From 029a83bd33276b52d7059cafa7fe1103fcd011e8 Mon Sep 17 00:00:00 2001 From: Charlie Jacomme Date: Mon, 25 Jun 2018 17:15:48 +0200 Subject: [PATCH 1/8] Ajout dnssec reverse bool for iptypes --- machines/forms.py | 4 +++- machines/models.py | 8 ++++++++ machines/templates/machines/aff_iptype.html | 9 +++++---- 3 files changed, 16 insertions(+), 5 deletions(-) diff --git a/machines/forms.py b/machines/forms.py index ecffcc71..ff529295 100644 --- a/machines/forms.py +++ b/machines/forms.py @@ -218,7 +218,8 @@ class IpTypeForm(FormRevMixin, ModelForm): class Meta: model = IpType fields = ['type', 'extension', 'need_infra', 'domaine_ip_start', - 'domaine_ip_stop', 'prefix_v6', 'vlan', 'ouverture_ports'] + 'domaine_ip_stop', 'dnssec_reverse_v4', 'prefix_v6', + 'dnssec_reverse_v6', 'vlan', 'ouverture_ports'] def __init__(self, *args, **kwargs): prefix = kwargs.pop('prefix', self.Meta.model.__name__) @@ -231,6 +232,7 @@ class EditIpTypeForm(IpTypeForm): synchroniser les objets iplist""" class Meta(IpTypeForm.Meta): fields = ['extension', 'type', 'need_infra', 'prefix_v6', 'vlan', + 'dnssec_reverse_v4', 'dnssec_reverse_v6', 'ouverture_ports'] diff --git a/machines/models.py b/machines/models.py index e981bf10..7a211fe1 100644 --- a/machines/models.py +++ b/machines/models.py @@ -256,11 +256,19 @@ class IpType(RevMixin, AclMixin, models.Model): need_infra = models.BooleanField(default=False) domaine_ip_start = models.GenericIPAddressField(protocol='IPv4') domaine_ip_stop = models.GenericIPAddressField(protocol='IPv4') + dnssec_reverse_v4 = models.BooleanField( + default=False, + help_text="Activer DNSSEC sur le reverse DNS IPv4", + ) prefix_v6 = models.GenericIPAddressField( protocol='IPv6', null=True, blank=True ) + dnssec_reverse_v6 = models.BooleanField( + default=False, + help_text="Activer DNSSEC sur le reverse DNS IPv6", + ) vlan = models.ForeignKey( 'Vlan', on_delete=models.PROTECT, diff --git a/machines/templates/machines/aff_iptype.html b/machines/templates/machines/aff_iptype.html index fa2a2767..bee4669b 100644 --- a/machines/templates/machines/aff_iptype.html +++ b/machines/templates/machines/aff_iptype.html @@ -34,11 +34,11 @@ with this program; if not, write to the Free Software Foundation, Inc., Extension Nécessite l'autorisation infra Plage ipv4 - Préfixe v6 + Préfixe v6 + DNSSEC reverse v4/v6 Sur vlan Ouverture ports par défault - {% for type in iptype_list %} @@ -46,8 +46,9 @@ with this program; if not, write to the Free Software Foundation, Inc., {{ type.type }} {{ type.extension }} {{ type.need_infra|tick }} - {{ type.domaine_ip_start }}-{{ type.domaine_ip_stop }} - {{ type.prefix_v6 }} + {{ type.domaine_ip_start }}-{{ type.domaine_ip_stop }} + {{ type.prefix_v6 }} + {{ type.dnssec_reverse_v4|tick }}/{{ type.dnssec_reverse_v6|tick }} {{ type.vlan }} {{ type.ouverture_ports }} From 7f6bc6c2ecb4d8edadca305cae039f4d92fc1d25 Mon Sep 17 00:00:00 2001 From: Charlie Jacomme Date: Mon, 25 Jun 2018 17:17:05 +0200 Subject: [PATCH 2/8] migrations for dnssec reverse --- .../migrations/0089_auto_20180625_1700.py | 25 ++++++++++++++ .../migrations/0090_auto_20180625_1706.py | 33 +++++++++++++++++++ 2 files changed, 58 insertions(+) create mode 100644 machines/migrations/0089_auto_20180625_1700.py create mode 100644 machines/migrations/0090_auto_20180625_1706.py diff --git a/machines/migrations/0089_auto_20180625_1700.py b/machines/migrations/0089_auto_20180625_1700.py new file mode 100644 index 00000000..dbaee1a8 --- /dev/null +++ b/machines/migrations/0089_auto_20180625_1700.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# Generated by Django 1.10.7 on 2018-06-25 15:00 +from __future__ import unicode_literals + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('machines', '0088_dname'), + ] + + operations = [ + migrations.AddField( + model_name='extension', + name='dnssec_reverse_v4', + field=models.BooleanField(default=False, help_text='Activer DNSSEC sur le reverse DNS IPv4'), + ), + migrations.AddField( + model_name='extension', + name='dnssec_reverse_v6', + field=models.BooleanField(default=False, help_text='Activer DNSSEC sur le reverse DNS IPv6'), + ), + ] diff --git a/machines/migrations/0090_auto_20180625_1706.py b/machines/migrations/0090_auto_20180625_1706.py new file mode 100644 index 00000000..9c5e523c --- /dev/null +++ b/machines/migrations/0090_auto_20180625_1706.py @@ -0,0 +1,33 @@ +# -*- coding: utf-8 -*- +# Generated by Django 1.10.7 on 2018-06-25 15:06 +from __future__ import unicode_literals + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('machines', '0089_auto_20180625_1700'), + ] + + operations = [ + migrations.RemoveField( + model_name='extension', + name='dnssec_reverse_v4', + ), + migrations.RemoveField( + model_name='extension', + name='dnssec_reverse_v6', + ), + migrations.AddField( + model_name='iptype', + name='dnssec_reverse_v4', + field=models.BooleanField(default=False, help_text='Activer DNSSEC sur le reverse DNS IPv4'), + ), + migrations.AddField( + model_name='iptype', + name='dnssec_reverse_v6', + field=models.BooleanField(default=False, help_text='Activer DNSSEC sur le reverse DNS IPv6'), + ), + ] From bf06d133f0e213eb66a16bbdc7b893ce58cdbb13 Mon Sep 17 00:00:00 2001 From: Gabriel Detraz Date: Wed, 15 Nov 2017 03:06:33 +0100 Subject: [PATCH 3/8] =?UTF-8?q?Fix=20bug=20sur=20l'edition=20du=20txt=20+?= =?UTF-8?q?=20=C3=A9largi=20le=20champ=20pour=20dnssec?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- machines/templates/machines/aff_txt.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machines/templates/machines/aff_txt.html b/machines/templates/machines/aff_txt.html index 27d78d11..e961d7a9 100644 --- a/machines/templates/machines/aff_txt.html +++ b/machines/templates/machines/aff_txt.html @@ -34,7 +34,7 @@ with this program; if not, write to the Free Software Foundation, Inc., - {% for txt in txt_list %} + {% for txt in text_list %} {{ txt.zone }} {{ txt.dns_entry }} From cd5d0f562c4e32184c263556fc57806103a7865e Mon Sep 17 00:00:00 2001 From: Gabriel Detraz Date: Sat, 4 Aug 2018 08:37:01 +0200 Subject: [PATCH 4/8] Simplification et fusion des migrations --- ...9_auto_20180625_1700.py => 0087_dnssec.py} | 8 ++--- .../migrations/0090_auto_20180625_1706.py | 33 ------------------- 2 files changed, 4 insertions(+), 37 deletions(-) rename machines/migrations/{0089_auto_20180625_1700.py => 0087_dnssec.py} (78%) delete mode 100644 machines/migrations/0090_auto_20180625_1706.py diff --git a/machines/migrations/0089_auto_20180625_1700.py b/machines/migrations/0087_dnssec.py similarity index 78% rename from machines/migrations/0089_auto_20180625_1700.py rename to machines/migrations/0087_dnssec.py index dbaee1a8..cc2a25ec 100644 --- a/machines/migrations/0089_auto_20180625_1700.py +++ b/machines/migrations/0087_dnssec.py @@ -1,5 +1,5 @@ # -*- coding: utf-8 -*- -# Generated by Django 1.10.7 on 2018-06-25 15:00 +# Generated by Django 1.10.7 on 2018-06-25 15:06 from __future__ import unicode_literals from django.db import migrations, models @@ -8,17 +8,17 @@ from django.db import migrations, models class Migration(migrations.Migration): dependencies = [ - ('machines', '0088_dname'), + ('machines', '0086_role'), ] operations = [ migrations.AddField( - model_name='extension', + model_name='iptype', name='dnssec_reverse_v4', field=models.BooleanField(default=False, help_text='Activer DNSSEC sur le reverse DNS IPv4'), ), migrations.AddField( - model_name='extension', + model_name='iptype', name='dnssec_reverse_v6', field=models.BooleanField(default=False, help_text='Activer DNSSEC sur le reverse DNS IPv6'), ), diff --git a/machines/migrations/0090_auto_20180625_1706.py b/machines/migrations/0090_auto_20180625_1706.py deleted file mode 100644 index 9c5e523c..00000000 --- a/machines/migrations/0090_auto_20180625_1706.py +++ /dev/null @@ -1,33 +0,0 @@ -# -*- coding: utf-8 -*- -# Generated by Django 1.10.7 on 2018-06-25 15:06 -from __future__ import unicode_literals - -from django.db import migrations, models - - -class Migration(migrations.Migration): - - dependencies = [ - ('machines', '0089_auto_20180625_1700'), - ] - - operations = [ - migrations.RemoveField( - model_name='extension', - name='dnssec_reverse_v4', - ), - migrations.RemoveField( - model_name='extension', - name='dnssec_reverse_v6', - ), - migrations.AddField( - model_name='iptype', - name='dnssec_reverse_v4', - field=models.BooleanField(default=False, help_text='Activer DNSSEC sur le reverse DNS IPv4'), - ), - migrations.AddField( - model_name='iptype', - name='dnssec_reverse_v6', - field=models.BooleanField(default=False, help_text='Activer DNSSEC sur le reverse DNS IPv6'), - ), - ] From 1a46f3110f7e937f84087e66032f2e3d6cf7a228 Mon Sep 17 00:00:00 2001 From: Charlie Jacomme Date: Sat, 14 Jul 2018 10:59:17 +0200 Subject: [PATCH 5/8] Serializers for reverse DNS --- api/serializers.py | 18 ++++++++++++++++++ api/urls.py | 1 + api/views.py | 9 +++++++++ machines/models.py | 11 +++++++++++ 4 files changed, 39 insertions(+) diff --git a/api/serializers.py b/api/serializers.py index 23a2b15e..3761907f 100644 --- a/api/serializers.py +++ b/api/serializers.py @@ -817,6 +817,24 @@ class DNSZonesSerializer(serializers.ModelSerializer): 'aaaa_records', 'cname_records', 'sshfp_records') +class DNSReverseZonesSerializer(serializers.ModelSerializer): + """Serialize the data about DNS Zones. + """ + soa = SOARecordSerializer(source='extension.soa') + extension = serializers.CharField(source='extension.name', read_only=True) + cidrs = serializers.CharField(source='ip_set_cidrs_as_str', read_only=True) + ns_records = NSRecordSerializer(many=True, source='extension.ns_set') + mx_records = MXRecordSerializer(many=True, source='extension.mx_set') + txt_records = TXTRecordSerializer(many=True, source='extension.txt_set') + ptr_records = ARecordSerializer(many=True, source='get_associated_ptr_records') + ptr_v6_records = AAAARecordSerializer(many=True, source='get_associated_ptr_v6_records') + + + class Meta: + model = machines.IpType + fields = ('type', 'extension', 'soa', 'ns_records', 'mx_records', + 'txt_records', 'ptr_records', 'ptr_v6_records', 'cidrs') + # MAILING diff --git a/api/urls.py b/api/urls.py index 37580db2..0c0c0e6c 100644 --- a/api/urls.py +++ b/api/urls.py @@ -104,6 +104,7 @@ router.register_view(r'localemail/users', views.LocalEmailUsersView), router.register_view(r'firewall/subnet-ports', views.SubnetPortsOpenView), # DNS router.register_view(r'dns/zones', views.DNSZonesView), +router.register_view(r'dns/reverse-zones', views.DNSReverseZonesView), # MAILING router.register_view(r'mailing/standard', views.StandardMailingView), router.register_view(r'mailing/club', views.ClubMailingView), diff --git a/api/views.py b/api/views.py index 715a31ac..9a3a772b 100644 --- a/api/views.py +++ b/api/views.py @@ -555,6 +555,15 @@ class DNSZonesView(generics.ListAPIView): .all()) serializer_class = serializers.DNSZonesSerializer +class DNSReverseZonesView(generics.ListAPIView): + """Exposes the detailed information about each extension (hostnames, + IPs, DNS records, etc.) in order to build the DNS zone files. + """ + queryset = (machines.IpType.objects.all()) + serializer_class = serializers.DNSReverseZonesSerializer + + + # MAILING diff --git a/machines/models.py b/machines/models.py index 7a211fe1..1cfee990 100644 --- a/machines/models.py +++ b/machines/models.py @@ -353,6 +353,17 @@ class IpType(RevMixin, AclMixin, models.Model): ): ipv6.check_and_replace_prefix(prefix=self.prefix_v6) + def get_associated_ptr_records(self): + from re2o.utils import all_active_assigned_interfaces + return (all_active_assigned_interfaces() + .filter(type__ip_type=self) + .filter(ipv4__isnull=False)) + + def get_associated_ptr_v6_records(self): + from re2o.utils import all_active_interfaces + return (all_active_interfaces(full=True) + .filter(type__ip_type=self)) + def clean(self): """ Nettoyage. Vérifie : - Que ip_stop est après ip_start From 1cb0fb275be6bb646430a11c0de7b48c1b382164 Mon Sep 17 00:00:00 2001 From: Charlie Jacomme Date: Mon, 16 Jul 2018 10:53:44 +0200 Subject: [PATCH 6/8] serializers for dns reverse, cidr is list --- api/serializers.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/serializers.py b/api/serializers.py index 3761907f..09e39de7 100644 --- a/api/serializers.py +++ b/api/serializers.py @@ -822,7 +822,7 @@ class DNSReverseZonesSerializer(serializers.ModelSerializer): """ soa = SOARecordSerializer(source='extension.soa') extension = serializers.CharField(source='extension.name', read_only=True) - cidrs = serializers.CharField(source='ip_set_cidrs_as_str', read_only=True) + cidrs = serializers.ListField(child=serializers.CharField(), source='ip_set_cidrs_as_str', read_only=True) ns_records = NSRecordSerializer(many=True, source='extension.ns_set') mx_records = MXRecordSerializer(many=True, source='extension.mx_set') txt_records = TXTRecordSerializer(many=True, source='extension.txt_set') From 6aed9383344cd693363853ef8da79eee3d0994af Mon Sep 17 00:00:00 2001 From: Charlie Jacomme Date: Mon, 16 Jul 2018 20:09:02 +0200 Subject: [PATCH 7/8] serializer prefix_v6 for dns reverse --- api/serializers.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/api/serializers.py b/api/serializers.py index 09e39de7..4621d5bb 100644 --- a/api/serializers.py +++ b/api/serializers.py @@ -833,7 +833,8 @@ class DNSReverseZonesSerializer(serializers.ModelSerializer): class Meta: model = machines.IpType fields = ('type', 'extension', 'soa', 'ns_records', 'mx_records', - 'txt_records', 'ptr_records', 'ptr_v6_records', 'cidrs') + 'txt_records', 'ptr_records', 'ptr_v6_records', 'cidrs', + 'prefix_v6') # MAILING From 4329641899d93e6f3d599a6ec64089d89a75df33 Mon Sep 17 00:00:00 2001 From: Charlie Jacomme Date: Mon, 16 Jul 2018 20:52:39 +0200 Subject: [PATCH 8/8] Ading prefix_v6_length field to IpType --- machines/forms.py | 7 ++-- .../0088_iptype_prefix_v6_length.py | 21 +++++++++++ machines/models.py | 36 ++++++++++++++++++- machines/templates/machines/aff_iptype.html | 2 +- 4 files changed, 61 insertions(+), 5 deletions(-) create mode 100644 machines/migrations/0088_iptype_prefix_v6_length.py diff --git a/machines/forms.py b/machines/forms.py index ff529295..49150349 100644 --- a/machines/forms.py +++ b/machines/forms.py @@ -219,7 +219,8 @@ class IpTypeForm(FormRevMixin, ModelForm): model = IpType fields = ['type', 'extension', 'need_infra', 'domaine_ip_start', 'domaine_ip_stop', 'dnssec_reverse_v4', 'prefix_v6', - 'dnssec_reverse_v6', 'vlan', 'ouverture_ports'] + 'prefix_v6_length','dnssec_reverse_v6', 'vlan', + 'ouverture_ports'] def __init__(self, *args, **kwargs): prefix = kwargs.pop('prefix', self.Meta.model.__name__) @@ -231,8 +232,8 @@ class EditIpTypeForm(IpTypeForm): """Edition d'un iptype. Pas d'edition du rangev4 possible, car il faudrait synchroniser les objets iplist""" class Meta(IpTypeForm.Meta): - fields = ['extension', 'type', 'need_infra', 'prefix_v6', 'vlan', - 'dnssec_reverse_v4', 'dnssec_reverse_v6', + fields = ['extension', 'type', 'need_infra', 'prefix_v6', 'prefix_v6_length', + 'vlan', 'dnssec_reverse_v4', 'dnssec_reverse_v6', 'ouverture_ports'] diff --git a/machines/migrations/0088_iptype_prefix_v6_length.py b/machines/migrations/0088_iptype_prefix_v6_length.py new file mode 100644 index 00000000..e061167c --- /dev/null +++ b/machines/migrations/0088_iptype_prefix_v6_length.py @@ -0,0 +1,21 @@ +# -*- coding: utf-8 -*- +# Generated by Django 1.10.7 on 2018-07-16 18:46 +from __future__ import unicode_literals + +import django.core.validators +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('machines', '0087_dnssec'), + ] + + operations = [ + migrations.AddField( + model_name='iptype', + name='prefix_v6_length', + field=models.IntegerField(default=64, validators=[django.core.validators.MaxValueValidator(128), django.core.validators.MinValueValidator(0)]), + ), + ] diff --git a/machines/models.py b/machines/models.py index 1cfee990..2f5a6a62 100644 --- a/machines/models.py +++ b/machines/models.py @@ -41,8 +41,8 @@ from django.dispatch import receiver from django.forms import ValidationError from django.utils.functional import cached_property from django.utils import timezone -from django.core.validators import MaxValueValidator from django.utils.translation import ugettext_lazy as _l +from django.core.validators import MaxValueValidator, MinValueValidator from macaddress.fields import MACAddressField @@ -265,6 +265,13 @@ class IpType(RevMixin, AclMixin, models.Model): null=True, blank=True ) + prefix_v6_length = models.IntegerField( + default=64, + validators=[ + MaxValueValidator(128), + MinValueValidator(0) + ] + ) dnssec_reverse_v6 = models.BooleanField( default=False, help_text="Activer DNSSEC sur le reverse DNS IPv6", @@ -302,6 +309,33 @@ class IpType(RevMixin, AclMixin, models.Model): """ Renvoie une liste des ip en string""" return [str(x) for x in self.ip_set] + @cached_property + def ip_set_full_info(self): + """Iter sur les range cidr, et renvoie network, broacast , etc""" + return [ + { + 'network': str(ip_set.network), + 'netmask': str(ip_set.netmask), + 'netmask_cidr': str(ip_set.prefixlen), + 'broadcast': str(ip_set.broadcast), + 'vlan': str(self.vlan), + 'vlan_id': self.vlan.vlan_id + } for ip_set in self.ip_set.iter_cidrs() + ] + + @cached_property + def ip6_set_full_info(self): + if self.prefix_v6: + return { + 'network' : str(self.prefix_v6), + 'netmask' : 'ffff:ffff:ffff:ffff::', + 'netmask_cidr' : str(self.prefix_v6_length), + 'vlan': str(self.vlan), + 'vlan_id': self.vlan.vlan_id + } + else: + return None + def ip_objects(self): """ Renvoie tous les objets ipv4 relié à ce type""" return IpList.objects.filter(ip_type=self) diff --git a/machines/templates/machines/aff_iptype.html b/machines/templates/machines/aff_iptype.html index bee4669b..7d4de6c5 100644 --- a/machines/templates/machines/aff_iptype.html +++ b/machines/templates/machines/aff_iptype.html @@ -47,7 +47,7 @@ with this program; if not, write to the Free Software Foundation, Inc., {{ type.extension }} {{ type.need_infra|tick }} {{ type.domaine_ip_start }}-{{ type.domaine_ip_stop }} - {{ type.prefix_v6 }} + {{ type.prefix_v6 }}/{{ type.prefix_v6_length }} {{ type.dnssec_reverse_v4|tick }}/{{ type.dnssec_reverse_v6|tick }} {{ type.vlan }} {{ type.ouverture_ports }}