Beispiel #1
0
    def __init__(
        self,
        name,
        proxy_class,
        router=None,
        chainer=None,
        snat_policy=None,
        snat=None,
        dnat_policy=None,
        dnat=None,
        authentication_policy=None,
        authorization_policy=None,
        max_instances=0,
        max_sessions=0,
        auth_name=None,
        resolver_policy=None,
        auth=None,
        auth_policy=None,
        keepalive=None,
        encryption_policy=None,
        limit_target_zones_to=None,
        detector_config=None,
        detector_default_service_name=None,
    ):
        """
        <method maturity="stable">
          <summary>
            Constructor to initialize a Service instance.
          </summary>
          <description>
            <para>
              This contructor defines a Service with the specified parameters.
            </para>
          </description>
          <metainfo>
            <arguments>
              <argument maturity="stable">
                <name>name</name>
                <type>
                  <string/>
                </type>
                <description>The name identifying the service.</description>
              </argument>
              <argument maturity="stable">
                <name>router</name>
                <type>
                  <class filter="router" instance="yes"/>
                </type>
                <default>None</default>
                <description>Name of the router instance used to determine
                the destination address of the server.
                Defaults to <link linkend="python.Router.TransparentRouter">TransparentRouter</link>
                if no other router is specified.
                </description>
              </argument>
              <argument maturity="stable">
                <name>chainer</name>
                <type>
                  <class filter="chainer" instance="yes"/>
                </type>
                <default>None</default>
                <description>Name of the chainer instance used to connect to
                the destination server.
                Defaults to <link linkend="python.Chainer.ConnectChainer">ConnectChainer</link>
                if no other chainer is specified.</description>
              </argument>
              <argument>
                <name>snat_policy</name>
                <type>
                  <class filter="natpolicy" existing="yes"/>
                </type>
                <default>None</default>
                <description>Name of the NAT policy instance used to
                translate the source addresses of
                the sessions. See <xref linkend="python.NAT"/> for details.</description>
              </argument>
              <argument maturity="obsolete">
                <name>snat</name>
                <type>
                  <class filter="nat"/>
                </type>
                <default>None</default>
                <description>Obsolete parameter, use <parameter>snat_policy</parameter> instead.
                </description>
              </argument>
              <argument>
                <name>dnat_policy</name>
                <type>
                  <class filter="natpolicy" existing="yes"/>
                </type>
                <default>None</default>
                <description>Name of the NAT policy instance used to
                translate the destination addresses of
                the sessions. See <xref linkend="python.NAT"/> for details.</description>
              </argument>
              <argument maturity="obsolete">
                <name>dnat</name>
                <type>
                  <class filter="nat"/>
                </type>
                <default>None</default>
                <description>Obsolete parameter,
                use <parameter>dnat_policy</parameter> instead.</description>
              </argument>
              <argument maturity="stable">
                <name>proxy_class</name>
                <type>
                  <class filter="proxy"/>
                </type>
                <description>Name of the proxy class instance used to analyze the traffic transferred in
                the session. See <xref linkend="python.Proxy"/> for details.</description>
              </argument>
              <argument>
                <name>authentication_policy</name>
                <type>
                  <class filter="authpolicy" existing="yes"/>
                </type>
                <default>None</default>
                <description>Name of the AuthenticationPolicy instance used to authenticate the clients.
                See <xref linkend="python.Auth"/> for details.</description>
              </argument>
              <argument>
                <name>authorization_policy</name>
                <type>
                  <class filter="authorizationpolicy" existing="yes"/>
                </type>
                <default>None</default>
                <description>Name of the AuthorizationPolicy instance used to authorize the clients.
                See <xref linkend="python.Auth"/> for details.</description>
              </argument>
              <argument maturity="obsolete">
                <name>auth</name>
                <type>
                  <class filter="auth" instance="yes"/>
                </type>
                <default>None</default>
                <description>Obsolete parameter, use <parameter>authentication_policy</parameter> instead.
                </description>
              </argument>
              <argument maturity="obsolete">
                <name>auth_policy</name>
                <type>
                  <class filter="authpolicy" existing="yes"/>
                </type>
                <default>None</default>
                <description>Obsolete parameter, use <parameter>authorization_policy</parameter> instead.
                </description>
              </argument>
              <argument>
                <name>auth_name</name>
                <type>
                  <string/>
                </type>
                <default>None</default>
                <description>
                 Authentication name of the service. This string informs the
                 users of the Zorp Authentication Agent about which
                 service they are authenticating for. Default value: the name of the service.
                </description>
              </argument>
              <argument maturity="stable">
                <name>max_instances</name>
                <type>
                  <integer/>
                </type>
                <default>0</default>
                <description>Permitted number of concurrent instances of this service. Usually each
                service instance handles one connection. Default value: <parameter>0</parameter> (unlimited).
                </description>
              </argument>
              <argument>
                <name>max_sessions</name>
                <type><integer/></type>
                <default>0</default>
                <description>
                  Maximum number of concurrent sessions handled by one thread.
                </description>
              </argument>
              <argument>
                <name>resolver_policy</name>
                <type>
                  <class filter="resolverpolicy" existing="yes"/>
                </type>
                <default>None</default>
                <description>Name of the ResolvePolicy instance used to resolve the destination domain names.
                See <xref linkend="python.Resolver"/> for details.
                Default value: <parameter>DNSResolver</parameter>.
                </description>
              </argument>
              <argument>
                <name>keepalive</name>
                <type><integer/></type>
                <default>Z_KEEPALIVE_NONE</default>
                <description>
                  The TCP keepalive option, one of the Z_KEEPALIVE_NONE,
                  Z_KEEPALIVE_CLIENT, Z_KEEPALIVE_SERVER,
                  Z_KEEPALIVE_BOTH values.
                </description>
              </argument>
              <argument>
                <name>limit_target_zones_to</name>
                <type><list><string/></list></type>
                <default>None</default>
                <description>
                  A comma-separated list of zone names permitted as the target of the service. No restrictions
                  are applied if the list is empty. Use this parameter to replace the obsolete <parameter>inbound_services</parameter> parameter of the Zone class.
                </description>
              </argument>
              <argument>
                <name>encryption_policy</name>
                <type>
                  <class filter="encryptionpolicy" existing="yes"/>
                </type>
                <default>None</default>
                <description>Name of the Encryption policy instance used to
                encrypt the sessions and verify the certificates used.
                For details, see <xref linkend="python.Encryption"/>.</description>
              </argument>
            </arguments>
          </metainfo>
        </method>
        """
        super(Service, self).__init__(name)
        self.proxy_class = proxy_class
        self.router = router or default_router or TransparentRouter()
        self.chainer = chainer or default_chainer or ConnectChainer()
        if (snat or default_snat) and snat_policy:
            raise ValueError, "Cannot set both snat and snat_policy"
        if (dnat or default_dnat) and dnat_policy:
            raise ValueError, "Cannot set both dnat and dnat_policy"
        if (auth or default_auth or auth_policy) and authentication_policy:
            raise ValueError, "Cannot set authentication_policy and auth or auth_policy"

        if snat or default_snat:
            self.snat_policy = NATPolicy('__%s-snat' % name, snat
                                         or default_snat)
        else:
            self.snat_policy = getNATPolicy(snat_policy)
        if dnat or default_dnat:
            self.dnat_policy = NATPolicy('__%s-dnat' % name, dnat
                                         or default_dnat)
        else:
            self.dnat_policy = getNATPolicy(dnat_policy)

        if type(auth) == types.StringType:
            auth_policy = auth
            auth = None
        if keepalive:
            self.keepalive = keepalive

        if auth_policy:
            # one older auth_policy implementation (up to Zorp 3.0)
            auth_policy = getAuthPolicyObsolete(auth_policy)

            self.authentication_policy = auth_policy.getAuthenticationPolicy()
        elif auth or default_auth:
            # even older auth implementation (up to Zorp 2.1)
            auth_policy = AuthPolicy(None, auth or default_auth)
            self.authentication_policy = auth_policy.getAuthenticationPolicy()
        else:
            # current Authentication support
            self.authentication_policy = getAuthenticationPolicy(
                authentication_policy)

        self.auth_name = auth_name or name

        if resolver_policy:
            self.resolver_policy = getResolverPolicy(resolver_policy)
        else:
            self.resolver_policy = ResolverPolicy(None, DNSResolver())

        if encryption_policy:
            self.encryption_policy = getEncryptionPolicy(encryption_policy)
        else:
            self.encryption_policy = None

        self.limit_target_zones_to = limit_target_zones_to
        self.detector_config = detector_config
        self.detector_default_service_name = detector_default_service_name

        self.max_instances = max_instances
        self.max_sessions = max_sessions
        self.num_instances = 0
        self.proxy_group = ProxyGroup(self.max_sessions)
        self.lock = thread.allocate_lock()
        self.start_time = 0
Beispiel #2
0
        def __init__(self, name, proxy_class, router=None, chainer=None, snat_policy=None, snat=None, dnat_policy=None, dnat=None, authentication_policy=None, authorization_policy=None, max_instances=0, max_sessions=0, auth_name=None, resolver_policy=None, auth=None, auth_policy=None, keepalive=None, encryption_policy=None):
                """
                <method maturity="stable">
                  <summary>
                    Constructor to initialize a Service instance.
                  </summary>
                  <description>
                    <para>
                      This contructor defines a Service with the specified parameters.
                    </para>
                  </description>
                  <metainfo>
                    <arguments>
                      <argument maturity="stable">
                        <name>name</name>
                        <type>
                          <string/>
                        </type>
                        <description>The name identifying the service.</description>
                      </argument>
                      <argument maturity="stable">
                        <name>router</name>
                        <type>
                          <class filter="router" instance="yes"/>
                        </type>
                        <default>None</default>
                        <description>Name of the router instance used to determine
                        the destination address of the server.
                        Defaults to <link linkend="python.Router.TransparentRouter">TransparentRouter</link>
                        if no other router is specified.
                        </description>
                      </argument>
                      <argument maturity="stable">
                        <name>chainer</name>
                        <type>
                          <class filter="chainer" instance="yes"/>
                        </type>
                        <default>None</default>
                        <description>Name of the chainer instance used to connect to
                        the destination server.
                        Defaults to <link linkend="python.Chainer.ConnectChainer">ConnectChainer</link>
                        if no other chainer is specified.</description>
                      </argument>
                      <argument>
                        <name>snat_policy</name>
                        <type>
                          <class filter="natpolicy" existing="yes"/>
                        </type>
                        <default>None</default>
                        <description>Name of the NAT policy instance used to
                        translate the source addresses of
                        the sessions. See <xref linkend="python.NAT"/> for details.</description>
                      </argument>
                      <argument maturity="obsolete">
                        <name>snat</name>
                        <type>
                          <class filter="nat"/>
                        </type>
                        <default>None</default>
                        <description>Obsolete parameter, use <parameter>snat_policy</parameter> instead.
                        </description>
                      </argument>
                      <argument>
                        <name>dnat_policy</name>
                        <type>
                          <class filter="natpolicy" existing="yes"/>
                        </type>
                        <default>None</default>
                        <description>Name of the NAT policy instance used to
                        translate the destination addresses of
                        the sessions. See <xref linkend="python.NAT"/> for details.</description>
                      </argument>
                      <argument maturity="obsolete">
                        <name>dnat</name>
                        <type>
                          <class filter="nat"/>
                        </type>
                        <default>None</default>
                        <description>Obsolete parameter,
                        use <parameter>dnat_policy</parameter> instead.</description>
                      </argument>
                      <argument maturity="stable">
                        <name>proxy_class</name>
                        <type>
                          <class filter="proxy"/>
                        </type>
                        <description>Name of the proxy class instance used to analyze the traffic transferred in
                        the session. See <xref linkend="python.Proxy"/> for details.</description>
                      </argument>
                      <argument>
                        <name>authentication_policy</name>
                        <type>
                          <class filter="authpolicy" existing="yes"/>
                        </type>
                        <default>None</default>
                        <description>Name of the AuthenticationPolicy instance used to authenticate the clients.
                        See <xref linkend="python.Auth"/> for details.</description>
                      </argument>
                      <argument>
                        <name>authorization_policy</name>
                        <type>
                          <class filter="authorizationpolicy" existing="yes"/>
                        </type>
                        <default>None</default>
                        <description>Name of the AuthorizationPolicy instance used to authorize the clients.
                        See <xref linkend="python.Auth"/> for details.</description>
                      </argument>
                      <argument maturity="obsolete">
                        <name>auth</name>
                        <type>
                          <class filter="auth" instance="yes"/>
                        </type>
                        <default>None</default>
                        <description>Obsolete parameter, use <parameter>authentication_policy</parameter> instead.
                        </description>
                      </argument>
                      <argument maturity="obsolete">
                        <name>auth_policy</name>
                        <type>
                          <class filter="authpolicy" existing="yes"/>
                        </type>
                        <default>None</default>
                        <description>Obsolete parameter, use <parameter>authorization_policy</parameter> instead.
                        </description>
                      </argument>
                      <argument>
                        <name>auth_name</name>
                        <type>
                          <string/>
                        </type>
                        <default>None</default>
                        <description>
                         Authentication name of the service. This string informs the
                         users of the Zorp Authentication Agent about which
                         service they are authenticating for. Default value: the name of the service.
                        </description>
                      </argument>
                      <argument maturity="stable">
                        <name>max_instances</name>
                        <type>
                          <integer/>
                        </type>
                        <default>0</default>
                        <description>Permitted number of concurrent instances of this service. Usually each
                        service instance handles one connection. Default value: <parameter>0</parameter> (unlimited).
                        </description>
                      </argument>
       .              <argument>
                        <name>max_sessions</name>
                        <type><integer/></type>
                        <description>
                          Maximum number of concurrent sessions handled by one thread.
                        </description>
                      </argument>
                      <argument>
                        <name>resolver_policy</name>
                        <type>
                          <class filter="resolverpolicy" existing="yes"/>
                        </type>
                        <default>None</default>
                        <description>Name of the ResolvePolicy instance used to resolve the destination domain names.
                        See <xref linkend="python.Resolver"/> for details.
                        Default value: <parameter>DNSResolver</parameter>.
                        </description>
                      </argument>
       .              <argument>
                        <name>keepalive</name>
                        <type><integer/></type>
                        <description>
                          The TCP keepalive option, one of the Z_KEEPALIVE_NONE,
                          Z_KEEPALIVE_CLIENT, Z_KEEPALIVE_SERVER,
                          Z_KEEPALIVE_BOTH values.
                        </description>
                      </argument>
                    </arguments>
                  </metainfo>
                </method>
                """
                super(Service, self).__init__(name)
                self.proxy_class = proxy_class
                self.router = router or default_router or TransparentRouter()
                self.chainer = chainer or default_chainer or ConnectChainer()
                if (snat or default_snat) and snat_policy:
                        raise ValueError, "Cannot set both snat and snat_policy"
                if (dnat or default_dnat) and dnat_policy:
                        raise ValueError, "Cannot set both dnat and dnat_policy"
                if (auth or default_auth or auth_policy) and authentication_policy:
                        raise ValueError, "Cannot set authentication_policy and auth or auth_policy"

                if snat or default_snat:
                        self.snat_policy = NATPolicy('__%s-snat' % name, snat or default_snat)
                else:
                        self.snat_policy = getNATPolicy(snat_policy)
                if dnat or default_dnat:
                        self.dnat_policy = NATPolicy('__%s-dnat' % name, dnat or default_dnat)
                else:
                        self.dnat_policy = getNATPolicy(dnat_policy)

                if type(auth) == types.StringType:
                        auth_policy = auth
                        auth = None
                if keepalive:
                        self.keepalive = keepalive

                if auth_policy:
                        # one older auth_policy implementation (up to Zorp 3.0)
                        auth_policy = getAuthPolicyObsolete(auth_policy)

                        self.authentication_policy = auth_policy.getAuthenticationPolicy()
                elif auth or default_auth:
                        # even older auth implementation (up to Zorp 2.1)
                        auth_policy = AuthPolicy(None, auth or default_auth)
                        self.authentication_policy = auth_policy.getAuthenticationPolicy()
                else:
                        # current Authentication support
                        self.authentication_policy = getAuthenticationPolicy(authentication_policy)


                self.auth_name = auth_name or name

                if resolver_policy:
                        self.resolver_policy = getResolverPolicy(resolver_policy)
                else:
                        self.resolver_policy = ResolverPolicy(None, DNSResolver())

                if encryption_policy:
                        self.encryption_policy = getEncryptionPolicy(encryption_policy)
                else:
                        self.encryption_policy = None

                self.max_instances = max_instances
                self.max_sessions = max_sessions
                self.num_instances = 0
                self.proxy_group = ProxyGroup(self.max_sessions)
                self.lock = thread.allocate_lock()