def service_rulesetOpen(self, context, filetype, name):
"""
Open a ruleset or a template (if is_template is True).
"""
filetype = getUnicode(filetype)
name = getUnicode(name)
checkRulesetName(name)
client = self.getClient(context)
logger = ContextLoggerChild(context, self)
self.info(context, 'Open the ruleset "%s"' % name)
data = yield self.core.callService(self.ufwi_ruleset_context, 'network', 'getNetconfig')
netcfg = deserializeNetCfg(data)
read_only = not any(context.hasRole(role) for role in RULESET_FORWARD_WRITE_ROLES)
if EDENWALL \
and (not read_only) \
and (filetype == "template") \
and (self.core.getMultisiteType() == MULTISITE_SLAVE):
read_only = True
ruleset = Ruleset(self, logger, netcfg,
read_only=read_only, client=client)
result = ruleset.load(logger, filetype, name)
if not read_only:
self.core.lock_manager.acquire(context, LOCK_RULESET)
self._saveRuleset(context, ruleset)
returnValue(result)
def _applyUseNetCfg(self, netcfg_data, context):
netcfg = deserializeNetCfg(netcfg_data)
# FIXME: use LocalFW wrapper
defer = self.core.callService(context, 'localfw', 'open', LOCALFW_FILENAME)
defer.addCallback(self._clearRules, context)
defer.addCallback(self._createRules, netcfg, context)
defer.addCallback(self._applyLocalFW, context)
defer.addBoth(self._closeLocalFW, context)
return defer
def service_ufwi_confSync(self, context):
"""
Synchronize with ufwi_conf: create new interfaces and networks from the
ufwi_conf (system) configuration.
Keep removed interfaces and networks.
"""
ruleset = self.getRuleset(context)
data = yield self.core.callService(self.ufwi_ruleset_context, 'network', 'getNetconfig')
netcfg = deserializeNetCfg(data)
result = yield ruleset.ufwi_confSync(self, netcfg)
returnValue(result)
def service_getMissingLinks(self, context, filetype, name, links):
"""
Check if all generic links are defined for the specified
ruleset/template "name".
Return the list of generic links without physical value as a
dictionary. If the dictionary is empty, all generic links are defined.
"""
name = getUnicode(name)
logger = ContextLoggerChild(context, self)
data = yield self.core.callService(self.ufwi_ruleset_context, 'network', 'getNetconfig')
netcfg = deserializeNetCfg(data)
result = getMissingLinks(self, logger, filetype, name, netcfg, links)
returnValue(result)
def _updateNetworks(self, data):
netcfg = deserializeNetCfg(data)
networks = set((interface.system_name, network)
for interface, network in netcfg.iterKnownNetworks())
networks |= set(self.access_cfg.custom_networks)
open_networks = set((interface, network)
for (interface, network) in networks
if network not in CLOSED_NETWORKS)
permissions = self.access_cfg.permissions
for service in permissions:
if permissions[service] == True:
permissions[service] = open_networks
else:
# delete old networks
permissions[service] &= networks
def service_rulesetUpload(self, context, filetype, filename, content):
"""
Upload a new ruleset or template:
- filetype: "ruleset" or "template"
- filename: input filename
- content: file content encoded by encodeFileContent()
Return the ruleset name.
"""
filetype = getUnicode(filetype)
filename = getUnicode(filename)
content = getUnicode(content)
self.info(context, 'Upload a new %s: filename="%s"' % (filetype, filename))
logger = ContextLoggerChild(context, self)
data = yield self.core.callService(self.ufwi_ruleset_context, 'network', 'getNetconfig')
netcfg = deserializeNetCfg(data)
result = rulesetUpload(self, logger, filetype, filename, content, netcfg)
returnValue(result)
def service_rulesetCreate(self, context, filetype, base_template):
"""
Create a new ruleset based on a template. Use base_template='' to
ignore the base template.
"""
self.info(context, 'Create a new ruleset')
if EDENWALL:
multisite_type = self.core.getMultisiteType()
base_template = checkMultisiteTypeValue(multisite_type, filetype, base_template)
client = self.getClient(context)
logger = ContextLoggerChild(context, self)
data = yield self.core.callService(self.ufwi_ruleset_context, 'network', 'getNetconfig')
netcfg = deserializeNetCfg(data)
ruleset = Ruleset(self, logger, netcfg, client=client)
result = ruleset.create(logger, filetype, netcfg, base_template=base_template)
if not ruleset.read_only:
self.core.lock_manager.acquire(context, LOCK_RULESET)
self._saveRuleset(context, ruleset)
returnValue(result)
def _append_all_routes(self):
"""
When importing an old config without any manual pushed routes
"""
changed = False
#fetch net config
netconfig = self.core.config_manager.get('network')
netcfg = deserializeNetCfg(netconfig)
#fetch default routes and gateways
default_routes = tuple(netcfg.iterRoutes(default_only=True))
#default_gateways: IPy.IP
default_gateways = tuple(route.router for route in default_routes)
#add everything into config
for network in netcfg.iterNetworks(include_ha=False):
if _includeNet(network, default_gateways):
self.openvpn_cfg.manual_pushed_routes += (network.net, )
changed = True
return changed
def deserialize(serialized_cfg, cls=NetCfgRW, parent=None):
result = deserializeNetCfg(serialized_cfg, cls, parent=parent)
ok, msg = result.isValidWithMsg()
if not ok:
raise NetCfgError(msg)
return result
def getNetconfig(data, component, context, template_content, generic_links):
netcfg = deserializeNetCfg(data)
return deferToThread(_applyMultisiteThread, component, context, template_content, generic_links, netcfg)
