Lines 22-27
refresh_pattern . 0 20% 4320
|
Link Here
|
---|
|
22 |
|
22 |
|
23 |
@!@ |
23 |
@!@ |
24 |
import ipaddr |
24 |
import ipaddr |
|
|
25 |
from univention.config_registry.interfaces import Interfaces |
25 |
|
26 |
|
26 |
# globales |
27 |
# globales |
27 |
myNetworks = {} |
28 |
myNetworks = {} |
|
31 |
authenticationGroups = False |
32 |
authenticationGroups = False |
32 |
|
33 |
|
33 |
# get local networks |
34 |
# get local networks |
34 |
for key,value in configRegistry.items(): |
35 |
for _name, iface in Interfaces(configRegistry).ipv4_interfaces: |
35 |
if key.startswith('interfaces/eth'): |
36 |
addr = iface.ipv4_address() |
36 |
interface = key.split("/")[1] |
37 |
myNetworks['%s' % addr.network] = '%s' % addr.netmask |
37 |
network = configRegistry.get('interfaces/%s/network' % interface, "") |
|
|
38 |
netmask = configRegistry.get('interfaces/%s/netmask' % interface, "") |
39 |
address = configRegistry.get('interfaces/%s/address' % interface, "") |
40 |
if network and netmask and address: |
41 |
myNetworks[network] = netmask |
42 |
|
38 |
|
43 |
for network in myNetworks: |
39 |
for network in myNetworks: |
44 |
allowFrom.append((network, myNetworks[network])) |
40 |
allowFrom.append((network, myNetworks[network])) |
Lines 59-65
for entry in configRegistry.get("squid/allowfrom", "").split(" "):
|
Link Here
|
---|
|
59 |
print "# debug options" |
55 |
print "# debug options" |
60 |
if configRegistry['squid/debug/level']: |
56 |
if configRegistry['squid/debug/level']: |
61 |
print "debug_options %s" % ( configRegistry.get('squid/debug/level')) |
57 |
print "debug_options %s" % ( configRegistry.get('squid/debug/level')) |
62 |
print |
58 |
print |
63 |
|
59 |
|
64 |
if configRegistry.is_false('squid/cache'): |
60 |
if configRegistry.is_false('squid/cache'): |
65 |
print "cache deny all" |
61 |
print "cache deny all" |
|
151 |
print |
147 |
print |
152 |
|
148 |
|
153 |
print "# network acl's" |
149 |
print "# network acl's" |
154 |
count = 0 |
150 |
for count, (network, netmask) in enumerate(allowFrom): |
155 |
for network, netmask in allowFrom: |
|
|
156 |
netprefix = ipaddr.IPv4Network('%s/%s' % (network, netmask)).prefixlen |
151 |
netprefix = ipaddr.IPv4Network('%s/%s' % (network, netmask)).prefixlen |
157 |
print 'acl localnet%s src %s/%s' % (count, network, netprefix) |
152 |
print 'acl localnet%s src %s/%s' % (count, network, netprefix) |
158 |
count += 1 |
|
|
159 |
print |
153 |
print |
160 |
|
154 |
|
161 |
|
155 |
|
|
173 |
|
167 |
|
174 |
# local nets |
168 |
# local nets |
175 |
if configRegistry.is_true("squid/allow/localnet"): |
169 |
if configRegistry.is_true("squid/allow/localnet"): |
176 |
count = 0 |
|
|
177 |
print "# allow local networks (squid/allow/localnet)" |
170 |
print "# allow local networks (squid/allow/localnet)" |
178 |
print 'http_access allow localhost' |
171 |
print 'http_access allow localhost' |
179 |
for network in myNetworks.keys(): |
172 |
for count in xrange(len(myNetworks)): |
180 |
print 'http_access allow localnet%s' % count |
173 |
print 'http_access allow localnet%s' % count |
181 |
count += 1 |
|
|
182 |
print |
174 |
print |
183 |
# user authentication or |
175 |
# user authentication or |
184 |
if authentication: |
176 |
if authentication: |
|
197 |
if allowAll: |
189 |
if allowAll: |
198 |
print "http_access allow all" |
190 |
print "http_access allow all" |
199 |
else: |
191 |
else: |
200 |
count = 0 |
192 |
for count in xrange(len(allowFrom)): |
201 |
for network, netmask in allowFrom: |
|
|
202 |
print 'http_access allow localnet%s' % count |
193 |
print 'http_access allow localnet%s' % count |
203 |
count += 1 |
|
|
204 |
print |
194 |
print |
205 |
|
195 |
|
206 |
print "# deny the rest" |
196 |
print "# deny the rest" |
Lines 239-253
if configRegistry['squid/parent/host']:
|
Link Here
|
---|
|
239 |
directTo.append( ( entry.split('/')[0], entry.split('/')[1] ) ) |
229 |
directTo.append( ( entry.split('/')[0], entry.split('/')[1] ) ) |
240 |
except: |
230 |
except: |
241 |
print "# wrong entry in squid/parent/directnetworks: %s " % entry |
231 |
print "# wrong entry in squid/parent/directnetworks: %s " % entry |
242 |
|
232 |
|
243 |
count = 0 |
|
|
244 |
import ipaddr |
233 |
import ipaddr |
245 |
for network, netmask in directTo: |
234 |
for count, (network, netmask) in enumerate(directTo): |
246 |
prefix = ipaddr.IPv4Network('%s/%s' % (network, netmask)).prefixlen |
235 |
prefix = ipaddr.IPv4Network('%s/%s' % (network, netmask)).prefixlen |
247 |
print 'acl to_localnet%s dst %s/%s' % (count, network, prefix) |
236 |
print 'acl to_localnet%s dst %s/%s' % (count, network, prefix) |
248 |
count += 1 |
237 |
|
249 |
|
238 |
for rulenum in xrange(len(directTo)): |
250 |
for rulenum in range(0, count): |
|
|
251 |
print 'always_direct allow to_localnet%s' % rulenum |
239 |
print 'always_direct allow to_localnet%s' % rulenum |
252 |
|
240 |
|
253 |
print 'never_direct allow all' |
241 |
print 'never_direct allow all' |
Lines 255-259
if configRegistry['squid/parent/host']:
|
Link Here
|
---|
|
255 |
append_domain = configRegistry.get( 'squid/append_domain', '' ) |
243 |
append_domain = configRegistry.get( 'squid/append_domain', '' ) |
256 |
if append_domain != '': |
244 |
if append_domain != '': |
257 |
print 'append_domain', append_domain |
245 |
print 'append_domain', append_domain |
258 |
|
|
|
259 |
@!@ |
246 |
@!@ |