def test_cleanup_cname(self): # Make sure CNAME record block c = Domain(name='foo1') c.save() self.assertFalse(c.purgeable) s, _ = SOA.objects.get_or_create(primary="foo", contact="Foo", comment="dddfoo") f_c = Domain(name='foo.foo1') f_c.soa = s f_c.save() self.assertFalse(Domain.objects.filter(name="x.y.z.foo.foo1")) self.assertFalse(Domain.objects.filter(name="y.z.foo.foo1")) self.assertFalse(Domain.objects.filter(name="z.foo.foo1")) self.assertTrue(Domain.objects.filter(name="foo.foo1")) self.assertFalse(f_c.purgeable) fqdn = "cname.x.y.z.foo.foo1" label, the_domain = ensure_label_domain(fqdn) cname = CNAME(label=label, domain=the_domain, target="foo") cname.save() self.assertFalse(prune_tree(the_domain)) cname.delete() self.assertFalse(Domain.objects.filter(name="x.y.z.foo.foo1")) self.assertFalse(Domain.objects.filter(name="y.z.foo.foo1")) self.assertFalse(Domain.objects.filter(name="z.foo.foo1")) fqdn = "bar.x.y.z.foo.poo" self.assertTrue(Domain.objects.filter(name="foo.foo1"))
def test_soa_perms(self): """ Test SOA perms """ self.setup_request() perm_table = { 'cyder_admin': ['all'], 'admin': [cy.ACTION_VIEW], 'user': [cy.ACTION_VIEW], 'guest': [cy.ACTION_VIEW], } # initialize obj into ctnrs obj = SOA() obj.primary = '192.168.1.1' obj.contact = '192.168.1.1' obj.save() domain = Domain(id=None, name='foo') domain.soa = obj domain.save() self.ctnr_admin.domains.add(domain) self.ctnr_user.domains.add(domain) self.ctnr_guest.domains.add(domain) self.save_all_ctnrs() self.check_perms_each_user(obj, perm_table)
def test_basic_add_remove3(self): # MAke sure that if a domain is set to not purgeable the prune stops at # that domain when a record exists in a domain c = Domain(name='foo') c.save() self.assertFalse(c.purgeable) f_c = Domain(name='foo.foo') s, _ = SOA.objects.get_or_create(primary="foo", contact="foo", comment="foo.foo") f_c.soa = s f_c.save() self.assertFalse(f_c.purgeable) fqdn = "bar.x.y.z.foo.foo" label, the_domain = ensure_label_domain(fqdn) txt = TXT(label=label, domain=the_domain, txt_data="Nthing") txt.save() self.assertTrue(the_domain.purgeable) # txt makes the domain un-purgeable. self.assertFalse(prune_tree(the_domain)) txt.delete() # The tree should have pruned itself # Make sure stuff was deleted. self.assertFalse(Domain.objects.filter(name="x.y.z.foo.foo")) self.assertFalse(Domain.objects.filter(name="y.z.foo.foo")) self.assertFalse(Domain.objects.filter(name="z.foo.foo")) self.assertTrue(Domain.objects.filter(name="foo.foo"))
def test_soa_perms(self): """ Test SOA perms """ self.setup_request() perm_table = { 'cyder_admin': ['all'], 'admin': ['view'], 'user': ['view'], 'guest': ['view'], } # initialize obj into ctnrs obj = SOA() obj.primary = '192.168.1.1' obj.contact = '192.168.1.1' obj.save() domain = Domain(id=None, name='foo') domain.soa = obj domain.save() self.ctnr_admin.domains.add(domain) self.ctnr_user.domains.add(domain) self.ctnr_guest.domains.add(domain) self.save_all_ctnrs() self.check_perms_each_user(obj, perm_table)
def test_basic_add_remove2(self): # MAke sure that if a domain is set to not purgeable the prune stops at # that domain. c = Domain(name='edu') c.save() self.assertFalse(c.purgeable) f_c = Domain(name='foo.edu') s, _ = SOA.objects.get_or_create(primary="foo", contact="foo", description="foo.edu") f_c.soa = s f_c.save() self.assertFalse(f_c.purgeable) fqdn = "bar.x.y.z.foo.edu" label, the_domain = ensure_label_domain(fqdn) self.assertEqual(label, "bar") self.assertEqual(the_domain.name, "x.y.z.foo.edu") self.assertTrue(the_domain.purgeable) self.assertEqual(the_domain.master_domain.name, "y.z.foo.edu") self.assertTrue(the_domain.master_domain.purgeable) self.assertEqual( the_domain.master_domain.master_domain.name, "z.foo.edu") self.assertTrue(the_domain.master_domain.master_domain.purgeable) self.assertEqual( the_domain.master_domain.master_domain.master_domain.name, "foo.edu" ) self.assertFalse( the_domain.master_domain.master_domain.master_domain.purgeable) # See if purgeable stops prune the_domain.purgeable = False the_domain.save() self.assertFalse(prune_tree(the_domain)) the_domain.purgeable = True the_domain.save() # Ok, reset y_z = Domain.objects.get(name="y.z.foo.edu") y_z.purgeable = False y_z.save() # Refresh the domain the_domain = Domain.objects.get(pk=the_domain.pk) # This should delete up to and stop at the domain "y.z.foo.edu" self.assertTrue(prune_tree(the_domain)) self.assertFalse(Domain.objects.filter(name="x.y.z.foo.edu")) self.assertTrue(Domain.objects.filter(name="y.z.foo.edu")) self.assertTrue(Domain.objects.filter(name="z.foo.edu")) self.assertTrue(Domain.objects.filter(name="foo.edu")) # If we delete y.z.foo.com and then call prune on z.foo.com is should # delete z.foo.com Domain.objects.get(name="y.z.foo.edu").delete() self.assertTrue(prune_tree(Domain.objects.get(name="z.foo.edu"))) self.assertFalse(Domain.objects.filter(name="z.foo.edu")) self.assertTrue(Domain.objects.filter(name="foo.edu"))
def build_sample_domain(): domain_name = '' for i in range(2): domain_name = random_label() domain = Domain(name=domain_name) soa = SOA(primary=random_label(), contact="asf", comment=random_label()) soa.save() domain.soa = soa domain.save() return domain
def test_no_soa_block2(self): c = Domain(name='moo') c.save() f_c = Domain(name='foo.moo') f_c.save() s, _ = SOA.objects.get_or_create(primary="bar23", contact="Foo", description="bar") f_c.soa = s f_c.save() self.assertRaises(ValidationError, ensure_label_domain, "baz.moo")
def test_basic_add_remove5(self): # Make sure all record types block c = Domain(name='foo22') c.save() self.assertFalse(c.purgeable) f_c = Domain(name='foo.foo22') s, _ = SOA.objects.get_or_create(primary="foo", contact="foo", comment="foo.foo22") f_c.soa = s f_c.save() self.assertFalse(f_c.purgeable) fqdn = "bar.x.y.z.foo.foo22" label, the_domain = ensure_label_domain(fqdn) txt = TXT(label=label, domain=the_domain, txt_data="Nthing") txt.save() self.assertFalse(prune_tree(the_domain)) txt.delete() label, the_domain = ensure_label_domain(fqdn) addr = AddressRecord(label=label, domain=the_domain, ip_type='4', ip_str="10.2.3.4") addr.save() self.assertFalse(prune_tree(the_domain)) addr.delete() label, the_domain = ensure_label_domain(fqdn) mx = MX(label=label, domain=the_domain, server="foo", priority=4) mx.save() self.assertFalse(prune_tree(the_domain)) mx.delete() label, the_domain = ensure_label_domain(fqdn) ns = Nameserver(domain=the_domain, server="asdfasffoo") ns.save() self.assertFalse(prune_tree(the_domain)) ns.delete() label, the_domain = ensure_label_domain(fqdn) srv = SRV(label='_' + label, domain=the_domain, target="foo", priority=4, weight=4, port=34) srv.save() self.assertFalse(prune_tree(the_domain)) srv.delete()
def test_basic_add_remove4(self): # Move a record down the tree testing prune's ability to not delete # stuff. c = Domain(name='goo') c.save() self.assertFalse(c.purgeable) f_c = Domain(name='foo.goo') s, _ = SOA.objects.get_or_create(primary="foo", contact="foo", comment="foo.goo") f_c.soa = s f_c.save() self.assertFalse(f_c.purgeable) fqdn = "bar.x.y.z.foo.goo" label, the_domain = ensure_label_domain(fqdn) txt = TXT(label=label, domain=the_domain, txt_data="Nthing") txt.save() self.assertTrue(the_domain.purgeable) # txt makes the domain un-purgeable. self.assertFalse(prune_tree(the_domain)) txt.domain = the_domain.master_domain the_next_domain = the_domain.master_domain txt.save() self.assertFalse(Domain.objects.filter(pk=the_domain.pk)) # We should be able to delete now. self.assertTrue(prune_tree(the_domain)) the_domain = the_next_domain # txt makes the domain un-purgeable. y.z.foo.com self.assertFalse(prune_tree(the_domain)) txt.domain = the_domain.master_domain the_next_domain = the_domain.master_domain txt.save() self.assertFalse(Domain.objects.filter(pk=the_domain.pk)) # We should be able to delete now. the_domain = the_next_domain # txt makes the domain un-purgeable. z.foo.com self.assertFalse(prune_tree(the_domain)) txt.domain = the_domain.master_domain the_next_domain = the_domain.master_domain txt.save() self.assertFalse(Domain.objects.filter(pk=the_domain.pk)) # We should be able to delete now. the_domain = the_next_domain # txt makes the domain un-purgeable. foo.com self.assertFalse(prune_tree(the_domain))
def test_delegation_block(self): s, _ = SOA.objects.get_or_create(primary="foo", contact="Foo", comment="foo") c = Domain(name='com') c.soa = s c.save() self.assertFalse(c.purgeable) f_c = Domain(name='foo.com') f_c.delegated = True f_c.save() self.assertFalse(f_c.purgeable) self.assertTrue(f_c.delegated) fqdn = "z.baz.foo.com" self.assertRaises(ValidationError, ensure_label_domain, fqdn)
def test_basic_add_remove5(self): # Make sure all record types block c = Domain(name='foo22') c.save() self.assertFalse(c.purgeable) f_c = Domain(name='foo.foo22') s, _ = SOA.objects.get_or_create(primary="foo", contact="foo", comment="foo.foo22") f_c.soa = s f_c.save() self.assertFalse(f_c.purgeable) fqdn = "bar.x.y.z.foo.foo22" label, the_domain = ensure_label_domain(fqdn) txt = TXT(label=label, domain=the_domain, txt_data="Nthing") txt.save() self.assertFalse(prune_tree(the_domain)) txt.delete() label, the_domain = ensure_label_domain(fqdn) addr = AddressRecord(label=label, domain=the_domain, ip_type='4', ip_str="10.2.3.4") addr.save() self.assertFalse(prune_tree(the_domain)) addr.delete() label, the_domain = ensure_label_domain(fqdn) mx = MX(label=label, domain=the_domain, server="foo", priority=4) mx.save() self.assertFalse(prune_tree(the_domain)) mx.delete() label, the_domain = ensure_label_domain(fqdn) ns = Nameserver(domain=the_domain, server="asdfasffoo") ns.save() self.assertFalse(prune_tree(the_domain)) ns.delete() label, the_domain = ensure_label_domain(fqdn) srv = SRV( label='_' + label, domain=the_domain, target="foo", priority=4, weight=4, port=34) srv.save() self.assertFalse(prune_tree(the_domain)) srv.delete()
def test_bad_nameserver_soa_state_case_1_3(self): # This is Case 1 ... with ptr's root_domain = create_fake_zone("13.in-addr.arpa", suffix="") for ns in root_domain.nameserver_set.all(): ns.delete() # At his point we should have a domain at the root of a zone with no # other records in it. # Let's create a child domain and try to add a record there. cdomain = Domain(name="10.13.in-addr.arpa") cdomain.soa = root_domain.soa cdomain.save() # Adding a record shouldn't be allowed because there is no NS record on # the zone's root domain. ptr = PTR(name="asdf", ip_str="13.10.1.1", ip_type="4") self.assertRaises(ValidationError, ptr.save)
def test_basic_add_remove6(self): # Make sure CNAME record block c = Domain(name='foo1') c.save() self.assertFalse(c.purgeable) f_c = Domain(name='foo.foo1') s, _ = SOA.objects.get_or_create(primary="foo", contact="foo", comment="foo.foo1") f_c.soa = s f_c.save() self.assertFalse(f_c.purgeable) fqdn = "cname.x.y.z.foo.foo1" label, the_domain = ensure_label_domain(fqdn) cname = CNAME(label=label, domain=the_domain, target="foo") cname.save() self.assertFalse(prune_tree(the_domain)) cname.delete()
def test_ctnr_soa(self): """ Test being in ctnr /w soa record gives appropriate perms """ request = HttpRequest() request.user = self.test_user request.session = SessionStore() request.session['ctnr'] = self.ctnr # create domain with soa, add domain to ctnr soa = SOA() soa.primary = '192.168.1.1' soa.contact = '192.168.1.1' soa.save() domain = Domain(id=None, name='foo') domain.soa = soa domain.save() self.ctnr.domains.add(domain) self.ctnr.save() self.ctnr_admin.domains.add(domain) self.ctnr_admin.save() # checks where user is not admin has_perm = self.test_user.get_profile().has_perm(request, soa, write=False) self.assertTrue(has_perm, 'user should have read access') has_perm = self.test_user.get_profile().has_perm(request, soa, write=True) self.assertFalse(has_perm, 'user should not have write access') # checks where user is admin request.session = {'ctnr': self.ctnr_admin} has_perm = self.test_user.get_profile().has_perm(request, soa, write=False) self.assertTrue(has_perm, 'user should have read access') has_perm = self.test_user.get_profile().has_perm(request, soa, write=True) self.assertTrue(has_perm, 'user should have write access') # checks where obj not in ctnr request.session = {'ctnr': self.ctnr_empty} has_perm = self.test_user.get_profile().has_perm(request, soa, write=False) self.assertFalse(has_perm, 'user should not have read access') has_perm = self.test_user.get_profile().has_perm(request, soa, write=True) self.assertFalse(has_perm, 'user should not have write access')
def test_bad_nameserver_soa_state_case_2_3(self): # This is Case 2 ... with ptrs root_domain = create_fake_zone("10.23.in-addr.arpa", suffix="") self.assertEqual(root_domain.nameserver_set.count(), 1) ns = root_domain.nameserver_set.all()[0] # At his point we should have a domain at the root of a zone with one # ns record associated to the domain. # Let's create a child domain and add a record there, then try to # delete the NS record cdomain = Domain(name="test." + root_domain.name) cdomain.soa = root_domain.soa cdomain.save() ptr = PTR(name="asdf", ip_str="23.10.1.1", ip_type="4") ptr.save() self.assertRaises(ValidationError, ns.delete)
def test_bad_nameserver_soa_state_case_2_1(self): # This is Case 2 root_domain = create_fake_zone("asdf21") self.assertEqual(root_domain.nameserver_set.count(), 1) ns = root_domain.nameserver_set.all()[0] # At his point we should have a domain at the root of a zone with one # ns record associated to the domain. # Let's create a child domain and add a record there, then try to # delete the NS record cdomain = Domain(name="test." + root_domain.name) cdomain.soa = root_domain.soa cdomain.save() a = AddressRecord(label='', domain=cdomain, ip_type="6", ip_str="1::") a.save() self.assertRaises(ValidationError, ns.delete)
def test_bad_nameserver_soa_state_case_1_1(self): # This is Case 1 root_domain = create_fake_zone("asdf111") for ns in root_domain.nameserver_set.all(): ns.delete() # At his point we should have a domain at the root of a zone with no # other records in it. # Let's create a child domain and try to add a record there. cdomain = Domain(name="test." + root_domain.name) cdomain.soa = root_domain.soa cdomain.save() # Adding a record shouldn't be allowed because there is no NS record on # the zone's root domain. a = AddressRecord(label='', domain=cdomain, ip_type="6", ip_str="1::") self.assertRaises(ValidationError, a.save) cn = CNAME(label='', domain=cdomain, target="asdf") self.assertRaises(ValidationError, cn.save)
def test_bad_nameserver_soa_state_case_1_4(self): # This is Case 1 ... with StaticInterfaces's reverse_root_domain = create_fake_zone("14.in-addr.arpa", suffix="") root_domain = create_fake_zone("asdf14") for ns in root_domain.nameserver_set.all(): ns.delete() # At his point we should have a domain at the root of a zone with no # other records in it. # Let's create a child domain and try to add a record there. cdomain = Domain(name="10.14.in-addr.arpa") cdomain.soa = reverse_root_domain.soa cdomain.save() # Adding a record shouldn't be allowed because there is no NS record on # the zone's root domain. intr = StaticInterface( label="asdf", domain=root_domain, ip_str="14.10.1.1", ip_type="4", mac="11:22:33:44:55:66", system=self.s) self.assertRaises(ValidationError, intr.save)
def test_basic_add_remove1(self): c = Domain(name='com') c.save() self.assertFalse(c.purgeable) f_c = Domain(name='foo.com') s, _ = SOA.objects.get_or_create(primary="foo", contact="foo", description="foo.zfoo.comom") f_c.soa = s f_c.save() self.assertFalse(f_c.purgeable) fqdn = "bar.x.y.z.foo.com" label, the_domain = ensure_label_domain(fqdn) self.assertEqual(label, "bar") self.assertEqual(the_domain.name, "x.y.z.foo.com") self.assertTrue(the_domain.purgeable) self.assertEqual(the_domain.master_domain.name, "y.z.foo.com") self.assertTrue(the_domain.master_domain.purgeable) self.assertEqual( the_domain.master_domain.master_domain.name, "z.foo.com") self.assertTrue(the_domain.master_domain.master_domain.purgeable) self.assertEqual( the_domain.master_domain.master_domain.master_domain.name, "foo.com" ) self.assertFalse( the_domain.master_domain.master_domain.master_domain.purgeable) # Now call prune tree one the_domain self.assertTrue(prune_tree(the_domain)) self.assertFalse(Domain.objects.filter(name="x.y.z.foo.com")) self.assertFalse(Domain.objects.filter(name="y.z.foo.com")) self.assertFalse(Domain.objects.filter(name="z.foo.com")) self.assertTrue(Domain.objects.filter(name="foo.com")) # Make sure other domain's can't be pruned self.assertFalse(prune_tree(f_c)) self.assertTrue(Domain.objects.filter(name="foo.com")) self.assertFalse(prune_tree(c)) self.assertTrue(Domain.objects.filter(name="com"))
def test_bad_nameserver_soa_state_case_3_3(self): # This is Case 3 ... with ptrs root_domain = create_fake_zone("33.in-addr.arpa", suffix="") for ns in root_domain.nameserver_set.all(): ns.delete() # At his point we should have a domain pointed at an SOA record with no # records attached to it (esspecially no ns recods). It also has no # child domains. # Try case 3 but add a record to a child domain of root_domain cdomain = Domain(name="10.33.in-addr.arpa") cdomain.save() # Add a record to the domain. ptr = PTR(name="asdf", ip_str="33.10.1.1", ip_type="4") ptr.save() # Now try to add the domain to the zone that has no NS records at it's # root cdomain.soa = root_domain.soa self.assertRaises(ValidationError, cdomain.save)
def test_bad_nameserver_soa_state_case_3_1(self): # This is Case 3 root_domain = create_fake_zone("asdf31") for ns in root_domain.nameserver_set.all(): ns.delete() # At his point we should have a domain pointed at an SOA record with no # records attached to it (esspecially no ns recods). It also has no # child domains. # Try case 3 but add a record to a child domain of root_domain cdomain = Domain(name="test." + root_domain.name) cdomain.save() # Add a record to the domain. a = AddressRecord(label='', domain=cdomain, ip_type="6", ip_str="1::") a.save() # Now try to add the domain to the zone that has no NS records at it's # root cdomain.soa = root_domain.soa self.assertRaises(ValidationError, cdomain.save)
def test_soa_validators(self): m = Domain( name = 'moo') m.save() f_m = Domain( name = 'foo.moo') f_m.save() n_f_m = Domain( name = 'noo.foo.moo') n_f_m.save() b_m = Domain( name = 'baz.moo') b_m.save() s = SOA( primary="ns1.foo.com", contact="asdf", comment="test") s.save() f_m.soa = s f_m.save() b_m.soa = s self.assertRaises(ValidationError, b_m.save) n_f_m = Domain.objects.get(pk=n_f_m.pk) #Refresh object n_f_m.soa = s n_f_m.save() m.soa = s m.save() b_m.soa = s b_m.save() m.soa = None self.assertRaises(ValidationError, m.save) s2 = SOA( primary="ns1.foo.com", contact="asdf", comment="test2") s2.save() m.soa = s2 self.assertRaises(ValidationError, m.save)
def test_soa_validators(self): m = Domain(name='moo') m.save() f_m = Domain(name='foo.moo') f_m.save() n_f_m = Domain(name='noo.foo.moo') n_f_m.save() b_m = Domain(name='baz.moo') b_m.save() s = SOA(primary="ns1.foo.com", contact="asdf", description="test") s.save() f_m.soa = s f_m.save() b_m.soa = s self.assertRaises(ValidationError, b_m.save) n_f_m = Domain.objects.get(pk=n_f_m.pk) # Refresh object n_f_m.soa = s n_f_m.save() m.soa = s m.save() b_m.soa = s b_m.save() m.soa = None self.assertRaises(ValidationError, m.save) s2 = SOA(primary="ns1.foo.com", contact="asdf", description="test2") s2.save() m.soa = s2 self.assertRaises(ValidationError, m.save)
def test_bad_nameserver_soa_state_case_1_4(self): # This is Case 1 ... with StaticInterfaces's reverse_root_domain = create_fake_zone("14.in-addr.arpa", suffix="") root_domain = create_fake_zone("asdf14") for ns in root_domain.nameserver_set.all(): ns.delete() # At his point we should have a domain at the root of a zone with no # other records in it. # Let's create a child domain and try to add a record there. cdomain = Domain(name="10.14.in-addr.arpa") cdomain.soa = reverse_root_domain.soa cdomain.save() # Adding a record shouldn't be allowed because there is no NS record on # the zone's root domain. intr = StaticInterface(label="asdf", domain=root_domain, ip_str="14.10.1.1", ip_type="4", mac="11:22:33:44:55:66", system=self.s) self.assertRaises(ValidationError, intr.save)