def create_config_pluto(self, cfg, resinfo, extra_psks=[]): def _psk_sanity_check(pskbin): for i in xrange( len(pskbin)): # basic sanity check - XXX: insufficient c = ord(pskbin[i]) if (c <= 0x20) or (c > 0x7e): raise Exception('PSK contains invalid character(s)') ipsec_cfg = cfg.getS(ns.ipsecConfig, rdf.Type(ns.IpsecConfig)) ike_lifetime = ipsec_cfg.getS(ns.ikeLifeTime, rdf.Timedelta).seconds ipsec_lifetime = ipsec_cfg.getS(ns.ipsecLifeTime, rdf.Timedelta).seconds self.debug_on = helpers.get_debug(cfg) self.debug_heavy = helpers.get_debug_heavy(cfg) self.ip = resinfo.public_interface.address.getAddress().toString() self.ike_lifetime = str(ike_lifetime) self.ipsec_lifetime = str(ipsec_lifetime) ownaddr = resinfo.public_interface.address.getAddress().toString() psks = ipsec_cfg.getS(ns.preSharedKeys, rdf.Seq(rdf.Type(ns.PreSharedKey))) # log unusual psk amounts (0, >1) if len(psks) == 0: self._log.warning('zero psks') elif len(psks) > 1: self._log.info('more than one psk (%s)' % len(psks)) else: self._log.debug('one psk, good') pskfile = '' def _encode_hex(s): r = '0x' for i in s: r += '%02x' % ord(i) return r # start with specific "extra_psks" for [addr, pskbin] in extra_psks: # XXX: no sanity check because using hex encoding # _psk_sanity_check(pskbin) pskfile += '%s : PSK %s\n' % (addr, _encode_hex(pskbin)) # end with generic psks for psk in psks: pskbin = psk.getS(ns.preSharedKey, rdf.Binary) # XXX: no sanity check because using hex encoding # _psk_sanity_check(pskbin) pskfile += ': PSK %s\n' % _encode_hex(pskbin) self.configs = [{ 'file': constants.PLUTO_CONF, 'cont': pskfile, 'mode': 0600 }]
def create_config_pluto(self, cfg, resinfo, extra_psks=[]): def _psk_sanity_check(pskbin): for i in xrange(len(pskbin)): # basic sanity check - XXX: insufficient c = ord(pskbin[i]) if (c <= 0x20) or (c > 0x7e): raise Exception('PSK contains invalid character(s)') ipsec_cfg = cfg.getS(ns.ipsecConfig, rdf.Type(ns.IpsecConfig)) ike_lifetime = ipsec_cfg.getS(ns.ikeLifeTime, rdf.Timedelta).seconds ipsec_lifetime = ipsec_cfg.getS(ns.ipsecLifeTime, rdf.Timedelta).seconds self.debug_on = helpers.get_debug(cfg) self.debug_heavy = helpers.get_debug_heavy(cfg) self.ip = resinfo.public_interface.address.getAddress().toString() self.ike_lifetime = str(ike_lifetime) self.ipsec_lifetime = str(ipsec_lifetime) ownaddr = resinfo.public_interface.address.getAddress().toString() psks = ipsec_cfg.getS(ns.preSharedKeys, rdf.Seq(rdf.Type(ns.PreSharedKey))) # log unusual psk amounts (0, >1) if len(psks) == 0: self._log.warning('zero psks') elif len(psks) > 1: self._log.info('more than one psk (%s)' % len(psks)) else: self._log.debug('one psk, good') pskfile = '' def _encode_hex(s): r = '0x' for i in s: r += '%02x' % ord(i) return r # start with specific "extra_psks" for [addr, pskbin] in extra_psks: # XXX: no sanity check because using hex encoding # _psk_sanity_check(pskbin) pskfile += '%s : PSK %s\n' % (addr, _encode_hex(pskbin)) # end with generic psks for psk in psks: pskbin = psk.getS(ns.preSharedKey, rdf.Binary) # XXX: no sanity check because using hex encoding # _psk_sanity_check(pskbin) pskfile += ': PSK %s\n' % _encode_hex(pskbin) self.configs = [{'file': constants.PLUTO_CONF, 'cont': pskfile, 'mode': 0600}]
def create_config(self, cfg, resinfo): snmp_cfg = cfg.getS(ns.snmpConfig, rdf.Type(ns.SnmpConfig)) snmp_community = snmp_cfg.getS(ns.snmpCommunity, rdf.String) snmp_syslocation = 'VPNease server' snmp_syscontact = 'None' vpnease_mib = constants.SNMP_MIB_MODULE_SO self.debug_on = helpers.get_debug(cfg) self.debug_heavy = helpers.get_debug_heavy(cfg) # XXX: set syslocation and syscontact more intelligently? snmpd_conf = textwrap.dedent( """\ # Minimal configuration example for VPNease snmpd com2sec readonly default %(community)s group rogroup v1 readonly group rogroup v2c readonly group rogroup usm readonly # incl/excl subtree mask view all included .1 80 # context sec.model sec.level match read write notif access rogroup "" any noauth exact all none none syslocation %(syslocation)s syscontact %(syscontact)s dlmod vpneaseMIB %(mibmodule)s """ % { 'community': snmp_community, 'syslocation': snmp_syslocation, 'syscontact': snmp_syscontact, 'mibmodule': vpnease_mib }) self.configs = [{ 'file': constants.SNMPD_CONF, 'cont': snmpd_conf, 'mode': 0600 }]
def create_config(self, cfg, resinfo): snmp_cfg = cfg.getS(ns.snmpConfig, rdf.Type(ns.SnmpConfig)) snmp_community = snmp_cfg.getS(ns.snmpCommunity, rdf.String) snmp_syslocation = "VPNease server" snmp_syscontact = "None" vpnease_mib = constants.SNMP_MIB_MODULE_SO self.debug_on = helpers.get_debug(cfg) self.debug_heavy = helpers.get_debug_heavy(cfg) # XXX: set syslocation and syscontact more intelligently? snmpd_conf = textwrap.dedent( """\ # Minimal configuration example for VPNease snmpd com2sec readonly default %(community)s group rogroup v1 readonly group rogroup v2c readonly group rogroup usm readonly # incl/excl subtree mask view all included .1 80 # context sec.model sec.level match read write notif access rogroup "" any noauth exact all none none syslocation %(syslocation)s syscontact %(syscontact)s dlmod vpneaseMIB %(mibmodule)s """ % { "community": snmp_community, "syslocation": snmp_syslocation, "syscontact": snmp_syscontact, "mibmodule": vpnease_mib, } ) self.configs = [{"file": constants.SNMPD_CONF, "cont": snmpd_conf, "mode": 0600}]