mirror of
https://github.com/NLnetLabs/unbound.git
synced 2026-01-29 01:47:32 -05:00
dlv anchor file and chroot.
git-svn-id: file:///svn/unbound/trunk@1188 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards
parent
080d9d6540
commit
4cf4659a1d
2 changed files with 27 additions and 12 deletions
|
|
@ -276,24 +276,33 @@ basedir(const char* fname, struct config_file* cfg)
|
|||
return d;
|
||||
}
|
||||
|
||||
/** check chroot for a file string */
|
||||
static void
|
||||
check_chroot_string(const char* desc, char** str,
|
||||
const char* chrootdir, struct config_file* cfg)
|
||||
{
|
||||
char* old;
|
||||
char* s = *str;
|
||||
if(s && s[0]) {
|
||||
if(!is_file(fname_after_chroot(s, cfg, 1))) {
|
||||
fatal_exit("%s: \"%s\" does not exist in chrootdir %s",
|
||||
desc, s, chrootdir);
|
||||
}
|
||||
old = s;
|
||||
/* put in a new full path for continued checking */
|
||||
*str = strdup(fname_after_chroot(s, cfg, 1));
|
||||
free(old);
|
||||
}
|
||||
}
|
||||
|
||||
/** check file list, every file must be inside the chroot location */
|
||||
static void
|
||||
check_chroot_filelist(const char* desc, struct config_strlist* list,
|
||||
const char* chrootdir, struct config_file* cfg)
|
||||
{
|
||||
struct config_strlist* p;
|
||||
char* old;
|
||||
for(p=list; p; p=p->next) {
|
||||
if(p->str && p->str[0]) {
|
||||
if(!is_file(fname_after_chroot(p->str, cfg, 1))) {
|
||||
fatal_exit("%s: \"%s\" does not exist in chrootdir %s",
|
||||
desc, p->str, chrootdir);
|
||||
}
|
||||
old = p->str;
|
||||
/* put in a new full path for continued checking */
|
||||
p->str = strdup(fname_after_chroot(p->str, cfg, 1));
|
||||
free(old);
|
||||
}
|
||||
check_chroot_string(desc, &p->str, chrootdir, cfg);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -360,6 +369,8 @@ morechecks(struct config_file* cfg, char* fname)
|
|||
cfg->trust_anchor_file_list, cfg->chrootdir, cfg);
|
||||
check_chroot_filelist("trusted-keys-file",
|
||||
cfg->trusted_keys_file_list, cfg->chrootdir, cfg);
|
||||
check_chroot_string("dlv-anchor-file", &cfg->dlv_anchor_file,
|
||||
cfg->chrootdir, cfg);
|
||||
/* remove chroot setting so that modules are not stripping pathnames*/
|
||||
free(cfg->chrootdir);
|
||||
cfg->chrootdir = NULL;
|
||||
|
|
|
|||
|
|
@ -801,8 +801,12 @@ anchors_apply_cfg(struct val_anchors* anchors, struct config_file* cfg)
|
|||
}
|
||||
}
|
||||
if(cfg->dlv_anchor_file && cfg->dlv_anchor_file[0] != 0) {
|
||||
nm = cfg->dlv_anchor_file;
|
||||
if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm,
|
||||
cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
|
||||
nm += strlen(cfg->chrootdir);
|
||||
if(!(anchors->dlv_anchor = anchor_read_file(anchors, parsebuf,
|
||||
cfg->dlv_anchor_file, 1))) {
|
||||
nm, 1))) {
|
||||
log_err("error reading dlv-anchor-file: %s",
|
||||
cfg->dlv_anchor_file);
|
||||
ldns_buffer_free(parsebuf);
|
||||
|
|
|
|||
Loading…
Reference in a new issue