nsupdate.info/nsupdate/main/models.py

import re
import base64

import dns.resolver

from django.db import models
from django.contrib.auth.models import User
from django.core.exceptions import ValidationError
from django.core.validators import RegexValidator
from django.conf import settings
from django.db.models.signals import pre_delete
from django.contrib.auth.hashers import make_password
from django.utils.timezone import now

from . import dnstools


class BlacklistedDomain(models.Model):
    domain = models.CharField(
        max_length=256,
        unique=True,
        help_text='Blacklisted domain. Evaluated as regex (search).')

    last_update = models.DateTimeField(auto_now=True)
    created = models.DateTimeField(auto_now_add=True)
    created_by = models.ForeignKey(User, blank=True, null=True)

    def __unicode__(self):
        return u"%s" % (self.domain, )


def domain_blacklist_validator(value):
    for bd in BlacklistedDomain.objects.all():
        if re.search(bd.domain, value):
            raise ValidationError(u'This domain is not allowed')


UPDATE_ALGORITHMS = (
    ('HMAC_SHA512', 'HMAC_SHA512'),
    ('HMAC_SHA384', 'HMAC_SHA384'),
    ('HMAC_SHA256', 'HMAC_SHA256'),
    ('HMAC_SHA224', 'HMAC_SHA224'),
    ('HMAC_SHA1', 'HMAC_SHA1'),
    ('HMAC_MD5', 'HMAC_MD5'),
)


class Domain(models.Model):
    domain = models.CharField(
        max_length=256, unique=True,
        help_text="Name of the zone where dynamic hosts may get added")
    nameserver_ip = models.GenericIPAddressField(
        max_length=256,
        help_text="IP where the dynamic DNS updates for this zone will be sent to")
    nameserver_update_key = models.CharField(
        max_length=256,
        help_text="Shared secret that allows updating this zone (base64 encoded)")
    nameserver_update_algorithm = models.CharField(
        max_length=256, default='HMAC_SHA512', choices=UPDATE_ALGORITHMS)
    public = models.BooleanField(
        default=False,
        help_text="Check to allow any user to add dynamic hosts to this zone - "
                  "if not checked, we'll only allow the owner to add hosts")
    # available means "nameserver for domain operating and reachable" -
    # gets set to False if we have trouble reaching the nameserver
    available = models.BooleanField(
        default=True,
        help_text="Check if nameserver is available/reachable - "
                  "if not checked, we'll pause querying/updating this nameserver for a while")
    comment = models.CharField(
        max_length=256, default='', blank=True, null=True)

    last_update = models.DateTimeField(auto_now=True)
    created = models.DateTimeField(auto_now_add=True)
    created_by = models.ForeignKey(User, blank=True, null=True)

    def __unicode__(self):
        return u"%s" % (self.domain, )

    def generate_ns_secret(self):
        secret = User.objects.make_random_password(length=64)  # 512 bits
        self.nameserver_update_key = key = base64.b64encode(secret)
        self.nameserver_update_algorithm = 'HMAC_SHA512'
        self.save()
        return key

    def get_bind9_algorithm(self):
        mapping = {
            'HMAC_SHA512': 'hmac-sha512',
            'HMAC_SHA384': 'hmac-sha384',
            'HMAC_SHA256': 'hmac-sha256',
            'HMAC_SHA224': 'hmac-sha224',
            'HMAC_SHA1': 'hmac-sha1',
            'HMAC_MD5': 'hmac-md5',
        }
        return mapping.get(self.nameserver_update_algorithm)


class Host(models.Model):
    subdomain = models.CharField(max_length=256, validators=[
        RegexValidator(
            regex=r'^(([a-z0-9][a-z0-9\-]*[a-z0-9])|[a-z0-9])$',
            message='Invalid subdomain: only "a-z", "0-9" and "-" is allowed'
        ),
        domain_blacklist_validator])
    domain = models.ForeignKey(Domain, on_delete=models.CASCADE)
    update_secret = models.CharField(max_length=256)  # gets hashed on save
    comment = models.CharField(
        max_length=256, default='', blank=True, null=True)

    last_update = models.DateTimeField(auto_now=True)
    # when we received the last update for v4/v6 addr
    last_update_ipv4 = models.DateTimeField(blank=True, null=True)
    last_update_ipv6 = models.DateTimeField(blank=True, null=True)
    # how we received the last update for v4/v6 addr
    ssl_update_ipv4 = models.BooleanField()
    ssl_update_ipv6 = models.BooleanField()
    created = models.DateTimeField(auto_now_add=True)
    created_by = models.ForeignKey(
        settings.AUTH_USER_MODEL, related_name='hosts')

    def __unicode__(self):
        return u"%s.%s - %s" % (
            self.subdomain, self.domain.domain, self.comment)

    class Meta(object):
        unique_together = (('subdomain', 'domain'),)

    def get_fqdn(self):
        return '%s.%s' % (self.subdomain, self.domain.domain)

    @classmethod
    def filter_by_fqdn(cls, fqdn, **kwargs):
        # Assuming subdomain has no dots (.) the fqdn is split at the first dot
        splitted = fqdn.split('.', 1)
        if not len(splitted) == 2:
            raise NotImplemented("FQDN has to contain a dot")
        return Host.objects.filter(
            subdomain=splitted[0], domain__domain=splitted[1], **kwargs)

    def get_ipv4(self):
        try:
            return dnstools.query_ns(self.get_fqdn(), 'A', origin=self.domain.domain)
        except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer, dns.resolver.NoNameservers, dns.resolver.Timeout,
                dnstools.NameServerNotAvailable):
            return 'error'

    def get_ipv6(self):
        try:
            return dnstools.query_ns(self.get_fqdn(), 'AAAA', origin=self.domain.domain)
        except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer, dns.resolver.NoNameservers, dns.resolver.Timeout,
                dnstools.NameServerNotAvailable):
            return 'error'

    def poke(self, kind, ssl):
        if kind == 'ipv4':
            self.last_update_ipv4 = now()
            self.ssl_update_ipv4 = ssl
        else:
            self.last_update_ipv6 = now()
            self.ssl_update_ipv6 = ssl
        self.save()

    def generate_secret(self):
        # note: we use a quick hasher for the update_secret as expensive
        # more modern hashes might put too much load on the servers. also
        # many update clients might use http without ssl, so it is not too
        # secure anyway.
        secret = User.objects.make_random_password()
        self.update_secret = make_password(
            secret,
            hasher='sha1'
        )
        self.save()
        return secret


def pre_delete_host(sender, **kwargs):
    obj = kwargs['instance']
    try:
        dnstools.delete(obj.get_fqdn(), origin=obj.domain.domain)
    except (dnstools.Timeout, dnstools.NameServerNotAvailable):
        # well, we tried to clean up, but we didn't reach the nameserver
        pass

pre_delete.connect(pre_delete_host, sender=Host)
reorder imports: stdlib, other libs, django, nsupdate stuff (views, etc.) 2013-10-03 19:26:39 +02:00			`import re`
domain editing, shared secret generation, show bind9 configuration 2013-11-02 11:29:06 +01:00			`import base64`
reorder imports: stdlib, other libs, django, nsupdate stuff (views, etc.) 2013-10-03 19:26:39 +02:00
			`import dns.resolver`

requirements fix and basic django project 2013-09-28 10:44:29 +02:00			`from django.db import models`
merge conflict again in models.py 2013-09-29 14:36:29 +02:00			`from django.contrib.auth.models import User`
made home template and added admin link to nav 2013-09-29 14:08:22 +02:00			`from django.core.exceptions import ValidationError`
divided subdomain and domain (as FK) 2013-09-29 13:36:28 +02:00			`from django.core.validators import RegexValidator`
changed User to ProxyUser 2013-09-29 13:53:35 +02:00			`from django.conf import settings`
handle deletion of a Domain as we reference the Domain as ForeignKey in the Host, it'll kill all Hosts that reference the deleted Domain also. needs to be the PRE_delete signal as some of the data we need is already gone when using POST. 2013-11-02 00:12:36 +01:00			`from django.db.models.signals import pre_delete`
generate secret view and logic. host view ui update. 2013-09-29 19:58:08 +02:00			`from django.contrib.auth.hashers import make_password`
domain editing, shared secret generation, show bind9 configuration 2013-11-02 11:29:06 +01:00			`from django.utils.timezone import now`
Host model 2013-09-28 18:02:13 +02:00
Move all stuff into own top-level package 2013-10-17 20:50:44 +00:00			`from . import dnstools`
made home template and added admin link to nav 2013-09-29 14:08:22 +02:00

			`class BlacklistedDomain(models.Model):`
pep8 2013-09-29 16:12:19 +02:00			`domain = models.CharField(`
			`max_length=256,`
			`unique=True,`
			`help_text='Blacklisted domain. Evaluated as regex (search).')`
made home template and added admin link to nav 2013-09-29 14:08:22 +02:00
			`last_update = models.DateTimeField(auto_now=True)`
			`created = models.DateTimeField(auto_now_add=True)`
actually added the validator and made created_by in blacklist optional 2013-09-29 14:21:23 +02:00			`created_by = models.ForeignKey(User, blank=True, null=True)`
made home template and added admin link to nav 2013-09-29 14:08:22 +02:00
			`def __unicode__(self):`
redundant parens, use tuple 2013-09-29 15:26:28 +02:00			`return u"%s" % (self.domain, )`
made home template and added admin link to nav 2013-09-29 14:08:22 +02:00

			`def domain_blacklist_validator(value):`
			`for bd in BlacklistedDomain.objects.all():`
			`if re.search(bd.domain, value):`
			`raise ValidationError(u'This domain is not allowed')`

Host model 2013-09-28 18:02:13 +02:00
use zones/nameserver IPs/update keys from DB, logging (thanks to asmaps) remove unneeded stuff from settings (we still need some in conftest.py for the tests, though) init DB for tests via conftest.py more update algorithm choices give origin zone (if we already know it) to dnstools functions new views: DomainOverview, DeleteDomain unify deletion templates using delete_object.html add django-extensions 2013-10-18 15:30:17 -07:00			`UPDATE_ALGORITHMS = (`
			`('HMAC_SHA512', 'HMAC_SHA512'),`
			`('HMAC_SHA384', 'HMAC_SHA384'),`
			`('HMAC_SHA256', 'HMAC_SHA256'),`
			`('HMAC_SHA224', 'HMAC_SHA224'),`
			`('HMAC_SHA1', 'HMAC_SHA1'),`
			`('HMAC_MD5', 'HMAC_MD5'),`
			`)`


divided subdomain and domain (as FK) 2013-09-29 13:36:28 +02:00			`class Domain(models.Model):`
add help texts to Domain model fields, improve view 2013-10-27 11:59:16 +01:00			`domain = models.CharField(`
			`max_length=256, unique=True,`
			`help_text="Name of the zone where dynamic hosts may get added")`
Use GenericIPAddressField to allow IPv6 2013-10-17 21:02:54 +00:00			`nameserver_ip = models.GenericIPAddressField(`
fix pep8, fix indentation 2013-10-03 03:22:09 +02:00			`max_length=256,`
add help texts to Domain model fields, improve view 2013-10-27 11:59:16 +01:00			`help_text="IP where the dynamic DNS updates for this zone will be sent to")`
			`nameserver_update_key = models.CharField(`
			`max_length=256,`
			`help_text="Shared secret that allows updating this zone (base64 encoded)")`
use zones/nameserver IPs/update keys from DB, logging (thanks to asmaps) remove unneeded stuff from settings (we still need some in conftest.py for the tests, though) init DB for tests via conftest.py more update algorithm choices give origin zone (if we already know it) to dnstools functions new views: DomainOverview, DeleteDomain unify deletion templates using delete_object.html add django-extensions 2013-10-18 15:30:17 -07:00			`nameserver_update_algorithm = models.CharField(`
			`max_length=256, default='HMAC_SHA512', choices=UPDATE_ALGORITHMS)`
add help texts to Domain model fields, improve view 2013-10-27 11:59:16 +01:00			`public = models.BooleanField(`
			`default=False,`
			`help_text="Check to allow any user to add dynamic hosts to this zone - "`
			`"if not checked, we'll only allow the owner to add hosts")`
deal with not responding nameservers (offline or unreachable) if a nameserver does not respond, we flag it in the database (available = False) and stop talking to it for 5 minutes. after 5 minutes, we flag it available = True again and retry talking to it (and if not successful, flag it as unavailable again). this avoids a unresponsive UI as we do a lot of ns queries from the templates to get v4 and v6 addresses of our hosts from master nameservers. we log a warning when setting unavailable and a info when setting available. 2013-10-27 05:14:47 +01:00			`# available means "nameserver for domain operating and reachable" -`
			`# gets set to False if we have trouble reaching the nameserver`
add help texts to Domain model fields, improve view 2013-10-27 11:59:16 +01:00			`available = models.BooleanField(`
			`default=True,`
			`help_text="Check if nameserver is available/reachable - "`
			`"if not checked, we'll pause querying/updating this nameserver for a while")`
add comment field for Domains 2013-11-02 12:37:27 +01:00			`comment = models.CharField(`
			`max_length=256, default='', blank=True, null=True)`
divided subdomain and domain (as FK) 2013-09-29 13:36:28 +02:00
			`last_update = models.DateTimeField(auto_now=True)`
			`created = models.DateTimeField(auto_now_add=True)`
added optional attribut to user field in domain model 2013-09-29 16:38:30 +02:00			`created_by = models.ForeignKey(User, blank=True, null=True)`
divided subdomain and domain (as FK) 2013-09-29 13:36:28 +02:00
			`def __unicode__(self):`
redundant parens, use tuple 2013-09-29 15:26:28 +02:00			`return u"%s" % (self.domain, )`
divided subdomain and domain (as FK) 2013-09-29 13:36:28 +02:00
domain editing, shared secret generation, show bind9 configuration 2013-11-02 11:29:06 +01:00			`def generate_ns_secret(self):`
			`secret = User.objects.make_random_password(length=64) # 512 bits`
			`self.nameserver_update_key = key = base64.b64encode(secret)`
			`self.nameserver_update_algorithm = 'HMAC_SHA512'`
			`self.save()`
			`return key`

			`def get_bind9_algorithm(self):`
			`mapping = {`
			`'HMAC_SHA512': 'hmac-sha512',`
			`'HMAC_SHA384': 'hmac-sha384',`
			`'HMAC_SHA256': 'hmac-sha256',`
			`'HMAC_SHA224': 'hmac-sha224',`
			`'HMAC_SHA1': 'hmac-sha1',`
			`'HMAC_MD5': 'hmac-md5',`
			`}`
			`return mapping.get(self.nameserver_update_algorithm)`
divided subdomain and domain (as FK) 2013-09-29 13:36:28 +02:00
add comment field for Domains 2013-11-02 12:37:27 +01:00
Host model 2013-09-28 18:02:13 +02:00			`class Host(models.Model):`
validator for subdomain 2013-09-29 13:47:02 +02:00			`subdomain = models.CharField(max_length=256, validators=[`
actually added the validator and made created_by in blacklist optional 2013-09-29 14:21:23 +02:00			`RegexValidator(`
			`regex=r'^(([a-z0-9][a-z0-9\-]*[a-z0-9])\|[a-z0-9])$',`
pep8 2013-09-29 16:12:19 +02:00			`message='Invalid subdomain: only "a-z", "0-9" and "-" is allowed'`
actually added the validator and made created_by in blacklist optional 2013-09-29 14:21:23 +02:00			`),`
			`domain_blacklist_validator])`
handle deletion of a Domain as we reference the Domain as ForeignKey in the Host, it'll kill all Hosts that reference the deleted Domain also. needs to be the PRE_delete signal as some of the data we need is already gone when using POST. 2013-11-02 00:12:36 +01:00			`domain = models.ForeignKey(Domain, on_delete=models.CASCADE)`
remove resolved TODO, the update_secret is hashed using django's "sha1" hasher (salted sha1) 2013-09-29 15:12:24 +02:00			`update_secret = models.CharField(max_length=256) # gets hashed on save`
pep8 and so on 2013-09-29 16:03:56 +02:00			`comment = models.CharField(`
			`max_length=256, default='', blank=True, null=True)`
Host model 2013-09-28 18:02:13 +02:00
			`last_update = models.DateTimeField(auto_now=True)`
show whether we received last v4/v6 update via SSL 2013-11-03 08:32:43 +01:00			`# when we received the last update for v4/v6 addr`
separate ipv4 and v6 update timestamps 2013-10-27 13:09:46 +01:00			`last_update_ipv4 = models.DateTimeField(blank=True, null=True)`
			`last_update_ipv6 = models.DateTimeField(blank=True, null=True)`
show whether we received last v4/v6 update via SSL 2013-11-03 08:32:43 +01:00			`# how we received the last update for v4/v6 addr`
			`ssl_update_ipv4 = models.BooleanField()`
			`ssl_update_ipv6 = models.BooleanField()`
Host model 2013-09-28 18:02:13 +02:00			`created = models.DateTimeField(auto_now_add=True)`
Merge branch 'master' of github.com:asmaps/nsupdate.info Conflicts: nsupdate/main/models.py nsupdate/main/views.py 2013-09-29 16:07:33 +02:00			`created_by = models.ForeignKey(`
			`settings.AUTH_USER_MODEL, related_name='hosts')`
Host model 2013-09-28 18:02:13 +02:00
			`def __unicode__(self):`
pep8 and so on 2013-09-29 16:03:56 +02:00			`return u"%s.%s - %s" % (`
			`self.subdomain, self.domain.domain, self.comment)`
requirements fix and basic django project 2013-09-28 10:44:29 +02:00
use newstyle classes 2013-10-03 17:21:18 +02:00			`class Meta(object):`
divided subdomain and domain (as FK) 2013-09-29 13:36:28 +02:00			`unique_together = (('subdomain', 'domain'),)`
added get_fqdn() method to Host model. added post_save signal to delete dns entry when Host object is deleted 2013-09-29 17:43:17 +02:00
			`def get_fqdn(self):`
fqdn fix 2013-09-29 18:15:15 +02:00			`return '%s.%s' % (self.subdomain, self.domain.domain)`

			`@classmethod`
			`def filter_by_fqdn(cls, fqdn, **kwargs):`
			`# Assuming subdomain has no dots (.) the fqdn is split at the first dot`
			`splitted = fqdn.split('.', 1)`
			`if not len(splitted) == 2:`
			`raise NotImplemented("FQDN has to contain a dot")`
			`return Host.objects.filter(`
			`subdomain=splitted[0], domain__domain=splitted[1], **kwargs)`
added get_fqdn() method to Host model. added post_save signal to delete dns entry when Host object is deleted 2013-09-29 17:43:17 +02:00
more pep8 fixes 2013-11-05 00:32:07 +01:00			`def get_ipv4(self):`
fixed uncaptured exceptions NXDOMAIN. increased table size in the overview 2013-09-29 20:43:48 +02:00			`try:`
use zones/nameserver IPs/update keys from DB, logging (thanks to asmaps) remove unneeded stuff from settings (we still need some in conftest.py for the tests, though) init DB for tests via conftest.py more update algorithm choices give origin zone (if we already know it) to dnstools functions new views: DomainOverview, DeleteDomain unify deletion templates using delete_object.html add django-extensions 2013-10-18 15:30:17 -07:00			`return dnstools.query_ns(self.get_fqdn(), 'A', origin=self.domain.domain)`
deal with not responding nameservers (offline or unreachable) if a nameserver does not respond, we flag it in the database (available = False) and stop talking to it for 5 minutes. after 5 minutes, we flag it available = True again and retry talking to it (and if not successful, flag it as unavailable again). this avoids a unresponsive UI as we do a lot of ns queries from the templates to get v4 and v6 addresses of our hosts from master nameservers. we log a warning when setting unavailable and a info when setting available. 2013-10-27 05:14:47 +01:00			`except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer, dns.resolver.NoNameservers, dns.resolver.Timeout,`
			`dnstools.NameServerNotAvailable):`
			`return 'error'`
added ns query call to get the IP from hosts 2013-09-29 20:39:07 +02:00
more pep8 fixes 2013-11-05 00:32:07 +01:00			`def get_ipv6(self):`
fixed uncaptured exceptions NXDOMAIN. increased table size in the overview 2013-09-29 20:43:48 +02:00			`try:`
use zones/nameserver IPs/update keys from DB, logging (thanks to asmaps) remove unneeded stuff from settings (we still need some in conftest.py for the tests, though) init DB for tests via conftest.py more update algorithm choices give origin zone (if we already know it) to dnstools functions new views: DomainOverview, DeleteDomain unify deletion templates using delete_object.html add django-extensions 2013-10-18 15:30:17 -07:00			`return dnstools.query_ns(self.get_fqdn(), 'AAAA', origin=self.domain.domain)`
deal with not responding nameservers (offline or unreachable) if a nameserver does not respond, we flag it in the database (available = False) and stop talking to it for 5 minutes. after 5 minutes, we flag it available = True again and retry talking to it (and if not successful, flag it as unavailable again). this avoids a unresponsive UI as we do a lot of ns queries from the templates to get v4 and v6 addresses of our hosts from master nameservers. we log a warning when setting unavailable and a info when setting available. 2013-10-27 05:14:47 +01:00			`except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer, dns.resolver.NoNameservers, dns.resolver.Timeout,`
			`dnstools.NameServerNotAvailable):`
			`return 'error'`
added logic for last_api_update. field updated with Hosts.poke() method 2013-09-29 21:00:08 +02:00
show whether we received last v4/v6 update via SSL 2013-11-03 08:32:43 +01:00			`def poke(self, kind, ssl):`
separate ipv4 and v6 update timestamps 2013-10-27 13:09:46 +01:00			`if kind == 'ipv4':`
			`self.last_update_ipv4 = now()`
show whether we received last v4/v6 update via SSL 2013-11-03 08:32:43 +01:00			`self.ssl_update_ipv4 = ssl`
separate ipv4 and v6 update timestamps 2013-10-27 13:09:46 +01:00			`else:`
			`self.last_update_ipv6 = now()`
show whether we received last v4/v6 update via SSL 2013-11-03 08:32:43 +01:00			`self.ssl_update_ipv6 = ssl`
added logic for last_api_update. field updated with Hosts.poke() method 2013-09-29 21:00:08 +02:00			`self.save()`
added ns query call to get the IP from hosts 2013-09-29 20:39:07 +02:00
generate secret view and logic. host view ui update. 2013-09-29 19:58:08 +02:00			`def generate_secret(self):`
			`# note: we use a quick hasher for the update_secret as expensive`
			`# more modern hashes might put too much load on the servers. also`
			`# many update clients might use http without ssl, so it is not too`
			`# secure anyway.`
			`secret = User.objects.make_random_password()`
			`self.update_secret = make_password(`
			`secret,`
			`hasher='sha1'`
			`)`
			`self.save()`
			`return secret`

added get_fqdn() method to Host model. added post_save signal to delete dns entry when Host object is deleted 2013-09-29 17:43:17 +02:00
handle deletion of a Domain as we reference the Domain as ForeignKey in the Host, it'll kill all Hosts that reference the deleted Domain also. needs to be the PRE_delete signal as some of the data we need is already gone when using POST. 2013-11-02 00:12:36 +01:00			`def pre_delete_host(sender, **kwargs):`
added get_fqdn() method to Host model. added post_save signal to delete dns entry when Host object is deleted 2013-09-29 17:43:17 +02:00			`obj = kwargs['instance']`
handle deletion of a Domain as we reference the Domain as ForeignKey in the Host, it'll kill all Hosts that reference the deleted Domain also. needs to be the PRE_delete signal as some of the data we need is already gone when using POST. 2013-11-02 00:12:36 +01:00			`try:`
			`dnstools.delete(obj.get_fqdn(), origin=obj.domain.domain)`
			`except (dnstools.Timeout, dnstools.NameServerNotAvailable):`
			`# well, we tried to clean up, but we didn't reach the nameserver`
			`pass`
added get_fqdn() method to Host model. added post_save signal to delete dns entry when Host object is deleted 2013-09-29 17:43:17 +02:00
handle deletion of a Domain as we reference the Domain as ForeignKey in the Host, it'll kill all Hosts that reference the deleted Domain also. needs to be the PRE_delete signal as some of the data we need is already gone when using POST. 2013-11-02 00:12:36 +01:00			`pre_delete.connect(pre_delete_host, sender=Host)`