|
Lines 22-27
refresh_pattern . 0 20% 4320
|
Link Here
|
|---|
|
|---|
| 22 |
|
22 |
|
| 23 |
@!@ |
23 |
@!@ |
| 24 |
import ipaddr |
24 |
import ipaddr |
|
|
25 |
from univention.config_registry.interfaces import Interfaces |
| 25 |
|
26 |
|
| 26 |
# globales |
27 |
# globales |
| 27 |
myNetworks = {} |
28 |
myNetworks = {} |
|
|
|---|
| 31 |
authenticationGroups = False |
32 |
authenticationGroups = False |
| 32 |
|
33 |
|
| 33 |
# get local networks |
34 |
# get local networks |
| 34 |
for key,value in configRegistry.items(): |
35 |
for _name, iface in Interfaces(configRegistry).ipv4_interfaces: |
| 35 |
if key.startswith('interfaces/eth'): |
36 |
addr = iface.ipv4_address() |
| 36 |
interface = key.split("/")[1] |
37 |
myNetworks['%s' % addr.network] = '%s' % addr.netmask |
| 37 |
network = configRegistry.get('interfaces/%s/network' % interface, "") |
|
|
| 38 |
netmask = configRegistry.get('interfaces/%s/netmask' % interface, "") |
| 39 |
address = configRegistry.get('interfaces/%s/address' % interface, "") |
| 40 |
if network and netmask and address: |
| 41 |
myNetworks[network] = netmask |
| 42 |
|
38 |
|
| 43 |
for network in myNetworks: |
39 |
for network in myNetworks: |
| 44 |
allowFrom.append((network, myNetworks[network])) |
40 |
allowFrom.append((network, myNetworks[network])) |
|
Lines 59-65
for entry in configRegistry.get("squid/allowfrom", "").split(" "):
|
Link Here
|
|---|
|
|---|
| 59 |
print "# debug options" |
55 |
print "# debug options" |
| 60 |
if configRegistry['squid/debug/level']: |
56 |
if configRegistry['squid/debug/level']: |
| 61 |
print "debug_options %s" % ( configRegistry.get('squid/debug/level')) |
57 |
print "debug_options %s" % ( configRegistry.get('squid/debug/level')) |
| 62 |
print |
58 |
print |
| 63 |
|
59 |
|
| 64 |
if configRegistry.is_false('squid/cache'): |
60 |
if configRegistry.is_false('squid/cache'): |
| 65 |
print "cache deny all" |
61 |
print "cache deny all" |
|
|
|---|
| 151 |
print |
147 |
print |
| 152 |
|
148 |
|
| 153 |
print "# network acl's" |
149 |
print "# network acl's" |
| 154 |
count = 0 |
150 |
for count, (network, netmask) in enumerate(allowFrom): |
| 155 |
for network, netmask in allowFrom: |
|
|
| 156 |
netprefix = ipaddr.IPv4Network('%s/%s' % (network, netmask)).prefixlen |
151 |
netprefix = ipaddr.IPv4Network('%s/%s' % (network, netmask)).prefixlen |
| 157 |
print 'acl localnet%s src %s/%s' % (count, network, netprefix) |
152 |
print 'acl localnet%s src %s/%s' % (count, network, netprefix) |
| 158 |
count += 1 |
|
|
| 159 |
print |
153 |
print |
| 160 |
|
154 |
|
| 161 |
|
155 |
|
|
|
|---|
| 173 |
|
167 |
|
| 174 |
# local nets |
168 |
# local nets |
| 175 |
if configRegistry.is_true("squid/allow/localnet"): |
169 |
if configRegistry.is_true("squid/allow/localnet"): |
| 176 |
count = 0 |
|
|
| 177 |
print "# allow local networks (squid/allow/localnet)" |
170 |
print "# allow local networks (squid/allow/localnet)" |
| 178 |
print 'http_access allow localhost' |
171 |
print 'http_access allow localhost' |
| 179 |
for network in myNetworks.keys(): |
172 |
for count in xrange(len(myNetworks)): |
| 180 |
print 'http_access allow localnet%s' % count |
173 |
print 'http_access allow localnet%s' % count |
| 181 |
count += 1 |
|
|
| 182 |
print |
174 |
print |
| 183 |
# user authentication or |
175 |
# user authentication or |
| 184 |
if authentication: |
176 |
if authentication: |
|
|
|---|
| 197 |
if allowAll: |
189 |
if allowAll: |
| 198 |
print "http_access allow all" |
190 |
print "http_access allow all" |
| 199 |
else: |
191 |
else: |
| 200 |
count = 0 |
192 |
for count in xrange(len(allowFrom)): |
| 201 |
for network, netmask in allowFrom: |
|
|
| 202 |
print 'http_access allow localnet%s' % count |
193 |
print 'http_access allow localnet%s' % count |
| 203 |
count += 1 |
|
|
| 204 |
print |
194 |
print |
| 205 |
|
195 |
|
| 206 |
print "# deny the rest" |
196 |
print "# deny the rest" |
|
Lines 239-253
if configRegistry['squid/parent/host']:
|
Link Here
|
|---|
|
|---|
| 239 |
directTo.append( ( entry.split('/')[0], entry.split('/')[1] ) ) |
229 |
directTo.append( ( entry.split('/')[0], entry.split('/')[1] ) ) |
| 240 |
except: |
230 |
except: |
| 241 |
print "# wrong entry in squid/parent/directnetworks: %s " % entry |
231 |
print "# wrong entry in squid/parent/directnetworks: %s " % entry |
| 242 |
|
232 |
|
| 243 |
count = 0 |
|
|
| 244 |
import ipaddr |
233 |
import ipaddr |
| 245 |
for network, netmask in directTo: |
234 |
for count, (network, netmask) in enumerate(directTo): |
| 246 |
prefix = ipaddr.IPv4Network('%s/%s' % (network, netmask)).prefixlen |
235 |
prefix = ipaddr.IPv4Network('%s/%s' % (network, netmask)).prefixlen |
| 247 |
print 'acl to_localnet%s dst %s/%s' % (count, network, prefix) |
236 |
print 'acl to_localnet%s dst %s/%s' % (count, network, prefix) |
| 248 |
count += 1 |
237 |
|
| 249 |
|
238 |
for rulenum in xrange(len(directTo)): |
| 250 |
for rulenum in range(0, count): |
|
|
| 251 |
print 'always_direct allow to_localnet%s' % rulenum |
239 |
print 'always_direct allow to_localnet%s' % rulenum |
| 252 |
|
240 |
|
| 253 |
print 'never_direct allow all' |
241 |
print 'never_direct allow all' |
|
Lines 255-259
if configRegistry['squid/parent/host']:
|
Link Here
|
|---|
|
|---|
| 255 |
append_domain = configRegistry.get( 'squid/append_domain', '' ) |
243 |
append_domain = configRegistry.get( 'squid/append_domain', '' ) |
| 256 |
if append_domain != '': |
244 |
if append_domain != '': |
| 257 |
print 'append_domain', append_domain |
245 |
print 'append_domain', append_domain |
| 258 |
|
|
|
| 259 |
@!@ |
246 |
@!@ |