def save_firewall_data(self, ctx, form, data):
def _save_port_forward_to_rdf(rdf_node, fda):
rdf_node.setS(ns_ui.protocol, rdf.String, fda['new_fw_protocol'])
uidatahelpers.save_optional_field_to_rdf(rdf_node, ns_ui.incomingPort, rdf.Integer, fda, 'new_fw_port_in')
rdf_node.setS(ns_ui.ipAddress, rdf.IPv4Address, fda['new_fw_ip_out'])
uidatahelpers.save_optional_field_to_rdf(rdf_node, ns_ui.destinationPort, rdf.Integer, fda, 'new_fw_port_out')
ui_root = helpers.get_new_ui_config()
fw_fda = formalutils.FormDataAccessor(form, ['firewall'], ctx)
ui_root.setS(ns_ui.firewallInUse, rdf.Boolean, fw_fda['firewall_in_use'])
# XXX: separate function
pf_fda = formalutils.FormDataAccessor(form, ['port_forwards'], ctx)
uidatahelpers.save_dynamic_list_to_rdf(ui_root, ns_ui.portForwards, ns_ui.PortForward, pf_fda, _save_port_forward_to_rdf)
def save_routes_data(self, ctx, form, data):
def _save_additional_route_to_rdf(rdf_node, fda):
uidatahelpers.create_rdf_route(rdf_node, fda['subnet'], fda['network_connection'], fda['gateway'], ns_ui.route)
def _save_ppp_firewall_rule_to_rdf(rdf_node, fda):
if isinstance(fda['ip_subnet'], datatypes.IPv4Address):
rdf_node.setS(ns_ui.ipAddress, rdf.IPv4Address, fda['ip_subnet'])
elif isinstance(fda['ip_subnet'], datatypes.IPv4Subnet):
rdf_node.setS(ns_ui.subnet, rdf.IPv4Subnet, fda['ip_subnet'])
else:
raise uidatahelpers.FormDataError('Firewall rule IP/subnet is neither IPv4Address nor IPv4Subnet')
if fda['protocol'] == 'any':
pass
else:
rdf_node.setS(ns_ui.protocol, rdf.String, fda['protocol'])
uidatahelpers.save_optional_field_to_rdf(rdf_node, ns_ui.port, rdf.Integer, fda, 'port')
rdf_node.setS(ns_ui.action, rdf.String, fda['action'])
toplevel_fda = formalutils.FormDataAccessor(form, [], ctx)
ui_root = helpers.get_new_ui_config()
# Default route
droute_fda = toplevel_fda.descend('dr_group')
uidatahelpers.create_rdf_route(ui_root, None, droute_fda['network_connection'], droute_fda['gateway'], ns_ui.defaultRoute)
# Additional routes
add_route_fda = toplevel_fda.descend('ar_group')
uidatahelpers.save_dynamic_list_to_rdf(ui_root, ns_ui.routes, ns_ui.Route, add_route_fda, _save_additional_route_to_rdf)
# Source routing (forced routing)
source_fda = toplevel_fda.descend('sr_group')
if source_fda['source_routing_selection'] == 'off':
ui_root.removeNodes(ns_ui.sourceRouting)
elif source_fda['source_routing_selection'] == 'on':
uidatahelpers.create_rdf_route(ui_root, None, source_fda['network_connection'], source_fda['gateway'], ns_ui.sourceRouting)
else:
raise uidatahelpers.FormDataError('Forced routing is neither on nor off.')
# PPP firewall rules
fwrule_fda = toplevel_fda.descend('fwrule_group')
uidatahelpers.save_dynamic_list_to_rdf(ui_root, ns_ui.pppFirewallRules, ns_ui.PppFirewallRule, fwrule_fda, _save_ppp_firewall_rule_to_rdf)
def save_user_list(self, ctx, form, data, userpw_dict):
def _save_user_to_rdf(user, fda):
username = fda['username']
user.setS(ns_ui.username, rdf.String, username)
# Password is tricky; we look up the previous config, and if a user
# of this name existed and it had a password, use that password unless
# a new one is specified. This is not perfect, but at least it works
# correctly w.r.t. changed username. Note however that we do not track
# user identity as such across a name change: if admin removes user XYZ
# and adds a new user with name XYZ (with empty password field), that
# user will simply inherit the older user XYZ password.
if fda.has_key('password') and (fda['password'] is not None) and (
fda['password'] != ''):
# set hashed password entries
uihelpers.set_user_password_hashes(user, fda['password'])
else:
if userpw_dict.has_key(username):
password_plain, password_md5, password_nt = userpw_dict[
username]
user.setS(ns_ui.passwordMd5, rdf.String, password_md5)
user.setS(ns_ui.passwordNtHash, rdf.String, password_nt)
user.removeNodes(ns_ui.password)
else:
# this should not happen; log but don't fail badly
_log.error(
'no password in form or userpw dict, should not happen'
)
user.setS(ns_ui.password, rdf.String, '')
uidatahelpers.save_optional_field_to_rdf(user, ns_ui.fixedIp,
rdf.IPv4Address, fda,
'fixed_ip')
user.setS(ns_ui.adminRights, rdf.Boolean, fda['admin_rights'])
user.setS(ns_ui.vpnRights, rdf.Boolean, fda['vpn_rights'])
ui_root = helpers.get_new_ui_config()
fda = formalutils.FormDataAccessor(form, ['userlist_group'], ctx)
uidatahelpers.save_dynamic_list_to_rdf(ui_root, ns_ui.users,
ns_ui.User, fda,
_save_user_to_rdf)
def save_s2s_list_data(self, ctx, form, data):
def _save_connection(conn, fda):
conn.setS(ns_ui.username, rdf.String, fda['s2s_username'])
conn.setS(ns_ui.password, rdf.String, fda['s2s_password'])
uidatahelpers.save_subnet_list_to_rdf(conn, ns_ui.subnetList, fda, 's2s_subnets')
mode = fda['s2s_mode']
if mode == 'client':
conn.setS(ns_ui.mode, rdf.String, 'client')
conn.setS(ns_ui.preSharedKey, rdf.String, fda['s2s_psk'])
conn.setS(ns_ui.serverAddress, rdf.String, fda['s2s_server'])
elif mode == 'server':
conn.setS(ns_ui.mode, rdf.String, 'server')
else:
raise Exception('unknown mode: %s' % mode)
ui_root = helpers.get_new_ui_config()
fda = formalutils.FormDataAccessor(form, ['s2s_connections'], ctx)
uidatahelpers.save_dynamic_list_to_rdf(ui_root,
ns_ui.siteToSiteConnections,
ns_ui.SiteToSiteConnection,
fda,
_save_connection)
def save_s2s_list_data(self, ctx, form, data):
def _save_connection(conn, fda):
conn.setS(ns_ui.username, rdf.String, fda['s2s_username'])
conn.setS(ns_ui.password, rdf.String, fda['s2s_password'])
uidatahelpers.save_subnet_list_to_rdf(conn, ns_ui.subnetList, fda,
's2s_subnets')
mode = fda['s2s_mode']
if mode == 'client':
conn.setS(ns_ui.mode, rdf.String, 'client')
conn.setS(ns_ui.preSharedKey, rdf.String, fda['s2s_psk'])
conn.setS(ns_ui.serverAddress, rdf.String, fda['s2s_server'])
elif mode == 'server':
conn.setS(ns_ui.mode, rdf.String, 'server')
else:
raise Exception('unknown mode: %s' % mode)
ui_root = helpers.get_new_ui_config()
fda = formalutils.FormDataAccessor(form, ['s2s_connections'], ctx)
uidatahelpers.save_dynamic_list_to_rdf(ui_root,
ns_ui.siteToSiteConnections,
ns_ui.SiteToSiteConnection, fda,
_save_connection)
def save_user_list(self, ctx, form, data, userpw_dict):
def _save_user_to_rdf(user, fda):
username = fda['username']
user.setS(ns_ui.username, rdf.String, username)
# Password is tricky; we look up the previous config, and if a user
# of this name existed and it had a password, use that password unless
# a new one is specified. This is not perfect, but at least it works
# correctly w.r.t. changed username. Note however that we do not track
# user identity as such across a name change: if admin removes user XYZ
# and adds a new user with name XYZ (with empty password field), that
# user will simply inherit the older user XYZ password.
if fda.has_key('password') and (fda['password'] is not None) and (fda['password'] != ''):
# set hashed password entries
uihelpers.set_user_password_hashes(user, fda['password'])
else:
if userpw_dict.has_key(username):
password_plain, password_md5, password_nt = userpw_dict[username]
user.setS(ns_ui.passwordMd5, rdf.String, password_md5)
user.setS(ns_ui.passwordNtHash, rdf.String, password_nt)
user.removeNodes(ns_ui.password)
else:
# this should not happen; log but don't fail badly
_log.error('no password in form or userpw dict, should not happen')
user.setS(ns_ui.password, rdf.String, '')
uidatahelpers.save_optional_field_to_rdf(user, ns_ui.fixedIp, rdf.IPv4Address, fda, 'fixed_ip')
user.setS(ns_ui.adminRights, rdf.Boolean, fda['admin_rights'])
user.setS(ns_ui.vpnRights, rdf.Boolean, fda['vpn_rights'])
ui_root = helpers.get_new_ui_config()
fda = formalutils.FormDataAccessor(form, ['userlist_group'], ctx)
uidatahelpers.save_dynamic_list_to_rdf(ui_root,
ns_ui.users,
ns_ui.User,
fda,
_save_user_to_rdf)
def save_firewall_data(self, ctx, form, data):
def _save_port_forward_to_rdf(rdf_node, fda):
rdf_node.setS(ns_ui.protocol, rdf.String, fda['new_fw_protocol'])
uidatahelpers.save_optional_field_to_rdf(rdf_node,
ns_ui.incomingPort,
rdf.Integer, fda,
'new_fw_port_in')
rdf_node.setS(ns_ui.ipAddress, rdf.IPv4Address,
fda['new_fw_ip_out'])
uidatahelpers.save_optional_field_to_rdf(rdf_node,
ns_ui.destinationPort,
rdf.Integer, fda,
'new_fw_port_out')
ui_root = helpers.get_new_ui_config()
fw_fda = formalutils.FormDataAccessor(form, ['firewall'], ctx)
ui_root.setS(ns_ui.firewallInUse, rdf.Boolean,
fw_fda['firewall_in_use'])
# XXX: separate function
pf_fda = formalutils.FormDataAccessor(form, ['port_forwards'], ctx)
uidatahelpers.save_dynamic_list_to_rdf(ui_root, ns_ui.portForwards,
ns_ui.PortForward, pf_fda,
_save_port_forward_to_rdf)
def save_routes_data(self, ctx, form, data):
def _save_additional_route_to_rdf(rdf_node, fda):
uidatahelpers.create_rdf_route(rdf_node, fda['subnet'],
fda['network_connection'],
fda['gateway'], ns_ui.route)
def _save_ppp_firewall_rule_to_rdf(rdf_node, fda):
if isinstance(fda['ip_subnet'], datatypes.IPv4Address):
rdf_node.setS(ns_ui.ipAddress, rdf.IPv4Address,
fda['ip_subnet'])
elif isinstance(fda['ip_subnet'], datatypes.IPv4Subnet):
rdf_node.setS(ns_ui.subnet, rdf.IPv4Subnet, fda['ip_subnet'])
else:
raise uidatahelpers.FormDataError(
'Firewall rule IP/subnet is neither IPv4Address nor IPv4Subnet'
)
if fda['protocol'] == 'any':
pass
else:
rdf_node.setS(ns_ui.protocol, rdf.String, fda['protocol'])
uidatahelpers.save_optional_field_to_rdf(rdf_node, ns_ui.port,
rdf.Integer, fda, 'port')
rdf_node.setS(ns_ui.action, rdf.String, fda['action'])
toplevel_fda = formalutils.FormDataAccessor(form, [], ctx)
ui_root = helpers.get_new_ui_config()
# Default route
droute_fda = toplevel_fda.descend('dr_group')
uidatahelpers.create_rdf_route(ui_root, None,
droute_fda['network_connection'],
droute_fda['gateway'],
ns_ui.defaultRoute)
# Additional routes
add_route_fda = toplevel_fda.descend('ar_group')
uidatahelpers.save_dynamic_list_to_rdf(ui_root, ns_ui.routes,
ns_ui.Route, add_route_fda,
_save_additional_route_to_rdf)
# Source routing (forced routing)
source_fda = toplevel_fda.descend('sr_group')
if source_fda['source_routing_selection'] == 'off':
ui_root.removeNodes(ns_ui.sourceRouting)
elif source_fda['source_routing_selection'] == 'on':
uidatahelpers.create_rdf_route(ui_root, None,
source_fda['network_connection'],
source_fda['gateway'],
ns_ui.sourceRouting)
else:
raise uidatahelpers.FormDataError(
'Forced routing is neither on nor off.')
# PPP firewall rules
fwrule_fda = toplevel_fda.descend('fwrule_group')
uidatahelpers.save_dynamic_list_to_rdf(ui_root, ns_ui.pppFirewallRules,
ns_ui.PppFirewallRule,
fwrule_fda,
_save_ppp_firewall_rule_to_rdf)
