示例#1
0
def cli_restrictions_update(domain, id, iprange, type, enabled):
    provider = Provider()
    zones = provider.dns_zones()
    restrictions = provider.dns_restrictions()

    zone = zones.find(domain)
    if not zone:
        print("Could not find domain")
        return False

    restriction = zone.restrictions.get(id)
    if not restriction:
        print("Could not find restriction")
        return False

    iprange = restriction.ip_range if iprange is None else iprange
    if len(iprange) == 0 or not restrictions.is_valid_ip_or_range(iprange):
        print("Invalid IP Range")
        return False

    enabled = restriction.enabled if enabled is None else enabled in ['yes', 'true']
    type = restriction.type if type is None else (1 if type == 'allow' else 2)

    restrictions.save(restriction, zone.id, iprange, type, enabled)

    print("Restriction updated")
    return True
示例#2
0
def zone_restrictions_edit_save(dns_zone_id, restriction_id):
    provider = Provider()
    zones = provider.dns_zones()
    restrictions = provider.dns_restrictions()

    if not zones.can_access(dns_zone_id, current_user.id):
        flash('Access Denied', 'error')
        return redirect(url_for('home.index'))

    zone = zones.get(dns_zone_id)
    if not zone:
        flash('Zone not found', 'error')
        return redirect(url_for('home.index'))

    ip_range = request.form['ip_range'].strip()
    type = int(request.form['type'].strip())
    enabled = True if int(request.form.get('enabled', 0)) == 1 else False

    if len(ip_range) == 0 or not restrictions.is_valid_ip_or_range(ip_range):
        flash('Invalid IP/Range', 'error')
        return redirect(url_for('dns.zone_restrictions', dns_zone_id=zone.id))
    elif type not in [1, 2]:
        flash('Invalid type', 'error')
        return redirect(url_for('dns.zone_restrictions', dns_zone_id=zone.id))

    restriction = restrictions.create(zone_id=zone.id) if restriction_id == 0 else zone.restrictions.get(restriction_id)
    if not restriction:
        flash('Could not load restriction', 'error')
        return redirect(url_for('dns.zone_restrictions', dns_zone_id=zone.id))

    restrictions.save(restriction, zone.id, ip_range, type, enabled)

    flash('Restriction saved', 'success')
    return redirect(url_for('dns.zone_restrictions', dns_zone_id=zone.id))
示例#3
0
    def create(self, user_id, zone_id=None, domain=None):
        provider = Provider()
        zones = provider.dns_zones()
        restrictions = provider.dns_restrictions()

        zone = zones.get(zone_id,
                         user_id) if zone_id is not None else zones.find(
                             domain, user_id=user_id)
        if not zone:
            return self.send_not_found_response()

        required_fields = ['type', 'enabled', 'ip_or_range']
        data = self.get_json(required_fields)
        if data is False:
            return self.send_error_response(
                5000, 'Missing fields',
                'Required fields are: {0}'.format(', '.join(required_fields)))

        if data['type'] not in ['allow', 'block']:
            return self.send_error_response(5005, 'Invalid restriction type',
                                            '')
        elif len(
                data['ip_or_range']
        ) == 0 or not restrictions.is_valid_ip_or_range(data['ip_or_range']):
            return self.send_error_response(5005, 'Invalid IP or Range', '')

        data['enabled'] = True if data['enabled'] else False
        data['type'] = 1 if data['type'] == 'allow' else 2

        restriction = restrictions.create(zone_id=zone.id)
        restriction = restrictions.save(restriction, zone.id,
                                        data['ip_or_range'], data['type'],
                                        data['enabled'])

        return self.one(user_id, restriction.id, zone_id=zone.id)
示例#4
0
def zone_restriction_create_from_log(query_log_id):
    provider = Provider()
    logging = provider.dns_logs()
    zones = provider.dns_zones()
    restrictions = provider.dns_restrictions()

    log = logging.get(query_log_id)
    if not log:
        flash('Could not retrieve log record', 'error')
        return redirect(url_for('home.index'))

    if log.dns_zone_id > 0:
        # This means that the zone exists.
        if not zones.can_access(log.dns_zone_id, current_user.id):
            # This error is misleading on purpose to prevent zone enumeration. Not that it's important by meh.
            flash('Could not retrieve log record', 'error')
            return redirect(url_for('home.index'))

        zone = zones.get(log.dns_zone_id)
        if not zone:
            flash('Could not load zone', 'error')
            return redirect(url_for('home.index'))
    else:
        # There's a chance that the dns_zone_id equals to zero but the domain exists. This can happen if the zone was
        # created from the log files, as the IDs aren't updated after a domain is created (after it's been logged).
        zone = zones.find(log.domain, user_id=current_user.id)
        if not zone:
            # If we still can't find it, create it.
            zone = zones.new(log.domain, True, True, False, current_user.id)
            if isinstance(zone, list):
                for error in zone:
                    flash(error, 'error')
                return redirect(url_for('home.index'))

    # One last check as it may have been loaded by domain.
    if not zones.can_access(zone.id, current_user.id):
        # This error is misleading on purpose to prevent zone enumeration. Not that it's important by meh.
        flash('Could not retrieve log record', 'error')
        return redirect(url_for('home.index'))

    # At this point we should have a valid zone object. First check if the restriction exists.
    restriction = restrictions.find(zone_id=zone.id, ip_range=log.source_ip, type=2)
    if not restriction:
        # Doesn't exist - create it.
        restriction = restrictions.create(zone_id=zone.id)

    # Now update and save.
    restriction = restrictions.save(restriction, zone.id, log.source_ip, 2, True)

    flash('Restriction rule created', 'success')
    return redirect(url_for('dns.zone_restrictions', dns_zone_id=zone.id))
示例#5
0
    def one(self, user_id, id, zone_id=None, domain=None):
        provider = Provider()
        zones = provider.dns_zones()
        restrictions = provider.dns_restrictions()

        zone = zones.get(zone_id,
                         user_id) if zone_id is not None else zones.find(
                             domain, user_id=user_id)
        if not zone:
            return self.send_not_found_response()

        restriction = restrictions.find(id=id, zone_id=zone.id)
        if not restriction:
            return self.send_not_found_response()

        return self.send_valid_response(self.__load_restriction(restriction))
示例#6
0
    def update(self, user_id, id, zone_id=None, domain=None):
        provider = Provider()
        zones = provider.dns_zones()
        restrictions = provider.dns_restrictions()

        zone = zones.get(zone_id,
                         user_id) if zone_id is not None else zones.find(
                             domain, user_id=user_id)
        if not zone:
            return self.send_not_found_response()

        restriction = restrictions.find(id=id, zone_id=zone.id)
        if not restriction:
            return self.send_not_found_response()

        data = self.get_json([])
        if 'enabled' in data:
            data['enabled'] = True if data['enabled'] else False
        else:
            data['enabled'] = restriction.enabled

        if 'type' in data:
            if data['type'] not in ['allow', 'block']:
                return self.send_error_response(5005,
                                                'Invalid restriction type', '')
            data['type'] = 1 if data['type'] == 'allow' else 2
        else:
            data['type'] = restriction.type

        if 'ip_or_range' in data:
            if len(data['ip_or_range']
                   ) == 0 or not restrictions.is_valid_ip_or_range(
                       data['ip_or_range']):
                return self.send_error_response(5005, 'Invalid IP or Range',
                                                '')
        else:
            data['ip_or_range'] = restriction.ip_range

        restriction = restrictions.save(restriction, zone.id,
                                        data['ip_or_range'], data['type'],
                                        data['enabled'])

        return self.one(user_id, restriction.id, zone_id=zone.id)
示例#7
0
def cli_restrictions_add(domain, iprange, type, enabled):
    provider = Provider()
    zones = provider.dns_zones()
    restrictions = provider.dns_restrictions()

    zone = zones.find(domain)
    if not zone:
        print("Could not find domain")
        return False

    if len(iprange) == 0 or not restrictions.is_valid_ip_or_range(iprange):
        print("Invalid IP Range")
        return False

    type = 1 if type == 'allow' else 2

    restriction = restrictions.create(zone_id=zone.id)
    restrictions.save(restriction, zone.id, iprange, type, enabled)

    print("Restriction created")
    return True