X-Git-Url: https://git.distorted.org.uk/~mdw/zoneconf/blobdiff_plain/7de7888a156f3558297545a97d8fe6c418230daf..07da6299118030363be4e6e19b199c7dba0abf1f:/zoneconf.in diff --git a/zoneconf.in b/zoneconf.in index edf1184..137c2b5 100755 --- a/zoneconf.in +++ b/zoneconf.in @@ -198,6 +198,13 @@ proc run {what command args} { } } +proc isolate {body} { + ## Evaluate BODY without changing the caller's variables. Return its + ## result. + + eval $body +} + ###-------------------------------------------------------------------------- ### Configuration spaces. ### @@ -942,12 +949,21 @@ proc host-canonify {host} { proc local-address-p {addr} { ## Answer whether the ADDR is one of the host's addresses. + global env - if {[catch { set sk [socket -server {} -myaddr $addr 0] }]} { - return false + if {[info exists env(ZONECONF_LOCAL_ADDRESSES)]} { + if {[string match "*:$addr:*" ":$env(ZONECONF_LOCAL_ADDRESSES):"]} { + return true + } else { + return false + } } else { - close $sk - return true + if {[catch { set sk [socket -server {} -myaddr $addr 0] }]} { + return false + } else { + close $sk + return true + } } } @@ -992,11 +1008,11 @@ define-configuration-space zone ZONECFG { define-simple dir-mode 2775 define-simple zone-file "%v/%z.zone" define-simple soa-format increment + define-simple allow-query nil define-list views * define-list sign-views {} define-list signzone-command \ [list "$BINDPROGS/dnssec-signzone" \ - "-g" \ "-S" \ "-K%h/key" \ "-d%h/ds" \ @@ -1016,6 +1032,7 @@ define-configuration-space zone ZONECFG { "-Sfail" \ "-Wfail" \ "%z" "%f"] + define-list also-notify nil define setvar {name value} { dict set ZONECFG(var) $name $value @@ -1119,6 +1136,16 @@ proc output-file-name {view} { return [string map [list %v $view] $ZONECFG(conf-file)] } +proc temporary-directory {} { + ## Create a temporary directory and set as the working directory. + + global ZONECFG + set tmp [file join $ZONECFG(home-dir) "tmp"] + file mkdir $tmp + cd $tmp + return $tmp +} + proc compute-zone-properties {view config} { ## Derive interesting information from the zone configuration plist CONFIG, ## relative to the stated server VIEW. Return a new plist. @@ -1280,6 +1307,9 @@ proc write-zone-stanza {view chan config} { master { puts $chan "\ttype master;" puts $chan "\tfile \"$zone(server-file-name)\";" + if {![string equal $zone(also-notify) "nil"]} { + puts $chan "\talso-notify { [join $zone(also-notify) {; }]; };" + } switch -exact -- $zone(type) { dynamic { write-ddns-update-policy "\t" $chan $config @@ -1300,6 +1330,9 @@ proc write-zone-stanza {view chan config} { } } } + if {![string equal $zone(allow-query) nil]} { + puts $chan "\tallow-query {$zone(allow-query)};" + } puts $chan "};"; } @@ -1313,7 +1346,7 @@ defcmd outputs {} { } { global ZONECFG CONFFILE - confspc-eval toplevel [list source $CONFFILE] + isolate [list confspc-eval toplevel [list source $CONFFILE]] foreach view $ZONECFG(all-views) { puts [output-file-name $view] } } @@ -1323,7 +1356,7 @@ defcmd update {} { global ZONECFG ZONES CONFFILE ## Read the configuration. - confspc-eval toplevel [list source $CONFFILE] + isolate [list confspc-eval toplevel [list source $CONFFILE]] ## Safely update the files. set win false @@ -1378,10 +1411,10 @@ provided by the named USER." global QUIS ZONECFG ZONES CONFFILE errorInfo errorCode ## Read the configuration. - confspc-eval toplevel [list source $CONFFILE] + isolate [list confspc-eval toplevel [list source $CONFFILE]] ## Make sure there's a temporary directory. - file mkdir [file join $ZONECFG(home-dir) "tmp"] + set tmpdir [temporary-directory] ## Keep track of cleanup jobs. set cleanup {} @@ -1412,8 +1445,7 @@ provided by the named USER." ## Make a new temporary file to read the zone into. set pid [pid] for {set i 0} {$i < 1000} {incr i} { - set tmp [file join $ZONECFG(home-dir) "tmp" \ - "tmp.$pid.$i.$user.$name"] + set tmp [file join $tmpdir "tmp.$pid.$i.$user.$name"] if {![catch { set chan [open $tmp {WRONLY CREAT EXCL}] } msg]} { break } elseif {[string equal [lindex $errorCode 0] POSIX] && \ @@ -1477,7 +1509,7 @@ defcmd sign {} { set rc 0 ## Read the configuration. - confspc-eval toplevel [list source $CONFFILE] + isolate [list confspc-eval toplevel [list source $CONFFILE]] ## Grind through all of the zones. array unset seen