def submitted(self, ctx, form, data):
fda = formalutils.FormDataAccessor(form, [], ctx)
pd = uidatahelpers.CreateProtocolData()
# Save collapsed states first, so they feed back to next round
for [rdf_uri, key] in [ [ ns_ui.collapseRadius, 'radius' ] ]:
try:
# XXX: passing of the hidden _collapsedstate_ parameter is not too clean
uihelpers.update_collapse_setting(rdf_uri, fda['%s._collapsedstate_' % key])
except:
_log.exception('error updating collapsed state for %s' % rdf_uri)
old_radius_info = None
new_radius_info = None
try:
# Pre-step: collect usernames and passwords in previous config; we'll need
# them to deal with password changing correctly.
userpw_dict = uihelpers.get_user_password_dict()
# Basic validation
fda = formalutils.FormDataAccessor(form, ['userlist_group'], ctx)
self._validate_users(ctx, form, data, userpw_dict)
self._validate_radius(ctx, form, data)
# Intermediate early bail out to avoid saving if there are errors
fda.finalize_validation()
# Get old runner-critical RADIUS info for comparison
old_radius_info = self._get_radius_info(new_ui_config=False)
# Deep copy UI config to 'new' UI config
pd.clone_ui_config()
# Save form data to rdf database
self.save_radius(ctx, form, data)
self.save_user_list(ctx, form, data, userpw_dict)
# Get new runner-critical RADIUS info for comparison
new_radius_info = self._get_radius_info(new_ui_config=True)
# Save protocol data and finalize validation
pd.save_protocol_data()
except:
_log.exception('validation failed unexpectedly, adding global error')
fda.add_global_error('Unknown validation error')
fda.finalize_validation()
# Check whether a full restart is required or not; although we can edit user
# information without a full restart (in which case FreeRADIUS is reconfigured
# and restarted), we can't add, remote, or edit RADIUS server addresses because
# runner would not get the new server information to its monitoring list.
_log.debug('old radius info: %s, new radius info: %s' % (old_radius_info, new_radius_info))
full_restart_required = (old_radius_info != new_radius_info)
if full_restart_required:
_log.info('radius servers changed, full restart required')
# Activate new config
pd.activate_protocol_data()
# Update initial config saved flag
pd.update_initial_config_saved()
#
# XXX: It would be cleaner if we could first stop the runner, then change the
# config, and then restart it. If we do that with a deferred, then it is possible
# that the user changes the config again before we have time to activate it.
# Putting the config into some sort of "staging area" might help. Currently we
# simply assume that runner stop (and start) are robust enough.
#
# stop, configure, start
followup = uihelpers.build_uri(ctx, 'status/main.html')
return uihelpers.reconfigure_and_restart_page(self.master, ctx, followup_uri=followup)
else:
_log.info('radius servers not changed, only freeradius restart')
# Nuke unwanted PPP connections first time here, so their corresponding
# protocol config is intact, leading to a clean teardown.
try:
pd.recheck_and_drop_ppp_connections()
except:
_log.exception('ppp device recheck failed')
# Activate new config
# XXX - just change user data here?
pd.activate_protocol_data()
# Update initial config saved flag
pd.update_initial_config_saved()
try:
pd.restart_freeradius() # needs protocol config in place
except:
_log.exception('freeradius restart failed')
# Check again for unwanted PPP devices; teardowns here will currently be ugly
try:
pd.recheck_and_drop_ppp_connections()
except:
_log.exception('ppp device recheck failed')
# just a fake activation page
followup = uihelpers.build_uri(ctx, 'status/main.html')
return uihelpers.reconfigure_page(self.master, ctx, followup_uri=followup)
def submitted(self, ctx, form, data):
fda = formalutils.FormDataAccessor(form, [], ctx)
pd = uidatahelpers.CreateProtocolData()
# Save collapsed states first, so they feed back to next round
for [rdf_uri, key] in [[ns_ui.collapseRadius, 'radius']]:
try:
# XXX: passing of the hidden _collapsedstate_ parameter is not too clean
uihelpers.update_collapse_setting(
rdf_uri, fda['%s._collapsedstate_' % key])
except:
_log.exception('error updating collapsed state for %s' %
rdf_uri)
old_radius_info = None
new_radius_info = None
try:
# Pre-step: collect usernames and passwords in previous config; we'll need
# them to deal with password changing correctly.
userpw_dict = uihelpers.get_user_password_dict()
# Basic validation
fda = formalutils.FormDataAccessor(form, ['userlist_group'], ctx)
self._validate_users(ctx, form, data, userpw_dict)
self._validate_radius(ctx, form, data)
# Intermediate early bail out to avoid saving if there are errors
fda.finalize_validation()
# Get old runner-critical RADIUS info for comparison
old_radius_info = self._get_radius_info(new_ui_config=False)
# Deep copy UI config to 'new' UI config
pd.clone_ui_config()
# Save form data to rdf database
self.save_radius(ctx, form, data)
self.save_user_list(ctx, form, data, userpw_dict)
# Get new runner-critical RADIUS info for comparison
new_radius_info = self._get_radius_info(new_ui_config=True)
# Save protocol data and finalize validation
pd.save_protocol_data()
except:
_log.exception(
'validation failed unexpectedly, adding global error')
fda.add_global_error('Unknown validation error')
fda.finalize_validation()
# Check whether a full restart is required or not; although we can edit user
# information without a full restart (in which case FreeRADIUS is reconfigured
# and restarted), we can't add, remote, or edit RADIUS server addresses because
# runner would not get the new server information to its monitoring list.
_log.debug('old radius info: %s, new radius info: %s' %
(old_radius_info, new_radius_info))
full_restart_required = (old_radius_info != new_radius_info)
if full_restart_required:
_log.info('radius servers changed, full restart required')
# Activate new config
pd.activate_protocol_data()
# Update initial config saved flag
pd.update_initial_config_saved()
#
# XXX: It would be cleaner if we could first stop the runner, then change the
# config, and then restart it. If we do that with a deferred, then it is possible
# that the user changes the config again before we have time to activate it.
# Putting the config into some sort of "staging area" might help. Currently we
# simply assume that runner stop (and start) are robust enough.
#
# stop, configure, start
followup = uihelpers.build_uri(ctx, 'status/main.html')
return uihelpers.reconfigure_and_restart_page(
self.master, ctx, followup_uri=followup)
else:
_log.info('radius servers not changed, only freeradius restart')
# Nuke unwanted PPP connections first time here, so their corresponding
# protocol config is intact, leading to a clean teardown.
try:
pd.recheck_and_drop_ppp_connections()
except:
_log.exception('ppp device recheck failed')
# Activate new config
# XXX - just change user data here?
pd.activate_protocol_data()
# Update initial config saved flag
pd.update_initial_config_saved()
try:
pd.restart_freeradius() # needs protocol config in place
except:
_log.exception('freeradius restart failed')
# Check again for unwanted PPP devices; teardowns here will currently be ugly
try:
pd.recheck_and_drop_ppp_connections()
except:
_log.exception('ppp device recheck failed')
# just a fake activation page
followup = uihelpers.build_uri(ctx, 'status/main.html')
return uihelpers.reconfigure_page(self.master,
ctx,
followup_uri=followup)
def submitted(self, ctx, form, data):
fda = formalutils.FormDataAccessor(form, [], ctx)
pd = uidatahelpers.CreateProtocolData()
# Save collapsed states first, so they feed back to next round
for [rdf_uri,
key] in [[ns_ui.collapseLicense, 'license_group'],
[ns_ui.collapseLocale, 'locale_group'],
[ns_ui.collapseProductMaintenance, 'reboot_group'],
[ns_ui.collapseSnmp, 'snmp_group'],
[ns_ui.collapseRemoteManagement, 'remote_group'],
[ns_ui.collapseSslCertificate, 'ssl_group']]:
try:
# XXX: passing of the hidden _collapsedstate_ parameter is not too clean
uihelpers.update_collapse_setting(
rdf_uri, fda['%s._collapsedstate_' % key])
except:
_log.exception('error updating collapsed state for %s' %
rdf_uri)
try:
# global canonicalization
tmp = fda.descend('license_group')
if tmp.has_key('license_key') and (tmp['license_key'] is not None):
tmp['license_key'] = tmp['license_key'].upper().strip()
# global validation
tmp = fda.descend('license_group')
if tmp.has_key('license_key') and (tmp['license_key'] is not None):
val, grps = None, None
try:
val, grps = licensekey.decode_license(tmp['license_key'])
except:
_log.exception('license decoding failed')
if val is None:
tmp.add_error('license_key', 'Invalid license key')
tmp = fda.descend('remote_group')
if tmp.has_key('root_password1') and tmp.has_key('root_password2'):
pw1, pw2 = tmp['root_password1'], tmp['root_password2']
if pw1 is None:
pw1 = ''
if pw2 is None:
pw2 = ''
if pw1 != pw2:
tmp.add_error('root_password1', 'Passwords do not match')
tmp.add_error('root_password2', 'Passwords do not match')
else:
if not helpers.check_unix_password_characters(pw1):
tmp.add_error('root_password1',
'Invalid characters in password')
tmp.add_error('root_password2',
'Invalid characters in password')
tmp = fda.descend('snmp_group')
if tmp.has_key(
'snmp_community') and tmp['snmp_community'] is not None:
if not uihelpers.check_snmp_community_characters(
tmp['snmp_community']):
tmp.add_error('snmp_community', 'Invalid characters')
#
# XXX -- How to validate SSL certificates reliably? Currently invalid
# certificate / key causes VPNease to use self-signed version so it's
# relatively OK.
#
#
# XXX -- admin smtp setting validation & normalization
#
# Intermediate early bail out to avoid saving if there are errors
fda.finalize_validation()
# Deep copy UI config to 'new' UI config
pd.clone_ui_config()
# save data
self.save_ui_data(ctx, form, data)
# re-create protocol data to see if new exceptions crop up
pd.save_protocol_data()
except:
_log.exception(
'validation failed unexpectedly, adding global error')
fda.add_global_error('Unknown validation error')
# finalize; raises if something wrong
fda.finalize_validation()
# locale settings are handled directly
cfg_ui = helpers.get_new_ui_config()
try:
cfg_ui.setS(ns_ui.timezone, rdf.String,
fda['locale_group.timezone'])
cfg_ui.setS(ns_ui.keymap, rdf.String, fda['locale_group.keymap'])
gnomeconfig.set_keymap_settings(
cfg_ui.getS(ns_ui.keymap, rdf.String))
except:
_log.exception('activating timezone and keymap settings failed')
# same with root password
try:
tmp = fda.descend('remote_group')
if tmp.has_key('root_password1') and tmp.has_key('root_password2'):
pw1, pw2 = tmp['root_password1'], tmp['root_password2']
if (pw1 == '') and (pw2 == ''):
pass
elif (pw1 == None) and (pw2 == None):
pass
elif pw1 == pw2:
# change password; we assume it converts to ascii nicely
helpers.change_unix_password('root', str(pw1))
else:
# should not come here
_log.error('passwords differ after validation, ignoring')
except:
_log.exception('changing root password failed')
# activate new config
pd.activate_protocol_data()
# update initial config saved flag
pd.update_initial_config_saved()
#
# XXX: It would be cleaner if we could first stop the runner, then change the
# config, and then restart it. If we do that with a deferred, then it is possible
# that the user changes the config again before we have time to activate it.
# Putting the config into some sort of "staging area" might help. Currently we
# simply assume that runner stop (and start) are robust enough.
#
#
# XXX: If timezone has changed, we should re-render graphs immediately so they
# will have the correct timezone when status pages are loaded.
#
# ssl certificate - always rewrite here
try:
uihelpers.update_ssl_certificate_files()
# reread files; we don't regenerate because we never overwrite the self-signed
# certificate here
self.master.reread_ssl_files()
except:
_log.exception('ssl certificate check failed')
# stop, configure, start
followup = uihelpers.build_uri(ctx, 'status/main.html')
return uihelpers.reconfigure_and_restart_page(self.master,
ctx,
followup_uri=followup)
def build_uri(self, ctx, suffix):
return uihelpers.build_uri(ctx, suffix)
def submitted(self, ctx, form, data):
fda = formalutils.FormDataAccessor(form, ['s2s_connections'], ctx)
pd = uidatahelpers.CreateProtocolData()
# No collapse states need to be saved for site-to-site connections
try:
# Check errors
self._validate(ctx, form, data)
# Intermediate early bail out to avoid saving if there are errors
fda.finalize_validation()
# Deep copy UI config to 'new' UI config
pd.clone_ui_config()
# Save form data to rdf database
self.save_s2s_list_data(ctx, form, data)
# Convert uidata to protocol data.
pd.save_protocol_data()
except:
_log.exception('validation failed unexpectedly, adding global error')
fda.add_global_error('Unknown validation error')
# Finalize
fda.finalize_validation()
# XXX: The recheck_and_drop_ppp_connections below does not do
# anything to site-to-site connections! This does not
# currently matter because the runner restart follows, but if
# the site-to-site activation is later modified so that it
# will not require full restart, the code below must be fixed.
# Nuke unwanted PPP connections first time here, so their corresponding
# protocol config is intact, leading to a clean teardown.
try:
pd.recheck_and_drop_ppp_connections()
except:
_log.exception('ppp device recheck failed')
# # XXX: this trickery is disabled for now: user config changes require
# # freeradius restart which is not very sensible now when we restart anyways
# try:
# pd.restart_freeradius() # needs protocol config in place
# except:
# _log.exception('freeradius restart failed')
#
# # Check again for unwanted PPP devices; teardowns here will currently be ugly
# try:
# pd.recheck_and_drop_ppp_connections()
# except:
# _log.exception('ppp device recheck failed')
# Activate new config
pd.activate_protocol_data()
# Update initial config saved flag
pd.update_initial_config_saved()
#
# XXX: Because we stop, reconfigure, and start here, the user trickery above
# is not strictly necessary though it doesn't hurt. It was left intact because
# we might want to try to make site-to-site activation without full restart.
# Currently that's not possible because site-to-site changes cause route changes,
# for instance.
#
#
# XXX: It would be cleaner if we could first stop the runner, then change the
# config, and then restart it. If we do that with a deferred, then it is possible
# that the user changes the config again before we have time to activate it.
# Putting the config into some sort of "staging area" might help. Currently we
# simply assume that runner stop (and start) are robust enough.
#
# stop, configure, start
followup = uihelpers.build_uri(ctx, 'status/main.html')
return uihelpers.reconfigure_and_restart_page(self.master, ctx, followup_uri=followup)
def build_uri(self, ctx, suffix):
return uihelpers.build_uri(ctx, suffix)
def submitted(self, ctx, form, data):
fda = formalutils.FormDataAccessor(form, [], ctx)
pd = uidatahelpers.CreateProtocolData()
# Save collapsed states first, so they feed back to next round
for [rdf_uri, key] in [ [ ns_ui.collapseLicense, 'license_group' ],
[ ns_ui.collapseLocale, 'locale_group' ],
[ ns_ui.collapseProductMaintenance, 'reboot_group' ],
[ ns_ui.collapseSnmp, 'snmp_group' ],
[ ns_ui.collapseRemoteManagement, 'remote_group' ],
[ ns_ui.collapseSslCertificate, 'ssl_group' ] ]:
try:
# XXX: passing of the hidden _collapsedstate_ parameter is not too clean
uihelpers.update_collapse_setting(rdf_uri, fda['%s._collapsedstate_' % key])
except:
_log.exception('error updating collapsed state for %s' % rdf_uri)
try:
# global canonicalization
tmp = fda.descend('license_group')
if tmp.has_key('license_key') and (tmp['license_key'] is not None):
tmp['license_key'] = tmp['license_key'].upper().strip()
# global validation
tmp = fda.descend('license_group')
if tmp.has_key('license_key') and (tmp['license_key'] is not None):
val, grps = None, None
try:
val, grps = licensekey.decode_license(tmp['license_key'])
except:
_log.exception('license decoding failed')
if val is None:
tmp.add_error('license_key', 'Invalid license key')
tmp = fda.descend('remote_group')
if tmp.has_key('root_password1') and tmp.has_key('root_password2'):
pw1, pw2 = tmp['root_password1'], tmp['root_password2']
if pw1 is None:
pw1 = ''
if pw2 is None:
pw2 = ''
if pw1 != pw2:
tmp.add_error('root_password1', 'Passwords do not match')
tmp.add_error('root_password2', 'Passwords do not match')
else:
if not helpers.check_unix_password_characters(pw1):
tmp.add_error('root_password1', 'Invalid characters in password')
tmp.add_error('root_password2', 'Invalid characters in password')
tmp = fda.descend('snmp_group')
if tmp.has_key('snmp_community') and tmp['snmp_community'] is not None:
if not uihelpers.check_snmp_community_characters(tmp['snmp_community']):
tmp.add_error('snmp_community', 'Invalid characters')
#
# XXX -- How to validate SSL certificates reliably? Currently invalid
# certificate / key causes VPNease to use self-signed version so it's
# relatively OK.
#
#
# XXX -- admin smtp setting validation & normalization
#
# Intermediate early bail out to avoid saving if there are errors
fda.finalize_validation()
# Deep copy UI config to 'new' UI config
pd.clone_ui_config()
# save data
self.save_ui_data(ctx, form, data)
# re-create protocol data to see if new exceptions crop up
pd.save_protocol_data()
except:
_log.exception('validation failed unexpectedly, adding global error')
fda.add_global_error('Unknown validation error')
# finalize; raises if something wrong
fda.finalize_validation()
# locale settings are handled directly
cfg_ui = helpers.get_new_ui_config()
try:
cfg_ui.setS(ns_ui.timezone, rdf.String, fda['locale_group.timezone'])
cfg_ui.setS(ns_ui.keymap, rdf.String, fda['locale_group.keymap'])
gnomeconfig.set_keymap_settings(cfg_ui.getS(ns_ui.keymap, rdf.String))
except:
_log.exception('activating timezone and keymap settings failed')
# same with root password
try:
tmp = fda.descend('remote_group')
if tmp.has_key('root_password1') and tmp.has_key('root_password2'):
pw1, pw2 = tmp['root_password1'], tmp['root_password2']
if (pw1 == '') and (pw2 == ''):
pass
elif (pw1 == None) and (pw2 == None):
pass
elif pw1 == pw2:
# change password; we assume it converts to ascii nicely
helpers.change_unix_password('root', str(pw1))
else:
# should not come here
_log.error('passwords differ after validation, ignoring')
except:
_log.exception('changing root password failed')
# activate new config
pd.activate_protocol_data()
# update initial config saved flag
pd.update_initial_config_saved()
#
# XXX: It would be cleaner if we could first stop the runner, then change the
# config, and then restart it. If we do that with a deferred, then it is possible
# that the user changes the config again before we have time to activate it.
# Putting the config into some sort of "staging area" might help. Currently we
# simply assume that runner stop (and start) are robust enough.
#
#
# XXX: If timezone has changed, we should re-render graphs immediately so they
# will have the correct timezone when status pages are loaded.
#
# ssl certificate - always rewrite here
try:
uihelpers.update_ssl_certificate_files()
# reread files; we don't regenerate because we never overwrite the self-signed
# certificate here
self.master.reread_ssl_files()
except:
_log.exception('ssl certificate check failed')
# stop, configure, start
followup = uihelpers.build_uri(ctx, 'status/main.html')
return uihelpers.reconfigure_and_restart_page(self.master, ctx, followup_uri=followup)
def submitted(self, ctx, form, data):
fda = formalutils.FormDataAccessor(form, [], ctx)
pd = uidatahelpers.CreateProtocolData()
# Save collapsed states first, so they feed back to next round
for [rdf_uri, key] in [ [ ns_ui.collapseDefaultRoute, 'dr_group' ],
[ ns_ui.collapseAdditionalRoutes, 'ar_group' ],
[ ns_ui.collapseSourceRouting, 'sr_group' ],
[ ns_ui.collapsePppFirewallRules, 'fwrule_group' ],
[ ns_ui.collapsePortForwardingRules, 'port_forwards' ],
[ ns_ui.collapseFirewall, 'firewall' ] ]:
try:
# XXX: passing of the hidden _collapsedstate_ parameter is not too clean
uihelpers.update_collapse_setting(rdf_uri, fda['%s._collapsedstate_' % key])
except:
_log.exception('error updating collapsed state for %s' % rdf_uri)
# Validation and config generation
try:
# Form global canonicalization
gc = networkconfigvalidation.ConfigNetworkCanonicalizator(ctx, form, data)
# Form global validation
gv = networkconfigvalidation.ConfigNetworkValidator(ctx, form, data)
# Check required fields. Some fields may be required because of some other fields value and thus cannot
# be checked locally.
gv.check_required_fields_routingfirewall()
# Global checks for internet and private network connection.
gv.check_route_destination_valid() # just checks that some destination is defined, not that e.g. private network exists
gv.check_ppp_firewall_rules()
# Intermediate early bail out to avoid saving if there are errors
gv.finalize_validation()
# XXX: we might want to add warnings here later if route subnets overlap with each other
# or with site-to-site subnets
# Deep copy UI config to 'new' UI config
pd.clone_ui_config()
# Save form data.
self.save_routes_data(ctx, form, data)
self.save_firewall_data(ctx, form, data)
pd.save_protocol_data()
except:
_log.exception('validation failed unexpectedly, adding global error')
fda.add_global_error('Unknown validation error')
# Finalize raises exception if there are errors and handles disabled fields as well as copying form data to erros data.
gv.finalize_validation()
# Save ok, activate config
pd.activate_protocol_data()
# Update initial config saved flag
pd.update_initial_config_saved()
#
# XXX: It would be cleaner if we could first stop the runner, then change the
# config, and then restart it. If we do that with a deferred, then it is possible
# that the user changes the config again before we have time to activate it.
# Putting the config into some sort of "staging area" might help. Currently we
# simply assume that runner stop (and start) are robust enough.
#
# stop, configure, start
followup = uihelpers.build_uri(ctx, 'status/main.html')
return uihelpers.reconfigure_and_restart_page(self.master, ctx, followup_uri=followup)
def submitted(self, ctx, form, data):
fda = formalutils.FormDataAccessor(form, [], ctx)
pd = uidatahelpers.CreateProtocolData()
# Save collapsed states first, so they feed back to next round
for [rdf_uri,
key] in [[ns_ui.collapseDefaultRoute, 'dr_group'],
[ns_ui.collapseAdditionalRoutes, 'ar_group'],
[ns_ui.collapseSourceRouting, 'sr_group'],
[ns_ui.collapsePppFirewallRules, 'fwrule_group'],
[ns_ui.collapsePortForwardingRules, 'port_forwards'],
[ns_ui.collapseFirewall, 'firewall']]:
try:
# XXX: passing of the hidden _collapsedstate_ parameter is not too clean
uihelpers.update_collapse_setting(
rdf_uri, fda['%s._collapsedstate_' % key])
except:
_log.exception('error updating collapsed state for %s' %
rdf_uri)
# Validation and config generation
try:
# Form global canonicalization
gc = networkconfigvalidation.ConfigNetworkCanonicalizator(
ctx, form, data)
# Form global validation
gv = networkconfigvalidation.ConfigNetworkValidator(
ctx, form, data)
# Check required fields. Some fields may be required because of some other fields value and thus cannot
# be checked locally.
gv.check_required_fields_routingfirewall()
# Global checks for internet and private network connection.
gv.check_route_destination_valid(
) # just checks that some destination is defined, not that e.g. private network exists
gv.check_ppp_firewall_rules()
# Intermediate early bail out to avoid saving if there are errors
gv.finalize_validation()
# XXX: we might want to add warnings here later if route subnets overlap with each other
# or with site-to-site subnets
# Deep copy UI config to 'new' UI config
pd.clone_ui_config()
# Save form data.
self.save_routes_data(ctx, form, data)
self.save_firewall_data(ctx, form, data)
pd.save_protocol_data()
except:
_log.exception(
'validation failed unexpectedly, adding global error')
fda.add_global_error('Unknown validation error')
# Finalize raises exception if there are errors and handles disabled fields as well as copying form data to erros data.
gv.finalize_validation()
# Save ok, activate config
pd.activate_protocol_data()
# Update initial config saved flag
pd.update_initial_config_saved()
#
# XXX: It would be cleaner if we could first stop the runner, then change the
# config, and then restart it. If we do that with a deferred, then it is possible
# that the user changes the config again before we have time to activate it.
# Putting the config into some sort of "staging area" might help. Currently we
# simply assume that runner stop (and start) are robust enough.
#
# stop, configure, start
followup = uihelpers.build_uri(ctx, 'status/main.html')
return uihelpers.reconfigure_and_restart_page(self.master,
ctx,
followup_uri=followup)
def submitted(self, ctx, form, data):
fda = formalutils.FormDataAccessor(form, [], ctx)
pd = uidatahelpers.CreateProtocolData()
# Save collapsed states first, so they feed back to next round
for [rdf_uri,
key] in [[ns_ui.collapseInterfaceCount, 'ifcount_group'],
[ns_ui.collapseInternetConnection, 'ic_group'],
[ns_ui.collapsePrivateNetwork, 'pn_group'],
[ns_ui.collapseDns, 'dns_group'],
[ns_ui.collapseDynamicDns, 'ddns_group'],
[ns_ui.collapseClientConnection, 'client_connection']]:
try:
# XXX: passing of the hidden _collapsedstate_ parameter is not too clean
uihelpers.update_collapse_setting(
rdf_uri, fda['%s._collapsedstate_' % key])
except:
_log.exception('error updating collapsed state for %s' %
rdf_uri)
# Validation and config generation
old_vpn_server_address = None
try:
# Form global canonicalization
gc = networkconfigvalidation.ConfigNetworkCanonicalizator(
ctx, form, data)
gc.canonicalize_ip_subnet()
# Form global validation
gv = networkconfigvalidation.ConfigNetworkValidator(
ctx, form, data)
# Check required fields. Some fields may be required because of some other fields value and thus cannot
# be checked locally.
gv.check_required_fields()
gv.ip_and_subnet_match() # Checks public and private.
gv.public_private_ip_not_same(
) # XXX: warning for now only; worth a warning, but still works to some extent
gv.public_private_eth_not_same()
gv.check_single_interface_ok()
gv.check_interface_default_gateways()
gv.check_public_subnet(
) # XXX: warning for now only, overlaps don't cause runner errors
gv.check_private_subnet(
) # XXX: warning for now only, overlaps don't cause runner errors
gv.check_uplink()
gv.check_only_one_proxyarp()
gv.check_dns_dhcp_valid()
gv.check_client_settings(
) # XXX: some checks commented to warnings for now
# Intermediate early bail out to avoid saving if there are errors
gv.finalize_validation()
# XXX: One interface setup could rename the internet connection tab to
# network connection, and update all the selections.
# Get old VPN server address for comparison
ui_root = helpers.get_ui_config()
if ui_root.hasS(ns_ui.vpnServerAddress):
old_vpn_server_address = ui_root.getS(ns_ui.vpnServerAddress,
rdf.String)
# Deep copy UI config to 'new' UI config
pd.clone_ui_config()
# Save form data
self.save_network_data(ctx, form, data)
self.save_client_connection_data(ctx, form, data)
# newUiConfig -> newL2tpDeviceConfig
pd.save_protocol_data()
except:
_log.exception(
'validation failed unexpectedly, adding global error')
fda.add_global_error('Unknown validation error')
# Finalize raises exception if there are errors and handles disabled fields as well as copying form data to errors data.
gv.finalize_validation()
# Save ok, activate config
pd.activate_protocol_data()
# Update initial config saved flag
pd.update_initial_config_saved()
# If certificate name has changed, regenerate and re-read cert files
new_vpn_server_address = None
ui_root = helpers.get_ui_config() # reget root after change
if ui_root.hasS(ns_ui.vpnServerAddress):
new_vpn_server_address = ui_root.getS(ns_ui.vpnServerAddress,
rdf.String)
# XXX: unnecessary to check for None now, but doesn't hurt
if (old_vpn_server_address != new_vpn_server_address):
common_name = None
if (new_vpn_server_address
is not None) and (new_vpn_server_address != ''):
common_name = new_vpn_server_address
_log.info('regenerating ssl certificates, common name %s' %
common_name)
@db.untransact()
def _regenerate():
helpers.generate_self_signed_certificate(
constants.WEBUI_PRIVATE_KEY,
constants.WEBUI_CERTIFICATE,
common_name=common_name)
_regenerate()
self.master.reread_ssl_files()
else:
_log.debug('certificate name unchanged, not regenerating')
#
# XXX: It would be cleaner if we could first stop the runner, then change the
# config, and then restart it. If we do that with a deferred, then it is possible
# that the user changes the config again before we have time to activate it.
# Putting the config into some sort of "staging area" might help. Currently we
# simply assume that runner stop (and start) are robust enough.
#
# stop, configure, start
followup = uihelpers.build_uri(ctx, 'status/main.html')
return uihelpers.reconfigure_and_restart_page(self.master,
ctx,
followup_uri=followup)
def submitted(self, ctx, form, data):
fda = formalutils.FormDataAccessor(form, ['s2s_connections'], ctx)
pd = uidatahelpers.CreateProtocolData()
# No collapse states need to be saved for site-to-site connections
try:
# Check errors
self._validate(ctx, form, data)
# Intermediate early bail out to avoid saving if there are errors
fda.finalize_validation()
# Deep copy UI config to 'new' UI config
pd.clone_ui_config()
# Save form data to rdf database
self.save_s2s_list_data(ctx, form, data)
# Convert uidata to protocol data.
pd.save_protocol_data()
except:
_log.exception(
'validation failed unexpectedly, adding global error')
fda.add_global_error('Unknown validation error')
# Finalize
fda.finalize_validation()
# XXX: The recheck_and_drop_ppp_connections below does not do
# anything to site-to-site connections! This does not
# currently matter because the runner restart follows, but if
# the site-to-site activation is later modified so that it
# will not require full restart, the code below must be fixed.
# Nuke unwanted PPP connections first time here, so their corresponding
# protocol config is intact, leading to a clean teardown.
try:
pd.recheck_and_drop_ppp_connections()
except:
_log.exception('ppp device recheck failed')
# # XXX: this trickery is disabled for now: user config changes require
# # freeradius restart which is not very sensible now when we restart anyways
# try:
# pd.restart_freeradius() # needs protocol config in place
# except:
# _log.exception('freeradius restart failed')
#
# # Check again for unwanted PPP devices; teardowns here will currently be ugly
# try:
# pd.recheck_and_drop_ppp_connections()
# except:
# _log.exception('ppp device recheck failed')
# Activate new config
pd.activate_protocol_data()
# Update initial config saved flag
pd.update_initial_config_saved()
#
# XXX: Because we stop, reconfigure, and start here, the user trickery above
# is not strictly necessary though it doesn't hurt. It was left intact because
# we might want to try to make site-to-site activation without full restart.
# Currently that's not possible because site-to-site changes cause route changes,
# for instance.
#
#
# XXX: It would be cleaner if we could first stop the runner, then change the
# config, and then restart it. If we do that with a deferred, then it is possible
# that the user changes the config again before we have time to activate it.
# Putting the config into some sort of "staging area" might help. Currently we
# simply assume that runner stop (and start) are robust enough.
#
# stop, configure, start
followup = uihelpers.build_uri(ctx, 'status/main.html')
return uihelpers.reconfigure_and_restart_page(self.master,
ctx,
followup_uri=followup)
def submitted(self, ctx, form, data):
fda = formalutils.FormDataAccessor(form, [], ctx)
pd = uidatahelpers.CreateProtocolData()
# Save collapsed states first, so they feed back to next round
for [rdf_uri, key] in [ [ ns_ui.collapseInterfaceCount, 'ifcount_group' ],
[ ns_ui.collapseInternetConnection, 'ic_group' ],
[ ns_ui.collapsePrivateNetwork, 'pn_group' ],
[ ns_ui.collapseDns, 'dns_group' ],
[ ns_ui.collapseDynamicDns, 'ddns_group' ],
[ ns_ui.collapseClientConnection, 'client_connection' ] ]:
try:
# XXX: passing of the hidden _collapsedstate_ parameter is not too clean
uihelpers.update_collapse_setting(rdf_uri, fda['%s._collapsedstate_' % key])
except:
_log.exception('error updating collapsed state for %s' % rdf_uri)
# Validation and config generation
old_vpn_server_address = None
try:
# Form global canonicalization
gc = networkconfigvalidation.ConfigNetworkCanonicalizator(ctx, form, data)
gc.canonicalize_ip_subnet()
# Form global validation
gv = networkconfigvalidation.ConfigNetworkValidator(ctx, form, data)
# Check required fields. Some fields may be required because of some other fields value and thus cannot
# be checked locally.
gv.check_required_fields()
gv.ip_and_subnet_match() # Checks public and private.
gv.public_private_ip_not_same() # XXX: warning for now only; worth a warning, but still works to some extent
gv.public_private_eth_not_same()
gv.check_single_interface_ok()
gv.check_interface_default_gateways()
gv.check_public_subnet() # XXX: warning for now only, overlaps don't cause runner errors
gv.check_private_subnet() # XXX: warning for now only, overlaps don't cause runner errors
gv.check_uplink()
gv.check_only_one_proxyarp()
gv.check_dns_dhcp_valid()
gv.check_client_settings() # XXX: some checks commented to warnings for now
# Intermediate early bail out to avoid saving if there are errors
gv.finalize_validation()
# XXX: One interface setup could rename the internet connection tab to
# network connection, and update all the selections.
# Get old VPN server address for comparison
ui_root = helpers.get_ui_config()
if ui_root.hasS(ns_ui.vpnServerAddress):
old_vpn_server_address = ui_root.getS(ns_ui.vpnServerAddress, rdf.String)
# Deep copy UI config to 'new' UI config
pd.clone_ui_config()
# Save form data
self.save_network_data(ctx, form, data)
self.save_client_connection_data(ctx, form, data)
# newUiConfig -> newL2tpDeviceConfig
pd.save_protocol_data()
except:
_log.exception('validation failed unexpectedly, adding global error')
fda.add_global_error('Unknown validation error')
# Finalize raises exception if there are errors and handles disabled fields as well as copying form data to errors data.
gv.finalize_validation()
# Save ok, activate config
pd.activate_protocol_data()
# Update initial config saved flag
pd.update_initial_config_saved()
# If certificate name has changed, regenerate and re-read cert files
new_vpn_server_address = None
ui_root = helpers.get_ui_config() # reget root after change
if ui_root.hasS(ns_ui.vpnServerAddress):
new_vpn_server_address = ui_root.getS(ns_ui.vpnServerAddress, rdf.String)
# XXX: unnecessary to check for None now, but doesn't hurt
if (old_vpn_server_address != new_vpn_server_address):
common_name = None
if (new_vpn_server_address is not None) and (new_vpn_server_address != ''):
common_name = new_vpn_server_address
_log.info('regenerating ssl certificates, common name %s' % common_name)
@db.untransact()
def _regenerate():
helpers.generate_self_signed_certificate(constants.WEBUI_PRIVATE_KEY, constants.WEBUI_CERTIFICATE, common_name=common_name)
_regenerate()
self.master.reread_ssl_files()
else:
_log.debug('certificate name unchanged, not regenerating')
#
# XXX: It would be cleaner if we could first stop the runner, then change the
# config, and then restart it. If we do that with a deferred, then it is possible
# that the user changes the config again before we have time to activate it.
# Putting the config into some sort of "staging area" might help. Currently we
# simply assume that runner stop (and start) are robust enough.
#
# stop, configure, start
followup = uihelpers.build_uri(ctx, 'status/main.html')
return uihelpers.reconfigure_and_restart_page(self.master, ctx, followup_uri=followup)