def render_link_maybe(self, ctx, data):
from codebay.l2tpserver import interfacehelper
from nevow.flat.ten import flatten
have_network_connection = False
try:
ifname = 'eth0' # XXX: hardcoded in livecd
ifaces = interfacehelper.get_interfaces()
iface = ifaces.get_interface_by_name(ifname)
if iface is not None:
addr = iface.get_current_ipv4_address_info()
if addr is not None:
have_network_connection = True
except:
_log.exception(
'livecd cannot determine whether we have a network connection or not'
)
if have_network_connection:
return ctx.tag
else:
# XXX: ugly hack, but without this markup would need heavier elements
txt = flatten(ctx.tag.children)
return T.strong(_class='cb-strong')[txt]
def render_error_or_pass(self, context, data):
if isinstance(data, ErrorWrapper):
return context.tag.clear() \
[ tags.strong(style="color: red;") \
[ _('An error occurred: '),
data.value.getErrorMessage(),
]
]
else:
return context.tag
def render_error_or_pass(self, context, data):
if isinstance(data, ErrorWrapper):
return context.tag.clear() \
[ tags.strong(style="color: red;") \
[ _('An error occurred: '),
data.value.getErrorMessage(),
]
]
else:
return context.tag
def data_new_root(self, ctx, data):
"""
Template function to display the new root form.
"""
request = inevow.IRequest(ctx)
requestData = protocol.OpenIDRequest(request)
current_root = requestData.get('openid.trust_root', None)
if(current_root):
return tags.div(_class="trustable")[[
tags.small()["click 'approve new root' to verify access to this URL:"],
tags.br(),
tags.strong()[current_root],
tags.input(type="submit", name="submit", value="approve new root"),
]]
else:
return tags.div(_class="trustable")[[
tags.small()["enter a new root here and click 'approve new root':"],
tags.br(),
tags.input(type='text', size="60", name='openid.trust_root', value=''),
tags.input(type="submit", name="submit", value="approve new root"),
]]
def render_link_maybe(self, ctx, data):
from codebay.l2tpserver import interfacehelper
from nevow.flat.ten import flatten
have_network_connection = False
try:
ifname = 'eth0' # XXX: hardcoded in livecd
ifaces = interfacehelper.get_interfaces()
iface = ifaces.get_interface_by_name(ifname)
if iface is not None:
addr = iface.get_current_ipv4_address_info()
if addr is not None:
have_network_connection = True
except:
_log.exception('livecd cannot determine whether we have a network connection or not')
if have_network_connection:
return ctx.tag
else:
# XXX: ugly hack, but without this markup would need heavier elements
txt = flatten(ctx.tag.children)
return T.strong(_class='cb-strong')[txt]
def render_content(self, ctx, data):
Utils.log.msg('%s opened Tools/Firewall' % (self.avatarId.username))
rules = self.rules.read()
### Read SNAT rules
snat = self.sysconf.Shorewall.get('snat', [])
snatRules = []
n = 0
for ru in snat:
l = ru.split()
l.append(
tags.
a(href="Delete/SNAT/%s/" % n,
onclick=
"return confirm('Are you sure you want to delete this SNAT rule?');",
title="Delete this SNAT rule.")[tags.img(
src="/images/ex.png")])
snatRules.append(l)
n += 1
### Read MASQ rules
masq = self.sysconf.Shorewall.get('masq', {})
natRules = []
for k, mas in masq.items():
runum = 0
for v in mas:
if type(v) == list:
l = [k]
l.extend([i.replace('-', 'Any') for i in v])
l.append(
tags.
a(href="Delete/NAT/%s/%s/" % (k, runum),
onclick=
"return confirm('Are you sure you want to delete this NAT rule?');",
title="Delete this NAT rule.")[tags.img(
src="/images/ex.png")])
natRules.append(l)
else:
natRules.append([
k, 'Any', v, 'Any', 'Any', 'Any', 'Any',
tags.
a(href="Delete/NAT/%s/%s/" % (k, runum),
onclick=
"return confirm('Are you sure you want to delete this NAT rule?');",
title="Delete this NAT rule.")[tags.img(
src="/images/ex.png")]
])
runum += 1
# QOS
toss = {
'16': 'Minimize Delay',
'8': 'Maximize Throughput',
'4': 'Maximize Reliability',
'2': 'Minimize Cost',
'0': 'Normal Service'
}
qosRules = []
l = 0
for port, proto, tos in self.sysconf.Shorewall.get('qos', []):
qosRules.append([
port, proto, toss[tos],
tags.
a(href=url.root.child("Qos").child("Delete").child(l),
onclick=
"return confirm('Are you sure you want to delete this entry?');"
)[tags.img(src="/images/ex.png")]
])
l += 1
### Check if shorewall is broken
if os.path.exists('/usr/local/tcs/tums/shorewallBroken'):
check = tags.div(style="color: #F00")[tags.br, tags.strong[
"The firewall configuration appears to be broken, please test the settings to see any errors and correct them"],
tags.br]
else:
check = ""
fwtable, securityViolation = getFirewallRules(self.rules)
if securityViolation:
secError = [
tags.table(width="70%", style="border:2px solid #ff5555")[
tags.tr[tags.td[tags.img(src="/images/securityhz.png")],
tags.td[tags.h1["Security Violation!"],
securityViolation]]], tags.br, tags.br
]
else:
secError = ""
### Return the page stanza
return ctx.tag[
tags.h3[tags.img(src="/images/firewall.png"),
" Firewall"], check, secError,
tags.img(src="/images/start.png"), " ",
tags.a(href="Test",
style="font-size:11pt;",
title="Test the firewall. (This may take some time!)"
)[tags.strong(
style="font-family:arial,verdana,helvetica,sans-serif;"
)["Test Settings"]], tags.br,
tags.img(src="/images/refresh.png"), " ",
tags.
a(href="Restart",
style="font-size:11pt;",
title=
"Restart the firewall and apply the changes. Changes are only activated after this is clicked."
)[tags.strong(
style="font-family:arial,verdana,helvetica,sans-serif"
)["Apply Changes"]],
PageHelpers.TabSwitcher(
(
('Rules', 'panelRules'),
#('Allow Ports' , 'panelAllowPort'),
('NAT', 'panelNATTab'),
('QoS', 'panelQos'),
('Policy', 'panelPolicy'),
('Zones', 'panelZones'),
('Connections', 'panelCurrent'),
),
id="firewall"),
tags.div(id="panelNATTab", _class="tabPane")[
PageHelpers.TabSwitcher(
(('Forwarding', 'panelForwardPort'),
('Redirection', 'panelTransparentProxy'),
('NAT', 'panelNAT'), ('Source NAT', 'panelSNAT')),
id="firewallNAT"),
tags.div(id="panelForwardPort", _class="tabPane")
[tags.h3["Port Forwarding"],
PageHelpers.
dataTable([
'Source Zone', 'Source IP', 'Forward To',
'Destination Zone', 'Protocol', 'Port', 'Destination IP', ''
], [
r[:-1] + [
tags.
a(href="Delete/dnat/%s/" % (r[-1]),
title="Delete this port forwarding rule",
onclick=
"return confirm('Are you sure you want to delete this entry?');"
)[tags.img(src="/images/ex.png")]
] for i, r in enumerate(rules['FORWARD'])
]), tags.h3["Add Forwarding Rule"],
tags.directive('form forwardPort'), ],
tags.div(id="panelTransparentProxy", _class="tabPane")
[tags.h3["Port Redirection (Transparent Proxy)"],
PageHelpers.
dataTable([
'Source Zone', 'Source Network', 'Destination Port',
'Source Port', 'Protocol', 'Destination Network', ''
], [
r[:-1] + [
tags.
a(href="Delete/redirect/%s/" % (r[-1]),
title="Delete this transparent redirection rule",
onclick=
"return confirm('Are you sure you want to delete this entry?');"
)[tags.img(src="/images/ex.png")]
] for i, r in enumerate(rules['PROXY'])
]), tags.h3["Add Redirection Rule"],
tags.directive('form transProxy'), ],
tags.div(id="panelNAT", _class="tabPane")[
tags.h3["Nework Address Translation (Masquerading)"],
PageHelpers.dataTable([
'Destination Interface', 'Destination Network',
'Source Interface', 'Source Network', 'NAT IP',
'Protocol', 'Port', ''
], natRules), tags.h3['Add NAT Rule'],
tags.directive('form addNAT')],
tags.div(id="panelSNAT", _class="tabPane")[
tags.h3["Source NAT"],
PageHelpers.dataTable([
'Source IP', 'External Interface', 'Internal IP',
'Any Interface', 'Use Internal'
], snatRules), tags.h3['Add SNAT Rule'],
tags.directive('form addSNAT')],
PageHelpers.LoadTabSwitcher(id="firewallNAT")],
tags.div(id="panelPolicy", _class="tabPane")[
tags.h3["General firewall policy"],
tags.directive('form inetPol')],
tags.div(id="panelQos", _class="tabPane")[
tags.h3[tags.img(src="/images/compress.png"),
"QOS"],
PageHelpers.
dataTable(['Port', 'Protocol', 'Type of service', ''], qosRules
), tags.h3["Add Rule"],
tags.directive('form addQos'), ],
tags.div(id="panelRules", _class="tabPane")[
tags.h3["Firewall Rules"],
tags.invisible(render=tags.directive('tableWidget')), tags.br,
#fwtable,
tags.a(name="addRule")[''], tags.h3["Add rule"],
tags.directive('form allowRange'), ],
tags.div(id="panelZones", _class="tabPane")
[tags.h3["Zones"],
PageHelpers.dataTable(
['Zone Name', 'Policy', 'Log target', 'Interfaces', ''], [[
zone, zd['policy'], zd['log'],
[[i, tags.br] for i in zd['interfaces']],
[
tags.
a(href="Delete/Zone/%s/" % (zone),
title="Delete this firewall zone",
onclick=
"return confirm('Are you sure you want to delete this zone?');"
)[tags.img(src="/images/ex.png")],
tags.a(href="EditZone/%s/" %
zone)[tags.img(src="/images/edit.png")]
]
] for zone, zd in self.sysconf.Shorewall.get('zones', {}
).items()]),
tags.h3['Add Firewall Zone'],
tags.directive('form addZone')],
tags.div(id="panelCurrent", _class="tabPane")[
tags.h3["Current Connections"],
tags.invisible(render=tags.directive('connections'))],
PageHelpers.LoadTabSwitcher(id="firewall")]
def render_content(self, ctx, data):
Utils.log.msg('%s opened Tools/Firewall' % (self.avatarId.username))
rules = self.rules.read()
rows = []
bg = True
### Read SNAT rules
snat = self.sysconf.Shorewall.get('snat', [])
snatRules = []
n = 0
for ru in snat:
l = ru.split()
l.append(
tags.a(
href="Delete/SNAT/%s/" % n,
onclick="return confirm('Are you sure you want to delete this SNAT rule?');",
title="Delete this SNAT rule."
)[tags.img(src="/images/ex.png")]
)
snatRules.append(l)
n += 1
### Read MASQ rules
masq = self.sysconf.Shorewall.get('masq', {})
natRules = []
for k,mas in masq.items():
runum = 0
for v in mas:
if type(v) == list:
l = [k]
l.extend([i.replace('-', 'Any') for i in v])
l.append(
tags.a(
href="Delete/NAT/%s/%s/"%(k, runum),
onclick="return confirm('Are you sure you want to delete this NAT rule?');",
title="Delete this NAT rule."
)[tags.img(src="/images/ex.png")]
)
natRules.append(l)
else:
natRules.append([
k, 'Any', v, 'Any', 'Any', 'Any', 'Any',
tags.a(
href="Delete/NAT/%s/%s/"%(k, runum),
onclick="return confirm('Are you sure you want to delete this NAT rule?');",
title="Delete this NAT rule."
)[tags.img(src="/images/ex.png")]
])
runum += 1
securityViolation = None
### Read firewall rules table
try:
lastrule = rules['AIP'][0][8]
except:
lastrule = 0
for i,ru in enumerate(rules['AIP']):
bg = not bg
this = bg and "#F5F5EB" or "#eee"
try:
nextrule = rules['AIP'][i+1][8]
except:
nextrule = ru[8]
# Check for security violations
print "Port, source", ru[7], ru[2]
# SSH and Vulani access violation
if ru[7] in ["22", "9682"]:
if (ru[2] == "Any") and ((ru[1] in ["net", "Any", "dsl", "ppp", "wan", "net2"]) or (ru[4] == "fw")):
securityViolation = "Inbound SSH and/or Vulani administrative access should not be unrestricted! "
securityViolation += "Your system security has been seriously compromised. Please remove this "
securityViolation += "rule and restrict the source IP or make use of the VPN to administer the server remotely"
this = "#ff5555"
r = [
tags.tr(style="background: %s" % this)[
tags.td(rowspan=2)[ru[0]],
tags.td[tags.strong['Source ']],
tags.td[ru[1]], # Source zone
tags.td[ru[3].replace('-', 'Any')], # Source port
tags.td[ru[2]], # Source IP
tags.td(rowspan=2)[ru[6].replace('-', 'Any')],
tags.td(rowspan=2)[
tags.a(
href="Swap/%s/%s/" % (ru[8], nextrule),
title = "Move this rule down"
)[tags.img(src="/images/arrowdown.png")],
" ",
tags.a(
href="Swap/%s/%s/" % (ru[8], lastrule),
title = "Move this rule up"
)[tags.img(src="/images/arrowup.png")],
" ",
tags.a(
href="Delete/AIP/%s/"%(ru[8]),
onclick="return confirm('Are you sure you want to delete this rule?');",
title="Delete this firewall rule."
)[tags.img(src="/images/ex.png")]
]
],
tags.tr(style="background: %s" % this)[
tags.td[tags.strong['Destination ']],
#tags.td(align='right')[' Zone: '],
tags.td[ru[4]], # Zone
#tags.td( align='right')[' Port/Type: '],
tags.td[ru[7].replace('-', 'Any')], #Port
#tags.td( align='right')[' IP: '],
tags.td[ru[5]], # IP
],
]
rows.append(r)
lastrule = ru[8]
self.largestRule = lastrule
fwtable = tags.table(cellspacing=0, _class='listing')[
tags.thead(background="/images/gradMB.png")[
tags.tr[
tags.th['Rule'],
tags.th[''],
#tags.th[''],
tags.th['Zone'],
#tags.th[''],
tags.th['Port'],
#tags.th[''],
tags.th['IP'],
tags.th['Protocol'],
tags.th[''],
],
],
tags.tbody[
rows
]
]
toss = {
'16':'Minimize Delay',
'8':'Maximize Throughput',
'4':'Maximize Reliability',
'2':'Minimize Cost',
'0':'Normal Service'
}
qosRules = []
l = 0
for port, proto, tos in self.sysconf.Shorewall.get('qos', []):
qosRules.append([
port,
proto,
toss[tos],
tags.a(href=url.root.child("Qos").child("Delete").child(l), onclick="return confirm('Are you sure you want to delete this entry?');")[tags.img(src="/images/ex.png")]
])
l += 1
### Check if shorewall is broken
if os.path.exists('/usr/local/tcs/tums/shorewallBroken'):
check = tags.div(style="color: #F00")[
tags.br,
tags.strong[
"The firewall configuration appears to be broken, please test the settings to see any errors and correct them"
],
tags.br
]
else:
check = ""
if securityViolation:
secError = [tags.table(width="70%", style="border:2px solid #ff5555")[tags.tr[
tags.td[tags.img(src="/images/securityhz.png")],
tags.td[
tags.h1["Security Violation!"],
securityViolation
]
]], tags.br, tags.br]
else:
secError = ""
### Return the page stanza
return ctx.tag[
tags.h3[tags.img(src="/images/firewall.png"), " Firewall"],
check,
secError,
tags.img(src="/images/start.png"), " ",
tags.a(
href="Test",
style="font-size:11pt;",
title="Test the firewall. (This may take some time!)"
)[tags.strong(style="font-family:arial,verdana,helvetica,sans-serif;")["Test Settings"]],
tags.br,
tags.img(src="/images/refresh.png"), " ",
tags.a(
href="Restart",
style="font-size:11pt;",
title="Restart the firewall and apply the changes. Changes are only activated after this is clicked."
)[tags.strong(style="font-family:arial,verdana,helvetica,sans-serif")["Apply Changes"]],
PageHelpers.TabSwitcher((
('Rules' , 'panelRules'),
#('Allow Ports' , 'panelAllowPort'),
('NAT', 'panelNATTab'),
('QoS', 'panelQos'),
('Policy', 'panelPolicy'),
('Zones' , 'panelZones'),
('Connections', 'panelCurrent'),
), id = "firewall"),
tags.div(id="panelNATTab", _class="tabPane")[
PageHelpers.TabSwitcher((
('Forwarding', 'panelForwardPort'),
('Redirection', 'panelTransparentProxy'),
('NAT', 'panelNAT'),
('Source NAT', 'panelSNAT')
), id ="firewallNAT"),
tags.div(id="panelForwardPort", _class="tabPane")[
tags.h3["Port Forwarding"],
PageHelpers.dataTable(['Source Zone', 'Source IP', 'Forward To', 'Destination Zone', 'Protocol', 'Port', 'Destination IP', ''], [
r[:-1] + [tags.a(
href="Delete/AIP/%s/"%(r[-1]),
title="Delete this port forwarding rule",
onclick="return confirm('Are you sure you want to delete this entry?');"
)[tags.img(src="/images/ex.png")]]
for i,r in enumerate(rules['FORWARD'])]),
tags.h3["Add Forwarding Rule"],
tags.directive('form forwardPort'),
],
tags.div(id="panelTransparentProxy", _class="tabPane")[
tags.h3["Destination NAT (Transparent Proxy)"],
PageHelpers.dataTable(['Source Zone', 'Source Network', 'Destination Port', 'Source Port', 'Protocol', 'Destination Network', ''], [
r[:-1] + [tags.a(
href="Delete/AIP/%s/"%(r[-1]),
title="Delete this transparent redirection rule",
onclick="return confirm('Are you sure you want to delete this entry?');"
)[tags.img(src="/images/ex.png")]]
for i,r in enumerate(rules['PROXY'])]),
tags.h3["Add DNAT Rule"],
tags.directive('form transProxy'),
],
tags.div(id="panelNAT", _class="tabPane")[
tags.h3["Nework Address Translation (Masquerading)"],
PageHelpers.dataTable(
['Destination Interface', 'Destination Network', 'Source Network', 'Source Interface', 'NAT IP', 'Protocol', 'Port', ''],
natRules
),
tags.h3['Add NAT Rule'],
tags.directive('form addNAT')
],
tags.div(id="panelSNAT", _class="tabPane")[
tags.h3["Source NAT"],
PageHelpers.dataTable(
['Source IP', 'External Interface', 'Internal IP', 'Any Interface', 'Use Internal'],
snatRules
),
tags.h3['Add SNAT Rule'],
tags.directive('form addSNAT')
],
PageHelpers.LoadTabSwitcher(id="firewallNAT")
],
tags.div(id="panelPolicy", _class="tabPane")[
tags.h3["General firewall policy"],
tags.directive('form inetPol')
],
tags.div(id="panelQos", _class="tabPane")[
tags.h3[tags.img(src="/images/compress.png"), "QOS"],
PageHelpers.dataTable(['Port', 'Protocol', 'Type of service', ''], qosRules),
tags.h3["Add Rule"],
tags.directive('form addQos'),
],
tags.div(id="panelRules", _class="tabPane")[
tags.h3["Firewall Rules"],
#PageHelpers.dataTable(
# [
# 'Action', '', 'Protocol',''
# ],
fwtable,
#),
tags.a(name="addRule")[''],
tags.h3["Add rule"],
tags.directive('form allowRange'),
],
tags.div(id="panelZones", _class="tabPane")[
tags.h3["Zones"],
PageHelpers.dataTable(['Zone Name', 'Policy', 'Log target', 'Interfaces', ''],
[
[
zone, zd['policy'], zd['log'], [[i, tags.br] for i in zd['interfaces']],
[
tags.a(
href="Delete/Zone/%s/"%(zone),
title="Delete this firewall zone",
onclick="return confirm('Are you sure you want to delete this zone?');"
)[tags.img(src="/images/ex.png")],
tags.a(href="EditZone/%s/" % zone)[tags.img(src="/images/edit.png")]
]
]
for zone, zd in self.sysconf.Shorewall.get('zones', {}).items()]
),
tags.h3['Add Firewall Zone'],
tags.directive('form addZone')
],
tags.div(id="panelCurrent", _class="tabPane")[
tags.h3["Current Connections"],
tags.invisible(render=tags.directive('connections'))
],
PageHelpers.LoadTabSwitcher(id="firewall")
]
def formatFailure(myFailure):
if not isinstance(myFailure, failure.Failure):
return t.pre[str(myFailure)]
stackTrace = t.div(_class="stackTrace")
failureOverview = t.p(_class="error")[str(myFailure.type), ": ",
str(myFailure.value)]
result = [
t.style(type="text/css")[stylesheet, ],
t.a(href="#tracebackEnd")[failureOverview], stackTrace,
t.a(name="tracebackEnd")[failureOverview]
]
first = 1
for method, filename, lineno, localVars, globalVars in myFailure.frames:
# It's better to have a line number than nothing at all.
#if filename == '<string>':
# continue
if first:
frame = t.div(_class="firstFrame")
first = 0
else:
frame = t.div(_class="frame")
stackTrace[frame]
snippet = t.div(_class="snippet")
frame[t.div(_class="location")[filename, ", line ", lineno, " in ",
t.span(_class="function")[method]],
snippet, ]
textSnippet = ''
for snipLineNo in range(lineno - 2, lineno + 2):
snipLine = linecache.getline(filename, snipLineNo)
textSnippet += snipLine
if snipLineNo == lineno:
snippetClass = "snippetHighlightLine"
else:
snippetClass = "snippetLine"
snippet[t.div(_class=snippetClass)[t.span(
_class="lineno")[snipLineNo],
t.pre(_class="code")[snipLine]]]
# Instance variables
for name, var in localVars:
if name == 'self' and hasattr(var, '__dict__'):
usedVars = [(key, value)
for (key, value) in var.__dict__.items()
if re.search(r'\Wself.%s\W' %
(re.escape(key), ), textSnippet)]
if usedVars:
frame[t.div(_class="variables")[t.strong(
_class="variableClass")["Self"],
varTable(usedVars)]]
break
# Local and global vars
for nm, varList in ('Locals', localVars), ('Globals', globalVars):
usedVars = [
(name, var) for (name, var) in varList
if re.search(r'\W%s\W' % (re.escape(name), ), textSnippet)
]
if usedVars:
frame[t.div(_class="variables")[t.strong(
_class="variableClass")[nm]],
varTable(usedVars)]
return result
def formatFailure(myFailure):
if not isinstance(myFailure, failure.Failure):
return t.pre[ str(myFailure) ]
stackTrace = t.div(_class="stackTrace")
failureOverview = t.p(_class="error")[ str(myFailure.type), ": ", str(myFailure.value) ]
result = [
t.style(type="text/css")[
stylesheet,
],
t.a(href="#tracebackEnd")[ failureOverview ],
stackTrace,
t.a(name="tracebackEnd")[ failureOverview ]
]
first = 1
for method, filename, lineno, localVars, globalVars in myFailure.frames:
# It's better to have a line number than nothing at all.
#if filename == '<string>':
# continue
if first:
frame = t.div(_class="firstFrame")
first = 0
else:
frame = t.div(_class="frame")
stackTrace[ frame ]
snippet = t.div(_class="snippet")
frame[
t.div(_class="location")[
filename, ", line ", lineno, " in ", t.span(_class="function")[ method ]
],
snippet,
]
textSnippet = ''
for snipLineNo in range(lineno-2, lineno+2):
snipLine = linecache.getline(filename, snipLineNo)
textSnippet += snipLine
if snipLineNo == lineno:
snippetClass = "snippetHighlightLine"
else:
snippetClass = "snippetLine"
snippet[
t.div(_class=snippetClass)[
t.span(_class="lineno")[ snipLineNo ],
t.pre(_class="code")[ snipLine ]
]
]
# Instance variables
for name, var in localVars:
if name == 'self' and hasattr(var, '__dict__'):
usedVars = [ (key, value) for (key, value) in var.__dict__.items()
if re.search(r'\Wself.%s\W' % (re.escape(key),), textSnippet) ]
if usedVars:
frame[
t.div(_class="variables")[
t.strong(_class="variableClass")[ "Self" ],
varTable(usedVars)
]
]
break
# Local and global vars
for nm, varList in ('Locals', localVars), ('Globals', globalVars):
usedVars = [ (name, var) for (name, var) in varList
if re.search(r'\W%s\W' % (re.escape(name),), textSnippet) ]
if usedVars:
frame[
t.div(_class="variables")[ t.strong(_class="variableClass")[ nm ] ],
varTable(usedVars)
]
return result
