def save_firewall_data(self, ctx, form, data): def _save_port_forward_to_rdf(rdf_node, fda): rdf_node.setS(ns_ui.protocol, rdf.String, fda['new_fw_protocol']) uidatahelpers.save_optional_field_to_rdf(rdf_node, ns_ui.incomingPort, rdf.Integer, fda, 'new_fw_port_in') rdf_node.setS(ns_ui.ipAddress, rdf.IPv4Address, fda['new_fw_ip_out']) uidatahelpers.save_optional_field_to_rdf(rdf_node, ns_ui.destinationPort, rdf.Integer, fda, 'new_fw_port_out') ui_root = helpers.get_new_ui_config() fw_fda = formalutils.FormDataAccessor(form, ['firewall'], ctx) ui_root.setS(ns_ui.firewallInUse, rdf.Boolean, fw_fda['firewall_in_use']) # XXX: separate function pf_fda = formalutils.FormDataAccessor(form, ['port_forwards'], ctx) uidatahelpers.save_dynamic_list_to_rdf(ui_root, ns_ui.portForwards, ns_ui.PortForward, pf_fda, _save_port_forward_to_rdf)
def save_routes_data(self, ctx, form, data): def _save_additional_route_to_rdf(rdf_node, fda): uidatahelpers.create_rdf_route(rdf_node, fda['subnet'], fda['network_connection'], fda['gateway'], ns_ui.route) def _save_ppp_firewall_rule_to_rdf(rdf_node, fda): if isinstance(fda['ip_subnet'], datatypes.IPv4Address): rdf_node.setS(ns_ui.ipAddress, rdf.IPv4Address, fda['ip_subnet']) elif isinstance(fda['ip_subnet'], datatypes.IPv4Subnet): rdf_node.setS(ns_ui.subnet, rdf.IPv4Subnet, fda['ip_subnet']) else: raise uidatahelpers.FormDataError('Firewall rule IP/subnet is neither IPv4Address nor IPv4Subnet') if fda['protocol'] == 'any': pass else: rdf_node.setS(ns_ui.protocol, rdf.String, fda['protocol']) uidatahelpers.save_optional_field_to_rdf(rdf_node, ns_ui.port, rdf.Integer, fda, 'port') rdf_node.setS(ns_ui.action, rdf.String, fda['action']) toplevel_fda = formalutils.FormDataAccessor(form, [], ctx) ui_root = helpers.get_new_ui_config() # Default route droute_fda = toplevel_fda.descend('dr_group') uidatahelpers.create_rdf_route(ui_root, None, droute_fda['network_connection'], droute_fda['gateway'], ns_ui.defaultRoute) # Additional routes add_route_fda = toplevel_fda.descend('ar_group') uidatahelpers.save_dynamic_list_to_rdf(ui_root, ns_ui.routes, ns_ui.Route, add_route_fda, _save_additional_route_to_rdf) # Source routing (forced routing) source_fda = toplevel_fda.descend('sr_group') if source_fda['source_routing_selection'] == 'off': ui_root.removeNodes(ns_ui.sourceRouting) elif source_fda['source_routing_selection'] == 'on': uidatahelpers.create_rdf_route(ui_root, None, source_fda['network_connection'], source_fda['gateway'], ns_ui.sourceRouting) else: raise uidatahelpers.FormDataError('Forced routing is neither on nor off.') # PPP firewall rules fwrule_fda = toplevel_fda.descend('fwrule_group') uidatahelpers.save_dynamic_list_to_rdf(ui_root, ns_ui.pppFirewallRules, ns_ui.PppFirewallRule, fwrule_fda, _save_ppp_firewall_rule_to_rdf)
def save_user_list(self, ctx, form, data, userpw_dict): def _save_user_to_rdf(user, fda): username = fda['username'] user.setS(ns_ui.username, rdf.String, username) # Password is tricky; we look up the previous config, and if a user # of this name existed and it had a password, use that password unless # a new one is specified. This is not perfect, but at least it works # correctly w.r.t. changed username. Note however that we do not track # user identity as such across a name change: if admin removes user XYZ # and adds a new user with name XYZ (with empty password field), that # user will simply inherit the older user XYZ password. if fda.has_key('password') and (fda['password'] is not None) and ( fda['password'] != ''): # set hashed password entries uihelpers.set_user_password_hashes(user, fda['password']) else: if userpw_dict.has_key(username): password_plain, password_md5, password_nt = userpw_dict[ username] user.setS(ns_ui.passwordMd5, rdf.String, password_md5) user.setS(ns_ui.passwordNtHash, rdf.String, password_nt) user.removeNodes(ns_ui.password) else: # this should not happen; log but don't fail badly _log.error( 'no password in form or userpw dict, should not happen' ) user.setS(ns_ui.password, rdf.String, '') uidatahelpers.save_optional_field_to_rdf(user, ns_ui.fixedIp, rdf.IPv4Address, fda, 'fixed_ip') user.setS(ns_ui.adminRights, rdf.Boolean, fda['admin_rights']) user.setS(ns_ui.vpnRights, rdf.Boolean, fda['vpn_rights']) ui_root = helpers.get_new_ui_config() fda = formalutils.FormDataAccessor(form, ['userlist_group'], ctx) uidatahelpers.save_dynamic_list_to_rdf(ui_root, ns_ui.users, ns_ui.User, fda, _save_user_to_rdf)
def save_s2s_list_data(self, ctx, form, data): def _save_connection(conn, fda): conn.setS(ns_ui.username, rdf.String, fda['s2s_username']) conn.setS(ns_ui.password, rdf.String, fda['s2s_password']) uidatahelpers.save_subnet_list_to_rdf(conn, ns_ui.subnetList, fda, 's2s_subnets') mode = fda['s2s_mode'] if mode == 'client': conn.setS(ns_ui.mode, rdf.String, 'client') conn.setS(ns_ui.preSharedKey, rdf.String, fda['s2s_psk']) conn.setS(ns_ui.serverAddress, rdf.String, fda['s2s_server']) elif mode == 'server': conn.setS(ns_ui.mode, rdf.String, 'server') else: raise Exception('unknown mode: %s' % mode) ui_root = helpers.get_new_ui_config() fda = formalutils.FormDataAccessor(form, ['s2s_connections'], ctx) uidatahelpers.save_dynamic_list_to_rdf(ui_root, ns_ui.siteToSiteConnections, ns_ui.SiteToSiteConnection, fda, _save_connection)
def save_s2s_list_data(self, ctx, form, data): def _save_connection(conn, fda): conn.setS(ns_ui.username, rdf.String, fda['s2s_username']) conn.setS(ns_ui.password, rdf.String, fda['s2s_password']) uidatahelpers.save_subnet_list_to_rdf(conn, ns_ui.subnetList, fda, 's2s_subnets') mode = fda['s2s_mode'] if mode == 'client': conn.setS(ns_ui.mode, rdf.String, 'client') conn.setS(ns_ui.preSharedKey, rdf.String, fda['s2s_psk']) conn.setS(ns_ui.serverAddress, rdf.String, fda['s2s_server']) elif mode == 'server': conn.setS(ns_ui.mode, rdf.String, 'server') else: raise Exception('unknown mode: %s' % mode) ui_root = helpers.get_new_ui_config() fda = formalutils.FormDataAccessor(form, ['s2s_connections'], ctx) uidatahelpers.save_dynamic_list_to_rdf(ui_root, ns_ui.siteToSiteConnections, ns_ui.SiteToSiteConnection, fda, _save_connection)
def save_user_list(self, ctx, form, data, userpw_dict): def _save_user_to_rdf(user, fda): username = fda['username'] user.setS(ns_ui.username, rdf.String, username) # Password is tricky; we look up the previous config, and if a user # of this name existed and it had a password, use that password unless # a new one is specified. This is not perfect, but at least it works # correctly w.r.t. changed username. Note however that we do not track # user identity as such across a name change: if admin removes user XYZ # and adds a new user with name XYZ (with empty password field), that # user will simply inherit the older user XYZ password. if fda.has_key('password') and (fda['password'] is not None) and (fda['password'] != ''): # set hashed password entries uihelpers.set_user_password_hashes(user, fda['password']) else: if userpw_dict.has_key(username): password_plain, password_md5, password_nt = userpw_dict[username] user.setS(ns_ui.passwordMd5, rdf.String, password_md5) user.setS(ns_ui.passwordNtHash, rdf.String, password_nt) user.removeNodes(ns_ui.password) else: # this should not happen; log but don't fail badly _log.error('no password in form or userpw dict, should not happen') user.setS(ns_ui.password, rdf.String, '') uidatahelpers.save_optional_field_to_rdf(user, ns_ui.fixedIp, rdf.IPv4Address, fda, 'fixed_ip') user.setS(ns_ui.adminRights, rdf.Boolean, fda['admin_rights']) user.setS(ns_ui.vpnRights, rdf.Boolean, fda['vpn_rights']) ui_root = helpers.get_new_ui_config() fda = formalutils.FormDataAccessor(form, ['userlist_group'], ctx) uidatahelpers.save_dynamic_list_to_rdf(ui_root, ns_ui.users, ns_ui.User, fda, _save_user_to_rdf)
def save_firewall_data(self, ctx, form, data): def _save_port_forward_to_rdf(rdf_node, fda): rdf_node.setS(ns_ui.protocol, rdf.String, fda['new_fw_protocol']) uidatahelpers.save_optional_field_to_rdf(rdf_node, ns_ui.incomingPort, rdf.Integer, fda, 'new_fw_port_in') rdf_node.setS(ns_ui.ipAddress, rdf.IPv4Address, fda['new_fw_ip_out']) uidatahelpers.save_optional_field_to_rdf(rdf_node, ns_ui.destinationPort, rdf.Integer, fda, 'new_fw_port_out') ui_root = helpers.get_new_ui_config() fw_fda = formalutils.FormDataAccessor(form, ['firewall'], ctx) ui_root.setS(ns_ui.firewallInUse, rdf.Boolean, fw_fda['firewall_in_use']) # XXX: separate function pf_fda = formalutils.FormDataAccessor(form, ['port_forwards'], ctx) uidatahelpers.save_dynamic_list_to_rdf(ui_root, ns_ui.portForwards, ns_ui.PortForward, pf_fda, _save_port_forward_to_rdf)
def save_routes_data(self, ctx, form, data): def _save_additional_route_to_rdf(rdf_node, fda): uidatahelpers.create_rdf_route(rdf_node, fda['subnet'], fda['network_connection'], fda['gateway'], ns_ui.route) def _save_ppp_firewall_rule_to_rdf(rdf_node, fda): if isinstance(fda['ip_subnet'], datatypes.IPv4Address): rdf_node.setS(ns_ui.ipAddress, rdf.IPv4Address, fda['ip_subnet']) elif isinstance(fda['ip_subnet'], datatypes.IPv4Subnet): rdf_node.setS(ns_ui.subnet, rdf.IPv4Subnet, fda['ip_subnet']) else: raise uidatahelpers.FormDataError( 'Firewall rule IP/subnet is neither IPv4Address nor IPv4Subnet' ) if fda['protocol'] == 'any': pass else: rdf_node.setS(ns_ui.protocol, rdf.String, fda['protocol']) uidatahelpers.save_optional_field_to_rdf(rdf_node, ns_ui.port, rdf.Integer, fda, 'port') rdf_node.setS(ns_ui.action, rdf.String, fda['action']) toplevel_fda = formalutils.FormDataAccessor(form, [], ctx) ui_root = helpers.get_new_ui_config() # Default route droute_fda = toplevel_fda.descend('dr_group') uidatahelpers.create_rdf_route(ui_root, None, droute_fda['network_connection'], droute_fda['gateway'], ns_ui.defaultRoute) # Additional routes add_route_fda = toplevel_fda.descend('ar_group') uidatahelpers.save_dynamic_list_to_rdf(ui_root, ns_ui.routes, ns_ui.Route, add_route_fda, _save_additional_route_to_rdf) # Source routing (forced routing) source_fda = toplevel_fda.descend('sr_group') if source_fda['source_routing_selection'] == 'off': ui_root.removeNodes(ns_ui.sourceRouting) elif source_fda['source_routing_selection'] == 'on': uidatahelpers.create_rdf_route(ui_root, None, source_fda['network_connection'], source_fda['gateway'], ns_ui.sourceRouting) else: raise uidatahelpers.FormDataError( 'Forced routing is neither on nor off.') # PPP firewall rules fwrule_fda = toplevel_fda.descend('fwrule_group') uidatahelpers.save_dynamic_list_to_rdf(ui_root, ns_ui.pppFirewallRules, ns_ui.PppFirewallRule, fwrule_fda, _save_ppp_firewall_rule_to_rdf)