From 32babe43eb479d2ae8736f9985a84d1b9d95a33a Mon Sep 17 00:00:00 2001
From: Scott Mann <smann@isc.org>
Date: Fri, 4 Mar 2011 14:07:03 +0000
Subject: [PATCH] Ensure that log files are plain files. (RT #22771)

---
 CHANGES                          |  3 ++
 bin/named/logconf.c              | 50 ++++++++++++++++++++------------
 bin/tests/system/conf.sh.in      | 10 +++----
 bin/tests/system/dnssec/clean.sh |  4 ++-
 bin/tests/system/start.pl        |  4 ++-
 lib/isc/include/isc/file.h       | 23 ++++++++++++++-
 lib/isc/unix/file.c              | 19 +++++++++++-
 lib/isc/unix/stdio.c             |  3 +-
 lib/isc/win32/file.c             | 19 +++++++++++-
 9 files changed, 105 insertions(+), 30 deletions(-)

diff --git a/CHANGES b/CHANGES
index d3fd78cd34..70e413908d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+3058.	[bug]		Cause named to terminate at startup or rndc reconfig/
+			reload to fail, if a log file specified in the conf
+			file isn't a plain file. (RT #22771]
 3057.	[bug]		"rndc secroots" would abort after the first error
 			and so could miss some views. [RT #23488]
 
diff --git a/bin/named/logconf.c b/bin/named/logconf.c
index e32496507e..9558ab2dd2 100644
--- a/bin/named/logconf.c
+++ b/bin/named/logconf.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: logconf.c,v 1.42 2007/06/19 23:46:59 tbox Exp $ */
+/* $Id: logconf.c,v 1.43 2011/03/04 14:07:03 smann Exp $ */
 
 /*! \file */
 
@@ -221,24 +221,36 @@ channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *lctx) {
 		FILE *fp;
 		
 		/*
-		 * Test that the file can be opened, since isc_log_open()
-		 * can't effectively report failures when called in
-		 * isc_log_doit().
-		 */
-		result = isc_stdio_open(dest.file.name, "a", &fp);
-		if (result != ISC_R_SUCCESS)
-			isc_log_write(ns_g_lctx, CFG_LOGCATEGORY_CONFIG,
-				      NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
-				      "logging channel '%s' file '%s': %s",
-				      channelname, dest.file.name,
-				      isc_result_totext(result));
-		else
-			(void)isc_stdio_close(fp);
-
-		/*
-		 * Allow named to continue by returning success.
-		 */
-		result = ISC_R_SUCCESS;
+		 * Test to make sure that file is a plain file.
+		 * Fix defect #22771
+		*/
+                result = isc_file_isplainfile(dest.file.name);
+                if (result == ISC_R_SUCCESS || 
+		    result == ISC_R_FILENOTFOUND) {
+			/*
+			 * Test that the file can be opened, since
+			 * isc_log_open() can't effectively report 
+			 * failures when called in
+			 * isc_log_doit().
+			 */
+			result = isc_stdio_open(dest.file.name, "a", &fp);
+			if (result != ISC_R_SUCCESS) {
+				syslog(LOG_ERR,
+					"isc_stdio_open '%s' failed: %s",
+					dest.file.name, 
+					isc_result_totext(result));
+				fprintf(stderr,
+					"isc_stdio_open '%s' failed: %s",
+					dest.file.name,
+					isc_result_totext(result));
+			} else
+				(void)isc_stdio_close(fp);
+		} else {
+			syslog(LOG_ERR, "isc_file_isplainfile '%s' failed: %s",
+				dest.file.name, isc_result_totext(result));
+			fprintf(stderr, "isc_file_isplainfile '%s' failed: %s",
+				dest.file.name, isc_result_totext(result));
+		}
 	}
 
 	return (result);
diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in
index c18a148e2f..48a287bafd 100644
--- a/bin/tests/system/conf.sh.in
+++ b/bin/tests/system/conf.sh.in
@@ -15,7 +15,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: conf.sh.in,v 1.63 2011/03/02 04:49:05 marka Exp $
+# $Id: conf.sh.in,v 1.64 2011/03/04 14:07:03 smann Exp $
 
 #
 # Common configuration data for system tests, to be sourced into
@@ -54,10 +54,10 @@ JOURNALPRINT=$TOP/bin/tools/named-journalprint
 # v6synth
 SUBDIRS="acl allow_query addzone autosign cacheclean checkconf checknames
 	 checkzone database dlv dlvauto @DLZ_SYSTEM_TEST@ dlzexternal dns64
-	 dnssec forward glue gost ixfr limits lwresd masterfile masterformat
-	 metadata notify nsupdate pending pkcs11 redirect resolver rpz
-	 rrsetorder sortlist smartsign staticstub stub tkey tsig tsiggss
-	 unknown upforwd views xfer xferquota zonechecks"
+	 dnssec forward glue gost ixfr limits logfileconfig lwresd masterfile
+	 masterformat metadata notify nsupdate pending pkcs11 redirect
+	 resolver rpz rrsetorder sortlist smartsign staticstub stub tkey tsig
+	 tsiggss unknown upforwd views xfer xferquota zonechecks"
 
 # PERL will be an empty string if no perl interpreter was found.
 PERL=@PERL@
diff --git a/bin/tests/system/dnssec/clean.sh b/bin/tests/system/dnssec/clean.sh
index 7d17676977..a869850381 100644
--- a/bin/tests/system/dnssec/clean.sh
+++ b/bin/tests/system/dnssec/clean.sh
@@ -15,7 +15,9 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: clean.sh,v 1.37 2011/02/28 14:21:34 fdupont Exp $
+# $Id: clean.sh,v 1.38 2011/03/04 14:07:03 smann Exp $
+
+exit
 
 rm -f */K* */keyset-* */dsset-* */dlvset-* */signedkey-* */*.signed
 rm -f */trusted.conf */managed.conf */tmp* */*.jnl */*.bk
diff --git a/bin/tests/system/start.pl b/bin/tests/system/start.pl
index 75b03d994a..e5d4409097 100644
--- a/bin/tests/system/start.pl
+++ b/bin/tests/system/start.pl
@@ -15,7 +15,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: start.pl,v 1.16 2010/09/15 12:07:55 marka Exp $
+# $Id: start.pl,v 1.17 2011/03/04 14:07:03 smann Exp $
 
 # Framework for starting test servers.
 # Based on the type of server specified, check for port availability, remove
@@ -33,6 +33,8 @@ use Getopt::Long;
 #   test - name of the test directory
 #   server - name of the server directory
 #   options - alternate options for the server
+#             NOTE: options must be specified with '-- "<option list>"',
+#              for instance: start.pl . ns1 -- "-c n.conf -d 43"
 
 my $usage = "usage: $0 [--noclean] test-directory [server-directory [server-options]]";
 my $noclean;
diff --git a/lib/isc/include/isc/file.h b/lib/isc/include/isc/file.h
index ec00145cf8..1697ab65a8 100644
--- a/lib/isc/include/isc/file.h
+++ b/lib/isc/include/isc/file.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: file.h,v 1.39 2011/01/11 23:47:14 tbox Exp $ */
+/* $Id: file.h,v 1.40 2011/03/04 14:07:03 smann Exp $ */
 
 #ifndef ISC_FILE_H
 #define ISC_FILE_H 1
@@ -185,6 +185,27 @@ isc_file_isabsolute(const char *filename);
  * \brief Return #ISC_TRUE if the given file name is absolute.
  */
 
+isc_result_t
+isc_file_isplainfile(const char *name);
+/*!<
+ * \brief Check that the file is a plain file
+ *
+ * Returns:
+ *\li	#ISC_R_SUCCESS
+ *		Success. The file is a plain file.
+ *\li	#ISC_R_INVALIDFILE
+ *		The path specified was not usable by the operating system.
+ *\li	#ISC_R_FILENOTFOUND
+ *		The file does not exist. This return code comes from
+ *		errno=ENOENT when stat returns -1. This code is mentioned
+ *		here, because in logconf.c, it is the one rcode that is
+ *		permitted in addition to ISC_R_SUCCESS. This is done since 
+ *		the next call in logconf.c is to isc_stdio_open(), which
+ *		will create the file if it can.
+ *\li	#other ISC_R_* errors translated from errno
+ *		These occur when stat returns -1 and an errno.
+ */
+
 isc_boolean_t
 isc_file_iscurrentdir(const char *filename);
 /*!<
diff --git a/lib/isc/unix/file.c b/lib/isc/unix/file.c
index c8db210ad7..85cc819ce2 100644
--- a/lib/isc/unix/file.c
+++ b/lib/isc/unix/file.c
@@ -48,7 +48,7 @@
  * SUCH DAMAGE.
  */
 
-/* $Id: file.c,v 1.57 2011/01/11 23:47:14 tbox Exp $ */
+/* $Id: file.c,v 1.58 2011/03/04 14:07:03 smann Exp $ */
 
 /*! \file */
 
@@ -348,6 +348,23 @@ isc_file_exists(const char *pathname) {
 	return (ISC_TF(file_stats(pathname, &stats) == ISC_R_SUCCESS));
 }
 
+isc_result_t
+isc_file_isplainfile(const char *filename) {
+	/*
+	 * This function returns success if filename is a plain file.
+	 */
+	struct stat filestat;
+	memset(&filestat,0,sizeof(struct stat));
+
+	if ((stat(filename, &filestat)) == -1)
+		return(isc__errno2result(errno));
+
+	if(! S_ISREG(filestat.st_mode))
+		return(ISC_R_INVALIDFILE);
+
+	return(ISC_R_SUCCESS);
+}
+
 isc_boolean_t
 isc_file_isabsolute(const char *filename) {
 	REQUIRE(filename != NULL);
diff --git a/lib/isc/unix/stdio.c b/lib/isc/unix/stdio.c
index 4e294dbc2f..d7f5316991 100644
--- a/lib/isc/unix/stdio.c
+++ b/lib/isc/unix/stdio.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: stdio.c,v 1.8 2007/06/19 23:47:18 tbox Exp $ */
+/* $Id: stdio.c,v 1.9 2011/03/04 14:07:03 smann Exp $ */
 
 #include <config.h>
 
@@ -23,6 +23,7 @@
 #include <unistd.h>
 
 #include <isc/stdio.h>
+#include <isc/stat.h>
 
 #include "errno2result.h"
 
diff --git a/lib/isc/win32/file.c b/lib/isc/win32/file.c
index 526af77dfc..25a7cda4a0 100644
--- a/lib/isc/win32/file.c
+++ b/lib/isc/win32/file.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: file.c,v 1.39 2011/01/13 06:36:04 marka Exp $ */
+/* $Id: file.c,v 1.40 2011/03/04 14:07:03 smann Exp $ */
 
 #include <config.h>
 
@@ -398,6 +398,23 @@ isc_file_exists(const char *pathname) {
 	return (ISC_TF(file_stats(pathname, &stats) == ISC_R_SUCCESS));
 }
 
+isc_result_t
+isc_file_isplainfile(const char *filename) {
+	/*
+	 * This function returns success if filename is a plain file.
+	 */
+	struct stat filestat;
+	memset(&filestat,0,sizeof(struct stat));
+
+	if ((stat(filename, &filestat)) == -1)
+		return(isc__errno2result(errno));
+
+	if(! S_ISREG(filestat.st_mode))
+		return(ISC_R_INVALIDFILE);
+
+	return(ISC_R_SUCCESS);
+}
+
 isc_boolean_t
 isc_file_isabsolute(const char *filename) {
 	REQUIRE(filename != NULL);