2 * This file is part of PowerDNS or dnsdist.
3 * Copyright -- PowerDNS.COM B.V. and its contributors
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of version 2 of the GNU General Public License as
7 * published by the Free Software Foundation.
9 * In addition, for the avoidance of any doubt, permission is granted to
10 * link this program with OpenSSL and to (re)distribute the binaries
11 * produced as the result of such linking.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 #include "dynlistener.hh"
29 #include "webserver.hh"
34 #include "arguments.hh"
37 #include "ueberbackend.hh"
38 #include <boost/format.hpp>
40 #include "namespaces.hh"
43 #include "dnsseckeeper.hh"
45 #include "zoneparser-tng.hh"
46 #include "common_startup.hh"
47 #include "auth-caches.hh"
53 static void patchZone(HttpRequest
* req
, HttpResponse
* resp
);
54 static void storeChangedPTRs(UeberBackend
& B
, vector
<DNSResourceRecord
>& new_ptrs
);
55 static void makePtr(const DNSResourceRecord
& rr
, DNSResourceRecord
* ptr
);
57 AuthWebServer::AuthWebServer()
60 d_min10
=d_min5
=d_min1
=0;
63 if(arg().mustDo("webserver") || arg().mustDo("api")) {
64 d_ws
= new WebServer(arg()["webserver-address"], arg().asNum("webserver-port"));
69 void AuthWebServer::go()
72 pthread_create(&d_tid
, 0, webThreadHelper
, this);
73 pthread_create(&d_tid
, 0, statThreadHelper
, this);
76 void AuthWebServer::statThread()
80 d_queries
.submit(S
.read("udp-queries"));
81 d_cachehits
.submit(S
.read("packetcache-hit"));
82 d_cachemisses
.submit(S
.read("packetcache-miss"));
83 d_qcachehits
.submit(S
.read("query-cache-hit"));
84 d_qcachemisses
.submit(S
.read("query-cache-miss"));
89 g_log
<<Logger::Error
<<"Webserver statThread caught an exception, dying"<<endl
;
94 void *AuthWebServer::statThreadHelper(void *p
)
96 AuthWebServer
*self
=static_cast<AuthWebServer
*>(p
);
98 return 0; // never reached
101 void *AuthWebServer::webThreadHelper(void *p
)
103 AuthWebServer
*self
=static_cast<AuthWebServer
*>(p
);
105 return 0; // never reached
108 static string
htmlescape(const string
&s
) {
110 for(string::const_iterator it
=s
.begin(); it
!=s
.end(); ++it
) {
131 void printtable(ostringstream
&ret
, const string
&ringname
, const string
&title
, int limit
=10)
135 vector
<pair
<string
,unsigned int> >ring
=S
.getRing(ringname
);
137 for(vector
<pair
<string
, unsigned int> >::const_iterator i
=ring
.begin(); i
!=ring
.end();++i
) {
142 ret
<<"<div class=\"panel\">";
143 ret
<<"<span class=resetring><i></i><a href=\"?resetring="<<htmlescape(ringname
)<<"\">Reset</a></span>"<<endl
;
144 ret
<<"<h2>"<<title
<<"</h2>"<<endl
;
145 ret
<<"<div class=ringmeta>";
146 ret
<<"<a class=topXofY href=\"?ring="<<htmlescape(ringname
)<<"\">Showing: Top "<<limit
<<" of "<<entries
<<"</a>"<<endl
;
147 ret
<<"<span class=resizering>Resize: ";
148 unsigned int sizes
[]={10,100,500,1000,10000,500000,0};
149 for(int i
=0;sizes
[i
];++i
) {
150 if(S
.getRingSize(ringname
)!=sizes
[i
])
151 ret
<<"<a href=\"?resizering="<<htmlescape(ringname
)<<"&size="<<sizes
[i
]<<"\">"<<sizes
[i
]<<"</a> ";
153 ret
<<"("<<sizes
[i
]<<") ";
155 ret
<<"</span></div>";
157 ret
<<"<table class=\"data\">";
159 int total
=max(1,tot
);
160 for(vector
<pair
<string
,unsigned int> >::const_iterator i
=ring
.begin();limit
&& i
!=ring
.end();++i
,--limit
) {
161 ret
<<"<tr><td>"<<htmlescape(i
->first
)<<"</td><td>"<<i
->second
<<"</td><td align=right>"<< AuthWebServer::makePercentage(i
->second
*100.0/total
)<<"</td>"<<endl
;
164 ret
<<"<tr><td colspan=3></td></tr>"<<endl
;
166 ret
<<"<tr><td><b>Rest:</b></td><td><b>"<<tot
-printed
<<"</b></td><td align=right><b>"<< AuthWebServer::makePercentage((tot
-printed
)*100.0/total
)<<"</b></td>"<<endl
;
168 ret
<<"<tr><td><b>Total:</b></td><td><b>"<<tot
<<"</b></td><td align=right><b>100%</b></td>";
169 ret
<<"</table></div>"<<endl
;
172 void AuthWebServer::printvars(ostringstream
&ret
)
174 ret
<<"<div class=panel><h2>Variables</h2><table class=\"data\">"<<endl
;
176 vector
<string
>entries
=S
.getEntries();
177 for(vector
<string
>::const_iterator i
=entries
.begin();i
!=entries
.end();++i
) {
178 ret
<<"<tr><td>"<<*i
<<"</td><td>"<<S
.read(*i
)<<"</td><td>"<<S
.getDescrip(*i
)<<"</td>"<<endl
;
181 ret
<<"</table></div>"<<endl
;
184 void AuthWebServer::printargs(ostringstream
&ret
)
186 ret
<<"<table border=1><tr><td colspan=3 bgcolor=\"#0000ff\"><font color=\"#ffffff\">Arguments</font></td>"<<endl
;
188 vector
<string
>entries
=arg().list();
189 for(vector
<string
>::const_iterator i
=entries
.begin();i
!=entries
.end();++i
) {
190 ret
<<"<tr><td>"<<*i
<<"</td><td>"<<arg()[*i
]<<"</td><td>"<<arg().getHelp(*i
)<<"</td>"<<endl
;
194 string
AuthWebServer::makePercentage(const double& val
)
196 return (boost::format("%.01f%%") % val
).str();
199 void AuthWebServer::indexfunction(HttpRequest
* req
, HttpResponse
* resp
)
201 if(!req
->getvars
["resetring"].empty()) {
202 if (S
.ringExists(req
->getvars
["resetring"]))
203 S
.resetRing(req
->getvars
["resetring"]);
205 resp
->headers
["Location"] = req
->url
.path
;
208 if(!req
->getvars
["resizering"].empty()){
209 int size
=std::stoi(req
->getvars
["size"]);
210 if (S
.ringExists(req
->getvars
["resizering"]) && size
> 0 && size
<= 500000)
211 S
.resizeRing(req
->getvars
["resizering"], std::stoi(req
->getvars
["size"]));
213 resp
->headers
["Location"] = req
->url
.path
;
219 ret
<<"<!DOCTYPE html>"<<endl
;
220 ret
<<"<html><head>"<<endl
;
221 ret
<<"<title>PowerDNS Authoritative Server Monitor</title>"<<endl
;
222 ret
<<"<link rel=\"stylesheet\" href=\"style.css\"/>"<<endl
;
223 ret
<<"</head><body>"<<endl
;
225 ret
<<"<div class=\"row\">"<<endl
;
226 ret
<<"<div class=\"headl columns\">";
227 ret
<<"<a href=\"/\" id=\"appname\">PowerDNS "<<htmlescape(VERSION
);
228 if(!arg()["config-name"].empty()) {
229 ret
<<" ["<<htmlescape(arg()["config-name"])<<"]";
231 ret
<<"</a></div>"<<endl
;
232 ret
<<"<div class=\"headr columns\"></div></div>";
233 ret
<<"<div class=\"row\"><div class=\"all columns\">";
235 time_t passed
=time(0)-s_starttime
;
238 humanDuration(passed
)<<
241 ret
<<"Queries/second, 1, 5, 10 minute averages: "<<std::setprecision(3)<<
242 (int)d_queries
.get1()<<", "<<
243 (int)d_queries
.get5()<<", "<<
244 (int)d_queries
.get10()<<". Max queries/second: "<<(int)d_queries
.getMax()<<
247 if(d_cachemisses
.get10()+d_cachehits
.get10()>0)
248 ret
<<"Cache hitrate, 1, 5, 10 minute averages: "<<
249 makePercentage((d_cachehits
.get1()*100.0)/((d_cachehits
.get1())+(d_cachemisses
.get1())))<<", "<<
250 makePercentage((d_cachehits
.get5()*100.0)/((d_cachehits
.get5())+(d_cachemisses
.get5())))<<", "<<
251 makePercentage((d_cachehits
.get10()*100.0)/((d_cachehits
.get10())+(d_cachemisses
.get10())))<<
254 if(d_qcachemisses
.get10()+d_qcachehits
.get10()>0)
255 ret
<<"Backend query cache hitrate, 1, 5, 10 minute averages: "<<std::setprecision(2)<<
256 makePercentage((d_qcachehits
.get1()*100.0)/((d_qcachehits
.get1())+(d_qcachemisses
.get1())))<<", "<<
257 makePercentage((d_qcachehits
.get5()*100.0)/((d_qcachehits
.get5())+(d_qcachemisses
.get5())))<<", "<<
258 makePercentage((d_qcachehits
.get10()*100.0)/((d_qcachehits
.get10())+(d_qcachemisses
.get10())))<<
261 ret
<<"Backend query load, 1, 5, 10 minute averages: "<<std::setprecision(3)<<
262 (int)d_qcachemisses
.get1()<<", "<<
263 (int)d_qcachemisses
.get5()<<", "<<
264 (int)d_qcachemisses
.get10()<<". Max queries/second: "<<(int)d_qcachemisses
.getMax()<<
267 ret
<<"Total queries: "<<S
.read("udp-queries")<<". Question/answer latency: "<<S
.read("latency")/1000.0<<"ms</p><br>"<<endl
;
268 if(req
->getvars
["ring"].empty()) {
269 vector
<string
>entries
=S
.listRings();
270 for(vector
<string
>::const_iterator i
=entries
.begin();i
!=entries
.end();++i
)
271 printtable(ret
,*i
,S
.getRingTitle(*i
));
274 if(arg().mustDo("webserver-print-arguments"))
277 else if(S
.ringExists(req
->getvars
["ring"]))
278 printtable(ret
,req
->getvars
["ring"],S
.getRingTitle(req
->getvars
["ring"]),100);
280 ret
<<"</div></div>"<<endl
;
281 ret
<<"<footer class=\"row\">"<<fullVersionString()<<"<br>© 2013 - 2018 <a href=\"http://www.powerdns.com/\">PowerDNS.COM BV</a>.</footer>"<<endl
;
282 ret
<<"</body></html>"<<endl
;
284 resp
->body
= ret
.str();
288 /** Helper to build a record content as needed. */
289 static inline string
makeRecordContent(const QType
& qtype
, const string
& content
, bool noDot
) {
290 // noDot: for backend storage, pass true. for API users, pass false.
291 auto drc
= DNSRecordContent::makeunique(qtype
.getCode(), QClass::IN
, content
);
292 return drc
->getZoneRepresentation(noDot
);
295 /** "Normalize" record content for API consumers. */
296 static inline string
makeApiRecordContent(const QType
& qtype
, const string
& content
) {
297 return makeRecordContent(qtype
, content
, false);
300 /** "Normalize" record content for backend storage. */
301 static inline string
makeBackendRecordContent(const QType
& qtype
, const string
& content
) {
302 return makeRecordContent(qtype
, content
, true);
305 static Json::object
getZoneInfo(const DomainInfo
& di
, DNSSECKeeper
*dk
) {
306 string zoneId
= apiZoneNameToId(di
.zone
);
307 vector
<string
> masters
;
308 for(const auto& m
: di
.masters
)
309 masters
.push_back(m
.toStringWithPortExcept(53));
311 return Json::object
{
312 // id is the canonical lookup key, which doesn't actually match the name (in some cases)
314 { "url", "/api/v1/servers/localhost/zones/" + zoneId
},
315 { "name", di
.zone
.toString() },
316 { "kind", di
.getKindString() },
317 { "dnssec", dk
->isSecuredZone(di
.zone
) },
318 { "account", di
.account
},
319 { "masters", masters
},
320 { "serial", (double)di
.serial
},
321 { "notified_serial", (double)di
.notified_serial
},
322 { "last_check", (double)di
.last_check
}
326 static bool shouldDoRRSets(HttpRequest
* req
) {
327 if (req
->getvars
.count("rrsets") == 0 || req
->getvars
["rrsets"] == "true")
329 if (req
->getvars
["rrsets"] == "false")
331 throw ApiException("'rrsets' request parameter value '"+req
->getvars
["rrsets"]+"' is not supported");
334 static void fillZone(const DNSName
& zonename
, HttpResponse
* resp
, bool doRRSets
) {
337 if(!B
.getDomainInfo(zonename
, di
)) {
338 throw HttpNotFoundException();
342 Json::object doc
= getZoneInfo(di
, &dk
);
343 // extra stuff getZoneInfo doesn't do for us (more expensive)
345 di
.backend
->getDomainMetadataOne(zonename
, "SOA-EDIT-API", soa_edit_api
);
346 doc
["soa_edit_api"] = soa_edit_api
;
348 di
.backend
->getDomainMetadataOne(zonename
, "SOA-EDIT", soa_edit
);
349 doc
["soa_edit"] = soa_edit
;
351 di
.backend
->getDomainMetadataOne(zonename
, "NSEC3PARAM", nsec3param
);
352 doc
["nsec3param"] = nsec3param
;
354 bool nsec3narrowbool
= false;
355 di
.backend
->getDomainMetadataOne(zonename
, "NSEC3NARROW", nsec3narrow
);
356 if (nsec3narrow
== "1")
357 nsec3narrowbool
= true;
358 doc
["nsec3narrow"] = nsec3narrowbool
;
361 di
.backend
->getDomainMetadataOne(zonename
, "API-RECTIFY", api_rectify
);
362 doc
["api_rectify"] = (api_rectify
== "1");
365 vector
<string
> tsig_master
, tsig_slave
;
366 di
.backend
->getDomainMetadata(zonename
, "TSIG-ALLOW-AXFR", tsig_master
);
367 di
.backend
->getDomainMetadata(zonename
, "AXFR-MASTER-TSIG", tsig_slave
);
369 Json::array tsig_master_keys
;
370 for (const auto& keyname
: tsig_master
) {
371 tsig_master_keys
.push_back(apiZoneNameToId(DNSName(keyname
)));
373 doc
["master_tsig_key_ids"] = tsig_master_keys
;
375 Json::array tsig_slave_keys
;
376 for (const auto& keyname
: tsig_slave
) {
377 tsig_slave_keys
.push_back(apiZoneNameToId(DNSName(keyname
)));
379 doc
["slave_tsig_key_ids"] = tsig_slave_keys
;
382 vector
<DNSResourceRecord
> records
;
383 vector
<Comment
> comments
;
385 // load all records + sort
387 DNSResourceRecord rr
;
388 di
.backend
->list(zonename
, di
.id
, true); // incl. disabled
389 while(di
.backend
->get(rr
)) {
390 if (!rr
.qtype
.getCode())
391 continue; // skip empty non-terminals
392 records
.push_back(rr
);
394 sort(records
.begin(), records
.end(), [](const DNSResourceRecord
& a
, const DNSResourceRecord
& b
) {
395 if (a
.qname
== b
.qname
) {
396 return b
.qtype
< a
.qtype
;
398 return b
.qname
< a
.qname
;
402 // load all comments + sort
405 di
.backend
->listComments(di
.id
);
406 while(di
.backend
->getComment(comment
)) {
407 comments
.push_back(comment
);
409 sort(comments
.begin(), comments
.end(), [](const Comment
& a
, const Comment
& b
) {
410 if (a
.qname
== b
.qname
) {
411 return b
.qtype
< a
.qtype
;
413 return b
.qname
< a
.qname
;
419 Json::array rrset_records
;
420 Json::array rrset_comments
;
421 DNSName current_qname
;
424 auto rit
= records
.begin();
425 auto cit
= comments
.begin();
427 while (rit
!= records
.end() || cit
!= comments
.end()) {
428 if (cit
== comments
.end() || (rit
!= records
.end() && (cit
->qname
.toString() <= rit
->qname
.toString() || cit
->qtype
< rit
->qtype
|| cit
->qtype
== rit
->qtype
))) {
429 current_qname
= rit
->qname
;
430 current_qtype
= rit
->qtype
;
433 current_qname
= cit
->qname
;
434 current_qtype
= cit
->qtype
;
438 while(rit
!= records
.end() && rit
->qname
== current_qname
&& rit
->qtype
== current_qtype
) {
439 ttl
= min(ttl
, rit
->ttl
);
440 rrset_records
.push_back(Json::object
{
441 { "disabled", rit
->disabled
},
442 { "content", makeApiRecordContent(rit
->qtype
, rit
->content
) }
446 while (cit
!= comments
.end() && cit
->qname
== current_qname
&& cit
->qtype
== current_qtype
) {
447 rrset_comments
.push_back(Json::object
{
448 { "modified_at", (double)cit
->modified_at
},
449 { "account", cit
->account
},
450 { "content", cit
->content
}
455 rrset
["name"] = current_qname
.toString();
456 rrset
["type"] = current_qtype
.getName();
457 rrset
["records"] = rrset_records
;
458 rrset
["comments"] = rrset_comments
;
459 rrset
["ttl"] = (double)ttl
;
460 rrsets
.push_back(rrset
);
462 rrset_records
.clear();
463 rrset_comments
.clear();
466 doc
["rrsets"] = rrsets
;
472 void productServerStatisticsFetch(map
<string
,string
>& out
)
474 vector
<string
> items
= S
.getEntries();
475 for(const string
& item
: items
) {
476 out
[item
] = std::to_string(S
.read(item
));
480 out
["uptime"] = std::to_string(time(0) - s_starttime
);
483 static void validateGatheredRRType(const DNSResourceRecord
& rr
) {
484 if (rr
.qtype
.getCode() == QType::OPT
|| rr
.qtype
.getCode() == QType::TSIG
) {
485 throw ApiException("RRset "+rr
.qname
.toString()+" IN "+rr
.qtype
.getName()+": invalid type given");
489 static void gatherRecords(const Json container
, const DNSName
& qname
, const QType qtype
, const int ttl
, vector
<DNSResourceRecord
>& new_records
, vector
<DNSResourceRecord
>& new_ptrs
) {
491 DNSResourceRecord rr
;
497 validateGatheredRRType(rr
);
498 for(auto record
: container
["records"].array_items()) {
499 string content
= stringFromJson(record
, "content");
500 rr
.disabled
= boolFromJson(record
, "disabled");
502 // validate that the client sent something we can actually parse, and require that data to be dotted.
504 if (rr
.qtype
.getCode() != QType::AAAA
) {
505 string tmp
= makeApiRecordContent(rr
.qtype
, content
);
506 if (!pdns_iequals(tmp
, content
)) {
507 throw std::runtime_error("Not in expected format (parsed as '"+tmp
+"')");
510 struct in6_addr tmpbuf
;
511 if (inet_pton(AF_INET6
, content
.c_str(), &tmpbuf
) != 1 || content
.find('.') != string::npos
) {
512 throw std::runtime_error("Invalid IPv6 address");
515 rr
.content
= makeBackendRecordContent(rr
.qtype
, content
);
517 catch(std::exception
& e
)
519 throw ApiException("Record "+rr
.qname
.toString()+"/"+rr
.qtype
.getName()+" '"+content
+"': "+e
.what());
522 if ((rr
.qtype
.getCode() == QType::A
|| rr
.qtype
.getCode() == QType::AAAA
) &&
523 boolFromJson(record
, "set-ptr", false) == true) {
524 DNSResourceRecord ptr
;
527 // verify that there's a zone for the PTR
529 if (!B
.getAuth(ptr
.qname
, QType(QType::PTR
), &sd
, false))
530 throw ApiException("Could not find domain for PTR '"+ptr
.qname
.toString()+"' requested for '"+ptr
.content
+"'");
532 ptr
.domain_id
= sd
.domain_id
;
533 new_ptrs
.push_back(ptr
);
536 new_records
.push_back(rr
);
540 static void gatherComments(const Json container
, const DNSName
& qname
, const QType qtype
, vector
<Comment
>& new_comments
) {
545 time_t now
= time(0);
546 for (auto comment
: container
["comments"].array_items()) {
547 c
.modified_at
= intFromJson(comment
, "modified_at", now
);
548 c
.content
= stringFromJson(comment
, "content");
549 c
.account
= stringFromJson(comment
, "account");
550 new_comments
.push_back(c
);
554 static void checkDefaultDNSSECAlgos() {
555 int k_algo
= DNSSECKeeper::shorthand2algorithm(::arg()["default-ksk-algorithm"]);
556 int z_algo
= DNSSECKeeper::shorthand2algorithm(::arg()["default-zsk-algorithm"]);
557 int k_size
= arg().asNum("default-ksk-size");
558 int z_size
= arg().asNum("default-zsk-size");
560 // Sanity check DNSSEC parameters
561 if (::arg()["default-zsk-algorithm"] != "") {
563 throw ApiException("default-ksk-algorithm setting is set to unknown algorithm: " + ::arg()["default-ksk-algorithm"]);
564 else if (k_algo
<= 10 && k_size
== 0)
565 throw ApiException("default-ksk-algorithm is set to an algorithm("+::arg()["default-ksk-algorithm"]+") that requires a non-zero default-ksk-size!");
568 if (::arg()["default-zsk-algorithm"] != "") {
570 throw ApiException("default-zsk-algorithm setting is set to unknown algorithm: " + ::arg()["default-zsk-algorithm"]);
571 else if (z_algo
<= 10 && z_size
== 0)
572 throw ApiException("default-zsk-algorithm is set to an algorithm("+::arg()["default-zsk-algorithm"]+") that requires a non-zero default-zsk-size!");
576 static void throwUnableToSecure(const DNSName
& zonename
) {
577 throw ApiException("No backend was able to secure '" + zonename
.toString() + "', most likely because no DNSSEC"
578 + "capable backends are loaded, or because the backends have DNSSEC disabled. Check your configuration.");
581 static void updateDomainSettingsFromDocument(UeberBackend
& B
, const DomainInfo
& di
, const DNSName
& zonename
, const Json document
) {
583 bool shouldRectify
= false;
584 for(auto value
: document
["masters"].array_items()) {
585 string master
= value
.string_value();
587 throw ApiException("Master can not be an empty string");
588 zonemaster
+= master
+ " ";
591 if (zonemaster
!= "") {
592 di
.backend
->setMaster(zonename
, zonemaster
);
594 if (document
["kind"].is_string()) {
595 di
.backend
->setKind(zonename
, DomainInfo::stringToKind(stringFromJson(document
, "kind")));
597 if (document
["soa_edit_api"].is_string()) {
598 di
.backend
->setDomainMetadataOne(zonename
, "SOA-EDIT-API", document
["soa_edit_api"].string_value());
600 if (document
["soa_edit"].is_string()) {
601 di
.backend
->setDomainMetadataOne(zonename
, "SOA-EDIT", document
["soa_edit"].string_value());
604 bool api_rectify
= boolFromJson(document
, "api_rectify");
605 di
.backend
->setDomainMetadataOne(zonename
, "API-RECTIFY", api_rectify
? "1" : "0");
607 catch (const JsonException
&) {}
609 if (document
["account"].is_string()) {
610 di
.backend
->setAccount(zonename
, document
["account"].string_value());
614 bool dnssecInJSON
= false;
615 bool dnssecDocVal
= false;
618 dnssecDocVal
= boolFromJson(document
, "dnssec");
621 catch (const JsonException
&) {}
623 bool isDNSSECZone
= dk
.isSecuredZone(zonename
);
628 checkDefaultDNSSECAlgos();
630 int k_algo
= DNSSECKeeper::shorthand2algorithm(::arg()["default-ksk-algorithm"]);
631 int z_algo
= DNSSECKeeper::shorthand2algorithm(::arg()["default-zsk-algorithm"]);
632 int k_size
= arg().asNum("default-ksk-size");
633 int z_size
= arg().asNum("default-zsk-size");
637 if (!dk
.addKey(zonename
, true, k_algo
, id
, k_size
)) {
638 throwUnableToSecure(zonename
);
644 if (!dk
.addKey(zonename
, false, z_algo
, id
, z_size
)) {
645 throwUnableToSecure(zonename
);
649 // Used later for NSEC3PARAM
650 isDNSSECZone
= dk
.isSecuredZone(zonename
);
653 throwUnableToSecure(zonename
);
655 shouldRectify
= true;
658 // "dnssec": false in json
661 if (!dk
.unSecureZone(zonename
, error
, info
)) {
662 throw ApiException("Error while un-securing zone '"+ zonename
.toString()+"': " + error
);
664 isDNSSECZone
= dk
.isSecuredZone(zonename
);
666 throw ApiException("Unable to un-secure zone '"+ zonename
.toString()+"'");
668 shouldRectify
= true;
673 if(document
["nsec3param"].string_value().length() > 0) {
674 shouldRectify
= true;
675 NSEC3PARAMRecordContent
ns3pr(document
["nsec3param"].string_value());
676 string error_msg
= "";
678 throw ApiException("NSEC3PARAMs provided for zone '"+zonename
.toString()+"', but zone is not DNSSEC secured.");
680 if (!dk
.checkNSEC3PARAM(ns3pr
, error_msg
)) {
681 throw ApiException("NSEC3PARAMs provided for zone '"+zonename
.toString()+"' are invalid. " + error_msg
);
683 if (!dk
.setNSEC3PARAM(zonename
, ns3pr
, boolFromJson(document
, "nsec3narrow", false))) {
684 throw ApiException("NSEC3PARAMs provided for zone '" + zonename
.toString() +
685 "' passed our basic sanity checks, but cannot be used with the current backend.");
689 if (shouldRectify
&& !dk
.isPresigned(zonename
)) {
692 di
.backend
->getDomainMetadataOne(zonename
, "API-RECTIFY", api_rectify
);
693 if (api_rectify
== "1") {
696 if (!dk
.rectifyZone(zonename
, error_msg
, info
, true)) {
697 throw ApiException("Failed to rectify '" + zonename
.toString() + "' " + error_msg
);
702 string soa_edit_api_kind
;
703 di
.backend
->getDomainMetadataOne(zonename
, "SOA-EDIT-API", soa_edit_api_kind
);
704 if (!soa_edit_api_kind
.empty()) {
706 if (!B
.getSOAUncached(zonename
, sd
, true))
709 string soa_edit_kind
;
710 di
.backend
->getDomainMetadataOne(zonename
, "SOA-EDIT", soa_edit_kind
);
712 DNSResourceRecord rr
;
713 if (makeIncreasedSOARecord(sd
, soa_edit_api_kind
, soa_edit_kind
, rr
)) {
714 if (!di
.backend
->replaceRRSet(di
.id
, rr
.qname
, rr
.qtype
, vector
<DNSResourceRecord
>(1, rr
))) {
715 throw ApiException("Hosting backend does not support editing records.");
721 if (!document
["master_tsig_key_ids"].is_null()) {
722 vector
<string
> metadata
;
723 for(auto value
: document
["master_tsig_key_ids"].array_items()) {
724 auto keyname(value
.string_value());
725 // XXX test if the key actually exists?
726 metadata
.push_back(apiZoneIdToName(keyname
).toString());
728 if (!di
.backend
->setDomainMetadata(zonename
, "TSIG-ALLOW-AXFR", metadata
)) {
729 throw ApiException("Unable to set new TSIG master keys for zone '" + zonename
.toLogString() + "'");
732 if (!document
["slave_tsig_key_ids"].is_null()) {
733 vector
<string
> metadata
;
734 for(auto value
: document
["slave_tsig_key_ids"].array_items()) {
735 auto keyname(value
.string_value());
736 // XXX test if the key actually exists?
737 metadata
.push_back(apiZoneIdToName(keyname
).toString());
739 if (!di
.backend
->setDomainMetadata(zonename
, "AXFR-MASTER-TSIG", metadata
)) {
740 throw ApiException("Unable to set new TSIG slave keys for zone '" + zonename
.toLogString() + "'");
745 static bool isValidMetadataKind(const string
& kind
, bool readonly
) {
746 static vector
<string
> builtinOptions
{
749 "ALLOW-DNSUPDATE-FROM",
750 "TSIG-ALLOW-DNSUPDATE",
752 "SOA-EDIT-DNSUPDATE",
756 "GSS-ALLOW-AXFR-PRINCIPAL",
757 "GSS-ACCEPTOR-PRINCIPAL",
767 "TSIG-ALLOW-DNSUPDATE"
770 // the following options do not allow modifications via API
771 static vector
<string
> protectedOptions
{
781 if (kind
.find("X-") == 0)
786 for (const string
& s
: builtinOptions
) {
788 for (const string
& s2
: protectedOptions
) {
789 if (!readonly
&& s
== s2
)
800 static void apiZoneMetadata(HttpRequest
* req
, HttpResponse
*resp
) {
801 DNSName zonename
= apiZoneIdToName(req
->parameters
["id"]);
805 if (!B
.getDomainInfo(zonename
, di
)) {
806 throw HttpNotFoundException();
809 if (req
->method
== "GET") {
810 map
<string
, vector
<string
> > md
;
811 Json::array document
;
813 if (!B
.getAllDomainMetadata(zonename
, md
))
814 throw HttpNotFoundException();
816 for (const auto& i
: md
) {
818 for (string j
: i
.second
)
819 entries
.push_back(j
);
822 { "type", "Metadata" },
824 { "metadata", entries
}
827 document
.push_back(key
);
830 resp
->setBody(document
);
831 } else if (req
->method
== "POST" && !::arg().mustDo("api-readonly")) {
832 auto document
= req
->json();
834 vector
<string
> entries
;
837 kind
= stringFromJson(document
, "kind");
838 } catch (const JsonException
&) {
839 throw ApiException("kind is not specified or not a string");
842 if (!isValidMetadataKind(kind
, false))
843 throw ApiException("Unsupported metadata kind '" + kind
+ "'");
845 vector
<string
> vecMetadata
;
847 if (!B
.getDomainMetadata(zonename
, kind
, vecMetadata
))
848 throw ApiException("Could not retrieve metadata entries for domain '" +
849 zonename
.toString() + "'");
851 auto& metadata
= document
["metadata"];
852 if (!metadata
.is_array())
853 throw ApiException("metadata is not specified or not an array");
855 for (const auto& i
: metadata
.array_items()) {
857 throw ApiException("metadata must be strings");
858 else if (std::find(vecMetadata
.cbegin(),
860 i
.string_value()) == vecMetadata
.cend()) {
861 vecMetadata
.push_back(i
.string_value());
865 if (!B
.setDomainMetadata(zonename
, kind
, vecMetadata
))
866 throw ApiException("Could not update metadata entries for domain '" +
867 zonename
.toString() + "'");
869 Json::array respMetadata
;
870 for (const string
& s
: vecMetadata
)
871 respMetadata
.push_back(s
);
874 { "type", "Metadata" },
875 { "kind", document
["kind"] },
876 { "metadata", respMetadata
}
882 throw HttpMethodNotAllowedException();
885 static void apiZoneMetadataKind(HttpRequest
* req
, HttpResponse
* resp
) {
886 DNSName zonename
= apiZoneIdToName(req
->parameters
["id"]);
890 if (!B
.getDomainInfo(zonename
, di
)) {
891 throw HttpNotFoundException();
894 string kind
= req
->parameters
["kind"];
896 if (req
->method
== "GET") {
897 vector
<string
> metadata
;
898 Json::object document
;
901 if (!B
.getDomainMetadata(zonename
, kind
, metadata
))
902 throw HttpNotFoundException();
903 else if (!isValidMetadataKind(kind
, true))
904 throw ApiException("Unsupported metadata kind '" + kind
+ "'");
906 document
["type"] = "Metadata";
907 document
["kind"] = kind
;
909 for (const string
& i
: metadata
)
910 entries
.push_back(i
);
912 document
["metadata"] = entries
;
913 resp
->setBody(document
);
914 } else if (req
->method
== "PUT" && !::arg().mustDo("api-readonly")) {
915 auto document
= req
->json();
917 if (!isValidMetadataKind(kind
, false))
918 throw ApiException("Unsupported metadata kind '" + kind
+ "'");
920 vector
<string
> vecMetadata
;
921 auto& metadata
= document
["metadata"];
922 if (!metadata
.is_array())
923 throw ApiException("metadata is not specified or not an array");
925 for (const auto& i
: metadata
.array_items()) {
927 throw ApiException("metadata must be strings");
928 vecMetadata
.push_back(i
.string_value());
931 if (!B
.setDomainMetadata(zonename
, kind
, vecMetadata
))
932 throw ApiException("Could not update metadata entries for domain '" + zonename
.toString() + "'");
935 { "type", "Metadata" },
937 { "metadata", metadata
}
941 } else if (req
->method
== "DELETE" && !::arg().mustDo("api-readonly")) {
942 if (!isValidMetadataKind(kind
, false))
943 throw ApiException("Unsupported metadata kind '" + kind
+ "'");
945 vector
<string
> md
; // an empty vector will do it
946 if (!B
.setDomainMetadata(zonename
, kind
, md
))
947 throw ApiException("Could not delete metadata for domain '" + zonename
.toString() + "' (" + kind
+ ")");
949 throw HttpMethodNotAllowedException();
952 // Throws 404 if the key with inquireKeyId does not exist
953 static void apiZoneCryptoKeysCheckKeyExists(DNSName zonename
, int inquireKeyId
, DNSSECKeeper
*dk
) {
954 DNSSECKeeper::keyset_t keyset
=dk
->getKeys(zonename
, false);
956 for(const auto& value
: keyset
) {
957 if (value
.second
.id
== (unsigned) inquireKeyId
) {
963 throw HttpNotFoundException();
967 static void apiZoneCryptokeysGET(DNSName zonename
, int inquireKeyId
, HttpResponse
*resp
, DNSSECKeeper
*dk
) {
968 DNSSECKeeper::keyset_t keyset
=dk
->getKeys(zonename
, false);
970 bool inquireSingleKey
= inquireKeyId
>= 0;
973 for(const auto& value
: keyset
) {
974 if (inquireSingleKey
&& (unsigned)inquireKeyId
!= value
.second
.id
) {
979 switch (value
.second
.keyType
) {
980 case DNSSECKeeper::KSK
: keyType
="ksk"; break;
981 case DNSSECKeeper::ZSK
: keyType
="zsk"; break;
982 case DNSSECKeeper::CSK
: keyType
="csk"; break;
986 { "type", "Cryptokey" },
987 { "id", (int)value
.second
.id
},
988 { "active", value
.second
.active
},
989 { "keytype", keyType
},
990 { "flags", (uint16_t)value
.first
.d_flags
},
991 { "dnskey", value
.first
.getDNSKEY().getZoneRepresentation() },
992 { "algorithm", DNSSECKeeper::algorithm2name(value
.first
.d_algorithm
) },
993 { "bits", value
.first
.getKey()->getBits() }
996 if (value
.second
.keyType
== DNSSECKeeper::KSK
|| value
.second
.keyType
== DNSSECKeeper::CSK
) {
998 for(const uint8_t keyid
: { DNSSECKeeper::SHA1
, DNSSECKeeper::SHA256
, DNSSECKeeper::GOST
, DNSSECKeeper::SHA384
})
1000 dses
.push_back(makeDSFromDNSKey(zonename
, value
.first
.getDNSKEY(), keyid
).getZoneRepresentation());
1005 if (inquireSingleKey
) {
1006 key
["privatekey"] = value
.first
.getKey()->convertToISC();
1013 if (inquireSingleKey
) {
1014 // we came here because we couldn't find the requested key.
1015 throw HttpNotFoundException();
1022 * This method handles DELETE requests for URL /api/v1/servers/:server_id/zones/:zone_name/cryptokeys/:cryptokey_id .
1023 * It deletes a key from :zone_name specified by :cryptokey_id.
1025 * Case 1: the backend returns true on removal. This means the key is gone.
1026 * The server returns 204 No Content, no body.
1027 * Case 2: the backend returns false on removal. An error occurred.
1028 * The server returns 422 Unprocessable Entity with message "Could not DELETE :cryptokey_id".
1029 * Case 3: the key or zone does not exist.
1030 * The server returns 404 Not Found
1032 static void apiZoneCryptokeysDELETE(DNSName zonename
, int inquireKeyId
, HttpRequest
*req
, HttpResponse
*resp
, DNSSECKeeper
*dk
) {
1033 if (dk
->removeKey(zonename
, inquireKeyId
)) {
1037 resp
->setErrorResult("Could not DELETE " + req
->parameters
["key_id"], 422);
1042 * This method adds a key to a zone by generate it or content parameter.
1045 * "privatekey" : "key The format used is compatible with BIND and NSD/LDNS" <string>
1046 * "keytype" : "ksk|zsk" <string>
1047 * "active" : "true|false" <value>
1048 * "algorithm" : "key generation algorithm name as default"<string> https://doc.powerdns.com/md/authoritative/dnssec/#supported-algorithms
1049 * "bits" : number of bits <int>
1053 * Case 1: keytype isn't ksk|zsk
1054 * The server returns 422 Unprocessable Entity {"error" : "Invalid keytype 'keytype'"}
1055 * Case 2: 'bits' must be a positive integer value.
1056 * The server returns 422 Unprocessable Entity {"error" : "'bits' must be a positive integer value."}
1057 * Case 3: The "algorithm" isn't supported
1058 * The server returns 422 Unprocessable Entity {"error" : "Unknown algorithm: 'algo'"}
1059 * Case 4: Algorithm <= 10 and no bits were passed
1060 * The server returns 422 Unprocessable Entity {"error" : "Creating an algorithm algo key requires the size (in bits) to be passed"}
1061 * Case 5: The wrong keysize was passed
1062 * The server returns 422 Unprocessable Entity {"error" : "The algorithm does not support the given bit size."}
1063 * Case 6: If the server cant guess the keysize
1064 * The server returns 422 Unprocessable Entity {"error" : "Can not guess key size for algorithm"}
1065 * Case 7: The key-creation failed
1066 * The server returns 422 Unprocessable Entity {"error" : "Adding key failed, perhaps DNSSEC not enabled in configuration?"}
1067 * Case 8: The key in content has the wrong format
1068 * The server returns 422 Unprocessable Entity {"error" : "Key could not be parsed. Make sure your key format is correct."}
1069 * Case 9: The wrong combination of fields is submitted
1070 * The server returns 422 Unprocessable Entity {"error" : "Either you submit just the 'content' field or you leave 'content' empty and submit the other fields."}
1071 * Case 10: No content and everything was fine
1072 * The server returns 201 Created and all public data about the new cryptokey
1073 * Case 11: With specified content
1074 * The server returns 201 Created and all public data about the added cryptokey
1077 static void apiZoneCryptokeysPOST(DNSName zonename
, HttpRequest
*req
, HttpResponse
*resp
, DNSSECKeeper
*dk
) {
1078 auto document
= req
->json();
1079 string privatekey_fieldname
= "privatekey";
1080 auto privatekey
= document
["privatekey"];
1081 if (privatekey
.is_null()) {
1082 // Fallback to the old "content" behaviour
1083 privatekey
= document
["content"];
1084 privatekey_fieldname
= "content";
1086 bool active
= boolFromJson(document
, "active", false);
1089 if (stringFromJson(document
, "keytype") == "ksk" || stringFromJson(document
, "keytype") == "csk") {
1091 } else if (stringFromJson(document
, "keytype") == "zsk") {
1094 throw ApiException("Invalid keytype " + stringFromJson(document
, "keytype"));
1097 int64_t insertedId
= -1;
1099 if (privatekey
.is_null()) {
1100 int bits
= keyOrZone
? ::arg().asNum("default-ksk-size") : ::arg().asNum("default-zsk-size");
1101 auto docbits
= document
["bits"];
1102 if (!docbits
.is_null()) {
1103 if (!docbits
.is_number() || (fmod(docbits
.number_value(), 1.0) != 0) || docbits
.int_value() < 0) {
1104 throw ApiException("'bits' must be a positive integer value");
1106 bits
= docbits
.int_value();
1109 int algorithm
= DNSSECKeeper::shorthand2algorithm(keyOrZone
? ::arg()["default-ksk-algorithm"] : ::arg()["default-zsk-algorithm"]);
1110 auto providedAlgo
= document
["algorithm"];
1111 if (providedAlgo
.is_string()) {
1112 algorithm
= DNSSECKeeper::shorthand2algorithm(providedAlgo
.string_value());
1113 if (algorithm
== -1)
1114 throw ApiException("Unknown algorithm: " + providedAlgo
.string_value());
1115 } else if (providedAlgo
.is_number()) {
1116 algorithm
= providedAlgo
.int_value();
1117 } else if (!providedAlgo
.is_null()) {
1118 throw ApiException("Unknown algorithm: " + providedAlgo
.string_value());
1122 if (!dk
->addKey(zonename
, keyOrZone
, algorithm
, insertedId
, bits
, active
)) {
1123 throw ApiException("Adding key failed, perhaps DNSSEC not enabled in configuration?");
1125 } catch (std::runtime_error
& error
) {
1126 throw ApiException(error
.what());
1129 throw ApiException("Adding key failed, perhaps DNSSEC not enabled in configuration?");
1130 } else if (document
["bits"].is_null() && document
["algorithm"].is_null()) {
1131 auto keyData
= stringFromJson(document
, privatekey_fieldname
);
1132 DNSKEYRecordContent dkrc
;
1133 DNSSECPrivateKey dpk
;
1135 shared_ptr
<DNSCryptoKeyEngine
> dke(DNSCryptoKeyEngine::makeFromISCString(dkrc
, keyData
));
1136 dpk
.d_algorithm
= dkrc
.d_algorithm
;
1137 // TODO remove in 4.2.0
1138 if(dpk
.d_algorithm
== DNSSECKeeper::RSASHA1NSEC3SHA1
)
1139 dpk
.d_algorithm
= DNSSECKeeper::RSASHA1
;
1148 catch (std::runtime_error
& error
) {
1149 throw ApiException("Key could not be parsed. Make sure your key format is correct.");
1151 if (!dk
->addKey(zonename
, dpk
,insertedId
, active
)) {
1152 throw ApiException("Adding key failed, perhaps DNSSEC not enabled in configuration?");
1154 } catch (std::runtime_error
& error
) {
1155 throw ApiException(error
.what());
1158 throw ApiException("Adding key failed, perhaps DNSSEC not enabled in configuration?");
1160 throw ApiException("Either you submit just the 'privatekey' field or you leave 'privatekey' empty and submit the other fields.");
1162 apiZoneCryptokeysGET(zonename
, insertedId
, resp
, dk
);
1167 * This method handles PUT (execute) requests for URL /api/v1/servers/:server_id/zones/:zone_name/cryptokeys/:cryptokey_id .
1168 * It de/activates a key from :zone_name specified by :cryptokey_id.
1170 * Case 1: invalid JSON data
1171 * The server returns 400 Bad Request
1172 * Case 2: the backend returns true on de/activation. This means the key is de/active.
1173 * The server returns 204 No Content
1174 * Case 3: the backend returns false on de/activation. An error occurred.
1175 * The sever returns 422 Unprocessable Entity with message "Could not de/activate Key: :cryptokey_id in Zone: :zone_name"
1177 static void apiZoneCryptokeysPUT(DNSName zonename
, int inquireKeyId
, HttpRequest
*req
, HttpResponse
*resp
, DNSSECKeeper
*dk
) {
1178 //throws an exception if the Body is empty
1179 auto document
= req
->json();
1180 //throws an exception if the key does not exist or is not a bool
1181 bool active
= boolFromJson(document
, "active");
1183 if (!dk
->activateKey(zonename
, inquireKeyId
)) {
1184 resp
->setErrorResult("Could not activate Key: " + req
->parameters
["key_id"] + " in Zone: " + zonename
.toString(), 422);
1188 if (!dk
->deactivateKey(zonename
, inquireKeyId
)) {
1189 resp
->setErrorResult("Could not deactivate Key: " + req
->parameters
["key_id"] + " in Zone: " + zonename
.toString(), 422);
1199 * This method chooses the right functionality for the request. It also checks for a cryptokey_id which has to be passed
1200 * by URL /api/v1/servers/:server_id/zones/:zone_name/cryptokeys/:cryptokey_id .
1201 * If the the HTTP-request-method isn't supported, the function returns a response with the 405 code (method not allowed).
1203 static void apiZoneCryptokeys(HttpRequest
*req
, HttpResponse
*resp
) {
1204 DNSName zonename
= apiZoneIdToName(req
->parameters
["id"]);
1207 DNSSECKeeper
dk(&B
);
1209 if (!B
.getDomainInfo(zonename
, di
)) {
1210 throw HttpNotFoundException();
1213 int inquireKeyId
= -1;
1214 if (req
->parameters
.count("key_id")) {
1215 inquireKeyId
= std::stoi(req
->parameters
["key_id"]);
1216 apiZoneCryptoKeysCheckKeyExists(zonename
, inquireKeyId
, &dk
);
1219 if (req
->method
== "GET") {
1220 apiZoneCryptokeysGET(zonename
, inquireKeyId
, resp
, &dk
);
1221 } else if (req
->method
== "DELETE" && !::arg().mustDo("api-readonly")) {
1222 if (inquireKeyId
== -1)
1223 throw HttpBadRequestException();
1224 apiZoneCryptokeysDELETE(zonename
, inquireKeyId
, req
, resp
, &dk
);
1225 } else if (req
->method
== "POST" && !::arg().mustDo("api-readonly")) {
1226 apiZoneCryptokeysPOST(zonename
, req
, resp
, &dk
);
1227 } else if (req
->method
== "PUT" && !::arg().mustDo("api-readonly")) {
1228 if (inquireKeyId
== -1)
1229 throw HttpBadRequestException();
1230 apiZoneCryptokeysPUT(zonename
, inquireKeyId
, req
, resp
, &dk
);
1232 throw HttpMethodNotAllowedException(); //Returns method not allowed
1236 static void gatherRecordsFromZone(const std::string
& zonestring
, vector
<DNSResourceRecord
>& new_records
, DNSName zonename
) {
1237 DNSResourceRecord rr
;
1238 vector
<string
> zonedata
;
1239 stringtok(zonedata
, zonestring
, "\r\n");
1241 ZoneParserTNG
zpt(zonedata
, zonename
);
1245 string comment
= "Imported via the API";
1248 while(zpt
.get(rr
, &comment
)) {
1249 if(seenSOA
&& rr
.qtype
.getCode() == QType::SOA
)
1251 if(rr
.qtype
.getCode() == QType::SOA
)
1253 validateGatheredRRType(rr
);
1255 new_records
.push_back(rr
);
1258 catch(std::exception
& ae
) {
1259 throw ApiException("An error occurred while parsing the zonedata: "+string(ae
.what()));
1263 /** Throws ApiException if records with duplicate name/type/content are present.
1264 * NOTE: sorts records in-place.
1266 static void checkDuplicateRecords(vector
<DNSResourceRecord
>& records
) {
1267 sort(records
.begin(), records
.end(),
1268 [](const DNSResourceRecord
& rec_a
, const DNSResourceRecord
& rec_b
) -> bool {
1269 return rec_a
.qname
.toString() > rec_b
.qname
.toString() || \
1270 rec_a
.qtype
.getCode() > rec_b
.qtype
.getCode() || \
1271 rec_a
.content
< rec_b
.content
;
1274 DNSResourceRecord previous
;
1275 for(const auto& rec
: records
) {
1276 if (previous
.qtype
== rec
.qtype
&& previous
.qname
== rec
.qname
&& previous
.content
== rec
.content
) {
1277 throw ApiException("Duplicate record in RRset " + rec
.qname
.toString() + " IN " + rec
.qtype
.getName() + " with content \"" + rec
.content
+ "\"");
1283 static void checkTSIGKey(UeberBackend
& B
, const DNSName
& keyname
, const DNSName
& algo
, const string
& content
) {
1285 string contentFromDB
;
1286 B
.getTSIGKey(keyname
, &algoFromDB
, &contentFromDB
);
1287 if (!contentFromDB
.empty() || !algoFromDB
.empty()) {
1288 throw ApiException("A TSIG key with the name '"+keyname
.toLogString()+"' already exists");
1292 if (!getTSIGHashEnum(algo
, the
)) {
1293 throw ApiException("Unknown TSIG algorithm: " + algo
.toLogString());
1297 if (B64Decode(content
, b64out
) == -1) {
1298 throw ApiException("TSIG content '" + content
+ "' cannot be base64-decoded");
1302 static Json::object
makeJSONTSIGKey(const DNSName
& keyname
, const DNSName
& algo
, const string
& content
) {
1303 Json::object tsigkey
= {
1304 { "name", keyname
.toStringNoDot() },
1305 { "id", apiZoneNameToId(keyname
) },
1306 { "algorithm", algo
.toStringNoDot() },
1308 { "type", "TSIGKey" }
1313 static Json::object
makeJSONTSIGKey(const struct TSIGKey
& key
) {
1314 return makeJSONTSIGKey(key
.name
, key
.algorithm
, key
.key
);
1317 static void apiServerTsigKeys(HttpRequest
* req
, HttpResponse
* resp
) {
1319 if (req
->method
== "GET") {
1320 vector
<struct TSIGKey
> keys
;
1322 if (!B
.getTSIGKeys(keys
)) {
1323 throw ApiException("Unable to retrieve TSIG keys");
1328 for(const auto &key
: keys
) {
1329 doc
.push_back(makeJSONTSIGKey(key
));
1332 } else if (req
->method
== "POST" && !::arg().mustDo("api-readonly")) {
1333 auto document
= req
->json();
1334 DNSName
keyname(stringFromJson(document
, "name"));
1335 DNSName
algo(stringFromJson(document
, "algorithm"));
1336 string
content(stringFromJson(document
, "key"));
1338 if (content
.empty()) {
1340 if (algo
.toStringNoDot() == "hmac-md5"
1341 || algo
.toStringNoDot() == "hmac-sha1"
1342 || algo
.toStringNoDot() == "hmac-sha224") {
1346 for(size_t i
= 0; i
< klen
; i
+=4) {
1347 *(unsigned int*)(tmpkey
+i
) = dns_random(0xffffffff);
1349 content
= Base64Encode(std::string(tmpkey
, klen
));
1352 // Will throw and ApiException on error
1353 checkTSIGKey(B
, keyname
, algo
, content
);
1355 if(!B
.setTSIGKey(keyname
, algo
, content
)) {
1356 throw ApiException("Unable to add TSIG key");
1360 resp
->setBody(makeJSONTSIGKey(keyname
, algo
, content
));
1362 throw HttpMethodNotAllowedException();
1366 static void apiServerTsigKeyDetail(HttpRequest
* req
, HttpResponse
* resp
) {
1368 DNSName keyname
= apiZoneIdToName(req
->parameters
["id"]);
1372 if (!B
.getTSIGKey(keyname
, &algo
, &content
)) {
1373 throw ApiException("Unable to retrieve TSIG key with id '"+keyname
.toLogString()+"'");
1376 json11::Json document
;
1378 if (!req
->body
.empty()) {
1379 document
= req
->json();
1384 tsk
.algorithm
= algo
;
1387 if (req
->method
== "GET") {
1388 resp
->setBody(makeJSONTSIGKey(tsk
));
1389 } else if (req
->method
== "PUT" && !::arg().mustDo("api-readonly")) {
1390 if (document
["name"].is_string()) {
1391 tsk
.name
= DNSName(document
["name"].string_value());
1393 if (document
["algorithm"].is_string()) {
1394 tsk
.algorithm
= DNSName(document
["algorithm"].string_value());
1397 if (!getTSIGHashEnum(tsk
.algorithm
, the
)) {
1398 throw ApiException("Unknown TSIG algorithm: " + tsk
.algorithm
.toLogString());
1401 if (document
["key"].is_string()) {
1402 string new_content
= document
["key"].string_value();
1404 if (B64Decode(new_content
, decoded
) == -1) {
1405 throw ApiException("Can not base64 decode key content '" + new_content
+ "'");
1407 tsk
.key
= new_content
;
1409 if (!B
.setTSIGKey(tsk
.name
, tsk
.algorithm
, tsk
.key
)) {
1410 throw ApiException("Unable to save TSIG Key");
1412 if (tsk
.name
!= keyname
) {
1413 // Remove the old key
1414 if (!B
.deleteTSIGKey(keyname
)) {
1415 throw ApiException("Unable to remove TSIG key '" + keyname
.toStringNoDot() + "'");
1418 resp
->setBody(makeJSONTSIGKey(tsk
));
1419 } else if (req
->method
== "DELETE" && !::arg().mustDo("api-readonly")) {
1420 if (!B
.deleteTSIGKey(keyname
)) {
1421 throw ApiException("Unable to remove TSIG key '" + keyname
.toStringNoDot() + "'");
1427 throw HttpMethodNotAllowedException();
1431 static void apiServerZones(HttpRequest
* req
, HttpResponse
* resp
) {
1433 DNSSECKeeper
dk(&B
);
1434 if (req
->method
== "POST" && !::arg().mustDo("api-readonly")) {
1436 auto document
= req
->json();
1437 DNSName zonename
= apiNameToDNSName(stringFromJson(document
, "name"));
1438 apiCheckNameAllowedCharacters(zonename
.toString());
1439 zonename
.makeUsLowerCase();
1441 bool exists
= B
.getDomainInfo(zonename
, di
);
1443 throw HttpConflictException();
1445 // validate 'kind' is set
1446 DomainInfo::DomainKind zonekind
= DomainInfo::stringToKind(stringFromJson(document
, "kind"));
1448 string zonestring
= document
["zone"].string_value();
1449 auto rrsets
= document
["rrsets"];
1450 if (rrsets
.is_array() && zonestring
!= "")
1451 throw ApiException("You cannot give rrsets AND zone data as text");
1453 auto nameservers
= document
["nameservers"];
1454 if (!nameservers
.is_array() && zonekind
!= DomainInfo::Slave
)
1455 throw ApiException("Nameservers list must be given (but can be empty if NS records are supplied)");
1457 string soa_edit_api_kind
;
1458 if (document
["soa_edit_api"].is_string()) {
1459 soa_edit_api_kind
= document
["soa_edit_api"].string_value();
1462 soa_edit_api_kind
= "DEFAULT";
1464 string soa_edit_kind
= document
["soa_edit"].string_value();
1466 // if records/comments are given, load and check them
1467 bool have_soa
= false;
1468 bool have_zone_ns
= false;
1469 vector
<DNSResourceRecord
> new_records
;
1470 vector
<Comment
> new_comments
;
1471 vector
<DNSResourceRecord
> new_ptrs
;
1473 if (rrsets
.is_array()) {
1474 for (const auto& rrset
: rrsets
.array_items()) {
1475 DNSName qname
= apiNameToDNSName(stringFromJson(rrset
, "name"));
1476 apiCheckQNameAllowedCharacters(qname
.toString());
1478 qtype
= stringFromJson(rrset
, "type");
1479 if (qtype
.getCode() == 0) {
1480 throw ApiException("RRset "+qname
.toString()+" IN "+stringFromJson(rrset
, "type")+": unknown type given");
1482 if (rrset
["records"].is_array()) {
1483 int ttl
= intFromJson(rrset
, "ttl");
1484 gatherRecords(rrset
, qname
, qtype
, ttl
, new_records
, new_ptrs
);
1486 if (rrset
["comments"].is_array()) {
1487 gatherComments(rrset
, qname
, qtype
, new_comments
);
1490 } else if (zonestring
!= "") {
1491 gatherRecordsFromZone(zonestring
, new_records
, zonename
);
1494 for(auto& rr
: new_records
) {
1495 rr
.qname
.makeUsLowerCase();
1496 if (!rr
.qname
.isPartOf(zonename
) && rr
.qname
!= zonename
)
1497 throw ApiException("RRset "+rr
.qname
.toString()+" IN "+rr
.qtype
.getName()+": Name is out of zone");
1498 apiCheckQNameAllowedCharacters(rr
.qname
.toString());
1500 if (rr
.qtype
.getCode() == QType::SOA
&& rr
.qname
==zonename
) {
1502 increaseSOARecord(rr
, soa_edit_api_kind
, soa_edit_kind
);
1504 if (rr
.qtype
.getCode() == QType::NS
&& rr
.qname
==zonename
) {
1505 have_zone_ns
= true;
1509 // synthesize RRs as needed
1510 DNSResourceRecord autorr
;
1511 autorr
.qname
= zonename
;
1513 autorr
.ttl
= ::arg().asNum("default-ttl");
1515 if (!have_soa
&& zonekind
!= DomainInfo::Slave
) {
1516 // synthesize a SOA record so the zone "really" exists
1517 string soa
= (boost::format("%s %s %ul")
1518 % ::arg()["default-soa-name"]
1519 % (::arg().isEmpty("default-soa-mail") ? (DNSName("hostmaster.") + zonename
).toString() : ::arg()["default-soa-mail"])
1520 % document
["serial"].int_value()
1523 fillSOAData(soa
, sd
); // fills out default values for us
1524 autorr
.qtype
= QType::SOA
;
1525 autorr
.content
= makeSOAContent(sd
)->getZoneRepresentation(true);
1526 increaseSOARecord(autorr
, soa_edit_api_kind
, soa_edit_kind
);
1527 new_records
.push_back(autorr
);
1530 // create NS records if nameservers are given
1531 for (auto value
: nameservers
.array_items()) {
1532 string nameserver
= value
.string_value();
1533 if (nameserver
.empty())
1534 throw ApiException("Nameservers must be non-empty strings");
1535 if (!isCanonical(nameserver
))
1536 throw ApiException("Nameserver is not canonical: '" + nameserver
+ "'");
1538 // ensure the name parses
1539 autorr
.content
= DNSName(nameserver
).toStringRootDot();
1541 throw ApiException("Unable to parse DNS Name for NS '" + nameserver
+ "'");
1543 autorr
.qtype
= QType::NS
;
1544 new_records
.push_back(autorr
);
1546 throw ApiException("Nameservers list MUST NOT be mixed with zone-level NS in rrsets");
1550 checkDuplicateRecords(new_records
);
1552 if (boolFromJson(document
, "dnssec", false)) {
1553 checkDefaultDNSSECAlgos();
1555 if(document
["nsec3param"].string_value().length() > 0) {
1556 NSEC3PARAMRecordContent
ns3pr(document
["nsec3param"].string_value());
1557 string error_msg
= "";
1558 if (!dk
.checkNSEC3PARAM(ns3pr
, error_msg
)) {
1559 throw ApiException("NSEC3PARAMs provided for zone '"+zonename
.toString()+"' are invalid. " + error_msg
);
1564 // no going back after this
1565 if(!B
.createDomain(zonename
))
1566 throw ApiException("Creating domain '"+zonename
.toString()+"' failed");
1568 if(!B
.getDomainInfo(zonename
, di
))
1569 throw ApiException("Creating domain '"+zonename
.toString()+"' failed: lookup of domain ID failed");
1571 // updateDomainSettingsFromDocument does NOT fill out the default we've established above.
1572 if (!soa_edit_api_kind
.empty()) {
1573 di
.backend
->setDomainMetadataOne(zonename
, "SOA-EDIT-API", soa_edit_api_kind
);
1576 di
.backend
->startTransaction(zonename
, di
.id
);
1578 for(auto rr
: new_records
) {
1579 rr
.domain_id
= di
.id
;
1580 di
.backend
->feedRecord(rr
, DNSName());
1582 for(Comment
& c
: new_comments
) {
1583 c
.domain_id
= di
.id
;
1584 di
.backend
->feedComment(c
);
1587 updateDomainSettingsFromDocument(B
, di
, zonename
, document
);
1589 di
.backend
->commitTransaction();
1591 storeChangedPTRs(B
, new_ptrs
);
1593 fillZone(zonename
, resp
, shouldDoRRSets(req
));
1598 if(req
->method
!= "GET")
1599 throw HttpMethodNotAllowedException();
1601 vector
<DomainInfo
> domains
;
1602 B
.getAllDomains(&domains
, true); // incl. disabled
1605 for(const DomainInfo
& di
: domains
) {
1606 doc
.push_back(getZoneInfo(di
, &dk
));
1611 static void apiServerZoneDetail(HttpRequest
* req
, HttpResponse
* resp
) {
1612 DNSName zonename
= apiZoneIdToName(req
->parameters
["id"]);
1616 if (!B
.getDomainInfo(zonename
, di
)) {
1617 throw HttpNotFoundException();
1620 if(req
->method
== "PUT" && !::arg().mustDo("api-readonly")) {
1621 // update domain settings
1623 updateDomainSettingsFromDocument(B
, di
, zonename
, req
->json());
1626 resp
->status
= 204; // No Content, but indicate success
1629 else if(req
->method
== "DELETE" && !::arg().mustDo("api-readonly")) {
1631 if(!di
.backend
->deleteDomain(zonename
))
1632 throw ApiException("Deleting domain '"+zonename
.toString()+"' failed: backend delete failed/unsupported");
1634 // empty body on success
1636 resp
->status
= 204; // No Content: declare that the zone is gone now
1638 } else if (req
->method
== "PATCH" && !::arg().mustDo("api-readonly")) {
1639 patchZone(req
, resp
);
1641 } else if (req
->method
== "GET") {
1642 fillZone(zonename
, resp
, shouldDoRRSets(req
));
1645 throw HttpMethodNotAllowedException();
1648 static void apiServerZoneExport(HttpRequest
* req
, HttpResponse
* resp
) {
1649 DNSName zonename
= apiZoneIdToName(req
->parameters
["id"]);
1651 if(req
->method
!= "GET")
1652 throw HttpMethodNotAllowedException();
1658 if (!B
.getDomainInfo(zonename
, di
)) {
1659 throw HttpNotFoundException();
1662 DNSResourceRecord rr
;
1664 di
.backend
->list(zonename
, di
.id
);
1665 while(di
.backend
->get(rr
)) {
1666 if (!rr
.qtype
.getCode())
1667 continue; // skip empty non-terminals
1670 rr
.qname
.toString() << "\t" <<
1673 rr
.qtype
.getName() << "\t" <<
1674 makeApiRecordContent(rr
.qtype
, rr
.content
) <<
1678 if (req
->accept_json
) {
1679 resp
->setBody(Json::object
{ { "zone", ss
.str() } });
1681 resp
->headers
["Content-Type"] = "text/plain; charset=us-ascii";
1682 resp
->body
= ss
.str();
1686 static void apiServerZoneAxfrRetrieve(HttpRequest
* req
, HttpResponse
* resp
) {
1687 DNSName zonename
= apiZoneIdToName(req
->parameters
["id"]);
1689 if(req
->method
!= "PUT" || ::arg().mustDo("api-readonly"))
1690 throw HttpMethodNotAllowedException();
1694 if (!B
.getDomainInfo(zonename
, di
)) {
1695 throw HttpNotFoundException();
1698 if(di
.masters
.empty())
1699 throw ApiException("Domain '"+zonename
.toString()+"' is not a slave domain (or has no master defined)");
1701 random_shuffle(di
.masters
.begin(), di
.masters
.end());
1702 Communicator
.addSuckRequest(zonename
, di
.masters
.front());
1703 resp
->setSuccessResult("Added retrieval request for '"+zonename
.toString()+"' from master "+di
.masters
.front().toLogString());
1706 static void apiServerZoneNotify(HttpRequest
* req
, HttpResponse
* resp
) {
1707 DNSName zonename
= apiZoneIdToName(req
->parameters
["id"]);
1709 if(req
->method
!= "PUT" || ::arg().mustDo("api-readonly"))
1710 throw HttpMethodNotAllowedException();
1714 if (!B
.getDomainInfo(zonename
, di
)) {
1715 throw HttpNotFoundException();
1718 if(!Communicator
.notifyDomain(zonename
))
1719 throw ApiException("Failed to add to the queue - see server log");
1721 resp
->setSuccessResult("Notification queued");
1724 static void apiServerZoneRectify(HttpRequest
* req
, HttpResponse
* resp
) {
1725 DNSName zonename
= apiZoneIdToName(req
->parameters
["id"]);
1727 if(req
->method
!= "PUT")
1728 throw HttpMethodNotAllowedException();
1732 if (!B
.getDomainInfo(zonename
, di
)) {
1733 throw HttpNotFoundException();
1736 DNSSECKeeper
dk(&B
);
1738 if (!dk
.isSecuredZone(zonename
))
1739 throw ApiException("Zone '" + zonename
.toString() + "' is not DNSSEC signed, not rectifying.");
1741 if (di
.kind
== DomainInfo::Slave
)
1742 throw ApiException("Zone '" + zonename
.toString() + "' is a slave zone, not rectifying.");
1744 string error_msg
= "";
1746 if (!dk
.rectifyZone(zonename
, error_msg
, info
, true))
1747 throw ApiException("Failed to rectify '" + zonename
.toString() + "' " + error_msg
);
1749 resp
->setSuccessResult("Rectified");
1752 static void makePtr(const DNSResourceRecord
& rr
, DNSResourceRecord
* ptr
) {
1753 if (rr
.qtype
.getCode() == QType::A
) {
1755 if (!IpToU32(rr
.content
, &ip
)) {
1756 throw ApiException("PTR: Invalid IP address given");
1758 ptr
->qname
= DNSName((boost::format("%u.%u.%u.%u.in-addr.arpa.")
1759 % ((ip
>> 24) & 0xff)
1760 % ((ip
>> 16) & 0xff)
1761 % ((ip
>> 8) & 0xff)
1764 } else if (rr
.qtype
.getCode() == QType::AAAA
) {
1765 ComboAddress
ca(rr
.content
);
1768 for (int octet
= 0; octet
< 16; ++octet
) {
1769 if (snprintf(buf
, sizeof(buf
), "%02x", ca
.sin6
.sin6_addr
.s6_addr
[octet
]) != (sizeof(buf
)-1)) {
1770 // this should be impossible: no byte should give more than two digits in hex format
1771 throw PDNSException("Formatting IPv6 address failed");
1773 ss
<< buf
[0] << '.' << buf
[1] << '.';
1775 string tmp
= ss
.str();
1776 tmp
.resize(tmp
.size()-1); // remove last dot
1777 // reverse and append arpa domain
1778 ptr
->qname
= DNSName(string(tmp
.rbegin(), tmp
.rend())) + DNSName("ip6.arpa.");
1780 throw ApiException("Unsupported PTR source '" + rr
.qname
.toString() + "' type '" + rr
.qtype
.getName() + "'");
1785 ptr
->disabled
= rr
.disabled
;
1786 ptr
->content
= rr
.qname
.toStringRootDot();
1789 static void storeChangedPTRs(UeberBackend
& B
, vector
<DNSResourceRecord
>& new_ptrs
) {
1790 for(const DNSResourceRecord
& rr
: new_ptrs
) {
1792 if (!B
.getAuth(rr
.qname
, QType(QType::PTR
), &sd
, false))
1793 throw ApiException("Could not find domain for PTR '"+rr
.qname
.toString()+"' requested for '"+rr
.content
+"' (while saving)");
1795 string soa_edit_api_kind
;
1796 string soa_edit_kind
;
1797 bool soa_changed
= false;
1798 DNSResourceRecord soarr
;
1799 sd
.db
->getDomainMetadataOne(sd
.qname
, "SOA-EDIT-API", soa_edit_api_kind
);
1800 sd
.db
->getDomainMetadataOne(sd
.qname
, "SOA-EDIT", soa_edit_kind
);
1801 if (!soa_edit_api_kind
.empty()) {
1802 soa_changed
= makeIncreasedSOARecord(sd
, soa_edit_api_kind
, soa_edit_kind
, soarr
);
1805 sd
.db
->startTransaction(sd
.qname
);
1806 if (!sd
.db
->replaceRRSet(sd
.domain_id
, rr
.qname
, rr
.qtype
, vector
<DNSResourceRecord
>(1, rr
))) {
1807 sd
.db
->abortTransaction();
1808 throw ApiException("PTR-Hosting backend for "+rr
.qname
.toString()+"/"+rr
.qtype
.getName()+" does not support editing records.");
1812 sd
.db
->replaceRRSet(sd
.domain_id
, soarr
.qname
, soarr
.qtype
, vector
<DNSResourceRecord
>(1, soarr
));
1815 sd
.db
->commitTransaction();
1816 purgeAuthCachesExact(rr
.qname
);
1820 static void patchZone(HttpRequest
* req
, HttpResponse
* resp
) {
1823 DNSName zonename
= apiZoneIdToName(req
->parameters
["id"]);
1824 if (!B
.getDomainInfo(zonename
, di
)) {
1825 throw HttpNotFoundException();
1828 vector
<DNSResourceRecord
> new_records
;
1829 vector
<Comment
> new_comments
;
1830 vector
<DNSResourceRecord
> new_ptrs
;
1832 Json document
= req
->json();
1834 auto rrsets
= document
["rrsets"];
1835 if (!rrsets
.is_array())
1836 throw ApiException("No rrsets given in update request");
1838 di
.backend
->startTransaction(zonename
);
1841 string soa_edit_api_kind
;
1842 string soa_edit_kind
;
1843 di
.backend
->getDomainMetadataOne(zonename
, "SOA-EDIT-API", soa_edit_api_kind
);
1844 di
.backend
->getDomainMetadataOne(zonename
, "SOA-EDIT", soa_edit_kind
);
1845 bool soa_edit_done
= false;
1847 set
<pair
<DNSName
, QType
>> seen
;
1849 for (const auto& rrset
: rrsets
.array_items()) {
1850 string changetype
= toUpper(stringFromJson(rrset
, "changetype"));
1851 DNSName qname
= apiNameToDNSName(stringFromJson(rrset
, "name"));
1852 apiCheckQNameAllowedCharacters(qname
.toString());
1854 qtype
= stringFromJson(rrset
, "type");
1855 if (qtype
.getCode() == 0) {
1856 throw ApiException("RRset "+qname
.toString()+" IN "+stringFromJson(rrset
, "type")+": unknown type given");
1859 if(seen
.count({qname
, qtype
}))
1861 throw ApiException("Duplicate RRset "+qname
.toString()+" IN "+qtype
.getName());
1863 seen
.insert({qname
, qtype
});
1865 if (changetype
== "DELETE") {
1866 // delete all matching qname/qtype RRs (and, implicitly comments).
1867 if (!di
.backend
->replaceRRSet(di
.id
, qname
, qtype
, vector
<DNSResourceRecord
>())) {
1868 throw ApiException("Hosting backend does not support editing records.");
1871 else if (changetype
== "REPLACE") {
1872 // we only validate for REPLACE, as DELETE can be used to "fix" out of zone records.
1873 if (!qname
.isPartOf(zonename
) && qname
!= zonename
)
1874 throw ApiException("RRset "+qname
.toString()+" IN "+qtype
.getName()+": Name is out of zone");
1876 bool replace_records
= rrset
["records"].is_array();
1877 bool replace_comments
= rrset
["comments"].is_array();
1879 if (!replace_records
&& !replace_comments
) {
1880 throw ApiException("No change for RRset " + qname
.toString() + " IN " + qtype
.getName());
1883 new_records
.clear();
1884 new_comments
.clear();
1886 if (replace_records
) {
1887 // ttl shouldn't be part of DELETE, and it shouldn't be required if we don't get new records.
1888 int ttl
= intFromJson(rrset
, "ttl");
1889 // new_ptrs is merged.
1890 gatherRecords(rrset
, qname
, qtype
, ttl
, new_records
, new_ptrs
);
1892 for(DNSResourceRecord
& rr
: new_records
) {
1893 rr
.domain_id
= di
.id
;
1894 if (rr
.qtype
.getCode() == QType::SOA
&& rr
.qname
==zonename
) {
1895 soa_edit_done
= increaseSOARecord(rr
, soa_edit_api_kind
, soa_edit_kind
);
1898 checkDuplicateRecords(new_records
);
1901 if (replace_comments
) {
1902 gatherComments(rrset
, qname
, qtype
, new_comments
);
1904 for(Comment
& c
: new_comments
) {
1905 c
.domain_id
= di
.id
;
1909 if (replace_records
) {
1910 bool ent_present
= false;
1911 di
.backend
->lookup(QType(QType::ANY
), qname
);
1912 DNSResourceRecord rr
;
1913 while (di
.backend
->get(rr
)) {
1914 if (qtype
.getCode() == 0) {
1917 if (qtype
.getCode() == QType::CNAME
&& rr
.qtype
.getCode() != QType::CNAME
) {
1918 throw ApiException("RRset "+qname
.toString()+" IN "+qtype
.getName()+": Conflicts with pre-existing non-CNAME RRset");
1919 } else if (qtype
.getCode() != QType::CNAME
&& rr
.qtype
.getCode() == QType::CNAME
) {
1920 throw ApiException("RRset "+qname
.toString()+" IN "+qtype
.getName()+": Conflicts with pre-existing CNAME RRset");
1924 if (!new_records
.empty() && ent_present
) {
1926 if (!di
.backend
->replaceRRSet(di
.id
, qname
, qt_ent
, new_records
)) {
1927 throw ApiException("Hosting backend does not support editing records.");
1930 if (!di
.backend
->replaceRRSet(di
.id
, qname
, qtype
, new_records
)) {
1931 throw ApiException("Hosting backend does not support editing records.");
1934 if (replace_comments
) {
1935 if (!di
.backend
->replaceComments(di
.id
, qname
, qtype
, new_comments
)) {
1936 throw ApiException("Hosting backend does not support editing comments.");
1941 throw ApiException("Changetype not understood");
1944 // edit SOA (if needed)
1945 if (!soa_edit_api_kind
.empty() && !soa_edit_done
) {
1947 if (!B
.getSOAUncached(zonename
, sd
, true))
1948 throw ApiException("No SOA found for domain '"+zonename
.toString()+"'");
1950 DNSResourceRecord rr
;
1951 if (makeIncreasedSOARecord(sd
, soa_edit_api_kind
, soa_edit_kind
, rr
)) {
1952 if (!di
.backend
->replaceRRSet(di
.id
, rr
.qname
, rr
.qtype
, vector
<DNSResourceRecord
>(1, rr
))) {
1953 throw ApiException("Hosting backend does not support editing records.");
1957 // return old and new serials in headers
1958 resp
->headers
["X-PDNS-Old-Serial"] = std::to_string(sd
.serial
);
1959 fillSOAData(rr
.content
, sd
);
1960 resp
->headers
["X-PDNS-New-Serial"] = std::to_string(sd
.serial
);
1964 di
.backend
->abortTransaction();
1968 DNSSECKeeper
dk(&B
);
1970 di
.backend
->getDomainMetadataOne(zonename
, "API-RECTIFY", api_rectify
);
1971 if (dk
.isSecuredZone(zonename
) && !dk
.isPresigned(zonename
) && api_rectify
== "1") {
1972 string error_msg
= "";
1974 if (!dk
.rectifyZone(zonename
, error_msg
, info
, false))
1975 throw ApiException("Failed to rectify '" + zonename
.toString() + "' " + error_msg
);
1978 di
.backend
->commitTransaction();
1980 purgeAuthCachesExact(zonename
);
1983 storeChangedPTRs(B
, new_ptrs
);
1986 resp
->status
= 204; // No Content, but indicate success
1990 static void apiServerSearchData(HttpRequest
* req
, HttpResponse
* resp
) {
1991 if(req
->method
!= "GET")
1992 throw HttpMethodNotAllowedException();
1994 string q
= req
->getvars
["q"];
1995 string sMax
= req
->getvars
["max"];
2000 throw ApiException("Query q can't be blank");
2002 maxEnts
= std::stoi(sMax
);
2004 throw ApiException("Maximum entries must be larger than 0");
2006 SimpleMatch
sm(q
,true);
2008 vector
<DomainInfo
> domains
;
2009 vector
<DNSResourceRecord
> result_rr
;
2010 vector
<Comment
> result_c
;
2011 map
<int,DomainInfo
> zoneIdZone
;
2012 map
<int,DomainInfo
>::iterator val
;
2015 B
.getAllDomains(&domains
, true);
2017 for(const DomainInfo di
: domains
)
2019 if (ents
< maxEnts
&& sm
.match(di
.zone
)) {
2020 doc
.push_back(Json::object
{
2021 { "object_type", "zone" },
2022 { "zone_id", apiZoneNameToId(di
.zone
) },
2023 { "name", di
.zone
.toString() }
2027 zoneIdZone
[di
.id
] = di
; // populate cache
2030 if (B
.searchRecords(q
, maxEnts
, result_rr
))
2032 for(const DNSResourceRecord
& rr
: result_rr
)
2034 if (!rr
.qtype
.getCode())
2035 continue; // skip empty non-terminals
2037 auto object
= Json::object
{
2038 { "object_type", "record" },
2039 { "name", rr
.qname
.toString() },
2040 { "type", rr
.qtype
.getName() },
2041 { "ttl", (double)rr
.ttl
},
2042 { "disabled", rr
.disabled
},
2043 { "content", makeApiRecordContent(rr
.qtype
, rr
.content
) }
2045 if ((val
= zoneIdZone
.find(rr
.domain_id
)) != zoneIdZone
.end()) {
2046 object
["zone_id"] = apiZoneNameToId(val
->second
.zone
);
2047 object
["zone"] = val
->second
.zone
.toString();
2049 doc
.push_back(object
);
2053 if (B
.searchComments(q
, maxEnts
, result_c
))
2055 for(const Comment
&c
: result_c
)
2057 auto object
= Json::object
{
2058 { "object_type", "comment" },
2059 { "name", c
.qname
.toString() },
2060 { "content", c
.content
}
2062 if ((val
= zoneIdZone
.find(c
.domain_id
)) != zoneIdZone
.end()) {
2063 object
["zone_id"] = apiZoneNameToId(val
->second
.zone
);
2064 object
["zone"] = val
->second
.zone
.toString();
2066 doc
.push_back(object
);
2073 void apiServerCacheFlush(HttpRequest
* req
, HttpResponse
* resp
) {
2074 if(req
->method
!= "PUT" || ::arg().mustDo("api-readonly"))
2075 throw HttpMethodNotAllowedException();
2077 DNSName canon
= apiNameToDNSName(req
->getvars
["domain"]);
2079 uint64_t count
= purgeAuthCachesExact(canon
);
2080 resp
->setBody(Json::object
{
2081 { "count", (int) count
},
2082 { "result", "Flushed cache." }
2086 void AuthWebServer::cssfunction(HttpRequest
* req
, HttpResponse
* resp
)
2088 resp
->headers
["Cache-Control"] = "max-age=86400";
2089 resp
->headers
["Content-Type"] = "text/css";
2092 ret
<<"* { box-sizing: border-box; margin: 0; padding: 0; }"<<endl
;
2093 ret
<<"body { color: black; background: white; margin-top: 1em; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 10pt; position: relative; }"<<endl
;
2094 ret
<<"a { color: #0959c2; }"<<endl
;
2095 ret
<<"a:hover { color: #3B8EC8; }"<<endl
;
2096 ret
<<".row { width: 940px; max-width: 100%; min-width: 768px; margin: 0 auto; }"<<endl
;
2097 ret
<<".row:before, .row:after { display: table; content:\" \"; }"<<endl
;
2098 ret
<<".row:after { clear: both; }"<<endl
;
2099 ret
<<".columns { position: relative; min-height: 1px; float: left; }"<<endl
;
2100 ret
<<".all { width: 100%; }"<<endl
;
2101 ret
<<".headl { width: 60%; }"<<endl
;
2102 ret
<<".headr { width: 39.5%; float: right; background-repeat: no-repeat; margin-top: 7px; ";
2103 ret
<<"background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAJoAAAAUCAYAAAB1RSS/AAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAACtgAAArYBAHIqtQAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAABBTSURBVGiBtVp7cFRVmv9u3763b7/f9It00iFACBohgCEyQYgKI49CLV3cWaoEZBcfo2shu7KOtZbjrqOuVQtVWFuOrPqPRU3NgOIDlkgyJEYJwUAqjzEJedFJupN0p9/v+9o/mtve7r790HF+VbeSPue7555zz+98z4ucOXNmgWVZBH4AK5PJGIPBQBqNxpTNZkthGMZCCUxMTBCDg4PyiYkJWTQaRc1mc7Kuri7a1NQU4ssxDAOffPKJAQCynvnII494ESTddO3aNaXT6SS4TplMRj/44IM+7ndXV5dqfn5ewh9306ZNQZqmobu7W11qri0tLX6tVkv19vYqpqampPw+BEFYtVpNGQwG0mKxpJYsWUIKjTE6OiodGBhQ8NcgkUgYjUZDORyOhM1mSxV6fjAYFF+6dEnLb9NoNOR9990X4H53dHSovV4vzpfZvn27T6FQ0Py2sbExorOzU+N2uwmWZUGv15N33nlnuLGxMZy7byyVQEJ//nd9Yuz/lJR/HBdrHSlJ9baIuuV1L4LJ8/Y49pc/KcJX39WRC4MEgskY3Lourmn5rQdbckfe2ijfOBZo+40xNXtNysR9KLZkdVK+9oBf0fBkCABA3NraamTZwjxSKpXUAw884G1paQkUIty5c+f0Fy5cWMIfx+l0Snt6ejTt7e26AwcOuKxWawoAQCQSQW9vr3pxcTHrJTY3Nwe5Tb18+bJ2bGxMzvWhKMpu27bNj6IoCwDQ1tamd7lcRM79genpaaK1tdVQcDG3sXbt2rBWq6X6+/sV3d3d2mKyy5cvj+7cudO7atWqGL99bGxMWuxZOp0utX37du+9994b5A4Qh2AwiObei6Ioe/fdd4eVSiUNAHD16lX1+Pi4nC+zadOmIJ9oZ8+eNeTu3/T0tLSvr0/V3d0dPXr0qJNrZ+KL6MKpjZWUbyxzQMmFIYJcGCISw5+qjE9+M4UqLJmx/RdeWBK+elKfGTjuR+OhWSxx86JS/9D/zsrufDzMdSXGv5J5/vBYBZuKiLi25HS3LDndLUuMX1IYHjvtynQUQjgcFp89e9b8zjvv2BmGyepjWRbeffdd2/nz55cUIqvT6ZSeOHHC7vf7xVyb3W6P58rNzc1liOfxeLJISNM04na7Me63z+fD+P1SqZQupHn+Wty8eVN+4sSJyv7+fnlp6R/g8/nw06dPW0+ePLmUJEmklDxN08iVK1dU5Y7f0dGhvnjxYkElQVFU1jP9Xz5j4pMsSzYwifvPPWnhfsdHPpdnkYwHlk4ivi9/baFDM2IAACYZEi1++qSVTzI+YkN/VEe++726JNE4TE1Nyc6cOWPkt3322Wf6/v7+ki8nEAhgH3zwQWYhDoejINGSyaQoFAphuf2zs7MSAIBIJIImEgmU32ez2RLlruOngGVZ+Oijj6w+n09cWjobg4ODyg8//NBSWhLgu+++K4toJEkin376qancObBkFIl/f7bo2ImxC0om5kUBACK9pzTFZJlEAI0O/kEJABAf+UJOh115+8VH5MZHGkGimc3mRK66BwBoa2szBAIBMUB6w1tbW415QgUwOjqqGB4elgIA1NTU5BGN02IulwsXOqUul0sCADA/P5+3qIqKip+NaARBMBiGMbnt0Wg0z68qF729vepr164pS8k5nU7ZwsJC0U0DAOjp6VHGYjE0t10kEgmqt5TrOwIYqqRWTbmuSQAASM9fiFKy5Fx/Wnaur7Ss53tC8IQ+/fTTM/F4HH3rrbcc/E1nWRYmJyeJtWvXRr7++mt1rnoGANi6devipk2bgsePH7dHIpGs8Ts7O7W1tbXxqqqqJIZhLN+keDweDADA7XbjuWPebpcAACwsLOT1V1VVFSSayWRKvvLKK5P8tmLBTVNTk//hhx/2vv/++5aBgYEsLeB0OqWF7gMAsFqtiYqKivj169c1ueaytbVVv2HDhnChewHS7/fKlSuqPXv2LBaTyw1gAABqa2sjhw4dck1PT0vOnz9v4O+NWFNdlluBqispAABUYSEp/6TgPmRkVba0rGppybFRpZksaDodDkeioqIiT/M4nU4JAMDIyEiez1JTUxN9/PHHFyoqKpJbtmzx5faPj4/LANKOr9VqzRqbi7D4vhof8/PzOMAPhMyZa948OSAIAjiOs/xLSFvzIZFImO3bt+fNn9OqhaDRaMiDBw/Obd26NY8oTqdTWmhtfPT29paMmkOhUJ6CkEgkjFKppOvq6mIvvviis76+PkNqVF1BiQ21yWJjoiobiRlWpQAACMeWaKk5EMu2RQEAiOr7YyBCi2YliMrN0aI+Wjwez+vn/KOZmZk8lbl69eoI97+QeQwEAhgXFFRVVWX1+/1+nGVZyE1bcPB6vRKWZSE35JdKpbTJZCp4qiiKQmZmZnDuEiKqEITWTtN0SfMDALBjx45FiUSSZ35HRkaKakQAgPn5ecnU1FRRQuv1+rz0Qn9/v+ry5ctqgPTh2rFjR9ZB0e78Hzcgedb2NhDQ7vq9C24fQNXm3/gww8qCxJTX/4OfcGyJAwBgS+pSqo3/XFADo0oLqdn2lkeQaAzDIB0dHWqPx5O3YK1WSzIMA7lmEQDAaDSSQv/zEQwGUQCA6urqLKJRFIV4PB6MH3GqVCqS3z83N4cvLi5mEaVUIOD1evHXX399GXedOnXKWkweIJ3r++abb/IcYqPRWDA3xodUKmWEyMCZ/1IolQvMfXcAabN7+vRp68cff2wS8nElVVvihl99cQtV27PmhapspOHvzzmJ5Tsy6RtELGGX7G+7JV2xIysHiqAYq/rFv3h0e96f57drHnjTo2n57TwiJrIOl6SyOWo6cPmWiNAwgj7am2++6Ugmk4IkrK2tjUWjUVRoMXK5PJOHkclkdJ4AAESjURQAYPny5YKRJ59odXV1EX6ea2ZmRpKbf/s5AwEAgO+//17+8ssv1/j9/jzNt3HjxmC542g0GjI318etXQgoirKcxrx+/brKYDAUJPW6desiFy5ciM/MzORpyM7OTl04HEYPHz7synURiJpfxizPj4+T8/0S0jOEiw2rUrh5TRJE+TRAFWba+KvPZung9Hxy9iohwpUMvnRjQkSo8zQ1ICJQbX7Zp2h8LpCa7ZEwUY8Yt21IiHXLMopCkEyFSFZZWRmz2+0FVSqXUL39v6AM5yTr9XpKrVZnab2RkRFZKpXKPHvlypUxvuM+PT0tCQaDWW+lWCDwUzA3N0cIkay2tjbS0tLiL3ccoYNWzPRWVVXFcBxnAACCwSAmRCIOCILA/v373QqFghLqv3Hjhrq9vb1gioIFBNLFoLI8gbKBILdHRNi8ocvOC6nVavLw4cOzAAAKhYJGEARytRo/5A6Hw4JMk8lkmRNht9vjAwMDmU0dGhril3TAbDanDAZD0u12EwAAw8PDCoZhspZQLBD4KRBa17Zt27wPPfSQVyQqO+0IQumHQloeIB0Jr169Onzjxg01QOHDzqGioiJ55MiRW8ePH68UCg6+/PJLY0tLS4Cv1RJjF2W+z5+2UEFnxiqgKhup2/muW7pyV1YAQEfmUN9n/2SOj57PRN4IirHKphe86q2vLSIozktHMBDq+p0u3PkfRpZKZOYtqWyOavd86BZrlxWOOjMTQVH2jjvuCL/wwgtOvV5PAaQ3QyqV5r20SCSSebmhUEiQaCqVKnNfLkk4QnEwmUyk2WzOaNDp6emsU14qEABIO87Hjh2b5K79+/e7i8kLVS0UCgXF19blINfEAwCoVCpBDcShsbExVKw/FzabLXXs2LFJIT81Go2K+YFPYqpDuvDx7ko+yQAA6NAs5jn9sD1+84KMa2OpJLLw0X2VfJIBALA0iYS6/svoO/ePWcni4KWXjKH2V0x8kgEAJG99Lfd8uLmSSfiFj+j999/v3bt3r/vgwYMzb7zxxthzzz03w9UqOVit1rzFjY6OZiY7NDSUl/4gCIIxmUyZcZYtW1ZQG0mlUloul9Nmszkjn1sCK6cigGEY63A4EtxlsViKOvQOhyOm0WiyyNve3q4vN+IESKeAhKJnISeej/r6+ijfzy2Evr4+Oad19Xo9dejQoVkhbev1ejNE83/xjAXYfPcqDRZ8nz9lhdtjhjr/U0d6RwoGLtH+j7WJyctSAADSM4SHu/9bsFwFAECHXVjwq381ChKtubk50NLSEmhsbAxrNBrBU7hixYq8XMvg4KByamqKmJubw7799ts8H6GqqirGV+XV1dWJQppCq9WSAABWq7WgT/hzBwIAaW3d0NCQpVkCgQDW1dVVVnnI5XLhp06dsuW24zjO1NTUFJ0viqJsfX19Sa3W09Ojfu+996xcCkapVNIoiuaxyGAwkAAAdHBaXIw4AGnNRnqHcQCAxOTlknXdxHirHAAgOXFJBkzxQ5ic6pD/6Nodh9uRT1YxPRaLoW+//XaVWCxmhXyMe+65J8D/jeM4a7FYEkKOL5ceWLp0aUGiVVZWliSax+PBX3rppRp+27PPPjtdLKhpamoKtre3Z53Sr776yrB58+a8LzH4GB4eVr722muCpaaGhoYgQRCFVEoGGzduDF65cqVkqevGjRvqgYEBld1uj8/NzUlIMtsNwnGc4VJMlH+yrNwhFbglxoyrUnTEXVKeDs2K039nSstG5rDyvdscLF26NNnQ0JAX7tM0jQiRzGQyJdevXx/Jba+srBQ0J3q9ngRIBwRisVhQ65UTCNA0jQQCAYx/CZXO+LDb7UmLxZJFYo/Hg1+9erVovTLXtHMgCILevXt30bISh5UrV8ZzTXchUBSFTExMyIQCj7q6ugh3KHDbugSIhN8hHxLb+iQAAGasK+2SmOvTsuY1pWWNqxI/mWgAAI8++uiCTqcrmcTEMIzZt2+fW8hMFvJbuNMoEokEM+FSqZQ2m81/k0+DAADWr1+fZ8IuXrxY8lu3XKAoyu7bt8/NmbFSEDLdPxYSiYTZu3dvJqmKYHJWturhomNKa34ZFskMNACAYt2hQDFZEaGh5XfsDQMAECt2R1Glreja5GsOBP4qoul0Ouro0aO3TCZTQTOkUqnII0eO3FqxYoUgoYRKVQAA/ISl0Ph/60+Dmpqa8syky+Ui+vr6yv4uTavVks8///ytUsV0oWf/GHk+pFIp/cQTT8zqdLos31q36+S8WFcjuE9iTVVK99CpTDQuXbk7qmz8taAGRlAJq9t50o2qllIAACKJitHu+cCF4ApBdS5d/XdB+fqnguLq6upobm4Kx/GyQ3m9Xk+9+uqrk21tbZquri6t1+vFWZYFi8WSdDgcsV27di1qtdqCYb3ZbCZra2sjueaW/yl0XV1dNBwOZ/mT/KIxB6VSSTkcjlhuey44X8lkMqVy5TmC6/V6qrGx0Z8bPY6OjsrWrFkT1el0ec9CUZRVqVSUWq2mqqur4xs2bAgL+XQSiYTJvZcf9Njt9uRdd90Vys2PcQnd5ubmAMMwcPPmTXk0GhUDpCsRVVVVsccee2yBS0PxIZLqacszfZPBP7+qj4+1Kilf+lNuYtkDEU3La3mfcmsfPL4gqfxFrJxPuYll22Kmp/omgpf+zZia7ZEyCT+KGVcn5WsP+uUNh0IAAP8PaQRnE4MgdzkAAAAASUVORK5CYII=);";
2104 ret
<<" width: 154px; height: 20px; }"<<endl
;
2105 ret
<<"a#appname { margin: 0; font-size: 27px; color: #666; text-decoration: none; font-weight: bold; display: block; }"<<endl
;
2106 ret
<<"footer { border-top: 1px solid #ddd; padding-top: 4px; font-size: 12px; }"<<endl
;
2107 ret
<<"footer.row { margin-top: 1em; margin-bottom: 1em; }"<<endl
;
2108 ret
<<".panel { background: #f2f2f2; border: 1px solid #e6e6e6; margin: 0 0 22px 0; padding: 20px; }"<<endl
;
2109 ret
<<"table.data { width: 100%; border-spacing: 0; border-top: 1px solid #333; }"<<endl
;
2110 ret
<<"table.data td { border-bottom: 1px solid #333; padding: 2px; }"<<endl
;
2111 ret
<<"table.data tr:nth-child(2n) { background: #e2e2e2; }"<<endl
;
2112 ret
<<"table.data tr:hover { background: white; }"<<endl
;
2113 ret
<<".ringmeta { margin-bottom: 5px; }"<<endl
;
2114 ret
<<".resetring {float: right; }"<<endl
;
2115 ret
<<".resetring i { background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAA/klEQVQY01XPP04UUBgE8N/33vd2XZUWEuzYuMZEG4KFCQn2NhA4AIewAOMBPIG2xhNYeAcKGqkNCdmYlVBZGBIT4FHsbuE0U8xk/kAbqm9TOfI/nicfhmwgDNhvylUT58kxCp4l31L8SfH9IetJ2ev6PwyIwyZWsdb11/gbTK55Co+r8rmJaRPTFJcpZil+pTit7C5awMpA+Zpi1sRFE9MqflYOloYCjY2uP8EdYiGU4CVGUBubxKfOOLjrtOBmzvEilbVb/aQWvhRl0unBZVXe4XdnK+bprwqnhoyTsyZ+JG8Wk0apfExxlcp7PFruXH8gdxamWB4cyW2sIO4BG3czIp78jUIAAAAASUVORK5CYII=); width: 10px; height: 10px; margin-right: 2px; display: inline-block; background-repeat: no-repeat; }"<<endl
;
2116 ret
<<".resetring:hover i { background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAA2ElEQVQY013PMUoDcRDF4c+kEzxCsNNCrBQvIGhnlcYm11EkBxAraw8gglgIoiJpAoKIYlBcgrgopsma3c3fwt1k9cHA480M8xvQp/nMjorOWY5ov7IAYlpjQk7aYxcuWBpwFQgJnUcaYk7GhEDIGL5w+MVpKLIRyR2b4JOjvGhUKzHTv2W7iuSN479Dvu9plf1awbQ6y3x1sU5tjpVJcMbakF6Ycoas8Dl5xEHJ160wRdfqzXfa6XQ4PLDlicWUjxHxZfndL/N+RhiwNzl/Q6PDhn/qsl76H7prcApk2B1aAAAAAElFTkSuQmCC);}"<<endl
;
2117 ret
<<".resizering {float: right;}"<<endl
;
2118 resp
->body
= ret
.str();
2122 void AuthWebServer::webThread()
2125 if(::arg().mustDo("api")) {
2126 d_ws
->registerApiHandler("/api/v1/servers/localhost/cache/flush", &apiServerCacheFlush
);
2127 d_ws
->registerApiHandler("/api/v1/servers/localhost/config", &apiServerConfig
);
2128 d_ws
->registerApiHandler("/api/v1/servers/localhost/search-log", &apiServerSearchLog
);
2129 d_ws
->registerApiHandler("/api/v1/servers/localhost/search-data", &apiServerSearchData
);
2130 d_ws
->registerApiHandler("/api/v1/servers/localhost/statistics", &apiServerStatistics
);
2131 d_ws
->registerApiHandler("/api/v1/servers/localhost/tsigkeys/<id>", &apiServerTsigKeyDetail
);
2132 d_ws
->registerApiHandler("/api/v1/servers/localhost/tsigkeys", &apiServerTsigKeys
);
2133 d_ws
->registerApiHandler("/api/v1/servers/localhost/zones/<id>/axfr-retrieve", &apiServerZoneAxfrRetrieve
);
2134 d_ws
->registerApiHandler("/api/v1/servers/localhost/zones/<id>/cryptokeys/<key_id>", &apiZoneCryptokeys
);
2135 d_ws
->registerApiHandler("/api/v1/servers/localhost/zones/<id>/cryptokeys", &apiZoneCryptokeys
);
2136 d_ws
->registerApiHandler("/api/v1/servers/localhost/zones/<id>/export", &apiServerZoneExport
);
2137 d_ws
->registerApiHandler("/api/v1/servers/localhost/zones/<id>/metadata/<kind>", &apiZoneMetadataKind
);
2138 d_ws
->registerApiHandler("/api/v1/servers/localhost/zones/<id>/metadata", &apiZoneMetadata
);
2139 d_ws
->registerApiHandler("/api/v1/servers/localhost/zones/<id>/notify", &apiServerZoneNotify
);
2140 d_ws
->registerApiHandler("/api/v1/servers/localhost/zones/<id>/rectify", &apiServerZoneRectify
);
2141 d_ws
->registerApiHandler("/api/v1/servers/localhost/zones/<id>", &apiServerZoneDetail
);
2142 d_ws
->registerApiHandler("/api/v1/servers/localhost/zones", &apiServerZones
);
2143 d_ws
->registerApiHandler("/api/v1/servers/localhost", &apiServerDetail
);
2144 d_ws
->registerApiHandler("/api/v1/servers", &apiServer
);
2145 d_ws
->registerApiHandler("/api", &apiDiscovery
);
2147 if (::arg().mustDo("webserver")) {
2148 d_ws
->registerWebHandler("/style.css", boost::bind(&AuthWebServer::cssfunction
, this, _1
, _2
));
2149 d_ws
->registerWebHandler("/", boost::bind(&AuthWebServer::indexfunction
, this, _1
, _2
));
2154 g_log
<<Logger::Error
<<"AuthWebServer thread caught an exception, dying"<<endl
;