]> git.ipfire.org Git - thirdparty/pdns.git/blob - pdns/ws-auth.cc
projects / thirdparty / pdns.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
auth API: use default options for cryptokeys
[thirdparty/pdns.git] / pdns / ws-auth.cc
1 /*
2 * This file is part of PowerDNS or dnsdist.
3 * Copyright -- PowerDNS.COM B.V. and its contributors
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of version 2 of the GNU General Public License as
7 * published by the Free Software Foundation.
8 *
9 * In addition, for the avoidance of any doubt, permission is granted to
10 * link this program with OpenSSL and to (re)distribute the binaries
11 * produced as the result of such linking.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22 #ifdef HAVE_CONFIG_H
23 #include "config.h"
24 #endif
25 #include "utility.hh"
26 #include "dynlistener.hh"
27 #include "ws-auth.hh"
28 #include "json.hh"
29 #include "webserver.hh"
30 #include "logger.hh"
31 #include "statbag.hh"
32 #include "misc.hh"
33 #include "arguments.hh"
34 #include "dns.hh"
35 #include "comment.hh"
36 #include "ueberbackend.hh"
37 #include <boost/format.hpp>
38
39 #include "namespaces.hh"
40 #include "ws-api.hh"
41 #include "version.hh"
42 #include "dnsseckeeper.hh"
43 #include <iomanip>
44 #include "zoneparser-tng.hh"
45 #include "common_startup.hh"
46 #include "auth-caches.hh"
47
48 using json11::Json;
49
50 extern StatBag S;
51
52 static void patchZone(HttpRequest* req, HttpResponse* resp);
53 static void storeChangedPTRs(UeberBackend& B, vector<DNSResourceRecord>& new_ptrs);
54 static void makePtr(const DNSResourceRecord& rr, DNSResourceRecord* ptr);
55
56 AuthWebServer::AuthWebServer()
57 {
58 d_start=time(0);
59 d_min10=d_min5=d_min1=0;
60 d_ws = 0;
61 d_tid = 0;
62 if(arg().mustDo("webserver") || arg().mustDo("api")) {
63 d_ws = new WebServer(arg()["webserver-address"], arg().asNum("webserver-port"));
64 d_ws->bind();
65 }
66 }
67
68 void AuthWebServer::go()
69 {
70 S.doRings();
71 pthread_create(&d_tid, 0, webThreadHelper, this);
72 pthread_create(&d_tid, 0, statThreadHelper, this);
73 }
74
75 void AuthWebServer::statThread()
76 {
77 try {
78 for(;;) {
79 d_queries.submit(S.read("udp-queries"));
80 d_cachehits.submit(S.read("packetcache-hit"));
81 d_cachemisses.submit(S.read("packetcache-miss"));
82 d_qcachehits.submit(S.read("query-cache-hit"));
83 d_qcachemisses.submit(S.read("query-cache-miss"));
84 Utility::sleep(1);
85 }
86 }
87 catch(...) {
88 L<<Logger::Error<<"Webserver statThread caught an exception, dying"<<endl;
89 exit(1);
90 }
91 }
92
93 void *AuthWebServer::statThreadHelper(void *p)
94 {
95 AuthWebServer *self=static_cast<AuthWebServer *>(p);
96 self->statThread();
97 return 0; // never reached
98 }
99
100 void *AuthWebServer::webThreadHelper(void *p)
101 {
102 AuthWebServer *self=static_cast<AuthWebServer *>(p);
103 self->webThread();
104 return 0; // never reached
105 }
106
107 static string htmlescape(const string &s) {
108 string result;
109 for(string::const_iterator it=s.begin(); it!=s.end(); ++it) {
110 switch (*it) {
111 case '&':
112 result += "&amp;";
113 break;
114 case '<':
115 result += "&lt;";
116 break;
117 case '>':
118 result += "&gt;";
119 break;
120 case '"':
121 result += "&quot;";
122 break;
123 default:
124 result += *it;
125 }
126 }
127 return result;
128 }
129
130 void printtable(ostringstream &ret, const string &ringname, const string &title, int limit=10)
131 {
132 int tot=0;
133 int entries=0;
134 vector<pair <string,unsigned int> >ring=S.getRing(ringname);
135
136 for(vector<pair<string, unsigned int> >::const_iterator i=ring.begin(); i!=ring.end();++i) {
137 tot+=i->second;
138 entries++;
139 }
140
141 ret<<"<div class=\"panel\">";
142 ret<<"<span class=resetring><i></i><a href=\"?resetring="<<htmlescape(ringname)<<"\">Reset</a></span>"<<endl;
143 ret<<"<h2>"<<title<<"</h2>"<<endl;
144 ret<<"<div class=ringmeta>";
145 ret<<"<a class=topXofY href=\"?ring="<<htmlescape(ringname)<<"\">Showing: Top "<<limit<<" of "<<entries<<"</a>"<<endl;
146 ret<<"<span class=resizering>Resize: ";
147 unsigned int sizes[]={10,100,500,1000,10000,500000,0};
148 for(int i=0;sizes[i];++i) {
149 if(S.getRingSize(ringname)!=sizes[i])
150 ret<<"<a href=\"?resizering="<<htmlescape(ringname)<<"&amp;size="<<sizes[i]<<"\">"<<sizes[i]<<"</a> ";
151 else
152 ret<<"("<<sizes[i]<<") ";
153 }
154 ret<<"</span></div>";
155
156 ret<<"<table class=\"data\">";
157 int printed=0;
158 int total=max(1,tot);
159 for(vector<pair<string,unsigned int> >::const_iterator i=ring.begin();limit && i!=ring.end();++i,--limit) {
160 ret<<"<tr><td>"<<htmlescape(i->first)<<"</td><td>"<<i->second<<"</td><td align=right>"<< AuthWebServer::makePercentage(i->second*100.0/total)<<"</td>"<<endl;
161 printed+=i->second;
162 }
163 ret<<"<tr><td colspan=3></td></tr>"<<endl;
164 if(printed!=tot)
165 ret<<"<tr><td><b>Rest:</b></td><td><b>"<<tot-printed<<"</b></td><td align=right><b>"<< AuthWebServer::makePercentage((tot-printed)*100.0/total)<<"</b></td>"<<endl;
166
167 ret<<"<tr><td><b>Total:</b></td><td><b>"<<tot<<"</b></td><td align=right><b>100%</b></td>";
168 ret<<"</table></div>"<<endl;
169 }
170
171 void AuthWebServer::printvars(ostringstream &ret)
172 {
173 ret<<"<div class=panel><h2>Variables</h2><table class=\"data\">"<<endl;
174
175 vector<string>entries=S.getEntries();
176 for(vector<string>::const_iterator i=entries.begin();i!=entries.end();++i) {
177 ret<<"<tr><td>"<<*i<<"</td><td>"<<S.read(*i)<<"</td><td>"<<S.getDescrip(*i)<<"</td>"<<endl;
178 }
179
180 ret<<"</table></div>"<<endl;
181 }
182
183 void AuthWebServer::printargs(ostringstream &ret)
184 {
185 ret<<"<table border=1><tr><td colspan=3 bgcolor=\"#0000ff\"><font color=\"#ffffff\">Arguments</font></td>"<<endl;
186
187 vector<string>entries=arg().list();
188 for(vector<string>::const_iterator i=entries.begin();i!=entries.end();++i) {
189 ret<<"<tr><td>"<<*i<<"</td><td>"<<arg()[*i]<<"</td><td>"<<arg().getHelp(*i)<<"</td>"<<endl;
190 }
191 }
192
193 string AuthWebServer::makePercentage(const double& val)
194 {
195 return (boost::format("%.01f%%") % val).str();
196 }
197
198 void AuthWebServer::indexfunction(HttpRequest* req, HttpResponse* resp)
199 {
200 if(!req->getvars["resetring"].empty()) {
201 if (S.ringExists(req->getvars["resetring"]))
202 S.resetRing(req->getvars["resetring"]);
203 resp->status = 301;
204 resp->headers["Location"] = req->url.path;
205 return;
206 }
207 if(!req->getvars["resizering"].empty()){
208 int size=std::stoi(req->getvars["size"]);
209 if (S.ringExists(req->getvars["resizering"]) && size > 0 && size <= 500000)
210 S.resizeRing(req->getvars["resizering"], std::stoi(req->getvars["size"]));
211 resp->status = 301;
212 resp->headers["Location"] = req->url.path;
213 return;
214 }
215
216 ostringstream ret;
217
218 ret<<"<!DOCTYPE html>"<<endl;
219 ret<<"<html><head>"<<endl;
220 ret<<"<title>PowerDNS Authoritative Server Monitor</title>"<<endl;
221 ret<<"<link rel=\"stylesheet\" href=\"style.css\"/>"<<endl;
222 ret<<"</head><body>"<<endl;
223
224 ret<<"<div class=\"row\">"<<endl;
225 ret<<"<div class=\"headl columns\">";
226 ret<<"<a href=\"/\" id=\"appname\">PowerDNS "<<htmlescape(VERSION);
227 if(!arg()["config-name"].empty()) {
228 ret<<" ["<<htmlescape(arg()["config-name"])<<"]";
229 }
230 ret<<"</a></div>"<<endl;
231 ret<<"<div class=\"headr columns\"></div></div>";
232 ret<<"<div class=\"row\"><div class=\"all columns\">";
233
234 time_t passed=time(0)-s_starttime;
235
236 ret<<"<p>Uptime: "<<
237 humanDuration(passed)<<
238 "<br>"<<endl;
239
240 ret<<"Queries/second, 1, 5, 10 minute averages: "<<std::setprecision(3)<<
241 (int)d_queries.get1()<<", "<<
242 (int)d_queries.get5()<<", "<<
243 (int)d_queries.get10()<<". Max queries/second: "<<(int)d_queries.getMax()<<
244 "<br>"<<endl;
245
246 if(d_cachemisses.get10()+d_cachehits.get10()>0)
247 ret<<"Cache hitrate, 1, 5, 10 minute averages: "<<
248 makePercentage((d_cachehits.get1()*100.0)/((d_cachehits.get1())+(d_cachemisses.get1())))<<", "<<
249 makePercentage((d_cachehits.get5()*100.0)/((d_cachehits.get5())+(d_cachemisses.get5())))<<", "<<
250 makePercentage((d_cachehits.get10()*100.0)/((d_cachehits.get10())+(d_cachemisses.get10())))<<
251 "<br>"<<endl;
252
253 if(d_qcachemisses.get10()+d_qcachehits.get10()>0)
254 ret<<"Backend query cache hitrate, 1, 5, 10 minute averages: "<<std::setprecision(2)<<
255 makePercentage((d_qcachehits.get1()*100.0)/((d_qcachehits.get1())+(d_qcachemisses.get1())))<<", "<<
256 makePercentage((d_qcachehits.get5()*100.0)/((d_qcachehits.get5())+(d_qcachemisses.get5())))<<", "<<
257 makePercentage((d_qcachehits.get10()*100.0)/((d_qcachehits.get10())+(d_qcachemisses.get10())))<<
258 "<br>"<<endl;
259
260 ret<<"Backend query load, 1, 5, 10 minute averages: "<<std::setprecision(3)<<
261 (int)d_qcachemisses.get1()<<", "<<
262 (int)d_qcachemisses.get5()<<", "<<
263 (int)d_qcachemisses.get10()<<". Max queries/second: "<<(int)d_qcachemisses.getMax()<<
264 "<br>"<<endl;
265
266 ret<<"Total queries: "<<S.read("udp-queries")<<". Question/answer latency: "<<S.read("latency")/1000.0<<"ms</p><br>"<<endl;
267 if(req->getvars["ring"].empty()) {
268 vector<string>entries=S.listRings();
269 for(vector<string>::const_iterator i=entries.begin();i!=entries.end();++i)
270 printtable(ret,*i,S.getRingTitle(*i));
271
272 printvars(ret);
273 if(arg().mustDo("webserver-print-arguments"))
274 printargs(ret);
275 }
276 else if(S.ringExists(req->getvars["ring"]))
277 printtable(ret,req->getvars["ring"],S.getRingTitle(req->getvars["ring"]),100);
278
279 ret<<"</div></div>"<<endl;
280 ret<<"<footer class=\"row\">"<<fullVersionString()<<"<br>&copy; 2013 - 2017 <a href=\"http://www.powerdns.com/\">PowerDNS.COM BV</a>.</footer>"<<endl;
281 ret<<"</body></html>"<<endl;
282
283 resp->body = ret.str();
284 resp->status = 200;
285 }
286
287 /** Helper to build a record content as needed. */
288 static inline string makeRecordContent(const QType& qtype, const string& content, bool noDot) {
289 // noDot: for backend storage, pass true. for API users, pass false.
290 auto drc = DNSRecordContent::makeunique(qtype.getCode(), QClass::IN, content);
291 return drc->getZoneRepresentation(noDot);
292 }
293
294 /** "Normalize" record content for API consumers. */
295 static inline string makeApiRecordContent(const QType& qtype, const string& content) {
296 return makeRecordContent(qtype, content, false);
297 }
298
299 /** "Normalize" record content for backend storage. */
300 static inline string makeBackendRecordContent(const QType& qtype, const string& content) {
301 return makeRecordContent(qtype, content, true);
302 }
303
304 static Json::object getZoneInfo(const DomainInfo& di, DNSSECKeeper *dk) {
305 string zoneId = apiZoneNameToId(di.zone);
306 return Json::object {
307 // id is the canonical lookup key, which doesn't actually match the name (in some cases)
308 { "id", zoneId },
309 { "url", "/api/v1/servers/localhost/zones/" + zoneId },
310 { "name", di.zone.toString() },
311 { "kind", di.getKindString() },
312 { "dnssec", dk->isSecuredZone(di.zone) },
313 { "account", di.account },
314 { "masters", di.masters },
315 { "serial", (double)di.serial },
316 { "notified_serial", (double)di.notified_serial },
317 { "last_check", (double)di.last_check }
318 };
319 }
320
321 static void fillZone(const DNSName& zonename, HttpResponse* resp) {
322 UeberBackend B;
323 DomainInfo di;
324 if(!B.getDomainInfo(zonename, di))
325 throw ApiException("Could not find domain '"+zonename.toString()+"'");
326
327 DNSSECKeeper dk(&B);
328 Json::object doc = getZoneInfo(di, &dk);
329 // extra stuff getZoneInfo doesn't do for us (more expensive)
330 string soa_edit_api;
331 di.backend->getDomainMetadataOne(zonename, "SOA-EDIT-API", soa_edit_api);
332 doc["soa_edit_api"] = soa_edit_api;
333 string soa_edit;
334 di.backend->getDomainMetadataOne(zonename, "SOA-EDIT", soa_edit);
335 doc["soa_edit"] = soa_edit;
336
337 vector<DNSResourceRecord> records;
338 vector<Comment> comments;
339
340 // load all records + sort
341 {
342 DNSResourceRecord rr;
343 di.backend->list(zonename, di.id, true); // incl. disabled
344 while(di.backend->get(rr)) {
345 if (!rr.qtype.getCode())
346 continue; // skip empty non-terminals
347 records.push_back(rr);
348 }
349 sort(records.begin(), records.end(), [](const DNSResourceRecord& a, const DNSResourceRecord& b) {
350 if (a.qname == b.qname) {
351 return b.qtype < a.qtype;
352 }
353 return b.qname < a.qname;
354 });
355 }
356
357 // load all comments + sort
358 {
359 Comment comment;
360 di.backend->listComments(di.id);
361 while(di.backend->getComment(comment)) {
362 comments.push_back(comment);
363 }
364 sort(comments.begin(), comments.end(), [](const Comment& a, const Comment& b) {
365 if (a.qname == b.qname) {
366 return b.qtype < a.qtype;
367 }
368 return b.qname < a.qname;
369 });
370 }
371
372 Json::array rrsets;
373 Json::object rrset;
374 Json::array rrset_records;
375 Json::array rrset_comments;
376 DNSName current_qname;
377 QType current_qtype;
378 uint32_t ttl;
379 auto rit = records.begin();
380 auto cit = comments.begin();
381
382 while (rit != records.end() || cit != comments.end()) {
383 if (cit == comments.end() || (rit != records.end() && (cit->qname.toString() <= rit->qname.toString() || cit->qtype < rit->qtype || cit->qtype == rit->qtype))) {
384 current_qname = rit->qname;
385 current_qtype = rit->qtype;
386 ttl = rit->ttl;
387 } else {
388 current_qname = cit->qname;
389 current_qtype = cit->qtype;
390 ttl = 0;
391 }
392
393 while(rit != records.end() && rit->qname == current_qname && rit->qtype == current_qtype) {
394 ttl = min(ttl, rit->ttl);
395 rrset_records.push_back(Json::object {
396 { "disabled", rit->disabled },
397 { "content", makeApiRecordContent(rit->qtype, rit->content) }
398 });
399 rit++;
400 }
401 while (cit != comments.end() && cit->qname == current_qname && cit->qtype == current_qtype) {
402 rrset_comments.push_back(Json::object {
403 { "modified_at", (double)cit->modified_at },
404 { "account", cit->account },
405 { "content", cit->content }
406 });
407 cit++;
408 }
409
410 rrset["name"] = current_qname.toString();
411 rrset["type"] = current_qtype.getName();
412 rrset["records"] = rrset_records;
413 rrset["comments"] = rrset_comments;
414 rrset["ttl"] = (double)ttl;
415 rrsets.push_back(rrset);
416 rrset.clear();
417 rrset_records.clear();
418 rrset_comments.clear();
419 }
420
421 doc["rrsets"] = rrsets;
422
423 resp->setBody(doc);
424 }
425
426 void productServerStatisticsFetch(map<string,string>& out)
427 {
428 vector<string> items = S.getEntries();
429 for(const string& item : items) {
430 out[item] = std::to_string(S.read(item));
431 }
432
433 // add uptime
434 out["uptime"] = std::to_string(time(0) - s_starttime);
435 }
436
437 static void gatherRecords(const Json container, const DNSName& qname, const QType qtype, const int ttl, vector<DNSResourceRecord>& new_records, vector<DNSResourceRecord>& new_ptrs) {
438 UeberBackend B;
439 DNSResourceRecord rr;
440 rr.qname = qname;
441 rr.qtype = qtype;
442 rr.auth = 1;
443 rr.ttl = ttl;
444 for(auto record : container["records"].array_items()) {
445 string content = stringFromJson(record, "content");
446 rr.disabled = boolFromJson(record, "disabled");
447
448 // validate that the client sent something we can actually parse, and require that data to be dotted.
449 try {
450 if (rr.qtype.getCode() != QType::AAAA) {
451 string tmp = makeApiRecordContent(rr.qtype, content);
452 if (!pdns_iequals(tmp, content)) {
453 throw std::runtime_error("Not in expected format (parsed as '"+tmp+"')");
454 }
455 } else {
456 struct in6_addr tmpbuf;
457 if (inet_pton(AF_INET6, content.c_str(), &tmpbuf) != 1 || content.find('.') != string::npos) {
458 throw std::runtime_error("Invalid IPv6 address");
459 }
460 }
461 rr.content = makeBackendRecordContent(rr.qtype, content);
462 }
463 catch(std::exception& e)
464 {
465 throw ApiException("Record "+rr.qname.toString()+"/"+rr.qtype.getName()+" '"+content+"': "+e.what());
466 }
467
468 if ((rr.qtype.getCode() == QType::A || rr.qtype.getCode() == QType::AAAA) &&
469 boolFromJson(record, "set-ptr", false) == true) {
470 DNSResourceRecord ptr;
471 makePtr(rr, &ptr);
472
473 // verify that there's a zone for the PTR
474 SOAData sd;
475 if (!B.getAuth(ptr.qname, QType(QType::PTR), &sd, false))
476 throw ApiException("Could not find domain for PTR '"+ptr.qname.toString()+"' requested for '"+ptr.content+"'");
477
478 ptr.domain_id = sd.domain_id;
479 new_ptrs.push_back(ptr);
480 }
481
482 new_records.push_back(rr);
483 }
484 }
485
486 static void gatherComments(const Json container, const DNSName& qname, const QType qtype, vector<Comment>& new_comments) {
487 Comment c;
488 c.qname = qname;
489 c.qtype = qtype;
490
491 time_t now = time(0);
492 for (auto comment : container["comments"].array_items()) {
493 c.modified_at = intFromJson(comment, "modified_at", now);
494 c.content = stringFromJson(comment, "content");
495 c.account = stringFromJson(comment, "account");
496 new_comments.push_back(c);
497 }
498 }
499
500 static void updateDomainSettingsFromDocument(const DomainInfo& di, const DNSName& zonename, const Json document) {
501 string zonemaster;
502 for(auto value : document["masters"].array_items()) {
503 string master = value.string_value();
504 if (master.empty())
505 throw ApiException("Master can not be an empty string");
506 zonemaster += master + " ";
507 }
508
509 di.backend->setKind(zonename, DomainInfo::stringToKind(stringFromJson(document, "kind")));
510 di.backend->setMaster(zonename, zonemaster);
511
512 if (document["soa_edit_api"].is_string()) {
513 di.backend->setDomainMetadataOne(zonename, "SOA-EDIT-API", document["soa_edit_api"].string_value());
514 }
515 if (document["soa_edit"].is_string()) {
516 di.backend->setDomainMetadataOne(zonename, "SOA-EDIT", document["soa_edit"].string_value());
517 }
518 if (document["account"].is_string()) {
519 di.backend->setAccount(zonename, document["account"].string_value());
520 }
521 }
522
523 static bool isValidMetadataKind(const string& kind, bool readonly) {
524 static vector<string> builtinOptions {
525 "ALLOW-AXFR-FROM",
526 "AXFR-SOURCE",
527 "ALLOW-DNSUPDATE-FROM",
528 "TSIG-ALLOW-DNSUPDATE",
529 "FORWARD-DNSUPDATE",
530 "SOA-EDIT-DNSUPDATE",
531 "NOTIFY-DNSUPDATE",
532 "ALSO-NOTIFY",
533 "AXFR-MASTER-TSIG",
534 "GSS-ALLOW-AXFR-PRINCIPAL",
535 "GSS-ACCEPTOR-PRINCIPAL",
536 "IXFR",
537 "LUA-AXFR-SCRIPT",
538 "NSEC3NARROW",
539 "NSEC3PARAM",
540 "PRESIGNED",
541 "PUBLISH-CDNSKEY",
542 "PUBLISH-CDS",
543 "SOA-EDIT",
544 "TSIG-ALLOW-AXFR",
545 "TSIG-ALLOW-DNSUPDATE"
546 };
547
548 // the following options do not allow modifications via API
549 static vector<string> protectedOptions {
550 "NSEC3NARROW",
551 "NSEC3PARAM",
552 "PRESIGNED",
553 "LUA-AXFR-SCRIPT"
554 };
555
556 if (kind.find("X-") == 0)
557 return true;
558
559 bool found = false;
560
561 for (const string& s : builtinOptions) {
562 if (kind == s) {
563 for (const string& s2 : protectedOptions) {
564 if (!readonly && s == s2)
565 return false;
566 }
567 found = true;
568 break;
569 }
570 }
571
572 return found;
573 }
574
575 static void apiZoneMetadata(HttpRequest* req, HttpResponse *resp) {
576 DNSName zonename = apiZoneIdToName(req->parameters["id"]);
577 UeberBackend B;
578
579 if (req->method == "GET") {
580 map<string, vector<string> > md;
581 Json::array document;
582
583 if (!B.getAllDomainMetadata(zonename, md))
584 throw HttpNotFoundException();
585
586 for (const auto& i : md) {
587 Json::array entries;
588 for (string j : i.second)
589 entries.push_back(j);
590
591 Json::object key {
592 { "type", "Metadata" },
593 { "kind", i.first },
594 { "metadata", entries }
595 };
596
597 document.push_back(key);
598 }
599
600 resp->setBody(document);
601 } else if (req->method == "POST" && !::arg().mustDo("api-readonly")) {
602 auto document = req->json();
603 string kind;
604 vector<string> entries;
605
606 try {
607 kind = stringFromJson(document, "kind");
608 } catch (JsonException) {
609 throw ApiException("kind is not specified or not a string");
610 }
611
612 if (!isValidMetadataKind(kind, false))
613 throw ApiException("Unsupported metadata kind '" + kind + "'");
614
615 vector<string> vecMetadata;
616
617 if (!B.getDomainMetadata(zonename, kind, vecMetadata))
618 throw ApiException("Could not retrieve metadata entries for domain '" +
619 zonename.toString() + "'");
620
621 auto& metadata = document["metadata"];
622 if (!metadata.is_array())
623 throw ApiException("metadata is not specified or not an array");
624
625 for (const auto& i : metadata.array_items()) {
626 if (!i.is_string())
627 throw ApiException("metadata must be strings");
628 else if (std::find(vecMetadata.cbegin(),
629 vecMetadata.cend(),
630 i.string_value()) == vecMetadata.cend()) {
631 vecMetadata.push_back(i.string_value());
632 }
633 }
634
635 if (!B.setDomainMetadata(zonename, kind, vecMetadata))
636 throw ApiException("Could not update metadata entries for domain '" +
637 zonename.toString() + "'");
638
639 Json::array respMetadata;
640 for (const string& s : vecMetadata)
641 respMetadata.push_back(s);
642
643 Json::object key {
644 { "type", "Metadata" },
645 { "kind", document["kind"] },
646 { "metadata", respMetadata }
647 };
648
649 resp->status = 201;
650 resp->setBody(key);
651 } else
652 throw HttpMethodNotAllowedException();
653 }
654
655 static void apiZoneMetadataKind(HttpRequest* req, HttpResponse* resp) {
656 DNSName zonename = apiZoneIdToName(req->parameters["id"]);
657 string kind = req->parameters["kind"];
658 UeberBackend B;
659
660 if (req->method == "GET") {
661 vector<string> metadata;
662 Json::object document;
663 Json::array entries;
664
665 if (!B.getDomainMetadata(zonename, kind, metadata))
666 throw HttpNotFoundException();
667 else if (!isValidMetadataKind(kind, true))
668 throw ApiException("Unsupported metadata kind '" + kind + "'");
669
670 document["type"] = "Metadata";
671 document["kind"] = kind;
672
673 for (const string& i : metadata)
674 entries.push_back(i);
675
676 document["metadata"] = entries;
677 resp->setBody(document);
678 } else if (req->method == "PUT" && !::arg().mustDo("api-readonly")) {
679 auto document = req->json();
680
681 if (!isValidMetadataKind(kind, false))
682 throw ApiException("Unsupported metadata kind '" + kind + "'");
683
684 vector<string> vecMetadata;
685 auto& metadata = document["metadata"];
686 if (!metadata.is_array())
687 throw ApiException("metadata is not specified or not an array");
688
689 for (const auto& i : metadata.array_items()) {
690 if (!i.is_string())
691 throw ApiException("metadata must be strings");
692 vecMetadata.push_back(i.string_value());
693 }
694
695 if (!B.setDomainMetadata(zonename, kind, vecMetadata))
696 throw ApiException("Could not update metadata entries for domain '" + zonename.toString() + "'");
697
698 Json::object key {
699 { "type", "Metadata" },
700 { "kind", kind },
701 { "metadata", metadata }
702 };
703
704 resp->setBody(key);
705 } else if (req->method == "DELETE" && !::arg().mustDo("api-readonly")) {
706 if (!isValidMetadataKind(kind, false))
707 throw ApiException("Unsupported metadata kind '" + kind + "'");
708
709 vector<string> md; // an empty vector will do it
710 if (!B.setDomainMetadata(zonename, kind, md))
711 throw ApiException("Could not delete metadata for domain '" + zonename.toString() + "' (" + kind + ")");
712 } else
713 throw HttpMethodNotAllowedException();
714 }
715
716 static void apiZoneCryptokeysGET(DNSName zonename, int inquireKeyId, HttpResponse *resp, DNSSECKeeper *dk) {
717 DNSSECKeeper::keyset_t keyset=dk->getKeys(zonename, false);
718
719 bool inquireSingleKey = inquireKeyId >= 0;
720
721 Json::array doc;
722 for(const auto& value : keyset) {
723 if (inquireSingleKey && (unsigned)inquireKeyId != value.second.id) {
724 continue;
725 }
726
727 string keyType;
728 switch (value.second.keyType) {
729 case DNSSECKeeper::KSK: keyType="ksk"; break;
730 case DNSSECKeeper::ZSK: keyType="zsk"; break;
731 case DNSSECKeeper::CSK: keyType="csk"; break;
732 }
733
734 Json::object key {
735 { "type", "Cryptokey" },
736 { "id", (int)value.second.id },
737 { "active", value.second.active },
738 { "keytype", keyType },
739 { "flags", (uint16_t)value.first.d_flags },
740 { "dnskey", value.first.getDNSKEY().getZoneRepresentation() }
741 };
742
743 if (value.second.keyType == DNSSECKeeper::KSK || value.second.keyType == DNSSECKeeper::CSK) {
744 Json::array dses;
745 for(const uint8_t keyid : { DNSSECKeeper::SHA1, DNSSECKeeper::SHA256, DNSSECKeeper::GOST, DNSSECKeeper::SHA384 })
746 try {
747 dses.push_back(makeDSFromDNSKey(zonename, value.first.getDNSKEY(), keyid).getZoneRepresentation());
748 } catch (...) {}
749 key["ds"] = dses;
750 }
751
752 if (inquireSingleKey) {
753 key["privatekey"] = value.first.getKey()->convertToISC();
754 resp->setBody(key);
755 return;
756 }
757 doc.push_back(key);
758 }
759
760 if (inquireSingleKey) {
761 // we came here because we couldn't find the requested key.
762 throw HttpNotFoundException();
763 }
764 resp->setBody(doc);
765
766 }
767
768 /*
769 * This method handles DELETE requests for URL /api/v1/servers/:server_id/zones/:zone_name/cryptokeys/:cryptokey_id .
770 * It deletes a key from :zone_name specified by :cryptokey_id.
771 * Server Answers:
772 * Case 1: the backend returns true on removal. This means the key is gone.
773 * The server returns 200 OK, no body.
774 * Case 2: the backend returns false on removal. An error occurred.
775 * The sever returns 422 Unprocessable Entity with message "Could not DELETE :cryptokey_id".
776 * */
777 static void apiZoneCryptokeysDELETE(DNSName zonename, int inquireKeyId, HttpRequest *req, HttpResponse *resp, DNSSECKeeper *dk) {
778 if (dk->removeKey(zonename, inquireKeyId)) {
779 resp->body = "";
780 resp->status = 200;
781 } else {
782 resp->setErrorResult("Could not DELETE " + req->parameters["key_id"], 422);
783 }
784 }
785
786 /*
787 * This method adds a key to a zone by generate it or content parameter.
788 * Parameter:
789 * {
790 * "content" : "key The format used is compatible with BIND and NSD/LDNS" <string>
791 * "keytype" : "ksk|zsk" <string>
792 * "active" : "true|false" <value>
793 * "algo" : "key generation algorithm "name|number" as default"<string> https://doc.powerdns.com/md/authoritative/dnssec/#supported-algorithms
794 * "bits" : number of bits <int>
795 * }
796 *
797 * Response:
798 * Case 1: keytype isn't ksk|zsk
799 * The server returns 422 Unprocessable Entity {"error" : "Invalid keytype 'keytype'"}
800 * Case 2: 'bits' must be a positive integer value.
801 * The server returns 422 Unprocessable Entity {"error" : "'bits' must be a positive integer value."}
802 * Case 3: The "algo" isn't supported
803 * The server returns 422 Unprocessable Entity {"error" : "Unknown algorithm: 'algo'"}
804 * Case 4: Algorithm <= 10 and no bits were passed
805 * The server returns 422 Unprocessable Entity {"error" : "Creating an algorithm algo key requires the size (in bits) to be passed"}
806 * Case 5: The wrong keysize was passed
807 * The server returns 422 Unprocessable Entity {"error" : "The algorithm does not support the given bit size."}
808 * Case 6: If the server cant guess the keysize
809 * The server returns 422 Unprocessable Entity {"error" : "Can not guess key size for algorithm"}
810 * Case 7: The key-creation failed
811 * The server returns 422 Unprocessable Entity {"error" : "Adding key failed, perhaps DNSSEC not enabled in configuration?"}
812 * Case 8: The key in content has the wrong format
813 * The server returns 422 Unprocessable Entity {"error" : "Key could not be parsed. Make sure your key format is correct."}
814 * Case 9: The wrong combination of fields is submitted
815 * The server returns 422 Unprocessable Entity {"error" : "Either you submit just the 'content' field or you leave 'content' empty and submit the other fields."}
816 * Case 10: No content and everything was fine
817 * The server returns 201 Created and all public data about the new cryptokey
818 * Case 11: With specified content
819 * The server returns 201 Created and all public data about the added cryptokey
820 */
821
822 static void apiZoneCryptokeysPOST(DNSName zonename, HttpRequest *req, HttpResponse *resp, DNSSECKeeper *dk) {
823 auto document = req->json();
824 auto content = document["content"];
825 bool active = boolFromJson(document, "active", false);
826 bool keyOrZone;
827
828 if (stringFromJson(document, "keytype") == "ksk") {
829 keyOrZone = true;
830 } else if (stringFromJson(document, "keytype") == "zsk") {
831 keyOrZone = false;
832 } else {
833 throw ApiException("Invalid keytype " + stringFromJson(document, "keytype"));
834 }
835
836 int64_t insertedId;
837
838 if (content.is_null()) {
839 int bits = keyOrZone ? ::arg().asNum("default-ksk-size") : ::arg().asNum("default-zsk-size");
840 auto docbits = document["bits"];
841 if (!docbits.is_null()) {
842 if (!docbits.is_number() || (fmod(docbits.number_value(), 1.0) != 0) || docbits.int_value() < 0) {
843 throw ApiException("'bits' must be a positive integer value");
844 } else {
845 bits = docbits.int_value();
846 }
847 }
848 int algorithm = DNSSECKeeper::shorthand2algorithm(keyOrZone ? ::arg()["default-ksk-algorithm"] : ::arg()["default-zsk-algorithm"]);
849 auto providedAlgo = document["algo"];
850 if (providedAlgo.is_string()) {
851 algorithm = DNSSECKeeper::shorthand2algorithm(providedAlgo.string_value());
852 if (algorithm == -1)
853 throw ApiException("Unknown algorithm: " + providedAlgo.string_value());
854 } else if (providedAlgo.is_number()) {
855 algorithm = providedAlgo.int_value();
856 } else if (!providedAlgo.is_null()) {
857 throw ApiException("Unknown algorithm: " + providedAlgo.string_value());
858 }
859
860 try {
861 dk->addKey(zonename, keyOrZone, algorithm, insertedId, bits, active);
862 } catch (std::runtime_error& error) {
863 throw ApiException(error.what());
864 }
865 if (insertedId < 0)
866 throw ApiException("Adding key failed, perhaps DNSSEC not enabled in configuration?");
867 } else if (document["bits"].is_null() && document["algo"].is_null()) {
868 auto keyData = stringFromJson(document, "content");
869 DNSKEYRecordContent dkrc;
870 DNSSECPrivateKey dpk;
871 try {
872 shared_ptr<DNSCryptoKeyEngine> dke(DNSCryptoKeyEngine::makeFromISCString(dkrc, keyData));
873 dpk.d_algorithm = dkrc.d_algorithm;
874 if(dpk.d_algorithm == 7)
875 dpk.d_algorithm = 5;
876
877 if (keyOrZone)
878 dpk.d_flags = 257;
879 else
880 dpk.d_flags = 256;
881
882 dpk.setKey(dke);
883 }
884 catch (std::runtime_error& error) {
885 throw ApiException("Key could not be parsed. Make sure your key format is correct.");
886 } try {
887 dk->addKey(zonename, dpk,insertedId, active);
888 } catch (std::runtime_error& error) {
889 throw ApiException(error.what());
890 }
891 if (insertedId < 0)
892 throw ApiException("Adding key failed, perhaps DNSSEC not enabled in configuration?");
893 } else {
894 throw ApiException("Either you submit just the 'content' field or you leave 'content' empty and submit the other fields.");
895 }
896 apiZoneCryptokeysGET(zonename, insertedId, resp, dk);
897 resp->status = 201;
898 }
899
900 /*
901 * This method handles PUT (execute) requests for URL /api/v1/servers/:server_id/zones/:zone_name/cryptokeys/:cryptokey_id .
902 * It de/activates a key from :zone_name specified by :cryptokey_id.
903 * Server Answers:
904 * Case 1: invalid JSON data
905 * The server returns 400 Bad Request
906 * Case 2: the backend returns true on de/activation. This means the key is de/active.
907 * The server returns 204 No Content
908 * Case 3: the backend returns false on de/activation. An error occurred.
909 * The sever returns 422 Unprocessable Entity with message "Could not de/activate Key: :cryptokey_id in Zone: :zone_name"
910 * */
911 static void apiZoneCryptokeysPUT(DNSName zonename, int inquireKeyId, HttpRequest *req, HttpResponse *resp, DNSSECKeeper *dk) {
912 //throws an exception if the Body is empty
913 auto document = req->json();
914 //throws an exception if the key does not exist or is not a bool
915 bool active = boolFromJson(document, "active");
916 if (active) {
917 if (!dk->activateKey(zonename, inquireKeyId)) {
918 resp->setErrorResult("Could not activate Key: " + req->parameters["key_id"] + " in Zone: " + zonename.toString(), 422);
919 return;
920 }
921 } else {
922 if (!dk->deactivateKey(zonename, inquireKeyId)) {
923 resp->setErrorResult("Could not deactivate Key: " + req->parameters["key_id"] + " in Zone: " + zonename.toString(), 422);
924 return;
925 }
926 }
927 resp->body = "";
928 resp->status = 204;
929 return;
930 }
931
932 /*
933 * This method chooses the right functionality for the request. It also checks for a cryptokey_id which has to be passed
934 * by URL /api/v1/servers/:server_id/zones/:zone_name/cryptokeys/:cryptokey_id .
935 * If the the HTTP-request-method isn't supported, the function returns a response with the 405 code (method not allowed).
936 * */
937 static void apiZoneCryptokeys(HttpRequest *req, HttpResponse *resp) {
938 DNSName zonename = apiZoneIdToName(req->parameters["id"]);
939
940 UeberBackend B;
941 DNSSECKeeper dk(&B);
942 DomainInfo di;
943 if (!B.getDomainInfo(zonename, di))
944 throw HttpBadRequestException();
945
946 int inquireKeyId = -1;
947 if (req->parameters.count("key_id")) {
948 inquireKeyId = std::stoi(req->parameters["key_id"]);
949 }
950
951 if (req->method == "GET") {
952 apiZoneCryptokeysGET(zonename, inquireKeyId, resp, &dk);
953 } else if (req->method == "DELETE" && !::arg().mustDo("api-readonly")) {
954 if (inquireKeyId == -1)
955 throw HttpBadRequestException();
956 apiZoneCryptokeysDELETE(zonename, inquireKeyId, req, resp, &dk);
957 } else if (req->method == "POST" && !::arg().mustDo("api-readonly")) {
958 apiZoneCryptokeysPOST(zonename, req, resp, &dk);
959 } else if (req->method == "PUT" && !::arg().mustDo("api-readonly")) {
960 if (inquireKeyId == -1)
961 throw HttpBadRequestException();
962 apiZoneCryptokeysPUT(zonename, inquireKeyId, req, resp, &dk);
963 } else {
964 throw HttpMethodNotAllowedException(); //Returns method not allowed
965 }
966 }
967
968 static void gatherRecordsFromZone(const std::string& zonestring, vector<DNSResourceRecord>& new_records, DNSName zonename) {
969 DNSResourceRecord rr;
970 vector<string> zonedata;
971 stringtok(zonedata, zonestring, "\r\n");
972
973 ZoneParserTNG zpt(zonedata, zonename);
974
975 bool seenSOA=false;
976
977 string comment = "Imported via the API";
978
979 try {
980 while(zpt.get(rr, &comment)) {
981 if(seenSOA && rr.qtype.getCode() == QType::SOA)
982 continue;
983 if(rr.qtype.getCode() == QType::SOA)
984 seenSOA=true;
985
986 new_records.push_back(rr);
987 }
988 }
989 catch(std::exception& ae) {
990 throw ApiException("An error occurred while parsing the zonedata: "+string(ae.what()));
991 }
992 }
993
994 /** Throws ApiException if records with duplicate name/type/content are present.
995 * NOTE: sorts records in-place.
996 */
997 static void checkDuplicateRecords(vector<DNSResourceRecord>& records) {
998 sort(records.begin(), records.end(),
999 [](const DNSResourceRecord& rec_a, const DNSResourceRecord& rec_b) -> bool {
1000 return rec_a.qname.toString() > rec_b.qname.toString() || \
1001 rec_a.qtype.getCode() > rec_b.qtype.getCode() || \
1002 rec_a.content < rec_b.content;
1003 }
1004 );
1005 DNSResourceRecord previous;
1006 for(const auto& rec : records) {
1007 if (previous.qtype == rec.qtype && previous.qname == rec.qname && previous.content == rec.content) {
1008 throw ApiException("Duplicate record in RRset " + rec.qname.toString() + " IN " + rec.qtype.getName() + " with content \"" + rec.content + "\"");
1009 }
1010 previous = rec;
1011 }
1012 }
1013
1014 static void apiServerZones(HttpRequest* req, HttpResponse* resp) {
1015 UeberBackend B;
1016 DNSSECKeeper dk(&B);
1017 if (req->method == "POST" && !::arg().mustDo("api-readonly")) {
1018 DomainInfo di;
1019 auto document = req->json();
1020 DNSName zonename = apiNameToDNSName(stringFromJson(document, "name"));
1021 apiCheckNameAllowedCharacters(zonename.toString());
1022 zonename.makeUsLowerCase();
1023
1024 bool exists = B.getDomainInfo(zonename, di);
1025 if(exists)
1026 throw ApiException("Domain '"+zonename.toString()+"' already exists");
1027
1028 // validate 'kind' is set
1029 DomainInfo::DomainKind zonekind = DomainInfo::stringToKind(stringFromJson(document, "kind"));
1030
1031 string zonestring = document["zone"].string_value();
1032 auto rrsets = document["rrsets"];
1033 if (rrsets.is_array() && zonestring != "")
1034 throw ApiException("You cannot give rrsets AND zone data as text");
1035
1036 auto nameservers = document["nameservers"];
1037 if (!nameservers.is_array() && zonekind != DomainInfo::Slave)
1038 throw ApiException("Nameservers list must be given (but can be empty if NS records are supplied)");
1039
1040 string soa_edit_api_kind;
1041 if (document["soa_edit_api"].is_string()) {
1042 soa_edit_api_kind = document["soa_edit_api"].string_value();
1043 }
1044 else {
1045 soa_edit_api_kind = "DEFAULT";
1046 }
1047 string soa_edit_kind = document["soa_edit"].string_value();
1048
1049 // if records/comments are given, load and check them
1050 bool have_soa = false;
1051 bool have_zone_ns = false;
1052 vector<DNSResourceRecord> new_records;
1053 vector<Comment> new_comments;
1054 vector<DNSResourceRecord> new_ptrs;
1055
1056 if (rrsets.is_array()) {
1057 for (const auto& rrset : rrsets.array_items()) {
1058 DNSName qname = apiNameToDNSName(stringFromJson(rrset, "name"));
1059 apiCheckQNameAllowedCharacters(qname.toString());
1060 QType qtype;
1061 qtype = stringFromJson(rrset, "type");
1062 if (qtype.getCode() == 0) {
1063 throw ApiException("RRset "+qname.toString()+" IN "+stringFromJson(rrset, "type")+": unknown type given");
1064 }
1065 if (rrset["records"].is_array()) {
1066 int ttl = intFromJson(rrset, "ttl");
1067 gatherRecords(rrset, qname, qtype, ttl, new_records, new_ptrs);
1068 }
1069 if (rrset["comments"].is_array()) {
1070 gatherComments(rrset, qname, qtype, new_comments);
1071 }
1072 }
1073 } else if (zonestring != "") {
1074 gatherRecordsFromZone(zonestring, new_records, zonename);
1075 }
1076
1077 for(auto& rr : new_records) {
1078 rr.qname.makeUsLowerCase();
1079 if (!rr.qname.isPartOf(zonename) && rr.qname != zonename)
1080 throw ApiException("RRset "+rr.qname.toString()+" IN "+rr.qtype.getName()+": Name is out of zone");
1081 apiCheckQNameAllowedCharacters(rr.qname.toString());
1082
1083 if (rr.qtype.getCode() == QType::SOA && rr.qname==zonename) {
1084 have_soa = true;
1085 increaseSOARecord(rr, soa_edit_api_kind, soa_edit_kind);
1086 // fixup dots after serializeSOAData/increaseSOARecord
1087 rr.content = makeBackendRecordContent(rr.qtype, rr.content);
1088 }
1089 if (rr.qtype.getCode() == QType::NS && rr.qname==zonename) {
1090 have_zone_ns = true;
1091 }
1092 }
1093
1094 // synthesize RRs as needed
1095 DNSResourceRecord autorr;
1096 autorr.qname = zonename;
1097 autorr.auth = 1;
1098 autorr.ttl = ::arg().asNum("default-ttl");
1099
1100 if (!have_soa && zonekind != DomainInfo::Slave) {
1101 // synthesize a SOA record so the zone "really" exists
1102 string soa = (boost::format("%s %s %lu")
1103 % ::arg()["default-soa-name"]
1104 % (::arg().isEmpty("default-soa-mail") ? (DNSName("hostmaster.") + zonename).toString() : ::arg()["default-soa-mail"])
1105 % document["serial"].int_value()
1106 ).str();
1107 SOAData sd;
1108 fillSOAData(soa, sd); // fills out default values for us
1109 autorr.qtype = "SOA";
1110 autorr.content = serializeSOAData(sd);
1111 increaseSOARecord(autorr, soa_edit_api_kind, soa_edit_kind);
1112 // fixup dots after serializeSOAData/increaseSOARecord
1113 autorr.content = makeBackendRecordContent(autorr.qtype, autorr.content);
1114 new_records.push_back(autorr);
1115 }
1116
1117 // create NS records if nameservers are given
1118 for (auto value : nameservers.array_items()) {
1119 string nameserver = value.string_value();
1120 if (nameserver.empty())
1121 throw ApiException("Nameservers must be non-empty strings");
1122 if (!isCanonical(nameserver))
1123 throw ApiException("Nameserver is not canonical: '" + nameserver + "'");
1124 try {
1125 // ensure the name parses
1126 autorr.content = DNSName(nameserver).toStringRootDot();
1127 } catch (...) {
1128 throw ApiException("Unable to parse DNS Name for NS '" + nameserver + "'");
1129 }
1130 autorr.qtype = "NS";
1131 new_records.push_back(autorr);
1132 if (have_zone_ns) {
1133 throw ApiException("Nameservers list MUST NOT be mixed with zone-level NS in rrsets");
1134 }
1135 }
1136
1137 checkDuplicateRecords(new_records);
1138
1139 // no going back after this
1140 if(!B.createDomain(zonename))
1141 throw ApiException("Creating domain '"+zonename.toString()+"' failed");
1142
1143 if(!B.getDomainInfo(zonename, di))
1144 throw ApiException("Creating domain '"+zonename.toString()+"' failed: lookup of domain ID failed");
1145
1146 // updateDomainSettingsFromDocument does NOT fill out the default we've established above.
1147 if (!soa_edit_api_kind.empty()) {
1148 di.backend->setDomainMetadataOne(zonename, "SOA-EDIT-API", soa_edit_api_kind);
1149 }
1150
1151 di.backend->startTransaction(zonename, di.id);
1152
1153 for(auto rr : new_records) {
1154 rr.domain_id = di.id;
1155 di.backend->feedRecord(rr, DNSName());
1156 }
1157 for(Comment& c : new_comments) {
1158 c.domain_id = di.id;
1159 di.backend->feedComment(c);
1160 }
1161
1162 updateDomainSettingsFromDocument(di, zonename, document);
1163
1164 di.backend->commitTransaction();
1165
1166 storeChangedPTRs(B, new_ptrs);
1167
1168 fillZone(zonename, resp);
1169 resp->status = 201;
1170 return;
1171 }
1172
1173 if(req->method != "GET")
1174 throw HttpMethodNotAllowedException();
1175
1176 vector<DomainInfo> domains;
1177 B.getAllDomains(&domains, true); // incl. disabled
1178
1179 Json::array doc;
1180 for(const DomainInfo& di : domains) {
1181 doc.push_back(getZoneInfo(di, &dk));
1182 }
1183 resp->setBody(doc);
1184 }
1185
1186 static void apiServerZoneDetail(HttpRequest* req, HttpResponse* resp) {
1187 DNSName zonename = apiZoneIdToName(req->parameters["id"]);
1188
1189 if(req->method == "PUT" && !::arg().mustDo("api-readonly")) {
1190 // update domain settings
1191 UeberBackend B;
1192 DomainInfo di;
1193 if(!B.getDomainInfo(zonename, di))
1194 throw ApiException("Could not find domain '"+zonename.toString()+"'");
1195
1196 updateDomainSettingsFromDocument(di, zonename, req->json());
1197
1198 resp->body = "";
1199 resp->status = 204; // No Content, but indicate success
1200 return;
1201 }
1202 else if(req->method == "DELETE" && !::arg().mustDo("api-readonly")) {
1203 // delete domain
1204 UeberBackend B;
1205 DomainInfo di;
1206 if(!B.getDomainInfo(zonename, di))
1207 throw ApiException("Could not find domain '"+zonename.toString()+"'");
1208
1209 if(!di.backend->deleteDomain(zonename))
1210 throw ApiException("Deleting domain '"+zonename.toString()+"' failed: backend delete failed/unsupported");
1211
1212 // empty body on success
1213 resp->body = "";
1214 resp->status = 204; // No Content: declare that the zone is gone now
1215 return;
1216 } else if (req->method == "PATCH" && !::arg().mustDo("api-readonly")) {
1217 patchZone(req, resp);
1218 return;
1219 } else if (req->method == "GET") {
1220 fillZone(zonename, resp);
1221 return;
1222 }
1223
1224 throw HttpMethodNotAllowedException();
1225 }
1226
1227 static void apiServerZoneExport(HttpRequest* req, HttpResponse* resp) {
1228 DNSName zonename = apiZoneIdToName(req->parameters["id"]);
1229
1230 if(req->method != "GET")
1231 throw HttpMethodNotAllowedException();
1232
1233 ostringstream ss;
1234
1235 UeberBackend B;
1236 DomainInfo di;
1237 if(!B.getDomainInfo(zonename, di))
1238 throw ApiException("Could not find domain '"+zonename.toString()+"'");
1239
1240 DNSResourceRecord rr;
1241 SOAData sd;
1242 di.backend->list(zonename, di.id);
1243 while(di.backend->get(rr)) {
1244 if (!rr.qtype.getCode())
1245 continue; // skip empty non-terminals
1246
1247 ss <<
1248 rr.qname.toString() << "\t" <<
1249 rr.ttl << "\t" <<
1250 rr.qtype.getName() << "\t" <<
1251 makeApiRecordContent(rr.qtype, rr.content) <<
1252 endl;
1253 }
1254
1255 if (req->accept_json) {
1256 resp->setBody(Json::object { { "zone", ss.str() } });
1257 } else {
1258 resp->headers["Content-Type"] = "text/plain; charset=us-ascii";
1259 resp->body = ss.str();
1260 }
1261 }
1262
1263 static void apiServerZoneAxfrRetrieve(HttpRequest* req, HttpResponse* resp) {
1264 DNSName zonename = apiZoneIdToName(req->parameters["id"]);
1265
1266 if(req->method != "PUT")
1267 throw HttpMethodNotAllowedException();
1268
1269 UeberBackend B;
1270 DomainInfo di;
1271 if(!B.getDomainInfo(zonename, di))
1272 throw ApiException("Could not find domain '"+zonename.toString()+"'");
1273
1274 if(di.masters.empty())
1275 throw ApiException("Domain '"+zonename.toString()+"' is not a slave domain (or has no master defined)");
1276
1277 random_shuffle(di.masters.begin(), di.masters.end());
1278 Communicator.addSuckRequest(zonename, di.masters.front());
1279 resp->setSuccessResult("Added retrieval request for '"+zonename.toString()+"' from master "+di.masters.front());
1280 }
1281
1282 static void apiServerZoneNotify(HttpRequest* req, HttpResponse* resp) {
1283 DNSName zonename = apiZoneIdToName(req->parameters["id"]);
1284
1285 if(req->method != "PUT")
1286 throw HttpMethodNotAllowedException();
1287
1288 UeberBackend B;
1289 DomainInfo di;
1290 if(!B.getDomainInfo(zonename, di))
1291 throw ApiException("Could not find domain '"+zonename.toString()+"'");
1292
1293 if(!Communicator.notifyDomain(zonename))
1294 throw ApiException("Failed to add to the queue - see server log");
1295
1296 resp->setSuccessResult("Notification queued");
1297 }
1298
1299 static void makePtr(const DNSResourceRecord& rr, DNSResourceRecord* ptr) {
1300 if (rr.qtype.getCode() == QType::A) {
1301 uint32_t ip;
1302 if (!IpToU32(rr.content, &ip)) {
1303 throw ApiException("PTR: Invalid IP address given");
1304 }
1305 ptr->qname = DNSName((boost::format("%u.%u.%u.%u.in-addr.arpa.")
1306 % ((ip >> 24) & 0xff)
1307 % ((ip >> 16) & 0xff)
1308 % ((ip >> 8) & 0xff)
1309 % ((ip ) & 0xff)
1310 ).str());
1311 } else if (rr.qtype.getCode() == QType::AAAA) {
1312 ComboAddress ca(rr.content);
1313 char buf[3];
1314 ostringstream ss;
1315 for (int octet = 0; octet < 16; ++octet) {
1316 if (snprintf(buf, sizeof(buf), "%02x", ca.sin6.sin6_addr.s6_addr[octet]) != (sizeof(buf)-1)) {
1317 // this should be impossible: no byte should give more than two digits in hex format
1318 throw PDNSException("Formatting IPv6 address failed");
1319 }
1320 ss << buf[0] << '.' << buf[1] << '.';
1321 }
1322 string tmp = ss.str();
1323 tmp.resize(tmp.size()-1); // remove last dot
1324 // reverse and append arpa domain
1325 ptr->qname = DNSName(string(tmp.rbegin(), tmp.rend())) + DNSName("ip6.arpa.");
1326 } else {
1327 throw ApiException("Unsupported PTR source '" + rr.qname.toString() + "' type '" + rr.qtype.getName() + "'");
1328 }
1329
1330 ptr->qtype = "PTR";
1331 ptr->ttl = rr.ttl;
1332 ptr->disabled = rr.disabled;
1333 ptr->content = rr.qname.toStringRootDot();
1334 }
1335
1336 static void storeChangedPTRs(UeberBackend& B, vector<DNSResourceRecord>& new_ptrs) {
1337 for(const DNSResourceRecord& rr : new_ptrs) {
1338 SOAData sd;
1339 if (!B.getAuth(rr.qname, QType(QType::PTR), &sd, false))
1340 throw ApiException("Could not find domain for PTR '"+rr.qname.toString()+"' requested for '"+rr.content+"' (while saving)");
1341
1342 string soa_edit_api_kind;
1343 string soa_edit_kind;
1344 bool soa_changed = false;
1345 DNSResourceRecord soarr;
1346 sd.db->getDomainMetadataOne(sd.qname, "SOA-EDIT-API", soa_edit_api_kind);
1347 sd.db->getDomainMetadataOne(sd.qname, "SOA-EDIT", soa_edit_kind);
1348 if (!soa_edit_api_kind.empty()) {
1349 soarr.qname = sd.qname;
1350 soarr.content = serializeSOAData(sd);
1351 soarr.qtype = "SOA";
1352 soarr.domain_id = sd.domain_id;
1353 soarr.auth = 1;
1354 soarr.ttl = sd.ttl;
1355 increaseSOARecord(soarr, soa_edit_api_kind, soa_edit_kind);
1356 // fixup dots after serializeSOAData/increaseSOARecord
1357 soarr.content = makeBackendRecordContent(soarr.qtype, soarr.content);
1358 soa_changed = true;
1359 }
1360
1361 sd.db->startTransaction(sd.qname);
1362 if (!sd.db->replaceRRSet(sd.domain_id, rr.qname, rr.qtype, vector<DNSResourceRecord>(1, rr))) {
1363 sd.db->abortTransaction();
1364 throw ApiException("PTR-Hosting backend for "+rr.qname.toString()+"/"+rr.qtype.getName()+" does not support editing records.");
1365 }
1366
1367 if (soa_changed) {
1368 sd.db->replaceRRSet(sd.domain_id, soarr.qname, soarr.qtype, vector<DNSResourceRecord>(1, soarr));
1369 }
1370
1371 sd.db->commitTransaction();
1372 purgeAuthCachesExact(rr.qname);
1373 }
1374 }
1375
1376 static void patchZone(HttpRequest* req, HttpResponse* resp) {
1377 UeberBackend B;
1378 DomainInfo di;
1379 DNSName zonename = apiZoneIdToName(req->parameters["id"]);
1380 if (!B.getDomainInfo(zonename, di))
1381 throw ApiException("Could not find domain '"+zonename.toString()+"'");
1382
1383 vector<DNSResourceRecord> new_records;
1384 vector<Comment> new_comments;
1385 vector<DNSResourceRecord> new_ptrs;
1386
1387 Json document = req->json();
1388
1389 auto rrsets = document["rrsets"];
1390 if (!rrsets.is_array())
1391 throw ApiException("No rrsets given in update request");
1392
1393 di.backend->startTransaction(zonename);
1394
1395 try {
1396 string soa_edit_api_kind;
1397 string soa_edit_kind;
1398 di.backend->getDomainMetadataOne(zonename, "SOA-EDIT-API", soa_edit_api_kind);
1399 di.backend->getDomainMetadataOne(zonename, "SOA-EDIT", soa_edit_kind);
1400 bool soa_edit_done = false;
1401
1402 for (const auto& rrset : rrsets.array_items()) {
1403 string changetype = toUpper(stringFromJson(rrset, "changetype"));
1404 DNSName qname = apiNameToDNSName(stringFromJson(rrset, "name"));
1405 apiCheckQNameAllowedCharacters(qname.toString());
1406 QType qtype;
1407 qtype = stringFromJson(rrset, "type");
1408 if (qtype.getCode() == 0) {
1409 throw ApiException("RRset "+qname.toString()+" IN "+stringFromJson(rrset, "type")+": unknown type given");
1410 }
1411
1412 if (changetype == "DELETE") {
1413 // delete all matching qname/qtype RRs (and, implicitly comments).
1414 if (!di.backend->replaceRRSet(di.id, qname, qtype, vector<DNSResourceRecord>())) {
1415 throw ApiException("Hosting backend does not support editing records.");
1416 }
1417 }
1418 else if (changetype == "REPLACE") {
1419 // we only validate for REPLACE, as DELETE can be used to "fix" out of zone records.
1420 if (!qname.isPartOf(zonename) && qname != zonename)
1421 throw ApiException("RRset "+qname.toString()+" IN "+qtype.getName()+": Name is out of zone");
1422
1423 bool replace_records = rrset["records"].is_array();
1424 bool replace_comments = rrset["comments"].is_array();
1425
1426 if (!replace_records && !replace_comments) {
1427 throw ApiException("No change for RRset " + qname.toString() + " IN " + qtype.getName());
1428 }
1429
1430 new_records.clear();
1431 new_comments.clear();
1432
1433 if (replace_records) {
1434 // ttl shouldn't be part of DELETE, and it shouldn't be required if we don't get new records.
1435 int ttl = intFromJson(rrset, "ttl");
1436 // new_ptrs is merged.
1437 gatherRecords(rrset, qname, qtype, ttl, new_records, new_ptrs);
1438
1439 for(DNSResourceRecord& rr : new_records) {
1440 rr.domain_id = di.id;
1441 if (rr.qtype.getCode() == QType::SOA && rr.qname==zonename) {
1442 soa_edit_done = increaseSOARecord(rr, soa_edit_api_kind, soa_edit_kind);
1443 rr.content = makeBackendRecordContent(rr.qtype, rr.content);
1444 }
1445 }
1446 checkDuplicateRecords(new_records);
1447 }
1448
1449 if (replace_comments) {
1450 gatherComments(rrset, qname, qtype, new_comments);
1451
1452 for(Comment& c : new_comments) {
1453 c.domain_id = di.id;
1454 }
1455 }
1456
1457 if (replace_records) {
1458 di.backend->lookup(QType(QType::ANY), qname);
1459 DNSResourceRecord rr;
1460 while (di.backend->get(rr)) {
1461 if (qtype.getCode() == QType::CNAME && rr.qtype.getCode() != QType::CNAME) {
1462 throw ApiException("RRset "+qname.toString()+" IN "+qtype.getName()+": Conflicts with pre-existing non-CNAME RRset");
1463 } else if (qtype.getCode() != QType::CNAME && rr.qtype.getCode() == QType::CNAME) {
1464 throw ApiException("RRset "+qname.toString()+" IN "+qtype.getName()+": Conflicts with pre-existing CNAME RRset");
1465 }
1466 }
1467
1468 if (!di.backend->replaceRRSet(di.id, qname, qtype, new_records)) {
1469 throw ApiException("Hosting backend does not support editing records.");
1470 }
1471 }
1472 if (replace_comments) {
1473 if (!di.backend->replaceComments(di.id, qname, qtype, new_comments)) {
1474 throw ApiException("Hosting backend does not support editing comments.");
1475 }
1476 }
1477 }
1478 else
1479 throw ApiException("Changetype not understood");
1480 }
1481
1482 // edit SOA (if needed)
1483 if (!soa_edit_api_kind.empty() && !soa_edit_done) {
1484 SOAData sd;
1485 if (!B.getSOA(zonename, sd))
1486 throw ApiException("No SOA found for domain '"+zonename.toString()+"'");
1487
1488 DNSResourceRecord rr;
1489 rr.qname = zonename;
1490 rr.content = serializeSOAData(sd);
1491 rr.qtype = "SOA";
1492 rr.domain_id = di.id;
1493 rr.auth = 1;
1494 rr.ttl = sd.ttl;
1495 increaseSOARecord(rr, soa_edit_api_kind, soa_edit_kind);
1496 // fixup dots after serializeSOAData/increaseSOARecord
1497 rr.content = makeBackendRecordContent(rr.qtype, rr.content);
1498
1499 if (!di.backend->replaceRRSet(di.id, rr.qname, rr.qtype, vector<DNSResourceRecord>(1, rr))) {
1500 throw ApiException("Hosting backend does not support editing records.");
1501 }
1502
1503 // return old and new serials in headers
1504 resp->headers["X-PDNS-Old-Serial"] = std::to_string(sd.serial);
1505 fillSOAData(rr.content, sd);
1506 resp->headers["X-PDNS-New-Serial"] = std::to_string(sd.serial);
1507 }
1508
1509 } catch(...) {
1510 di.backend->abortTransaction();
1511 throw;
1512 }
1513 di.backend->commitTransaction();
1514
1515 purgeAuthCachesExact(zonename);
1516
1517 // now the PTRs
1518 storeChangedPTRs(B, new_ptrs);
1519
1520 resp->body = "";
1521 resp->status = 204; // No Content, but indicate success
1522 return;
1523 }
1524
1525 static void apiServerSearchData(HttpRequest* req, HttpResponse* resp) {
1526 if(req->method != "GET")
1527 throw HttpMethodNotAllowedException();
1528
1529 string q = req->getvars["q"];
1530 string sMax = req->getvars["max"];
1531 int maxEnts = 100;
1532 int ents = 0;
1533
1534 if (q.empty())
1535 throw ApiException("Query q can't be blank");
1536 if (!sMax.empty())
1537 maxEnts = std::stoi(sMax);
1538 if (maxEnts < 1)
1539 throw ApiException("Maximum entries must be larger than 0");
1540
1541 SimpleMatch sm(q,true);
1542 UeberBackend B;
1543 vector<DomainInfo> domains;
1544 vector<DNSResourceRecord> result_rr;
1545 vector<Comment> result_c;
1546 map<int,DomainInfo> zoneIdZone;
1547 map<int,DomainInfo>::iterator val;
1548 Json::array doc;
1549
1550 B.getAllDomains(&domains, true);
1551
1552 for(const DomainInfo di: domains)
1553 {
1554 if (ents < maxEnts && sm.match(di.zone)) {
1555 doc.push_back(Json::object {
1556 { "object_type", "zone" },
1557 { "zone_id", apiZoneNameToId(di.zone) },
1558 { "name", di.zone.toString() }
1559 });
1560 ents++;
1561 }
1562 zoneIdZone[di.id] = di; // populate cache
1563 }
1564
1565 if (B.searchRecords(q, maxEnts, result_rr))
1566 {
1567 for(const DNSResourceRecord& rr: result_rr)
1568 {
1569 if (!rr.qtype.getCode())
1570 continue; // skip empty non-terminals
1571
1572 auto object = Json::object {
1573 { "object_type", "record" },
1574 { "name", rr.qname.toString() },
1575 { "type", rr.qtype.getName() },
1576 { "ttl", (double)rr.ttl },
1577 { "disabled", rr.disabled },
1578 { "content", makeApiRecordContent(rr.qtype, rr.content) }
1579 };
1580 if ((val = zoneIdZone.find(rr.domain_id)) != zoneIdZone.end()) {
1581 object["zone_id"] = apiZoneNameToId(val->second.zone);
1582 object["zone"] = val->second.zone.toString();
1583 }
1584 doc.push_back(object);
1585 }
1586 }
1587
1588 if (B.searchComments(q, maxEnts, result_c))
1589 {
1590 for(const Comment &c: result_c)
1591 {
1592 auto object = Json::object {
1593 { "object_type", "comment" },
1594 { "name", c.qname.toString() },
1595 { "content", c.content }
1596 };
1597 if ((val = zoneIdZone.find(c.domain_id)) != zoneIdZone.end()) {
1598 object["zone_id"] = apiZoneNameToId(val->second.zone);
1599 object["zone"] = val->second.zone.toString();
1600 }
1601 doc.push_back(object);
1602 }
1603 }
1604
1605 resp->setBody(doc);
1606 }
1607
1608 void apiServerCacheFlush(HttpRequest* req, HttpResponse* resp) {
1609 if(req->method != "PUT")
1610 throw HttpMethodNotAllowedException();
1611
1612 DNSName canon = apiNameToDNSName(req->getvars["domain"]);
1613
1614 uint64_t count = purgeAuthCachesExact(canon);
1615 resp->setBody(Json::object {
1616 { "count", (int) count },
1617 { "result", "Flushed cache." }
1618 });
1619 }
1620
1621 void AuthWebServer::cssfunction(HttpRequest* req, HttpResponse* resp)
1622 {
1623 resp->headers["Cache-Control"] = "max-age=86400";
1624 resp->headers["Content-Type"] = "text/css";
1625
1626 ostringstream ret;
1627 ret<<"* { box-sizing: border-box; margin: 0; padding: 0; }"<<endl;
1628 ret<<"body { color: black; background: white; margin-top: 1em; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 10pt; position: relative; }"<<endl;
1629 ret<<"a { color: #0959c2; }"<<endl;
1630 ret<<"a:hover { color: #3B8EC8; }"<<endl;
1631 ret<<".row { width: 940px; max-width: 100%; min-width: 768px; margin: 0 auto; }"<<endl;
1632 ret<<".row:before, .row:after { display: table; content:\" \"; }"<<endl;
1633 ret<<".row:after { clear: both; }"<<endl;
1634 ret<<".columns { position: relative; min-height: 1px; float: left; }"<<endl;
1635 ret<<".all { width: 100%; }"<<endl;
1636 ret<<".headl { width: 60%; }"<<endl;
1637 ret<<".headr { width: 39.5%; float: right; background-repeat: no-repeat; margin-top: 7px; ";
1638 ret<<"background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAJoAAAAUCAYAAAB1RSS/AAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAACtgAAArYBAHIqtQAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAABBTSURBVGiBtVp7cFRVmv9u3763b7/f9It00iFACBohgCEyQYgKI49CLV3cWaoEZBcfo2shu7KOtZbjrqOuVQtVWFuOrPqPRU3NgOIDlkgyJEYJwUAqjzEJedFJupN0p9/v+9o/mtve7r790HF+VbeSPue7555zz+98z4ucOXNmgWVZBH4AK5PJGIPBQBqNxpTNZkthGMZCCUxMTBCDg4PyiYkJWTQaRc1mc7Kuri7a1NQU4ssxDAOffPKJAQCynvnII494ESTddO3aNaXT6SS4TplMRj/44IM+7ndXV5dqfn5ewh9306ZNQZqmobu7W11qri0tLX6tVkv19vYqpqampPw+BEFYtVpNGQwG0mKxpJYsWUIKjTE6OiodGBhQ8NcgkUgYjUZDORyOhM1mSxV6fjAYFF+6dEnLb9NoNOR9990X4H53dHSovV4vzpfZvn27T6FQ0Py2sbExorOzU+N2uwmWZUGv15N33nlnuLGxMZy7byyVQEJ//nd9Yuz/lJR/HBdrHSlJ9baIuuV1L4LJ8/Y49pc/KcJX39WRC4MEgskY3Lourmn5rQdbckfe2ijfOBZo+40xNXtNysR9KLZkdVK+9oBf0fBkCABA3NraamTZwjxSKpXUAw884G1paQkUIty5c+f0Fy5cWMIfx+l0Snt6ejTt7e26AwcOuKxWawoAQCQSQW9vr3pxcTHrJTY3Nwe5Tb18+bJ2bGxMzvWhKMpu27bNj6IoCwDQ1tamd7lcRM79genpaaK1tdVQcDG3sXbt2rBWq6X6+/sV3d3d2mKyy5cvj+7cudO7atWqGL99bGxMWuxZOp0utX37du+9994b5A4Qh2AwiObei6Ioe/fdd4eVSiUNAHD16lX1+Pi4nC+zadOmIJ9oZ8+eNeTu3/T0tLSvr0/V3d0dPXr0qJNrZ+KL6MKpjZWUbyxzQMmFIYJcGCISw5+qjE9+M4UqLJmx/RdeWBK+elKfGTjuR+OhWSxx86JS/9D/zsrufDzMdSXGv5J5/vBYBZuKiLi25HS3LDndLUuMX1IYHjvtynQUQjgcFp89e9b8zjvv2BmGyepjWRbeffdd2/nz55cUIqvT6ZSeOHHC7vf7xVyb3W6P58rNzc1liOfxeLJISNM04na7Me63z+fD+P1SqZQupHn+Wty8eVN+4sSJyv7+fnlp6R/g8/nw06dPW0+ePLmUJEmklDxN08iVK1dU5Y7f0dGhvnjxYkElQVFU1jP9Xz5j4pMsSzYwifvPPWnhfsdHPpdnkYwHlk4ivi9/baFDM2IAACYZEi1++qSVTzI+YkN/VEe++726JNE4TE1Nyc6cOWPkt3322Wf6/v7+ki8nEAhgH3zwQWYhDoejINGSyaQoFAphuf2zs7MSAIBIJIImEgmU32ez2RLlruOngGVZ+Oijj6w+n09cWjobg4ODyg8//NBSWhLgu+++K4toJEkin376qancObBkFIl/f7bo2ImxC0om5kUBACK9pzTFZJlEAI0O/kEJABAf+UJOh115+8VH5MZHGkGimc3mRK66BwBoa2szBAIBMUB6w1tbW415QgUwOjqqGB4elgIA1NTU5BGN02IulwsXOqUul0sCADA/P5+3qIqKip+NaARBMBiGMbnt0Wg0z68qF729vepr164pS8k5nU7ZwsJC0U0DAOjp6VHGYjE0t10kEgmqt5TrOwIYqqRWTbmuSQAASM9fiFKy5Fx/Wnaur7Ss53tC8IQ+/fTTM/F4HH3rrbcc/E1nWRYmJyeJtWvXRr7++mt1rnoGANi6devipk2bgsePH7dHIpGs8Ts7O7W1tbXxqqqqJIZhLN+keDweDADA7XbjuWPebpcAACwsLOT1V1VVFSSayWRKvvLKK5P8tmLBTVNTk//hhx/2vv/++5aBgYEsLeB0OqWF7gMAsFqtiYqKivj169c1ueaytbVVv2HDhnChewHS7/fKlSuqPXv2LBaTyw1gAABqa2sjhw4dck1PT0vOnz9v4O+NWFNdlluBqispAABUYSEp/6TgPmRkVba0rGppybFRpZksaDodDkeioqIiT/M4nU4JAMDIyEiez1JTUxN9/PHHFyoqKpJbtmzx5faPj4/LANKOr9VqzRqbi7D4vhof8/PzOMAPhMyZa948OSAIAjiOs/xLSFvzIZFImO3bt+fNn9OqhaDRaMiDBw/Obd26NY8oTqdTWmhtfPT29paMmkOhUJ6CkEgkjFKppOvq6mIvvviis76+PkNqVF1BiQ21yWJjoiobiRlWpQAACMeWaKk5EMu2RQEAiOr7YyBCi2YliMrN0aI+Wjwez+vn/KOZmZk8lbl69eoI97+QeQwEAhgXFFRVVWX1+/1+nGVZyE1bcPB6vRKWZSE35JdKpbTJZCp4qiiKQmZmZnDuEiKqEITWTtN0SfMDALBjx45FiUSSZ35HRkaKakQAgPn5ecnU1FRRQuv1+rz0Qn9/v+ry5ctqgPTh2rFjR9ZB0e78Hzcgedb2NhDQ7vq9C24fQNXm3/gww8qCxJTX/4OfcGyJAwBgS+pSqo3/XFADo0oLqdn2lkeQaAzDIB0dHWqPx5O3YK1WSzIMA7lmEQDAaDSSQv/zEQwGUQCA6urqLKJRFIV4PB6MH3GqVCqS3z83N4cvLi5mEaVUIOD1evHXX399GXedOnXKWkweIJ3r++abb/IcYqPRWDA3xodUKmWEyMCZ/1IolQvMfXcAabN7+vRp68cff2wS8nElVVvihl99cQtV27PmhapspOHvzzmJ5Tsy6RtELGGX7G+7JV2xIysHiqAYq/rFv3h0e96f57drHnjTo2n57TwiJrIOl6SyOWo6cPmWiNAwgj7am2++6Ugmk4IkrK2tjUWjUVRoMXK5PJOHkclkdJ4AAESjURQAYPny5YKRJ59odXV1EX6ea2ZmRpKbf/s5AwEAgO+//17+8ssv1/j9/jzNt3HjxmC542g0GjI318etXQgoirKcxrx+/brKYDAUJPW6desiFy5ciM/MzORpyM7OTl04HEYPHz7synURiJpfxizPj4+T8/0S0jOEiw2rUrh5TRJE+TRAFWba+KvPZung9Hxy9iohwpUMvnRjQkSo8zQ1ICJQbX7Zp2h8LpCa7ZEwUY8Yt21IiHXLMopCkEyFSFZZWRmz2+0FVSqXUL39v6AM5yTr9XpKrVZnab2RkRFZKpXKPHvlypUxvuM+PT0tCQaDWW+lWCDwUzA3N0cIkay2tjbS0tLiL3ccoYNWzPRWVVXFcBxnAACCwSAmRCIOCILA/v373QqFghLqv3Hjhrq9vb1gioIFBNLFoLI8gbKBILdHRNi8ocvOC6nVavLw4cOzAAAKhYJGEARytRo/5A6Hw4JMk8lkmRNht9vjAwMDmU0dGhril3TAbDanDAZD0u12EwAAw8PDCoZhspZQLBD4KRBa17Zt27wPPfSQVyQqO+0IQumHQloeIB0Jr169Onzjxg01QOHDzqGioiJ55MiRW8ePH68UCg6+/PJLY0tLS4Cv1RJjF2W+z5+2UEFnxiqgKhup2/muW7pyV1YAQEfmUN9n/2SOj57PRN4IirHKphe86q2vLSIozktHMBDq+p0u3PkfRpZKZOYtqWyOavd86BZrlxWOOjMTQVH2jjvuCL/wwgtOvV5PAaQ3QyqV5r20SCSSebmhUEiQaCqVKnNfLkk4QnEwmUyk2WzOaNDp6emsU14qEABIO87Hjh2b5K79+/e7i8kLVS0UCgXF19blINfEAwCoVCpBDcShsbExVKw/FzabLXXs2LFJIT81Go2K+YFPYqpDuvDx7ko+yQAA6NAs5jn9sD1+84KMa2OpJLLw0X2VfJIBALA0iYS6/svoO/ePWcni4KWXjKH2V0x8kgEAJG99Lfd8uLmSSfiFj+j999/v3bt3r/vgwYMzb7zxxthzzz03w9UqOVit1rzFjY6OZiY7NDSUl/4gCIIxmUyZcZYtW1ZQG0mlUloul9Nmszkjn1sCK6cigGEY63A4EtxlsViKOvQOhyOm0WiyyNve3q4vN+IESKeAhKJnISeej/r6+ijfzy2Evr4+Oad19Xo9dejQoVkhbev1ejNE83/xjAXYfPcqDRZ8nz9lhdtjhjr/U0d6RwoGLtH+j7WJyctSAADSM4SHu/9bsFwFAECHXVjwq381ChKtubk50NLSEmhsbAxrNBrBU7hixYq8XMvg4KByamqKmJubw7799ts8H6GqqirGV+XV1dWJQppCq9WSAABWq7WgT/hzBwIAaW3d0NCQpVkCgQDW1dVVVnnI5XLhp06dsuW24zjO1NTUFJ0viqJsfX19Sa3W09Ojfu+996xcCkapVNIoiuaxyGAwkAAAdHBaXIw4AGnNRnqHcQCAxOTlknXdxHirHAAgOXFJBkzxQ5ic6pD/6Nodh9uRT1YxPRaLoW+//XaVWCxmhXyMe+65J8D/jeM4a7FYEkKOL5ceWLp0aUGiVVZWliSax+PBX3rppRp+27PPPjtdLKhpamoKtre3Z53Sr776yrB58+a8LzH4GB4eVr722muCpaaGhoYgQRCFVEoGGzduDF65cqVkqevGjRvqgYEBld1uj8/NzUlIMtsNwnGc4VJMlH+yrNwhFbglxoyrUnTEXVKeDs2K039nSstG5rDyvdscLF26NNnQ0JAX7tM0jQiRzGQyJdevXx/Jba+srBQ0J3q9ngRIBwRisVhQ65UTCNA0jQQCAYx/CZXO+LDb7UmLxZJFYo/Hg1+9erVovTLXtHMgCILevXt30bISh5UrV8ZzTXchUBSFTExMyIQCj7q6ugh3KHDbugSIhN8hHxLb+iQAAGasK+2SmOvTsuY1pWWNqxI/mWgAAI8++uiCTqcrmcTEMIzZt2+fW8hMFvJbuNMoEokEM+FSqZQ2m81/k0+DAADWr1+fZ8IuXrxY8lu3XKAoyu7bt8/NmbFSEDLdPxYSiYTZu3dvJqmKYHJWturhomNKa34ZFskMNACAYt2hQDFZEaGh5XfsDQMAECt2R1Glreja5GsOBP4qoul0Ouro0aO3TCZTQTOkUqnII0eO3FqxYoUgoYRKVQAA/ISl0Ph/60+Dmpqa8syky+Ui+vr6yv4uTavVks8///ytUsV0oWf/GHk+pFIp/cQTT8zqdLos31q36+S8WFcjuE9iTVVK99CpTDQuXbk7qmz8taAGRlAJq9t50o2qllIAACKJitHu+cCF4ApBdS5d/XdB+fqnguLq6upobm4Kx/GyQ3m9Xk+9+uqrk21tbZquri6t1+vFWZYFi8WSdDgcsV27di1qtdqCYb3ZbCZra2sjueaW/yl0XV1dNBwOZ/mT/KIxB6VSSTkcjlhuey44X8lkMqVy5TmC6/V6qrGx0Z8bPY6OjsrWrFkT1el0ec9CUZRVqVSUWq2mqqur4xs2bAgL+XQSiYTJvZcf9Njt9uRdd90Vys2PcQnd5ubmAMMwcPPmTXk0GhUDpCsRVVVVsccee2yBS0PxIZLqacszfZPBP7+qj4+1Kilf+lNuYtkDEU3La3mfcmsfPL4gqfxFrJxPuYll22Kmp/omgpf+zZia7ZEyCT+KGVcn5WsP+uUNh0IAAP8PaQRnE4MgdzkAAAAASUVORK5CYII=);";
1639 ret<<" width: 154px; height: 20px; }"<<endl;
1640 ret<<"a#appname { margin: 0; font-size: 27px; color: #666; text-decoration: none; font-weight: bold; display: block; }"<<endl;
1641 ret<<"footer { border-top: 1px solid #ddd; padding-top: 4px; font-size: 12px; }"<<endl;
1642 ret<<"footer.row { margin-top: 1em; margin-bottom: 1em; }"<<endl;
1643 ret<<".panel { background: #f2f2f2; border: 1px solid #e6e6e6; margin: 0 0 22px 0; padding: 20px; }"<<endl;
1644 ret<<"table.data { width: 100%; border-spacing: 0; border-top: 1px solid #333; }"<<endl;
1645 ret<<"table.data td { border-bottom: 1px solid #333; padding: 2px; }"<<endl;
1646 ret<<"table.data tr:nth-child(2n) { background: #e2e2e2; }"<<endl;
1647 ret<<"table.data tr:hover { background: white; }"<<endl;
1648 ret<<".ringmeta { margin-bottom: 5px; }"<<endl;
1649 ret<<".resetring {float: right; }"<<endl;
1650 ret<<".resetring i { background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAA/klEQVQY01XPP04UUBgE8N/33vd2XZUWEuzYuMZEG4KFCQn2NhA4AIewAOMBPIG2xhNYeAcKGqkNCdmYlVBZGBIT4FHsbuE0U8xk/kAbqm9TOfI/nicfhmwgDNhvylUT58kxCp4l31L8SfH9IetJ2ev6PwyIwyZWsdb11/gbTK55Co+r8rmJaRPTFJcpZil+pTit7C5awMpA+Zpi1sRFE9MqflYOloYCjY2uP8EdYiGU4CVGUBubxKfOOLjrtOBmzvEilbVb/aQWvhRl0unBZVXe4XdnK+bprwqnhoyTsyZ+JG8Wk0apfExxlcp7PFruXH8gdxamWB4cyW2sIO4BG3czIp78jUIAAAAASUVORK5CYII=); width: 10px; height: 10px; margin-right: 2px; display: inline-block; background-repeat: no-repeat; }"<<endl;
1651 ret<<".resetring:hover i { background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAA2ElEQVQY013PMUoDcRDF4c+kEzxCsNNCrBQvIGhnlcYm11EkBxAraw8gglgIoiJpAoKIYlBcgrgopsma3c3fwt1k9cHA480M8xvQp/nMjorOWY5ov7IAYlpjQk7aYxcuWBpwFQgJnUcaYk7GhEDIGL5w+MVpKLIRyR2b4JOjvGhUKzHTv2W7iuSN479Dvu9plf1awbQ6y3x1sU5tjpVJcMbakF6Ycoas8Dl5xEHJ160wRdfqzXfa6XQ4PLDlicWUjxHxZfndL/N+RhiwNzl/Q6PDhn/qsl76H7prcApk2B1aAAAAAElFTkSuQmCC);}"<<endl;
1652 ret<<".resizering {float: right;}"<<endl;
1653 resp->body = ret.str();
1654 resp->status = 200;
1655 }
1656
1657 void AuthWebServer::webThread()
1658 {
1659 try {
1660 if(::arg().mustDo("api")) {
1661 d_ws->registerApiHandler("/api/v1/servers/localhost/cache/flush", &apiServerCacheFlush);
1662 d_ws->registerApiHandler("/api/v1/servers/localhost/config", &apiServerConfig);
1663 d_ws->registerApiHandler("/api/v1/servers/localhost/search-log", &apiServerSearchLog);
1664 d_ws->registerApiHandler("/api/v1/servers/localhost/search-data", &apiServerSearchData);
1665 d_ws->registerApiHandler("/api/v1/servers/localhost/statistics", &apiServerStatistics);
1666 d_ws->registerApiHandler("/api/v1/servers/localhost/zones/<id>/axfr-retrieve", &apiServerZoneAxfrRetrieve);
1667 d_ws->registerApiHandler("/api/v1/servers/localhost/zones/<id>/cryptokeys/<key_id>", &apiZoneCryptokeys);
1668 d_ws->registerApiHandler("/api/v1/servers/localhost/zones/<id>/cryptokeys", &apiZoneCryptokeys);
1669 d_ws->registerApiHandler("/api/v1/servers/localhost/zones/<id>/export", &apiServerZoneExport);
1670 d_ws->registerApiHandler("/api/v1/servers/localhost/zones/<id>/metadata/<kind>", &apiZoneMetadataKind);
1671 d_ws->registerApiHandler("/api/v1/servers/localhost/zones/<id>/metadata", &apiZoneMetadata);
1672 d_ws->registerApiHandler("/api/v1/servers/localhost/zones/<id>/notify", &apiServerZoneNotify);
1673 d_ws->registerApiHandler("/api/v1/servers/localhost/zones/<id>", &apiServerZoneDetail);
1674 d_ws->registerApiHandler("/api/v1/servers/localhost/zones", &apiServerZones);
1675 d_ws->registerApiHandler("/api/v1/servers/localhost", &apiServerDetail);
1676 d_ws->registerApiHandler("/api/v1/servers", &apiServer);
1677 d_ws->registerApiHandler("/api", &apiDiscovery);
1678 }
1679 if (::arg().mustDo("webserver")) {
1680 d_ws->registerWebHandler("/style.css", boost::bind(&AuthWebServer::cssfunction, this, _1, _2));
1681 d_ws->registerWebHandler("/", boost::bind(&AuthWebServer::indexfunction, this, _1, _2));
1682 }
1683 d_ws->go();
1684 }
1685 catch(...) {
1686 L<<Logger::Error<<"AuthWebServer thread caught an exception, dying"<<endl;
1687 exit(1);
1688 }
1689 }
Unnamed repository; edit this file 'description' to name the repository.