def management_connection_down(self, reason=None): # from managementconnection
_log.info("management connection down, reason: %s" % reason)
try:
helpers.get_global_status().setS(ns.managementServerConnection, rdf.Boolean, False)
except:
_log.exception("cannot set management connection rdf status to down")
# 'reason' can be many things, including protocol errors from Identify(),
# check for them here
try:
self._license_helper.process_failure_reason(reason)
except:
_log.exception("failed to check management_connection_down reason")
self._ajax_helper.wake_status_change_waiters()
def _write_connection_state(self, identify_result):
behind_nat = identify_result["behindNat"]
our_addr = identify_result["clientAddressSeenByServer"]
global_st = helpers.get_global_status()
global_st.setS(ns.behindNat, rdf.Boolean, behind_nat)
global_st.setS(
ns.managementConnectionOurNattedAddress, rdf.IPv4Address, datatypes.IPv4Address.fromString(our_addr)
)
def _get_server_ip_for_win2k(self, ctx):
try:
request = inevow.IRequest(ctx)
server_address = str(request.getRequestHostname())
t = datatypes.IPv4Address.fromString(server_address)
return t.toString()
except: # XXX: wide catch
pass
# use management connection natted IP
global_st = helpers.get_global_status()
if global_st.hasS(ns.managementConnectionOurNattedAddress):
return global_st.getS(ns.managementConnectionOurNattedAddress, rdf.IPv4Address).toString()
return None
def _get_hardware_info():
cpu_usage = None
mem_usage = None
disk_usage = None
swap_usage = None
try:
st_root = helpers.get_global_status()
cpu_usage = st_root.getS(ns.cpuUsage, rdf.Float)
mem_usage = st_root.getS(ns.memoryUsage, rdf.Float)
disk_usage = st_root.getS(ns.diskUsage, rdf.Float)
swap_usage = st_root.getS(ns.swapUsage, rdf.Float)
except:
_log.exception("cannot get values")
return [cpu_usage, disk_usage, mem_usage, swap_usage]
def create_config(self, cfg, resinfo):
"""Create configuration file for ez-ipupdate.
See http://www.shakabuku.org/writing/dyndns.html.
"""
global_st = helpers.get_global_status()
pub_iface, pub_iface_name = helpers.get_public_iface(cfg)
pub_dyndns_cfg = helpers.get_dyndns_config(cfg)
conf = textwrap.dedent("""\
# intentionally empty
""")
self.do_start = False
if pub_dyndns_cfg is not None:
self.debug_on = helpers.get_debug(cfg)
if self.debug_on:
debug = 'debug'
else:
debug = ''
self._log.debug('Dynamic DNS configured')
provider = pub_dyndns_cfg.getS(ns.provider, rdf.String)
username = pub_dyndns_cfg.getS(ns.username, rdf.String)
password = pub_dyndns_cfg.getS(ns.password, rdf.String)
hostname = pub_dyndns_cfg.getS(ns.hostname, rdf.String)
# address selection is complicated due to many options
address = None
if pub_dyndns_cfg.hasS(ns.dynDnsAddress):
addr = pub_dyndns_cfg.getS(ns.dynDnsAddress)
if addr.hasType(ns.DynDnsInterfaceAddress):
address = None
elif addr.hasType(ns.DynDnsStaticAddress):
address = addr.getS(ns.ipAddress, rdf.IPv4Address).toString()
elif addr.hasType(ns.DynDnsManagementConnectionAddress):
if global_st.hasS(ns.managementConnectionOurNattedAddress):
address = global_st.getS(ns.managementConnectionOurNattedAddress, rdf.IPv4Address).toString()
else:
address = None
else:
raise Exception('invalid dynDnsAddress type')
if address == '':
address = None
address_str = ''
if address is not None:
address_str = 'address=%s' % address
interface_str = 'interface=%s' % pub_iface_name
self._log.debug('Dynamic DNS parameters: provider=%s, username=%s, password=%s, hostname=%s, address=%s, interface=%s' % (provider, username, password, hostname, address, pub_iface_name))
# NB: persistent cache is required for proper dyndns operation
conf = textwrap.dedent("""\
#!/usr/local/bin/ez-ipupdate -c
service-type=%(provider)s
user=%(username)s:%(password)s
host=%(hostname)s
%(address)s
%(interface)s
max-interval=2073600
%(debug)s
cache-file=%(cache_file_stem)s.%(pubif)s
daemon
""") % {'provider':provider,
'username':username,
'password':password,
'hostname':hostname,
'address':address_str,
'interface':interface_str,
'cache_file_stem':constants.EZIPUPDATE_CACHE,
'pubif':pub_iface_name,
'debug':debug}
self.do_start = True
else:
self._log.debug('No dynamic DNS configured')
self.configs = [{'file': constants.EZIPUPDATE_CONF,
'cont': conf,
'mode': 0755}]
def renderHTTP(self, ctx):
# XXX: refactor this to a helper??
def _xml_escape(x):
return helpers.xml_escape(x)
# XXX: simple base64 encoding does not seem to be enough
def _base64_encode(x):
# base64 produces a newline, strip it away; still not correct tho
return x.encode('base64').strip()
request = inevow.IRequest(ctx)
# figure parameters
server_address = ''
try:
server_address = str(request.getRequestHostname())
except:
_log.exception('cannot figure out server_address')
preshared_key = ''
try:
psk_seq = helpers.get_ui_config().getS(
ns_ui.preSharedKeys, rdf.Seq(rdf.Type(ns_ui.PreSharedKey)))
preshared_key = str(psk_seq[0].getS(ns_ui.preSharedKey,
rdf.String))
except:
_log.exception('cannot figure out preshared_key')
username = ''
try:
tmp = self.get_logged_in_username()
if tmp is not None:
username = str(tmp)
except:
_log.exception('cannot figure out username')
# Profile name
profile_prefix = 'VPNease'
try:
if os.path.exists(constants.AUTOCONFIG_PROFILE_PREFIX_FILE):
profile_prefix = helpers.read_and_strip_file(
constants.AUTOCONFIG_PROFILE_PREFIX_FILE)
except:
_log.exception('failed when checking for alternative profile name')
profile_name = '%s (%s)' % (profile_prefix, server_address)
# Server behind port forward
server_portfw = False
try:
global_st = helpers.get_global_status()
if global_st.hasS(ns.behindNat):
if global_st.getS(ns.behindNat, rdf.Boolean):
server_portfw = True
else:
server_portfw = False
else:
# assume worst - reboot *MAY* be required
server_portfw = True
# markerfile for debugging
if helpers.check_marker_file(
constants.FORCE_NATTREBOOT_MARKERFILE):
_log.warning(
'force nat-t reboot marker file exists, pretending server is behind port forward'
)
server_portfw = True
except:
_log.exception(
'cannot determine whether server is behind port forward, may be OK'
)
#
# Notes about OSX plist for networkConnect
#
# * There are settings for PPP redial counts etc. We don't use them
# because we want to minimize risks.
#
# * DisconnectOnXXX settings only seem to work when inside SystemConfig,
# not inside UserConfigs.
#
# * SystemConfig -> IPv4 -> OverridePrimary=1 should, based on PPP code,
# set 'default route' setting but doesn't seem to work.
#
# * UserConfigs -> IPsec -> ExportedSharedSecret contains the pre-shared
# key for IKE in some sort of encrypted format. The value is base64
# encoded but the pre-shared key is processed (encrypted or masked)
# prior to base64. Note that whatever the unknown (and seemingly
# undocumented transform is, it has to be reversible because IKE needs
# the PSK.
#
# * CCP / MPPC / MPPE are disabled now. They don't actually work in
# Leopard at least.
#
# create xml plist
textdata = textwrap.dedent("""\
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>L2TP</key>
<dict>
<key>SystemConfig</key>
<dict>
<key>PPP</key>
<dict>
<key>DisconnectOnSleep</key>
<integer>1</integer>
<key>DisconnectOnFastUserSwitch</key>
<integer>1</integer>
<key>DisconnectOnLogout</key>
<integer>1</integer>
</dict>
</dict>
<key>UserConfigs</key>
<array>
<dict>
<key>EAP</key>
<dict/>
<key>IPSec</key>
<dict>
<key>AuthenticationMethod</key>
<string>SharedSecret</string>
<key>LocalIdentifier</key>
<string></string>
<key>LocalIdentifierType</key>
<string>KeyID</string>
</dict>
<key>PPP</key>
<dict>
<key>AuthName</key>
<string>%(username)s</string>
<key>CommRemoteAddress</key>
<string>%(server_address)s</string>
<key>UserDefinedName</key>
<string>%(profile_name)s</string>
<key>CCPEnabled</key>
<integer>%(ccp_enabled)d</integer>
<key>CCPMPPE128Enabled</key>
<integer>%(ccp_mppe40_enabled)d</integer>
<key>CCPMPPE40Enabled</key>
<integer>%(ccp_mppe128_enabled)d</integer>
</dict>
</dict>
</array>
</dict>
</dict>
</plist>
""") % {
'preshared_key_base64': _xml_escape(_base64_encode(preshared_key)),
'username': _xml_escape(username),
'server_address': _xml_escape(server_address),
'profile_name': _xml_escape(profile_name),
'override_primary': 1, # XXX: force default route
'ccp_enabled': 0,
'ccp_mppe40_enabled': 0,
'ccp_mppe128_enabled': 0,
}
#
# Content-Type is interesting. If this is served as 'text/xml', Safari
# will display the file without offering a save option. Even if it is
# saved, Safari will *refuse* saving the file with '.networkConnect'
# extension.
#
# 'application/octet-stream' causes Safari to save the file, and use can
# double click to run it.
#
return uihelpers.UncachedData(textdata, 'application/octet-stream')
def renderHTTP(self, ctx):
# XXX: refactor this to a helper??
def _xml_escape(x):
return helpers.xml_escape(x)
# XXX: simple base64 encoding does not seem to be enough
def _base64_encode(x):
# base64 produces a newline, strip it away; still not correct tho
return x.encode('base64').strip()
request = inevow.IRequest(ctx)
# figure parameters
server_address = ''
try:
server_address = str(request.getRequestHostname())
except:
_log.exception('cannot figure out server_address')
preshared_key = ''
try:
psk_seq = helpers.get_ui_config().getS(ns_ui.preSharedKeys, rdf.Seq(rdf.Type(ns_ui.PreSharedKey)))
preshared_key = str(psk_seq[0].getS(ns_ui.preSharedKey, rdf.String))
except:
_log.exception('cannot figure out preshared_key')
username = ''
try:
tmp = self.get_logged_in_username()
if tmp is not None:
username = str(tmp)
except:
_log.exception('cannot figure out username')
# Profile name
profile_prefix = 'VPNease'
try:
if os.path.exists(constants.AUTOCONFIG_PROFILE_PREFIX_FILE):
profile_prefix = helpers.read_and_strip_file(constants.AUTOCONFIG_PROFILE_PREFIX_FILE)
except:
_log.exception('failed when checking for alternative profile name')
profile_name = '%s (%s)' % (profile_prefix, server_address)
# Server behind port forward
server_portfw = False
try:
global_st = helpers.get_global_status()
if global_st.hasS(ns.behindNat):
if global_st.getS(ns.behindNat, rdf.Boolean):
server_portfw = True
else:
server_portfw = False
else:
# assume worst - reboot *MAY* be required
server_portfw = True
# markerfile for debugging
if helpers.check_marker_file(constants.FORCE_NATTREBOOT_MARKERFILE):
_log.warning('force nat-t reboot marker file exists, pretending server is behind port forward')
server_portfw = True
except:
_log.exception('cannot determine whether server is behind port forward, may be OK')
#
# Notes about OSX plist for networkConnect
#
# * There are settings for PPP redial counts etc. We don't use them
# because we want to minimize risks.
#
# * DisconnectOnXXX settings only seem to work when inside SystemConfig,
# not inside UserConfigs.
#
# * SystemConfig -> IPv4 -> OverridePrimary=1 should, based on PPP code,
# set 'default route' setting but doesn't seem to work.
#
# * UserConfigs -> IPsec -> ExportedSharedSecret contains the pre-shared
# key for IKE in some sort of encrypted format. The value is base64
# encoded but the pre-shared key is processed (encrypted or masked)
# prior to base64. Note that whatever the unknown (and seemingly
# undocumented transform is, it has to be reversible because IKE needs
# the PSK.
#
# * CCP / MPPC / MPPE are disabled now. They don't actually work in
# Leopard at least.
#
# create xml plist
textdata = textwrap.dedent("""\
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>L2TP</key>
<dict>
<key>SystemConfig</key>
<dict>
<key>PPP</key>
<dict>
<key>DisconnectOnSleep</key>
<integer>1</integer>
<key>DisconnectOnFastUserSwitch</key>
<integer>1</integer>
<key>DisconnectOnLogout</key>
<integer>1</integer>
</dict>
</dict>
<key>UserConfigs</key>
<array>
<dict>
<key>EAP</key>
<dict/>
<key>IPSec</key>
<dict>
<key>AuthenticationMethod</key>
<string>SharedSecret</string>
<key>LocalIdentifier</key>
<string></string>
<key>LocalIdentifierType</key>
<string>KeyID</string>
</dict>
<key>PPP</key>
<dict>
<key>AuthName</key>
<string>%(username)s</string>
<key>CommRemoteAddress</key>
<string>%(server_address)s</string>
<key>UserDefinedName</key>
<string>%(profile_name)s</string>
<key>CCPEnabled</key>
<integer>%(ccp_enabled)d</integer>
<key>CCPMPPE128Enabled</key>
<integer>%(ccp_mppe40_enabled)d</integer>
<key>CCPMPPE40Enabled</key>
<integer>%(ccp_mppe128_enabled)d</integer>
</dict>
</dict>
</array>
</dict>
</dict>
</plist>
""") % {
'preshared_key_base64': _xml_escape(_base64_encode(preshared_key)),
'username': _xml_escape(username),
'server_address': _xml_escape(server_address),
'profile_name': _xml_escape(profile_name),
'override_primary': 1, # XXX: force default route
'ccp_enabled': 0,
'ccp_mppe40_enabled': 0,
'ccp_mppe128_enabled': 0,
}
#
# Content-Type is interesting. If this is served as 'text/xml', Safari
# will display the file without offering a save option. Even if it is
# saved, Safari will *refuse* saving the file with '.networkConnect'
# extension.
#
# 'application/octet-stream' causes Safari to save the file, and use can
# double click to run it.
#
return uihelpers.UncachedData(textdata, 'application/octet-stream')
def measure_and_update(self, update_rrd=True, update_rdf=True, quick=False):
"""Update all measurements.
To minimize rrd load on the system, it is preferable to update all measurements
in one go. Further, if asynchronous updating is desired, separate rrd files
need to be used anyway.
We also update some statistics to a RDF status branch for statistics that are not
protocol related (e.g. CPU usage). This is so that the web UI can get access to
this sort of information even when the runner is not active. Admittedly this is
not a very clean thing to do.
"""
# It is important to run time-consuming system checks inside @untransact to
# minimize the time RDF database access is locked.
timestamp = datetime.datetime.utcnow()
timeval = int(time.mktime(timestamp.timetuple())) # XXX: round?
# these values can be extracted regardless of l2tp-runner state
cpu_load = self.measure_cpuload()
if quick:
# quick is used in boot to minimize postinit time
cpu_usage = 0
else:
cpu_usage = self.measure_vmstat()
cpu_count = self.measure_cpuinfo()
disk_total, disk_avail = self.measure_diskstats()
mem_total, mem_free, swap_total, swap_free = self.measure_meminfo()
mem_used = mem_total - mem_free
swap_used = swap_total - swap_free
net_pubrx, net_pubtx, net_privrx, net_privtx = self.measure_network()
def _nusr_filter(dev):
if dev.hasS(ns.restrictedConnection) and dev.getS(ns.restrictedConnection, rdf.Boolean):
return False
# XXX: We'd like to ignore inactive devices, but this wasn't reliable enough
#if dev.hasS(ns.deviceActive) and not dev.getS(ns.deviceActive, rdf.Boolean):
# return False
if dev.hasS(ns.connectionType):
if dev.getS(ns.connectionType).hasType(ns.NormalUser):
return True
return False
def _susr_filter(dev):
if dev.hasS(ns.restrictedConnection) and dev.getS(ns.restrictedConnection, rdf.Boolean):
return False
# XXX: We'd like to ignore inactive devices, but this wasn't reliable enough
#if dev.hasS(ns.deviceActive) and not dev.getS(ns.deviceActive, rdf.Boolean):
# return False
if dev.hasS(ns.connectionType):
conntype = dev.getS(ns.connectionType)
if conntype.hasType(ns.SiteToSiteClient) or conntype.hasType(ns.SiteToSiteServer):
return True
return False
# user related data is only reliable if l2tp-runner is in state "running"
try:
st = helpers.get_status().getS(ns.state)
if not st.hasType(ns.StateRunning):
raise Exception('State not running')
nusr_count, \
nusr_rxtotal, nusr_txtotal, \
nusr_rxavg, nusr_txavg, \
nusr_rxmax, nusr_txmax = self.measure_ppp_devs(_nusr_filter)
susr_count, \
susr_rxtotal, susr_txtotal, \
susr_rxavg, susr_txavg, \
susr_rxmax, susr_txmax = self.measure_ppp_devs(_susr_filter)
except:
nusr_count, \
nusr_rxtotal, nusr_txtotal, \
nusr_rxavg, nusr_txavg, \
nusr_rxmax, nusr_txmax = ['U']*7
susr_count, \
susr_rxtotal, susr_txtotal, \
susr_rxavg, susr_txavg, \
susr_rxmax, susr_txmax = ['U']*7
vals = [ timeval,
cpu_load,
cpu_usage,
cpu_count,
disk_total,
disk_avail,
mem_total,
mem_used,
swap_total,
swap_used,
net_pubrx,
net_pubtx,
net_privrx,
net_privtx,
nusr_count,
nusr_rxtotal,
nusr_txtotal,
nusr_rxavg,
nusr_txavg,
nusr_rxmax,
nusr_txmax,
susr_count,
susr_rxtotal,
susr_txtotal,
susr_rxavg,
susr_txavg,
susr_rxmax,
susr_txmax ]
valstr = map(lambda x: str(x), vals)
@db.untransact()
def _run_rrd():
# update rrd
run_command([
constants.CMD_RRDTOOL,
'update', self.filename,
':'.join(valstr)
], retval=runcommand.FAIL)
if update_rrd:
_run_rrd()
if update_rdf:
st = helpers.get_global_status()
st.setS(ns.cpuUsage, rdf.Float, float(cpu_usage)) # percents
st.setS(ns.cpuCount, rdf.Integer, int(cpu_count)) # count
st.setS(ns.diskUsage, rdf.Float, (float(disk_total) - float(disk_avail)) / float(disk_total) * 100.0) # percents
st.setS(ns.diskTotal, rdf.Float, float(disk_total)) # fake megs
st.setS(ns.memoryUsage, rdf.Float, float(mem_used) / float(mem_total) * 100.0) # percents
st.setS(ns.memoryTotal, rdf.Integer, int(mem_total)) # kilobytes
if swap_total > 0:
st.setS(ns.swapUsage, rdf.Float, float(swap_used) / float(swap_total) * 100.0) # percents
else:
st.setS(ns.swapUsage, rdf.Float, 0.0)
st.setS(ns.swapTotal, rdf.Integer, int(swap_total)) # kilobytes
def management_connection_up(self, identify_result): # from managementconnection
_log.info("management connection established")
if identify_result is None:
_log.warning("identify result is None, connect() or start_primary() called twice? ignoring")
return
try:
helpers.write_cookie_uuid(identify_result["cookieUuid"])
except:
_log.exception("failed to write cookie UUID")
try:
self._license_helper.update_license_info(identify_result)
except:
_log.exception("license info update failed")
try:
self._update_update_info(identify_result)
except:
_log.exception("update update info failed")
try:
self._do_timesync(identify_result["currentUtcTime"])
except:
_log.exception("timesync failed")
try:
self._immediate_auto_update_check(identify_result)
except:
_log.exception("immediate auto update check failed")
try:
self._write_connection_state(identify_result)
except:
_log.exception("write connection state failed")
# XXX: If license parameters have changed, we might ideally want to
# make the protocol part react somehow. Currently we just apply the
# changed license to new connections, not old ones.
# Wake up Ajax waiters
self._ajax_helper.wake_status_change_waiters()
# Boot code (update) needs a snapshot of a "known good" network config.
# If the management connection comes up, we are quite sure the config
# is good, at least for updating.
if self.l2tpmanager.isRunning():
try:
self._export_rdf_database()
except:
_log.exception("failed to export rdf database")
# If we don't have a test license at this point, request one now
try:
self._test_license_check()
except:
_log.exception("_test_license_check failed")
# XXX: to ensure that the test license makes it to the exported "known good"
# configuration ASAP, we might want to export the known good configuration
# again when the test license is received.
try:
helpers.get_global_status().setS(ns.managementServerConnection, rdf.Boolean, True)
except:
_log.exception("cannot set management connection rdf status to up")
def _update_license_server_status(res):
helpers.get_global_status().setS(ns.managementServerConnection, rdf.Boolean, False)
def renderHTTP(self, ctx):
request = inevow.IRequest(ctx)
# read unpatched exe
f = None
exedata = ''
try:
f = open(self.autoconfig_exe_filename, 'rb')
exedata = f.read()
finally:
if f is not None:
f.close()
f = None
# figure parameters
server_address_in_uri = None
try:
server_address_in_uri = str(request.getRequestHostname())
except:
_log.exception('cannot figure out server_address_in_uri')
server_ip = None
try:
server_ip = self._get_server_ip_for_win2k(ctx)
except:
_log.exception('cannot figure out server_ip')
server_address = None
if self.force_server_address_to_ip:
server_address = server_ip
else:
server_address = server_address_in_uri
if (server_address_in_uri is None) or (server_address_in_uri == ''):
raise Exception('server_address_in_uri missing, failing')
if (server_address is None) or (server_address == ''):
raise Exception('server_address missing, failing')
if self.include_win2k_regdata and ((server_ip is None) or (server_ip == '')):
raise Exception('server_ip is needed and missing, failing')
preshared_key = ''
try:
psk_seq = helpers.get_ui_config().getS(ns_ui.preSharedKeys, rdf.Seq(rdf.Type(ns_ui.PreSharedKey)))
preshared_key = str(psk_seq[0].getS(ns_ui.preSharedKey, rdf.String))
except:
_log.exception('cannot figure out preshared_key')
username = ''
try:
tmp = self.get_logged_in_username()
if tmp is not None:
username = str(tmp)
except:
_log.exception('cannot figure out username')
# Profile name, always uses address in URI, even if server address itself forced to IP
profile_prefix = 'VPNease'
try:
if os.path.exists(constants.AUTOCONFIG_PROFILE_PREFIX_FILE):
profile_prefix = helpers.read_and_strip_file(constants.AUTOCONFIG_PROFILE_PREFIX_FILE)
except:
_log.exception('failed when checking for alternative profile name')
profile_name = '%s (%s)' % (profile_prefix, server_address_in_uri)
# Server behind port forward
server_portfw = False
try:
global_st = helpers.get_global_status()
if global_st.hasS(ns.behindNat):
if global_st.getS(ns.behindNat, rdf.Boolean):
server_portfw = True
else:
server_portfw = False
else:
# assume worst - reboot *MAY* be required
server_portfw = True
# markerfile for debugging
if helpers.check_marker_file(constants.FORCE_NATTREBOOT_MARKERFILE):
_log.warning('force nat-t reboot marker file exists, pretending server is behind port forward')
server_portfw = True
except:
_log.exception('cannot determine whether server is behind port forward, may be OK')
# Windows 2000 registry-based IPsec policy + prohibitIpsec
win2k_ipsec_policy_registry_file = ''
try:
if self.include_win2k_regdata:
# Registry data is HEX encoded UTF-16; HEX encoding is used to avoid problems
# with the parameters.cpp mechanism (null termination). The resulting data is
# large, around 50 kilobytes (!).
# Always uses server IP for IPsec policy, because that's what Windows 2000 IPsec wants
t = self._get_win2k_reg_file(server_ip, preshared_key)
t = self._encode_windows_reg_file(t) # UTF-16
win2k_ipsec_policy_registry_file = t.encode('hex') # hex-encoded UTF-16
except:
_log.exception('cannot create win2k registry file')
# Fill paramdict and return
paramdict = {}
paramdict['operation'] = 'configure_profile'
paramdict['profile_name'] = profile_name
paramdict['desktop_shortcut_name'] = '%s.LNK' % profile_name # xxx: for now the same
paramdict['server_address'] = server_address
paramdict['preshared_key'] = preshared_key
paramdict['username'] = username
paramdict['ppp_compression_enabled'] = '1'
paramdict['default_route_enabled'] = '1'
paramdict['create_desktop_shortcut'] = '1'
paramdict['open_profile_after_creation'] = '1'
if server_portfw:
paramdict['server_behind_port_forward'] = '1'
else:
paramdict['server_behind_port_forward'] = '0'
if self.include_win2k_regdata:
paramdict['win2k_registry_file'] = win2k_ipsec_policy_registry_file
return uihelpers.RewritingBinaryResource(exedata, paramdict)
def _update_snmp():
"""Update SNMP data."""
from codebay.l2tpserver import licensemanager
from codebay.l2tpserver import helpers
from codebay.l2tpserver.webui import uihelpers
now = datetime.datetime.utcnow()
st = helpers.get_status()
global_st = helpers.get_global_status()
license_info = helpers.get_license_info()
def _timeticks(td):
return int(helpers.timedelta_to_seconds(td) * 100.0)
def _timestamp(dt):
return datatypes.encode_datetime_to_iso8601_subset(dt)
def _get_management_conn():
# XXX: not the best place for this
if global_st.hasS(ns.managementServerConnection):
if global_st.getS(ns.managementServerConnection, rdf.Boolean):
return 1
return 0
vals = {}
lm = licensemanager.LicenseMonitor()
usr_count, usr_limit, usr_limit_leeway, s2s_count, s2s_limit, s2s_limit_leeway = None, None, None, None, None, None
try:
usr_count, usr_limit, usr_limit_leeway, s2s_count, s2s_limit, s2s_limit_leeway = lm.count_both_users()
except:
_log.exception('cannot get ppp counts for snmp')
# XXX: this sharing of status code is quite unclean; see uihelpers.get_status_and_substatus() for suggestions
health_errors = 0
try:
status_class, status_text, substatus_class, substatus_text, status_ok = uihelpers.get_status_and_substatus()
if status_ok:
health_errors = 0
else:
health_errors = 1
except:
_log.exception('cannot determine health errors')
for k, l in [ ('vpneaseHealthCheckErrors', lambda: health_errors),
('vpneaseUserCount', lambda: usr_count),
('vpneaseSiteToSiteCount', lambda: s2s_count),
('vpneaseLastMaintenanceReboot', lambda: _timestamp(helpers.read_datetime_marker_file(constants.LAST_AUTOMATIC_REBOOT_MARKER_FILE))),
('vpneaseNextMaintenanceReboot', lambda: _timestamp(uihelpers.compute_periodic_reboot_time())),
('vpneaseLastSoftwareUpdate', lambda: _timestamp(helpers.read_datetime_marker_file(constants.LAST_SUCCESSFUL_UPDATE_MARKER_FILE))),
('vpneaseSoftwareVersion', lambda: helpers.get_product_version(cache=True, filecache=True)),
('vpneaseCpuUsage', lambda: int(global_st.getS(ns.cpuUsage, rdf.Float))),
('vpneaseMemoryUsage', lambda: int(global_st.getS(ns.memoryUsage, rdf.Float))),
('vpneaseVirtualMemoryUsage', lambda: int(global_st.getS(ns.swapUsage, rdf.Float))),
('vpneaseServiceUptime', lambda: _timeticks(now - st.getS(ns.startTime, rdf.Datetime))),
('vpneaseHostUptime', lambda: _timeticks(datetime.timedelta(0, helpers.get_uptime(), 0))),
('vpneasePublicAddress', lambda: st.getS(ns.publicInterface, rdf.Type(ns.NetworkInterface)).getS(ns.ipAddress, rdf.IPv4AddressSubnet).getAddress().toString()),
('vpneasePublicSubnet', lambda: st.getS(ns.publicInterface, rdf.Type(ns.NetworkInterface)).getS(ns.ipAddress, rdf.IPv4AddressSubnet).getMask().toString()),
('vpneasePublicMac', lambda: st.getS(ns.publicInterface, rdf.Type(ns.NetworkInterface)).getS(ns.macAddress, rdf.String)),
('vpneasePrivateAddress', lambda: st.getS(ns.privateInterface, rdf.Type(ns.NetworkInterface)).getS(ns.ipAddress, rdf.IPv4AddressSubnet).getAddress().toString()),
('vpneasePrivateSubnet', lambda: st.getS(ns.privateInterface, rdf.Type(ns.NetworkInterface)).getS(ns.ipAddress, rdf.IPv4AddressSubnet).getMask().toString()),
('vpneasePrivateMac', lambda: st.getS(ns.privateInterface, rdf.Type(ns.NetworkInterface)).getS(ns.macAddress, rdf.String)),
('vpneaseLicenseKey', lambda: license_info.getS(ns_ui.licenseKey, rdf.String)),
('vpneaseLicenseString', lambda: license_info.getS(ns_ui.licenseString, rdf.String)),
('vpneaseLicenseUserLimit', lambda: usr_limit),
('vpneaseLicenseSiteToSiteLimit', lambda: s2s_limit),
('vpneaseMaintenanceReboots', lambda: global_st.getS(ns.periodicReboots, rdf.Integer)),
('vpneaseWatchdogReboots', lambda: global_st.getS(ns.watchdogReboots, rdf.Integer)),
('vpneaseLicenseServerConnection', _get_management_conn),
]:
try:
val = l()
if val is not None:
vals[k] = val
except:
# these are expected in several cases, so don't spew too much log about them
# XXX: it would be better if the checkers would figure these out for themselves
# (when a value is expected and when not)
_log.info('failed to get snmp value for key %s' % k)
#_log.exception('failed to get snmp value for key %s' % k)
keys = vals.keys()
keys.sort()
res = ''
for k in keys:
res += '%s=%s\n' % (k, vals[k])
# to ASCII, escaping any non-ASCII chars with XML escapes
res = res.encode('US-ASCII', 'xmlcharrefreplace')
f = None
try:
f = open(constants.SNMP_DATA_FILE, 'wb')
f.write(res)
finally:
if f:
f.close()
f = None
