mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-01 15:05:23 +00:00
Code Issues Releases Wiki Activity

[master] check new-zones-directory

Browse Source 
4789.	[cleanup]	Check writability of new-zones-directory. [RT #46308]
This commit is contained in:
Evan Hunt
2017-10-25 01:19:46 -07:00
parent aebdc6cd7d
commit eb2ef7b53e
5 changed files with 39 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@@ -1,3 +1,5 @@
4789. [cleanup] Check writability of new-zones-directory. [RT #46308]
4788. [cleanup] When using "update-policy local", log a warning 4788. [cleanup] When using "update-policy local", log a warning
when an update matching the session key is received when an update matching the session key is received
from a remote host. [RT #46213] from a remote host. [RT #46213]

7
bin/named/server.c
View File

@@ -7051,6 +7051,13 @@ setup_newzones(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
dir, isc_result_totext(result)); dir, isc_result_totext(result));
return (result); return (result);
} }
if (access(dir, DIR_PERM_OK) != 0) {
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR,
"new-zones-directory '%s' "
"is not writable", dir);
return (ISC_R_NOPERM);
}
dns_view_setnewzonedir(view, dir); dns_view_setnewzonedir(view, dir);
} }

16
bin/tests/system/runtime/ns2/named-alt6.conf Normal file
View File

@@ -0,0 +1,16 @@
/*
* Copyright (C) 2017 Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
options {
new-zones-directory "./nope";
port 5300;
pid-file "../named.pid";
listen-on { 127.0.0.1; };
listen-on-v6 { none; };
recursion no;
};

11
bin/tests/system/runtime/tests.sh
View File

@@ -73,6 +73,17 @@ grep "managed-keys-directory './nope' is not writable" ns2/named.run > /dev/null
if [ $ret != 0 ]; then echo "I:failed"; fi if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret` status=`expr $status + $ret`
n=`expr $n + 1`
echo "I: checking that named refuses to reconfigure if new-zones-directory is not writable ($n)"
ret=0
cp -f ns2/named-alt6.conf ns2/named.conf
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reconfig > rndc.out.$n 2>&1
grep "failed: permission denied" rndc.out.$n > /dev/null 2>&1 || ret=1
sleep 1
grep "new-zones-directory './nope' is not writable" ns2/named.run > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1` n=`expr $n + 1`
echo "I: checking that named refuses to start if working directory is not writable ($n)" echo "I: checking that named refuses to start if working directory is not writable ($n)"
ret=0 ret=0

4
doc/arm/Bv9ARM-book.xml
View File

@@ -4988,7 +4988,9 @@ badresp:1,adberr:0,findfail:0,valfail:0]
Specifies the directory in which to store the configuration Specifies the directory in which to store the configuration
parameters for zones added via <command>rndc addzone</command>. parameters for zones added via <command>rndc addzone</command>.
By default, this is the working directory. If set to a relative By default, this is the working directory. If set to a relative
path, it will be relative to the working directory. path, it will be relative to the working directory. The
directory <emphasis>must</emphasis> be writable by the
effective user ID of the <command>named</command> process.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>