def updateIpfire():
if os.path.exists("/tmp/customhosts"):
os.remove("/tmp/customhosts")
if os.path.exists("/tmp/customgroups"):
os.remove("/tmp/customgroups")
dbconn = db.database()
dbconn.execute("SELECT lastknownIPv4, address, networklock FROM device D INNER JOIN hardwareidentifier HW ON HW.device_id = D.id")
with open("/tmp/customhosts", "w") as customhosts:
with open("/tmp/customgroups", "w") as customgroups:
counter = 1
for machine in dbconn.fetchall():
customhosts.write(str(counter) + "," + machine["address"] + ",ip," + machine["lastknownIPv4"] + "/255.255.255.255\n")
if machine["networklock"] == 0:
customgroups.write(str(counter) + ",blocked,," + machine["address"] + ",Custom Host\n")
configfile = cf.configfile()
sshConnection = ssh.ssh(configfile.get("ipfire", "url"), int(configfile.get("ipfire", "port")), "philleconnect", configfile.get("ipfire", "password"))
if sshConnection == False:
return False
if not sshConnection.put("/tmp/customhosts", "/var/ipfire/fwhosts/customhosts"):
return False
if not sshConnection.put("/tmp/customgroups", "/var/ipfire/fwhosts/customgroups"):
return False
if not sshConnection.exec("/usr/local/bin/firewallctrl"):
return False
sshConnection.close()
return True
def __init__(self):
self.config = cf.configfile()
ldapServer = Server(self.config.get("ldap", "url"))
self.connection = Connection(ldapServer,
self.config.get("ldap", "admindn") + "," +
self.config.get("ldap", "basedn"),
self.config.get("ldap", "password"),
auto_bind=True)
def __init__(self):
config = cf.configfile()
self.__db = mysql.connector.connect(
host = config.get("database", "url"),
user = config.get("database", "user"),
passwd = config.get("database", "password"),
database = config.get("database", "name")
)
self.__cursor = self.__db.cursor(dictionary=True)
def ipfire():
if not es.isAuthorized("servmgmt"):
return "ERR_ACCESS_DENIED", 403
config = cf.configfile()
if request.method == "GET":
data = {
"url": config.get("ipfire", "url"),
"port": config.get("ipfire", "port"),
"password": config.get("ipfire", "password"),
}
return jsonify(data), 200
elif request.method == "PUT":
config.set("ipfire", "url", request.form.get("url"))
config.set("ipfire", "port", request.form.get("port"))
config.set("ipfire", "password", request.form.get("password"))
return "SUCCESS", 200
def setupIPFire():
if os.path.exists(config.CONFIG_IPFIRE_FILE):
return "ERR_SETUP_ALREADY_DONE", 403
else:
if request.form.get("jump") == None:
if not request.form.get("setup") == None:
try:
sshConnection = ssh.ssh(request.form.get("url"), int(request.form.get("port")), "root", request.form.get("rootpassword"))
if sshConnection == False:
return "ERR_ROOT_PASSWORD_WRONG", 200
except ValueError:
return "ERR_PORT_NOT_A_NUMBER", 400
if not sshConnection.exec("useradd philleconnect"):
return "ERR_IPFIRE_SETUP_USERADD", 500
if not sshConnection.exec("echo philleconnect:" + request.form.get("password") + " | chpasswd"):
return "ERR_IPFIRE_SETUP_SETPASS", 500
if not sshConnection.exec("chmod =4755 /usr/local/bin/firewallctrl"):
return "ERR_IPFIRE_SETUP_PERMISSIONS", 500
if not sshConnection.exec("chmod =666 /var/ipfire/fwhosts/customhosts"):
return "ERR_IPFIRE_SETUP_PERMISSIONS", 500
if not sshConnection.exec("chmod =666 /var/ipfire/fwhosts/customgroups"):
return "ERR_IPFIRE_SETUP_PERMISSIONS", 500
if not sshConnection.exec("mkdir /home/philleconnect"):
return "ERR_IPFIRE_SETUP_HOMEFOLDER", 500
if not sshConnection.exec("mkdir /home/philleconnect/.ssh"):
return "ERR_IPFIRE_SETUP_SSHFILES", 500
if not sshConnection.exec("chown -R philleconnect /home/philleconnect/"):
return "ERR_IPFIRE_SETUP_PERMISSIONS", 500
if not sshConnection.put(config.CONFIG_BASE + "/ipfire/config", "/var/ipfire/firewall/input"):
return "ERR_IPFIRE_SETUP_RULES", 500
sshConnection.close()
sshConnection = ssh.ssh(request.form.get("url"), int(request.form.get("port")), "philleconnect", request.form.get("password"))
if sshConnection == False:
return "ERR_SETUP_ERROR", 200
if not sshConnection.put(config.CONFIG_BASE + "/id_rsa.pub", "/home/philleconnect/.ssh/authorized_keys"):
return "ERR_IPFIRE_SETUP_SSHKEY", 500
if not sshConnection.exec("/usr/local/bin/firewallctrl"):
return "ERR_IPFIRE_SETUP_RELOAD", 500
sshConnection.close()
configfile = cf.configfile()
configfile.set("ipfire", "url", request.form.get("url"))
configfile.set("ipfire", "port", request.form.get("port"))
configfile.set("ipfire", "password", request.form.get("password"))
open(config.CONFIG_IPFIRE_FILE, "a").close()
return "SUCCESS", 200
def __init__(self):
self.__config = cf.configfile()