def change_net(network, netmask, ccd, fn_ips, ipv6):
if ipv6:
option = "ifconfig-ipv6-push"
appendix = "/" + network.split('/')[1] + "\n"
else:
option = "ifconfig-push"
appendix = " " + netmask + "\n"
ip_map_new = []
listener.setuid(0)
lo = ul.getMachineConnection()
users = lo.search('univentionOpenvpnAccount=1')
listener.unsetuid()
users = map(lambda user: user[1].get('uid', [None])[0], users)
for name in users:
ip_new = generate_ip(network, ip_map_new)
ip_map_new.append((name, ip_new))
# write entry in ccd
cc = univention_openvpn_common.load_rc(3, ccd + name + ".openvpn")
if cc is None:
cc = []
else:
cc = [x for x in cc if not re.search(option, x)]
cc.append(option + " " + ip_new + appendix)
univention_openvpn_common.write_rc(3, cc, ccd + name + ".openvpn")
univention_openvpn_common.write_ip_map(3, ip_map_new, fn_ips)
listener.setuid(0)
#ucr = ConfigRegistry()
#ucr.load()
if portold:
ucr.handler_unset(['security/packetfilter/package/univention-openvpn-server/udp/'+portold+'/all'])
if portnew and 'univentionOpenvpnActive' in new:
ucr.handler_set(['security/packetfilter/package/univention-openvpn-server/udp/'+portnew+'/all=ACCEPT'])
listener.unsetuid()
ccd = '/etc/openvpn/ccd-' + portnew + '/'
fn_ips = '/etc/openvpn/ips-' + portnew
fn_ipsv6 = '/etc/openvpn/ipsv6-' + portnew
# write new server config
flist = univention_openvpn_common.load_rc(3, fn_serverconf)
flist = [x for x in flist if not re.search("port", x) and not re.search('push "redirect-gateway', x) and not re.search("duplicate-cn", x) and not re.search("server", x) and not re.search("server-ipv6", x) and not re.search("client-config-dir", x) and not re.search("proto", x) and not re.search("plugin", x)]
flist.append("port %s\n" % portnew)
network = new.get('univentionOpenvpnNet', [None])[0]
if not network:
ud.debug(ud.LISTENER, ud.INFO, '3 Missing params, skipping actions')
action = None
return # invalid config, skip
ipnw = netaddr.IPNetwork(network)
if ipnw.size == 1:
netmask = '255.255.255.0'
network = str(ipnw.network) + "/24"
else:
portold = old.get('univentionOpenvpnSitetoSitePort', [None])[0]
portnew = new.get('univentionOpenvpnSitetoSitePort', [None])[0]
if portold is not portnew:
listener.setuid(0)
#ucr.ConfigRegistry().load()
#ucr.load()
if portold:
ucr.handler_unset(['security/packetfilter/package/univention-openvpn-sitetosite/udp/'+portold+'/all'])
if portnew and 'univentionOpenvpnSitetoSiteActive' in new:
ucr.handler_set(['security/packetfilter/package/univention-openvpn-sitetosite/udp/'+portnew+'/all=ACCEPT'])
listener.unsetuid()
# write new sitetosite config
flist = univention_openvpn_common.load_rc(5, fn_sitetositeconf)
flist = [x for x in flist if not re.search("remote", x) and not re.search("port", x) and not re.search("ifconfig", x)]
flist.append("port %s\n" % portnew)
remote = new.get('univentionOpenvpnRemote', [None])[0]
flist.append("remote %s\n" % remote)
localaddress = new.get('univentionOpenvpnLocalAddress', [None])[0]
remoteaddress = new.get('univentionOpenvpnRemoteAddress', [None])[0]
flist.append("ifconfig %s %s\n" % (localaddress, remoteaddress))
secret = new.get('univentionOpenvpnSecret', [None])[0]
#ud.debug(ud.LISTENER, ud.INFO, '5 secret: %s' % (secret))
univention_openvpn_common.write_rc(5, [secret] if secret else [''], fn_secret)
