[ipfire-2.x.git] / config / unbound / unbound-dhcp-leases-bridge

#!/usr/bin/python3
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2016  Michael Tremer                                          #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

import argparse
import datetime
import daemon
import filecmp
import functools
import ipaddress
import logging
import logging.handlers
import os
import re
import signal
import stat
import subprocess
import sys
import tempfile
import time

import inotify.adapters

LOCAL_TTL = 60

log = logging.getLogger("dhcp")
log.setLevel(logging.DEBUG)

def setup_logging(daemon=True, loglevel=logging.INFO):
	log.setLevel(loglevel)

	# Log to syslog by default
	handler = logging.handlers.SysLogHandler(address="/dev/log", facility="daemon")
	log.addHandler(handler)

	# Format everything
	formatter = logging.Formatter("%(name)s[%(process)d]: %(message)s")
	handler.setFormatter(formatter)

	handler.setLevel(loglevel)

	# If we are running in foreground, we should write everything to the console, too
	if not daemon:
		handler = logging.StreamHandler()
		log.addHandler(handler)

		handler.setLevel(loglevel)

	return log

def ip_address_to_reverse_pointer(address):
	parts = address.split(".")
	parts.reverse()

	return "%s.in-addr.arpa" % ".".join(parts)

def reverse_pointer_to_ip_address(rr):
	parts = rr.split(".")

	# Only take IP address part
	parts = reversed(parts[0:4])

	return ".".join(parts)

class UnboundDHCPLeasesBridge(object):
	def __init__(self, dhcp_leases_file, fix_leases_file, unbound_leases_file, hosts_file):
		self.leases_file = dhcp_leases_file
		self.fix_leases_file = fix_leases_file
		self.hosts_file = hosts_file

		self.watches = {
			self.leases_file     : inotify.constants.IN_MODIFY,
			self.fix_leases_file : 0,
			self.hosts_file      : 0,
		}

		self.unbound = UnboundConfigWriter(unbound_leases_file)
		self.running = False

	def run(self):
		log.info("Unbound DHCP Leases Bridge started on %s" % self.leases_file)
		self.running = True

		i = inotify.adapters.Inotify()

		# Add watches for the directories of every relevant file
		for f, mask in self.watches.items():
			i.add_watch(
				os.path.dirname(f),
				mask | inotify.constants.IN_CLOSE_WRITE | inotify.constants.IN_MOVED_TO,
			)

		# Enabled so that we update hosts and leases on startup
		update_hosts = update_leases = True

		while self.running:
			log.debug("Wakeup of main loop")

			# Process the entire inotify queue and identify what we need to do
			for event in i.event_gen():
				# Nothing to do
				if event is None:
					break

				# Decode the event
				header, type_names, path, filename = event

				file = os.path.join(path, filename)

				log.debug("inotify event received for %s: %s", file, " ".join(type_names))

				# Did the hosts file change?
				if self.hosts_file == file:
					update_hosts = True

				# We will need to update the leases on any change
				update_leases = True

			# Update hosts (if needed)
			if update_hosts:
				self.hosts = self.read_static_hosts()

			# Update leases (if needed)
			if update_leases:
				self.update_dhcp_leases()

			# Reset
			update_hosts = update_leases = False

			# Wait a moment before we start the next iteration
			time.sleep(5)

		log.info("Unbound DHCP Leases Bridge terminated")

	def update_dhcp_leases(self):
		leases = []

		for lease in DHCPLeases(self.leases_file):
			# Don't bother with any leases that don't have a hostname
			if not lease.fqdn:
				continue

			leases.append(lease)

		for lease in FixLeases(self.fix_leases_file):
			leases.append(lease)

		# Skip any leases that also are a static host
		leases = [l for l in leases if not l.fqdn in self.hosts]

		# Remove any inactive or expired leases
		leases = [l for l in leases if l.active and not l.expired]

		# Dump leases
		if leases:
			log.debug("DHCP Leases:")
			for lease in leases:
				log.debug("  %s:" % lease.fqdn)
				log.debug("    State: %s" % lease.binding_state)
				log.debug("    Start: %s" % lease.time_starts)
				log.debug("    End  : %s" % lease.time_ends)
				if lease.expired:
					log.debug("    Expired")

		self.unbound.update_dhcp_leases(leases)

	def read_static_hosts(self):
		log.info("Reading static hosts from %s" % self.hosts_file)

		hosts = {}
		with open(self.hosts_file) as f:
			for line in f.readlines():
				line = line.rstrip()

				try:
					enabled, ipaddr, hostname, domainname, generateptr = line.split(",")
				except:
					log.warning("Could not parse line: %s" % line)
					continue

				# Skip any disabled entries
				if not enabled == "on":
					continue

				if hostname and domainname:
					fqdn = "%s.%s" % (hostname, domainname)
				elif hostname:
					fqdn = hostname
				elif domainname:
					fqdn = domainname

				try:
					hosts[fqdn].append(ipaddr)
					hosts[fqdn].sort()
				except KeyError:
					hosts[fqdn] = [ipaddr,]

		# Dump everything in the logs
		log.debug("Static hosts:")
		for name in hosts:
			log.debug("  %-20s : %s" % (name, ", ".join(hosts[name])))

		return hosts

	def terminate(self):
		self.running = False


class DHCPLeases(object):
	regex_leaseblock = re.compile(r"lease (?P<ipaddr>\d+\.\d+\.\d+\.\d+) {(?P<config>[\s\S]+?)\n}")

	def __init__(self, path):
		self.path = path

		self._leases = self._parse()

	def __iter__(self):
		return iter(self._leases)

	def _parse(self):
		log.info("Reading DHCP leases from %s" % self.path)

		leases = []

		with open(self.path) as f:
			# Read entire leases file
			data = f.read()

			for match in self.regex_leaseblock.finditer(data):
				block = match.groupdict()

				ipaddr = block.get("ipaddr")
				config = block.get("config")

				properties = self._parse_block(config)

				# Skip any abandoned leases
				if not "hardware" in properties:
					continue

				lease = Lease(ipaddr, properties)

				# Check if a lease for this Ethernet address already
				# exists in the list of known leases. If so replace
				# if with the most recent lease
				for i, l in enumerate(leases):
					if l.ipaddr == lease.ipaddr:
						leases[i] = max(lease, l)
						break

				else:
					leases.append(lease)

		return leases

	def _parse_block(self, block):
		properties = {}

		for line in block.splitlines():
			if not line:
				continue

			# Remove trailing ; from line
			if line.endswith(";"):
				line = line[:-1]

			# Invalid line if it doesn't end with ;
			else:
				continue

			# Remove any leading whitespace
			line = line.lstrip()

			# We skip all options and sets
			if line.startswith("option") or line.startswith("set"):
				continue

			# Split by first space
			key, val = line.split(" ", 1)
			properties[key] = val

		return properties


class FixLeases(object):
	cache = {}

	def __init__(self, path):
		self.path = path

		self._leases = self.cache[self.path] = self._parse()

	def __iter__(self):
		return iter(self._leases)

	def _parse(self):
		log.info("Reading fix leases from %s" % self.path)

		leases = []
		now = datetime.datetime.utcnow()

		with open(self.path) as f:
			for line in f.readlines():
				line = line.rstrip()

				try:
					hwaddr, ipaddr, enabled, a, b, c, hostname = line.split(",")
				except ValueError:
					log.warning("Could not parse line: %s" % line)
					continue

				# Skip any disabled leases
				if not enabled == "on":
					continue

				l = Lease(ipaddr, {
					"binding"         : "state active",
					"client-hostname" : hostname,
					"hardware"        : "ethernet %s" % hwaddr,
					"starts"          : now.strftime("%w %Y/%m/%d %H:%M:%S"),
					"ends"            : "never",
				})
				leases.append(l)

		# Try finding any deleted leases
		for lease in self.cache.get(self.path, []):
			if lease in leases:
				continue

			# Free the deleted lease
			lease.free()
			leases.append(lease)

		return leases


class Lease(object):
	def __init__(self, ipaddr, properties):
		self.ipaddr = ipaddr
		self._properties = properties

	def __repr__(self):
		return "<%s %s for %s (%s)>" % (self.__class__.__name__,
			self.ipaddr, self.hwaddr, self.hostname)

	def __eq__(self, other):
		return self.ipaddr == other.ipaddr and self.hwaddr == other.hwaddr

	def __gt__(self, other):
		if not self.ipaddr == other.ipaddr:
			return

		if not self.hwaddr == other.hwaddr:
			return

		return self.time_starts > other.time_starts

	@property
	def binding_state(self):
		state = self._properties.get("binding")

		if state:
			state = state.split(" ", 1)
			return state[1]

	def free(self):
		self._properties.update({
			"binding" : "state free",
		})

	@property
	def active(self):
		return self.binding_state == "active"

	@property
	def hwaddr(self):
		hardware = self._properties.get("hardware")

		if not hardware:
			return

		ethernet, address = hardware.split(" ", 1)

		return address

	@property
	def hostname(self):
		hostname = self._properties.get("client-hostname")

		if hostname is None:
			return

		# Remove any ""
		hostname = hostname.replace("\"", "")

		# Only return valid hostnames
		m = re.match(r"^[A-Z0-9\-]{1,63}$", hostname, re.I)
		if m:
			return hostname

	@property
	def domain(self):
		# Load ethernet settings
		ethernet_settings = self.read_settings("/var/ipfire/ethernet/settings")

		# Load DHCP settings
		dhcp_settings = self.read_settings("/var/ipfire/dhcp/settings")

		subnets = {}
		for zone in ("GREEN", "BLUE"):
			if not dhcp_settings.get("ENABLE_%s" % zone) == "on":
				continue

			netaddr = ethernet_settings.get("%s_NETADDRESS" % zone)
			submask = ethernet_settings.get("%s_NETMASK" % zone)

			subnet = ipaddress.ip_network("%s/%s" % (netaddr, submask))
			domain = dhcp_settings.get("DOMAIN_NAME_%s" % zone)

			subnets[subnet] = domain

		address = ipaddress.ip_address(self.ipaddr)

		for subnet in subnets:
			if address in subnet:
				return subnets[subnet]

		# Load main settings
		settings = self.read_settings("/var/ipfire/main/settings")

		# Fall back to the host domain if no match could be found
		return settings.get("DOMAINNAME", "localdomain")

	@staticmethod
	@functools.cache
	def read_settings(filename):
		settings = {}

		with open(filename) as f:
			for line in f.readlines():
				# Remove line-breaks
				line = line.rstrip()

				k, v = line.split("=", 1)
				settings[k] = v

		return settings

	@property
	def fqdn(self):
		if self.hostname:
			return "%s.%s" % (self.hostname, self.domain)

	@staticmethod
	def _parse_time(s):
		return datetime.datetime.strptime(s, "%w %Y/%m/%d %H:%M:%S")

	@property
	def time_starts(self):
		starts = self._properties.get("starts")

		if starts:
			return self._parse_time(starts)

	@property
	def time_ends(self):
		ends = self._properties.get("ends")

		if not ends or ends == "never":
			return

		return self._parse_time(ends)

	@property
	def expired(self):
		if not self.time_ends:
			return self.time_starts > datetime.datetime.utcnow()

		return self.time_starts > datetime.datetime.utcnow() > self.time_ends

	@property
	def rrset(self):
		# If the lease does not have a valid FQDN, we cannot create any RRs
		if self.fqdn is None:
			return []

		return [
			# Forward record
			(self.fqdn, "%s" % LOCAL_TTL, "IN A", self.ipaddr),

			# Reverse record
			(ip_address_to_reverse_pointer(self.ipaddr), "%s" % LOCAL_TTL,
				"IN PTR", self.fqdn),
		]


class UnboundConfigWriter(object):
	def __init__(self, path):
		self.path = path

	def update_dhcp_leases(self, leases):
		# Write out all leases
		if self.write_dhcp_leases(leases):
			log.debug("Reloading Unbound...")

			# Reload the configuration without dropping the cache
			self._control("reload_keep_cache")

	def write_dhcp_leases(self, leases):
		log.debug("Writing DHCP leases...")

		with tempfile.NamedTemporaryFile(mode="w") as f:
			for l in sorted(leases, key=lambda x: x.ipaddr):
				for rr in l.rrset:
					f.write("local-data: \"%s\"\n" % " ".join(rr))

			# Flush the file
			f.flush()

			# Compare if the new leases file has changed from the previous version
			try:
				if filecmp.cmp(f.name, self.path, shallow=False):
					log.debug("The generated leases file has not changed")

					return False

				# Remove the old file
				os.unlink(self.path)

			# If the previous file did not exist, just keep falling through
			except FileNotFoundError:
				pass

			# Make file readable for everyone
			os.fchmod(f.fileno(), stat.S_IRUSR|stat.S_IWUSR|stat.S_IRGRP|stat.S_IROTH)

			# Move the file to its destination
			os.link(f.name, self.path)

		return True

	def _control(self, *args):
		command = ["unbound-control"]
		command.extend(args)

		try:
			subprocess.check_output(command)

		# Log any errors
		except subprocess.CalledProcessError as e:
			log.critical("Could not run %s, error code: %s: %s" % (
				" ".join(command), e.returncode, e.output))

			raise e


if __name__ == "__main__":
	parser = argparse.ArgumentParser(description="Bridge for DHCP Leases and Unbound DNS")

	# Daemon Stuff
	parser.add_argument("--daemon", "-d", action="store_true",
		help="Launch as daemon in background")
	parser.add_argument("--verbose", "-v", action="count", help="Be more verbose")

	# Paths
	parser.add_argument("--dhcp-leases", default="/var/state/dhcp/dhcpd.leases",
		metavar="PATH", help="Path to the DHCPd leases file")
	parser.add_argument("--unbound-leases", default="/etc/unbound/dhcp-leases.conf",
		metavar="PATH", help="Path to the unbound configuration file")
	parser.add_argument("--fix-leases", default="/var/ipfire/dhcp/fixleases",
		metavar="PATH", help="Path to the fix leases file")
	parser.add_argument("--hosts", default="/var/ipfire/main/hosts",
		metavar="PATH", help="Path to static hosts file")

	# Parse command line arguments
	args = parser.parse_args()

	# Setup logging
	loglevel = logging.WARN

	if args.verbose:
		if args.verbose == 1:
			loglevel = logging.INFO
		elif args.verbose >= 2:
			loglevel = logging.DEBUG

	bridge = UnboundDHCPLeasesBridge(args.dhcp_leases, args.fix_leases,
		args.unbound_leases, args.hosts)

	with daemon.DaemonContext(
		detach_process=args.daemon,
		stderr=None if args.daemon else sys.stderr,
		signal_map = {
			signal.SIGHUP  : bridge.update_dhcp_leases,
			signal.SIGTERM : bridge.terminate,
		},
	) as daemon:
		setup_logging(daemon=args.daemon, loglevel=loglevel)

		bridge.run()
Commit	Line	Data
a8b1843b	1	#!/usr/bin/python3
0fbd7c3c MT	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2016 Michael Tremer #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21
	22	import argparse
	23	import datetime
	24	import daemon
749bf859	25	import filecmp
091cb62a	26	import functools
74a5ab67	27	import ipaddress
0fbd7c3c MT	28	import logging
0fbd7c3c MT	29	import logging.handlers
b666975e	30	import os
0fbd7c3c MT	31	import re
0fbd7c3c MT	32	import signal
7be4822f	33	import stat
0fbd7c3c	34	import subprocess
29a36036	35	import sys
b666975e	36	import tempfile
6d6e7949	37	import time
0fbd7c3c MT	38
	39	import inotify.adapters
	40
077ea717 MT	41	LOCAL_TTL = 60
077ea717 MT	42
29a36036 MT	43	log = logging.getLogger("dhcp")
	44	log.setLevel(logging.DEBUG)
	45
	46	def setup_logging(daemon=True, loglevel=logging.INFO):
0fbd7c3c MT	47	log.setLevel(loglevel)
0fbd7c3c MT	48
29a36036	49	# Log to syslog by default
0fbd7c3c	50	handler = logging.handlers.SysLogHandler(address="/dev/log", facility="daemon")
29a36036	51	log.addHandler(handler)
0fbd7c3c	52
29a36036	53	# Format everything
0fbd7c3c MT	54	formatter = logging.Formatter("%(name)s[%(process)d]: %(message)s")
	55	handler.setFormatter(formatter)
	56
29a36036	57	handler.setLevel(loglevel)
0fbd7c3c	58
29a36036 MT	59	# If we are running in foreground, we should write everything to the console, too
	60	if not daemon:
	61	handler = logging.StreamHandler()
	62	log.addHandler(handler)
0fbd7c3c	63
29a36036 MT	64	handler.setLevel(loglevel)
	65
	66	return log
0fbd7c3c	67
e22bcd38 MT	68	def ip_address_to_reverse_pointer(address):
	69	parts = address.split(".")
	70	parts.reverse()
	71
	72	return "%s.in-addr.arpa" % ".".join(parts)
	73
	74	def reverse_pointer_to_ip_address(rr):
	75	parts = rr.split(".")
	76
	77	# Only take IP address part
	78	parts = reversed(parts[0:4])
	79
	80	return ".".join(parts)
	81
0fbd7c3c	82	class UnboundDHCPLeasesBridge(object):
7354d294	83	def __init__(self, dhcp_leases_file, fix_leases_file, unbound_leases_file, hosts_file):
0fbd7c3c	84	self.leases_file = dhcp_leases_file
86c9deb2	85	self.fix_leases_file = fix_leases_file
7354d294	86	self.hosts_file = hosts_file
0fbd7c3c	87
6d6e7949 MT	88	self.watches = {
	89	self.leases_file : inotify.constants.IN_MODIFY,
	90	self.fix_leases_file : 0,
	91	self.hosts_file : 0,
	92	}
	93
0fbd7c3c MT	94	self.unbound = UnboundConfigWriter(unbound_leases_file)
	95	self.running = False
	96
	97	def run(self):
	98	log.info("Unbound DHCP Leases Bridge started on %s" % self.leases_file)
	99	self.running = True
	100
6d6e7949 MT	101	i = inotify.adapters.Inotify()
	102
	103	# Add watches for the directories of every relevant file
	104	for f, mask in self.watches.items():
	105	i.add_watch(
	106	os.path.dirname(f),
	107	mask \| inotify.constants.IN_CLOSE_WRITE \| inotify.constants.IN_MOVED_TO,
	108	)
	109
	110	# Enabled so that we update hosts and leases on startup
	111	update_hosts = update_leases = True
	112
	113	while self.running:
	114	log.debug("Wakeup of main loop")
0fbd7c3c	115
6d6e7949 MT	116	# Process the entire inotify queue and identify what we need to do
	117	for event in i.event_gen():
	118	# Nothing to do
	119	if event is None:
	120	break
0fbd7c3c	121
6d6e7949 MT	122	# Decode the event
6d6e7949 MT	123	header, type_names, path, filename = event
0fbd7c3c	124
6d6e7949	125	file = os.path.join(path, filename)
0fbd7c3c	126
6d6e7949	127	log.debug("inotify event received for %s: %s", file, " ".join(type_names))
0fbd7c3c	128
6d6e7949 MT	129	# Did the hosts file change?
	130	if self.hosts_file == file:
	131	update_hosts = True
7354d294	132
6d6e7949 MT	133	# We will need to update the leases on any change
	134	update_leases = True
	135
	136	# Update hosts (if needed)
	137	if update_hosts:
	138	self.hosts = self.read_static_hosts()
	139
	140	# Update leases (if needed)
	141	if update_leases:
0fbd7c3c MT	142	self.update_dhcp_leases()
0fbd7c3c MT	143
6d6e7949 MT	144	# Reset
	145	update_hosts = update_leases = False
	146
	147	# Wait a moment before we start the next iteration
	148	time.sleep(5)
86c9deb2	149
0fbd7c3c MT	150	log.info("Unbound DHCP Leases Bridge terminated")
	151
	152	def update_dhcp_leases(self):
86c9deb2 MT	153	leases = []
	154
	155	for lease in DHCPLeases(self.leases_file):
5d4f3a42 MT	156	# Don't bother with any leases that don't have a hostname
	157	if not lease.fqdn:
	158	continue
	159
86c9deb2 MT	160	leases.append(lease)
	161
	162	for lease in FixLeases(self.fix_leases_file):
	163	leases.append(lease)
0fbd7c3c	164
c7b83f9b MT	165	# Skip any leases that also are a static host
	166	leases = [l for l in leases if not l.fqdn in self.hosts]
	167
	168	# Remove any inactive or expired leases
	169	leases = [l for l in leases if l.active and not l.expired]
	170
	171	# Dump leases
	172	if leases:
	173	log.debug("DHCP Leases:")
	174	for lease in leases:
	175	log.debug(" %s:" % lease.fqdn)
	176	log.debug(" State: %s" % lease.binding_state)
	177	log.debug(" Start: %s" % lease.time_starts)
	178	log.debug(" End : %s" % lease.time_ends)
	179	if lease.expired:
	180	log.debug(" Expired")
	181
0fbd7c3c MT	182	self.unbound.update_dhcp_leases(leases)
0fbd7c3c MT	183
7354d294 MT	184	def read_static_hosts(self):
	185	log.info("Reading static hosts from %s" % self.hosts_file)
	186
	187	hosts = {}
	188	with open(self.hosts_file) as f:
	189	for line in f.readlines():
	190	line = line.rstrip()
	191
	192	try:
4a465756	193	enabled, ipaddr, hostname, domainname, generateptr = line.split(",")
7354d294 MT	194	except:
	195	log.warning("Could not parse line: %s" % line)
	196	continue
	197
	198	# Skip any disabled entries
	199	if not enabled == "on":
	200	continue
	201
	202	if hostname and domainname:
	203	fqdn = "%s.%s" % (hostname, domainname)
	204	elif hostname:
	205	fqdn = hostname
	206	elif domainname:
	207	fqdn = domainname
	208
	209	try:
	210	hosts[fqdn].append(ipaddr)
	211	hosts[fqdn].sort()
	212	except KeyError:
	213	hosts[fqdn] = [ipaddr,]
	214
	215	# Dump everything in the logs
	216	log.debug("Static hosts:")
96c86cf6 MT	217	for name in hosts:
96c86cf6 MT	218	log.debug(" %-20s : %s" % (name, ", ".join(hosts[name])))
7354d294 MT	219
	220	return hosts
	221
0fbd7c3c MT	222	def terminate(self):
	223	self.running = False
	224
	225
	226	class DHCPLeases(object):
	227	regex_leaseblock = re.compile(r"lease (?P<ipaddr>\d+\.\d+\.\d+\.\d+) {(?P<config>[\s\S]+?)\n}")
	228
	229	def __init__(self, path):
	230	self.path = path
	231
	232	self._leases = self._parse()
	233
	234	def __iter__(self):
	235	return iter(self._leases)
	236
	237	def _parse(self):
86c9deb2 MT	238	log.info("Reading DHCP leases from %s" % self.path)
86c9deb2 MT	239
0fbd7c3c MT	240	leases = []
	241
	242	with open(self.path) as f:
	243	# Read entire leases file
	244	data = f.read()
	245
	246	for match in self.regex_leaseblock.finditer(data):
	247	block = match.groupdict()
	248
	249	ipaddr = block.get("ipaddr")
	250	config = block.get("config")
	251
	252	properties = self._parse_block(config)
	253
	254	# Skip any abandoned leases
	255	if not "hardware" in properties:
	256	continue
	257
	258	lease = Lease(ipaddr, properties)
	259
	260	# Check if a lease for this Ethernet address already
	261	# exists in the list of known leases. If so replace
	262	# if with the most recent lease
	263	for i, l in enumerate(leases):
8b1eb795	264	if l.ipaddr == lease.ipaddr:
0fbd7c3c MT	265	leases[i] = max(lease, l)
	266	break
	267
	268	else:
	269	leases.append(lease)
	270
	271	return leases
	272
	273	def _parse_block(self, block):
	274	properties = {}
	275
	276	for line in block.splitlines():
	277	if not line:
	278	continue
	279
	280	# Remove trailing ; from line
	281	if line.endswith(";"):
	282	line = line[:-1]
	283
	284	# Invalid line if it doesn't end with ;
	285	else:
	286	continue
	287
	288	# Remove any leading whitespace
	289	line = line.lstrip()
	290
	291	# We skip all options and sets
	292	if line.startswith("option") or line.startswith("set"):
	293	continue
	294
	295	# Split by first space
	296	key, val = line.split(" ", 1)
	297	properties[key] = val
	298
	299	return properties
	300
	301
86c9deb2 MT	302	class FixLeases(object):
	303	cache = {}
	304
	305	def __init__(self, path):
	306	self.path = path
	307
	308	self._leases = self.cache[self.path] = self._parse()
	309
	310	def __iter__(self):
	311	return iter(self._leases)
	312
	313	def _parse(self):
	314	log.info("Reading fix leases from %s" % self.path)
	315
	316	leases = []
	317	now = datetime.datetime.utcnow()
	318
	319	with open(self.path) as f:
	320	for line in f.readlines():
	321	line = line.rstrip()
	322
	323	try:
	324	hwaddr, ipaddr, enabled, a, b, c, hostname = line.split(",")
	325	except ValueError:
	326	log.warning("Could not parse line: %s" % line)
	327	continue
	328
	329	# Skip any disabled leases
	330	if not enabled == "on":
	331	continue
	332
	333	l = Lease(ipaddr, {
	334	"binding" : "state active",
	335	"client-hostname" : hostname,
	336	"hardware" : "ethernet %s" % hwaddr,
	337	"starts" : now.strftime("%w %Y/%m/%d %H:%M:%S"),
	338	"ends" : "never",
	339	})
	340	leases.append(l)
	341
	342	# Try finding any deleted leases
	343	for lease in self.cache.get(self.path, []):
	344	if lease in leases:
	345	continue
	346
	347	# Free the deleted lease
	348	lease.free()
	349	leases.append(lease)
	350
	351	return leases
	352
	353
0fbd7c3c MT	354	class Lease(object):
	355	def __init__(self, ipaddr, properties):
	356	self.ipaddr = ipaddr
	357	self._properties = properties
	358
	359	def __repr__(self):
	360	return "<%s %s for %s (%s)>" % (self.__class__.__name__,
	361	self.ipaddr, self.hwaddr, self.hostname)
	362
	363	def __eq__(self, other):
	364	return self.ipaddr == other.ipaddr and self.hwaddr == other.hwaddr
	365
	366	def __gt__(self, other):
	367	if not self.ipaddr == other.ipaddr:
	368	return
	369
	370	if not self.hwaddr == other.hwaddr:
	371	return
	372
	373	return self.time_starts > other.time_starts
	374
	375	@property
	376	def binding_state(self):
	377	state = self._properties.get("binding")
	378
	379	if state:
	380	state = state.split(" ", 1)
	381	return state[1]
	382
86c9deb2 MT	383	def free(self):
	384	self._properties.update({
	385	"binding" : "state free",
	386	})
	387
0fbd7c3c MT	388	@property
	389	def active(self):
	390	return self.binding_state == "active"
	391
	392	@property
	393	def hwaddr(self):
	394	hardware = self._properties.get("hardware")
	395
	396	if not hardware:
	397	return
	398
	399	ethernet, address = hardware.split(" ", 1)
	400
	401	return address
	402
	403	@property
	404	def hostname(self):
	405	hostname = self._properties.get("client-hostname")
	406
998e880b MT	407	if hostname is None:
	408	return
	409
0fbd7c3c	410	# Remove any ""
998e880b	411	hostname = hostname.replace("\"", "")
0fbd7c3c	412
998e880b MT	413	# Only return valid hostnames
	414	m = re.match(r"^[A-Z0-9\-]{1,63}$", hostname, re.I)
	415	if m:
	416	return hostname
0fbd7c3c MT	417
	418	@property
	419	def domain(self):
74a5ab67 MT	420	# Load ethernet settings
	421	ethernet_settings = self.read_settings("/var/ipfire/ethernet/settings")
	422
	423	# Load DHCP settings
	424	dhcp_settings = self.read_settings("/var/ipfire/dhcp/settings")
	425
	426	subnets = {}
	427	for zone in ("GREEN", "BLUE"):
	428	if not dhcp_settings.get("ENABLE_%s" % zone) == "on":
	429	continue
	430
	431	netaddr = ethernet_settings.get("%s_NETADDRESS" % zone)
	432	submask = ethernet_settings.get("%s_NETMASK" % zone)
	433
	434	subnet = ipaddress.ip_network("%s/%s" % (netaddr, submask))
	435	domain = dhcp_settings.get("DOMAIN_NAME_%s" % zone)
	436
	437	subnets[subnet] = domain
	438
	439	address = ipaddress.ip_address(self.ipaddr)
	440
96c86cf6	441	for subnet in subnets:
74a5ab67	442	if address in subnet:
96c86cf6	443	return subnets[subnet]
74a5ab67	444
ca4de263 MT	445	# Load main settings
	446	settings = self.read_settings("/var/ipfire/main/settings")
	447
	448	# Fall back to the host domain if no match could be found
	449	return settings.get("DOMAINNAME", "localdomain")
74a5ab67 MT	450
74a5ab67 MT	451	@staticmethod
091cb62a	452	@functools.cache
74a5ab67 MT	453	def read_settings(filename):
	454	settings = {}
	455
	456	with open(filename) as f:
	457	for line in f.readlines():
	458	# Remove line-breaks
	459	line = line.rstrip()
	460
	461	k, v = line.split("=", 1)
	462	settings[k] = v
	463
	464	return settings
0fbd7c3c MT	465
	466	@property
	467	def fqdn(self):
998e880b MT	468	if self.hostname:
998e880b MT	469	return "%s.%s" % (self.hostname, self.domain)
0fbd7c3c MT	470
	471	@staticmethod
	472	def _parse_time(s):
	473	return datetime.datetime.strptime(s, "%w %Y/%m/%d %H:%M:%S")
	474
	475	@property
	476	def time_starts(self):
	477	starts = self._properties.get("starts")
	478
	479	if starts:
	480	return self._parse_time(starts)
	481
	482	@property
	483	def time_ends(self):
	484	ends = self._properties.get("ends")
	485
	486	if not ends or ends == "never":
	487	return
	488
	489	return self._parse_time(ends)
	490
	491	@property
	492	def expired(self):
	493	if not self.time_ends:
	494	return self.time_starts > datetime.datetime.utcnow()
	495
	496	return self.time_starts > datetime.datetime.utcnow() > self.time_ends
	497
	498	@property
	499	def rrset(self):
998e880b MT	500	# If the lease does not have a valid FQDN, we cannot create any RRs
	501	if self.fqdn is None:
	502	return []
	503
0fbd7c3c MT	504	return [
0fbd7c3c MT	505	# Forward record
b8dd42b9	506	(self.fqdn, "%s" % LOCAL_TTL, "IN A", self.ipaddr),
0fbd7c3c MT	507
0fbd7c3c MT	508	# Reverse record
e22bcd38 MT	509	(ip_address_to_reverse_pointer(self.ipaddr), "%s" % LOCAL_TTL,
e22bcd38 MT	510	"IN PTR", self.fqdn),
0fbd7c3c MT	511	]
	512
	513
	514	class UnboundConfigWriter(object):
	515	def __init__(self, path):
	516	self.path = path
	517
0fbd7c3c	518	def update_dhcp_leases(self, leases):
0fbd7c3c	519	# Write out all leases
749bf859 MT	520	if self.write_dhcp_leases(leases):
749bf859 MT	521	log.debug("Reloading Unbound...")
0fbd7c3c	522
749bf859 MT	523	# Reload the configuration without dropping the cache
749bf859 MT	524	self._control("reload_keep_cache")
0fbd7c3c MT	525
0fbd7c3c MT	526	def write_dhcp_leases(self, leases):
f20ca78e	527	log.debug("Writing DHCP leases...")
b666975e	528
c3cabfa0	529	with tempfile.NamedTemporaryFile(mode="w") as f:
749bf859	530	for l in sorted(leases, key=lambda x: x.ipaddr):
0fbd7c3c MT	531	for rr in l.rrset:
	532	f.write("local-data: \"%s\"\n" % " ".join(rr))
	533
c3cabfa0 MT	534	# Flush the file
	535	f.flush()
	536
749bf859	537	# Compare if the new leases file has changed from the previous version
4bf50efa MT	538	try:
	539	if filecmp.cmp(f.name, self.path, shallow=False):
	540	log.debug("The generated leases file has not changed")
749bf859	541
4bf50efa MT	542	return False
	543
	544	# Remove the old file
	545	os.unlink(self.path)
	546
	547	# If the previous file did not exist, just keep falling through
	548	except FileNotFoundError:
	549	pass
749bf859	550
7be4822f MT	551	# Make file readable for everyone
	552	os.fchmod(f.fileno(), stat.S_IRUSR\|stat.S_IWUSR\|stat.S_IRGRP\|stat.S_IROTH)
	553
f20ca78e	554	# Move the file to its destination
c3cabfa0	555	os.link(f.name, self.path)
b666975e	556
749bf859 MT	557	return True
749bf859 MT	558
0fbd7c3c	559	def _control(self, *args):
b8dd42b9	560	command = ["unbound-control"]
0fbd7c3c MT	561	command.extend(args)
	562
	563	try:
3ec5ba50	564	subprocess.check_output(command)
0fbd7c3c MT	565
	566	# Log any errors
	567	except subprocess.CalledProcessError as e:
	568	log.critical("Could not run %s, error code: %s: %s" % (
	569	" ".join(command), e.returncode, e.output))
	570
f20ca78e	571	raise e
3ec5ba50	572
0fbd7c3c MT	573
	574	if __name__ == "__main__":
	575	parser = argparse.ArgumentParser(description="Bridge for DHCP Leases and Unbound DNS")
	576
	577	# Daemon Stuff
	578	parser.add_argument("--daemon", "-d", action="store_true",
	579	help="Launch as daemon in background")
	580	parser.add_argument("--verbose", "-v", action="count", help="Be more verbose")
	581
	582	# Paths
	583	parser.add_argument("--dhcp-leases", default="/var/state/dhcp/dhcpd.leases",
	584	metavar="PATH", help="Path to the DHCPd leases file")
	585	parser.add_argument("--unbound-leases", default="/etc/unbound/dhcp-leases.conf",
	586	metavar="PATH", help="Path to the unbound configuration file")
86c9deb2 MT	587	parser.add_argument("--fix-leases", default="/var/ipfire/dhcp/fixleases",
86c9deb2 MT	588	metavar="PATH", help="Path to the fix leases file")
7354d294 MT	589	parser.add_argument("--hosts", default="/var/ipfire/main/hosts",
7354d294 MT	590	metavar="PATH", help="Path to static hosts file")
0fbd7c3c MT	591
	592	# Parse command line arguments
	593	args = parser.parse_args()
	594
	595	# Setup logging
83e5f672 MT	596	loglevel = logging.WARN
	597
	598	if args.verbose:
	599	if args.verbose == 1:
	600	loglevel = logging.INFO
	601	elif args.verbose >= 2:
	602	loglevel = logging.DEBUG
0fbd7c3c	603
7354d294 MT	604	bridge = UnboundDHCPLeasesBridge(args.dhcp_leases, args.fix_leases,
7354d294 MT	605	args.unbound_leases, args.hosts)
0fbd7c3c	606
1918174d MT	607	with daemon.DaemonContext(
	608	detach_process=args.daemon,
	609	stderr=None if args.daemon else sys.stderr,
	610	signal_map = {
	611	signal.SIGHUP : bridge.update_dhcp_leases,
	612	signal.SIGTERM : bridge.terminate,
	613	},
	614	) as daemon:
f9611355 MT	615	setup_logging(daemon=args.daemon, loglevel=loglevel)
f9611355 MT	616
0fbd7c3c	617	bridge.run()