def clean_jail_host(self):
jail_host = self.cleaned_data.get('jail_host')
parts = jail_host.split('.')
if len(parts) > 1:
raise forms.ValidationError(_("Jail name cannot have '.'"))
return jail_host
def clean(self):
cdata = self.cleaned_data
domain = cdata.get("ad_domainname")
bindname = cdata.get("ad_bindname")
binddn = "%s@%s" % (bindname, domain)
bindpw = cdata.get("ad_bindpw")
site = cdata.get("ad_site")
netbiosname = cdata.get("ad_netbiosname_a")
netbiosname_b = cdata.get("ad_netbiosname_b")
ssl = cdata.get("ad_ssl")
certificate = cdata["ad_certificate"]
ad_kerberos_principal = cdata["ad_kerberos_principal"]
workgroup = None
if certificate:
certificate = certificate.get_certificate_path()
args = {
'domain': domain,
'site': site,
'ssl': ssl,
'certfile': certificate
}
if not cdata.get("ad_bindpw"):
bindpw = self.instance.ad_bindpw
cdata['ad_bindpw'] = bindpw
if cdata.get("ad_enable") is False:
return cdata
if not ad_kerberos_principal:
if not bindname:
raise forms.ValidationError("No domain account name specified")
if not bindpw:
raise forms.ValidationError(
"No domain account password specified")
try:
FreeNAS_ActiveDirectory.validate_credentials(
domain,
site=site,
ssl=ssl,
certfile=certificate,
binddn=binddn,
bindpw=bindpw)
except LDAPError as e:
# LDAPError is dumb, it returns a list with one element for goodness knows what reason
e = e[0]
error = []
desc = e.get('desc')
info = e.get('info')
if desc:
error.append(desc)
if info:
error.append(info)
if error:
error = ', '.join(error)
else:
error = str(e)
raise forms.ValidationError("{0}".format(error))
except Exception as e:
raise forms.ValidationError('{0}.'.format(str(e)))
args['binddn'] = binddn
args['bindpw'] = bindpw
else:
args['keytab_principal'] = ad_kerberos_principal.principal_name
args['keytab_file'] = '/etc/krb5.keytab'
try:
workgroup = FreeNAS_ActiveDirectory.get_workgroup_name(**args)
except Exception as e:
raise forms.ValidationError(e)
if workgroup:
if compare_netbios_names(netbiosname, workgroup, None):
raise forms.ValidationError(
_("The NetBIOS name cannot be the same as the workgroup name!"
))
if netbiosname_b:
if compare_netbios_names(netbiosname_b, workgroup, None):
raise forms.ValidationError(
_("The NetBIOS name cannot be the same as the workgroup "
"name!"))
else:
log.warn("Unable to determine workgroup name")
if ssl in ("off", None):
return cdata
if not certificate:
raise forms.ValidationError(
"SSL/TLS specified without certificate")
return cdata
def clean_vlan_tag(self):
tag = self.cleaned_data['vlan_tag']
if tag > 4095:
raise forms.ValidationError(_("VLAN Tags are 1 - 4095 inclusive"))
return tag
def clean_bsduser_to_group(self):
v = self.cleaned_data.get("bsduser_to_group")
if len(v) > 64:
raise forms.ValidationError(
_("A user cannot belong to more than 64 auxiliary groups"))
return v
def clean_ini_script(self):
_type = self.cleaned_data.get("ini_type")
val = self.cleaned_data.get("ini_script")
if _type == 'script' and not val:
raise forms.ValidationError(_("This field is required"))
return val
def clean(self, user):
if not self.required and user in ('-----', '', None):
return None
if FreeNAS_User(user, flags=FLAGS_DBINIT) == None:
raise forms.ValidationError(_("The user %s is not valid.") % user)
return user
def _clean_jail_ipv4address(jip):
if (Alias.objects.filter(alias_v4address=jip).exists()
or Interfaces.objects.filter(int_ipv4address=jip).exists()):
raise forms.ValidationError(_("This IP is already in use."))
return jip
def clean_em_user(self):
if (self.cleaned_data['em_smtp'] is True
and self.cleaned_data['em_user'] == ""):
raise forms.ValidationError(_("This field is required"))
return self.cleaned_data['em_user']
def clean_sysctl_mib(self):
value = self.cleaned_data.get('sysctl_mib').strip()
if SYSCTL_VARNAME_FORMAT_RE.match(value):
return value
raise forms.ValidationError(_(SYSCTL_TUNABLE_VARNAME_FORMAT))
def clean_bsdusr_group2(self):
create = self.cleaned_data.get("bsdusr_creategroup")
group = self.cleaned_data.get("bsdusr_group2")
if not group and not create:
raise forms.ValidationError(_("This field is required"))
return group
def clean(self):
cdata = self.cleaned_data
if not cdata.get("ldap_bindpw"):
cdata["ldap_bindpw"] = self.instance.ldap_bindpw
binddn = cdata.get("ldap_binddn")
bindpw = cdata.get("ldap_bindpw")
basedn = cdata.get("ldap_basedn")
hostname = cdata.get("ldap_hostname")
ssl = cdata.get("ldap_ssl")
certfile = None
if ssl in ('start_tls', 'on'):
certificate = cdata["ldap_certificate"]
if not certificate:
raise forms.ValidationError(
"SSL/TLS specified without certificate")
else:
certfile = get_certificateauthority_path(certificate)
port = 389
if ssl == "on":
port = 636
if hostname:
parts = hostname.split(':')
hostname = parts[0]
if len(parts) > 1:
port = int(parts[1])
if cdata.get("ldap_enable") is False:
return cdata
# self.check_for_samba_schema()
try:
FreeNAS_LDAP.validate_credentials(
hostname,
binddn=binddn,
bindpw=bindpw,
basedn=basedn,
port=port,
certfile=certfile,
ssl=ssl
)
except LDAPError as e:
log.debug("LDAPError: type = %s", type(e))
error = []
try:
error.append(e.args[0]['info'])
error.append(e.args[0]['desc'])
error = ', '.join(error)
except:
error = str(e)
raise forms.ValidationError("{0}".format(error))
except Exception as e:
log.debug("LDAPError: type = %s", type(e))
raise forms.ValidationError("{0}".format(str(e)))
return cdata
def clean_jail_host(self):
jail_host = self.cleaned_data.get('jail_host')
if re.search(r'[\. ]', jail_host) is not None:
raise forms.ValidationError(_("Jail name cannot have '.' or ' '"))
return jail_host
def clean_ssl_passphrase2(self):
passphrase1 = self.cleaned_data.get("ssl_passphrase")
passphrase2 = self.cleaned_data.get("ssl_passphrase2")
if passphrase1 != passphrase2:
raise forms.ValidationError(_("The two passphrase fields didn't match."))
return passphrase2
def clean_ntp_maxpoll(self):
maxp = self.cleaned_data.get("ntp_maxpoll")
minp = self.cleaned_data.get("ntp_minpoll")
if not maxp > minp:
raise forms.ValidationError(_("Max Poll should be higher than Min Poll"))
return maxp
def clean_size(self):
vm_type = self.cleaned_data.get('vm_type')
size = self.cleaned_data.get('size')
if vm_type != 'Bhyve' and not size:
raise forms.ValidationError(_('This field is required.'))
return size
def clean_ldr_value(self):
value = self.cleaned_data.get('ldr_value')
if '"' in value or "'" in value:
raise forms.ValidationError(_('Quotes are not allowed'))
return value
def clean_vc_management_ip(self):
manage_ip = str(self.cleaned_data['vc_management_ip'])
if '--Select--' in manage_ip:
raise forms.ValidationError(
_('Please select the TrueNAS management interface.'))
return manage_ip
def clean_ldr_var(self):
value = self.cleaned_data.get('ldr_var').strip()
if TUNABLE_VARNAME_FORMAT_RE.match(value):
return value
raise forms.ValidationError(_(SYSCTL_TUNABLE_VARNAME_FORMAT))
def clean_path(self):
path = self.cleaned_data.get('path')
if path and ' ' in path:
raise forms.ValidationError(
_('Whitespace is not a valid character for NFS shares.'))
return path
def clean_smart_email(self):
if "," in self.cleaned_data["smart_email"]:
raise forms.ValidationError(
_("Commas are not valid in an E-Mail address. "
"Separate multiple E-Mail addresses with a space."))
return self.cleaned_data["smart_email"]
class ActiveDirectoryForm(ModelForm):
advanced_fields = [
'ad_netbiosname', 'ad_use_keytab', 'ad_kerberos_keytab', 'ad_ssl',
'ad_certificate', 'ad_verbose_logging', 'ad_unix_extensions',
'ad_allow_trusted_doms', 'ad_use_default_domain', 'ad_site',
'ad_dcname', 'ad_gcname', 'ad_kerberos_realm', 'ad_nss_info',
'ad_timeout', 'ad_dns_timeout', 'ad_idmap_backend',
'ad_ldap_sasl_wrapping'
]
class Meta:
fields = '__all__'
exclude = ['ad_ssl', 'ad_certificate', 'ad_idmap_backend_type']
model = models.ActiveDirectory
widgets = {
'ad_bindpw': forms.widgets.PasswordInput(render_value=False),
}
def __original_save(self):
for name in ('ad_domainname', 'ad_netbiosname',
'ad_allow_trusted_doms', 'ad_use_default_domain',
'ad_use_keytab', 'ad_unix_extensions',
'ad_verbose_logging', 'ad_bindname', 'ad_bindpw'):
setattr(self.instance, "_original_%s" % name,
getattr(self.instance, name))
def __original_changed(self):
if self.instance._original_ad_domainname != self.instance.ad_domainname:
return True
if self.instance._original_ad_netbiosname != self.instance.ad_netbiosname:
return True
if self.instance._original_ad_allow_trusted_doms != self.instance.ad_allow_trusted_doms:
return True
if self.instance._original_ad_use_default_domain != self.instance.ad_use_default_domain:
return True
if self.instance._original_ad_unix_extensions != self.instance.ad_unix_extensions:
return True
if self.instance._original_ad_verbose_logging != self.instance.ad_verbose_logging:
return True
if self.instance._original_ad_bindname != self.instance.ad_bindname:
return True
if self.instance._original_ad_bindpw != self.instance.ad_bindpw:
return True
if self.instance._original_ad_use_keytab != self.instance.ad_use_keytab:
return True
return False
def __init__(self, *args, **kwargs):
super(ActiveDirectoryForm, self).__init__(*args, **kwargs)
if self.instance.ad_bindpw:
self.fields['ad_bindpw'].required = False
self.__original_save()
self.fields["ad_enable"].widget.attrs["onChange"] = (
"activedirectory_mutex_toggle();")
def clean_ad_dcname(self):
ad_dcname = self.cleaned_data.get('ad_dcname')
ad_dcport = 389
if not ad_dcname:
return None
parts = ad_dcname.split(':')
ad_dcname = parts[0]
if len(parts) > 1 and parts[1].isdigit():
ad_dcport = long(parts[1])
errors = []
try:
ret = FreeNAS_ActiveDirectory.port_is_listening(host=ad_dcname,
port=ad_dcport,
errors=errors)
if ret is False:
raise Exception('Invalid Host/Port: %s' % errors[0])
except Exception as e:
raise forms.ValidationError('%s.' % e)
return self.cleaned_data.get('ad_dcname')
def clean_ad_gcname(self):
ad_gcname = self.cleaned_data.get('ad_gcname')
ad_gcport = 3268
if not ad_gcname:
return None
parts = ad_gcname.split(':')
ad_gcname = parts[0]
if len(parts) > 1 and parts[1].isdigit():
ad_gcport = long(parts[1])
errors = []
try:
ret = FreeNAS_ActiveDirectory.port_is_listening(host=ad_gcname,
port=ad_gcport,
errors=errors)
if ret is False:
raise Exception('Invalid Host/Port: %s' % errors[0])
except Exception as e:
raise forms.ValidationError('%s.' % e)
return self.cleaned_data.get('ad_gcname')
def clean(self):
cdata = self.cleaned_data
if not cdata.get("ad_bindpw"):
cdata['ad_bindpw'] = self.instance.ad_bindpw
if self.instance.ad_use_keytab is False:
bindname = cdata.get("ad_bindname")
bindpw = cdata.get("ad_bindpw")
domain = cdata.get("ad_domainname")
binddn = "%s@%s" % (bindname, domain)
errors = []
try:
ret = FreeNAS_ActiveDirectory.validate_credentials(
domain, binddn=binddn, bindpw=bindpw, errors=errors)
if ret is False:
raise forms.ValidationError("%s." % errors[0])
except FreeNAS_ActiveDirectory_Exception, e:
raise forms.ValidationError('%s.' % e)
ssl = cdata.get("ad_ssl")
if ssl in ("off", None):
return cdata
certificate = cdata["ad_certificate"]
if not certificate:
raise forms.ValidationError(
"SSL/TLS specified without certificate")
return cdata
def _clean_secret_common(self, secretprefix):
secret1 = self.cleaned_data.get(secretprefix, "")
secret2 = self.cleaned_data[("%s2" % secretprefix)]
if secret1 != secret2:
raise forms.ValidationError(_("Secret does not match"))
return secret2
def clean_confirm_password(self):
p1 = self.cleaned_data.get('password')
p2 = self.cleaned_data.get('confirm_password')
if p1 != p2:
raise forms.ValidationError(_('Passwords do not match'))
def clean_path(self):
path = self.cleaned_data.get("path")
if not os.path.exists(path):
raise forms.ValidationError(
_("The path %s does not exist") % (path, ))
return path
def clean_rsync_remotepath(self):
mode = self.cleaned_data.get("rsync_mode")
val = self.cleaned_data.get("rsync_remotepath")
if mode == 'ssh' and not val:
raise forms.ValidationError(_("This field is required"))
return val
def clean_cifs_path(self):
path = self.cleaned_data.get('cifs_path')
if path and not os.path.exists(path):
raise forms.ValidationError(_('The path %s does not exist') % path)
return path
def clean(self):
cdata = self.cleaned_data
if not cdata.get("ldap_bindpw"):
cdata["ldap_bindpw"] = self.instance.ldap_bindpw
binddn = cdata.get("ldap_binddn")
bindpw = cdata.get("ldap_bindpw")
basedn = cdata.get("ldap_basedn")
hostname = cdata.get("ldap_hostname")
ssl = cdata.get("ldap_ssl")
certfile = None
if ssl in ('start_tls', 'on'):
certificate = cdata["ldap_certificate"]
if not certificate:
raise forms.ValidationError(
"SSL/TLS specified without certificate")
else:
certfile = get_certificateauthority_path(certificate)
port = 389
if ssl == "on":
port = 636
if hostname:
parts = hostname.split(':')
hostname = parts[0]
if len(parts) > 1:
port = int(parts[1])
if cdata.get("ldap_enable") is False:
return cdata
# self.check_for_samba_schema()
try:
FreeNAS_LDAP.validate_credentials(hostname,
binddn=binddn,
bindpw=bindpw,
basedn=basedn,
port=port,
certfile=certfile,
ssl=ssl)
except LDAPError as e:
# LDAPError is dumb, it returns a list with one element for goodness knows what reason
e = e[0]
error = []
desc = e.get('desc')
info = e.get('info')
if desc:
error.append(desc)
if info:
error.append(info)
if error:
error = ', '.join(error)
else:
error = str(e)
raise forms.ValidationError("{0}".format(error))
except Exception as e:
raise forms.ValidationError("{0}".format(str(e)))
return cdata
def clean_root_password(self):
vm_type = self.cleaned_data.get('vm_type')
root_password = self.cleaned_data.get('root_password')
if vm_type != 'Bhyve' and not root_password:
raise forms.ValidationError(_('This field is required.'))
return root_password
if ret is False:
raise forms.ValidationError("%s." % errors[0])
except FreeNAS_ActiveDirectory_Exception, e:
raise forms.ValidationError('%s.' % e)
args['binddn'] = binddn
args['bindpw'] = bindpw
else:
args['keytab_principal'] = ad_kerberos_principal.principal_name
args['keytab_file'] = '/etc/krb5.keytab'
try:
workgroup = FreeNAS_ActiveDirectory.get_workgroup_name(**args)
except Exception as e:
raise forms.ValidationError(e)
if workgroup:
if compare_netbios_names(netbiosname, workgroup, None):
raise forms.ValidationError(
_("The NetBIOS name cannot be the same as the workgroup name!"
))
if netbiosname_b:
if compare_netbios_names(netbiosname_b, workgroup, None):
raise forms.ValidationError(
_("The NetBIOS name cannot be the same as the workgroup "
"name!"))
else:
log.warn("Unable to determine workgroup name")
def clean(self):
cdata = self.cleaned_data
domain = cdata.get("ad_domainname")
bindname = cdata.get("ad_bindname")
binddn = "%s@%s" % (bindname, domain)
bindpw = cdata.get("ad_bindpw")
site = cdata.get("ad_site")
netbiosname = cdata.get("ad_netbiosname_a")
netbiosname_b = cdata.get("ad_netbiosname_b")
ssl = cdata.get("ad_ssl")
certificate = cdata["ad_certificate"]
ad_kerberos_principal = cdata["ad_kerberos_principal"]
workgroup = None
if certificate:
with client as c:
certificate = c.call('certificateauthority.query',
[['id', '=', certificate.id]],
{'get': True})
certificate = certificate['certificate_path']
args = {
'domain': domain,
'site': site,
'ssl': ssl,
'certfile': certificate
}
if not cdata.get("ad_bindpw"):
bindpw = self.instance.ad_bindpw
cdata['ad_bindpw'] = bindpw
if cdata.get("ad_enable") is False:
return cdata
if not ad_kerberos_principal:
if not bindname:
raise forms.ValidationError("No domain account name specified")
if not bindpw:
raise forms.ValidationError(
"No domain account password specified")
try:
FreeNAS_ActiveDirectory.validate_credentials(
domain,
site=site,
ssl=ssl,
certfile=certificate,
binddn=binddn,
bindpw=bindpw)
except LDAPError as e:
log.debug("LDAPError: type = %s", type(e))
error = []
try:
error.append(e.args[0]['info'])
error.append(e.args[0]['desc'])
error = ', '.join(error)
except Exception as e:
error = str(e)
raise forms.ValidationError("{0}".format(error))
except Exception as e:
log.debug("Exception: type = %s", type(e))
raise forms.ValidationError('{0}.'.format(str(e)))
args['binddn'] = binddn
args['bindpw'] = bindpw
else:
args['keytab_principal'] = ad_kerberos_principal.principal_name
args['keytab_file'] = '/etc/krb5.keytab'
try:
workgroup = FreeNAS_ActiveDirectory.get_workgroup_name(**args)
except Exception as e:
raise forms.ValidationError(e)
if workgroup:
if compare_netbios_names(netbiosname, workgroup, None):
raise forms.ValidationError(
_("The NetBIOS name cannot be the same as the workgroup name!"
))
if netbiosname_b:
if compare_netbios_names(netbiosname_b, workgroup, None):
raise forms.ValidationError(
_("The NetBIOS name cannot be the same as the workgroup "
"name!"))
else:
log.warn("Unable to determine workgroup name")
if ssl in ("off", None):
return cdata
if not certificate:
raise forms.ValidationError(
"SSL/TLS specified without certificate")
return cdata
