auth: fix set-meta for single-value metadata

diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc
index d43bb2387caf0ed13e7498312d8757775c537a28..527c4b259b4d75090edb3b72d1dbc74e097463ed 100644 (file)
--- a/pdns/pdnsutil.cc
+++ b/pdns/pdnsutil.cc
@@ -4249,13 +4249,16 @@ static int setMeta(vector<string>& cmds, const std::string_view synopsis)
   const static std::array<string, 7> multiMetaWhitelist = {"ALLOW-AXFR-FROM", "ALLOW-DNSUPDATE-FROM",
     "ALSO-NOTIFY", "TSIG-ALLOW-AXFR", "TSIG-ALLOW-DNSUPDATE", "GSS-ALLOW-AXFR-PRINCIPAL",
     "PUBLISH-CDS"};
-  bool clobber = true;
-  if (cmds.at(0) == "add-meta") {
-    clobber = false;
-    if (find(multiMetaWhitelist.begin(), multiMetaWhitelist.end(), kind) == multiMetaWhitelist.end() && kind.find("X-") != 0) {
+  bool clobber = (cmds.at(0) != "add-meta");
+  if (find(multiMetaWhitelist.begin(), multiMetaWhitelist.end(), kind) == multiMetaWhitelist.end() && kind.find("X-") != 0) {
+    if(!clobber) {
       cerr<<"Refusing to add metadata to single-value metadata "<<kind<<endl;
       return 1;
     }
+    if(cmds.size() > 4) {
+      cerr<<"Refusing to set several metadata to single-value metadata "<<kind<<endl;
+      return 1;
+    }
   }
   vector<string> meta(cmds.begin() + 3, cmds.end());
   return addOrSetMeta(zone, kind, meta, clobber);