def fixup_permission(filename, permission=S_IRUSR):
    """
    Check if the given file exists and change ownershit to root/vyattacfg
    and appripriate file access permissions - default is user and group readable
    """
    if os.path.isfile(filename):
        os.chmod(filename, permission)
        chown(filename, 'root', 'vyattacfg')
def openvpn_mkdir(directory):
    # create directory on demand
    if not os.path.exists(directory):
        os.mkdir(directory)

    # fix permissions - corresponds to mode 755
    chmod_x(directory)
    chown(directory, user, group)
Example #3
0
def _migrate_default_keys():
    if os.path.exists(f'{kdir}/private.key') and not os.path.exists(f'{kdir}/default/private.key'):
        location = f'{kdir}/default'
        if not os.path.exists(location):
            os.makedirs(location)

        chown(location, 'root', 'vyattacfg')
        chmod_750(location)
        os.rename(f'{kdir}/private.key', f'{location}/private.key')
        os.rename(f'{kdir}/public.key', f'{location}/public.key')
def get_wpa_suppl_config_name(intf):
    cfg_dir = '/var/run/wpa_supplicant'

    # create directory on demand
    if not os.path.exists(cfg_dir):
        os.mkdir(cfg_dir)
        chmod_x(cfg_dir)
        chown(cfg_dir, user, group)

    cfg_file = cfg_dir + r'/{}.cfg'.format(intf)
    return cfg_file
def get_pid(conf_type, intf):
    cfg_dir = '/var/run/' + conf_type

    # create directory on demand
    if not os.path.exists(cfg_dir):
        os.mkdir(cfg_dir)
        chmod_x(cfg_dir)
        chown(cfg_dir, user, group)

    cfg_file = cfg_dir + r'/{}.pid'.format(intf)
    return cfg_file
def apply(pppoe):
    if pppoe['deleted']:
        # bail out early
        return None

    if not pppoe['disable']:
        # "dial" PPPoE connection
        intf = pppoe['intf']
        cmd(f'systemctl start ppp@{intf}.service')

        # make logfile owned by root / vyattacfg
        chown(pppoe['logfile'], 'root', 'vyattacfg')

    return None
Example #7
0
def render(destination,
           template,
           content,
           trim_blocks=False,
           formater=None,
           permission=None,
           user=None,
           group=None):
    """
    render a template from the template directory, it will raise on any errors
    destination: the file where the rendered template must be saved
    template: the path to the template relative to the template folder
    content: the dictionary to use to render the template

    This classes cache the renderer, so rendering the same file multiple time
    does not cause as too much overhead. If use everywhere, it could be changed
    and load the template from python environement variables from an import 
    python module generated when the debian package is build 
    (recovering the load time and overhead caused by having the file out of the code)
    """

    # Create the directory if it does not exists
    folder = os.path.dirname(destination)
    makedir(folder, user, group)

    # Setup a renderer for the given template
    # This is cached and re-used for performance
    if template not in _templates_mem[trim_blocks]:
        _templates_mem[trim_blocks][template] = _templates_env[
            trim_blocks].get_template(template)
    template = _templates_mem[trim_blocks][template]

    # As we are opening the file with 'w', we are performing the rendering
    # before calling open() to not accidentally erase the file if the
    # templating fails
    content = template.render(content)

    if formater:
        content = formater(content)

    # Write client config file
    with open(destination, 'w') as f:
        f.write(content)

    chmod(destination, permission)
    chown(destination, user, group)
Example #8
0
def generate(salt):
    if not salt:
        return None

    render(config_file, 'salt-minion/minion.tmpl', salt,
           user=salt['user'], group=salt['group'])

    if not os.path.exists(master_keyfile):
        if salt['master_key']:
            req = PoolManager().request('GET', salt['master_key'], preload_content=False)

            with open(master_keyfile, 'wb') as f:
                while True:
                    data = req.read(1024)
                    if not data:
                        break
                    f.write(data)

            req.release_conn()
            chown(master_keyfile, salt['user'], salt['group'])

    return None
Example #9
0
def generate(openvpn):
    interface = openvpn['intf']
    directory = os.path.dirname(get_config_name(interface))

    # we can't know in advance which clients have been removed,
    # thus all client configs will be removed and re-added on demand
    ccd_dir = os.path.join(directory, 'ccd', interface)
    if os.path.isdir(ccd_dir):
        rmtree(ccd_dir, ignore_errors=True)

    if openvpn['deleted'] or openvpn['disable']:
        return None

    # create config directory on demand
    directories = []
    directories.append(f'{directory}/status')
    directories.append(f'{directory}/ccd/{interface}')
    for onedir in directories:
        if not os.path.exists(onedir):
            os.makedirs(onedir, 0o755)
        chown(onedir, user, group)

    # Fix file permissons for keys
    fix_permissions = []
    fix_permissions.append(openvpn['shared_secret_file'])
    fix_permissions.append(openvpn['tls_key'])

    # Generate User/Password authentication file
    if openvpn['auth']:
        with open(openvpn['auth_user_pass_file'], 'w') as f:
            f.write('{}\n{}'.format(openvpn['auth_user'],
                                    openvpn['auth_pass']))
        # also change permission on auth file
        fix_permissions.append(openvpn['auth_user_pass_file'])

    else:
        # delete old auth file if present
        if os.path.isfile(openvpn['auth_user_pass_file']):
            os.remove(openvpn['auth_user_pass_file'])

    # Generate client specific configuration
    for client in openvpn['client']:
        client_file = os.path.join(ccd_dir, client['name'])
        render(client_file, 'openvpn/client.conf.tmpl', client)
        chown(client_file, user, group)

    # we need to support quoting of raw parameters from OpenVPN CLI
    # see https://phabricator.vyos.net/T1632
    render(get_config_name(interface),
           'openvpn/server.conf.tmpl',
           openvpn,
           formater=lambda _: _.replace(""", '"'))
    chown(get_config_name(interface), user, group)

    # Fixup file permissions
    for file in fix_permissions:
        chmod_600(file)

    return None
def generate(openvpn):
    if openvpn['deleted'] or openvpn['disable']:
        return None

    # Prepare Jinja2 template loader from files
    tmpl_path = os.path.join(vyos_data_dir['data'], 'templates', 'openvpn')
    fs_loader = FileSystemLoader(tmpl_path)
    env = Environment(loader=fs_loader)

    interface = openvpn['intf']
    directory = os.path.dirname(get_config_name(interface))

    # we can't know which clients were deleted, remove all client configs
    if os.path.isdir(os.path.join(directory, 'ccd', interface)):
        rmtree(os.path.join(directory, 'ccd', interface), ignore_errors=True)

    # create config directory on demand
    openvpn_mkdir(directory)
    # create status directory on demand
    openvpn_mkdir(directory + '/status')
    # create client config dir on demand
    openvpn_mkdir(directory + '/ccd')
    # crete client config dir per interface on demand
    openvpn_mkdir(directory + '/ccd/' + interface)

    # Fix file permissons for keys
    fixup_permission(openvpn['shared_secret_file'])
    fixup_permission(openvpn['tls_key'])

    # Generate User/Password authentication file
    if openvpn['auth']:
        auth_file = '/tmp/openvpn-{}-pw'.format(interface)
        with open(auth_file, 'w') as f:
            f.write('{}\n{}'.format(openvpn['auth_user'],
                                    openvpn['auth_pass']))

        fixup_permission(auth_file)

    else:
        # delete old auth file if present
        if os.path.isfile('/tmp/openvpn-{}-pw'.format(interface)):
            os.remove('/tmp/openvpn-{}-pw'.format(interface))

    # Generate client specific configuration
    for client in openvpn['client']:
        client_file = directory + '/ccd/' + interface + '/' + client['name']
        tmpl = env.get_template('client.conf.tmpl')
        client_text = tmpl.render(client)
        with open(client_file, 'w') as f:
            f.write(client_text)
        chown(client_file, user, group)

    tmpl = env.get_template('server.conf.tmpl')
    config_text = tmpl.render(openvpn)
    # we need to support quoting of raw parameters from OpenVPN CLI
    # see https://phabricator.vyos.net/T1632
    config_text = config_text.replace(""", '"')
    with open(get_config_name(interface), 'w') as f:
        f.write(config_text)
    chown(get_config_name(interface), user, group)

    return None