Table Of Contents

  1. Docs
  2. Code Documentation
  3. hades.deputy package

hades.deputy package

Submodules

hades.deputy.client module

Provides the client-side API for the deputy daemon.

hades.deputy.client.signal_auth_dhcp_lease_release(client_ip: IPAddress, timeout: int = 1) None[source]

Signal the deputy to release a auth DHCP lease.

hades.deputy.client.signal_cleanup(timeout: int = 1) None[source]

Signal the deputy to perform a cleanup.

hades.deputy.client.signal_refresh(timeout: int = 1) None[source]

Signal the deputy to perform a refresh.

hades.deputy.client.signal_unauth_dhcp_lease_release(client_ip: IPAddress, timeout: int = 1) None[source]

Signal the deputy to release a auth DHCP lease.

hades.deputy.server module

Deputy daemon that provides a service via DBus for performing privileged operations.

Some operations, such as generating configuration files, sending signals to other processes etc. need certain privileges. The Deputy service runs as root and provides a very simple service over DBus.

class hades.deputy.server.HadesDeputyService(bus: Bus, config: Config)[source]

Bases: object

Deputy DBus service

This class implements a DBus service that exposes some privileged operations for use by the hades.agent or the periodic systemd timer services.

For security reasons, the service doesn't accept data from the DBus clients and always queries the database itself, so that this service can't be misused.

Cleanup() str[source]

Clean up old records in the radacct and radpostauth tables.

Refresh(force: bool) str[source]

Refresh the materialized views.

If necessary depended config files are regenerated and the corresponding services are reloaded.

The forced refresh is a little more aggressive in what it consolidates to achieve eventual consistency:

  • The host reservation file is regenerated regardless of whether the content of the auth_dhcp_host table has changed.

  • The radius config is regenerated regardless of whether the content of the nas table has changed.

  • The alternative DNS ipset is regenerated regardless of whether the content of the alternative_dns table has changed.

  • Instead of invalidating leases which were modified in the auth_dhcp_hosts reservation table, we invalidate every lease in auth_dhcp_leases which does not belong to a host reservation.

Parameters:

force -- Whether to use the forced refresh.

ReleaseAuthDhcpLease(client_ip: str) str[source]

Release an auth DHCP lease

Returns:

ReleaseUnauthDhcpLease(client_ip: str) str[source]

Release an auth DHCP lease

Returns:

dbus

DBus object introspection specification

hades.deputy.server.generate_auth_dhcp_hosts_file(hosts: Iterable[Tuple[EUI, IPAddress, Optional[str]]]) None[source]

Generate the dnsmasq hosts file for authenticated users.

This file is passed toh the dnsmasq via the --dhcp-hostsfile option. The lines are generated by generate_dhcp_host_reservations().

hades.deputy.server.generate_dhcp_host_reservations(hosts: Iterable[Tuple[EUI, IPAddress, Optional[str]]]) Iterable[str][source]

Generate lines suitable for dnsmasq's --dhcp-hostsfile= option.

Parameters:

hosts -- The MAC address-IP address pairs of the hosts

hades.deputy.server.generate_ipset_swap(ipset_name: str, tmp_ipset_name: str, ips: Iterable[IPAddress]) Iterable[str][source]

Generate an ipset script, that replaces an existing hash:ip ipset with new contents.

Parameters:

  • ipset_name -- The ipset to replace

  • tmp_ipset_name -- Name of the temporary ipset

  • ips -- The new contents of the ipset

hades.deputy.server.generate_radius_clients(clients: Iterable[Tuple[str, str, str, int, str, str, str, str]]) Iterable[str][source]

Generate the FreeRADIUS configuration for a given list of NAS clients in the clients.conf format.

Parameters:

clients -- An iterable of (Shortname, NAS-Name, NAS-Type, Port, Secret, Server, Community, Description)-tuples. Currently only shortname NAS-Name, NAS-Type and the Secret elements are used.

Returns:

configuration snippets for the given NAS clients

hades.deputy.server.generate_radius_clients_file(clients: Iterable[Tuple[str, str, str, int, str, str, str, str]]) None[source]

Generate a FreeRADIUS clients.conf file.

Parameters:

clients -- See generate_radius_clients() for a description

hades.deputy.server.reload_systemd_unit(bus: Bus, unit: str, timeout: int = 100) None[source]

Instruct systemd to reload a given unit.

Parameters:

  • bus -- A DBus Bus

  • unit -- The name of the systemd unit

  • timeout -- Timeout in milliseconds

hades.deputy.server.replace_file(path: Union[PathLike, str], content: Union[Iterable[bytes], bytes], *, encoding: None = None, owner: Optional[int] = None, group: Optional[int] = None, mode: Optional[int] = None) None[source]
hades.deputy.server.replace_file(path: Union[PathLike, str], content: Union[Iterable[str], str], *, encoding: str = None, owner: Optional[int] = None, group: Optional[int] = None, mode: Optional[int] = None) None

Atomically replace a file with the given content.

The directory of the file must exist and must be writeable. The content may either be a str or bytes object or an Iterable of such objects, in which case the content will be written via io.IO.writelines().

Parameters:

  • path -- Path to the file

  • content -- The new content of the file

  • encoding -- The encoding for str content

  • owner -- File owner

  • group -- File group

  • mode -- File mode

Raises:

OSError -- if file system operations fail

hades.deputy.server.restart_systemd_unit(bus: Bus, unit: str, timeout: int = 100) None[source]

Instruct systemd to restart a given unit.

Parameters:

  • bus -- A DBus Bus

  • unit -- The name of the systemd unit

  • timeout -- Timeout in milliseconds

hades.deputy.server.run_event_loop()[source]

Run the DBus HadesDeputyService on the GLib event loop.

hades.deputy.server.update_alternative_dns_ipset(ips: Iterable[IPAddress]) None[source]

Update the alternative DNS ipset with the new IP addresses

Parameters:

ips -- The new IP addresses

hades.deputy.dhcp module

class hades.deputy.dhcp.DHCPOption[source]

Bases: BigEndianStructure

length

Structure/Union member

tag

Structure/Union member

class hades.deputy.dhcp.DHCPPacket[source]

Bases: BigEndianStructure

RFC 2131 DHCP packet structure

chaddr

Structure/Union member

ciaddr

Structure/Union member

file

Structure/Union member

flags

Structure/Union member

giaddr

Structure/Union member

hlen

Structure/Union member

hops

Structure/Union member

htype

Structure/Union member

Structure/Union member

op

Structure/Union member

options

Structure/Union member

secs

Structure/Union member

siaddr

Structure/Union member

sname

Structure/Union member

xid

Structure/Union member

yiaddr

Structure/Union member

class hades.deputy.dhcp.in_pktinfo[source]

Bases: Structure

ipi_addr

Structure/Union member

ipi_ifindex

Structure/Union member

ipi_spec_dst

Structure/Union member

hades.deputy.dhcp.make_release_packet(server_ip: IPAddress, client_ip: IPAddress, client_mac: EUI, client_id: Optional[bytes] = None) bytearray[source]

Create a valid DHCPRELEASE packet for a given client IP address, client MAC address and server IP address.

Optionally a client identifier can be specified too. The DHCP packet will contain the message option with the contents b"Lease revoked administratively".

Parameters:

  • server_ip -- IP address of the DHCP server

  • client_ip -- IP address of the DHCP client

  • client_mac -- Ethernet MAC address of the DHCP client

  • client_id -- Client identifier of the DHCP client (optional)

Returns:

A DHCP packet

hades.deputy.dhcp.netns(ns: str) Iterator[None][source]
hades.deputy.dhcp.release_dhcp_lease(server_ip: IPAddress, client_ip: IPAddress, client_mac: EUI, client_id: Optional[bytes] = None, from_interface: Optional[str] = None, from_ip: Optional[IPAddress] = None, ns: Optional[str] = 'auth')[source]

Send a DHCPRELEASE packet to the given server_ip for lease of given client_ip and client_mac.

An optional client identifier may also be specified.

Parameters:

  • server_ip -- IP address of the DHCP server

  • client_ip -- IP address of the DHCP client

  • client_mac -- MAC address of the DHCP client

  • client_id -- Client identifier (optional)

  • from_interface -- Interface to send the packet from (optional)

  • from_ip -- IP address to send the packet from (optional)

  • ns -- the netns you want to enter before sending the packet

hades.deputy.dhcp.send_dhcp_packet(server_ip: IPAddress, packet: bytearray, from_interface: Optional[str] = None, from_ip: Optional[IPAddress] = None)[source]

Send a given DHCP packet as a DHCP client (port 68) to a DHCP server (port 67).

If no interface or IP address to send the packet from is specified, the operating system will choose one.

Parameters:

  • server_ip -- IP address of server.

  • packet -- DHCP packet

  • from_interface -- Interface to send the packet from (optional)

  • from_ip -- IP address to send the packet from (optional)

hades.config package
hades.portal package
© Copyright 2015-2020, Sebastian Schrader, Stefan Haller. Created using Sphinx.