From d558e2ece2963edb9ee7d20583340302eb3d9748 Mon Sep 17 00:00:00 2001 From: Thomas Waldmann Date: Sun, 29 Sep 2013 00:34:26 +0200 Subject: [PATCH] store update_secret as salted sha1 (use crypto code from django), fix bug: we also need to catch NoAnswer, not just NXDOMAIN. NoAnswer == there is a record, but not of the type (A or AAAA) we requested. NXDOMAIN == there is no record at all. --- nsupdate/api/views.py | 16 ++++++++++++---- nsupdate/main/dnstools.py | 2 +- nsupdate/main/views.py | 3 +++ 3 files changed, 16 insertions(+), 5 deletions(-) diff --git a/nsupdate/api/views.py b/nsupdate/api/views.py index 535ecb1..d5c961a 100644 --- a/nsupdate/api/views.py +++ b/nsupdate/api/views.py @@ -5,6 +5,8 @@ logger = logging.getLogger(__name__) from django.http import HttpResponse from django.conf import settings +from django.contrib.auth.hashers import check_password + from main.forms import * from main.models import Host import dns.inet @@ -61,10 +63,16 @@ def check_auth(username, password): :param password: update password :return: True if authenticated, False otherwise. """ - # in our case username == fqdn - hosts = Host.objects.filter(fqdn=username, update_secret=password) - assert len(hosts) < 2 - return bool(hosts) + fqdn = username + hosts = Host.objects.filter(fqdn=fqdn) + num_hosts = len(hosts) + if num_hosts == 0: + return False + if num_hosts > 1: + logging.error("fqdn %s has multiple entries" % fqdn) + return False + password_hash = hosts[0].update_secret + return check_password(password, password_hash) def Response(content): diff --git a/nsupdate/main/dnstools.py b/nsupdate/main/dnstools.py index 8c2f74d..3b9cbd8 100644 --- a/nsupdate/main/dnstools.py +++ b/nsupdate/main/dnstools.py @@ -27,7 +27,7 @@ def update(fqdn, ipaddr, ttl=60): current_ipaddr = query_ns(fqdn, rdtype) # check if ip really changed ok = ipaddr != current_ipaddr - except dns.resolver.NXDOMAIN: + except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer): # no dns entry yet, ok ok = True if ok: diff --git a/nsupdate/main/views.py b/nsupdate/main/views.py index 056035e..adf6b58 100644 --- a/nsupdate/main/views.py +++ b/nsupdate/main/views.py @@ -7,6 +7,7 @@ from django.conf import settings from django.shortcuts import render, get_object_or_404 from django.contrib.auth.decorators import login_required from django.contrib import messages +from django.contrib.auth.hashers import make_password from django.utils.decorators import method_decorator from django.core.urlresolvers import reverse import dns.inet @@ -43,6 +44,7 @@ class OverviewView(CreateView): def form_valid(self, form): self.object = form.save(commit=False) self.object.created_by = self.request.user + self.object.update_secret = make_password(self.object.update_secret, hasher='sha1') self.object.save() messages.add_message(self.request, messages.SUCCESS, 'Host added.') return HttpResponseRedirect(self.get_success_url()) @@ -68,6 +70,7 @@ class HostView(UpdateView): def form_valid(self, form): self.object = form.save(commit=False) self.object.created_by = self.request.user + self.object.update_secret = make_password(self.object.update_secret, hasher='sha1') self.object.save() messages.add_message(self.request, messages.SUCCESS, 'Host updated.') return HttpResponseRedirect(self.get_success_url())