auth: Deny cache flush, zone retrieve and notify if the API is RO

author Remi Gacogne <remi.gacogne@powerdns.com>

Tue, 22 Aug 2017 09:48:07 +0000 (11:48 +0200)

committer Remi Gacogne <remi.gacogne@powerdns.com>

Mon, 27 Nov 2017 22:58:55 +0000 (23:58 +0100)
author Remi Gacogne <remi.gacogne@powerdns.com>
Tue, 22 Aug 2017 09:48:07 +0000 (11:48 +0200)
committer Remi Gacogne <remi.gacogne@powerdns.com>
Mon, 27 Nov 2017 22:58:55 +0000 (23:58 +0100)
diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc

index d30bd6d771290d49432f46a531915b036d003e83..70f4ce779da0a78f4bed30bc53f07a44294cbf16 100644 (file)
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -1443,7 +1443,7 @@ static void apiServerZoneExport(HttpRequest* req, HttpResponse* resp) {
  static void apiServerZoneAxfrRetrieve(HttpRequest* req, HttpResponse* resp) {
    DNSName zonename = apiZoneIdToName(req->parameters["id"]);
  
-  if(req->method != "PUT")
+  if(req->method != "PUT" || ::arg().mustDo("api-readonly"))
      throw HttpMethodNotAllowedException();
  
    UeberBackend B;
@@ -1462,7 +1462,7 @@ static void apiServerZoneAxfrRetrieve(HttpRequest* req, HttpResponse* resp) {
  static void apiServerZoneNotify(HttpRequest* req, HttpResponse* resp) {
    DNSName zonename = apiZoneIdToName(req->parameters["id"]);
  
-  if(req->method != "PUT")
+  if(req->method != "PUT" || ::arg().mustDo("api-readonly"))
      throw HttpMethodNotAllowedException();
  
    UeberBackend B;
@@ -1824,7 +1824,7 @@ static void apiServerSearchData(HttpRequest* req, HttpResponse* resp) {
  }
  
  void apiServerCacheFlush(HttpRequest* req, HttpResponse* resp) {
-  if(req->method != "PUT")
+  if(req->method != "PUT" || ::arg().mustDo("api-readonly"))
      throw HttpMethodNotAllowedException();
  
    DNSName canon = apiNameToDNSName(req->getvars["domain"]);
author	Remi Gacogne <remi.gacogne@powerdns.com>
	Tue, 22 Aug 2017 09:48:07 +0000 (11:48 +0200)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Mon, 27 Nov 2017 22:58:55 +0000 (23:58 +0100)