[Unbound-users] patch: anchor_read_bind_file supporting wildcards

Paul Wouters paul at xelerance.com
Sat Jan 3 12:59:08 UTC 2009


Hi,

I made a patch for unbound's trusted-keys-file: statement to allow
wildcards, so I can do something like:

trusted-keys-file: "/etc/pki/dnssec-keys/production/*.conf"

It's not the best code, as I'm not an alloc() and free() expert, but
it does work for me :)

It's using scandir without the inbuild filter functionality, which
could also be improved upon.

Paul
-------------- next part --------------
Index: validator/val_anchor.c
===================================================================
--- validator/val_anchor.c	(revision 1404)
+++ validator/val_anchor.c	(working copy)
@@ -47,6 +47,11 @@
 #include "util/regional.h"
 #include "util/config_file.h"
 
+#include <dirent.h>
+#include <libgen.h>
+#include <fnmatch.h>
+
+
 int
 anchor_cmp(const void* k1, const void* k2)
 {
@@ -627,9 +633,53 @@
 	FILE* in = fopen(fname, "r");
 	int rdlen = 0;
 	if(!in) {
-		log_err("error opening file %s: %s", fname, strerror(errno));
-		return 0;
-	}
+		if(strstr(fname,"*")!=NULL) {
+			struct dirent **namelist;
+			char *fnameb = strdup(fname);
+			char *fnamef = strdup(fname);
+			char *dbase, *globmatch;
+			dbase = dirname(fnameb);
+			globmatch = basename(fnamef);
+			int n;
+			verbose(VERB_QUERY, "wildcard found, processing directory");
+			n = scandir(dbase,&namelist, 0, 0);
+			if (n<0) {
+				log_err("error opening wildcard in dir: %s:", dbase);
+				free(namelist);
+				free(dbase);
+				free(fnameb);
+				free(fnamef);
+				free(globmatch);
+				return 0;
+			}
+			else {
+				while(n--) {
+					if (namelist[n]->d_type != DT_DIR) {
+						if(!fnmatch(globmatch,namelist[n]->d_name,0)) {
+							// log_err( "file %s matched pattern %s - loading", namelist[n]->d_name, globmatch);
+							char *newname = malloc(strlen(namelist[n]->d_name) + strlen(dbase) + strlen("/") + 1);
+							strcpy(newname, dbase);
+							strcat(newname,"/");
+							strcat(newname, namelist[n]->d_name);
+							if(!anchor_read_bind_file(anchors, buffer,newname)) {
+                        					log_err("error reading wildcard trusted-keys-file: %s", newname);
+                					}
+							free(newname);
+						} else {
+							// log_err("file %s did not match pattern %s", namelist[n]->d_name, globmatch);
+						}
+					}
+					free(namelist[n]);
+				}
+				free(namelist);
+				free(dbase);
+				// free(fnameb);
+				free(fnamef);
+				// free(globmatch);
+			     }
+			return 1;
+			}
+	         }
 	verbose(VERB_QUERY, "reading in bind-compat-mode: '%s'", fname);
 	/* scan for  trusted-keys  keyword, ignore everything else */
 	ldns_buffer_clear(buffer);


More information about the Unbound-users mailing list