From eca100cffa8136b047f939d011632e1cae8a3a5d Mon Sep 17 00:00:00 2001 From: Amitay Isaacs Date: Mon, 20 Oct 2014 16:40:05 +1100 Subject: [PATCH 1/4] s4-dns: Update template variables, change BIND98 --> BIND9_8 This makes it easier to add suport for BIND 9.10. Signed-off-by: Amitay Isaacs Reviewed-by: Matthieu Patou --- python/samba/provision/sambadns.py | 12 ++++++------ source4/setup/named.conf.dlz | 8 ++++---- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py index 29224c8..1ab8f4e 100644 --- a/python/samba/provision/sambadns.py +++ b/python/samba/provision/sambadns.py @@ -919,12 +919,12 @@ def create_named_conf(paths, realm, dnsdomain, dns_backend, logger): stdout=subprocess.PIPE, stderr=subprocess.STDOUT, cwd='.').communicate()[0] - bind98 = '#' - bind99 = '#' + bind9_8 = '#' + bind9_9 = '#' if bind_info.upper().find('BIND 9.8') != -1: - bind98 = '' + bind9_8 = '' elif bind_info.upper().find('BIND 9.9') != -1: - bind99 = '' + bind9_9 = '' elif bind_info.upper().find('BIND 9.7') != -1: raise ProvisioningError("DLZ option incompatible with BIND 9.7.") else: @@ -932,8 +932,8 @@ def create_named_conf(paths, realm, dnsdomain, dns_backend, logger): setup_file(setup_path("named.conf.dlz"), paths.namedconf, { "NAMED_CONF": paths.namedconf, "MODULESDIR" : samba.param.modules_dir(), - "BIND98" : bind98, - "BIND99" : bind99 + "BIND9_8" : bind9_8, + "BIND9_9" : bind9_9 }) diff --git a/source4/setup/named.conf.dlz b/source4/setup/named.conf.dlz index d91a020..2b884e9 100644 --- a/source4/setup/named.conf.dlz +++ b/source4/setup/named.conf.dlz @@ -10,10 +10,10 @@ # Uncomment only single database line, depending on your BIND version # dlz "AD DNS Zone" { - # For BIND 9.8.0 - ${BIND98} database "dlopen ${MODULESDIR}/bind9/dlz_bind9.so"; + # For BIND 9.8.x + ${BIND9_8} database "dlopen ${MODULESDIR}/bind9/dlz_bind9.so"; - # For BIND 9.9.0 - ${BIND99} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_9.so"; + # For BIND 9.9.x + ${BIND9_9} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_9.so"; }; -- 1.9.3 From a585041e0f59d96cc49773b550c1195b6cd8dc31 Mon Sep 17 00:00:00 2001 From: Amitay Isaacs Date: Sun, 19 Oct 2014 12:57:55 +1100 Subject: [PATCH 2/4] s4-dns: Check DLZ_DLOPEN_VERSION for different BIND versions Signed-off-by: Amitay Isaacs Reviewed-by: Matthieu Patou --- source4/dns_server/dlz_bind9.c | 2 +- source4/dns_server/dlz_minimal.h | 22 +++++++++------------- 2 files changed, 10 insertions(+), 14 deletions(-) diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c index f663a2c..29788dc 100644 --- a/source4/dns_server/dlz_bind9.c +++ b/source4/dns_server/dlz_bind9.c @@ -853,7 +853,7 @@ static isc_result_t dlz_lookup_types(struct dlz_bind9_data *state, /* lookup one record */ -#ifdef BIND_VERSION_9_8 +#if DLZ_DLOPEN_VERSION == 1 _PUBLIC_ isc_result_t dlz_lookup(const char *zone, const char *name, void *dbdata, dns_sdlzlookup_t *lookup) #else diff --git a/source4/dns_server/dlz_minimal.h b/source4/dns_server/dlz_minimal.h index 98fb34e..af0d6bc 100644 --- a/source4/dns_server/dlz_minimal.h +++ b/source4/dns_server/dlz_minimal.h @@ -16,25 +16,21 @@ * USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* - This header provides a minimal set of defines and typedefs needed - for building an external DLZ module for bind9. When creating a new - external DLZ driver, please copy this header into your own source - tree. - */ -typedef unsigned int isc_result_t; #ifdef BIND_VERSION_9_8 -typedef bool isc_boolean_t; +#define DLZ_DLOPEN_VERSION 1 +#elif BIND_VERSION_9_9 +#define DLZ_DLOPEN_VERSION 2 #else -typedef int isc_boolean_t; +#error Unsupported BIND version #endif -typedef uint32_t dns_ttl_t; -#ifdef BIND_VERSION_9_8 -#define DLZ_DLOPEN_VERSION 1 +typedef unsigned int isc_result_t; +#if DLZ_DLOPEN_VERSION == 1 +typedef bool isc_boolean_t; #else -#define DLZ_DLOPEN_VERSION 2 +typedef int isc_boolean_t; #endif +typedef uint32_t dns_ttl_t; /* return this in flags to dlz_version() if thread safe */ #define DNS_SDLZFLAG_THREADSAFE 0x00000001U -- 1.9.3 From 9b8273abca6be9738d46f95638dfaf13f602afcd Mon Sep 17 00:00:00 2001 From: Amitay Isaacs Date: Mon, 20 Oct 2014 15:31:30 +1100 Subject: [PATCH 3/4] s4-dns: Update dlz_minimal.h based on BIND release 9.10 Signed-off-by: Amitay Isaacs Reviewed-by: Matthieu Patou --- source4/dns_server/dlz_minimal.h | 207 +++++++++++++++++++++++++++++---------- 1 file changed, 153 insertions(+), 54 deletions(-) diff --git a/source4/dns_server/dlz_minimal.h b/source4/dns_server/dlz_minimal.h index af0d6bc..11187f7 100644 --- a/source4/dns_server/dlz_minimal.h +++ b/source4/dns_server/dlz_minimal.h @@ -16,10 +16,20 @@ * USE OR PERFORMANCE OF THIS SOFTWARE. */ +/* This header is updated based on BIND 9.10.1 source. + * contrib/dlz/modules/include/dlz_minimal.h + */ + +#ifndef DLZ_MINIMAL_H +#define DLZ_MINIMAL_H 1 + #ifdef BIND_VERSION_9_8 #define DLZ_DLOPEN_VERSION 1 #elif BIND_VERSION_9_9 #define DLZ_DLOPEN_VERSION 2 +#elif BIND_VERSION_9_10 +#define DLZ_DLOPEN_VERSION 3 +#define DLZ_DLOPEN_AGE 0 #else #error Unsupported BIND version #endif @@ -32,16 +42,23 @@ typedef int isc_boolean_t; #endif typedef uint32_t dns_ttl_t; -/* return this in flags to dlz_version() if thread safe */ +/* return these in flags from dlz_version() */ #define DNS_SDLZFLAG_THREADSAFE 0x00000001U +#define DNS_SDLZFLAG_RELATIVEOWNER 0x00000002U +#define DNS_SDLZFLAG_RELATIVERDATA 0x00000004U /* result codes */ #define ISC_R_SUCCESS 0 #define ISC_R_NOMEMORY 1 #define ISC_R_NOPERM 6 +#define ISC_R_NOSPACE 19 #define ISC_R_NOTFOUND 23 #define ISC_R_FAILURE 25 +#define ISC_R_NOTIMPLEMENTED 27 #define ISC_R_NOMORE 29 +#define ISC_R_INVALIDFILE 30 +#define ISC_R_UNEXPECTED 34 +#define ISC_R_FILENOTFOUND 38 /* boolean values */ #define ISC_TRUE 1 @@ -53,16 +70,51 @@ typedef uint32_t dns_ttl_t; #define ISC_LOG_WARNING (-3) #define ISC_LOG_ERROR (-4) #define ISC_LOG_CRITICAL (-5) +#define ISC_LOG_DEBUG(level) (level) -/* some opaque structures */ +/* opaque structures */ typedef void *dns_sdlzlookup_t; typedef void *dns_sdlzallnodes_t; typedef void *dns_view_t; -typedef void *dns_clientinfomethods_t; -typedef void *dns_clientinfo_t; +typedef void *dns_dlzdb_t; +#if DLZ_DLOPEN_VERSION > 1 /* - * method definitions for callbacks provided by dlopen driver + * Method and type definitions needed for retrieval of client info + * from the caller. + */ +typedef struct isc_sockaddr { + union { + struct sockaddr sa; + struct sockaddr_in sin; + struct sockaddr_in6 sin6; + struct sockaddr_un sunix; + } type; + unsigned int length; + void * link; +} isc_sockaddr_t; + +#define DNS_CLIENTINFO_VERSION 1 +typedef struct dns_clientinfo { + uint16_t version; + void *data; +} dns_clientinfo_t; + +typedef isc_result_t (*dns_clientinfo_sourceip_t)(dns_clientinfo_t *client, + isc_sockaddr_t **addrp); + +#define DNS_CLIENTINFOMETHODS_VERSION 1 +#define DNS_CLIENTINFOMETHODS_AGE 0 + +typedef struct dns_clientinfomethods { + uint16_t version; + uint16_t age; + dns_clientinfo_sourceip_t sourceip; +} dns_clientinfomethods_t; +#endif /* DLZ_DLOPEN_VERSION > 1 */ + +/* + * Method definitions for callbacks provided by the dlopen driver */ typedef void log_t(int level, const char *fmt, ...); @@ -78,103 +130,150 @@ typedef isc_result_t dns_sdlz_putnamedrr_t(dns_sdlzallnodes_t *allnodes, dns_ttl_t ttl, const char *data); +#if DLZ_DLOPEN_VERSION < 3 typedef isc_result_t dns_dlz_writeablezone_t(dns_view_t *view, const char *zone_name); - +#else /* DLZ_DLOPEN_VERSION >= 3 */ +typedef isc_result_t dns_dlz_writeablezone_t(dns_view_t *view, + dns_dlzdb_t *dlzdb, + const char *zone_name); +#endif /* DLZ_DLOPEN_VERSION */ /* - * prototypes for the functions you can include in your driver + * prototypes for the functions you can include in your module */ - /* * dlz_version() is required for all DLZ external drivers. It should - * return DLZ_DLOPEN_VERSION + * return DLZ_DLOPEN_VERSION. 'flags' is updated to indicate capabilities + * of the module. In particular, if the module is thread-safe then it + * sets 'flags' to include DNS_SDLZFLAG_THREADSAFE. Other capability + * flags may be added in the future. */ -int dlz_version(unsigned int *flags); +int +dlz_version(unsigned int *flags); /* * dlz_create() is required for all DLZ external drivers. */ -isc_result_t dlz_create(const char *dlzname, unsigned int argc, const char **argv, void **dbdata, ...); +isc_result_t +dlz_create(const char *dlzname, unsigned int argc, const char *argv[], + void **dbdata, ...); /* * dlz_destroy() is optional, and will be called when the driver is * unloaded if supplied */ -void dlz_destroy(void *dbdata); +void +dlz_destroy(void *dbdata); /* - dlz_findzonedb is required for all DLZ external drivers + * dlz_findzonedb is required for all DLZ external drivers */ -isc_result_t dlz_findzonedb(void *dbdata, const char *name); +#if DLZ_DLOPEN_VERSION < 3 +isc_result_t +dlz_findzonedb(void *dbdata, const char *name); +#else /* DLZ_DLOPEN_VERSION >= 3 */ +isc_result_t +dlz_findzonedb(void *dbdata, const char *name, + dns_clientinfomethods_t *methods, + dns_clientinfo_t *clientinfo); +#endif /* DLZ_DLOPEN_VERSION */ /* - dlz_lookup is required for all DLZ external drivers + * dlz_lookup is required for all DLZ external drivers */ -#ifdef BIND_VERSION_9_8 -isc_result_t dlz_lookup(const char *zone, const char *name, - void *dbdata, dns_sdlzlookup_t *lookup); -#else -isc_result_t dlz_lookup(const char *zone, const char *name, - void *dbdata, dns_sdlzlookup_t *lookup, - dns_clientinfomethods_t *methods, - dns_clientinfo_t *clientinfo); -#endif +#if DLZ_DLOPEN_VERSION == 1 +isc_result_t +dlz_lookup(const char *zone, const char *name, void *dbdata, + dns_sdlzlookup_t *lookup); +#else /* DLZ_DLOPEN_VERSION > 1 */ +isc_result_t +dlz_lookup(const char *zone, const char *name, void *dbdata, + dns_sdlzlookup_t *lookup, + dns_clientinfomethods_t *methods, + dns_clientinfo_t *clientinfo); +#endif /* DLZ_DLOPEN_VERSION */ /* - dlz_allowzonexfr() is optional, and should be supplied if you want - to support zone transfers + * dlz_authority() is optional if dlz_lookup() supplies + * authority information (i.e., SOA, NS) for the dns record */ -isc_result_t dlz_allowzonexfr(void *dbdata, const char *name, const char *client); - +isc_result_t +dlz_authority(const char *zone, void *dbdata, dns_sdlzlookup_t *lookup); /* - dlz_allnodes() is optional, but must be supplied if supply a - dlz_allowzonexfr() function + * dlz_allowzonexfr() is optional, and should be supplied if you want to + * support zone transfers */ -isc_result_t dlz_allnodes(const char *zone, void *dbdata, dns_sdlzallnodes_t *allnodes); +isc_result_t +dlz_allowzonexfr(void *dbdata, const char *name, const char *client); /* - dlz_newversion() is optional. It should be supplied if you want to - support dynamic updates. + * dlz_allnodes() is optional, but must be supplied if supply a + * dlz_allowzonexfr() function */ -isc_result_t dlz_newversion(const char *zone, void *dbdata, void **versionp); +isc_result_t +dlz_allnodes(const char *zone, void *dbdata, dns_sdlzallnodes_t *allnodes); /* - dlz_closeversion() is optional, but must be supplied if you supply - a dlz_newversion() function + * dlz_newversion() is optional. It should be supplied if you want to + * support dynamic updates. */ -void dlz_closeversion(const char *zone, isc_boolean_t commit, void *dbdata, void **versionp); +isc_result_t +dlz_newversion(const char *zone, void *dbdata, void **versionp); + +/* + * dlz_closeversion() is optional, but must be supplied if you supply a + * dlz_newversion() function + */ +void +dlz_closeversion(const char *zone, isc_boolean_t commit, void *dbdata, + void **versionp); /* - dlz_configure() is optional, but must be supplied if you want to - support dynamic updates + * dlz_configure() is optional, but must be supplied if you want to support + * dynamic updates */ -isc_result_t dlz_configure(dns_view_t *view, void *dbdata); +#if DLZ_DLOPEN_VERSION < 3 +isc_result_t +dlz_configure(dns_view_t *view, void *dbdata); +#else /* DLZ_DLOPEN_VERSION >= 3 */ +isc_result_t +dlz_configure(dns_view_t *view, dns_dlzdb_t *dlzdb, void *dbdata); +#endif /* DLZ_DLOPEN_VERSION */ /* - dlz_ssumatch() is optional, but must be supplied if you want to - support dynamic updates + * dlz_ssumatch() is optional, but must be supplied if you want to support + * dynamic updates */ -isc_boolean_t dlz_ssumatch(const char *signer, const char *name, const char *tcpaddr, - const char *type, const char *key, uint32_t keydatalen, uint8_t *keydata, - void *dbdata); +isc_boolean_t +dlz_ssumatch(const char *signer, const char *name, const char *tcpaddr, + const char *type, const char *key, uint32_t keydatalen, + uint8_t *keydata, void *dbdata); /* - dlz_addrdataset() is optional, but must be supplied if you want to - support dynamic updates + * dlz_addrdataset() is optional, but must be supplied if you want to + * support dynamic updates */ -isc_result_t dlz_addrdataset(const char *name, const char *rdatastr, void *dbdata, void *version); +isc_result_t +dlz_addrdataset(const char *name, const char *rdatastr, void *dbdata, + void *version); /* - dlz_subrdataset() is optional, but must be supplied if you want to - support dynamic updates + * dlz_subrdataset() is optional, but must be supplied if you want to + * support dynamic updates */ -isc_result_t dlz_subrdataset(const char *name, const char *rdatastr, void *dbdata, void *version); +isc_result_t +dlz_subrdataset(const char *name, const char *rdatastr, void *dbdata, + void *version); /* - dlz_delrdataset() is optional, but must be supplied if you want to - support dynamic updates + * dlz_delrdataset() is optional, but must be supplied if you want to + * support dynamic updates */ -isc_result_t dlz_delrdataset(const char *name, const char *type, void *dbdata, void *version); +isc_result_t +dlz_delrdataset(const char *name, const char *type, void *dbdata, + void *version); + +#endif /* DLZ_MINIMAL_H */ -- 1.9.3 From 85de10f0c837763bc109e0a3006d0955cd417832 Mon Sep 17 00:00:00 2001 From: Amitay Isaacs Date: Mon, 20 Oct 2014 16:32:42 +1100 Subject: [PATCH 4/4] s4-dns: Add support for BIND 9.10 Signed-off-by: Amitay Isaacs Reviewed-by: Matthieu Patou Autobuild-User(master): Amitay Isaacs Autobuild-Date(master): Sat Oct 25 05:42:19 CEST 2014 on sn-devel-104 --- python/samba/provision/sambadns.py | 6 +++++- source4/dns_server/dlz_bind9.c | 19 ++++++++++++++++++- source4/dns_server/wscript_build | 10 ++++++++++ source4/setup/named.conf.dlz | 3 +++ 4 files changed, 36 insertions(+), 2 deletions(-) diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py index 1ab8f4e..b563932 100644 --- a/python/samba/provision/sambadns.py +++ b/python/samba/provision/sambadns.py @@ -921,10 +921,13 @@ def create_named_conf(paths, realm, dnsdomain, dns_backend, logger): cwd='.').communicate()[0] bind9_8 = '#' bind9_9 = '#' + bind9_10 = '#' if bind_info.upper().find('BIND 9.8') != -1: bind9_8 = '' elif bind_info.upper().find('BIND 9.9') != -1: bind9_9 = '' + elif bind_info.upper().find('BIND 9.10') != -1: + bind9_10 = '' elif bind_info.upper().find('BIND 9.7') != -1: raise ProvisioningError("DLZ option incompatible with BIND 9.7.") else: @@ -933,7 +936,8 @@ def create_named_conf(paths, realm, dnsdomain, dns_backend, logger): "NAMED_CONF": paths.namedconf, "MODULESDIR" : samba.param.modules_dir(), "BIND9_8" : bind9_8, - "BIND9_9" : bind9_9 + "BIND9_9" : bind9_9, + "BIND9_10" : bind9_10 }) diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c index 29788dc..d43b404 100644 --- a/source4/dns_server/dlz_bind9.c +++ b/source4/dns_server/dlz_bind9.c @@ -792,7 +792,13 @@ static isc_result_t b9_find_name_dn(struct dlz_bind9_data *state, const char *na /* see if we handle a given zone */ +#if DLZ_DLOPEN_VERSION < 3 _PUBLIC_ isc_result_t dlz_findzonedb(void *dbdata, const char *name) +#else +_PUBLIC_ isc_result_t dlz_findzonedb(void *dbdata, const char *name, + dns_clientinfomethods_t *methods, + dns_clientinfo_t *clientinfo) +#endif { struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data); return b9_find_zone_dn(state, name, NULL, NULL); @@ -874,7 +880,9 @@ _PUBLIC_ isc_result_t dlz_lookup(const char *zone, const char *name, _PUBLIC_ isc_result_t dlz_allowzonexfr(void *dbdata, const char *name, const char *client) { /* just say yes for all our zones for now */ - return dlz_findzonedb(dbdata, name); + struct dlz_bind9_data *state = talloc_get_type( + dbdata, struct dlz_bind9_data); + return b9_find_zone_dn(state, name, NULL, NULL); } /* @@ -1116,7 +1124,12 @@ static bool b9_zone_exists(struct dlz_bind9_data *state, const char *name) /* configure a writeable zone */ +#if DLZ_DLOPEN_VERSION < 3 _PUBLIC_ isc_result_t dlz_configure(dns_view_t *view, void *dbdata) +#else +_PUBLIC_ isc_result_t dlz_configure(dns_view_t *view, dns_dlzdb_t *dlzdb, + void *dbdata) +#endif { struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data); TALLOC_CTX *tmp_ctx; @@ -1187,7 +1200,11 @@ _PUBLIC_ isc_result_t dlz_configure(dns_view_t *view, void *dbdata) return ISC_R_NOMEMORY; } +#if DLZ_DLOPEN_VERSION < 3 result = state->writeable_zone(view, zone); +#else + result = state->writeable_zone(view, dlzdb, zone); +#endif if (result != ISC_R_SUCCESS) { state->log(ISC_LOG_ERROR, "samba_dlz: Failed to configure zone '%s'", zone); diff --git a/source4/dns_server/wscript_build b/source4/dns_server/wscript_build index a92ab67..803ca62 100644 --- a/source4/dns_server/wscript_build +++ b/source4/dns_server/wscript_build @@ -37,6 +37,16 @@ bld.SAMBA_LIBRARY('dlz_bind9_9', deps='samba-hostconfig samdb-common gensec popt dnsserver_common', enabled=bld.AD_DC_BUILD_IS_ENABLED()) +bld.SAMBA_LIBRARY('dlz_bind9_10', + source='dlz_bind9.c', + cflags='-DBIND_VERSION_9_10', + private_library=True, + link_name='modules/bind9/dlz_bind9_10.so', + realname='dlz_bind9_10.so', + install_path='${MODULESDIR}/bind9', + deps='samba-hostconfig samdb-common gensec popt dnsserver_common', + enabled=bld.AD_DC_BUILD_IS_ENABLED()) + bld.SAMBA_LIBRARY('dlz_bind9_for_torture', source='dlz_bind9.c', cflags='-DBIND_VERSION_9_8', diff --git a/source4/setup/named.conf.dlz b/source4/setup/named.conf.dlz index 2b884e9..460d2ca 100644 --- a/source4/setup/named.conf.dlz +++ b/source4/setup/named.conf.dlz @@ -15,5 +15,8 @@ dlz "AD DNS Zone" { # For BIND 9.9.x ${BIND9_9} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_9.so"; + + # For BIND 9.10.x + ${BIND9_10} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_10.so"; }; -- 1.9.3