Check if key-store directory exists

Similar to key-directory, check if the key-store directory exists and
if it is an actual directory.

This commit fixes an accidental test bug in checkconf where if
the "warn key-dir" test failed, the result was ignored.

bin/tests/system/checkconf/tests.sh

@@ -300,20 +300,32 @@ n=$((n + 1))
 echo_i "checking for missing key directory warning ($n)"
 ret=0
 rm -rf test.keydir
+rm -rf test.keystoredir
 $CHECKCONF warn-keydir.conf >checkconf.out$n.1 2>&1
 l=$(grep "'test.keydir' does not exist" <checkconf.out$n.1 | wc -l)
 [ $l -eq 1 ] || ret=1
+l=$(grep "'test.keystoredir' does not exist" <checkconf.out$n.1 | wc -l)
+[ $l -eq 1 ] || ret=1
 touch test.keydir
+touch test.keystoredir
 $CHECKCONF warn-keydir.conf >checkconf.out$n.2 2>&1
 l=$(grep "'test.keydir' is not a directory" <checkconf.out$n.2 | wc -l)
 [ $l -eq 1 ] || ret=1
+l=$(grep "'test.keystoredir' is not a directory" <checkconf.out$n.2 | wc -l)
+[ $l -eq 1 ] || ret=1
 rm -f test.keydir
+rm -f test.keystoredir
 mkdir test.keydir
+mkdir test.keystoredir
 $CHECKCONF warn-keydir.conf >checkconf.out$n.3 2>&1
 l=$(grep "key-directory" <checkconf.out$n.3 | wc -l)
 [ $l -eq 0 ] || ret=1
+l=$(grep "key-store directory" <checkconf.out$n.3 | wc -l)
+[ $l -eq 0 ] || ret=1
 rm -rf test.keydir
+rm -rf test.keystoredir
 if [ $ret -ne 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
 
 n=$((n + 1))
 echo_i "checking that named-checkconf -z catches conflicting ttl with max-ttl ($n)"

bin/tests/system/checkconf/warn-keydir.conf

@@ -18,6 +18,10 @@ options {
 	directory ".";
 };
 
+key-store "test" {
+	directory "test.keystoredir";
+};
+
 zone dummy {
 	type primary;
 	file "xxxx";

lib/isccfg/check.c

@@ -1384,14 +1384,17 @@ check_options(const cfg_obj_t *options, const cfg_obj_t *config,
 			     element = cfg_list_next(element))
 			{
 				isc_result_t ret;
-				const char *name;
+				const char *val;
 				cfg_obj_t *kconfig = cfg_listelt_value(element);
+				const cfg_obj_t *kopt;
+				const cfg_obj_t *kobj = NULL;
 				if (!cfg_obj_istuple(kconfig)) {
 					continue;
 				}
-				name = cfg_obj_asstring(cfg_tuple_get(
+				val = cfg_obj_asstring(
-					cfg_listelt_value(element), "name"));
+					cfg_tuple_get(kconfig, "name"));
-				if (strcmp(DNS_KEYSTORE_KEYDIRECTORY, name) == 0) {
+				if (strcmp(DNS_KEYSTORE_KEYDIRECTORY, val) == 0)
+				{
 					cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
 						    "name '%s' not allowed",
 						    DNS_KEYSTORE_KEYDIRECTORY);
@@ -1400,6 +1403,45 @@ check_options(const cfg_obj_t *options, const cfg_obj_t *config,
 					}
 				}
 
+				kopt = cfg_tuple_get(kconfig, "options");
+				if (cfg_map_get(kopt, "directory", &kobj) ==
+				    ISC_R_SUCCESS) {
+					val = cfg_obj_asstring(kobj);
+					ret = isc_file_isdirectory(val);
+					switch (ret) {
+					case ISC_R_SUCCESS:
+						break;
+					case ISC_R_FILENOTFOUND:
+						cfg_obj_log(
+							obj, logctx,
+							ISC_LOG_WARNING,
+							"key-store directory: "
+							"'%s' does not exist",
+							val);
+						break;
+					case ISC_R_INVALIDFILE:
+						cfg_obj_log(
+							obj, logctx,
+							ISC_LOG_WARNING,
+							"key-store directory: "
+							"'%s' is not a "
+							"directory",
+							val);
+						break;
+					default:
+						cfg_obj_log(
+							obj, logctx,
+							ISC_LOG_WARNING,
+							"key-store directory: "
+							"'%s' %s",
+							val,
+							isc_result_totext(ret));
+						if (result == ISC_R_SUCCESS) {
+							result = ret;
+						}
+					}
+				}
+
 				ret = cfg_keystore_fromconfig(
 					kconfig, mctx, logctx, &kslist, &ks);
 				if (ret != ISC_R_SUCCESS) {