414 lines
13 KiB
Python
Executable File
414 lines
13 KiB
Python
Executable File
#!/usr/bin/python3
|
|
|
|
import configparser
|
|
import copy
|
|
import json
|
|
import os
|
|
import smtplib
|
|
import subprocess
|
|
import sys
|
|
import time
|
|
from email.message import EmailMessage
|
|
from pprint import pprint
|
|
|
|
rundir=os.path.realpath(os.path.dirname(sys.argv[0]))
|
|
os.chdir(rundir)
|
|
|
|
sys.path.append(os.path.join(rundir,'sysbus/src'))
|
|
from sysbus import sysbus
|
|
from ovh import ovh
|
|
|
|
|
|
def load_conf():
|
|
global zone_filename, log_filename
|
|
global wan_hostname, zone_domain, zone_subdomain, zone_timeout
|
|
global hosts_list, nat_list, pinhole_list
|
|
global mail_from, mail_to, mail_ignore_list
|
|
|
|
conf = configparser.ConfigParser(allow_no_value=True)
|
|
conf.read('home.conf')
|
|
|
|
zone_filename = conf['Files']['zonefile']
|
|
log_filename = conf['Files']['logfile']
|
|
|
|
wan_hostname = conf['Wan']['hostname'].lower()
|
|
zone_domain = conf['Zone']['domain'].lower()
|
|
zone_subdomain = conf['Zone']['subdomain'].lower()
|
|
mail_from = conf['Mail']['from']
|
|
mail_to = conf['Mail']['to']
|
|
mail_ignore_list = [ host.lower() for host in conf['MailIgnore'] ]
|
|
mail_ignore_list = [ '.'.join([h, zone_subdomain]) if not h.endswith('.'+zone_subdomain) else h for h in mail_ignore_list ]
|
|
|
|
hosts_list = [ host.lower() for host in conf['Hosts'] ]
|
|
|
|
nat_list = {}
|
|
for e in conf.items('PortsNat'):
|
|
if e[1]:
|
|
nat_list[e[0]] = e[1].split(',')
|
|
else:
|
|
nat_list[e[0]] = []
|
|
|
|
pinhole_list = {}
|
|
for e in conf.items('Firewall'):
|
|
if e[1]:
|
|
pinhole_list[e[0]] = e[1].split(',')
|
|
else:
|
|
pinhole_list[e[0]] = []
|
|
zone_timeout = conf['Zone']['keep']
|
|
if zone_timeout[-1] == 's':
|
|
zone_timeout = int(zone_timeout[:-1])
|
|
elif zone_timeout[-1] == 'm':
|
|
zone_timeout = int(zone_timeout[:-1]) * 60
|
|
elif zone_timeout[-1] == 'h':
|
|
zone_timeout = int(zone_timeout[:-1]) * 3600
|
|
elif zone_timeout[-1] == 'd':
|
|
zone_timeout = int(zone_timeout[:-1]) * 86400
|
|
else:
|
|
zone_timeout = int(zone_timeout)
|
|
|
|
|
|
def ping(hostname):
|
|
cmd = "ping -4 -c1 -w3 %s" % hostname
|
|
ret = subprocess.run(cmd.split(), stdout=subprocess.PIPE, stderr=subprocess.PIPE)
|
|
return 0 if ret.returncode else 1
|
|
|
|
|
|
def get_hosts():
|
|
r = sysbus.requete('Devices:get', silent=True)
|
|
hosts = { 'A': {}, 'AAAA': {} }
|
|
if not r:
|
|
return hosts
|
|
|
|
for h in r['status']:
|
|
ns = {}
|
|
for n in h['Names']:
|
|
ns[n['Source']] = n['Name']
|
|
hostname = h['Name']
|
|
hostname = ns.get('mdns', hostname)
|
|
hostname = ns.get('dhcp', hostname)
|
|
hostname = ns.get('webui', hostname)
|
|
hostname = hostname.lower()
|
|
for a in h.get('IPv6Address', []):
|
|
if a['Scope'] != 'global' or a['Status'] != 'reachable':
|
|
continue
|
|
if not hostname in hosts['AAAA']:
|
|
hosts['AAAA'][hostname] = []
|
|
hosts['AAAA'][hostname].append(a['Address'])
|
|
for a in h.get('IPv4Address', []):
|
|
if a['Scope'] != 'global' or a['Status'] != 'reachable':
|
|
continue
|
|
if not hostname in hosts['A']:
|
|
hosts['A'][hostname] = []
|
|
hosts['A'][hostname].append(a['Address'])
|
|
return hosts
|
|
|
|
|
|
def get_wan_addr():
|
|
r = sysbus.requete('NMC:getWANStatus', silent=True)
|
|
wan = dict()
|
|
if not r or not r.get('data') or not r['data'].get('IPAddress') or not r['data'].get('IPv6Address'):
|
|
log('get_wan_addr: {}'.format(r))
|
|
return None
|
|
wan['ipv4'] = r['data']['IPAddress']
|
|
wan['ipv6'] = r['data']['IPv6Address']
|
|
if wan['ipv4'] == '0.0.0.0':
|
|
wan['ipv4'] = ''
|
|
return wan
|
|
|
|
|
|
def full_name(host, domain):
|
|
host = host.replace('_', '-')
|
|
return '.'.join([host, domain])
|
|
|
|
|
|
def zone_add_entry(zone, prot, key, value, stamp):
|
|
#print('zone_add_entry: {} {} {} {}'.format(prot, key, value, stamp))
|
|
if not zone.get(prot):
|
|
zone[prot] = {}
|
|
if not zone[prot].get(key):
|
|
zone[prot][key] = {}
|
|
if not zone[prot][key].get(value):
|
|
zone[prot][key][value] = { 'first': stamp }
|
|
zone[prot][key][value]['last'] = stamp
|
|
|
|
|
|
def populate_zone(zone, wan_hostname, wan_addr, hosts, hosts_list, hosts_nat, pinhole_list, domain, stamp):
|
|
wan_hostname = full_name(wan_hostname, domain)
|
|
|
|
if not zone.get('A'):
|
|
zone['A'] = {}
|
|
if not zone.get('AAAA'):
|
|
zone['AAAA'] = {}
|
|
|
|
if wan_addr['ipv4'] != '':
|
|
zone_add_entry(zone, 'A', wan_hostname, wan_addr['ipv4'], stamp)
|
|
for host in hosts_nat:
|
|
if hosts['A'].get(host):
|
|
zone_add_entry(zone, 'A', full_name(host, domain), wan_addr['ipv4'], stamp)
|
|
# we can only add PortNat entry for on Address,
|
|
# so let's arbitrarely take the 1st one
|
|
for port in hosts_nat[host]:
|
|
zone_add_entry(zone, 'nat', hosts['A'][host][0], port, stamp)
|
|
|
|
if wan_addr['ipv6'] != '':
|
|
zone_add_entry(zone, 'AAAA', wan_hostname, wan_addr['ipv6'], stamp)
|
|
for host in hosts_list:
|
|
for addr in hosts['AAAA'].get(host, []):
|
|
zone_add_entry(zone, 'AAAA', full_name(host, domain), addr, stamp)
|
|
for port in pinhole_list.get(host, []):
|
|
zone_add_entry(zone, 'pin', addr, port, stamp)
|
|
|
|
|
|
|
|
def process_zone(zone, stamp, grace_period, sync_zone):
|
|
update = { 'add': [], 'delete': [] }
|
|
for prot in zone:
|
|
for name in zone[prot]:
|
|
active = False
|
|
for addr in zone[prot][name]:
|
|
e = zone[prot][name][addr]
|
|
if e['first'] == stamp:
|
|
update['add'].append([prot, name, addr])
|
|
if e['last'] == stamp:
|
|
active = True
|
|
for addr in zone[prot][name]:
|
|
e = zone[prot][name][addr]
|
|
if active and e['last'] < stamp:
|
|
update['delete'].append([prot, name, addr])
|
|
elif not active and stamp - e['last'] > grace_period:
|
|
update['delete'].append([prot, name, addr])
|
|
elif sync_zone:
|
|
update['add'].append([prot, name, addr])
|
|
|
|
if not update['add'] and not update['delete']:
|
|
update = None
|
|
return update
|
|
|
|
|
|
def read_zone_list(zone_filename):
|
|
try:
|
|
with open(zone_filename) as jsonfile:
|
|
zone = json.load(jsonfile)
|
|
return zone
|
|
except FileNotFoundError:
|
|
return {}
|
|
|
|
|
|
def write_zone_list(zone_filename, zone, update):
|
|
zone = copy.deepcopy(zone)
|
|
if update:
|
|
for prot, name, addr in update['delete']:
|
|
del zone[prot][name][addr]
|
|
if not zone[prot][name]:
|
|
del zone[prot][name]
|
|
with open(zone_filename, 'w') as jsonfile:
|
|
json.dump(zone, jsonfile, indent=2, sort_keys=True)
|
|
|
|
|
|
def log(msg):
|
|
stamp = time.strftime("%Y-%m-%d %H:%M:%S")
|
|
if sys.stdout.isatty():
|
|
for line in msg.split('\n'):
|
|
print("%s - %s" % (stamp, msg))
|
|
else:
|
|
with open(log_filename, 'a') as logfile:
|
|
for line in msg.split('\n'):
|
|
logfile.write("%s - %s\n" % (stamp, msg))
|
|
|
|
|
|
def log_update_zone(update):
|
|
op_str = { 'add': '', 'delete': '[DEL]' }
|
|
|
|
for op in update:
|
|
for prot, name, addr in update[op]:
|
|
op = op_str.get(op, op)
|
|
log('%5s %-20s %-6s %s' % (op, name, prot, addr))
|
|
|
|
|
|
def ovh_update_zone(domain, zone, update, sync_zone):
|
|
try:
|
|
client = ovh.Client()
|
|
|
|
if sync_zone:
|
|
for prot in ['A', 'AAAA']:
|
|
for name in zone.get(prot, []):
|
|
|
|
result = client.get('/domain/zone/{}/record'.format(domain),
|
|
fieldType=prot, subDomain=name)
|
|
for id in result:
|
|
log('OVH: delete entry #{} {} {}'.format(id, name, prot))
|
|
client.delete('/domain/zone/{}/record/{}'.format(domain, id))
|
|
|
|
for prot, name, addr in update['delete']:
|
|
if not prot in ['A', 'AAAA']:
|
|
continue
|
|
result = client.get('/domain/zone/%s/record' % domain,
|
|
fieldType=prot,
|
|
subDomain=name)
|
|
for id in result:
|
|
r = client.get('/domain/zone/%s/record/%d' % (domain, id))
|
|
if r['fieldType'] == prot and r['target'] == addr:
|
|
log("OVH: delete entry for %s %s %s (#%s)" % (name, prot, addr, id))
|
|
client.delete('/domain/zone/%s/record/%d' % (domain, id))
|
|
|
|
for prot, name, addr in update['add']:
|
|
if not prot in ['A', 'AAAA']:
|
|
continue
|
|
log("OVH: create entry for %s %s %s" % (name, prot, addr))
|
|
client.post('/domain/zone/%s/record' % domain,
|
|
fieldType=prot,
|
|
subDomain=name,
|
|
target=addr,
|
|
ttl=60)
|
|
|
|
log("OVH: Refresh zone %s" % domain)
|
|
client.post('/domain/zone/%s/refresh' % domain)
|
|
return True
|
|
except:
|
|
log('OVH update error\n')
|
|
return False
|
|
|
|
|
|
def livebox_rule_id(words):
|
|
id='dyndomain_{}'.format('_'.join(words))
|
|
id = id.replace('.', '_')
|
|
return id
|
|
|
|
|
|
def livebox_delete_port_nat(port, addr):
|
|
log('livebox: delete PortNat {} to {}'.format(port, addr))
|
|
id = livebox_rule_id([port])
|
|
r = sysbus.requete('Firewall:deletePortForwarding', { 'id': id, 'origin': 'webui' }, silent=True)
|
|
|
|
def livebox_delete_pinhole(port, addr):
|
|
log('livebox: delete pinhole {} to {}'.format(port, addr))
|
|
id = livebox_rule_id([port, addr])
|
|
r = sysbus.requete('Firewall:deletePinhole', { 'id': id, 'origin': 'webui' }, silent=True)
|
|
|
|
def livebox_add_port_nat(port, addr):
|
|
log('livebox: add PortNat {} to {}'.format(port, addr))
|
|
id = livebox_rule_id([port])
|
|
a = {
|
|
'id': id,
|
|
'origin': 'webui',
|
|
'sourceInterface': 'data',
|
|
'destinationIPAddress': addr,
|
|
'protocol': '6,17',
|
|
'internalPort': port,
|
|
'enable': True,
|
|
}
|
|
r = sysbus.requete('Firewall:setPortForwarding', a, silent=True)
|
|
|
|
def livebox_add_pinhole(port, addr):
|
|
log('livebox: add pinhole {} to {}'.format(port, addr))
|
|
id = livebox_rule_id([port, addr])
|
|
a = {
|
|
'id': id,
|
|
'origin': 'webui',
|
|
'sourceInterface': 'data',
|
|
'destinationPort': port,
|
|
'destinationIPAddress': addr,
|
|
'protocol': '6,17',
|
|
'ipversion': '6',
|
|
'enable': True,
|
|
}
|
|
r = sysbus.requete('Firewall:setPinhole', a, silent=True)
|
|
|
|
def livebox_update_fw(zone, update, sync_zone):
|
|
for prot, addr, port in update['delete']:
|
|
if prot == 'nat':
|
|
livebox_delete_port_nat(port, addr)
|
|
elif prot == 'pin':
|
|
livebox_delete_pinhole(port, addr)
|
|
for prot, addr, port in update['add']:
|
|
if prot == 'nat':
|
|
livebox_add_port_nat(port, addr)
|
|
elif prot == 'pin':
|
|
livebox_add_pinhole(port, addr)
|
|
|
|
|
|
|
|
def send_update_mail(mail_to, mail_from, zone_domain, update, mail_ignore_list, wan):
|
|
okmail=False
|
|
for op in update:
|
|
for prot,name,addr in update[op]:
|
|
if not name in mail_ignore_list:
|
|
okmail = True
|
|
break
|
|
|
|
if not okmail:
|
|
return
|
|
|
|
log('Send email to %s' % mail_to)
|
|
msg = EmailMessage()
|
|
|
|
msg['Subject'] = "Livebox update in %s" % zone_domain
|
|
msg['From'] = mail_from
|
|
msg['To' ] = mail_to
|
|
|
|
txt = "Livebox update\n\n"
|
|
|
|
|
|
if updated['add']:
|
|
txt = txt + "\nUpdated entries:\n"
|
|
for prot,name,addr in update['add']:
|
|
txt = txt + " %-20s %-4s %s\n" % (name,prot,addr)
|
|
|
|
if update['delete']:
|
|
txt = txt + "\nRemoved entries:\n"
|
|
for prot,name,addr in update['delete']:
|
|
txt = txt + " %-20s %-4s %s\n" % (name,prot,addr)
|
|
|
|
txt = txt + '\n'
|
|
txt = txt + "WAN IPv4 : %s\n" % wan['ipv4']
|
|
txt = txt + "WAN IPv6 : %s\n" % wan['ipv6']
|
|
|
|
msg.set_content(txt)
|
|
|
|
s = smtplib.SMTP('localhost')
|
|
s.send_message(msg)
|
|
s.quit()
|
|
|
|
|
|
load_conf()
|
|
|
|
if not ping(wan_hostname):
|
|
log("%s is down" % wan_hostname)
|
|
sys.exit(0)
|
|
|
|
sysbus.load_conf()
|
|
try:
|
|
r = sysbus.auth(False)
|
|
if not r:
|
|
log('Error: cannot authenticate on livebox')
|
|
sys.exit(1)
|
|
except Exception as e:
|
|
log('Error: %s'.format(e))
|
|
sys.exit(1)
|
|
|
|
hosts = get_hosts()
|
|
wan = get_wan_addr()
|
|
if not wan:
|
|
sys.exit(0)
|
|
|
|
zone = read_zone_list(zone_filename)
|
|
sync_zone = False
|
|
if not zone:
|
|
sync_zone = True
|
|
|
|
stamp = int(time.time())
|
|
populate_zone(zone, wan_hostname, wan, hosts, hosts_list, nat_list, pinhole_list, zone_subdomain, stamp)
|
|
update = process_zone(zone, stamp, zone_timeout, sync_zone)
|
|
if update:
|
|
log_update_zone(update)
|
|
|
|
success = ovh_update_zone(zone_domain, zone, update, sync_zone)
|
|
livebox_update_fw(zone, update, sync_zone)
|
|
if success:
|
|
try:
|
|
send_update_mail(mail_to, mail_from, zone_domain, update, mail_ignore_list, wan)
|
|
except:
|
|
pass
|
|
|
|
write_zone_list(zone_filename, zone, update)
|