config: per-zone storage and dnssec-keydir

Relative path resolutsions: - global keydir is relative to global storage dir - zone storage dir is relative to global storage dir - zone keydir is relative to zone storage dir Based on patch from Kamil Sopko <kamil.sopko@savana.cz>

config: per-zone storage and dnssec-keydir
c6bd0e1a · Jan Včelák · a50ad00b · c6bd0e1a · c6bd0e1a · c6bd0e1a
Commit c6bd0e1a authored 11 years ago by Jan Včelák
--- a/src/knot/conf/cf-parse.y
+++ b/src/knot/conf/cf-parse.y
@@ -929,6 +929,8 @@ zone:
 | zone FILENAME TEXT ';' { this_zone->file = $3.t; }
 | zone BUILD_DIFFS BOOL ';' { this_zone->build_diffs = $3.i; }
 | zone SEMANTIC_CHECKS BOOL ';' { this_zone->enable_checks = $3.i; }
+ | zone STORAGE TEXT ';' { this_zone->storage = $3.t; }
+ | zone DNSSEC_KEYDIR TEXT ';' { this_zone->dnssec_keydir = $3.t; }
 | zone DISABLE_ANY BOOL ';' { this_zone->disable_any = $3.i; }
 | zone DBSYNC_TIMEOUT NUM ';' {
 	SET_INT(this_zone->dbsync_timeout, $3.i, "zonefile-sync");

--- a/src/knot/conf/conf.c
+++ b/src/knot/conf/conf.c
@@ -140,14 +140,23 @@ static void conf_update_hooks(conf_t *conf)
 	}
 }

-/*! \brief Make relative path absolute to given directory.
- *  \param basedir Base directory.
- *  \param file Relative file name.
+/*!
+ * \brief Make relative path absolute to given directory.
+ *
+ * If basedir is not provided, only normalization is performed.
+ * If file is not provided, returns NULL.
+ *
+ * \param basedir Base directory.
+ * \param file Relative file name.
 */
 static char* conf_abs_path(const char *basedir, char *file)
 {
+	if (!file) {
+		return NULL;
+	}
+
 	/* Make path absolute to the directory. */
-	if (file[0] != '/') {
+	if (basedir && file[0] != '/') {
 		char *basepath = strcdup(basedir, "/");
 		char *path = strcdup(basepath, file);
 		free(basepath);
@@ -320,8 +329,16 @@ static int conf_process(conf_t *conf)
 			}
 		}

+		// Default data directories
+		if (!zone->storage && conf->storage) {
+			zone->storage = strdup(conf->storage);
+		}
+		if (!zone->dnssec_keydir && conf->dnssec_keydir) {
+			zone->dnssec_keydir = strdup(conf->dnssec_keydir);
+		}
+
 		// Default policy for DNSSEC
-		if (!conf->dnssec_keydir) {
+		if (!zone->dnssec_keydir) {
 			zone->dnssec_enable = 0;
 		} else if (zone->dnssec_enable < 0) {
 			zone->dnssec_enable = conf->dnssec_enable;
@@ -348,16 +365,31 @@ static int conf_process(conf_t *conf)
 			}
 		}

-		// Relative zone filenames should be relative to storage
-		zone->file = conf_abs_path(conf->storage, zone->file);
-		if (zone->file == NULL) {
+		// Resolve relative paths everywhere
+		zone->storage = conf_abs_path(conf->storage, zone->storage);
+		zone->file = conf_abs_path(zone->storage, zone->file);
+		if (zone->dnssec_enable) {
+			zone->dnssec_keydir = conf_abs_path(zone->storage,
+			                                    zone->dnssec_keydir);
+		}
+
+		if (!zone->storage || !zone->file) {
+			free(zone->storage);
+			free(zone->file);
 			ret = KNOT_ENOMEM;
 			continue;
 		}

+		// Check DNSSEC keydir setting presence
+		if (zone->dnssec_enable && !zone->dnssec_keydir) {
+			log_server_error("Option 'dnssec-keydir' not set.\n");
+			ret = KNOT_EINVAL;
+			continue;
+		}
+
 		/* Create journal filename. */
 		size_t zname_len = strlen(zone->name);
-		size_t stor_len = strlen(conf->storage);
+		size_t stor_len = strlen(zone->storage);
 		size_t size = stor_len + zname_len + 9; // /diff.db,\0
 		char *dest = malloc(size);
 		if (dest == NULL) {
@@ -367,9 +399,9 @@ static int conf_process(conf_t *conf)
 			continue;
 		}
 		char *dpos = dest;
-		memcpy(dpos, conf->storage, stor_len + 1);
+		memcpy(dpos, zone->storage, stor_len + 1);
 		dpos += stor_len;
-		if (conf->storage[stor_len - 1] != '/') {
+		if (zone->storage[stor_len - 1] != '/') {
 			*(dpos++) = '/';
 			*dpos = '\0';
 		}
@@ -937,6 +969,8 @@ void conf_free_zone(conf_zone_t *zone)
 	free(zone->name);
 	free(zone->file);
 	free(zone->ixfr_db);
+	free(zone->dnssec_keydir);
+	free(zone->storage);
 	free(zone);
 }


--- a/src/knot/conf/conf.h
+++ b/src/knot/conf/conf.h
@@ -117,6 +117,8 @@ typedef struct conf_zone_t {
 	char *name;                /*!< Zone name. */
 	uint16_t cls;              /*!< Zone class (IN or CH). */
 	char *file;                /*!< Path to a zone file. */
+	char *storage;             /*!< Path to a storage dir. */
+	char *dnssec_keydir;       /*!< Path to a DNSSEC key dir. */
 	char *ixfr_db;             /*!< Path to a IXFR database file. */
 	int dnssec_enable;         /*!< DNSSEC: Online signing enabled. */
 	size_t ixfr_fslimit;       /*!< File size limit for IXFR journal. */

--- a/src/libknot/dnssec/zone-events.c
+++ b/src/libknot/dnssec/zone-events.c
@@ -57,9 +57,15 @@ static int init_dnssec_structs(const knot_zone_t *zone,
 	assert(zone_keys);
 	assert(policy);

+	zonedata_t *zone_data = zone->data;
+	assert(zone_data);
+
+	conf_zone_t *config = zone_data->conf;
+	assert(config);
+
 	// Read zone keys from disk
 	bool nsec3_enabled = is_nsec3_enabled(zone->contents);
-	int result = knot_load_zone_keys(conf()->dnssec_keydir,
+	int result = knot_load_zone_keys(config->dnssec_keydir,
 	                                 zone->contents->apex->owner,
 	                                 nsec3_enabled, zone_keys);
 	if (result != KNOT_EOK) {
@@ -79,8 +85,7 @@ static int init_dnssec_structs(const knot_zone_t *zone,
 	}

 	// Override signature lifetime, if set in config
-	zonedata_t *zd = (zonedata_t *)zone->data;
-	int sig_lf = zd->conf->sig_lifetime;
+	int sig_lf = config->sig_lifetime;
 	if (sig_lf > 0) {
 		policy->sign_lifetime = sig_lf;
 	}