++ } ++ ldap_memfree(a); ++ } ++ ++ if (ptr) ++ ber_free(ptr, 0); ++ if (ttlvals) ++ ldap_value_free(ttlvals); ++ ldap_value_free_len(names); ++ /* free this result */ ++ ldap_msgfree(res); ++ } ++ ++ /* free final result */ ++ ldap_msgfree(res); ++ ++ print_zone(defaultttl, zone); ++ return 0; ++} +diff --git a/contrib/sdb/ldap/ldapdb.c b/contrib/sdb/ldap/ldapdb.c +new file mode 100644 +index 0000000..4c1e90c +--- /dev/null ++++ b/contrib/sdb/ldap/ldapdb.c +@@ -0,0 +1,691 @@ ++/* ++ * ldapdb.c version 1.0-beta ++ * ++ * Copyright (C) 2002, 2004 Stig Venaas ++ * ++ * Permission to use, copy, modify, and distribute this software for any ++ * purpose with or without fee is hereby granted, provided that the above ++ * copyright notice and this permission notice appear in all copies. ++ * ++ * Contributors: Jeremy C. McDermond ++ */ ++ ++/* ++ * If you want to use TLS, uncomment the define below ++ */ ++/* #define LDAPDB_TLS */ ++ ++/* ++ * If you are using an old LDAP API uncomment the define below. Only do this ++ * if you know what you're doing or get compilation errors on ldap_memfree(). ++ * This also forces LDAPv2. ++ */ ++/* #define LDAPDB_RFC1823API */ ++ ++/* Using LDAPv3 by default, change this if you want v2 */ ++#ifndef LDAPDB_LDAP_VERSION ++#define LDAPDB_LDAP_VERSION 3 ++#define LDAP_DEPRECATED 1 ++#endif ++ ++#include ++ ++#include ++#include ++#include ++#include ++ ++#include ++#include ++#include ++#include ++#include ++ ++#include ++ ++#include ++#include ++ ++#include ++#include "ldapdb.h" ++ ++/* ++ * A simple database driver for LDAP ++ */ ++ ++/* enough for name with 8 labels of max length */ ++#define MAXNAMELEN 519 ++ ++static dns_sdbimplementation_t *ldapdb = NULL; ++ ++struct ldapdb_data { ++ char *hostport; ++ char *hostname; ++ int portno; ++ char *base; ++ int defaultttl; ++ char *filterall; ++ int filteralllen; ++ char *filterone; ++ int filteronelen; ++ char *filtername; ++ char *bindname; ++ char *bindpw; ++#ifdef LDAPDB_TLS ++ int tls; ++#endif ++}; ++ ++/* used by ldapdb_getconn */ ++ ++struct ldapdb_entry { ++ void *index; ++ size_t size; ++ void *data; ++ struct ldapdb_entry *next; ++}; ++ ++static struct ldapdb_entry *ldapdb_find(struct ldapdb_entry *stack, ++ const void *index, size_t size) { ++ while (stack != NULL) { ++ if (stack->size == size && !memcmp(stack->index, index, size)) ++ return stack; ++ stack = stack->next; ++ } ++ return NULL; ++} ++ ++static void ldapdb_insert(struct ldapdb_entry **stack, ++ struct ldapdb_entry *item) { ++ item->next = *stack; ++ *stack = item; ++} ++ ++static void ldapdb_lock(int what) { ++ static isc_mutex_t lock; ++ ++ switch (what) { ++ case 0: ++ isc_mutex_init(&lock); ++ break; ++ case 1: ++ LOCK(&lock); ++ break; ++ case -1: ++ UNLOCK(&lock); ++ break; ++ } ++} ++ ++/* data == NULL means cleanup */ ++static LDAP ** ++ldapdb_getconn(struct ldapdb_data *data) ++{ ++ static struct ldapdb_entry *allthreadsdata = NULL; ++ struct ldapdb_entry *threaddata, *conndata; ++ unsigned long threadid; ++ ++ if (data == NULL) { ++ /* cleanup */ ++ /* lock out other threads */ ++ ldapdb_lock(1); ++ while (allthreadsdata != NULL) { ++ threaddata = allthreadsdata; ++ free(threaddata->index); ++ while (threaddata->data != NULL) { ++ conndata = threaddata->data; ++ if (conndata->data != NULL) ++ ldap_unbind((LDAP *)conndata->data); ++ threaddata->data = conndata->next; ++ free(conndata); ++ } ++ allthreadsdata = threaddata->next; ++ free(threaddata); ++ } ++ ldapdb_lock(-1); ++ return (NULL); ++ } ++ ++ /* look for connection data for current thread */ ++ threadid = isc_thread_self(); ++ threaddata = ldapdb_find(allthreadsdata, &threadid, sizeof(threadid)); ++ if (threaddata == NULL) { ++ /* no data for this thread, create empty connection list */ ++ threaddata = malloc(sizeof(*threaddata)); ++ if (threaddata == NULL) ++ return (NULL); ++ threaddata->index = malloc(sizeof(threadid)); ++ if (threaddata->index == NULL) { ++ free(threaddata); ++ return (NULL); ++ } ++ *(unsigned long *)threaddata->index = threadid; ++ threaddata->size = sizeof(threadid); ++ threaddata->data = NULL; ++ ++ /* need to lock out other threads here */ ++ ldapdb_lock(1); ++ ldapdb_insert(&allthreadsdata, threaddata); ++ ldapdb_lock(-1); ++ } ++ ++ /* threaddata points at the connection list for current thread */ ++ /* look for existing connection to our server */ ++ conndata = ldapdb_find((struct ldapdb_entry *)threaddata->data, ++ data->hostport, strlen(data->hostport)); ++ if (conndata == NULL) { ++ /* no connection data structure for this server, create one */ ++ conndata = malloc(sizeof(*conndata)); ++ if (conndata == NULL) ++ return (NULL); ++ conndata->index = data->hostport; ++ conndata->size = strlen(data->hostport); ++ conndata->data = NULL; ++ ldapdb_insert((struct ldapdb_entry **)&threaddata->data, ++ conndata); ++ } ++ ++ return (LDAP **)&conndata->data; ++} ++ ++static void ++ldapdb_bind(struct ldapdb_data *data, LDAP **ldp) ++{ ++#ifndef LDAPDB_RFC1823API ++ const int ver = LDAPDB_LDAP_VERSION; ++#endif ++ ++ if (*ldp != NULL) ++ ldap_unbind(*ldp); ++ *ldp = ldap_open(data->hostname, data->portno); ++ if (*ldp == NULL) ++ return; ++ ++#ifndef LDAPDB_RFC1823API ++ ldap_set_option(*ldp, LDAP_OPT_PROTOCOL_VERSION, &ver); ++#endif ++ ++#ifdef LDAPDB_TLS ++ if (data->tls) { ++ ldap_start_tls_s(*ldp, NULL, NULL); ++ } ++#endif ++ ++ if (ldap_simple_bind_s(*ldp, data->bindname, data->bindpw) != LDAP_SUCCESS) { ++ ldap_unbind(*ldp); ++ *ldp = NULL; ++ } ++} ++ ++#ifdef DNS_CLIENTINFO_VERSION ++static isc_result_t ++ldapdb_search(const char *zone, const char *name, void *dbdata, void *retdata, ++ dns_clientinfomethods_t *methods, dns_clientinfo_t *clientinfo) ++#else ++static isc_result_t ++ldapdb_search(const char *zone, const char *name, void *dbdata, void *retdata, ++ void *methods, void *clientinfo) ++#endif /* DNS_CLIENTINFO_VERSION */ ++{ ++ struct ldapdb_data *data = dbdata; ++ isc_result_t result = ISC_R_NOTFOUND; ++ LDAP **ldp; ++ LDAPMessage *res, *e; ++ char *fltr, *a, **vals = NULL, **names = NULL; ++ char type[64]; ++#ifdef LDAPDB_RFC1823API ++ void *ptr; ++#else ++ BerElement *ptr; ++#endif ++ int i, j, errno, msgid; ++ ++ UNUSED(methods); ++ UNUSED(clientinfo); ++ ++ ldp = ldapdb_getconn(data); ++ if (ldp == NULL) ++ return (ISC_R_FAILURE); ++ if (*ldp == NULL) { ++ ldapdb_bind(data, ldp); ++ if (*ldp == NULL) { ++ isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR, ++ "LDAP sdb zone '%s': bind failed", zone); ++ return (ISC_R_FAILURE); ++ } ++ } ++ ++ if (name == NULL) { ++ fltr = data->filterall; ++ } else { ++ if (strlen(name) > MAXNAMELEN) { ++ isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR, ++ "LDAP sdb zone '%s': name %s too long", zone, name); ++ return (ISC_R_FAILURE); ++ } ++ sprintf(data->filtername, "%s))", name); ++ fltr = data->filterone; ++ } ++ ++ msgid = ldap_search(*ldp, data->base, LDAP_SCOPE_SUBTREE, fltr, NULL, 0); ++ if (msgid == -1) { ++ ldapdb_bind(data, ldp); ++ if (*ldp != NULL) ++ msgid = ldap_search(*ldp, data->base, LDAP_SCOPE_SUBTREE, fltr, NULL, 0); ++ } ++ ++ if (*ldp == NULL || msgid == -1) { ++ isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR, ++ "LDAP sdb zone '%s': search failed, filter %s", zone, fltr); ++ return (ISC_R_FAILURE); ++ } ++ ++ /* Get the records one by one as they arrive and return them to bind */ ++ while ((errno = ldap_result(*ldp, msgid, 0, NULL, &res)) != LDAP_RES_SEARCH_RESULT ) { ++ LDAP *ld = *ldp; ++ int ttl = data->defaultttl; ++ ++ /* not supporting continuation references at present */ ++ if (errno != LDAP_RES_SEARCH_ENTRY) { ++ isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR, ++ "LDAP sdb zone '%s': ldap_result returned %d", zone, errno); ++ ldap_msgfree(res); ++ return (ISC_R_FAILURE); ++ } ++ ++ /* only one entry per result message */ ++ e = ldap_first_entry(ld, res); ++ if (e == NULL) { ++ ldap_msgfree(res); ++ isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR, ++ "LDAP sdb zone '%s': ldap_first_entry failed", zone); ++ return (ISC_R_FAILURE); ++ } ++ ++ if (name == NULL) { ++ names = ldap_get_values(ld, e, "relativeDomainName"); ++ if (names == NULL) ++ continue; ++ } ++ ++ vals = ldap_get_values(ld, e, "dNSTTL"); ++ if (vals != NULL) { ++ ttl = atoi(vals[0]); ++ ldap_value_free(vals); ++ } ++ ++ for (a = ldap_first_attribute(ld, e, &ptr); a != NULL; a = ldap_next_attribute(ld, e, ptr)) { ++ char *s; ++ ++ for (s = a; *s; s++) ++ *s = toupper(*s); ++ s = strstr(a, "RECORD"); ++ if ((s == NULL) || (s == a) || (s - a >= (signed int)sizeof(type))) { ++#ifndef LDAPDB_RFC1823API ++ ldap_memfree(a); ++#endif ++ continue; ++ } ++ ++ strncpy(type, a, s - a); ++ type[s - a] = '\0'; ++ vals = ldap_get_values(ld, e, a); ++ if (vals != NULL) { ++ for (i = 0; vals[i] != NULL; i++) { ++ if (name != NULL) { ++ result = dns_sdb_putrr(retdata, type, ttl, vals[i]); ++ } else { ++ for (j = 0; names[j] != NULL; j++) { ++ result = dns_sdb_putnamedrr(retdata, names[j], type, ttl, vals[i]); ++ if (result != ISC_R_SUCCESS) ++ break; ++ } ++ } ++; if (result != ISC_R_SUCCESS) { ++ isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR, ++ "LDAP sdb zone '%s': dns_sdb_put... failed for %s", zone, vals[i]); ++ ldap_value_free(vals); ++#ifndef LDAPDB_RFC1823API ++ ldap_memfree(a); ++ if (ptr != NULL) ++ ber_free(ptr, 0); ++#endif ++ if (name == NULL) ++ ldap_value_free(names); ++ ldap_msgfree(res); ++ return (ISC_R_FAILURE); ++ } ++ } ++ ldap_value_free(vals); ++ } ++#ifndef LDAPDB_RFC1823API ++ ldap_memfree(a); ++#endif ++ } ++#ifndef LDAPDB_RFC1823API ++ if (ptr != NULL) ++ ber_free(ptr, 0); ++#endif ++ if (name == NULL) ++ ldap_value_free(names); ++ ++ /* free this result */ ++ ldap_msgfree(res); ++ } ++ ++ /* free final result */ ++ ldap_msgfree(res); ++ return (result); ++} ++ ++ ++/* callback routines */ ++#ifdef DNS_CLIENTINFO_VERSION ++static isc_result_t ++ldapdb_lookup(const char *zone, const char *name, void *dbdata, ++ dns_sdblookup_t *lookup, dns_clientinfomethods_t *methods, ++ dns_clientinfo_t *clientinfo) ++{ ++ UNUSED(methods); ++ UNUSED(clientinfo); ++ return (ldapdb_search(zone, name, dbdata, lookup, NULL, NULL)); ++} ++#else ++static isc_result_t ++ldapdb_lookup(const char *zone, const char *name, void *dbdata, ++ dns_sdblookup_t *lookup) ++{ ++ return (ldapdb_search(zone, name, dbdata, lookup, methods, ++ clientinfo)); ++} ++#endif /* DNS_CLIENTINFO_VERSION */ ++ ++static isc_result_t ++ldapdb_allnodes(const char *zone, void *dbdata, ++ dns_sdballnodes_t *allnodes) ++{ ++ return (ldapdb_search(zone, NULL, dbdata, allnodes, NULL, NULL)); ++} ++ ++static char * ++unhex(char *in) ++{ ++ static const char hexdigits[] = "0123456789abcdef"; ++ char *p, *s = in; ++ int d1, d2; ++ ++ while ((s = strchr(s, '%'))) { ++ if (!(s[1] && s[2])) ++ return NULL; ++ if ((p = strchr(hexdigits, tolower(s[1]))) == NULL) ++ return NULL; ++ d1 = p - hexdigits; ++ if ((p = strchr(hexdigits, tolower(s[2]))) == NULL) ++ return NULL; ++ d2 = p - hexdigits; ++ *s++ = d1 << 4 | d2; ++ memmove(s, s + 2, strlen(s) - 1); ++ } ++ return in; ++} ++ ++/* returns 0 for ok, -1 for bad syntax, -2 for unknown critical extension */ ++static int ++parseextensions(char *extensions, struct ldapdb_data *data) ++{ ++ char *s, *next, *name, *value; ++ int critical; ++ ++ while (extensions != NULL) { ++ s = strchr(extensions, ','); ++ if (s != NULL) { ++ *s++ = '\0'; ++ next = s; ++ } else { ++ next = NULL; ++ } ++ ++ if (*extensions != '\0') { ++ s = strchr(extensions, '='); ++ if (s != NULL) { ++ *s++ = '\0'; ++ value = *s != '\0' ? s : NULL; ++ } else { ++ value = NULL; ++ } ++ name = extensions; ++ ++ critical = *name == '!'; ++ if (critical) { ++ name++; ++ } ++ if (*name == '\0') { ++ return -1; ++ } ++ ++ if (!strcasecmp(name, "bindname")) { ++ data->bindname = value; ++ } else if (!strcasecmp(name, "x-bindpw")) { ++ data->bindpw = value; ++#ifdef LDAPDB_TLS ++ } else if (!strcasecmp(name, "x-tls")) { ++ data->tls = value == NULL || !strcasecmp(value, "true"); ++#endif ++ } else if (critical) { ++ return -2; ++ } ++ } ++ extensions = next; ++ } ++ return 0; ++} ++ ++static void ++free_data(struct ldapdb_data *data) ++{ ++ if (data->hostport != NULL) ++ isc_mem_free(named_g_mctx, data->hostport); ++ if (data->hostname != NULL) ++ isc_mem_free(named_g_mctx, data->hostname); ++ if (data->filterall != NULL) ++ isc_mem_put(named_g_mctx, data->filterall, data->filteralllen); ++ if (data->filterone != NULL) ++ isc_mem_put(named_g_mctx, data->filterone, data->filteronelen); ++ isc_mem_put(named_g_mctx, data, sizeof(struct ldapdb_data)); ++} ++ ++ ++static isc_result_t ++ldapdb_create(const char *zone, int argc, char **argv, ++ void *driverdata, void **dbdata) ++{ ++ struct ldapdb_data *data; ++ char *s, *filter = NULL, *extensions = NULL; ++ int defaultttl; ++ ++ UNUSED(driverdata); ++ ++ /* we assume that only one thread will call create at a time */ ++ /* want to do this only once for all instances */ ++ ++ if ((argc < 2) ++ || (argv[0] != strstr( argv[0], "ldap://")) ++ || ((defaultttl = atoi(argv[1])) < 1)) ++ return (ISC_R_FAILURE); ++ data = isc_mem_get(named_g_mctx, sizeof(struct ldapdb_data)); ++ if (data == NULL) ++ return (ISC_R_NOMEMORY); ++ ++ memset(data, 0, sizeof(struct ldapdb_data)); ++ data->hostport = isc_mem_strdup(named_g_mctx, argv[0] + strlen("ldap://")); ++ if (data->hostport == NULL) { ++ free_data(data); ++ return (ISC_R_NOMEMORY); ++ } ++ ++ data->defaultttl = defaultttl; ++ ++ s = strchr(data->hostport, '/'); ++ if (s != NULL) { ++ *s++ = '\0'; ++ data->base = s; ++ /* attrs, scope, filter etc? */ ++ s = strchr(s, '?'); ++ if (s != NULL) { ++ *s++ = '\0'; ++ /* ignore attributes */ ++ s = strchr(s, '?'); ++ if (s != NULL) { ++ *s++ = '\0'; ++ /* ignore scope */ ++ s = strchr(s, '?'); ++ if (s != NULL) { ++ *s++ = '\0'; ++ /* filter */ ++ filter = s; ++ s = strchr(s, '?'); ++ if (s != NULL) { ++ *s++ = '\0'; ++ /* extensions */ ++ extensions = s; ++ s = strchr(s, '?'); ++ if (s != NULL) { ++ *s++ = '\0'; ++ } ++ if (*extensions == '\0') { ++ extensions = NULL; ++ } ++ } ++ if (*filter == '\0') { ++ filter = NULL; ++ } ++ } ++ } ++ } ++ if (*data->base == '\0') { ++ data->base = NULL; ++ } ++ } ++ ++ /* parse extensions */ ++ if (extensions != NULL) { ++ int err; ++ ++ err = parseextensions(extensions, data); ++ if (err < 0) { ++ /* err should be -1 or -2 */ ++ free_data(data); ++ if (err == -1) { ++ isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR, ++ "LDAP sdb zone '%s': URL: extension syntax error", zone); ++ } else if (err == -2) { ++ isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR, ++ "LDAP sdb zone '%s': URL: unknown critical extension", zone); ++ } ++ return (ISC_R_FAILURE); ++ } ++ } ++ ++ if ((data->base != NULL && unhex(data->base) == NULL) || ++ (filter != NULL && unhex(filter) == NULL) || ++ (data->bindname != NULL && unhex(data->bindname) == NULL) || ++ (data->bindpw != NULL && unhex(data->bindpw) == NULL)) { ++ free_data(data); ++ isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR, ++ "LDAP sdb zone '%s': URL: bad hex values", zone); ++ return (ISC_R_FAILURE); ++ } ++ ++ /* compute filterall and filterone once and for all */ ++ if (filter == NULL) { ++ data->filteralllen = strlen(zone) + strlen("(zoneName=)") + 1; ++ data->filteronelen = strlen(zone) + strlen("(&(zoneName=)(relativeDomainName=))") + MAXNAMELEN + 1; ++ } else { ++ data->filteralllen = strlen(filter) + strlen(zone) + strlen("(&(zoneName=))") + 1; ++ data->filteronelen = strlen(filter) + strlen(zone) + strlen("(&(zoneName=)(relativeDomainName=))") + MAXNAMELEN + 1; ++ } ++ ++ data->filterall = isc_mem_get(named_g_mctx, data->filteralllen); ++ if (data->filterall == NULL) { ++ free_data(data); ++ return (ISC_R_NOMEMORY); ++ } ++ data->filterone = isc_mem_get(named_g_mctx, data->filteronelen); ++ if (data->filterone == NULL) { ++ free_data(data); ++ return (ISC_R_NOMEMORY); ++ } ++ ++ if (filter == NULL) { ++ sprintf(data->filterall, "(zoneName=%s)", zone); ++ sprintf(data->filterone, "(&(zoneName=%s)(relativeDomainName=", zone); ++ } else { ++ sprintf(data->filterall, "(&%s(zoneName=%s))", filter, zone); ++ sprintf(data->filterone, "(&%s(zoneName=%s)(relativeDomainName=", filter, zone); ++ } ++ data->filtername = data->filterone + strlen(data->filterone); ++ ++ /* support URLs with literal IPv6 addresses */ ++ data->hostname = isc_mem_strdup(named_g_mctx, data->hostport + (*data->hostport == '[' ? 1 : 0)); ++ if (data->hostname == NULL) { ++ free_data(data); ++ return (ISC_R_NOMEMORY); ++ } ++ ++ if (*data->hostport == '[' && ++ (s = strchr(data->hostname, ']')) != NULL ) ++ *s++ = '\0'; ++ else ++ s = data->hostname; ++ s = strchr(s, ':'); ++ if (s != NULL) { ++ *s++ = '\0'; ++ data->portno = atoi(s); ++ } else ++ data->portno = LDAP_PORT; ++ ++ *dbdata = data; ++ return (ISC_R_SUCCESS); ++} ++ ++static void ++ldapdb_destroy(const char *zone, void *driverdata, void **dbdata) { ++ struct ldapdb_data *data = *dbdata; ++ ++ UNUSED(zone); ++ UNUSED(driverdata); ++ ++ free_data(data); ++} ++ ++static dns_sdbmethods_t ldapdb_methods = { ++ ldapdb_lookup, ++ NULL, /* authority */ ++ ldapdb_allnodes, ++ ldapdb_create, ++ ldapdb_destroy, ++ NULL /* lookup2 */ ++}; ++ ++/* Wrapper around dns_sdb_register() */ ++isc_result_t ++ldapdb_init(void) { ++ unsigned int flags = ++ DNS_SDBFLAG_RELATIVEOWNER | ++ DNS_SDBFLAG_RELATIVERDATA | ++ DNS_SDBFLAG_THREADSAFE; ++ ++ ldapdb_lock(0); ++ return (dns_sdb_register("ldap", &ldapdb_methods, NULL, flags, ++ named_g_mctx, &ldapdb)); ++} ++ ++/* Wrapper around dns_sdb_unregister() */ ++void ++ldapdb_clear(void) { ++ if (ldapdb != NULL) { ++ /* clean up thread data */ ++ ldapdb_getconn(NULL); ++ dns_sdb_unregister(&ldapdb); ++ } ++} +diff --git a/contrib/sdb/ldap/ldapdb.h b/contrib/sdb/ldap/ldapdb.h +new file mode 100644 +index 0000000..a08eb20 +--- /dev/null ++++ b/contrib/sdb/ldap/ldapdb.h +@@ -0,0 +1,6 @@ ++#include ++ ++isc_result_t ldapdb_init(void); ++ ++void ldapdb_clear(void); ++ +diff --git a/contrib/sdb/ldap/zone2ldap.1 b/contrib/sdb/ldap/zone2ldap.1 +new file mode 100644 +index 0000000..781114b +--- /dev/null ++++ b/contrib/sdb/ldap/zone2ldap.1 +@@ -0,0 +1,64 @@ ++.TH zone2ldap 1 "8 March 2001" ++.SH NAME ++zone2ldap /- Load BIND 9 Zone files into LDAP Directory ++.SH SYNOPSIS ++zone2ldap [-D Bind DN] [-w Bind Password] [-b Base DN] [-z Zone] [-f Zone File ] [-h Ldap Host] [-cd] [-v] ++.SH DESCRIPTION ++zone2ldap will parse a complete BIND 9 format DNS zone file, and load ++the contents into an LDAP directory, for use with the LDAP sdb back-end. ++ ++If the zone already exists, zone2ldap will exit succesfully. If the zone does not exists, or ++partially exists, zone2ldap will attempt to add all/missing zone data. ++ ++.SS Options ++.TP ++-b ++LDAP Base DN. LDAP systems require a "base dn", which is generally considered the LDAP Directory root. ++If the zone you are loading is different from the base, then you will need to tell zone2ldap what your LDAP ++base is. ++.TP ++-v ++Print version information, and immediatly exit. ++.TP ++-f ++Zone file. Bind 9.1 compatible zone file, from which zone information will be read. ++.TP ++-d ++Dump debug information to standard out. ++.TP ++-w ++LDAP Bind password, corresponding the the value of "-b". ++.TP ++-h ++LDAP Directory host. This is the hostname of the LDAP system you wish to store zone information on. ++An LDAP server should be listening on port 389 of the target system. This may be ommited, and will default ++to "localhost". ++.TP ++-c ++This will create the zone portion of the DN you are importing. For instance, if you are creating a domain.com zone, ++zone2ldap should first create "dc=domain,dc=com". This is useful if you are creating multiple domains. ++.TP ++-z ++This is the name of the zone specified in the SOA record. ++.SH EXAMPLES ++Following are brief examples of how to import a zone file into your LDAP DIT. ++.SS Loading zone domain.com, with an LDAP Base DN of dc=domain,dc=com ++zone2ldap -D dc=root -w secret -h localhost -z domain.com -f domain.com.zone ++ ++This will add Resource Records into an ALREADY EXISTING dc=domain,dc=com. The final SOA DN in this case, will be ++dc=@,dc=domain,dc=com ++ ++.SS Loading customer.com, if your LDAP Base DN is dc=provider,dc=net. ++zone2ldap -D dc=root -w secret -h localhost -z customer.com -b dc=provider,dc=net -f customer.com.zone -c ++ ++This will create dc=customer,dc=com under dc=provider,dc=net, and add all necessary Resource Records. The final ++root DN to the SOA will be dc=@,dc=customer,dc=com,dc=provider,dc=net. ++ ++.SH "SEE ALSO" ++named(8) ldap(3) ++http://www.venaas.no/ldap/bind-sdb/ ++.SH "BUGS" ++Send all bug reports to Jeff McNeil ++.SH AUTHOR ++Jeff McNeil ++ +diff --git a/contrib/sdb/ldap/zone2ldap.c b/contrib/sdb/ldap/zone2ldap.c +new file mode 100644 +index 0000000..83e88fb +--- /dev/null ++++ b/contrib/sdb/ldap/zone2ldap.c +@@ -0,0 +1,897 @@ ++/* ++ * Copyright (C) 2001 Jeff McNeil ++ * ++ * Permission to use, copy, modify, and distribute this software for any ++ * purpose with or without fee is hereby granted, provided that the above ++ * copyright notice and this permission notice appear in all copies. ++ * ++ * Change Log ++ * ++ * Tue May 1 19:19:54 EDT 2001 - Jeff McNeil ++ * Update to objectClass code, and add_to_rr_list function ++ * (I need to rename that) to support the dNSZone schema, ++ * ditched dNSDomain2 schema support. Version 0.3-ALPHA ++ */ ++ ++ ++#define LDAP_DEPRECATED 1 ++ ++#include ++#include ++#include ++#include ++#include ++ ++#include ++//#include "entropy_private.h" ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#define LDAP_DEPRECATED 1 ++ ++#include ++ ++#define DNS_OBJECT 6 ++#define DNS_TOP 2 ++ ++#define VERSION "0.4-ALPHA" ++ ++#define NO_SPEC 0 ++#define WI_SPEC 1 ++ ++/* Global Zone Pointer */ ++char *gbl_zone = NULL; ++ ++typedef struct LDAP_INFO ++{ ++ char *dn; ++ LDAPMod **attrs; ++ struct LDAP_INFO *next; ++ int attrcnt; ++} ++ldap_info; ++ ++/* usage Info */ ++void usage (void); ++ ++/* Check for existence of (and possibly add) containing dNSZone objects */ ++int lookup_dns_zones( ldap_info *ldinfo); ++ ++/* Add to the ldap dit */ ++void add_ldap_values (ldap_info * ldinfo); ++ ++/* Init an ldap connection */ ++void init_ldap_conn (void); ++ ++/* Ldap error checking */ ++void ldap_result_check (const char *msg, char *dn, int err); ++ ++/* Put a hostname into a char ** array */ ++char **hostname_to_dn_list (char *hostname, char *zone, unsigned int flags); ++ ++/* Find out how many items are in a char ** array */ ++int get_attr_list_size (char **tmp); ++ ++/* Get a DN */ ++char *build_dn_from_dc_list (char **dc_list, unsigned int ttl, int flag, char *zone); ++ ++/* Add to RR list */ ++void add_to_rr_list (char *dn, char *name, char *type, char *data, ++ unsigned int ttl, unsigned int flags); ++ ++/* Error checking */ ++void isc_result_check (isc_result_t res, const char *errorstr); ++ ++/* Generate LDIF Format files */ ++void generate_ldap (dns_name_t * dnsname, dns_rdata_t * rdata, ++ unsigned int ttl); ++ ++/* head pointer to the list */ ++ldap_info *ldap_info_base = NULL; ++ ++ldap_info * ++locate_by_dn (char *dn); ++void ++init_ldap_conn (); ++void usage(); ++ ++static char *argzone, *ldapbase, *binddn, *bindpw = NULL; ++ ++/* these are needed to placate gcc4's const-ness const-ernations : */ ++static char localhost[] = "localhost"; ++static char *ldapsystem=&(localhost[0]); ++/* dnszone schema class names: */ ++static char topClass [] ="top"; ++static char dNSZoneClass[] ="dNSZone"; ++static char objectClass [] ="objectClass"; ++static char dcObjectClass[]="dcObject"; ++/* dnszone schema attribute names: */ ++static char relativeDomainName[]="relativeDomainName"; ++static char dNSTTL []="dNSTTL"; ++static char zoneName []="zoneName"; ++static char dc []="dc"; ++static char sameZone []="@"; ++/* LDAPMod mod_values: */ ++static char *objectClasses []= { &(topClass[0]), &(dNSZoneClass[0]), NULL }; ++static char *topObjectClasses []= { &(topClass[0]), &(dcObjectClass[0]), &(dNSZoneClass[0]), NULL }; ++static char *dn_buffer [64]={NULL}; ++ ++LDAP *conn; ++unsigned int debug = 0; ++ ++#ifdef DEBUG ++debug = 1; ++#endif ++ ++static void ++fatal(const char *msg) { ++ perror(msg); ++ if (conn != NULL) ++ ldap_unbind_s(conn); ++ exit(1); ++} ++ ++int ++main (int argc, char **argv) ++{ ++ isc_mem_t *mctx = NULL; ++ //isc_entropy_t *ectx = NULL; ++ isc_result_t result; ++ char *basedn; ++ ldap_info *tmp; ++ LDAPMod *base_attrs[5]; ++ LDAPMod base, dcBase, znBase, rdnBase; ++ isc_buffer_t buff; ++ char *zonefile=0L; ++ char fullbasedn[1024]; ++ char *ctmp, *zn, *dcp[2], *znp[2], *rdn[2]; ++ dns_fixedname_t fixedzone, fixedname; ++ dns_rdataset_t rdataset; ++ char **dc_list; ++ dns_rdata_t rdata = DNS_RDATA_INIT; ++ dns_rdatasetiter_t *riter; ++ dns_name_t *zone, *name; ++ dns_db_t *db = NULL; ++ dns_dbiterator_t *dbit = NULL; ++ dns_dbnode_t *node; ++ extern char *optarg; ++ extern int optind, opterr, optopt; ++ int create_base = 0; ++ int topt, dcn, zdn, znlen; ++ ++ if (argc < 2) ++ { ++ usage (); ++ exit (-1); ++ } ++ ++ while ((topt = getopt ((int) argc, argv, "D:Ww:b:z:f:h:?dcv")) != -1) ++ { ++ switch (topt) ++ { ++ case 'v': ++ printf("%s\n", VERSION); ++ exit(0); ++ case 'c': ++ create_base++; ++ break; ++ case 'd': ++ debug++; ++ break; ++ case 'D': ++ binddn = strdup (optarg); ++ if (binddn == NULL) ++ fatal("strdup"); ++ break; ++ case 'w': ++ bindpw = strdup (optarg); ++ if (bindpw == NULL) ++ fatal("strdup"); ++ break; ++ case 'W': ++ bindpw = getpass("Enter LDAP Password: "); ++ break; ++ case 'b': ++ ldapbase = strdup (optarg); ++ if (ldapbase == NULL) ++ fatal("strdup"); ++ break; ++ case 'z': ++ argzone = strdup (optarg); ++ // We wipe argzone all to hell when we parse it for the DN */ ++ gbl_zone = strdup(argzone); ++ if (argzone == NULL || gbl_zone == NULL) ++ fatal("strdup"); ++ break; ++ case 'f': ++ zonefile = strdup (optarg); ++ if (zonefile == NULL) ++ fatal("strdup"); ++ break; ++ case 'h': ++ ldapsystem = strdup (optarg); ++ if (ldapsystem == NULL) ++ fatal("strdup"); ++ break; ++ case '?': ++ default: ++ usage (); ++ exit (0); ++ } ++ } ++ ++ if ((argzone == NULL) || (zonefile == NULL)) ++ { ++ usage (); ++ exit (-1); ++ } ++ ++ if (debug) ++ printf ("Initializing ISC Routines, parsing zone file\n"); ++ ++ result = isc_mem_create (0, 0, &mctx); ++ isc_result_check (result, "isc_mem_create"); ++ ++ //result = isc_entropy_create(mctx, &ectx); ++ //isc_result_check (result, "isc_entropy_create"); ++ ++ //result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE); ++ //isc_result_check (result, "isc_hash_create"); ++ ++ isc_buffer_init (&buff, argzone, strlen (argzone)); ++ isc_buffer_add (&buff, strlen (argzone)); ++ dns_fixedname_init (&fixedzone); ++ zone = dns_fixedname_name (&fixedzone); ++ result = dns_name_fromtext (zone, &buff, dns_rootname, 0, NULL); ++ isc_result_check (result, "dns_name_fromtext"); ++ ++ result = dns_db_create (mctx, "rbt", zone, dns_dbtype_zone, ++ dns_rdataclass_in, 0, NULL, &db); ++ isc_result_check (result, "dns_db_create"); ++ ++ result = dns_db_load (db, zonefile, dns_masterformat_text, 0); ++ isc_result_check (result, "Check Zone Syntax: dns_db_load"); ++ ++ result = dns_db_createiterator (db, 0, &dbit); ++ isc_result_check (result, "dns_db_createiterator"); ++ ++ result = dns_dbiterator_first (dbit); ++ isc_result_check (result, "dns_dbiterator_first"); ++ ++ dns_fixedname_init (&fixedname); ++ name = dns_fixedname_name (&fixedname); ++ dns_rdataset_init (&rdataset); ++ dns_rdata_init (&rdata); ++ ++ while (result == ISC_R_SUCCESS) ++ { ++ node = NULL; ++ result = dns_dbiterator_current (dbit, &node, name); ++ ++ if (result == ISC_R_NOMORE) ++ break; ++ ++ isc_result_check (result, "dns_dbiterator_current"); ++ ++ riter = NULL; ++ result = dns_db_allrdatasets (db, node, NULL, 0, &riter); ++ isc_result_check (result, "dns_db_allrdatasets"); ++ ++ result = dns_rdatasetiter_first (riter); ++ //isc_result_check(result, "dns_rdatasetiter_first"); ++ ++ while (result == ISC_R_SUCCESS) ++ { ++ dns_rdatasetiter_current (riter, &rdataset); ++ result = dns_rdataset_first (&rdataset); ++ isc_result_check (result, "dns_rdatasetiter_current"); ++ ++ while (result == ISC_R_SUCCESS) ++ { ++ dns_rdataset_current (&rdataset, &rdata); ++ generate_ldap (name, &rdata, rdataset.ttl); ++ dns_rdata_reset (&rdata); ++ result = dns_rdataset_next (&rdataset); ++ } ++ dns_rdataset_disassociate (&rdataset); ++ result = dns_rdatasetiter_next (riter); ++ ++ } ++ dns_rdatasetiter_destroy (&riter); ++ result = dns_dbiterator_next (dbit); ++ ++ } ++ ++ /* Initialize the LDAP Connection */ ++ if (debug) ++ printf ("Initializing LDAP Connection to %s as %s\n", ldapsystem, binddn); ++ ++ init_ldap_conn (); ++ ++ if (create_base) ++ { ++ if (debug) ++ printf ("Creating base zone DN %s\n", argzone); ++ ++ dc_list = hostname_to_dn_list (argzone, argzone, DNS_TOP); ++ ++ basedn = build_dn_from_dc_list (dc_list, 0, NO_SPEC, argzone); ++ if (debug) ++ printf ("base DN %s\n", basedn); ++ ++ for (ctmp = &basedn[strlen (basedn)], dcn=0; ctmp >= &basedn[0]; ctmp--) ++ { ++ if ((*ctmp == ',') || (ctmp == &basedn[0])) ++ { ++ base.mod_op = LDAP_MOD_ADD; ++ base.mod_type = objectClass; ++ base.mod_values = topObjectClasses; ++ ++ base_attrs[0] = (void*)&base; ++ ++ dcBase.mod_op = LDAP_MOD_ADD; ++ dcBase.mod_type = dc; ++ dcp[0]=dc_list[dcn]; ++ dcp[1]=0L; ++ dcBase.mod_values=dcp; ++ base_attrs[1] = (void*)&dcBase; ++ ++ znBase.mod_op = LDAP_MOD_ADD; ++ znBase.mod_type = zoneName; ++ for( zdn = dcn, znlen = 0; zdn >= 0; zdn-- ) ++ znlen += strlen(dc_list[zdn])+1; ++ znp[0] = (char*)malloc(znlen+1); ++ znp[1] = 0L; ++ for( zdn = dcn, zn=znp[0]; zdn >= 0; zdn-- ) ++ zn+=sprintf(zn,"%s%s",dc_list[zdn], ++ ((zdn > 0) && (*(dc_list[zdn-1])!='.')) ? "." : "" ++ ); ++ ++ znBase.mod_values = znp; ++ base_attrs[2] = (void*)&znBase; ++ ++ rdnBase.mod_op = LDAP_MOD_ADD; ++ rdnBase.mod_type = relativeDomainName; ++ rdn[0] = strdup(sameZone); ++ rdn[1] = 0L; ++ rdnBase.mod_values = rdn; ++ base_attrs[3] = (void*)&rdnBase; ++ ++ dcn++; ++ ++ base.mod_values = topObjectClasses; ++ base_attrs[4] = NULL; ++ ++ if (ldapbase) ++ { ++ if (ctmp != &basedn[0]) ++ sprintf (fullbasedn, "%s,%s", ctmp + 1, ldapbase); ++ else ++ sprintf (fullbasedn, "%s,%s", ctmp, ldapbase); ++ ++ } ++ else ++ { ++ if (ctmp != &basedn[0]) ++ sprintf (fullbasedn, "%s", ctmp + 1); ++ else ++ sprintf (fullbasedn, "%s", ctmp); ++ } ++ ++ if( debug ) ++ printf("Full base dn: %s\n", fullbasedn); ++ ++ result = ldap_add_s (conn, fullbasedn, base_attrs); ++ ldap_result_check ("intial ldap_add_s", fullbasedn, result); ++ } ++ ++ } ++ } ++ else ++ { ++ if (debug) ++ printf ("Skipping zone base dn creation for %s\n", argzone); ++ } ++ ++ for (tmp = ldap_info_base; tmp != NULL; tmp = tmp->next) ++ { ++ ++ if (debug) ++ printf ("Adding DN: %s\n", tmp->dn); ++ ++ add_ldap_values (tmp); ++ } ++ ++ if (debug) ++ printf("Operation Complete.\n"); ++ ++ /* Cleanup */ ++ //isc_hash_destroy(); ++ //isc_entropy_detach(&ectx); ++ isc_mem_destroy(&mctx); ++ if (zonefile) ++ free(zonefile); ++ ++ return 0; ++} ++ ++ ++/* Check the status of an isc_result_t after any isc routines. ++ * I should probably rename this function, as not to cause any ++ * confusion with the isc* routines. Will exit on error. */ ++void ++isc_result_check (isc_result_t res, const char *errorstr) ++{ ++ if (res != ISC_R_SUCCESS) ++ { ++ fprintf (stderr, " %s: %s\n", errorstr, isc_result_totext (res)); ++ exit (-1); ++ } ++} ++ ++ ++/* Takes DNS information, in bind data structure format, and adds textual ++ * zone information to the LDAP run queue. */ ++void ++generate_ldap (dns_name_t * dnsname, dns_rdata_t * rdata, unsigned int ttl) ++{ ++ char name[DNS_NAME_MAXTEXT + 1]; ++ unsigned int len; ++ char type[20]; ++ char data[2048]; ++ char **dc_list; ++ char *dn; ++ ++ isc_buffer_t buff; ++ isc_result_t result; ++ ++ isc_buffer_init (&buff, name, sizeof (name)); ++ result = dns_name_totext (dnsname, true, &buff); ++ isc_result_check (result, "dns_name_totext"); ++ name[isc_buffer_usedlength (&buff)] = 0; ++ ++ isc_buffer_init (&buff, type, sizeof (type)); ++ result = dns_rdatatype_totext (rdata->type, &buff); ++ isc_result_check (result, "dns_rdatatype_totext"); ++ type[isc_buffer_usedlength (&buff)] = 0; ++ ++ isc_buffer_init (&buff, data, sizeof (data)); ++ result = dns_rdata_totext (rdata, NULL, &buff); ++ isc_result_check (result, "dns_rdata_totext"); ++ data[isc_buffer_usedlength (&buff)] = 0; ++ ++ dc_list = hostname_to_dn_list ((char*)name, argzone, DNS_OBJECT); ++ len = (get_attr_list_size (dc_list) - 2); ++ dn = build_dn_from_dc_list (dc_list, ttl, WI_SPEC, argzone); ++ ++ if (debug) ++ printf ("Adding %s (%s %s) to run queue list.\n", dn, type, data); ++ ++ add_to_rr_list (dn, dc_list[len], (char*)type, (char*)data, ttl, DNS_OBJECT); ++} ++ ++ ++/* Locate an item in the Run queue linked list, by DN. Used by functions ++ * which add items to the run queue. ++ */ ++ldap_info * ++locate_by_dn (char *dn) ++{ ++ ldap_info *tmp; ++ for (tmp = ldap_info_base; tmp != (ldap_info *) NULL; tmp = tmp->next) ++ { ++ if (!strncmp (tmp->dn, dn, strlen (dn))) ++ return tmp; ++ } ++ return (ldap_info *) NULL; ++} ++ ++ ++ ++/* Take textual zone data, and add to the LDAP Run queue. This works like so: ++ * If locate_by_dn does not return, alloc a new ldap_info structure, and then ++ * calloc a LDAPMod array, fill in the default "everyone needs this" information, ++ * including object classes and dc's. If it locate_by_dn does return, then we'll ++ * realloc for more LDAPMod structs, and appened the new data. If an LDAPMod exists ++ * for the parameter we're adding, then we'll realloc the mod_values array, and ++ * add the new value to the existing LDAPMod. Finnaly, it assures linkage exists ++ * within the Run queue linked ilst*/ ++ ++void ++add_to_rr_list (char *dn, char *name, char *type, ++ char *data, unsigned int ttl, unsigned int flags) ++{ ++ int i; ++ int x; ++ ldap_info *tmp; ++ int attrlist; ++ char ldap_type_buffer[128]; ++ char charttl[64]; ++ ++ char *zn; ++ int znlen; ++ ++ if ((tmp = locate_by_dn (dn)) == NULL) ++ { ++ ++ /* There wasn't one already there, so we need to allocate a new one, ++ * and stick it on the list */ ++ ++ tmp = (ldap_info *) malloc (sizeof (ldap_info)); ++ if (tmp == (ldap_info *) NULL) ++ fatal("malloc"); ++ ++ tmp->dn = strdup (dn); ++ if (tmp->dn == NULL) ++ fatal("strdup"); ++ ++ tmp->attrs = (LDAPMod **) calloc (sizeof (LDAPMod *), flags); ++ if (tmp->attrs == (LDAPMod **) NULL) ++ fatal("calloc"); ++ ++ for (i = 0; i < (int)flags; i++) ++ { ++ tmp->attrs[i] = (LDAPMod *) malloc (sizeof (LDAPMod)); ++ if (tmp->attrs[i] == (LDAPMod *) NULL) ++ fatal("malloc"); ++ } ++ tmp->attrs[0]->mod_op = LDAP_MOD_ADD; ++ tmp->attrs[0]->mod_type = objectClass; ++ ++ if (flags == DNS_OBJECT) ++ tmp->attrs[0]->mod_values = objectClasses; ++ else ++ { ++ tmp->attrs[0]->mod_values = topObjectClasses; ++ tmp->attrs[1] = NULL; ++ tmp->attrcnt = 2; ++ tmp->next = ldap_info_base; ++ ldap_info_base = tmp; ++ return; ++ } ++ ++ tmp->attrs[1]->mod_op = LDAP_MOD_ADD; ++ tmp->attrs[1]->mod_type = relativeDomainName; ++ tmp->attrs[1]->mod_values = (char **) calloc (sizeof (char *), 2); ++ ++ if (tmp->attrs[1]->mod_values == (char **)NULL) ++ fatal("calloc"); ++ ++ tmp->attrs[1]->mod_values[0] = strdup (name); ++ tmp->attrs[1]->mod_values[2] = NULL; ++ ++ if (tmp->attrs[1]->mod_values[0] == NULL) ++ fatal("strdup"); ++ ++ sprintf (ldap_type_buffer, "%sRecord", type); ++ ++ tmp->attrs[2]->mod_op = LDAP_MOD_ADD; ++ tmp->attrs[2]->mod_type = strdup (ldap_type_buffer); ++ tmp->attrs[2]->mod_values = (char **) calloc (sizeof (char *), 2); ++ ++ if (tmp->attrs[2]->mod_type == NULL || ++ tmp->attrs[2]->mod_values == (char **)NULL) ++ fatal("strdup/calloc"); ++ ++ tmp->attrs[2]->mod_values[0] = strdup (data); ++ tmp->attrs[2]->mod_values[1] = NULL; ++ ++ if (tmp->attrs[2]->mod_values[0] == NULL) ++ fatal("strdup"); ++ ++ tmp->attrs[3]->mod_op = LDAP_MOD_ADD; ++ tmp->attrs[3]->mod_type = dNSTTL; ++ tmp->attrs[3]->mod_values = (char **) calloc (sizeof (char *), 2); ++ ++ if (tmp->attrs[3]->mod_values == (char **)NULL) ++ fatal("calloc"); ++ ++ sprintf (charttl, "%d", ttl); ++ tmp->attrs[3]->mod_values[0] = strdup (charttl); ++ tmp->attrs[3]->mod_values[1] = NULL; ++ ++ if (tmp->attrs[3]->mod_values[0] == NULL) ++ fatal("strdup"); ++ ++ znlen=strlen(gbl_zone); ++ if ( *(gbl_zone + (znlen-1)) == '.' ) ++ { /* ldapdb MUST search by relative zone name */ ++ zn = (char*)malloc(znlen); ++ strncpy(zn,gbl_zone,znlen-1); ++ *(zn + (znlen-1))='\0'; ++ }else ++ { ++ zn = gbl_zone; ++ } ++ ++ tmp->attrs[4]->mod_op = LDAP_MOD_ADD; ++ tmp->attrs[4]->mod_type = zoneName; ++ tmp->attrs[4]->mod_values = (char **)calloc(sizeof(char *), 2); ++ ++ if (tmp->attrs[4]->mod_values == (char **)NULL) ++ fatal("calloc"); ++ ++ tmp->attrs[4]->mod_values[0] = zn; ++ tmp->attrs[4]->mod_values[1] = NULL; ++ ++ tmp->attrs[5] = NULL; ++ tmp->attrcnt = flags; ++ tmp->next = ldap_info_base; ++ ldap_info_base = tmp; ++ } ++ else ++ { ++ ++ for (i = 0; tmp->attrs[i] != NULL; i++) ++ { ++ sprintf (ldap_type_buffer, "%sRecord", type); ++ if (!strncmp ++ (ldap_type_buffer, tmp->attrs[i]->mod_type, ++ strlen (tmp->attrs[i]->mod_type))) ++ { ++ attrlist = get_attr_list_size (tmp->attrs[i]->mod_values); ++ tmp->attrs[i]->mod_values = ++ (char **) realloc (tmp->attrs[i]->mod_values, ++ sizeof (char *) * (attrlist + 1)); ++ ++ if (tmp->attrs[i]->mod_values == (char **) NULL) ++ fatal("realloc"); ++ ++ for (x = 0; tmp->attrs[i]->mod_values[x] != NULL; x++); ++ ++ tmp->attrs[i]->mod_values[x] = strdup (data); ++ if (tmp->attrs[i]->mod_values[x] == NULL) ++ fatal("strdup"); ++ tmp->attrs[i]->mod_values[x + 1] = NULL; ++ ++ return; ++ } ++ } ++ tmp->attrs = ++ (LDAPMod **) realloc (tmp->attrs, ++ sizeof (LDAPMod) * ++(tmp->attrcnt)); ++ if (tmp->attrs == NULL) ++ fatal("realloc"); ++ ++ for (x = 0; tmp->attrs[x] != NULL; x++); ++ tmp->attrs[x] = (LDAPMod *) malloc (sizeof (LDAPMod)); ++ if (tmp->attrs[x] == NULL) ++ fatal("malloc"); ++ tmp->attrs[x]->mod_op = LDAP_MOD_ADD; ++ tmp->attrs[x]->mod_type = strdup (ldap_type_buffer); ++ tmp->attrs[x]->mod_values = (char **) calloc (sizeof (char *), 2); ++ ++ if (tmp->attrs[x]->mod_type == NULL || ++ tmp->attrs[x]->mod_values == (char **)NULL) ++ fatal("strdup/calloc"); ++ ++ tmp->attrs[x]->mod_values[0] = strdup (data); ++ if (tmp->attrs[x]->mod_values[0] == NULL) ++ fatal("strdup"); ++ tmp->attrs[x]->mod_values[1] = NULL; ++ tmp->attrs[x + 1] = NULL; ++ } ++} ++ ++/* Size of a mod_values list, plus the terminating NULL field. */ ++int ++get_attr_list_size (char **tmp) ++{ ++ int i = 0; ++ char **ftmp = tmp; ++ while (*ftmp != NULL) ++ { ++ i++; ++ ftmp++; ++ } ++ return ++i; ++} ++ ++ ++/* take a hostname, and split it into a char ** of the dc parts, ++ * example, we have www.domain.com, this function will return: ++ * array[0] = com, array[1] = domain, array[2] = www. */ ++ ++char ** ++hostname_to_dn_list (char *hostname, char *zone, unsigned int flags) ++{ ++ char *tmp; ++ int i = 0; ++ dn_buffer[i] = NULL; ++ ++ char *hname=0L, *last=0L; ++ int hlen=strlen(hostname), zlen=(strlen(zone)); ++ ++ /* printf("hostname: %s zone: %s\n",hostname, zone); */ ++ hname=0L; ++ if(flags == DNS_OBJECT) ++ { ++ if( (zone[ zlen - 1 ] == '.') && (hostname[hlen - 1] != '.') ) ++ { ++ hname=(char*)malloc(hlen + 1); ++ hlen += 1; ++ sprintf(hname, "%s.", hostname); ++ hostname = hname; ++ } ++ if(strcmp(hostname, zone) == 0) ++ { ++ if( hname == 0 ) ++ hname=strdup(hostname); ++ last = strdup(sameZone); ++ }else ++ { ++ if( (hlen < zlen) ++ ||( strcmp( hostname + (hlen - zlen), zone ) != 0) ++ ) ++ { ++ if( hname != 0 ) ++ free(hname); ++ hname=(char*)malloc( hlen + zlen + 1); ++ if( *zone == '.' ) ++ sprintf(hname, "%s%s", hostname, zone); ++ else ++ sprintf(hname,"%s",zone); ++ }else ++ { ++ if( hname == 0 ) ++ hname = strdup(hostname); ++ } ++ last = hname; ++ } ++ }else ++ { /* flags == DNS_TOP */ ++ hname = strdup(zone); ++ last = hname; ++ } ++ ++ for (tmp = strrchr (hname, '.'); tmp != (char *) 0; ++ tmp = strrchr (hname, '.')) ++ { ++ if( *( tmp + 1 ) != '\0' ) ++ { ++ *tmp = '\0'; ++ dn_buffer[i++] = ++tmp; ++ }else ++ { /* trailing '.' ! */ ++ dn_buffer[i++] = strdup("."); ++ *tmp = '\0'; ++ if( tmp == hname ) ++ break; ++ } ++ } ++ if( ( last != hname ) && (tmp != hname) ) ++ dn_buffer[i++] = hname; ++ dn_buffer[i++] = last; ++ return dn_buffer; ++} ++ ++ ++/* build an sdb compatible LDAP DN from a "dc_list" (char **). ++ * will append dNSTTL information to each RR Record, with the ++ * exception of "@"/SOA. */ ++ ++char * ++build_dn_from_dc_list (char **dc_list, unsigned int ttl, int flag, char *zone) ++{ ++ int size; ++ int x, znlen; ++ static char dn[1024]; ++ char tmp[128]; ++ char zn[DNS_NAME_MAXTEXT+1]; ++ ++ bzero (tmp, sizeof (tmp)); ++ bzero (dn, sizeof (dn)); ++ size = get_attr_list_size (dc_list); ++ znlen = strlen(zone); ++ if ( *(zone + (znlen-1)) == '.' ) ++ { /* ldapdb MUST search by relative zone name */ ++ memcpy(&(zn[0]),zone,znlen-1); ++ *(zn + (znlen-1))='\0'; ++ zone = zn; ++ } ++ for (x = size - 2; x > 0; x--) ++ { ++ if (flag == WI_SPEC) ++ { ++ if (x == (size - 2) && (strncmp (dc_list[x], "@", 1) == 0) && (ttl)) +++ sprintf (tmp, "zoneName=%s + relativeDomainName=%s,", zone, dc_list[x]); ++ else if (x == (size - 2)) +++ sprintf(tmp, "zoneName=%s + relativeDomainName=%s,", zone, dc_list[x]); ++ else ++ sprintf(tmp,"dc=%s,", dc_list[x]); ++ } ++ else ++ { ++ sprintf(tmp, "dc=%s,", dc_list[x]); ++ } ++ ++ ++ strlcat (dn, tmp, sizeof (dn)); ++ } ++ ++ sprintf (tmp, "dc=%s", dc_list[0]); ++ strlcat (dn, tmp, sizeof (dn)); ++ ++ fflush(NULL); ++ return dn; ++} ++ ++ ++/* Initialize LDAP Conn */ ++void ++init_ldap_conn () ++{ ++ int result; ++ char ldb_tag[]="LDAP Bind"; ++ conn = ldap_open (ldapsystem, LDAP_PORT); ++ if (conn == NULL) ++ { ++ fprintf (stderr, "Error opening Ldap connection: %s\n", ++ strerror (errno)); ++ exit (-1); ++ } ++ ++ result = ldap_simple_bind_s (conn, binddn, bindpw); ++ ldap_result_check ("ldap_simple_bind_s", ldb_tag , result); ++} ++ ++/* Like isc_result_check, only for LDAP */ ++void ++ldap_result_check (const char *msg, char *dn, int err) ++{ ++ if ((err != LDAP_SUCCESS) && (err != LDAP_ALREADY_EXISTS)) ++ { ++ fprintf(stderr, "Error while adding %s (%s):\n", ++ dn, msg); ++ ldap_perror (conn, dn); ++ ldap_unbind_s (conn); ++ exit (-1); ++ } ++} ++ ++ ++ ++/* For running the ldap_info run queue. */ ++void ++add_ldap_values (ldap_info * ldinfo) ++{ ++ int result; ++ char dnbuffer[1024]; ++ ++ ++ if (ldapbase != NULL) ++ sprintf (dnbuffer, "%s,%s", ldinfo->dn, ldapbase); ++ else ++ sprintf (dnbuffer, "%s", ldinfo->dn); ++ ++ result = ldap_add_s (conn, dnbuffer, ldinfo->attrs); ++ ldap_result_check ("ldap_add_s", dnbuffer, result); ++} ++ ++ ++ ++ ++/* name says it all */ ++void ++usage () ++{ ++ fprintf (stderr, ++ "zone2ldap -D [BIND DN] [-w BIND PASSWORD | -W:prompt] -b [BASE DN] -z [ZONE] -f [ZONE FILE] -h [LDAP HOST]\n" ++ "\t[-c Create LDAP Base structure][-d Debug Output (lots !)]\n " ++ ); ++} ++ diff --git a/net-dns/bind/files/bind-sdb-ldap-1.1.0-fc14.patch b/net-dns/bind/files/bind-sdb-ldap-1.1.0-fc14.patch deleted file mode 100644 index 737acbc74..000000000 --- a/net-dns/bind/files/bind-sdb-ldap-1.1.0-fc14.patch +++ /dev/null @@ -1,1189 +0,0 @@ -diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in -index efc58bc..5f31c4e 100644 ---- a/bin/named/Makefile.in -+++ b/bin/named/Makefile.in -@@ -34,10 +34,10 @@ top_srcdir = @top_srcdir@ - # - # Add database drivers here. - # --DBDRIVER_OBJS = --DBDRIVER_SRCS = -+DBDRIVER_OBJS = ldapdb.@O@ -+DBDRIVER_SRCS = ldapdb.c - DBDRIVER_INCLUDES = --DBDRIVER_LIBS = -+DBDRIVER_LIBS = -lldap -llber -ldb - - DLZ_DRIVER_DIR = ${top_srcdir}/contrib/dlz/drivers - -diff --git a/bin/named/main.c b/bin/named/main.c -index 4af55bd..99c5948 100644 ---- a/bin/named/main.c -+++ b/bin/named/main.c -@@ -90,6 +90,7 @@ - * Include header files for database drivers here. - */ - /* #include "xxdb.h" */ -+#include "ldapdb.h" - - #ifdef CONTRIB_DLZ - /* -@@ -803,6 +804,8 @@ dump_symboltable(void) { - if (!isc_log_wouldlog(ns_g_lctx, ISC_LOG_DEBUG(99))) - return; - -+ ldapdb_clear(); -+ - isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, - ISC_LOG_DEBUG(99), "Symbol table:"); - -@@ -1084,6 +1087,24 @@ setup(void) { - isc_result_totext(result)); - #endif - -+ result = ldapdb_init(); -+ if (result != ISC_R_SUCCESS) -+ { -+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, -+ ISC_LOG_ERROR, -+ "SDB ldap module initialisation failed: %s.", -+ isc_result_totext(result) -+ ); -+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, -+ ISC_LOG_ERROR, -+ "SDB ldap zone database will be unavailable." -+ ); -+ }else -+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, -+ ISC_LOG_NOTICE, "SDB ldap zone database module loaded." -+ ); -+ -+ - ns_server_create(ns_g_mctx, &ns_g_server); - - #ifdef HAVE_LIBSECCOMP -@@ -1119,6 +1140,8 @@ cleanup(void) { - - dns_name_destroy(); - -+ ldapdb_clear(); -+ - isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, - ISC_LOG_NOTICE, "exiting"); - ns_log_shutdown(); -diff --git a/bin/tools/Makefile.in b/bin/tools/Makefile.in -index 253dd37..0e1581a 100644 ---- a/bin/tools/Makefile.in -+++ b/bin/tools/Makefile.in -@@ -23,33 +23,43 @@ top_srcdir = @top_srcdir@ - CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} ${ISCCFG_INCLUDES} \ - ${LWRES_INCLUDES} ${OMAPI_INCLUDES} - --CDEFINES = -+CDEFINES = -DBIND9 - CWARNINGS = - - DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@ -+ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@ -+ISCCCLIBS = ../../lib/isccc/libisccc.@A@ - ISCLIBS = ../../lib/isc/libisc.@A@ @DNS_CRYPTO_LIBS@ - ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ --ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@ - LWRESLIBS = ../../lib/lwres/liblwres.@A@ -+BIND9LIBS = ../../lib/bind9/libbind9.@A@ - - DNSDEPLIBS = ../../lib/dns/libdns.@A@ -+ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@ -+ISCCCDEPLIBS = ../../lib/isccc/libisccc.@A@ - ISCDEPLIBS = ../../lib/isc/libisc.@A@ --ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@ - LWRESDEPLIBS = ../../lib/lwres/liblwres.@A@ -+BIND9DEPLIBS = ../../lib/bind9/libbind9.@A@ -+DEPLIBS = ${LWRESDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \ -+ ${ISCCFGDEPLIBS} ${ISCCCDEPLIBS} ${ISCDEPLIBS} -+ -+LIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \ -+ ${ISCCFGLIBS} ${ISCCCLIBS} ${ISCLIBS} ${DBDRIVER_LIBS} @LIBS@ -+ - --LIBS = ${ISCLIBS} @LIBS@ - NOSYMLIBS = ${ISCNOSYMLIBS} @LIBS@ - - SUBDIRS = - - TARGETS = arpaname@EXEEXT@ named-journalprint@EXEEXT@ \ - named-rrchecker@EXEEXT@ nsec3hash@EXEEXT@ \ -- genrandom@EXEEXT@ isc-hmac-fixup@EXEEXT@ -+ genrandom@EXEEXT@ isc-hmac-fixup@EXEEXT@ ldap2zone@EXEEXT@ \ -+ zone2ldap@EXEEXT@ - SRCS = arpaname.c named-journalprint.c named-rrchecker.c \ -- nsec3hash.c genrandom.c isc-hmac-fixup.c -+ nsec3hash.c genrandom.c isc-hmac-fixup.c ldap2zone.c zone2ldap.c - - MANPAGES = arpaname.1 named-journalprint.8 named-rrchecker.1 nsec3hash.8 \ -- genrandom.8 isc-hmac-fixup.8 -+ genrandom.8 isc-hmac-fixup.8 ldap2zone.1 zone2ldap.1 - HTMLPAGES = arpaname.html named-journalprint.html named-rrchecker.html \ - nsec3hash.html genrandom.html isc-hmac-fixup.html - MANOBJS = ${MANPAGES} ${HTMLPAGES} -@@ -84,6 +94,12 @@ genrandom@EXEEXT@: genrandom.@O@ - ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} \ - -o $@ genrandom.@O@ @GENRANDOMLIB@ ${LIBS} - -+ldap2zone@EXEEXT@: ldap2zone.@O@ ${DEPLIBS} -+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ ldap2zone.@O@ -lldap -llber ${LIBS} -+ -+zone2ldap@EXEEXT@: zone2ldap.@O@ ${DEPLIBS} -+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ zone2ldap.@O@ -lldap -llber ${LIBS} -+ - doc man:: ${MANOBJS} - - docclean manclean maintainer-clean:: -@@ -107,7 +123,11 @@ install:: ${TARGETS} installdirs - ${DESTDIR}${sbindir} - ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} isc-hmac-fixup@EXEEXT@ \ - ${DESTDIR}${sbindir} -+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zone2ldap@EXEEXT@ ${DESTDIR}${sbindir} -+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} ldap2zone@EXEEXT@ ${DESTDIR}${sbindir} - ${INSTALL_DATA} ${srcdir}/arpaname.1 ${DESTDIR}${mandir}/man1 -+ ${INSTALL_DATA} ${srcdir}/zone2ldap.1 ${DESTDIR}${mandir}/man1 -+ ${INSTALL_DATA} ${srcdir}/ldap2zone.1 ${DESTDIR}${mandir}/man1 - ${INSTALL_DATA} ${srcdir}/isc-hmac-fixup.8 ${DESTDIR}${mandir}/man8 - ${INSTALL_DATA} ${srcdir}/named-journalprint.8 ${DESTDIR}${mandir}/man8 - ${INSTALL_DATA} ${srcdir}/named-rrchecker.1 ${DESTDIR}${mandir}/man1 -diff --git a/contrib/sdb/ldap/ldap2zone.1 b/contrib/sdb/ldap/ldap2zone.1 -new file mode 100644 -index 0000000..a48c69f ---- /dev/null -+++ b/contrib/sdb/ldap/ldap2zone.1 -@@ -0,0 +1,41 @@ -+.\" Copyright (C) 2004, 2005 Stig Venaas -+.\" -+.\" Permission to use, copy, modify, and distribute this software for any -+.\" purpose with or without fee is hereby granted, provided that the above -+.\" copyright notice and this permission notice appear in all copies. -+.\" Manpage written by Jan Gorig -+.TH ldap2zone 1 "15 March 2010" "BIND9" -+.SH NAME -+ldap2zone - Creates zone file from LDAP dnszone information -+.SH SYNOPSIS -+.B ldap2zone zone-name LDAP-URL default-ttl [serial] -+.SH DESCRIPTION -+ldap2zone is a tool that reads info for a zone from LDAP and constructs a standard plain ascii zone file that is written to the standard output. The LDAP information has to be stored using the dnszone schema. The schema is used by BIND with LDAP back-end. -+ -+\fBzone-name\fR -+.RS 4 -+Name of the zone, eg "mydomain.net." -+.RE -+.PP -+\fBLDAP-URL\fR -+.RS 4 -+LDAP URL to dnszone information -+.RE -+.PP -+\fBdefault-ttl\fR -+.RS 4 -+Default TTL value to be used in zone -+.RE -+.PP -+\fBserial\fR -+.RS 4 -+(optional) Program checks this number to be different than SOA serial number. -+.RE -+ -+.SH "EXIT STATUS" -+Exits with 0 on success or 1 on failure. -+.SH "SEE ALSO" -+named(8) ldap(3) -+http://www.venaas.no/dns/ldap2zone/ -+.SH "COPYRIGHT" -+Copyright (C) 2004, 2005 Stig Venaas -diff --git a/contrib/sdb/ldap/ldap2zone.c b/contrib/sdb/ldap/ldap2zone.c -new file mode 100644 -index 0000000..80e7919 ---- /dev/null -+++ b/contrib/sdb/ldap/ldap2zone.c -@@ -0,0 +1,411 @@ -+/* -+ * Copyright (C) 2004, 2005 Stig Venaas -+ * $Id: ldap2zone.c,v 1.1 2007/07/24 15:18:00 atkac Exp $ -+ * -+ * Permission to use, copy, modify, and distribute this software for any -+ * purpose with or without fee is hereby granted, provided that the above -+ * copyright notice and this permission notice appear in all copies. -+ */ -+ -+#define LDAP_DEPRECATED 1 -+ -+#include -+#include -+#include -+#include -+ -+#include -+ -+struct string { -+ void *data; -+ size_t len; -+}; -+ -+struct assstack_entry { -+ struct string key; -+ struct string val; -+ struct assstack_entry *next; -+}; -+ -+struct assstack_entry *assstack_find(struct assstack_entry *stack, struct string *key); -+void assstack_push(struct assstack_entry **stack, struct assstack_entry *item); -+void assstack_insertbottom(struct assstack_entry **stack, struct assstack_entry *item); -+void printsoa(struct string *soa); -+void printrrs(char *defaultttl, struct assstack_entry *item); -+void print_zone(char *defaultttl, struct assstack_entry *stack); -+void usage(char *name); -+void err(char *name, const char *msg); -+int putrr(struct assstack_entry **stack, struct berval *name, char *type, char *ttl, struct berval *val); -+ -+struct assstack_entry *assstack_find(struct assstack_entry *stack, struct string *key) { -+ for (; stack; stack = stack->next) -+ if (stack->key.len == key->len && !memcmp(stack->key.data, key->data, key->len)) -+ return stack; -+ return NULL; -+} -+ -+void assstack_push(struct assstack_entry **stack, struct assstack_entry *item) { -+ item->next = *stack; -+ *stack = item; -+} -+ -+void assstack_insertbottom(struct assstack_entry **stack, struct assstack_entry *item) { -+ struct assstack_entry *p; -+ -+ item->next = NULL; -+ if (!*stack) { -+ *stack = item; -+ return; -+ } -+ /* find end, should keep track of end somewhere */ -+ /* really a queue, not a stack */ -+ p = *stack; -+ while (p->next) -+ p = p->next; -+ p->next = item; -+} -+ -+void printsoa(struct string *soa) { -+ char *s; -+ size_t i; -+ -+ s = (char *)soa->data; -+ i = 0; -+ while (i < soa->len) { -+ putchar(s[i]); -+ if (s[i++] == ' ') -+ break; -+ } -+ while (i < soa->len) { -+ putchar(s[i]); -+ if (s[i++] == ' ') -+ break; -+ } -+ printf("(\n\t\t\t\t"); -+ while (i < soa->len) { -+ putchar(s[i]); -+ if (s[i++] == ' ') -+ break; -+ } -+ printf("; Serialnumber\n\t\t\t\t"); -+ while (i < soa->len) { -+ if (s[i] == ' ') -+ break; -+ putchar(s[i++]); -+ } -+ i++; -+ printf("\t; Refresh\n\t\t\t\t"); -+ while (i < soa->len) { -+ if (s[i] == ' ') -+ break; -+ putchar(s[i++]); -+ } -+ i++; -+ printf("\t; Retry\n\t\t\t\t"); -+ while (i < soa->len) { -+ if (s[i] == ' ') -+ break; -+ putchar(s[i++]); -+ } -+ i++; -+ printf("\t; Expire\n\t\t\t\t"); -+ while (i < soa->len) { -+ putchar(s[i++]); -+ } -+ printf(" )\t; Minimum TTL\n"); -+} -+ -+void printrrs(char *defaultttl, struct assstack_entry *item) { -+ struct assstack_entry *stack; -+ char *s; -+ int first; -+ size_t i; -+ char *ttl, *type; -+ int top; -+ -+ s = (char *)item->key.data; -+ -+ if (item->key.len == 1 && *s == '@') { -+ top = 1; -+ printf("@\t"); -+ } else { -+ top = 0; -+ for (i = 0; i < item->key.len; i++) -+ putchar(s[i]); -+ if (item->key.len < 8) -+ putchar('\t'); -+ putchar('\t'); -+ } -+ -+ first = 1; -+ for (stack = (struct assstack_entry *) item->val.data; stack; stack = stack->next) { -+ ttl = (char *)stack->key.data; -+ s = strchr(ttl, ' '); -+ *s++ = '\0'; -+ type = s; -+ -+ if (first) -+ first = 0; -+ else -+ printf("\t\t"); -+ -+ if (strcmp(defaultttl, ttl)) -+ printf("%s", ttl); -+ putchar('\t'); -+ -+ if (top) { -+ top = 0; -+ printf("IN\t%s\t", type); -+ /* Should always be SOA here */ -+ if (!strcmp(type, "SOA")) { -+ printsoa(&stack->val); -+ continue; -+ } -+ } else -+ printf("%s\t", type); -+ -+ s = (char *)stack->val.data; -+ for (i = 0; i < stack->val.len; i++) -+ putchar(s[i]); -+ putchar('\n'); -+ } -+} -+ -+void print_zone(char *defaultttl, struct assstack_entry *stack) { -+ printf("$TTL %s\n", defaultttl); -+ for (; stack; stack = stack->next) -+ printrrs(defaultttl, stack); -+}; -+ -+void usage(char *name) { -+ fprintf(stderr, "Usage:%s zone-name LDAP-URL default-ttl [serial]\n", name); -+ exit(1); -+}; -+ -+void err(char *name, const char *msg) { -+ fprintf(stderr, "%s: %s\n", name, msg); -+ exit(1); -+}; -+ -+int putrr(struct assstack_entry **stack, struct berval *name, char *type, char *ttl, struct berval *val) { -+ struct string key; -+ struct assstack_entry *rr, *rrdata; -+ -+ /* Do nothing if name or value have 0 length */ -+ if (!name->bv_len || !val->bv_len) -+ return 0; -+ -+ /* see if already have an entry for this name */ -+ key.len = name->bv_len; -+ key.data = name->bv_val; -+ -+ rr = assstack_find(*stack, &key); -+ if (!rr) { -+ /* Not found, create and push new entry */ -+ rr = (struct assstack_entry *) malloc(sizeof(struct assstack_entry)); -+ if (!rr) -+ return -1; -+ rr->key.len = name->bv_len; -+ rr->key.data = (void *) malloc(rr->key.len); -+ if (!rr->key.data) { -+ free(rr); -+ return -1; -+ } -+ memcpy(rr->key.data, name->bv_val, name->bv_len); -+ rr->val.len = sizeof(void *); -+ rr->val.data = NULL; -+ if (name->bv_len == 1 && *(char *)name->bv_val == '@') -+ assstack_push(stack, rr); -+ else -+ assstack_insertbottom(stack, rr); -+ } -+ -+ rrdata = (struct assstack_entry *) malloc(sizeof(struct assstack_entry)); -+ if (!rrdata) { -+ free(rr->key.data); -+ free(rr); -+ return -1; -+ } -+ rrdata->key.len = strlen(type) + strlen(ttl) + 1; -+ rrdata->key.data = (void *) malloc(rrdata->key.len); -+ if (!rrdata->key.data) { -+ free(rrdata); -+ free(rr->key.data); -+ free(rr); -+ return -1; -+ } -+ sprintf((char *)rrdata->key.data, "%s %s", ttl, type); -+ -+ rrdata->val.len = val->bv_len; -+ rrdata->val.data = (void *) malloc(val->bv_len); -+ if (!rrdata->val.data) { -+ free(rrdata->key.data); -+ free(rrdata); -+ free(rr->key.data); -+ free(rr); -+ return -1; -+ } -+ memcpy(rrdata->val.data, val->bv_val, val->bv_len); -+ -+ if (!strcmp(type, "SOA")) -+ assstack_push((struct assstack_entry **) &(rr->val.data), rrdata); -+ else -+ assstack_insertbottom((struct assstack_entry **) &(rr->val.data), rrdata); -+ return 0; -+} -+ -+int main(int argc, char **argv) { -+ char *s, *hostporturl, *base = NULL; -+ char *ttl, *defaultttl; -+ LDAP *ld; -+ char *fltr = NULL; -+ LDAPMessage *res, *e; -+ char *a, **ttlvals, **soavals, *serial; -+ struct berval **vals, **names; -+ char type[64]; -+ BerElement *ptr; -+ int i, j, rc, msgid; -+ struct assstack_entry *zone = NULL; -+ -+ if (argc < 4 || argc > 5) -+ usage(argv[0]); -+ -+ hostporturl = argv[2]; -+ -+ if (hostporturl != strstr( hostporturl, "ldap")) -+ err(argv[0], "Not an LDAP URL"); -+ -+ s = strchr(hostporturl, ':'); -+ -+ if (!s || strlen(s) < 3 || s[1] != '/' || s[2] != '/') -+ err(argv[0], "Not an LDAP URL"); -+ -+ s = strchr(s+3, '/'); -+ if (s) { -+ *s++ = '\0'; -+ base = s; -+ s = strchr(base, '?'); -+ if (s) -+ err(argv[0], "LDAP URL can only contain host, port and base"); -+ } -+ -+ defaultttl = argv[3]; -+ -+ rc = ldap_initialize(&ld, hostporturl); -+ if (rc != LDAP_SUCCESS) -+ err(argv[0], "ldap_initialize() failed"); -+ -+ if (argc == 5) { -+ /* serial number specified, check if different from one in SOA */ -+ fltr = (char *)malloc(strlen(argv[1]) + strlen("(&(relativeDomainName=@)(zoneName=))") + 1); -+ sprintf(fltr, "(&(relativeDomainName=@)(zoneName=%s))", argv[1]); -+ msgid = ldap_search(ld, base, LDAP_SCOPE_SUBTREE, fltr, NULL, 0); -+ if (msgid == -1) -+ err(argv[0], "ldap_search() failed"); -+ -+ while ((rc = ldap_result(ld, msgid, 0, NULL, &res)) != LDAP_RES_SEARCH_RESULT ) { -+ /* not supporting continuation references at present */ -+ if (rc != LDAP_RES_SEARCH_ENTRY) -+ err(argv[0], "ldap_result() returned cont.ref? Exiting"); -+ -+ /* only one entry per result message */ -+ e = ldap_first_entry(ld, res); -+ if (e == NULL) { -+ ldap_msgfree(res); -+ err(argv[0], "ldap_first_entry() failed"); -+ } -+ -+ soavals = ldap_get_values(ld, e, "SOARecord"); -+ if (soavals) -+ break; -+ } -+ -+ ldap_msgfree(res); -+ if (!soavals) { -+ err(argv[0], "No SOA Record found"); -+ } -+ -+ /* We have a SOA, compare serial numbers */ -+ /* Only checkinf first value, should be only one */ -+ s = strchr(soavals[0], ' '); -+ s++; -+ s = strchr(s, ' '); -+ s++; -+ serial = s; -+ s = strchr(s, ' '); -+ *s = '\0'; -+ if (!strcmp(serial, argv[4])) { -+ ldap_value_free(soavals); -+ err(argv[0], "serial numbers match"); -+ } -+ ldap_value_free(soavals); -+ } -+ -+ if (!fltr) -+ fltr = (char *)malloc(strlen(argv[1]) + strlen("(zoneName=)") + 1); -+ if (!fltr) -+ err(argv[0], "Malloc failed"); -+ sprintf(fltr, "(zoneName=%s)", argv[1]); -+ -+ msgid = ldap_search(ld, base, LDAP_SCOPE_SUBTREE, fltr, NULL, 0); -+ if (msgid == -1) -+ err(argv[0], "ldap_search() failed"); -+ -+ while ((rc = ldap_result(ld, msgid, 0, NULL, &res)) != LDAP_RES_SEARCH_RESULT ) { -+ /* not supporting continuation references at present */ -+ if (rc != LDAP_RES_SEARCH_ENTRY) -+ err(argv[0], "ldap_result() returned cont.ref? Exiting"); -+ -+ /* only one entry per result message */ -+ e = ldap_first_entry(ld, res); -+ if (e == NULL) { -+ ldap_msgfree(res); -+ err(argv[0], "ldap_first_entry() failed"); -+ } -+ -+ names = ldap_get_values_len(ld, e, "relativeDomainName"); -+ if (!names) -+ continue; -+ -+ ttlvals = ldap_get_values(ld, e, "dNSTTL"); -+ ttl = ttlvals ? ttlvals[0] : defaultttl; -+ -+ for (a = ldap_first_attribute(ld, e, &ptr); a != NULL; a = ldap_next_attribute(ld, e, ptr)) { -+ char *s; -+ -+ for (s = a; *s; s++) -+ *s = toupper(*s); -+ s = strstr(a, "RECORD"); -+ if ((s == NULL) || (s == a) || (s - a >= (signed int)sizeof(type))) { -+ ldap_memfree(a); -+ continue; -+ } -+ -+ strncpy(type, a, s - a); -+ type[s - a] = '\0'; -+ vals = ldap_get_values_len(ld, e, a); -+ if (vals) { -+ for (i = 0; vals[i]; i++) -+ for (j = 0; names[j]; j++) -+ if (putrr(&zone, names[j], type, ttl, vals[i])) -+ err(argv[0], "malloc failed"); -+ ldap_value_free_len(vals); -+ } -+ ldap_memfree(a); -+ } -+ -+ if (ptr) -+ ber_free(ptr, 0); -+ if (ttlvals) -+ ldap_value_free(ttlvals); -+ ldap_value_free_len(names); -+ /* free this result */ -+ ldap_msgfree(res); -+ } -+ -+ /* free final result */ -+ ldap_msgfree(res); -+ -+ print_zone(defaultttl, zone); -+ return 0; -+} -diff --git a/contrib/sdb/ldap/ldapdb.c b/contrib/sdb/ldap/ldapdb.c -index c43342c..62d3fb4 100644 ---- a/contrib/sdb/ldap/ldapdb.c -+++ b/contrib/sdb/ldap/ldapdb.c -@@ -25,6 +25,7 @@ - /* Using LDAPv3 by default, change this if you want v2 */ - #ifndef LDAPDB_LDAP_VERSION - #define LDAPDB_LDAP_VERSION 3 -+#define LDAP_DEPRECATED 1 - #endif - - #include -diff --git a/contrib/sdb/ldap/zone2ldap.c b/contrib/sdb/ldap/zone2ldap.c -index 6db7f85..4447c8c 100644 ---- a/contrib/sdb/ldap/zone2ldap.c -+++ b/contrib/sdb/ldap/zone2ldap.c -@@ -13,6 +13,8 @@ - * ditched dNSDomain2 schema support. Version 0.3-ALPHA - */ - -+#define LDAP_DEPRECATED 1 -+ - #include - #include - #include -@@ -24,6 +26,7 @@ - #include - #include - #include -+#include - #include - - #include -@@ -59,16 +62,19 @@ typedef struct LDAP_INFO - ldap_info; - - /* usage Info */ --void usage (); -+void usage (void); -+ -+/* Check for existence of (and possibly add) containing dNSZone objects */ -+int lookup_dns_zones( ldap_info *ldinfo); - - /* Add to the ldap dit */ - void add_ldap_values (ldap_info * ldinfo); - - /* Init an ldap connection */ --void init_ldap_conn (); -+void init_ldap_conn (void); - - /* Ldap error checking */ --void ldap_result_check (char *msg, char *dn, int err); -+void ldap_result_check (const char *msg, char *dn, int err); - - /* Put a hostname into a char ** array */ - char **hostname_to_dn_list (char *hostname, char *zone, unsigned int flags); -@@ -77,14 +83,14 @@ char **hostname_to_dn_list (char *hostname, char *zone, unsigned int flags); - int get_attr_list_size (char **tmp); - - /* Get a DN */ --char *build_dn_from_dc_list (char **dc_list, unsigned int ttl, int flag); -+char *build_dn_from_dc_list (char **dc_list, unsigned int ttl, int flag, char *zone); - - /* Add to RR list */ - void add_to_rr_list (char *dn, char *name, char *type, char *data, - unsigned int ttl, unsigned int flags); - - /* Error checking */ --void isc_result_check (isc_result_t res, char *errorstr); -+void isc_result_check (isc_result_t res, const char *errorstr); - - /* Generate LDIF Format files */ - void generate_ldap (dns_name_t * dnsname, dns_rdata_t * rdata, -@@ -93,11 +99,33 @@ void generate_ldap (dns_name_t * dnsname, dns_rdata_t * rdata, - /* head pointer to the list */ - ldap_info *ldap_info_base = NULL; - --char *argzone, *ldapbase, *binddn, *bindpw = NULL; --char *ldapsystem = "localhost"; --static char *objectClasses[] = -- { "top", "dNSZone", NULL }; --static char *topObjectClasses[] = { "top", NULL }; -+ldap_info * -+locate_by_dn (char *dn); -+void -+init_ldap_conn (); -+void usage(); -+ -+static char *argzone, *ldapbase, *binddn, *bindpw = NULL; -+ -+/* these are needed to placate gcc4's const-ness const-ernations : */ -+static char localhost[] = "localhost"; -+static char *ldapsystem=&(localhost[0]); -+/* dnszone schema class names: */ -+static char topClass [] ="top"; -+static char dNSZoneClass[] ="dNSZone"; -+static char objectClass [] ="objectClass"; -+static char dcObjectClass[]="dcObject"; -+/* dnszone schema attribute names: */ -+static char relativeDomainName[]="relativeDomainName"; -+static char dNSTTL []="dNSTTL"; -+static char zoneName []="zoneName"; -+static char dc []="dc"; -+static char sameZone []="@"; -+/* LDAPMod mod_values: */ -+static char *objectClasses []= { &(topClass[0]), &(dNSZoneClass[0]), NULL }; -+static char *topObjectClasses []= { &(topClass[0]), &(dcObjectClass[0]), &(dNSZoneClass[0]), NULL }; -+static char *dn_buffer [64]={NULL}; -+ - LDAP *conn; - unsigned int debug = 0; - -@@ -106,19 +134,19 @@ debug = 1; - #endif - - int --main (int *argc, char **argv) -+main (int argc, char **argv) - { - isc_mem_t *mctx = NULL; - isc_entropy_t *ectx = NULL; - isc_result_t result; - char *basedn; - ldap_info *tmp; -- LDAPMod *base_attrs[2]; -- LDAPMod base; -+ LDAPMod *base_attrs[5]; -+ LDAPMod base, dcBase, znBase, rdnBase; - isc_buffer_t buff; -- char *zonefile; -+ char *zonefile=0L; - char fullbasedn[1024]; -- char *ctmp; -+ char *ctmp, *zn, *dcp[2], *znp[2], *rdn[2]; - dns_fixedname_t fixedzone, fixedname; - dns_rdataset_t rdataset; - char **dc_list; -@@ -131,7 +159,7 @@ main (int *argc, char **argv) - extern char *optarg; - extern int optind, opterr, optopt; - int create_base = 0; -- int topt; -+ int topt, dcn, zdn, znlen; - - if ((int) argc < 2) - { -@@ -139,7 +167,7 @@ main (int *argc, char **argv) - exit (-1); - } - -- while ((topt = getopt ((int) argc, argv, "D:w:b:z:f:h:?dcv")) != -1) -+ while ((topt = getopt ((int) argc, argv, "D:Ww:b:z:f:h:?dcv")) != -1) - { - switch (topt) - { -@@ -158,8 +186,11 @@ main (int *argc, char **argv) - case 'w': - bindpw = strdup (optarg); - break; -+ case 'W': -+ bindpw = getpass("Enter LDAP Password: "); -+ break; - case 'b': -- ldapbase = strdup (optarg); -+ ldapbase = strdup (optarg); - break; - case 'z': - argzone = strdup (optarg); -@@ -271,27 +302,62 @@ main (int *argc, char **argv) - { - if (debug) - printf ("Creating base zone DN %s\n", argzone); -- -+ - dc_list = hostname_to_dn_list (argzone, argzone, DNS_TOP); -- basedn = build_dn_from_dc_list (dc_list, 0, NO_SPEC); - -- for (ctmp = &basedn[strlen (basedn)]; ctmp >= &basedn[0]; ctmp--) -+ basedn = build_dn_from_dc_list (dc_list, 0, NO_SPEC, argzone); -+ if (debug) -+ printf ("base DN %s\n", basedn); -+ -+ for (ctmp = &basedn[strlen (basedn)], dcn=0; ctmp >= &basedn[0]; ctmp--) - { -- if ((*ctmp == ',') || (ctmp == &basedn[0])) -+ if ((*ctmp == ',') || (ctmp == &basedn[0])) - { -+ - base.mod_op = LDAP_MOD_ADD; -- base.mod_type = "objectClass"; -+ base.mod_type = objectClass; - base.mod_values = topObjectClasses; -- base_attrs[0] = &base; -- base_attrs[1] = NULL; -+ base_attrs[0] = (void*)&base; -+ -+ dcBase.mod_op = LDAP_MOD_ADD; -+ dcBase.mod_type = dc; -+ dcp[0]=dc_list[dcn]; -+ dcp[1]=0L; -+ dcBase.mod_values=dcp; -+ base_attrs[1] = (void*)&dcBase; -+ -+ znBase.mod_op = LDAP_MOD_ADD; -+ znBase.mod_type = zoneName; -+ for( zdn = dcn, znlen = 0; zdn >= 0; zdn-- ) -+ znlen += strlen(dc_list[zdn])+1; -+ znp[0] = (char*)malloc(znlen+1); -+ znp[1] = 0L; -+ for( zdn = dcn, zn=znp[0]; zdn >= 0; zdn-- ) -+ zn+=sprintf(zn,"%s%s",dc_list[zdn], -+ ((zdn > 0) && (*(dc_list[zdn-1])!='.')) ? "." : "" -+ ); -+ -+ znBase.mod_values = znp; -+ base_attrs[2] = (void*)&znBase; -+ -+ rdnBase.mod_op = LDAP_MOD_ADD; -+ rdnBase.mod_type = relativeDomainName; -+ rdn[0] = strdup(sameZone); -+ rdn[1] = 0L; -+ rdnBase.mod_values = rdn; -+ base_attrs[3] = (void*)&rdnBase; -+ -+ dcn++; - -+ base.mod_values = topObjectClasses; -+ base_attrs[4] = NULL; -+ - if (ldapbase) - { - if (ctmp != &basedn[0]) - sprintf (fullbasedn, "%s,%s", ctmp + 1, ldapbase); - else -- sprintf (fullbasedn, "%s,%s", ctmp, ldapbase); -- -+ sprintf (fullbasedn, "%s,%s", ctmp, ldapbase); - } - else - { -@@ -300,8 +366,13 @@ main (int *argc, char **argv) - else - sprintf (fullbasedn, "%s", ctmp); - } -+ -+ if( debug ) -+ printf("Full base dn: %s\n", fullbasedn); -+ - result = ldap_add_s (conn, fullbasedn, base_attrs); - ldap_result_check ("intial ldap_add_s", fullbasedn, result); -+ - } - - } -@@ -339,7 +410,7 @@ main (int *argc, char **argv) - * I should probably rename this function, as not to cause any - * confusion with the isc* routines. Will exit on error. */ - void --isc_result_check (isc_result_t res, char *errorstr) -+isc_result_check (isc_result_t res, const char *errorstr) - { - if (res != ISC_R_SUCCESS) - { -@@ -379,14 +450,14 @@ generate_ldap (dns_name_t * dnsname, dns_rdata_t * rdata, unsigned int ttl) - isc_result_check (result, "dns_rdata_totext"); - data[isc_buffer_usedlength (&buff)] = 0; - -- dc_list = hostname_to_dn_list (name, argzone, DNS_OBJECT); -+ dc_list = hostname_to_dn_list ((char*)name, argzone, DNS_OBJECT); - len = (get_attr_list_size (dc_list) - 2); -- dn = build_dn_from_dc_list (dc_list, ttl, WI_SPEC); -+ dn = build_dn_from_dc_list (dc_list, ttl, WI_SPEC, argzone); - - if (debug) - printf ("Adding %s (%s %s) to run queue list.\n", dn, type, data); - -- add_to_rr_list (dn, dc_list[len], type, data, ttl, DNS_OBJECT); -+ add_to_rr_list (dn, dc_list[len], (char*)type, (char*)data, ttl, DNS_OBJECT); - } - - -@@ -426,7 +497,8 @@ add_to_rr_list (char *dn, char *name, char *type, - int attrlist; - char ldap_type_buffer[128]; - char charttl[64]; -- -+ char *zn; -+ int znlen; - - if ((tmp = locate_by_dn (dn)) == NULL) - { -@@ -451,7 +523,7 @@ add_to_rr_list (char *dn, char *name, char *type, - exit (-1); - } - -- for (i = 0; i < flags; i++) -+ for (i = 0; i < (int)flags; i++) - { - tmp->attrs[i] = (LDAPMod *) malloc (sizeof (LDAPMod)); - if (tmp->attrs[i] == (LDAPMod *) NULL) -@@ -461,13 +533,13 @@ add_to_rr_list (char *dn, char *name, char *type, - } - } - tmp->attrs[0]->mod_op = LDAP_MOD_ADD; -- tmp->attrs[0]->mod_type = "objectClass"; -+ tmp->attrs[0]->mod_type = objectClass; - - if (flags == DNS_OBJECT) - tmp->attrs[0]->mod_values = objectClasses; - else - { -- tmp->attrs[0]->mod_values = topObjectClasses; -+ tmp->attrs[0]->mod_values =topObjectClasses; - tmp->attrs[1] = NULL; - tmp->attrcnt = 2; - tmp->next = ldap_info_base; -@@ -476,7 +548,7 @@ add_to_rr_list (char *dn, char *name, char *type, - } - - tmp->attrs[1]->mod_op = LDAP_MOD_ADD; -- tmp->attrs[1]->mod_type = "relativeDomainName"; -+ tmp->attrs[1]->mod_type = relativeDomainName; - tmp->attrs[1]->mod_values = (char **) calloc (sizeof (char *), 2); - - if (tmp->attrs[1]->mod_values == (char **)NULL) -@@ -498,7 +570,7 @@ add_to_rr_list (char *dn, char *name, char *type, - tmp->attrs[2]->mod_values[1] = NULL; - - tmp->attrs[3]->mod_op = LDAP_MOD_ADD; -- tmp->attrs[3]->mod_type = "dNSTTL"; -+ tmp->attrs[3]->mod_type = dNSTTL; - tmp->attrs[3]->mod_values = (char **) calloc (sizeof (char *), 2); - - if (tmp->attrs[3]->mod_values == (char **)NULL) -@@ -508,10 +580,21 @@ add_to_rr_list (char *dn, char *name, char *type, - tmp->attrs[3]->mod_values[0] = strdup (charttl); - tmp->attrs[3]->mod_values[1] = NULL; - -+ znlen=strlen(gbl_zone); -+ if ( *(gbl_zone + (znlen-1)) == '.' ) -+ { /* ldapdb MUST search by relative zone name */ -+ zn = (char*)malloc(znlen); -+ strncpy(zn,gbl_zone,znlen-1); -+ *(zn + (znlen-1))='\0'; -+ }else -+ { -+ zn = gbl_zone; -+ } -+ - tmp->attrs[4]->mod_op = LDAP_MOD_ADD; -- tmp->attrs[4]->mod_type = "zoneName"; -+ tmp->attrs[4]->mod_type = zoneName; - tmp->attrs[4]->mod_values = (char **)calloc(sizeof(char *), 2); -- tmp->attrs[4]->mod_values[0] = gbl_zone; -+ tmp->attrs[4]->mod_values[0] = zn; - tmp->attrs[4]->mod_values[1] = NULL; - - tmp->attrs[5] = NULL; -@@ -522,7 +605,7 @@ add_to_rr_list (char *dn, char *name, char *type, - else - { - -- for (i = 0; tmp->attrs[i] != NULL; i++) -+ for (i = 0; tmp->attrs[i] != NULL; i++) - { - sprintf (ldap_type_buffer, "%sRecord", type); - if (!strncmp -@@ -591,69 +674,105 @@ char ** - hostname_to_dn_list (char *hostname, char *zone, unsigned int flags) - { - char *tmp; -- static char *dn_buffer[64]; - int i = 0; -- char *zname; -- char *hnamebuff; -- -- zname = strdup (hostname); -- -- if (flags == DNS_OBJECT) -- { -- -- if (strlen (zname) != strlen (zone)) -- { -- tmp = &zname[strlen (zname) - strlen (zone)]; -- *--tmp = '\0'; -- hnamebuff = strdup (zname); -- zname = ++tmp; -- } -- else -- hnamebuff = "@"; -- } -- else -- { -- zname = zone; -- hnamebuff = NULL; -- } -- -- for (tmp = strrchr (zname, '.'); tmp != (char *) 0; -- tmp = strrchr (zname, '.')) -- { -- *tmp++ = '\0'; -- dn_buffer[i++] = tmp; -- } -- dn_buffer[i++] = zname; -- dn_buffer[i++] = hnamebuff; -+ char *hname=0L, *last=0L; -+ int hlen=strlen(hostname), zlen=(strlen(zone)); -+ -+/* printf("hostname: %s zone: %s\n",hostname, zone); */ -+ hname=0L; -+ if(flags == DNS_OBJECT) -+ { -+ if( (zone[ zlen - 1 ] == '.') && (hostname[hlen - 1] != '.') ) -+ { -+ hname=(char*)malloc(hlen + 1); -+ hlen += 1; -+ sprintf(hname, "%s.", hostname); -+ hostname = hname; -+ } -+ if(strcmp(hostname, zone) == 0) -+ { -+ if( hname == 0 ) -+ hname=strdup(hostname); -+ last = strdup(sameZone); -+ }else -+ { -+ if( (hlen < zlen) -+ ||( strcmp( hostname + (hlen - zlen), zone ) != 0) -+ ) -+ { -+ if( hname != 0 ) -+ free(hname); -+ hname=(char*)malloc( hlen + zlen + 1); -+ if( *zone == '.' ) -+ sprintf(hname, "%s%s", hostname, zone); -+ else -+ sprintf(hname,"%s",zone); -+ }else -+ { -+ if( hname == 0 ) -+ hname = strdup(hostname); -+ } -+ last = hname; -+ } -+ }else -+ { /* flags == DNS_TOP */ -+ hname = strdup(zone); -+ last = hname; -+ } -+ -+ for (tmp = strrchr (hname, '.'); tmp != (char *) 0; -+ tmp = strrchr (hname, '.')) -+ { -+ if( *( tmp + 1 ) != '\0' ) -+ { -+ *tmp = '\0'; -+ dn_buffer[i++] = ++tmp; -+ }else -+ { /* trailing '.' ! */ -+ dn_buffer[i++] = strdup("."); -+ *tmp = '\0'; -+ if( tmp == hname ) -+ break; -+ } -+ } -+ if( ( last != hname ) && (tmp != hname) ) -+ dn_buffer[i++] = hname; -+ dn_buffer[i++] = last; - dn_buffer[i] = NULL; -- - return dn_buffer; - } - -- - /* build an sdb compatible LDAP DN from a "dc_list" (char **). - * will append dNSTTL information to each RR Record, with the - * exception of "@"/SOA. */ - - char * --build_dn_from_dc_list (char **dc_list, unsigned int ttl, int flag) -+build_dn_from_dc_list (char **dc_list, unsigned int ttl, int flag, char *zone) - { - int size; -- int x; -+ int x, znlen; - static char dn[1024]; - char tmp[128]; -+ char zn[DNS_NAME_MAXTEXT+1]; - - bzero (tmp, sizeof (tmp)); - bzero (dn, sizeof (dn)); - size = get_attr_list_size (dc_list); -+ znlen = strlen(zone); -+ if ( *(zone + (znlen-1)) == '.' ) -+ { /* ldapdb MUST search by relative zone name */ -+ memcpy(&(zn[0]),zone,znlen-1); -+ *(zn + (znlen-1))='\0'; -+ zone = zn; -+ } - for (x = size - 2; x > 0; x--) - { - if (flag == WI_SPEC) - { - if (x == (size - 2) && (strncmp (dc_list[x], "@", 1) == 0) && (ttl)) -- sprintf (tmp, "relativeDomainName=%s + dNSTTL=%d,", dc_list[x], ttl); -+ sprintf (tmp, "zoneName=%s + relativeDomainName=%s,", zone, dc_list[x]); - else if (x == (size - 2)) -- sprintf(tmp, "relativeDomainName=%s,",dc_list[x]); -+ sprintf(tmp, "zoneName=%s + relativeDomainName=%s,", zone, dc_list[x]); - else - sprintf(tmp,"dc=%s,", dc_list[x]); - } -@@ -679,6 +798,7 @@ void - init_ldap_conn () - { - int result; -+ char ldb_tag[]="LDAP Bind"; - conn = ldap_open (ldapsystem, LDAP_PORT); - if (conn == NULL) - { -@@ -688,12 +808,12 @@ init_ldap_conn () - } - - result = ldap_simple_bind_s (conn, binddn, bindpw); -- ldap_result_check ("ldap_simple_bind_s", "LDAP Bind", result); -+ ldap_result_check ("ldap_simple_bind_s", ldb_tag , result); - } - - /* Like isc_result_check, only for LDAP */ - void --ldap_result_check (char *msg, char *dn, int err) -+ldap_result_check (const char *msg, char *dn, int err) - { - if ((err != LDAP_SUCCESS) && (err != LDAP_ALREADY_EXISTS)) - { -@@ -705,8 +825,6 @@ ldap_result_check (char *msg, char *dn, int err) - } - } - -- -- - /* For running the ldap_info run queue. */ - void - add_ldap_values (ldap_info * ldinfo) -@@ -714,14 +832,14 @@ add_ldap_values (ldap_info * ldinfo) - int result; - char dnbuffer[1024]; - -- - if (ldapbase != NULL) - sprintf (dnbuffer, "%s,%s", ldinfo->dn, ldapbase); - else - sprintf (dnbuffer, "%s", ldinfo->dn); - - result = ldap_add_s (conn, dnbuffer, ldinfo->attrs); -- ldap_result_check ("ldap_add_s", dnbuffer, result); -+ ldap_result_check ("ldap_add_s", dnbuffer, result); -+ - } - - -@@ -732,5 +850,8 @@ void - usage () - { - fprintf (stderr, -- "zone2ldap -D [BIND DN] -w [BIND PASSWORD] -b [BASE DN] -z [ZONE] -f [ZONE FILE] -h [LDAP HOST] -- [-c Create LDAP Base structure][-d Debug Output (lots !)] \n ");} -+ "zone2ldap -D [BIND DN] [-w BIND PASSWORD | -W:prompt] -b [BASE DN] -z [ZONE] -f [ZONE FILE] -h [LDAP HOST]\n" -+ "\t[-c Create LDAP Base structure][-d Debug Output (lots !)]\n " -+ ); -+} -+ diff --git a/net-dns/bind/files/named.cache b/net-dns/bind/files/named.cache deleted file mode 100644 index 6c1974129..000000000 --- a/net-dns/bind/files/named.cache +++ /dev/null @@ -1,88 +0,0 @@ -; This file holds the information on root name servers needed to -; initialize cache of Internet domain name servers -; (e.g. reference this file in the "cache . " -; configuration file of BIND domain name servers). -; -; This file is made available by InterNIC -; under anonymous FTP as -; file /domain/named.cache -; on server FTP.INTERNIC.NET -; -OR- RS.INTERNIC.NET -; -; last update: Jan 3, 2013 -; related version of root zone: 2013010300 -; -; formerly NS.INTERNIC.NET -; -. 3600000 IN NS A.ROOT-SERVERS.NET. -A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 -A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30 -; -; FORMERLY NS1.ISI.EDU -; -. 3600000 NS B.ROOT-SERVERS.NET. -B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 -; -; FORMERLY C.PSI.NET -; -. 3600000 NS C.ROOT-SERVERS.NET. -C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 -; -; FORMERLY TERP.UMD.EDU -; -. 3600000 NS D.ROOT-SERVERS.NET. -D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 -D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D -; -; FORMERLY NS.NASA.GOV -; -. 3600000 NS E.ROOT-SERVERS.NET. -E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 -; -; FORMERLY NS.ISC.ORG -; -. 3600000 NS F.ROOT-SERVERS.NET. -F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 -F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F -; -; FORMERLY NS.NIC.DDN.MIL -; -. 3600000 NS G.ROOT-SERVERS.NET. -G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 -; -; FORMERLY AOS.ARL.ARMY.MIL -; -. 3600000 NS H.ROOT-SERVERS.NET. -H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 -H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235 -; -; FORMERLY NIC.NORDU.NET -; -. 3600000 NS I.ROOT-SERVERS.NET. -I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 -I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53 -; -; OPERATED BY VERISIGN, INC. -; -. 3600000 NS J.ROOT-SERVERS.NET. -J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 -J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30 -; -; OPERATED BY RIPE NCC -; -. 3600000 NS K.ROOT-SERVERS.NET. -K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 -K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1 -; -; OPERATED BY ICANN -; -. 3600000 NS L.ROOT-SERVERS.NET. -L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 -L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42 -; -; OPERATED BY WIDE -; -. 3600000 NS M.ROOT-SERVERS.NET. -M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 -M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35 -; End of File diff --git a/net-dns/bind/files/named.cache-r3 b/net-dns/bind/files/named.cache-r3 index 231cb2a16..4fb2143df 100644 --- a/net-dns/bind/files/named.cache-r3 +++ b/net-dns/bind/files/named.cache-r3 @@ -1,92 +1,92 @@ -; This file holds the information on root name servers needed to +; This file holds the information on root name servers needed to ; initialize cache of Internet domain name servers ; (e.g. reference this file in the "cache . " -; configuration file of BIND domain name servers). -; +; configuration file of BIND domain name servers). +; ; This file is made available by InterNIC ; under anonymous FTP as -; file /domain/named.cache +; file /domain/named.cache ; on server FTP.INTERNIC.NET ; -OR- RS.INTERNIC.NET -; -; last update: October 20, 2016 -; related version of root zone: 2016102001 -; -; formerly NS.INTERNIC.NET +; +; last update: November 16, 2017 +; related version of root zone: 2017111601 +; +; FORMERLY NS.INTERNIC.NET ; . 3600000 NS A.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30 -; -; FORMERLY NS1.ISI.EDU +; +; FORMERLY NS1.ISI.EDU ; . 3600000 NS B.ROOT-SERVERS.NET. -B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 -B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:84::b -; -; FORMERLY C.PSI.NET +B.ROOT-SERVERS.NET. 3600000 A 199.9.14.201 +B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:200::b +; +; FORMERLY C.PSI.NET ; . 3600000 NS C.ROOT-SERVERS.NET. C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c -; -; FORMERLY TERP.UMD.EDU +; +; FORMERLY TERP.UMD.EDU ; . 3600000 NS D.ROOT-SERVERS.NET. D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d -; +; ; FORMERLY NS.NASA.GOV ; . 3600000 NS E.ROOT-SERVERS.NET. E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e -; +; ; FORMERLY NS.ISC.ORG ; . 3600000 NS F.ROOT-SERVERS.NET. F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f -; +; ; FORMERLY NS.NIC.DDN.MIL ; . 3600000 NS G.ROOT-SERVERS.NET. G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d -; +; ; FORMERLY AOS.ARL.ARMY.MIL ; . 3600000 NS H.ROOT-SERVERS.NET. H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53 H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53 -; +; ; FORMERLY NIC.NORDU.NET ; . 3600000 NS I.ROOT-SERVERS.NET. I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53 -; +; ; OPERATED BY VERISIGN, INC. ; . 3600000 NS J.ROOT-SERVERS.NET. J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30 -; +; ; OPERATED BY RIPE NCC ; . 3600000 NS K.ROOT-SERVERS.NET. K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1 -; +; ; OPERATED BY ICANN ; . 3600000 NS L.ROOT-SERVERS.NET. L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42 -; +; ; OPERATED BY WIDE ; . 3600000 NS M.ROOT-SERVERS.NET. M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35 -; End of file +; End of file \ No newline at end of file diff --git a/net-dns/bind/files/named.init-r13 b/net-dns/bind/files/named.init-r13 index 752338c43..4240a0917 100644 --- a/net-dns/bind/files/named.init-r13 +++ b/net-dns/bind/files/named.init-r13 @@ -1,7 +1,6 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Id$ extra_commands="checkconfig checkzones" extra_started_commands="reload"