diff --git a/.bind-dyndb-ldap.metadata b/.bind-dyndb-ldap.metadata index 8e1cfd5..7f14f8d 100644 --- a/.bind-dyndb-ldap.metadata +++ b/.bind-dyndb-ldap.metadata @@ -1 +1 @@ -c9c72fbc4a1b21f6571725d7bb83b4f661e70589 SOURCES/bind-dyndb-ldap-10.0.tar.bz2 +282bf80634784e70a42c9cef050cbf74cdd5be0d SOURCES/bind-dyndb-ldap-11.1.tar.bz2 diff --git a/.gitignore b/.gitignore index ff654dd..b51fbbe 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/bind-dyndb-ldap-10.0.tar.bz2 +SOURCES/bind-dyndb-ldap-11.1.tar.bz2 diff --git a/SOURCES/bind-dyndb-ldap-10.0.tar.bz2.asc b/SOURCES/bind-dyndb-ldap-10.0.tar.bz2.asc deleted file mode 100644 index 167c2f2..0000000 --- a/SOURCES/bind-dyndb-ldap-10.0.tar.bz2.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2 - -iQIcBAABCgAGBQJXaRjuAAoJEBBYfogcsrtxlwcP/1EopBHTVqhrr0p4J+WisBKQ -VvkgmDA6umY5DCOJyj1B2jlRg+ndcwGKh8zjDS+6YJJ5uBRQsFFPo6Tihtcn7GF0 -DtQTFo9XgAmbPBdlFeT8iQn72n9LhemVzV9OeMaJp9Q+B/fqL9dhx9db5jEP8Mx8 -Hz3ZyOrzfU11ms6PnrHwVQwhSkF7UAVKEOK9BxhfUZfrfA5uub/ZN6aO1WuyZd/M -EBYU+6UgWUoTVexRu1QvaZ8dCd8es8Tn/Woj5rMfWBRVOYdyK214MuR8xnOGW9gK -KytPqmHghUSI6qNWftMx32sAQI62IQjTqgnxUW1o6c5Y20rV3dd/R4rmh/lRR96y -dNIZwqU7bcpgTuk8xW+MoOw/TlGQ9Vf+7rn3URjP07n+9aXwzJrXHMintbPEWzn+ -SXwYj5H+Aw09DBcj94/cXjO9e6IiMWN3hqxfvb/qF37/sYYuQN1pzwBEJyVwfsCI -iZNZRicUMHLuxYUmJEx2N5A47DdvHGXOoP1TMiCy/N24x37U8GvqhlN+j7QyLXt0 -BvcDPqt07yRS6EubQzXQLO60x7DyiXzEHDF5yxEYwmvtOnYqKvdToqbhWfyGPwcB -hZaeblSDKnyTGghQXysLlFtNexfWHVjc6pohEH1vC561mvQbHEFQHJwQR4uGY2BA -OMnie3GerMo+NFwQYUm3 -=efct ------END PGP SIGNATURE----- diff --git a/SOURCES/bind-dyndb-ldap-11.1.tar.bz2.asc b/SOURCES/bind-dyndb-ldap-11.1.tar.bz2.asc new file mode 100644 index 0000000..3becbc4 --- /dev/null +++ b/SOURCES/bind-dyndb-ldap-11.1.tar.bz2.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iQEcBAABCAAGBQJYwqX6AAoJECKiqUteSUFa2OkH/3NWkWc62TWaDkMN+EPUYSJ5 +Hf+hxQJdioATttopyuiCE+5q2iS/9n8DGgfQmdPXDalZwQfYWhX75WWlMIiWWy5F +FDZ29tWY41JqLCdV3xYMhR+Nd4OBegT+U3muIzsFcSS9el78kRmNJCu1yOur/Nc+ +r1v8o2J5PVmp1iYxvy5s77qcIC3cERGcLakDlRduZY00jCL5I5ysxG8sWQ8jJEIr +G1thN8cJeZ37pcOml943m0hLjzcJeNhmV/rgz7cMpH17r3yf5B600B+lGqrL9EtJ +lSTVRJQlZFosDPVrqKuNyMHi5iIroc8+TVZtw1aAyZ8KA39zG5wrMF5FphjVHm4= +=jtZI +-----END PGP SIGNATURE----- diff --git a/SOURCES/bind-dyndb-ldap-pemensik-0002-Treat-passwords-like-ordinary-text-bind-does-not-sup.patch b/SOURCES/bind-dyndb-ldap-pemensik-0002-Treat-passwords-like-ordinary-text-bind-does-not-sup.patch new file mode 100644 index 0000000..acabac3 --- /dev/null +++ b/SOURCES/bind-dyndb-ldap-pemensik-0002-Treat-passwords-like-ordinary-text-bind-does-not-sup.patch @@ -0,0 +1,49 @@ +From ba828bdd09a8203ff6c8e3a2bc66f6af75e3330a Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 20 Feb 2017 14:19:41 +0100 +Subject: [PATCH 2/3] Treat passwords like ordinary text, bind 9.9 does not + support change 3701. Uses simple cfg_print. + +--- + src/ldap_helper.c | 2 +- + src/settings.c | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/ldap_helper.c b/src/ldap_helper.c +index 94bd9cf..fb7c67f 100644 +--- a/src/ldap_helper.c ++++ b/src/ldap_helper.c +@@ -246,7 +246,7 @@ dyndb_ldap_conf_clauses[] = { + { "krb5_keytab", &cfg_type_qstring, 0 }, + { "krb5_principal", &cfg_type_qstring, 0 }, + { "ldap_hostname", &cfg_type_qstring, 0 }, +- { "password", &cfg_type_sstring, 0 }, ++ { "password", &cfg_type_qstring, 0 }, + { "reconnect_interval", &cfg_type_uint32, 0 }, + { "sasl_auth_name", &cfg_type_qstring, 0 }, + { "sasl_mech", &cfg_type_qstring, 0 }, +diff --git a/src/settings.c b/src/settings.c +index 37e6e5c..8f3ae34 100644 +--- a/src/settings.c ++++ b/src/settings.c +@@ -605,7 +605,7 @@ settings_set_fill(const cfg_obj_t *config, settings_set_t *set) + /* this avoids additional quotes around the string */ + str_value = cfg_obj_asstring(cfg_value); + } else { +- cfg_printx(cfg_value, 0, cfg_printer, buf_value); ++ cfg_print(cfg_value, cfg_printer, buf_value); + isc_buffer_putmem(buf_value, (unsigned char *)"\0", 1); + str_value = isc_buffer_base(buf_value); + } +@@ -690,7 +690,7 @@ setting_set_parse_conf(isc_mem_t *mctx, const char *name, + result = cfg_parse_buffer2(parser, &in_buf, name, cfg_type_conf, + &config); + if (result == ISC_R_SUCCESS) { +- cfg_printx(config, CFG_PRINTER_XKEY, cfg_printer, log_buf); ++ cfg_print(config, cfg_printer, log_buf); + cfg_obj_log(config, dns_lctx, ISC_LOG_DEBUG(10), + "configuration for dyndb instance '%s' " + "(starting in file %s on line %lu):\n" +-- +2.9.3 + diff --git a/SOURCES/bind-dyndb-ldap-pemensik-0003-Replace-unsupported-autoreallocating-buffer-by-custo.patch b/SOURCES/bind-dyndb-ldap-pemensik-0003-Replace-unsupported-autoreallocating-buffer-by-custo.patch new file mode 100644 index 0000000..32b53bc --- /dev/null +++ b/SOURCES/bind-dyndb-ldap-pemensik-0003-Replace-unsupported-autoreallocating-buffer-by-custo.patch @@ -0,0 +1,198 @@ +From 61d59a061acf2eeeb328864d1aef8b10b6b6a1fb Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 20 Feb 2017 15:06:45 +0100 +Subject: [PATCH 3/3] Replace unsupported autoreallocating buffer by custom + print_buffer + +--- + src/settings.c | 106 +++++++++++++++++++++++++++++++++++++++++---------------- + 1 file changed, 77 insertions(+), 29 deletions(-) + +diff --git a/src/settings.c b/src/settings.c +index 8f3ae34..7d41b66 100644 +--- a/src/settings.c ++++ b/src/settings.c +@@ -553,19 +553,69 @@ settings_set_free(settings_set_t **set) { + *set = NULL; + } + ++static const unsigned int BUFFER_INCR = 2048; ++/** Structure for unlimited buffer. ++ * ++ * Replace for isc_buffer with autoreallocation enabled from newer bind. */ ++typedef struct print_buffer ++{ ++ isc_mem_t *mctx; ++ isc_buffer_t *buffer; ++ isc_result_t allocated; ++} print_buffer_t; ++ ++/** Initialize print buffer with preallocated isc_buffer. */ ++static isc_result_t ++print_buffer_init(isc_mem_t *mctx, print_buffer_t *buffer) ++{ ++ buffer->mctx = mctx; ++ buffer->buffer = NULL; ++ buffer->allocated = ++ isc_buffer_allocate(mctx, &buffer->buffer, BUFFER_INCR); ++ return buffer->allocated; ++} ++ ++static isc_result_t ++print_buffer_increment(print_buffer_t *pb, unsigned int inclen) ++{ ++ unsigned int increment = BUFFER_INCR; ++ isc_buffer_t *newbuffer = NULL; ++ unsigned int newsize; ++ if (increment < (inclen)) ++ increment = (((inclen)/BUFFER_INCR)+1)*BUFFER_INCR; ++ ++ newsize = isc_buffer_length(pb->buffer)+increment; ++ REQUIRE(newsize > isc_buffer_length(pb->buffer)); ++ pb->allocated = isc_buffer_allocate(pb->mctx, &newbuffer, newsize); ++ if (pb->allocated == ISC_R_SUCCESS) ++ { ++ isc_buffer_putmem(newbuffer, ++ isc_buffer_base(pb->buffer), ++ isc_buffer_length(pb->buffer)); ++ isc_buffer_free(&pb->buffer); ++ pb->buffer = newbuffer; ++ } ++ return pb->allocated; ++} ++ + /** +- * Append textlen bytes from text to isc_buffer pointed to by closure. ++ * Append textlen bytes from text to print_buffer pointed to by closure. + * +- * @pre closure is an initialized isc_buffer with autoreallocation enabled. ++ * @pre closure is an initialized print_buffer . + */ + static void + cfg_printer(void *closure, const char *text, int textlen) { +- isc_buffer_t *logbuffer = closure; +- +- REQUIRE(logbuffer != NULL); +- REQUIRE(logbuffer->autore == ISC_TRUE); ++ struct print_buffer * pb = closure; ++ REQUIRE(pb != NULL); ++ REQUIRE(pb->buffer != NULL); ++ REQUIRE(pb->mctx != NULL); ++ ++ /* I will append terminating '\0', make sure space is reserved */ ++ if (isc_buffer_availablelength(pb->buffer) < (unsigned)(textlen+1)) { ++ print_buffer_increment(pb, textlen+1); ++ } + +- isc_buffer_putmem(logbuffer, (const unsigned char *)text, textlen); ++ isc_buffer_putmem(pb->buffer, (const unsigned char *)text, textlen); + } + + /** +@@ -583,14 +633,12 @@ settings_set_fill(const cfg_obj_t *config, settings_set_t *set) + { + isc_result_t result; + setting_t *setting; +- isc_buffer_t *buf_value = NULL; ++ print_buffer_t buf_value; + const cfg_obj_t *cfg_value; + const char *str_value; + + REQUIRE(cfg_obj_ismap(config) == ISC_TRUE); +- +- CHECK(isc_buffer_allocate(set->mctx, &buf_value, ISC_BUFFER_INCR)); +- isc_buffer_setautorealloc(buf_value, ISC_TRUE); ++ CHECK(print_buffer_init(set->mctx, &buf_value)); + + for (setting = set->first_setting; + setting->name != NULL; +@@ -605,21 +653,22 @@ settings_set_fill(const cfg_obj_t *config, settings_set_t *set) + /* this avoids additional quotes around the string */ + str_value = cfg_obj_asstring(cfg_value); + } else { +- cfg_print(cfg_value, cfg_printer, buf_value); +- isc_buffer_putmem(buf_value, (unsigned char *)"\0", 1); +- str_value = isc_buffer_base(buf_value); ++ cfg_print(cfg_value, cfg_printer, &buf_value); ++ CHECK(buf_value.allocated); ++ isc_buffer_putmem(buf_value.buffer, (unsigned char *)"\0", 1); ++ str_value = isc_buffer_base(buf_value.buffer); + } + result = set_value(set->mctx, set, setting, str_value); + if (result != ISC_R_SUCCESS && result != ISC_R_IGNORE) + goto cleanup; +- isc_buffer_clear(buf_value); ++ isc_buffer_clear(buf_value.buffer); + } + + cleanup: + if (result != ISC_R_SUCCESS) + log_error_r("cannot parse settings for '%s'", set->name); +- if (buf_value != NULL) +- isc_buffer_free(&buf_value); ++ if (buf_value.buffer != NULL) ++ isc_buffer_free(&buf_value.buffer); + return result; + } + +@@ -673,46 +722,45 @@ setting_set_parse_conf(isc_mem_t *mctx, const char *name, + isc_result_t result; + cfg_obj_t *config = NULL; + isc_buffer_t in_buf; +- isc_buffer_t *log_buf = NULL; ++ print_buffer_t pb; + cfg_parser_t *parser = NULL; + unsigned int len; + + REQUIRE(parameters != NULL); + +- CHECK(isc_buffer_allocate(mctx, &log_buf, ISC_BUFFER_INCR)); +- isc_buffer_setautorealloc(log_buf, ISC_TRUE); ++ CHECK(print_buffer_init(mctx, &pb)); + + len = strlen(parameters); + isc_buffer_constinit(&in_buf, parameters, len); + isc_buffer_add(&in_buf, len); + + CHECK(cfg_parser_create(mctx, dns_lctx, &parser)); +- result = cfg_parse_buffer2(parser, &in_buf, name, cfg_type_conf, ++ result = cfg_parse_buffer(parser, &in_buf, cfg_type_conf, + &config); + if (result == ISC_R_SUCCESS) { +- cfg_print(config, cfg_printer, log_buf); ++ cfg_print(config, cfg_printer, &pb); + cfg_obj_log(config, dns_lctx, ISC_LOG_DEBUG(10), + "configuration for dyndb instance '%s' " + "(starting in file %s on line %lu):\n" + "%.*s", +- name, file, line, isc_buffer_usedlength(log_buf), +- (char *)isc_buffer_base(log_buf)); ++ name, file, line, isc_buffer_usedlength(pb.buffer), ++ (char *)isc_buffer_base(pb.buffer)); + } else { + log_error("configuration for dyndb instance '%s' " + "(starting in file %s on line %lu) is invalid", + name, file, line); +- cfg_print_grammar(cfg_type_conf, cfg_printer, log_buf); ++ cfg_print_grammar(cfg_type_conf, cfg_printer, &pb); + log_info("expected grammar:\n" +- "%.*s", isc_buffer_usedlength(log_buf), +- (char *)isc_buffer_base(log_buf)); ++ "%.*s", isc_buffer_usedlength(pb.buffer), ++ (char *)isc_buffer_base(pb.buffer)); + goto cleanup; + } + + CHECK(settings_set_fill(config, settings)); + + cleanup: +- if (log_buf != NULL) +- isc_buffer_free(&log_buf); ++ if (pb.buffer != NULL) ++ isc_buffer_free(&pb.buffer); + if (config != NULL) + cfg_obj_destroy(parser, &config); + if (parser != NULL) +-- +2.9.3 + diff --git a/SOURCES/bind-dyndb-ldap-pspacek-0432-2-Prevent-crash-while-reloading-previously-invalid-but.patch b/SOURCES/bind-dyndb-ldap-pspacek-0432-2-Prevent-crash-while-reloading-previously-invalid-but.patch deleted file mode 100644 index 17759be..0000000 --- a/SOURCES/bind-dyndb-ldap-pspacek-0432-2-Prevent-crash-while-reloading-previously-invalid-but.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 9ae1320d0c71d95e0f9785afa922c5b3240ea66d Mon Sep 17 00:00:00 2001 -From: Petr Spacek -Date: Fri, 22 Jul 2016 16:44:17 +0200 -Subject: [PATCH] Prevent crash while reloading previously invalid but now - valid DNS zone. - -The crash happened under these circumstances: -- a DNS zone (test.) has NS record relative to this zone (ns.test.) -- the name pointed to by NS record did not have any A/AAAA records -- restart BIND to enforce zone load -- zone loading failed because of invalid NS record -- missing A/AAAA record for name ns.test. was added --> CRASH! - -https://fedorahosted.org/bind-dyndb-ldap/ticket/166 ---- - src/ldap_helper.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/ldap_helper.c b/src/ldap_helper.c -index 681661b8910c8213030f38aa9ba38eee748d3109..12a743b095ba400373cb87653d26af82cc95c2ea 100644 ---- a/src/ldap_helper.c -+++ b/src/ldap_helper.c -@@ -3824,6 +3824,7 @@ update_record(isc_task_t *task, isc_event_t *event) - update_restart: - rbtdb = NULL; - ldapdb = NULL; -+ zone_settings = NULL; - ldapdb_rdatalist_destroy(mctx, &rdatalist); - CHECK(zr_get_zone_dbs(inst->zone_register, &entry->zone_name, &ldapdb, &rbtdb)); - CHECK(dns_db_newversion(ldapdb, &version)); --- -2.7.4 - diff --git a/SOURCES/bind-dyndb-ldap-pspacek-0433-Remove-preserve_forwarding-parameter-from-ldap_delet.patch b/SOURCES/bind-dyndb-ldap-pspacek-0433-Remove-preserve_forwarding-parameter-from-ldap_delet.patch deleted file mode 100644 index 8abaeac..0000000 --- a/SOURCES/bind-dyndb-ldap-pspacek-0433-Remove-preserve_forwarding-parameter-from-ldap_delet.patch +++ /dev/null @@ -1,122 +0,0 @@ -From 3b44a3d73a0d1980b43e9022d9249c4c19ba56d2 Mon Sep 17 00:00:00 2001 -From: Petr Spacek -Date: Thu, 11 Aug 2016 12:40:39 +0200 -Subject: [PATCH] Remove preserve_forwarding parameter from - ldap_delete_zone2(). - -The parameter was TRUE only when called from zone_security_change(). -zone_security_change() is calling ldap_delete_zone2() in exclusive mode -anyway so there is no need to optimize this. - -Removal of the parameter will make easier to centralize forwarding -configuration on one place. - -https://fedorahosted.org/bind-dyndb-ldap/ticket/167 ---- - src/ldap_helper.c | 26 ++++++++++---------------- - src/ldap_helper.h | 3 +-- - src/zone_register.c | 2 +- - 3 files changed, 12 insertions(+), 19 deletions(-) - -diff --git a/src/ldap_helper.c b/src/ldap_helper.c -index 12a743b095ba400373cb87653d26af82cc95c2ea..696a755fb8001993ff1a16fa034a9286cbb5ad89 100644 ---- a/src/ldap_helper.c -+++ b/src/ldap_helper.c -@@ -1285,8 +1285,7 @@ configure_zone_ssutable(dns_zone_t *zone, const char *update_str) - - /* Delete zone by dns zone name */ - isc_result_t --ldap_delete_zone2(ldap_instance_t *inst, dns_name_t *name, isc_boolean_t lock, -- isc_boolean_t preserve_forwarding) -+ldap_delete_zone2(ldap_instance_t *inst, dns_name_t *name, isc_boolean_t lock) - { - isc_result_t result; - isc_result_t isforward = ISC_R_NOTFOUND; -@@ -1302,13 +1301,11 @@ ldap_delete_zone2(ldap_instance_t *inst, dns_name_t *name, isc_boolean_t lock, - if (lock) - run_exclusive_enter(inst, &lock_state); - -- if (!preserve_forwarding) { -- CHECK(fwd_delete_table(inst->view, name, "zone", -- zone_name_char)); -- isforward = fwdr_zone_ispresent(inst->fwd_register, name); -- if (isforward == ISC_R_SUCCESS) -- CHECK(fwdr_del_zone(inst->fwd_register, name)); -- } -+ CHECK(fwd_delete_table(inst->view, name, "zone", -+ zone_name_char)); -+ isforward = fwdr_zone_ispresent(inst->fwd_register, name); -+ if (isforward == ISC_R_SUCCESS) -+ CHECK(fwdr_del_zone(inst->fwd_register, name)); - - result = zr_get_zone_ptr(inst->zone_register, name, &raw, &secure); - if (result == ISC_R_NOTFOUND || result == DNS_R_PARTIALMATCH) { -@@ -1487,8 +1484,7 @@ ldap_parse_fwd_zoneentry(ldap_entry_t *entry, ldap_instance_t *inst) - if (HEAD(values) != NULL && - strcasecmp(HEAD(values)->value, "TRUE") != 0) { - /* Zone is not active */ -- result = ldap_delete_zone2(inst, &entry->fqdn, -- ISC_TRUE, ISC_FALSE); -+ result = ldap_delete_zone2(inst, &entry->fqdn, ISC_TRUE); - goto cleanup; - } - -@@ -1990,7 +1986,7 @@ zone_security_change(ldap_entry_t * const entry, dns_name_t * const name, - * in period where old zone was deleted but the new zone was not - * created yet. */ - run_exclusive_enter(inst, &lock_state); -- CHECK(ldap_delete_zone2(inst, name, ISC_FALSE, ISC_TRUE)); -+ CHECK(ldap_delete_zone2(inst, name, ISC_FALSE)); - CHECK(ldap_parse_master_zoneentry(entry, olddb, inst, task)); - - cleanup: -@@ -2173,8 +2169,7 @@ cleanup: - log_error_r("%s: publishing failed, rolling back due to", - ldap_entry_logname(entry)); - /* TODO: verify this */ -- result = ldap_delete_zone2(inst, &entry->fqdn, -- ISC_TRUE, ISC_FALSE); -+ result = ldap_delete_zone2(inst, &entry->fqdn, ISC_TRUE); - if (result != ISC_R_SUCCESS) - log_error_r("%s: rollback failed: ", - ldap_entry_logname(entry)); -@@ -3671,8 +3666,7 @@ update_zone(isc_task_t *task, isc_event_t *event) - INSIST(task == inst->task); /* For task-exclusive mode */ - - if (SYNCREPL_DEL(pevent->chgtype)) { -- CHECK(ldap_delete_zone2(inst, &entry->fqdn, -- ISC_TRUE, ISC_FALSE)); -+ CHECK(ldap_delete_zone2(inst, &entry->fqdn, ISC_TRUE)); - } else { - if (entry->class & LDAP_ENTRYCLASS_MASTER) - CHECK(ldap_parse_master_zoneentry(entry, NULL, inst, -diff --git a/src/ldap_helper.h b/src/ldap_helper.h -index 0368ec7343ef7b16e7afb25b17f3067bf7c09f76..a491baeb41105b9a352dbad6949c3fab008ab69b 100644 ---- a/src/ldap_helper.h -+++ b/src/ldap_helper.h -@@ -46,8 +46,7 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name, - void destroy_ldap_instance(ldap_instance_t **ldap_inst) ATTR_NONNULLS; - - isc_result_t --ldap_delete_zone2(ldap_instance_t *inst, dns_name_t *name, -- isc_boolean_t lock, isc_boolean_t preserve_forwarding) -+ldap_delete_zone2(ldap_instance_t *inst, dns_name_t *name, isc_boolean_t lock) - ATTR_NONNULLS; - - /* Functions for writing to LDAP. */ -diff --git a/src/zone_register.c b/src/zone_register.c -index 3f8c070b3adfb0ecc5092eb1e84f3956ba3b4fb8..bde4a7c308a6a62ebe6b9123b3212a404603310a 100644 ---- a/src/zone_register.c -+++ b/src/zone_register.c -@@ -163,7 +163,7 @@ zr_destroy(zone_register_t **zrp) - if (result == ISC_R_SUCCESS) { - rbt_iter_stop(&iter); - result = ldap_delete_zone2(zr->ldap_inst, -- &name, ISC_FALSE, ISC_FALSE); -+ &name, ISC_FALSE); - RUNTIME_CHECK(result == ISC_R_SUCCESS); - } - } while (result == ISC_R_SUCCESS); --- -2.7.4 - diff --git a/SOURCES/bind-dyndb-ldap-pspacek-0434-Fix-zone-removal-to-respect-forward-configuration-in.patch b/SOURCES/bind-dyndb-ldap-pspacek-0434-Fix-zone-removal-to-respect-forward-configuration-in.patch deleted file mode 100644 index f129a27..0000000 --- a/SOURCES/bind-dyndb-ldap-pspacek-0434-Fix-zone-removal-to-respect-forward-configuration-in.patch +++ /dev/null @@ -1,60 +0,0 @@ -From c28f568bb546bb87adb1d250a479ff966de81a40 Mon Sep 17 00:00:00 2001 -From: Petr Spacek -Date: Fri, 12 Aug 2016 12:18:33 +0200 -Subject: [PATCH] Fix zone removal to respect forward configuration - inheritance. - -Ad-hoc fwd_delete_table() calls did not respect inheritance hierarchy -in forwarding configuration. Now all manipulation with forward table -is done in fwd_configure_zone() and fully respects configuration inheritance. - -There is a trick: When removing or deactivating a zone, fwd_configure_zone() -is called with empty configuration set to simulate that the zone does -not have any explicit configuration. This triggers the inheritance -logic when necessary (i.e. for the root zone). - -https://fedorahosted.org/bind-dyndb-ldap/ticket/167 ---- - src/ldap_helper.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/src/ldap_helper.c b/src/ldap_helper.c -index 696a755fb8001993ff1a16fa034a9286cbb5ad89..ad6e41764740d18e9015b01d83e2634e0bcb9213 100644 ---- a/src/ldap_helper.c -+++ b/src/ldap_helper.c -@@ -1301,19 +1301,18 @@ ldap_delete_zone2(ldap_instance_t *inst, dns_name_t *name, isc_boolean_t lock) - if (lock) - run_exclusive_enter(inst, &lock_state); - -- CHECK(fwd_delete_table(inst->view, name, "zone", -- zone_name_char)); -+ /* simulate no explicit forwarding configuration */ -+ CHECK(fwd_configure_zone(&inst->empty_fwdz_settings, inst, name)); - isforward = fwdr_zone_ispresent(inst->fwd_register, name); - if (isforward == ISC_R_SUCCESS) - CHECK(fwdr_del_zone(inst->fwd_register, name)); - - result = zr_get_zone_ptr(inst->zone_register, name, &raw, &secure); - if (result == ISC_R_NOTFOUND || result == DNS_R_PARTIALMATCH) { - if (isforward == ISC_R_SUCCESS) - log_info("forward zone '%s': shutting down", zone_name_char); - log_debug(1, "zone '%s' not found in zone register", zone_name_char); -- result = dns_view_flushcache(inst->view); -- goto cleanup; -+ CLEANUP_WITH(ISC_R_SUCCESS); - } else if (result != ISC_R_SUCCESS) - goto cleanup; - -@@ -1373,7 +1372,8 @@ unpublish_zone(ldap_instance_t *inst, dns_name_t *name, const char *logname) { - } - CHECK(dns_view_findzone(inst->view, name, &zone_in_view)); - INSIST(zone_in_view == raw || zone_in_view == secure); -- CHECK(fwd_delete_table(inst->view, name, "zone", logname)); -+ /* simulate no explicit forwarding configuration */ -+ CHECK(fwd_configure_zone(&inst->empty_fwdz_settings, inst, name)); - CHECK(dns_zt_unmount(inst->view->zonetable, zone_in_view)); - - cleanup: --- -2.7.4 - diff --git a/SOURCES/bind-dyndb-ldap-tkrizek-0001-Revert-BIND-9.11-use-new-public-header-isc-errno.h-i.patch b/SOURCES/bind-dyndb-ldap-tkrizek-0001-Revert-BIND-9.11-use-new-public-header-isc-errno.h-i.patch new file mode 100644 index 0000000..52f156a --- /dev/null +++ b/SOURCES/bind-dyndb-ldap-tkrizek-0001-Revert-BIND-9.11-use-new-public-header-isc-errno.h-i.patch @@ -0,0 +1,75 @@ +From 34efc7e7d27d62f1ce67a4b12f41e3ba6ac5045f Mon Sep 17 00:00:00 2001 +From: Tomas Krizek +Date: Fri, 17 Feb 2017 14:30:13 +0100 +Subject: [PATCH 1/3] Revert "BIND 9.11: use new public header isc/errno.h + instead of private isc/errno2result.h" + +This reverts commit 08da3390cfc0985abdc0f791115f0f595e915df6. +--- + configure.ac | 12 ++++++------ + src/fs.c | 6 +++--- + 2 files changed, 9 insertions(+), 9 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 50e41f3af667724accf9996c4167355c074ce00b..9e0f180699057e3d9f6a414868d123bf254fea50 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -105,18 +105,18 @@ int main(void) { + [AC_MSG_ERROR([Cross compiling is not supported.])] + ) + +-dnl isc_errno_toresult() was not available in older header files +-AC_MSG_CHECKING([isc_errno_toresult availability]) ++dnl isc__errno2result() is typically not present in standard header files ++AC_MSG_CHECKING([isc__errno2result availability in header files]) + AC_TRY_RUN([ +-#include ++#include + int main(void) { +- isc_errno_toresult(0); ++ isc__errno2result(0); + return 0; + }], + [AC_MSG_RESULT([yes])], + [AC_MSG_ERROR([ +- Can't find isc_errno_toresult() or header isc/errno.h: +- Please install bind-devel package or similar.])], ++ Can't find isc__errno2result() or header isc/errno2result.h: ++ Please install bind-lite-devel package or similar.])], + [AC_MSG_ERROR([Cross compiling is not supported.])] + ) + +diff --git a/src/fs.c b/src/fs.c +index 61c46b51f225488422fe680f568851e6dfcae8de..09b71d70ea4f15bc5122df1960933f47f0d44eda 100644 +--- a/src/fs.c ++++ b/src/fs.c +@@ -10,7 +10,7 @@ + + #include + #include +-#include ++#include + #include + #include + #include +@@ -37,7 +37,7 @@ fs_dir_create(const char *dir_name) + if (ret == 0) + result = ISC_R_SUCCESS; + else +- result = isc_errno_toresult(errno); ++ result = isc__errno2result(errno); + + if (result != ISC_R_SUCCESS && result != ISC_R_FILEEXISTS) { + log_error_r("unable to create directory '%s', working directory " +@@ -50,7 +50,7 @@ fs_dir_create(const char *dir_name) + * solely for this purpose. */ + ret = chmod(dir_name, dir_mode); + if (ret != 0) { +- result = isc_errno_toresult(errno); ++ result = isc__errno2result(errno); + log_error_r("unable to chmod directory '%s', " + "working directory is '%s'", + dir_name, dir_curr); +-- +2.9.3 + diff --git a/SOURCES/bind-dyndb-ldap-tkrizek-0002-Revert-BIND-9.11-Add-wrapper-for-new-DB-API-method-n.patch b/SOURCES/bind-dyndb-ldap-tkrizek-0002-Revert-BIND-9.11-Add-wrapper-for-new-DB-API-method-n.patch new file mode 100644 index 0000000..691051c --- /dev/null +++ b/SOURCES/bind-dyndb-ldap-tkrizek-0002-Revert-BIND-9.11-Add-wrapper-for-new-DB-API-method-n.patch @@ -0,0 +1,45 @@ +From 969c1737ff227cc5810ea6d91e36e87d21bea194 Mon Sep 17 00:00:00 2001 +From: Tomas Krizek +Date: Fri, 17 Feb 2017 14:32:58 +0100 +Subject: [PATCH 2/3] Revert "BIND 9.11: Add wrapper for new DB API method + nodefullname." + +This reverts commit 8178f3cf856829c081a663a2e3f4d77ecc2db6b1. +--- + src/ldap_driver.c | 13 +------------ + 1 file changed, 1 insertion(+), 12 deletions(-) + +diff --git a/src/ldap_driver.c b/src/ldap_driver.c +index 53ce1a93a1f9b45bfb69983f196a3760bdb98ca2..ed31d50321072a8100e20bbd0cf7da2e3741b0d4 100644 +--- a/src/ldap_driver.c ++++ b/src/ldap_driver.c +@@ -813,16 +813,6 @@ hashsize(dns_db_t *db) + return dns_db_hashsize(ldapdb->rbtdb); + } + +-isc_result_t +-nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name) +-{ +- ldapdb_t *ldapdb = (ldapdb_t *) db; +- +- REQUIRE(VALID_LDAPDB(ldapdb)); +- +- return dns_db_nodefullname(ldapdb->rbtdb, node, name); +-} +- + static dns_dbmethods_t ldapdb_methods = { + attach, + detach, +@@ -866,8 +856,7 @@ static dns_dbmethods_t ldapdb_methods = { + findnodeext, + findext, + setcachestats, +- hashsize, +- nodefullname ++ hashsize + }; + + isc_result_t ATTR_NONNULLS +-- +2.9.3 + diff --git a/SOURCES/bind-dyndb-ldap-tkrizek-0003-Revert-BIND-9.11-Remove-if-blocks-for-older-BIND-ver.patch b/SOURCES/bind-dyndb-ldap-tkrizek-0003-Revert-BIND-9.11-Remove-if-blocks-for-older-BIND-ver.patch new file mode 100644 index 0000000..310212c --- /dev/null +++ b/SOURCES/bind-dyndb-ldap-tkrizek-0003-Revert-BIND-9.11-Remove-if-blocks-for-older-BIND-ver.patch @@ -0,0 +1,507 @@ +From b0b52c55e7ee12287eb4360b0fc1dd5751ee105e Mon Sep 17 00:00:00 2001 +From: Tomas Krizek +Date: Fri, 17 Feb 2017 14:35:13 +0100 +Subject: [PATCH 3/3] Revert "BIND 9.11: Remove #if blocks for older BIND + versions." + +This reverts commit 2649ef1da1cbfc1203337665c4e589e1fe75f04b. +--- + src/Makefile.am | 1 + + src/compat.h | 44 +++++++++++++++++++++++ + src/fwd.c | 60 +++++++++++++++++++++++++++++-- + src/ldap_driver.c | 103 +++++++++++++++++++++++++++++++++++++++++++++++++++--- + 4 files changed, 202 insertions(+), 6 deletions(-) + create mode 100644 src/compat.h + +diff --git a/src/Makefile.am b/src/Makefile.am +index e1e3968682a675573fbebcefefdee53bf6499f5b..fe96c4c82d3fe5ee4763dd1834c074e08365cdcc 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -4,6 +4,7 @@ bindplugindir=$(libdir)/bind + HDRS = \ + acl.h \ + bindcfg.h \ ++ compat.h \ + empty_zones.h \ + fs.h \ + fwd.h \ +diff --git a/src/compat.h b/src/compat.h +new file mode 100644 +index 0000000000000000000000000000000000000000..00e3da58bc270e3e21f8780af1056caae5151c87 +--- /dev/null ++++ b/src/compat.h +@@ -0,0 +1,44 @@ ++/* ++ * Copyright (C) 2009 bind-dyndb-ldap authors; see COPYING for license ++ */ ++ ++#ifdef HAVE_CONFIG_H ++#include ++#else ++#error "Can't compile without config.h" ++#endif ++ ++/* ++ * dns_rdatalist_fromrdataset() did not exist in older versions of libdns. ++ * Add a substitude function here. ++ */ ++#if LIBDNS_VERSION_MAJOR < 40 ++static inline isc_result_t ++dns_rdatalist_fromrdataset(dns_rdataset_t *rdataset, ++ dns_rdatalist_t **rdatalist) ++{ ++ REQUIRE(rdatalist != NULL && rdataset != NULL); ++ ++ *rdatalist = rdataset->private1; ++ ++ return ISC_R_SUCCESS; ++} ++#endif /* LIBDNS_VERSION_MAJOR < 40 */ ++ ++/* ++ * In older libdns versions, isc_refcount_init() was defined as a macro. ++ * However, in newer versions, it is a function returning isc_result_t type. ++ * This piece of code should take care of that problem. ++ */ ++#if LIBDNS_VERSION_MAJOR < 30 ++#include ++ ++static inline isc_result_t ++isc_refcount_init_func(isc_refcount_t *ref, unsigned int n) ++{ ++ isc_refcount_init(ref, n); ++ return ISC_R_SUCCESS; ++} ++#undef isc_refcount_init ++#define isc_refcount_init isc_refcount_init_func ++#endif /* LIBDNS_VERSION_MAJOR < 30 */ +diff --git a/src/fwd.c b/src/fwd.c +index 840f0e8f232969b2b726fa4a338a10c010654279..1f6a9e5d922d6a14dec88e04d41ad911f2dfd389 100644 +--- a/src/fwd.c ++++ b/src/fwd.c +@@ -69,7 +69,11 @@ fwd_list_len(dns_forwarders_t *fwdrs) { + + REQUIRE(fwdrs != NULL); + ++#if LIBDNS_VERSION_MAJOR < 140 ++ for (isc_sockaddr_t *fwdr = ISC_LIST_HEAD(fwdrs->addrs); ++#else /* LIBDNS_VERSION_MAJOR >= 140 */ + for (dns_forwarder_t *fwdr = ISC_LIST_HEAD(fwdrs->fwdrs); ++#endif + fwdr != NULL; + fwdr = ISC_LIST_NEXT(fwdr, link)) { + len++; +@@ -165,7 +169,11 @@ fwd_print_list_buff(isc_mem_t *mctx, dns_forwarders_t *fwdrs, + const cfg_obj_t *faddresses; + const cfg_listelt_t *fwdr_cfg; /* config representation */ + /* internal representation */ ++#if LIBDNS_VERSION_MAJOR < 140 ++ isc_sockaddr_t *fwdr_int; ++#else /* LIBDNS_VERSION_MAJOR >= 140 */ + dns_forwarder_t *fwdr_int; ++#endif + + isc_buffer_initnull(&tmp_buf); + tmp_buf.mctx = mctx; +@@ -189,12 +197,20 @@ fwd_print_list_buff(isc_mem_t *mctx, dns_forwarders_t *fwdrs, + * data from the internal one to cfg data structures.*/ + faddresses = cfg_tuple_get(forwarders_cfg, "addresses"); + for (fwdr_int = ISC_LIST_HEAD( ++#if LIBDNS_VERSION_MAJOR < 140 ++ fwdrs->addrs ++#else /* LIBDNS_VERSION_MAJOR >= 140 */ + fwdrs->fwdrs ++#endif + ), fwdr_cfg = cfg_list_first(faddresses); + INSIST((fwdr_int == NULL) == (fwdr_cfg == NULL)), fwdr_int != NULL; + fwdr_int = ISC_LIST_NEXT(fwdr_int, link), fwdr_cfg = cfg_list_next(fwdr_cfg)) { ++#if LIBDNS_VERSION_MAJOR < 140 ++ fwdr_cfg->obj->value.sockaddr = *fwdr_int; ++#else /* LIBDNS_VERSION_MAJOR >= 140 */ + fwdr_cfg->obj->value.sockaddrdscp.sockaddr = fwdr_int->addr; + fwdr_cfg->obj->value.sockaddrdscp.dscp = fwdr_int->dscp; ++#endif + } + cfg_print(faddresses, buffer_append_str, &tmp_buf); + +@@ -243,7 +259,12 @@ cleanup: + + static isc_result_t + fwd_parse_str(const char *fwdrs_str, isc_mem_t *mctx, +- dns_forwarderlist_t *fwdrs) ++#if LIBDNS_VERSION_MAJOR < 140 ++ isc_sockaddrlist_t *fwdrs ++#else /* LIBDNS_VERSION_MAJOR >= 140 */ ++ dns_forwarderlist_t *fwdrs ++#endif ++ ) + { + isc_result_t result = ISC_R_SUCCESS; + cfg_parser_t *parser = NULL; +@@ -253,7 +274,11 @@ fwd_parse_str(const char *fwdrs_str, isc_mem_t *mctx, + const cfg_listelt_t *listel; + const cfg_obj_t *fwdr_cfg; + isc_sockaddr_t addr; ++#if LIBDNS_VERSION_MAJOR < 140 ++ isc_sockaddr_t *fwdr; ++#else /* LIBDNS_VERSION_MAJOR >= 140 */ + dns_forwarder_t *fwdr; ++#endif + + in_port_t port = 53; + +@@ -276,8 +301,12 @@ fwd_parse_str(const char *fwdrs_str, isc_mem_t *mctx, + if (isc_sockaddr_getport(&addr) == 0) + isc_sockaddr_setport(&addr, port); + CHECKED_MEM_GET_PTR(mctx, fwdr); ++#if LIBDNS_VERSION_MAJOR < 140 ++ *fwdr = addr; ++#else /* LIBDNS_VERSION_MAJOR >= 140 */ + fwdr->addr = addr; + fwdr->dscp = cfg_obj_getdscp(fwdr_cfg); ++#endif + ISC_LINK_INIT(fwdr, link); + ISC_LIST_APPEND(*fwdrs, fwdr, link); + } +@@ -291,8 +320,18 @@ cleanup: + } + + static void +-fwdr_list_free(isc_mem_t *mctx, dns_forwarderlist_t *fwdrs) { ++fwdr_list_free(isc_mem_t *mctx, ++#if LIBDNS_VERSION_MAJOR < 140 ++ isc_sockaddrlist_t *fwdrs ++#else /* LIBDNS_VERSION_MAJOR >= 140 */ ++ dns_forwarderlist_t *fwdrs ++#endif ++ ) { ++#if LIBDNS_VERSION_MAJOR < 140 ++ isc_sockaddr_t *fwdr; ++#else /* LIBDNS_VERSION_MAJOR >= 140 */ + dns_forwarder_t *fwdr; ++#endif + while (!ISC_LIST_EMPTY(*fwdrs)) { + fwdr = ISC_LIST_HEAD(*fwdrs); + ISC_LIST_UNLINK(*fwdrs, fwdr, link); +@@ -318,7 +357,11 @@ fwd_setting_isexplicit(isc_mem_t *mctx, const settings_set_t *set, + isc_result_t result; + setting_t *setting = NULL; + dns_fwdpolicy_t fwdpolicy; ++#if LIBDNS_VERSION_MAJOR < 140 ++ isc_sockaddrlist_t fwdrs; ++#else /* LIBDNS_VERSION_MAJOR >= 140 */ + dns_forwarderlist_t fwdrs; ++#endif + + REQUIRE(isexplicit != NULL); + ISC_LIST_INIT(fwdrs); +@@ -397,7 +440,11 @@ fwd_parse_ldap(ldap_entry_t *entry, settings_set_t *set) { + ldap_valuelist_t values; + ldap_value_t *value; + isc_buffer_t *tmp_buf = NULL; /* hack: only the base buffer is allocated */ ++#if LIBDNS_VERSION_MAJOR < 140 ++ isc_sockaddrlist_t fwdrs; ++#else /* LIBDNS_VERSION_MAJOR >= 140 */ + dns_forwarderlist_t fwdrs; ++#endif + const char *setting_str = NULL; + + /** +@@ -500,7 +547,11 @@ fwd_configure_zone(const settings_set_t *set, ldap_instance_t *inst, + isc_mem_t *mctx = NULL; + dns_view_t *view = NULL; + isc_result_t lock_state = ISC_R_IGNORE; ++#if LIBDNS_VERSION_MAJOR < 140 ++ isc_sockaddrlist_t fwdrs; ++#else /* LIBDNS_VERSION_MAJOR >= 140 */ + dns_forwarderlist_t fwdrs; ++#endif + isc_boolean_t is_global_config; + dns_fixedname_t foundname; + const char *msg_use_global_fwds; +@@ -579,8 +630,13 @@ fwd_configure_zone(const settings_set_t *set, ldap_instance_t *inst, + run_exclusive_enter(inst, &lock_state); + CHECK(fwd_delete_table(view, name, msg_obj_type, set->name)); + if (isconfigured == ISC_TRUE) { ++#if LIBDNS_VERSION_MAJOR < 140 ++ CHECK(dns_fwdtable_add(view->fwdtable, name, &fwdrs, ++ fwdpolicy)); ++#else /* LIBDNS_VERSION_MAJOR >= 140 */ + CHECK(dns_fwdtable_addfwd(view->fwdtable, name, &fwdrs, + fwdpolicy)); ++#endif + } + dns_view_flushcache(view); + run_exclusive_exit(inst, lock_state); +diff --git a/src/ldap_driver.c b/src/ldap_driver.c +index ed31d50321072a8100e20bbd0cf7da2e3741b0d4..4e842cb0f122c49080128a81892f9737d29a299e 100644 +--- a/src/ldap_driver.c ++++ b/src/ldap_driver.c +@@ -34,6 +34,7 @@ + #include /* For memcpy */ + + #include "bindcfg.h" ++#include "compat.h" + #include "ldap_driver.h" + #include "ldap_helper.h" + #include "ldap_convert.h" +@@ -184,9 +185,18 @@ detach(dns_db_t **dbp) + + /* !!! This could be required for optimizations (like on-disk cache). */ + static isc_result_t ++#if LIBDNS_VERSION_MAJOR < 140 ++beginload(dns_db_t *db, dns_addrdatasetfunc_t *addp, dns_dbload_t **dbloadp) ++{ ++ ++ UNUSED(db); ++ UNUSED(addp); ++ UNUSED(dbloadp); ++#else /* LIBDNS_VERSION_MAJOR >= 140 */ + beginload(dns_db_t *db, dns_rdatacallbacks_t *callbacks) { + UNUSED(db); + UNUSED(callbacks); ++#endif /* LIBDNS_VERSION_MAJOR >= 140 */ + + fatal_error("ldapdb: method beginload() should never be called"); + +@@ -201,9 +211,17 @@ beginload(dns_db_t *db, dns_rdatacallbacks_t *callbacks) { + + /* !!! This could be required for optimizations (like on-disk cache). */ + static isc_result_t ++#if LIBDNS_VERSION_MAJOR < 140 ++endload(dns_db_t *db, dns_dbload_t **dbloadp) ++{ ++ ++ UNUSED(db); ++ UNUSED(dbloadp); ++#else /* LIBDNS_VERSION_MAJOR >= 140 */ + endload(dns_db_t *db, dns_rdatacallbacks_t *callbacks) { + UNUSED(db); + UNUSED(callbacks); ++#endif /* LIBDNS_VERSION_MAJOR >= 140 */ + + fatal_error("ldapdb: method endload() should never be called"); + +@@ -211,6 +229,7 @@ endload(dns_db_t *db, dns_rdatacallbacks_t *callbacks) { + return ISC_R_SUCCESS; + } + ++#if LIBDNS_VERSION_MAJOR >= 140 + static isc_result_t + serialize(dns_db_t *db, dns_dbversion_t *version, FILE *file) + { +@@ -220,17 +239,23 @@ serialize(dns_db_t *db, dns_dbversion_t *version, FILE *file) + + return dns_db_serialize(ldapdb->rbtdb, version, file); + } ++#endif /* LIBDNS_VERSION_MAJOR >= 140 */ + + /* !!! This could be required for optimizations (like on-disk cache). */ + static isc_result_t +-dump(dns_db_t *db, dns_dbversion_t *version, const char *filename, +- dns_masterformat_t masterformat) ++dump(dns_db_t *db, dns_dbversion_t *version, const char *filename ++#if LIBDNS_VERSION_MAJOR >= 31 ++ , dns_masterformat_t masterformat ++#endif ++ ) + { + + UNUSED(db); + UNUSED(version); + UNUSED(filename); ++#if LIBDNS_VERSION_MAJOR >= 31 + UNUSED(masterformat); ++#endif + + fatal_error("ldapdb: method dump() should never be called"); + +@@ -401,14 +426,22 @@ printnode(dns_db_t *db, dns_dbnode_t *node, FILE *out) + } + + static isc_result_t +-createiterator(dns_db_t *db, unsigned int options, ++createiterator(dns_db_t *db, ++#if LIBDNS_VERSION_MAJOR >= 50 ++ unsigned int options, ++#else ++ isc_boolean_t relative_names, ++#endif + dns_dbiterator_t **iteratorp) + { + ldapdb_t *ldapdb = (ldapdb_t *) db; + + REQUIRE(VALID_LDAPDB(ldapdb)); +- ++#if LIBDNS_VERSION_MAJOR >= 50 + return dns_db_createiterator(ldapdb->rbtdb, options, iteratorp); ++#else ++ return dns_db_createiterator(ldapdb->rbtdb, relative_names, iteratorp); ++#endif + } + + static isc_result_t +@@ -646,6 +679,7 @@ settask(dns_db_t *db, isc_task_t *task) + dns_db_settask(ldapdb->rbtdb, task); + } + ++#if LIBDNS_VERSION_MAJOR >= 31 + static isc_result_t + getoriginnode(dns_db_t *db, dns_dbnode_t **nodep) + { +@@ -655,7 +689,9 @@ getoriginnode(dns_db_t *db, dns_dbnode_t **nodep) + + return dns_db_getoriginnode(ldapdb->rbtdb, nodep); + } ++#endif /* LIBDNS_VERSION_MAJOR >= 31 */ + ++#if LIBDNS_VERSION_MAJOR >= 45 + static void + transfernode(dns_db_t *db, dns_dbnode_t **sourcep, dns_dbnode_t **targetp) + { +@@ -666,7 +702,9 @@ transfernode(dns_db_t *db, dns_dbnode_t **sourcep, dns_dbnode_t **targetp) + dns_db_transfernode(ldapdb->rbtdb, sourcep, targetp); + + } ++#endif /* LIBDNS_VERSION_MAJOR >= 45 */ + ++#if LIBDNS_VERSION_MAJOR >= 50 + static isc_result_t + getnsec3parameters(dns_db_t *db, dns_dbversion_t *version, + dns_hash_t *hash, isc_uint8_t *flags, +@@ -733,7 +771,9 @@ isdnssec(dns_db_t *db) + + return dns_db_isdnssec(ldapdb->rbtdb); + } ++#endif /* LIBDNS_VERSION_MAJOR >= 50 */ + ++#if LIBDNS_VERSION_MAJOR >= 45 + static dns_stats_t * + getrrsetstats(dns_db_t *db) { + ldapdb_t *ldapdb = (ldapdb_t *) db; +@@ -743,7 +783,35 @@ getrrsetstats(dns_db_t *db) { + return dns_db_getrrsetstats(ldapdb->rbtdb); + + } ++#endif /* LIBDNS_VERSION_MAJOR >= 45 */ + ++#if LIBDNS_VERSION_MAJOR >= 82 && LIBDNS_VERSION_MAJOR < 140 ++static isc_result_t ++rpz_enabled(dns_db_t *db, dns_rpz_st_t *st) ++{ ++ ldapdb_t *ldapdb = (ldapdb_t *) db; ++ ++ REQUIRE(VALID_LDAPDB(ldapdb)); ++ ++ return dns_db_rpz_enabled(ldapdb->rbtdb, st); ++} ++ ++static void ++rpz_findips(dns_rpz_zone_t *rpz, dns_rpz_type_t rpz_type, ++ dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *version, ++ dns_rdataset_t *ardataset, dns_rpz_st_t *st, ++ dns_name_t *query_qname) ++{ ++ ldapdb_t *ldapdb = (ldapdb_t *) db; ++ ++ REQUIRE(VALID_LDAPDB(ldapdb)); ++ ++ dns_db_rpz_findips(rpz, rpz_type, zone, ldapdb->rbtdb, version, ++ ardataset, st, query_qname); ++} ++#endif /* LIBDNS_VERSION_MAJOR >= 82 && LIBDNS_VERSION_MAJOR < 140 */ ++ ++#if LIBDNS_VERSION_MAJOR >= 140 + void + rpz_attach(dns_db_t *db, dns_rpz_zones_t *rpzs, dns_rpz_num_t rpz_num) + { +@@ -763,7 +831,9 @@ rpz_ready(dns_db_t *db) + + return dns_db_rpz_ready(ldapdb->rbtdb); + } ++#endif /* LIBDNS_VERSION_MAJOR >= 140 */ + ++#if LIBDNS_VERSION_MAJOR >= 90 + static isc_result_t + findnodeext(dns_db_t *db, dns_name_t *name, + isc_boolean_t create, dns_clientinfomethods_t *methods, +@@ -792,7 +862,9 @@ findext(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, + nodep, foundname, methods, clientinfo, rdataset, + sigrdataset); + } ++#endif /* LIBDNS_VERSION_MAJOR >= 90 */ + ++#if LIBDNS_VERSION_MAJOR >= 140 + isc_result_t + setcachestats(dns_db_t *db, isc_stats_t *stats) + { +@@ -803,7 +875,11 @@ setcachestats(dns_db_t *db, isc_stats_t *stats) + return dns_db_setcachestats(ldapdb->rbtdb, stats); + } + ++#if LIBDNS_VERSION_MAJOR >= 164 + size_t ++#else ++unsigned int ++#endif /* LIBDNS_VERSION_MAJOR >= 164 */ + hashsize(dns_db_t *db) + { + ldapdb_t *ldapdb = (ldapdb_t *) db; +@@ -812,13 +888,16 @@ hashsize(dns_db_t *db) + + return dns_db_hashsize(ldapdb->rbtdb); + } ++#endif /* LIBDNS_VERSION_MAJOR >= 140 */ + + static dns_dbmethods_t ldapdb_methods = { + attach, + detach, + beginload, + endload, ++#if LIBDNS_VERSION_MAJOR >= 140 + serialize, /* see dns_db_serialize(), implementation is not mandatory */ ++#endif /* LIBDNS_VERSION_MAJOR >= 140 */ + dump, + currentversion, + newversion, +@@ -842,21 +921,37 @@ static dns_dbmethods_t ldapdb_methods = { + ispersistent, + overmem, + settask, ++#if LIBDNS_VERSION_MAJOR >= 31 + getoriginnode, ++#endif /* LIBDNS_VERSION_MAJOR >= 31 */ ++#if LIBDNS_VERSION_MAJOR >= 45 + transfernode, ++#if LIBDNS_VERSION_MAJOR >= 50 + getnsec3parameters, + findnsec3node, + setsigningtime, + getsigningtime, + resigned, + isdnssec, ++#endif /* LIBDNS_VERSION_MAJOR >= 50 */ + getrrsetstats, ++#endif /* LIBDNS_VERSION_MAJOR >= 45 */ ++#if LIBDNS_VERSION_MAJOR >= 82 && LIBDNS_VERSION_MAJOR < 140 ++ rpz_enabled, ++ rpz_findips, ++#endif /* LIBDNS_VERSION_MAJOR >= 82 && LIBDNS_VERSION_MAJOR < 140 */ ++#if LIBDNS_VERSION_MAJOR >= 140 + rpz_attach, + rpz_ready, ++#endif /* LIBDNS_VERSION_MAJOR >= 140 */ ++#if LIBDNS_VERSION_MAJOR >= 90 + findnodeext, + findext, ++#endif /* LIBDNS_VERSION_MAJOR >= 90 */ ++#if LIBDNS_VERSION_MAJOR >= 140 + setcachestats, + hashsize ++#endif /* LIBDNS_VERSION_MAJOR >= 140 */ + }; + + isc_result_t ATTR_NONNULLS +-- +2.9.3 + diff --git a/SOURCES/bind-dyndb-ldap-tkrizek-0004-Skip-isc-lib-register.patch b/SOURCES/bind-dyndb-ldap-tkrizek-0004-Skip-isc-lib-register.patch new file mode 100644 index 0000000..08aff3c --- /dev/null +++ b/SOURCES/bind-dyndb-ldap-tkrizek-0004-Skip-isc-lib-register.patch @@ -0,0 +1,38 @@ +From 9879850c5e5c19958949697db2da60ca7a3be7de Mon Sep 17 00:00:00 2001 +From: Tomas Krizek +Date: Tue, 14 Mar 2017 14:59:26 +0100 +Subject: [PATCH] Skip isc_lib_register + +--- + src/ldap_driver.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/src/ldap_driver.c b/src/ldap_driver.c +index 4e842cb0f122c49080128a81892f9737d29a299e..9fc3b9a44fba9aec6a71a9ff66b2b96c3c4777cf 100644 +--- a/src/ldap_driver.c ++++ b/src/ldap_driver.c +@@ -1143,14 +1143,17 @@ dyndb_init(isc_mem_t *mctx, const char *name, const char *parameters, + * access to named's global namespace, in which case we need + * to initialize libisc/libdns + */ +- if (dctx->refvar != &isc_bind9) { +- isc_lib_register(); ++ if (dctx->refvar != &isc_lctx) { ++ void *old_lctx = &isc_lctx; + isc_log_setcontext(dctx->lctx); + dns_log_setcontext(dctx->lctx); +- log_debug(5, "registering library from dynamic ldap driver, %p != %p.", dctx->refvar, &isc_bind9); ++ log_debug(5, "registering library from dynamic ldap driver, " ++ "%p != %p.", dctx->refvar, old_lctx); + } + +- isc_hash_set_initializer(dctx->hashinit); ++ if (isc_hashctx != NULL && isc_hashctx != dctx->hctx) ++ isc_hash_ctxdetach(&isc_hashctx); ++ isc_hashctx = dctx->hctx; + + log_debug(2, "registering dynamic ldap driver for %s.", name); + +-- +2.9.3 + diff --git a/SOURCES/bind-dyndb-ldap-tkrizek-0005-Setting-skip-unconfigured-values.patch b/SOURCES/bind-dyndb-ldap-tkrizek-0005-Setting-skip-unconfigured-values.patch new file mode 100644 index 0000000..f90297d --- /dev/null +++ b/SOURCES/bind-dyndb-ldap-tkrizek-0005-Setting-skip-unconfigured-values.patch @@ -0,0 +1,39 @@ +From 41461fc444170ffd9b5459e2f0b2480f3288cc1d Mon Sep 17 00:00:00 2001 +From: Tomas Krizek +Date: Fri, 7 Apr 2017 14:48:32 +0200 +Subject: [PATCH 1/2] settings: skip unconfigured values + +When a value is not configured in settings map, it is skipped. +If it is the last processed value, the result of ISC_R_NOTFOUND +would cause the cleanup section of the function fail. Since +unconfigured values are allowed and expected, override the result +to ISC_R_SUCCESS in this case to prevent triggerring an error. + +https://pagure.io/bind-dyndb-ldap/issue/172 + +Reviewed-By: Martin Basti +--- + src/settings.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/src/settings.c b/src/settings.c +index 37e6e5ccd751bd176f8dbdd4fd505b7e18ded4f4..8beb0d3cd16479c79bdc104a6a6fd28033f403e7 100644 +--- a/src/settings.c ++++ b/src/settings.c +@@ -597,8 +597,11 @@ settings_set_fill(const cfg_obj_t *config, settings_set_t *set) + setting++) { + cfg_value = NULL; + result = cfg_map_get(config, setting->name, &cfg_value); +- if (result == ISC_R_NOTFOUND) +- continue; /* setting not configured in map */ ++ if (result == ISC_R_NOTFOUND) { ++ /* setting not configured in map */ ++ result = ISC_R_SUCCESS; ++ continue; ++ } + else if (result != ISC_R_SUCCESS) + goto cleanup; + if (cfg_obj_isstring(cfg_value)) { +-- +2.9.3 + diff --git a/SOURCES/bind-dyndb-ldap-tkrizek-0006-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch b/SOURCES/bind-dyndb-ldap-tkrizek-0006-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch new file mode 100644 index 0000000..16973cb --- /dev/null +++ b/SOURCES/bind-dyndb-ldap-tkrizek-0006-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch @@ -0,0 +1,129 @@ +From 13b185182aeb48562cf63251b84bcf910b57a0fc Mon Sep 17 00:00:00 2001 +From: Tomas Krizek +Date: Mon, 27 Mar 2017 19:41:05 +0200 +Subject: [PATCH] Coverity: fix REVERSE_INULL for pevent->inst +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +With the DynDB API changes, the ldap instance is acquired +differently. Previously, obtaining the instance could fail when +LDAP was disconnecting, thus the NULL check was necessary in the +cleanup part. + +Now, inst is obtained directly from the API. I'm not sure what is +the exact behaviour in edge cases such as LDAP disconnecting, so +I perform the NULL check a bit earlier, just to be safe. + +Reviewed-By: Petr Menšík +--- + src/ldap_helper.c | 43 ++++++++++++++++++++++--------------------- + 1 file changed, 22 insertions(+), 21 deletions(-) + +diff --git a/src/ldap_helper.c b/src/ldap_helper.c +index 1fa0ec9adfa2b9ca589587244da03cc6f0584919..9e0174a785d41e2a809130b348345870ca880978 100644 +--- a/src/ldap_helper.c ++++ b/src/ldap_helper.c +@@ -3714,6 +3714,7 @@ update_zone(isc_task_t *task, isc_event_t *event) + mctx = pevent->mctx; + dns_name_init(&prevname, NULL); + ++ REQUIRE(inst != NULL); + INSIST(task == inst->task); /* For task-exclusive mode */ + + if (SYNCREPL_DEL(pevent->chgtype)) { +@@ -3730,12 +3731,11 @@ update_zone(isc_task_t *task, isc_event_t *event) + } + + cleanup: +- if (inst != NULL) { +- sync_concurr_limit_signal(inst->sctx); +- sync_event_signal(inst->sctx, pevent); +- if (dns_name_dynamic(&prevname)) +- dns_name_free(&prevname, inst->mctx); +- } ++ sync_concurr_limit_signal(inst->sctx); ++ sync_event_signal(inst->sctx, pevent); ++ if (dns_name_dynamic(&prevname)) ++ dns_name_free(&prevname, inst->mctx); ++ + if (result != ISC_R_SUCCESS) + log_error_r("update_zone (syncrepl) failed for %s. " + "Zones can be outdated, run `rndc reload`", +@@ -3760,14 +3760,14 @@ update_config(isc_task_t * task, isc_event_t *event) + + mctx = pevent->mctx; + ++ REQUIRE(inst != NULL); + INSIST(task == inst->task); /* For task-exclusive mode */ + CHECK(ldap_parse_configentry(entry, inst)); + + cleanup: +- if (inst != NULL) { +- sync_concurr_limit_signal(inst->sctx); +- sync_event_signal(inst->sctx, pevent); +- } ++ sync_concurr_limit_signal(inst->sctx); ++ sync_event_signal(inst->sctx, pevent); ++ + if (result != ISC_R_SUCCESS) + log_error_r("update_config (syncrepl) failed for %s. " + "Configuration can be outdated, run `rndc reload`", +@@ -3790,14 +3790,14 @@ update_serverconfig(isc_task_t * task, isc_event_t *event) + + mctx = pevent->mctx; + ++ REQUIRE(inst != NULL); + INSIST(task == inst->task); /* For task-exclusive mode */ + CHECK(ldap_parse_serverconfigentry(entry, inst)); + + cleanup: +- if (inst != NULL) { +- sync_concurr_limit_signal(inst->sctx); +- sync_event_signal(inst->sctx, pevent); +- } ++ sync_concurr_limit_signal(inst->sctx); ++ sync_event_signal(inst->sctx, pevent); ++ + if (result != ISC_R_SUCCESS) + log_error_r("update_serverconfig (syncrepl) failed for %s. " + "Configuration can be outdated, run `rndc reload`", +@@ -3860,6 +3860,7 @@ update_record(isc_task_t *task, isc_event_t *event) + dns_name_init(&prevname, NULL); + dns_name_init(&prevorigin, NULL); + ++ REQUIRE(inst != NULL); + CHECK(zr_get_zone_ptr(inst->zone_register, &entry->zone_name, &raw, &secure)); + zone_found = ISC_TRUE; + +@@ -4020,13 +4021,12 @@ cleanup: + ldap_entry_logname(entry), pevent->chgtype); + } + +- if (inst != NULL) { +- sync_concurr_limit_signal(inst->sctx); +- if (dns_name_dynamic(&prevname)) +- dns_name_free(&prevname, inst->mctx); +- if (dns_name_dynamic(&prevorigin)) +- dns_name_free(&prevorigin, inst->mctx); +- } ++ sync_concurr_limit_signal(inst->sctx); ++ if (dns_name_dynamic(&prevname)) ++ dns_name_free(&prevname, inst->mctx); ++ if (dns_name_dynamic(&prevorigin)) ++ dns_name_free(&prevorigin, inst->mctx); ++ + if (raw != NULL) + dns_zone_detach(&raw); + if (secure != NULL) +@@ -4106,6 +4106,7 @@ syncrepl_update(ldap_instance_t *inst, ldap_entry_t **entryp, int chgtype) + isc_task_t *task = NULL; + isc_boolean_t synchronous; + ++ REQUIRE(inst != NULL); + REQUIRE(entryp != NULL); + entry = *entryp; + REQUIRE(entry->class != LDAP_ENTRYCLASS_NONE); +-- +2.9.3 + diff --git a/SPECS/bind-dyndb-ldap.spec b/SPECS/bind-dyndb-ldap.spec index 62d8f4f..a46f3e4 100644 --- a/SPECS/bind-dyndb-ldap.spec +++ b/SPECS/bind-dyndb-ldap.spec @@ -1,30 +1,36 @@ %define VERSION %{version} Name: bind-dyndb-ldap -Version: 10.0 -Release: 5%{?dist} +Version: 11.1 +Release: 3%{?dist} Summary: LDAP back-end plug-in for BIND Group: System Environment/Libraries License: GPLv2+ -URL: https://fedorahosted.org/bind-dyndb-ldap -Source0: https://fedorahosted.org/released/%{name}/%{name}-%{VERSION}.tar.bz2 -Source1: https://fedorahosted.org/released/%{name}/%{name}-%{VERSION}.tar.bz2.asc -Patch0: bind-dyndb-ldap-pspacek-0432-2-Prevent-crash-while-reloading-previously-invalid-but.patch -Patch1: bind-dyndb-ldap-pspacek-0433-Remove-preserve_forwarding-parameter-from-ldap_delet.patch -Patch2: bind-dyndb-ldap-pspacek-0434-Fix-zone-removal-to-respect-forward-configuration-in.patch +URL: https://releases.pagure.org/bind-dyndb-ldap +Source0: https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2 +Source1: https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2.asc +Patch0: bind-dyndb-ldap-tkrizek-0001-Revert-BIND-9.11-use-new-public-header-isc-errno.h-i.patch +Patch1: bind-dyndb-ldap-tkrizek-0002-Revert-BIND-9.11-Add-wrapper-for-new-DB-API-method-n.patch +Patch2: bind-dyndb-ldap-tkrizek-0003-Revert-BIND-9.11-Remove-if-blocks-for-older-BIND-ver.patch +Patch3: bind-dyndb-ldap-tkrizek-0004-Skip-isc-lib-register.patch +Patch4: bind-dyndb-ldap-pemensik-0002-Treat-passwords-like-ordinary-text-bind-does-not-sup.patch +Patch5: bind-dyndb-ldap-pemensik-0003-Replace-unsupported-autoreallocating-buffer-by-custo.patch +Patch6: bind-dyndb-ldap-tkrizek-0005-Setting-skip-unconfigured-values.patch +Patch7: bind-dyndb-ldap-tkrizek-0006-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -BuildRequires: bind-devel >= 32:9.9.0-1, bind-lite-devel >= 32:9.9.0-1 +BuildRequires: bind-devel >= 32:9.9.4-44, bind-lite-devel >= 32:9.9.4-44 BuildRequires: krb5-devel BuildRequires: openldap-devel BuildRequires: libuuid-devel BuildRequires: automake, autoconf, libtool -Requires: bind >= 32:9.9.0-1 +Requires: bind >= 32:9.9.4-44 # https://bugzilla.redhat.com/show_bug.cgi?id=1376851 Requires(post,postun): selinux-policy +Requires(post): sed %description This package provides an LDAP back-end plug-in for BIND. It features @@ -37,6 +43,11 @@ off of your LDAP server. %patch0 -p1 %patch1 -p1 %patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 %build autoreconf -fiv @@ -54,17 +65,57 @@ rm %{buildroot}%{_libdir}/bind/ldap.la rm -r %{buildroot}%{_datadir}/doc/%{name} +%post # SELinux boolean named_write_master_zones has to be enabled # otherwise the plugin will not be able to write to /var/named. # This scriptlet enables the boolean after installation or upgrade. # SELinux is sensitive area so I want to inform user about the change. -%post if [ -x "/usr/sbin/setsebool" ] ; then echo "Enabling SELinux boolean named_write_master_zones" /usr/sbin/setsebool -P named_write_master_zones=1 || : fi +# Transform named.conf if it still has old-style API. +PLATFORM=$(uname -m) + +if [ $PLATFORM == "x86_64" ] ; then + LIBPATH=/usr/lib64 +else + LIBPATH=/usr/lib +fi + +# The following sed script: +# - scopes the named.conf changes to dynamic-db +# - replaces arg "name value" syntax with name "value" +# - changes dynamic-db header to dyndb +# - uses the new way the define path to the library +# - removes no longer supported arguments (library, cache_ttl, +# psearch, serial_autoincrement, zone_refresh) +while read -r PATTERN +do + SEDSCRIPT+="$PATTERN" +done < - 11.1-3 +- resolves: #1436268 crash when server_id is not present in named.conf +- coverity fixes + +* Wed Mar 15 2017 Tomas Krizek - 11.1-2 +- bump NVR to fix bind dependencies + +* Wed Mar 15 2017 Tomas Krizek - 11.1-1 +- update to letest upstream version +- resolves: #1393889 Rebase to bind-dyndb-ldap 11+ +- resolves: #1165796 bind-dyndb-ldap crashes if server is shutting down and connection to LDAP is down +- resolves: #1413805 bind-dyndb-ldap default schema is shipped with syntax error + * Wed Sep 21 2016 Petr Spacek - 10.0-5 - resolves: #1376851 Unable to set named_write_master_zones boolean on upgrade