Commit graph

289 commits

Author SHA1 Message Date
Ondřej Surý
2bf7921c7e Update the copyright information in all files in the repository
This commit converts the license handling to adhere to the REUSE
specification.  It specifically:

1. Adds used licnses to LICENSES/ directory

2. Add "isc" template for adding the copyright boilerplate

3. Changes all source files to include copyright and SPDX license
   header, this includes all the C sources, documentation, zone files,
   configuration files.  There are notes in the doc/dev/copyrights file
   on how to add correct headers to the new files.

4. Handle the rest that can't be modified via .reuse/dep5 file.  The
   binary (or otherwise unmodifiable) files could have license places
   next to them in <foo>.license file, but this would lead to cluttered
   repository and most of the files handled in the .reuse/dep5 file are
   system test files.

(cherry picked from commit 58bd26b6cf)
2022-01-11 12:22:09 +01:00
Matthijs Mekking
514eccf730 Move checkds system test to checkdstool
There is a checkds system test in v9_16 that does not exist in the
main branch. This existing checkds system test checks the behaviour of
the dnssec-checkds tool. Before backporting the new checkds system
test, that tests the feature where BIND checks periodically the
parental agents if the DS for a given KSK has been published, move the
existing checkds system test to checkdstool.
2021-07-01 14:48:23 +02:00
Ondřej Surý
68cb38fc60 Cleanup the uv_import check
The uv_import() is not needed anymore, so we can remove the autoconf
check for it.

(cherry picked from commit 7b02848865)
2021-05-31 16:57:19 +02:00
Evan Hunt
28511bfcfd move samples/resolve.c to bin/tests/system
"resolve" is used by the resolver system tests, and I'm not
certain whether delv exercises the same code, so rather than
remove it, I moved it to bin/tests/system.

(cherry picked from commit d0ec7d1f33)
2021-04-19 14:32:53 +02:00
Evan Hunt
65777fcdf4 remove sample-async
sample code for export libraries is no longer needed and
this code is not used for any internal tests. also, sample-gai.c
had already been removed but there were some dangling references.

(cherry picked from commit 056afe7bdc)
2021-04-19 13:25:48 +02:00
Evan Hunt
b4aaf6b83d remove dns_client_request() and related code
continues the cleanup of dns_client started in the previous commit.

(cherry picked from commit 1beb05f3e2)
2021-04-19 13:25:48 +02:00
Evan Hunt
131bbb9bbe remove dns_client_update() and related code
the libdns client API is no longer being maintained for
external use, we can remove the code that isn't being used
internally, as well as the related tests.

(cherry picked from commit fb2a352e7c)
2021-04-19 13:25:48 +02:00
Mark Andrews
a875dcc669 Remove custom ISC SPNEGO implementation
The custom ISC SPNEGO mechanism implementation is no longer needed on
the basis that all major Kerberos 5/GSSAPI (mit-krb5, heimdal and
Windows) implementations support SPNEGO mechanism since 2006.

This commit removes the custom ISC SPNEGO implementation, and removes
the option from both autoconf and win32 Configure script.  Unknown
options are being ignored, so this doesn't require any special handling.
2021-04-01 10:42:32 +02:00
Ondřej Surý
effe3ee595 Refactor TLSDNS module to work with libuv/ssl directly
* Following the example set in 634bdfb16d, the tlsdns netmgr
  module now uses libuv and SSL primitives directly, rather than
  opening a TLS socket which opens a TCP socket, as the previous
  model was difficult to debug.  Closes #2335.

* Remove the netmgr tls layer (we will have to re-add it for DoH)

* Add isc_tls API to wrap the OpenSSL SSL_CTX object into libisc
  library; move the OpenSSL initialization/deinitialization from dstapi
  needed for OpenSSL 1.0.x to the isc_tls_{initialize,destroy}()

* Add couple of new shims needed for OpenSSL 1.0.x

* When LibreSSL is used, require at least version 2.7.0 that
  has the best OpenSSL 1.1.x compatibility and auto init/deinit

* Enforce OpenSSL 1.1.x usage on Windows

(cherry picked from commit e493e04c0f)
2021-02-26 16:14:50 +01:00
Ondřej Surý
0e25af628c Use -release instead of -version-info for internal library SONAMEs
The BIND 9 libraries are considered to be internal only and hence the
API and ABI changes a lot.  Keeping track of the API/ABI changes takes
time and it's a complicated matter as the safest way to make everything
stable would be to bump any library in the dependency chain as in theory
if libns links with libdns, and a binary links with both, and we bump
the libdns SOVERSION, but not the libns SOVERSION, the old libns might
be loaded by binary pulling old libdns together with new libdns loaded
by the binary.  The situation gets even more complicated with loading
the plugins that have been compiled with few versions old BIND 9
libraries and then dynamically loaded into the named.

We are picking the safest option possible and usable for internal
libraries - instead of using -version-info that has only a weak link to
BIND 9 version number, we are using -release libtool option that will
embed the corresponding BIND 9 version number into the library name.

That means that instead of libisc.so.1608 (as an example) the library
will now be named libisc-9.16.10.so.

(cherry picked from commit c605d75ea5)
2021-01-25 15:28:09 +01:00
Ondřej Surý
7fc62f829d Add libssl libraries to Windows build
This commit extends the perl Configure script to also check for libssl
in addition to libcrypto and change the vcxproj source files to link
with both libcrypto and libssl.
2020-12-09 10:46:16 +01:00
Michał Kępień
1f26fa2588 Fix detection of CMake-built libuv on Windows
As of libuv 1.36.0, CMake is the only supported build method for libuv
on Windows.  Account for that fact by adjusting the relevant paths and
DLL file names used in the win32utils/Configure script.  Update
Windows-specific documentation accordingly.

(cherry picked from commit 64a091d587)
2020-11-05 15:07:01 +01:00
Evan Hunt
df698d73f4 update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
Ondřej Surý
58e20fa746 Convert the documentation to Sphinx documentation format
The ARM and the manpages have been converted into Sphinx documentation
format.

Sphinx uses reStructuredText as its markup language, and many of its
strengths come from the power and straightforwardness of
reStructuredText and its parsing and translating suite, the Docutils.

(cherry picked from commit 9fb6d11abb)
2020-06-01 09:54:45 +02:00
Ondřej Surý
dc51f720b9 Only print warning when PKCS#11 dnssec-keygen fails from Edwards curves
(cherry picked from commit 9d979d7cd6)
2020-05-01 06:54:26 +02:00
Aaron Thompson
f534519af5 Finish refactoring after the removal of --with-ecdsa and --with-eddsa.
Missed in c3b8130fe8.

(cherry picked from commit 7fc4f926fb)
2020-05-01 06:54:26 +02:00
Aaron Thompson
78e4cc96d7 Remove old comment.
Missed in 6aae193ded.

(cherry picked from commit 48e0c0bc4a)
2020-05-01 06:54:26 +02:00
Ondřej Surý
fd9237e18e Don't escape spaces in CONFIGARGS, use double backslash with all whitespace
(cherry picked from commit 9b0e85cbd5)
2020-04-16 07:56:38 +02:00
Michał Kępień
021b83059e Fix "srcid" on Windows
Windows BIND releases produced by GitLab CI are built from Git
repositories, not from release tarballs, which means the "srcid" file is
not present in the top source directory when MSBuild is invoked.  This
causes the Git commit hash for such builds to be set to "unset_id".
Enable win32utils/Configure to try determining the commit hash for a
build by invoking Git on the build host if the "srcid" file is not
present (which is what its Unix counterpart does).

(cherry picked from commit 05e13e7caf)
2020-04-15 11:39:45 +02:00
Michał Kępień
11f2f7bfbf Fix using sibling-root libuv for Windows builds
HAVE_UV_IMPORT and other config.h macros must not be set unconditionally
because no existing libuv release exposes uv_import() and/or uv_export()
yet.  Windows builds not passing an explicit path to libuv to
win32utils/Configure are currently broken because of this, so comment
out the offending lines and describe when the aforementioned config.h
macros should be set.

(cherry picked from commit 57b430b8ca)
2020-03-06 13:37:25 +01:00
Michał Kępień
01646805bb Clean up --with-tuning=large remnants
The change introduced by commit be159f5565
was not fully complete.  Adjust ./configure summary so that it reflects
the new way the --with-tuning switch works, fixing the Autoconf variable
used for determining the value of that switch.  Fix win32utils/Configure
so that it behaves the same way as its Unix counterpart.

(cherry picked from commit a5fc3a6364)
2020-02-21 13:43:16 +01:00
Evan Hunt
11a0d771f9 fix spelling errors reported by Fossies.
(cherry picked from commit ba0313e649)
2020-02-21 07:05:31 +00:00
Witold Kręcicki
32d00479e6 Use libuv-provided uv_{export,import} if available.
We were using our own versions of isc_uv_{export,import} functions
for multithreaded TCP listeners. Upcoming libuv version will
contain proper uv_{export,import} functions - use them if they're
available.
2020-02-18 14:21:16 +01:00
Michał Kępień
d75b945a30 Add libuv information to win32utils/build.txt 2020-02-12 16:04:04 +01:00
Witold Kręcicki
c6c0a9fdba Add isc_uv_export()/isc_uv_import() functions to libuv compatibility layer.
These functions can be used to pass a uv handle between threads in a
safe manner. The other option is to use uv_pipe and pass the uv_handle
via IPC, which is way more complex.  uv_export() and uv_import() functions
existed in libuv at some point but were removed later. This code is
based on the original removed code.

The Windows version of the code uses two functions internal to libuv;
a patch for libuv is attached for exporting these functions.
2020-01-13 10:52:07 -08:00
Mark Andrews
72ca05c966 Add dependancy on libirs to dig, host, and nslookup. 2019-11-15 11:22:35 +11:00
Michał Kępień
d8768bd143 Fix libuv.dll handling
Make sure libuv.dll gets copied to the proper directory in the Release
build configuration and that the BIND installer on Windows installs
libuv.dll.
2019-11-12 09:14:59 +00:00
Michał Kępień
47e14c4d17 Add missing dnssec-keygen dependency on libisccfg
Commit 09ac224c5c made dnssec-keygen
depend on libisccfg but the Visual Studio solution file was not updated
to reflect that change.  Make sure the dnssec-keygen Visual Studio
project depends on the libisccfg project to prevent compilation issues
during parallel builds.
2019-11-08 12:56:09 +01:00
Witold Kręcicki
70397f9d92 netmgr: libuv-based network manager
This is a replacement for the existing isc_socket and isc_socketmgr
implementation. It uses libuv for asynchronous network communication;
"networker" objects will be distributed across worker threads reading
incoming packets and sending them for processing.

UDP listener sockets automatically create an array of "child" sockets
so each worker can listen separately.

TCP sockets are shared amongst worker threads.

A TCPDNS socket is a wrapper around a TCP socket, which handles the
the two-byte length field at the beginning of DNS messages over TCP.

(Other wrapper socket types can be implemented in the future to handle
DNS over TLS, DNS over HTTPS, etc.)
2019-11-07 11:55:37 -08:00
Michał Kępień
428dcf3b49 Remove remnants of the --with-cc-alg option
Commit afa81ee4e4 omitted some spots in
the source tree which are still referencing the removed --with-cc-alg
"configure" option.  Make sure the latter is removed completely.
2019-10-15 21:57:58 +02:00
Michał Kępień
646fcb733e Update Windows-specific documentation
Bring the files describing Windows-specific aspects of building and
installing BIND up to date.  Remove the parts which are either outdated
(e.g. 32-bit build instructions), already included elsewhere (e.g. the
list of Windows systems BIND is known to run on), or inconvenient to
keep up to date in the long run (e.g. ARM chapter numbers).
2019-09-26 15:11:15 +02:00
Michał Kępień
0476e8f1ac Make VS solution upgrading unnecessary
Until now, the build process for BIND on Windows involved upgrading the
solution file to the version of Visual Studio used on the build host.
Unfortunately, the executable used for that (devenv.exe) is not part of
Visual Studio Build Tools and thus there is no clean way to make that
executable part of a Windows Server container.

Luckily, the solution upgrade process boils down to just adding XML tags
to Visual Studio project files and modifying certain XML attributes - in
files which we pregenerate anyway using win32utils/Configure.  Thus,
extend win32utils/Configure with three new command line parameters that
enable it to mimic what "devenv.exe bind9.sln /upgrade" does.  This
makes the devenv.exe build step redundant and thus facilitates building
BIND in Windows Server containers.
2019-09-26 15:11:15 +02:00
Michał Kępień
1d5259b0a0 Enable building dnssec-cds.exe
Build configuration for the dnssec-cds Visual Studio project is absent
from the solution file template, which means the solution needs to be
upgraded using "devenv bind9.sln /upgrade" in order for the dnssec-cds
project to be built.  Add the build configuration for dnssec-cds to the
solution file template so that upgrading the solution is not necessary
for building that project.
2019-09-26 15:11:15 +02:00
Michał Kępień
de1859422e Add missing nsupdate dependency on libirs
When commit 8eb88aafee removed liblwres,
it also modified nsupdate to use libirs instead of liblwres, but the
Visual Studio project files were not updated to reflect that change.
Make sure the nsupdate Visual Studio project depends on the libirs
project to prevent compilation issues during parallel builds.
2019-09-26 15:11:15 +02:00
Ondřej Surý
4b44351e65 The BIND 9 libraries are now internal-only, so remove isc-config.sh
The isc-config.sh script was introduced before pkg-config as is a purely
historical thing.  There are two reason for removal of isc-config.sh scripts:

a) The BIND 9 libraries are now meant to be used only from BIND 9, so there's no
   reason to provide convenience script to link with the libraries.

b) Even if that was not the case, we should and would replace the isc-config.sh
   with respective pkg-config (.pc) file for every library.
2019-07-31 10:45:18 +02:00
Witold Kręcicki
afa81ee4e4 Remove all cookie algorithms but AES, which was used as a default, for legacy purposes. 2019-07-21 10:08:14 -04:00
Thomas Jach
9ba3e3f1b5 convert geoip to geoip2 in win32utils/Configure 2019-07-04 08:58:26 -07:00
Mark Andrews
fbd9c5c97f make PKCS11_TEST unix only 2019-06-04 03:45:41 -04:00
Ondřej Surý
4d2d3b49ce Cleanup the way we detect json-c library to use only pkg-config 2019-05-29 15:08:52 +02:00
Ondřej Surý
1877139a32 Simple text files with docs on build or design don't really need copyright on their own 2019-04-18 08:52:00 +02:00
Mark Andrews
442421906b remove '..\\bin\\tests\\system\\dlz\\prereq.sh' from win32util/Configure 2019-03-05 17:11:20 +11:00
Mark Andrews
c3dd8bb9f0 add util/check-win32util-configure to precheck 2019-03-05 17:11:20 +11:00
Evan Hunt
1bc0ab5217 complete the set of tools available in windows tests
- dnssec-cds wasn't being built for windows
- nsec3hash was available, but the NSEC3HASH variable wasn't
  set in conf.sh.win32
2019-01-25 00:44:11 -08:00
Evan Hunt
b9c9f2593a remove --disable-rpz-nsip and --disable-rpz-nsdname from configure 2019-01-24 11:32:44 -08:00
Evan Hunt
81f58e2ea2 enable modules to store data in qctx
- added a 'hookdata' array to qctx to store pointers to up to
  16 blobs of data which are allocated by modules as needed.
  each module is assigned an ID number as it's loaded, and this
  is the index into the hook data array. this is to be used for
  holding persistent state between calls to a hook module for a
  specific query.
- instead of using qctx->filter_aaaa, we now use qctx->hookdata.
  (this was the last piece of filter-aaaa specific code outside the
  module.)
- added hook points for qctx initialization and destruction. we get
  a filter-aaaa data pointer from the mempool when initializing and
  store it in the qctx->hookdata table; return to to the mempool
  when destroying the qctx.
- link the view to the qctx so that detaching the client doesn't cause
  hooks to fail
- added a qctx_destroy() function which must be called after qctx_init;
  this calls the QCTX_DESTROY hook and detaches the view
- general cleanup and comments
2018-12-06 10:29:11 -08:00
Ondřej Surý
14fa99e3b4 Add OpenSSL 1.1.0+ defines for Windows build 2018-11-16 14:41:05 +01:00
Ondřej Surý
f95e4593ed Remove isc-hmac-fixup.exe remains from win32util/Configure 2018-11-09 01:48:52 +07:00
Ondřej Surý
d6c50674bb Remove last traces of DSA and NSEC3DSA algorithm, but restore the algnumber -> name mapping 2018-10-26 11:50:11 +02:00
Ondřej Surý
6aae193ded Disable FIPS mode on Windows 2018-10-25 14:47:44 -04:00
Ondřej Surý
7716bdd400 Remove dummy PATH_RANDOMDEV and CHECK_DSA defines 2018-09-07 12:17:40 +02:00