From 8b866ba8a0bd79addbeebb74919b63b8dbc21737 Mon Sep 17 00:00:00 2001 From: Aram Sargsyan Date: Tue, 24 Sep 2024 08:53:47 +0000 Subject: [PATCH 1/2] Do not ignore named_server_dumpdb() result code The named_server_dumpdb() function, which is called when a 'rndc dumpdb' command is issued, returns a 'isc_result_t' result code and it has been always ignored since its introduction in eb8713ed947fdf22a41dad673d561896dd6fe4a2, where it was still called ns_server_dumpdb(). The orignal reasoning is not preserved, but it could have been also a simple copy-paste mistake, as there are commands, which return 'void' and require manually setting 'result = ISC_R_SUCCESS;', as it was done here. Anyway, named will now return the actual result, and 'rndc' will report an error, when the 'dumpdb' command fails. --- bin/named/control.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/bin/named/control.c b/bin/named/control.c index a1a66a4eb3..a99ce1b850 100644 --- a/bin/named/control.c +++ b/bin/named/control.c @@ -214,8 +214,7 @@ named_control_docommand(isccc_sexpr_t *message, bool readonly, { result = named_server_dnstap(named_g_server, lex, text); } else if (command_compare(command, NAMED_COMMAND_DUMPDB)) { - named_server_dumpdb(named_g_server, lex, text); - result = ISC_R_SUCCESS; + result = named_server_dumpdb(named_g_server, lex, text); } else if (command_compare(command, NAMED_COMMAND_DUMPSTATS)) { result = named_server_dumpstats(named_g_server); } else if (command_compare(command, NAMED_COMMAND_FETCHLIMIT)) { From 63bddd71925b64eacb0517a0bca79a4d76ca27a4 Mon Sep 17 00:00:00 2001 From: Aram Sargsyan Date: Tue, 24 Sep 2024 09:49:04 +0000 Subject: [PATCH 2/2] Test 'rndc dumpdb' with an unwritable dump-file Check that with a preexisting dump file without a write permission no actual dump happens, and rndc returns an error result. Also add a couple of missing entries in the cleaning script. --- bin/tests/system/rndc/clean.sh | 3 +++ bin/tests/system/rndc/tests.sh | 10 ++++++++++ 2 files changed, 13 insertions(+) diff --git a/bin/tests/system/rndc/clean.sh b/bin/tests/system/rndc/clean.sh index 6b4f2fd894..3b959f5a9f 100644 --- a/bin/tests/system/rndc/clean.sh +++ b/bin/tests/system/rndc/clean.sh @@ -18,6 +18,7 @@ rm -f ns*/named.conf rm -f ns*/named.memstats rm -f ns*/named.run ns*/named.run.prev rm -f ns2/named.stats +rm -f ns2/named_dump.db* rm -f ns2/nil.db ns2/other.db ns2/static.db ns2/*.jnl rm -f ns2/secondkey.conf rm -f ns2/session.key @@ -29,5 +30,7 @@ rm -f ns6/huge.zone.db rm -f ns7/include.db ns7/test.db ns7/*.jnl rm -f ns7/named_dump.db* rm -f nsupdate.out.*.test* +rm -f nsupdate.out.test* rm -f python.out.*.test* rm -f rndc.out.*.test* +rm -f rndc.out.test* diff --git a/bin/tests/system/rndc/tests.sh b/bin/tests/system/rndc/tests.sh index ee9bd1c6b5..81f05a8cc7 100644 --- a/bin/tests/system/rndc/tests.sh +++ b/bin/tests/system/rndc/tests.sh @@ -324,6 +324,16 @@ $RNDC -s 10.53.0.2 -p ${CONTROLPORT} -c ns2/secondkey.conf status >/dev/null || if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) +n=$((n + 1)) +echo_i "test 'rndc dumpdb' with an unwritable dump-file ($n)" +ret=0 +touch ns2/named_dump.db +chmod -w ns2/named_dump.db +rndc_dumpdb ns2 2>/dev/null && ret=1 +grep -F "failed: permission denied" "rndc.out.test$n" >/dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + n=$((n + 1)) echo_i "test 'rndc dumpdb' on a empty cache ($n)" ret=0