From d861c0943c9d2cd7a9064dbdee34b0ad5543d004 Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Mon, 1 Feb 2016 09:47:31 -0800
Subject: [PATCH] [v9_9] disallow delzone on policiy zones

4311.	[bug]		Prevent "rndc delzone" from being used on
			response-policy zones. [RT #41593]
---
 CHANGES                                  |  3 +++
 bin/named/server.c                       | 12 +++++++++++-
 bin/tests/system/addzone/ns2/named2.conf | 19 ++++++++++++-------
 bin/tests/system/addzone/tests.sh        |  9 +++++++--
 4 files changed, 33 insertions(+), 10 deletions(-)

diff --git a/CHANGES b/CHANGES
index 1fb06fb786..7b52587617 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+4311.	[bug]		Prevent "rndc delzone" from being used on
+			response-policy zones. [RT #41593]
+
 4310.	[performance]	Use __builtin_expect() where available to annotate
 			conditions with known behavior. [RT #41411]
 
diff --git a/bin/named/server.c b/bin/named/server.c
index 887dff900a..05c469ed3d 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -8616,7 +8616,7 @@ ns_server_add_zone(ns_server_t *server, char *args, isc_buffer_t *text) {
  */
 isc_result_t
 ns_server_del_zone(ns_server_t *server, isc_lex_t *lex, isc_buffer_t *text) {
-	isc_result_t result;
+	isc_result_t result, tresult;
 	dns_zone_t *zone = NULL;
 	dns_view_t *view = NULL;
 	dns_db_t *dbp = NULL;
@@ -8646,6 +8646,16 @@ ns_server_del_zone(ns_server_t *server, isc_lex_t *lex, isc_buffer_t *text) {
 		goto cleanup;
 	}
 
+	/* Is this a policy zone? */
+	if (dns_zone_get_rpz(zone)) {
+		TCHECK(putstr(text, "zone '"));
+		TCHECK(putstr(text, zonename));
+		TCHECK(putstr(text,
+			      "' cannot be deleted: response-policy zone."));
+		result = ISC_R_FAILURE;
+		goto cleanup;
+	}
+
 	znamelen = strlen(zonename);
 
 	/* Dig out configuration for this zone */
diff --git a/bin/tests/system/addzone/ns2/named2.conf b/bin/tests/system/addzone/ns2/named2.conf
index 2669aa0856..6d52f14f1d 100644
--- a/bin/tests/system/addzone/ns2/named2.conf
+++ b/bin/tests/system/addzone/ns2/named2.conf
@@ -14,8 +14,6 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named2.conf,v 1.5 2011/06/17 23:47:49 tbox Exp $ */
-
 controls { /* empty */ };
 
 include "../../common/controls.conf";
@@ -33,10 +31,17 @@ view internal {
 	allow-new-zones no;
         recursion yes;
 
+	response-policy { zone "policy"; };
+
 	zone "." {
 		type hint;
 		file "../../common/root.hint";
 	};
+
+	zone "policy" {
+		type master;
+		file "normal.db";
+	};
 };
 
 view external {
@@ -54,9 +59,9 @@ view external {
 acl match { none; };
 acl nobody { none; };
 view extra {
-        match-clients { match; };
-        allow-new-zones yes;
-        allow-transfer { nobody; };
-        allow-query { nobody; };
-        allow-recursion { nobody; };
+	match-clients { match; };
+	allow-new-zones yes;
+	allow-transfer { nobody; };
+	allow-query { nobody; };
+	allow-recursion { nobody; };
 };
diff --git a/bin/tests/system/addzone/tests.sh b/bin/tests/system/addzone/tests.sh
index 7059bc9211..1c9d642f03 100755
--- a/bin/tests/system/addzone/tests.sh
+++ b/bin/tests/system/addzone/tests.sh
@@ -14,8 +14,6 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: tests.sh,v 1.6 2011/06/17 23:47:49 tbox Exp $
-
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
@@ -251,6 +249,13 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
+echo "I:attempting to delete a policy zone ($n)"
+ret=0
+$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone 'policy in internal' 2>&1 | grep 'cannot be deleted' > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:ensure the configuration context is cleaned up correctly ($n)"
 ret=0
 $RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reconfig > /dev/null 2>&1 || ret=1