utils: add maximum configuration size command line option

configure.ac

@@ -430,6 +430,7 @@ AS_CASE([$conf_mapsize],
     [*],  [AS_IF([test $conf_mapsize != $(( $conf_mapsize + 0 ))],
                  [AC_ERROR([conf_mapsize must be an integer number])])])
 AC_DEFINE_UNQUOTED([CONF_MAPSIZE], [$conf_mapsize], [Configuration DB mapsize.])
+AC_SUBST(conf_mapsize)
 
 # libedit
 AS_IF([test "$enable_daemon" = "yes" -o "$enable_utilities" = "yes"], [
@@ -560,7 +561,7 @@ result_msg_base="  Knot DNS $VERSION
     GnuTLS:   ${gnutls_LIBS} ${gnutls_CFLAGS}
     Libedit:  ${libedit_LIBS} ${libedit_CFLAGS}
     LMDB:     ${enable_lmdb} ${lmdb_LIBS} ${lmdb_CFLAGS}
-    Config:   ${conf_mapsize} MiB mapsize
+    Config:   ${conf_mapsize} MiB default mapsize
 
     Prefix:      ${knot_prefix}
     Run dir:     ${run_dir}

doc/Makefile.am

@@ -113,7 +113,14 @@ man/knsupdate.1:	man/knsupdate.1in
 man/knsec3hash.1:	man/knsec3hash.1in
 man/kzonecheck.1:	man/kzonecheck.1in
 
-man_SUBST = $(AM_V_GEN)mkdir -p man; sed -e 's,[@]VERSION@,$(VERSION),' -e 's,[@]RELEASE_DATE@,$(RELEASE_DATE),' $< > $@
+man_SUBST = $(AM_V_GEN)mkdir -p man; \
+            sed -e 's,[@]VERSION@,$(VERSION),' \
+                -e 's,[@]RELEASE_DATE@,$(RELEASE_DATE),' \
+                -e 's,[@]config_dir@,$(config_dir),' \
+                -e 's,[@]storage_dir@,$(storage_dir),' \
+                -e 's,[@]run_dir@,$(run_dir),' \
+                -e 's,[@]conf_mapsize@,$(conf_mapsize),' \
+            $< > $@
 
 .1in.1:
 	$(man_SUBST)

doc/man/knotc.8in

@@ -47,6 +47,9 @@ Use a binary configuration database directory (default is \fB@storage_dir@/confd
 The default configuration database, if exists, has a preference to the default
 configuration file.
 .TP
+\fB\-m\fP, \fB\-\-max\-conf\-size\fP \fIMiB\fP
+Set maximum configuration size (default is @conf_mapsize@ MiB, maximum 10000 MiB).
+.TP
 \fB\-s\fP, \fB\-\-socket\fP \fIpath\fP
 Use a control UNIX socket path (default is \fB@run_dir@/knot.sock\fP).
 .TP

doc/man/knotd.8in

@@ -45,6 +45,9 @@ Use a binary configuration database directory (default is \fB@storage_dir@/confd
 The default configuration database, if exists, has a preference to the default
 configuration file.
 .TP
+\fB\-m\fP, \fB\-\-max\-conf\-size\fP \fIMiB\fP
+Set maximum configuration size (default is @conf_mapsize@ MiB, maximum 10000 MiB).
+.TP
 \fB\-s\fP, \fB\-\-socket\fP \fIpath\fP
 Use a remote control UNIX socket path (default is \fB@run_dir@/knot.sock\fP).
 .TP
@@ -64,7 +67,7 @@ Print the program version.
 .SH SEE ALSO
 .sp
 \fBknot.conf(5)\fP, \fBknotc(8)\fP, \fBkeymgr(8)\fP,
-\fBkjournalprint(1)\fP\&.
+\fBkjournalprint(8)\fP\&.
 .SH AUTHOR
 CZ.NIC Labs <http://www.knot-dns.cz>
 .SH COPYRIGHT

doc/man_knotc.rst

@@ -24,6 +24,9 @@ Parameters
   The default configuration database, if exists, has a preference to the default
   configuration file.
 
+**-m**, **--max-conf-size** *MiB*
+  Set maximum configuration size (default is @conf_mapsize@ MiB, maximum 10000 MiB).
+
 **-s**, **--socket** *path*
   Use a control UNIX socket path (default is :file:`@run_dir@/knot.sock`).
 

doc/man_knotd.rst

@@ -22,6 +22,9 @@ Parameters
   The default configuration database, if exists, has a preference to the default
   configuration file.
 
+**-m**, **--max-conf-size** *MiB*
+  Set maximum configuration size (default is @conf_mapsize@ MiB, maximum 10000 MiB).
+
 **-s**, **--socket** *path*
   Use a remote control UNIX socket path (default is :file:`@run_dir@/knot.sock`).
 

src/knot/conf/base.c

@@ -145,6 +145,7 @@ int conf_new(
 	conf_t **conf,
 	const yp_item_t *schema,
 	const char *db_dir,
+	size_t max_conf_size,
 	conf_flag_t flags)
 {
 	if (conf == NULL) {
@@ -182,7 +183,7 @@ int conf_new(
 	// Set the DB api.
 	out->api = knot_db_lmdb_api();
 	struct knot_db_lmdb_opts lmdb_opts = KNOT_DB_LMDB_OPTS_INITIALIZER;
-	lmdb_opts.mapsize = (size_t)CONF_MAPSIZE * 1024 * 1024;
+	lmdb_opts.mapsize = max_conf_size;
 	lmdb_opts.maxreaders = CONF_MAX_DB_READERS;
 	lmdb_opts.flags.env = KNOT_DB_LMDB_NOTLS;
 

src/knot/conf/base.h

@@ -187,10 +187,11 @@ void conf_refresh_hostname(
 /*!
  * Creates new or opens old configuration database.
  *
- * \param[out] conf   Configuration.
- * \param[in] schema  Configuration schema.
- * \param[in] db_dir  Database path or NULL.
- * \param[in] flags   Access flags.
+ * \param[out] conf          Configuration.
+ * \param[in] schema         Configuration schema.
+ * \param[in] db_dir         Database path or NULL.
+ * \param[in] max_conf_size  Maximum configuration DB size in bytes (LMDB mapsize).
+ * \param[in] flags          Access flags.
  *
  * \return Error code, KNOT_EOK if success.
  */
@@ -198,6 +199,7 @@ int conf_new(
 	conf_t **conf,
 	const yp_item_t *schema,
 	const char *db_dir,
+	size_t max_conf_size,
 	conf_flag_t flags
 );
 

src/utils/keymgr/main.c

@@ -212,13 +212,15 @@ main_end:
 
 static bool init_conf(const char *confdb)
 {
+	size_t max_conf_size = (size_t)CONF_MAPSIZE * 1024 * 1024;
+
 	conf_flag_t flags = CONF_FNOHOSTNAME | CONF_FOPTMODULES;
 	if (confdb != NULL) {
 		flags |= CONF_FREADONLY;
 	}
 
 	conf_t *new_conf = NULL;
-	int ret = conf_new(&new_conf, conf_schema, confdb, flags);
+	int ret = conf_new(&new_conf, conf_schema, confdb, max_conf_size, flags);
 	if (ret != KNOT_EOK) {
 		printf("Failed opening configuration database %s (%s)\n",
 		       (confdb == NULL ? "" : confdb), knot_strerror(ret));

src/utils/knotc/main.c

-/*  Copyright (C) 2016 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/*  Copyright (C) 2018 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
 
     This program is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -25,7 +25,7 @@
 #include "utils/knotc/process.h"
 
 #define PROGRAM_NAME		"knotc"
-#define SPACE			"                  "
+#define SPACE			"  "
 #define DEFAULT_CTL_TIMEOUT	5
 
 static void print_help(void)
@@ -33,25 +33,28 @@ static void print_help(void)
 	printf("Usage: %s [parameters] <action> [action_args]\n"
 	       "\n"
 	       "Parameters:\n"
-	       " -c, --config <file>"SPACE"Use a textual configuration file.\n"
-	       "                    "SPACE" (default %s)\n"
-	       " -C, --confdb <dir> "SPACE"Use a binary configuration database directory.\n"
-	       "                    "SPACE" (default %s)\n"
-	       " -s, --socket <path>"SPACE"Use a control UNIX socket path.\n"
-	       "                    "SPACE" (default %s)\n"
-	       " -t, --timeout <sec>"SPACE"Use a control socket timeout in seconds.\n"
-	       "                    "SPACE" (default %u seconds)\n"
-	       " -f, --force        "SPACE"Forced operation. Overrides some checks.\n"
-	       " -v, --verbose      "SPACE"Enable debug output.\n"
-	       " -h, --help         "SPACE"Print the program help.\n"
-	       " -V, --version      "SPACE"Print the program version.\n",
+	       " -c, --config <file>      "SPACE"Use a textual configuration file.\n"
+	       "                          "SPACE" (default %s)\n"
+	       " -C, --confdb <dir>       "SPACE"Use a binary configuration database directory.\n"
+	       "                          "SPACE" (default %s)\n"
+	       " -m, --max-conf-size <MiB>"SPACE"Set maximum configuration size (max 10000 MiB).\n"
+	       "                          "SPACE" (default %d MiB)\n"
+	       " -s, --socket <path>      "SPACE"Use a control UNIX socket path.\n"
+	       "                          "SPACE" (default %s)\n"
+	       " -t, --timeout <sec>      "SPACE"Use a control socket timeout (max 7200 seconds).\n"
+	       "                          "SPACE" (default %u seconds)\n"
+	       " -f, --force              "SPACE"Forced operation. Overrides some checks.\n"
+	       " -v, --verbose            "SPACE"Enable debug output.\n"
+	       " -h, --help               "SPACE"Print the program help.\n"
+	       " -V, --version            "SPACE"Print the program version.\n",
 	       PROGRAM_NAME, CONF_DEFAULT_FILE, CONF_DEFAULT_DBDIR,
-	       RUN_DIR "/knot.sock", DEFAULT_CTL_TIMEOUT);
+	       CONF_MAPSIZE, RUN_DIR "/knot.sock", DEFAULT_CTL_TIMEOUT);
 
 	print_commands();
 }
 
 params_t params = {
+	.max_conf_size = (size_t)CONF_MAPSIZE * 1024 * 1024,
 	.timeout = DEFAULT_CTL_TIMEOUT * 1000
 };
 
@@ -59,20 +62,21 @@ int main(int argc, char **argv)
 {
 	/* Long options. */
 	struct option opts[] = {
-		{ "config",  required_argument, NULL, 'c' },
-		{ "confdb",  required_argument, NULL, 'C' },
-		{ "socket",  required_argument, NULL, 's' },
-		{ "timeout", required_argument, NULL, 't' },
-		{ "force",   no_argument,       NULL, 'f' },
-		{ "verbose", no_argument,       NULL, 'v' },
-		{ "help",    no_argument,       NULL, 'h' },
-		{ "version", no_argument,       NULL, 'V' },
+		{ "config",        required_argument, NULL, 'c' },
+		{ "confdb",        required_argument, NULL, 'C' },
+		{ "max-conf-size", required_argument, NULL, 'm' },
+		{ "socket",        required_argument, NULL, 's' },
+		{ "timeout",       required_argument, NULL, 't' },
+		{ "force",         no_argument,       NULL, 'f' },
+		{ "verbose",       no_argument,       NULL, 'v' },
+		{ "help",          no_argument,       NULL, 'h' },
+		{ "version",       no_argument,       NULL, 'V' },
 		{ NULL }
 	};
 
 	/* Parse command line arguments */
 	int opt = 0;
-	while ((opt = getopt_long(argc, argv, "+c:C:s:t:fvhV", opts, NULL)) != -1) {
+	while ((opt = getopt_long(argc, argv, "+c:C:m:s:t:fvhV", opts, NULL)) != -1) {
 		switch (opt) {
 		case 'c':
 			params.config = optarg;
@@ -80,11 +84,19 @@ int main(int argc, char **argv)
 		case 'C':
 			params.confdb = optarg;
 			break;
+		case 'm':
+			if (str_to_size(optarg, &params.max_conf_size, 1, 10000) != KNOT_EOK) {
+				print_help();
+				return EXIT_FAILURE;
+			}
+			/* Convert to bytes. */
+			params.max_conf_size *= 1024 * 1024;
+			break;
 		case 's':
 			params.socket = optarg;
 			break;
 		case 't':
-			if (str_to_int(optarg, &params.timeout) != KNOT_EOK) {
+			if (str_to_int(optarg, &params.timeout, 0, 7200) != KNOT_EOK) {
 				print_help();
 				return EXIT_FAILURE;
 			}

src/utils/knotc/process.c

-/*  Copyright (C) 2017 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/*  Copyright (C) 2018 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
 
     This program is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -91,7 +91,8 @@ int set_config(const cmd_desc_t *desc, params_t *params)
 
 	/* Open confdb. */
 	conf_t *new_conf = NULL;
-	int ret = conf_new(&new_conf, conf_schema, params->confdb, conf_flags);
+	int ret = conf_new(&new_conf, conf_schema, params->confdb,
+	                   params->max_conf_size, conf_flags);
 	if (ret != KNOT_EOK) {
 		log_error("failed to open configuration database '%s' (%s)",
 		          (params->confdb != NULL) ? params->confdb : "",

src/utils/knotc/process.h

-/*  Copyright (C) 2017 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/*  Copyright (C) 2018 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
 
     This program is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -30,6 +30,7 @@
 typedef struct {
 	const char *config;
 	const char *confdb;
+	size_t max_conf_size;
 	const char *socket;
 	bool verbose;
 	bool force;

src/utils/knotd/main.c

@@ -35,6 +35,7 @@
 
 #include "libdnssec/crypto.h"
 #include "libknot/libknot.h"
+#include "contrib/strtonum.h"
 #include "knot/ctl/process.h"
 #include "knot/conf/conf.h"
 #include "knot/conf/migration.h"
@@ -282,17 +283,20 @@ static void print_help(void)
 	printf("Usage: %s [parameters]\n"
 	       "\n"
 	       "Parameters:\n"
-	       " -c, --config <file>     Use a textual configuration file.\n"
-	       "                           (default %s)\n"
-	       " -C, --confdb <dir>      Use a binary configuration database directory.\n"
-	       "                           (default %s)\n"
-	       " -s, --socket <path>     Use a remote control UNIX socket path.\n"
-	       "                           (default %s)\n"
-	       " -d, --daemonize=[dir]   Run the server as a daemon (with new root directory).\n"
-	       " -v, --verbose           Enable debug output.\n"
-	       " -h, --help              Print the program help.\n"
-	       " -V, --version           Print the program version.\n",
-	       PROGRAM_NAME, CONF_DEFAULT_FILE, CONF_DEFAULT_DBDIR, RUN_DIR "/knot.sock");
+	       " -c, --config <file>        Use a textual configuration file.\n"
+	       "                             (default %s)\n"
+	       " -C, --confdb <dir>         Use a binary configuration database directory.\n"
+	       "                             (default %s)\n"
+	       " -m, --max-conf-size <MiB>  Set maximum configuration size (max 10000 MiB).\n"
+	       "                             (default %d MiB)\n"
+	       " -s, --socket <path>        Use a remote control UNIX socket path.\n"
+	       "                             (default %s)\n"
+	       " -d, --daemonize=[dir]      Run the server as a daemon (with new root directory).\n"
+	       " -v, --verbose              Enable debug output.\n"
+	       " -h, --help                 Print the program help.\n"
+	       " -V, --version              Print the program version.\n",
+	       PROGRAM_NAME, CONF_DEFAULT_FILE, CONF_DEFAULT_DBDIR,
+	       CONF_MAPSIZE, RUN_DIR "/knot.sock");
 }
 
 static void print_version(void)
@@ -300,7 +304,7 @@ static void print_version(void)
 	printf("%s (Knot DNS), version %s\n", PROGRAM_NAME, PACKAGE_VERSION);
 }
 
-static int set_config(const char *confdb, const char *config)
+static int set_config(const char *confdb, const char *config, size_t max_conf_size)
 {
 	if (config != NULL && confdb != NULL) {
 		log_fatal("ambiguous configuration source");
@@ -328,7 +332,7 @@ static int set_config(const char *confdb, const char *config)
 
 	/* Open confdb. */
 	conf_t *new_conf = NULL;
-	int ret = conf_new(&new_conf, conf_schema, confdb, CONF_FREQMODULES);
+	int ret = conf_new(&new_conf, conf_schema, confdb, max_conf_size, CONF_FREQMODULES);
 	if (ret != KNOT_EOK) {
 		log_fatal("failed to open configuration database '%s' (%s)",
 		          (confdb != NULL) ? confdb : "", knot_strerror(ret));
@@ -392,25 +396,27 @@ int main(int argc, char **argv)
 	bool daemonize = false;
 	const char *config = NULL;
 	const char *confdb = NULL;
+	size_t max_conf_size = (size_t)CONF_MAPSIZE * 1024 * 1024;
 	const char *daemon_root = "/";
 	char *socket = NULL;
 	bool verbose = false;
 
 	/* Long options. */
 	struct option opts[] = {
-		{ "config",    required_argument, NULL, 'c' },
-		{ "confdb",    required_argument, NULL, 'C' },
-		{ "socket",    required_argument, NULL, 's' },
-		{ "daemonize", optional_argument, NULL, 'd' },
-		{ "verbose",   no_argument,       NULL, 'v' },
-		{ "help",      no_argument,       NULL, 'h' },
-		{ "version",   no_argument,       NULL, 'V' },
+		{ "config",        required_argument, NULL, 'c' },
+		{ "confdb",        required_argument, NULL, 'C' },
+		{ "max-conf-size", required_argument, NULL, 'm' },
+		{ "socket",        required_argument, NULL, 's' },
+		{ "daemonize",     optional_argument, NULL, 'd' },
+		{ "verbose",       no_argument,       NULL, 'v' },
+		{ "help",          no_argument,       NULL, 'h' },
+		{ "version",       no_argument,       NULL, 'V' },
 		{ NULL }
 	};
 
 	/* Parse command line arguments. */
-	int opt = 0, li = 0;
-	while ((opt = getopt_long(argc, argv, "c:C:s:dvhV", opts, &li)) != -1) {
+	int opt = 0;
+	while ((opt = getopt_long(argc, argv, "c:C:m:s:dvhV", opts, NULL)) != -1) {
 		switch (opt) {
 		case 'c':
 			config = optarg;
@@ -418,6 +424,14 @@ int main(int argc, char **argv)
 		case 'C':
 			confdb = optarg;
 			break;
+		case 'm':
+			if (str_to_size(optarg, &max_conf_size, 1, 10000) != KNOT_EOK) {
+				print_help();
+				return EXIT_FAILURE;
+			}
+			/* Convert to bytes. */
+			max_conf_size *= 1024 * 1024;
+			break;
 		case 's':
 			socket = optarg;
 			break;
@@ -476,7 +490,7 @@ int main(int argc, char **argv)
 	}
 
 	/* Set up the configuration */
-	int ret = set_config(confdb, config);
+	int ret = set_config(confdb, config, max_conf_size);
 	if (ret != KNOT_EOK) {
 		log_close();
 		return EXIT_FAILURE;

tests/knot/test_conf.h

-/*  Copyright (C) 2017 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/*  Copyright (C) 2018 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
 
     This program is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -28,7 +28,7 @@ static inline int test_conf(const char *conf_str, const yp_item_t *schema)
 	}
 
 	conf_t *new_conf = NULL;
-	int ret = conf_new(&new_conf, schema, NULL, CONF_FNONE);
+	int ret = conf_new(&new_conf, schema, NULL, 2 * 1024 * 1024, CONF_FNONE);
 	if (ret != KNOT_EOK) {
 		return ret;
 	}