Conflicts:

lib/dns/dst_parse.c lib/isc/win32/file.c
2025-09-04 16:45:24 +00:00 · 2012-07-05 16:07:31 -05:00
parent a6143389f6
commit c514f38c80
7 changed files with 63 additions and 2 deletions
--- a/bin/dnssec/dnssec-settime.c
+++ b/bin/dnssec/dnssec-settime.c
@@ -38,6 +38,7 @@

 #include <dns/keyvalues.h>
 #include <dns/result.h>
+#include <dns/log.h>

 #include <dst/dst.h>

@@ -153,6 +154,7 @@ main(int argc, char **argv) {
 	isc_boolean_t	force = ISC_FALSE;
 	isc_boolean_t   epoch = ISC_FALSE;
 	isc_boolean_t   changed = ISC_FALSE;
+	isc_log_t       *log = NULL;

 	if (argc == 1)
 		usage();
@@ -161,6 +163,8 @@ main(int argc, char **argv) {
 	if (result != ISC_R_SUCCESS)
 		fatal("Out of memory");

+	setup_logging(verbose, mctx, &log);
+
 	dns_result_register();

 	isc_commandline_errprint = ISC_FALSE;
@@ -593,6 +597,7 @@ main(int argc, char **argv) {
 	cleanup_entropy(&ectx);
 	if (verbose > 10)
 		isc_mem_stats(mctx, stdout);
+	cleanup_logging(&log);
 	isc_mem_free(mctx, directory);
 	isc_mem_destroy(&mctx);

--- a/bin/tests/system/metadata/tests.sh
+++ b/bin/tests/system/metadata/tests.sh
@@ -134,7 +134,7 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

-echo "I:checking update of an old-style key"
+echo "I:checking update of an old-style key ($n)"
 ret=0
 # printing metadata should not work with an old-style key
 $SETTIME -pall `cat oldstyle.key` > /dev/null 2>&1 && ret=1
@@ -145,5 +145,17 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

+echo "I:checking warning about permissions change on key with dnssec-settime ($n)"
+ret=0
+# settime should print a warning about changing the permissions
+chmod 644 `cat oldstyle.key`.private
+$SETTIME -P none `cat oldstyle.key` > tmp.out 2>&1 || ret=1
+grep "warning" tmp.out > /dev/null 2>&1 || ret=1
+$SETTIME -P none `cat oldstyle.key` > tmp.out 2>&1 || ret=1
+grep "warning" tmp.out > /dev/null 2>&1 && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:exit status: $status"
 exit $status
--- a/lib/dns/dst_api.c
+++ b/lib/dns/dst_api.c
@@ -56,6 +56,7 @@
 #include <isc/string.h>
 #include <isc/time.h>
 #include <isc/util.h>
+#include <isc/file.h>

 #define DST_KEY_INTERNAL

--- a/lib/dns/dst_parse.c
+++ b/lib/dns/dst_parse.c
@@ -44,8 +44,10 @@
 #include <isc/stdtime.h>
 #include <isc/string.h>
 #include <isc/util.h>
+#include <isc/file.h>

 #include <dns/time.h>
+#include <dns/log.h>

 #include "dst_internal.h"
 #include "dst_parse.h"
@@ -557,7 +559,6 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,
 			  const char *directory)
 {
 	FILE *fp;
-	int ret, i;
 	isc_result_t result;
 	char filename[ISC_DIR_NAMEMAX];
 	char buffer[MAXFIELDSIZE * 2];
@@ -567,6 +568,8 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,
 	isc_buffer_t b;
 	isc_region_t r;
 	int major, minor;
+	mode_t mode;
+	int i;

 	REQUIRE(priv != NULL);

@@ -581,6 +584,17 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,
 	if (result != ISC_R_SUCCESS)
 		return (result);

+	result = isc_file_mode(filename, &mode);
+	if (result == ISC_R_SUCCESS && mode != 0600) {
+		/* File exists; warn that we are changing its permissions */
+		isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
+			      DNS_LOGMODULE_DNSSEC, ISC_LOG_WARNING,
+			      "Permissions on the file %s "
+			      "have changed from 0%o to 0600 as "
+			      "a result of this operation.",
+			      filename, mode);
+	}
+
 	if ((fp = fopen(filename, "w")) == NULL)
 		return (DST_R_WRITEERROR);

--- a/lib/isc/include/isc/file.h
+++ b/lib/isc/include/isc/file.h
@@ -32,6 +32,9 @@ ISC_LANG_BEGINDECLS
 isc_result_t
 isc_file_settime(const char *file, isc_time_t *time);

+isc_result_t
+isc_file_mode(const char *file, mode_t *modep);
+
 isc_result_t
 isc_file_getmodtime(const char *file, isc_time_t *time);
 /*!<
--- a/lib/isc/unix/file.c
+++ b/lib/isc/unix/file.c
@@ -128,6 +128,20 @@ isc_file_getsizefd(int fd, off_t *size) {
 	return (result);
 }

+isc_result_t
+isc_file_mode(const char *file, mode_t *modep) {
+	isc_result_t result;
+	struct stat stats;
+
+	REQUIRE(modep != NULL);
+
+	result = file_stats(file, &stats);
+	if (result == ISC_R_SUCCESS)
+		*modep = (stats.st_mode & 07777);
+
+	return (result);
+}
+
 isc_result_t
 isc_file_getmodtime(const char *file, isc_time_t *time) {
 	isc_result_t result;
--- a/lib/isc/win32/file.c
+++ b/lib/isc/win32/file.c
@@ -158,7 +158,19 @@ isc_file_getsizefd(int fd, off_t *size) {

 	if (result == ISC_R_SUCCESS)
 		*size = stats.st_size;
+	return (result);
+}

+isc_result_t
+isc_file_mode(const char *file, mode_t *modep) {
+	isc_result_t result;
+	struct stat stats;
+
+	REQUIRE(modep != NULL);
+
+	result = file_stats(file, &stats);
+	if (result == ISC_R_SUCCESS)
+		*modep = (stats.st_mode & 07777);
 	return (result);
 }