From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Mon, 17 Jul 2017 13:26:38 +0000 (+0200)
Subject: auth: Check if the API is read-only on crypto keys methods
X-Git-Tag: dnsdist-1.2.0~16^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1abc1df5b8a68e0613eec7ca25c8ad667e1e2143;p=pdns

auth: Check if the API is read-only on crypto keys methods
---

diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc
index 5142fd9b0..45511220a 100644
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -952,13 +952,13 @@ static void apiZoneCryptokeys(HttpRequest *req, HttpResponse *resp) {
 
   if (req->method == "GET") {
     apiZoneCryptokeysGET(zonename, inquireKeyId, resp, &dk);
-  } else if (req->method == "DELETE") {
+  } else if (req->method == "DELETE" && !::arg().mustDo("api-readonly")) {
     if (inquireKeyId == -1)
       throw HttpBadRequestException();
     apiZoneCryptokeysDELETE(zonename, inquireKeyId, req, resp, &dk);
-  } else if (req->method == "POST") {
+  } else if (req->method == "POST" && !::arg().mustDo("api-readonly")) {
     apiZoneCryptokeysPOST(zonename, req, resp, &dk);
-  } else if (req->method == "PUT") {
+  } else if (req->method == "PUT" && !::arg().mustDo("api-readonly")) {
     if (inquireKeyId == -1)
       throw HttpBadRequestException();
     apiZoneCryptokeysPUT(zonename, inquireKeyId, req, resp, &dk);