From: Evan Hunt <each@isc.org>
Date: Fri, 6 Jul 2012 01:05:12 +0000 (-0700)
Subject: warn when changing mode on .private files
X-Git-Tag: v9.7.7b1~34
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=364ecf0e5d938b5dbe2f7a8fd819e02a91eb3521;p=thirdparty%2Fbind9.git

warn when changing mode on .private files

3347.	[bug]		dnssec-settime: Issue a warning when writing a new
			private key file would cause a change in the
			permissions of the existing file. [RT #27724]
---

diff --git a/CHANGES b/CHANGES
index 6b4fa5dc508..93de4235ad5 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+3347.	[bug]		dnssec-settime: Issue a warning when writing a new 
+			private key file would cause a change in the 
+			permissions of the existing file. [RT #27724]
+
 3346.	[security]	Bad-cache data could be used before it was
 			initialized, causing an assert. [RT #30025]
 
diff --git a/bin/dnssec/dnssec-settime.c b/bin/dnssec/dnssec-settime.c
index a612790ce0e..e4ba6d38fb9 100644
--- a/bin/dnssec/dnssec-settime.c
+++ b/bin/dnssec/dnssec-settime.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2009-2011  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009-2012  Internet Systems Consortium, Inc. ("ISC")
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -38,6 +38,7 @@
 
 #include <dns/keyvalues.h>
 #include <dns/result.h>
+#include <dns/log.h>
 
 #include <dst/dst.h>
 
@@ -151,6 +152,7 @@ main(int argc, char **argv) {
 	isc_boolean_t	force = ISC_FALSE;
 	isc_boolean_t   epoch = ISC_FALSE;
 	isc_boolean_t   changed = ISC_FALSE;
+	isc_log_t       *log = NULL;
 
 	if (argc == 1)
 		usage();
@@ -159,6 +161,8 @@ main(int argc, char **argv) {
 	if (result != ISC_R_SUCCESS)
 		fatal("Out of memory");
 
+	setup_logging(verbose, mctx, &log);
+
 	dns_result_register();
 
 	isc_commandline_errprint = ISC_FALSE;
@@ -578,6 +582,7 @@ main(int argc, char **argv) {
 	cleanup_entropy(&ectx);
 	if (verbose > 10)
 		isc_mem_stats(mctx, stdout);
+	cleanup_logging(&log);
 	isc_mem_free(mctx, directory);
 	isc_mem_destroy(&mctx);
 
diff --git a/bin/tests/system/metadata/tests.sh b/bin/tests/system/metadata/tests.sh
index 0e68349d555..b789933720d 100644
--- a/bin/tests/system/metadata/tests.sh
+++ b/bin/tests/system/metadata/tests.sh
@@ -134,7 +134,7 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
-echo "I:checking update of an old-style key"
+echo "I:checking update of an old-style key ($n)"
 ret=0
 # printing metadata should not work with an old-style key
 $SETTIME -pall `cat oldstyle.key` > /dev/null 2>&1 && ret=1
@@ -145,5 +145,17 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
+echo "I:checking warning about permissions change on key with dnssec-settime ($n)"
+ret=0
+# settime should print a warning about changing the permissions
+chmod 644 `cat oldstyle.key`.private
+$SETTIME -P none `cat oldstyle.key` > tmp.out 2>&1 || ret=1
+grep "warning" tmp.out > /dev/null 2>&1 || ret=1
+$SETTIME -P none `cat oldstyle.key` > tmp.out 2>&1 || ret=1
+grep "warning" tmp.out > /dev/null 2>&1 && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:exit status: $status"
 exit $status
diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c
index c93dd59a8ed..597c42dfb2b 100644
--- a/lib/dns/dst_api.c
+++ b/lib/dns/dst_api.c
@@ -56,6 +56,7 @@
 #include <isc/string.h>
 #include <isc/time.h>
 #include <isc/util.h>
+#include <isc/file.h>
 
 #include <dns/fixedname.h>
 #include <dns/keyvalues.h>
diff --git a/lib/dns/dst_parse.c b/lib/dns/dst_parse.c
index bcd05fadd21..eeb607f5e60 100644
--- a/lib/dns/dst_parse.c
+++ b/lib/dns/dst_parse.c
@@ -44,8 +44,10 @@
 #include <isc/stdtime.h>
 #include <isc/string.h>
 #include <isc/util.h>
+#include <isc/file.h>
 
 #include <dns/time.h>
+#include <dns/log.h>
 
 #include "dst_internal.h"
 #include "dst_parse.h"
@@ -530,7 +532,6 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,
 			  const char *directory)
 {
 	FILE *fp;
-	int ret, i;
 	isc_result_t result;
 	char filename[ISC_DIR_NAMEMAX];
 	char buffer[MAXFIELDSIZE * 2];
@@ -540,6 +541,8 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,
 	isc_buffer_t b;
 	isc_region_t r;
 	int major, minor;
+	mode_t mode;
+	int i, ret;
 
 	REQUIRE(priv != NULL);
 
@@ -554,6 +557,17 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,
 	if (result != ISC_R_SUCCESS)
 		return (result);
 
+	result = isc_file_mode(filename, &mode);
+	if (result == ISC_R_SUCCESS && mode != 0600) {
+		/* File exists; warn that we are changing its permissions */
+		isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
+			      DNS_LOGMODULE_DNSSEC, ISC_LOG_WARNING,
+			      "Permissions on the file %s "
+			      "have changed from 0%o to 0600 as "
+			      "a result of this operation.",
+			      filename, mode);
+	}
+
 	if ((fp = fopen(filename, "w")) == NULL)
 		return (DST_R_WRITEERROR);
 
diff --git a/lib/isc/include/isc/file.h b/lib/isc/include/isc/file.h
index 893aec1f1b1..41d7bfcb905 100644
--- a/lib/isc/include/isc/file.h
+++ b/lib/isc/include/isc/file.h
@@ -32,6 +32,9 @@ ISC_LANG_BEGINDECLS
 isc_result_t
 isc_file_settime(const char *file, isc_time_t *time);
 
+isc_result_t
+isc_file_mode(const char *file, mode_t *modep);
+
 isc_result_t
 isc_file_getmodtime(const char *file, isc_time_t *time);
 /*!<
diff --git a/lib/isc/unix/file.c b/lib/isc/unix/file.c
index 224f013fc1f..aa40c477dcf 100644
--- a/lib/isc/unix/file.c
+++ b/lib/isc/unix/file.c
@@ -97,6 +97,20 @@ file_stats(const char *file, struct stat *stats) {
 	return (result);
 }
 
+isc_result_t
+isc_file_mode(const char *file, mode_t *modep) {
+	isc_result_t result;
+	struct stat stats;
+
+	REQUIRE(modep != NULL);
+
+	result = file_stats(file, &stats);
+	if (result == ISC_R_SUCCESS)
+		*modep = (stats.st_mode & 07777);
+
+	return (result);
+}
+
 isc_result_t
 isc_file_getmodtime(const char *file, isc_time_t *time) {
 	isc_result_t result;
diff --git a/lib/isc/win32/file.c b/lib/isc/win32/file.c
index 738d505d8c4..4edd37d9fa2 100644
--- a/lib/isc/win32/file.c
+++ b/lib/isc/win32/file.c
@@ -600,3 +600,16 @@ isc_file_splitpath(isc_mem_t *mctx, char *path, char **dirname, char **basename)
 
 	return (ISC_R_SUCCESS);
 }
+
+isc_result_t
+isc_file_mode(const char *file, mode_t *modep) {
+	isc_result_t result;
+	struct stat stats;
+
+	REQUIRE(modep != NULL);
+
+	result = file_stats(file, &stats);
+	if (result == ISC_R_SUCCESS)
+		*modep = (stats.st_mode & 07777);
+	return (result);
+}
diff --git a/lib/isc/win32/libisc.def b/lib/isc/win32/libisc.def
index aa4b36a585a..7aac5d7743e 100644
--- a/lib/isc/win32/libisc.def
+++ b/lib/isc/win32/libisc.def
@@ -219,6 +219,7 @@ isc_file_ischdiridempotent
 isc_file_iscurrentdir
 isc_file_isplainfile
 isc_file_mktemplate
+isc_file_mode
 isc_file_openunique
 isc_file_progname
 isc_file_remove