def save_client_connection_data(self, ctx, form, data): cc_fda = formalutils.FormDataAccessor(form, ['client_connection'], ctx) ui_root = helpers.get_new_ui_config() # Server address & psk if cc_fda.has_key('server_name') and cc_fda['server_name'] is not None: ui_root.setS(ns_ui.vpnServerAddress, rdf.String, cc_fda['server_name']) else: ui_root.setS(ns_ui.vpnServerAddress, rdf.String, '') psk_seq = ui_root.setS(ns_ui.preSharedKeys, rdf.Seq(rdf.Type(ns_ui.PreSharedKey))) if cc_fda.has_key('psk_1') and (cc_fda['psk_1'] != '') and (cc_fda['psk_1'] is not None): psk = psk_seq.new() psk.setS(ns_ui.preSharedKey, rdf.String, cc_fda['psk_1']) if cc_fda.has_key('psk_2') and (cc_fda['psk_2'] != '') and (cc_fda['psk_2'] is not None): psk = psk_seq.new() psk.setS(ns_ui.preSharedKey, rdf.String, cc_fda['psk_2']) # DNS if cc_fda['dns'] == 'use_ic_dns': ui_root.setS(ns_ui.clientDnsServers, rdf.Type(ns_ui.NetworkConnectionDns)) elif cc_fda['dns'] == 'manual_dns': dns_root = ui_root.setS(ns_ui.clientDnsServers, rdf.Type(ns_ui.SetDnsServers)) uidatahelpers.save_optional_field_to_rdf(dns_root, ns_ui.primaryDns, rdf.IPv4Address, cc_fda, 'dns_1') uidatahelpers.save_optional_field_to_rdf(dns_root, ns_ui.secondaryDns, rdf.IPv4Address, cc_fda, 'dns_2') else: raise uidatahelpers.FormDataError('Client connection dns is neither network dns nor set dns.') # WINS # Note: parent node is ui-root, which may already have a value from old config, use empty default # value to remove old data in case form value is missing. uidatahelpers.save_optional_field_to_rdf(ui_root, ns_ui.clientPrimaryWins, rdf.IPv4Address, cc_fda, 'wins_1', default=None) uidatahelpers.save_optional_field_to_rdf(ui_root, ns_ui.clientSecondaryWins, rdf.IPv4Address, cc_fda, 'wins_2', default=None) ui_root.setS(ns_ui.clientSubnet, rdf.IPv4Subnet, cc_fda['client_subnet']) ui_root.setS(ns_ui.clientAddressRange, rdf.IPv4AddressRange, cc_fda['client_address_range']) ui_root.setS(ns_ui.clientCompression, rdf.Boolean, cc_fda['client_compression'])
def save_client_connection_data(self, ctx, form, data): cc_fda = formalutils.FormDataAccessor(form, ['client_connection'], ctx) ui_root = helpers.get_new_ui_config() # Server address & psk if cc_fda.has_key('server_name') and cc_fda['server_name'] is not None: ui_root.setS(ns_ui.vpnServerAddress, rdf.String, cc_fda['server_name']) else: ui_root.setS(ns_ui.vpnServerAddress, rdf.String, '') psk_seq = ui_root.setS(ns_ui.preSharedKeys, rdf.Seq(rdf.Type(ns_ui.PreSharedKey))) if cc_fda.has_key('psk_1') and (cc_fda['psk_1'] != '') and (cc_fda['psk_1'] is not None): psk = psk_seq.new() psk.setS(ns_ui.preSharedKey, rdf.String, cc_fda['psk_1']) if cc_fda.has_key('psk_2') and (cc_fda['psk_2'] != '') and (cc_fda['psk_2'] is not None): psk = psk_seq.new() psk.setS(ns_ui.preSharedKey, rdf.String, cc_fda['psk_2']) # DNS if cc_fda['dns'] == 'use_ic_dns': ui_root.setS(ns_ui.clientDnsServers, rdf.Type(ns_ui.NetworkConnectionDns)) elif cc_fda['dns'] == 'manual_dns': dns_root = ui_root.setS(ns_ui.clientDnsServers, rdf.Type(ns_ui.SetDnsServers)) uidatahelpers.save_optional_field_to_rdf(dns_root, ns_ui.primaryDns, rdf.IPv4Address, cc_fda, 'dns_1') uidatahelpers.save_optional_field_to_rdf(dns_root, ns_ui.secondaryDns, rdf.IPv4Address, cc_fda, 'dns_2') else: raise uidatahelpers.FormDataError( 'Client connection dns is neither network dns nor set dns.') # WINS # Note: parent node is ui-root, which may already have a value from old config, use empty default # value to remove old data in case form value is missing. uidatahelpers.save_optional_field_to_rdf(ui_root, ns_ui.clientPrimaryWins, rdf.IPv4Address, cc_fda, 'wins_1', default=None) uidatahelpers.save_optional_field_to_rdf(ui_root, ns_ui.clientSecondaryWins, rdf.IPv4Address, cc_fda, 'wins_2', default=None) ui_root.setS(ns_ui.clientSubnet, rdf.IPv4Subnet, cc_fda['client_subnet']) ui_root.setS(ns_ui.clientAddressRange, rdf.IPv4AddressRange, cc_fda['client_address_range']) ui_root.setS(ns_ui.clientCompression, rdf.Boolean, cc_fda['client_compression'])
def _get_radius_info(self, new_ui_config=False): """Return RADIUS information in an array that we can compare later. Information included in the array is precisely the fields that, if changed, require a full runner restart (instead of just FreeRADIUS restart). Currently it is just the RADIUS server addresses, because the are required for ICMP monitoring; note that ports are *not* needed here. """ if new_ui_config: ui_root = helpers.get_new_ui_config() else: ui_root = helpers.get_ui_config() res = [] try: res.append(ui_root.getS(ns_ui.radiusPrimaryServer, rdf.String)) except: _log.exception('cannot get radius info') res.append(None) try: res.append(ui_root.getS(ns_ui.radiusSecondaryServer, rdf.String)) except: _log.exception('cannot get radius info') res.append(None) return res
def save_ui_data(self, ctx, form, data): fda = formalutils.FormDataAccessor(form, [], ctx) ui_root = helpers.get_new_ui_config() # XXX: this should probably be refactored to uihelpers, in conjunction # with the access control element def _set_access(ns_pub, ns_priv, val): _log.debug('_set_access: %s' % val) if val == 'both': ui_root.setS(ns_pub, rdf.Boolean, True) ui_root.setS(ns_priv, rdf.Boolean, True) elif val == 'public': ui_root.setS(ns_pub, rdf.Boolean, True) ui_root.setS(ns_priv, rdf.Boolean, False) elif val == 'private': ui_root.setS(ns_pub, rdf.Boolean, False) ui_root.setS(ns_priv, rdf.Boolean, True) else: ui_root.setS(ns_pub, rdf.Boolean, False) ui_root.setS(ns_priv, rdf.Boolean, False) tmp = fda.descend('license_group') if tmp.has_key('license_key') and tmp['license_key'] is not None: lic_key = tmp['license_key'].upper() ui_root.setS(ns_ui.licenseKey, rdf.String, lic_key) else: # empty field (None) => clear product license ui_root.setS(ns_ui.licenseKey, rdf.String, '') tmp = fda.descend('locale_group') tmp = fda.descend('reboot_group') ui_root.setS(ns_ui.periodicRebootDay, rdf.Integer, tmp['reboot_day']) ui_root.setS(ns_ui.periodicRebootTime, rdf.Integer, tmp['reboot_time']) ui_root.setS(ns_ui.automaticUpdates, rdf.Boolean, tmp['automatic_updates']) tmp = fda.descend('snmp_group') _set_access(ns_ui.snmpAccessPublic, ns_ui.snmpAccessPrivate, tmp['snmp_access']) if tmp.has_key('snmp_community') and tmp['snmp_community'] is not None: ui_root.setS(ns_ui.snmpCommunity, rdf.String, tmp['snmp_community']) else: ui_root.setS(ns_ui.snmpCommunity, rdf.String, '') tmp = fda.descend('remote_group') _set_access(ns_ui.webAccessPublic, ns_ui.webAccessPrivate, tmp['www_administration']) _set_access(ns_ui.sshAccessPublic, ns_ui.sshAccessPrivate, tmp['ssh_connection']) tmp = fda.descend('ssl_group') if tmp.has_key('ssl_certificate_chain') and tmp['ssl_certificate_chain'] is not None: ui_root.setS(ns_ui.publicSslCertificateChain, rdf.String, tmp['ssl_certificate_chain']) else: ui_root.setS(ns_ui.publicSslCertificateChain, rdf.String, '') if tmp.has_key('ssl_private_key') and tmp['ssl_private_key'] is not None: ui_root.setS(ns_ui.publicSslPrivateKey, rdf.String, tmp['ssl_private_key']) else: ui_root.setS(ns_ui.publicSslPrivateKey, rdf.String, '')
def save_firewall_data(self, ctx, form, data): def _save_port_forward_to_rdf(rdf_node, fda): rdf_node.setS(ns_ui.protocol, rdf.String, fda['new_fw_protocol']) uidatahelpers.save_optional_field_to_rdf(rdf_node, ns_ui.incomingPort, rdf.Integer, fda, 'new_fw_port_in') rdf_node.setS(ns_ui.ipAddress, rdf.IPv4Address, fda['new_fw_ip_out']) uidatahelpers.save_optional_field_to_rdf(rdf_node, ns_ui.destinationPort, rdf.Integer, fda, 'new_fw_port_out') ui_root = helpers.get_new_ui_config() fw_fda = formalutils.FormDataAccessor(form, ['firewall'], ctx) ui_root.setS(ns_ui.firewallInUse, rdf.Boolean, fw_fda['firewall_in_use']) # XXX: separate function pf_fda = formalutils.FormDataAccessor(form, ['port_forwards'], ctx) uidatahelpers.save_dynamic_list_to_rdf(ui_root, ns_ui.portForwards, ns_ui.PortForward, pf_fda, _save_port_forward_to_rdf)
def save_routes_data(self, ctx, form, data): def _save_additional_route_to_rdf(rdf_node, fda): uidatahelpers.create_rdf_route(rdf_node, fda['subnet'], fda['network_connection'], fda['gateway'], ns_ui.route) def _save_ppp_firewall_rule_to_rdf(rdf_node, fda): if isinstance(fda['ip_subnet'], datatypes.IPv4Address): rdf_node.setS(ns_ui.ipAddress, rdf.IPv4Address, fda['ip_subnet']) elif isinstance(fda['ip_subnet'], datatypes.IPv4Subnet): rdf_node.setS(ns_ui.subnet, rdf.IPv4Subnet, fda['ip_subnet']) else: raise uidatahelpers.FormDataError('Firewall rule IP/subnet is neither IPv4Address nor IPv4Subnet') if fda['protocol'] == 'any': pass else: rdf_node.setS(ns_ui.protocol, rdf.String, fda['protocol']) uidatahelpers.save_optional_field_to_rdf(rdf_node, ns_ui.port, rdf.Integer, fda, 'port') rdf_node.setS(ns_ui.action, rdf.String, fda['action']) toplevel_fda = formalutils.FormDataAccessor(form, [], ctx) ui_root = helpers.get_new_ui_config() # Default route droute_fda = toplevel_fda.descend('dr_group') uidatahelpers.create_rdf_route(ui_root, None, droute_fda['network_connection'], droute_fda['gateway'], ns_ui.defaultRoute) # Additional routes add_route_fda = toplevel_fda.descend('ar_group') uidatahelpers.save_dynamic_list_to_rdf(ui_root, ns_ui.routes, ns_ui.Route, add_route_fda, _save_additional_route_to_rdf) # Source routing (forced routing) source_fda = toplevel_fda.descend('sr_group') if source_fda['source_routing_selection'] == 'off': ui_root.removeNodes(ns_ui.sourceRouting) elif source_fda['source_routing_selection'] == 'on': uidatahelpers.create_rdf_route(ui_root, None, source_fda['network_connection'], source_fda['gateway'], ns_ui.sourceRouting) else: raise uidatahelpers.FormDataError('Forced routing is neither on nor off.') # PPP firewall rules fwrule_fda = toplevel_fda.descend('fwrule_group') uidatahelpers.save_dynamic_list_to_rdf(ui_root, ns_ui.pppFirewallRules, ns_ui.PppFirewallRule, fwrule_fda, _save_ppp_firewall_rule_to_rdf)
def save_user_list(self, ctx, form, data, userpw_dict): def _save_user_to_rdf(user, fda): username = fda['username'] user.setS(ns_ui.username, rdf.String, username) # Password is tricky; we look up the previous config, and if a user # of this name existed and it had a password, use that password unless # a new one is specified. This is not perfect, but at least it works # correctly w.r.t. changed username. Note however that we do not track # user identity as such across a name change: if admin removes user XYZ # and adds a new user with name XYZ (with empty password field), that # user will simply inherit the older user XYZ password. if fda.has_key('password') and (fda['password'] is not None) and ( fda['password'] != ''): # set hashed password entries uihelpers.set_user_password_hashes(user, fda['password']) else: if userpw_dict.has_key(username): password_plain, password_md5, password_nt = userpw_dict[ username] user.setS(ns_ui.passwordMd5, rdf.String, password_md5) user.setS(ns_ui.passwordNtHash, rdf.String, password_nt) user.removeNodes(ns_ui.password) else: # this should not happen; log but don't fail badly _log.error( 'no password in form or userpw dict, should not happen' ) user.setS(ns_ui.password, rdf.String, '') uidatahelpers.save_optional_field_to_rdf(user, ns_ui.fixedIp, rdf.IPv4Address, fda, 'fixed_ip') user.setS(ns_ui.adminRights, rdf.Boolean, fda['admin_rights']) user.setS(ns_ui.vpnRights, rdf.Boolean, fda['vpn_rights']) ui_root = helpers.get_new_ui_config() fda = formalutils.FormDataAccessor(form, ['userlist_group'], ctx) uidatahelpers.save_dynamic_list_to_rdf(ui_root, ns_ui.users, ns_ui.User, fda, _save_user_to_rdf)
def save_s2s_list_data(self, ctx, form, data): def _save_connection(conn, fda): conn.setS(ns_ui.username, rdf.String, fda['s2s_username']) conn.setS(ns_ui.password, rdf.String, fda['s2s_password']) uidatahelpers.save_subnet_list_to_rdf(conn, ns_ui.subnetList, fda, 's2s_subnets') mode = fda['s2s_mode'] if mode == 'client': conn.setS(ns_ui.mode, rdf.String, 'client') conn.setS(ns_ui.preSharedKey, rdf.String, fda['s2s_psk']) conn.setS(ns_ui.serverAddress, rdf.String, fda['s2s_server']) elif mode == 'server': conn.setS(ns_ui.mode, rdf.String, 'server') else: raise Exception('unknown mode: %s' % mode) ui_root = helpers.get_new_ui_config() fda = formalutils.FormDataAccessor(form, ['s2s_connections'], ctx) uidatahelpers.save_dynamic_list_to_rdf(ui_root, ns_ui.siteToSiteConnections, ns_ui.SiteToSiteConnection, fda, _save_connection)
def save_radius(self, ctx, form, data): ui_root = helpers.get_new_ui_config() fda = formalutils.FormDataAccessor(form, ['radius'], ctx) val = '' if fda.has_key('server1') and fda['server1'] is not None: val = fda['server1'] ui_root.setS(ns_ui.radiusPrimaryServer, rdf.String, val) val = 1812 if fda.has_key('serverport1') and fda['serverport1'] is not None: val = fda['serverport1'] ui_root.setS(ns_ui.radiusPrimaryServerPort, rdf.Integer, val) val = '' if fda.has_key('secret1') and fda['secret1'] is not None: val = fda['secret1'] ui_root.setS(ns_ui.radiusPrimarySecret, rdf.String, val) val = '' if fda.has_key('server2') and fda['server2'] is not None: val = fda['server2'] ui_root.setS(ns_ui.radiusSecondaryServer, rdf.String, val) val = 1812 if fda.has_key('serverport2') and fda['serverport2'] is not None: val = fda['serverport2'] ui_root.setS(ns_ui.radiusSecondaryServerPort, rdf.Integer, val) val = '' if fda.has_key('secret2') and fda['secret2'] is not None: val = fda['secret2'] ui_root.setS(ns_ui.radiusSecondarySecret, rdf.String, val) val = '' if fda.has_key('nasidentifier') and fda['nasidentifier'] is not None: val = fda['nasidentifier'] ui_root.setS(ns_ui.radiusNasIdentifier, rdf.String, val)
def save_user_list(self, ctx, form, data, userpw_dict): def _save_user_to_rdf(user, fda): username = fda['username'] user.setS(ns_ui.username, rdf.String, username) # Password is tricky; we look up the previous config, and if a user # of this name existed and it had a password, use that password unless # a new one is specified. This is not perfect, but at least it works # correctly w.r.t. changed username. Note however that we do not track # user identity as such across a name change: if admin removes user XYZ # and adds a new user with name XYZ (with empty password field), that # user will simply inherit the older user XYZ password. if fda.has_key('password') and (fda['password'] is not None) and (fda['password'] != ''): # set hashed password entries uihelpers.set_user_password_hashes(user, fda['password']) else: if userpw_dict.has_key(username): password_plain, password_md5, password_nt = userpw_dict[username] user.setS(ns_ui.passwordMd5, rdf.String, password_md5) user.setS(ns_ui.passwordNtHash, rdf.String, password_nt) user.removeNodes(ns_ui.password) else: # this should not happen; log but don't fail badly _log.error('no password in form or userpw dict, should not happen') user.setS(ns_ui.password, rdf.String, '') uidatahelpers.save_optional_field_to_rdf(user, ns_ui.fixedIp, rdf.IPv4Address, fda, 'fixed_ip') user.setS(ns_ui.adminRights, rdf.Boolean, fda['admin_rights']) user.setS(ns_ui.vpnRights, rdf.Boolean, fda['vpn_rights']) ui_root = helpers.get_new_ui_config() fda = formalutils.FormDataAccessor(form, ['userlist_group'], ctx) uidatahelpers.save_dynamic_list_to_rdf(ui_root, ns_ui.users, ns_ui.User, fda, _save_user_to_rdf)
def submitted(self, ctx, form, data): fda = formalutils.FormDataAccessor(form, [], ctx) pd = uidatahelpers.CreateProtocolData() # Save collapsed states first, so they feed back to next round for [rdf_uri, key] in [[ns_ui.collapseLicense, 'license_group'], [ns_ui.collapseLocale, 'locale_group'], [ns_ui.collapseProductMaintenance, 'reboot_group'], [ns_ui.collapseSnmp, 'snmp_group'], [ns_ui.collapseRemoteManagement, 'remote_group'], [ns_ui.collapseSslCertificate, 'ssl_group']]: try: # XXX: passing of the hidden _collapsedstate_ parameter is not too clean uihelpers.update_collapse_setting( rdf_uri, fda['%s._collapsedstate_' % key]) except: _log.exception('error updating collapsed state for %s' % rdf_uri) try: # global canonicalization tmp = fda.descend('license_group') if tmp.has_key('license_key') and (tmp['license_key'] is not None): tmp['license_key'] = tmp['license_key'].upper().strip() # global validation tmp = fda.descend('license_group') if tmp.has_key('license_key') and (tmp['license_key'] is not None): val, grps = None, None try: val, grps = licensekey.decode_license(tmp['license_key']) except: _log.exception('license decoding failed') if val is None: tmp.add_error('license_key', 'Invalid license key') tmp = fda.descend('remote_group') if tmp.has_key('root_password1') and tmp.has_key('root_password2'): pw1, pw2 = tmp['root_password1'], tmp['root_password2'] if pw1 is None: pw1 = '' if pw2 is None: pw2 = '' if pw1 != pw2: tmp.add_error('root_password1', 'Passwords do not match') tmp.add_error('root_password2', 'Passwords do not match') else: if not helpers.check_unix_password_characters(pw1): tmp.add_error('root_password1', 'Invalid characters in password') tmp.add_error('root_password2', 'Invalid characters in password') tmp = fda.descend('snmp_group') if tmp.has_key( 'snmp_community') and tmp['snmp_community'] is not None: if not uihelpers.check_snmp_community_characters( tmp['snmp_community']): tmp.add_error('snmp_community', 'Invalid characters') # # XXX -- How to validate SSL certificates reliably? Currently invalid # certificate / key causes VPNease to use self-signed version so it's # relatively OK. # # # XXX -- admin smtp setting validation & normalization # # Intermediate early bail out to avoid saving if there are errors fda.finalize_validation() # Deep copy UI config to 'new' UI config pd.clone_ui_config() # save data self.save_ui_data(ctx, form, data) # re-create protocol data to see if new exceptions crop up pd.save_protocol_data() except: _log.exception( 'validation failed unexpectedly, adding global error') fda.add_global_error('Unknown validation error') # finalize; raises if something wrong fda.finalize_validation() # locale settings are handled directly cfg_ui = helpers.get_new_ui_config() try: cfg_ui.setS(ns_ui.timezone, rdf.String, fda['locale_group.timezone']) cfg_ui.setS(ns_ui.keymap, rdf.String, fda['locale_group.keymap']) gnomeconfig.set_keymap_settings( cfg_ui.getS(ns_ui.keymap, rdf.String)) except: _log.exception('activating timezone and keymap settings failed') # same with root password try: tmp = fda.descend('remote_group') if tmp.has_key('root_password1') and tmp.has_key('root_password2'): pw1, pw2 = tmp['root_password1'], tmp['root_password2'] if (pw1 == '') and (pw2 == ''): pass elif (pw1 == None) and (pw2 == None): pass elif pw1 == pw2: # change password; we assume it converts to ascii nicely helpers.change_unix_password('root', str(pw1)) else: # should not come here _log.error('passwords differ after validation, ignoring') except: _log.exception('changing root password failed') # activate new config pd.activate_protocol_data() # update initial config saved flag pd.update_initial_config_saved() # # XXX: It would be cleaner if we could first stop the runner, then change the # config, and then restart it. If we do that with a deferred, then it is possible # that the user changes the config again before we have time to activate it. # Putting the config into some sort of "staging area" might help. Currently we # simply assume that runner stop (and start) are robust enough. # # # XXX: If timezone has changed, we should re-render graphs immediately so they # will have the correct timezone when status pages are loaded. # # ssl certificate - always rewrite here try: uihelpers.update_ssl_certificate_files() # reread files; we don't regenerate because we never overwrite the self-signed # certificate here self.master.reread_ssl_files() except: _log.exception('ssl certificate check failed') # stop, configure, start followup = uihelpers.build_uri(ctx, 'status/main.html') return uihelpers.reconfigure_and_restart_page(self.master, ctx, followup_uri=followup)
def save_ui_data(self, ctx, form, data): fda = formalutils.FormDataAccessor(form, [], ctx) ui_root = helpers.get_new_ui_config() # XXX: this should probably be refactored to uihelpers, in conjunction # with the access control element def _set_access(ns_pub, ns_priv, val): _log.debug('_set_access: %s' % val) if val == 'both': ui_root.setS(ns_pub, rdf.Boolean, True) ui_root.setS(ns_priv, rdf.Boolean, True) elif val == 'public': ui_root.setS(ns_pub, rdf.Boolean, True) ui_root.setS(ns_priv, rdf.Boolean, False) elif val == 'private': ui_root.setS(ns_pub, rdf.Boolean, False) ui_root.setS(ns_priv, rdf.Boolean, True) else: ui_root.setS(ns_pub, rdf.Boolean, False) ui_root.setS(ns_priv, rdf.Boolean, False) tmp = fda.descend('license_group') if tmp.has_key('license_key') and tmp['license_key'] is not None: lic_key = tmp['license_key'].upper() ui_root.setS(ns_ui.licenseKey, rdf.String, lic_key) else: # empty field (None) => clear product license ui_root.setS(ns_ui.licenseKey, rdf.String, '') tmp = fda.descend('locale_group') tmp = fda.descend('reboot_group') ui_root.setS(ns_ui.periodicRebootDay, rdf.Integer, tmp['reboot_day']) ui_root.setS(ns_ui.periodicRebootTime, rdf.Integer, tmp['reboot_time']) ui_root.setS(ns_ui.automaticUpdates, rdf.Boolean, tmp['automatic_updates']) tmp = fda.descend('snmp_group') _set_access(ns_ui.snmpAccessPublic, ns_ui.snmpAccessPrivate, tmp['snmp_access']) if tmp.has_key('snmp_community') and tmp['snmp_community'] is not None: ui_root.setS(ns_ui.snmpCommunity, rdf.String, tmp['snmp_community']) else: ui_root.setS(ns_ui.snmpCommunity, rdf.String, '') tmp = fda.descend('remote_group') _set_access(ns_ui.webAccessPublic, ns_ui.webAccessPrivate, tmp['www_administration']) _set_access(ns_ui.sshAccessPublic, ns_ui.sshAccessPrivate, tmp['ssh_connection']) tmp = fda.descend('ssl_group') if tmp.has_key('ssl_certificate_chain' ) and tmp['ssl_certificate_chain'] is not None: ui_root.setS(ns_ui.publicSslCertificateChain, rdf.String, tmp['ssl_certificate_chain']) else: ui_root.setS(ns_ui.publicSslCertificateChain, rdf.String, '') if tmp.has_key( 'ssl_private_key') and tmp['ssl_private_key'] is not None: ui_root.setS(ns_ui.publicSslPrivateKey, rdf.String, tmp['ssl_private_key']) else: ui_root.setS(ns_ui.publicSslPrivateKey, rdf.String, '')
def save_network_data(self, ctx, form, data): def _save_ip_address(rdf_node, fda): if fda['ip_address_selection'] == 'dhcp': rdf_node.setS(ns_ui.address, rdf.Type(ns_ui.DhcpAddress)) elif fda['ip_address_selection'] == 'static': static_node = rdf_node.setS(ns_ui.address, rdf.Type(ns_ui.StaticAddress)) static_node.setS(ns_ui.ipAddress, rdf.IPv4Address, fda['ip_address']) static_node.setS(ns_ui.subnetMask, rdf.IPv4Address, fda['subnet_mask']) else: raise uidatahelpers.FormDataError( 'ip_address_selection is neither dhcp nor static') def _save_client_traffic(rdf_node, fda): client_nat = False client_proxy = False if fda['client_traffic'] == 'nat': client_nat = True elif fda['client_traffic'] == 'proxyarp': client_proxy = True rdf_node.setS(ns_ui.clientConnectionNat, rdf.Boolean, client_nat) rdf_node.setS(ns_ui.clientConnectionProxyArp, rdf.Boolean, client_proxy) fda = formalutils.FormDataAccessor(form, [], ctx) ui_root = helpers.get_new_ui_config() # Interface count ic_root = ui_root.setS(ns_ui.internetConnection, rdf.Type(ns_ui.NetworkConnection)) if fda['ifcount_group.interface_count'] == 'oneif': ui_root.removeNodes(ns_ui.privateNetworkConnection) pn_root = None elif fda['ifcount_group.interface_count'] == 'twoif': pn_root = ui_root.setS(ns_ui.privateNetworkConnection, rdf.Type(ns_ui.NetworkConnection)) else: raise uidatahelpers.FormDataError( 'interface_count is neither oneif nor twoif.') # Internet connection ic_fda = fda.descend('ic_group') ic_root.setS(ns_ui.interface, rdf.String, ic_fda['if']) _save_ip_address(ic_root, ic_fda) uidatahelpers.save_optional_field_to_rdf(ic_root, ns_ui.defaultGateway, rdf.IPv4Address, ic_fda, 'default_gateway') ic_root.setS(ns_ui.mtu, rdf.Integer, int(ic_fda['mtu'])) uidatahelpers.save_optional_field_to_rdf(ic_root, ns_ui.vpnUplink, rdf.Float, ic_fda, 'uplink') _save_client_traffic(ic_root, ic_fda) # Private network connection, fill if exists. if not (pn_root is None): pn_fda = fda.descend('pn_group') pn_root.setS(ns_ui.interface, rdf.String, pn_fda['if']) _save_ip_address(pn_root, pn_fda) uidatahelpers.save_optional_field_to_rdf(pn_root, ns_ui.defaultGateway, rdf.IPv4Address, pn_fda, 'default_gateway') _save_client_traffic(pn_root, pn_fda) # DNS Servers dns_fda = fda.descend('dns_group') if dns_fda['dns_selection'] == 'use_dhcp_ic': dns_root = ui_root.setS(ns_ui.dnsServers, rdf.Type(ns_ui.InternetConnectionDhcp)) elif dns_fda['dns_selection'] == 'use_dhcp_pn': dns_root = ui_root.setS( ns_ui.dnsServers, rdf.Type(ns_ui.PrivateNetworkConnectionDhcp)) elif dns_fda['dns_selection'] == 'set_manually': dns_root = ui_root.setS(ns_ui.dnsServers, rdf.Type(ns_ui.SetDnsServers)) # XXX: dns_1 is not really optional here; we should not save dns_2 if we don't have dns_1, it makes no sense uidatahelpers.save_optional_field_to_rdf(dns_root, ns_ui.primaryDns, rdf.IPv4Address, dns_fda, 'dns_1') uidatahelpers.save_optional_field_to_rdf(dns_root, ns_ui.secondaryDns, rdf.IPv4Address, dns_fda, 'dns_2') # Dyndns ddns_fda = fda.descend('ddns_group') if uidatahelpers.has_form_value(ddns_fda, 'ddns_provider') and \ (ddns_fda['ddns_provider'] != 'none'): ddns_root = ui_root.setS(ns_ui.dynDnsServer, rdf.Type(ns_ui.DynDnsServer)) ddns_root.setS(ns_ui.dynDnsProvider, rdf.String, ddns_fda['ddns_provider']) ddns_root.setS(ns_ui.dynDnsUsername, rdf.String, ddns_fda['ddns_username']) ddns_root.setS(ns_ui.dynDnsPassword, rdf.String, ddns_fda['ddns_password']) ddns_root.setS(ns_ui.dynDnsHostname, rdf.String, ddns_fda['ddns_hostname']) tmp = ddns_fda['ddns_address_type'] if tmp == 'interface': ddns_root.setS(ns_ui.dynDnsAddress, rdf.String, '') elif tmp == 'natted': ddns_root.setS(ns_ui.dynDnsAddress, rdf.String, 'natted') elif tmp == 'static': if (ddns_fda.has_key('ddns_address')) and \ (ddns_fda['ddns_address'] is not None) and \ (ddns_fda['ddns_address'] != ''): ddns_root.setS(ns_ui.dynDnsAddress, rdf.String, ddns_fda['ddns_address']) else: ddns_root.setS(ns_ui.dynDnsAddress, rdf.String, '') else: ui_root.removeNodes(ns_ui.dynDnsServer)
def save_routes_data(self, ctx, form, data): def _save_additional_route_to_rdf(rdf_node, fda): uidatahelpers.create_rdf_route(rdf_node, fda['subnet'], fda['network_connection'], fda['gateway'], ns_ui.route) def _save_ppp_firewall_rule_to_rdf(rdf_node, fda): if isinstance(fda['ip_subnet'], datatypes.IPv4Address): rdf_node.setS(ns_ui.ipAddress, rdf.IPv4Address, fda['ip_subnet']) elif isinstance(fda['ip_subnet'], datatypes.IPv4Subnet): rdf_node.setS(ns_ui.subnet, rdf.IPv4Subnet, fda['ip_subnet']) else: raise uidatahelpers.FormDataError( 'Firewall rule IP/subnet is neither IPv4Address nor IPv4Subnet' ) if fda['protocol'] == 'any': pass else: rdf_node.setS(ns_ui.protocol, rdf.String, fda['protocol']) uidatahelpers.save_optional_field_to_rdf(rdf_node, ns_ui.port, rdf.Integer, fda, 'port') rdf_node.setS(ns_ui.action, rdf.String, fda['action']) toplevel_fda = formalutils.FormDataAccessor(form, [], ctx) ui_root = helpers.get_new_ui_config() # Default route droute_fda = toplevel_fda.descend('dr_group') uidatahelpers.create_rdf_route(ui_root, None, droute_fda['network_connection'], droute_fda['gateway'], ns_ui.defaultRoute) # Additional routes add_route_fda = toplevel_fda.descend('ar_group') uidatahelpers.save_dynamic_list_to_rdf(ui_root, ns_ui.routes, ns_ui.Route, add_route_fda, _save_additional_route_to_rdf) # Source routing (forced routing) source_fda = toplevel_fda.descend('sr_group') if source_fda['source_routing_selection'] == 'off': ui_root.removeNodes(ns_ui.sourceRouting) elif source_fda['source_routing_selection'] == 'on': uidatahelpers.create_rdf_route(ui_root, None, source_fda['network_connection'], source_fda['gateway'], ns_ui.sourceRouting) else: raise uidatahelpers.FormDataError( 'Forced routing is neither on nor off.') # PPP firewall rules fwrule_fda = toplevel_fda.descend('fwrule_group') uidatahelpers.save_dynamic_list_to_rdf(ui_root, ns_ui.pppFirewallRules, ns_ui.PppFirewallRule, fwrule_fda, _save_ppp_firewall_rule_to_rdf)
def submitted(self, ctx, form, data): fda = formalutils.FormDataAccessor(form, [], ctx) pd = uidatahelpers.CreateProtocolData() # Save collapsed states first, so they feed back to next round for [rdf_uri, key] in [ [ ns_ui.collapseLicense, 'license_group' ], [ ns_ui.collapseLocale, 'locale_group' ], [ ns_ui.collapseProductMaintenance, 'reboot_group' ], [ ns_ui.collapseSnmp, 'snmp_group' ], [ ns_ui.collapseRemoteManagement, 'remote_group' ], [ ns_ui.collapseSslCertificate, 'ssl_group' ] ]: try: # XXX: passing of the hidden _collapsedstate_ parameter is not too clean uihelpers.update_collapse_setting(rdf_uri, fda['%s._collapsedstate_' % key]) except: _log.exception('error updating collapsed state for %s' % rdf_uri) try: # global canonicalization tmp = fda.descend('license_group') if tmp.has_key('license_key') and (tmp['license_key'] is not None): tmp['license_key'] = tmp['license_key'].upper().strip() # global validation tmp = fda.descend('license_group') if tmp.has_key('license_key') and (tmp['license_key'] is not None): val, grps = None, None try: val, grps = licensekey.decode_license(tmp['license_key']) except: _log.exception('license decoding failed') if val is None: tmp.add_error('license_key', 'Invalid license key') tmp = fda.descend('remote_group') if tmp.has_key('root_password1') and tmp.has_key('root_password2'): pw1, pw2 = tmp['root_password1'], tmp['root_password2'] if pw1 is None: pw1 = '' if pw2 is None: pw2 = '' if pw1 != pw2: tmp.add_error('root_password1', 'Passwords do not match') tmp.add_error('root_password2', 'Passwords do not match') else: if not helpers.check_unix_password_characters(pw1): tmp.add_error('root_password1', 'Invalid characters in password') tmp.add_error('root_password2', 'Invalid characters in password') tmp = fda.descend('snmp_group') if tmp.has_key('snmp_community') and tmp['snmp_community'] is not None: if not uihelpers.check_snmp_community_characters(tmp['snmp_community']): tmp.add_error('snmp_community', 'Invalid characters') # # XXX -- How to validate SSL certificates reliably? Currently invalid # certificate / key causes VPNease to use self-signed version so it's # relatively OK. # # # XXX -- admin smtp setting validation & normalization # # Intermediate early bail out to avoid saving if there are errors fda.finalize_validation() # Deep copy UI config to 'new' UI config pd.clone_ui_config() # save data self.save_ui_data(ctx, form, data) # re-create protocol data to see if new exceptions crop up pd.save_protocol_data() except: _log.exception('validation failed unexpectedly, adding global error') fda.add_global_error('Unknown validation error') # finalize; raises if something wrong fda.finalize_validation() # locale settings are handled directly cfg_ui = helpers.get_new_ui_config() try: cfg_ui.setS(ns_ui.timezone, rdf.String, fda['locale_group.timezone']) cfg_ui.setS(ns_ui.keymap, rdf.String, fda['locale_group.keymap']) gnomeconfig.set_keymap_settings(cfg_ui.getS(ns_ui.keymap, rdf.String)) except: _log.exception('activating timezone and keymap settings failed') # same with root password try: tmp = fda.descend('remote_group') if tmp.has_key('root_password1') and tmp.has_key('root_password2'): pw1, pw2 = tmp['root_password1'], tmp['root_password2'] if (pw1 == '') and (pw2 == ''): pass elif (pw1 == None) and (pw2 == None): pass elif pw1 == pw2: # change password; we assume it converts to ascii nicely helpers.change_unix_password('root', str(pw1)) else: # should not come here _log.error('passwords differ after validation, ignoring') except: _log.exception('changing root password failed') # activate new config pd.activate_protocol_data() # update initial config saved flag pd.update_initial_config_saved() # # XXX: It would be cleaner if we could first stop the runner, then change the # config, and then restart it. If we do that with a deferred, then it is possible # that the user changes the config again before we have time to activate it. # Putting the config into some sort of "staging area" might help. Currently we # simply assume that runner stop (and start) are robust enough. # # # XXX: If timezone has changed, we should re-render graphs immediately so they # will have the correct timezone when status pages are loaded. # # ssl certificate - always rewrite here try: uihelpers.update_ssl_certificate_files() # reread files; we don't regenerate because we never overwrite the self-signed # certificate here self.master.reread_ssl_files() except: _log.exception('ssl certificate check failed') # stop, configure, start followup = uihelpers.build_uri(ctx, 'status/main.html') return uihelpers.reconfigure_and_restart_page(self.master, ctx, followup_uri=followup)
def save_network_data(self, ctx, form, data): def _save_ip_address(rdf_node, fda): if fda['ip_address_selection'] == 'dhcp': rdf_node.setS(ns_ui.address, rdf.Type(ns_ui.DhcpAddress)) elif fda['ip_address_selection'] == 'static': static_node = rdf_node.setS(ns_ui.address, rdf.Type(ns_ui.StaticAddress)) static_node.setS(ns_ui.ipAddress, rdf.IPv4Address, fda['ip_address']) static_node.setS(ns_ui.subnetMask, rdf.IPv4Address, fda['subnet_mask']) else: raise uidatahelpers.FormDataError('ip_address_selection is neither dhcp nor static') def _save_client_traffic(rdf_node, fda): client_nat = False client_proxy = False if fda['client_traffic'] == 'nat': client_nat = True elif fda['client_traffic'] == 'proxyarp': client_proxy = True rdf_node.setS(ns_ui.clientConnectionNat, rdf.Boolean, client_nat) rdf_node.setS(ns_ui.clientConnectionProxyArp, rdf.Boolean, client_proxy) fda = formalutils.FormDataAccessor(form, [], ctx) ui_root = helpers.get_new_ui_config() # Interface count ic_root = ui_root.setS(ns_ui.internetConnection, rdf.Type(ns_ui.NetworkConnection)) if fda['ifcount_group.interface_count'] == 'oneif': ui_root.removeNodes(ns_ui.privateNetworkConnection) pn_root = None elif fda['ifcount_group.interface_count'] == 'twoif': pn_root = ui_root.setS(ns_ui.privateNetworkConnection, rdf.Type(ns_ui.NetworkConnection)) else: raise uidatahelpers.FormDataError('interface_count is neither oneif nor twoif.') # Internet connection ic_fda = fda.descend('ic_group') ic_root.setS(ns_ui.interface, rdf.String, ic_fda['if']) _save_ip_address(ic_root, ic_fda) uidatahelpers.save_optional_field_to_rdf(ic_root, ns_ui.defaultGateway, rdf.IPv4Address, ic_fda, 'default_gateway') ic_root.setS(ns_ui.mtu, rdf.Integer, int(ic_fda['mtu'])) uidatahelpers.save_optional_field_to_rdf(ic_root, ns_ui.vpnUplink, rdf.Float, ic_fda, 'uplink') _save_client_traffic(ic_root, ic_fda) # Private network connection, fill if exists. if not(pn_root is None): pn_fda = fda.descend('pn_group') pn_root.setS(ns_ui.interface, rdf.String, pn_fda['if']) _save_ip_address(pn_root, pn_fda) uidatahelpers.save_optional_field_to_rdf(pn_root, ns_ui.defaultGateway, rdf.IPv4Address, pn_fda, 'default_gateway') _save_client_traffic(pn_root, pn_fda) # DNS Servers dns_fda = fda.descend('dns_group') if dns_fda['dns_selection'] == 'use_dhcp_ic': dns_root = ui_root.setS(ns_ui.dnsServers, rdf.Type(ns_ui.InternetConnectionDhcp)) elif dns_fda['dns_selection'] == 'use_dhcp_pn': dns_root = ui_root.setS(ns_ui.dnsServers, rdf.Type(ns_ui.PrivateNetworkConnectionDhcp)) elif dns_fda['dns_selection'] == 'set_manually': dns_root = ui_root.setS(ns_ui.dnsServers, rdf.Type(ns_ui.SetDnsServers)) # XXX: dns_1 is not really optional here; we should not save dns_2 if we don't have dns_1, it makes no sense uidatahelpers.save_optional_field_to_rdf(dns_root, ns_ui.primaryDns, rdf.IPv4Address, dns_fda, 'dns_1') uidatahelpers.save_optional_field_to_rdf(dns_root, ns_ui.secondaryDns, rdf.IPv4Address, dns_fda, 'dns_2') # Dyndns ddns_fda = fda.descend('ddns_group') if uidatahelpers.has_form_value(ddns_fda, 'ddns_provider') and \ (ddns_fda['ddns_provider'] != 'none'): ddns_root = ui_root.setS(ns_ui.dynDnsServer, rdf.Type(ns_ui.DynDnsServer)) ddns_root.setS(ns_ui.dynDnsProvider, rdf.String, ddns_fda['ddns_provider']) ddns_root.setS(ns_ui.dynDnsUsername, rdf.String, ddns_fda['ddns_username']) ddns_root.setS(ns_ui.dynDnsPassword, rdf.String, ddns_fda['ddns_password']) ddns_root.setS(ns_ui.dynDnsHostname, rdf.String, ddns_fda['ddns_hostname']) tmp = ddns_fda['ddns_address_type'] if tmp == 'interface': ddns_root.setS(ns_ui.dynDnsAddress, rdf.String, '') elif tmp == 'natted': ddns_root.setS(ns_ui.dynDnsAddress, rdf.String, 'natted') elif tmp == 'static': if (ddns_fda.has_key('ddns_address')) and \ (ddns_fda['ddns_address'] is not None) and \ (ddns_fda['ddns_address'] != ''): ddns_root.setS(ns_ui.dynDnsAddress, rdf.String, ddns_fda['ddns_address']) else: ddns_root.setS(ns_ui.dynDnsAddress, rdf.String, '') else: ui_root.removeNodes(ns_ui.dynDnsServer)