def dump_device(self, name):
try:
# construct args
args = []
if System.WS_LINUX == System.name():
args = ["ip", "addr", "show", name]
elif System.WS_FREEBSD == System.name():
args = ["ifconfig", name]
else:
raise Exception(
"NetDeviceDumper::dump_device - not implemented on system '%s'"
% System.name())
# and run them
(ret, stdout, stderr) = Command().run(args)
if ret != 0:
raise Exception("Invalid exit code: %d; (%s, %s)" %
(ret, stdout, stderr))
# if we got here then it is fine
return stdout
except Exception as e:
return "ERROR: %s\n%s" % (str(e), traceback.format_exc())
def dump(self, keytab_path):
if System.name() == System.WS_WINDOWS:
return "Showing KEYTAB %s contents on windows ALWAYS SUCCEEDS with this message." % keytab_path
if System.name() == System.WS_FREEBSD:
return self.run_freebsd(keytab_path)
return self.run_linux(keytab_path)
def can_manage_network(self):
# for debug
if System.WS_WINDOWS == System.name():
return True
if System.WS_LINUX == System.name():
if Distrib.name() in [Distrib.WS_DEBIAN9, Distrib.WS_UBUNTU16]:
return True
return False
def get_dir():
if os.path.isfile("/etc/centos-release") or os.path.isfile("/etc/redhat-release"):
return "/var/spool/squid_ssldb"
if System.name() == System.WS_WINDOWS:
return r"c:\Squid\bin\unknown.dir"
if System.name() == System.WS_FREEBSD:
return "/var/squid/ssldb"
return "/var/spool/squid_ssldb"
def full_path():
if os.path.isfile("/etc/centos-release") or os.path.isfile("/etc/redhat-release"):
return "/usr/lib64/squid/ssl_crtd"
if System.name() == System.WS_WINDOWS:
return r"c:\Squid\bin\ssl_crtd.exe"
if System.name() == System.WS_FREEBSD:
return "/usr/local/libexec/squid/ssl_crtd"
return "/usr/lib/squid/ssl_crtd"
def full_path():
if System.name() == System.WS_WINDOWS:
return r"c:\Squid\lib\squid\htpasswd.exe"
if System.name() == System.WS_FREEBSD:
return "/usr/local/bin/htpasswd"
return "/usr/bin/htpasswd"
# print BinaryHtPasswd.full_path()
def generate(self, devices, manual):
# for debug only
if System.WS_WINDOWS == System.name():
return self.generate_linux_debian(devices, manual)
if System.WS_LINUX == System.name():
return self.generate_linux(devices, manual)
raise Exception(
"NetworkGenerateView::generate - generator is not implemented for system: '%s'"
% System.name())
def run(self):
result = {
'mem' : {'total': 0, 'used': 0, 'free': 0, 'percent': 0},
'swap' : {'total': 0, 'used': 0, 'free': 0, 'percent': 0}
}
if System.WS_FREEBSD == System.name():
self.run_freebsd(result)
elif System.WS_LINUX == System.name():
self.run_linux(result)
else:
assert(System.WS_WINDOWS == System.name())
return result
def full_path():
if os.path.isfile("/etc/centos-release") or os.path.isfile(
"/etc/redhat-release") or os.path.isfile("/etc/SuSE-release"):
return "/usr/bin/squidclient"
if System.name() == System.WS_WINDOWS:
return r"c:\Squid\bin\squidclient.exe"
if System.name() == System.WS_FREEBSD:
#if self.is_pfsense():
# return "/usr/local/sbin/squidclient"
return "/usr/local/sbin/squidclient"
return "/usr/bin/squidclient"
def configured_tz_linux(self):
# debug check
assert(System.name() == System.WS_LINUX)
# assume default
value = self.default
# see if this is centos style
if Distrib.WS_CENTOS7 == Distrib.name():
etc_localtime = "/etc/localtime"
usr_zoneinfo = "/usr/share/zoneinfo/"
# see if local time is a link or not
if os.path.islink(etc_localtime):
value = os.path.realpath(etc_localtime)
if value.startswith(usr_zoneinfo):
value = value[len(usr_zoneinfo):]
else:
# ok this is debian style then
with open('/etc/timezone') as fin:
value = fin.read()
value = value.strip()
# return nicely
return value
def set(self, value):
assert(len(value) > 0)
# check the provided timezone indeed exists in the pytz
if value not in pytz.all_timezones:
raise Exception("Wrong timezone %s (not found pytz.all_timezones)" % value)
# save the new timezone into the system
exe = os.path.join(Paths.bin_dir(), "timezone.py")
arg1 = "--timezone=%s" % value
arg2 = "--system=%s" % System.name()
arg3 = "--distrib=%s" % Distrib.name()
args = [exe, arg1, arg2, arg3]
(ret, stdout, stderr) = CommandElevated().run(args)
# the system zone is set if return value is 0
if ret == 0:
# also generate the timezone.setting file
tz_file = os.path.join(Paths.var_dir(), "console", "console", "timezone.setting")
with open(tz_file,"w") as fout:
fout.write(value)
# and return
return (ret, stdout, stderr)
def get_context_data(self, **kwargs):
context = super(ViewSafetySystemInfo, self).get_context_data(**kwargs)
v = Version()
info = {
'product_name' : 'Web Safety for Squid Proxy',
'installed_version' : v.installed,
'latest_version' : v.latest,
'need_to_upgrade' : v.need_to_upgrade(), # 0 - no_need_to_upgrade, 1 - may_upgrade, 2 - should_upgrade, 3 - must_upgrade
'whats_new' : v.whats_new
};
context['info'] = info
# add hardcoded settings
context['WEBSAFETY_ETC_DIR'] = Paths.etc_dir()
context['WEBSAFETY_ETC_DIR_SIZE'] = long(FolderInfo(Paths.etc_dir()).get_size())
context['WEBSAFETY_VAR_DIR'] = Paths.var_dir()
context['WEBSAFETY_VAR_DIR_SIZE'] = long(FolderInfo(Paths.var_dir()).get_size())
context['WEBSAFETY_BIN_DIR'] = Paths.bin_dir()
context['WEBSAFETY_BIN_DIR_SIZE'] = long(FolderInfo(Paths.bin_dir()).get_size())
context['WEBSAFETY_VERSION'] = Build.version()
context['WEBSAFETY_ARCH'] = Distrib.arch()
context['WEBSAFETY_DISTRIB'] = Distrib.name()
context['WEBSAFETY_SYSTEM'] = System.name()
return context
def get_str_unsafe(self, request):
arg_port = "-p"
# bad fix - need to base decision on squid version and not on the system
if System.name() == System.WS_FREEBSD:
arg_port = "-a"
args = [
self.exe, arg_port,
str(self.port), "-h", self.host,
"mgr:%s" % request
]
(exit_code, stdout, stderr) = Command().run(args)
if exit_code == 0:
pos = stdout.find("\r\n\r\n")
if pos != -1:
stdout = stdout[pos + 4:]
return stdout
# if we got here everything failed
raise Exception(
"Command %s failed.\n\tExit Code: %d\n\tSTDOUT: %s\n\tSTDERR: %s" %
(" ".join(args), exit_code, stdout, stderr))
def categorize(self, domain):
try:
name = "categories_checker"
if System.WS_WINDOWS == System.name():
name += ".exe"
exe = os.path.join(Paths.bin_dir(), name)
arg1 = "--definitions=%s" % (os.path.join(
Paths.var_dir(), "spool", "categories", "definitions.dat"))
arg2 = "--domain=%s" % domain
(exit_code, stdout, stderr) = Command().run([exe, arg1, arg2])
if 0 == exit_code:
data = stdout.strip()
data = data.strip("]")
data = data.strip("[")
data = data.strip()
if len(data) == 0:
return []
else:
return data.split(':')
except Exception as e:
pass
return []
def __init__(self, dc_addr, port, use_ldaps, base_dn, bind_user,
bind_pass):
# set size limit
self.size_limit = 150
# we do not support referrals
ldap.set_option(ldap.OPT_REFERRALS, 0)
ldap.set_option(ldap.OPT_SIZELIMIT, self.size_limit)
# set schema
schema = "ldap"
if use_ldaps:
schema = "ldaps"
# it is ldapS so set the path to the trusted cert
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,
os.path.join(Paths.etc_dir(), "ldaps.pem"))
# disable certificate checking only on windows to ease development
if System.name() == System.WS_WINDOWS:
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,
ldap.OPT_X_TLS_NEVER)
# construct uri
uri = "%s://%s:%d" % (schema, dc_addr, port)
# init LDAP and bind to it
self.conn = ldap.initialize(uri)
# bind to LDAP server
self.conn.simple_bind_s(bind_user, bind_pass)
# and save the base dn
self.base_dn = base_dn
def full_path():
name = "ldap"
if System.name() == System.WS_WINDOWS:
name += ".exe"
return os.path.join(Paths.bin_dir(), name)
def generate(self, contents):
# debug check
assert (len(contents) > 0)
# first generate a temporary file in /opt/websafety/etc/node folder (it will be removed after close automatically)
prefix = "etc_network_interfaces."
folder = os.path.join(Paths.etc_dir(), "node")
# write to temp file
with tempfile.NamedTemporaryFile(prefix=prefix,
dir=folder,
delete=True) as temp:
temp.write(contents)
temp.flush()
# call the sudoing binary
exe = os.path.join(Paths.bin_dir(), "network_debian.py")
arg1 = "--file=%s" % temp.name
arg2 = "--system=%s" % System.name()
arg3 = "--distrib=%s" % Distrib.name()
args = [exe, arg1, arg2, arg3]
# and run it
(exit_code, stdout, stderr) = CommandElevated().run(args)
if exit_code != 0:
raise Exception(
"Cannot generate network settings. Error: %d, STDOUT: %s, STDERR: %s"
% (exit_code, stdout, stderr))
def full_path():
# centos and redhat
if os.path.isfile("/etc/centos-release") or os.path.isfile(
"/etc/redhat-release"):
return "/usr/lib64/squid/negotiate_kerberos_auth"
# windows (for debug only)
if System.name() == System.WS_WINDOWS:
return r"c:\Squid\bin\squidclient.exe"
if System.name() == System.WS_FREEBSD:
return "/usr/local/libexec/squid/negotiate_kerberos_auth"
# by default - debian and ubuntu
return "/usr/lib/squid/negotiate_kerberos_auth"
def initialize(self, keytab_path, spn):
try:
if System.name() == System.WS_WINDOWS:
return (
True,
"Trying actual key tab %s on Windows with SPN %s ALWAYS SUCCEEDS"
% (keytab_path, spn))
if System.name() == System.WS_FREEBSD:
return (True, self.run_freebsd(keytab_path, spn))
return (True, self.run_linux(keytab_path, spn))
except Exception as e:
return (False, str(e))
def full_path():
# windows (for debug only)
if System.name() == System.WS_WINDOWS:
return r"c:\Squid\bin\squid.exe"
# centos and redhat
if os.path.isfile("/etc/centos-release") or os.path.isfile(
"/etc/redhat-release"):
return "/usr/sbin/squid"
# freebsd
if System.name() == System.WS_FREEBSD:
return "/usr/local/sbin/squid"
# by default - debian and ubuntu
return "/usr/sbin/squid"
def run(self, args):
# prepend with path to sudo
if System.name() != System.WS_WINDOWS:
args.insert(0, BinarySudo.full_path())
# and execute normally
return Command().run(args)
def runas_user():
if System.WS_WINDOWS == System.name():
return "unknown"
if System.WS_FREEBSD == System.name():
return "squid"
assert (System.WS_LINUX == System.name())
if Distrib.WS_CENTOS7 == Distrib.name():
return "squid"
if Distrib.name() in [Distrib.WS_DEBIAN9, Distrib.WS_UBUNTU16]:
return "proxy"
raise Exception("Unknown distrib '%s' in BinarySquid.runas_user" %
Distrib.name())
def get_path(self):
# windows (for debug only)
if System.WS_WINDOWS == System.name():
return r"m:\websafety_extra\src.test\res\squid.conf"
# freebsd
if System.WS_FREEBSD == System.name():
return "/usr/local/etc/squid/squid.conf"
# debug check
assert (System.WS_LINUX == System.name())
# centos and redhat
if Distrib.WS_CENTOS7 == Distrib.name():
return "/etc/squid/squid.conf"
# by default - debian and ubuntu
return "/etc/squid/squid.conf"
def parse_value(self, str):
reg_str = r'\s*(\d*.\d*)\s*\%?[usy]+\s*$'
if System.WS_FREEBSD == System.name():
reg_str = r'\s*(\d*.\d*)\s*\%?\s.*$'
match = re.match(reg_str, str)
if match:
return float(match.groups()[0])
return float(0)
def set(self, value):
assert (len(value) > 0)
exe = os.path.join(Paths.bin_dir(), "hostname.py")
arg1 = "--hostname=%s" % value
arg2 = "--system=%s" % System.name()
arg3 = "--distrib=%s" % Distrib.name()
args = [exe, arg1, arg2, arg3]
return CommandElevated().run(args)
def is_pfsense(self):
if System.WS_FREEBSD != System.name():
return False
try:
version = open("/etc/version").readlines()[0]
match = re.match(r'\d\.\d.*', version)
if match:
return True
except:
pass
return False
def run(self, icap_port="1344"):
if System.WS_FREEBSD == System.name():
args = ["netstat", "-an", "-p", "tcp"]
else:
args = [
"netstat", "--tcp", "--all", "--numeric", "--program",
"--verbose"
]
# run this command
(exit_code, stdout, stderr) = Command.run(self, args)
# and convert
if exit_code == 0:
if System.WS_FREEBSD == System.name():
return self.parse_freebsd_output(stdout, icap_port)
else:
return self.parse_linux_output(stdout, icap_port)
else:
return []
def configured_hostname(self):
value = self.default
# get the one from linux
if System.WS_LINUX == System.name():
with open('/etc/hostname') as fin:
value = fin.read()
value = value.strip()
return value
def run(self, file):
name = "ldap"
if System.name() == System.WS_WINDOWS:
name += ".exe"
args = [os.path.join(Paths.bin_dir(), name), "--file=" + file]
# run this command
(exit_code, stdout, stderr) = Command.run(self, args)
# and convert
return {'exit_code': exit_code, 'stdout': stdout, 'stderr': stderr}
def running_tz_str(self):
# for debug only
if System.WS_WINDOWS == System.name():
return "Europe/London"
# this is the value to return
value = ""
if System.name() == System.WS_LINUX:
# on linux we call timedatectl
args = ["timedatectl", "status", "--no-pager"]
(exit_code, stdout, stderr) = Command().run(args)
if exit_code != 0:
raise Exception("Cannot run command %s, exit code: %d, error message:\n%s" % (" ".join(args), exit_code, stdout + stderr))
for line in stdout.split('\n'):
pos = line.find(":")
if pos == -1:
continue
left = line[:pos].strip()
right = line[pos + 1:].strip()
match = re.match( r'.*time.*zone.*', line, re.M|re.I)
if match:
value = right
if System.name() == System.WS_FREEBSD:
# TODO
# on freebsd it is a little different; the /etc/localtime can be either a symlink or a copy of any file
# including one in subdirectories of /usr/share/zoneinfo. We need to first find that file and then
# parse out the zone information as folder/subfolder starting from /usr/share/zoneinfo as root, complex!
raise Exception("NOT_IMPL of FreeBSD")
return value