def loadFile(self, ruleset_context, filetype, name,
editable=False, from_template=None, action=None, ruleset_id=0,
filename=None, content=None):
# Log the action
logger = ruleset_context.logger
text = "Load %s: %s" % (filetype, name)
if ruleset_id == 0:
logger.info(text)
else:
logger.debug(text)
if not content:
# Get the filename
if not filename:
if filetype == "library":
filename = LIBRARY_FILENAME
else:
filename = rulesetFilename(filetype, name)
# Parse the XML file
try:
with open(filename) as fp:
ruleset = etree.parse(fp).getroot()
except IOError, err:
if err.errno == ENOENT:
if filetype == 'template':
message = tr('The "%s" template does not exist. It has been deleted or renamed.')
else:
message = tr('The "%s" rule set does not exist. It has been deleted or renamed.')
raise RulesetError(message, name)
else:
raise RulesetError(
tr('Unable to open file "%s" (%s): %s'),
basename(filename), filetype, exceptionAsUnicode(err))
def rulesetUpload(component, logger, filetype, input_filename, content, netcfg):
# Extract ruleset name from the input filename
name = basename(input_filename)
if not name.lower().endswith(".xml"):
raise RulesetError('File extension is not ".xml"!')
name = name[:-4]
# Ensure that the ruleset doesn't exist on disk
rulesetFilename(filetype, name, check_existing=True)
# Decode the content
content = decodeFileContent(content)
# Open the ruleset the check the consistency
ruleset = Ruleset(component, logger, netcfg, read_only=True)
ruleset.load(logger, filetype, name, content=content)
if component.core.getMultisiteType() == MULTISITE_SLAVE:
if exists(MULTISITE_TEMPLATE_FILENAME):
template = MULTISITE_TEMPLATE_NAME
else:
template = None
replaceTemplate(logger, ruleset, template)
# Write the ruleset
try:
ruleset.save()
except IOError, err:
raise RulesetError(
tr("Unable to write into the file %s (%s): %s!"),
basename(ruleset.filename),
ruleset.filetype,
exceptionAsUnicode(err),
)
def start(self):
"""
Create a connection to database.
"""
if self.dbpool:
self.dbpool.close()
self.dbpool = None
try:
self.info('Connecting to database %s' % self.conf['database'])
kwargs = {}
kwargs[ self.dbkw['host'] ] = self.conf['hostname']
kwargs[ self.dbkw['db'] ] = self.conf['database']
kwargs[ self.dbkw['user'] ] = self.conf['username']
kwargs[ self.dbkw['pass'] ] = self.conf['password']
self.dbpool = adbapi.ConnectionPool(self.dbapi, **kwargs)
self.dbpool.connect()
self.info('Connected!')
except self.error_type, e:
self.dbpool = None
try:
error = e[1]
except IndexError:
error = e
raise DatabaseError(
tr("Unable to connect to database, check your configuration: %s"),
exceptionAsUnicode(error))
def parseIPAddress(text):
try:
return IP(text)
except ValueError, err:
raise RulesetError(
tr('Invalid IP address "%s": %s'),
text, exceptionAsUnicode(err))
def __init__(self):
self.objects = {}
try:
from .mysql import MySQLDataBase
self.objects['mysql'] = MySQLDataBase
except ImportError, e:
self.objects['mysql'] = exceptionAsUnicode(e)
def discover(self, ip_flow=None, route_flow=None, route6_flow=None):
"""
ip_flow, route_flow: file descriptors for stdout of 'ip addr list' and 'ip route list'
"""
added = set()
ignored = set()
self.important("Auto discovering network parameters")
self.discovering = True
if ip_flow == None:
ip_flow = self.runCmd(NetCfgAutoConf.IP_NET_CMD)
cur_iface = None
wait = NetCfgAutoConf.IFACE
for line in ip_flow:
try:
line_class, data = self.matchLineClass(line)
if data is IGNORED_INTERFACE:
cur_iface = None
self.debug("Ignoring interface specified by <%s>" % line)
continue
except IgnoredData, err:
self.debug("ignored %s" % line)
wait = err.wait
continue
except Exception, err:
reraise(ParseError(u"Error on line %r: %s" % (line, exceptionAsUnicode(err))))
def apply(self, responsible, optim=True):
ha_status = ENOHA
if EDENWALL:
try:
ha_status = yield self.core.callService(self.context, 'ha', 'getHAMode')
except Exception, err:
self.error(exceptionAsUnicode(err))
def getValidLicenses(self):
"""Display valid licenses in the table."""
try:
licenses = self.client.call("license", 'getValidLicenses')
except RpcdError, err:
licenses = []
self.mainwindow.addToInfoArea(exceptionAsUnicode(err),
category=COLOR_CRITICAL)
def validatePage(self):
selected = list(self.getSelected())
user_label = self.getUserLabel()
try:
self.q_netobject.netcfg.createBonding(user_label, selected)
except NetCfgError, err:
QMessageBox.warning(self, "Could not create bonding interface", exceptionAsUnicode(err))
return False
def error_sync(self, error):
self.addToInfoArea(tr("NTP synchronization failed"), category=COLOR_ERROR)
warning = QMessageBox(self)
warning.setWindowTitle(tr('NTP synchronization failed'))
warning.setText(tr('An error occurred during NTP synchronization'))
warning.setDetailedText(exceptionAsUnicode(error))
warning.setIcon(QMessageBox.Warning)
warning.exec_()
def destroy(self):
if not self.on_disk:
return
self.on_disk = False
try:
unlink(self.filename)
except IOError, err:
raise LockError("Could not delete lock file: %s" % exceptionAsUnicode(err))
def _save(self, root, filename):
umask(0077)
try:
return xml_save(root, filename)
except IOError, err:
raise ConfigError(CONFIG_ERR_XML_WRITE,
tr('Unable to write into %s XML file: %s'),
filename, exceptionAsUnicode(err))
def __handle_errors(self, err):
debug = self.mainwindow.debug
if debug:
html = Html(formatException(err, debug), escape=False) + BR
self.mainwindow.addHTMLToInfoArea(html, category=COLOR_WARNING)
else:
text = exceptionAsUnicode(err)
self.addToInfoArea(text, category=COLOR_WARNING)
self.__handle_SessionError(err)
def errorDiag(self, error):
self.mainwindow.addToInfoArea(tr("Fetching %s failed.") % self.desc)
warning = QMessageBox(self)
warning.setWindowTitle(tr('Fetching diagnostic failed'))
warning.setText(tr('An error has occurred while fetching %s.') %
self.desc)
warning.setDetailedText(exceptionAsUnicode(error))
warning.setIcon(QMessageBox.Warning)
warning.exec_()
def validatePage(self):
user_label = self.getUserLabel()
vlan_base = self.getVlanBase()
vlan_number = self.getVlanNumber()
try:
self.q_netobject.netcfg.createVlan(vlan_base, user_label, vlan_number)
except NetCfgError, err:
QMessageBox.warning(self, "Could not create vlan interface", exceptionAsUnicode(err))
return False
def validatePage(self, hard_label):
"""
Compulsory subclassing.
PyQt visible signature must be 'def validatePage(self)'
"""
try:
user_label = self.getUserLabel()
except NetCfgError, err:
QMessageBox.warning(self, "Invalid name", exceptionAsUnicode(err))
return False
def init(self, core):
ConfigServiceComponent.init(self, core)
self.addConfFile("/etc/snort_inline/edenwall-home-net.conf",
"root:root", "0644")
try:
self.handle_transition()
except Exception, err:
self.critical(
"Could not handle configuration transition to new IDS-IPS backend (%s)."
% exceptionAsUnicode(err))
def __init__(self, logger):
self.store = VariablesStore()
# Read the user configuration
if exists(CONFIG_FILENAME):
logger.info("Read the config")
try:
self.store.load(CONFIG_FILENAME)
except ConfigError, err:
logger.warning("Unable to read the config: %s" % exceptionAsUnicode(err))
def init(self, core):
var_dir = core.config.get('CORE', 'vardir')
self.FINGERPRINT_CREATED = join(var_dir, 'ufwi_conf', 'FINGERPRINT_CREATED')
self.createFingerprint()
try:
self.FINGERPRINT = self.getFingerprint()
except Exception, err:
msg = exceptionAsUnicode(err)
self.critical("Can not read fingerprint : '%s'" % msg)
def loadError(self, err, when):
message = u"[%s] %s" % (err.__class__.__name__, exceptionAsUnicode(err))
if self.name:
err = RulesetError(
tr('Error while loading %s from the "%s" rule set: %s'),
when, self.name, message)
else:
err = RulesetError(
tr('Error on new rule set creation (while loading %s): %s'),
when, message)
reraise(err)
def writeConf(netcfg, interfaces_file, ha_status):
if isinstance(interfaces_file, file):
f = interfaces_file
close_f = False
else:
close_f = True
try:
f = open(interfaces_file, 'w')
except IOError, err:
raise NetCfgError(
'Unable to write the configuration to "%s"! %s',
interfaces_file, exceptionAsUnicode(err))
def genConfigFiles(self, responsible):
if self.__hascustom():
custom = CUSTOM_DHCP
else:
custom = False
try:
context = Context.fromComponent(self)
ha_status = yield self.core.callService(context, 'ha', 'getHAMode')
except Exception, err:
self.error(exceptionAsUnicode(err))
ha_status = ENOHA
def init(self, core):
AbstractNuConfComponent.init(self, core)
self.core = core
self.license_dir = DEFAULT_LICENSE_DIR
self.gpg_homedir = DEFAULT_LICENSE_GPG_DIR
try:
self.license_dir = self.core.config.get('license', 'license_dir')
self.gpg_homedir = self.core.config.get('license', 'gpg_homedir')
except Exception, err:
self.error("Missing or incorrect 'license' configuration in /etc "
"Rpcd configuration file (%s)." %
exceptionAsUnicode(err))
def load(self, filename):
"""
Loads an xml file and fills this VariablesStore object with it.
"""
try:
with open(filename) as fp:
tree = ET.parse(fp)
root = tree.getroot()
except IOError, err:
raise ConfigError(CONFIG_NO_SUCH_FILE,
tr('Unable to open %s XML file: %s!'),
filename, exceptionAsUnicode(err))
def errorHandler(self, e):
""" This method is called when fetcher raises an error. """
# Store error in fragment, and the ErrorFragmentView will able to
# load it
error = exceptionAsUnicode(e)
self.fragment.error = error
# We keep last view in the fragment, to prevent setView() method to
# put 'error' in the fragment.view string attribute.
last_view = self.fragment.view
self.setView('error', update=False) # load the error fragment
self.fragment.view = last_view
def errorJoin(self, error):
self.splash.hide()
self.mainwindow.addToInfoArea(tr('Joining secondary: fail'), category=COLOR_ERROR)
warning = QMessageBox(self)
warning.setWindowTitle(tr('Joining secondary: fail'))
warning.setText(tr('An error was encountered while joining secondary.'))
errmsg = exceptionAsUnicode(error)
if "current state=ENOHA" in errmsg:
errmsg = tr(
"Can not join yet: the appliance is still not configured for "
"high availability. Did you save and apply your changes?"
)
warning.setDetailedText(errmsg)
warning.setIcon(QMessageBox.Warning)
warning.exec_()
def formatException(err, debug, traceback=None, errtype=None):
if errtype is None:
errtype = type(err)
if isinstance(err, RpcdError):
message = unicode(err)
if debug or (not message):
message = u"[%s] %s" % (err.type, message)
else:
message = exceptionAsUnicode(err, add_type=False)
if debug or (not message):
message = u"[%s] %s" % (errtype.__name__, message)
message = htmlParagraph(message)
if debug:
traceback = _getTraceback(err, errtype, traceback)
if traceback:
message += traceback
return unicode(message)
def handleerror(error):
message = exceptionAsUnicode(error)
if error.type == "CoreError":
return tr("This service is not available on your server. "
"You may want to upgrade the server"
)
if error.type == "NoSuchUser":
return tr("No account named '%(USERNAME)s' was found") % {
"USERNAME":re.sub(_USER_REGEX, '', message, )
}
if error.type == "NoSuchGroup":
return tr("No group named '%(GROUPNAME)s' was found.") % {
"GROUPNAME": re.sub(_GROUP_REGEX, '', message)
}
if error.type == "AuthError":
return tr("Could not authenticate '%(USERNAME)s' with the supplied credentials.") % {
"USERNAME": re.sub(_AUTH_REGEX, '', message)
}
return "[%s] %s" % (error.type, message)
def save(self):
try:
hostname = unicode(self.ui.hostname.text())
self.checkHostname(hostname)
name = unicode(self.ui.name.text())
for edw in self.edw_list:
if edw.getID() == name:
if QMessageBox.warning(None, APP_TITLE, tr("A firewall with this name is already registered. Do you want to register it again?"), QMessageBox.Yes | QMessageBox.No) == QMessageBox.No:
return False
break
port = self.ui.port.value()
protocol = unicode(self.ui.protocol.currentText()).lower()
login = unicode(self.ui.login.text())
password = unicode(self.ui.password.text())
self.client.call('multisite_master', 'register_firewall', name, hostname, port, protocol, login, password)
return True
except (RpcdError, InvalidHostname), e:
QMessageBox.critical(self, self.tr('Rpcd error'), exceptionAsUnicode(e))
return False
def createContext(self, logger):
logger.debug("SSL context: protocol=%s, fqdn_check=%s" % (self.protocol, self.fqdn_check))
context = SSL.Context(self.protocol)
# Reset options: only disable SSLv2. M2Crypto uses SSL_OP_ALL (enable
# all bug workarounds), but we control the client and the server and
# both use the OpenSSL library (a recent version).
context.set_options(SSL_OP_NO_SSLv2)
logger.debug("Use cipher list: %s" % self.cipher_list)
context.set_cipher_list(self.cipher_list)
if self.send_cert:
logger.debug("Load certificate chain (%s) and key (%s) files" % (self.cert, self.key))
try:
context.load_cert_chain(
self.encodeFilename(self.cert),
self.encodeFilename(self.key),
self.get_key_password)
except Exception, err:
raise SSLConfigError(
tr("Unable to open the certificate chain or key: %s")
% exceptionAsUnicode(err))
