From 3b34807f481de612fbf42e1bd8858a2fca0b5c15 Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: May 25 2020 06:41:39 +0000 Subject: [PATCH 1/47] bind-9.16: Lowercase DNS_SSUMATCHTYPE_* -> dns_ssumatchtype_* The extra defines for uppercase DNS_SSUMATCHTYPE_* have been removed. Only the dns_ssumatchtype_t enum is there now. --- diff --git a/src/acl.c b/src/acl.c index 6b1b192..efacf89 100644 --- a/src/acl.c +++ b/src/acl.c @@ -105,20 +105,20 @@ get_match_type(const cfg_obj_t *obj, unsigned int *value) } str = cfg_obj_asstring(obj); - MATCH("name", DNS_SSUMATCHTYPE_NAME); - MATCH("subdomain", DNS_SSUMATCHTYPE_SUBDOMAIN); - MATCH("zonesub", DNS_SSUMATCHTYPE_SUBDOMAIN); - MATCH("wildcard", DNS_SSUMATCHTYPE_WILDCARD); - MATCH("self", DNS_SSUMATCHTYPE_SELF); -#if defined(DNS_SSUMATCHTYPE_SELFSUB) && defined(DNS_SSUMATCHTYPE_SELFWILD) - MATCH("selfsub", DNS_SSUMATCHTYPE_SELFSUB); - MATCH("selfwild", DNS_SSUMATCHTYPE_SELFWILD); + MATCH("name", dns_ssumatchtype_name); + MATCH("subdomain", dns_ssumatchtype_subdomain); + MATCH("zonesub", dns_ssumatchtype_subdomain); + MATCH("wildcard", dns_ssumatchtype_wildcard); + MATCH("self", dns_ssumatchtype_self); +#if defined(dns_ssumatchtype_selfSUB) && defined(dns_ssumatchtype_selfwild) + MATCH("selfsub", dns_ssumatchtype_selfSUB); + MATCH("selfwild", dns_ssumatchtype_selfwild); #endif -#ifdef DNS_SSUMATCHTYPE_SELFMS - MATCH("ms-self", DNS_SSUMATCHTYPE_SELFMS); +#ifdef dns_ssumatchtype_selfms + MATCH("ms-self", dns_ssumatchtype_selfms); #endif -#ifdef DNS_SSUMATCHTYPE_SELFKRB5 - MATCH("krb5-self", DNS_SSUMATCHTYPE_SELFKRB5); +#ifdef dns_ssumatchtype_selfkrb5 + MATCH("krb5-self", dns_ssumatchtype_selfkrb5); #endif /* At least bind 9.11.5 or 9.12.3 is required for it @@ -126,18 +126,18 @@ get_match_type(const cfg_obj_t *obj, unsigned int *value) MATCH("ms-selfsub", dns_ssumatchtype_selfsubms); MATCH("krb5-selfsub", dns_ssumatchtype_selfsubkrb5); -#ifdef DNS_SSUMATCHTYPE_SUBDOMAINMS - MATCH("ms-subdomain", DNS_SSUMATCHTYPE_SUBDOMAINMS); +#ifdef dns_ssumatchtype_subdomainms + MATCH("ms-subdomain", dns_ssumatchtype_subdomainms); #endif -#ifdef DNS_SSUMATCHTYPE_SUBDOMAINKRB5 - MATCH("krb5-subdomain", DNS_SSUMATCHTYPE_SUBDOMAINKRB5); +#ifdef dns_ssumatchtype_subdomainkrb5 + MATCH("krb5-subdomain", dns_ssumatchtype_subdomainkrb5); #endif -#if defined(DNS_SSUMATCHTYPE_TCPSELF) && defined(DNS_SSUMATCHTYPE_6TO4SELF) - MATCH("tcp-self", DNS_SSUMATCHTYPE_TCPSELF); - MATCH("6to4-self", DNS_SSUMATCHTYPE_6TO4SELF); +#if defined(dns_ssumatchtype_tcpself) && defined(dns_ssumatchtype_6to4self) + MATCH("tcp-self", dns_ssumatchtype_tcpself); + MATCH("6to4-self", dns_ssumatchtype_6to4self); #endif -#if defined(DNS_SSUMATCHTYPE_EXTERNAL) - MATCH("external", DNS_SSUMATCHTYPE_EXTERNAL); +#if defined(dns_ssumatchtype_external) + MATCH("external", dns_ssumatchtype_external); #endif log_bug("unsupported match type '%s'", str); @@ -319,7 +319,7 @@ acl_configure_zone_ssutable(const char *policy_str, dns_zone_t *zone) /* Use zone name for 'zonesub' match type */ result = get_fixed_name(stmt, "name", &fname); if (result == ISC_R_NOTFOUND && - match_type == DNS_SSUMATCHTYPE_SUBDOMAIN) { + match_type == dns_ssumatchtype_subdomain) { dns_fixedname_init(&fname); CHECK(dns_name_copy(dns_zone_getorigin(zone), dns_fixedname_name(&fname), @@ -330,7 +330,7 @@ acl_configure_zone_ssutable(const char *policy_str, dns_zone_t *zone) CHECK(get_types(mctx, stmt, &types, &n)); - if (match_type == DNS_SSUMATCHTYPE_WILDCARD && + if (match_type == dns_ssumatchtype_wildcard && !dns_name_iswildcard(dns_fixedname_name(&fname))) { char name[DNS_NAME_FORMATSIZE]; dns_name_format(dns_fixedname_name(&fname), name, From 474c2171ca8f9443c80564cbd0e13c89e4522a82 Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: May 25 2020 06:41:39 +0000 Subject: [PATCH 2/47] bind-9.16: cfg_parse_buffer changes cfg_parse_buffer2 has been renamed to cfg_parse_buffer and cfg_parse_buffer has two addtional parameters. --- diff --git a/src/bindcfg.c b/src/bindcfg.c index 5539dea..7844774 100644 --- a/src/bindcfg.c +++ b/src/bindcfg.c @@ -108,7 +108,7 @@ cfg_parse_strbuf(cfg_parser_t *parser, const char *string, cfg_type_t **type, isc_buffer_init(&buffer, (char *)string, string_len); isc_buffer_add(&buffer, string_len); - result = cfg_parse_buffer(parser, &buffer, *type, &ret); + result = cfg_parse_buffer(parser, &buffer, NULL, 0, *type, 0, &ret); if (result == ISC_R_SUCCESS) *objp = ret; diff --git a/src/fwd.c b/src/fwd.c index 7ac381b..6c715d4 100644 --- a/src/fwd.c +++ b/src/fwd.c @@ -182,8 +182,8 @@ fwd_print_list_buff(isc_mem_t *mctx, dns_forwarders_t *fwdrs, list_len = fwd_list_len(fwdrs); CHECK(fwd_list_gen_dummy_config_string(mctx, list_len, &dummy_fwdr_buf)); - CHECK(cfg_parse_buffer(parser, dummy_fwdr_buf, - cfg_type_forwarders, &forwarders_cfg)); + CHECK(cfg_parse_buffer(parser, dummy_fwdr_buf, NULL, 0, + cfg_type_forwarders, 0, &forwarders_cfg)); /* Walk through internal representation and cfg representation and copy * data from the internal one to cfg data structures.*/ diff --git a/src/settings.c b/src/settings.c index 90c7e47..18eea14 100644 --- a/src/settings.c +++ b/src/settings.c @@ -686,8 +686,8 @@ setting_set_parse_conf(isc_mem_t *mctx, const char *name, isc_buffer_add(&in_buf, len); CHECK(cfg_parser_create(mctx, dns_lctx, &parser)); - result = cfg_parse_buffer2(parser, &in_buf, name, cfg_type_conf, - &config); + result = cfg_parse_buffer(parser, &in_buf, name, 0, cfg_type_conf, 0, + &config); if (result == ISC_R_SUCCESS) { cfg_printx(config, CFG_PRINTER_XKEY, cfg_printer, log_buf); cfg_obj_log(config, dns_lctx, ISC_LOG_DEBUG(10), From 0d927ba188595c4fc12dd611e6ccb92fefb926b3 Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: May 25 2020 06:41:39 +0000 Subject: [PATCH 3/47] bind-9.16: isc_buffer_allocate is now void isc_buffer_allocate is not returning a results anymore. according to bind9: a038f77d92a857bc11750683c9317d70da6fcfdf isc_buffer_allocate is void and can not fail anymore. --- diff --git a/src/fwd.c b/src/fwd.c index 6c715d4..ad27b28 100644 --- a/src/fwd.c +++ b/src/fwd.c @@ -86,7 +86,6 @@ fwd_list_len(dns_forwarders_t *fwdrs) { static isc_result_t fwd_list_gen_dummy_config_string(isc_mem_t *mctx, size_t list_len, isc_buffer_t **dummy_string) { - isc_result_t result; const char prefix[] = "{ "; const char suffix[] = "} // dummy string, please ignore"; const char fill[] = "127.0.0.1; "; @@ -98,7 +97,9 @@ fwd_list_gen_dummy_config_string(isc_mem_t *mctx, size_t list_len, REQUIRE(dummy_string != NULL && *dummy_string == NULL); - CHECK(isc_buffer_allocate(mctx, &output, target_size)); + /* No CHECK here as isc_buffer_allocate is void and can not fail. + * See bind9: a038f77d92a857bc11750683c9317d70da6fcfdf */ + isc_buffer_allocate(mctx, &output, target_size); isc_buffer_putstr(output, prefix); for (size_t i = 0; i < list_len; i++) isc_buffer_putstr(output, fill); @@ -106,11 +107,7 @@ fwd_list_gen_dummy_config_string(isc_mem_t *mctx, size_t list_len, isc_buffer_putuint8(output, '\0'); *dummy_string = output; -cleanup: - if (result != ISC_R_SUCCESS && output != NULL) - isc_buffer_free(&output); - - return result; + return ISC_R_SUCCESS; } /** @@ -122,7 +119,6 @@ cleanup: isc_result_t fwd_print_bracketed_values_buf(isc_mem_t *mctx, ldap_valuelist_t *values, isc_buffer_t **string) { - isc_result_t result; ldap_value_t *value; const char prefix[] = "{ "; const char suffix[] = "}"; @@ -143,13 +139,14 @@ fwd_print_bracketed_values_buf(isc_mem_t *mctx, ldap_valuelist_t *values, buffer_append_str(&tmp_buf, suffix, 2); /* create and copy string from tmp to output buffer */ - CHECK(isc_buffer_allocate(mctx, string, tmp_buf.used)); + /* No CHECK here as isc_buffer_allocate is void and can not fail. + * See bind9: a038f77d92a857bc11750683c9317d70da6fcfdf */ + isc_buffer_allocate(mctx, string, tmp_buf.used); isc_buffer_putmem(*string, isc_buffer_base(&tmp_buf), tmp_buf.used); -cleanup: if (tmp_buf.base != NULL) isc_mem_put(mctx, tmp_buf.base, tmp_buf.length); - return result; + return ISC_R_SUCCESS; } isc_result_t @@ -199,7 +196,7 @@ fwd_print_list_buff(isc_mem_t *mctx, dns_forwarders_t *fwdrs, cfg_print(faddresses, buffer_append_str, &tmp_buf); /* create and copy string from tmp to output buffer */ - CHECK(isc_buffer_allocate(mctx, out_buf, tmp_buf.used)); + isc_buffer_allocate(mctx, out_buf, tmp_buf.used); isc_buffer_putmem(*out_buf, isc_buffer_base(&tmp_buf), isc_buffer_usedlength(&tmp_buf)); diff --git a/src/settings.c b/src/settings.c index 18eea14..1d121af 100644 --- a/src/settings.c +++ b/src/settings.c @@ -577,7 +577,7 @@ cfg_printer(void *closure, const char *text, int textlen) { static isc_result_t settings_set_fill(const cfg_obj_t *config, settings_set_t *set) { - isc_result_t result; + isc_result_t result = ISC_R_SUCCESS; setting_t *setting; isc_buffer_t *buf_value = NULL; const cfg_obj_t *cfg_value; @@ -585,7 +585,8 @@ settings_set_fill(const cfg_obj_t *config, settings_set_t *set) REQUIRE(cfg_obj_ismap(config) == true); - CHECK(isc_buffer_allocate(set->mctx, &buf_value, ISC_BUFFER_INCR)); + /* isc_buffer_allocate can no longer fail */ + isc_buffer_allocate(set->mctx, &buf_value, ISC_BUFFER_INCR); isc_buffer_setautorealloc(buf_value, true); for (setting = set->first_setting; @@ -678,7 +679,8 @@ setting_set_parse_conf(isc_mem_t *mctx, const char *name, REQUIRE(parameters != NULL); - CHECK(isc_buffer_allocate(mctx, &log_buf, ISC_BUFFER_INCR)); + /* isc_buffer_allocate can no longer fail */ + isc_buffer_allocate(mctx, &log_buf, ISC_BUFFER_INCR); isc_buffer_setautorealloc(log_buf, true); len = strlen(parameters); From 5af566caa5b599437234417474a2219783dc9bd5 Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: May 25 2020 06:41:39 +0000 Subject: [PATCH 4/47] bind-9.16: Replace removed isc_string_ functions The functions isc_string_copy, isc_string_printf, isc_string_append and isc_string_printf_truncate have been removed in bind. The have been replaced by normal c functions. --- diff --git a/src/fs.c b/src/fs.c index 61c46b5..bfe5524 100644 --- a/src/fs.c +++ b/src/fs.c @@ -79,7 +79,10 @@ fs_dirs_create(const char *path) { char curr_path[PATH_MAX + 1]; char *end = NULL; - CHECK(isc_string_copy(curr_path, PATH_MAX, path)); + /* isc_string_copy has been removed */ + if (strlcpy(curr_path, path, PATH_MAX) >= PATH_MAX) { + return ISC_R_NOSPACE; + } for (end = strchr(curr_path, '/'); end != NULL; diff --git a/src/ldap_convert.c b/src/ldap_convert.c index 853ad37..93beff6 100644 --- a/src/ldap_convert.c +++ b/src/ldap_convert.c @@ -286,7 +286,8 @@ dns_to_ldap_dn_escape(isc_mem_t *mctx, const char * const dns_str, char ** ldap_ } /* LDAP uses \xy escaping. "xy" represent two hexadecimal digits.*/ /* TODO: optimize to bit mask & rotate & dec->hex table? */ - CHECK(isc_string_printf(esc_name + esc_idx, 4, "\\%02x", ascii_val)); + /* isc_string_printf has been removed */ + result = snprintf(esc_name + esc_idx, 4, "\\%02x", ascii_val); esc_idx += 3; /* isc_string_printf wrote 4 bytes including '\0' */ } } @@ -430,24 +431,28 @@ isc_result_t rdatatype_to_ldap_attribute(dns_rdatatype_t rdtype, char *target, unsigned int size, bool unknown) { - isc_result_t result; char rdtype_str[DNS_RDATATYPE_FORMATSIZE]; if (unknown) { /* "UnknownRecord;TYPE65333" */ - CHECK(isc_string_copy(target, size, - LDAP_RDATATYPE_UNKNOWN_PREFIX)); + /* isc_string_copy and isc_string_append have been removed */ + if (strlcpy(target, LDAP_RDATATYPE_UNKNOWN_PREFIX, size) + >= size) + return ISC_R_NOSPACE; snprintf(rdtype_str, sizeof(rdtype_str), "TYPE%u", rdtype); - CHECK(isc_string_append(target, size, rdtype_str)); + if (strlcat(target, rdtype_str, size) >= size) + return ISC_R_NOSPACE; } else { /* "ARecord" */ dns_rdatatype_format(rdtype, rdtype_str, DNS_RDATATYPE_FORMATSIZE); - CHECK(isc_string_copy(target, size, rdtype_str)); - CHECK(isc_string_append(target, size, LDAP_RDATATYPE_SUFFIX)); + /* isc_string_copy and isc_string_append have been removed */ + if (strlcpy(target, rdtype_str, size) >= size) + return ISC_R_NOSPACE; + if (strlcat(target, LDAP_RDATATYPE_SUFFIX, size) >= size) + return ISC_R_NOSPACE; } -cleanup: - return result; + return ISC_R_SUCCESS; } /** @@ -463,8 +468,9 @@ rdata_to_generic(dns_rdata_t *rdata, isc_buffer_t *target) dns_rdata_toregion(rdata, &rdata_reg); REQUIRE(rdata_reg.length <= 65535); - result = isc_string_printf(buf, sizeof(buf), "\\# %u", rdata_reg.length); - INSIST(result == ISC_R_SUCCESS); + /* isc_string_printf has been removed */ + result = snprintf(buf, sizeof(buf), "\\# %u", rdata_reg.length); + RUNTIME_CHECK(result < sizeof(buf)); isc_buffer_putstr(target, buf); if (rdata_reg.length != 0U) { isc_buffer_putstr(target, " "); diff --git a/src/ldap_helper.c b/src/ldap_helper.c index 0a25bfb..3517ea3 100644 --- a/src/ldap_helper.c +++ b/src/ldap_helper.c @@ -445,7 +445,10 @@ validate_local_instance_settings(ldap_instance_t *inst, settings_set_t *set) { auth_method_str); CLEANUP_WITH(ISC_R_FAILURE); } - CHECK(isc_string_printf(print_buff, PRINT_BUFF_SIZE, "%u", auth_method_enum)); + /* isc_string_printf has been removed */ + result = snprintf(print_buff, PRINT_BUFF_SIZE, "%u", auth_method_enum); + RUNTIME_CHECK(result < PRINT_BUFF_SIZE); + CHECK(setting_set("auth_method_enum", inst->local_settings, print_buff)); /* check we have the right data when SASL/GSSAPI is selected */ @@ -555,16 +558,16 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name, const char *parameters, ldap_inst->watcher = 0; CHECK(sync_ctx_init(ldap_inst->mctx, ldap_inst, &ldap_inst->sctx)); - isc_string_printf_truncate(settings_name, PRINT_BUFF_SIZE, - SETTING_SET_NAME_LOCAL " for database %s", - ldap_inst->db_name); + snprintf(settings_name, PRINT_BUFF_SIZE, + SETTING_SET_NAME_LOCAL " for database %s", + ldap_inst->db_name); CHECK(settings_set_create(mctx, settings_local_default, sizeof(settings_local_default), settings_name, &settings_default_set, &ldap_inst->local_settings)); - isc_string_printf_truncate(settings_name, PRINT_BUFF_SIZE, - SETTING_SET_NAME_GLOBAL " for database %s", - ldap_inst->db_name); + snprintf(settings_name, PRINT_BUFF_SIZE, + SETTING_SET_NAME_GLOBAL " for database %s", + ldap_inst->db_name); CHECK(settings_set_create(mctx, settings_global_default, sizeof(settings_global_default), settings_name, ldap_inst->local_settings, &ldap_inst->global_settings)); @@ -629,13 +632,13 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name, const char *parameters, CHECK(setting_get_str("server_id", ldap_inst->local_settings, &server_id)); if (strlen(server_id) == 0) - isc_string_printf_truncate(settings_name, PRINT_BUFF_SIZE, - SETTING_SET_NAME_SERVER - " for undefined server_id"); + snprintf(settings_name, PRINT_BUFF_SIZE, + SETTING_SET_NAME_SERVER " for undefined server_id"); + else - isc_string_printf_truncate(settings_name, PRINT_BUFF_SIZE, - SETTING_SET_NAME_SERVER - " for server id %s", server_id); + snprintf(settings_name, PRINT_BUFF_SIZE, + SETTING_SET_NAME_SERVER + " for server id %s", server_id); CHECK(settings_set_create(mctx, settings_server_ldap_default, sizeof(settings_server_ldap_default), settings_name, @@ -847,8 +850,9 @@ cleanup_zone_files(dns_zone_t *zone) { namelen = strlen(filename); if (namelen > 4 && strcmp(filename + namelen - 4, ".jnl") == 0) namelen -= 4; - CHECK(isc_string_printf(bck_filename, sizeof(bck_filename), - "%.*s.jbk", namelen, filename)); + result = snprintf(bck_filename, sizeof(bck_filename), + "%.*s.jbk", namelen, filename); + RUNTIME_CHECK(result < sizeof(bck_filename)); CHECK(fs_file_remove(bck_filename)); cleanup: @@ -1717,7 +1721,8 @@ ldap_replace_serial(ldap_instance_t *inst, dns_name_t *zone, change.mod_op = LDAP_MOD_REPLACE; change.mod_type = "idnsSOAserial"; change.mod_values = values; - CHECK(isc_string_printf(serial_char, MAX_SERIAL_LENGTH, "%u", serial)); + result = snprintf(serial_char, MAX_SERIAL_LENGTH, "%u", serial); + RUNTIME_CHECK(result < MAX_SERIAL_LENGTH); CHECK(ldap_modify_do(inst, str_buf(dn), changep, false)); @@ -3287,7 +3292,10 @@ ldap_rdttl_to_ldapmod(isc_mem_t *mctx, dns_rdatalist_t *rdlist, CHECK(ldap_mod_create(mctx, &change)); change->mod_op = LDAP_MOD_REPLACE; - CHECK(isc_string_copy(change->mod_type, LDAP_ATTR_FORMATSIZE, "dnsTTL")); + /* isc_string_copy has been removed */ + if (strlcpy(change->mod_type, "dnsTTL", LDAP_ATTR_FORMATSIZE) + >= LDAP_ATTR_FORMATSIZE) + return ISC_R_NOSPACE; CHECKED_MEM_ALLOCATE(mctx, vals, 2 * sizeof(char *)); memset(vals, 0, 2 * sizeof(char *)); @@ -3314,7 +3322,7 @@ static isc_result_t ATTR_NONNULLS ATTR_CHECKRESULT modify_soa_record(ldap_instance_t *ldap_inst, const char *zone_dn, dns_rdata_t *rdata) { - isc_result_t result; + isc_result_t result = ISC_R_SUCCESS; dns_rdata_soa_t soa; LDAPMod change[5]; LDAPMod *changep[6] = { @@ -3332,8 +3340,9 @@ modify_soa_record(ldap_instance_t *ldap_inst, const char *zone_dn, change[index].mod_values = alloca(2 * sizeof(char *)); \ change[index].mod_values[0] = alloca(MAX_SOANUM_LENGTH); \ change[index].mod_values[1] = NULL; \ - CHECK(isc_string_printf(change[index].mod_values[0], \ - MAX_SOANUM_LENGTH, "%u", soa.name)); + result = snprintf(change[index].mod_values[0], \ + MAX_SOANUM_LENGTH, "%u", soa.name); \ + RUNTIME_CHECK(result < MAX_SOANUM_LENGTH); dns_rdata_tostruct(rdata, (void *)&soa, ldap_inst->mctx); @@ -3347,7 +3356,6 @@ modify_soa_record(ldap_instance_t *ldap_inst, const char *zone_dn, result = ldap_modify_do(ldap_inst, zone_dn, changep, false); -cleanup: return result; #undef MAX_SOANUM_LENGTH @@ -3500,8 +3508,9 @@ remove_rdtype_from_ldap(dns_name_t *owner, dns_name_t *zone, change[0]->mod_vals.modv_strvals = NULL; CHECK(rdatatype_to_ldap_attribute(type, attr, sizeof(attr), unknown_type)); - CHECK(isc_string_copy(change[0]->mod_type, LDAP_ATTR_FORMATSIZE, - attr)); + if (strlcpy(change[0]->mod_type, attr, LDAP_ATTR_FORMATSIZE) + >= LDAP_ATTR_FORMATSIZE) + return ISC_R_NOSPACE; CHECK(ldap_modify_do(ldap_inst, str_buf(dn), change, false)); ldap_mod_free(ldap_inst->mctx, &change[0]); unknown_type = !unknown_type; @@ -4620,14 +4629,17 @@ ldap_sync_doit(ldap_instance_t *inst, ldap_connection_t *conn, /* request idnsServerConfig object only if server_id is specified */ CHECK(setting_get_str("server_id", inst->server_ldap_settings, &server_id)); - if (strlen(server_id) == 0) - CHECK(isc_string_printf(filter, sizeof(filter), config_template, - "", "", "", filter_objcs)); - else - CHECK(isc_string_printf(filter, sizeof(filter), config_template, - " (&(objectClass=idnsServerConfigObject)" - " (idnsServerId=", server_id, "))", - filter_objcs)); + if (strlen(server_id) == 0) { + result = snprintf(filter, sizeof(filter), config_template, + "", "", "", filter_objcs); + RUNTIME_CHECK(result < sizeof(filter)); + } else { + result = snprintf(filter, sizeof(filter), config_template, + " (&(objectClass=idnsServerConfigObject)" + " (idnsServerId=", server_id, "))", + filter_objcs); + RUNTIME_CHECK(result < sizeof(filter)); + } result = ldap_sync_prepare(inst, inst->server_ldap_settings, filter, conn, &ldap_sync); diff --git a/src/settings.c b/src/settings.c index 1d121af..87de0e5 100644 --- a/src/settings.c +++ b/src/settings.c @@ -281,7 +281,9 @@ set_value(isc_mem_t *mctx, const settings_set_t *set, setting_t *setting, isc_mem_free(mctx, setting->value.value_char); CHECKED_MEM_ALLOCATE(mctx, setting->value.value_char, len); setting->is_dynamic = true; - CHECK(isc_string_copy(setting->value.value_char, len, value)); + /* isc_string_copy has been removed */ + if (strlcpy(setting->value.value_char, value, len) >= len) + return ISC_R_NOSPACE; break; case ST_UNSIGNED_INTEGER: diff --git a/src/zone_register.c b/src/zone_register.c index 96373cc..e31d5e8 100644 --- a/src/zone_register.c +++ b/src/zone_register.c @@ -280,9 +280,9 @@ create_zone_info(isc_mem_t * const mctx, dns_zone_t * const raw, dns_zone_attach(secure, &zinfo->secure); zinfo->settings = NULL; - isc_string_printf_truncate(settings_name, PRINT_BUFF_SIZE, - SETTING_SET_NAME_ZONE " %s", - dn); + /* isc_string_printf_truncate has been removed */ + snprintf(settings_name, PRINT_BUFF_SIZE, SETTING_SET_NAME_ZONE " %s", + dn); CHECK(settings_set_create(mctx, zone_settings, sizeof(zone_settings), settings_name, global_settings, &zinfo->settings)); From e98aa21d27294f07c14d9c9b2327319871ba9d2c Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: May 25 2020 06:41:39 +0000 Subject: [PATCH 5/47] bind-9.16: isc_mutex_ fuctions are void and failures are fatal The isc_mutex_ functions are now void and the failures are fatal. RUNTIME_CHECK and CHECK are not used any more. There is no code right now to handle the failures gracefully in bind-dyndb-ldap. --- diff --git a/src/ldap_driver.c b/src/ldap_driver.c index dcf65d0..31f6377 100644 --- a/src/ldap_driver.c +++ b/src/ldap_driver.c @@ -153,8 +153,8 @@ cleanup: #endif dns_db_detach(&ldapdb->rbtdb); dns_name_free(&ldapdb->common.origin, ldapdb->common.mctx); - RUNTIME_CHECK(isc_mutex_destroy(&ldapdb->newversion_lock) - == ISC_R_SUCCESS); + /* isc_mutex_destroy is failing fatal now */ + isc_mutex_destroy(&ldapdb->newversion_lock); isc_mem_putanddetach(&ldapdb->common.mctx, ldapdb, sizeof(*ldapdb)); } @@ -986,7 +986,8 @@ ldapdb_create(isc_mem_t *mctx, dns_name_t *name, dns_dbtype_t type, ZERO_PTR(ldapdb); isc_mem_attach(mctx, &ldapdb->common.mctx); - CHECK(isc_mutex_init(&ldapdb->newversion_lock)); + /* isc_mutex_init and isc_condition_init failures are now fatal */ + isc_mutex_init(&ldapdb->newversion_lock); lock_ready = true; dns_name_init(&ldapdb->common.origin, NULL); isc_ondestroy_init(&ldapdb->common.ondest); @@ -1012,9 +1013,10 @@ ldapdb_create(isc_mem_t *mctx, dns_name_t *name, dns_dbtype_t type, cleanup: if (ldapdb != NULL) { - if (lock_ready == true) - RUNTIME_CHECK(isc_mutex_destroy(&ldapdb->newversion_lock) - == ISC_R_SUCCESS); + if (lock_ready == true) { + /* isc_mutex_destroy errors are now fatal */ + isc_mutex_destroy(&ldapdb->newversion_lock); + } if (dns_name_dynamic(&ldapdb->common.origin)) dns_name_free(&ldapdb->common.origin, mctx); diff --git a/src/ldap_helper.c b/src/ldap_helper.c index 3517ea3..bedcfdf 100644 --- a/src/ldap_helper.c +++ b/src/ldap_helper.c @@ -659,7 +659,8 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name, const char *parameters, CHECK(fwdr_create(ldap_inst->mctx, &ldap_inst->fwd_register)); CHECK(mldap_new(mctx, &ldap_inst->mldapdb)); - CHECK(isc_mutex_init(&ldap_inst->kinit_lock)); + /* isc_mutex_init and isc_condition_init failures are now fatal */ + isc_mutex_init(&ldap_inst->kinit_lock); CHECK(ldap_pool_create(mctx, connections, &ldap_inst->pool)); CHECK(ldap_pool_connect(ldap_inst->pool, ldap_inst)); @@ -752,7 +753,8 @@ destroy_ldap_instance(ldap_instance_t **ldap_instp) if (ldap_inst->task != NULL) isc_task_detach(&ldap_inst->task); - DESTROYLOCK(&ldap_inst->kinit_lock); + /* isc_mutex_init and isc_condition_init failures are now fatal */ + isc_mutex_destroy(&ldap_inst->kinit_lock); settings_set_free(&ldap_inst->global_settings); settings_set_free(&ldap_inst->local_settings); @@ -785,11 +787,14 @@ new_ldap_connection(ldap_pool_t *pool, ldap_connection_t **ldap_connp) CHECKED_MEM_GET_PTR(pool->mctx, ldap_conn); ZERO_PTR(ldap_conn); - result = isc_mutex_init(&ldap_conn->lock); - if (result != ISC_R_SUCCESS) { - SAFE_MEM_PUT_PTR(pool->mctx, ldap_conn); - return result; - } + /* isc_mutex_init and isc_condition_init failures are now fatal */ + isc_mutex_init(&ldap_conn->lock); + /* + * if (result != ISC_R_SUCCESS) { + * SAFE_MEM_PUT_PTR(pool->mctx, ldap_conn); + * return result; + * } + */ isc_mem_attach(pool->mctx, &ldap_conn->mctx); @@ -814,7 +819,8 @@ destroy_ldap_connection(ldap_connection_t **ldap_connp) if (ldap_conn == NULL) return; - DESTROYLOCK(&ldap_conn->lock); + /* isc_mutex_init and isc_condition_init failures are now fatal */ + isc_mutex_destroy(&ldap_conn->lock); if (ldap_conn->handle != NULL) ldap_unbind_ext_s(ldap_conn->handle, NULL, NULL); diff --git a/src/metadb.c b/src/metadb.c index 2a996e1..1f3c0ef 100644 --- a/src/metadb.c +++ b/src/metadb.c @@ -45,7 +45,8 @@ metadb_new(isc_mem_t *mctx, metadb_t **mdbp) { isc_mem_attach(mctx, &mdb->mctx); - CHECK(isc_mutex_init(&mdb->newversion_lock)); + /* isc_mutex_init and isc_condition_init failures are now fatal */ + isc_mutex_init(&mdb->newversion_lock); lock_ready = true; CHECK(dns_db_create(mctx, "rbt", dns_rootname, dns_dbtype_zone, dns_rdataclass_in, 0, NULL, &mdb->rbtdb)); @@ -55,9 +56,10 @@ metadb_new(isc_mem_t *mctx, metadb_t **mdbp) { cleanup: if (mdb != NULL) { - if (lock_ready == true) - RUNTIME_CHECK(isc_mutex_destroy(&mdb->newversion_lock) - == ISC_R_SUCCESS); + if (lock_ready == true) { + /* isc_mutex_destroy errors are now fatal */ + isc_mutex_destroy(&mdb->newversion_lock); + } MEM_PUT_AND_DETACH(mdb); } return result; @@ -79,7 +81,8 @@ metadb_destroy(metadb_t **mdbp) { dns_db_dump(mdb->rbtdb, NULL, "/tmp/mdb.db"); #endif dns_db_detach(&mdb->rbtdb); - RUNTIME_CHECK(isc_mutex_destroy(&mdb->newversion_lock) == ISC_R_SUCCESS); + /* isc_mutex_destroy errors are now fatal */ + isc_mutex_destroy(&mdb->newversion_lock); MEM_PUT_AND_DETACH(mdb); *mdbp = NULL; diff --git a/src/semaphore.c b/src/semaphore.c index d86019d..33ed59b 100644 --- a/src/semaphore.c +++ b/src/semaphore.c @@ -34,19 +34,21 @@ isc_interval_t conn_wait_timeout = { 3, 0 }; isc_result_t semaphore_init(semaphore_t *sem, int value) { - isc_result_t result; + isc_result_t result = ISC_R_SUCCESS; REQUIRE(sem != NULL); REQUIRE(value > 0); sem->value = value; - result = isc_mutex_init(&sem->mutex); - if (result != ISC_R_SUCCESS) - return result; - - result = isc_condition_init(&sem->cond); - if (result != ISC_R_SUCCESS) - DESTROYLOCK(&sem->mutex); + /* isc_mutex_init and isc_condition_init failures are now fatal */ + isc_mutex_init(&sem->mutex); + isc_condition_init(&sem->cond); + /* + * if (result != ISC_R_SUCCESS) { + * // isc_mutex_destroy failures are now fatal + * isc_mutex_destroy(&sem->mutex); + * } + */ return result; } @@ -62,8 +64,9 @@ semaphore_destroy(semaphore_t *sem) if (sem == NULL) return; - RUNTIME_CHECK(isc_mutex_destroy(&sem->mutex) == ISC_R_SUCCESS); - RUNTIME_CHECK(isc_condition_destroy(&sem->cond) == ISC_R_SUCCESS); + /* isc_mutex_destroy and isc_condition_destroy are now fatal */ + isc_mutex_destroy(&sem->mutex); + isc_condition_destroy(&sem->cond); } /** diff --git a/src/settings.c b/src/settings.c index 87de0e5..a6a8583 100644 --- a/src/settings.c +++ b/src/settings.c @@ -495,8 +495,8 @@ settings_set_create(isc_mem_t *mctx, const setting_t default_settings[], isc_mem_attach(mctx, &new_set->mctx); CHECKED_MEM_GET_PTR(mctx, new_set->lock); - result = isc_mutex_init(new_set->lock); - INSIST(result == ISC_R_SUCCESS); + /* isc_mutex_init failures are now fatal */ + isc_mutex_init(new_set->lock); new_set->parent_set = parent_set; @@ -533,7 +533,8 @@ settings_set_free(settings_set_t **set) { mctx = (*set)->mctx; if ((*set)->lock != NULL) { - DESTROYLOCK((*set)->lock); + /* isc_mutex_destroy failures are now fatal */ + isc_mutex_destroy((*set)->lock); SAFE_MEM_PUT_PTR(mctx, (*set)->lock); } diff --git a/src/syncrepl.c b/src/syncrepl.c index 054d625..83d7357 100644 --- a/src/syncrepl.c +++ b/src/syncrepl.c @@ -277,9 +277,11 @@ sync_ctx_init(isc_mem_t *mctx, ldap_instance_t *inst, sync_ctx_t **sctxp) { sctx->inst = inst; - CHECK(isc_mutex_init(&sctx->mutex)); + /* isc_mutex_init failures are now fatal */ + isc_mutex_init(&sctx->mutex); lock_ready = true; - CHECK(isc_condition_init(&sctx->cond)); + /* isc_mutex_init failures are now fatal */ + isc_condition_init(&sctx->cond); cond_ready = true; /* refcount includes ldap_inst->task implicitly */ @@ -297,8 +299,10 @@ sync_ctx_init(isc_mem_t *mctx, ldap_instance_t *inst, sync_ctx_t **sctxp) { return ISC_R_SUCCESS; cleanup: - if (lock_ready == true) - DESTROYLOCK(&sctx->mutex); + if (lock_ready == true) { + /* isc_mutex_destroy failures are now fatal */ + isc_mutex_destroy(&sctx->mutex); + } if (cond_ready == true) RUNTIME_CHECK(isc_condition_destroy(&sctx->cond) == ISC_R_SUCCESS); @@ -337,7 +341,8 @@ sync_ctx_free(sync_ctx_t **sctxp) { isc_refcount_destroy(&sctx->task_cnt); UNLOCK(&sctx->mutex); - DESTROYLOCK(&(*sctxp)->mutex); + /* isc_mutex_destroy is void now */ + isc_mutex_destroy(&(*sctxp)->mutex); MEM_PUT_AND_DETACH(*sctxp); } From 1c56646c429605e172c04e236b98efbc6992e7e6 Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: May 25 2020 06:41:39 +0000 Subject: [PATCH 6/47] bind-9.16: Use reworked isc_refcount_ functions isc_refcount_increment and isc_refcount_decrement now are returning the second parameter. isc_refcount_increment0 has been removed, isc_refcount_increment is used now in this case. --- diff --git a/src/ldap_driver.c b/src/ldap_driver.c index 31f6377..b93bd6f 100644 --- a/src/ldap_driver.c +++ b/src/ldap_driver.c @@ -118,7 +118,8 @@ attach(dns_db_t *source, dns_db_t **targetp) REQUIRE(VALID_LDAPDB(ldapdb)); - isc_refcount_increment(&ldapdb->refs, NULL); + /* isc_refcount_increment only has one argument now */ + isc_refcount_increment(&ldapdb->refs); *targetp = source; } @@ -167,7 +168,8 @@ detach(dns_db_t **dbp) REQUIRE(VALID_LDAPDB(ldapdb)); - isc_refcount_decrement(&ldapdb->refs, &refs); + /* isc_refcount_decrement only has one argument now */ + refs = isc_refcount_decrement(&ldapdb->refs); if (refs == 0) free_ldapdb(ldapdb); diff --git a/src/ldap_helper.c b/src/ldap_helper.c index bedcfdf..0c5a149 100644 --- a/src/ldap_helper.c +++ b/src/ldap_helper.c @@ -4839,7 +4839,7 @@ ldap_instance_isexiting(ldap_instance_t *ldap_inst) * (if it is even possible). */ void ldap_instance_taint(ldap_instance_t *ldap_inst) { - isc_refcount_increment0(&ldap_inst->errors, NULL); + isc_refcount_increment(&ldap_inst->errors); } bool @@ -4870,7 +4870,8 @@ isc_result_t ldap_instance_untaint_finish(ldap_instance_t *ldap_inst, unsigned int count) { unsigned int remaining = 0; while (count > 0) { - isc_refcount_decrement(&ldap_inst->errors, &remaining); + /* isc_refcount_decrement now has one parameter */ + remaining = isc_refcount_decrement(&ldap_inst->errors); count--; } if (remaining != 0) diff --git a/src/mldap.c b/src/mldap.c index 51df185..1cd5f33 100644 --- a/src/mldap.c +++ b/src/mldap.c @@ -107,7 +107,7 @@ mldap_closeversion(mldapdb_t *mldap, bool commit) { void mldap_cur_generation_bump(mldapdb_t *mldap) { REQUIRE(mldap != NULL); - isc_refcount_increment0(&mldap->generation, NULL); + isc_refcount_increment0(&mldap->generation); } /* diff --git a/src/syncrepl.c b/src/syncrepl.c index 83d7357..b17fafa 100644 --- a/src/syncrepl.c +++ b/src/syncrepl.c @@ -209,7 +209,8 @@ barrier_decrement(isc_task_t *task, isc_event_t *event) { REQUIRE(event != NULL); bev = (sync_barrierev_t *)event; - isc_refcount_decrement(&bev->sctx->task_cnt, &cnt); + /* isc_refcount_decrement now has one parameter */ + cnt = isc_refcount_decrement(&bev->sctx->task_cnt); if (cnt == 0) { log_debug(1, "sync_barrier_wait(): barrier reached"); LOCK(&bev->sctx->mutex); @@ -334,7 +335,7 @@ sync_ctx_free(sync_ctx_t **sctxp) { next_taskel = NEXT(taskel, link); UNLINK(sctx->tasks, taskel, link); isc_task_detach(&taskel->task); - isc_refcount_decrement(&sctx->task_cnt, NULL); + isc_refcount_decrement(&sctx->task_cnt); SAFE_MEM_PUT_PTR(sctx->mctx, taskel); } RUNTIME_CHECK(isc_condition_destroy(&sctx->cond) == ISC_R_SUCCESS); @@ -465,7 +466,7 @@ sync_task_add(sync_ctx_t *sctx, isc_task_t *task) { LOCK(&sctx->mutex); REQUIRE(sctx->state == sync_configinit || sctx->state == sync_datainit); ISC_LIST_APPEND(sctx->tasks, newel, link); - isc_refcount_increment0(&sctx->task_cnt, &cnt); + cnt = isc_refcount_increment0(&sctx->task_cnt); UNLOCK(&sctx->mutex); log_debug(2, "adding task %p to syncrepl list; %u tasks in list", From 80445703c4261270be53e3bef32c028151f6a70f Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: May 25 2020 06:41:39 +0000 Subject: [PATCH 7/47] bind-9.16: isc_thread_ functions are void and failures are fatal isc_thread_create and isc_thread_join are now void and failures are fatal. There is no code right now to handle the failures gracefully in bind-dyndb-ldap. --- diff --git a/src/ldap_helper.c b/src/ldap_helper.c index 0c5a149..729f2af 100644 --- a/src/ldap_helper.c +++ b/src/ldap_helper.c @@ -670,13 +670,16 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name, const char *parameters, mctx, &ldap_inst->db_imp)); /* Start the watcher thread */ - result = isc_thread_create(ldap_syncrepl_watcher, ldap_inst, - &ldap_inst->watcher); - if (result != ISC_R_SUCCESS) { - ldap_inst->watcher = 0; - log_error("Failed to create syncrepl watcher thread"); - goto cleanup; - } + /* isc_thread_create assert internally on failure */ + isc_thread_create(ldap_syncrepl_watcher, ldap_inst, + &ldap_inst->watcher); + /* + * if (result != ISC_R_SUCCESS) { + * ldap_inst->watcher = 0; + * log_error("Failed to create syncrepl watcher thread"); + * goto cleanup; + * } + */ cleanup: if (forwarders_list != NULL) @@ -718,8 +721,8 @@ ldap_syncrepl_watcher_shutdown(ldap_instance_t *ldap_inst) "(already terminated?)"); } - RUNTIME_CHECK(isc_thread_join(ldap_inst->watcher, NULL) - == ISC_R_SUCCESS); + /* isc_thread_join assert internally on failure */ + isc_thread_join(ldap_inst->watcher, NULL); } void From 49d93d0564f53b1e123fae7caa50c91ebed2d750 Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: May 25 2020 06:41:39 +0000 Subject: [PATCH 8/47] bind-9.16: Remove isc_ondestroy_init The whole ondestroy callback mechanism has been unused and removed from bind. --- diff --git a/src/ldap_driver.c b/src/ldap_driver.c index b93bd6f..6efc5d3 100644 --- a/src/ldap_driver.c +++ b/src/ldap_driver.c @@ -992,7 +992,8 @@ ldapdb_create(isc_mem_t *mctx, dns_name_t *name, dns_dbtype_t type, isc_mutex_init(&ldapdb->newversion_lock); lock_ready = true; dns_name_init(&ldapdb->common.origin, NULL); - isc_ondestroy_init(&ldapdb->common.ondest); + /* Remove whole unused ondestroy callback mechanism */ + /* isc_ondestroy_init(&ldapdb->common.ondest); */ ldapdb->common.magic = DNS_DB_MAGIC; ldapdb->common.impmagic = LDAPDB_MAGIC; From 72f910f9807c20720418278bcb76493e1ba1bfee Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: May 25 2020 06:41:39 +0000 Subject: [PATCH 9/47] bind-9.16: Handle dns_db_rpz_ deprecations dns_db_rpz_attach has been deprecated. It has been replaced by alternative code. dns_db_rpz_ready has been depreacted, it has been commented out. --- diff --git a/src/ldap_driver.c b/src/ldap_driver.c index 6efc5d3..9e73fa5 100644 --- a/src/ldap_driver.c +++ b/src/ldap_driver.c @@ -30,6 +30,7 @@ #include #include #include +#include #include /* For memcpy */ @@ -747,15 +748,22 @@ getrrsetstats(dns_db_t *db) { } void -rpz_attach(dns_db_t *db, dns_rpz_zones_t *rpzs, dns_rpz_num_t rpz_num) +rpz_attach(dns_db_t *db, void *void_rpzs, uint8_t rpz_num) { ldapdb_t *ldapdb = (ldapdb_t *) db; + dns_rpz_zones_t *rpzs = (dns_rpz_zones_t *) void_rpzs; + isc_result_t result; REQUIRE(VALID_LDAPDB(ldapdb)); - dns_db_rpz_attach(ldapdb->rbtdb, rpzs, rpz_num); + rpzs->zones[rpz_num]->db_registered = true; + result = dns_db_updatenotify_register(ldapdb->rbtdb, + dns_rpz_dbupdate_callback, + rpzs->zones[rpz_num]); + REQUIRE(result == ISC_R_SUCCESS); } +/* isc_result_t rpz_ready(dns_db_t *db) { @@ -765,6 +773,7 @@ rpz_ready(dns_db_t *db) return dns_db_rpz_ready(ldapdb->rbtdb); } +*/ static isc_result_t findnodeext(dns_db_t *db, dns_name_t *name, @@ -884,7 +893,7 @@ static dns_dbmethods_t ldapdb_methods = { isdnssec, getrrsetstats, rpz_attach, - rpz_ready, + NULL, /* rpz_ready */ findnodeext, findext, setcachestats, From d876325c54b701bfdeb6426fb8b709a065d01a7c Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: May 25 2020 06:41:39 +0000 Subject: [PATCH 10/47] bind-9.16: STATIC_ASSERT is now provided by isc/util.h STATIC_ASSERT is now provided by isc/util.h, therefore the defines in src/util.h have been removed. --- diff --git a/src/util.h b/src/util.h index b69c9b7..63ec058 100644 --- a/src/util.h +++ b/src/util.h @@ -136,19 +136,7 @@ extern bool verbose_checks; /* from settings.c */ * and this notice are preserved. This code is offered as-is, * without any warranty. */ -#define ASSERT_CONCAT_(a, b) a##b -#define ASSERT_CONCAT(a, b) ASSERT_CONCAT_(a, b) -/* These can't be used after statements in c89. */ -#ifdef __COUNTER__ - #define STATIC_ASSERT(e, m) \ - ;enum { ASSERT_CONCAT(static_assert_, __COUNTER__) = 1/(!!(e)) } -#else - /* This can't be used twice on the same line so ensure if using in headers - * that the headers are not included twice (by wrapping in #ifndef...#endif) - * Note it doesn't cause an issue when used on same line of separate modules - * compiled with gcc -combine -fwhole-program. */ - #define STATIC_ASSERT(e, m) \ - ;enum { ASSERT_CONCAT(assert_line_, __LINE__) = 1/(!!(e)) } -#endif + +/* STATIC_ASSERT is now provided by isc/util.h */ #endif /* !_LD_UTIL_H_ */ From d35b642cacd54f982b7079d8abd67e301f4d23d6 Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: May 25 2020 06:41:39 +0000 Subject: [PATCH 11/47] bind-9.16: Use const for dns_name_t root name dns_name_t root name needs to be const now. --- diff --git a/src/empty_zones.c b/src/empty_zones.c index e9027d5..4022f83 100644 --- a/src/empty_zones.c +++ b/src/empty_zones.c @@ -226,7 +226,7 @@ empty_zone_search_stop(empty_zone_search_t *iter) { * @returns @see empty_zone_search_next */ isc_result_t -empty_zone_search_init(empty_zone_search_t *iter, dns_name_t *qname, +empty_zone_search_init(empty_zone_search_t *iter, const dns_name_t *qname, dns_zt_t *ztable) { isc_result_t result; @@ -298,7 +298,7 @@ cleanup: * it failed and user configured policy != only. */ isc_result_t -empty_zone_handle_conflicts(dns_name_t *name, dns_zt_t *zonetable, +empty_zone_handle_conflicts(const dns_name_t *name, dns_zt_t *zonetable, bool warn_only) { isc_result_t result; diff --git a/src/empty_zones.h b/src/empty_zones.h index 024904e..83a8a24 100644 --- a/src/empty_zones.h +++ b/src/empty_zones.h @@ -21,11 +21,11 @@ void empty_zone_search_stop(empty_zone_search_t *iter) ATTR_NONNULLS; isc_result_t -empty_zone_search_init(empty_zone_search_t *iter, dns_name_t *qname, +empty_zone_search_init(empty_zone_search_t *iter, const dns_name_t *qname, dns_zt_t *ztable) ATTR_NONNULLS ATTR_CHECKRESULT; isc_result_t -empty_zone_handle_conflicts(dns_name_t *name, dns_zt_t *zonetable, +empty_zone_handle_conflicts(const dns_name_t *name, dns_zt_t *zonetable, bool warn_only) ATTR_NONNULLS ATTR_CHECKRESULT; /* Trigger to execute empty_zone_handle_conflicts() for dns_rootname. */ diff --git a/src/fwd.c b/src/fwd.c index ad27b28..37e55e9 100644 --- a/src/fwd.c +++ b/src/fwd.c @@ -491,7 +491,7 @@ cleanup: */ isc_result_t fwd_configure_zone(const settings_set_t *set, ldap_instance_t *inst, - dns_name_t *name) + const dns_name_t *name) { isc_result_t result; isc_mem_t *mctx = NULL; @@ -604,7 +604,7 @@ cleanup: } isc_result_t -fwd_delete_table(dns_view_t *view, dns_name_t *name, +fwd_delete_table(dns_view_t *view, const dns_name_t *name, const char *msg_obj_type, const char *logname) { isc_result_t result; diff --git a/src/fwd.h b/src/fwd.h index 8416d95..9567c83 100644 --- a/src/fwd.h +++ b/src/fwd.h @@ -26,11 +26,11 @@ fwd_parse_ldap(ldap_entry_t *entry, settings_set_t *set) ATTR_NONNULLS ATTR_CHECKRESULT; isc_result_t -fwd_configure_zone(const settings_set_t *set, ldap_instance_t *inst, dns_name_t *name) +fwd_configure_zone(const settings_set_t *set, ldap_instance_t *inst, const dns_name_t *name) ATTR_NONNULLS ATTR_CHECKRESULT; isc_result_t -fwd_delete_table(dns_view_t *view, dns_name_t *name, +fwd_delete_table(dns_view_t *view, const dns_name_t *name, const char *msg_obj_type, const char *logname) ATTR_NONNULLS ATTR_CHECKRESULT; diff --git a/src/ldap_driver.c b/src/ldap_driver.c index 9e73fa5..bac0103 100644 --- a/src/ldap_driver.c +++ b/src/ldap_driver.c @@ -325,7 +325,7 @@ closeversion(dns_db_t *db, dns_dbversion_t **versionp, bool commit) } static isc_result_t -findnode(dns_db_t *db, dns_name_t *name, bool create, +findnode(dns_db_t *db, const dns_name_t *name, bool create, dns_dbnode_t **nodep) { ldapdb_t *ldapdb = (ldapdb_t *) db; @@ -336,7 +336,7 @@ findnode(dns_db_t *db, dns_name_t *name, bool create, } static isc_result_t -find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, +find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version, dns_rdatatype_t type, unsigned int options, isc_stdtime_t now, dns_dbnode_t **nodep, dns_name_t *foundname, dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset) @@ -350,7 +350,7 @@ find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, } static isc_result_t -findzonecut(dns_db_t *db, dns_name_t *name, unsigned int options, +findzonecut(dns_db_t *db, const dns_name_t *name, unsigned int options, isc_stdtime_t now, dns_dbnode_t **nodep, dns_name_t *foundname, dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset) { @@ -686,7 +686,7 @@ getnsec3parameters(dns_db_t *db, dns_dbversion_t *version, } static isc_result_t -findnsec3node(dns_db_t *db, dns_name_t *name, bool create, +findnsec3node(dns_db_t *db, const dns_name_t *name, bool create, dns_dbnode_t **nodep) { ldapdb_t *ldapdb = (ldapdb_t *) db; @@ -776,7 +776,7 @@ rpz_ready(dns_db_t *db) */ static isc_result_t -findnodeext(dns_db_t *db, dns_name_t *name, +findnodeext(dns_db_t *db, const dns_name_t *name, bool create, dns_clientinfomethods_t *methods, dns_clientinfo_t *clientinfo, dns_dbnode_t **nodep) { @@ -789,7 +789,7 @@ findnodeext(dns_db_t *db, dns_name_t *name, } static isc_result_t -findext(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, +findext(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version, dns_rdatatype_t type, unsigned int options, isc_stdtime_t now, dns_dbnode_t **nodep, dns_name_t *foundname, dns_clientinfomethods_t *methods, dns_clientinfo_t *clientinfo, @@ -953,7 +953,7 @@ dns_ns_buildrdata(dns_name_t *origin, dns_name_t *ns_name, * @param[in] argv [0] is database instance name */ isc_result_t -ldapdb_associate(isc_mem_t *mctx, dns_name_t *name, dns_dbtype_t type, +ldapdb_associate(isc_mem_t *mctx, const dns_name_t *name, dns_dbtype_t type, dns_rdataclass_t rdclass, unsigned int argc, char *argv[], void *driverarg, dns_db_t **dbp) { diff --git a/src/ldap_driver.h b/src/ldap_driver.h index 62d50f6..5a21524 100644 --- a/src/ldap_driver.h +++ b/src/ldap_driver.h @@ -23,7 +23,7 @@ ldapdb_create(isc_mem_t *mctx, dns_name_t *name, dns_dbtype_t type, ATTR_NONNULL(1,2,5,6); isc_result_t -ldapdb_associate(isc_mem_t *mctx, dns_name_t *name, dns_dbtype_t type, +ldapdb_associate(isc_mem_t *mctx, const dns_name_t *name, dns_dbtype_t type, dns_rdataclass_t rdclass, unsigned int argc, char *argv[], void *driverarg, dns_db_t **dbp) ATTR_NONNULL(1,2,7,8); dns_db_t * diff --git a/src/zone_register.c b/src/zone_register.c index e31d5e8..205c7cd 100644 --- a/src/zone_register.c +++ b/src/zone_register.c @@ -341,7 +341,9 @@ delete_zone_info(void *arg1, void *arg2) * @pre Zone registed is locked. */ static isc_result_t -getzinfo(zone_register_t * const zr, dns_name_t *name, zone_info_t **zinfo) { +getzinfo(zone_register_t * const zr, const dns_name_t *name, + zone_info_t **zinfo) +{ isc_result_t result; void *data = NULL; @@ -438,8 +440,8 @@ cleanup: * Either ldapdbp or rbtdbp can be NULL. */ isc_result_t -zr_get_zone_dbs(zone_register_t *zr, dns_name_t *name, dns_db_t **ldapdbp, - dns_db_t **rbtdbp) +zr_get_zone_dbs(zone_register_t *zr, const dns_name_t *name, + dns_db_t **ldapdbp, dns_db_t **rbtdbp) { isc_result_t result; zone_info_t *zinfo = NULL; @@ -539,7 +541,8 @@ zr_get_zone_ptr(zone_register_t * const zr, dns_name_t * const name, * 'set'. */ isc_result_t -zr_get_zone_settings(zone_register_t *zr, dns_name_t *name, settings_set_t **set) +zr_get_zone_settings(zone_register_t *zr, const dns_name_t *name, + settings_set_t **set) { isc_result_t result; zone_info_t *zinfo = NULL; diff --git a/src/zone_register.h b/src/zone_register.h index 699f8ca..9d13bb6 100644 --- a/src/zone_register.h +++ b/src/zone_register.h @@ -28,7 +28,7 @@ isc_result_t zr_del_zone(zone_register_t *zr, dns_name_t *origin) ATTR_NONNULLS ATTR_CHECKRESULT; isc_result_t -zr_get_zone_dbs(zone_register_t *zr, dns_name_t *name, dns_db_t **ldapdbp, +zr_get_zone_dbs(zone_register_t *zr, const dns_name_t *name, dns_db_t **ldapdbp, dns_db_t **rbtdbp) ATTR_NONNULL(1, 2) ATTR_CHECKRESULT; isc_result_t @@ -40,7 +40,7 @@ zr_get_zone_ptr(zone_register_t * const zr, dns_name_t * const name, ATTR_NONNULL(1,2,3) ATTR_CHECKRESULT; isc_result_t -zr_get_zone_settings(zone_register_t *zr, dns_name_t *name, settings_set_t **set) ATTR_NONNULLS ATTR_CHECKRESULT; +zr_get_zone_settings(zone_register_t *zr, const dns_name_t *name, settings_set_t **set) ATTR_NONNULLS ATTR_CHECKRESULT; isc_result_t zr_get_zone_path(isc_mem_t *mctx, settings_set_t *settings, From f9104b6ad5e93f7491205f92ebd1e6f317db4262 Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: May 25 2020 06:41:39 +0000 Subject: [PATCH 12/47] bind-9.16: dns_view_flushcache has an additional parameter Because of the libdns refactoring there is only one version of dns_view_flushcache now. Therefore there is the additional parameter fixuponly now. --- diff --git a/src/fwd.c b/src/fwd.c index 37e55e9..f2aa426 100644 --- a/src/fwd.c +++ b/src/fwd.c @@ -579,7 +579,7 @@ fwd_configure_zone(const settings_set_t *set, ldap_instance_t *inst, CHECK(dns_fwdtable_addfwd(view->fwdtable, name, &fwdrs, fwdpolicy)); } - dns_view_flushcache(view); + dns_view_flushcache(view, false); run_exclusive_exit(inst, lock_state); lock_state = ISC_R_IGNORE; /* prevent double-unlock */ log_debug(5, "%s %s: forwarder table was updated: %s", From 9bc0f02fbb5c4229b6069325d29709ba71a8456d Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: May 25 2020 06:41:39 +0000 Subject: [PATCH 13/47] bind-9.16: dns_rbtnodechain_init has only one parameter dns_rbtnodechain_init has been simplified by removing the unnecessary 'mctx' parameter. --- diff --git a/src/rbt_helper.c b/src/rbt_helper.c index f610b07..2333d96 100644 --- a/src/rbt_helper.c +++ b/src/rbt_helper.c @@ -91,7 +91,7 @@ rbt_iter_first(isc_mem_t *mctx, dns_rbt_t *rbt, isc_rwlock_t *rwlock, ZERO_PTR(iter); isc_mem_attach(mctx, &iter->mctx); - dns_rbtnodechain_init(&iter->chain, mctx); + dns_rbtnodechain_init(&iter->chain); iter->rbt = rbt; iter->rwlock = rwlock; iter->locktype = isc_rwlocktype_read; From 515341d98e70952346e3e9bf49569b787785d88e Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: May 25 2020 06:41:39 +0000 Subject: [PATCH 14/47] bind-9.16: isc_refcount_t is now atomic_uint_fast32_t only isc_refcount_t is now using the fixed type atomic_uint_fast32_t. It is not a struct anymore. --- diff --git a/src/mldap.c b/src/mldap.c index 1cd5f33..eb72537 100644 --- a/src/mldap.c +++ b/src/mldap.c @@ -118,17 +118,12 @@ void mldap_cur_generation_bump(mldapdb_t *mldap) { * isc_refcount_t abstractions and returns underlying type used for storing the * reference counter value. */ -STATIC_ASSERT((uint32_t) - (typeof(((isc_refcount_t *)0)->refs)) - -1 - == 0xFFFFFFFF, \ - "negative isc_refcount_t cannot be properly shortened to 32 bits"); -STATIC_ASSERT((uint32_t) - (typeof(((isc_refcount_t *)0)->refs)) - 0x90ABCDEF12345678 - == 0x12345678, \ - "positive isc_refcount_t cannot be properly shortened to 32 bits"); +/* isc_refcount_t is simply atomic_uint_fast32_t now */ +STATIC_ASSERT((uint32_t)((isc_refcount_t) -1) == 0xFFFFFFFF, \ + "negative isc_refcount_t cannot be properly shortened to 32 bits"); +STATIC_ASSERT((uint32_t)((isc_refcount_t) 0x90ABCDEF12345678) == 0x12345678, \ + "negative isc_refcount_t cannot be properly shortened to 32 bits"); /** * Get current MetaLDAP generation number. From 0870cfe45482e89cb9977677d9270e8dcf295432 Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: May 25 2020 06:41:39 +0000 Subject: [PATCH 15/47] bind-9.16: dns_zone_setdbtype is now void dns_zone_setdbtype is now void as it could no longer return anything. Calls to it no longer check for a result. --- diff --git a/src/ldap_helper.c b/src/ldap_helper.c index 729f2af..0876961 100644 --- a/src/ldap_helper.c +++ b/src/ldap_helper.c @@ -1003,8 +1003,9 @@ create_zone(ldap_instance_t * const inst, const char * const dn, dns_zone_setclass(raw, dns_rdataclass_in); dns_zone_settype(raw, dns_zone_master); /* dns_zone_setview(raw, view); */ - CHECK(dns_zone_setdbtype(raw, sizeof(ldap_argv)/sizeof(ldap_argv[0]), - ldap_argv)); + /* dns_zone_setdbtype is now void as it could no longer return */ + dns_zone_setdbtype(raw, sizeof(ldap_argv)/sizeof(ldap_argv[0]), + ldap_argv); CHECK(configure_paths(inst->mctx, inst, raw, false)); if (want_secure == false) { @@ -1016,7 +1017,9 @@ create_zone(ldap_instance_t * const inst, const char * const dn, dns_zone_setclass(secure, dns_rdataclass_in); dns_zone_settype(secure, dns_zone_master); /* dns_zone_setview(secure, view); */ - CHECK(dns_zone_setdbtype(secure, 1, rbt_argv)); + /* dns_zone_setdbtype is now void as it could no longer + * return */ + dns_zone_setdbtype(secure, 1, rbt_argv); CHECK(dns_zonemgr_managezone(inst->zmgr, secure)); CHECK(dns_zone_link(secure, raw)); dns_zone_rekey(secure, true); From abf19124f1d02d834be1889ff16aaa9218cdd1df Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: May 25 2020 06:41:39 +0000 Subject: [PATCH 16/47] bind-9.16: Use dns_zone_getserial instead of dns_zone_getserial2 Because of the libdns refactoring there is only one version of dns_zone_getserial now. --- diff --git a/src/ldap_helper.c b/src/ldap_helper.c index 0876961..0ccba9c 100644 --- a/src/ldap_helper.c +++ b/src/ldap_helper.c @@ -1083,11 +1083,11 @@ load_zone(dns_zone_t *zone, bool log) { zone = NULL; } - CHECK(dns_zone_getserial2(raw, &serial)); + CHECK(dns_zone_getserial(raw, &serial)); if (log == true) dns_zone_log(raw, ISC_LOG_INFO, "loaded serial %u", serial); if (zone != NULL) { - result = dns_zone_getserial2(zone, &serial); + result = dns_zone_getserial(zone, &serial); if (result == ISC_R_SUCCESS && log == true) dns_zone_log(zone, ISC_LOG_INFO, "loaded serial %u", serial); @@ -3994,7 +3994,7 @@ update_restart: /* Check if the zone is loaded or not. * No other function above returns DNS_R_NOTLOADED. */ if (sync_state == sync_finished) - result = dns_zone_getserial2(raw, &serial); + result = dns_zone_getserial(raw, &serial); cleanup: #ifdef RBTDB_DEBUG @@ -4031,7 +4031,7 @@ cleanup: "caused by change in %s", ldap_entry_logname(entry)); zone_reloaded = true; - result = dns_zone_getserial2(raw, &serial); + result = dns_zone_getserial(raw, &serial); if (result == ISC_R_SUCCESS) goto update_restart; } else { From 3bcb7d2ec8c108d77d13a9888edfab42e5a47e9a Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: May 25 2020 06:41:39 +0000 Subject: [PATCH 17/47] bind-9.16: Use dns_byaddr_createptrname instead of dns_byaddr_createptrname2 Because of the libdns refactoring there is only one version of dns_byaddr_createptrname. --- diff --git a/src/syncptr.c b/src/syncptr.c index 0c3743d..a0a9ff2 100644 --- a/src/syncptr.c +++ b/src/syncptr.c @@ -134,7 +134,7 @@ sync_ptr_find(dns_zt_t *zonetable, zone_register_t *zone_register, const int af, * @example * 192.168.0.1 -> 1.0.168.192.in-addr.arpa */ - CHECK(dns_byaddr_createptrname2(&isc_ip, 0, ptr_name)); + CHECK(dns_byaddr_createptrname(&isc_ip, 0, ptr_name)); /* Find an active zone containing owner name of the PTR record. */ result = dns_zt_find(zonetable, ptr_name, 0, NULL, zone); From 6e37e870924f60746f1401a13002e873a73e7a7b Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: May 25 2020 06:41:39 +0000 Subject: [PATCH 18/47] bind-9.16: cfg_print_grammar has additional parameter bind9 changelog: update docbook grammar, removing dnssec-looksaide --- diff --git a/src/settings.c b/src/settings.c index a6a8583..4dbcc91 100644 --- a/src/settings.c +++ b/src/settings.c @@ -705,7 +705,7 @@ setting_set_parse_conf(isc_mem_t *mctx, const char *name, log_error("configuration for dyndb instance '%s' " "(starting in file %s on line %lu) is invalid", name, file, line); - cfg_print_grammar(cfg_type_conf, cfg_printer, log_buf); + cfg_print_grammar(cfg_type_conf, 0, cfg_printer, log_buf); log_info("expected grammar:\n" "%.*s", isc_buffer_usedlength(log_buf), (char *)isc_buffer_base(log_buf)); From 953b25e7eee7b7a9bceec2bfce5f642f3a740054 Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: May 25 2020 06:41:39 +0000 Subject: [PATCH 19/47] bind-9.16: dns_fwdtable_find has additional parameter dns_fwdtable_find has the additional parameter foundname now. --- diff --git a/src/ldap_helper.c b/src/ldap_helper.c index 0ccba9c..9dc83d1 100644 --- a/src/ldap_helper.c +++ b/src/ldap_helper.c @@ -579,7 +579,7 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name, const char *parameters, /* copy global forwarders setting for configuration roll back in * configure_zone_forwarders() */ result = dns_fwdtable_find(ldap_inst->view->fwdtable, dns_rootname, - &named_conf_forwarders); + NULL, &named_conf_forwarders); if (result == ISC_R_SUCCESS) { /* Copy forwarding config from named.conf into local_settings */ CHECK(fwd_print_list_buff(mctx, named_conf_forwarders, From 6fbaa9f90208b71b903cf27c48e66e9fe2e7b179 Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: May 25 2020 06:41:39 +0000 Subject: [PATCH 20/47] bins-9.16: dns_zone_setfile has additional parameters Because of the libdns refactoring there is only one version of dns_zone_setfile with addtional parameters format and style. dns_masterformat_text and dns_master_style_default are used as the default. --- diff --git a/src/ldap_helper.c b/src/ldap_helper.c index 9dc83d1..d45a8d6 100644 --- a/src/ldap_helper.c +++ b/src/ldap_helper.c @@ -954,7 +954,8 @@ configure_paths(isc_mem_t *mctx, ldap_instance_t *inst, dns_zone_t *zone, CHECK(zr_get_zone_path(mctx, ldap_instance_getsettings_local(inst), dns_zone_getorigin(zone), (issecure ? "signed" : "raw"), &file_name)); - CHECK(dns_zone_setfile(zone, str_buf(file_name))); + CHECK(dns_zone_setfile(zone, str_buf(file_name), dns_masterformat_text, + &dns_master_style_default)); if (issecure == true) { CHECK(zr_get_zone_path(mctx, ldap_instance_getsettings_local(inst), From ea604f72f1528a99a6cebecf3d028d990ec2e8f2 Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: May 25 2020 06:41:39 +0000 Subject: [PATCH 21/47] bind-9.16: dns_zone_load has additional parameter rndc reconfig should not touch already loaded zones, some refactoring of dns _{zone,view,zt}_{async,}load happened in bind9. --- diff --git a/src/ldap_helper.c b/src/ldap_helper.c index d45a8d6..33d8b28 100644 --- a/src/ldap_helper.c +++ b/src/ldap_helper.c @@ -1072,7 +1072,7 @@ load_zone(dns_zone_t *zone, bool log) { uint32_t serial; dns_zone_t *raw = NULL; - result = dns_zone_load(zone); + result = dns_zone_load(zone, false); if (result != ISC_R_SUCCESS && result != DNS_R_UPTODATE && result != DNS_R_DYNAMIC && result != DNS_R_CONTINUE) goto cleanup; From fab57f59d75979e31d63824a9b03333dfd5028cd Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: May 25 2020 06:41:39 +0000 Subject: [PATCH 22/47] bind-9.16: findzonecut and dns_db_findzonecut has additional parameter bind9 commit: QNAME miminimization should create a separate fetch context for each fetch - this makes the cache more efficient and eliminates duplicates queries. --- diff --git a/src/ldap_driver.c b/src/ldap_driver.c index bac0103..ea149ec 100644 --- a/src/ldap_driver.c +++ b/src/ldap_driver.c @@ -352,14 +352,15 @@ find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version, static isc_result_t findzonecut(dns_db_t *db, const dns_name_t *name, unsigned int options, isc_stdtime_t now, dns_dbnode_t **nodep, dns_name_t *foundname, - dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset) + dns_name_t *dcname, dns_rdataset_t *rdataset, + dns_rdataset_t *sigrdataset) { ldapdb_t *ldapdb = (ldapdb_t *) db; REQUIRE(VALID_LDAPDB(ldapdb)); return dns_db_findzonecut(ldapdb->rbtdb, name, options, now, nodep, - foundname, rdataset, sigrdataset); + foundname, dcname, rdataset, sigrdataset); } static void From 17c8305e4fbd130c969ecdaf44eeed71c528cde1 Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: May 25 2020 06:43:40 +0000 Subject: [PATCH 23/47] bind-9.16: dns_dbmethods_t has three more entries setservestalettl and getservestalettl has been added to be able to allow named to provide stale cached answers when the authoritative server is under attack. setgluecachestats has been added to add statistics for glue cache usage. --- diff --git a/src/ldap_driver.c b/src/ldap_driver.c index ea149ec..ffcf820 100644 --- a/src/ldap_driver.c +++ b/src/ldap_driver.c @@ -905,6 +905,7 @@ static dns_dbmethods_t ldapdb_methods = { setservestalettl, getservestalettl, #endif + NULL /* setgluecachestats */ }; isc_result_t ATTR_NONNULLS From fbfb261abff21da16cadb16471fcca72915b65f9 Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: May 25 2020 06:43:40 +0000 Subject: [PATCH 24/47] isc-bind 9.16: Temporary define HAVE_TLS and HAVE_THREAD_LOCAL As the isc-bind is not containing the config.h file, HAVE_TLS and HAVE_THREAD_LOCAL are not defined, but they are needed to be able to include isc/thread.h. --- diff --git a/src/ldap_helper.c b/src/ldap_helper.c index 33d8b28..b6fca3e 100644 --- a/src/ldap_helper.c +++ b/src/ldap_helper.c @@ -3,6 +3,8 @@ */ #include "config.h" +#define HAVE_TLS 1 +#define HAVE_THREAD_LOCAL 1 #include #include From 95b6e721f8ccf0b342645a95c99781ecf62343af Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: May 25 2020 06:43:40 +0000 Subject: [PATCH 25/47] bind-9.16: Use dns_name_copynf(...) for RUNTIME_CHECK(dns_name_copy(..., NULL)) This is bind9 upstream change c2dad0dcb2523a7711380e4409144745231b5282 Replace RUNTIME_CHECK(dns_name_copy(..., NULL)) with dns_name_copynf() Use the semantic patch from the previous commit to replace all the calls to dns_name_copy() with NULL as third argument with dns_name_copynf(). --- diff --git a/src/empty_zones.c b/src/empty_zones.c index 4022f83..24a344e 100644 --- a/src/empty_zones.c +++ b/src/empty_zones.c @@ -228,13 +228,11 @@ empty_zone_search_stop(empty_zone_search_t *iter) { isc_result_t empty_zone_search_init(empty_zone_search_t *iter, const dns_name_t *qname, dns_zt_t *ztable) { - isc_result_t result; - REQUIRE(iter != NULL); REQUIRE(dns_name_isabsolute(qname)); INIT_BUFFERED_NAME(iter->qname); - CHECK(dns_name_copy(qname, &iter->qname, NULL)); + dns_name_copynf(qname, &iter->qname); INIT_BUFFERED_NAME(iter->ezname); iter->nextidx = 0; @@ -243,9 +241,6 @@ empty_zone_search_init(empty_zone_search_t *iter, const dns_name_t *qname, dns_zt_attach(ztable, &iter->zonetable); return empty_zone_search_next(iter); - -cleanup: - return result; } /** diff --git a/src/ldap_convert.c b/src/ldap_convert.c index 93beff6..9a67256 100644 --- a/src/ldap_convert.c +++ b/src/ldap_convert.c @@ -131,7 +131,7 @@ dn_to_dnsname(isc_mem_t *mctx, const char *dn_str, dns_name_t *target, } else if (idx == 1) { /* zone only */ if (iszone != NULL) *iszone = true; - CHECK(dns_name_copy(dns_rootname, &origin, NULL)); + dns_name_copynf(dns_rootname, &origin); CHECK(dns_name_fromtext(&name, &name_buf, dns_rootname, 0, NULL)); } else if (idx == 2) { /* owner and zone */ if (iszone != NULL) diff --git a/src/mldap.c b/src/mldap.c index eb72537..b87fe30 100644 --- a/src/mldap.c +++ b/src/mldap.c @@ -322,8 +322,8 @@ mldap_dnsname_get(metadb_node_t *node, dns_name_t *fqdn, dns_name_t *zone) { CHECK(metadb_rdataset_get(node, dns_rdatatype_rp, &rdataset)); dns_rdataset_current(&rdataset, &rdata); CHECK(dns_rdata_tostruct(&rdata, &rp, NULL)); - CHECK(dns_name_copy(&rp.mail, fqdn, NULL)); - CHECK(dns_name_copy(&rp.text, zone, NULL)); + dns_name_copynf(&rp.mail, fqdn); + dns_name_copynf(&rp.text, zone); cleanup: if (dns_rdataset_isassociated(&rdataset)) diff --git a/src/syncptr.c b/src/syncptr.c index a0a9ff2..eca4458 100644 --- a/src/syncptr.c +++ b/src/syncptr.c @@ -399,7 +399,7 @@ sync_ptr_init(isc_mem_t *mctx, dns_zt_t * zonetable, isc_mem_attach(mctx, &ev->mctx); INIT_BUFFERED_NAME(ev->a_name); INIT_BUFFERED_NAME(ev->ptr_name); - CHECK(dns_name_copy(a_name, &ev->a_name, NULL)); + dns_name_copynf(a_name, &ev->a_name); ev->mod_op = mod_op; strncpy(ev->ip_str, ip_str, sizeof(ev->ip_str)); ev->ip_str[sizeof(ev->ip_str) - 1] = '\0'; From 11d1def5788c5f05b2280a2cd57edfc2997dac58 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: May 25 2020 06:43:40 +0000 Subject: [PATCH 26/47] WIP: Test build against bind 9.16 --- diff --git a/configure.ac b/configure.ac index 7997898..3abe109 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ AC_PREREQ([2.59]) -AC_INIT([bind-dyndb-ldap], [11.2], [freeipa-devel@redhat.com]) +AC_INIT([bind-dyndb-ldap], [16.0], [freeipa-devel@redhat.com]) AM_INIT_AUTOMAKE([-Wall foreign dist-bzip2]) diff --git a/contrib/bind-dyndb-ldap.spec b/contrib/bind-dyndb-ldap.spec index 36398ac..718fe47 100644 --- a/contrib/bind-dyndb-ldap.spec +++ b/contrib/bind-dyndb-ldap.spec @@ -3,7 +3,7 @@ %define bind_version 32:9.11.11-1 Name: bind-dyndb-ldap -Version: 11.2 +Version: 16.0 Release: 0%{?dist} Summary: LDAP back-end plug-in for BIND @@ -32,6 +32,7 @@ off of your LDAP server. %setup -q -n %{name}-%{VERSION} %build +export BIND9_CFLAGS="-I/usr/include/bind9" autoreconf -fiv %configure make %{?_smp_mflags} diff --git a/tests/azure/Dockerfiles/Dockerfile.build.fedora b/tests/azure/Dockerfiles/Dockerfile.build.fedora index 903b325..473aa2e 100644 --- a/tests/azure/Dockerfiles/Dockerfile.build.fedora +++ b/tests/azure/Dockerfiles/Dockerfile.build.fedora @@ -8,6 +8,7 @@ RUN echo 'deltarpm = false' >> /etc/dnf/dnf.conf \ && dnf install -y dnf-plugins-core sudo wget systemd firewalld nss-tools iptables \ && sed -i 's/%_install_langs \(.*\)/\0:fr/g' /etc/rpm/macros.image-language-conf \ && dnf install -y glibc-langpack-fr glibc-langpack-en \ + && dnf -y copr enable pemensik/bind-9.16 \ && dnf install -y /root/packages/*.rpm \ && dnf install -y openssh-server freeipa-server-dns python3-ipatests \ && dnf clean all && rm -rf /root/packages /root/srpms \ diff --git a/tests/azure/azure-pipelines.yml b/tests/azure/azure-pipelines.yml index 63b95c0..e773dd5 100644 --- a/tests/azure/azure-pipelines.yml +++ b/tests/azure/azure-pipelines.yml @@ -19,7 +19,7 @@ jobs: set -e echo "Running autoconf generator" autoreconf -i -f - ./configure + BIND9_CFLAGS="-I/usr/include/bind9" ./configure displayName: Configure the project - template: templates/${{ variables.BUILD_TEMPLATE }} - template: templates/publish-build.yml diff --git a/tests/azure/templates/prepare-build-fedora.yml b/tests/azure/templates/prepare-build-fedora.yml index 09b4d0e..0a9715a 100644 --- a/tests/azure/templates/prepare-build-fedora.yml +++ b/tests/azure/templates/prepare-build-fedora.yml @@ -3,6 +3,7 @@ steps: set -e sudo rm -rf /var/cache/dnf/* sudo dnf makecache || : + sudo dnf -y copr enable pemensik/bind-9.16 echo "Installing base development environment" sudo dnf install -y \ gdb-minimal \ From 372bd252b5f5e084bd6e2a18b23f4d3c6d9911ee Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: May 25 2020 06:43:40 +0000 Subject: [PATCH 27/47] WIP: test against FreeIPA with bind external pkcs11 engine --- diff --git a/tests/azure/Dockerfiles/Dockerfile.build.fedora b/tests/azure/Dockerfiles/Dockerfile.build.fedora index 473aa2e..2e06d6d 100644 --- a/tests/azure/Dockerfiles/Dockerfile.build.fedora +++ b/tests/azure/Dockerfiles/Dockerfile.build.fedora @@ -9,6 +9,7 @@ RUN echo 'deltarpm = false' >> /etc/dnf/dnf.conf \ && sed -i 's/%_install_langs \(.*\)/\0:fr/g' /etc/rpm/macros.image-language-conf \ && dnf install -y glibc-langpack-fr glibc-langpack-en \ && dnf -y copr enable pemensik/bind-9.16 \ + && dnf -y copr enable abbra/freeipa-bind-pkcs11 \ && dnf install -y /root/packages/*.rpm \ && dnf install -y openssh-server freeipa-server-dns python3-ipatests \ && dnf clean all && rm -rf /root/packages /root/srpms \ diff --git a/tests/azure/azure_definitions/gating-fedora.yml b/tests/azure/azure_definitions/gating-fedora.yml index 13f6d7a..b74accd 100644 --- a/tests/azure/azure_definitions/gating-fedora.yml +++ b/tests/azure/azure_definitions/gating-fedora.yml @@ -4,31 +4,31 @@ vms: tests: - test_integration/test_installation.py::TestInstallMaster -- vm_jobs: - - container_job: DNSSEC_tests - containers: - replicas: 2 - tests: - - test_integration/test_dnssec.py +# - vm_jobs: +# - container_job: DNSSEC_tests +# containers: +# replicas: 2 +# tests: +# - test_integration/test_dnssec.py -- vm_jobs: - - container_job: simple_replication - containers: - replicas: 1 - tests: - - test_integration/test_simple_replication.py +# - vm_jobs: +# - container_job: simple_replication +# containers: +# replicas: 1 +# tests: +# - test_integration/test_simple_replication.py -- vm_jobs: - - container_job: Backup_and_Restore_with_DNSSEC - tests: - - test_integration/test_backup_and_restore.py::TestBackupAndRestoreWithDNSSEC - - test_integration/test_backup_and_restore.py::TestBackupReinstallRestoreWithDNSSEC - containers: - replicas: 1 +# - vm_jobs: +# - container_job: Backup_and_Restore_with_DNSSEC +# tests: +# - test_integration/test_backup_and_restore.py::TestBackupAndRestoreWithDNSSEC +# - test_integration/test_backup_and_restore.py::TestBackupReinstallRestoreWithDNSSEC +# containers: +# replicas: 1 -- vm_jobs: - - container_job: DNSSEC_hidden_replica_promotion - containers: - replicas: 2 - tests: - - test_integration/test_replica_promotion.py::TestHiddenReplicaPromotion +# - vm_jobs: +# - container_job: DNSSEC_hidden_replica_promotion +# containers: +# replicas: 2 +# tests: +# - test_integration/test_replica_promotion.py::TestHiddenReplicaPromotion From 49629b91506e27a3d7fb36b59c3b462fa529dce0 Mon Sep 17 00:00:00 2001 From: Stanislav Levin Date: May 25 2020 06:45:49 +0000 Subject: [PATCH 28/47] bind-9.11.6: Remove compat defines `update-policy` matchtype is no longer defined as preprocessor directive, but enum type. https://gitlab.isc.org/isc-projects/bind9/-/commit/995c41e8f04aa14299c72af684a2e58507f4c55b --- diff --git a/src/acl.c b/src/acl.c index efacf89..6fa2245 100644 --- a/src/acl.c +++ b/src/acl.c @@ -110,35 +110,20 @@ get_match_type(const cfg_obj_t *obj, unsigned int *value) MATCH("zonesub", dns_ssumatchtype_subdomain); MATCH("wildcard", dns_ssumatchtype_wildcard); MATCH("self", dns_ssumatchtype_self); -#if defined(dns_ssumatchtype_selfSUB) && defined(dns_ssumatchtype_selfwild) - MATCH("selfsub", dns_ssumatchtype_selfSUB); + MATCH("selfsub", dns_ssumatchtype_selfsub); MATCH("selfwild", dns_ssumatchtype_selfwild); -#endif -#ifdef dns_ssumatchtype_selfms MATCH("ms-self", dns_ssumatchtype_selfms); -#endif -#ifdef dns_ssumatchtype_selfkrb5 MATCH("krb5-self", dns_ssumatchtype_selfkrb5); -#endif - /* At least bind 9.11.5 or 9.12.3 is required for it * as these match types are part of CVE-2018-5741 fixes */ MATCH("ms-selfsub", dns_ssumatchtype_selfsubms); MATCH("krb5-selfsub", dns_ssumatchtype_selfsubkrb5); -#ifdef dns_ssumatchtype_subdomainms MATCH("ms-subdomain", dns_ssumatchtype_subdomainms); -#endif -#ifdef dns_ssumatchtype_subdomainkrb5 MATCH("krb5-subdomain", dns_ssumatchtype_subdomainkrb5); -#endif -#if defined(dns_ssumatchtype_tcpself) && defined(dns_ssumatchtype_6to4self) MATCH("tcp-self", dns_ssumatchtype_tcpself); MATCH("6to4-self", dns_ssumatchtype_6to4self); -#endif -#if defined(dns_ssumatchtype_external) MATCH("external", dns_ssumatchtype_external); -#endif log_bug("unsupported match type '%s'", str); return ISC_R_NOTIMPLEMENTED; From 954319ec5bec4cb44fe5a3da93a866c2870c1235 Mon Sep 17 00:00:00 2001 From: Stanislav Levin Date: May 25 2020 06:45:49 +0000 Subject: [PATCH 29/47] bind-9.16: Follow project's cleanup rule RUNTIME_CHECK aborts the execution of named while CHECK jumps to cleanup label with the result code. --- diff --git a/src/fs.c b/src/fs.c index bfe5524..09df584 100644 --- a/src/fs.c +++ b/src/fs.c @@ -81,7 +81,7 @@ fs_dirs_create(const char *path) { /* isc_string_copy has been removed */ if (strlcpy(curr_path, path, PATH_MAX) >= PATH_MAX) { - return ISC_R_NOSPACE; + CLEANUP_WITH(ISC_R_NOSPACE); } for (end = strchr(curr_path, '/'); diff --git a/src/ldap_convert.c b/src/ldap_convert.c index 9a67256..0e5c818 100644 --- a/src/ldap_convert.c +++ b/src/ldap_convert.c @@ -237,6 +237,7 @@ dns_to_ldap_dn_escape(isc_mem_t *mctx, const char * const dns_str, char ** ldap_ int idx_symb_first = -1; /* index of first "nice" printable symbol in dns_str */ int dns_idx = 0; int esc_idx = 0; + int s_len; REQUIRE(dns_str != NULL); REQUIRE(ldap_name != NULL && *ldap_name == NULL); @@ -287,8 +288,12 @@ dns_to_ldap_dn_escape(isc_mem_t *mctx, const char * const dns_str, char ** ldap_ /* LDAP uses \xy escaping. "xy" represent two hexadecimal digits.*/ /* TODO: optimize to bit mask & rotate & dec->hex table? */ /* isc_string_printf has been removed */ - result = snprintf(esc_name + esc_idx, 4, "\\%02x", ascii_val); - esc_idx += 3; /* isc_string_printf wrote 4 bytes including '\0' */ + s_len = snprintf(esc_name + esc_idx, + 4, "\\%02x", ascii_val); + if (s_len < 0 || s_len >= 4) { + CLEANUP_WITH(ISC_R_NOSPACE); + } + esc_idx += 3; /* snprintf wrote 4 bytes including '\0' */ } } if (idx_symb_first != -1) { /* copy last nice part */ @@ -431,28 +436,34 @@ isc_result_t rdatatype_to_ldap_attribute(dns_rdatatype_t rdtype, char *target, unsigned int size, bool unknown) { + isc_result_t result = ISC_R_SUCCESS; char rdtype_str[DNS_RDATATYPE_FORMATSIZE]; if (unknown) { /* "UnknownRecord;TYPE65333" */ /* isc_string_copy and isc_string_append have been removed */ if (strlcpy(target, LDAP_RDATATYPE_UNKNOWN_PREFIX, size) - >= size) - return ISC_R_NOSPACE; + >= size) { + CLEANUP_WITH(ISC_R_NOSPACE); + } snprintf(rdtype_str, sizeof(rdtype_str), "TYPE%u", rdtype); - if (strlcat(target, rdtype_str, size) >= size) - return ISC_R_NOSPACE; + if (strlcat(target, rdtype_str, size) >= size) { + CLEANUP_WITH(ISC_R_NOSPACE); + } } else { /* "ARecord" */ dns_rdatatype_format(rdtype, rdtype_str, DNS_RDATATYPE_FORMATSIZE); /* isc_string_copy and isc_string_append have been removed */ - if (strlcpy(target, rdtype_str, size) >= size) - return ISC_R_NOSPACE; - if (strlcat(target, LDAP_RDATATYPE_SUFFIX, size) >= size) - return ISC_R_NOSPACE; + if (strlcpy(target, rdtype_str, size) >= size) { + CLEANUP_WITH(ISC_R_NOSPACE); + } + if (strlcat(target, LDAP_RDATATYPE_SUFFIX, size) >= size) { + CLEANUP_WITH(ISC_R_NOSPACE); + } } - return ISC_R_SUCCESS; +cleanup: + return result; } /** diff --git a/src/ldap_helper.c b/src/ldap_helper.c index b6fca3e..eacae03 100644 --- a/src/ldap_helper.c +++ b/src/ldap_helper.c @@ -392,6 +392,7 @@ validate_local_instance_settings(ldap_instance_t *inst, settings_set_t *set) { char print_buff[PRINT_BUFF_SIZE]; const char *auth_method_str = NULL; ldap_auth_t auth_method_enum = AUTH_INVALID; + int s_len; if (strlen(inst->db_name) <= 0) { log_error("LDAP instance name cannot be empty"); @@ -448,8 +449,10 @@ validate_local_instance_settings(ldap_instance_t *inst, settings_set_t *set) { CLEANUP_WITH(ISC_R_FAILURE); } /* isc_string_printf has been removed */ - result = snprintf(print_buff, PRINT_BUFF_SIZE, "%u", auth_method_enum); - RUNTIME_CHECK(result < PRINT_BUFF_SIZE); + s_len = snprintf(print_buff, PRINT_BUFF_SIZE, "%u", auth_method_enum); + if (s_len < 0 || s_len >= PRINT_BUFF_SIZE) { + CLEANUP_WITH(ISC_R_NOSPACE); + } CHECK(setting_set("auth_method_enum", inst->local_settings, print_buff)); @@ -560,6 +563,7 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name, const char *parameters, ldap_inst->watcher = 0; CHECK(sync_ctx_init(ldap_inst->mctx, ldap_inst, &ldap_inst->sctx)); + /* truncation is allowed */ snprintf(settings_name, PRINT_BUFF_SIZE, SETTING_SET_NAME_LOCAL " for database %s", ldap_inst->db_name); @@ -567,6 +571,7 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name, const char *parameters, sizeof(settings_local_default), settings_name, &settings_default_set, &ldap_inst->local_settings)); + /* truncation is allowed */ snprintf(settings_name, PRINT_BUFF_SIZE, SETTING_SET_NAME_GLOBAL " for database %s", ldap_inst->db_name); @@ -633,14 +638,16 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name, const char *parameters, /* zero-length server_id means undefined value */ CHECK(setting_get_str("server_id", ldap_inst->local_settings, &server_id)); - if (strlen(server_id) == 0) + if (strlen(server_id) == 0) { + /* truncation is allowed */ snprintf(settings_name, PRINT_BUFF_SIZE, SETTING_SET_NAME_SERVER " for undefined server_id"); - - else + } else { + /* truncation is allowed */ snprintf(settings_name, PRINT_BUFF_SIZE, SETTING_SET_NAME_SERVER " for server id %s", server_id); + } CHECK(settings_set_create(mctx, settings_server_ldap_default, sizeof(settings_server_ldap_default), settings_name, @@ -839,6 +846,7 @@ cleanup_zone_files(dns_zone_t *zone) { const char *filename = NULL; dns_zone_t *raw = NULL; int namelen; + int s_len; char bck_filename[PATH_MAX]; dns_zone_getraw(zone, &raw); @@ -861,9 +869,11 @@ cleanup_zone_files(dns_zone_t *zone) { namelen = strlen(filename); if (namelen > 4 && strcmp(filename + namelen - 4, ".jnl") == 0) namelen -= 4; - result = snprintf(bck_filename, sizeof(bck_filename), - "%.*s.jbk", namelen, filename); - RUNTIME_CHECK(result < sizeof(bck_filename)); + s_len = snprintf(bck_filename, sizeof(bck_filename), + "%.*s.jbk", namelen, filename); + if (s_len < 0 || (unsigned)s_len >= sizeof(bck_filename)) { + CLEANUP_WITH(ISC_R_NOSPACE); + } CHECK(fs_file_remove(bck_filename)); cleanup: @@ -1727,6 +1737,7 @@ ldap_replace_serial(ldap_instance_t *inst, dns_name_t *zone, LDAPMod change; LDAPMod *changep[2] = { &change, NULL }; ld_string_t *dn = NULL; + int s_len; REQUIRE(inst != NULL); @@ -1736,8 +1747,10 @@ ldap_replace_serial(ldap_instance_t *inst, dns_name_t *zone, change.mod_op = LDAP_MOD_REPLACE; change.mod_type = "idnsSOAserial"; change.mod_values = values; - result = snprintf(serial_char, MAX_SERIAL_LENGTH, "%u", serial); - RUNTIME_CHECK(result < MAX_SERIAL_LENGTH); + s_len = snprintf(serial_char, MAX_SERIAL_LENGTH, "%u", serial); + if (s_len < 0 || (unsigned)s_len >= MAX_SERIAL_LENGTH) { + CLEANUP_WITH(ISC_R_NOSPACE); + } CHECK(ldap_modify_do(inst, str_buf(dn), changep, false)); @@ -3309,8 +3322,9 @@ ldap_rdttl_to_ldapmod(isc_mem_t *mctx, dns_rdatalist_t *rdlist, change->mod_op = LDAP_MOD_REPLACE; /* isc_string_copy has been removed */ if (strlcpy(change->mod_type, "dnsTTL", LDAP_ATTR_FORMATSIZE) - >= LDAP_ATTR_FORMATSIZE) - return ISC_R_NOSPACE; + >= LDAP_ATTR_FORMATSIZE) { + CLEANUP_WITH(ISC_R_NOSPACE); + } CHECKED_MEM_ALLOCATE(mctx, vals, 2 * sizeof(char *)); memset(vals, 0, 2 * sizeof(char *)); @@ -3339,6 +3353,7 @@ modify_soa_record(ldap_instance_t *ldap_inst, const char *zone_dn, { isc_result_t result = ISC_R_SUCCESS; dns_rdata_soa_t soa; + int s_len; LDAPMod change[5]; LDAPMod *changep[6] = { &change[0], &change[1], &change[2], &change[3], &change[4], @@ -3355,9 +3370,11 @@ modify_soa_record(ldap_instance_t *ldap_inst, const char *zone_dn, change[index].mod_values = alloca(2 * sizeof(char *)); \ change[index].mod_values[0] = alloca(MAX_SOANUM_LENGTH); \ change[index].mod_values[1] = NULL; \ - result = snprintf(change[index].mod_values[0], \ - MAX_SOANUM_LENGTH, "%u", soa.name); \ - RUNTIME_CHECK(result < MAX_SOANUM_LENGTH); + s_len = snprintf(change[index].mod_values[0], MAX_SOANUM_LENGTH, \ + "%u", soa.name); \ + if (s_len < 0 || s_len >= MAX_SOANUM_LENGTH) { \ + CLEANUP_WITH(ISC_R_NOSPACE); \ + } dns_rdata_tostruct(rdata, (void *)&soa, ldap_inst->mctx); @@ -3371,6 +3388,7 @@ modify_soa_record(ldap_instance_t *ldap_inst, const char *zone_dn, result = ldap_modify_do(ldap_inst, zone_dn, changep, false); +cleanup: return result; #undef MAX_SOANUM_LENGTH @@ -3524,8 +3542,9 @@ remove_rdtype_from_ldap(dns_name_t *owner, dns_name_t *zone, CHECK(rdatatype_to_ldap_attribute(type, attr, sizeof(attr), unknown_type)); if (strlcpy(change[0]->mod_type, attr, LDAP_ATTR_FORMATSIZE) - >= LDAP_ATTR_FORMATSIZE) - return ISC_R_NOSPACE; + >= LDAP_ATTR_FORMATSIZE) { + CLEANUP_WITH(ISC_R_NOSPACE); + } CHECK(ldap_modify_do(ldap_inst, str_buf(dn), change, false)); ldap_mod_free(ldap_inst->mctx, &change[0]); unknown_type = !unknown_type; @@ -4631,6 +4650,7 @@ ldap_sync_doit(ldap_instance_t *inst, ldap_connection_t *conn, const char * const filter_objcs, int mode) { isc_result_t result; int ret; + int s_len; ldap_sync_t *ldap_sync = NULL; const char *err_hint = ""; char filter[1024]; @@ -4645,15 +4665,20 @@ ldap_sync_doit(ldap_instance_t *inst, ldap_connection_t *conn, /* request idnsServerConfig object only if server_id is specified */ CHECK(setting_get_str("server_id", inst->server_ldap_settings, &server_id)); if (strlen(server_id) == 0) { - result = snprintf(filter, sizeof(filter), config_template, - "", "", "", filter_objcs); - RUNTIME_CHECK(result < sizeof(filter)); + s_len = snprintf(filter, sizeof(filter), + config_template, "", "", "", filter_objcs); + if (s_len < 0 || (unsigned)s_len >= sizeof(filter)) { + CLEANUP_WITH(ISC_R_NOSPACE); + } } else { - result = snprintf(filter, sizeof(filter), config_template, - " (&(objectClass=idnsServerConfigObject)" - " (idnsServerId=", server_id, "))", - filter_objcs); - RUNTIME_CHECK(result < sizeof(filter)); + s_len = snprintf(filter, sizeof(filter), + config_template, + " (&(objectClass=idnsServerConfigObject)" + " (idnsServerId=", server_id, "))", + filter_objcs); + if (s_len < 0 || (unsigned)s_len >= sizeof(filter)) { + CLEANUP_WITH(ISC_R_NOSPACE); + } } result = ldap_sync_prepare(inst, inst->server_ldap_settings, diff --git a/src/settings.c b/src/settings.c index 4dbcc91..6f1f30c 100644 --- a/src/settings.c +++ b/src/settings.c @@ -282,8 +282,9 @@ set_value(isc_mem_t *mctx, const settings_set_t *set, setting_t *setting, CHECKED_MEM_ALLOCATE(mctx, setting->value.value_char, len); setting->is_dynamic = true; /* isc_string_copy has been removed */ - if (strlcpy(setting->value.value_char, value, len) >= len) - return ISC_R_NOSPACE; + if (strlcpy(setting->value.value_char, value, len) >= len) { + CLEANUP_WITH(ISC_R_NOSPACE); + } break; case ST_UNSIGNED_INTEGER: diff --git a/src/zone_register.c b/src/zone_register.c index 205c7cd..8fc158e 100644 --- a/src/zone_register.c +++ b/src/zone_register.c @@ -280,7 +280,7 @@ create_zone_info(isc_mem_t * const mctx, dns_zone_t * const raw, dns_zone_attach(secure, &zinfo->secure); zinfo->settings = NULL; - /* isc_string_printf_truncate has been removed */ + /* truncation is allowed */ snprintf(settings_name, PRINT_BUFF_SIZE, SETTING_SET_NAME_ZONE " %s", dn); CHECK(settings_set_create(mctx, zone_settings, sizeof(zone_settings), From 54f57ae3573cff2ec851fc0738ee73af9948177e Mon Sep 17 00:00:00 2001 From: Stanislav Levin Date: May 25 2020 06:45:49 +0000 Subject: [PATCH 30/47] bind-9.16: isc_condition_destroy is still neither void nor fatal https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_16/lib/isc/pthreads/include/isc/condition.h#L54 --- diff --git a/src/semaphore.c b/src/semaphore.c index 33ed59b..b6d02ff 100644 --- a/src/semaphore.c +++ b/src/semaphore.c @@ -64,9 +64,9 @@ semaphore_destroy(semaphore_t *sem) if (sem == NULL) return; - /* isc_mutex_destroy and isc_condition_destroy are now fatal */ + /* isc_mutex_destroy is now fatal */ isc_mutex_destroy(&sem->mutex); - isc_condition_destroy(&sem->cond); + RUNTIME_CHECK(isc_condition_destroy(&sem->cond) == ISC_R_SUCCESS); } /** From 3463a075c21a36b5a12f97002e11d0a48ce084b8 Mon Sep 17 00:00:00 2001 From: Stanislav Levin Date: May 25 2020 06:45:49 +0000 Subject: [PATCH 31/47] bind-9.16: Correct reference counting With [0] BIND atomic functions for reference counting have the identical interface as their C11 counter parts. This means that these functions return the _previous_ refcount instead of the current one. [0]: https://gitlab.isc.org/isc-projects/bind9/-/commit/bef8ac5bae0f95dbff76ec99a7994024a5d6c64e --- diff --git a/src/ldap_driver.c b/src/ldap_driver.c index ffcf820..0ba1ec5 100644 --- a/src/ldap_driver.c +++ b/src/ldap_driver.c @@ -119,7 +119,6 @@ attach(dns_db_t *source, dns_db_t **targetp) REQUIRE(VALID_LDAPDB(ldapdb)); - /* isc_refcount_increment only has one argument now */ isc_refcount_increment(&ldapdb->refs); *targetp = source; } @@ -165,16 +164,12 @@ static void detach(dns_db_t **dbp) { ldapdb_t *ldapdb = (ldapdb_t *)(*dbp); - unsigned int refs; REQUIRE(VALID_LDAPDB(ldapdb)); - /* isc_refcount_decrement only has one argument now */ - refs = isc_refcount_decrement(&ldapdb->refs); - - if (refs == 0) + if (isc_refcount_decrement(&ldapdb->refs) == 1) { free_ldapdb(ldapdb); - + } *dbp = NULL; } diff --git a/src/ldap_helper.c b/src/ldap_helper.c index eacae03..851cbf5 100644 --- a/src/ldap_helper.c +++ b/src/ldap_helper.c @@ -4873,7 +4873,7 @@ ldap_instance_isexiting(ldap_instance_t *ldap_inst) * (if it is even possible). */ void ldap_instance_taint(ldap_instance_t *ldap_inst) { - isc_refcount_increment(&ldap_inst->errors); + isc_refcount_increment0(&ldap_inst->errors); } bool @@ -4902,14 +4902,12 @@ ldap_instance_untaint_start(ldap_instance_t *ldap_inst) { */ isc_result_t ldap_instance_untaint_finish(ldap_instance_t *ldap_inst, unsigned int count) { - unsigned int remaining = 0; while (count > 0) { - /* isc_refcount_decrement now has one parameter */ - remaining = isc_refcount_decrement(&ldap_inst->errors); + isc_refcount_decrement(&ldap_inst->errors); count--; } - if (remaining != 0) - return DNS_R_CONTINUE; - else + if (isc_refcount_current(&ldap_inst->errors) == 0) { return ISC_R_SUCCESS; + } + return DNS_R_CONTINUE; } diff --git a/src/syncrepl.c b/src/syncrepl.c index b17fafa..3b2539c 100644 --- a/src/syncrepl.c +++ b/src/syncrepl.c @@ -202,16 +202,13 @@ barrier_decrement(isc_task_t *task, isc_event_t *event) { sync_barrierev_t *bev = NULL; sync_barrierev_t *fev = NULL; isc_event_t *ev = NULL; - uint32_t cnt; bool locked = false; REQUIRE(ISCAPI_TASK_VALID(task)); REQUIRE(event != NULL); bev = (sync_barrierev_t *)event; - /* isc_refcount_decrement now has one parameter */ - cnt = isc_refcount_decrement(&bev->sctx->task_cnt); - if (cnt == 0) { + if (isc_refcount_decrement(&bev->sctx->task_cnt) == 1) { log_debug(1, "sync_barrier_wait(): barrier reached"); LOCK(&bev->sctx->mutex); locked = true; @@ -335,7 +332,7 @@ sync_ctx_free(sync_ctx_t **sctxp) { next_taskel = NEXT(taskel, link); UNLINK(sctx->tasks, taskel, link); isc_task_detach(&taskel->task); - isc_refcount_decrement(&sctx->task_cnt); + (void)isc_refcount_decrement(&sctx->task_cnt); SAFE_MEM_PUT_PTR(sctx->mctx, taskel); } RUNTIME_CHECK(isc_condition_destroy(&sctx->cond) == ISC_R_SUCCESS); @@ -451,7 +448,6 @@ sync_state_reset(sync_ctx_t *sctx) { isc_result_t sync_task_add(sync_ctx_t *sctx, isc_task_t *task) { isc_result_t result = ISC_R_SUCCESS; - uint32_t cnt; task_element_t *newel = NULL; REQUIRE(sctx != NULL); @@ -466,11 +462,11 @@ sync_task_add(sync_ctx_t *sctx, isc_task_t *task) { LOCK(&sctx->mutex); REQUIRE(sctx->state == sync_configinit || sctx->state == sync_datainit); ISC_LIST_APPEND(sctx->tasks, newel, link); - cnt = isc_refcount_increment0(&sctx->task_cnt); + isc_refcount_increment0(&sctx->task_cnt); UNLOCK(&sctx->mutex); - log_debug(2, "adding task %p to syncrepl list; %u tasks in list", - task, cnt); + log_debug(2, "adding task %p to syncrepl list; %lu tasks in list", + task, isc_refcount_current(&sctx->task_cnt)); cleanup: return result; From 1d21b51b06ed3426879fec5b5c2e7e9d1e5c6a2c Mon Sep 17 00:00:00 2001 From: Stanislav Levin Date: May 25 2020 06:45:49 +0000 Subject: [PATCH 32/47] bind-9.16: Clean up isc_ondestroy_init --- diff --git a/src/ldap_driver.c b/src/ldap_driver.c index 0ba1ec5..cab7a9b 100644 --- a/src/ldap_driver.c +++ b/src/ldap_driver.c @@ -998,8 +998,6 @@ ldapdb_create(isc_mem_t *mctx, dns_name_t *name, dns_dbtype_t type, isc_mutex_init(&ldapdb->newversion_lock); lock_ready = true; dns_name_init(&ldapdb->common.origin, NULL); - /* Remove whole unused ondestroy callback mechanism */ - /* isc_ondestroy_init(&ldapdb->common.ondest); */ ldapdb->common.magic = DNS_DB_MAGIC; ldapdb->common.impmagic = LDAPDB_MAGIC; From 62342212532b46b11a9d229d0bc6b7655158d288 Mon Sep 17 00:00:00 2001 From: Stanislav Levin Date: May 25 2020 06:45:49 +0000 Subject: [PATCH 33/47] bind-9.16: Fix assertions on isc_refcount_init Since [0] isc_refcount_init doesn't return isc_result_t and fallbacks to C11 atomic_init. [0]: https://gitlab.isc.org/isc-projects/bind9/-/commit/0a7535ac81b2305b320794a8bad45c03c186021e --- diff --git a/src/ldap_driver.c b/src/ldap_driver.c index cab7a9b..6c2a230 100644 --- a/src/ldap_driver.c +++ b/src/ldap_driver.c @@ -1008,7 +1008,7 @@ ldapdb_create(isc_mem_t *mctx, dns_name_t *name, dns_dbtype_t type, CHECK(dns_name_dupwithoffsets(name, mctx, &ldapdb->common.origin)); - CHECK(isc_refcount_init(&ldapdb->refs, 1)); + isc_refcount_init(&ldapdb->refs, 1); ldapdb->ldap_inst = driverarg; CHECK(dns_db_create(mctx, "rbt", name, dns_dbtype_zone, diff --git a/src/ldap_helper.c b/src/ldap_helper.c index 851cbf5..8b15a84 100644 --- a/src/ldap_helper.c +++ b/src/ldap_helper.c @@ -553,7 +553,7 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name, const char *parameters, CHECKED_MEM_GET_PTR(mctx, ldap_inst); ZERO_PTR(ldap_inst); - CHECK(isc_refcount_init(&ldap_inst->errors, 0)); + isc_refcount_init(&ldap_inst->errors, 0); isc_mem_attach(mctx, &ldap_inst->mctx); CHECKED_MEM_STRDUP(mctx, db_name, ldap_inst->db_name); dns_view_attach(dctx->view, &ldap_inst->view); diff --git a/src/mldap.c b/src/mldap.c index b87fe30..fbab108 100644 --- a/src/mldap.c +++ b/src/mldap.c @@ -63,7 +63,7 @@ mldap_new(isc_mem_t *mctx, mldapdb_t **mldapp) { ZERO_PTR(mldap); isc_mem_attach(mctx, &mldap->mctx); - CHECK(isc_refcount_init(&mldap->generation, 0)); + isc_refcount_init(&mldap->generation, 0); CHECK(metadb_new(mctx, &mldap->mdb)); *mldapp = mldap; diff --git a/src/syncrepl.c b/src/syncrepl.c index 3b2539c..2352319 100644 --- a/src/syncrepl.c +++ b/src/syncrepl.c @@ -283,7 +283,7 @@ sync_ctx_init(isc_mem_t *mctx, ldap_instance_t *inst, sync_ctx_t **sctxp) { cond_ready = true; /* refcount includes ldap_inst->task implicitly */ - CHECK(isc_refcount_init(&sctx->task_cnt, 0)); + isc_refcount_init(&sctx->task_cnt, 0); refcount_ready = true; ISC_LIST_INIT(sctx->tasks); From c5e4952b238d22f8212bc11d25d7e52456062ef7 Mon Sep 17 00:00:00 2001 From: Stanislav Levin Date: May 25 2020 06:45:49 +0000 Subject: [PATCH 34/47] bind-9.16: Refactor dns_fixedname_name Use dns_fixedname_initname() where possible. This is the backport of https://gitlab.isc.org/isc-projects/bind9/-/commit/4df4a8e73149dd4df1b9aad44db3c33e1c4f1880 --- diff --git a/src/acl.c b/src/acl.c index 6fa2245..0fead9a 100644 --- a/src/acl.c +++ b/src/acl.c @@ -163,9 +163,7 @@ get_fixed_name(const cfg_obj_t *obj, const char *name, dns_fixedname_t *fname) else isc_buffer_add(&buf, len); - dns_fixedname_init(fname); - - result = dns_name_fromtext(dns_fixedname_name(fname), &buf, + result = dns_name_fromtext(dns_fixedname_initname(fname), &buf, dns_rootname, false, NULL); if (result != ISC_R_SUCCESS) log_error("'%s' is not a valid name", str); @@ -305,9 +303,8 @@ acl_configure_zone_ssutable(const char *policy_str, dns_zone_t *zone) result = get_fixed_name(stmt, "name", &fname); if (result == ISC_R_NOTFOUND && match_type == dns_ssumatchtype_subdomain) { - dns_fixedname_init(&fname); CHECK(dns_name_copy(dns_zone_getorigin(zone), - dns_fixedname_name(&fname), + dns_fixedname_initname(&fname), &fname.buffer)); } else if (result != ISC_R_SUCCESS) diff --git a/src/ldap_driver.c b/src/ldap_driver.c index 6c2a230..1bf8647 100644 --- a/src/ldap_driver.c +++ b/src/ldap_driver.c @@ -472,9 +472,7 @@ node_isempty(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, char buff[DNS_NAME_FORMATSIZE]; isc_result_t result; - dns_fixedname_init(&fname); - - CHECK(ldapdb_name_fromnode(node, dns_fixedname_name(&fname))); + CHECK(ldapdb_name_fromnode(node, dns_fixedname_initname(&fname))); result = dns_db_allrdatasets(db, node, version, now, &rds_iter); if (result == ISC_R_NOTFOUND) { From 560f7be46bc965d6caf9f536d6ef17d9345ea180 Mon Sep 17 00:00:00 2001 From: Stanislav Levin Date: May 25 2020 06:45:49 +0000 Subject: [PATCH 35/47] bind-9.16: Refactor detach dyndb This is the backport of https://gitlab.isc.org/isc-projects/bind9/-/commit/0f24c55d38efe99fe72980f6e443ba60c2b4edc6 --- diff --git a/src/ldap_driver.c b/src/ldap_driver.c index 1bf8647..0e9127b 100644 --- a/src/ldap_driver.c +++ b/src/ldap_driver.c @@ -127,6 +127,8 @@ attach(dns_db_t *source, dns_db_t **targetp) static void ATTR_NONNULLS free_ldapdb(ldapdb_t *ldapdb) { + REQUIRE(VALID_LDAPDB(ldapdb)); + #ifdef RBTDB_DEBUG isc_result_t result; dns_dbversion_t *version = NULL; @@ -163,14 +165,14 @@ cleanup: static void detach(dns_db_t **dbp) { + REQUIRE(dbp != NULL && VALID_LDAPDB((ldapdb_t *)(*dbp))); ldapdb_t *ldapdb = (ldapdb_t *)(*dbp); - REQUIRE(VALID_LDAPDB(ldapdb)); + *dbp = NULL; if (isc_refcount_decrement(&ldapdb->refs) == 1) { free_ldapdb(ldapdb); } - *dbp = NULL; } From 240a8182ee7d8dec0b27f9e948b3ef1a77fcbb4c Mon Sep 17 00:00:00 2001 From: Stanislav Levin Date: May 25 2020 06:45:49 +0000 Subject: [PATCH 36/47] bind-9.16: Don't re-initialize hash in BIND-only mode That has been done by named server. This is the backport of https://gitlab.isc.org/isc-projects/bind9/-/commit/2e7d82443fa415398f37e145325cca26d501a942 --- diff --git a/src/ldap_driver.c b/src/ldap_driver.c index 0e9127b..8c4ff62 100644 --- a/src/ldap_driver.c +++ b/src/ldap_driver.c @@ -1097,11 +1097,10 @@ dyndb_init(isc_mem_t *mctx, const char *name, const char *parameters, isc_lib_register(); isc_log_setcontext(dctx->lctx); dns_log_setcontext(dctx->lctx); + isc_hash_set_initializer(dctx->hashinit); log_debug(5, "registering library from dynamic ldap driver, %p != %p.", dctx->refvar, &isc_bind9); } - isc_hash_set_initializer(dctx->hashinit); - log_debug(2, "registering dynamic ldap driver for %s.", name); /* Finally, create the instance. */ From 4edd26c96e08b9094ae18d1342cf9eb066c20e24 Mon Sep 17 00:00:00 2001 From: Stanislav Levin Date: May 25 2020 06:45:49 +0000 Subject: [PATCH 37/47] bind-9.16: isc_mem_get cannot fail gracefully now Since [0] malloc is handled directly in default_memalloc and it aborts on NULL pointer result. Further check is no longer needed. Thus, isc_mem_get based macro can be safely removed [1]. [0]: https://gitlab.isc.org/isc-projects/bind9/-/commit/8de2451756 [1]: https://gitlab.isc.org/isc-projects/bind9/-/commit/f63e696967 https://gitlab.isc.org/isc-projects/bind9/-/commit/ae83801e2b --- diff --git a/src/acl.c b/src/acl.c index 0fead9a..e484403 100644 --- a/src/acl.c +++ b/src/acl.c @@ -200,9 +200,9 @@ get_types(isc_mem_t *mctx, const cfg_obj_t *obj, dns_rdatatype_t **typesp, obj = cfg_tuple_get(obj, "types"); n = count_list_elements(obj); - if (n > 0) - CHECKED_MEM_GET(mctx, types, n * sizeof(dns_rdatatype_t)); - + if (n > 0) { + types = isc_mem_get(mctx, n * sizeof(dns_rdatatype_t)); + } i = 0; for (el = cfg_list_first(obj); el != NULL; el = cfg_list_next(el)) { const cfg_obj_t *typeobj; diff --git a/src/fwd.c b/src/fwd.c index f2aa426..5f03e26 100644 --- a/src/fwd.c +++ b/src/fwd.c @@ -49,7 +49,6 @@ buffer_append_str(void *closure, const char *text, int textlen) { isc_buffer_region(out_buf, &old_space); new_space.length = isc_buffer_length(out_buf) + textlen + 1; new_space.base = isc_mem_get(out_buf->mctx, new_space.length); - RUNTIME_CHECK(new_space.base != NULL); isc_buffer_reinit(out_buf, new_space.base, new_space.length); if (old_space.base != NULL) isc_mem_put(out_buf->mctx, old_space.base, old_space.length); @@ -272,7 +271,7 @@ fwd_parse_str(const char *fwdrs_str, isc_mem_t *mctx, addr = *cfg_obj_assockaddr(fwdr_cfg); if (isc_sockaddr_getport(&addr) == 0) isc_sockaddr_setport(&addr, port); - CHECKED_MEM_GET_PTR(mctx, fwdr); + fwdr = isc_mem_get(mctx, sizeof(*(fwdr))); fwdr->addr = addr; fwdr->dscp = cfg_obj_getdscp(fwdr_cfg); ISC_LINK_INIT(fwdr, link); diff --git a/src/fwd_register.c b/src/fwd_register.c index 06a4d92..cc9764b 100644 --- a/src/fwd_register.c +++ b/src/fwd_register.c @@ -31,7 +31,7 @@ fwdr_create(isc_mem_t *mctx, fwd_register_t **fwdrp) REQUIRE(fwdrp != NULL && *fwdrp == NULL); - CHECKED_MEM_GET_PTR(mctx, fwdr); + fwdr = isc_mem_get(mctx, sizeof(*(fwdr))); ZERO_PTR(fwdr); isc_mem_attach(mctx, &fwdr->mctx); CHECK(dns_rbt_create(mctx, NULL, NULL, &fwdr->rbt)); @@ -41,11 +41,10 @@ fwdr_create(isc_mem_t *mctx, fwd_register_t **fwdrp) return ISC_R_SUCCESS; cleanup: - if (fwdr != NULL) { - if (fwdr->rbt != NULL) - dns_rbt_destroy(&fwdr->rbt); - MEM_PUT_AND_DETACH(fwdr); + if (fwdr->rbt != NULL) { + dns_rbt_destroy(&fwdr->rbt); } + MEM_PUT_AND_DETACH(fwdr); return result; } diff --git a/src/ldap_driver.c b/src/ldap_driver.c index 8c4ff62..471b047 100644 --- a/src/ldap_driver.c +++ b/src/ldap_driver.c @@ -990,7 +990,7 @@ ldapdb_create(isc_mem_t *mctx, dns_name_t *name, dns_dbtype_t type, REQUIRE(driverarg != NULL); REQUIRE(dbp != NULL && *dbp == NULL); - CHECKED_MEM_GET_PTR(mctx, ldapdb); + ldapdb = isc_mem_get(mctx, sizeof(*(ldapdb))); ZERO_PTR(ldapdb); isc_mem_attach(mctx, &ldapdb->common.mctx); diff --git a/src/ldap_entry.c b/src/ldap_entry.c index d0f83d4..cdf26d8 100644 --- a/src/ldap_entry.c +++ b/src/ldap_entry.c @@ -68,7 +68,6 @@ static isc_result_t ATTR_NONNULLS ATTR_CHECKRESULT ldap_attr_create(isc_mem_t *mctx, LDAP *ld, LDAPMessage *ldap_entry, ldap_attribute_t *attr) { - isc_result_t result; char **values; ldap_value_t *val; @@ -84,7 +83,7 @@ ldap_attr_create(isc_mem_t *mctx, LDAP *ld, LDAPMessage *ldap_entry, attr->ldap_values = values; for (unsigned int i = 0; values[i] != NULL; i++) { - CHECKED_MEM_GET_PTR(mctx, val); + val = isc_mem_get(mctx, sizeof(*(val))); val->value = values[i]; INIT_LINK(val, link); @@ -92,12 +91,6 @@ ldap_attr_create(isc_mem_t *mctx, LDAP *ld, LDAPMessage *ldap_entry, } return ISC_R_SUCCESS; - -cleanup: - ldap_valuelist_destroy(mctx, &attr->values); - ldap_value_free(values); - - return result; } /** @@ -112,7 +105,7 @@ ldap_entry_init(isc_mem_t *mctx, ldap_entry_t **entryp) { REQUIRE(entryp != NULL); REQUIRE(*entryp == NULL); - CHECKED_MEM_GET_PTR(mctx, entry); + entry = isc_mem_get(mctx, sizeof(*(entry))); ZERO_PTR(entry); isc_mem_attach(mctx, &entry->mctx); INIT_LIST(entry->attrs); @@ -120,7 +113,7 @@ ldap_entry_init(isc_mem_t *mctx, ldap_entry_t **entryp) { INIT_BUFFERED_NAME(entry->fqdn); INIT_BUFFERED_NAME(entry->zone_name); - CHECKED_MEM_GET(mctx, entry->rdata_target_mem, DNS_RDATA_MAXLENGTH); + entry->rdata_target_mem = isc_mem_get(mctx, DNS_RDATA_MAXLENGTH); CHECK(isc_lex_create(mctx, TOKENSIZ, &entry->lex)); *entryp = entry; @@ -203,7 +196,7 @@ ldap_entry_parse(isc_mem_t *mctx, LDAP *ld, LDAPMessage *ldap_entry, for (attribute = ldap_first_attribute(ld, ldap_entry, &ber); attribute != NULL; attribute = ldap_next_attribute(ld, ldap_entry, ber)) { - CHECKED_MEM_GET_PTR(mctx, attr); + attr = isc_mem_get(mctx, sizeof(*(attr))); ZERO_PTR(attr); attr->name = attribute; diff --git a/src/ldap_helper.c b/src/ldap_helper.c index 8b15a84..113d86f 100644 --- a/src/ldap_helper.c +++ b/src/ldap_helper.c @@ -551,7 +551,7 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name, const char *parameters, REQUIRE(ldap_instp != NULL && *ldap_instp == NULL); - CHECKED_MEM_GET_PTR(mctx, ldap_inst); + ldap_inst = isc_mem_get(mctx, sizeof(*(ldap_inst))); ZERO_PTR(ldap_inst); isc_refcount_init(&ldap_inst->errors, 0); isc_mem_attach(mctx, &ldap_inst->mctx); @@ -790,13 +790,12 @@ destroy_ldap_instance(ldap_instance_t **ldap_instp) static isc_result_t ATTR_NONNULLS ATTR_CHECKRESULT new_ldap_connection(ldap_pool_t *pool, ldap_connection_t **ldap_connp) { - isc_result_t result; ldap_connection_t *ldap_conn; REQUIRE(pool != NULL); REQUIRE(ldap_connp != NULL && *ldap_connp == NULL); - CHECKED_MEM_GET_PTR(pool->mctx, ldap_conn); + ldap_conn = isc_mem_get(pool->mctx, sizeof(*(ldap_conn))); ZERO_PTR(ldap_conn); /* isc_mutex_init and isc_condition_init failures are now fatal */ @@ -813,11 +812,6 @@ new_ldap_connection(ldap_pool_t *pool, ldap_connection_t **ldap_connp) *ldap_connp = ldap_conn; return ISC_R_SUCCESS; - -cleanup: - destroy_ldap_connection(&ldap_conn); - - return result; } static void @@ -2283,7 +2277,7 @@ findrdatatype_or_create(isc_mem_t *mctx, ldapdb_rdatalist_t *rdatalist, result = ldapdb_rdatalist_findrdatatype(rdatalist, rdtype, &rdlist); if (result != ISC_R_SUCCESS) { - CHECKED_MEM_GET_PTR(mctx, rdlist); + rdlist = isc_mem_get(mctx, sizeof(*(rdlist))); dns_rdatalist_init(rdlist); rdlist->rdclass = rdclass; @@ -2692,11 +2686,11 @@ parse_rdata(isc_mem_t *mctx, ldap_entry_t *entry, CHECK(dns_rdata_fromtext(NULL, rdclass, rdtype, entry->lex, origin, 0, mctx, &entry->rdata_target, NULL)); - CHECKED_MEM_GET_PTR(mctx, rdata); + rdata = isc_mem_get(mctx, sizeof(*(rdata))); dns_rdata_init(rdata); rdatamem.length = isc_buffer_usedlength(&entry->rdata_target); - CHECKED_MEM_GET(mctx, rdatamem.base, rdatamem.length); + rdatamem.base = isc_mem_get(mctx, rdatamem.length); memcpy(rdatamem.base, isc_buffer_base(&entry->rdata_target), rdatamem.length); @@ -3177,22 +3171,15 @@ isc_result_t ATTR_NONNULLS ATTR_CHECKRESULT ldap_mod_create(isc_mem_t *mctx, LDAPMod **changep) { LDAPMod *change = NULL; - isc_result_t result; REQUIRE(changep != NULL && *changep == NULL); - CHECKED_MEM_GET_PTR(mctx, change); + change = isc_mem_get(mctx, sizeof(*(change))); ZERO_PTR(change); - CHECKED_MEM_GET(mctx, change->mod_type, LDAP_ATTR_FORMATSIZE); + change->mod_type = isc_mem_get(mctx, LDAP_ATTR_FORMATSIZE); *changep = change; return ISC_R_SUCCESS; - -cleanup: - if (change != NULL) - SAFE_MEM_PUT_PTR(mctx, change); - - return result; } /** @@ -3604,13 +3591,13 @@ ldap_pool_create(isc_mem_t *mctx, unsigned int connections, ldap_pool_t **poolp) REQUIRE(poolp != NULL && *poolp == NULL); - CHECKED_MEM_GET(mctx, pool, sizeof(*pool)); + pool = isc_mem_get(mctx, sizeof(*pool)); ZERO_PTR(pool); isc_mem_attach(mctx, &pool->mctx); CHECK(semaphore_init(&pool->conn_semaphore, connections)); - CHECKED_MEM_GET(mctx, pool->conns, - connections * sizeof(ldap_connection_t *)); + pool->conns = isc_mem_get(mctx, + connections * sizeof(ldap_connection_t *)); memset(pool->conns, 0, connections * sizeof(ldap_connection_t *)); pool->connections = connections; diff --git a/src/metadb.c b/src/metadb.c index 1f3c0ef..f469a30 100644 --- a/src/metadb.c +++ b/src/metadb.c @@ -40,7 +40,7 @@ metadb_new(isc_mem_t *mctx, metadb_t **mdbp) { REQUIRE(mdbp != NULL && *mdbp == NULL); - CHECKED_MEM_GET_PTR(mctx, mdb); + mdb = isc_mem_get(mctx, sizeof(*(mdb))); ZERO_PTR(mdb); isc_mem_attach(mctx, &mdb->mctx); @@ -55,13 +55,11 @@ metadb_new(isc_mem_t *mctx, metadb_t **mdbp) { return result; cleanup: - if (mdb != NULL) { - if (lock_ready == true) { - /* isc_mutex_destroy errors are now fatal */ - isc_mutex_destroy(&mdb->newversion_lock); - } - MEM_PUT_AND_DETACH(mdb); + if (lock_ready == true) { + /* isc_mutex_destroy errors are now fatal */ + isc_mutex_destroy(&mdb->newversion_lock); } + MEM_PUT_AND_DETACH(mdb); return result; } @@ -163,7 +161,7 @@ metadb_iterator_create(metadb_t *mdb, metadb_iter_t **miterp) { REQUIRE(mdb != NULL); REQUIRE(miterp != NULL && *miterp == NULL); - CHECKED_MEM_GET_PTR(mdb->mctx, miter); + miter = isc_mem_get(mdb->mctx, sizeof(*(miter))); ZERO_PTR(miter); isc_mem_attach(mdb->mctx, &miter->mctx); @@ -261,7 +259,7 @@ metadb_node_init(metadb_t *mdb, dns_dbversion_t *ver, dns_name_t *mname, REQUIRE(nodep != NULL && *nodep == NULL); - CHECKED_MEM_GET_PTR(mdb->mctx, node); + node = isc_mem_get(mdb->mctx, sizeof(*(node))); ZERO_PTR(node); isc_mem_attach(mdb->mctx, &node->mctx); diff --git a/src/mldap.c b/src/mldap.c index fbab108..ced1777 100644 --- a/src/mldap.c +++ b/src/mldap.c @@ -59,7 +59,7 @@ mldap_new(isc_mem_t *mctx, mldapdb_t **mldapp) { REQUIRE(mldapp != NULL && *mldapp == NULL); - CHECKED_MEM_GET_PTR(mctx, mldap); + mldap = isc_mem_get(mctx, sizeof(*(mldap))); ZERO_PTR(mldap); isc_mem_attach(mctx, &mldap->mctx); @@ -425,7 +425,7 @@ mldap_iter_deadnodes_start(mldapdb_t *mldap, metadb_iter_t **iterp, REQUIRE(iterp != NULL && *iterp == NULL); CHECK(metadb_iterator_create(mldap->mdb, &iter)); - CHECKED_MEM_GET(mldap->mctx, iter->state, sizeof(uint32_t)); + iter->state = isc_mem_get(mldap->mctx, sizeof(uint32_t)); result = dns_dbiterator_seek(iter->iter, &uuid_rootname); if (result == ISC_R_NOTFOUND) /* metaLDAP is empty */ CLEANUP_WITH(ISC_R_NOMORE); diff --git a/src/rbt_helper.c b/src/rbt_helper.c index 2333d96..2d30d3c 100644 --- a/src/rbt_helper.c +++ b/src/rbt_helper.c @@ -87,7 +87,7 @@ rbt_iter_first(isc_mem_t *mctx, dns_rbt_t *rbt, isc_rwlock_t *rwlock, REQUIRE(rwlock != NULL); REQUIRE(iterp != NULL && *iterp == NULL); - CHECKED_MEM_GET_PTR(mctx, iter); + iter = isc_mem_get(mctx, sizeof(*(iter))); ZERO_PTR(iter); isc_mem_attach(mctx, &iter->mctx); diff --git a/src/settings.c b/src/settings.c index 6f1f30c..9c86dce 100644 --- a/src/settings.c +++ b/src/settings.c @@ -495,7 +495,7 @@ settings_set_create(isc_mem_t *mctx, const setting_t default_settings[], ZERO_PTR(new_set); isc_mem_attach(mctx, &new_set->mctx); - CHECKED_MEM_GET_PTR(mctx, new_set->lock); + new_set->lock = isc_mem_get(mctx, sizeof(*(new_set->lock))); /* isc_mutex_init failures are now fatal */ isc_mutex_init(new_set->lock); diff --git a/src/syncrepl.c b/src/syncrepl.c index 2352319..e0b6dea 100644 --- a/src/syncrepl.c +++ b/src/syncrepl.c @@ -269,7 +269,7 @@ sync_ctx_init(isc_mem_t *mctx, ldap_instance_t *inst, sync_ctx_t **sctxp) { REQUIRE(sctxp != NULL && *sctxp == NULL); - CHECKED_MEM_GET_PTR(mctx, sctx); + sctx = isc_mem_get(mctx, sizeof(*(sctx))); ZERO_PTR(sctx); isc_mem_attach(mctx, &sctx->mctx); @@ -447,13 +447,12 @@ sync_state_reset(sync_ctx_t *sctx) { */ isc_result_t sync_task_add(sync_ctx_t *sctx, isc_task_t *task) { - isc_result_t result = ISC_R_SUCCESS; task_element_t *newel = NULL; REQUIRE(sctx != NULL); REQUIRE(ISCAPI_TASK_VALID(task)); - CHECKED_MEM_GET_PTR(sctx->mctx, newel); + newel = isc_mem_get(sctx->mctx, sizeof(*(newel))); ZERO_PTR(newel); ISC_LINK_INIT(newel, link); newel->task = NULL; @@ -468,8 +467,7 @@ sync_task_add(sync_ctx_t *sctx, isc_task_t *task) { log_debug(2, "adding task %p to syncrepl list; %lu tasks in list", task, isc_refcount_current(&sctx->task_cnt)); -cleanup: - return result; + return ISC_R_SUCCESS; } /** diff --git a/src/util.h b/src/util.h index 63ec058..18b6eb9 100644 --- a/src/util.h +++ b/src/util.h @@ -45,19 +45,6 @@ extern bool verbose_checks; /* from settings.c */ } \ } while (0) -#define CHECKED_MEM_GET(m, target_ptr, s) \ - do { \ - (target_ptr) = isc_mem_get((m), (s)); \ - if ((target_ptr) == NULL) { \ - result = ISC_R_NOMEMORY; \ - log_error_position("Memory allocation failed"); \ - goto cleanup; \ - } \ - } while (0) - -#define CHECKED_MEM_GET_PTR(m, target_ptr) \ - CHECKED_MEM_GET(m, target_ptr, sizeof(*(target_ptr))) - #define CHECKED_MEM_STRDUP(m, source, target) \ do { \ (target) = isc_mem_strdup((m), (source)); \ diff --git a/src/zone_register.c b/src/zone_register.c index 8fc158e..c9f5b5d 100644 --- a/src/zone_register.c +++ b/src/zone_register.c @@ -111,7 +111,7 @@ zr_create(isc_mem_t *mctx, ldap_instance_t *ldap_inst, REQUIRE(glob_settings != NULL); REQUIRE(zrp != NULL && *zrp == NULL); - CHECKED_MEM_GET_PTR(mctx, zr); + zr = isc_mem_get(mctx, sizeof(*(zr))); ZERO_PTR(zr); isc_mem_attach(mctx, &zr->mctx); CHECK(dns_rbt_create(mctx, delete_zone_info, mctx, &zr->rbt)); @@ -123,11 +123,10 @@ zr_create(isc_mem_t *mctx, ldap_instance_t *ldap_inst, return ISC_R_SUCCESS; cleanup: - if (zr != NULL) { - if (zr->rbt != NULL) - dns_rbt_destroy(&zr->rbt); - MEM_PUT_AND_DETACH(zr); + if (zr->rbt != NULL) { + dns_rbt_destroy(&zr->rbt); } + MEM_PUT_AND_DETACH(zr); return result; } @@ -272,7 +271,7 @@ create_zone_info(isc_mem_t * const mctx, dns_zone_t * const raw, REQUIRE(dn != NULL); REQUIRE(zinfop != NULL && *zinfop == NULL); - CHECKED_MEM_GET_PTR(mctx, zinfo); + zinfo = isc_mem_get(mctx, sizeof(*(zinfo))); ZERO_PTR(zinfo); CHECKED_MEM_STRDUP(mctx, dn, zinfo->dn); dns_zone_attach(raw, &zinfo->raw); From 6ec702a6d6be1ad4b2fcca97c6fe5f414333601f Mon Sep 17 00:00:00 2001 From: Stanislav Levin Date: May 25 2020 06:45:49 +0000 Subject: [PATCH 38/47] bind-9.16: isc_mem_allocate cannot fail gracefully now Since [0] malloc is handled directly in default_memalloc and it aborts on NULL pointer result. Further check is no longer needed. Thus, isc_mem_allocate based macro can be safely removed [1]. [0]: https://gitlab.isc.org/isc-projects/bind9/-/commit/8de2451756 [1]: https://gitlab.isc.org/isc-projects/bind9/-/commit/3c1d4298af https://gitlab.isc.org/isc-projects/bind9/-/commit/601cb4e4cc --- diff --git a/src/ldap_convert.c b/src/ldap_convert.c index 0e5c818..efb426f 100644 --- a/src/ldap_convert.c +++ b/src/ldap_convert.c @@ -248,7 +248,7 @@ dns_to_ldap_dn_escape(isc_mem_t *mctx, const char * const dns_str, char ** ldap_ * In worst case each symbol from DNS dns_str will be represented * as "\xy" in ldap_name. (xy are hexadecimal digits) */ - CHECKED_MEM_ALLOCATE(mctx, *ldap_name, 3 * dns_str_len + 1); + *ldap_name = isc_mem_allocate(mctx, 3 * dns_str_len + 1); esc_name = *ldap_name; for (dns_idx = 0; dns_idx < dns_str_len; dns_idx++) { @@ -308,10 +308,8 @@ cleanup: if (result == DNS_R_BADESCAPE) log_bug("improperly escaped DNS string: '%s'", dns_str); - if (*ldap_name) { - isc_mem_free(mctx, *ldap_name); - *ldap_name = NULL; - } + isc_mem_free(mctx, *ldap_name); + *ldap_name = NULL; return result; } diff --git a/src/ldap_helper.c b/src/ldap_helper.c index 113d86f..818e2df 100644 --- a/src/ldap_helper.c +++ b/src/ldap_helper.c @@ -3224,7 +3224,7 @@ static isc_result_t ATTR_NONNULLS ATTR_CHECKRESULT ldap_rdata_to_char_array(isc_mem_t *mctx, dns_rdata_t *rdata_head, bool unknown, char ***valsp) { - isc_result_t result; + isc_result_t result = ISC_R_FAILURE; char **vals; unsigned int i; unsigned int rdata_count = 0; @@ -3239,7 +3239,7 @@ ldap_rdata_to_char_array(isc_mem_t *mctx, dns_rdata_t *rdata_head, vals_size = (rdata_count + 1) * sizeof(char *); - CHECKED_MEM_ALLOCATE(mctx, vals, vals_size); + vals = isc_mem_allocate(mctx, vals_size); memset(vals, 0, vals_size); rdata = rdata_head; @@ -3257,7 +3257,7 @@ ldap_rdata_to_char_array(isc_mem_t *mctx, dns_rdata_t *rdata_head, isc_buffer_usedregion(&buffer, ®ion); /* Now allocate the string with the right size. */ - CHECKED_MEM_ALLOCATE(mctx, vals[i], region.length + 1); + vals[i] = isc_mem_allocate(mctx, region.length + 1); memcpy(vals[i], region.base, region.length); vals[i][region.length] = '\0'; @@ -3313,11 +3313,11 @@ ldap_rdttl_to_ldapmod(isc_mem_t *mctx, dns_rdatalist_t *rdlist, CLEANUP_WITH(ISC_R_NOSPACE); } - CHECKED_MEM_ALLOCATE(mctx, vals, 2 * sizeof(char *)); + vals = isc_mem_allocate(mctx, 2 * sizeof(char *)); memset(vals, 0, 2 * sizeof(char *)); change->mod_values = vals; - CHECKED_MEM_ALLOCATE(mctx, vals[0], str_len(ttlval) + 1); + vals[0] = isc_mem_allocate(mctx, str_len(ttlval) + 1); memcpy(vals[0], str_buf(ttlval), str_len(ttlval) + 1); *changep = change; diff --git a/src/settings.c b/src/settings.c index 9c86dce..cfbb9e4 100644 --- a/src/settings.c +++ b/src/settings.c @@ -279,7 +279,7 @@ set_value(isc_mem_t *mctx, const settings_set_t *set, setting_t *setting, len = strlen(value) + 1; if (setting->is_dynamic) isc_mem_free(mctx, setting->value.value_char); - CHECKED_MEM_ALLOCATE(mctx, setting->value.value_char, len); + setting->value.value_char = isc_mem_allocate(mctx, len); setting->is_dynamic = true; /* isc_string_copy has been removed */ if (strlcpy(setting->value.value_char, value, len) >= len) { @@ -484,14 +484,13 @@ settings_set_create(isc_mem_t *mctx, const setting_t default_settings[], const unsigned int default_set_length, const char *set_name, const settings_set_t *const parent_set, settings_set_t **target) { - isc_result_t result = ISC_R_FAILURE; settings_set_t *new_set = NULL; REQUIRE(target != NULL && *target == NULL); REQUIRE(default_settings != NULL); REQUIRE(default_set_length > 0); - CHECKED_MEM_ALLOCATE(mctx, new_set, default_set_length); + new_set = isc_mem_allocate(mctx, default_set_length); ZERO_PTR(new_set); isc_mem_attach(mctx, &new_set->mctx); @@ -501,20 +500,14 @@ settings_set_create(isc_mem_t *mctx, const setting_t default_settings[], new_set->parent_set = parent_set; - CHECKED_MEM_ALLOCATE(mctx, new_set->first_setting, default_set_length); + new_set->first_setting = isc_mem_allocate(mctx, default_set_length); memcpy(new_set->first_setting, default_settings, default_set_length); - CHECKED_MEM_ALLOCATE(mctx, new_set->name, strlen(set_name) + 1); + new_set->name = isc_mem_allocate(mctx, strlen(set_name) + 1); strcpy(new_set->name, set_name); *target = new_set; - result = ISC_R_SUCCESS; - -cleanup: - if (result != ISC_R_SUCCESS) - settings_set_free(&new_set); - - return result; + return ISC_R_SUCCESS; } /** diff --git a/src/util.h b/src/util.h index 18b6eb9..e883655 100644 --- a/src/util.h +++ b/src/util.h @@ -35,16 +35,6 @@ extern bool verbose_checks; /* from settings.c */ } \ } while (0) -#define CHECKED_MEM_ALLOCATE(m, target_ptr, s) \ - do { \ - (target_ptr) = isc_mem_allocate((m), (s)); \ - if ((target_ptr) == NULL) { \ - result = ISC_R_NOMEMORY; \ - log_error_position("Memory allocation failed"); \ - goto cleanup; \ - } \ - } while (0) - #define CHECKED_MEM_STRDUP(m, source, target) \ do { \ (target) = isc_mem_strdup((m), (source)); \ From 050a612b3ef32fef538c29ec6d1fdcba0e9271c2 Mon Sep 17 00:00:00 2001 From: Stanislav Levin Date: May 25 2020 06:45:49 +0000 Subject: [PATCH 39/47] bind-9.16: isc_mem_strdup cannot fail gracefully now Since [0] malloc is handled directly in default_memalloc and it aborts on NULL pointer result. Further check is no longer needed. Thus, isc_mem_strdup based macro can be safely removed [1]. [0]: https://gitlab.isc.org/isc-projects/bind9/-/commit/8de2451756 [1]: https://gitlab.isc.org/isc-projects/bind9/-/commit/49f244406c https://gitlab.isc.org/isc-projects/bind9/-/commit/9bdc24a9fd --- diff --git a/src/ldap_helper.c b/src/ldap_helper.c index 818e2df..50bda9a 100644 --- a/src/ldap_helper.c +++ b/src/ldap_helper.c @@ -555,7 +555,7 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name, const char *parameters, ZERO_PTR(ldap_inst); isc_refcount_init(&ldap_inst->errors, 0); isc_mem_attach(mctx, &ldap_inst->mctx); - CHECKED_MEM_STRDUP(mctx, db_name, ldap_inst->db_name); + ldap_inst->db_name = isc_mem_strdup(mctx, db_name); dns_view_attach(dctx->view, &ldap_inst->view); dns_zonemgr_attach(dctx->zmgr, &ldap_inst->zmgr); isc_task_attach(dctx->task, &ldap_inst->task); @@ -2398,7 +2398,7 @@ ldap_substitute_rr_template(isc_mem_t *mctx, const settings_set_t * set, CLEANUP_WITH(ISC_R_UNEXPECTED); CHECK(str_new(mctx, &replaced)); - CHECKED_MEM_STRDUP(mctx, str_buf(orig_val), tmp); + tmp = isc_mem_strdup(mctx, str_buf(orig_val)); while (regexec(®ex, tmp + processed, sizeof(matches)/sizeof(regmatch_t), @@ -2446,9 +2446,7 @@ ldap_substitute_rr_template(isc_mem_t *mctx, const settings_set_t * set, result = ISC_R_SUCCESS; cleanup: - if (tmp != NULL) - isc_mem_free(mctx, tmp); - + isc_mem_free(mctx, tmp); str_destroy(&replaced); return result; } @@ -4176,7 +4174,7 @@ syncrepl_update(ldap_instance_t *inst, ldap_entry_t **entryp, int chgtype) /* This code is disabled because we don't have UUID->DN database yet. if (SYNCREPL_MODDN(chgtype)) { - CHECKED_MEM_STRDUP(mctx, prevdn_ldap, prevdn); + prevdn = isc_mem_strdup(mctx, prevdn_ldap); } */ diff --git a/src/util.h b/src/util.h index e883655..7533586 100644 --- a/src/util.h +++ b/src/util.h @@ -35,16 +35,6 @@ extern bool verbose_checks; /* from settings.c */ } \ } while (0) -#define CHECKED_MEM_STRDUP(m, source, target) \ - do { \ - (target) = isc_mem_strdup((m), (source)); \ - if ((target) == NULL) { \ - result = ISC_R_NOMEMORY; \ - log_error_position("Memory allocation failed"); \ - goto cleanup; \ - } \ - } while (0) - #define ZERO_PTR(ptr) memset((ptr), 0, sizeof(*(ptr))) #define SAFE_MEM_PUT(m, target_ptr, target_size) \ diff --git a/src/zone_register.c b/src/zone_register.c index c9f5b5d..07b1546 100644 --- a/src/zone_register.c +++ b/src/zone_register.c @@ -273,7 +273,7 @@ create_zone_info(isc_mem_t * const mctx, dns_zone_t * const raw, zinfo = isc_mem_get(mctx, sizeof(*(zinfo))); ZERO_PTR(zinfo); - CHECKED_MEM_STRDUP(mctx, dn, zinfo->dn); + zinfo->dn = isc_mem_strdup(mctx, dn); dns_zone_attach(raw, &zinfo->raw); if (secure != NULL) dns_zone_attach(secure, &zinfo->secure); From 22675b33d605d478935686bb2d30f3a803bec999 Mon Sep 17 00:00:00 2001 From: Stanislav Levin Date: May 25 2020 06:45:49 +0000 Subject: [PATCH 40/47] bind-9.16: Clean up outdated static assertions _Static_assert is a compile time assertion which is the part of ISO C11 and is implemented in GCC since 4.6. So, macros taken from [0] is no longer needed. [0]: https://www.pixelbeat.org/programming/gcc/static_assert.html --- diff --git a/src/util.h b/src/util.h index 7533586..7a8555b 100644 --- a/src/util.h +++ b/src/util.h @@ -84,26 +84,4 @@ extern bool verbose_checks; /* from settings.c */ #define ATTR_CHECKRESULT #endif -/* - * Static (compile-time) assert for C: - * C99 doesn't require support for "sizeof" in preprocessor conditionals so - * we can't do something like #if (sizeof(my_struct) != 512). - * - * This macro has no runtime side affects as it just defines an enum whose name - * depends on the current line, and whose value will give a divide by zero error - * at compile time if the assertion is false. - * - * Taken from - * http://www.pixelbeat.org/programming/gcc/static_assert.html - * version 10 Feb 2015. Padraig Brady told me that it is licensed under - * "GNU All-Permissive License": - * - * Copying and distribution of this file, with or without modification, - * are permitted in any medium without royalty provided the copyright notice - * and this notice are preserved. This code is offered as-is, - * without any warranty. - */ - -/* STATIC_ASSERT is now provided by isc/util.h */ - #endif /* !_LD_UTIL_H_ */ From f70c0e526d10dbbde0187d52d8c84910a2ecba3c Mon Sep 17 00:00:00 2001 From: Stanislav Levin Date: May 25 2020 06:45:49 +0000 Subject: [PATCH 41/47] tests: Run all tests --- diff --git a/tests/azure/azure_definitions/gating-fedora.yml b/tests/azure/azure_definitions/gating-fedora.yml index b74accd..3697705 100644 --- a/tests/azure/azure_definitions/gating-fedora.yml +++ b/tests/azure/azure_definitions/gating-fedora.yml @@ -4,31 +4,31 @@ vms: tests: - test_integration/test_installation.py::TestInstallMaster -# - vm_jobs: -# - container_job: DNSSEC_tests -# containers: -# replicas: 2 -# tests: -# - test_integration/test_dnssec.py +- vm_jobs: + - container_job: DNSSEC_tests + containers: + replicas: 2 + tests: + - test_integration/test_dnssec.py -# - vm_jobs: -# - container_job: simple_replication -# containers: -# replicas: 1 -# tests: -# - test_integration/test_simple_replication.py +- vm_jobs: + - container_job: simple_replication + containers: + replicas: 1 + tests: + - test_integration/test_simple_replication.py -# - vm_jobs: -# - container_job: Backup_and_Restore_with_DNSSEC -# tests: -# - test_integration/test_backup_and_restore.py::TestBackupAndRestoreWithDNSSEC -# - test_integration/test_backup_and_restore.py::TestBackupReinstallRestoreWithDNSSEC -# containers: -# replicas: 1 +- vm_jobs: + - container_job: Backup_and_Restore_with_DNSSEC + tests: + - test_integration/test_backup_and_restore.py::TestBackupAndRestoreWithDNSSEC + - test_integration/test_backup_and_restore.py::TestBackupReinstallRestoreWithDNSSEC + containers: + replicas: 1 -# - vm_jobs: -# - container_job: DNSSEC_hidden_replica_promotion -# containers: -# replicas: 2 -# tests: -# - test_integration/test_replica_promotion.py::TestHiddenReplicaPromotion +- vm_jobs: + - container_job: DNSSEC_hidden_replica_promotion + containers: + replicas: 2 + tests: + - test_integration/test_replica_promotion.py::TestHiddenReplicaPromotion From 71f21943a82275c6a67fc028d42e4489aa7814fe Mon Sep 17 00:00:00 2001 From: Stanislav Levin Date: May 25 2020 06:45:49 +0000 Subject: [PATCH 42/47] bind-9.16: isc_event_allocate cannot fail gracefully now isc_event_allocate internally uses isc_mem_get which cannot return NULL. So NULL-check is redundant. sync_barrierev_create and sync_finishev_create are always successful(except fatals which abort). https://gitlab.isc.org/isc-projects/bind9/-/commit/50e109d659 --- diff --git a/src/ldap_helper.c b/src/ldap_helper.c index 50bda9a..58827ad 100644 --- a/src/ldap_helper.c +++ b/src/ldap_helper.c @@ -612,8 +612,6 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name, const char *parameters, empty_zone_handle_globalfwd_ev, ldap_inst->view->zonetable, sizeof(ldap_globalfwd_handleez_t)); - if (gfwdevent == NULL) - CLEANUP_WITH(ISC_R_NOMEMORY); /* policy == first does not override automatic empty zones */ gfwdevent->warn_only = (named_conf_forwarders->fwdpolicy == dns_fwdpolicy_first); @@ -4199,11 +4197,6 @@ syncrepl_update(ldap_instance_t *inst, ldap_entry_t **entryp, int chgtype) action, NULL, sizeof(ldap_syncreplevent_t)); - if (pevent == NULL) { - result = ISC_R_NOMEMORY; - goto cleanup; - } - pevent->mctx = NULL; isc_mem_attach(inst->mctx, &pevent->mctx); pevent->inst = inst; diff --git a/src/syncptr.c b/src/syncptr.c index eca4458..b62bf2e 100644 --- a/src/syncptr.c +++ b/src/syncptr.c @@ -392,8 +392,6 @@ sync_ptr_init(isc_mem_t *mctx, dns_zt_t * zonetable, LDAPDB_EVENT_SYNCPTR, sync_ptr_handler, NULL, sizeof(sync_ptrev_t)); - if (ev == NULL) - CLEANUP_WITH(ISC_R_NOMEMORY); ev->mctx = NULL; isc_mem_attach(mctx, &ev->mctx); diff --git a/src/syncrepl.c b/src/syncrepl.c index e0b6dea..cc385c5 100644 --- a/src/syncrepl.c +++ b/src/syncrepl.c @@ -157,7 +157,7 @@ finish(isc_task_t *task, isc_event_t *event) { return; } -static isc_result_t ATTR_NONNULLS ATTR_CHECKRESULT +static void ATTR_NONNULLS sync_finishev_create(sync_ctx_t *sctx, ldap_instance_t *inst, sync_barrierev_t **evp) { sync_barrierev_t *ev = NULL; @@ -170,14 +170,12 @@ sync_finishev_create(sync_ctx_t *sctx, ldap_instance_t *inst, sctx, LDAPDB_EVENT_SYNCREPL_BARRIER, finish, NULL, sizeof(sync_barrierev_t)); - if (ev == NULL) - return ISC_R_NOMEMORY; ev->inst = inst; ev->sctx = sctx; *evp = ev; - return ISC_R_SUCCESS; + return; } /** @@ -198,7 +196,6 @@ sync_finishev_create(sync_ctx_t *sctx, ldap_instance_t *inst, */ void barrier_decrement(isc_task_t *task, isc_event_t *event) { - isc_result_t result = ISC_R_SUCCESS; sync_barrierev_t *bev = NULL; sync_barrierev_t *fev = NULL; isc_event_t *ev = NULL; @@ -212,21 +209,19 @@ barrier_decrement(isc_task_t *task, isc_event_t *event) { log_debug(1, "sync_barrier_wait(): barrier reached"); LOCK(&bev->sctx->mutex); locked = true; - CHECK(sync_finishev_create(bev->sctx, bev->inst, &fev)); + sync_finishev_create(bev->sctx, bev->inst, &fev); ev = (isc_event_t *)fev; isc_task_send(ldap_instance_gettask(bev->sctx->inst), &ev); } -cleanup: - if (locked) + if (locked) { UNLOCK(&bev->sctx->mutex); - if (result != ISC_R_SUCCESS) - log_error_r("barrier_decrement() failed"); + } isc_event_free(&event); return; } -static isc_result_t ATTR_NONNULLS ATTR_CHECKRESULT +static void ATTR_NONNULLS sync_barrierev_create(sync_ctx_t *sctx, ldap_instance_t *inst, sync_barrierev_t **evp) { sync_barrierev_t *ev = NULL; @@ -239,14 +234,12 @@ sync_barrierev_create(sync_ctx_t *sctx, ldap_instance_t *inst, sctx, LDAPDB_EVENT_SYNCREPL_BARRIER, barrier_decrement, NULL, sizeof(sync_barrierev_t)); - if (ev == NULL) - return ISC_R_NOMEMORY; ev->inst = inst; ev->sctx = sctx; *evp = ev; - return ISC_R_SUCCESS; + return; } /** @@ -483,7 +476,6 @@ sync_task_add(sync_ctx_t *sctx, isc_task_t *task) { */ isc_result_t sync_barrier_wait(sync_ctx_t *sctx, ldap_instance_t *inst) { - isc_result_t result; isc_event_t *ev = NULL; sync_barrierev_t *bev = NULL; sync_state_t barrier_state; @@ -518,7 +510,7 @@ sync_barrier_wait(sync_ctx_t *sctx, ldap_instance_t *inst) { taskel != NULL; taskel = next_taskel) { bev = NULL; - CHECK(sync_barrierev_create(sctx, inst, &bev)); + sync_barrierev_create(sctx, inst, &bev); next_taskel = NEXT(taskel, link); UNLINK(sctx->tasks, taskel, link); ev = (isc_event_t *)bev; @@ -531,12 +523,12 @@ sync_barrier_wait(sync_ctx_t *sctx, ldap_instance_t *inst) { WAIT(&sctx->cond, &sctx->mutex); log_debug(1, "sync_barrier_wait(): all events were processed"); -cleanup: UNLOCK(&sctx->mutex); - if (ev != NULL) + if (ev != NULL) { isc_event_free(&ev); - return result; + } + return ISC_R_SUCCESS; } /** From 5be2f02edf02de2771178581945fbbfa9b434b97 Mon Sep 17 00:00:00 2001 From: Petr Menšík Date: Aug 17 2020 16:35:54 +0000 Subject: [PATCH 43/47] Attempt to support both BIND 9.11 and 9.16 Use LIBDNS_VERSION_MAJOR compatibility macro to provide few workarounds to compile even with 9.11. Try to minimize changes of public API, but not everywhere it was possible. ldapdb_associate should be moved back to header, but it would require header modified on configure time. --- diff --git a/src/bindcfg.c b/src/bindcfg.c index 7844774..bb76e99 100644 --- a/src/bindcfg.c +++ b/src/bindcfg.c @@ -14,6 +14,10 @@ #include "bindcfg.h" +#if LIBDNS_VERSION_MAJOR < 1600 +#define cfg_parse_buffer cfg_parse_buffer4 +#endif + cfg_type_t *cfg_type_update_policy; cfg_type_t *cfg_type_allow_query; cfg_type_t *cfg_type_allow_transfer; diff --git a/src/empty_zones.c b/src/empty_zones.c index 24a344e..97b76f0 100644 --- a/src/empty_zones.c +++ b/src/empty_zones.c @@ -12,6 +12,10 @@ #include "util.h" #include "zone_register.h" +#if LIBDNS_VERSION_MAJOR < 1600 +#define dns_name_copynf(src, dst) dns_name_copy((src), (dst), NULL) +#endif + /** * These zones should not leak onto the Internet. * The list matches BIND commit 8f20f6c9d7ce5a0f0af6ee4c5361832d97b1c5d4 diff --git a/src/fwd.c b/src/fwd.c index 5f03e26..6f5d217 100644 --- a/src/fwd.c +++ b/src/fwd.c @@ -20,6 +20,14 @@ #include "settings.h" #include "zone_register.h" +#if LIBDNS_VERSION_MAJOR < 1600 +#define cfg_parse_buffer cfg_parse_buffer4 +#define dns_view_flushcache(view, fixup) dns_view_flushcache((view)) +typedef dns_name_t node_name_t; +#else +typedef const dns_name_t node_name_t; +#endif + const enum_txt_assoc_t forwarder_policy_txts[] = { { dns_fwdpolicy_none, "none" }, { dns_fwdpolicy_first, "first" }, @@ -575,7 +583,8 @@ fwd_configure_zone(const settings_set_t *set, ldap_instance_t *inst, run_exclusive_enter(inst, &lock_state); CHECK(fwd_delete_table(view, name, msg_obj_type, set->name)); if (isconfigured == true) { - CHECK(dns_fwdtable_addfwd(view->fwdtable, name, &fwdrs, + CHECK(dns_fwdtable_addfwd(view->fwdtable, + (node_name_t *) name, &fwdrs, fwdpolicy)); } dns_view_flushcache(view, false); @@ -607,7 +616,7 @@ fwd_delete_table(dns_view_t *view, const dns_name_t *name, const char *msg_obj_type, const char *logname) { isc_result_t result; - result = dns_fwdtable_delete(view->fwdtable, name); + result = dns_fwdtable_delete(view->fwdtable, (node_name_t *) name); if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) { log_error_r("%s %s: failed to delete forwarders", msg_obj_type, logname); diff --git a/src/ldap_convert.c b/src/ldap_convert.c index efb426f..22140b0 100644 --- a/src/ldap_convert.c +++ b/src/ldap_convert.c @@ -26,6 +26,10 @@ #include "util.h" #include "zone_register.h" +#if LIBDNS_VERSION_MAJOR < 1600 +#define dns_name_copynf(src, dst) dns_name_copy((src), (dst), NULL) +#endif + /** * Convert LDAP DN to absolute DNS names. * diff --git a/src/ldap_driver.c b/src/ldap_driver.c index 471b047..d14bf66 100644 --- a/src/ldap_driver.c +++ b/src/ldap_driver.c @@ -52,6 +52,17 @@ #define VALID_LDAPDB(ldapdb) \ ((ldapdb) != NULL && (ldapdb)->common.impmagic == LDAPDB_MAGIC) +#if LIBDNS_VERSION_MAJOR < 1600 +typedef dns_name_t node_name_t; +#else +typedef const dns_name_t node_name_t; +#endif + +isc_result_t +ldapdb_associate(isc_mem_t *mctx, node_name_t *name, dns_dbtype_t type, + dns_rdataclass_t rdclass, unsigned int argc, char *argv[], + void *driverarg, dns_db_t **dbp) ATTR_NONNULL(1,2,7,8); + struct ldapdb { dns_db_t common; isc_refcount_t refs; @@ -119,7 +130,11 @@ attach(dns_db_t *source, dns_db_t **targetp) REQUIRE(VALID_LDAPDB(ldapdb)); +#if LIBDNS_VERSION_MAJOR < 1600 + isc_refcount_increment(&ldapdb->refs, NULL); +#else isc_refcount_increment(&ldapdb->refs); +#endif *targetp = source; } @@ -167,10 +182,15 @@ detach(dns_db_t **dbp) { REQUIRE(dbp != NULL && VALID_LDAPDB((ldapdb_t *)(*dbp))); ldapdb_t *ldapdb = (ldapdb_t *)(*dbp); + unsigned int refs; +#if LIBDNS_VERSION_MAJOR < 1600 + isc_refcount_decrement(&ldapdb->refs, &refs); +#else + /* isc_refcount_decrement only has one argument now */ + refs = isc_refcount_decrement(&ldapdb->refs); +#endif - *dbp = NULL; - - if (isc_refcount_decrement(&ldapdb->refs) == 1) { + if (refs == 1) { free_ldapdb(ldapdb); } } @@ -322,7 +342,7 @@ closeversion(dns_db_t *db, dns_dbversion_t **versionp, bool commit) } static isc_result_t -findnode(dns_db_t *db, const dns_name_t *name, bool create, +findnode(dns_db_t *db, node_name_t *name, bool create, dns_dbnode_t **nodep) { ldapdb_t *ldapdb = (ldapdb_t *) db; @@ -333,7 +353,7 @@ findnode(dns_db_t *db, const dns_name_t *name, bool create, } static isc_result_t -find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version, +find(dns_db_t *db, node_name_t *name, dns_dbversion_t *version, dns_rdatatype_t type, unsigned int options, isc_stdtime_t now, dns_dbnode_t **nodep, dns_name_t *foundname, dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset) @@ -342,22 +362,29 @@ find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version, REQUIRE(VALID_LDAPDB(ldapdb)); - return dns_db_find(ldapdb->rbtdb, name, version, type, options, now, - nodep, foundname, rdataset, sigrdataset); + return dns_db_find(ldapdb->rbtdb, name, version, type, + options, now, nodep, foundname, rdataset, + sigrdataset); } static isc_result_t -findzonecut(dns_db_t *db, const dns_name_t *name, unsigned int options, +findzonecut(dns_db_t *db, node_name_t *name, unsigned int options, isc_stdtime_t now, dns_dbnode_t **nodep, dns_name_t *foundname, - dns_name_t *dcname, dns_rdataset_t *rdataset, - dns_rdataset_t *sigrdataset) +#if LIBDNS_VERSION_MAJOR >= 1600 + dns_name_t *dcname, +#endif + dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset) { ldapdb_t *ldapdb = (ldapdb_t *) db; REQUIRE(VALID_LDAPDB(ldapdb)); - return dns_db_findzonecut(ldapdb->rbtdb, name, options, now, nodep, - foundname, dcname, rdataset, sigrdataset); + return dns_db_findzonecut(ldapdb->rbtdb, name, options, + now, nodep, foundname, +#if LIBDNS_VERSION_MAJOR >= 1600 + dcname, +#endif + rdataset, sigrdataset); } static void @@ -682,7 +709,7 @@ getnsec3parameters(dns_db_t *db, dns_dbversion_t *version, } static isc_result_t -findnsec3node(dns_db_t *db, const dns_name_t *name, bool create, +findnsec3node(dns_db_t *db, node_name_t *name, bool create, dns_dbnode_t **nodep) { ldapdb_t *ldapdb = (ldapdb_t *) db; @@ -743,6 +770,17 @@ getrrsetstats(dns_db_t *db) { } +#if LIBDNS_VERSION_MAJOR < 1600 +void +rpz_attach(dns_db_t *db, dns_rpz_zones_t *rpzs, uint8_t rpz_num) +{ + ldapdb_t *ldapdb = (ldapdb_t *) db; + + REQUIRE(VALID_LDAPDB(ldapdb)); + + dns_db_rpz_attach(ldapdb->rbtdb, rpzs, rpz_num); +} +#else void rpz_attach(dns_db_t *db, void *void_rpzs, uint8_t rpz_num) { @@ -758,6 +796,7 @@ rpz_attach(dns_db_t *db, void *void_rpzs, uint8_t rpz_num) rpzs->zones[rpz_num]); REQUIRE(result == ISC_R_SUCCESS); } +#endif /* isc_result_t @@ -772,7 +811,7 @@ rpz_ready(dns_db_t *db) */ static isc_result_t -findnodeext(dns_db_t *db, const dns_name_t *name, +findnodeext(dns_db_t *db, node_name_t *name, bool create, dns_clientinfomethods_t *methods, dns_clientinfo_t *clientinfo, dns_dbnode_t **nodep) { @@ -785,7 +824,7 @@ findnodeext(dns_db_t *db, const dns_name_t *name, } static isc_result_t -findext(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version, +findext(dns_db_t *db, node_name_t *name, dns_dbversion_t *version, dns_rdatatype_t type, unsigned int options, isc_stdtime_t now, dns_dbnode_t **nodep, dns_name_t *foundname, dns_clientinfomethods_t *methods, dns_clientinfo_t *clientinfo, @@ -900,7 +939,9 @@ static dns_dbmethods_t ldapdb_methods = { setservestalettl, getservestalettl, #endif - NULL /* setgluecachestats */ +#if LIBDNS_VERSION_MAJOR >= 1600 + NULL, /* setgluecachestats */ +#endif }; isc_result_t ATTR_NONNULLS @@ -950,7 +991,7 @@ dns_ns_buildrdata(dns_name_t *origin, dns_name_t *ns_name, * @param[in] argv [0] is database instance name */ isc_result_t -ldapdb_associate(isc_mem_t *mctx, const dns_name_t *name, dns_dbtype_t type, +ldapdb_associate(isc_mem_t *mctx, node_name_t *name, dns_dbtype_t type, dns_rdataclass_t rdclass, unsigned int argc, char *argv[], void *driverarg, dns_db_t **dbp) { diff --git a/src/ldap_driver.h b/src/ldap_driver.h index 5a21524..87463ca 100644 --- a/src/ldap_driver.h +++ b/src/ldap_driver.h @@ -22,10 +22,12 @@ ldapdb_create(isc_mem_t *mctx, dns_name_t *name, dns_dbtype_t type, dns_rdataclass_t rdclass, void *driverarg, dns_db_t **dbp) ATTR_NONNULL(1,2,5,6); +#if 0 isc_result_t ldapdb_associate(isc_mem_t *mctx, const dns_name_t *name, dns_dbtype_t type, dns_rdataclass_t rdclass, unsigned int argc, char *argv[], void *driverarg, dns_db_t **dbp) ATTR_NONNULL(1,2,7,8); +#endif dns_db_t * ldapdb_get_rbtdb(dns_db_t *db) ATTR_NONNULLS; diff --git a/src/ldap_helper.c b/src/ldap_helper.c index 58827ad..a81a9d2 100644 --- a/src/ldap_helper.c +++ b/src/ldap_helper.c @@ -93,6 +93,16 @@ } \ } while (0) +#if LIBDNS_VERSION_MAJOR < 1600 +#define dns_fwdtable_find dns_fwdtable_find2 +#define dns_zone_getserial dns_zone_getserial2 +#define dns_zone_load(zone, newonly) dns_zone_load((zone)) +#define dns_zone_setfile dns_zone_setfile3 +typedef dns_name_t node_name_t; +#else +typedef const dns_name_t node_name_t; +#endif + /* * LDAP related typedefs and structs. */ @@ -373,6 +383,12 @@ static isc_result_t ATTR_NONNULLS ATTR_CHECKRESULT zone_master_reconfigure_nsec3param(settings_set_t *zone_settings, dns_zone_t *secure); +/* external function from ldap_driver.c */ +isc_result_t +ldapdb_associate(isc_mem_t *mctx, node_name_t *name, dns_dbtype_t type, + dns_rdataclass_t rdclass, unsigned int argc, char *argv[], + void *driverarg, dns_db_t **dbp) ATTR_NONNULL(1,2,7,8); + #define PRINT_BUFF_SIZE 10 /* for unsigned int 2^32 */ isc_result_t validate_local_instance_settings(ldap_instance_t *inst, settings_set_t *set) { @@ -4851,7 +4867,11 @@ ldap_instance_isexiting(ldap_instance_t *ldap_inst) * (if it is even possible). */ void ldap_instance_taint(ldap_instance_t *ldap_inst) { +#if LIBDNS_VERSION_MAJOR < 1600 + isc_refcount_increment0(&ldap_inst->errors, NULL); +#else isc_refcount_increment0(&ldap_inst->errors); +#endif } bool @@ -4881,7 +4901,11 @@ ldap_instance_untaint_start(ldap_instance_t *ldap_inst) { isc_result_t ldap_instance_untaint_finish(ldap_instance_t *ldap_inst, unsigned int count) { while (count > 0) { - isc_refcount_decrement(&ldap_inst->errors); +#if LIBDNS_VERSION_MAJOR < 1600 + isc_refcount_decrement(&ldap_inst->errors, NULL); +#else + (void)isc_refcount_decrement(&ldap_inst->errors); +#endif count--; } if (isc_refcount_current(&ldap_inst->errors) == 0) { diff --git a/src/mldap.c b/src/mldap.c index ced1777..088c7cb 100644 --- a/src/mldap.c +++ b/src/mldap.c @@ -27,6 +27,24 @@ #include "metadb.h" #include "mldap.h" #include "util.h" +#include "config.h" + +#if LIBDNS_VERSION_MAJOR < 1600 +#define dns_name_copynf(src, dst) dns_name_copy((src), (dst), NULL) +#define REFCOUNT_CAST(n) ((typeof(((isc_refcount_t *)0)->refs)) (n)) + +/* Static assert is not provided yet, copy from 9.16 */ +#if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR >= 6) +#define STATIC_ASSERT(cond, msg) _Static_assert(cond, msg) +#elif __has_feature(c_static_assert) +#define STATIC_ASSERT(cond, msg) _Static_assert(cond, msg) +#else /* if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR >= 6) */ +#define STATIC_ASSERT(cond, msg) INSIST(cond) +#endif /* if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR >= 6) */ +#else +/* BIND 9.16+ */ +#define REFCOUNT_CAST(n) ((isc_refcount_t) (n)) +#endif /* name "ldap.uuid." */ static unsigned char uuid_rootname_ndata[] @@ -107,7 +125,11 @@ mldap_closeversion(mldapdb_t *mldap, bool commit) { void mldap_cur_generation_bump(mldapdb_t *mldap) { REQUIRE(mldap != NULL); +#if LIBDNS_VERSION_MAJOR < 1600 + isc_refcount_increment0(&mldap->generation, NULL); +#else isc_refcount_increment0(&mldap->generation); +#endif } /* @@ -120,9 +142,9 @@ void mldap_cur_generation_bump(mldapdb_t *mldap) { */ /* isc_refcount_t is simply atomic_uint_fast32_t now */ -STATIC_ASSERT((uint32_t)((isc_refcount_t) -1) == 0xFFFFFFFF, \ +STATIC_ASSERT((uint32_t)REFCOUNT_CAST(-1) == 0xFFFFFFFF, \ "negative isc_refcount_t cannot be properly shortened to 32 bits"); -STATIC_ASSERT((uint32_t)((isc_refcount_t) 0x90ABCDEF12345678) == 0x12345678, \ +STATIC_ASSERT((uint32_t)REFCOUNT_CAST(0x90ABCDEF12345678) == 0x12345678, \ "negative isc_refcount_t cannot be properly shortened to 32 bits"); /** diff --git a/src/rbt_helper.c b/src/rbt_helper.c index 2d30d3c..7b6d7c8 100644 --- a/src/rbt_helper.c +++ b/src/rbt_helper.c @@ -7,6 +7,7 @@ #include "util.h" #include "rbt_helper.h" +#include "config.h" #define LDAPDB_RBTITER_MAGIC ISC_MAGIC('L', 'D', 'P', 'I') @@ -91,7 +92,11 @@ rbt_iter_first(isc_mem_t *mctx, dns_rbt_t *rbt, isc_rwlock_t *rwlock, ZERO_PTR(iter); isc_mem_attach(mctx, &iter->mctx); +#if LIBDNS_VERSION_MAJOR < 1600 + dns_rbtnodechain_init(&iter->chain, mctx); +#else dns_rbtnodechain_init(&iter->chain); +#endif iter->rbt = rbt; iter->rwlock = rwlock; iter->locktype = isc_rwlocktype_read; diff --git a/src/settings.c b/src/settings.c index cfbb9e4..53a784b 100644 --- a/src/settings.c +++ b/src/settings.c @@ -24,6 +24,15 @@ #include "types.h" #include "ldap_helper.h" #include "zone_register.h" +#include "config.h" + +#if LIBDNS_VERSION_MAJOR < 1600 +#define cfg_parse_buffer cfg_parse_buffer4 +#define cfg_print_grammar(cfg_type_conf, flags, cfg_printer, log_buf) cfg_print_grammar((cfg_type_conf), (cfg_printer), (log_buf)) +typedef dns_name_t node_name_t; +#else +typedef const dns_name_t node_name_t; +#endif bool verbose_checks = false; /* log each failure in CHECK() macro */ diff --git a/src/syncptr.c b/src/syncptr.c index b62bf2e..564f708 100644 --- a/src/syncptr.c +++ b/src/syncptr.c @@ -31,6 +31,10 @@ #define SYNCPTR_FMTPRE SYNCPTR_PREF "(%s) for '%s A/AAAA %s' " #define SYNCPTR_FMTPOST ldap_modop_str(mod_op), a_name_str, ip_str +#if LIBDNS_VERSION_MAJOR < 1600 +#define dns_name_copynf(src, dst) dns_name_copy((src), (dst), NULL) +#endif + /* * Event for asynchronous PTR record synchronization. */ diff --git a/src/syncrepl.c b/src/syncrepl.c index cc385c5..0d35f02 100644 --- a/src/syncrepl.c +++ b/src/syncrepl.c @@ -11,6 +11,7 @@ #include #include +#include "config.h" #include "ldap_helper.h" #include "util.h" #include "semaphore.h" @@ -200,12 +201,18 @@ barrier_decrement(isc_task_t *task, isc_event_t *event) { sync_barrierev_t *fev = NULL; isc_event_t *ev = NULL; bool locked = false; + uint32_t cnt; REQUIRE(ISCAPI_TASK_VALID(task)); REQUIRE(event != NULL); bev = (sync_barrierev_t *)event; - if (isc_refcount_decrement(&bev->sctx->task_cnt) == 1) { +#if LIBDNS_VERSION_MAJOR < 1600 + isc_refcount_decrement(&bev->sctx->task_cnt, &cnt); +#else + cnt = isc_refcount_decrement(&bev->sctx->task_cnt); +#endif + if (cnt == 1) { log_debug(1, "sync_barrier_wait(): barrier reached"); LOCK(&bev->sctx->mutex); locked = true; @@ -325,7 +332,11 @@ sync_ctx_free(sync_ctx_t **sctxp) { next_taskel = NEXT(taskel, link); UNLINK(sctx->tasks, taskel, link); isc_task_detach(&taskel->task); +#if LIBDNS_VERSION_MAJOR < 1600 + isc_refcount_decrement(&sctx->task_cnt, NULL); +#else (void)isc_refcount_decrement(&sctx->task_cnt); +#endif SAFE_MEM_PUT_PTR(sctx->mctx, taskel); } RUNTIME_CHECK(isc_condition_destroy(&sctx->cond) == ISC_R_SUCCESS); @@ -441,6 +452,7 @@ sync_state_reset(sync_ctx_t *sctx) { isc_result_t sync_task_add(sync_ctx_t *sctx, isc_task_t *task) { task_element_t *newel = NULL; + uint32_t cnt; REQUIRE(sctx != NULL); REQUIRE(ISCAPI_TASK_VALID(task)); @@ -454,11 +466,15 @@ sync_task_add(sync_ctx_t *sctx, isc_task_t *task) { LOCK(&sctx->mutex); REQUIRE(sctx->state == sync_configinit || sctx->state == sync_datainit); ISC_LIST_APPEND(sctx->tasks, newel, link); - isc_refcount_increment0(&sctx->task_cnt); +#if LIBDNS_VERSION_MAJOR < 1600 + isc_refcount_increment0(&sctx->task_cnt, &cnt); +#else + cnt = isc_refcount_increment0(&sctx->task_cnt); +#endif UNLOCK(&sctx->mutex); - log_debug(2, "adding task %p to syncrepl list; %lu tasks in list", - task, isc_refcount_current(&sctx->task_cnt)); + log_debug(2, "adding task %p to syncrepl list; %u tasks in list", + task, cnt); return ISC_R_SUCCESS; } From 2132cd452f6fc0cd0110b71fbd89157924fd51ab Mon Sep 17 00:00:00 2001 From: Petr Menšík Date: Aug 18 2020 07:34:21 +0000 Subject: [PATCH 44/47] Return back resetting of detached pointer --- diff --git a/src/ldap_driver.c b/src/ldap_driver.c index d14bf66..5d6ca81 100644 --- a/src/ldap_driver.c +++ b/src/ldap_driver.c @@ -183,6 +183,9 @@ detach(dns_db_t **dbp) REQUIRE(dbp != NULL && VALID_LDAPDB((ldapdb_t *)(*dbp))); ldapdb_t *ldapdb = (ldapdb_t *)(*dbp); unsigned int refs; + + *dbp = NULL; + #if LIBDNS_VERSION_MAJOR < 1600 isc_refcount_decrement(&ldapdb->refs, &refs); #else From 80167c9753f4e00c375f587a647125cd7b12220c Mon Sep 17 00:00:00 2001 From: Petr Menšík Date: Aug 18 2020 07:40:52 +0000 Subject: [PATCH 45/47] Change REQUIRE to match ISC code style REQUIRE should follow variables definitions. --- diff --git a/src/ldap_driver.c b/src/ldap_driver.c index 5d6ca81..a46d348 100644 --- a/src/ldap_driver.c +++ b/src/ldap_driver.c @@ -180,10 +180,12 @@ cleanup: static void detach(dns_db_t **dbp) { - REQUIRE(dbp != NULL && VALID_LDAPDB((ldapdb_t *)(*dbp))); - ldapdb_t *ldapdb = (ldapdb_t *)(*dbp); + ldapdb_t *ldapdb; unsigned int refs; + REQUIRE(dbp != NULL && VALID_LDAPDB((ldapdb_t *)(*dbp))); + + ldapdb = (ldapdb_t *)(*dbp); *dbp = NULL; #if LIBDNS_VERSION_MAJOR < 1600 From a1810d94bf0d14b41414f9de06c5f822ec3972b9 Mon Sep 17 00:00:00 2001 From: Petr Menšík Date: Aug 18 2020 08:04:31 +0000 Subject: [PATCH 46/47] Remove locked variable when it has no alternatives No conditions allow different value when checked. Remove unnecessary variables. --- diff --git a/src/syncrepl.c b/src/syncrepl.c index 0d35f02..41f29bd 100644 --- a/src/syncrepl.c +++ b/src/syncrepl.c @@ -198,9 +198,6 @@ sync_finishev_create(sync_ctx_t *sctx, ldap_instance_t *inst, void barrier_decrement(isc_task_t *task, isc_event_t *event) { sync_barrierev_t *bev = NULL; - sync_barrierev_t *fev = NULL; - isc_event_t *ev = NULL; - bool locked = false; uint32_t cnt; REQUIRE(ISCAPI_TASK_VALID(task)); @@ -213,17 +210,17 @@ barrier_decrement(isc_task_t *task, isc_event_t *event) { cnt = isc_refcount_decrement(&bev->sctx->task_cnt); #endif if (cnt == 1) { + sync_barrierev_t *fev = NULL; + isc_event_t *ev = NULL; + log_debug(1, "sync_barrier_wait(): barrier reached"); LOCK(&bev->sctx->mutex); - locked = true; sync_finishev_create(bev->sctx, bev->inst, &fev); ev = (isc_event_t *)fev; isc_task_send(ldap_instance_gettask(bev->sctx->inst), &ev); - } - - if (locked) { UNLOCK(&bev->sctx->mutex); } + isc_event_free(&event); return; } @@ -602,12 +599,10 @@ sync_event_send(sync_ctx_t *sctx, isc_task_t *task, ldap_syncreplevent_t **ev, isc_result_t result; isc_time_t abs_timeout; uint32_t seqid; - bool locked = false; REQUIRE(sctx != NULL); LOCK(&sctx->mutex); - locked = true; /* overflow is not a problem as long as the modulo is smaller than * constant used by sync_concurr_limit_wait() */ (*ev)->seqid = seqid = ++sctx->next_id % 0xffffffff; @@ -625,8 +620,7 @@ sync_event_send(sync_ctx_t *sctx, isc_task_t *task, ldap_syncreplevent_t **ev, result = ISC_R_SUCCESS; cleanup: - if (locked == true) - UNLOCK(&sctx->mutex); + UNLOCK(&sctx->mutex); return result; } From 051dade97d589399ee90fedbb5de93b66d366a5c Mon Sep 17 00:00:00 2001 From: Petr Menšík Date: Aug 24 2020 16:38:51 +0000 Subject: [PATCH 47/47] Sync db interface with BIND 9.16.6 Add new method of db.h into ldap_driver. Just forward it to rbtdb implementation detail. --- diff --git a/src/ldap_driver.c b/src/ldap_driver.c index a46d348..02c92a6 100644 --- a/src/ldap_driver.c +++ b/src/ldap_driver.c @@ -894,6 +894,19 @@ getservestalettl(dns_db_t *db, dns_ttl_t *ttl) { } #endif +#if LIBDNS_VERSION_MAJOR >= 1606 +/* Used for cache size adjustments, called by dns_cache_setcachesize. + * Just proxy to rbtdb implementation. */ +static isc_result_t +adjusthashsize(dns_db_t *db, size_t size) { + ldapdb_t *ldapdb = (ldapdb_t *) db; + + REQUIRE(VALID_LDAPDB(ldapdb)); + + return dns_db_adjusthashsize(ldapdb->rbtdb, size); +} +#endif + static dns_dbmethods_t ldapdb_methods = { attach, detach, @@ -947,6 +960,9 @@ static dns_dbmethods_t ldapdb_methods = { #if LIBDNS_VERSION_MAJOR >= 1600 NULL, /* setgluecachestats */ #endif +#if LIBDNS_VERSION_MAJOR >= 1606 + adjusthashsize, /* adjusthashsize */ +#endif }; isc_result_t ATTR_NONNULLS