--with-cookiesecretsfile=path for configure

Partly addressing issue #196

Author: wtoorop

Makefile.in

@@ -24,6 +24,7 @@ logfile = @logfile@
 xfrdir = @xfrdir@
 xfrdfile = @xfrdfile@
 zonelistfile = @zonelistfile@
+cookiesecretsfile = @cookiesecretsfile@
 nsdconfigfile = @nsd_conf_file@
 zonesdir = @zonesdir@
 chrootdir= @chrootdir@
@@ -73,6 +74,7 @@ EDIT		= $(SED) \
 			-e 's,@xfrdir\@,$(xfrdir),g' \
 			-e 's,@xfrdfile\@,$(xfrdfile),g' \
 			-e 's,@zonelistfile\@,$(zonelistfile),g' \
+			-e 's,@cookiesecretsfile\@,$(cookiesecretsfile),g' \
 			-e 's,@nsdconfigfile\@,$(nsdconfigfile),g' \
 			-e 's,@shell\@,$(SHELL),g' \
 			-e 's,@ratelimit_default\@,@ratelimit_default@,g' \
@@ -167,6 +169,7 @@ install: all
 	$(INSTALL) -d $(DESTDIR)$(xfrdir)
 	$(INSTALL) -d `dirname $(DESTDIR)$(xfrdfile)`
 	$(INSTALL) -d `dirname $(DESTDIR)$(zonelistfile)`
+	$(INSTALL) -d `dirname $(DESTDIR)$(cookiesecretsfile)`
 	$(INSTALL) -d $(DESTDIR)$(mandir)
 	$(INSTALL) -d $(DESTDIR)$(mandir)/man8
 	$(INSTALL) -d $(DESTDIR)$(mandir)/man5
@@ -189,7 +192,7 @@ uninstall:
 	rm -f -- $(DESTDIR)$(mandir)/man8/nsd-checkconf.8 $(DESTDIR)$(mandir)/man8/nsd-checkzone.8 $(DESTDIR)$(mandir)/man8/nsd-control.8
 	rm -f -- $(DESTDIR)$(pidfile)
 	@echo
-	@echo "You still need to remove $(DESTDIR)$(configdir), $(DESTDIR)$(piddir), $(DESTDIR)$(xfrdfile), $(DESTDIR)$(zonelistfile) directory by hand."
+	@echo "You still need to remove $(DESTDIR)$(configdir), $(DESTDIR)$(piddir), $(DESTDIR)$(xfrdfile), $(DESTDIR)$(zonelistfile) $(DESTDIR)$(cookiesecretsfile) directory by hand."
 
 test: 
 

configure.ac

@@ -126,6 +126,12 @@ AC_ARG_WITH([zonelistfile], AS_HELP_STRING([--with-zonelistfile=path],[Pathname
 AC_DEFINE_UNQUOTED(ZONELISTFILE, ["`eval echo $zonelistfile`"], [Pathname to the NSD zone list file.])
 AC_SUBST(zonelistfile)
 
+# default cookiesecrets file location.
+cookiesecretsfile=${dbdir}/cookiesecrets.txt
+AC_ARG_WITH([cookiesecretsfile], AS_HELP_STRING([--with-cookiesecretsfile=path],[Pathname to the NSD cookie secrets file]), [cookiesecretsfile=$withval])
+AC_DEFINE_UNQUOTED(COOKIESECRETSFILE, ["`eval echo $cookiesecretsfile`"], [Pathname to the NSD cookies secrets file.])
+AC_SUBST(cookiesecretsfile)
+
 # default xfr dir location.
 xfrdir="/tmp"
 AC_ARG_WITH([xfrdir], AS_HELP_STRING([--with-xfrdir=path],[Pathname to where the NSD transfer dir is created]), [xfrdir=$withval])

nsd-control.8.in

@@ -210,7 +210,7 @@ be dropped with the \fBdrop_cookie_secret\fR command.
 .sp
 Persistence is accomplished by writing to a file which if configured with the
 \fBcookie\-secret\-file\fR option in the server section of the config file.
-The default value for that is: @configdir@/nsd_cookiesecrets.txt .
+The default value for that is: @cookiesecretsfile@ .
 .TP
 .B drop_cookie_secret
 Drop the \fIstaging\fR cookie secret.

nsd.c

@@ -905,12 +905,12 @@ bind8_stats (struct nsd *nsd)
 static
 int cookie_secret_file_read(nsd_type* nsd) {
 	char secret[NSD_COOKIE_SECRET_SIZE * 2 + 2/*'\n' and '\0'*/];
-	char const* file = nsd->options->cookie_secret_file;
+	char const* file = nsd->options->cookie_secret_file
+	                 ? nsd->options->cookie_secret_file : COOKIESECRETSFILE;
 	FILE* f;
 	int corrupt = 0;
 	size_t count;
 
-	assert( nsd->options->cookie_secret_file != NULL );
 	f = fopen(file, "r");
 	/* a non-existing cookie file is not an error */
 	if( f == NULL ) { return errno != EPERM; }
@@ -1592,7 +1592,7 @@ main(int argc, char *argv[])
 	}
 #endif /* HAVE_SSL */
 
-	if(nsd.options->cookie_secret_file && nsd.options->cookie_secret_file[0]
+	if((!nsd.options->cookie_secret_file || nsd.options->cookie_secret_file[0])
 	   && !cookie_secret_file_read(&nsd) ) {
 		log_msg(LOG_ERR, "cookie secret file corrupt or not readable");
 	}

nsd.conf.5.in

@@ -490,7 +490,7 @@ calculations.
 File from which the secrets are read used in DNS Cookie calculations. When this
 file exists, the secrets in this file are used and the secret specified by the
 \fBcookie-secret\fR option is ignored.
-Default is @configdir@/nsd_cookiesecrets.txt
+Default is @cookiesecretsfile@
 .sp
 The content of this file must be manipulated with the \fBadd_cookie_secret\fR,
 \fBdrop_cookie_secret\fR and \fBactivate_cookie_secret\fR commands to the

options.c

@@ -151,7 +151,7 @@ nsd_options_create(region_type* region)
 	opt->proxy_protocol_port = NULL;
 	opt->answer_cookie = 0;
 	opt->cookie_secret = NULL;
-	opt->cookie_secret_file = CONFIGDIR"/nsd_cookiesecrets.txt";
+	opt->cookie_secret_file = NULL;
 	opt->control_enable = 0;
 	opt->control_interface = NULL;
 	opt->control_port = NSD_CONTROL_PORT;

tpkg/checkconf.tdir/checkconf.check

@@ -56,7 +56,7 @@ server:
 	tls-port: "853"
 	#tls-cert-bundle:
 	answer-cookie: no
-	cookie-secret-file: "/etc/nsd/nsd_cookiesecrets.txt"
+	cookie-secret-file: "/var/db/nsd/cookiesecrets.txt"
 
 remote-control:
 	control-enable: no
@@ -190,7 +190,7 @@ server:
 	tls-port: "853"
 	#tls-cert-bundle:
 	answer-cookie: no
-	cookie-secret-file: "/etc/nsd/nsd_cookiesecrets.txt"
+	cookie-secret-file: "/var/db/nsd/cookiesecrets.txt"
 
 remote-control:
 	control-enable: no
@@ -267,7 +267,7 @@ server:
 	tls-port: "853"
 	#tls-cert-bundle:
 	answer-cookie: no
-	cookie-secret-file: "/etc/nsd/nsd_cookiesecrets.txt"
+	cookie-secret-file: "/var/db/nsd/cookiesecrets.txt"
 
 remote-control:
 	control-enable: no
@@ -353,7 +353,7 @@ server:
 	tls-port: "853"
 	#tls-cert-bundle:
 	answer-cookie: no
-	cookie-secret-file: "/etc/nsd/nsd_cookiesecrets.txt"
+	cookie-secret-file: "/var/db/nsd/cookiesecrets.txt"
 
 remote-control:
 	control-enable: no
@@ -483,7 +483,7 @@ server:
 	tls-port: "853"
 	#tls-cert-bundle:
 	answer-cookie: no
-	cookie-secret-file: "/etc/nsd/nsd_cookiesecrets.txt"
+	cookie-secret-file: "/var/db/nsd/cookiesecrets.txt"
 
 remote-control:
 	control-enable: no
@@ -611,7 +611,7 @@ server:
 	tls-port: "853"
 	#tls-cert-bundle:
 	answer-cookie: no
-	cookie-secret-file: "/etc/nsd/nsd_cookiesecrets.txt"
+	cookie-secret-file: "/var/db/nsd/cookiesecrets.txt"
 
 remote-control:
 	control-enable: no

tpkg/checkconf.tdir/checkconf.check2.in

@@ -56,7 +56,7 @@ server:
 	tls-port: "853"
 	#tls-cert-bundle:
 	answer-cookie: no
-	cookie-secret-file: "@configdir@/nsd_cookiesecrets.txt"
+	cookie-secret-file: "@cookiesecretsfile@"
 
 remote-control:
 	control-enable: no
@@ -190,7 +190,7 @@ server:
 	tls-port: "853"
 	#tls-cert-bundle:
 	answer-cookie: no
-	cookie-secret-file: "@configdir@/nsd_cookiesecrets.txt"
+	cookie-secret-file: "@cookiesecretsfile@"
 
 remote-control:
 	control-enable: no
@@ -267,7 +267,7 @@ server:
 	tls-port: "853"
 	#tls-cert-bundle:
 	answer-cookie: no
-	cookie-secret-file: "@configdir@/nsd_cookiesecrets.txt"
+	cookie-secret-file: "@cookiesecretsfile@"
 
 remote-control:
 	control-enable: no
@@ -353,7 +353,7 @@ server:
 	tls-port: "853"
 	#tls-cert-bundle:
 	answer-cookie: no
-	cookie-secret-file: "@configdir@/nsd_cookiesecrets.txt"
+	cookie-secret-file: "@cookiesecretsfile@"
 
 remote-control:
 	control-enable: no
@@ -483,7 +483,7 @@ server:
 	tls-port: "853"
 	#tls-cert-bundle:
 	answer-cookie: no
-	cookie-secret-file: "@configdir@/nsd_cookiesecrets.txt"
+	cookie-secret-file: "@cookiesecretsfile@"
 
 remote-control:
 	control-enable: no
@@ -611,7 +611,7 @@ server:
 	tls-port: "853"
 	#tls-cert-bundle:
 	answer-cookie: no
-	cookie-secret-file: "@configdir@/nsd_cookiesecrets.txt"
+	cookie-secret-file: "@cookiesecretsfile@"
 
 remote-control:
 	control-enable: no