From ab357bda9eb04560c6b831fac61d00c27dd0f1c6 Mon Sep 17 00:00:00 2001 From: Peter van Dijk Date: Tue, 18 Jun 2024 20:25:23 +0200 Subject: [PATCH] auth API: when querying with rrset_name, respect it for comments too (cherry picked from commit e8e31cdbddaab406e614d3d858d318a28b391a9d) --- pdns/ws-auth.cc | 16 +++++++++------- regression-tests.api/test_Zones.py | 22 ++++++++++++++++++---- 2 files changed, 27 insertions(+), 11 deletions(-) diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc index ae95449634d0..a206c89fc549 100644 --- a/pdns/ws-auth.cc +++ b/pdns/ws-auth.cc @@ -445,6 +445,9 @@ static void fillZone(UeberBackend& backend, const DNSName& zonename, HttpRespons vector records; vector comments; + QType qType = QType::ANY; + DNSName qName; + // load all records + sort { DNSResourceRecord resourceRecord; @@ -452,14 +455,11 @@ static void fillZone(UeberBackend& backend, const DNSName& zonename, HttpRespons domainInfo.backend->list(zonename, static_cast(domainInfo.id), true); // incl. disabled } else { - QType qType; - if (req->getvars.count("rrset_type") == 0) { - qType = QType::ANY; - } - else { + qName = DNSName(req->getvars["rrset_name"]); + if (req->getvars.count("rrset_type") != 0) { qType = req->getvars["rrset_type"]; } - domainInfo.backend->lookup(qType, DNSName(req->getvars["rrset_name"]), static_cast(domainInfo.id)); + domainInfo.backend->lookup(qType, qName, static_cast(domainInfo.id)); } while (domainInfo.backend->get(resourceRecord)) { if (resourceRecord.qtype.getCode() == 0) { @@ -483,7 +483,9 @@ static void fillZone(UeberBackend& backend, const DNSName& zonename, HttpRespons Comment comment; domainInfo.backend->listComments(domainInfo.id); while (domainInfo.backend->getComment(comment)) { - comments.push_back(comment); + if ((qName.empty() || comment.qname == qName) && (qType == QType::ANY || comment.qtype == qType)) { + comments.push_back(comment); + } } sort(comments.begin(), comments.end(), [](const Comment& rrA, const Comment& rrB) { /* if you ever want to update this comparison function, diff --git a/regression-tests.api/test_Zones.py b/regression-tests.api/test_Zones.py index d769859896f4..24a8b433b8db 100644 --- a/regression-tests.api/test_Zones.py +++ b/regression-tests.api/test_Zones.py @@ -1935,7 +1935,7 @@ def test_zone_delete(self): def test_zone_comment_create(self): name, payload, zone = self.create_zone() - rrset = { + rrset1 = { 'changetype': 'replace', 'name': name, 'type': 'NS', @@ -1951,7 +1951,19 @@ def test_zone_comment_create(self): } ] } - payload = {'rrsets': [rrset]} + rrset2 = { + 'changetype': 'replace', + 'name': name, + 'type': 'SOA', + 'ttl': 3600, + 'comments': [ + { + 'account': 'test3', + 'content': 'this should not show up later' + } + ] + } + payload = {'rrsets': [rrset1, rrset2]} r = self.session.patch( self.url("/api/v1/servers/localhost/zones/" + name), data=json.dumps(payload), @@ -1963,13 +1975,15 @@ def test_zone_comment_create(self): self.assert_success(r) # make sure the comments have been set, and that the NS # records are still present - data = self.get_zone(name) + data = self.get_zone(name, rrset_name=name, rrset_type="NS") serverset = get_rrset(data, name, 'NS') print(serverset) self.assertNotEqual(serverset['records'], []) self.assertNotEqual(serverset['comments'], []) # verify that modified_at has been set by pdns self.assertNotEqual([c for c in serverset['comments']][0]['modified_at'], 0) + # verify that unrelated comments do not leak into the result + self.assertEqual(get_rrset(data, name, 'SOA'), None) # verify that TTL is correct (regression test) self.assertEqual(serverset['ttl'], 3600) @@ -1997,7 +2011,7 @@ def test_zone_comment_delete(self): @unittest.skipIf(is_auth_lmdb(), "No comments in LMDB") def test_zone_comment_out_of_range_modified_at(self): - # Test if comments on an rrset stay intact if the rrset is replaced + # Test if a modified_at outside of the 32 bit range throws an error name, payload, zone = self.create_zone() rrset = { 'changetype': 'replace',