def save_client_connection_data(self, ctx, form, data):
        cc_fda = formalutils.FormDataAccessor(form, ['client_connection'], ctx)
        ui_root = helpers.get_new_ui_config()

        # Server address & psk
        if cc_fda.has_key('server_name') and cc_fda['server_name'] is not None:
            ui_root.setS(ns_ui.vpnServerAddress, rdf.String, cc_fda['server_name'])
        else:
            ui_root.setS(ns_ui.vpnServerAddress, rdf.String, '')
        psk_seq = ui_root.setS(ns_ui.preSharedKeys, rdf.Seq(rdf.Type(ns_ui.PreSharedKey)))
        if cc_fda.has_key('psk_1') and (cc_fda['psk_1'] != '') and (cc_fda['psk_1'] is not None):
            psk = psk_seq.new()
            psk.setS(ns_ui.preSharedKey, rdf.String, cc_fda['psk_1'])
        if cc_fda.has_key('psk_2') and (cc_fda['psk_2'] != '') and (cc_fda['psk_2'] is not None):
            psk = psk_seq.new()
            psk.setS(ns_ui.preSharedKey, rdf.String, cc_fda['psk_2'])
        # DNS
        if cc_fda['dns'] == 'use_ic_dns':
            ui_root.setS(ns_ui.clientDnsServers, rdf.Type(ns_ui.NetworkConnectionDns))
        elif cc_fda['dns'] == 'manual_dns':
            dns_root = ui_root.setS(ns_ui.clientDnsServers, rdf.Type(ns_ui.SetDnsServers))
            uidatahelpers.save_optional_field_to_rdf(dns_root, ns_ui.primaryDns, rdf.IPv4Address, cc_fda, 'dns_1')
            uidatahelpers.save_optional_field_to_rdf(dns_root, ns_ui.secondaryDns, rdf.IPv4Address, cc_fda, 'dns_2')
        else:
            raise uidatahelpers.FormDataError('Client connection dns is neither network dns nor set dns.')
        # WINS
        # Note: parent node is ui-root, which may already have a value from old config, use empty default
        # value to remove old data in case form value is missing.
        uidatahelpers.save_optional_field_to_rdf(ui_root, ns_ui.clientPrimaryWins, rdf.IPv4Address, cc_fda, 'wins_1', default=None)
        uidatahelpers.save_optional_field_to_rdf(ui_root, ns_ui.clientSecondaryWins, rdf.IPv4Address, cc_fda, 'wins_2', default=None)
        ui_root.setS(ns_ui.clientSubnet, rdf.IPv4Subnet, cc_fda['client_subnet'])
        ui_root.setS(ns_ui.clientAddressRange, rdf.IPv4AddressRange, cc_fda['client_address_range'])

        ui_root.setS(ns_ui.clientCompression, rdf.Boolean, cc_fda['client_compression'])
Exemple #2
0
    def save_client_connection_data(self, ctx, form, data):
        cc_fda = formalutils.FormDataAccessor(form, ['client_connection'], ctx)
        ui_root = helpers.get_new_ui_config()

        # Server address & psk
        if cc_fda.has_key('server_name') and cc_fda['server_name'] is not None:
            ui_root.setS(ns_ui.vpnServerAddress, rdf.String,
                         cc_fda['server_name'])
        else:
            ui_root.setS(ns_ui.vpnServerAddress, rdf.String, '')
        psk_seq = ui_root.setS(ns_ui.preSharedKeys,
                               rdf.Seq(rdf.Type(ns_ui.PreSharedKey)))
        if cc_fda.has_key('psk_1') and (cc_fda['psk_1'] !=
                                        '') and (cc_fda['psk_1'] is not None):
            psk = psk_seq.new()
            psk.setS(ns_ui.preSharedKey, rdf.String, cc_fda['psk_1'])
        if cc_fda.has_key('psk_2') and (cc_fda['psk_2'] !=
                                        '') and (cc_fda['psk_2'] is not None):
            psk = psk_seq.new()
            psk.setS(ns_ui.preSharedKey, rdf.String, cc_fda['psk_2'])
        # DNS
        if cc_fda['dns'] == 'use_ic_dns':
            ui_root.setS(ns_ui.clientDnsServers,
                         rdf.Type(ns_ui.NetworkConnectionDns))
        elif cc_fda['dns'] == 'manual_dns':
            dns_root = ui_root.setS(ns_ui.clientDnsServers,
                                    rdf.Type(ns_ui.SetDnsServers))
            uidatahelpers.save_optional_field_to_rdf(dns_root,
                                                     ns_ui.primaryDns,
                                                     rdf.IPv4Address, cc_fda,
                                                     'dns_1')
            uidatahelpers.save_optional_field_to_rdf(dns_root,
                                                     ns_ui.secondaryDns,
                                                     rdf.IPv4Address, cc_fda,
                                                     'dns_2')
        else:
            raise uidatahelpers.FormDataError(
                'Client connection dns is neither network dns nor set dns.')
        # WINS
        # Note: parent node is ui-root, which may already have a value from old config, use empty default
        # value to remove old data in case form value is missing.
        uidatahelpers.save_optional_field_to_rdf(ui_root,
                                                 ns_ui.clientPrimaryWins,
                                                 rdf.IPv4Address,
                                                 cc_fda,
                                                 'wins_1',
                                                 default=None)
        uidatahelpers.save_optional_field_to_rdf(ui_root,
                                                 ns_ui.clientSecondaryWins,
                                                 rdf.IPv4Address,
                                                 cc_fda,
                                                 'wins_2',
                                                 default=None)
        ui_root.setS(ns_ui.clientSubnet, rdf.IPv4Subnet,
                     cc_fda['client_subnet'])
        ui_root.setS(ns_ui.clientAddressRange, rdf.IPv4AddressRange,
                     cc_fda['client_address_range'])

        ui_root.setS(ns_ui.clientCompression, rdf.Boolean,
                     cc_fda['client_compression'])
Exemple #3
0
    def _get_radius_info(self, new_ui_config=False):
        """Return RADIUS information in an array that we can compare later.

        Information included in the array is precisely the fields that, if
        changed, require a full runner restart (instead of just FreeRADIUS
        restart).  Currently it is just the RADIUS server addresses, because
        the are required for ICMP monitoring; note that ports are *not* needed
        here.
        """

        if new_ui_config:
            ui_root = helpers.get_new_ui_config()
        else:
            ui_root = helpers.get_ui_config()
        res = []

        try:
            res.append(ui_root.getS(ns_ui.radiusPrimaryServer, rdf.String))
        except:
            _log.exception('cannot get radius info')
            res.append(None)

        try:
            res.append(ui_root.getS(ns_ui.radiusSecondaryServer, rdf.String))
        except:
            _log.exception('cannot get radius info')
            res.append(None)

        return res
Exemple #4
0
    def _get_radius_info(self, new_ui_config=False):
        """Return RADIUS information in an array that we can compare later.

        Information included in the array is precisely the fields that, if
        changed, require a full runner restart (instead of just FreeRADIUS
        restart).  Currently it is just the RADIUS server addresses, because
        the are required for ICMP monitoring; note that ports are *not* needed
        here.
        """

        if new_ui_config:
            ui_root = helpers.get_new_ui_config()
        else:
            ui_root = helpers.get_ui_config()
        res = []

        try:
            res.append(ui_root.getS(ns_ui.radiusPrimaryServer, rdf.String))
        except:
            _log.exception('cannot get radius info')
            res.append(None)
            
        try:
            res.append(ui_root.getS(ns_ui.radiusSecondaryServer, rdf.String))
        except:
            _log.exception('cannot get radius info')
            res.append(None)

        return res
Exemple #5
0
    def save_ui_data(self, ctx, form, data):    
        fda = formalutils.FormDataAccessor(form, [], ctx)
        ui_root = helpers.get_new_ui_config()

        # XXX: this should probably be refactored to uihelpers, in conjunction
        # with the access control element
        def _set_access(ns_pub, ns_priv, val):
            _log.debug('_set_access: %s' % val)
            if val == 'both':
                ui_root.setS(ns_pub, rdf.Boolean, True)
                ui_root.setS(ns_priv, rdf.Boolean, True)
            elif val == 'public':
                ui_root.setS(ns_pub, rdf.Boolean, True)
                ui_root.setS(ns_priv, rdf.Boolean, False)
            elif val == 'private':
                ui_root.setS(ns_pub, rdf.Boolean, False)
                ui_root.setS(ns_priv, rdf.Boolean, True)
            else:
                ui_root.setS(ns_pub, rdf.Boolean, False)
                ui_root.setS(ns_priv, rdf.Boolean, False)
        
        tmp = fda.descend('license_group')
        if tmp.has_key('license_key') and tmp['license_key'] is not None:
            lic_key = tmp['license_key'].upper()
            ui_root.setS(ns_ui.licenseKey, rdf.String, lic_key)
        else:
            # empty field (None) => clear product license
            ui_root.setS(ns_ui.licenseKey, rdf.String, '')

        tmp = fda.descend('locale_group')

        tmp = fda.descend('reboot_group')
        ui_root.setS(ns_ui.periodicRebootDay, rdf.Integer, tmp['reboot_day'])
        ui_root.setS(ns_ui.periodicRebootTime, rdf.Integer, tmp['reboot_time'])
        ui_root.setS(ns_ui.automaticUpdates, rdf.Boolean, tmp['automatic_updates'])

        tmp = fda.descend('snmp_group')
        _set_access(ns_ui.snmpAccessPublic, ns_ui.snmpAccessPrivate, tmp['snmp_access'])
        if tmp.has_key('snmp_community') and tmp['snmp_community'] is not None:
            ui_root.setS(ns_ui.snmpCommunity, rdf.String, tmp['snmp_community'])
        else:
            ui_root.setS(ns_ui.snmpCommunity, rdf.String, '')
        
        tmp = fda.descend('remote_group')
        _set_access(ns_ui.webAccessPublic, ns_ui.webAccessPrivate, tmp['www_administration'])
        _set_access(ns_ui.sshAccessPublic, ns_ui.sshAccessPrivate, tmp['ssh_connection'])

        tmp = fda.descend('ssl_group')
        if tmp.has_key('ssl_certificate_chain') and tmp['ssl_certificate_chain'] is not None:
            ui_root.setS(ns_ui.publicSslCertificateChain, rdf.String, tmp['ssl_certificate_chain'])
        else:
            ui_root.setS(ns_ui.publicSslCertificateChain, rdf.String, '')
        if tmp.has_key('ssl_private_key') and tmp['ssl_private_key'] is not None:
            ui_root.setS(ns_ui.publicSslPrivateKey, rdf.String, tmp['ssl_private_key'])
        else:
            ui_root.setS(ns_ui.publicSslPrivateKey, rdf.String, '')
    def save_firewall_data(self, ctx, form, data):
        def _save_port_forward_to_rdf(rdf_node, fda):
            rdf_node.setS(ns_ui.protocol, rdf.String, fda['new_fw_protocol'])
            uidatahelpers.save_optional_field_to_rdf(rdf_node, ns_ui.incomingPort, rdf.Integer, fda, 'new_fw_port_in')
            rdf_node.setS(ns_ui.ipAddress, rdf.IPv4Address, fda['new_fw_ip_out'])
            uidatahelpers.save_optional_field_to_rdf(rdf_node, ns_ui.destinationPort, rdf.Integer, fda, 'new_fw_port_out')

        ui_root = helpers.get_new_ui_config()
        fw_fda = formalutils.FormDataAccessor(form, ['firewall'], ctx)
        ui_root.setS(ns_ui.firewallInUse, rdf.Boolean, fw_fda['firewall_in_use'])

        # XXX: separate function
        pf_fda = formalutils.FormDataAccessor(form, ['port_forwards'], ctx)
        uidatahelpers.save_dynamic_list_to_rdf(ui_root, ns_ui.portForwards, ns_ui.PortForward, pf_fda, _save_port_forward_to_rdf)
    def save_routes_data(self, ctx, form, data):
        def _save_additional_route_to_rdf(rdf_node, fda):
            uidatahelpers.create_rdf_route(rdf_node, fda['subnet'], fda['network_connection'], fda['gateway'], ns_ui.route)    
        
        def _save_ppp_firewall_rule_to_rdf(rdf_node, fda):
            if isinstance(fda['ip_subnet'], datatypes.IPv4Address):
                rdf_node.setS(ns_ui.ipAddress, rdf.IPv4Address, fda['ip_subnet'])
            elif isinstance(fda['ip_subnet'], datatypes.IPv4Subnet):
                rdf_node.setS(ns_ui.subnet, rdf.IPv4Subnet, fda['ip_subnet'])
            else:
                raise uidatahelpers.FormDataError('Firewall rule IP/subnet is neither IPv4Address nor IPv4Subnet')
                    
            if fda['protocol'] == 'any':
                pass
            else:
                rdf_node.setS(ns_ui.protocol, rdf.String, fda['protocol'])

            uidatahelpers.save_optional_field_to_rdf(rdf_node, ns_ui.port, rdf.Integer, fda, 'port')    

            rdf_node.setS(ns_ui.action, rdf.String, fda['action'])
            
        toplevel_fda = formalutils.FormDataAccessor(form, [], ctx)
        ui_root = helpers.get_new_ui_config()

        # Default route
        droute_fda = toplevel_fda.descend('dr_group') 
        uidatahelpers.create_rdf_route(ui_root, None, droute_fda['network_connection'], droute_fda['gateway'], ns_ui.defaultRoute)

        # Additional routes
        add_route_fda = toplevel_fda.descend('ar_group')
        uidatahelpers.save_dynamic_list_to_rdf(ui_root, ns_ui.routes, ns_ui.Route, add_route_fda, _save_additional_route_to_rdf)

        # Source routing (forced routing)
        source_fda = toplevel_fda.descend('sr_group')
        if source_fda['source_routing_selection'] == 'off':
            ui_root.removeNodes(ns_ui.sourceRouting)
        elif source_fda['source_routing_selection'] == 'on':
            uidatahelpers.create_rdf_route(ui_root, None, source_fda['network_connection'], source_fda['gateway'], ns_ui.sourceRouting)
        else:
            raise uidatahelpers.FormDataError('Forced routing is neither on nor off.')

        # PPP firewall rules
        fwrule_fda = toplevel_fda.descend('fwrule_group')
        uidatahelpers.save_dynamic_list_to_rdf(ui_root, ns_ui.pppFirewallRules, ns_ui.PppFirewallRule, fwrule_fda, _save_ppp_firewall_rule_to_rdf)
Exemple #8
0
    def save_user_list(self, ctx, form, data, userpw_dict):
        def _save_user_to_rdf(user, fda):
            username = fda['username']
            user.setS(ns_ui.username, rdf.String, username)

            # Password is tricky; we look up the previous config, and if a user
            # of this name existed and it had a password, use that password unless
            # a new one is specified.  This is not perfect, but at least it works
            # correctly w.r.t. changed username.  Note however that we do not track
            # user identity as such across a name change: if admin removes user XYZ
            # and adds a new user with name XYZ (with empty password field), that
            # user will simply inherit the older user XYZ password.

            if fda.has_key('password') and (fda['password'] is not None) and (
                    fda['password'] != ''):
                # set hashed password entries
                uihelpers.set_user_password_hashes(user, fda['password'])
            else:
                if userpw_dict.has_key(username):
                    password_plain, password_md5, password_nt = userpw_dict[
                        username]
                    user.setS(ns_ui.passwordMd5, rdf.String, password_md5)
                    user.setS(ns_ui.passwordNtHash, rdf.String, password_nt)
                    user.removeNodes(ns_ui.password)
                else:
                    # this should not happen; log but don't fail badly
                    _log.error(
                        'no password in form or userpw dict, should not happen'
                    )
                    user.setS(ns_ui.password, rdf.String, '')

            uidatahelpers.save_optional_field_to_rdf(user, ns_ui.fixedIp,
                                                     rdf.IPv4Address, fda,
                                                     'fixed_ip')
            user.setS(ns_ui.adminRights, rdf.Boolean, fda['admin_rights'])
            user.setS(ns_ui.vpnRights, rdf.Boolean, fda['vpn_rights'])

        ui_root = helpers.get_new_ui_config()
        fda = formalutils.FormDataAccessor(form, ['userlist_group'], ctx)
        uidatahelpers.save_dynamic_list_to_rdf(ui_root, ns_ui.users,
                                               ns_ui.User, fda,
                                               _save_user_to_rdf)
    def save_s2s_list_data(self, ctx, form, data):
        def _save_connection(conn, fda):
            conn.setS(ns_ui.username, rdf.String, fda['s2s_username'])
            conn.setS(ns_ui.password, rdf.String, fda['s2s_password'])
            uidatahelpers.save_subnet_list_to_rdf(conn, ns_ui.subnetList, fda,
                                                  's2s_subnets')
            mode = fda['s2s_mode']
            if mode == 'client':
                conn.setS(ns_ui.mode, rdf.String, 'client')
                conn.setS(ns_ui.preSharedKey, rdf.String, fda['s2s_psk'])
                conn.setS(ns_ui.serverAddress, rdf.String, fda['s2s_server'])
            elif mode == 'server':
                conn.setS(ns_ui.mode, rdf.String, 'server')
            else:
                raise Exception('unknown mode: %s' % mode)

        ui_root = helpers.get_new_ui_config()
        fda = formalutils.FormDataAccessor(form, ['s2s_connections'], ctx)
        uidatahelpers.save_dynamic_list_to_rdf(ui_root,
                                               ns_ui.siteToSiteConnections,
                                               ns_ui.SiteToSiteConnection, fda,
                                               _save_connection)
    def save_s2s_list_data(self, ctx, form, data):
        def _save_connection(conn, fda):
            conn.setS(ns_ui.username, rdf.String, fda['s2s_username'])
            conn.setS(ns_ui.password, rdf.String, fda['s2s_password'])
            uidatahelpers.save_subnet_list_to_rdf(conn, ns_ui.subnetList, fda, 's2s_subnets')
            mode = fda['s2s_mode']
            if mode == 'client':
                conn.setS(ns_ui.mode, rdf.String, 'client')
                conn.setS(ns_ui.preSharedKey, rdf.String, fda['s2s_psk'])
                conn.setS(ns_ui.serverAddress, rdf.String, fda['s2s_server'])
            elif mode == 'server':
                conn.setS(ns_ui.mode, rdf.String, 'server')
            else:
                raise Exception('unknown mode: %s' % mode)

        ui_root = helpers.get_new_ui_config()
        fda = formalutils.FormDataAccessor(form, ['s2s_connections'], ctx)
        uidatahelpers.save_dynamic_list_to_rdf(ui_root,
                                               ns_ui.siteToSiteConnections,
                                               ns_ui.SiteToSiteConnection,
                                               fda,
                                               _save_connection)
Exemple #11
0
    def save_radius(self, ctx, form, data):
        ui_root = helpers.get_new_ui_config()
        fda = formalutils.FormDataAccessor(form, ['radius'], ctx)

        val = ''
        if fda.has_key('server1') and fda['server1'] is not None:
            val = fda['server1']
        ui_root.setS(ns_ui.radiusPrimaryServer, rdf.String, val)

        val = 1812
        if fda.has_key('serverport1') and fda['serverport1'] is not None:
            val = fda['serverport1']
        ui_root.setS(ns_ui.radiusPrimaryServerPort, rdf.Integer, val)

        val = ''
        if fda.has_key('secret1') and fda['secret1'] is not None:
            val = fda['secret1']
        ui_root.setS(ns_ui.radiusPrimarySecret, rdf.String, val)
        
        val = ''
        if fda.has_key('server2') and fda['server2'] is not None:
            val = fda['server2']
        ui_root.setS(ns_ui.radiusSecondaryServer, rdf.String, val)
        
        val = 1812
        if fda.has_key('serverport2') and fda['serverport2'] is not None:
            val = fda['serverport2']
        ui_root.setS(ns_ui.radiusSecondaryServerPort, rdf.Integer, val)
        
        val = ''
        if fda.has_key('secret2') and fda['secret2'] is not None:
            val = fda['secret2']
        ui_root.setS(ns_ui.radiusSecondarySecret, rdf.String, val)

        val = ''
        if fda.has_key('nasidentifier') and fda['nasidentifier'] is not None:
            val = fda['nasidentifier']
        ui_root.setS(ns_ui.radiusNasIdentifier, rdf.String, val)
Exemple #12
0
    def save_radius(self, ctx, form, data):
        ui_root = helpers.get_new_ui_config()
        fda = formalutils.FormDataAccessor(form, ['radius'], ctx)

        val = ''
        if fda.has_key('server1') and fda['server1'] is not None:
            val = fda['server1']
        ui_root.setS(ns_ui.radiusPrimaryServer, rdf.String, val)

        val = 1812
        if fda.has_key('serverport1') and fda['serverport1'] is not None:
            val = fda['serverport1']
        ui_root.setS(ns_ui.radiusPrimaryServerPort, rdf.Integer, val)

        val = ''
        if fda.has_key('secret1') and fda['secret1'] is not None:
            val = fda['secret1']
        ui_root.setS(ns_ui.radiusPrimarySecret, rdf.String, val)

        val = ''
        if fda.has_key('server2') and fda['server2'] is not None:
            val = fda['server2']
        ui_root.setS(ns_ui.radiusSecondaryServer, rdf.String, val)

        val = 1812
        if fda.has_key('serverport2') and fda['serverport2'] is not None:
            val = fda['serverport2']
        ui_root.setS(ns_ui.radiusSecondaryServerPort, rdf.Integer, val)

        val = ''
        if fda.has_key('secret2') and fda['secret2'] is not None:
            val = fda['secret2']
        ui_root.setS(ns_ui.radiusSecondarySecret, rdf.String, val)

        val = ''
        if fda.has_key('nasidentifier') and fda['nasidentifier'] is not None:
            val = fda['nasidentifier']
        ui_root.setS(ns_ui.radiusNasIdentifier, rdf.String, val)
Exemple #13
0
    def save_user_list(self, ctx, form, data, userpw_dict):
        def _save_user_to_rdf(user, fda):
            username = fda['username']
            user.setS(ns_ui.username, rdf.String, username)

            # Password is tricky; we look up the previous config, and if a user
            # of this name existed and it had a password, use that password unless
            # a new one is specified.  This is not perfect, but at least it works
            # correctly w.r.t. changed username.  Note however that we do not track
            # user identity as such across a name change: if admin removes user XYZ
            # and adds a new user with name XYZ (with empty password field), that
            # user will simply inherit the older user XYZ password.
            
            if fda.has_key('password') and (fda['password'] is not None) and (fda['password'] != ''):
                # set hashed password entries
                uihelpers.set_user_password_hashes(user, fda['password'])
            else:
                if userpw_dict.has_key(username):
                    password_plain, password_md5, password_nt = userpw_dict[username]
                    user.setS(ns_ui.passwordMd5, rdf.String, password_md5)
                    user.setS(ns_ui.passwordNtHash, rdf.String, password_nt)
                    user.removeNodes(ns_ui.password)
                else:
                    # this should not happen; log but don't fail badly
                    _log.error('no password in form or userpw dict, should not happen')
                    user.setS(ns_ui.password, rdf.String, '')
                    
            uidatahelpers.save_optional_field_to_rdf(user, ns_ui.fixedIp, rdf.IPv4Address, fda, 'fixed_ip')
            user.setS(ns_ui.adminRights, rdf.Boolean, fda['admin_rights']) 
            user.setS(ns_ui.vpnRights, rdf.Boolean, fda['vpn_rights'])
        
        ui_root = helpers.get_new_ui_config()
        fda = formalutils.FormDataAccessor(form, ['userlist_group'], ctx)
        uidatahelpers.save_dynamic_list_to_rdf(ui_root,
                                               ns_ui.users,
                                               ns_ui.User,
                                               fda,
                                               _save_user_to_rdf)
    def save_firewall_data(self, ctx, form, data):
        def _save_port_forward_to_rdf(rdf_node, fda):
            rdf_node.setS(ns_ui.protocol, rdf.String, fda['new_fw_protocol'])
            uidatahelpers.save_optional_field_to_rdf(rdf_node,
                                                     ns_ui.incomingPort,
                                                     rdf.Integer, fda,
                                                     'new_fw_port_in')
            rdf_node.setS(ns_ui.ipAddress, rdf.IPv4Address,
                          fda['new_fw_ip_out'])
            uidatahelpers.save_optional_field_to_rdf(rdf_node,
                                                     ns_ui.destinationPort,
                                                     rdf.Integer, fda,
                                                     'new_fw_port_out')

        ui_root = helpers.get_new_ui_config()
        fw_fda = formalutils.FormDataAccessor(form, ['firewall'], ctx)
        ui_root.setS(ns_ui.firewallInUse, rdf.Boolean,
                     fw_fda['firewall_in_use'])

        # XXX: separate function
        pf_fda = formalutils.FormDataAccessor(form, ['port_forwards'], ctx)
        uidatahelpers.save_dynamic_list_to_rdf(ui_root, ns_ui.portForwards,
                                               ns_ui.PortForward, pf_fda,
                                               _save_port_forward_to_rdf)
Exemple #15
0
    def submitted(self, ctx, form, data):
        fda = formalutils.FormDataAccessor(form, [], ctx)
        pd = uidatahelpers.CreateProtocolData()

        # Save collapsed states first, so they feed back to next round
        for [rdf_uri,
             key] in [[ns_ui.collapseLicense, 'license_group'],
                      [ns_ui.collapseLocale, 'locale_group'],
                      [ns_ui.collapseProductMaintenance, 'reboot_group'],
                      [ns_ui.collapseSnmp, 'snmp_group'],
                      [ns_ui.collapseRemoteManagement, 'remote_group'],
                      [ns_ui.collapseSslCertificate, 'ssl_group']]:
            try:
                # XXX: passing of the hidden _collapsedstate_ parameter is not too clean
                uihelpers.update_collapse_setting(
                    rdf_uri, fda['%s._collapsedstate_' % key])
            except:
                _log.exception('error updating collapsed state for %s' %
                               rdf_uri)

        try:
            # global canonicalization
            tmp = fda.descend('license_group')
            if tmp.has_key('license_key') and (tmp['license_key'] is not None):
                tmp['license_key'] = tmp['license_key'].upper().strip()

            # global validation
            tmp = fda.descend('license_group')
            if tmp.has_key('license_key') and (tmp['license_key'] is not None):
                val, grps = None, None
                try:
                    val, grps = licensekey.decode_license(tmp['license_key'])
                except:
                    _log.exception('license decoding failed')
                if val is None:
                    tmp.add_error('license_key', 'Invalid license key')

            tmp = fda.descend('remote_group')
            if tmp.has_key('root_password1') and tmp.has_key('root_password2'):
                pw1, pw2 = tmp['root_password1'], tmp['root_password2']
                if pw1 is None:
                    pw1 = ''
                if pw2 is None:
                    pw2 = ''
                if pw1 != pw2:
                    tmp.add_error('root_password1', 'Passwords do not match')
                    tmp.add_error('root_password2', 'Passwords do not match')
                else:
                    if not helpers.check_unix_password_characters(pw1):
                        tmp.add_error('root_password1',
                                      'Invalid characters in password')
                        tmp.add_error('root_password2',
                                      'Invalid characters in password')

            tmp = fda.descend('snmp_group')
            if tmp.has_key(
                    'snmp_community') and tmp['snmp_community'] is not None:
                if not uihelpers.check_snmp_community_characters(
                        tmp['snmp_community']):
                    tmp.add_error('snmp_community', 'Invalid characters')

            #
            #  XXX -- How to validate SSL certificates reliably?  Currently invalid
            #  certificate / key causes VPNease to use self-signed version so it's
            #  relatively OK.
            #

            #
            #  XXX -- admin smtp setting validation & normalization
            #

            # Intermediate early bail out to avoid saving if there are errors
            fda.finalize_validation()

            # Deep copy UI config to 'new' UI config
            pd.clone_ui_config()

            # save data
            self.save_ui_data(ctx, form, data)

            # re-create protocol data to see if new exceptions crop up
            pd.save_protocol_data()
        except:
            _log.exception(
                'validation failed unexpectedly, adding global error')
            fda.add_global_error('Unknown validation error')

        # finalize; raises if something wrong
        fda.finalize_validation()

        # locale settings are handled directly
        cfg_ui = helpers.get_new_ui_config()
        try:
            cfg_ui.setS(ns_ui.timezone, rdf.String,
                        fda['locale_group.timezone'])
            cfg_ui.setS(ns_ui.keymap, rdf.String, fda['locale_group.keymap'])
            gnomeconfig.set_keymap_settings(
                cfg_ui.getS(ns_ui.keymap, rdf.String))
        except:
            _log.exception('activating timezone and keymap settings failed')

        # same with root password
        try:
            tmp = fda.descend('remote_group')
            if tmp.has_key('root_password1') and tmp.has_key('root_password2'):
                pw1, pw2 = tmp['root_password1'], tmp['root_password2']
                if (pw1 == '') and (pw2 == ''):
                    pass
                elif (pw1 == None) and (pw2 == None):
                    pass
                elif pw1 == pw2:
                    # change password; we assume it converts to ascii nicely
                    helpers.change_unix_password('root', str(pw1))
                else:
                    # should not come here
                    _log.error('passwords differ after validation, ignoring')
        except:
            _log.exception('changing root password failed')

        # activate new config
        pd.activate_protocol_data()

        # update initial config saved flag
        pd.update_initial_config_saved()

        #
        #  XXX: It would be cleaner if we could first stop the runner, then change the
        #  config, and then restart it.  If we do that with a deferred, then it is possible
        #  that the user changes the config again before we have time to activate it.
        #  Putting the config into some sort of "staging area" might help.  Currently we
        #  simply assume that runner stop (and start) are robust enough.
        #

        #
        #  XXX: If timezone has changed, we should re-render graphs immediately so they
        #  will have the correct timezone when status pages are loaded.
        #

        # ssl certificate - always rewrite here
        try:
            uihelpers.update_ssl_certificate_files()

            # reread files; we don't regenerate because we never overwrite the self-signed
            # certificate here
            self.master.reread_ssl_files()
        except:
            _log.exception('ssl certificate check failed')

        # stop, configure, start
        followup = uihelpers.build_uri(ctx, 'status/main.html')
        return uihelpers.reconfigure_and_restart_page(self.master,
                                                      ctx,
                                                      followup_uri=followup)
Exemple #16
0
    def save_ui_data(self, ctx, form, data):
        fda = formalutils.FormDataAccessor(form, [], ctx)
        ui_root = helpers.get_new_ui_config()

        # XXX: this should probably be refactored to uihelpers, in conjunction
        # with the access control element
        def _set_access(ns_pub, ns_priv, val):
            _log.debug('_set_access: %s' % val)
            if val == 'both':
                ui_root.setS(ns_pub, rdf.Boolean, True)
                ui_root.setS(ns_priv, rdf.Boolean, True)
            elif val == 'public':
                ui_root.setS(ns_pub, rdf.Boolean, True)
                ui_root.setS(ns_priv, rdf.Boolean, False)
            elif val == 'private':
                ui_root.setS(ns_pub, rdf.Boolean, False)
                ui_root.setS(ns_priv, rdf.Boolean, True)
            else:
                ui_root.setS(ns_pub, rdf.Boolean, False)
                ui_root.setS(ns_priv, rdf.Boolean, False)

        tmp = fda.descend('license_group')
        if tmp.has_key('license_key') and tmp['license_key'] is not None:
            lic_key = tmp['license_key'].upper()
            ui_root.setS(ns_ui.licenseKey, rdf.String, lic_key)
        else:
            # empty field (None) => clear product license
            ui_root.setS(ns_ui.licenseKey, rdf.String, '')

        tmp = fda.descend('locale_group')

        tmp = fda.descend('reboot_group')
        ui_root.setS(ns_ui.periodicRebootDay, rdf.Integer, tmp['reboot_day'])
        ui_root.setS(ns_ui.periodicRebootTime, rdf.Integer, tmp['reboot_time'])
        ui_root.setS(ns_ui.automaticUpdates, rdf.Boolean,
                     tmp['automatic_updates'])

        tmp = fda.descend('snmp_group')
        _set_access(ns_ui.snmpAccessPublic, ns_ui.snmpAccessPrivate,
                    tmp['snmp_access'])
        if tmp.has_key('snmp_community') and tmp['snmp_community'] is not None:
            ui_root.setS(ns_ui.snmpCommunity, rdf.String,
                         tmp['snmp_community'])
        else:
            ui_root.setS(ns_ui.snmpCommunity, rdf.String, '')

        tmp = fda.descend('remote_group')
        _set_access(ns_ui.webAccessPublic, ns_ui.webAccessPrivate,
                    tmp['www_administration'])
        _set_access(ns_ui.sshAccessPublic, ns_ui.sshAccessPrivate,
                    tmp['ssh_connection'])

        tmp = fda.descend('ssl_group')
        if tmp.has_key('ssl_certificate_chain'
                       ) and tmp['ssl_certificate_chain'] is not None:
            ui_root.setS(ns_ui.publicSslCertificateChain, rdf.String,
                         tmp['ssl_certificate_chain'])
        else:
            ui_root.setS(ns_ui.publicSslCertificateChain, rdf.String, '')
        if tmp.has_key(
                'ssl_private_key') and tmp['ssl_private_key'] is not None:
            ui_root.setS(ns_ui.publicSslPrivateKey, rdf.String,
                         tmp['ssl_private_key'])
        else:
            ui_root.setS(ns_ui.publicSslPrivateKey, rdf.String, '')
Exemple #17
0
    def save_network_data(self, ctx, form, data):
        def _save_ip_address(rdf_node, fda):
            if fda['ip_address_selection'] == 'dhcp':
                rdf_node.setS(ns_ui.address, rdf.Type(ns_ui.DhcpAddress))
            elif fda['ip_address_selection'] == 'static':
                static_node = rdf_node.setS(ns_ui.address,
                                            rdf.Type(ns_ui.StaticAddress))
                static_node.setS(ns_ui.ipAddress, rdf.IPv4Address,
                                 fda['ip_address'])
                static_node.setS(ns_ui.subnetMask, rdf.IPv4Address,
                                 fda['subnet_mask'])
            else:
                raise uidatahelpers.FormDataError(
                    'ip_address_selection is neither dhcp nor static')

        def _save_client_traffic(rdf_node, fda):
            client_nat = False
            client_proxy = False
            if fda['client_traffic'] == 'nat':
                client_nat = True
            elif fda['client_traffic'] == 'proxyarp':
                client_proxy = True
            rdf_node.setS(ns_ui.clientConnectionNat, rdf.Boolean, client_nat)
            rdf_node.setS(ns_ui.clientConnectionProxyArp, rdf.Boolean,
                          client_proxy)

        fda = formalutils.FormDataAccessor(form, [], ctx)
        ui_root = helpers.get_new_ui_config()

        # Interface count
        ic_root = ui_root.setS(ns_ui.internetConnection,
                               rdf.Type(ns_ui.NetworkConnection))
        if fda['ifcount_group.interface_count'] == 'oneif':
            ui_root.removeNodes(ns_ui.privateNetworkConnection)
            pn_root = None
        elif fda['ifcount_group.interface_count'] == 'twoif':
            pn_root = ui_root.setS(ns_ui.privateNetworkConnection,
                                   rdf.Type(ns_ui.NetworkConnection))
        else:
            raise uidatahelpers.FormDataError(
                'interface_count is neither oneif nor twoif.')

        # Internet connection
        ic_fda = fda.descend('ic_group')
        ic_root.setS(ns_ui.interface, rdf.String, ic_fda['if'])
        _save_ip_address(ic_root, ic_fda)
        uidatahelpers.save_optional_field_to_rdf(ic_root, ns_ui.defaultGateway,
                                                 rdf.IPv4Address, ic_fda,
                                                 'default_gateway')
        ic_root.setS(ns_ui.mtu, rdf.Integer, int(ic_fda['mtu']))
        uidatahelpers.save_optional_field_to_rdf(ic_root, ns_ui.vpnUplink,
                                                 rdf.Float, ic_fda, 'uplink')
        _save_client_traffic(ic_root, ic_fda)

        # Private network connection, fill if exists.
        if not (pn_root is None):
            pn_fda = fda.descend('pn_group')
            pn_root.setS(ns_ui.interface, rdf.String, pn_fda['if'])
            _save_ip_address(pn_root, pn_fda)
            uidatahelpers.save_optional_field_to_rdf(pn_root,
                                                     ns_ui.defaultGateway,
                                                     rdf.IPv4Address, pn_fda,
                                                     'default_gateway')
            _save_client_traffic(pn_root, pn_fda)

        # DNS Servers
        dns_fda = fda.descend('dns_group')
        if dns_fda['dns_selection'] == 'use_dhcp_ic':
            dns_root = ui_root.setS(ns_ui.dnsServers,
                                    rdf.Type(ns_ui.InternetConnectionDhcp))
        elif dns_fda['dns_selection'] == 'use_dhcp_pn':
            dns_root = ui_root.setS(
                ns_ui.dnsServers, rdf.Type(ns_ui.PrivateNetworkConnectionDhcp))
        elif dns_fda['dns_selection'] == 'set_manually':
            dns_root = ui_root.setS(ns_ui.dnsServers,
                                    rdf.Type(ns_ui.SetDnsServers))

            # XXX: dns_1 is not really optional here; we should not save dns_2 if we don't have dns_1, it makes no sense
            uidatahelpers.save_optional_field_to_rdf(dns_root,
                                                     ns_ui.primaryDns,
                                                     rdf.IPv4Address, dns_fda,
                                                     'dns_1')
            uidatahelpers.save_optional_field_to_rdf(dns_root,
                                                     ns_ui.secondaryDns,
                                                     rdf.IPv4Address, dns_fda,
                                                     'dns_2')

        # Dyndns
        ddns_fda = fda.descend('ddns_group')
        if uidatahelpers.has_form_value(ddns_fda, 'ddns_provider') and \
           (ddns_fda['ddns_provider'] != 'none'):
            ddns_root = ui_root.setS(ns_ui.dynDnsServer,
                                     rdf.Type(ns_ui.DynDnsServer))
            ddns_root.setS(ns_ui.dynDnsProvider, rdf.String,
                           ddns_fda['ddns_provider'])
            ddns_root.setS(ns_ui.dynDnsUsername, rdf.String,
                           ddns_fda['ddns_username'])
            ddns_root.setS(ns_ui.dynDnsPassword, rdf.String,
                           ddns_fda['ddns_password'])
            ddns_root.setS(ns_ui.dynDnsHostname, rdf.String,
                           ddns_fda['ddns_hostname'])

            tmp = ddns_fda['ddns_address_type']
            if tmp == 'interface':
                ddns_root.setS(ns_ui.dynDnsAddress, rdf.String, '')
            elif tmp == 'natted':
                ddns_root.setS(ns_ui.dynDnsAddress, rdf.String, 'natted')
            elif tmp == 'static':
                if (ddns_fda.has_key('ddns_address')) and \
                       (ddns_fda['ddns_address'] is not None) and \
                       (ddns_fda['ddns_address'] != ''):
                    ddns_root.setS(ns_ui.dynDnsAddress, rdf.String,
                                   ddns_fda['ddns_address'])
                else:
                    ddns_root.setS(ns_ui.dynDnsAddress, rdf.String, '')
        else:
            ui_root.removeNodes(ns_ui.dynDnsServer)
    def save_routes_data(self, ctx, form, data):
        def _save_additional_route_to_rdf(rdf_node, fda):
            uidatahelpers.create_rdf_route(rdf_node, fda['subnet'],
                                           fda['network_connection'],
                                           fda['gateway'], ns_ui.route)

        def _save_ppp_firewall_rule_to_rdf(rdf_node, fda):
            if isinstance(fda['ip_subnet'], datatypes.IPv4Address):
                rdf_node.setS(ns_ui.ipAddress, rdf.IPv4Address,
                              fda['ip_subnet'])
            elif isinstance(fda['ip_subnet'], datatypes.IPv4Subnet):
                rdf_node.setS(ns_ui.subnet, rdf.IPv4Subnet, fda['ip_subnet'])
            else:
                raise uidatahelpers.FormDataError(
                    'Firewall rule IP/subnet is neither IPv4Address nor IPv4Subnet'
                )

            if fda['protocol'] == 'any':
                pass
            else:
                rdf_node.setS(ns_ui.protocol, rdf.String, fda['protocol'])

            uidatahelpers.save_optional_field_to_rdf(rdf_node, ns_ui.port,
                                                     rdf.Integer, fda, 'port')

            rdf_node.setS(ns_ui.action, rdf.String, fda['action'])

        toplevel_fda = formalutils.FormDataAccessor(form, [], ctx)
        ui_root = helpers.get_new_ui_config()

        # Default route
        droute_fda = toplevel_fda.descend('dr_group')
        uidatahelpers.create_rdf_route(ui_root, None,
                                       droute_fda['network_connection'],
                                       droute_fda['gateway'],
                                       ns_ui.defaultRoute)

        # Additional routes
        add_route_fda = toplevel_fda.descend('ar_group')
        uidatahelpers.save_dynamic_list_to_rdf(ui_root, ns_ui.routes,
                                               ns_ui.Route, add_route_fda,
                                               _save_additional_route_to_rdf)

        # Source routing (forced routing)
        source_fda = toplevel_fda.descend('sr_group')
        if source_fda['source_routing_selection'] == 'off':
            ui_root.removeNodes(ns_ui.sourceRouting)
        elif source_fda['source_routing_selection'] == 'on':
            uidatahelpers.create_rdf_route(ui_root, None,
                                           source_fda['network_connection'],
                                           source_fda['gateway'],
                                           ns_ui.sourceRouting)
        else:
            raise uidatahelpers.FormDataError(
                'Forced routing is neither on nor off.')

        # PPP firewall rules
        fwrule_fda = toplevel_fda.descend('fwrule_group')
        uidatahelpers.save_dynamic_list_to_rdf(ui_root, ns_ui.pppFirewallRules,
                                               ns_ui.PppFirewallRule,
                                               fwrule_fda,
                                               _save_ppp_firewall_rule_to_rdf)
Exemple #19
0
    def submitted(self, ctx, form, data):
        fda = formalutils.FormDataAccessor(form, [], ctx)
        pd = uidatahelpers.CreateProtocolData()
        
        # Save collapsed states first, so they feed back to next round
        for [rdf_uri, key] in [ [ ns_ui.collapseLicense, 'license_group' ],
                                [ ns_ui.collapseLocale, 'locale_group' ],
                                [ ns_ui.collapseProductMaintenance, 'reboot_group' ],
                                [ ns_ui.collapseSnmp, 'snmp_group' ],
                                [ ns_ui.collapseRemoteManagement, 'remote_group' ],
                                [ ns_ui.collapseSslCertificate, 'ssl_group' ] ]:
            try:
                # XXX: passing of the hidden _collapsedstate_ parameter is not too clean
                uihelpers.update_collapse_setting(rdf_uri, fda['%s._collapsedstate_' % key])
            except:
                _log.exception('error updating collapsed state for %s' % rdf_uri)

        try:
            # global canonicalization
            tmp = fda.descend('license_group')
            if tmp.has_key('license_key') and (tmp['license_key'] is not None):
                tmp['license_key'] = tmp['license_key'].upper().strip()

            # global validation
            tmp = fda.descend('license_group')
            if tmp.has_key('license_key') and (tmp['license_key'] is not None):
                val, grps = None, None
                try:
                    val, grps = licensekey.decode_license(tmp['license_key'])
                except:
                    _log.exception('license decoding failed')
                if val is None:
                    tmp.add_error('license_key', 'Invalid license key')

            tmp = fda.descend('remote_group')
            if tmp.has_key('root_password1') and tmp.has_key('root_password2'):
                pw1, pw2 = tmp['root_password1'], tmp['root_password2']
                if pw1 is None:
                    pw1 = ''
                if pw2 is None:
                    pw2 = ''
                if pw1 != pw2:
                    tmp.add_error('root_password1', 'Passwords do not match')
                    tmp.add_error('root_password2', 'Passwords do not match')
                else:
                    if not helpers.check_unix_password_characters(pw1):  
                        tmp.add_error('root_password1', 'Invalid characters in password')
                        tmp.add_error('root_password2', 'Invalid characters in password')

            tmp = fda.descend('snmp_group')
            if tmp.has_key('snmp_community') and tmp['snmp_community'] is not None:
                if not uihelpers.check_snmp_community_characters(tmp['snmp_community']):
                    tmp.add_error('snmp_community', 'Invalid characters')

            #
            #  XXX -- How to validate SSL certificates reliably?  Currently invalid
            #  certificate / key causes VPNease to use self-signed version so it's
            #  relatively OK.
            #

            #
            #  XXX -- admin smtp setting validation & normalization
            #
            
            # Intermediate early bail out to avoid saving if there are errors
            fda.finalize_validation()

            # Deep copy UI config to 'new' UI config
            pd.clone_ui_config()

            # save data
            self.save_ui_data(ctx, form, data)

            # re-create protocol data to see if new exceptions crop up
            pd.save_protocol_data()
        except:
            _log.exception('validation failed unexpectedly, adding global error')
            fda.add_global_error('Unknown validation error')

        # finalize; raises if something wrong
        fda.finalize_validation()

        # locale settings are handled directly
        cfg_ui = helpers.get_new_ui_config()
        try:
            cfg_ui.setS(ns_ui.timezone, rdf.String, fda['locale_group.timezone'])
            cfg_ui.setS(ns_ui.keymap, rdf.String, fda['locale_group.keymap'])
            gnomeconfig.set_keymap_settings(cfg_ui.getS(ns_ui.keymap, rdf.String))
        except:
            _log.exception('activating timezone and keymap settings failed')

        # same with root password 
        try:
            tmp = fda.descend('remote_group')
            if tmp.has_key('root_password1') and tmp.has_key('root_password2'):
                pw1, pw2 = tmp['root_password1'], tmp['root_password2']
                if (pw1 == '') and (pw2 == ''):
                    pass
                elif (pw1 == None) and (pw2 == None):
                    pass
                elif pw1 == pw2:
                    # change password; we assume it converts to ascii nicely
                    helpers.change_unix_password('root', str(pw1))
                else:
                    # should not come here
                    _log.error('passwords differ after validation, ignoring')
        except:
            _log.exception('changing root password failed')

        # activate new config
        pd.activate_protocol_data()

        # update initial config saved flag
        pd.update_initial_config_saved()

        #
        #  XXX: It would be cleaner if we could first stop the runner, then change the
        #  config, and then restart it.  If we do that with a deferred, then it is possible
        #  that the user changes the config again before we have time to activate it.
        #  Putting the config into some sort of "staging area" might help.  Currently we
        #  simply assume that runner stop (and start) are robust enough.
        #

        #
        #  XXX: If timezone has changed, we should re-render graphs immediately so they
        #  will have the correct timezone when status pages are loaded.
        #

        # ssl certificate - always rewrite here
        try:
            uihelpers.update_ssl_certificate_files()

            # reread files; we don't regenerate because we never overwrite the self-signed
            # certificate here
            self.master.reread_ssl_files()
        except:
            _log.exception('ssl certificate check failed')

        # stop, configure, start
        followup = uihelpers.build_uri(ctx, 'status/main.html')
        return uihelpers.reconfigure_and_restart_page(self.master, ctx, followup_uri=followup)
    def save_network_data(self, ctx, form, data):
        def _save_ip_address(rdf_node, fda):
            if fda['ip_address_selection'] == 'dhcp':
                rdf_node.setS(ns_ui.address, rdf.Type(ns_ui.DhcpAddress))
            elif fda['ip_address_selection'] == 'static':
                static_node = rdf_node.setS(ns_ui.address, rdf.Type(ns_ui.StaticAddress))
                static_node.setS(ns_ui.ipAddress, rdf.IPv4Address, fda['ip_address'])
                static_node.setS(ns_ui.subnetMask, rdf.IPv4Address, fda['subnet_mask']) 
            else:
                raise uidatahelpers.FormDataError('ip_address_selection is neither dhcp nor static') 
            
        def _save_client_traffic(rdf_node, fda):
            client_nat = False
            client_proxy = False
            if fda['client_traffic'] == 'nat':
                client_nat = True    
            elif fda['client_traffic'] == 'proxyarp':
                client_proxy = True    
            rdf_node.setS(ns_ui.clientConnectionNat, rdf.Boolean, client_nat)
            rdf_node.setS(ns_ui.clientConnectionProxyArp, rdf.Boolean, client_proxy)
        
        fda = formalutils.FormDataAccessor(form, [], ctx)
        ui_root = helpers.get_new_ui_config()

        # Interface count
        ic_root = ui_root.setS(ns_ui.internetConnection, rdf.Type(ns_ui.NetworkConnection))
        if fda['ifcount_group.interface_count'] == 'oneif':
            ui_root.removeNodes(ns_ui.privateNetworkConnection)
            pn_root = None
        elif fda['ifcount_group.interface_count'] == 'twoif':
            pn_root = ui_root.setS(ns_ui.privateNetworkConnection, rdf.Type(ns_ui.NetworkConnection))
        else:
            raise uidatahelpers.FormDataError('interface_count is neither oneif nor twoif.')
            
        # Internet connection
        ic_fda = fda.descend('ic_group')
        ic_root.setS(ns_ui.interface, rdf.String, ic_fda['if'])
        _save_ip_address(ic_root, ic_fda)
        uidatahelpers.save_optional_field_to_rdf(ic_root, ns_ui.defaultGateway, rdf.IPv4Address, ic_fda, 'default_gateway')
        ic_root.setS(ns_ui.mtu, rdf.Integer, int(ic_fda['mtu']))
        uidatahelpers.save_optional_field_to_rdf(ic_root, ns_ui.vpnUplink, rdf.Float, ic_fda, 'uplink')
        _save_client_traffic(ic_root, ic_fda)
               
        # Private network connection, fill if exists.
        if not(pn_root is None):
            pn_fda = fda.descend('pn_group')
            pn_root.setS(ns_ui.interface, rdf.String, pn_fda['if'])
            _save_ip_address(pn_root, pn_fda)
            uidatahelpers.save_optional_field_to_rdf(pn_root, ns_ui.defaultGateway, rdf.IPv4Address, pn_fda, 'default_gateway')
            _save_client_traffic(pn_root, pn_fda)  
                
        # DNS Servers
        dns_fda = fda.descend('dns_group')
        if dns_fda['dns_selection'] == 'use_dhcp_ic':
            dns_root = ui_root.setS(ns_ui.dnsServers, rdf.Type(ns_ui.InternetConnectionDhcp))
        elif dns_fda['dns_selection'] == 'use_dhcp_pn':
            dns_root = ui_root.setS(ns_ui.dnsServers, rdf.Type(ns_ui.PrivateNetworkConnectionDhcp))
        elif dns_fda['dns_selection'] == 'set_manually':
            dns_root = ui_root.setS(ns_ui.dnsServers, rdf.Type(ns_ui.SetDnsServers))

            # XXX: dns_1 is not really optional here; we should not save dns_2 if we don't have dns_1, it makes no sense
            uidatahelpers.save_optional_field_to_rdf(dns_root, ns_ui.primaryDns, rdf.IPv4Address, dns_fda, 'dns_1')
            uidatahelpers.save_optional_field_to_rdf(dns_root, ns_ui.secondaryDns, rdf.IPv4Address, dns_fda, 'dns_2')

        # Dyndns
        ddns_fda = fda.descend('ddns_group')
        if uidatahelpers.has_form_value(ddns_fda, 'ddns_provider') and \
           (ddns_fda['ddns_provider'] != 'none'):
            ddns_root = ui_root.setS(ns_ui.dynDnsServer, rdf.Type(ns_ui.DynDnsServer))
            ddns_root.setS(ns_ui.dynDnsProvider, rdf.String, ddns_fda['ddns_provider'])
            ddns_root.setS(ns_ui.dynDnsUsername, rdf.String, ddns_fda['ddns_username'])
            ddns_root.setS(ns_ui.dynDnsPassword, rdf.String, ddns_fda['ddns_password'])
            ddns_root.setS(ns_ui.dynDnsHostname, rdf.String, ddns_fda['ddns_hostname'])
            
            tmp = ddns_fda['ddns_address_type']
            if tmp == 'interface':
                ddns_root.setS(ns_ui.dynDnsAddress, rdf.String, '')
            elif tmp == 'natted':
                ddns_root.setS(ns_ui.dynDnsAddress, rdf.String, 'natted')
            elif tmp == 'static':
                if (ddns_fda.has_key('ddns_address')) and \
                       (ddns_fda['ddns_address'] is not None) and \
                       (ddns_fda['ddns_address'] != ''):
                    ddns_root.setS(ns_ui.dynDnsAddress, rdf.String, ddns_fda['ddns_address'])
                else:
                    ddns_root.setS(ns_ui.dynDnsAddress, rdf.String, '')            
        else:
            ui_root.removeNodes(ns_ui.dynDnsServer)