diff options
| author | Seonah Moon <seonah1.moon@samsung.com> | 2019-08-09 14:37:57 +0900 |
|---|---|---|
| committer | Seonah Moon <seonah1.moon@samsung.com> | 2019-08-09 14:38:06 +0900 |
| commit | 452e843953638e1d4e85a9a190f272e1cb02a5bc (patch) | |
| tree | 6eda1eb9765acd26849d9c201e1a1574e1794da5 | |
| parent | 5a99e8913d336ea0ca5f96d230473a281fada3de (diff) | |
| download | bind-452e843953638e1d4e85a9a190f272e1cb02a5bc.tar.gz bind-452e843953638e1d4e85a9a190f272e1cb02a5bc.tar.bz2 bind-452e843953638e1d4e85a9a190f272e1cb02a5bc.zip | |
Fix conflicts
Change-Id: I166fc6e201d2594d2d1a8d382600c138b31de071
114 files changed, 10920 insertions, 9956 deletions
@@ -1,9 +1,3 @@ -<<<<<<< HEAD -4504. [security] Allow the maximum number of records in a zone to - be specified. This provides a control for issues - raised in CVE-2016-6170. [RT #42143] - --- 9.11.0-P3 released --- -======= --- 9.14.4 released --- 5260. [bug] dnstap-read was producing malformed output for large @@ -2435,7 +2429,6 @@ 4559. [bug] openssl_link.c didn't compile if ISC_MEM_TRACKLINES was turned off. [RT #44509] ->>>>>>> upstream/9.14.4 4558. [bug] Synthesised CNAME before matching DNAME was still being cached when it should not have been. [RT #44318] diff --git a/bin/dnssec/Makefile.in b/bin/dnssec/Makefile.in index 0e385247..097015ff 100644 --- a/bin/dnssec/Makefile.in +++ b/bin/dnssec/Makefile.in @@ -94,15 +94,15 @@ dnssec-verify@EXEEXT@: dnssec-verify.@O@ ${OBJS} ${DEPLIBS} ${FINALBUILDCMD} dnssec-revoke@EXEEXT@: dnssec-revoke.@O@ ${OBJS} ${DEPLIBS} - ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ASLR_CFLAGS} ${ASLR_LDFLAGS} -o $@ \ + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \ dnssec-revoke.@O@ ${OBJS} ${LIBS} dnssec-settime@EXEEXT@: dnssec-settime.@O@ ${OBJS} ${DEPLIBS} - ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ASLR_CFLAGS} ${ASLR_LDFLAGS} -o $@ \ + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \ dnssec-settime.@O@ ${OBJS} ${LIBS} dnssec-importkey@EXEEXT@: dnssec-importkey.@O@ ${OBJS} ${DEPLIBS} - ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ASLR_CFLAGS} ${ASLR_LDFLAGS} -o $@ \ + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \ dnssec-importkey.@O@ ${OBJS} ${LIBS} doc man:: ${MANOBJS} diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in index e9d983cc..40f506cf 100644 --- a/bin/named/Makefile.in +++ b/bin/named/Makefile.in @@ -120,7 +120,7 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES} @BIND9_MAKE_RULES@ main.@O@: main.c - ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS_WITH_ASLR} \ + ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DVERSION=\"${VERSION}\" \ -DPRODUCT=\"${PRODUCT}\" \ -DDESCRIPTION=\"${DESCRIPTION}\" \ @@ -131,7 +131,7 @@ main.@O@: main.c -DNAMED_SYSCONFDIR=\"${sysconfdir}\" -c ${srcdir}/main.c config.@O@: config.c - ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS_WITH_ASLR} \ + ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DVERSION=\"${VERSION}\" \ -DSRCID=\"${SRCID}\" \ -DDYNDB_LIBDIR=\"@libdir@/bind\" \ @@ -141,7 +141,7 @@ config.@O@: config.c -c ${srcdir}/config.c server.@O@: server.c - ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS_WITH_ASLR} \ + ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DPRODUCT=\"${PRODUCT}\" \ -DVERSION=\"${VERSION}\" -c ${srcdir}/server.c @@ -184,4 +184,4 @@ uninstall:: @DLZ_DRIVER_RULES@ named-symtbl.@O@: named-symtbl.c - ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS_WITH_ASLR} -c named-symtbl.c + ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -c named-symtbl.c diff --git a/bin/named/config.c b/bin/named/config.c index 64714a44..078a3e93 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -232,15 +232,8 @@ options {\n\ max-retry-time 1209600; /* 2 weeks */\n\ max-transfer-idle-in 60;\n\ max-transfer-idle-out 60;\n\ -<<<<<<< HEAD - max-records 0;\n\ - max-retry-time 1209600; /* 2 weeks */\n\ - min-retry-time 500;\n\ - max-refresh-time 2419200; /* 4 weeks */\n\ -======= max-transfer-time-in 120;\n\ max-transfer-time-out 120;\n\ ->>>>>>> upstream/9.14.4 min-refresh-time 300;\n\ min-retry-time 500;\n\ multi-master no;\n\ diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook index a0fa47b9..3683f3ee 100644 --- a/bin/named/named.conf.docbook +++ b/bin/named/named.conf.docbook @@ -461,54 +461,6 @@ options { trust-anchor-telemetry <replaceable>boolean</replaceable>; // experimental try-tcp-refresh <replaceable>boolean</replaceable>; update-check-ksk <replaceable>boolean</replaceable>; -<<<<<<< HEAD - dnssec-dnskey-kskonly <replaceable>boolean</replaceable>; - - masterfile-format ( text | raw | map ); - notify <replaceable>notifytype</replaceable>; - notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; - notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; - notify-delay <replaceable>seconds</replaceable>; - notify-to-soa <replaceable>boolean</replaceable>; - also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) - <optional> port <replaceable>integer</replaceable> </optional>; ... - <optional> key <replaceable>keyname</replaceable> </optional> ... }; - allow-notify { <replaceable>address_match_element</replaceable>; ... }; - - forward ( first | only ); - forwarders <optional> port <replaceable>integer</replaceable> </optional> { - ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ... - }; - - max-journal-size <replaceable>size_no_default</replaceable>; - max-records <replaceable>integer</replaceable>; - max-transfer-time-in <replaceable>integer</replaceable>; - max-transfer-time-out <replaceable>integer</replaceable>; - max-transfer-idle-in <replaceable>integer</replaceable>; - max-transfer-idle-out <replaceable>integer</replaceable>; - max-retry-time <replaceable>integer</replaceable>; - min-retry-time <replaceable>integer</replaceable>; - max-refresh-time <replaceable>integer</replaceable>; - min-refresh-time <replaceable>integer</replaceable>; - multi-master <replaceable>boolean</replaceable>; - - sig-validity-interval <replaceable>integer</replaceable>; - sig-re-signing-interval <replaceable>integer</replaceable>; - sig-signing-nodes <replaceable>integer</replaceable>; - sig-signing-signatures <replaceable>integer</replaceable>; - sig-signing-type <replaceable>integer</replaceable>; - - transfer-source ( <replaceable>ipv4_address</replaceable> | * ) - <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; - transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) - <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; - - alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * ) - <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; - alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) - <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; -======= ->>>>>>> upstream/9.14.4 use-alt-transfer-source <replaceable>boolean</replaceable>; use-v4-udp-ports { <replaceable>portrange</replaceable>; ... }; use-v6-udp-ports { <replaceable>portrange</replaceable>; ... }; @@ -696,13 +648,6 @@ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] { algorithm <replaceable>string</replaceable>; secret <replaceable>string</replaceable>; }; -<<<<<<< HEAD - - max-journal-size <replaceable>size_no_default</replaceable>; - max-records <replaceable>integer</replaceable>; - max-transfer-time-in <replaceable>integer</replaceable>; - max-transfer-time-out <replaceable>integer</replaceable>; -======= key-directory <replaceable>quoted_string</replaceable>; lame-ttl <replaceable>ttlval</replaceable>; lmdb-mapsize <replaceable>sizeval</replaceable>; @@ -725,7 +670,6 @@ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] { max-refresh-time <replaceable>integer</replaceable>; max-retry-time <replaceable>integer</replaceable>; max-stale-ttl <replaceable>ttlval</replaceable>; ->>>>>>> upstream/9.14.4 max-transfer-idle-in <replaceable>integer</replaceable>; max-transfer-idle-out <replaceable>integer</replaceable>; max-transfer-time-in <replaceable>integer</replaceable>; @@ -1010,16 +954,6 @@ zone <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] { dnssec-update-mode ( maintain | no-resign ); file <replaceable>quoted_string</replaceable>; forward ( first | only ); -<<<<<<< HEAD - forwarders <optional> port <replaceable>integer</replaceable> </optional> { - ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ... - }; - - max-journal-size <replaceable>size_no_default</replaceable>; - max-records <replaceable>integer</replaceable>; - max-transfer-time-in <replaceable>integer</replaceable>; - max-transfer-time-out <replaceable>integer</replaceable>; -======= forwarders [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ]; ... }; in-view <replaceable>string</replaceable>; @@ -1036,7 +970,6 @@ zone <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] { max-records <replaceable>integer</replaceable>; max-refresh-time <replaceable>integer</replaceable>; max-retry-time <replaceable>integer</replaceable>; ->>>>>>> upstream/9.14.4 max-transfer-idle-in <replaceable>integer</replaceable>; max-transfer-idle-out <replaceable>integer</replaceable>; max-transfer-time-in <replaceable>integer</replaceable>; diff --git a/bin/named/update.c b/bin/named/update.c deleted file mode 100644 index e89bbad9..00000000 --- a/bin/named/update.c +++ /dev/null @@ -1,3497 +0,0 @@ -/* - * Copyright (C) 1999-2016 Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - */ - -/* $Id: update.c,v 1.199 2011/12/22 07:32:40 each Exp $ */ - -#include <config.h> - -#include <isc/netaddr.h> -#include <isc/print.h> -#include <isc/serial.h> -#include <isc/stats.h> -#include <isc/string.h> -#include <isc/taskpool.h> -#include <isc/util.h> - -#include <dns/db.h> -#include <dns/dbiterator.h> -#include <dns/diff.h> -#include <dns/dnssec.h> -#include <dns/events.h> -#include <dns/fixedname.h> -#include <dns/journal.h> -#include <dns/keyvalues.h> -#include <dns/message.h> -#include <dns/nsec.h> -#include <dns/nsec3.h> -#include <dns/private.h> -#include <dns/rdataclass.h> -#include <dns/rdataset.h> -#include <dns/rdatasetiter.h> -#include <dns/rdatastruct.h> -#include <dns/rdatatype.h> -#include <dns/soa.h> -#include <dns/ssu.h> -#include <dns/tsig.h> -#include <dns/update.h> -#include <dns/view.h> -#include <dns/zone.h> -#include <dns/zt.h> - -#include <named/client.h> -#include <named/log.h> -#include <named/server.h> -#include <named/update.h> - -/*! \file - * \brief - * This module implements dynamic update as in RFC2136. - */ - -/* - * XXX TODO: - * - document strict minimality - */ - -/**************************************************************************/ - -/*% - * Log level for tracing dynamic update protocol requests. - */ -#define LOGLEVEL_PROTOCOL ISC_LOG_INFO - -/*% - * Log level for low-level debug tracing. - */ -#define LOGLEVEL_DEBUG ISC_LOG_DEBUG(8) - -/*% - * Check an operation for failure. These macros all assume that - * the function using them has a 'result' variable and a 'failure' - * label. - */ -#define CHECK(op) \ - do { result = (op); \ - if (result != ISC_R_SUCCESS) goto failure; \ - } while (0) - -/*% - * Fail unconditionally with result 'code', which must not - * be ISC_R_SUCCESS. The reason for failure presumably has - * been logged already. - * - * The test against ISC_R_SUCCESS is there to keep the Solaris compiler - * from complaining about "end-of-loop code not reached". - */ - -#define FAIL(code) \ - do { \ - result = (code); \ - if (result != ISC_R_SUCCESS) goto failure; \ - } while (0) - -/*% - * Fail unconditionally and log as a client error. - * The test against ISC_R_SUCCESS is there to keep the Solaris compiler - * from complaining about "end-of-loop code not reached". - */ -#define FAILC(code, msg) \ - do { \ - const char *_what = "failed"; \ - result = (code); \ - switch (result) { \ - case DNS_R_NXDOMAIN: \ - case DNS_R_YXDOMAIN: \ - case DNS_R_YXRRSET: \ - case DNS_R_NXRRSET: \ - _what = "unsuccessful"; \ - } \ - update_log(client, zone, LOGLEVEL_PROTOCOL, \ - "update %s: %s (%s)", _what, \ - msg, isc_result_totext(result)); \ - if (result != ISC_R_SUCCESS) goto failure; \ - } while (0) -#define PREREQFAILC(code, msg) \ - do { \ - inc_stats(zone, dns_nsstatscounter_updatebadprereq); \ - FAILC(code, msg); \ - } while (0) - -#define FAILN(code, name, msg) \ - do { \ - const char *_what = "failed"; \ - result = (code); \ - switch (result) { \ - case DNS_R_NXDOMAIN: \ - case DNS_R_YXDOMAIN: \ - case DNS_R_YXRRSET: \ - case DNS_R_NXRRSET: \ - _what = "unsuccessful"; \ - } \ - if (isc_log_wouldlog(ns_g_lctx, LOGLEVEL_PROTOCOL)) { \ - char _nbuf[DNS_NAME_FORMATSIZE]; \ - dns_name_format(name, _nbuf, sizeof(_nbuf)); \ - update_log(client, zone, LOGLEVEL_PROTOCOL, \ - "update %s: %s: %s (%s)", _what, _nbuf, \ - msg, isc_result_totext(result)); \ - } \ - if (result != ISC_R_SUCCESS) goto failure; \ - } while (0) -#define PREREQFAILN(code, name, msg) \ - do { \ - inc_stats(zone, dns_nsstatscounter_updatebadprereq); \ - FAILN(code, name, msg); \ - } while (0) - -#define FAILNT(code, name, type, msg) \ - do { \ - const char *_what = "failed"; \ - result = (code); \ - switch (result) { \ - case DNS_R_NXDOMAIN: \ - case DNS_R_YXDOMAIN: \ - case DNS_R_YXRRSET: \ - case DNS_R_NXRRSET: \ - _what = "unsuccessful"; \ - } \ - if (isc_log_wouldlog(ns_g_lctx, LOGLEVEL_PROTOCOL)) { \ - char _nbuf[DNS_NAME_FORMATSIZE]; \ - char _tbuf[DNS_RDATATYPE_FORMATSIZE]; \ - dns_name_format(name, _nbuf, sizeof(_nbuf)); \ - dns_rdatatype_format(type, _tbuf, sizeof(_tbuf)); \ - update_log(client, zone, LOGLEVEL_PROTOCOL, \ - "update %s: %s/%s: %s (%s)", \ - _what, _nbuf, _tbuf, msg, \ - isc_result_totext(result)); \ - } \ - if (result != ISC_R_SUCCESS) goto failure; \ - } while (0) -#define PREREQFAILNT(code, name, type, msg) \ - do { \ - inc_stats(zone, dns_nsstatscounter_updatebadprereq); \ - FAILNT(code, name, type, msg); \ - } while (0) - -/*% - * Fail unconditionally and log as a server error. - * The test against ISC_R_SUCCESS is there to keep the Solaris compiler - * from complaining about "end-of-loop code not reached". - */ -#define FAILS(code, msg) \ - do { \ - result = (code); \ - update_log(client, zone, LOGLEVEL_PROTOCOL, \ - "error: %s: %s", \ - msg, isc_result_totext(result)); \ - if (result != ISC_R_SUCCESS) goto failure; \ - } while (0) - -/* - * Return TRUE if NS_CLIENTATTR_TCP is set in the attributes other FALSE. - */ -#define TCPCLIENT(client) (((client)->attributes & NS_CLIENTATTR_TCP) != 0) - -/**************************************************************************/ - -typedef struct rr rr_t; - -struct rr { - /* dns_name_t name; */ - isc_uint32_t ttl; - dns_rdata_t rdata; -}; - -typedef struct update_event update_event_t; - -struct update_event { - ISC_EVENT_COMMON(update_event_t); - dns_zone_t *zone; - isc_result_t result; - dns_message_t *answer; -}; - -/*% - * Prepare an RR for the addition of the new RR 'ctx->update_rr', - * with TTL 'ctx->update_rr_ttl', to its rdataset, by deleting - * the RRs if it is replaced by the new RR or has a conflicting TTL. - * The necessary changes are appended to ctx->del_diff and ctx->add_diff; - * we need to do all deletions before any additions so that we don't run - * into transient states with conflicting TTLs. - */ - -typedef struct { - dns_db_t *db; - dns_dbversion_t *ver; - dns_diff_t *diff; - dns_name_t *name; - dns_name_t *oldname; - dns_rdata_t *update_rr; - dns_ttl_t update_rr_ttl; - isc_boolean_t ignore_add; - dns_diff_t del_diff; - dns_diff_t add_diff; -} add_rr_prepare_ctx_t; - -/**************************************************************************/ -/* - * Forward declarations. - */ - -static void update_action(isc_task_t *task, isc_event_t *event); -static void updatedone_action(isc_task_t *task, isc_event_t *event); -static isc_result_t send_forward_event(ns_client_t *client, dns_zone_t *zone); -static void forward_done(isc_task_t *task, isc_event_t *event); -static isc_result_t add_rr_prepare_action(void *data, rr_t *rr); - -/**************************************************************************/ - -static void -update_log(ns_client_t *client, dns_zone_t *zone, - int level, const char *fmt, ...) ISC_FORMAT_PRINTF(4, 5); - -static void -update_log(ns_client_t *client, dns_zone_t *zone, - int level, const char *fmt, ...) -{ - va_list ap; - char message[4096]; - char namebuf[DNS_NAME_FORMATSIZE]; - char classbuf[DNS_RDATACLASS_FORMATSIZE]; - - if (client == NULL || zone == NULL) - return; - - if (isc_log_wouldlog(ns_g_lctx, level) == ISC_FALSE) - return; - - dns_name_format(dns_zone_getorigin(zone), namebuf, - sizeof(namebuf)); - dns_rdataclass_format(dns_zone_getclass(zone), classbuf, - sizeof(classbuf)); - - va_start(ap, fmt); - vsnprintf(message, sizeof(message), fmt, ap); - va_end(ap); - - ns_client_log(client, NS_LOGCATEGORY_UPDATE, NS_LOGMODULE_UPDATE, - level, "updating zone '%s/%s': %s", - namebuf, classbuf, message); -} - -static void -update_log_cb(void *arg, dns_zone_t *zone, int level, const char *message) { - update_log(arg, zone, level, "%s", message); -} - -/*% - * Increment updated-related statistics counters. - */ -static inline void -inc_stats(dns_zone_t *zone, isc_statscounter_t counter) { - isc_stats_increment(ns_g_server->nsstats, counter); - - if (zone != NULL) { - isc_stats_t *zonestats = dns_zone_getrequeststats(zone); - if (zonestats != NULL) - isc_stats_increment(zonestats, counter); - } -} - -/*% - * Check if we could have queried for the contents of this zone or - * if the zone is potentially updateable. - * If the zone can potentially be updated and the check failed then - * log a error otherwise we log a informational message. - */ -static isc_result_t -checkqueryacl(ns_client_t *client, dns_acl_t *queryacl, dns_name_t *zonename, - dns_acl_t *updateacl, dns_ssutable_t *ssutable) -{ - char namebuf[DNS_NAME_FORMATSIZE]; - char classbuf[DNS_RDATACLASS_FORMATSIZE]; - int level; - isc_result_t result; - - result = ns_client_checkaclsilent(client, NULL, queryacl, ISC_TRUE); - if (result != ISC_R_SUCCESS) { - dns_name_format(zonename, namebuf, sizeof(namebuf)); - dns_rdataclass_format(client->view->rdclass, classbuf, - sizeof(classbuf)); - - level = (updateacl == NULL && ssutable == NULL) ? - ISC_LOG_INFO : ISC_LOG_ERROR; - - ns_client_log(client, NS_LOGCATEGORY_UPDATE_SECURITY, - NS_LOGMODULE_UPDATE, level, - "update '%s/%s' denied due to allow-query", - namebuf, classbuf); - } else if (updateacl == NULL && ssutable == NULL) { - dns_name_format(zonename, namebuf, sizeof(namebuf)); - dns_rdataclass_format(client->view->rdclass, classbuf, - sizeof(classbuf)); - - result = DNS_R_REFUSED; - ns_client_log(client, NS_LOGCATEGORY_UPDATE_SECURITY, - NS_LOGMODULE_UPDATE, ISC_LOG_INFO, - "update '%s/%s' denied", namebuf, classbuf); - } - return (result); -} - -/*% - * Override the default acl logging when checking whether a client - * can update the zone or whether we can forward the request to the - * master based on IP address. - * - * 'message' contains the type of operation that is being attempted. - * 'slave' indicates if this is a slave zone. If 'acl' is NULL then - * log at debug=3. - * If the zone has no access controls configured ('acl' == NULL && - * 'has_ssutable == ISC_FALS) log the attempt at info, otherwise - * at error. - * - * If the request was signed log that we received it. - */ -static isc_result_t -checkupdateacl(ns_client_t *client, dns_acl_t *acl, const char *message, - dns_name_t *zonename, isc_boolean_t slave, - isc_boolean_t has_ssutable) -{ - char namebuf[DNS_NAME_FORMATSIZE]; - char classbuf[DNS_RDATACLASS_FORMATSIZE]; - int level = ISC_LOG_ERROR; - const char *msg = "denied"; - isc_result_t result; - - if (slave && acl == NULL) { - result = DNS_R_NOTIMP; - level = ISC_LOG_DEBUG(3); - msg = "disabled"; - } else { - result = ns_client_checkaclsilent(client, NULL, acl, ISC_FALSE); - if (result == ISC_R_SUCCESS) { - level = ISC_LOG_DEBUG(3); - msg = "approved"; - } else if (acl == NULL && !has_ssutable) { - level = ISC_LOG_INFO; - } - } - - if (client->signer != NULL) { - dns_name_format(client->signer, namebuf, sizeof(namebuf)); - ns_client_log(client, NS_LOGCATEGORY_UPDATE_SECURITY, - NS_LOGMODULE_UPDATE, ISC_LOG_INFO, - "signer \"%s\" %s", namebuf, msg); - } - - dns_name_format(zonename, namebuf, sizeof(namebuf)); - dns_rdataclass_format(client->view->rdclass, classbuf, - sizeof(classbuf)); - - ns_client_log(client, NS_LOGCATEGORY_UPDATE_SECURITY, - NS_LOGMODULE_UPDATE, level, "%s '%s/%s' %s", - message, namebuf, classbuf, msg); - return (result); -} - -/*% - * Update a single RR in version 'ver' of 'db' and log the - * update in 'diff'. - * - * Ensures: - * \li '*tuple' == NULL. Either the tuple is freed, or its - * ownership has been transferred to the diff. - */ -static isc_result_t -do_one_tuple(dns_difftuple_t **tuple, dns_db_t *db, dns_dbversion_t *ver, - dns_diff_t *diff) -{ - dns_diff_t temp_diff; - isc_result_t result; - - /* - * Create a singleton diff. - */ - dns_diff_init(diff->mctx, &temp_diff); - ISC_LIST_APPEND(temp_diff.tuples, *tuple, link); - - /* - * Apply it to the database. - */ - result = dns_diff_apply(&temp_diff, db, ver); - ISC_LIST_UNLINK(temp_diff.tuples, *tuple, link); - if (result != ISC_R_SUCCESS) { - dns_difftuple_free(tuple); - return (result); - } - - /* - * Merge it into the current pending journal entry. - */ - dns_diff_appendminimal(diff, tuple); - - /* - * Do not clear temp_diff. - */ - return (ISC_R_SUCCESS); -} - -/*% - * Perform the updates in 'updates' in version 'ver' of 'db' and log the - * update in 'diff'. - * - * Ensures: - * \li 'updates' is empty. - */ -static isc_result_t -do_diff(dns_diff_t *updates, dns_db_t *db, dns_dbversion_t *ver, - dns_diff_t *diff) -{ - isc_result_t result; - while (! ISC_LIST_EMPTY(updates->tuples)) { - dns_difftuple_t *t = ISC_LIST_HEAD(updates->tuples); - ISC_LIST_UNLINK(updates->tuples, t, link); - CHECK(do_one_tuple(&t, db, ver, diff)); - } - return (ISC_R_SUCCESS); - - failure: - dns_diff_clear(diff); - return (result); -} - -static isc_result_t -update_one_rr(dns_db_t *db, dns_dbversion_t *ver, dns_diff_t *diff, - dns_diffop_t op, dns_name_t *name, dns_ttl_t ttl, - dns_rdata_t *rdata) -{ - dns_difftuple_t *tuple = NULL; - isc_result_t result; - result = dns_difftuple_create(diff->mctx, op, - name, ttl, rdata, &tuple); - if (result != ISC_R_SUCCESS) - return (result); - return (do_one_tuple(&tuple, db, ver, diff)); -} - -/**************************************************************************/ -/* - * Callback-style iteration over rdatasets and rdatas. - * - * foreach_rrset() can be used to iterate over the RRsets - * of a name and call a callback function with each - * one. Similarly, foreach_rr() can be used to iterate - * over the individual RRs at name, optionally restricted - * to RRs of a given type. - * - * The callback functions are called "actions" and take - * two arguments: a void pointer for passing arbitrary - * context information, and a pointer to the current RRset - * or RR. By convention, their names end in "_action". - */ - -/* - * XXXRTH We might want to make this public somewhere in libdns. - */ - -/*% - * Function type for foreach_rrset() iterator actions. - */ -typedef isc_result_t rrset_func(void *data, dns_rdataset_t *rrset); - -/*% - * Function type for foreach_rr() iterator actions. - */ -typedef isc_result_t rr_func(void *data, rr_t *rr); - -/*% - * Internal context struct for foreach_node_rr(). - */ -typedef struct { - rr_func * rr_action; - void * rr_action_data; -} foreach_node_rr_ctx_t; - -/*% - * Internal helper function for foreach_node_rr(). - */ -static isc_result_t -foreach_node_rr_action(void *data, dns_rdataset_t *rdataset) { - isc_result_t result; - foreach_node_rr_ctx_t *ctx = data; - for (result = dns_rdataset_first(rdataset); - result == ISC_R_SUCCESS; - result = dns_rdataset_next(rdataset)) - { - rr_t rr = { 0, DNS_RDATA_INIT }; - - dns_rdataset_current(rdataset, &rr.rdata); - rr.ttl = rdataset->ttl; - result = (*ctx->rr_action)(ctx->rr_action_data, &rr); - if (result != ISC_R_SUCCESS) - return (result); - } - if (result != ISC_R_NOMORE) - return (result); - return (ISC_R_SUCCESS); -} - -/*% - * For each rdataset of 'name' in 'ver' of 'db', call 'action' - * with the rdataset and 'action_data' as arguments. If the name - * does not exist, do nothing. - * - * If 'action' returns an error, abort iteration and return the error. - */ -static isc_result_t -foreach_rrset(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, - rrset_func *action, void *action_data) -{ - isc_result_t result; - dns_dbnode_t *node; - dns_rdatasetiter_t *iter; - dns_clientinfomethods_t cm; - dns_clientinfo_t ci; - dns_dbversion_t *oldver = NULL; - - dns_clientinfomethods_init(&cm, ns_client_sourceip); - - /* - * Only set the clientinfo 'versionp' if the new version is - * different from the current version - */ - dns_db_currentversion(db, &oldver); - dns_clientinfo_init(&ci, NULL, (ver != oldver) ? ver : NULL); - dns_db_closeversion(db, &oldver, ISC_FALSE); - - node = NULL; - result = dns_db_findnodeext(db, name, ISC_FALSE, &cm, &ci, &node); - if (result == ISC_R_NOTFOUND) - return (ISC_R_SUCCESS); - if (result != ISC_R_SUCCESS) - return (result); - - iter = NULL; - result = dns_db_allrdatasets(db, node, ver, - (isc_stdtime_t) 0, &iter); - if (result != ISC_R_SUCCESS) - goto cleanup_node; - - for (result = dns_rdatasetiter_first(iter); - result == ISC_R_SUCCESS; - result = dns_rdatasetiter_next(iter)) - { - dns_rdataset_t rdataset; - - dns_rdataset_init(&rdataset); - dns_rdatasetiter_current(iter, &rdataset); - - result = (*action)(action_data, &rdataset); - - dns_rdataset_disassociate(&rdataset); - if (result != ISC_R_SUCCESS) - goto cleanup_iterator; - } - if (result == ISC_R_NOMORE) - result = ISC_R_SUCCESS; - - cleanup_iterator: - dns_rdatasetiter_destroy(&iter); - - cleanup_node: - dns_db_detachnode(db, &node); - - return (result); -} - -/*% - * For each RR of 'name' in 'ver' of 'db', call 'action' - * with the RR and 'action_data' as arguments. If the name - * does not exist, do nothing. - * - * If 'action' returns an error, abort iteration - * and return the error. - */ -static isc_result_t -foreach_node_rr(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, - rr_func *rr_action, void *rr_action_data) -{ - foreach_node_rr_ctx_t ctx; - ctx.rr_action = rr_action; - ctx.rr_action_data = rr_action_data; - return (foreach_rrset(db, ver, name, - foreach_node_rr_action, &ctx)); -} - - -/*% - * For each of the RRs specified by 'db', 'ver', 'name', 'type', - * (which can be dns_rdatatype_any to match any type), and 'covers', call - * 'action' with the RR and 'action_data' as arguments. If the name - * does not exist, or if no RRset of the given type exists at the name, - * do nothing. - * - * If 'action' returns an error, abort iteration and return the error. - */ -static isc_result_t -foreach_rr(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, - dns_rdatatype_t type, dns_rdatatype_t covers, rr_func *rr_action, - void *rr_action_data) -{ - - isc_result_t result; - dns_dbnode_t *node; - dns_rdataset_t rdataset; - dns_clientinfomethods_t cm; - dns_clientinfo_t ci; - dns_dbversion_t *oldver = NULL; - dns_fixedname_t fixed; - - dns_clientinfomethods_init(&cm, ns_client_sourceip); - - /* - * Only set the clientinfo 'versionp' if the new version is - * different from the current version - */ - dns_db_currentversion(db, &oldver); - dns_clientinfo_init(&ci, NULL, (ver != oldver) ? ver : NULL); - dns_db_closeversion(db, &oldver, ISC_FALSE); - - if (type == dns_rdatatype_any) - return (foreach_node_rr(db, ver, name, - rr_action, rr_action_data)); - - node = NULL; - if (type == dns_rdatatype_nsec3 || - (type == dns_rdatatype_rrsig && covers == dns_rdatatype_nsec3)) - result = dns_db_findnsec3node(db, name, ISC_FALSE, &node); - else - result = dns_db_findnodeext(db, name, ISC_FALSE, - &cm, &ci, &node); - if (result == ISC_R_NOTFOUND) - return (ISC_R_SUCCESS); - if (result != ISC_R_SUCCESS) - return (result); - - dns_rdataset_init(&rdataset); - result = dns_db_findrdataset(db, node, ver, type, covers, - (isc_stdtime_t) 0, &rdataset, NULL); - if (result == ISC_R_NOTFOUND) { - result = ISC_R_SUCCESS; - goto cleanup_node; - } - if (result != ISC_R_SUCCESS) - goto cleanup_node; - - if (rr_action == add_rr_prepare_action) { - add_rr_prepare_ctx_t *ctx = rr_action_data; - - dns_fixedname_init(&fixed); - ctx->oldname = dns_fixedname_name(&fixed); - dns_name_copy(name, ctx->oldname, NULL); - dns_rdataset_getownercase(&rdataset, ctx->oldname); - } - - for (result = dns_rdataset_first(&rdataset); - result == ISC_R_SUCCESS; - result = dns_rdataset_next(&rdataset)) - { - rr_t rr = { 0, DNS_RDATA_INIT }; - dns_rdataset_current(&rdataset, &rr.rdata); - rr.ttl = rdataset.ttl; - result = (*rr_action)(rr_action_data, &rr); - if (result != ISC_R_SUCCESS) - goto cleanup_rdataset; - } - if (result != ISC_R_NOMORE) - goto cleanup_rdataset; - result = ISC_R_SUCCESS; - - cleanup_rdataset: - dns_rdataset_disassociate(&rdataset); - cleanup_node: - dns_db_detachnode(db, &node); - - return (result); -} - -/**************************************************************************/ -/* - * Various tests on the database contents (for prerequisites, etc). - */ - -/*% - * Function type for predicate functions that compare a database RR 'db_rr' - * against an update RR 'update_rr'. - */ -typedef isc_boolean_t rr_predicate(dns_rdata_t *update_rr, dns_rdata_t *db_rr); - -/*% - * Helper function for rrset_exists(). - */ -static isc_result_t -rrset_exists_action(void *data, rr_t *rr) { - UNUSED(data); - UNUSED(rr); - return (ISC_R_EXISTS); -} - -/*% - * Utility macro for RR existence checking functions. - * - * If the variable 'result' has the value ISC_R_EXISTS or - * ISC_R_SUCCESS, set *exists to ISC_TRUE or ISC_FALSE, - * respectively, and return success. - * - * If 'result' has any other value, there was a failure. - * Return the failure result code and do not set *exists. - * - * This would be more readable as "do { if ... } while(0)", - * but that form generates tons of warnings on Solaris 2.6. - */ -#define RETURN_EXISTENCE_FLAG \ - return ((result == ISC_R_EXISTS) ? \ - (*exists = ISC_TRUE, ISC_R_SUCCESS) : \ - ((result == ISC_R_SUCCESS) ? \ - (*exists = ISC_FALSE, ISC_R_SUCCESS) : \ - result)) - -/*% - * Set '*exists' to true iff an rrset of the given type exists, - * to false otherwise. - */ -static isc_result_t -rrset_exists(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, - dns_rdatatype_t type, dns_rdatatype_t covers, - isc_boolean_t *exists) -{ - isc_result_t result; - result = foreach_rr(db, ver, name, type, covers, - rrset_exists_action, NULL); - RETURN_EXISTENCE_FLAG; -} - -/*% - * Helper function for cname_incompatible_rrset_exists. - */ -static isc_result_t -cname_compatibility_action(void *data, dns_rdataset_t *rrset) { - UNUSED(data); - if (rrset->type != dns_rdatatype_cname && - ! dns_rdatatype_isdnssec(rrset->type)) - return (ISC_R_EXISTS); - return (ISC_R_SUCCESS); -} - -/*% - * Check whether there is an rrset incompatible with adding a CNAME RR, - * i.e., anything but another CNAME (which can be replaced) or a - * DNSSEC RR (which can coexist). - * - * If such an incompatible rrset exists, set '*exists' to ISC_TRUE. - * Otherwise, set it to ISC_FALSE. - */ -static isc_result_t -cname_incompatible_rrset_exists(dns_db_t *db, dns_dbversion_t *ver, - dns_name_t *name, isc_boolean_t *exists) { - isc_result_t result; - result = foreach_rrset(db, ver, name, - cname_compatibility_action, NULL); - RETURN_EXISTENCE_FLAG; -} - -/*% - * Helper function for rr_count(). - */ -static isc_result_t -count_rr_action(void *data, rr_t *rr) { - int *countp = data; - UNUSED(rr); - (*countp)++; - return (ISC_R_SUCCESS); -} - -/*% - * Count the number of RRs of 'type' belonging to 'name' in 'ver' of 'db'. - */ -static isc_result_t -rr_count(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, - dns_rdatatype_t type, dns_rdatatype_t covers, int *countp) -{ - *countp = 0; - return (foreach_rr(db, ver, name, type, covers, - count_rr_action, countp)); -} - -/*% - * Context struct and helper function for name_exists(). - */ - -static isc_result_t -name_exists_action(void *data, dns_rdataset_t *rrset) { - UNUSED(data); - UNUSED(rrset); - return (ISC_R_EXISTS); -} - -/*% - * Set '*exists' to true iff the given name exists, to false otherwise. - */ -static isc_result_t -name_exists(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, - isc_boolean_t *exists) -{ - isc_result_t result; - result = foreach_rrset(db, ver, name, - name_exists_action, NULL); - RETURN_EXISTENCE_FLAG; -} - -/* - * 'ssu_check_t' is used to pass the arguments to - * dns_ssutable_checkrules() to the callback function - * ssu_checkrule(). - */ -typedef struct { - /* The ownername of the record to be updated. */ - dns_name_t *name; - - /* The signature's name if the request was signed. */ - dns_name_t *signer; - - /* The address of the client if the request was received via TCP. */ - isc_netaddr_t *tcpaddr; - - /* The ssu table to check against. */ - dns_ssutable_t *table; - - /* the key used for TKEY requests */ - dst_key_t *key; -} ssu_check_t; - -static isc_result_t -ssu_checkrule(void *data, dns_rdataset_t *rrset) { - ssu_check_t *ssuinfo = data; - isc_boolean_t result; - - /* - * If we're deleting all records, it's ok to delete RRSIG and NSEC even - * if we're normally not allowed to. - */ - if (rrset->type == dns_rdatatype_rrsig || - rrset->type == dns_rdatatype_nsec) - return (ISC_R_SUCCESS); - result = dns_ssutable_checkrules(ssuinfo->table, ssuinfo->signer, - ssuinfo->name, ssuinfo->tcpaddr, - rrset->type, ssuinfo->key); - return (result == ISC_TRUE ? ISC_R_SUCCESS : ISC_R_FAILURE); -} - -static isc_boolean_t -ssu_checkall(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, - dns_ssutable_t *ssutable, dns_name_t *signer, - isc_netaddr_t *tcpaddr, dst_key_t *key) -{ - isc_result_t result; - ssu_check_t ssuinfo; - - ssuinfo.name = name; - ssuinfo.table = ssutable; - ssuinfo.signer = signer; - ssuinfo.tcpaddr = tcpaddr; - ssuinfo.key = key; - result = foreach_rrset(db, ver, name, ssu_checkrule, &ssuinfo); - return (ISC_TF(result == ISC_R_SUCCESS)); -} - -/**************************************************************************/ -/* - * Checking of "RRset exists (value dependent)" prerequisites. - * - * In the RFC2136 section 3.2.5, this is the pseudocode involving - * a variable called "temp", a mapping of <name, type> tuples to rrsets. - * - * Here, we represent the "temp" data structure as (non-minimal) "dns_diff_t" - * where each tuple has op==DNS_DIFFOP_EXISTS. - */ - - -/*% - * Append a tuple asserting the existence of the RR with - * 'name' and 'rdata' to 'diff'. - */ -static isc_result_t -temp_append(dns_diff_t *diff, dns_name_t *name, dns_rdata_t *rdata) { - isc_result_t result; - dns_difftuple_t *tuple = NULL; - - REQUIRE(DNS_DIFF_VALID(diff)); - CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_EXISTS, - name, 0, rdata, &tuple)); - ISC_LIST_APPEND(diff->tuples, tuple, link); - failure: - return (result); -} - -/*% - * Compare two rdatasets represented as sorted lists of tuples. - * All list elements must have the same owner name and type. - * Return ISC_R_SUCCESS if the rdatasets are equal, rcode(dns_rcode_nxrrset) - * if not. - */ -static isc_result_t -temp_check_rrset(dns_difftuple_t *a, dns_difftuple_t *b) { - for (;;) { - if (a == NULL || b == NULL) - break; - INSIST(a->op == DNS_DIFFOP_EXISTS && - b->op == DNS_DIFFOP_EXISTS); - INSIST(a->rdata.type == b->rdata.type); - INSIST(dns_name_equal(&a->name, &b->name)); - if (dns_rdata_casecompare(&a->rdata, &b->rdata) != 0) - return (DNS_R_NXRRSET); - a = ISC_LIST_NEXT(a, link); - b = ISC_LIST_NEXT(b, link); - } - if (a != NULL || b != NULL) - return (DNS_R_NXRRSET); - return (ISC_R_SUCCESS); -} - -/*% - * A comparison function defining the sorting order for the entries - * in the "temp" data structure. The major sort key is the owner name, - * followed by the type and rdata. - */ -static int -temp_order(const void *av, const void *bv) { - dns_difftuple_t const * const *ap = av; - dns_difftuple_t const * const *bp = bv; - dns_difftuple_t const *a = *ap; - dns_difftuple_t const *b = *bp; - int r; - r = dns_name_compare(&a->name, &b->name); - if (r != 0) - return (r); - r = (b->rdata.type - a->rdata.type); - if (r != 0) - return (r); - r = dns_rdata_casecompare(&a->rdata, &b->rdata); - return (r); -} - -/*% - * Check the "RRset exists (value dependent)" prerequisite information - * in 'temp' against the contents of the database 'db'. - * - * Return ISC_R_SUCCESS if the prerequisites are satisfied, - * rcode(dns_rcode_nxrrset) if not. - * - * 'temp' must be pre-sorted. - */ - -static isc_result_t -temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db, - dns_dbversion_t *ver, dns_name_t *tmpname, dns_rdatatype_t *typep) -{ - isc_result_t result; - dns_name_t *name; - dns_dbnode_t *node; - dns_difftuple_t *t; - dns_diff_t trash; - - dns_diff_init(mctx, &trash); - - /* - * For each name and type in the prerequisites, - * construct a sorted rdata list of the corresponding - * database contents, and compare the lists. - */ - t = ISC_LIST_HEAD(temp->tuples); - while (t != NULL) { - name = &t->name; - (void)dns_name_copy(name, tmpname, NULL); - *typep = t->rdata.type; - - /* A new unique name begins here. */ - node = NULL; - result = dns_db_findnode(db, name, ISC_FALSE, &node); - if (result == ISC_R_NOTFOUND) { - dns_diff_clear(&trash); - return (DNS_R_NXRRSET); - } - if (result != ISC_R_SUCCESS) { - dns_diff_clear(&trash); - return (result); - } - - /* A new unique type begins here. */ - while (t != NULL && dns_name_equal(&t->name, name)) { - dns_rdatatype_t type, covers; - dns_rdataset_t rdataset; - dns_diff_t d_rrs; /* Database RRs with - this name and type */ - dns_diff_t u_rrs; /* Update RRs with - this name and type */ - - *typep = type = t->rdata.type; - if (type == dns_rdatatype_rrsig || - type == dns_rdatatype_sig) - covers = dns_rdata_covers(&t->rdata); - else if (type == dns_rdatatype_any) { - dns_db_detachnode(db, &node); - dns_diff_clear(&trash); - return (DNS_R_NXRRSET); - } else - covers = 0; - - /* - * Collect all database RRs for this name and type - * onto d_rrs and sort them. - */ - dns_rdataset_init(&rdataset); - result = dns_db_findrdataset(db, node, ver, type, - covers, (isc_stdtime_t) 0, - &rdataset, NULL); - if (result != ISC_R_SUCCESS) { - dns_db_detachnode(db, &node); - dns_diff_clear(&trash); - return (DNS_R_NXRRSET); - } - - dns_diff_init(mctx, &d_rrs); - dns_diff_init(mctx, &u_rrs); - - for (result = dns_rdataset_first(&rdataset); - result == ISC_R_SUCCESS; - result = dns_rdataset_next(&rdataset)) - { - dns_rdata_t rdata = DNS_RDATA_INIT; - dns_rdataset_current(&rdataset, &rdata); - result = temp_append(&d_rrs, name, &rdata); - if (result != ISC_R_SUCCESS) - goto failure; - } - if (result != ISC_R_NOMORE) - goto failure; - result = dns_diff_sort(&d_rrs, temp_order); - if (result != ISC_R_SUCCESS) - goto failure; - - /* - * Collect all update RRs for this name and type - * onto u_rrs. No need to sort them here - - * they are already sorted. - */ - while (t != NULL && - dns_name_equal(&t->name, name) && - t->rdata.type == type) - { - dns_difftuple_t *next = - ISC_LIST_NEXT(t, link); - ISC_LIST_UNLINK(temp->tuples, t, link); - ISC_LIST_APPEND(u_rrs.tuples, t, link); - t = next; - } - - /* Compare the two sorted lists. */ - result = temp_check_rrset(ISC_LIST_HEAD(u_rrs.tuples), - ISC_LIST_HEAD(d_rrs.tuples)); - if (result != ISC_R_SUCCESS) - goto failure; - - /* - * We are done with the tuples, but we can't free - * them yet because "name" still points into one - * of them. Move them on a temporary list. - */ - ISC_LIST_APPENDLIST(trash.tuples, u_rrs.tuples, link); - ISC_LIST_APPENDLIST(trash.tuples, d_rrs.tuples, link); - dns_rdataset_disassociate(&rdataset); - - continue; - - failure: - dns_diff_clear(&d_rrs); - dns_diff_clear(&u_rrs); - dns_diff_clear(&trash); - dns_rdataset_disassociate(&rdataset); - dns_db_detachnode(db, &node); - return (result); - } - - dns_db_detachnode(db, &node); - } - - dns_diff_clear(&trash); - return (ISC_R_SUCCESS); -} - -/**************************************************************************/ -/* - * Conditional deletion of RRs. - */ - -/*% - * Context structure for delete_if(). - */ - -typedef struct { - rr_predicate *predicate; - dns_db_t *db; - dns_dbversion_t *ver; - dns_diff_t *diff; - dns_name_t *name; - dns_rdata_t *update_rr; -} conditional_delete_ctx_t; - -/*% - * Predicate functions for delete_if(). - */ - -/*% - * Return true iff 'db_rr' is neither a SOA nor an NS RR nor - * an RRSIG nor an NSEC3PARAM nor a NSEC. - */ -static isc_boolean_t -type_not_soa_nor_ns_p(dns_rdata_t *update_rr, dns_rdata_t *db_rr) { - UNUSED(update_rr); - return ((db_rr->type != dns_rdatatype_soa && - db_rr->type != dns_rdatatype_ns && - db_rr->type != dns_rdatatype_nsec3param && - db_rr->type != dns_rdatatype_rrsig && - db_rr->type != dns_rdatatype_nsec) ? - ISC_TRUE : ISC_FALSE); -} - -/*% - * Return true iff 'db_rr' is neither a RRSIG nor a NSEC. - */ -static isc_boolean_t -type_not_dnssec(dns_rdata_t *update_rr, dns_rdata_t *db_rr) { - UNUSED(update_rr); - return ((db_rr->type != dns_rdatatype_rrsig && - db_rr->type != dns_rdatatype_nsec) ? - ISC_TRUE : ISC_FALSE); -} - -/*% - * Return true always. - */ -static isc_boolean_t -true_p(dns_rdata_t *update_rr, dns_rdata_t *db_rr) { - UNUSED(update_rr); - UNUSED(db_rr); - return (ISC_TRUE); -} - -/*% - * Return true iff the two RRs have identical rdata. - */ -static isc_boolean_t -rr_equal_p(dns_rdata_t *update_rr, dns_rdata_t *db_rr) { - /* - * XXXRTH This is not a problem, but we should consider creating - * dns_rdata_equal() (that used dns_name_equal()), since it - * would be faster. Not a priority. - */ - return (dns_rdata_casecompare(update_rr, db_rr) == 0 ? - ISC_TRUE : ISC_FALSE); -} - -/*% - * Return true iff 'update_rr' should replace 'db_rr' according - * to the special RFC2136 rules for CNAME, SOA, and WKS records. - * - * RFC2136 does not mention NSEC or DNAME, but multiple NSECs or DNAMEs - * make little sense, so we replace those, too. - * - * Additionally replace RRSIG that have been generated by the same key - * for the same type. This simplifies refreshing a offline KSK by not - * requiring that the old RRSIG be deleted. It also simplifies key - * rollover by only requiring that the new RRSIG be added. - */ -static isc_boolean_t -replaces_p(dns_rdata_t *update_rr, dns_rdata_t *db_rr) { - dns_rdata_rrsig_t updatesig, dbsig; - isc_result_t result; - - if (db_rr->type != update_rr->type) - return (ISC_FALSE); - if (db_rr->type == dns_rdatatype_cname) - return (ISC_TRUE); - if (db_rr->type == dns_rdatatype_dname) - return (ISC_TRUE); - if (db_rr->type == dns_rdatatype_soa) - return (ISC_TRUE); - if (db_rr->type == dns_rdatatype_nsec) - return (ISC_TRUE); - if (db_rr->type == dns_rdatatype_rrsig) { - /* - * Replace existing RRSIG with the same keyid, - * covered and algorithm. - */ - result = dns_rdata_tostruct(db_rr, &dbsig, NULL); - RUNTIME_CHECK(result == ISC_R_SUCCESS); - result = dns_rdata_tostruct(update_rr, &updatesig, NULL); - RUNTIME_CHECK(result == ISC_R_SUCCESS); - if (dbsig.keyid == updatesig.keyid && - dbsig.covered == updatesig.covered && - dbsig.algorithm == updatesig.algorithm) - return (ISC_TRUE); - } - if (db_rr->type == dns_rdatatype_wks) { - /* - * Compare the address and protocol fields only. These - * form the first five bytes of the RR data. Do a - * raw binary comparison; unpacking the WKS RRs using - * dns_rdata_tostruct() might be cleaner in some ways. - */ - INSIST(db_rr->length >= 5 && update_rr->length >= 5); - return (memcmp(db_rr->data, update_rr->data, 5) == 0 ? - ISC_TRUE : ISC_FALSE); - } - - if (db_rr->type == dns_rdatatype_nsec3param) { - if (db_rr->length != update_rr->length) - return (ISC_FALSE); - INSIST(db_rr->length >= 4 && update_rr->length >= 4); - /* - * Replace NSEC3PARAM records that only differ by the - * flags field. - */ - if (db_rr->data[0] == update_rr->data[0] && - memcmp(db_rr->data+2, update_rr->data+2, - update_rr->length - 2) == 0) - return (ISC_TRUE); - } - return (ISC_FALSE); -} - -/*% - * Internal helper function for delete_if(). - */ -static isc_result_t -delete_if_action(void *data, rr_t *rr) { - conditional_delete_ctx_t *ctx = data; - if ((*ctx->predicate)(ctx->update_rr, &rr->rdata)) { - isc_result_t result; - result = update_one_rr(ctx->db, ctx->ver, ctx->diff, - DNS_DIFFOP_DEL, ctx->name, - rr->ttl, &rr->rdata); - return (result); - } else { - return (ISC_R_SUCCESS); - } -} - -/*% - * Conditionally delete RRs. Apply 'predicate' to the RRs - * specified by 'db', 'ver', 'name', and 'type' (which can - * be dns_rdatatype_any to match any type). Delete those - * RRs for which the predicate returns true, and log the - * deletions in 'diff'. - */ -static isc_result_t -delete_if(rr_predicate *predicate, dns_db_t *db, dns_dbversion_t *ver, - dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers, - dns_rdata_t *update_rr, dns_diff_t *diff) -{ - conditional_delete_ctx_t ctx; - ctx.predicate = predicate; - ctx.db = db; - ctx.ver = ver; - ctx.diff = diff; - ctx.name = name; - ctx.update_rr = update_rr; - return (foreach_rr(db, ver, name, type, covers, - delete_if_action, &ctx)); -} - -/**************************************************************************/ - -static isc_result_t -add_rr_prepare_action(void *data, rr_t *rr) { - isc_result_t result = ISC_R_SUCCESS; - add_rr_prepare_ctx_t *ctx = data; - dns_difftuple_t *tuple = NULL; - isc_boolean_t equal, case_equal, ttl_equal; - - /* - * Are the new and old cases equal? - */ - case_equal = dns_name_caseequal(ctx->name, ctx->oldname); - - /* - * Are the ttl's equal? - */ - ttl_equal = rr->ttl == ctx->update_rr_ttl; - - /* - * If the update RR is a "duplicate" of a existing RR, - * the update should be silently ignored. - */ - equal = ISC_TF(dns_rdata_casecompare(&rr->rdata, ctx->update_rr) == 0); - if (equal && case_equal && ttl_equal) { - ctx->ignore_add = ISC_TRUE; - return (ISC_R_SUCCESS); - } - - /* - * If this RR is "equal" to the update RR, it should - * be deleted before the update RR is added. - */ - if (replaces_p(ctx->update_rr, &rr->rdata)) { - CHECK(dns_difftuple_create(ctx->del_diff.mctx, DNS_DIFFOP_DEL, - ctx->oldname, rr->ttl, &rr->rdata, - &tuple)); - dns_diff_append(&ctx->del_diff, &tuple); - return (ISC_R_SUCCESS); - } - - /* - * If this RR differs in TTL or case from the update RR, - * its TTL and case must be adjusted. - */ - if (!ttl_equal || !case_equal) { - CHECK(dns_difftuple_create(ctx->del_diff.mctx, DNS_DIFFOP_DEL, - ctx->oldname, rr->ttl, &rr->rdata, - &tuple)); - dns_diff_append(&ctx->del_diff, &tuple); - if (!equal) { - CHECK(dns_difftuple_create(ctx->add_diff.mctx, - DNS_DIFFOP_ADD, ctx->name, - ctx->update_rr_ttl, - &rr->rdata, &tuple)); - dns_diff_append(&ctx->add_diff, &tuple); - } - } - failure: - return (result); -} - -/**************************************************************************/ -/* - * Miscellaneous subroutines. - */ - -/*% - * Extract a single update RR from 'section' of dynamic update message - * 'msg', with consistency checking. - * - * Stores the owner name, rdata, and TTL of the update RR at 'name', - * 'rdata', and 'ttl', respectively. - */ -static void -get_current_rr(dns_message_t *msg, dns_section_t section, - dns_rdataclass_t zoneclass, dns_name_t **name, - dns_rdata_t *rdata, dns_rdatatype_t *covers, - dns_ttl_t *ttl, dns_rdataclass_t *update_class) -{ - dns_rdataset_t *rdataset; - isc_result_t result; - dns_message_currentname(msg, section, name); - rdataset = ISC_LIST_HEAD((*name)->list); - INSIST(rdataset != NULL); - INSIST(ISC_LIST_NEXT(rdataset, link) == NULL); - *covers = rdataset->covers; - *ttl = rdataset->ttl; - result = dns_rdataset_first(rdataset); - INSIST(result == ISC_R_SUCCESS); - dns_rdataset_current(rdataset, rdata); - INSIST(dns_rdataset_next(rdataset) == ISC_R_NOMORE); - *update_class = rdata->rdclass; - rdata->rdclass = zoneclass; -} - -/*% - * Increment the SOA serial number of database 'db', version 'ver'. - * Replace the SOA record in the database, and log the - * change in 'diff'. - */ - - /* - * XXXRTH Failures in this routine will be worth logging, when - * we have a logging system. Failure to find the zonename - * or the SOA rdataset warrant at least an UNEXPECTED_ERROR(). - */ - -static isc_result_t -update_soa_serial(dns_db_t *db, dns_dbversion_t *ver, dns_diff_t *diff, - isc_mem_t *mctx, dns_updatemethod_t method) -{ - dns_difftuple_t *deltuple = NULL; - dns_difftuple_t *addtuple = NULL; - isc_uint32_t serial; - isc_result_t result; - - CHECK(dns_db_createsoatuple(db, ver, mctx, DNS_DIFFOP_DEL, &deltuple)); - CHECK(dns_difftuple_copy(deltuple, &addtuple)); - addtuple->op = DNS_DIFFOP_ADD; - - serial = dns_soa_getserial(&addtuple->rdata); - serial = dns_update_soaserial(serial, method); - dns_soa_setserial(serial, &addtuple->rdata); - CHECK(do_one_tuple(&deltuple, db, ver, diff)); - CHECK(do_one_tuple(&addtuple, db, ver, diff)); - result = ISC_R_SUCCESS; - - failure: - if (addtuple != NULL) - dns_difftuple_free(&addtuple); - if (deltuple != NULL) - dns_difftuple_free(&deltuple); - return (result); -} - -/*% - * Check that the new SOA record at 'update_rdata' does not - * illegally cause the SOA serial number to decrease or stay - * unchanged relative to the existing SOA in 'db'. - * - * Sets '*ok' to ISC_TRUE if the update is legal, ISC_FALSE if not. - * - * William King points out that RFC2136 is inconsistent about - * the case where the serial number stays unchanged: - * - * section 3.4.2.2 requires a server to ignore a SOA update request - * if the serial number on the update SOA is less_than_or_equal to - * the zone SOA serial. - * - * section 3.6 requires a server to ignore a SOA update request if - * the serial is less_than the zone SOA serial. - * - * Paul says 3.4.2.2 is correct. - * - */ -static isc_result_t -check_soa_increment(dns_db_t *db, dns_dbversion_t *ver, - dns_rdata_t *update_rdata, isc_boolean_t *ok) -{ - isc_uint32_t db_serial; - isc_uint32_t update_serial; - isc_result_t result; - - update_serial = dns_soa_getserial(update_rdata); - - result = dns_db_getsoaserial(db, ver, &db_serial); - if (result != ISC_R_SUCCESS) - return (result); - - if (DNS_SERIAL_GE(db_serial, update_serial)) { - *ok = ISC_FALSE; - } else { - *ok = ISC_TRUE; - } - - return (ISC_R_SUCCESS); - -} - -/**************************************************************************/ -/*% - * The actual update code in all its glory. We try to follow - * the RFC2136 pseudocode as closely as possible. - */ - -static isc_result_t -send_update_event(ns_client_t *client, dns_zone_t *zone) { - isc_result_t result = ISC_R_SUCCESS; - update_event_t *event = NULL; - isc_task_t *zonetask = NULL; - ns_client_t *evclient; - - event = (update_event_t *) - isc_event_allocate(client->mctx, client, DNS_EVENT_UPDATE, - update_action, NULL, sizeof(*event)); - if (event == NULL) - FAIL(ISC_R_NOMEMORY); - event->zone = zone; - event->result = ISC_R_SUCCESS; - - evclient = NULL; - ns_client_attach(client, &evclient); - INSIST(client->nupdates == 0); - client->nupdates++; - event->ev_arg = evclient; - - dns_zone_gettask(zone, &zonetask); - isc_task_send(zonetask, ISC_EVENT_PTR(&event)); - - failure: - if (event != NULL) - isc_event_free(ISC_EVENT_PTR(&event)); - return (result); -} - -static void -respond(ns_client_t *client, isc_result_t result) { - isc_result_t msg_result; - - msg_result = dns_message_reply(client->message, ISC_TRUE); - if (msg_result != ISC_R_SUCCESS) - goto msg_failure; - client->message->rcode = dns_result_torcode(result); - - ns_client_send(client); - return; - - msg_failure: - isc_log_write(ns_g_lctx, NS_LOGCATEGORY_UPDATE, NS_LOGMODULE_UPDATE, - ISC_LOG_ERROR, - "could not create update response message: %s", - isc_result_totext(msg_result)); - ns_client_next(client, msg_result); -} - -void -ns_update_start(ns_client_t *client, isc_result_t sigresult) { - dns_message_t *request = client->message; - isc_result_t result; - dns_name_t *zonename; - dns_rdataset_t *zone_rdataset; - dns_zone_t *zone = NULL, *raw = NULL; - - /* - * Interpret the zone section. - */ - result = dns_message_firstname(request, DNS_SECTION_ZONE); - if (result != ISC_R_SUCCESS) - FAILC(DNS_R_FORMERR, "update zone section empty"); - - /* - * The zone section must contain exactly one "question", and - * it must be of type SOA. - */ - zonename = NULL; - dns_message_currentname(request, DNS_SECTION_ZONE, &zonename); - zone_rdataset = ISC_LIST_HEAD(zonename->list); - if (zone_rdataset->type != dns_rdatatype_soa) - FAILC(DNS_R_FORMERR, - "update zone section contains non-SOA"); - if (ISC_LIST_NEXT(zone_rdataset, link) != NULL) - FAILC(DNS_R_FORMERR, - "update zone section contains multiple RRs"); - - /* The zone section must have exactly one name. */ - result = dns_message_nextname(request, DNS_SECTION_ZONE); - if (result != ISC_R_NOMORE) - FAILC(DNS_R_FORMERR, - "update zone section contains multiple RRs"); - - result = dns_zt_find(client->view->zonetable, zonename, 0, NULL, - &zone); - if (result != ISC_R_SUCCESS) - FAILC(DNS_R_NOTAUTH, "not authoritative for update zone"); - - /* - * If there is a raw (unsigned) zone associated with this - * zone then it processes the UPDATE request. - */ - dns_zone_getraw(zone, &raw); - if (raw != NULL) { - dns_zone_detach(&zone); - dns_zone_attach(raw, &zone); - dns_zone_detach(&raw); - } - - switch(dns_zone_gettype(zone)) { - case dns_zone_master: - case dns_zone_dlz: - /* - * We can now fail due to a bad signature as we now know - * that we are the master. - */ - if (sigresult != ISC_R_SUCCESS) - FAIL(sigresult); - CHECK(send_update_event(client, zone)); - break; - case dns_zone_slave: - CHECK(checkupdateacl(client, dns_zone_getforwardacl(zone), - "update forwarding", zonename, ISC_TRUE, - ISC_FALSE)); - CHECK(send_forward_event(client, zone)); - break; - default: - FAILC(DNS_R_NOTAUTH, "not authoritative for update zone"); - } - return; - - failure: - if (result == DNS_R_REFUSED) { - INSIST(dns_zone_gettype(zone) == dns_zone_slave); - inc_stats(zone, dns_nsstatscounter_updaterej); - } - /* - * We failed without having sent an update event to the zone. - * We are still in the client task context, so we can - * simply give an error response without switching tasks. - */ - respond(client, result); - if (zone != NULL) - dns_zone_detach(&zone); -} - -/*% - * DS records are not allowed to exist without corresponding NS records, - * RFC 3658, 2.2 Protocol Change, - * "DS RRsets MUST NOT appear at non-delegation points or at a zone's apex". - */ - -static isc_result_t -remove_orphaned_ds(dns_db_t *db, dns_dbversion_t *newver, dns_diff_t *diff) { - isc_result_t result; - isc_boolean_t ns_exists; - dns_difftuple_t *tupple; - dns_diff_t temp_diff; - - dns_diff_init(diff->mctx, &temp_diff); - - for (tupple = ISC_LIST_HEAD(diff->tuples); - tupple != NULL; - tupple = ISC_LIST_NEXT(tupple, link)) { - if (!((tupple->op == DNS_DIFFOP_DEL && - tupple->rdata.type == dns_rdatatype_ns) || - (tupple->op == DNS_DIFFOP_ADD && - tupple->rdata.type == dns_rdatatype_ds))) - continue; - CHECK(rrset_exists(db, newver, &tupple->name, - dns_rdatatype_ns, 0, &ns_exists)); - if (ns_exists && - !dns_name_equal(&tupple->name, dns_db_origin(db))) - continue; - CHECK(delete_if(true_p, db, newver, &tupple->name, - dns_rdatatype_ds, 0, NULL, &temp_diff)); - } - result = ISC_R_SUCCESS; - - failure: - for (tupple = ISC_LIST_HEAD(temp_diff.tuples); - tupple != NULL; - tupple = ISC_LIST_HEAD(temp_diff.tuples)) { - ISC_LIST_UNLINK(temp_diff.tuples, tupple, link); - dns_diff_appendminimal(diff, &tupple); - } - return (result); -} - -/* - * This implements the post load integrity checks for mx records. - */ -static isc_result_t -check_mx(ns_client_t *client, dns_zone_t *zone, - dns_db_t *db, dns_dbversion_t *newver, dns_diff_t *diff) -{ - char tmp[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:123.123.123.123.")]; - char ownerbuf[DNS_NAME_FORMATSIZE]; - char namebuf[DNS_NAME_FORMATSIZE]; - char altbuf[DNS_NAME_FORMATSIZE]; - dns_difftuple_t *t; - dns_fixedname_t fixed; - dns_name_t *foundname; - dns_rdata_mx_t mx; - dns_rdata_t rdata; - isc_boolean_t ok = ISC_TRUE; - isc_boolean_t isaddress; - isc_result_t result; - struct in6_addr addr6; - struct in_addr addr; - unsigned int options; - - dns_fixedname_init(&fixed); - foundname = dns_fixedname_name(&fixed); - dns_rdata_init(&rdata); - options = dns_zone_getoptions(zone); - - for (t = ISC_LIST_HEAD(diff->tuples); - t != NULL; - t = ISC_LIST_NEXT(t, link)) { - if (t->op != DNS_DIFFOP_ADD || - t->rdata.type != dns_rdatatype_mx) - continue; - - result = dns_rdata_tostruct(&t->rdata, &mx, NULL); - RUNTIME_CHECK(result == ISC_R_SUCCESS); - /* - * Check if we will error out if we attempt to reload the - * zone. - */ - dns_name_format(&mx.mx, namebuf, sizeof(namebuf)); - dns_name_format(&t->name, ownerbuf, sizeof(ownerbuf)); - isaddress = ISC_FALSE; - if ((options & DNS_RDATA_CHECKMX) != 0 && - strlcpy(tmp, namebuf, sizeof(tmp)) < sizeof(tmp)) { - if (tmp[strlen(tmp) - 1] == '.') - tmp[strlen(tmp) - 1] = '\0'; - if (inet_aton(tmp, &addr) == 1 || - inet_pton(AF_INET6, tmp, &addr6) == 1) - isaddress = ISC_TRUE; - } - - if (isaddress && (options & DNS_RDATA_CHECKMXFAIL) != 0) { - update_log(client, zone, ISC_LOG_ERROR, - "%s/MX: '%s': %s", - ownerbuf, namebuf, - dns_result_totext(DNS_R_MXISADDRESS)); - ok = ISC_FALSE; - } else if (isaddress) { - update_log(client, zone, ISC_LOG_WARNING, - "%s/MX: warning: '%s': %s", - ownerbuf, namebuf, - dns_result_totext(DNS_R_MXISADDRESS)); - } - - /* - * Check zone integrity checks. - */ - if ((options & DNS_ZONEOPT_CHECKINTEGRITY) == 0) - continue; - result = dns_db_find(db, &mx.mx, newver, dns_rdatatype_a, - 0, 0, NULL, foundname, NULL, NULL); - if (result == ISC_R_SUCCESS) - continue; - - if (result == DNS_R_NXRRSET) { - result = dns_db_find(db, &mx.mx, newver, - dns_rdatatype_aaaa, - 0, 0, NULL, foundname, - NULL, NULL); - if (result == ISC_R_SUCCESS) - continue; - } - - if (result == DNS_R_NXRRSET || result == DNS_R_NXDOMAIN) { - update_log(client, zone, ISC_LOG_ERROR, - "%s/MX '%s' has no address records " - "(A or AAAA)", ownerbuf, namebuf); - ok = ISC_FALSE; - } else if (result == DNS_R_CNAME) { - update_log(client, zone, ISC_LOG_ERROR, - "%s/MX '%s' is a CNAME (illegal)", - ownerbuf, namebuf); - ok = ISC_FALSE; - } else if (result == DNS_R_DNAME) { - dns_name_format(foundname, altbuf, sizeof altbuf); - update_log(client, zone, ISC_LOG_ERROR, - "%s/MX '%s' is below a DNAME '%s' (illegal)", - ownerbuf, namebuf, altbuf); - ok = ISC_FALSE; - } - } - return (ok ? ISC_R_SUCCESS : DNS_R_REFUSED); -} - -static isc_result_t -rr_exists(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, - const dns_rdata_t *rdata, isc_boolean_t *flag) -{ - dns_rdataset_t rdataset; - dns_dbnode_t *node = NULL; - isc_result_t result; - - dns_rdataset_init(&rdataset); - if (rdata->type == dns_rdatatype_nsec3) - CHECK(dns_db_findnsec3node(db, name, ISC_FALSE, &node)); - else - CHECK(dns_db_findnode(db, name, ISC_FALSE, &node)); - result = dns_db_findrdataset(db, node, ver, rdata->type, 0, - (isc_stdtime_t) 0, &rdataset, NULL); - if (result == ISC_R_NOTFOUND) { - *flag = ISC_FALSE; - result = ISC_R_SUCCESS; - goto failure; - } - - for (result = dns_rdataset_first(&rdataset); - result == ISC_R_SUCCESS; - result = dns_rdataset_next(&rdataset)) { - dns_rdata_t myrdata = DNS_RDATA_INIT; - dns_rdataset_current(&rdataset, &myrdata); - if (!dns_rdata_casecompare(&myrdata, rdata)) - break; - } - dns_rdataset_disassociate(&rdataset); - if (result == ISC_R_SUCCESS) { - *flag = ISC_TRUE; - } else if (result == ISC_R_NOMORE) { - *flag = ISC_FALSE; - result = ISC_R_SUCCESS; - } - - failure: - if (node != NULL) - dns_db_detachnode(db, &node); - return (result); -} - -static isc_result_t -get_iterations(dns_db_t *db, dns_dbversion_t *ver, dns_rdatatype_t privatetype, - unsigned int *iterationsp) -{ - dns_dbnode_t *node = NULL; - dns_rdata_nsec3param_t nsec3param; - dns_rdataset_t rdataset; - isc_result_t result; - unsigned int iterations = 0; - - dns_rdataset_init(&rdataset); - - result = dns_db_getoriginnode(db, &node); - if (result != ISC_R_SUCCESS) - return (result); - result = dns_db_findrdataset(db, node, ver, dns_rdatatype_nsec3param, - 0, (isc_stdtime_t) 0, &rdataset, NULL); - if (result == ISC_R_NOTFOUND) - goto try_private; - if (result != ISC_R_SUCCESS) - goto failure; - - for (result = dns_rdataset_first(&rdataset); - result == ISC_R_SUCCESS; - result = dns_rdataset_next(&rdataset)) { - dns_rdata_t rdata = DNS_RDATA_INIT; - dns_rdataset_current(&rdataset, &rdata); - CHECK(dns_rdata_tostruct(&rdata, &nsec3param, NULL)); - if ((nsec3param.flags & DNS_NSEC3FLAG_REMOVE) != 0) - continue; - if (nsec3param.iterations > iterations) - iterations = nsec3param.iterations; - } - if (result != ISC_R_NOMORE) - goto failure; - - dns_rdataset_disassociate(&rdataset); - - try_private: - if (privatetype == 0) - goto success; - - result = dns_db_findrdataset(db, node, ver, privatetype, - 0, (isc_stdtime_t) 0, &rdataset, NULL); - if (result == ISC_R_NOTFOUND) - goto success; - if (result != ISC_R_SUCCESS) - goto failure; - - for (result = dns_rdataset_first(&rdataset); - result == ISC_R_SUCCESS; - result = dns_rdataset_next(&rdataset)) { - unsigned char buf[DNS_NSEC3PARAM_BUFFERSIZE]; - dns_rdata_t private = DNS_RDATA_INIT; - dns_rdata_t rdata = DNS_RDATA_INIT; - - dns_rdataset_current(&rdataset, &rdata); - if (!dns_nsec3param_fromprivate(&private, &rdata, - buf, sizeof(buf))) - continue; - CHECK(dns_rdata_tostruct(&rdata, &nsec3param, NULL)); - if ((nsec3param.flags & DNS_NSEC3FLAG_REMOVE) != 0) - continue; - if (nsec3param.iterations > iterations) - iterations = nsec3param.iterations; - } - if (result != ISC_R_NOMORE) - goto failure; - - success: - *iterationsp = iterations; - result = ISC_R_SUCCESS; - - failure: - if (node != NULL) - dns_db_detachnode(db, &node); - if (dns_rdataset_isassociated(&rdataset)) - dns_rdataset_disassociate(&rdataset); - return (result); -} - -/* - * Prevent the zone entering a inconsistent state where - * NSEC only DNSKEYs are present with NSEC3 chains. - */ -static isc_result_t -check_dnssec(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, - dns_dbversion_t *ver, dns_diff_t *diff) -{ - dns_difftuple_t *tuple; - isc_boolean_t nseconly = ISC_FALSE, nsec3 = ISC_FALSE; - isc_result_t result; - unsigned int iterations = 0, max; - dns_rdatatype_t privatetype = dns_zone_getprivatetype(zone); - - /* Scan the tuples for an NSEC-only DNSKEY or an NSEC3PARAM */ - for (tuple = ISC_LIST_HEAD(diff->tuples); - tuple != NULL; - tuple = ISC_LIST_NEXT(tuple, link)) { - if (tuple->op != DNS_DIFFOP_ADD) - continue; - - if (tuple->rdata.type == dns_rdatatype_dnskey) { - isc_uint8_t alg; - alg = tuple->rdata.data[3]; - if (alg == DST_ALG_RSAMD5 || alg == DST_ALG_RSASHA1 || - alg == DST_ALG_DSA || alg == DST_ALG_ECC) { - nseconly = ISC_TRUE; - break; - } - } else if (tuple->rdata.type == dns_rdatatype_nsec3param) { - nsec3 = ISC_TRUE; - break; - } - } - - /* Check existing DB for NSEC-only DNSKEY */ - if (!nseconly) { - result = dns_nsec_nseconly(db, ver, &nseconly); - - /* - * An NSEC3PARAM update can proceed without a DNSKEY (it - * will trigger a delayed change), so we can ignore - * ISC_R_NOTFOUND here. - */ - if (result == ISC_R_NOTFOUND) - result = ISC_R_SUCCESS; - - CHECK(result); - } - - /* Check existing DB for NSEC3 */ - if (!nsec3) - CHECK(dns_nsec3_activex(db, ver, ISC_FALSE, - privatetype, &nsec3)); - - /* Refuse to allow NSEC3 with NSEC-only keys */ - if (nseconly && nsec3) { - update_log(client, zone, ISC_LOG_ERROR, - "NSEC only DNSKEYs and NSEC3 chains not allowed"); - result = DNS_R_REFUSED; - goto failure; - } - - /* Verify NSEC3 params */ - CHECK(get_iterations(db, ver, privatetype, &iterations)); - CHECK(dns_nsec3_maxiterations(db, ver, client->mctx, &max)); - if (max != 0 && iterations > max) { - update_log(client, zone, ISC_LOG_ERROR, - "too many NSEC3 iterations (%u) for " - "weakest DNSKEY (%u)", iterations, max); - result = DNS_R_REFUSED; - goto failure; - } - - failure: - return (result); -} - -/* - * Delay NSEC3PARAM changes as they need to be applied to the whole zone. - */ -static isc_result_t -add_nsec3param_records(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, - dns_dbversion_t *ver, dns_diff_t *diff) -{ - isc_result_t result = ISC_R_SUCCESS; - dns_difftuple_t *tuple, *newtuple = NULL, *next; - dns_rdata_t rdata = DNS_RDATA_INIT; - unsigned char buf[DNS_NSEC3PARAM_BUFFERSIZE + 1]; - dns_diff_t temp_diff; - dns_diffop_t op; - isc_boolean_t flag; - dns_name_t *name = dns_zone_getorigin(zone); - dns_rdatatype_t privatetype = dns_zone_getprivatetype(zone); - isc_uint32_t ttl = 0; - isc_boolean_t ttl_good = ISC_FALSE; - - update_log(client, zone, ISC_LOG_DEBUG(3), - "checking for NSEC3PARAM changes"); - - dns_diff_init(diff->mctx, &temp_diff); - - /* - * Extract NSEC3PARAM tuples from list. - */ - for (tuple = ISC_LIST_HEAD(diff->tuples); - tuple != NULL; - tuple = next) { - - next = ISC_LIST_NEXT(tuple, link); - - if (tuple->rdata.type != dns_rdatatype_nsec3param || - !dns_name_equal(name, &tuple->name)) - continue; - ISC_LIST_UNLINK(diff->tuples, tuple, link); - ISC_LIST_APPEND(temp_diff.tuples, tuple, link); - } - - /* - * Extract TTL changes pairs, we don't need to convert these to - * delayed changes. - */ - for (tuple = ISC_LIST_HEAD(temp_diff.tuples); - tuple != NULL; tuple = next) { - if (tuple->op == DNS_DIFFOP_ADD) { - if (!ttl_good) { - /* - * Any adds here will contain the final - * NSEC3PARAM RRset TTL. - */ - ttl = tuple->ttl; - ttl_good = ISC_TRUE; - } - /* - * Walk the temp_diff list looking for the - * corresponding delete. - */ - next = ISC_LIST_HEAD(temp_diff.tuples); - while (next != NULL) { - unsigned char *next_data = next->rdata.data; - unsigned char *tuple_data = tuple->rdata.data; - if (next->op == DNS_DIFFOP_DEL && - next->rdata.length == tuple->rdata.length && - !memcmp(next_data, tuple_data, - next->rdata.length)) { - ISC_LIST_UNLINK(temp_diff.tuples, next, - link); - ISC_LIST_APPEND(diff->tuples, next, - link); - break; - } - next = ISC_LIST_NEXT(next, link); - } - /* - * If we have not found a pair move onto the next - * tuple. - */ - if (next == NULL) { - next = ISC_LIST_NEXT(tuple, link); - continue; - } - /* - * Find the next tuple to be processed before - * unlinking then complete moving the pair to 'diff'. - */ - next = ISC_LIST_NEXT(tuple, link); - ISC_LIST_UNLINK(temp_diff.tuples, tuple, link); - ISC_LIST_APPEND(diff->tuples, tuple, link); - } else - next = ISC_LIST_NEXT(tuple, link); - } - - /* - * Preserve any ongoing changes from a BIND 9.6.x upgrade. - * - * Any NSEC3PARAM records with flags other than OPTOUT named - * in managing and should not be touched so revert such changes - * taking into account any TTL change of the NSEC3PARAM RRset. - */ - for (tuple = ISC_LIST_HEAD(temp_diff.tuples); - tuple != NULL; tuple = next) { - next = ISC_LIST_NEXT(tuple, link); - if ((tuple->rdata.data[1] & ~DNS_NSEC3FLAG_OPTOUT) != 0) { - /* - * If we havn't had any adds then the tuple->ttl must - * be the original ttl and should be used for any - * future changes. - */ - if (!ttl_good) { - ttl = tuple->ttl; - ttl_good = ISC_TRUE; - } - op = (tuple->op == DNS_DIFFOP_DEL) ? - DNS_DIFFOP_ADD : DNS_DIFFOP_DEL; - CHECK(dns_difftuple_create(diff->mctx, op, name, - ttl, &tuple->rdata, - &newtuple)); - CHECK(do_one_tuple(&newtuple, db, ver, diff)); - ISC_LIST_UNLINK(temp_diff.tuples, tuple, link); - dns_diff_appendminimal(diff, &tuple); - } - } - - /* - * We now have just the actual changes to the NSEC3PARAM RRset. - * Convert the adds to delayed adds and the deletions into delayed - * deletions. - */ - for (tuple = ISC_LIST_HEAD(temp_diff.tuples); - tuple != NULL; tuple = next) { - /* - * If we havn't had any adds then the tuple->ttl must be the - * original ttl and should be used for any future changes. - */ - if (!ttl_good) { - ttl = tuple->ttl; - ttl_good = ISC_TRUE; - } - if (tuple->op == DNS_DIFFOP_ADD) { - isc_boolean_t nseconly = ISC_FALSE; - - /* - * Look for any deletes which match this ADD ignoring - * flags. We don't need to explictly remove them as - * they will be removed a side effect of processing - * the add. - */ - next = ISC_LIST_HEAD(temp_diff.tuples); - while (next != NULL) { - unsigned char *next_data = next->rdata.data; - unsigned char *tuple_data = tuple->rdata.data; - if (next->op != DNS_DIFFOP_DEL || - next->rdata.length != tuple->rdata.length || - next_data[0] != tuple_data[0] || - next_data[2] != tuple_data[2] || - next_data[3] != tuple_data[3] || - memcmp(next_data + 4, tuple_data + 4, - tuple->rdata.length - 4)) { - next = ISC_LIST_NEXT(next, link); - continue; - } - ISC_LIST_UNLINK(temp_diff.tuples, next, link); - ISC_LIST_APPEND(diff->tuples, next, link); - next = ISC_LIST_HEAD(temp_diff.tuples); - } - - /* - * Create a private-type record to signal that - * we want a delayed NSEC3 chain add/delete - */ - dns_nsec3param_toprivate(&tuple->rdata, &rdata, - privatetype, buf, sizeof(buf)); - buf[2] |= DNS_NSEC3FLAG_CREATE; - - /* - * If the zone is not currently capable of - * supporting an NSEC3 chain, then we set the - * INITIAL flag to indicate that these parameters - * are to be used later. - */ - result = dns_nsec_nseconly(db, ver, &nseconly); - if (result == ISC_R_NOTFOUND || nseconly) - buf[2] |= DNS_NSEC3FLAG_INITIAL; - - /* - * See if this CREATE request already exists. - */ - CHECK(rr_exists(db, ver, name, &rdata, &flag)); - - if (!flag) { - CHECK(dns_difftuple_create(diff->mctx, - DNS_DIFFOP_ADD, - name, 0, &rdata, - &newtuple)); - CHECK(do_one_tuple(&newtuple, db, ver, diff)); - } - - /* - * Remove any existing CREATE request to add an - * otherwise indentical chain with a reversed - * OPTOUT state. - */ - buf[2] ^= DNS_NSEC3FLAG_OPTOUT; - CHECK(rr_exists(db, ver, name, &rdata, &flag)); - - if (flag) { - CHECK(dns_difftuple_create(diff->mctx, - DNS_DIFFOP_DEL, - name, 0, &rdata, - &newtuple)); - CHECK(do_one_tuple(&newtuple, db, ver, diff)); - } - - /* - * Find the next tuple to be processed and remove the - * temporary add record. - */ - next = ISC_LIST_NEXT(tuple, link); - CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_DEL, - name, ttl, &tuple->rdata, - &newtuple)); - CHECK(do_one_tuple(&newtuple, db, ver, diff)); - ISC_LIST_UNLINK(temp_diff.tuples, tuple, link); - dns_diff_appendminimal(diff, &tuple); - dns_rdata_reset(&rdata); - } else - next = ISC_LIST_NEXT(tuple, link); - } - - for (tuple = ISC_LIST_HEAD(temp_diff.tuples); - tuple != NULL; tuple = next) { - - INSIST(ttl_good); - - next = ISC_LIST_NEXT(tuple, link); - /* - * See if we already have a REMOVE request in progress. - */ - dns_nsec3param_toprivate(&tuple->rdata, &rdata, privatetype, - buf, sizeof(buf)); - - buf[2] |= DNS_NSEC3FLAG_REMOVE | DNS_NSEC3FLAG_NONSEC; - - CHECK(rr_exists(db, ver, name, &rdata, &flag)); - if (!flag) { - buf[2] &= ~DNS_NSEC3FLAG_NONSEC; - CHECK(rr_exists(db, ver, name, &rdata, &flag)); - } - - if (!flag) { - CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_ADD, - name, 0, &rdata, &newtuple)); - CHECK(do_one_tuple(&newtuple, db, ver, diff)); - } - CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_ADD, name, - ttl, &tuple->rdata, &newtuple)); - CHECK(do_one_tuple(&newtuple, db, ver, diff)); - ISC_LIST_UNLINK(temp_diff.tuples, tuple, link); - dns_diff_appendminimal(diff, &tuple); - dns_rdata_reset(&rdata); - } - - result = ISC_R_SUCCESS; - failure: - dns_diff_clear(&temp_diff); - return (result); -} - -static isc_result_t -rollback_private(dns_db_t *db, dns_rdatatype_t privatetype, - dns_dbversion_t *ver, dns_diff_t *diff) -{ - dns_diff_t temp_diff; - dns_diffop_t op; - dns_difftuple_t *tuple, *newtuple = NULL, *next; - dns_name_t *name = dns_db_origin(db); - isc_mem_t *mctx = diff->mctx; - isc_result_t result; - - if (privatetype == 0) - return (ISC_R_SUCCESS); - - dns_diff_init(mctx, &temp_diff); - - /* - * Extract the changes to be rolled back. - */ - for (tuple = ISC_LIST_HEAD(diff->tuples); - tuple != NULL; tuple = next) { - - next = ISC_LIST_NEXT(tuple, link); - - if (tuple->rdata.type != privatetype || - !dns_name_equal(name, &tuple->name)) - continue; - - /* - * Allow records which indicate that a zone has been - * signed with a DNSKEY to be removed. - */ - if (tuple->op == DNS_DIFFOP_DEL && - tuple->rdata.length == 5 && - tuple->rdata.data[0] != 0 && - tuple->rdata.data[4] != 0) - continue; - - ISC_LIST_UNLINK(diff->tuples, tuple, link); - ISC_LIST_PREPEND(temp_diff.tuples, tuple, link); - } - - /* - * Rollback the changes. - */ - while ((tuple = ISC_LIST_HEAD(temp_diff.tuples)) != NULL) { - op = (tuple->op == DNS_DIFFOP_DEL) ? - DNS_DIFFOP_ADD : DNS_DIFFOP_DEL; - CHECK(dns_difftuple_create(mctx, op, name, tuple->ttl, - &tuple->rdata, &newtuple)); - CHECK(do_one_tuple(&newtuple, db, ver, &temp_diff)); - } - result = ISC_R_SUCCESS; - - failure: - dns_diff_clear(&temp_diff); - return (result); -} - -/* - * Add records to cause the delayed signing of the zone by added DNSKEY - * to remove the RRSIG records generated by a deleted DNSKEY. - */ -static isc_result_t -add_signing_records(dns_db_t *db, dns_rdatatype_t privatetype, - dns_dbversion_t *ver, dns_diff_t *diff) -{ - dns_difftuple_t *tuple, *newtuple = NULL, *next; - dns_rdata_dnskey_t dnskey; - dns_rdata_t rdata = DNS_RDATA_INIT; - isc_boolean_t flag; - isc_region_t r; - isc_result_t result = ISC_R_SUCCESS; - isc_uint16_t keyid; - unsigned char buf[5]; - dns_name_t *name = dns_db_origin(db); - dns_diff_t temp_diff; - - dns_diff_init(diff->mctx, &temp_diff); - - /* - * Extract the DNSKEY tuples from the list. - */ - for (tuple = ISC_LIST_HEAD(diff->tuples); - tuple != NULL; tuple = next) { - - next = ISC_LIST_NEXT(tuple, link); - - if (tuple->rdata.type != dns_rdatatype_dnskey) - continue; - - ISC_LIST_UNLINK(diff->tuples, tuple, link); - ISC_LIST_APPEND(temp_diff.tuples, tuple, link); - } - - /* - * Extract TTL changes pairs, we don't need signing records for these. - */ - for (tuple = ISC_LIST_HEAD(temp_diff.tuples); - tuple != NULL; tuple = next) { - if (tuple->op == DNS_DIFFOP_ADD) { - /* - * Walk the temp_diff list looking for the - * corresponding delete. - */ - next = ISC_LIST_HEAD(temp_diff.tuples); - while (next != NULL) { - unsigned char *next_data = next->rdata.data; - unsigned char *tuple_data = tuple->rdata.data; - if (next->op == DNS_DIFFOP_DEL && - dns_name_equal(&tuple->name, &next->name) && - next->rdata.length == tuple->rdata.length && - !memcmp(next_data, tuple_data, - next->rdata.length)) { - ISC_LIST_UNLINK(temp_diff.tuples, next, - link); - ISC_LIST_APPEND(diff->tuples, next, - link); - break; - } - next = ISC_LIST_NEXT(next, link); - } - /* - * If we have not found a pair move onto the next - * tuple. - */ - if (next == NULL) { - next = ISC_LIST_NEXT(tuple, link); - continue; - } - /* - * Find the next tuple to be processed before - * unlinking then complete moving the pair to 'diff'. - */ - next = ISC_LIST_NEXT(tuple, link); - ISC_LIST_UNLINK(temp_diff.tuples, tuple, link); - ISC_LIST_APPEND(diff->tuples, tuple, link); - } else - next = ISC_LIST_NEXT(tuple, link); - } - - /* - * Process the remaining DNSKEY entries. - */ - for (tuple = ISC_LIST_HEAD(temp_diff.tuples); - tuple != NULL; - tuple = ISC_LIST_HEAD(temp_diff.tuples)) { - - ISC_LIST_UNLINK(temp_diff.tuples, tuple, link); - ISC_LIST_APPEND(diff->tuples, tuple, link); - - result = dns_rdata_tostruct(&tuple->rdata, &dnskey, NULL); - RUNTIME_CHECK(result == ISC_R_SUCCESS); - if ((dnskey.flags & - (DNS_KEYFLAG_OWNERMASK|DNS_KEYTYPE_NOAUTH)) - != DNS_KEYOWNER_ZONE) - continue; - - dns_rdata_toregion(&tuple->rdata, &r); - - keyid = dst_region_computeid(&r, dnskey.algorithm); - - buf[0] = dnskey.algorithm; - buf[1] = (keyid & 0xff00) >> 8; - buf[2] = (keyid & 0xff); - buf[3] = (tuple->op == DNS_DIFFOP_ADD) ? 0 : 1; - buf[4] = 0; - rdata.data = buf; - rdata.length = sizeof(buf); - rdata.type = privatetype; - rdata.rdclass = tuple->rdata.rdclass; - - CHECK(rr_exists(db, ver, name, &rdata, &flag)); - if (flag) - continue; - CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_ADD, - name, 0, &rdata, &newtuple)); - CHECK(do_one_tuple(&newtuple, db, ver, diff)); - INSIST(newtuple == NULL); - /* - * Remove any record which says this operation has already - * completed. - */ - buf[4] = 1; - CHECK(rr_exists(db, ver, name, &rdata, &flag)); - if (flag) { - CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_DEL, - name, 0, &rdata, &newtuple)); - CHECK(do_one_tuple(&newtuple, db, ver, diff)); - INSIST(newtuple == NULL); - } - } - - failure: - dns_diff_clear(&temp_diff); - return (result); -} - -static isc_boolean_t -isdnssec(dns_db_t *db, dns_dbversion_t *ver, dns_rdatatype_t privatetype) { - isc_result_t result; - isc_boolean_t build_nsec, build_nsec3; - - if (dns_db_issecure(db)) - return (ISC_TRUE); - - result = dns_private_chains(db, ver, privatetype, - &build_nsec, &build_nsec3); - RUNTIME_CHECK(result == ISC_R_SUCCESS); - return (build_nsec || build_nsec3); -} - -static void -update_action(isc_task_t *task, isc_event_t *event) { - update_event_t *uev = (update_event_t *) event; - dns_zone_t *zone = uev->zone; - ns_client_t *client = (ns_client_t *)event->ev_arg; - isc_result_t result; - dns_db_t *db = NULL; - dns_dbversion_t *oldver = NULL; - dns_dbversion_t *ver = NULL; - dns_diff_t diff; /* Pending updates. */ - dns_diff_t temp; /* Pending RR existence assertions. */ - isc_boolean_t soa_serial_changed = ISC_FALSE; - isc_mem_t *mctx = client->mctx; - dns_rdatatype_t covers; - dns_message_t *request = client->message; - dns_rdataclass_t zoneclass; - dns_name_t *zonename; - dns_ssutable_t *ssutable = NULL; - dns_fixedname_t tmpnamefixed; - dns_name_t *tmpname = NULL; - unsigned int options, options2; - dns_difftuple_t *tuple; - dns_rdata_dnskey_t dnskey; - isc_boolean_t had_dnskey; - dns_rdatatype_t privatetype = dns_zone_getprivatetype(zone); - dns_ttl_t maxttl = 0; - isc_uint32_t maxrecords; - isc_uint64_t records; - - INSIST(event->ev_type == DNS_EVENT_UPDATE); - - dns_diff_init(mctx, &diff); - dns_diff_init(mctx, &temp); - - CHECK(dns_zone_getdb(zone, &db)); - zonename = dns_db_origin(db); - zoneclass = dns_db_class(db); - dns_zone_getssutable(zone, &ssutable); - - /* - * Update message processing can leak record existance information - * so check that we are allowed to query this zone. Additionally - * if we would refuse all updates for this zone we bail out here. - */ - CHECK(checkqueryacl(client, dns_zone_getqueryacl(zone), zonename, - dns_zone_getupdateacl(zone), ssutable)); - - /* - * Get old and new versions now that queryacl has been checked. - */ - dns_db_currentversion(db, &oldver); - CHECK(dns_db_newversion(db, &ver)); - - /* - * Check prerequisites. - */ - - for (result = dns_message_firstname(request, DNS_SECTION_PREREQUISITE); - result == ISC_R_SUCCESS; - result = dns_message_nextname(request, DNS_SECTION_PREREQUISITE)) - { - dns_name_t *name = NULL; - dns_rdata_t rdata = DNS_RDATA_INIT; - dns_ttl_t ttl; - dns_rdataclass_t update_class; - isc_boolean_t flag; - - get_current_rr(request, DNS_SECTION_PREREQUISITE, zoneclass, - &name, &rdata, &covers, &ttl, &update_class); - - if (ttl != 0) - PREREQFAILC(DNS_R_FORMERR, - "prerequisite TTL is not zero"); - - if (! dns_name_issubdomain(name, zonename)) - PREREQFAILN(DNS_R_NOTZONE, name, - "prerequisite name is out of zone"); - - if (update_class == dns_rdataclass_any) { - if (rdata.length != 0) - PREREQFAILC(DNS_R_FORMERR, - "class ANY prerequisite " - "RDATA is not empty"); - if (rdata.type == dns_rdatatype_any) { - CHECK(name_exists(db, ver, name, &flag)); - if (! flag) { - PREREQFAILN(DNS_R_NXDOMAIN, name, - "'name in use' " - "prerequisite not " - "satisfied"); - } - } else { - CHECK(rrset_exists(db, ver, name, - rdata.type, covers, &flag)); - if (! flag) { - /* RRset does not exist. */ - PREREQFAILNT(DNS_R_NXRRSET, name, rdata.type, - "'rrset exists (value independent)' " - "prerequisite not satisfied"); - } - } - } else if (update_class == dns_rdataclass_none) { - if (rdata.length != 0) - PREREQFAILC(DNS_R_FORMERR, - "class NONE prerequisite " - "RDATA is not empty"); - if (rdata.type == dns_rdatatype_any) { - CHECK(name_exists(db, ver, name, &flag)); - if (flag) { - PREREQFAILN(DNS_R_YXDOMAIN, name, - "'name not in use' " - "prerequisite not " - "satisfied"); - } - } else { - CHECK(rrset_exists(db, ver, name, - rdata.type, covers, &flag)); - if (flag) { - /* RRset exists. */ - PREREQFAILNT(DNS_R_YXRRSET, name, - rdata.type, - "'rrset does not exist' " - "prerequisite not " - "satisfied"); - } - } - } else if (update_class == zoneclass) { - /* "temp<rr.name, rr.type> += rr;" */ - result = temp_append(&temp, name, &rdata); - if (result != ISC_R_SUCCESS) { - UNEXPECTED_ERROR(__FILE__, __LINE__, - "temp entry creation failed: %s", - dns_result_totext(result)); - FAIL(ISC_R_UNEXPECTED); - } - } else { - PREREQFAILC(DNS_R_FORMERR, "malformed prerequisite"); - } - } - if (result != ISC_R_NOMORE) - FAIL(result); - - /* - * Perform the final check of the "rrset exists (value dependent)" - * prerequisites. - */ - if (ISC_LIST_HEAD(temp.tuples) != NULL) { - dns_rdatatype_t type; - - /* - * Sort the prerequisite records by owner name, - * type, and rdata. - */ - result = dns_diff_sort(&temp, temp_order); - if (result != ISC_R_SUCCESS) - FAILC(result, "'RRset exists (value dependent)' " - "prerequisite not satisfied"); - - dns_fixedname_init(&tmpnamefixed); - tmpname = dns_fixedname_name(&tmpnamefixed); - result = temp_check(mctx, &temp, db, ver, tmpname, &type); - if (result != ISC_R_SUCCESS) - FAILNT(result, tmpname, type, - "'RRset exists (value dependent)' " - "prerequisite not satisfied"); - } - - update_log(client, zone, LOGLEVEL_DEBUG, - "prerequisites are OK"); - - /* - * Check Requestor's Permissions. It seems a bit silly to do this - * only after prerequisite testing, but that is what RFC2136 says. - */ - if (ssutable == NULL) - CHECK(checkupdateacl(client, dns_zone_getupdateacl(zone), - "update", zonename, ISC_FALSE, ISC_FALSE)); - else if (client->signer == NULL && !TCPCLIENT(client)) - CHECK(checkupdateacl(client, NULL, "update", zonename, - ISC_FALSE, ISC_TRUE)); - - if (dns_zone_getupdatedisabled(zone)) - FAILC(DNS_R_REFUSED, "dynamic update temporarily disabled " - "because the zone is frozen. Use " - "'rndc thaw' to re-enable updates."); - - /* - * Perform the Update Section Prescan. - */ - - for (result = dns_message_firstname(request, DNS_SECTION_UPDATE); - result == ISC_R_SUCCESS; - result = dns_message_nextname(request, DNS_SECTION_UPDATE)) - { - dns_name_t *name = NULL; - dns_rdata_t rdata = DNS_RDATA_INIT; - dns_ttl_t ttl; - dns_rdataclass_t update_class; - get_current_rr(request, DNS_SECTION_UPDATE, zoneclass, - &name, &rdata, &covers, &ttl, &update_class); - - if (! dns_name_issubdomain(name, zonename)) - FAILC(DNS_R_NOTZONE, - "update RR is outside zone"); - if (update_class == zoneclass) { - /* - * Check for meta-RRs. The RFC2136 pseudocode says - * check for ANY|AXFR|MAILA|MAILB, but the text adds - * "or any other QUERY metatype" - */ - if (dns_rdatatype_ismeta(rdata.type)) { - FAILC(DNS_R_FORMERR, - "meta-RR in update"); - } - result = dns_zone_checknames(zone, name, &rdata); - if (result != ISC_R_SUCCESS) - FAIL(DNS_R_REFUSED); - } else if (update_class == dns_rdataclass_any) { - if (ttl != 0 || rdata.length != 0 || - (dns_rdatatype_ismeta(rdata.type) && - rdata.type != dns_rdatatype_any)) - FAILC(DNS_R_FORMERR, - "meta-RR in update"); - } else if (update_class == dns_rdataclass_none) { - if (ttl != 0 || - dns_rdatatype_ismeta(rdata.type)) - FAILC(DNS_R_FORMERR, - "meta-RR in update"); - } else { - update_log(client, zone, ISC_LOG_WARNING, - "update RR has incorrect class %d", - update_class); - FAIL(DNS_R_FORMERR); - } - - /* - * draft-ietf-dnsind-simple-secure-update-01 says - * "Unlike traditional dynamic update, the client - * is forbidden from updating NSEC records." - */ - if (rdata.type == dns_rdatatype_nsec3) { - FAILC(DNS_R_REFUSED, - "explicit NSEC3 updates are not allowed " - "in secure zones"); - } else if (rdata.type == dns_rdatatype_nsec) { - FAILC(DNS_R_REFUSED, - "explicit NSEC updates are not allowed " - "in secure zones"); - } else if (rdata.type == dns_rdatatype_rrsig && - !dns_name_equal(name, zonename)) { - FAILC(DNS_R_REFUSED, - "explicit RRSIG updates are currently " - "not supported in secure zones except " - "at the apex"); - } - - if (ssutable != NULL) { - isc_netaddr_t *tcpaddr, netaddr; - dst_key_t *tsigkey = NULL; - /* - * If this is a TCP connection then pass the - * address of the client through for tcp-self - * and 6to4-self otherwise pass NULL. This - * provides weak address based authentication. - */ - if (TCPCLIENT(client)) { - isc_netaddr_fromsockaddr(&netaddr, - &client->peeraddr); - tcpaddr = &netaddr; - } else - tcpaddr = NULL; - - if (client->message->tsigkey != NULL) - tsigkey = client->message->tsigkey->key; - - if (rdata.type != dns_rdatatype_any) { - if (!dns_ssutable_checkrules(ssutable, - client->signer, - name, tcpaddr, - rdata.type, - tsigkey)) - FAILC(DNS_R_REFUSED, - "rejected by secure update"); - } else { - if (!ssu_checkall(db, ver, name, ssutable, - client->signer, tcpaddr, - tsigkey)) - FAILC(DNS_R_REFUSED, - "rejected by secure update"); - } - } - } - if (result != ISC_R_NOMORE) - FAIL(result); - - update_log(client, zone, LOGLEVEL_DEBUG, - "update section prescan OK"); - - /* - * Process the Update Section. - */ - - options = dns_zone_getoptions(zone); - options2 = dns_zone_getoptions2(zone); - for (result = dns_message_firstname(request, DNS_SECTION_UPDATE); - result == ISC_R_SUCCESS; - result = dns_message_nextname(request, DNS_SECTION_UPDATE)) - { - dns_name_t *name = NULL; - dns_rdata_t rdata = DNS_RDATA_INIT; - dns_ttl_t ttl; - dns_rdataclass_t update_class; - isc_boolean_t flag; - - get_current_rr(request, DNS_SECTION_UPDATE, zoneclass, - &name, &rdata, &covers, &ttl, &update_class); - - if (update_class == zoneclass) { - - /* - * RFC1123 doesn't allow MF and MD in master zones. */ - if (rdata.type == dns_rdatatype_md || - rdata.type == dns_rdatatype_mf) { - char typebuf[DNS_RDATATYPE_FORMATSIZE]; - - dns_rdatatype_format(rdata.type, typebuf, - sizeof(typebuf)); - update_log(client, zone, LOGLEVEL_PROTOCOL, - "attempt to add %s ignored", - typebuf); - continue; - } - if ((rdata.type == dns_rdatatype_ns || - rdata.type == dns_rdatatype_dname) && - dns_name_iswildcard(name)) { - char typebuf[DNS_RDATATYPE_FORMATSIZE]; - - dns_rdatatype_format(rdata.type, typebuf, - sizeof(typebuf)); - update_log(client, zone, - LOGLEVEL_PROTOCOL, - "attempt to add wildcard %s record " - "ignored", typebuf); - continue; - } - if (rdata.type == dns_rdatatype_cname) { - CHECK(cname_incompatible_rrset_exists(db, ver, - name, - &flag)); - if (flag) { - update_log(client, zone, - LOGLEVEL_PROTOCOL, - "attempt to add CNAME " - "alongside non-CNAME " - "ignored"); - continue; - } - } else { - CHECK(rrset_exists(db, ver, name, - dns_rdatatype_cname, 0, - &flag)); - if (flag && - ! dns_rdatatype_isdnssec(rdata.type)) - { - update_log(client, zone, - LOGLEVEL_PROTOCOL, - "attempt to add non-CNAME " - "alongside CNAME ignored"); - continue; - } - } - if (rdata.type == dns_rdatatype_soa) { - isc_boolean_t ok; - CHECK(rrset_exists(db, ver, name, - dns_rdatatype_soa, 0, - &flag)); - if (! flag) { - update_log(client, zone, - LOGLEVEL_PROTOCOL, - "attempt to create 2nd " - "SOA ignored"); - continue; - } - CHECK(check_soa_increment(db, ver, &rdata, - &ok)); - if (! ok) { - update_log(client, zone, - LOGLEVEL_PROTOCOL, - "SOA update failed to " - "increment serial, " - "ignoring it"); - continue; - } - soa_serial_changed = ISC_TRUE; - } - - if (rdata.type == privatetype) { - update_log(client, zone, LOGLEVEL_PROTOCOL, - "attempt to add a private type " - "(%u) record rejected internal " - "use only", privatetype); - continue; - } - - if (rdata.type == dns_rdatatype_nsec3param) { - /* - * Ignore attempts to add NSEC3PARAM records - * with any flags other than OPTOUT. - */ - if ((rdata.data[1] & ~DNS_NSEC3FLAG_OPTOUT) != 0) { - update_log(client, zone, - LOGLEVEL_PROTOCOL, - "attempt to add NSEC3PARAM " - "record with non OPTOUT " - "flag"); - continue; - } - } - - if ((options & DNS_ZONEOPT_CHECKWILDCARD) != 0 && - dns_name_internalwildcard(name)) { - char namestr[DNS_NAME_FORMATSIZE]; - dns_name_format(name, namestr, - sizeof(namestr)); - update_log(client, zone, LOGLEVEL_PROTOCOL, - "warning: ownername '%s' contains " - "a non-terminal wildcard", namestr); - } - - if ((options2 & DNS_ZONEOPT2_CHECKTTL) != 0) { - maxttl = dns_zone_getmaxttl(zone); - if (ttl > maxttl) { - ttl = maxttl; - update_log(client, zone, - LOGLEVEL_PROTOCOL, - "reducing TTL to the " - "configured max-zone-ttl %d", - maxttl); - } - } - - if (isc_log_wouldlog(ns_g_lctx, LOGLEVEL_PROTOCOL)) { - char namestr[DNS_NAME_FORMATSIZE]; - char typestr[DNS_RDATATYPE_FORMATSIZE]; - char rdstr[2048]; - isc_buffer_t buf; - int len = 0; - const char *truncated = ""; - - dns_name_format(name, namestr, sizeof(namestr)); - dns_rdatatype_format(rdata.type, typestr, - sizeof(typestr)); - isc_buffer_init(&buf, rdstr, sizeof(rdstr)); - result = dns_rdata_totext(&rdata, NULL, &buf); - if (result == ISC_R_NOSPACE) { - len = (int)isc_buffer_usedlength(&buf); - truncated = " [TRUNCATED]"; - } else if (result != ISC_R_SUCCESS) { - snprintf(rdstr, sizeof(rdstr), "[dns_" - "rdata_totext failed: %s]", - dns_result_totext(result)); - len = strlen(rdstr); - } else - len = (int)isc_buffer_usedlength(&buf); - update_log(client, zone, LOGLEVEL_PROTOCOL, - "adding an RR at '%s' %s %.*s%s", - namestr, typestr, len, rdstr, - truncated); - } - - /* Prepare the affected RRset for the addition. */ - { - add_rr_prepare_ctx_t ctx; - ctx.db = db; - ctx.ver = ver; - ctx.diff = &diff; - ctx.name = name; - ctx.oldname = name; - ctx.update_rr = &rdata; - ctx.update_rr_ttl = ttl; - ctx.ignore_add = ISC_FALSE; - dns_diff_init(mctx, &ctx.del_diff); - dns_diff_init(mctx, &ctx.add_diff); - CHECK(foreach_rr(db, ver, name, rdata.type, - covers, add_rr_prepare_action, - &ctx)); - - if (ctx.ignore_add) { - dns_diff_clear(&ctx.del_diff); - dns_diff_clear(&ctx.add_diff); - } else { - result = do_diff(&ctx.del_diff, db, ver, - &diff); - if (result == ISC_R_SUCCESS) { - result = do_diff(&ctx.add_diff, - db, ver, - &diff); - } - if (result != ISC_R_SUCCESS) { - dns_diff_clear(&ctx.del_diff); - dns_diff_clear(&ctx.add_diff); - goto failure; - } - CHECK(update_one_rr(db, ver, &diff, - DNS_DIFFOP_ADD, - name, ttl, &rdata)); - } - } - } else if (update_class == dns_rdataclass_any) { - if (rdata.type == dns_rdatatype_any) { - if (isc_log_wouldlog(ns_g_lctx, - LOGLEVEL_PROTOCOL)) - { - char namestr[DNS_NAME_FORMATSIZE]; - dns_name_format(name, namestr, - sizeof(namestr)); - update_log(client, zone, - LOGLEVEL_PROTOCOL, - "delete all rrsets from " - "name '%s'", namestr); - } - if (dns_name_equal(name, zonename)) { - CHECK(delete_if(type_not_soa_nor_ns_p, - db, ver, name, - dns_rdatatype_any, 0, - &rdata, &diff)); - } else { - CHECK(delete_if(type_not_dnssec, - db, ver, name, - dns_rdatatype_any, 0, - &rdata, &diff)); - } - } else if (dns_name_equal(name, zonename) && - (rdata.type == dns_rdatatype_soa || - rdata.type == dns_rdatatype_ns)) { - update_log(client, zone, LOGLEVEL_PROTOCOL, - "attempt to delete all SOA " - "or NS records ignored"); - continue; - } else { - if (isc_log_wouldlog(ns_g_lctx, - LOGLEVEL_PROTOCOL)) - { - char namestr[DNS_NAME_FORMATSIZE]; - char typestr[DNS_RDATATYPE_FORMATSIZE]; - dns_name_format(name, namestr, - sizeof(namestr)); - dns_rdatatype_format(rdata.type, - typestr, - sizeof(typestr)); - update_log(client, zone, - LOGLEVEL_PROTOCOL, - "deleting rrset at '%s' %s", - namestr, typestr); - } - CHECK(delete_if(true_p, db, ver, name, - rdata.type, covers, &rdata, - &diff)); - } - } else if (update_class == dns_rdataclass_none) { - char namestr[DNS_NAME_FORMATSIZE]; - char typestr[DNS_RDATATYPE_FORMATSIZE]; - - /* - * The (name == zonename) condition appears in - * RFC2136 3.4.2.4 but is missing from the pseudocode. - */ - if (dns_name_equal(name, zonename)) { - if (rdata.type == dns_rdatatype_soa) { - update_log(client, zone, - LOGLEVEL_PROTOCOL, - "attempt to delete SOA " - "ignored"); - continue; - } - if (rdata.type == dns_rdatatype_ns) { - int count; - CHECK(rr_count(db, ver, name, - dns_rdatatype_ns, - 0, &count)); - if (count == 1) { - update_log(client, zone, - LOGLEVEL_PROTOCOL, - "attempt to " - "delete last " - "NS ignored"); - continue; - } - } - } - dns_name_format(name, namestr, sizeof(namestr)); - dns_rdatatype_format(rdata.type, typestr, - sizeof(typestr)); - update_log(client, zone, LOGLEVEL_PROTOCOL, - "deleting an RR at %s %s", namestr, typestr); - CHECK(delete_if(rr_equal_p, db, ver, name, rdata.type, - covers, &rdata, &diff)); - } - } - if (result != ISC_R_NOMORE) - FAIL(result); - - /* - * Check that any changes to DNSKEY/NSEC3PARAM records make sense. - * If they don't then back out all changes to DNSKEY/NSEC3PARAM - * records. - */ - if (! ISC_LIST_EMPTY(diff.tuples)) - CHECK(check_dnssec(client, zone, db, ver, &diff)); - - if (! ISC_LIST_EMPTY(diff.tuples)) { - unsigned int errors = 0; - CHECK(dns_zone_nscheck(zone, db, ver, &errors)); - if (errors != 0) { - update_log(client, zone, LOGLEVEL_PROTOCOL, - "update rejected: post update name server " - "sanity check failed"); - result = DNS_R_REFUSED; - goto failure; - } - } - if (! ISC_LIST_EMPTY(diff.tuples)) { - result = dns_zone_cdscheck(zone, db, ver); - if (result == DNS_R_BADCDS || result == DNS_R_BADCDNSKEY) { - update_log(client, zone, LOGLEVEL_PROTOCOL, - "update rejected: bad %s RRset", - result == DNS_R_BADCDS ? "CDS" : "CDNSKEY"); - result = DNS_R_REFUSED; - goto failure; - } - if (result != ISC_R_SUCCESS) - goto failure; - - } - - /* - * If any changes were made, increment the SOA serial number, - * update RRSIGs and NSECs (if zone is secure), and write the update - * to the journal. - */ - if (! ISC_LIST_EMPTY(diff.tuples)) { - char *journalfile; - dns_journal_t *journal; - isc_boolean_t has_dnskey; - - /* - * Increment the SOA serial, but only if it was not - * changed as a result of an update operation. - */ - if (! soa_serial_changed) { - CHECK(update_soa_serial(db, ver, &diff, mctx, - dns_zone_getserialupdatemethod(zone))); - } - - CHECK(check_mx(client, zone, db, ver, &diff)); - - CHECK(remove_orphaned_ds(db, ver, &diff)); - - CHECK(rrset_exists(db, ver, zonename, dns_rdatatype_dnskey, - 0, &has_dnskey)); - -#define ALLOW_SECURE_TO_INSECURE(zone) \ - ((dns_zone_getoptions(zone) & DNS_ZONEOPT_SECURETOINSECURE) != 0) - - CHECK(rrset_exists(db, oldver, zonename, dns_rdatatype_dnskey, - 0, &had_dnskey)); - if (!ALLOW_SECURE_TO_INSECURE(zone)) { - if (had_dnskey && !has_dnskey) { - update_log(client, zone, LOGLEVEL_PROTOCOL, - "update rejected: all DNSKEY " - "records removed and " - "'dnssec-secure-to-insecure' " - "not set"); - result = DNS_R_REFUSED; - goto failure; - } - } - - CHECK(rollback_private(db, privatetype, ver, &diff)); - - CHECK(add_signing_records(db, privatetype, ver, &diff)); - - CHECK(add_nsec3param_records(client, zone, db, ver, &diff)); - - if (had_dnskey && !has_dnskey) { - /* - * We are transitioning from secure to insecure. - * Cause all NSEC3 chains to be deleted. When the - * the last signature for the DNSKEY records are - * remove any NSEC chain present will also be removed. - */ - CHECK(dns_nsec3param_deletechains(db, ver, zone, - ISC_TRUE, &diff)); - } else if (has_dnskey && isdnssec(db, ver, privatetype)) { - isc_uint32_t interval; - dns_update_log_t log; - - interval = dns_zone_getsigvalidityinterval(zone); - log.func = update_log_cb; - log.arg = client; - result = dns_update_signatures(&log, zone, db, oldver, - ver, &diff, interval); - - if (result != ISC_R_SUCCESS) { - update_log(client, zone, - ISC_LOG_ERROR, - "RRSIG/NSEC/NSEC3 update failed: %s", - isc_result_totext(result)); - goto failure; - } - } - - maxrecords = dns_zone_getmaxrecords(zone); - if (maxrecords != 0U) { - result = dns_db_getsize(db, ver, &records, NULL); - if (result == ISC_R_SUCCESS && records > maxrecords) { - update_log(client, zone, ISC_LOG_ERROR, - "records in zone (%" - ISC_PRINT_QUADFORMAT - "u) exceeds max-records (%u)", - records, maxrecords); - result = DNS_R_TOOMANYRECORDS; - goto failure; - } - } - - journalfile = dns_zone_getjournal(zone); - if (journalfile != NULL) { - update_log(client, zone, LOGLEVEL_DEBUG, - "writing journal %s", journalfile); - - journal = NULL; - result = dns_journal_open(mctx, journalfile, - DNS_JOURNAL_CREATE, &journal); - if (result != ISC_R_SUCCESS) - FAILS(result, "journal open failed"); - - result = dns_journal_write_transaction(journal, &diff); - if (result != ISC_R_SUCCESS) { - dns_journal_destroy(&journal); - FAILS(result, "journal write failed"); - } - - dns_journal_destroy(&journal); - } - - /* - * XXXRTH Just a note that this committing code will have - * to change to handle databases that need two-phase - * commit, but this isn't a priority. - */ - update_log(client, zone, LOGLEVEL_DEBUG, - "committing update transaction"); - - dns_db_closeversion(db, &ver, ISC_TRUE); - - /* - * Mark the zone as dirty so that it will be written to disk. - */ - dns_zone_markdirty(zone); - - /* - * Notify slaves of the change we just made. - */ - dns_zone_notify(zone); - - /* - * Cause the zone to be signed with the key that we - * have just added or have the corresponding signatures - * deleted. - * - * Note: we are already committed to this course of action. - */ - for (tuple = ISC_LIST_HEAD(diff.tuples); - tuple != NULL; - tuple = ISC_LIST_NEXT(tuple, link)) { - isc_region_t r; - dns_secalg_t algorithm; - isc_uint16_t keyid; - - if (tuple->rdata.type != dns_rdatatype_dnskey) - continue; - - dns_rdata_tostruct(&tuple->rdata, &dnskey, NULL); - if ((dnskey.flags & - (DNS_KEYFLAG_OWNERMASK|DNS_KEYTYPE_NOAUTH)) - != DNS_KEYOWNER_ZONE) - continue; - - dns_rdata_toregion(&tuple->rdata, &r); - algorithm = dnskey.algorithm; - keyid = dst_region_computeid(&r, algorithm); - - result = dns_zone_signwithkey(zone, algorithm, keyid, - ISC_TF(tuple->op == DNS_DIFFOP_DEL)); - if (result != ISC_R_SUCCESS) { - update_log(client, zone, ISC_LOG_ERROR, - "dns_zone_signwithkey failed: %s", - dns_result_totext(result)); - } - } - - /* - * Cause the zone to add/delete NSEC3 chains for the - * deferred NSEC3PARAM changes. - * - * Note: we are already committed to this course of action. - */ - for (tuple = ISC_LIST_HEAD(diff.tuples); - tuple != NULL; - tuple = ISC_LIST_NEXT(tuple, link)) { - unsigned char buf[DNS_NSEC3PARAM_BUFFERSIZE]; - dns_rdata_t rdata = DNS_RDATA_INIT; - dns_rdata_nsec3param_t nsec3param; - - if (tuple->rdata.type != privatetype || - tuple->op != DNS_DIFFOP_ADD) - continue; - - if (!dns_nsec3param_fromprivate(&tuple->rdata, &rdata, - buf, sizeof(buf))) - continue; - dns_rdata_tostruct(&rdata, &nsec3param, NULL); - if (nsec3param.flags == 0) - continue; - - result = dns_zone_addnsec3chain(zone, &nsec3param); - if (result != ISC_R_SUCCESS) { - update_log(client, zone, ISC_LOG_ERROR, - "dns_zone_addnsec3chain failed: %s", - dns_result_totext(result)); - } - } - } else { - update_log(client, zone, LOGLEVEL_DEBUG, "redundant request"); - dns_db_closeversion(db, &ver, ISC_TRUE); - } - result = ISC_R_SUCCESS; - goto common; - - failure: - /* - * The reason for failure should have been logged at this point. - */ - if (ver != NULL) { - update_log(client, zone, LOGLEVEL_DEBUG, - "rolling back"); - dns_db_closeversion(db, &ver, ISC_FALSE); - } - - common: - dns_diff_clear(&temp); - dns_diff_clear(&diff); - - if (oldver != NULL) - dns_db_closeversion(db, &oldver, ISC_FALSE); - - if (db != NULL) - dns_db_detach(&db); - - if (ssutable != NULL) - dns_ssutable_detach(&ssutable); - - isc_task_detach(&task); - uev->result = result; - if (zone != NULL) - INSIST(uev->zone == zone); /* we use this later */ - uev->ev_type = DNS_EVENT_UPDATEDONE; - uev->ev_action = updatedone_action; - isc_task_send(client->task, &event); - - INSIST(ver == NULL); - INSIST(event == NULL); -} - -static void -updatedone_action(isc_task_t *task, isc_event_t *event) { - update_event_t *uev = (update_event_t *) event; - ns_client_t *client = (ns_client_t *) event->ev_arg; - - UNUSED(task); - - INSIST(event->ev_type == DNS_EVENT_UPDATEDONE); - INSIST(task == client->task); - - INSIST(client->nupdates > 0); - switch (uev->result) { - case ISC_R_SUCCESS: - inc_stats(uev->zone, dns_nsstatscounter_updatedone); - break; - case DNS_R_REFUSED: - inc_stats(uev->zone, dns_nsstatscounter_updaterej); - break; - default: - inc_stats(uev->zone, dns_nsstatscounter_updatefail); - break; - } - if (uev->zone != NULL) - dns_zone_detach(&uev->zone); - client->nupdates--; - respond(client, uev->result); - isc_event_free(&event); - ns_client_detach(&client); -} - -/*% - * Update forwarding support. - */ - -static void -forward_fail(isc_task_t *task, isc_event_t *event) { - ns_client_t *client = (ns_client_t *)event->ev_arg; - - UNUSED(task); - - INSIST(client->nupdates > 0); - client->nupdates--; - respond(client, DNS_R_SERVFAIL); - isc_event_free(&event); - ns_client_detach(&client); -} - - -static void -forward_callback(void *arg, isc_result_t result, dns_message_t *answer) { - update_event_t *uev = arg; - ns_client_t *client = uev->ev_arg; - dns_zone_t *zone = uev->zone; - - if (result != ISC_R_SUCCESS) { - INSIST(answer == NULL); - uev->ev_type = DNS_EVENT_UPDATEDONE; - uev->ev_action = forward_fail; - inc_stats(zone, dns_nsstatscounter_updatefwdfail); - } else { - uev->ev_type = DNS_EVENT_UPDATEDONE; - uev->ev_action = forward_done; - uev->answer = answer; - inc_stats(zone, dns_nsstatscounter_updaterespfwd); - } - isc_task_send(client->task, ISC_EVENT_PTR(&uev)); - dns_zone_detach(&zone); -} - -static void -forward_done(isc_task_t *task, isc_event_t *event) { - update_event_t *uev = (update_event_t *) event; - ns_client_t *client = (ns_client_t *)event->ev_arg; - - UNUSED(task); - - INSIST(client->nupdates > 0); - client->nupdates--; - ns_client_sendraw(client, uev->answer); - dns_message_destroy(&uev->answer); - isc_event_free(&event); - ns_client_detach(&client); -} - -static void -forward_action(isc_task_t *task, isc_event_t *event) { - update_event_t *uev = (update_event_t *) event; - dns_zone_t *zone = uev->zone; - ns_client_t *client = (ns_client_t *)event->ev_arg; - isc_result_t result; - - result = dns_zone_forwardupdate(zone, client->message, - forward_callback, event); - if (result != ISC_R_SUCCESS) { - uev->ev_type = DNS_EVENT_UPDATEDONE; - uev->ev_action = forward_fail; - isc_task_send(client->task, &event); - inc_stats(zone, dns_nsstatscounter_updatefwdfail); - dns_zone_detach(&zone); - } else - inc_stats(zone, dns_nsstatscounter_updatereqfwd); - isc_task_detach(&task); -} - -static isc_result_t -send_forward_event(ns_client_t *client, dns_zone_t *zone) { - char namebuf[DNS_NAME_FORMATSIZE]; - char classbuf[DNS_RDATACLASS_FORMATSIZE]; - isc_result_t result = ISC_R_SUCCESS; - update_event_t *event = NULL; - isc_task_t *zonetask = NULL; - ns_client_t *evclient; - - /* - * This may take some time so replace this client. - */ - if (!client->mortal && (client->attributes & NS_CLIENTATTR_TCP) == 0) - CHECK(ns_client_replace(client)); - - event = (update_event_t *) - isc_event_allocate(client->mctx, client, DNS_EVENT_UPDATE, - forward_action, NULL, sizeof(*event)); - if (event == NULL) - FAIL(ISC_R_NOMEMORY); - event->zone = zone; - event->result = ISC_R_SUCCESS; - - evclient = NULL; - ns_client_attach(client, &evclient); - INSIST(client->nupdates == 0); - client->nupdates++; - event->ev_arg = evclient; - - dns_name_format(dns_zone_getorigin(zone), namebuf, - sizeof(namebuf)); - dns_rdataclass_format(dns_zone_getclass(zone), classbuf, - sizeof(classbuf)); - - ns_client_log(client, NS_LOGCATEGORY_UPDATE, NS_LOGMODULE_UPDATE, - LOGLEVEL_PROTOCOL, "forwarding update for zone '%s/%s'", - namebuf, classbuf); - - dns_zone_gettask(zone, &zonetask); - isc_task_send(zonetask, ISC_EVENT_PTR(&event)); - - failure: - if (event != NULL) - isc_event_free(ISC_EVENT_PTR(&event)); - return (result); -} diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c index eaa398ee..17cafa48 100644 --- a/bin/named/zoneconf.c +++ b/bin/named/zoneconf.c @@ -1086,11 +1086,7 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, } obj = NULL; -<<<<<<< HEAD - result = ns_config_get(maps, "max-records", &obj); -======= result = named_config_get(maps, "max-records", &obj); ->>>>>>> upstream/9.14.4 INSIST(result == ISC_R_SUCCESS && obj != NULL); dns_zone_setmaxrecords(mayberaw, cfg_obj_asuint32(obj)); if (zone != mayberaw) diff --git a/bin/tests/system/dyndb/driver/db.c b/bin/tests/system/dyndb/driver/db.c index 1c76e9c3..a793a69f 100644 --- a/bin/tests/system/dyndb/driver/db.c +++ b/bin/tests/system/dyndb/driver/db.c @@ -608,16 +608,11 @@ static dns_dbmethods_t sampledb_methods = { findext, setcachestats, hashsize, -<<<<<<< HEAD - NULL, - NULL, -======= NULL, /* nodefullname */ NULL, /* getsize */ NULL, /* setservestalettl */ NULL, /* getservestalettl */ NULL /* setgluecachestats */ ->>>>>>> upstream/9.14.4 }; /* Auxiliary driver functions. */ diff --git a/bin/tests/system/nsupdate/clean.sh b/bin/tests/system/nsupdate/clean.sh index f2924dd5..ef5ec56e 100644 --- a/bin/tests/system/nsupdate/clean.sh +++ b/bin/tests/system/nsupdate/clean.sh @@ -38,8 +38,6 @@ rm -f ns3/example.db rm -f ns3/many.test.bk rm -f ns3/nsec3param.test.db rm -f ns3/too-big.test.db -<<<<<<< HEAD -======= rm -f ns5/local.db rm -f ns6/in-addr.db rm -f ns7/in-addr.db @@ -54,7 +52,6 @@ rm -f ns9/_default.tsigkeys rm -f ns10/example.com.db rm -f ns10/in-addr.db rm -f ns10/_default.tsigkeys ->>>>>>> upstream/9.14.4 rm -f nsupdate.out* rm -f typelist.out.* rm -f ns1/sample.db diff --git a/bin/tests/system/nsupdate/ns3/named.conf b/bin/tests/system/nsupdate/ns3/named.conf deleted file mode 100644 index 2db43de8..00000000 --- a/bin/tests/system/nsupdate/ns3/named.conf +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright (C) 2010, 2011, 2013, 2014, 2016 Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - */ - -/* $Id: named.conf,v 1.5 2011/02/03 12:18:11 tbox Exp $ */ - -// NS3 - -controls { /* empty */ }; - -options { - query-source address 10.53.0.3 dscp 7; - notify-source 10.53.0.3 dscp 8; - transfer-source 10.53.0.3 dscp 9; - port 5300; - pid-file "named.pid"; - listen-on { 10.53.0.3; }; - listen-on-v6 { none; }; - recursion no; - notify yes; - dnssec-enable yes; - dnssec-validation yes; -}; - -/* -zone "." { - type master; - file "root.db.signed"; -}; -*/ - -// include "trusted.conf"; - -zone "example" { - type master; - allow-update { any; }; - file "example.db"; -}; - -zone "nsec3param.test" { - type master; - allow-update { any; }; - file "nsec3param.test.db.signed"; -}; - -zone "dnskey.test" { - type master; - allow-update { any; }; - file "dnskey.test.db.signed"; -}; - -zone "many.test" { - type slave; - masters { 10.53.0.1; }; - allow-update-forwarding { any; }; - file "many.test.bk"; -}; - -zone "delegation.test" { - type master; - allow-update { any; }; - file "delegation.test.db.signed"; -}; - -zone "too-big.test" { - type master; - allow-update { any; }; - max-records 3; - file "too-big.test.db"; -}; diff --git a/bin/tests/system/nsupdate/ns3/too-big.test.db.in b/bin/tests/system/nsupdate/ns3/too-big.test.db.in index 8282dd47..f271d271 100644 --- a/bin/tests/system/nsupdate/ns3/too-big.test.db.in +++ b/bin/tests/system/nsupdate/ns3/too-big.test.db.in @@ -1,18 +1,11 @@ -<<<<<<< HEAD -; Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC") -======= ; Copyright (C) Internet Systems Consortium, Inc. ("ISC") ->>>>>>> upstream/9.14.4 ; ; This Source Code Form is subject to the terms of the Mozilla Public ; License, v. 2.0. If a copy of the MPL was not distributed with this ; file, You can obtain one at http://mozilla.org/MPL/2.0/. -<<<<<<< HEAD -======= ; ; See the COPYRIGHT file distributed with this work for additional ; information regarding copyright ownership. ->>>>>>> upstream/9.14.4 $TTL 10 too-big.test. IN SOA too-big.test. hostmaster.too-big.test. 1 3600 900 2419200 3600 diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh index 2d109588..5d701149 100644 --- a/bin/tests/system/nsupdate/setup.sh +++ b/bin/tests/system/nsupdate/setup.sh @@ -27,14 +27,7 @@ copy_setports ns8/named.conf.in ns8/named.conf copy_setports ns9/named.conf.in ns9/named.conf copy_setports ns10/named.conf.in ns10/named.conf -<<<<<<< HEAD -rm -f ns1/*.jnl ns1/example.db ns2/*.jnl ns2/example.bk -rm -f ns2/update.bk ns2/update.alt.bk -rm -f ns3/example.db.jnl -rm -f ns3/too-big.test.db.jnl -======= copy_setports verylarge.in verylarge ->>>>>>> upstream/9.14.4 cp -f ns1/example1.db ns1/example.db sed 's/example.nil/other.nil/g' ns1/example1.db > ns1/other.db diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh index 391754a4..b73d1785 100755 --- a/bin/tests/system/nsupdate/tests.sh +++ b/bin/tests/system/nsupdate/tests.sh @@ -1327,24 +1327,5 @@ fi # End client library tests here # -<<<<<<< HEAD -n=`expr $n + 1` -echo "I:check that adding too many records is blocked ($n)" -ret=0 -$NSUPDATE -v << EOF > nsupdate.out-$n 2>&1 && ret=1 -server 10.53.0.3 5300 -zone too-big.test. -update add r1.too-big.test 3600 IN TXT r1.too-big.test -send -EOF -grep "update failed: SERVFAIL" nsupdate.out-$n > /dev/null || ret=1 -DIG +tcp @10.53.0.3 -p 5300 r1.too-big.test TXT > dig.out.ns3.test$n -grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1 -grep "records in zone (4) exceeds max-records (3)" ns3/named.run > /dev/null || ret=1 -[ $ret = 0 ] || { echo I:failed; status=1; } - -echo "I:exit status: $status" -======= echo_i "exit status: $status" ->>>>>>> upstream/9.14.4 [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/xfer/clean.sh b/bin/tests/system/xfer/clean.sh index 23bb551d..e1729222 100644 --- a/bin/tests/system/xfer/clean.sh +++ b/bin/tests/system/xfer/clean.sh @@ -33,10 +33,5 @@ rm -f */ans.run rm -f ns*/named.lock rm -f ns2/mapped.db rm -f ns3/mapped.bk -<<<<<<< HEAD -rm -f dig.out.?.* -rm -f ns1/ixfr-too-big.db ns1/ixfr-too-big.db.jnl -======= rm -f ns1/ixfr-too-big.db ns1/ixfr-too-big.db.jnl rm -f ns*/managed-keys.bind* ->>>>>>> upstream/9.14.4 diff --git a/bin/tests/system/xfer/ns1/axfr-too-big.db b/bin/tests/system/xfer/ns1/axfr-too-big.db index 5bb9469f..ff6e4b96 100644 --- a/bin/tests/system/xfer/ns1/axfr-too-big.db +++ b/bin/tests/system/xfer/ns1/axfr-too-big.db @@ -1,18 +1,11 @@ -<<<<<<< HEAD -; Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC") -======= ; Copyright (C) Internet Systems Consortium, Inc. ("ISC") ->>>>>>> upstream/9.14.4 ; ; This Source Code Form is subject to the terms of the Mozilla Public ; License, v. 2.0. If a copy of the MPL was not distributed with this ; file, You can obtain one at http://mozilla.org/MPL/2.0/. -<<<<<<< HEAD -======= ; ; See the COPYRIGHT file distributed with this work for additional ; information regarding copyright ownership. ->>>>>>> upstream/9.14.4 $TTL 3600 @ IN SOA . . 0 0 0 0 0 diff --git a/bin/tests/system/xfer/ns1/ixfr-too-big.db.in b/bin/tests/system/xfer/ns1/ixfr-too-big.db.in index 004aebdd..7372793e 100644 --- a/bin/tests/system/xfer/ns1/ixfr-too-big.db.in +++ b/bin/tests/system/xfer/ns1/ixfr-too-big.db.in @@ -1,18 +1,11 @@ -<<<<<<< HEAD -; Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC") -======= ; Copyright (C) Internet Systems Consortium, Inc. ("ISC") ->>>>>>> upstream/9.14.4 ; ; This Source Code Form is subject to the terms of the Mozilla Public ; License, v. 2.0. If a copy of the MPL was not distributed with this ; file, You can obtain one at http://mozilla.org/MPL/2.0/. -<<<<<<< HEAD -======= ; ; See the COPYRIGHT file distributed with this work for additional ; information regarding copyright ownership. ->>>>>>> upstream/9.14.4 $TTL 3600 @ IN SOA . . 0 0 0 0 0 diff --git a/bin/tests/system/xfer/ns1/named.conf b/bin/tests/system/xfer/ns1/named.conf deleted file mode 100644 index b0d46ce1..00000000 --- a/bin/tests/system/xfer/ns1/named.conf +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2004, 2007, 2011, 2014, 2016 Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - */ - -/* $Id: named.conf,v 1.20 2011/03/12 04:59:47 tbox Exp $ */ - -include "../../common/rndc.key"; - -controls { - inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; -}; - -options { - query-source address 10.53.0.1; - notify-source 10.53.0.1; - transfer-source 10.53.0.1; - port 5300; - pid-file "named.pid"; - listen-on { 10.53.0.1; }; - listen-on-v6 { none; }; - recursion no; - notify yes; -}; - -zone "." { - type master; - file "root.db"; -}; - -zone "slave" { - type master; - file "slave.db"; -}; - -zone "edns-expire" { - type master; - file "edns-expire.db"; -}; - -zone "axfr-too-big" { - type master; - file "axfr-too-big.db"; -}; - -zone "ixfr-too-big" { - type master; - allow-update { any; }; - file "ixfr-too-big.db"; -}; diff --git a/bin/tests/system/xfer/ns6/named.conf b/bin/tests/system/xfer/ns6/named.conf deleted file mode 100644 index f9909270..00000000 --- a/bin/tests/system/xfer/ns6/named.conf +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright (C) 2011, 2014, 2016 Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - */ - -/* $Id: named.conf,v 1.3 2011/03/12 04:59:47 tbox Exp $ */ - -include "../../common/rndc.key"; - -controls { - inet 10.53.0.6 port 9953 allow { any; } keys { rndc_key; }; -}; - -options { - query-source address 10.53.0.6; - notify-source 10.53.0.6; - transfer-source 10.53.0.6; - port 5300; - pid-file "named.pid"; - listen-on { 10.53.0.6; }; - listen-on-v6 { none; }; - recursion no; - notify yes; - ixfr-from-differences master; - check-integrity no; -}; - -zone "." { - type hint; - file "../../common/root.hint"; -}; - -zone "master" { - type master; - file "master.db"; -}; - -zone "slave" { - type slave; - notify no; - masters { 10.53.0.1; }; - file "slave.bk"; -}; - -zone "edns-expire" { - type slave; - masters { 10.53.0.1; }; - file "edns-expire.bk"; -}; - -zone "axfr-too-big" { - type slave; - max-records 30; - masters { 10.53.0.1; }; - file "axfr-too-big.bk"; -}; - -zone "ixfr-too-big" { - type slave; - max-records 30; - masters { 10.53.0.1; }; - file "ixfr-too-big.bk"; -}; diff --git a/bin/tests/system/xfer/tests.sh b/bin/tests/system/xfer/tests.sh index 30cf7c68..b54f94eb 100755 --- a/bin/tests/system/xfer/tests.sh +++ b/bin/tests/system/xfer/tests.sh @@ -514,35 +514,5 @@ done if test $tmp != 0 ; then echo_i "failed"; fi status=`expr $status + $tmp` -<<<<<<< HEAD -n=`expr $n + 1` -echo "I:test that a zone with too many records is rejected (AXFR) ($n)" -tmp=0 -grep "'axfr-too-big/IN'.*: too many records" ns6/named.run >/dev/null || tmp=1 -if test $tmp != 0 ; then echo "I:failed"; fi -status=`expr $status + $tmp` - -n=`expr $n + 1` -echo "I:test that a zone with too many records is rejected (IXFR) ($n)" -tmp=0 -grep "'ixfr-too-big./IN.*: too many records" ns6/named.run >/dev/null && tmp=1 -$NSUPDATE << EOF -zone ixfr-too-big -server 10.53.0.1 5300 -update add the-31st-record.ixfr-too-big 0 TXT this is it -send -EOF -for i in 1 2 3 4 5 6 7 8 -do - grep "'ixfr-too-big/IN'.*: too many records" ns6/named.run >/dev/null && break - sleep 1 -done -grep "'ixfr-too-big/IN'.*: too many records" ns6/named.run >/dev/null || tmp=1 -if test $tmp != 0 ; then echo "I:failed"; fi -status=`expr $status + $tmp` - -echo "I:exit status: $status" -======= echo_i "exit status: $status" ->>>>>>> upstream/9.14.4 [ $status -eq 0 ] || exit 1 diff --git a/bin/tools/Makefile.in b/bin/tools/Makefile.in index cff7d18f..d1530976 100644 --- a/bin/tools/Makefile.in +++ b/bin/tools/Makefile.in @@ -64,7 +64,7 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES} @BIND9_MAKE_RULES@ arpaname@EXEEXT@: arpaname.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} - ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ASLR_CFLAGS} ${ASLR_LDFLAGS} \ + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} \ -o $@ arpaname.@O@ ${ISCLIBS} ${LIBS} named-journalprint@EXEEXT@: named-journalprint.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} @@ -82,18 +82,6 @@ nsec3hash@EXEEXT@: nsec3hash.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} export LIBS0="${DNSLIBS} ${ISCLIBS}"; \ ${FINALBUILDCMD} -<<<<<<< HEAD -isc-hmac-fixup@EXEEXT@: isc-hmac-fixup.@O@ ${ISCDEPLIBS} - export BASEOBJS="isc-hmac-fixup.@O@"; \ - export LIBS0="${ISCLIBS}"; \ - ${FINALBUILDCMD} - -genrandom@EXEEXT@: genrandom.@O@ - ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ASLR_CFLAGS} ${ASLR_LDFLAGS} \ - -o $@ genrandom.@O@ @GENRANDOMLIB@ ${LIBS} - -======= ->>>>>>> upstream/9.14.4 mdig@EXEEXT@: mdig.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} export BASEOBJS="mdig.@O@"; \ export LIBS0="${DNSLIBS} ${BIND9LIBS}"; \ diff --git a/bind.manifest b/bind.manifest deleted file mode 100644 index 97e8c313..00000000 --- a/bind.manifest +++ /dev/null @@ -1,5 +0,0 @@ -<manifest> - <request> - <domain name="_"/> - </request> -</manifest> diff --git a/config/named.conf b/config/named.conf deleted file mode 100644 index 5f32e25f..00000000 --- a/config/named.conf +++ /dev/null @@ -1,60 +0,0 @@ -include "/etc/named.conf.rndc"; - -options { - directory "/etc/namedb"; - pid-file "/var/run/named.pid"; - statistics-file "/var/run/named.stats"; - listen-on { any; }; - listen-on-v6 { any; }; - dns64 2001:db8:1:ffff::/96 { - clients { any; }; - exclude { any; }; - }; - allow-recursion { any; }; - allow-recursion-on { any; }; -}; -zone "." { - type hint; - file "root.hints"; -}; -zone "0.0.127.in-addr.arpa" { - type master; - file "pz/127.0.0"; -}; - -// Bind 9 now logs by default through syslog (except debug). -// These are the default logging rules. - -logging { - category default { default_syslog; default_debug; }; - category unmatched { null; }; - - channel default_syslog { - syslog daemon; // send to syslog's daemon - // facility - severity info; // only send priority info - // and higher - }; - - channel default_debug { - file "named.run"; // write to named.run in - // the working directory - // Note: stderr is used instead - // of "named.run" - // if the server is started - // with the '-f' option. - severity dynamic; // log at the server's - // current debug level - }; - - channel default_stderr { - stderr; // writes to stderr - severity info; // only send priority info - // and higher - }; - - channel null { - null; // toss anything sent to - // this channel - }; -}; diff --git a/config/pz/127.0.0 b/config/pz/127.0.0 deleted file mode 100644 index 464d086c..00000000 --- a/config/pz/127.0.0 +++ /dev/null @@ -1,9 +0,0 @@ -$TTL 3D -@ IN SOA ns.local.domain. hostmaster.local.domain. ( - 1 ; Serial - 8H ; Refresh - 2H ; Retry - 4W ; Expire - 1D) ; Minimum TTL - NS ns.local.domain. -1 PTR localhost. diff --git a/config/root.hints b/config/root.hints deleted file mode 100644 index f5921c19..00000000 --- a/config/root.hints +++ /dev/null @@ -1,92 +0,0 @@ -; This file holds the information on root name servers needed to -; initialize cache of Internet domain name servers -; (e.g. reference this file in the "cache . <file>" -; configuration file of BIND domain name servers). -; -; This file is made available by InterNIC -; under anonymous FTP as -; file /domain/named.cache -; on server FTP.INTERNIC.NET -; -OR- RS.INTERNIC.NET -; -; last update: October 20, 2016 -; related version of root zone: 2016102001 -; -; formerly NS.INTERNIC.NET -; -. 3600000 NS A.ROOT-SERVERS.NET. -A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 -A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30 -; -; FORMERLY NS1.ISI.EDU -; -. 3600000 NS B.ROOT-SERVERS.NET. -B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 -B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:84::b -; -; FORMERLY C.PSI.NET -; -. 3600000 NS C.ROOT-SERVERS.NET. -C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 -C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c -; -; FORMERLY TERP.UMD.EDU -; -. 3600000 NS D.ROOT-SERVERS.NET. -D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 -D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d -; -; FORMERLY NS.NASA.GOV -; -. 3600000 NS E.ROOT-SERVERS.NET. -E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 -E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e -; -; FORMERLY NS.ISC.ORG -; -. 3600000 NS F.ROOT-SERVERS.NET. -F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 -F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f -; -; FORMERLY NS.NIC.DDN.MIL -; -. 3600000 NS G.ROOT-SERVERS.NET. -G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 -G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d -; -; FORMERLY AOS.ARL.ARMY.MIL -; -. 3600000 NS H.ROOT-SERVERS.NET. -H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53 -H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53 -; -; FORMERLY NIC.NORDU.NET -; -. 3600000 NS I.ROOT-SERVERS.NET. -I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 -I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53 -; -; OPERATED BY VERISIGN, INC. -; -. 3600000 NS J.ROOT-SERVERS.NET. -J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 -J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30 -; -; OPERATED BY RIPE NCC -; -. 3600000 NS K.ROOT-SERVERS.NET. -K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 -K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1 -; -; OPERATED BY ICANN -; -. 3600000 NS L.ROOT-SERVERS.NET. -L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 -L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42 -; -; OPERATED BY WIDE -; -. 3600000 NS M.ROOT-SERVERS.NET. -M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 -M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35 -; End of file diff --git a/configure.in b/configure.in deleted file mode 100644 index f9a8d1b1..00000000 --- a/configure.in +++ /dev/null @@ -1,5390 +0,0 @@ -# Copyright (C) 1998-2016 Internet Systems Consortium, Inc. ("ISC") -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -dnl -AC_DIVERT_PUSH(1)dnl -esyscmd([sed -e 's/^/# /' -e '/Portions of this code/,$d' COPYRIGHT])dnl -AC_DIVERT_POP()dnl - -AC_INIT(BIND, [9.11], [bind9-bugs@isc.org], [], [https://www.isc.org/downloads/BIND/]) -AC_PREREQ(2.59) - -AC_CONFIG_HEADER(config.h) -AC_CONFIG_MACRO_DIR([libtool.m4]) - -AC_CANONICAL_HOST - -AC_PROG_MAKE_SET - -# -# GNU libtool support -# -case $build_os in -sunos*) - # Just set the maximum command line length for sunos as it otherwise - # takes a exceptionally long time to work it out. Required for libtool. - - lt_cv_sys_max_cmd_len=4096; - ;; -esac - -AC_PROG_LIBTOOL -AC_PROG_INSTALL -AC_PROG_LN_S - -AC_SUBST(STD_CINCLUDES) -AC_SUBST(STD_CDEFINES) -AC_SUBST(STD_CWARNINGS) -AC_SUBST(CCOPT) -AC_SUBST(CCNOOPT) -AC_SUBST(BACKTRACECFLAGS) - -# Warn if the user specified libbind, which is now deprecated -AC_ARG_ENABLE(libbind, [ --enable-libbind deprecated]) - -case "$enable_libbind" in - yes) - AC_MSG_ERROR(['libbind' is no longer part of the BIND 9 distribution. -It is available from http://www.isc.org as a separate download.]) - ;; - no|'') - ;; -esac - -AC_ARG_ENABLE(warn_shadow, [ --enable-warn-shadow turn on -Wshadow when compiling]) - -AC_ARG_ENABLE(warn_error, [ --enable-warn-error turn on -Werror when compiling]) - -AC_ARG_ENABLE(developer, [ --enable-developer enable developer build settings]) -case "$enable_developer" in -yes) - STD_CDEFINES="$STD_CDEFINES -DISC_LIST_CHECKINIT=1" - test "${enable_fixed_rrset+set}" = set || enable_fixed_rrset=yes - test "${enable_querytrace+set}" = set || enable_querytrace=yes - test "${with_atf+set}" = set || with_atf=yes - test "${enable_filter_aaaa+set}" = set || enable_filter_aaaa=yes - test "${with_dlz_filesystem+set}" = set || with_dlz_filesystem=yes - test "${enable_symtable+set}" = set || enable_symtable=all - test "${enable_warn_error+set}" = set || enable_warn_error=yes - test "${enable_warn_shadow+set}" = set || enable_warn_shadow=yes - test "${with_zlib+set}" = set || with_zlib=yes - ;; -esac - -# American Fuzzy Lop -AC_ARG_ENABLE(afl, [ --enable-afl enable American Fuzzy Lop test harness [[default=no]]], - [AC_DEFINE([ENABLE_AFL], [1], [Define to enable American Fuzzy Lop test harness])]) -case "$enable_afl" in -yes) - LIBS="$LIBS -lpthread" - ;; -esac - -#libseccomp sandboxing -AC_ARG_ENABLE(seccomp, - AS_HELP_STRING([--enable-seccomp],[enable support for libseccomp system call filtering [default=no]])) -case "$enable_seccomp" in - yes) - case $host_os in - linux*) - ;; - *) - AC_MSG_WARN([seccomp is not supported on non-linux platforms; disabling it]) - enable_seccomp=no - ;; - esac - AC_SEARCH_LIBS(seccomp_init, [seccomp]) - if test "$ac_cv_search_seccomp_init" = "-lseccomp" ; then - AC_TRY_RUN([ - #include <stdio.h> - #include <stdlib.h> - #include <errno.h> - #include <sys/prctl.h> - #include <linux/seccomp.h> - - int main(void) - { - int ret; - - ret = prctl(PR_GET_SECCOMP, 0, 0, 0, 0); - if (ret < 0) { - switch (errno) { - case ENOSYS: - return 1; - case EINVAL: - return 1; - default: - return 1; - } - } - ret = - prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); - if (ret < 0) { - switch (errno) { - case EINVAL: - return 1; - case EFAULT: - return 0; - default: - return 1; - } - } - return 1; - } - ] - , AC_DEFINE([HAVE_LIBSECCOMP], 1, - [Define to use libseccomp system call filtering.]) - , [] - ) - fi - ;; - *) - ;; -esac - -# -# Make very sure that these are the first files processed by -# config.status, since we use the processed output as the input for -# AC_SUBST_FILE() substitutions in other files. -# -AC_CONFIG_FILES([make/rules make/includes]) - -AC_PATH_PROG(AR, ar) -ARFLAGS="cruv" -AC_SUBST(AR) -AC_SUBST(ARFLAGS) - -# The POSIX ln(1) program. Non-POSIX systems may substitute -# "copy" or something. -LN=ln -AC_SUBST(LN) - -case "$AR" in - "") - AC_MSG_ERROR([ -ar program not found. Please fix your PATH to include the directory in -which ar resides, or set AR in the environment with the full path to ar. -]) - - ;; -esac - -# -# Etags. -# -AC_PATH_PROGS(ETAGS, etags emacs-etags) - -# -# Some systems, e.g. RH7, have the Exuberant Ctags etags instead of -# GNU emacs etags, and it requires the -L flag. -# -if test "X$ETAGS" != "X"; then - AC_MSG_CHECKING(for Exuberant Ctags etags) - if $ETAGS --version 2>&1 | grep 'Exuberant Ctags' >/dev/null 2>&1; then - AC_MSG_RESULT(yes) - ETAGS="$ETAGS -L" - else - AC_MSG_RESULT(no) - fi -fi -AC_SUBST(ETAGS) - -# -# Perl is optional; it is used only by some of the system test scripts. -# Note: the backtrace feature (see below) uses perl to build the symbol table, -# but it still compiles without perl, in which case an empty table will be used. -# -AC_PATH_PROGS(PERL, perl5 perl) -AC_SUBST(PERL) - -# -# Python is also optional; it is used by the tools in bin/python. -# If python is unavailable, we simply don't build those. -# -AC_ARG_WITH(python, -[ --with-python=PATH specify path to python interpreter], - use_python="$withval", use_python="unspec") - -python="python python3 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python2 python2.7 python2.6 python2.5 python2.4" - -testargparse='try: import argparse -except: exit(1)' - -testply='try: from ply import * -except: exit(1)' - -case "$use_python" in - no) - AC_MSG_CHECKING([for python support]) - AC_MSG_RESULT(disabled) - ;; - unspec|yes|*) - case "$use_python" in - unspec|yes|'') - for p in $python - do - AC_PATH_PROGS(PYTHON, $p) - if test "X$PYTHON" = "X"; then - continue; - fi - AC_MSG_CHECKING([python module 'argparse']) - if ${PYTHON:-false} -c "$testargparse"; then - AC_MSG_RESULT([found]) - else - AC_MSG_RESULT([not found]) - unset ac_cv_path_PYTHON - unset PYTHON - continue - fi - - AC_MSG_CHECKING([python module 'ply']) - if ${PYTHON:-false} -c "$testply"; then - AC_MSG_RESULT([found]) - break - else - AC_MSG_RESULT([not found]) - unset ac_cv_path_PYTHON - unset PYTHON - fi - done - if test "X$PYTHON" = "X" - then - AC_MSG_CHECKING([for python support]) - case "$use_python" in - unspec) - AC_MSG_RESULT(disabled) - ;; - yes) - AC_MSG_ERROR([missing python]) - ;; - esac - fi - ;; - *) - case "$use_python" in - /*) - PYTHON="$use_python" - ;; - *) - AC_PATH_PROGS(PYTHON, $use_python) - ;; - esac - AC_MSG_CHECKING([python module 'argparse']) - if ${PYTHON:-false} -c "$testargparse"; then - AC_MSG_RESULT([found, using $PYTHON]) - else - AC_MSG_ERROR([not found]) - fi - AC_MSG_CHECKING([python module 'ply']) - if ${PYTHON:-false} -c "$testply"; then - AC_MSG_RESULT([found, using $PYTHON]) - else - AC_MSG_ERROR([not found]) - fi - ;; - esac - ;; -esac - -PYTHON_TOOLS='' -CHECKDS='' -COVERAGE='' -KEYMGR='' -if test "X$PYTHON" != "X"; then - PYTHON_TOOLS=python - CHECKDS=checkds - COVERAGE=coverage - KEYMGR=keymgr -fi -AC_SUBST(CHECKDS) -AC_SUBST(COVERAGE) -AC_SUBST(KEYMGR) -AC_SUBST(PYTHON_TOOLS) - -# -# Special processing of paths depending on whether --prefix, -# --sysconfdir or --localstatedir arguments were given. What's -# desired is some compatibility with the way previous versions -# of BIND built; they defaulted to /usr/local for most parts of -# the installation, but named.boot/named.conf was in /etc -# and named.pid was in /var/run. -# -# So ... if none of --prefix, --sysconfdir or --localstatedir are -# specified, set things up that way. If --prefix is given, use -# it for sysconfdir and localstatedir the way configure normally -# would. To change the prefix for everything but leave named.conf -# in /etc or named.pid in /var/run, then do this the usual configure way: -# ./configure --prefix=/somewhere --sysconfdir=/etc -# ./configure --prefix=/somewhere --localstatedir=/var -# -# To put named.conf and named.pid in /usr/local with everything else, -# set the prefix explicitly to /usr/local even though that's the default: -# ./configure --prefix=/usr/local -# -case "$prefix" in - NONE) - case "$sysconfdir" in - '${prefix}/etc') - sysconfdir=/etc - ;; - esac - case "$localstatedir" in - '${prefix}/var') - localstatedir=/var - ;; - esac - ;; -esac -expanded_sysconfdir=`eval echo $sysconfdir` -AC_SUBST(expanded_sysconfdir) - -# -# Make sure INSTALL uses an absolute path, else it will be wrong in all -# Makefiles, since they use make/rules.in and INSTALL will be adjusted by -# configure based on the location of the file where it is substituted. -# Since in BIND9 INSTALL is only substituted into make/rules.in, an immediate -# subdirectory of install-sh, This relative path will be wrong for all -# directories more than one level down from install-sh. -# -case "$INSTALL" in - /*) - ;; - *) - # - # Not all systems have dirname. - # - changequote({, }) - ac_dir="`echo $INSTALL | sed 's%/[^/]*$%%'`" - changequote([, ]) - - ac_prog="`echo $INSTALL | sed 's%.*/%%'`" - test "$ac_dir" = "$ac_prog" && ac_dir=. - test -d "$ac_dir" && ac_dir="`(cd \"$ac_dir\" && pwd)`" - INSTALL="$ac_dir/$ac_prog" - ;; -esac - -# -# On these hosts, we really want to use cc, not gcc, even if it is -# found. The gcc that these systems have will not correctly handle -# pthreads. -# -# However, if the user sets $CC to be something, let that override -# our change. -# -if test "X$CC" = "X" ; then - case "$host" in - *-dec-osf*) - CC="cc" - ;; - *-solaris*) - # Use Sun's cc if it is available, but watch - # out for /usr/ucb/cc; it will never be the right - # compiler to use. - # - # If setting CC here fails, the AC_PROG_CC done - # below might still find gcc. - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" - for ac_dir in $PATH; do - test -z "$ac_dir" && ac_dir=. - case "$ac_dir" in - /usr/ucb) - # exclude - ;; - *) - if test -f "$ac_dir/cc"; then - CC="$ac_dir/cc" - break - fi - ;; - esac - done - IFS="$ac_save_ifs" - ;; - *-hp-hpux*) - CC="cc" - ;; - mips-sgi-irix*) - CC="cc" - ;; - esac -fi - -AC_PROG_CC - -# -# gcc's optimiser is broken at -02 for ultrasparc -# -if test "$ac_env_CFLAGS_set" != set -a "X$GCC" = "Xyes"; then - case "$host" in - sparc-*) - CCFLAGS="-g -O1" - ;; - esac -fi - -# -# OS dependent CC flags -# -case "$host" in - # OSF 5.0: recv/send are only available with -D_POSIX_PII_SOCKET or - # -D_XOPEN_SOURCE_EXTENDED. - *-dec-osf*) - STD_CDEFINES="$STD_CDEFINES -D_POSIX_PII_SOCKET" - CPPFLAGS="$CPPFLAGS -D_POSIX_PII_SOCKET" - ;; - #HP-UX: need -D_XOPEN_SOURCE_EXTENDED and -lxnet for CMSG macros - *-hp-hpux*) - STD_CDEFINES="$STD_CDEFINES -D_XOPEN_SOURCE_EXTENDED" - CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE_EXTENDED" - LIBS="-lxnet $LIBS" - ;; - # Solaris: need -D_XPG4_2 and -D__EXTENSIONS__ for CMSG macros - *-solaris*) - STD_CDEFINES="$STD_CDEFINES -D_XPG4_2 -D__EXTENSIONS__" - CPPFLAGS="$CPPFLAGS -D_XPG4_2 -D__EXTENSIONS__" - ;; - # POSIX doesn't include the IPv6 Advanced Socket API and glibc hides - # parts of the IPv6 Advanced Socket API as a result. This is stupid - # as it breaks how the two halves (Basic and Advanced) of the IPv6 - # Socket API were designed to be used but we have to live with it. - # Define _GNU_SOURCE to pull in the IPv6 Advanced Socket API. - *-linux* | *-kfreebsd*-gnu*) - STD_CDEFINES="$STD_CDEFINES -D_GNU_SOURCE" - CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE" - ;; - # - # Starting with OSX 10.7 (Lion) we must choose which IPv6 API to use. - # Setting this is sufficient to select the correct behavior for BIND 9. - # - *-darwin*) - STD_CDEFINES="$STD_CDEFINES -D__APPLE_USE_RFC_3542" - CPPFLAGS="$CPPFLAGS -D__APPLE_USE_RFC_3542" - ;; -esac - -# -# CCNOOPT defaults to -O0 on gcc and disables optimization when is last -# -if test "X$CCNOOPT" = "X" -a "X$GCC" = "Xyes"; then - CCNOOPT="-O0" -fi - -AC_HEADER_STDC - -AC_CHECK_HEADERS(fcntl.h regex.h sys/time.h unistd.h sys/mman.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h sys/socket.h net/route.h linux/netlink.h linux/rtnetlink.h,,, -[$ac_includes_default -#ifdef HAVE_SYS_PARAM_H -# include <sys/param.h> -#endif -#ifdef HAVE_SYS_SOCKET_H -# include <sys/socket.h> -#endif -]) - -AC_C_CONST -AC_C_INLINE -AC_C_VOLATILE -AC_CHECK_FUNC(sysctlbyname, AC_DEFINE(HAVE_SYSCTLBYNAME)) -AC_C_FLEXIBLE_ARRAY_MEMBER - -# -# Check for the existence of mmap to enable the fast format zones -# -AC_CHECK_FUNCS(mmap) - -# -# Older versions of HP/UX don't define seteuid() and setegid() -# -AC_CHECK_FUNCS(seteuid setresuid) -AC_CHECK_FUNCS(setegid setresgid) - -# BSDI doesn't have ftello fseeko -AC_CHECK_FUNCS(ftello fseeko) - -# -# UnixWare 7.1.1 with the feature supplement to the UDK compiler -# is reported to not support "static inline" (RT #1212). -# -AC_MSG_CHECKING(for static inline breakage) -AC_TRY_COMPILE([ - static inline int foo1() { - return 0; - } - - static inline int foo2() { - return foo1(); - } - ], [foo1();], - [AC_MSG_RESULT(no)], - [AC_MSG_RESULT(yes) - AC_DEFINE(inline, ,[Define to empty if your compiler does not support "static inline".])]) - -AC_TYPE_SIZE_T -AC_CHECK_TYPE(ssize_t, int) -AC_CHECK_TYPE(uintptr_t,unsigned long) -AC_CHECK_TYPE(socklen_t, -[AC_DEFINE(ISC_SOCKADDR_LEN_T, socklen_t)], -[ -AC_TRY_COMPILE( -[ -#include <sys/types.h> -#include <sys/socket.h> -int getsockname(int, struct sockaddr *, size_t *); -],[], -[AC_DEFINE(ISC_SOCKADDR_LEN_T, size_t)], -[AC_DEFINE(ISC_SOCKADDR_LEN_T, int)]) -], -[ -#include <sys/types.h> -#include <sys/socket.h> -]) -AC_SUBST(ISC_SOCKADDR_LEN_T) -AC_HEADER_TIME -AC_MSG_CHECKING(for long long) -AC_TRY_COMPILE([],[long long i = 0; return (0);], - [AC_MSG_RESULT(yes) - ISC_PLATFORM_HAVELONGLONG="#define ISC_PLATFORM_HAVELONGLONG 1"], - [AC_MSG_RESULT(no) - ISC_PLATFORM_HAVELONGLONG="#undef ISC_PLATFORM_HAVELONGLONG"]) -AC_SUBST(ISC_PLATFORM_HAVELONGLONG) - -# -# check for uname library routine -# -AC_MSG_CHECKING(for uname) -AC_TRY_COMPILE([ -#include <sys/utsname.h> -#include <stdio.h> -], -[ -struct utsname uts; -uname(&uts); -printf("running on %s %s %s for %s\n", - uts.sysname, uts.release, uts.version, uts.machine); -], - [AC_MSG_RESULT(yes) - AC_DEFINE(HAVE_UNAME)], - [AC_MSG_RESULT(no) - AC_MSG_WARN([uname is not correctly supported])]) - -# -# check for GCC noreturn attribute -# -AC_MSG_CHECKING(for GCC noreturn attribute) -AC_TRY_COMPILE([],[void foo() __attribute__((noreturn));], - [AC_MSG_RESULT(yes) - ISC_PLATFORM_NORETURN_PRE="#define ISC_PLATFORM_NORETURN_PRE" - ISC_PLATFORM_NORETURN_POST="#define ISC_PLATFORM_NORETURN_POST __attribute__((noreturn))"], - [AC_MSG_RESULT(no) - ISC_PLATFORM_NORETURN_PRE="#define ISC_PLATFORM_NORETURN_PRE" - ISC_PLATFORM_NORETURN_POST="#define ISC_PLATFORM_NORETURN_POST"]) -AC_SUBST(ISC_PLATFORM_NORETURN_PRE) -AC_SUBST(ISC_PLATFORM_NORETURN_POST) - -# -# check if we have lifconf -# -AC_MSG_CHECKING(for struct lifconf) -AC_TRY_COMPILE([ -#include <sys/types.h> -#include <sys/socket.h> -#include <net/if.h> -], -[ -struct lifconf lifconf; -lifconf.lifc_len = 0; -] -, - [AC_MSG_RESULT(yes) - ISC_PLATFORM_HAVELIFCONF="#define ISC_PLATFORM_HAVELIFCONF 1"], - [AC_MSG_RESULT(no) - ISC_PLATFORM_HAVELIFCONF="#undef ISC_PLATFORM_HAVELIFCONF"]) -AC_SUBST(ISC_PLATFORM_HAVELIFCONF) - -# -# check if we have kqueue -# -AC_ARG_ENABLE(kqueue, - [ --enable-kqueue use BSD kqueue when available [[default=yes]]], - want_kqueue="$enableval", want_kqueue="yes") -case $want_kqueue in -yes) - AC_CHECK_FUNC(kqueue, ac_cv_have_kqueue=yes, ac_cv_have_kqueue=no) - case $ac_cv_have_kqueue in - yes) - ISC_PLATFORM_HAVEKQUEUE="#define ISC_PLATFORM_HAVEKQUEUE 1" - ;; - *) - ISC_PLATFORM_HAVEKQUEUE="#undef ISC_PLATFORM_HAVEKQUEUE" - ;; - esac - ;; -*) - ISC_PLATFORM_HAVEKQUEUE="#undef ISC_PLATFORM_HAVEKQUEUE" - ;; -esac -AC_SUBST(ISC_PLATFORM_HAVEKQUEUE) - -# -# check if we have epoll. Linux kernel 2.4 has epoll_create() which fails, -# so we need to try running the code, not just test its existence. -# -AC_ARG_ENABLE(epoll, -[ --enable-epoll use Linux epoll when available [[default=auto]]], - want_epoll="$enableval", want_epoll="auto") -case $want_epoll in -auto) - AC_MSG_CHECKING(epoll support) - AC_TRY_RUN([ -#include <sys/epoll.h> -int main() { - if (epoll_create(1) < 0) - return (1); - return (0); -} -], - [AC_MSG_RESULT(yes) - ISC_PLATFORM_HAVEEPOLL="#define ISC_PLATFORM_HAVEEPOLL 1"], - [AC_MSG_RESULT(no) - ISC_PLATFORM_HAVEEPOLL="#undef ISC_PLATFORM_HAVEEPOLL"], - [AC_MSG_RESULT(no) - ISC_PLATFORM_HAVEEPOLL="#undef ISC_PLATFORM_HAVEEPOLL"]) - ;; -yes) - ISC_PLATFORM_HAVEEPOLL="#define ISC_PLATFORM_HAVEEPOLL 1" - ;; -*) - ISC_PLATFORM_HAVEEPOLL="#undef ISC_PLATFORM_HAVEEPOLL" - ;; -esac -AC_SUBST(ISC_PLATFORM_HAVEEPOLL) - -# -# check if we support /dev/poll -# -AC_ARG_ENABLE(devpoll, - [ --enable-devpoll use /dev/poll when available [[default=yes]]], - want_devpoll="$enableval", want_devpoll="yes") -case $want_devpoll in -yes) - AC_CHECK_HEADERS(sys/devpoll.h devpoll.h, - ISC_PLATFORM_HAVEDEVPOLL="#define ISC_PLATFORM_HAVEDEVPOLL 1" - , - ISC_PLATFORM_HAVEDEVPOLL="#undef ISC_PLATFORM_HAVEDEVPOLL" - ) - ;; -*) - ISC_PLATFORM_HAVEDEVPOLL="#undef ISC_PLATFORM_HAVEDEVPOLL" - ;; -esac -AC_SUBST(ISC_PLATFORM_HAVEDEVPOLL) - -# -# check if we need to #include sys/select.h explicitly -# -case $ac_cv_header_unistd_h in -yes) -AC_MSG_CHECKING(if unistd.h or sys/types.h defines fd_set) -AC_TRY_COMPILE([ -#include <sys/types.h> /* Ultrix */ -#include <unistd.h>], -[fd_set read_set; return (0);], - [AC_MSG_RESULT(yes) - ISC_PLATFORM_NEEDSYSSELECTH="#undef ISC_PLATFORM_NEEDSYSSELECTH" - LWRES_PLATFORM_NEEDSYSSELECTH="#undef LWRES_PLATFORM_NEEDSYSSELECTH"], - [AC_MSG_RESULT(no) - case $ac_cv_header_sys_select_h in - yes) - ISC_PLATFORM_NEEDSYSSELECTH="#define ISC_PLATFORM_NEEDSYSSELECTH 1" - LWRES_PLATFORM_NEEDSYSSELECTH="#define LWRES_PLATFORM_NEEDSYSSELECTH 1" - ;; - no) - AC_MSG_ERROR([need either working unistd.h or sys/select.h]) - ;; - esac - ]) - ;; -no) - case $ac_cv_header_sys_select_h in - yes) - ISC_PLATFORM_NEEDSYSSELECTH="#define ISC_PLATFORM_NEEDSYSSELECTH 1" - LWRES_PLATFORM_NEEDSYSSELECTH="#define LWRES_PLATFORM_NEEDSYSSELECTH 1" - ;; - no) - AC_MSG_ERROR([need either unistd.h or sys/select.h]) - ;; - esac - ;; -esac -AC_SUBST(ISC_PLATFORM_NEEDSYSSELECTH) -AC_SUBST(LWRES_PLATFORM_NEEDSYSSELECTH) - -# -# Find the machine's endian flavor. -# -AC_C_BIGENDIAN - -# -# GeoIP support? -# -GEOIPLINKSRCS= -GEOIPLINKOBJS= -AC_ARG_WITH(geoip, -[ --with-geoip=PATH Build with GeoIP support (yes|no|path)], - use_geoip="$withval", use_geoip="no") - -if test "$use_geoip" = "yes" -then - for d in /usr /usr/local /opt/local - do - if test -f $d/include/GeoIP.h - then - use_geoip=$d - break - fi - done -fi - -case "$use_geoip" in - no|'') - AC_MSG_CHECKING([for GeoIP support]) - AC_MSG_RESULT([disabled]) - ;; - *) - if test -d "$use_geoip" -o -L "$use_geoip" - then - CFLAGS="$CFLAGS -I$use_geoip/include" - CPPFLAGS="$CPPFLAGS -I$use_geoip/include" - LIBS="$LIBS -L$use_geoip/lib" - case "$host_os" in - netbsd*|openbsd*|solaris*) - LIBS="$LIBS -Wl,-rpath=$use_geoip/lib" - ;; - esac - elif test "$use_geoip" = "yes" - then - AC_MSG_ERROR([GeoIP path not found]) - else - AC_MSG_ERROR([GeoIP path $use_geoip does not exist]) - fi - AC_CHECK_HEADER(GeoIP.h, [], - [AC_MSG_ERROR([GeoIP header file not found])] - ) - AC_SEARCH_LIBS(GeoIP_id_by_addr_gl, GeoIP, [], - [AC_MSG_ERROR([suitable GeoIP library not found])] - ) - AC_SEARCH_LIBS(fabsf, m, [], - [AC_MSG_ERROR([Math library not found])] - ) - AC_DEFINE(HAVE_GEOIP, 1, Build with GeoIP support) - GEOIPLINKSRCS='${GEOIPLINKSRCS}' - GEOIPLINKOBJS='${GEOIPLINKOBJS}' - AC_MSG_CHECKING([for GeoIP support]) - AC_MSG_RESULT([yes]) - - AC_MSG_CHECKING([for GeoIP Country IPv6 support]) - AC_COMPILE_IFELSE( - [AC_LANG_PROGRAM([ - #include <GeoIP.h> - #include <netinet/in.h> - ], [ - struct in6_addr in6; - GeoIP_country_name_by_ipnum_v6(NULL, in6); - ])], - [ - AC_MSG_RESULT([yes]) - AC_DEFINE(HAVE_GEOIP_V6, 1, Build with GeoIP Country IPv6 support) - ], - [AC_MSG_RESULT([no])] - ) - - AC_MSG_CHECKING([for GeoIP City IPv6 support]) - AC_COMPILE_IFELSE( - [AC_LANG_PROGRAM([ - #include <GeoIP.h> - #include <GeoIPCity.h> - #include <netinet/in.h> - ], [ - struct in6_addr in6; - int i = GEOIP_CITY_EDITION_REV0_V6; - GeoIP_record_by_ipnum_v6(NULL, in6); - ])], - [ - AC_MSG_RESULT([yes]) - AC_DEFINE(HAVE_GEOIP_CITY_V6, 1, Build with GeoIP City IPv6 support) - ], - [AC_MSG_RESULT([no])] - ) - ;; -esac -AC_SUBST(GEOIPLINKSRCS) -AC_SUBST(GEOIPLINKOBJS) - -AC_MSG_CHECKING(for GSSAPI library) -AC_ARG_WITH(gssapi, -[ --with-gssapi=[[PATH|[/path/]krb5-config]] Specify path for system-supplied GSSAPI [[default=yes]]], - use_gssapi="$withval", use_gssapi="yes") - -# first try using krb5-config, if that does not work then fall back to "yes" method. - -case "$use_gssapi" in -*/krb5-config|krb5-config) - AC_MSG_RESULT(trying $use_gssapi) - if test "$use_gssapi" = krb5-config - then - AC_PATH_PROG(KRB5_CONFIG, $use_gssapi) - else - KRB5_CONFIG="$use_gssapi" - fi - gssapi_cflags=`$KRB5_CONFIG --cflags gssapi` - gssapi_libs=`$KRB5_CONFIG --libs gssapi` - saved_cppflags="$CPPFLAGS" - CPPFLAGS="$gssapi_cflags $CPPFLAGS" - AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h, - [ISC_PLATFORM_GSSAPIHEADER="#define ISC_PLATFORM_GSSAPIHEADER <$ac_header>"]) - if test "$ISC_PLATFORM_GSSAPIHEADER" = ""; then - AC_MSG_RESULT([krb5-config: gssapi.h not found]) - CPPFLAGS="$saved_cppflags" - use_gssapi="yes" - else - AC_CHECK_HEADERS(krb5/krb5.h krb5.h, - [ISC_PLATFORM_KRB5HEADER="#define ISC_PLATFORM_KRB5HEADER <$ac_header>"]) - if test "$ISC_PLATFORM_KRB5HEADER" = ""; then - AC_MSG_RESULT([krb5-config: krb5.h not found]) - CPPFLAGS="$saved_cppflags" - use_gssapi="yes" - else - CPPFLAGS="$saved_cppflags" - saved_libs="$LIBS" - LIBS=$gssapi_libs - AC_MSG_CHECKING([krb5-config linking as $LIBS]) - AC_TRY_LINK( , [gss_acquire_cred();krb5_init_context()], - gssapi_linked=yes, gssapi_linked=no) - case $gssapi_linked in - yes) AC_MSG_RESULT([krb5-config: linked]);; - no) AC_MSG_RESULT([krb5-config: could not determine proper GSSAPI linkage]) - use_gssapi="yes" - ;; - esac - LIBS=$saved_libs - fi - fi - if test "$use_gssapi" = "yes"; then - AC_MSG_CHECKING([for GSSAPI library, non krb5-config method]) - fi - ;; -esac - -# gssapi is just the framework, we really require kerberos v5, so -# look for those headers (the gssapi headers must be there, too) -# The problem with this implementation is that it doesn't allow -# for the specification of gssapi and krb5 headers in different locations, -# which probably ought to be fixed although fixing might raise the issue of -# trying to build with incompatible versions of gssapi and krb5. -if test "$use_gssapi" = "yes" -then - # first, deal with the obvious - if test \( -f /usr/include/kerberosv5/krb5.h -o \ - -f /usr/include/krb5/krb5.h -o \ - -f /usr/include/krb5.h \) -a \ - \( -f /usr/include/gssapi.h -o \ - -f /usr/include/gssapi/gssapi.h \) - then - use_gssapi=/usr - else - krb5dirs="/usr/local /usr/local/krb5 /usr/local/kerberosv5 /usr/local/kerberos /usr/pkg /usr/krb5 /usr/kerberosv5 /usr/kerberos /usr" - for d in $krb5dirs - do - if test -f $d/include/gssapi/gssapi_krb5.h -o \ - -f $d/include/krb5.h - then - if test -f $d/include/gssapi/gssapi.h -o \ - -f $d/include/gssapi.h - then - use_gssapi=$d - break - fi - fi - use_gssapi="no" - done - fi -fi - -case "$use_gssapi" in - no) - AC_MSG_RESULT(disabled) - USE_GSSAPI='' - ;; - yes) - AC_MSG_ERROR([--with-gssapi must specify a path]) - ;; - */krb5-config|krb5-config) - USE_GSSAPI='-DGSSAPI' - DST_GSSAPI_INC="$gssapi_cflags" - DNS_GSSAPI_LIBS="$gssapi_libs" - ;; - *) - AC_MSG_RESULT(looking in $use_gssapi/lib) - USE_GSSAPI='-DGSSAPI' - saved_cppflags="$CPPFLAGS" - CPPFLAGS="-I$use_gssapi/include $CPPFLAGS" - AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h, - [ISC_PLATFORM_GSSAPIHEADER="#define ISC_PLATFORM_GSSAPIHEADER <$ac_header>" - gssapi_hack="#include <$ac_header>"]) - - if test "$ISC_PLATFORM_GSSAPIHEADER" = ""; then - AC_MSG_ERROR([gssapi.h not found]) - fi - - AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h, - [ISC_PLATFORM_GSSAPI_KRB5_HEADER="#define ISC_PLATFORM_GSSAPI_KRB5_HEADER <$ac_header>" - gssapi_krb5_hack="#include <$ac_header>"]) - - AC_CHECK_HEADERS(krb5.h krb5/krb5.h kerberosv5/krb5.h, - [ISC_PLATFORM_KRB5HEADER="#define ISC_PLATFORM_KRB5HEADER <$ac_header>" - krb5_hack="#include <$ac_header>"]) - - if test "$ISC_PLATFORM_KRB5HEADER" = ""; then - AC_MSG_ERROR([krb5.h not found]) - fi - - # - # XXXDCL This probably doesn't work right on all systems. - # It will need to be worked on as problems become evident. - # - # Essentially the problems here relate to two different - # areas. The first area is building with either KTH - # or MIT Kerberos, particularly when both are present on - # the machine. The other is static versus dynamic linking. - # - # On the KTH vs MIT issue, Both have libkrb5 that can mess - # up the works if one implementation ends up trying to - # use the other's krb. This is unfortunately a situation - # that very easily arises. - # - # Dynamic linking when the dependency information is built - # into MIT's libgssapi_krb5 or KTH's libgssapi magically makes - # all such problems go away, but when that setup is not - # present, because either the dynamic libraries lack - # dependencies or static linking is being done, then the - # problems start to show up. - saved_libs="$LIBS" - for TRY_LIBS in \ - "-lgssapi_krb5" \ - "-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" \ - "-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lresolv" \ - "-lgssapi" \ - "-lgssapi -lkrb5 -ldes -lcrypt -lasn1 -lroken -lcom_err" \ - "-lgssapi -lkrb5 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \ - "-lgssapi -lkrb5 -lgssapi_krb5 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \ - "-lgssapi -lkrb5 -lhx509 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \ - "-lgss -lkrb5" - do - # Note that this does not include $saved_libs, because - # on FreeBSD machines this configure script has added - # -L/usr/local/lib to LIBS, which can make the - # -lgssapi_krb5 test succeed with shared libraries even - # when you are trying to build with KTH in /usr/lib. - if test "$use_gssapi" = "/usr" - then - LIBS="$TRY_LIBS" - else - LIBS="-L$use_gssapi/lib $TRY_LIBS" - fi - AC_MSG_CHECKING(linking as $TRY_LIBS) - AC_TRY_LINK([ -#include <sys/types.h> -$gssapi_hack -$gssapi_krb5_hack -$krb5_hack - ] , [gss_acquire_cred(NULL, NULL, 0, NULL, 0, NULL, NULL, NULL);krb5_init_context(NULL); -#if defined(HAVE_GSSAPI_KRB5_H) || defined(HAVE_GSSAPI_GSSAPI_KRB5_H) -gsskrb5_register_acceptor_identity(NULL); -#endif], - gssapi_linked=yes, gssapi_linked=no) - case $gssapi_linked in - yes) AC_MSG_RESULT(yes); break ;; - no) AC_MSG_RESULT(no) ;; - esac - done - - CPPFLAGS="$saved_cppflags" - - case $gssapi_linked in - no) AC_MSG_ERROR(could not determine proper GSSAPI linkage) ;; - esac - - # - # XXXDCL Major kludge. Tries to cope with KTH in /usr/lib - # but MIT in /usr/local/lib and trying to build with KTH. - # /usr/local/lib can end up earlier on the link lines. - # Like most kludges, this one is not only inelegant it - # is also likely to be the wrong thing to do at least as - # many times as it is the right thing. Something better - # needs to be done. - # - if test "$use_gssapi" = "/usr" -a \ - -f /usr/local/lib/libkrb5.a; then - FIX_KTH_VS_MIT=yes - fi - - case "$FIX_KTH_VS_MIT" in - yes) - case "$enable_static_linking" in - yes) gssapi_lib_suffix=".a" ;; - *) gssapi_lib_suffix=".so" ;; - esac - - for lib in $LIBS; do - case $lib in - -L*) - ;; - -l*) - new_lib=`echo $lib | - sed -e s%^-l%$use_gssapi/lib/lib% \ - -e s%$%$gssapi_lib_suffix%` - NEW_LIBS="$NEW_LIBS $new_lib" - ;; - *) - AC_MSG_ERROR([KTH vs MIT Kerberos confusion!]) - ;; - esac - done - LIBS="$NEW_LIBS" - ;; - esac - - DST_GSSAPI_INC="-I$use_gssapi/include" - DNS_GSSAPI_LIBS="$LIBS" - - AC_MSG_RESULT(using GSSAPI from $use_gssapi/lib and $use_gssapi/include) - LIBS="$saved_libs" - ;; -esac - -AC_SUBST(ISC_PLATFORM_HAVEGSSAPI) -AC_SUBST(ISC_PLATFORM_GSSAPIHEADER) -AC_SUBST(ISC_PLATFORM_GSSAPI_KRB5_HEADER) -AC_SUBST(ISC_PLATFORM_KRB5HEADER) - -AC_SUBST(USE_GSSAPI) -AC_SUBST(DST_GSSAPI_INC) -AC_SUBST(DNS_GSSAPI_LIBS) -DNS_CRYPTO_LIBS="$DNS_GSSAPI_LIBS $DNS_CRYPTO_LIBS" - -# -# Applications linking with libdns also need to link with these libraries. -# - -AC_SUBST(DNS_CRYPTO_LIBS) - -# -# was --with-randomdev specified? -# -AC_MSG_CHECKING(for random device) -AC_ARG_WITH(randomdev, -[ --with-randomdev=PATH Specify path for random device], - use_randomdev="$withval", use_randomdev="unspec") - -case "$use_randomdev" in - unspec) - case "$cross_compiling" in - yes) - AC_MSG_RESULT(unspecified) - AC_MSG_ERROR([ need --with-randomdev=PATH or --with-randomdev=no]) - esac - case "$host" in - *-openbsd*) - devrandom=/dev/arandom - ;; - *) - devrandom=/dev/random - ;; - esac - AC_MSG_RESULT($devrandom) - AC_CHECK_FILE($devrandom, - AC_DEFINE_UNQUOTED(PATH_RANDOMDEV, - "$devrandom"),) - - ;; - yes) - AC_MSG_ERROR([--with-randomdev must specify a path]) - ;; - no) - AC_MSG_RESULT(disabled) - ;; - *) - AC_DEFINE_UNQUOTED(PATH_RANDOMDEV, "$use_randomdev") - AC_MSG_RESULT(using "$use_randomdev") - ;; -esac - -# -# Only check dsa signature generation on these platforms when performing -# system tests. -# -CHECK_DSA=0 -if grep "#define PATH_RANDOMDEV " confdefs.h > /dev/null -then - case "$host" in - *darwin*|*freebsd*) - CHECK_DSA=1 - ;; - esac -fi -AC_SUBST(CHECK_DSA) - -# -# Do we have arc4random(), etc ? arc4random_addrandom() has been removed -# from OpenBSD 5.5 onwards. -# -AC_CHECK_FUNC(arc4random, AC_DEFINE(HAVE_ARC4RANDOM)) -AC_CHECK_FUNC(arc4random_addrandom, AC_DEFINE(HAVE_ARC4RANDOM_ADDRANDOM)) - -sinclude(config.threads.in)dnl - -if $use_threads -then - if test "X$GCC" = "Xyes"; then - case "$host" in - *-freebsd*) - CC="$CC -pthread" - CCOPT="$CCOPT -pthread" - CCNOOPT="$CCNOOPT -pthread" - STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE" - ;; - *-openbsd*) - CC="$CC -pthread" - CCOPT="$CCOPT -pthread" - CCNOOPT="$CCNOOPT -pthread" - ;; - *-solaris*) - LIBS="$LIBS -lthread" - ;; - *-ibm-aix*) - STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE" - ;; - esac - else - case $host in - *-dec-osf*) - CC="$CC -pthread" - CCOPT="$CCOPT -pthread" - CCNOOPT="$CCNOOPT -pthread" - ;; - *-solaris*) - CC="$CC -mt" - CCOPT="$CCOPT -mt" - CCNOOPT="$CCNOOPT -mt" - ;; - *-ibm-aix*) - STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE" - ;; - *-sco-sysv*uw*|*-*-sysv*UnixWare*) - CC="$CC -Kthread" - CCOPT="$CCOPT -Kthread" - CCNOOPT="$CCNOOPT -Kthread" - ;; - *-*-sysv*OpenUNIX*) - CC="$CC -Kpthread" - CCOPT="$CCOPT -Kpthread" - CCNOOPT="$CCNOOPT -Kpthread" - ;; - esac - fi - ALWAYS_DEFINES="-D_REENTRANT" - ISC_PLATFORM_USETHREADS="#define ISC_PLATFORM_USETHREADS 1" - THREADOPTOBJS='${THREADOPTOBJS}' - THREADOPTSRCS='${THREADOPTSRCS}' - thread_dir=pthreads - # - # We'd like to use sigwait() too - # - AC_CHECK_FUNC(sigwait, - AC_DEFINE(HAVE_SIGWAIT), - AC_CHECK_LIB(c, sigwait, - AC_DEFINE(HAVE_SIGWAIT), - AC_CHECK_LIB(pthread, sigwait, - AC_DEFINE(HAVE_SIGWAIT), - AC_CHECK_LIB(pthread, _Psigwait, - AC_DEFINE(HAVE_SIGWAIT),)))) - - AC_CHECK_FUNC(pthread_attr_getstacksize, - AC_DEFINE(HAVE_PTHREAD_ATTR_GETSTACKSIZE),) - - AC_CHECK_FUNC(pthread_attr_setstacksize, - AC_DEFINE(HAVE_PTHREAD_ATTR_SETSTACKSIZE),) - - AC_ARG_WITH(locktype, - [ --with-locktype=ARG Specify mutex lock type (adaptive or standard)], - locktype="$withval", locktype="adaptive") - - case "$locktype" in - adaptive) - AC_MSG_CHECKING([for PTHREAD_MUTEX_ADAPTIVE_NP]) - - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ - #define _GNU_SOURCE - #include <pthread.h> - ]], [[ - return (PTHREAD_MUTEX_ADAPTIVE_NP); - ]])], - [ AC_MSG_RESULT(using adaptive lock type) - AC_DEFINE([HAVE_PTHREAD_MUTEX_ADAPTIVE_NP], 1, - [Support for PTHREAD_MUTEX_ADAPTIVE_NP]) ], - [ AC_MSG_RESULT(using standard lock type) ]) - ;; - standard) - AC_MSG_RESULT(using standard lock type) - ;; - *) - AC_MSG_ERROR([You must specify "adaptive" or "standard" for --with-locktype.]) - ;; - esac - - AC_CHECK_HEADERS(sched.h) - - case "$host" in - *solaris-*) - AC_CHECK_LIB(rt, sched_yield) - ;; - esac - - AC_CHECK_FUNCS(sched_yield pthread_yield pthread_yield_np) - - # - # Additional OS-specific issues related to pthreads and sigwait. - # - case "$host" in - # - # One more place to look for sigwait. - # - *-freebsd*) - AC_CHECK_LIB(c_r, sigwait, AC_DEFINE(HAVE_SIGWAIT),) - case $host in - *-freebsd5.[[012]]|*-freebsd5.[[012]].*);; - *-freebsd5.[[3456789]]|*-freebsd5.[[3456789]].*) - AC_DEFINE(NEED_PTHREAD_SCOPE_SYSTEM) - ;; - *-freebsd6.*) - AC_DEFINE(NEED_PTHREAD_SCOPE_SYSTEM) - ;; - esac - ;; - # - # BSDI 3.0 through 4.0.1 needs pthread_init() to be - # called before certain pthreads calls. This is deprecated - # in BSD/OS 4.1. - # - *-bsdi3.*|*-bsdi4.0*) - AC_DEFINE(NEED_PTHREAD_INIT) - ;; - # - # LinuxThreads requires some changes to the way we - # deal with signals. - # - *-linux*) - AC_DEFINE(HAVE_LINUXTHREADS) - ;; - # - # Ensure the right sigwait() semantics on Solaris and make - # sure we call pthread_setconcurrency. - # - *-solaris*) - AC_DEFINE(_POSIX_PTHREAD_SEMANTICS) - AC_CHECK_FUNC(pthread_setconcurrency, - AC_DEFINE(CALL_PTHREAD_SETCONCURRENCY)) - ;; - # - # UnixWare does things its own way. - # - *-sco-sysv*uw*|*-*-sysv*UnixWare*|*-*-sysv*OpenUNIX*) - AC_DEFINE(HAVE_UNIXWARE_SIGWAIT) - ;; - esac - - # - # Look for sysconf to allow detection of the number of processors. - # - AC_CHECK_FUNC(sysconf, AC_DEFINE(HAVE_SYSCONF),) - -else - ISC_PLATFORM_USETHREADS="#undef ISC_PLATFORM_USETHREADS" - thread_dir=nothreads - THREADOPTOBJS="" - THREADOPTSRCS="" - ALWAYS_DEFINES="" -fi - -AC_SUBST(ALWAYS_DEFINES) -AC_SUBST(ISC_PLATFORM_USETHREADS) -AC_SUBST(THREADOPTOBJS) -AC_SUBST(THREADOPTSRCS) -ISC_THREAD_DIR=$thread_dir -AC_SUBST(ISC_THREAD_DIR) - -AC_MSG_CHECKING(for libtool) -AC_ARG_WITH(libtool, - [ --with-libtool use GNU libtool], - use_libtool="$withval", use_libtool="no") - -case $use_libtool in - yes) - AC_MSG_RESULT(yes) - AM_PROG_LIBTOOL - O=lo - A=la - LIBTOOL_MKDEP_SED='s;\.o;\.lo;' - LIBTOOL_MODE_COMPILE='--mode=compile --tag=CC' - LIBTOOL_MODE_INSTALL='--mode=install --tag=CC' - LIBTOOL_MODE_LINK='--mode=link --tag=CC' - INSTALL_LIBRARY='${INSTALL_PROGRAM}' - case "$host" in - *) LIBTOOL_ALLOW_UNDEFINED= ;; - esac - case "$host" in - *-ibm-aix*) LIBTOOL_IN_MAIN="-Wl,-bI:T_testlist.imp" ;; - *) LIBTOOL_IN_MAIN= ;; - esac; - ;; - *) - AC_MSG_RESULT(no) - O=o - A=a - LIBTOOL= - AC_SUBST(LIBTOOL) - LIBTOOL_MKDEP_SED= - LIBTOOL_MODE_COMPILE= - LIBTOOL_MODE_INSTALL= - LIBTOOL_MODE_LINK= - LIBTOOL_ALLOW_UNDEFINED= - LIBTOOL_IN_MAIN= - INSTALL_LIBRARY='${INSTALL_DATA}' - ;; -esac -AC_SUBST(INSTALL_LIBRARY) - -# -# was --enable-native-pkcs11 specified? -# (note it implies both --without-openssl and --with-pkcs11) -# -AC_ARG_ENABLE(native-pkcs11, - [ --enable-native-pkcs11 use native PKCS11 for all crypto [[default=no]]], - want_native_pkcs11="$enableval", want_native_pkcs11="no") - -# -# was --with-openssl specified? -# -AC_ARG_WITH(openssl, -[ --with-openssl[=PATH] Build with OpenSSL [yes|no|path]. - (Crypto is required for DNSSEC)], - use_openssl="$withval", use_openssl="auto") - -# -# was --with-pkcs11 specified? -# -AC_ARG_WITH(pkcs11, -[ --with-pkcs11[=PATH] Build with PKCS11 support [yes|no|path] - (PATH is for the PKCS11 provider)], - use_pkcs11="$withval", use_pkcs11="auto") - -# -# were --with-ecdsa, --with-gost, --with-aes specified -# -AC_ARG_WITH(ecdsa, [ --with-ecdsa Crypto ECDSA], - with_ecdsa="$withval", with_ecdsa="auto") -AC_ARG_WITH(gost, [ --with-gost Crypto GOST [yes|no|raw|asn1].], - with_gost="$withval", with_gost="auto") -AC_ARG_WITH(aes, [ --with-aes Crypto AES], - with_aes="$withval", with_aes="checkcc") - -# -# was --enable-openssl-hash specified? -# -AC_ARG_ENABLE(openssl-hash, - [ --enable-openssl-hash use OpenSSL for hash functions [[default=no]]], - want_openssl_hash="$enableval", want_openssl_hash="checkcc") - -# -# Client Cookie algorithm choice -# -AC_ARG_WITH(cc-alg, - [ --with-cc-alg=ALG choose the algorithm for Client Cookie [[aes|sha1|sha256]]], - with_cc_alg="$withval", with_cc_alg="auto") - -case $with_cc_alg in - *1) - with_cc_alg="sha1" - ;; - *2*) - with_cc_alg="sha256" - ;; - auto) - if test "$with_aes" != "no" - then - with_aes="yes" - fi - ;; - *) - with_cc_alg="aes" - if test "$with_aes" != "no" - then - with_aes="yes" - fi - ;; -esac -if test "with_aes" = "checkcc" -then - with_aes="no" -fi - -AC_MSG_CHECKING(for OpenSSL library) -OPENSSL_WARNING= -openssldirs="/usr /usr/local /usr/local/ssl /usr/pkg /usr/sfw" -if test "$want_native_pkcs11" = "yes" -then - use_openssl="native_pkcs11" - AC_MSG_RESULT(use of native PKCS11 instead) -fi - -if test "$use_openssl" = "auto" -then - for d in $openssldirs - do - if test -f $d/include/openssl/opensslv.h - then - use_openssl=$d - break - fi - done -fi -OPENSSL_ECDSA="" -OPENSSL_GOST="" -gosttype="raw" -case "$with_gost" in - raw) - with_gost="yes" - ;; - asn1) - AC_DEFINE(PREFER_GOSTASN1, 1, - [Define if GOST private keys are encoded in ASN.1.]) - gosttype="asn1" - with_gost="yes" - ;; - auto|yes|no) - ;; - *) - AC_MSG_ERROR(unknown GOST private key encoding) - ;; -esac - -case "$use_openssl" in - native_pkcs11) - AC_MSG_RESULT(disabled because of native PKCS11) - DST_OPENSSL_INC="" - CRYPTO="-DPKCS11CRYPTO" - OPENSSLGOSTLINKOBJS="" - OPENSSLGOSTLINKSRS="" - OPENSSLLINKOBJS="" - OPENSSLLINKSRCS="" - ;; - no) - AC_MSG_RESULT(no) - DST_OPENSSL_INC="" - CRYPTO="" - OPENSSLGOSTLINKOBJS="" - OPENSSLGOSTLINKSRS="" - OPENSSLLINKOBJS="" - OPENSSLLINKSRCS="" - ;; - auto) - DST_OPENSSL_INC="" - CRYPTO="" - OPENSSLGOSTLINKOBJS="" - OPENSSLGOSTLINKSRS="" - OPENSSLLINKOBJS="" - OPENSSLLINKSRCS="" - AC_MSG_ERROR( -[OpenSSL was not found in any of $openssldirs; use --with-openssl=/path -If you don't want OpenSSL, use --without-openssl]) - ;; - *) - if test "$want_native_pkcs11" = "yes" - then - AC_MSG_RESULT() - AC_MSG_ERROR([OpenSSL and native PKCS11 cannot be used together.]) - fi - if test "$use_openssl" = "yes" - then - # User did not specify a path - guess it - for d in $openssldirs - do - if test -f $d/include/openssl/opensslv.h - then - use_openssl=$d - break - fi - done - if test "$use_openssl" = "yes" - then - AC_MSG_RESULT(not found) - AC_MSG_ERROR( -[OpenSSL was not found in any of $openssldirs; use --with-openssl=/path]) - fi - elif ! test -f "$use_openssl"/include/openssl/opensslv.h - then - AC_MSG_ERROR(["$use_openssl/include/openssl/opensslv.h" not found]) - fi - CRYPTO='-DOPENSSL' - if test "$use_openssl" = "/usr" - then - DST_OPENSSL_INC="" - DST_OPENSSL_LIBS="-lcrypto" - else - DST_OPENSSL_INC="-I$use_openssl/include" - case $host in - *-solaris*) - DST_OPENSSL_LIBS="-L$use_openssl/lib -R$use_openssl/lib -lcrypto" - ;; - *-hp-hpux*) - DST_OPENSSL_LIBS="-L$use_openssl/lib -Wl,+b: -lcrypto" - ;; - *-apple-darwin*) - # - # Apple's ld seaches for serially for dynamic - # then static libraries. This means you can't - # use -L to override dynamic system libraries - # with static ones when linking. Instead - # we specify a absolute path. - # - if test -f "$use_openssl/lib/libcrypto.dylib" - then - DST_OPENSSL_LIBS="-L$use_openssl/lib -lcrypto" - else - DST_OPENSSL_LIBS="$use_openssl/lib/libcrypto.a" - fi - ;; - *) - DST_OPENSSL_LIBS="-L$use_openssl/lib -lcrypto" - ;; - esac - fi - AC_MSG_RESULT(using OpenSSL from $use_openssl/lib and $use_openssl/include) - - saved_cc="$CC" - saved_cflags="$CFLAGS" - saved_libs="$LIBS" - CFLAGS="$CFLAGS $DST_OPENSSL_INC" - LIBS="$LIBS $DST_OPENSSL_LIBS" - AC_MSG_CHECKING(whether linking with OpenSSL works) - AC_TRY_RUN([ -#include <openssl/err.h> -int main() { - ERR_clear_error(); - return (0); -} -], - [AC_MSG_RESULT(yes)], - [AC_MSG_RESULT(no) - AC_MSG_ERROR(Could not run test program using OpenSSL from -$use_openssl/lib and $use_openssl/include. -Please check the argument to --with-openssl and your -shared library configuration (e.g., LD_LIBRARY_PATH).)], - [AC_MSG_RESULT(assuming it does work on target platform)]) - - AC_MSG_CHECKING(whether linking with OpenSSL requires -ldl) - AC_TRY_LINK([ -#include <openssl/err.h> -#include <openssl/dso.h> -], -[ DSO_METHOD_dlfcn(); ], - [AC_MSG_RESULT(no)], - [LIBS="$LIBS -ldl" - AC_TRY_LINK([ -#include <openssl/err.h> -#include <openssl/dso.h> -],[ DSO_METHOD_dlfcn(); ], - [AC_MSG_RESULT(yes) - DST_OPENSSL_LIBS="$DST_OPENSSL_LIBS -ldl" - ], - [AC_MSG_RESULT(unknown) - AC_MSG_ERROR(OpenSSL has unsupported dynamic loading)], - [AC_MSG_RESULT(assuming it does work on target platform)]) - ], - [AC_MSG_RESULT(assuming it does work on target platform)] - ) - -AC_ARG_ENABLE(openssl-version-check, -[AC_HELP_STRING([--enable-openssl-version-check], - [check OpenSSL version @<:@default=yes@:>@])]) -case "$enable_openssl_version_check" in -yes|'') - AC_MSG_CHECKING(OpenSSL library version) - AC_TRY_RUN([ -#include <stdio.h> -#include <openssl/opensslv.h> -int main() { - if ((OPENSSL_VERSION_NUMBER >= 0x009070cfL && - OPENSSL_VERSION_NUMBER < 0x00908000L) || - (OPENSSL_VERSION_NUMBER >= 0x0090804fL && - OPENSSL_VERSION_NUMBER < 0x10002000L) || - OPENSSL_VERSION_NUMBER >= 0x1000205fL) - return (0); - printf("\n\nFound OPENSSL_VERSION_NUMBER %#010x\n", - OPENSSL_VERSION_NUMBER); - printf("Require OPENSSL_VERSION_NUMBER 0x009070cf or greater (0.9.7l)\n" - "Require OPENSSL_VERSION_NUMBER 0x0090804f or greater (0.9.8d)\n" - "Require OPENSSL_VERSION_NUMBER 0x1000000f or greater (1.0.0)\n" - "Require OPENSSL_VERSION_NUMBER 0x1000100f or greater (1.0.1)\n" - "Require OPENSSL_VERSION_NUMBER 0x1000205f or greater (1.0.2e)\n\n"); - return (1); -} - ], - [AC_MSG_RESULT(ok)], - [AC_MSG_RESULT(not compatible) - OPENSSL_WARNING=yes - ], - [AC_MSG_RESULT(assuming target platform has compatible version)]) -;; -no) - AC_MSG_RESULT(Skipped OpenSSL version check) -;; -esac - - AC_MSG_CHECKING(for OpenSSL DSA support) - if test -f $use_openssl/include/openssl/dsa.h - then - AC_DEFINE(HAVE_OPENSSL_DSA) - AC_MSG_RESULT(yes) - else - AC_MSG_RESULT(no) - fi - - AC_CHECK_FUNCS(EVP_sha256 EVP_sha384 EVP_sha512) - - AC_MSG_CHECKING(for OpenSSL ECDSA support) - have_ecdsa="" - AC_TRY_RUN([ -#include <openssl/ecdsa.h> -#include <openssl/objects.h> -int main() { - EC_KEY *ec256, *ec384; - -#if !defined(HAVE_EVP_SHA256) || !defined(HAVE_EVP_SHA384) - return (1); -#endif - ec256 = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); - ec384 = EC_KEY_new_by_curve_name(NID_secp384r1); - if (ec256 == NULL || ec384 == NULL) - return (2); - return (0); -} -], - [AC_MSG_RESULT(yes) - have_ecdsa="yes"], - [AC_MSG_RESULT(no) - have_ecdsa="no"], - [AC_MSG_RESULT(using --with-ecdsa)]) - case "$with_ecdsa" in - yes) - case "$have_ecdsa" in - no) AC_MSG_ERROR([ecdsa not supported]) ;; - *) have_ecdsa=yes ;; - esac - ;; - no) - have_ecdsa=no ;; - *) - case "$have_ecdsa" in - yes|no) ;; - *) AC_MSG_ERROR([need --with-ecdsa=[[yes or no]]]) ;; - esac - ;; - esac - case $have_ecdsa in - yes) - OPENSSL_ECDSA="yes" - AC_DEFINE(HAVE_OPENSSL_ECDSA, 1, - [Define if your OpenSSL version supports ECDSA.]) - ;; - *) - ;; - esac - - AC_MSG_CHECKING(for OpenSSL GOST support) - have_gost="" - case "$use_pkcs11" in - auto|no) - ;; - *) - if $use_threads; then - CC="$CC -pthread" - fi - ;; - esac - AC_TRY_RUN([ -#include <openssl/conf.h> -#include <openssl/engine.h> -int main() { -#if (OPENSSL_VERSION_NUMBER >= 0x10000000L) - ENGINE *e; - EC_KEY *ek; - - ek = NULL; - OPENSSL_config(NULL); - - e = ENGINE_by_id("gost"); - if (e == NULL) - return (1); - if (ENGINE_init(e) <= 0) - return (1); - return (0); -#else - return (1); -#endif -} -], - [AC_MSG_RESULT(yes) - have_gost="yes"], - [AC_MSG_RESULT(no) - have_gost="no"], - [AC_MSG_RESULT(using --with-gost)]) - case "$with_gost" in - yes) - case "$have_gost" in - no) AC_MSG_ERROR([gost not supported]) ;; - *) have_gost=yes ;; - esac - ;; - no) - have_gost=no ;; - *) - case "$have_gost" in - yes|no) ;; - *) AC_MSG_ERROR([need --with-gost=[[yes, no, raw or asn1]]]) ;; - esac - ;; - esac - case $have_gost in - yes) - OPENSSL_GOST="yes" - OPENSSLGOSTLINKOBJS='${OPENSSLGOSTLINKOBJS}' - OPENSSLGOSTLINKSRCS='${OPENSSLGOSTLINKSRCS}' - AC_DEFINE(HAVE_OPENSSL_GOST, 1, - [Define if your OpenSSL version supports GOST.]) - ;; - *) - ;; - esac - - have_aes="no" - AC_MSG_CHECKING(for OpenSSL AES support) - AC_TRY_RUN([ -#include <openssl/evp.h> -int main() { - EVP_CIPHER *aes128, *aes192, *aes256; - - aes128 = EVP_aes_128_ecb(); - aes192 = EVP_aes_192_ecb(); - aes256 = EVP_aes_256_ecb(); - if (aes128 == NULL || aes192 == NULL || aes256 == NULL) - return (1); - return (0); -} -], - [AC_MSG_RESULT(yes) - have_aes="evp"], - [AC_CHECK_FUNC(AES_encrypt, - [AC_MSG_RESULT(yes) - have_aes="yes"], - [AC_MSG_RESULT(no)])], - [AC_MSG_RESULT(using --with-aes) - # Expect cross-compiling with a modern OpenSSL - have_aes="evp"]) - - ISC_OPENSSL_INC="" - ISC_OPENSSL_LIBS="" - if test "$with_aes" = "yes" - then - case "$have_aes" in - evp) - AC_DEFINE(HAVE_OPENSSL_EVP_AES, 1, - [Define if your OpenSSL version supports EVP AES]) - ISC_OPENSSL_INC="$DST_OPENSSL_INC" - ISC_OPENSSL_LIBS="$DST_OPENSSL_LIBS" - ;; - yes) - AC_DEFINE(HAVE_OPENSSL_AES, 1, - [Define if your OpenSSL version supports AES]) - ISC_OPENSSL_INC="$DST_OPENSSL_INC" - ISC_OPENSSL_LIBS="$DST_OPENSSL_LIBS" - ;; - *) - ;; - esac - fi - - CC="$saved_cc" - CFLAGS="$saved_cflags" - LIBS="$saved_libs" - OPENSSLLINKOBJS='${OPENSSLLINKOBJS}' - OPENSSLLINKSRCS='${OPENSSLLINKSRCS}' - - ;; -esac - -# -# This would include the system openssl path (and linker options to use -# it as needed) if it is found. -# - -AC_SUBST(DST_OPENSSL_INC) -AC_SUBST(OPENSSLGOSTLINKOBJS) -AC_SUBST(OPENSSLGOSTLINKSRCS) -AC_SUBST(OPENSSLLINKOBJS) -AC_SUBST(OPENSSLLINKSRCS) -AC_SUBST(OPENSSL_ECDSA) -AC_SUBST(OPENSSL_GOST) - -DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DST_OPENSSL_LIBS" - -ISC_PLATFORM_WANTAES="#undef ISC_PLATFORM_WANTAES" -if test "$with_aes" = "yes" -then - if test "X$CRYPTO" = "X" - then - with_aes="no" - fi -fi -if test "$with_aes" = "yes" -then - ISC_PLATFORM_WANTAES="#define ISC_PLATFORM_WANTAES 1" -fi -AC_SUBST(ISC_PLATFORM_WANTAES) - -# -# Choose Client Cookie algorithm -# - -AC_MSG_CHECKING(for the Algorithm for Client Cookie) -if test "$with_cc_alg" = "auto" -then - if test "$with_aes" = "yes" - then - with_cc_alg="aes" - else - with_cc_alg="sha256" - fi -fi -case $with_cc_alg in - sha1) - AC_MSG_RESULT(sha1) - if test "$CRYPTO" = "-DOPENSSL" - then - if test "$want_openssl_hash" = "checkcc" - then - want_openssl_hash="yes" - fi - fi - AC_DEFINE(HMAC_SHA1_CC, 1, - [Use HMAC-SHA1 for Client Cookie generation]) - ;; - sha256) - AC_MSG_RESULT(sha256) - if test "$CRYPTO" = "-DOPENSSL" - then - if test "$want_openssl_hash" = "checkcc" - then - want_openssl_hash="yes" - fi - fi - AC_DEFINE(HMAC_SHA256_CC, 1, - [Use HMAC-SHA256 for Client Cookie generation]) - ;; - aes) - AC_MSG_RESULT(aes) - if test "$with_aes" != "yes" - then - AC_MSG_ERROR("Client Cookie wants to use unavailable AES"); - fi - AC_DEFINE(AES_CC, 1, - [Use AES for Client Cookie generation]) - ;; -esac -if test "$want_openssl_hash" = "checkcc" -then - want_openssl_hash="no" -fi - -# -# Use OpenSSL for hash functions -# - -AC_MSG_CHECKING(for using OpenSSL for hash functions) -ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH" -case $want_openssl_hash in - yes) - if test "$CRYPTO" != "-DOPENSSL" - then - AC_MSG_ERROR([No OpenSSL for hash functions]) - fi - AC_MSG_RESULT(yes) - ISC_PLATFORM_OPENSSLHASH="#define ISC_PLATFORM_OPENSSLHASH 1" - ISC_OPENSSL_INC="$DST_OPENSSL_INC" - ISC_OPENSSL_LIBS="$DST_OPENSSL_LIBS" - saved_cflags="$CFLAGS" - save_libs="$LIBS" - CFLAGS="$CFLAGS $ISC_OPENSSL_INC" - LIBS="$LIBS $ISC_OPENSSL_LIBS" - AC_MSG_CHECKING([HMAC_Init() return type]) - AC_TRY_COMPILE([ - #include <openssl/hmac.h>],[ - HMAC_CTX ctx; - int n = HMAC_Init(&ctx, NULL, 0, NULL); - n += HMAC_Update(&ctx, NULL, 0); - n += HMAC_Final(&ctx, NULL, NULL);],[ - AC_MSG_RESULT(int) - AC_DEFINE(HMAC_RETURN_INT, 1, [HMAC_*() return ints])],[ - AC_MSG_RESULT(void)]) - CFLAGS="$saved_cflags" - LIBS="$save_libs" - ;; - no) - AC_MSG_RESULT(no) - ;; -esac -AC_SUBST(ISC_PLATFORM_OPENSSLHASH) -AC_SUBST(ISC_OPENSSL_INC) -AC_SUBST(ISC_OPENSSL_LIBS) - -# -# PKCS11 (aka crypto hardware) support (--with moved just after openssl) -# -AC_MSG_CHECKING(for PKCS11 support) - -if test "$use_pkcs11" = "auto" -then - if test "$want_native_pkcs11" = "yes" - then - use_pkcs11="yes" - else - use_pkcs11="no" - fi -fi - -case "$use_pkcs11" in - no) - AC_MSG_RESULT(no) - USE_PKCS11="" - PKCS11_TEST="" - PKCS11_TOOLS="" - ISC_PK11_C="" - ISC_PK11_O="" - ISC_PK11_API_C="" - ISC_PK11_API_O="" - ISC_PK11_RESULT_C="" - ISC_PK11_RESULT_O="" - ISC_ISCPK11_API_C="" - ISC_ISCPK11_API_O="" - ;; - yes|*) - AC_MSG_RESULT(yes) - if ! $use_threads; then - AC_MSG_ERROR([PKCS11 requires thread support]) - fi - if test "$CRYPTO" = "-DOPENSSL" - then - AC_MSG_CHECKING(for OpenSSL with PKCS11 support) - saved_cc="$CC" - saved_cflags="$CFLAGS" - saved_libs="$LIBS" - CC="$CC -pthread" - CFLAGS="$CFLAGS $DST_OPENSSL_INC" - LIBS="$LIBS $DST_OPENSSL_LIBS" - AC_TRY_RUN([ -#include <openssl/conf.h> -#include <openssl/engine.h> -int main() { - ENGINE *e; - - OPENSSL_config(NULL); - e = ENGINE_by_id("pkcs11"); - if (e == NULL) - return (1); - if (ENGINE_init(e) <= 0) - return (1); - return (0); -} -], - [AC_MSG_RESULT(yes) - PKCS11_TEST=pkcs11ssl - PKCS11_ENGINE='-DPKCS11_ENGINE="\"pkcs11\""'], - [AC_MSG_RESULT(no) - PKCS11_TEST='' - PKCS11_ENGINE='-DPKCS11_ENGINE=NULL'], - [AC_MSG_RESULT(cross compile, defaulting to no) - PKCS11_TEST='' - PKCS11_ENGINE='-DPKCS11_ENGINE=NULL']) - CC="$saved_cc" - CFLAGS="$saved_cflags" - LIBS="$saved_libs" - else - PKCS11_TEST='' - PKCS11_ENGINE='-DPKCS11_ENGINE=NULL' - - fi - USE_PKCS11='-DUSE_PKCS11' - PKCS11_TOOLS=pkcs11 - AC_CHECK_FUNC(getpassphrase, AC_DEFINE(HAVE_GETPASSPHRASE),) - ISC_PK11_C="pk11.c" - ISC_PK11_O="pk11.$O" - ISC_PK11_API_C="pk11_api.c" - ISC_PK11_API_O="pk11_api.$O" - ISC_PK11_RESULT_C="pk11_result.c" - ISC_PK11_RESULT_O="pk11_result.$O" - ISC_ISCPK11_API_C="unix/pk11_api.c" - ISC_ISCPK11_API_O="unix/pk11_api.$O" - ;; -esac -AC_SUBST(USE_PKCS11) -AC_SUBST(PKCS11_TOOLS) -AC_SUBST(PKCS11_ENGINE) -AC_SUBST(ISC_PK11_C) -AC_SUBST(ISC_PK11_O) -AC_SUBST(ISC_PK11_API_C) -AC_SUBST(ISC_PK11_API_O) -AC_SUBST(ISC_PK11_RESULT_C) -AC_SUBST(ISC_PK11_RESULT_O) -AC_SUBST(ISC_ISCPK11_API_C) -AC_SUBST(ISC_ISCPK11_API_O) - -AC_MSG_CHECKING(for PKCS11 tools) -case "$use_pkcs11" in - no) - PKCS11_PROVIDER="undefined" - AC_MSG_RESULT(disabled) - ;; - yes|'') - PKCS11_PROVIDER="undefined" - AC_MSG_RESULT(enabled) - ;; - *) - PKCS11_PROVIDER="$use_pkcs11" - AC_MSG_RESULT([enabled, PKCS11 provider is $PKCS11_PROVIDER]) - ;; -esac - -AC_SUBST(PKCS11_PROVIDER) - -PKCS11_ECDSA="" -PKCS11_GOST="" -set_pk11_flavor="no" -AC_MSG_CHECKING(for native PKCS11) - -case "$want_native_pkcs11" in - yes) - AC_MSG_RESULT(using native PKCS11 crypto) - PKCS11LINKOBJS='${PKCS11LINKOBJS}' - PKCS11LINKSRCS='${PKCS11LINKSRCS}' - PKCS11_TEST=pkcs11 - AC_MSG_CHECKING(for PKCS11 ECDSA) - case "$with_ecdsa" in - no) - AC_MSG_RESULT(disabled) - ;; - *) - AC_MSG_RESULT(enabled) - PKCS11_ECDSA="yes" - AC_DEFINE(HAVE_PKCS11_ECDSA, 1, - [Define if your PKCS11 provider supports ECDSA.]) - ;; - esac - AC_MSG_CHECKING(for PKCS11 GOST) - case "$with_gost" in - yes) - AC_MSG_RESULT(enabled) - PKCS11_GOST="yes" - AC_DEFINE(HAVE_PKCS11_GOST, 1, - [Define if your PKCS11 provider supports GOST.]) - ;; - *) - AC_MSG_RESULT(disabled) - ;; - esac - AC_MSG_CHECKING(for PKCS11 flavor) - case "$PKCS11_PROVIDER" in - *nfast*) - AC_MSG_RESULT(Thales nCipher) - # default - pk11_flavor="PK11_THALES_FLAVOR" - set_pk11_flavor="yes" - ;; - *libsofthsm2*) - AC_MSG_RESULT(SoftHSMv2) - pk11_flavor="PK11_SOFTHSMV2_FLAVOR" - set_pk11_flavor="yes" - ;; - *libsofthsm*) - AC_MSG_RESULT(SoftHSM) - pk11_flavor="PK11_SOFTHSMV1_FLAVOR" - set_pk11_flavor="yes" - ;; - *cryptech*) - AC_MSG_RESULT(Cryptech) - pk11_flavor="PK11_CRYPTECH_FLAVOR" - set_pk11_flavor="yes" - ;; - *Keyper*) - AC_MSG_RESULT(AEP Keyper: not yet supported) - ;; - undefined) - AC_MSG_RESULT(undefined provider?) - ;; - *) - AC_MSG_RESULT(unknown provider: tweaks are in lib/isc/include/pk11/site.h) - ;; - esac - if test "$set_pk11_flavor" = "yes" ; then - CFLAGS="$CFLAGS -DPK11_FLAVOR=$pk11_flavor" - fi - ;; - no|'') - AC_MSG_RESULT(disabled) - ;; -esac - -AC_SUBST(PKCS11LINKOBJS) -AC_SUBST(PKCS11LINKSRCS) -AC_SUBST(CRYPTO) -AC_SUBST(PKCS11_ECDSA) -AC_SUBST(PKCS11_GOST) -AC_SUBST(PKCS11_TEST) - -# for PKCS11 benchmarks - -have_clock_gt=no -AC_CHECK_FUNC(clock_gettime,have_clock_gt=yes,) -if test "$have_clock_gt" = "no"; then - AC_CHECK_LIB(rt,clock_gettime,have_clock_gt=rt,) -fi - -if test "$have_clock_gt" != "no"; then - AC_DEFINE(HAVE_CLOCK_GETTIME, 1, [Define if clock_gettime is available.]) -fi - -if test "$have_clock_gt" = "rt"; then - LIBS="-lrt $LIBS" -fi - -# -# was --with-lmdb specified? -# -AC_MSG_CHECKING(for lmdb library) -AC_ARG_WITH(lmdb, -[ --with-lmdb[=PATH] build with LMDB library [yes|no|path]], - use_lmdb="$withval", use_lmdb="auto") - -have_lmdb="" -case "$use_lmdb" in - no) - lmdb_libs="" - ;; - auto|yes) - for d in /usr /usr/local /opt/local - do - if test -f "${d}/include/lmdb.h" - then - if test ${d} != /usr - then - lmdb_cflags="-I ${d}/include" - LIBS="$LIBS -L${d}/lib" - fi - have_lmdb="yes" - fi - done - ;; - *) - if test -f "${use_lmdb}/include/lmdb.h" - then - lmdb_cflags="-I${use_lmdb}/include" - LIBS="$LIBS -L${use_lmdb}/lib" - have_lmdb="yes" - else - AC_MSG_ERROR([$use_lmdb/include/lmdb.h not found.]) - fi - ;; -esac - -if test "X${have_lmdb}" != "X" -then - AC_MSG_RESULT(yes) - AC_SEARCH_LIBS([mdb_env_create], [lmdb], [], - [AC_MSG_ERROR([found lmdb include but not library.]) - have_lmdb=""]) -elif test "X$use_lmdb" = Xyes -then - AC_MSG_ERROR([include/lmdb.h not found.]) -else - AC_MSG_RESULT(no) -fi - -NZD_TOOLS="" -NZDSRCS= -NZDTARGETS= -if test "X${have_lmdb}" != "X" -then - CFLAGS="$CFLAGS $lmdb_cflags" - AC_DEFINE(HAVE_LMDB, 1, [Define if lmdb was found]) - NZD_TOOLS="nzd" - NZDSRCS='${NZDSRCS}' - NZDTARGETS='${NZDTARGETS}' -fi -AC_SUBST(NZD_TOOLS) -AC_SUBST(NZDSRCS) -AC_SUBST(NZDTARGETS) - -# -# was --with-libxml2 specified? -# -AC_MSG_CHECKING(for libxml2 library) -AC_ARG_WITH(libxml2, -[ --with-libxml2[=PATH] build with libxml2 library [yes|no|path]], - use_libxml2="$withval", use_libxml2="auto") - -case "$use_libxml2" in - no) - DST_LIBXML2_INC="" - ;; - auto|yes) - case X`(xml2-config --version) 2>/dev/null` in - X2.[[6789]].*) - libxml2_libs=`xml2-config --libs` - libxml2_cflags=`xml2-config --cflags` - ;; - *) - if test "$use_libxml2" = "yes" ; then - AC_MSG_RESULT(no) - AC_MSG_ERROR(required libxml2 version not available) - else - libxml2_libs= - libxml2_cflags= - fi - ;; - esac - ;; - *) - if test -f "$use_libxml2/bin/xml2-config" ; then - libxml2_libs=`$use_libxml2/bin/xml2-config --libs` - libxml2_cflags=`$use_libxml2/bin/xml2-config --cflags` - fi - ;; -esac - -if test "X$libxml2_libs" != "X" -then - CFLAGS="$CFLAGS $libxml2_cflags" - LIBS="$LIBS $libxml2_libs" - # - # Sanity check xml2-config output. - # - AC_TRY_LINK([#include <libxml/xmlwriter.h>], - [return(xmlTextWriterStartElement(NULL, NULL));], - AC_MSG_RESULT(yes), - AC_MSG_ERROR(xml2-config returns badness)) - AC_DEFINE(HAVE_LIBXML2, 1, [Define if libxml2 was found]) - XMLSTATS=1 -else - AC_MSG_RESULT(no) -fi -AC_SUBST(XMLSTATS) - -# -# was --with-libjson specified? -# -AC_MSG_CHECKING(for json library) -AC_ARG_WITH(libjson, -[ --with-libjson[=PATH] build with libjson0 library [yes|no|path]], - use_libjson="$withval", use_libjson="auto") - -have_libjson="" -have_libjson_c="" -case "$use_libjson" in - no) - libjson_libs="" - ;; - auto|yes) - for d in /usr /usr/local /opt/local - do - if test -f "${d}/include/json/json.h" - then - if test ${d} != /usr - then - libjson_cflags="-I ${d}/include" - LIBS="$LIBS -L${d}/lib" - fi - have_libjson="yes" - elif test -f "${d}/include/json-c/json.h" - then - if test ${d} != /usr - then - libjson_cflags="-I ${d}/include" - LIBS="$LIBS -L${d}/lib" - fi - have_libjson="yes" - have_libjson_c="yes" - fi - done - ;; - *) - if test -f "${use_libjson}/include/json/json.h" - then - libjson_cflags="-I${use_libjson}/include" - LIBS="$LIBS -L${use_libjson}/lib" - have_libjson="yes" - elif test -f "${use_libjson}/include/json-c/json.h" - then - libjson_cflags="-I${use_libjson}/include" - LIBS="$LIBS -L${use_libjson}/lib" - have_libjson="yes" - have_libjson_c="yes" - else - AC_MSG_ERROR([$use_libjson/include/json{,-c}/json.h not found.]) - fi - ;; -esac - -if test "X${have_libjson}" != "X" -then - AC_MSG_RESULT(yes) - AC_SEARCH_LIBS([json_object_new_int64], [json json-c], [], - [AC_MSG_ERROR([found libjson include but not library.]) - have_libjson=""]) -elif test "X$use_libjson" = Xyes -then - AC_MSG_ERROR([include/json{,-c}/json.h not found.]) -else - AC_MSG_RESULT(no) -fi - -if test "X${have_libjson}" != "X" -then - CFLAGS="$CFLAGS $libjson_cflags" - AC_DEFINE(HAVE_JSON, 1, [Define if libjson was found]) - if test "X${have_libjson_c}" = Xyes - then - AC_DEFINE(HAVE_JSON_C, 1, [Define if json-c was found]) - fi - JSONSTATS=1 -fi -AC_SUBST(JSONSTATS) - -# -# was --with-zlib specified? -# -AC_MSG_CHECKING(for zlib library) -AC_ARG_WITH(zlib, -[ --with-zlib[=PATH] build with zlib for HTTP compression [[default=yes]] ], - with_zlib="$withval", with_zlib="auto") - -have_zlib="" -case "$with_zlib" in - no) - zlib_libs="" - ;; - auto|yes) - for d in /usr /usr/local /opt/local - do - if test -f "${d}/include/zlib.h" - then - if test ${d} != /usr - then - zlib_cflags="-I ${d}/include" - LIBS="$LIBS -L${d}/lib" - fi - have_zlib="yes" - fi - done - ;; - *) - if test -f "${with_zlib}/zlib.h" - then - zlib_cflags="-I${with_zlib}/include" - LIBS="$LIBS -L${with_zlib}/lib" - have_zlib="yes" - else - AC_MSG_ERROR([$with_zlib/include/zlib.h not found.]) - fi - ;; -esac - -if test "X${have_zlib}" != "X" -then - AC_MSG_RESULT(yes) - AC_SEARCH_LIBS([deflate], [z], [], - [AC_MSG_ERROR([found zlib include but not library.]) - have_zlib=""]) -elif test "X$with_zlib" = Xyes -then - AC_MSG_ERROR([include/zlib.h not found.]) -else - AC_MSG_RESULT(no) -fi - -ZLIB= -if test "X${have_zlib}" != "X" -then - CFLAGS="$CFLAGS $zlib_cflags" - AC_DEFINE(HAVE_ZLIB, 1, [Define if zlib was found]) - ZLIB=1 -fi -AC_SUBST(ZLIB) - - -# -# In solaris 10, SMF can manage named service -# -AC_CHECK_LIB(scf, smf_enable_instance) - -# -# flockfile is usually provided by pthreads, but we may want to use it -# even if compiled with --disable-threads. getc_unlocked might also not -# be defined. -# -AC_CHECK_FUNC(flockfile, AC_DEFINE(HAVE_FLOCKFILE),) -AC_CHECK_FUNC(getc_unlocked, AC_DEFINE(HAVE_GETCUNLOCKED),) - -# -# Indicate what the final decision was regarding threads. -# -AC_MSG_CHECKING(whether to build with threads) -if $use_threads; then - AC_MSG_RESULT(yes) -else - AC_MSG_RESULT(no) -fi - -# -# End of pthreads stuff. -# - -# -# Large File -# -AC_ARG_ENABLE(largefile, [ --enable-largefile 64-bit file support], - want_largefile="yes", want_largefile="no") -case $want_largefile in - yes) - ALWAYS_DEFINES="$ALWAYS_DEFINES -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64" - ;; - *) - ;; -esac - -# -# Additional compiler settings. -# -MKDEPCC="$CC" -MKDEPCFLAGS="-M" -IRIX_DNSSEC_WARNINGS_HACK="" - -if test "X$GCC" = "Xyes"; then - STD_CWARNINGS="$STD_CWARNINGS -W -Wall -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wformat -Wpointer-arith" - AC_MSG_CHECKING(if "$CC" supports -fno-strict-aliasing) - SAVE_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -Werror -fno-strict-aliasing" - AC_TRY_COMPILE(,, [FNOSTRICTALIASING=yes],[FNOSTRICTALIASING=no]) - CFLAGS="$SAVE_CFLAGS" - if test "$FNOSTRICTALIASING" = "yes"; then - AC_MSG_RESULT(yes) - STD_CWARNINGS="$STD_CWARNINGS -fno-strict-aliasing" - else - AC_MSG_RESULT(no) - fi - # - # turn off delete null pointer checks - # - AC_MSG_CHECKING(if "$CC" supports -fno-delete-null-pointer-checks) - SAVE_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -Werror -fno-delete-null-pointer-checks" - AC_TRY_COMPILE(,, [FNODELETENULLPOINTERCHECKS=yes], - [FNODELETENULLPOINTERCHECKS=no]) - CFLAGS="$SAVE_CFLAGS" - if test "$FNODELETENULLPOINTERCHECKS" = "yes"; then - AC_MSG_RESULT(yes) - STD_CWARNINGS="$STD_CWARNINGS -fno-delete-null-pointer-checks" - else - AC_MSG_RESULT(no) - fi - case "$host" in - *-hp-hpux*) - CFLAGS="$CFLAGS -Wl,+vnocompatwarnings" - BACKTRACECFLAGS="$BACKTRACECFLAGS -Wl,+vnocompatwarnings" - ;; - esac - if test "X$enable_warn_shadow" = Xyes; then - STD_CWARNINGS="$STD_CWARNINGS -Wshadow" - fi - if test "X$enable_warn_error" = Xyes; then - STD_CWARNINGS="$STD_CWARNINGS -Werror" - fi -else - case $host in - *-dec-osf*) - CC="$CC -std" - CCOPT="$CCOPT -std" - CCNOOPT="$CCNOOPT -std" - MKDEPCC="$CC" - ;; - *-hp-hpux*) - CC="$CC -Ae -z" - # The version of the C compiler that constantly warns about - # 'const' as well as alignment issues is unfortunately not - # able to be discerned via the version of the operating - # system, nor does cc have a version flag. - case "`$CC +W 123 2>&1`" in - *Unknown?option*) - STD_CWARNINGS="+w1" - ;; - *) - # Turn off the pointlessly noisy warnings. - STD_CWARNINGS="+w1 +W 474,530,2193,2236" - ;; - esac - CCOPT="$CCOPT -Ae -z" - CCNOOPT="$CCNOOPT -Ae -z" - CFLAGS="$CFLAGS -Wl,+vnocompatwarnings" - BACKTRACECFLAGS="$BACKTRACECFLAGS -Wl,+vnocompatwarnings" - MKDEPPROG='cc -Ae -E -Wp,-M >/dev/null 2>>$TMP' - ;; - *-sgi-irix*) - STD_CWARNINGS="-fullwarn -woff 1209" - # - # Silence more than 250 instances of - # "prototyped function redeclared without prototype" - # and 11 instances of - # "variable ... was set but never used" - # from lib/dns/sec/openssl. - # - IRIX_DNSSEC_WARNINGS_HACK="-woff 1692,1552" - ;; - *-solaris*) - MKDEPCFLAGS="-xM" - ;; - *-sco-sysv*uw*|*-*-sysv*UnixWare*|*-*-sysv*OpenUNIX*) - # UnixWare - CC="$CC -w" - ;; - esac -fi - -AC_SUBST(MKDEPCC) -AC_SUBST(MKDEPCFLAGS) -AC_SUBST(MKDEPPROG) -AC_SUBST(IRIX_DNSSEC_WARNINGS_HACK) - -# -# NLS -# -AC_CHECK_FUNC(catgets, AC_DEFINE(HAVE_CATGETS),) - -# -# -lxnet buys us one big porting headache... standards, gotta love 'em. -# -# AC_CHECK_LIB(xnet, socket, , -# AC_CHECK_LIB(socket, socket) -# ) -# -# Use this for now, instead: -# -case "$host" in - mips-sgi-irix*) - ;; - *-linux*) - ;; - *) - AC_CHECK_LIB(socket, socket) - AC_CHECK_LIB(nsl, inet_addr) - ;; -esac - -# -# Work around Solaris's select() limitations. -# -case "$host" in - *-solaris2.[[89]]|*-solaris2.1?) - AC_DEFINE(FD_SETSIZE, 65536, - [Solaris hack to get select_large_fdset.]) - ;; -esac - -# -# Purify support -# -AC_MSG_CHECKING(whether to use purify) -AC_ARG_WITH(purify, - [ --with-purify[=PATH] use Rational purify], - use_purify="$withval", use_purify="no") - -case "$use_purify" in - no) - ;; - yes) - AC_PATH_PROG(purify_path, purify, purify) - ;; - *) - purify_path="$use_purify" - ;; -esac - -case "$use_purify" in - no) - AC_MSG_RESULT(no) - PURIFY="" - ;; - *) - if test -f $purify_path || test $purify_path = purify; then - AC_MSG_RESULT($purify_path) - PURIFYFLAGS="`echo $PURIFYOPTIONS`" - PURIFY="$purify_path $PURIFYFLAGS" - else - AC_MSG_ERROR([$purify_path not found. - -Please choose the proper path with the following command: - - configure --with-purify=PATH -]) - fi - ;; -esac - -AC_SUBST(PURIFY) - -# -# Google/Great Performance Tools CPU Profiler -# -AC_MSG_CHECKING(whether to use gperftools profiler) -AC_ARG_WITH(gperftools-profiler, - [ --with-gperftools-profiler use gperftools CPU profiler], - use_profiler="$withval", use_profiler="no") - -case $use_profiler in - yes) - AC_MSG_RESULT(yes) - AC_DEFINE([HAVE_GPERFTOOLS_PROFILER], 1, - [Define to use gperftools CPU profiler.]) - LIBS="$LIBS -lprofiler" - ;; - *) - AC_MSG_RESULT(no) - ;; -esac - -# -# enable/disable dumping stack backtrace. Also check if the system supports -# glibc-compatible backtrace() function. -# -AC_ARG_ENABLE(backtrace, -[ --enable-backtrace log stack backtrace on abort [[default=yes]]], - want_backtrace="$enableval", want_backtrace="yes") -case $want_backtrace in -yes) - ISC_PLATFORM_USEBACKTRACE="#define ISC_PLATFORM_USEBACKTRACE 1" - AC_TRY_LINK([#include <execinfo.h>], - [return (backtrace((void **)0, 0));], - [AC_DEFINE([HAVE_LIBCTRACE], [], [if system have backtrace function])],) - ;; -*) - ISC_PLATFORM_USEBACKTRACE="#undef ISC_PLATFORM_USEBACKTRACE" - ;; -esac -AC_SUBST(ISC_PLATFORM_USEBACKTRACE) - -AC_ARG_ENABLE(symtable, -[ --enable-symtable use internal symbol table for backtrace - [[all|minimal(default)|none]]], - want_symtable="$enableval", want_symtable="minimal") -case $want_symtable in -yes|all|minimal) # "yes" is a hidden value equivalent to "minimal" - if test "$PERL" = "" - then - AC_MSG_ERROR([Internal symbol table requires perl but no perl is found. -Install perl or explicitly disable the feature by --disable-symtable.]) - fi - if test "$use_libtool" = "yes"; then - AC_MSG_WARN([Internal symbol table does not work with libtool. Disabling symbol table.]) - else - # we generate the internal symbol table only for those systems - # known to work to avoid unexpected build failure. Also, warn - # about unsupported systems when the feature is enabled - # manually. - case $host_os in - freebsd*|netbsd*|openbsd*|linux*|solaris*|darwin*) - MKSYMTBL_PROGRAM="$PERL" - if test $want_symtable = all; then - ALWAYS_MAKE_SYMTABLE="yes" - fi - ;; - *) - if test $want_symtable = yes -o $want_symtable = all - then - AC_MSG_WARN([this system is not known to generate internal symbol table safely; disabling it]) - fi - esac - fi - ;; -*) - ;; -esac -AC_SUBST(MKSYMTBL_PROGRAM) -AC_SUBST(ALWAYS_MAKE_SYMTABLE) - -# -# File name extension for static archive files, for those few places -# where they are treated differently from dynamic ones. -# -SA=a - -AC_SUBST(O) -AC_SUBST(A) -AC_SUBST(SA) -AC_SUBST(LIBTOOL_MKDEP_SED) -AC_SUBST(LIBTOOL_MODE_COMPILE) -AC_SUBST(LIBTOOL_MODE_INSTALL) -AC_SUBST(LIBTOOL_MODE_LINK) -AC_SUBST(LIBTOOL_ALLOW_UNDEFINED) -AC_SUBST(LIBTOOL_IN_MAIN) - -BIND9_CO_RULE=".c.$O:" -AC_SUBST(BIND9_CO_RULE) - -# -# Here begins a very long section to determine the system's networking -# capabilities. The order of the tests is significant. -# - -# -# IPv6 -# -AC_ARG_ENABLE(ipv6, - [ --enable-ipv6 use IPv6 [default=autodetect]]) - -case "$enable_ipv6" in - yes|''|autodetect) - AC_DEFINE(WANT_IPV6) - ;; - no) - ;; -esac - -# -# We do the IPv6 compilation checking after libtool so that we can put -# the right suffix on the files. -# -AC_MSG_CHECKING(for IPv6 structures) -AC_TRY_COMPILE([ -#include <sys/types.h> -#include <sys/socket.h> -#include <netinet/in.h>], -[struct sockaddr_in6 sin6; return (0);], - [AC_MSG_RESULT(yes) - found_ipv6=yes], - [AC_MSG_RESULT(no) - found_ipv6=no]) - -# -# See whether IPv6 support is provided via a Kame add-on. -# This is done before other IPv6 linking tests to LIBS is properly set. -# -AC_MSG_CHECKING(for Kame IPv6 support) -AC_ARG_WITH(kame, - [ --with-kame[=PATH] use Kame IPv6 [default path /usr/local/v6]], - use_kame="$withval", use_kame="no") - -case "$use_kame" in - no) - ;; - yes) - kame_path=/usr/local/v6 - ;; - *) - kame_path="$use_kame" - ;; -esac - -case "$use_kame" in - no) - AC_MSG_RESULT(no) - ;; - *) - if test -f $kame_path/lib/libinet6.a; then - AC_MSG_RESULT($kame_path/lib/libinet6.a) - LIBS="-L$kame_path/lib -linet6 $LIBS" - else - AC_MSG_ERROR([$kame_path/lib/libinet6.a not found. - -Please choose the proper path with the following command: - - configure --with-kame=PATH -]) - fi - ;; -esac - -# -# Whether netinet6/in6.h is needed has to be defined in isc/platform.h. -# Including it on Kame-using platforms is very bad, though, because -# Kame uses #error against direct inclusion. So include it on only -# the platform that is otherwise broken without it -- BSD/OS 4.0 through 4.1. -# This is done before the in6_pktinfo check because that's what -# netinet6/in6.h is needed for. -# -changequote({, }) -case "$host" in -*-bsdi4.[01]*) - ISC_PLATFORM_NEEDNETINET6IN6H="#define ISC_PLATFORM_NEEDNETINET6IN6H 1" - LWRES_PLATFORM_NEEDNETINET6IN6H="#define LWRES_PLATFORM_NEEDNETINET6IN6H 1" - isc_netinet6in6_hack="#include <netinet6/in6.h>" - ;; -*) - ISC_PLATFORM_NEEDNETINET6IN6H="#undef ISC_PLATFORM_NEEDNETINET6IN6H" - LWRES_PLATFORM_NEEDNETINET6IN6H="#undef LWRES_PLATFORM_NEEDNETINET6IN6H" - isc_netinet6in6_hack="" - ;; -esac -changequote([, ]) - -# -# This is similar to the netinet6/in6.h issue. -# -case "$host" in -*-sco-sysv*uw*|*-*-sysv*UnixWare*|*-*-sysv*OpenUNIX*) - # UnixWare - ISC_PLATFORM_NEEDNETINETIN6H="#define ISC_PLATFORM_NEEDNETINETIN6H 1" - LWRES_PLATFORM_NEEDNETINETIN6H="#define LWRES_PLATFORM_NEEDNETINETIN6H 1" - ISC_PLATFORM_FIXIN6ISADDR="#define ISC_PLATFORM_FIXIN6ISADDR 1" - isc_netinetin6_hack="#include <netinet/in6.h>" - ;; -*) - ISC_PLATFORM_NEEDNETINETIN6H="#undef ISC_PLATFORM_NEEDNETINETIN6H" - LWRES_PLATFORM_NEEDNETINETIN6H="#undef LWRES_PLATFORM_NEEDNETINETIN6H" - ISC_PLATFORM_FIXIN6ISADDR="#undef ISC_PLATFORM_FIXIN6ISADDR" - isc_netinetin6_hack="" - ;; -esac - -# -# Now delve deeper into the suitability of the IPv6 support. -# -case "$found_ipv6" in - yes) - ISC_PLATFORM_HAVEIPV6="#define ISC_PLATFORM_HAVEIPV6 1" - LWRES_PLATFORM_HAVEIPV6="#define LWRES_PLATFORM_HAVEIPV6 1" - - AC_MSG_CHECKING(for in6_addr) - AC_TRY_COMPILE([ -#include <sys/types.h> -#include <sys/socket.h> -#include <netinet/in.h> -$isc_netinetin6_hack -$isc_netinet6in6_hack -], -[struct in6_addr in6; return (0);], - [AC_MSG_RESULT(yes) - ISC_PLATFORM_HAVEINADDR6="#undef ISC_PLATFORM_HAVEINADDR6" - LWRES_PLATFORM_HAVEINADDR6="#undef LWRES_PLATFORM_HAVEINADDR6" - isc_in_addr6_hack=""], - [AC_MSG_RESULT(no) - ISC_PLATFORM_HAVEINADDR6="#define ISC_PLATFORM_HAVEINADDR6 1" - LWRES_PLATFORM_HAVEINADDR6="#define LWRES_PLATFORM_HAVEINADDR6 1" - isc_in_addr6_hack="#define in6_addr in_addr6"]) - - AC_MSG_CHECKING(for in6addr_any) - AC_TRY_LINK([ -#include <sys/types.h> -#include <sys/socket.h> -#include <netinet/in.h> -$isc_netinetin6_hack -$isc_netinet6in6_hack -$isc_in_addr6_hack -], - [struct in6_addr in6; in6 = in6addr_any; return (in6.s6_addr[0]);], - [AC_MSG_RESULT(yes) - ISC_PLATFORM_NEEDIN6ADDRANY="#undef ISC_PLATFORM_NEEDIN6ADDRANY" - LWRES_PLATFORM_NEEDIN6ADDRANY="#undef LWRES_PLATFORM_NEEDIN6ADDRANY"], - [AC_MSG_RESULT(no) - ISC_PLATFORM_NEEDIN6ADDRANY="#define ISC_PLATFORM_NEEDIN6ADDRANY 1" - LWRES_PLATFORM_NEEDIN6ADDRANY="#define LWRES_PLATFORM_NEEDIN6ADDRANY 1"]) - - AC_MSG_CHECKING(for in6addr_loopback) - AC_TRY_LINK([ -#include <sys/types.h> -#include <sys/socket.h> -#include <netinet/in.h> -$isc_netinetin6_hack -$isc_netinet6in6_hack -$isc_in_addr6_hack -], - [struct in6_addr in6; in6 = in6addr_loopback; return (in6.s6_addr[0]);], - [AC_MSG_RESULT(yes) - ISC_PLATFORM_NEEDIN6ADDRLOOPBACK="#undef ISC_PLATFORM_NEEDIN6ADDRLOOPBACK" - LWRES_PLATFORM_NEEDIN6ADDRLOOPBACK="#undef LWRES_PLATFORM_NEEDIN6ADDRLOOPBACK"], - [AC_MSG_RESULT(no) - ISC_PLATFORM_NEEDIN6ADDRLOOPBACK="#define ISC_PLATFORM_NEEDIN6ADDRLOOPBACK 1" - LWRES_PLATFORM_NEEDIN6ADDRLOOPBACK="#define LWRES_PLATFORM_NEEDIN6ADDRLOOPBACK 1"]) - - AC_MSG_CHECKING(for sin6_scope_id in struct sockaddr_in6) - AC_TRY_COMPILE([ -#include <sys/types.h> -#include <sys/socket.h> -#include <netinet/in.h> -$isc_netinetin6_hack -$isc_netinet6in6_hack -], - [struct sockaddr_in6 xyzzy; xyzzy.sin6_scope_id = 0; return (0);], - [AC_MSG_RESULT(yes) - ISC_PLATFORM_HAVESCOPEID="#define ISC_PLATFORM_HAVESCOPEID 1" - result="#define LWRES_HAVE_SIN6_SCOPE_ID 1"], - [AC_MSG_RESULT(no) - ISC_PLATFORM_HAVESCOPEID="#undef ISC_PLATFORM_HAVESCOPEID" - result="#undef LWRES_HAVE_SIN6_SCOPE_ID"]) - LWRES_HAVE_SIN6_SCOPE_ID="$result" - - AC_MSG_CHECKING(for in6_pktinfo) - AC_TRY_COMPILE([ -#include <sys/types.h> -#include <sys/socket.h> -#include <netinet/in.h> -$isc_netinetin6_hack -$isc_netinet6in6_hack -], - [struct in6_pktinfo xyzzy; return (0);], - [AC_MSG_RESULT(yes) - ISC_PLATFORM_HAVEIN6PKTINFO="#define ISC_PLATFORM_HAVEIN6PKTINFO 1"], - [AC_MSG_RESULT(no -- disabling runtime ipv6 support) - ISC_PLATFORM_HAVEIN6PKTINFO="#undef ISC_PLATFORM_HAVEIN6PKTINFO"]) - ;; - no) - ISC_PLATFORM_HAVEIPV6="#undef ISC_PLATFORM_HAVEIPV6" - LWRES_PLATFORM_HAVEIPV6="#undef LWRES_PLATFORM_HAVEIPV6" - ISC_PLATFORM_NEEDIN6ADDRANY="#undef ISC_PLATFORM_NEEDIN6ADDRANY" - LWRES_PLATFORM_NEEDIN6ADDRANY="#undef LWRES_PLATFORM_NEEDIN6ADDRANY" - ISC_PLATFORM_HAVEIN6PKTINFO="#undef ISC_PLATFORM_HAVEIN6PKTINFO" - LWRES_HAVE_SIN6_SCOPE_ID="#define LWRES_HAVE_SIN6_SCOPE_ID 1" - ISC_PLATFORM_HAVESCOPEID="#define ISC_PLATFORM_HAVESCOPEID 1" - ISC_IPV6_H="ipv6.h" - ISC_IPV6_O="ipv6.$O" - ISC_ISCIPV6_O="unix/ipv6.$O" - ISC_IPV6_C="ipv6.c" - ;; -esac - -AC_MSG_CHECKING(for struct sockaddr_storage) -AC_TRY_COMPILE([ -#include <sys/types.h> -#include <sys/socket.h> -$isc_netinetin6_hack -$isc_netinet6in6_hack -], -[struct sockaddr_storage storage; return (0);], -[AC_MSG_RESULT(yes) -ISC_PLATFORM_HAVESOCKADDRSTORAGE="#define ISC_PLATFORM_HAVESOCKADDRSTORAGE 1"], -[AC_MSG_RESULT(no) -ISC_PLATFORM_HAVESOCKADDRSTORAGE="#undef ISC_PLATFORM_HAVESOCKADDRSTORAGE"]) - -AC_SUBST(ISC_PLATFORM_HAVEIPV6) -AC_SUBST(LWRES_PLATFORM_HAVEIPV6) -AC_SUBST(ISC_PLATFORM_NEEDNETINETIN6H) -AC_SUBST(LWRES_PLATFORM_NEEDNETINETIN6H) -AC_SUBST(ISC_PLATFORM_NEEDNETINET6IN6H) -AC_SUBST(LWRES_PLATFORM_NEEDNETINET6IN6H) -AC_SUBST(ISC_PLATFORM_HAVEINADDR6) -AC_SUBST(LWRES_PLATFORM_HAVEINADDR6) -AC_SUBST(ISC_PLATFORM_NEEDIN6ADDRANY) -AC_SUBST(LWRES_PLATFORM_NEEDIN6ADDRANY) -AC_SUBST(ISC_PLATFORM_NEEDIN6ADDRLOOPBACK) -AC_SUBST(LWRES_PLATFORM_NEEDIN6ADDRLOOPBACK) -AC_SUBST(ISC_PLATFORM_HAVEIN6PKTINFO) -AC_SUBST(ISC_PLATFORM_FIXIN6ISADDR) -AC_SUBST(ISC_PLATFORM_HAVESOCKADDRSTORAGE) -AC_SUBST(ISC_IPV6_H) -AC_SUBST(ISC_IPV6_O) -AC_SUBST(ISC_ISCIPV6_O) -AC_SUBST(ISC_IPV6_C) -AC_SUBST(LWRES_HAVE_SIN6_SCOPE_ID) -AC_SUBST(ISC_PLATFORM_HAVESCOPEID) - -AC_MSG_CHECKING([for struct if_laddrreq]) -AC_TRY_LINK([ -#include <sys/types.h> -#include <net/if6.h> -],[ struct if_laddrreq a; ], - [AC_MSG_RESULT(yes) - ISC_PLATFORM_HAVEIF_LADDRREQ="#define ISC_PLATFORM_HAVEIF_LADDRREQ 1"], - [AC_MSG_RESULT(no) - ISC_PLATFORM_HAVEIF_LADDRREQ="#undef ISC_PLATFORM_HAVEIF_LADDRREQ"]) -AC_SUBST(ISC_PLATFORM_HAVEIF_LADDRREQ) - -AC_MSG_CHECKING([for struct if_laddrconf]) -AC_TRY_LINK([ -#include <sys/types.h> -#include <net/if6.h> -],[ struct if_laddrconf a; ], - [AC_MSG_RESULT(yes) - ISC_PLATFORM_HAVEIF_LADDRCONF="#define ISC_PLATFORM_HAVEIF_LADDRCONF 1"], - [AC_MSG_RESULT(no) - ISC_PLATFORM_HAVEIF_LADDRCONF="#undef ISC_PLATFORM_HAVEIF_LADDRCONF"]) -AC_SUBST(ISC_PLATFORM_HAVEIF_LADDRCONF) - -# -# Check for network functions that are often missing. We do this -# after the libtool checking, so we can put the right suffix on -# the files. It also needs to come after checking for a Kame add-on, -# which provides some (all?) of the desired functions. -# - -AC_MSG_CHECKING([for inet_ntop with IPv6 support]) -AC_TRY_RUN([ -#include <sys/types.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <arpa/inet.h> -main() { -char a[16],b[64]; return(inet_ntop(AF_INET6, a, b, sizeof(b)) == (char*)0);}], - [AC_MSG_RESULT(yes) - ISC_PLATFORM_NEEDNTOP="#undef ISC_PLATFORM_NEEDNTOP"], - - [AC_MSG_RESULT(no) - ISC_EXTRA_OBJS="$ISC_EXTRA_OBJS inet_ntop.$O" - ISC_EXTRA_SRCS="$ISC_EXTRA_SRCS inet_ntop.c" - ISC_PLATFORM_NEEDNTOP="#define ISC_PLATFORM_NEEDNTOP 1"], - [AC_MSG_RESULT(assuming inet_ntop not needed) - ISC_PLATFORM_NEEDNTOP="#undef ISC_PLATFORM_NEEDNTOP"]) - - -# On NetBSD 1.4.2 and maybe others, inet_pton() incorrectly accepts -# addresses with less than four octets, like "1.2.3". Also leading -# zeros should also be rejected. - -AC_MSG_CHECKING([for working inet_pton with IPv6 support]) -AC_TRY_RUN([ -#include <sys/types.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <arpa/inet.h> -main() { char a[16]; return (inet_pton(AF_INET, "1.2.3", a) == 1 ? 1 : - inet_pton(AF_INET, "1.2.3.04", a) == 1 ? 1 : - (inet_pton(AF_INET6, "::1.2.3.4", a) != 1)); }], - [AC_MSG_RESULT(yes) - ISC_PLATFORM_NEEDPTON="#undef ISC_PLATFORM_NEEDPTON"], - [AC_MSG_RESULT(no) - ISC_EXTRA_OBJS="$ISC_EXTRA_OBJS inet_pton.$O" - ISC_EXTRA_SRCS="$ISC_EXTRA_SRCS inet_pton.c" - ISC_PLATFORM_NEEDPTON="#define ISC_PLATFORM_NEEDPTON 1"], - [AC_MSG_RESULT(assuming inet_pton needed) - ISC_EXTRA_OBJS="$ISC_EXTRA_OBJS inet_pton.$O" - ISC_EXTRA_SRCS="$ISC_EXTRA_SRCS inet_pton.c" - ISC_PLATFORM_NEEDPTON="#define ISC_PLATFORM_NEEDPTON 1"]) - -AC_SUBST(ISC_PLATFORM_NEEDNTOP) -AC_SUBST(ISC_PLATFORM_NEEDPTON) - -# -# Look for a 4.4BSD-style sa_len member in struct sockaddr. -# -case "$host" in - *-dec-osf*) - # Turn on 4.4BSD style sa_len support. - AC_DEFINE(_SOCKADDR_LEN) - ;; -esac - -AC_MSG_CHECKING(for sa_len in struct sockaddr) -AC_TRY_COMPILE([ -#include <sys/types.h> -#include <sys/socket.h>], -[struct sockaddr sa; sa.sa_len = 0; return (0);], - [AC_MSG_RESULT(yes) - ISC_PLATFORM_HAVESALEN="#define ISC_PLATFORM_HAVESALEN 1" - LWRES_PLATFORM_HAVESALEN="#define LWRES_PLATFORM_HAVESALEN 1"], - [AC_MSG_RESULT(no) - ISC_PLATFORM_HAVESALEN="#undef ISC_PLATFORM_HAVESALEN" - LWRES_PLATFORM_HAVESALEN="#undef LWRES_PLATFORM_HAVESALEN"]) -AC_SUBST(ISC_PLATFORM_HAVESALEN) -AC_SUBST(LWRES_PLATFORM_HAVESALEN) - -# -# Look for a 4.4BSD or 4.3BSD struct msghdr -# -AC_MSG_CHECKING(for struct msghdr flavor) -AC_TRY_COMPILE([ -#include <sys/types.h> -#include <sys/socket.h>], -[struct msghdr msg; msg.msg_flags = 0; return (0);], - [AC_MSG_RESULT(4.4BSD) - ISC_PLATFORM_MSGHDRFLAVOR="#define ISC_NET_BSD44MSGHDR 1"], - [AC_MSG_RESULT(4.3BSD) - ISC_PLATFORM_MSGHDRFLAVOR="#define ISC_NET_BSD43MSGHDR 1"]) -AC_SUBST(ISC_PLATFORM_MSGHDRFLAVOR) - -# -# Look for in_port_t. -# -AC_MSG_CHECKING(for type in_port_t) -AC_TRY_COMPILE([ -#include <sys/types.h> -#include <netinet/in.h>], -[in_port_t port = 25; return (0);], - [AC_MSG_RESULT(yes) - ISC_PLATFORM_NEEDPORTT="#undef ISC_PLATFORM_NEEDPORTT"], - [AC_MSG_RESULT(no) - ISC_PLATFORM_NEEDPORTT="#define ISC_PLATFORM_NEEDPORTT 1"]) -AC_SUBST(ISC_PLATFORM_NEEDPORTT) - -# -# Look for TCP_FASTOPEN -# -AC_MSG_CHECKING(for TCP_FASTOPEN socket option) -AC_EGREP_CPP(has_tfo, [ -#include <sys/types.h> -#include <sys/socket.h> -#include <netinet/tcp.h> -#ifdef TCP_FASTOPEN -int has_tfo() { return (0); } -#endif -], - [AC_MSG_RESULT(yes) - ISC_PLATFORM_HAVETFO="#define ISC_PLATFORM_HAVETFO 1"], - [AC_MSG_RESULT(no) - ISC_PLATFORM_HAVETFO="#undef ISC_PLATFORM_HAVETFO"]) -AC_SUBST(ISC_PLATFORM_HAVETFO) - -# -# Check for addrinfo -# -AC_MSG_CHECKING(for struct addrinfo) -AC_TRY_COMPILE([ -#include <netdb.h>], -[struct addrinfo a; return (0);], - [AC_MSG_RESULT(yes) - ISC_LWRES_NEEDADDRINFO="#undef ISC_LWRES_NEEDADDRINFO" - ISC_IRS_NEEDADDRINFO="#undef ISC_IRS_NEEDADDRINFO" - AC_DEFINE(HAVE_ADDRINFO)], - [AC_MSG_RESULT(no) - ISC_LWRES_NEEDADDRINFO="#define ISC_LWRES_NEEDADDRINFO 1" - ISC_IRS_NEEDADDRINFO="#define ISC_IRS_NEEDADDRINFO 1"]) -AC_SUBST(ISC_LWRES_NEEDADDRINFO) -AC_SUBST(ISC_IRS_NEEDADDRINFO) - -# -# Check for rrsetinfo -# -AC_MSG_CHECKING(for struct rrsetinfo) -AC_TRY_COMPILE([ -#include <netdb.h>], -[struct rrsetinfo r; return (0);], - [AC_MSG_RESULT(yes) - ISC_LWRES_NEEDRRSETINFO="#undef ISC_LWRES_NEEDRRSETINFO"], - [AC_MSG_RESULT(no) - ISC_LWRES_NEEDRRSETINFO="#define ISC_LWRES_NEEDRRSETINFO 1"]) -AC_SUBST(ISC_LWRES_NEEDRRSETINFO) - -AC_MSG_CHECKING(for int sethostent) -AC_TRY_COMPILE([ -#include <netdb.h>], -[int i = sethostent(0); return(0);], - [AC_MSG_RESULT(yes) - ISC_LWRES_SETHOSTENTINT="#define ISC_LWRES_SETHOSTENTINT 1"], - [AC_MSG_RESULT(no) - ISC_LWRES_SETHOSTENTINT="#undef ISC_LWRES_SETHOSTENTINT"]) -AC_SUBST(ISC_LWRES_SETHOSTENTINT) - -AC_MSG_CHECKING(for int endhostent) -AC_TRY_COMPILE([ -#include <netdb.h>], -[int i = endhostent(); return(0);], - [AC_MSG_RESULT(yes) - ISC_LWRES_ENDHOSTENTINT="#define ISC_LWRES_ENDHOSTENTINT 1"], - [AC_MSG_RESULT(no) - ISC_LWRES_ENDHOSTENTINT="#undef ISC_LWRES_ENDHOSTENTINT"]) -AC_SUBST(ISC_LWRES_ENDHOSTENTINT) - -AC_MSG_CHECKING(for getnetbyaddr(in_addr_t, ...)) -AC_TRY_COMPILE([ -#include <netdb.h> -struct netent *getnetbyaddr(in_addr_t, int);], -[], - [AC_MSG_RESULT(yes) - ISC_LWRES_GETNETBYADDRINADDR="#define ISC_LWRES_GETNETBYADDRINADDR 1"], - [AC_MSG_RESULT(no) - ISC_LWRES_GETNETBYADDRINADDR="#undef ISC_LWRES_GETNETBYADDRINADDR"]) -AC_SUBST(ISC_LWRES_GETNETBYADDRINADDR) - -AC_MSG_CHECKING(for int setnetent) -AC_TRY_COMPILE([ -#include <netdb.h>], -[int i = setnetent(0); return(0);], - [AC_MSG_RESULT(yes) - ISC_LWRES_SETNETENTINT="#define ISC_LWRES_SETNETENTINT 1"], - [AC_MSG_RESULT(no) - ISC_LWRES_SETNETENTINT="#undef ISC_LWRES_SETNETENTINT"]) -AC_SUBST(ISC_LWRES_SETNETENTINT) - -AC_MSG_CHECKING(for int endnetent) -AC_TRY_COMPILE([ -#include <netdb.h>], -[int i = endnetent(); return(0);], - [AC_MSG_RESULT(yes) - ISC_LWRES_ENDNETENTINT="#define ISC_LWRES_ENDNETENTINT 1"], - [AC_MSG_RESULT(no) - ISC_LWRES_ENDNETENTINT="#undef ISC_LWRES_ENDNETENTINT"]) -AC_SUBST(ISC_LWRES_ENDNETENTINT) - -AC_MSG_CHECKING(for gethostbyaddr(const void *, size_t, ...)) -AC_TRY_COMPILE([ -#include <netdb.h> -struct hostent *gethostbyaddr(const void *, size_t, int);], -[return(0);], - [AC_MSG_RESULT(yes) - ISC_LWRES_GETHOSTBYADDRVOID="#define ISC_LWRES_GETHOSTBYADDRVOID 1"], - [AC_MSG_RESULT(no) - ISC_LWRES_GETHOSTBYADDRVOID="#undef ISC_LWRES_GETHOSTBYADDRVOID"]) -AC_SUBST(ISC_LWRES_GETHOSTBYADDRVOID) - -AC_MSG_CHECKING(for h_errno in netdb.h) -AC_TRY_COMPILE([ -#include <netdb.h>], -[h_errno = 1; return(0);], - [AC_MSG_RESULT(yes) - ISC_LWRES_NEEDHERRNO="#undef ISC_LWRES_NEEDHERRNO"], - [AC_MSG_RESULT(no) - ISC_LWRES_NEEDHERRNO="#define ISC_LWRES_NEEDHERRNO 1"]) -AC_SUBST(ISC_LWRES_NEEDHERRNO) - -# -# Sadly, the definitions of system-supplied getnameinfo(3) vary. Try to catch -# known variations here: -# -AC_MSG_CHECKING(for getnameinfo prototype definitions) -AC_TRY_COMPILE([ -#include <sys/types.h> -#include <sys/socket.h> -#include <netdb.h> -int getnameinfo(const struct sockaddr *, socklen_t, char *, - socklen_t, char *, socklen_t, unsigned int);], -[ return (0);], - [AC_MSG_RESULT(socklen_t for buflen; u_int for flags) - AC_DEFINE(IRS_GETNAMEINFO_SOCKLEN_T, socklen_t, - [Define to the sockaddr length type used by getnameinfo(3).]) - AC_DEFINE(IRS_GETNAMEINFO_BUFLEN_T, socklen_t, - [Define to the buffer length type used by getnameinfo(3).]) - AC_DEFINE(IRS_GETNAMEINFO_FLAGS_T, unsigned int, - [Define to the flags type used by getnameinfo(3).])], -[AC_TRY_COMPILE([ -#include <sys/types.h> -#include <sys/socket.h> -#include <netdb.h> -int getnameinfo(const struct sockaddr *, socklen_t, char *, - size_t, char *, size_t, int);], -[ return (0);], - [AC_MSG_RESULT(size_t for buflen; int for flags) - AC_DEFINE(IRS_GETNAMEINFO_SOCKLEN_T, socklen_t) - AC_DEFINE(IRS_GETNAMEINFO_BUFLEN_T, size_t) - AC_DEFINE(IRS_GETNAMEINFO_FLAGS_T, int)], -[AC_TRY_COMPILE([ -#include <sys/types.h> -#include <sys/socket.h> -#include <netdb.h> -int getnameinfo(const struct sockaddr *, size_t, char *, - size_t, char *, size_t, int);], -[ return (0);], - [AC_MSG_RESULT(size_t for buflen; int for flags) - AC_DEFINE(IRS_GETNAMEINFO_SOCKLEN_T, size_t) - AC_DEFINE(IRS_GETNAMEINFO_BUFLEN_T, size_t) - AC_DEFINE(IRS_GETNAMEINFO_FLAGS_T, int)], -[AC_MSG_RESULT(not match any subspecies; assume standard definition) -AC_DEFINE(IRS_GETNAMEINFO_SOCKLEN_T, socklen_t) -AC_DEFINE(IRS_GETNAMEINFO_BUFLEN_T, socklen_t) -AC_DEFINE(IRS_GETNAMEINFO_FLAGS_T, int)])])]) - -# -# ...and same for gai_strerror(). -# -AC_MSG_CHECKING(for gai_strerror prototype definitions) -AC_TRY_COMPILE([ -#include <sys/types.h> -#include <sys/socket.h> -#include <netdb.h> -char *gai_strerror(int ecode);], -[ return (0); ], - [AC_MSG_RESULT(returning char *) - AC_DEFINE([IRS_GAISTRERROR_RETURN_T], [char *], - [return type of gai_strerror])], -[AC_MSG_RESULT(not match any subspecies; assume standard definition) -AC_DEFINE([IRS_GAISTRERROR_RETURN_T], [const char *])]) - -AC_CHECK_FUNC(getipnodebyname, - [ISC_LWRES_GETIPNODEPROTO="#undef ISC_LWRES_GETIPNODEPROTO"], - [ISC_LWRES_GETIPNODEPROTO="#define ISC_LWRES_GETIPNODEPROTO 1"]) -AC_CHECK_FUNC(getnameinfo, - [ISC_LWRES_GETNAMEINFOPROTO="#undef ISC_LWRES_GETNAMEINFOPROTO"], - [ISC_LWRES_GETNAMEINFOPROTO="#define ISC_LWRES_GETNAMEINFOPROTO 1"]) -AC_CHECK_FUNC(getaddrinfo, - [ISC_LWRES_GETADDRINFOPROTO="#undef ISC_LWRES_GETADDRINFOPROTO" - AC_DEFINE(HAVE_GETADDRINFO)], - [ISC_LWRES_GETADDRINFOPROTO="#define ISC_LWRES_GETADDRINFOPROTO 1"]) -AC_CHECK_FUNC(gai_strerror, AC_DEFINE(HAVE_GAISTRERROR)) -AC_SUBST(ISC_LWRES_GETIPNODEPROTO) -AC_SUBST(ISC_LWRES_GETADDRINFOPROTO) -AC_SUBST(ISC_LWRES_GETNAMEINFOPROTO) -AC_SUBST(ISC_IRS_GETNAMEINFOSOCKLEN) - -AC_ARG_ENABLE(getifaddrs, -[ --enable-getifaddrs enable the use of getifaddrs() [[yes|no]].], - want_getifaddrs="$enableval", want_getifaddrs="yes") - -# -# This interface iteration code for getifaddrs() will fall back to using -# /proc/net/if_inet6 if getifaddrs() in glibc doesn't return any IPv6 -# addresses. -# -case $want_getifaddrs in -glibc) -AC_MSG_WARN("--enable-getifaddrs=glibc is no longer required") -AC_CHECK_FUNC(getifaddrs, AC_DEFINE(HAVE_GETIFADDRS)) -;; -yes) -AC_CHECK_FUNC(getifaddrs, AC_DEFINE(HAVE_GETIFADDRS)) -;; -no) -;; -esac - -# -# Look for a sysctl call to get the list of network interfaces. -# -case $ac_cv_header_sys_sysctl_h in -yes) -AC_MSG_CHECKING(for interface list sysctl) -AC_EGREP_CPP(found_rt_iflist, [ -#include <sys/param.h> -#include <sys/sysctl.h> -#include <sys/socket.h> -#ifdef NET_RT_IFLIST -found_rt_iflist -#endif -], - [AC_MSG_RESULT(yes) - AC_DEFINE(HAVE_IFLIST_SYSCTL)], - [AC_MSG_RESULT(no)]) -;; -esac - -# -# Check for some other useful functions that are not ever-present. -# - -# We test for strsep() using AC_TRY_LINK instead of AC_CHECK_FUNC -# because AIX 4.3.3 with patches for bos.adt.include to version 4.3.3.77 -# reportedly defines strsep() without declaring it in <string.h> when -# -D_LINUX_SOURCE_COMPAT is not defined [RT #2190], and -# AC_CHECK_FUNC() incorrectly succeeds because it declares -# the function itself. -AC_MSG_CHECKING(for correctly declared strsep()) -AC_TRY_LINK([#include <string.h>], [char *sp; char *foo = strsep(&sp, ".");], - [AC_MSG_RESULT(yes); ISC_PLATFORM_NEEDSTRSEP="#undef ISC_PLATFORM_NEEDSTRSEP"], - [AC_MSG_RESULT(no); ISC_PLATFORM_NEEDSTRSEP="#define ISC_PLATFORM_NEEDSTRSEP 1"]) -AC_SUBST(ISC_PLATFORM_NEEDSTRSEP) - -AC_CHECK_FUNC(memmove, - [ISC_PLATFORM_NEEDMEMMOVE="#undef ISC_PLATFORM_NEEDMEMMOVE"], - [ISC_PLATFORM_NEEDMEMMOVE="#define ISC_PLATFORM_NEEDMEMMOVE 1"]) -AC_SUBST(ISC_PLATFORM_NEEDMEMMOVE) - -AC_CHECK_FUNC(strtoul, - [ISC_PLATFORM_NEEDSTRTOUL="#undef ISC_PLATFORM_NEEDSTRTOUL" - LWRES_PLATFORM_NEEDSTRTOUL="#undef LWRES_PLATFORM_NEEDSTRTOUL" - GENRANDOMLIB=""], - [ISC_PLATFORM_NEEDSTRTOUL="#define ISC_PLATFORM_NEEDSTRTOUL 1" - LWRES_PLATFORM_NEEDSTRTOUL="#define LWRES_PLATFORM_NEEDSTRTOUL 1" - GENRANDOMLIB='${ISCLIBS}']) -AC_SUBST(ISC_PLATFORM_NEEDSTRTOUL) -AC_SUBST(LWRES_PLATFORM_NEEDSTRTOUL) -AC_SUBST(GENRANDOMLIB) - -AC_CHECK_FUNC(strlcpy, - [ISC_PLATFORM_NEEDSTRLCPY="#undef ISC_PLATFORM_NEEDSTRLCPY" - LWRES_PLATFORM_NEEDSTRLCPY="#undef LWRES_PLATFORM_NEEDSTRLCPY"], - [ISC_PLATFORM_NEEDSTRLCPY="#define ISC_PLATFORM_NEEDSTRLCPY 1" - LWRES_PLATFORM_NEEDSTRLCPY="#define LWRES_PLATFORM_NEEDSTRLCPY 1"]) -AC_SUBST(ISC_PLATFORM_NEEDSTRLCPY) -AC_SUBST(LWRES_PLATFORM_NEEDSTRLCPY) - -AC_CHECK_FUNC(strlcat, - [ISC_PLATFORM_NEEDSTRLCAT="#undef ISC_PLATFORM_NEEDSTRLCAT"], - [ISC_PLATFORM_NEEDSTRLCAT="#define ISC_PLATFORM_NEEDSTRLCAT 1"]) -AC_SUBST(ISC_PLATFORM_NEEDSTRLCAT) - -AC_CHECK_FUNC(strcasestr, - [ISC_PLATFORM_NEEDSTRCASESTR="#undef ISC_PLATFORM_NEEDSTRCASESTR"], - [ISC_PLATFORM_NEEDSTRCASESTR="#define ISC_PLATFORM_NEEDSTRCASESTR 1"]) -AC_SUBST(ISC_PLATFORM_NEEDSTRCASESTR) - -AC_SUBST(READLINE_LIB) -AC_ARG_WITH(readline, - [ --with-readline[=LIBSPEC] specify readline library [default auto]], - readline="$withval", readline="auto") -case "$readline" in -no) ;; -yes|auto) - saved_LIBS="$LIBS" - for readline in -ledit -lreadline - do - LIBS="$readline" - AC_MSG_NOTICE(checking for readline with $readline) - AC_CHECK_FUNCS(readline) - if test "$ac_cv_func_readline" = "yes" - then - READLINE_LIB="$readline" - break - fi - for lib in -lterminfo -ltermcap -lncurses -lcurses - do - AC_MSG_NOTICE(checking for readline with $readline $lib) - unset ac_cv_func_readline - LIBS="$readline $lib" - AC_CHECK_FUNCS(readline) - if test "$ac_cv_func_readline" = "yes" - then - READLINE_LIB="$readline $lib" - break - fi - done - if test "$ac_cv_func_readline" = "yes" - then - break - fi - done - LIBS="$saved_LIBS" - ;; -*) - saved_LIBS="$LIBS" - LIBS="$readline" - AC_MSG_NOTICE(checking for readline with $readline) - AC_CHECK_FUNCS(readline) - if test "$ac_cv_func_readline" = "yes" - then - READLINE_LIB="$readline" - else - for lib in -lterminfo -ltermcap -lncurses -lcurses - do - AC_MSG_NOTICE(checking for readline with $readline $lib) - unset ac_cv_func_readline - LIBS="$readline $lib" - AC_CHECK_FUNCS(readline) - if test "$ac_cv_func_readline" = "yes" - then - READLINE_LIB="$readline $lib" - break - fi - done - fi - LIBS="$saved_LIBS" - ;; -esac - -ISC_PRINT_OBJS= -ISC_PRINT_SRCS= -ISC_PLATFORM_NEEDPRINTF='#undef ISC_PLATFORM_NEEDPRINTF' -ISC_PLATFORM_NEEDFPRINTF='#undef ISC_PLATFORM_NEEDFPRINTF' -ISC_PLATFORM_NEEDSPRINTF='#undef ISC_PLATFORM_NEEDSPRINTF' -ISC_PLATFORM_NEEDVSNPRINTF='#undef ISC_PLATFORM_NEEDVSNPRINTF' -LWRES_PLATFORM_NEEDVSNPRINTF='#undef LWRES_PLATFORM_NEEDVSNPRINTF' - -AC_MSG_CHECKING(sprintf return type) -AC_TRY_COMPILE([ -#include <stdio.h> -], -[ char buf[2]; return(*sprintf(buf,"x"));], -[AC_MSG_RESULT(char *) -ISC_PRINT_OBJS="print.$O" -ISC_PRINT_SRCS="print.c" -ISC_PLATFORM_NEEDSPRINTF="#define ISC_PLATFORM_NEEDSPRINTF" -LWRES_PLATFORM_NEEDSPRINTF="#define LWRES_PLATFORM_NEEDSPRINTF" -],[AC_MSG_RESULT(int)]) - -AC_CHECK_FUNC(vsnprintf, [], - [ISC_PRINT_OBJS="print.$O" - ISC_PRINT_SRCS="print.c" - ISC_PLATFORM_NEEDVSNPRINTF="#define ISC_PLATFORM_NEEDVSNPRINTF 1" - LWRES_PLATFORM_NEEDVSNPRINTF="#define LWRES_PLATFORM_NEEDVSNPRINTF 1"]) - -AC_MSG_CHECKING(printf for %z support) -AC_TRY_RUN([ -#include <stdio.h> -main() { - size_t j = 0; - char buf[100]; - buf[0] = 0; - sprintf(buf, "%zu", j); - exit(strcmp(buf, "0") != 0); -} -], - [AC_MSG_RESULT(yes)], - [AC_MSG_RESULT(no) - ISC_PRINT_OBJS="print.$O" - ISC_PRINT_SRCS="print.c" - ISC_PLATFORM_NEEDPRINTF='#define ISC_PLATFORM_NEEDPRINTF 1' - ISC_PLATFORM_NEEDFPRINTF='#define ISC_PLATFORM_NEEDFPRINTF 1' - ISC_PLATFORM_NEEDFSRINTF='#define ISC_PLATFORM_NEEDSPRINTF 1' - ISC_PLATFORM_NEEDVSNPRINTF="#define ISC_PLATFORM_NEEDVSNPRINTF 1" - LWRES_PLATFORM_NEEDVSNPRINTF="#define LWRES_PLATFORM_NEEDVSNPRINTF 1"], - [AC_MSG_RESULT(assuming target platform supports %z)]) - -AC_SUBST(ISC_PLATFORM_NEEDPRINTF) -AC_SUBST(ISC_PLATFORM_NEEDFPRINTF) -AC_SUBST(ISC_PLATFORM_NEEDSPRINTF) -AC_SUBST(ISC_PLATFORM_NEEDVSNPRINTF) -AC_SUBST(LWRES_PLATFORM_NEEDSPRINTF) -AC_SUBST(LWRES_PLATFORM_NEEDVSNPRINTF) - -ISC_EXTRA_OBJS="$ISC_EXTRA_OBJS $ISC_PRINT_OBJS" -ISC_EXTRA_SRCS="$ISC_EXTRA_SRCS $ISC_PRINT_SRCS" -AC_SUBST(ISC_EXTRA_OBJS) -AC_SUBST(ISC_EXTRA_SRCS) - -AC_CHECK_FUNC(strerror, AC_DEFINE(HAVE_STRERROR)) -# -# Use our own SPNEGO implementation? -# -AC_ARG_ENABLE(isc-spnego, - [ --disable-isc-spnego use SPNEGO from GSSAPI library]) - -if test -n "$USE_GSSAPI" -then - case "$enable_isc_spnego" in - yes|'') - USE_ISC_SPNEGO='-DUSE_ISC_SPNEGO' - DST_EXTRA_OBJS="$DST_EXTRA_OBJS spnego.$O" - DST_EXTRA_SRCS="$DST_EXTRA_SRCS spnego.c" - AC_MSG_RESULT(using SPNEGO from lib/dns) - ;; - no) - AC_MSG_RESULT(using SPNEGO from GSSAPI library) - ;; - esac -fi - -AC_SUBST(USE_ISC_SPNEGO) - -AC_SUBST(DST_EXTRA_OBJS) -AC_SUBST(DST_EXTRA_SRCS) - -# Determine the printf format characters to use when printing -# values of type isc_int64_t. This will normally be "ll", but where -# the compiler treats "long long" as a alias for "long" and printf -# doesn't know about "long long" use "l". Hopefully the sprintf -# will produce a inconsistent result in the later case. If the compiler -# fails due to seeing "%lld" we fall back to "l". -# -# Digital Unix 4.0 (gcc?) (long long) is 64 bits as is its long. It uses -# %ld even for (long long)/ -# -# Win32 uses "%I64d", but that's defined elsewhere since we don't use -# configure on Win32. -# -AC_MSG_CHECKING(printf format modifier for 64-bit integers) -AC_TRY_RUN([ -#include <stdio.h> -main() { - long long int j = 0; - char buf[100]; - buf[0] = 0; - sprintf(buf, "%lld", j); - exit((sizeof(long long int) != sizeof(long int))? 0 : - (strcmp(buf, "0") != 0)); -} -], - [AC_MSG_RESULT(ll) - ISC_PLATFORM_QUADFORMAT='#define ISC_PLATFORM_QUADFORMAT "ll"' - LWRES_PLATFORM_QUADFORMAT='#define LWRES_PLATFORM_QUADFORMAT "ll"'], - [AC_MSG_RESULT(l) - ISC_PLATFORM_QUADFORMAT='#define ISC_PLATFORM_QUADFORMAT "l"' - LWRES_PLATFORM_QUADFORMAT='#define LWRES_PLATFORM_QUADFORMAT "l"'], - [AC_MSG_RESULT(assuming target platform uses ll) - ISC_PLATFORM_QUADFORMAT='#define ISC_PLATFORM_QUADFORMAT "ll"' - LWRES_PLATFORM_QUADFORMAT='#define LWRES_PLATFORM_QUADFORMAT "ll"']) -AC_SUBST(ISC_PLATFORM_QUADFORMAT) -AC_SUBST(LWRES_PLATFORM_QUADFORMAT) - - -# -# Security Stuff -# -# Note it is very recommended to *not* disable chroot(), -# this is only because chroot() was made obsolete by Posix. -AC_ARG_ENABLE(chroot, - [ --disable-chroot disable chroot]) -case "$enable_chroot" in - yes|'') - AC_CHECK_FUNCS(chroot) - ;; - no) - ;; -esac -AC_ARG_ENABLE(linux-caps, - [ --disable-linux-caps disable linux capabilities]) -case "$enable_linux_caps" in - yes|'') - AC_CHECK_HEADERS(linux/types.h) - AC_CHECK_HEADERS([sys/capability.h]) - AC_CHECK_HEADERS([linux/capability.h], [], [], - [#ifdef HAVE_LINUX_TYPES_H - #include <linux/types.h> - #endif - ]) - AC_CHECK_LIB(cap, cap_set_proc) - ;; - no) - ;; -esac -AC_CHECK_HEADERS(sys/prctl.h) - -AC_CHECK_HEADERS(sys/un.h, -ISC_PLATFORM_HAVESYSUNH="#define ISC_PLATFORM_HAVESYSUNH 1" -, -ISC_PLATFORM_HAVESYSUNH="#undef ISC_PLATFORM_HAVESYSUNH" -) -AC_SUBST(ISC_PLATFORM_HAVESYSUNH) - -case "$host" in -*-solaris*) - AC_DEFINE(NEED_SECURE_DIRECTORY, 1, - [Define if connect does not honour the permission on the UNIX domain socket.]) - ;; -*-sunos*) - AC_DEFINE(NEED_SECURE_DIRECTORY, 1, - [Define if connect does not honour the permission on the UNIX domain socket.]) - ;; -esac - -# -# Time Zone Stuff -# -AC_CHECK_FUNC(tzset, AC_DEFINE(HAVE_TZSET)) - -AC_MSG_CHECKING(for optarg declaration) -AC_TRY_COMPILE([ -#include <unistd.h> -], -[optarg = 0;], -[AC_MSG_RESULT(yes)], -[AC_MSG_RESULT(no) -GEN_NEED_OPTARG="-DNEED_OPTARG=1" -AC_DEFINE(NEED_OPTARG, 1, [Defined if extern char *optarg is not declared.])]) - -# -# Check for nanoseconds in file stats -# -AC_MSG_CHECKING(st_mtim.tv_nsec) -AC_TRY_COMPILE([#include <sys/fcntl.h>],[struct stat s; return(s.st_mtim.tv_nsec);], - [AC_MSG_RESULT(yes) - ISC_PLATFORM_HAVESTATNSEC="#define ISC_PLATFORM_HAVESTATNSEC 1"], - [AC_MSG_RESULT(no) - ISC_PLATFORM_HAVESTATNSEC="#undef ISC_PLATFORM_HAVESTATNSEC"]) -AC_SUBST(ISC_PLATFORM_HAVESTATNSEC) - -# -# BSD/OS, and perhaps some others, don't define rlim_t. -# -AC_MSG_CHECKING(for type rlim_t) -AC_TRY_COMPILE([ -#include <sys/types.h> -#include <sys/time.h> -#include <sys/resource.h>], -[rlim_t rl = 19671212; return (0);], -[AC_MSG_RESULT(yes) - ISC_PLATFORM_RLIMITTYPE="#define ISC_PLATFORM_RLIMITTYPE rlim_t"], -[AC_MSG_RESULT(no) - -AC_MSG_CHECKING(type of rlim_cur) -AC_TRY_RUN([ -#include <sys/types.h> -#include <sys/time.h> -#include <sys/resource.h> -main() { struct rlimit r; exit(!(sizeof(r.rlim_cur) == sizeof(int)));}], -[AC_MSG_RESULT(int) -ISC_PLATFORM_RLIMITTYPE="#define ISC_PLATFORM_RLIMITTYPE int"], -[ -AC_TRY_RUN([ -#include <sys/types.h> -#include <sys/time.h> -#include <sys/resource.h> -main() { struct rlimit r; exit(!(sizeof(r.rlim_cur) == sizeof(long int)));}], -[AC_MSG_RESULT(long int) -ISC_PLATFORM_RLIMITTYPE="#define ISC_PLATFORM_RLIMITTYPE long int"], -[ -AC_TRY_RUN([ -#include <sys/types.h> -#include <sys/time.h> -#include <sys/resource.h> -main() { struct rlimit r; exit((!sizeof(r.rlim_cur) == sizeof(long long int)));}], -[AC_MSG_RESULT(long long int) -ISC_PLATFORM_RLIMITTYPE="#define ISC_PLATFORM_RLIMITTYPE long long int"], -[AC_MSG_ERROR([unable to determine sizeof rlim_cur]) -],[AC_MSG_ERROR(this cannot happen)]) -],[AC_MSG_ERROR(this cannot happen)]) -],[ -AC_ARG_WITH(rlimtype, , rlimtype="$withval", rlimtype="long long int") -ISC_PLATFORM_RLIMITTYPE="#define ISC_PLATFORM_RLIMITTYPE $rlimtype" -AC_MSG_RESULT(cannot determine type of rlim_cur when cross compiling - assuming $rlimtype)]) -]) -AC_SUBST(ISC_PLATFORM_RLIMITTYPE) - -# -# Older HP-UX doesn't have gettune -# -case "$host" in - *-hp-hpux*) - AC_CHECK_HEADERS(sys/dyntune.h) - ;; - *) - ;; -esac - - -# -# Compaq TruCluster requires more code for handling cluster IP aliases -# -case "$host" in - *-dec-osf*) - AC_CHECK_LIB(clua, clua_getaliasaddress, LIBS="-lclua $LIBS") - AC_CHECK_FUNC(clua_getaliasaddress, - AC_DEFINE(HAVE_TRUCLUSTER, 1, - [Define if running under Compaq TruCluster])) - ;; - *) - ;; -esac - -# -# Some hosts need msg_namelen to match the size of the socket structure. -# Some hosts don't set msg_namelen appropriately on return from recvmsg(). -# -case $host in -*os2*|*hp-mpeix*) - AC_DEFINE(BROKEN_RECVMSG, 1, - [Define if recvmsg() does not meet all of the BSD socket API specifications.]) - ;; -esac - -# -# Microsoft has their own way of handling shared libraries that requires -# additional qualifiers on extern variables. Unix systems don't need it. -# -AC_SUBST(ISC_PLATFORM_USEDECLSPEC) -ISC_PLATFORM_USEDECLSPEC="#undef ISC_PLATFORM_USEDECLSPEC" -AC_SUBST(LWRES_PLATFORM_USEDECLSPEC) -LWRES_PLATFORM_USEDECLSPEC="#undef LWRES_PLATFORM_USEDECLSPEC" -AC_SUBST(IRS_PLATFORM_USEDECLSPEC) -IRS_PLATFORM_USEDECLSPEC="#undef IRS_PLATFORM_USEDECLSPEC" - -# -# Random remaining OS-specific issues involving compiler warnings. -# XXXDCL print messages to indicate some compensation is being done? -# -AC_SUBST(ISC_PLATFORM_BRACEPTHREADONCEINIT) -ISC_PLATFORM_BRACEPTHREADONCEINIT="#undef ISC_PLATFORM_BRACEPTHREADONCEINIT" - -case "$host" in - *-aix5.[[123]].*) - hack_shutup_pthreadonceinit=yes - ;; - *-bsdi3.1*) - hack_shutup_sputaux=yes - ;; - *-bsdi4.0*) - hack_shutup_sigwait=yes - hack_shutup_sputaux=yes - ;; - [*-bsdi4.[12]*]) - hack_shutup_stdargcast=yes - ;; - [*-solaris2.[89]]) - hack_shutup_pthreadonceinit=yes - ;; - *-solaris2.1[[0-9]]) - AC_TRY_COMPILE([ #include <pthread.h> ], [ static pthread_once_t once_test = { PTHREAD_ONCE_INIT }; ], [hack_shutup_pthreadonceinit=yes], ) - ;; -esac - -case "$hack_shutup_pthreadonceinit" in - yes) - # - # Shut up PTHREAD_ONCE_INIT unbraced initializer warnings. - # - ISC_PLATFORM_BRACEPTHREADONCEINIT="#define ISC_PLATFORM_BRACEPTHREADONCEINIT 1" - ;; -esac - -case "$hack_shutup_sigwait" in - yes) - # - # Shut up a -Wmissing-prototypes warning for sigwait(). - # - AC_DEFINE(SHUTUP_SIGWAIT) - ;; -esac - -case "$hack_shutup_sputaux" in - yes) - # - # Shut up a -Wmissing-prototypes warning from <stdio.h>. - # - AC_DEFINE(SHUTUP_SPUTAUX) - ;; -esac - -case "$hack_shutup_stdargcast" in - yes) - # - # Shut up a -Wcast-qual warning from va_start(). - # - AC_DEFINE(SHUTUP_STDARG_CAST) - ;; -esac - -AC_CHECK_HEADERS(strings.h, - ISC_PLATFORM_HAVESTRINGSH="#define ISC_PLATFORM_HAVESTRINGSH 1" -, - ISC_PLATFORM_HAVESTRINGSH="#undef ISC_PLATFORM_HAVESTRINGSH" -) -AC_SUBST(ISC_PLATFORM_HAVESTRINGSH) - -# -# Check for if_nametoindex() for IPv6 scoped addresses support -# -AC_CHECK_FUNC(if_nametoindex, ac_cv_have_if_nametoindex=yes, - ac_cv_have_if_nametoindex=no) -case $ac_cv_have_if_nametoindex in -no) - case "$host" in - *-hp-hpux*) - AC_CHECK_LIB(ipv6, if_nametoindex, - ac_cv_have_if_nametoindex=yes - LIBS="-lipv6 $LIBS",) - ;; - esac -esac -case $ac_cv_have_if_nametoindex in -yes) - ISC_PLATFORM_HAVEIFNAMETOINDEX="#define ISC_PLATFORM_HAVEIFNAMETOINDEX 1" - AC_DEFINE(HAVE_IF_NAMETOINDEX, 1, - [Define to 1 if you have the if_nametoindex function.]) - ;; -*) - ISC_PLATFORM_HAVEIFNAMETOINDEX="#undef ISC_PLATFORM_HAVEIFNAMETOINDEX" - ;; -esac -AC_SUBST(ISC_PLATFORM_HAVEIFNAMETOINDEX) - -AC_CHECK_FUNCS(nanosleep usleep) - -# -# Machine architecture dependent features -# -AC_ARG_ENABLE(atomic, - [ --enable-atomic enable machine specific atomic operations - [[default=autodetect]]], - enable_atomic="$enableval", - enable_atomic="autodetect") -case "$enable_atomic" in - yes|''|autodetect) - case "$host" in - powerpc-ibm-aix*) - if test "X$GCC" = "Xyes"; then - AC_MSG_CHECKING([if asm("isc"); works]) - AC_TRY_COMPILE(,[ - main() { asm("ics"); exit(0); } - ], - [AC_MSG_RESULT(yes) - use_atomic=yes], - [ - saved_cflags="$CFLAGS" - CFLAGS="$CFLAGS -Wa,-many" - AC_TRY_RUN([ - main() { asm("ics"); exit(0); } - ], - [AC_MSG_RESULT([yes, required -Wa,-many]) - use_atomic=yes], - [AC_MSG_RESULT([no, use_atomic disabled]) - CFLAGS="$saved_cflags" - use_atomic=no], - [AC_MSG_RESULT([cross compile, assume yes]) - CFLAGS="$saved_cflags" - use_atomic=yes]) - ] - ) - else - use_atomic=yes - fi - ;; - *) - use_atomic=yes - ;; - esac - ;; - no) - use_atomic=no - arch=noatomic - ;; -esac - -ISC_PLATFORM_USEOSFASM="#undef ISC_PLATFORM_USEOSFASM" -ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM" -ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM" -ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM" -if test "$use_atomic" = "yes"; then - have_atomic=yes # set default - case "$host" in - [i[3456]86-*]) - # XXX: some old x86 architectures actually do not support - # (some of) these operations. Do we need stricter checks? - AC_CHECK_SIZEOF([void *]) - if test $ac_cv_sizeof_void_p = 8; then - arch=x86_64 - have_xaddq=yes - else - arch=x86_32 - fi - ;; - x86_64-*|amd64-*) - AC_CHECK_SIZEOF([void *]) - if test $ac_cv_sizeof_void_p = 8; then - arch=x86_64 - have_xaddq=yes - else - arch=x86_32 - fi - ;; - alpha*-*) - arch=alpha - ;; - powerpc-*|powerpc64-*) - arch=powerpc - ;; - mips-*|mipsel-*|mips64-*|mips64el-*) - arch=mips - ;; - ia64-*) - arch=ia64 - ;; - *) - have_atomic=no - arch=noatomic - ;; - esac - AC_MSG_CHECKING([architecture type for atomic operations]) - AC_MSG_RESULT($arch) -fi - -if test "$have_atomic" = "yes"; then - AC_MSG_CHECKING([compiler support for inline assembly code]) - - compiler=generic - # Check whether the compiler supports the assembly syntax we provide. - if test "X$GCC" = "Xyes"; then - # GCC's ASM extension always works - compiler=gcc - if test $arch = "x86_64"; then - # We can share the same code for gcc with x86_32 - arch=x86_32 - fi - if test $arch = "powerpc"; then - # - # The MacOS (and maybe others) uses "r0" for register - # zero. Under linux/ibm it is "0" for register 0. - # Probe to see if we have a MacOS style assembler. - # - AC_MSG_CHECKING([Checking for MacOS style assembler syntax]) - AC_TRY_COMPILE(, [ - __asm__ volatile ("li r0, 0x0\n"::); - ], [ - AC_MSG_RESULT(yes) - compiler="mac" - ISC_PLATFORM_USEMACASM="#define ISC_PLATFORM_USEMACASM 1" - ], [AC_MSG_RESULT(no)]) - fi - else - case "$host" in - alpha*-dec-osf*) - # Tru64 compiler has its own syntax for inline - # assembly. - AC_TRY_COMPILE(, [ -#ifndef __DECC -#error "unexpected compiler" -#endif - return (0);], - [compiler=osf],) - ;; - powerpc-ibm-aix*) - compiler=aix - ;; - esac - fi - case "$compiler" in - gcc) - ISC_PLATFORM_USEGCCASM="#define ISC_PLATFORM_USEGCCASM 1" - ;; - osf) - ISC_PLATFORM_USEOSFASM="#define ISC_PLATFORM_USEOSFASM 1" - ;; - aix) - ;; - mac) - ;; - *) - # See if the generic __asm function works. If not, - # we need to disable the atomic operations. - AC_TRY_LINK(, [ - __asm("nop") - ], - [compiler="standard" - ISC_PLATFORM_USESTDASM="#define ISC_PLATFORM_USESTDASM 1"], - [compiler="not supported (atomic operations disabled)" - have_atomic=no - arch=noatomic ]); - ;; - esac - - AC_MSG_RESULT($compiler) -fi - -if test "$have_atomic" = "yes"; then - ISC_PLATFORM_HAVEXADD="#define ISC_PLATFORM_HAVEXADD 1" - ISC_PLATFORM_HAVECMPXCHG="#define ISC_PLATFORM_HAVECMPXCHG 1" - ISC_PLATFORM_HAVEATOMICSTORE="#define ISC_PLATFORM_HAVEATOMICSTORE 1" - if test "$have_xaddq" = "yes"; then - ISC_PLATFORM_HAVEXADDQ="#define ISC_PLATFORM_HAVEXADDQ 1" - ISC_PLATFORM_HAVEATOMICSTOREQ="#define ISC_PLATFORM_HAVEATOMICSTOREQ 1" - else - ISC_PLATFORM_HAVEXADDQ="#undef ISC_PLATFORM_HAVEXADDQ" - ISC_PLATFORM_HAVEATOMICSTOREQ="#undef ISC_PLATFORM_HAVEATOMICSTOREQ" - fi -else - ISC_PLATFORM_HAVEXADD="#undef ISC_PLATFORM_HAVEXADD" - ISC_PLATFORM_HAVECMPXCHG="#undef ISC_PLATFORM_HAVECMPXCHG" - ISC_PLATFORM_HAVEATOMICSTORE="#undef ISC_PLATFORM_HAVEATOMICSTORE" - ISC_PLATFORM_HAVEXADDQ="#undef ISC_PLATFORM_HAVEXADDQ" - ISC_PLATFORM_HAVEATOMICSTOREQ="#undef ISC_PLATFORM_HAVEATOMICSTOREQ" -fi - -AC_SUBST(ISC_PLATFORM_HAVEXADD) -AC_SUBST(ISC_PLATFORM_HAVEXADDQ) -AC_SUBST(ISC_PLATFORM_HAVECMPXCHG) -AC_SUBST(ISC_PLATFORM_HAVEATOMICSTORE) -AC_SUBST(ISC_PLATFORM_HAVEATOMICSTOREQ) - -AC_SUBST(ISC_PLATFORM_USEGCCASM) -AC_SUBST(ISC_PLATFORM_USEOSFASM) -AC_SUBST(ISC_PLATFORM_USESTDASM) -AC_SUBST(ISC_PLATFORM_USEMACASM) - -ISC_ARCH_DIR=$arch -AC_SUBST(ISC_ARCH_DIR) - -# -# Check for __builtin_expect -# -AC_MSG_CHECKING([compiler support for __builtin_expect]) -AC_TRY_LINK(, [ - return (__builtin_expect(1, 1) ? 1 : 0); -], [ - have_builtin_expect=yes - AC_MSG_RESULT(yes) -], [ - have_builtin_expect=no - AC_MSG_RESULT(no) -]) -if test "$have_builtin_expect" = "yes"; then - AC_DEFINE(HAVE_BUILTIN_EXPECT, 1, [Define to 1 if the compiler supports __builtin_expect.]) -fi - -# -# Check for __builtin_clz -# -AC_MSG_CHECKING([compiler support for __builtin_clz]) -AC_TRY_LINK(, [ - return (__builtin_clz(0xff) == 24 ? 1 : 0); -], [ - have_builtin_clz=yes - AC_MSG_RESULT(yes) -], [ - have_builtin_clz=no - AC_MSG_RESULT(no) -]) -if test "$have_builtin_clz" = "yes"; then - AC_DEFINE(HAVE_BUILTIN_CLZ, 1, [Define to 1 if the compiler supports __builtin_clz.]) -fi - -# -# CPU relax (for spin locks) -# -if $use_threads -then - case "$host" in - [i[3456]86-*]) - # x86_32 - AC_MSG_CHECKING([if asm("rep; nop"); works]) - AC_TRY_COMPILE(,[asm("rep; nop");], - [AC_MSG_RESULT(yes) - ISC_PLATFORM_BUSYWAITNOP="#define ISC_PLATFORM_BUSYWAITNOP asm(\"rep; nop\")"], - [AC_MSG_RESULT(no)], - [AC_MSG_RESULT([cross compile, assume yes]) - ISC_PLATFORM_BUSYWAITNOP="#define ISC_PLATFORM_BUSYWAITNOP asm(\"rep; nop\")"]) - ;; - x86_64-*|amd64-*) - # x86_64 - AC_MSG_CHECKING([if asm("rep; nop"); works]) - AC_TRY_COMPILE(,[asm("rep; nop");], - [AC_MSG_RESULT(yes) - ISC_PLATFORM_BUSYWAITNOP="#define ISC_PLATFORM_BUSYWAITNOP asm(\"rep; nop\")"], - [AC_MSG_RESULT(no)], - [AC_MSG_RESULT([cross compile, assume yes]) - ISC_PLATFORM_BUSYWAITNOP="#define ISC_PLATFORM_BUSYWAITNOP asm(\"rep; nop\")"]) - ;; - ia64-*) - # ia64 - AC_MSG_CHECKING([if asm("hint @pause"); works]) - AC_TRY_COMPILE(,[asm("hint @pause");], - [AC_MSG_RESULT(yes) - ISC_PLATFORM_BUSYWAITNOP="#define ISC_PLATFORM_BUSYWAITNOP asm(\"hint @pause\")"], - [AC_MSG_RESULT(no)], - [AC_MSG_RESULT([cross compile, assume yes]) - ISC_PLATFORM_BUSYWAITNOP="#define ISC_PLATFORM_BUSYWAITNOP asm(\"hint @pause\")"]) - ;; - sparc-*) - # sparc - AC_MSG_CHECKING([if cpu_relax(); or __cpu_relax(); works]) - AC_CHECK_FUNC(cpu_relax, - [AC_MSG_RESULT(yes) - ISC_PLATFORM_BUSYWAITNOP="#define ISC_PLATFORM_BUSYWAITNOP cpu_relax()"], - [AC_CHECK_FUNC(__cpu_relax, - [AC_MSG_RESULT(yes) - ISC_PLATFORM_BUSYWAITNOP="#define ISC_PLATFORM_BUSYWAITNOP __cpu_relax()"], - [AC_MSG_RESULT(no)])]) - ;; - esac -fi - -AC_SUBST(ISC_PLATFORM_BUSYWAITNOP) - -# -# Activate "rrset-order fixed" or not? -# -AC_ARG_ENABLE(fixed-rrset, - [ --enable-fixed-rrset enable fixed rrset ordering [[default=no]]], - enable_fixed="$enableval", - enable_fixed="no") -case "$enable_fixed" in - yes) - AC_DEFINE(DNS_RDATASET_FIXED, 1, - [Define to enable "rrset-order fixed" syntax.]) - ;; - no) - ;; - *) - ;; -esac - -# -# Enable response policy rewriting using NS IP addresses -# -AC_ARG_ENABLE(rpz-nsip, - [ --disable-rpz-nsip disable rpz-nsip rules [[default=enabled]]], - enable_nsip="$enableval", - enable_nsip="yes") -case "$enable_nsip" in - yes) - AC_DEFINE(ENABLE_RPZ_NSIP, 1, - [Define to enable rpz-nsip rules.]) - ;; - no) - ;; - *) - ;; -esac - -# -# Enable response policy rewriting using NS name -# -AC_ARG_ENABLE(rpz-nsdname, - [ --disable-rpz-nsdname disable rpz-nsdname rules [[default=enabled]]], - enable_nsdname="$enableval", - enable_nsdname="yes") -case "$enable_nsdname" in - yes) - AC_DEFINE(ENABLE_RPZ_NSDNAME, 1, - [Define to enable rpz-nsdname rules.]) - ;; - no) - ;; - *) - ;; -esac - -# -# Activate "filter-aaaa-on-v4/v6" or not? -# -AC_ARG_ENABLE(filter-aaaa, - [ --enable-filter-aaaa enable filtering of AAAA records [[default=no]]], - enable_filter="$enableval", - enable_filter="no") -case "$enable_filter" in - yes) - AC_DEFINE(ALLOW_FILTER_AAAA, 1, - [Define to enable the "filter-aaaa-on-v4" and "filter-aaaa-on-v6" options.]) - ;; - no) - ;; - *) - ;; -esac - -# -# Activate dnstap? -# -AC_PATH_PROG(FSTRM_CAPTURE, fstrm_capture) -AC_ARG_ENABLE(dnstap, - [ --enable-dnstap enable dnstap support (requires fstrm, protobuf-c)], - use_dnstap=$enableval, - use_dnstap=no) - -DNSTAP= -DNSTAPSRCS= -DNSTAPOBJS= -DNSTAPTARGETS= -DNSTAP_PB_C_H= -if test "x$use_dnstap" != "xno"; then - if ! $use_threads; then - AC_MSG_ERROR([Dnstap requires threads.]) - fi - AC_PATH_PROG([PROTOC_C], [protoc-c]) - if test -z "$PROTOC_C"; then - AC_MSG_ERROR([The protoc-c program was not found.]) - fi - AC_ARG_WITH([protobuf-c], - AC_HELP_STRING([--with-protobuf-c=path], - [Path where protobuf-c is installed, for dnstap]), [ - # workaround for protobuf-c includes at old dir - # before protobuf-c-1.0.0 - if test -f $withval/include/google/protobuf-c/protobuf-c.h - then - CFLAGS="$CFLAGS -I$withval/include/google" - else - CFLAGS="$CFLAGS -I$withval/include" - fi - LDFLAGS="$LDFLAGS -L$withval/lib" - ], [ - # workaround for protobuf-c includes at old dir - # before protobuf-c-1.0.0 - if test -f /usr/include/google/protobuf-c/protobuf-c.h - then - CFLAGS="$CFLAGS -I/usr/include/google" - else - if test -f /usr/local/include/google/protobuf-c/protobuf-c.h - then - CFLAGS="$CFLAGS -I/usr/local/include/google" - LDFLAGS="$LDFLAGS -L/usr/local/lib" - fi - fi - ]) - AC_ARG_WITH([libfstrm], AC_HELP_STRING([--with-libfstrm=path], - [Path where libfstrm is installed, for dnstap]), [ - CFLAGS="$CFLAGS -I$withval/include" - LDFLAGS="$LDFLAGS -L$withval/lib" - ]) - - AC_SEARCH_LIBS([fstrm_iothr_init], [fstrm], [], - AC_MSG_ERROR([The fstrm library was not found. Please install fstrm!])) - AC_SEARCH_LIBS([protobuf_c_message_pack], [protobuf-c], [], - AC_MSG_ERROR([The protobuf-c library was not found. Please install protobuf-c!])) - - AC_DEFINE(HAVE_DNSTAP, 1, [Define to 1 to enable dnstap support]) - DNSTAP=dnstap - DNSTAPSRCS='${DNSTAPSRCS}' - DNSTAPOBJS='${DNSTAPOBJS}' - DNSTAPTARGETS='${DNSTAPTARGETS}' - DNSTAP_PB_C_H="dnstap.pb-c.h" -fi -AC_SUBST(DNSTAP) -AC_SUBST(DNSTAPSRCS) -AC_SUBST(DNSTAPOBJS) -AC_SUBST(DNSTAPTARGETS) -AC_SUBST(DNSTAP_PB_C_H) - -# -# The following sets up how non-blocking i/o is established. -# Sunos, cygwin and solaris 2.x (x<5) require special handling. -# -case "$host" in -*-sunos*) AC_DEFINE(PORT_NONBLOCK, O_NDELAY);; -*-cygwin*) AC_DEFINE(PORT_NONBLOCK, O_NDELAY);; -*-solaris2.[[01234]]) - AC_DEFINE(PORT_NONBLOCK, O_NONBLOCK) - AC_DEFINE(USE_FIONBIO_IOCTL, 1, - [Defined if you need to use ioctl(FIONBIO) instead a fcntl call to make non-blocking.]) - ;; -*) AC_DEFINE(PORT_NONBLOCK, O_NONBLOCK, - [Sets which flag to pass to open/fcntl to make non-blocking (O_NDELAY/O_NONBLOCK).]) - ;; -esac -# -# Solaris 2.5.1 and earlier cannot bind() then connect() a TCP socket. -# This prevents the source address being set. -# -case "$host" in -*-solaris2.[[012345]]|*-solaris2.5.1) - AC_DEFINE(BROKEN_TCP_BIND_BEFORE_CONNECT, 1, - [Define if you cannot bind() before connect() for TCP sockets.]) - ;; -esac -# -# The following sections deal with tools used for formatting -# the documentation. They are all optional, unless you are -# a developer editing the documentation source. -# - -# -# Look for TeX. -# - -AC_PATH_PROGS(LATEX, latex, latex) -AC_SUBST(LATEX) - -AC_PATH_PROGS(PDFLATEX, pdflatex, pdflatex) -AC_SUBST(PDFLATEX) - -AC_PATH_PROGS(DBLATEX, dblatex, dblatex) -AC_SUBST(DBLATEX) - -# -# Look for w3m -# - -AC_PATH_PROGS(W3M, w3m, w3m) -AC_SUBST(W3M) - -# -# Look for xsltproc (libxslt) -# - -AC_PATH_PROG(XSLTPROC, xsltproc, xsltproc) -AC_SUBST(XSLTPROC) - -# -# Look for xmllint (libxml2) -# - -AC_PATH_PROG(XMLLINT, xmllint, xmllint) -AC_SUBST(XMLLINT) - -# -# Look for Doxygen -# - -AC_PATH_PROG(DOXYGEN, doxygen, doxygen) -AC_SUBST(DOXYGEN) - -# -# Look for curl -# - -AC_PATH_PROG(CURL, curl, curl) -AC_SUBST(CURL) - -# -# Subroutine for searching for an ordinary file (e.g., a stylesheet) -# in a number of directories: -# -# NOM_PATH_FILE(VARIABLE, FILENAME, DIRECTORIES) -# -# If the file FILENAME is found in one of the DIRECTORIES, the shell -# variable VARIABLE is defined to its absolute pathname. Otherwise, -# it is set to FILENAME, with no directory prefix (that's not terribly -# useful, but looks less confusing in substitutions than leaving it -# empty). The variable VARIABLE will be substituted into output files. -# - -AC_DEFUN(NOM_PATH_FILE, [ -$1="" -AC_MSG_CHECKING(for $2) -for d in $3 -do - f=$d/$2 - if test -f $f - then - $1=$f - AC_MSG_RESULT($f) - break - fi -done -if test "X[$]$1" = "X" -then - AC_MSG_RESULT("not found"); - $1=$2 -fi -AC_SUBST($1) -]) - -# -# Look for Docbook-XSL stylesheets. Location probably varies by system. -# If it's not explicitly specified, guess where it might be found, based on -# where SGML stuff lives on some systems (FreeBSD is the only one we're sure -# of at the moment). -# -AC_MSG_CHECKING(for Docbook-XSL path) -AC_ARG_WITH(docbook-xsl, -[ --with-docbook-xsl=PATH specify path for Docbook-XSL stylesheets], - docbook_path="$withval", docbook_path="auto") -case "$docbook_path" in -auto) - AC_MSG_RESULT(auto) - docbook_xsl_trees="/usr/pkg/share/xsl/docbook /usr/local/share/xsl/docbook-ns /usr/local/share/xsl/docbook /usr/share/xsl/docbook /opt/local/share/xsl/docbook-xsl /usr/share/xml/docbook/stylesheet/docbook-xsl" - ;; -*) - docbook_xsl_trees="$withval" - AC_MSG_RESULT($docbook_xsl_trees) - ;; -esac - -# -# Look for stylesheets we need. -# - -NOM_PATH_FILE(XSLT_DOCBOOK_STYLE_HTML, html/docbook.xsl, $docbook_xsl_trees) -NOM_PATH_FILE(XSLT_DOCBOOK_STYLE_XHTML, xhtml/docbook.xsl, $docbook_xsl_trees) -NOM_PATH_FILE(XSLT_DOCBOOK_STYLE_MAN, manpages/docbook.xsl, $docbook_xsl_trees) -NOM_PATH_FILE(XSLT_DOCBOOK_CHUNK_HTML, html/chunk.xsl, $docbook_xsl_trees) -NOM_PATH_FILE(XSLT_DOCBOOK_CHUNK_XHTML, xhtml/chunk.xsl, $docbook_xsl_trees) -NOM_PATH_FILE(XSLT_DOCBOOK_CHUNKTOC_HTML, html/chunktoc.xsl, $docbook_xsl_trees) -NOM_PATH_FILE(XSLT_DOCBOOK_CHUNKTOC_XHTML, xhtml/chunktoc.xsl, $docbook_xsl_trees) -NOM_PATH_FILE(XSLT_DOCBOOK_MAKETOC_HTML, html/maketoc.xsl, $docbook_xsl_trees) -NOM_PATH_FILE(XSLT_DOCBOOK_MAKETOC_XHTML, xhtml/maketoc.xsl, $docbook_xsl_trees) - -# -# Same dance for dblatex -# -dblatex_xsl_trees="/usr/local/share/xml/docbook/stylesheet/dblatex /usr/pkg/share/xml/docbook/stylesheet/dblatex /usr/share/xml/docbook/stylesheet/dblatex" -NOM_PATH_FILE(XSLT_DBLATEX_STYLE, xsl/docbook.xsl, $dblatex_xsl_trees) -NOM_PATH_FILE(XSLT_DBLATEX_FASTBOOK, xsl/latex_book_fast.xsl, $dblatex_xsl_trees) - -# -# IDN support -# -AC_ARG_WITH(idn, - [ --with-idn[=MPREFIX] enable IDN support using idnkit [default PREFIX]], - use_idn="$withval", use_idn="no") -case "$use_idn" in -yes) - if test X$prefix = XNONE ; then - idn_path=/usr/local - else - idn_path=$prefix - fi - ;; -no) - ;; -*) - idn_path="$use_idn" - ;; -esac - -iconvinc= -iconvlib= -AC_ARG_WITH(libiconv, - [ --with-libiconv[=IPREFIX] GNU libiconv are in IPREFIX [default PREFIX]], - use_libiconv="$withval", use_libiconv="no") -case "$use_libiconv" in -yes) - if test X$prefix = XNONE ; then - iconvlib="-L/usr/local/lib -R/usr/local/lib -liconv" - else - iconvlib="-L$prefix/lib -R$prefix/lib -liconv" - fi - ;; -no) - iconvlib= - ;; -*) - iconvlib="-L$use_libiconv/lib -R$use_libiconv/lib -liconv" - ;; -esac - -AC_ARG_WITH(iconv, - [ --with-iconv[=LIBSPEC] specify iconv library [default -liconv]], - iconvlib="$withval") -case "$iconvlib" in -no) - iconvlib= - ;; -yes) - iconvlib=-liconv - ;; -esac - -AC_ARG_WITH(idnlib, - [ --with-idnlib=ARG specify libidnkit], - idnlib="$withval", idnlib="no") -if test "$idnlib" = yes; then - AC_MSG_ERROR([You must specify ARG for --with-idnlib.]) -fi - -IDNLIBS= -if test "$use_idn" != no; then - AC_DEFINE(WITH_IDN, 1, [define if idnkit support is to be included.]) - STD_CINCLUDES="$STD_CINCLUDES -I$idn_path/include" - if test "$idnlib" != no; then - IDNLIBS="$idnlib $iconvlib" - else - IDNLIBS="-L$idn_path/lib -lidnkit $iconvlib" - fi -fi -AC_SUBST(IDNLIBS) - -# -# Check whether to build Automated Test Framework unit tests -# -AC_ARG_WITH(atf, - [ --with-atf=ARG support Automated Test Framework], - atf="$withval", atf="no") -if test "$atf" = yes; then - atf=`pwd`/unit/atf - ATFBUILD=atf-src - AC_SUBST(ATFBUILD) - AC_CONFIG_COMMANDS([atf-config], - [( - mkdir -p unit/atf-src; - cd unit/atf-src; - case "$srcdir" in - /*) ;; - *) srcdir="../../$srcdir";; - esac - ${SHELL} "${srcdir}${srcdir:+/unit/atf-src/}./configure" --enable-tools --disable-shared MISSING=: --prefix $atfdir; - ) ], - [atfdir=`pwd`/unit/atf]) - AC_MSG_RESULT(building ATF from bind9/unit/atf-src) -fi - -ATFLIBS= -if test "$atf" != no; then - AC_DEFINE(ATF_TEST, 1, [define if ATF unit tests are to be built.]) - STD_CINCLUDES="$STD_CINCLUDES -I$atf/include" - ATFBIN="$atf/bin" - ATFLIBS="-L$atf/lib -latf-c" - AC_CHECK_LIB(m, exp, libm=yes, libm=no) - if test "$libm" = "yes"; then - ATFLIBS="$ATFLIBS -lm" - fi - UNITTESTS=tests -fi -AC_SUBST(ATFBIN) -AC_SUBST(ATFLIBS) -AC_SUBST(UNITTESTS) - -AC_CHECK_HEADERS(locale.h) -AC_CHECK_FUNCS(setlocale) - -# -# was --with-tuning specified? -# -AC_ARG_WITH(tuning, - [ --with-tuning=ARG Specify server tuning (large or default)], - use_tuning="$withval", use_tuning="no") - -case "$use_tuning" in - large) - if ! $use_threads; then - AC_MSG_ERROR([Large-system tuning requires threads.]) - fi - AC_DEFINE(TUNE_LARGE, 1, [Define to use large-system tuning.]) - AC_MSG_RESULT(using large-system tuning) - ;; - no|default) - AC_MSG_RESULT(using default tuning) - ;; - yes|*) - AC_MSG_ERROR([You must specify "large" or "default" for --with-tuning.]) - ;; -esac - -# -# was --enable-querytrace specified? -# -AC_ARG_ENABLE(querytrace, - [ --enable-querytrace enable very verbose query trace logging [[default=no]]], - want_querytrace="$enableval", want_querytrace="no") - -AC_MSG_CHECKING([whether to enable query trace logging]) -case "$want_querytrace" in -yes) - AC_MSG_RESULT(yes) - AC_DEFINE(WANT_QUERYTRACE, 1, [Define to enable very verbose query trace logging.]) - ;; -no) - AC_MSG_RESULT(no) - ;; -*) - AC_MSG_ERROR("--enable-querytrace requires yes or no") - ;; -esac - -# -# Substitutions -# -AC_SUBST(BIND9_TOP_BUILDDIR) -BIND9_TOP_BUILDDIR=`pwd` - -AC_SUBST(BIND9_ISC_BUILDINCLUDE) -AC_SUBST(BIND9_ISCCC_BUILDINCLUDE) -AC_SUBST(BIND9_ISCCFG_BUILDINCLUDE) -AC_SUBST(BIND9_DNS_BUILDINCLUDE) -AC_SUBST(BIND9_LWRES_BUILDINCLUDE) -AC_SUBST(BIND9_BIND9_BUILDINCLUDE) -AC_SUBST(BIND9_IRS_BUILDINCLUDE) -if test "X$srcdir" != "X"; then - BIND9_ISC_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/isc/include" - BIND9_ISCCC_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/isccc/include" - BIND9_ISCCFG_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/isccfg/include" - BIND9_DNS_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/dns/include" - BIND9_LWRES_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/lwres/include" - BIND9_BIND9_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/bind9/include" - BIND9_IRS_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/irs/include" -else - BIND9_ISC_BUILDINCLUDE="" - BIND9_ISCCC_BUILDINCLUDE="" - BIND9_ISCCFG_BUILDINCLUDE="" - BIND9_DNS_BUILDINCLUDE="" - BIND9_LWRES_BUILDINCLUDE="" - BIND9_BIND9_BUILDINCLUDE="" - BIND9_IRS_BUILDINCLUDE="" -fi - -AC_SUBST_FILE(BIND9_MAKE_INCLUDES) -BIND9_MAKE_INCLUDES=$BIND9_TOP_BUILDDIR/make/includes - -AC_SUBST_FILE(BIND9_MAKE_RULES) -BIND9_MAKE_RULES=$BIND9_TOP_BUILDDIR/make/rules - -. "$srcdir/version" -BIND9_PRODUCT="PRODUCT=\"${PRODUCT}\"" -AC_SUBST(BIND9_PRODUCT) -BIND9_DESCRIPTION="DESCRIPTION=\"${DESCRIPTION}\"" -AC_SUBST(BIND9_DESCRIPTION) -BIND9_VERSION="${MAJORVER}.${MINORVER}${PATCHVER:+.}${PATCHVER}${RELEASETYPE}${RELEASEVER}${EXTENSIONS}" -AC_SUBST(BIND9_VERSION) -BIND9_MAJOR="MAJOR=${MAJORVER}.${MINORVER}" -AC_SUBST(BIND9_MAJOR) -BIND9_VERSIONSTRING="${PRODUCT} ${MAJORVER}.${MINORVER}${PATCHVER:+.}${PATCHVER}${RELEASETYPE}${RELEASEVER}${EXTENSIONS}${DESCRIPTION:+ }${DESCRIPTION}" -AC_SUBST(BIND9_VERSIONSTRING) -BIND9_VERSIONSHORT="${PRODUCT} ${MAJORVER}.${MINORVER}${PATCHVER:+.}${PATCHVER}${RELEASETYPE}${RELEASEVER}${EXTENSIONS}" -AC_SUBST(BIND9_VERSIONSHORT) - -BIND9_SRCID="SRCID=unset" -if test -f "${srcdir}/srcid"; then - . "${srcdir}/srcid" - BIND9_SRCID="SRCID=$SRCID" -elif test -d "${srcdir}/.git"; then - BIND9_SRCID="SRCID="`(cd "${srcdir}";git rev-parse --short HEAD)` -fi - -AC_SUBST(BIND9_SRCID) - -if test -z "$ac_configure_args"; then - BIND9_CONFIGARGS="defaults" -else - for a in $ac_configure_args - do - BIND9_CONFIGARGS="$BIND9_CONFIGARGS $a" - done -fi -BIND9_CONFIGARGS="`echo $BIND9_CONFIGARGS | sed 's/^ //'`" -BIND9_CONFIGARGS="CONFIGARGS=${BIND9_CONFIGARGS}" -AC_SUBST(BIND9_CONFIGARGS) - -AC_SUBST_FILE(LIBISC_API) -LIBISC_API="$srcdir/lib/isc/api" - -AC_SUBST_FILE(LIBISCCC_API) -LIBISCCC_API="$srcdir/lib/isccc/api" - -AC_SUBST_FILE(LIBISCCFG_API) -LIBISCCFG_API="$srcdir/lib/isccfg/api" - -AC_SUBST_FILE(LIBDNS_API) -LIBDNS_API="$srcdir/lib/dns/api" - -AC_SUBST_FILE(LIBDNS_MAPAPI) -LIBDNS_MAPAPI="$srcdir/lib/dns/mapapi" - -AC_SUBST_FILE(LIBBIND9_API) -LIBBIND9_API="$srcdir/lib/bind9/api" - -AC_SUBST_FILE(LIBLWRES_API) -LIBLWRES_API="$srcdir/lib/lwres/api" - -AC_SUBST_FILE(LIBIRS_API) -LIBIRS_API="$srcdir/lib/irs/api" - -# -# Configure any DLZ drivers. -# -# If config.dlz.in selects one or more DLZ drivers, it will set -# CONTRIB_DLZ to a non-empty value, which will be our clue to -# build DLZ drivers in contrib. -# -# This section has to come after the libtool stuff because it needs to -# know how to name the driver object files. -# - -CONTRIB_DLZ="" -DLZ_DRIVER_INCLUDES="" -DLZ_DRIVER_LIBS="" -DLZ_DRIVER_SRCS="" -DLZ_DRIVER_OBJS="" -DLZ_SYSTEM_TEST="" - -# -# Configure support for building a shared library object -# -# Even when libtool is available it can't always be relied upon -# to build an object that can be dlopen()'ed, but this is necessary -# for building the dlzexternal system test, so we'll try it the -# old-fashioned way. -# -SO="so" -SO_CFLAGS="" -SO_LDFLAGS="" -SO_LD="" -SO_TARGETS="" - -AC_ARG_WITH(dlopen, - [ --with-dlopen=ARG support dynamically loadable DLZ drivers], - dlopen="$withval", dlopen="yes") - -case $host in - *-sunos*) dlopen="no" - ;; -esac - -if test "$dlopen" = "yes"; then - AC_CHECK_LIB(dl, dlopen, have_dl=yes, have_dl=no) - if test "$have_dl" = "yes"; then - LIBS="-ldl $LIBS" - fi - AC_CHECK_FUNCS(dlopen dlclose dlsym,,dlopen=no) -fi - -if test "$dlopen" = "yes"; then - case $host in - *-linux*|*-gnu*) - SO_CFLAGS="-fPIC" - SO_LDFLAGS="" - if test "$have_dl" = "yes" - then - if test "$use_libtool" = "yes"; then - SO_LDFLAGS="-Xcompiler -shared" - SO_LD="${CC}" - else - SO_LDFLAGS="-shared" - SO_LD="${CC}" - fi - else - SO_LDFLAGS="-shared" - SO_LD="ld" - fi - ;; - *-freebsd*|*-openbsd*) - LDFLAGS="${LDFLAGS} -Wl,-E" - SO_CFLAGS="-fpic" - if test "$use_libtool" = "yes"; then - SO_LDFLAGS="-Xcompiler -shared" - SO_LD="${CC}" - else - SO_LDFLAGS="-shared" - SO_LD="${CC}" - fi - ;; - *-netbsd*) - SO_CFLAGS="-fpic" - SO_LDFLAGS="-Bshareable -x" - SO_LD="ld" - ;; - *-solaris*) - SO_CFLAGS="-KPIC" - SO_LDFLAGS="-G -z text" - SO_LD="ld" - ;; - *-hp-hpux*) - SO=sl - SO_CFLAGS="+z" - SO_LDFLAGS="-b +vnocompatwarnings" - SO_LD="ld" - ;; - *) - SO_CFLAGS="-fPIC" - ;; - esac - - if test "X$GCC" = "Xyes"; then - SO_CFLAGS="-fPIC" - if test -z "$SO_LD" - then - if test "$use_libtool" = "yes"; then - SO_LDFLAGS="-Xcompiler -shared" - SO_LD="${CC}" - else - SO_LDFLAGS="-shared" - SO_LD="${CC}" - fi - fi - fi - - # If we still don't know how to make shared objects, don't make any. - if test -n "$SO_LD"; then - SO_TARGETS="\${SO_TARGETS}" - AC_DEFINE(ISC_DLZ_DLOPEN, 1, - [Define to allow building of objects for dlopen().]) - fi -fi -CFLAGS="$CFLAGS $SO_CFLAGS" - -AC_SUBST(SO) -AC_SUBST(SO_CFLAGS) -AC_SUBST(SO_LDFLAGS) -AC_SUBST(SO_LD) -AC_SUBST(SO_TARGETS) - -sinclude(contrib/dlz/config.dlz.in) -AC_MSG_CHECKING(contributed DLZ drivers) - -if test -n "$CONTRIB_DLZ" -then - AC_MSG_RESULT(yes) - DLZ_DRIVER_RULES=contrib/dlz/drivers/rules - AC_CONFIG_FILES([$DLZ_DRIVER_RULES]) -else - AC_MSG_RESULT(no) - DLZ_DRIVER_RULES=/dev/null -fi - -AC_SUBST(CONTRIB_DLZ) -AC_SUBST(DLZ_DRIVER_INCLUDES) -AC_SUBST(DLZ_DRIVER_LIBS) -AC_SUBST(DLZ_DRIVER_SRCS) -AC_SUBST(DLZ_DRIVER_OBJS) -AC_SUBST(DLZ_SYSTEM_TEST) -AC_SUBST_FILE(DLZ_DRIVER_RULES) - -if test "$cross_compiling" = "yes"; then - if test -z "$BUILD_CC"; then - AC_MSG_ERROR([BUILD_CC not set]) - fi - BUILD_CFLAGS="$BUILD_CFLAGS" - BUILD_CPPFLAGS="$BUILD_CPPFLAGS" - BUILD_LDFLAGS="$BUILD_LDFLAGS" - BUILD_LIBS="$BUILD_LIBS" -else - BUILD_CC="$CC" - BUILD_CFLAGS="$CFLAGS" - BUILD_CPPFLAGS="$CPPFLAGS $GEN_NEED_OPTARG" - BUILD_LDFLAGS="$LDFLAGS" - BUILD_LIBS="$LIBS" -fi - -NEWFLAGS="" -for e in $BUILD_LDFLAGS ; do - case $e in - -L*) - case $host_os in - netbsd*) - ee=`echo $e | sed -e 's%^-L%-Wl,-rpath,%'` - NEWFLAGS="$NEWFLAGS $e $ee" - ;; - freebsd*) - ee=`echo $e | sed -e 's%^-L%-Wl,-rpath,%'` - NEWFLAGS="$NEWFLAGS $e $ee" - ;; - solaris*) - ee=`echo $e | sed -e 's%^-L%-R%'` - NEWFLAGS="$NEWFLAGS $e $ee" - ;; - *) - NEWFLAGS="$NEWFLAGS $e" - ;; - esac - ;; - *) - NEWFLAGS="$NEWFLAGS $e" - ;; - esac -done -BUILD_LDFLAGS="$NEWFLAGS" - -NEWFLAGS="" -for e in $DNS_GSSAPI_LIBS ; do - case $e in - -L*) - case $host_os in - netbsd*) - ee=`echo $e | sed -e 's%^-L%-Wl,-rpath,%'` - NEWFLAGS="$NEWFLAGS $e $ee" - ;; - freebsd*) - ee=`echo $e | sed -e 's%^-L%-Wl,-rpath,%'` - NEWFLAGS="$NEWFLAGS $e $ee" - ;; - solaris*) - ee=`echo $e | sed -e 's%^-L%-R%'` - NEWFLAGS="$NEWFLAGS $e $ee" - ;; - *) - NEWFLAGS="$NEWFLAGS $e" - ;; - esac - ;; - *) - NEWFLAGS="$NEWFLAGS $e" - ;; - esac -done -DNS_GSSAPI_LIBS="$NEWFLAGS" - -NEWFLAGS="" -for e in $ISC_OPENSSL_LIBS ; do - case $e in - -L*) - case $host_os in - netbsd*) - ee=`echo $e | sed -e 's%^-L%-Wl,-rpath,%'` - NEWFLAGS="$NEWFLAGS $e $ee" - ;; - freebsd*) - ee=`echo $e | sed -e 's%^-L%-Wl,-rpath,%'` - NEWFLAGS="$NEWFLAGS $e $ee" - ;; - solaris*) - ee=`echo $e | sed -e 's%^-L%-R%'` - NEWFLAGS="$NEWFLAGS $e $ee" - ;; - *) - NEWFLAGS="$NEWFLAGS $e" - ;; - esac - ;; - *) - NEWFLAGS="$NEWFLAGS $e" - ;; - esac -done -ISC_OPENSSL_LIBS="$NEWFLAGS" - -NEWFLAGS="" -for e in $DNS_CRYPTO_LIBS ; do - case $e in - -L*) - case $host_os in - netbsd*) - ee=`echo $e | sed -e 's%^-L%-Wl,-rpath,%'` - NEWFLAGS="$NEWFLAGS $e $ee" - ;; - freebsd*) - ee=`echo $e | sed -e 's%^-L%-Wl,-rpath,%'` - NEWFLAGS="$NEWFLAGS $e $ee" - ;; - solaris*) - ee=`echo $e | sed -e 's%^-L%-R%'` - NEWFLAGS="$NEWFLAGS $e $ee" - ;; - *) - NEWFLAGS="$NEWFLAGS $e" - ;; - esac - ;; - *) - NEWFLAGS="$NEWFLAGS $e" - ;; - esac -done -DNS_CRYPTO_LIBS="$NEWFLAGS" - -AC_SUBST(BUILD_CC) -AC_SUBST(BUILD_CFLAGS) -AC_SUBST(BUILD_CPPFLAGS) -AC_SUBST(BUILD_LDFLAGS) -AC_SUBST(BUILD_LIBS) - -# -# Commands to run at the end of config.status. -# Don't just put these into configure, it won't work right if somebody -# runs config.status directly (which autoconf allows). -# - -AC_CONFIG_COMMANDS( - [chmod], - [chmod a+x isc-config.sh doc/doxygen/doxygen-input-filter]) - -# -# Files to configure. These are listed here because we used to -# specify them as arguments to AC_OUTPUT. It's (now) ok to move these -# elsewhere if there's a good reason for doing so. -# - -AC_CONFIG_FILES([ - make/Makefile - make/mkdep - Makefile - bin/Makefile - bin/check/Makefile - bin/confgen/Makefile - bin/confgen/unix/Makefile - bin/delv/Makefile - bin/dig/Makefile - bin/dnssec/Makefile - bin/named/Makefile - bin/named/unix/Makefile - bin/nsupdate/Makefile - bin/pkcs11/Makefile - bin/python/Makefile - bin/python/isc/Makefile - bin/python/isc/utils.py - bin/python/isc/tests/Makefile - bin/python/dnssec-checkds.py - bin/python/dnssec-coverage.py - bin/python/dnssec-keymgr.py - bin/python/isc/__init__.py - bin/python/isc/checkds.py - bin/python/isc/coverage.py - bin/python/isc/dnskey.py - bin/python/isc/eventlist.py - bin/python/isc/keydict.py - bin/python/isc/keyevent.py - bin/python/isc/keymgr.py - bin/python/isc/keyseries.py - bin/python/isc/keyzone.py - bin/python/isc/policy.py - bin/python/isc/rndc.py - bin/python/isc/tests/dnskey_test.py - bin/python/isc/tests/policy_test.py - bin/rndc/Makefile - bin/tests/Makefile - bin/tests/atomic/Makefile - bin/tests/db/Makefile - bin/tests/dst/Makefile - bin/tests/dst/Kdh.+002+18602.key - bin/tests/dst/Kdh.+002+18602.private - bin/tests/dst/Kdh.+002+48957.key - bin/tests/dst/Kdh.+002+48957.private - bin/tests/dst/Ktest.+001+00002.key - bin/tests/dst/Ktest.+001+54622.key - bin/tests/dst/Ktest.+001+54622.private - bin/tests/dst/Ktest.+003+23616.key - bin/tests/dst/Ktest.+003+23616.private - bin/tests/dst/Ktest.+003+49667.key - bin/tests/dst/dst_2_data - bin/tests/dst/t2_data_1 - bin/tests/dst/t2_data_2 - bin/tests/dst/t2_dsasig - bin/tests/dst/t2_rsasig - bin/tests/hashes/Makefile - bin/tests/headerdep_test.sh - bin/tests/master/Makefile - bin/tests/mem/Makefile - bin/tests/names/Makefile - bin/tests/net/Makefile - bin/tests/pkcs11/Makefile - bin/tests/pkcs11/benchmarks/Makefile - bin/tests/rbt/Makefile - bin/tests/resolver/Makefile - bin/tests/sockaddr/Makefile - bin/tests/system/Makefile - bin/tests/system/builtin/Makefile - bin/tests/system/conf.sh - bin/tests/system/dlz/prereq.sh - bin/tests/system/dlzexternal/Makefile - bin/tests/system/dlzexternal/ns1/named.conf - bin/tests/system/dyndb/Makefile - bin/tests/system/dyndb/driver/Makefile - bin/tests/system/filter-aaaa/Makefile - bin/tests/system/geoip/Makefile - bin/tests/system/inline/checkdsa.sh - bin/tests/system/lwresd/Makefile - bin/tests/system/pipelined/Makefile - bin/tests/system/resolver/Makefile - bin/tests/system/rndc/Makefile - bin/tests/system/rpz/Makefile - bin/tests/system/rsabigexponent/Makefile - bin/tests/system/statistics/Makefile - bin/tests/system/tkey/Makefile - bin/tests/system/tsiggss/Makefile - bin/tests/tasks/Makefile - bin/tests/timers/Makefile - bin/tests/virtual-time/Makefile - bin/tests/virtual-time/conf.sh - bin/tools/Makefile - isc-config.sh - lib/Makefile - lib/bind9/Makefile - lib/bind9/include/Makefile - lib/bind9/include/bind9/Makefile - lib/dns/Makefile - lib/dns/include/Makefile - lib/dns/include/dns/Makefile - lib/dns/include/dst/Makefile - lib/dns/tests/Makefile - lib/irs/Makefile - lib/irs/include/Makefile - lib/irs/include/irs/Makefile - lib/irs/include/irs/netdb.h - lib/irs/include/irs/platform.h - lib/isc/$arch/Makefile - lib/isc/$arch/include/Makefile - lib/isc/$arch/include/isc/Makefile - lib/isc/$thread_dir/Makefile - lib/isc/$thread_dir/include/Makefile - lib/isc/$thread_dir/include/isc/Makefile - lib/isc/Makefile - lib/isc/include/Makefile - lib/isc/include/isc/Makefile - lib/isc/include/isc/platform.h - lib/isc/include/pk11/Makefile - lib/isc/include/pkcs11/Makefile - lib/isc/tests/Makefile - lib/isc/nls/Makefile - lib/isc/unix/Makefile - lib/isc/unix/include/Makefile - lib/isc/unix/include/isc/Makefile - lib/isc/unix/include/pkcs11/Makefile - lib/isccc/Makefile - lib/isccc/include/Makefile - lib/isccc/include/isccc/Makefile - lib/isccfg/Makefile - lib/isccfg/include/Makefile - lib/isccfg/include/isccfg/Makefile - lib/lwres/Makefile - lib/lwres/include/Makefile - lib/lwres/include/lwres/Makefile - lib/lwres/include/lwres/netdb.h - lib/lwres/include/lwres/platform.h - lib/lwres/man/Makefile - lib/lwres/tests/Makefile - lib/lwres/unix/Makefile - lib/lwres/unix/include/Makefile - lib/lwres/unix/include/lwres/Makefile - lib/tests/Makefile - lib/tests/include/Makefile - lib/tests/include/tests/Makefile - lib/samples/Makefile - lib/samples/Makefile-postinstall - unit/Makefile - unit/unittest.sh -]) - -# -# Do it -# - -AC_OUTPUT - -# -# Now that the Makefiles exist we can ensure that everything is rebuilt. -# -AC_ARG_WITH(make-clean, -[ --with-make-clean run "make clean" at end of configure [[yes|no]]], - make_clean="$withval", make_clean="yes") -case "$make_clean" in -yes) - if test "$no_create" != "yes" - then - make clean - fi - ;; -esac - -AC_ARG_ENABLE(full-report, - [ --enable-full-report report values of all configure options]) - -echo "===============================================================================" -echo "Configuration summary:" -echo "-------------------------------------------------------------------------------" -echo "Optional features enabled:" -if $use_threads; then - echo " Multiprocessing support (--enable-threads)" - if test "$enable_full_report" = "yes" -o "$locktype" = "standard"; then - echo " Mutex lock type: $locktype" - fi -fi -test "$use_tuning" = "large" && echo " Large-system tuning (--with-tuning)" -test "$use_dnstap" = "no" || \ - echo " Allow 'dnstap' packet logging (--enable-dnstap)" -test "$use_geoip" = "no" || echo " GeoIP access control (--with-geoip)" -test "$use_gssapi" = "no" || echo " GSS-API (--with-gssapi)" -if test "$enable_full_report" = "yes" -o "$with_cc_alg" != "aes"; then - echo " Algorithm: $with_cc_alg" -fi - -# these lines are only printed if run with --enable-full-report -if test "$enable_full_report" = "yes"; then - test "$enable_ipv6" = "no" -o "$found_ipv6" = "no" || \ - echo " IPv6 support (--enable-ipv6)" - test "X$CRYPTO" = "X" -o "$want_native_pkcs11" = "yes" || \ - echo " OpenSSL cryptography/DNSSEC (--with-openssl)" - test "X$PYTHON" = "X" || echo " Python tools (--with-python)" - test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)" - test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)" - test "X$ZLIB" = "X" || echo " HTTP zlib compression (--with-zlib)" - test "X$NZD_TOOLS" = "X" || echo " LMDB database to store configuration for 'addzone' zones (--with-lmdb)" -fi - -if test "$use_pkcs11" != "no"; then - if test "$want_native_pkcs11" = "yes"; then - echo " Native PKCS#11/Cryptoki support (--enable-native-pkcs11)" - else - echo " PKCS#11/Cryptoki support using OpenSSL (--with-pkcs11)" - fi - echo " Provider library: $PKCS11_PROVIDER" -fi -if test "$OPENSSL_GOST" = "yes" -o "$PKCS11_GOST" = "yes"; then - echo " GOST algorithm support (encoding: $gosttype) (--with-gost)" -fi -test "$OPENSSL_ECDSA" = "yes" -o "$PKCS11_ECDSA" = "yes" && \ - echo " ECDSA algorithm support (--with-ecdsa)" -test "$enable_fixed" = "yes" && \ - echo " Allow 'fixed' rrset-order (--enable-fixed-rrset)" -test "$enable_filter" = "yes" && \ - echo " AAAA filtering (--enable-filter-aaaa)" -test "$enable_seccomp" = yes && \ - echo " Use libseccomp system call filtering (--enable-seccomp)" -test "$want_backtrace" = "yes" && \ - echo " Print backtrace on crash (--enable-backtrace)" -test "$want_symtable" = "minimal" && \ - echo " Use symbol table for backtrace, named only (--enable-symtable)" -test "$want_symtable" = "yes" -o "$want_symtable" = "all" && \ - echo " Use symbol table for backtrace, all binaries (--enable-symtable=all)" -test "$use_libtool" = "no" || echo " Use GNU libtool (--with-libtool)" -test "$want_querytrace" = "yes" && \ - echo " Very verbose query trace logging (--enable-querytrace)" -test "$atf" = "no" || echo " Automated Testing Framework (--with-atf)" - -echo " Dynamically loadable zone (DLZ) drivers:" -test "$use_dlz_bdb" = "no" || \ - echo " Berkeley DB (--with-dlz-bdb)" -test "$use_dlz_ldap" = "no" || \ - echo " LDAP (--with-dlz-ldap)" -test "$use_dlz_mysql" = "no" || \ - echo " MySQL (--with-dlz-mysql)" -test "$use_dlz_odbc" = "no" || \ - echo " ODBC (--with-dlz-odbc)" -test "$use_dlz_postgres" = "no" || \ - echo " Postgres (--with-dlz-postgres)" -test "$use_dlz_filesystem" = "no" || \ - echo " Filesystem (--with-dlz-filesystem)" -test "$use_dlz_stub" = "no" || \ - echo " Stub (--with-dlz-stub)" -test "$use_dlz_bdb $use_dlz_ldap $use_dlz_mysql $use_dlz_odbc $use_dlz_postgres $use_dlz_filesystem $use_dlz_stub" = "no no no no no no no" && echo " None" -echo - -echo "Features disabled or unavailable on this platform:" -$use_threads || echo " Multiprocessing support (--enable-threads)" -test "$enable_ipv6" = "no" -o "$found_ipv6" = "no" && \ - echo " IPv6 support (--enable-ipv6)" -test "$use_tuning" = "large" || echo " Large-system tuning (--with-tuning)" - -test "$use_dnstap" = "no" && \ - echo " Allow 'dnstap' packet logging (--enable-dnstap)" -test "$use_geoip" = "no" && echo " GeoIP access control (--with-geoip)" -test "$use_gssapi" = "no" && echo " GSS-API (--with-gssapi)" - -test "$enable_fixed" = "yes" || \ - echo " Allow 'fixed' rrset-order (--enable-fixed-rrset)" - -if test "X$CRYPTO" = "X" -o "$want_native_pkcs11" = "yes" -then - echo " OpenSSL cryptography/DNSSEC (--with-openssl)" -elif test "$use_pkcs11" = "no"; then - echo " PKCS#11/Cryptoki support (--with-pkcs11)" -fi -test "$want_native_pkcs11" = "yes" || - echo " Native PKCS#11/Cryptoki support (--enable-native-pkcs11)" -test "X$CRYPTO" = "X" -o "$OPENSSL_GOST" = "yes" -o "$PKCS11_GOST" = "yes" || \ - echo " GOST algorithm support (--with-gost)" -test "X$CRYPTO" = "X" -o "$OPENSSL_ECDSA" = "yes" -o "$PKCS11_ECDSA" = "yes" || \ - echo " ECDSA algorithm support (--with-ecdsa)" - -test "$enable_seccomp" = yes || \ - echo " Use libseccomp system call filtering (--enable-seccomp)" -test "$want_backtrace" = "yes" || \ - echo " Print backtrace on crash (--enable-backtrace)" -test "$want_querytrace" = "yes" || \ - echo " Very verbose query trace logging (--enable-querytrace)" - -test "$use_libtool" = "yes" || echo " Use GNU libtool (--with-libtool)" -test "$atf" = "no" && echo " Automated Testing Framework (--with-atf)" - -test "X$PYTHON" = "X" && echo " Python tools (--with-python)" -test "X$XMLSTATS" = "X" && echo " XML statistics (--with-libxml2)" -test "X$JSONSTATS" = "X" && echo " JSON statistics (--with-libjson)" -test "X$ZLIB" = "X" && echo " HTTP zlib compression (--with-zlib)" -test "X$NZD_TOOLS" = "X" && echo " LMDB database to store configuration for 'addzone' zones (--with-lmdb)" - -if test "X$ac_unrecognized_opts" != "X"; then - echo - echo "Unrecognized options:" - echo " $ac_unrecognized_opts" -fi -if test "$enable_full_report" != "yes"; then - echo "-------------------------------------------------------------------------------" - echo "For more detail, use --enable-full-report." -fi -echo "===============================================================================" - -if test "X$CRYPTO" = "X"; then -cat << \EOF -BIND 9 is being built without cryptography support. This means it will -not have DNSSEC support. Use --with-openssl, or --with-pkcs11 and ---enable-native-pkcs11 to enable cryptography. -EOF -fi - -if test "X$OPENSSL_WARNING" != "X"; then -cat << \EOF -WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING -WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING -WARNING WARNING -WARNING Your OpenSSL crypto library may be vulnerable to WARNING -WARNING one or more of the the following known security WARNING -WARNING flaws: WARNING -WARNING WARNING -WARNING CAN-2002-0659, CAN-2006-4339, CVE-2006-2937, WARNING -WARNING CVE-2006-2940 and CVE-2015-3193. WARNING -WARNING WARNING -WARNING It is recommended that you upgrade to OpenSSL WARNING -WARNING version 1.0.2e/1.0.1/1.0.0/0.9.9/0.9.8d/0.9.7l WARNING -WARNING (or greater). WARNING -WARNING WARNING -WARNING You can disable this warning by specifying: WARNING -WARNING WARNING -WARNING --disable-openssl-version-check WARNING -WARNING WARNING -WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING -WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING -EOF -fi - -# Tell Emacs to edit this file in shell mode. -# Local Variables: -# mode: sh -# End: diff --git a/contrib/dane/mkdane.sh b/contrib/dane/mkdane.sh new file mode 100755 index 00000000..fbae4aad --- /dev/null +++ b/contrib/dane/mkdane.sh @@ -0,0 +1,137 @@ +#!/bin/sh +# Copyright (C) 2010, 2012 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. +# +# Generate a DNS RR from an x.509 certificate +# Currently only supports TLSA, but can be extended to support +# other DANE types such as SMIMEA in the future. +# +# Requires: openssl + +USAGE="$BASENAME [options] <filename> +Options: + -f <input format>: PEM | DLR + -n <name>: record name (default: _443._tcp) + -o <origin>: zone origin (default: none; name will be relative) + -m <matching type>: NONE (0) | SHA256 (1) | SHA512 (2) + -r <RR type>: TLSA + -s <selector>: FULL (0) | PK (1) + -t <ttl>: TTL of the TLSA record (default: none) + -u <certificate usage>: CA (0) | SERVICE (1) | TA (2) | DOMAIN (3)" + +NM="_443._tcp" +CU=2 +SELECTOR=0 +MTYPE=1 +IN= +FORM=PEM +TTL= +RRTYPE=TLSA +BASENAME=`basename $0`; + +while getopts "xn:o:u:s:t:m:i:f:r:" c; do + case $c in + x) set -x; DEBUG=-x;; + m) MTYPE="$OPTARG";; + n) NM="$OPTARG";; + o) ORIGIN="$OPTARG";; + r) RRTYPE="$OPTARG";; + s) SELECTOR="$OPTARG";; + t) TTL="$OPTARG";; + u) CU="$OPTARG";; + *) echo "$USAGE" 1>&2; exit 1;; + esac +done +shift `expr $OPTIND - 1 || true` + +if test "$#" -eq 1; then + IN=$1 +else + echo "$USAGE" 1>&2; exit 1 +fi + +ORIGIN=`echo $ORIGIN | sed 's/\([^.]$\)/\1./'` +if [ -n "$ORIGIN" ]; then + NM=`echo $NM | sed 's/\.$//'` + NM="$NM.$ORIGIN" +fi + +case "$CU" in + [Cc][Aa]) CU=0;; + [Ss][Ee][Rr][Vv]*) CU=1;; + [Tt][Aa]) CU=2;; + [Dd][Oo][Mm]*) CU=3;; + [0123]) ;; + *) echo "bad certificate usage -u \"$CU\"" 1>&2; exit 1;; +esac + +case "$SELECTOR" in + [Ff][Uu][Ll][Ll]) SELECTOR=0;; + [Pp][Kk]) SELECTOR=1;; + [01]) ;; + *) echo "bad selector -s \"$SELECTOR\"" 1>&2; exit 1;; +esac + +case "$MTYPE" in + 0|[Nn][Oo][Nn][Ee]) HASH='od -A n -v -t xC';; + 1|[Ss][Hh][Aa]256) HASH='openssl dgst -sha256';; + 2|[Ss][Hh][Aa]512) HASH='openssl dgst -sha512';; + *) echo "bad matching type -m \"$MTYPE\"" 1>&2; exit 1;; +esac + +case "$FORM" in + [Pp][Ee][Mm]) FORM=PEM;; + [Dd][Ll][Rr]) FORM=DLR;; + *) echo "bad input file format -f \"$FORM\"" 1>&2; exit 1 +esac + +case "$RRTYPE" in + [Tt][Ll][Ss][Aa]) RRTYPE=TLSA;; + *) echo "invalid RR type" 1>&2; exit 1 +esac + +if test -z "$IN" -o ! -s "$IN"; then + echo "bad input file -i \"$IN\"" 1>&2; exit 1 +fi + +echo "; $BASENAME -o$NM -u$CU -s$SELECTOR -m$MTYPE -f$FORM $IN" + +(if test "$SELECTOR" = 0; then + openssl x509 -in "$IN" -inform "$FORM" -outform DER +else + openssl x509 -in "$IN" -inform "$FORM" -noout -pubkey \ + | sed -e '/PUBLIC KEY/d' \ + | openssl base64 -d +fi) \ + | $HASH \ + | awk ' + # format Association Data as in Appendix C of the DANE RFC + BEGIN { + print "'"$NM\t\t$TTL\tIN TLSA\t$CU $SELECTOR $MTYPE"' ("; + leader = "\t\t\t\t\t"; + } + /.+/ { + gsub(/ +/, "", $0); + buf = buf $0; + while (length(buf) >= 36) { + print leader substr(buf, 1, 36); + buf = substr(buf, 37); + } + } + END { + if (length(buf) > 34) + print leader buf "\n" leader ")"; + else + print leader buf " )"; + }' diff --git a/contrib/dane/tlsa6698.pem b/contrib/dane/tlsa6698.pem new file mode 100644 index 00000000..9b9c1eeb --- /dev/null +++ b/contrib/dane/tlsa6698.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEVDCCArwCCQCrWNJOd60q9jANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQGEwJO +TDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFtMQww +CgYDVQQKEwNPUzMxIzAhBgNVBAMTGmRhbmUua2lldi5wcmFjdGljdW0ub3MzLm5s +MB4XDTEyMDExNjE2NTcwM1oXDTIyMDExMzE2NTcwM1owbDELMAkGA1UEBhMCTkwx +FjAUBgNVBAgTDU5vb3JkLUhvbGxhbmQxEjAQBgNVBAcTCUFtc3RlcmRhbTEMMAoG +A1UEChMDT1MzMSMwIQYDVQQDExpkYW5lLmtpZXYucHJhY3RpY3VtLm9zMy5ubDCC +AaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAOYshKWv5Z8KKmslDe5oesjF +xgT1fSbOshGRQP+sOMS5y76JIwguf4Fia2rV3qDIdxx048qn9hMFSu+jZz5I/+R7 +P3r5h94oGmgjCyS52hqY3L5RGVtg5C/XUXwyjZg+JqgnyHerkU7kwb/erUi9Jb5f +LEc7qcHLvd2gw3TQ1Yw4nMPW2MIGYuGc92jzJEG399FK6olmznwyoXIqs4Yj0AgC +mp5HAog/i5d6Gh5Skr+K1yI51AOTN7hqOsYPoAEpBFIXe/F5hgmgWhMPAzRXpSEm +KfvduOcOKp5lVoc8T3ykauSosXjwX7MZAF4cHH1L1336NANVY8EmqiwzKLkA55kK +yXh/AdqC90w9S2Z0zOzh/Uxu+eZkT0Y17e2jnYsOL3yOBtrndWITvT1ggxF1vikE +QrSvxa5vRrdphVoGfBCX5heWJSnhZvIq7hDduYG4zW/xfT1wcjFpA42/vBpEnI0N +MbxoPF884mFI5C7Ju9TZ8mFWmyW1PB1/wt3/a0ysBQIDAQABMA0GCSqGSIb3DQEB +BQUAA4IBgQArKr4GPpyGrEofeDU3IJEHnIJ2qcLF0exXZN5SP92r3qs/005v5sug +VFgKZ4WmY1ldkBMrk9Rzkp6B+giH0v/3ioHH0BS5d3irasnl5pD29anpK7X7q3G4 +V65ptuGL3MsLpvzZ1LCEo082NRSMSV1I/mNZA7iI7B3rJhBUjt1I1j+GUTpFYkaY +MUjA1duC1zpMNQpCu2YddjQw/GyOX50T6ht2qlKkw1jl6gQAD3lGGDA6ts7qTpqO +nHTXPBsLe68W3t52lrXi8gb3dxAPVyfhaE1BMvXmkvR69nVuqLQhAAvgMbXY8CIO +Q2tR+xVP6VlTM8E6JAP53gjl3cWiL9YYLjOVk+JjdEUCILwU8+QP8z8IRSawnDQl +BwLoo1KzMszLD53izysziCO5KvxhwLa4q9ta9xjtjdqXwpjka4KgGxSBSGjPpPLD +Ymi//0pZH0Jli/dZGJAtPkJt/h1f8PxqISBx9tqL2DP+LlYNh3dejukzPAW2+461 +ZYnZENteqQM= +-----END CERTIFICATE----- diff --git a/contrib/dlz/drivers/dlz_dlopen_driver.c b/contrib/dlz/drivers/dlz_dlopen_driver.c new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/contrib/dlz/drivers/dlz_dlopen_driver.c diff --git a/contrib/dlz/drivers/include/dlz/dlz_bdb_driver.h b/contrib/dlz/drivers/include/dlz/dlz_bdb_driver.h new file mode 100644 index 00000000..1d706fc8 --- /dev/null +++ b/contrib/dlz/drivers/include/dlz/dlz_bdb_driver.h @@ -0,0 +1,45 @@ +/* + * Copyright (C) 2002 Stichting NLnet, Netherlands, stichting@nlnet.nl. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all + * copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND STICHTING NLNET + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * STICHTING NLNET BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS + * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE + * USE OR PERFORMANCE OF THIS SOFTWARE. + * + * The development of Dynamically Loadable Zones (DLZ) for Bind 9 was + * conceived and contributed by Rob Butler. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all + * copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ROB BUTLER + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * ROB BUTLER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS + * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE + * USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef DLZ_BDB_DRIVER_H +#define DLZ_BDB_DRIVER_H + +isc_result_t +dlz_bdb_init(void); + +void +dlz_bdb_clear(void); + +#endif diff --git a/contrib/dlz/drivers/include/dlz/dlz_bdbhpt_driver.h b/contrib/dlz/drivers/include/dlz/dlz_bdbhpt_driver.h new file mode 100644 index 00000000..0ccbc8da --- /dev/null +++ b/contrib/dlz/drivers/include/dlz/dlz_bdbhpt_driver.h @@ -0,0 +1,45 @@ +/* + * Copyright (C) 2002 Stichting NLnet, Netherlands, stichting@nlnet.nl. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all + * copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND STICHTING NLNET + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * STICHTING NLNET BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS + * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE + * USE OR PERFORMANCE OF THIS SOFTWARE. + * + * The development of Dynamically Loadable Zones (DLZ) for Bind 9 was + * conceived and contributed by Rob Butler. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all + * copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ROB BUTLER + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * ROB BUTLER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS + * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE + * USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef DLZ_BDBHPT_DRIVER_H +#define DLZ_BDBHPT_DRIVER_H + +isc_result_t +dlz_bdbhpt_init(void); + +void +dlz_bdbhpt_clear(void); + +#endif diff --git a/contrib/dlz/drivers/include/dlz/dlz_dlopen_driver.h b/contrib/dlz/drivers/include/dlz/dlz_dlopen_driver.h new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/contrib/dlz/drivers/include/dlz/dlz_dlopen_driver.h diff --git a/contrib/dlz/drivers/include/dlz/dlz_filesystem_driver.h b/contrib/dlz/drivers/include/dlz/dlz_filesystem_driver.h new file mode 100644 index 00000000..627427d9 --- /dev/null +++ b/contrib/dlz/drivers/include/dlz/dlz_filesystem_driver.h @@ -0,0 +1,45 @@ +/* + * Copyright (C) 2002 Stichting NLnet, Netherlands, stichting@nlnet.nl. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all + * copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND STICHTING NLNET + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * STICHTING NLNET BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS + * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE + * USE OR PERFORMANCE OF THIS SOFTWARE. + * + * The development of Dynamically Loadable Zones (DLZ) for Bind 9 was + * conceived and contributed by Rob Butler. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all + * copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ROB BUTLER + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * ROB BUTLER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS + * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE + * USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef DLZ_FILESYSTEM_DRIVER_H +#define DLZ_FILESYSTEM_DRIVER_H + +isc_result_t +dlz_fs_init(void); + +void +dlz_fs_clear(void); + +#endif diff --git a/contrib/dlz/drivers/include/dlz/dlz_ldap_driver.h b/contrib/dlz/drivers/include/dlz/dlz_ldap_driver.h new file mode 100644 index 00000000..51efbf49 --- /dev/null +++ b/contrib/dlz/drivers/include/dlz/dlz_ldap_driver.h @@ -0,0 +1,45 @@ +/* + * Copyright (C) 2002 Stichting NLnet, Netherlands, stichting@nlnet.nl. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all + * copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND STICHTING NLNET + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * STICHTING NLNET BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS + * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE + * USE OR PERFORMANCE OF THIS SOFTWARE. + * + * The development of Dynamically Loadable Zones (DLZ) for Bind 9 was + * conceived and contributed by Rob Butler. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all + * copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ROB BUTLER + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * ROB BUTLER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS + * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE + * USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef DLZ_LDAP_DRIVER_H +#define DLZ_LDAP_DRIVER_H + +isc_result_t +dlz_ldap_init(void); + +void +dlz_ldap_clear(void); + +#endif diff --git a/contrib/dlz/drivers/include/dlz/dlz_mysql_driver.h b/contrib/dlz/drivers/include/dlz/dlz_mysql_driver.h new file mode 100644 index 00000000..b742838b --- /dev/null +++ b/contrib/dlz/drivers/include/dlz/dlz_mysql_driver.h @@ -0,0 +1,45 @@ +/* + * Copyright (C) 2002 Stichting NLnet, Netherlands, stichting@nlnet.nl. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all + * copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND STICHTING NLNET + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * STICHTING NLNET BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS + * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE + * USE OR PERFORMANCE OF THIS SOFTWARE. + * + * The development of Dynamically Loadable Zones (DLZ) for Bind 9 was + * conceived and contributed by Rob Butler. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all + * copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ROB BUTLER + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * ROB BUTLER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS + * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE + * USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef DLZ_MYSQL_DRIVER_H +#define DLZ_MYSQL_DRIVER_H + +isc_result_t +dlz_mysql_init(void); + +void +dlz_mysql_clear(void); + +#endif diff --git a/contrib/dlz/drivers/include/dlz/dlz_odbc_driver.h b/contrib/dlz/drivers/include/dlz/dlz_odbc_driver.h new file mode 100644 index 00000000..5a072d8c --- /dev/null +++ b/contrib/dlz/drivers/include/dlz/dlz_odbc_driver.h @@ -0,0 +1,45 @@ +/* + * Copyright (C) 2002 Stichting NLnet, Netherlands, stichting@nlnet.nl. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all + * copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND STICHTING NLNET + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * STICHTING NLNET BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS + * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE + * USE OR PERFORMANCE OF THIS SOFTWARE. + * + * The development of Dynamically Loadable Zones (DLZ) for Bind 9 was + * conceived and contributed by Rob Butler. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all + * copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ROB BUTLER + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * ROB BUTLER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS + * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE + * USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef DLZ_ODBC_DRIVER_H +#define DLZ_ODBC_DRIVER_H + +isc_result_t +dlz_odbc_init(void); + +void +dlz_odbc_clear(void); + +#endif diff --git a/contrib/dlz/drivers/include/dlz/dlz_postgres_driver.h b/contrib/dlz/drivers/include/dlz/dlz_postgres_driver.h new file mode 100644 index 00000000..3416dcea --- /dev/null +++ b/contrib/dlz/drivers/include/dlz/dlz_postgres_driver.h @@ -0,0 +1,45 @@ +/* + * Copyright (C) 2002 Stichting NLnet, Netherlands, stichting@nlnet.nl. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all + * copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND STICHTING NLNET + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * STICHTING NLNET BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS + * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE + * USE OR PERFORMANCE OF THIS SOFTWARE. + * + * The development of Dynamically Loadable Zones (DLZ) for Bind 9 was + * conceived and contributed by Rob Butler. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all + * copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ROB BUTLER + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * ROB BUTLER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS + * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE + * USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef DLZ_POSTGRES_DRIVER_H +#define DLZ_POSTGRES_DRIVER_H + +isc_result_t +dlz_postgres_init(void); + +void +dlz_postgres_clear(void); + +#endif diff --git a/contrib/dlz/drivers/include/dlz/dlz_stub_driver.h b/contrib/dlz/drivers/include/dlz/dlz_stub_driver.h new file mode 100644 index 00000000..a517c69a --- /dev/null +++ b/contrib/dlz/drivers/include/dlz/dlz_stub_driver.h @@ -0,0 +1,45 @@ +/* + * Copyright (C) 2002 Stichting NLnet, Netherlands, stichting@nlnet.nl. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all + * copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND STICHTING NLNET + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * STICHTING NLNET BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS + * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE + * USE OR PERFORMANCE OF THIS SOFTWARE. + * + * The development of Dynamically Loadable Zones (DLZ) for Bind 9 was + * conceived and contributed by Rob Butler. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all + * copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ROB BUTLER + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * ROB BUTLER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS + * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE + * USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef DLZ_STUB_DRIVER_H +#define DLZ_STUB_DRIVER_H + +isc_result_t +dlz_stub_init(void); + +void +dlz_stub_clear(void); + +#endif diff --git a/contrib/dlz/example/Makefile b/contrib/dlz/example/Makefile new file mode 100644 index 00000000..5e84043f --- /dev/null +++ b/contrib/dlz/example/Makefile @@ -0,0 +1,16 @@ +# for building the dlz_example driver we don't use +# the bind9 build structure as the aim is to provide an +# example that is separable from the bind9 source tree + +# this means this Makefile is not portable, so the testsuite +# skips this test on platforms where it doesn't build + +CFLAGS=-Wall -fPIC -g + +all: dlz_example.so + +dlz_example.so: dlz_example.o + $(CC) $(CFLAGS) -shared -o dlz_example.so dlz_example.o + +clean: + rm -f dlz_example.o dlz_example.so diff --git a/contrib/dlz/example/named.conf b/contrib/dlz/example/named.conf new file mode 100644 index 00000000..bc68beeb --- /dev/null +++ b/contrib/dlz/example/named.conf @@ -0,0 +1,63 @@ +/* + * Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is a sample named.conf file that uses the DLZ module defined in + * dlz_example.c. It sets up a zone 'example.nil' which can accept DDNS + * updates. + * + * By default, when run, the zone contains the following records: + * + * example.nil. 3600 IN SOA example.nil. hostmaster.example.nil. ( + * 123 900 600 86400 3600 + * ) + * example.nil. 3600 IN NS example.nil. + * example.nil. 1800 IN A 10.53.0.1 + * + * Additionally, a query for 'source-addr.example.nil/TXT' is always + * answered with the source address of the query. This is used to + * demonstrate the code that retreives client information from the + * caller. + * + * To use this driver, "dlz_external.so" must be moved into the working + * directory for named. + */ + +options { + allow-transfer { any; }; + allow-query { any; }; + notify yes; + recursion no; +}; + +/* + * To test dynamic updates, create a DDNS key: + * + * ddns-confgen -q -z example.nil > ddns.key + * + * Then uncomment the following line: + * + * include "ddns.key"; + * + * Use "nsupdate -k ddns.key" when sending updates. (NOTE: This driver does + * not check the key that's used: as long as the update is signed by a key + * known to named, the update will be accepted. Only updates to names + * that begin with "deny." are rejected.) + */ + +dlz "example" { + database "dlopen ./dlz_example.so example.nil"; +}; diff --git a/contrib/dlz/example/win32/dxdriver.def b/contrib/dlz/example/win32/dxdriver.def new file mode 100644 index 00000000..6d97466d --- /dev/null +++ b/contrib/dlz/example/win32/dxdriver.def @@ -0,0 +1,20 @@ +LIBRARY dxdriver + +; Exported Functions +EXPORTS +dlz_addrdataset +dlz_allnodes +dlz_allowzonexfr +dlz_closeversion +dlz_configure +dlz_create +dlz_delrdataset +dlz_destroy +dlz_findzonedb +dlz_lookup +dlz_newversion +dlz_ssumatch +dlz_subrdataset +dlz_version + + diff --git a/contrib/dlz/example/win32/dxdriver.dsp b/contrib/dlz/example/win32/dxdriver.dsp new file mode 100644 index 00000000..c096b081 --- /dev/null +++ b/contrib/dlz/example/win32/dxdriver.dsp @@ -0,0 +1,121 @@ +# Microsoft Developer Studio Project File - Name="dxdriver" - Package Owner=<4> +# Microsoft Developer Studio Generated Build File, Format Version 6.00 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102 + +CFG=dxdriver - Win32 Release +!MESSAGE This is not a valid makefile. To build this project using NMAKE, +!MESSAGE use the Export Makefile command and run +!MESSAGE +!MESSAGE NMAKE /f "dxdriver.mak". +!MESSAGE +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "dxdriver.mak" CFG="dxdriver - Win32 Release" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "dxdriver - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE "dxdriver - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE + +# Begin Project +# PROP AllowPerConfigDependencies 0 +# PROP Scc_ProjName "" +# PROP Scc_LocalPath "" +CPP=cl.exe +MTL=midl.exe +RSC=rc.exe + +!IF "$(CFG)" == "dxdriver - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "Release" +# PROP BASE Intermediate_Dir "Release" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "Release" +# PROP Intermediate_Dir "Release" +# PROP Ignore_Export_Lib 0 +# PROP Target_Dir "" +# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /YX /FD /c +# ADD CPP /nologo /MD /W3 /GX /O2 /I "../" /I "../../../../../" /I "../../../../../lib/isc/win32" /I "../../../../../lib/isc/win32/include" /I "../../../../../lib/isc/include" /I "../../../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "__STDC__" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /YX /FD /c +# SUBTRACT CPP /X +# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32 +# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32 +# ADD BASE RSC /l 0x409 /d "NDEBUG" +# ADD RSC /l 0x409 /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /machine:I386 +# ADD LINK32 user32.lib advapi32.lib ws2_32.lib /nologo /dll /machine:I386 /out:"../../../../../Build/Release/dxdriver.dll" + +!ELSEIF "$(CFG)" == "dxdriver - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "Debug" +# PROP BASE Intermediate_Dir "Debug" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "Debug" +# PROP Intermediate_Dir "Debug" +# PROP Ignore_Export_Lib 0 +# PROP Target_Dir "" +# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /YX /FD /GZ /c +# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "../" /I "../../../../../" /I "../../../../../lib/isc/win32" /I "../../../../../lib/isc/win32/include" /I "../../../../../lib/isc/include" /I "../../../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /FR /YX /FD /GZ /c +# SUBTRACT CPP /X +# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32 +# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32 +# ADD BASE RSC /l 0x409 /d "_DEBUG" +# ADD RSC /l 0x409 /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /debug /machine:I386 /pdbtype:sept +# ADD LINK32 user32.lib advapi32.lib ws2_32.lib /nologo /dll /debug /machine:I386 /out:"../../../../../Build/Debug/dxdriver.dll" /pdbtype:sept + +!ENDIF + +# Begin Target + +# Name "dxdriver - Win32 Release" +# Name "dxdriver - Win32 Debug" +# Begin Group "Source Files" + +# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat" +# Begin Source File + +SOURCE=..\driver.c +# End Source File +# Begin Source File + +SOURCE=.\DLLMain.c +# End Source File +# End Group +# Begin Group "Header Files" + +# PROP Default_Filter "h;hpp;hxx;hm;inl" +# Begin Source File + +SOURCE=..\driver.h +# End Source File +# End Group +# Begin Group "Resource Files" + +# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe" +# End Group +# Begin Source File + +SOURCE=.\dxdriver.def +# End Source File +# End Target +# End Project diff --git a/contrib/dlz/example/win32/dxdriver.dsw b/contrib/dlz/example/win32/dxdriver.dsw new file mode 100644 index 00000000..b0212fe7 --- /dev/null +++ b/contrib/dlz/example/win32/dxdriver.dsw @@ -0,0 +1,29 @@ +Microsoft Developer Studio Workspace File, Format Version 6.00 +# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE! + +############################################################################### + +Project: "dxdriver"=.\dxdriver.dsp - Package Owner=<4> + +Package=<5> +{{{ +}}} + +Package=<4> +{{{ +}}} + +############################################################################### + +Global: + +Package=<5> +{{{ +}}} + +Package=<3> +{{{ +}}} + +############################################################################### + diff --git a/contrib/dlz/example/win32/dxdriver.mak b/contrib/dlz/example/win32/dxdriver.mak new file mode 100644 index 00000000..1d8506b1 --- /dev/null +++ b/contrib/dlz/example/win32/dxdriver.mak @@ -0,0 +1,298 @@ +# Microsoft Developer Studio Generated NMAKE File, Based on dxdriver.dsp +!IF "$(CFG)" == "" +CFG=dxdriver - Win32 Release +!MESSAGE No configuration specified. Defaulting to dxdriver - Win32 Release. +!ENDIF + +!IF "$(CFG)" != "dxdriver - Win32 Release" && "$(CFG)" != "dxdriver - Win32 Debug" +!MESSAGE Invalid configuration "$(CFG)" specified. +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "dxdriver.mak" CFG="dxdriver - Win32 Release" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "dxdriver - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE "dxdriver - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE +!ERROR An invalid configuration is specified. +!ENDIF + +!IF "$(OS)" == "Windows_NT" +NULL= +!ELSE +NULL=nul +!ENDIF + +CPP=cl.exe +MTL=midl.exe +RSC=rc.exe + +!IF "$(CFG)" == "dxdriver - Win32 Release" +_VC_MANIFEST_INC=0 +_VC_MANIFEST_BASENAME=__VC80 +!ELSE +_VC_MANIFEST_INC=1 +_VC_MANIFEST_BASENAME=__VC80.Debug +!ENDIF + +#################################################### +# Specifying name of temporary resource file used only in incremental builds: + +!if "$(_VC_MANIFEST_INC)" == "1" +_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res +!else +_VC_MANIFEST_AUTO_RES= +!endif + +#################################################### +# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE: + +!if "$(_VC_MANIFEST_INC)" == "1" + +#MT_SPECIAL_RETURN=1090650113 +#MT_SPECIAL_SWITCH=-notify_resource_update +MT_SPECIAL_RETURN=0 +MT_SPECIAL_SWITCH= +_VC_MANIFEST_EMBED_EXE= \ +if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \ +if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \ +rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \ +link $** /out:$@ $(LFLAGS) + +!else + +_VC_MANIFEST_EMBED_EXE= \ +if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1 + +!endif + +#################################################### +# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL: + +!if "$(_VC_MANIFEST_INC)" == "1" + +#MT_SPECIAL_RETURN=1090650113 +#MT_SPECIAL_SWITCH=-notify_resource_update +MT_SPECIAL_RETURN=0 +MT_SPECIAL_SWITCH= +_VC_MANIFEST_EMBED_EXE= \ +if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \ +if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \ +rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \ +link $** /out:$@ $(LFLAGS) + +!else + +_VC_MANIFEST_EMBED_EXE= \ +if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2 + +!endif +#################################################### +# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily: + +!if "$(_VC_MANIFEST_INC)" == "1" + +_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \ + $(_VC_MANIFEST_BASENAME).auto.rc \ + $(_VC_MANIFEST_BASENAME).auto.manifest + +!else + +_VC_MANIFEST_CLEAN= + +!endif + +!IF "$(CFG)" == "dxdriver - Win32 Release" + +OUTDIR=.\Release +INTDIR=.\Release + +ALL : "..\..\..\..\..\Build\Release\dxdriver.dll" + +CLEAN : + -@erase "$(INTDIR)\DLLMain.obj" + -@erase "$(INTDIR)\driver.obj" + -@erase "$(INTDIR)\vc60.idb" + -@erase "$(OUTDIR)\dxdriver.exp" + -@erase "$(OUTDIR)\dxdriver.lib" + -@erase "..\..\..\..\..\Build\Release\dxdriver.dll" + -@$(_VC_MANIFEST_CLEAN) + +"$(OUTDIR)" : + if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)" + +CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "../" /I "../../../../../" /I "../../../../../lib/isc/win32" /I "../../../../../lib/isc/win32/include" /I "../../../../../lib/isc/include" /I "../../../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "__STDC__" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /Fp"$(INTDIR)\dxdriver.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c +MTL_PROJ=/nologo /D "NDEBUG" /mktyplib203 /win32 +BSC32=bscmake.exe +BSC32_FLAGS=/nologo /o"$(OUTDIR)\dxdriver.bsc" +BSC32_SBRS= \ + +LINK32=link.exe +LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib /nologo /dll /incremental:no /pdb:"$(OUTDIR)\dxdriver.pdb" /machine:I386 /def:".\dxdriver.def" /out:"../../../../../Build/Release/dxdriver.dll" /implib:"$(OUTDIR)\dxdriver.lib" +DEF_FILE= \ + ".\dxdriver.def" +LINK32_OBJS= \ + "$(INTDIR)\DLLMain.obj" \ + "$(INTDIR)\driver.obj" + +"..\..\..\..\..\Build\Release\dxdriver.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS) + $(LINK32) @<< + $(LINK32_FLAGS) $(LINK32_OBJS) +<< + $(_VC_MANIFEST_EMBED_DLL) + +!ELSEIF "$(CFG)" == "dxdriver - Win32 Debug" + +OUTDIR=.\Debug +INTDIR=.\Debug +# Begin Custom Macros +OutDir=.\Debug +# End Custom Macros + +ALL : "..\..\..\..\..\Build\Debug\dxdriver.dll" "$(OUTDIR)\dxdriver.bsc" + +CLEAN : + -@erase "$(INTDIR)\DLLMain.obj" + -@erase "$(INTDIR)\DLLMain.sbr" + -@erase "$(INTDIR)\driver.obj" + -@erase "$(INTDIR)\driver.sbr" + -@erase "$(INTDIR)\vc60.idb" + -@erase "$(INTDIR)\vc60.pdb" + -@erase "$(OUTDIR)\dxdriver.bsc" + -@erase "$(OUTDIR)\dxdriver.exp" + -@erase "$(OUTDIR)\dxdriver.lib" + -@erase "$(OUTDIR)\dxdriver.pdb" + -@erase "..\..\..\..\..\Build\Debug\dxdriver.dll" + -@erase "..\..\..\..\..\Build\Debug\dxdriver.ilk" + -@$(_VC_MANIFEST_CLEAN) + +"$(OUTDIR)" : + if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)" + +CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "../" /I "../../../../../" /I "../../../../../lib/isc/win32" /I "../../../../../lib/isc/win32/include" /I "../../../../../lib/isc/include" /I "../../../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /FR"$(INTDIR)\\" /Fp"$(INTDIR)\dxdriver.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c +MTL_PROJ=/nologo /D "_DEBUG" /mktyplib203 /win32 +BSC32=bscmake.exe +BSC32_FLAGS=/nologo /o"$(OUTDIR)\dxdriver.bsc" +BSC32_SBRS= \ + "$(INTDIR)\DLLMain.sbr" \ + "$(INTDIR)\driver.sbr" + +"$(OUTDIR)\dxdriver.bsc" : "$(OUTDIR)" $(BSC32_SBRS) + $(BSC32) @<< + $(BSC32_FLAGS) $(BSC32_SBRS) +<< + +LINK32=link.exe +LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib /nologo /dll /incremental:yes /pdb:"$(OUTDIR)\dxdriver.pdb" /debug /machine:I386 /def:".\dxdriver.def" /out:"../../../../../Build/Debug/dxdriver.dll" /implib:"$(OUTDIR)\dxdriver.lib" /pdbtype:sept +DEF_FILE= \ + ".\dxdriver.def" +LINK32_OBJS= \ + "$(INTDIR)\DLLMain.obj" \ + "$(INTDIR)\driver.obj" + +"..\..\..\..\..\Build\Debug\dxdriver.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS) + $(LINK32) @<< + $(LINK32_FLAGS) $(LINK32_OBJS) +<< + $(_VC_MANIFEST_EMBED_DLL) + +!ENDIF + +.c{$(INTDIR)}.obj:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +.cpp{$(INTDIR)}.obj:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +.cxx{$(INTDIR)}.obj:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +.c{$(INTDIR)}.sbr:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +.cpp{$(INTDIR)}.sbr:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + +.cxx{$(INTDIR)}.sbr:: + $(CPP) @<< + $(CPP_PROJ) $< +<< + + +!IF "$(NO_EXTERNAL_DEPS)" != "1" +!IF EXISTS("dxdriver.dep") +!INCLUDE "dxdriver.dep" +!ELSE +!MESSAGE Warning: cannot find "dxdriver.dep" +!ENDIF +!ENDIF + + +!IF "$(CFG)" == "dxdriver - Win32 Release" || "$(CFG)" == "dxdriver - Win32 Debug" +SOURCE=.\DLLMain.c + +!IF "$(CFG)" == "dxdriver - Win32 Release" + + +"$(INTDIR)\DLLMain.obj" : $(SOURCE) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "dxdriver - Win32 Debug" + + +"$(INTDIR)\DLLMain.obj" "$(INTDIR)\DLLMain.sbr" : $(SOURCE) "$(INTDIR)" + + +!ENDIF + +SOURCE=..\driver.c + +!IF "$(CFG)" == "dxdriver - Win32 Release" + + +"$(INTDIR)\driver.obj" : $(SOURCE) "$(INTDIR)" + $(CPP) $(CPP_PROJ) $(SOURCE) + + +!ELSEIF "$(CFG)" == "dxdriver - Win32 Debug" + + +"$(INTDIR)\driver.obj" "$(INTDIR)\driver.sbr" : $(SOURCE) "$(INTDIR)" + $(CPP) $(CPP_PROJ) $(SOURCE) + + +!ENDIF + + +!ENDIF + +#################################################### +# Commands to generate initial empty manifest file and the RC file +# that references it, and for generating the .res file: + +$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc + +$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest + type <<$@ +#include <winuser.h> +1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest" +<< KEEP + +$(_VC_MANIFEST_BASENAME).auto.manifest : + type <<$@ +<?xml version='1.0' encoding='UTF-8' standalone='yes'?> +<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'> +</assembly> +<< KEEP diff --git a/contrib/dlz/modules/bdbhpt/Makefile b/contrib/dlz/modules/bdbhpt/Makefile new file mode 100644 index 00000000..795a2e8b --- /dev/null +++ b/contrib/dlz/modules/bdbhpt/Makefile @@ -0,0 +1,18 @@ +prefix = /usr +libdir = $(prefix)/lib/bind9 + +CFLAGS=-fPIC -g -I../include +BDB_LIBS=-ldb + +all: dlz_bdbhpt_dynamic.so + +dlz_bdbhpt_dynamic.so: dlz_bdbhpt_dynamic.c + $(CC) $(CFLAGS) -shared -o dlz_bdbhpt_dynamic.so \ + dlz_bdbhpt_dynamic.c $(BDB_LIBS) + +clean: + rm -f dlz_bdbhpt_dynamic.so + +install: dlz_bdbhpt_dynamic.so + mkdir -p $(DESTDIR)$(libdir) + install dlz_bdbhpt_dynamic.so $(DESTDIR)$(libdir) diff --git a/contrib/dlz/modules/bdbhpt/README.md b/contrib/dlz/modules/bdbhpt/README.md new file mode 100644 index 00000000..10f10a9b --- /dev/null +++ b/contrib/dlz/modules/bdbhpt/README.md @@ -0,0 +1,86 @@ +dlz-bdbhpt-dynamic +================== + +A Bind 9 Dynamically Loadable BerkeleyDB High Performance Text Driver + +Summary +------- + +This is an attempt to port the original Bind 9 DLZ bdbhpt_driver.c as +found in the Bind 9 source tree into the new DLZ dlopen driver API. +The goals of this project are as follows: + +* Provide DLZ facilities to OEM-supported Bind distributions +* Support both v1 (Bind 9.8) and v2 (Bind 9.9) of the dlopen() DLZ API + +Requirements +------------ + +You will need the following: + * Bind 9.8 or higher with the DLZ dlopen driver enabled + * BerkeleyDB libraries and header files + * A C compiler + +This distribution have been successfully installed and tested on +Ubuntu 12.04. + +Installation +------------ + +With the above requirements satisfied perform the following steps: + +1. Ensure the symlink for dlz_minimal.h points at the correct header + file matching your Bind version +2. Run: make +3. Run: sudo make install # this will install dlz_bdbhpt_dynamic.so + into /usr/lib/bind9/ +4. Add a DLZ statement similar to the example below into your + Bind configuration +5. Ensure your BerkeleyDB home-directory exists and can be written to + by the bind user +6. Use the included testing/bdbhpt-populate.pl script to provide some + data for initial testing + +Usage +----- + +Example usage is as follows: + +``` +dlz "bdbhpt_dynamic" { + database "dlopen /usr/lib/bind9/dlz_bdbhpt_dynamic.so T /var/cache/bind/dlz dnsdata.db"; +}; +``` + +The arguments for the "database" line above are as follows: + +1. dlopen - Use the dlopen DLZ driver to dynamically load our compiled + driver +2. The full path to your built dlz_bdbhpt_dynamic.so +3. Single character specifying the mode to open your BerkeleyDB + environment: + * T - Transactional Mode - Highest safety, lowest speed. + * C - Concurrent Mode - Lower safety (no rollback), higher speed. + * P - Private Mode - No interprocess communication & no locking. + Lowest safety, highest speed. +4. Directory containing your BerkeleyDB - this is where the BerkeleyDB + environment will be created. +5. Filename within this directory containing your BerkeleyDB tables. + +A copy of the above Bind configuration is included within +example/dlz.conf. + +Author +------ + +The person responsible for this is: + + Mark Goldfinch <g@g.org.nz> + +The code is maintained at: + + https://github.com/goldie80/dlz-bdbhpt-dynamic + +There is very little in the way of original code in this work, +however, original license conditions from both bdbhpt_driver.c and +dlz_example.c are maintained in the dlz_bdbhpt_dynamic.c. diff --git a/contrib/dlz/modules/bdbhpt/testing/README b/contrib/dlz/modules/bdbhpt/testing/README new file mode 100644 index 00000000..aec0935e --- /dev/null +++ b/contrib/dlz/modules/bdbhpt/testing/README @@ -0,0 +1,11 @@ +These files were used for testing on Ubuntu Linux using BDB 5.1 and +BerkeleyDB 0.54 for perl. + +- Populate the database from dns-data.txt for zone example.com: + + perl bdbhpt-populate.pl \ + --bdb=test.db --input=dns-data.txt --zones=example.com + +- Run "named -g -c named.conf" + +BDB server is now loaded with example.com data from the file test.db diff --git a/contrib/dlz/modules/bdbhpt/testing/bdbhpt-populate.pl b/contrib/dlz/modules/bdbhpt/testing/bdbhpt-populate.pl new file mode 100755 index 00000000..909976a2 --- /dev/null +++ b/contrib/dlz/modules/bdbhpt/testing/bdbhpt-populate.pl @@ -0,0 +1,232 @@ +#!/usr/bin/perl -w +use strict; +use BerkeleyDB; +use Getopt::Long; + +my $opt = {}; +if (!GetOptions($opt, qw/bdb|b:s input|i:s zones|z:s help|h/)) { + usage('GetOptions processing failed.'); + exit 1; +} + +if ($opt->{help}) { + usage(); + exit 0; +} + +my $db_file = $opt->{bdb}; +if (!defined $db_file || $db_file eq '') { + usage('Please specify an output BerkeleyDB filename.'); + exit 1; +} + +my $input_file = $opt->{input}; +if (!defined $input_file || $input_file eq '') { + usage('Please specify an input records file.'); + exit 1; +} + +my $zone_list = $opt->{zones}; +if (!defined $zone_list || $zone_list eq '') { + usage('Please specify a space seperated list of zones'); + exit 1; +} + +my $records = []; +my $unique_names = []; +populate_records(records=>$records, input_file=>$input_file, unique_names=>$unique_names); + +my $flags = DB_CREATE; + +my $dns_data = new BerkeleyDB::Hash + -Filename => $db_file, + -Flags => $flags, + -Property => DB_DUP | DB_DUPSORT, + -Subname => "dns_data" + || die "Cannot create dns_data: $BerkeleyDB::Error"; + +my $replId = 0; +my @zones = split(/\s+/, $zone_list); +foreach my $zone (@zones) { + foreach my $r (@$records) { + my $name = $r->{name}; + my $ttl = $r->{ttl}; + my $type = $r->{type}; + my $data = $r->{data}; + + $data =~ s/\%zone\%/$zone/g; + $data =~ s/\%driver\%/bdbhpt-dynamic/g; + + my $row_name = "$zone $name"; + my $row_value = "$replId $name $ttl $type $data"; + if ($dns_data->db_put($row_name, $row_value) != 0) { + die "Cannot add record '$row_name' -> '$row_value' to dns_data: $BerkeleyDB::Error"; + } + $replId++; + } +} + +$dns_data->db_close(); + +my $dns_xfr = new BerkeleyDB::Hash + -Filename => $db_file, + -Flags => $flags, + -Property => DB_DUP | DB_DUPSORT, + -Subname => "dns_xfr" + or die "Cannot create dns_xfr: $BerkeleyDB::Error"; + +foreach my $zone (@zones) { + foreach my $name (@$unique_names) { + if ($dns_xfr->db_put($zone, $name) != 0) { + die "Cannot add record '$zone' -> '$name' to dns_xfr: $BerkeleyDB::Error"; + } + } +} + +$dns_xfr->db_close(); + +my $dns_client = new BerkeleyDB::Hash + -Filename => $db_file, + -Flags => $flags, + -Property => DB_DUP | DB_DUPSORT, + -Subname => "dns_client" + or die "Cannot create dns_client: $BerkeleyDB::Error"; + +foreach my $zone (@zones) { + my $ip = '127.0.0.1'; + if ($dns_client->db_put($zone, $ip) != 0) { + die "Cannot add record '$zone' -> '$ip' to dns_client: $BerkeleyDB::Error"; + } +} + +$dns_client->db_close(); + +my $dns_zone = new BerkeleyDB::Btree + -Filename => $db_file, + -Flags => $flags, + -Property => 0, + -Subname => "dns_zone" + or die "Cannot create dns_zone: $BerkeleyDB::Error"; + +foreach my $zone (@zones) { + my $reversed_zone = reverse($zone); + if ($dns_zone->db_put($reversed_zone, "1") != 0) { + die "Cannot add record '$reversed_zone' -> '1' to dns_zone: $BerkeleyDB::Error"; + } +}; + +$dns_zone->db_close(); + +exit 0; + +sub usage { + my ($message) = @_; + if (defined $message && $message ne '') { + print STDERR $message . "\n\n"; + } + + print STDERR "usage: $0 --bdb=<bdb-file> --input=<input-file> --zones=<zone-list>\n\n"; + print STDERR "\tbdb-file: The output BerkeleyDB file you wish to create and use with bdbhpt-dynamic\n\n"; + print STDERR "\tinput-file: The input text-file containing records to populate within your zones\n\n"; + print STDERR "\tzone-list: The space-seperated list of zones you wish to create\n\n"; +} + +sub populate_records { + my (%args) = @_; + my $records = $args{records}; + my $input_file = $args{input_file}; + my $unique_names = $args{unique_names}; + + my %unique; + + open(RECORDS, $input_file) || die "unable to open $input_file: $!"; + while (<RECORDS>) { + chomp; + s/\#.*$//; + s/^\s+//; + if ($_ eq '') { + next; + } + my ($name, $ttl, $type, $data) = split(/\s+/, $_, 4); + my $record = { name=>$name, ttl=>$ttl, type=>$type, data=>$data }; + if (validate_record($record)) { + push @$records, $record; + $unique{$name} = 1; + } + } + close(RECORDS); + + foreach my $name (sort keys %unique) { + push @$unique_names, $name; + } +} + +# This could probably do more in-depth tests, but these tests are better than nothing! +sub validate_record { + my ($r) = @_; + + # http://en.wikipedia.org/wiki/List_of_DNS_record_types + my @TYPES = qw/A AAAA AFSDB APL CERT CNAME DHCID DLV DNAME DNSKEY DS HIP IPSECKEY KEY KX LOC MX NAPTR NS NSEC NSEC3 NSEC3PARAM PTR RRSIG RP SIG SOA SPF SRV SSHFP TA TKEY TLSA TSIG TXT/; + my $VALID_TYPE = {}; + foreach my $t (@TYPES) { + $VALID_TYPE->{$t} = 1; + } + + if (!defined $r->{name} || $r->{name} eq '') { + die "Record name must be set"; + } + + if (!defined $r->{ttl} || $r->{ttl} eq '') { + die "Record TTL must be set"; + } + + if ($r->{ttl} =~ /\D/ || $r->{ttl} < 0) { + die "Record TTL must be an integer 0 or greater"; + } + + if (!defined $r->{type} || $r->{type} eq '') { + die "Record type must be set"; + } + + if (!$VALID_TYPE->{$r->{type}}) { + die "Unsupported record type: $r->{type}"; + } + + # Lets do some data validation for the records which will cause bind to crash if they're wrong + if ($r->{type} eq 'SOA') { + my $soa_error = "SOA records must take the form: 'server email refresh retry expire negative_cache_ttl'"; + my ($server, $email, $version, $refresh, $retry, $expire, $negative_cache_ttl) = split(/\s+/, $r->{data}); + if (!defined $server || $server eq '') { + die "$soa_error, missing server"; + } + if (!defined $email || $email eq '') { + die "$soa_error, missing email"; + } + if (!defined $refresh || $refresh eq '') { + die "$soa_error, missing refresh"; + } + if ($refresh =~ /\D/ || $refresh <= 0) { + die "$soa_error, refresh must be an integer greater than 0"; + } + if (!defined $retry || $retry eq '') { + die "$soa_error, missing retry"; + } + if ($retry =~ /\D/ || $retry <= 0) { + die "$soa_error, retry must be an integer greater than 0"; + } + if (!defined $expire || $expire eq '') { + die "$soa_error, missing expire"; + } + if ($expire =~ /\D/ || $expire <= 0) { + die "$soa_error, expire must be an integer greater than 0"; + } + if (!defined $negative_cache_ttl || $negative_cache_ttl eq '') { + die "$soa_error, missing negative cache ttl"; + } + if ($negative_cache_ttl =~ /\D/ || $negative_cache_ttl <= 0) { + die "$soa_error, negative cache ttl must be an integer greater than 0"; + } + } + + return 1; +} diff --git a/contrib/dlz/modules/bdbhpt/testing/dns-data.txt b/contrib/dlz/modules/bdbhpt/testing/dns-data.txt new file mode 100644 index 00000000..242cd3d1 --- /dev/null +++ b/contrib/dlz/modules/bdbhpt/testing/dns-data.txt @@ -0,0 +1,19 @@ +# Name TTL Type Data +@ 3600 SOA ns1.%zone%. root.%zone%. 2012071700 604800 86400 2419200 10800 +@ 3600 NS ns1.%zone%. +@ 3600 MX 5 mx1.%zone%. +@ 3600 MX 10 mx2.%zone%. +@ 3600 TXT This zone brought to you by %driver%! +jabber 3600 A 127.0.0.1 +mx1 3600 A 127.0.0.2 +mx2 3600 A 127.0.0.3 +jabber 3600 A 127.0.0.4 +ns1 3600 A 127.0.0.5 +ns1 3600 AAAA ::1 +voip 3600 A 127.0.0.6 +www 3600 CNAME www1.%zone% +www1 3600 A 127.0.0.7 +_sip._udp 3600 SRV 5 0 5060 voip.%zone%. +_jabber._tcp 3600 SRV 5 0 5269 jabber.%zone%. +_xmpp-client._tcp 3600 SRV 5 0 5222 jabber.%zone%. +_xmpp-server._tcp 3600 SRV 5 0 5269 jabber.%zone%. diff --git a/contrib/dlz/modules/bdbhpt/testing/named.conf b/contrib/dlz/modules/bdbhpt/testing/named.conf new file mode 100644 index 00000000..584a1cf6 --- /dev/null +++ b/contrib/dlz/modules/bdbhpt/testing/named.conf @@ -0,0 +1,40 @@ +/* + * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +controls { }; + +options { + directory "."; + port 5300; + pid-file "named.pid"; + session-keyfile "session.key"; + listen-on { any; }; + listen-on-v6 { none; }; + recursion no; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-md5; +}; + +controls { + inet 127.0.0.1 port 9953 allow { any; } keys { rndc_key; }; +}; + +dlz "bdbhpt_dynamic" { + database "dlopen ../dlz_bdbhpt_dynamic.so T . test.db"; +}; diff --git a/contrib/dlz/modules/filesystem/Makefile b/contrib/dlz/modules/filesystem/Makefile new file mode 100644 index 00000000..fd87ee89 --- /dev/null +++ b/contrib/dlz/modules/filesystem/Makefile @@ -0,0 +1,20 @@ +prefix = /usr +libdir = $(prefix)/lib/bind9 + +CFLAGS=-fPIC -g -I../include + +all: dlz_filesystem_dynamic.so + +dir.o: dir.c + $(CC) $(CFLAGS) -c dir.c + +dlz_filesystem_dynamic.so: dlz_filesystem_dynamic.c dir.o + $(CC) $(CFLAGS) -shared -o dlz_filesystem_dynamic.so \ + dlz_filesystem_dynamic.c dir.o + +clean: + rm -f dlz_filesystem_dynamic.so *.o + +install: dlz_filesystem_dynamic.so + mkdir -p $(DESTDIR)$(libdir) + install dlz_filesystem_dynamic.so $(DESTDIR)$(libdir) diff --git a/contrib/dlz/modules/filesystem/dir.h b/contrib/dlz/modules/filesystem/dir.h new file mode 100644 index 00000000..66041fac --- /dev/null +++ b/contrib/dlz/modules/filesystem/dir.h @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +#include <sys/types.h> +#include <dirent.h> + +#define DIR_NAMEMAX 256 +#define DIR_PATHMAX 1024 + +typedef struct direntry { + char name[DIR_NAMEMAX]; + unsigned int length; +} direntry_t; + +typedef struct dir { + char dirname[DIR_PATHMAX]; + direntry_t entry; + DIR * handle; +} dir_t; + +void +dir_init(dir_t *dir); + +isc_result_t +dir_open(dir_t *dir, const char *dirname); + +isc_result_t +dir_read(dir_t *dir); + +isc_result_t +dir_reset(dir_t *dir); + +void +dir_close(dir_t *dir); diff --git a/contrib/dlz/modules/include/dlz_list.h b/contrib/dlz/modules/include/dlz_list.h new file mode 100644 index 00000000..d236105f --- /dev/null +++ b/contrib/dlz/modules/include/dlz_list.h @@ -0,0 +1,40 @@ +/* + * Copyright (C) 1997-2002, 2004, 2006, 2007, 2011-2013, 2016 Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +#ifndef DLZ_LIST_H +#define DLZ_LIST_H 1 + +#define DLZ_LIST(type) struct { type *head, *tail; } +#define DLZ_LIST_INIT(list) \ + do { (list).head = NULL; (list).tail = NULL; } while (0) + +#define DLZ_LINK(type) struct { type *prev, *next; } +#define DLZ_LINK_INIT(elt, link) \ + do { \ + (elt)->link.prev = (void *)(-1); \ + (elt)->link.next = (void *)(-1); \ + } while (0) + +#define DLZ_LIST_HEAD(list) ((list).head) +#define DLZ_LIST_TAIL(list) ((list).tail) + +#define DLZ_LIST_APPEND(list, elt, link) \ + do { \ + if ((list).tail != NULL) \ + (list).tail->link.next = (elt); \ + else \ + (list).head = (elt); \ + (elt)->link.prev = (list).tail; \ + (elt)->link.next = NULL; \ + (list).tail = (elt); \ + } while (0) + +#define DLZ_LIST_PREV(elt, link) ((elt)->link.prev) +#define DLZ_LIST_NEXT(elt, link) ((elt)->link.next) + +#endif /* DLZ_LIST_H */ diff --git a/contrib/dlz/modules/include/dlz_pthread.h b/contrib/dlz/modules/include/dlz_pthread.h new file mode 100644 index 00000000..90d143e5 --- /dev/null +++ b/contrib/dlz/modules/include/dlz_pthread.h @@ -0,0 +1,41 @@ +/* + * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef DLZ_PTHREAD_H +#define DLZ_PTHREAD_H 1 + +#ifndef PTHREADS +#define PTHREADS 1 +#endif + +#ifdef PTHREADS +#include <pthread.h> +#define dlz_mutex_t pthread_mutex_t +#define dlz_mutex_init pthread_mutex_init +#define dlz_mutex_destroy pthread_mutex_destroy +#define dlz_mutex_lock pthread_mutex_lock +#define dlz_mutex_trylock pthread_mutex_trylock +#define dlz_mutex_unlock pthread_mutex_unlock +#else /* !PTHREADS */ +#define dlz_mutex_t void +#define dlz_mutex_init(a, b) (0) +#define dlz_mutex_destroy(a) (0) +#define dlz_mutex_lock(a) (0) +#define dlz_mutex_trylock(a) (0) +#define dlz_mutex_unlock(a) (0) +#endif + +#endif /* DLZ_PTHREAD_H */ diff --git a/contrib/dlz/modules/ldap/Makefile b/contrib/dlz/modules/ldap/Makefile new file mode 100644 index 00000000..8926abf8 --- /dev/null +++ b/contrib/dlz/modules/ldap/Makefile @@ -0,0 +1,21 @@ +prefix = /usr +libdir = $(prefix)/lib/bind9 + +CFLAGS=-fPIC -g -I../include +LDAP_LIBS=-lldap + +all: dlz_ldap_dynamic.so + +dlz_dbi.o: ../common/dlz_dbi.c + $(CC) $(CFLAGS) -c ../common/dlz_dbi.c + +dlz_ldap_dynamic.so: dlz_ldap_dynamic.c dlz_dbi.o + $(CC) $(CFLAGS) -shared -o dlz_ldap_dynamic.so \ + dlz_ldap_dynamic.c dlz_dbi.o $(LDAP_LIBS) + +clean: + rm -f dlz_ldap_dynamic.so *.o + +install: dlz_ldap_dynamic.so + mkdir -p $(DESTDIR)$(libdir) + install dlz_ldap_dynamic.so $(DESTDIR)$(libdir) diff --git a/contrib/dlz/modules/ldap/testing/README b/contrib/dlz/modules/ldap/testing/README new file mode 100644 index 00000000..69b13819 --- /dev/null +++ b/contrib/dlz/modules/ldap/testing/README @@ -0,0 +1,10 @@ +These files were used for testing on Ubuntu Linux using OpenLDAP. + +- Move aside /etc/ldap/slapd.d +- Move slapd.conf to /etc/ldap +- Move dlz.schema to /etc/ldap/schema/dlz.schema +- Run "/etc/init.d/slapd restart" +- Run "ldapadd -x -f example.ldif -D 'cn=Manager,o=bind-dlz' -w secret" + +LDAP server is now loaded with example.com data from the file example.ldif + diff --git a/contrib/dlz/modules/ldap/testing/named.conf b/contrib/dlz/modules/ldap/testing/named.conf new file mode 100644 index 00000000..e79a02e4 --- /dev/null +++ b/contrib/dlz/modules/ldap/testing/named.conf @@ -0,0 +1,46 @@ +/* + * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +controls { }; + +options { + directory "."; + port 5300; + pid-file "named.pid"; + session-keyfile "session.key"; + listen-on { any; }; + listen-on-v6 { none; }; + recursion no; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-md5; +}; + +controls { + inet 127.0.0.1 port 9953 allow { any; } keys { rndc_key; }; +}; + +dlz "test" { + database "dlopen ../dlz_ldap_dynamic.so 2 + v3 simple {cn=Manager,o=bind-dlz} {secret} {127.0.0.1} + ldap:///dlzZoneName=$zone$,ou=dns,o=bind-dlz???objectclass=dlzZone + ldap:///dlzHostName=$record$,dlzZoneName=$zone$,ou=dns,o=bind-dlz?dlzTTL,dlzType,dlzPreference,dlzData,dlzIPAddr?sub?(&(objectclass=dlzAbstractRecord)(!(dlzType=soa))) + ldap:///dlzHostName=@,dlzZoneName=$zone$,ou=dns,o=bind-dlz?dlzTTL,dlzType,dlzData,dlzPrimaryNS,dlzAdminEmail,dlzSerial,dlzRefresh,dlzRetry,dlzExpire,dlzMinimum?sub?(&(objectclass=dlzAbstractRecord)(dlzType=soa)) + ldap:///dlzZoneName=$zone$,ou=dns,o=bind-dlz?dlzTTL,dlzType,dlzHostName,dlzPreference,dlzData,dlzIPAddr,dlzPrimaryNS,dlzAdminEmail,dlzSerial,dlzRefresh,dlzRetry,dlzExpire,dlzMinimum?sub?(&(objectclass=dlzAbstractRecord)(!(dlzType=soa))) + ldap:///dlzZoneName=$zone$,ou=dns,o=bind-dlz??sub?(&(objectclass=dlzXFR)(dlzIPAddr=$client$))"; +}; diff --git a/contrib/dlz/modules/ldap/testing/slapd.conf b/contrib/dlz/modules/ldap/testing/slapd.conf new file mode 100644 index 00000000..14c8ffb0 --- /dev/null +++ b/contrib/dlz/modules/ldap/testing/slapd.conf @@ -0,0 +1,44 @@ +# this is the full path to the core.schema +include /etc/ldap/schema/core.schema + +# this is the full path to the dlz.schema +include /etc/ldap/schema/dlz.schema + +# these files hold the slapd process ID and program args when +# slapd is started. +pidfile /var/run/slapd/slapd.pid +argsfile /var/run/slapd/slapd.args + +modulepath /usr/lib/ldap +moduleload back_hdb + +# this allows ldap version 2 connections. You should comment +# it out if you don't need ldap version 2. +allow bind_v2 + +# this sets up the Berkeley DB database backend for LDAP to use. +database hdb + +# This is the root of the LDAP server. You still need to add +# an entry to this location via a LDIF file, or you won't be +# able to add anything else into the LDAP server. +suffix "o=bind-dlz" + +# this is the "username" you have to use when connecting to the +# ldap server to make updates. Type the whole thing exactly +# as you see it as a parameter to ldapadd. +rootdn "cn=Manager,o=bind-dlz" + +# this is the "password" you have to use when connecting to the +# ldap server to make updates. +rootpw secret + +# this is the directory that the LDAP server will create the +# Berkeley DB backend in. +directory /var/lib/ldap + +# this just adds some indexing to the LDAP server. +# probably should have more to better optimize DLZ LDAP searches. +index cn,sn,uid pres,eq +index objectClass eq + diff --git a/contrib/dlz/modules/mysql/testing/README b/contrib/dlz/modules/mysql/testing/README new file mode 100644 index 00000000..a4b87bba --- /dev/null +++ b/contrib/dlz/modules/mysql/testing/README @@ -0,0 +1,7 @@ +These files were used for testing on Ubuntu Linux using MySQL + +- Install MySQL: sudo apt-get install mysql-server +- Run "mysql --user=USER --password=PASSWORD < dlz.schema" to set up database +- Run "mysql --user=USER --password=PASSWORD < dlz.data" to populate it +- update named.conf with correct USER and PASSWORD + diff --git a/contrib/dlz/modules/mysql/testing/dlz.schema b/contrib/dlz/modules/mysql/testing/dlz.schema new file mode 100644 index 00000000..f20b59e9 --- /dev/null +++ b/contrib/dlz/modules/mysql/testing/dlz.schema @@ -0,0 +1,30 @@ +CREATE DATABASE `BindDB` DEFAULT CHARACTER SET latin1; +USE `BindDB`; + +CREATE TABLE IF NOT EXISTS `records` ( + `id` int(10) unsigned NOT NULL AUTO_INCREMENT, + `zone` varchar(255) NOT NULL, + `ttl` int(11) NOT NULL DEFAULT '86400', + `type` varchar(255) NOT NULL, + `host` varchar(255) NOT NULL DEFAULT '@', + `mx_priority` int(11) DEFAULT NULL, + `data` text, + `primary_ns` varchar(255) DEFAULT NULL, + `resp_contact` varchar(255) DEFAULT NULL, + `serial` bigint(20) DEFAULT NULL, + `refresh` int(11) DEFAULT NULL, + `retry` int(11) DEFAULT NULL, + `expire` int(11) DEFAULT NULL, + `minimum` int(11) DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `type` (`type`), + KEY `host` (`host`), + KEY `zone` (`zone`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; + +CREATE TABLE IF NOT EXISTS `xfr` ( + `zone` varchar(255) NOT NULL, + `client` varchar(255) NOT NULL, + KEY `zone` (`zone`), + KEY `client` (`client`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; diff --git a/contrib/dlz/modules/mysql/testing/named.conf b/contrib/dlz/modules/mysql/testing/named.conf new file mode 100644 index 00000000..f8afa238 --- /dev/null +++ b/contrib/dlz/modules/mysql/testing/named.conf @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +controls { }; + +options { + directory "."; + port 5300; + pid-file "named.pid"; + session-keyfile "session.key"; + listen-on { any; }; + listen-on-v6 { none; }; + recursion no; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-md5; +}; + +controls { + inet 127.0.0.1 port 9953 allow { any; } keys { rndc_key; }; +}; + +dlz "test" { + database "dlopen ../dlz_mysql_dynamic.so + { + host=127.0.0.1 port=3306 socket=/tmp/mysql.sock + dbname=BindDB user=USER pass=PASSWORD threads=2 + } + {SELECT zone FROM records WHERE zone = '$zone$'} + {SELECT ttl, type, mx_priority, IF(type = 'TXT', CONCAT('\"',data,'\"'), data) AS data FROM records WHERE zone = '$zone$' AND host = '$record$' AND type <> 'SOA' AND type <> 'NS'} + {SELECT ttl, type, data, primary_ns, resp_contact, serial, refresh, retry, expire, minimum FROM records WHERE zone = '$zone$' AND (type = 'SOA' OR type='NS')} + {SELECT ttl, type, host, mx_priority, IF(type = 'TXT', CONCAT('\"',data,'\"'), data) AS data, resp_contact, serial, refresh, retry, expire, minimum FROM records WHERE zone = '$zone$' AND type <> 'SOA' AND type <> 'NS'} + {SELECT zone FROM xfr where zone='$zone$' AND client = '$client$'}"; +}; diff --git a/contrib/dlz/modules/mysqldyn/README b/contrib/dlz/modules/mysqldyn/README new file mode 100644 index 00000000..468e37c1 --- /dev/null +++ b/contrib/dlz/modules/mysqldyn/README @@ -0,0 +1,60 @@ +BIND 9 DLZ MySQL module with support for dynamic DNS (DDNS) + +Adapted from code contributed by Marty Lee, Maui Systems Ltd. + +This is a dynamically loadable zone (DLZ) plugin that uses a fixed- +schema MySQL database for back-end storage. It allows zone data +to be updated via dynamic DNS updates, and sends DNS NOTIFY packets +to other name servers when appropriate. + +The database for this module uses the following schema: + + CREATE TABLE `Zones` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `domain` varchar(128) NOT NULL DEFAULT '', + `host` varchar(128) NOT NULL DEFAULT '', + `admin` varchar(128) NOT NULL DEFAULT '', + `serial` int(11) NOT NULL DEFAULT '1', + `expire` int(11) NOT NULL DEFAULT '86400', + `refresh` int(11) NOT NULL DEFAULT '86400', + `retry` int(11) NOT NULL DEFAULT '86400', + `minimum` int(11) NOT NULL DEFAULT '86400', + `ttl` int(11) NOT NULL DEFAULT '86400', + `writeable` tinyint(1) NOT NULL DEFAULT '0', + PRIMARY KEY (`id`), + KEY `domain_idx` (`domain`) + ); + + CREATE TABLE `ZoneData` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `zone_id` int(11) NOT NULL, + `name` varchar(128) NOT NULL DEFAULT '', + `type` varchar(16) NOT NULL DEFAULT '', + `ttl` int(11) NOT NULL DEFAULT '86400', + `data` varchar(128) NOT NULL DEFAULT '', + PRIMARY KEY (`id`), + KEY `zone_idx` (`zone_id`), + KEY `name_idx` (`zone_id`, `name`), + KEY `type_idx` (`type`) + ); + +'Zones' contains information about specific zones: + - domain: the zone name + - admin: the zone administrator + - serial, expire, reresh, retry, minimum: values in the SOA record + - ttl: default zone TTL + - writeable: set to true if the zone can be updated via DDNS + +'ZoneData' contains the individual records within the zone: + - zone_id: the 'id' from the corresponding record in Zones + - name: domain name, relative to the zone apex. (Data at the zone + apex itself may use a blank name or "@".) + - type: the RR type, expressed as text + - ttl: the record's TTL + - data: the records rdata, expressed as text. + +To configure this module in named.conf: + +dlz "mysqldlz" { + database "dlopen <path to>/dlz_mysqldyn_mod.so <dbname> [dbhost [dbuser [dbpass]]]"; +}; diff --git a/contrib/dlz/modules/mysqldyn/testing/README b/contrib/dlz/modules/mysqldyn/testing/README new file mode 100644 index 00000000..862ec6f3 --- /dev/null +++ b/contrib/dlz/modules/mysqldyn/testing/README @@ -0,0 +1,11 @@ +These files were used for testing on Ubuntu Linux using MySQL + +To set up a test server: +- Install MySQL: sudo apt-get install mysql-server +- Run "mysql --user=USER --password=PASSWORD < dlz.schema" to set up database +- Run "mysql --user=USER --password=PASSWORD < dlz.data" to populate it +- Update named.conf with correct USER and PASSWORD +- Generate a TSIG key: "ddns-confgen -qz example.com" + +To query the database, use "dig -p 5300 @localhost" +To send dynamic updates, use "nsupdate -p 5300 -k ddns.key" diff --git a/contrib/dlz/modules/mysqldyn/testing/dlz.data b/contrib/dlz/modules/mysqldyn/testing/dlz.data new file mode 100644 index 00000000..068ad7a3 --- /dev/null +++ b/contrib/dlz/modules/mysqldyn/testing/dlz.data @@ -0,0 +1,18 @@ +use BindDB; +insert into `Zones` + ( `id`, `domain`, `host`, `admin`, `serial`, `expire`, + `refresh`, `retry`, `minimum`, `ttl`, `writeable`) VALUES + (1, 'example.com', '@', 'info', 2014040100, 10800, + 7200, 604800, 86400, 86400, 1); + +insert into `ZoneData` + (`id`, `zone_id`, `name`, `type`, `data`) VALUES + ('', 1, '@', 'NS', 'ns1.example.com.'), + ('', 1, '@', 'NS', 'ns2.example.com.'), + ('', 1, '@', 'MX', '10 mail.example.com.'), + ('', 1, '@', 'A', '192.168.0.2'), + ('', 1, '@', 'TXT', '"v=spf1 ip:192.168.0.3 ~all"'), + ('', 1, 'www', 'CNAME', 'example.com.'), + ('', 1, 'mail', 'A', '192.168.0.3'), + ('', 1, 'ns1', 'A', '192.168.1.111'), + ('', 1, 'ns2', 'A', '192.168.1.222'); diff --git a/contrib/dlz/modules/mysqldyn/testing/dlz.schema b/contrib/dlz/modules/mysqldyn/testing/dlz.schema new file mode 100644 index 00000000..a28f9121 --- /dev/null +++ b/contrib/dlz/modules/mysqldyn/testing/dlz.schema @@ -0,0 +1,31 @@ +CREATE DATABASE `BindDB` DEFAULT CHARACTER SET latin1; +USE `BindDB`; + +CREATE TABLE `ZoneData` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `zone_id` int(11) NOT NULL, + `name` varchar(128) NOT NULL DEFAULT '', + `type` varchar(16) NOT NULL DEFAULT '', + `data` varchar(128) NOT NULL DEFAULT '', + `ttl` int(11) NOT NULL DEFAULT '86400', + PRIMARY KEY (`id`), + KEY `zone_idx` (`zone_id`), + KEY `name_idx` (`zone_id`, `name`), + KEY `type_idx` (`type`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; + +CREATE TABLE `Zones` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `domain` varchar(128) NOT NULL DEFAULT '', + `host` varchar(128) NOT NULL DEFAULT '', + `admin` varchar(128) NOT NULL DEFAULT '', + `serial` int(11) NOT NULL DEFAULT '1', + `expire` int(11) NOT NULL DEFAULT '86400', + `refresh` int(11) NOT NULL DEFAULT '86400', + `retry` int(11) NOT NULL DEFAULT '86400', + `minimum` int(11) NOT NULL DEFAULT '86400', + `ttl` int(11) NOT NULL DEFAULT '86400', + `writeable` tinyint(1) NOT NULL DEFAULT '0', + PRIMARY KEY (`id`), + KEY `domain_idx` (`domain`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; diff --git a/contrib/dlz/modules/mysqldyn/testing/named.conf b/contrib/dlz/modules/mysqldyn/testing/named.conf new file mode 100644 index 00000000..3b3a0dc6 --- /dev/null +++ b/contrib/dlz/modules/mysqldyn/testing/named.conf @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +controls { }; + +options { + directory "."; + port 5300; + pid-file "named.pid"; + session-keyfile "session.key"; + listen-on { any; }; + listen-on-v6 { none; }; + recursion no; +}; + +include "ddns.key"; + +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-md5; +}; + +controls { + inet 127.0.0.1 port 9953 allow { any; } keys { rndc_key; }; +}; + +dlz "test" { + database "dlopen ../dlz_mysqldyn_mod.so BindDB localhost root password"; +}; diff --git a/contrib/dlz/modules/perl/Makefile b/contrib/dlz/modules/perl/Makefile new file mode 100644 index 00000000..ff2da39f --- /dev/null +++ b/contrib/dlz/modules/perl/Makefile @@ -0,0 +1,33 @@ +# For building the dlz_perl_driver driver we don't use +# the bind9 build structure as the aim is to provide an +# perl_driver that is separable from the bind9 source tree + +CFLAGS += -fPIC -O2 -I../include +FLAGS_PERL ?= perl +LIBNAME = dlz_perl_driver.so + +all: $(LIBNAME) + +dlz_perl_driver.o: dlz_perl_driver.c + $(CC) $(CFLAGS) `${FLAGS_PERL} -MExtUtils::Embed -e ccopts` -c -o dlz_perl_driver.o dlz_perl_driver.c + + +dlz_perl_callback_clientinfo.c: dlz_perl_callback_clientinfo.xs + ${FLAGS_PERL} `${FLAGS_PERL} -MConfig -le 'print $$Config{privlibexp}'`/ExtUtils/xsubpp -prototypes -typemap `${FLAGS_PERL} -MConfig -le 'print $$Config{privlibexp}'`/ExtUtils/typemap dlz_perl_callback_clientinfo.xs > dlz_perl_callback_clientinfo.c + +dlz_perl_callback_clientinfo.o: dlz_perl_callback_clientinfo.c + $(CC) $(CFLAGS) `${FLAGS_PERL} -MExtUtils::Embed -e ccopts` -c -o dlz_perl_callback_clientinfo.o dlz_perl_callback_clientinfo.c + + +dlz_perl_callback.c: dlz_perl_callback.xs + ${FLAGS_PERL} `${FLAGS_PERL} -MConfig -le 'print $$Config{privlibexp}'`/ExtUtils/xsubpp -prototypes -typemap `${FLAGS_PERL} -MConfig -le 'print $$Config{privlibexp}'`/ExtUtils/typemap dlz_perl_callback.xs > dlz_perl_callback.c + +dlz_perl_callback.o: dlz_perl_callback.c + $(CC) $(CFLAGS) `${FLAGS_PERL} -MExtUtils::Embed -e ccopts` -c -o dlz_perl_callback.o dlz_perl_callback.c + + +$(LIBNAME): dlz_perl_driver.o dlz_perl_callback_clientinfo.o dlz_perl_callback.o + $(CC) $(LDFLAGS) -shared -o $(LIBNAME) dlz_perl_driver.o dlz_perl_callback_clientinfo.o dlz_perl_callback.o `${FLAGS_PERL} -MExtUtils::Embed -e ldopts` + +clean: + rm -f dlz_perl_driver.o dlz_perl_driver.so dlz_perl_callback_clientinfo.c dlz_perl_callback_clientinfo.o dlz_perl_callback.c dlz_perl_callback.o diff --git a/contrib/dlz/modules/perl/README b/contrib/dlz/modules/perl/README new file mode 100644 index 00000000..6f79e3f0 --- /dev/null +++ b/contrib/dlz/modules/perl/README @@ -0,0 +1,9 @@ +BIND 9 DLZ Perl module (bind-dlz-tools) + +Written by John Eaglesham <dns@8192.net> + +A dynamically loadable zone (DLZ) plugin embedding a Perl +interpreter in BIND, allowing Perl scripts to be written to +integrate with BIND and serve DNS data. + +More information/updates at http://bind-dlz-tools.sourceforge.net/ diff --git a/contrib/dlz/modules/perl/dlz_perl_callback.xs b/contrib/dlz/modules/perl/dlz_perl_callback.xs new file mode 100644 index 00000000..ccecb249 --- /dev/null +++ b/contrib/dlz/modules/perl/dlz_perl_callback.xs @@ -0,0 +1,75 @@ +/* + * Copyright (C) 2012 John Eaglesham + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND JOHN EAGLESHAM + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * JOHN EAGLESHAM BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING + * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, + * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION + * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "EXTERN.h" +#include "perl.h" +#include "XSUB.h" +#include "dlz_perl_driver.h" + +#include <dlz_minimal.h> + +/* And some XS code. */ +MODULE = DLZ_Perl PACKAGE = DLZ_Perl + +int +LOG_INFO() + CODE: + RETVAL = ISC_LOG_INFO; + OUTPUT: + RETVAL + +int +LOG_NOTICE() + CODE: + RETVAL = ISC_LOG_NOTICE; + OUTPUT: + RETVAL + +int +LOG_WARNING() + CODE: + RETVAL = ISC_LOG_WARNING; + OUTPUT: + RETVAL + +int +LOG_ERROR() + CODE: + RETVAL = ISC_LOG_ERROR; + OUTPUT: + RETVAL + +int +LOG_CRITICAL() + CODE: + RETVAL = ISC_LOG_CRITICAL; + OUTPUT: + RETVAL + + +void +log(opaque, level, msg) + IV opaque + int level + char *msg + + PREINIT: + log_t *log = (log_t *) opaque; + + CODE: + log( level, msg ); + diff --git a/contrib/dlz/modules/perl/dlz_perl_callback_clientinfo.xs b/contrib/dlz/modules/perl/dlz_perl_callback_clientinfo.xs new file mode 100644 index 00000000..fd341d93 --- /dev/null +++ b/contrib/dlz/modules/perl/dlz_perl_callback_clientinfo.xs @@ -0,0 +1,81 @@ +/* + * Copyright (C) 2012 John Eaglesham + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND JOHN EAGLESHAM + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * JOHN EAGLESHAM BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING + * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, + * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION + * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#define ADDR_BUF_LEN INET6_ADDRSTRLEN + +#include "EXTERN.h" +#include "perl.h" +#include "XSUB.h" +#include "dlz_perl_driver.h" + +#include <dlz_minimal.h> + +/* And some XS code. */ +MODULE = DLZ_Perl::clientinfo PACKAGE = DLZ_Perl::clientinfo + +PROTOTYPES: DISABLE + +void +sourceip(opaque) + SV *opaque + + PREINIT: + const char *ret; + char addr_buf[ADDR_BUF_LEN]; + int port; + isc_sockaddr_t *src; + dlz_perl_clientinfo_opaque *ci; + I32 wantarray = GIMME_V; + + PPCODE: + if (!SvTRUE(opaque) || !SvIOK(opaque)) XSRETURN_EMPTY; + + /* + * Safe, because Perl guarantees that an IV (the type we + * pass into DLZ functions who pass it here) is able to + * hold a pointer. + */ + ci = (dlz_perl_clientinfo_opaque *) SvIV(opaque); + if (wantarray == G_VOID || ci->methods == NULL || + ci->methods->version - ci->methods->age < + DNS_CLIENTINFOMETHODS_VERSION) + XSRETURN_EMPTY; + + ci->methods->sourceip(ci->clientinfo, &src); + + switch (src->type.sa.sa_family) { + case AF_INET: + port = ntohs(src->type.sin.sin_port); + ret = inet_ntop(AF_INET, + &src->type.sin.sin_addr, + addr_buf, ADDR_BUF_LEN); + break; + case AF_INET6: + port = ntohs(src->type.sin6.sin6_port); + ret = inet_ntop(AF_INET6, + &src->type.sin6.sin6_addr, + addr_buf, ADDR_BUF_LEN); + break; + default: + ret = NULL; + } + + if (ret == NULL) XSRETURN_EMPTY; + + XPUSHs(sv_2mortal(newSVpv(addr_buf, strlen(addr_buf)))); + if (wantarray == G_ARRAY) XPUSHs(sv_2mortal(newSViv(port))); + diff --git a/contrib/dlz/modules/perl/dlz_perl_driver.c b/contrib/dlz/modules/perl/dlz_perl_driver.c new file mode 100644 index 00000000..2a9a44f5 --- /dev/null +++ b/contrib/dlz/modules/perl/dlz_perl_driver.c @@ -0,0 +1,738 @@ +/* + * Copyright (C) 2002 Stichting NLnet, Netherlands, stichting@nlnet.nl. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all + * copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND STICHTING NLNET + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * STICHTING NLNET BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS + * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE + * USE OR PERFORMANCE OF THIS SOFTWARE. + * + * The development of Dynamically Loadable Zones (DLZ) for Bind 9 was + * conceived and contributed by Rob Butler. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all + * copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ROB BUTLER + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * ROB BUTLER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS + * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE + * USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Copyright (C) 1999-2001, 2016 Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +/* + * Copyright (C) 2009-2012 John Eaglesham + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND JOHN EAGLESHAM + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * JOHN EAGLESHAM BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING + * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, + * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION + * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <config.h> +#include <stdio.h> +#include <string.h> +#include <stdlib.h> + +#include <EXTERN.h> +#include <perl.h> + +#include <dlz_minimal.h> + +#include "dlz_perl_driver.h" + +/* Enable debug logging? */ +#if 0 +#define carp(...) cd->log(ISC_LOG_INFO, __VA_ARGS__); +#else +#define carp(...) +#endif + +#ifndef MULTIPLICITY +/* This is a pretty terrible work-around for handling HUP/rndc reconfig, but + * the way BIND/DLZ handles reloads causes it to create a second back end + * before removing the first. In the case of a single global interpreter, + * serious problems arise. We can hack around this, but it's much better to do + * it properly and link against a perl compiled with multiplicity. */ +static PerlInterpreter *global_perl = NULL; +static int global_perl_dont_free = 0; +#endif + +typedef struct config_data { + PerlInterpreter *perl; + char *perl_source; + SV *perl_class; + + /* Functions given to us by bind9 */ + log_t *log; + dns_sdlz_putrr_t *putrr; + dns_sdlz_putnamedrr_t *putnamedrr; + dns_dlz_writeablezone_t *writeable_zone; +} config_data_t; + +/* Note, this code generates warnings due to lost type qualifiers. This code + * is (almost) verbatim from perlembed, and is known to work correctly despite + * the warnings. + */ +EXTERN_C void xs_init (pTHX); +EXTERN_C void boot_DynaLoader (pTHX_ CV* cv); +EXTERN_C void boot_DLZ_Perl__clientinfo (pTHX_ CV* cv); +EXTERN_C void boot_DLZ_Perl (pTHX_ CV* cv); +EXTERN_C void +xs_init(pTHX) +{ + char *file = __FILE__; + dXSUB_SYS; + + /* DynaLoader is a special case */ + newXS("DynaLoader::boot_DynaLoader", boot_DynaLoader, file); + newXS("DLZ_Perl::clientinfo::bootstrap", boot_DLZ_Perl__clientinfo, file); + newXS("DLZ_Perl::bootstrap", boot_DLZ_Perl, file); +} + +/* + * methods + */ + +/* + * remember a helper function, from the bind9 dlz_dlopen driver + */ +static void b9_add_helper(config_data_t *state, + const char *helper_name, void *ptr) +{ + if (strcmp(helper_name, "log") == 0) + state->log = ptr; + if (strcmp(helper_name, "putrr") == 0) + state->putrr = ptr; + if (strcmp(helper_name, "putnamedrr") == 0) + state->putnamedrr = ptr; + if (strcmp(helper_name, "writeable_zone") == 0) + state->writeable_zone = ptr; +} + +int dlz_version(unsigned int *flags) { + return DLZ_DLOPEN_VERSION; +} + +isc_result_t dlz_allnodes(const char *zone, void *dbdata, + dns_sdlzallnodes_t *allnodes) +{ + config_data_t *cd = (config_data_t *) dbdata; + isc_result_t retval; + int rrcount, r; + SV *record_ref; + SV **rr_name; + SV **rr_type; + SV **rr_ttl; + SV **rr_data; +#ifdef MULTIPLICITY + PerlInterpreter *my_perl = cd->perl; +#endif + dSP; + + PERL_SET_CONTEXT(cd->perl); + ENTER; + SAVETMPS; + + PUSHMARK(SP); + XPUSHs(cd->perl_class); + XPUSHs(sv_2mortal(newSVpv(zone, 0))); + PUTBACK; + + carp("DLZ Perl: Calling allnodes for zone %s", zone); + rrcount = call_method("allnodes", G_ARRAY|G_EVAL); + carp("DLZ Perl: Call to allnodes returned rrcount of %i", rrcount); + + SPAGAIN; + + if (SvTRUE(ERRSV)) { + POPs; + cd->log(ISC_LOG_ERROR, "DLZ Perl: allnodes for zone %s died in eval: %s", zone, SvPV_nolen(ERRSV)); + retval = ISC_R_FAILURE; + goto CLEAN_UP_AND_RETURN; + } + + if (!rrcount) { + retval = ISC_R_NOTFOUND; + goto CLEAN_UP_AND_RETURN; + } + + retval = ISC_R_SUCCESS; + r = 0; + while (r++ < rrcount) { + record_ref = POPs; + if ( + (!SvROK(record_ref)) || + (SvTYPE(SvRV(record_ref)) != SVt_PVAV) + ) { + cd->log(ISC_LOG_ERROR, + "DLZ Perl: allnodes for zone %s " + "returned an invalid value " + "(expected array of arrayrefs)", + zone); + retval = ISC_R_FAILURE; + break; + } + + record_ref = SvRV(record_ref); + + rr_name = av_fetch((AV *) record_ref, 0, 0); + rr_type = av_fetch((AV *) record_ref, 1, 0); + rr_ttl = av_fetch((AV *) record_ref, 2, 0); + rr_data = av_fetch((AV *) record_ref, 3, 0); + + if (rr_name == NULL || rr_type == NULL || + rr_ttl == NULL || rr_data == NULL) + { + cd->log(ISC_LOG_ERROR, + "DLZ Perl: allnodes for zone %s " + "returned an array that was missing data", + zone); + retval = ISC_R_FAILURE; + break; + } + + carp("DLZ Perl: Got record %s/%s = %s", + SvPV_nolen(*rr_name), SvPV_nolen(*rr_type), + SvPV_nolen(*rr_data)); + retval = cd->putnamedrr(allnodes, + SvPV_nolen(*rr_name), + SvPV_nolen(*rr_type), + SvIV(*rr_ttl), SvPV_nolen(*rr_data)); + if (retval != ISC_R_SUCCESS) { + cd->log(ISC_LOG_ERROR, + "DLZ Perl: putnamedrr in allnodes " + "for zone %s failed with code %i " + "(did lookup return invalid record data?)", + zone, retval); + break; + } + } + +CLEAN_UP_AND_RETURN: + PUTBACK; + FREETMPS; + LEAVE; + + carp("DLZ Perl: Returning from allnodes, r = %i, retval = %i", + r, retval); + + return (retval); +} + +isc_result_t +dlz_allowzonexfr(void *dbdata, const char *name, const char *client) { + config_data_t *cd = (config_data_t *) dbdata; + int r; + isc_result_t retval; +#ifdef MULTIPLICITY + PerlInterpreter *my_perl = cd->perl; +#endif + dSP; + + PERL_SET_CONTEXT(cd->perl); + ENTER; + SAVETMPS; + + PUSHMARK(SP); + XPUSHs(cd->perl_class); + XPUSHs(sv_2mortal(newSVpv(name, 0))); + XPUSHs(sv_2mortal(newSVpv(client, 0))); + PUTBACK; + + r = call_method("allowzonexfr", G_SCALAR|G_EVAL); + SPAGAIN; + + if (SvTRUE(ERRSV)) { + /* + * On error there's an undef at the top of the stack. Pop + * it away so we don't leave junk on the stack for the next + * caller. + */ + POPs; + cd->log(ISC_LOG_ERROR, + "DLZ Perl: allowzonexfr died in eval: %s", + SvPV_nolen(ERRSV)); + retval = ISC_R_FAILURE; + } else if (r == 0) { + /* Client returned nothing -- zone not found. */ + retval = ISC_R_NOTFOUND; + } else if (r > 1) { + /* Once again, clean out the stack when possible. */ + while (r--) POPi; + cd->log(ISC_LOG_ERROR, + "DLZ Perl: allowzonexfr returned too many parameters!"); + retval = ISC_R_FAILURE; + } else { + /* + * Client returned true/false -- we're authoritative for + * the zone. + */ + r = POPi; + if (r) + retval = ISC_R_SUCCESS; + else + retval = ISC_R_NOPERM; + } + + PUTBACK; + FREETMPS; + LEAVE; + return (retval); +} + +#if DLZ_DLOPEN_VERSION < 3 +isc_result_t +dlz_findzonedb(void *dbdata, const char *name) +#else +isc_result_t +dlz_findzonedb(void *dbdata, const char *name, + dns_clientinfomethods_t *methods, + dns_clientinfo_t *clientinfo) +#endif +{ + config_data_t *cd = (config_data_t *) dbdata; + int r; + isc_result_t retval; +#ifdef MULTIPLICITY + PerlInterpreter *my_perl = cd->perl; +#endif + +#if DLZ_DLOPEN_VERSION >= 3 + UNUSED(methods); + UNUSED(clientinfo); +#endif + + dSP; + carp("DLZ Perl: findzone looking for '%s'", name); + + PERL_SET_CONTEXT(cd->perl); + ENTER; + SAVETMPS; + + PUSHMARK(SP); + XPUSHs(cd->perl_class); + XPUSHs(sv_2mortal(newSVpv(name, 0))); + PUTBACK; + + r = call_method("findzone", G_SCALAR|G_EVAL); + SPAGAIN; + + if (SvTRUE(ERRSV)) { + /* + * On error there's an undef at the top of the stack. Pop + * it away so we don't leave junk on the stack for the next + * caller. + */ + POPs; + cd->log(ISC_LOG_ERROR, + "DLZ Perl: findzone died in eval: %s", + SvPV_nolen(ERRSV)); + retval = ISC_R_FAILURE; + } else if (r == 0) { + retval = ISC_R_FAILURE; + } else if (r > 1) { + /* Once again, clean out the stack when possible. */ + while (r--) POPi; + cd->log(ISC_LOG_ERROR, + "DLZ Perl: findzone returned too many parameters!"); + retval = ISC_R_FAILURE; + } else { + r = POPi; + if (r) + retval = ISC_R_SUCCESS; + else + retval = ISC_R_NOTFOUND; + } + + PUTBACK; + FREETMPS; + LEAVE; + return (retval); +} + + +#if DLZ_DLOPEN_VERSION == 1 +isc_result_t +dlz_lookup(const char *zone, const char *name, + void *dbdata, dns_sdlzlookup_t *lookup) +#else +isc_result_t +dlz_lookup(const char *zone, const char *name, + void *dbdata, dns_sdlzlookup_t *lookup, + dns_clientinfomethods_t *methods, + dns_clientinfo_t *clientinfo) +#endif +{ + isc_result_t retval; + config_data_t *cd = (config_data_t *) dbdata; + int rrcount, r; + dlz_perl_clientinfo_opaque opaque; + SV *record_ref; + SV **rr_type; + SV **rr_ttl; + SV **rr_data; +#ifdef MULTIPLICITY + PerlInterpreter *my_perl = cd->perl; +#endif + +#if DLZ_DLOPEN_VERSION >= 2 + UNUSED(methods); + UNUSED(clientinfo); +#endif + + dSP; + PERL_SET_CONTEXT(cd->perl); + ENTER; + SAVETMPS; + + opaque.methods = methods; + opaque.clientinfo = clientinfo; + + PUSHMARK(SP); + XPUSHs(cd->perl_class); + XPUSHs(sv_2mortal(newSVpv(name, 0))); + XPUSHs(sv_2mortal(newSVpv(zone, 0))); + XPUSHs(sv_2mortal(newSViv((IV)&opaque))); + PUTBACK; + + carp("DLZ Perl: Searching for name %s in zone %s", name, zone); + rrcount = call_method("lookup", G_ARRAY|G_EVAL); + carp("DLZ Perl: Call to lookup returned %i", rrcount); + + SPAGAIN; + + if (SvTRUE(ERRSV)) { + POPs; + cd->log(ISC_LOG_ERROR, "DLZ Perl: lookup died in eval: %s", + SvPV_nolen(ERRSV)); + retval = ISC_R_FAILURE; + goto CLEAN_UP_AND_RETURN; + } + + if (!rrcount) { + retval = ISC_R_NOTFOUND; + goto CLEAN_UP_AND_RETURN; + } + + retval = ISC_R_SUCCESS; + r = 0; + while (r++ < rrcount) { + record_ref = POPs; + if ((!SvROK(record_ref)) || + (SvTYPE(SvRV(record_ref)) != SVt_PVAV)) + { + cd->log(ISC_LOG_ERROR, + "DLZ Perl: lookup returned an " + "invalid value (expected array of arrayrefs)!"); + retval = ISC_R_FAILURE; + break; + } + + record_ref = SvRV(record_ref); + + rr_type = av_fetch((AV *) record_ref, 0, 0); + rr_ttl = av_fetch((AV *) record_ref, 1, 0); + rr_data = av_fetch((AV *) record_ref, 2, 0); + + if (rr_type == NULL || rr_ttl == NULL || rr_data == NULL) { + cd->log(ISC_LOG_ERROR, + "DLZ Perl: lookup for record %s in " + "zone %s returned an array that was " + "missing data", name, zone); + retval = ISC_R_FAILURE; + break; + } + + carp("DLZ Perl: Got record %s = %s", + SvPV_nolen(*rr_type), SvPV_nolen(*rr_data)); + retval = cd->putrr(lookup, SvPV_nolen(*rr_type), + SvIV(*rr_ttl), SvPV_nolen(*rr_data)); + + if (retval != ISC_R_SUCCESS) { + cd->log(ISC_LOG_ERROR, + "DLZ Perl: putrr for lookup of %s in " + "zone %s failed with code %i " + "(did lookup return invalid record data?)", + name, zone, retval); + break; + } + } + +CLEAN_UP_AND_RETURN: + PUTBACK; + FREETMPS; + LEAVE; + + carp("DLZ Perl: Returning from lookup, r = %i, retval = %i", r, retval); + + return (retval); +} + +const char * +#ifdef MULTIPLICITY +missing_perl_method(const char *perl_class_name, PerlInterpreter *my_perl) +#else +missing_perl_method(const char *perl_class_name) +#endif +{ + const int BUF_LEN = 64; /* Should be big enough, right? hah */ + char full_name[BUF_LEN]; + const char *methods[] = { "new", "findzone", "lookup", NULL }; + int i = 0; + + while( methods[i] != NULL ) { + snprintf(full_name, BUF_LEN, "%s::%s", + perl_class_name, methods[i]); + + if (get_cv(full_name, 0) == NULL) { + return methods[i]; + } + i++; + } + + return (NULL); +} + +isc_result_t +dlz_create(const char *dlzname, unsigned int argc, char *argv[], + void **dbdata, ...) +{ + config_data_t *cd; + char *init_args[] = { NULL, NULL }; + char *perlrun[] = { "", NULL, "dlz perl", NULL }; + char *perl_class_name; + int r; + va_list ap; + const char *helper_name; + const char *missing_method_name; + char *call_argv_args = NULL; +#ifdef MULTIPLICITY + PerlInterpreter *my_perl; +#endif + + cd = malloc(sizeof(config_data_t)); + if (cd == NULL) + return (ISC_R_NOMEMORY); + + memset(cd, 0, sizeof(config_data_t)); + + /* fill in the helper functions */ + va_start(ap, dbdata); + while ((helper_name = va_arg(ap, const char *)) != NULL) { + b9_add_helper(cd, helper_name, va_arg(ap, void*)); + } + va_end(ap); + + if (argc < 2) { + cd->log(ISC_LOG_ERROR, + "DLZ Perl '%s': Missing script argument.", + dlzname); + free(cd); + return (ISC_R_FAILURE); + } + + if (argc < 3) { + cd->log(ISC_LOG_ERROR, + "DLZ Perl '%s': Missing class name argument.", + dlzname); + free(cd); + return (ISC_R_FAILURE); + } + perl_class_name = argv[2]; + + cd->log(ISC_LOG_INFO, "DLZ Perl '%s': Loading '%s' from location '%s'", + dlzname, perl_class_name, argv[1], argc); + +#ifndef MULTIPLICITY + if (global_perl) { + /* + * PERL_SET_CONTEXT not needed here as we're guaranteed to + * have an implicit context thanks to an undefined + * MULTIPLICITY. + */ + PL_perl_destruct_level = 1; + perl_destruct(global_perl); + perl_free(global_perl); + global_perl = NULL; + global_perl_dont_free = 1; + } +#endif + + cd->perl = perl_alloc(); + if (cd->perl == NULL) { + free(cd); + return (ISC_R_FAILURE); + } +#ifdef MULTIPLICITY + my_perl = cd->perl; +#endif + PERL_SET_CONTEXT(cd->perl); + + /* + * We will re-create the interpreter during an rndc reconfig, so we + * must set this variable per perlembed in order to insure we can + * clean up Perl at a later time. + */ + PL_perl_destruct_level = 1; + perl_construct(cd->perl); + PL_exit_flags |= PERL_EXIT_DESTRUCT_END; + /* Prevent crashes from clients writing to $0 */ + PL_origalen = 1; + + cd->perl_source = strdup(argv[1]); + if (cd->perl_source == NULL) { + free(cd); + return (ISC_R_NOMEMORY); + } + + perlrun[1] = cd->perl_source; + if (perl_parse(cd->perl, xs_init, 3, perlrun, (char **)NULL)) { + cd->log(ISC_LOG_ERROR, + "DLZ Perl '%s': Failed to parse Perl script, aborting", + dlzname); + goto CLEAN_UP_PERL_AND_FAIL; + } + + /* Let Perl know about our callbacks. */ + call_argv("DLZ_Perl::clientinfo::bootstrap", + G_DISCARD|G_NOARGS, &call_argv_args); + call_argv("DLZ_Perl::bootstrap", + G_DISCARD|G_NOARGS, &call_argv_args); + + /* + * Run the script. We don't really need to do this since we have + * the init callback, but there's not really a downside either. + */ + if (perl_run(cd->perl)) { + cd->log(ISC_LOG_ERROR, + "DLZ Perl '%s': Script exited with an error, aborting", + dlzname); + goto CLEAN_UP_PERL_AND_FAIL; + } + +#ifdef MULTIPLICITY + if (missing_method_name = missing_perl_method(perl_class_name, my_perl)) +#else + if (missing_method_name = missing_perl_method(perl_class_name)) +#endif + { + cd->log(ISC_LOG_ERROR, + "DLZ Perl '%s': Missing required function '%s', " + "aborting", dlzname, missing_method_name); + goto CLEAN_UP_PERL_AND_FAIL; + } + + dSP; + ENTER; + SAVETMPS; + + PUSHMARK(SP); + XPUSHs(sv_2mortal(newSVpv(perl_class_name, 0))); + + /* Build flattened hash of config info. */ + XPUSHs(sv_2mortal(newSVpv("log_context", 0))); + XPUSHs(sv_2mortal(newSViv((IV)cd->log))); + + /* Argument to pass to new? */ + if (argc == 4) { + XPUSHs(sv_2mortal(newSVpv("argv", 0))); + XPUSHs(sv_2mortal(newSVpv(argv[3], 0))); + } + + PUTBACK; + + r = call_method("new", G_EVAL|G_SCALAR); + + SPAGAIN; + + if (r) cd->perl_class = SvREFCNT_inc(POPs); + + PUTBACK; + FREETMPS; + LEAVE; + + if (SvTRUE(ERRSV)) { + POPs; + cd->log(ISC_LOG_ERROR, + "DLZ Perl '%s': new died in eval: %s", + dlzname, SvPV_nolen(ERRSV)); + goto CLEAN_UP_PERL_AND_FAIL; + } + + if (!r || !sv_isobject(cd->perl_class)) { + cd->log(ISC_LOG_ERROR, + "DLZ Perl '%s': new failed to return a blessed object", + dlzname); + goto CLEAN_UP_PERL_AND_FAIL; + } + + *dbdata = cd; + +#ifndef MULTIPLICITY + global_perl = cd->perl; +#endif + return (ISC_R_SUCCESS); + +CLEAN_UP_PERL_AND_FAIL: + PL_perl_destruct_level = 1; + perl_destruct(cd->perl); + perl_free(cd->perl); + free(cd->perl_source); + free(cd); + return (ISC_R_FAILURE); +} + +void dlz_destroy(void *dbdata) { + config_data_t *cd = (config_data_t *) dbdata; +#ifdef MULTIPLICITY + PerlInterpreter *my_perl = cd->perl; +#endif + + cd->log(ISC_LOG_INFO, "DLZ Perl: Unloading driver."); + +#ifndef MULTIPLICITY + if (!global_perl_dont_free) { +#endif + PERL_SET_CONTEXT(cd->perl); + PL_perl_destruct_level = 1; + perl_destruct(cd->perl); + perl_free(cd->perl); +#ifndef MULTIPLICITY + global_perl_dont_free = 0; + global_perl = NULL; + } +#endif + + free(cd->perl_source); + free(cd); +} diff --git a/contrib/dlz/modules/perl/dlz_perl_driver.h b/contrib/dlz/modules/perl/dlz_perl_driver.h new file mode 100644 index 00000000..1db8e283 --- /dev/null +++ b/contrib/dlz/modules/perl/dlz_perl_driver.h @@ -0,0 +1,24 @@ +/* + * Copyright (C) 2009-2012 John Eaglesham + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND JOHN EAGLESHAM + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * JOHN EAGLESHAM BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING + * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, + * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION + * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <dlz_minimal.h> + +/* This is the only part that differs from dlz_minimal.h. */ +typedef struct dlz_perl_clientinfo_opaque { + dns_clientinfomethods_t *methods; + dns_clientinfo_t *clientinfo; +} dlz_perl_clientinfo_opaque; diff --git a/contrib/dlz/modules/perl/testing/dlz_perl_example.pm b/contrib/dlz/modules/perl/testing/dlz_perl_example.pm new file mode 100644 index 00000000..55bc388a --- /dev/null +++ b/contrib/dlz/modules/perl/testing/dlz_perl_example.pm @@ -0,0 +1,177 @@ +# +# Copyright (C) 2009-2012 John Eaglesham +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND JOHN EAGLESHAM +# DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL +# JOHN EAGLESHAM BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING +# FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, +# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION +# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# + +package dlz_perl_example; + +use warnings; +use strict; + +use Data::Dumper; +$Data::Dumper::Sortkeys = 1; + +# Constructor. Everything after the class name can be folded into a hash of +# various options and settings. Right now only log_context and argv are +# available. +sub new { + my ( $class, %config ) = @_; + my $self = {}; + bless $self, $class; + + $self->{log} = sub { + my ( $level, $msg ) = @_; + DLZ_Perl::log( $config{log_context}, $level, $msg ); + }; + + if ( $config{argv} ) { warn "Got argv: $config{argv}\n"; } + + $self->{zones} = { + 'example.com' => { + '@' => [ + { + type => 'SOA', + ttl => 86400, + data => + 'ns1.example.com. hostmaster.example.com. 12345 172800 900 1209600 3600', + } + ], + perlrr => [ + { + type => 'A', + ttl => 444, + data => '1.1.1.1', + }, + { + type => 'A', + ttl => 444, + data => '1.1.1.2', + } + ], + perltime => [ + { + code => sub { + return ['TXT', '1', time()]; + }, + }, + ], + sourceip => [ + { + code => sub { + my ( $opaque ) = @_; + # Passing anything other than the proper opaque value, + # 0, or undef to this function will cause a crash (at + # best!). + my ( $addr, $port ) = + DLZ_Perl::clientinfo::sourceip( $opaque ); + if ( !$addr ) { $addr = $port = 'unknown'; } + return ['TXT', '1', $addr], ['TXT', '1', $port]; + }, + }, + ], + }, + }; + + $self->{log}->( + DLZ_Perl::LOG_INFO(), + 'DLZ Perl Script: Called init. Loaded zone data: ' + . Dumper( $self->{zones} ) + ); + return $self; +} + +# Do we have data for this zone? Expects a simple true or false return value. +sub findzone { + my ( $self, $zone ) = @_; + $self->{log}->( + DLZ_Perl::LOG_INFO(), + "DLZ Perl Script: Called findzone, looking for zone $zone" + ); + + return exists $self->{zones}->{$zone}; +} + +# Return the data for a given record in a given zone. The final parameter is +# an opaque value that can be passed to DLZ_Perl::clientinfo::sourceip to +# retrieve the client source IP and port. Expected return value is an array +# of array refs, with each array ref representing one record and containing +# the type, ttl, and data in that order. Data is as it appears in a zone file. +sub lookup { + my ( $self, $name, $zone, $client_info ) = @_; + $self->{log}->( + DLZ_Perl::LOG_INFO(), + "DLZ Perl Script: Called lookup, looking for record $name in zone $zone" + ); + return unless $self->{zones}->{$zone}->{$name}; + + my @results; + foreach my $rr ( @{ $self->{zones}->{$zone}->{$name} } ) { + if ( $rr->{'code'} ) { + my @r = $rr->{'code'}->( $client_info ); + if ( @r ) { + push @results, @r; + } + } else { + push @results, [$rr->{'type'}, $rr->{'ttl'}, $rr->{'data'}]; + } + } + + return @results; +} + +# Will we allow zone transfer for this client? Expects a simple true or false +# return value. +sub allowzonexfr { + my ( $self, $zone, $client ) = @_; + $self->{log}->( + DLZ_Perl::LOG_INFO(), + "DLZ Perl Script: Called allowzonexfr, looking for zone $zone for " . + "client $client" + ); + if ( $client eq '127.0.0.1' ) { return 1; } + return 0; +} + +# Note the return AoA for this method differs from lookup in that it must +# return the name of the record as well as the other data. +sub allnodes { + my ( $self, $zone ) = @_; + my @results; + $self->{log}->( + DLZ_Perl::LOG_INFO(), + "DLZ Perl Script: Called allnodes, looking for zone $zone" + ); + + foreach my $name ( keys %{ $self->{zones}->{$zone} } ) { + foreach my $rr ( @{ $self->{zones}->{$zone}->{$name} } ) { + if ( $rr->{'code'} ) { + my @r = $rr->{'code'}->(); + # The code returns an array of array refs without the name. + # This makes things easy for lookup but hard here. We must + # iterate over each array ref and inject the name into it. + foreach my $a ( @r ) { + unshift @{$a}, $name; + } + push @results, @r; + } else { + push @results, + [$name, $rr->{'type'}, $rr->{'ttl'}, $rr->{'data'}]; + } + } + } + return @results; +} + +1; diff --git a/contrib/dlz/modules/sqlite3/Makefile b/contrib/dlz/modules/sqlite3/Makefile new file mode 100644 index 00000000..94af96aa --- /dev/null +++ b/contrib/dlz/modules/sqlite3/Makefile @@ -0,0 +1,21 @@ +prefix = /usr +libdir = $(prefix)/lib/bind9 + +CFLAGS=-fPIC -g -I../include +SQLITE3_LIBS=-lsqlite3 + +all: dlz_sqlite3_dynamic.so + +dlz_dbi.o: ../common/dlz_dbi.c + $(CC) $(CFLAGS) -c ../common/dlz_dbi.c + +dlz_sqlite3_dynamic.so: dlz_sqlite3_dynamic.c dlz_dbi.o + $(CC) $(CFLAGS) -shared -o dlz_sqlite3_dynamic.so \ + dlz_sqlite3_dynamic.c dlz_dbi.o $(SQLITE3_LIBS) + +clean: + rm -f dlz_sqlite3_dynamic.so *.o + +install: dlz_sqlite3_dynamic.so + mkdir -p $(DESTDIR)$(libdir) + install dlz_sqlite3_dynamic.so $(DESTDIR)$(libdir) diff --git a/contrib/dlz/modules/sqlite3/testing/README b/contrib/dlz/modules/sqlite3/testing/README new file mode 100644 index 00000000..c7af001c --- /dev/null +++ b/contrib/dlz/modules/sqlite3/testing/README @@ -0,0 +1,10 @@ +These files were used for testing on Ubuntu Linux using SQLite3 + +- Install SQLite3: sudo apt-get install sqlite3 libsqlite3-dev +- Build sqlite3 DLZ module +- Run "sqlite3 BindDB < dlz.schema" to set up database +- Run "sqlite3 BindDB < dlz.data" to populate it +- Run "named -gc named.conf" +- Send test queries, e.g "dig @localhost -p 5300 example.com", + "dig @localhost -p 5300 axfr example.com" (AXFR should be + allowed from 127.0.0.1 only). diff --git a/contrib/dlz/modules/sqlite3/testing/dlz.data b/contrib/dlz/modules/sqlite3/testing/dlz.data new file mode 100644 index 00000000..015607f1 --- /dev/null +++ b/contrib/dlz/modules/sqlite3/testing/dlz.data @@ -0,0 +1,18 @@ +INSERT INTO `records` +(`zone`, `ttl`, `type`, `host`, `mx_priority`, `data`, `primary_ns`, `resp_contact`, `serial`, `refresh`, `retry`, `expire`, `minimum`) +VALUES +('example.com', 86400, 'SOA', '@', NULL, NULL, 'ns1.example.com.', 'info.example.com.', 2011043001, 10800, 7200, 604800, 86400), +('example.com', 86400, 'NS', '@', NULL, 'ns1.example.com.', NULL, NULL, NULL, NULL, NULL, NULL, NULL), +('example.com', 86400, 'NS', '@', NULL, 'ns2.example.com.', NULL, NULL, NULL, NULL, NULL, NULL, NULL), +('example.com', 86400, 'MX', '@', 10, 'mail.example.com.', NULL, NULL, NULL, NULL, NULL, NULL, NULL), +('example.com', 86400, 'A', '@', NULL, '192.168.0.2', NULL, NULL, NULL, NULL, NULL, NULL, NULL), +('example.com', 86400, 'CNAME', 'www', NULL, '@', NULL, NULL, NULL, NULL, NULL, NULL, NULL), +('example.com', 86400, 'A', 'ns1', NULL, '192.168.0.111', NULL, NULL, NULL, NULL, NULL, NULL, NULL), +('example.com', 86400, 'A', 'ns2', NULL, '192.168.0.222', NULL, NULL, NULL, NULL, NULL, NULL, NULL), +('example.com', 86400, 'A', 'mail', NULL, '192.168.0.3', NULL, NULL, NULL, NULL, NULL, NULL, NULL), +('example.com', 86400, 'TXT', '@', NULL, 'v=spf1 ip:192.168.0.3 ~all', NULL, NULL, NULL, NULL, NULL, NULL, NULL); + +INSERT INTO `xfr` +(`zone`, `client`) +VALUES +('example.com', '127.0.0.1'); diff --git a/contrib/dlz/modules/sqlite3/testing/dlz.schema b/contrib/dlz/modules/sqlite3/testing/dlz.schema new file mode 100644 index 00000000..4cbcb348 --- /dev/null +++ b/contrib/dlz/modules/sqlite3/testing/dlz.schema @@ -0,0 +1,28 @@ +CREATE TABLE IF NOT EXISTS `records` ( + `id` INTEGER PRIMARY KEY AUTOINCREMENT, + `zone` CHAR(255) NOT NULL, + `ttl` INT NOT NULL DEFAULT '86400', + `type` CHAR(255) NOT NULL, + `host` CHAR(255) NOT NULL DEFAULT '@', + `mx_priority` INT DEFAULT NULL, + `data` text, + `primary_ns` CHAR(255) DEFAULT NULL, + `resp_contact` CHAR(255) DEFAULT NULL, + `serial` bigint DEFAULT NULL, + `refresh` INT DEFAULT NULL, + `retry` INT DEFAULT NULL, + `expire` INT DEFAULT NULL, + `minimum` INT DEFAULT NULL +); + +CREATE INDEX IF NOT EXISTS record_type on records (type); +CREATE INDEX IF NOT EXISTS record_host on records (host); +CREATE INDEX IF NOT EXISTS record_zone on records (zone); + +CREATE TABLE IF NOT EXISTS `xfr` ( + `zone` CHAR(255) NOT NULL, + `client` CHAR(255) NOT NULL +); + +CREATE INDEX IF NOT EXISTS xfr_zone on xfr (zone); +CREATE INDEX IF NOT EXISTS xfr_client on xfr (client); diff --git a/contrib/dlz/modules/sqlite3/testing/named.conf b/contrib/dlz/modules/sqlite3/testing/named.conf new file mode 100644 index 00000000..9f310af3 --- /dev/null +++ b/contrib/dlz/modules/sqlite3/testing/named.conf @@ -0,0 +1,48 @@ +/* + * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +controls { }; + +options { + directory "."; + port 5300; + pid-file "named.pid"; + session-keyfile "session.key"; + listen-on { any; }; + listen-on-v6 { none; }; + recursion no; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-md5; +}; + +controls { + inet 127.0.0.1 port 9953 allow { any; } keys { rndc_key; }; +}; + +dlz "test" { + database "dlopen ../dlz_sqlite3_dynamic.so + { + dbname=BindDB threads=2 + } + {SELECT zone FROM records WHERE zone = '$zone$'} + {SELECT ttl, type, mx_priority, CASE WHEN type = 'TXT' THEN '\"' || data || '\"' ELSE data END AS data FROM records WHERE zone = '$zone$' AND host = '$record$' AND type <> 'SOA' AND type <> 'NS'} + {SELECT ttl, type, data, primary_ns, resp_contact, serial, refresh, retry, expire, minimum FROM records WHERE zone = '$zone$' AND (type = 'SOA' OR type='NS')} + {SELECT ttl, type, host, mx_priority, CASE WHEN type = 'TXT' THEN '\"' || data || '\"' ELSE data END AS data, resp_contact, serial, refresh, retry, expire, minimum FROM records WHERE zone = '$zone$' AND type <> 'SOA' AND type <> 'NS'} + {SELECT zone FROM xfr where zone='$zone$' AND client = '$client$'}"; +}; diff --git a/contrib/dlz/modules/wildcard/Makefile b/contrib/dlz/modules/wildcard/Makefile new file mode 100644 index 00000000..20a5d4ee --- /dev/null +++ b/contrib/dlz/modules/wildcard/Makefile @@ -0,0 +1,20 @@ +prefix = /usr +libdir = $(prefix)/lib/bind9 + +CFLAGS=-fPIC -g -I../include + +all: dlz_wildcard_dynamic.so + +dlz_dbi.o: ../common/dlz_dbi.c + $(CC) $(CFLAGS) -c ../common/dlz_dbi.c + +dlz_wildcard_dynamic.so: dlz_wildcard_dynamic.c dlz_dbi.o + $(CC) $(CFLAGS) -shared -o dlz_wildcard_dynamic.so \ + dlz_wildcard_dynamic.c dlz_dbi.o + +clean: + rm -f dlz_wildcard_dynamic.so *.o + +install: dlz_wildcard_dynamic.so + mkdir -p $(DESTDIR)$(libdir) + install dlz_wildcard_dynamic.so $(DESTDIR)$(libdir) diff --git a/contrib/dlz/modules/wildcard/README b/contrib/dlz/modules/wildcard/README new file mode 100644 index 00000000..b19009be --- /dev/null +++ b/contrib/dlz/modules/wildcard/README @@ -0,0 +1,31 @@ +The "wildcard" DLZ module provides a "template" zone for domains matching +a wildcard name. For example, the following DLZ configuration would match +any zone name containing the string "example" and ending with .com, such +as "thisexample.com", "exampleofthat.com", or "anexampleoftheotherthing.com". + + dlz "test" { + database "dlopen ../dlz_wildcard_dynamic.so + *example*.com 10.53.* 1800 + @ 3600 SOA {ns3.example.nil. support.example.nil. 42 14400 7200 2592000 600} + @ 3600 NS ns3.example.nil. + @ 3600 NS ns4.example.nil. + @ 3600 NS ns8.example.nil. + @ 3600 MX {5 mail.example.nil.} + ftp 86400 A 192.0.0.1 + sql 86400 A 192.0.0.2 + tmp {} A 192.0.0.3 + www 86400 A 192.0.0.3 + www 86400 AAAA ::1 + txt 300 TXT {\"you requested $record$ in $zone$\"} + * 86400 A 192.0.0.100"; + }; + +For any zone name matchin the wildcard, it would return the data from +the template. "$zone$" is replaced with zone name: i.e., the shortest +possible string of labels in the query name that matches the wildcard. +"$record$" is replaced with the remainder of the query name. In the +example above, a query for "txt.thisexample.com/TXT" would return the +string "you requested txt in thisexample.com". + +Any client whose source address matches the second wildcard ("10.53.*") +is allowed to request a zone transfer. diff --git a/contrib/dlz/modules/wildcard/testing/named.conf b/contrib/dlz/modules/wildcard/testing/named.conf new file mode 100644 index 00000000..0192e18c --- /dev/null +++ b/contrib/dlz/modules/wildcard/testing/named.conf @@ -0,0 +1,58 @@ +/* + * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +controls { }; + +options { + directory "."; + port 5300; + pid-file "named.pid"; + session-keyfile "session.key"; + listen-on { any; }; + listen-on-v6 { none; }; + recursion no; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-md5; +}; + +controls { + inet 127.0.0.1 port 9953 allow { any; } keys { rndc_key; }; +}; + +/* + * This will match any zone name containing the string "example" and + * ending with .com, such as "thisexample.com", "exampleofthat.com", + * or "anexampleoftheotherthing.com". + */ +dlz "test" { + database "dlopen ../dlz_wildcard_dynamic.so + *example*.com 10.53.* 1800 + @ 3600 SOA {ns3.example.nil. support.example.nil. 42 14400 7200 2592000 600} + @ 3600 NS ns3.example.nil. + @ 3600 NS ns4.example.nil. + @ 3600 NS ns8.example.nil. + @ 3600 MX {5 mail.example.nil.} + ftp 86400 A 192.0.0.1 + sql 86400 A 192.0.0.2 + tmp {} A 192.0.0.3 + www 86400 A 192.0.0.3 + www 86400 AAAA ::1 + txt 300 TXT {\"you requested $record$ in $zone$\"} + * 86400 A 192.0.0.100"; +}; diff --git a/contrib/kasp/README b/contrib/kasp/README new file mode 100644 index 00000000..fb897f10 --- /dev/null +++ b/contrib/kasp/README @@ -0,0 +1,11 @@ +This directory is for tools and scripts related to the OpenDNSSEC KASP +("key and signature policy") format. Currently it only contains +"kasp2policy.py", a python script for converting KASP key policy +to the "dnssec.policy" format that is used by dnssec-keymgr. + +This depends on PLY (python lex/yacc) and on the "isc.dnskey" module in +bin/python/isc. + +Basic test: +$ python kasp2policy.py kasp.xml > policy.out +$ diff policy.out policy.good diff --git a/contrib/kasp/kasp.xml b/contrib/kasp/kasp.xml new file mode 100644 index 00000000..d94b0843 --- /dev/null +++ b/contrib/kasp/kasp.xml @@ -0,0 +1,134 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<!-- Sample KASP file to use for testing kasp2policy.py. --> +<KASP> + <Policy name="Policy1"> + <Description>A default policy that will + amaze you and your friends</Description> + <Signatures> + <Resign>PT5M</Resign> + <Refresh>PT5M</Refresh> + <Validity> + <Default>PT15M</Default> + <Denial>PT15M</Denial> + </Validity> + <Jitter>PT2M</Jitter> + <InceptionOffset>PT1M</InceptionOffset> + </Signatures> + + <Denial> + <NSEC> + </NSEC> + </Denial> + + <Keys> + <!-- Parameters for both KSK and ZSK --> + <TTL>PT1M</TTL> + <RetireSafety>PT0S</RetireSafety> + <PublishSafety>PT0S</PublishSafety> + + <!-- Parameters for KSK only --> + <KSK> + <Algorithm length="2048">5</Algorithm> + <Lifetime>PT40M</Lifetime> + <Repository>softHSM</Repository> + <Standby>1</Standby> + </KSK> + + <!-- Parameters for ZSK only --> + <ZSK> + <Algorithm length="2048">5</Algorithm> + <Lifetime>PT25M</Lifetime> + <Repository>softHSM</Repository> + <Standby>1</Standby> + </ZSK> + </Keys> + + <Zone> + <PropagationDelay>PT0S</PropagationDelay> + <SOA> + <TTL>PT0S</TTL> + <Minimum>PT0S</Minimum> + <Serial>unixtime</Serial> + </SOA> + </Zone> + + <Parent> + <PropagationDelay>PT8M</PropagationDelay> + <DS> + <TTL>PT0S</TTL> + </DS> + <SOA> + <TTL>PT0S</TTL> + <Minimum>PT0S</Minimum> + </SOA> + </Parent> + </Policy> + <Policy name="Policy2"> + <Description>A default policy that will amaze you and your friends</Description> + <Signatures> + <Resign>PT7M</Resign> + <Refresh>PT7M</Refresh> + <Validity> + <Default>PT15M</Default> + <Denial>PT16M</Denial> + </Validity> + <Jitter>PT2M</Jitter> + <InceptionOffset>PT1M</InceptionOffset> + </Signatures> + + <Denial> + <NSEC3> + <Resalt>P120D</Resalt> + <Hash> + <Algorithm>1</Algorithm> + <Iterations>5</Iterations> + <Salt length="8"/> + </Hash> + </NSEC3> + </Denial> + + <Keys> + <!-- Parameters for both KSK and ZSK --> + <TTL>PT15M</TTL> + <RetireSafety>PT0S</RetireSafety> + <PublishSafety>PT0S</PublishSafety> + + <!-- Parameters for KSK only --> + <KSK> + <Algorithm length="2048">7</Algorithm> + <Lifetime>PT45M</Lifetime> + <Repository>softHSM</Repository> + <Standby>1</Standby> + </KSK> + + <!-- Parameters for ZSK only --> + <ZSK> + <Algorithm length="2048">7</Algorithm> + <Lifetime>PT25M</Lifetime> + <Repository>softHSM</Repository> + <Standby>1</Standby> + </ZSK> + </Keys> + + <Zone> + <PropagationDelay>PT0S</PropagationDelay> + <SOA> + <TTL>PT0S</TTL> + <Minimum>PT0S</Minimum> + <Serial>unixtime</Serial> + </SOA> + </Zone> + + <Parent> + <PropagationDelay>PT12M</PropagationDelay> + <DS> + <TTL>PT0S</TTL> + </DS> + <SOA> + <TTL>PT0S</TTL> + <Minimum>PT0S</Minimum> + </SOA> + </Parent> + </Policy> +</KASP> diff --git a/contrib/kasp/kasp2policy.py b/contrib/kasp/kasp2policy.py new file mode 100644 index 00000000..b78a968f --- /dev/null +++ b/contrib/kasp/kasp2policy.py @@ -0,0 +1,209 @@ +#!/usr/bin/python +############################################################################ +# Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. +############################################################################ +# kasp2policy.py +# This translates the Keys section of a KASP XML file into a dnssec.policy +# file that can be used by dnssec-keymgr. +############################################################################ + +from xml.etree import cElementTree as ET +from collections import defaultdict +from isc import dnskey +import ply.yacc as yacc +import ply.lex as lex +import re + +############################################################################ +# Translate KASP duration values into seconds +############################################################################ +class kasptime: + class ktlex: + tokens = ( 'P', 'T', 'Y', 'M', 'D', 'H', 'S', 'NUM' ) + + t_P = r'(?i)P' + t_T = r'(?i)T' + t_Y = r'(?i)Y' + t_M = r'(?i)M' + t_D = r'(?i)D' + t_H = r'(?i)H' + t_S = r'(?i)S' + + def t_NUM(self, t): + r'\d+' + t.value = int(t.value) + return t + + def t_error(self, t): + print("Illegal character '%s'" % t.value[0]) + t.lexer.skip(1) + + def __init__(self): + self.lexer = lex.lex(object=self) + + def __init__(self): + self.lexer = self.ktlex() + self.tokens = self.lexer.tokens + self.parser = yacc.yacc(debug=False, write_tables=False, module=self) + + def parse(self, text): + self.lexer.lexer.lineno = 0 + return self.parser.parse(text) + + def p_ktime_4(self, p): + "ktime : P periods T times" + p[0] = p[2] + p[4] + + def p_ktime_3(self, p): + "ktime : P T times" + p[0] = p[3] + + def p_ktime_2(self, p): + "ktime : P periods" + p[0] = p[2] + + def p_periods_1(self, p): + "periods : period" + p[0] = p[1] + + def p_periods_2(self, p): + "periods : periods period" + p[0] = p[1] + p[2] + + def p_times_1(self, p): + "times : time" + p[0] = p[1] + + def p_times_2(self, p): + "times : times time" + p[0] = p[1] + p[2] + + def p_period(self, p): + '''period : NUM Y + | NUM M + | NUM D''' + if p[2].lower() == 'y': + p[0] = int(p[1]) * 31536000 + elif p[2].lower() == 'm': + p[0] = int(p[1]) * 2592000 + elif p[2].lower() == 'd': + p[0] += int(p[1]) * 86400 + + def p_time(self, p): + '''time : NUM H + | NUM M + | NUM S''' + if p[2].lower() == 'h': + p[0] = int(p[1]) * 3600 + elif p[2].lower() == 'm': + p[0] = int(p[1]) * 60 + elif p[2].lower() == 's': + p[0] = int(p[1]) + + def p_error(self, p): + print("Syntax error") + +############################################################################ +# Load the contents of a KASP XML file as a python dictionary +############################################################################ +class kasp(): + @staticmethod + def _todict(t): + d = {t.tag: {} if t.attrib else None} + children = list(t) + if children: + dd = defaultdict(list) + for dc in map(kasp._todict, children): + for k, v in dc.iteritems(): + dd[k].append(v) + d = {t.tag: + {k:v[0] if len(v) == 1 else v for k, v in dd.iteritems()}} + if t.attrib: + d[t.tag].update(('@' + k, v) for k, v in t.attrib.iteritems()) + if t.text: + text = t.text.strip() + if children or t.attrib: + if text: + d[t.tag]['#text'] = text + else: + d[t.tag] = text + return d + + def __init__(self, filename): + self._dict = kasp._todict(ET.parse(filename).getroot()) + + def __getitem__(self, key): + return self._dict[key] + + def __len__(self): + return len(self._dict) + + def __iter__(self): + return self._dict.__iter__() + + def __repr__(self): + return repr(self._dict) + +############################################################################ +# Load the contents of a KASP XML file as a python dictionary +############################################################################ +if __name__ == "__main__": + from pprint import * + import sys + + if len(sys.argv) < 2: + print("Usage: kasp2policy <filename>") + exit(1) + + try: + kinfo = kasp(sys.argv[1]) + except: + print("%s: unable to load KASP file '%s'" % (sys.argv[0], sys.argv[1])) + exit(1) + + kt = kasptime() + first = True + + for p in kinfo['KASP']['Policy']: + if not p['@name'] or not p['Keys']: continue + if not first: + print("") + first = False + if p['Description']: + d = p['Description'].strip() + print("# %s" % re.sub(r"\n\s*", "\n# ", d)) + print("policy %s {" % p['@name']) + ksk = p['Keys']['KSK'] + zsk = p['Keys']['ZSK'] + kalg = ksk['Algorithm'] + zalg = zsk['Algorithm'] + algnum = kalg['#text'] or zalg['#text'] + if algnum: + print("\talgorithm %s;" % dnskey.algstr(int(algnum))) + if p['Keys']['TTL']: + print("\tkeyttl %d;" % kt.parse(p['Keys']['TTL'])) + if kalg['@length']: + print("\tkey-size ksk %d;" % int(kalg['@length'])) + if zalg['@length']: + print("\tkey-size zsk %d;" % int(zalg['@length'])) + if ksk['Lifetime']: + print("\troll-period ksk %d;" % kt.parse(ksk['Lifetime'])) + if zsk['Lifetime']: + print("\troll-period zsk %d;" % kt.parse(zsk['Lifetime'])) + if ksk['Standby']: + print("\tstandby ksk %d;" % int(ksk['Standby'])) + if zsk['Standby']: + print("\tstandby zsk %d;" % int(zsk['Standby'])) + print("};") diff --git a/contrib/kasp/policy.good b/contrib/kasp/policy.good new file mode 100644 index 00000000..18c63608 --- /dev/null +++ b/contrib/kasp/policy.good @@ -0,0 +1,24 @@ +# A default policy that will +# amaze you and your friends +policy Policy1 { + algorithm RSASHA1; + keyttl 60; + key-size ksk 2048; + key-size zsk 2048; + roll-period ksk 2400; + roll-period zsk 1500; + standby ksk 1; + standby zsk 1; +}; + +# A default policy that will amaze you and your friends +policy Policy2 { + algorithm NSEC3RSASHA1; + keyttl 900; + key-size ksk 2048; + key-size zsk 2048; + roll-period ksk 2700; + roll-period zsk 1500; + standby ksk 1; + standby zsk 1; +}; diff --git a/contrib/scripts/dnssec-keyset.sh b/contrib/scripts/dnssec-keyset.sh new file mode 100644 index 00000000..f93ac9ff --- /dev/null +++ b/contrib/scripts/dnssec-keyset.sh @@ -0,0 +1,210 @@ +#!/bin/sh +# Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. +# +# Original script contributed by Jeffry A. Spain <spainj@countryday.net> + +HELP=" +Generates a set of <count> successive DNSSEC keys for <zone> +Key timings are based on a pre-publication rollover strategy + + <life> (lifetime) is the key active lifetime in days [default 180] + <intro> (introduction time) is the number of days from publication + to activation of a key [default 30] + <ret> (retirement time) is the number of days from inactivation + to deletion of a key [default 30] + +Options: + -a <alg> Cryptographic algorithm. See man dnssec-keygen for defaults. + -b <bits> Number of bits in the key. See man dnssec-keygen for defaults. + -k if present, generate Key Signing Keys (KSKs). Otherwise, + generate Zone Signing Keys (ZSKs). + -3 If present and if -a is not specified, use an NSEC3- + capable algorithm. See man dnssec-keygen for defaults. + -i <date> Inception date of the set of keys, in 'mm/dd/yyyy' format. + The first two keys will be published by this date, and the + first one will be activated. Default is today. + -f <index> Index of first key generated. Defaults to 0. + -K <dir> Key repository: write keys to this directory. Defaults to CWD. + -d Dry run. No actual keys generated if present." + +USAGE="Usage: +`basename $0` [-a <alg>] [-b <bits>] [-k] [-3] [-i <date>] + [-f <index>] [-d] <zone> <count> [<life>] [<intro>] [<ret>]" + +ALGFLAG='' +BITSFLAG='' +KSKFLAG='' +NSEC3FLAG='' +KEYREPO='' +DRYRUN=false +OPTKSK=false +K=0 +INCEP=`date +%m/%d/%Y` + +# Parse command line options +while getopts ":a:b:df:hkK:3i:" thisOpt +do + case $thisOpt in + a) + ALGFLAG=" -a $OPTARG" + ;; + b) + BITSFLAG=" -b $OPTARG" + ;; + d) + DRYRUN=true + ;; + f) + OPTKSK=true + K=$OPTARG + ;; + h) + echo "$USAGE" + echo "$HELP" + exit 0 + ;; + k) + KSKFLAG=" -f KSK" + ;; + K) + KEYREPO=$OPTARG + ;; + 3) + NSEC3FLAG=" -3" + ;; + i) + INCEP=$OPTARG + ;; + *) + echo 'Unrecognized option.' + echo "$USAGE" + exit 1 + ;; + esac +done +shift `expr $OPTIND - 1` + +# Check that required arguments are present +if [ $# -gt 5 -o $# -lt 2 ]; then + echo "$USAGE" + exit 1 +fi + +# Remaining arguments: +# DNS zone name +ZONE=$1 +shift + +# Number of keys to be generated +COUNT=$1 +shift + +# Key active lifetime +LIFE=${1:-180} +[ $# -ne 0 ] && shift + +# Key introduction time (publication to activation) +INTRO=${1:-30} +[ $# -ne 0 ] && shift + +# Key retirement time (inactivation to deletion) +RET=${1:-30} + +# Today's date in dnssec-keygen format (YYYYMMDD) +TODAY=`date +%Y%m%d` + +# Key repository defaults to CWD +if [ -z "$KEYREPO" ]; then + KEYREPO="." +fi + +if $DRYRUN; then + echo 'Dry Run (no key files generated)' +elif [ ! -d "$KEYREPO" ]; then + # Create the key repository if it does not currently exist + mkdir -p "$KEYREPO" +fi + +# Iterate through the key set. K is the index, zero-based. +KLAST=`expr $K + $COUNT` +while [ $K -lt $KLAST ]; do + KEYLABEL="Key `printf \"%02d\" $K`:" + # Epoch of the current key + # (zero for the first key, increments of key lifetime) + # The epoch is in days relative to the inception date of the key set + EPOCH=`expr $LIFE \* $K` + # Activation date in days is the same as the epoch + ACTIVATE=$EPOCH + # Publication date in days relative to the key epoch + PUBLISH=`expr $EPOCH - $LIFE - $INTRO` + # Inactivation date in days relative to the key epoch + INACTIVE=`expr $EPOCH + $LIFE` + # Deletion date in days relative to the key epoch + DELETE=`expr $EPOCH + $LIFE + $RET` + + # ... these values should not precede the key epoch + [ $ACTIVATE -lt 0 ] && ACTIVATE=0 + [ $PUBLISH -lt 0 ] && PUBLISH=0 + [ $INACTIVE -lt 0 ] && INACTIVE=0 + [ $DELETE -lt 0 ] && DELETE=0 + + # Key timing dates in dnssec-keygen format (YYYYMMDD): + # publication, activation, inactivation, deletion + PDATE=`date -d "$INCEP +$PUBLISH day" +%Y%m%d` + ADATE=`date -d "$INCEP +$ACTIVATE day" +%Y%m%d` + IDATE=`date -d "$INCEP +$INACTIVE day" +%Y%m%d` + DDATE=`date -d "$INCEP +$DELETE day" +%Y%m%d` + + # Construct the dnssec-keygen command including all the specified options. + # Suppress key generation progress information, and save the key in + # the $KEYREPO directory. + KEYGENCMD="dnssec-keygen -q$ALGFLAG$BITSFLAG$NSEC3FLAG$KSKFLAG -P $PDATE -A $ADATE -I $IDATE -D $DDATE -K $KEYREPO $ZONE" + echo "$KEYLABEL $KEYGENCMD" + + # Generate the key and retrieve its name + if $DRYRUN; then + KEYNAME="DryRunKey-`printf \"%02d\" $K`" + else + KEYNAME=`$KEYGENCMD` + fi + + # Indicate the key status based on key timing dates relative to today + if [ $TODAY -ge $DDATE ]; then + echo "$KEYLABEL $KEYNAME is obsolete post deletion date." + elif [ $TODAY -ge $IDATE ]; then + echo "$KEYLABEL $KEYNAME is published and inactive prior to deletion date." + elif [ $TODAY -ge $ADATE ]; then + echo "$KEYLABEL $KEYNAME is published and active." + elif [ $TODAY -ge $PDATE ]; then + echo "$KEYLABEL $KEYNAME is published prior to activation date." + else + echo "$KEYLABEL $KEYNAME is pending publication." + fi + + # For published KSKs, generate the required DS records, + # saving them to the file $KEYREPO/DS-$KEYNAME + if $OPTKSK && [ $TODAY -ge $PDATE -a $TODAY -lt $DDATE ]; then + echo "$KEYLABEL $KEYNAME (KSK) requires the publication of DS records in the parent zone." + if $DRYRUN; then + echo "$KEYLABEL No DS-$KEYNAME file created." + else + dnssec-dsfromkey "$KEYREPO/$KEYNAME" > "$KEYREPO/DS-$KEYNAME" + echo "$KEYLABEL See $KEYREPO/DS-$KEYNAME." + fi + fi + K=`expr $K + 1` +done + +exit 0 diff --git a/doc/arm/Bv9ARM.conf b/doc/arm/Bv9ARM.conf new file mode 100644 index 00000000..cf095caa --- /dev/null +++ b/doc/arm/Bv9ARM.conf @@ -0,0 +1,3 @@ +TexInputs: ../tex// +TexStyle: armstyle +XslParam: ../xsl/arm-param.xsl diff --git a/doc/arm/notes.conf b/doc/arm/notes.conf new file mode 100644 index 00000000..f8dd8326 --- /dev/null +++ b/doc/arm/notes.conf @@ -0,0 +1,3 @@ +TexInputs: ../tex// +TexStyle: notestyle +XslParam: ../xsl/notes-param.xsl diff --git a/doc/xsl/graphics/caution.eps b/doc/xsl/graphics/caution.eps new file mode 100644 index 00000000..c9473b72 --- /dev/null +++ b/doc/xsl/graphics/caution.eps @@ -0,0 +1,1348 @@ +%!PS-Adobe-2.0 EPSF-1.2 +%%Title: Untitled-3 +%%Creator: FreeHand 9.0 +%%CreationDate: 2002/12/05 8:20 PM +%%BoundingBox: 0 0 29 29 +%%FHPathName:Untitled:FreeHand 9:English:Untitled-3 +%ALDOriginalFile:Untitled:FreeHand 9:English:Untitled-3 +%ALDBoundingBox: -2 -2 29 29 +%%FHPageNum:1 +%%DocumentSuppliedResources: procset Altsys_header 4 0 +%%ColorUsage: Color +%%DocumentProcessColors: Black +%%EndComments +%%BeginResource: procset Altsys_header 4 0 +userdict begin /AltsysDict 300 dict def end +AltsysDict begin +/bdf{bind def}bind def +/xdf{exch def}bdf +/defed{where{pop true}{false}ifelse}bdf +/ndf{1 index where{pop pop pop}{dup xcheck{bind}if def}ifelse}bdf +/d{setdash}bdf +/h{closepath}bdf +/H{}bdf +/J{setlinecap}bdf +/j{setlinejoin}bdf +/M{setmiterlimit}bdf +/n{newpath}bdf +/N{newpath}bdf +/q{gsave}bdf +/Q{grestore}bdf +/w{setlinewidth}bdf +/Xic{matrix invertmatrix concat}bdf +/Xq{matrix currentmatrix mark}bdf +/XQ{cleartomark setmatrix}bdf +/sepdef{ +dup where not +{ +AltsysSepDict +} +if +3 1 roll exch put +}bdf +/st{settransfer}bdf +/colorimage defed /_rci xdf +/cntr 0 def +/readbinarystring{ +/cntr 0 def +2 copy readstring +{ +{ +dup +(\034) search +{ +length exch pop exch +dup length 0 ne +{ +dup dup 0 get 32 sub 0 exch put +/cntr cntr 1 add def +} +{ +pop 1 string dup +0 6 index read pop 32 sub put +}ifelse +3 copy +putinterval pop +1 add +1 index length 1 sub +1 index sub +dup 0 le {pop pop exit}if +getinterval +} +{ +pop exit +} ifelse +} loop +}if +cntr 0 gt +{ +pop 2 copy +dup length cntr sub cntr getinterval +readbinarystring +} if +pop exch pop +} bdf +/_NXLevel2 defed { +_NXLevel2 not { +/colorimage where { +userdict eq { +/_rci false def +} if +} if +} if +} if +/md defed{ +md type /dicttype eq { +/colorimage where { +md eq { +/_rci false def +}if +}if +/settransfer where { +md eq { +/st systemdict /settransfer get def +}if +}if +}if +}if +/setstrokeadjust defed +{ +true setstrokeadjust +/C{curveto}bdf +/L{lineto}bdf +/m{moveto}bdf +} +{ +/dr{transform .25 sub round .25 add +exch .25 sub round .25 add exch itransform}bdf +/C{dr curveto}bdf +/L{dr lineto}bdf +/m{dr moveto}bdf +/setstrokeadjust{pop}bdf +}ifelse +/privrectpath { +4 -2 roll m +dtransform round exch round exch idtransform +2 copy 0 lt exch 0 lt xor +{dup 0 exch rlineto exch 0 rlineto neg 0 exch rlineto} +{exch dup 0 rlineto exch 0 exch rlineto neg 0 rlineto} +ifelse +closepath +}bdf +/rectclip{newpath privrectpath clip newpath}def +/rectfill{gsave newpath privrectpath fill grestore}def +/rectstroke{gsave newpath privrectpath stroke grestore}def +/_fonthacksave false def +/currentpacking defed +{ +/_bfh {/_fonthacksave currentpacking def false setpacking} bdf +/_efh {_fonthacksave setpacking} bdf +} +{ +/_bfh {} bdf +/_efh {} bdf +}ifelse +/packedarray{array astore readonly}ndf +/` +{ +false setoverprint +/-save0- save def +5 index concat +pop +storerect left bottom width height rectclip +pop +/MMdict_count countdictstack def +/MMop_count count 1 sub def +userdict begin +/showpage {} def +0 setgray 0 setlinecap 1 setlinewidth +0 setlinejoin 10 setmiterlimit [] 0 setdash newpath +} bdf +/currentpacking defed{true setpacking}if +/min{2 copy gt{exch}if pop}bdf +/max{2 copy lt{exch}if pop}bdf +/xformfont { currentfont exch makefont setfont } bdf +/fhnumcolors 1 +statusdict begin +/processcolors defed +{ +pop processcolors +} +{ +/deviceinfo defed { +deviceinfo /Colors known { +pop deviceinfo /Colors get +} if +} if +} ifelse +end +def +/printerRes +gsave +matrix defaultmatrix setmatrix +72 72 dtransform +abs exch abs +max +grestore +def +/graycalcs +[ +{Angle Frequency} +{GrayAngle GrayFrequency} +{0 Width Height matrix defaultmatrix idtransform +dup mul exch dup mul add sqrt 72 exch div} +{0 GrayWidth GrayHeight matrix defaultmatrix idtransform +dup mul exch dup mul add sqrt 72 exch div} +] def +/calcgraysteps { +forcemaxsteps +{ +maxsteps +} +{ +/currenthalftone defed +{currenthalftone /dicttype eq}{false}ifelse +{ +currenthalftone begin +HalftoneType 4 le +{graycalcs HalftoneType 1 sub get exec} +{ +HalftoneType 5 eq +{ +Default begin +{graycalcs HalftoneType 1 sub get exec} +end +} +{0 60} +ifelse +} +ifelse +end +} +{ +currentscreen pop exch +} +ifelse +printerRes 300 max exch div exch +2 copy +sin mul round dup mul +3 1 roll +cos mul round dup mul +add 1 add +dup maxsteps gt {pop maxsteps} if +dup minsteps lt {pop minsteps} if +} +ifelse +} bdf +/nextrelease defed { +/languagelevel defed not { +/framebuffer defed { +0 40 string framebuffer 9 1 roll 8 {pop} repeat +dup 516 eq exch 520 eq or +{ +/fhnumcolors 3 def +/currentscreen {60 0 {pop pop 1}}bdf +/calcgraysteps {maxsteps} bdf +}if +}if +}if +}if +fhnumcolors 1 ne { +/calcgraysteps {maxsteps} bdf +} if +/currentpagedevice defed { +currentpagedevice /PreRenderingEnhance known +{ +currentpagedevice /PreRenderingEnhance get +{ +/calcgraysteps +{ +forcemaxsteps +{maxsteps} +{256 maxsteps min} +ifelse +} def +} if +} if +} if +/gradfrequency 144 def +printerRes 1000 lt { +/gradfrequency 72 def +} if +/adjnumsteps { +dup dtransform abs exch abs max +printerRes div +gradfrequency mul +round +5 max +min +}bdf +/goodsep { +spots exch get 4 get dup sepname eq exch (_vc_Registration) eq or +}bdf +/BeginGradation defed +{/bb{BeginGradation}bdf} +{/bb{}bdf} +ifelse +/EndGradation defed +{/eb{EndGradation}bdf} +{/eb{}bdf} +ifelse +/bottom -0 def +/delta -0 def +/frac -0 def +/height -0 def +/left -0 def +/numsteps1 -0 def +/radius -0 def +/right -0 def +/top -0 def +/width -0 def +/xt -0 def +/yt -0 def +/df currentflat def +/tempstr 1 string def +/clipflatness currentflat def +/inverted? +0 currenttransfer exec .5 ge def +/tc1 [0 0 0 1] def +/tc2 [0 0 0 1] def +/storerect{/top xdf /right xdf /bottom xdf /left xdf +/width right left sub def /height top bottom sub def}bdf +/concatprocs{ +systemdict /packedarray known +{dup type /packedarraytype eq 2 index type /packedarraytype eq or}{false}ifelse +{ +/proc2 exch cvlit def /proc1 exch cvlit def +proc1 aload pop proc2 aload pop +proc1 length proc2 length add packedarray cvx +} +{ +/proc2 exch cvlit def /proc1 exch cvlit def +/newproc proc1 length proc2 length add array def +newproc 0 proc1 putinterval newproc proc1 length proc2 putinterval +newproc cvx +}ifelse +}bdf +/i{dup 0 eq +{pop df dup} +{dup} ifelse +/clipflatness xdf setflat +}bdf +version cvr 38.0 le +{/setrgbcolor{ +currenttransfer exec 3 1 roll +currenttransfer exec 3 1 roll +currenttransfer exec 3 1 roll +setrgbcolor}bdf}if +/vms {/vmsv save def} bdf +/vmr {vmsv restore} bdf +/vmrs{vmsv restore /vmsv save def}bdf +/eomode{ +{/filler /eofill load def /clipper /eoclip load def} +{/filler /fill load def /clipper /clip load def} +ifelse +}bdf +/normtaper{}bdf +/logtaper{9 mul 1 add log}bdf +/CD{ +/NF exch def +{ +exch dup +/FID ne 1 index/UniqueID ne and +{exch NF 3 1 roll put} +{pop pop} +ifelse +}forall +NF +}bdf +/MN{ +1 index length +/Len exch def +dup length Len add +string dup +Len +4 -1 roll +putinterval +dup +0 +4 -1 roll +putinterval +}bdf +/RC{4 -1 roll /ourvec xdf 256 string cvs(|______)anchorsearch +{1 index MN cvn/NewN exch def cvn +findfont dup maxlength dict CD dup/FontName NewN put dup +/Encoding ourvec put NewN exch definefont pop}{pop}ifelse}bdf +/RF{ +dup +FontDirectory exch +known +{pop 3 -1 roll pop} +{RC} +ifelse +}bdf +/FF{dup 256 string cvs(|______)exch MN cvn dup FontDirectory exch known +{exch pop findfont 3 -1 roll pop} +{pop dup findfont dup maxlength dict CD dup dup +/Encoding exch /Encoding get 256 array copy 7 -1 roll +{3 -1 roll dup 4 -2 roll put}forall put definefont} +ifelse}bdf +/RCJ{4 -1 roll +/ourvec xdf +256 string cvs +(|______) anchorsearch +{pop +cvn +dup FDFJ +exch +1 index +eq +{ +_bfh findfont _efh +dup +maxlength dict +CD +dup +/FontName +3 index +put +dup +/Encoding ourvec put +1 index +exch +definefont +pop +} +{exch pop} +ifelse +} +{pop} +ifelse +}bdf +/RFJ{ +dup +FontDirectory exch +known +{pop 3 -1 roll pop} +{RCJ} +ifelse +}bdf +/hasfont +{ +/resourcestatus where +{ +pop +/Font resourcestatus +{ +pop pop true +} +{ +false +} +ifelse +} +{ +dup FontDirectory exch known +{pop true} +{ +256 string +cvs +(fonts/) exch MN +status +{pop pop pop pop true} +{false} +ifelse +} +ifelse +} +ifelse +}bdf +/FDFJ +{ +dup +hasfont +not +{ +pop +/Ryumin-Light-83pv-RKSJ-H +hasfont +{ +/Ryumin-Light-83pv-RKSJ-H +} +{ +/Courier +} +ifelse +} +if +}bdf +/FFJ{ +_bfh +dup +256 string cvs +(|______)exch MN +cvn +dup +FontDirectory +exch known +{ +exch +pop +findfont +3 -1 roll +pop +} +{ +pop +FDFJ +dup findfont +dup maxlength dict +CD +dup dup +/Encoding exch +/Encoding get +256 array copy +7 -1 roll +{ +3 -1 roll +dup +4 -2 roll +put +}forall +put +definefont +} +ifelse +_efh +}bdf +/GS { +dup +hasfont +{ +findfont +exch makesetfont +exch +pop +ts +} +{ +pop pop pop +ts +} ifelse +} bdf +/RCK{4 -1 roll +/ourvec xdf +256 string cvs +(|______) anchorsearch +{pop +cvn +dup FDFK +exch +1 index +eq +{ +_bfh findfont _efh +dup +maxlength dict +CD +dup +/FontName +3 index +put +dup +/Encoding ourvec put +1 index +exch +definefont +pop +} +{exch pop} +ifelse +} +{pop} +ifelse +}bdf +/RFK{ +dup +FontDirectory exch +known +{pop 3 -1 roll pop} +{RCK} +ifelse +}bdf +/hasfont +{ +/resourcestatus where +{ +pop +/Font resourcestatus +{ +pop pop true +} +{ +false +} +ifelse +} +{ +dup FontDirectory exch known +{pop true} +{ +256 string +cvs +(fonts/) exch MN +status +{pop pop pop pop true} +{false} +ifelse +} +ifelse +} +ifelse +}bdf +/FDFK +{ +dup +hasfont +not +{ +pop +/JCsm +hasfont +{ +/JCsm +} +{ +/Courier +} +ifelse +} +if +}bdf +/FFK{ +_bfh +dup +256 string cvs +(|______)exch MN +cvn +dup +FontDirectory +exch known +{ +exch +pop +findfont +3 -1 roll +pop +} +{ +pop +FDFK +dup findfont +dup maxlength dict +CD +dup dup +/Encoding exch +/Encoding get +256 array copy +7 -1 roll +{ +3 -1 roll +dup +4 -2 roll +put +}forall +put +definefont +} +ifelse +_efh +}bdf +/RCTC{4 -1 roll +/ourvec xdf +256 string cvs +(|______) anchorsearch +{pop +cvn +dup FDFTC +exch +1 index +eq +{ +_bfh findfont _efh +dup +maxlength dict +CD +dup +/FontName +3 index +put +dup +/Encoding ourvec put +1 index +exch +definefont +pop +} +{exch pop} +ifelse +} +{pop} +ifelse +}bdf +/RFTC{ +dup +FontDirectory exch +known +{pop 3 -1 roll pop} +{RCTC} +ifelse +}bdf +/FDFTC +{ +dup +hasfont +not +{ +pop +/DFMing-Lt-HK-BF +hasfont +{ +/DFMing-Lt-HK-BF +} +{ +/Courier +} +ifelse +} +if +}bdf +/FFTC{ +_bfh +dup +256 string cvs +(|______)exch MN +cvn +dup +FontDirectory +exch known +{ +exch +pop +findfont +3 -1 roll +pop +} +{ +pop +FDFTC +dup findfont +dup maxlength dict +CD +dup dup +/Encoding exch +/Encoding get +256 array copy +7 -1 roll +{ +3 -1 roll +dup +4 -2 roll +put +}forall +put +definefont +} +ifelse +_efh +}bdf +/fps{ +currentflat +exch +dup 0 le{pop 1}if +{ +dup setflat 3 index stopped +{1.3 mul dup 3 index gt{pop setflat pop pop stop}if} +{exit} +ifelse +}loop +pop setflat pop pop +}bdf +/fp{100 currentflat fps}bdf +/clipper{clip}bdf +/W{/clipper load 100 clipflatness dup setflat fps}bdf + +userdict begin /BDFontDict 29 dict def end +BDFontDict begin +/bu{}def +/bn{}def +/setTxMode{av 70 ge{pop}if pop}def +/gm{m}def +/show{pop}def +/gr{pop}def +/fnt{pop pop pop}def +/fs{pop}def +/fz{pop}def +/lin{pop pop}def +/:M {pop pop} def +/sf {pop} def +/S {pop} def +/@b {pop pop pop pop pop pop pop pop} def +/_bdsave /save load def +/_bdrestore /restore load def +/save { dup /fontsave eq {null} {_bdsave} ifelse } def +/restore { dup null eq { pop } { _bdrestore } ifelse } def +/fontsave null def +end +/MacVec 256 array def +MacVec 0 /Helvetica findfont +/Encoding get 0 128 getinterval putinterval +MacVec 127 /DEL put MacVec 16#27 /quotesingle put MacVec 16#60 /grave put +/NUL/SOH/STX/ETX/EOT/ENQ/ACK/BEL/BS/HT/LF/VT/FF/CR/SO/SI +/DLE/DC1/DC2/DC3/DC4/NAK/SYN/ETB/CAN/EM/SUB/ESC/FS/GS/RS/US +MacVec 0 32 getinterval astore pop +/Adieresis/Aring/Ccedilla/Eacute/Ntilde/Odieresis/Udieresis/aacute +/agrave/acircumflex/adieresis/atilde/aring/ccedilla/eacute/egrave +/ecircumflex/edieresis/iacute/igrave/icircumflex/idieresis/ntilde/oacute +/ograve/ocircumflex/odieresis/otilde/uacute/ugrave/ucircumflex/udieresis +/dagger/degree/cent/sterling/section/bullet/paragraph/germandbls +/registered/copyright/trademark/acute/dieresis/notequal/AE/Oslash +/infinity/plusminus/lessequal/greaterequal/yen/mu/partialdiff/summation +/product/pi/integral/ordfeminine/ordmasculine/Omega/ae/oslash +/questiondown/exclamdown/logicalnot/radical/florin/approxequal/Delta/guillemotleft +/guillemotright/ellipsis/nbspace/Agrave/Atilde/Otilde/OE/oe +/endash/emdash/quotedblleft/quotedblright/quoteleft/quoteright/divide/lozenge +/ydieresis/Ydieresis/fraction/currency/guilsinglleft/guilsinglright/fi/fl +/daggerdbl/periodcentered/quotesinglbase/quotedblbase +/perthousand/Acircumflex/Ecircumflex/Aacute +/Edieresis/Egrave/Iacute/Icircumflex/Idieresis/Igrave/Oacute/Ocircumflex +/apple/Ograve/Uacute/Ucircumflex/Ugrave/dotlessi/circumflex/tilde +/macron/breve/dotaccent/ring/cedilla/hungarumlaut/ogonek/caron +MacVec 128 128 getinterval astore pop +/findheaderfont { +/Helvetica findfont +} def +end %. AltsysDict +%%EndResource +%%EndProlog + +%%BeginSetup + +AltsysDict begin +_bfh + +_efh +end %. AltsysDict + +%%EndSetup +AltsysDict begin + +/onlyk4{false}ndf +/ccmyk{dup 5 -1 roll sub 0 max exch}ndf +/cmyk2gray{ +4 -1 roll 0.3 mul 4 -1 roll 0.59 mul 4 -1 roll 0.11 mul +add add add 1 min neg 1 add +}bdf +/setcmykcolor{1 exch sub ccmyk ccmyk ccmyk pop setrgbcolor}ndf +/maxcolor { +max max max +} ndf +/maxspot { +pop +} ndf +/setcmykcoloroverprint{4{dup -1 eq{pop 0}if 4 1 roll}repeat setcmykcolor}ndf +/findcmykcustomcolor{5 packedarray}ndf +/setcustomcolor{exch aload pop pop 4{4 index mul 4 1 roll}repeat setcmykcolor pop}ndf +/setseparationgray{setgray}ndf +/setoverprint{pop}ndf +/currentoverprint false ndf +/cmykbufs2gray{ +0 1 2 index length 1 sub +{ +4 index 1 index get 0.3 mul +4 index 2 index get 0.59 mul +4 index 3 index get 0.11 mul +4 index 4 index get +add add add cvi 255 min +255 exch sub +2 index 3 1 roll put +}for +4 1 roll pop pop pop +}bdf +/colorimage{ +pop pop +[ +5 -1 roll/exec cvx +6 -1 roll/exec cvx +7 -1 roll/exec cvx +8 -1 roll/exec cvx +/cmykbufs2gray cvx +]cvx +image +} +%. version 47.1 on Linotronic of Postscript defines colorimage incorrectly (rgb model only) +version cvr 47.1 le +statusdict /product get (Lino) anchorsearch{pop pop true}{pop false}ifelse +and{userdict begin bdf end}{ndf}ifelse +fhnumcolors 1 ne {/yt save def} if +/customcolorimage{ +aload pop +(_vc_Registration) eq +{ +pop pop pop pop separationimage +} +{ +/ik xdf /iy xdf /im xdf /ic xdf +ic im iy ik cmyk2gray /xt xdf +currenttransfer +{dup 1.0 exch sub xt mul add}concatprocs +st +image +} +ifelse +}ndf +fhnumcolors 1 ne {yt restore} if +fhnumcolors 3 ne {/yt save def} if +/customcolorimage{ +aload pop +(_vc_Registration) eq +{ +pop pop pop pop separationimage +} +{ +/ik xdf /iy xdf /im xdf /ic xdf +1.0 dup ic ik add min sub +1.0 dup im ik add min sub +1.0 dup iy ik add min sub +/ic xdf /iy xdf /im xdf +currentcolortransfer +4 1 roll +{dup 1.0 exch sub ic mul add}concatprocs 4 1 roll +{dup 1.0 exch sub iy mul add}concatprocs 4 1 roll +{dup 1.0 exch sub im mul add}concatprocs 4 1 roll +setcolortransfer +{/dummy xdf dummy}concatprocs{dummy}{dummy}true 3 colorimage +} +ifelse +}ndf +fhnumcolors 3 ne {yt restore} if +fhnumcolors 4 ne {/yt save def} if +/customcolorimage{ +aload pop +(_vc_Registration) eq +{ +pop pop pop pop separationimage +} +{ +/ik xdf /iy xdf /im xdf /ic xdf +currentcolortransfer +{1.0 exch sub ik mul ik sub 1 add}concatprocs 4 1 roll +{1.0 exch sub iy mul iy sub 1 add}concatprocs 4 1 roll +{1.0 exch sub im mul im sub 1 add}concatprocs 4 1 roll +{1.0 exch sub ic mul ic sub 1 add}concatprocs 4 1 roll +setcolortransfer +{/dummy xdf dummy}concatprocs{dummy}{dummy}{dummy} +true 4 colorimage +} +ifelse +}ndf +fhnumcolors 4 ne {yt restore} if +/separationimage{image}ndf +/spotascmyk false ndf +/newcmykcustomcolor{6 packedarray}ndf +/inkoverprint false ndf +/setinkoverprint{pop}ndf +/setspotcolor { +spots exch get +dup 4 get (_vc_Registration) eq +{pop 1 exch sub setseparationgray} +{0 5 getinterval exch setcustomcolor} +ifelse +}ndf +/currentcolortransfer{currenttransfer dup dup dup}ndf +/setcolortransfer{st pop pop pop}ndf +/fas{}ndf +/sas{}ndf +/fhsetspreadsize{pop}ndf +/filler{fill}bdf +/F{gsave {filler}fp grestore}bdf +/f{closepath F}bdf +/S{gsave {stroke}fp grestore}bdf +/s{closepath S}bdf +userdict /islevel2 +systemdict /languagelevel known dup +{ +pop systemdict /languagelevel get 2 ge +} if +put +islevel2 not +{ +/currentcmykcolor +{ +0 0 0 1 currentgray sub +} ndf +} if +/tc +{ +gsave +setcmykcolor currentcmykcolor +grestore +} bind def +/testCMYKColorThrough +{ +tc add add add 0 ne +} bind def +/fhiscomposite where not { +userdict /fhiscomposite +islevel2 +{ +gsave 1 1 1 1 setcmykcolor currentcmykcolor grestore +add add add 4 eq +} +{ +1 0 0 0 testCMYKColorThrough +0 1 0 0 testCMYKColorThrough +0 0 1 0 testCMYKColorThrough +0 0 0 1 testCMYKColorThrough +and and and +} ifelse +put +} +{ pop } +ifelse +/bc4 [0 0 0 0] def +/_lfp4 { +1 pop +/yt xdf +/xt xdf +/ang xdf +storerect +/taperfcn xdf +/k2 xdf /y2 xdf /m2 xdf /c2 xdf +/k1 xdf /y1 xdf /m1 xdf /c1 xdf +c1 c2 sub abs +m1 m2 sub abs +y1 y2 sub abs +k1 k2 sub abs +maxcolor +calcgraysteps mul abs round +height abs adjnumsteps +dup 1 lt {pop 1} if +1 sub /numsteps1 xdf +currentflat mark +currentflat clipflatness +/delta top bottom sub numsteps1 1 add div def +/right right left sub def +/botsv top delta sub def +{ +{ +W +xt yt translate +ang rotate +xt neg yt neg translate +dup setflat +/bottom botsv def +0 1 numsteps1 +{ +numsteps1 dup 0 eq {pop pop 0.5} {div} ifelse +taperfcn /frac xdf +bc4 0 c2 c1 sub frac mul c1 add put +bc4 1 m2 m1 sub frac mul m1 add put +bc4 2 y2 y1 sub frac mul y1 add put +bc4 3 k2 k1 sub frac mul k1 add put +bc4 vc +1 index setflat +{ +mark {newpath left bottom right delta rectfill}stopped +{cleartomark exch 1.3 mul dup setflat exch 2 copy gt{stop}if} +{cleartomark exit}ifelse +}loop +/bottom bottom delta sub def +}for +} +gsave stopped grestore +{exch pop 2 index exch 1.3 mul dup 100 gt{cleartomark setflat stop}if} +{exit}ifelse +}loop +cleartomark setflat +}bdf +/bcs [0 0] def +/_lfs4 { +/yt xdf +/xt xdf +/ang xdf +storerect +/taperfcn xdf +/tint2 xdf +/tint1 xdf +bcs exch 1 exch put +tint1 tint2 sub abs +bcs 1 get maxspot +calcgraysteps mul abs round +height abs adjnumsteps +dup 2 lt {pop 2} if +1 sub /numsteps1 xdf +currentflat mark +currentflat clipflatness +/delta top bottom sub numsteps1 1 add div def +/right right left sub def +/botsv top delta sub def +{ +{ +W +xt yt translate +ang rotate +xt neg yt neg translate +dup setflat +/bottom botsv def +0 1 numsteps1 +{ +numsteps1 div taperfcn /frac xdf +bcs 0 +1.0 tint2 tint1 sub frac mul tint1 add sub +put bcs vc +1 index setflat +{ +mark {newpath left bottom right delta rectfill}stopped +{cleartomark exch 1.3 mul dup setflat exch 2 copy gt{stop}if} +{cleartomark exit}ifelse +}loop +/bottom bottom delta sub def +}for +} +gsave stopped grestore +{exch pop 2 index exch 1.3 mul dup 100 gt{cleartomark setflat stop}if} +{exit}ifelse +}loop +cleartomark setflat +}bdf +/_rfs6 { +/tint2 xdf +/tint1 xdf +bcs exch 1 exch put +/inrad xdf +/radius xdf +/yt xdf +/xt xdf +tint1 tint2 sub abs +bcs 1 get maxspot +calcgraysteps mul abs round +radius inrad sub abs +adjnumsteps +dup 1 lt {pop 1} if +1 sub /numsteps1 xdf +radius inrad sub numsteps1 dup 0 eq {pop} {div} ifelse +2 div /halfstep xdf +currentflat mark +currentflat clipflatness +{ +{ +dup setflat +W +0 1 numsteps1 +{ +dup /radindex xdf +numsteps1 dup 0 eq {pop pop 0.5} {div} ifelse +/frac xdf +bcs 0 +tint2 tint1 sub frac mul tint1 add +put bcs vc +1 index setflat +{ +newpath mark +xt yt radius inrad sub 1 frac sub mul halfstep add inrad add 0 360 +{ arc +radindex numsteps1 ne +inrad 0 gt or +{ +xt yt +numsteps1 0 eq +{ inrad } +{ +radindex 1 add numsteps1 div 1 exch sub +radius inrad sub mul halfstep add inrad add +}ifelse +dup xt add yt moveto +360 0 arcn +} if +fill +}stopped +{cleartomark exch 1.3 mul dup setflat exch 2 copy gt{stop}if} +{cleartomark exit}ifelse +}loop +}for +} +gsave stopped grestore +{exch pop 2 index exch 1.3 mul dup 100 gt{cleartomark setflat stop}if} +{exit}ifelse +}loop +cleartomark setflat +}bdf +/_rfp6 { +1 pop +/k2 xdf /y2 xdf /m2 xdf /c2 xdf +/k1 xdf /y1 xdf /m1 xdf /c1 xdf +/inrad xdf +/radius xdf +/yt xdf +/xt xdf +c1 c2 sub abs +m1 m2 sub abs +y1 y2 sub abs +k1 k2 sub abs +maxcolor +calcgraysteps mul abs round +radius inrad sub abs +adjnumsteps +dup 1 lt {pop 1} if +1 sub /numsteps1 xdf +radius inrad sub numsteps1 dup 0 eq {pop} {div} ifelse +2 div /halfstep xdf +currentflat mark +currentflat clipflatness +{ +{ +dup setflat +W +0 1 numsteps1 +{ +dup /radindex xdf +numsteps1 dup 0 eq {pop pop 0.5} {div} ifelse +/frac xdf +bc4 0 c2 c1 sub frac mul c1 add put +bc4 1 m2 m1 sub frac mul m1 add put +bc4 2 y2 y1 sub frac mul y1 add put +bc4 3 k2 k1 sub frac mul k1 add put +bc4 vc +1 index setflat +{ +newpath mark +xt yt radius inrad sub 1 frac sub mul halfstep add inrad add 0 360 +{ arc +radindex numsteps1 ne +inrad 0 gt or +{ +xt yt +numsteps1 0 eq +{ inrad } +{ +radindex 1 add numsteps1 div 1 exch sub +radius inrad sub mul halfstep add inrad add +}ifelse +dup xt add yt moveto +360 0 arcn +} if +fill +}stopped +{cleartomark exch 1.3 mul dup setflat exch 2 copy gt{stop}if} +{cleartomark exit}ifelse +}loop +}for +} +gsave stopped grestore +{exch pop 2 index exch 1.3 mul dup 100 gt{cleartomark setflat stop}if} +{exit}ifelse +}loop +cleartomark setflat +}bdf +/lfp4{_lfp4}ndf +/lfs4{_lfs4}ndf +/rfs6{_rfs6}ndf +/rfp6{_rfp6}ndf +/cvc [0 0 0 1] def +/vc{ +AltsysDict /cvc 2 index put +aload length dup 4 eq +{pop dup -1 eq{pop setrgbcolor}{setcmykcolor}ifelse} +{6 eq {sethexcolor} {setspotcolor} ifelse } +ifelse +}bdf +0 setseparationgray +/imgr {1692.47 1570.59 1723.65 1601.77 } def +/bleed 0 def +/clpr {1692.47 1570.59 1723.65 1601.77 } def +/xs 1 def +/ys 1 def +/botx 0 def +/overlap 0 def +/wdist 18 def +0 2 mul fhsetspreadsize +0 0 ne {/df 0 def /clipflatness 0 def} if +/maxsteps 256 def +/forcemaxsteps false def +/minsteps 0 def + +userdict begin /AGDOrigMtx matrix currentmatrix def end +vms +-1694 -1572 translate + +/currentpacking defed{false setpacking}if +/spots[ + +1 0 0 0 (Process Cyan) false newcmykcustomcolor + +0 1 0 0 (Process Magenta) false newcmykcustomcolor + +0 0 1 0 (Process Yellow) false newcmykcustomcolor + +0 0 0 1 (Process Black) false newcmykcustomcolor +]def +n +[] 0 d +3.863708 M +1 w +0 j +0 J +false setoverprint +0 i +false eomode +[0 0 0 1]vc +vms +q +[1 0 0 1 -249.981674 -586.867554] concat +vms +1946.9506 2177.5114 m +1954.4907 2185.0516 L +1956.7047 2187.2656 1960.2943 2187.2656 1962.5083 2185.0516 C +1970.0485 2177.5114 L +1972.2625 2175.2974 1972.2625 2171.7078 1970.0485 2169.4938 C +1962.5083 2161.9537 L +1960.2943 2159.7396 1956.7047 2159.7396 1954.4907 2161.9537 C +1946.9506 2169.4938 L +1944.7365 2171.7078 1944.7365 2175.2974 1946.9506 2177.5114 C +s +n +true eomode +1958.5469 2181.0039 m +1959.2148 2181.0039 1959.7012 2180.9296 1960.0059 2180.7813 C +1960.3142 2180.6326 1960.4684 2180.363 1960.4688 2179.9727 C +1960.4688 2179.7383 1960.3398 2178.8026 1960.082 2177.166 C +1959.0742 2170.4219 L +1958.9373 2170.3241 1958.7615 2170.2754 1958.5469 2170.2754 C +1958.3319 2170.2754 1958.1561 2170.3241 1958.0195 2170.4219 C +1957.0117 2177.166 L +1956.7539 2178.8026 1956.625 2179.7379 1956.625 2179.9727 C +1956.625 2180.363 1956.7792 2180.6326 1957.0879 2180.7813 C +1957.4003 2180.9296 1957.8866 2181.0035 1958.5469 2181.0039 C +h +1958.5469 2165.166 m +1958.0389 2165.166 1957.5878 2165.3499 1957.1934 2165.7168 C +1956.7986 2166.0837 1956.6016 2166.5485 1956.6016 2167.1113 C +1956.6016 2167.6698 1956.7891 2168.1404 1957.1641 2168.5234 C +1957.5427 2168.9102 1958.0038 2169.1035 1958.5469 2169.1035 C +1959.1094 2169.1035 1959.5741 2168.9043 1959.9414 2168.5059 C +1960.3083 2168.1074 1960.4918 2167.6423 1960.4922 2167.1113 C +1960.4922 2166.748 1960.4102 2166.4177 1960.2461 2166.1211 C +1960.082 2165.8241 1959.8513 2165.5916 1959.5547 2165.4238 C +1959.2577 2165.2521 1958.9219 2165.1664 1958.5469 2165.166 C +true setoverprint +f +false setoverprint +n +vmr +Q +false eomode +vmr +vmr +end +%%Trailer diff --git a/doc/xsl/graphics/caution.pdf b/doc/xsl/graphics/caution.pdf Binary files differnew file mode 100644 index 00000000..ff7c0039 --- /dev/null +++ b/doc/xsl/graphics/caution.pdf diff --git a/doc/xsl/graphics/important.eps b/doc/xsl/graphics/important.eps new file mode 100644 index 00000000..c9473b72 --- /dev/null +++ b/doc/xsl/graphics/important.eps @@ -0,0 +1,1348 @@ +%!PS-Adobe-2.0 EPSF-1.2 +%%Title: Untitled-3 +%%Creator: FreeHand 9.0 +%%CreationDate: 2002/12/05 8:20 PM +%%BoundingBox: 0 0 29 29 +%%FHPathName:Untitled:FreeHand 9:English:Untitled-3 +%ALDOriginalFile:Untitled:FreeHand 9:English:Untitled-3 +%ALDBoundingBox: -2 -2 29 29 +%%FHPageNum:1 +%%DocumentSuppliedResources: procset Altsys_header 4 0 +%%ColorUsage: Color +%%DocumentProcessColors: Black +%%EndComments +%%BeginResource: procset Altsys_header 4 0 +userdict begin /AltsysDict 300 dict def end +AltsysDict begin +/bdf{bind def}bind def +/xdf{exch def}bdf +/defed{where{pop true}{false}ifelse}bdf +/ndf{1 index where{pop pop pop}{dup xcheck{bind}if def}ifelse}bdf +/d{setdash}bdf +/h{closepath}bdf +/H{}bdf +/J{setlinecap}bdf +/j{setlinejoin}bdf +/M{setmiterlimit}bdf +/n{newpath}bdf +/N{newpath}bdf +/q{gsave}bdf +/Q{grestore}bdf +/w{setlinewidth}bdf +/Xic{matrix invertmatrix concat}bdf +/Xq{matrix currentmatrix mark}bdf +/XQ{cleartomark setmatrix}bdf +/sepdef{ +dup where not +{ +AltsysSepDict +} +if +3 1 roll exch put +}bdf +/st{settransfer}bdf +/colorimage defed /_rci xdf +/cntr 0 def +/readbinarystring{ +/cntr 0 def +2 copy readstring +{ +{ +dup +(\034) search +{ +length exch pop exch +dup length 0 ne +{ +dup dup 0 get 32 sub 0 exch put +/cntr cntr 1 add def +} +{ +pop 1 string dup +0 6 index read pop 32 sub put +}ifelse +3 copy +putinterval pop +1 add +1 index length 1 sub +1 index sub +dup 0 le {pop pop exit}if +getinterval +} +{ +pop exit +} ifelse +} loop +}if +cntr 0 gt +{ +pop 2 copy +dup length cntr sub cntr getinterval +readbinarystring +} if +pop exch pop +} bdf +/_NXLevel2 defed { +_NXLevel2 not { +/colorimage where { +userdict eq { +/_rci false def +} if +} if +} if +} if +/md defed{ +md type /dicttype eq { +/colorimage where { +md eq { +/_rci false def +}if +}if +/settransfer where { +md eq { +/st systemdict /settransfer get def +}if +}if +}if +}if +/setstrokeadjust defed +{ +true setstrokeadjust +/C{curveto}bdf +/L{lineto}bdf +/m{moveto}bdf +} +{ +/dr{transform .25 sub round .25 add +exch .25 sub round .25 add exch itransform}bdf +/C{dr curveto}bdf +/L{dr lineto}bdf +/m{dr moveto}bdf +/setstrokeadjust{pop}bdf +}ifelse +/privrectpath { +4 -2 roll m +dtransform round exch round exch idtransform +2 copy 0 lt exch 0 lt xor +{dup 0 exch rlineto exch 0 rlineto neg 0 exch rlineto} +{exch dup 0 rlineto exch 0 exch rlineto neg 0 rlineto} +ifelse +closepath +}bdf +/rectclip{newpath privrectpath clip newpath}def +/rectfill{gsave newpath privrectpath fill grestore}def +/rectstroke{gsave newpath privrectpath stroke grestore}def +/_fonthacksave false def +/currentpacking defed +{ +/_bfh {/_fonthacksave currentpacking def false setpacking} bdf +/_efh {_fonthacksave setpacking} bdf +} +{ +/_bfh {} bdf +/_efh {} bdf +}ifelse +/packedarray{array astore readonly}ndf +/` +{ +false setoverprint +/-save0- save def +5 index concat +pop +storerect left bottom width height rectclip +pop +/MMdict_count countdictstack def +/MMop_count count 1 sub def +userdict begin +/showpage {} def +0 setgray 0 setlinecap 1 setlinewidth +0 setlinejoin 10 setmiterlimit [] 0 setdash newpath +} bdf +/currentpacking defed{true setpacking}if +/min{2 copy gt{exch}if pop}bdf +/max{2 copy lt{exch}if pop}bdf +/xformfont { currentfont exch makefont setfont } bdf +/fhnumcolors 1 +statusdict begin +/processcolors defed +{ +pop processcolors +} +{ +/deviceinfo defed { +deviceinfo /Colors known { +pop deviceinfo /Colors get +} if +} if +} ifelse +end +def +/printerRes +gsave +matrix defaultmatrix setmatrix +72 72 dtransform +abs exch abs +max +grestore +def +/graycalcs +[ +{Angle Frequency} +{GrayAngle GrayFrequency} +{0 Width Height matrix defaultmatrix idtransform +dup mul exch dup mul add sqrt 72 exch div} +{0 GrayWidth GrayHeight matrix defaultmatrix idtransform +dup mul exch dup mul add sqrt 72 exch div} +] def +/calcgraysteps { +forcemaxsteps +{ +maxsteps +} +{ +/currenthalftone defed +{currenthalftone /dicttype eq}{false}ifelse +{ +currenthalftone begin +HalftoneType 4 le +{graycalcs HalftoneType 1 sub get exec} +{ +HalftoneType 5 eq +{ +Default begin +{graycalcs HalftoneType 1 sub get exec} +end +} +{0 60} +ifelse +} +ifelse +end +} +{ +currentscreen pop exch +} +ifelse +printerRes 300 max exch div exch +2 copy +sin mul round dup mul +3 1 roll +cos mul round dup mul +add 1 add +dup maxsteps gt {pop maxsteps} if +dup minsteps lt {pop minsteps} if +} +ifelse +} bdf +/nextrelease defed { +/languagelevel defed not { +/framebuffer defed { +0 40 string framebuffer 9 1 roll 8 {pop} repeat +dup 516 eq exch 520 eq or +{ +/fhnumcolors 3 def +/currentscreen {60 0 {pop pop 1}}bdf +/calcgraysteps {maxsteps} bdf +}if +}if +}if +}if +fhnumcolors 1 ne { +/calcgraysteps {maxsteps} bdf +} if +/currentpagedevice defed { +currentpagedevice /PreRenderingEnhance known +{ +currentpagedevice /PreRenderingEnhance get +{ +/calcgraysteps +{ +forcemaxsteps +{maxsteps} +{256 maxsteps min} +ifelse +} def +} if +} if +} if +/gradfrequency 144 def +printerRes 1000 lt { +/gradfrequency 72 def +} if +/adjnumsteps { +dup dtransform abs exch abs max +printerRes div +gradfrequency mul +round +5 max +min +}bdf +/goodsep { +spots exch get 4 get dup sepname eq exch (_vc_Registration) eq or +}bdf +/BeginGradation defed +{/bb{BeginGradation}bdf} +{/bb{}bdf} +ifelse +/EndGradation defed +{/eb{EndGradation}bdf} +{/eb{}bdf} +ifelse +/bottom -0 def +/delta -0 def +/frac -0 def +/height -0 def +/left -0 def +/numsteps1 -0 def +/radius -0 def +/right -0 def +/top -0 def +/width -0 def +/xt -0 def +/yt -0 def +/df currentflat def +/tempstr 1 string def +/clipflatness currentflat def +/inverted? +0 currenttransfer exec .5 ge def +/tc1 [0 0 0 1] def +/tc2 [0 0 0 1] def +/storerect{/top xdf /right xdf /bottom xdf /left xdf +/width right left sub def /height top bottom sub def}bdf +/concatprocs{ +systemdict /packedarray known +{dup type /packedarraytype eq 2 index type /packedarraytype eq or}{false}ifelse +{ +/proc2 exch cvlit def /proc1 exch cvlit def +proc1 aload pop proc2 aload pop +proc1 length proc2 length add packedarray cvx +} +{ +/proc2 exch cvlit def /proc1 exch cvlit def +/newproc proc1 length proc2 length add array def +newproc 0 proc1 putinterval newproc proc1 length proc2 putinterval +newproc cvx +}ifelse +}bdf +/i{dup 0 eq +{pop df dup} +{dup} ifelse +/clipflatness xdf setflat +}bdf +version cvr 38.0 le +{/setrgbcolor{ +currenttransfer exec 3 1 roll +currenttransfer exec 3 1 roll +currenttransfer exec 3 1 roll +setrgbcolor}bdf}if +/vms {/vmsv save def} bdf +/vmr {vmsv restore} bdf +/vmrs{vmsv restore /vmsv save def}bdf +/eomode{ +{/filler /eofill load def /clipper /eoclip load def} +{/filler /fill load def /clipper /clip load def} +ifelse +}bdf +/normtaper{}bdf +/logtaper{9 mul 1 add log}bdf +/CD{ +/NF exch def +{ +exch dup +/FID ne 1 index/UniqueID ne and +{exch NF 3 1 roll put} +{pop pop} +ifelse +}forall +NF +}bdf +/MN{ +1 index length +/Len exch def +dup length Len add +string dup +Len +4 -1 roll +putinterval +dup +0 +4 -1 roll +putinterval +}bdf +/RC{4 -1 roll /ourvec xdf 256 string cvs(|______)anchorsearch +{1 index MN cvn/NewN exch def cvn +findfont dup maxlength dict CD dup/FontName NewN put dup +/Encoding ourvec put NewN exch definefont pop}{pop}ifelse}bdf +/RF{ +dup +FontDirectory exch +known +{pop 3 -1 roll pop} +{RC} +ifelse +}bdf +/FF{dup 256 string cvs(|______)exch MN cvn dup FontDirectory exch known +{exch pop findfont 3 -1 roll pop} +{pop dup findfont dup maxlength dict CD dup dup +/Encoding exch /Encoding get 256 array copy 7 -1 roll +{3 -1 roll dup 4 -2 roll put}forall put definefont} +ifelse}bdf +/RCJ{4 -1 roll +/ourvec xdf +256 string cvs +(|______) anchorsearch +{pop +cvn +dup FDFJ +exch +1 index +eq +{ +_bfh findfont _efh +dup +maxlength dict +CD +dup +/FontName +3 index +put +dup +/Encoding ourvec put +1 index +exch +definefont +pop +} +{exch pop} +ifelse +} +{pop} +ifelse +}bdf +/RFJ{ +dup +FontDirectory exch +known +{pop 3 -1 roll pop} +{RCJ} +ifelse +}bdf +/hasfont +{ +/resourcestatus where +{ +pop +/Font resourcestatus +{ +pop pop true +} +{ +false +} +ifelse +} +{ +dup FontDirectory exch known +{pop true} +{ +256 string +cvs +(fonts/) exch MN +status +{pop pop pop pop true} +{false} +ifelse +} +ifelse +} +ifelse +}bdf +/FDFJ +{ +dup +hasfont +not +{ +pop +/Ryumin-Light-83pv-RKSJ-H +hasfont +{ +/Ryumin-Light-83pv-RKSJ-H +} +{ +/Courier +} +ifelse +} +if +}bdf +/FFJ{ +_bfh +dup +256 string cvs +(|______)exch MN +cvn +dup +FontDirectory +exch known +{ +exch +pop +findfont +3 -1 roll +pop +} +{ +pop +FDFJ +dup findfont +dup maxlength dict +CD +dup dup +/Encoding exch +/Encoding get +256 array copy +7 -1 roll +{ +3 -1 roll +dup +4 -2 roll +put +}forall +put +definefont +} +ifelse +_efh +}bdf +/GS { +dup +hasfont +{ +findfont +exch makesetfont +exch +pop +ts +} +{ +pop pop pop +ts +} ifelse +} bdf +/RCK{4 -1 roll +/ourvec xdf +256 string cvs +(|______) anchorsearch +{pop +cvn +dup FDFK +exch +1 index +eq +{ +_bfh findfont _efh +dup +maxlength dict +CD +dup +/FontName +3 index +put +dup +/Encoding ourvec put +1 index +exch +definefont +pop +} +{exch pop} +ifelse +} +{pop} +ifelse +}bdf +/RFK{ +dup +FontDirectory exch +known +{pop 3 -1 roll pop} +{RCK} +ifelse +}bdf +/hasfont +{ +/resourcestatus where +{ +pop +/Font resourcestatus +{ +pop pop true +} +{ +false +} +ifelse +} +{ +dup FontDirectory exch known +{pop true} +{ +256 string +cvs +(fonts/) exch MN +status +{pop pop pop pop true} +{false} +ifelse +} +ifelse +} +ifelse +}bdf +/FDFK +{ +dup +hasfont +not +{ +pop +/JCsm +hasfont +{ +/JCsm +} +{ +/Courier +} +ifelse +} +if +}bdf +/FFK{ +_bfh +dup +256 string cvs +(|______)exch MN +cvn +dup +FontDirectory +exch known +{ +exch +pop +findfont +3 -1 roll +pop +} +{ +pop +FDFK +dup findfont +dup maxlength dict +CD +dup dup +/Encoding exch +/Encoding get +256 array copy +7 -1 roll +{ +3 -1 roll +dup +4 -2 roll +put +}forall +put +definefont +} +ifelse +_efh +}bdf +/RCTC{4 -1 roll +/ourvec xdf +256 string cvs +(|______) anchorsearch +{pop +cvn +dup FDFTC +exch +1 index +eq +{ +_bfh findfont _efh +dup +maxlength dict +CD +dup +/FontName +3 index +put +dup +/Encoding ourvec put +1 index +exch +definefont +pop +} +{exch pop} +ifelse +} +{pop} +ifelse +}bdf +/RFTC{ +dup +FontDirectory exch +known +{pop 3 -1 roll pop} +{RCTC} +ifelse +}bdf +/FDFTC +{ +dup +hasfont +not +{ +pop +/DFMing-Lt-HK-BF +hasfont +{ +/DFMing-Lt-HK-BF +} +{ +/Courier +} +ifelse +} +if +}bdf +/FFTC{ +_bfh +dup +256 string cvs +(|______)exch MN +cvn +dup +FontDirectory +exch known +{ +exch +pop +findfont +3 -1 roll +pop +} +{ +pop +FDFTC +dup findfont +dup maxlength dict +CD +dup dup +/Encoding exch +/Encoding get +256 array copy +7 -1 roll +{ +3 -1 roll +dup +4 -2 roll +put +}forall +put +definefont +} +ifelse +_efh +}bdf +/fps{ +currentflat +exch +dup 0 le{pop 1}if +{ +dup setflat 3 index stopped +{1.3 mul dup 3 index gt{pop setflat pop pop stop}if} +{exit} +ifelse +}loop +pop setflat pop pop +}bdf +/fp{100 currentflat fps}bdf +/clipper{clip}bdf +/W{/clipper load 100 clipflatness dup setflat fps}bdf + +userdict begin /BDFontDict 29 dict def end +BDFontDict begin +/bu{}def +/bn{}def +/setTxMode{av 70 ge{pop}if pop}def +/gm{m}def +/show{pop}def +/gr{pop}def +/fnt{pop pop pop}def +/fs{pop}def +/fz{pop}def +/lin{pop pop}def +/:M {pop pop} def +/sf {pop} def +/S {pop} def +/@b {pop pop pop pop pop pop pop pop} def +/_bdsave /save load def +/_bdrestore /restore load def +/save { dup /fontsave eq {null} {_bdsave} ifelse } def +/restore { dup null eq { pop } { _bdrestore } ifelse } def +/fontsave null def +end +/MacVec 256 array def +MacVec 0 /Helvetica findfont +/Encoding get 0 128 getinterval putinterval +MacVec 127 /DEL put MacVec 16#27 /quotesingle put MacVec 16#60 /grave put +/NUL/SOH/STX/ETX/EOT/ENQ/ACK/BEL/BS/HT/LF/VT/FF/CR/SO/SI +/DLE/DC1/DC2/DC3/DC4/NAK/SYN/ETB/CAN/EM/SUB/ESC/FS/GS/RS/US +MacVec 0 32 getinterval astore pop +/Adieresis/Aring/Ccedilla/Eacute/Ntilde/Odieresis/Udieresis/aacute +/agrave/acircumflex/adieresis/atilde/aring/ccedilla/eacute/egrave +/ecircumflex/edieresis/iacute/igrave/icircumflex/idieresis/ntilde/oacute +/ograve/ocircumflex/odieresis/otilde/uacute/ugrave/ucircumflex/udieresis +/dagger/degree/cent/sterling/section/bullet/paragraph/germandbls +/registered/copyright/trademark/acute/dieresis/notequal/AE/Oslash +/infinity/plusminus/lessequal/greaterequal/yen/mu/partialdiff/summation +/product/pi/integral/ordfeminine/ordmasculine/Omega/ae/oslash +/questiondown/exclamdown/logicalnot/radical/florin/approxequal/Delta/guillemotleft +/guillemotright/ellipsis/nbspace/Agrave/Atilde/Otilde/OE/oe +/endash/emdash/quotedblleft/quotedblright/quoteleft/quoteright/divide/lozenge +/ydieresis/Ydieresis/fraction/currency/guilsinglleft/guilsinglright/fi/fl +/daggerdbl/periodcentered/quotesinglbase/quotedblbase +/perthousand/Acircumflex/Ecircumflex/Aacute +/Edieresis/Egrave/Iacute/Icircumflex/Idieresis/Igrave/Oacute/Ocircumflex +/apple/Ograve/Uacute/Ucircumflex/Ugrave/dotlessi/circumflex/tilde +/macron/breve/dotaccent/ring/cedilla/hungarumlaut/ogonek/caron +MacVec 128 128 getinterval astore pop +/findheaderfont { +/Helvetica findfont +} def +end %. AltsysDict +%%EndResource +%%EndProlog + +%%BeginSetup + +AltsysDict begin +_bfh + +_efh +end %. AltsysDict + +%%EndSetup +AltsysDict begin + +/onlyk4{false}ndf +/ccmyk{dup 5 -1 roll sub 0 max exch}ndf +/cmyk2gray{ +4 -1 roll 0.3 mul 4 -1 roll 0.59 mul 4 -1 roll 0.11 mul +add add add 1 min neg 1 add +}bdf +/setcmykcolor{1 exch sub ccmyk ccmyk ccmyk pop setrgbcolor}ndf +/maxcolor { +max max max +} ndf +/maxspot { +pop +} ndf +/setcmykcoloroverprint{4{dup -1 eq{pop 0}if 4 1 roll}repeat setcmykcolor}ndf +/findcmykcustomcolor{5 packedarray}ndf +/setcustomcolor{exch aload pop pop 4{4 index mul 4 1 roll}repeat setcmykcolor pop}ndf +/setseparationgray{setgray}ndf +/setoverprint{pop}ndf +/currentoverprint false ndf +/cmykbufs2gray{ +0 1 2 index length 1 sub +{ +4 index 1 index get 0.3 mul +4 index 2 index get 0.59 mul +4 index 3 index get 0.11 mul +4 index 4 index get +add add add cvi 255 min +255 exch sub +2 index 3 1 roll put +}for +4 1 roll pop pop pop +}bdf +/colorimage{ +pop pop +[ +5 -1 roll/exec cvx +6 -1 roll/exec cvx +7 -1 roll/exec cvx +8 -1 roll/exec cvx +/cmykbufs2gray cvx +]cvx +image +} +%. version 47.1 on Linotronic of Postscript defines colorimage incorrectly (rgb model only) +version cvr 47.1 le +statusdict /product get (Lino) anchorsearch{pop pop true}{pop false}ifelse +and{userdict begin bdf end}{ndf}ifelse +fhnumcolors 1 ne {/yt save def} if +/customcolorimage{ +aload pop +(_vc_Registration) eq +{ +pop pop pop pop separationimage +} +{ +/ik xdf /iy xdf /im xdf /ic xdf +ic im iy ik cmyk2gray /xt xdf +currenttransfer +{dup 1.0 exch sub xt mul add}concatprocs +st +image +} +ifelse +}ndf +fhnumcolors 1 ne {yt restore} if +fhnumcolors 3 ne {/yt save def} if +/customcolorimage{ +aload pop +(_vc_Registration) eq +{ +pop pop pop pop separationimage +} +{ +/ik xdf /iy xdf /im xdf /ic xdf +1.0 dup ic ik add min sub +1.0 dup im ik add min sub +1.0 dup iy ik add min sub +/ic xdf /iy xdf /im xdf +currentcolortransfer +4 1 roll +{dup 1.0 exch sub ic mul add}concatprocs 4 1 roll +{dup 1.0 exch sub iy mul add}concatprocs 4 1 roll +{dup 1.0 exch sub im mul add}concatprocs 4 1 roll +setcolortransfer +{/dummy xdf dummy}concatprocs{dummy}{dummy}true 3 colorimage +} +ifelse +}ndf +fhnumcolors 3 ne {yt restore} if +fhnumcolors 4 ne {/yt save def} if +/customcolorimage{ +aload pop +(_vc_Registration) eq +{ +pop pop pop pop separationimage +} +{ +/ik xdf /iy xdf /im xdf /ic xdf +currentcolortransfer +{1.0 exch sub ik mul ik sub 1 add}concatprocs 4 1 roll +{1.0 exch sub iy mul iy sub 1 add}concatprocs 4 1 roll +{1.0 exch sub im mul im sub 1 add}concatprocs 4 1 roll +{1.0 exch sub ic mul ic sub 1 add}concatprocs 4 1 roll +setcolortransfer +{/dummy xdf dummy}concatprocs{dummy}{dummy}{dummy} +true 4 colorimage +} +ifelse +}ndf +fhnumcolors 4 ne {yt restore} if +/separationimage{image}ndf +/spotascmyk false ndf +/newcmykcustomcolor{6 packedarray}ndf +/inkoverprint false ndf +/setinkoverprint{pop}ndf +/setspotcolor { +spots exch get +dup 4 get (_vc_Registration) eq +{pop 1 exch sub setseparationgray} +{0 5 getinterval exch setcustomcolor} +ifelse +}ndf +/currentcolortransfer{currenttransfer dup dup dup}ndf +/setcolortransfer{st pop pop pop}ndf +/fas{}ndf +/sas{}ndf +/fhsetspreadsize{pop}ndf +/filler{fill}bdf +/F{gsave {filler}fp grestore}bdf +/f{closepath F}bdf +/S{gsave {stroke}fp grestore}bdf +/s{closepath S}bdf +userdict /islevel2 +systemdict /languagelevel known dup +{ +pop systemdict /languagelevel get 2 ge +} if +put +islevel2 not +{ +/currentcmykcolor +{ +0 0 0 1 currentgray sub +} ndf +} if +/tc +{ +gsave +setcmykcolor currentcmykcolor +grestore +} bind def +/testCMYKColorThrough +{ +tc add add add 0 ne +} bind def +/fhiscomposite where not { +userdict /fhiscomposite +islevel2 +{ +gsave 1 1 1 1 setcmykcolor currentcmykcolor grestore +add add add 4 eq +} +{ +1 0 0 0 testCMYKColorThrough +0 1 0 0 testCMYKColorThrough +0 0 1 0 testCMYKColorThrough +0 0 0 1 testCMYKColorThrough +and and and +} ifelse +put +} +{ pop } +ifelse +/bc4 [0 0 0 0] def +/_lfp4 { +1 pop +/yt xdf +/xt xdf +/ang xdf +storerect +/taperfcn xdf +/k2 xdf /y2 xdf /m2 xdf /c2 xdf +/k1 xdf /y1 xdf /m1 xdf /c1 xdf +c1 c2 sub abs +m1 m2 sub abs +y1 y2 sub abs +k1 k2 sub abs +maxcolor +calcgraysteps mul abs round +height abs adjnumsteps +dup 1 lt {pop 1} if +1 sub /numsteps1 xdf +currentflat mark +currentflat clipflatness +/delta top bottom sub numsteps1 1 add div def +/right right left sub def +/botsv top delta sub def +{ +{ +W +xt yt translate +ang rotate +xt neg yt neg translate +dup setflat +/bottom botsv def +0 1 numsteps1 +{ +numsteps1 dup 0 eq {pop pop 0.5} {div} ifelse +taperfcn /frac xdf +bc4 0 c2 c1 sub frac mul c1 add put +bc4 1 m2 m1 sub frac mul m1 add put +bc4 2 y2 y1 sub frac mul y1 add put +bc4 3 k2 k1 sub frac mul k1 add put +bc4 vc +1 index setflat +{ +mark {newpath left bottom right delta rectfill}stopped +{cleartomark exch 1.3 mul dup setflat exch 2 copy gt{stop}if} +{cleartomark exit}ifelse +}loop +/bottom bottom delta sub def +}for +} +gsave stopped grestore +{exch pop 2 index exch 1.3 mul dup 100 gt{cleartomark setflat stop}if} +{exit}ifelse +}loop +cleartomark setflat +}bdf +/bcs [0 0] def +/_lfs4 { +/yt xdf +/xt xdf +/ang xdf +storerect +/taperfcn xdf +/tint2 xdf +/tint1 xdf +bcs exch 1 exch put +tint1 tint2 sub abs +bcs 1 get maxspot +calcgraysteps mul abs round +height abs adjnumsteps +dup 2 lt {pop 2} if +1 sub /numsteps1 xdf +currentflat mark +currentflat clipflatness +/delta top bottom sub numsteps1 1 add div def +/right right left sub def +/botsv top delta sub def +{ +{ +W +xt yt translate +ang rotate +xt neg yt neg translate +dup setflat +/bottom botsv def +0 1 numsteps1 +{ +numsteps1 div taperfcn /frac xdf +bcs 0 +1.0 tint2 tint1 sub frac mul tint1 add sub +put bcs vc +1 index setflat +{ +mark {newpath left bottom right delta rectfill}stopped +{cleartomark exch 1.3 mul dup setflat exch 2 copy gt{stop}if} +{cleartomark exit}ifelse +}loop +/bottom bottom delta sub def +}for +} +gsave stopped grestore +{exch pop 2 index exch 1.3 mul dup 100 gt{cleartomark setflat stop}if} +{exit}ifelse +}loop +cleartomark setflat +}bdf +/_rfs6 { +/tint2 xdf +/tint1 xdf +bcs exch 1 exch put +/inrad xdf +/radius xdf +/yt xdf +/xt xdf +tint1 tint2 sub abs +bcs 1 get maxspot +calcgraysteps mul abs round +radius inrad sub abs +adjnumsteps +dup 1 lt {pop 1} if +1 sub /numsteps1 xdf +radius inrad sub numsteps1 dup 0 eq {pop} {div} ifelse +2 div /halfstep xdf +currentflat mark +currentflat clipflatness +{ +{ +dup setflat +W +0 1 numsteps1 +{ +dup /radindex xdf +numsteps1 dup 0 eq {pop pop 0.5} {div} ifelse +/frac xdf +bcs 0 +tint2 tint1 sub frac mul tint1 add +put bcs vc +1 index setflat +{ +newpath mark +xt yt radius inrad sub 1 frac sub mul halfstep add inrad add 0 360 +{ arc +radindex numsteps1 ne +inrad 0 gt or +{ +xt yt +numsteps1 0 eq +{ inrad } +{ +radindex 1 add numsteps1 div 1 exch sub +radius inrad sub mul halfstep add inrad add +}ifelse +dup xt add yt moveto +360 0 arcn +} if +fill +}stopped +{cleartomark exch 1.3 mul dup setflat exch 2 copy gt{stop}if} +{cleartomark exit}ifelse +}loop +}for +} +gsave stopped grestore +{exch pop 2 index exch 1.3 mul dup 100 gt{cleartomark setflat stop}if} +{exit}ifelse +}loop +cleartomark setflat +}bdf +/_rfp6 { +1 pop +/k2 xdf /y2 xdf /m2 xdf /c2 xdf +/k1 xdf /y1 xdf /m1 xdf /c1 xdf +/inrad xdf +/radius xdf +/yt xdf +/xt xdf +c1 c2 sub abs +m1 m2 sub abs +y1 y2 sub abs +k1 k2 sub abs +maxcolor +calcgraysteps mul abs round +radius inrad sub abs +adjnumsteps +dup 1 lt {pop 1} if +1 sub /numsteps1 xdf +radius inrad sub numsteps1 dup 0 eq {pop} {div} ifelse +2 div /halfstep xdf +currentflat mark +currentflat clipflatness +{ +{ +dup setflat +W +0 1 numsteps1 +{ +dup /radindex xdf +numsteps1 dup 0 eq {pop pop 0.5} {div} ifelse +/frac xdf +bc4 0 c2 c1 sub frac mul c1 add put +bc4 1 m2 m1 sub frac mul m1 add put +bc4 2 y2 y1 sub frac mul y1 add put +bc4 3 k2 k1 sub frac mul k1 add put +bc4 vc +1 index setflat +{ +newpath mark +xt yt radius inrad sub 1 frac sub mul halfstep add inrad add 0 360 +{ arc +radindex numsteps1 ne +inrad 0 gt or +{ +xt yt +numsteps1 0 eq +{ inrad } +{ +radindex 1 add numsteps1 div 1 exch sub +radius inrad sub mul halfstep add inrad add +}ifelse +dup xt add yt moveto +360 0 arcn +} if +fill +}stopped +{cleartomark exch 1.3 mul dup setflat exch 2 copy gt{stop}if} +{cleartomark exit}ifelse +}loop +}for +} +gsave stopped grestore +{exch pop 2 index exch 1.3 mul dup 100 gt{cleartomark setflat stop}if} +{exit}ifelse +}loop +cleartomark setflat +}bdf +/lfp4{_lfp4}ndf +/lfs4{_lfs4}ndf +/rfs6{_rfs6}ndf +/rfp6{_rfp6}ndf +/cvc [0 0 0 1] def +/vc{ +AltsysDict /cvc 2 index put +aload length dup 4 eq +{pop dup -1 eq{pop setrgbcolor}{setcmykcolor}ifelse} +{6 eq {sethexcolor} {setspotcolor} ifelse } +ifelse +}bdf +0 setseparationgray +/imgr {1692.47 1570.59 1723.65 1601.77 } def +/bleed 0 def +/clpr {1692.47 1570.59 1723.65 1601.77 } def +/xs 1 def +/ys 1 def +/botx 0 def +/overlap 0 def +/wdist 18 def +0 2 mul fhsetspreadsize +0 0 ne {/df 0 def /clipflatness 0 def} if +/maxsteps 256 def +/forcemaxsteps false def +/minsteps 0 def + +userdict begin /AGDOrigMtx matrix currentmatrix def end +vms +-1694 -1572 translate + +/currentpacking defed{false setpacking}if +/spots[ + +1 0 0 0 (Process Cyan) false newcmykcustomcolor + +0 1 0 0 (Process Magenta) false newcmykcustomcolor + +0 0 1 0 (Process Yellow) false newcmykcustomcolor + +0 0 0 1 (Process Black) false newcmykcustomcolor +]def +n +[] 0 d +3.863708 M +1 w +0 j +0 J +false setoverprint +0 i +false eomode +[0 0 0 1]vc +vms +q +[1 0 0 1 -249.981674 -586.867554] concat +vms +1946.9506 2177.5114 m +1954.4907 2185.0516 L +1956.7047 2187.2656 1960.2943 2187.2656 1962.5083 2185.0516 C +1970.0485 2177.5114 L +1972.2625 2175.2974 1972.2625 2171.7078 1970.0485 2169.4938 C +1962.5083 2161.9537 L +1960.2943 2159.7396 1956.7047 2159.7396 1954.4907 2161.9537 C +1946.9506 2169.4938 L +1944.7365 2171.7078 1944.7365 2175.2974 1946.9506 2177.5114 C +s +n +true eomode +1958.5469 2181.0039 m +1959.2148 2181.0039 1959.7012 2180.9296 1960.0059 2180.7813 C +1960.3142 2180.6326 1960.4684 2180.363 1960.4688 2179.9727 C +1960.4688 2179.7383 1960.3398 2178.8026 1960.082 2177.166 C +1959.0742 2170.4219 L +1958.9373 2170.3241 1958.7615 2170.2754 1958.5469 2170.2754 C +1958.3319 2170.2754 1958.1561 2170.3241 1958.0195 2170.4219 C +1957.0117 2177.166 L +1956.7539 2178.8026 1956.625 2179.7379 1956.625 2179.9727 C +1956.625 2180.363 1956.7792 2180.6326 1957.0879 2180.7813 C +1957.4003 2180.9296 1957.8866 2181.0035 1958.5469 2181.0039 C +h +1958.5469 2165.166 m +1958.0389 2165.166 1957.5878 2165.3499 1957.1934 2165.7168 C +1956.7986 2166.0837 1956.6016 2166.5485 1956.6016 2167.1113 C +1956.6016 2167.6698 1956.7891 2168.1404 1957.1641 2168.5234 C +1957.5427 2168.9102 1958.0038 2169.1035 1958.5469 2169.1035 C +1959.1094 2169.1035 1959.5741 2168.9043 1959.9414 2168.5059 C +1960.3083 2168.1074 1960.4918 2167.6423 1960.4922 2167.1113 C +1960.4922 2166.748 1960.4102 2166.4177 1960.2461 2166.1211 C +1960.082 2165.8241 1959.8513 2165.5916 1959.5547 2165.4238 C +1959.2577 2165.2521 1958.9219 2165.1664 1958.5469 2165.166 C +true setoverprint +f +false setoverprint +n +vmr +Q +false eomode +vmr +vmr +end +%%Trailer diff --git a/doc/xsl/graphics/important.pdf b/doc/xsl/graphics/important.pdf Binary files differnew file mode 100644 index 00000000..f6dd5892 --- /dev/null +++ b/doc/xsl/graphics/important.pdf diff --git a/doc/xsl/graphics/note.eps b/doc/xsl/graphics/note.eps new file mode 100644 index 00000000..39be23fa --- /dev/null +++ b/doc/xsl/graphics/note.eps @@ -0,0 +1,1387 @@ +%!PS-Adobe-2.0 EPSF-1.2 +%%Title: Untitled-1 +%%Creator: FreeHand 9.0 +%%CreationDate: 2002/07/16 10:41 PM +%%BoundingBox: 0 0 27 27 +%%FHPathName:Untitled:FreeHand 9:English:Untitled-1 +%ALDOriginalFile:Untitled:FreeHand 9:English:Untitled-1 +%ALDBoundingBox: -153 -436 442 406 +%%FHPageNum:1 +%%DocumentSuppliedResources: procset Altsys_header 4 0 +%%ColorUsage: Color +%%DocumentProcessColors: Black +%%EndComments +%%BeginResource: procset Altsys_header 4 0 +userdict begin /AltsysDict 300 dict def end +AltsysDict begin +/bdf{bind def}bind def +/xdf{exch def}bdf +/defed{where{pop true}{false}ifelse}bdf +/ndf{1 index where{pop pop pop}{dup xcheck{bind}if def}ifelse}bdf +/d{setdash}bdf +/h{closepath}bdf +/H{}bdf +/J{setlinecap}bdf +/j{setlinejoin}bdf +/M{setmiterlimit}bdf +/n{newpath}bdf +/N{newpath}bdf +/q{gsave}bdf +/Q{grestore}bdf +/w{setlinewidth}bdf +/Xic{matrix invertmatrix concat}bdf +/Xq{matrix currentmatrix mark}bdf +/XQ{cleartomark setmatrix}bdf +/sepdef{ +dup where not +{ +AltsysSepDict +} +if +3 1 roll exch put +}bdf +/st{settransfer}bdf +/colorimage defed /_rci xdf +/cntr 0 def +/readbinarystring{ +/cntr 0 def +2 copy readstring +{ +{ +dup +(\034) search +{ +length exch pop exch +dup length 0 ne +{ +dup dup 0 get 32 sub 0 exch put +/cntr cntr 1 add def +} +{ +pop 1 string dup +0 6 index read pop 32 sub put +}ifelse +3 copy +putinterval pop +1 add +1 index length 1 sub +1 index sub +dup 0 le {pop pop exit}if +getinterval +} +{ +pop exit +} ifelse +} loop +}if +cntr 0 gt +{ +pop 2 copy +dup length cntr sub cntr getinterval +readbinarystring +} if +pop exch pop +} bdf +/_NXLevel2 defed { +_NXLevel2 not { +/colorimage where { +userdict eq { +/_rci false def +} if +} if +} if +} if +/md defed{ +md type /dicttype eq { +/colorimage where { +md eq { +/_rci false def +}if +}if +/settransfer where { +md eq { +/st systemdict /settransfer get def +}if +}if +}if +}if +/setstrokeadjust defed +{ +true setstrokeadjust +/C{curveto}bdf +/L{lineto}bdf +/m{moveto}bdf +} +{ +/dr{transform .25 sub round .25 add +exch .25 sub round .25 add exch itransform}bdf +/C{dr curveto}bdf +/L{dr lineto}bdf +/m{dr moveto}bdf +/setstrokeadjust{pop}bdf +}ifelse +/privrectpath { +4 -2 roll m +dtransform round exch round exch idtransform +2 copy 0 lt exch 0 lt xor +{dup 0 exch rlineto exch 0 rlineto neg 0 exch rlineto} +{exch dup 0 rlineto exch 0 exch rlineto neg 0 rlineto} +ifelse +closepath +}bdf +/rectclip{newpath privrectpath clip newpath}def +/rectfill{gsave newpath privrectpath fill grestore}def +/rectstroke{gsave newpath privrectpath stroke grestore}def +/_fonthacksave false def +/currentpacking defed +{ +/_bfh {/_fonthacksave currentpacking def false setpacking} bdf +/_efh {_fonthacksave setpacking} bdf +} +{ +/_bfh {} bdf +/_efh {} bdf +}ifelse +/packedarray{array astore readonly}ndf +/` +{ +false setoverprint +/-save0- save def +5 index concat +pop +storerect left bottom width height rectclip +pop +/MMdict_count countdictstack def +/MMop_count count 1 sub def +userdict begin +/showpage {} def +0 setgray 0 setlinecap 1 setlinewidth +0 setlinejoin 10 setmiterlimit [] 0 setdash newpath +} bdf +/currentpacking defed{true setpacking}if +/min{2 copy gt{exch}if pop}bdf +/max{2 copy lt{exch}if pop}bdf +/xformfont { currentfont exch makefont setfont } bdf +/fhnumcolors 1 +statusdict begin +/processcolors defed +{ +pop processcolors +} +{ +/deviceinfo defed { +deviceinfo /Colors known { +pop deviceinfo /Colors get +} if +} if +} ifelse +end +def +/printerRes +gsave +matrix defaultmatrix setmatrix +72 72 dtransform +abs exch abs +max +grestore +def +/graycalcs +[ +{Angle Frequency} +{GrayAngle GrayFrequency} +{0 Width Height matrix defaultmatrix idtransform +dup mul exch dup mul add sqrt 72 exch div} +{0 GrayWidth GrayHeight matrix defaultmatrix idtransform +dup mul exch dup mul add sqrt 72 exch div} +] def +/calcgraysteps { +forcemaxsteps +{ +maxsteps +} +{ +/currenthalftone defed +{currenthalftone /dicttype eq}{false}ifelse +{ +currenthalftone begin +HalftoneType 4 le +{graycalcs HalftoneType 1 sub get exec} +{ +HalftoneType 5 eq +{ +Default begin +{graycalcs HalftoneType 1 sub get exec} +end +} +{0 60} +ifelse +} +ifelse +end +} +{ +currentscreen pop exch +} +ifelse +printerRes 300 max exch div exch +2 copy +sin mul round dup mul +3 1 roll +cos mul round dup mul +add 1 add +dup maxsteps gt {pop maxsteps} if +dup minsteps lt {pop minsteps} if +} +ifelse +} bdf +/nextrelease defed { +/languagelevel defed not { +/framebuffer defed { +0 40 string framebuffer 9 1 roll 8 {pop} repeat +dup 516 eq exch 520 eq or +{ +/fhnumcolors 3 def +/currentscreen {60 0 {pop pop 1}}bdf +/calcgraysteps {maxsteps} bdf +}if +}if +}if +}if +fhnumcolors 1 ne { +/calcgraysteps {maxsteps} bdf +} if +/currentpagedevice defed { +currentpagedevice /PreRenderingEnhance known +{ +currentpagedevice /PreRenderingEnhance get +{ +/calcgraysteps +{ +forcemaxsteps +{maxsteps} +{256 maxsteps min} +ifelse +} def +} if +} if +} if +/gradfrequency 144 def +printerRes 1000 lt { +/gradfrequency 72 def +} if +/adjnumsteps { +dup dtransform abs exch abs max +printerRes div +gradfrequency mul +round +5 max +min +}bdf +/goodsep { +spots exch get 4 get dup sepname eq exch (_vc_Registration) eq or +}bdf +/BeginGradation defed +{/bb{BeginGradation}bdf} +{/bb{}bdf} +ifelse +/EndGradation defed +{/eb{EndGradation}bdf} +{/eb{}bdf} +ifelse +/bottom -0 def +/delta -0 def +/frac -0 def +/height -0 def +/left -0 def +/numsteps1 -0 def +/radius -0 def +/right -0 def +/top -0 def +/width -0 def +/xt -0 def +/yt -0 def +/df currentflat def +/tempstr 1 string def +/clipflatness currentflat def +/inverted? +0 currenttransfer exec .5 ge def +/tc1 [0 0 0 1] def +/tc2 [0 0 0 1] def +/storerect{/top xdf /right xdf /bottom xdf /left xdf +/width right left sub def /height top bottom sub def}bdf +/concatprocs{ +systemdict /packedarray known +{dup type /packedarraytype eq 2 index type /packedarraytype eq or}{false}ifelse +{ +/proc2 exch cvlit def /proc1 exch cvlit def +proc1 aload pop proc2 aload pop +proc1 length proc2 length add packedarray cvx +} +{ +/proc2 exch cvlit def /proc1 exch cvlit def +/newproc proc1 length proc2 length add array def +newproc 0 proc1 putinterval newproc proc1 length proc2 putinterval +newproc cvx +}ifelse +}bdf +/i{dup 0 eq +{pop df dup} +{dup} ifelse +/clipflatness xdf setflat +}bdf +version cvr 38.0 le +{/setrgbcolor{ +currenttransfer exec 3 1 roll +currenttransfer exec 3 1 roll +currenttransfer exec 3 1 roll +setrgbcolor}bdf}if +/vms {/vmsv save def} bdf +/vmr {vmsv restore} bdf +/vmrs{vmsv restore /vmsv save def}bdf +/eomode{ +{/filler /eofill load def /clipper /eoclip load def} +{/filler /fill load def /clipper /clip load def} +ifelse +}bdf +/normtaper{}bdf +/logtaper{9 mul 1 add log}bdf +/CD{ +/NF exch def +{ +exch dup +/FID ne 1 index/UniqueID ne and +{exch NF 3 1 roll put} +{pop pop} +ifelse +}forall +NF +}bdf +/MN{ +1 index length +/Len exch def +dup length Len add +string dup +Len +4 -1 roll +putinterval +dup +0 +4 -1 roll +putinterval +}bdf +/RC{4 -1 roll /ourvec xdf 256 string cvs(|______)anchorsearch +{1 index MN cvn/NewN exch def cvn +findfont dup maxlength dict CD dup/FontName NewN put dup +/Encoding ourvec put NewN exch definefont pop}{pop}ifelse}bdf +/RF{ +dup +FontDirectory exch +known +{pop 3 -1 roll pop} +{RC} +ifelse +}bdf +/FF{dup 256 string cvs(|______)exch MN cvn dup FontDirectory exch known +{exch pop findfont 3 -1 roll pop} +{pop dup findfont dup maxlength dict CD dup dup +/Encoding exch /Encoding get 256 array copy 7 -1 roll +{3 -1 roll dup 4 -2 roll put}forall put definefont} +ifelse}bdf +/RCJ{4 -1 roll +/ourvec xdf +256 string cvs +(|______) anchorsearch +{pop +cvn +dup FDFJ +exch +1 index +eq +{ +_bfh findfont _efh +dup +maxlength dict +CD +dup +/FontName +3 index +put +dup +/Encoding ourvec put +1 index +exch +definefont +pop +} +{exch pop} +ifelse +} +{pop} +ifelse +}bdf +/RFJ{ +dup +FontDirectory exch +known +{pop 3 -1 roll pop} +{RCJ} +ifelse +}bdf +/hasfont +{ +/resourcestatus where +{ +pop +/Font resourcestatus +{ +pop pop true +} +{ +false +} +ifelse +} +{ +dup FontDirectory exch known +{pop true} +{ +256 string +cvs +(fonts/) exch MN +status +{pop pop pop pop true} +{false} +ifelse +} +ifelse +} +ifelse +}bdf +/FDFJ +{ +dup +hasfont +not +{ +pop +/Ryumin-Light-83pv-RKSJ-H +hasfont +{ +/Ryumin-Light-83pv-RKSJ-H +} +{ +/Courier +} +ifelse +} +if +}bdf +/FFJ{ +_bfh +dup +256 string cvs +(|______)exch MN +cvn +dup +FontDirectory +exch known +{ +exch +pop +findfont +3 -1 roll +pop +} +{ +pop +FDFJ +dup findfont +dup maxlength dict +CD +dup dup +/Encoding exch +/Encoding get +256 array copy +7 -1 roll +{ +3 -1 roll +dup +4 -2 roll +put +}forall +put +definefont +} +ifelse +_efh +}bdf +/GS { +dup +hasfont +{ +findfont +exch makesetfont +exch +pop +ts +} +{ +pop pop pop +ts +} ifelse +} bdf +/RCK{4 -1 roll +/ourvec xdf +256 string cvs +(|______) anchorsearch +{pop +cvn +dup FDFK +exch +1 index +eq +{ +_bfh findfont _efh +dup +maxlength dict +CD +dup +/FontName +3 index +put +dup +/Encoding ourvec put +1 index +exch +definefont +pop +} +{exch pop} +ifelse +} +{pop} +ifelse +}bdf +/RFK{ +dup +FontDirectory exch +known +{pop 3 -1 roll pop} +{RCK} +ifelse +}bdf +/hasfont +{ +/resourcestatus where +{ +pop +/Font resourcestatus +{ +pop pop true +} +{ +false +} +ifelse +} +{ +dup FontDirectory exch known +{pop true} +{ +256 string +cvs +(fonts/) exch MN +status +{pop pop pop pop true} +{false} +ifelse +} +ifelse +} +ifelse +}bdf +/FDFK +{ +dup +hasfont +not +{ +pop +/JCsm +hasfont +{ +/JCsm +} +{ +/Courier +} +ifelse +} +if +}bdf +/FFK{ +_bfh +dup +256 string cvs +(|______)exch MN +cvn +dup +FontDirectory +exch known +{ +exch +pop +findfont +3 -1 roll +pop +} +{ +pop +FDFK +dup findfont +dup maxlength dict +CD +dup dup +/Encoding exch +/Encoding get +256 array copy +7 -1 roll +{ +3 -1 roll +dup +4 -2 roll +put +}forall +put +definefont +} +ifelse +_efh +}bdf +/RCTC{4 -1 roll +/ourvec xdf +256 string cvs +(|______) anchorsearch +{pop +cvn +dup FDFTC +exch +1 index +eq +{ +_bfh findfont _efh +dup +maxlength dict +CD +dup +/FontName +3 index +put +dup +/Encoding ourvec put +1 index +exch +definefont +pop +} +{exch pop} +ifelse +} +{pop} +ifelse +}bdf +/RFTC{ +dup +FontDirectory exch +known +{pop 3 -1 roll pop} +{RCTC} +ifelse +}bdf +/FDFTC +{ +dup +hasfont +not +{ +pop +/DFMing-Lt-HK-BF +hasfont +{ +/DFMing-Lt-HK-BF +} +{ +/Courier +} +ifelse +} +if +}bdf +/FFTC{ +_bfh +dup +256 string cvs +(|______)exch MN +cvn +dup +FontDirectory +exch known +{ +exch +pop +findfont +3 -1 roll +pop +} +{ +pop +FDFTC +dup findfont +dup maxlength dict +CD +dup dup +/Encoding exch +/Encoding get +256 array copy +7 -1 roll +{ +3 -1 roll +dup +4 -2 roll +put +}forall +put +definefont +} +ifelse +_efh +}bdf +/fps{ +currentflat +exch +dup 0 le{pop 1}if +{ +dup setflat 3 index stopped +{1.3 mul dup 3 index gt{pop setflat pop pop stop}if} +{exit} +ifelse +}loop +pop setflat pop pop +}bdf +/fp{100 currentflat fps}bdf +/clipper{clip}bdf +/W{/clipper load 100 clipflatness dup setflat fps}bdf + +userdict begin /BDFontDict 29 dict def end +BDFontDict begin +/bu{}def +/bn{}def +/setTxMode{av 70 ge{pop}if pop}def +/gm{m}def +/show{pop}def +/gr{pop}def +/fnt{pop pop pop}def +/fs{pop}def +/fz{pop}def +/lin{pop pop}def +/:M {pop pop} def +/sf {pop} def +/S {pop} def +/@b {pop pop pop pop pop pop pop pop} def +/_bdsave /save load def +/_bdrestore /restore load def +/save { dup /fontsave eq {null} {_bdsave} ifelse } def +/restore { dup null eq { pop } { _bdrestore } ifelse } def +/fontsave null def +end +/MacVec 256 array def +MacVec 0 /Helvetica findfont +/Encoding get 0 128 getinterval putinterval +MacVec 127 /DEL put MacVec 16#27 /quotesingle put MacVec 16#60 /grave put +/NUL/SOH/STX/ETX/EOT/ENQ/ACK/BEL/BS/HT/LF/VT/FF/CR/SO/SI +/DLE/DC1/DC2/DC3/DC4/NAK/SYN/ETB/CAN/EM/SUB/ESC/FS/GS/RS/US +MacVec 0 32 getinterval astore pop +/Adieresis/Aring/Ccedilla/Eacute/Ntilde/Odieresis/Udieresis/aacute +/agrave/acircumflex/adieresis/atilde/aring/ccedilla/eacute/egrave +/ecircumflex/edieresis/iacute/igrave/icircumflex/idieresis/ntilde/oacute +/ograve/ocircumflex/odieresis/otilde/uacute/ugrave/ucircumflex/udieresis +/dagger/degree/cent/sterling/section/bullet/paragraph/germandbls +/registered/copyright/trademark/acute/dieresis/notequal/AE/Oslash +/infinity/plusminus/lessequal/greaterequal/yen/mu/partialdiff/summation +/product/pi/integral/ordfeminine/ordmasculine/Omega/ae/oslash +/questiondown/exclamdown/logicalnot/radical/florin/approxequal/Delta/guillemotleft +/guillemotright/ellipsis/nbspace/Agrave/Atilde/Otilde/OE/oe +/endash/emdash/quotedblleft/quotedblright/quoteleft/quoteright/divide/lozenge +/ydieresis/Ydieresis/fraction/currency/guilsinglleft/guilsinglright/fi/fl +/daggerdbl/periodcentered/quotesinglbase/quotedblbase +/perthousand/Acircumflex/Ecircumflex/Aacute +/Edieresis/Egrave/Iacute/Icircumflex/Idieresis/Igrave/Oacute/Ocircumflex +/apple/Ograve/Uacute/Ucircumflex/Ugrave/dotlessi/circumflex/tilde +/macron/breve/dotaccent/ring/cedilla/hungarumlaut/ogonek/caron +MacVec 128 128 getinterval astore pop +/findheaderfont { +/Helvetica findfont +} def +end %. AltsysDict +%%EndResource +%%EndProlog + +%%BeginSetup + +AltsysDict begin +_bfh + +_efh +end %. AltsysDict + +%%EndSetup +AltsysDict begin + +/onlyk4{false}ndf +/ccmyk{dup 5 -1 roll sub 0 max exch}ndf +/cmyk2gray{ +4 -1 roll 0.3 mul 4 -1 roll 0.59 mul 4 -1 roll 0.11 mul +add add add 1 min neg 1 add +}bdf +/setcmykcolor{1 exch sub ccmyk ccmyk ccmyk pop setrgbcolor}ndf +/maxcolor { +max max max +} ndf +/maxspot { +pop +} ndf +/setcmykcoloroverprint{4{dup -1 eq{pop 0}if 4 1 roll}repeat setcmykcolor}ndf +/findcmykcustomcolor{5 packedarray}ndf +/setcustomcolor{exch aload pop pop 4{4 index mul 4 1 roll}repeat setcmykcolor pop}ndf +/setseparationgray{setgray}ndf +/setoverprint{pop}ndf +/currentoverprint false ndf +/cmykbufs2gray{ +0 1 2 index length 1 sub +{ +4 index 1 index get 0.3 mul +4 index 2 index get 0.59 mul +4 index 3 index get 0.11 mul +4 index 4 index get +add add add cvi 255 min +255 exch sub +2 index 3 1 roll put +}for +4 1 roll pop pop pop +}bdf +/colorimage{ +pop pop +[ +5 -1 roll/exec cvx +6 -1 roll/exec cvx +7 -1 roll/exec cvx +8 -1 roll/exec cvx +/cmykbufs2gray cvx +]cvx +image +} +%. version 47.1 on Linotronic of Postscript defines colorimage incorrectly (rgb model only) +version cvr 47.1 le +statusdict /product get (Lino) anchorsearch{pop pop true}{pop false}ifelse +and{userdict begin bdf end}{ndf}ifelse +fhnumcolors 1 ne {/yt save def} if +/customcolorimage{ +aload pop +(_vc_Registration) eq +{ +pop pop pop pop separationimage +} +{ +/ik xdf /iy xdf /im xdf /ic xdf +ic im iy ik cmyk2gray /xt xdf +currenttransfer +{dup 1.0 exch sub xt mul add}concatprocs +st +image +} +ifelse +}ndf +fhnumcolors 1 ne {yt restore} if +fhnumcolors 3 ne {/yt save def} if +/customcolorimage{ +aload pop +(_vc_Registration) eq +{ +pop pop pop pop separationimage +} +{ +/ik xdf /iy xdf /im xdf /ic xdf +1.0 dup ic ik add min sub +1.0 dup im ik add min sub +1.0 dup iy ik add min sub +/ic xdf /iy xdf /im xdf +currentcolortransfer +4 1 roll +{dup 1.0 exch sub ic mul add}concatprocs 4 1 roll +{dup 1.0 exch sub iy mul add}concatprocs 4 1 roll +{dup 1.0 exch sub im mul add}concatprocs 4 1 roll +setcolortransfer +{/dummy xdf dummy}concatprocs{dummy}{dummy}true 3 colorimage +} +ifelse +}ndf +fhnumcolors 3 ne {yt restore} if +fhnumcolors 4 ne {/yt save def} if +/customcolorimage{ +aload pop +(_vc_Registration) eq +{ +pop pop pop pop separationimage +} +{ +/ik xdf /iy xdf /im xdf /ic xdf +currentcolortransfer +{1.0 exch sub ik mul ik sub 1 add}concatprocs 4 1 roll +{1.0 exch sub iy mul iy sub 1 add}concatprocs 4 1 roll +{1.0 exch sub im mul im sub 1 add}concatprocs 4 1 roll +{1.0 exch sub ic mul ic sub 1 add}concatprocs 4 1 roll +setcolortransfer +{/dummy xdf dummy}concatprocs{dummy}{dummy}{dummy} +true 4 colorimage +} +ifelse +}ndf +fhnumcolors 4 ne {yt restore} if +/separationimage{image}ndf +/spotascmyk false ndf +/newcmykcustomcolor{6 packedarray}ndf +/inkoverprint false ndf +/setinkoverprint{pop}ndf +/setspotcolor { +spots exch get +dup 4 get (_vc_Registration) eq +{pop 1 exch sub setseparationgray} +{0 5 getinterval exch setcustomcolor} +ifelse +}ndf +/currentcolortransfer{currenttransfer dup dup dup}ndf +/setcolortransfer{st pop pop pop}ndf +/fas{}ndf +/sas{}ndf +/fhsetspreadsize{pop}ndf +/filler{fill}bdf +/F{gsave {filler}fp grestore}bdf +/f{closepath F}bdf +/S{gsave {stroke}fp grestore}bdf +/s{closepath S}bdf +userdict /islevel2 +systemdict /languagelevel known dup +{ +pop systemdict /languagelevel get 2 ge +} if +put +islevel2 not +{ +/currentcmykcolor +{ +0 0 0 1 currentgray sub +} ndf +} if +/tc +{ +gsave +setcmykcolor currentcmykcolor +grestore +} bind def +/testCMYKColorThrough +{ +tc add add add 0 ne +} bind def +/fhiscomposite where not { +userdict /fhiscomposite +islevel2 +{ +gsave 1 1 1 1 setcmykcolor currentcmykcolor grestore +add add add 4 eq +} +{ +1 0 0 0 testCMYKColorThrough +0 1 0 0 testCMYKColorThrough +0 0 1 0 testCMYKColorThrough +0 0 0 1 testCMYKColorThrough +and and and +} ifelse +put +} +{ pop } +ifelse +/bc4 [0 0 0 0] def +/_lfp4 { +1 pop +/yt xdf +/xt xdf +/ang xdf +storerect +/taperfcn xdf +/k2 xdf /y2 xdf /m2 xdf /c2 xdf +/k1 xdf /y1 xdf /m1 xdf /c1 xdf +c1 c2 sub abs +m1 m2 sub abs +y1 y2 sub abs +k1 k2 sub abs +maxcolor +calcgraysteps mul abs round +height abs adjnumsteps +dup 1 lt {pop 1} if +1 sub /numsteps1 xdf +currentflat mark +currentflat clipflatness +/delta top bottom sub numsteps1 1 add div def +/right right left sub def +/botsv top delta sub def +{ +{ +W +xt yt translate +ang rotate +xt neg yt neg translate +dup setflat +/bottom botsv def +0 1 numsteps1 +{ +numsteps1 dup 0 eq {pop pop 0.5} {div} ifelse +taperfcn /frac xdf +bc4 0 c2 c1 sub frac mul c1 add put +bc4 1 m2 m1 sub frac mul m1 add put +bc4 2 y2 y1 sub frac mul y1 add put +bc4 3 k2 k1 sub frac mul k1 add put +bc4 vc +1 index setflat +{ +mark {newpath left bottom right delta rectfill}stopped +{cleartomark exch 1.3 mul dup setflat exch 2 copy gt{stop}if} +{cleartomark exit}ifelse +}loop +/bottom bottom delta sub def +}for +} +gsave stopped grestore +{exch pop 2 index exch 1.3 mul dup 100 gt{cleartomark setflat stop}if} +{exit}ifelse +}loop +cleartomark setflat +}bdf +/bcs [0 0] def +/_lfs4 { +/yt xdf +/xt xdf +/ang xdf +storerect +/taperfcn xdf +/tint2 xdf +/tint1 xdf +bcs exch 1 exch put +tint1 tint2 sub abs +bcs 1 get maxspot +calcgraysteps mul abs round +height abs adjnumsteps +dup 2 lt {pop 2} if +1 sub /numsteps1 xdf +currentflat mark +currentflat clipflatness +/delta top bottom sub numsteps1 1 add div def +/right right left sub def +/botsv top delta sub def +{ +{ +W +xt yt translate +ang rotate +xt neg yt neg translate +dup setflat +/bottom botsv def +0 1 numsteps1 +{ +numsteps1 div taperfcn /frac xdf +bcs 0 +1.0 tint2 tint1 sub frac mul tint1 add sub +put bcs vc +1 index setflat +{ +mark {newpath left bottom right delta rectfill}stopped +{cleartomark exch 1.3 mul dup setflat exch 2 copy gt{stop}if} +{cleartomark exit}ifelse +}loop +/bottom bottom delta sub def +}for +} +gsave stopped grestore +{exch pop 2 index exch 1.3 mul dup 100 gt{cleartomark setflat stop}if} +{exit}ifelse +}loop +cleartomark setflat +}bdf +/_rfs6 { +/tint2 xdf +/tint1 xdf +bcs exch 1 exch put +/inrad xdf +/radius xdf +/yt xdf +/xt xdf +tint1 tint2 sub abs +bcs 1 get maxspot +calcgraysteps mul abs round +radius inrad sub abs +adjnumsteps +dup 1 lt {pop 1} if +1 sub /numsteps1 xdf +radius inrad sub numsteps1 dup 0 eq {pop} {div} ifelse +2 div /halfstep xdf +currentflat mark +currentflat clipflatness +{ +{ +dup setflat +W +0 1 numsteps1 +{ +dup /radindex xdf +numsteps1 dup 0 eq {pop pop 0.5} {div} ifelse +/frac xdf +bcs 0 +tint2 tint1 sub frac mul tint1 add +put bcs vc +1 index setflat +{ +newpath mark +xt yt radius inrad sub 1 frac sub mul halfstep add inrad add 0 360 +{ arc +radindex numsteps1 ne +inrad 0 gt or +{ +xt yt +numsteps1 0 eq +{ inrad } +{ +radindex 1 add numsteps1 div 1 exch sub +radius inrad sub mul halfstep add inrad add +}ifelse +dup xt add yt moveto +360 0 arcn +} if +fill +}stopped +{cleartomark exch 1.3 mul dup setflat exch 2 copy gt{stop}if} +{cleartomark exit}ifelse +}loop +}for +} +gsave stopped grestore +{exch pop 2 index exch 1.3 mul dup 100 gt{cleartomark setflat stop}if} +{exit}ifelse +}loop +cleartomark setflat +}bdf +/_rfp6 { +1 pop +/k2 xdf /y2 xdf /m2 xdf /c2 xdf +/k1 xdf /y1 xdf /m1 xdf /c1 xdf +/inrad xdf +/radius xdf +/yt xdf +/xt xdf +c1 c2 sub abs +m1 m2 sub abs +y1 y2 sub abs +k1 k2 sub abs +maxcolor +calcgraysteps mul abs round +radius inrad sub abs +adjnumsteps +dup 1 lt {pop 1} if +1 sub /numsteps1 xdf +radius inrad sub numsteps1 dup 0 eq {pop} {div} ifelse +2 div /halfstep xdf +currentflat mark +currentflat clipflatness +{ +{ +dup setflat +W +0 1 numsteps1 +{ +dup /radindex xdf +numsteps1 dup 0 eq {pop pop 0.5} {div} ifelse +/frac xdf +bc4 0 c2 c1 sub frac mul c1 add put +bc4 1 m2 m1 sub frac mul m1 add put +bc4 2 y2 y1 sub frac mul y1 add put +bc4 3 k2 k1 sub frac mul k1 add put +bc4 vc +1 index setflat +{ +newpath mark +xt yt radius inrad sub 1 frac sub mul halfstep add inrad add 0 360 +{ arc +radindex numsteps1 ne +inrad 0 gt or +{ +xt yt +numsteps1 0 eq +{ inrad } +{ +radindex 1 add numsteps1 div 1 exch sub +radius inrad sub mul halfstep add inrad add +}ifelse +dup xt add yt moveto +360 0 arcn +} if +fill +}stopped +{cleartomark exch 1.3 mul dup setflat exch 2 copy gt{stop}if} +{cleartomark exit}ifelse +}loop +}for +} +gsave stopped grestore +{exch pop 2 index exch 1.3 mul dup 100 gt{cleartomark setflat stop}if} +{exit}ifelse +}loop +cleartomark setflat +}bdf +/lfp4{_lfp4}ndf +/lfs4{_lfs4}ndf +/rfs6{_rfs6}ndf +/rfp6{_rfp6}ndf +/cvc [0 0 0 1] def +/vc{ +AltsysDict /cvc 2 index put +aload length dup 4 eq +{pop dup -1 eq{pop setrgbcolor}{setcmykcolor}ifelse} +{6 eq {sethexcolor} {setspotcolor} ifelse } +ifelse +}bdf +0 setseparationgray +/imgr {1692.47 1570.59 2287.75 2412.48 } def +/bleed 0 def +/clpr {1692.47 1570.59 2287.75 2412.48 } def +/xs 1 def +/ys 1 def +/botx 0 def +/overlap 0 def +/wdist 18 def +0 2 mul fhsetspreadsize +0 0 ne {/df 0 def /clipflatness 0 def} if +/maxsteps 256 def +/forcemaxsteps false def +/minsteps 0 def + +userdict begin /AGDOrigMtx matrix currentmatrix def end +vms +0.15 0.15 scale %JND +-1845 -2006 translate + +/currentpacking defed{false setpacking}if +/spots[ + +1 0 0 0 (Process Cyan) false newcmykcustomcolor + +0 1 0 0 (Process Magenta) false newcmykcustomcolor + +0 0 1 0 (Process Yellow) false newcmykcustomcolor + +0 0 0 1 (Process Black) false newcmykcustomcolor +]def +n +[] 0 d +3.863708 M +1 w +0 j +0 J +false setoverprint +0 i +false eomode +[0 0 0 1]vc +vms +1848.4365 2094.0422 m +1848.4365 2140.987 1886.4917 2179.0422 1933.4365 2179.0422 C +1980.3813 2179.0422 2018.4365 2140.987 2018.4365 2094.0422 C +2018.4365 2047.0974 1980.3813 2009.0422 1933.4365 2009.0422 C +1886.4917 2009.0422 1848.4365 2047.0974 1848.4365 2094.0422 C +5.3858 w +3.863693 M +s +n +true eomode +1880.5612 2118.7403 m +1880.5612 2121.7396 1881.6862 2124.8795 1883.9362 2128.1622 C +1886.1862 2131.4889 1888.4581 2133.1522 1890.7565 2133.1544 C +1892.2089 2133.1544 1893.4042 2132.5677 1894.3424 2131.3966 C +1895.3268 2130.2233 1895.819 2128.7467 1895.819 2126.9669 C +1895.819 2124.0599 1894.6237 2121.0826 1892.233 2118.0372 C +1889.8885 2114.9896 1887.6144 2113.4669 1885.4127 2113.4669 C +1884.0526 2113.4669 1882.9034 2113.9591 1881.9674 2114.9435 C +1881.0292 2115.974 1880.5612 2117.2396 1880.5612 2118.7403 C +h +1948.2018 2061.1544 m +1978.4362 2061.0138 L +1980.451 2062.6068 1981.9034 2064.3163 1982.7955 2066.1466 C +1983.7316 2068.0209 1984.1996 2070.2005 1984.2018 2072.6857 C +1984.2018 2073.2482 L +1969.2252 2099.6153 L +1969.2252 2099.3341 1969.2472 2098.8639 1969.2955 2098.2091 C +1969.3417 2097.5983 1969.3636 2097.1544 1969.3658 2096.8732 C +1969.3658 2089.888 1967.5597 2083.3732 1963.9518 2077.3263 C +1960.3878 2071.2794 1955.1385 2065.8873 1948.2018 2061.1544 C +h +1905.8737 2139.4825 m +1910.0924 2124.2247 L +1964.233 2092.5841 L +1964.6066 2094.3177 1964.8636 2095.724 1965.0065 2096.8028 C +1965.1471 2097.9278 1965.2174 2098.9122 1965.2174 2099.756 C +1965.2174 2100.4108 1965.1691 2101.5599 1965.0768 2103.2013 C +1964.9823 2103.5748 1964.9362 2103.8561 1964.9362 2104.045 C +1905.8737 2139.4825 L +h +1908.4752 2120.3575 m +1898.983 2105.5216 L +1954.3893 2072.8263 L +1956.4987 2074.7005 1958.2565 2076.8561 1959.6627 2079.295 C +1961.1151 2081.7779 1962.2863 2084.6608 1963.1783 2087.9435 C +1908.4752 2120.3575 L +h +1896.2408 2102.3575 m +1880.5612 2099.0528 L +1942.9283 2062.631 L +1944.5675 2063.5209 1946.0682 2064.5272 1947.4283 2065.6544 C +1948.7863 2066.7794 1950.0057 2068.0209 1951.0846 2069.381 C +1896.2408 2102.3575 L +h +1871.2096 2120.7794 m +1876.3424 2102.3575 L +1894.2018 2105.9435 L +1906.1549 2125.2794 L +1900.8815 2142.506 L +1882.7408 2139.2013 L +1871.2096 2120.7794 L +h +1866.7096 2121.4825 m +1880.1393 2142.3653 L +1901.3033 2146.5841 L +1963.6705 2109.3888 L +1968.0299 2106.8092 1971.005 2103.9747 1972.6002 2100.881 C +1972.8815 2100.2701 1973.1144 2099.8021 1973.3033 2099.4747 C +1991.444 2068.256 L +1991.6769 2067.8341 1992.0043 2067.2474 1992.4283 2066.4982 C +1994.0675 2064.013 1994.8871 2062.0904 1994.8893 2060.7325 C +1994.8893 2059.4186 1994.3971 2058.4825 1993.4127 2057.92 C +1992.4745 2057.4037 1990.6705 2057.1466 1987.9987 2057.1466 C +1948.0612 2057.1466 L +1946.4198 2057.1466 1944.7784 2057.4037 1943.1393 2057.92 C +1941.4979 2058.4825 1939.4127 2059.513 1936.8815 2061.0138 C +1873.6705 2098.631 L +1866.7096 2121.4825 L +true setoverprint +f +false setoverprint +n +vmr +vmr +end +%%Trailer diff --git a/doc/xsl/graphics/note.pdf b/doc/xsl/graphics/note.pdf Binary files differnew file mode 100644 index 00000000..ec6c248a --- /dev/null +++ b/doc/xsl/graphics/note.pdf diff --git a/doc/xsl/graphics/tip.eps b/doc/xsl/graphics/tip.eps new file mode 100644 index 00000000..a28ad883 --- /dev/null +++ b/doc/xsl/graphics/tip.eps @@ -0,0 +1,1503 @@ +%!PS-Adobe-2.0 EPSF-1.2 +%%Title: Untitled-1 +%%Creator: FreeHand 9.0 +%%CreationDate: 2002/07/16 10:41 PM +%%BoundingBox: 0 0 27 27 +%%FHPathName:Untitled:FreeHand 9:English:Untitled-1 +%ALDOriginalFile:Untitled:FreeHand 9:English:Untitled-1 +%ALDBoundingBox: -153 -436 442 406 +%%FHPageNum:1 +%%DocumentSuppliedResources: procset Altsys_header 4 0 +%%ColorUsage: Color +%%DocumentProcessColors: Black +%%EndComments +%%BeginResource: procset Altsys_header 4 0 +userdict begin /AltsysDict 300 dict def end +AltsysDict begin +/bdf{bind def}bind def +/xdf{exch def}bdf +/defed{where{pop true}{false}ifelse}bdf +/ndf{1 index where{pop pop pop}{dup xcheck{bind}if def}ifelse}bdf +/d{setdash}bdf +/h{closepath}bdf +/H{}bdf +/J{setlinecap}bdf +/j{setlinejoin}bdf +/M{setmiterlimit}bdf +/n{newpath}bdf +/N{newpath}bdf +/q{gsave}bdf +/Q{grestore}bdf +/w{setlinewidth}bdf +/Xic{matrix invertmatrix concat}bdf +/Xq{matrix currentmatrix mark}bdf +/XQ{cleartomark setmatrix}bdf +/sepdef{ +dup where not +{ +AltsysSepDict +} +if +3 1 roll exch put +}bdf +/st{settransfer}bdf +/colorimage defed /_rci xdf +/cntr 0 def +/readbinarystring{ +/cntr 0 def +2 copy readstring +{ +{ +dup +(\034) search +{ +length exch pop exch +dup length 0 ne +{ +dup dup 0 get 32 sub 0 exch put +/cntr cntr 1 add def +} +{ +pop 1 string dup +0 6 index read pop 32 sub put +}ifelse +3 copy +putinterval pop +1 add +1 index length 1 sub +1 index sub +dup 0 le {pop pop exit}if +getinterval +} +{ +pop exit +} ifelse +} loop +}if +cntr 0 gt +{ +pop 2 copy +dup length cntr sub cntr getinterval +readbinarystring +} if +pop exch pop +} bdf +/_NXLevel2 defed { +_NXLevel2 not { +/colorimage where { +userdict eq { +/_rci false def +} if +} if +} if +} if +/md defed{ +md type /dicttype eq { +/colorimage where { +md eq { +/_rci false def +}if +}if +/settransfer where { +md eq { +/st systemdict /settransfer get def +}if +}if +}if +}if +/setstrokeadjust defed +{ +true setstrokeadjust +/C{curveto}bdf +/L{lineto}bdf +/m{moveto}bdf +} +{ +/dr{transform .25 sub round .25 add +exch .25 sub round .25 add exch itransform}bdf +/C{dr curveto}bdf +/L{dr lineto}bdf +/m{dr moveto}bdf +/setstrokeadjust{pop}bdf +}ifelse +/privrectpath { +4 -2 roll m +dtransform round exch round exch idtransform +2 copy 0 lt exch 0 lt xor +{dup 0 exch rlineto exch 0 rlineto neg 0 exch rlineto} +{exch dup 0 rlineto exch 0 exch rlineto neg 0 rlineto} +ifelse +closepath +}bdf +/rectclip{newpath privrectpath clip newpath}def +/rectfill{gsave newpath privrectpath fill grestore}def +/rectstroke{gsave newpath privrectpath stroke grestore}def +/_fonthacksave false def +/currentpacking defed +{ +/_bfh {/_fonthacksave currentpacking def false setpacking} bdf +/_efh {_fonthacksave setpacking} bdf +} +{ +/_bfh {} bdf +/_efh {} bdf +}ifelse +/packedarray{array astore readonly}ndf +/` +{ +false setoverprint +/-save0- save def +5 index concat +pop +storerect left bottom width height rectclip +pop +/MMdict_count countdictstack def +/MMop_count count 1 sub def +userdict begin +/showpage {} def +0 setgray 0 setlinecap 1 setlinewidth +0 setlinejoin 10 setmiterlimit [] 0 setdash newpath +} bdf +/currentpacking defed{true setpacking}if +/min{2 copy gt{exch}if pop}bdf +/max{2 copy lt{exch}if pop}bdf +/xformfont { currentfont exch makefont setfont } bdf +/fhnumcolors 1 +statusdict begin +/processcolors defed +{ +pop processcolors +} +{ +/deviceinfo defed { +deviceinfo /Colors known { +pop deviceinfo /Colors get +} if +} if +} ifelse +end +def +/printerRes +gsave +matrix defaultmatrix setmatrix +72 72 dtransform +abs exch abs +max +grestore +def +/graycalcs +[ +{Angle Frequency} +{GrayAngle GrayFrequency} +{0 Width Height matrix defaultmatrix idtransform +dup mul exch dup mul add sqrt 72 exch div} +{0 GrayWidth GrayHeight matrix defaultmatrix idtransform +dup mul exch dup mul add sqrt 72 exch div} +] def +/calcgraysteps { +forcemaxsteps +{ +maxsteps +} +{ +/currenthalftone defed +{currenthalftone /dicttype eq}{false}ifelse +{ +currenthalftone begin +HalftoneType 4 le +{graycalcs HalftoneType 1 sub get exec} +{ +HalftoneType 5 eq +{ +Default begin +{graycalcs HalftoneType 1 sub get exec} +end +} +{0 60} +ifelse +} +ifelse +end +} +{ +currentscreen pop exch +} +ifelse +printerRes 300 max exch div exch +2 copy +sin mul round dup mul +3 1 roll +cos mul round dup mul +add 1 add +dup maxsteps gt {pop maxsteps} if +dup minsteps lt {pop minsteps} if +} +ifelse +} bdf +/nextrelease defed { +/languagelevel defed not { +/framebuffer defed { +0 40 string framebuffer 9 1 roll 8 {pop} repeat +dup 516 eq exch 520 eq or +{ +/fhnumcolors 3 def +/currentscreen {60 0 {pop pop 1}}bdf +/calcgraysteps {maxsteps} bdf +}if +}if +}if +}if +fhnumcolors 1 ne { +/calcgraysteps {maxsteps} bdf +} if +/currentpagedevice defed { +currentpagedevice /PreRenderingEnhance known +{ +currentpagedevice /PreRenderingEnhance get +{ +/calcgraysteps +{ +forcemaxsteps +{maxsteps} +{256 maxsteps min} +ifelse +} def +} if +} if +} if +/gradfrequency 144 def +printerRes 1000 lt { +/gradfrequency 72 def +} if +/adjnumsteps { +dup dtransform abs exch abs max +printerRes div +gradfrequency mul +round +5 max +min +}bdf +/goodsep { +spots exch get 4 get dup sepname eq exch (_vc_Registration) eq or +}bdf +/BeginGradation defed +{/bb{BeginGradation}bdf} +{/bb{}bdf} +ifelse +/EndGradation defed +{/eb{EndGradation}bdf} +{/eb{}bdf} +ifelse +/bottom -0 def +/delta -0 def +/frac -0 def +/height -0 def +/left -0 def +/numsteps1 -0 def +/radius -0 def +/right -0 def +/top -0 def +/width -0 def +/xt -0 def +/yt -0 def +/df currentflat def +/tempstr 1 string def +/clipflatness currentflat def +/inverted? +0 currenttransfer exec .5 ge def +/tc1 [0 0 0 1] def +/tc2 [0 0 0 1] def +/storerect{/top xdf /right xdf /bottom xdf /left xdf +/width right left sub def /height top bottom sub def}bdf +/concatprocs{ +systemdict /packedarray known +{dup type /packedarraytype eq 2 index type /packedarraytype eq or}{false}ifelse +{ +/proc2 exch cvlit def /proc1 exch cvlit def +proc1 aload pop proc2 aload pop +proc1 length proc2 length add packedarray cvx +} +{ +/proc2 exch cvlit def /proc1 exch cvlit def +/newproc proc1 length proc2 length add array def +newproc 0 proc1 putinterval newproc proc1 length proc2 putinterval +newproc cvx +}ifelse +}bdf +/i{dup 0 eq +{pop df dup} +{dup} ifelse +/clipflatness xdf setflat +}bdf +version cvr 38.0 le +{/setrgbcolor{ +currenttransfer exec 3 1 roll +currenttransfer exec 3 1 roll +currenttransfer exec 3 1 roll +setrgbcolor}bdf}if +/vms {/vmsv save def} bdf +/vmr {vmsv restore} bdf +/vmrs{vmsv restore /vmsv save def}bdf +/eomode{ +{/filler /eofill load def /clipper /eoclip load def} +{/filler /fill load def /clipper /clip load def} +ifelse +}bdf +/normtaper{}bdf +/logtaper{9 mul 1 add log}bdf +/CD{ +/NF exch def +{ +exch dup +/FID ne 1 index/UniqueID ne and +{exch NF 3 1 roll put} +{pop pop} +ifelse +}forall +NF +}bdf +/MN{ +1 index length +/Len exch def +dup length Len add +string dup +Len +4 -1 roll +putinterval +dup +0 +4 -1 roll +putinterval +}bdf +/RC{4 -1 roll /ourvec xdf 256 string cvs(|______)anchorsearch +{1 index MN cvn/NewN exch def cvn +findfont dup maxlength dict CD dup/FontName NewN put dup +/Encoding ourvec put NewN exch definefont pop}{pop}ifelse}bdf +/RF{ +dup +FontDirectory exch +known +{pop 3 -1 roll pop} +{RC} +ifelse +}bdf +/FF{dup 256 string cvs(|______)exch MN cvn dup FontDirectory exch known +{exch pop findfont 3 -1 roll pop} +{pop dup findfont dup maxlength dict CD dup dup +/Encoding exch /Encoding get 256 array copy 7 -1 roll +{3 -1 roll dup 4 -2 roll put}forall put definefont} +ifelse}bdf +/RCJ{4 -1 roll +/ourvec xdf +256 string cvs +(|______) anchorsearch +{pop +cvn +dup FDFJ +exch +1 index +eq +{ +_bfh findfont _efh +dup +maxlength dict +CD +dup +/FontName +3 index +put +dup +/Encoding ourvec put +1 index +exch +definefont +pop +} +{exch pop} +ifelse +} +{pop} +ifelse +}bdf +/RFJ{ +dup +FontDirectory exch +known +{pop 3 -1 roll pop} +{RCJ} +ifelse +}bdf +/hasfont +{ +/resourcestatus where +{ +pop +/Font resourcestatus +{ +pop pop true +} +{ +false +} +ifelse +} +{ +dup FontDirectory exch known +{pop true} +{ +256 string +cvs +(fonts/) exch MN +status +{pop pop pop pop true} +{false} +ifelse +} +ifelse +} +ifelse +}bdf +/FDFJ +{ +dup +hasfont +not +{ +pop +/Ryumin-Light-83pv-RKSJ-H +hasfont +{ +/Ryumin-Light-83pv-RKSJ-H +} +{ +/Courier +} +ifelse +} +if +}bdf +/FFJ{ +_bfh +dup +256 string cvs +(|______)exch MN +cvn +dup +FontDirectory +exch known +{ +exch +pop +findfont +3 -1 roll +pop +} +{ +pop +FDFJ +dup findfont +dup maxlength dict +CD +dup dup +/Encoding exch +/Encoding get +256 array copy +7 -1 roll +{ +3 -1 roll +dup +4 -2 roll +put +}forall +put +definefont +} +ifelse +_efh +}bdf +/GS { +dup +hasfont +{ +findfont +exch makesetfont +exch +pop +ts +} +{ +pop pop pop +ts +} ifelse +} bdf +/RCK{4 -1 roll +/ourvec xdf +256 string cvs +(|______) anchorsearch +{pop +cvn +dup FDFK +exch +1 index +eq +{ +_bfh findfont _efh +dup +maxlength dict +CD +dup +/FontName +3 index +put +dup +/Encoding ourvec put +1 index +exch +definefont +pop +} +{exch pop} +ifelse +} +{pop} +ifelse +}bdf +/RFK{ +dup +FontDirectory exch +known +{pop 3 -1 roll pop} +{RCK} +ifelse +}bdf +/hasfont +{ +/resourcestatus where +{ +pop +/Font resourcestatus +{ +pop pop true +} +{ +false +} +ifelse +} +{ +dup FontDirectory exch known +{pop true} +{ +256 string +cvs +(fonts/) exch MN +status +{pop pop pop pop true} +{false} +ifelse +} +ifelse +} +ifelse +}bdf +/FDFK +{ +dup +hasfont +not +{ +pop +/JCsm +hasfont +{ +/JCsm +} +{ +/Courier +} +ifelse +} +if +}bdf +/FFK{ +_bfh +dup +256 string cvs +(|______)exch MN +cvn +dup +FontDirectory +exch known +{ +exch +pop +findfont +3 -1 roll +pop +} +{ +pop +FDFK +dup findfont +dup maxlength dict +CD +dup dup +/Encoding exch +/Encoding get +256 array copy +7 -1 roll +{ +3 -1 roll +dup +4 -2 roll +put +}forall +put +definefont +} +ifelse +_efh +}bdf +/RCTC{4 -1 roll +/ourvec xdf +256 string cvs +(|______) anchorsearch +{pop +cvn +dup FDFTC +exch +1 index +eq +{ +_bfh findfont _efh +dup +maxlength dict +CD +dup +/FontName +3 index +put +dup +/Encoding ourvec put +1 index +exch +definefont +pop +} +{exch pop} +ifelse +} +{pop} +ifelse +}bdf +/RFTC{ +dup +FontDirectory exch +known +{pop 3 -1 roll pop} +{RCTC} +ifelse +}bdf +/FDFTC +{ +dup +hasfont +not +{ +pop +/DFMing-Lt-HK-BF +hasfont +{ +/DFMing-Lt-HK-BF +} +{ +/Courier +} +ifelse +} +if +}bdf +/FFTC{ +_bfh +dup +256 string cvs +(|______)exch MN +cvn +dup +FontDirectory +exch known +{ +exch +pop +findfont +3 -1 roll +pop +} +{ +pop +FDFTC +dup findfont +dup maxlength dict +CD +dup dup +/Encoding exch +/Encoding get +256 array copy +7 -1 roll +{ +3 -1 roll +dup +4 -2 roll +put +}forall +put +definefont +} +ifelse +_efh +}bdf +/fps{ +currentflat +exch +dup 0 le{pop 1}if +{ +dup setflat 3 index stopped +{1.3 mul dup 3 index gt{pop setflat pop pop stop}if} +{exit} +ifelse +}loop +pop setflat pop pop +}bdf +/fp{100 currentflat fps}bdf +/clipper{clip}bdf +/W{/clipper load 100 clipflatness dup setflat fps}bdf + +userdict begin /BDFontDict 29 dict def end +BDFontDict begin +/bu{}def +/bn{}def +/setTxMode{av 70 ge{pop}if pop}def +/gm{m}def +/show{pop}def +/gr{pop}def +/fnt{pop pop pop}def +/fs{pop}def +/fz{pop}def +/lin{pop pop}def +/:M {pop pop} def +/sf {pop} def +/S {pop} def +/@b {pop pop pop pop pop pop pop pop} def +/_bdsave /save load def +/_bdrestore /restore load def +/save { dup /fontsave eq {null} {_bdsave} ifelse } def +/restore { dup null eq { pop } { _bdrestore } ifelse } def +/fontsave null def +end +/MacVec 256 array def +MacVec 0 /Helvetica findfont +/Encoding get 0 128 getinterval putinterval +MacVec 127 /DEL put MacVec 16#27 /quotesingle put MacVec 16#60 /grave put +/NUL/SOH/STX/ETX/EOT/ENQ/ACK/BEL/BS/HT/LF/VT/FF/CR/SO/SI +/DLE/DC1/DC2/DC3/DC4/NAK/SYN/ETB/CAN/EM/SUB/ESC/FS/GS/RS/US +MacVec 0 32 getinterval astore pop +/Adieresis/Aring/Ccedilla/Eacute/Ntilde/Odieresis/Udieresis/aacute +/agrave/acircumflex/adieresis/atilde/aring/ccedilla/eacute/egrave +/ecircumflex/edieresis/iacute/igrave/icircumflex/idieresis/ntilde/oacute +/ograve/ocircumflex/odieresis/otilde/uacute/ugrave/ucircumflex/udieresis +/dagger/degree/cent/sterling/section/bullet/paragraph/germandbls +/registered/copyright/trademark/acute/dieresis/notequal/AE/Oslash +/infinity/plusminus/lessequal/greaterequal/yen/mu/partialdiff/summation +/product/pi/integral/ordfeminine/ordmasculine/Omega/ae/oslash +/questiondown/exclamdown/logicalnot/radical/florin/approxequal/Delta/guillemotleft +/guillemotright/ellipsis/nbspace/Agrave/Atilde/Otilde/OE/oe +/endash/emdash/quotedblleft/quotedblright/quoteleft/quoteright/divide/lozenge +/ydieresis/Ydieresis/fraction/currency/guilsinglleft/guilsinglright/fi/fl +/daggerdbl/periodcentered/quotesinglbase/quotedblbase +/perthousand/Acircumflex/Ecircumflex/Aacute +/Edieresis/Egrave/Iacute/Icircumflex/Idieresis/Igrave/Oacute/Ocircumflex +/apple/Ograve/Uacute/Ucircumflex/Ugrave/dotlessi/circumflex/tilde +/macron/breve/dotaccent/ring/cedilla/hungarumlaut/ogonek/caron +MacVec 128 128 getinterval astore pop +/findheaderfont { +/Helvetica findfont +} def +end %. AltsysDict +%%EndResource +%%EndProlog + +%%BeginSetup + +AltsysDict begin +_bfh + +_efh +end %. AltsysDict + +%%EndSetup +AltsysDict begin + +/onlyk4{false}ndf +/ccmyk{dup 5 -1 roll sub 0 max exch}ndf +/cmyk2gray{ +4 -1 roll 0.3 mul 4 -1 roll 0.59 mul 4 -1 roll 0.11 mul +add add add 1 min neg 1 add +}bdf +/setcmykcolor{1 exch sub ccmyk ccmyk ccmyk pop setrgbcolor}ndf +/maxcolor { +max max max +} ndf +/maxspot { +pop +} ndf +/setcmykcoloroverprint{4{dup -1 eq{pop 0}if 4 1 roll}repeat setcmykcolor}ndf +/findcmykcustomcolor{5 packedarray}ndf +/setcustomcolor{exch aload pop pop 4{4 index mul 4 1 roll}repeat setcmykcolor pop}ndf +/setseparationgray{setgray}ndf +/setoverprint{pop}ndf +/currentoverprint false ndf +/cmykbufs2gray{ +0 1 2 index length 1 sub +{ +4 index 1 index get 0.3 mul +4 index 2 index get 0.59 mul +4 index 3 index get 0.11 mul +4 index 4 index get +add add add cvi 255 min +255 exch sub +2 index 3 1 roll put +}for +4 1 roll pop pop pop +}bdf +/colorimage{ +pop pop +[ +5 -1 roll/exec cvx +6 -1 roll/exec cvx +7 -1 roll/exec cvx +8 -1 roll/exec cvx +/cmykbufs2gray cvx +]cvx +image +} +%. version 47.1 on Linotronic of Postscript defines colorimage incorrectly (rgb model only) +version cvr 47.1 le +statusdict /product get (Lino) anchorsearch{pop pop true}{pop false}ifelse +and{userdict begin bdf end}{ndf}ifelse +fhnumcolors 1 ne {/yt save def} if +/customcolorimage{ +aload pop +(_vc_Registration) eq +{ +pop pop pop pop separationimage +} +{ +/ik xdf /iy xdf /im xdf /ic xdf +ic im iy ik cmyk2gray /xt xdf +currenttransfer +{dup 1.0 exch sub xt mul add}concatprocs +st +image +} +ifelse +}ndf +fhnumcolors 1 ne {yt restore} if +fhnumcolors 3 ne {/yt save def} if +/customcolorimage{ +aload pop +(_vc_Registration) eq +{ +pop pop pop pop separationimage +} +{ +/ik xdf /iy xdf /im xdf /ic xdf +1.0 dup ic ik add min sub +1.0 dup im ik add min sub +1.0 dup iy ik add min sub +/ic xdf /iy xdf /im xdf +currentcolortransfer +4 1 roll +{dup 1.0 exch sub ic mul add}concatprocs 4 1 roll +{dup 1.0 exch sub iy mul add}concatprocs 4 1 roll +{dup 1.0 exch sub im mul add}concatprocs 4 1 roll +setcolortransfer +{/dummy xdf dummy}concatprocs{dummy}{dummy}true 3 colorimage +} +ifelse +}ndf +fhnumcolors 3 ne {yt restore} if +fhnumcolors 4 ne {/yt save def} if +/customcolorimage{ +aload pop +(_vc_Registration) eq +{ +pop pop pop pop separationimage +} +{ +/ik xdf /iy xdf /im xdf /ic xdf +currentcolortransfer +{1.0 exch sub ik mul ik sub 1 add}concatprocs 4 1 roll +{1.0 exch sub iy mul iy sub 1 add}concatprocs 4 1 roll +{1.0 exch sub im mul im sub 1 add}concatprocs 4 1 roll +{1.0 exch sub ic mul ic sub 1 add}concatprocs 4 1 roll +setcolortransfer +{/dummy xdf dummy}concatprocs{dummy}{dummy}{dummy} +true 4 colorimage +} +ifelse +}ndf +fhnumcolors 4 ne {yt restore} if +/separationimage{image}ndf +/spotascmyk false ndf +/newcmykcustomcolor{6 packedarray}ndf +/inkoverprint false ndf +/setinkoverprint{pop}ndf +/setspotcolor { +spots exch get +dup 4 get (_vc_Registration) eq +{pop 1 exch sub setseparationgray} +{0 5 getinterval exch setcustomcolor} +ifelse +}ndf +/currentcolortransfer{currenttransfer dup dup dup}ndf +/setcolortransfer{st pop pop pop}ndf +/fas{}ndf +/sas{}ndf +/fhsetspreadsize{pop}ndf +/filler{fill}bdf +/F{gsave {filler}fp grestore}bdf +/f{closepath F}bdf +/S{gsave {stroke}fp grestore}bdf +/s{closepath S}bdf +userdict /islevel2 +systemdict /languagelevel known dup +{ +pop systemdict /languagelevel get 2 ge +} if +put +islevel2 not +{ +/currentcmykcolor +{ +0 0 0 1 currentgray sub +} ndf +} if +/tc +{ +gsave +setcmykcolor currentcmykcolor +grestore +} bind def +/testCMYKColorThrough +{ +tc add add add 0 ne +} bind def +/fhiscomposite where not { +userdict /fhiscomposite +islevel2 +{ +gsave 1 1 1 1 setcmykcolor currentcmykcolor grestore +add add add 4 eq +} +{ +1 0 0 0 testCMYKColorThrough +0 1 0 0 testCMYKColorThrough +0 0 1 0 testCMYKColorThrough +0 0 0 1 testCMYKColorThrough +and and and +} ifelse +put +} +{ pop } +ifelse +/bc4 [0 0 0 0] def +/_lfp4 { +1 pop +/yt xdf +/xt xdf +/ang xdf +storerect +/taperfcn xdf +/k2 xdf /y2 xdf /m2 xdf /c2 xdf +/k1 xdf /y1 xdf /m1 xdf /c1 xdf +c1 c2 sub abs +m1 m2 sub abs +y1 y2 sub abs +k1 k2 sub abs +maxcolor +calcgraysteps mul abs round +height abs adjnumsteps +dup 1 lt {pop 1} if +1 sub /numsteps1 xdf +currentflat mark +currentflat clipflatness +/delta top bottom sub numsteps1 1 add div def +/right right left sub def +/botsv top delta sub def +{ +{ +W +xt yt translate +ang rotate +xt neg yt neg translate +dup setflat +/bottom botsv def +0 1 numsteps1 +{ +numsteps1 dup 0 eq {pop pop 0.5} {div} ifelse +taperfcn /frac xdf +bc4 0 c2 c1 sub frac mul c1 add put +bc4 1 m2 m1 sub frac mul m1 add put +bc4 2 y2 y1 sub frac mul y1 add put +bc4 3 k2 k1 sub frac mul k1 add put +bc4 vc +1 index setflat +{ +mark {newpath left bottom right delta rectfill}stopped +{cleartomark exch 1.3 mul dup setflat exch 2 copy gt{stop}if} +{cleartomark exit}ifelse +}loop +/bottom bottom delta sub def +}for +} +gsave stopped grestore +{exch pop 2 index exch 1.3 mul dup 100 gt{cleartomark setflat stop}if} +{exit}ifelse +}loop +cleartomark setflat +}bdf +/bcs [0 0] def +/_lfs4 { +/yt xdf +/xt xdf +/ang xdf +storerect +/taperfcn xdf +/tint2 xdf +/tint1 xdf +bcs exch 1 exch put +tint1 tint2 sub abs +bcs 1 get maxspot +calcgraysteps mul abs round +height abs adjnumsteps +dup 2 lt {pop 2} if +1 sub /numsteps1 xdf +currentflat mark +currentflat clipflatness +/delta top bottom sub numsteps1 1 add div def +/right right left sub def +/botsv top delta sub def +{ +{ +W +xt yt translate +ang rotate +xt neg yt neg translate +dup setflat +/bottom botsv def +0 1 numsteps1 +{ +numsteps1 div taperfcn /frac xdf +bcs 0 +1.0 tint2 tint1 sub frac mul tint1 add sub +put bcs vc +1 index setflat +{ +mark {newpath left bottom right delta rectfill}stopped +{cleartomark exch 1.3 mul dup setflat exch 2 copy gt{stop}if} +{cleartomark exit}ifelse +}loop +/bottom bottom delta sub def +}for +} +gsave stopped grestore +{exch pop 2 index exch 1.3 mul dup 100 gt{cleartomark setflat stop}if} +{exit}ifelse +}loop +cleartomark setflat +}bdf +/_rfs6 { +/tint2 xdf +/tint1 xdf +bcs exch 1 exch put +/inrad xdf +/radius xdf +/yt xdf +/xt xdf +tint1 tint2 sub abs +bcs 1 get maxspot +calcgraysteps mul abs round +radius inrad sub abs +adjnumsteps +dup 1 lt {pop 1} if +1 sub /numsteps1 xdf +radius inrad sub numsteps1 dup 0 eq {pop} {div} ifelse +2 div /halfstep xdf +currentflat mark +currentflat clipflatness +{ +{ +dup setflat +W +0 1 numsteps1 +{ +dup /radindex xdf +numsteps1 dup 0 eq {pop pop 0.5} {div} ifelse +/frac xdf +bcs 0 +tint2 tint1 sub frac mul tint1 add +put bcs vc +1 index setflat +{ +newpath mark +xt yt radius inrad sub 1 frac sub mul halfstep add inrad add 0 360 +{ arc +radindex numsteps1 ne +inrad 0 gt or +{ +xt yt +numsteps1 0 eq +{ inrad } +{ +radindex 1 add numsteps1 div 1 exch sub +radius inrad sub mul halfstep add inrad add +}ifelse +dup xt add yt moveto +360 0 arcn +} if +fill +}stopped +{cleartomark exch 1.3 mul dup setflat exch 2 copy gt{stop}if} +{cleartomark exit}ifelse +}loop +}for +} +gsave stopped grestore +{exch pop 2 index exch 1.3 mul dup 100 gt{cleartomark setflat stop}if} +{exit}ifelse +}loop +cleartomark setflat +}bdf +/_rfp6 { +1 pop +/k2 xdf /y2 xdf /m2 xdf /c2 xdf +/k1 xdf /y1 xdf /m1 xdf /c1 xdf +/inrad xdf +/radius xdf +/yt xdf +/xt xdf +c1 c2 sub abs +m1 m2 sub abs +y1 y2 sub abs +k1 k2 sub abs +maxcolor +calcgraysteps mul abs round +radius inrad sub abs +adjnumsteps +dup 1 lt {pop 1} if +1 sub /numsteps1 xdf +radius inrad sub numsteps1 dup 0 eq {pop} {div} ifelse +2 div /halfstep xdf +currentflat mark +currentflat clipflatness +{ +{ +dup setflat +W +0 1 numsteps1 +{ +dup /radindex xdf +numsteps1 dup 0 eq {pop pop 0.5} {div} ifelse +/frac xdf +bc4 0 c2 c1 sub frac mul c1 add put +bc4 1 m2 m1 sub frac mul m1 add put +bc4 2 y2 y1 sub frac mul y1 add put +bc4 3 k2 k1 sub frac mul k1 add put +bc4 vc +1 index setflat +{ +newpath mark +xt yt radius inrad sub 1 frac sub mul halfstep add inrad add 0 360 +{ arc +radindex numsteps1 ne +inrad 0 gt or +{ +xt yt +numsteps1 0 eq +{ inrad } +{ +radindex 1 add numsteps1 div 1 exch sub +radius inrad sub mul halfstep add inrad add +}ifelse +dup xt add yt moveto +360 0 arcn +} if +fill +}stopped +{cleartomark exch 1.3 mul dup setflat exch 2 copy gt{stop}if} +{cleartomark exit}ifelse +}loop +}for +} +gsave stopped grestore +{exch pop 2 index exch 1.3 mul dup 100 gt{cleartomark setflat stop}if} +{exit}ifelse +}loop +cleartomark setflat +}bdf +/lfp4{_lfp4}ndf +/lfs4{_lfs4}ndf +/rfs6{_rfs6}ndf +/rfp6{_rfp6}ndf +/cvc [0 0 0 1] def +/vc{ +AltsysDict /cvc 2 index put +aload length dup 4 eq +{pop dup -1 eq{pop setrgbcolor}{setcmykcolor}ifelse} +{6 eq {sethexcolor} {setspotcolor} ifelse } +ifelse +}bdf +0 setseparationgray +/imgr {1692.47 1570.59 2287.75 2412.48 } def +/bleed 0 def +/clpr {1692.47 1570.59 2287.75 2412.48 } def +/xs 1 def +/ys 1 def +/botx 0 def +/overlap 0 def +/wdist 18 def +0 2 mul fhsetspreadsize +0 0 ne {/df 0 def /clipflatness 0 def} if +/maxsteps 256 def +/forcemaxsteps false def +/minsteps 0 def + +userdict begin /AGDOrigMtx matrix currentmatrix def end +vms +0.15 0.15 scale %JND +-1845 -2006 translate + +/currentpacking defed{false setpacking}if +/spots[ + +1 0 0 0 (Process Cyan) false newcmykcustomcolor + +0 1 0 0 (Process Magenta) false newcmykcustomcolor + +0 0 1 0 (Process Yellow) false newcmykcustomcolor + +0 0 0 1 (Process Black) false newcmykcustomcolor +]def +n +[] 0 d +3.863708 M +1 w +0 j +0 J +false setoverprint +0 i +false eomode +[0 0 0 1]vc +vms +1848.4365 2094.0422 m +1848.4365 2140.987 1886.4917 2179.0422 1933.4365 2179.0422 C +1980.3813 2179.0422 2018.4365 2140.987 2018.4365 2094.0422 C +2018.4365 2047.0974 1980.3813 2009.0422 1933.4365 2009.0422 C +1886.4917 2009.0422 1848.4365 2047.0974 1848.4365 2094.0422 C +5.3858 w +3.863693 M +s +n +true eomode +1897.6516 2067.1709 m +1897.6087 2066.5538 L +1885.3743 2066.1319 L +1883.1946 2062.4053 L +1869.9055 2063.9522 L +1869.9055 2067.1712 L +1897.6516 2067.1709 L +h +1944.0852 2067.1709 m +1944.0852 2067.0077 1944.0852 2066.8741 1944.0852 2066.7647 C +1944.1314 2066.5757 1944.1775 2066.4131 1944.2258 2066.2725 C +1945.0213 2065.0992 1946.0056 2064.2554 1947.179 2063.7413 C +1948.3963 2063.2249 1950.0134 2062.9678 1952.0305 2062.9678 C +1956.0142 2062.9678 1959.7627 2063.9522 1963.2805 2065.9209 C +1964.0204 2066.3353 1964.6824 2066.7527 1965.2665 2067.1732 C +1971.313 2067.1709 L +1970.2122 2065.693 1968.5893 2064.3153 1966.4446 2063.0381 C +1962.0369 2060.4585 1956.8821 2059.1709 1950.9758 2059.1709 C +1948.6775 2059.1709 1946.7791 2059.5445 1945.2805 2060.2959 C +1943.7798 2061.0914 1942.5142 2062.357 1941.4837 2064.0928 C +1941.2486 2064.0928 1940.8728 2064.0928 1940.3587 2064.0928 C +1937.5462 2063.9039 1935.4829 2063.8116 1934.1712 2063.8116 C +1929.2954 2063.8116 1925.1228 2064.2796 1921.6555 2065.2178 C +1919.9787 2065.6936 1918.2362 2066.3443 1916.4282 2067.1704 C +1944.0852 2067.1709 L +true setoverprint +f +false setoverprint +n +1884.4125 2075.1709 m +1884.4602 2073.585 L +1893.1087 2073.0225 L +1893.1087 2075.1712 L +1910.8456 2075.1709 L +1910.98 2075.0913 1911.1146 2075.0069 1911.2493 2074.9209 C +1911.9986 2074.3584 1912.583 2073.9585 1913.0071 2073.7256 C +1916.804 2071.4756 1920.2954 2069.9288 1923.4837 2069.085 C +1926.718 2068.2413 1931.0071 2067.8194 1936.3508 2067.8194 C +1940.3587 2067.8194 L +1940.7805 2070.7022 L +1938.9524 2070.8428 1937.522 2071.4053 1936.4915 2072.3897 C +1935.7726 2073.1422 1935.3163 2074.0693 1935.1223 2075.1726 C +1940.1696 2075.1709 L +1940.3293 2074.9768 1940.5095 2074.8018 1940.7102 2074.6397 C +1941.7407 2073.8421 1943.147 2073.4444 1944.929 2073.4444 C +1948.4128 2073.4444 1951.8259 2074.0193 1955.1674 2075.169 C +1963.5704 2075.1709 L +1962.8877 2074.843 1962.0411 2074.4337 1961.0305 2073.9366 C +1958.1697 2072.5303 1955.2166 2071.4976 1952.1712 2070.8428 C +1951.3274 2070.7022 1950.2244 2070.5132 1948.8665 2070.2803 C +1945.6782 2069.7178 1944.0852 2068.8038 1944.0852 2067.5381 C +1944.0852 2067.4017 1944.0852 2067.2776 1944.0852 2067.1658 C +1916.4282 2067.1709 L +1914.4953 2068.0535 1912.4877 2069.1369 1910.4055 2070.4209 C +1910.0759 2070.6539 1909.6321 2070.9593 1909.0696 2071.335 C +1905.9275 2073.5367 1902.9041 2074.6375 1899.9993 2074.6397 C +1899.9509 2074.6397 1899.6939 2074.6155 1899.2258 2074.5694 C +1898.7556 2074.521 1898.4041 2074.5452 1898.1712 2074.6397 C +1897.6516 2067.1709 L +1869.9055 2067.1709 L +1869.9055 2075.1714 L +1884.4125 2075.1709 L +h +1972.5022 2075.1709 m +1972.8687 2074.2606 1973.0523 2073.2652 1973.054 2072.1788 C +1973.054 2070.3983 1972.4736 2068.7289 1971.313 2067.1709 C +1965.2666 2067.1709 L +1967.4581 2068.751 1968.554 2070.3727 1968.554 2072.0381 C +1968.554 2073.0686 1968.2486 2073.9827 1967.6399 2074.7803 C +1967.5373 2074.922 1967.4334 2075.0518 1967.3283 2075.1698 C +1972.5022 2075.1709 L +true setoverprint +f +false setoverprint +n +1869.9055 2075.1709 m +1869.9055 2119.0772 L +1897.1868 2119.8506 L +1897.8899 2114.2256 L +1899.2962 2114.2256 L +1901.0759 2114.2256 1902.7876 2114.5069 1904.429 2115.0694 C +1906.1165 2115.678 1908.2478 2116.825 1910.8274 2118.5147 C +1911.9524 2119.2178 L +1919.5923 2124.1397 1925.4041 2126.6006 1929.3899 2126.6006 C +1930.8423 2126.6006 1932.3408 2126.3655 1933.8899 2125.8975 C +1935.4368 2125.4756 1937.1463 2124.7945 1939.0227 2123.8584 C +1940.1939 2123.9046 1941.8814 2123.9507 1944.0852 2123.9991 C +1950.0376 2124.0914 1954.0674 2124.1375 1956.179 2124.1397 C +1972.7244 2124.1397 1984.583 2123.1311 1991.7571 2121.1163 C +1998.9751 2119.1475 2002.583 2115.9351 2002.5852 2111.4834 C +2002.5852 2107.8272 2000.2869 2105.2959 1995.6946 2103.8897 C +1991.1463 2102.5296 1981.865 2101.8506 1967.8508 2101.8506 C +1963.5618 2101.8506 L +1964.6384 2100.8179 1965.4361 2099.8116 1965.9524 2098.8272 C +1966.4666 2097.8428 1966.7236 2096.8343 1966.7258 2095.8038 C +1966.7258 2095.3335 1966.6314 2094.7952 1966.4446 2094.1866 C +1966.2556 2093.6241 1965.9041 2092.8506 1965.3899 2091.8663 C +1967.1697 2091.1631 1968.5056 2090.1788 1969.3977 2088.9131 C +1970.2876 2087.6936 1970.7315 2086.1929 1970.7337 2084.4131 C +1970.7337 2083.521 1970.615 2082.6311 1970.3821 2081.7413 C +1970.147 2080.8492 1969.7954 2079.9593 1969.3274 2079.0694 C +1970.5447 2078.2256 1971.4588 2077.2171 1972.0696 2076.0459 C +1972.2346 2075.7625 1972.3788 2075.4685 1972.5022 2075.1642 C +1967.3284 2075.1709 L +1966.8077 2075.7539 1966.2562 2076.0459 1965.6712 2076.0459 C +1965.5191 2076.0459 1964.8189 2075.7521 1963.5704 2075.1643 C +1955.1674 2075.1709 L +1956.5004 2075.6277 1957.8219 2076.1778 1959.1321 2076.8194 C +1963.7727 2079.1155 1966.093 2081.5523 1966.093 2084.1319 C +1966.093 2085.303 1965.7173 2086.2632 1964.968 2087.0147 C +1964.2649 2087.764 1963.3508 2088.1375 1962.2258 2088.1397 C +1961.7556 2088.1397 1959.0838 2086.9905 1954.2102 2084.6944 C +1949.3806 2082.396 1944.4368 2080.6624 1939.3743 2079.4913 C +1939.2798 2079.3023 1939.2337 2079.0914 1939.2337 2078.8584 C +1939.2337 2078.6695 1939.2337 2078.3663 1939.2337 2077.9444 C +1939.2337 2076.8248 1939.5456 2075.8974 1940.1695 2075.1644 C +1935.1224 2075.1709 L +1935.0507 2075.5803 1935.0149 2076.012 1935.0149 2076.4678 C +1935.0149 2076.8414 1935.0369 2077.2391 1935.0852 2077.6631 C +1935.1775 2078.085 1935.294 2078.5992 1935.4368 2079.21 C +1934.7337 2079.21 L +1931.9673 2079.21 1929.7876 2080.0296 1928.1946 2081.6709 C +1926.5994 2083.3101 1925.804 2085.514 1925.804 2088.2803 C +1925.804 2088.9834 L +1924.3032 2088.6077 1922.9673 2088.3265 1921.7962 2088.1397 C +1920.6712 2087.9507 1919.6626 2087.8584 1918.7727 2087.8584 C +1916.8501 2087.8584 1914.9517 2088.232 1913.0774 2088.9834 C +1911.2493 2089.7789 1909.2102 2091.0906 1906.9602 2092.9209 C +1906.8196 2094.6084 L +1909.1619 2093.7647 1911.2713 2093.1077 1913.1477 2092.6397 C +1915.022 2092.2178 1916.7556 2092.0069 1918.3508 2092.0069 C +1920.6931 2092.0069 1922.9431 2092.521 1925.1008 2093.5538 C +1927.3025 2094.5843 1929.5986 2096.2476 1931.9915 2098.5459 C +1925.804 2107.7569 L +1927.0696 2109.4444 L +1928.4275 2108.3655 1930.2556 2106.7945 1932.554 2104.7334 C +1938.2251 2099.6226 1942.9361 2097.0694 1946.6868 2097.0694 C +1948.5149 2097.0694 1950.1782 2097.5132 1951.679 2098.4053 C +1953.2258 2099.2952 1953.9993 2100.1851 1953.9993 2101.0772 C +1953.9993 2101.6397 1952.9446 2103.1866 1950.8352 2105.7178 C +1948.772 2108.2491 1946.1946 2111.0374 1943.1008 2114.085 C +1939.4446 2117.6006 1936.7244 2119.8023 1934.9446 2120.6944 C +1933.2088 2121.6304 1931.3103 2122.0984 1929.2493 2122.1006 C +1925.3579 2122.1006 1920.3657 2120.0374 1914.2727 2115.9131 C +1913.5696 2115.4913 1913.0532 2115.1617 1912.7258 2114.9288 C +1909.6321 2112.8194 1907.1228 2111.4131 1905.2024 2110.71 C +1903.2798 2110.053 1901.2166 2109.7256 1899.0149 2109.7256 C +1898.0305 2109.7256 L +1898.0305 2078.6475 L +1899.8587 2078.6475 L +1903.4329 2078.6475 1907.0952 2077.4884 1910.8456 2075.1742 C +1893.1087 2075.1709 L +1893.1087 2115.7725 L +1883.1946 2115.6319 L +1884.4125 2075.171 L +1869.9055 2075.1709 L +h +1957.9368 2101.0772 m +1957.3259 2098.5459 1956.0603 2096.6695 1954.1399 2095.4522 C +1952.2634 2094.2327 1949.6399 2093.6241 1946.2649 2093.6241 C +1945.1861 2093.6241 1943.615 2093.9273 1941.554 2094.5381 C +1939.5369 2095.1929 1938.0383 2095.5203 1937.054 2095.5225 C +1935.3665 2095.5225 1933.679 2094.8194 1931.9915 2093.4131 C +1930.3501 2092.0069 1929.5305 2090.5765 1929.5305 2089.1241 C +1929.5305 2087.107 1930.0447 2085.5601 1931.0774 2084.4834 C +1932.1079 2083.4507 1933.6065 2082.9366 1935.5774 2082.9366 C +1937.5462 2082.9366 1940.1477 2083.4046 1943.3821 2084.3428 C +1946.6626 2085.3272 1949.9673 2086.5928 1953.2962 2088.1397 C +1956.3416 2089.5459 1958.5674 2090.8819 1959.9758 2092.1475 C +1961.3821 2093.4131 1962.0852 2094.6788 1962.0852 2095.9444 C +1962.0852 2096.8343 1961.7556 2097.678 1961.1008 2098.4756 C +1960.4439 2099.3194 1959.3892 2100.1851 1957.9368 2101.0772 C +h +1943.3821 2119.71 m +1946.054 2117.1788 1948.3501 2114.8584 1950.2727 2112.7491 C +1952.2415 2110.6397 1954.0213 2108.5303 1955.6165 2106.4209 C +1958.5696 2106.1397 1961.2876 2105.9288 1963.7727 2105.7881 C +1966.304 2105.6475 1968.6243 2105.5772 1970.7337 2105.5772 C +1980.7642 2105.5772 1987.7471 2106.021 1991.6868 2106.9131 C +1995.6704 2107.803 1997.6611 2109.3719 1997.6633 2111.6241 C +1997.6633 2114.4366 1994.2883 2116.5459 1987.5383 2117.9522 C +1980.8345 2119.4046 1970.8259 2120.1297 1957.5149 2120.1319 C +1955.4055 2120.1319 1953.1555 2120.0835 1950.7649 2119.9913 C +1948.4204 2119.9429 1945.9595 2119.8506 1943.3821 2119.71 C +true setoverprint +f +false setoverprint +n +vmr +vmr +end +%%Trailer diff --git a/doc/xsl/graphics/tip.pdf b/doc/xsl/graphics/tip.pdf Binary files differnew file mode 100644 index 00000000..54f5dedb --- /dev/null +++ b/doc/xsl/graphics/tip.pdf diff --git a/doc/xsl/graphics/warning.eps b/doc/xsl/graphics/warning.eps new file mode 100644 index 00000000..c9473b72 --- /dev/null +++ b/doc/xsl/graphics/warning.eps @@ -0,0 +1,1348 @@ +%!PS-Adobe-2.0 EPSF-1.2 +%%Title: Untitled-3 +%%Creator: FreeHand 9.0 +%%CreationDate: 2002/12/05 8:20 PM +%%BoundingBox: 0 0 29 29 +%%FHPathName:Untitled:FreeHand 9:English:Untitled-3 +%ALDOriginalFile:Untitled:FreeHand 9:English:Untitled-3 +%ALDBoundingBox: -2 -2 29 29 +%%FHPageNum:1 +%%DocumentSuppliedResources: procset Altsys_header 4 0 +%%ColorUsage: Color +%%DocumentProcessColors: Black +%%EndComments +%%BeginResource: procset Altsys_header 4 0 +userdict begin /AltsysDict 300 dict def end +AltsysDict begin +/bdf{bind def}bind def +/xdf{exch def}bdf +/defed{where{pop true}{false}ifelse}bdf +/ndf{1 index where{pop pop pop}{dup xcheck{bind}if def}ifelse}bdf +/d{setdash}bdf +/h{closepath}bdf +/H{}bdf +/J{setlinecap}bdf +/j{setlinejoin}bdf +/M{setmiterlimit}bdf +/n{newpath}bdf +/N{newpath}bdf +/q{gsave}bdf +/Q{grestore}bdf +/w{setlinewidth}bdf +/Xic{matrix invertmatrix concat}bdf +/Xq{matrix currentmatrix mark}bdf +/XQ{cleartomark setmatrix}bdf +/sepdef{ +dup where not +{ +AltsysSepDict +} +if +3 1 roll exch put +}bdf +/st{settransfer}bdf +/colorimage defed /_rci xdf +/cntr 0 def +/readbinarystring{ +/cntr 0 def +2 copy readstring +{ +{ +dup +(\034) search +{ +length exch pop exch +dup length 0 ne +{ +dup dup 0 get 32 sub 0 exch put +/cntr cntr 1 add def +} +{ +pop 1 string dup +0 6 index read pop 32 sub put +}ifelse +3 copy +putinterval pop +1 add +1 index length 1 sub +1 index sub +dup 0 le {pop pop exit}if +getinterval +} +{ +pop exit +} ifelse +} loop +}if +cntr 0 gt +{ +pop 2 copy +dup length cntr sub cntr getinterval +readbinarystring +} if +pop exch pop +} bdf +/_NXLevel2 defed { +_NXLevel2 not { +/colorimage where { +userdict eq { +/_rci false def +} if +} if +} if +} if +/md defed{ +md type /dicttype eq { +/colorimage where { +md eq { +/_rci false def +}if +}if +/settransfer where { +md eq { +/st systemdict /settransfer get def +}if +}if +}if +}if +/setstrokeadjust defed +{ +true setstrokeadjust +/C{curveto}bdf +/L{lineto}bdf +/m{moveto}bdf +} +{ +/dr{transform .25 sub round .25 add +exch .25 sub round .25 add exch itransform}bdf +/C{dr curveto}bdf +/L{dr lineto}bdf +/m{dr moveto}bdf +/setstrokeadjust{pop}bdf +}ifelse +/privrectpath { +4 -2 roll m +dtransform round exch round exch idtransform +2 copy 0 lt exch 0 lt xor +{dup 0 exch rlineto exch 0 rlineto neg 0 exch rlineto} +{exch dup 0 rlineto exch 0 exch rlineto neg 0 rlineto} +ifelse +closepath +}bdf +/rectclip{newpath privrectpath clip newpath}def +/rectfill{gsave newpath privrectpath fill grestore}def +/rectstroke{gsave newpath privrectpath stroke grestore}def +/_fonthacksave false def +/currentpacking defed +{ +/_bfh {/_fonthacksave currentpacking def false setpacking} bdf +/_efh {_fonthacksave setpacking} bdf +} +{ +/_bfh {} bdf +/_efh {} bdf +}ifelse +/packedarray{array astore readonly}ndf +/` +{ +false setoverprint +/-save0- save def +5 index concat +pop +storerect left bottom width height rectclip +pop +/MMdict_count countdictstack def +/MMop_count count 1 sub def +userdict begin +/showpage {} def +0 setgray 0 setlinecap 1 setlinewidth +0 setlinejoin 10 setmiterlimit [] 0 setdash newpath +} bdf +/currentpacking defed{true setpacking}if +/min{2 copy gt{exch}if pop}bdf +/max{2 copy lt{exch}if pop}bdf +/xformfont { currentfont exch makefont setfont } bdf +/fhnumcolors 1 +statusdict begin +/processcolors defed +{ +pop processcolors +} +{ +/deviceinfo defed { +deviceinfo /Colors known { +pop deviceinfo /Colors get +} if +} if +} ifelse +end +def +/printerRes +gsave +matrix defaultmatrix setmatrix +72 72 dtransform +abs exch abs +max +grestore +def +/graycalcs +[ +{Angle Frequency} +{GrayAngle GrayFrequency} +{0 Width Height matrix defaultmatrix idtransform +dup mul exch dup mul add sqrt 72 exch div} +{0 GrayWidth GrayHeight matrix defaultmatrix idtransform +dup mul exch dup mul add sqrt 72 exch div} +] def +/calcgraysteps { +forcemaxsteps +{ +maxsteps +} +{ +/currenthalftone defed +{currenthalftone /dicttype eq}{false}ifelse +{ +currenthalftone begin +HalftoneType 4 le +{graycalcs HalftoneType 1 sub get exec} +{ +HalftoneType 5 eq +{ +Default begin +{graycalcs HalftoneType 1 sub get exec} +end +} +{0 60} +ifelse +} +ifelse +end +} +{ +currentscreen pop exch +} +ifelse +printerRes 300 max exch div exch +2 copy +sin mul round dup mul +3 1 roll +cos mul round dup mul +add 1 add +dup maxsteps gt {pop maxsteps} if +dup minsteps lt {pop minsteps} if +} +ifelse +} bdf +/nextrelease defed { +/languagelevel defed not { +/framebuffer defed { +0 40 string framebuffer 9 1 roll 8 {pop} repeat +dup 516 eq exch 520 eq or +{ +/fhnumcolors 3 def +/currentscreen {60 0 {pop pop 1}}bdf +/calcgraysteps {maxsteps} bdf +}if +}if +}if +}if +fhnumcolors 1 ne { +/calcgraysteps {maxsteps} bdf +} if +/currentpagedevice defed { +currentpagedevice /PreRenderingEnhance known +{ +currentpagedevice /PreRenderingEnhance get +{ +/calcgraysteps +{ +forcemaxsteps +{maxsteps} +{256 maxsteps min} +ifelse +} def +} if +} if +} if +/gradfrequency 144 def +printerRes 1000 lt { +/gradfrequency 72 def +} if +/adjnumsteps { +dup dtransform abs exch abs max +printerRes div +gradfrequency mul +round +5 max +min +}bdf +/goodsep { +spots exch get 4 get dup sepname eq exch (_vc_Registration) eq or +}bdf +/BeginGradation defed +{/bb{BeginGradation}bdf} +{/bb{}bdf} +ifelse +/EndGradation defed +{/eb{EndGradation}bdf} +{/eb{}bdf} +ifelse +/bottom -0 def +/delta -0 def +/frac -0 def +/height -0 def +/left -0 def +/numsteps1 -0 def +/radius -0 def +/right -0 def +/top -0 def +/width -0 def +/xt -0 def +/yt -0 def +/df currentflat def +/tempstr 1 string def +/clipflatness currentflat def +/inverted? +0 currenttransfer exec .5 ge def +/tc1 [0 0 0 1] def +/tc2 [0 0 0 1] def +/storerect{/top xdf /right xdf /bottom xdf /left xdf +/width right left sub def /height top bottom sub def}bdf +/concatprocs{ +systemdict /packedarray known +{dup type /packedarraytype eq 2 index type /packedarraytype eq or}{false}ifelse +{ +/proc2 exch cvlit def /proc1 exch cvlit def +proc1 aload pop proc2 aload pop +proc1 length proc2 length add packedarray cvx +} +{ +/proc2 exch cvlit def /proc1 exch cvlit def +/newproc proc1 length proc2 length add array def +newproc 0 proc1 putinterval newproc proc1 length proc2 putinterval +newproc cvx +}ifelse +}bdf +/i{dup 0 eq +{pop df dup} +{dup} ifelse +/clipflatness xdf setflat +}bdf +version cvr 38.0 le +{/setrgbcolor{ +currenttransfer exec 3 1 roll +currenttransfer exec 3 1 roll +currenttransfer exec 3 1 roll +setrgbcolor}bdf}if +/vms {/vmsv save def} bdf +/vmr {vmsv restore} bdf +/vmrs{vmsv restore /vmsv save def}bdf +/eomode{ +{/filler /eofill load def /clipper /eoclip load def} +{/filler /fill load def /clipper /clip load def} +ifelse +}bdf +/normtaper{}bdf +/logtaper{9 mul 1 add log}bdf +/CD{ +/NF exch def +{ +exch dup +/FID ne 1 index/UniqueID ne and +{exch NF 3 1 roll put} +{pop pop} +ifelse +}forall +NF +}bdf +/MN{ +1 index length +/Len exch def +dup length Len add +string dup +Len +4 -1 roll +putinterval +dup +0 +4 -1 roll +putinterval +}bdf +/RC{4 -1 roll /ourvec xdf 256 string cvs(|______)anchorsearch +{1 index MN cvn/NewN exch def cvn +findfont dup maxlength dict CD dup/FontName NewN put dup +/Encoding ourvec put NewN exch definefont pop}{pop}ifelse}bdf +/RF{ +dup +FontDirectory exch +known +{pop 3 -1 roll pop} +{RC} +ifelse +}bdf +/FF{dup 256 string cvs(|______)exch MN cvn dup FontDirectory exch known +{exch pop findfont 3 -1 roll pop} +{pop dup findfont dup maxlength dict CD dup dup +/Encoding exch /Encoding get 256 array copy 7 -1 roll +{3 -1 roll dup 4 -2 roll put}forall put definefont} +ifelse}bdf +/RCJ{4 -1 roll +/ourvec xdf +256 string cvs +(|______) anchorsearch +{pop +cvn +dup FDFJ +exch +1 index +eq +{ +_bfh findfont _efh +dup +maxlength dict +CD +dup +/FontName +3 index +put +dup +/Encoding ourvec put +1 index +exch +definefont +pop +} +{exch pop} +ifelse +} +{pop} +ifelse +}bdf +/RFJ{ +dup +FontDirectory exch +known +{pop 3 -1 roll pop} +{RCJ} +ifelse +}bdf +/hasfont +{ +/resourcestatus where +{ +pop +/Font resourcestatus +{ +pop pop true +} +{ +false +} +ifelse +} +{ +dup FontDirectory exch known +{pop true} +{ +256 string +cvs +(fonts/) exch MN +status +{pop pop pop pop true} +{false} +ifelse +} +ifelse +} +ifelse +}bdf +/FDFJ +{ +dup +hasfont +not +{ +pop +/Ryumin-Light-83pv-RKSJ-H +hasfont +{ +/Ryumin-Light-83pv-RKSJ-H +} +{ +/Courier +} +ifelse +} +if +}bdf +/FFJ{ +_bfh +dup +256 string cvs +(|______)exch MN +cvn +dup +FontDirectory +exch known +{ +exch +pop +findfont +3 -1 roll +pop +} +{ +pop +FDFJ +dup findfont +dup maxlength dict +CD +dup dup +/Encoding exch +/Encoding get +256 array copy +7 -1 roll +{ +3 -1 roll +dup +4 -2 roll +put +}forall +put +definefont +} +ifelse +_efh +}bdf +/GS { +dup +hasfont +{ +findfont +exch makesetfont +exch +pop +ts +} +{ +pop pop pop +ts +} ifelse +} bdf +/RCK{4 -1 roll +/ourvec xdf +256 string cvs +(|______) anchorsearch +{pop +cvn +dup FDFK +exch +1 index +eq +{ +_bfh findfont _efh +dup +maxlength dict +CD +dup +/FontName +3 index +put +dup +/Encoding ourvec put +1 index +exch +definefont +pop +} +{exch pop} +ifelse +} +{pop} +ifelse +}bdf +/RFK{ +dup +FontDirectory exch +known +{pop 3 -1 roll pop} +{RCK} +ifelse +}bdf +/hasfont +{ +/resourcestatus where +{ +pop +/Font resourcestatus +{ +pop pop true +} +{ +false +} +ifelse +} +{ +dup FontDirectory exch known +{pop true} +{ +256 string +cvs +(fonts/) exch MN +status +{pop pop pop pop true} +{false} +ifelse +} +ifelse +} +ifelse +}bdf +/FDFK +{ +dup +hasfont +not +{ +pop +/JCsm +hasfont +{ +/JCsm +} +{ +/Courier +} +ifelse +} +if +}bdf +/FFK{ +_bfh +dup +256 string cvs +(|______)exch MN +cvn +dup +FontDirectory +exch known +{ +exch +pop +findfont +3 -1 roll +pop +} +{ +pop +FDFK +dup findfont +dup maxlength dict +CD +dup dup +/Encoding exch +/Encoding get +256 array copy +7 -1 roll +{ +3 -1 roll +dup +4 -2 roll +put +}forall +put +definefont +} +ifelse +_efh +}bdf +/RCTC{4 -1 roll +/ourvec xdf +256 string cvs +(|______) anchorsearch +{pop +cvn +dup FDFTC +exch +1 index +eq +{ +_bfh findfont _efh +dup +maxlength dict +CD +dup +/FontName +3 index +put +dup +/Encoding ourvec put +1 index +exch +definefont +pop +} +{exch pop} +ifelse +} +{pop} +ifelse +}bdf +/RFTC{ +dup +FontDirectory exch +known +{pop 3 -1 roll pop} +{RCTC} +ifelse +}bdf +/FDFTC +{ +dup +hasfont +not +{ +pop +/DFMing-Lt-HK-BF +hasfont +{ +/DFMing-Lt-HK-BF +} +{ +/Courier +} +ifelse +} +if +}bdf +/FFTC{ +_bfh +dup +256 string cvs +(|______)exch MN +cvn +dup +FontDirectory +exch known +{ +exch +pop +findfont +3 -1 roll +pop +} +{ +pop +FDFTC +dup findfont +dup maxlength dict +CD +dup dup +/Encoding exch +/Encoding get +256 array copy +7 -1 roll +{ +3 -1 roll +dup +4 -2 roll +put +}forall +put +definefont +} +ifelse +_efh +}bdf +/fps{ +currentflat +exch +dup 0 le{pop 1}if +{ +dup setflat 3 index stopped +{1.3 mul dup 3 index gt{pop setflat pop pop stop}if} +{exit} +ifelse +}loop +pop setflat pop pop +}bdf +/fp{100 currentflat fps}bdf +/clipper{clip}bdf +/W{/clipper load 100 clipflatness dup setflat fps}bdf + +userdict begin /BDFontDict 29 dict def end +BDFontDict begin +/bu{}def +/bn{}def +/setTxMode{av 70 ge{pop}if pop}def +/gm{m}def +/show{pop}def +/gr{pop}def +/fnt{pop pop pop}def +/fs{pop}def +/fz{pop}def +/lin{pop pop}def +/:M {pop pop} def +/sf {pop} def +/S {pop} def +/@b {pop pop pop pop pop pop pop pop} def +/_bdsave /save load def +/_bdrestore /restore load def +/save { dup /fontsave eq {null} {_bdsave} ifelse } def +/restore { dup null eq { pop } { _bdrestore } ifelse } def +/fontsave null def +end +/MacVec 256 array def +MacVec 0 /Helvetica findfont +/Encoding get 0 128 getinterval putinterval +MacVec 127 /DEL put MacVec 16#27 /quotesingle put MacVec 16#60 /grave put +/NUL/SOH/STX/ETX/EOT/ENQ/ACK/BEL/BS/HT/LF/VT/FF/CR/SO/SI +/DLE/DC1/DC2/DC3/DC4/NAK/SYN/ETB/CAN/EM/SUB/ESC/FS/GS/RS/US +MacVec 0 32 getinterval astore pop +/Adieresis/Aring/Ccedilla/Eacute/Ntilde/Odieresis/Udieresis/aacute +/agrave/acircumflex/adieresis/atilde/aring/ccedilla/eacute/egrave +/ecircumflex/edieresis/iacute/igrave/icircumflex/idieresis/ntilde/oacute +/ograve/ocircumflex/odieresis/otilde/uacute/ugrave/ucircumflex/udieresis +/dagger/degree/cent/sterling/section/bullet/paragraph/germandbls +/registered/copyright/trademark/acute/dieresis/notequal/AE/Oslash +/infinity/plusminus/lessequal/greaterequal/yen/mu/partialdiff/summation +/product/pi/integral/ordfeminine/ordmasculine/Omega/ae/oslash +/questiondown/exclamdown/logicalnot/radical/florin/approxequal/Delta/guillemotleft +/guillemotright/ellipsis/nbspace/Agrave/Atilde/Otilde/OE/oe +/endash/emdash/quotedblleft/quotedblright/quoteleft/quoteright/divide/lozenge +/ydieresis/Ydieresis/fraction/currency/guilsinglleft/guilsinglright/fi/fl +/daggerdbl/periodcentered/quotesinglbase/quotedblbase +/perthousand/Acircumflex/Ecircumflex/Aacute +/Edieresis/Egrave/Iacute/Icircumflex/Idieresis/Igrave/Oacute/Ocircumflex +/apple/Ograve/Uacute/Ucircumflex/Ugrave/dotlessi/circumflex/tilde +/macron/breve/dotaccent/ring/cedilla/hungarumlaut/ogonek/caron +MacVec 128 128 getinterval astore pop +/findheaderfont { +/Helvetica findfont +} def +end %. AltsysDict +%%EndResource +%%EndProlog + +%%BeginSetup + +AltsysDict begin +_bfh + +_efh +end %. AltsysDict + +%%EndSetup +AltsysDict begin + +/onlyk4{false}ndf +/ccmyk{dup 5 -1 roll sub 0 max exch}ndf +/cmyk2gray{ +4 -1 roll 0.3 mul 4 -1 roll 0.59 mul 4 -1 roll 0.11 mul +add add add 1 min neg 1 add +}bdf +/setcmykcolor{1 exch sub ccmyk ccmyk ccmyk pop setrgbcolor}ndf +/maxcolor { +max max max +} ndf +/maxspot { +pop +} ndf +/setcmykcoloroverprint{4{dup -1 eq{pop 0}if 4 1 roll}repeat setcmykcolor}ndf +/findcmykcustomcolor{5 packedarray}ndf +/setcustomcolor{exch aload pop pop 4{4 index mul 4 1 roll}repeat setcmykcolor pop}ndf +/setseparationgray{setgray}ndf +/setoverprint{pop}ndf +/currentoverprint false ndf +/cmykbufs2gray{ +0 1 2 index length 1 sub +{ +4 index 1 index get 0.3 mul +4 index 2 index get 0.59 mul +4 index 3 index get 0.11 mul +4 index 4 index get +add add add cvi 255 min +255 exch sub +2 index 3 1 roll put +}for +4 1 roll pop pop pop +}bdf +/colorimage{ +pop pop +[ +5 -1 roll/exec cvx +6 -1 roll/exec cvx +7 -1 roll/exec cvx +8 -1 roll/exec cvx +/cmykbufs2gray cvx +]cvx +image +} +%. version 47.1 on Linotronic of Postscript defines colorimage incorrectly (rgb model only) +version cvr 47.1 le +statusdict /product get (Lino) anchorsearch{pop pop true}{pop false}ifelse +and{userdict begin bdf end}{ndf}ifelse +fhnumcolors 1 ne {/yt save def} if +/customcolorimage{ +aload pop +(_vc_Registration) eq +{ +pop pop pop pop separationimage +} +{ +/ik xdf /iy xdf /im xdf /ic xdf +ic im iy ik cmyk2gray /xt xdf +currenttransfer +{dup 1.0 exch sub xt mul add}concatprocs +st +image +} +ifelse +}ndf +fhnumcolors 1 ne {yt restore} if +fhnumcolors 3 ne {/yt save def} if +/customcolorimage{ +aload pop +(_vc_Registration) eq +{ +pop pop pop pop separationimage +} +{ +/ik xdf /iy xdf /im xdf /ic xdf +1.0 dup ic ik add min sub +1.0 dup im ik add min sub +1.0 dup iy ik add min sub +/ic xdf /iy xdf /im xdf +currentcolortransfer +4 1 roll +{dup 1.0 exch sub ic mul add}concatprocs 4 1 roll +{dup 1.0 exch sub iy mul add}concatprocs 4 1 roll +{dup 1.0 exch sub im mul add}concatprocs 4 1 roll +setcolortransfer +{/dummy xdf dummy}concatprocs{dummy}{dummy}true 3 colorimage +} +ifelse +}ndf +fhnumcolors 3 ne {yt restore} if +fhnumcolors 4 ne {/yt save def} if +/customcolorimage{ +aload pop +(_vc_Registration) eq +{ +pop pop pop pop separationimage +} +{ +/ik xdf /iy xdf /im xdf /ic xdf +currentcolortransfer +{1.0 exch sub ik mul ik sub 1 add}concatprocs 4 1 roll +{1.0 exch sub iy mul iy sub 1 add}concatprocs 4 1 roll +{1.0 exch sub im mul im sub 1 add}concatprocs 4 1 roll +{1.0 exch sub ic mul ic sub 1 add}concatprocs 4 1 roll +setcolortransfer +{/dummy xdf dummy}concatprocs{dummy}{dummy}{dummy} +true 4 colorimage +} +ifelse +}ndf +fhnumcolors 4 ne {yt restore} if +/separationimage{image}ndf +/spotascmyk false ndf +/newcmykcustomcolor{6 packedarray}ndf +/inkoverprint false ndf +/setinkoverprint{pop}ndf +/setspotcolor { +spots exch get +dup 4 get (_vc_Registration) eq +{pop 1 exch sub setseparationgray} +{0 5 getinterval exch setcustomcolor} +ifelse +}ndf +/currentcolortransfer{currenttransfer dup dup dup}ndf +/setcolortransfer{st pop pop pop}ndf +/fas{}ndf +/sas{}ndf +/fhsetspreadsize{pop}ndf +/filler{fill}bdf +/F{gsave {filler}fp grestore}bdf +/f{closepath F}bdf +/S{gsave {stroke}fp grestore}bdf +/s{closepath S}bdf +userdict /islevel2 +systemdict /languagelevel known dup +{ +pop systemdict /languagelevel get 2 ge +} if +put +islevel2 not +{ +/currentcmykcolor +{ +0 0 0 1 currentgray sub +} ndf +} if +/tc +{ +gsave +setcmykcolor currentcmykcolor +grestore +} bind def +/testCMYKColorThrough +{ +tc add add add 0 ne +} bind def +/fhiscomposite where not { +userdict /fhiscomposite +islevel2 +{ +gsave 1 1 1 1 setcmykcolor currentcmykcolor grestore +add add add 4 eq +} +{ +1 0 0 0 testCMYKColorThrough +0 1 0 0 testCMYKColorThrough +0 0 1 0 testCMYKColorThrough +0 0 0 1 testCMYKColorThrough +and and and +} ifelse +put +} +{ pop } +ifelse +/bc4 [0 0 0 0] def +/_lfp4 { +1 pop +/yt xdf +/xt xdf +/ang xdf +storerect +/taperfcn xdf +/k2 xdf /y2 xdf /m2 xdf /c2 xdf +/k1 xdf /y1 xdf /m1 xdf /c1 xdf +c1 c2 sub abs +m1 m2 sub abs +y1 y2 sub abs +k1 k2 sub abs +maxcolor +calcgraysteps mul abs round +height abs adjnumsteps +dup 1 lt {pop 1} if +1 sub /numsteps1 xdf +currentflat mark +currentflat clipflatness +/delta top bottom sub numsteps1 1 add div def +/right right left sub def +/botsv top delta sub def +{ +{ +W +xt yt translate +ang rotate +xt neg yt neg translate +dup setflat +/bottom botsv def +0 1 numsteps1 +{ +numsteps1 dup 0 eq {pop pop 0.5} {div} ifelse +taperfcn /frac xdf +bc4 0 c2 c1 sub frac mul c1 add put +bc4 1 m2 m1 sub frac mul m1 add put +bc4 2 y2 y1 sub frac mul y1 add put +bc4 3 k2 k1 sub frac mul k1 add put +bc4 vc +1 index setflat +{ +mark {newpath left bottom right delta rectfill}stopped +{cleartomark exch 1.3 mul dup setflat exch 2 copy gt{stop}if} +{cleartomark exit}ifelse +}loop +/bottom bottom delta sub def +}for +} +gsave stopped grestore +{exch pop 2 index exch 1.3 mul dup 100 gt{cleartomark setflat stop}if} +{exit}ifelse +}loop +cleartomark setflat +}bdf +/bcs [0 0] def +/_lfs4 { +/yt xdf +/xt xdf +/ang xdf +storerect +/taperfcn xdf +/tint2 xdf +/tint1 xdf +bcs exch 1 exch put +tint1 tint2 sub abs +bcs 1 get maxspot +calcgraysteps mul abs round +height abs adjnumsteps +dup 2 lt {pop 2} if +1 sub /numsteps1 xdf +currentflat mark +currentflat clipflatness +/delta top bottom sub numsteps1 1 add div def +/right right left sub def +/botsv top delta sub def +{ +{ +W +xt yt translate +ang rotate +xt neg yt neg translate +dup setflat +/bottom botsv def +0 1 numsteps1 +{ +numsteps1 div taperfcn /frac xdf +bcs 0 +1.0 tint2 tint1 sub frac mul tint1 add sub +put bcs vc +1 index setflat +{ +mark {newpath left bottom right delta rectfill}stopped +{cleartomark exch 1.3 mul dup setflat exch 2 copy gt{stop}if} +{cleartomark exit}ifelse +}loop +/bottom bottom delta sub def +}for +} +gsave stopped grestore +{exch pop 2 index exch 1.3 mul dup 100 gt{cleartomark setflat stop}if} +{exit}ifelse +}loop +cleartomark setflat +}bdf +/_rfs6 { +/tint2 xdf +/tint1 xdf +bcs exch 1 exch put +/inrad xdf +/radius xdf +/yt xdf +/xt xdf +tint1 tint2 sub abs +bcs 1 get maxspot +calcgraysteps mul abs round +radius inrad sub abs +adjnumsteps +dup 1 lt {pop 1} if +1 sub /numsteps1 xdf +radius inrad sub numsteps1 dup 0 eq {pop} {div} ifelse +2 div /halfstep xdf +currentflat mark +currentflat clipflatness +{ +{ +dup setflat +W +0 1 numsteps1 +{ +dup /radindex xdf +numsteps1 dup 0 eq {pop pop 0.5} {div} ifelse +/frac xdf +bcs 0 +tint2 tint1 sub frac mul tint1 add +put bcs vc +1 index setflat +{ +newpath mark +xt yt radius inrad sub 1 frac sub mul halfstep add inrad add 0 360 +{ arc +radindex numsteps1 ne +inrad 0 gt or +{ +xt yt +numsteps1 0 eq +{ inrad } +{ +radindex 1 add numsteps1 div 1 exch sub +radius inrad sub mul halfstep add inrad add +}ifelse +dup xt add yt moveto +360 0 arcn +} if +fill +}stopped +{cleartomark exch 1.3 mul dup setflat exch 2 copy gt{stop}if} +{cleartomark exit}ifelse +}loop +}for +} +gsave stopped grestore +{exch pop 2 index exch 1.3 mul dup 100 gt{cleartomark setflat stop}if} +{exit}ifelse +}loop +cleartomark setflat +}bdf +/_rfp6 { +1 pop +/k2 xdf /y2 xdf /m2 xdf /c2 xdf +/k1 xdf /y1 xdf /m1 xdf /c1 xdf +/inrad xdf +/radius xdf +/yt xdf +/xt xdf +c1 c2 sub abs +m1 m2 sub abs +y1 y2 sub abs +k1 k2 sub abs +maxcolor +calcgraysteps mul abs round +radius inrad sub abs +adjnumsteps +dup 1 lt {pop 1} if +1 sub /numsteps1 xdf +radius inrad sub numsteps1 dup 0 eq {pop} {div} ifelse +2 div /halfstep xdf +currentflat mark +currentflat clipflatness +{ +{ +dup setflat +W +0 1 numsteps1 +{ +dup /radindex xdf +numsteps1 dup 0 eq {pop pop 0.5} {div} ifelse +/frac xdf +bc4 0 c2 c1 sub frac mul c1 add put +bc4 1 m2 m1 sub frac mul m1 add put +bc4 2 y2 y1 sub frac mul y1 add put +bc4 3 k2 k1 sub frac mul k1 add put +bc4 vc +1 index setflat +{ +newpath mark +xt yt radius inrad sub 1 frac sub mul halfstep add inrad add 0 360 +{ arc +radindex numsteps1 ne +inrad 0 gt or +{ +xt yt +numsteps1 0 eq +{ inrad } +{ +radindex 1 add numsteps1 div 1 exch sub +radius inrad sub mul halfstep add inrad add +}ifelse +dup xt add yt moveto +360 0 arcn +} if +fill +}stopped +{cleartomark exch 1.3 mul dup setflat exch 2 copy gt{stop}if} +{cleartomark exit}ifelse +}loop +}for +} +gsave stopped grestore +{exch pop 2 index exch 1.3 mul dup 100 gt{cleartomark setflat stop}if} +{exit}ifelse +}loop +cleartomark setflat +}bdf +/lfp4{_lfp4}ndf +/lfs4{_lfs4}ndf +/rfs6{_rfs6}ndf +/rfp6{_rfp6}ndf +/cvc [0 0 0 1] def +/vc{ +AltsysDict /cvc 2 index put +aload length dup 4 eq +{pop dup -1 eq{pop setrgbcolor}{setcmykcolor}ifelse} +{6 eq {sethexcolor} {setspotcolor} ifelse } +ifelse +}bdf +0 setseparationgray +/imgr {1692.47 1570.59 1723.65 1601.77 } def +/bleed 0 def +/clpr {1692.47 1570.59 1723.65 1601.77 } def +/xs 1 def +/ys 1 def +/botx 0 def +/overlap 0 def +/wdist 18 def +0 2 mul fhsetspreadsize +0 0 ne {/df 0 def /clipflatness 0 def} if +/maxsteps 256 def +/forcemaxsteps false def +/minsteps 0 def + +userdict begin /AGDOrigMtx matrix currentmatrix def end +vms +-1694 -1572 translate + +/currentpacking defed{false setpacking}if +/spots[ + +1 0 0 0 (Process Cyan) false newcmykcustomcolor + +0 1 0 0 (Process Magenta) false newcmykcustomcolor + +0 0 1 0 (Process Yellow) false newcmykcustomcolor + +0 0 0 1 (Process Black) false newcmykcustomcolor +]def +n +[] 0 d +3.863708 M +1 w +0 j +0 J +false setoverprint +0 i +false eomode +[0 0 0 1]vc +vms +q +[1 0 0 1 -249.981674 -586.867554] concat +vms +1946.9506 2177.5114 m +1954.4907 2185.0516 L +1956.7047 2187.2656 1960.2943 2187.2656 1962.5083 2185.0516 C +1970.0485 2177.5114 L +1972.2625 2175.2974 1972.2625 2171.7078 1970.0485 2169.4938 C +1962.5083 2161.9537 L +1960.2943 2159.7396 1956.7047 2159.7396 1954.4907 2161.9537 C +1946.9506 2169.4938 L +1944.7365 2171.7078 1944.7365 2175.2974 1946.9506 2177.5114 C +s +n +true eomode +1958.5469 2181.0039 m +1959.2148 2181.0039 1959.7012 2180.9296 1960.0059 2180.7813 C +1960.3142 2180.6326 1960.4684 2180.363 1960.4688 2179.9727 C +1960.4688 2179.7383 1960.3398 2178.8026 1960.082 2177.166 C +1959.0742 2170.4219 L +1958.9373 2170.3241 1958.7615 2170.2754 1958.5469 2170.2754 C +1958.3319 2170.2754 1958.1561 2170.3241 1958.0195 2170.4219 C +1957.0117 2177.166 L +1956.7539 2178.8026 1956.625 2179.7379 1956.625 2179.9727 C +1956.625 2180.363 1956.7792 2180.6326 1957.0879 2180.7813 C +1957.4003 2180.9296 1957.8866 2181.0035 1958.5469 2181.0039 C +h +1958.5469 2165.166 m +1958.0389 2165.166 1957.5878 2165.3499 1957.1934 2165.7168 C +1956.7986 2166.0837 1956.6016 2166.5485 1956.6016 2167.1113 C +1956.6016 2167.6698 1956.7891 2168.1404 1957.1641 2168.5234 C +1957.5427 2168.9102 1958.0038 2169.1035 1958.5469 2169.1035 C +1959.1094 2169.1035 1959.5741 2168.9043 1959.9414 2168.5059 C +1960.3083 2168.1074 1960.4918 2167.6423 1960.4922 2167.1113 C +1960.4922 2166.748 1960.4102 2166.4177 1960.2461 2166.1211 C +1960.082 2165.8241 1959.8513 2165.5916 1959.5547 2165.4238 C +1959.2577 2165.2521 1958.9219 2165.1664 1958.5469 2165.166 C +true setoverprint +f +false setoverprint +n +vmr +Q +false eomode +vmr +vmr +end +%%Trailer diff --git a/doc/xsl/graphics/warning.pdf b/doc/xsl/graphics/warning.pdf Binary files differnew file mode 100644 index 00000000..bc548d52 --- /dev/null +++ b/doc/xsl/graphics/warning.pdf diff --git a/docutil/HTML_COPYRIGHT b/docutil/HTML_COPYRIGHT new file mode 100644 index 00000000..82c7e911 --- /dev/null +++ b/docutil/HTML_COPYRIGHT @@ -0,0 +1,7 @@ +<!-- + - Copyright (C) 1996-2016 Internet Systems Consortium, Inc. ("ISC") + - + - This Source Code Form is subject to the terms of the Mozilla Public + - License, v. 2.0. If a copy of the MPL was not distributed with this + - file, You can obtain one at http://mozilla.org/MPL/2.0/. +--> diff --git a/docutil/MAN_COPYRIGHT b/docutil/MAN_COPYRIGHT new file mode 100644 index 00000000..b00f6c30 --- /dev/null +++ b/docutil/MAN_COPYRIGHT @@ -0,0 +1,7 @@ +.\" +.\" Copyright (C) 1996-2016 Internet Systems Consortium, Inc. ("ISC") +.\" +.\" This Source Code Form is subject to the terms of the Mozilla Public +.\" License, v. 2.0. If a copy of the MPL was not distributed with this +.\" file, You can obtain one at http://mozilla.org/MPL/2.0/. +.\" diff --git a/lib/bind9/check.c b/lib/bind9/check.c index 222ec4a1..5ac9a818 100644 --- a/lib/bind9/check.c +++ b/lib/bind9/check.c @@ -1967,78 +1967,6 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions, const cfg_listelt_t *element; bool dlz; dns_masterformat_t masterformat; -<<<<<<< HEAD - isc_boolean_t ddns = ISC_FALSE; - - static optionstable options[] = { - { "allow-notify", SLAVEZONE | CHECKACL }, - { "allow-query", MASTERZONE | SLAVEZONE | STUBZONE | REDIRECTZONE | - CHECKACL | STATICSTUBZONE }, - { "allow-transfer", MASTERZONE | SLAVEZONE | CHECKACL }, - { "allow-update", MASTERZONE | CHECKACL }, - { "allow-update-forwarding", SLAVEZONE | CHECKACL }, - { "also-notify", MASTERZONE | SLAVEZONE }, - { "auto-dnssec", MASTERZONE | SLAVEZONE }, - { "check-dup-records", MASTERZONE }, - { "check-mx", MASTERZONE }, - { "check-mx-cname", MASTERZONE }, - { "check-srv-cname", MASTERZONE }, - { "check-wildcard", MASTERZONE }, - { "database", MASTERZONE | SLAVEZONE | STUBZONE | REDIRECTZONE }, - { "delegation-only", HINTZONE | STUBZONE | FORWARDZONE | - DELEGATIONZONE }, - { "dialup", MASTERZONE | SLAVEZONE | STUBZONE | STREDIRECTZONE }, - { "dnssec-dnskey-kskonly", MASTERZONE | SLAVEZONE }, - { "dnssec-loadkeys-interval", MASTERZONE | SLAVEZONE }, - { "dnssec-secure-to-insecure", MASTERZONE }, - { "file", MASTERZONE | SLAVEZONE | STUBZONE | HINTZONE | REDIRECTZONE }, - { "forward", MASTERZONE | SLAVEZONE | STUBZONE | STATICSTUBZONE | - FORWARDZONE }, - { "forwarders", MASTERZONE | SLAVEZONE | STUBZONE | STATICSTUBZONE | - FORWARDZONE }, - { "integrity-check", MASTERZONE }, - { "ixfr-base", MASTERZONE | SLAVEZONE }, - { "ixfr-tmp-file", MASTERZONE | SLAVEZONE }, - { "journal", MASTERZONE | SLAVEZONE | STREDIRECTZONE }, - { "key-directory", MASTERZONE | SLAVEZONE }, - { "maintain-ixfr-base", MASTERZONE | SLAVEZONE | STREDIRECTZONE }, - { "masterfile-format", MASTERZONE | SLAVEZONE | STUBZONE | - REDIRECTZONE }, - { "masters", SLAVEZONE | STUBZONE | REDIRECTZONE }, - { "max-ixfr-log-size", MASTERZONE | SLAVEZONE | STREDIRECTZONE }, - { "max-records", MASTERZONE | SLAVEZONE | STUBZONE | STREDIRECTZONE | - STATICSTUBZONE | REDIRECTZONE }, - { "max-refresh-time", SLAVEZONE | STUBZONE | STREDIRECTZONE }, - { "max-retry-time", SLAVEZONE | STUBZONE | STREDIRECTZONE }, - { "max-transfer-idle-in", SLAVEZONE | STUBZONE | STREDIRECTZONE }, - { "max-transfer-idle-out", MASTERZONE | SLAVEZONE }, - { "max-transfer-time-in", SLAVEZONE | STUBZONE | STREDIRECTZONE }, - { "max-transfer-time-out", MASTERZONE | SLAVEZONE }, - { "max-zone-ttl", MASTERZONE | REDIRECTZONE }, - { "min-refresh-time", SLAVEZONE | STUBZONE | STREDIRECTZONE }, - { "min-retry-time", SLAVEZONE | STUBZONE | STREDIRECTZONE }, - { "notify", MASTERZONE | SLAVEZONE }, - { "notify-source", MASTERZONE | SLAVEZONE }, - { "notify-source-v6", MASTERZONE | SLAVEZONE }, - { "pubkey", MASTERZONE | SLAVEZONE | STUBZONE }, - { "request-expire", SLAVEZONE | REDIRECTZONE }, - { "request-ixfr", SLAVEZONE | REDIRECTZONE }, - { "server-addresses", STATICSTUBZONE }, - { "server-names", STATICSTUBZONE }, - { "sig-re-signing-interval", MASTERZONE | SLAVEZONE }, - { "sig-signing-nodes", MASTERZONE | SLAVEZONE }, - { "sig-signing-signatures", MASTERZONE | SLAVEZONE }, - { "sig-signing-type", MASTERZONE | SLAVEZONE }, - { "sig-validity-interval", MASTERZONE | SLAVEZONE }, - { "signing", MASTERZONE | SLAVEZONE }, - { "transfer-source", SLAVEZONE | STUBZONE | STREDIRECTZONE }, - { "transfer-source-v6", SLAVEZONE | STUBZONE | STREDIRECTZONE }, - { "try-tcp-refresh", SLAVEZONE | STREDIRECTZONE }, - { "update-check-ksk", MASTERZONE | SLAVEZONE }, - { "update-policy", MASTERZONE }, - { "zone-statistics", MASTERZONE | SLAVEZONE | STUBZONE | - STATICSTUBZONE | REDIRECTZONE }, -======= bool ddns = false; const void *clauses = NULL; const char *option = NULL; @@ -2047,7 +1975,6 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions, "allow-transfer", "allow-update", "allow-update-forwarding", ->>>>>>> upstream/9.14.4 }; static optionstable dialups[] = { diff --git a/lib/dns/db.c b/lib/dns/db.c index 64031ab8..6f55aa3f 100644 --- a/lib/dns/db.c +++ b/lib/dns/db.c @@ -973,19 +973,11 @@ dns_db_getnsec3parameters(dns_db_t *db, dns_dbversion_t *version, } isc_result_t -<<<<<<< HEAD -dns_db_getsize(dns_db_t *db, dns_dbversion_t *version, isc_uint64_t *records, - isc_uint64_t *bytes) -{ - REQUIRE(DNS_DB_VALID(db)); - REQUIRE(dns_db_iszone(db) == ISC_TRUE); -======= dns_db_getsize(dns_db_t *db, dns_dbversion_t *version, uint64_t *records, uint64_t *bytes) { REQUIRE(DNS_DB_VALID(db)); REQUIRE(dns_db_iszone(db) == true); ->>>>>>> upstream/9.14.4 if (db->methods->getsize != NULL) return ((db->methods->getsize)(db, version, records, bytes)); diff --git a/lib/dns/ecdb.c b/lib/dns/ecdb.c index 04c8c7dc..10e0dfeb 100644 --- a/lib/dns/ecdb.c +++ b/lib/dns/ecdb.c @@ -581,14 +581,10 @@ static dns_dbmethods_t ecdb_methods = { NULL, /* setcachestats */ NULL, /* hashsize */ NULL, /* nodefullname */ -<<<<<<< HEAD - NULL /* getsize */ -======= NULL, /* getsize */ NULL, /* setservestalettl */ NULL, /* getservestalettl */ NULL /* setgluecachestats */ ->>>>>>> upstream/9.14.4 }; static isc_result_t diff --git a/lib/dns/include/dns/db.h b/lib/dns/include/dns/db.h index e6195209..4f77471e 100644 --- a/lib/dns/include/dns/db.h +++ b/lib/dns/include/dns/db.h @@ -193,14 +193,10 @@ typedef struct dns_dbmethods { isc_result_t (*nodefullname)(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name); isc_result_t (*getsize)(dns_db_t *db, dns_dbversion_t *version, -<<<<<<< HEAD - isc_uint64_t *records, isc_uint64_t *bytes); -======= uint64_t *records, uint64_t *bytes); isc_result_t (*setservestalettl)(dns_db_t *db, dns_ttl_t ttl); isc_result_t (*getservestalettl)(dns_db_t *db, dns_ttl_t *ttl); isc_result_t (*setgluecachestats)(dns_db_t *db, isc_stats_t *stats); ->>>>>>> upstream/9.14.4 } dns_dbmethods_t; typedef isc_result_t @@ -1492,13 +1488,8 @@ dns_db_getnsec3parameters(dns_db_t *db, dns_dbversion_t *version, */ isc_result_t -<<<<<<< HEAD -dns_db_getsize(dns_db_t *db, dns_dbversion_t *version, isc_uint64_t *records, - isc_uint64_t *bytes); -======= dns_db_getsize(dns_db_t *db, dns_dbversion_t *version, uint64_t *records, uint64_t *bytes); ->>>>>>> upstream/9.14.4 /*%< * Get the number of records in the given version of the database as well * as the number bytes used to store those records. @@ -1515,13 +1506,8 @@ dns_db_getsize(dns_db_t *db, dns_dbversion_t *version, uint64_t *records, */ isc_result_t -<<<<<<< HEAD -dns_db_findnsec3node(dns_db_t *db, dns_name_t *name, - isc_boolean_t create, dns_dbnode_t **nodep); -======= dns_db_findnsec3node(dns_db_t *db, const dns_name_t *name, bool create, dns_dbnode_t **nodep); ->>>>>>> upstream/9.14.4 /*%< * Find the NSEC3 node with name 'name'. * diff --git a/lib/dns/include/dns/rdataslab.h b/lib/dns/include/dns/rdataslab.h index 90ab034f..e2dbd832 100644 --- a/lib/dns/include/dns/rdataslab.h +++ b/lib/dns/include/dns/rdataslab.h @@ -108,18 +108,6 @@ dns_rdataslab_count(unsigned char *slab, unsigned int reservelen); *\li The number of records in the slab. */ -unsigned int -dns_rdataslab_count(unsigned char *slab, unsigned int reservelen); -/*%< - * Return the number of records in the rdataslab - * - * Requires: - *\li 'slab' points to a slab. - * - * Returns: - *\li The number of records in the slab. - */ - isc_result_t dns_rdataslab_merge(unsigned char *oslab, unsigned char *nslab, unsigned int reservelen, isc_mem_t *mctx, diff --git a/lib/dns/include/dns/result.h b/lib/dns/include/dns/result.h index 936b0821..2063cb79 100644 --- a/lib/dns/include/dns/result.h +++ b/lib/dns/include/dns/result.h @@ -153,14 +153,9 @@ #define DNS_R_BADTSIG (ISC_RESULTCLASS_DNS + 115) #define DNS_R_BADSIG0 (ISC_RESULTCLASS_DNS + 116) #define DNS_R_TOOMANYRECORDS (ISC_RESULTCLASS_DNS + 117) -<<<<<<< HEAD - -#define DNS_R_NRESULTS 118 /*%< Number of results */ -======= #define DNS_R_VERIFYFAILURE (ISC_RESULTCLASS_DNS + 118) #define DNS_R_NRESULTS 119 /*%< Number of results */ ->>>>>>> upstream/9.14.4 /* * DNS wire format rcodes. diff --git a/lib/dns/include/dns/zone.h b/lib/dns/include/dns/zone.h index 8c1adc41..33c1131f 100644 --- a/lib/dns/include/dns/zone.h +++ b/lib/dns/include/dns/zone.h @@ -288,11 +288,7 @@ dns_zone_getfile(dns_zone_t *zone); */ void -<<<<<<< HEAD -dns_zone_setmaxrecords(dns_zone_t *zone, isc_uint32_t records); -======= dns_zone_setmaxrecords(dns_zone_t *zone, uint32_t records); ->>>>>>> upstream/9.14.4 /*%< * Sets the maximim number of records permitted in a zone. * 0 implies unlimited. @@ -304,11 +300,7 @@ dns_zone_setmaxrecords(dns_zone_t *zone, uint32_t records); *\li void */ -<<<<<<< HEAD -isc_uint32_t -======= uint32_t ->>>>>>> upstream/9.14.4 dns_zone_getmaxrecords(dns_zone_t *zone); /*%< * Gets the maximim number of records permitted in a zone. @@ -318,19 +310,11 @@ dns_zone_getmaxrecords(dns_zone_t *zone); *\li 'zone' to be valid initialised zone. * * Returns: -<<<<<<< HEAD - *\li isc_uint32_t maxrecords. - */ - -void -dns_zone_setmaxttl(dns_zone_t *zone, isc_uint32_t maxttl); -======= *\li uint32_t maxrecords. */ void dns_zone_setmaxttl(dns_zone_t *zone, uint32_t maxttl); ->>>>>>> upstream/9.14.4 /*%< * Sets the max ttl of the zone. * diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c index ea33ba42..e32acd36 100644 --- a/lib/dns/rbtdb.c +++ b/lib/dns/rbtdb.c @@ -112,165 +112,8 @@ struct rbtdb_file_header { #define VALID_RBTDB(rbtdb) ((rbtdb) != NULL && \ (rbtdb)->common.impmagic == RBTDB_MAGIC) -<<<<<<< HEAD -#ifdef DNS_RBTDB_VERSION64 -typedef isc_uint64_t rbtdb_serial_t; -/*% - * Make casting easier in symbolic debuggers by using different names - * for the 64 bit version. - */ -#define dns_rbtdb_t dns_rbtdb64_t -#define rdatasetheader_t rdatasetheader64_t -#define rbtdb_version_t rbtdb_version64_t - -#define once once64 -#define FILE_VERSION FILE_VERSION64 -#define init_count init_count64 - -#define cache_methods cache_methods64 -#define dbiterator_methods dbiterator_methods64 -#define rdataset_methods rdataset_methods64 -#define rdatasetiter_methods rdatasetiter_methods64 -#define slab_methods slab_methods64 -#define zone_methods zone_methods64 - -#define acache_callback acache_callback64 -#define acache_cancelentry acache_cancelentry64 -#define activeempty activeempty64 -#define activeemtpynode activeemtpynode64 -#define add32 add64 -#define add_changed add_changed64 -#define add_empty_wildcards add_empty_wildcards64 -#define add_wildcard_magic add_wildcard_magic64 -#define addrdataset addrdataset64 -#define allrdatasets allrdatasets64 -#define attach attach64 -#define attachnode attachnode64 -#define attachversion attachversion64 -#define beginload beginload64 -#define bind_rdataset bind_rdataset64 -#define cache_find cache_find64 -#define cache_findrdataset cache_findrdataset64 -#define cache_findzonecut cache_findzonecut64 -#define cache_zonecut_callback cache_zonecut_callback64 -#define check_stale_header check_stale_header64 -#define cleanup_dead_nodes cleanup_dead_nodes64 -#define cleanup_dead_nodes_callback cleanup_dead_nodes_callback64 -#define closeversion closeversion64 -#define createiterator createiterator64 -#define currentversion currentversion64 -#define dbiterator_current dbiterator_current64 -#define dbiterator_destroy dbiterator_destroy64 -#define dbiterator_first dbiterator_first64 -#define dbiterator_last dbiterator_last64 -#define dbiterator_next dbiterator_next64 -#define dbiterator_origin dbiterator_origin64 -#define dbiterator_pause dbiterator_pause64 -#define dbiterator_prev dbiterator_prev64 -#define dbiterator_seek dbiterator_seek64 -#define decrement_reference decrement_reference64 -#define delete_callback delete_callback64 -#define delete_node delete_node64 -#define deleterdataset deleterdataset64 -#define deserialize32 deserialize64 -#define detach detach64 -#define detachnode detachnode64 -#define dump dump64 -#define endload endload64 -#define expire_header expire_header64 -#define expirenode expirenode64 -#define find_closest_nsec find_closest_nsec64 -#define find_coveringnsec find_coveringnsec64 -#define find_deepest_zonecut find_deepest_zonecut64 -#define findnode findnode64 -#define findnodeintree findnodeintree64 -#define findnsec3node findnsec3node64 -#define flush_deletions flush_deletions64 -#define free_acachearray free_acachearray64 -#define free_noqname free_noqname64 -#define free_rbtdb free_rbtdb64 -#define free_rbtdb_callback free_rbtdb_callback64 -#define free_rdataset free_rdataset64 -#define getnsec3parameters getnsec3parameters64 -#define getsize getsize64 -#define getoriginnode getoriginnode64 -#define getrrsetstats getrrsetstats64 -#define getsigningtime getsigningtime64 -#define hashsize hashsize64 -#define init_file_version init_file_version64 -#define isdnssec isdnssec64 -#define ispersistent ispersistent64 -#define issecure issecure64 -#define iszonesecure iszonesecure64 -#define loading_addrdataset loading_addrdataset64 -#define loadnode loadnode64 -#define matchparams matchparams64 -#define maybe_free_rbtdb maybe_free_rbtdb64 -#define new_reference new_reference64 -#define newversion newversion64 -#define nodecount nodecount64 -#define nodefullname nodefullname64 -#define overmem overmem64 -#define previous_closest_nsec previous_closest_nsec64 -#define printnode printnode64 -#define prune_tree prune_tree64 -#define rbt_datafixer rbt_datafixer64 -#define rbt_datawriter rbt_datawriter64 -#define rdataset_clearprefetch rdataset_clearprefetch64 -#define rdataset_clone rdataset_clone64 -#define rdataset_count rdataset_count64 -#define rdataset_current rdataset_current64 -#define rdataset_disassociate rdataset_disassociate64 -#define rdataset_expire rdataset_expire64 -#define rdataset_first rdataset_first64 -#define rdataset_getadditional rdataset_getadditional64 -#define rdataset_getclosest rdataset_getclosest64 -#define rdataset_getnoqname rdataset_getnoqname64 -#define rdataset_getownercase rdataset_getownercase64 -#define rdataset_next rdataset_next64 -#define rdataset_putadditional rdataset_putadditional64 -#define rdataset_setadditional rdataset_setadditional64 -#define rdataset_setownercase rdataset_setownercase64 -#define rdataset_settrust rdataset_settrust64 -#define rdatasetiter_current rdatasetiter_current64 -#define rdatasetiter_destroy rdatasetiter_destroy64 -#define rdatasetiter_first rdatasetiter_first64 -#define rdatasetiter_next rdatasetiter_next64 -#define reactivate_node reactivate_node64 -#define resign_delete resign_delete64 -#define resign_insert resign_insert64 -#define resign_sooner resign_sooner64 -#define resigned resigned64 -#define rpz_attach rpz_attach64 -#define rpz_ready rpz_ready64 -#define serialize serialize64 -#define set_index set_index64 -#define set_ttl set_ttl64 -#define setcachestats setcachestats64 -#define setownercase setownercase64 -#define setsigningtime setsigningtime64 -#define settask settask64 -#define setup_delegation setup_delegation64 -#define subtractrdataset subtractrdataset64 -#define ttl_sooner ttl_sooner64 -#define update_cachestats update_cachestats64 -#define update_header update_header64 -#define update_newheader update_newheader64 -#define update_rrsetstats update_rrsetstats64 -#define zone_find zone_find64 -#define zone_findrdataset zone_findrdataset64 -#define zone_findzonecut zone_findzonecut64 -#define zone_zonecut_callback zone_zonecut_callback64 - -#else -typedef isc_uint32_t rbtdb_serial_t; -#endif - -typedef isc_uint32_t rbtdb_rdatatype_t; -======= typedef uint32_t rbtdb_serial_t; typedef uint32_t rbtdb_rdatatype_t; ->>>>>>> upstream/9.14.4 #define RBTDB_RDATATYPE_BASE(type) ((dns_rdatatype_t)((type) & 0xFFFF)) #define RBTDB_RDATATYPE_EXT(type) ((dns_rdatatype_t)((type) >> 16)) @@ -566,10 +409,6 @@ typedef struct rbtdb_version { * records and bytes are covered by rwlock. */ isc_rwlock_t rwlock; -<<<<<<< HEAD - isc_uint64_t records; - isc_uint64_t bytes; -======= uint64_t records; uint64_t bytes; @@ -577,7 +416,6 @@ typedef struct rbtdb_version { size_t glue_table_size; size_t glue_table_nodecount; rbtdb_glue_table_node_t **glue_table; ->>>>>>> upstream/9.14.4 } rbtdb_version_t; typedef ISC_LIST(rbtdb_version_t) rbtdb_versionlist_t; @@ -1462,11 +1300,8 @@ newversion(dns_db_t *db, dns_dbversion_t **versionp) { } result = isc_rwlock_init(&version->rwlock, 0, 0); if (result != ISC_R_SUCCESS) { -<<<<<<< HEAD -======= free_gluetable(version); isc_rwlock_destroy(&version->glue_rwlock); ->>>>>>> upstream/9.14.4 isc_refcount_destroy(&version->references); isc_mem_put(rbtdb->common.mctx, version, sizeof(*version)); @@ -2712,11 +2547,8 @@ closeversion(dns_db_t *db, dns_dbversion_t **versionp, bool commit) { if (cleanup_version != NULL) { INSIST(EMPTY(cleanup_version->changed_list)); -<<<<<<< HEAD -======= free_gluetable(cleanup_version); isc_rwlock_destroy(&cleanup_version->glue_rwlock); ->>>>>>> upstream/9.14.4 isc_rwlock_destroy(&cleanup_version->rwlock); isc_mem_put(rbtdb->common.mctx, cleanup_version, sizeof(*cleanup_version)); @@ -6280,34 +6112,6 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, } INSIST(rbtversion == NULL || rbtversion->serial >= topheader->serial); -<<<<<<< HEAD - if (topheader_prev != NULL) - topheader_prev->next = newheader; - else - rbtnode->data = newheader; - newheader->next = topheader->next; - if (rbtversion != NULL) - RWLOCK(&rbtversion->rwlock, isc_rwlocktype_write); - if (rbtversion != NULL && !header_nx) { - rbtversion->records -= - dns_rdataslab_count((unsigned char *)header, - sizeof(*header)); - rbtversion->bytes -= - dns_rdataslab_size((unsigned char *)header, - sizeof(*header)); - } - if (rbtversion != NULL && !newheader_nx) { - rbtversion->records += - dns_rdataslab_count((unsigned char *)newheader, - sizeof(*newheader)); - rbtversion->bytes += - dns_rdataslab_size((unsigned char *)newheader, - sizeof(*newheader)); - } - if (rbtversion != NULL) - RWUNLOCK(&rbtversion->rwlock, isc_rwlocktype_write); -======= ->>>>>>> upstream/9.14.4 if (loading) { newheader->down = NULL; idx = newheader->node->locknum; @@ -6485,36 +6289,12 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, newheader->down = NULL; rbtnode->data = newheader; } -<<<<<<< HEAD - if (rbtversion != NULL && !newheader_nx) { - RWLOCK(&rbtversion->rwlock, isc_rwlocktype_write); - rbtversion->records += - dns_rdataslab_count((unsigned char *)newheader, - sizeof(*newheader)); - rbtversion->bytes += - dns_rdataslab_size((unsigned char *)newheader, - sizeof(*newheader)); - RWUNLOCK(&rbtversion->rwlock, isc_rwlocktype_write); - } - idx = newheader->node->locknum; - if (IS_CACHE(rbtdb)) { - ISC_LIST_PREPEND(rbtdb->rdatasets[idx], - newheader, link); - isc_heap_insert(rbtdb->heaps[idx], newheader); - } else if (RESIGN(newheader)) { - resign_delete(rbtdb, rbtversion, header); - result = resign_insert(rbtdb, idx, newheader); - if (result != ISC_R_SUCCESS) - return (result); - } -======= } if (rbtversion != NULL && !newheader_nx) { RWLOCK(&rbtversion->rwlock, isc_rwlocktype_write); update_recordsandbytes(true, rbtversion, newheader); RWUNLOCK(&rbtversion->rwlock, isc_rwlocktype_write); ->>>>>>> upstream/9.14.4 } /* @@ -6982,18 +6762,7 @@ subtractrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, * to additional info. We need to clear these fields * to avoid having duplicated references. */ -<<<<<<< HEAD - newheader->additional_auth = NULL; - newheader->additional_glue = NULL; - rbtversion->records += - dns_rdataslab_count((unsigned char *)newheader, - sizeof(*newheader)); - rbtversion->bytes += - dns_rdataslab_size((unsigned char *)newheader, - sizeof(*newheader)); -======= update_recordsandbytes(true, rbtversion, newheader); ->>>>>>> upstream/9.14.4 } else if (result == DNS_R_NXRRSET) { /* * This subtraction would remove all of the rdata; @@ -7028,16 +6797,7 @@ subtractrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, * topheader. */ INSIST(rbtversion->serial >= topheader->serial); -<<<<<<< HEAD - rbtversion->records -= - dns_rdataslab_count((unsigned char *)header, - sizeof(*header)); - rbtversion->bytes -= - dns_rdataslab_size((unsigned char *)header, - sizeof(*header)); -======= update_recordsandbytes(false, rbtversion, header); ->>>>>>> upstream/9.14.4 if (topheader_prev != NULL) topheader_prev->next = newheader; else @@ -7970,13 +7730,8 @@ getnsec3parameters(dns_db_t *db, dns_dbversion_t *version, dns_hash_t *hash, } static isc_result_t -<<<<<<< HEAD -getsize(dns_db_t *db, dns_dbversion_t *version, isc_uint64_t *records, - isc_uint64_t *bytes) -======= getsize(dns_db_t *db, dns_dbversion_t *version, uint64_t *records, uint64_t *bytes) ->>>>>>> upstream/9.14.4 { dns_rbtdb_t *rbtdb; isc_result_t result = ISC_R_SUCCESS; @@ -8261,14 +8016,10 @@ static dns_dbmethods_t zone_methods = { NULL, /* setcachestats */ hashsize, nodefullname, -<<<<<<< HEAD - getsize -======= getsize, NULL, /* setservestalettl */ NULL, /* getservestalettl */ setgluecachestats ->>>>>>> upstream/9.14.4 }; static dns_dbmethods_t cache_methods = { @@ -8316,12 +8067,9 @@ static dns_dbmethods_t cache_methods = { setcachestats, hashsize, nodefullname, -<<<<<<< HEAD -======= NULL, /* getsize */ setservestalettl, getservestalettl, ->>>>>>> upstream/9.14.4 NULL }; @@ -8589,23 +8337,14 @@ dns_rbtdb_create(isc_mem_t *mctx, const dns_name_t *origin, dns_dbtype_t type, sizeof(rbtdb->current_version->salt)); result = isc_rwlock_init(&rbtdb->current_version->rwlock, 0, 0); if (result != ISC_R_SUCCESS) { -<<<<<<< HEAD -======= free_gluetable(rbtdb->current_version); isc_rwlock_destroy(&rbtdb->current_version->glue_rwlock); ->>>>>>> upstream/9.14.4 isc_refcount_destroy(&rbtdb->current_version->references); isc_mem_put(mctx, rbtdb->current_version, sizeof(*rbtdb->current_version)); rbtdb->current_version = NULL; -<<<<<<< HEAD - isc_refcount_decrement(&rbtdb->references, NULL); - isc_refcount_destroy(&rbtdb->references); - free_rbtdb(rbtdb, ISC_FALSE, NULL); -======= INSIST(isc_refcount_decrement(&rbtdb->references) > 0); free_rbtdb(rbtdb, false, NULL); ->>>>>>> upstream/9.14.4 return (result); } diff --git a/lib/dns/result.c b/lib/dns/result.c index ec9ccf76..b45ea3a3 100644 --- a/lib/dns/result.c +++ b/lib/dns/result.c @@ -165,10 +165,7 @@ static const char *text[DNS_R_NRESULTS] = { "TSIG in wrong location", /*%< 115 DNS_R_BADTSIG */ "SIG(0) in wrong location", /*%< 116 DNS_R_BADSIG0 */ "too many records", /*%< 117 DNS_R_TOOMANYRECORDS */ -<<<<<<< HEAD -======= "verify failure", /*%< 118 DNS_R_VERIFYFAILURE */ ->>>>>>> upstream/9.14.4 }; static const char *ids[DNS_R_NRESULTS] = { diff --git a/lib/dns/sdb.c b/lib/dns/sdb.c index 1b32fb21..c319dbd1 100644 --- a/lib/dns/sdb.c +++ b/lib/dns/sdb.c @@ -1287,14 +1287,10 @@ static dns_dbmethods_t sdb_methods = { NULL, /* setcachestats */ NULL, /* hashsize */ NULL, /* nodefullname */ -<<<<<<< HEAD - NULL /* getsize */ -======= NULL, /* getsize */ NULL, /* setservestalettl */ NULL, /* getservestalettl */ NULL /* setgluecachestats */ ->>>>>>> upstream/9.14.4 }; static isc_result_t diff --git a/lib/dns/sdlz.c b/lib/dns/sdlz.c index f12f8c8b..fb91859f 100644 --- a/lib/dns/sdlz.c +++ b/lib/dns/sdlz.c @@ -1331,14 +1331,10 @@ static dns_dbmethods_t sdlzdb_methods = { NULL, /* setcachestats */ NULL, /* hashsize */ NULL, /* nodefullname */ -<<<<<<< HEAD - NULL /* getsize */ -======= NULL, /* getsize */ NULL, /* setservestalettl */ NULL, /* getservestalettl */ NULL /* setgluecachestats */ ->>>>>>> upstream/9.14.4 }; /* diff --git a/lib/dns/xfrin.c b/lib/dns/xfrin.c index 6ce299bd..e3a02488 100644 --- a/lib/dns/xfrin.c +++ b/lib/dns/xfrin.c @@ -156,9 +156,6 @@ struct dns_xfrin_ctx { unsigned int maxrecords; /*%< The maximum number of records set for the zone */ - unsigned int maxrecords; /*%< The maximum number of - records set for the zone */ - isc_time_t start; /*%< Start time of the transfer */ isc_time_t end; /*%< End time of the transfer */ @@ -324,11 +321,7 @@ axfr_putdata(dns_xfrin_ctx_t *xfr, dns_diffop_t op, static isc_result_t axfr_apply(dns_xfrin_ctx_t *xfr) { isc_result_t result; -<<<<<<< HEAD - isc_uint64_t records; -======= uint64_t records; ->>>>>>> upstream/9.14.4 CHECK(dns_diff_load(&xfr->diff, xfr->axfr.add, xfr->axfr.add_private)); xfr->difflen = 0; @@ -427,11 +420,7 @@ ixfr_putdata(dns_xfrin_ctx_t *xfr, dns_diffop_t op, static isc_result_t ixfr_apply(dns_xfrin_ctx_t *xfr) { isc_result_t result; -<<<<<<< HEAD - isc_uint64_t records; -======= uint64_t records; ->>>>>>> upstream/9.14.4 if (xfr->ver == NULL) { CHECK(dns_db_newversion(xfr->db, &xfr->ver)); diff --git a/lib/dns/zone.c b/lib/dns/zone.c index a35e1b4b..03889cbd 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -247,8 +247,6 @@ struct dns_zone { uint32_t maxrecords; - isc_uint32_t maxrecords; - isc_sockaddr_t *masters; isc_dscp_t *masterdscps; dns_name_t **masterkeynames; @@ -11179,36 +11177,21 @@ dns_zone_setmaxretrytime(dns_zone_t *zone, uint32_t val) { zone->maxretry = val; } -<<<<<<< HEAD -isc_uint32_t -dns_zone_getmaxrecords(dns_zone_t *zone) { - REQUIRE(DNS_ZONE_VALID(zone)); -======= uint32_t dns_zone_getmaxrecords(dns_zone_t *zone) { REQUIRE(DNS_ZONE_VALID(zone)); ->>>>>>> upstream/9.14.4 return (zone->maxrecords); } void -<<<<<<< HEAD -dns_zone_setmaxrecords(dns_zone_t *zone, isc_uint32_t val) { - REQUIRE(DNS_ZONE_VALID(zone)); -======= dns_zone_setmaxrecords(dns_zone_t *zone, uint32_t val) { REQUIRE(DNS_ZONE_VALID(zone)); ->>>>>>> upstream/9.14.4 zone->maxrecords = val; } -<<<<<<< HEAD -static isc_boolean_t -======= static bool ->>>>>>> upstream/9.14.4 notify_isqueued(dns_zone_t *zone, unsigned int flags, dns_name_t *name, isc_sockaddr_t *addr, dns_tsigkey_t *key) { @@ -15804,10 +15787,7 @@ zone_xfrdone(dns_zone_t *zone, isc_result_t result) { goto same_master; case DNS_R_TOOMANYRECORDS: -<<<<<<< HEAD -======= case DNS_R_VERIFYFAILURE: ->>>>>>> upstream/9.14.4 DNS_ZONE_JITTER_ADD(&now, zone->refresh, &zone->refreshtime); inc_stats(zone, dns_zonestatscounter_xfrfail); break; diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index 308d2ef1..ce418c9b 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -2001,71 +2001,6 @@ static cfg_type_t cfg_type_validityinterval = { */ static cfg_clausedef_t zone_clauses[] = { -<<<<<<< HEAD - { "allow-notify", &cfg_type_bracketed_aml, 0 }, - { "allow-query", &cfg_type_bracketed_aml, 0 }, - { "allow-query-on", &cfg_type_bracketed_aml, 0 }, - { "allow-transfer", &cfg_type_bracketed_aml, 0 }, - { "allow-update", &cfg_type_bracketed_aml, 0 }, - { "allow-update-forwarding", &cfg_type_bracketed_aml, 0 }, - { "also-notify", &cfg_type_namesockaddrkeylist, 0 }, - { "alt-transfer-source", &cfg_type_sockaddr4wild, 0 }, - { "alt-transfer-source-v6", &cfg_type_sockaddr6wild, 0 }, - { "auto-dnssec", &cfg_type_autodnssec, 0 }, - { "check-dup-records", &cfg_type_checkmode, 0 }, - { "check-integrity", &cfg_type_boolean, 0 }, - { "check-mx", &cfg_type_checkmode, 0 }, - { "check-mx-cname", &cfg_type_checkmode, 0 }, - { "check-sibling", &cfg_type_boolean, 0 }, - { "check-spf", &cfg_type_warn, 0 }, - { "check-srv-cname", &cfg_type_checkmode, 0 }, - { "check-wildcard", &cfg_type_boolean, 0 }, - { "dialup", &cfg_type_dialuptype, 0 }, - { "dnssec-dnskey-kskonly", &cfg_type_boolean, 0 }, - { "dnssec-loadkeys-interval", &cfg_type_uint32, 0 }, - { "dnssec-secure-to-insecure", &cfg_type_boolean, 0 }, - { "dnssec-update-mode", &cfg_type_dnssecupdatemode, 0 }, - { "forward", &cfg_type_forwardtype, 0 }, - { "forwarders", &cfg_type_portiplist, 0 }, - { "inline-signing", &cfg_type_boolean, 0 }, - { "key-directory", &cfg_type_qstring, 0 }, - { "maintain-ixfr-base", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, - { "masterfile-format", &cfg_type_masterformat, 0 }, - { "masterfile-style", &cfg_type_masterstyle, 0 }, - { "max-ixfr-log-size", &cfg_type_size, CFG_CLAUSEFLAG_OBSOLETE }, - { "max-journal-size", &cfg_type_sizenodefault, 0 }, - { "max-records", &cfg_type_uint32, 0 }, - { "max-refresh-time", &cfg_type_uint32, 0 }, - { "max-retry-time", &cfg_type_uint32, 0 }, - { "max-transfer-idle-in", &cfg_type_uint32, 0 }, - { "max-transfer-idle-out", &cfg_type_uint32, 0 }, - { "max-transfer-time-in", &cfg_type_uint32, 0 }, - { "max-transfer-time-out", &cfg_type_uint32, 0 }, - { "max-zone-ttl", &cfg_type_maxttl, 0 }, - { "min-refresh-time", &cfg_type_uint32, 0 }, - { "min-retry-time", &cfg_type_uint32, 0 }, - { "multi-master", &cfg_type_boolean, 0 }, - { "notify", &cfg_type_notifytype, 0 }, - { "notify-delay", &cfg_type_uint32, 0 }, - { "notify-source", &cfg_type_sockaddr4wild, 0 }, - { "notify-source-v6", &cfg_type_sockaddr6wild, 0 }, - { "notify-to-soa", &cfg_type_boolean, 0 }, - { "nsec3-test-zone", &cfg_type_boolean, CFG_CLAUSEFLAG_TESTONLY }, - { "request-expire", &cfg_type_boolean, 0 }, - { "request-ixfr", &cfg_type_boolean, 0 }, - { "serial-update-method", &cfg_type_updatemethod, 0 }, - { "sig-signing-nodes", &cfg_type_uint32, 0 }, - { "sig-signing-signatures", &cfg_type_uint32, 0 }, - { "sig-signing-type", &cfg_type_uint32, 0 }, - { "sig-validity-interval", &cfg_type_validityinterval, 0 }, - { "transfer-source", &cfg_type_sockaddr4wild, 0 }, - { "transfer-source-v6", &cfg_type_sockaddr6wild, 0 }, - { "try-tcp-refresh", &cfg_type_boolean, 0 }, - { "update-check-ksk", &cfg_type_boolean, 0 }, - { "use-alt-transfer-source", &cfg_type_boolean, 0 }, - { "zero-no-soa-ttl", &cfg_type_boolean, 0 }, - { "zone-statistics", &cfg_type_zonestat, 0 }, -======= { "allow-notify", &cfg_type_bracketed_aml, CFG_ZONE_SLAVE | CFG_ZONE_MIRROR }, @@ -2267,7 +2202,6 @@ zone_clauses[] = { CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR | CFG_ZONE_STUB | CFG_ZONE_STATICSTUB | CFG_ZONE_REDIRECT }, ->>>>>>> upstream/9.14.4 { NULL, NULL, 0 } }; diff --git a/make/rules.in b/make/rules.in index a604def3..86456eb4 100644 --- a/make/rules.in +++ b/make/rules.in @@ -116,17 +116,12 @@ BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ BUILD_LIBS = @BUILD_LIBS@ -<<<<<<< HEAD -ASLR_CFLAGS = ${CFLAGS} -fPIE -ASLR_LDFLAGS = ${LDFLAGS} -pie -======= LFS_CFLAGS = @LFS_CFLAGS@ LFS_LDFLAGS = @LFS_LDFLAGS@ LFS_LIBS = @LFS_LIBS@ MAXMINDDB_CFLAGS = @MAXMINDDB_CFLAGS@ MAXMINDDB_LIBS = @MAXMINDDB_LIBS@ ->>>>>>> upstream/9.14.4 .SUFFIXES: .SUFFIXES: .c .@O@ @@ -142,9 +137,6 @@ ALL_CPPFLAGS = \ ALL_CFLAGS = ${EXT_CFLAGS} ${ALL_CPPFLAGS} ${CFLAGS} \ ${ALWAYS_WARNINGS} ${STD_CWARNINGS} ${CWARNINGS} -ALL_CFLAGS_WITH_ASLR = ${EXT_CFLAGS} ${ALL_CPPFLAGS} ${ASLR_CFLAGS} \ - ${ALWAYS_WARNINGS} ${STD_CWARNINGS} ${CWARNINGS} - @BIND9_CO_RULE@ ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -c $< @@ -203,24 +195,24 @@ MKDEP = ${SHELL} ${top_builddir}/make/mkdep ### See bin/check/Makefile.in for a complete example of the use of LIBS0. ### FINALBUILDCMD = if [ X"${MKSYMTBL_PROGRAM}" = X -o X"$${MAKE_SYMTABLE:-${ALWAYS_MAKE_SYMTABLE}}" = X ] ; then \ - ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS_WITH_ASLR} ${ASLR_LDFLAGS} \ + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS} ${LDFLAGS} \ -o $@ $${BASEOBJS} $${LIBS0} ${LIBS}; \ else \ rm -f $@tmp0; \ - ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS_WITH_ASLR} ${ASLR_LDFLAGS} \ + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS} ${LDFLAGS} \ -o $@tmp0 $${BASEOBJS} $${LIBS0} ${LIBS} || exit 1; \ rm -f $@-symtbl.c $@-symtbl.@O@; \ ${MKSYMTBL_PROGRAM} ${top_srcdir}/util/mksymtbl.pl \ -o $@-symtbl.c $@tmp0 || exit 1; \ $(MAKE) $@-symtbl.@O@ || exit 1; \ rm -f $@tmp1; \ - ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS_WITH_ASLR} ${ASLR_LDFLAGS} \ + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS} ${LDFLAGS} \ -o $@tmp1 $${BASEOBJS} $@-symtbl.@O@ $${LIBS0} ${NOSYMLIBS} || exit 1; \ rm -f $@-symtbl.c $@-symtbl.@O@; \ ${MKSYMTBL_PROGRAM} ${top_srcdir}/util/mksymtbl.pl \ -o $@-symtbl.c $@tmp1 || exit 1; \ $(MAKE) $@-symtbl.@O@ || exit 1; \ - ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS_WITH_ASLR} ${ASLR_LDFLAGS} \ + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS} ${LDFLAGS} \ -o $@tmp2 $${BASEOBJS} $@-symtbl.@O@ $${LIBS0} ${NOSYMLIBS}; \ ${MKSYMTBL_PROGRAM} ${top_srcdir}/util/mksymtbl.pl \ -o $@-symtbl2.c $@tmp2; \ @@ -233,8 +225,8 @@ FINALBUILDCMD = if [ X"${MKSYMTBL_PROGRAM}" = X -o X"$${MAKE_SYMTABLE:-${ALWAYS_ ${MKSYMTBL_PROGRAM} ${top_srcdir}/util/mksymtbl.pl \ -o $@-symtbl.c $@tmp2 || exit 1; \ $(MAKE) $@-symtbl.@O@ || exit 1; \ - ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS_WITH_ASLR} \ - ${ASLR_LDFLAGS} -o $@tmp2 $${BASEOBJS} $@-symtbl.@O@ \ + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS} \ + ${LDFLAGS} -o $@tmp2 $${BASEOBJS} $@-symtbl.@O@ \ $${LIBS0} ${NOSYMLIBS}; \ ${MKSYMTBL_PROGRAM} ${top_srcdir}/util/mksymtbl.pl \ -o $@-symtbl2.c $@tmp2; \ |