From: Kees Monshouwer <mind04@monshouwer.org>
Date: Thu, 31 Oct 2019 09:32:44 +0000 (+0100)
Subject: auth: api: patchZone() was ignoring the default-api-rectify setting
X-Git-Tag: auth-4.3.0-alpha1~1^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0ca59ad989bc771753ab45607d36c86f41b321f5;p=thirdparty%2Fpdns.git

auth: api: patchZone() was ignoring the default-api-rectify setting
---

diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc
index 19ca1b5d56..31ebdf0542 100644
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -2072,14 +2072,20 @@ static void patchZone(UeberBackend& B, HttpRequest* req, HttpResponse* resp) {
     throw;
   }
 
+  // Rectify
   DNSSECKeeper dk(&B);
-  string api_rectify;
-  di.backend->getDomainMetadataOne(zonename, "API-RECTIFY", api_rectify);
-  if (dk.isSecuredZone(zonename) && !dk.isPresigned(zonename) && api_rectify == "1") {
-    string error_msg = "";
-    string info;
-    if (!dk.rectifyZone(zonename, error_msg, info, false))
-      throw ApiException("Failed to rectify '" + zonename.toString() + "' " + error_msg);
+  if (!dk.isPresigned(zonename)) {
+    string api_rectify;
+    if (!di.backend->getDomainMetadataOne(zonename, "API-RECTIFY", api_rectify) && ::arg().mustDo("default-api-rectify")) {
+      api_rectify = "1";
+    }
+    if (api_rectify == "1") {
+      string info;
+      string error_msg;
+      if (!dk.rectifyZone(zonename, error_msg, info, false)) {
+        throw ApiException("Failed to rectify '" + zonename.toString() + "' " + error_msg);
+      }
+    }
   }
 
   di.backend->commitTransaction();