def check_dns_dhcp_valid(self):
"""If dhcp is selected for a dns source, check that dhcp is selected in the target network.
If private network dhcp is used, check that two interface setup is used.
"""
txt = uitexts.GlobalValidationTexts()
ic_pn_fda_keys = ['ip_address_selection']
dns_fda_keys = ['dns_selection']
ic_fda = self.toplevel_fda.descend('ic_group')
pn_fda = self.toplevel_fda.descend('pn_group')
dns_fda = self.toplevel_fda.descend('dns_group')
# Check local errors.
if not (self._can_validate(dns_fda, dns_fda_keys)):
return
if dns_fda[dns_fda_keys[0]] == 'use_dhcp_ic':
if not (self._can_validate(ic_fda, ic_pn_fda_keys)):
return
if ic_fda[ic_pn_fda_keys[0]] != 'dhcp':
dns_fda.add_error(dns_fda_keys[0], txt.e_ic_dhcp_not_in_use)
elif dns_fda[dns_fda_keys[0]] == 'use_dhcp_pn':
# Check only errors. Disabled means error situation.
if self._key_has_errors(pn_fda, ic_pn_fda_keys[0]):
return
# If disabled, or not selected -> error
if (self._is_disabled(pn_fda, ic_pn_fda_keys[0])) or (
pn_fda[ic_pn_fda_keys[0]] != 'dhcp'):
dns_fda.add_error(dns_fda_keys[0], txt.e_pn_dhcp_not_in_use)
def check_required_fields_routingfirewall(self):
txt = uitexts.GlobalValidationTexts()
# For each individual route, if gateway is selected manually, address is required
def _check_route_required(route_fda, list_index=None):
# Check local errors
fda_keys = ['gateway_selection', 'gateway']
# Check that selection does not have errors and gateway does not already have an error (=value exists).
if (self._can_validate(route_fda, [fda_keys[0]])) and (
not (self._key_has_errors(route_fda, fda_keys[1]))):
if (route_fda[fda_keys[0]] == 'manual_gw') and (
(not route_fda.has_key(fda_keys[1])) or
(route_fda[fda_keys[1]] is None)):
route_fda.add_error(fda_keys[1], txt.e_required)
def _check_default_route_gateway():
_check_route_required(self.toplevel_fda.descend('dr_group'))
def _check_routes_gateway():
self._walk_through_dynamic_list(
self.toplevel_fda.descend('ar_group'), _check_route_required)
def _check_source_route_gateway():
_check_route_required(self.toplevel_fda.descend('sr_group'))
_check_default_route_gateway()
_check_routes_gateway()
_check_source_route_gateway()
def public_private_eth_not_same(self):
"""Public and private network adapters must not be the same in two interface setup."""
txt = uitexts.GlobalValidationTexts()
fda_keys = ['if']
ic_fda = self.toplevel_fda.descend('ic_group')
pn_fda = self.toplevel_fda.descend('pn_group')
# Check local errors
if (self._can_validate(ic_fda, fda_keys)) and (self._can_validate(
pn_fda, fda_keys)):
if (ic_fda[fda_keys[0]] == pn_fda[fda_keys[0]]):
ic_fda.add_error(fda_keys[0], txt.e_public_and_private_if_same)
pn_fda.add_error(fda_keys[0], txt.e_public_and_private_if_same)
def _check_ip_and_subnet_mask(fda):
txt = uitexts.GlobalValidationTexts()
fda_keys = ['ip_address', 'subnet_mask']
# Check local errors
if not (self._can_validate(fda, fda_keys)):
return
# Check that ip and subnet matches
try:
temp_addr = datatypes.IPv4AddressSubnet.fromStrings(
fda[fda_keys[0]].toString(), fda[fda_keys[1]].toString())
if not (temp_addr.isUsable()):
raise Exception('address not usable in subnet')
except:
fda.add_error(fda_keys[0], txt.e_ip_and_subnet_does_not_match)
fda.add_error(fda_keys[1], txt.e_ip_and_subnet_does_not_match)
def check_only_one_proxyarp(self):
"""Only one proxyarp is allowed."""
txt = uitexts.GlobalValidationTexts()
fda_keys = ['client_traffic']
ic_fda = self.toplevel_fda.descend('ic_group')
pn_fda = self.toplevel_fda.descend('pn_group')
# Check local errors
if not (self._can_validate(ic_fda, fda_keys)
and self._can_validate(pn_fda, fda_keys)):
return
# Check
if (ic_fda[fda_keys[0]] == 'proxyarp') and (pn_fda[fda_keys[0]]
== 'proxyarp'):
ic_fda.add_error(fda_keys[0], txt.e_two_proxyarps)
pn_fda.add_error(fda_keys[0], txt.e_two_proxyarps)
def public_private_ip_not_same(self):
"""Public and private ip addresses must not be the same."""
txt = uitexts.GlobalValidationTexts()
fda_keys = ['ip_address']
ic_fda = self.toplevel_fda.descend('ic_group')
pn_fda = self.toplevel_fda.descend('pn_group')
# Check local errors
if (self._can_validate(ic_fda, fda_keys)) and (self._can_validate(
pn_fda, fda_keys)):
if (ic_fda[fda_keys[0]] == pn_fda[fda_keys[0]]):
ic_fda.add_warning(
fda_keys[0],
'Address is the same as private network connection address'
)
pn_fda.add_warning(
fda_keys[0],
'Address is the same as Internet connection address')
def check_route_destination_valid(self):
""" Checks following:
- In one interface setup the destination network cannot be private.
- If network router is used and nw has static ip, gw must be defined. """
ui_root = helpers.get_ui_config()
def _check_interface_and_gateway(route_fda, iface_uri):
if ui_root.hasS(iface_uri):
if not route_fda.has_key(
'gateway') or route_fda['gateway'] is None:
if self._network_interface_has_default_router_in_rdf(
ui_root.getS(iface_uri,
rdf.Type(ns_ui.NetworkConnection))):
pass
else:
route_fda.add_error(
'network_connection',
'Network interface does not have a default gateway'
)
else:
pass
else:
route_fda.add_error('network_connection',
'Network interface not active')
def _check_destination(route_fda, list_index=None):
if self._can_validate(route_fda, ['network_connection']):
# Check that interface and gateways exist
if route_fda['network_connection'] == 'private':
_check_interface_and_gateway(
route_fda, ns_ui.privateNetworkConnection)
elif route_fda['network_connection'] == 'internet':
_check_interface_and_gateway(route_fda,
ns_ui.internetConnection)
else:
_log.warning('unexpected case') # XXX: should not happen
txt = uitexts.GlobalValidationTexts()
_check_destination(self.toplevel_fda.descend('dr_group'))
self._walk_through_dynamic_list(self.toplevel_fda.descend('ar_group'),
_check_destination)
source_route_fda = self.toplevel_fda.descend('sr_group')
if source_route_fda['source_routing_selection'] == 'on':
_check_destination(source_route_fda)
def check_uplink(self):
"""Uplink is given as Mb's. Warning limits are < 0.256 and > 100."""
txt = uitexts.GlobalValidationTexts()
fda_keys = ['uplink']
fda = self.toplevel_fda.descend('ic_group')
# Check local errors
if not (self._can_validate(fda, fda_keys)):
return
# Check that value exists
try:
uplink = float(fda[fda_keys[0]])
except:
return
# Check uplink warning limits.
if uplink < 0.256:
fda.add_warning(fda_keys[0], txt.w_uplink_small)
elif uplink > 100:
fda.add_warning(fda_keys[0], txt.w_uplink_big)
def check_ppp_firewall_rules(self):
txt = uitexts.GlobalValidationTexts()
# XXX: check_required_fields() checks for other required fields but doesn't seem
# to make sense to distribute checking of one field to several places
def _check_ppp_firewall_rule(fda, list_index=None):
if fda.has_key('protocol') and fda[
'protocol'] is not None and fda['protocol'] != '':
# if protocol is not TCP or UDP, port is not allowed
if fda['protocol'] == 'tcp' or fda['protocol'] == 'udp':
pass
else:
if fda.has_key('port') and (fda['port'] is not None) and (
fda['port'] != 0):
fda.add_error(
'port',
'Port cannot be used with selected protocol')
self._walk_through_dynamic_list(
self.toplevel_fda.descend('fwrule_group'),
_check_ppp_firewall_rule)
def _check_gw_in_ip_subnet(fda):
txt = uitexts.GlobalValidationTexts()
fda_keys = [
'ip_address', 'ip_address_selection', 'subnet_mask',
'default_gateway'
]
# Check local errors
if not (self._can_validate(fda, fda_keys)):
return
# Skip the check if dhcp is in use, or gw has not been defined.
if fda['ip_address_selection'] == 'dhcp':
return
# Create IPv4AddressSubnet object and check if gw address is in subnet.
try:
ip_with_subnet = datatypes.IPv4AddressSubnet.fromStrings(
fda[fda_keys[0]].toString(), fda[fda_keys[2]].toString())
if not (ip_with_subnet.inSubnet(fda[fda_keys[3]])):
fda.add_warning(fda_keys[3], txt.w_gw_not_in_ip_subnet)
except:
fda.add_error(fda_keys[3], txt.e_unknown)
_log.exception('exception in validating')
def check_client_settings(self):
fda = self.client_connection_fda
txt = uitexts.GlobalValidationTexts()
def _max_psk_length_checker(psk):
return len(psk) <= constants.MAX_PRE_SHARED_KEY_LENGTH
# allowed characters in username, password, psk
# NB: uihelpers checkers accept empty string
for fieldname, checker, errortext in [
('server_name', uihelpers.check_dns_name_characters,
'Invalid characters'),
('psk_1', uihelpers.check_preshared_key_characters,
'Invalid characters'),
('psk_1', _max_psk_length_checker, 'Pre-shared key too long'),
('psk_2', uihelpers.check_preshared_key_characters,
'Invalid characters'),
('psk_2', _max_psk_length_checker, 'Pre-shared key too long')
]:
if fda.has_key(
fieldname) and fda[fieldname] is not None and not checker(
fda[fieldname]):
fda.add_error(fieldname, errortext)
# at least one dns required if manual servers set
if fda.has_key('dns') and fda['dns'] == 'manual_dns':
# require dns_1, not dns_2 (XXX: this may be inconsistent)
if not fda.has_key(
'dns_1') or fda['dns_1'] is None or fda['dns_1'] == '':
fda.add_error('dns_1', txt.e_required)
else:
# no validation
pass
# subnet and range validation
subnet, iprange = self._get_ppp_subnet_and_range()
if subnet is not None and iprange is not None:
rf = iprange.getFirstAddress().toLong()
rl = iprange.getLastAddress().toLong()
nf = subnet.getFirstAddress().toLong()
nl = subnet.getLastAddress().toLong()
sf = subnet.getFirstUsableAddress().toLong()
sl = subnet.getLastUsableAddress().toLong(
) - 1 # last address is for server
if subnet.getCidr() > 30:
fda.add_error('client_subnet', 'Subnet is too small')
if (rf >= sf) and (rl <= sl):
pass
else:
fda.add_error(
'client_address_range',
'Address range must be contained in subnet and must not contain last address of subnet'
)
# ppp subnet vs. public subnet
pub_addr, _ = self._get_public_address()
if pub_addr is not None:
_log.debug('comparing ppp subnet %s against public subnet %s' %
(subnet.toString(), pub_addr.toString()))
if iprange.inRange(pub_addr.getAddress()):
fda.add_error(
'client_address_range',
'Range must not contain Internet connection address')
if subnet.overlapsWithSubnet(pub_addr.getSubnet()):
# XXX: this check was changed to warning after some thought: it doesn't cause actual problems
fda.add_warning(
'client_subnet',
'Subnet overlaps with Internet connection subnet')
# ppp subnet vs. private subnet
priv_addr, _ = self._get_private_address()
if priv_addr is not None:
_log.debug(
'comparing ppp subnet %s against private subnet %s' %
(subnet.toString(), priv_addr.toString()))
if iprange.inRange(priv_addr.getAddress()):
fda.add_error(
'client_address_range',
'Range must not contain private network connection address'
)
if subnet.overlapsWithSubnet(priv_addr.getSubnet()):
# XXX: this check was changed to warning after some thought: it doesn't cause actual problems
fda.add_warning(
'client_subnet',
'Subnet overlaps with private connection subnet')
# ppp subnet vs. site-to-site subnets
if not self._check_overlap_against_sitetosite_subnets(subnet):
# XXX: this check was removed after some thought; it doesn't cause actual problems
fda.add_warning(
'client_subnet',
'Subnet overlaps with remote site-to-site connection subnets'
)
# ppp subnet and range vs. configured fixed IP users
for fixed_ip in self._get_user_fixed_ips_rdf():
if iprange.inRange(fixed_ip):
fda.add_error(
'client_address_range',
'Range must not contain user fixed IP addresses')
break
fixed_ip_long = fixed_ip.toLong()
if fixed_ip_long in [nf, nl, nl - 1
]: # network, broadcast, last usable
fda.add_error(
'client_address_range',
'Some user fixed IP addresses overlap with reserved subnet addresses'
)
def check_interface_default_gateways(self):
txt = uitexts.GlobalValidationTexts()
def _check_gw_in_ip_subnet(fda):
txt = uitexts.GlobalValidationTexts()
fda_keys = [
'ip_address', 'ip_address_selection', 'subnet_mask',
'default_gateway'
]
# Check local errors
if not (self._can_validate(fda, fda_keys)):
return
# Skip the check if dhcp is in use, or gw has not been defined.
if fda['ip_address_selection'] == 'dhcp':
return
# Create IPv4AddressSubnet object and check if gw address is in subnet.
try:
ip_with_subnet = datatypes.IPv4AddressSubnet.fromStrings(
fda[fda_keys[0]].toString(), fda[fda_keys[2]].toString())
if not (ip_with_subnet.inSubnet(fda[fda_keys[3]])):
fda.add_warning(fda_keys[3], txt.w_gw_not_in_ip_subnet)
except:
fda.add_error(fda_keys[3], txt.e_unknown)
_log.exception('exception in validating')
def _check_default_gateway_required(fda, is_public, force_required):
# Not called for private interface if one interface setup (caller checks)
if fda.has_key('ip_address_selection'
) and fda['ip_address_selection'] == 'dhcp':
return # OK
if fda.has_key(
'default_gateway') and fda['default_gateway'] is not None:
return # OK
# Interface has static IP address but no default router. Error if
# some other part of configuration relies on it.
if force_required:
fda.add_error('default_gateway', txt.e_required)
else:
if self._check_routes_use_default_gateway_in_rdf(is_public):
fda.add_error('default_gateway',
'Default gateway used by routes')
elif self._check_source_route_uses_default_gateway_in_rdf(
is_public):
fda.add_error('default_gateway',
'Default gateway used by forced routing')
else:
pass
_check_gw_in_ip_subnet(self.toplevel_fda.descend('ic_group'))
if (self._can_validate(self.toplevel_fda, [
'ifcount_group.interface_count'
])) and self.toplevel_fda['ifcount_group.interface_count'] == 'twoif':
_check_gw_in_ip_subnet(self.toplevel_fda.descend('pn_group'))
_check_default_gateway_required(self.toplevel_fda.descend('ic_group'),
True, True)
if (self._can_validate(self.toplevel_fda, [
'ifcount_group.interface_count'
])) and self.toplevel_fda['ifcount_group.interface_count'] == 'twoif':
_check_default_gateway_required(
self.toplevel_fda.descend('pn_group'), False, False)
def check_required_fields(self):
"""Check required field checks all the required fields, which cannot be checked locally.
Whether or not these fields are required, depends from some other field(s) value(s).
"""
txt = uitexts.GlobalValidationTexts()
def _check_required_fields(fda, fda_keys):
"""Add 'Required' error to selected fields if they are empty and already don't have an error."""
for key in fda_keys:
if not self._is_disabled(
fda, key) and not self._key_has_errors(fda, key):
if fda[key] is None or fda[key] == '':
fda.add_error(key, txt.e_required)
# For static addresses, subnet is required (even with CIDR; canonicalization adds it)
def _check_ip_and_subnet(fda):
if (self._can_validate(
fda, ['ip_address_selection'
])) and fda['ip_address_selection'] == 'static':
_check_required_fields(fda, ['ip_address', 'subnet_mask'])
# Public interface checks
def _check_public_fields():
fda = self.toplevel_fda.descend('ic_group')
_check_required_fields(
fda, ['if', 'ip_address_selection', 'client_traffic'])
# If two interface setup, check private interface
def _check_private_fields():
if (self._can_validate(
self.toplevel_fda,
['ifcount_group.interface_count'])) and self.toplevel_fda[
'ifcount_group.interface_count'] == 'twoif':
fda = self.toplevel_fda.descend('pn_group')
_check_required_fields(
fda, ['if', 'ip_address_selection', 'client_traffic'])
# If manual DNS is used, at least one DNS is required
def _check_manual_dns():
fda = self.toplevel_fda.descend('dns_group')
if fda.has_key('dns_selection'
) and fda['dns_selection'] == 'set_manually':
if not fda.has_key(
'dns_1') or fda['dns_1'] is None or fda['dns_1'] == '':
fda.add_error('dns_1', txt.e_required)
# If dyndns provider has been selected, all dyndns fields are required; also check allowed characters
def _check_dyndns_fields():
fda = self.toplevel_fda.descend('ddns_group')
fda_keys = [
'ddns_provider', 'ddns_username', 'ddns_password',
'ddns_hostname'
]
if not (fda[fda_keys[0]] is None) and (fda[fda_keys[0]] != 'none'):
# actual provider selected => activate validation
_check_required_fields(fda, fda_keys)
if fda.has_key('ddns_username') and fda[
'ddns_username'] is not None and not uihelpers.check_dyndns_username_characters(
fda['ddns_username']):
fda.add_error('ddns_username', 'Invalid characters')
if fda.has_key('ddns_password') and fda[
'ddns_password'] is not None and not uihelpers.check_dyndns_password_characters(
fda['ddns_password']):
fda.add_error('ddns_password', 'Invalid characters')
if fda.has_key('ddns_hostname') and fda[
'ddns_hostname'] is not None and not uihelpers.check_dyndns_hostname_characters(
fda['ddns_hostname']):
fda.add_error('ddns_hostname', 'Invalid characters')
tmp = ''
if fda.has_key('ddns_address_type'):
tmp = fda['ddns_address_type'] or ''
if tmp == 'interface':
pass
elif tmp == 'natted':
pass
elif tmp == 'static':
if fda.has_key('ddns_address'
) and fda['ddns_address'] is not None:
addr_str = fda['ddns_address']
try:
ign = datatypes.IPv4Address.fromString(addr_str)
except:
fda.add_error('ddns_address', 'Invalid address')
else:
fda.add_error('ddns_address', 'Required')
else:
fda.add_error('ddns_address_type', 'Required')
_check_ip_and_subnet(self.toplevel_fda.descend('ic_group'))
_check_ip_and_subnet(self.toplevel_fda.descend('pn_group'))
_check_public_fields()
_check_private_fields()
_check_manual_dns()
_check_dyndns_fields()