def runner_starting(self): _log.debug("runner_starting()") # reset device status try: root = helpers.get_db_root() l2tp_status = root.setS(ns.l2tpDeviceStatus, rdf.Type(ns.L2tpDeviceStatus)) except: _log.exception("setting status root failed") self._ajax_helper.wake_status_change_waiters()
def _update_update_info(self, res): root = helpers.get_db_root() update = root.getS(ns_ui.updateInfo, rdf.Type(ns_ui.UpdateInfo)) # update changelog update.setS(ns_ui.changeLog, rdf.String, res["changeLog"]) # update latest known version t = versioninfo.get_changelog_info(changelog=res["changeLog"]) if len(t) < 1: # XXX: raise or just ignore with warning? raise Exception("changeLog information from server is empty, not updating changelog info") latest_version = t[0][0] # first entry is assumed to be latest helpers.parse_product_version(latest_version) # excepts if not valid update.setS(ns_ui.latestKnownVersion, rdf.String, latest_version)
def _check_update_on_next_reboot(): try: ui_root = helpers.get_ui_config() if ui_root.hasS(ns_ui.automaticUpdates) and ui_root.getS(ns_ui.automaticUpdates, rdf.Boolean): # XXX: duplication update_info = helpers.get_db_root().getS(ns_ui.updateInfo, rdf.Type(ns_ui.UpdateInfo)) latest = update_info.getS(ns_ui.latestKnownVersion, rdf.String) current = helpers.get_product_version() if (latest != '') and (helpers.compare_product_versions(latest, current) > 0): return True else: return False else: return False except: # default, assume False _log.exception('cannot determine whether product update happens on next reboot') return False
def _check_update_on_next_reboot(): try: ui_root = helpers.get_ui_config() if ui_root.hasS(ns_ui.automaticUpdates) and ui_root.getS( ns_ui.automaticUpdates, rdf.Boolean): # XXX: duplication update_info = helpers.get_db_root().getS( ns_ui.updateInfo, rdf.Type(ns_ui.UpdateInfo)) latest = update_info.getS(ns_ui.latestKnownVersion, rdf.String) current = helpers.get_product_version() if (latest != '') and (helpers.compare_product_versions( latest, current) > 0): return True else: return False else: return False except: # default, assume False _log.exception( 'cannot determine whether product update happens on next reboot') return False
def start_client_connection(self, identifier, myip, gwip, username, password): l2tp_cfg = helpers.get_db_root().getS(ns.l2tpDeviceConfig, rdf.Type(ns.L2tpDeviceConfig)) ppp_cfg = l2tp_cfg.getS(ns.pppConfig, rdf.Type(ns.PppConfig)) debug = helpers.get_debug(l2tp_cfg) def _run_config(config, failmsg, successmsg): rv, out, err = 1, '', '' lock = helpers.acquire_openl2tpconfig_lock() if lock is None: raise Exception('failed to acquire openl2tp config lock') try: [rv, out, err] = run_command([constants.CMD_OPENL2TPCONFIG], stdin=str(config)) except: pass helpers.release_openl2tpconfig_lock(lock) if rv != 0: self._log.error('%s: %s, %s, %s' % (str(failmsg), str(rv), str(out), str(err))) raise Exception(str(failmsg)) else: self._log.debug('%s: %s, %s, %s' % (str(successmsg), str(rv), str(out), str(err))) return rv, out, err our_port = 1702 # NB: yes, 1702; we differentiate client and site-to-site connections based on local port peer_port = 1701 ppp_profile_name = 'ppp-prof-%s' % identifier tunnel_profile_name = 'tunnel-prof-%s' % identifier session_profile_name = 'session-prof-%s' % identifier peer_profile_name = 'peer-prof-%s' % identifier tunnel_name = 'tunnel-%s' % identifier session_name = 'session-%s' % identifier # we allow openl2tp to select these and "snoop" them from stdout tunnel_id = None session_id = None # ppp profile trace_flags = '0' if debug: trace_flags = '2047' config = 'ppp profile create profile_name=%s\n' % ppp_profile_name # XXX: take MRU and MTU like normal config? # XXX: should we have separate lcp echo etc settings for site-to-site? mtu = ppp_cfg.getS(ns.pppMtu, rdf.Integer) mru = mtu lcp_echo_interval = 0 lcp_echo_failure = 0 if ppp_cfg.hasS(ns.pppLcpEchoInterval): lcp_echo_interval = ppp_cfg.getS(ns.pppLcpEchoInterval, rdf.Timedelta).seconds lcp_echo_failure = ppp_cfg.getS(ns.pppLcpEchoFailure, rdf.Integer) for i in [ ['default_route', 'no'], ['multilink', 'no'], ['use_radius', 'no'], ['idle_timeout', '0'], # no limit ['mtu', str(mtu)], ['mru', str(mru)], ['lcp_echo_interval', str(lcp_echo_interval)], ['lcp_echo_failure_count', str(lcp_echo_failure)], ['max_connect_time', '0'], # no limit ['max_failure_count', '10'], ['trace_flags', trace_flags] ]: config += 'ppp profile modify profile_name=%s %s=%s\n' % (ppp_profile_name, i[0], i[1]) # Note: all auth options must be on one line config += 'ppp profile modify profile_name=%s req_none=yes auth_pap=yes auth_chap=yes auth_mschapv1=no auth_mschapv2=no auth_eap=no req_pap=no req_chap=no req_mschapv1=no req_mschapv2=no req_eap=no\n' % ppp_profile_name # no encryption config += 'ppp profile modify profile_name=%s mppe=no\n' % ppp_profile_name # Note: all compression options must be on one line # Request deflate or bsdcomp compression. config += 'ppp profile modify profile_name=%s comp_mppc=no comp_accomp=yes comp_pcomp=no comp_bsdcomp=no comp_deflate=yes comp_predictor=no comp_vj=no comp_ccomp_vj=no comp_ask_deflate=yes comp_ask_bsdcomp=no\n' % ppp_profile_name # tunnel profile config += 'tunnel profile create profile_name=%s\n' % tunnel_profile_name trace_flags = '0' if debug: trace_flags = '2047' # XXX: 1460 is hardcoded here, like in normal l2tp connections for i in [ ['our_udp_port', str(our_port)], ['peer_udp_port', str(peer_port)], ['mtu', '1460'], ['hello_timeout', '60'], ['retry_timeout', '3'], ['idle_timeout', '0'], ['rx_window_size', '4'], ['tx_window_size', '10'], ['max_retries', '5'], ['framing_caps', 'any'], ['bearer_caps', 'any'], ['trace_flags', trace_flags] ]: config += 'tunnel profile modify profile_name=%s %s=%s\n' % (tunnel_profile_name, i[0], i[1]) # session profile config += 'session profile create profile_name=%s\n' % session_profile_name trace_flags = '0' if debug: trace_flags = '2047' for i in [ ['sequencing_required', 'no'], ['use_sequence_numbers', 'no'], ['trace_flags', trace_flags] ]: config += 'session profile modify profile_name=%s %s=%s\n' % (session_profile_name, i[0], i[1]) # peer profile config += 'peer profile create profile_name=%s\n' % peer_profile_name # XXX: 'lac_lns', 'netmask' # 'peer_port' has no effect for some reason for i in [ ['peer_ipaddr', gwip.toString()], ['peer_port', str(peer_port)], # XXX: dup from above ['ppp_profile_name', ppp_profile_name], ['session_profile_name', session_profile_name], ['tunnel_profile_name', tunnel_profile_name] ]: config += 'peer profile modify profile_name=%s %s=%s\n' % (peer_profile_name, i[0], i[1]) config += '\nquit\n' # create profiles self._log.debug('openl2tp config:\n%s' % config) rv, stdout, stderr = _run_config(config, 'failed to create client-mode profiles', 'create client-mode profiles ok') # create tunnel - this triggers openl2tp # # NOTE: 'interface_name' would make life easier, but is not currently # supported by Openl2tp. # # XXX: 'persist', 'interface_name' config = 'tunnel create tunnel_name=%s' % tunnel_name # NB: all on one line here for i in [ ['src_ipaddr', myip.toString()], ['our_udp_port', str(our_port)], # XXX: dup from above ['peer_udp_port', str(peer_port)], # XXX: dup from above ['dest_ipaddr', gwip.toString()], ['peer_profile_name', peer_profile_name], ['profile_name', tunnel_profile_name], ['session_profile_name', session_profile_name], ['tunnel_name', tunnel_name], ### ['tunnel_id', tunnel_id], # XXX: for some reason can't be used, fetched below! ['use_udp_checksums', 'yes'] ]: # XXX: probably doesn't do anything now config += ' %s=%s' % (i[0], i[1]) config += '\nquit\n' # activate tunnel self._log.debug('openl2tp config for tunnel:\n%s' % config) rv, stdout, stderr = _run_config(config, 'failed to create client-mode tunnel', 'create client-mode tunnel ok') for l in stderr.split('\n'): m = _re_openl2tp_created_tunnel.match(l) if m is not None: if tunnel_id is not None: self._log.warning('second tunnel id (%s), old one was %s; ignoring' % (m.group(1), tunnel_id)) else: tunnel_id = m.group(1) self._log.debug('figured out tunnel id %s' % tunnel_id) if tunnel_id is None: raise Exception('could not figure tunnel id of new site-to-site tunnel (username %s) [rv: %s, out: %s, err: %s]' % (username, rv, stdout, stderr)) config = 'session create session_name=%s' % session_name for i in [ ['tunnel_name', tunnel_name], ['tunnel_id', tunnel_id], ### ['session_id', session_id], # XXX: for some reason can't be used, fetched below! ['profile_name', session_profile_name], ['ppp_profile_name', ppp_profile_name], ['user_name', username], ['user_password', password] ]: config += ' %s=%s' % (i[0], i[1]) config += '\nquit\n' # activate session self._log.debug('openl2tp config for session:\n%s' % config) rv, stdout, stderr = _run_config(config, 'failed to create client-mode session', 'create client-mode session ok') for l in stderr.split('\n'): m = _re_openl2tp_created_session.match(l) if m is not None: if session_id is not None: self._log.warning('second session id (%s), old one was %s; ignoring' % (m.group(2), session_id)) else: tun = m.group(1) if tun != tunnel_id: self._log.warning('tunnel id differs from earlier (earlier %s, found %s), ignoring' % (tunnel_id, tun)) else: session_id = m.group(2) self._log.debug('figured out session id %s' % session_id) if session_id is None: raise Exception('could not figure session id of new site-to-site tunnel (username %s) [rv: %s, out: %s, err: %s]' % (username, rv, stdout, stderr)) self._log.info('created new tunnel and session (%s/%s) for site-to-site client (username %s)' % (tunnel_id, session_id, username))