From 40068efffecedc142c7fa56ec634eb52b0e86afa Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Mon, 23 Feb 2009 19:25:55 +0000
Subject: [PATCH] Fixed DNSSEC keys directory option

---
 bind8/CHANGELOG      |  2 ++
 bind8/bind8-lib.pl   | 37 +++++++++++++++++++++++--------------
 bind8/records-lib.pl |  2 +-
 3 files changed, 26 insertions(+), 15 deletions(-)

diff --git a/bind8/CHANGELOG b/bind8/CHANGELOG
index c26517010..be8ebe9a2 100644
--- a/bind8/CHANGELOG
+++ b/bind8/CHANGELOG
@@ -98,3 +98,5 @@ Added the DNSSEC Verification page for configuring BIND to validate signatures o
 SPF records can now be added to or updated in multiple zones at once.
 Added an icon to the main page for checking the whole BIND configuration including zone files, with the named-checkconf command.
 Added a Module Config option to prevent inclusion of other slave's IP addresses in the master IP list for remote slaves.
+---- Changes since 1.450 ----
+Fixed the 'Directory for DNSSEC keys' option on the Module Config page so that it is actually used.
diff --git a/bind8/bind8-lib.pl b/bind8/bind8-lib.pl
index a37165e36..fbcf64417 100644
--- a/bind8/bind8-lib.pl
+++ b/bind8/bind8-lib.pl
@@ -2651,15 +2651,29 @@ sub list_dnssec_algorithms
 return ("DSA", "RSAMD5", "RSASHA1", "DH", "HMAC-MD5");
 }
 
+# get_keys_dir(&zone|&zone-name)
+# Returns the directory in which to find DNSSEC keys for some zone
+sub get_keys_dir
+{
+local ($z) = @_;
+if ($config{'keys_dir'}) {
+	return $config{'keys_dir'};
+	}
+else {
+	local $fn = &get_zone_file($z, 2);
+	$fn =~ s/\/[^\/]+$//;
+	return $fn;
+	}
+}
+
 # create_dnssec_key(&zone|&zone-name, algorithm, size, single-key)
 # Creates a new DNSSEC key for some zone, and places it in the same directory
 # as the zone file. Returns undef on success or an error message on failure.
 sub create_dnssec_key
 {
 local ($z, $alg, $size, $single) = @_;
-local $fn = &get_zone_file($z, 2);
-$fn || return "Could not work out records file!";
-$fn =~ s/\/[^\/]+$//;
+local $fn = &get_keys_dir($z);
+$fn || return "Could not work keys directory!";
 
 # Remove all keys for the same zone
 opendir(ZONEDIR, $fn);
@@ -2748,8 +2762,8 @@ sub resign_dnssec_key
 local ($z) = @_;
 local $fn = &get_zone_file($z);
 $fn || return "Could not work out records file!";
-local $dir = $fn;
-$dir =~ s/\/[^\/]+$//;
+local $dir = &get_keys_dir($z);
+$dir || return "Could not work out keys directory!";
 local $dom = $z->{'members'} ? $z->{'values'}->[0] : $z->{'name'};
 
 # Get the old zone key record
@@ -2843,8 +2857,7 @@ sub sign_dnssec_zone
 local ($z, $bump) = @_;
 local $chrootfn = &get_zone_file($z, 2);
 $chrootfn || return "Could not work out records file!";
-$chrootfn =~ /^(.*)\/([^\/]+$)/;
-local ($dir, $zf) = ($1, $2);
+local $dir = &get_keys_dir($z);
 local $dom = $z->{'members'} ? $z->{'values'}->[0] : $z->{'name'};
 local $signed = $chrootfn.".webmin-signed";
 
@@ -2866,7 +2879,7 @@ while($tries++ < 10) {
 		"cd ".quotemeta($dir)." && ".
 		"$config{'signzone'} -o ".quotemeta($dom).
 		" -f ".quotemeta($signed)." ".
-		quotemeta($zf)." 2>&1");
+		quotemeta($chrootfn)." 2>&1");
 	last if (!$?);
 	}
 return $out if ($tries >= 10);
@@ -2910,11 +2923,7 @@ if ($keyrec) {
 sub get_dnssec_key
 {
 local ($z) = @_;
-local $fn = &get_zone_file($z, 1);
-$fn || return ("Could not work out records file!");
-$fn =~ /^(.*)\/([^\/]+$)/;
-local ($chrootdir, $zf) = ($1, $2);
-local $dir = &make_chroot($chrootdir);
+local $dir = &get_keys_dir($z);
 local $dom = $z->{'members'} ? $z->{'values'}->[0] : $z->{'name'};
 local %keymap;
 opendir(ZONEDIR, $dir);
@@ -2927,7 +2936,7 @@ foreach my $f (readdir(ZONEDIR)) {
 		$rv->{'algorithmid'} = $1;
 		$rv->{'keyid'} = $2;
 		local $config{'short_names'} = 0;	# Force canonicalization
-		local ($pub) = &read_zone_file("$chrootdir/$f", $dom);
+		local ($pub) = &read_zone_file("$dir/$f", $dom);
 		$pub || return "Public key file $dir/$f does not contain ".
 			       "any records";
 		$pub->{'name'} eq $dom."." ||
diff --git a/bind8/records-lib.pl b/bind8/records-lib.pl
index e9ec5d15e..c9119048c 100644
--- a/bind8/records-lib.pl
+++ b/bind8/records-lib.pl
@@ -754,7 +754,7 @@ return $rv;
 
 # get_zone_file(&zone|&zonename, [absolute])
 # Returns the relative-to-chroot path to a domain's zone file.
-# If absolute is 1, the path is make absolute. If 2, it is almost un-chrooted
+# If absolute is 1, the path is made absolute. If 2, it is also un-chrooted
 sub get_zone_file
 {
 local ($z, $abs) = @_;