def check_transport_value(ipaddr, transport):
"""
Check the given transport version against the given IP address.
:param ipaddr: IP address to check.
:param transport: ipt.TRANSPORT_AUTO, ipt.TRANSPORT_IPV4 or ipt.TRANSPORT_IPV6
:return: The correct ipt transport version.
"""
if transport == ipt.TRANSPORT_AUTO:
if is_valid_ipv6_address(ipaddr):
transport = ipt.TRANSPORT_IPV6
elif is_valid_ipv4_address(ipaddr):
transport = ipt.TRANSPORT_IPV4
else:
raise ValueError('Invalid transport version ({0}:{1})'.format(ipaddr, str(transport)))
elif transport == ipt.TRANSPORT_IPV4:
if not is_valid_ipv4_address(ipaddr):
raise ValueError('Invalid transport version ({0}:{1})'.format(ipaddr, str(transport)))
elif transport == ipt.TRANSPORT_IPV6:
if not is_valid_ipv6_address(ipaddr):
raise ValueError('Invalid transport version ({0}:{1})'.format(ipaddr, str(transport)))
else:
raise ValueError('Invalid transport version ({0}:{1})'.format(ipaddr, str(transport)))
return transport
def check_transport_value(ipaddr, transport):
"""
Check the given transport version against the given IP address.
:param ipaddr: IP address to check.
:param transport: ipt.TRANSPORT_AUTO, ipt.TRANSPORT_IPV4 or ipt.TRANSPORT_IPV6
:return: The correct ipt transport version.
"""
if transport == ipt.TRANSPORT_AUTO:
if is_valid_ipv6_address(ipaddr):
transport = ipt.TRANSPORT_IPV6
elif is_valid_ipv4_address(ipaddr):
transport = ipt.TRANSPORT_IPV4
else:
raise ValueError('Invalid transport version ({0})'.format(transport))
elif transport == ipt.TRANSPORT_IPV4:
if not is_valid_ipv4_address(ipaddr):
raise ValueError('Invalid transport version ({0})'.format(transport))
elif transport == ipt.TRANSPORT_IPV6:
if not is_valid_ipv6_address(ipaddr):
raise ValueError('Invalid transport version ({0})'.format(transport))
else:
raise ValueError('Invalid transport version ({0})'.format(transport))
return transport
def validate_config(self, config):
"""
Virtual Override
Validate configuration file arguments and save values to our config object.
:param config: A ConfigParser object.
"""
server = config.get(self._config_section_name, 'server')
# Check for valid IPv4 address
if '.' in server:
if not is_valid_ipv4_address(server):
_logger.error('{0}: Config value for "server" is invalid ip address'.format(self.get_name()))
return False
# Check for valid IPv6 address
if ':' in server:
if not is_valid_ipv6_address(server):
_logger.error('{0}: Config value for "server" is invalid ip address'.format(self.get_name()))
return False
self._server = config.get(self._config_section_name, 'server')
self._port = config.get(self._config_section_name, 'port')
self._no_tls = True if config.get(self._config_section_name, 'use_tls').lower() == 'yes' else False
self._bundle_name = config.get(self._config_section_name, 'bundle')
return True
def validate_config(self, config):
"""
Virtual Override
Validate configuration file arguments and save values to our config object.
:param config: A ConfigParser object.
"""
server = config.get(self._config_section_name, 'server')
# Check for valid IPv4 address
if '.' in server:
if not is_valid_ipv4_address(server):
_logger.error(
'{0}: Config value for "server" is invalid ip address'.
format(self.get_name()))
return False
# Check for valid IPv6 address
if ':' in server:
if not is_valid_ipv6_address(server):
_logger.error(
'{0}: Config value for "server" is invalid ip address'.
format(self.get_name()))
return False
self._server = config.get(self._config_section_name, 'server')
self._port = config.get(self._config_section_name, 'port')
self._no_tls = True if config.get(
self._config_section_name, 'use_tls').lower() == 'yes' else False
self._bundle_name = config.get(self._config_section_name, 'bundle')
return True
def validate_arguments(self, args):
"""
Virtual Override
Validate command line arguments and save values to our configuration object.
:param args: An argparse object.
"""
# Check for conflicting arguments.
if '--server-mod-disable' in sys.argv and (
'--server' in sys.argv or
'--server-bundle' in sys.argv or
'--server-user' in sys.argv or
'--server-password' in sys.argv or
'--server-no-tls' in sys.argv or
'--server-port' in sys.argv):
print('sdc-install: argument --server-mod-disable conficts with other server module arguments.')
return False
if args.server_mod_disable:
self._enabled = False
else:
if not args.server:
print('sdc-install: argument --server is required.')
return False
if not args.server_bundle:
print('sdc-install: argument --server-bundle is required.')
return False
if not args.server_user:
print('sdc-install: argument --server-user is required.')
return False
if not args.server_password:
print('sdc-install: argument --server-password is required.')
return False
# Check for valid IPv4 address
if '.' in args.server:
if not is_valid_ipv4_address(args.server):
print('sdc-install: argument --server is invalid ip address')
return False
# Check for valid IPv6 address
if ':' in args.server:
if not is_valid_ipv6_address(args.server):
print('sdc-install: argument --server is invalid ip address')
return False
self._server = args.server
self._port = args.server_port
self._no_tls = args.server_no_tls
self._bundle_name = args.server_bundle
# User and password are only used during the install process
self._user = args.server_user
self._password = args.server_password
return True
def validate_arguments(self, args):
"""
Virtual Override
Validate command line arguments and save values to our configuration object.
:param args: An argparse object.
"""
# Check for conflicting arguments.
if '--server-mod-disable' in sys.argv and (
'--server' in sys.argv or '--server-bundle' in sys.argv or
'--server-user' in sys.argv or '--server-password' in sys.argv
or '--server-no-tls' in sys.argv
or '--server-port' in sys.argv):
print(
'sdc-install: argument --server-mod-disable conficts with other server module arguments.'
)
return False
if args.server_mod_disable:
self._enabled = False
else:
if not args.server:
print('sdc-install: argument --server is required.')
return False
if not args.server_bundle:
print('sdc-install: argument --server-bundle is required.')
return False
if not args.server_user:
print('sdc-install: argument --server-user is required.')
return False
if not args.server_password:
print('sdc-install: argument --server-password is required.')
return False
# Check for valid IPv4 address
if '.' in args.server:
if not is_valid_ipv4_address(args.server):
print('sdc-install: argument --server is invalid ip address')
return False
# Check for valid IPv6 address
if ':' in args.server:
if not is_valid_ipv6_address(args.server):
print('sdc-install: argument --server is invalid ip address')
return False
self._server = args.server
self._port = args.server_port
self._no_tls = args.server_no_tls
self._bundle_name = args.server_bundle
# User and password are only used during the install process
self._user = args.server_user
self._password = args.server_password
return True
def validate_config(self, config):
"""
Virtual Override
Validate configuration file arguments and save values to our config object.
:param config: A ConfigParser object.
"""
# See if we are enabled or not
try:
self._enabled = True if config.get(
self._config_section_name,
'enabled').lower() == 'yes' else False
except:
_logger.debug(
'{0} configuration section not found in configuration file.'.
format(self._config_section_name))
self._enabled = False
# Only worry about the rest of the configuration items if we are enabled.
if self._enabled:
server = config.get(self._config_section_name, 'server')
# Check for valid IPv4 address
if '.' in server:
if not is_valid_ipv4_address(server):
_logger.error(
'{0}: Config value for "server" is invalid ip address'.
format(self.get_name()))
return False
# Check for valid IPv6 address
if ':' in server:
if not is_valid_ipv6_address(server):
_logger.error(
'{0}: Config value for "server" is invalid ip address'.
format(self.get_name()))
return False
self._server = config.get(self._config_section_name, 'server')
self._no_tls = False if config.get(
self._config_section_name,
'use_tls').lower() == 'yes' else True
# Make sure the port value is an integer and in range
try:
self._port = int(config.get(self._config_section_name, 'port'))
if not (1 < self._port <= 65536):
_logger.error('{0}: port value out of range ({1})'.format(
self.get_name(), self._port))
except ValueError:
self._port = 80 if self._no_tls else 443
self._bundle_name = config.get(self._config_section_name, 'bundle')
return True
def validate_arguments(self, args):
"""
Virtual Override
Validate command line arguments and save values to our configuration object.
:param args: An argparse object.
"""
# See if we have been enabled or not
if '--server-mod-enable' not in sys.argv:
return True
if args.server_mod_enable:
self._enabled = True
if not args.server:
print('sdc-install: argument --server is required.')
return False
if not args.server_bundle:
print('sdc-install: argument --server-bundle is required.')
return False
if not args.server_user:
print('sdc-install: argument --server-user is required.')
return False
if not args.server_password:
print('sdc-install: argument --server-password is required.')
return False
# Check for valid IPv4 address
if '.' in args.server:
if not is_valid_ipv4_address(args.server):
print('sdc-install: argument --server is invalid ip address')
return False
# Check for valid IPv6 address
if ':' in args.server:
if not is_valid_ipv6_address(args.server):
print('sdc-install: argument --server is invalid ip address')
return False
self._server = args.server
self._port = args.server_port
self._no_tls = args.server_no_tls
self._bundle_name = args.server_bundle
# User and password are only used during the install process
self._user = args.server_user
self._password = args.server_password
return True
def validate_arguments(self, args):
"""
Virtual Override
Validate command line arguments and save values to our configuration object.
:param args: An argparse object.
"""
# See if we have been enabled or not
if '--server-mod-enable' not in sys.argv:
return True
if args.server_mod_enable:
self._enabled = True
if not args.server:
print('sdc-install: argument --server is required.')
return False
if not args.server_bundle:
print('sdc-install: argument --server-bundle is required.')
return False
if not args.server_user:
print('sdc-install: argument --server-user is required.')
return False
if not args.server_password:
print('sdc-install: argument --server-password is required.')
return False
# Check for valid IPv4 address
if '.' in args.server:
if not is_valid_ipv4_address(args.server):
print('sdc-install: argument --server is invalid ip address')
return False
# Check for valid IPv6 address
if ':' in args.server:
if not is_valid_ipv6_address(args.server):
print('sdc-install: argument --server is invalid ip address')
return False
self._server = args.server
self._port = args.server_port
self._no_tls = args.server_no_tls
self._bundle_name = args.server_bundle
# User and password are only used during the install process
self._user = args.server_user
self._password = args.server_password
return True
def validate_config(self, config):
"""
Virtual Override
Validate configuration file arguments and save values to our config object.
:param config: A ConfigParser object.
"""
# See if we are enabled or not
try:
self._enabled = True if config.get(self._config_section_name, 'enabled').lower() == 'yes' else False
except:
_logger.debug('{0} configuration section not found in configuration file.'.format(
self._config_section_name))
self._enabled = False
# Only worry about the rest of the configuration items if we are enabled.
if self._enabled:
server = config.get(self._config_section_name, 'server')
# Check for valid IPv4 address
if '.' in server:
if not is_valid_ipv4_address(server):
_logger.error('{0}: Config value for "server" is invalid ip address'.format(self.get_name()))
return False
# Check for valid IPv6 address
if ':' in server:
if not is_valid_ipv6_address(server):
_logger.error('{0}: Config value for "server" is invalid ip address'.format(self.get_name()))
return False
self._server = config.get(self._config_section_name, 'server')
self._no_tls = False if config.get(self._config_section_name, 'use_tls').lower() == 'yes' else True
# Make sure the port value is an integer and in range
try:
self._port = int(config.get(self._config_section_name, 'port'))
if not (1 < self._port <= 65536):
_logger.error('{0}: port value out of range ({1})'.format(self.get_name(), self._port))
except ValueError:
self._port = 80 if self._no_tls else 443
self._bundle_name = config.get(self._config_section_name, 'bundle')
return True
def create_tcp_server_conn_rule(addr, port, transport=ipt.TRANSPORT_AUTO, slot=120, desc=''):
"""
Create a rule that allows access to the given addr and port.
:param addr: IP address, not host name.
:param port:
:return:
"""
# Example: a = ipt.get_match(name='state', options=[ipt.get_match_option('--state', 'ESTABLISHED')])
if transport == ipt.TRANSPORT_AUTO:
if is_valid_ipv6_address(addr):
transport = ipt.TRANSPORT_IPV6
elif is_valid_ipv4_address(addr):
transport = ipt.TRANSPORT_IPV4
else:
raise ValueError
elif transport == ipt.TRANSPORT_IPV4:
if not is_valid_ipv4_address(addr):
raise ValueError
elif transport == ipt.TRANSPORT_IPV6:
if not is_valid_ipv6_address(addr):
raise ValueError
else:
raise ValueError
return ipt.get_machine_subset(
desc,
slot,
[
ipt.get_chain(
'filter',
[
ipt.get_ring(
'input',
transport,
[
ipt.get_rule(
ip_protocol_name='tcp', source_address=addr, matches=[
ipt.get_match('state', [ipt.get_jump_option('--state', 'ESTABLISHED'), ], ),
ipt.get_match('tcp', [ipt.get_match_option('--sport', port), ], ),
],
jump=ipt.get_jump(target='ACCEPT')
)]),
ipt.get_ring(
'output',
transport,
[
ipt.get_rule(
ip_protocol_name='tcp', dest_address=addr, matches=[
ipt.get_match('state',
[ipt.get_jump_option('--state', 'NEW,ESTABLISHED'), ], ),
ipt.get_match('tcp', [ipt.get_match_option('--dport', port), ], ),
],
jump=ipt.get_jump(target='ACCEPT')
)
]
),
]
)
]
)
