[master] check new-zones-directory

4789.	[cleanup]	Check writability of new-zones-directory. [RT #46308]

CHANGES

+4789.	[cleanup]	Check writability of new-zones-directory. [RT #46308]
+
 4788.	[cleanup]	When using "update-policy local", log a warning
 			when an update matching the session key is received
 			from a remote host. [RT #46213]

bin/named/server.c

@@ -7051,6 +7051,13 @@ setup_newzones(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
 				      dir, isc_result_totext(result));
 			return (result);
 		}
+		if (access(dir, DIR_PERM_OK) != 0) {
+			isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
+				      NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR,
+				      "new-zones-directory '%s' "
+				      "is not writable", dir);
+			return (ISC_R_NOPERM);
+		}
 
 		dns_view_setnewzonedir(view, dir);
 	}

bin/tests/system/runtime/ns2/named-alt6.conf

+/*
+ * Copyright (C) 2017  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+options {
+	new-zones-directory "./nope";
+	port 5300;
+	pid-file "../named.pid";
+	listen-on { 127.0.0.1; };
+	listen-on-v6 { none; };
+	recursion no;
+};

bin/tests/system/runtime/tests.sh

@@ -73,6 +73,17 @@ grep "managed-keys-directory './nope' is not writable" ns2/named.run > /dev/null
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
+n=`expr $n + 1`
+echo "I: checking that named refuses to reconfigure if new-zones-directory is not writable ($n)"
+ret=0
+cp -f ns2/named-alt6.conf ns2/named.conf
+$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reconfig > rndc.out.$n 2>&1
+grep "failed: permission denied" rndc.out.$n > /dev/null 2>&1 || ret=1
+sleep 1
+grep "new-zones-directory './nope' is not writable" ns2/named.run > /dev/null 2>&1 || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 n=`expr $n + 1`
 echo "I: checking that named refuses to start if working directory is not writable ($n)"
 ret=0

doc/arm/Bv9ARM-book.xml

@@ -4988,7 +4988,9 @@ badresp:1,adberr:0,findfail:0,valfail:0]
 		Specifies the directory in which to store the configuration
 		parameters for zones added via <command>rndc addzone</command>.
 		By default, this is the working directory. If set to a relative
-		path, it will be relative to the working directory.
+		path, it will be relative to the working directory. The
+		directory <emphasis>must</emphasis> be writable by the
+		effective user ID of the <command>named</command> process.
 	      </para>
 	    </listitem>
 	  </varlistentry>