def cli_restrictions_update(domain, id, iprange, type, enabled):
provider = Provider()
zones = provider.dns_zones()
restrictions = provider.dns_restrictions()
zone = zones.find(domain)
if not zone:
print("Could not find domain")
return False
restriction = zone.restrictions.get(id)
if not restriction:
print("Could not find restriction")
return False
iprange = restriction.ip_range if iprange is None else iprange
if len(iprange) == 0 or not restrictions.is_valid_ip_or_range(iprange):
print("Invalid IP Range")
return False
enabled = restriction.enabled if enabled is None else enabled in ['yes', 'true']
type = restriction.type if type is None else (1 if type == 'allow' else 2)
restrictions.save(restriction, zone.id, iprange, type, enabled)
print("Restriction updated")
return True
def zone_restrictions_edit_save(dns_zone_id, restriction_id):
provider = Provider()
zones = provider.dns_zones()
restrictions = provider.dns_restrictions()
if not zones.can_access(dns_zone_id, current_user.id):
flash('Access Denied', 'error')
return redirect(url_for('home.index'))
zone = zones.get(dns_zone_id)
if not zone:
flash('Zone not found', 'error')
return redirect(url_for('home.index'))
ip_range = request.form['ip_range'].strip()
type = int(request.form['type'].strip())
enabled = True if int(request.form.get('enabled', 0)) == 1 else False
if len(ip_range) == 0 or not restrictions.is_valid_ip_or_range(ip_range):
flash('Invalid IP/Range', 'error')
return redirect(url_for('dns.zone_restrictions', dns_zone_id=zone.id))
elif type not in [1, 2]:
flash('Invalid type', 'error')
return redirect(url_for('dns.zone_restrictions', dns_zone_id=zone.id))
restriction = restrictions.create(zone_id=zone.id) if restriction_id == 0 else zone.restrictions.get(restriction_id)
if not restriction:
flash('Could not load restriction', 'error')
return redirect(url_for('dns.zone_restrictions', dns_zone_id=zone.id))
restrictions.save(restriction, zone.id, ip_range, type, enabled)
flash('Restriction saved', 'success')
return redirect(url_for('dns.zone_restrictions', dns_zone_id=zone.id))
def create(self, user_id, zone_id=None, domain=None):
provider = Provider()
zones = provider.dns_zones()
restrictions = provider.dns_restrictions()
zone = zones.get(zone_id,
user_id) if zone_id is not None else zones.find(
domain, user_id=user_id)
if not zone:
return self.send_not_found_response()
required_fields = ['type', 'enabled', 'ip_or_range']
data = self.get_json(required_fields)
if data is False:
return self.send_error_response(
5000, 'Missing fields',
'Required fields are: {0}'.format(', '.join(required_fields)))
if data['type'] not in ['allow', 'block']:
return self.send_error_response(5005, 'Invalid restriction type',
'')
elif len(
data['ip_or_range']
) == 0 or not restrictions.is_valid_ip_or_range(data['ip_or_range']):
return self.send_error_response(5005, 'Invalid IP or Range', '')
data['enabled'] = True if data['enabled'] else False
data['type'] = 1 if data['type'] == 'allow' else 2
restriction = restrictions.create(zone_id=zone.id)
restriction = restrictions.save(restriction, zone.id,
data['ip_or_range'], data['type'],
data['enabled'])
return self.one(user_id, restriction.id, zone_id=zone.id)
def zone_restriction_create_from_log(query_log_id):
provider = Provider()
logging = provider.dns_logs()
zones = provider.dns_zones()
restrictions = provider.dns_restrictions()
log = logging.get(query_log_id)
if not log:
flash('Could not retrieve log record', 'error')
return redirect(url_for('home.index'))
if log.dns_zone_id > 0:
# This means that the zone exists.
if not zones.can_access(log.dns_zone_id, current_user.id):
# This error is misleading on purpose to prevent zone enumeration. Not that it's important by meh.
flash('Could not retrieve log record', 'error')
return redirect(url_for('home.index'))
zone = zones.get(log.dns_zone_id)
if not zone:
flash('Could not load zone', 'error')
return redirect(url_for('home.index'))
else:
# There's a chance that the dns_zone_id equals to zero but the domain exists. This can happen if the zone was
# created from the log files, as the IDs aren't updated after a domain is created (after it's been logged).
zone = zones.find(log.domain, user_id=current_user.id)
if not zone:
# If we still can't find it, create it.
zone = zones.new(log.domain, True, True, False, current_user.id)
if isinstance(zone, list):
for error in zone:
flash(error, 'error')
return redirect(url_for('home.index'))
# One last check as it may have been loaded by domain.
if not zones.can_access(zone.id, current_user.id):
# This error is misleading on purpose to prevent zone enumeration. Not that it's important by meh.
flash('Could not retrieve log record', 'error')
return redirect(url_for('home.index'))
# At this point we should have a valid zone object. First check if the restriction exists.
restriction = restrictions.find(zone_id=zone.id, ip_range=log.source_ip, type=2)
if not restriction:
# Doesn't exist - create it.
restriction = restrictions.create(zone_id=zone.id)
# Now update and save.
restriction = restrictions.save(restriction, zone.id, log.source_ip, 2, True)
flash('Restriction rule created', 'success')
return redirect(url_for('dns.zone_restrictions', dns_zone_id=zone.id))
def one(self, user_id, id, zone_id=None, domain=None):
provider = Provider()
zones = provider.dns_zones()
restrictions = provider.dns_restrictions()
zone = zones.get(zone_id,
user_id) if zone_id is not None else zones.find(
domain, user_id=user_id)
if not zone:
return self.send_not_found_response()
restriction = restrictions.find(id=id, zone_id=zone.id)
if not restriction:
return self.send_not_found_response()
return self.send_valid_response(self.__load_restriction(restriction))
def update(self, user_id, id, zone_id=None, domain=None):
provider = Provider()
zones = provider.dns_zones()
restrictions = provider.dns_restrictions()
zone = zones.get(zone_id,
user_id) if zone_id is not None else zones.find(
domain, user_id=user_id)
if not zone:
return self.send_not_found_response()
restriction = restrictions.find(id=id, zone_id=zone.id)
if not restriction:
return self.send_not_found_response()
data = self.get_json([])
if 'enabled' in data:
data['enabled'] = True if data['enabled'] else False
else:
data['enabled'] = restriction.enabled
if 'type' in data:
if data['type'] not in ['allow', 'block']:
return self.send_error_response(5005,
'Invalid restriction type', '')
data['type'] = 1 if data['type'] == 'allow' else 2
else:
data['type'] = restriction.type
if 'ip_or_range' in data:
if len(data['ip_or_range']
) == 0 or not restrictions.is_valid_ip_or_range(
data['ip_or_range']):
return self.send_error_response(5005, 'Invalid IP or Range',
'')
else:
data['ip_or_range'] = restriction.ip_range
restriction = restrictions.save(restriction, zone.id,
data['ip_or_range'], data['type'],
data['enabled'])
return self.one(user_id, restriction.id, zone_id=zone.id)
def cli_restrictions_add(domain, iprange, type, enabled):
provider = Provider()
zones = provider.dns_zones()
restrictions = provider.dns_restrictions()
zone = zones.find(domain)
if not zone:
print("Could not find domain")
return False
if len(iprange) == 0 or not restrictions.is_valid_ip_or_range(iprange):
print("Invalid IP Range")
return False
type = 1 if type == 'allow' else 2
restriction = restrictions.create(zone_id=zone.id)
restrictions.save(restriction, zone.id, iprange, type, enabled)
print("Restriction created")
return True
