diff --git a/net-dns/bind/Manifest b/net-dns/bind/Manifest new file mode 100644 index 000000000..51ed99214 --- /dev/null +++ b/net-dns/bind/Manifest @@ -0,0 +1,2 @@ +DIST bind-9.10.2-P3.tar.gz 8469831 SHA256 78079a66dda455ffecfe93ef72d1ffc947f17b1c453d55ec06b860b49a5e1d4a SHA512 cf33c3f83ab7c46f5919c16719870310f9e82237df4ed7ba4f7eb76ddae14b9644bd67dbb6c46e75650f59185aee391d3ac6fee45b2edb88473f9dbc578bb016 WHIRLPOOL ff7e1c827bfb62e229b8d93c299ff0647614f8403ba84cd3ebdbcafd51d37fdfcee7afd3feaf73036dfc46904b9b506b1da7c7e8ae73e167fe6f1f0246dc6163 +DIST dyndns-samples.tbz2 22866 SHA256 92fb06a92ca99cbbe96b90bcca229ef9c12397db57ae17e199dad9f1218fdbe8 SHA512 83b0bf99f8e9ff709e8e9336d8c5231b98a4b5f0c60c10792f34931e32cc638d261967dfa5a83151ec3740977d94ddd6e21e9ce91267b3e279b88affdbc18cac WHIRLPOOL 08d4e6a817f1d02597631e18152dbd55ea1bc4c82174be150cc77efc9e1f0f03b6471d1cefbe4229cd3161de752ef232a43ca274a07b78e9c974ceb04cfe99a2 diff --git a/net-dns/bind/bind-9.10.2_p3-r1.ebuild b/net-dns/bind/bind-9.10.2_p3-r1.ebuild new file mode 100644 index 000000000..5163473cf --- /dev/null +++ b/net-dns/bind/bind-9.10.2_p3-r1.ebuild @@ -0,0 +1,406 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/bind-9.10.2_p3.ebuild,v 1.5 2015/08/01 16:29:43 zlogene Exp $ + +# Re dlz/mysql and threads, needs to be verified.. +# MySQL uses thread local storage in its C api. Thus MySQL +# requires that each thread of an application execute a MySQL +# thread initialization to setup the thread local storage. +# This is impossible to do safely while staying within the DLZ +# driver API. This is a limitation caused by MySQL, and not the DLZ API. +# Because of this BIND MUST only run with a single thread when +# using the MySQL driver. + +EAPI="5" + +PYTHON_COMPAT=( python2_7 python3_3 python3_4 ) + +inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd + +MY_PV="${PV/_p/-P}" +MY_PV="${MY_PV/_rc/rc}" +MY_P="${PN}-${MY_PV}" + +SDB_LDAP_VER="1.1.0-fc14" + +RRL_PV="${MY_PV}" + +NSLINT_DIR="contrib/nslint-3.0a2/" + +# SDB-LDAP: http://bind9-ldap.bayour.com/ + +DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server" +HOMEPAGE="http://www.isc.org/software/bind" +SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz + doc? ( mirror://gentoo/dyndns-samples.tbz2 )" +# sdb-ldap? ( +# http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2 +# )" + +LICENSE="GPL-2 ISC BSD BSD-2 HPND JNIC openssl" +SLOT="0" +KEYWORDS="alpha amd64 ~arm ~hppa ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="berkdb +caps dlz doc filter-aaaa fixed-rrset geoip gost gssapi idn ipv6 +json ldap mysql nslint odbc postgres python rpz seccomp selinux ssl static-libs ++threads urandom xml sdb-ldap" +# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687 + +REQUIRED_USE="postgres? ( dlz ) + berkdb? ( dlz ) + mysql? ( dlz !threads ) + odbc? ( dlz ) + ldap? ( dlz ) + gost? ( ssl ) + threads? ( caps ) + sdb-ldap? ( dlz )" + +DEPEND="ssl? ( dev-libs/openssl:0[-bindist] ) + mysql? ( >=virtual/mysql-4.0 ) + odbc? ( >=dev-db/unixODBC-2.2.6 ) + ldap? ( net-nds/openldap ) + idn? ( net-dns/idnkit ) + postgres? ( dev-db/postgresql:= ) + caps? ( >=sys-libs/libcap-2.1.0 ) + xml? ( dev-libs/libxml2 ) + geoip? ( >=dev-libs/geoip-1.4.6 ) + gssapi? ( virtual/krb5 ) + gost? ( >=dev-libs/openssl-1.0.0:0[-bindist] ) + seccomp? ( sys-libs/libseccomp ) + json? ( dev-libs/json-c ) + sdb-ldap? ( net-nds/openldap )" + +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-bind ) + || ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )" + +S="${WORKDIR}/${MY_P}" + +# bug 479092, requires networking +RESTRICT="test" + +pkg_setup() { + ebegin "Creating named group and user" + enewgroup named 40 + enewuser named 40 -1 /etc/bind named + eend ${?} +} + +src_prepare() { + # Adjusting PATHs in manpages + for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do + sed -i \ + -e 's:/etc/named.conf:/etc/bind/named.conf:g' \ + -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \ + -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \ + "${i}" || die "sed failed, ${i} doesn't exist" + done + + if use dlz; then + # sdb-ldap patch as per bug #160567 + # Upstream URL: http://bind9-ldap.bayour.com/ + # New patch take from bug 302735 + if use sdb-ldap; then + epatch "${FILESDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch + cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/ + cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/ + cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/ + fi + fi + + # should be installed by bind-tools + sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die + + # Disable tests for now, bug 406399 + sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die + + if use nslint; then + sed -i -e 's:/etc/named.conf:/etc/bind/named.conf:' ${NSLINT_DIR}/nslint.{c,8} || die + fi + + # bug #220361 + rm aclocal.m4 + rm -rf libtool.m4/ + eautoreconf +} + +src_configure() { + local myconf="" + + if use urandom; then + myconf="${myconf} --with-randomdev=/dev/urandom" + else + myconf="${myconf} --with-randomdev=/dev/random" + fi + + use geoip && myconf="${myconf} --with-geoip" + + # bug #158664 +# gcc-specs-ssp && replace-flags -O[23s] -O + + # To include db.h from proper path + use berkdb && append-flags "-I$(db_includedir)" + + export BUILD_CC=$(tc-getBUILD_CC) + econf \ + --sysconfdir=/etc/bind \ + --localstatedir=/var \ + --with-libtool \ + --enable-full-report \ + $(use_enable threads) \ + $(use_with dlz dlopen) \ + $(use_with dlz dlz-filesystem) \ + $(use_with dlz dlz-stub) \ + $(use_with postgres dlz-postgres) \ + $(use_with mysql dlz-mysql) \ + $(use_with berkdb dlz-bdb) \ + $(use_with ldap dlz-ldap) \ + $(use_with odbc dlz-odbc) \ + $(use_with ssl openssl "${EPREFIX}"/usr) \ + $(use_with ssl ecdsa) \ + $(use_with idn) \ + $(use_enable ipv6) \ + $(use_with xml libxml2) \ + $(use_with gssapi) \ + $(use_enable rpz rpz-nsip) \ + $(use_enable rpz rpz-nsdname) \ + $(use_enable caps linux-caps) \ + $(use_with gost) \ + $(use_enable filter-aaaa) \ + $(use_enable fixed-rrset) \ + $(use_with python) \ + $(use_enable seccomp) \ + $(use_with json libjson) \ + --without-readline \ + ${myconf} + + # $(use_enable static-libs static) \ + + # bug #151839 + echo '#undef SO_BSDCOMPAT' >> config.h + + if use nslint; then + cd $NSLINT_DIR + econf + fi +} + +src_compile() { + emake + + if use nslint; then + emake -C $NSLINT_DIR CCOPT="${CFLAGS}" + fi +} + +src_install() { + emake DESTDIR="${D}" install + + if use nslint; then + cd $NSLINT_DIR + dobin nslint + doman nslint.8 + cd "${S}" + fi + + dodoc CHANGES FAQ README + + if use idn; then + dodoc contrib/idn/README.idnkit + fi + + if use doc; then + dodoc doc/arm/Bv9ARM.pdf + + docinto misc + dodoc doc/misc/* + + # might a 'html' useflag make sense? + docinto html + dohtml -r doc/arm/* + + docinto contrib + dodoc contrib/scripts/{nanny.pl,named-bootconf.sh} + + # some handy-dandy dynamic dns examples + pushd "${D}"/usr/share/doc/${PF} 1>/dev/null + tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die + popd 1>/dev/null + fi + + insinto /etc/bind + newins "${FILESDIR}"/named.conf-r8 named.conf + + # ftp://ftp.rs.internic.net/domain/named.cache: + insinto /var/bind + doins "${FILESDIR}"/named.cache + + insinto /var/bind/pri + newins "${FILESDIR}"/localhost.zone-r3 localhost.zone + + newinitd "${FILESDIR}"/named.init-r13 named + newconfd "${FILESDIR}"/named.confd-r7 named + + if use gost; then + sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die + else + sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die + fi + + newenvd "${FILESDIR}"/10bind.env 10bind + + # Let's get rid of those tools and their manpages since they're provided by bind-tools + rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1* + rm -f "${D}"/usr/share/man/man8/nsupdate.8* + rm -f "${D}"/usr/bin/{dig,host,nslookup,nsupdate} + rm -f "${D}"/usr/sbin/{dig,host,nslookup,nsupdate} + for tool in dsfromkey importkey keyfromlabel keygen \ + revoke settime signzone verify; do + rm -f "${D}"/usr/{,s}bin/dnssec-"${tool}" + rm -f "${D}"/usr/share/man/man8/dnssec-"${tool}".8* + done + + # bug 405251, library archives aren't properly handled by --enable/disable-static + if ! use static-libs; then + find "${D}" -type f -name '*.a' -delete || die + fi + + # bug 405251 + find "${D}" -type f -name '*.la' -delete || die + + if use python; then + install_python_tools() { + dosbin bin/python/dnssec-{checkds,coverage} + } + python_foreach_impl install_python_tools + + python_replicate_script "${D}usr/sbin/dnssec-checkds" + python_replicate_script "${D}usr/sbin/dnssec-coverage" + fi + + # bug 450406 + dosym named.cache /var/bind/root.cache + + dosym /var/bind/pri /etc/bind/pri + dosym /var/bind/sec /etc/bind/sec + dosym /var/bind/dyn /etc/bind/dyn + keepdir /var/bind/{pri,sec,dyn} + + dodir /var/log/named + + fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn} + fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf} + fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf} + fperms 0750 /etc/bind /var/bind/pri + fperms 0770 /var/log/named /var/bind/{,sec,dyn} + + systemd_newunit "${FILESDIR}/named.service-r1" named.service + exeinto /usr/libexec + doexe "${FILESDIR}/generate-rndc-key.sh" +} + +pkg_postinst() { + if [ ! -f '/etc/bind/rndc.key' ]; then + if use urandom; then + einfo "Using /dev/urandom for generating rndc.key" + /usr/sbin/rndc-confgen -r /dev/urandom -a + echo + else + einfo "Using /dev/random for generating rndc.key" + /usr/sbin/rndc-confgen -a + echo + fi + chown root:named /etc/bind/rndc.key + chmod 0640 /etc/bind/rndc.key + fi + + einfo + einfo "You can edit /etc/conf.d/named to customize named settings" + einfo + use mysql || use postgres || use ldap && { + elog "If your named depends on MySQL/PostgreSQL or LDAP," + elog "uncomment the specified rc_named_* lines in your" + elog "/etc/conf.d/named config to ensure they'll start before bind" + einfo + } + einfo "If you'd like to run bind in a chroot AND this is a new" + einfo "install OR your bind doesn't already run in a chroot:" + einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named." + einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`" + einfo + + CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT}) + if [[ -n ${CHROOT} ]]; then + elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" + elog "To enable the old behaviour (without using mount) uncomment the" + elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config." + elog "If you decide to use the new/default method, ensure to make backup" + elog "first and merge your existing configs/zones to /etc/bind and" + elog "/var/bind because bind will now mount the needed directories into" + elog "the chroot dir." + fi +} + +pkg_config() { + CHROOT=$(source /etc/conf.d/named; echo ${CHROOT}) + CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT}) + CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP}) + + if [[ -z "${CHROOT}" ]]; then + eerror "This config script is designed to automate setting up" + eerror "a chrooted bind/named. To do so, please first uncomment" + eerror "and set the CHROOT variable in '/etc/conf.d/named'." + die "Unset CHROOT" + fi + if [[ -d "${CHROOT}" ]]; then + ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" + ewarn "To enable the old behaviour (without using mount) uncomment the" + ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config." + ewarn + ewarn "${CHROOT} already exists... some things might become overridden" + ewarn "press CTRL+C if you don't want to continue" + sleep 10 + fi + + echo; einfo "Setting up the chroot directory..." + + mkdir -m 0750 -p ${CHROOT} + mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} + mkdir -m 0750 -p ${CHROOT}/etc/bind + mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ + # As of bind 9.8.0 + if has_version net-dns/bind[gost]; then + if [ "$(get_libdir)" = "lib64" ]; then + mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines + ln -s lib64 ${CHROOT}/usr/lib + else + mkdir -m 0755 -p ${CHROOT}/usr/lib/engines + fi + fi + chown root:named ${CHROOT} ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ ${CHROOT}/etc/bind + + mknod ${CHROOT}/dev/null c 1 3 + chmod 0666 ${CHROOT}/dev/null + + mknod ${CHROOT}/dev/zero c 1 5 + chmod 0666 ${CHROOT}/dev/zero + + if use urandom; then + mknod ${CHROOT}/dev/urandom c 1 9 + chmod 0666 ${CHROOT}/dev/urandom + else + mknod ${CHROOT}/dev/random c 1 8 + chmod 0666 ${CHROOT}/dev/random + fi + + if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then + cp -a /etc/bind ${CHROOT}/etc/ + cp -a /var/bind ${CHROOT}/var/ + fi + + if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then + mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP + fi + + elog "You may need to add the following line to your syslog-ng.conf:" + elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };" +} diff --git a/net-dns/bind/files/10bind.env b/net-dns/bind/files/10bind.env new file mode 100644 index 000000000..13c7910b2 --- /dev/null +++ b/net-dns/bind/files/10bind.env @@ -0,0 +1 @@ +CONFIG_PROTECT="/var/bind" diff --git a/net-dns/bind/files/bind-sdb-ldap-1.1.0-fc14.patch b/net-dns/bind/files/bind-sdb-ldap-1.1.0-fc14.patch new file mode 100644 index 000000000..737acbc74 --- /dev/null +++ b/net-dns/bind/files/bind-sdb-ldap-1.1.0-fc14.patch @@ -0,0 +1,1189 @@ +diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in +index efc58bc..5f31c4e 100644 +--- a/bin/named/Makefile.in ++++ b/bin/named/Makefile.in +@@ -34,10 +34,10 @@ top_srcdir = @top_srcdir@ + # + # Add database drivers here. + # +-DBDRIVER_OBJS = +-DBDRIVER_SRCS = ++DBDRIVER_OBJS = ldapdb.@O@ ++DBDRIVER_SRCS = ldapdb.c + DBDRIVER_INCLUDES = +-DBDRIVER_LIBS = ++DBDRIVER_LIBS = -lldap -llber -ldb + + DLZ_DRIVER_DIR = ${top_srcdir}/contrib/dlz/drivers + +diff --git a/bin/named/main.c b/bin/named/main.c +index 4af55bd..99c5948 100644 +--- a/bin/named/main.c ++++ b/bin/named/main.c +@@ -90,6 +90,7 @@ + * Include header files for database drivers here. + */ + /* #include "xxdb.h" */ ++#include "ldapdb.h" + + #ifdef CONTRIB_DLZ + /* +@@ -803,6 +804,8 @@ dump_symboltable(void) { + if (!isc_log_wouldlog(ns_g_lctx, ISC_LOG_DEBUG(99))) + return; + ++ ldapdb_clear(); ++ + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, + ISC_LOG_DEBUG(99), "Symbol table:"); + +@@ -1084,6 +1087,24 @@ setup(void) { + isc_result_totext(result)); + #endif + ++ result = ldapdb_init(); ++ if (result != ISC_R_SUCCESS) ++ { ++ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, ++ ISC_LOG_ERROR, ++ "SDB ldap module initialisation failed: %s.", ++ isc_result_totext(result) ++ ); ++ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, ++ ISC_LOG_ERROR, ++ "SDB ldap zone database will be unavailable." ++ ); ++ }else ++ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, ++ ISC_LOG_NOTICE, "SDB ldap zone database module loaded." ++ ); ++ ++ + ns_server_create(ns_g_mctx, &ns_g_server); + + #ifdef HAVE_LIBSECCOMP +@@ -1119,6 +1140,8 @@ cleanup(void) { + + dns_name_destroy(); + ++ ldapdb_clear(); ++ + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, + ISC_LOG_NOTICE, "exiting"); + ns_log_shutdown(); +diff --git a/bin/tools/Makefile.in b/bin/tools/Makefile.in +index 253dd37..0e1581a 100644 +--- a/bin/tools/Makefile.in ++++ b/bin/tools/Makefile.in +@@ -23,33 +23,43 @@ top_srcdir = @top_srcdir@ + CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} ${ISCCFG_INCLUDES} \ + ${LWRES_INCLUDES} ${OMAPI_INCLUDES} + +-CDEFINES = ++CDEFINES = -DBIND9 + CWARNINGS = + + DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@ ++ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@ ++ISCCCLIBS = ../../lib/isccc/libisccc.@A@ + ISCLIBS = ../../lib/isc/libisc.@A@ @DNS_CRYPTO_LIBS@ + ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ +-ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@ + LWRESLIBS = ../../lib/lwres/liblwres.@A@ ++BIND9LIBS = ../../lib/bind9/libbind9.@A@ + + DNSDEPLIBS = ../../lib/dns/libdns.@A@ ++ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@ ++ISCCCDEPLIBS = ../../lib/isccc/libisccc.@A@ + ISCDEPLIBS = ../../lib/isc/libisc.@A@ +-ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@ + LWRESDEPLIBS = ../../lib/lwres/liblwres.@A@ ++BIND9DEPLIBS = ../../lib/bind9/libbind9.@A@ ++DEPLIBS = ${LWRESDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \ ++ ${ISCCFGDEPLIBS} ${ISCCCDEPLIBS} ${ISCDEPLIBS} ++ ++LIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \ ++ ${ISCCFGLIBS} ${ISCCCLIBS} ${ISCLIBS} ${DBDRIVER_LIBS} @LIBS@ ++ + +-LIBS = ${ISCLIBS} @LIBS@ + NOSYMLIBS = ${ISCNOSYMLIBS} @LIBS@ + + SUBDIRS = + + TARGETS = arpaname@EXEEXT@ named-journalprint@EXEEXT@ \ + named-rrchecker@EXEEXT@ nsec3hash@EXEEXT@ \ +- genrandom@EXEEXT@ isc-hmac-fixup@EXEEXT@ ++ genrandom@EXEEXT@ isc-hmac-fixup@EXEEXT@ ldap2zone@EXEEXT@ \ ++ zone2ldap@EXEEXT@ + SRCS = arpaname.c named-journalprint.c named-rrchecker.c \ +- nsec3hash.c genrandom.c isc-hmac-fixup.c ++ nsec3hash.c genrandom.c isc-hmac-fixup.c ldap2zone.c zone2ldap.c + + MANPAGES = arpaname.1 named-journalprint.8 named-rrchecker.1 nsec3hash.8 \ +- genrandom.8 isc-hmac-fixup.8 ++ genrandom.8 isc-hmac-fixup.8 ldap2zone.1 zone2ldap.1 + HTMLPAGES = arpaname.html named-journalprint.html named-rrchecker.html \ + nsec3hash.html genrandom.html isc-hmac-fixup.html + MANOBJS = ${MANPAGES} ${HTMLPAGES} +@@ -84,6 +94,12 @@ genrandom@EXEEXT@: genrandom.@O@ + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} \ + -o $@ genrandom.@O@ @GENRANDOMLIB@ ${LIBS} + ++ldap2zone@EXEEXT@: ldap2zone.@O@ ${DEPLIBS} ++ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ ldap2zone.@O@ -lldap -llber ${LIBS} ++ ++zone2ldap@EXEEXT@: zone2ldap.@O@ ${DEPLIBS} ++ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ zone2ldap.@O@ -lldap -llber ${LIBS} ++ + doc man:: ${MANOBJS} + + docclean manclean maintainer-clean:: +@@ -107,7 +123,11 @@ install:: ${TARGETS} installdirs + ${DESTDIR}${sbindir} + ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} isc-hmac-fixup@EXEEXT@ \ + ${DESTDIR}${sbindir} ++ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zone2ldap@EXEEXT@ ${DESTDIR}${sbindir} ++ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} ldap2zone@EXEEXT@ ${DESTDIR}${sbindir} + ${INSTALL_DATA} ${srcdir}/arpaname.1 ${DESTDIR}${mandir}/man1 ++ ${INSTALL_DATA} ${srcdir}/zone2ldap.1 ${DESTDIR}${mandir}/man1 ++ ${INSTALL_DATA} ${srcdir}/ldap2zone.1 ${DESTDIR}${mandir}/man1 + ${INSTALL_DATA} ${srcdir}/isc-hmac-fixup.8 ${DESTDIR}${mandir}/man8 + ${INSTALL_DATA} ${srcdir}/named-journalprint.8 ${DESTDIR}${mandir}/man8 + ${INSTALL_DATA} ${srcdir}/named-rrchecker.1 ${DESTDIR}${mandir}/man1 +diff --git a/contrib/sdb/ldap/ldap2zone.1 b/contrib/sdb/ldap/ldap2zone.1 +new file mode 100644 +index 0000000..a48c69f +--- /dev/null ++++ b/contrib/sdb/ldap/ldap2zone.1 +@@ -0,0 +1,41 @@ ++.\" Copyright (C) 2004, 2005 Stig Venaas ++.\" ++.\" Permission to use, copy, modify, and distribute this software for any ++.\" purpose with or without fee is hereby granted, provided that the above ++.\" copyright notice and this permission notice appear in all copies. ++.\" Manpage written by Jan Gorig ++.TH ldap2zone 1 "15 March 2010" "BIND9" ++.SH NAME ++ldap2zone - Creates zone file from LDAP dnszone information ++.SH SYNOPSIS ++.B ldap2zone zone-name LDAP-URL default-ttl [serial] ++.SH DESCRIPTION ++ldap2zone is a tool that reads info for a zone from LDAP and constructs a standard plain ascii zone file that is written to the standard output. The LDAP information has to be stored using the dnszone schema. The schema is used by BIND with LDAP back-end. ++ ++\fBzone-name\fR ++.RS 4 ++Name of the zone, eg "mydomain.net." ++.RE ++.PP ++\fBLDAP-URL\fR ++.RS 4 ++LDAP URL to dnszone information ++.RE ++.PP ++\fBdefault-ttl\fR ++.RS 4 ++Default TTL value to be used in zone ++.RE ++.PP ++\fBserial\fR ++.RS 4 ++(optional) Program checks this number to be different than SOA serial number. ++.RE ++ ++.SH "EXIT STATUS" ++Exits with 0 on success or 1 on failure. ++.SH "SEE ALSO" ++named(8) ldap(3) ++http://www.venaas.no/dns/ldap2zone/ ++.SH "COPYRIGHT" ++Copyright (C) 2004, 2005 Stig Venaas +diff --git a/contrib/sdb/ldap/ldap2zone.c b/contrib/sdb/ldap/ldap2zone.c +new file mode 100644 +index 0000000..80e7919 +--- /dev/null ++++ b/contrib/sdb/ldap/ldap2zone.c +@@ -0,0 +1,411 @@ ++/* ++ * Copyright (C) 2004, 2005 Stig Venaas ++ * $Id: ldap2zone.c,v 1.1 2007/07/24 15:18:00 atkac Exp $ ++ * ++ * Permission to use, copy, modify, and distribute this software for any ++ * purpose with or without fee is hereby granted, provided that the above ++ * copyright notice and this permission notice appear in all copies. ++ */ ++ ++#define LDAP_DEPRECATED 1 ++ ++#include ++#include ++#include ++#include ++ ++#include ++ ++struct string { ++ void *data; ++ size_t len; ++}; ++ ++struct assstack_entry { ++ struct string key; ++ struct string val; ++ struct assstack_entry *next; ++}; ++ ++struct assstack_entry *assstack_find(struct assstack_entry *stack, struct string *key); ++void assstack_push(struct assstack_entry **stack, struct assstack_entry *item); ++void assstack_insertbottom(struct assstack_entry **stack, struct assstack_entry *item); ++void printsoa(struct string *soa); ++void printrrs(char *defaultttl, struct assstack_entry *item); ++void print_zone(char *defaultttl, struct assstack_entry *stack); ++void usage(char *name); ++void err(char *name, const char *msg); ++int putrr(struct assstack_entry **stack, struct berval *name, char *type, char *ttl, struct berval *val); ++ ++struct assstack_entry *assstack_find(struct assstack_entry *stack, struct string *key) { ++ for (; stack; stack = stack->next) ++ if (stack->key.len == key->len && !memcmp(stack->key.data, key->data, key->len)) ++ return stack; ++ return NULL; ++} ++ ++void assstack_push(struct assstack_entry **stack, struct assstack_entry *item) { ++ item->next = *stack; ++ *stack = item; ++} ++ ++void assstack_insertbottom(struct assstack_entry **stack, struct assstack_entry *item) { ++ struct assstack_entry *p; ++ ++ item->next = NULL; ++ if (!*stack) { ++ *stack = item; ++ return; ++ } ++ /* find end, should keep track of end somewhere */ ++ /* really a queue, not a stack */ ++ p = *stack; ++ while (p->next) ++ p = p->next; ++ p->next = item; ++} ++ ++void printsoa(struct string *soa) { ++ char *s; ++ size_t i; ++ ++ s = (char *)soa->data; ++ i = 0; ++ while (i < soa->len) { ++ putchar(s[i]); ++ if (s[i++] == ' ') ++ break; ++ } ++ while (i < soa->len) { ++ putchar(s[i]); ++ if (s[i++] == ' ') ++ break; ++ } ++ printf("(\n\t\t\t\t"); ++ while (i < soa->len) { ++ putchar(s[i]); ++ if (s[i++] == ' ') ++ break; ++ } ++ printf("; Serialnumber\n\t\t\t\t"); ++ while (i < soa->len) { ++ if (s[i] == ' ') ++ break; ++ putchar(s[i++]); ++ } ++ i++; ++ printf("\t; Refresh\n\t\t\t\t"); ++ while (i < soa->len) { ++ if (s[i] == ' ') ++ break; ++ putchar(s[i++]); ++ } ++ i++; ++ printf("\t; Retry\n\t\t\t\t"); ++ while (i < soa->len) { ++ if (s[i] == ' ') ++ break; ++ putchar(s[i++]); ++ } ++ i++; ++ printf("\t; Expire\n\t\t\t\t"); ++ while (i < soa->len) { ++ putchar(s[i++]); ++ } ++ printf(" )\t; Minimum TTL\n"); ++} ++ ++void printrrs(char *defaultttl, struct assstack_entry *item) { ++ struct assstack_entry *stack; ++ char *s; ++ int first; ++ size_t i; ++ char *ttl, *type; ++ int top; ++ ++ s = (char *)item->key.data; ++ ++ if (item->key.len == 1 && *s == '@') { ++ top = 1; ++ printf("@\t"); ++ } else { ++ top = 0; ++ for (i = 0; i < item->key.len; i++) ++ putchar(s[i]); ++ if (item->key.len < 8) ++ putchar('\t'); ++ putchar('\t'); ++ } ++ ++ first = 1; ++ for (stack = (struct assstack_entry *) item->val.data; stack; stack = stack->next) { ++ ttl = (char *)stack->key.data; ++ s = strchr(ttl, ' '); ++ *s++ = '\0'; ++ type = s; ++ ++ if (first) ++ first = 0; ++ else ++ printf("\t\t"); ++ ++ if (strcmp(defaultttl, ttl)) ++ printf("%s", ttl); ++ putchar('\t'); ++ ++ if (top) { ++ top = 0; ++ printf("IN\t%s\t", type); ++ /* Should always be SOA here */ ++ if (!strcmp(type, "SOA")) { ++ printsoa(&stack->val); ++ continue; ++ } ++ } else ++ printf("%s\t", type); ++ ++ s = (char *)stack->val.data; ++ for (i = 0; i < stack->val.len; i++) ++ putchar(s[i]); ++ putchar('\n'); ++ } ++} ++ ++void print_zone(char *defaultttl, struct assstack_entry *stack) { ++ printf("$TTL %s\n", defaultttl); ++ for (; stack; stack = stack->next) ++ printrrs(defaultttl, stack); ++}; ++ ++void usage(char *name) { ++ fprintf(stderr, "Usage:%s zone-name LDAP-URL default-ttl [serial]\n", name); ++ exit(1); ++}; ++ ++void err(char *name, const char *msg) { ++ fprintf(stderr, "%s: %s\n", name, msg); ++ exit(1); ++}; ++ ++int putrr(struct assstack_entry **stack, struct berval *name, char *type, char *ttl, struct berval *val) { ++ struct string key; ++ struct assstack_entry *rr, *rrdata; ++ ++ /* Do nothing if name or value have 0 length */ ++ if (!name->bv_len || !val->bv_len) ++ return 0; ++ ++ /* see if already have an entry for this name */ ++ key.len = name->bv_len; ++ key.data = name->bv_val; ++ ++ rr = assstack_find(*stack, &key); ++ if (!rr) { ++ /* Not found, create and push new entry */ ++ rr = (struct assstack_entry *) malloc(sizeof(struct assstack_entry)); ++ if (!rr) ++ return -1; ++ rr->key.len = name->bv_len; ++ rr->key.data = (void *) malloc(rr->key.len); ++ if (!rr->key.data) { ++ free(rr); ++ return -1; ++ } ++ memcpy(rr->key.data, name->bv_val, name->bv_len); ++ rr->val.len = sizeof(void *); ++ rr->val.data = NULL; ++ if (name->bv_len == 1 && *(char *)name->bv_val == '@') ++ assstack_push(stack, rr); ++ else ++ assstack_insertbottom(stack, rr); ++ } ++ ++ rrdata = (struct assstack_entry *) malloc(sizeof(struct assstack_entry)); ++ if (!rrdata) { ++ free(rr->key.data); ++ free(rr); ++ return -1; ++ } ++ rrdata->key.len = strlen(type) + strlen(ttl) + 1; ++ rrdata->key.data = (void *) malloc(rrdata->key.len); ++ if (!rrdata->key.data) { ++ free(rrdata); ++ free(rr->key.data); ++ free(rr); ++ return -1; ++ } ++ sprintf((char *)rrdata->key.data, "%s %s", ttl, type); ++ ++ rrdata->val.len = val->bv_len; ++ rrdata->val.data = (void *) malloc(val->bv_len); ++ if (!rrdata->val.data) { ++ free(rrdata->key.data); ++ free(rrdata); ++ free(rr->key.data); ++ free(rr); ++ return -1; ++ } ++ memcpy(rrdata->val.data, val->bv_val, val->bv_len); ++ ++ if (!strcmp(type, "SOA")) ++ assstack_push((struct assstack_entry **) &(rr->val.data), rrdata); ++ else ++ assstack_insertbottom((struct assstack_entry **) &(rr->val.data), rrdata); ++ return 0; ++} ++ ++int main(int argc, char **argv) { ++ char *s, *hostporturl, *base = NULL; ++ char *ttl, *defaultttl; ++ LDAP *ld; ++ char *fltr = NULL; ++ LDAPMessage *res, *e; ++ char *a, **ttlvals, **soavals, *serial; ++ struct berval **vals, **names; ++ char type[64]; ++ BerElement *ptr; ++ int i, j, rc, msgid; ++ struct assstack_entry *zone = NULL; ++ ++ if (argc < 4 || argc > 5) ++ usage(argv[0]); ++ ++ hostporturl = argv[2]; ++ ++ if (hostporturl != strstr( hostporturl, "ldap")) ++ err(argv[0], "Not an LDAP URL"); ++ ++ s = strchr(hostporturl, ':'); ++ ++ if (!s || strlen(s) < 3 || s[1] != '/' || s[2] != '/') ++ err(argv[0], "Not an LDAP URL"); ++ ++ s = strchr(s+3, '/'); ++ if (s) { ++ *s++ = '\0'; ++ base = s; ++ s = strchr(base, '?'); ++ if (s) ++ err(argv[0], "LDAP URL can only contain host, port and base"); ++ } ++ ++ defaultttl = argv[3]; ++ ++ rc = ldap_initialize(&ld, hostporturl); ++ if (rc != LDAP_SUCCESS) ++ err(argv[0], "ldap_initialize() failed"); ++ ++ if (argc == 5) { ++ /* serial number specified, check if different from one in SOA */ ++ fltr = (char *)malloc(strlen(argv[1]) + strlen("(&(relativeDomainName=@)(zoneName=))") + 1); ++ sprintf(fltr, "(&(relativeDomainName=@)(zoneName=%s))", argv[1]); ++ msgid = ldap_search(ld, base, LDAP_SCOPE_SUBTREE, fltr, NULL, 0); ++ if (msgid == -1) ++ err(argv[0], "ldap_search() failed"); ++ ++ while ((rc = ldap_result(ld, msgid, 0, NULL, &res)) != LDAP_RES_SEARCH_RESULT ) { ++ /* not supporting continuation references at present */ ++ if (rc != LDAP_RES_SEARCH_ENTRY) ++ err(argv[0], "ldap_result() returned cont.ref? Exiting"); ++ ++ /* only one entry per result message */ ++ e = ldap_first_entry(ld, res); ++ if (e == NULL) { ++ ldap_msgfree(res); ++ err(argv[0], "ldap_first_entry() failed"); ++ } ++ ++ soavals = ldap_get_values(ld, e, "SOARecord"); ++ if (soavals) ++ break; ++ } ++ ++ ldap_msgfree(res); ++ if (!soavals) { ++ err(argv[0], "No SOA Record found"); ++ } ++ ++ /* We have a SOA, compare serial numbers */ ++ /* Only checkinf first value, should be only one */ ++ s = strchr(soavals[0], ' '); ++ s++; ++ s = strchr(s, ' '); ++ s++; ++ serial = s; ++ s = strchr(s, ' '); ++ *s = '\0'; ++ if (!strcmp(serial, argv[4])) { ++ ldap_value_free(soavals); ++ err(argv[0], "serial numbers match"); ++ } ++ ldap_value_free(soavals); ++ } ++ ++ if (!fltr) ++ fltr = (char *)malloc(strlen(argv[1]) + strlen("(zoneName=)") + 1); ++ if (!fltr) ++ err(argv[0], "Malloc failed"); ++ sprintf(fltr, "(zoneName=%s)", argv[1]); ++ ++ msgid = ldap_search(ld, base, LDAP_SCOPE_SUBTREE, fltr, NULL, 0); ++ if (msgid == -1) ++ err(argv[0], "ldap_search() failed"); ++ ++ while ((rc = ldap_result(ld, msgid, 0, NULL, &res)) != LDAP_RES_SEARCH_RESULT ) { ++ /* not supporting continuation references at present */ ++ if (rc != LDAP_RES_SEARCH_ENTRY) ++ err(argv[0], "ldap_result() returned cont.ref? Exiting"); ++ ++ /* only one entry per result message */ ++ e = ldap_first_entry(ld, res); ++ if (e == NULL) { ++ ldap_msgfree(res); ++ err(argv[0], "ldap_first_entry() failed"); ++ } ++ ++ names = ldap_get_values_len(ld, e, "relativeDomainName"); ++ if (!names) ++ continue; ++ ++ ttlvals = ldap_get_values(ld, e, "dNSTTL"); ++ ttl = ttlvals ? ttlvals[0] : defaultttl; ++ ++ for (a = ldap_first_attribute(ld, e, &ptr); a != NULL; a = ldap_next_attribute(ld, e, ptr)) { ++ char *s; ++ ++ for (s = a; *s; s++) ++ *s = toupper(*s); ++ s = strstr(a, "RECORD"); ++ if ((s == NULL) || (s == a) || (s - a >= (signed int)sizeof(type))) { ++ ldap_memfree(a); ++ continue; ++ } ++ ++ strncpy(type, a, s - a); ++ type[s - a] = '\0'; ++ vals = ldap_get_values_len(ld, e, a); ++ if (vals) { ++ for (i = 0; vals[i]; i++) ++ for (j = 0; names[j]; j++) ++ if (putrr(&zone, names[j], type, ttl, vals[i])) ++ err(argv[0], "malloc failed"); ++ ldap_value_free_len(vals); ++ } ++ ldap_memfree(a); ++ } ++ ++ if (ptr) ++ ber_free(ptr, 0); ++ if (ttlvals) ++ ldap_value_free(ttlvals); ++ ldap_value_free_len(names); ++ /* free this result */ ++ ldap_msgfree(res); ++ } ++ ++ /* free final result */ ++ ldap_msgfree(res); ++ ++ print_zone(defaultttl, zone); ++ return 0; ++} +diff --git a/contrib/sdb/ldap/ldapdb.c b/contrib/sdb/ldap/ldapdb.c +index c43342c..62d3fb4 100644 +--- a/contrib/sdb/ldap/ldapdb.c ++++ b/contrib/sdb/ldap/ldapdb.c +@@ -25,6 +25,7 @@ + /* Using LDAPv3 by default, change this if you want v2 */ + #ifndef LDAPDB_LDAP_VERSION + #define LDAPDB_LDAP_VERSION 3 ++#define LDAP_DEPRECATED 1 + #endif + + #include +diff --git a/contrib/sdb/ldap/zone2ldap.c b/contrib/sdb/ldap/zone2ldap.c +index 6db7f85..4447c8c 100644 +--- a/contrib/sdb/ldap/zone2ldap.c ++++ b/contrib/sdb/ldap/zone2ldap.c +@@ -13,6 +13,8 @@ + * ditched dNSDomain2 schema support. Version 0.3-ALPHA + */ + ++#define LDAP_DEPRECATED 1 ++ + #include + #include + #include +@@ -24,6 +26,7 @@ + #include + #include + #include ++#include + #include + + #include +@@ -59,16 +62,19 @@ typedef struct LDAP_INFO + ldap_info; + + /* usage Info */ +-void usage (); ++void usage (void); ++ ++/* Check for existence of (and possibly add) containing dNSZone objects */ ++int lookup_dns_zones( ldap_info *ldinfo); + + /* Add to the ldap dit */ + void add_ldap_values (ldap_info * ldinfo); + + /* Init an ldap connection */ +-void init_ldap_conn (); ++void init_ldap_conn (void); + + /* Ldap error checking */ +-void ldap_result_check (char *msg, char *dn, int err); ++void ldap_result_check (const char *msg, char *dn, int err); + + /* Put a hostname into a char ** array */ + char **hostname_to_dn_list (char *hostname, char *zone, unsigned int flags); +@@ -77,14 +83,14 @@ char **hostname_to_dn_list (char *hostname, char *zone, unsigned int flags); + int get_attr_list_size (char **tmp); + + /* Get a DN */ +-char *build_dn_from_dc_list (char **dc_list, unsigned int ttl, int flag); ++char *build_dn_from_dc_list (char **dc_list, unsigned int ttl, int flag, char *zone); + + /* Add to RR list */ + void add_to_rr_list (char *dn, char *name, char *type, char *data, + unsigned int ttl, unsigned int flags); + + /* Error checking */ +-void isc_result_check (isc_result_t res, char *errorstr); ++void isc_result_check (isc_result_t res, const char *errorstr); + + /* Generate LDIF Format files */ + void generate_ldap (dns_name_t * dnsname, dns_rdata_t * rdata, +@@ -93,11 +99,33 @@ void generate_ldap (dns_name_t * dnsname, dns_rdata_t * rdata, + /* head pointer to the list */ + ldap_info *ldap_info_base = NULL; + +-char *argzone, *ldapbase, *binddn, *bindpw = NULL; +-char *ldapsystem = "localhost"; +-static char *objectClasses[] = +- { "top", "dNSZone", NULL }; +-static char *topObjectClasses[] = { "top", NULL }; ++ldap_info * ++locate_by_dn (char *dn); ++void ++init_ldap_conn (); ++void usage(); ++ ++static char *argzone, *ldapbase, *binddn, *bindpw = NULL; ++ ++/* these are needed to placate gcc4's const-ness const-ernations : */ ++static char localhost[] = "localhost"; ++static char *ldapsystem=&(localhost[0]); ++/* dnszone schema class names: */ ++static char topClass [] ="top"; ++static char dNSZoneClass[] ="dNSZone"; ++static char objectClass [] ="objectClass"; ++static char dcObjectClass[]="dcObject"; ++/* dnszone schema attribute names: */ ++static char relativeDomainName[]="relativeDomainName"; ++static char dNSTTL []="dNSTTL"; ++static char zoneName []="zoneName"; ++static char dc []="dc"; ++static char sameZone []="@"; ++/* LDAPMod mod_values: */ ++static char *objectClasses []= { &(topClass[0]), &(dNSZoneClass[0]), NULL }; ++static char *topObjectClasses []= { &(topClass[0]), &(dcObjectClass[0]), &(dNSZoneClass[0]), NULL }; ++static char *dn_buffer [64]={NULL}; ++ + LDAP *conn; + unsigned int debug = 0; + +@@ -106,19 +134,19 @@ debug = 1; + #endif + + int +-main (int *argc, char **argv) ++main (int argc, char **argv) + { + isc_mem_t *mctx = NULL; + isc_entropy_t *ectx = NULL; + isc_result_t result; + char *basedn; + ldap_info *tmp; +- LDAPMod *base_attrs[2]; +- LDAPMod base; ++ LDAPMod *base_attrs[5]; ++ LDAPMod base, dcBase, znBase, rdnBase; + isc_buffer_t buff; +- char *zonefile; ++ char *zonefile=0L; + char fullbasedn[1024]; +- char *ctmp; ++ char *ctmp, *zn, *dcp[2], *znp[2], *rdn[2]; + dns_fixedname_t fixedzone, fixedname; + dns_rdataset_t rdataset; + char **dc_list; +@@ -131,7 +159,7 @@ main (int *argc, char **argv) + extern char *optarg; + extern int optind, opterr, optopt; + int create_base = 0; +- int topt; ++ int topt, dcn, zdn, znlen; + + if ((int) argc < 2) + { +@@ -139,7 +167,7 @@ main (int *argc, char **argv) + exit (-1); + } + +- while ((topt = getopt ((int) argc, argv, "D:w:b:z:f:h:?dcv")) != -1) ++ while ((topt = getopt ((int) argc, argv, "D:Ww:b:z:f:h:?dcv")) != -1) + { + switch (topt) + { +@@ -158,8 +186,11 @@ main (int *argc, char **argv) + case 'w': + bindpw = strdup (optarg); + break; ++ case 'W': ++ bindpw = getpass("Enter LDAP Password: "); ++ break; + case 'b': +- ldapbase = strdup (optarg); ++ ldapbase = strdup (optarg); + break; + case 'z': + argzone = strdup (optarg); +@@ -271,27 +302,62 @@ main (int *argc, char **argv) + { + if (debug) + printf ("Creating base zone DN %s\n", argzone); +- ++ + dc_list = hostname_to_dn_list (argzone, argzone, DNS_TOP); +- basedn = build_dn_from_dc_list (dc_list, 0, NO_SPEC); + +- for (ctmp = &basedn[strlen (basedn)]; ctmp >= &basedn[0]; ctmp--) ++ basedn = build_dn_from_dc_list (dc_list, 0, NO_SPEC, argzone); ++ if (debug) ++ printf ("base DN %s\n", basedn); ++ ++ for (ctmp = &basedn[strlen (basedn)], dcn=0; ctmp >= &basedn[0]; ctmp--) + { +- if ((*ctmp == ',') || (ctmp == &basedn[0])) ++ if ((*ctmp == ',') || (ctmp == &basedn[0])) + { ++ + base.mod_op = LDAP_MOD_ADD; +- base.mod_type = "objectClass"; ++ base.mod_type = objectClass; + base.mod_values = topObjectClasses; +- base_attrs[0] = &base; +- base_attrs[1] = NULL; ++ base_attrs[0] = (void*)&base; ++ ++ dcBase.mod_op = LDAP_MOD_ADD; ++ dcBase.mod_type = dc; ++ dcp[0]=dc_list[dcn]; ++ dcp[1]=0L; ++ dcBase.mod_values=dcp; ++ base_attrs[1] = (void*)&dcBase; ++ ++ znBase.mod_op = LDAP_MOD_ADD; ++ znBase.mod_type = zoneName; ++ for( zdn = dcn, znlen = 0; zdn >= 0; zdn-- ) ++ znlen += strlen(dc_list[zdn])+1; ++ znp[0] = (char*)malloc(znlen+1); ++ znp[1] = 0L; ++ for( zdn = dcn, zn=znp[0]; zdn >= 0; zdn-- ) ++ zn+=sprintf(zn,"%s%s",dc_list[zdn], ++ ((zdn > 0) && (*(dc_list[zdn-1])!='.')) ? "." : "" ++ ); ++ ++ znBase.mod_values = znp; ++ base_attrs[2] = (void*)&znBase; ++ ++ rdnBase.mod_op = LDAP_MOD_ADD; ++ rdnBase.mod_type = relativeDomainName; ++ rdn[0] = strdup(sameZone); ++ rdn[1] = 0L; ++ rdnBase.mod_values = rdn; ++ base_attrs[3] = (void*)&rdnBase; ++ ++ dcn++; + ++ base.mod_values = topObjectClasses; ++ base_attrs[4] = NULL; ++ + if (ldapbase) + { + if (ctmp != &basedn[0]) + sprintf (fullbasedn, "%s,%s", ctmp + 1, ldapbase); + else +- sprintf (fullbasedn, "%s,%s", ctmp, ldapbase); +- ++ sprintf (fullbasedn, "%s,%s", ctmp, ldapbase); + } + else + { +@@ -300,8 +366,13 @@ main (int *argc, char **argv) + else + sprintf (fullbasedn, "%s", ctmp); + } ++ ++ if( debug ) ++ printf("Full base dn: %s\n", fullbasedn); ++ + result = ldap_add_s (conn, fullbasedn, base_attrs); + ldap_result_check ("intial ldap_add_s", fullbasedn, result); ++ + } + + } +@@ -339,7 +410,7 @@ main (int *argc, char **argv) + * I should probably rename this function, as not to cause any + * confusion with the isc* routines. Will exit on error. */ + void +-isc_result_check (isc_result_t res, char *errorstr) ++isc_result_check (isc_result_t res, const char *errorstr) + { + if (res != ISC_R_SUCCESS) + { +@@ -379,14 +450,14 @@ generate_ldap (dns_name_t * dnsname, dns_rdata_t * rdata, unsigned int ttl) + isc_result_check (result, "dns_rdata_totext"); + data[isc_buffer_usedlength (&buff)] = 0; + +- dc_list = hostname_to_dn_list (name, argzone, DNS_OBJECT); ++ dc_list = hostname_to_dn_list ((char*)name, argzone, DNS_OBJECT); + len = (get_attr_list_size (dc_list) - 2); +- dn = build_dn_from_dc_list (dc_list, ttl, WI_SPEC); ++ dn = build_dn_from_dc_list (dc_list, ttl, WI_SPEC, argzone); + + if (debug) + printf ("Adding %s (%s %s) to run queue list.\n", dn, type, data); + +- add_to_rr_list (dn, dc_list[len], type, data, ttl, DNS_OBJECT); ++ add_to_rr_list (dn, dc_list[len], (char*)type, (char*)data, ttl, DNS_OBJECT); + } + + +@@ -426,7 +497,8 @@ add_to_rr_list (char *dn, char *name, char *type, + int attrlist; + char ldap_type_buffer[128]; + char charttl[64]; +- ++ char *zn; ++ int znlen; + + if ((tmp = locate_by_dn (dn)) == NULL) + { +@@ -451,7 +523,7 @@ add_to_rr_list (char *dn, char *name, char *type, + exit (-1); + } + +- for (i = 0; i < flags; i++) ++ for (i = 0; i < (int)flags; i++) + { + tmp->attrs[i] = (LDAPMod *) malloc (sizeof (LDAPMod)); + if (tmp->attrs[i] == (LDAPMod *) NULL) +@@ -461,13 +533,13 @@ add_to_rr_list (char *dn, char *name, char *type, + } + } + tmp->attrs[0]->mod_op = LDAP_MOD_ADD; +- tmp->attrs[0]->mod_type = "objectClass"; ++ tmp->attrs[0]->mod_type = objectClass; + + if (flags == DNS_OBJECT) + tmp->attrs[0]->mod_values = objectClasses; + else + { +- tmp->attrs[0]->mod_values = topObjectClasses; ++ tmp->attrs[0]->mod_values =topObjectClasses; + tmp->attrs[1] = NULL; + tmp->attrcnt = 2; + tmp->next = ldap_info_base; +@@ -476,7 +548,7 @@ add_to_rr_list (char *dn, char *name, char *type, + } + + tmp->attrs[1]->mod_op = LDAP_MOD_ADD; +- tmp->attrs[1]->mod_type = "relativeDomainName"; ++ tmp->attrs[1]->mod_type = relativeDomainName; + tmp->attrs[1]->mod_values = (char **) calloc (sizeof (char *), 2); + + if (tmp->attrs[1]->mod_values == (char **)NULL) +@@ -498,7 +570,7 @@ add_to_rr_list (char *dn, char *name, char *type, + tmp->attrs[2]->mod_values[1] = NULL; + + tmp->attrs[3]->mod_op = LDAP_MOD_ADD; +- tmp->attrs[3]->mod_type = "dNSTTL"; ++ tmp->attrs[3]->mod_type = dNSTTL; + tmp->attrs[3]->mod_values = (char **) calloc (sizeof (char *), 2); + + if (tmp->attrs[3]->mod_values == (char **)NULL) +@@ -508,10 +580,21 @@ add_to_rr_list (char *dn, char *name, char *type, + tmp->attrs[3]->mod_values[0] = strdup (charttl); + tmp->attrs[3]->mod_values[1] = NULL; + ++ znlen=strlen(gbl_zone); ++ if ( *(gbl_zone + (znlen-1)) == '.' ) ++ { /* ldapdb MUST search by relative zone name */ ++ zn = (char*)malloc(znlen); ++ strncpy(zn,gbl_zone,znlen-1); ++ *(zn + (znlen-1))='\0'; ++ }else ++ { ++ zn = gbl_zone; ++ } ++ + tmp->attrs[4]->mod_op = LDAP_MOD_ADD; +- tmp->attrs[4]->mod_type = "zoneName"; ++ tmp->attrs[4]->mod_type = zoneName; + tmp->attrs[4]->mod_values = (char **)calloc(sizeof(char *), 2); +- tmp->attrs[4]->mod_values[0] = gbl_zone; ++ tmp->attrs[4]->mod_values[0] = zn; + tmp->attrs[4]->mod_values[1] = NULL; + + tmp->attrs[5] = NULL; +@@ -522,7 +605,7 @@ add_to_rr_list (char *dn, char *name, char *type, + else + { + +- for (i = 0; tmp->attrs[i] != NULL; i++) ++ for (i = 0; tmp->attrs[i] != NULL; i++) + { + sprintf (ldap_type_buffer, "%sRecord", type); + if (!strncmp +@@ -591,69 +674,105 @@ char ** + hostname_to_dn_list (char *hostname, char *zone, unsigned int flags) + { + char *tmp; +- static char *dn_buffer[64]; + int i = 0; +- char *zname; +- char *hnamebuff; +- +- zname = strdup (hostname); +- +- if (flags == DNS_OBJECT) +- { +- +- if (strlen (zname) != strlen (zone)) +- { +- tmp = &zname[strlen (zname) - strlen (zone)]; +- *--tmp = '\0'; +- hnamebuff = strdup (zname); +- zname = ++tmp; +- } +- else +- hnamebuff = "@"; +- } +- else +- { +- zname = zone; +- hnamebuff = NULL; +- } +- +- for (tmp = strrchr (zname, '.'); tmp != (char *) 0; +- tmp = strrchr (zname, '.')) +- { +- *tmp++ = '\0'; +- dn_buffer[i++] = tmp; +- } +- dn_buffer[i++] = zname; +- dn_buffer[i++] = hnamebuff; ++ char *hname=0L, *last=0L; ++ int hlen=strlen(hostname), zlen=(strlen(zone)); ++ ++/* printf("hostname: %s zone: %s\n",hostname, zone); */ ++ hname=0L; ++ if(flags == DNS_OBJECT) ++ { ++ if( (zone[ zlen - 1 ] == '.') && (hostname[hlen - 1] != '.') ) ++ { ++ hname=(char*)malloc(hlen + 1); ++ hlen += 1; ++ sprintf(hname, "%s.", hostname); ++ hostname = hname; ++ } ++ if(strcmp(hostname, zone) == 0) ++ { ++ if( hname == 0 ) ++ hname=strdup(hostname); ++ last = strdup(sameZone); ++ }else ++ { ++ if( (hlen < zlen) ++ ||( strcmp( hostname + (hlen - zlen), zone ) != 0) ++ ) ++ { ++ if( hname != 0 ) ++ free(hname); ++ hname=(char*)malloc( hlen + zlen + 1); ++ if( *zone == '.' ) ++ sprintf(hname, "%s%s", hostname, zone); ++ else ++ sprintf(hname,"%s",zone); ++ }else ++ { ++ if( hname == 0 ) ++ hname = strdup(hostname); ++ } ++ last = hname; ++ } ++ }else ++ { /* flags == DNS_TOP */ ++ hname = strdup(zone); ++ last = hname; ++ } ++ ++ for (tmp = strrchr (hname, '.'); tmp != (char *) 0; ++ tmp = strrchr (hname, '.')) ++ { ++ if( *( tmp + 1 ) != '\0' ) ++ { ++ *tmp = '\0'; ++ dn_buffer[i++] = ++tmp; ++ }else ++ { /* trailing '.' ! */ ++ dn_buffer[i++] = strdup("."); ++ *tmp = '\0'; ++ if( tmp == hname ) ++ break; ++ } ++ } ++ if( ( last != hname ) && (tmp != hname) ) ++ dn_buffer[i++] = hname; ++ dn_buffer[i++] = last; + dn_buffer[i] = NULL; +- + return dn_buffer; + } + +- + /* build an sdb compatible LDAP DN from a "dc_list" (char **). + * will append dNSTTL information to each RR Record, with the + * exception of "@"/SOA. */ + + char * +-build_dn_from_dc_list (char **dc_list, unsigned int ttl, int flag) ++build_dn_from_dc_list (char **dc_list, unsigned int ttl, int flag, char *zone) + { + int size; +- int x; ++ int x, znlen; + static char dn[1024]; + char tmp[128]; ++ char zn[DNS_NAME_MAXTEXT+1]; + + bzero (tmp, sizeof (tmp)); + bzero (dn, sizeof (dn)); + size = get_attr_list_size (dc_list); ++ znlen = strlen(zone); ++ if ( *(zone + (znlen-1)) == '.' ) ++ { /* ldapdb MUST search by relative zone name */ ++ memcpy(&(zn[0]),zone,znlen-1); ++ *(zn + (znlen-1))='\0'; ++ zone = zn; ++ } + for (x = size - 2; x > 0; x--) + { + if (flag == WI_SPEC) + { + if (x == (size - 2) && (strncmp (dc_list[x], "@", 1) == 0) && (ttl)) +- sprintf (tmp, "relativeDomainName=%s + dNSTTL=%d,", dc_list[x], ttl); ++ sprintf (tmp, "zoneName=%s + relativeDomainName=%s,", zone, dc_list[x]); + else if (x == (size - 2)) +- sprintf(tmp, "relativeDomainName=%s,",dc_list[x]); ++ sprintf(tmp, "zoneName=%s + relativeDomainName=%s,", zone, dc_list[x]); + else + sprintf(tmp,"dc=%s,", dc_list[x]); + } +@@ -679,6 +798,7 @@ void + init_ldap_conn () + { + int result; ++ char ldb_tag[]="LDAP Bind"; + conn = ldap_open (ldapsystem, LDAP_PORT); + if (conn == NULL) + { +@@ -688,12 +808,12 @@ init_ldap_conn () + } + + result = ldap_simple_bind_s (conn, binddn, bindpw); +- ldap_result_check ("ldap_simple_bind_s", "LDAP Bind", result); ++ ldap_result_check ("ldap_simple_bind_s", ldb_tag , result); + } + + /* Like isc_result_check, only for LDAP */ + void +-ldap_result_check (char *msg, char *dn, int err) ++ldap_result_check (const char *msg, char *dn, int err) + { + if ((err != LDAP_SUCCESS) && (err != LDAP_ALREADY_EXISTS)) + { +@@ -705,8 +825,6 @@ ldap_result_check (char *msg, char *dn, int err) + } + } + +- +- + /* For running the ldap_info run queue. */ + void + add_ldap_values (ldap_info * ldinfo) +@@ -714,14 +832,14 @@ add_ldap_values (ldap_info * ldinfo) + int result; + char dnbuffer[1024]; + +- + if (ldapbase != NULL) + sprintf (dnbuffer, "%s,%s", ldinfo->dn, ldapbase); + else + sprintf (dnbuffer, "%s", ldinfo->dn); + + result = ldap_add_s (conn, dnbuffer, ldinfo->attrs); +- ldap_result_check ("ldap_add_s", dnbuffer, result); ++ ldap_result_check ("ldap_add_s", dnbuffer, result); ++ + } + + +@@ -732,5 +850,8 @@ void + usage () + { + fprintf (stderr, +- "zone2ldap -D [BIND DN] -w [BIND PASSWORD] -b [BASE DN] -z [ZONE] -f [ZONE FILE] -h [LDAP HOST] +- [-c Create LDAP Base structure][-d Debug Output (lots !)] \n ");} ++ "zone2ldap -D [BIND DN] [-w BIND PASSWORD | -W:prompt] -b [BASE DN] -z [ZONE] -f [ZONE FILE] -h [LDAP HOST]\n" ++ "\t[-c Create LDAP Base structure][-d Debug Output (lots !)]\n " ++ ); ++} ++ diff --git a/net-dns/bind/files/generate-rndc-key.sh b/net-dns/bind/files/generate-rndc-key.sh new file mode 100755 index 000000000..8314d77cd --- /dev/null +++ b/net-dns/bind/files/generate-rndc-key.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +if [ ! -s /etc/bind/rndc.key ]; then + /usr/sbin/rndc-confgen -a > /dev/null 2>&1 || exit 1 + chmod 640 /etc/bind/rndc.key + chown root.named /etc/bind/rndc.key +fi diff --git a/net-dns/bind/files/localhost.zone-r3 b/net-dns/bind/files/localhost.zone-r3 new file mode 100644 index 000000000..2e7a5912b --- /dev/null +++ b/net-dns/bind/files/localhost.zone-r3 @@ -0,0 +1,11 @@ +$TTL 1W +@ IN SOA localhost. root.localhost. ( + 2008122601 ; Serial + 28800 ; Refresh + 14400 ; Retry + 604800 ; Expire - 1 week + 86400 ) ; Minimum +@ IN NS localhost. +@ IN A 127.0.0.1 + +@ IN AAAA ::1 diff --git a/net-dns/bind/files/named.cache b/net-dns/bind/files/named.cache new file mode 100644 index 000000000..6c1974129 --- /dev/null +++ b/net-dns/bind/files/named.cache @@ -0,0 +1,88 @@ +; This file holds the information on root name servers needed to +; initialize cache of Internet domain name servers +; (e.g. reference this file in the "cache . " +; configuration file of BIND domain name servers). +; +; This file is made available by InterNIC +; under anonymous FTP as +; file /domain/named.cache +; on server FTP.INTERNIC.NET +; -OR- RS.INTERNIC.NET +; +; last update: Jan 3, 2013 +; related version of root zone: 2013010300 +; +; formerly NS.INTERNIC.NET +; +. 3600000 IN NS A.ROOT-SERVERS.NET. +A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 +A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30 +; +; FORMERLY NS1.ISI.EDU +; +. 3600000 NS B.ROOT-SERVERS.NET. +B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 +; +; FORMERLY C.PSI.NET +; +. 3600000 NS C.ROOT-SERVERS.NET. +C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 +; +; FORMERLY TERP.UMD.EDU +; +. 3600000 NS D.ROOT-SERVERS.NET. +D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 +D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D +; +; FORMERLY NS.NASA.GOV +; +. 3600000 NS E.ROOT-SERVERS.NET. +E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 +; +; FORMERLY NS.ISC.ORG +; +. 3600000 NS F.ROOT-SERVERS.NET. +F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 +F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F +; +; FORMERLY NS.NIC.DDN.MIL +; +. 3600000 NS G.ROOT-SERVERS.NET. +G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 +; +; FORMERLY AOS.ARL.ARMY.MIL +; +. 3600000 NS H.ROOT-SERVERS.NET. +H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 +H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235 +; +; FORMERLY NIC.NORDU.NET +; +. 3600000 NS I.ROOT-SERVERS.NET. +I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 +I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53 +; +; OPERATED BY VERISIGN, INC. +; +. 3600000 NS J.ROOT-SERVERS.NET. +J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 +J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30 +; +; OPERATED BY RIPE NCC +; +. 3600000 NS K.ROOT-SERVERS.NET. +K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 +K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1 +; +; OPERATED BY ICANN +; +. 3600000 NS L.ROOT-SERVERS.NET. +L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 +L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42 +; +; OPERATED BY WIDE +; +. 3600000 NS M.ROOT-SERVERS.NET. +M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 +M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35 +; End of File diff --git a/net-dns/bind/files/named.conf-r8 b/net-dns/bind/files/named.conf-r8 new file mode 100644 index 000000000..39f9be267 --- /dev/null +++ b/net-dns/bind/files/named.conf-r8 @@ -0,0 +1,166 @@ +/* + * Refer to the named.conf(5) and named(8) man pages, and the documentation + * in /usr/share/doc/bind-* for more details. + * Online versions of the documentation can be found here: + * https://kb.isc.org/article/AA-01031 + * + * If you are going to set up an authoritative server, make sure you + * understand the hairy details of how DNS works. Even with simple mistakes, + * you can break connectivity for affected parties, or cause huge amounts of + * useless Internet traffic. + */ + +acl "xfer" { + /* Deny transfers by default except for the listed hosts. + * If we have other name servers, place them here. + */ + none; +}; + +/* + * You might put in here some ips which are allowed to use the cache or + * recursive queries + */ +acl "trusted" { + 127.0.0.0/8; + ::1/128; +}; + +options { + directory "/var/bind"; + pid-file "/run/named/named.pid"; + + /* https://www.isc.org/solutions/dlv >=bind-9.7.x only */ + //bindkeys-file "/etc/bind/bind.keys"; + + listen-on-v6 { ::1; }; + listen-on { 127.0.0.1; }; + + allow-query { + /* + * Accept queries from our "trusted" ACL. We will + * allow anyone to query our master zones below. + * This prevents us from becoming a free DNS server + * to the masses. + */ + trusted; + }; + + allow-query-cache { + /* Use the cache for the "trusted" ACL. */ + trusted; + }; + + allow-recursion { + /* Only trusted addresses are allowed to use recursion. */ + trusted; + }; + + allow-transfer { + /* Zone tranfers are denied by default. */ + none; + }; + + allow-update { + /* Don't allow updates, e.g. via nsupdate. */ + none; + }; + + /* + * If you've got a DNS server around at your upstream provider, enter its + * IP address here, and enable the line below. This will make you benefit + * from its cache, thus reduce overall DNS traffic in the Internet. + * + * Uncomment the following lines to turn on DNS forwarding, and change + * and/or update the forwarding ip address(es): + */ +/* + forward first; + forwarders { + // 123.123.123.123; // Your ISP NS + // 124.124.124.124; // Your ISP NS + // 4.2.2.1; // Level3 Public DNS + // 4.2.2.2; // Level3 Public DNS + 8.8.8.8; // Google Open DNS + 8.8.4.4; // Google Open DNS + }; + +*/ + + dnssec-enable yes; + //dnssec-validation yes; + + /* + * As of bind 9.8.0: + * "If the root key provided has expired, + * named will log the expiration and validation will not work." + */ + dnssec-validation auto; + + /* if you have problems and are behind a firewall: */ + //query-source address * port 53; +}; + +/* +logging { + channel default_log { + file "/var/log/named/named.log" versions 5 size 50M; + print-time yes; + print-severity yes; + print-category yes; + }; + + category default { default_log; }; + category general { default_log; }; +}; +*/ + +include "/etc/bind/rndc.key"; +controls { + inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; }; +}; + +zone "." in { + type hint; + file "/var/bind/named.cache"; +}; + +zone "localhost" IN { + type master; + file "pri/localhost.zone"; + notify no; +}; + +/* + * Briefly, a zone which has been declared delegation-only will be effectively + * limited to containing NS RRs for subdomains, but no actual data beyond its + * own apex (for example, its SOA RR and apex NS RRset). This can be used to + * filter out "wildcard" or "synthesized" data from NAT boxes or from + * authoritative name servers whose undelegated (in-zone) data is of no + * interest. + * See http://www.isc.org/software/bind/delegation-only for more info + */ + +//zone "COM" { type delegation-only; }; +//zone "NET" { type delegation-only; }; + +//zone "YOUR-DOMAIN.TLD" { +// type master; +// file "/var/bind/pri/YOUR-DOMAIN.TLD.zone"; +// allow-query { any; }; +// allow-transfer { xfer; }; +//}; + +//zone "YOUR-SLAVE.TLD" { +// type slave; +// file "/var/bind/sec/YOUR-SLAVE.TLD.zone"; +// masters { ; }; + + /* Anybody is allowed to query but transfer should be controlled by the master. */ +// allow-query { any; }; +// allow-transfer { none; }; + + /* The master should be the only one who notifies the slaves, shouldn't it? */ +// allow-notify { ; }; +// notify no; +//}; diff --git a/net-dns/bind/files/named.confd-r7 b/net-dns/bind/files/named.confd-r7 new file mode 100644 index 000000000..477a48061 --- /dev/null +++ b/net-dns/bind/files/named.confd-r7 @@ -0,0 +1,48 @@ +# Set various named options here. +# +#OPTIONS="" + +# Set this to the number of processors you want bind to use. +# Leave this unchanged if you want bind to automatically detect the number +#CPU="1" + +# If you wish to run bind in a chroot: +# 1) un-comment the CHROOT= assignment, below. You may use +# a different chroot directory but MAKE SURE it's empty. +# 2) run: emerge --config = +# +#CHROOT="/chroot/dns" + +# Uncomment to enable binmount of /usr/share/GeoIP +#CHROOT_GEOIP="1" + +# Uncomment the line below to avoid that the init script mounts the needed paths +# into the chroot directory. +# You have to copy all needed config files by hand if you say CHROOT_NOMOUNT="1". +#CHROOT_NOMOUNT="1" + +# Uncomment this option if you have setup your own chroot environment and you +# don't want/need the chroot consistency check +#CHROOT_NOCHECK=1 + +# Default pid file location +PIDFILE="${CHROOT}/run/named/named.pid" + +# Scheduling priority: 19 is the lowest and -20 is the highest. +# Default: 0 +#NAMED_NICELEVEL="0" + +# Uncomment rc_named_use/rc_named_after for the database you need. +# Its necessary to ensure the database backend will be started before named. + +# MySQL +#rc_named_use="mysql" +#rc_named_after="mysql" + +# PostgreSQL +#rc_named_use="pg_autovacuum postgresql" +#rc_named_after="pg_autovacuum postgresql" + +# LDAP +#rc_named_use="ldap" +#rc_named_after="ldap" diff --git a/net-dns/bind/files/named.init-r13 b/net-dns/bind/files/named.init-r13 new file mode 100644 index 000000000..7f4955327 --- /dev/null +++ b/net-dns/bind/files/named.init-r13 @@ -0,0 +1,248 @@ +#!/sbin/runscript +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/files/named.init-r13,v 1.1 2014/01/31 21:24:49 idl0r Exp $ + +extra_commands="checkconfig checkzones" +extra_started_commands="reload" + +depend() { + need net + use logger + provide dns +} + +NAMED_CONF=${CHROOT}/etc/bind/named.conf + +OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0} +MOUNT_CHECK_TIMEOUT=${MOUNT_CHECK_TIMEOUT:-60} + +_mount() { + local from + local to + local opts + local ret=0 + + if [ "${#}" -lt 3 ]; then + eerror "_mount(): to few arguments" + return 1 + fi + + from=$1 + to=$2 + shift 2 + + opts="${*}" + shift $# + + if [ -z "$(awk "\$2 == \"${to}\" { print \$2 }" /proc/mounts)" ]; then + einfo "mounting ${from} to ${to}" + mount ${from} ${to} ${opts} + ret=$? + + eend $ret + return $ret + fi + + return 0 +} + +_umount() { + local dir=$1 + local ret=0 + + if [ -n "$(awk "\$2 == \"${dir}\" { print \$2 }" /proc/mounts)" ]; then + ebegin "umounting ${dir}" + umount ${dir} + ret=$? + + eend $ret + return $ret + fi + + return 0 +} + +_get_pidfile() { + # as suggested in bug #107724, bug 335398#c17 + [ -n "${PIDFILE}" ] || PIDFILE=${CHROOT}$(\ + /usr/sbin/named-checkconf -p ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} | grep 'pid-file' | cut -d\" -f2) + [ -z "${PIDFILE}" ] && PIDFILE=${CHROOT}/run/named/named.pid +} + +check_chroot() { + if [ -n "${CHROOT}" ]; then + [ ! -d "${CHROOT}" ] && return 1 + [ ! -d "${CHROOT}/dev" ] || [ ! -d "${CHROOT}/etc" ] || [ ! -d "${CHROOT}/var" ] && return 1 + [ ! -d "${CHROOT}/run" ] || [ ! -d "${CHROOT}/var/log" ] && return 1 + [ ! -d "${CHROOT}/etc/bind" ] || [ ! -d "${CHROOT}/var/bind" ] && return 1 + [ ! -d "${CHROOT}/var/log/named" ] && return 1 + [ ! -c "${CHROOT}/dev/null" ] || [ ! -c "${CHROOT}/dev/zero" ] && return 1 + [ ! -c "${CHROOT}/dev/random" ] && [ ! -c "${CHROOT}/dev/urandom" ] && return 1 + [ "${CHROOT_GEOIP:-0}" -eq 1 ] && [ ! -d "${CHROOT}/usr/share/GeoIP" ] && return 1 + if [ ${OPENSSL_LIBGOST:-0} -eq 1 ]; then + if [ -d "/usr/lib64" ]; then + [ ! -d "${CHROOT}/usr/lib64/engines" ] && return 1 + elif [ -d "/usr/lib" ]; then + [ ! -d "${CHROOT}/usr/lib/engines" ] && return 1 + fi + fi + fi + + return 0 +} + +checkconfig() { + ebegin "Checking named configuration" + + if [ ! -f "${NAMED_CONF}" ] ; then + eerror "No ${NAMED_CONF} file exists!" + return 1 + fi + + /usr/sbin/named-checkconf ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} || { + eerror "named-checkconf failed! Please fix your config first." + return 1 + } + + eend 0 + return 0 +} + +checkzones() { + ebegin "Checking named configuration and zones" + /usr/sbin/named-checkconf -z -j ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} + eend $? +} + +start() { + local piddir + + ebegin "Starting ${CHROOT:+chrooted }named" + + if [ -n "${CHROOT}" ]; then + if [ ${CHROOT_NOCHECK:-0} -eq 0 ]; then + check_chroot || { + eend 1 + eerror "Your chroot dir ${CHROOT} is inconsistent, please run 'emerge --config net-dns/bind' first" + return 1 + } + fi + + if [ ${OPENSSL_LIBGOST:-0} -eq 1 ]; then + if [ ! -e /usr/lib/engines/libgost.so ]; then + eend 1 + eerror "Couldn't find /usr/lib/engines/libgost.so but bind has been built with openssl and libgost support" + return 1 + fi + cp -Lp /usr/lib/engines/libgost.so "${CHROOT}/usr/lib/engines/libgost.so" || { + eend 1 + eerror "Couldn't copy /usr/lib/engines/libgost.so into '${CHROOT}/usr/lib/engines/'" + return 1 + } + fi + cp -Lp /etc/localtime "${CHROOT}/etc/localtime" + + if [ "${CHROOT_NOMOUNT:-0}" -eq 0 ]; then + einfo "Mounting chroot dirs" + _mount /etc/bind ${CHROOT}/etc/bind -o bind + _mount /var/bind ${CHROOT}/var/bind -o bind + _mount /var/log/named ${CHROOT}/var/log/named -o bind + if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then + _mount /usr/share/GeoIP ${CHROOT}/usr/share/GeoIP -o bind + fi + fi + fi + + checkconfig || { eend 1; return 1; } + + # create piddir (usually /run/named) if necessary, bug 334535 + _get_pidfile + piddir="${PIDFILE%/*}" + checkpath -q -d -o root:named -m 0770 "${piddir}" || { + eend 1 + return 1 + } + + # In case someone have $CPU set in /etc/conf.d/named + if [ -n "${CPU}" ] && [ "${CPU}" -gt 0 ]; then + CPU="-n ${CPU}" + fi + + start-stop-daemon --start --pidfile ${PIDFILE} \ + --nicelevel ${NAMED_NICELEVEL:-0} \ + --exec /usr/sbin/named \ + -- -u named ${CPU} ${OPTIONS} ${CHROOT:+-t} ${CHROOT} + eend $? +} + +stop() { + local reported=0 + + ebegin "Stopping ${CHROOT:+chrooted }named" + + # Workaround for now, until openrc's restart has been fixed. + # openrc doesn't care about a restart() function in init scripts. + if [ "${RC_CMD}" = "restart" ]; then + if [ -n "${CHROOT}" -a ${CHROOT_NOCHECK:-0} -eq 0 ]; then + check_chroot || { + eend 1 + eerror "Your chroot dir ${CHROOT} is inconsistent, please run 'emerge --config net-dns/bind' first" + return 1 + } + fi + + checkconfig || { eend 1; return 1; } + fi + + # -R 10, bug 335398 + _get_pidfile + start-stop-daemon --stop --retry 10 --pidfile $PIDFILE \ + --exec /usr/sbin/named + + if [ -n "${CHROOT}" ] && [ "${CHROOT_NOMOUNT:-0}" -eq 0 ]; then + ebegin "Umounting chroot dirs" + + # just to be sure everything gets clean + while fuser -s ${CHROOT} 2>/dev/null; do + if [ "${reported}" -eq 0 ]; then + einfo "Waiting until all named processes are stopped (max. ${MOUNT_CHECK_TIMEOUT} seconds)" + elif [ "${reported}" -eq "${MOUNT_CHECK_TIMEOUT}" ]; then + eerror "Waiting until all named processes are stopped failed!" + eend 1 + break + fi + sleep 1 + reported=$((reported+1)) + done + + [ "${CHROOT_GEOIP:-0}" -eq 1 ] && _umount ${CHROOT}/usr/share/GeoIP + _umount ${CHROOT}/etc/bind + _umount ${CHROOT}/var/log/named + _umount ${CHROOT}/var/bind + fi + + eend $? +} + +reload() { + local ret + + ebegin "Reloading named.conf and zone files" + + checkconfig || { eend 1; return 1; } + + _get_pidfile + if [ -n "${PIDFILE}" ]; then + start-stop-daemon --pidfile $PIDFILE --signal HUP + ret=$? + else + ewarn "Unable to determine the pidfile... this is" + ewarn "a fallback mode. Please check your installation!" + + $RC_SERVICE restart + ret=$? + fi + + eend $ret +} diff --git a/net-dns/bind/files/named.service-r1 b/net-dns/bind/files/named.service-r1 new file mode 100644 index 000000000..65fbdb941 --- /dev/null +++ b/net-dns/bind/files/named.service-r1 @@ -0,0 +1,13 @@ +[Unit] +Description=Internet domain name server +After=network.target + +[Service] +ExecStartPre=/usr/libexec/generate-rndc-key.sh +ExecStartPre=/usr/sbin/named-checkconf -z /etc/bind/named.conf +ExecStart=/usr/sbin/named -f -u named +ExecReload=/usr/sbin/rndc reload +ExecStop=/usr/sbin/rndc stop + +[Install] +WantedBy=multi-user.target diff --git a/net-dns/bind/metadata.xml b/net-dns/bind/metadata.xml new file mode 100644 index 000000000..9133cc107 --- /dev/null +++ b/net-dns/bind/metadata.xml @@ -0,0 +1,21 @@ + + + + + idl0r@gentoo.org + Christian Ruppert + + ISC's bind dns server, used the world 'round. + + Enables dynamic loaded zones, 3rd party extension + Enable filtering of AAAA records over IPv4 + Enables fixed rrset-order option + Enables gost OpenSSL engine support + Enable gssapi support + Enable JSON statistics channel + Build and install the nslint util + Enable response policy rewriting (rpz) + Use /dev/urandom instead of /dev/random + LDAP sdb back-end + + diff --git a/profiles/use.local.desc b/profiles/use.local.desc index 5ca1e95d9..613ca4f9b 100644 --- a/profiles/use.local.desc +++ b/profiles/use.local.desc @@ -42,3 +42,4 @@ x11-themes/calculate-icon-theme:themes_CLD - Uses CLD icon themes x11-themes/calculate-icon-theme:themes_CLDG - Uses CLDG icon themes x11-themes/calculate-icon-theme:themes_CLDX - Uses CLDX icon themes x11-themes/calculate-icon-theme:themes_CLS - Uses CLS icon themes +net-dns/bind:sdb-ldap - LDAP sdb back-end diff --git a/sys-apps/calculate-server/calculate-server-2.1.16-r20.ebuild b/sys-apps/calculate-server/calculate-server-2.1.16-r20.ebuild new file mode 100644 index 000000000..22490b95a --- /dev/null +++ b/sys-apps/calculate-server/calculate-server-2.1.16-r20.ebuild @@ -0,0 +1,236 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +EAPI="5" +PYTHON_COMPAT=(python{2_6,2_7}) + +inherit distutils-r1 eutils + +SRC_URI="ftp://ftp.calculate.ru/pub/calculate/calculate2/${PN}/${P}.tar.bz2 + http://mirror.yandex.ru/calculate/calculate2/${PN}/${P}.tar.bz2" + +DESCRIPTION="Configuration utility for Linux services" +HOMEPAGE="http://www.calculate-linux.org/main/en/calculate2" +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="amd64 x86" + +IUSE="calculate_nomail +calculate_nodhcp +calculate_noftp +calculate_nojabber +calculate_nonamed +calculate_nosamba +calculate_noproxy" + +DEPEND="=sys-apps/calculate-lib-2.1.11-r4 + >=net-nds/openldap-2.3[-minimal] + >=sys-auth/pam_ldap-180[ssl] + >=sys-auth/nss_ldap-239 + !calculate_nosamba? ( + >=net-fs/samba-3.4.6[acl,client,cups,ldap,netapi,pam,server,smbclient] + =net-mail/dovecot-1.2.0[ldap,pam,ssl] + ) + >=mail-filter/procmail-3.22 + dev-python/pymilter + >=mail-mta/postfix-2.2[ldap,pam,ssl,sasl,dovecot-sasl] + ) + !calculate_noftp? ( + || ( =net-ftp/proftpd-1.3.3[-acl,ident,ldap,ncurses,nls,pam,ssl,tcpd] + ) + ) + !calculate_nojabber? ( + >=net-im/ejabberd-2.1.8[mod_pubsub] + >=media-gfx/imagemagick-6.6 + ) + !calculate_nonamed? ( >=net-dns/bind-9.6.1_p1[sdb-ldap] ) + !calculate_noproxy? ( >=net-proxy/squid-3.0.14[ldap,pam,ssl] ) + !calculate_nodhcp? ( >=net-misc/dhcp-3.1.2_p1 )" + +RDEPEND="${DEPEND}" + +src_unpack() { + unpack "${A}" + cd "${S}" + + # ftp .Trash-uid + epatch "${FILESDIR}/calculate-server-2.1.16-ftp_trash.patch" + + # fix check ip + epatch "${FILESDIR}/calculate-server-2.1.16-fix_ip_check.patch" + + # fix get ip + epatch "${FILESDIR}/calculate-server-2.1.16-fix_get_ip.patch" + + # add win7 profile dir + epatch "${FILESDIR}/calculate-server-2.1.16-win7_profile.patch" + + # fix work with calculate.env + epatch "${FILESDIR}/calculate-server-2.1.16-fix_inienv.patch" + + # fix jabber tls + epatch "${FILESDIR}/calculate-server-2.1.16-jabber_tls.patch" + + # fix empty ip + epatch "${FILESDIR}/calculate-server-2.1.16-fix_empty_ip.patch" + + # add smtp auth + epatch "${FILESDIR}/calculate-server-2.1.16-smtp_auth.patch" + + # add samba options for remote work distfiles + epatch "${FILESDIR}/calculate-server-2.1.16-distfiles.patch" + + # support squid 3.2 + epatch "${FILESDIR}/calculate-server-2.1.16-fix_proxy.patch" + + # fix sasl config + epatch "${FILESDIR}/calculate-server-2.1.16-fix_sasl_config.patch" + + # fix repl cron script + epatch "${FILESDIR}/calculate-server-2.1.16-fix_replcron.patch" + + # fix mac address + epatch "${FILESDIR}/calculate-server-2.1.16-mac_lower.patch" + + # fix dovecot conf + epatch "${FILESDIR}/calculate-server-2.1.16-fix_dovecot.patch" + + # nt acl support off for share + epatch "${FILESDIR}/calculate-server-2.1.16-nt_acl.patch" + + # discard obsolete squid option + epatch "${FILESDIR}/calculate-server-2.1.16-fix_proxy2.patch" + + # add ipv4 squid option + epatch "${FILESDIR}/calculate-server-2.1.16-squid_ipv4.patch" +} + +pkg_postinst() { + if [ -d /var/calculate/server-data/mail/imap ] || \ + [ -d /var/calculate/server-data/samba/win/profiles ] || \ + [ -d /var/calculate/server-data/samba/unix/profiles ] || \ + [ -d /var/calculate/server-data/samba/win/netlogon ]; + then + ewarn "Data found in directories of previous version calculate-server" + fi + + if [ -d /var/calculate/server-data/mail/imap ]; + then + if ! [ -d /var/calculate/server-data/mail~ ]; + then + if mv /var/calculate/server-data/mail/imap \ + /var/calculate/server-data/mail~ && \ + rmdir /var/calculate/server-data/mail && \ + mv /var/calculate/server-data/mail~ \ + /var/calculate/server-data/mail; + then + ewarn + ewarn "Data from /var/calculate/server-data/mail/imap" + ewarn "was moved to /var/calculate/server-data/mail" + MAILUPDATE="TRUE" + fi + fi + if ! [ "${MAILUPDATE}" == "TRUE" ]; + then + eerror "Cannot move /var/calculate/server-data/mail/imap" + eerror "Please manualy move /var/calculate/server-data/mail/imap" + eerror "to /var/calculate/server-data/mail" + fi + fi + + if [ -d /var/calculate/server-data/samba/win/profiles ]; + then + SAMBAUPDATE="" + if ! [ -d /var/calculate/server-data/samba/profiles/win ]; + then + if mkdir -p /var/calculate/server-data/samba/profiles && \ + mv /var/calculate/server-data/samba/win/profiles \ + /var/calculate/server-data/samba/profiles/win; + then + ewarn + ewarn "Data from /var/calculate/server-data/samba/win/profiles" + ewarn "was moved to /var/calculate/server-data/samba/profiles/win" + SAMBAUPDATE="TRUE" + fi + fi + if ! [ "${SAMBAUPDATE}" == "TRUE" ]; + then + eerror "Cannot move /var/calculate/server-data/samba/win/profiles" + eerror "Please manualy move " + eerror "/var/calculate/server-data/samba/win/profiles" + eerror "to /var/calculate/server-data/samba/profiles/win" + fi + fi + + if [ -d /var/calculate/server-data/samba/unix/profiles ]; \ + then + SAMBAUPDATE="" + if ! [ -d /var/calculate/server-data/samba/profiles/unix ]; + then + if mkdir -p /var/calculate/server-data/samba/profiles && \ + mv -f /var/calculate/server-data/samba/unix/profiles \ + /var/calculate/server-data/samba/profiles/unix; + then + rmdir /var/calculate/server-data/samba/unix + ewarn + ewarn "Data from /var/calculate/server-data/samba/unix/profiles" + ewarn "was moved to /var/calculate/server-data/samba/profiles/unix" + SAMBAUPDATE="TRUE" + fi + fi + if ! [ "${SAMBAUPDATE}" == "TRUE" ]; + then + eerror "Cannot move /var/calculate/server-data/samba/unix/profiles" + eerror "Please manualy move " + eerror "/var/calculate/server-data/samba/unix/profiles" + eerror "to /var/calculate/server-data/samba/profiles/unix" + fi + fi + + if [ -d /var/calculate/server-data/samba/win/netlogon ]; + then + SAMBAUPDATE="" + if ! [ -d /var/calculate/server-data/samba/netlogon ]; + then + if mv -f /var/calculate/server-data/samba/win/netlogon \ + /var/calculate/server-data/samba/netlogon; + then + rmdir /var/calculate/server-data/samba/win + ewarn + ewarn "Data form /var/calculate/server-data/samba/win/netlogon" + ewarn "was moved to /var/calculate/server-data/samba/netlogon" + SAMBAUPDATE="TRUE" + fi + fi + if ! [ "${SAMBAUPDATE}" == "TRUE" ]; + then + eerror "Cannot move /var/calculate/server-data/samba/win/netlogon" + eerror "Please manualy move " + eerror "/var/calculate/server-data/samba/win/netlogon" + eerror "/var/calculate/server-data/samba/netlogon" + fi + fi + + if [ "${MAILUPDATE}" == "TRUE" ]; + then + ewarn + ewarn "Please update mail service by the command:" + ewarn "\tcl-update mail" + fi + if [ "${SAMBAUPDATE}" == "TRUE" ]; + then + ewarn + ewarn "Please update samba service by the command:" + ewarn "\tcl-update samba" + fi + + ewarn + ewarn "WARNING!!! If you have the samba service, then update it by the command:" + ewarn "\tcl-update samba" +} diff --git a/sys-apps/calculate-utils/calculate-utils-2.2.32-r28.ebuild b/sys-apps/calculate-utils/calculate-utils-2.2.32-r28.ebuild new file mode 100644 index 000000000..be5a66d67 --- /dev/null +++ b/sys-apps/calculate-utils/calculate-utils-2.2.32-r28.ebuild @@ -0,0 +1,30 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +EAPI=3 + +DESCRIPTION="Calculate Utilities meta package" +HOMEPAGE="http://www.calculate-linux.org/main/en/calculate2" +SRC_URI="" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="amd64 x86" +IUSE=" +cl_assemble +cl_builder +cl_server +" + +RDEPEND="${RDEPEND} + !sys-apps/calculate-templates + !