warn when changing mode on .private files

3347.	[bug]		dnssec-settime: Issue a warning when writing a new
			private key file would cause a change in the
			permissions of the existing file. [RT #27724]

diff --git a/CHANGES b/CHANGES
index 6b4fa5dc5081fe6844deb5a9632bcc269dce22a0..93de4235ad56dd76902a4dc291a5d1ce79f3964d 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+3347.  [bug]           dnssec-settime: Issue a warning when writing a new 
+                       private key file would cause a change in the 
+                       permissions of the existing file. [RT #27724]
+
 3346.  [security]      Bad-cache data could be used before it was
                        initialized, causing an assert. [RT #30025]
 

diff --git a/bin/dnssec/dnssec-settime.c b/bin/dnssec/dnssec-settime.c
index a612790ce0e0b6b508176d1c0914876a1ff0098f..e4ba6d38fb9cd4cac4670058853ca64b70f75f1b 100644 (file)
--- a/bin/dnssec/dnssec-settime.c
+++ b/bin/dnssec/dnssec-settime.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2009-2011  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009-2012  Internet Systems Consortium, Inc. ("ISC")
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -38,6 +38,7 @@
 
 #include <dns/keyvalues.h>
 #include <dns/result.h>
+#include <dns/log.h>
 
 #include <dst/dst.h>
 
@@ -151,6 +152,7 @@ main(int argc, char **argv) {
        isc_boolean_t   force = ISC_FALSE;
        isc_boolean_t   epoch = ISC_FALSE;
        isc_boolean_t   changed = ISC_FALSE;
+       isc_log_t       *log = NULL;
 
        if (argc == 1)
                usage();
@@ -159,6 +161,8 @@ main(int argc, char **argv) {
        if (result != ISC_R_SUCCESS)
                fatal("Out of memory");
 
+       setup_logging(verbose, mctx, &log);
+
        dns_result_register();
 
        isc_commandline_errprint = ISC_FALSE;
@@ -578,6 +582,7 @@ main(int argc, char **argv) {
        cleanup_entropy(&ectx);
        if (verbose > 10)
                isc_mem_stats(mctx, stdout);
+       cleanup_logging(&log);
        isc_mem_free(mctx, directory);
        isc_mem_destroy(&mctx);
 

diff --git a/bin/tests/system/metadata/tests.sh b/bin/tests/system/metadata/tests.sh
index 0e68349d5555a890865e232cc1bea3201fce9aa8..b789933720dc2d67e97230ec91f1525d243d29e4 100644 (file)
--- a/bin/tests/system/metadata/tests.sh
+++ b/bin/tests/system/metadata/tests.sh
@@ -134,7 +134,7 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
-echo "I:checking update of an old-style key"
+echo "I:checking update of an old-style key ($n)"
 ret=0
 # printing metadata should not work with an old-style key
 $SETTIME -pall `cat oldstyle.key` > /dev/null 2>&1 && ret=1
@@ -145,5 +145,17 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
+echo "I:checking warning about permissions change on key with dnssec-settime ($n)"
+ret=0
+# settime should print a warning about changing the permissions
+chmod 644 `cat oldstyle.key`.private
+$SETTIME -P none `cat oldstyle.key` > tmp.out 2>&1 || ret=1
+grep "warning" tmp.out > /dev/null 2>&1 || ret=1
+$SETTIME -P none `cat oldstyle.key` > tmp.out 2>&1 || ret=1
+grep "warning" tmp.out > /dev/null 2>&1 && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:exit status: $status"
 exit $status

diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c
index c93dd59a8ed6baa1c46c284d002e1f878e302980..597c42dfb2b06eb58f98c7de627c2e1dafe50b6d 100644 (file)
--- a/lib/dns/dst_api.c
+++ b/lib/dns/dst_api.c
@@ -56,6 +56,7 @@
 #include <isc/string.h>
 #include <isc/time.h>
 #include <isc/util.h>
+#include <isc/file.h>
 
 #include <dns/fixedname.h>
 #include <dns/keyvalues.h>

diff --git a/lib/dns/dst_parse.c b/lib/dns/dst_parse.c
index bcd05fadd21a59b7c29d99142a9af9d6c801321c..eeb607f5e602458050e56375e007d10f0f7f4481 100644 (file)
--- a/lib/dns/dst_parse.c
+++ b/lib/dns/dst_parse.c
@@ -44,8 +44,10 @@
 #include <isc/stdtime.h>
 #include <isc/string.h>
 #include <isc/util.h>
+#include <isc/file.h>
 
 #include <dns/time.h>
+#include <dns/log.h>
 
 #include "dst_internal.h"
 #include "dst_parse.h"
@@ -530,7 +532,6 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,
                          const char *directory)
 {
        FILE *fp;
-       int ret, i;
        isc_result_t result;
        char filename[ISC_DIR_NAMEMAX];
        char buffer[MAXFIELDSIZE * 2];
@@ -540,6 +541,8 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,
        isc_buffer_t b;
        isc_region_t r;
        int major, minor;
+       mode_t mode;
+       int i, ret;
 
        REQUIRE(priv != NULL);
 
@@ -554,6 +557,17 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,
        if (result != ISC_R_SUCCESS)
                return (result);
 
+       result = isc_file_mode(filename, &mode);
+       if (result == ISC_R_SUCCESS && mode != 0600) {
+               /* File exists; warn that we are changing its permissions */
+               isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
+                             DNS_LOGMODULE_DNSSEC, ISC_LOG_WARNING,
+                             "Permissions on the file %s "
+                             "have changed from 0%o to 0600 as "
+                             "a result of this operation.",
+                             filename, mode);
+       }
+
        if ((fp = fopen(filename, "w")) == NULL)
                return (DST_R_WRITEERROR);
 

diff --git a/lib/isc/include/isc/file.h b/lib/isc/include/isc/file.h
index 893aec1f1b14b1a81becf9688cf7226762128616..41d7bfcb905e4b6c65faddd3c898368b6a515e6e 100644 (file)
--- a/lib/isc/include/isc/file.h
+++ b/lib/isc/include/isc/file.h
@@ -32,6 +32,9 @@ ISC_LANG_BEGINDECLS
 isc_result_t
 isc_file_settime(const char *file, isc_time_t *time);
 
+isc_result_t
+isc_file_mode(const char *file, mode_t *modep);
+
 isc_result_t
 isc_file_getmodtime(const char *file, isc_time_t *time);
 /*!<

diff --git a/lib/isc/unix/file.c b/lib/isc/unix/file.c
index 224f013fc1f25717771e6104e1ddf397f0995dfb..aa40c477dcf6fe551162b2115e0a1602472a0efd 100644 (file)
--- a/lib/isc/unix/file.c
+++ b/lib/isc/unix/file.c
@@ -97,6 +97,20 @@ file_stats(const char *file, struct stat *stats) {
        return (result);
 }
 
+isc_result_t
+isc_file_mode(const char *file, mode_t *modep) {
+       isc_result_t result;
+       struct stat stats;
+
+       REQUIRE(modep != NULL);
+
+       result = file_stats(file, &stats);
+       if (result == ISC_R_SUCCESS)
+               *modep = (stats.st_mode & 07777);
+
+       return (result);
+}
+
 isc_result_t
 isc_file_getmodtime(const char *file, isc_time_t *time) {
        isc_result_t result;

diff --git a/lib/isc/win32/file.c b/lib/isc/win32/file.c
index 738d505d8c4b5189fc29fabc561ddf4810a2b3b7..4edd37d9fa205b2b81423438b47fd78d32cc9dbe 100644 (file)
--- a/lib/isc/win32/file.c
+++ b/lib/isc/win32/file.c
@@ -600,3 +600,16 @@ isc_file_splitpath(isc_mem_t *mctx, char *path, char **dirname, char **basename)
 
        return (ISC_R_SUCCESS);
 }
+
+isc_result_t
+isc_file_mode(const char *file, mode_t *modep) {
+       isc_result_t result;
+       struct stat stats;
+
+       REQUIRE(modep != NULL);
+
+       result = file_stats(file, &stats);
+       if (result == ISC_R_SUCCESS)
+               *modep = (stats.st_mode & 07777);
+       return (result);
+}

diff --git a/lib/isc/win32/libisc.def b/lib/isc/win32/libisc.def
index aa4b36a585ae50cfa85bb60073fde125f9160332..7aac5d7743e7258fcbcf113862baaa894ac213b4 100644 (file)
--- a/lib/isc/win32/libisc.def
+++ b/lib/isc/win32/libisc.def
@@ -219,6 +219,7 @@ isc_file_ischdiridempotent
 isc_file_iscurrentdir
 isc_file_isplainfile
 isc_file_mktemplate
+isc_file_mode
 isc_file_openunique
 isc_file_progname
 isc_file_remove