From b7894062efbf15709c39d14b9eb66512cd9f9efa Mon Sep 17 00:00:00 2001 From: Gabriel Detraz Date: Mon, 2 Oct 2017 18:10:24 +0200 Subject: [PATCH 01/11] OUverture et non config --- machines/templates/machines/sidebar.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machines/templates/machines/sidebar.html b/machines/templates/machines/sidebar.html index e635d69a..6ca3a07f 100644 --- a/machines/templates/machines/sidebar.html +++ b/machines/templates/machines/sidebar.html @@ -58,7 +58,7 @@ with this program; if not, write to the Free Software Foundation, Inc., {% if is_cableur %} - Configuration de ports + Ouverture de ports {%endif%} {% endblock %} From 9b925f389cd3c1e80796bd800dd1c7196218f0ed Mon Sep 17 00:00:00 2001 From: Hugo LEVY-FALK Date: Tue, 3 Oct 2017 18:27:06 +0200 Subject: [PATCH 02/11] =?UTF-8?q?Politique=20d'ouverture=20des=20ports=20p?= =?UTF-8?q?ar=20d=C3=A9faut=20associ=C3=A9e=20=C3=A0=20un=20range=20d'IP.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- machines/forms.py | 4 ++-- .../migrations/0060_iptype_ouverture_ports.py | 21 +++++++++++++++++++ machines/models.py | 1 + machines/serializers.py | 5 +++-- 4 files changed, 27 insertions(+), 4 deletions(-) create mode 100644 machines/migrations/0060_iptype_ouverture_ports.py diff --git a/machines/forms.py b/machines/forms.py index 18631651..7922654a 100644 --- a/machines/forms.py +++ b/machines/forms.py @@ -145,7 +145,7 @@ class DelMachineTypeForm(Form): class IpTypeForm(ModelForm): class Meta: model = IpType - fields = ['type','extension','need_infra','domaine_ip_start','domaine_ip_stop', 'prefix_v6', 'vlan'] + fields = ['type','extension','need_infra','domaine_ip_start','domaine_ip_stop', 'prefix_v6', 'vlan', 'ouverture_ports'] def __init__(self, *args, **kwargs): @@ -154,7 +154,7 @@ class IpTypeForm(ModelForm): class EditIpTypeForm(IpTypeForm): class Meta(IpTypeForm.Meta): - fields = ['extension','type','need_infra', 'prefix_v6', 'vlan'] + fields = ['extension','type','need_infra', 'prefix_v6', 'vlan', 'ouverture_ports'] class DelIpTypeForm(Form): iptypes = forms.ModelMultipleChoiceField(queryset=IpType.objects.all(), label="Types d'ip actuelles", widget=forms.CheckboxSelectMultiple) diff --git a/machines/migrations/0060_iptype_ouverture_ports.py b/machines/migrations/0060_iptype_ouverture_ports.py new file mode 100644 index 00000000..e35f398f --- /dev/null +++ b/machines/migrations/0060_iptype_ouverture_ports.py @@ -0,0 +1,21 @@ +# -*- coding: utf-8 -*- +# Generated by Django 1.10.7 on 2017-10-03 16:08 +from __future__ import unicode_literals + +from django.db import migrations, models +import django.db.models.deletion + + +class Migration(migrations.Migration): + + dependencies = [ + ('machines', '0059_iptype_prefix_v6'), + ] + + operations = [ + migrations.AddField( + model_name='iptype', + name='ouverture_ports', + field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to='machines.OuverturePortList'), + ), + ] diff --git a/machines/models.py b/machines/models.py index 8e7b1c3c..5d08038e 100644 --- a/machines/models.py +++ b/machines/models.py @@ -72,6 +72,7 @@ class IpType(models.Model): domaine_ip_stop = models.GenericIPAddressField(protocol='IPv4') prefix_v6 = models.GenericIPAddressField(protocol='IPv6', null=True, blank=True) vlan = models.ForeignKey('Vlan', on_delete=models.PROTECT, blank=True, null=True) + ouverture_ports = models.ForeignKey('OuverturePortList', blank=True, null=True) @cached_property def ip_range(self): diff --git a/machines/serializers.py b/machines/serializers.py index 51daa4b5..6561bba9 100644 --- a/machines/serializers.py +++ b/machines/serializers.py @@ -80,10 +80,10 @@ class ExtensionNameField(serializers.RelatedField): class TypeSerializer(serializers.ModelSerializer): extension = ExtensionNameField(read_only=True) - + class Meta: model = IpType - fields = ('type', 'extension', 'domaine_ip_start', 'domaine_ip_stop') + fields = ('type', 'extension', 'domaine_ip_start', 'domaine_ip_stop', 'ouverture_ports') class ExtensionSerializer(serializers.ModelSerializer): origin = serializers.SerializerMethodField('get_origin_ip') @@ -184,3 +184,4 @@ class ServiceServersSerializer(serializers.ModelSerializer): def get_regen_status(self, obj): return obj.need_regen() + From 6084b8622a17756885b51f109d9df9995ddf8e65 Mon Sep 17 00:00:00 2001 From: Hugo LEVY-FALK Date: Tue, 3 Oct 2017 19:07:53 +0200 Subject: [PATCH 03/11] =?UTF-8?q?Serialisation=20des=20ouvertures=20associ?= =?UTF-8?q?=C3=A9es=20=C3=A0=20une=20range=20d'IP.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- machines/serializers.py | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/machines/serializers.py b/machines/serializers.py index 6561bba9..6adc22cc 100644 --- a/machines/serializers.py +++ b/machines/serializers.py @@ -23,7 +23,7 @@ #Augustin Lemesle from rest_framework import serializers -from machines.models import Interface, IpType, Extension, IpList, MachineType, Domain, Text, Mx, Service_link, Ns +from machines.models import Interface, IpType, Extension, IpList, MachineType, Domain, Text, Mx, Service_link, Ns, OuverturePortList, OuverturePort class IpTypeField(serializers.RelatedField): def to_representation(self, value): @@ -80,10 +80,31 @@ class ExtensionNameField(serializers.RelatedField): class TypeSerializer(serializers.ModelSerializer): extension = ExtensionNameField(read_only=True) - + ouverture_ports_tcp_in = serializers.SerializerMethodField('get_port_policy_input_tcp') + ouverture_ports_tcp_out = serializers.SerializerMethodField('get_port_policy_output_tcp') + ouverture_ports_udp_in = serializers.SerializerMethodField('get_port_policy_input_udp') + ouverture_ports_udp_out = serializers.SerializerMethodField('get_port_policy_output_udp') + class Meta: model = IpType - fields = ('type', 'extension', 'domaine_ip_start', 'domaine_ip_stop', 'ouverture_ports') + fields = ('type', 'extension', 'domaine_ip_start', 'domaine_ip_stop', 'ouverture_ports_tcp_in', 'ouverture_ports_tcp_out', 'ouverture_ports_udp_in', 'ouverture_ports_udp_out', ) + + def get_port_policy(self, obj, protocole, io): + if not obj.ouverture_ports: + return [] + return [str(port) for port in obj.ouverture_ports.ouvertureport_set.filter(protocole=protocole).filter(io=io)] + + def get_port_policy_input_tcp(self, obj): + return self.get_port_policy(obj, OuverturePort.TCP, OuverturePort.IN) + + def get_port_policy_output_tcp(self, obj): + return self.get_port_policy(obj, OuverturePort.TCP, OuverturePort.OUT) + + def get_port_policy_input_udp(self, obj): + return self.get_port_policy(obj, OuverturePort.UDP, OuverturePort.IN) + + def get_port_policy_output_udp(self, obj): + return self.get_port_policy(obj, OuverturePort.UDP, OuverturePort.OUT) class ExtensionSerializer(serializers.ModelSerializer): origin = serializers.SerializerMethodField('get_origin_ip') From 06d72042be282d13616e374316d40b269198d4e9 Mon Sep 17 00:00:00 2001 From: Hugo LEVY-FALK Date: Wed, 4 Oct 2017 22:03:26 +0200 Subject: [PATCH 04/11] =?UTF-8?q?Affichage=20REST=20des=20r=C3=A8gles=20pa?= =?UTF-8?q?rticuli=C3=A8res=20des=20machines.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- machines/serializers.py | 25 +++++++++++++++++++++++++ machines/urls.py | 1 + machines/views.py | 26 +++++++++++++++++++++++++- 3 files changed, 51 insertions(+), 1 deletion(-) diff --git a/machines/serializers.py b/machines/serializers.py index 6adc22cc..34716cd8 100644 --- a/machines/serializers.py +++ b/machines/serializers.py @@ -206,3 +206,28 @@ class ServiceServersSerializer(serializers.ModelSerializer): def get_regen_status(self, obj): return obj.need_regen() +class OuverturePortsSerializer(serializers.Serializer): + ipv4 = serializers.SerializerMethodField() + ipv6 = serializers.SerializerMethodField() + + def get_ipv4(): + return {i.ipv4.ipv4: + { + "tcp_in":[j.tcp_ports_in() for j in i.port_lists.all()], + "tcp_out":[j.tcp_ports_out()for j in i.port_lists.all()], + "udp_in":[j.udp_ports_in() for j in i.port_lists.all()], + "udp_out":[j.udp_ports_out() for j in i.port_lists.all()], + } + for i in Interface.objects.all() if i.ipv4 + } + + def get_ipv6(): + return {i.ipv6: + { + "tcp_in":[j.tcp_ports_in() for j in i.port_lists.all()], + "tcp_out":[j.tcp_ports_out()for j in i.port_lists.all()], + "udp_in":[j.udp_ports_in() for j in i.port_lists.all()], + "udp_out":[j.udp_ports_out() for j in i.port_lists.all()], + } + for i in Interface.objects.all() if i.ipv6 + } diff --git a/machines/urls.py b/machines/urls.py index 62576a4e..e0ff1e77 100644 --- a/machines/urls.py +++ b/machines/urls.py @@ -92,6 +92,7 @@ urlpatterns = [ url(r'^rest/text/$', views.text, name='text'), url(r'^rest/zones/$', views.zones, name='zones'), url(r'^rest/service_servers/$', views.service_servers, name='service-servers'), + url(r'^rest/ouverture_ports/$', views.ouverture_ports, name='ouverture-ports'), url(r'index_portlist/$', views.index_portlist, name='index-portlist'), url(r'^edit_portlist/(?P[0-9]+)$', views.edit_portlist, name='edit-portlist'), url(r'^del_portlist/(?P[0-9]+)$', views.del_portlist, name='del-portlist'), diff --git a/machines/views.py b/machines/views.py index 4be86c03..b286db75 100644 --- a/machines/views.py +++ b/machines/views.py @@ -41,7 +41,7 @@ from django.contrib.auth import authenticate, login from django.views.decorators.csrf import csrf_exempt from rest_framework.renderers import JSONRenderer -from machines.serializers import FullInterfaceSerializer, InterfaceSerializer, TypeSerializer, DomainSerializer, TextSerializer, MxSerializer, ExtensionSerializer, ServiceServersSerializer, NsSerializer +from machines.serializers import FullInterfaceSerializer, InterfaceSerializer, TypeSerializer, DomainSerializer, TextSerializer, MxSerializer, ExtensionSerializer, ServiceServersSerializer, NsSerializer, OuverturePortsSerializer from reversion import revisions as reversion from reversion.models import Version @@ -1108,6 +1108,30 @@ def service_servers(request): @csrf_exempt @login_required @permission_required('serveur') +def ouverture_ports(request): + r = {'ipv4':{}, 'ipv6':{}} + for i in Interface.objects.all(): + if not i.may_have_port_open(): + continue + if i.ipv4: + r['ipv4'][i.ipv4.ipv4] = {"tcp_in":[],"tcp_out":[],"udp_in":[],"udp_out":[]} + if i.ipv6: + r['ipv6'][i.ipv6] = {"tcp_in":[],"tcp_out":[],"udp_in":[],"udp_out":[]} + for j in i.port_lists.all(): + if i.ipv4: + r['ipv4'][i.ipv4.ipv4]["tcp_in"].extend(j.tcp_ports_in()) + r['ipv4'][i.ipv4.ipv4]["tcp_out"].extend(j.tcp_ports_out()) + r['ipv4'][i.ipv4.ipv4]["udp_in"].extend(j.udp_ports_in()) + r['ipv4'][i.ipv4.ipv4]["udp_out"].extend(j.udp_ports_out()) + if i.ipv6: + r['ipv6'][i.ipv6]["tcp_in"].extend(j.tcp_ports_in()) + r['ipv6'][i.ipv6]["tcp_out"].extend(j.tcp_ports_out()) + r['ipv6'][i.ipv6]["udp_in"].extend(j.udp_ports_in()) + r['ipv6'][i.ipv6]["udp_out"].extend(j.udp_ports_out()) + return JSONResponse(r) +@csrf_exempt +@login_required +@permission_required('serveur') def regen_achieved(request): obj = Service_link.objects.filter(service__in=Service.objects.filter(service_type=request.POST['service']), server__in=Interface.objects.filter(domain__in=Domain.objects.filter(name=request.POST['server']))) if obj: From 025396078225831e1800a838a4310429e14055d1 Mon Sep 17 00:00:00 2001 From: Hugo LEVY-FALK Date: Thu, 5 Oct 2017 00:09:23 +0200 Subject: [PATCH 05/11] =?UTF-8?q?Fix=20de=20la=20d=C3=A9tection=20d'ipv6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- machines/views.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/machines/views.py b/machines/views.py index 580ad4d8..c98936dc 100644 --- a/machines/views.py +++ b/machines/views.py @@ -1114,7 +1114,7 @@ def ouverture_ports(request): continue if i.ipv4: r['ipv4'][i.ipv4.ipv4] = {"tcp_in":[],"tcp_out":[],"udp_in":[],"udp_out":[]} - if i.ipv6: + if i.ipv6_object: r['ipv6'][i.ipv6] = {"tcp_in":[],"tcp_out":[],"udp_in":[],"udp_out":[]} for j in i.port_lists.all(): if i.ipv4: @@ -1122,7 +1122,7 @@ def ouverture_ports(request): r['ipv4'][i.ipv4.ipv4]["tcp_out"].extend(j.tcp_ports_out()) r['ipv4'][i.ipv4.ipv4]["udp_in"].extend(j.udp_ports_in()) r['ipv4'][i.ipv4.ipv4]["udp_out"].extend(j.udp_ports_out()) - if i.ipv6: + if i.ipv6_object: r['ipv6'][i.ipv6]["tcp_in"].extend(j.tcp_ports_in()) r['ipv6'][i.ipv6]["tcp_out"].extend(j.tcp_ports_out()) r['ipv6'][i.ipv6]["udp_in"].extend(j.udp_ports_in()) From 448d2a44e5cf823656d9cd340307269578ff38eb Mon Sep 17 00:00:00 2001 From: Gabriel Detraz Date: Mon, 9 Oct 2017 23:59:25 +0200 Subject: [PATCH 06/11] Politique par default d'ouverture --- machines/templates/machines/aff_iptype.html | 2 ++ 1 file changed, 2 insertions(+) diff --git a/machines/templates/machines/aff_iptype.html b/machines/templates/machines/aff_iptype.html index aafc4c1d..454b169d 100644 --- a/machines/templates/machines/aff_iptype.html +++ b/machines/templates/machines/aff_iptype.html @@ -32,6 +32,7 @@ with this program; if not, write to the Free Software Foundation, Inc., Fin Préfixe v6 Sur vlan + Ouverture ports par défault @@ -45,6 +46,7 @@ with this program; if not, write to the Free Software Foundation, Inc., {{ type.domaine_ip_stop }} {{ type.prefix_v6 }} {{ type.vlan }} + {{ type.ouverture_ports }} {% if is_infra %} {% include 'buttons/edit.html' with href='machines:edit-iptype' id=type.id %} From 22efb9770d01f38e483fab4b021d6741796c4307 Mon Sep 17 00:00:00 2001 From: Gabriel Detraz Date: Thu, 12 Oct 2017 20:03:12 +0200 Subject: [PATCH 07/11] Graph re2o sources dia (archi) --- docs_utils/re2o-archi.dia | Bin 0 -> 3922 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 docs_utils/re2o-archi.dia diff --git a/docs_utils/re2o-archi.dia b/docs_utils/re2o-archi.dia new file mode 100644 index 0000000000000000000000000000000000000000..1137480ea6238a12368de3b4a47c1e06d1323a36 GIT binary patch literal 3922 zcmV-Y53TSYiwFP!000021MOYia@)8SzRy!=v^VXH4CCM*t4(&Ylijv6nRdI`PA@&Q zMBD7rl9rIcp~FEuo6M)l?EK~MU%&ozWQO0rdhy*fiN3|(=UH?)z)#GU?$yiTMV>FdJwCp^ zz9#9-GRo%}Ns|>>#>fAQ(lk28i;jn{UJM4?H<(6w_CU{AHvpBe<;y&)rt!p+{E%Bn+`KxbUi*MGCw0YzHUS$tj36ft%*?BTM z#KFEv*B!x#VT@sCNNX(BLc?vJJRR<|U%0eixU65eWO=ffXL%MS`61-#e4fV9Y>k>{ ztGGGNauTID#2#u^i&mT^c|L#S`Ol(sS*HQ(x9?`#Q)ljZmP{X>xI0%=+~qo%<`*aL zJ$2Xm?l+$9ew8ef(=;x7`ec@OcKe%dZomKS6zqNf@s^`ueYZ;UFg3A^<`6`*l z%SVRU?ll#6y4YNH{8+E=Ustzd)^F_@>jEN;ZsKfn``1~PeEcJej}~b(8xA(#@rHB; z(IiiFGX7hK-44=V^S8B-TjMDm7+`a5-W?m~4g` zr}5>o=xNIv8GW1bo~RuQUC?472Gb3ROrlm3HvmR<;DE^q(mn_E&`r{vWTYBT>)^= zXIygkC0W!poN2CYGo(CzpAR2l`MqnZdZv)YJJ;C1&Qc zybRO5KRAmnlk^53Et)NdgJpi>SQ5!?{n5Y1=~bL3lW3dIpZ){~ld1IUGIaMxv;*Cx z-7;oE>a$kq5f}nscsscLDOEYGC~XIXy7zo`8JB;j@oaTjB3T|1EoFAMN;@3iTgf_R z^N0ES5|arXm`puF>%}}9OX)yBIzuVsh$9Jmwv%mIRntP+ogbeTk`p7hr!$Bz%0ix< z?M~%qX(8q3ZxMfZ^JehwpKk|$y1ZHbo*pmG@y|a8+vwdkGD4C64B;%;#V+jPJG3s- zD4U{Le4EV5TuIi}F0S>ADqK2`rV($i1S>p8$mNt9*t>wSp(Ilx%!o1did?EGPaEZc)T zYV?~%E@o3-eROwge?4>$(N+Jr*@u%H>1cT{E^q&5aDfE2v4Hu!2z?Fi{}-pk;dCtd zFl;^yyB}tUfxx{ddaCbH9kS!C{SQhs(|TlymJ+N_FN6}M*GLqR#^|Y9CDjNdk)o-f zuIY|+(a3sE2^ejeRGbQ{m}J7EQzD7xh#`Stf8yVYhp=4;+qHI5ethp1JqN%1`0m#i zQ)I4>AL8X;8D|NK(xrP592VaW3kYHu=nOUUj0+ zAEy)9mQFaj{g#W7CI&3^NheI87Pknbg%NCwz~IQmk%{)qC6$dV34=&NxmAHn0++Pm z64-b4c?&Y>)7e+82?ggjcg9$erm@Xhbi#`)8HY0lKp%+0h%wKpIUTgEj)$)aI@@t(h}h*Zpujs&61*bqYLX>U{O{lH8+87oGdP~~|6Qxk62NNyEz z%oWj_RmJAWHLXk+jjUs2tc%oa&pV$+Mi4E-9;dL!>B*My?VHy>2b1XAB;ICCNaD8b zi(nGFHi^}~7qs5<%Te;8&~<)^Hq`n&Cj+6FSwk6)P=#R>To%q3Z;V}YNxqYI*7Uy= z)rx`!t*y4gc=f;7?#^Qq{I9;P%)gW0l3-=LTNzFya2OqNV);&-A($EOW~TKPTCNH3 zE$;VeW;CIg_%*tx0&gro%PI&gnKh%KxnUK26kpUXTi+$ZD#(Ga@j163FrNeSE<8rpaZY&}EMO*`ut z8cD1XTONkz^(3m1mnrtEG1dYLhNgEz^Y{6Dn#RGIq4n0< zyEQ-{K9h0X@pvxD)xjvMq)S#X+>AK77{+@tZh0e1uCqid({jn_6Q+l`Z66^$?31TI z*~)a$8fV_@Z=&ld*A&|Cs=W|Ff~SOAqz18E(OLjr&PDJgj0k& zz9w)=;FNZp!aC#>-WR8|-hg=Pssd5X&vvUvDaxJm!HPM}!0<6bGr%_-r8GXnu0Ewy zHME3LitL5JD1lMhF$(XHQG|zmAIn7=-E6T6+_FmRt#(HYC!3Po1+gWg%qOoP7Nf?f z0!t&-m=lK6R~HUZbMVVJj~)xmPLoOQb1k5weyq0`z{O6wk@1@MYj=(up{xZT*3JRG ztEX2H`0`S&yqB)0kK;y^K)E3Df+4i`d3?#!+mh2#qT;^w&`dv^to*F=3=r4 zi#EO&ZBPuL8>!u@jS-TC^H3jMwW%6mX|g!Em}kj1Rhbrm$^~b#by#D31E?9vHTJXCWF2&3kYquU z1xfaNCD|+-Q14xl9Z^C-xB#JIV%uZ{K^6qrXCTN}`%>0|2qsMt-Z6f|WC+DIFQ626 zQ8KW^6xcxEc}K~*>BY}Zkx3$;Gm#V&Sx{tOv?BW{$>QrMO@l1+UN=a)@nKw`Oz99P z3%aa7T~?zcEOemB4ApjY#E4`}bH9f&Tf2d>V9eNIYYn5LqKcse@O>_GWm`+GWrV8r zvuUA}Vxclh$ct!n9_C(ZgMQL^nEKOXgtPV=<=qxSx4t9@-CbYuP#FanTW@p)kj9Rs zI}2DB*-w%y=DpfdWm6BY#YbbDZnjn`%LA(fR%w)NW%h`HwxN~2s<*M$+oGAQrXUGN?`;9Z>pgJqkQ#@vbS>$pp{Ue zJ!Wt+(ZOj8>)HU)ZBaFT4_n|CX~ZFcHSVkh>W~>F0-7R!4q@p|y0BhUTJA)pHS>F9 ztL*|TM5RMi`YVV^XK|cG(_|IW1^PI3gMm@5&JOJGZ3s(;uyk+f0@a0eS^Gl;fKa0f zsYF5fOy6`!+#$J=-AatPaa-aFQD&f(mU;Z3#V#6IugI>V+eLP%^}3kvPQP-;Xd^Fz zGEEP43`KUsiC$a!;`J)OAd8zIF1#O7EQqnRDB?$rfgmpWIns-%&TOXls*g+&CTvl8 z5sAc(5gE84K;iW+*PL^0VR}M-)DwaHnSw{loKX}9pOhbmm!%W_$$ry_E$?8_42V(NbR7vU||4eKO9z}H-WH)we8+w9O4=Uk3Jk#P1w=L-H;HxCXICwcoV z{ft=mwK3GK+Gi1wJ0M1cW^xSZ^a*gdP3zM3$sh0H>?&SmgDhtAuZ&CFLJi}Lfd%~j zs1?>bl~jz$FM&&Fe~D37#UoV<0^aQo*D8u?y~9-!S%~H%m&>b-Pp{w(3jbjw2N$7d z+Eup`L^j9no2gvXa*%!eu#BVC*T+`Upb%k}DawUq+BaKO56{3?&ylZK2ep)RQI1m+ zA^h^y9h4zVQsgT^2@d-Ln+f(D_{yb(;V4YbkRDt_DyS>}_3JB!XW*;PnXf7qaX9aQ zuLO#1OStq)Roq&{F~kb4$K0Z&w#wmZD#3r%x5GA;T!s%tEw~F=<-Nk3fznY`5e+ee_wt4BafGZXq8`twPWugiIO21f)UR# zc&a;Kr}fTlO+53{Eev)1B#AZvqatnU^XI1@-!JA_KA6UXDXNr@A3~0LFC0}eFat|H zN0u@jl(wgZ!SWn5y~8ocO9f4VQAK$28L-q_Y|AQ(k3W8xWQqG%ASv%>3YCw`z*3)- grPi<0=qAoyy;#4%-{)C$`Rc|00m;~+5(4W002iUCga7~l literal 0 HcmV?d00001 From a2686bbf9755e39c2f43dc363c76052774d29434 Mon Sep 17 00:00:00 2001 From: Hugo LEVY-FALK Date: Thu, 12 Oct 2017 21:02:19 +0200 Subject: [PATCH 08/11] Optimisation de l'export REST --- machines/views.py | 38 +++++++++++++++++++++----------------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/machines/views.py b/machines/views.py index c103a080..d83b8d92 100644 --- a/machines/views.py +++ b/machines/views.py @@ -1205,24 +1205,28 @@ def service_servers(request): @permission_required('serveur') def ouverture_ports(request): r = {'ipv4':{}, 'ipv6':{}} - for i in Interface.objects.all(): - if not i.may_have_port_open(): - continue - if i.ipv4: - r['ipv4'][i.ipv4.ipv4] = {"tcp_in":[],"tcp_out":[],"udp_in":[],"udp_out":[]} - if i.ipv6_object: - r['ipv6'][i.ipv6] = {"tcp_in":[],"tcp_out":[],"udp_in":[],"udp_out":[]} - for j in i.port_lists.all(): - if i.ipv4: - r['ipv4'][i.ipv4.ipv4]["tcp_in"].extend(j.tcp_ports_in()) - r['ipv4'][i.ipv4.ipv4]["tcp_out"].extend(j.tcp_ports_out()) - r['ipv4'][i.ipv4.ipv4]["udp_in"].extend(j.udp_ports_in()) - r['ipv4'][i.ipv4.ipv4]["udp_out"].extend(j.udp_ports_out()) + for o in OuverturePortList.objects.all().prefetch_related('ouvertureport_set'): + pl = { + "tcp_in":set(map(str,o.tcp_ports_in())), + "tcp_out":set(map(str,o.tcp_ports_out())), + "udp_in":set(map(str,o.udp_ports_in())), + "udp_out":set(map(str,o.udp_ports_out())), + } + for i in o.interface_set.filter(machine__in=Machine.objects.filter(user__in=all_has_access()).filter(active=True)).select_related('domain').select_related('machine').select_related('type').select_related('ipv4').select_related('domain__extension').select_related('ipv4__ip_type').distinct(): + if i.may_have_port_open(): + d = r['ipv4'].get(i.ipv4.ipv4, {}) + d["tcp_in"] = d.get("tcp_in",set()).union(pl["tcp_in"]) + d["tcp_out"] = d.get("tcp_out",set()).union(pl["tcp_out"]) + d["udp_in"] = d.get("udp_in",set()).union(pl["udp_in"]) + d["udp_out"] = d.get("udp_out",set()).union(pl["udp_out"]) + r['ipv4'][i.ipv4.ipv4] = d if i.ipv6_object: - r['ipv6'][i.ipv6]["tcp_in"].extend(j.tcp_ports_in()) - r['ipv6'][i.ipv6]["tcp_out"].extend(j.tcp_ports_out()) - r['ipv6'][i.ipv6]["udp_in"].extend(j.udp_ports_in()) - r['ipv6'][i.ipv6]["udp_out"].extend(j.udp_ports_out()) + d = r['ipv6'].get(i.ipv6, {}) + d["tcp_in"] = d.get("tcp_in",set()).union(pl["tcp_in"]) + d["tcp_out"] = d.get("tcp_out",set()).union(pl["tcp_out"]) + d["udp_in"] = d.get("udp_in",set()).union(pl["udp_in"]) + d["udp_out"] = d.get("udp_out",set()).union(pl["udp_out"]) + r['ipv6'][i.ipv6] = d return JSONResponse(r) @csrf_exempt @login_required From a3aae41a4c302c53ce571e2f404a01d52d3a3553 Mon Sep 17 00:00:00 2001 From: Hugo LEVY-FALK Date: Thu, 12 Oct 2017 23:25:05 +0200 Subject: [PATCH 09/11] Prefetch des interfaces. --- machines/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machines/views.py b/machines/views.py index d83b8d92..5c9e31e6 100644 --- a/machines/views.py +++ b/machines/views.py @@ -1205,7 +1205,7 @@ def service_servers(request): @permission_required('serveur') def ouverture_ports(request): r = {'ipv4':{}, 'ipv6':{}} - for o in OuverturePortList.objects.all().prefetch_related('ouvertureport_set'): + for o in OuverturePortList.objects.all().prefetch_related('ouvertureport_set').prefetch_related('interface_set'): pl = { "tcp_in":set(map(str,o.tcp_ports_in())), "tcp_out":set(map(str,o.tcp_ports_out())), From c1c9c5eddc9b818c496e7bfe335d7dba8c515a37 Mon Sep 17 00:00:00 2001 From: Hugo LEVY-FALK Date: Thu, 12 Oct 2017 23:54:50 +0200 Subject: [PATCH 10/11] map c'est mieux que faire un for, lalala --- machines/serializers.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/machines/serializers.py b/machines/serializers.py index 5ecf439a..b18bbfb0 100644 --- a/machines/serializers.py +++ b/machines/serializers.py @@ -91,9 +91,9 @@ class TypeSerializer(serializers.ModelSerializer): fields = ('type', 'extension', 'domaine_ip_start', 'domaine_ip_stop', 'ouverture_ports_tcp_in', 'ouverture_ports_tcp_out', 'ouverture_ports_udp_in', 'ouverture_ports_udp_out', ) def get_port_policy(self, obj, protocole, io): - if not obj.ouverture_ports: + if obj.ouverture_ports is None: return [] - return [str(port) for port in obj.ouverture_ports.ouvertureport_set.filter(protocole=protocole).filter(io=io)] + return map(str, obj.ouverture_ports.ouvertureport_set.filter(protocole=protocole).filter(io=io)) def get_port_policy_input_tcp(self, obj): return self.get_port_policy(obj, OuverturePort.TCP, OuverturePort.IN) From bde104bc387e5b569fc9fb4edbe69df659f97e3f Mon Sep 17 00:00:00 2001 From: Hugo LEVY-FALK Date: Sat, 14 Oct 2017 12:40:22 +0200 Subject: [PATCH 11/11] Factorisation de code. --- machines/views.py | 113 +++++++++++++++++++++++++++++++++++++++------- 1 file changed, 96 insertions(+), 17 deletions(-) diff --git a/machines/views.py b/machines/views.py index 5c9e31e6..7ac2bb63 100644 --- a/machines/views.py +++ b/machines/views.py @@ -43,31 +43,107 @@ from django.contrib.auth import authenticate, login from django.views.decorators.csrf import csrf_exempt from rest_framework.renderers import JSONRenderer -from machines.serializers import FullInterfaceSerializer, InterfaceSerializer, TypeSerializer, DomainSerializer, TextSerializer, MxSerializer, ExtensionSerializer, ServiceServersSerializer, NsSerializer, OuverturePortsSerializer +from machines.serializers import ( FullInterfaceSerializer, + InterfaceSerializer, + TypeSerializer, + DomainSerializer, + TextSerializer, + MxSerializer, + ExtensionSerializer, + ServiceServersSerializer, + NsSerializer, + OuverturePortsSerializer +) from reversion import revisions as reversion from reversion.models import Version import re -from .forms import NewMachineForm, EditMachineForm, EditInterfaceForm, AddInterfaceForm, MachineTypeForm, DelMachineTypeForm, ExtensionForm, DelExtensionForm, BaseEditInterfaceForm, BaseEditMachineForm -from .forms import EditIpTypeForm, IpTypeForm, DelIpTypeForm, DomainForm, AliasForm, DelAliasForm, NsForm, DelNsForm, TextForm, DelTextForm, MxForm, DelMxForm, VlanForm, DelVlanForm, ServiceForm, DelServiceForm, NasForm, DelNasForm +from .forms import ( + NewMachineForm, + EditMachineForm, + EditInterfaceForm, + AddInterfaceForm, + MachineTypeForm, + DelMachineTypeForm, + ExtensionForm, + DelExtensionForm, + BaseEditInterfaceForm, + BaseEditMachineForm +) +from .forms import ( + EditIpTypeForm, + IpTypeForm, + DelIpTypeForm, + DomainForm, + AliasForm, + DelAliasForm, + NsForm, + DelNsForm, + TextForm, + DelTextForm, + MxForm, + DelMxForm, + VlanForm, + DelVlanForm, + ServiceForm, + DelServiceForm, + NasForm, + DelNasForm +) from .forms import EditOuverturePortListForm, EditOuverturePortConfigForm -from .models import IpType, Machine, Interface, IpList, MachineType, Extension, Mx, Ns, Domain, Service, Service_link, Vlan, Nas, Text, OuverturePortList, OuverturePort +from .models import ( + IpType, + Machine, + Interface, + IpList, + MachineType, + Extension, + Mx, + Ns, + Domain, + Service, + Service_link, + Vlan, + Nas, + Text, + OuverturePortList, + OuverturePort +) from users.models import User from users.models import all_has_access from preferences.models import GeneralOption, OptionalMachine from .templatetags.bootstrap_form_typeahead import hidden_id, input_id +def filter_active_interfaces(q): + """Filtre les machines autorisées à sortir sur internet dans une requête""" + return q.filter( + machine__in=Machine.objects.filter( + user__in=all_has_access() + ).filter(active=True)) \ + .select_related('domain') \ + .select_related('machine') \ + .select_related('type') \ + .select_related('ipv4') \ + .select_related('domain__extension') \ + .select_related('ipv4__ip_type').distinct() + def all_active_interfaces(): """Renvoie l'ensemble des machines autorisées à sortir sur internet """ - return Interface.objects.filter(machine__in=Machine.objects.filter(user__in=all_has_access()).filter(active=True)).select_related('domain').select_related('machine').select_related('type').select_related('ipv4').select_related('domain__extension').select_related('ipv4__ip_type').distinct() + return filter_active_interfaces(Interface.objects) def all_active_assigned_interfaces(): - """ Renvoie l'ensemble des machines qui ont une ipv4 assignées et disposant de l'accès internet""" + """ + Renvoie l'ensemble des machines qui ont une ipv4 assignées et disposant de + l'accès internet + """ return all_active_interfaces().filter(ipv4__isnull=False) def all_active_interfaces_count(): """ Version light seulement pour compter""" - return Interface.objects.filter(machine__in=Machine.objects.filter(user__in=all_has_access()).filter(active=True)) + return Interface.objects.filter( + machine__in=Machine.objects.filter(user__in=all_has_access())\ + .filter(active=True) + ) def all_active_assigned_interfaces_count(): """ Version light seulement pour compter""" @@ -92,7 +168,8 @@ def generate_ipv4_choices( form ) : choices = '{"":[{key:"",value:"Choisissez d\'abord un type de machine"},' mtype_id = -1 - for ip in f_ipv4.queryset.annotate(mtype_id=F('ip_type__machinetype__id')).order_by('mtype_id', 'id') : + for ip in f_ipv4.queryset.annotate(mtype_id=F('ip_type__machinetype__id'))\ + .order_by('mtype_id', 'id') : if mtype_id != ip.mtype_id : mtype_id = ip.mtype_id used_mtype_id.append(mtype_id) @@ -159,8 +236,8 @@ def generate_ipv4_bft_param( form, is_type_tt ): @login_required def new_machine(request, userid): - """ Fonction de creation d'une machine. Cree l'objet machine, le sous objet interface et l'objet domain - à partir de model forms. + """ Fonction de creation d'une machine. Cree l'objet machine, + le sous objet interface et l'objet domain à partir de model forms. Trop complexe, devrait être simplifié""" try: user = User.objects.get(pk=userid) @@ -171,7 +248,9 @@ def new_machine(request, userid): max_lambdauser_interfaces = options.max_lambdauser_interfaces if not request.user.has_perms(('cableur',)): if user != request.user: - messages.error(request, "Vous ne pouvez pas ajouter une machine à un autre user que vous sans droit") + messages.error( + request, + "Vous ne pouvez pas ajouter une machine à un autre user que vous sans droit") return redirect("/users/profil/" + str(request.user.id)) if user.user_interfaces().count() >= max_lambdauser_interfaces: messages.error(request, "Vous avez atteint le maximum d'interfaces autorisées que vous pouvez créer vous même (%s) " % max_lambdauser_interfaces) @@ -1205,14 +1284,14 @@ def service_servers(request): @permission_required('serveur') def ouverture_ports(request): r = {'ipv4':{}, 'ipv6':{}} - for o in OuverturePortList.objects.all().prefetch_related('ouvertureport_set').prefetch_related('interface_set'): + for o in OuverturePortList.objects.all().prefetch_related('ouvertureport_set').prefetch_related('interface_set', 'interface_set__ipv4'): pl = { - "tcp_in":set(map(str,o.tcp_ports_in())), - "tcp_out":set(map(str,o.tcp_ports_out())), - "udp_in":set(map(str,o.udp_ports_in())), - "udp_out":set(map(str,o.udp_ports_out())), + "tcp_in":set(map(str,o.ouvertureport_set.filter(protocole=OuverturePort.TCP, io=OuverturePort.IN))), + "tcp_out":set(map(str,o.ouvertureport_set.filter(protocole=OuverturePort.TCP, io=OuverturePort.OUT))), + "udp_in":set(map(str,o.ouvertureport_set.filter(protocole=OuverturePort.UDP, io=OuverturePort.IN))), + "udp_out":set(map(str,o.ouvertureport_set.filter(protocole=OuverturePort.UDP, io=OuverturePort.OUT))), } - for i in o.interface_set.filter(machine__in=Machine.objects.filter(user__in=all_has_access()).filter(active=True)).select_related('domain').select_related('machine').select_related('type').select_related('ipv4').select_related('domain__extension').select_related('ipv4__ip_type').distinct(): + for i in filter_active_interfaces(o.interface_set): if i.may_have_port_open(): d = r['ipv4'].get(i.ipv4.ipv4, {}) d["tcp_in"] = d.get("tcp_in",set()).union(pl["tcp_in"])