def service_rulesetOpen(self, context, filetype, name): """ Open a ruleset or a template (if is_template is True). """ filetype = getUnicode(filetype) name = getUnicode(name) checkRulesetName(name) client = self.getClient(context) logger = ContextLoggerChild(context, self) self.info(context, 'Open the ruleset "%s"' % name) data = yield self.core.callService(self.ufwi_ruleset_context, 'network', 'getNetconfig') netcfg = deserializeNetCfg(data) read_only = not any(context.hasRole(role) for role in RULESET_FORWARD_WRITE_ROLES) if EDENWALL \ and (not read_only) \ and (filetype == "template") \ and (self.core.getMultisiteType() == MULTISITE_SLAVE): read_only = True ruleset = Ruleset(self, logger, netcfg, read_only=read_only, client=client) result = ruleset.load(logger, filetype, name) if not read_only: self.core.lock_manager.acquire(context, LOCK_RULESET) self._saveRuleset(context, ruleset) returnValue(result)
def _applyUseNetCfg(self, netcfg_data, context): netcfg = deserializeNetCfg(netcfg_data) # FIXME: use LocalFW wrapper defer = self.core.callService(context, 'localfw', 'open', LOCALFW_FILENAME) defer.addCallback(self._clearRules, context) defer.addCallback(self._createRules, netcfg, context) defer.addCallback(self._applyLocalFW, context) defer.addBoth(self._closeLocalFW, context) return defer
def service_ufwi_confSync(self, context): """ Synchronize with ufwi_conf: create new interfaces and networks from the ufwi_conf (system) configuration. Keep removed interfaces and networks. """ ruleset = self.getRuleset(context) data = yield self.core.callService(self.ufwi_ruleset_context, 'network', 'getNetconfig') netcfg = deserializeNetCfg(data) result = yield ruleset.ufwi_confSync(self, netcfg) returnValue(result)
def service_getMissingLinks(self, context, filetype, name, links): """ Check if all generic links are defined for the specified ruleset/template "name". Return the list of generic links without physical value as a dictionary. If the dictionary is empty, all generic links are defined. """ name = getUnicode(name) logger = ContextLoggerChild(context, self) data = yield self.core.callService(self.ufwi_ruleset_context, 'network', 'getNetconfig') netcfg = deserializeNetCfg(data) result = getMissingLinks(self, logger, filetype, name, netcfg, links) returnValue(result)
def _updateNetworks(self, data): netcfg = deserializeNetCfg(data) networks = set((interface.system_name, network) for interface, network in netcfg.iterKnownNetworks()) networks |= set(self.access_cfg.custom_networks) open_networks = set((interface, network) for (interface, network) in networks if network not in CLOSED_NETWORKS) permissions = self.access_cfg.permissions for service in permissions: if permissions[service] == True: permissions[service] = open_networks else: # delete old networks permissions[service] &= networks
def service_rulesetUpload(self, context, filetype, filename, content): """ Upload a new ruleset or template: - filetype: "ruleset" or "template" - filename: input filename - content: file content encoded by encodeFileContent() Return the ruleset name. """ filetype = getUnicode(filetype) filename = getUnicode(filename) content = getUnicode(content) self.info(context, 'Upload a new %s: filename="%s"' % (filetype, filename)) logger = ContextLoggerChild(context, self) data = yield self.core.callService(self.ufwi_ruleset_context, 'network', 'getNetconfig') netcfg = deserializeNetCfg(data) result = rulesetUpload(self, logger, filetype, filename, content, netcfg) returnValue(result)
def service_rulesetCreate(self, context, filetype, base_template): """ Create a new ruleset based on a template. Use base_template='' to ignore the base template. """ self.info(context, 'Create a new ruleset') if EDENWALL: multisite_type = self.core.getMultisiteType() base_template = checkMultisiteTypeValue(multisite_type, filetype, base_template) client = self.getClient(context) logger = ContextLoggerChild(context, self) data = yield self.core.callService(self.ufwi_ruleset_context, 'network', 'getNetconfig') netcfg = deserializeNetCfg(data) ruleset = Ruleset(self, logger, netcfg, client=client) result = ruleset.create(logger, filetype, netcfg, base_template=base_template) if not ruleset.read_only: self.core.lock_manager.acquire(context, LOCK_RULESET) self._saveRuleset(context, ruleset) returnValue(result)
def _append_all_routes(self): """ When importing an old config without any manual pushed routes """ changed = False #fetch net config netconfig = self.core.config_manager.get('network') netcfg = deserializeNetCfg(netconfig) #fetch default routes and gateways default_routes = tuple(netcfg.iterRoutes(default_only=True)) #default_gateways: IPy.IP default_gateways = tuple(route.router for route in default_routes) #add everything into config for network in netcfg.iterNetworks(include_ha=False): if _includeNet(network, default_gateways): self.openvpn_cfg.manual_pushed_routes += (network.net, ) changed = True return changed
def deserialize(serialized_cfg, cls=NetCfgRW, parent=None): result = deserializeNetCfg(serialized_cfg, cls, parent=parent) ok, msg = result.isValidWithMsg() if not ok: raise NetCfgError(msg) return result
def getNetconfig(data, component, context, template_content, generic_links): netcfg = deserializeNetCfg(data) return deferToThread(_applyMultisiteThread, component, context, template_content, generic_links, netcfg)