if (!document["master_tsig_key_ids"].is_null()) {
vector<string> metadata;
- DNSName keyAlgo;
- string keyContent;
for(auto value : document["master_tsig_key_ids"].array_items()) {
auto keyname(apiZoneIdToName(value.string_value()));
+ DNSName keyAlgo;
+ string keyContent;
B.getTSIGKey(keyname, &keyAlgo, &keyContent);
if (keyAlgo.empty() || keyContent.empty()) {
throw ApiException("A TSIG key with the name '"+keyname.toLogString()+"' does not exist");
}
if (!document["slave_tsig_key_ids"].is_null()) {
vector<string> metadata;
- DNSName keyAlgo;
- string keyContent;
for(auto value : document["slave_tsig_key_ids"].array_items()) {
auto keyname(apiZoneIdToName(value.string_value()));
+ DNSName keyAlgo;
+ string keyContent;
B.getTSIGKey(keyname, &keyAlgo, &keyContent);
if (keyAlgo.empty() || keyContent.empty()) {
throw ApiException("A TSIG key with the name '"+keyname.toLogString()+"' does not exist");
throw ApiException("You cannot give rrsets AND zone data as text");
auto nameservers = document["nameservers"];
- if (!nameservers.is_array() && zonekind != DomainInfo::Slave)
- throw ApiException("Nameservers list must be given (but can be empty if NS records are supplied)");
+ if (!nameservers.is_null() && !nameservers.is_array() && zonekind != DomainInfo::Slave)
+ throw ApiException("Nameservers is not a list");
string soa_edit_api_kind;
if (document["soa_edit_api"].is_string()) {
throw ApiException("Deleting domain '"+zonename.toString()+"' failed: backend delete failed/unsupported");
// clear caches
- DNSSECKeeper dk(&B);
- dk.clearCaches(zonename);
+ DNSSECKeeper::clearCaches(zonename);
purgeAuthCaches(zonename.toString() + "$");
// empty body on success
}
static void patchZone(UeberBackend& B, HttpRequest* req, HttpResponse* resp) {
+ bool zone_disabled;
+ SOAData sd;
DomainInfo di;
DNSName zonename = apiZoneIdToName(req->parameters["id"]);
if (!B.getDomainInfo(zonename, di)) {
if (qtype.getCode() != rr.qtype.getCode()
&& (exclusiveEntryTypes.count(qtype.getCode()) != 0
|| exclusiveEntryTypes.count(rr.qtype.getCode()) != 0)) {
+
+ // leave database handle in a consistent state
+ while (di.backend->get(rr))
+ ;
+
throw ApiException("RRset "+qname.toString()+" IN "+qtype.getName()+": Conflicts with pre-existing RRset");
}
}
throw ApiException("Changetype not understood");
}
- // edit SOA (if needed)
- if (!soa_edit_api_kind.empty() && !soa_edit_done) {
- SOAData sd;
- if (!B.getSOAUncached(zonename, sd))
- throw ApiException("No SOA found for domain '"+zonename.toString()+"'");
+ zone_disabled = (!B.getSOAUncached(zonename, sd));
+ // edit SOA (if needed)
+ if (!zone_disabled && !soa_edit_api_kind.empty() && !soa_edit_done) {
DNSResourceRecord rr;
if (makeIncreasedSOARecord(sd, soa_edit_api_kind, soa_edit_kind, rr)) {
if (!di.backend->replaceRRSet(di.id, rr.qname, rr.qtype, vector<DNSResourceRecord>(1, rr))) {
throw;
}
+ // Rectify
DNSSECKeeper dk(&B);
- string api_rectify;
- di.backend->getDomainMetadataOne(zonename, "API-RECTIFY", api_rectify);
- if (dk.isSecuredZone(zonename) && !dk.isPresigned(zonename) && api_rectify == "1") {
- string error_msg = "";
- string info;
- if (!dk.rectifyZone(zonename, error_msg, info, false))
- throw ApiException("Failed to rectify '" + zonename.toString() + "' " + error_msg);
+ if (!zone_disabled && !dk.isPresigned(zonename)) {
+ string api_rectify;
+ if (!di.backend->getDomainMetadataOne(zonename, "API-RECTIFY", api_rectify) && ::arg().mustDo("default-api-rectify")) {
+ api_rectify = "1";
+ }
+ if (api_rectify == "1") {
+ string info;
+ string error_msg;
+ if (!dk.rectifyZone(zonename, error_msg, info, false)) {
+ throw ApiException("Failed to rectify '" + zonename.toString() + "' " + error_msg);
+ }
+ }
}
di.backend->commitTransaction();
- purgeAuthCachesExact(zonename);
+ purgeAuthCaches(zonename.toString() + "$");
// now the PTRs
storeChangedPTRs(B, new_ptrs);