Ensure that log files are plain files. (RT #22771)

CHANGES

@@ -1,3 +1,6 @@
+3058.	[bug]		Cause named to terminate at startup or rndc reconfig/
+			reload to fail, if a log file specified in the conf
+			file isn't a plain file. (RT #22771]
 3057.	[bug]		"rndc secroots" would abort after the first error
 			and so could miss some views. [RT #23488]
 

bin/named/logconf.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: logconf.c,v 1.42 2007/06/19 23:46:59 tbox Exp $ */
+/* $Id: logconf.c,v 1.43 2011/03/04 14:07:03 smann Exp $ */
 
 /*! \file */
 
@@ -221,24 +221,36 @@ channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *lctx) {
 		FILE *fp;
 		
 		/*
-		 * Test that the file can be opened, since isc_log_open()
+		 * Test to make sure that file is a plain file.
-		 * can't effectively report failures when called in
+		 * Fix defect #22771
+		*/
+                result = isc_file_isplainfile(dest.file.name);
+                if (result == ISC_R_SUCCESS || 
+		    result == ISC_R_FILENOTFOUND) {
+			/*
+			 * Test that the file can be opened, since
+			 * isc_log_open() can't effectively report 
+			 * failures when called in
 			 * isc_log_doit().
 			 */
 			result = isc_stdio_open(dest.file.name, "a", &fp);
-		if (result != ISC_R_SUCCESS)
+			if (result != ISC_R_SUCCESS) {
-			isc_log_write(ns_g_lctx, CFG_LOGCATEGORY_CONFIG,
+				syslog(LOG_ERR,
-				      NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
+					"isc_stdio_open '%s' failed: %s",
-				      "logging channel '%s' file '%s': %s",
+					dest.file.name, 
-				      channelname, dest.file.name,
 					isc_result_totext(result));
-		else
+				fprintf(stderr,
+					"isc_stdio_open '%s' failed: %s",
+					dest.file.name,
+					isc_result_totext(result));
+			} else
 				(void)isc_stdio_close(fp);
-
+		} else {
-		/*
+			syslog(LOG_ERR, "isc_file_isplainfile '%s' failed: %s",
-		 * Allow named to continue by returning success.
+				dest.file.name, isc_result_totext(result));
-		 */
+			fprintf(stderr, "isc_file_isplainfile '%s' failed: %s",
-		result = ISC_R_SUCCESS;
+				dest.file.name, isc_result_totext(result));
+		}
 	}
 
 	return (result);

bin/tests/system/conf.sh.in

@@ -15,7 +15,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: conf.sh.in,v 1.63 2011/03/02 04:49:05 marka Exp $
+# $Id: conf.sh.in,v 1.64 2011/03/04 14:07:03 smann Exp $
 
 #
 # Common configuration data for system tests, to be sourced into
@@ -54,10 +54,10 @@ JOURNALPRINT=$TOP/bin/tools/named-journalprint
 # v6synth
 SUBDIRS="acl allow_query addzone autosign cacheclean checkconf checknames
 	 checkzone database dlv dlvauto @DLZ_SYSTEM_TEST@ dlzexternal dns64
-	 dnssec forward glue gost ixfr limits lwresd masterfile masterformat
+	 dnssec forward glue gost ixfr limits logfileconfig lwresd masterfile
-	 metadata notify nsupdate pending pkcs11 redirect resolver rpz
+	 masterformat metadata notify nsupdate pending pkcs11 redirect
-	 rrsetorder sortlist smartsign staticstub stub tkey tsig tsiggss
+	 resolver rpz rrsetorder sortlist smartsign staticstub stub tkey tsig
-	 unknown upforwd views xfer xferquota zonechecks"
+	 tsiggss unknown upforwd views xfer xferquota zonechecks"
 
 # PERL will be an empty string if no perl interpreter was found.
 PERL=@PERL@

bin/tests/system/dnssec/clean.sh

@@ -15,7 +15,9 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: clean.sh,v 1.37 2011/02/28 14:21:34 fdupont Exp $
+# $Id: clean.sh,v 1.38 2011/03/04 14:07:03 smann Exp $
+
+exit
 
 rm -f */K* */keyset-* */dsset-* */dlvset-* */signedkey-* */*.signed
 rm -f */trusted.conf */managed.conf */tmp* */*.jnl */*.bk

bin/tests/system/start.pl

@@ -15,7 +15,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: start.pl,v 1.16 2010/09/15 12:07:55 marka Exp $
+# $Id: start.pl,v 1.17 2011/03/04 14:07:03 smann Exp $
 
 # Framework for starting test servers.
 # Based on the type of server specified, check for port availability, remove
@@ -33,6 +33,8 @@ use Getopt::Long;
 #   test - name of the test directory
 #   server - name of the server directory
 #   options - alternate options for the server
+#             NOTE: options must be specified with '-- "<option list>"',
+#              for instance: start.pl . ns1 -- "-c n.conf -d 43"
 
 my $usage = "usage: $0 [--noclean] test-directory [server-directory [server-options]]";
 my $noclean;

lib/isc/include/isc/file.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: file.h,v 1.39 2011/01/11 23:47:14 tbox Exp $ */
+/* $Id: file.h,v 1.40 2011/03/04 14:07:03 smann Exp $ */
 
 #ifndef ISC_FILE_H
 #define ISC_FILE_H 1
@@ -185,6 +185,27 @@ isc_file_isabsolute(const char *filename);
  * \brief Return #ISC_TRUE if the given file name is absolute.
  */
 
+isc_result_t
+isc_file_isplainfile(const char *name);
+/*!<
+ * \brief Check that the file is a plain file
+ *
+ * Returns:
+ *\li	#ISC_R_SUCCESS
+ *		Success. The file is a plain file.
+ *\li	#ISC_R_INVALIDFILE
+ *		The path specified was not usable by the operating system.
+ *\li	#ISC_R_FILENOTFOUND
+ *		The file does not exist. This return code comes from
+ *		errno=ENOENT when stat returns -1. This code is mentioned
+ *		here, because in logconf.c, it is the one rcode that is
+ *		permitted in addition to ISC_R_SUCCESS. This is done since 
+ *		the next call in logconf.c is to isc_stdio_open(), which
+ *		will create the file if it can.
+ *\li	#other ISC_R_* errors translated from errno
+ *		These occur when stat returns -1 and an errno.
+ */
+
 isc_boolean_t
 isc_file_iscurrentdir(const char *filename);
 /*!<

lib/isc/unix/file.c

@@ -48,7 +48,7 @@
  * SUCH DAMAGE.
  */
 
-/* $Id: file.c,v 1.57 2011/01/11 23:47:14 tbox Exp $ */
+/* $Id: file.c,v 1.58 2011/03/04 14:07:03 smann Exp $ */
 
 /*! \file */
 
@@ -348,6 +348,23 @@ isc_file_exists(const char *pathname) {
 	return (ISC_TF(file_stats(pathname, &stats) == ISC_R_SUCCESS));
 }
 
+isc_result_t
+isc_file_isplainfile(const char *filename) {
+	/*
+	 * This function returns success if filename is a plain file.
+	 */
+	struct stat filestat;
+	memset(&filestat,0,sizeof(struct stat));
+
+	if ((stat(filename, &filestat)) == -1)
+		return(isc__errno2result(errno));
+
+	if(! S_ISREG(filestat.st_mode))
+		return(ISC_R_INVALIDFILE);
+
+	return(ISC_R_SUCCESS);
+}
+
 isc_boolean_t
 isc_file_isabsolute(const char *filename) {
 	REQUIRE(filename != NULL);

lib/isc/unix/stdio.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: stdio.c,v 1.8 2007/06/19 23:47:18 tbox Exp $ */
+/* $Id: stdio.c,v 1.9 2011/03/04 14:07:03 smann Exp $ */
 
 #include <config.h>
 
@@ -23,6 +23,7 @@
 #include <unistd.h>
 
 #include <isc/stdio.h>
+#include <isc/stat.h>
 
 #include "errno2result.h"
 

lib/isc/win32/file.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: file.c,v 1.39 2011/01/13 06:36:04 marka Exp $ */
+/* $Id: file.c,v 1.40 2011/03/04 14:07:03 smann Exp $ */
 
 #include <config.h>
 
@@ -398,6 +398,23 @@ isc_file_exists(const char *pathname) {
 	return (ISC_TF(file_stats(pathname, &stats) == ISC_R_SUCCESS));
 }
 
+isc_result_t
+isc_file_isplainfile(const char *filename) {
+	/*
+	 * This function returns success if filename is a plain file.
+	 */
+	struct stat filestat;
+	memset(&filestat,0,sizeof(struct stat));
+
+	if ((stat(filename, &filestat)) == -1)
+		return(isc__errno2result(errno));
+
+	if(! S_ISREG(filestat.st_mode))
+		return(ISC_R_INVALIDFILE);
+
+	return(ISC_R_SUCCESS);
+}
+
 isc_boolean_t
 isc_file_isabsolute(const char *filename) {
 	REQUIRE(filename != NULL);