BIND9 headers expect atomic definitions are configured before they are
included. It needs adding atomic libraries detection in configure AND
including config.h before any ISC headers are included.
Move dyndb-config.h before isc headers anywhere where needed.
rpz_attach is never supplied from BIND9 code both in 9.16 or 9.18.
Remove our custom function and pass NULL as well. It would be never
called anyway.
Effectivery reverts most of previous commit.
bind 9.18.10 added use of isrwlock in dns/zt.h but did not include
isc/rwlock.h
Fixes: https://pagure.io/bind-dyndb-ldap/issues/216
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
dns_db_allrdatasets() gained a new parameter. Adopt the code to allow
injecting 0 options if building against 9.18.10.
Fixes: https://pagure.io/bind-dyndb-ldap/issue/216
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Does not accept new request when exclusive mode is active. Zone table
can be modified even after main fwd entries have been added. Ensure
empty zones handling keeps exclusive mode active.
Exclusive mode were mentioned as the only protection it had by bind
maintainer:
https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/6637#note_308928
The same dns_name_copynf is required in multiple places. Because I have
already modified util.h to require dyndb-config.h, it can contain also
these compatibility defines in single place.
Signed-off-by: Petr Menšík <pemensik@redhat.com>
Make dns_name_copynf alias to support both older and more recent
release. Initialize few other variables to pass new compiler warnings.
Remove few changed functions in database interface.
Some changes needed to build with the most recent BIND9 release. It does
not yet provide complete support for new release.
Detects version of libdns just from libdns.so symlink. It requires
--libdir= explicitly set for this part to work.
Reference variable refvar from dns_dyndbctx_t were removed. Removed was
also flag requesting different namespace. Skip that check on last stable
version, it should eval to false on all versions anyway.
Recent BIND 9.16.16 has hidden task structure and public checks. It
still checks task validity in each isc_task_* function, which we use for
working with tasks. No lesser checking would be done.
isc_mem_t still has them, but they were removed in 9.17. Remove those
checks as well, work with them just structure undefined pointers. Rely
on bind9 library to check them.
The new version of OpenLDAP (2.5) exports the 'ldap_connect' symbol,
which conflicts with the function with the same name that is being
defined and used in src/ldap_helper.c:
libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../../src -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Wextra -Werror -std=gnu99 -O2 -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fvisibility=hidden -fno-delete-null-pointer-checks -c ../../src/ldap_entry.c -fPIC -DPIC -o .libs/ldap_la-ldap_entry.o
../../src/ldap_helper.c:343:21: error: conflicting types for ‘ldap_connect’
343 | static isc_result_t ldap_connect(ldap_instance_t *ldap_inst,
| ^~~~~~~~~~~~
In file included from ../../src/ldap_helper.c:52:
/usr/include/ldap.h:1554:1: note: previous declaration of ‘ldap_connect’ was here
1554 | ldap_connect( LDAP *ld );
| ^~~~~~~~~~~~
This commit fixes this FTBFS by renaming the 'ldap_connect' function
to 'bdl_ldap_connect'. While at it, it also renames the
'ldap_reconnect' function to 'bdl_ldap_reconnect'.
Signed-off-by: Sergio Durigan Junior <sergiodj@sergiodj.net>
In README it said that bind-dyndb-ldap could only be redistributed
under GPLv2 only, but in the licence file (COPYING) it is stated
that it is "version 2 or later".
This fixes the README to be consistent with the COPYING notice.
API has changed, it no longer returns a value in isc_rwlock_init.
It returned always ISC_SUCCCESS on 9.16 anyway, so skip the check
on every 9.16 build.
BIND 9.16.12 and more recent have removed numeric versioning of library.
Instead it just contain complete text version. Extract numbers from it
and export it in similar manner.
One parameter was added to function used internally by plugin. Nothing
like -nsec3param auto is supported by LDAP plugin. It is safe to set
resalt false always. Salt can be changed via LDAP, but has to be
specified manually.
Two new functions were added to database interface. They are more
related to caching server and not authoritative. Add just null pointers,
returning not supporter error if used.
With the commit 542096278b, reference
counting uses C11 semantics due to
bind-9.16: Correct reference counting
With [0] BIND atomic functions for reference counting have the
identical interface as their C11 counter parts. This means that
these functions return the _previous_ refcount instead of the
current one.
[0]: bef8ac5bae
Since the same code is compiled for both 9.11 and 9.16, we need to make
sure the logic to detect final reference counter value in destructors
follows two different reference counting interface semantics.
Define REFCOUNT_FLOOR to help with that depending on the libdns major
version.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1899744
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Did not know compiler replaces unknown symbols with 0. It made the check
silently evaluate to false on every BIND version, regardless detected
libdns version number. Generated code failing runtime with BIND 9.16.
Signed-off-by: Petr Menšík <pemensik@redhat.com>
docker-compose with commit 2b4d409ac3
started to require memory limits to be specified as strings.
Related: https://pagure.io/freeipa/issue/8494
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Use LIBDNS_VERSION_MAJOR compatibility macro to provide
few workarounds to compile even with 9.11. Try to minimize
changes of public API, but not everywhere it was possible.
ldapdb_associate should be moved back to header, but it would require
header modified on configure time.
isc_event_allocate internally uses isc_mem_get which cannot
return NULL. So NULL-check is redundant.
sync_barrierev_create and sync_finishev_create are always
successful(except fatals which abort).
https://gitlab.isc.org/isc-projects/bind9/-/commit/50e109d659
