From f5210e39107ef37bfd07400d100bba7da330dd19 Mon Sep 17 00:00:00 2001 From: Alessandro Pilotti Date: Sat, 14 Dec 2013 17:24:59 +0200 Subject: [PATCH] Adds firewall rules support --- cloudbaseinit/osutils/base.py | 9 +++++++ cloudbaseinit/osutils/windows.py | 40 ++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+) diff --git a/cloudbaseinit/osutils/base.py b/cloudbaseinit/osutils/base.py index 7c90e022..64517260 100644 --- a/cloudbaseinit/osutils/base.py +++ b/cloudbaseinit/osutils/base.py @@ -18,6 +18,9 @@ import base64 import os import subprocess +PROTOCOL_TCP = "TCP" +PROTOCOL_UDP = "UDP" + class BaseOSUtils(object): def reboot(self): @@ -93,3 +96,9 @@ class BaseOSUtils(object): def get_volume_label(self, drive): pass + + def firewall_create_rule(self, name, port, protocol, allow=True): + raise NotImplementedError() + + def firewall_remove_rule(self, name, port, protocol, allow=True): + raise NotImplementedError() diff --git a/cloudbaseinit/osutils/windows.py b/cloudbaseinit/osutils/windows.py index e2d194e4..5f9573ee 100644 --- a/cloudbaseinit/osutils/windows.py +++ b/cloudbaseinit/osutils/windows.py @@ -24,6 +24,7 @@ import wmi from ctypes import windll from ctypes import wintypes +from win32com import client from cloudbaseinit.openstack.common import log as logging from cloudbaseinit.osutils import base @@ -162,6 +163,11 @@ class WindowsUtils(base.BaseOSUtils): _config_key = 'SOFTWARE\\Cloudbase Solutions\\Cloudbase-Init\\' _service_name = 'cloudbase-init' + _FW_IP_PROTOCOL_TCP = 6 + _FW_IP_PROTOCOL_UDP = 17 + _FW_SCOPE_ALL = 0 + _FW_SCOPE_LOCAL_SUBNET = 1 + def _enable_shutdown_privilege(self): process = win32process.GetCurrentProcess() token = win32security.OpenProcessToken( @@ -570,3 +576,37 @@ class WindowsUtils(base.BaseOSUtils): drives = self._get_logical_drives() return [d for d in drives if kernel32.GetDriveTypeW(d) == self.DRIVE_CDROM] + + def _get_fw_protocol(self, protocol): + if protocol == base.PROTOCOL_TCP: + fw_protocol = self._FW_IP_PROTOCOL_TCP + elif protocol == base.PROTOCOL_UDP: + fw_protocol = self._FW_IP_PROTOCOL_UDP + else: + raise NotImplementedError("Unsupported protocol") + return fw_protocol + + def firewall_create_rule(self, name, port, protocol, allow=True): + if not allow: + raise NotImplementedError() + + fw_port = client.Dispatch("HNetCfg.FWOpenPort") + fw_port.Name = name + fw_port.Protocol = self._get_fw_protocol(protocol) + fw_port.Port = port + fw_port.Scope = self._FW_SCOPE_ALL + fw_port.Enabled = True + + fw_mgr = client.Dispatch("HNetCfg.FwMgr") + fw_profile = fw_mgr.LocalPolicy.CurrentProfile + fw_profile = fw_profile.GloballyOpenPorts.Add(fw_port) + + def firewall_remove_rule(self, name, port, protocol, allow=True): + if not allow: + raise NotImplementedError() + + fw_mgr = client.Dispatch("HNetCfg.FwMgr") + fw_profile = fw_mgr.LocalPolicy.CurrentProfile + + fw_protocol = self._get_fw_protocol(protocol) + fw_profile = fw_profile.GloballyOpenPorts.Remove(port, fw_protocol)