def cli_restrictions_update(domain, id, iprange, type, enabled): provider = Provider() zones = provider.dns_zones() restrictions = provider.dns_restrictions() zone = zones.find(domain) if not zone: print("Could not find domain") return False restriction = zone.restrictions.get(id) if not restriction: print("Could not find restriction") return False iprange = restriction.ip_range if iprange is None else iprange if len(iprange) == 0 or not restrictions.is_valid_ip_or_range(iprange): print("Invalid IP Range") return False enabled = restriction.enabled if enabled is None else enabled in ['yes', 'true'] type = restriction.type if type is None else (1 if type == 'allow' else 2) restrictions.save(restriction, zone.id, iprange, type, enabled) print("Restriction updated") return True
def zone_restrictions_edit_save(dns_zone_id, restriction_id): provider = Provider() zones = provider.dns_zones() restrictions = provider.dns_restrictions() if not zones.can_access(dns_zone_id, current_user.id): flash('Access Denied', 'error') return redirect(url_for('home.index')) zone = zones.get(dns_zone_id) if not zone: flash('Zone not found', 'error') return redirect(url_for('home.index')) ip_range = request.form['ip_range'].strip() type = int(request.form['type'].strip()) enabled = True if int(request.form.get('enabled', 0)) == 1 else False if len(ip_range) == 0 or not restrictions.is_valid_ip_or_range(ip_range): flash('Invalid IP/Range', 'error') return redirect(url_for('dns.zone_restrictions', dns_zone_id=zone.id)) elif type not in [1, 2]: flash('Invalid type', 'error') return redirect(url_for('dns.zone_restrictions', dns_zone_id=zone.id)) restriction = restrictions.create(zone_id=zone.id) if restriction_id == 0 else zone.restrictions.get(restriction_id) if not restriction: flash('Could not load restriction', 'error') return redirect(url_for('dns.zone_restrictions', dns_zone_id=zone.id)) restrictions.save(restriction, zone.id, ip_range, type, enabled) flash('Restriction saved', 'success') return redirect(url_for('dns.zone_restrictions', dns_zone_id=zone.id))
def create(self, user_id, zone_id=None, domain=None): provider = Provider() zones = provider.dns_zones() restrictions = provider.dns_restrictions() zone = zones.get(zone_id, user_id) if zone_id is not None else zones.find( domain, user_id=user_id) if not zone: return self.send_not_found_response() required_fields = ['type', 'enabled', 'ip_or_range'] data = self.get_json(required_fields) if data is False: return self.send_error_response( 5000, 'Missing fields', 'Required fields are: {0}'.format(', '.join(required_fields))) if data['type'] not in ['allow', 'block']: return self.send_error_response(5005, 'Invalid restriction type', '') elif len( data['ip_or_range'] ) == 0 or not restrictions.is_valid_ip_or_range(data['ip_or_range']): return self.send_error_response(5005, 'Invalid IP or Range', '') data['enabled'] = True if data['enabled'] else False data['type'] = 1 if data['type'] == 'allow' else 2 restriction = restrictions.create(zone_id=zone.id) restriction = restrictions.save(restriction, zone.id, data['ip_or_range'], data['type'], data['enabled']) return self.one(user_id, restriction.id, zone_id=zone.id)
def zone_restriction_create_from_log(query_log_id): provider = Provider() logging = provider.dns_logs() zones = provider.dns_zones() restrictions = provider.dns_restrictions() log = logging.get(query_log_id) if not log: flash('Could not retrieve log record', 'error') return redirect(url_for('home.index')) if log.dns_zone_id > 0: # This means that the zone exists. if not zones.can_access(log.dns_zone_id, current_user.id): # This error is misleading on purpose to prevent zone enumeration. Not that it's important by meh. flash('Could not retrieve log record', 'error') return redirect(url_for('home.index')) zone = zones.get(log.dns_zone_id) if not zone: flash('Could not load zone', 'error') return redirect(url_for('home.index')) else: # There's a chance that the dns_zone_id equals to zero but the domain exists. This can happen if the zone was # created from the log files, as the IDs aren't updated after a domain is created (after it's been logged). zone = zones.find(log.domain, user_id=current_user.id) if not zone: # If we still can't find it, create it. zone = zones.new(log.domain, True, True, False, current_user.id) if isinstance(zone, list): for error in zone: flash(error, 'error') return redirect(url_for('home.index')) # One last check as it may have been loaded by domain. if not zones.can_access(zone.id, current_user.id): # This error is misleading on purpose to prevent zone enumeration. Not that it's important by meh. flash('Could not retrieve log record', 'error') return redirect(url_for('home.index')) # At this point we should have a valid zone object. First check if the restriction exists. restriction = restrictions.find(zone_id=zone.id, ip_range=log.source_ip, type=2) if not restriction: # Doesn't exist - create it. restriction = restrictions.create(zone_id=zone.id) # Now update and save. restriction = restrictions.save(restriction, zone.id, log.source_ip, 2, True) flash('Restriction rule created', 'success') return redirect(url_for('dns.zone_restrictions', dns_zone_id=zone.id))
def one(self, user_id, id, zone_id=None, domain=None): provider = Provider() zones = provider.dns_zones() restrictions = provider.dns_restrictions() zone = zones.get(zone_id, user_id) if zone_id is not None else zones.find( domain, user_id=user_id) if not zone: return self.send_not_found_response() restriction = restrictions.find(id=id, zone_id=zone.id) if not restriction: return self.send_not_found_response() return self.send_valid_response(self.__load_restriction(restriction))
def update(self, user_id, id, zone_id=None, domain=None): provider = Provider() zones = provider.dns_zones() restrictions = provider.dns_restrictions() zone = zones.get(zone_id, user_id) if zone_id is not None else zones.find( domain, user_id=user_id) if not zone: return self.send_not_found_response() restriction = restrictions.find(id=id, zone_id=zone.id) if not restriction: return self.send_not_found_response() data = self.get_json([]) if 'enabled' in data: data['enabled'] = True if data['enabled'] else False else: data['enabled'] = restriction.enabled if 'type' in data: if data['type'] not in ['allow', 'block']: return self.send_error_response(5005, 'Invalid restriction type', '') data['type'] = 1 if data['type'] == 'allow' else 2 else: data['type'] = restriction.type if 'ip_or_range' in data: if len(data['ip_or_range'] ) == 0 or not restrictions.is_valid_ip_or_range( data['ip_or_range']): return self.send_error_response(5005, 'Invalid IP or Range', '') else: data['ip_or_range'] = restriction.ip_range restriction = restrictions.save(restriction, zone.id, data['ip_or_range'], data['type'], data['enabled']) return self.one(user_id, restriction.id, zone_id=zone.id)
def cli_restrictions_add(domain, iprange, type, enabled): provider = Provider() zones = provider.dns_zones() restrictions = provider.dns_restrictions() zone = zones.find(domain) if not zone: print("Could not find domain") return False if len(iprange) == 0 or not restrictions.is_valid_ip_or_range(iprange): print("Invalid IP Range") return False type = 1 if type == 'allow' else 2 restriction = restrictions.create(zone_id=zone.id) restrictions.save(restriction, zone.id, iprange, type, enabled) print("Restriction created") return True