#187 Changes for bind-9.16
Closed 4 months ago by abbra. Opened 10 months ago by twoerner.
twoerner/bind-dyndb-ldap bind_9_16  into  master

file modified
+23 -23
@@ -105,33 +105,33 @@ 

  	}

  	str = cfg_obj_asstring(obj);

  

- 	MATCH("name", DNS_SSUMATCHTYPE_NAME);

- 	MATCH("subdomain", DNS_SSUMATCHTYPE_SUBDOMAIN);

- 	MATCH("zonesub", DNS_SSUMATCHTYPE_SUBDOMAIN);

- 	MATCH("wildcard", DNS_SSUMATCHTYPE_WILDCARD);

- 	MATCH("self", DNS_SSUMATCHTYPE_SELF);

- #if defined(DNS_SSUMATCHTYPE_SELFSUB) && defined(DNS_SSUMATCHTYPE_SELFWILD)

- 	MATCH("selfsub", DNS_SSUMATCHTYPE_SELFSUB);

- 	MATCH("selfwild", DNS_SSUMATCHTYPE_SELFWILD);

+ 	MATCH("name", dns_ssumatchtype_name);

+ 	MATCH("subdomain", dns_ssumatchtype_subdomain);

+ 	MATCH("zonesub", dns_ssumatchtype_subdomain);

+ 	MATCH("wildcard", dns_ssumatchtype_wildcard);

+ 	MATCH("self", dns_ssumatchtype_self);

+ #if defined(dns_ssumatchtype_selfSUB) && defined(dns_ssumatchtype_selfwild)

+ 	MATCH("selfsub", dns_ssumatchtype_selfSUB);

+ 	MATCH("selfwild", dns_ssumatchtype_selfwild);

  #endif

- #ifdef DNS_SSUMATCHTYPE_SELFMS

- 	MATCH("ms-self", DNS_SSUMATCHTYPE_SELFMS);

+ #ifdef dns_ssumatchtype_selfms

+ 	MATCH("ms-self", dns_ssumatchtype_selfms);

  #endif

- #ifdef DNS_SSUMATCHTYPE_SELFKRB5

- 	MATCH("krb5-self", DNS_SSUMATCHTYPE_SELFKRB5);

+ #ifdef dns_ssumatchtype_selfkrb5

+ 	MATCH("krb5-self", dns_ssumatchtype_selfkrb5);

  #endif

- #ifdef DNS_SSUMATCHTYPE_SUBDOMAINMS

- 	MATCH("ms-subdomain", DNS_SSUMATCHTYPE_SUBDOMAINMS);

+ #ifdef dns_ssumatchtype_subdomainms

+ 	MATCH("ms-subdomain", dns_ssumatchtype_subdomainms);

  #endif

- #ifdef DNS_SSUMATCHTYPE_SUBDOMAINKRB5

- 	MATCH("krb5-subdomain", DNS_SSUMATCHTYPE_SUBDOMAINKRB5);

+ #ifdef dns_ssumatchtype_subdomainkrb5

+ 	MATCH("krb5-subdomain", dns_ssumatchtype_subdomainkrb5);

  #endif

- #if defined(DNS_SSUMATCHTYPE_TCPSELF) && defined(DNS_SSUMATCHTYPE_6TO4SELF)

- 	MATCH("tcp-self", DNS_SSUMATCHTYPE_TCPSELF);

- 	MATCH("6to4-self", DNS_SSUMATCHTYPE_6TO4SELF);

+ #if defined(dns_ssumatchtype_tcpself) && defined(dns_ssumatchtype_6to4self)

+ 	MATCH("tcp-self", dns_ssumatchtype_tcpself);

+ 	MATCH("6to4-self", dns_ssumatchtype_6to4self);

  #endif

- #if defined(DNS_SSUMATCHTYPE_EXTERNAL)

- 	MATCH("external", DNS_SSUMATCHTYPE_EXTERNAL);

+ #if defined(dns_ssumatchtype_external)

+ 	MATCH("external", dns_ssumatchtype_external);

  #endif

  

  	log_bug("unsupported match type '%s'", str);
@@ -313,7 +313,7 @@ 

  		/* Use zone name for 'zonesub' match type */

  		result = get_fixed_name(stmt, "name", &fname);

  		if (result == ISC_R_NOTFOUND &&

- 		    match_type == DNS_SSUMATCHTYPE_SUBDOMAIN) {

+ 		    match_type == dns_ssumatchtype_subdomain) {

  			dns_fixedname_init(&fname);

  			CHECK(dns_name_copy(dns_zone_getorigin(zone),

  					    dns_fixedname_name(&fname),
@@ -324,7 +324,7 @@ 

  

  		CHECK(get_types(mctx, stmt, &types, &n));

  

- 		if (match_type == DNS_SSUMATCHTYPE_WILDCARD &&

+ 		if (match_type == dns_ssumatchtype_wildcard &&

  		    !dns_name_iswildcard(dns_fixedname_name(&fname))) {

  			char name[DNS_NAME_FORMATSIZE];

  			dns_name_format(dns_fixedname_name(&fname), name,

file modified
+1 -1
@@ -108,7 +108,7 @@ 

  	isc_buffer_init(&buffer, (char *)string, string_len);

  	isc_buffer_add(&buffer, string_len);

  

- 	result = cfg_parse_buffer(parser, &buffer, *type, &ret);

+ 	result = cfg_parse_buffer(parser, &buffer, NULL, 0, *type, 0, &ret);

  

  	if (result == ISC_R_SUCCESS)

  		*objp = ret;

file modified
+3 -8
@@ -226,15 +226,13 @@ 

   * @returns @see empty_zone_search_next

   */

  isc_result_t

- empty_zone_search_init(empty_zone_search_t *iter, dns_name_t *qname,

+ empty_zone_search_init(empty_zone_search_t *iter, const dns_name_t *qname,

                         dns_zt_t *ztable) {

- 	isc_result_t result;

- 

  	REQUIRE(iter != NULL);

  	REQUIRE(dns_name_isabsolute(qname));

  

  	INIT_BUFFERED_NAME(iter->qname);

- 	CHECK(dns_name_copy(qname, &iter->qname, NULL));

+ 	dns_name_copynf(qname, &iter->qname);

  

  	INIT_BUFFERED_NAME(iter->ezname);

  	iter->nextidx = 0;
@@ -243,9 +241,6 @@ 

  	dns_zt_attach(ztable, &iter->zonetable);

  

  	return empty_zone_search_next(iter);

- 

- cleanup:

- 	return result;

  }

  

  /**
@@ -298,7 +293,7 @@ 

   *    it failed and user configured policy != only.

   */

  isc_result_t

- empty_zone_handle_conflicts(dns_name_t *name, dns_zt_t *zonetable,

+ empty_zone_handle_conflicts(const dns_name_t *name, dns_zt_t *zonetable,

  			    bool warn_only)

  {

  	isc_result_t result;

file modified
+2 -2
@@ -21,11 +21,11 @@ 

  empty_zone_search_stop(empty_zone_search_t *iter) ATTR_NONNULLS;

  

  isc_result_t

- empty_zone_search_init(empty_zone_search_t *iter, dns_name_t *qname,

+ empty_zone_search_init(empty_zone_search_t *iter, const dns_name_t *qname,

  		       dns_zt_t *ztable) ATTR_NONNULLS ATTR_CHECKRESULT;

  

  isc_result_t

- empty_zone_handle_conflicts(dns_name_t *name, dns_zt_t *zonetable,

+ empty_zone_handle_conflicts(const dns_name_t *name, dns_zt_t *zonetable,

  			    bool warn_only) ATTR_NONNULLS ATTR_CHECKRESULT;

  

  /* Trigger to execute empty_zone_handle_conflicts() for dns_rootname. */

file modified
+4 -1
@@ -79,7 +79,10 @@ 

  	char curr_path[PATH_MAX + 1];

  	char *end = NULL;

  

- 	CHECK(isc_string_copy(curr_path, PATH_MAX, path));

+ 	/* isc_string_copy has been removed */

+ 	if (strlcpy(curr_path, path, PATH_MAX) >= PATH_MAX) {

+ 		return ISC_R_NOSPACE;

+ 	}

  

  	for (end = strchr(curr_path, '/');

  	     end != NULL;

file modified
+14 -17
@@ -86,7 +86,6 @@ 

  static isc_result_t

  fwd_list_gen_dummy_config_string(isc_mem_t *mctx, size_t list_len,

  				 isc_buffer_t **dummy_string) {

- 	isc_result_t result;

  	const char prefix[] = "{ ";

  	const char suffix[] = "} // dummy string, please ignore";

  	const char fill[] = "127.0.0.1; ";
@@ -98,7 +97,9 @@ 

  

  	REQUIRE(dummy_string != NULL && *dummy_string == NULL);

  

- 	CHECK(isc_buffer_allocate(mctx, &output, target_size));

+ 	/* No CHECK here as isc_buffer_allocate is void and can not fail.

+ 	 *  See bind9: a038f77d92a857bc11750683c9317d70da6fcfdf */

+ 	isc_buffer_allocate(mctx, &output, target_size);

  	isc_buffer_putstr(output, prefix);

  	for (size_t i = 0; i < list_len; i++)

  		isc_buffer_putstr(output, fill);
@@ -106,11 +107,7 @@ 

  	isc_buffer_putuint8(output, '\0');

  	*dummy_string = output;

  

- cleanup:

- 	if (result != ISC_R_SUCCESS && output != NULL)

- 		isc_buffer_free(&output);

- 

- 	return result;

+ 	return ISC_R_SUCCESS;

  }

  

  /**
@@ -122,7 +119,6 @@ 

  isc_result_t

  fwd_print_bracketed_values_buf(isc_mem_t *mctx, ldap_valuelist_t *values,

  			      isc_buffer_t **string) {

- 	isc_result_t result;

  	ldap_value_t *value;

  	const char prefix[] = "{ ";

  	const char suffix[] = "}";
@@ -143,13 +139,14 @@ 

  	buffer_append_str(&tmp_buf, suffix, 2);

  

  	/* create and copy string from tmp to output buffer */

- 	CHECK(isc_buffer_allocate(mctx, string, tmp_buf.used));

+         /* No CHECK here as isc_buffer_allocate is void and can not fail.

+          *  See bind9: a038f77d92a857bc11750683c9317d70da6fcfdf */

+ 	isc_buffer_allocate(mctx, string, tmp_buf.used);

  	isc_buffer_putmem(*string, isc_buffer_base(&tmp_buf), tmp_buf.used);

  

- cleanup:

  	if (tmp_buf.base != NULL)

  		isc_mem_put(mctx, tmp_buf.base, tmp_buf.length);

- 	return result;

+ 	return ISC_R_SUCCESS;

  }

  

  isc_result_t
@@ -182,8 +179,8 @@ 

  	list_len = fwd_list_len(fwdrs);

  	CHECK(fwd_list_gen_dummy_config_string(mctx,

  					       list_len, &dummy_fwdr_buf));

- 	CHECK(cfg_parse_buffer(parser, dummy_fwdr_buf,

- 			       cfg_type_forwarders, &forwarders_cfg));

+ 	CHECK(cfg_parse_buffer(parser, dummy_fwdr_buf, NULL, 0,

+ 			       cfg_type_forwarders, 0, &forwarders_cfg));

  

  	/* Walk through internal representation and cfg representation and copy

  	 * data from the internal one to cfg data structures.*/
@@ -199,7 +196,7 @@ 

  	cfg_print(faddresses, buffer_append_str, &tmp_buf);

  

  	/* create and copy string from tmp to output buffer */

- 	CHECK(isc_buffer_allocate(mctx, out_buf, tmp_buf.used));

+ 	isc_buffer_allocate(mctx, out_buf, tmp_buf.used);

  	isc_buffer_putmem(*out_buf, isc_buffer_base(&tmp_buf),

  			  isc_buffer_usedlength(&tmp_buf));

  
@@ -494,7 +491,7 @@ 

   */

  isc_result_t

  fwd_configure_zone(const settings_set_t *set, ldap_instance_t *inst,

- 		   dns_name_t *name)

+ 		   const dns_name_t *name)

  {

  	isc_result_t result;

  	isc_mem_t *mctx = NULL;
@@ -582,7 +579,7 @@ 

  		CHECK(dns_fwdtable_addfwd(view->fwdtable, name, &fwdrs,

  					  fwdpolicy));

  	}

- 	dns_view_flushcache(view);

+ 	dns_view_flushcache(view, false);

  	run_exclusive_exit(inst, lock_state);

  	lock_state = ISC_R_IGNORE; /* prevent double-unlock */

  	log_debug(5, "%s %s: forwarder table was updated: %s",
@@ -607,7 +604,7 @@ 

  }

  

  isc_result_t

- fwd_delete_table(dns_view_t *view, dns_name_t *name,

+ fwd_delete_table(dns_view_t *view, const dns_name_t *name,

  		 const char *msg_obj_type, const char *logname) {

  	isc_result_t result;

  

file modified
+2 -2
@@ -26,11 +26,11 @@ 

  	       ATTR_NONNULLS ATTR_CHECKRESULT;

  

  isc_result_t

- fwd_configure_zone(const settings_set_t *set, ldap_instance_t *inst, dns_name_t *name)

+ fwd_configure_zone(const settings_set_t *set, ldap_instance_t *inst, const dns_name_t *name)

  		   ATTR_NONNULLS ATTR_CHECKRESULT;

  

  isc_result_t

- fwd_delete_table(dns_view_t *view, dns_name_t *name,

+ fwd_delete_table(dns_view_t *view, const dns_name_t *name,

  		 const char *msg_obj_type, const char *logname)

  		 ATTR_NONNULLS ATTR_CHECKRESULT;

  

file modified
+18 -12
@@ -131,7 +131,7 @@ 

  	} else if (idx == 1) { /* zone only */

  		if (iszone != NULL)

  			*iszone = true;

- 		CHECK(dns_name_copy(dns_rootname, &origin, NULL));

+ 		dns_name_copynf(dns_rootname, &origin);

  		CHECK(dns_name_fromtext(&name, &name_buf, dns_rootname, 0, NULL));

  	} else if (idx == 2) { /* owner and zone */

  		if (iszone != NULL)
@@ -286,7 +286,8 @@ 

  			}

  			/* LDAP uses \xy escaping. "xy" represent two hexadecimal digits.*/

  			/* TODO: optimize to bit mask & rotate & dec->hex table? */

- 			CHECK(isc_string_printf(esc_name + esc_idx, 4, "\\%02x", ascii_val));

+ 			/* isc_string_printf has been removed */

+ 			result = snprintf(esc_name + esc_idx, 4, "\\%02x", ascii_val);

  			esc_idx += 3; /* isc_string_printf wrote 4 bytes including '\0' */

  		}

  	}
@@ -430,24 +431,28 @@ 

  rdatatype_to_ldap_attribute(dns_rdatatype_t rdtype, char *target,

  			    unsigned int size, bool unknown)

  {

- 	isc_result_t result;

  	char rdtype_str[DNS_RDATATYPE_FORMATSIZE];

  

  	if (unknown) {

  		/* "UnknownRecord;TYPE65333" */

- 		CHECK(isc_string_copy(target, size,

- 				      LDAP_RDATATYPE_UNKNOWN_PREFIX));

+ 		/* isc_string_copy and isc_string_append have been removed */

+ 		if (strlcpy(target, LDAP_RDATATYPE_UNKNOWN_PREFIX, size)

+ 		    >= size)

+ 			return ISC_R_NOSPACE;

  		snprintf(rdtype_str, sizeof(rdtype_str), "TYPE%u", rdtype);

- 		CHECK(isc_string_append(target, size, rdtype_str));

+ 		if (strlcat(target, rdtype_str, size) >= size)

+ 			return ISC_R_NOSPACE;

  	} else {

  		/* "ARecord" */

  		dns_rdatatype_format(rdtype, rdtype_str, DNS_RDATATYPE_FORMATSIZE);

- 		CHECK(isc_string_copy(target, size, rdtype_str));

- 		CHECK(isc_string_append(target, size, LDAP_RDATATYPE_SUFFIX));

+ 		/* isc_string_copy and isc_string_append have been removed */

+ 		if (strlcpy(target, rdtype_str, size) >= size)

+ 			return ISC_R_NOSPACE;

+ 		if (strlcat(target, LDAP_RDATATYPE_SUFFIX, size) >= size)

+ 			return ISC_R_NOSPACE;

  	}

  

- cleanup:

- 	return result;

+ 	return ISC_R_SUCCESS;

  }

  

  /**
@@ -463,8 +468,9 @@ 

  	dns_rdata_toregion(rdata, &rdata_reg);

  	REQUIRE(rdata_reg.length <= 65535);

  

- 	result = isc_string_printf(buf, sizeof(buf), "\\# %u", rdata_reg.length);

- 	INSIST(result == ISC_R_SUCCESS);

+ 	/* isc_string_printf has been removed */

+ 	result = snprintf(buf, sizeof(buf), "\\# %u", rdata_reg.length);

+ 	RUNTIME_CHECK(result < sizeof(buf));

  	isc_buffer_putstr(target, buf);

  	if (rdata_reg.length != 0U) {

  		isc_buffer_putstr(target, " ");

file modified
+39 -21
@@ -30,6 +30,7 @@ 

  #include <dns/result.h>

  #include <dns/soa.h>

  #include <dns/types.h>

+ #include <dns/rpz.h>

  

  #include <string.h> /* For memcpy */

  
@@ -118,7 +119,8 @@ 

  

  	REQUIRE(VALID_LDAPDB(ldapdb));

  

- 	isc_refcount_increment(&ldapdb->refs, NULL);

+ 	/* isc_refcount_increment only has one argument now */

+ 	isc_refcount_increment(&ldapdb->refs);

  	*targetp = source;

  }

  
@@ -153,8 +155,8 @@ 

  #endif

  	dns_db_detach(&ldapdb->rbtdb);

  	dns_name_free(&ldapdb->common.origin, ldapdb->common.mctx);

- 	RUNTIME_CHECK(isc_mutex_destroy(&ldapdb->newversion_lock)

- 		      == ISC_R_SUCCESS);

+ 	/* isc_mutex_destroy is failing fatal now */

+ 	isc_mutex_destroy(&ldapdb->newversion_lock);

  	isc_mem_putanddetach(&ldapdb->common.mctx, ldapdb, sizeof(*ldapdb));

  }

  
@@ -167,7 +169,8 @@ 

  

  	REQUIRE(VALID_LDAPDB(ldapdb));

  

- 	isc_refcount_decrement(&ldapdb->refs, &refs);

+ 	/* isc_refcount_decrement only has one argument now */

+ 	refs = isc_refcount_decrement(&ldapdb->refs);

  

  	if (refs == 0)

  		free_ldapdb(ldapdb);
@@ -322,7 +325,7 @@ 

  }

  

  static isc_result_t

- findnode(dns_db_t *db, dns_name_t *name, bool create,

+ findnode(dns_db_t *db, const dns_name_t *name, bool create,

  	 dns_dbnode_t **nodep)

  {

  	ldapdb_t *ldapdb = (ldapdb_t *) db;
@@ -333,7 +336,7 @@ 

  }

  

  static isc_result_t

- find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,

+ find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version,

       dns_rdatatype_t type, unsigned int options, isc_stdtime_t now,

       dns_dbnode_t **nodep, dns_name_t *foundname, dns_rdataset_t *rdataset,

       dns_rdataset_t *sigrdataset)
@@ -347,16 +350,17 @@ 

  }

  

  static isc_result_t

- findzonecut(dns_db_t *db, dns_name_t *name, unsigned int options,

+ findzonecut(dns_db_t *db, const dns_name_t *name, unsigned int options,

  	    isc_stdtime_t now, dns_dbnode_t **nodep, dns_name_t *foundname,

- 	    dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset)

+ 	    dns_name_t *dcname, dns_rdataset_t *rdataset,

+ 	    dns_rdataset_t *sigrdataset)

  {

  	ldapdb_t *ldapdb = (ldapdb_t *) db;

  

  	REQUIRE(VALID_LDAPDB(ldapdb));

  

  	return dns_db_findzonecut(ldapdb->rbtdb, name, options, now, nodep,

- 				  foundname, rdataset, sigrdataset);

+ 				  foundname, dcname, rdataset, sigrdataset);

  }

  

  static void
@@ -683,7 +687,7 @@ 

  }

  

  static isc_result_t

- findnsec3node(dns_db_t *db, dns_name_t *name, bool create,

+ findnsec3node(dns_db_t *db, const dns_name_t *name, bool create,

  	      dns_dbnode_t **nodep)

  {

  	ldapdb_t *ldapdb = (ldapdb_t *) db;
@@ -745,15 +749,22 @@ 

  }

  

  void

- rpz_attach(dns_db_t *db, dns_rpz_zones_t *rpzs, dns_rpz_num_t rpz_num)

+ rpz_attach(dns_db_t *db, void *void_rpzs, uint8_t rpz_num)

  {

  	ldapdb_t *ldapdb = (ldapdb_t *) db;

+ 	dns_rpz_zones_t *rpzs = (dns_rpz_zones_t *) void_rpzs;

+ 	isc_result_t result;

  

  	REQUIRE(VALID_LDAPDB(ldapdb));

  

- 	dns_db_rpz_attach(ldapdb->rbtdb, rpzs, rpz_num);

+ 	rpzs->zones[rpz_num]->db_registered = true;

+ 	result = dns_db_updatenotify_register(ldapdb->rbtdb,

+ 					      dns_rpz_dbupdate_callback,

+ 					      rpzs->zones[rpz_num]);

+ 	REQUIRE(result == ISC_R_SUCCESS);

  }

  

+ /*

  isc_result_t

  rpz_ready(dns_db_t *db)

  {
@@ -763,9 +774,10 @@ 

  

  	return dns_db_rpz_ready(ldapdb->rbtdb);

  }

+ */

  

  static isc_result_t

- findnodeext(dns_db_t *db, dns_name_t *name,

+ findnodeext(dns_db_t *db, const dns_name_t *name,

  		   bool create, dns_clientinfomethods_t *methods,

  		   dns_clientinfo_t *clientinfo, dns_dbnode_t **nodep)

  {
@@ -778,7 +790,7 @@ 

  }

  

  static isc_result_t

- findext(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,

+ findext(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version,

  	       dns_rdatatype_t type, unsigned int options, isc_stdtime_t now,

  	       dns_dbnode_t **nodep, dns_name_t *foundname,

  	       dns_clientinfomethods_t *methods, dns_clientinfo_t *clientinfo,
@@ -862,13 +874,16 @@ 

  	isdnssec,

  	getrrsetstats,

  	rpz_attach,

- 	rpz_ready,

+ 	NULL, /* rpz_ready */

  	findnodeext,

  	findext,

  	setcachestats,

  	hashsize,

  	nodefullname,

  	NULL, // getsize method not implemented (related BZ1353563)

+ 	NULL, /* setservestalettl */

+ 	NULL, /* getservestalettl */

+ 	NULL /* setgluecachestats */

  };

  

  isc_result_t ATTR_NONNULLS
@@ -918,7 +933,7 @@ 

   * @param[in] argv [0] is database instance name

   */

  isc_result_t

- ldapdb_associate(isc_mem_t *mctx, dns_name_t *name, dns_dbtype_t type,

+ ldapdb_associate(isc_mem_t *mctx, const dns_name_t *name, dns_dbtype_t type,

  		 dns_rdataclass_t rdclass, unsigned int argc, char *argv[],

  		 void *driverarg, dns_db_t **dbp) {

  
@@ -962,10 +977,12 @@ 

  	ZERO_PTR(ldapdb);

  

  	isc_mem_attach(mctx, &ldapdb->common.mctx);

- 	CHECK(isc_mutex_init(&ldapdb->newversion_lock));

+ 	/* isc_mutex_init and isc_condition_init failures are now fatal */

+ 	isc_mutex_init(&ldapdb->newversion_lock);

  	lock_ready = true;

  	dns_name_init(&ldapdb->common.origin, NULL);

- 	isc_ondestroy_init(&ldapdb->common.ondest);

+ 	/* Remove whole unused ondestroy callback mechanism */

+ 	/* isc_ondestroy_init(&ldapdb->common.ondest); */

  

  	ldapdb->common.magic = DNS_DB_MAGIC;

  	ldapdb->common.impmagic = LDAPDB_MAGIC;
@@ -988,9 +1005,10 @@ 

  

  cleanup:

  	if (ldapdb != NULL) {

- 		if (lock_ready == true)

- 			RUNTIME_CHECK(isc_mutex_destroy(&ldapdb->newversion_lock)

- 				      == ISC_R_SUCCESS);

+ 		if (lock_ready == true) {

+ 			/* isc_mutex_destroy errors are now fatal */

+ 			isc_mutex_destroy(&ldapdb->newversion_lock);

+ 		}

  		if (dns_name_dynamic(&ldapdb->common.origin))

  			dns_name_free(&ldapdb->common.origin, mctx);

  

file modified
+1 -1
@@ -23,7 +23,7 @@ 

  	      ATTR_NONNULL(1,2,5,6);

  

  isc_result_t

- ldapdb_associate(isc_mem_t *mctx, dns_name_t *name, dns_dbtype_t type,

+ ldapdb_associate(isc_mem_t *mctx, const dns_name_t *name, dns_dbtype_t type,

  		 dns_rdataclass_t rdclass, unsigned int argc, char *argv[],

  		 void *driverarg, dns_db_t **dbp) ATTR_NONNULL(1,2,7,8);

  dns_db_t *

file modified
+88 -60
@@ -3,6 +3,8 @@ 

   */

  

  #include "config.h"

+ #define HAVE_TLS 1

+ #define HAVE_THREAD_LOCAL 1

  

  #include <dns/dyndb.h>

  #include <dns/diff.h>
@@ -445,7 +447,10 @@ 

  			  auth_method_str);

  		CLEANUP_WITH(ISC_R_FAILURE);

  	}

- 	CHECK(isc_string_printf(print_buff, PRINT_BUFF_SIZE, "%u", auth_method_enum));

+ 	/* isc_string_printf has been removed */

+ 	result = snprintf(print_buff, PRINT_BUFF_SIZE, "%u", auth_method_enum);

+ 	RUNTIME_CHECK(result < PRINT_BUFF_SIZE);

+ 

  	CHECK(setting_set("auth_method_enum", inst->local_settings, print_buff));

  

  	/* check we have the right data when SASL/GSSAPI is selected */
@@ -555,16 +560,16 @@ 

  	ldap_inst->watcher = 0;

  	CHECK(sync_ctx_init(ldap_inst->mctx, ldap_inst, &ldap_inst->sctx));

  

- 	isc_string_printf_truncate(settings_name, PRINT_BUFF_SIZE,

- 				   SETTING_SET_NAME_LOCAL " for database %s",

- 				   ldap_inst->db_name);

+ 	snprintf(settings_name, PRINT_BUFF_SIZE,

+ 		 SETTING_SET_NAME_LOCAL " for database %s",

+ 		 ldap_inst->db_name);

  	CHECK(settings_set_create(mctx, settings_local_default,

  	      sizeof(settings_local_default), settings_name,

  	      &settings_default_set, &ldap_inst->local_settings));

  

- 	isc_string_printf_truncate(settings_name, PRINT_BUFF_SIZE,

- 				   SETTING_SET_NAME_GLOBAL " for database %s",

- 				   ldap_inst->db_name);

+ 	snprintf(settings_name, PRINT_BUFF_SIZE,

+ 		 SETTING_SET_NAME_GLOBAL " for database %s",

+ 		 ldap_inst->db_name);

  	CHECK(settings_set_create(mctx, settings_global_default,

  	      sizeof(settings_global_default), settings_name,

  	      ldap_inst->local_settings, &ldap_inst->global_settings));
@@ -576,7 +581,7 @@ 

  	/* copy global forwarders setting for configuration roll back in

  	 * configure_zone_forwarders() */

  	result = dns_fwdtable_find(ldap_inst->view->fwdtable, dns_rootname,

- 				   &named_conf_forwarders);

+ 				   NULL, &named_conf_forwarders);

  	if (result == ISC_R_SUCCESS) {

  		/* Copy forwarding config from named.conf into local_settings */

  		CHECK(fwd_print_list_buff(mctx, named_conf_forwarders,
@@ -629,13 +634,13 @@ 

  	CHECK(setting_get_str("server_id", ldap_inst->local_settings,

  			      &server_id));

  	if (strlen(server_id) == 0)

- 		isc_string_printf_truncate(settings_name, PRINT_BUFF_SIZE,

- 					   SETTING_SET_NAME_SERVER

- 					   " for undefined server_id");

+ 		snprintf(settings_name, PRINT_BUFF_SIZE,

+ 			 SETTING_SET_NAME_SERVER " for undefined server_id");

+ 

  	else

- 		isc_string_printf_truncate(settings_name, PRINT_BUFF_SIZE,

- 					   SETTING_SET_NAME_SERVER

- 					   " for server id %s", server_id);

+ 		snprintf(settings_name, PRINT_BUFF_SIZE,

+ 			 SETTING_SET_NAME_SERVER

+ 			 " for server id %s", server_id);

  

  	CHECK(settings_set_create(mctx, settings_server_ldap_default,

  	      sizeof(settings_server_ldap_default), settings_name,
@@ -656,7 +661,8 @@ 

  	CHECK(fwdr_create(ldap_inst->mctx, &ldap_inst->fwd_register));

  	CHECK(mldap_new(mctx, &ldap_inst->mldapdb));

  

- 	CHECK(isc_mutex_init(&ldap_inst->kinit_lock));

+ 	/* isc_mutex_init and isc_condition_init failures are now fatal */

+ 	isc_mutex_init(&ldap_inst->kinit_lock);

  

  	CHECK(ldap_pool_create(mctx, connections, &ldap_inst->pool));

  	CHECK(ldap_pool_connect(ldap_inst->pool, ldap_inst));
@@ -666,13 +672,16 @@ 

  			      mctx, &ldap_inst->db_imp));

  

  	/* Start the watcher thread */

- 	result = isc_thread_create(ldap_syncrepl_watcher, ldap_inst,

- 				   &ldap_inst->watcher);

- 	if (result != ISC_R_SUCCESS) {

- 		ldap_inst->watcher = 0;

- 		log_error("Failed to create syncrepl watcher thread");

- 		goto cleanup;

- 	}

+ 	/* isc_thread_create assert internally on failure */

+ 	isc_thread_create(ldap_syncrepl_watcher, ldap_inst,

+ 			  &ldap_inst->watcher);

+ 	/*

+ 	 * if (result != ISC_R_SUCCESS) {

+ 	 *	ldap_inst->watcher = 0;

+ 	 *	log_error("Failed to create syncrepl watcher thread");

+ 	 *	goto cleanup;

+ 	 * }

+ 	 */

  

  cleanup:

  	if (forwarders_list != NULL)
@@ -714,8 +723,8 @@ 

  				  "(already terminated?)");

  	}

  

- 	RUNTIME_CHECK(isc_thread_join(ldap_inst->watcher, NULL)

- 		      == ISC_R_SUCCESS);

+ 	/* isc_thread_join assert internally on failure */

+ 	isc_thread_join(ldap_inst->watcher, NULL);

  }

  

  void
@@ -749,7 +758,8 @@ 

  	if (ldap_inst->task != NULL)

  		isc_task_detach(&ldap_inst->task);

  

- 	DESTROYLOCK(&ldap_inst->kinit_lock);

+ 	/* isc_mutex_init and isc_condition_init failures are now fatal */

+ 	isc_mutex_destroy(&ldap_inst->kinit_lock);

  

  	settings_set_free(&ldap_inst->global_settings);

  	settings_set_free(&ldap_inst->local_settings);
@@ -782,11 +792,14 @@ 

  	CHECKED_MEM_GET_PTR(pool->mctx, ldap_conn);

  	ZERO_PTR(ldap_conn);

  

- 	result = isc_mutex_init(&ldap_conn->lock);

- 	if (result != ISC_R_SUCCESS) {

- 		SAFE_MEM_PUT_PTR(pool->mctx, ldap_conn);

- 		return result;

- 	}

+ 	/* isc_mutex_init and isc_condition_init failures are now fatal */

+ 	isc_mutex_init(&ldap_conn->lock);

+ 	/*

+ 	 * if (result != ISC_R_SUCCESS) {

+ 	 *	SAFE_MEM_PUT_PTR(pool->mctx, ldap_conn);

+ 	 *	return result;

+ 	 * }

+ 	 */

  

  	isc_mem_attach(pool->mctx, &ldap_conn->mctx);

  
@@ -811,7 +824,8 @@ 

  	if (ldap_conn == NULL)

  		return;

  

- 	DESTROYLOCK(&ldap_conn->lock);

+ 	 /* isc_mutex_init and isc_condition_init failures are now fatal */

+ 	isc_mutex_destroy(&ldap_conn->lock);

  	if (ldap_conn->handle != NULL)

  		ldap_unbind_ext_s(ldap_conn->handle, NULL, NULL);

  
@@ -847,8 +861,9 @@ 

  	namelen = strlen(filename);

  	if (namelen > 4 && strcmp(filename + namelen - 4, ".jnl") == 0)

  		namelen -= 4;

- 	CHECK(isc_string_printf(bck_filename, sizeof(bck_filename),

- 				"%.*s.jbk", namelen, filename));

+ 	result = snprintf(bck_filename, sizeof(bck_filename),

+ 			  "%.*s.jbk", namelen, filename);

+ 	RUNTIME_CHECK(result < sizeof(bck_filename));

  	CHECK(fs_file_remove(bck_filename));

  

  cleanup:
@@ -941,7 +956,8 @@ 

  	CHECK(zr_get_zone_path(mctx, ldap_instance_getsettings_local(inst),

  			       dns_zone_getorigin(zone),

  			       (issecure ? "signed" : "raw"), &file_name));

- 	CHECK(dns_zone_setfile(zone, str_buf(file_name)));

+ 	CHECK(dns_zone_setfile(zone, str_buf(file_name), dns_masterformat_text,

+ 			       &dns_master_style_default));

  	if (issecure == true) {

  		CHECK(zr_get_zone_path(mctx,

  				       ldap_instance_getsettings_local(inst),
@@ -990,8 +1006,9 @@ 

  	dns_zone_setclass(raw, dns_rdataclass_in);

  	dns_zone_settype(raw, dns_zone_master);

  	/* dns_zone_setview(raw, view); */

- 	CHECK(dns_zone_setdbtype(raw, sizeof(ldap_argv)/sizeof(ldap_argv[0]),

- 				 ldap_argv));

+ 	/* dns_zone_setdbtype is now void as it could no longer return */

+ 	dns_zone_setdbtype(raw, sizeof(ldap_argv)/sizeof(ldap_argv[0]),

+ 			   ldap_argv);

  	CHECK(configure_paths(inst->mctx, inst, raw, false));

  

  	if (want_secure == false) {
@@ -1003,7 +1020,9 @@ 

  		dns_zone_setclass(secure, dns_rdataclass_in);

  		dns_zone_settype(secure, dns_zone_master);

  		/* dns_zone_setview(secure, view); */

- 		CHECK(dns_zone_setdbtype(secure, 1, rbt_argv));

+ 		/* dns_zone_setdbtype is now void as it could no longer

+ 		 * return */

+ 		dns_zone_setdbtype(secure, 1, rbt_argv);

  		CHECK(dns_zonemgr_managezone(inst->zmgr, secure));

  		CHECK(dns_zone_link(secure, raw));

  		dns_zone_rekey(secure, true);
@@ -1055,7 +1074,7 @@ 

  	uint32_t serial;

  	dns_zone_t *raw = NULL;

  

- 	result = dns_zone_load(zone);

+ 	result = dns_zone_load(zone, false);

  	if (result != ISC_R_SUCCESS && result != DNS_R_UPTODATE

  	    && result != DNS_R_DYNAMIC && result != DNS_R_CONTINUE)

  		goto cleanup;
@@ -1067,11 +1086,11 @@ 

  		zone = NULL;

  	}

  

- 	CHECK(dns_zone_getserial2(raw, &serial));

+ 	CHECK(dns_zone_getserial(raw, &serial));

  	if (log == true)

  		dns_zone_log(raw, ISC_LOG_INFO, "loaded serial %u", serial);

  	if (zone != NULL) {

- 		result = dns_zone_getserial2(zone, &serial);

+ 		result = dns_zone_getserial(zone, &serial);

  		if (result == ISC_R_SUCCESS && log == true)

  			dns_zone_log(zone, ISC_LOG_INFO, "loaded serial %u",

  				     serial);
@@ -1717,7 +1736,8 @@ 

  	change.mod_op = LDAP_MOD_REPLACE;

  	change.mod_type = "idnsSOAserial";

  	change.mod_values = values;

- 	CHECK(isc_string_printf(serial_char, MAX_SERIAL_LENGTH, "%u", serial));

+ 	result = snprintf(serial_char, MAX_SERIAL_LENGTH, "%u", serial);

+ 	RUNTIME_CHECK(result < MAX_SERIAL_LENGTH);

  

  	CHECK(ldap_modify_do(inst, str_buf(dn), changep, false));

  
@@ -3287,7 +3307,10 @@ 

  

  	CHECK(ldap_mod_create(mctx, &change));

  	change->mod_op = LDAP_MOD_REPLACE;

- 	CHECK(isc_string_copy(change->mod_type, LDAP_ATTR_FORMATSIZE, "dnsTTL"));

+ 	/* isc_string_copy has been removed */

+ 	if (strlcpy(change->mod_type, "dnsTTL", LDAP_ATTR_FORMATSIZE)

+ 	   >= LDAP_ATTR_FORMATSIZE)

+ 		return ISC_R_NOSPACE;

  

  	CHECKED_MEM_ALLOCATE(mctx, vals, 2 * sizeof(char *));

  	memset(vals, 0, 2 * sizeof(char *));
@@ -3314,7 +3337,7 @@ 

  modify_soa_record(ldap_instance_t *ldap_inst, const char *zone_dn,

  		  dns_rdata_t *rdata)

  {

- 	isc_result_t result;

+ 	isc_result_t result = ISC_R_SUCCESS;

  	dns_rdata_soa_t soa;

  	LDAPMod change[5];

  	LDAPMod *changep[6] = {
@@ -3332,8 +3355,9 @@ 

  	change[index].mod_values = alloca(2 * sizeof(char *)); \

  	change[index].mod_values[0] = alloca(MAX_SOANUM_LENGTH); \

  	change[index].mod_values[1] = NULL; \

- 	CHECK(isc_string_printf(change[index].mod_values[0], \

- 		MAX_SOANUM_LENGTH, "%u", soa.name));

+ 	result = snprintf(change[index].mod_values[0],  \

+ 			  MAX_SOANUM_LENGTH, "%u", soa.name); \

+ 	RUNTIME_CHECK(result < MAX_SOANUM_LENGTH);

  

  	dns_rdata_tostruct(rdata, (void *)&soa, ldap_inst->mctx);

  
@@ -3347,7 +3371,6 @@ 

  

  	result = ldap_modify_do(ldap_inst, zone_dn, changep, false);

  

- cleanup:

  	return result;

  

  #undef MAX_SOANUM_LENGTH
@@ -3500,8 +3523,9 @@ 

  		change[0]->mod_vals.modv_strvals = NULL;

  		CHECK(rdatatype_to_ldap_attribute(type, attr, sizeof(attr),

  						  unknown_type));

- 		CHECK(isc_string_copy(change[0]->mod_type, LDAP_ATTR_FORMATSIZE,

- 				      attr));

+ 		if (strlcpy(change[0]->mod_type, attr, LDAP_ATTR_FORMATSIZE)

+ 		    >= LDAP_ATTR_FORMATSIZE)

+ 			return ISC_R_NOSPACE;

  		CHECK(ldap_modify_do(ldap_inst, str_buf(dn), change, false));

  		ldap_mod_free(ldap_inst->mctx, &change[0]);

  		unknown_type = !unknown_type;
@@ -3973,7 +3997,7 @@ 

  	/* Check if the zone is loaded or not.

  	 * No other function above returns DNS_R_NOTLOADED. */

  	if (sync_state == sync_finished)

- 		result = dns_zone_getserial2(raw, &serial);

+ 		result = dns_zone_getserial(raw, &serial);

  

  cleanup:

  #ifdef RBTDB_DEBUG
@@ -4010,7 +4034,7 @@ 

  				     "caused by change in %s",

  				     ldap_entry_logname(entry));

  			zone_reloaded = true;

- 			result = dns_zone_getserial2(raw, &serial);

+ 			result = dns_zone_getserial(raw, &serial);

  			if (result == ISC_R_SUCCESS)

  				goto update_restart;

  		} else {
@@ -4620,14 +4644,17 @@ 

  

  	/* request idnsServerConfig object only if server_id is specified */

  	CHECK(setting_get_str("server_id", inst->server_ldap_settings, &server_id));

- 	if (strlen(server_id) == 0)

- 		CHECK(isc_string_printf(filter, sizeof(filter), config_template,

- 				        "", "", "", filter_objcs));

- 	else

- 		CHECK(isc_string_printf(filter, sizeof(filter), config_template,

- 					"  (&(objectClass=idnsServerConfigObject)"

- 				        "    (idnsServerId=", server_id, "))",

- 					filter_objcs));

+ 	if (strlen(server_id) == 0) {

+ 		result = snprintf(filter, sizeof(filter), config_template,

+ 				  "", "", "", filter_objcs);

+ 		RUNTIME_CHECK(result < sizeof(filter));

+ 	} else {

+ 		result = snprintf(filter, sizeof(filter), config_template,

+ 				  "  (&(objectClass=idnsServerConfigObject)"

+ 				  "    (idnsServerId=", server_id, "))",

+ 				  filter_objcs);

+ 		RUNTIME_CHECK(result < sizeof(filter));

+ 	}

  

  	result = ldap_sync_prepare(inst, inst->server_ldap_settings,

  				   filter, conn, &ldap_sync);
@@ -4821,7 +4848,7 @@ 

   * (if it is even possible). */

  void

  ldap_instance_taint(ldap_instance_t *ldap_inst) {

- 	isc_refcount_increment0(&ldap_inst->errors, NULL);

+ 	isc_refcount_increment(&ldap_inst->errors);

  }

  

  bool
@@ -4852,7 +4879,8 @@ 

  ldap_instance_untaint_finish(ldap_instance_t *ldap_inst, unsigned int count) {

  	unsigned int remaining = 0;

  	while (count > 0) {

- 		isc_refcount_decrement(&ldap_inst->errors, &remaining);

+ 		/* isc_refcount_decrement now has one parameter */

+ 		remaining = isc_refcount_decrement(&ldap_inst->errors);

  		count--;

  	}

  	if (remaining != 0)

file modified
+8 -5
@@ -45,7 +45,8 @@ 

  

  	isc_mem_attach(mctx, &mdb->mctx);

  

- 	CHECK(isc_mutex_init(&mdb->newversion_lock));

+ 	/* isc_mutex_init and isc_condition_init failures are now fatal */

+ 	isc_mutex_init(&mdb->newversion_lock);

  	lock_ready = true;

  	CHECK(dns_db_create(mctx, "rbt", dns_rootname, dns_dbtype_zone,

  			    dns_rdataclass_in, 0, NULL, &mdb->rbtdb));
@@ -55,9 +56,10 @@ 

  

  cleanup:

  	if (mdb != NULL) {

- 		if (lock_ready == true)

- 			RUNTIME_CHECK(isc_mutex_destroy(&mdb->newversion_lock)

- 				      == ISC_R_SUCCESS);

+ 		if (lock_ready == true) {

+ 			/* isc_mutex_destroy errors are now fatal */

+ 			isc_mutex_destroy(&mdb->newversion_lock);

+ 		}

  		MEM_PUT_AND_DETACH(mdb);

  	}

  	return result;
@@ -79,7 +81,8 @@ 

  	dns_db_dump(mdb->rbtdb, NULL, "/tmp/mdb.db");

  #endif

  	dns_db_detach(&mdb->rbtdb);

- 	RUNTIME_CHECK(isc_mutex_destroy(&mdb->newversion_lock) == ISC_R_SUCCESS);

+ 	/* isc_mutex_destroy errors are now fatal */

+ 	isc_mutex_destroy(&mdb->newversion_lock);

  	MEM_PUT_AND_DETACH(mdb);

  

  	*mdbp = NULL;

file modified
+8 -13
@@ -107,7 +107,7 @@ 

  void mldap_cur_generation_bump(mldapdb_t *mldap) {

  	REQUIRE(mldap != NULL);

  

- 	isc_refcount_increment0(&mldap->generation, NULL);

+ 	isc_refcount_increment0(&mldap->generation);

  }

  

  /*
@@ -118,17 +118,12 @@ 

   * isc_refcount_t abstractions and returns underlying type used for storing the

   * reference counter value.

   */

- STATIC_ASSERT((uint32_t)

- 		(typeof(((isc_refcount_t *)0)->refs))

- 		-1

- 	      == 0xFFFFFFFF, \

- 	      "negative isc_refcount_t cannot be properly shortened to 32 bits");

  

- STATIC_ASSERT((uint32_t)

- 		(typeof(((isc_refcount_t *)0)->refs))

- 		0x90ABCDEF12345678

- 	      == 0x12345678, \

- 	      "positive isc_refcount_t cannot be properly shortened to 32 bits");

+ /* isc_refcount_t is simply atomic_uint_fast32_t now */

+ STATIC_ASSERT((uint32_t)((isc_refcount_t) -1) == 0xFFFFFFFF, \

+ 	      "negative isc_refcount_t cannot be properly shortened to 32 bits");

+ STATIC_ASSERT((uint32_t)((isc_refcount_t) 0x90ABCDEF12345678) == 0x12345678, \

+ 	      "negative isc_refcount_t cannot be properly shortened to 32 bits");

  

  /**

   * Get current MetaLDAP generation number.
@@ -327,8 +322,8 @@ 

  	CHECK(metadb_rdataset_get(node, dns_rdatatype_rp, &rdataset));

  	dns_rdataset_current(&rdataset, &rdata);

  	CHECK(dns_rdata_tostruct(&rdata, &rp, NULL));

- 	CHECK(dns_name_copy(&rp.mail, fqdn, NULL));

- 	CHECK(dns_name_copy(&rp.text, zone, NULL));

+ 	dns_name_copynf(&rp.mail, fqdn);

+ 	dns_name_copynf(&rp.text, zone);

  

  cleanup:

  	if (dns_rdataset_isassociated(&rdataset))

file modified
+1 -1
@@ -91,7 +91,7 @@ 

  	ZERO_PTR(iter);

  

  	isc_mem_attach(mctx, &iter->mctx);

- 	dns_rbtnodechain_init(&iter->chain, mctx);

+ 	dns_rbtnodechain_init(&iter->chain);

  	iter->rbt = rbt;

  	iter->rwlock = rwlock;

  	iter->locktype = isc_rwlocktype_read;

file modified
+13 -10
@@ -34,19 +34,21 @@ 

  isc_result_t

  semaphore_init(semaphore_t *sem, int value)

  {

- 	isc_result_t result;

+ 	isc_result_t result = ISC_R_SUCCESS;

  

  	REQUIRE(sem != NULL);

  	REQUIRE(value > 0);

  

  	sem->value = value;

- 	result = isc_mutex_init(&sem->mutex);

- 	if (result != ISC_R_SUCCESS)

- 		return result;

- 

- 	result = isc_condition_init(&sem->cond);

- 	if (result != ISC_R_SUCCESS)

- 		DESTROYLOCK(&sem->mutex);

+ 	/* isc_mutex_init and isc_condition_init failures are now fatal */

+ 	isc_mutex_init(&sem->mutex);

+ 	isc_condition_init(&sem->cond);

+ 	/*

+ 	 * if (result != ISC_R_SUCCESS) {

+ 	 *	// isc_mutex_destroy failures are now fatal

+ 	 *	isc_mutex_destroy(&sem->mutex);

+ 	 * }

+ 	 */

  

  	return result;

  }
@@ -62,8 +64,9 @@ 

  	if (sem == NULL)

  		return;

  

- 	RUNTIME_CHECK(isc_mutex_destroy(&sem->mutex) == ISC_R_SUCCESS);

- 	RUNTIME_CHECK(isc_condition_destroy(&sem->cond) == ISC_R_SUCCESS);

+ 	/* isc_mutex_destroy and isc_condition_destroy are now fatal */

+ 	isc_mutex_destroy(&sem->mutex);

+ 	isc_condition_destroy(&sem->cond);

  }

  

  /**

file modified
+15 -10
@@ -281,7 +281,9 @@ 

  			isc_mem_free(mctx, setting->value.value_char);

  		CHECKED_MEM_ALLOCATE(mctx, setting->value.value_char, len);

  		setting->is_dynamic = true;

- 		CHECK(isc_string_copy(setting->value.value_char, len, value));

+ 		/* isc_string_copy has been removed */

+ 		if (strlcpy(setting->value.value_char, value, len) >= len)

+ 			return ISC_R_NOSPACE;

  		break;

  

  	case ST_UNSIGNED_INTEGER:
@@ -493,8 +495,8 @@ 

  	isc_mem_attach(mctx, &new_set->mctx);

  

  	CHECKED_MEM_GET_PTR(mctx, new_set->lock);

- 	result = isc_mutex_init(new_set->lock);

- 	INSIST(result == ISC_R_SUCCESS);

+ 	/* isc_mutex_init failures are now fatal */

+ 	isc_mutex_init(new_set->lock);

  

  	new_set->parent_set = parent_set;

  
@@ -531,7 +533,8 @@ 

  		mctx = (*set)->mctx;

  

  		if ((*set)->lock != NULL) {

- 			DESTROYLOCK((*set)->lock);

+ 			/* isc_mutex_destroy failures are now fatal */

+ 			isc_mutex_destroy((*set)->lock);

  			SAFE_MEM_PUT_PTR(mctx, (*set)->lock);

  		}

  
@@ -577,7 +580,7 @@ 

  static isc_result_t

  settings_set_fill(const cfg_obj_t *config, settings_set_t *set)

  {

- 	isc_result_t result;

+ 	isc_result_t result = ISC_R_SUCCESS;

  	setting_t *setting;

  	isc_buffer_t *buf_value = NULL;

  	const cfg_obj_t *cfg_value;
@@ -585,7 +588,8 @@ 

  

  	REQUIRE(cfg_obj_ismap(config) == true);

  

- 	CHECK(isc_buffer_allocate(set->mctx, &buf_value, ISC_BUFFER_INCR));

+ 	/* isc_buffer_allocate can no longer fail */

+ 	isc_buffer_allocate(set->mctx, &buf_value, ISC_BUFFER_INCR);

  	isc_buffer_setautorealloc(buf_value, true);

  

  	for (setting = set->first_setting;
@@ -678,7 +682,8 @@ 

  

  	REQUIRE(parameters != NULL);

  

- 	CHECK(isc_buffer_allocate(mctx, &log_buf, ISC_BUFFER_INCR));

+ 	/* isc_buffer_allocate can no longer fail */

+ 	isc_buffer_allocate(mctx, &log_buf, ISC_BUFFER_INCR);

  	isc_buffer_setautorealloc(log_buf, true);

  

  	len = strlen(parameters);
@@ -686,8 +691,8 @@ 

  	isc_buffer_add(&in_buf, len);

  

  	CHECK(cfg_parser_create(mctx, dns_lctx, &parser));

- 	result = cfg_parse_buffer2(parser, &in_buf, name, cfg_type_conf,

- 				   &config);

+ 	result = cfg_parse_buffer(parser, &in_buf, name, 0, cfg_type_conf, 0,

+ 				  &config);

  	if (result == ISC_R_SUCCESS) {

  		cfg_printx(config, CFG_PRINTER_XKEY, cfg_printer, log_buf);

  		cfg_obj_log(config, dns_lctx, ISC_LOG_DEBUG(10),
@@ -700,7 +705,7 @@ 

  		log_error("configuration for dyndb instance '%s' "

  			  "(starting in file %s on line %lu) is invalid",

  			  name, file, line);

- 		cfg_print_grammar(cfg_type_conf, cfg_printer, log_buf);

+ 		cfg_print_grammar(cfg_type_conf, 0, cfg_printer, log_buf);

  		log_info("expected grammar:\n"

  			 "%.*s", isc_buffer_usedlength(log_buf),

  			 (char *)isc_buffer_base(log_buf));

file modified
+2 -2
@@ -134,7 +134,7 @@ 

  	 * @example

  	 * 192.168.0.1 -> 1.0.168.192.in-addr.arpa

  	 */

- 	CHECK(dns_byaddr_createptrname2(&isc_ip, 0, ptr_name));

+ 	CHECK(dns_byaddr_createptrname(&isc_ip, 0, ptr_name));

  

  	/* Find an active zone containing owner name of the PTR record. */

  	result = dns_zt_find(zonetable, ptr_name, 0, NULL, zone);
@@ -399,7 +399,7 @@ 

  	isc_mem_attach(mctx, &ev->mctx);

  	INIT_BUFFERED_NAME(ev->a_name);

  	INIT_BUFFERED_NAME(ev->ptr_name);

- 	CHECK(dns_name_copy(a_name, &ev->a_name, NULL));

+ 	dns_name_copynf(a_name, &ev->a_name);

  	ev->mod_op = mod_op;

  	strncpy(ev->ip_str, ip_str, sizeof(ev->ip_str));

  	ev->ip_str[sizeof(ev->ip_str) - 1] = '\0';

file modified
+14 -8
@@ -209,7 +209,8 @@ 

  	REQUIRE(event != NULL);

  

  	bev = (sync_barrierev_t *)event;

- 	isc_refcount_decrement(&bev->sctx->task_cnt, &cnt);

+ 	/* isc_refcount_decrement now has one parameter */

+ 	cnt = isc_refcount_decrement(&bev->sctx->task_cnt);

  	if (cnt == 0) {

  		log_debug(1, "sync_barrier_wait(): barrier reached");

  		LOCK(&bev->sctx->mutex);
@@ -277,9 +278,11 @@ 

  

  	sctx->inst = inst;

  

- 	CHECK(isc_mutex_init(&sctx->mutex));

+ 	/* isc_mutex_init failures are now fatal */

+ 	isc_mutex_init(&sctx->mutex);

  	lock_ready = true;

- 	CHECK(isc_condition_init(&sctx->cond));

+ 	/* isc_mutex_init failures are now fatal */

+ 	isc_condition_init(&sctx->cond);

  	cond_ready = true;

  

  	/* refcount includes ldap_inst->task implicitly */
@@ -297,8 +300,10 @@ 

  	return ISC_R_SUCCESS;

  

  cleanup:

- 	if (lock_ready == true)

- 		DESTROYLOCK(&sctx->mutex);

+ 	if (lock_ready == true) {

+ 		/* isc_mutex_destroy failures are now fatal */

+ 		isc_mutex_destroy(&sctx->mutex);

+ 	}

  	if (cond_ready == true)

  		RUNTIME_CHECK(isc_condition_destroy(&sctx->cond)

  			      == ISC_R_SUCCESS);
@@ -330,14 +335,15 @@ 

  		next_taskel = NEXT(taskel, link);

  		UNLINK(sctx->tasks, taskel, link);

  		isc_task_detach(&taskel->task);

- 		isc_refcount_decrement(&sctx->task_cnt, NULL);

+ 		isc_refcount_decrement(&sctx->task_cnt);

  		SAFE_MEM_PUT_PTR(sctx->mctx, taskel);

  	}

  	RUNTIME_CHECK(isc_condition_destroy(&sctx->cond) == ISC_R_SUCCESS);

  	isc_refcount_destroy(&sctx->task_cnt);

  	UNLOCK(&sctx->mutex);

  

- 	DESTROYLOCK(&(*sctxp)->mutex);

+ 	/* isc_mutex_destroy is void now */

+ 	isc_mutex_destroy(&(*sctxp)->mutex);

  	MEM_PUT_AND_DETACH(*sctxp);

  }

  
@@ -460,7 +466,7 @@ 

  	LOCK(&sctx->mutex);

  	REQUIRE(sctx->state == sync_configinit || sctx->state == sync_datainit);

  	ISC_LIST_APPEND(sctx->tasks, newel, link);

- 	isc_refcount_increment0(&sctx->task_cnt, &cnt);

+ 	cnt = isc_refcount_increment0(&sctx->task_cnt);

  	UNLOCK(&sctx->mutex);

  

  	log_debug(2, "adding task %p to syncrepl list; %u tasks in list",

file modified
+2 -14
@@ -136,19 +136,7 @@ 

   * and this notice are preserved. This code is offered as-is,

   * without any warranty.

   */

- #define ASSERT_CONCAT_(a, b) a##b

- #define ASSERT_CONCAT(a, b) ASSERT_CONCAT_(a, b)

- /* These can't be used after statements in c89. */

- #ifdef __COUNTER__

-   #define STATIC_ASSERT(e, m) \

-     ;enum { ASSERT_CONCAT(static_assert_, __COUNTER__) = 1/(!!(e)) }

- #else

-   /* This can't be used twice on the same line so ensure if using in headers

-    * that the headers are not included twice (by wrapping in #ifndef...#endif)

-    * Note it doesn't cause an issue when used on same line of separate modules

-    * compiled with gcc -combine -fwhole-program.  */

-   #define STATIC_ASSERT(e, m) \

-     ;enum { ASSERT_CONCAT(assert_line_, __LINE__) = 1/(!!(e)) }

- #endif

+ 

+ /* STATIC_ASSERT is now provided by isc/util.h */

  

  #endif /* !_LD_UTIL_H_ */

file modified
+10 -7
@@ -280,9 +280,9 @@ 

  		dns_zone_attach(secure, &zinfo->secure);

  

  	zinfo->settings = NULL;

- 	isc_string_printf_truncate(settings_name, PRINT_BUFF_SIZE,

- 				   SETTING_SET_NAME_ZONE " %s",

- 				   dn);

+ 	/* isc_string_printf_truncate has been removed */

+ 	snprintf(settings_name, PRINT_BUFF_SIZE, SETTING_SET_NAME_ZONE " %s",

+ 		 dn);

  	CHECK(settings_set_create(mctx, zone_settings, sizeof(zone_settings),

  				  settings_name, global_settings,

  				  &zinfo->settings));
@@ -341,7 +341,9 @@ 

   * @pre Zone registed is locked.

   */

  static isc_result_t

- getzinfo(zone_register_t * const zr, dns_name_t *name, zone_info_t **zinfo) {

+ getzinfo(zone_register_t * const zr, const dns_name_t *name,

+ 	 zone_info_t **zinfo)

+ {

  	isc_result_t result;

  	void *data = NULL;

  
@@ -438,8 +440,8 @@ 

   * Either ldapdbp or rbtdbp can be NULL.

   */

  isc_result_t

- zr_get_zone_dbs(zone_register_t *zr, dns_name_t *name, dns_db_t **ldapdbp,

- 		dns_db_t **rbtdbp)

+ zr_get_zone_dbs(zone_register_t *zr, const dns_name_t *name,

+ 		dns_db_t **ldapdbp, dns_db_t **rbtdbp)

  {

  	isc_result_t result;

  	zone_info_t *zinfo = NULL;
@@ -539,7 +541,8 @@ 

   * 'set'.

   */

  isc_result_t

- zr_get_zone_settings(zone_register_t *zr, dns_name_t *name, settings_set_t **set)

+ zr_get_zone_settings(zone_register_t *zr, const dns_name_t *name,

+ 	             settings_set_t **set)

  {

  	isc_result_t result;

  	zone_info_t *zinfo = NULL;

file modified
+2 -2
@@ -28,7 +28,7 @@ 

  zr_del_zone(zone_register_t *zr, dns_name_t *origin) ATTR_NONNULLS ATTR_CHECKRESULT;

  

  isc_result_t

- zr_get_zone_dbs(zone_register_t *zr, dns_name_t *name, dns_db_t **ldapdbp,

+ zr_get_zone_dbs(zone_register_t *zr, const dns_name_t *name, dns_db_t **ldapdbp,

  		dns_db_t **rbtdbp) ATTR_NONNULL(1, 2) ATTR_CHECKRESULT;

  

  isc_result_t
@@ -40,7 +40,7 @@ 

  		ATTR_NONNULL(1,2,3) ATTR_CHECKRESULT;

  

  isc_result_t

- zr_get_zone_settings(zone_register_t *zr, dns_name_t *name, settings_set_t **set) ATTR_NONNULLS ATTR_CHECKRESULT;

+ zr_get_zone_settings(zone_register_t *zr, const dns_name_t *name, settings_set_t **set) ATTR_NONNULLS ATTR_CHECKRESULT;

  

  isc_result_t

  zr_get_zone_path(isc_mem_t *mctx, settings_set_t *settings,

  • Lowercase renames: DNS_SSUMATCHTYPE_ -> dns_ssumatchtype_
  • cfg_parse_buffer has two additional parameters
  • empty_zone_handle_conflicts requires dns_name_t* as first parameter
  • isc_string_copy, isc_string_printf, isc_string_append and
    isc_string_printf_truncate have been removed, replaced by normal c
    functions
  • Functions that are now void and failures are fatal:
    isc_buffer_allocate, isc_mutex_destroy, isc_mutex_init,
    isc_thread_create, isc_thread_join, dns_zone_setdbtype,
    isc_condition_init, isc_condition_destroy

  • dns_name_t now has to be const in several functions

  • dns_view_flushcache as an additional paramater
  • isc_refcount_increment and isc_refcount_decrement now are returning the
    second parameter
  • dns_db_rpz_attach has been deprecated, replaced by alternative
    code
  • dns_db_rpz_ready has been depreacted, commented out rpz_ready
  • dns_dbmethods_t has 3 additional methods
  • isc_ondestroy_init has been removed, no replcement
  • dns_fwdtable_find has an additional parameter
  • dns_zone_setfile has two addtitional parameters
  • dns_zone_load has addtional parameter
  • dns_zone_getserial2 has been renamed to dns_zone_getserial
  • isc_refcount_increment0 has been renamed to isc_refcount_increment
  • dns_rbtnodechain_init only has first parameter now
  • cfg_parse_buffer2 has been renamed to cfg_parse_buffer
  • cfg_print_grammar has additional parameter
  • dns_byaddr_createptrname2 has been renamed to dns_byaddr_createptrname
  • STATIC_ASSERT is now provided by isc/util.h

Thank you very much for this work, @twoerner!
Could you please split the patch into smaller commits so that they are easier to review and eventually get bisect if problems are to be investigated in future.

rebased onto 0e8b7e3

10 months ago

I have split it up. There are 24 patches now with one temporary to make build work with isc-bind in Fedora copr.

thanks for the patches! isc-config.sh has been removed upstream, how do you cope with that?

Ping, any progress here?

There is currently no progress. We have new bind 9.16 build in a COPR but I haven't had any time to look at it yet. I am working with Fedora infra to set up CI to be able to test all this automatically but still not there.

Is the packaging for that build available somewhere?

I have these for debian, but might have missed something as named-pkcs11 fails with an assert when starting up

rebased onto 9e3303b

9 months ago

@tjaalton Right now there are issues where code breaks when named starts due to one missing function rename and some issues with DNSSEC (and SELinux). That was the latest status from @twoerner yesterday evening. I think we'll see some update of this branch today, hopefully.

Additionally, you'd need changes in FreeIPA because bind 9.16 does not support integrated pkcs11 build and requires use of external PKCS#11 engine through openssl. This is handled in https://github.com/freeipa/freeipa/pull/3774

I was trying to make testing of the new code more reliable and added a support for testing against FreeIPA in Azure Pipelines (FreeIPA uses Azure Pipelines for about a year already). The setup is in tests/azure/, if you'd create own Azure DevOps organization, import bind-dyndb-ldap from external git there, then you can create a build pipeline using tests/azure/azure-pipelines.yml. It will run against Fedora 31 by default. I know you work on your own Ubuntu/Debian integration for FreeIPA Azure Pipelines, so may be that could be contributed here too.

Getting back to bind 9.16, my current run that actually tries to use bind 9.16 can be seen at https://dev.azure.com/vdali/bind-dyndb-ldap/_build/results?buildId=26&view=results. In https://dev.azure.com/vdali/bind-dyndb-ldap/_build/results?buildId=26&view=artifacts you can see the results. You might be interested in downloading logs from that place as they contain crashdumps. The crashes were already processed by coredumpctl, so there already detailed stack traces that could be analyzed. It would help to submit patches on top of https://pagure.io/bind-dyndb-ldap/pull-request/187 for the issues you could fix.

Since Pagure has no direct support in Azure Pipelines, I'm using my fork in Azure DevOpes for the runs in Azure Pipelines: https://dev.azure.com/vdali/bind-dyndb-ldap/_git/bind-dyndb-ldap.ab?version=GBbind-9.16-support. This is basically a version of this PR that has Azure Pipeline adoption on top of that, to allow use of customized bind 9.15 and FreeIPA builds from respective COPR repositories. Again, since I'm not using Ubuntu/Debian myself, these are for Fedora 31.

OpenSSL PKCS#11 engine does not work in FIPS mode yet. There is a problem with libp11 (aka openssl-pkcs11 engine), see https://bugzilla.redhat.com/show_bug.cgi?id=1827535 .

I propose to make BIND 9.16 support a FreeIPA 4.9 feature. It's a big change.

1 new commit added

  • bind-9.16: Use dns_name_copynf(...) for RUNTIME_CHECK(dns_name_copy(..., NULL))
9 months ago

Pull-Request has been closed by abbra

4 months ago