Skip to content
Snippets Groups Projects
Commit bfdfac23 authored by Leonidas Poulopoulos's avatar Leonidas Poulopoulos
Browse files

Added protected networks with validation and admins alert

parent c6c0a85f
No related branches found
No related tags found
No related merge requests found
...@@ -9,7 +9,7 @@ from django.core.urlresolvers import reverse ...@@ -9,7 +9,7 @@ from django.core.urlresolvers import reverse
from django.contrib.auth.models import User from django.contrib.auth.models import User
from django.conf import settings from django.conf import settings
import datetime import datetime
from django.core.mail import mail_admins, mail_managers, send_mail
class RouteForm(forms.ModelForm): class RouteForm(forms.ModelForm):
...@@ -27,11 +27,21 @@ class RouteForm(forms.ModelForm): ...@@ -27,11 +27,21 @@ class RouteForm(forms.ModelForm):
model = Route model = Route
def clean_source(self): def clean_source(self):
user = User.objects.get(pk=self.data['applier'][0])
data = self.cleaned_data['source'] data = self.cleaned_data['source']
private_error = False private_error = False
protected_error = False
if data: if data:
try: try:
address = IPNetwork(data) address = IPNetwork(data)
for net in settings.PROTECTED_SUBNETS:
if address in IPNetwork(net):
protected_error = True
mail_body = "User %s:%s attempted to set %s as the source address in a firewall rule" %(user.username, user.email, data)
send_mail(settings.EMAIL_SUBJECT_PREFIX + "Caught an attempt to set a protected IP/network as a source address",
mail_body, settings.SERVER_EMAIL,
[settings.NOC_MAIL], fail_silently=True)
raise forms.ValidationError("Not allowed")
if address.is_private: if address.is_private:
private_error = True private_error = True
raise forms.ValidationError('Private addresses not allowed') raise forms.ValidationError('Private addresses not allowed')
...@@ -41,23 +51,36 @@ class RouteForm(forms.ModelForm): ...@@ -41,23 +51,36 @@ class RouteForm(forms.ModelForm):
error_text = 'Invalid network address format' error_text = 'Invalid network address format'
if private_error: if private_error:
error_text = 'Private addresses not allowed' error_text = 'Private addresses not allowed'
if protected_error:
error_text = 'You have no authority on this subnet'
raise forms.ValidationError(error_text) raise forms.ValidationError(error_text)
def clean_destination(self): def clean_destination(self):
user = User.objects.get(pk=self.data['applier'][0])
data = self.cleaned_data['destination'] data = self.cleaned_data['destination']
error = None error = None
protected_error = False
if data: if data:
try: try:
address = IPNetwork(data) address = IPNetwork(data)
for net in settings.PROTECTED_SUBNETS:
if address in IPNetwork(net):
protected_error = True
mail_body = "User %s:%s attempted to set %s as the destination address in a firewall rule" %(user.username, user.email, data)
send_mail(settings.EMAIL_SUBJECT_PREFIX + "Caught an attempt to set a protected IP/network as the destination address",
mail_body, settings.SERVER_EMAIL,
[settings.NOC_MAIL], fail_silently=True)
raise forms.ValidationError("Not allowed")
if address.prefixlen < settings.PREFIX_LENGTH: if address.prefixlen < settings.PREFIX_LENGTH:
error = "Currently no prefix lengths < %s are allowed" %settings.PREFIX_LENGTH error = "Currently no prefix lengths < %s are allowed" %settings.PREFIX_LENGTH
raise forms.ValidationError('error') raise forms.ValidationError('error')
return self.cleaned_data["destination"] return self.cleaned_data["destination"]
except Exception: except Exception:
error_text = 'Invalid network address format'
if error: if error:
error_text = error error_text = error
else: if protected_error:
error_text = 'Invalid network address format' error_text = 'You have no authority on this subnet'
raise forms.ValidationError(error_text) raise forms.ValidationError(error_text)
def clean_expires(self): def clean_expires(self):
...@@ -82,7 +105,6 @@ class RouteForm(forms.ModelForm): ...@@ -82,7 +105,6 @@ class RouteForm(forms.ModelForm):
networks = peer.networks.all() networks = peer.networks.all()
mynetwork = False mynetwork = False
route_pk_list = [] route_pk_list = []
if destination: if destination:
for network in networks: for network in networks:
net = IPNetwork(network.network) net = IPNetwork(network.network)
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment