Attachment #6528 for bug #37332

View | Details | Raw Unified | Return to bug 37332
Collapse All | Expand All





@!@
import ipaddr
from univention.config_registry.interfaces import Interfaces

# globales
myNetworks = {}

authenticationGroups = False

# get local networks
for _name, iface in Interfaces(configRegistry).ipv4_interfaces:
	addr = iface.ipv4_address()
	myNetworks['%s' % addr.network] = '%s' % addr.netmask
		network = configRegistry.get('interfaces/%s/network' % interface, "")
		netmask = configRegistry.get('interfaces/%s/netmask' % interface, "")
		address = configRegistry.get('interfaces/%s/address' % interface, "")
		if network and netmask and address:
			myNetworks[network] = netmask

for network in myNetworks:
	allowFrom.append((network, myNetworks[network]))

print "# debug options"
if configRegistry['squid/debug/level']:
	print "debug_options %s" % ( configRegistry.get('squid/debug/level'))
	print

if configRegistry.is_false('squid/cache'):
	print "cache deny all"

	print

print "# network acl's"
for count, (network, netmask) in enumerate(allowFrom):
for network, netmask in allowFrom:
	netprefix = ipaddr.IPv4Network('%s/%s' % (network, netmask)).prefixlen
	print 'acl localnet%s src %s/%s' % (count, network, netprefix)
	count += 1
print




# local nets
if configRegistry.is_true("squid/allow/localnet"):
	count = 0
	print "# allow local networks (squid/allow/localnet)"
	print 'http_access allow localhost'
	for count in xrange(len(myNetworks)):
		print 'http_access allow localnet%s' % count
		count += 1
	print
# user authentication or
if authentication:

		if allowAll:
			print "http_access allow all"
		else:
			for count in xrange(len(allowFrom)):
			for network, netmask in allowFrom:
				print 'http_access allow localnet%s' % count
				count += 1
	print

print "# deny the rest"

				directTo.append( ( entry.split('/')[0], entry.split('/')[1] ) )
			except:
				print "# wrong entry in squid/parent/directnetworks: %s " % entry

	count = 0
	import ipaddr
	for count, (network, netmask) in enumerate(directTo):
		prefix = ipaddr.IPv4Network('%s/%s' % (network, netmask)).prefixlen
		print 'acl to_localnet%s dst %s/%s' % (count, network, prefix)

	for rulenum in xrange(len(directTo)):
	for rulenum in range(0, count):
		print 'always_direct allow to_localnet%s' % rulenum

	print 'never_direct allow all'

append_domain = configRegistry.get( 'squid/append_domain', '' )
if append_domain != '':
	print 'append_domain', append_domain

@!@

Lines 1-3 Link Here

(-)a/branches/ucs-4.0/ucs-4.0-0/services/univention-squid/debian/changelog (-1 / +6 lines)
		1	univention-squid (8.0.2-2) unstable; urgency=low
		2
		3	* Bug #37332: Fix network detection
		4
		5	-- Philipp Hahn <hahn@univention.de> Mon, 15 Dec 2014 09:32:20 +0100
		6
1	univention-squid (8.0.2-1) unstable; urgency=medium	7	univention-squid (8.0.2-1) unstable; urgency=medium
2		8
3	* Bug #36780: fix squidguard config file path	9	* Bug #36780: fix squidguard config file path
4	-

Return to bug 37332

Lines 22-27 refresh_pattern . 0 20% 4320 Link Here

(-)a/branches/ucs-4.0/ucs-4.0-0/services/univention-squid/conffiles/etc/squid3/squid.conf (-25 / +12 lines)
22		22
23	@!@	23	@!@
24	import ipaddr	24	import ipaddr
		25	from univention.config_registry.interfaces import Interfaces
25		26
26	# globales	27	# globales
27	myNetworks = {}	28	myNetworks = {}
Lines 31-44 authentication = False Link Here
31	authenticationGroups = False	32	authenticationGroups = False
32		33
33	# get local networks	34	# get local networks
34	for key,value in configRegistry.items():	35	for _name, iface in Interfaces(configRegistry).ipv4_interfaces:
35	if key.startswith('interfaces/eth'):	36	addr = iface.ipv4_address()
36	interface = key.split("/")[1]	37	myNetworks['%s' % addr.network] = '%s' % addr.netmask
37	network = configRegistry.get('interfaces/%s/network' % interface, "")
38	netmask = configRegistry.get('interfaces/%s/netmask' % interface, "")
39	address = configRegistry.get('interfaces/%s/address' % interface, "")
40	if network and netmask and address:
41	myNetworks[network] = netmask
42		38
43	for network in myNetworks:	39	for network in myNetworks:
44	allowFrom.append((network, myNetworks[network]))	40	allowFrom.append((network, myNetworks[network]))
Lines 59-65 for entry in configRegistry.get("squid/allowfrom", "").split(" "): Link Here
59	print "# debug options"	55	print "# debug options"
60	if configRegistry['squid/debug/level']:	56	if configRegistry['squid/debug/level']:
61	print "debug_options %s" % ( configRegistry.get('squid/debug/level'))	57	print "debug_options %s" % ( configRegistry.get('squid/debug/level'))
62	print	58	print
63		59
64	if configRegistry.is_false('squid/cache'):	60	if configRegistry.is_false('squid/cache'):
65	print "cache deny all"	61	print "cache deny all"
Lines 151-161 if authentication: Link Here
151	print	147	print
152		148
153	print "# network acl's"	149	print "# network acl's"
154	count = 0	150	for count, (network, netmask) in enumerate(allowFrom):
155	for network, netmask in allowFrom:
156	netprefix = ipaddr.IPv4Network('%s/%s' % (network, netmask)).prefixlen	151	netprefix = ipaddr.IPv4Network('%s/%s' % (network, netmask)).prefixlen
157	print 'acl localnet%s src %s/%s' % (count, network, netprefix)	152	print 'acl localnet%s src %s/%s' % (count, network, netprefix)
158	count += 1
159	print	153	print
160		154
161		155
Lines 173-184 print Link Here
173		167
174	# local nets	168	# local nets
175	if configRegistry.is_true("squid/allow/localnet"):	169	if configRegistry.is_true("squid/allow/localnet"):
176	count = 0
177	print "# allow local networks (squid/allow/localnet)"	170	print "# allow local networks (squid/allow/localnet)"
178	print 'http_access allow localhost'	171	print 'http_access allow localhost'
179	for network in myNetworks.keys():	172	for count in xrange(len(myNetworks)):
180	print 'http_access allow localnet%s' % count	173	print 'http_access allow localnet%s' % count
181	count += 1
182	print	174	print
183	# user authentication or	175	# user authentication or
184	if authentication:	176	if authentication:
Lines 197-206 else: Link Here
197	if allowAll:	189	if allowAll:
198	print "http_access allow all"	190	print "http_access allow all"
199	else:	191	else:
200	count = 0	192	for count in xrange(len(allowFrom)):
201	for network, netmask in allowFrom:
202	print 'http_access allow localnet%s' % count	193	print 'http_access allow localnet%s' % count
203	count += 1
204	print	194	print
205		195
206	print "# deny the rest"	196	print "# deny the rest"
Lines 239-253 if configRegistry['squid/parent/host']: Link Here
239	directTo.append( ( entry.split('/')[0], entry.split('/')[1] ) )	229	directTo.append( ( entry.split('/')[0], entry.split('/')[1] ) )
240	except:	230	except:
241	print "# wrong entry in squid/parent/directnetworks: %s " % entry	231	print "# wrong entry in squid/parent/directnetworks: %s " % entry
242		232
243	count = 0
244	import ipaddr	233	import ipaddr
245	for network, netmask in directTo:	234	for count, (network, netmask) in enumerate(directTo):
246	prefix = ipaddr.IPv4Network('%s/%s' % (network, netmask)).prefixlen	235	prefix = ipaddr.IPv4Network('%s/%s' % (network, netmask)).prefixlen
247	print 'acl to_localnet%s dst %s/%s' % (count, network, prefix)	236	print 'acl to_localnet%s dst %s/%s' % (count, network, prefix)
248	count += 1	237
249		238	for rulenum in xrange(len(directTo)):
250	for rulenum in range(0, count):
251	print 'always_direct allow to_localnet%s' % rulenum	239	print 'always_direct allow to_localnet%s' % rulenum
252		240
253	print 'never_direct allow all'	241	print 'never_direct allow all'
Lines 255-259 if configRegistry['squid/parent/host']: Link Here
255	append_domain = configRegistry.get( 'squid/append_domain', '' )	243	append_domain = configRegistry.get( 'squid/append_domain', '' )
256	if append_domain != '':	244	if append_domain != '':
257	print 'append_domain', append_domain	245	print 'append_domain', append_domain
258
259	@!@	246	@!@