def __init__(self, client, parent):
ScrollArea.__init__(self)
if not EDENWALL:
message_area = MessageArea()
message_area.critical(
"nuFirewall",
tr(
"This EAS version does not support the Activation Key frontend but it seems that your appliance does. "
"Please check if another EAS version is available."
)
)
self.setWidget(message_area)
return
self.client = client
self.mainwindow = parent
self._modified = False
self.error_message = ''
self._not_modifying = True
try:
self.ID = self.client.call("license", 'getID')
except RpcdError:
self.__disable("Could not fetch activation key info")
self.buildInterface()
self.getValidLicenses()
def _mkMsgArea(self):
msg_area = MessageArea()
warning_title = tr('Last warning')
warning_message = tr("The restoration process will <b>completely "
"delete</b> the current configuration of the appliance and "
"replace it with the configuration supplied in the next step.")
msg_area.setMessage(warning_title, warning_message, status='warning')
msg_area.setWidth(65)
return msg_area
def __setupgui(self, description):
msg = MessageArea()
msg.setMessage(
tr('About this authentication method'),
description,
'info'
)
msg.setWidth(65)
self.form.addRow(msg)
def __disable(self, title, message):
if self.__disabled:
return
message_area = MessageArea()
message_area.setMessage(
title,
message,
"critical"
)
self.setWidget(message_area)
self.__disabled = True
def buildInterface(self, config):
#<server uri>
self.uri = QLineEdit()
self.texts.add(self.uri)
self.connect(self.uri, SIGNAL('textChanged(QString)'), self.setUri)
self.connect(self.uri, SIGNAL('textChanged(QString)'), self.signalModified)
self.connect(self.uri, SIGNAL('textEdited(QString)'), self.helpURI)
self.connect(self.uri, SIGNAL('editingFinished()'), self.noHelpURI)
self.connect(self.uri, SIGNAL('editingFinished()'), self.updateUri)
self.form.addRow(tr('LDAP Server(s) uri'), self.uri)
self.uri.setToolTip(help_uri_tooltip)
self.connect(self.uri, SIGNAL('returnPressed()'), self.signalModified)
self.uri_message_area = MessageArea()
self.empty_uri_label = QLabel()
self.form.addRow(self.empty_uri_label, self.uri_message_area)
self.empty_uri_label.hide()
self.uri_message_area.hide()
self.uri_message_area.setMessage(help_uri_title, help_uri_message_area)
self.numeric_uri_warning = MessageArea()
empty = QLabel()
self.form.addRow(empty, self.numeric_uri_warning)
empty.hide()
self.numeric_uri_warning.hide()
self.numeric_uri_warning.warning(numeric_warning_title, numeric_warning)
self.numeric_uri_warning.setWidth(60)
#</server uri>
#<other fields>
for args in self._genTextFieldsData():
text_input = self.addTextInput(*args[1:])
setattr(self, args[0], text_input)
self.connect(text_input, SIGNAL('editingFinished(QString)'), self.valid)
#</other fields>
self.ssl_box = self.mkSslBox()
self.connect(self.ssl_box, SIGNAL('toggled(bool)'), self.toggleSsl)
self.form.addRow(self.ssl_box)
self.form.addRow(separator())
test_widget = QPushButton(tr("Test this configuration"))
self.form.addRow("", test_widget)
test_widget.connect(test_widget, SIGNAL('clicked()'), self.test_ldap)
def resetConf(self):
self.dhcpcfg = self.fetchCfg()
if self.dhcpcfg is None:
self._clearWidgets()
msg_area = MessageArea()
msg_area.setMessage(
tr("Problem loading the network or dhcp configuration!"),
tr("A problem occured while loading the network "
"or dhcp config from the appliance!"),
"critical"
)
self.layout().insertRow(2, msg_area)
self.enable.setEnabled(False)
self.add_button.setEnabled(False)
else:
self.fillView()
self._modified = False
def _disable(self, title, message, main_message):
if self._module_disabled:
#already done
return
self._module_disabled = True
msg = MessageArea()
msg.setMessage(
title,
message,
"critical"
)
msg.setWidth(65)
self.setWidget(msg)
self.mainwindow.addToInfoArea(
main_message
)
self.setWidgetResizable(True)
def __init__(self, client, parent=None):
ScrollArea.__init__(self)
self.client = client
self.mainwindow = parent
self._modified = False
self.cfg = {}
self.host_loaded = False
self.resolv_loaded = False
self._can_edit_hostname = True
self.qhostnamecfg = QHostnameObject.getInstance()
self.qresolvcfg = QResolvObject.getInstance()
main_widget = QWidget()
self.setWidget(main_widget)
self.setWidgetResizable(True)
self.form = QFormLayout(main_widget)
self.form.addRow(QLabel("<h1>%s</h1>" % tr('Hostname')))
host_box = self.mkHostBox()
self.form.addRow(host_box)
self.form.addItem(
QSpacerItem(1, 1, QSizePolicy.Minimum, QSizePolicy.Expanding)
)
self.form.addRow(QLabel("<h1>%s</h1>" % tr('DNS')))
self.dns1 = self.addField(tr("Server 1"), IpEdit)
self.dns2_label = QLabel(tr("Server 2"))
self.dns2 = self.addField(self.dns2_label, IpEdit)
self.form.addRow(QLabel("<h1>%s</h1>" % tr('Active configuration test')))
self.test_group = _mkTestGroup()
self.form.addRow(self.test_group)
self.connect(self.test_group.test_button, SIGNAL('clicked()'), self.full_test)
self.mainwindow.writeAccessNeeded(
self.dns1,
self.dns2,
self.edit_hostname,
self.edit_domain
)
self.message = MessageArea()
self.message.setWidth(80)
self.error_message = ''
self.form.addRow(self.message)
self.resetConf()
if not self.host_loaded and not self.resolv_loaded:
raise NuConfModuleDisabled
if self.resolv_loaded:
self._connectsignals()
def __init__(self, client, parent):
ScrollArea.__init__(self)
self.mainwindow = parent
self._modified = False
self.q_netobject = QNetObject.getInstance()
self.connect(self.q_netobject, SIGNAL('cancelled'), self.resetConf)
box_layout = QVBoxLayout(self)
title = QLabel("<H1>%s</H1>" % tr("Routed networks"))
box_layout.addWidget(title)
if self.q_netobject.netcfg is None:
debug("Routes can not load: no netcfg loaded")
msg_area = MessageArea()
msg_area.setMessage(
tr("Routes not loaded"),
tr("Could not get networking information from the appliance"),
"critical"
)
box_layout.addWidget(msg_area)
box_layout.addStretch()
return
self.ifaces_frontend = parent.widgets['Network']
self.connect(self.ifaces_frontend, SIGNAL('modified'), self.resetConf)
# TODO write useful routesList.setEditBoxDescription('') (used when a route is modified)
self.routesList = ListEdit()
self.routesList.headers = [self.tr('Destination'), self.tr('Gateway'), 'Interfaces']
# Interfaces column is hidden
self.routesList.hideColumn(2)
self.routesList.readOnly = self.mainwindow.readonly
self.routesList.displayUpDown = False
self.routesList.editInPopup = True
self.routesList.setColDelegate(self.createDelegateForColumn)
self.routesList.setEditBox(self.createWizard)
self.mainwindow.writeAccessNeeded(self.routesList)
self.connect(self.routesList, SIGNAL('itemDeleted'), self.routeDeleted)
self.connect(self.routesList, SIGNAL('itemAdded'), self.routeAdded)
self.connect(self.routesList, SIGNAL('itemModified'), self.routeModified)
box_layout.addWidget(self.routesList)
self.resetConf()
def mkSslBox(self):
group = QGroupBox(tr("Check server certificate"))
group.setCheckable(True)
box = QVBoxLayout(group)
#id 0
nupki = QRadioButton(tr("Upload certificate"))
#id 1
custom = QRadioButton(tr("Use an internal PKI"))
hbox = QHBoxLayout()
box.addLayout(hbox)
self.nupki_or_custom = QButtonGroup()
self.connect(self.nupki_or_custom, SIGNAL('buttonClicked(int)'), self.toggleCustomOrNupki)
for index, radio in enumerate((custom, nupki)):
hbox.addWidget(radio)
self.nupki_or_custom.addButton(radio, index)
self.file_selector_widget = QWidget()
vbox = QVBoxLayout(self.file_selector_widget)
selector_label = QLabel(tr("Manually uploaded LDAP certificate"))
vbox.addWidget(selector_label)
add_cert_trigger = AddButton(text=tr("Upload a certificate"))
vbox.addWidget(add_cert_trigger)
vbox.addWidget(separator())
self.has_cert_message = QLabel(
tr("There is no manually uploaded server certificate")
)
self.del_cert = RemButton(
tr("Delete certificate file from server")
)
vbox.addWidget(self.has_cert_message)
vbox.addWidget(self.del_cert)
self.connect(add_cert_trigger, SIGNAL('clicked()'), self.upload_server_cert)
self.connect(self.del_cert, SIGNAL('clicked()'), self.delete_server_cert)
self.nupki_message = MessageArea()
self.nupki_message.setMessage(tr("Warning"),
tr(
"There is no server certificate in the internal PKI.<br/>"
"Please import or generate one using an internal PKI."
)
)
for anti_button, widget in ((custom, self.nupki_message), (nupki, self.file_selector_widget)):
box.addWidget(widget)
self.connect(anti_button, SIGNAL('toggled(bool)'), widget.setVisible)
self.selectCustomOrNupki(CUSTOM)
return group
def buildInterface(self, config):
fqdn_tooltip = tr("IP address, FQDN or Hostname")
self.controller_ip = QLineEdit()
self.texts.add(self.controller_ip)
self.connect(self.controller_ip, SIGNAL('textChanged(QString)'), self.setControllerIp)
self.form.addRow(tr('Authentication server'), self.controller_ip)
self.controller_ip.setToolTip(help_ps_tooltip)
self.connect(self.controller_ip, SIGNAL('returnPressed()'), self.signalModified)
self.ps_message_area = MessageArea()
self.empty_ps_label = QLabel()
self.form.addRow(self.empty_ps_label, self.ps_message_area)
self.empty_ps_label.hide()
self.ps_message_area.hide()
self.ps_message_area.setMessage(help_ps_title, help_ps_message_area)
self.wins_ip = IpOrHostnameOrFqdnEdit(accept_empty=True)
self.texts.add(self.wins_ip)
self.connect(self.wins_ip, SIGNAL('textChanged(QString)'), self.setWinsIp)
self.form.addRow(tr('WINS server (optional)'), self.wins_ip)
self.wins_ip.setToolTip(
"%s\n%s" % (
fqdn_tooltip, tr("This field is useful if the AD and EdenWall appliances don't share the same subnet")
)
)
self.connect(self.wins_ip, SIGNAL('returnPressed()'), self.signalModified)
for args in (
('domain', tr('Active Directory Domain'), self.setDomain),
('dns_domain', tr('Active Directory DNS Domain (if different from the AD domain)'), self.setDNSDomain),
('workgroup', tr('Workgroup (optional)'), self.setWorkgroup)
):
setattr(self, args[0], self.addTextInput(*args[1:]))
#flagWriteAccess(text_input)
self.netbios_name = QLabel()
self.form.addRow(tr("Netbios name"), self.netbios_name)
for args in (
('user', tr('Name used to join the domain'), self.setUser),
('password', tr('Password used to join the domain'), self.setPassword, False)
):
setattr(self, args[0], self.addTextInput(*args[1:]))
#flagWriteAccess(text_input)
#flagWriteAccess(password_server)
self.connect(self.controller_ip, SIGNAL('textEdited(QString)'), self.helpPS)
self.connect(self.controller_ip, SIGNAL('editingFinished()'), self.noHelpPS)
self.ad_status = ADStatus()
self.form.addRow('', self.ad_status)
def __init__(self, vlan=None, raw_device=None, parent=None):
QFrame.__init__(self, parent)
self.q_netobject = QNetObject.getInstance()
self.vlan = vlan
layout = QFormLayout(self)
self.raw_device = RawDeviceChoice(self.q_netobject.netcfg, vlan=vlan)
layout.addRow(
self.tr("Physical interface"),
self.raw_device
)
self.vlan_id = VlanIdInput()
layout.addRow(
self.tr("ID:"),
self.vlan_id
)
self.name = QLineEdit()
layout.addRow(
self.tr("Name:"),
self.name
)
if vlan is not None:
self.original_interface = vlan.raw_device
self._name_edited = vlan.user_label != vlan.system_name
self.name.setText(vlan.user_label)
raw_device = vlan.raw_device
self.vlan_id.setText(unicode(vlan.id))
else:
self.original_interface = None
#will be set at true when we don't need to calculate self.name anymore
self._name_edited = False
self.computeName()
self.connect(self.vlan_id, SIGNAL('textEdited(QString)'), self.computeName)
self.connect(self.name, SIGNAL('textEdited(QString)'), self.nameCustomized)
self.connect(self.raw_device, SIGNAL('currentIndexChanged(int)'), self.computeName)
self.message = MessageArea()
layout.addRow(self.message)
# for input in (self.name, self.vlan_id):
# self.connect(input, SIGNAL('editingFinished()'), self.isValid)
self.isValid()
#configure
if raw_device is not None:
self.raw_device.setSelection(raw_device)
def __init__(self, parent):
QWizardPage.__init__(self, parent)
layout = QFormLayout(self)
config = QHAObject.getInstance().hacfg
self.setTitle(tr("High Availability Configuration"))
self.ha_type = QComboBox() # primary / secondary
self.ha_type.addItem(tr('Disabled'), QVariant(ENOHA))
self.ha_type.addItem(tr('Primary'), QVariant(PENDING_PRIMARY))
self.ha_type.addItem(tr('Secondary'), QVariant(PENDING_SECONDARY))
index = self.ha_type.findData(QVariant(config.ha_type))
self.ha_type.setCurrentIndex(index)
layout.addRow(tr('Status of this cluster member:'), self.ha_type)
self.registerField('type', self.ha_type)
self.interface = InterfaceChoice(self.selectInterface, self)
self.label_interface = QLabel(tr('Interface'))
layout.addRow(self.label_interface, self.interface)
self.registerField('interface', self.interface)
self.connect(self.ha_type, SIGNAL('currentIndexChanged(int)'), self.toggleType)
self.toggleType(index)
if config.ha_type != ENOHA:
message = tr("'%s' already configured as '%s'.") % (config.interface_id,
config.ha_type)
message += '<br />'
message += tr("The configuration for this interface will be cleared.")
warning_message = MessageArea()
warning_message.setMessage(tr("Warning"), message,
status=MessageArea.WARNING)
layout.addRow(warning_message)
def __init__(self, interface, net=None, parent=None):
QFrame.__init__(self, parent)
self.interface = None
self.interface_label = QLabel()
self.interface_label.setTextFormat(Qt.RichText)
self.setInterface(interface)
#synonym for "inside a wizard"
self.new = net is None
if self.new:
net = Net("", IP("0.0.0.0"))
self.net = net
self.setWindowTitle(tr("Editing network %s") % self.net.label)
self.net_ip = NetworkEdit(self, accept_empty=False)
net_ip_text = "" if self.new else unicode(self.net.net)
self.net_ip.setText(net_ip_text)
self.ip_addrs = NetIpListEdit(self.net)
self.inputs = (self.net_ip, self.ip_addrs)
self.net_label = OptionnalLine(value=self.net.label, hint=tr('network label'))
self.net_label.setWhatsThis("<h3>%s</h3>" % tr('Enter a label for this network'))
self.message_area = MessageArea()
self.message_area.setWordWrap()
form = QFormLayout(self)
form.addRow(tr("Supporting interface"), self.interface_label)
form.addRow(tr("Network address"), self.net_ip)
form.addRow(tr("IP addresses on this network"), self.ip_addrs)
form.addRow(tr("Network label"), self.net_label)
form.addRow(self.message_area)
for item in self.inputs + (self.net_label,):
self.connect(item, SIGNAL('editing done'), self.isValid)
self.connect(self.net_label, SIGNAL("textChanged(QString)"), self.changeTitle)
class NetFrame(QFrame):
def __init__(self, interface, net=None, parent=None):
QFrame.__init__(self, parent)
self.interface = None
self.interface_label = QLabel()
self.interface_label.setTextFormat(Qt.RichText)
self.setInterface(interface)
#synonym for "inside a wizard"
self.new = net is None
if self.new:
net = Net("", IP("0.0.0.0"))
self.net = net
self.setWindowTitle(tr("Editing network %s") % self.net.label)
self.net_ip = NetworkEdit(self, accept_empty=False)
net_ip_text = "" if self.new else unicode(self.net.net)
self.net_ip.setText(net_ip_text)
self.ip_addrs = NetIpListEdit(self.net)
self.inputs = (self.net_ip, self.ip_addrs)
self.net_label = OptionnalLine(value=self.net.label, hint=tr('network label'))
self.net_label.setWhatsThis("<h3>%s</h3>" % tr('Enter a label for this network'))
self.message_area = MessageArea()
self.message_area.setWordWrap()
form = QFormLayout(self)
form.addRow(tr("Supporting interface"), self.interface_label)
form.addRow(tr("Network address"), self.net_ip)
form.addRow(tr("IP addresses on this network"), self.ip_addrs)
form.addRow(tr("Network label"), self.net_label)
form.addRow(self.message_area)
for item in self.inputs + (self.net_label,):
self.connect(item, SIGNAL('editing done'), self.isValid)
self.connect(self.net_label, SIGNAL("textChanged(QString)"), self.changeTitle)
def setInterface(self, interface):
self.interface = interface
if interface is None:
name = tr("unset")
else:
name = interface.fullName()
self.interface_label.setText("<i>%s</i>" % name)
def changeTitle(self, *args):
"""
just discarding args after 'self'
"""
self.emit(SIGNAL('change title'), unicode(self.net_label.value()).strip())
@validator
def _validNetIp(self):
ok, msg = self.net_ip.isValidWithMsg()
if not ok:
err = "Network address field is incorrectly specified:<br/>%s"
return False, tr(err) % msg
return True, None
@validator
def _validIpAddrs(self):
ok, msg = self.ip_addrs.isValidWithMsg(accept_empty=True)
if not ok:
#investigate
try:
self.ip_addrs.values()
except InputException, err:
return False, err.args[0]
error_message = tr("IP addresses are incorrectly specified:")
error_message += "<br/>%s" % msg
return False, error_message
return True, None
class IdsIpsFrontend(ScrollArea):
COMPONENT = 'ids_ips'
LABEL = tr('IDS/IPS')
REQUIREMENTS = ('ids_ips',)
ICON = ':/icons/monitoring.png'
def __init__(self, client, parent):
ScrollArea.__init__(self)
if not EDENWALL:
raise NuConfModuleDisabled("idsips")
self.client = client
self.mainwindow = parent
self._modified = False
self.error_message = ''
self._not_modifying = True
self.config = None
self.resetConf(no_interface=True)
self.buildInterface()
self.updateView()
@staticmethod
def get_calls():
"""
services called by initial multicall
"""
return (("ids_ips", 'getIdsIpsConfig'),)
def setModified(self):
if self._modified or self._not_modifying:
return
self._modified = True
self.emit(SIGNAL('modified'))
self.mainwindow.setModified(self)
def mkCheckBox(self, title):
checkbox = QCheckBox(title)
self.connect(checkbox, SIGNAL('stateChanged(int)'), self.setModified)
return checkbox
def buildInterface(self):
frame = QFrame()
grid = QGridLayout(frame)
self.setWidget(frame)
self.setWidgetResizable(True)
title = u'<h1>%s</h1>' % self.tr('Intrusion detection/prevention system')
grid.addWidget(QLabel(title), 0, 0, 1, 2) #fromrow, fromcol, rowspan, colspan
self.activation_box = self.mkCheckBox(tr('Enable IDS-IPS'))
self.connect(self.activation_box, SIGNAL('stateChanged(int)'), self.config.setEnabled)
grid.addWidget(self.activation_box, 1, 0)
alerts, sub_form = mkGroupBox(tr('Alerts (IDS)'))
self.alert_threshold = QDoubleSpinBox()
sub_form.addRow(tr('Threshold for rule selection'), self.alert_threshold)
self.connect(self.alert_threshold, SIGNAL('valueChanged(double)'),
self.setAlertThreshold)
self.connect(self.alert_threshold, SIGNAL('valueChanged(double)'), self.setModified)
self.threshold_message = QLabel()
self.threshold_message.setWordWrap(True)
sub_form.addRow(self.threshold_message)
self.alert_count_message = QLabel()
self.alert_count_message.setWordWrap(True)
sub_form.addRow(self.alert_count_message)
self.threshold_range = MessageArea()
sub_form.addRow(self.threshold_range)
grid.addWidget(alerts, 2, 0)
blocking, sub_form = mkGroupBox(tr('Blocking (IPS)'))
self.block = self.mkCheckBox(tr('Block'))
self.connect(self.block, SIGNAL('stateChanged(int)'), self.config.setBlockingEnabled)
sub_form.addRow(self.block)
self.drop_threshold = QDoubleSpinBox()
sub_form.addRow(tr('Rule selection threshold for blocking'), self.drop_threshold)
self.drop_count_message = QLabel()
self.drop_count_message.setWordWrap(True)
sub_form.addRow(self.drop_count_message)
self.connect(self.drop_threshold, SIGNAL('valueChanged(double)'), self.setDropThreshold)
self.connect(self.drop_threshold, SIGNAL('valueChanged(double)'), self.setModified)
self.connect(
self.block,
SIGNAL('stateChanged(int)'),
self.drop_threshold.setEnabled
)
grid.addWidget(blocking, 2, 1)
antivirus, sub_form = mkGroupBox(tr('Antivirus'))
self.antivirus_toggle = self.mkCheckBox(tr('Enable antivirus '))
self.connect(self.antivirus_toggle, SIGNAL('stateChanged(int)'), self.config.setAntivirusEnabled)
self.antivirus_message = QLabel()
self.antivirus_message.setWordWrap(True)
sub_form.addRow(self.antivirus_toggle)
sub_form.addRow(self.antivirus_message)
network, sub_form = mkGroupBox(tr('Protected networks'))
self.networks = NetworkListEdit()
self.connect(self.networks, SIGNAL('textChanged()'), self.setProtectedNetworks)
self.networks_message = QLabel()
self.networks_message.setWordWrap(True)
sub_form.addRow(self.networks)
sub_form.addRow(self.networks_message)
grid.addWidget(antivirus, 3, 0)
grid.addWidget(network, 3, 1)
if HAVE_NULOG:
fragment = Fragment('IDSIPSTable')
fragment.load({'type': 'IDSIPSTable',
'title': tr('IDS-IPS Logs'),
'view': 'table',
'args': {}
})
fragwidget = FragmentFrame(fragment, {}, self.client, parent=self)
grid.addWidget(fragwidget, 4, 0, 1, 2) #fromrow, fromcol, rowspan, colspan
fragwidget.updateData()
self.frag = fragwidget
self.mainwindow.writeAccessNeeded(
self.activation_box,
self.alert_threshold,
self.block,
self.drop_threshold,
self.antivirus_toggle,
self.networks,
)
def closeEvent(self, event):
if hasattr(self, 'frag'):
self.frag.destructor()
def setAlertThreshold(self):
self.config.alert_threshold = self.alert_threshold.value()
def setProtectedNetworks(self):
if self.networks.isValid():
self.config.networks = self.networks.value()
self.setModified()
def setDropThreshold(self):
self.config.drop_threshold = self.drop_threshold.value()
def resetConf(self, no_interface=False):
serialized = self.mainwindow.init_call("ids_ips", u'getIdsIpsConfig')
self.config = IdsIpsCfg.deserialize(serialized)
self._modified = False
if no_interface:
return
self.updateView()
def isValid(self):
self.error_message = ""
if self.config.block and \
self.config.drop_threshold < self.config.alert_threshold:
self.error_message = \
tr('Inconsistent configuration (IDS-IPS thresholds): ') + \
tr("the threshold for blocking rules must be greater than the threshold for alerting.")
return False
if self.config.enabled and not self.networks.value():
self.error_message = tr('You must add some networks in the "Protected networks" area before you can enable the IDS-IPS service.')
return False
ok, msg = self.config.isValidWithMsg()
if not ok:
self.error_message = msg
return False
return True
def saveConf(self, message):
serialized = self.config.serialize()
self.client.call("ids_ips", 'setIdsIpsConfig', serialized, message)
self.mainwindow.addNeutralMessage(tr("IDS - IPS configuration saved"))
self._modified = False
self.update_counts()
def updateView(self):
self._not_modifying = True
italic_start = u'<span style="font-style:italic;">'
close_span = u'</span>'
self.activation_box.setChecked(
Qt.Checked if self.config.enabled else Qt.Unchecked
)
self.block.setChecked(
Qt.Checked if self.config.block else Qt.Unchecked
)
try:
(score_min, score_max) = self.client.call("ids_ips",
'minmaxScores')
except RpcdError:
(score_min, score_max) = (-1, -1)
self.mainwindow.addToInfoArea(tr('IDS-IPS: Could not compute the min/max scores.'))
self.alert_threshold.setRange(score_min, score_max)
self.drop_threshold.setRange(score_min, score_max)
self.threshold_range.setMessage(tr('Current range'), "%s %s %s %s" %(
tr("The scores for the current rules range from"),
score_min, tr("to"), score_max)
)
self.alert_threshold.setValue(self.config.alert_threshold)
self.drop_threshold.setValue(self.config.drop_threshold)
self.drop_threshold.setEnabled(self.block.checkState())
help = u'%s %s %s' % (
italic_start,
tr("The rules are selected according to a level of confidence with regard to "
"false positives (the greater the threshold, the fewer rules selected)."),
close_span
)
self.threshold_message.setText(help)
warning = italic_start + tr('Warning: This may degrade the performances of the firewall') + u'</span>'
self.antivirus_message.setText(warning)
self.antivirus_toggle.setChecked(
Qt.Checked if self.config.antivirus_enabled else Qt.Unchecked
)
self.networks_message.setText(u'%s%s%s' % (
italic_start,
tr('You may add a network definition per line'),
close_span
)
)
self.networks.setIpAddrs(self.config.networks)
self.update_counts()
self._not_modifying = False
def isModified(self):
return self._modified
def update_counts(self):
try:
(alert_count, drop_count, available_count) = \
self.client.call("ids_ips", 'getSelectedRulesCounts',
[self.alert_threshold.value(),
self.drop_threshold.value()])
except RpcdError:
(alert_count, drop_count, available_count) = (-1, -1, -1)
self.mainwindow.addToInfoArea(tr('IDS-IPS: Could not count the selected rules.'))
self.alert_count_message.setText(
tr('A threshold of ') + unicode(self.config.alert_threshold) +
tr(' selects ') + unicode(alert_count) +
tr(' rules out of ') + unicode(available_count)
+ tr('.'))
if self.config.block:
self.drop_count_message.setText(
tr('A threshold of ') + unicode(self.config.drop_threshold) +
tr(' selects ') + unicode(drop_count) +
tr(' blocking rules out of ') + unicode(available_count)
+ tr('.'))
else:
self.drop_count_message.setText('')
class LdapWidget(DirectoryWidget):
def __init__(self, config, specific_config, mainwindow, parent=None):
assert config is not None
assert specific_config is not None
DirectoryWidget.__init__(self, config, specific_config, mainwindow, parent)
self.buildInterface(config)
self.updateView(self.specific_config)
def buildInterface(self, config):
#<server uri>
self.uri = QLineEdit()
self.texts.add(self.uri)
self.connect(self.uri, SIGNAL('textChanged(QString)'), self.setUri)
self.connect(self.uri, SIGNAL('textChanged(QString)'), self.signalModified)
self.connect(self.uri, SIGNAL('textEdited(QString)'), self.helpURI)
self.connect(self.uri, SIGNAL('editingFinished()'), self.noHelpURI)
self.connect(self.uri, SIGNAL('editingFinished()'), self.updateUri)
self.form.addRow(tr('LDAP Server(s) uri'), self.uri)
self.uri.setToolTip(help_uri_tooltip)
self.connect(self.uri, SIGNAL('returnPressed()'), self.signalModified)
self.uri_message_area = MessageArea()
self.empty_uri_label = QLabel()
self.form.addRow(self.empty_uri_label, self.uri_message_area)
self.empty_uri_label.hide()
self.uri_message_area.hide()
self.uri_message_area.setMessage(help_uri_title, help_uri_message_area)
self.numeric_uri_warning = MessageArea()
empty = QLabel()
self.form.addRow(empty, self.numeric_uri_warning)
empty.hide()
self.numeric_uri_warning.hide()
self.numeric_uri_warning.warning(numeric_warning_title, numeric_warning)
self.numeric_uri_warning.setWidth(60)
#</server uri>
#<other fields>
for args in self._genTextFieldsData():
text_input = self.addTextInput(*args[1:])
setattr(self, args[0], text_input)
self.connect(text_input, SIGNAL('editingFinished(QString)'), self.valid)
#</other fields>
self.ssl_box = self.mkSslBox()
self.connect(self.ssl_box, SIGNAL('toggled(bool)'), self.toggleSsl)
self.form.addRow(self.ssl_box)
self.form.addRow(separator())
test_widget = QPushButton(tr("Test this configuration"))
self.form.addRow("", test_widget)
test_widget.connect(test_widget, SIGNAL('clicked()'), self.test_ldap)
def _genTextFieldsData(self):
return (
('dn_users', tr('LDAP DN for users'), self.setDnUsers),
('dn_groups', tr('LDAP DN for groups'), self.setDnGroups),
('user', tr('DN used to log in on the LDAP server'), self.setUser),
('password', tr('Password used to log in on the LDAP server'), self.setPassword, False)
)
def test_ldap(self):
dc, base, uri, filter, password = self.specific_config.generateTest()
if uri is None or uri == '':
QMessageBox.critical(
self,
"Missing data",
"Please fill URI field"
)
return
if dc is None:
dc == ''
filter, ok = QInputDialog.getText(
self,
tr("LDAP Filter"),
tr("Please enter a filter:"),
QLineEdit.Normal,
filter
)
if not ok:
return
async = self.mainwindow.client.async()
async.call(
'nuauth',
'testLDAP',
dc, base, uri, unicode(filter), password,
callback = self.success_test,
errback = self.error_test
)
def success_test(self, result):
ans_no = tr("OK")
ans_yes = tr("Show the server's answer")
show_details = QMessageBox.question(
self,
tr('LDAP test results'),
tr('LDAP test completed without error'),
ans_no,
ans_yes
)
if show_details == 0:
return
title = tr('LDAP test results')
QMessageBox.information(
self,
title,
'<span><h2>%s</h2><pre>%s</pre></span>' % (title, unicode(result))
)
def error_test(self, result):
basic_text = tr('LDAP test completed with an error')
formatted_text = u"""\
<span>
%s
<pre>
%s
</pre>
</span>
""" % (basic_text, unicode(result))
QMessageBox.warning(
self,
tr('LDAP test results'),
formatted_text
)
def helpURI(self, text):
self.uri_message_area.show()
def noHelpURI(self):
self.uri_message_area.hide()
def toggleSsl(self, value):
if value:
self.selectCustomOrNupki(NUPKI)
else:
self.specific_config.custom_or_nupki = SSL_DISABLED
self.signalModified()
def setUri(self, uris_text):
self.specific_config.setUri(self.readString(uris_text))
self.signalModified()
self.numeric_uri_warning.setVisible(ip_in_ldapuri(self.specific_config.uri))
def setUser(self, user):
self.specific_config.user = self.readString(user)
def setPassword(self, password):
self.specific_config.password = self.readString(password)
def setDnUsers(self, dn):
self.specific_config.dn_users = self.readString(dn)
def setDnGroups(self, dn):
self.specific_config.dn_groups = self.readString(dn)
def mkSslBox(self):
group = QGroupBox(tr("Check server certificate"))
group.setCheckable(True)
box = QVBoxLayout(group)
#id 0
nupki = QRadioButton(tr("Upload certificate"))
#id 1
custom = QRadioButton(tr("Use an internal PKI"))
hbox = QHBoxLayout()
box.addLayout(hbox)
self.nupki_or_custom = QButtonGroup()
self.connect(self.nupki_or_custom, SIGNAL('buttonClicked(int)'), self.toggleCustomOrNupki)
for index, radio in enumerate((custom, nupki)):
hbox.addWidget(radio)
self.nupki_or_custom.addButton(radio, index)
self.file_selector_widget = QWidget()
vbox = QVBoxLayout(self.file_selector_widget)
selector_label = QLabel(tr("Manually uploaded LDAP certificate"))
vbox.addWidget(selector_label)
add_cert_trigger = AddButton(text=tr("Upload a certificate"))
vbox.addWidget(add_cert_trigger)
vbox.addWidget(separator())
self.has_cert_message = QLabel(
tr("There is no manually uploaded server certificate")
)
self.del_cert = RemButton(
tr("Delete certificate file from server")
)
vbox.addWidget(self.has_cert_message)
vbox.addWidget(self.del_cert)
self.connect(add_cert_trigger, SIGNAL('clicked()'), self.upload_server_cert)
self.connect(self.del_cert, SIGNAL('clicked()'), self.delete_server_cert)
self.nupki_message = MessageArea()
self.nupki_message.setMessage(tr("Warning"),
tr(
"There is no server certificate in the internal PKI.<br/>"
"Please import or generate one using an internal PKI."
)
)
for anti_button, widget in ((custom, self.nupki_message), (nupki, self.file_selector_widget)):
box.addWidget(widget)
self.connect(anti_button, SIGNAL('toggled(bool)'), widget.setVisible)
self.selectCustomOrNupki(CUSTOM)
return group
def upload_server_cert(self):
dialog = UploadDialog(
selector_label=tr("LDAP certificate"),
filter=tr("Certificate file (*.crt *.pem *)")
)
accepted = dialog.exec_()
if accepted != QDialog.Accepted:
return
filename = dialog.filename
if not filename:
return
with open(filename, 'rb') as fd:
content = fd.read()
content = encodeFileContent(content)
self.mainwindow.addToInfoArea(tr('Uploading of a certificate file for the ldap server'))
async = self.mainwindow.client.async()
async.call("nuauth", "upload_ldap_server_cert", content,
callback = self.success_upload,
errback = self.error_upload
)
def success_upload(self, value):
self.mainwindow.addToInfoArea(tr('[LDAP server cert upload] Success!'))
self.specific_config.server_cert_set = True
self.setServerCert()
self.signalModified()
def error_upload(self, value):
self.mainwindow.addToInfoArea(tr('[LDAP server cert upload] Error!'), COLOR_ERROR)
self.mainwindow.addToInfoArea(tr('[LDAP server cert upload] %s') % value, COLOR_ERROR)
def setServerCert(self):
if self.specific_config.server_cert_set:
self.del_cert.show()
self.has_cert_message.hide()
else:
self.del_cert.hide()
self.has_cert_message.show()
def delete_server_cert(self):
confirm_box = QMessageBox(self)
confirm_box.setText(
tr(
"Please confirm the deletion of the "
"manually uploaded LDAP server certificate."
)
)
confirm_box.setInformativeText(
tr("Do you really want to delete the certificate file?")
)
confirm_box.setStandardButtons(QMessageBox.Ok | QMessageBox.Cancel)
confirm_box.setDefaultButton(QMessageBox.Cancel)
confirm = confirm_box.exec_()
if confirm != QMessageBox.Ok:
return
async = self.mainwindow.client.async()
async.call("nuauth", "delete_ldap_server_cert",
callback = self.success_delete,
errback = self.error_delete
)
def success_delete(self, value):
self.mainwindow.addToInfoArea(tr('[LDAP server cert deletion] Success!'))
self.specific_config.server_cert_set = False
self.setServerCert()
self.signalModified()
def error_delete(self, value):
self.mainwindow.addToInfoArea(tr('[LDAP server cert deletion] Error!'), COLOR_ERROR)
self.mainwindow.addToInfoArea(tr('[LDAP server cert deletion] %s') % value, COLOR_ERROR)
def toggleCustomOrNupki(self, id):
if id == 0:
self.specific_config.custom_or_nupki = NUPKI
else:
self.specific_config.custom_or_nupki = CUSTOM
self.signalModified()
def selectCustomOrNupki(self, custom_or_nupki):
if custom_or_nupki == CUSTOM:
self.file_selector_widget.setEnabled(True)
self.nupki_message.hide()
id = 1
else:
custom_or_nupki = NUPKI
self.file_selector_widget.hide()
id = 0
self.nupki_or_custom.button(id).setChecked(True)
def setSslData(self, config):
ssl_enabled = (SSL_DISABLED != config.custom_or_nupki)
self.ssl_box.setChecked(ssl_enabled)
if ssl_enabled:
self.selectCustomOrNupki(config.custom_or_nupki)
def updateUri(self, config=None):
if config is None:
config = self.specific_config
self.setText(self.uri, config.uri)
def updateView(self, config=None):
if config is None:
config = self.specific_config
self.updateUri(config=config)
self.setSslData(config)
#never copy this one:
self.setDefaultText(self.dn_users, self.specific_config.dn_users)
self.setDefaultText(self.dn_groups, self.specific_config.dn_groups)
self.setDefaultText(self.user, config.user)
self.setDefaultText(self.password, config.password)
self.setServerCert()
class ADBaseWidget(DirectoryWidget):
def __init__(self, config, specific_config, mainwindow, parent=None):
DirectoryWidget.__init__(self, config, specific_config, mainwindow, parent=None)
self.qhostname_object = QHostnameObject.getInstance()
self.buildInterface(config)
self.updateView()
self._poll()
def register_qobjects(self):
self.qhostname_object.registerCallbacks(
self.acceptHostnameChange,
self.handleHostnameChange,
attach=self
)
def _poll(self):
self.ad_status.fetch_data(self.mainwindow.client)
timer = QTimer()
timer.setSingleShot(True)
timer.setInterval(20000) # ms
timer.start()
self.connect(timer, SIGNAL('timeout()'), self._poll)
self.connect(self, SIGNAL('destroyed()'), timer.stop)
def unregister_qobjects(self):
self.qhostname_object.forget(self)
def updateView(self, config=None):
if config is None:
config = self.specific_config
self.setText(self.controller_ip, config.controller_ip)
self.setDefaultText(self.user, config.user)
self.setDefaultText(self.password, config.password)
self.setDefaultText(self.workgroup, config.workgroup)
self.setDefaultText(self.domain, config.domain)
self.setDefaultText(self.dns_domain, config.dns_domain)
self.setText(self.wins_ip, config.wins_ip)
self.displayHostname()
def acceptHostnameChange(self):
button = QMessageBox.warning(
self,
tr("Hostname change"),
tr("Warning: this hostname change will cause the appliance to register again on Active Directory."),
QMessageBox.Cancel | QMessageBox.Ok
)
if button == QMessageBox.Ok:
self.signalModified()
return True
return False
def handleHostnameChange(self):
self.displayHostname()
def displayHostname(self):
self.netbios_name.setText(u"<b>%s</b>" % unicode(self.qhostname_object.hostnamecfg.hostname))
def buildInterface(self, config):
fqdn_tooltip = tr("IP address, FQDN or Hostname")
self.controller_ip = QLineEdit()
self.texts.add(self.controller_ip)
self.connect(self.controller_ip, SIGNAL('textChanged(QString)'), self.setControllerIp)
self.form.addRow(tr('Authentication server'), self.controller_ip)
self.controller_ip.setToolTip(help_ps_tooltip)
self.connect(self.controller_ip, SIGNAL('returnPressed()'), self.signalModified)
self.ps_message_area = MessageArea()
self.empty_ps_label = QLabel()
self.form.addRow(self.empty_ps_label, self.ps_message_area)
self.empty_ps_label.hide()
self.ps_message_area.hide()
self.ps_message_area.setMessage(help_ps_title, help_ps_message_area)
self.wins_ip = IpOrHostnameOrFqdnEdit(accept_empty=True)
self.texts.add(self.wins_ip)
self.connect(self.wins_ip, SIGNAL('textChanged(QString)'), self.setWinsIp)
self.form.addRow(tr('WINS server (optional)'), self.wins_ip)
self.wins_ip.setToolTip(
"%s\n%s" % (
fqdn_tooltip, tr("This field is useful if the AD and EdenWall appliances don't share the same subnet")
)
)
self.connect(self.wins_ip, SIGNAL('returnPressed()'), self.signalModified)
for args in (
('domain', tr('Active Directory Domain'), self.setDomain),
('dns_domain', tr('Active Directory DNS Domain (if different from the AD domain)'), self.setDNSDomain),
('workgroup', tr('Workgroup (optional)'), self.setWorkgroup)
):
setattr(self, args[0], self.addTextInput(*args[1:]))
#flagWriteAccess(text_input)
self.netbios_name = QLabel()
self.form.addRow(tr("Netbios name"), self.netbios_name)
for args in (
('user', tr('Name used to join the domain'), self.setUser),
('password', tr('Password used to join the domain'), self.setPassword, False)
):
setattr(self, args[0], self.addTextInput(*args[1:]))
#flagWriteAccess(text_input)
#flagWriteAccess(password_server)
self.connect(self.controller_ip, SIGNAL('textEdited(QString)'), self.helpPS)
self.connect(self.controller_ip, SIGNAL('editingFinished()'), self.noHelpPS)
self.ad_status = ADStatus()
self.form.addRow('', self.ad_status)
def helpPS(self, text):
self.ps_message_area.show()
def noHelpPS(self):
self.controller_ip.setText(
unicode(
self.controller_ip.text()
).strip()
)
self.ps_message_area.hide()
def setControllerIp(self, server):
self.specific_config.controller_ip = unicode(server).strip()
self.signalModified()
def setWinsIp(self, server):
self.specific_config.wins_ip = unicode(server)
self.signalModified()
def setDomain(self, domain):
self.specific_config.domain = domain
def setDNSDomain(self, domain):
self.specific_config.dns_domain = domain
def setUser(self, user):
self.specific_config.user = user
def setPassword(self, password):
self.specific_config.password = password
def setWorkgroup(self, workgroup):
self.specific_config.workgroup = workgroup
def signalModified(self):
self.config.org = self.specific_config
DirectoryWidget.signalModified(self)
class ResolvFrontend(ScrollArea):
COMPONENT = 'resolv'
IDENTIFIER = 'dns'
LABEL = tr('Hostname and DNS')
REQUIREMENTS = ('resolv', 'hostname')
FIXED_WIDTH = 40
ICON = ':/icons/computeur.png'
def __init__(self, client, parent=None):
ScrollArea.__init__(self)
self.client = client
self.mainwindow = parent
self._modified = False
self.cfg = {}
self.host_loaded = False
self.resolv_loaded = False
self._can_edit_hostname = True
self.qhostnamecfg = QHostnameObject.getInstance()
self.qresolvcfg = QResolvObject.getInstance()
main_widget = QWidget()
self.setWidget(main_widget)
self.setWidgetResizable(True)
self.form = QFormLayout(main_widget)
self.form.addRow(QLabel("<h1>%s</h1>" % tr('Hostname')))
host_box = self.mkHostBox()
self.form.addRow(host_box)
self.form.addItem(
QSpacerItem(1, 1, QSizePolicy.Minimum, QSizePolicy.Expanding)
)
self.form.addRow(QLabel("<h1>%s</h1>" % tr('DNS')))
self.dns1 = self.addField(tr("Server 1"), IpEdit)
self.dns2_label = QLabel(tr("Server 2"))
self.dns2 = self.addField(self.dns2_label, IpEdit)
self.form.addRow(QLabel("<h1>%s</h1>" % tr('Active configuration test')))
self.test_group = _mkTestGroup()
self.form.addRow(self.test_group)
self.connect(self.test_group.test_button, SIGNAL('clicked()'), self.full_test)
self.mainwindow.writeAccessNeeded(
self.dns1,
self.dns2,
self.edit_hostname,
self.edit_domain
)
self.message = MessageArea()
self.message.setWidth(80)
self.error_message = ''
self.form.addRow(self.message)
self.resetConf()
if not self.host_loaded and not self.resolv_loaded:
raise NuConfModuleDisabled
if self.resolv_loaded:
self._connectsignals()
def _connectsignals(self):
self.connect(self.dns1, SIGNAL('editingFinished()'),
partial(self.setDns, self.dns1, self.qresolvcfg.resolvcfg.setNameserver1))
self.connect(self.dns2, SIGNAL('editingFinished()'),
partial(self.setDns, self.dns2, self.qresolvcfg.resolvcfg.setNameserver2))
self.connect(self.dns1, SIGNAL('textEdited(QString)'), lambda x: self.setModified(True))
self.connect(self.dns2, SIGNAL('textEdited(QString)'), lambda x: self.setModified(True))
@staticmethod
def get_calls():
"""
services called by initial multicall
"""
return (
('resolv', 'getResolvConfig'),
('resolv', 'getRunningConfig'),
('hostname', 'getHostnameConfig'),
)
def setDns(self, edit_dns, set_dns):
set_dns(edit_dns.text())
def mkHostBox(self):
box = QGroupBox(tr("Hostname and domain configuration"))
form = QFormLayout(box)
form.setLabelAlignment(Qt.AlignLeft)
self.hostname = QLabel()
self.edit_hostname = EditButton(flat=False)
self.connect(self.edit_hostname, SIGNAL('clicked()'), self._edit_hostname)
form.addRow(self.hostname, self.edit_hostname)
self.domain = QLabel()
self.edit_domain = EditButton(flat=False)
self.connect(self.edit_domain, SIGNAL('clicked()'), self._edit_domain)
form.addRow(self.domain, self.edit_domain)
self.qhostnamecfg.registerCallbacks(
lambda: True,
self.updateHostname)
self.qresolvcfg.registerCallbacks(
lambda: True,
self.updateDomain)
return box
def updateHostname(self):
if not self.host_loaded:
hostname_text = "<i>%s</i>" % tr("not fetched",
"The hostname is normally fetched from the server, and this "
"text handles the case when it failed. "
"The text 'not fetched' is written in italics."
)
self._can_edit_hostname = False
else:
changeable = self.qhostnamecfg.hostnamecfg.changeable
self._can_edit_hostname = changeable != NOT_CHANGEABLE
hostname_text = "%s %s" % (
tr("Hostname:", "Displaying the hostname"),
self.qhostnamecfg.hostnamecfg.hostname
)
if changeable == NOT_CHANGEABLE:
self.mainwindow.addToInfoArea(_HOSTNAME_NOT_CHANGEABLE, COLOR_VERBOSE)
self.hostname.setText(hostname_text)
def updateDomain(self):
self.domain.setText(tr("Domain: %s") % self.qresolvcfg.resolvcfg.domain)
def __editFieldDialog(self, title, label, text):
"""
return text, ok
"""
#Signature: text, ok = QInputDialog.getText(
# QWidget parent,
# QString title,
# QString label,
# QLineEdit.EchoMode echo = QLineEdit.Normal,
# QString text = QString(),
# Qt.WindowFlags f = 0)
return QInputDialog.getText(
self,
title,
label,
QLineEdit.Normal,
text
)
def _continue_edit(self, title, message):
continuing = QMessageBox.question(
self,
title,
message,
QMessageBox.Cancel|QMessageBox.Ok,
QMessageBox.Cancel, #default button
)
return continuing == QMessageBox.Ok
def _edit_hostname(self):
changeable = self.qhostnamecfg.hostnamecfg.changeable
if not self._can_edit_hostname:
QMessageBox.critical(
self,
_CANNOT_CHANGE_HOSTNAME_TITLE,
_CANNOT_CHANGE_HOSTNAME,
)
return
if changeable == CHANGE_DISCOURAGED:
if not self._continue_edit(
tr("About hostname change", "popup title"),
_HOSTNAME_CHANGE_DISCLAIMER
):
return
hostname, ok = self.__editFieldDialog(
tr("Edit hostname"),
tr("Enter new hostname"),
self.qhostnamecfg.hostnamecfg.hostname
)
if ok:
hostname = unicode(hostname).strip()
if hostname == self.qhostnamecfg.hostnamecfg.hostname:
return
self.qhostnamecfg.pre_modify()
self.qhostnamecfg.hostnamecfg.hostname = hostname
self.qhostnamecfg.post_modify()
self.setModified()
def _edit_domain(self):
changeable = self.qhostnamecfg.hostnamecfg.changeable
if changeable == CHANGE_DISCOURAGED:
if not self._continue_edit(
tr("About domain change", "popup title"),
_DOMAIN_CHANGE_DISCLAIMER
):
return
domain, ok = self.__editFieldDialog(
tr("Edit domain"),
tr("Enter new domain name"),
self.qresolvcfg.resolvcfg.domain
)
if ok:
domain = unicode(domain).strip()
if domain == self.qresolvcfg.resolvcfg.domain:
return
self.qresolvcfg.pre_modify()
self.qresolvcfg.resolvcfg.setDomain(domain)
self.qresolvcfg.post_modify()
self.setModified()
def default_test(self):
async = self.client.async()
async.call('resolv', 'test',
{},
callback=self.defaultTest_success,
errback=self.test_error
)
self.mainwindow.addToInfoArea(tr("Testing current DNS server..."))
def full_test(self):
fields = {
self.test_group.server_input: tr("test server field"),
self.test_group.query_input: tr("test query field"),
}
default_test = True
for item in fields:
if not item.isEmpty():
default_test = False
if not item.isValid():
self.mainwindow.addToInfoArea(
tr("Wrong value in %s, can not test.") % fields[item]
)
return
if default_test:
self.default_test()
return
self.deactivate_tests()
async = self.client.async()
async.call('resolv', 'test',
{
'server': unicode(self.test_group.server_input.text()).strip(),
'query': unicode(self.test_group.query_input.text()).strip()
},
callback=self.test_success,
errback=self.test_error
)
self.mainwindow.addToInfoArea(tr("Testing DNS server with custom parameters..."))
def defaultTest_success(self, result):
self.mainwindow.addToInfoArea(tr("[DNS Test] Success: The server is available (empty query)."))
self.reactivate_tests()
def test_success(self, result):
self.mainwindow.addToInfoArea(tr("[DNS Test] Success!"))
dialog = DnsResult(result, self)
dialog.exec_()
self.reactivate_tests()
def test_error(self, err):
err = exceptionAsUnicode(err)
self.mainwindow.addWarningMessage(
tr("[DNS Test] Error! %s") % err
)
self.reactivate_tests()
def deactivate_tests(self):
self.test_group.test_button.setEnabled(False)
def reactivate_tests(self):
self.test_group.test_button.setEnabled(True)
def addField(self, field_name, inputcls):
field = inputcls(self)
field.setFixedWidth(field.fontMetrics().averageCharWidth() * self.FIXED_WIDTH)
self.form.addRow(field_name, field)
return field
def isModified(self):
return self._modified
def setModified(self, modif=True):
if modif:
self.mainwindow.setModified(self, True)
self._modified = modif
def resetConf(self):
self._reset_hostname()
self._reset_resolv()
self.updateHostname()
self.updateDomain()
self.dns1.setText(self.qresolvcfg.resolvcfg.nameserver1)
self.dns1.validColor()
self.dns2.setText(self.qresolvcfg.resolvcfg.nameserver2)
self.dns2.validColor()
self.message.setNoMessage()
self.setModified(False)
self._reset_tests_texts()
def isValid(self):
self.message.setNoMessage()
self.error_message = ''
hasInvalidData = False
for widget in [self.dns1, self.dns2]:
if not widget.isValid():
hasInvalidData = True
error = "'%s' : must be '%s'<br />" % (widget.text(), widget.getFieldInfo())
self.error_message += error
self.message.setMessage('', "<ul>%s" % error, status=MessageArea.WARNING)
confs = {
tr("hostname"): self.qhostnamecfg.cfg,
tr("DNS"): self.qresolvcfg.cfg
}
for name, item in confs.iteritems():
if not item.isValid():
hasInvalidData = True
error = tr("%s configuration is invalid<br />") % name
self.message.setMessage('', error, status=MessageArea.WARNING)
self.error_message += error
if not hasInvalidData:
error = self.qresolvcfg.resolvcfg.isInvalid()
if error:
hasInvalidData = True
self.error_message = error
self.message.setMessage('', error, status=MessageArea.WARNING)
if hasInvalidData:
self.mainwindow.addToInfoArea(tr("'Hostname and DNS : invalid configuration'"))
return False
else:
return True
def saveConf(self, message):
if self.host_loaded:
self.client.call('hostname', 'setShortHostname', self.qhostnamecfg.hostnamecfg.hostname, message)
if self.resolv_loaded:
self.client.call('resolv', 'setResolvConfig', self.qresolvcfg.resolvcfg.serialize(), message)
self.setModified(False)
self.mainwindow.addToInfoArea(tr("'Hostname and DNS : configuration saved'"))
def _reset_hostname(self):
"""
Specifically resets values for hostname config.
sets self.host_loaded according to success in doing so.
"""
self.host_loaded = self._reset_helper(
'hostname',
'getHostnameConfig',
self.qhostnamecfg,
tr("Hostname interface enabled"),
tr("Hostname interface disabled: backend not loaded")
)
def _reset_resolv(self):
"""
Specifically resets values for DNS resolution config.
sets self.resolv_loaded according to success in doing so.
"""
self.resolv_loaded = self._reset_helper(
'resolv',
'getResolvConfig',
self.qresolvcfg,
tr("DNS interface enabled"),
tr("DNS interface disabled: backend not loaded")
)
def _reset_tests_texts(self):
serialized = self._fetch_serialized('resolv', 'getRunningConfig')
if serialized is not None:
running_cfg = deserialize(serialized)
servers = {'DNS_SERVERS': ' and '.join(
tuple(running_cfg.iterNameServers())
)}
text = _FULL_TEST_TEXT % servers
else:
self.message.warning(
tr("Warning on tests", "Testing DNS resolution from the server"),
tr(
"Tests are run with the configuration that is applied on "
"the appliance. This configuration can not be displayed "
"(probably because the software version of the appliance does "
"not provide this functionality)."
)
)
text = _FULL_TEST_TEXT_NOINFO
self.test_group.full_test_info.setText("%s %s" % (_INFO_IMG, text))
def buildInterface(self):
frame = QFrame()
grid = QGridLayout(frame)
self.setWidget(frame)
self.setWidgetResizable(True)
title = u'<h1>%s</h1>' % self.tr('Intrusion detection/prevention system')
grid.addWidget(QLabel(title), 0, 0, 1, 2) #fromrow, fromcol, rowspan, colspan
self.activation_box = self.mkCheckBox(tr('Enable IDS-IPS'))
self.connect(self.activation_box, SIGNAL('stateChanged(int)'), self.config.setEnabled)
grid.addWidget(self.activation_box, 1, 0)
alerts, sub_form = mkGroupBox(tr('Alerts (IDS)'))
self.alert_threshold = QDoubleSpinBox()
sub_form.addRow(tr('Threshold for rule selection'), self.alert_threshold)
self.connect(self.alert_threshold, SIGNAL('valueChanged(double)'),
self.setAlertThreshold)
self.connect(self.alert_threshold, SIGNAL('valueChanged(double)'), self.setModified)
self.threshold_message = QLabel()
self.threshold_message.setWordWrap(True)
sub_form.addRow(self.threshold_message)
self.alert_count_message = QLabel()
self.alert_count_message.setWordWrap(True)
sub_form.addRow(self.alert_count_message)
self.threshold_range = MessageArea()
sub_form.addRow(self.threshold_range)
grid.addWidget(alerts, 2, 0)
blocking, sub_form = mkGroupBox(tr('Blocking (IPS)'))
self.block = self.mkCheckBox(tr('Block'))
self.connect(self.block, SIGNAL('stateChanged(int)'), self.config.setBlockingEnabled)
sub_form.addRow(self.block)
self.drop_threshold = QDoubleSpinBox()
sub_form.addRow(tr('Rule selection threshold for blocking'), self.drop_threshold)
self.drop_count_message = QLabel()
self.drop_count_message.setWordWrap(True)
sub_form.addRow(self.drop_count_message)
self.connect(self.drop_threshold, SIGNAL('valueChanged(double)'), self.setDropThreshold)
self.connect(self.drop_threshold, SIGNAL('valueChanged(double)'), self.setModified)
self.connect(
self.block,
SIGNAL('stateChanged(int)'),
self.drop_threshold.setEnabled
)
grid.addWidget(blocking, 2, 1)
antivirus, sub_form = mkGroupBox(tr('Antivirus'))
self.antivirus_toggle = self.mkCheckBox(tr('Enable antivirus '))
self.connect(self.antivirus_toggle, SIGNAL('stateChanged(int)'), self.config.setAntivirusEnabled)
self.antivirus_message = QLabel()
self.antivirus_message.setWordWrap(True)
sub_form.addRow(self.antivirus_toggle)
sub_form.addRow(self.antivirus_message)
network, sub_form = mkGroupBox(tr('Protected networks'))
self.networks = NetworkListEdit()
self.connect(self.networks, SIGNAL('textChanged()'), self.setProtectedNetworks)
self.networks_message = QLabel()
self.networks_message.setWordWrap(True)
sub_form.addRow(self.networks)
sub_form.addRow(self.networks_message)
grid.addWidget(antivirus, 3, 0)
grid.addWidget(network, 3, 1)
if HAVE_NULOG:
fragment = Fragment('IDSIPSTable')
fragment.load({'type': 'IDSIPSTable',
'title': tr('IDS-IPS Logs'),
'view': 'table',
'args': {}
})
fragwidget = FragmentFrame(fragment, {}, self.client, parent=self)
grid.addWidget(fragwidget, 4, 0, 1, 2) #fromrow, fromcol, rowspan, colspan
fragwidget.updateData()
self.frag = fragwidget
self.mainwindow.writeAccessNeeded(
self.activation_box,
self.alert_threshold,
self.block,
self.drop_threshold,
self.antivirus_toggle,
self.networks,
)
def __init__(self, client, parent=None):
ScrollArea.__init__(self)
self._modified = False
self.drawGUIBasic()
self.loaded_done = False
parent.widgets["Network"] = self
parent.addToInfoArea(self.tr("Network configuration interface enabled"))
self.new_vlan = QAction(QIcon(":/icons/vlan"), tr("New VLAN"), self)
self.new_vlan.setToolTip(tr("Create a VLAN interface"))
self.new_bonding = QAction(QIcon(":/icons/New_bonding"), tr("New Bonding"), self)
self.new_bonding.setToolTip(tr("Create a Bonding interface"))
self.new_network = QAction(QIcon(":/icons/addnetwork"), tr("New Network"), self)
self.new_network.setToolTip(tr("Add a network definition"))
self.show_all = QAction(QIcon(":/icons/show_all_interface"), tr("Text Set Below"), self)
self.show_all.setToolTip(tr("Show all interfaces"))
self.is_showing_all = False
self.toggleShowAll()
self.connect(self.show_all, SIGNAL('triggered(bool)'), self.toggleShowAll)
self.contextual_toolbar = ToolBar(
(
self.new_network,
self.new_vlan,
self.new_bonding,
self.show_all
),
name=tr("Interfaces"))
self.contextual_toolbar.setObjectName("Network toolbar")
self.parent = parent
self.client = client
self.routes_model = None
self.q_netobject = QNetObject.getInitializedInstance(self.client)
self.q_netobject.registerCallbacks(
self.canHandleModification,
self.handleModification
)
if self.q_netobject.netcfg is None:
self.parent.addToInfoArea("Could not load network configuration", COLOR_ERROR)
msg_area = MessageArea()
msg_area.setMessage(
tr("Network configuration interface disabled"),
tr("Could not fetch network configuration from the appliance"),
"critical"
)
self.widget().layout().addWidget(msg_area)
return
self.resetConf()
try:
Protector(self.client.host, self)
except:
self.parent.addToInfoArea(
tr(
"Problem while loading a misconfiguration preventer: "
"you will not be warned if you deconfigure the IP address "
"to which EdenWall Administration Suite is connected.")
)
class VlanEditor(QFrame):
def __init__(self, vlan=None, raw_device=None, parent=None):
QFrame.__init__(self, parent)
self.q_netobject = QNetObject.getInstance()
self.vlan = vlan
layout = QFormLayout(self)
self.raw_device = RawDeviceChoice(self.q_netobject.netcfg, vlan=vlan)
layout.addRow(
self.tr("Physical interface"),
self.raw_device
)
self.vlan_id = VlanIdInput()
layout.addRow(
self.tr("ID:"),
self.vlan_id
)
self.name = QLineEdit()
layout.addRow(
self.tr("Name:"),
self.name
)
if vlan is not None:
self.original_interface = vlan.raw_device
self._name_edited = vlan.user_label != vlan.system_name
self.name.setText(vlan.user_label)
raw_device = vlan.raw_device
self.vlan_id.setText(unicode(vlan.id))
else:
self.original_interface = None
#will be set at true when we don't need to calculate self.name anymore
self._name_edited = False
self.computeName()
self.connect(self.vlan_id, SIGNAL('textEdited(QString)'), self.computeName)
self.connect(self.name, SIGNAL('textEdited(QString)'), self.nameCustomized)
self.connect(self.raw_device, SIGNAL('currentIndexChanged(int)'), self.computeName)
self.message = MessageArea()
layout.addRow(self.message)
# for input in (self.name, self.vlan_id):
# self.connect(input, SIGNAL('editingFinished()'), self.isValid)
self.isValid()
#configure
if raw_device is not None:
self.raw_device.setSelection(raw_device)
def nameCustomized(self, *args):
self._name_edited = True
def computeName(self, *args):
if self._name_edited:
return
try:
name = "%s.%s" % (self.raw_device.getSelection(), self.vlan_id.value())
except:
return
self.name.setText(name)
def setErrorMessage(self, message):
self._message = message
self.message.setMessage(
self.tr("Input error"),
message,
status=MessageArea.WARNING
)
def setOkMessage(self):
self.message.setMessage(
self.tr("Information"),
self.tr("Valid configuration")
)
def getMessage(self):
return self._message()
def getName(self):
return unicode(self.name.text()).strip()
def getRawDevice(self):
return self.raw_device.getSelection()
def getID(self):
return self.vlan_id.value()
def isValid(self):
try:
vlan_id = self.getID()
except:
self.setErrorMessage(
self.tr("Vlan ID should be an integer value")
)
return False
if 0 > vlan_id or vlan_id > 4095:
self.setErrorMessage(
self.tr("Vlan ID must be an integer value in [1..4095]")
)
return False
if self.getName() == "":
self.computeName()
self.setOkMessage()
raw_device = self.getRawDevice()
if not isinstance(raw_device, Vlanable):
raw_device = \
self.q_netobject.netcfg.getInterfaceBySystemName(raw_device)
if self.original_interface == raw_device.system_name:
#NOT checking against ID
if not raw_device.isValid():
self.setErrorMessage(
self.tr("This would make an invalid configuration for the physical interface.")
)
return False
else:
if not raw_device.isValid(new_vlan_id=self.getID()):
self.setErrorMessage(
self.tr("This would make an invalid configuration for "
"the physical interface (duplicate vlan ID...).")
)
return False
return True
def accept(self, *args):
if not self.isValid():
return False
try:
return self.setValues()
except NetCfgError:
self.setErrorMessage(
self.tr("Impossible configuration")
)
return False
def setValues(self):
self.emit(SIGNAL('modified'), tr("Vlan edited"))
user_label = self.getName()
raw_device = self.getRawDevice()
vlan_id = self.getID()
if self.vlan is None:
self.q_netobject.netcfg.createVlan(
raw_device,
user_label,vlan_id
)
self.emit(SIGNAL('modified'), tr("New vlan interface created: '%s'") % user_label)
return True
self.vlan.user_label = user_label
self.vlan.id = vlan_id
self.q_netobject.netcfg.moveVlan(
self.vlan,
raw_device
)
self.emit(SIGNAL('modified'), tr("vlan interface edited: '%s'") % user_label)
return True
