Example #1
0
def _ensureIfDown(ifname, ifconfig_output, logger):
    """
    Check if an interface is down (useful before ifup...)
    If it is not down, perform an ifdown on it
    """

    if "%s " % ifname not in ifconfig_output:
        logger.debug("Ok, %s is down as expected" % ifname)
        return

    logger.debug(
        "Found interface %s to be up. "
        "Setting it down prior to ifup it by safety" % ifname
        )
    command = '/sbin/ifdown %s' % ifname
    process = createProcess(logger,
            command.split(),
            stdout=subprocess.PIPE,
            stderr=subprocess.STDOUT,
            env={})
    return_code, stdout, stderr = communicateProcess(logger, process, TIMEOUT)

    if return_code != 0:
        logger.error("Error while running '%s'.\n%s" % (command, '\n'.join(stdout)))
    else:
        logger.debug("...ok")
Example #2
0
def restart_rsyslog(logger):
    process = createProcess(logger, ["/etc/init.d/rsyslog", "restart"],
                            locale=False)
    exit_code = process.wait()
    if exit_code != 0:
        return False  # Failure.
    return True
Example #3
0
def dig(logger, defaultserver=None, server=None, query=None):

    if server in (None, u''):
        assert defaultserver is not None
        server = defaultserver

    if query in (None, u''):
        cmd = ('/usr/bin/dig', '@' + server)
    else:
        cmd = ('/usr/bin/dig', query, '@' + server)

    #except ProcessError
    process = createProcess(logger, cmd, stdout=PIPE, stderr=PIPE, env={})
    return_code = process.wait()

    if return_code != 0:

        if return_code == 9:
            raise ResolvError("Unreachable server")

        stderr = readProcessOutput(process.stderr, 10)
        errmsg = '\n'.join(stderr)
        raise ResolvError(errmsg)

    stdout = readProcessOutput(process.stdout, 500)
    return stdout
Example #4
0
    def createRepository(self, repository_directory, checkout_directory):
        process = createProcess(self, ["svnadmin", "create", repository_directory])
        result = waitProcess(self, process, 20)
        if result != 0:
            raise VersionningError("error creating repository %s" % repository_directory)

        self.client.checkout("file://%s" % repository_directory, checkout_directory)
Example #5
0
def check_and_correct_lo(logger):
    """
    @type logger: logging.Logger
    @return: bool
    """
    try:
        ok, msg = check_if_up('lo')
    except IOError:
        return False

    if ok:
        return True
    logger.critical("%s - Bringing lo up..." % msg)
    process = createProcess(
        logger,
        '/sbin/ip l set lo up'.split(),
        stdout=subprocess.PIPE,
        stderr=subprocess.STDOUT,
        env={}
        )
    retcode = waitProcess(logger, process, 120)

    try:
        re_ok, re_msg = check_if_up('lo')
    except IOError:
        #FIXME: if we go here, what happened ? Shouldn't we have the problem at the beginning of the function
        return False
    if re_ok:
        logger.info("Could bring lo up!")
        return True

    logger.critical("Could NOT bring lo up!")
    return False
Example #6
0
    def service_vpnstates(self, context):
        """
        return a dict where keys are identifier and values are state
        possible values for state: DISCONNECTED, PHASE1_OK, CONNECTED
        """
        in_error = not exists("/var/run/pluto/pluto.ctl")

        if not in_error:
            command =  "ipsec whack --status".split()
            proc = createProcess(self, command, stdout=PIPE, stderr=PIPE, locale=False)
            stdout, stderr = proc.communicate()
            retcode = proc.wait()
            in_error = retcode != 0
            if in_error:
                self.error("'%s' - return code: '%s'\nstderr:\n%s\n\nstdout:\n%s" % (
                    unicode(command), retcode, stderr, stdout)
                    )

        result = {}
        if self.cfg.vpns is not None:
            for vpn in self.cfg.vpns:
                if in_error:
                    result[vpn.identifier] = DISCONNECTED
                else:
                    result[vpn.identifier] = self.vpnState(stdout, vpn.identifier)

        return result
Example #7
0
 def _setethernetspeed(self, ethernet):
     if ethernet.eth_auto:
         cmd = "/usr/sbin/ethtool -s %s autoneg on" % ethernet.system_name
         self.responsible.feedback(
             tr("Setting up speed for interface %(DESCRIPTION)s: auto"),
             DESCRIPTION=ethernet.fullName()
             )
     else:
         args = {
         'name': ethernet.system_name,
         'duplex': "full" if ethernet.eth_duplex == Ethernet.FULL else "half",
         'speed': ethernet.eth_speed
         }
         cmd = "/usr/sbin/ethtool -s %(name)s autoneg off speed "\
             "%(speed)s duplex %(duplex)s" % args
         self.responsible.feedback(
             tr(
                 "Setting up speed for interface %(DESCRIPTION)s: "
                 "speed: %(SPEED)s, duplex: %(DUPLEX)s."),
             DESCRIPTION=ethernet.fullName(),
             SPEED=args['speed'],
             DUPLEX=args['duplex']
             )
     process = createProcess(self, cmd.split(),
         stdout=subprocess.PIPE,
         stderr=subprocess.STDOUT,
         env={})
     retcode, stdout, stderr = communicateProcess(self, process, 30)
     if retcode == 0:
         return
     else:
         self.responsible.feedback("Could not set speed.")
         #Explicitely catched
         raise EthernetSpeedError("Error while running [%s]." % cmd)
Example #8
0
def saveLocalSid(component):
    """save local sid (default in /var/lib/ufwi_rpcd/ufwi_conf/nuauth_localsid)"""
    proc = createProcess(component, _NET_GETLOCALSID.split(), stdout=PIPE, locale=False)
    outputs = proc.communicate()
    stdout = outputs[0]
    retcode = proc.wait()
    if retcode != 0 or not stdout:
        component.critical("Can not fetch 'localsid'."
            " 'localsid' will not be exported. SSO with high availability will fail")
        # TODO raise an error which will be non blocking if we are not in HA ?
        return

    vardir = component.core.config.get('CORE', 'vardir')
    output_path = getLocalSidPath(vardir)

    # output sample of net getlocalsid:
    # SID for domain EW4-TEST1 is: S-1-5-21-4286993159-1593211551-402818373
    line = stdout.splitlines()[0]
    sid = line.split()[-1] # last element
    with open(output_path, 'w') as output_file:
        output_file.flush()
        fsync(output_file.fileno())
        output_file.write(sid)

    msg = "netlocalsid is '%s' and was saved in '%s'"
    component.info(msg % (sid, output_path))
Example #9
0
 def apply(self):
     process = createProcess(self, self.arguments, stdout=PIPE, stderr=STDOUT)
     exitcode = waitProcess(self, process, TIMEOUT)
     if exitcode:
         lines = readProcessOutput(process.stdout, 100)
         lines = u'\n\n' + u'\n'.join(lines)
         raise RulesetError(tr("Ruleset script error (exitcode %s):%s"),
             exitcode, lines)
Example #10
0
def vpn_support_last(logger):
    command = ["/bin/grep", "(sshd:session): session", "/var/log/auth.log"]
    process = createProcess(logger, command, stdout=subprocess.PIPE)
    return_code = process.wait()
    if return_code == 0:
        return readProcessOutput(process.stdout, 100)
    else:
        return []
Example #11
0
def runCommand(logger, command, timeout=DEFAULT_TIMEOUT, **popen_args):
    """
    use only if stdin/stdout/stderr are NOT pipes (instead use createProcess
    and communicateProcess)
    """
    process = createProcess(logger, command, **popen_args)
    status = waitProcess(logger, process, timeout)
    return (process, status)
Example #12
0
def startEAS(logger, args = []):
    if platform.system() == 'Windows':
        import _winreg
        regkey = 'SOFTWARE\\Edenwall Technologies\\EAS\\'
        keyname = 'BinPath'
        key = _winreg.OpenKey(_winreg.HKEY_LOCAL_MACHINE, regkey)
        eas_bin = _winreg.QueryValueEx(key, keyname)[0]
    else:
        eas_bin = abspath(argv[0])

    try:
        # Append arguments
        eas_cmd = [eas_bin] + args
        createProcess(logger, eas_cmd)
    except ProcessError:
        QMessageBox.critical(None,
            tr("Edenwall Administration Suite"),
            tr("Please install Edenwall Administration Suite before performing this operation"))
Example #13
0
 def killdhclients(self):
     for name in ('dhclient', 'dhclient3'):
         command = 'killall %s' % name
         process = createProcess(self,
             command.split(),
             stdout=subprocess.PIPE,
             stderr=subprocess.STDOUT,
             env={})
         return_code, stdout, stderr = communicateProcess(self, process, 20)
         if stdout:
             self.debug("stdout: %s" % '\n'.join(stdout))
Example #14
0
def total_space_partition(logger, partition):
    process = createProcess(logger, ["df", "-P", partition],
                            stdout=subprocess.PIPE, locale=False)
    exit_code = process.wait()
    if exit_code != 0:
        return False  # Failure.
    value = readProcessOutput(process.stdout, 2)
    if len(value) < 2:
        return False  # Failure.
    try:
        return int(value[1].split()[1]) * 1024
    except Exception:
        return False  # Failure.
Example #15
0
def readKeytab(logger, keytab_filename):
    #check the file syntaxically:
    cmd = ('/usr/sbin/ktutil', '-k', keytab_filename, 'list')

    #except ProcessError
    process = createProcess(logger, cmd, stdout=PIPE, stderr=PIPE, env={})
    return_code = process.wait()

    if return_code != 0:
        stderr = readProcessOutput(process.stderr, -1)
        raise NuauthException(INVALID_KEYTAB, "This keytab is unparseable:%s" % stderr)

    stdout = readProcessOutput(process.stdout, -1)
    return stdout
Example #16
0
 def _start_or_stopNetworkDefer(self, log_prefix, command):
     process = createProcess(self, command,
         stdout=subprocess.PIPE,
         stderr=subprocess.STDOUT,
         env={})
     retcode, stdout, stderr = communicateProcess(self, process, TIMEOUT)
     if not check_and_correct_lo(self):
         self.critical("Networking configuration problem. :-(")
     if retcode == 0:
         return
     for line in stdout:
         self.info("%s: %s" % (log_prefix, line))
         line_lower = line.lower()
         if (u'failed' in line_lower) or (u'error' in line_lower):
             raise ConfigError(line)
Example #17
0
def refresh_var_log(system_data, logger):
    # "df -P /var/log | sed -n '2s/.*\s\([0-9]\+\)%.*/\1/p'"
    process = createProcess(logger, ["df", "-P", "/var/log"],
                            stdout=subprocess.PIPE, locale=False)
    exit_code = process.wait()
    if exit_code != 0:
        return False  # Failure.
    value = readProcessOutput(process.stdout, 2)
    if len(value) < 2:
        return False  # Failure.
    m = var_log_re.search(value[1])
    if not m:
        return False  # Failure.
    system_data["var_log"] = int(m.group(1))
    return True  # Success.
Example #18
0
    def buildConfig(self):
        try:
            file(self.DH1024_FILE)
        except IOError:
            with open(os.path.devnull, 'wb') as devnull:
                self.info('Generating a new DH Parameter key.')
                process = createProcess(self, ['/usr/bin/openssl', 'dhparam',
                                               '-out', self.DH1024_FILE,
                                               '1024'],
                                              stdout=devnull,
                                              stderr=devnull)
                if waitProcess(self, process, 60.0 * 10) != 0:
                    raise OpenVPNError('Unable to generate a DH Parameter key.')

        return """daemon
Example #19
0
def runCommandAndCheck(logger, command, timeout=DEFAULT_TIMEOUT, **popen_args):
    # Return (process, stdout) where stdout is a list of unicode strings
    popen_args.update({'stdout': PIPE, 'stderr': STDOUT})
    cmdstr = formatCommand(command)

    process = createProcess(logger, command, **popen_args)
    status, stdout, stderr = communicateProcess(logger, process, timeout)

    if status:
        output = u'\n'.join(stdout)
        raise RunCommandError(cmdstr, unicode(status), output)
    else:
        command_str = popen_args.get('cmdstr', command)
        logger.debug("Success : '%s'" % unicode(command_str))

    return process, stdout
Example #20
0
def _ensureIfsDown(interfaces_list, logger):
    command = "/sbin/ifconfig"
    process = createProcess(logger,
            command.split(),
            stdout=subprocess.PIPE,
            stderr=subprocess.STDOUT,
            env={})
    return_code, stdout, stderr = communicateProcess(logger, process, TIMEOUT)
    stdout, stderr = __stdoutAndStderr(process)
    if return_code != 0:
        output = '\n'.join(stdout)
        logger.critical("Error while running '%s'.\n%s" % (command, output))
        raise NetCfgError("Could not run ifconfig properly ?!\n%s" % output)
    ifconfig_output = stdout
    for ifname in interfaces_list.split():
        _ensureIfDown(ifname, ifconfig_output, logger)
Example #21
0
 def _parseGetent(self):
     groups = set()
     process = createProcess(self,
         ['/usr/bin/getent', 'group'],
         stdout=subprocess.PIPE,
         stderr=subprocess.PIPE)
     # read output with a timeout of 5 minutes
     status, stdout, stderr = communicateProcess(self, process, 60.0*5)
     if status:
         logs = stdout[20:] + stderr[20:]
         raise ComponentError(tr("getent command failed:\n%s"), logs)
     for line in stdout:
         parts = line.split(u':')
         name = parts[0]
         gid = int(parts[2])
         groups.add((name, gid))
     return groups
Example #22
0
    def getFingerprint(self):
        command =  "ipsec showhostkey --left".split()
        proc = createProcess(self, command, stdout=PIPE, stderr=STDOUT, locale=False)
        # FIXME: use communicateProcess() with a timeout
        outputs = proc.communicate() # stdout, stderr
        stdout = outputs[0]
        retcode = proc.wait()
        if retcode:
            raise RunCommandError(unicode(command), retcode, unicode(stdout))
        else:
            self.debug("Success : '%s'" % unicode(command))
            for line in stdout.split('\n'):
                if "leftrsa" not in line:
                    continue
                else:
                    return line.split('=')[1]

            raise FingerprintNotFound("Could not find fingerprint")
Example #23
0
        def service_getDiagnosticFile(self, context):
            """
            Return a diagnostic file, containing the result of various command
            """
            process = createProcess(self,
                '/usr/share/ufwi_rpcd/scripts/diagnostic',
                stdout=subprocess.PIPE, stderr=subprocess.PIPE, locale=False)

            return_code, out, err = communicateProcess(self, process, DEFAULT_TIMEOUT)
            if return_code != 0:
                raise CreateDiagFailed(err)

            tmp_dir = out[0].strip()
            with open(tmp_dir + "/diagnostic.tar.gz") as fd:
                result = encodeFileContent(fd.read())
            try:
                rmtree(tmp_dir)
            except Exception, err:
                self.error(
                    'Could not delete temporary diagnostic directory (%s).',
                    err)
Example #24
0
def joinAd(logger, user, realm, password, block_tcp_53):
    if user is None:
        user = ''
    if realm is None:
        realm = ''
    if password is None:
        password = ''
    if not isinstance(block_tcp_53, basestring):
        raise ValueError("block_tcp_53 must be a string: 'no' or anything")

    #./script admin password DOMAIN_FQDN block_tcp_53(no/other)
    cmd = (_NET_JOIN_SCRIPT, user, password, realm, block_tcp_53)
    cmdstr = formatCommand((_NET_JOIN_SCRIPT, user, '***', realm, block_tcp_53))
    process = createProcess(logger, cmd, stdout=PIPE, stderr=STDOUT, env={}, cmdstr=cmdstr)
    # FIXME: use communicateProcess() with a timeout
    stdout, stderr = process.communicate()
    return_code = process.wait()
    if return_code == 0:
        logger.critical("Join successful to domain %s" % realm)
        return

    stdout = stdout.strip()
    stdout = '\n'.join(stdout.splitlines()[:50])

    if return_code == 1:
        format = tr("Unable to create temp file:\n%s")
    elif return_code == 2:
        format = tr("There was an error while getting a ticket granting ticket:\n%s")
        #Not always critical. continue ? For instance: unreachable server
        raise NuauthException(MAYBE_TEMPORARY_ERROR, format, stdout)
    elif return_code == 4:
        format = tr("There was en error while trying to join the domain:\n%s")
    elif return_code == 10:
        format = tr("Abnormal program termination:\n%s")
    else:
        format = tr("Exit code %s:") % return_code + "\n%s"

    raise NuauthException(NUAUTH_INVALID_CONF, format, stdout)
Example #25
0
def configureLocalSid(component):
    var_dir = component.core.config.get('CORE', 'vardir')
    sid_path = getLocalSidPath(var_dir)
    with open(sid_path) as sid_file:
        content = sid_file.readlines()
    if content:
        sid = content[0]
    else:
        return False

    cmd = _NET_SETLOCALSID % sid
    cmd = cmd.split()
    proc = createProcess(component, cmd, stdout=PIPE, stderr=STDOUT, locale=False)
    outputs = proc.communicate() # stdout, stderr
    retcode = proc.wait()
    if retcode != 0:
        stdout = outputs[0]
        msg = "can not save local SID '%s', error: '%s'"
        component.critical(msg % (sid, stdout))
        return False
    else:
        component.info("successfully set local SID '%s'" % sid)

    return True
Example #26
0
    def service_getSelectedRulesCounts(self, context, thresholds=None):
        """Return 3 counts: selected rules for alert and drop, and available
        rules.

        If thresholds is None, then this method reads the actual rules file;
        if thresholds is a list of two floats, then this method uses these
        values to compute the count of rules, not touching or reading the
        actual file."""
        results = []
        if thresholds is None:
            file_to_read = RULES_DEST
            try:
                command = [FPSTAT, '-a', '%f' % thresholds[0]]
                if self.ids_ips_cfg.block:
                    command.append('-d %f' % thresholds[1])
                command.append('%s/*.rules' % RULES_SOURCE)
                file_to_read = '/dev/shm/selected_rules'
                with open(file_to_read, "w") as stdout:
                    process, retcode = runCommand(self, command, stdout=stdout)
            except TypeError:
                raise IdsIpsError(IDS_IPS_SELECTED_RULES_COUNTS_ERROR,
                    tr('Could not count the selected rules (type error).'))
            except IndexError:
                raise IdsIpsError(IDS_IPS_SELECTED_RULES_COUNTS_ERROR,
                    tr('Could not count the selected rules (index error).'))
            if retcode != 0:
                raise IdsIpsError(IDS_IPS_SELECTED_RULES_COUNTS_ERROR,
                    tr('Error while selecting rules for counting.'))
            # FIXME: use "grep -c" or just use Python code
            commands = ("grep '^alert ' %s |wc -l" % file_to_read,
                        "grep '^drop ' %s |wc -l" % file_to_read)
            for command in commands:
                # FIXME: don't use shell=True
                p = createProcess(self, command, shell=True, stdout=PIPE)
                stdout, stderr = p.communicate()
                retcode = p.wait()
                if retcode != 0:
                    raise IdsIpsError(
                        IDS_IPS_SELECTED_RULES_COUNTS_ERROR,
                        tr('Could not count the selected rules.'))

                first_line = stdout.splitlines()[0]
                results.append(int(first_line))
        else:
            alert_count = None
            drop_count = None
            try:
                with open(RULES_COUNTS) as fd:
                    # First threshold (alert):
                    for line in fd:
                        cols = line.split()
                        if float(cols[0]) >= thresholds[0]:
                            alert_count = int(cols[1])
                            if float(cols[0]) >= thresholds[1]:
                                drop_count = int(cols[2])
                            break
                    # Second threshold (drop):
                    if drop_count is None:
                        for line in fd:
                            cols = line.split()
                            if float(cols[0]) >= thresholds[1]:
                                drop_count = int(cols[2])
                                break
            except:
                pass  # We will test the counts anyway.
            if alert_count is None or drop_count is None:
                raise IdsIpsError(IDS_IPS_SELECTED_RULES_COUNTS_ERROR,
                                  tr('Could not count the selected rules.'))
            results.extend([alert_count, drop_count])
        results.append(self._total_rules_count())
        return results
Example #27
0
def getVpnSupportStatusAndIP(logger):
    process = createProcess(logger, "/usr/share/ufwi_rpcd/scripts/vpn_support_status_and_ip", stdout=subprocess.PIPE)
    # FIXME: use communicateProcess() with a timeout
    return_code = process.wait()
    if return_code == 0:
        return [line.strip() for line in readProcessOutput(process.stdout, 2)]