auth: api: patchZone() was ignoring the default-api-rectify setting

author Kees Monshouwer <mind04@monshouwer.org>

Thu, 31 Oct 2019 09:32:44 +0000 (10:32 +0100)

committer mind04 <mind04@monshouwer.org>

Thu, 31 Oct 2019 09:37:19 +0000 (10:37 +0100)
author Kees Monshouwer <mind04@monshouwer.org>
Thu, 31 Oct 2019 09:32:44 +0000 (10:32 +0100)
committer mind04 <mind04@monshouwer.org>
Thu, 31 Oct 2019 09:37:19 +0000 (10:37 +0100)
diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc

index 19ca1b5d56ba1f65c69433dc7721bca658e2469e..31ebdf054265f88faba4f145e5b9cbaa07d5e731 100644 (file)
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -2072,14 +2072,20 @@ static void patchZone(UeberBackend& B, HttpRequest* req, HttpResponse* resp) {
      throw;
    }
  
+  // Rectify
    DNSSECKeeper dk(&B);
-  string api_rectify;
-  di.backend->getDomainMetadataOne(zonename, "API-RECTIFY", api_rectify);
-  if (dk.isSecuredZone(zonename) && !dk.isPresigned(zonename) && api_rectify == "1") {
-    string error_msg = "";
-    string info;
-    if (!dk.rectifyZone(zonename, error_msg, info, false))
-      throw ApiException("Failed to rectify '" + zonename.toString() + "' " + error_msg);
+  if (!dk.isPresigned(zonename)) {
+    string api_rectify;
+    if (!di.backend->getDomainMetadataOne(zonename, "API-RECTIFY", api_rectify) && ::arg().mustDo("default-api-rectify")) {
+      api_rectify = "1";
+    }
+    if (api_rectify == "1") {
+      string info;
+      string error_msg;
+      if (!dk.rectifyZone(zonename, error_msg, info, false)) {
+        throw ApiException("Failed to rectify '" + zonename.toString() + "' " + error_msg);
+      }
+    }
    }
  
    di.backend->commitTransaction();
author	Kees Monshouwer <mind04@monshouwer.org>
	Thu, 31 Oct 2019 09:32:44 +0000 (10:32 +0100)
committer	mind04 <mind04@monshouwer.org>
	Thu, 31 Oct 2019 09:37:19 +0000 (10:37 +0100)