From: Chris Hofstaedtler Date: Tue, 2 Jun 2020 16:45:52 +0000 (+0200) Subject: API: forbid rectify for presigned zones, only X-Git-Tag: dnsdist-1.5.0-rc3~15^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f8b346cb98cdf5a1c5e17a9089bc2981cde45a1b;p=thirdparty%2Fpdns.git API: forbid rectify for presigned zones, only --- diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc index 0f6eed87f4..15a704b134 100644 --- a/pdns/ws-auth.cc +++ b/pdns/ws-auth.cc @@ -1860,8 +1860,8 @@ static void apiServerZoneRectify(HttpRequest* req, HttpResponse* resp) { DNSSECKeeper dk(&B); - if (!dk.isSecuredZone(zonename)) - throw ApiException("Zone '" + zonename.toString() + "' is not DNSSEC signed, not rectifying."); + if (dk.isPresigned(zonename)) + throw ApiException("Zone '" + zonename.toString() + "' is pre-signed, not rectifying."); string error_msg = ""; string info; diff --git a/regression-tests.api/test_Zones.py b/regression-tests.api/test_Zones.py index f95ede6e7b..09c1844dc4 100644 --- a/regression-tests.api/test_Zones.py +++ b/regression-tests.api/test_Zones.py @@ -1925,11 +1925,6 @@ $ORIGIN %NAME% dbrecs = get_db_records(name, 'SOA') self.assertIsNotNone(dbrecs[0]['ordername']) - def test_explicit_rectify_no_dnssec(self): - _, _, data = self.create_zone = self.create_zone(api_rectify=False, dnssec=False) - r = self.session.put(self.url("/api/v1/servers/localhost/zones/" + data['id'] + "/rectify")) - self.assertEquals(r.status_code, 422) - def test_explicit_rectify_slave(self): # Some users want to move a zone to kind=Slave and then rectify, without a re-transfer. name, _, data = self.create_zone = self.create_zone(api_rectify=False, dnssec=True, nsec3param='1 0 1 ab')