Commit Graph

163 Commits

Author SHA1 Message Date
Thomas M Steenholdt
6c8a3ac36c Move setting definitions into code (rather than database).
For a setting to be useful, the code has to be able to make sense of it anyway. For this reason it makes sense, that the available settings are defined within the code, rather than in the database, where a missing row has previously caused problems. Instead, settings are now written to the database, when they are changed.

So instead of relying on the database initialization process to create all available settings for us in the database, the supported settings and their defaults are now in a `defaults` dict in the Setting class. With this in place, we can stop populating the `setting` table as a part of database initialization and it will be much easier to support new settings in the future (we no longer need to do anything to the database, to achieve that).

Another benefit is that any changes to default values will take effect automatically, unless the admin has already modified that setting to his/her liking.

To make it easier to get the value of a setting, falling back to defaults etc, a new function `get` has been added to the Setting class. Call it as `Setting().get('setting_name'), and it will take care of returning a setting from the database or return the default value for that setting, if nothing was found.

The `get` function returns `None`, if the setting passed to the function, does not exist in the `Setting.defaults` dict - Indicating that we don't know of a setting by that name.
2018-06-21 22:06:38 -02:00
Khanh Ngo
8a22e030cd
Merge and resolve the conflicts from master 2018-06-13 09:35:19 +07:00
Khanh Ngo
aa6909065d Merge remote-tracking branch 'tmuncks/initial-accounts' 2018-06-12 16:17:55 +07:00
Khanh Ngo
003310665c Merge branch 'master' into flask_migrate 2018-06-11 17:05:01 +07:00
Khanh Ngo
a6f0bf26d4
Use Flask-Migrate for db migration 2018-06-11 10:58:47 +07:00
Thomas M Steenholdt
0a670845fa Automatically rectify DNSSEC enabled zones
For DNSSEC enabled zones to function correctly, they need to be rectified on update.

This changes the DNSSEC enable/disable code to set API-RECTIFY:

To `true` when activating DNSSEC on a domain
To `false` when deactivating DNSSEC on a domain

With this, PowerDNS promises to handle the needed rectifications.

(cherry picked from commit 5d15d8899cc03a4a7d433d33c2c4b1da09b5eb2d)
2018-06-10 21:47:19 -02:00
Khanh Ngo
2958ae663c
Validate user role and DNSSEC_ADMINS_ONLY config on DNSSEC related routes 2018-06-07 09:28:14 +07:00
Khanh Ngo
70b3060f5d
Merge pull request #271 from sinzee/patch-1
Update models.py
2018-06-07 08:50:48 +07:00
Thomas M Steenholdt
2b3b67a3af Fix foreign key constraint error on MySQL
(cherry picked from commit 2a9108f90482a6be86d0b8af4dfcc30f6651ff28)
2018-06-06 13:57:36 -02:00
Thomas M Steenholdt
a4af4ad4b3 Implement per account domain access
Added the possibility for assigning users to an account, providing access to all domains associated with that account automatically.

This makes management easier, especially in installations with lots of domains and lots of managing entities.

The old style per-domain permissions are still there and working as usual. The two methods work perfectly side-by-side and are analogous to "user" (per-domain) and "group" (account) permissions as we know them from Active Directory and such places.

(cherry picked from commit 34fbc634d2848a7f76dc89a03dd8c0604068cc17)
2018-06-05 16:42:44 -02:00
Thomas M Steenholdt
a3a58f16a5 Initial support for Accounts
This adds initial support for accounts a concept meant to signify a customer, a department or any other entity that somehow owns or manages one or more domains.

The purpose is to be able to assign an account to any number of domains, making it easy to track who owns or manages a domain, significantly improving manageability in setups with a large number of domains.

An account consists of a mandatory, unique `name` and optional `description`, `contact` name and `mail` address. The account `name` is stripped of spaces and symbols, and lower cased before getting stored in the database and in PowerDNS, to help ensure some type of predictability and uniqueness in the database.

The term *account* is actually taken from the PowerDNS database, where the `domains.account` column is used to store the account relationship, in in the form of the account `name`.

The link to a domain in PowerDNS-Admin is done through the `domain.account_id` FOREIGN KEY, that is linked to the `account.id` PRIMARY KEY.

(cherry picked from commits 4e95f33dfb0676d1c401a033c28bca3be7d6ec26, da0d596bd019a339549e2c59630a8fdee65d0e22, 7f06e6aaf4fd8011c784f24b7bbbba5f52aef319, 1c624dad8749024033d1d15dd6242ca52b39f135)
2018-06-04 13:10:02 -02:00
sinzee
4daef97666
Update models.py
Fix update_from_master
2018-05-28 00:28:40 +09:00
Thomas M Steenholdt
a7e91b6f40 Fix SOA-EDIT-API options
The options for SOA-EDIT-API included was actually the options used for SOA-EDIT, which is a very different beast.
Those options have been swapped out for the options allowed in SOA-EDIT-API and SOA-EDIT-DNSUPDATE.
2018-05-24 16:12:12 -02:00
Khanh Ngo
77f0deade8 Fix #247 2018-04-18 13:29:29 +07:00
Khanh Ngo
8b7653ad4a Change data column data type of DomainTemplateRecord to TEXT 2018-04-12 11:44:56 +07:00
Khanh Ngo
52b6966c83 Check zone serial before allowing user to submit their change. #183 2018-04-12 11:18:44 +07:00
Khanh Ngo
84d4bfaed0 Mark LDAP authentication as external_auth. Fix OTP secret update. #237 2018-04-10 08:59:28 +07:00
Khanh Ngo
fc4e9dc9a0 #233. Make sure password hash is string before inserting to the db 2018-04-06 18:05:38 +07:00
Khanh Ngo
17a892b18d Resolve the conflicts for #228 2018-04-02 13:38:53 +07:00
Khanh Ngo
1c54f008f4 Change string to new format 2018-04-01 07:57:41 +07:00
Khanh Ngo
65da9a7a4f Adjustment in LDAP feature to work with python 3 2018-04-01 07:23:53 +07:00
Khanh Ngo
41d691e2db Merge remote-tracking branch 'maysara/master' into development 2018-04-01 07:01:00 +07:00
Khanh Ngo
cecc0ac9df Merge branch 'hotfix-ldap' into development 2018-03-31 08:26:50 +07:00
Khanh Ngo
29d1cf4117 Adjustment in domain template feature to work with python3 2018-03-31 08:21:02 +07:00
Khanh Ngo
c668c21fc9 Adjustment to prevent exception in Google/Github authentication when local user cannot be created 2018-03-30 17:43:34 +07:00
Khanh Ngo
f318c437c1 Merge remote-tracking branch 'hackedd/feature/server-side-domain-list' into development 2018-03-30 15:34:07 +07:00
Khanh Ngo
b5b3b77acb Adjustment to work with Python3 2018-03-30 13:49:35 +07:00
thomasDOTde
5ed8a33c7e added feature requested in issue #28 2018-03-28 01:41:33 +02:00
Jeroen Boonstra
5ea70023ff remove dnssec keys 2018-03-05 15:06:40 +01:00
Jeroen Boonstra
38be504d17 enable_dns_sec function added 2018-03-01 08:26:29 +01:00
thomasDOTde
534b9739c2 Merge branch 'hotfix-ldap' of https://github.com/verdel/PowerDNS-Admin into ldapfix-verdel 2018-02-10 13:01:04 +01:00
Vadim Aleksandrov
0436d69ea6 Adding the ability to use 'LDAP_USERNAMEFIELD' and 'LDAP_FILTER' in case of use with Active Directory for authorization 2018-02-09 15:41:19 +03:00
Vadim Aleksandrov
b0caf0ca48 Fix issue with inserting into the database fields 'firstname' and 'lastname' containing non-ascii characters that can be retrieved from LDAP 2018-02-09 15:37:28 +03:00
Vadim Aleksandrov
6f4cc42805 Fix issue with LDAP search filter. It is necessary to bracket the expression with additional filter conditions 2018-02-09 15:32:50 +03:00
Vadim Aleksandrov
cff534890f Deny to delete 'SOA' record 2018-02-07 22:47:52 +03:00
Vadim Aleksandrov
52a5789c85 Add first working draft of domain templating functionality 2018-02-07 22:30:29 +03:00
thomasDOTde
049a8a4547 optimized domain permission check for normal users 2017-12-04 22:18:28 +01:00
NomenNescio
620b0b55e8 replaced non-existent method with code that checks whether user has rights on the domain at hand 2017-12-04 14:00:30 +01:00
thomasDOTde
971d6b2e28 fixed issue when not using LDAP 2017-11-10 12:28:42 +01:00
thomasDOTde
d65efe477a ensure authentication isn't possible without password 2017-11-06 23:36:11 +01:00
thomasDOTde
9e719a3a98 fixed merge 2017-11-03 00:00:04 +01:00
Thomas
2354eb69c3 Merge branch 'master' into ldap_group_security 2017-11-02 23:23:36 +01:00
Paul Hooijenga
9a4021d5e5 Add access control for non-admin users
(cherry picked from commit 6e5b704)
2017-11-01 21:40:15 +01:00
Paul Hooijenga
5d09daf8eb Fix dashboard domain query for non-admin users 2017-09-15 15:14:04 +02:00
Maysara Abdulhaq
28c7a195e8 add LDAP direct binding and GROUP_SECURITY 2017-09-03 14:23:18 -04:00
Maysara A
501c5292ab binding with user credentials instead of preset LDAP user/pass 2017-07-24 21:08:25 -04:00
Khanh Ngo
b6ed658cbd Merge pull request #156 from petersipos/feature/automatic-reverse-domain-creation
Feature/automatic reverse domain creation
2016-12-10 12:38:44 +07:00
SIPOS, Peter
72e3a82e9e Change reverse domain creation order
With refactoring the get_reverse_domain_name
function, we change the reverse domain checking to
a reverse order. In this way we check the lowest class
(more specific) reverse zone first. When an existing domain found we use it to create the reverse PTR records. If no one existing can be find, The most specific address will be used.
2016-11-28 08:39:07 +01:00
SIPOS, Peter
e6e3c39778 Add get_reverse_domain_name functionality
In this way the reverse it is possible to create
auto-ptr records in higher ip classes (eg. class A in IPv4).
Only works with existing higher class domain.

If is isn't find higher class domain, create a lowest class domain, and add there the reverse PTRs.

Also works with IPv6!
2016-11-21 19:44:10 +01:00
SIPOS, Peter
b9f95da906 Implement of checking existing higher class ip reverse zones
iteratively checking of existing domains with higher IP
classes. When this function find an existing higher class
domain return with that reverse address. eg. 192.in-addr.arpa

If it is not find  any existing higher class domain it returns with the lowest class domain reverse domain name. eg, 39.168.192.in-addr.arpa
2016-11-21 19:40:43 +01:00
SIPOS, Peter
d7db0d5e7a Fix create reverse domain function
Using of wrong variable
2016-11-21 19:36:43 +01:00
SIPOS, Peter
c53d9ace89 Extend reverse domain regexp with classes
With this modification it can be possible, to detect
custom IP classes for domains. It just need to 
modify the multipler in regexp {4} or {1}.

In the future it will works automaticly, but not now
2016-11-21 16:55:03 +01:00
SIPOS, Peter
cc1a3def5d Add setting read and extra check to adding an auto-ptr record
It is using domain sepcific or global auto-ptr setting
to determine the using of auto-ptr creation.
2016-11-21 13:46:54 +01:00
SIPOS, Peter
3911935e3b Add an extra check into reverse domain creation
and also import strtobool
2016-11-21 13:45:17 +01:00
SIPOS, Peter
94b0d26142 Delete settings related to domain on domain deleting
Because this bug domain deleting isn't possible when 
a domain specific attribute is set (eg. dyndns).

This modification delete domain settings before domain
deleting.
2016-11-21 13:30:16 +01:00
SIPOS, Peter
c81deb0044 Fix SOE-EDIT-API value in reverse-domain creation 2016-11-18 08:30:24 +01:00
SIPOS, Peter
7d72cf6088 Put a "." char in a safe way to the records name fields end
First of all we cut all of dot char at the end of the rstring and than we put one there.
this way we make sure that our string contains just
one dot at its end.
2016-11-17 15:04:07 +01:00
SIPOS, Peter
3dbbfc16ce Implement auto-ptr deleting functionality
this way we safely remove the corresponding auto created reverse ptr
2016-11-17 11:37:09 +01:00
SIPOS, Peter
58ef114f7f Move auto-ptr functionality into a new function 2016-11-17 11:35:09 +01:00
SIPOS, Peter
43f1289b98 Remove unnecessary record field in Record.delete()
refferring to pdns api documentation the fields inside the
of the entry delete json is not necessary.
2016-11-17 11:32:28 +01:00
SIPOS, Peter
d224bd6798 Fix typo error 2016-11-17 11:29:01 +01:00
SIPOS, Peter
3d7511f013 Add reverse PTR record adding to reverse domain
At this point we just create the new records and we don't
care about the record updates, so now this is a little bit buggy.
2016-11-16 15:15:35 +01:00
SIPOS, Peter
0e8a41f58e Move dns.reversename import to head of models.py
It is necessary because we use this function it the
pretty_ipv6_ptr don't turned on.
2016-11-16 15:13:02 +01:00
SIPOS, Peter
f430ed014b Add reverse domain creation into Record.apply()
When a record successefully added to a domain, it will
try to create a reverse lookup domain for that record.
In this point we aren't create the records yet...
2016-11-16 14:12:40 +01:00
SIPOS, Peter
562b7e2053 Add create_reverse_domain function to Domain
This function will create automatically the reverse lookup 
domain for the applied record of a Domain.
And also grant the privileges from the original Domain.
2016-11-16 14:09:13 +01:00
SIPOS, Peter
bbb71f401c Add try block into domain.get_id_by_name function
If we try to check if a domain exists, and we fetch with
get_id_by_name() function it will return with None if
the domain not exists, and return the id when yes.
2016-11-16 14:03:14 +01:00
bergzand
28f3dba050 Fix issue #133. Store hash as '*' for external users
Set password to '*' for users created by the create_user method. Should cause an invalid password hash for non local users added to the database
2016-09-28 10:50:37 +02:00
Felix Kaechele
d7a218a212 Ensure correct encoding when hashing and verifying
Depending on the database backend the string might not be UTF-8 encoded.
This makes sure that the hashing function works regardless of that.

Signed-off-by: Felix Kaechele <felix@kaechele.ca>
2016-09-17 07:25:05 -07:00
Felix Kaechele
9b8c85c5c1 Replace onetimepass with pyotp
pyotp is more common and better maintained

Signed-off-by: Felix Kaechele <felix@kaechele.ca>
2016-09-17 06:37:20 -07:00
Khanh Ngo
460b4b65fe Adjust field length in History table 2016-09-13 14:07:48 +07:00
CMGS
04e068787a refactor, make model more pythonic 2016-08-25 14:35:48 +08:00
Khanh Ngo
4a8e607ed2 Adjustment to not require PRETTY_IPV6_PTR config key by default. 2016-08-25 10:00:47 +07:00
Khanh Ngo
02bd378391 Merge pull request #118 from jallakim/pretty-ipv6-ptr
Pretty IPv6 PTR. Use the actual IPv6 address when editing PTR.
2016-08-25 09:51:10 +07:00
CMGS
4a3c4b53cc set user object id after created 2016-08-23 10:52:35 +08:00
Joachim Tingvold
8908c7d69b Cosmetics. 2016-08-19 23:07:36 +00:00
Joachim Tingvold
671a319e93 Pretty IPv6 PTR. Use the actual IPv6 address when editing PTR.
Rather than dealing with ip6.arpa-dotted-strings from hell, you can
now edit IPv6 PTR-records using the IPv6 address.
2016-08-19 23:04:20 +00:00
Joachim Tingvold
28796ed286 Fix issue where records could get deleted when different TTL. 2016-07-27 15:01:23 +00:00
Joachim Tingvold
0d1aa7971b Use correct TTL in updates. 2016-07-26 18:34:56 +00:00
Ivan Filippov
d093c1976d Add per-domain settings. Allows ondemand dyndns A records. Fixes #61.
This commit adds a new table to store per-domain settings, so a database
migrate/upgrade will be required. The first use-case is to allow dyndns
updates to create a record if one doesn't yet exist but only if the
per-domain setting is set.
2016-07-05 19:22:57 -06:00
Khanh Ngo
6307656e97 Fix dnssec update when reload the domain information. 2016-07-04 22:12:24 +07:00
CaptainQwark
9db71eaef5 fix for updates on pdns 4.0.0-rc2+ and remove flask.ext deprecation warnings 2016-07-01 21:46:13 +02:00
Khanh Ngo
e3bf71f496 Remove print statement 2016-06-29 00:25:55 +07:00
Khanh Ngo
c7efb85feb Fix bugs in #53 2016-06-29 00:22:11 +07:00
Khanh Ngo
7f5a57f80c Bug fix 2016-06-26 20:53:29 +07:00
Khanh Ngo
981c38cacb Add dyndns feature 2016-06-20 16:32:14 +07:00
Khanh Ngo
f4e2c3b3df Add OTP authentication feature 2016-06-16 15:36:05 +07:00
Khanh Ngo
af7402096e Add the adjustment from @CaptainQwark in PR #49 2016-06-16 10:31:36 +07:00
Ivan Filippov
39564f9c6e Add 'default_record_table_size' setting to allow changing table size.
Fixes #36.
2016-06-08 19:23:08 -06:00
Khanh Ngo
b0e863863c Adjustment to add multiple records which have same name and type. Add trailing dot in the record's content 2016-06-08 11:00:55 +07:00
Khanh Ngo
fb51bce1f8 Adjustment to update records in pdns 4.x.x 2016-06-07 17:05:41 +07:00
Khanh Ngo
23972ff09f Adjustment to support add/show domains in pdns v4.x.x 2016-06-07 15:20:56 +07:00
Khanh Ngo
382807fdd7 Adjustment to support new api url format in pdns 4.x.x 2016-06-07 13:50:31 +07:00
Ivan Filippov
98ddd7302b Add initial support for PDNS-Admin settings management. 2016-04-29 15:36:37 -06:00
xbulat
437a9fe1b6 Add more options to ldap 2016-04-28 15:53:50 +00:00
Ivan Filippov
a0483adf63 Merge branch 'master' into ldap_group_security 2016-04-19 13:13:07 -06:00
Khanh Ngo
a9cd4911b9 Fix dnssec data type to be compatible with Postgresql 2016-04-14 12:19:02 +07:00
Ivan Filippov
942ca47103 Merge remote-tracking branch 'upstream/master' into ldap_group_security
Conflicts:
	app/models.py
	config_template.py
2016-04-13 09:56:46 -06:00
Khanh Ngo
53b4fe2f8b Adjustment in application config 2016-04-13 11:13:59 +07:00
Ivan Filippov
5914c3cc86 Add group-based security implementation for non-AD LDAP servers. 2016-04-12 21:12:51 -06:00
Ivan Filippov
05944e8585 Don't require LDAP group parameters if LDAP_GROUP_SECURITY is not chosen 2016-04-11 10:22:40 -06:00