.gitignore

@@ -21,6 +21,20 @@ Makefile.in
 /m4
 /missing
 
+# configure
+Makefile
+/config.h
+/config.log
+/config.status
+/libtool
+.deps/
+/stamp-h1
+
+# make
+.libs/
+*.la
+*.lo
+
 # Eclipse
 .project
 .cproject

AUTHORS

@@ -3,8 +3,10 @@ David Kupka <dkupka@redhat.com>
 Jiri Kuncar <jkuncar@redhat.com>
 Lukas Slebodnik <lslebodn@redhat.com>
 Martin Nagy <mnagy@redhat.com>
+Petr Mensik <pemensik@redhat.com>
 Petr Spacek <pspacek@redhat.com>
 Simo Sorce <ssorce@redhat.com>
 Stephen Gallagher <sgallagh@redhat.com>
 Tomas Babej <tbabej@redhat.com>
+Tomas Krizek <tkrizek@redhat.com>
 Zoran Pericic <zpericic@inet.hr>

README.md

-1. Introduction
-===============
+# 1. Introduction
 The dynamic LDAP back-end is a plug-in for BIND that provides an LDAP
 database back-end capabilities. It requires dyndb interface which is present
 in BIND versions >= 9.11.0rc1.
 
 
-2. Features
-===========
+# 2. Features
 
 * support for dynamic updates
 * SASL authentication
@@ -16,14 +14,15 @@ in BIND versions >= 9.11.0rc1.
 * DNSSEC in-line signing is supported, including dynamic updates
 
 
-3. Installation
-===============
+# 3. Installation
 
 To install the LDAP back-end, extract the tarball and go to the unpacked
 directory. Then follow these steps:
 
+```console
 $ ./configure --libdir=<libdir>
 $ make
+```
 
 Where `<libdir>` is a directory where your libdns is installed. This is
 typically going to be `/usr/lib` or `/usr/lib64` on 64 bit systems.
@@ -32,29 +31,34 @@ If configure script complains that it `Can't obtain libdns version`,
 please verify you have installed bind development files (package bind9-dev
 or bind-devel) and you exported correct CPPFLAGS via
 
+```console
 $ export CPPFLAGS=`isc-config.sh --cflags`
+```
 
 Then, to install, run this as root:
 
+```console
 $ make install
+```
 
 This will install the file `ldap.so` into the `<libdir>/bind/` directory.
 
 Alternatively, the latest version can be obtained from Git repository.
 You can use following commands to prepare latest source tree for compilation:
 
+```console
 $ git clone https://git.fedorahosted.org/git/bind-dyndb-ldap.git
 $ cd bind-dyndb-ldap
 $ autoreconf -fvi
+```
 
-4. LDAP schema
-==============
+# 4. LDAP schema
 
 You can find the complete LDAP schema in the documentation directory. An
 example zone ldif is available in the doc directory.
 
-4.1 Master zone (idnsZone)
---------------------------
+## 4.1 Master zone (idnsZone)
+
 Object class `idnsZone` is equivalent to type `master` statement in `named.conf`.
 
 ### Attributes
@@ -193,8 +197,8 @@ Object class `idnsZone` is equivalent to type `master` statement in `named.conf`
 	Zone without NSEC3PARAM RR will use NSEC by default.
 
 
-4.2 Forward zone (idnsForwardZone)
-----------------------------------
+## 4.2 Forward zone (idnsForwardZone)
+
 Object class `idnsForwardZone` is equivalent to type `forward` statement
 in named.conf.
 
@@ -243,8 +247,8 @@ Unloaded empty zones will not be loaded back even if the forward zone is later
 deleted. The empty zones will be loaded on each BIND reload.
 
 
-4.3 Global configuration object (idnsConfigObject)
---------------------------------------------------
+## 4.3 Global configuration object (idnsConfigObject)
+
 Object class idnsConfigObject provides global configuration common
 for all zones.
 
@@ -261,8 +265,8 @@ for all zones.
 	Syntax is the same as in forward zone, please see previous section.
 
 
-4.4 Per-server configuration object (idnsServerConfigObject)
-------------------------------------------------------------
+## 4.4 Per-server configuration object (idnsServerConfigObject)
+
 Object class idnsConfigObject provides global configuration common
 for all zones. A plugin instance will read configuration
 only from entries with matching idnsServerId.
@@ -296,8 +300,8 @@ only from entries with matching idnsServerId.
 	LIMITATION: Current plugin version supports only `ipalocation` variable
 
 
-4.5 Record template (idnsTemplateObject)
-----------------------------------------
+## 4.5 Record template (idnsTemplateObject)
+
 Object class idnsTemplateObject provides facility for dynamic resource record
 generation. The template entry must contain idnsTemplateAttribute with
 string template.
@@ -333,8 +337,7 @@ by the template string are defined.
 	https://fedorahosted.org/bind-dyndb-ldap/wiki/Design/RecordGenerator
 
 
-5. Configuration
-================
+# 5. Configuration
 
 To configure dynamic loading of back-end, you must put a `dyndb`
 clause into your named.conf. The clause must then be followed by a
@@ -354,12 +357,12 @@ curly brackets. Example:
 		auth_method "none";
 	};
 
-5.1 Configuration options
--------------------------
+## 5.1 Configuration options
+
 List of configuration options follows:
 
-5.1.1 LDAP connection
----------------------
+### 5.1.1 LDAP connection
+
 * uri
 
 	The Uniform Resource Identifier pointing to the LDAP server we
@@ -451,8 +454,8 @@ List of configuration options follows:
 	`/bin/hostname` output.
 
 
-5.1.2 Special DNS features
---------------------------
+### 5.1.2 Special DNS features
+
 * fake_mname
 
 	Ignore value of the idnsSOAmName (primary master DNS name) attribute
@@ -460,6 +463,18 @@ List of configuration options follows:
 	one LDAP database and every BIND reports itself as a primary master in
 	SOA record, for example.
 
+	NOTE: for idnsSOAmName value following priority list shows where
+	override can come from:
+
+        - fake_mname value in the server configuration in named.conf
+        - Server configuration from LDAP (idnsServerConfig)
+        - Zone configuration from LDAP
+
+	Thus, if server is supposed to respond with a different primary master
+	DNS name depending on a zone, remove 'fake_mname' from the named.conf
+	and idnsSOAmName attribute value from the server configuration in LDAP
+        and define it per-zone in LDAP.
+
 * sync_ptr (default no)
 
 	Set this option to `yes` if you would like to keep PTR record 
@@ -476,8 +491,8 @@ List of configuration options follows:
 	by idnsAllowDynUpdate attribute.
 
 
-5.1.3 Plumbing
---------------
+### 5.1.3 Plumbing
+
 * verbose_checks (default no)
 
 	Set this option to `yes` if you would like to log all failures
@@ -495,8 +510,8 @@ List of configuration options follows:
 	The path is relative to `directory` specified in BIND options.
 	See section 6 (DNSSEC) for examples.
 
-5.2 Sample configuration
-------------------------
+### 5.2 Sample configuration
+
 Let's take a look at a sample configuration:
 
 	options {
@@ -521,24 +536,24 @@ Working directory for the plug-in will be `/var/named/dyndb-ldap/my_db_name/`,
 so hypothetical zone `example.com` will use sub-directory
 `/var/named/dyndb-ldap/my_db_name/master/example.com/`.
 
-5.3 Configuration in LDAP
--------------------------
+### 5.3 Configuration in LDAP
+
 Some options can be configured in LDAP as `idnsConfigObject` attributes.
 Value configured in LDAP has priority over value in configuration file.
 (This behavior will change in future versions!)
 
 Following options are supported (option = attribute equivalent):
-option     | LDAP attribute
------------| --------------
-forwarders | idnsForwarders (BIND native option)
-forward    | idnsForwardPolicy (BIND native option)
-sync_ptr   | idnsAllowSyncPTR
+
+| option       | LDAP attribute                           |
+| ------------ | ---------------------------------------- |
+| `forwarders` | `idnsForwarders` (BIND native option)    |
+| `forward`    | `idnsForwardPolicy` (BIND native option) |
+| `sync_ptr`   | `idnsAllowSyncPTR`                       |
 
 Forward policy option cannot be set without setting forwarders at the same time.
 
 
-6. DNSSEC support
-=================
+# 6. DNSSEC support
 
 In-line signing support in this plugin allows to use this BIND feature
 for zones in LDAP.
@@ -557,6 +572,7 @@ Key management has to be handled by user, i.e. user has to
 generate/delete keys and configure key timestamps as appropriate.
 
 Key directory for particular DNS zone is automatically configured to value:
+
     <plugin-instance-dir>/master/<zone-name>/keys
 
 `<plugin-instance-dir>` is described in section 5.1.3 of this file.
@@ -564,6 +580,7 @@ Key directory for particular DNS zone is automatically configured to value:
 trailing period.
 
 Zone name will be automatically transformed before usage:
+
 - root zone is translated to `@` to prevent collision with filesystem `.`
 - digits, hyphen and underscore are left intact
 - letters of English alphabet are downcased
@@ -571,21 +588,23 @@ Zone name will be automatically transformed before usage:
 - final dot is omited
 - labels are separated with `.`
 
-Example:
+## Example
+
 * BIND directory: `/var/named`
 * bind-dyndb-ldap directory: `dyndb-ldap`
 * LDAP instance name: `ipa`
 * DNS zone: `example.com.`
 * Resulting keys directory: `/var/named/dyndb-ldap/ipa/master/example.com/keys`
 
+### Character encoding
+
 * DNS zone: `TEST.0/1.a.`
 * Resulting keys directory: `/var/named/dyndb-ldap/ipa/master/test.0%2F1.a/keys`
 
-Make sure that keys directory and files is readable by user used for BIND.
+*Make sure that keys directory and files is readable by user used for BIND.*
 
 
-7. License
-==========
+# 7. License
 
 This package is licensed under the GNU General Public License, version 2
 only. See file COPYING for more information.

configure.ac

 AC_PREREQ([2.59])
-AC_INIT([bind-dyndb-ldap], [11.1], [freeipa-devel@redhat.com])
+AC_INIT([bind-dyndb-ldap], [11.2], [freeipa-devel@redhat.com])
 
 AM_INIT_AUTOMAKE([-Wall foreign dist-bzip2])
 

contrib/bind-dyndb-ldap.spec

 %define VERSION %{version}
 
+%define bind_version 32:9.11.11-1
+
 Name:           bind-dyndb-ldap
-Version:        11.1
+Version:        11.2
 Release:        0%{?dist}
 Summary:        LDAP back-end plug-in for BIND
 
 Group:          System Environment/Libraries
 License:        GPLv2+
-URL:            https://fedorahosted.org/bind-dyndb-ldap
-Source0:        https://fedorahosted.org/released/%{name}/%{name}-%{VERSION}.tar.bz2
+URL:            https://releases.pagure.org/bind-dyndb-ldap
+Source0:        https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2
+Source1:        https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2.asc
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
-BuildRequires:  bind-devel >= 32:9.11.0-6.P2, bind-lite-devel >= 32:9.11.0-6.P2
+BuildRequires:  bind-devel >= %{bind_version}, bind-lite-devel >= %{bind_version}
 BuildRequires:  krb5-devel
 BuildRequires:  openldap-devel
 BuildRequires:  libuuid-devel
 BuildRequires:  automake, autoconf, libtool
 
-Requires:       bind >= 32:9.11.0-6.P2
+Requires:       bind >= %{bind_version}
 
 %description
 This package provides an LDAP back-end plug-in for BIND. It features
@@ -29,6 +32,7 @@ off of your LDAP server.
 %setup -q -n %{name}-%{VERSION}
 
 %build
+autoreconf -fiv
 %configure
 make %{?_smp_mflags}
 
@@ -43,6 +47,15 @@ rm %{buildroot}%{_libdir}/bind/ldap.la
 rm -r %{buildroot}%{_datadir}/doc/%{name}
 
 %post
+# SELinux boolean named_write_master_zones has to be enabled
+# otherwise the plugin will not be able to write to /var/named.
+# This scriptlet enables the boolean after installation or upgrade.
+# SELinux is sensitive area so I want to inform user about the change.
+if [ -x "/usr/sbin/setsebool" ] ; then
+        echo "Enabling SELinux boolean named_write_master_zones"
+        /usr/sbin/setsebool -P named_write_master_zones=1 || :
+fi
+
 # Transform named.conf if it still has old-style API.
 PLATFORM=$(uname -m)
 
@@ -65,7 +78,7 @@ do
 done <<EOF
 /^\s*dynamic-db/,/};/ {
 
-  s/\(\s*\)arg\s\+\(["']\)\([a-Z_]\+\s\)/\1\3\2/g;
+  s/\(\s*\)arg\s\+\(["']\)\([a-zA-Z_]\+\s\)/\1\3\2/g;
 
   s/^dynamic-db/dyndb/;
 
@@ -83,18 +96,39 @@ EOF
 sed -i.bak -e "$SEDSCRIPT" /etc/named.conf
 
 
+# This scriptlet disables the boolean after uninstallation.
+%postun
+if [ "0$1" -eq "0" ] && [ -x "/usr/sbin/setsebool" ] ; then
+        echo "Disabling SELinux boolean named_write_master_zones"
+        /usr/sbin/setsebool -P named_write_master_zones=0 || :
+fi
+
+
 %clean
 rm -rf %{buildroot}
 
 
 %files
 %defattr(-,root,root,-)
-%doc NEWS README COPYING doc/{example,schema}.ldif
+%doc NEWS README.md COPYING doc/{example,schema}.ldif
 %dir %attr(770, root, named) %{_localstatedir}/named/dyndb-ldap
 %{_libdir}/bind/ldap.so
 
 
 %changelog
+* Tue Nov 05 2019 Alexander Bokovoy <abokovoy@redhat.com>
+- Bump BIND version
+
+* Tue Jun 27 2017 Tomas Krizek <tkrizek@redhat.com>
+- Bump BIND version
+
+* Fri Apr 07 2017 Tomas Krizek <tkrizek@redhat.com>
+- Removed unnecessary bind-pkcs11 dependency
+
+* Mon Mar 13 2017 Tomas Krizek <tkrizek@redhat.com>
+- Fixed sed script regex error
+- Re-synced specfile with fedora
+
 * Thu Jan 26 2017 Tomas Krizek <tkrizek@redhat.com>
 - Added named.conf API transofrmation script
 - Bumped the required BIND version to 9.11.0-6.P2

releng/README

@@ -21,13 +21,8 @@ bumpver.py
 Increments version number in configure.ac and SPEC file and creates a signed
 tag for current release.
 
-tracvers.py
-~~~~~~~~~~~
-Creates Trac version for each Git tag.
-
 
 Auxiliary scripts
 -----------------
 These scripts are not intended for usage from command line:
 - srcversion.py
-- trac.py

releng/trac.py

-#!/usr/bin/env python3
-#
-# Copyright (C) 2014  bind-dyndb-ldap authors; see COPYING for license
-#
-
-import logging
-import os
-import re
-import json
-import xmlrpc.client
-
-log = logging.getLogger('trac')
-
-class Trac():
-    def __init__(self, protocol, url, username, passwd):
-        self.baseurl = '%s://%s' % (protocol, url)
-        loginurl = '%s://%s:%s@%s/login/xmlrpc' % (protocol, username, passwd, url)
-        self.api = xmlrpc.client.ServerProxy(loginurl)
-    
-    def match_ticket_url(self, line):
-        return re.match("^ +%s/ticket/([0-9]+) *$" % self.baseurl, line)
-
-    def get_ticket_attrs(self, ticketid):
-        ticket = self.api.ticket.get(ticketid)
-        assert str(ticket[0]) == str(ticketid)
-        return ticket[3]
-
-def trac_autoconf():
-    """
-    Configuration file format is:
-    {"protocol": "https",
-     "url": "fedorahosted.org/bind-dyndb-ldap",
-     "username": "FedoraUserName",
-     "passwd": "FedoraPassword"}
-    """
-    config = json.load(open(os.path.expanduser('~/.trac')))
-    return Trac(**config)
-
-if __name__ == "__main__":
-    t = trac_autoconf()
-    logging.basicConfig(level=logging.DEBUG)
-    log.debug(t.api)

releng/tracvers.py

-#!/usr/bin/env python3
-#
-# Copyright (C) 2014  bind-dyndb-ldap authors; see COPYING for license
-#
-
-"""
-Create Trac version for each Git tag.
-"""
-
-from datetime import datetime
-import logging
-from subprocess import check_output, check_call
-
-from trac import trac_autoconf
-
-logging.basicConfig(level=logging.DEBUG)
-log = logging.getLogger('tracver')
-
-tr = trac_autoconf()
-
-# version in Trac has format '1.2'
-trac_versions = set()
-for ver in tr.api.ticket.version.getAll():
-    trac_versions.add("v%s" % ver)
-log.debug('Trac versions: %s', trac_versions)
-
-# version in Git is tag named like 'v1.2'
-git_versions = set()
-for tag in check_output(['git','tag']).decode('ascii').strip().split('\n'):
-    # these are sins of young developers
-    if tag == 'v0.1.0-b' or tag == 'v0.1.0-a1':
-        tag = tag.translate({ord('-'): None})
-    git_versions.add(tag)
-log.debug('Git versions: %s', git_versions)
-
-new_versions = git_versions - trac_versions
-log.debug('New versions missing in Trac: %s', new_versions)
-
-# add new versions to Trac
-for tag in new_versions:
-    time = check_output(['git', 'log', '--format=format:%ai', '%s~1..%s'
-        % (tag, tag)]).decode('ascii').strip()
-    time = datetime.strptime(time, "%Y-%m-%d %H:%M:%S %z")
-    version = tag[1:]
-    log.info('Adding version %s with timestamp %s', version, time)
-    tr.api.ticket.version.create(version, {'time': time, 'description': ''})
-

src/acl.c

@@ -67,7 +67,7 @@ const enum_txt_assoc_t acl_type_txts[] = {
 	} while (0)
 
 static isc_result_t ATTR_NONNULLS ATTR_CHECKRESULT
-get_mode(const cfg_obj_t *obj, isc_boolean_t *value)
+get_mode(const cfg_obj_t *obj, bool *value)
 {
 	const char *str;
 
@@ -82,8 +82,8 @@ get_mode(const cfg_obj_t *obj, isc_boolean_t *value)
 	}
 	str = cfg_obj_asstring(obj);
 
-	MATCH("grant", ISC_TRUE);
-	MATCH("deny", ISC_FALSE);
+	MATCH("grant", true);
+	MATCH("deny", false);
 
 	log_bug("unsupported ACL mode '%s'", str);
 	return ISC_R_NOTIMPLEMENTED;
@@ -175,7 +175,7 @@ get_fixed_name(const cfg_obj_t *obj, const char *name, dns_fixedname_t *fname)
 	dns_fixedname_init(fname);
 
 	result = dns_name_fromtext(dns_fixedname_name(fname), &buf,
-				   dns_rootname, ISC_FALSE, NULL);
+				   dns_rootname, false, NULL);
 	if (result != ISC_R_SUCCESS)
 		log_error("'%s' is not a valid name", str);
 
@@ -296,7 +296,7 @@ acl_configure_zone_ssutable(const char *policy_str, dns_zone_t *zone)
 
 	for (el = cfg_list_first(policy); el != NULL; el = cfg_list_next(el)) {
 		const cfg_obj_t *stmt;
-		isc_boolean_t grant;
+		bool grant;
 		unsigned int match_type;
 		dns_fixedname_t fname, fident;
 		dns_rdatatype_t *types;

src/bindcfg.c

@@ -6,6 +6,7 @@
 
 #include "config.h"
 
+#include <isc/util.h>
 #include <isccfg/grammar.h>
 #include <isccfg/namedconf.h>
 

src/empty_zones.c

@@ -153,7 +153,7 @@ empty_zone_search_next(empty_zone_search_t *iter) {
 	int order;
 	unsigned int nlabels;
 	dns_zone_t *zone = NULL;
-	isc_boolean_t isempty;
+	bool isempty;
 
 	REQUIRE(iter != NULL);
 	REQUIRE(iter->nextidx < sizeof(empty_zones));
@@ -184,12 +184,12 @@ empty_zone_search_next(empty_zone_search_t *iter) {
 				isempty = zone_isempty(zone);
 			else if (result == DNS_R_PARTIALMATCH
 				 || result == ISC_R_NOTFOUND)
-				isempty = ISC_FALSE;
+				isempty = false;
 			else
 				goto cleanup;
 			if (zone != NULL)
 				dns_zone_detach(&zone);
-			if (isempty == ISC_FALSE)
+			if (isempty == false)
 				continue;
 			++iter->nextidx;
 			CLEANUP_WITH(ISC_R_SUCCESS);
@@ -299,10 +299,10 @@ cleanup:
  */
 isc_result_t
 empty_zone_handle_conflicts(dns_name_t *name, dns_zt_t *zonetable,
-			    isc_boolean_t warn_only)
+			    bool warn_only)
 {
 	isc_result_t result;
-	isc_boolean_t first = ISC_TRUE;
+	bool first = true;
 	empty_zone_search_t eziter = {}; /* init with zeroes */
 	char name_char[DNS_NAME_FORMATSIZE];
 	char ezname_char[DNS_NAME_FORMATSIZE];
@@ -312,7 +312,7 @@ empty_zone_handle_conflicts(dns_name_t *name, dns_zt_t *zonetable,
 	     result = empty_zone_search_next(&eziter))
 	{
 		dns_name_format(name, name_char, DNS_NAME_FORMATSIZE);
-		if (warn_only == ISC_TRUE) {
+		if (warn_only == true) {
 			dns_name_format(&eziter.ezname, ezname_char,
 					DNS_NAME_FORMATSIZE);
 			log_warn("ignoring inherited 'forward first;' for zone "
@@ -325,10 +325,10 @@ empty_zone_handle_conflicts(dns_name_t *name, dns_zt_t *zonetable,
 		/* Shutdown automatic empty zone if it is present. */
 		result = empty_zone_unload(&eziter.ezname, zonetable);
 		if (result == ISC_R_SUCCESS) {
-			if (first == ISC_TRUE) {
+			if (first == true) {
 				log_info("shutting down automatic empty zones to "
 					 "enable forwarding for domain '%s'", name_char);
-				first = ISC_FALSE;
+				first = false;
 			}
 		} else if (result == DNS_R_DISALLOWED) {
 			/* A normal (non-empty) zone exists:

src/empty_zones.h

@@ -26,7 +26,7 @@ empty_zone_search_init(empty_zone_search_t *iter, dns_name_t *qname,
 
 isc_result_t
 empty_zone_handle_conflicts(dns_name_t *name, dns_zt_t *zonetable,
-			    isc_boolean_t warn_only) ATTR_NONNULLS ATTR_CHECKRESULT;
+			    bool warn_only) ATTR_NONNULLS ATTR_CHECKRESULT;
 
 /* Trigger to execute empty_zone_handle_conflicts() for dns_rootname. */
 #define LDAPDB_EVENT_GLOBALFWD_HANDLEEZ	(LDAPDB_EVENTCLASS + 5)
@@ -34,7 +34,7 @@ empty_zone_handle_conflicts(dns_name_t *name, dns_zt_t *zonetable,
 typedef struct ldap_globalfwd_handleez ldap_globalfwd_handleez_t;
 struct ldap_globalfwd_handleez {
 	ISC_EVENT_COMMON(ldap_globalfwd_handleez_t);
-	isc_boolean_t warn_only;
+	bool warn_only;
 };
 
 void

src/fwd.c

@@ -306,15 +306,15 @@ fwdr_list_free(isc_mem_t *mctx, dns_forwarderlist_t *fwdrs) {
  * a) policy = none
  * b) (policy != none) && (non-empty list of forwarders)
  *
- * @param[out] isexplicit ISC_TRUE if conditions for explicit configuration
- *                        are met, ISC_FALSE otherwise
+ * @param[out] isexplicit true if conditions for explicit configuration
+ *                        are met, false otherwise
  *
  * @retval ISC_R_SUCCESS isexplicit is set appropriately
  * @retval other         memory allocation or parsing errors etc.
  */
 static isc_result_t
 fwd_setting_isexplicit(isc_mem_t *mctx, const settings_set_t *set,
-		       isc_boolean_t *isexplicit) {
+		       bool *isexplicit) {
 	isc_result_t result;
 	setting_t *setting = NULL;
 	dns_fwdpolicy_t	fwdpolicy;
@@ -323,16 +323,16 @@ fwd_setting_isexplicit(isc_mem_t *mctx, const settings_set_t *set,
 	REQUIRE(isexplicit != NULL);
 	ISC_LIST_INIT(fwdrs);
 
-	CHECK(setting_find("forward_policy", set, ISC_FALSE, ISC_TRUE, &setting));
+	CHECK(setting_find("forward_policy", set, false, true, &setting));
 	INSIST(get_enum_value(forwarder_policy_txts, setting->value.value_char,
 			      (int *)&fwdpolicy) == ISC_R_SUCCESS);
 	if (fwdpolicy == dns_fwdpolicy_none) {
-		*isexplicit = ISC_TRUE;
+		*isexplicit = true;
 		return ISC_R_SUCCESS;
 	}
 
 	setting = NULL;
-	CHECK(setting_find("forwarders", set, ISC_FALSE, ISC_TRUE, &setting));
+	CHECK(setting_find("forwarders", set, false, true, &setting));
 	CHECK(fwd_parse_str(setting->value.value_char, mctx, &fwdrs));
 
 cleanup:
@@ -354,7 +354,7 @@ static isc_result_t
 fwd_setting_find_explicit(isc_mem_t *mctx, const settings_set_t *start_set,
 			  const settings_set_t **found) {
 	isc_result_t result;
-	isc_boolean_t isexplicit;
+	bool isexplicit;
 
 	REQUIRE(found != NULL && *found == NULL);
 
@@ -363,7 +363,7 @@ fwd_setting_find_explicit(isc_mem_t *mctx, const settings_set_t *start_set,
 	     set = set->parent_set)
 	{
 		CHECK(fwd_setting_isexplicit(mctx, set, &isexplicit));
-		if (isexplicit == ISC_TRUE) {
+		if (isexplicit == true) {
 			*found = set;
 			CLEANUP_WITH(ISC_R_SUCCESS);
 		}
@@ -434,7 +434,7 @@ fwd_parse_ldap(ldap_entry_t *entry, settings_set_t *set) {
 	first = result;
 	if (result != ISC_R_SUCCESS && result != ISC_R_IGNORE)
 		goto cleanup;
-	result = setting_find("forward_policy", set, ISC_FALSE, ISC_TRUE, NULL);
+	result = setting_find("forward_policy", set, false, true, NULL);
 	if (result == ISC_R_NOTFOUND) {
 		log_debug(2, "defaulting to forward policy 'first' for "
 			  "%s", ldap_entry_logname(entry));
@@ -501,7 +501,7 @@ fwd_configure_zone(const settings_set_t *set, ldap_instance_t *inst,
 	dns_view_t *view = NULL;
 	isc_result_t lock_state = ISC_R_IGNORE;
 	dns_forwarderlist_t fwdrs;
-	isc_boolean_t is_global_config;
+	bool is_global_config;
 	dns_fixedname_t foundname;
 	const char *msg_use_global_fwds;
 	const char *msg_obj_type;
@@ -513,7 +513,7 @@ fwd_configure_zone(const settings_set_t *set, ldap_instance_t *inst,
 	dns_fwdpolicy_t fwdpolicy;
 	const char *fwdpolicy_str = NULL;
 	const char *forwarders_str = NULL;
-	isc_boolean_t isconfigured;
+	bool isconfigured;
 	const settings_set_t *explicit_set = NULL;
 
 	REQUIRE(inst != NULL && name != NULL);
@@ -524,11 +524,11 @@ fwd_configure_zone(const settings_set_t *set, ldap_instance_t *inst,
 	ISC_LIST_INIT(fwdrs);
 
 	if (dns_name_equal(name, dns_rootname)) {
-		is_global_config = ISC_TRUE;
+		is_global_config = true;
 		msg_obj_type = "global forwarding configuration";
 		msg_use_global_fwds = "; global forwarders will be disabled";
 	} else {
-		is_global_config = ISC_FALSE;
+		is_global_config = false;
 		msg_obj_type = "zone";
 		msg_use_global_fwds = "; global forwarders will be used "
 				      "(if they are configured)";
@@ -541,10 +541,10 @@ fwd_configure_zone(const settings_set_t *set, ldap_instance_t *inst,
 	 * For all other zones (non-root) zones *do not* use recursive getter
 	 * and let BIND to handle inheritance in fwdtable itself. */
 	CHECK(fwd_setting_isexplicit(mctx, set, &isconfigured));
-	if (isconfigured == ISC_FALSE && is_global_config == ISC_TRUE) {
+	if (isconfigured == false && is_global_config == true) {
 		result = fwd_setting_find_explicit(mctx, set, &explicit_set);
 		if (result == ISC_R_SUCCESS) {
-			isconfigured = ISC_TRUE;
+			isconfigured = true;
 			if (set != explicit_set) {
 				log_debug(5, "%s was inherited from %s",
 					  msg_obj_type, explicit_set->name);
@@ -554,7 +554,7 @@ fwd_configure_zone(const settings_set_t *set, ldap_instance_t *inst,
 			goto cleanup;
 	}
 
-	if (isconfigured == ISC_TRUE) {
+	if (isconfigured == true) {
 		CHECK(setting_get_str("forward_policy", set, &fwdpolicy_str));
 		result = get_enum_value(forwarder_policy_txts,
 					fwdpolicy_str, (int *)&fwdpolicy);
@@ -578,7 +578,7 @@ fwd_configure_zone(const settings_set_t *set, ldap_instance_t *inst,
 	/* update forwarding table */
 	run_exclusive_enter(inst, &lock_state);
 	CHECK(fwd_delete_table(view, name, msg_obj_type, set->name));
-	if (isconfigured == ISC_TRUE) {
+	if (isconfigured == true) {
 		CHECK(dns_fwdtable_addfwd(view->fwdtable, name, &fwdrs,
 					  fwdpolicy));
 	}
@@ -590,7 +590,7 @@ fwd_configure_zone(const settings_set_t *set, ldap_instance_t *inst,
 		  dns_result_totext(result));
 
 	/* Handle collisions with automatic empty zones. */
-	if (isconfigured == ISC_TRUE)
+	if (isconfigured == true)
 		CHECK(empty_zone_handle_conflicts(name,
 						  view->zonetable,
 						  (fwdpolicy == dns_fwdpolicy_first)));
@@ -632,7 +632,7 @@ isc_result_t
 fwd_reconfig_global(ldap_instance_t *inst) {
 	isc_result_t result;
 	settings_set_t *toplevel_settings = NULL;
-	isc_boolean_t root_zone_is_active = ISC_FALSE;
+	bool root_zone_is_active = false;
 
 	/* we have to respect forwarding configuration for root zone */
 	result = zr_get_zone_settings(ldap_instance_getzr(inst), dns_rootname,
@@ -644,7 +644,7 @@ fwd_reconfig_global(ldap_instance_t *inst) {
 	else if (result != ISC_R_NOTFOUND)
 		goto cleanup;
 
-	if (root_zone_is_active == ISC_FALSE)
+	if (root_zone_is_active == false)
 		toplevel_settings = ldap_instance_getsettings_server(inst);
 
 	CHECK(fwd_configure_zone(toplevel_settings, inst, dns_rootname));

src/fwd_register.c

@@ -3,6 +3,7 @@
  */
 
 #include <isc/rwlock.h>
+#include <isc/util.h>
 #include <dns/name.h>
 
 #include "rbt_helper.h"
@@ -100,7 +101,7 @@ fwdr_del_zone(fwd_register_t *fwdr, dns_name_t *name)
 
 	RWLOCK(&fwdr->rwlock, isc_rwlocktype_write);
 
-	CHECK(dns_rbt_deletename(fwdr->rbt, name, ISC_FALSE));
+	CHECK(dns_rbt_deletename(fwdr->rbt, name, false));
 
 cleanup:
 	RWUNLOCK(&fwdr->rwlock, isc_rwlocktype_write);

src/krb5_helper.c

@@ -65,8 +65,8 @@ check_credentials(krb5_context context,
 
 	krberr = krb5_timeofday(context, &now);
 	CHECK_KRB5(context, krberr, "Failed to get timeofday");
-	log_debug(2, "krb5_timeofday() = %u ; creds.times.endtime = %u",
-		  now, creds.times.endtime);
+	log_debug(2, "krb5_timeofday() = %ld ; creds.times.endtime = %ld",
+		  (long) now, (long) creds.times.endtime);
 
 	if (now > (creds.times.endtime - MIN_TIME)) {
 		log_debug(2, "Credentials in cache expired");

src/ldap_convert.c

@@ -34,7 +34,7 @@
  * @param[out] target Absolute DNS name derived from the first two idnsNames.
  * @param[out] origin Absolute DNS name derived from the last idnsName
  *                    component of DN, i.e. zone. Can be NULL.
- * @param[out] iszone ISC_TRUE if DN points to zone object, ISC_FALSE otherwise.
+ * @param[out] iszone true if DN points to zone object, false otherwise.
  *
  * @code
  * Examples:
@@ -53,7 +53,7 @@
  */
 isc_result_t
 dn_to_dnsname(isc_mem_t *mctx, const char *dn_str, dns_name_t *target,
-	      dns_name_t *otarget, isc_boolean_t *iszone)
+	      dns_name_t *otarget, bool *iszone)
 {
 	LDAPDN dn = NULL;
 	LDAPRDN rdn = NULL;
@@ -130,20 +130,20 @@ dn_to_dnsname(isc_mem_t *mctx, const char *dn_str, dns_name_t *target,
 		CLEANUP_WITH(ISC_R_UNEXPECTEDEND);
 	} else if (idx == 1) { /* zone only */
 		if (iszone != NULL)
-			*iszone = ISC_TRUE;
+			*iszone = true;
 		CHECK(dns_name_copy(dns_rootname, &origin, NULL));
 		CHECK(dns_name_fromtext(&name, &name_buf, dns_rootname, 0, NULL));
 	} else if (idx == 2) { /* owner and zone */
 		if (iszone != NULL)
-			*iszone = ISC_FALSE;
+			*iszone = false;
 		CHECK(dns_name_fromtext(&origin, &origin_buf, dns_rootname, 0,
 					NULL));
 		CHECK(dns_name_fromtext(&name, &name_buf, &origin, 0, NULL));
-		if (dns_name_issubdomain(&name, &origin) == ISC_FALSE) {
+		if (dns_name_issubdomain(&name, &origin) == false) {
 			log_error("out-of-zone data: first idnsName is not a "
 				  "subdomain of the other");
 			CLEANUP_WITH(DNS_R_BADOWNERNAME);
-		} else if (dns_name_equal(&name, &origin) == ISC_TRUE) {
+		} else if (dns_name_equal(&name, &origin) == true) {
 			log_error("attempt to redefine zone apex: first "
 				  "idnsName equals to zone name");
 			CLEANUP_WITH(DNS_R_BADOWNERNAME);
@@ -185,12 +185,12 @@ cleanup:
  * @param[in] prefix      Prefix for error messages, usually a function name.
  * @param[in] dn
  * @param[in] dniszone    Boolean returned by dn_to_dnsname for given DN.
- * @param[in] classiszone ISC_TRUE if DN should be a zone, ISC_FALSE otherwise.
+ * @param[in] classiszone true if DN should be a zone, false otherwise.
  * @retval ISC_R_SUCCESS or ISC_R_UNEXPECTED if values do not match.
  */
 isc_result_t
 dn_want_zone(const char * const prefix, const char * const dn,
-	     isc_boolean_t dniszone, isc_boolean_t classiszone) {
+	     bool dniszone, bool classiszone) {
 	if (dniszone != classiszone) {
 		log_error("%s: object '%s' does%s have a zone object class "
 			  "but DN format suggests that it is%s a zone",
@@ -372,23 +372,40 @@ ldap_attribute_to_rdatatype(const char *ldap_attribute, dns_rdatatype_t *rdtype)
 {
 	isc_result_t result;
 	unsigned len;
+	const char *attribute = NULL;
 	isc_consttextregion_t region;
 
 	len = strlen(ldap_attribute);
 	if (len <= LDAP_RDATATYPE_SUFFIX_LEN)
 		return ISC_R_UNEXPECTEDEND;
 
+
+	/* Before looking up rdtype, we need to see if rdtype is
+	 * an LDAP subtype (type;subtype) and if so, strip one of
+	 * the known prefixes. We also need to remove 'record' suffix
+	 * if it exists. The resulting rdtype text name should have no
+	 * 'extra' details: A, AAAA, CNAME, etc. */
+	attribute = ldap_attribute;
+
+	/* Does attribute name start with with TEMPLATE_PREFIX? */
+	if (strncasecmp(LDAP_RDATATYPE_TEMPLATE_PREFIX,
+			ldap_attribute,
+			LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN) == 0) {
+		attribute = ldap_attribute + LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN;
+		len -= LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN;
+	/* Does attribute name start with with UNKNOWN_PREFIX? */
+	} else if (strncasecmp(LDAP_RDATATYPE_UNKNOWN_PREFIX,
+			       ldap_attribute,
+			       LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN) == 0) {
+		attribute = ldap_attribute + LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN;
+		len -= LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN;
+	}
+
 	/* Does attribute name end with RECORD_SUFFIX? */
-	if (strcasecmp(ldap_attribute + len - LDAP_RDATATYPE_SUFFIX_LEN,
+	if (strcasecmp(attribute + len - LDAP_RDATATYPE_SUFFIX_LEN,
 		       LDAP_RDATATYPE_SUFFIX) == 0) {
-		region.base = ldap_attribute;
+		region.base = attribute;
 		region.length = len - LDAP_RDATATYPE_SUFFIX_LEN;
-	/* Does attribute name start with with UNKNOWN_PREFIX? */
-	} else if (strncasecmp(ldap_attribute,
-			      LDAP_RDATATYPE_UNKNOWN_PREFIX,
-			      LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN) == 0) {
-		region.base = ldap_attribute + LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN;
-		region.length = len - LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN;
 	} else
 		return ISC_R_UNEXPECTED;
 
@@ -406,12 +423,12 @@ ldap_attribute_to_rdatatype(const char *ldap_attribute, dns_rdatatype_t *rdtype)
  * @param[in]  rdtype
  * @param[out] target   Output buffer with \0 terminated attribute name.
  * @param[in]  size     Target size.
- * @param[in]  unknown  ISC_TRUE = use generic syntax "UnknownRecord;TYPE65333",
- *                      ISC_FALSE = use type-specific mnemonic like "ARecord"
+ * @param[in]  unknown  true = use generic syntax "UnknownRecord;TYPE65333",
+ *                      false = use type-specific mnemonic like "ARecord"
  */
 isc_result_t
 rdatatype_to_ldap_attribute(dns_rdatatype_t rdtype, char *target,
-			    unsigned int size, isc_boolean_t unknown)
+			    unsigned int size, bool unknown)
 {
 	isc_result_t result;
 	char rdtype_str[DNS_RDATATYPE_FORMATSIZE];

src/ldap_convert.h

@@ -17,6 +17,8 @@
 #define LDAP_RDATATYPE_SUFFIX_LEN	(sizeof(LDAP_RDATATYPE_SUFFIX) - 1)
 #define LDAP_RDATATYPE_UNKNOWN_PREFIX	"UnknownRecord;"
 #define LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN	(sizeof(LDAP_RDATATYPE_UNKNOWN_PREFIX) - 1)
+#define LDAP_RDATATYPE_TEMPLATE_PREFIX "idnsTemplateAttribute;"
+#define LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN	(sizeof(LDAP_RDATATYPE_TEMPLATE_PREFIX) - 1)
 
 /*
  * Convert LDAP DN 'dn', to dns_name_t 'target'. 'target' needs to be
@@ -26,11 +28,11 @@
  */
 isc_result_t dn_to_dnsname(isc_mem_t *mctx, const char *dn,
 			   dns_name_t *target, dns_name_t *origin,
-			   isc_boolean_t *iszone)
+			   bool *iszone)
 			   ATTR_NONNULL(1, 2, 3) ATTR_CHECKRESULT;
 
 isc_result_t dn_want_zone(const char * const prefix, const char * const dn,
-			  isc_boolean_t dniszone, isc_boolean_t classiszone)
+			  bool dniszone, bool classiszone)
 			  ATTR_NONNULLS ATTR_CHECKRESULT;
 
 isc_result_t dnsname_to_dn(zone_register_t *zr, dns_name_t *name, dns_name_t *zone,
@@ -41,7 +43,7 @@ isc_result_t ldap_attribute_to_rdatatype(const char *ldap_record,
 
 isc_result_t
 rdatatype_to_ldap_attribute(dns_rdatatype_t rdtype, char *target,
-			    unsigned int size, isc_boolean_t unknown)
+			    unsigned int size, bool unknown)
 			    ATTR_NONNULLS ATTR_CHECKRESULT;
 
 isc_result_t

src/ldap_driver.c

@@ -141,7 +141,7 @@ free_ldapdb(ldapdb_t *ldapdb)
 			      dns_masterformat_text);
 	log_info("dump to '%s' finished: %s", str_buf(file_name),
 		 isc_result_totext(result));
-	dns_db_closeversion(ldapdb->rbtdb, &version, ISC_FALSE);
+	dns_db_closeversion(ldapdb->rbtdb, &version, false);
 
 cleanup:
 	if (result != ISC_R_SUCCESS) {
@@ -267,7 +267,7 @@ currentversion(dns_db_t *db, dns_dbversion_t **versionp)
 
 cleanup:
 	if (newversion != NULL)
-		dns_db_closeversion(ldapdb, &newversion, ISC_TRUE);
+		dns_db_closeversion(ldapdb, &newversion, true);
    @endverbatim
  */
 static isc_result_t
@@ -307,7 +307,7 @@ attachversion(dns_db_t *db, dns_dbversion_t *source,
  * @see newversion for related warnings and examples.
  */
 static void
-closeversion(dns_db_t *db, dns_dbversion_t **versionp, isc_boolean_t commit)
+closeversion(dns_db_t *db, dns_dbversion_t **versionp, bool commit)
 {
 	ldapdb_t *ldapdb = (ldapdb_t *)db;
 	dns_dbversion_t *closed_version = *versionp;
@@ -322,7 +322,7 @@ closeversion(dns_db_t *db, dns_dbversion_t **versionp, isc_boolean_t commit)
 }
 
 static isc_result_t
-findnode(dns_db_t *db, dns_name_t *name, isc_boolean_t create,
+findnode(dns_db_t *db, dns_name_t *name, bool create,
 	 dns_dbnode_t **nodep)
 {
 	ldapdb_t *ldapdb = (ldapdb_t *) db;
@@ -467,7 +467,7 @@ cleanup:
 
 static isc_result_t
 node_isempty(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
-	     isc_stdtime_t now, isc_boolean_t *isempty) {
+	     isc_stdtime_t now, bool *isempty) {
 	dns_rdatasetiter_t *rds_iter = NULL;
 	dns_fixedname_t fname;
 	char buff[DNS_NAME_FORMATSIZE];
@@ -479,14 +479,14 @@ node_isempty(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
 
 	result = dns_db_allrdatasets(db, node, version, now, &rds_iter);
 	if (result == ISC_R_NOTFOUND) {
-		*isempty = ISC_TRUE;
+		*isempty = true;
 	} else if (result == ISC_R_SUCCESS) {
 		result = dns_rdatasetiter_first(rds_iter);
 		if (result == ISC_R_NOMORE) {
-			*isempty = ISC_TRUE;
+			*isempty = true;
 			result = ISC_R_SUCCESS;
 		} else if (result == ISC_R_SUCCESS) {
-			*isempty = ISC_FALSE;
+			*isempty = false;
 			result = ISC_R_SUCCESS;
 		} else if (result != ISC_R_SUCCESS) {
 			dns_name_format(dns_fixedname_name(&fname),
@@ -516,7 +516,7 @@ subtractrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
 	dns_fixedname_t fname;
 	dns_name_t *zname = NULL;
 	dns_rdatalist_t *rdlist = NULL;
-	isc_boolean_t empty_node = ISC_FALSE;
+	bool empty_node = false;
 	isc_result_t substract_result;
 	isc_result_t result;
 
@@ -561,7 +561,7 @@ deleterdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
 	ldapdb_t *ldapdb = (ldapdb_t *) db;
 	dns_fixedname_t fname;
 	dns_name_t *zname = NULL;
-	isc_boolean_t empty_node;
+	bool empty_node;
 	isc_result_t result;
 
 	REQUIRE(VALID_LDAPDB(ldapdb));
@@ -580,7 +580,7 @@ deleterdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
 	CHECK(node_isempty(ldapdb->rbtdb, node, version, 0, &empty_node));
 	CHECK(ldapdb_name_fromnode(node, dns_fixedname_name(&fname)));
 
-	if (empty_node == ISC_TRUE) {
+	if (empty_node == true) {
 		CHECK(remove_entry_from_ldap(dns_fixedname_name(&fname), zname,
 					     ldapdb->ldap_inst));
 	} else {
@@ -592,7 +592,7 @@ cleanup:
 	return result;
 }
 
-static isc_boolean_t
+static bool
 issecure(dns_db_t *db)
 {
 	ldapdb_t *ldapdb = (ldapdb_t *) db;
@@ -618,16 +618,16 @@ nodecount(dns_db_t *db)
  *
  * !!! This could be required for optimizations (like on-disk cache).
  */
-static isc_boolean_t
+static bool
 ispersistent(dns_db_t *db)
 {
 	UNUSED(db);
 
-	return ISC_TRUE;
+	return true;
 }
 
 static void
-overmem(dns_db_t *db, isc_boolean_t overmem)
+overmem(dns_db_t *db, bool overmem)
 {
 	ldapdb_t *ldapdb = (ldapdb_t *) db;
 
@@ -669,8 +669,8 @@ transfernode(dns_db_t *db, dns_dbnode_t **sourcep, dns_dbnode_t **targetp)
 
 static isc_result_t
 getnsec3parameters(dns_db_t *db, dns_dbversion_t *version,
-			  dns_hash_t *hash, isc_uint8_t *flags,
-			  isc_uint16_t *iterations,
+			  dns_hash_t *hash, uint8_t *flags,
+			  uint16_t *iterations,
 			  unsigned char *salt, size_t *salt_length)
 {
 	ldapdb_t *ldapdb = (ldapdb_t *) db;
@@ -683,7 +683,7 @@ getnsec3parameters(dns_db_t *db, dns_dbversion_t *version,
 }
 
 static isc_result_t
-findnsec3node(dns_db_t *db, dns_name_t *name, isc_boolean_t create,
+findnsec3node(dns_db_t *db, dns_name_t *name, bool create,
 	      dns_dbnode_t **nodep)
 {
 	ldapdb_t *ldapdb = (ldapdb_t *) db;
@@ -724,7 +724,7 @@ resigned(dns_db_t *db, dns_rdataset_t *rdataset,
 	dns_db_resigned(ldapdb->rbtdb, rdataset, version);
 }
 
-static isc_boolean_t
+static bool
 isdnssec(dns_db_t *db)
 {
 	ldapdb_t *ldapdb = (ldapdb_t *) db;
@@ -766,7 +766,7 @@ rpz_ready(dns_db_t *db)
 
 static isc_result_t
 findnodeext(dns_db_t *db, dns_name_t *name,
-		   isc_boolean_t create, dns_clientinfomethods_t *methods,
+		   bool create, dns_clientinfomethods_t *methods,
 		   dns_clientinfo_t *clientinfo, dns_dbnode_t **nodep)
 {
 	ldapdb_t *ldapdb = (ldapdb_t *) db;
@@ -867,7 +867,8 @@ static dns_dbmethods_t ldapdb_methods = {
 	findext,
 	setcachestats,
 	hashsize,
-	nodefullname
+	nodefullname,
+	NULL, // getsize method not implemented (related BZ1353563)
 };
 
 isc_result_t ATTR_NONNULLS
@@ -949,7 +950,7 @@ ldapdb_create(isc_mem_t *mctx, dns_name_t *name, dns_dbtype_t type,
 {
 	ldapdb_t *ldapdb = NULL;
 	isc_result_t result;
-	isc_boolean_t lock_ready = ISC_FALSE;
+	bool lock_ready = false;
 
 	/* Database instance name. */
 	REQUIRE(type == LDAP_DB_TYPE);
@@ -962,7 +963,7 @@ ldapdb_create(isc_mem_t *mctx, dns_name_t *name, dns_dbtype_t type,
 
 	isc_mem_attach(mctx, &ldapdb->common.mctx);
 	CHECK(isc_mutex_init(&ldapdb->newversion_lock));
-	lock_ready = ISC_TRUE;
+	lock_ready = true;
 	dns_name_init(&ldapdb->common.origin, NULL);
 	isc_ondestroy_init(&ldapdb->common.ondest);
 
@@ -987,7 +988,7 @@ ldapdb_create(isc_mem_t *mctx, dns_name_t *name, dns_dbtype_t type,
 
 cleanup:
 	if (ldapdb != NULL) {
-		if (lock_ready == ISC_TRUE)
+		if (lock_ready == true)
 			RUNTIME_CHECK(isc_mutex_destroy(&ldapdb->newversion_lock)
 				      == ISC_R_SUCCESS);
 		if (dns_name_dynamic(&ldapdb->common.origin))

src/ldap_entry.c

@@ -7,6 +7,7 @@
 #include <dns/ttl.h>
 #include <dns/types.h>
 
+#include <inttypes.h>
 #include <isc/region.h>
 #include <isc/types.h>
 #include <isc/util.h>
@@ -189,8 +190,8 @@ ldap_entry_parse(isc_mem_t *mctx, LDAP *ld, LDAPMessage *ldap_entry,
 	char *attribute;
 	BerElement *ber = NULL;
 	ldap_entry_t *entry = NULL;
-	isc_boolean_t has_zone_dn;
-	isc_boolean_t has_zone_class;
+	bool has_zone_dn;
+	bool has_zone_class;
 
 	REQUIRE(ld != NULL);
 	REQUIRE(ldap_entry != NULL);
@@ -234,9 +235,9 @@ ldap_entry_parse(isc_mem_t *mctx, LDAP *ld, LDAPMessage *ldap_entry,
 		CHECK(dn_to_dnsname(mctx, entry->dn, &entry->fqdn,
 				    &entry->zone_name, &has_zone_dn));
 	else
-		has_zone_dn = ISC_FALSE;
-	has_zone_class = ISC_TF(entry->class & (LDAP_ENTRYCLASS_MASTER
-						| LDAP_ENTRYCLASS_FORWARD));
+		has_zone_dn = false;
+	has_zone_class = entry->class & (LDAP_ENTRYCLASS_MASTER
+					 | LDAP_ENTRYCLASS_FORWARD);
 	CHECK(dn_want_zone(__func__, entry->dn, has_zone_dn, has_zone_class));
 
 
@@ -522,7 +523,7 @@ ldap_entry_getttl(ldap_entry_t *entry, const settings_set_t * settings)
 	isc_textregion_t ttl_text;
 	ldap_valuelist_t values;
 	isc_result_t result;
-	isc_uint32_t ttl;
+	uint32_t ttl;
 
 	REQUIRE(entry != NULL);
 

src/ldap_entry.h

@@ -6,7 +6,6 @@
 #define _LD_LDAP_ENTRY_H_
 
 #include <isc/lex.h>
-#include <isc/util.h>
 #include <dns/types.h>
 
 #include "fwd_register.h"
@@ -19,15 +18,15 @@
 
 /* Represents values associated with LDAP attribute */
 typedef struct ldap_value ldap_value_t;
-typedef LIST(ldap_value_t) ldap_valuelist_t;
+typedef ISC_LIST(ldap_value_t) ldap_valuelist_t;
 struct ldap_value {
         char                    *value;
-        LINK(ldap_value_t)      link;
+        ISC_LINK(ldap_value_t)      link;
 };
 
 /* Represents LDAP attribute and it's values */
 typedef struct ldap_attribute	ldap_attribute_t;
-typedef LIST(ldap_attribute_t)	ldap_attributelist_t;
+typedef ISC_LIST(ldap_attribute_t)	ldap_attributelist_t;
 
 /* Represents LDAP entry and it's attributes */
 typedef unsigned char		ldap_entryclass_t;
@@ -41,7 +40,7 @@ struct ldap_entry {
 
 	ldap_attribute_t	*lastattr;
 	ldap_attributelist_t	attrs;
-	LINK(ldap_entry_t)	link;
+	ISC_LINK(ldap_entry_t)	link;
 
 	/* Parsing. */
 	isc_lex_t		*lex;
@@ -59,7 +58,7 @@ struct ldap_attribute {
 	char			**ldap_values;
 	ldap_value_t		*lastval;
 	ldap_valuelist_t	values;
-	LINK(ldap_attribute_t)	link;
+	ISC_LINK(ldap_attribute_t)	link;
 };
 
 #define LDAP_ENTRYCLASS_NONE	0x0