def runner_starting(self):
_log.debug("runner_starting()")
# reset device status
try:
root = helpers.get_db_root()
l2tp_status = root.setS(ns.l2tpDeviceStatus, rdf.Type(ns.L2tpDeviceStatus))
except:
_log.exception("setting status root failed")
self._ajax_helper.wake_status_change_waiters()
def _update_update_info(self, res):
root = helpers.get_db_root()
update = root.getS(ns_ui.updateInfo, rdf.Type(ns_ui.UpdateInfo))
# update changelog
update.setS(ns_ui.changeLog, rdf.String, res["changeLog"])
# update latest known version
t = versioninfo.get_changelog_info(changelog=res["changeLog"])
if len(t) < 1:
# XXX: raise or just ignore with warning?
raise Exception("changeLog information from server is empty, not updating changelog info")
latest_version = t[0][0] # first entry is assumed to be latest
helpers.parse_product_version(latest_version) # excepts if not valid
update.setS(ns_ui.latestKnownVersion, rdf.String, latest_version)
def _check_update_on_next_reboot():
try:
ui_root = helpers.get_ui_config()
if ui_root.hasS(ns_ui.automaticUpdates) and ui_root.getS(ns_ui.automaticUpdates, rdf.Boolean):
# XXX: duplication
update_info = helpers.get_db_root().getS(ns_ui.updateInfo, rdf.Type(ns_ui.UpdateInfo))
latest = update_info.getS(ns_ui.latestKnownVersion, rdf.String)
current = helpers.get_product_version()
if (latest != '') and (helpers.compare_product_versions(latest, current) > 0):
return True
else:
return False
else:
return False
except:
# default, assume False
_log.exception('cannot determine whether product update happens on next reboot')
return False
def _check_update_on_next_reboot():
try:
ui_root = helpers.get_ui_config()
if ui_root.hasS(ns_ui.automaticUpdates) and ui_root.getS(
ns_ui.automaticUpdates, rdf.Boolean):
# XXX: duplication
update_info = helpers.get_db_root().getS(
ns_ui.updateInfo, rdf.Type(ns_ui.UpdateInfo))
latest = update_info.getS(ns_ui.latestKnownVersion, rdf.String)
current = helpers.get_product_version()
if (latest != '') and (helpers.compare_product_versions(
latest, current) > 0):
return True
else:
return False
else:
return False
except:
# default, assume False
_log.exception(
'cannot determine whether product update happens on next reboot')
return False
def start_client_connection(self, identifier, myip, gwip, username, password):
l2tp_cfg = helpers.get_db_root().getS(ns.l2tpDeviceConfig, rdf.Type(ns.L2tpDeviceConfig))
ppp_cfg = l2tp_cfg.getS(ns.pppConfig, rdf.Type(ns.PppConfig))
debug = helpers.get_debug(l2tp_cfg)
def _run_config(config, failmsg, successmsg):
rv, out, err = 1, '', ''
lock = helpers.acquire_openl2tpconfig_lock()
if lock is None:
raise Exception('failed to acquire openl2tp config lock')
try:
[rv, out, err] = run_command([constants.CMD_OPENL2TPCONFIG], stdin=str(config))
except:
pass
helpers.release_openl2tpconfig_lock(lock)
if rv != 0:
self._log.error('%s: %s, %s, %s' % (str(failmsg), str(rv), str(out), str(err)))
raise Exception(str(failmsg))
else:
self._log.debug('%s: %s, %s, %s' % (str(successmsg), str(rv), str(out), str(err)))
return rv, out, err
our_port = 1702 # NB: yes, 1702; we differentiate client and site-to-site connections based on local port
peer_port = 1701
ppp_profile_name = 'ppp-prof-%s' % identifier
tunnel_profile_name = 'tunnel-prof-%s' % identifier
session_profile_name = 'session-prof-%s' % identifier
peer_profile_name = 'peer-prof-%s' % identifier
tunnel_name = 'tunnel-%s' % identifier
session_name = 'session-%s' % identifier
# we allow openl2tp to select these and "snoop" them from stdout
tunnel_id = None
session_id = None
# ppp profile
trace_flags = '0'
if debug:
trace_flags = '2047'
config = 'ppp profile create profile_name=%s\n' % ppp_profile_name
# XXX: take MRU and MTU like normal config?
# XXX: should we have separate lcp echo etc settings for site-to-site?
mtu = ppp_cfg.getS(ns.pppMtu, rdf.Integer)
mru = mtu
lcp_echo_interval = 0
lcp_echo_failure = 0
if ppp_cfg.hasS(ns.pppLcpEchoInterval):
lcp_echo_interval = ppp_cfg.getS(ns.pppLcpEchoInterval, rdf.Timedelta).seconds
lcp_echo_failure = ppp_cfg.getS(ns.pppLcpEchoFailure, rdf.Integer)
for i in [ ['default_route', 'no'],
['multilink', 'no'],
['use_radius', 'no'],
['idle_timeout', '0'], # no limit
['mtu', str(mtu)],
['mru', str(mru)],
['lcp_echo_interval', str(lcp_echo_interval)],
['lcp_echo_failure_count', str(lcp_echo_failure)],
['max_connect_time', '0'], # no limit
['max_failure_count', '10'],
['trace_flags', trace_flags] ]:
config += 'ppp profile modify profile_name=%s %s=%s\n' % (ppp_profile_name, i[0], i[1])
# Note: all auth options must be on one line
config += 'ppp profile modify profile_name=%s req_none=yes auth_pap=yes auth_chap=yes auth_mschapv1=no auth_mschapv2=no auth_eap=no req_pap=no req_chap=no req_mschapv1=no req_mschapv2=no req_eap=no\n' % ppp_profile_name
# no encryption
config += 'ppp profile modify profile_name=%s mppe=no\n' % ppp_profile_name
# Note: all compression options must be on one line
# Request deflate or bsdcomp compression.
config += 'ppp profile modify profile_name=%s comp_mppc=no comp_accomp=yes comp_pcomp=no comp_bsdcomp=no comp_deflate=yes comp_predictor=no comp_vj=no comp_ccomp_vj=no comp_ask_deflate=yes comp_ask_bsdcomp=no\n' % ppp_profile_name
# tunnel profile
config += 'tunnel profile create profile_name=%s\n' % tunnel_profile_name
trace_flags = '0'
if debug:
trace_flags = '2047'
# XXX: 1460 is hardcoded here, like in normal l2tp connections
for i in [ ['our_udp_port', str(our_port)],
['peer_udp_port', str(peer_port)],
['mtu', '1460'],
['hello_timeout', '60'],
['retry_timeout', '3'],
['idle_timeout', '0'],
['rx_window_size', '4'],
['tx_window_size', '10'],
['max_retries', '5'],
['framing_caps', 'any'],
['bearer_caps', 'any'],
['trace_flags', trace_flags] ]:
config += 'tunnel profile modify profile_name=%s %s=%s\n' % (tunnel_profile_name, i[0], i[1])
# session profile
config += 'session profile create profile_name=%s\n' % session_profile_name
trace_flags = '0'
if debug:
trace_flags = '2047'
for i in [ ['sequencing_required', 'no'],
['use_sequence_numbers', 'no'],
['trace_flags', trace_flags] ]:
config += 'session profile modify profile_name=%s %s=%s\n' % (session_profile_name, i[0], i[1])
# peer profile
config += 'peer profile create profile_name=%s\n' % peer_profile_name
# XXX: 'lac_lns', 'netmask'
# 'peer_port' has no effect for some reason
for i in [ ['peer_ipaddr', gwip.toString()],
['peer_port', str(peer_port)], # XXX: dup from above
['ppp_profile_name', ppp_profile_name],
['session_profile_name', session_profile_name],
['tunnel_profile_name', tunnel_profile_name] ]:
config += 'peer profile modify profile_name=%s %s=%s\n' % (peer_profile_name, i[0], i[1])
config += '\nquit\n'
# create profiles
self._log.debug('openl2tp config:\n%s' % config)
rv, stdout, stderr = _run_config(config, 'failed to create client-mode profiles', 'create client-mode profiles ok')
# create tunnel - this triggers openl2tp
#
# NOTE: 'interface_name' would make life easier, but is not currently
# supported by Openl2tp.
#
# XXX: 'persist', 'interface_name'
config = 'tunnel create tunnel_name=%s' % tunnel_name # NB: all on one line here
for i in [ ['src_ipaddr', myip.toString()],
['our_udp_port', str(our_port)], # XXX: dup from above
['peer_udp_port', str(peer_port)], # XXX: dup from above
['dest_ipaddr', gwip.toString()],
['peer_profile_name', peer_profile_name],
['profile_name', tunnel_profile_name],
['session_profile_name', session_profile_name],
['tunnel_name', tunnel_name],
### ['tunnel_id', tunnel_id], # XXX: for some reason can't be used, fetched below!
['use_udp_checksums', 'yes'] ]: # XXX: probably doesn't do anything now
config += ' %s=%s' % (i[0], i[1])
config += '\nquit\n'
# activate tunnel
self._log.debug('openl2tp config for tunnel:\n%s' % config)
rv, stdout, stderr = _run_config(config, 'failed to create client-mode tunnel', 'create client-mode tunnel ok')
for l in stderr.split('\n'):
m = _re_openl2tp_created_tunnel.match(l)
if m is not None:
if tunnel_id is not None:
self._log.warning('second tunnel id (%s), old one was %s; ignoring' % (m.group(1), tunnel_id))
else:
tunnel_id = m.group(1)
self._log.debug('figured out tunnel id %s' % tunnel_id)
if tunnel_id is None:
raise Exception('could not figure tunnel id of new site-to-site tunnel (username %s) [rv: %s, out: %s, err: %s]' % (username, rv, stdout, stderr))
config = 'session create session_name=%s' % session_name
for i in [ ['tunnel_name', tunnel_name],
['tunnel_id', tunnel_id],
### ['session_id', session_id], # XXX: for some reason can't be used, fetched below!
['profile_name', session_profile_name],
['ppp_profile_name', ppp_profile_name],
['user_name', username],
['user_password', password] ]:
config += ' %s=%s' % (i[0], i[1])
config += '\nquit\n'
# activate session
self._log.debug('openl2tp config for session:\n%s' % config)
rv, stdout, stderr = _run_config(config, 'failed to create client-mode session', 'create client-mode session ok')
for l in stderr.split('\n'):
m = _re_openl2tp_created_session.match(l)
if m is not None:
if session_id is not None:
self._log.warning('second session id (%s), old one was %s; ignoring' % (m.group(2), session_id))
else:
tun = m.group(1)
if tun != tunnel_id:
self._log.warning('tunnel id differs from earlier (earlier %s, found %s), ignoring' % (tunnel_id, tun))
else:
session_id = m.group(2)
self._log.debug('figured out session id %s' % session_id)
if session_id is None:
raise Exception('could not figure session id of new site-to-site tunnel (username %s) [rv: %s, out: %s, err: %s]' % (username, rv, stdout, stderr))
self._log.info('created new tunnel and session (%s/%s) for site-to-site client (username %s)' % (tunnel_id, session_id, username))
