From: Chris Hofstaedtler Date: Mon, 29 Jun 2020 20:12:27 +0000 (+0200) Subject: auth: immediately fill account, masters on zone create X-Git-Tag: rec-4.4.0-alpha2~6^2~2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4c70ffb3fdf382e4aa69a67a1c40badbc47fed03;p=thirdparty%2Fpdns.git auth: immediately fill account, masters on zone create For backends supporting this (gsql, lmdb). --- diff --git a/modules/lmdbbackend/lmdbbackend.cc b/modules/lmdbbackend/lmdbbackend.cc index 56096cd460..7eae04b5c1 100644 --- a/modules/lmdbbackend/lmdbbackend.cc +++ b/modules/lmdbbackend/lmdbbackend.cc @@ -771,12 +771,7 @@ bool LMDBBackend::setMaster(const DNSName &domain, const std::string& ips) }); } -bool LMDBBackend::createDomain(const DNSName &domain) -{ - return createDomain(domain, "NATIVE", "", ""); -} - -bool LMDBBackend::createDomain(const DNSName &domain, const string &type, const string &masters, const string &account) +bool LMDBBackend::createDomain(const DNSName &domain, const DomainInfo::DomainKind kind, const string &masters, const string &account) { DomainInfo di; @@ -786,14 +781,7 @@ bool LMDBBackend::createDomain(const DNSName &domain, const string &type, const } di.zone = domain; - if(pdns_iequals(type, "master")) - di.kind = DomainInfo::Master; - else if(pdns_iequals(type, "slave")) - di.kind = DomainInfo::Slave; - else if(pdns_iequals(type, "native")) - di.kind = DomainInfo::Native; - else - throw DBException("Unable to create domain of unknown type '"+type+"'"); + di.kind = kind; di.account = account; txn.put(di); diff --git a/modules/lmdbbackend/lmdbbackend.hh b/modules/lmdbbackend/lmdbbackend.hh index 6199f6fdc2..05dd2bc935 100644 --- a/modules/lmdbbackend/lmdbbackend.hh +++ b/modules/lmdbbackend/lmdbbackend.hh @@ -38,9 +38,7 @@ public: bool list(const DNSName &target, int id, bool include_disabled) override; bool getDomainInfo(const DNSName &domain, DomainInfo &di, bool getSerial=true) override; - bool createDomain(const DNSName &domain, const string &type, const string &masters, const string &account); - - bool createDomain(const DNSName &domain) override; + bool createDomain(const DNSName &domain, const DomainInfo::DomainKind kind, const string &masters, const string &account) override; bool startTransaction(const DNSName &domain, int domain_id=-1) override; bool commitTransaction() override; diff --git a/pdns/backends/gsql/gsqlbackend.cc b/pdns/backends/gsql/gsqlbackend.cc index 3687c61a5a..ece61a7fda 100644 --- a/pdns/backends/gsql/gsqlbackend.cc +++ b/pdns/backends/gsql/gsqlbackend.cc @@ -1234,13 +1234,13 @@ bool GSQLBackend::superMasterBackend(const string &ip, const DNSName &domain, co return false; } -bool GSQLBackend::createDomain(const DNSName &domain, const string &type, const string &masters, const string &account) +bool GSQLBackend::createDomain(const DNSName &domain, const DomainInfo::DomainKind kind, const string &masters, const string &account) { try { reconnectIfNeeded(); d_InsertZoneQuery_stmt-> - bind("type", type)-> + bind("type", toUpper(DomainInfo::getKindString(kind)))-> bind("domain", domain)-> bind("masters", masters)-> bind("account", account)-> @@ -1279,7 +1279,7 @@ bool GSQLBackend::createSlaveDomain(const string &ip, const DNSName &domain, con masters = boost::join(tmp, ", "); } } - createDomain(domain, "SLAVE", masters, account); + createDomain(domain, DomainInfo::Slave, masters, account); } catch(SSqlException &e) { throw PDNSException("Database error trying to insert new slave domain '"+domain.toLogString()+"': "+ e.txtReason()); diff --git a/pdns/backends/gsql/gsqlbackend.hh b/pdns/backends/gsql/gsqlbackend.hh index a98b3a8380..513e60fb87 100644 --- a/pdns/backends/gsql/gsqlbackend.hh +++ b/pdns/backends/gsql/gsqlbackend.hh @@ -190,9 +190,7 @@ public: bool feedRecord(const DNSResourceRecord &r, const DNSName &ordername, bool ordernameIsNSEC3=false) override; bool feedEnts(int domain_id, map& nonterm) override; bool feedEnts3(int domain_id, const DNSName &domain, map &nonterm, const NSEC3PARAMRecordContent& ns3prc, bool narrow) override; - bool createDomain(const DNSName &domain) override { - return createDomain(domain, "NATIVE", "", ""); - }; + bool createDomain(const DNSName &domain, const DomainInfo::DomainKind kind, const string &masters, const string &account) override; bool createSlaveDomain(const string &ip, const DNSName &domain, const string &nameserver, const string &account) override; bool deleteDomain(const DNSName &domain) override; bool superMasterBackend(const string &ip, const DNSName &domain, const vector&nsset, string *nameserver, string *account, DNSBackend **db) override; @@ -239,7 +237,6 @@ public: bool searchComments(const string &pattern, int maxResults, vector& result) override; protected: - bool createDomain(const DNSName &domain, const string &type, const string &masters, const string &account); string pattern2SQLPattern(const string& pattern); void extractRecord(SSqlStatement::row_t& row, DNSResourceRecord& rr); void extractComment(SSqlStatement::row_t& row, Comment& c); diff --git a/pdns/dnsbackend.hh b/pdns/dnsbackend.hh index c45b07e009..67b1f3eacf 100644 --- a/pdns/dnsbackend.hh +++ b/pdns/dnsbackend.hh @@ -343,7 +343,7 @@ public: } //! called by PowerDNS to create a new domain - virtual bool createDomain(const DNSName &domain) + virtual bool createDomain(const DNSName &domain, const DomainInfo::DomainKind kind, const string &masters, const string &account) { return false; } diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc index 206c70b581..e6aa8f3300 100644 --- a/pdns/pdnsutil.cc +++ b/pdns/pdnsutil.cc @@ -1085,7 +1085,7 @@ static int loadZone(DNSName zone, const string& fname) { } else { cerr<<"Creating '"<& cmds) { vector masters; for (unsigned i=2; i < cmds.size(); i++) { ComboAddress master(cmds[i], 53); - masters.push_back(master.toStringWithPort()); + masters.push_back(master.toStringWithPortExcept(53)); } cerr<<"Creating slave zone '"<setKind(zone, DomainInfo::Slave); - di.backend->setMaster(zone, boost::join(masters, ",")); return EXIT_SUCCESS; } @@ -1197,7 +1195,7 @@ static int changeSlaveZoneMaster(const vector& cmds) { vector masters; for (unsigned i=2; i < cmds.size(); i++) { ComboAddress master(cmds[i], 53); - masters.push_back(master.toStringWithPort()); + masters.push_back(master.toStringWithPortExcept(53)); } cerr<<"Updating slave zone '"<createDomain(di.zone)) throw PDNSException("Failed to create zone"); - if (!tgt->getDomainInfo(di.zone, di_new)) throw PDNSException("Failed to create zone"); - tgt->setKind(di_new.zone, di.kind); - tgt->setAccount(di_new.zone,di.account); string masters=""; bool first = true; for(const auto& master: di.masters) { @@ -3322,7 +3315,9 @@ try first = false; masters += master.toStringWithPortExcept(53); } - tgt->setMaster(di_new.zone, masters); + // create zone + if (!tgt->createDomain(di.zone, di.kind, masters, di.account)) throw PDNSException("Failed to create zone"); + if (!tgt->getDomainInfo(di.zone, di_new)) throw PDNSException("Failed to create zone"); // move records if (!src->list(di.zone, di.id, true)) throw PDNSException("Failed to list records"); nr=0; diff --git a/pdns/ueberbackend.cc b/pdns/ueberbackend.cc index 45cbe9aab1..db1c1eb1a8 100644 --- a/pdns/ueberbackend.cc +++ b/pdns/ueberbackend.cc @@ -109,10 +109,10 @@ bool UeberBackend::getDomainInfo(const DNSName &domain, DomainInfo &di, bool get return false; } -bool UeberBackend::createDomain(const DNSName &domain) +bool UeberBackend::createDomain(const DNSName &domain, const DomainInfo::DomainKind kind, const string &masters, const string &account) { for(DNSBackend* mydb : backends) { - if(mydb->createDomain(domain)) { + if(mydb->createDomain(domain, kind, masters, account)) { return true; } } diff --git a/pdns/ueberbackend.hh b/pdns/ueberbackend.hh index 48db857d99..5962a86479 100644 --- a/pdns/ueberbackend.hh +++ b/pdns/ueberbackend.hh @@ -109,7 +109,7 @@ public: void getUnfreshSlaveInfos(vector* domains); void getUpdatedMasters(vector* domains); bool getDomainInfo(const DNSName &domain, DomainInfo &di, bool getSerial=true); - bool createDomain(const DNSName &domain); + bool createDomain(const DNSName &domain, const DomainInfo::DomainKind ind, const string &masters, const string &account); bool doesDNSSEC(); bool addDomainKey(const DNSName& name, const DNSBackend::KeyData& key, int64_t& id); diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc index 4209eae058..5f6096d729 100644 --- a/pdns/ws-auth.cc +++ b/pdns/ws-auth.cc @@ -615,27 +615,56 @@ static void throwUnableToSecure(const DNSName& zonename) { + "capable backends are loaded, or because the backends have DNSSEC disabled. Check your configuration."); } -static void updateDomainSettingsFromDocument(UeberBackend& B, const DomainInfo& di, const DNSName& zonename, const Json document, bool rectifyTransaction=true) { + +static void extractDomainInfoFromDocument(const Json document, boost::optional& kind, boost::optional& masters, boost::optional& account) { + if (document["kind"].is_string()) { + kind = DomainInfo::stringToKind(stringFromJson(document, "kind")); + } else { + kind = boost::none; + } + vector zonemaster; - bool shouldRectify = false; for(auto value : document["masters"].array_items()) { string master = value.string_value(); if (master.empty()) throw ApiException("Master can not be an empty string"); try { - ComboAddress m(master); + ComboAddress m(master, 53); + zonemaster.push_back(m.toStringWithPortExcept(53)); } catch (const PDNSException &e) { throw ApiException("Master (" + master + ") is not an IP address: " + e.reason); } - zonemaster.push_back(master); } if (zonemaster.size()) { - di.backend->setMaster(zonename, boost::join(zonemaster, ",")); + masters = boost::join(zonemaster, ","); + } else { + masters = boost::none; } - if (document["kind"].is_string()) { - di.backend->setKind(zonename, DomainInfo::stringToKind(stringFromJson(document, "kind"))); + + if (document["account"].is_string()) { + account = document["account"].string_value(); + } else { + account = boost::none; } +} + +static void updateDomainSettingsFromDocument(UeberBackend& B, const DomainInfo& di, const DNSName& zonename, const Json document, bool rectifyTransaction=true) { + boost::optional kind; + boost::optional masters, account; + + extractDomainInfoFromDocument(document, kind, masters, account); + + if (kind) { + di.backend->setKind(zonename, *kind); + } + if (masters) { + di.backend->setMaster(zonename, *masters); + } + if (account) { + di.backend->setAccount(zonename, *account); + } + if (document["soa_edit_api"].is_string()) { di.backend->setDomainMetadataOne(zonename, "SOA-EDIT-API", document["soa_edit_api"].string_value()); } @@ -648,11 +677,9 @@ static void updateDomainSettingsFromDocument(UeberBackend& B, const DomainInfo& } catch (const JsonException&) {} - if (document["account"].is_string()) { - di.backend->setAccount(zonename, document["account"].string_value()); - } DNSSECKeeper dk(&B); + bool shouldRectify = false; bool dnssecInJSON = false; bool dnssecDocVal = false; @@ -1650,8 +1677,12 @@ static void apiServerZones(HttpRequest* req, HttpResponse* resp) { } } + boost::optional kind; + boost::optional masters, account; + extractDomainInfoFromDocument(document, kind, masters, account); + // no going back after this - if(!B.createDomain(zonename)) + if(!B.createDomain(zonename, kind.get_value_or(DomainInfo::Native), masters.get_value_or(""), account.get_value_or(""))) throw ApiException("Creating domain '"+zonename.toString()+"' failed"); if(!B.getDomainInfo(zonename, di))