def addclientconf():
"""新增服务配置项"""
s = request.environ.get('beaker.session')
authtype = request.forms.get("authtype")
idata=dict()
if authtype == '0' :
idata['cainfo'] = request.forms.get("cainfo").replace('\r\n','\n').strip()
idata['certinfo'] = request.forms.get("certinfo").replace('\r\n','\n').strip()
elif authtype == '1' :
idata['vpnuser'] = request.forms.get("vpnuser")
idata['vpnpass'] = request.forms.get("vpnpass")
elif authtype == '2' :
idata['service'] = 'off'
else :
msg = {'color':'green','message':u'验证类型错误,保存失败'}
return template('addvpncltconfig',session=s,msg=msg,info={})
idata['authtype'] = request.forms.get("authtype")
idata['ipaddr'] = request.forms.get("ipaddr")
idata['servport'] = request.forms.get("servport")
idata['tunid'] = 'tun1000'
idata['chkconn'] = request.forms.get("chkconn")
sql = " update sysattr set value=%s where attr='vpnclient' "
iidata=json.dumps(idata)
result = writeDb(sql,(iidata,))
if result == True :
msg = {'color':'green','message':u'配置保存成功'}
writeVPNconf(action='uptcltconf')
cmds.servboot('vpnconn')
writeUTMconf(action='uptconf')
return template('addvpncltconfig',session=s,msg=msg,info=idata)
def do_editdnsserv():
s = request.environ.get('beaker.session')
dnsrelay = request.forms.get("dnsrelay")
dnsproxy = request.forms.get("dnsproxy")
dnsrule = request.forms.get("dnsrule")
dnslist = request.forms.get("dnslist").replace('\r\n', '\n').strip()
idata = dict()
idata['dnsrelay'] = dnsrelay
idata['dnsproxy'] = dnsproxy
idata['dnsrule'] = dnsrule
idata['dnslist'] = dnslist
idata['dnsport'] = 53
dnsstatus = cmds.servchk(idata.get('dnsport'))
idata['dnsstatus'] = dnsstatus
sql = " update sysattr set value=%s where attr='dnsconf' "
iidata = json.dumps(idata)
result = writeDb(sql, (iidata, ))
if result == True:
writeDNSconf(action='uptconf')
writeROUTEconf(action='uptconf')
writeUTMconf(action='uptconf')
msg = {'color': 'green', 'message': '配置保存成功'}
return (template('editdnsserv', session=s, msg=msg, info=idata))
else:
msg = {'color': 'red', 'message': '配置保存失败'}
sql = " select value from sysattr where attr='dnsconf' "
idata = readDb(sql, )
return (template('editdnsserv', session=s, msg=msg, info=idata))
def do_editdnsserv():
s = request.environ.get('beaker.session')
dnsrelay = request.forms.get("dnsrelay")
dnsproxy = request.forms.get("dnsproxy")
dnsrule = request.forms.get("dnsrule")
dnslist = request.forms.get("dnslist").replace('\r\n','\n').strip()
idata = dict()
idata['dnsrelay']=dnsrelay
idata['dnsproxy']=dnsproxy
idata['dnsrule']=dnsrule
idata['dnslist']=dnslist
idata['dnsport']=53
dnsstatus=cmds.servchk(idata.get('dnsport'))
idata['dnsstatus']=dnsstatus
sql = " update sysattr set value=%s where attr='dnsconf' "
iidata=json.dumps(idata)
result = writeDb(sql,(iidata,))
if result == True :
writeDNSconf(action='uptconf')
writeROUTEconf(action='uptconf')
writeUTMconf(action='uptconf')
msg = {'color':'green','message':'配置保存成功'}
return(template('editdnsserv',session=s,msg=msg,info=idata))
else :
msg = {'color':'red','message':'配置保存失败'}
sql = " select value from sysattr where attr='dnsconf' "
idata = readDb(sql,)
return(template('editdnsserv',session=s,msg=msg,info=idata))
def do_addroute():
s = request.environ.get('beaker.session')
rttype = request.forms.get("rttype")
destaddr = request.forms.get("ipaddr")
netmask = request.forms.get("netmask")
gateway = request.forms.get("gateway")
gwiface = request.forms.get("gwiface")
# 格式判断
if netmod.checkip(destaddr) == False or netmod.checkmask(netmask) == False or netmod.checkip(gateway) == False :
msg = {'color':'red','message':u'地址不合法,添加失败'}
return(template('staticroute',msg=msg,session=s))
# 系统判断
if gwiface == 'auto':
resultA = cmds.getdictrst('route add -net %s netmask %s gw %s' % (destaddr,netmask,gateway))
else :
resultA = cmds.getdictrst('route add -net %s netmask %s gw %s dev %s' % (destaddr,netmask,gateway,gwiface))
if resultA.get('status') != 0 :
msg = {'color':'red','message':u'目标不可达或其他错误,添加失败'}
return(template('staticroute',msg=msg,session=s))
sql = "INSERT INTO sysroute(type,dest,netmask,gateway,iface,fromtype) VALUES(%s,%s,%s,%s,%s,%s)"
data = ('net',destaddr,netmask,gateway,gwiface,1)
result = writeDb(sql,data)
if result == True:
writeROUTEconf(action='uptconf')
writeUTMconf(action='uptconf')
msg = {'color':'green','message':u'添加成功'}
else:
msg = {'color':'red','message':u'添加失败'}
return(template('staticroute',msg=msg,session=s))
def do_addutmrule():
"""UTM配置 添加页"""
s = request.environ.get('beaker.session')
rulename = request.forms.get("rulename")
dstmatch = request.forms.get("dstmatch")
srcaddr = request.forms.get("srcaddr").replace('\r\n','\n').strip()
dstaddr = request.forms.get("dstaddr").replace('\r\n','\n').strip()
runaction = request.forms.get("runaction")
runobject = request.forms.get("runobject")
if runaction == 'SNAT':
runobject = request.forms.get("runobject")
if netmod.checkip(runobject) == False:
msg = {'color':'red','message':u'源地址转换不能填写非IP类型,添加失败'}
return template('natruleconf',session=s,msg=msg,info={})
else :
runobject = request.forms.get("runobject2")
sql = "insert into ruleconfnat(rulename,srcaddr,dstmatch,dstaddr,runaction,runobject) VALUES(%s,%s,%s,%s,%s,%s)"
data = (rulename,srcaddr,dstmatch,dstaddr,runaction,runobject)
alladdr=srcaddr.split('\n')+dstaddr.split('\n')
for ipmask in alladdr :
if netmod.checkipmask(ipmask) == False and ipmask != '':
msg = {'color':'red','message':u'源地址或目标地址格式错误,添加失败'}
return(template('natruleconf',msg=msg,session=s))
result = writeDb(sql,data)
if result == True:
msg = {'color':'green','message':u'添加成功'}
writeUTMconf(action='addconf')
return template('natruleconf',session=s,msg=msg,info={})
def do_addservconf():
"""新增服务配置项"""
s = request.environ.get('beaker.session')
authtype = request.forms.get("authtype")
ipaddr = request.forms.get("ipaddr")
servport = request.forms.get("servport")
virip = request.forms.get("virip")
virmask = request.forms.get("virmask")
maxclient = request.forms.get("maxclient")
maxuser = request.forms.get("maxuser")
authtimeout = request.forms.get("authtimeout")
authnum = request.forms.get("authnum")
locktime = request.forms.get("locktime")
comp = request.forms.get("comp")
cisco = request.forms.get("cisco")
if netmod.checkip(virip) == False or netmod.checkmask(virmask) == False :
msg = {'color':'red','message':u'虚拟地址填写不合法,保存失败'}
return template('vpnservconf',session=s,msg=msg,info={})
sql = " INSERT INTO vpnservconf(servmode,authtype,ipaddr,servport,virip,virmask,maxclient,maxuser,authtimeout,authnum,locktime,comp,cisco) values ('server',%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s)"
data = (authtype,ipaddr,servport,virip,virmask,maxclient,maxuser,authtimeout,authnum,locktime,comp,cisco)
result = writeDb(sql,data)
if result == True :
writeVPNconf(action='addconf')
cmds.servboot('ocserv')
writeUTMconf(action='uptconf')
msg = {'color':'green','message':u'配置保存成功'}
return template('vpnservconf',session=s,msg=msg,info={})
def editpolicy(id):
"""修改策略"""
s = request.environ.get('beaker.session')
name = request.forms.get("name")
pushdns = request.forms.get("pushdns").replace('\r\n','\n').strip()
pushroute = request.forms.get("pushroute").replace('\r\n','\n').strip()
pushnoroute = request.forms.get("pushnoroute").replace('\r\n','\n').strip()
allipmask = pushroute.split('\n')+pushnoroute.split('\n')
# 内容检测
for ip in pushdns.split('\n') :
if netmod.checkip(ip) == False and ip != '':
msg = {'color':'red','message':u'DNS内容检测错误,更新失败'}
return(template('policyconf',session=s,msg=msg,info={}))
for ipmask in allipmask :
if netmod.checkipmask(ipmask) == False and ipmask != '' :
msg = {'color':'red','message':u'路由内容检测错误,更新失败'}
return(template('policyconf',session=s,msg=msg,info={}))
sql = "UPDATE vpnpolicy set name=%s,pushdns=%s,pushroute=%s,pushnoroute=%s where id=%s"
data=(name,pushdns,pushroute,pushnoroute,id)
result = writeDb(sql,data)
if result == True:
writeVPNconf(action='uptgroup')
writeUTMconf(action='addconf')
msg = {'color':'green','message':u'更新成功'}
return(template('policyconf',session=s,msg=msg,info={}))
else:
msg = {'color':'red','message':u'更新失败'}
return(template('policyconf',session=s,msg=msg,info={}))
def deliface(id):
s = request.environ.get('beaker.session')
sql = " DELETE FROM netiface WHERE id=%s "
sql2 = " select ifacename FROM netiface WHERE id=%s "
ifacename = readDb(sql2, (id, ))
result = writeDb(sql, (id, ))
if result == True:
writeNIconf(action='uptconf')
cmds.servboot('networks', action='uptconf')
writeUTMconf(action='uptconf')
msg = {'color': 'green', 'message': u'删除成功'}
cmds.gettuplerst('ip addr flush dev %s' %
ifacename[0].get('ifacename'))
#如果是PPP类型接口,停用ADSL
cmds.gettuplerst('ip link set %s down' % ifacename[0].get('ifacename'))
cmds.gettuplerst(
'ps aux|grep -e \'xdsl.*%s\'|grep -v grep|awk \'{print $2}\' |xargs -i kill -9 {}'
% id)
#恢复绑定
sql2 = "update sysattr set status='1' where attr=%s"
writeDb(sql2, (ifacename[0].get('ifacename'), ))
return template('networkconf', session=s, msg=msg)
else:
msg = {'color': 'red', 'message': u'删除失败'}
return template('networkconf', session=s, msg=msg)
def do_addpolicy():
"""POST"""
s = request.environ.get('beaker.session')
name = request.forms.get("name")
pushdns = request.forms.get("pushdns").replace('\r\n','\n').strip()
pushroute = request.forms.get("pushroute").replace('\r\n','\n').strip()
pushnoroute = request.forms.get("pushnoroute").replace('\r\n','\n').strip()
allipmask = pushroute.split('\n')+pushnoroute.split('\n')
for ip in pushdns.split('\n') :
if netmod.checkip(ip) == False and ip != '':
msg = {'color':'red','message':u'DNS内容检测错误,更新失败'}
return(template('policyconf',session=s,msg=msg,info={}))
for ipmask in allipmask :
if netmod.checkipmask(ipmask) == False and ipmask != '':
msg = {'color':'red','message':u'路由内容检测错误,更新失败'}
return(template('policyconf',session=s,msg=msg,info={}))
sql = "INSERT INTO vpnpolicy(name,pushdns,pushroute,pushnoroute) VALUES(%s,%s,%s,%s)"
data=(name,pushdns,pushroute,pushnoroute)
result = writeDb(sql,data)
if result == True:
writeVPNconf(action='uptgroup')
writeUTMconf(action='addconf')
msg = {'color':'green','message':u'添加成功'}
return(template('policyconf',session=s,msg=msg,info={}))
else:
msg = {'color':'red','message':u'添加失败'}
return(template('policyconf',session=s,msg=msg,info={}))
def do_editutmrule(id):
"""UTM配置 更新页"""
s = request.environ.get('beaker.session')
rulename = request.forms.get("rulename")
dstmatch = request.forms.get("dstmatch")
srcaddr = request.forms.get("srcaddr").replace('\r\n','\n').strip()
dstaddr = request.forms.get("dstaddr").replace('\r\n','\n').strip()
runaction = request.forms.get("runaction")
runobject = request.forms.get("runobject")
if runaction == 'SNAT':
runobject = request.forms.get("runobject")
if netmod.checkip(runobject) == False:
msg = {'color':'red','message':u'源地址转换不能填写非IP类型,添加失败'}
return template('natruleconf',session=s,msg=msg,info={})
else :
runobject = request.forms.get("runobject2")
sql = "update ruleconfnat set rulename=%s,srcaddr=%s,dstmatch=%s,dstaddr=%s,runaction=%s,runobject=%s where id=%s"
data = (rulename,srcaddr,dstmatch,dstaddr,runaction,runobject,id)
alladdr=srcaddr.split('\n')+dstaddr.split('\n')
for ipmask in alladdr :
if netmod.checkipmask(ipmask) == False and ipmask != '':
msg = {'color':'red','message':u'源地址或目标地址格式错误,添加失败'}
return(template('natruleconf',msg=msg,session=s))
result = writeDb(sql,data)
if result == True:
writeUTMconf(action='uptconf')
msg = {'color':'green','message':u'更新成功'}
return template('natruleconf',session=s,msg=msg,info={})
def do_editadvroute(id):
s = request.environ.get('beaker.session')
rulename = request.forms.get("rulename")
srcaddr = request.forms.get("srcaddr").replace('\r\n','\n').strip()
destaddr = request.forms.get("destaddr").replace('\r\n','\n').strip()
pronum = request.forms.get("pronum")
outdev = request.forms.get("ifacename")
alladdr=srcaddr.split('\n')+destaddr.split('\n')
#提交判断
if outdev == '' or rulename == '':
msg = {'color':'red','message':u'描述或出口未填写,添加失败'}
return(template('advroute',msg=msg,session=s))
if int(pronum) <0 or int(pronum) >32765 :
msg = {'color':'red','message':u'优先级值填写错误,添加失败'}
return(template('advroute',msg=msg,session=s))
for ipmask in alladdr :
if netmod.checkipmask(ipmask) == False and ipmask != '':
msg = {'color':'red','message':u'地址格式错误(%s),添加失败' % ipmask}
return(template('advroute',msg=msg,session=s))
cmdDict=cmds.getdictrst('ip rule add prio %s fwmark 1000%s dev %s' % (pronum,id,outdev))
if cmdDict.get('status') == 0:
sql = """ UPDATE sysrouteadv SET rulename=%s,srcaddr=%s,destaddr=%s,pronum=%s,iface=%s WHERE id=%s """
data = (rulename,srcaddr,destaddr,int(pronum),outdev,id)
result = writeDb(sql,data)
if result :
writeROUTEconf(action='uptconf')
writeUTMconf(action='uptconf')
msg = {'color':'green','message':u'更新成功'}
else :
msg = {'color':'red','message':u'更新失败'}
else:
msg = {'color':'red','message':u'系统规则生成异常,添加失败'}
return(template('advroute',msg=msg,session=s))
def do_additem():
s = request.environ.get('beaker.session')
ifacename = request.forms.get("ifacename")
ifacetype = request.forms.get("ifacetype")
ipaddr = request.forms.get("ipaddr")
netmask = request.forms.get("netmask")
gateway = request.forms.get("gateway")
defaultgw = request.forms.get("defaultgw")
extip = request.forms.get("extip").replace('\r\n','\n')
# 判断填写网关和没有填写网关的情况
if ipaddr == '' or netmask == '' :
msg = {'color':'red','message':u'地址不合法,添加失败'}
return(template('networkconf',session=s,msg=msg))
if gateway != '' :
if netmod.checkip(ipaddr) == False or netmod.checkmask(netmask) == False or netmod.checkip(gateway) == False or netmod.checknet(gateway,ipaddr,netmask) == False :
msg = {'color':'red','message':u'地址不合法,添加失败'}
return(template('networkconf',session=s,msg=msg))
else :
if netmod.checkip(ipaddr) == False or netmod.checkmask(netmask) == False :
msg = {'color':'red','message':u'地址不合法,添加失败'}
return(template('networkconf',session=s,msg=msg))
for extlist in extip.split('\n'):
if len(extlist.split('/')) == 3:
extsip=extlist.split('/')[0]
extmask=extlist.split('/')[1]
extgw=extlist.split('/')[2]
if netmod.checkip(extsip) == False or netmod.checkmask(extmask) == False or netmod.checkip(extgw) == False or netmod.checknet(extgw,extsip,extmask) == False :
msg = {'color':'red','message':u'扩展IP地址不合法,更新失败'}
return(template('networkconf',session=s,msg=msg))
elif len(extlist.split('/')) == 2:
extsip=extlist.split('/')[0]
extmask=extlist.split('/')[1]
if netmod.checkip(extsip) == False or netmod.checkmask(extmask) == False :
msg = {'color':'red','message':u'扩展IP地址不合法,更新失败'}
return(template('networkconf',session=s,msg=msg))
elif extlist == u'':
True
else :
msg = {'color':'red','message':u'扩展IP地址不合法,更新失败'}
return(template('networkconf',session=s,msg=msg))
if ifacename == u'' :
msg = {'color':'red','message':u'物理接口未选择,添加失败'}
return(template('networkconf',session=s,msg=msg))
sql = "INSERT INTO netiface (ifacename,ifacetype,ipaddr,netmask,gateway,defaultgw,extip) VALUES (%s,%s,%s,%s,%s,%s,%s)"
data = (ifacename,ifacetype,ipaddr,netmask,gateway,defaultgw,extip)
result = writeDb(sql,data)
if result == True:
writeNIconf(action='uptconf')
cmds.servboot('networks',action='uptconf')
writeUTMconf(action='uptconf')
msg = {'color':'green','message':u'添加成功'}
#已绑定的网卡禁止再次绑定
sql2 = """ update sysattr set status="0" where attr=%s """
writeDb(sql2,(ifacename,))
return template('networkconf',session=s,msg=msg)
def do_additem():
s = request.environ.get('beaker.session')
ifacename = request.forms.get("ifacename")
ifacetype = request.forms.get("ifacetype")
ipaddr = request.forms.get("ipaddr")
netmask = request.forms.get("netmask")
gateway = request.forms.get("gateway")
defaultgw = request.forms.get("defaultgw")
extip = request.forms.get("extip").replace('\r\n','\n')
# 判断填写网关和没有填写网关的情况
if ipaddr == '' or netmask == '' :
msg = {'color':'red','message':u'地址不合法,添加失败'}
return(template('networkconf',session=s,msg=msg))
if gateway != '' :
if netmod.checkip(ipaddr) == False or netmod.checkmask(netmask) == False or netmod.checkip(gateway) == False or netmod.checknet(gateway,ipaddr,netmask) == False :
msg = {'color':'red','message':u'地址不合法,添加失败'}
return(template('networkconf',session=s,msg=msg))
else :
if netmod.checkip(ipaddr) == False or netmod.checkmask(netmask) == False :
msg = {'color':'red','message':u'地址不合法,添加失败'}
return(template('networkconf',session=s,msg=msg))
for extlist in extip.split('\n'):
if len(extlist.split('/')) == 3:
extsip=extlist.split('/')[0]
extmask=extlist.split('/')[1]
extgw=extlist.split('/')[2]
if netmod.checkip(extsip) == False or netmod.checkmask(extmask) == False or netmod.checkip(extgw) == False or netmod.checknet(extgw,extsip,extmask) == False :
msg = {'color':'red','message':u'扩展IP地址不合法,更新失败'}
return(template('networkconf',session=s,msg=msg))
elif len(extlist.split('/')) == 2:
extsip=extlist.split('/')[0]
extmask=extlist.split('/')[1]
if netmod.checkip(extsip) == False or netmod.checkmask(extmask) == False :
msg = {'color':'red','message':u'扩展IP地址不合法,更新失败'}
return(template('networkconf',session=s,msg=msg))
elif extlist == u'':
True
else :
msg = {'color':'red','message':u'扩展IP地址不合法,更新失败'}
return(template('networkconf',session=s,msg=msg))
if ifacename == u'' :
msg = {'color':'red','message':u'物理接口未选择,添加失败'}
return(template('networkconf',session=s,msg=msg))
sql = "INSERT INTO netiface (ifacename,ifacetype,ipaddr,netmask,gateway,defaultgw,extip) VALUES (%s,%s,%s,%s,%s,%s,%s)"
data = (ifacename,ifacetype,ipaddr,netmask,gateway,defaultgw,extip)
result = writeDb(sql,data)
if result == True:
writeNIconf(action='uptconf')
cmds.servboot('networks',action='uptconf')
writeUTMconf(action='uptconf')
msg = {'color':'green','message':u'添加成功'}
#已绑定的网卡禁止再次绑定
sql2 = """ update sysattr set status="0" where attr=%s """
writeDb(sql2,(ifacename,))
return template('networkconf',session=s,msg=msg)
def do_editiface(id):
s = request.environ.get('beaker.session')
ifacename = request.forms.get("ifacename")
ifacetype = request.forms.get("ifacetype")
ipaddr = request.forms.get("ipaddr")
netmask = request.forms.get("netmask")
gateway = request.forms.get("gateway")
defaultgw = request.forms.get("defaultgw")
extip = request.forms.get("extip").replace('\r\n', '\n')
# 判断提交异常
if ipaddr == '' or netmask == '' :
msg = {'color':'red','message':u'地址不合法,添加失败1'}
return(template('networkconf',session=s,msg=msg))
if gateway != '' :
if netmod.checkipmask('%s/%s' % (ipaddr,netmask)) == False or netmod.checknet(gateway,ipaddr,netmask) == False :
msg = {'color':'red','message':u'地址不合法,添加失败%s,%s,%s' % (gateway,ipaddr,netmask)}
return(template('networkconf',session=s,msg=msg))
else :
if netmod.checkip(ipaddr) == False or netmod.checkmask(netmask) == False :
msg = {'color':'red','message':u'地址不合法,添加失败3'}
return(template('networkconf',session=s,msg=msg))
for extlist in extip.split('\n'):
if len(extlist.split('/')) == 3:
extsip=extlist.split('/')[0]
extmask=extlist.split('/')[1]
extgw=extlist.split('/')[2]
if netmod.checkip(extsip) == False or netmod.checkmask(extmask) == False or netmod.checkip(extgw) == False or netmod.checknet(extgw,extsip,extmask) == False :
msg = {'color':'red','message':u'扩展IP地址不合法,更新失败'}
return(template('networkconf',session=s,msg=msg))
elif len(extlist.split('/')) == 2:
extsip=extlist.split('/')[0]
extmask=extlist.split('/')[1]
if netmod.checkip(extsip) == False or netmod.checkmask(extmask) == False :
msg = {'color':'red','message':u'扩展IP地址不合法,更新失败'}
return(template('networkconf',session=s,msg=msg))
elif extlist == u'':
True
else :
msg = {'color':'red','message':u'扩展IP地址不合法,更新失败'}
return(template('networkconf',session=s,msg=msg))
if ifacename == u'' :
msg = {'color':'red','message':u'物理接口未选择,更新失败'}
return(template('addinterface',session=s,msg=msg))
sql = "UPDATE netiface SET ifacename=%s,ifacetype=%s,ipaddr=%s,netmask=%s,gateway=%s,defaultgw=%s,extip=%s WHERE id=%s"
data = (ifacename,ifacetype,ipaddr,netmask,gateway,defaultgw,extip,id)
result = writeDb(sql,data)
if result == True:
writeNIconf(action='uptconf')
cmds.servboot('networks',action='uptconf')
writeUTMconf(action='uptconf')
msg = {'color':'green','message':u'更新成功'}
return template('networkconf',session=s,msg=msg)
def do_editiface(id):
s = request.environ.get('beaker.session')
ifacename = request.forms.get("ifacename")
ifacetype = request.forms.get("ifacetype")
ipaddr = request.forms.get("ipaddr")
netmask = request.forms.get("netmask")
gateway = request.forms.get("gateway")
defaultgw = request.forms.get("defaultgw")
extip = request.forms.get("extip").replace('\r\n', '\n')
# 判断提交异常
if ipaddr == '' or netmask == '' :
msg = {'color':'red','message':u'地址不合法,添加失败1'}
return(template('networkconf',session=s,msg=msg))
if gateway != '' :
if netmod.checkipmask('%s/%s' % (ipaddr,netmask)) == False or netmod.checknet(gateway,ipaddr,netmask) == False :
msg = {'color':'red','message':u'地址不合法,添加失败%s,%s,%s' % (gateway,ipaddr,netmask)}
return(template('networkconf',session=s,msg=msg))
else :
if netmod.checkip(ipaddr) == False or netmod.checkmask(netmask) == False :
msg = {'color':'red','message':u'地址不合法,添加失败3'}
return(template('networkconf',session=s,msg=msg))
for extlist in extip.split('\n'):
if len(extlist.split('/')) == 3:
extsip=extlist.split('/')[0]
extmask=extlist.split('/')[1]
extgw=extlist.split('/')[2]
if netmod.checkip(extsip) == False or netmod.checkmask(extmask) == False or netmod.checkip(extgw) == False or netmod.checknet(extgw,extsip,extmask) == False :
msg = {'color':'red','message':u'扩展IP地址不合法,更新失败'}
return(template('networkconf',session=s,msg=msg))
elif len(extlist.split('/')) == 2:
extsip=extlist.split('/')[0]
extmask=extlist.split('/')[1]
if netmod.checkip(extsip) == False or netmod.checkmask(extmask) == False :
msg = {'color':'red','message':u'扩展IP地址不合法,更新失败'}
return(template('networkconf',session=s,msg=msg))
elif extlist == u'':
True
else :
msg = {'color':'red','message':u'扩展IP地址不合法,更新失败'}
return(template('networkconf',session=s,msg=msg))
if ifacename == u'' :
msg = {'color':'red','message':u'物理接口未选择,更新失败'}
return(template('addinterface',session=s,msg=msg))
sql = "UPDATE netiface SET ifacename=%s,ifacetype=%s,ipaddr=%s,netmask=%s,gateway=%s,defaultgw=%s,extip=%s WHERE id=%s"
data = (ifacename,ifacetype,ipaddr,netmask,gateway,defaultgw,extip,id)
result = writeDb(sql,data)
if result == True:
writeNIconf(action='uptconf')
cmds.servboot('networks',action='uptconf')
writeUTMconf(action='uptconf')
msg = {'color':'green','message':u'更新成功'}
return template('networkconf',session=s,msg=msg)
def delvpnservconf(id):
s = request.environ.get('beaker.session')
sql = " DELETE FROM ruleconfnat WHERE id=%s "
result = writeDb(sql,(id,))
if result == True :
writeUTMconf(action='uptconf')
msg = {'color':'green','message':u'删除成功'}
return template('natruleconf',session=s,msg=msg)
else:
msg = {'color':'red','message':u'删除失败'}
return template('natruleconf',session=s,msg=msg)
def delvpnservconf(id):
s = request.environ.get('beaker.session')
sql = " DELETE FROM vpnservconf WHERE id=%s "
result = writeDb(sql,(id,))
if result == True :
msg = {'color':'green','message':u'删除成功'}
cmds.gettuplerst('/bin/rm -rf %s/ocserv/ocserv_*_%s.conf' % (gl.get_value('plgdir'),id))
cmds.servboot('ocserv')
writeUTMconf(action='uptconf')
return template('vpnservconf',session=s,msg=msg)
else:
msg = {'color':'red','message':u'删除失败'}
return template('vpnservconf',session=s,msg=msg)
def delpolicy(id):
"""删除策略"""
s = request.environ.get('beaker.session')
sql = "select username from user where policy=%s "
chkdata = readDb(sql,(id,))
if len(chkdata) > 0 :
msg = {'color':'red','message':u'删除失败,该策略已被关联无法删除'}
return(template('policyconf',session=s,msg=msg,info={}))
sql = "delete from vpnpolicy where id in (%s) "
result = writeDb(sql,(id,))
if result:
writeVPNconf(action='uptgroup')
writeUTMconf(action='uptconf')
msg = {'color':'green','message':u'删除成功'}
return(template('policyconf',session=s,msg=msg,info={}))
else:
msg = {'color':'red','message':u'删除失败'}
return(template('policyconf',session=s,msg=msg,info={}))
def deliface(stype,id):
s = request.environ.get('beaker.session')
if stype == 'sys' or stype == 'static' :
sqlquery = " select dest,netmask,gateway FROM sysroute WHERE id=%s "
sql = " DELETE FROM sysroute WHERE id=%s "
else:
sqlquery = " select srcaddr,destaddr,pronum,iface as outdev FROM sysrouteadv WHERE id=%s "
sql = " DELETE FROM sysrouteadv WHERE id=%s "
resultA = readDb(sqlquery,(id,))
# 判断删除入口并返回到指定界面
if stype == 'sys':
tpl = 'routeconf'
elif stype == 'static':
tpl = 'staticroute'
elif stype == 'adv':
tpl = 'advroute'
# 判断提交的指令
result = writeDb(sql,(id,))
if result == True:
if stype == 'adv':
try:
if resultA[0].get('srcaddr') == '' and resultA[0].get('destaddr') != '':
cmds.getdictrst('ip rule del prio %s to %s' % (resultA[0].get('pronum'),resultA[0].get('destaddr')))
elif resultA[0].get('destaddr') == '' and resultA[0].get('srcaddr') != '':
cmds.getdictrst('ip rule del prio %s from %s dev %s' % (resultA[0].get('pronum'),resultA[0].get('srcaddr')))
elif resultA[0].get('destaddr') == '' and resultA[0].get('srcaddr') == '':
cmds.getdictrst('ip rule del prio %s dev %s' % (resultA[0].get('pronum'),resultA[0].get('outdev')))
else:
cmds.getdictrst('ip rule del prio %s from %s to %s' % (resultA[0].get('pronum'),resultA[0].get('srcaddr'),resultA[0].get('destaddr')))
msg = {'color':'green','message':u'删除成功'}
return template(tpl,session=s,msg=msg)
except:
msg = {'color':'green','message':u'删除成功'}
return template(tpl,session=s,msg=msg)
else:
cmds.getdictrst('route del -net %s netmask %s gw %s' % (resultA[0].get('dest'),resultA[0].get('netmask'),resultA[0].get('gateway')))
writeROUTEconf(action='uptconf')
writeUTMconf(action='uptconf')
msg = {'color':'green','message':u'删除成功'}
return template(tpl,session=s,msg=msg)
else:
msg = {'color':'red','message':u'删除失败'}
return template(tpl,session=s,msg=msg)
def deliface(id):
s = request.environ.get('beaker.session')
sql = " DELETE FROM netiface WHERE id=%s "
sql2 = " select ifacename FROM netiface WHERE id=%s "
ifacename = readDb(sql2,(id,))
result = writeDb(sql,(id,))
if result == True :
writeNIconf(action='uptconf')
cmds.servboot('networks',action='uptconf')
writeUTMconf(action='uptconf')
msg = {'color':'green','message':u'删除成功'}
cmds.gettuplerst('ip addr flush dev %s' % ifacename[0].get('ifacename'))
#恢复绑定
sql2 = "update sysattr set status='1' where attr=%s"
writeDb(sql2,(ifacename[0].get('ifacename'),))
return template('networkconf',session=s,msg=msg)
else:
msg = {'color':'red','message':u'删除失败'}
return template('networkconf',session=s,msg=msg)
def deliface(id):
s = request.environ.get('beaker.session')
sql = " DELETE FROM netiface WHERE id=%s "
sql2 = " select ifacename FROM netiface WHERE id=%s "
ifacename = readDb(sql2,(id,))
result = writeDb(sql,(id,))
if result == True :
writeNIconf(action='uptconf')
cmds.servboot('networks',action='uptconf')
writeUTMconf(action='uptconf')
msg = {'color':'green','message':u'删除成功'}
cmds.gettuplerst('ip addr flush dev %s' % ifacename[0].get('ifacename'))
#恢复绑定
sql2 = "update sysattr set status='1' where attr=%s"
writeDb(sql2,(ifacename[0].get('ifacename'),))
return template('networkconf',session=s,msg=msg)
else:
msg = {'color':'red','message':u'删除失败'}
return template('networkconf',session=s,msg=msg)
def do_editutmrule(id):
"""UTM配置 更新页"""
s = request.environ.get('beaker.session')
rulename = request.forms.get("rulename")
pronum = request.forms.get("pronum")
actzone = request.forms.get("actzone")
srcaddr = request.forms.get("srcaddr").replace('\r\n','\n').strip()
dstaddr = request.forms.get("dstaddr").replace('\r\n','\n').strip()
sproto = request.forms.get("sproto")
sport = request.forms.get("sport")
dproto = request.forms.get("dproto")
dport = request.forms.get("dport")
runaction = request.forms.get("runaction")
sql = "update ruleconfutm set rulename=%s,pronum=%s,actzone=%s,srcaddr=%s,dstaddr=%s,sproto=%s,sport=%s,dproto=%s,dport=%s,runaction=%s where id=%s"
data = (rulename,pronum,actzone,srcaddr,dstaddr,sproto,sport,dproto,dport,runaction,id)
if not (rulename and pronum):
msg = {'color':'red','message':u'规则名称或优先级未填写,添加失败'}
return template('utmruleconf',session=s,msg=msg,info={})
alladdr=srcaddr.split('\n')+dstaddr.split('\n')
for ipmask in alladdr :
if netmod.checkipmask(ipmask) == False and ipmask != '':
msg = {'color':'red','message':u'源地址或目标地址格式错误,添加失败'}
return(template('utmruleconf',msg=msg,session=s))
if len(sport.split(',')) > 10 or len(dport.split(',')) > 10 :
msg = {'color':'red','message':u'端口组总数量超过最大值10,添加失败'}
return(template('utmruleconf',msg=msg,session=s))
allport = sport.split(',')+dport.split(',')
for port in allport :
if ':' in port:
if len(port.split(':')) != 2 or port.split(':')[0] >= port.split(':')[1]:
msg = {'color':'red','message':u'连续端口格式错误,添加失败'}
return(template('utmruleconf',msg=msg,session=s))
else :
if netmod.is_port(port) == False and port != '' :
msg = {'color':'red','message':u'源端口或目标端口格式错误,添加失败'}
return(template('utmruleconf',msg=msg,session=s))
result = writeDb(sql,data)
if result == True:
msg = {'color':'green','message':u'更新成功'}
writeUTMconf(action='addconf')
return template('utmruleconf',session=s,msg=msg,info={})
def do_editvpnservconf(id):
"""修改提交服务配置项"""
s = request.environ.get('beaker.session')
authtype = request.forms.get("authtype")
ipaddr = request.forms.get("ipaddr")
servport = request.forms.get("servport")
virip = request.forms.get("virip")
virmask = request.forms.get("virmask")
maxclient = request.forms.get("maxclient")
maxuser = request.forms.get("maxuser")
authtimeout = request.forms.get("authtimeout")
authnum = request.forms.get("authnum")
locktime = request.forms.get("locktime")
comp = request.forms.get("comp")
cisco = request.forms.get("cisco")
if netmod.checkip(virip) == False or netmod.checkmask(virmask) == False :
msg = {'color':'red','message':u'虚拟地址填写不合法,保存失败'}
return template('vpnservconf',session=s,msg=msg,info={})
if servport.isdigit() == False or maxclient.isdigit() == False or maxuser.isdigit() == False or authtimeout.isdigit() == False or authnum.isdigit() == False or locktime.isdigit() == False:
msg = {'color':'red','message':u'填写不合法,保存失败'}
return template('vpnservconf',session=s,msg=msg,info={})
if int(servport) < 0 or int(servport) > 65535 :
msg = {'color':'red','message':u'端口配置错误,保存失败'}
return template('vpnservconf',session=s,msg=msg,info={})
if netmod.checkip(ipaddr) == True or ipaddr == '*' :
True
else:
msg = {'color':'red','message':u'监听信息填写错误,保存失败'}
return template('vpnservconf',session=s,msg=msg,info={})
sql = " UPDATE vpnservconf set authtype=%s,ipaddr=%s,servport=%s,virip=%s,virmask=%s,maxclient=%s,maxuser=%s,authtimeout=%s,authnum=%s,locktime=%s,comp=%s,cisco=%s WHERE id=%s"
data = (authtype,ipaddr,servport,virip,virmask,maxclient,maxuser,authtimeout,authnum,locktime,comp,cisco,id)
result = writeDb(sql,data)
if result == True :
writeVPNconf(action='uptconf')
cmds.servboot('ocserv')
writeUTMconf(action='uptconf')
return template('vpnservconf',session=s,info={},msg={})
