[v9_10] disallow delzone on policiy zones

4311.	[bug]		Prevent "rndc delzone" from being used on
			response-policy zones. [RT #41593]

CHANGES

@@ -1,3 +1,6 @@
+4311.	[bug]		Prevent "rndc delzone" from being used on
+			response-policy zones. [RT #41593]
+
 4310.	[performance]	Use __builtin_expect() where available to annotate
 			conditions with known behavior. [RT #41411]
 

bin/named/server.c

@@ -9214,7 +9214,7 @@ inuse(const char* file, isc_boolean_t first, isc_buffer_t *text) {
  */
 isc_result_t
 ns_server_del_zone(ns_server_t *server, isc_lex_t *lex, isc_buffer_t *text) {
-	isc_result_t result;
+	isc_result_t result, tresult;
 	dns_zone_t *zone = NULL;
 	dns_zone_t *raw = NULL;
 	dns_zone_t *mayberaw;
@@ -9247,10 +9247,6 @@ ns_server_del_zone(ns_server_t *server, isc_lex_t *lex, isc_buffer_t *text) {
 		goto cleanup;
 	}
 
-	result = isc_task_beginexclusive(server->task);
-	RUNTIME_CHECK(result == ISC_R_SUCCESS);
-	exclusive = ISC_TRUE;
-
 	/*
 	 * Was this zone originally added at runtime?
 	 * If not, we can't delete it now.
@@ -9260,8 +9256,22 @@ ns_server_del_zone(ns_server_t *server, isc_lex_t *lex, isc_buffer_t *text) {
 		goto cleanup;
 	}
 
+	/* Is this a policy zone? */
+	if (dns_zone_get_rpz_num(zone) != DNS_RPZ_INVALID_NUM) {
+		TCHECK(putstr(text, "zone '"));
+		TCHECK(putstr(text, zonename));
+		TCHECK(putstr(text,
+			      "' cannot be deleted: response-policy zone."));
+		result = ISC_R_FAILURE;
+		goto cleanup;
+	}
+
 	znamelen = strlen(zonename);
 
+	result = isc_task_beginexclusive(server->task);
+	RUNTIME_CHECK(result == ISC_R_SUCCESS);
+	exclusive = ISC_TRUE;
+
 	/* Dig out configuration for this zone */
 	view = dns_zone_getview(zone);
 	filename = view->new_zone_file;
@@ -9392,8 +9402,6 @@ ns_server_del_zone(ns_server_t *server, isc_lex_t *lex, isc_buffer_t *text) {
 	dns_zone_getraw(zone, &raw);
 	mayberaw = (raw != NULL) ? raw : zone;
 	if (cleanup) {
-		isc_result_t tresult;
-
 		file = dns_zone_getfile(mayberaw);
 		if (isc_file_exists(file))
 			isc_file_remove(file);

bin/tests/system/addzone/ns2/named2.conf

@@ -14,8 +14,6 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named2.conf,v 1.5 2011/06/17 23:47:49 tbox Exp $ */
-
 controls { /* empty */ };
 
 include "../../common/controls.conf";
@@ -33,10 +31,17 @@ view internal {
 	allow-new-zones no;
         recursion yes;
 
+	response-policy { zone "policy"; };
+
 	zone "." {
 		type hint;
 		file "../../common/root.hint";
 	};
+
+	zone "policy" {
+		type master;
+		file "normal.db";
+	};
 };
 
 view external {
@@ -54,9 +59,9 @@ view external {
 acl match { none; };
 acl nobody { none; };
 view extra {
-        match-clients { match; };
-        allow-new-zones yes;
-        allow-transfer { nobody; };
-        allow-query { nobody; };
-        allow-recursion { nobody; };
+	match-clients { match; };
+	allow-new-zones yes;
+	allow-transfer { nobody; };
+	allow-query { nobody; };
+	allow-recursion { nobody; };
 };

bin/tests/system/addzone/tests.sh

@@ -14,8 +14,6 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: tests.sh,v 1.6 2011/06/17 23:47:49 tbox Exp $
-
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
@@ -303,6 +301,13 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
+echo "I:attempting to delete a policy zone ($n)"
+ret=0
+$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone 'policy in internal' 2>&1 | grep 'cannot be deleted' > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:ensure the configuration context is cleaned up correctly ($n)"
 ret=0
 $RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reconfig > /dev/null 2>&1 || ret=1