def change_net(network, netmask, ccd, fn_ips, ipv6):
if ipv6:
option = "ifconfig-ipv6-push"
appendix = "/" + network.split('/')[1] + "\n"
else:
option = "ifconfig-push"
appendix = " " + netmask + "\n"
ip_map_new = []
listener.setuid(0)
lo = ul.getMachineConnection()
users = lo.search('univentionOpenvpnAccount=1')
listener.unsetuid()
users = map(lambda user: user[1].get('uid', [None])[0], users)
for name in users:
ip_new = generate_ip(network, ip_map_new)
ip_map_new.append((name, ip_new))
# write entry in ccd
cc = univention_openvpn_common.load_rc(3, ccd + name + ".openvpn")
if cc is None:
cc = []
else:
cc = [x for x in cc if not re.search(option, x)]
cc.append(option + " " + ip_new + appendix)
univention_openvpn_common.write_rc(3, cc, ccd + name + ".openvpn")
univention_openvpn_common.write_ip_map(3, ip_map_new, fn_ips)
dodomC = '#'
else:
dodomC = ''
context = {
'hostname' : myname,
'dorouC' : dorouC,
'donamC' : donamC,
'dodomC' : dodomC,
'interfaces_eth0_network' : interfaces_eth0_network,
'interfaces_eth0_netmask' : interfaces_eth0_netmask,
'nameserver1' : nameserver1,
'dodom' : dodom
}
univention_openvpn_common.write_rc(3, config.format(**context), fn_serverconf)
portold = old.get('univentionOpenvpnPort', [None])[0]
portnew = new.get('univentionOpenvpnPort', [None])[0]
if portold is not portnew:
listener.setuid(0)
#ucr = ConfigRegistry()
#ucr.load()
if portold:
ucr.handler_unset(['security/packetfilter/package/univention-openvpn-server/udp/'+portold+'/all'])
if portnew and 'univentionOpenvpnActive' in new:
ucr.handler_set(['security/packetfilter/package/univention-openvpn-server/udp/'+portnew+'/all=ACCEPT'])
listener.unsetuid()
else:
dodomC = ''
context = {
'hostname' : myname,
'dorouC' : dorouC,
'donamC' : donamC,
'dodomC' : dodomC,
'interfaces_eth0_network' : interfaces_eth0_network,
'interfaces_eth0_netmask' : interfaces_eth0_netmask,
'nameserver1' : nameserver1,
'dodom' : dodom,
'fn_secret' : fn_secret
}
univention_openvpn_common.write_rc(5, config.format(**context), fn_sitetositeconf)
portold = old.get('univentionOpenvpnSitetoSitePort', [None])[0]
portnew = new.get('univentionOpenvpnSitetoSitePort', [None])[0]
if portold is not portnew:
listener.setuid(0)
#ucr.ConfigRegistry().load()
#ucr.load()
if portold:
ucr.handler_unset(['security/packetfilter/package/univention-openvpn-sitetosite/udp/'+portold+'/all'])
if portnew and 'univentionOpenvpnSitetoSiteActive' in new:
ucr.handler_set(['security/packetfilter/package/univention-openvpn-sitetosite/udp/'+portnew+'/all=ACCEPT'])
listener.unsetuid()
