From: Kees Monshouwer <mind04@monshouwer.org>
Date: Thu, 31 Oct 2019 12:12:44 +0000 (+0100)
Subject: auth: api: do not run soaedit or rectify for disabled zones
X-Git-Tag: auth-4.2.1~4^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F8503%2Fhead;p=thirdparty%2Fpdns.git

auth: api: do not run soaedit or rectify for disabled zones
---

diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc
index 11a818c2c5..3f23ca0156 100644
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -1934,6 +1934,8 @@ static void storeChangedPTRs(UeberBackend& B, vector<DNSResourceRecord>& new_ptr
 }
 
 static void patchZone(UeberBackend& B, HttpRequest* req, HttpResponse* resp) {
+  bool zone_disabled;
+  SOAData sd;
   DomainInfo di;
   DNSName zonename = apiZoneIdToName(req->parameters["id"]);
   if (!B.getDomainInfo(zonename, di)) {
@@ -2058,12 +2060,10 @@ static void patchZone(UeberBackend& B, HttpRequest* req, HttpResponse* resp) {
         throw ApiException("Changetype not understood");
     }
 
-    // edit SOA (if needed)
-    if (!soa_edit_api_kind.empty() && !soa_edit_done) {
-      SOAData sd;
-      if (!B.getSOAUncached(zonename, sd))
-        throw ApiException("No SOA found for domain '"+zonename.toString()+"'");
+    zone_disabled = (!B.getSOAUncached(zonename, sd));
 
+    // edit SOA (if needed)
+    if (!zone_disabled && !soa_edit_api_kind.empty() && !soa_edit_done) {
       DNSResourceRecord rr;
       if (makeIncreasedSOARecord(sd, soa_edit_api_kind, soa_edit_kind, rr)) {
         if (!di.backend->replaceRRSet(di.id, rr.qname, rr.qtype, vector<DNSResourceRecord>(1, rr))) {
@@ -2084,7 +2084,7 @@ static void patchZone(UeberBackend& B, HttpRequest* req, HttpResponse* resp) {
 
   // Rectify
   DNSSECKeeper dk(&B);
-  if (!dk.isPresigned(zonename)) {
+  if (!zone_disabled && !dk.isPresigned(zonename)) {
     string api_rectify;
     if (!di.backend->getDomainMetadataOne(zonename, "API-RECTIFY", api_rectify) && ::arg().mustDo("default-api-rectify")) {
       api_rectify = "1";