def updateIpfire(): if os.path.exists("/tmp/customhosts"): os.remove("/tmp/customhosts") if os.path.exists("/tmp/customgroups"): os.remove("/tmp/customgroups") dbconn = db.database() dbconn.execute("SELECT lastknownIPv4, address, networklock FROM device D INNER JOIN hardwareidentifier HW ON HW.device_id = D.id") with open("/tmp/customhosts", "w") as customhosts: with open("/tmp/customgroups", "w") as customgroups: counter = 1 for machine in dbconn.fetchall(): customhosts.write(str(counter) + "," + machine["address"] + ",ip," + machine["lastknownIPv4"] + "/255.255.255.255\n") if machine["networklock"] == 0: customgroups.write(str(counter) + ",blocked,," + machine["address"] + ",Custom Host\n") configfile = cf.configfile() sshConnection = ssh.ssh(configfile.get("ipfire", "url"), int(configfile.get("ipfire", "port")), "philleconnect", configfile.get("ipfire", "password")) if sshConnection == False: return False if not sshConnection.put("/tmp/customhosts", "/var/ipfire/fwhosts/customhosts"): return False if not sshConnection.put("/tmp/customgroups", "/var/ipfire/fwhosts/customgroups"): return False if not sshConnection.exec("/usr/local/bin/firewallctrl"): return False sshConnection.close() return True
def __init__(self): self.config = cf.configfile() ldapServer = Server(self.config.get("ldap", "url")) self.connection = Connection(ldapServer, self.config.get("ldap", "admindn") + "," + self.config.get("ldap", "basedn"), self.config.get("ldap", "password"), auto_bind=True)
def __init__(self): config = cf.configfile() self.__db = mysql.connector.connect( host = config.get("database", "url"), user = config.get("database", "user"), passwd = config.get("database", "password"), database = config.get("database", "name") ) self.__cursor = self.__db.cursor(dictionary=True)
def ipfire(): if not es.isAuthorized("servmgmt"): return "ERR_ACCESS_DENIED", 403 config = cf.configfile() if request.method == "GET": data = { "url": config.get("ipfire", "url"), "port": config.get("ipfire", "port"), "password": config.get("ipfire", "password"), } return jsonify(data), 200 elif request.method == "PUT": config.set("ipfire", "url", request.form.get("url")) config.set("ipfire", "port", request.form.get("port")) config.set("ipfire", "password", request.form.get("password")) return "SUCCESS", 200
def setupIPFire(): if os.path.exists(config.CONFIG_IPFIRE_FILE): return "ERR_SETUP_ALREADY_DONE", 403 else: if request.form.get("jump") == None: if not request.form.get("setup") == None: try: sshConnection = ssh.ssh(request.form.get("url"), int(request.form.get("port")), "root", request.form.get("rootpassword")) if sshConnection == False: return "ERR_ROOT_PASSWORD_WRONG", 200 except ValueError: return "ERR_PORT_NOT_A_NUMBER", 400 if not sshConnection.exec("useradd philleconnect"): return "ERR_IPFIRE_SETUP_USERADD", 500 if not sshConnection.exec("echo philleconnect:" + request.form.get("password") + " | chpasswd"): return "ERR_IPFIRE_SETUP_SETPASS", 500 if not sshConnection.exec("chmod =4755 /usr/local/bin/firewallctrl"): return "ERR_IPFIRE_SETUP_PERMISSIONS", 500 if not sshConnection.exec("chmod =666 /var/ipfire/fwhosts/customhosts"): return "ERR_IPFIRE_SETUP_PERMISSIONS", 500 if not sshConnection.exec("chmod =666 /var/ipfire/fwhosts/customgroups"): return "ERR_IPFIRE_SETUP_PERMISSIONS", 500 if not sshConnection.exec("mkdir /home/philleconnect"): return "ERR_IPFIRE_SETUP_HOMEFOLDER", 500 if not sshConnection.exec("mkdir /home/philleconnect/.ssh"): return "ERR_IPFIRE_SETUP_SSHFILES", 500 if not sshConnection.exec("chown -R philleconnect /home/philleconnect/"): return "ERR_IPFIRE_SETUP_PERMISSIONS", 500 if not sshConnection.put(config.CONFIG_BASE + "/ipfire/config", "/var/ipfire/firewall/input"): return "ERR_IPFIRE_SETUP_RULES", 500 sshConnection.close() sshConnection = ssh.ssh(request.form.get("url"), int(request.form.get("port")), "philleconnect", request.form.get("password")) if sshConnection == False: return "ERR_SETUP_ERROR", 200 if not sshConnection.put(config.CONFIG_BASE + "/id_rsa.pub", "/home/philleconnect/.ssh/authorized_keys"): return "ERR_IPFIRE_SETUP_SSHKEY", 500 if not sshConnection.exec("/usr/local/bin/firewallctrl"): return "ERR_IPFIRE_SETUP_RELOAD", 500 sshConnection.close() configfile = cf.configfile() configfile.set("ipfire", "url", request.form.get("url")) configfile.set("ipfire", "port", request.form.get("port")) configfile.set("ipfire", "password", request.form.get("password")) open(config.CONFIG_IPFIRE_FILE, "a").close() return "SUCCESS", 200
def __init__(self): self.__config = cf.configfile()