From: Evan Hunt Date: Fri, 20 Dec 2013 22:58:31 +0000 (-0800) Subject: [v9_8] warn if key-directory doesn't exist X-Git-Tag: v9.8.7rc1~25 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=2e2ec6d97496fb5703325315af8d37f03c370522;p=thirdparty%2Fbind9.git [v9_8] warn if key-directory doesn't exist 3694. [bug] Warn when a key-directory is configured for a zone, but does not exist or is not a directory. [RT #35109] (cherry picked from commit c14ba7107063650e7f4329e8c54adca57913381b) (cherry picked from commit 23541812260b4c0e8b5a32240146150a03f51035) --- diff --git a/CHANGES b/CHANGES index 1658e455a11..21f43ef6aa6 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +3694. [bug] Warn when a key-directory is configured for a zone, + but does not exist or is not a directory. [RT #35109] + 3693. [security] memcpy was incorrectly called with overlapping ranges resulting in malformed names being generated on some platforms. This could cause INSIST failures diff --git a/bin/tests/system/checkconf/clean.sh b/bin/tests/system/checkconf/clean.sh index 6a23edb18cb..76ad0de604d 100644 --- a/bin/tests/system/checkconf/clean.sh +++ b/bin/tests/system/checkconf/clean.sh @@ -17,3 +17,4 @@ # $Id: clean.sh,v 1.1.6.2 2011/05/07 05:53:23 each Exp $ rm -f good.conf.in good.conf.out badzero.conf +rm -rf test.keydir diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh index 84958911bb8..f626ef1da2c 100644 --- a/bin/tests/system/checkconf/tests.sh +++ b/bin/tests/system/checkconf/tests.sh @@ -102,5 +102,21 @@ done if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +echo "I: checking for missing key directory warning" +ret=0 +rm -rf test.keydir +n=`$CHECKCONF warn-keydir.conf 2>&1 | grep "'test.keydir' does not exist" | wc -l` +[ $n -eq 1 ] || ret=1 +touch test.keydir +n=`$CHECKCONF warn-keydir.conf 2>&1 | grep "'test.keydir' is not a directory" | wc -l` +[ $n -eq 1 ] || ret=1 +rm -f test.keydir +mkdir test.keydir +n=`$CHECKCONF warn-keydir.conf 2>&1 | grep "key-directory" | wc -l` +[ $n -eq 0 ] || ret=1 +rm -rf test.keydir +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + echo "I:exit status: $status" exit $status diff --git a/bin/tests/system/checkconf/warn-keydir.conf b/bin/tests/system/checkconf/warn-keydir.conf new file mode 100644 index 00000000000..3ee81182113 --- /dev/null +++ b/bin/tests/system/checkconf/warn-keydir.conf @@ -0,0 +1,28 @@ +/* + * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * key-directory defined but doesn't exist. + */ +options { + directory "."; +}; + +zone dummy { + type master; + file "xxxx"; + key-directory "test.keydir"; +}; diff --git a/lib/bind9/check.c b/lib/bind9/check.c index 7c975c9846a..d81c4671609 100644 --- a/lib/bind9/check.c +++ b/lib/bind9/check.c @@ -25,6 +25,7 @@ #include #include +#include #include #include #include @@ -1700,6 +1701,35 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions, } } + /* + * Warn if key-directory doesn't exist + */ + obj = NULL; + tresult = cfg_map_get(zoptions, "key-directory", &obj); + if (tresult == ISC_R_SUCCESS) { + const char *dir = cfg_obj_asstring(obj); + tresult = isc_file_isdirectory(dir); + switch (tresult) { + case ISC_R_SUCCESS: + break; + case ISC_R_FILENOTFOUND: + cfg_obj_log(obj, logctx, ISC_LOG_WARNING, + "key-directory: '%s' does not exist", + dir); + break; + case ISC_R_INVALIDFILE: + cfg_obj_log(obj, logctx, ISC_LOG_WARNING, + "key-directory: '%s' is not a directory", + dir); + break; + default: + cfg_obj_log(obj, logctx, ISC_LOG_WARNING, + "key-directory: '%s' %s", + dir, isc_result_totext(tresult)); + result = tresult; + } + } + /* * Check various options. */