def change_net(network, netmask, ccd, fn_ips, ipv6): if ipv6: option = "ifconfig-ipv6-push" appendix = "/" + network.split('/')[1] + "\n" else: option = "ifconfig-push" appendix = " " + netmask + "\n" ip_map_new = [] listener.setuid(0) lo = ul.getMachineConnection() users = lo.search('univentionOpenvpnAccount=1') listener.unsetuid() users = map(lambda user: user[1].get('uid', [None])[0], users) for name in users: ip_new = generate_ip(network, ip_map_new) ip_map_new.append((name, ip_new)) # write entry in ccd cc = univention_openvpn_common.load_rc(3, ccd + name + ".openvpn") if cc is None: cc = [] else: cc = [x for x in cc if not re.search(option, x)] cc.append(option + " " + ip_new + appendix) univention_openvpn_common.write_rc(3, cc, ccd + name + ".openvpn") univention_openvpn_common.write_ip_map(3, ip_map_new, fn_ips)
listener.setuid(0) #ucr = ConfigRegistry() #ucr.load() if portold: ucr.handler_unset(['security/packetfilter/package/univention-openvpn-server/udp/'+portold+'/all']) if portnew and 'univentionOpenvpnActive' in new: ucr.handler_set(['security/packetfilter/package/univention-openvpn-server/udp/'+portnew+'/all=ACCEPT']) listener.unsetuid() ccd = '/etc/openvpn/ccd-' + portnew + '/' fn_ips = '/etc/openvpn/ips-' + portnew fn_ipsv6 = '/etc/openvpn/ipsv6-' + portnew # write new server config flist = univention_openvpn_common.load_rc(3, fn_serverconf) flist = [x for x in flist if not re.search("port", x) and not re.search('push "redirect-gateway', x) and not re.search("duplicate-cn", x) and not re.search("server", x) and not re.search("server-ipv6", x) and not re.search("client-config-dir", x) and not re.search("proto", x) and not re.search("plugin", x)] flist.append("port %s\n" % portnew) network = new.get('univentionOpenvpnNet', [None])[0] if not network: ud.debug(ud.LISTENER, ud.INFO, '3 Missing params, skipping actions') action = None return # invalid config, skip ipnw = netaddr.IPNetwork(network) if ipnw.size == 1: netmask = '255.255.255.0' network = str(ipnw.network) + "/24" else:
portold = old.get('univentionOpenvpnSitetoSitePort', [None])[0] portnew = new.get('univentionOpenvpnSitetoSitePort', [None])[0] if portold is not portnew: listener.setuid(0) #ucr.ConfigRegistry().load() #ucr.load() if portold: ucr.handler_unset(['security/packetfilter/package/univention-openvpn-sitetosite/udp/'+portold+'/all']) if portnew and 'univentionOpenvpnSitetoSiteActive' in new: ucr.handler_set(['security/packetfilter/package/univention-openvpn-sitetosite/udp/'+portnew+'/all=ACCEPT']) listener.unsetuid() # write new sitetosite config flist = univention_openvpn_common.load_rc(5, fn_sitetositeconf) flist = [x for x in flist if not re.search("remote", x) and not re.search("port", x) and not re.search("ifconfig", x)] flist.append("port %s\n" % portnew) remote = new.get('univentionOpenvpnRemote', [None])[0] flist.append("remote %s\n" % remote) localaddress = new.get('univentionOpenvpnLocalAddress', [None])[0] remoteaddress = new.get('univentionOpenvpnRemoteAddress', [None])[0] flist.append("ifconfig %s %s\n" % (localaddress, remoteaddress)) secret = new.get('univentionOpenvpnSecret', [None])[0] #ud.debug(ud.LISTENER, ud.INFO, '5 secret: %s' % (secret)) univention_openvpn_common.write_rc(5, [secret] if secret else [''], fn_secret)