def test_option_bool_serialization():
option_bool = Option("test", True)
option_str = Option("test", "1")
assert option_bool.value == option_str.value == "1"
option_bool = Option("test", False)
option_str = Option("test", "0")
assert option_bool.value == option_str.value == "0"
def region_form_cb(data):
uci = Uci()
system = Config("system")
uci.add(system)
system_section = Section(data['system_name'], "system")
system.add(system_section)
zonename = data['zonename']
system_section.add(Option("zonename", zonename))
system_section.add(
Option("timezone", tzinfo.get_zoneinfo_for_tz(zonename)))
return "edit_config", uci
def pw_form_cb(data):
from beaker.crypto import pbkdf2
if self.change:
# if changing password, check the old pw is right first
uci_data = client.get(filter=filters.foris_config)
password_hash = uci_data.find_child("uci.foris.auth.password")
# allow changing the password if password_hash is empty
if password_hash:
password_hash = password_hash.value
# crypt automatically extracts salt and iterations from formatted pw hash
if password_hash != pbkdf2.crypt(data['old_password'],
salt=password_hash):
return "save_result", {'wrong_old_password': True}
uci = Uci()
foris = Config("foris")
uci.add(foris)
auth = Section("auth", "config")
foris.add(auth)
# use 48bit pseudo-random salt internally generated by pbkdf2
new_password_hash = pbkdf2.crypt(data['password'], iterations=1000)
auth.add(Option("password", new_password_hash))
if data['set_system_pw'] is True:
client.set_password("root", data['password'])
return "edit_config", uci
def test_build_option_uci_tree_correct_xml():
uci = Uci()
updater = Config("updater")
uci.add(updater)
override = Section("override", "override")
updater.add(override)
override.add(Option("disable", True))
built_tree = build_option_uci_tree("updater.override.disable", "override", True)
assert ET.tostring(built_tree.get_xml()) == ET.tostring(uci.get_xml())
def form_cb(data):
agreed = bool(int(data.get("agreed", "0")))
approval_status = data.get(UpdaterAutoUpdatesHandler.APPROVAL_NO,
UpdaterAutoUpdatesHandler.APPROVAL_NO)
auto_grant_seconds = int(data.get("approval_timeout",
24)) * 60 * 60
uci = Uci()
updater = uci.add(Config("updater"))
override = updater.add(Section("override", "override"))
override.add(Option("disable", not agreed))
approvals = updater.add_replace(Section("approvals", "approvals"))
if approval_status == UpdaterAutoUpdatesHandler.APPROVAL_NO:
approvals.add(Option("need", "0"))
elif approval_status == UpdaterAutoUpdatesHandler.APPROVAL_NEEDED:
approvals.add(Option("need", "1"))
elif approval_status == UpdaterAutoUpdatesHandler.APPROVAL_TIMEOUT:
approvals.add(Option("need", "1"))
approvals.add(Option("auto_grant_seconds", auto_grant_seconds))
return "edit_config", uci
def lan_form_cb(data):
uci = Uci()
config = Config("dhcp")
uci.add(config)
dhcp = Section("lan", "dhcp")
config.add(dhcp)
# FIXME: this would overwrite any unrelated DHCP options the user might have set.
# Maybe we should get the current values, scan them and remove selectively the ones
# with 6 in front of them? Or have some support for higher level of stuff in nuci.
options = List("dhcp_option")
options.add(Value(0, "6," + data['lan_ipaddr']))
dhcp.add_replace(options)
network = Config("network")
uci.add(network)
interface = Section("lan", "interface")
network.add(interface)
interface.add(Option("ipaddr", data['lan_ipaddr']))
if data['dhcp_enabled']:
dhcp.add(Option("ignore", "0"))
dhcp.add(Option("start", data['dhcp_min']))
dhcp.add(Option("limit", data['dhcp_max']))
else:
dhcp.add(Option("ignore", "1"))
# qos data
qos = {'enabled': False}
if 'guest_network_shapping' in data and data['guest_network_shapping']:
qos['enabled'] = True
qos['download'] = data['guest_network_download']
qos['upload'] = data['guest_network_upload']
# update guest network configs
guest_enabled = data.get("guest_network_enabled")
guest_network_subnet = data.get("guest_network_subnet")
if guest_network_subnet:
network, prefix = data.get("guest_network_subnet").split("/")
else:
network, prefix = DEFAULT_GUEST_NETWORK, DEFAULT_GUEST_PREFIX
# disable guest wifi when guest network is not enabled
data = client.get(filter=wifi_filter())
card_count = 0
while data.find_child("uci.wireless.@wifi-device[%d]" % card_count):
card_count += 1
if not guest_enabled and card_count > 0:
wireless = uci.add(Config("wireless"))
for i in range(card_count):
guest_iface = wireless.add(Section("guest_iface_%d" % i, "wifi-iface"))
guest_iface.add(Option("disabled", "1"))
guest_interfaces = ["guest_turris_%d" % e for e in range(card_count)]
LanHandler.prepare_guest_configs(
uci, guest_enabled, network, prefix, guest_interfaces, qos)
return "edit_config", uci
def dns_form_cb(data):
uci = Uci()
resolver = Config("resolver")
uci.add(resolver)
server = Section("common", "resolver")
resolver.add(server)
server.add(Option("forward_upstream", data['forward_upstream']))
if not contract_valid():
server.add(Option("ignore_root_key", data['ignore_root_key']))
if 'dhcp_from_dns' in data:
server.add(Option("dynamic_domains", data['dhcp_from_dns']))
if 'dhcp_dns_domain' in data:
dhcp = uci.add(Config("dhcp"))
dnsmasq_section = dns_form.nuci_config.find_child(
"uci.dhcp.@dnsmasq[0]")
dnsmasq = dhcp.add(
Section(dnsmasq_section.name, "dnsmasq", anonymous=True))
dnsmasq.add(
Option("local",
"/%s/" % data["dhcp_dns_domain"].strip("/")))
return "edit_config", uci
def wifi_form_cb(data):
uci = Uci()
wireless = Config("wireless")
uci.add(wireless)
guest_wifi_enabled = False
for radio in radios:
if self._prepare_radio_cb(data, wireless, radio):
guest_wifi_enabled = True
guest_interfaces = ["guest_turris_%s" % e for e in sorted(radios)]
# test whether it is required to pass update guest network
current_data = client.get(filter=filters.wifi_filter())
current_enabled = preprocessors.guest_network_enabled(current_data)
if guest_wifi_enabled and not current_enabled:
# Guest network handling
guest_network_subnet = data.get("guest_network_subnet")
if guest_network_subnet:
network, prefix = data.get("guest_network_subnet").split(
"/")
else:
network, prefix = DEFAULT_GUEST_NETWORK, DEFAULT_GUEST_PREFIX
LanHandler.prepare_guest_configs(uci, True, network, prefix,
guest_interfaces)
elif guest_wifi_enabled:
# try to update guest interfaces if the differs
stored = current_data.find_child(
"uci.network.guest_turris.ifname")
if not stored or set(
stored.value.split(" ")) != set(guest_interfaces):
network_conf = uci.add(Config("network"))
interface_section = network_conf.add(
Section("guest_turris", "interface"))
interface_section.add(
Option("ifname", " ".join(guest_interfaces)))
return "edit_config", uci
def ucollect_form_cb(data):
uci = Uci()
ucollect = Config("ucollect")
uci.add(ucollect)
fakes = Section("fakes", "fakes")
ucollect.add(fakes)
disable = List("disable")
disabled_services = [
x[0] for x in SERVICES_OPTIONS if x[0] not in data['services']
]
for i, service in enumerate(disabled_services):
disable.add(Value(i, service))
if len(disabled_services):
fakes.add_replace(disable)
else:
fakes.add_removal(disable)
fakes.add(Option("log_credentials", data['log_credentials']))
return "edit_config", uci
def _prepare_radio_cb(data, wireless, radio):
""" prepares cb for a signle radio part
:returns: True if guest Wi-Fi is enabled False othewise
:rtype: bool
"""
def radio_data(name):
return data.get("radio%s-%s" % (radio, name))
iface_section = radio_data('iface_section')
if not iface_section:
# There's no section specified for this radio, skip it
return
iface = Section(iface_section, "wifi-iface")
wireless.add(iface)
device = Section("radio%s" % radio, "wifi-device")
wireless.add(device)
guest_iface = Section("guest_iface_%s" % radio, "wifi-iface")
wireless.add(guest_iface)
# we must toggle both wifi-ifaces and device
wifi_enabled = radio_data('wifi_enabled')
guest_enabled = radio_data("guest_enabled")
iface.add(Option("disabled", not wifi_enabled))
device.add(Option("disabled", not wifi_enabled))
guest_iface.add(
Option("disabled", not wifi_enabled or not guest_enabled))
if wifi_enabled:
iface.add(Option("ssid", radio_data('ssid')))
iface.add(Option("hidden", radio_data('ssid_hidden')))
iface.add(Option("encryption", "psk2+tkip+aes"))
iface.add(Option("key", radio_data('key')))
if radio_data('channel2g4'):
channel = radio_data('channel2g4')
elif radio_data('channel5g'):
channel = radio_data('channel5g')
else:
logger.critical("Saving form without Wi-Fi channel: %s", data)
channel = "auto"
hwmode = radio_data('hwmode')
if hwmode:
# change hwmode only if we had the choice
device.add(Option("hwmode", hwmode))
device.add(Option("htmode", radio_data('htmode')))
# channel is in wifi-device section
device.add(Option("channel", channel))
# setting guest wifi
if guest_enabled:
guest_iface.add(Option("device", "radio%s" % radio))
guest_iface.add(Option("mode", "ap"))
guest_iface.add(Option("ssid", radio_data('guest_ssid')))
guest_iface.add(Option("encryption", "psk2+tkip+aes"))
guest_iface.add(Option("key", radio_data('guest_key')))
guest_iface.add(Option("disabled", "0"))
guest_iface.add(Option("ifname", "guest_turris_%s" % radio))
guest_iface.add(Option("network", "guest_turris"))
guest_iface.add(Option("isolate", "1"))
return True
else:
# disable guest wifi
guest_iface.add(Option("disabled", "1"))
return False
def wan_form_cb(data):
uci = Uci()
network = Config("network")
uci.add(network)
wan = Section("wan", "interface")
network.add(wan)
wan.add(Option("proto", data['proto']))
if data['custom_mac'] is True:
wan.add(Option("macaddr", data['macaddr']))
else:
wan.add_removal(Option("macaddr", None))
ucollect_ifname = self.wan_ifname
if data['proto'] == WAN_PPPOE:
wan.add(Option("username", data['username']))
wan.add(Option("password", data['password']))
wan.add(Option("ipv6",
data.get("wan6_proto") is not WAN6_NONE))
ucollect_ifname = "pppoe-wan"
elif data['proto'] == WAN_STATIC:
wan.add(Option("ipaddr", data['ipaddr']))
wan.add(Option("netmask", data['netmask']))
wan.add(Option("gateway", data['gateway']))
dns_list = List("dns")
dns2 = data.get("dns2", None)
if dns2:
dns_list.add(Value(0, dns2))
dns1 = data.get("dns1", None)
if dns1:
dns_list.add(Value(
1,
dns1)) # dns with higher priority should be added last
if not dns_list.children:
wan.add_removal(dns_list)
else:
wan.add_replace(dns_list)
# IPv6 configuration
wan6 = Section("wan6", "interface")
network.add(wan6)
wan6.add(Option("ifname", "@wan"))
wan6.add(Option("proto", data['wan6_proto']))
if data.get("wan6_proto") == WAN6_STATIC:
wan6.add(Option("ip6addr", data['ip6addr']))
wan6.add(Option("ip6gw", data['ip6gw']))
wan6.add(Option("ip6prefix", data['ip6prefix']))
else:
wan6.add_removal(Option("ip6addr", None))
wan6.add_removal(Option("ip6gw", None))
wan6.add_removal(Option("ip6prefix", None))
if has_smrtd:
smrtd = Config("smrtd")
uci.add(smrtd)
smrt_vlan = data.get("smrt_vlan")
use_smrt = data.get("use_smrt", False)
wan_if = Section(self.wan_ifname, "interface")
smrtd.add(wan_if)
wan_if.add(Option("name", self.wan_ifname))
if use_smrt:
if not smrt_vlan:
# "proprietary" number - and also a common VLAN ID in CZ
smrt_vlan = "848"
self.wan_ifname += ".%s" % smrt_vlan
vpi, vci = data.get("smrt_vpi"), data.get("smrt_vci")
connections = List("connections")
if vpi and vci:
wan_if.add(connections)
connections.add(
Value(1, "%s %s %s" % (smrt_vlan, vpi, vci)))
elif use_smrt:
wan_if.add_removal(connections)
smrtd_global = Section("global", "global")
smrtd.add(smrtd_global)
smrtd_global.add(Option("enabled", use_smrt))
# set correct ifname for WAN - must be changed when disabling SMRT
wan.add(Option("ifname", self.wan_ifname))
# set interface for ucollect to listen on
interface_if_name = None
ucollect_interface0 = wan_form.nuci_config.find_child(
"uci.ucollect.@interface[0]")
if ucollect_interface0:
interface_if_name = ucollect_interface0.name
ucollect = Config("ucollect")
uci.add(ucollect)
interface = Section(interface_if_name, "interface", True)
ucollect.add(interface)
interface.add(Option("ifname", ucollect_ifname))
return "edit_config", uci
def notifications_form_cb(data):
uci = Uci()
user_notify = Config("user_notify")
uci.add(user_notify)
smtp = Section("smtp", "smtp")
user_notify.add(smtp)
smtp.add(Option("enable", data['enable_smtp']))
reboot = Section("reboot", "reboot")
user_notify.add(reboot)
reboot.add(Option("time", data['reboot_time']))
reboot.add(Option("delay", data['delay']))
if data['enable_smtp']:
smtp.add(Option("use_turris_smtp", data['use_turris_smtp']))
if data['use_turris_smtp'] == "0":
smtp.add(Option("server", data['server']))
smtp.add(Option("port", data['port']))
smtp.add(Option("username", data['username']))
smtp.add(Option("password", data['password']))
smtp.add(Option("security", data['security']))
smtp.add(Option("from", data['from']))
else:
smtp.add(Option("sender_name", data['sender_name']))
to = List("to")
for i, to_item in enumerate(data['to'].split(" ")):
if to_item:
to.add(Value(i, to_item))
smtp.add_replace(to)
# notifications section
notifications = Section("notifications", "notifications")
user_notify.add(notifications)
notifications.add(Option("severity", data['severity']))
notifications.add(Option("news", data['news']))
return "edit_config", uci
def prepare_guest_configs(uci, enabled, network, prefix, interfaces=[], qos={}):
ignore = "0" if enabled else "1"
enabled = "1" if enabled else "0"
# parse router ip address (192.168.1.0 -> 192.168.1.1)
router_ip = ip_num_to_str_4(ip_str_to_num_4(network) + 1)
netmask = prefix_to_mask_4(int(prefix))
# update network interface list
network_conf = uci.find_child("network") or Config("network")
uci.add(network_conf)
interface_section = Section("guest_turris", "interface")
network_conf.add_replace(interface_section)
interface_section.add(Option("enabled", enabled))
interface_section.add(Option("type", "bridge"))
if interfaces:
interface_section.add(Option("ifname", " ".join(interfaces)))
interface_section.add(Option("proto", "static"))
interface_section.add(Option("ipaddr", router_ip))
interface_section.add(Option("netmask", netmask))
interface_section.add(Option("bridge_empty", "1"))
# update firewall config
firewall_conf = uci.find_child("firewall") or Config("firewall")
uci.add(firewall_conf)
zone_section = Section("guest_turris", "zone")
firewall_conf.add_replace(zone_section)
zone_section.add(Option("enabled", enabled))
zone_section.add(Option("name", "guest_turris"))
network_list = List("network")
network_list.add(Value(0, "guest_turris"))
zone_section.add(network_list)
zone_section.add(Option("input", "REJECT"))
zone_section.add(Option("forward", "REJECT"))
zone_section.add(Option("output", "ACCEPT"))
wan_forwarding_section = Section("guest_turris_forward_wan", "forwarding")
firewall_conf.add_replace(wan_forwarding_section)
wan_forwarding_section.add(Option("enabled", enabled))
wan_forwarding_section.add(Option("name", "guest to wan forward"))
wan_forwarding_section.add(Option("src", "guest_turris"))
wan_forwarding_section.add(Option("dest", "wan"))
dns_rule_section = Section("guest_turris_dns_rule", "rule")
firewall_conf.add_replace(dns_rule_section)
dns_rule_section.add(Option("enabled", enabled))
dns_rule_section.add(Option("name", "guest dns rule"))
dns_rule_section.add(Option("src", "guest_turris"))
dns_rule_section.add(Option("proto", "tcpudp"))
dns_rule_section.add(Option("dest_port", 53))
dns_rule_section.add(Option("target", "ACCEPT"))
dhcp_rule_section = Section("guest_turris_dhcp_rule", "rule")
firewall_conf.add_replace(dhcp_rule_section)
dhcp_rule_section.add(Option("enabled", enabled))
dhcp_rule_section.add(Option("name", "guest dhcp rule"))
dhcp_rule_section.add(Option("src", "guest_turris"))
dhcp_rule_section.add(Option("proto", "udp"))
dhcp_rule_section.add(Option("src_port", "67-68"))
dhcp_rule_section.add(Option("dest_port", "67-68"))
dhcp_rule_section.add(Option("target", "ACCEPT"))
# update dhcp config
dhcp_conf = uci.find_child("dhcp") or Config("dhcp")
uci.add(dhcp_conf)
dhcp_section = Section("guest_turris", "dhcp")
dhcp_conf.add_replace(dhcp_section)
dhcp_section.add(Option("interface", "guest_turris"))
dhcp_section.add(Option("start", "200"))
dhcp_section.add(Option("limit", "50"))
dhcp_section.add(Option("leasetime", "1h"))
dhcp_section.add(Option("ignore", ignore))
dhcp_option_list = List("dhcp_option")
dhcp_option_list.add(Value(0, "6,%s" % router_ip))
dhcp_section.add(dhcp_option_list)
# update qos part
if qos:
qos_conf = uci.find_child("sqm") or Config("sqm")
uci.add(qos_conf)
queue_section = qos_conf.add_replace(Section("guest_limit_turris", "queue"))
queue_section.add(Option("enabled", qos["enabled"]))
if qos["enabled"]:
queue_section.add(Option("interface", "br-guest_turris"))
queue_section.add(Option("qdisc", "fq_codel"))
queue_section.add(Option("script", "simple.qos"))
queue_section.add(Option("link_layer", "none"))
queue_section.add(Option("verbosity", "5"))
queue_section.add(Option("debug_logging", "1"))
# We need to swap dowload and upload
# "upload" means upload to the guest network
# "download" means dowload from the guest network
# so it would be confusing for a client who tries to run some speedtest
queue_section.add(Option("download", qos["upload"]))
queue_section.add(Option("upload", qos["download"]))