def getViewData(oid):
qrylist = ['view_name,def_sh_id','bind_views','org_id',oid]
resultrow = bulkdbselect1w_dm.dbRecordSelect(qrylist)
# To deal with more than one record coming back we need to unpack the tuples and present to user
vnamelist=[]
retlist = []
for rval in resultrow:
(vwstr, defshid) = rval
# dump into list iterate by twos and prompt
vnamelist.append(vwstr,defshid)
# convert to > 1 for proud
if len(resultrow) < 5:
print "There is more than one View assigned to this organization identifer\nselect the View that will be using this blacklist\n"
i=0
for i in range(len(vnamelist)):
print "View : " + vnamelist[i]
vprompt = True
while vprompt:
uvlinput = raw_input("Select (yes/no)?: ")
uvlinput = inputSani_dm.inputSanitizer(uvlinput,'ynprompt')
#print uvlinput
if uvlinput == 'invalid_format':
continue
elif uvlinput == 'no':
i = i + 2
else:
retlist.append(vnamelist[i])
retlist.append(vnamelist[i + 1])
vprompt = False
return retlist
def dotQuadtoInt(dquad):
dquad = inputSani_dm.inputSanitizer(dquad,'ip')
#print dquad
if dquad =='invalid_format':
ipInt = 10
else:
ipInt = struct.unpack('>L',socket.inet_aton(dquad))[0]
return ipInt
def dbRecordSelect(selectinput):
thisCfgDict = cfgparse_dm.opencfg(dbcfg,'SectionOne')
adminVar = thisCfgDict['databaseuser']
adminPwd= thisCfgDict['databasepwd']
ivDBName = thisCfgDict['databasename']
#debug
print " sanitizing input data"
selectvalue1 = str(selectinput[0])
selectvalue1 = inputSani_dm.inputSanitizer(selectvalue1,'sqlval')
selecttable = str(selectinput[1])
selecttable = inputSani_dm.inputSanitizer(selecttable,'sqlval')
jointable = str(selectinput[2])
jointable = inputSani_dm.inputSanitizer(jointable,'sqlval')
joinv1 = str(selectinput[3])
joinv1 = inputSani_dm.inputSanitizer(joinv1,'sqlval')
joinv2 = str(selectinput[4])
joinv2 = inputSani_dm.inputSanitizer(joinv2,'sqlval')
wherecol = str(selectinput[5])
wherecol = inputSani_dm.inputSanitizer(wherecol,'sqlval')
whereval = str(selectinput[6])
whereval = inputSani_dm.inputSanitizer(whereval,'sqlval')
#debug
print "retrieving data"
resultlist = []
try:
dbcon = mdb.connect('localhost',adminVar,adminPwd,ivDBName)
#print "connected"
except mdb.Error, e:
print e.args[0]
sys.exit(1)
def inputView(vname):
#check for no spaces and make sure it's not already used.
#viewName = inputSanitizer(vname,'view')
viewName = inputSani_dm.inputSanitizer(vname,'view')
print "confirming view name is unique in the system"
checkviewname=['view_name','bind_views',viewName] # Column, table, value
#boolVar= dbRecordCheck(checkviewname)
boolVar= dbchk_dm.dbRecordCheck(checkviewname)
checkviewlist = [boolVar,viewName] # return result of uniqueness test and view name value if it's usable.
if checkviewlist[0]:
print "Sorry, that record appears to be in use, please provide a different value"
return checkviewlist
def doGenView(thisorgid):
gviewdict['org_id']=thisorgid
genviewmenuactive = True
while genviewmenuactive:
getviewid = True
makeview = False
makezone = False
makerecview = False
print "\nYou are about to generate/regenerate a new Bind View and related zone files."
filechoice = raw_input("View File or zone file (primaryview|zone|recursionview)?")
filechoice = filechoice.strip().lower()
if filechoice =='primaryview':
makeview = True
elif filechoice == 'zone':
makezone = True
elif filechoice == 'recursionview':
makerecview = True
else:
print "not a valid choice"
while getviewid:
print "You can only generate views assigned to your organization."
uvinput = raw_input("Enter view name: ")
uvinput = uvinput.strip().lower()
viewName = inputSani_dm.inputSanitizer(uvinput,'view')
authchk=[thisorgid,viewName]
vresult = authView(authchk) # needed to get the status, using length of list to avoid global vars
#print vresult[0]
if vresult[0]:
print "congrats you are authorized for this view "
gviewdict['view_id'] = vresult[1]
gviewdict['view_name'] = viewName
getviewid = False
# get tsig key data, this all needs to stay within the authorized section
gentsigsql(gviewdict['view_id'])
genshsql(gviewdict['view_name'])
# create composite content values
shzone = makezonename(gviewdict['sh_fqdn'])
gviewdict['sh_zone'] = shzone
gviewdict['rpz_zone'] = gviewdict['view_name'] + ".rpz"
getnodeinfo()
gviewdict['acl_name'] = gviewdict['view_name'] + "ACL"
genviewsql(gviewdict['view_id'])
# debug
#for key,val in gviewdict.iteritems():
# print key,"-->",val
#
# write to file
if makeview:
thisoid=gviewdict['org_id']
makeViewFile_dm.readDict(gviewdict)
makeTsig_dm.gentsigcontents(gviewdict)
# Move TSIG into keys directory
thistsig = gviewdict['tsig_name'] + ".tsig"
placeViewFiles_dm.copyfile(thistsig,'key',thisoid)
# create ACLs for this view
genViewACL_dm.genACL(gviewdict)
# Move acl file into acls dir
aclfile=gviewdict['view_name'] + ".viewacl"
placeViewFiles_dm.copyfile(aclfile,'acl',thisoid)
# prepare client directory for zone file
placeViewFiles_dm.mkclientdir(thisoid)
makeview = False
if makezone:
thisoid=gviewdict['org_id']
makeZoneFile_dm.readDict(gviewdict)
zonefile = gviewdict['sh_zone']
placeViewFiles_dm.copyfile(zonefile,'zone',thisoid)
makezone = False
if makerecview:
makeRecViewFile_dm.readDict(gviewdict)
makeview = False
genviewmenuactive=False
def doView(mwlist):
#print "do menu view"
#for val in mwlist:
# print val
# create a dictionary to collect all the results to generate SQL inserts or update
viewDict = dict()
# insert org id into dictionary
viewDict['org_id'] = mwlist[2]
if mwlist[1] != 'update':
# start the menu to gather view details
viewmenuactive=True
while viewmenuactive:
getviewname = True
print "\nYou are about to provide the data needed for a new Bind View and related zone files."
print "\nThe view must be a unique name within the system,"
print "it must also be a single word with no spaces, letters, dashes, underscores and digits ok"
while getviewname:
uvinput = raw_input("Enter view name: ")
uvinput = uvinput.strip().lower()
vresult = inputView(uvinput) # needed to get the status, using length of list to avoid global vars
if not vresult[0]:
viewDict['view_name'] = vresult[1]
getviewname = False
getmonip = True
while getmonip:
print "\nIdeally you want to direct suspicious traffic to a server you control, AKA, sinkhole"
uvlinput = raw_input("What is the internal IP for the monitoring application? ( dotted quad): ")
uvlinput = iptoint_dm.dotQuadtoInt(uvlinput)
if uvlinput > 10:
viewDict['sh_ip'] = uvlinput
getmonip = False
else:
print "hmm, looks like that wasn't a dotted quad, EG 172.16.28.7, please enter again"
print"\nProvide a short description of this sink hole, EG, .net app running in Calgary office"
getmondesc = True
while getmondesc:
uvlinput = raw_input("Description: ")
uvlinput = inputSani_dm.inputSanitizer(uvlinput,'desc1')
#print uvlinput
if uvlinput == 'invalid_format':
continue
else:
viewDict['sh_desc'] = uvlinput
getmondesc = False
getviewip = True
viewClientIPList=[]
print "\nDefine the source IP(s)/ subnets for the recursive clients using this view( dotted quad or cidr): "
while getviewip:
addrtype= raw_input("Is this a single IP or subnet (ip|cidr)? ")
addrtype = addrtype.strip().lower()
if addrtype == 'ip':
uvsinput = raw_input("What is the source IP for the recursive clients?( dotted quad): ")
uvsinput = inputSani_dm.inputSanitizer(uvsinput,'ip')
if uvsinput == 'invalid_format':
print "hmm, looks like that wasn't a dotted quad, EG 172.16.28.7, please enter again"
continue
else:
uvsinput = raw_input("What is the source subnet for the recursive clients?( cidr notation): ")
uvsinput = inputSani_dm.inputSanitizer(uvsinput,'cidr')
if uvsinput == 'invalid_format':
print "hmm, looks like that wasn't cidr notation, EG 172.16.28.0/26, please enter again"
continue
viewClientIPList.append(uvsinput)
nextIP = raw_input("\nDo you need to add another IP address (yes|no)?")
nextIP = nextIP.strip().lower()
if nextIP == 'no':
getviewip = False
# build IPs and cidr into a CSV string to be used with views
rcsvclients = ",".join(map(str,viewClientIPList))
viewDict['view_src_acl_ips'] = rcsvclients # build into an ACL data structure later on
getviewdesc = True
print"\nProvide a short description of what's behind these IP addresses, EG, Eastern office or Engineering dept"
while getviewdesc:
uvlinput = raw_input("Description: ")
uvlinput = inputSani_dm.inputSanitizer(uvlinput,'desc1')
#print uvlinput
if uvlinput == 'invalid_format':
continue
else:
viewDict['view_desc'] = uvlinput
getviewdesc = False
print "\n please standby, generating a view specific domain for RPZ usage."
dompart = genRandomString_dm.genString(7)
hostpart = genRandomString_dm.genString(6)
shfqdn = hostpart + '.' + dompart + '.local'
print "\n created this virtually unguessable FQDN just for this view: " + shfqdn
viewDict['sh_fqdn'] = shfqdn
# generate the list to be fed to db-insert_sinkholedata
sinkholesql = insertsinkholedata_dm.parsemenudict(viewDict)
#print sinkholesql
shresult=menudbinsert_dm.dbinsert(sinkholesql)
#print shresult
if shresult == 1:
print "sinkhole table entry created successfully"
# grab teh sinkhole id to dump into the view table
shselect = ['sinkhole_id','view_sinkholes','sh_fqdn',shfqdn]
thisresultlist = menudbselect_dm.dbRecordSelect(shselect)
if len(thisresultlist) == 1:
viewDict['def_sh_id'] = thisresultlist[0]
else:
print "failed to retrieve sinkhole ID, you should probably exit and debug this"
else:
print "You may need to manually check the view_sinkholes table"
#generate tsig_key meta data, ( this is static even if the keys are updated
oid = viewDict['org_id']
vname = viewDict['view_name']
tsigid = genTsigData_dm.gentsigsql(oid,vname)
newtsigid = tsigid[0]
viewDict['tsig_id'] = newtsigid
# debug dictionary contents
#for key,val in viewDict.iteritems():
# print key, '-->', viewDict[key]
# generate the list from dictinary values and push data
viewsqlinsert=[viewDict['org_id'],viewDict['view_name'],viewDict['def_sh_id'],viewDict['view_src_acl_ips'],viewDict['view_desc'],viewDict['tsig_id']]
# debug (org_id,view_name,def_sh_id,view_src_acl_ips,view_desc,tsig_id)
#for val in viewsqlinsert:
# print val
thisviewid = insertviewdata_dm.genviewgsql(viewsqlinsert)
newviewid = thisviewid[0]
if len(thisviewid) == 1:
print "\nProgress report: \nCreation of view " + viewDict['view_name'] + " confirmed successful, please generate an view file for this organization now, menu/genorgview\n"
# generate black and white list entries since there is a now a view for the org
print "\nStand by, just making a few internal database updates"
shid = viewDict['def_sh_id']
wlcreate = genDefListData_dm.genbworgsql(oid,vname,shid)
if wlcreate == 1:
print "All black list and white list default records were successfully initialized"
# exit do view menu
viewmenuactive=False
return
