8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-12-22 15:03:45 +00:00

Use the record label as for other DNS records

This commit is contained in:
Maël Kervella 2018-07-29 17:07:40 +00:00
parent 562d116c29
commit e2c0271bf2
14 changed files with 196 additions and 182 deletions

View file

@ -222,6 +222,13 @@ class SrvSerializer(NamespacedHMSerializer):
fields = ('service', 'protocole', 'extension', 'ttl', 'priority',
'weight', 'port', 'target', 'api_url')
class SshFpSerializer(NamespacedHMSerializer):
"""Serialize `machines.models.SSHFP` objects.
"""
class Meta:
model = machines.SshFp
field = ('machine', 'pub_key_entry', 'algo', 'comment', 'api_url')
class InterfaceSerializer(NamespacedHMSerializer):
"""Serialize `machines.models.Interface` objects.
@ -679,6 +686,26 @@ class SRVRecordSerializer(SrvSerializer):
fields = ('service', 'protocole', 'ttl', 'priority', 'weight', 'port', 'target')
class SSHFPRecordSerializer(SshFpSerializer):
"""Serialize `machines.models.SshFp` objects with the data needed to
generate a SSHFP DNS record.
"""
class Meta(SshFpSerializer.Meta):
fields = ('algo_id', 'hash')
class SSHFPInterfaceSerializer(serializers.ModelSerializer):
"""Serialize `machines.models.Domain` objects with the data needed to
generate a CNAME DNS record.
"""
hostname = serializers.CharField(source='domain.name', read_only=True)
sshfp = SSHFPRecordSerializer(source='machine.sshfp_set', many=True, read_only=True)
class Meta:
model = machines.Interface
fields = ('hostname', 'sshfp')
class ARecordSerializer(serializers.ModelSerializer):
"""Serialize `machines.models.Interface` objects with the data needed to
generate a A DNS record.
@ -716,21 +743,6 @@ class CNAMERecordSerializer(serializers.ModelSerializer):
fields = ('alias', 'hostname', 'extension')
class SSHFPRRecordSerializer(serializers.ModelSerializer):
class Meta:
model = machines.SshFingerprint
fields = ('algo_id', 'hash')
class SSHFPRInterfaceSerializer(serializers.ModelSerializer):
hostname = serializers.CharField(source='domain.name', read_only=True)
sshfpr = SSHFPRRecordSerializer(source='machine.sshfingerprint_set', many=True, read_only=True)
class Meta:
model = machines.Interface
fields = ('hostname', 'sshfpr')
class DNSZonesSerializer(serializers.ModelSerializer):
"""Serialize the data about DNS Zones.
"""
@ -744,13 +756,13 @@ class DNSZonesSerializer(serializers.ModelSerializer):
a_records = ARecordSerializer(many=True, source='get_associated_a_records')
aaaa_records = AAAARecordSerializer(many=True, source='get_associated_aaaa_records')
cname_records = CNAMERecordSerializer(many=True, source='get_associated_cname_records')
sshfpr_records = SSHFPRInterfaceSerializer(many=True, source='get_associated_sshfpr')
sshfp_records = SSHFPInterfaceSerializer(many=True, source='get_associated_sshfp_records')
class Meta:
model = machines.Extension
fields = ('name', 'soa', 'ns_records', 'originv4', 'originv6',
'mx_records', 'txt_records', 'srv_records', 'a_records',
'aaaa_records', 'cname_records', 'sshfpr_records')
'aaaa_records', 'cname_records', 'sshfp_records')
# MAILING

View file

@ -54,6 +54,7 @@ router.register_viewset(r'machines/ns', views.NsViewSet)
router.register_viewset(r'machines/txt', views.TxtViewSet)
router.register_viewset(r'machines/dname', views.DNameViewSet)
router.register_viewset(r'machines/srv', views.SrvViewSet)
router.register_viewset(r'machines/sshfp', views.SshFpViewSet)
router.register_viewset(r'machines/interface', views.InterfaceViewSet)
router.register_viewset(r'machines/ipv6list', views.Ipv6ListViewSet)
router.register_viewset(r'machines/domain', views.DomainViewSet)

View file

@ -177,6 +177,13 @@ class SrvViewSet(viewsets.ReadOnlyModelViewSet):
serializer_class = serializers.SrvSerializer
class SshFpViewSet(viewsets.ReadOnlyModelViewSet):
"""Exposes list and details of `machines.models.SshFp` objects.
"""
queryset = machines.SshFp.objects.all()
serializer_class = serializers.SshFpSerializer
class InterfaceViewSet(viewsets.ReadOnlyModelViewSet):
"""Exposes list and details of `machines.models.Interface` objects.
"""

View file

@ -39,12 +39,12 @@ from .models import (
Txt,
DName,
Srv,
SshFp,
Nas,
Service,
OuverturePort,
Ipv6List,
OuverturePortList,
SshFingerprint,
)
@ -107,6 +107,11 @@ class SrvAdmin(VersionAdmin):
pass
class SshFpAdmin(VersionAdmin):
""" Admin view of a SSHFP object """
pass
class NasAdmin(VersionAdmin):
""" Admin view of a Nas object """
pass
@ -142,10 +147,6 @@ class ServiceAdmin(VersionAdmin):
list_display = ('service_type', 'min_time_regen', 'regular_time_regen')
class SshFingerprintAdmin(VersionAdmin):
""" Admin view of a SshFprAlgo object """
pass
admin.site.register(Machine, MachineAdmin)
admin.site.register(MachineType, MachineTypeAdmin)
admin.site.register(IpType, IpTypeAdmin)
@ -156,6 +157,7 @@ admin.site.register(Ns, NsAdmin)
admin.site.register(Txt, TxtAdmin)
admin.site.register(DName, DNameAdmin)
admin.site.register(Srv, SrvAdmin)
admin.site.register(SshFp, SshFpAdmin)
admin.site.register(IpList, IpListAdmin)
admin.site.register(Interface, InterfaceAdmin)
admin.site.register(Domain, DomainAdmin)
@ -165,4 +167,3 @@ admin.site.register(Ipv6List, Ipv6ListAdmin)
admin.site.register(Nas, NasAdmin)
admin.site.register(OuverturePort, OuverturePortAdmin)
admin.site.register(OuverturePortList, OuverturePortListAdmin)
admin.site.register(SshFingerprint, SshFingerprintAdmin)

View file

@ -56,11 +56,11 @@ from .models import (
Service,
Vlan,
Srv,
SshFp,
Nas,
IpType,
OuverturePortList,
Ipv6List,
SshFingerprint,
)
@ -598,15 +598,15 @@ class EditOuverturePortListForm(FormRevMixin, ModelForm):
)
class SshFingerprintForm(FormRevMixin, ModelForm):
"""Edits a SSH fingerprint."""
class SshFpForm(FormRevMixin, ModelForm):
"""Edits a SSHFP record."""
class Meta:
model = SshFingerprint
model = SshFp
exclude = ('machine',)
def __init__(self, *args, **kwargs):
prefix = kwargs.pop('prefix', self.Meta.model.__name__)
super(SshFingerprintForm, self).__init__(
super(SshFpForm, self).__init__(
*args,
prefix=prefix,
**kwargs

View file

@ -10,7 +10,7 @@ import re2o.mixins
class Migration(migrations.Migration):
dependencies = [
('machines', '0084_sshfingerprint'),
('machines', '0083_remove_duplicate_rights'),
]
operations = [

View file

@ -10,12 +10,12 @@ import re2o.mixins
class Migration(migrations.Migration):
dependencies = [
('machines', '0083_remove_duplicate_rights'),
('machines', '0084_dname'),
]
operations = [
migrations.CreateModel(
name='SshFingerprint',
name='SshFp',
fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('pub_key_entry', models.TextField(help_text='SSH public key', max_length=2048)),
@ -24,9 +24,9 @@ class Migration(migrations.Migration):
('machine', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='machines.Machine')),
],
options={
'verbose_name': 'SSH fingerprint',
'verbose_name_plural': 'SSH fingerprints',
'permissions': (('view_sshfingerprint', 'Can see an SSH fingerprint'),),
'verbose_name': 'SSHFP record',
'verbose_name_plural': 'SSHFP records',
'permissions': (('view_sshfp', 'Can see an SSHFP record'),),
},
bases=(re2o.mixins.RevMixin, re2o.mixins.AclMixin, models.Model),
),

View file

@ -203,72 +203,6 @@ class Machine(RevMixin, FieldPermissionModelMixin, models.Model):
return str(self.user) + ' - ' + str(self.id) + ' - ' + str(self.name)
class SshFingerprint(RevMixin, AclMixin, models.Model):
"""A fingerpirnt of an SSH public key"""
ALGO = (
("ssh-rsa", "ssh-rsa"),
("ssh-ed25519", "ssh-ed25519"),
("ecdsa-sha2-nistp256", "ecdsa-sha2-nistp256"),
("ecdsa-sha2-nistp384", "ecdsa-sha2-nistp384"),
("ecdsa-sha2-nistp521", "ecdsa-sha2-nistp521"),
)
machine = models.ForeignKey('Machine', on_delete=models.CASCADE)
pub_key_entry = models.TextField(
help_text="SSH public key",
max_length=2048
)
algo = models.CharField(
choices=ALGO,
max_length=32
)
comment = models.CharField(
help_text="Comment",
max_length=255,
null=True,
blank=True
)
@cached_property
def algo_id(self):
"""Return the id of the algorithme for this key"""
if "ecdsa" in self.algo:
return 3
elif "rsa" in self.algo:
return 1
else:
return 2
@cached_property
def hash(self):
"""Return the hashs for the pub key with correct id
cf RFC, 1 is sha1 , 2 sha256"""
return {
"1" : hashlib.sha1(base64.b64decode(self.pub_key_entry)).hexdigest(),
"2" : hashlib.sha256(base64.b64decode(self.pub_key_entry)).hexdigest(),
}
class Meta:
permissions = (
("view_sshfingerprint", "Can see an SSH fingerprint"),
)
verbose_name = "SSH fingerprint"
verbose_name_plural = "SSH fingerprints"
def can_view(self, user_request, *_args, **_kwargs):
return self.machine.can_view(user_request, *_args, **_kwargs)
def can_edit(self, user_request, *args, **kwargs):
return self.machine.can_edit(user_request, *args, **kwargs)
def can_delete(self, user_request, *args, **kwargs):
return self.machine.can_delete(user_request, *args, **kwargs)
def __str__(self):
return str(self.algo) + ' ' + str(self.comment)
class MachineType(RevMixin, AclMixin, models.Model):
""" Type de machine, relié à un type d'ip, affecté aux interfaces"""
PRETTY_NAME = "Type de machine"
@ -631,13 +565,11 @@ class Extension(RevMixin, AclMixin, models.Model):
entry += "@ IN AAAA " + str(self.origin_v6)
return entry
def get_associated_sshfpr(self):
def get_associated_sshfp_records(self):
from re2o.utils import all_active_assigned_interfaces
return (all_active_assigned_interfaces()
.filter(type__ip_type__extension=self)
.filter(
machine__id__in=SshFingerprint.objects.values('machine')
))
.filter(machine__id__in=SshFp.objects.values('machine')))
def get_associated_a_records(self):
from re2o.utils import all_active_assigned_interfaces
@ -831,6 +763,73 @@ class Srv(RevMixin, AclMixin, models.Model):
str(self.port) + ' ' + str(self.target) + '.'
class SshFp(RevMixin, AclMixin, models.Model):
"""A fingerprint of an SSH public key"""
ALGO = (
("ssh-rsa", "ssh-rsa"),
("ssh-ed25519", "ssh-ed25519"),
("ecdsa-sha2-nistp256", "ecdsa-sha2-nistp256"),
("ecdsa-sha2-nistp384", "ecdsa-sha2-nistp384"),
("ecdsa-sha2-nistp521", "ecdsa-sha2-nistp521"),
)
machine = models.ForeignKey('Machine', on_delete=models.CASCADE)
pub_key_entry = models.TextField(
help_text="SSH public key",
max_length=2048
)
algo = models.CharField(
choices=ALGO,
max_length=32
)
comment = models.CharField(
help_text="Comment",
max_length=255,
null=True,
blank=True
)
@cached_property
def algo_id(self):
"""Return the id of the algorithm for this key"""
if "ecdsa" in self.algo:
return 3
elif "rsa" in self.algo:
return 1
else:
return 2
@cached_property
def hash(self):
"""Return the hashess for the pub key with correct id
cf RFC, 1 is sha1 , 2 sha256"""
return {
"1" : hashlib.sha1(base64.b64decode(self.pub_key_entry)).hexdigest(),
"2" : hashlib.sha256(base64.b64decode(self.pub_key_entry)).hexdigest(),
}
class Meta:
permissions = (
("view_sshfp", "Can see an SSHFP record"),
)
verbose_name = "SSHFP record"
verbose_name_plural = "SSHFP records"
def can_view(self, user_request, *_args, **_kwargs):
return self.machine.can_view(user_request, *_args, **_kwargs)
def can_edit(self, user_request, *args, **kwargs):
return self.machine.can_edit(user_request, *args, **kwargs)
def can_delete(self, user_request, *args, **kwargs):
return self.machine.can_delete(user_request, *args, **kwargs)
def __str__(self):
return str(self.algo) + ' ' + str(self.comment)
class Interface(RevMixin, AclMixin, FieldPermissionModelMixin, models.Model):
""" Une interface. Objet clef de l'application machine :
- une address mac unique. Possibilité de la rendre unique avec le

View file

@ -119,9 +119,9 @@ with this program; if not, write to the Free Software Foundation, Inc.,
</a>
</li>
{% acl_end %}
{% can_create SshFingerprint interface.machine.id %}
{% can_create SshFp interface.machine.id %}
<li>
<a href="{% url 'machines:index-sshfingerprint' interface.machine.id %}">
<a href="{% url 'machines:index-sshfp' interface.machine.id %}">
<i class="fa fa-edit"></i> Manage the SSH fingerprints
</a>
</li>

View file

@ -33,19 +33,19 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<th></th>
</tr>
</thead>
{% for sshfpr in sshfingerprint_list %}
{% for sshfp in sshfp_list %}
<tr>
<td class="long_text">{{ sshfpr.pub_key_entry }}</td>
<td>{{ sshfpr.algo }}</td>
<td>{{ sshfpr.comment }}</td>
<td class="long_text">{{ sshfp.pub_key_entry }}</td>
<td>{{ sshfp.algo }}</td>
<td>{{ sshfp.comment }}</td>
<td class="text-right">
{% can_edit sshfpr %}
{% include 'buttons/edit.html' with href='machines:edit-sshfingerprint' id=sshfpr.id %}
{% can_edit sshfp %}
{% include 'buttons/edit.html' with href='machines:edit-sshfp' id=sshfp.id %}
{% acl_end %}
{% can_delete sshfpr %}
{% include 'buttons/suppr.html' with href='machines:del-sshfingerprint' id=sshfpr.id %}
{% can_delete sshfp %}
{% include 'buttons/suppr.html' with href='machines:del-sshfp' id=sshfp.id %}
{% acl_end %}
{% history_button sshfpr %}
{% history_button sshfp %}
</td>
</tr>
{% endfor %}

View file

@ -28,11 +28,11 @@ with this program; if not, write to the Free Software Foundation, Inc.,
{% block content %}
<h2>SSH fingerprints</h2>
{% can_create SshFingerprint machine_id %}
<a class="btn btn-primary btn-sm" role="button" href="{% url 'machines:new-sshfingerprint' machine_id %}">
{% can_create SshFp machine_id %}
<a class="btn btn-primary btn-sm" role="button" href="{% url 'machines:new-sshfp' machine_id %}">
<i class="fa fa-plus"></i> Add an SSH fingerprint
</a>
{% acl_end %}
{% include "machines/aff_sshfingerprint.html" with sshfingerprint_list=sshfingerprint_list %}
{% include "machines/aff_sshfp.html" with sshfp_list=sshfp_list %}
{% endblock %}

View file

@ -33,12 +33,6 @@ with this program; if not, write to the Free Software Foundation, Inc.,
{% if machineform %}
{% bootstrap_form_errors machineform %}
{% endif %}
{% if sshfingerprintform %}
{% bootstrap_form_errors sshfingerprintform %}
{% endif %}
{% if sshfpralgoform %}
{% bootstrap_form_errors sshfpralgoform %}
{% endif %}
{% if interfaceform %}
{% bootstrap_form_errors interfaceform %}
{% endif %}
@ -75,6 +69,9 @@ with this program; if not, write to the Free Software Foundation, Inc.,
{% if serviceform %}
{% bootstrap_form_errors serviceform %}
{% endif %}
{% if sshfpform %}
{% bootstrap_form_errors sshfpform %}
{% endif %}
{% if vlanform %}
{% bootstrap_form_errors vlanform %}
{% endif %}
@ -91,14 +88,6 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<h3>Machine</h3>
{% massive_bootstrap_form machineform 'user' %}
{% endif %}
{% if sshfingerprintform %}
<h3>SSH fingerprint</h3>
{% bootstrap_form sshfingerprintform %}
{% endif %}
{% if sshfpralgoform %}
<h3>SSH fingerprint algorithm</h3>
{% bootstrap_form sshfpralgoform %}
{% endif %}
{% if interfaceform %}
<h3>Interface</h3>
{% if i_mbf_param %}
@ -147,6 +136,10 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<h3>Enregistrement SRV</h3>
{% massive_bootstrap_form srvform 'target' %}
{% endif %}
{% if sshfpform %}
<h3>SSHFP record</h3>
{% bootstrap_form sshfpform %}
{% endif %}
{% if aliasform %}
<h3>Alias</h3>
{% bootstrap_form aliasform %}

View file

@ -82,6 +82,18 @@ urlpatterns = [
url(r'^add_srv/$', views.add_srv, name='add-srv'),
url(r'^edit_srv/(?P<srvid>[0-9]+)$', views.edit_srv, name='edit-srv'),
url(r'^del_srv/$', views.del_srv, name='del-srv'),
url(r'^new_sshfp/(?P<machineid>[0-9]+)$',
views.new_sshfp,
name='new-sshfp'),
url(r'^edit_sshfp/(?P<sshfpid>[0-9]+)$',
views.edit_sshfp,
name='edit-sshfp'),
url(r'^del_sshfp/(?P<sshfpid>[0-9]+)$',
views.del_sshfp,
name='del-sshfp'),
url(r'^index_sshfp/(?P<machineid>[0-9]+)$',
views.index_sshfp,
name='index-sshfp'),
url(r'^index_extension/$', views.index_extension, name='index-extension'),
url(r'^add_alias/(?P<interfaceid>[0-9]+)$',
views.add_alias,
@ -107,18 +119,6 @@ urlpatterns = [
url(r'^index_ipv6/(?P<interfaceid>[0-9]+)$',
views.index_ipv6,
name='index-ipv6'),
url(r'^new_sshfingerprint/(?P<machineid>[0-9]+)$',
views.new_sshfingerprint,
name='new-sshfingerprint'),
url(r'^edit_sshfingerprint/(?P<sshfingerprintid>[0-9]+)$',
views.edit_sshfingerprint,
name='edit-sshfingerprint'),
url(r'^del_sshfingerprint/(?P<sshfingerprintid>[0-9]+)$',
views.del_sshfingerprint,
name='del-sshfingerprint'),
url(r'^index_sshfingerprint/(?P<machineid>[0-9]+)$',
views.index_sshfingerprint,
name='index-sshfingerprint'),
url(r'^add_service/$', views.add_service, name='add-service'),
url(r'^edit_service/(?P<serviceid>[0-9]+)$',
views.edit_service,

View file

@ -103,6 +103,7 @@ from .forms import (
DelVlanForm,
ServiceForm,
DelServiceForm,
SshFpForm,
NasForm,
DelNasForm,
SrvForm,
@ -110,7 +111,6 @@ from .forms import (
Ipv6ListForm,
EditOuverturePortListForm,
EditOuverturePortConfigForm,
SshFingerprintForm,
)
from .models import (
IpType,
@ -129,10 +129,10 @@ from .models import (
Txt,
DName,
Srv,
SshFp,
OuverturePortList,
OuverturePort,
Ipv6List,
SshFingerprint,
)
@ -464,66 +464,66 @@ def del_ipv6list(request, ipv6list, **_kwargs):
@login_required
@can_create(SshFingerprint)
@can_create(SshFp)
@can_edit(Machine)
def new_sshfingerprint(request, machine, **_kwargs):
"""Creates an SSH fingerprint"""
sshfingerprint_instance = SshFingerprint(machine=machine)
sshfingerprint = SshFingerprintForm(
def new_sshfp(request, machine, **_kwargs):
"""Creates an SSHFP record associated with a machine"""
sshfp_instance = SshFp(machine=machine)
sshfp = SshFpForm(
request.POST or None,
instance=sshfingerprint_instance
instance=sshfp_instance
)
if sshfingerprint.is_valid():
sshfingerprint.save()
messages.success(request, "The SSH fingerprint was added")
if sshfp.is_valid():
sshfp.save()
messages.success(request, "The SSHFP record was added")
return redirect(reverse(
'machines:index-sshfingerprint',
'machines:index-sshfp',
kwargs={'machineid': str(machine.id)}
))
return form(
{'sshfingerprintform': sshfingerprint, 'action_name': 'Create'},
{'sshfpform': sshfp, 'action_name': 'Create'},
'machines/machine.html',
request
)
@login_required
@can_edit(SshFingerprint)
def edit_sshfingerprint(request, sshfingerprint_instance, **_kwargs):
"""Edits an SSH fingerprint"""
sshfingerprint = SshFingerprintForm(
@can_edit(SshFp)
def edit_sshfp(request, sshfp_instance, **_kwargs):
"""Edits an SSHFP record"""
sshfp = SshFpForm(
request.POST or None,
instance=sshfingerprint_instance
instance=sshfp_instance
)
if sshfingerprint.is_valid():
if sshfingerprint.changed_data:
sshfingerprint.save()
messages.success(request, "The SSH fingerprint was edited")
if sshfp.is_valid():
if sshfp.changed_data:
sshfp.save()
messages.success(request, "The SSHFP record was edited")
return redirect(reverse(
'machines:index-sshfingerprint',
kwargs={'machineid': str(sshfingerprint_instance.machine.id)}
'machines:index-sshfp',
kwargs={'machineid': str(sshfp_instance.machine.id)}
))
return form(
{'sshfingerprintform': sshfingerprint, 'action_name': 'Edit'},
{'sshfpform': sshfp, 'action_name': 'Edit'},
'machines/machine.html',
request
)
@login_required
@can_delete(SshFingerprint)
def del_sshfingerprint(request, sshfingerprint, **_kwargs):
"""Deletes an SSH fingerprint"""
@can_delete(SshFp)
def del_sshfp(request, sshfp, **_kwargs):
"""Deletes an SSHFP record"""
if request.method == "POST":
machineid = sshfingerprint.machine.id
sshfingerprint.delete()
messages.success(request, "The SSH fingerprint was deleted")
machineid = sshfp.machine.id
sshfp.delete()
messages.success(request, "The SSHFP record was deleted")
return redirect(reverse(
'machines:index-sshfingerprint',
'machines:index-sshfp',
kwargs={'machineid': str(machineid)}
))
return form(
{'objet': sshfingerprint, 'objet_name': 'sshfingerprint'},
{'objet': sshfp, 'objet_name': 'sshfp'},
'machines/delete.html',
request
)
@ -1458,13 +1458,14 @@ def index_alias(request, interface, interfaceid):
@login_required
@can_view(Machine)
def index_sshfingerprint(request, machine, machineid):
"""View used to display the list of existing SSH fingerprint of a machine"""
sshfingerprint_list = SshFingerprint.objects.filter(machine=machine)
def index_sshfp(request, machine, machineid):
"""View used to display the list of existing SSHFP records associated
with a machine"""
sshfp_list = SshFp.objects.filter(machine=machine)
return render(
request,
'machines/index_sshfingerprint.html',
{'sshfingerprint_list': sshfingerprint_list, 'machine_id': machineid}
'machines/index_sshfp.html',
{'sshfp_list': sshfp_list, 'machine_id': machineid}
)