import configparser
import copy
import json
import os
import smtplib
import subprocess
import sys
import time
from email.message import EmailMessage
from pprint import pprint
from sysbus import sysbus
from ovh import ovh
def load_conf():
global zone_filename, log_filename
global wan_hostname, zone_domain, zone_subdomain, zone_timeout
global hosts_list, nat_list, pinhole_list
global mail_from, mail_to, mail_ignore_list
conf = configparser.ConfigParser(allow_no_value=True)
zone_filename = conf['Files']['zonefile']
log_filename = conf['Files']['logfile']
wan_hostname = conf['Wan']['hostname'].lower()
zone_domain = conf['Zone']['domain'].lower()
zone_subdomain = conf['Zone']['subdomain'].lower()
mail_from = conf['Mail']['from']
mail_to = conf['Mail']['to']
mail_ignore_list = [ host.lower() for host in conf['MailIgnore'] ]
mail_ignore_list = [ '.'.join([h, zone_subdomain]) if not h.endswith('.'+zone_subdomain) else h for h in mail_ignore_list ]
hosts_list = [ host.lower() for host in conf['Hosts'] ]
nat_list = {}
for e in conf.items('PortsNat'):
if e[1]:
nat_list[e[0]] = e[1].split(',')
nat_list[e[0]] = []
pinhole_list = {}
for e in conf.items('Firewall'):
if e[1]:
pinhole_list[e[0]] = e[1].split(',')
pinhole_list[e[0]] = []
zone_timeout = conf['Zone']['keep']
if zone_timeout[-1] == 's':
zone_timeout = int(zone_timeout[:-1])
elif zone_timeout[-1] == 'm':
zone_timeout = int(zone_timeout[:-1]) * 60
elif zone_timeout[-1] == 'h':
zone_timeout = int(zone_timeout[:-1]) * 3600
elif zone_timeout[-1] == 'd':
zone_timeout = int(zone_timeout[:-1]) * 86400
zone_timeout = int(zone_timeout)
def ping(hostname):
cmd = "ping -4 -c1 -w3 %s" % hostname
ret = subprocess.run(cmd.split(), stdout=subprocess.PIPE, stderr=subprocess.PIPE)
return 0 if ret.returncode else 1
def get_hosts():
r = sysbus.requete('Devices:get', silent=True)
hosts = { 'A': {}, 'AAAA': {} }
if not r:
return hosts
2019-10-05 23:01:08 +02:00
for h in r['status']:
ns = {}
for n in h['Names']:
ns[n['Source']] = n['Name']
hostname = h['Name']
hostname = ns.get('mdns', hostname)
hostname = ns.get('dhcp', hostname)
hostname = ns.get('webui', hostname)
hostname = hostname.lower()
for a in h.get('IPv6Address', []):
2019-10-05 23:01:08 +02:00
if a['Scope'] != 'global' or a['Status'] != 'reachable':
if not hostname in hosts['AAAA']:
hosts['AAAA'][hostname] = []
for a in h.get('IPv4Address', []):
if a['Scope'] != 'global' or a['Status'] != 'reachable':
if not hostname in hosts['A']:
hosts['A'][hostname] = []
return hosts
def get_wan_addr():
r = sysbus.requete('NMC:getWANStatus', silent=True)
2018-02-19 23:42:57 +01:00
wan = dict()
if not r or not r.get('data') or not r['data'].get('IPAddress') or not r['data'].get('IPv6Address'):
log('get_wan_addr: {}'.format(r))
return None
wan['ipv4'] = r['data']['IPAddress']
wan['ipv6'] = r['data']['IPv6Address']
2019-12-17 13:58:54 +01:00
if wan['ipv4'] == '':
wan['ipv4'] = ''
return wan
def full_name(host, domain):
host = host.replace('_', '-')
return '.'.join([host, domain])
2020-10-04 17:41:05 +02:00
def zone_add_entry(zone, prot, key, value, stamp):
#print('zone_add_entry: {} {} {} {}'.format(prot, key, value, stamp))
if not zone.get(prot):
zone[prot] = {}
2020-10-04 17:41:05 +02:00
if not zone[prot].get(key):
zone[prot][key] = {}
if not zone[prot][key].get(value):
zone[prot][key][value] = { 'first': stamp }
zone[prot][key][value]['last'] = stamp
2020-10-04 17:41:05 +02:00
def populate_zone(zone, wan_hostname, wan_addr, hosts, hosts_list, hosts_nat, pinhole_list, domain, stamp):
wan_hostname = full_name(wan_hostname, domain)
if not zone.get('A'):
zone['A'] = {}
if not zone.get('AAAA'):
zone['AAAA'] = {}
if wan_addr['ipv4'] != '':
zone_add_entry(zone, 'A', wan_hostname, wan_addr['ipv4'], stamp)
2018-02-19 23:42:57 +01:00
for host in hosts_nat:
if hosts['A'].get(host):
zone_add_entry(zone, 'A', full_name(host, domain), wan_addr['ipv4'], stamp)
2020-10-04 17:41:05 +02:00
# we can only add PortNat entry for on Address,
# so let's arbitrarely take the 1st one
for port in hosts_nat[host]:
zone_add_entry(zone, 'nat', hosts['A'][host][0], port, stamp)
if wan_addr['ipv6'] != '':
zone_add_entry(zone, 'AAAA', wan_hostname, wan_addr['ipv6'], stamp)
for host in hosts_list:
for addr in hosts['AAAA'].get(host, []):
zone_add_entry(zone, 'AAAA', full_name(host, domain), addr, stamp)
for port in pinhole_list.get(host, []):
zone_add_entry(zone, 'pin', addr, port, stamp)
update = { 'add': [], 'delete': [] }
for prot in zone:
for name in zone[prot]:
active = False
for addr in zone[prot][name]:
e = zone[prot][name][addr]
2020-10-08 11:24:43 +02:00
update['add'].append([prot, name, addr])
2020-10-08 11:24:43 +02:00
active = True
for addr in zone[prot][name]:
e = zone[prot][name][addr]
if active and e['last'] < stamp:
update['delete'].append([prot, name, addr])
2020-10-08 11:24:43 +02:00
update['delete'].append([prot, name, addr])
elif sync_zone:
update['add'].append([prot, name, addr])
if not update['add'] and not update['delete']:
update = None
return update
def read_zone_list(zone_filename):
with open(zone_filename) as jsonfile:
zone = json.load(jsonfile)
return zone
except FileNotFoundError:
return {}
def write_zone_list(zone_filename, zone, update):
zone = copy.deepcopy(zone)
if update:
for prot, name, addr in update['delete']:
del zone[prot][name][addr]
if not zone[prot][name]:
del zone[prot][name]
with open(zone_filename, 'w') as jsonfile:
json.dump(zone, jsonfile, indent=2, sort_keys=True)
def log(msg):
stamp = time.strftime("%Y-%m-%d %H:%M:%S")
if sys.stdout.isatty():
for line in msg.split('\n'):
print("%s - %s" % (stamp, msg))
with open(log_filename, 'a') as logfile:
for line in msg.split('\n'):
logfile.write("%s - %s\n" % (stamp, msg))
def log_update_zone(update):
op_str = { 'add': '', 'delete': '[DEL]' }
for op in update:
for prot, name, addr in update[op]:
op = op_str.get(op, op)
log('%5s %-20s %-6s %s' % (op, name, prot, addr))
def ovh_update_zone(domain, zone, update, sync_zone):
client = ovh.Client()
if sync_zone:
for prot in ['A', 'AAAA']:
for name in zone.get(prot, []):
result = client.get('/domain/zone/{}/record'.format(domain),
fieldType=prot, subDomain=name)
for id in result:
log('OVH: delete entry #{} {} {}'.format(id, name, prot))
client.delete('/domain/zone/{}/record/{}'.format(domain, id))
for prot, name, addr in update['delete']:
if not prot in ['A', 'AAAA']:
result = client.get('/domain/zone/%s/record' % domain,
2019-11-12 12:23:26 +01:00
for id in result:
r = client.get('/domain/zone/%s/record/%d' % (domain, id))
if r['fieldType'] == prot and r['target'] == addr:
log("OVH: delete entry for %s %s %s (#%s)" % (name, prot, addr, id))
client.delete('/domain/zone/%s/record/%d' % (domain, id))
for prot, name, addr in update['add']:
if not prot in ['A', 'AAAA']:
log("OVH: create entry for %s %s %s" % (name, prot, addr))
client.post('/domain/zone/%s/record' % domain,
2019-11-12 12:23:26 +01:00
log("OVH: Refresh zone %s" % domain)
client.post('/domain/zone/%s/refresh' % domain)
return True
log('OVH update error\n')
return False
def livebox_rule_id(words):
id = id.replace('.', '_')
return id
def livebox_delete_port_nat(port, addr):
log('livebox: delete PortNat {} to {}'.format(port, addr))
id = livebox_rule_id([port])
r = sysbus.requete('Firewall:deletePortForwarding', { 'id': id, 'origin': 'webui' }, silent=True)
def livebox_delete_pinhole(port, addr):
log('livebox: delete pinhole {} to {}'.format(port, addr))
2020-10-04 17:41:05 +02:00
id = livebox_rule_id([port, addr])
r = sysbus.requete('Firewall:deletePinhole', { 'id': id, 'origin': 'webui' }, silent=True)
def livebox_add_port_nat(port, addr):
log('livebox: add PortNat {} to {}'.format(port, addr))
id = livebox_rule_id([port])
a = {
'id': id,
'origin': 'webui',
'sourceInterface': 'data',
'destinationIPAddress': addr,
'protocol': '6,17',
'internalPort': port,
'enable': True,
r = sysbus.requete('Firewall:setPortForwarding', a, silent=True)
2020-10-04 17:41:05 +02:00
def livebox_add_pinhole(port, addr):
log('livebox: add pinhole {} to {}'.format(port, addr))
2020-10-04 17:41:05 +02:00
id = livebox_rule_id([port, addr])
a = {
'id': id,
'origin': 'webui',
'sourceInterface': 'data',
'destinationPort': port,
'destinationIPAddress': addr,
'protocol': '6,17',
'ipversion': '6',
'enable': True,
r = sysbus.requete('Firewall:setPinhole', a, silent=True)
def livebox_update_fw(zone, update, sync_zone):
for prot, addr, port in update['delete']:
if prot == 'nat':
livebox_delete_port_nat(port, addr)
elif prot == 'pin':
livebox_delete_pinhole(port, addr)
for prot, addr, port in update['add']:
if prot == 'nat':
livebox_add_port_nat(port, addr)
elif prot == 'pin':
livebox_add_pinhole(port, addr)
def send_update_mail(mail_to, mail_from, zone_domain, update, mail_ignore_list, wan):
for op in update:
for prot,name,addr in update[op]:
if not name in mail_ignore_list:
okmail = True
if not okmail:
log('Send email to %s' % mail_to)
msg = EmailMessage()
2019-10-05 23:03:38 +02:00
msg['Subject'] = "Livebox update in %s" % zone_domain
msg['From'] = mail_from
msg['To' ] = mail_to
txt = "Livebox update\n\n"
if updated['add']:
txt = txt + "\nUpdated entries:\n"
for prot,name,addr in update['add']:
txt = txt + " %-20s %-4s %s\n" % (name,prot,addr)
2019-10-05 23:03:38 +02:00
if update['delete']:
txt = txt + "\nRemoved entries:\n"
for prot,name,addr in update['delete']:
txt = txt + " %-20s %-4s %s\n" % (name,prot,addr)
txt = txt + '\n'
txt = txt + "WAN IPv4 : %s\n" % wan['ipv4']
txt = txt + "WAN IPv6 : %s\n" % wan['ipv6']
s = smtplib.SMTP('localhost')
if not ping(wan_hostname):
log("%s is down" % wan_hostname)
r = sysbus.auth(False)
if not r:
log('Error: cannot authenticate on livebox')
except Exception as e:
log('Error: %s'.format(e))
hosts = get_hosts()
wan = get_wan_addr()
if not wan:
zone = read_zone_list(zone_filename)
sync_zone = False
if not zone:
sync_zone = True
stamp = int(time.time())
populate_zone(zone, wan_hostname, wan, hosts, hosts_list, nat_list, pinhole_list, zone_subdomain, stamp)
update = process_zone(zone, stamp, zone_timeout, sync_zone)
if update:
success = ovh_update_zone(zone_domain, zone, update, sync_zone)
livebox_update_fw(zone, update, sync_zone)
if success:
send_update_mail(mail_to, mail_from, zone_domain, update, mail_ignore_list, wan)
write_zone_list(zone_filename, zone, update)