]> git.ipfire.org Git - thirdparty/pdns.git/blame - pdns/ws-auth.cc
projects / thirdparty / pdns.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge pull request #5883 from pieterlexis/issue-5853-pdnsutil-clobber-metadata
[thirdparty/pdns.git] / pdns / ws-auth.cc
CommitLineData
12c86877 1/*
6edbf68a
PL		 2 * This file is part of PowerDNS or dnsdist.
3 * Copyright -- PowerDNS.COM B.V. and its contributors
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of version 2 of the GNU General Public License as
7 * published by the Free Software Foundation.
8 *
9 * In addition, for the avoidance of any doubt, permission is granted to
10 * link this program with OpenSSL and to (re)distribute the binaries
11 * produced as the result of such linking.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
870a0fe4
AT		 22#ifdef HAVE_CONFIG_H
23#include "config.h"
24#endif
9054d8a4 25#include "utility.hh"
d267d1bf 26#include "dynlistener.hh"
2470b36e 27#include "ws-auth.hh"
e611a06c 28#include "json.hh"
12c86877
BH		 29#include "webserver.hh"
30#include "logger.hh"
31#include "statbag.hh"
32#include "misc.hh"
33#include "arguments.hh"
34#include "dns.hh"
6cc98ddf 35#include "comment.hh"
e611a06c 36#include "ueberbackend.hh"
dcc65f25 37#include <boost/format.hpp>
fa8fd4d2 38
9ac4a7c6 39#include "namespaces.hh"
6ec5e728 40#include "ws-api.hh"
ba1a571d 41#include "version.hh"
d29d5db7 42#include "dnsseckeeper.hh"
3c3c006b 43#include <iomanip>
0f0e73fe 44#include "zoneparser-tng.hh"
a426cb89 45#include "common_startup.hh"
bf269e28 46#include "auth-caches.hh"
8537b9f0 47
24afabad 48using json11::Json;
12c86877
BH		 49
50extern StatBag S;
51
f63168e6 52static void patchZone(HttpRequest* req, HttpResponse* resp);
995473c8 53static void storeChangedPTRs(UeberBackend& B, vector<DNSResourceRecord>& new_ptrs);
f63168e6
CH		 54static void makePtr(const DNSResourceRecord& rr, DNSResourceRecord* ptr);
55
dea47634 56AuthWebServer::AuthWebServer()
12c86877
BH		 57{
58 d_start=time(0);
96d299db 59 d_min10=d_min5=d_min1=0;
c81c2ea8 60 d_ws = 0;
f17c93b4 61 d_tid = 0;
536ab56f 62 if(arg().mustDo("webserver") || arg().mustDo("api")) {
bbef8f04 63 d_ws = new WebServer(arg()["webserver-address"], arg().asNum("webserver-port"));
825fa717
CH		 64 d_ws->bind();
65 }
12c86877
BH		 66}
67
dea47634 68void AuthWebServer::go()
12c86877 69{
536ab56f
CH		 70 S.doRings();
71 pthread_create(&d_tid, 0, webThreadHelper, this);
72 pthread_create(&d_tid, 0, statThreadHelper, this);
12c86877
BH		 73}
74
dea47634 75void AuthWebServer::statThread()
12c86877
BH		 76{
77 try {
78 for(;;) {
79 d_queries.submit(S.read("udp-queries"));
80 d_cachehits.submit(S.read("packetcache-hit"));
81 d_cachemisses.submit(S.read("packetcache-miss"));
82 d_qcachehits.submit(S.read("query-cache-hit"));
83 d_qcachemisses.submit(S.read("query-cache-miss"));
84 Utility::sleep(1);
85 }
86 }
87 catch(...) {
88 L<<Logger::Error<<"Webserver statThread caught an exception, dying"<<endl;
5bd2ea7b 89 _exit(1);
12c86877
BH		 90 }
91}
92
dea47634 93void *AuthWebServer::statThreadHelper(void *p)
12c86877 94{
dea47634
CH		 95 AuthWebServer *self=static_cast<AuthWebServer *>(p);
96 self->statThread();
12c86877
BH		 97 return 0; // never reached
98}
99
dea47634 100void *AuthWebServer::webThreadHelper(void *p)
12c86877 101{
dea47634
CH		 102 AuthWebServer *self=static_cast<AuthWebServer *>(p);
103 self->webThread();
12c86877
BH		 104 return 0; // never reached
105}
106
9f3fdaa0
CH		 107static string htmlescape(const string &s) {
108 string result;
109 for(string::const_iterator it=s.begin(); it!=s.end(); ++it) {
110 switch (*it) {
111 case '&':
c86a96f9 112 result += "&amp;";
9f3fdaa0
CH		 113 break;
114 case '<':
115 result += "&lt;";
116 break;
117 case '>':
118 result += "&gt;";
119 break;
c7f59d62
PL		 120 case '"':
121 result += "&quot;";
122 break;
9f3fdaa0
CH		 123 default:
124 result += *it;
125 }
126 }
127 return result;
128}
129
12c86877
BH		 130void printtable(ostringstream &ret, const string &ringname, const string &title, int limit=10)
131{
132 int tot=0;
133 int entries=0;
101b5d5d 134 vector<pair <string,unsigned int> >ring=S.getRing(ringname);
12c86877 135
1071abdd 136 for(vector<pair<string, unsigned int> >::const_iterator i=ring.begin(); i!=ring.end();++i) {
12c86877
BH		 137 tot+=i->second;
138 entries++;
139 }
140
1071abdd 141 ret<<"<div class=\"panel\">";
c7f59d62 142 ret<<"<span class=resetring><i></i><a href=\"?resetring="<<htmlescape(ringname)<<"\">Reset</a></span>"<<endl;
1071abdd
CH		 143 ret<<"<h2>"<<title<<"</h2>"<<endl;
144 ret<<"<div class=ringmeta>";
c7f59d62 145 ret<<"<a class=topXofY href=\"?ring="<<htmlescape(ringname)<<"\">Showing: Top "<<limit<<" of "<<entries<<"</a>"<<endl;
1071abdd 146 ret<<"<span class=resizering>Resize: ";
bb3c3f50 147 unsigned int sizes[]={10,100,500,1000,10000,500000,0};
12c86877
BH		 148 for(int i=0;sizes[i];++i) {
149 if(S.getRingSize(ringname)!=sizes[i])
c7f59d62 150 ret<<"<a href=\"?resizering="<<htmlescape(ringname)<<"&amp;size="<<sizes[i]<<"\">"<<sizes[i]<<"</a> ";
12c86877
BH		 151 else
152 ret<<"("<<sizes[i]<<") ";
153 }
1071abdd 154 ret<<"</span></div>";
12c86877 155
1071abdd 156 ret<<"<table class=\"data\">";
12c86877 157 int printed=0;
f5cb7e61 158 int total=max(1,tot);
bb3c3f50 159 for(vector<pair<string,unsigned int> >::const_iterator i=ring.begin();limit && i!=ring.end();++i,--limit) {
dea47634 160 ret<<"<tr><td>"<<htmlescape(i->first)<<"</td><td>"<<i->second<<"</td><td align=right>"<< AuthWebServer::makePercentage(i->second*100.0/total)<<"</td>"<<endl;
12c86877
BH		 161 printed+=i->second;
162 }
163 ret<<"<tr><td colspan=3></td></tr>"<<endl;
164 if(printed!=tot)
dea47634 165 ret<<"<tr><td><b>Rest:</b></td><td><b>"<<tot-printed<<"</b></td><td align=right><b>"<< AuthWebServer::makePercentage((tot-printed)*100.0/total)<<"</b></td>"<<endl;
12c86877 166
e2a77e08 167 ret<<"<tr><td><b>Total:</b></td><td><b>"<<tot<<"</b></td><td align=right><b>100%</b></td>";
1071abdd 168 ret<<"</table></div>"<<endl;
12c86877
BH		 169}
170
dea47634 171void AuthWebServer::printvars(ostringstream &ret)
12c86877 172{
1071abdd 173 ret<<"<div class=panel><h2>Variables</h2><table class=\"data\">"<<endl;
12c86877
BH		 174
175 vector<string>entries=S.getEntries();
176 for(vector<string>::const_iterator i=entries.begin();i!=entries.end();++i) {
177 ret<<"<tr><td>"<<*i<<"</td><td>"<<S.read(*i)<<"</td><td>"<<S.getDescrip(*i)<<"</td>"<<endl;
178 }
e2a77e08 179
1071abdd 180 ret<<"</table></div>"<<endl;
12c86877
BH		 181}
182
dea47634 183void AuthWebServer::printargs(ostringstream &ret)
12c86877 184{
e2a77e08 185 ret<<"<table border=1><tr><td colspan=3 bgcolor=\"#0000ff\"><font color=\"#ffffff\">Arguments</font></td>"<<endl;
12c86877
BH		 186
187 vector<string>entries=arg().list();
188 for(vector<string>::const_iterator i=entries.begin();i!=entries.end();++i) {
189 ret<<"<tr><td>"<<*i<<"</td><td>"<<arg()[*i]<<"</td><td>"<<arg().getHelp(*i)<<"</td>"<<endl;
190 }
191}
192
dea47634 193string AuthWebServer::makePercentage(const double& val)
b6f57093
BH		 194{
195 return (boost::format("%.01f%%") % val).str();
196}
197
dea47634 198void AuthWebServer::indexfunction(HttpRequest* req, HttpResponse* resp)
12c86877 199{
583ea80d
CH		 200 if(!req->getvars["resetring"].empty()) {
201 if (S.ringExists(req->getvars["resetring"]))
202 S.resetRing(req->getvars["resetring"]);
d7b8730e 203 resp->status = 302;
0665b7e6 204 resp->headers["Location"] = req->url.path;
80d59cd1 205 return;
12c86877 206 }
583ea80d 207 if(!req->getvars["resizering"].empty()){
335da0ba 208 int size=std::stoi(req->getvars["size"]);
583ea80d 209 if (S.ringExists(req->getvars["resizering"]) && size > 0 && size <= 500000)
335da0ba 210 S.resizeRing(req->getvars["resizering"], std::stoi(req->getvars["size"]));
d7b8730e 211 resp->status = 302;
0665b7e6 212 resp->headers["Location"] = req->url.path;
80d59cd1 213 return;
12c86877
BH		 214 }
215
216 ostringstream ret;
217
1071abdd
CH		 218 ret<<"<!DOCTYPE html>"<<endl;
219 ret<<"<html><head>"<<endl;
220 ret<<"<title>PowerDNS Authoritative Server Monitor</title>"<<endl;
221 ret<<"<link rel=\"stylesheet\" href=\"style.css\"/>"<<endl;
222 ret<<"</head><body>"<<endl;
223
224 ret<<"<div class=\"row\">"<<endl;
225 ret<<"<div class=\"headl columns\">";
a1caa8b8 226 ret<<"<a href=\"/\" id=\"appname\">PowerDNS "<<htmlescape(VERSION);
1071abdd 227 if(!arg()["config-name"].empty()) {
a1caa8b8 228 ret<<" ["<<htmlescape(arg()["config-name"])<<"]";
1071abdd
CH		 229 }
230 ret<<"</a></div>"<<endl;
231 ret<<"<div class=\"headr columns\"></div></div>";
232 ret<<"<div class=\"row\"><div class=\"all columns\">";
12c86877
BH		 233
234 time_t passed=time(0)-s_starttime;
235
e2a77e08
KM		 236 ret<<"<p>Uptime: "<<
237 humanDuration(passed)<<
238 "<br>"<<endl;
12c86877 239
395b07ea 240 ret<<"Queries/second, 1, 5, 10 minute averages: "<<std::setprecision(3)<<
3e1cd1f4 241 (int)d_queries.get1()<<", "<<
242 (int)d_queries.get5()<<", "<<
243 (int)d_queries.get10()<<". Max queries/second: "<<(int)d_queries.getMax()<<
12c86877 244 "<br>"<<endl;
1d6b70f9 245
f6154a3b 246 if(d_cachemisses.get10()+d_cachehits.get10()>0)
b6f57093 247 ret<<"Cache hitrate, 1, 5, 10 minute averages: "<<
f6154a3b
CH		 248 makePercentage((d_cachehits.get1()*100.0)/((d_cachehits.get1())+(d_cachemisses.get1())))<<", "<<
249 makePercentage((d_cachehits.get5()*100.0)/((d_cachehits.get5())+(d_cachemisses.get5())))<<", "<<
250 makePercentage((d_cachehits.get10()*100.0)/((d_cachehits.get10())+(d_cachemisses.get10())))<<
b6f57093 251 "<br>"<<endl;
12c86877 252
f6154a3b 253 if(d_qcachemisses.get10()+d_qcachehits.get10()>0)
395b07ea 254 ret<<"Backend query cache hitrate, 1, 5, 10 minute averages: "<<std::setprecision(2)<<
f6154a3b
CH		 255 makePercentage((d_qcachehits.get1()*100.0)/((d_qcachehits.get1())+(d_qcachemisses.get1())))<<", "<<
256 makePercentage((d_qcachehits.get5()*100.0)/((d_qcachehits.get5())+(d_qcachemisses.get5())))<<", "<<
257 makePercentage((d_qcachehits.get10()*100.0)/((d_qcachehits.get10())+(d_qcachemisses.get10())))<<
b6f57093 258 "<br>"<<endl;
12c86877 259
395b07ea 260 ret<<"Backend query load, 1, 5, 10 minute averages: "<<std::setprecision(3)<<
3e1cd1f4 261 (int)d_qcachemisses.get1()<<", "<<
262 (int)d_qcachemisses.get5()<<", "<<
263 (int)d_qcachemisses.get10()<<". Max queries/second: "<<(int)d_qcachemisses.getMax()<<
12c86877
BH		 264 "<br>"<<endl;
265
1071abdd 266 ret<<"Total queries: "<<S.read("udp-queries")<<". Question/answer latency: "<<S.read("latency")/1000.0<<"ms</p><br>"<<endl;
583ea80d 267 if(req->getvars["ring"].empty()) {
12c86877
BH		 268 vector<string>entries=S.listRings();
269 for(vector<string>::const_iterator i=entries.begin();i!=entries.end();++i)
270 printtable(ret,*i,S.getRingTitle(*i));
271
f6154a3b 272 printvars(ret);
12c86877 273 if(arg().mustDo("webserver-print-arguments"))
f6154a3b 274 printargs(ret);
12c86877 275 }
bea69e32 276 else if(S.ringExists(req->getvars["ring"]))
583ea80d 277 printtable(ret,req->getvars["ring"],S.getRingTitle(req->getvars["ring"]),100);
12c86877 278
1071abdd 279 ret<<"</div></div>"<<endl;
ff8f70b8 280 ret<<"<footer class=\"row\">"<<fullVersionString()<<"<br>&copy; 2013 - 2017 <a href=\"http://www.powerdns.com/\">PowerDNS.COM BV</a>.</footer>"<<endl;
12c86877
BH		 281 ret<<"</body></html>"<<endl;
282
80d59cd1 283 resp->body = ret.str();
61f5d289 284 resp->status = 200;
12c86877
BH		 285}
286
1d6b70f9
CH		 287/** Helper to build a record content as needed. */
288static inline string makeRecordContent(const QType& qtype, const string& content, bool noDot) {
289 // noDot: for backend storage, pass true. for API users, pass false.
9a2c1e06 290 auto drc = DNSRecordContent::makeunique(qtype.getCode(), QClass::IN, content);
7fe1a82b 291 return drc->getZoneRepresentation(noDot);
1d6b70f9
CH		 292}
293
294/** "Normalize" record content for API consumers. */
295static inline string makeApiRecordContent(const QType& qtype, const string& content) {
296 return makeRecordContent(qtype, content, false);
297}
298
299/** "Normalize" record content for backend storage. */
300static inline string makeBackendRecordContent(const QType& qtype, const string& content) {
301 return makeRecordContent(qtype, content, true);
302}
303
ce846be6 304static Json::object getZoneInfo(const DomainInfo& di, DNSSECKeeper *dk) {
290a083d 305 string zoneId = apiZoneNameToId(di.zone);
62a9a74c
CH		 306 return Json::object {
307 // id is the canonical lookup key, which doesn't actually match the name (in some cases)
308 { "id", zoneId },
16e25450 309 { "url", "/api/v1/servers/localhost/zones/" + zoneId },
62a9a74c
CH		 310 { "name", di.zone.toString() },
311 { "kind", di.getKindString() },
ce846be6 312 { "dnssec", dk->isSecuredZone(di.zone) },
62a9a74c
CH		 313 { "account", di.account },
314 { "masters", di.masters },
315 { "serial", (double)di.serial },
316 { "notified_serial", (double)di.notified_serial },
317 { "last_check", (double)di.last_check }
318 };
c04b5870
CH		 319}
320
986e4858
PL		 321static bool shouldDoRRSets(HttpRequest* req) {
322 if (req->getvars.count("rrsets") == 0 || req->getvars["rrsets"] == "true")
323 return true;
324 if (req->getvars["rrsets"] == "false")
325 return false;
326 throw ApiException("'rrsets' request parameter value '"+req->getvars["rrsets"]+"' is not supported");
327}
328
329static void fillZone(const DNSName& zonename, HttpResponse* resp, bool doRRSets) {
1abb81f4 330 UeberBackend B;
1abb81f4 331 DomainInfo di;
73301d73 332 if(!B.getDomainInfo(zonename, di))
290a083d 333 throw ApiException("Could not find domain '"+zonename.toString()+"'");
1abb81f4 334
adef67eb 335 DNSSECKeeper dk(&B);
ce846be6 336 Json::object doc = getZoneInfo(di, &dk);
62a9a74c 337 // extra stuff getZoneInfo doesn't do for us (more expensive)
d29d5db7
CH		 338 string soa_edit_api;
339 di.backend->getDomainMetadataOne(zonename, "SOA-EDIT-API", soa_edit_api);
62a9a74c 340 doc["soa_edit_api"] = soa_edit_api;
6bb25159
MS		 341 string soa_edit;
342 di.backend->getDomainMetadataOne(zonename, "SOA-EDIT", soa_edit);
62a9a74c 343 doc["soa_edit"] = soa_edit;
986e4858
PL		 344 string nsec3param;
345 di.backend->getDomainMetadataOne(zonename, "NSEC3PARAM", nsec3param);
346 doc["nsec3param"] = nsec3param;
347 string nsec3narrow;
348 bool nsec3narrowbool = false;
349 di.backend->getDomainMetadataOne(zonename, "NSEC3NARROW", nsec3narrow);
350 if (nsec3narrow == "1")
351 nsec3narrowbool = true;
352 doc["nsec3narrow"] = nsec3narrowbool;
353
354 string api_rectify;
355 di.backend->getDomainMetadataOne(zonename, "API-RECTIFY", api_rectify);
356 doc["api_rectify"] = (api_rectify == "1");
357
358 if (doRRSets) {
359 vector<DNSResourceRecord> records;
360 vector<Comment> comments;
361
362 // load all records + sort
363 {
364 DNSResourceRecord rr;
365 di.backend->list(zonename, di.id, true); // incl. disabled
366 while(di.backend->get(rr)) {
367 if (!rr.qtype.getCode())
368 continue; // skip empty non-terminals
369 records.push_back(rr);
370 }
371 sort(records.begin(), records.end(), [](const DNSResourceRecord& a, const DNSResourceRecord& b) {
372 if (a.qname == b.qname) {
373 return b.qtype < a.qtype;
374 }
375 return b.qname < a.qname;
376 });
6754ef71 377 }
6754ef71 378
986e4858
PL		 379 // load all comments + sort
380 {
381 Comment comment;
382 di.backend->listComments(di.id);
383 while(di.backend->getComment(comment)) {
384 comments.push_back(comment);
385 }
386 sort(comments.begin(), comments.end(), [](const Comment& a, const Comment& b) {
387 if (a.qname == b.qname) {
388 return b.qtype < a.qtype;
389 }
390 return b.qname < a.qname;
391 });
6754ef71 392 }
6754ef71 393
986e4858
PL		 394 Json::array rrsets;
395 Json::object rrset;
396 Json::array rrset_records;
397 Json::array rrset_comments;
398 DNSName current_qname;
399 QType current_qtype;
400 uint32_t ttl;
401 auto rit = records.begin();
402 auto cit = comments.begin();
403
404 while (rit != records.end() || cit != comments.end()) {
405 if (cit == comments.end() || (rit != records.end() && (cit->qname.toString() <= rit->qname.toString() || cit->qtype < rit->qtype || cit->qtype == rit->qtype))) {
406 current_qname = rit->qname;
407 current_qtype = rit->qtype;
408 ttl = rit->ttl;
409 } else {
410 current_qname = cit->qname;
411 current_qtype = cit->qtype;
412 ttl = 0;
413 }
6754ef71 414
986e4858
PL		 415 while(rit != records.end() && rit->qname == current_qname && rit->qtype == current_qtype) {
416 ttl = min(ttl, rit->ttl);
417 rrset_records.push_back(Json::object {
418 { "disabled", rit->disabled },
419 { "content", makeApiRecordContent(rit->qtype, rit->content) }
420 });
421 rit++;
422 }
423 while (cit != comments.end() && cit->qname == current_qname && cit->qtype == current_qtype) {
424 rrset_comments.push_back(Json::object {
425 { "modified_at", (double)cit->modified_at },
426 { "account", cit->account },
427 { "content", cit->content }
428 });
429 cit++;
430 }
431
432 rrset["name"] = current_qname.toString();
433 rrset["type"] = current_qtype.getName();
434 rrset["records"] = rrset_records;
435 rrset["comments"] = rrset_comments;
436 rrset["ttl"] = (double)ttl;
437 rrsets.push_back(rrset);
438 rrset.clear();
439 rrset_records.clear();
440 rrset_comments.clear();
6754ef71
CH		 441 }
442
986e4858 443 doc["rrsets"] = rrsets;
6754ef71
CH		 444 }
445
669822d0 446 resp->setBody(doc);
1abb81f4
CH		 447}
448
6ec5e728
CH		 449void productServerStatisticsFetch(map<string,string>& out)
450{
a45303b8 451 vector<string> items = S.getEntries();
ff05fd12 452 for(const string& item : items) {
335da0ba 453 out[item] = std::to_string(S.read(item));
a45303b8
CH		 454 }
455
456 // add uptime
335da0ba 457 out["uptime"] = std::to_string(time(0) - s_starttime);
c67bf8c5
CH		 458}
459
6754ef71 460static void gatherRecords(const Json container, const DNSName& qname, const QType qtype, const int ttl, vector<DNSResourceRecord>& new_records, vector<DNSResourceRecord>& new_ptrs) {
f63168e6
CH		 461 UeberBackend B;
462 DNSResourceRecord rr;
6754ef71
CH		 463 rr.qname = qname;
464 rr.qtype = qtype;
465 rr.auth = 1;
466 rr.ttl = ttl;
1f68b185 467 for(auto record : container["records"].array_items()) {
1f68b185 468 string content = stringFromJson(record, "content");
1f68b185
CH		 469 rr.disabled = boolFromJson(record, "disabled");
470
1f68b185
CH		 471 // validate that the client sent something we can actually parse, and require that data to be dotted.
472 try {
473 if (rr.qtype.getCode() != QType::AAAA) {
474 string tmp = makeApiRecordContent(rr.qtype, content);
475 if (!pdns_iequals(tmp, content)) {
476 throw std::runtime_error("Not in expected format (parsed as '"+tmp+"')");
477 }
478 } else {
479 struct in6_addr tmpbuf;
480 if (inet_pton(AF_INET6, content.c_str(), &tmpbuf) != 1 || content.find('.') != string::npos) {
481 throw std::runtime_error("Invalid IPv6 address");
1e5b9ab9 482 }
f63168e6 483 }
1f68b185
CH		 484 rr.content = makeBackendRecordContent(rr.qtype, content);
485 }
486 catch(std::exception& e)
487 {
488 throw ApiException("Record "+rr.qname.toString()+"/"+rr.qtype.getName()+" '"+content+"': "+e.what());
489 }
f63168e6 490
1f68b185
CH		 491 if ((rr.qtype.getCode() == QType::A || rr.qtype.getCode() == QType::AAAA) &&
492 boolFromJson(record, "set-ptr", false) == true) {
493 DNSResourceRecord ptr;
494 makePtr(rr, &ptr);
f63168e6 495
1f68b185 496 // verify that there's a zone for the PTR
1f68b185 497 SOAData sd;
cec52de6 498 if (!B.getAuth(ptr.qname, QType(QType::PTR), &sd, false))
1f68b185 499 throw ApiException("Could not find domain for PTR '"+ptr.qname.toString()+"' requested for '"+ptr.content+"'");
f63168e6 500
1f68b185
CH		 501 ptr.domain_id = sd.domain_id;
502 new_ptrs.push_back(ptr);
f63168e6 503 }
1f68b185
CH		 504
505 new_records.push_back(rr);
f63168e6
CH		 506 }
507}
508
6754ef71 509static void gatherComments(const Json container, const DNSName& qname, const QType qtype, vector<Comment>& new_comments) {
f63168e6 510 Comment c;
6754ef71
CH		 511 c.qname = qname;
512 c.qtype = qtype;
f63168e6
CH		 513
514 time_t now = time(0);
1f68b185 515 for (auto comment : container["comments"].array_items()) {
1f68b185
CH		 516 c.modified_at = intFromJson(comment, "modified_at", now);
517 c.content = stringFromJson(comment, "content");
518 c.account = stringFromJson(comment, "account");
519 new_comments.push_back(c);
f63168e6
CH		 520 }
521}
6cc98ddf 522
986e4858
PL		 523static void checkDefaultDNSSECAlgos() {
524 int k_algo = DNSSECKeeper::shorthand2algorithm(::arg()["default-ksk-algorithm"]);
525 int z_algo = DNSSECKeeper::shorthand2algorithm(::arg()["default-zsk-algorithm"]);
526 int k_size = arg().asNum("default-ksk-size");
527 int z_size = arg().asNum("default-zsk-size");
528
529 // Sanity check DNSSEC parameters
530 if (::arg()["default-zsk-algorithm"] != "") {
531 if (k_algo == -1)
532 throw ApiException("default-ksk-algorithm setting is set to unknown algorithm: " + ::arg()["default-ksk-algorithm"]);
533 else if (k_algo <= 10 && k_size == 0)
534 throw ApiException("default-ksk-algorithm is set to an algorithm("+::arg()["default-ksk-algorithm"]+") that requires a non-zero default-ksk-size!");
535 }
536
537 if (::arg()["default-zsk-algorithm"] != "") {
538 if (z_algo == -1)
539 throw ApiException("default-zsk-algorithm setting is set to unknown algorithm: " + ::arg()["default-zsk-algorithm"]);
540 else if (z_algo <= 10 && z_size == 0)
541 throw ApiException("default-zsk-algorithm is set to an algorithm("+::arg()["default-zsk-algorithm"]+") that requires a non-zero default-zsk-size!");
542 }
543}
544
89a7e706
PL		 545static void throwUnableToSecure(const DNSName& zonename) {
546 throw ApiException("No backend was able to secure '" + zonename.toString() + "', most likely because no DNSSEC"
547 + "capable backends are loaded, or because the backends have DNSSEC disabled. Check your configuration.");
548}
549
986e4858 550static void updateDomainSettingsFromDocument(UeberBackend& B, const DomainInfo& di, const DNSName& zonename, const Json document) {
1f68b185 551 string zonemaster;
986e4858 552 bool shouldRectify = false;
1f68b185
CH		 553 for(auto value : document["masters"].array_items()) {
554 string master = value.string_value();
555 if (master.empty())
556 throw ApiException("Master can not be an empty string");
557 zonemaster += master + " ";
bb9fd223
CH		 558 }
559
986e4858
PL		 560 if (zonemaster != "") {
561 di.backend->setMaster(zonename, zonemaster);
562 }
563 if (document["kind"].is_string()) {
564 di.backend->setKind(zonename, DomainInfo::stringToKind(stringFromJson(document, "kind")));
565 }
1f68b185
CH		 566 if (document["soa_edit_api"].is_string()) {
567 di.backend->setDomainMetadataOne(zonename, "SOA-EDIT-API", document["soa_edit_api"].string_value());
d29d5db7 568 }
1f68b185
CH		 569 if (document["soa_edit"].is_string()) {
570 di.backend->setDomainMetadataOne(zonename, "SOA-EDIT", document["soa_edit"].string_value());
6bb25159 571 }
c00908f1
PL		 572 try {
573 bool api_rectify = boolFromJson(document, "api_rectify");
574 di.backend->setDomainMetadataOne(zonename, "API-RECTIFY", api_rectify ? "1" : "0");
986e4858 575 }
c00908f1
PL		 576 catch (JsonException) {}
577
1f68b185
CH		 578 if (document["account"].is_string()) {
579 di.backend->setAccount(zonename, document["account"].string_value());
79532aa7 580 }
986e4858
PL		 581
582 DNSSECKeeper dk(&B);
583 bool dnssecInJSON = false;
584 bool dnssecDocVal = false;
585
586 try {
587 dnssecDocVal = boolFromJson(document, "dnssec");
588 dnssecInJSON = true;
589 }
590 catch (JsonException) {}
591
592 bool isDNSSECZone = dk.isSecuredZone(zonename);
593
594 if (dnssecInJSON) {
595 if (dnssecDocVal) {
596 if (!isDNSSECZone) {
597 checkDefaultDNSSECAlgos();
598
599 int k_algo = DNSSECKeeper::shorthand2algorithm(::arg()["default-ksk-algorithm"]);
600 int z_algo = DNSSECKeeper::shorthand2algorithm(::arg()["default-zsk-algorithm"]);
601 int k_size = arg().asNum("default-ksk-size");
602 int z_size = arg().asNum("default-zsk-size");
603
604 if (k_algo != -1) {
605 int64_t id;
606 if (!dk.addKey(zonename, true, k_algo, id, k_size)) {
89a7e706 607 throwUnableToSecure(zonename);
986e4858
PL		 608 }
609 }
610
611 if (z_algo != -1) {
612 int64_t id;
613 if (!dk.addKey(zonename, false, z_algo, id, z_size)) {
89a7e706 614 throwUnableToSecure(zonename);
986e4858
PL		 615 }
616 }
617
618 // Used later for NSEC3PARAM
619 isDNSSECZone = dk.isSecuredZone(zonename);
620
621 if (!isDNSSECZone) {
89a7e706 622 throwUnableToSecure(zonename);
986e4858
PL		 623 }
624 shouldRectify = true;
625 }
626 } else {
627 // "dnssec": false in json
628 if (isDNSSECZone) {
629 throw ApiException("Refusing to un-secure zone " + zonename.toString());
630 }
631 }
632 }
633
634 if(document["nsec3param"].string_value().length() > 0) {
635 shouldRectify = true;
636 NSEC3PARAMRecordContent ns3pr(document["nsec3param"].string_value());
637 string error_msg = "";
638 if (!isDNSSECZone) {
639 throw ApiException("NSEC3PARAMs provided for zone '"+zonename.toString()+"', but zone is not DNSSEC secured.");
640 }
641 if (!dk.checkNSEC3PARAM(ns3pr, error_msg)) {
642 throw ApiException("NSEC3PARAMs provided for zone '"+zonename.toString()+"' are invalid. " + error_msg);
643 }
644 if (!dk.setNSEC3PARAM(zonename, ns3pr, boolFromJson(document, "nsec3narrow", false))) {
645 throw ApiException("NSEC3PARAMs provided for zone '" + zonename.toString() +
646 "' passed our basic sanity checks, but cannot be used with the current backend.");
647 }
648 }
649
650 string api_rectify;
651 di.backend->getDomainMetadataOne(zonename, "API-RECTIFY", api_rectify);
652 if (shouldRectify && dk.isSecuredZone(zonename) && !dk.isPresigned(zonename) && api_rectify == "1") {
653 string error_msg = "";
8d0f207b 654 if (!dk.rectifyZone(zonename, error_msg, true))
986e4858
PL		 655 throw ApiException("Failed to rectify '" + zonename.toString() + "' " + error_msg);
656 }
bb9fd223
CH		 657}
658
24e11043
CJ		 659static bool isValidMetadataKind(const string& kind, bool readonly) {
660 static vector<string> builtinOptions {
661 "ALLOW-AXFR-FROM",
662 "AXFR-SOURCE",
663 "ALLOW-DNSUPDATE-FROM",
664 "TSIG-ALLOW-DNSUPDATE",
665 "FORWARD-DNSUPDATE",
666 "SOA-EDIT-DNSUPDATE",
4c5b6925 667 "NOTIFY-DNSUPDATE",
24e11043
CJ		 668 "ALSO-NOTIFY",
669 "AXFR-MASTER-TSIG",
670 "GSS-ALLOW-AXFR-PRINCIPAL",
671 "GSS-ACCEPTOR-PRINCIPAL",
672 "IXFR",
673 "LUA-AXFR-SCRIPT",
674 "NSEC3NARROW",
675 "NSEC3PARAM",
676 "PRESIGNED",
677 "PUBLISH-CDNSKEY",
678 "PUBLISH-CDS",
679 "SOA-EDIT",
680 "TSIG-ALLOW-AXFR",
681 "TSIG-ALLOW-DNSUPDATE"
682 };
683
684 // the following options do not allow modifications via API
685 static vector<string> protectedOptions {
986e4858 686 "API-RECTIFY",
24e11043
CJ		 687 "NSEC3NARROW",
688 "NSEC3PARAM",
689 "PRESIGNED",
690 "LUA-AXFR-SCRIPT"
691 };
692
9ac4e6d5
PL		 693 if (kind.find("X-") == 0)
694 return true;
695
24e11043
CJ		 696 bool found = false;
697
d8043c73 698 for (const string& s : builtinOptions) {
24e11043 699 if (kind == s) {
d8043c73 700 for (const string& s2 : protectedOptions) {
24e11043
CJ		 701 if (!readonly && s == s2)
702 return false;
703 }
704 found = true;
705 break;
706 }
707 }
708
709 return found;
710}
711
712static void apiZoneMetadata(HttpRequest* req, HttpResponse *resp) {
713 DNSName zonename = apiZoneIdToName(req->parameters["id"]);
714 UeberBackend B;
715
716 if (req->method == "GET") {
717 map<string, vector<string> > md;
718 Json::array document;
719
720 if (!B.getAllDomainMetadata(zonename, md))
721 throw HttpNotFoundException();
722
723 for (const auto& i : md) {
724 Json::array entries;
725 for (string j : i.second)
726 entries.push_back(j);
727
728 Json::object key {
729 { "type", "Metadata" },
730 { "kind", i.first },
731 { "metadata", entries }
732 };
733
734 document.push_back(key);
735 }
736
737 resp->setBody(document);
738 } else if (req->method == "POST" && !::arg().mustDo("api-readonly")) {
739 auto document = req->json();
740 string kind;
741 vector<string> entries;
742
743 try {
744 kind = stringFromJson(document, "kind");
745 } catch (JsonException) {
746 throw ApiException("kind is not specified or not a string");
747 }
748
749 if (!isValidMetadataKind(kind, false))
750 throw ApiException("Unsupported metadata kind '" + kind + "'");
751
752 vector<string> vecMetadata;
c6720e79
CJ		 753
754 if (!B.getDomainMetadata(zonename, kind, vecMetadata))
755 throw ApiException("Could not retrieve metadata entries for domain '" +
756 zonename.toString() + "'");
757
24e11043
CJ		 758 auto& metadata = document["metadata"];
759 if (!metadata.is_array())
760 throw ApiException("metadata is not specified or not an array");
761
762 for (const auto& i : metadata.array_items()) {
763 if (!i.is_string())
764 throw ApiException("metadata must be strings");
c6720e79
CJ		 765 else if (std::find(vecMetadata.cbegin(),
766 vecMetadata.cend(),
767 i.string_value()) == vecMetadata.cend()) {
768 vecMetadata.push_back(i.string_value());
769 }
24e11043
CJ		 770 }
771
772 if (!B.setDomainMetadata(zonename, kind, vecMetadata))
c6720e79
CJ		 773 throw ApiException("Could not update metadata entries for domain '" +
774 zonename.toString() + "'");
775
776 Json::array respMetadata;
777 for (const string& s : vecMetadata)
778 respMetadata.push_back(s);
779
780 Json::object key {
781 { "type", "Metadata" },
782 { "kind", document["kind"] },
783 { "metadata", respMetadata }
784 };
24e11043 785
24e11043 786 resp->status = 201;
c6720e79 787 resp->setBody(key);
24e11043
CJ		 788 } else
789 throw HttpMethodNotAllowedException();
790}
791
792static void apiZoneMetadataKind(HttpRequest* req, HttpResponse* resp) {
793 DNSName zonename = apiZoneIdToName(req->parameters["id"]);
794 string kind = req->parameters["kind"];
795 UeberBackend B;
796
797 if (req->method == "GET") {
798 vector<string> metadata;
799 Json::object document;
800 Json::array entries;
801
802 if (!B.getDomainMetadata(zonename, kind, metadata))
803 throw HttpNotFoundException();
804 else if (!isValidMetadataKind(kind, true))
805 throw ApiException("Unsupported metadata kind '" + kind + "'");
806
807 document["type"] = "Metadata";
808 document["kind"] = kind;
809
810 for (const string& i : metadata)
811 entries.push_back(i);
812
813 document["metadata"] = entries;
814 resp->setBody(document);
815 } else if (req->method == "PUT" && !::arg().mustDo("api-readonly")) {
816 auto document = req->json();
817
818 if (!isValidMetadataKind(kind, false))
819 throw ApiException("Unsupported metadata kind '" + kind + "'");
820
821 vector<string> vecMetadata;
822 auto& metadata = document["metadata"];
823 if (!metadata.is_array())
824 throw ApiException("metadata is not specified or not an array");
825
826 for (const auto& i : metadata.array_items()) {
827 if (!i.is_string())
828 throw ApiException("metadata must be strings");
829 vecMetadata.push_back(i.string_value());
830 }
831
832 if (!B.setDomainMetadata(zonename, kind, vecMetadata))
833 throw ApiException("Could not update metadata entries for domain '" + zonename.toString() + "'");
834
835 Json::object key {
836 { "type", "Metadata" },
837 { "kind", kind },
838 { "metadata", metadata }
839 };
840
841 resp->setBody(key);
842 } else if (req->method == "DELETE" && !::arg().mustDo("api-readonly")) {
843 if (!isValidMetadataKind(kind, false))
844 throw ApiException("Unsupported metadata kind '" + kind + "'");
845
846 vector<string> md; // an empty vector will do it
847 if (!B.setDomainMetadata(zonename, kind, md))
848 throw ApiException("Could not delete metadata for domain '" + zonename.toString() + "' (" + kind + ")");
849 } else
850 throw HttpMethodNotAllowedException();
851}
852
60b0a236
BZ		 853static void apiZoneCryptokeysGET(DNSName zonename, int inquireKeyId, HttpResponse *resp, DNSSECKeeper *dk) {
854 DNSSECKeeper::keyset_t keyset=dk->getKeys(zonename, false);
4b7f120a 855
997cab68
BZ		 856 bool inquireSingleKey = inquireKeyId >= 0;
857
24afabad 858 Json::array doc;
29704f66 859 for(const auto& value : keyset) {
997cab68 860 if (inquireSingleKey && (unsigned)inquireKeyId != value.second.id) {
29704f66 861 continue;
38809e97 862 }
24afabad 863
b6bd795c 864 string keyType;
60b0a236 865 switch (value.second.keyType) {
b6bd795c
PL		 866 case DNSSECKeeper::KSK: keyType="ksk"; break;
867 case DNSSECKeeper::ZSK: keyType="zsk"; break;
868 case DNSSECKeeper::CSK: keyType="csk"; break;
869 }
870
24afabad 871 Json::object key {
997cab68
BZ		 872 { "type", "Cryptokey" },
873 { "id", (int)value.second.id },
874 { "active", value.second.active },
875 { "keytype", keyType },
876 { "flags", (uint16_t)value.first.d_flags },
877 { "dnskey", value.first.getDNSKEY().getZoneRepresentation() }
24afabad
CH		 878 };
879
b6bd795c 880 if (value.second.keyType == DNSSECKeeper::KSK || value.second.keyType == DNSSECKeeper::CSK) {
24afabad 881 Json::array dses;
8455425c 882 for(const uint8_t keyid : { DNSSECKeeper::SHA1, DNSSECKeeper::SHA256, DNSSECKeeper::GOST, DNSSECKeeper::SHA384 })
997cab68
BZ		 883 try {
884 dses.push_back(makeDSFromDNSKey(zonename, value.first.getDNSKEY(), keyid).getZoneRepresentation());
885 } catch (...) {}
24afabad 886 key["ds"] = dses;
4b7f120a 887 }
29704f66
CH		 888
889 if (inquireSingleKey) {
890 key["privatekey"] = value.first.getKey()->convertToISC();
891 resp->setBody(key);
892 return;
893 }
24afabad 894 doc.push_back(key);
4b7f120a
MS		 895 }
896
29704f66
CH		 897 if (inquireSingleKey) {
898 // we came here because we couldn't find the requested key.
899 throw HttpNotFoundException();
900 }
4b7f120a 901 resp->setBody(doc);
997cab68
BZ		 902
903}
904
905/*
906 * This method handles DELETE requests for URL /api/v1/servers/:server_id/zones/:zone_name/cryptokeys/:cryptokey_id .
907 * It deletes a key from :zone_name specified by :cryptokey_id.
908 * Server Answers:
60b0a236
BZ		 909 * Case 1: the backend returns true on removal. This means the key is gone.
910 * The server returns 200 OK, no body.
955cbfd0 911 * Case 2: the backend returns false on removal. An error occurred.
60b0a236 912 * The sever returns 422 Unprocessable Entity with message "Could not DELETE :cryptokey_id".
997cab68 913 * */
60b0a236
BZ		 914static void apiZoneCryptokeysDELETE(DNSName zonename, int inquireKeyId, HttpRequest *req, HttpResponse *resp, DNSSECKeeper *dk) {
915 if (dk->removeKey(zonename, inquireKeyId)) {
916 resp->body = "";
917 resp->status = 200;
997cab68
BZ		 918 } else {
919 resp->setErrorResult("Could not DELETE " + req->parameters["key_id"], 422);
920 }
921}
922
923/*
924 * This method adds a key to a zone by generate it or content parameter.
925 * Parameter:
926 * {
927 * "content" : "key The format used is compatible with BIND and NSD/LDNS" <string>
928 * "keytype" : "ksk|zsk" <string>
929 * "active" : "true|false" <value>
1ec08a2b 930 * "algo" : "key generation algorithm "name|number" as default"<string> https://doc.powerdns.com/md/authoritative/dnssec/#supported-algorithms
997cab68
BZ		 931 * "bits" : number of bits <int>
932 * }
933 *
934 * Response:
935 * Case 1: keytype isn't ksk|zsk
936 * The server returns 422 Unprocessable Entity {"error" : "Invalid keytype 'keytype'"}
60b0a236
BZ		 937 * Case 2: 'bits' must be a positive integer value.
938 * The server returns 422 Unprocessable Entity {"error" : "'bits' must be a positive integer value."}
939 * Case 3: The "algo" isn't supported
997cab68 940 * The server returns 422 Unprocessable Entity {"error" : "Unknown algorithm: 'algo'"}
60b0a236 941 * Case 4: Algorithm <= 10 and no bits were passed
997cab68 942 * The server returns 422 Unprocessable Entity {"error" : "Creating an algorithm algo key requires the size (in bits) to be passed"}
60b0a236
BZ		 943 * Case 5: The wrong keysize was passed
944 * The server returns 422 Unprocessable Entity {"error" : "The algorithm does not support the given bit size."}
945 * Case 6: If the server cant guess the keysize
946 * The server returns 422 Unprocessable Entity {"error" : "Can not guess key size for algorithm"}
947 * Case 7: The key-creation failed
997cab68 948 * The server returns 422 Unprocessable Entity {"error" : "Adding key failed, perhaps DNSSEC not enabled in configuration?"}
60b0a236
BZ		 949 * Case 8: The key in content has the wrong format
950 * The server returns 422 Unprocessable Entity {"error" : "Key could not be parsed. Make sure your key format is correct."}
951 * Case 9: The wrong combination of fields is submitted
952 * The server returns 422 Unprocessable Entity {"error" : "Either you submit just the 'content' field or you leave 'content' empty and submit the other fields."}
953 * Case 10: No content and everything was fine
954 * The server returns 201 Created and all public data about the new cryptokey
955 * Case 11: With specified content
956 * The server returns 201 Created and all public data about the added cryptokey
997cab68
BZ		 957 */
958
60b0a236 959static void apiZoneCryptokeysPOST(DNSName zonename, HttpRequest *req, HttpResponse *resp, DNSSECKeeper *dk) {
997cab68
BZ		 960 auto document = req->json();
961 auto content = document["content"];
997cab68 962 bool active = boolFromJson(document, "active", false);
997cab68 963 bool keyOrZone;
60b0a236 964
997cab68
BZ		 965 if (stringFromJson(document, "keytype") == "ksk") {
966 keyOrZone = true;
967 } else if (stringFromJson(document, "keytype") == "zsk") {
968 keyOrZone = false;
969 } else {
970 throw ApiException("Invalid keytype " + stringFromJson(document, "keytype"));
971 }
972
b727e19b 973 int64_t insertedId = -1;
997cab68 974
997cab68 975 if (content.is_null()) {
43215ca6 976 int bits = keyOrZone ? ::arg().asNum("default-ksk-size") : ::arg().asNum("default-zsk-size");
60b0a236
BZ		 977 auto docbits = document["bits"];
978 if (!docbits.is_null()) {
979 if (!docbits.is_number() || (fmod(docbits.number_value(), 1.0) != 0) || docbits.int_value() < 0) {
980 throw ApiException("'bits' must be a positive integer value");
981 } else {
982 bits = docbits.int_value();
983 }
984 }
43215ca6 985 int algorithm = DNSSECKeeper::shorthand2algorithm(keyOrZone ? ::arg()["default-ksk-algorithm"] : ::arg()["default-zsk-algorithm"]);
997cab68
BZ		 986 auto providedAlgo = document["algo"];
987 if (providedAlgo.is_string()) {
60b0a236
BZ		 988 algorithm = DNSSECKeeper::shorthand2algorithm(providedAlgo.string_value());
989 if (algorithm == -1)
997cab68 990 throw ApiException("Unknown algorithm: " + providedAlgo.string_value());
997cab68
BZ		 991 } else if (providedAlgo.is_number()) {
992 algorithm = providedAlgo.int_value();
60b0a236
BZ		 993 } else if (!providedAlgo.is_null()) {
994 throw ApiException("Unknown algorithm: " + providedAlgo.string_value());
997cab68
BZ		 995 }
996
60b0a236 997 try {
b727e19b
RG		 998 if (!dk->addKey(zonename, keyOrZone, algorithm, insertedId, bits, active)) {
999 throw ApiException("Adding key failed, perhaps DNSSEC not enabled in configuration?");
1000 }
60b0a236 1001 } catch (std::runtime_error& error) {
997cab68
BZ		 1002 throw ApiException(error.what());
1003 }
997cab68
BZ		 1004 if (insertedId < 0)
1005 throw ApiException("Adding key failed, perhaps DNSSEC not enabled in configuration?");
60b0a236 1006 } else if (document["bits"].is_null() && document["algo"].is_null()) {
997cab68
BZ		 1007 auto keyData = stringFromJson(document, "content");
1008 DNSKEYRecordContent dkrc;
1009 DNSSECPrivateKey dpk;
60b0a236 1010 try {
997cab68
BZ		 1011 shared_ptr<DNSCryptoKeyEngine> dke(DNSCryptoKeyEngine::makeFromISCString(dkrc, keyData));
1012 dpk.d_algorithm = dkrc.d_algorithm;
1013 if(dpk.d_algorithm == 7)
1014 dpk.d_algorithm = 5;
1015
1016 if (keyOrZone)
1017 dpk.d_flags = 257;
1018 else
1019 dpk.d_flags = 256;
1020
1021 dpk.setKey(dke);
997cab68 1022 }
60b0a236
BZ		 1023 catch (std::runtime_error& error) {
1024 throw ApiException("Key could not be parsed. Make sure your key format is correct.");
1025 } try {
b727e19b
RG		 1026 if (!dk->addKey(zonename, dpk,insertedId, active)) {
1027 throw ApiException("Adding key failed, perhaps DNSSEC not enabled in configuration?");
1028 }
60b0a236 1029 } catch (std::runtime_error& error) {
997cab68
BZ		 1030 throw ApiException(error.what());
1031 }
1032 if (insertedId < 0)
1033 throw ApiException("Adding key failed, perhaps DNSSEC not enabled in configuration?");
60b0a236
BZ		 1034 } else {
1035 throw ApiException("Either you submit just the 'content' field or you leave 'content' empty and submit the other fields.");
997cab68 1036 }
60b0a236 1037 apiZoneCryptokeysGET(zonename, insertedId, resp, dk);
997cab68 1038 resp->status = 201;
60b0a236 1039}
997cab68
BZ		 1040
1041/*
1042 * This method handles PUT (execute) requests for URL /api/v1/servers/:server_id/zones/:zone_name/cryptokeys/:cryptokey_id .
1043 * It de/activates a key from :zone_name specified by :cryptokey_id.
1044 * Server Answers:
60b0a236 1045 * Case 1: invalid JSON data
997cab68 1046 * The server returns 400 Bad Request
60b0a236
BZ		 1047 * Case 2: the backend returns true on de/activation. This means the key is de/active.
1048 * The server returns 204 No Content
955cbfd0 1049 * Case 3: the backend returns false on de/activation. An error occurred.
997cab68
BZ		 1050 * The sever returns 422 Unprocessable Entity with message "Could not de/activate Key: :cryptokey_id in Zone: :zone_name"
1051 * */
60b0a236 1052static void apiZoneCryptokeysPUT(DNSName zonename, int inquireKeyId, HttpRequest *req, HttpResponse *resp, DNSSECKeeper *dk) {
997cab68
BZ		 1053 //throws an exception if the Body is empty
1054 auto document = req->json();
1055 //throws an exception if the key does not exist or is not a bool
1056 bool active = boolFromJson(document, "active");
60b0a236
BZ		 1057 if (active) {
1058 if (!dk->activateKey(zonename, inquireKeyId)) {
997cab68
BZ		 1059 resp->setErrorResult("Could not activate Key: " + req->parameters["key_id"] + " in Zone: " + zonename.toString(), 422);
1060 return;
1061 }
1062 } else {
60b0a236 1063 if (!dk->deactivateKey(zonename, inquireKeyId)) {
997cab68
BZ		 1064 resp->setErrorResult("Could not deactivate Key: " + req->parameters["key_id"] + " in Zone: " + zonename.toString(), 422);
1065 return;
1066 }
1067 }
60b0a236
BZ		 1068 resp->body = "";
1069 resp->status = 204;
1070 return;
997cab68
BZ		 1071}
1072
1073/*
1074 * This method chooses the right functionality for the request. It also checks for a cryptokey_id which has to be passed
1075 * by URL /api/v1/servers/:server_id/zones/:zone_name/cryptokeys/:cryptokey_id .
1076 * If the the HTTP-request-method isn't supported, the function returns a response with the 405 code (method not allowed).
1077 * */
1078static void apiZoneCryptokeys(HttpRequest *req, HttpResponse *resp) {
1079 DNSName zonename = apiZoneIdToName(req->parameters["id"]);
1080
60b0a236
BZ		 1081 UeberBackend B;
1082 DNSSECKeeper dk(&B);
1083 DomainInfo di;
1084 if (!B.getDomainInfo(zonename, di))
1085 throw HttpBadRequestException();
1086
997cab68
BZ		 1087 int inquireKeyId = -1;
1088 if (req->parameters.count("key_id")) {
1089 inquireKeyId = std::stoi(req->parameters["key_id"]);
1090 }
1091
1092 if (req->method == "GET") {
60b0a236 1093 apiZoneCryptokeysGET(zonename, inquireKeyId, resp, &dk);
1abc1df5 1094 } else if (req->method == "DELETE" && !::arg().mustDo("api-readonly")) {
60b0a236
BZ		 1095 if (inquireKeyId == -1)
1096 throw HttpBadRequestException();
1097 apiZoneCryptokeysDELETE(zonename, inquireKeyId, req, resp, &dk);
1abc1df5 1098 } else if (req->method == "POST" && !::arg().mustDo("api-readonly")) {
60b0a236 1099 apiZoneCryptokeysPOST(zonename, req, resp, &dk);
1abc1df5 1100 } else if (req->method == "PUT" && !::arg().mustDo("api-readonly")) {
60b0a236
BZ		 1101 if (inquireKeyId == -1)
1102 throw HttpBadRequestException();
1103 apiZoneCryptokeysPUT(zonename, inquireKeyId, req, resp, &dk);
997cab68
BZ		 1104 } else {
1105 throw HttpMethodNotAllowedException(); //Returns method not allowed
1106 }
4b7f120a
MS		 1107}
1108
1f68b185 1109static void gatherRecordsFromZone(const std::string& zonestring, vector<DNSResourceRecord>& new_records, DNSName zonename) {
0f0e73fe
MS		 1110 DNSResourceRecord rr;
1111 vector<string> zonedata;
1f68b185 1112 stringtok(zonedata, zonestring, "\r\n");
0f0e73fe
MS		 1113
1114 ZoneParserTNG zpt(zonedata, zonename);
1115
1116 bool seenSOA=false;
1117
1118 string comment = "Imported via the API";
1119
1120 try {
1121 while(zpt.get(rr, &comment)) {
1122 if(seenSOA && rr.qtype.getCode() == QType::SOA)
1123 continue;
1124 if(rr.qtype.getCode() == QType::SOA)
1125 seenSOA=true;
1126
0f0e73fe
MS		 1127 new_records.push_back(rr);
1128 }
1129 }
1130 catch(std::exception& ae) {
1af62161 1131 throw ApiException("An error occurred while parsing the zonedata: "+string(ae.what()));
0f0e73fe
MS		 1132 }
1133}
1134
e3675a8a
CH		 1135/** Throws ApiException if records with duplicate name/type/content are present.
1136 * NOTE: sorts records in-place.
1137 */
1138static void checkDuplicateRecords(vector<DNSResourceRecord>& records) {
1139 sort(records.begin(), records.end(),
1140 [](const DNSResourceRecord& rec_a, const DNSResourceRecord& rec_b) -> bool {
1141 return rec_a.qname.toString() > rec_b.qname.toString() || \
1142 rec_a.qtype.getCode() > rec_b.qtype.getCode() || \
1143 rec_a.content < rec_b.content;
1144 }
1145 );
1146 DNSResourceRecord previous;
1147 for(const auto& rec : records) {
1148 if (previous.qtype == rec.qtype && previous.qname == rec.qname && previous.content == rec.content) {
1149 throw ApiException("Duplicate record in RRset " + rec.qname.toString() + " IN " + rec.qtype.getName() + " with content \"" + rec.content + "\"");
1150 }
1151 previous = rec;
1152 }
1153}
1154
80d59cd1 1155static void apiServerZones(HttpRequest* req, HttpResponse* resp) {
e2dba705 1156 UeberBackend B;
53942520 1157 DNSSECKeeper dk(&B);
d07bf7ff 1158 if (req->method == "POST" && !::arg().mustDo("api-readonly")) {
e2dba705 1159 DomainInfo di;
1f68b185 1160 auto document = req->json();
c576d0c5 1161 DNSName zonename = apiNameToDNSName(stringFromJson(document, "name"));
1d6b70f9 1162 apiCheckNameAllowedCharacters(zonename.toString());
e3675a8a 1163 zonename.makeUsLowerCase();
4ebf78b1 1164
1d6b70f9 1165 bool exists = B.getDomainInfo(zonename, di);
e2dba705 1166 if(exists)
1d6b70f9 1167 throw ApiException("Domain '"+zonename.toString()+"' already exists");
e2dba705 1168
bb9fd223 1169 // validate 'kind' is set
4bdff352 1170 DomainInfo::DomainKind zonekind = DomainInfo::stringToKind(stringFromJson(document, "kind"));
bb9fd223 1171
6754ef71
CH		 1172 string zonestring = document["zone"].string_value();
1173 auto rrsets = document["rrsets"];
1174 if (rrsets.is_array() && zonestring != "")
1175 throw ApiException("You cannot give rrsets AND zone data as text");
0f0e73fe 1176
1f68b185
CH		 1177 auto nameservers = document["nameservers"];
1178 if (!nameservers.is_array() && zonekind != DomainInfo::Slave)
f63168e6 1179 throw ApiException("Nameservers list must be given (but can be empty if NS records are supplied)");
e2dba705 1180
f63168e6 1181 string soa_edit_api_kind;
1f68b185
CH		 1182 if (document["soa_edit_api"].is_string()) {
1183 soa_edit_api_kind = document["soa_edit_api"].string_value();
a6448d95
CH		 1184 }
1185 else {
1186 soa_edit_api_kind = "DEFAULT";
1187 }
1f68b185 1188 string soa_edit_kind = document["soa_edit"].string_value();
e90b4e38 1189
f63168e6
CH		 1190 // if records/comments are given, load and check them
1191 bool have_soa = false;
33e6c3e9 1192 bool have_zone_ns = false;
f63168e6
CH		 1193 vector<DNSResourceRecord> new_records;
1194 vector<Comment> new_comments;
1195 vector<DNSResourceRecord> new_ptrs;
0f0e73fe 1196
6754ef71
CH		 1197 if (rrsets.is_array()) {
1198 for (const auto& rrset : rrsets.array_items()) {
1199 DNSName qname = apiNameToDNSName(stringFromJson(rrset, "name"));
1200 apiCheckQNameAllowedCharacters(qname.toString());
1201 QType qtype;
1202 qtype = stringFromJson(rrset, "type");
1203 if (qtype.getCode() == 0) {
1204 throw ApiException("RRset "+qname.toString()+" IN "+stringFromJson(rrset, "type")+": unknown type given");
1205 }
1206 if (rrset["records"].is_array()) {
1207 int ttl = intFromJson(rrset, "ttl");
1208 gatherRecords(rrset, qname, qtype, ttl, new_records, new_ptrs);
1209 }
1210 if (rrset["comments"].is_array()) {
1211 gatherComments(rrset, qname, qtype, new_comments);
1212 }
1213 }
0f0e73fe 1214 } else if (zonestring != "") {
1f68b185 1215 gatherRecordsFromZone(zonestring, new_records, zonename);
0f0e73fe
MS		 1216 }
1217
1f68b185 1218 for(auto& rr : new_records) {
e3675a8a 1219 rr.qname.makeUsLowerCase();
1d6b70f9 1220 if (!rr.qname.isPartOf(zonename) && rr.qname != zonename)
561434a6 1221 throw ApiException("RRset "+rr.qname.toString()+" IN "+rr.qtype.getName()+": Name is out of zone");
cb9b5901 1222 apiCheckQNameAllowedCharacters(rr.qname.toString());
f63168e6 1223
1d6b70f9 1224 if (rr.qtype.getCode() == QType::SOA && rr.qname==zonename) {
f63168e6 1225 have_soa = true;
a6448d95 1226 increaseSOARecord(rr, soa_edit_api_kind, soa_edit_kind);
1d6b70f9
CH		 1227 // fixup dots after serializeSOAData/increaseSOARecord
1228 rr.content = makeBackendRecordContent(rr.qtype, rr.content);
f63168e6 1229 }
33e6c3e9
CH		 1230 if (rr.qtype.getCode() == QType::NS && rr.qname==zonename) {
1231 have_zone_ns = true;
1232 }
f63168e6 1233 }
f7bfeb30
CH		 1234
1235 // synthesize RRs as needed
1236 DNSResourceRecord autorr;
1d6b70f9 1237 autorr.qname = zonename;
f7bfeb30
CH		 1238 autorr.auth = 1;
1239 autorr.ttl = ::arg().asNum("default-ttl");
e2dba705 1240
4de11a54 1241 if (!have_soa && zonekind != DomainInfo::Slave) {
f63168e6 1242 // synthesize a SOA record so the zone "really" exists
1d6b70f9
CH		 1243 string soa = (boost::format("%s %s %lu")
1244 % ::arg()["default-soa-name"]
1245 % (::arg().isEmpty("default-soa-mail") ? (DNSName("hostmaster.") + zonename).toString() : ::arg()["default-soa-mail"])
1f68b185 1246 % document["serial"].int_value()
1d6b70f9 1247 ).str();
f63168e6 1248 SOAData sd;
1d6b70f9 1249 fillSOAData(soa, sd); // fills out default values for us
f7bfeb30 1250 autorr.qtype = "SOA";
1d6b70f9 1251 autorr.content = serializeSOAData(sd);
f7bfeb30 1252 increaseSOARecord(autorr, soa_edit_api_kind, soa_edit_kind);
1d6b70f9
CH		 1253 // fixup dots after serializeSOAData/increaseSOARecord
1254 autorr.content = makeBackendRecordContent(autorr.qtype, autorr.content);
f7bfeb30 1255 new_records.push_back(autorr);
f63168e6
CH		 1256 }
1257
1258 // create NS records if nameservers are given
1f68b185
CH		 1259 for (auto value : nameservers.array_items()) {
1260 string nameserver = value.string_value();
1261 if (nameserver.empty())
1262 throw ApiException("Nameservers must be non-empty strings");
1263 if (!isCanonical(nameserver))
1264 throw ApiException("Nameserver is not canonical: '" + nameserver + "'");
1265 try {
1266 // ensure the name parses
8f955653 1267 autorr.content = DNSName(nameserver).toStringRootDot();
1f68b185
CH		 1268 } catch (...) {
1269 throw ApiException("Unable to parse DNS Name for NS '" + nameserver + "'");
4bdff352 1270 }
1f68b185
CH		 1271 autorr.qtype = "NS";
1272 new_records.push_back(autorr);
33e6c3e9
CH		 1273 if (have_zone_ns) {
1274 throw ApiException("Nameservers list MUST NOT be mixed with zone-level NS in rrsets");
1275 }
e2dba705
CH		 1276 }
1277
e3675a8a
CH		 1278 checkDuplicateRecords(new_records);
1279
986e4858
PL		 1280 if (boolFromJson(document, "dnssec", false)) {
1281 checkDefaultDNSSECAlgos();
1282
1283 if(document["nsec3param"].string_value().length() > 0) {
1284 NSEC3PARAMRecordContent ns3pr(document["nsec3param"].string_value());
1285 string error_msg = "";
1286 if (!dk.checkNSEC3PARAM(ns3pr, error_msg)) {
1287 throw ApiException("NSEC3PARAMs provided for zone '"+zonename.toString()+"' are invalid. " + error_msg);
1288 }
1289 }
1290 }
1291
f63168e6 1292 // no going back after this
1d6b70f9
CH		 1293 if(!B.createDomain(zonename))
1294 throw ApiException("Creating domain '"+zonename.toString()+"' failed");
f63168e6 1295
1d6b70f9
CH		 1296 if(!B.getDomainInfo(zonename, di))
1297 throw ApiException("Creating domain '"+zonename.toString()+"' failed: lookup of domain ID failed");
f63168e6 1298
9440a9f0
CH		 1299 // updateDomainSettingsFromDocument does NOT fill out the default we've established above.
1300 if (!soa_edit_api_kind.empty()) {
1301 di.backend->setDomainMetadataOne(zonename, "SOA-EDIT-API", soa_edit_api_kind);
1302 }
1303
1d6b70f9 1304 di.backend->startTransaction(zonename, di.id);
f63168e6 1305
abb873ee 1306 for(auto rr : new_records) {
f63168e6 1307 rr.domain_id = di.id;
c9b43446 1308 di.backend->feedRecord(rr, DNSName());
e2dba705 1309 }
1d6b70f9 1310 for(Comment& c : new_comments) {
f63168e6
CH		 1311 c.domain_id = di.id;
1312 di.backend->feedComment(c);
1313 }
e2dba705 1314
986e4858 1315 updateDomainSettingsFromDocument(B, di, zonename, document);
e2dba705 1316
f63168e6
CH		 1317 di.backend->commitTransaction();
1318
3fe7c7d6
CH		 1319 storeChangedPTRs(B, new_ptrs);
1320
986e4858 1321 fillZone(zonename, resp, shouldDoRRSets(req));
64a36f0d 1322 resp->status = 201;
e2dba705
CH		 1323 return;
1324 }
1325
c67bf8c5
CH		 1326 if(req->method != "GET")
1327 throw HttpMethodNotAllowedException();
1328
c67bf8c5 1329 vector<DomainInfo> domains;
cea26350 1330 B.getAllDomains(&domains, true); // incl. disabled
c67bf8c5 1331
62a9a74c
CH		 1332 Json::array doc;
1333 for(const DomainInfo& di : domains) {
ce846be6 1334 doc.push_back(getZoneInfo(di, &dk));
c67bf8c5 1335 }
669822d0 1336 resp->setBody(doc);
c67bf8c5
CH		 1337}
1338
05776d2f 1339static void apiServerZoneDetail(HttpRequest* req, HttpResponse* resp) {
290a083d 1340 DNSName zonename = apiZoneIdToName(req->parameters["id"]);
05776d2f 1341
d07bf7ff 1342 if(req->method == "PUT" && !::arg().mustDo("api-readonly")) {
7c0ba3d2
CH		 1343 // update domain settings
1344 UeberBackend B;
1345 DomainInfo di;
1346 if(!B.getDomainInfo(zonename, di))
290a083d 1347 throw ApiException("Could not find domain '"+zonename.toString()+"'");
7c0ba3d2 1348
986e4858 1349 updateDomainSettingsFromDocument(B, di, zonename, req->json());
7c0ba3d2 1350
f0e76cee
CH		 1351 resp->body = "";
1352 resp->status = 204; // No Content, but indicate success
7c0ba3d2
CH		 1353 return;
1354 }
d07bf7ff 1355 else if(req->method == "DELETE" && !::arg().mustDo("api-readonly")) {
a462a01d
CH		 1356 // delete domain
1357 UeberBackend B;
1358 DomainInfo di;
1359 if(!B.getDomainInfo(zonename, di))
290a083d 1360 throw ApiException("Could not find domain '"+zonename.toString()+"'");
a462a01d
CH		 1361
1362 if(!di.backend->deleteDomain(zonename))
290a083d 1363 throw ApiException("Deleting domain '"+zonename.toString()+"' failed: backend delete failed/unsupported");
a462a01d
CH		 1364
1365 // empty body on success
1366 resp->body = "";
37663c3b 1367 resp->status = 204; // No Content: declare that the zone is gone now
a462a01d 1368 return;
d07bf7ff 1369 } else if (req->method == "PATCH" && !::arg().mustDo("api-readonly")) {
d708640f 1370 patchZone(req, resp);
6cc98ddf
CH		 1371 return;
1372 } else if (req->method == "GET") {
986e4858 1373 fillZone(zonename, resp, shouldDoRRSets(req));
6cc98ddf 1374 return;
a462a01d 1375 }
7c0ba3d2 1376
6cc98ddf 1377 throw HttpMethodNotAllowedException();
05776d2f
CH		 1378}
1379
a83004d3 1380static void apiServerZoneExport(HttpRequest* req, HttpResponse* resp) {
290a083d 1381 DNSName zonename = apiZoneIdToName(req->parameters["id"]);
a83004d3
CH		 1382
1383 if(req->method != "GET")
1384 throw HttpMethodNotAllowedException();
1385
1386 ostringstream ss;
1387
1388 UeberBackend B;
1389 DomainInfo di;
1390 if(!B.getDomainInfo(zonename, di))
290a083d 1391 throw ApiException("Could not find domain '"+zonename.toString()+"'");
a83004d3
CH		 1392
1393 DNSResourceRecord rr;
1394 SOAData sd;
1395 di.backend->list(zonename, di.id);
1396 while(di.backend->get(rr)) {
1397 if (!rr.qtype.getCode())
1398 continue; // skip empty non-terminals
1399
a83004d3 1400 ss <<
675fa24c 1401 rr.qname.toString() << "\t" <<
a83004d3
CH		 1402 rr.ttl << "\t" <<
1403 rr.qtype.getName() << "\t" <<
1d6b70f9 1404 makeApiRecordContent(rr.qtype, rr.content) <<
a83004d3
CH		 1405 endl;
1406 }
1407
1408 if (req->accept_json) {
41873e7c 1409 resp->setBody(Json::object { { "zone", ss.str() } });
a83004d3
CH		 1410 } else {
1411 resp->headers["Content-Type"] = "text/plain; charset=us-ascii";
1412 resp->body = ss.str();
1413 }
1414}
1415
a426cb89 1416static void apiServerZoneAxfrRetrieve(HttpRequest* req, HttpResponse* resp) {
290a083d 1417 DNSName zonename = apiZoneIdToName(req->parameters["id"]);
a426cb89
CH		 1418
1419 if(req->method != "PUT")
1420 throw HttpMethodNotAllowedException();
1421
1422 UeberBackend B;
1423 DomainInfo di;
1424 if(!B.getDomainInfo(zonename, di))
290a083d 1425 throw ApiException("Could not find domain '"+zonename.toString()+"'");
a426cb89
CH		 1426
1427 if(di.masters.empty())
290a083d 1428 throw ApiException("Domain '"+zonename.toString()+"' is not a slave domain (or has no master defined)");
a426cb89
CH		 1429
1430 random_shuffle(di.masters.begin(), di.masters.end());
1431 Communicator.addSuckRequest(zonename, di.masters.front());
692829aa 1432 resp->setSuccessResult("Added retrieval request for '"+zonename.toString()+"' from master "+di.masters.front());
a426cb89
CH		 1433}
1434
1435static void apiServerZoneNotify(HttpRequest* req, HttpResponse* resp) {
290a083d 1436 DNSName zonename = apiZoneIdToName(req->parameters["id"]);
a426cb89
CH		 1437
1438 if(req->method != "PUT")
1439 throw HttpMethodNotAllowedException();
1440
1441 UeberBackend B;
1442 DomainInfo di;
1443 if(!B.getDomainInfo(zonename, di))
290a083d 1444 throw ApiException("Could not find domain '"+zonename.toString()+"'");
a426cb89
CH		 1445
1446 if(!Communicator.notifyDomain(zonename))
1447 throw ApiException("Failed to add to the queue - see server log");
1448
692829aa 1449 resp->setSuccessResult("Notification queued");
a426cb89
CH		 1450}
1451
4bc8379e
PL		 1452static void apiServerZoneRectify(HttpRequest* req, HttpResponse* resp) {
1453 DNSName zonename = apiZoneIdToName(req->parameters["id"]);
1454
1455 if(req->method != "PUT")
1456 throw HttpMethodNotAllowedException();
1457
1458 UeberBackend B;
1459 DomainInfo di;
1460 if(!B.getDomainInfo(zonename, di))
1461 throw ApiException("Could not find domain '"+zonename.toString()+"'");
1462
1463 DNSSECKeeper dk(&B);
1464
1465 if (!dk.isSecuredZone(zonename))
1466 throw ApiException("Zone '" + zonename.toString() + "' is not DNSSEC signed, not rectifying.");
1467
1468 if (di.kind == DomainInfo::Slave)
1469 throw ApiException("Zone '" + zonename.toString() + "' is a slave zone, not rectifying.");
1470
1471 string error_msg = "";
8d0f207b 1472 if (!dk.rectifyZone(zonename, error_msg, true))
4bc8379e
PL		 1473 throw ApiException("Failed to rectify '" + zonename.toString() + "' " + error_msg);
1474
1475 resp->setSuccessResult("Rectified");
1476}
1477
d1587ceb
CH		 1478static void makePtr(const DNSResourceRecord& rr, DNSResourceRecord* ptr) {
1479 if (rr.qtype.getCode() == QType::A) {
1480 uint32_t ip;
1481 if (!IpToU32(rr.content, &ip)) {
1482 throw ApiException("PTR: Invalid IP address given");
1483 }
1d6b70f9 1484 ptr->qname = DNSName((boost::format("%u.%u.%u.%u.in-addr.arpa.")
d1587ceb
CH		 1485 % ((ip >> 24) & 0xff)
1486 % ((ip >> 16) & 0xff)
1487 % ((ip >> 8) & 0xff)
1488 % ((ip ) & 0xff)
1d6b70f9 1489 ).str());
d1587ceb
CH		 1490 } else if (rr.qtype.getCode() == QType::AAAA) {
1491 ComboAddress ca(rr.content);
5fb3aa58 1492 char buf[3];
d1587ceb 1493 ostringstream ss;
5fb3aa58
CH		 1494 for (int octet = 0; octet < 16; ++octet) {
1495 if (snprintf(buf, sizeof(buf), "%02x", ca.sin6.sin6_addr.s6_addr[octet]) != (sizeof(buf)-1)) {
1496 // this should be impossible: no byte should give more than two digits in hex format
1497 throw PDNSException("Formatting IPv6 address failed");
1498 }
1499 ss << buf[0] << '.' << buf[1] << '.';
d1587ceb 1500 }
5fb3aa58
CH		 1501 string tmp = ss.str();
1502 tmp.resize(tmp.size()-1); // remove last dot
1503 // reverse and append arpa domain
1d6b70f9 1504 ptr->qname = DNSName(string(tmp.rbegin(), tmp.rend())) + DNSName("ip6.arpa.");
d1587ceb 1505 } else {
675fa24c 1506 throw ApiException("Unsupported PTR source '" + rr.qname.toString() + "' type '" + rr.qtype.getName() + "'");
d1587ceb
CH		 1507 }
1508
1509 ptr->qtype = "PTR";
1510 ptr->ttl = rr.ttl;
1511 ptr->disabled = rr.disabled;
8f955653 1512 ptr->content = rr.qname.toStringRootDot();
d1587ceb
CH		 1513}
1514
995473c8
CH		 1515static void storeChangedPTRs(UeberBackend& B, vector<DNSResourceRecord>& new_ptrs) {
1516 for(const DNSResourceRecord& rr : new_ptrs) {
995473c8 1517 SOAData sd;
cec52de6 1518 if (!B.getAuth(rr.qname, QType(QType::PTR), &sd, false))
995473c8
CH		 1519 throw ApiException("Could not find domain for PTR '"+rr.qname.toString()+"' requested for '"+rr.content+"' (while saving)");
1520
1521 string soa_edit_api_kind;
1522 string soa_edit_kind;
1523 bool soa_changed = false;
1524 DNSResourceRecord soarr;
1525 sd.db->getDomainMetadataOne(sd.qname, "SOA-EDIT-API", soa_edit_api_kind);
1526 sd.db->getDomainMetadataOne(sd.qname, "SOA-EDIT", soa_edit_kind);
1527 if (!soa_edit_api_kind.empty()) {
1528 soarr.qname = sd.qname;
1529 soarr.content = serializeSOAData(sd);
1530 soarr.qtype = "SOA";
1531 soarr.domain_id = sd.domain_id;
1532 soarr.auth = 1;
1533 soarr.ttl = sd.ttl;
1534 increaseSOARecord(soarr, soa_edit_api_kind, soa_edit_kind);
1535 // fixup dots after serializeSOAData/increaseSOARecord
1536 soarr.content = makeBackendRecordContent(soarr.qtype, soarr.content);
1537 soa_changed = true;
1538 }
1539
1540 sd.db->startTransaction(sd.qname);
1541 if (!sd.db->replaceRRSet(sd.domain_id, rr.qname, rr.qtype, vector<DNSResourceRecord>(1, rr))) {
1542 sd.db->abortTransaction();
1543 throw ApiException("PTR-Hosting backend for "+rr.qname.toString()+"/"+rr.qtype.getName()+" does not support editing records.");
1544 }
1545
1546 if (soa_changed) {
1547 sd.db->replaceRRSet(sd.domain_id, soarr.qname, soarr.qtype, vector<DNSResourceRecord>(1, soarr));
1548 }
1549
1550 sd.db->commitTransaction();
bf269e28 1551 purgeAuthCachesExact(rr.qname);
995473c8
CH		 1552 }
1553}
1554
d708640f 1555static void patchZone(HttpRequest* req, HttpResponse* resp) {
b3905a3d
CH		 1556 UeberBackend B;
1557 DomainInfo di;
290a083d 1558 DNSName zonename = apiZoneIdToName(req->parameters["id"]);
d708640f 1559 if (!B.getDomainInfo(zonename, di))
290a083d 1560 throw ApiException("Could not find domain '"+zonename.toString()+"'");
b3905a3d 1561
f63168e6
CH		 1562 vector<DNSResourceRecord> new_records;
1563 vector<Comment> new_comments;
d708640f
CH		 1564 vector<DNSResourceRecord> new_ptrs;
1565
1f68b185 1566 Json document = req->json();
b3905a3d 1567
1f68b185
CH		 1568 auto rrsets = document["rrsets"];
1569 if (!rrsets.is_array())
d708640f 1570 throw ApiException("No rrsets given in update request");
b3905a3d 1571
d708640f 1572 di.backend->startTransaction(zonename);
6cc98ddf 1573
d708640f 1574 try {
d29d5db7 1575 string soa_edit_api_kind;
a6448d95 1576 string soa_edit_kind;
d29d5db7 1577 di.backend->getDomainMetadataOne(zonename, "SOA-EDIT-API", soa_edit_api_kind);
a6448d95 1578 di.backend->getDomainMetadataOne(zonename, "SOA-EDIT", soa_edit_kind);
d29d5db7
CH		 1579 bool soa_edit_done = false;
1580
6754ef71
CH		 1581 for (const auto& rrset : rrsets.array_items()) {
1582 string changetype = toUpper(stringFromJson(rrset, "changetype"));
c576d0c5 1583 DNSName qname = apiNameToDNSName(stringFromJson(rrset, "name"));
cb9b5901 1584 apiCheckQNameAllowedCharacters(qname.toString());
6754ef71 1585 QType qtype;
d708640f 1586 qtype = stringFromJson(rrset, "type");
6754ef71
CH		 1587 if (qtype.getCode() == 0) {
1588 throw ApiException("RRset "+qname.toString()+" IN "+stringFromJson(rrset, "type")+": unknown type given");
1589 }
d708640f 1590
d708640f 1591 if (changetype == "DELETE") {
b7f21ab1 1592 // delete all matching qname/qtype RRs (and, implicitly comments).
d708640f
CH		 1593 if (!di.backend->replaceRRSet(di.id, qname, qtype, vector<DNSResourceRecord>())) {
1594 throw ApiException("Hosting backend does not support editing records.");
6cc98ddf 1595 }
d708640f
CH		 1596 }
1597 else if (changetype == "REPLACE") {
1d6b70f9 1598 // we only validate for REPLACE, as DELETE can be used to "fix" out of zone records.
e325f20c 1599 if (!qname.isPartOf(zonename) && qname != zonename)
edda67a2 1600 throw ApiException("RRset "+qname.toString()+" IN "+qtype.getName()+": Name is out of zone");
34df6ecc 1601
6754ef71
CH		 1602 bool replace_records = rrset["records"].is_array();
1603 bool replace_comments = rrset["comments"].is_array();
f63168e6 1604
6754ef71
CH		 1605 if (!replace_records && !replace_comments) {
1606 throw ApiException("No change for RRset " + qname.toString() + " IN " + qtype.getName());
1607 }
f63168e6 1608
6754ef71
CH		 1609 new_records.clear();
1610 new_comments.clear();
f63168e6 1611
6754ef71
CH		 1612 if (replace_records) {
1613 // ttl shouldn't be part of DELETE, and it shouldn't be required if we don't get new records.
1614 int ttl = intFromJson(rrset, "ttl");
1615 // new_ptrs is merged.
1616 gatherRecords(rrset, qname, qtype, ttl, new_records, new_ptrs);
1617
1618 for(DNSResourceRecord& rr : new_records) {
1619 rr.domain_id = di.id;
1620 if (rr.qtype.getCode() == QType::SOA && rr.qname==zonename) {
1621 soa_edit_done = increaseSOARecord(rr, soa_edit_api_kind, soa_edit_kind);
1622 rr.content = makeBackendRecordContent(rr.qtype, rr.content);
1623 }
d708640f 1624 }
e3675a8a 1625 checkDuplicateRecords(new_records);
6cc98ddf
CH		 1626 }
1627
6754ef71
CH		 1628 if (replace_comments) {
1629 gatherComments(rrset, qname, qtype, new_comments);
f63168e6 1630
6754ef71
CH		 1631 for(Comment& c : new_comments) {
1632 c.domain_id = di.id;
1633 }
d708640f 1634 }
b3905a3d 1635
d708640f 1636 if (replace_records) {
8560f36a
CH		 1637 di.backend->lookup(QType(QType::ANY), qname);
1638 DNSResourceRecord rr;
1639 while (di.backend->get(rr)) {
1640 if (qtype.getCode() == QType::CNAME && rr.qtype.getCode() != QType::CNAME) {
1641 throw ApiException("RRset "+qname.toString()+" IN "+qtype.getName()+": Conflicts with pre-existing non-CNAME RRset");
1642 } else if (qtype.getCode() != QType::CNAME && rr.qtype.getCode() == QType::CNAME) {
1643 throw ApiException("RRset "+qname.toString()+" IN "+qtype.getName()+": Conflicts with pre-existing CNAME RRset");
1644 }
1645 }
1646
d708640f
CH		 1647 if (!di.backend->replaceRRSet(di.id, qname, qtype, new_records)) {
1648 throw ApiException("Hosting backend does not support editing records.");
1649 }
1650 }
1651 if (replace_comments) {
1652 if (!di.backend->replaceComments(di.id, qname, qtype, new_comments)) {
1653 throw ApiException("Hosting backend does not support editing comments.");
1654 }
1655 }
6cc98ddf 1656 }
d708640f
CH		 1657 else
1658 throw ApiException("Changetype not understood");
6cc98ddf 1659 }
d29d5db7
CH		 1660
1661 // edit SOA (if needed)
1662 if (!soa_edit_api_kind.empty() && !soa_edit_done) {
1663 SOAData sd;
1664 if (!B.getSOA(zonename, sd))
290a083d 1665 throw ApiException("No SOA found for domain '"+zonename.toString()+"'");
d29d5db7
CH		 1666
1667 DNSResourceRecord rr;
1668 rr.qname = zonename;
1669 rr.content = serializeSOAData(sd);
1670 rr.qtype = "SOA";
1671 rr.domain_id = di.id;
1672 rr.auth = 1;
1673 rr.ttl = sd.ttl;
a6448d95 1674 increaseSOARecord(rr, soa_edit_api_kind, soa_edit_kind);
1d6b70f9
CH		 1675 // fixup dots after serializeSOAData/increaseSOARecord
1676 rr.content = makeBackendRecordContent(rr.qtype, rr.content);
d29d5db7
CH		 1677
1678 if (!di.backend->replaceRRSet(di.id, rr.qname, rr.qtype, vector<DNSResourceRecord>(1, rr))) {
1679 throw ApiException("Hosting backend does not support editing records.");
1680 }
3ae63ca8 1681
478de03b
KW		 1682 // return old and new serials in headers
1683 resp->headers["X-PDNS-Old-Serial"] = std::to_string(sd.serial);
3ae63ca8 1684 fillSOAData(rr.content, sd);
478de03b 1685 resp->headers["X-PDNS-New-Serial"] = std::to_string(sd.serial);
d29d5db7
CH		 1686 }
1687
d708640f
CH		 1688 } catch(...) {
1689 di.backend->abortTransaction();
1690 throw;
1691 }
986e4858
PL		 1692
1693 DNSSECKeeper dk;
1694 string api_rectify;
1695 di.backend->getDomainMetadataOne(zonename, "API-RECTIFY", api_rectify);
1696 if (dk.isSecuredZone(zonename) && !dk.isPresigned(zonename) && api_rectify == "1") {
1697 string error_msg = "";
8d0f207b 1698 if (!dk.rectifyZone(zonename, error_msg, false))
986e4858
PL		 1699 throw ApiException("Failed to rectify '" + zonename.toString() + "' " + error_msg);
1700 }
1701
d708640f 1702 di.backend->commitTransaction();
b3905a3d 1703
bf269e28 1704 purgeAuthCachesExact(zonename);
d1587ceb 1705
d708640f 1706 // now the PTRs
995473c8 1707 storeChangedPTRs(B, new_ptrs);
b3905a3d 1708
f0e76cee
CH		 1709 resp->body = "";
1710 resp->status = 204; // No Content, but indicate success
1711 return;
b3905a3d
CH		 1712}
1713
b1902fab
CH		 1714static void apiServerSearchData(HttpRequest* req, HttpResponse* resp) {
1715 if(req->method != "GET")
1716 throw HttpMethodNotAllowedException();
1717
583ea80d 1718 string q = req->getvars["q"];
720ed2bd
AT		 1719 string sMax = req->getvars["max"];
1720 int maxEnts = 100;
1721 int ents = 0;
1722
b1902fab
CH		 1723 if (q.empty())
1724 throw ApiException("Query q can't be blank");
606c8752 1725 if (!sMax.empty())
335da0ba 1726 maxEnts = std::stoi(sMax);
720ed2bd
AT		 1727 if (maxEnts < 1)
1728 throw ApiException("Maximum entries must be larger than 0");
b1902fab 1729
720ed2bd 1730 SimpleMatch sm(q,true);
b1902fab 1731 UeberBackend B;
b1902fab 1732 vector<DomainInfo> domains;
720ed2bd
AT		 1733 vector<DNSResourceRecord> result_rr;
1734 vector<Comment> result_c;
1d6b70f9
CH		 1735 map<int,DomainInfo> zoneIdZone;
1736 map<int,DomainInfo>::iterator val;
00963dea 1737 Json::array doc;
b1902fab 1738
720ed2bd 1739 B.getAllDomains(&domains, true);
d2d194a9 1740
720ed2bd 1741 for(const DomainInfo di: domains)
1d6b70f9 1742 {
720ed2bd 1743 if (ents < maxEnts && sm.match(di.zone)) {
00963dea
CH		 1744 doc.push_back(Json::object {
1745 { "object_type", "zone" },
1746 { "zone_id", apiZoneNameToId(di.zone) },
1747 { "name", di.zone.toString() }
1748 });
720ed2bd 1749 ents++;
b1902fab 1750 }
1d6b70f9 1751 zoneIdZone[di.id] = di; // populate cache
720ed2bd 1752 }
b1902fab 1753
720ed2bd
AT		 1754 if (B.searchRecords(q, maxEnts, result_rr))
1755 {
1756 for(const DNSResourceRecord& rr: result_rr)
1757 {
7cbc5255
CH		 1758 if (!rr.qtype.getCode())
1759 continue; // skip empty non-terminals
1760
00963dea
CH		 1761 auto object = Json::object {
1762 { "object_type", "record" },
1763 { "name", rr.qname.toString() },
1764 { "type", rr.qtype.getName() },
1765 { "ttl", (double)rr.ttl },
1766 { "disabled", rr.disabled },
1767 { "content", makeApiRecordContent(rr.qtype, rr.content) }
1768 };
720ed2bd 1769 if ((val = zoneIdZone.find(rr.domain_id)) != zoneIdZone.end()) {
00963dea
CH		 1770 object["zone_id"] = apiZoneNameToId(val->second.zone);
1771 object["zone"] = val->second.zone.toString();
720ed2bd 1772 }
00963dea 1773 doc.push_back(object);
b1902fab 1774 }
720ed2bd 1775 }
b1902fab 1776
720ed2bd
AT		 1777 if (B.searchComments(q, maxEnts, result_c))
1778 {
1779 for(const Comment &c: result_c)
1780 {
00963dea
CH		 1781 auto object = Json::object {
1782 { "object_type", "comment" },
25dcc05f 1783 { "name", c.qname.toString() },
00963dea
CH		 1784 { "content", c.content }
1785 };
720ed2bd 1786 if ((val = zoneIdZone.find(c.domain_id)) != zoneIdZone.end()) {
00963dea
CH		 1787 object["zone_id"] = apiZoneNameToId(val->second.zone);
1788 object["zone"] = val->second.zone.toString();
720ed2bd 1789 }
00963dea 1790 doc.push_back(object);
b1902fab
CH		 1791 }
1792 }
4bd3d119 1793
b1902fab
CH		 1794 resp->setBody(doc);
1795}
1796
c0f6a1da 1797void apiServerCacheFlush(HttpRequest* req, HttpResponse* resp) {
a426cb89
CH		 1798 if(req->method != "PUT")
1799 throw HttpMethodNotAllowedException();
80d59cd1 1800
c0f6a1da
CH		 1801 DNSName canon = apiNameToDNSName(req->getvars["domain"]);
1802
bf269e28 1803 uint64_t count = purgeAuthCachesExact(canon);
f682752a 1804 resp->setBody(Json::object {
bf269e28
RG		 1805 { "count", (int) count },
1806 { "result", "Flushed cache." }
f682752a 1807 });
ddc84d12
CH		 1808}
1809
dea47634 1810void AuthWebServer::cssfunction(HttpRequest* req, HttpResponse* resp)
c67bf8c5 1811{
80d59cd1
CH		 1812 resp->headers["Cache-Control"] = "max-age=86400";
1813 resp->headers["Content-Type"] = "text/css";
c67bf8c5 1814
1071abdd 1815 ostringstream ret;
1071abdd
CH		 1816 ret<<"* { box-sizing: border-box; margin: 0; padding: 0; }"<<endl;
1817 ret<<"body { color: black; background: white; margin-top: 1em; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 10pt; position: relative; }"<<endl;
1818 ret<<"a { color: #0959c2; }"<<endl;
1819 ret<<"a:hover { color: #3B8EC8; }"<<endl;
1820 ret<<".row { width: 940px; max-width: 100%; min-width: 768px; margin: 0 auto; }"<<endl;
1821 ret<<".row:before, .row:after { display: table; content:\" \"; }"<<endl;
1822 ret<<".row:after { clear: both; }"<<endl;
1823 ret<<".columns { position: relative; min-height: 1px; float: left; }"<<endl;
1824 ret<<".all { width: 100%; }"<<endl;
1825 ret<<".headl { width: 60%; }"<<endl;
1826 ret<<".headr { width: 39.5%; float: right; background-repeat: no-repeat; margin-top: 7px; ";
1827 ret<<"background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAJoAAAAUCAYAAAB1RSS/AAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAACtgAAArYBAHIqtQAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAABBTSURBVGiBtVp7cFRVmv9u3763b7/f9It00iFACBohgCEyQYgKI49CLV3cWaoEZBcfo2shu7KOtZbjrqOuVQtVWFuOrPqPRU3NgOIDlkgyJEYJwUAqjzEJedFJupN0p9/v+9o/mtve7r790HF+VbeSPue7555zz+98z4ucOXNmgWVZBH4AK5PJGIPBQBqNxpTNZkthGMZCCUxMTBCDg4PyiYkJWTQaRc1mc7Kuri7a1NQU4ssxDAOffPKJAQCynvnII494ESTddO3aNaXT6SS4TplMRj/44IM+7ndXV5dqfn5ewh9306ZNQZqmobu7W11qri0tLX6tVkv19vYqpqampPw+BEFYtVpNGQwG0mKxpJYsWUIKjTE6OiodGBhQ8NcgkUgYjUZDORyOhM1mSxV6fjAYFF+6dEnLb9NoNOR9990X4H53dHSovV4vzpfZvn27T6FQ0Py2sbExorOzU+N2uwmWZUGv15N33nlnuLGxMZy7byyVQEJ//nd9Yuz/lJR/HBdrHSlJ9baIuuV1L4LJ8/Y49pc/KcJX39WRC4MEgskY3Lourmn5rQdbckfe2ijfOBZo+40xNXtNysR9KLZkdVK+9oBf0fBkCABA3NraamTZwjxSKpXUAw884G1paQkUIty5c+f0Fy5cWMIfx+l0Snt6ejTt7e26AwcOuKxWawoAQCQSQW9vr3pxcTHrJTY3Nwe5Tb18+bJ2bGxMzvWhKMpu27bNj6IoCwDQ1tamd7lcRM79genpaaK1tdVQcDG3sXbt2rBWq6X6+/sV3d3d2mKyy5cvj+7cudO7atWqGL99bGxMWuxZOp0utX37du+9994b5A4Qh2AwiObei6Ioe/fdd4eVSiUNAHD16lX1+Pi4nC+zadOmIJ9oZ8+eNeTu3/T0tLSvr0/V3d0dPXr0qJNrZ+KL6MKpjZWUbyxzQMmFIYJcGCISw5+qjE9+M4UqLJmx/RdeWBK+elKfGTjuR+OhWSxx86JS/9D/zsrufDzMdSXGv5J5/vBYBZuKiLi25HS3LDndLUuMX1IYHjvtynQUQjgcFp89e9b8zjvv2BmGyepjWRbeffdd2/nz55cUIqvT6ZSeOHHC7vf7xVyb3W6P58rNzc1liOfxeLJISNM04na7Me63z+fD+P1SqZQupHn+Wty8eVN+4sSJyv7+fnlp6R/g8/nw06dPW0+ePLmUJEmklDxN08iVK1dU5Y7f0dGhvnjxYkElQVFU1jP9Xz5j4pMsSzYwifvPPWnhfsdHPpdnkYwHlk4ivi9/baFDM2IAACYZEi1++qSVTzI+YkN/VEe++726JNE4TE1Nyc6cOWPkt3322Wf6/v7+ki8nEAhgH3zwQWYhDoejINGSyaQoFAphuf2zs7MSAIBIJIImEgmU32ez2RLlruOngGVZ+Oijj6w+n09cWjobg4ODyg8//NBSWhLgu+++K4toJEkin376qancObBkFIl/f7bo2ImxC0om5kUBACK9pzTFZJlEAI0O/kEJABAf+UJOh115+8VH5MZHGkGimc3mRK66BwBoa2szBAIBMUB6w1tbW415QgUwOjqqGB4elgIA1NTU5BGN02IulwsXOqUul0sCADA/P5+3qIqKip+NaARBMBiGMbnt0Wg0z68qF729vepr164pS8k5nU7ZwsJC0U0DAOjp6VHGYjE0t10kEgmqt5TrOwIYqqRWTbmuSQAASM9fiFKy5Fx/Wnaur7Ss53tC8IQ+/fTTM/F4HH3rrbcc/E1nWRYmJyeJtWvXRr7++mt1rnoGANi6devipk2bgsePH7dHIpGs8Ts7O7W1tbXxqqqqJIZhLN+keDweDADA7XbjuWPebpcAACwsLOT1V1VVFSSayWRKvvLKK5P8tmLBTVNTk//hhx/2vv/++5aBgYEsLeB0OqWF7gMAsFqtiYqKivj169c1ueaytbVVv2HDhnChewHS7/fKlSuqPXv2LBaTyw1gAABqa2sjhw4dck1PT0vOnz9v4O+NWFNdlluBqispAABUYSEp/6TgPmRkVba0rGppybFRpZksaDodDkeioqIiT/M4nU4JAMDIyEiez1JTUxN9/PHHFyoqKpJbtmzx5faPj4/LANKOr9VqzRqbi7D4vhof8/PzOMAPhMyZa948OSAIAjiOs/xLSFvzIZFImO3bt+fNn9OqhaDRaMiDBw/Obd26NY8oTqdTWmhtfPT29paMmkOhUJ6CkEgkjFKppOvq6mIvvviis76+PkNqVF1BiQ21yWJjoiobiRlWpQAACMeWaKk5EMu2RQEAiOr7YyBCi2YliMrN0aI+Wjwez+vn/KOZmZk8lbl69eoI97+QeQwEAhgXFFRVVWX1+/1+nGVZyE1bcPB6vRKWZSE35JdKpbTJZCp4qiiKQmZmZnDuEiKqEITWTtN0SfMDALBjx45FiUSSZ35HRkaKakQAgPn5ecnU1FRRQuv1+rz0Qn9/v+ry5ctqgPTh2rFjR9ZB0e78Hzcgedb2NhDQ7vq9C24fQNXm3/gww8qCxJTX/4OfcGyJAwBgS+pSqo3/XFADo0oLqdn2lkeQaAzDIB0dHWqPx5O3YK1WSzIMA7lmEQDAaDSSQv/zEQwGUQCA6urqLKJRFIV4PB6MH3GqVCqS3z83N4cvLi5mEaVUIOD1evHXX399GXedOnXKWkweIJ3r++abb/IcYqPRWDA3xodUKmWEyMCZ/1IolQvMfXcAabN7+vRp68cff2wS8nElVVvihl99cQtV27PmhapspOHvzzmJ5Tsy6RtELGGX7G+7JV2xIysHiqAYq/rFv3h0e96f57drHnjTo2n57TwiJrIOl6SyOWo6cPmWiNAwgj7am2++6Ugmk4IkrK2tjUWjUVRoMXK5PJOHkclkdJ4AAESjURQAYPny5YKRJ59odXV1EX6ea2ZmRpKbf/s5AwEAgO+//17+8ssv1/j9/jzNt3HjxmC542g0GjI318etXQgoirKcxrx+/brKYDAUJPW6desiFy5ciM/MzORpyM7OTl04HEYPHz7synURiJpfxizPj4+T8/0S0jOEiw2rUrh5TRJE+TRAFWba+KvPZung9Hxy9iohwpUMvnRjQkSo8zQ1ICJQbX7Zp2h8LpCa7ZEwUY8Yt21IiHXLMopCkEyFSFZZWRmz2+0FVSqXUL39v6AM5yTr9XpKrVZnab2RkRFZKpXKPHvlypUxvuM+PT0tCQaDWW+lWCDwUzA3N0cIkay2tjbS0tLiL3ccoYNWzPRWVVXFcBxnAACCwSAmRCIOCILA/v373QqFghLqv3Hjhrq9vb1gioIFBNLFoLI8gbKBILdHRNi8ocvOC6nVavLw4cOzAAAKhYJGEARytRo/5A6Hw4JMk8lkmRNht9vjAwMDmU0dGhril3TAbDanDAZD0u12EwAAw8PDCoZhspZQLBD4KRBa17Zt27wPPfSQVyQqO+0IQumHQloeIB0Jr169Onzjxg01QOHDzqGioiJ55MiRW8ePH68UCg6+/PJLY0tLS4Cv1RJjF2W+z5+2UEFnxiqgKhup2/muW7pyV1YAQEfmUN9n/2SOj57PRN4IirHKphe86q2vLSIozktHMBDq+p0u3PkfRpZKZOYtqWyOavd86BZrlxWOOjMTQVH2jjvuCL/wwgtOvV5PAaQ3QyqV5r20SCSSebmhUEiQaCqVKnNfLkk4QnEwmUyk2WzOaNDp6emsU14qEABIO87Hjh2b5K79+/e7i8kLVS0UCgXF19blINfEAwCoVCpBDcShsbExVKw/FzabLXXs2LFJIT81Go2K+YFPYqpDuvDx7ko+yQAA6NAs5jn9sD1+84KMa2OpJLLw0X2VfJIBALA0iYS6/svoO/ePWcni4KWXjKH2V0x8kgEAJG99Lfd8uLmSSfiFj+j999/v3bt3r/vgwYMzb7zxxthzzz03w9UqOVit1rzFjY6OZiY7NDSUl/4gCIIxmUyZcZYtW1ZQG0mlUloul9Nmszkjn1sCK6cigGEY63A4EtxlsViKOvQOhyOm0WiyyNve3q4vN+IESKeAhKJnISeej/r6+ijfzy2Evr4+Oad19Xo9dejQoVkhbev1ejNE83/xjAXYfPcqDRZ8nz9lhdtjhjr/U0d6RwoGLtH+j7WJyctSAADSM4SHu/9bsFwFAECHXVjwq381ChKtubk50NLSEmhsbAxrNBrBU7hixYq8XMvg4KByamqKmJubw7799ts8H6GqqirGV+XV1dWJQppCq9WSAABWq7WgT/hzBwIAaW3d0NCQpVkCgQDW1dVVVnnI5XLhp06dsuW24zjO1NTUFJ0viqJsfX19Sa3W09Ojfu+996xcCkapVNIoiuaxyGAwkAAAdHBaXIw4AGnNRnqHcQCAxOTlknXdxHirHAAgOXFJBkzxQ5ic6pD/6Nodh9uRT1YxPRaLoW+//XaVWCxmhXyMe+65J8D/jeM4a7FYEkKOL5ceWLp0aUGiVVZWliSax+PBX3rppRp+27PPPjtdLKhpamoKtre3Z53Sr776yrB58+a8LzH4GB4eVr722muCpaaGhoYgQRCFVEoGGzduDF65cqVkqevGjRvqgYEBld1uj8/NzUlIMtsNwnGc4VJMlH+yrNwhFbglxoyrUnTEXVKeDs2K039nSstG5rDyvdscLF26NNnQ0JAX7tM0jQiRzGQyJdevXx/Jba+srBQ0J3q9ngRIBwRisVhQ65UTCNA0jQQCAYx/CZXO+LDb7UmLxZJFYo/Hg1+9erVovTLXtHMgCILevXt30bISh5UrV8ZzTXchUBSFTExMyIQCj7q6ugh3KHDbugSIhN8hHxLb+iQAAGasK+2SmOvTsuY1pWWNqxI/mWgAAI8++uiCTqcrmcTEMIzZt2+fW8hMFvJbuNMoEokEM+FSqZQ2m81/k0+DAADWr1+fZ8IuXrxY8lu3XKAoyu7bt8/NmbFSEDLdPxYSiYTZu3dvJqmKYHJWturhomNKa34ZFskMNACAYt2hQDFZEaGh5XfsDQMAECt2R1Glreja5GsOBP4qoul0Ouro0aO3TCZTQTOkUqnII0eO3FqxYoUgoYRKVQAA/ISl0Ph/60+Dmpqa8syky+Ui+vr6yv4uTavVks8///ytUsV0oWf/GHk+pFIp/cQTT8zqdLos31q36+S8WFcjuE9iTVVK99CpTDQuXbk7qmz8taAGRlAJq9t50o2qllIAACKJitHu+cCF4ApBdS5d/XdB+fqnguLq6upobm4Kx/GyQ3m9Xk+9+uqrk21tbZquri6t1+vFWZYFi8WSdDgcsV27di1qtdqCYb3ZbCZra2sjueaW/yl0XV1dNBwOZ/mT/KIxB6VSSTkcjlhuey44X8lkMqVy5TmC6/V6qrGx0Z8bPY6OjsrWrFkT1el0ec9CUZRVqVSUWq2mqqur4xs2bAgL+XQSiYTJvZcf9Njt9uRdd90Vys2PcQnd5ubmAMMwcPPmTXk0GhUDpCsRVVVVsccee2yBS0PxIZLqacszfZPBP7+qj4+1Kilf+lNuYtkDEU3La3mfcmsfPL4gqfxFrJxPuYll22Kmp/omgpf+zZia7ZEyCT+KGVcn5WsP+uUNh0IAAP8PaQRnE4MgdzkAAAAASUVORK5CYII=);";
1828 ret<<" width: 154px; height: 20px; }"<<endl;
1829 ret<<"a#appname { margin: 0; font-size: 27px; color: #666; text-decoration: none; font-weight: bold; display: block; }"<<endl;
1830 ret<<"footer { border-top: 1px solid #ddd; padding-top: 4px; font-size: 12px; }"<<endl;
1831 ret<<"footer.row { margin-top: 1em; margin-bottom: 1em; }"<<endl;
1832 ret<<".panel { background: #f2f2f2; border: 1px solid #e6e6e6; margin: 0 0 22px 0; padding: 20px; }"<<endl;
1833 ret<<"table.data { width: 100%; border-spacing: 0; border-top: 1px solid #333; }"<<endl;
1834 ret<<"table.data td { border-bottom: 1px solid #333; padding: 2px; }"<<endl;
1835 ret<<"table.data tr:nth-child(2n) { background: #e2e2e2; }"<<endl;
1836 ret<<"table.data tr:hover { background: white; }"<<endl;
1837 ret<<".ringmeta { margin-bottom: 5px; }"<<endl;
1838 ret<<".resetring {float: right; }"<<endl;
1839 ret<<".resetring i { background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAA/klEQVQY01XPP04UUBgE8N/33vd2XZUWEuzYuMZEG4KFCQn2NhA4AIewAOMBPIG2xhNYeAcKGqkNCdmYlVBZGBIT4FHsbuE0U8xk/kAbqm9TOfI/nicfhmwgDNhvylUT58kxCp4l31L8SfH9IetJ2ev6PwyIwyZWsdb11/gbTK55Co+r8rmJaRPTFJcpZil+pTit7C5awMpA+Zpi1sRFE9MqflYOloYCjY2uP8EdYiGU4CVGUBubxKfOOLjrtOBmzvEilbVb/aQWvhRl0unBZVXe4XdnK+bprwqnhoyTsyZ+JG8Wk0apfExxlcp7PFruXH8gdxamWB4cyW2sIO4BG3czIp78jUIAAAAASUVORK5CYII=); width: 10px; height: 10px; margin-right: 2px; display: inline-block; background-repeat: no-repeat; }"<<endl;
1840 ret<<".resetring:hover i { background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAA2ElEQVQY013PMUoDcRDF4c+kEzxCsNNCrBQvIGhnlcYm11EkBxAraw8gglgIoiJpAoKIYlBcgrgopsma3c3fwt1k9cHA480M8xvQp/nMjorOWY5ov7IAYlpjQk7aYxcuWBpwFQgJnUcaYk7GhEDIGL5w+MVpKLIRyR2b4JOjvGhUKzHTv2W7iuSN479Dvu9plf1awbQ6y3x1sU5tjpVJcMbakF6Ycoas8Dl5xEHJ160wRdfqzXfa6XQ4PLDlicWUjxHxZfndL/N+RhiwNzl/Q6PDhn/qsl76H7prcApk2B1aAAAAAElFTkSuQmCC);}"<<endl;
1841 ret<<".resizering {float: right;}"<<endl;
80d59cd1 1842 resp->body = ret.str();
c146576d 1843 resp->status = 200;
1071abdd
CH		 1844}
1845
dea47634 1846void AuthWebServer::webThread()
12c86877
BH		 1847{
1848 try {
479e0976 1849 if(::arg().mustDo("api")) {
c0f6a1da 1850 d_ws->registerApiHandler("/api/v1/servers/localhost/cache/flush", &apiServerCacheFlush);
46d06a12 1851 d_ws->registerApiHandler("/api/v1/servers/localhost/config", &apiServerConfig);
46d06a12
PL		 1852 d_ws->registerApiHandler("/api/v1/servers/localhost/search-log", &apiServerSearchLog);
1853 d_ws->registerApiHandler("/api/v1/servers/localhost/search-data", &apiServerSearchData);
1854 d_ws->registerApiHandler("/api/v1/servers/localhost/statistics", &apiServerStatistics);
1855 d_ws->registerApiHandler("/api/v1/servers/localhost/zones/<id>/axfr-retrieve", &apiServerZoneAxfrRetrieve);
1856 d_ws->registerApiHandler("/api/v1/servers/localhost/zones/<id>/cryptokeys/<key_id>", &apiZoneCryptokeys);
1857 d_ws->registerApiHandler("/api/v1/servers/localhost/zones/<id>/cryptokeys", &apiZoneCryptokeys);
1858 d_ws->registerApiHandler("/api/v1/servers/localhost/zones/<id>/export", &apiServerZoneExport);
24e11043
CJ		 1859 d_ws->registerApiHandler("/api/v1/servers/localhost/zones/<id>/metadata/<kind>", &apiZoneMetadataKind);
1860 d_ws->registerApiHandler("/api/v1/servers/localhost/zones/<id>/metadata", &apiZoneMetadata);
46d06a12 1861 d_ws->registerApiHandler("/api/v1/servers/localhost/zones/<id>/notify", &apiServerZoneNotify);
4bc8379e 1862 d_ws->registerApiHandler("/api/v1/servers/localhost/zones/<id>/rectify", &apiServerZoneRectify);
46d06a12
PL		 1863 d_ws->registerApiHandler("/api/v1/servers/localhost/zones/<id>", &apiServerZoneDetail);
1864 d_ws->registerApiHandler("/api/v1/servers/localhost/zones", &apiServerZones);
1865 d_ws->registerApiHandler("/api/v1/servers/localhost", &apiServerDetail);
1866 d_ws->registerApiHandler("/api/v1/servers", &apiServer);
9e6d2033 1867 d_ws->registerApiHandler("/api", &apiDiscovery);
c67bf8c5 1868 }
536ab56f
CH		 1869 if (::arg().mustDo("webserver")) {
1870 d_ws->registerWebHandler("/style.css", boost::bind(&AuthWebServer::cssfunction, this, _1, _2));
1871 d_ws->registerWebHandler("/", boost::bind(&AuthWebServer::indexfunction, this, _1, _2));
1872 }
96d299db 1873 d_ws->go();
12c86877
BH		 1874 }
1875 catch(...) {
dea47634 1876 L<<Logger::Error<<"AuthWebServer thread caught an exception, dying"<<endl;
5bd2ea7b 1877 _exit(1);
12c86877
BH		 1878 }
1879}
Unnamed repository; edit this file 'description' to name the repository.