x/cloudbase-init
Code Issues Proposed changes

Adds firewall rules support

Browse Source
This commit is contained in:
Alessandro Pilotti 2013-12-14 17:24:59 +02:00
parent 3646a1e942
commit f5210e3910
2 changed files with 49 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
cloudbaseinit/osutils/base.py
View File

@ -18,6 +18,9 @@ import base64
import os import os
import subprocess import subprocess
PROTOCOL_TCP = "TCP"
PROTOCOL_UDP = "UDP"
class BaseOSUtils(object): class BaseOSUtils(object):
def reboot(self): def reboot(self):
@ -93,3 +96,9 @@ class BaseOSUtils(object):
def get_volume_label(self, drive): def get_volume_label(self, drive):
pass pass
def firewall_create_rule(self, name, port, protocol, allow=True):
raise NotImplementedError()
def firewall_remove_rule(self, name, port, protocol, allow=True):
raise NotImplementedError()

40
cloudbaseinit/osutils/windows.py
View File

@ -24,6 +24,7 @@ import wmi
from ctypes import windll from ctypes import windll
from ctypes import wintypes from ctypes import wintypes
from win32com import client
from cloudbaseinit.openstack.common import log as logging from cloudbaseinit.openstack.common import log as logging
from cloudbaseinit.osutils import base from cloudbaseinit.osutils import base
@ -162,6 +163,11 @@ class WindowsUtils(base.BaseOSUtils):
_config_key = 'SOFTWARE\\Cloudbase Solutions\\Cloudbase-Init\\' _config_key = 'SOFTWARE\\Cloudbase Solutions\\Cloudbase-Init\\'
_service_name = 'cloudbase-init' _service_name = 'cloudbase-init'
_FW_IP_PROTOCOL_TCP = 6
_FW_IP_PROTOCOL_UDP = 17
_FW_SCOPE_ALL = 0
_FW_SCOPE_LOCAL_SUBNET = 1
def _enable_shutdown_privilege(self): def _enable_shutdown_privilege(self):
process = win32process.GetCurrentProcess() process = win32process.GetCurrentProcess()
token = win32security.OpenProcessToken( token = win32security.OpenProcessToken(
@ -570,3 +576,37 @@ class WindowsUtils(base.BaseOSUtils):
drives = self._get_logical_drives() drives = self._get_logical_drives()
return [d for d in drives if kernel32.GetDriveTypeW(d) == return [d for d in drives if kernel32.GetDriveTypeW(d) ==
self.DRIVE_CDROM] self.DRIVE_CDROM]
def _get_fw_protocol(self, protocol):
if protocol == base.PROTOCOL_TCP:
fw_protocol = self._FW_IP_PROTOCOL_TCP
elif protocol == base.PROTOCOL_UDP:
fw_protocol = self._FW_IP_PROTOCOL_UDP
else:
raise NotImplementedError("Unsupported protocol")
return fw_protocol
def firewall_create_rule(self, name, port, protocol, allow=True):
if not allow:
raise NotImplementedError()
fw_port = client.Dispatch("HNetCfg.FWOpenPort")
fw_port.Name = name
fw_port.Protocol = self._get_fw_protocol(protocol)
fw_port.Port = port
fw_port.Scope = self._FW_SCOPE_ALL
fw_port.Enabled = True
fw_mgr = client.Dispatch("HNetCfg.FwMgr")
fw_profile = fw_mgr.LocalPolicy.CurrentProfile
fw_profile = fw_profile.GloballyOpenPorts.Add(fw_port)
def firewall_remove_rule(self, name, port, protocol, allow=True):
if not allow:
raise NotImplementedError()
fw_mgr = client.Dispatch("HNetCfg.FwMgr")
fw_profile = fw_mgr.LocalPolicy.CurrentProfile
fw_protocol = self._get_fw_protocol(protocol)
fw_profile = fw_profile.GloballyOpenPorts.Remove(port, fw_protocol)