Beispiel #1
0
    def stop(self):
        try:
            with open(self.PID_FILE) as f:
                pid = f.readline().rstrip()
        except IOError:
            # It is not started
            return
        runCommandAsRoot(self, ['/bin/kill', '-9', pid])
        runCommandAsRoot(self, ['/bin/rm', self.PID_FILE])

        self.info('OpenVPN server stopped.')
Beispiel #2
0
def sysctlSet(logger, key, value):
    command = [SYSCTL, u"-n", u"-q", u"-w", u"%s=%s" % (key, value)]
    process, code = runCommandAsRoot(logger, command)
    if code != 0:
        raise RulesetError(
            tr("sysctl error: unable to set %s value to %s! (exit code %s)"),
            key, value, code)
Beispiel #3
0
def iptablesSave(logger, ipv6):
    """
    Save current iptables rules into a file.
    Return the filename of the saved rules.
    Raise an IptablesError on error.
    """
    if ipv6:
        filename = 'old_rules_ipv6'
        address_type = "IPv6"
    else:
        filename = 'old_rules_ipv4'
        address_type = "IPv4"
    filename = path_join(RULESET_DIR, filename)
    logger.warning("Save %s iptables rules to %s" % (address_type, filename))
    if ipv6:
        command_str = IP6TABLES_SAVE
    else:
        command_str = IPTABLES_SAVE
    command = (command_str,)
    with open(filename, 'w') as rules:
        process, code = runCommandAsRoot(logger, command, timeout=22.5, stdout=rules)
    if code != 0:
        raise IptablesError(tr("%s command exited with code %s!"), command_str, code)
    size = getsize(filename)
    if not size:
        raise IptablesError(tr("%s command output is empty!"), command_str)
    return filename
Beispiel #4
0
def loadKernelModules(logger, ipv6):
    """
    Load kernel modules required to use iptables-save and ip6tables-save.
    Do not raise an error if the module loading fails.
    """
    if ipv6:
        proc_filename = '/proc/net/ip6_tables_names'
        module_name = 'ip6table_filter'
    else:
        proc_filename = '/proc/net/ip_tables_names'
        module_name = 'iptable_filter'
    if not exists(proc_filename):
        # Ignore exit code
        runCommandAsRoot(logger, [MODPROBE, module_name], 15.0)
    else:
        logger.info("Don't load kernel module %s: %s is present"
            % (module_name, proc_filename))
Beispiel #5
0
    def start(self):
        self.stop()
        self.writeConfig()

        p, code = runCommandAsRoot(self, ['/usr/sbin/openvpn',
                                          '--cd', self.root_path,
                                          '--config', self.CONFIG_FILE,
                                          '--writepid', self.PID_FILE])
        if code != 0:
            raise OpenVPNError('Unable to startup OpenVPN!')

        self.info('OpenVPN server started.')
Beispiel #6
0
def iptablesRestore(logger, filename, ipv6, check_error=True):
    if ipv6:
        logger.warning("Load IPv6 iptables rules from %s" % filename)
    else:
        logger.warning("Load IPv4 iptables rules from %s" % filename)
    if ipv6:
        command = IP6TABLES_RESTORE
    else:
        command = IPTABLES_RESTORE
    process, code = runCommandAsRoot(logger, [command], 90.0, stdin_filename=filename, stderr=PIPE)
    if code == 0:
        return

    # error!
    message, line_number = searchErrorLine(process.stderr)
    iptables = None
    if line_number is not None:
        with open(filename) as rules:
            for index, line in enumerate(rules):
                if (1+index) != line_number:
                    continue
                iptables = line.rstrip()
                break
    command_str = command
    if check_error:
        if iptables:
            raise IptablesError(tr("%s command error on iptables rule (line %s):\n%s"),
                command_str, line_number, repr(iptables))
        else:
            raise IptablesError(tr("%s command exited with code %s: %s"),
                command_str, code, message)
    else:
        if iptables:
            logger.warning("%s command error on iptables rule (line %s):"
                % (command_str, line_number))
            logger.warning(repr(iptables))
        else:
            logger.warning("%s command exited with code %s: %s"
                % (command_str, code, message))