def ldapRules(context, component, ruleset, rule_type, identifiers):
logger = ContextLoggerChild(context, component)
result = ApplyRulesResult(logger)
if rule_type == 'acls-ipv6':
rules = ruleset.acls_ipv6
elif rule_type == 'acls-ipv4':
rules = ruleset.acls_ipv4
else:
# NuFW (LDAP) doesn't authenticate NAT rules
raise RulesetError(tr("LDAP doesn't support rule type: %s"), repr(rule_type))
if identifiers:
rules = [ rules[id] for id in identifiers ]
else:
rules = rules
ldap = WriteLdapRules(logger, component.config['ldap'])
with TemplateInstanciation(ruleset):
rules = filterRules(result, rules)
lines = []
for dn, attr in ldap.createRules(rules):
lines.append(unicode(dn))
attrs = attr.items()
attrs.sort(key=lambda item: item[0])
for key, value in attrs:
lines.append(u" %s=%r" % (key, value))
lines.append(u"")
xmlrpc = result.exportXMLRPC()
xmlrpc['ldap'] = lines
return xmlrpc
def applyRules(self):
if not self.only_consistency:
self.lock_manager.acquire(self.context, "ufwi_ruleset_applyRules")
try:
if self.ruleset:
with TemplateInstanciation(self.ruleset):
self.acls_ipv4 = filterRules(self.result, self.acls_ipv4)
self.acls_ipv6 = filterRules(self.result, self.acls_ipv6)
self.nats = filterRules(self.result, self.nats)
self.checkUserGroups()
if self.result.errors:
return self.result.exportXMLRPC()
return self._applyRulesThread()
else:
return self._applyRulesThread()
finally:
if not self.only_consistency:
self.lock_manager.release(self.context, "ufwi_ruleset_applyRules")
def iptablesRules(context, component, ruleset, rule_type, identifiers, use_nufw):
logger = ContextLoggerChild(context, component)
result = ApplyRulesResult(logger)
# Not NAT rules in IPv6!
if rule_type == 'nats':
rules = ruleset.nats
use_ipv6 = False
default_decisions = None
elif rule_type == 'acls-ipv6':
rules = ruleset.acls_ipv6
use_ipv6 = True
default_decisions = rules.default_decisions
else:
rules = ruleset.acls_ipv4
use_ipv6 = False
default_decisions = rules.default_decisions
if identifiers:
rules = [ rules[id] for id in identifiers ]
else:
rules = rules
options = IptablesOptions()
options.format = "iptables"
options.ipv6 = use_ipv6
options.nufw = use_nufw
with TemplateInstanciation(ruleset):
rules = filterRules(result, rules)
# Create iptables rules
iptables = IptablesGenerator(logger, default_decisions, options, component.config, result)
if rule_type != 'nats':
lines = aclsRules(iptables, rules)
else:
lines = natsRules(iptables, rules, result)
xmlrpc = result.exportXMLRPC()
xmlrpc['iptables'] = [unicode(line) for line in lines]
return xmlrpc
