From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Fri, 20 Dec 2019 12:04:23 +0000 (+0100)
Subject: auth: Clear the TSIG algo between iterations in the API
X-Git-Tag: auth-4.3.0-beta1~53^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F8649%2Fhead;p=thirdparty%2Fpdns.git

auth: Clear the TSIG algo between iterations in the API

Otherwise `GSQLBackend::getTSIGKey()` will try to match the
algorithm in `keyAlgo` if it's set, which will prevent retrieving
a key with a different algorithm that the previous one.
---

diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc
index 85d64d7752..a7a2850b4b 100644
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -778,10 +778,10 @@ static void updateDomainSettingsFromDocument(UeberBackend& B, const DomainInfo&
 
   if (!document["master_tsig_key_ids"].is_null()) {
     vector<string> metadata;
-    DNSName keyAlgo;
-    string keyContent;
     for(auto value : document["master_tsig_key_ids"].array_items()) {
       auto keyname(apiZoneIdToName(value.string_value()));
+      DNSName keyAlgo;
+      string keyContent;
       B.getTSIGKey(keyname, &keyAlgo, &keyContent);
       if (keyAlgo.empty() || keyContent.empty()) {
         throw ApiException("A TSIG key with the name '"+keyname.toLogString()+"' does not exist");
@@ -794,10 +794,10 @@ static void updateDomainSettingsFromDocument(UeberBackend& B, const DomainInfo&
   }
   if (!document["slave_tsig_key_ids"].is_null()) {
     vector<string> metadata;
-    DNSName keyAlgo;
-    string keyContent;
     for(auto value : document["slave_tsig_key_ids"].array_items()) {
       auto keyname(apiZoneIdToName(value.string_value()));
+      DNSName keyAlgo;
+      string keyContent;
       B.getTSIGKey(keyname, &keyAlgo, &keyContent);
       if (keyAlgo.empty() || keyContent.empty()) {
         throw ApiException("A TSIG key with the name '"+keyname.toLogString()+"' does not exist");