From 96da8560184a7252e0938edf9b0e2cd1ff473cb9 Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Tue, 9 Dec 2025 16:52:44 -0800
Subject: [PATCH] use the zone file's basename as origin in dnssec tools

In dnssec-signzone and dnssec-verify, if the zone origin is not
specified using the `-o` parameter, the default behavior is to try
to use the zone's file name as the origin. So, for example,
`dnssec-signzone -S example.com` or 'dnssec-verify example.com'
will work, so long as the file name matches the zone name.

This now also works if the zone is in a different directory.
For example, `dnssec-signzone -S zones/example.com` or
'dnssec-verify zones/example.com' will set the origin value
to `example.com`.

(cherry picked from commit b8cb65db93a3daeb01f55d157580f492ded066fa)
---
 bin/dnssec/dnssec-signzone.c | 10 ++++++----
 bin/dnssec/dnssec-verify.c   | 21 ++++++++++-----------
 2 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
index 26d98b2958..d0493074d6 100644
--- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c
@@ -2575,7 +2575,8 @@ nsec3ify(unsigned int hashalg, dns_iterations_t iterations,
  * Load the zone file from disk
  */
 static void
-loadzone(char *file, char *origin, dns_rdataclass_t rdclass, dns_db_t **db) {
+loadzone(char *file, const char *origin, dns_rdataclass_t rdclass,
+	 dns_db_t **db) {
 	isc_buffer_t b;
 	int len;
 	dns_fixedname_t fname;
@@ -2583,7 +2584,7 @@ loadzone(char *file, char *origin, dns_rdataclass_t rdclass, dns_db_t **db) {
 	isc_result_t result;
 
 	len = strlen(origin);
-	isc_buffer_init(&b, origin, len);
+	isc_buffer_constinit(&b, origin, len);
 	isc_buffer_add(&b, len);
 
 	name = dns_fixedname_initname(&fname);
@@ -3377,7 +3378,8 @@ main(int argc, char *argv[]) {
 	int ch;
 	char *startstr = NULL, *endstr = NULL, *classname = NULL;
 	char *dnskey_endstr = NULL;
-	char *origin = NULL, *file = NULL, *output = NULL;
+	const char *origin = NULL;
+	char *file = NULL, *output = NULL;
 	char *inputformatstr = NULL, *outputformatstr = NULL;
 	char *serialformatstr = NULL;
 	char *dskeyfile[MAXDSKEYS];
@@ -3806,7 +3808,7 @@ main(int argc, char *argv[]) {
 	argv += 1;
 
 	if (origin == NULL) {
-		origin = file;
+		origin = isc_file_basename(file);
 	}
 
 	if (output == NULL) {
diff --git a/bin/dnssec/dnssec-verify.c b/bin/dnssec/dnssec-verify.c
index 27c17e905d..01d86edf8d 100644
--- a/bin/dnssec/dnssec-verify.c
+++ b/bin/dnssec/dnssec-verify.c
@@ -92,7 +92,8 @@ report(const char *format, ...) {
  * Load the zone file from disk
  */
 static void
-loadzone(char *file, char *origin, dns_rdataclass_t rdclass, dns_db_t **db) {
+loadzone(char *file, const char *origin, bool origin_is_file,
+	 dns_rdataclass_t rdclass, dns_db_t **db) {
 	isc_buffer_t b;
 	int len;
 	dns_fixedname_t fname;
@@ -100,7 +101,7 @@ loadzone(char *file, char *origin, dns_rdataclass_t rdclass, dns_db_t **db) {
 	isc_result_t result;
 
 	len = strlen(origin);
-	isc_buffer_init(&b, origin, len);
+	isc_buffer_constinit(&b, origin, len);
 	isc_buffer_add(&b, len);
 
 	name = dns_fixedname_initname(&fname);
@@ -120,12 +121,7 @@ loadzone(char *file, char *origin, dns_rdataclass_t rdclass, dns_db_t **db) {
 	case ISC_R_SUCCESS:
 		break;
 	case DNS_R_NOTZONETOP:
-		/*
-		 * Comparing pointers (vs. using strcmp()) is intentional: we
-		 * want to check whether -o was supplied on the command line,
-		 * not whether origin and file contain the same string.
-		 */
-		if (origin == file) {
+		if (origin_is_file) {
 			fatal("failed loading zone '%s' from file '%s': "
 			      "use -o to specify a different zone origin",
 			      origin, file);
@@ -168,7 +164,8 @@ usage(int ret) {
 
 int
 main(int argc, char *argv[]) {
-	char *origin = NULL, *file = NULL;
+	const char *origin = NULL;
+	char *file = NULL;
 	char *inputformatstr = NULL;
 	isc_result_t result;
 	isc_log_t *log = NULL;
@@ -177,6 +174,7 @@ main(int argc, char *argv[]) {
 	dns_rdataclass_t rdclass;
 	char *endp;
 	int ch;
+	bool origin_is_file = false;
 
 #define CMDLINE_FLAGS "c:E:hJ:m:o:I:qv:Vxz"
 
@@ -305,7 +303,8 @@ main(int argc, char *argv[]) {
 	POST(argv);
 
 	if (origin == NULL) {
-		origin = file;
+		origin = isc_file_basename(file);
+		origin_is_file = true;
 	}
 
 	if (inputformatstr != NULL) {
@@ -320,7 +319,7 @@ main(int argc, char *argv[]) {
 
 	gdb = NULL;
 	report("Loading zone '%s' from file '%s'\n", origin, file);
-	loadzone(file, origin, rdclass, &gdb);
+	loadzone(file, origin, origin_is_file, rdclass, &gdb);
 	if (journal != NULL) {
 		loadjournal(mctx, gdb, journal);
 	}