+4769. [bug] The working directory and managed-keys directory has
+ to be writeable (and seekable). [RT #46077]
+
4768. [func] By default, memory is no longer filled with tag values
when it is allocated or freed; this improves
performance but makes debugging of certain memory
directory, isc_result_totext(result));
goto cleanup;
+ } else if (directory != NULL) {
+ if (access(directory, W_OK|X_OK) != 0) {
+ isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
+ NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR,
+ "managed-keys-directory '%s' "
+ "is not writable", directory);
+ result = ISC_R_NOPERM;
+ goto cleanup;
+ }
}
CHECK(add_keydata_zone(view, directory, named_g_mctx));
"option 'directory' contains relative path '%s'",
directory);
+ if (access(directory, W_OK|X_OK) != 0) {
+ isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
+ NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR,
+ "directory '%s' is not writable",
+ directory);
+ return (ISC_R_NOPERM);
+ }
+
result = isc_dir_chdir(directory);
if (result != ISC_R_SUCCESS) {
cfg_obj_log(obj, named_g_lctx, ISC_LOG_ERROR,
ns1 is the root server that offers new KSKs and hosts one record for
testing. The TTL for the zone's records is 2 seconds.
-ns2 is a validator uses managed-keys.
-"named -T rfc5011holddown=4" switch is used so it will attempt to do
-the automated updates frequently.
+ns2 is a validator that uses managed-keys. "-T mkeytimers=2/20/40"
+is used so it will attempt do automated updates frequently. "-T tat=1"
+is used so it will send TAT queries once per second.
ns3 is a validator with a broken key in managed-keys.
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+rm -f ns2/named.conf
rm -f */named.memstats
rm -f */named*.run
rm -f ns*/named.lock ns*/named*.pid ns*/other.lock
+rm -f *.pid
+rm -f rndc.out*
+[ -d ns2/nope ] && chmod 755 ns2/nope
+rm -rf ns2/nope
--- /dev/null
+/*
+ * Copyright (C) 2017 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+options {
+ directory "./nope";
+ port 5300;
+ pid-file "../named4.pid";
+ listen-on { 127.0.0.1; };
+ listen-on-v6 { none; };
+ recursion no;
+};
--- /dev/null
+/*
+ * Copyright (C) 2017 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+options {
+ managed-keys-directory "./nope";
+ port 5300;
+ pid-file "../named4.pid";
+ listen-on { 127.0.0.1; };
+ listen-on-v6 { none; };
+ recursion no;
+};
dnssec-enable no;
dnssec-validation no;
};
+
+key rndc_key {
+ secret "1234abcd8765";
+ algorithm hmac-sha256;
+};
+
+controls {
+ inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; };
+};
+
. $SYSTEMTESTTOP/conf.sh
$SHELL clean.sh
+
+cp ns2/named1.conf ns2/named.conf
+
+mkdir ns2/nope
+chmod 555 ns2/nope
status=`expr $status + $ret`
if [ ! "$CYGWIN" ]; then
-
-n=`expr $n + 1`
-echo "I:verifying that named checks for conflicting listeners ($n)"
-ret=0
-(cd ns2; $NAMED -c named-alt1.conf -D ns2-extra-1 -X other.lock -m record,size,mctx -d 99 -g -U 4 >> named2.run 2>&1 & )
-sleep 2
-grep "unable to listen on any configured interface" ns2/named2.run > /dev/null || ret=1
-[ -s ns2/named2.pid ] && $KILL -15 `cat ns2/named2.pid`
-if [ $ret != 0 ]; then echo "I:failed"; fi
-status=`expr $status + $ret`
-
+ n=`expr $n + 1`
+ echo "I:verifying that named checks for conflicting listeners ($n)"
+ ret=0
+ (cd ns2; $NAMED -c named-alt1.conf -D ns2-extra-1 -X other.lock -m record,size,mctx -d 99 -g -U 4 >> named2.run 2>&1 & )
+ sleep 2
+ grep "unable to listen on any configured interface" ns2/named2.run > /dev/null || ret=1
+ [ -s ns2/named2.pid ] && $KILL -15 `cat ns2/named2.pid`
+ if [ $ret != 0 ]; then echo "I:failed"; fi
+ status=`expr $status + $ret`
fi
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
+n=`expr $n + 1`
+echo "I: checking that named refuses to reconfigure if working directory is not writable ($n)"
+ret=0
+cp -f ns2/named-alt4.conf ns2/named.conf
+$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reconfig > rndc.out.$n 2>&1
+grep "failed: permission denied" rndc.out.$n > /dev/null 2>&1 || ret=1
+sleep 1
+grep "[^-]directory './nope' is not writable" ns2/named.run > /dev/null 2>&1 || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+n=`expr $n + 1`
+echo "I: checking that named refuses to reconfigure if managed-keys-directory is not writable ($n)"
+ret=0
+cp -f ns2/named-alt5.conf ns2/named.conf
+$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reconfig > rndc.out.$n 2>&1
+grep "failed: permission denied" rndc.out.$n > /dev/null 2>&1 || ret=1
+sleep 1
+grep "managed-keys-directory './nope' is not writable" ns2/named.run > /dev/null 2>&1 || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+n=`expr $n + 1`
+echo "I: checking that named refuses to start if working directory is not writable ($n)"
+ret=0
+cd ns2
+$NAMED -c named-alt4.conf -d 99 -g > named4.run 2>&1 &
+sleep 2
+grep "exiting (due to fatal error)" named4.run > /dev/null || ret=1
+[ -s named4.pid ] && kill -15 `cat named4.pid` > /dev/null 2>&1
+cd ..
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+n=`expr $n + 1`
+echo "I: checking that named refuses to start if managed-keys-directory is not writable ($n)"
+ret=0
+cd ns2
+$NAMED -c named-alt5.conf -d 99 -g > named5.run 2>&1 &
+sleep 2
+grep "exiting (due to fatal error)" named5.run > /dev/null || ret=1
+[ -s named5.pid ] && kill -15 `cat named5.pid` > /dev/null 2>&1
+cd ..
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
echo "I:exit status: $status"
[ $status -eq 0 ] || exit 1
<listitem>
<para>
The working directory of the server.
- Any non-absolute pathnames in the configuration file will be
- taken
- as relative to this directory. The default location for most
- server
- output files (e.g. <filename>named.run</filename>)
- is this directory.
+ Any non-absolute pathnames in the configuration file will
+ be taken as relative to this directory. The default
+ location for most server output files
+ (e.g. <filename>named.run</filename>) is this directory.
If a directory is not specified, the working directory
defaults to `<filename>.</filename>', the directory from
- which the server
- was started. The directory specified should be an absolute
- path.
+ which the server was started. The directory specified
+ should be an absolute path, and <emphasis>must</emphasis>
+ be writable by the effective user ID of the
+ <command>named</command> process.
</para>
</listitem>
</varlistentry>
<para>
Specifies the directory in which to store the files that
track managed DNSSEC keys. By default, this is the working
- directory.
+ directory. The directory <emphasis>must</emphasis>
+ be writable by the effective user ID of the
+ <command>named</command> process.
</para>
<para>
If <command>named</command> is not configured to use views,
anchor is now a fatal configuration error. [RT #46155]
</para>
</listitem>
+ <listitem>
+ <para>
+ <command>named</command> will no longer start or accept
+ reconfiguration if the working directory (specified by the
+ <command>directory</command> option) or the managed-keys
+ directory (specified by <command>managed-keys-directory</command>
+ are not writable by the effective user ID. [RT #46077]
+ </para>
+ </listitem>
<listitem>
<para>
Previously, <command>update-policy local;</command> accepted
if (result != ISC_R_SUCCESS) {
/* Parsing failed but no errors have been logged. */
- cfg_parser_error(pctx, 0, "parsing failed");
+ cfg_parser_error(pctx, 0, "parsing failed: %s",
+ isc_result_totext(result));
goto cleanup;
}
projects / thirdparty / bind9.git / commitdiff
