def _postops():
model = db.get_db().getModel()
root = model.getNodeByUri(ns.l2tpGlobalRoot, rdf.Type(ns.L2tpGlobalRoot))
# attempt to set keymap
try:
from codebay.l2tpserver import gnomeconfig
cfg_ui = root.getS(ns_ui.uiConfig, rdf.Type(ns_ui.UiConfig))
gnomeconfig.set_keymap_settings(cfg_ui.getS(ns_ui.keymap, rdf.String))
except:
_log.exception('setting keymap failed in import, ignoring')
def _rdf_database_recover_from_known_good(_log):
database_filename = constants.PRODUCT_DATABASE_FILENAME
exported_filename = constants.EXPORTED_RDF_DATABASE_FILE
res = False
if not os.path.exists(exported_filename):
_log.info('exported known good file %s does not exist, skipping recover from known good' % exported_filename)
return False
try:
try:
from codebay.common import rdf
from codebay.l2tpserver import db
# remove old database
rdf.Database.delete(database_filename)
# re-create database, read back from pruned file
dbase = rdf.Database.create(database_filename)
@db.transact(database=dbase)
def _f():
dbase.loadFile(exported_filename)
_f()
dbase.close()
dbase = None
# post ops - reset keymap (might have changed, e.g. in recovery)
try:
from codebay.l2tpserver.rdfconfig import ns, ns_ui
from codebay.l2tpserver import gnomeconfig
model = db.get_db().getModel()
root = model.getNodeByUri(ns.l2tpGlobalRoot, rdf.Type(ns.L2tpGlobalRoot))
cfg_ui = root.getS(ns_ui.uiConfig, rdf.Type(ns_ui.UiConfig))
gnomeconfig.set_keymap_settings(cfg_ui.getS(ns_ui.keymap, rdf.String))
except:
_log.exception('setting keymap failed in recovery from known good, ignoring')
res = True
except:
_log.exception('_rdf_database_recover_from_known_good: recovery from known good failed')
finally:
try:
if dbase is not None:
dbase.close()
dbase = None
except:
_log.exception('_rdf_database_recover_from_known_good: failed to close hanging db')
return res
def submitted(self, ctx, form, data):
fda = formalutils.FormDataAccessor(form, [], ctx)
pd = uidatahelpers.CreateProtocolData()
# Save collapsed states first, so they feed back to next round
for [rdf_uri,
key] in [[ns_ui.collapseLicense, 'license_group'],
[ns_ui.collapseLocale, 'locale_group'],
[ns_ui.collapseProductMaintenance, 'reboot_group'],
[ns_ui.collapseSnmp, 'snmp_group'],
[ns_ui.collapseRemoteManagement, 'remote_group'],
[ns_ui.collapseSslCertificate, 'ssl_group']]:
try:
# XXX: passing of the hidden _collapsedstate_ parameter is not too clean
uihelpers.update_collapse_setting(
rdf_uri, fda['%s._collapsedstate_' % key])
except:
_log.exception('error updating collapsed state for %s' %
rdf_uri)
try:
# global canonicalization
tmp = fda.descend('license_group')
if tmp.has_key('license_key') and (tmp['license_key'] is not None):
tmp['license_key'] = tmp['license_key'].upper().strip()
# global validation
tmp = fda.descend('license_group')
if tmp.has_key('license_key') and (tmp['license_key'] is not None):
val, grps = None, None
try:
val, grps = licensekey.decode_license(tmp['license_key'])
except:
_log.exception('license decoding failed')
if val is None:
tmp.add_error('license_key', 'Invalid license key')
tmp = fda.descend('remote_group')
if tmp.has_key('root_password1') and tmp.has_key('root_password2'):
pw1, pw2 = tmp['root_password1'], tmp['root_password2']
if pw1 is None:
pw1 = ''
if pw2 is None:
pw2 = ''
if pw1 != pw2:
tmp.add_error('root_password1', 'Passwords do not match')
tmp.add_error('root_password2', 'Passwords do not match')
else:
if not helpers.check_unix_password_characters(pw1):
tmp.add_error('root_password1',
'Invalid characters in password')
tmp.add_error('root_password2',
'Invalid characters in password')
tmp = fda.descend('snmp_group')
if tmp.has_key(
'snmp_community') and tmp['snmp_community'] is not None:
if not uihelpers.check_snmp_community_characters(
tmp['snmp_community']):
tmp.add_error('snmp_community', 'Invalid characters')
#
# XXX -- How to validate SSL certificates reliably? Currently invalid
# certificate / key causes VPNease to use self-signed version so it's
# relatively OK.
#
#
# XXX -- admin smtp setting validation & normalization
#
# Intermediate early bail out to avoid saving if there are errors
fda.finalize_validation()
# Deep copy UI config to 'new' UI config
pd.clone_ui_config()
# save data
self.save_ui_data(ctx, form, data)
# re-create protocol data to see if new exceptions crop up
pd.save_protocol_data()
except:
_log.exception(
'validation failed unexpectedly, adding global error')
fda.add_global_error('Unknown validation error')
# finalize; raises if something wrong
fda.finalize_validation()
# locale settings are handled directly
cfg_ui = helpers.get_new_ui_config()
try:
cfg_ui.setS(ns_ui.timezone, rdf.String,
fda['locale_group.timezone'])
cfg_ui.setS(ns_ui.keymap, rdf.String, fda['locale_group.keymap'])
gnomeconfig.set_keymap_settings(
cfg_ui.getS(ns_ui.keymap, rdf.String))
except:
_log.exception('activating timezone and keymap settings failed')
# same with root password
try:
tmp = fda.descend('remote_group')
if tmp.has_key('root_password1') and tmp.has_key('root_password2'):
pw1, pw2 = tmp['root_password1'], tmp['root_password2']
if (pw1 == '') and (pw2 == ''):
pass
elif (pw1 == None) and (pw2 == None):
pass
elif pw1 == pw2:
# change password; we assume it converts to ascii nicely
helpers.change_unix_password('root', str(pw1))
else:
# should not come here
_log.error('passwords differ after validation, ignoring')
except:
_log.exception('changing root password failed')
# activate new config
pd.activate_protocol_data()
# update initial config saved flag
pd.update_initial_config_saved()
#
# XXX: It would be cleaner if we could first stop the runner, then change the
# config, and then restart it. If we do that with a deferred, then it is possible
# that the user changes the config again before we have time to activate it.
# Putting the config into some sort of "staging area" might help. Currently we
# simply assume that runner stop (and start) are robust enough.
#
#
# XXX: If timezone has changed, we should re-render graphs immediately so they
# will have the correct timezone when status pages are loaded.
#
# ssl certificate - always rewrite here
try:
uihelpers.update_ssl_certificate_files()
# reread files; we don't regenerate because we never overwrite the self-signed
# certificate here
self.master.reread_ssl_files()
except:
_log.exception('ssl certificate check failed')
# stop, configure, start
followup = uihelpers.build_uri(ctx, 'status/main.html')
return uihelpers.reconfigure_and_restart_page(self.master,
ctx,
followup_uri=followup)
def submitted(self, ctx, form, data):
fda = formalutils.FormDataAccessor(form, [], ctx)
pd = uidatahelpers.CreateProtocolData()
# Save collapsed states first, so they feed back to next round
for [rdf_uri, key] in [ [ ns_ui.collapseLicense, 'license_group' ],
[ ns_ui.collapseLocale, 'locale_group' ],
[ ns_ui.collapseProductMaintenance, 'reboot_group' ],
[ ns_ui.collapseSnmp, 'snmp_group' ],
[ ns_ui.collapseRemoteManagement, 'remote_group' ],
[ ns_ui.collapseSslCertificate, 'ssl_group' ] ]:
try:
# XXX: passing of the hidden _collapsedstate_ parameter is not too clean
uihelpers.update_collapse_setting(rdf_uri, fda['%s._collapsedstate_' % key])
except:
_log.exception('error updating collapsed state for %s' % rdf_uri)
try:
# global canonicalization
tmp = fda.descend('license_group')
if tmp.has_key('license_key') and (tmp['license_key'] is not None):
tmp['license_key'] = tmp['license_key'].upper().strip()
# global validation
tmp = fda.descend('license_group')
if tmp.has_key('license_key') and (tmp['license_key'] is not None):
val, grps = None, None
try:
val, grps = licensekey.decode_license(tmp['license_key'])
except:
_log.exception('license decoding failed')
if val is None:
tmp.add_error('license_key', 'Invalid license key')
tmp = fda.descend('remote_group')
if tmp.has_key('root_password1') and tmp.has_key('root_password2'):
pw1, pw2 = tmp['root_password1'], tmp['root_password2']
if pw1 is None:
pw1 = ''
if pw2 is None:
pw2 = ''
if pw1 != pw2:
tmp.add_error('root_password1', 'Passwords do not match')
tmp.add_error('root_password2', 'Passwords do not match')
else:
if not helpers.check_unix_password_characters(pw1):
tmp.add_error('root_password1', 'Invalid characters in password')
tmp.add_error('root_password2', 'Invalid characters in password')
tmp = fda.descend('snmp_group')
if tmp.has_key('snmp_community') and tmp['snmp_community'] is not None:
if not uihelpers.check_snmp_community_characters(tmp['snmp_community']):
tmp.add_error('snmp_community', 'Invalid characters')
#
# XXX -- How to validate SSL certificates reliably? Currently invalid
# certificate / key causes VPNease to use self-signed version so it's
# relatively OK.
#
#
# XXX -- admin smtp setting validation & normalization
#
# Intermediate early bail out to avoid saving if there are errors
fda.finalize_validation()
# Deep copy UI config to 'new' UI config
pd.clone_ui_config()
# save data
self.save_ui_data(ctx, form, data)
# re-create protocol data to see if new exceptions crop up
pd.save_protocol_data()
except:
_log.exception('validation failed unexpectedly, adding global error')
fda.add_global_error('Unknown validation error')
# finalize; raises if something wrong
fda.finalize_validation()
# locale settings are handled directly
cfg_ui = helpers.get_new_ui_config()
try:
cfg_ui.setS(ns_ui.timezone, rdf.String, fda['locale_group.timezone'])
cfg_ui.setS(ns_ui.keymap, rdf.String, fda['locale_group.keymap'])
gnomeconfig.set_keymap_settings(cfg_ui.getS(ns_ui.keymap, rdf.String))
except:
_log.exception('activating timezone and keymap settings failed')
# same with root password
try:
tmp = fda.descend('remote_group')
if tmp.has_key('root_password1') and tmp.has_key('root_password2'):
pw1, pw2 = tmp['root_password1'], tmp['root_password2']
if (pw1 == '') and (pw2 == ''):
pass
elif (pw1 == None) and (pw2 == None):
pass
elif pw1 == pw2:
# change password; we assume it converts to ascii nicely
helpers.change_unix_password('root', str(pw1))
else:
# should not come here
_log.error('passwords differ after validation, ignoring')
except:
_log.exception('changing root password failed')
# activate new config
pd.activate_protocol_data()
# update initial config saved flag
pd.update_initial_config_saved()
#
# XXX: It would be cleaner if we could first stop the runner, then change the
# config, and then restart it. If we do that with a deferred, then it is possible
# that the user changes the config again before we have time to activate it.
# Putting the config into some sort of "staging area" might help. Currently we
# simply assume that runner stop (and start) are robust enough.
#
#
# XXX: If timezone has changed, we should re-render graphs immediately so they
# will have the correct timezone when status pages are loaded.
#
# ssl certificate - always rewrite here
try:
uihelpers.update_ssl_certificate_files()
# reread files; we don't regenerate because we never overwrite the self-signed
# certificate here
self.master.reread_ssl_files()
except:
_log.exception('ssl certificate check failed')
# stop, configure, start
followup = uihelpers.build_uri(ctx, 'status/main.html')
return uihelpers.reconfigure_and_restart_page(self.master, ctx, followup_uri=followup)
