Commit eb2ef7b5 authored by Evan Hunt's avatar Evan Hunt
Browse files

[master] check new-zones-directory

4789.	[cleanup]	Check writability of new-zones-directory. [RT #46308]
parent aebdc6cd
4789. [cleanup] Check writability of new-zones-directory. [RT #46308]
4788. [cleanup] When using "update-policy local", log a warning
when an update matching the session key is received
from a remote host. [RT #46213]
......
......@@ -7051,6 +7051,13 @@ setup_newzones(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
dir, isc_result_totext(result));
return (result);
}
if (access(dir, DIR_PERM_OK) != 0) {
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR,
"new-zones-directory '%s' "
"is not writable", dir);
return (ISC_R_NOPERM);
}
dns_view_setnewzonedir(view, dir);
}
......
/*
* Copyright (C) 2017 Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
options {
new-zones-directory "./nope";
port 5300;
pid-file "../named.pid";
listen-on { 127.0.0.1; };
listen-on-v6 { none; };
recursion no;
};
......@@ -73,6 +73,17 @@ grep "managed-keys-directory './nope' is not writable" ns2/named.run > /dev/null
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo "I: checking that named refuses to reconfigure if new-zones-directory is not writable ($n)"
ret=0
cp -f ns2/named-alt6.conf ns2/named.conf
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reconfig > rndc.out.$n 2>&1
grep "failed: permission denied" rndc.out.$n > /dev/null 2>&1 || ret=1
sleep 1
grep "new-zones-directory './nope' is not writable" ns2/named.run > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo "I: checking that named refuses to start if working directory is not writable ($n)"
ret=0
......
......@@ -4988,7 +4988,9 @@ badresp:1,adberr:0,findfail:0,valfail:0]
Specifies the directory in which to store the configuration
parameters for zones added via <command>rndc addzone</command>.
By default, this is the working directory. If set to a relative
path, it will be relative to the working directory.
path, it will be relative to the working directory. The
directory <emphasis>must</emphasis> be writable by the
effective user ID of the <command>named</command> process.
</para>
</listitem>
</varlistentry>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment