- Add bin9-sdb-ldap, a patched bind9 version to use with an LDAP based backend.

PR:		ports/62840
Submitted by:	Hugo Meiland <hugo@meiland.nl>

dns/Makefile

@@ -9,6 +9,7 @@
     SUBDIR += bind84
     SUBDIR += bind9
     SUBDIR += bind9-dlz
+    SUBDIR += bind9-sdb-ldap
     SUBDIR += checkdns
     SUBDIR += crossip
     SUBDIR += ddclient

dns/bind9-sdb-ldap/Makefile

@@ -0,0 +1,126 @@
+# New ports collection makefile for:	bind9-sdb-ldap
+# Date created:			 	23 June 2005
+# Whom:					Hugo Meiland <hugo@meiland.nl>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	bind9
+PORTVERSION=	9.3.1
+CATEGORIES=	dns net ipv6
+MASTER_SITES=	${MASTER_SITE_ISC}
+MASTER_SITE_SUBDIR=	bind9/${ISCVERSION}
+PKGNAMESUFFIX=	-sdb-ldap
+DISTNAME=	bind-${ISCVERSION}
+DISTFILES=	${DISTNAME}${EXTRACT_SUFX} ${DISTNAME}${EXTRACT_SUFX}.asc
+EXTRACT_ONLY=	${DISTNAME}${EXTRACT_SUFX}
+
+MAINTAINER=	Hugo@Meiland.nl
+COMMENT=	The well known Bind9, patched for use of an LDAP based backend
+
+LIB_DEPENDS=	ldap-2.2:${PORTSDIR}/net/openldap22-client
+
+CONFLICTS=	bind-8.* bind84-8.* bind9-9.* bind9-dlz-* host-* skalibs-*
+
+# ISC releases things like 9.3.0rc1, which our versioning doesn't like
+ISCVERSION=	9.3.1
+
+GNU_CONFIGURE=	yes
+CONFIGURE_ARGS=	--localstatedir=/var --disable-linux-caps --with-openssl \
+		--with-randomdev=/dev/random
+
+USE_OPENSSL=	yes
+
+.if !defined(WITHOUT_BIND9_THREADS) || defined(PACKAGE_BUILDING)
+CONFIGURE_ARGS+=	--enable-threads
+.else
+CONFIGURE_ARGS+=	--disable-threads
+.endif
+
+.if defined(WITH_PORT_REPLACES_BASE_BIND9)
+PKGNAMESUFFIX=	-sdb-ldap-base
+PREFIX=		/usr
+BIND_DESTETC=	/etc/namedb
+CONFIGURE_ARGS+=	--prefix=${PREFIX} \
+			--sysconfdir=${BIND_DESTETC} \
+			--mandir=${MANPREFIX}/man
+.else
+BIND_DESTETC=	${PREFIX}/etc
+.endif
+
+PLIST_SUB=	BIND_DESTETC="${BIND_DESTETC}"
+
+MAN1=	dig.1 host.1 nslookup.1
+MAN3=	lwres.3 lwres_addr_parse.3 lwres_buffer.3 lwres_buffer_add.3 \
+	lwres_buffer_back.3 lwres_buffer_clear.3 lwres_buffer_first.3 \
+	lwres_buffer_forward.3 lwres_buffer_getmem.3 lwres_buffer_getuint16.3 \
+	lwres_buffer_getuint32.3 lwres_buffer_getuint8.3 lwres_buffer_init.3 \
+	lwres_buffer_invalidate.3 lwres_buffer_putmem.3 \
+	lwres_buffer_putuint16.3 lwres_buffer_putuint32.3 \
+	lwres_buffer_putuint8.3 lwres_buffer_subtract.3 lwres_conf_clear.3 \
+	lwres_conf_get.3 lwres_conf_init.3 lwres_conf_parse.3 \
+	lwres_conf_print.3 lwres_config.3 lwres_context.3 \
+	lwres_context_allocmem.3 lwres_context_create.3 \
+	lwres_context_destroy.3 lwres_context_freemem.3 \
+	lwres_context_initserial.3 lwres_context_nextserial.3 \
+	lwres_context_sendrecv.3 lwres_endhostent.3 lwres_endhostent_r.3 \
+	lwres_freeaddrinfo.3 lwres_freehostent.3 lwres_gabn.3 \
+	lwres_gabnrequest_free.3 lwres_gabnrequest_parse.3 \
+	lwres_gabnrequest_render.3 lwres_gabnresponse_free.3 \
+	lwres_gabnresponse_parse.3 lwres_gabnresponse_render.3 \
+	lwres_gai_strerror.3 lwres_getaddrinfo.3 lwres_getaddrsbyname.3 \
+	lwres_gethostbyaddr.3 lwres_gethostbyaddr_r.3 lwres_gethostbyname.3 \
+	lwres_gethostbyname2.3 lwres_gethostbyname_r.3 lwres_gethostent.3 \
+	lwres_gethostent_r.3 lwres_getipnode.3 lwres_getipnodebyaddr.3 \
+	lwres_getipnodebyname.3 lwres_getnamebyaddr.3 lwres_getnameinfo.3 \
+	lwres_getrrsetbyname.3 lwres_gnba.3 lwres_gnbarequest_free.3 \
+	lwres_gnbarequest_parse.3 lwres_gnbarequest_render.3 \
+	lwres_gnbaresponse_free.3 lwres_gnbaresponse_parse.3 \
+	lwres_gnbaresponse_render.3 lwres_herror.3 lwres_hstrerror.3 \
+	lwres_inetntop.3 lwres_lwpacket_parseheader.3 \
+	lwres_lwpacket_renderheader.3 lwres_net_ntop.3 lwres_noop.3 \
+	lwres_nooprequest_free.3 lwres_nooprequest_parse.3 \
+	lwres_nooprequest_render.3 lwres_noopresponse_free.3 \
+	lwres_noopresponse_parse.3 lwres_noopresponse_render.3 \
+	lwres_packet.3 lwres_resutil.3 lwres_sethostent.3 \
+	lwres_sethostent_r.3 lwres_string_parse.3
+MAN5=	named.conf.5 rndc.conf.5
+MAN8=	dnssec-keygen.8 dnssec-signzone.8 lwresd.8 named-checkconf.8 \
+	named-checkzone.8 named.8 nsupdate.8 rndc-confgen.8 rndc.8
+
+pre-fetch:
+.if defined(PORT_REPLACES_BASE_BIND9)
+	@${ECHO} ""
+	@${ECHO} "***************************************************"
+	@${ECHO} "Support for the old PORT_REPLACES_BASE_BIND9 option"
+	@${ECHO} "will be removed in future versions of the port."
+	@${ECHO} "Use WITH_PORT_REPLACES_BASE_BIND9 instead."
+	@${ECHO} "***************************************************"
+	@${ECHO} ""
+	@/bin/sleep 5
+WITH_PORT_REPLACES_BASE_BIND9=	true
+.endif
+
+post-patch:
+.for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.8 \
+	rndc/rndc.8
+	@${MV} ${WRKSRC}/bin/${FILE} ${WRKSRC}/bin/${FILE}.Dist
+	@${SED} -e 's#/etc/named.conf#${BIND_DESTETC}/named.conf#g' \
+		-e 's#/etc/rndc.conf#${BIND_DESTETC}/rndc.conf#g' \
+		${WRKSRC}/bin/${FILE}.Dist > ${WRKSRC}/bin/${FILE}
+.endfor
+
+post-install:
+	${INSTALL_DATA} ${WRKSRC}/bin/rndc/rndc.conf \
+		${BIND_DESTETC}/rndc.conf.sample
+.if !defined(NOPORTDOCS)
+	${MKDIR} ${DOCSDIR}/arm ${DOCSDIR}/misc
+	${INSTALL_DATA} ${WRKSRC}/doc/arm/Bv9ARM*html ${DOCSDIR}/arm
+	${INSTALL_DATA} ${WRKSRC}/doc/misc/[a-z]* ${DOCSDIR}/misc
+	${CP} ${WRKSRC}/CHANGES ${WRKSRC}/COPYRIGHT ${WRKSRC}/FAQ \
+		${WRKSRC}/README ${DOCSDIR}/
+.endif
+
+	@${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.mk>

dns/bind9-sdb-ldap/distinfo

@@ -0,0 +1,4 @@
+MD5 (bind-9.3.1.tar.gz) = 9ff3204eea27184ea0722f37e43fc95d
+SIZE (bind-9.3.1.tar.gz) = 4673603
+MD5 (bind-9.3.1.tar.gz.asc) = b2077443ade50ed778aa78a8014affaa
+SIZE (bind-9.3.1.tar.gz.asc) = 186

dns/bind9-sdb-ldap/files/patch-sdb_ldap

@@ -0,0 +1,727 @@
+diff -ruN ../bind-9.3.1.org/bin/named/Makefile.in ./bin/named/Makefile.in
+--- ../bind-9.3.1.org/bin/named/Makefile.in	Wed Jun 22 22:34:55 2005
++++ ./bin/named/Makefile.in	Wed Jun 22 22:52:14 2005
+@@ -26,10 +26,10 @@
+ #
+ # Add database drivers here.
+ #
+-DBDRIVER_OBJS =
+-DBDRIVER_SRCS =
+-DBDRIVER_INCLUDES =
+-DBDRIVER_LIBS =
++DBDRIVER_OBJS = ldapdb.@O@
++DBDRIVER_SRCS = ldapdb.c
++DBDRIVER_INCLUDES = -I/usr/local/include
++DBDRIVER_LIBS = -L/usr/local/lib -lldap -llber
+ 
+ CINCLUDES =	-I${srcdir}/include -I${srcdir}/unix/include \
+ 		${LWRES_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES} \
+diff -ruN ../bind-9.3.1.org/bin/named/include/ldapdb.h ./bin/named/include/ldapdb.h
+--- ../bind-9.3.1.org/bin/named/include/ldapdb.h	Thu Jan  1 01:00:00 1970
++++ ./bin/named/include/ldapdb.h	Wed Jun 22 22:40:56 2005
+@@ -0,0 +1,6 @@
++#include <isc/types.h>
++
++isc_result_t ldapdb_init(void);
++
++void ldapdb_clear(void);
++
+diff -ruN ../bind-9.3.1.org/bin/named/ldapdb.c ./bin/named/ldapdb.c
+--- ../bind-9.3.1.org/bin/named/ldapdb.c	Thu Jan  1 01:00:00 1970
++++ ./bin/named/ldapdb.c	Wed Jun 22 22:40:44 2005
+@@ -0,0 +1,667 @@
++/*
++ * ldapdb.c version 1.0-beta
++ *
++ * Copyright (C) 2002, 2004 Stig Venaas
++ *
++ * Permission to use, copy, modify, and distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * Contributors: Jeremy C. McDermond
++ */
++
++/*
++ * If you want to use TLS, uncomment the define below
++ */
++/* #define LDAPDB_TLS */
++
++/*
++ * If you are using an old LDAP API uncomment the define below. Only do this
++ * if you know what you're doing or get compilation errors on ldap_memfree().
++ * This also forces LDAPv2.
++ */
++/* #define LDAPDB_RFC1823API */
++
++/* Using LDAPv3 by default, change this if you want v2 */
++#ifndef LDAPDB_LDAP_VERSION
++#define LDAPDB_LDAP_VERSION 3
++#endif
++
++#include <config.h>
++
++#include <string.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <ctype.h>
++
++#include <isc/mem.h>
++#include <isc/print.h>
++#include <isc/result.h>
++#include <isc/util.h>
++#include <isc/thread.h>
++
++#include <dns/sdb.h>
++
++#include <named/globals.h>
++#include <named/log.h>
++
++#include <ldap.h>
++#include "ldapdb.h"
++
++/*
++ * A simple database driver for LDAP
++ */ 
++
++/* enough for name with 8 labels of max length */
++#define MAXNAMELEN 519
++
++static dns_sdbimplementation_t *ldapdb = NULL;
++
++struct ldapdb_data {
++	char *hostport;
++	char *hostname;
++	int portno;
++	char *base;
++	int defaultttl;
++	char *filterall;
++	int filteralllen;
++	char *filterone;
++	int filteronelen;
++	char *filtername;
++	char *bindname;
++	char *bindpw;
++#ifdef LDAPDB_TLS
++	int tls;
++#endif
++};
++
++/* used by ldapdb_getconn */
++
++struct ldapdb_entry {
++	void *index;
++	size_t size;
++	void *data;
++	struct ldapdb_entry *next;
++};
++
++static struct ldapdb_entry *ldapdb_find(struct ldapdb_entry *stack,
++					const void *index, size_t size) {
++	while (stack != NULL) {
++		if (stack->size == size && !memcmp(stack->index, index, size))
++			return stack;
++		stack = stack->next;
++	}
++	return NULL;
++}
++
++static void ldapdb_insert(struct ldapdb_entry **stack,
++			  struct ldapdb_entry *item) {
++	item->next = *stack;
++	*stack = item;
++}
++
++static void ldapdb_lock(int what) {
++	static isc_mutex_t lock;
++
++	switch (what) {
++	case 0:
++		isc_mutex_init(&lock);
++		break;
++	case 1:
++		LOCK(&lock);
++		break;
++	case -1:
++		UNLOCK(&lock);
++		break;
++	}
++}
++
++/* data == NULL means cleanup */
++static LDAP **
++ldapdb_getconn(struct ldapdb_data *data)
++{
++	static struct ldapdb_entry *allthreadsdata = NULL;
++	struct ldapdb_entry *threaddata, *conndata;
++	unsigned long threadid;
++
++	if (data == NULL) {
++		/* cleanup */
++		/* lock out other threads */
++		ldapdb_lock(1);
++		while (allthreadsdata != NULL) {
++			threaddata = allthreadsdata;
++			free(threaddata->index);
++			while (threaddata->data != NULL) {
++				conndata = threaddata->data;
++				free(conndata->index);
++				if (conndata->data != NULL)
++					ldap_unbind((LDAP *)conndata->data);
++				threaddata->data = conndata->next;
++				free(conndata);
++			}
++			allthreadsdata = threaddata->next;
++			free(threaddata);
++		}
++		ldapdb_lock(-1);
++		return (NULL);
++	}
++
++	/* look for connection data for current thread */
++	threadid = isc_thread_self();
++	threaddata = ldapdb_find(allthreadsdata, &threadid, sizeof(threadid));
++	if (threaddata == NULL) {
++		/* no data for this thread, create empty connection list */
++		threaddata = malloc(sizeof(*threaddata));
++		if (threaddata == NULL)
++			return (NULL);
++		threaddata->index = malloc(sizeof(threadid));
++		if (threaddata->index == NULL) {
++			free(threaddata);
++			return (NULL);
++		}
++		*(unsigned long *)threaddata->index = threadid;
++		threaddata->size = sizeof(threadid);
++		threaddata->data = NULL;
++
++		/* need to lock out other threads here */
++		ldapdb_lock(1);
++		ldapdb_insert(&allthreadsdata, threaddata);
++		ldapdb_lock(-1);
++	}
++
++	/* threaddata points at the connection list for current thread */
++	/* look for existing connection to our server */
++	conndata = ldapdb_find((struct ldapdb_entry *)threaddata->data,
++			       data->hostport, strlen(data->hostport));
++	if (conndata == NULL) {
++		/* no connection data structure for this server, create one */
++		conndata = malloc(sizeof(*conndata));
++		if (conndata == NULL)
++			return (NULL);
++		conndata->index = data->hostport;
++		conndata->size = strlen(data->hostport);
++		conndata->data = NULL;
++		ldapdb_insert((struct ldapdb_entry **)&threaddata->data,
++			      conndata);
++	}
++
++	return (LDAP **)&conndata->data;
++}
++
++static void
++ldapdb_bind(struct ldapdb_data *data, LDAP **ldp)
++{
++#ifndef LDAPDB_RFC1823API
++	const int ver = LDAPDB_LDAP_VERSION;
++#endif
++
++	if (*ldp != NULL)
++		ldap_unbind(*ldp);
++	*ldp = ldap_open(data->hostname, data->portno);
++	if (*ldp == NULL)
++		return;
++
++#ifndef LDAPDB_RFC1823API
++	ldap_set_option(*ldp, LDAP_OPT_PROTOCOL_VERSION, &ver);
++#endif
++
++#ifdef LDAPDB_TLS
++	if (data->tls) {
++		ldap_start_tls_s(*ldp, NULL, NULL);
++	}
++#endif
++
++	if (ldap_simple_bind_s(*ldp, data->bindname, data->bindpw) != LDAP_SUCCESS) {
++		ldap_unbind(*ldp);
++		*ldp = NULL;
++	}
++}
++
++static isc_result_t
++ldapdb_search(const char *zone, const char *name, void *dbdata, void *retdata)
++{
++	struct ldapdb_data *data = dbdata;
++	isc_result_t result = ISC_R_NOTFOUND;
++	LDAP **ldp;
++	LDAPMessage *res, *e;
++	char *fltr, *a, **vals = NULL, **names = NULL;
++	char type[64];
++#ifdef LDAPDB_RFC1823API
++	void *ptr;
++#else
++	BerElement *ptr;
++#endif
++	int i, j, errno, msgid;
++
++	ldp = ldapdb_getconn(data);
++	if (ldp == NULL)
++		return (ISC_R_FAILURE);
++	if (*ldp == NULL) {
++		ldapdb_bind(data, ldp);
++		if (*ldp == NULL) {
++			isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR,	
++				      "LDAP sdb zone '%s': bind failed", zone);
++			return (ISC_R_FAILURE);
++		}
++	}
++
++	if (name == NULL) {
++		fltr = data->filterall;
++	} else {
++		if (strlen(name) > MAXNAMELEN) {
++			isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
++                                      "LDAP sdb zone '%s': name %s too long", zone, name);
++			return (ISC_R_FAILURE);
++		}
++		sprintf(data->filtername, "%s))", name);
++		fltr = data->filterone;
++	}
++
++	msgid = ldap_search(*ldp, data->base, LDAP_SCOPE_SUBTREE, fltr, NULL, 0);
++	if (msgid == -1) {
++		ldapdb_bind(data, ldp);
++		if (*ldp != NULL)
++			msgid = ldap_search(*ldp, data->base, LDAP_SCOPE_SUBTREE, fltr, NULL, 0);
++	}
++
++	if (*ldp == NULL || msgid == -1) {
++		isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR,	
++			      "LDAP sdb zone '%s': search failed, filter %s", zone, fltr);
++		return (ISC_R_FAILURE);
++	}
++
++	/* Get the records one by one as they arrive and return them to bind */
++	while ((errno = ldap_result(*ldp, msgid, 0, NULL, &res)) != LDAP_RES_SEARCH_RESULT ) {
++		LDAP *ld = *ldp;
++		int ttl = data->defaultttl;
++
++		/* not supporting continuation references at present */
++		if (errno != LDAP_RES_SEARCH_ENTRY) {
++			isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR,	
++				      "LDAP sdb zone '%s': ldap_result returned %d", zone, errno);
++			ldap_msgfree(res);
++			return (ISC_R_FAILURE);
++                }
++
++		/* only one entry per result message */
++		e = ldap_first_entry(ld, res);
++		if (e == NULL) {
++			ldap_msgfree(res);
++			isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR,	
++				      "LDAP sdb zone '%s': ldap_first_entry failed", zone);
++			return (ISC_R_FAILURE);
++                }
++
++		if (name == NULL) {
++			names = ldap_get_values(ld, e, "relativeDomainName");
++			if (names == NULL)
++				continue;
++		}
++
++		vals = ldap_get_values(ld, e, "dNSTTL");
++		if (vals != NULL) {
++			ttl = atoi(vals[0]);
++			ldap_value_free(vals);
++		}
++
++		for (a = ldap_first_attribute(ld, e, &ptr); a != NULL; a = ldap_next_attribute(ld, e, ptr)) {
++			char *s;
++
++			for (s = a; *s; s++)
++				*s = toupper(*s);
++			s = strstr(a, "RECORD");
++			if ((s == NULL) || (s == a) || (s - a >= (signed int)sizeof(type))) {
++#ifndef LDAPDB_RFC1823API
++				ldap_memfree(a);
++#endif
++				continue;
++			}
++
++			strncpy(type, a, s - a);
++			type[s - a] = '\0';
++			vals = ldap_get_values(ld, e, a);
++			if (vals != NULL) {
++				for (i = 0; vals[i] != NULL; i++) {
++					if (name != NULL) {
++						result = dns_sdb_putrr(retdata, type, ttl, vals[i]);
++					} else {
++						for (j = 0; names[j] != NULL; j++) {
++							result = dns_sdb_putnamedrr(retdata, names[j], type, ttl, vals[i]);
++							if (result != ISC_R_SUCCESS)
++								break;
++						}
++					}
++;					if (result != ISC_R_SUCCESS) {
++						isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR,	
++							      "LDAP sdb zone '%s': dns_sdb_put... failed for %s", zone, vals[i]);
++						ldap_value_free(vals);
++#ifndef LDAPDB_RFC1823API
++						ldap_memfree(a);
++						if (ptr != NULL)
++							ber_free(ptr, 0);
++#endif
++						if (name == NULL)
++							ldap_value_free(names);
++						ldap_msgfree(res);
++						return (ISC_R_FAILURE);
++					}
++				}
++				ldap_value_free(vals);
++			}
++#ifndef LDAPDB_RFC1823API
++			ldap_memfree(a);
++#endif
++		}
++#ifndef LDAPDB_RFC1823API
++		if (ptr != NULL)
++			ber_free(ptr, 0);
++#endif
++		if (name == NULL)
++			ldap_value_free(names);
++
++		/* free this result */
++		ldap_msgfree(res);
++	}
++
++	/* free final result */
++	ldap_msgfree(res);
++        return (result);
++}
++
++
++/* callback routines */
++static isc_result_t
++ldapdb_lookup(const char *zone, const char *name, void *dbdata,
++	      dns_sdblookup_t *lookup)
++{
++	return ldapdb_search(zone, name, dbdata, lookup);
++}
++
++static isc_result_t
++ldapdb_allnodes(const char *zone, void *dbdata,
++		dns_sdballnodes_t *allnodes)
++{
++	return ldapdb_search(zone, NULL, dbdata, allnodes);
++}
++
++static char *
++unhex(char *in)
++{
++	static const char hexdigits[] = "0123456789abcdef";
++	char *p, *s = in;
++	int d1, d2;
++
++	while ((s = strchr(s, '%'))) {
++		if (!(s[1] && s[2]))
++			return NULL;
++		if ((p = strchr(hexdigits, tolower(s[1]))) == NULL)
++			return NULL;
++		d1 = p - hexdigits;
++		if ((p = strchr(hexdigits, tolower(s[2]))) == NULL)
++			return NULL;
++		d2 = p - hexdigits;
++		*s++ = d1 << 4 | d2;
++		memmove(s, s + 2, strlen(s) - 1);
++	}
++	return in;
++}
++
++/* returns 0 for ok, -1 for bad syntax, -2 for unknown critical extension */
++static int
++parseextensions(char *extensions, struct ldapdb_data *data)
++{
++	char *s, *next, *name, *value;
++	int critical;
++
++	while (extensions != NULL) {
++		s = strchr(extensions, ',');
++		if (s != NULL) {
++			*s++ = '\0';
++			next = s;
++		} else {
++			next = NULL;
++		}
++
++		if (*extensions != '\0') {
++			s = strchr(extensions, '=');
++			if (s != NULL) {
++				*s++ = '\0';
++				value = *s != '\0' ? s : NULL;
++			} else {
++				value = NULL;
++			}
++			name = extensions;
++
++			critical = *name == '!';
++			if (critical) {
++				name++;
++			}
++			if (*name == '\0') {
++				return -1;
++			}
++			
++			if (!strcasecmp(name, "bindname")) {
++				data->bindname = value;
++			} else if (!strcasecmp(name, "x-bindpw")) {
++				data->bindpw = value;
++#ifdef LDAPDB_TLS
++			} else if (!strcasecmp(name, "x-tls")) {
++				data->tls = value == NULL || !strcasecmp(value, "true");
++#endif
++			} else if (critical) {
++				return -2;
++			}
++		}
++		extensions = next;
++	}
++	return 0;
++}
++
++static void
++free_data(struct ldapdb_data *data)
++{
++	if (data->hostport != NULL)
++		isc_mem_free(ns_g_mctx, data->hostport);
++	if (data->hostname != NULL)
++		isc_mem_free(ns_g_mctx, data->hostname);
++	if (data->filterall != NULL)
++		isc_mem_put(ns_g_mctx, data->filterall, data->filteralllen);
++	if (data->filterone != NULL)
++		isc_mem_put(ns_g_mctx, data->filterone, data->filteronelen);
++        isc_mem_put(ns_g_mctx, data, sizeof(struct ldapdb_data));
++}
++
++
++static isc_result_t
++ldapdb_create(const char *zone, int argc, char **argv,
++	      void *driverdata, void **dbdata)
++{
++	struct ldapdb_data *data;
++	char *s, *filter = NULL, *extensions = NULL;
++	int defaultttl;
++
++	UNUSED(driverdata);
++
++	/* we assume that only one thread will call create at a time */
++	/* want to do this only once for all instances */
++
++	if ((argc < 2)
++	    || (argv[0] != strstr( argv[0], "ldap://"))
++	    || ((defaultttl = atoi(argv[1])) < 1))
++                return (ISC_R_FAILURE);
++        data = isc_mem_get(ns_g_mctx, sizeof(struct ldapdb_data));
++        if (data == NULL)
++                return (ISC_R_NOMEMORY);
++
++	memset(data, 0, sizeof(struct ldapdb_data));
++	data->hostport = isc_mem_strdup(ns_g_mctx, argv[0] + strlen("ldap://"));
++	if (data->hostport == NULL) {
++		free_data(data);
++		return (ISC_R_NOMEMORY);
++	}
++
++	data->defaultttl = defaultttl;
++
++	s = strchr(data->hostport, '/');
++	if (s != NULL) {
++		*s++ = '\0';
++		data->base = s;
++		/* attrs, scope, filter etc? */
++		s = strchr(s, '?');
++		if (s != NULL) {
++			*s++ = '\0';
++			/* ignore attributes */
++			s = strchr(s, '?');
++			if (s != NULL) {
++				*s++ = '\0';
++				/* ignore scope */
++				s = strchr(s, '?');
++				if (s != NULL) {
++					*s++ = '\0';
++					/* filter */
++					filter = s;
++					s = strchr(s, '?');
++					if (s != NULL) {
++						*s++ = '\0';
++						/* extensions */
++						extensions = s;
++						s = strchr(s, '?');
++						if (s != NULL) {
++							*s++ = '\0';
++						}
++						if (*extensions == '\0') {
++							extensions = NULL;
++						}
++					}
++					if (*filter == '\0') {
++						filter = NULL;
++					}
++				}
++			}
++		}
++		if (*data->base == '\0') {
++			data->base = NULL;
++		}
++	}
++
++	/* parse extensions */
++	if (extensions != NULL) {
++		int err;
++
++		err = parseextensions(extensions, data);
++		if (err < 0) {
++			/* err should be -1 or -2 */
++			free_data(data);
++			if (err == -1) {
++				isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
++					      "LDAP sdb zone '%s': URL: extension syntax error", zone);
++			} else if (err == -2) {
++				isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
++					      "LDAP sdb zone '%s': URL: unknown critical extension", zone);
++			}
++			return (ISC_R_FAILURE);
++		}
++	}
++
++	if ((data->base != NULL && unhex(data->base) == NULL) ||
++	    (filter != NULL && unhex(filter) == NULL) ||
++	    (data->bindname != NULL && unhex(data->bindname) == NULL) ||
++	    (data->bindpw != NULL && unhex(data->bindpw) == NULL)) {
++		free_data(data);
++		isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR,	
++			      "LDAP sdb zone '%s': URL: bad hex values", zone);
++		return (ISC_R_FAILURE);
++	}
++
++	/* compute filterall and filterone once and for all */
++	if (filter == NULL) {
++		data->filteralllen = strlen(zone) + strlen("(zoneName=)") + 1;
++		data->filteronelen = strlen(zone) + strlen("(&(zoneName=)(relativeDomainName=))") + MAXNAMELEN + 1;
++	} else {
++		data->filteralllen = strlen(filter) + strlen(zone) + strlen("(&(zoneName=))") + 1;
++		data->filteronelen = strlen(filter) + strlen(zone) + strlen("(&(zoneName=)(relativeDomainName=))") + MAXNAMELEN + 1;
++	}
++
++	data->filterall = isc_mem_get(ns_g_mctx, data->filteralllen);
++	if (data->filterall == NULL) {
++		free_data(data);
++		return (ISC_R_NOMEMORY);
++	}
++	data->filterone = isc_mem_get(ns_g_mctx, data->filteronelen);
++	if (data->filterone == NULL) {
++		free_data(data);
++		return (ISC_R_NOMEMORY);
++	}
++
++	if (filter == NULL) {
++		sprintf(data->filterall, "(zoneName=%s)", zone);
++		sprintf(data->filterone, "(&(zoneName=%s)(relativeDomainName=", zone); 
++	} else {
++		sprintf(data->filterall, "(&%s(zoneName=%s))", filter, zone);
++		sprintf(data->filterone, "(&%s(zoneName=%s)(relativeDomainName=", filter, zone);
++	}
++	data->filtername = data->filterone + strlen(data->filterone);
++
++	/* support URLs with literal IPv6 addresses */
++	data->hostname = isc_mem_strdup(ns_g_mctx, data->hostport + (*data->hostport == '[' ? 1 : 0));
++	if (data->hostname == NULL) {
++		free_data(data);
++		return (ISC_R_NOMEMORY);
++	}
++
++	if (*data->hostport == '[' &&
++	    (s = strchr(data->hostname, ']')) != NULL )
++		*s++ = '\0';
++	else
++		s = data->hostname;
++	s = strchr(s, ':');
++	if (s != NULL) {
++		*s++ = '\0';
++		data->portno = atoi(s);
++	} else
++		data->portno = LDAP_PORT;
++
++	*dbdata = data;
++	return (ISC_R_SUCCESS);
++}
++
++static void
++ldapdb_destroy(const char *zone, void *driverdata, void **dbdata) {
++	struct ldapdb_data *data = *dbdata;
++	
++        UNUSED(zone);
++        UNUSED(driverdata);
++
++	free_data(data);
++}
++
++static dns_sdbmethods_t ldapdb_methods = {
++	ldapdb_lookup,
++	NULL, /* authority */
++	ldapdb_allnodes,
++	ldapdb_create,
++	ldapdb_destroy
++};
++
++/* Wrapper around dns_sdb_register() */
++isc_result_t
++ldapdb_init(void) {
++	unsigned int flags =
++		DNS_SDBFLAG_RELATIVEOWNER |
++		DNS_SDBFLAG_RELATIVERDATA |
++		DNS_SDBFLAG_THREADSAFE;
++
++	ldapdb_lock(0);
++	return (dns_sdb_register("ldap", &ldapdb_methods, NULL, flags,
++				 ns_g_mctx, &ldapdb));
++}
++
++/* Wrapper around dns_sdb_unregister() */
++void
++ldapdb_clear(void) {
++	if (ldapdb != NULL) {
++		/* clean up thread data */
++		ldapdb_getconn(NULL);
++		dns_sdb_unregister(&ldapdb);
++	}
++}
+diff -ruN ../bind-9.3.1.org/bin/named/main.c ./bin/named/main.c
+--- ../bind-9.3.1.org/bin/named/main.c	Wed Jun 22 22:34:55 2005
++++ ./bin/named/main.c	Wed Jun 22 22:47:38 2005
+@@ -71,6 +71,7 @@
+  * Include header files for database drivers here.
+  */
+ /* #include "xxdb.h" */
++#include <ldapdb.h> 
+ 
+ static isc_boolean_t	want_stats = ISC_FALSE;
+ static char		program_name[ISC_DIR_NAMEMAX] = "named";
+@@ -656,6 +657,7 @@
+ 	 * Add calls to register sdb drivers here.
+ 	 */
+ 	/* xxdb_init(); */
++	ldapdb_init();
+ 
+ 	ns_server_create(ns_g_mctx, &ns_g_server);
+ }
+@@ -672,7 +674,7 @@
+ 	 * Add calls to unregister sdb drivers here.
+ 	 */
+ 	/* xxdb_clear(); */
+-
++	ldapdb_clear();
+ 	isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN,
+ 		      ISC_LOG_NOTICE, "exiting");
+ 	ns_log_shutdown();

dns/bind9-sdb-ldap/pkg-descr

@@ -0,0 +1,7 @@
+This port includes all the excellent features of the BIND9 DNS server,
+including support for an LDAP back-end. These patches were written by Venaas.
+
+WWW: http://www.venaas.no/ldap/bind-sdb/
+
+- Hugo
+hugo@meiland.nl 

dns/bind9-sdb-ldap/pkg-message

@@ -0,0 +1,22 @@
+*************************************************************************
+*           _  _____ _____ _____ _   _ _____ ___ ___  _   _ 		*
+*	   / \|_   _|_   _| ____| \ | |_   _|_ _/ _ \| \ | |		*
+*	  / _ \ | |   | | |  _| |  \| | | |  | | | | |  \| |		*
+*	 / ___ \| |   | | | |___| |\  | | |  | | |_| | |\  |		*
+*	/_/   \_\_|   |_| |_____|_| \_| |_| |___\___/|_| \_|		*
+*									*
+*	BIND 9 requires a good source of randomness to operate.		*
+*	It also requires configuration of rndc, including a		*
+*	"secret" key.  If you are using FreeBSD 4.x, visit		*
+*	http://people.freebsd.org/~dougb/randomness.html for		*
+*	information on how to set up entropy gathering. Users		*
+*	of FreeBSD 5.x or later do not need to do this step. If		*
+*	you are running BIND 9 in a chroot environment, make		*
+*	sure that there is a /dev/random device in the chroot.		*
+*									*
+*	The easiest, and most secure way to configure rndc is		*
+*	to run 'rndc-confgen -a' which will generate the proper		*
+*	conf file, with a new random key, and appropriate file		*
+*	permissions.							*
+*									*
+*************************************************************************

dns/bind9-sdb-ldap/pkg-plist

@@ -0,0 +1,226 @@
+bin/dig
+bin/host
+bin/isc-config.sh
+bin/nslookup
+bin/nsupdate
+include/bind9/check.h
+include/bind9/getaddresses.h
+include/bind9/version.h
+include/dns/acl.h
+include/dns/adb.h
+include/dns/byaddr.h
+include/dns/cache.h
+include/dns/callbacks.h
+include/dns/cert.h
+include/dns/compress.h
+include/dns/db.h
+include/dns/dbiterator.h
+include/dns/dbtable.h
+include/dns/diff.h
+include/dns/dispatch.h
+include/dns/dnssec.h
+include/dns/ds.h
+include/dns/enumclass.h
+include/dns/enumtype.h
+include/dns/events.h
+include/dns/fixedname.h
+include/dns/journal.h
+include/dns/keyflags.h
+include/dns/keytable.h
+include/dns/keyvalues.h
+include/dns/lib.h
+include/dns/log.h
+include/dns/master.h
+include/dns/masterdump.h
+include/dns/message.h
+include/dns/name.h
+include/dns/ncache.h
+include/dns/nsec.h
+include/dns/peer.h
+include/dns/portlist.h
+include/dns/rbt.h
+include/dns/rcode.h
+include/dns/rdata.h
+include/dns/rdataclass.h
+include/dns/rdatalist.h
+include/dns/rdataset.h
+include/dns/rdatasetiter.h
+include/dns/rdataslab.h
+include/dns/rdatastruct.h
+include/dns/rdatatype.h
+include/dns/request.h
+include/dns/resolver.h
+include/dns/result.h
+include/dns/rootns.h
+include/dns/sdb.h
+include/dns/secalg.h
+include/dns/secproto.h
+include/dns/soa.h
+include/dns/ssu.h
+include/dns/tcpmsg.h
+include/dns/time.h
+include/dns/tkey.h
+include/dns/tsig.h
+include/dns/ttl.h
+include/dns/types.h
+include/dns/validator.h
+include/dns/version.h
+include/dns/view.h
+include/dns/xfrin.h
+include/dns/zone.h
+include/dns/zonekey.h
+include/dns/zt.h
+include/dst/dst.h
+include/dst/lib.h
+include/dst/result.h
+include/isc/app.h
+include/isc/assertions.h
+include/isc/base64.h
+include/isc/bitstring.h
+include/isc/boolean.h
+include/isc/buffer.h
+include/isc/bufferlist.h
+include/isc/commandline.h
+include/isc/condition.h
+include/isc/dir.h
+include/isc/entropy.h
+include/isc/error.h
+include/isc/event.h
+include/isc/eventclass.h
+include/isc/file.h
+include/isc/formatcheck.h
+include/isc/fsaccess.h
+include/isc/heap.h
+include/isc/hex.h
+include/isc/hmacmd5.h
+include/isc/int.h
+include/isc/interfaceiter.h
+include/isc/lang.h
+include/isc/lex.h
+include/isc/lfsr.h
+include/isc/lib.h
+include/isc/list.h
+include/isc/log.h
+include/isc/magic.h
+include/isc/md5.h
+include/isc/mem.h
+include/isc/msgcat.h
+include/isc/msgs.h
+include/isc/mutex.h
+include/isc/mutexblock.h
+include/isc/net.h
+include/isc/netaddr.h
+include/isc/netdb.h
+include/isc/offset.h
+include/isc/once.h
+include/isc/ondestroy.h
+include/isc/os.h
+include/isc/parseint.h
+include/isc/platform.h
+include/isc/print.h
+include/isc/quota.h
+include/isc/random.h
+include/isc/ratelimiter.h
+include/isc/refcount.h
+include/isc/region.h
+include/isc/resource.h
+include/isc/result.h
+include/isc/resultclass.h
+include/isc/rwlock.h
+include/isc/serial.h
+include/isc/sha1.h
+include/isc/sockaddr.h
+include/isc/socket.h
+include/isc/stdio.h
+include/isc/stdlib.h
+include/isc/stdtime.h
+include/isc/string.h
+include/isc/symtab.h
+include/isc/syslog.h
+include/isc/task.h
+include/isc/taskpool.h
+include/isc/thread.h
+include/isc/time.h
+include/isc/timer.h
+include/isc/types.h
+include/isc/util.h
+include/isc/version.h
+include/isccc/alist.h
+include/isccc/base64.h
+include/isccc/cc.h
+include/isccc/ccmsg.h
+include/isccc/events.h
+include/isccc/lib.h
+include/isccc/result.h
+include/isccc/sexpr.h
+include/isccc/symtab.h
+include/isccc/symtype.h
+include/isccc/types.h
+include/isccc/util.h
+include/isccc/version.h
+include/isccfg/cfg.h
+include/isccfg/grammar.h
+include/isccfg/log.h
+include/isccfg/namedconf.h
+include/isccfg/version.h
+include/lwres/context.h
+include/lwres/int.h
+include/lwres/ipv6.h
+include/lwres/lang.h
+include/lwres/list.h
+include/lwres/lwbuffer.h
+include/lwres/lwpacket.h
+include/lwres/lwres.h
+include/lwres/net.h
+include/lwres/netdb.h
+include/lwres/platform.h
+include/lwres/result.h
+include/lwres/version.h
+lib/libbind9.a
+lib/libdns.a
+lib/libisc.a
+lib/libisccc.a
+lib/libisccfg.a
+lib/liblwres.a
+sbin/dnssec-keygen
+sbin/dnssec-signzone
+sbin/lwresd
+sbin/named
+sbin/named-checkconf
+sbin/named-checkzone
+sbin/rndc
+sbin/rndc-confgen
+%%PORTDOCS%%%%DOCSDIR%%/CHANGES
+%%PORTDOCS%%%%DOCSDIR%%/COPYRIGHT
+%%PORTDOCS%%%%DOCSDIR%%/FAQ
+%%PORTDOCS%%%%DOCSDIR%%/README
+%%PORTDOCS%%%%DOCSDIR%%/arm/Bv9ARM.ch01.html
+%%PORTDOCS%%%%DOCSDIR%%/arm/Bv9ARM.ch02.html
+%%PORTDOCS%%%%DOCSDIR%%/arm/Bv9ARM.ch03.html
+%%PORTDOCS%%%%DOCSDIR%%/arm/Bv9ARM.ch04.html
+%%PORTDOCS%%%%DOCSDIR%%/arm/Bv9ARM.ch05.html
+%%PORTDOCS%%%%DOCSDIR%%/arm/Bv9ARM.ch06.html
+%%PORTDOCS%%%%DOCSDIR%%/arm/Bv9ARM.ch07.html
+%%PORTDOCS%%%%DOCSDIR%%/arm/Bv9ARM.ch08.html
+%%PORTDOCS%%%%DOCSDIR%%/arm/Bv9ARM.ch09.html
+%%PORTDOCS%%%%DOCSDIR%%/arm/Bv9ARM.html
+%%PORTDOCS%%%%DOCSDIR%%/misc/dnssec
+%%PORTDOCS%%%%DOCSDIR%%/misc/format-options.pl
+%%PORTDOCS%%%%DOCSDIR%%/misc/ipv6
+%%PORTDOCS%%%%DOCSDIR%%/misc/migration
+%%PORTDOCS%%%%DOCSDIR%%/misc/migration-4to9
+%%PORTDOCS%%%%DOCSDIR%%/misc/options
+%%PORTDOCS%%%%DOCSDIR%%/misc/rfc-compliance
+%%PORTDOCS%%%%DOCSDIR%%/misc/roadmap
+%%PORTDOCS%%%%DOCSDIR%%/misc/sdb
+%%PORTDOCS%%@dirrm %%DOCSDIR%%/arm
+%%PORTDOCS%%@dirrm %%DOCSDIR%%/misc
+%%PORTDOCS%%@dirrm %%DOCSDIR%%
+@unexec rm -f %%BIND_DESTETC%%/rndc.conf.sample
+@dirrm include/bind9
+@dirrm include/dns
+@dirrm include/dst
+@unexec rmdir %D/include/isc 2>/dev/null || true
+@dirrm include/isccc
+@dirrm include/isccfg
+@dirrm include/lwres