def delete(self, force=False):
ninstances = self.jt_instances
if ninstances != 0:
raise MiddlewareError(
_("Template must have 0 instances!")
)
template = self.jt_name
jc = JailsConfiguration.objects.all()[0]
if not jc:
raise MiddlewareError(
_("Jail root is not configured!")
)
tdir = os.path.realpath("%s/.warden-template-%s" % (jc.jc_path, template))
if not os.path.exists(tdir):
super(JailTemplate, self).delete()
return
try:
w = Warden()
template_delete_args = {}
template_delete_args['flags'] = WARDEN_TEMPLATE_FLAGS_DELETE
template_delete_args['template'] = self.jt_name
w.template(**template_delete_args)
super(JailTemplate, self).delete()
except Exception as e:
raise MiddlewareError(_(e))
def delete(self, force=False):
ninstances = self.jt_instances
if ninstances != 0:
raise MiddlewareError(
_("Template must have 0 instances!")
)
try:
w = Warden()
template_delete_args = {}
template_delete_args['flags'] = WARDEN_TEMPLATE_FLAGS_DELETE
template_delete_args['template'] = self.jt_name
w.template(**template_delete_args)
super(JailTemplate, self).delete()
except Except as e:
raise MiddlewareError(_(e))
def jt_instances(self):
instances = 0
w = Warden()
template = None
template_list_args = {}
template_list_args['flags'] = WARDEN_TEMPLATE_FLAGS_LIST
templates = w.template(**template_list_args)
for t in templates:
if t['nick'] == self.jt_name:
template = t
break
if template:
instances = t['instances']
return instances
def jail_start(request, id):
jail = models.Jails.objects.get(id=id)
if request.method == 'POST':
try:
notifier().reload("http") # Jail IP reflects nginx plugins.conf
Warden().start(jail=jail.jail_host)
return JsonResp(
request,
message=_("Jail successfully started.")
)
except Exception, e:
return JsonResp(request, error=True, message=repr(e))
def __wlist(self):
if self.__wlist_cache is None:
try:
wlist = Warden().list()
except:
wlist = []
self.__wcount_cache = len(wlist)
tl = []
wlist = self.__order_by(wlist, "id")
for wj in wlist:
tj = self.__to_model_dict(wj)
tl.append(tj)
self.__wlist_cache = tl
return self.__wlist_cache
def __init__(self, *args, **kwargs):
self.jail = None
if kwargs and kwargs.has_key('jail'):
self.jail = kwargs.pop('jail')
super(NullMountPointForm, self).__init__(*args, **kwargs)
if kwargs and kwargs.has_key('instance'):
self.instance = kwargs.pop('instance')
if self.jail:
self.fields['jail'].initial = self.jail.jail_host
self.fields['jail'].widget.attrs = {
'readonly': True,
'class': (
'dijitDisabled dijitTextBoxDisabled'
'dijitValidationTextBoxDisabled'
),
}
self.jc = JailsConfiguration.objects.order_by("-id")[0]
jail_path = "%s/%s" % (self.jc.jc_path, self.jail.jail_host)
self.fields['destination'].widget.attrs['root'] = (jail_path)
else:
self.fields['jail'] = forms.ChoiceField(
label=_("Jail"),
choices=(),
widget=forms.Select(attrs={'class': 'required'}),
)
jc = JailsConfiguration.objects.order_by("-id")[0]
try:
clean_path_execbit(jc.jc_path)
except forms.ValidationError, e:
self.errors['__all__'] = self.error_class(e.messages)
pjlist = []
wlist = Warden().list()
for wj in wlist:
if wj[WARDEN_KEY_STATUS] == WARDEN_STATUS_RUNNING:
pjlist.append(wj[WARDEN_KEY_HOST])
self.fields['jail'].choices = [(pj, pj) for pj in pjlist ]
def _do_delete(self):
jc = JailsConfiguration.objects.order_by('-id')[0]
pbi_path = os.path.join(
jc.jc_path,
self.plugin_jail,
"usr/pbi",
"%s-%s" % (self.plugin_name, platform.machine()),
)
jail = None
for j in Warden().getjails():
if j.host == self.plugin_jail:
jail = j
break
if jail is None:
raise MiddlewareError(_("jail not found"))
notifier().umount_filesystems_within(pbi_path)
p = pbi_delete(pbi=self.plugin_pbiname)
res = p.run_in_chroot(os.path.join(jc.jc_path, jail.host))
if not res or res[0] != 0:
log.warn("unable to delete %s", self.plugin_pbiname)
def plugin_installed_icon(request, plugin_name, oid):
icon = None
plugin = models.Plugins.objects.get(pk=oid)
for wo in Warden().list():
wj = WardenJail(**wo)
if wj.host == plugin.plugin_jail and wj.status == WARDEN_STATUS_STOPPED:
icon = default_icon()
break
if wj.host == plugin.plugin_jail and wj.status == WARDEN_STATUS_RUNNING:
url = "%s/plugins/%s/%d/treemenu-icon" % \
(get_base_url(request), plugin_name, int(oid))
try:
response = urllib2.urlopen(url, timeout=15)
icon = response.read()
except:
pass
break
if not icon:
icon = default_icon()
return HttpResponse(icon, content_type="image/png")
def __init__(self, *args, **kwargs):
self.jail = None
if kwargs and kwargs.has_key('jail'):
self.jail = kwargs.pop('jail')
super(PBIUploadForm, self).__init__(*args, **kwargs)
if not self.jail:
jc = JailsConfiguration.objects.order_by("-id")[0]
try:
clean_path_execbit(jc.jc_path)
except forms.ValidationError, e:
self.errors['__all__'] = self.error_class(e.messages)
pjlist = []
wlist = Warden().list()
for wj in wlist:
if wj[WARDEN_KEY_TYPE] == WARDEN_TYPE_PLUGINJAIL and \
wj[WARDEN_KEY_STATUS] == WARDEN_STATUS_RUNNING:
pjlist.append(wj[WARDEN_KEY_HOST])
self.fields['pjail'].choices = [(pj, pj) for pj in pjlist]
def save(self):
try:
jc = JailsConfiguration.objects.order_by("-id")[0]
except Exception as e:
raise MiddlewareError(e.message)
if not jc.jc_path:
raise MiddlewareError(_("No jail root configured."))
jc_ipv4_netmask = 24
if jc.jc_ipv4_network:
parts = jc.jc_ipv4_network.split('/')
if len(parts) > 1:
jc_ipv4_netmask = parts[1]
jc_ipv6_prefix = 64
if jc.jc_ipv6_network:
parts = jc.jc_ipv6_network.split('/')
if len(parts) > 1:
jc_ipv6_prefix = parts[1]
jail_host = self.cleaned_data.get('jail_host')
jail_ipv4 = self.cleaned_data.get('jail_ipv4')
jail_ipv4_netmask = self.cleaned_data.get('jail_ipv4_netmask',
jc_ipv4_netmask)
jail_ipv6 = self.cleaned_data.get('jail_ipv6')
jail_ipv6_prefix = self.cleaned_data.get('jail_ipv6_prefix',
jc_ipv6_prefix)
jail_flags = WARDEN_FLAGS_NONE
jail_create_args = {}
jail_create_args['jail'] = jail_host
w = Warden()
# if self.cleaned_data['jail_source']:
# jail_flags |= WARDEN_CREATE_FLAGS_SRC
# if self.cleaned_data['jail_ports']:
# jail_flags |= WARDEN_CREATE_FLAGS_PORTS
if self.cleaned_data['jail_vanilla']:
jail_flags |= WARDEN_CREATE_FLAGS_VANILLA
template_create_args = {}
jail_type = self.cleaned_data['jail_type']
template = JailTemplate.objects.get(jt_name=jail_type)
template_create_args['nick'] = template.jt_name
template_create_args['tar'] = template.jt_url
template_create_args['flags'] = WARDEN_TEMPLATE_FLAGS_CREATE | \
WARDEN_TEMPLATE_CREATE_FLAGS_NICK | \
WARDEN_TEMPLATE_CREATE_FLAGS_TAR
saved_template = template
template = None
template_list_flags = {}
template_list_flags['flags'] = WARDEN_TEMPLATE_FLAGS_LIST
templates = w.template(**template_list_flags)
for t in templates:
if t['nick'] == template_create_args['nick']:
template = t
break
createfile = "/var/tmp/.templatecreate"
if not template:
try:
cf = open(createfile, "a+")
cf.close()
w.template(**template_create_args)
except Exception as e:
self.errors['__all__'] = self.error_class([_(e.message)])
if os.path.exists(createfile):
os.unlink(createfile)
return
template_list_flags = {}
template_list_flags['flags'] = WARDEN_TEMPLATE_FLAGS_LIST
templates = w.template(**template_list_flags)
for t in templates:
if t['nick'] == template_create_args['nick']:
template = t
break
if not template:
self.errors['__all__'] = self.error_class(
[_('Unable to find template!')])
return
if template['type'] == 'Linux':
jail_flags |= WARDEN_CREATE_FLAGS_LINUXJAIL
if template['arch'] == 'i386' and self.arch == 'x64':
jail_flags |= WARDEN_CREATE_FLAGS_32BIT
jail_flags |= WARDEN_CREATE_FLAGS_TEMPLATE
jail_create_args['template'] = template_create_args['nick']
if jail_ipv4:
jail_flags |= WARDEN_CREATE_FLAGS_IPV4
jail_create_args['ipv4'] = "%s/%s" % (jail_ipv4, jail_ipv4_netmask)
if jail_ipv6:
jail_flags |= WARDEN_CREATE_FLAGS_IPV6
jail_create_args['ipv6'] = "%s/%s" % (jail_ipv6, jail_ipv6_prefix)
jail_flags |= WARDEN_CREATE_FLAGS_LOGFILE
jail_flags |= WARDEN_CREATE_FLAGS_SYSLOG
jail_create_args['logfile'] = self.logfile
jail_create_args['flags'] = jail_flags
createfile = "/var/tmp/.jailcreate"
try:
cf = open(createfile, "a+")
cf.close()
w.create(**jail_create_args)
except Exception as e:
self.errors['__all__'] = self.error_class([_(e.message)])
if os.path.exists(createfile):
os.unlink(createfile)
return
if os.path.exists(createfile):
os.unlink(createfile)
for key in ('jail_bridge_ipv4', 'jail_bridge_ipv6',
'jail_defaultrouter_ipv4', 'jail_defaultrouter_ipv6',
'jail_mac', 'jail_flags'):
jail_set_args = {}
jail_set_args['jail'] = jail_host
jail_flags = WARDEN_FLAGS_NONE
val = self.cleaned_data.get(key, None)
if val:
if key == 'jail_bridge_ipv4':
mask = self.cleaned_data.get('jail_bridge_ipv4_netmask',
jc_ipv4_netmask)
jail_flags |= WARDEN_SET_FLAGS_BRIDGE_IPV4
jail_set_args['bridge-ipv4'] = "%s/%s" % (val, mask)
elif key == 'jail_bridge_ipv6':
prefix = self.cleaned_data.get('jail_bridge_ipv6_prefix',
jc_ipv6_prefix)
jail_flags |= WARDEN_SET_FLAGS_BRIDGE_IPV6
jail_set_args['bridge-ipv6'] = "%s/%s" % (val, prefix)
elif key == 'jail_defaultrouter_ipv4':
jail_flags |= WARDEN_SET_FLAGS_DEFAULTROUTER_IPV4
jail_set_args['defaultrouter-ipv4'] = val
elif key == 'jail_defaultrouter_ipv6':
jail_flags |= WARDEN_SET_FLAGS_DEFAULTROUTER_IPV6
jail_set_args['defaultrouter-ipv6'] = val
elif key == 'jail_mac':
jail_flags |= WARDEN_SET_FLAGS_MAC
jail_set_args['mac'] = val
elif key == 'jail_flags':
jail_flags |= WARDEN_SET_FLAGS_FLAGS
jail_set_args['jflags'] = val
jail_set_args['flags'] = jail_flags
try:
w.set(**jail_set_args)
except Exception as e:
self.errors['__all__'] = self.error_class([_(e.message)])
return
jail_nat = self.cleaned_data.get('jail_nat', None)
jail_vnet = self.cleaned_data.get('jail_vnet', None)
jail_set_args = {}
jail_set_args['jail'] = jail_host
jail_flags = WARDEN_FLAGS_NONE
if jail_nat:
jail_flags |= WARDEN_SET_FLAGS_NAT_ENABLE
else:
jail_flags |= WARDEN_SET_FLAGS_NAT_DISABLE
jail_set_args['flags'] = jail_flags
try:
w.set(**jail_set_args)
except Exception as e:
self.errors['__all__'] = self.error_class([_(e.message)])
return
jail_set_args = {}
jail_set_args['jail'] = jail_host
jail_flags = WARDEN_FLAGS_NONE
if jail_vnet:
# XXXX if NOT LINUX XXXX (revisit this)
if (saved_template.jt_arch != 'x86'
and saved_template.jt_os != 'Linux'):
jail_flags |= WARDEN_SET_FLAGS_VNET_ENABLE
else:
jail_flags |= WARDEN_SET_FLAGS_VNET_DISABLE
jail_set_args['flags'] = jail_flags
try:
w.set(**jail_set_args)
except Exception as e:
self.errors['__all__'] = self.error_class([_(e.message)])
return
if self.cleaned_data['jail_autostart']:
try:
w.auto(jail=jail_host)
except Exception as e:
self.errors['__all__'] = self.error_class([_(e.message)])
return
try:
w.start(jail=jail_host)
except Exception as e:
self.errors['__all__'] = self.error_class([_(e.message)])
return
def save(self):
jc = self.jc
if not jc.jc_path:
raise MiddlewareError(_("No jail root configured."))
jc_ipv4_netmask = 24
if jc.jc_ipv4_network:
parts = jc.jc_ipv4_network.split('/')
if len(parts) > 1:
jc_ipv4_netmask = parts[1]
jc_ipv6_prefix = 64
if jc.jc_ipv6_network:
parts = jc.jc_ipv6_network.split('/')
if len(parts) > 1:
jc_ipv6_prefix = parts[1]
jail_host = self.cleaned_data.get('jail_host')
jail_ipv4_dhcp = self.cleaned_data.get('jail_ipv4_dhcp')
jail_ipv4 = self.cleaned_data.get('jail_ipv4')
jail_ipv4_netmask = self.cleaned_data.get('jail_ipv4_netmask',
jc_ipv4_netmask)
jail_ipv6_autoconf = self.cleaned_data.get('jail_ipv6_autoconf')
jail_ipv6 = self.cleaned_data.get('jail_ipv6')
jail_ipv6_prefix = self.cleaned_data.get('jail_ipv6_prefix',
jc_ipv6_prefix)
jail_flags = WARDEN_FLAGS_NONE
jail_flags |= WARDEN_CREATE_FLAGS_VANILLA
jail_create_args = {}
jail_create_args['jail'] = jail_host
w = Warden()
template_create_args = {}
jail_type = self.cleaned_data['jail_type']
if not jail_type:
jail_type = 'standard'
# Don't backtrace if template doesn't exist
try:
template = JailTemplate.objects.get(jt_name=jail_type)
except Exception as e:
self.errors['__all__'] = self.error_class([str(e)])
return
template_create_args['nick'] = template.jt_name
template_create_args['tar'] = template.jt_url
template_create_args['flags'] = WARDEN_TEMPLATE_FLAGS_CREATE | \
WARDEN_TEMPLATE_CREATE_FLAGS_NICK | \
WARDEN_TEMPLATE_CREATE_FLAGS_TAR
if template.jt_mtree:
template_create_args['mtree'] = template.jt_mtree
template_create_args['flags'] = template_create_args['flags'] | \
WARDEN_TEMPLATE_CREATE_FLAGS_MTREE
saved_template = template
template = None
template_list_flags = {}
template_list_flags['flags'] = WARDEN_TEMPLATE_FLAGS_LIST
templates = w.template(**template_list_flags)
for t in templates:
if t['nick'] == template_create_args['nick']:
template = t
break
createfile = "/var/tmp/.templatecreate"
if not template:
# If for some reason warden does not list the template but the path
# exists, we shall try to nuke it
template_path = '{}/.warden-template-{}'.format(self.jc.jc_path, jail_type)
if os.path.exists(template_path):
try:
notifier().destroy_zfs_dataset(template_path.replace('/mnt/', ''))
except:
pass
try:
shutil.rmtree(template_path)
except OSError:
pass
try:
cf = open(createfile, "a+")
cf.close()
w.template(**template_create_args)
except Exception as e:
log.debug('Failed to create template', exc_info=True)
self.errors['__all__'] = self.error_class([str(e)])
if os.path.exists(createfile):
os.unlink(createfile)
return
template_list_flags = {}
template_list_flags['flags'] = WARDEN_TEMPLATE_FLAGS_LIST
templates = w.template(**template_list_flags)
for t in templates:
if t['nick'] == template_create_args['nick']:
template = t
break
if not template:
self.errors['__all__'] = self.error_class([
_('Unable to find template!')
])
return
if template['type'] == 'Linux':
jail_flags |= WARDEN_CREATE_FLAGS_LINUXJAIL
if template['arch'] == 'i386' and self.arch == 'x64':
jail_flags |= WARDEN_CREATE_FLAGS_32BIT
jail_flags |= WARDEN_CREATE_FLAGS_TEMPLATE
jail_create_args['template'] = template_create_args['nick']
if jail_ipv4_dhcp:
jail_ipv4 = "DHCP"
if jail_ipv4:
if jail_ipv4 != "DHCP":
jail_ipv4 = "%s/%s" % (jail_ipv4, jail_ipv4_netmask)
jail_flags |= WARDEN_CREATE_FLAGS_IPV4
jail_create_args['ipv4'] = jail_ipv4
if jail_ipv6_autoconf:
jail_ipv6 = "AUTOCONF"
if jail_ipv6:
if jail_ipv6 != "AUTOCONF":
jail_ipv6 = "%s/%s" % (jail_ipv6, jail_ipv6_prefix)
jail_flags |= WARDEN_CREATE_FLAGS_IPV6
jail_create_args['ipv6'] = jail_ipv6
jail_flags |= WARDEN_CREATE_FLAGS_LOGFILE
jail_flags |= WARDEN_CREATE_FLAGS_SYSLOG
jail_create_args['logfile'] = self.logfile
jail_create_args['flags'] = jail_flags
createfile = "/var/tmp/.jailcreate"
try:
cf = open(createfile, "a+")
cf.close()
w.create(**jail_create_args)
except Exception as e:
log.debug('Failed to create jail', exc_info=True)
self.errors['__all__'] = self.error_class([str(e)])
if os.path.exists(createfile):
os.unlink(createfile)
return
if os.path.exists(createfile):
os.unlink(createfile)
for key in ('jail_bridge_ipv4', 'jail_bridge_ipv6',
'jail_defaultrouter_ipv4', 'jail_defaultrouter_ipv6',
'jail_mac', 'jail_iface', 'jail_flags'):
jail_set_args = {}
jail_set_args['jail'] = jail_host
jail_flags = WARDEN_FLAGS_NONE
val = self.cleaned_data.get(key, None)
if val:
if key == 'jail_bridge_ipv4':
mask = self.cleaned_data.get('jail_bridge_ipv4_netmask',
jc_ipv4_netmask)
jail_flags |= WARDEN_SET_FLAGS_BRIDGE_IPV4
jail_set_args['bridge-ipv4'] = "%s/%s" % (val, mask)
elif key == 'jail_bridge_ipv6':
prefix = self.cleaned_data.get('jail_bridge_ipv6_prefix',
jc_ipv6_prefix)
jail_flags |= WARDEN_SET_FLAGS_BRIDGE_IPV6
jail_set_args['bridge-ipv6'] = "%s/%s" % (val, prefix)
elif key == 'jail_defaultrouter_ipv4':
jail_flags |= WARDEN_SET_FLAGS_DEFAULTROUTER_IPV4
jail_set_args['defaultrouter-ipv4'] = val
elif key == 'jail_defaultrouter_ipv6':
jail_flags |= WARDEN_SET_FLAGS_DEFAULTROUTER_IPV6
jail_set_args['defaultrouter-ipv6'] = val
elif key == 'jail_mac':
jail_flags |= WARDEN_SET_FLAGS_MAC
jail_set_args['mac'] = val
elif key == 'jail_iface':
jail_flags |= WARDEN_SET_FLAGS_IFACE
jail_set_args['iface'] = val
elif key == 'jail_flags':
jail_flags |= WARDEN_SET_FLAGS_FLAGS
jail_set_args['jflags'] = val
elif key == 'jail_mac':
jail_mac_list = [jail.jail_mac for jail in Jails.objects.all()]
mac_address = generate_randomMAC()
while mac_address in jail_mac_list:
mac_address = generate_randomMAC()
jail_flags |= WARDEN_SET_FLAGS_MAC
jail_set_args['mac'] = mac_address
jail_set_args['flags'] = jail_flags
try:
# Do not try to set options if no other options other than
# jail and flags were set.
if len(jail_set_args) > 2:
w.set(**jail_set_args)
except Exception as e:
log.debug('Failed to set jail arguments', exc_info=True)
self.errors['__all__'] = self.error_class([str(e)])
return
jail_nat = self.cleaned_data.get('jail_nat', None)
jail_vnet = self.cleaned_data.get('jail_vnet', None)
if jc.jc_ipv4_dhcp or jc.jc_ipv6_autoconf:
jail_vnet = True
jail_set_args = {}
jail_set_args['jail'] = jail_host
jail_flags = WARDEN_FLAGS_NONE
if jail_nat:
jail_flags |= WARDEN_SET_FLAGS_NAT_ENABLE
else:
jail_flags |= WARDEN_SET_FLAGS_NAT_DISABLE
jail_set_args['flags'] = jail_flags
try:
w.set(**jail_set_args)
except Exception as e:
log.debug('Failed to set jail arguments', exc_info=True)
self.errors['__all__'] = self.error_class([str(e)])
return
jail_set_args = {}
jail_set_args['jail'] = jail_host
jail_flags = WARDEN_FLAGS_NONE
if jail_vnet:
# XXXX if NOT LINUX XXXX (revisit this)
if (saved_template.jt_arch != 'x86' and
saved_template.jt_os != 'Linux'):
jail_flags |= WARDEN_SET_FLAGS_VNET_ENABLE
else:
jail_flags |= WARDEN_SET_FLAGS_VNET_DISABLE
jail_set_args['flags'] = jail_flags
try:
w.set(**jail_set_args)
except Exception as e:
log.debug('Failed to set jail arguments', exc_info=True)
self.errors['__all__'] = self.error_class([str(e)])
return
if self.cleaned_data['jail_autostart']:
try:
w.auto(jail=jail_host)
except Exception as e:
self.errors['__all__'] = self.error_class([str(e)])
return
try:
w.start(jail=jail_host)
except Exception as e:
log.debug('Failed to start jail', exc_info=True)
self.errors['__all__'] = self.error_class([str(e)])
return
# Requery instance so we have everything up-to-date after save
# See #14686
self.instance = Jails.objects.get(jail_host=jail_host)
if self.instance:
add_media_user_and_group(self.instance.jail_path)
def save(self):
jail_host = self.cleaned_data.get('jail_host')
instance = getattr(self, 'instance', None)
if self.__instance_diff(instance, self.__myfields):
self.__instance_changed_fields(instance, self.__myfields)
changed_fields = self.__instance_changed_fields(
instance, self.__myfields)
for cf in changed_fields:
if cf == 'jail_autostart':
Warden().auto(jail=jail_host)
else:
args = {}
flags = WARDEN_FLAGS_NONE
if cf == 'jail_ipv4':
flags |= WARDEN_SET_FLAGS_IPV4
args['ipv4'] = self.cleaned_data.get(cf)
elif cf == 'jail_ipv6':
flags |= WARDEN_SET_FLAGS_IPV6
args['ipv6'] = self.cleaned_data.get(cf)
elif cf == 'jail_alias_ipv4':
flags |= WARDEN_SET_FLAGS_ALIAS_IPV4
args['alias-ipv4'] = self.cleaned_data.get(cf)
elif cf == 'jail_alias_ipv6':
flags |= WARDEN_SET_FLAGS_ALIAS_IPV6
args['alias-ipv6'] = self.cleaned_data.get(cf)
elif cf == 'jail_bridge_ipv4':
flags |= WARDEN_SET_FLAGS_BRIDGE_IPV4
args['bridge-ipv4'] = self.cleaned_data.get(cf)
elif cf == 'jail_bridge_ipv6':
flags |= WARDEN_SET_FLAGS_BRIDGE_IPV6
args['bridge-ipv6'] = self.cleaned_data.get(cf)
elif cf == 'jail_alias_bridge_ipv4':
flags |= WARDEN_SET_FLAGS_ALIAS_BRIDGE_IPV4
args['alias-bridge-ipv4'] = self.cleaned_data.get(cf)
elif cf == 'jail_alias_bridge_ipv6':
flags |= WARDEN_SET_FLAGS_ALIAS_BRIDGE_IPV6
args['alias-bridge-ipv6'] = self.cleaned_data.get(cf)
elif cf == 'jail_defaultrouter_ipv4':
flags |= WARDEN_SET_FLAGS_DEFAULTROUTER_IPV4
args['defaultrouter-ipv4'] = self.cleaned_data.get(cf)
elif cf == 'jail_defaultrouter_ipv6':
flags |= WARDEN_SET_FLAGS_DEFAULTROUTER_IPV6
args['defaultrouter-ipv6'] = self.cleaned_data.get(cf)
elif cf == 'jail_mac':
flags |= WARDEN_SET_FLAGS_MAC
args['mac'] = self.cleaned_data.get(cf)
elif cf == 'jail_vnet':
if (self.cleaned_data.get(cf)):
flags |= WARDEN_SET_FLAGS_VNET_ENABLE
args['vnet-enable'] = self.cleaned_data.get(cf)
else:
flags |= WARDEN_SET_FLAGS_VNET_DISABLE
args['vnet-disable'] = self.cleaned_data.get(cf)
elif cf == 'jail_nat':
if self.cleaned_data.get(cf):
flags |= WARDEN_SET_FLAGS_NAT_ENABLE
args['nat-enable'] = self.cleaned_data.get(cf)
else:
flags |= WARDEN_SET_FLAGS_NAT_DISABLE
args['nat-disable'] = self.cleaned_data.get(cf)
args['jail'] = jail_host
args['flags'] = flags
Warden().set(**args)
def save(self):
try:
jc = JailsConfiguration.objects.order_by("-id")[0]
except Exception as e:
self.errors['__all__'] = self.error_class([_(e.message)])
return
if not jc.jc_path:
self.errors['__all__'] = self.error_class(
["No jail root configured."])
return
jail_host = self.cleaned_data.get('jail_host')
jail_ipv4 = self.cleaned_data.get('jail_ipv4')
jail_ipv6 = self.cleaned_data.get('jail_ipv6')
jail_flags = WARDEN_FLAGS_NONE
jail_create_args = {}
jail_create_args['jail'] = jail_host
w = Warden()
if self.cleaned_data['jail_32bit']:
jail_flags |= WARDEN_CREATE_FLAGS_32BIT
# if self.cleaned_data['jail_source']:
# jail_flags |= WARDEN_CREATE_FLAGS_SRC
# if self.cleaned_data['jail_ports']:
# jail_flags |= WARDEN_CREATE_FLAGS_PORTS
if self.cleaned_data['jail_vanilla']:
jail_flags |= WARDEN_CREATE_FLAGS_VANILLA
if self.cleaned_data['jail_type'] == WARDEN_TYPE_PORTJAIL:
jail_flags |= WARDEN_CREATE_FLAGS_PORTJAIL
elif self.cleaned_data['jail_type'] == WARDEN_TYPE_PLUGINJAIL:
jail_flags |= WARDEN_CREATE_FLAGS_PLUGINJAIL
elif self.cleaned_data['jail_type'] == WARDEN_TYPE_GENTOO_LINUX:
jail_flags |= WARDEN_CREATE_FLAGS_GENTOO_LINUX
elif self.cleaned_data['jail_type'] == WARDEN_TYPE_DEBIAN_LINUX:
jail_flags |= WARDEN_CREATE_FLAGS_DEBIAN_LINUX
elif self.cleaned_data['jail_type'] == WARDEN_TYPE_CENTOS_LINUX:
jail_flags |= WARDEN_CREATE_FLAGS_CENTOS_LINUX
# if self.cleaned_data['jail_archive']:
# if jail_flags & WARDEN_CREATE_FLAGS_LINUXJAIL:
# jail_flags |= WARDEN_CREATE_FLAGS_LINUXARCHIVE
# else:
# jail_flags |= WARDEN_CREATE_FLAGS_ARCHIVE
if jail_ipv4:
jail_flags |= WARDEN_CREATE_FLAGS_IPV4
jail_create_args['ipv4'] = jail_ipv4
if jail_ipv6:
jail_flags |= WARDEN_CREATE_FLAGS_IPV6
jail_create_args['ipv6'] = jail_ipv6
jail_flags |= WARDEN_CREATE_FLAGS_LOGFILE
jail_flags |= WARDEN_CREATE_FLAGS_SYSLOG
logfile = "/var/tmp/warden.log"
jail_create_args['logfile'] = logfile
jail_create_args['flags'] = jail_flags
createfile = "/var/tmp/.jailcreate"
try:
cf = open(createfile, "a+")
cf.close()
w.create(**jail_create_args)
except Exception as e:
self.errors['__all__'] = self.error_class([_(e.message)])
if os.path.exists(createfile):
os.unlink(createfile)
return
if os.path.exists(createfile):
os.unlink(createfile)
for key in ('jail_bridge_ipv4', 'jail_bridge_ipv6', \
'jail_defaultrouter_ipv4', 'jail_defaultrouter_ipv6', 'jail_mac'):
jail_set_args = {}
jail_set_args['jail'] = jail_host
jail_flags = WARDEN_FLAGS_NONE
val = self.cleaned_data.get(key, None)
if val:
if key == 'jail_bridge_ipv4':
jail_flags |= WARDEN_SET_FLAGS_BRIDGE_IPV4
jail_set_args['bridge-ipv4'] = val
elif key == 'jail_bridge_ipv6':
jail_flags |= WARDEN_SET_FLAGS_BRIDGE_IPV6
jail_set_args['bridge-ipv6'] = val
elif key == 'jail_defaultrouter_ipv4':
jail_flags |= WARDEN_SET_FLAGS_DEFAULTROUTER_IPV4
jail_set_args['defaultrouter-ipv4'] = val
elif key == 'jail_defaultrouter_ipv6':
jail_flags |= WARDEN_SET_FLAGS_DEFAULTROUTER_IPV6
jail_set_args['defaultrouter-ipv6'] = val
elif key == 'jail_mac':
jail_flags |= WARDEN_SET_FLAGS_MAC
jail_set_args['mac'] = val
jail_set_args['flags'] = jail_flags
try:
w.set(**jail_set_args)
except Exception as e:
self.errors['__all__'] = self.error_class([_(e.message)])
return
jail_nat = self.cleaned_data.get('jail_nat', None)
jail_vnet = self.cleaned_data.get('jail_vnet', None)
jail_set_args = {}
jail_set_args['jail'] = jail_host
jail_flags = WARDEN_FLAGS_NONE
if jail_nat:
jail_flags |= WARDEN_SET_FLAGS_NAT_ENABLE
else:
jail_flags |= WARDEN_SET_FLAGS_NAT_DISABLE
jail_set_args['flags'] = jail_flags
try:
w.set(**jail_set_args)
except Exception as e:
self.errors['__all__'] = self.error_class([_(e.message)])
return
jail_set_args = {}
jail_set_args['jail'] = jail_host
jail_flags = WARDEN_FLAGS_NONE
if jail_vnet:
if (self.cleaned_data['jail_type'] != WARDEN_TYPE_GENTOO_LINUX and
self.cleaned_data['jail_type'] != WARDEN_TYPE_DEBIAN_LINUX
and
self.cleaned_data['jail_type'] != WARDEN_TYPE_CENTOS_LINUX
and not self.cleaned_data['jail_32bit']):
jail_flags |= WARDEN_SET_FLAGS_VNET_ENABLE
else:
jail_flags |= WARDEN_SET_FLAGS_VNET_DISABLE
jail_set_args['flags'] = jail_flags
try:
w.set(**jail_set_args)
except Exception as e:
self.errors['__all__'] = self.error_class([_(e.message)])
return
if self.cleaned_data['jail_autostart']:
try:
w.auto(jail=jail_host)
except Exception as e:
self.errors['__all__'] = self.error_class([_(e.message)])
return
try:
w.start(jail=jail_host)
except Exception as e:
self.errors['__all__'] = self.error_class([_(e.message)])
return
def jail_start(request, id):
jail = models.Jails.objects.get(id=id)
if request.method == 'POST':
try:
Warden().start(jail=jail.jail_host)
return JsonResp(request, message=_("Jail successfully started."))
except Exception, e:
return JsonResp(request, error=True, message=e)
else:
return render(request, "jails/start.html", {'name': jail.jail_host})
Warden().start(jail=jail.jail_host)
def jail_stop(request, id):
jail = models.Jails.objects.get(id=id)
if request.method == 'POST':
try:
Warden().stop(jail=jail.jail_host)
return JsonResp(request, message=_("Jail successfully stopped."))
except Exception, e:
return JsonResp(request, error=True, message=e)
else:
def save(self):
jail_host = self.cleaned_data.get('jail_host')
instance = getattr(self, 'instance', None)
if self.__instance_diff(instance, self.__myfields):
self.__instance_changed_fields(instance, self.__myfields)
changed_fields = self.__instance_changed_fields(
instance, self.__myfields)
try:
jc = JailsConfiguration.objects.order_by("-id")[0]
except Exception as e:
raise MiddlewareError(e.message)
if not jc.jc_path:
raise MiddlewareError(_("No jail root configured."))
jc_ipv4_netmask = 24
if jc.jc_ipv4_network:
parts = jc.jc_ipv4_network.split('/')
if len(parts) > 1:
jc_ipv4_netmask = parts[1]
jc_ipv6_prefix = 64
if jc.jc_ipv6_network:
parts = jc.jc_ipv6_network.split('/')
if len(parts) > 1:
jc_ipv6_prefix = parts[1]
for cf in changed_fields:
if cf == 'jail_autostart':
Warden().auto(jail=jail_host)
else:
args = {}
flags = WARDEN_FLAGS_NONE
if cf == 'jail_ipv4' or cf == 'jail_ipv4_netmask':
ipv4 = self.cleaned_data.get('jail_ipv4')
mask = self.cleaned_data.get('jail_ipv4_netmask',
jc_ipv4_netmask)
jail_ipv4 = "%s/%s" % (ipv4, mask)
flags |= WARDEN_SET_FLAGS_IPV4
args['ipv4'] = jail_ipv4
elif cf == 'jail_ipv6' or cf == 'jail_ipv6_prefix':
ipv6 = self.cleaned_data.get('jail_ipv6')
prefix = self.cleaned_data.get('jail_ipv6_prefix',
jc_ipv6_prefix)
jail_ipv6 = "%s/%s" % (ipv6, prefix)
flags |= WARDEN_SET_FLAGS_IPV6
args['ipv6'] = jail_ipv6
elif cf == 'jail_alias_ipv4':
flags |= WARDEN_SET_FLAGS_ALIAS_IPV4
args['alias-ipv4'] = self.cleaned_data.get(cf)
elif cf == 'jail_alias_ipv6':
flags |= WARDEN_SET_FLAGS_ALIAS_IPV6
args['alias-ipv6'] = self.cleaned_data.get(cf)
elif cf == 'jail_bridge_ipv4' or cf == 'jail_bridge_ipv4_netmask':
bridge_ipv4 = self.cleaned_data.get('jail_bridge_ipv4')
mask = self.cleaned_data.get('jail_bridge_ipv4_netmask',
jc_ipv4_netmask)
jail_bridge_ipv4 = "%s/%s" % (bridge_ipv4, mask)
flags |= WARDEN_SET_FLAGS_BRIDGE_IPV4
args['bridge-ipv4'] = jail_bridge_ipv4
elif cf == 'jail_bridge_ipv6' or cf == 'jail_bridge_ipv6_prefix':
bridge_ipv6 = self.cleaned_data.get('jail_bridge_ipv6')
prefix = self.cleaned_data.get('jail_bridge_ipv6_prefix',
jc_ipv6_prefix)
jail_bridge_ipv6 = "%s/%s" % (bridge_ipv6, prefix)
flags |= WARDEN_SET_FLAGS_BRIDGE_IPV6
args['bridge-ipv6'] = jail_bridge_ipv6
elif cf == 'jail_alias_bridge_ipv4':
flags |= WARDEN_SET_FLAGS_ALIAS_BRIDGE_IPV4
args['alias-bridge-ipv4'] = self.cleaned_data.get(cf)
elif cf == 'jail_alias_bridge_ipv6':
flags |= WARDEN_SET_FLAGS_ALIAS_BRIDGE_IPV6
args['alias-bridge-ipv6'] = self.cleaned_data.get(cf)
elif cf == 'jail_defaultrouter_ipv4':
flags |= WARDEN_SET_FLAGS_DEFAULTROUTER_IPV4
args['defaultrouter-ipv4'] = self.cleaned_data.get(cf)
elif cf == 'jail_defaultrouter_ipv6':
flags |= WARDEN_SET_FLAGS_DEFAULTROUTER_IPV6
args['defaultrouter-ipv6'] = self.cleaned_data.get(cf)
elif cf == 'jail_mac':
flags |= WARDEN_SET_FLAGS_MAC
args['mac'] = self.cleaned_data.get(cf)
elif cf == 'jail_vnet':
if (self.cleaned_data.get(cf)):
flags |= WARDEN_SET_FLAGS_VNET_ENABLE
args['vnet-enable'] = self.cleaned_data.get(cf)
else:
flags |= WARDEN_SET_FLAGS_VNET_DISABLE
args['vnet-disable'] = self.cleaned_data.get(cf)
elif cf == 'jail_nat':
if self.cleaned_data.get(cf):
flags |= WARDEN_SET_FLAGS_NAT_ENABLE
args['nat-enable'] = self.cleaned_data.get(cf)
else:
flags |= WARDEN_SET_FLAGS_NAT_DISABLE
args['nat-disable'] = self.cleaned_data.get(cf)
elif cf == 'jail_flags':
flags |= WARDEN_SET_FLAGS_FLAGS
args['jflags'] = self.cleaned_data.get(cf)
args['jail'] = jail_host
args['flags'] = flags
Warden().set(**args)
def delete(self):
Warden().delete(jail=self.jail_host, flags=WARDEN_DELETE_FLAGS_CONFIRM)
def __init__(self, *args, **kwargs):
super(JailCreateForm, self).__init__(*args, **kwargs)
self.fields['jail_type'].choices = (
(WARDEN_TYPE_PLUGINJAIL, WARDEN_TYPE_PLUGINJAIL),
(WARDEN_TYPE_STANDARD, WARDEN_TYPE_STANDARD),
(WARDEN_TYPE_PORTJAIL, WARDEN_TYPE_PORTJAIL),
# (WARDEN_TYPE_LINUXJAIL, WARDEN_TYPE_LINUXJAIL)
)
high_ipv4 = None
high_ipv6 = None
st_ipv4_network = None
st_ipv6_network = None
try:
jc = JailsConfiguration.objects.order_by("-id")[0]
st_ipv4_network = sipcalc_type(jc.jc_ipv4_network)
st_ipv6_network = sipcalc_type(jc.jc_ipv6_network)
except:
pass
#
# Reserve the first 25 addresses
#
if st_ipv4_network is not None:
high_ipv4 = sipcalc_type("%s/%d" % (st_ipv4_network.usable_range[0],
st_ipv4_network.network_mask_bits))
high_ipv4 += 25
if st_ipv6_network is not None:
high_ipv6 = sipcalc_type("%s/%d" % (st_ipv6_network .network_range[0],
st_ipv6_network.prefix_length))
high_ipv6 += 25
wlist = Warden().list()
for wj in wlist:
wo = WardenJail(**wj)
st_ipv4 = None
st_ipv6 = None
if wo.ipv4:
st_ipv4 = sipcalc_type(wo.ipv4)
if wo.ipv6:
st_ipv6 = sipcalc_type(wo.ipv6)
if st_ipv4 and st_ipv4_network is not None:
if st_ipv4_network.in_network(st_ipv4):
if st_ipv4 > high_ipv4:
high_ipv4 = st_ipv4
if st_ipv6 and st_ipv6_network is not None:
if st_ipv6_network.in_network(st_ipv6):
if st_ipv6 > high_ipv6:
high_ipv6 = st_ipv6
if high_ipv4 is None and st_ipv4_network is not None:
high_ipv4 = sipcalc_type("%s/%d" % (st_ipv4_network.usable_range[0],
st_ipv4_network.network_mask_bits))
elif high_ipv4 is not None and st_ipv4_network is not None:
high_ipv4 += 1
if not st_ipv4_network.in_network(high_ipv4):
high_ipv4 = None
if high_ipv6 is None and st_ipv6_network is not None:
high_ipv6 = sipcalc_type("%s/%d" % (st_ipv6_network.network_range[0],
st_ipv6_network.prefix_length))
elif high_ipv6 is not None and st_ipv6_network is not None:
high_ipv6 += 1
if not st_ipv6_network.in_network(high_ipv6):
high_ipv6 = None
if high_ipv6 is not None:
self.fields['jail_ipv6'].initial = high_ipv6
elif high_ipv4 is not None:
self.fields['jail_ipv4'].initial = high_ipv4
if st_ipv4_network is not None:
bridge_ipv4 = sipcalc_type("%s/%d" % (st_ipv4_network.usable_range[0],
st_ipv4_network.network_mask_bits))
self.fields['jail_bridge_ipv4'].initial = bridge_ipv4
if st_ipv6_network is not None:
bridge_ipv6 = sipcalc_type("%s/%d" % (st_ipv6_network.network_range[0],
st_ipv6_network.prefix_length))
self.fields['jail_bridge_ipv6'].initial = bridge_ipv6
def save(self):
try:
jc = JailsConfiguration.objects.order_by("-id")[0]
except Exception as e:
self.errors['__all__'] = self.error_class([_(e.message)])
return
if not jc.jc_path:
self.errors['__all__'] = self.error_class(["No jail root configured."])
return
jail_host = self.cleaned_data.get('jail_host')
jail_ipv4 = self.cleaned_data.get('jail_ipv4')
jail_ipv6 = self.cleaned_data.get('jail_ipv6')
jail_flags = WARDEN_FLAGS_NONE
jail_create_args = { }
jail_create_args['jail'] = jail_host
w = Warden()
# if self.cleaned_data['jail_32bit']:
# jail_flags |= WARDEN_CREATE_FLAGS_32BIT
if self.cleaned_data['jail_source']:
jail_flags |= WARDEN_CREATE_FLAGS_SRC
if self.cleaned_data['jail_ports']:
jail_flags |= WARDEN_CREATE_FLAGS_PORTS
if self.cleaned_data['jail_vanilla']:
jail_flags |= WARDEN_CREATE_FLAGS_VANILLA
if self.cleaned_data['jail_type'] == WARDEN_TYPE_PORTJAIL:
jail_flags |= WARDEN_CREATE_FLAGS_PORTJAIL
elif self.cleaned_data['jail_type'] == WARDEN_TYPE_PLUGINJAIL:
jail_flags |= WARDEN_CREATE_FLAGS_PLUGINJAIL
elif self.cleaned_data['jail_type'] == WARDEN_TYPE_LINUXJAIL:
jail_flags |= WARDEN_CREATE_FLAGS_LINUXJAIL
jail_create_args['script'] = LINUXSCRIPT
if self.cleaned_data['jail_archive']:
if jail_flags & WARDEN_CREATE_FLAGS_LINUXJAIL:
jail_flags |= WARDEN_CREATE_FLAGS_LINUXARCHIVE
else:
jail_flags |= WARDEN_CREATE_FLAGS_ARCHIVE
if jail_ipv4:
jail_flags |= WARDEN_CREATE_FLAGS_IPV4
jail_create_args['ipv4'] = jail_ipv4
if jail_ipv6:
jail_flags |= WARDEN_CREATE_FLAGS_IPV6
jail_create_args['ipv6'] = jail_ipv6
jail_create_args['flags'] = jail_flags
try:
w.create(**jail_create_args)
except Exception as e:
self.errors['__all__'] = self.error_class([_(e.message)])
return
jail_set_args = { }
jail_set_args['jail'] = jail_host
jail_flags = WARDEN_FLAGS_NONE
jail_bridge_ipv4 = self.cleaned_data.get('jail_bridge_ipv4')
jail_bridge_ipv6 = self.cleaned_data.get('jail_bridge_ipv6')
if jail_bridge_ipv4:
jail_flags |= WARDEN_SET_FLAGS_BRIDGE_IPV4
jail_set_args['bridge-ipv4'] = jail_bridge_ipv4
if jail_bridge_ipv6:
jail_flags |= WARDEN_SET_FLAGS_BRIDGE_IPV6
jail_set_args['bridge-ipv6'] = jail_bridge_ipv6
jail_set_args['flags'] = jail_flags
try:
w.set(**jail_set_args)
except Exception as e:
self.errors['__all__'] = self.error_class([_(e.message)])
return
if self.cleaned_data['jail_autostart']:
try:
w.auto(jail=jail_host)
except Exception as e:
self.errors['__all__'] = self.error_class([_(e.message)])
return
try:
w.start(jail=jail_host)
except Exception as e:
self.errors['__all__'] = self.error_class([_(e.message)])
return
class NullMountPointForm(ModelForm):
create = forms.BooleanField(
label=('Create directory'),
required=False,
initial=True,
help_text=_('Create destination directory if it does not exist'),
)
mounted = forms.BooleanField(
label=_("Mounted?"),
required=False,
initial=True,
)
# Do not remove: used in javascript side
mpjc_path = forms.CharField(required=False)
class Meta:
fields = '__all__'
model = NullMountPoint
widgets = {
'source':
forms.widgets.TextInput(
attrs={
'data-dojo-type': 'freeadmin.form.PathSelector',
}),
'destination':
forms.widgets.TextInput(
attrs={
'data-dojo-type': 'freeadmin.form.PathSelector',
}),
}
def clean_source(self):
src = self.cleaned_data.get("source")
src = os.path.abspath(src.strip().replace("..", ""))
return src
def clean_destination(self):
dest = self.cleaned_data.get("destination")
dest = os.path.abspath(dest.strip().replace("..", ""))
if not self.jail:
jail = self.cleaned_data.get("jail")
if jail:
self.jail = Jails.objects.get(jail_host=jail)
if not self.jail:
raise forms.ValidationError(
_("This shouldn't happen, but the jail could not be found"))
full = "%s/%s%s" % (self.jc.jc_path, self.jail.jail_host, dest)
if len(full) > 88:
raise forms.ValidationError(
_("The full path cannot exceed 88 characters"))
create = self.cleaned_data.get('create')
if not os.path.exists(full) and create:
os.makedirs(full)
return dest
def __init__(self, *args, **kwargs):
self.jail = None
if kwargs and 'jail' in kwargs:
self.jail = kwargs.pop('jail')
super(NullMountPointForm, self).__init__(*args, **kwargs)
if kwargs and 'instance' in kwargs:
self.instance = kwargs.pop('instance')
if not self.jail:
self.jail = Jails.objects.filter(
jail_host=self.instance.jail)[0]
self.jc = JailsConfiguration.objects.order_by("-id")[0]
self.fields['jail'] = forms.ChoiceField(
label=_("Jail"),
choices=(),
widget=forms.Select(attrs={'class': 'required'}),
)
if self.jail:
self.fields['jail'].initial = self.jail.jail_host
self.fields['jail'].widget.attrs['readonly'] = True
try:
clean_path_execbit(self.jc.jc_path)
except forms.ValidationError, e:
self.errors['__all__'] = self.error_class(e.messages)
pjlist = []
try:
wlist = Warden().list()
except:
wlist = []
for wj in wlist:
pjlist.append(wj[WARDEN_KEY_HOST])
self.fields['jail'].choices = [(pj, pj) for pj in pjlist]
self.fields['jail'].widget.attrs['onChange'] = (
'addStorageJailChange(this);')
jail_path = "%s/%s" % (self.jc.jc_path, self.jail.jail_host)
self.fields['destination'].widget.attrs['root'] = jail_path
self.fields['mpjc_path'].widget = forms.widgets.HiddenInput()
self.fields['mpjc_path'].initial = self.jc.jc_path
if self.instance.id:
self.fields['mounted'].initial = self.instance.mounted
else:
self.fields['mounted'].widget = forms.widgets.HiddenInput()
def save(self):
try:
jc = JailsConfiguration.objects.order_by("-id")[0]
except Exception as e:
self.errors['__all__'] = self.error_class([_(e.message)])
return
if not jc.jc_path:
self.errors['__all__'] = self.error_class(
["No jail root configured."]
)
return
jail_host = self.cleaned_data.get('jail_host')
jail_ipv4 = self.cleaned_data.get('jail_ipv4')
jail_ipv6 = self.cleaned_data.get('jail_ipv6')
jail_flags = WARDEN_FLAGS_NONE
jail_create_args = {}
jail_create_args['jail'] = jail_host
w = Warden()
if self.cleaned_data['jail_32bit']:
jail_flags |= WARDEN_CREATE_FLAGS_32BIT
# if self.cleaned_data['jail_source']:
# jail_flags |= WARDEN_CREATE_FLAGS_SRC
# if self.cleaned_data['jail_ports']:
# jail_flags |= WARDEN_CREATE_FLAGS_PORTS
if self.cleaned_data['jail_vanilla']:
jail_flags |= WARDEN_CREATE_FLAGS_VANILLA
if self.cleaned_data['jail_type'] == WARDEN_TYPE_PORTJAIL:
jail_flags |= WARDEN_CREATE_FLAGS_PORTJAIL
elif self.cleaned_data['jail_type'] == WARDEN_TYPE_PLUGINJAIL:
jail_flags |= WARDEN_CREATE_FLAGS_PLUGINJAIL
elif self.cleaned_data['jail_type'] == WARDEN_TYPE_LINUXJAIL:
jail_flags |= WARDEN_CREATE_FLAGS_LINUXJAIL
jail_create_args['script'] = LINUXSCRIPT
# if self.cleaned_data['jail_archive']:
# if jail_flags & WARDEN_CREATE_FLAGS_LINUXJAIL:
# jail_flags |= WARDEN_CREATE_FLAGS_LINUXARCHIVE
# else:
# jail_flags |= WARDEN_CREATE_FLAGS_ARCHIVE
if jail_ipv4:
jail_flags |= WARDEN_CREATE_FLAGS_IPV4
jail_create_args['ipv4'] = jail_ipv4
if jail_ipv6:
jail_flags |= WARDEN_CREATE_FLAGS_IPV6
jail_create_args['ipv6'] = jail_ipv6
jail_flags |= WARDEN_CREATE_FLAGS_LOGFILE
jail_flags |= WARDEN_CREATE_FLAGS_SYSLOG
logfile = "%s/warden.log" % jc.jc_path
jail_create_args['logfile'] = logfile
jail_create_args['flags'] = jail_flags
createfile = "/var/tmp/.jailcreate"
try:
cf = open(createfile, "a+")
cf.close()
w.create(**jail_create_args)
except Exception as e:
self.errors['__all__'] = self.error_class([_(e.message)])
if os.path.exists(createfile):
os.unlink(createfile)
return
if os.path.exists(createfile):
os.unlink(createfile)
for key in ('jail_bridge_ipv4', 'jail_bridge_ipv6', \
'jail_defaultrouter_ipv4', 'jail_defaultrouter_ipv6', 'jail_mac'):
jail_set_args = {}
jail_set_args['jail'] = jail_host
jail_flags = WARDEN_FLAGS_NONE
val = self.cleaned_data.get(key, None)
if val:
if key == 'jail_bridge_ipv4':
jail_flags |= WARDEN_SET_FLAGS_BRIDGE_IPV4
jail_set_args['bridge-ipv4'] = val
elif key == 'jail_bridge_ipv6':
jail_flags |= WARDEN_SET_FLAGS_BRIDGE_IPV6
jail_set_args['bridge-ipv6'] = val
elif key == 'jail_defaultrouter_ipv4':
jail_flags |= WARDEN_SET_FLAGS_DEFAULTROUTER_IPV4
jail_set_args['defaultrouter-ipv4'] = val
elif key == 'jail_defaultrouter_ipv6':
jail_flags |= WARDEN_SET_FLAGS_DEFAULTROUTER_IPV6
jail_set_args['defaultrouter-ipv6'] = val
elif key == 'jail_mac':
jail_flags |= WARDEN_SET_FLAGS_MAC
jail_set_args['mac'] = val
jail_set_args['flags'] = jail_flags
try:
w.set(**jail_set_args)
except Exception as e:
self.errors['__all__'] = self.error_class([_(e.message)])
return
jail_nat = self.cleaned_data.get('jail_nat', None)
jail_vnet = self.cleaned_data.get('jail_vnet', None)
jail_set_args = {}
jail_set_args['jail'] = jail_host
jail_flags = WARDEN_FLAGS_NONE
if jail_nat:
jail_flags |= WARDEN_SET_FLAGS_NAT_ENABLE
else:
jail_flags |= WARDEN_SET_FLAGS_NAT_DISABLE
jail_set_args['flags'] = jail_flags
try:
w.set(**jail_set_args)
except Exception as e:
self.errors['__all__'] = self.error_class([_(e.message)])
return
jail_set_args = {}
jail_set_args['jail'] = jail_host
jail_flags = WARDEN_FLAGS_NONE
if jail_vnet:
if (
self.cleaned_data['jail_type'] != WARDEN_TYPE_LINUXJAIL
and
not self.cleaned_data['jail_32bit']
):
jail_flags |= WARDEN_SET_FLAGS_VNET_ENABLE
else:
jail_flags |= WARDEN_SET_FLAGS_VNET_DISABLE
jail_set_args['flags'] = jail_flags
try:
w.set(**jail_set_args)
except Exception as e:
self.errors['__all__'] = self.error_class([_(e.message)])
return
if self.cleaned_data['jail_autostart']:
try:
w.auto(jail=jail_host)
except Exception as e:
self.errors['__all__'] = self.error_class([_(e.message)])
return
try:
w.start(jail=jail_host)
except Exception as e:
self.errors['__all__'] = self.error_class([_(e.message)])
return
def save(self):
try:
jc = JailsConfiguration.objects.order_by("-id")[0]
except Exception as e:
raise MiddlewareError(e.message)
if not jc.jc_path:
raise MiddlewareError(_("No jail root configured."))
jc_ipv4_netmask = 24
if jc.jc_ipv4_network:
parts = jc.jc_ipv4_network.split('/')
if len(parts) > 1:
jc_ipv4_netmask = parts[1]
jc_ipv6_prefix = 64
if jc.jc_ipv6_network:
parts = jc.jc_ipv6_network.split('/')
if len(parts) > 1:
jc_ipv6_prefix = parts[1]
jail_host = self.cleaned_data.get('jail_host')
jail_ipv4 = self.cleaned_data.get('jail_ipv4')
jail_ipv4_netmask = self.cleaned_data.get('jail_ipv4_netmask', jc_ipv4_netmask)
jail_ipv6 = self.cleaned_data.get('jail_ipv6')
jail_ipv6_prefix = self.cleaned_data.get('jail_ipv6_prefix', jc_ipv6_prefix)
jail_flags = WARDEN_FLAGS_NONE
jail_create_args = {}
jail_create_args['jail'] = jail_host
w = Warden()
# if self.cleaned_data['jail_source']:
# jail_flags |= WARDEN_CREATE_FLAGS_SRC
# if self.cleaned_data['jail_ports']:
# jail_flags |= WARDEN_CREATE_FLAGS_PORTS
if self.cleaned_data['jail_vanilla']:
jail_flags |= WARDEN_CREATE_FLAGS_VANILLA
template_create_args = {}
jail_type = self.cleaned_data['jail_type']
template = JailTemplate.objects.get(jt_name=jail_type)
template_create_args['nick'] = template.jt_name
template_create_args['tar'] = template.jt_url
template_create_args['flags'] = WARDEN_TEMPLATE_FLAGS_CREATE | \
WARDEN_TEMPLATE_CREATE_FLAGS_NICK | \
WARDEN_TEMPLATE_CREATE_FLAGS_TAR
saved_template = template
template = None
template_list_flags = {}
template_list_flags['flags'] = WARDEN_TEMPLATE_FLAGS_LIST
templates = w.template(**template_list_flags)
for t in templates:
if t['nick'] == template_create_args['nick']:
template = t
break
createfile = "/var/tmp/.templatecreate"
if not template:
try:
cf = open(createfile, "a+")
cf.close()
w.template(**template_create_args)
except Exception as e:
self.errors['__all__'] = self.error_class([_(e.message)])
if os.path.exists(createfile):
os.unlink(createfile)
return
template_list_flags = {}
template_list_flags['flags'] = WARDEN_TEMPLATE_FLAGS_LIST
templates = w.template(**template_list_flags)
for t in templates:
if t['nick'] == template_create_args['nick']:
template = t
break
if not template:
self.errors['__all__'] = self.error_class([
_('Unable to find template!')
])
return
if template['type'] == 'Linux':
jail_flags |= WARDEN_CREATE_FLAGS_LINUXJAIL
if template['arch'] == 'i386' and self.arch == 'x64':
jail_flags |= WARDEN_CREATE_FLAGS_32BIT
jail_flags |= WARDEN_CREATE_FLAGS_TEMPLATE
jail_create_args['template'] = template_create_args['nick']
if jail_ipv4:
jail_flags |= WARDEN_CREATE_FLAGS_IPV4
jail_create_args['ipv4'] = "%s/%s" % (
jail_ipv4, jail_ipv4_netmask
)
if jail_ipv6:
jail_flags |= WARDEN_CREATE_FLAGS_IPV6
jail_create_args['ipv6'] = "%s/%s" % (
jail_ipv6, jail_ipv6_prefix
)
jail_flags |= WARDEN_CREATE_FLAGS_LOGFILE
jail_flags |= WARDEN_CREATE_FLAGS_SYSLOG
jail_create_args['logfile'] = self.logfile
jail_create_args['flags'] = jail_flags
createfile = "/var/tmp/.jailcreate"
try:
cf = open(createfile, "a+")
cf.close()
w.create(**jail_create_args)
except Exception as e:
self.errors['__all__'] = self.error_class([_(e.message)])
if os.path.exists(createfile):
os.unlink(createfile)
return
if os.path.exists(createfile):
os.unlink(createfile)
for key in (
'jail_bridge_ipv4', 'jail_bridge_ipv6', 'jail_defaultrouter_ipv4',
'jail_defaultrouter_ipv6', 'jail_mac'
):
jail_set_args = {}
jail_set_args['jail'] = jail_host
jail_flags = WARDEN_FLAGS_NONE
val = self.cleaned_data.get(key, None)
if val:
if key == 'jail_bridge_ipv4':
mask = self.cleaned_data.get('jail_bridge_ipv4_netmask', jc_ipv4_netmask)
jail_flags |= WARDEN_SET_FLAGS_BRIDGE_IPV4
jail_set_args['bridge-ipv4'] = "%s/%s" % (val, mask)
elif key == 'jail_bridge_ipv6':
prefix = self.cleaned_data.get('jail_bridge_ipv6_prefix', jc_ipv6_prefix)
jail_flags |= WARDEN_SET_FLAGS_BRIDGE_IPV6
jail_set_args['bridge-ipv6'] = "%s/%s" % (val, prefix)
elif key == 'jail_defaultrouter_ipv4':
jail_flags |= WARDEN_SET_FLAGS_DEFAULTROUTER_IPV4
jail_set_args['defaultrouter-ipv4'] = val
elif key == 'jail_defaultrouter_ipv6':
jail_flags |= WARDEN_SET_FLAGS_DEFAULTROUTER_IPV6
jail_set_args['defaultrouter-ipv6'] = val
elif key == 'jail_mac':
jail_flags |= WARDEN_SET_FLAGS_MAC
jail_set_args['mac'] = val
jail_set_args['flags'] = jail_flags
try:
w.set(**jail_set_args)
except Exception as e:
self.errors['__all__'] = self.error_class([_(e.message)])
return
jail_nat = self.cleaned_data.get('jail_nat', None)
jail_vnet = self.cleaned_data.get('jail_vnet', None)
jail_set_args = {}
jail_set_args['jail'] = jail_host
jail_flags = WARDEN_FLAGS_NONE
if jail_nat:
jail_flags |= WARDEN_SET_FLAGS_NAT_ENABLE
else:
jail_flags |= WARDEN_SET_FLAGS_NAT_DISABLE
jail_set_args['flags'] = jail_flags
try:
w.set(**jail_set_args)
except Exception as e:
self.errors['__all__'] = self.error_class([_(e.message)])
return
jail_set_args = {}
jail_set_args['jail'] = jail_host
jail_flags = WARDEN_FLAGS_NONE
if jail_vnet:
# XXXX if NOT LINUX XXXX (revisit this)
if (saved_template.jt_arch != 'x86' and saved_template.jt_os != 'Linux'):
jail_flags |= WARDEN_SET_FLAGS_VNET_ENABLE
else:
jail_flags |= WARDEN_SET_FLAGS_VNET_DISABLE
jail_set_args['flags'] = jail_flags
try:
w.set(**jail_set_args)
except Exception as e:
self.errors['__all__'] = self.error_class([_(e.message)])
return
if self.cleaned_data['jail_autostart']:
try:
w.auto(jail=jail_host)
except Exception as e:
self.errors['__all__'] = self.error_class([_(e.message)])
return
try:
w.start(jail=jail_host)
except Exception as e:
self.errors['__all__'] = self.error_class([_(e.message)])
return
def save(self):
jc = self.jc
if not jc.jc_path:
raise MiddlewareError(_("No jail root configured."))
jc_ipv4_netmask = 24
if jc.jc_ipv4_network:
parts = jc.jc_ipv4_network.split("/")
if len(parts) > 1:
jc_ipv4_netmask = parts[1]
jc_ipv6_prefix = 64
if jc.jc_ipv6_network:
parts = jc.jc_ipv6_network.split("/")
if len(parts) > 1:
jc_ipv6_prefix = parts[1]
jail_host = self.cleaned_data.get("jail_host")
jail_ipv4_dhcp = self.cleaned_data.get("jail_ipv4_dhcp")
jail_ipv4 = self.cleaned_data.get("jail_ipv4")
jail_ipv4_netmask = self.cleaned_data.get("jail_ipv4_netmask", jc_ipv4_netmask)
jail_ipv6_autoconf = self.cleaned_data.get("jail_ipv6_autoconf")
jail_ipv6 = self.cleaned_data.get("jail_ipv6")
jail_ipv6_prefix = self.cleaned_data.get("jail_ipv6_prefix", jc_ipv6_prefix)
jail_flags = WARDEN_FLAGS_NONE
jail_flags |= WARDEN_CREATE_FLAGS_VANILLA
jail_create_args = {}
jail_create_args["jail"] = jail_host
w = Warden()
template_create_args = {}
jail_type = self.cleaned_data["jail_type"]
if not jail_type:
jail_type = "standard"
template = JailTemplate.objects.get(jt_name=jail_type)
template_create_args["nick"] = template.jt_name
template_create_args["tar"] = template.jt_url
template_create_args["flags"] = (
WARDEN_TEMPLATE_FLAGS_CREATE | WARDEN_TEMPLATE_CREATE_FLAGS_NICK | WARDEN_TEMPLATE_CREATE_FLAGS_TAR
)
if template.jt_mtree:
template_create_args["mtree"] = template.jt_mtree
template_create_args["flags"] = template_create_args["flags"] | WARDEN_TEMPLATE_CREATE_FLAGS_MTREE
saved_template = template
template = None
template_list_flags = {}
template_list_flags["flags"] = WARDEN_TEMPLATE_FLAGS_LIST
templates = w.template(**template_list_flags)
for t in templates:
if t["nick"] == template_create_args["nick"]:
template = t
break
createfile = "/var/tmp/.templatecreate"
if not template:
try:
cf = open(createfile, "a+")
cf.close()
w.template(**template_create_args)
except Exception as e:
self.errors["__all__"] = self.error_class([_(e.message)])
if os.path.exists(createfile):
os.unlink(createfile)
return
template_list_flags = {}
template_list_flags["flags"] = WARDEN_TEMPLATE_FLAGS_LIST
templates = w.template(**template_list_flags)
for t in templates:
if t["nick"] == template_create_args["nick"]:
template = t
break
if not template:
self.errors["__all__"] = self.error_class([_("Unable to find template!")])
return
if template["type"] == "Linux":
jail_flags |= WARDEN_CREATE_FLAGS_LINUXJAIL
if template["arch"] == "i386" and self.arch == "x64":
jail_flags |= WARDEN_CREATE_FLAGS_32BIT
jail_flags |= WARDEN_CREATE_FLAGS_TEMPLATE
jail_create_args["template"] = template_create_args["nick"]
if jail_ipv4_dhcp:
jail_ipv4 = "DHCP"
if jail_ipv4:
if jail_ipv4 != "DHCP":
jail_ipv4 = "%s/%s" % (jail_ipv4, jail_ipv4_netmask)
jail_flags |= WARDEN_CREATE_FLAGS_IPV4
jail_create_args["ipv4"] = jail_ipv4
if jail_ipv6_autoconf:
jail_ipv6 = "AUTOCONF"
if jail_ipv6:
if jail_ipv6 != "AUTOCONF":
jail_ipv6 = "%s/%s" % (jail_ipv6, jail_ipv6_prefix)
jail_flags |= WARDEN_CREATE_FLAGS_IPV6
jail_create_args["ipv6"] = jail_ipv6
jail_flags |= WARDEN_CREATE_FLAGS_LOGFILE
jail_flags |= WARDEN_CREATE_FLAGS_SYSLOG
jail_create_args["logfile"] = self.logfile
jail_create_args["flags"] = jail_flags
createfile = "/var/tmp/.jailcreate"
try:
cf = open(createfile, "a+")
cf.close()
w.create(**jail_create_args)
except Exception as e:
self.errors["__all__"] = self.error_class([_(e.message)])
if os.path.exists(createfile):
os.unlink(createfile)
return
if os.path.exists(createfile):
os.unlink(createfile)
for key in (
"jail_bridge_ipv4",
"jail_bridge_ipv6",
"jail_defaultrouter_ipv4",
"jail_defaultrouter_ipv6",
"jail_mac",
"jail_iface",
"jail_flags",
):
jail_set_args = {}
jail_set_args["jail"] = jail_host
jail_flags = WARDEN_FLAGS_NONE
val = self.cleaned_data.get(key, None)
if val:
if key == "jail_bridge_ipv4":
mask = self.cleaned_data.get("jail_bridge_ipv4_netmask", jc_ipv4_netmask)
jail_flags |= WARDEN_SET_FLAGS_BRIDGE_IPV4
jail_set_args["bridge-ipv4"] = "%s/%s" % (val, mask)
elif key == "jail_bridge_ipv6":
prefix = self.cleaned_data.get("jail_bridge_ipv6_prefix", jc_ipv6_prefix)
jail_flags |= WARDEN_SET_FLAGS_BRIDGE_IPV6
jail_set_args["bridge-ipv6"] = "%s/%s" % (val, prefix)
elif key == "jail_defaultrouter_ipv4":
jail_flags |= WARDEN_SET_FLAGS_DEFAULTROUTER_IPV4
jail_set_args["defaultrouter-ipv4"] = val
elif key == "jail_defaultrouter_ipv6":
jail_flags |= WARDEN_SET_FLAGS_DEFAULTROUTER_IPV6
jail_set_args["defaultrouter-ipv6"] = val
elif key == "jail_mac":
jail_flags |= WARDEN_SET_FLAGS_MAC
jail_set_args["mac"] = val
elif key == "jail_iface":
jail_flags |= WARDEN_SET_FLAGS_IFACE
jail_set_args["iface"] = val
elif key == "jail_flags":
jail_flags |= WARDEN_SET_FLAGS_FLAGS
jail_set_args["jflags"] = val
jail_set_args["flags"] = jail_flags
try:
w.set(**jail_set_args)
except Exception as e:
self.errors["__all__"] = self.error_class([_(e.message)])
return
jail_nat = self.cleaned_data.get("jail_nat", None)
jail_vnet = self.cleaned_data.get("jail_vnet", None)
if jc.jc_ipv4_dhcp or jc.jc_ipv6_autoconf:
jail_vnet = True
jail_set_args = {}
jail_set_args["jail"] = jail_host
jail_flags = WARDEN_FLAGS_NONE
if jail_nat:
jail_flags |= WARDEN_SET_FLAGS_NAT_ENABLE
else:
jail_flags |= WARDEN_SET_FLAGS_NAT_DISABLE
jail_set_args["flags"] = jail_flags
try:
w.set(**jail_set_args)
except Exception as e:
self.errors["__all__"] = self.error_class([_(e.message)])
return
jail_set_args = {}
jail_set_args["jail"] = jail_host
jail_flags = WARDEN_FLAGS_NONE
if jail_vnet:
# XXXX if NOT LINUX XXXX (revisit this)
if saved_template.jt_arch != "x86" and saved_template.jt_os != "Linux":
jail_flags |= WARDEN_SET_FLAGS_VNET_ENABLE
else:
jail_flags |= WARDEN_SET_FLAGS_VNET_DISABLE
jail_set_args["flags"] = jail_flags
try:
w.set(**jail_set_args)
except Exception as e:
self.errors["__all__"] = self.error_class([_(e.message)])
return
if self.cleaned_data["jail_autostart"]:
try:
w.auto(jail=jail_host)
except Exception as e:
self.errors["__all__"] = self.error_class([_(e.message)])
return
try:
w.start(jail=jail_host)
except Exception as e:
self.errors["__all__"] = self.error_class([_(e.message)])
return
