revpi/revpipyload
1
0
Fork 0
mirror of https://github.com/naruxde/revpipyload.git synced 2025-11-08 15:13:52 +01:00
Code Issues Packages Releases Wiki Activity

IpAclManager ausgelagert in shared

Browse Source 
ACLs über Datei laden (Eine ACL pro Zeile)
ProcimgServer Parameter aclmode entfernt
Codestyle
This commit is contained in:
Sven Sager
2018-04-04 16:24:57 +02:00
parent ec34a1903a
commit 0151dbceeb
20 changed files with 558 additions and 296 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
data/etc/revpipyload/aclplcslave.conf Normal file
View File

@@ -0,0 +1,3 @@
# PLC-SLAVE Access Control List (acl)
# One entry per Line IPADRESS,LEVEL
#

3
data/etc/revpipyload/aclxmlrpc.conf Normal file
View File

@@ -0,0 +1,3 @@
# XML-RPC Access Control List (acl)
# One entry per Line IPADRESS,LEVEL
#

4
data/etc/revpipyload/revpipyload.conf
View File

@@ -14,11 +14,11 @@ zeroonexit = 0
[PLCSLAVE]
plcslave = 0
acl =
aclfile = /etc/revpipyload/aclplcslave.conf
bindip = *
port = 55234
[XMLRPC]
xmlrpc = 0
acl =
aclfile = /etc/revpipyload/aclxmlrpc.conf
bindip = *

137
doc/helper.html
View File

@@ -17,10 +17,7 @@ Global Attributes</h3>
<h3 style="background-color:#FFFFFF;color:#FF0000">
Classes</h3>
<table>
<tr>
<td><a style="color:#0000FF" href="#IpAclManager">IpAclManager</a></td>
<td>Verwaltung fuer IP Adressen und deren ACL Level.</td>
</tr>
<tr><td>None</td></tr>
</table>
<h3 style="background-color:#FFFFFF;color:#FF0000">
Functions</h3>
@@ -37,138 +34,6 @@ Functions</h3>
</tr>
</table>
<hr /><hr />
<a NAME="IpAclManager" ID="IpAclManager"></a>
<h2 style="background-color:#FFFFFF;color:#0000FF">IpAclManager</h2>
<p>
Verwaltung fuer IP Adressen und deren ACL Level.
</p>
<h3 style="background-color:#FFFFFF;color:#FF0000">
Derived from</h3>
None
<h3 style="background-color:#FFFFFF;color:#FF0000">
Class Attributes</h3>
<table>
<tr><td>acl</td></tr><tr><td>regex_acl</td></tr>
</table>
<h3 style="background-color:#FFFFFF;color:#FF0000">
Class Methods</h3>
<table>
<tr><td>None</td></tr>
</table>
<h3 style="background-color:#FFFFFF;color:#FF0000">
Methods</h3>
<table>
<tr>
<td><a style="color:#0000FF" href="#IpAclManager.__init__">IpAclManager</a></td>
<td>Init IpAclManager class.</td>
</tr><tr>
<td><a style="color:#0000FF" href="#IpAclManager.__get_acl">__get_acl</a></td>
<td>Getter fuer den rohen ACL-String.</td>
</tr><tr>
<td><a style="color:#0000FF" href="#IpAclManager.__get_regex_acl">__get_regex_acl</a></td>
<td>Gibt formatierten RegEx-String zurueck.</td>
</tr><tr>
<td><a style="color:#0000FF" href="#IpAclManager.__iter__">__iter__</a></td>
<td>Gibt einzelne ACLs als <class 'tuple'> aus.</td>
</tr><tr>
<td><a style="color:#0000FF" href="#IpAclManager.__set_acl">__set_acl</a></td>
<td>Uebernimmt neue ACL-Liste fuer die Ausertung der Level.</td>
</tr><tr>
<td><a style="color:#0000FF" href="#IpAclManager.get_acllevel">get_acllevel</a></td>
<td>Prueft IP gegen ACL List und gibt ACL-Wert aus.</td>
</tr><tr>
<td><a style="color:#0000FF" href="#IpAclManager.loadacl">loadacl</a></td>
<td>Laed ACL String und gibt erfolg zurueck.</td>
</tr>
</table>
<h3 style="background-color:#FFFFFF;color:#FF0000">
Static Methods</h3>
<table>
<tr><td>None</td></tr>
</table>
<a NAME="IpAclManager.__init__" ID="IpAclManager.__init__"></a>
<h3 style="background-color:#FFFFFF;color:#FF0000">
IpAclManager (Constructor)</h3>
<b>IpAclManager</b>(<i>minlevel, maxlevel, acl=None</i>)
<p>
Init IpAclManager class.
</p><dl>
<dt><i>minlevel</i></dt>
<dd>
Smallest access level (min. 0)
</dd><dt><i>maxlevel</i></dt>
<dd>
Biggest access level (max. 9)
</dd><dt><i>acl</i></dt>
<dd>
ACL Liste fuer Berechtigungen als <class 'str'>
</dd>
</dl><a NAME="IpAclManager.__get_acl" ID="IpAclManager.__get_acl"></a>
<h3 style="background-color:#FFFFFF;color:#FF0000">
IpAclManager.__get_acl</h3>
<b>__get_acl</b>(<i></i>)
<p>
Getter fuer den rohen ACL-String.
return ACLs als <class 'str'>
</p><a NAME="IpAclManager.__get_regex_acl" ID="IpAclManager.__get_regex_acl"></a>
<h3 style="background-color:#FFFFFF;color:#FF0000">
IpAclManager.__get_regex_acl</h3>
<b>__get_regex_acl</b>(<i></i>)
<p>
Gibt formatierten RegEx-String zurueck.
return RegEx Code als <class 'str'>
</p><a NAME="IpAclManager.__iter__" ID="IpAclManager.__iter__"></a>
<h3 style="background-color:#FFFFFF;color:#FF0000">
IpAclManager.__iter__</h3>
<b>__iter__</b>(<i></i>)
<p>
Gibt einzelne ACLs als <class 'tuple'> aus.
</p><a NAME="IpAclManager.__set_acl" ID="IpAclManager.__set_acl"></a>
<h3 style="background-color:#FFFFFF;color:#FF0000">
IpAclManager.__set_acl</h3>
<b>__set_acl</b>(<i>value</i>)
<p>
Uebernimmt neue ACL-Liste fuer die Ausertung der Level.
</p><dl>
<dt><i>value</i></dt>
<dd>
Neue ACL-Liste als <class 'str'>
</dd>
</dl><a NAME="IpAclManager.get_acllevel" ID="IpAclManager.get_acllevel"></a>
<h3 style="background-color:#FFFFFF;color:#FF0000">
IpAclManager.get_acllevel</h3>
<b>get_acllevel</b>(<i>ipaddress</i>)
<p>
Prueft IP gegen ACL List und gibt ACL-Wert aus.
</p><dl>
<dt><i>ipaddress</i></dt>
<dd>
zum pruefen
</dd>
</dl><dl>
<dt>Returns:</dt>
<dd>
<class 'int'> ACL Wert oder -1 wenn nicht gefunden
</dd>
</dl><a NAME="IpAclManager.loadacl" ID="IpAclManager.loadacl"></a>
<h3 style="background-color:#FFFFFF;color:#FF0000">
IpAclManager.loadacl</h3>
<b>loadacl</b>(<i>str_acl</i>)
<p>
Laed ACL String und gibt erfolg zurueck.
</p><dl>
<dt><i>str_acl</i></dt>
<dd>
ACL als <class 'str'>
</dd>
</dl><dl>
<dt>Returns:</dt>
<dd>
True, wenn erfolgreich uebernommen
</dd>
</dl>
<div align="right"><a style="color:#0000FF" href="#top">Up</a></div>
<hr /><hr />
<a NAME="_setuprt" ID="_setuprt"></a>
<h2 style="background-color:#FFFFFF;color:#0000FF">_setuprt</h2>
<b>_setuprt</b>(<i>pid, evt_exit</i>)

20
doc/index-revpipyload.shared.html Normal file
View File

@@ -0,0 +1,20 @@
<!DOCTYPE html>
<html><head>
<title>revpipyload.shared</title>
<meta charset="UTF-8">
</head>
<body style="background-color:#FFFFFF;color:#000000">
<h1 style="background-color:#FFFFFF;color:#0000FF">
revpipyload.shared</h1>
<h3 style="background-color:#FFFFFF;color:#FF0000">
Modules</h3>
<table>
<tr>
<td><a style="color:#0000FF" href="revpipyload.shared.ipaclmanager.html">ipaclmanager</a></td>
<td>Verwaltet IP Adressen und deren ACLs.</td>
</tr>
</table>
</body></html>

8
doc/index.html
View File

@@ -8,6 +8,14 @@
Table of contents</h1>
<h3 style="background-color:#FFFFFF;color:#FF0000">
Packages</h3>
<table>
<tr>
<td><a style="color:#0000FF" href="index-revpipyload.shared.html">shared</a></td>
<td></td>
</tr>
</table>
<h3 style="background-color:#FFFFFF;color:#FF0000">
Modules</h3>

4
doc/picontrolserver.html
View File

@@ -85,9 +85,9 @@ RevPiSlave (Constructor)</h3>
<p>
Instantiiert RevPiSlave-Klasse.
</p><dl>
<dt><i>acl</i></dt>
<dt><i>ipacl</i></dt>
<dd>
Stringliste mit Leerstellen getrennt
AclManager <class 'IpAclManager'>
</dd><dt><i>port</i></dt>
<dd>
Listen Port fuer plc Slaveserver

5
doc/procimgserver.html
View File

@@ -93,16 +93,13 @@ Static Methods</h3>
<a NAME="ProcimgServer.__init__" ID="ProcimgServer.__init__"></a>
<h3 style="background-color:#FFFFFF;color:#FF0000">
ProcimgServer (Constructor)</h3>
<b>ProcimgServer</b>(<i>xmlserver, aclmode</i>)
<b>ProcimgServer</b>(<i>xmlserver</i>)
<p>
Instantiiert RevPiCheckServer()-Klasse.
</p><dl>
<dt><i>xmlserver</i></dt>
<dd>
XML-RPC Server
</dd><dt><i>aclmode</i></dt>
<dd>
Zugriffsrechte
</dd>
</dl><a NAME="ProcimgServer.devices" ID="ProcimgServer.devices"></a>
<h3 style="background-color:#FFFFFF;color:#FF0000">

239
doc/revpipyload.shared.ipaclmanager.html Normal file
View File

@@ -0,0 +1,239 @@
<!DOCTYPE html>
<html><head>
<title>revpipyload.shared.ipaclmanager</title>
<meta charset="UTF-8">
</head>
<body style="background-color:#FFFFFF;color:#000000"><a NAME="top" ID="top"></a>
<h1 style="background-color:#FFFFFF;color:#0000FF">
revpipyload.shared.ipaclmanager</h1>
<p>
Verwaltet IP Adressen und deren ACLs.
</p>
<h3 style="background-color:#FFFFFF;color:#FF0000">
Global Attributes</h3>
<table>
<tr><td>None</td></tr>
</table>
<h3 style="background-color:#FFFFFF;color:#FF0000">
Classes</h3>
<table>
<tr>
<td><a style="color:#0000FF" href="#IpAclManager">IpAclManager</a></td>
<td>Verwaltung fuer IP Adressen und deren ACL Level.</td>
</tr>
</table>
<h3 style="background-color:#FFFFFF;color:#FF0000">
Functions</h3>
<table>
<tr>
<td><a style="color:#0000FF" href="#refullmatch">refullmatch</a></td>
<td>re.fullmatch wegen alter python version aus wheezy nachgebaut.</td>
</tr>
</table>
<hr /><hr />
<a NAME="IpAclManager" ID="IpAclManager"></a>
<h2 style="background-color:#FFFFFF;color:#0000FF">IpAclManager</h2>
<p>
Verwaltung fuer IP Adressen und deren ACL Level.
</p>
<h3 style="background-color:#FFFFFF;color:#FF0000">
Derived from</h3>
None
<h3 style="background-color:#FFFFFF;color:#FF0000">
Class Attributes</h3>
<table>
<tr><td>acl</td></tr><tr><td>filename</td></tr><tr><td>regex_acl</td></tr>
</table>
<h3 style="background-color:#FFFFFF;color:#FF0000">
Class Methods</h3>
<table>
<tr><td>None</td></tr>
</table>
<h3 style="background-color:#FFFFFF;color:#FF0000">
Methods</h3>
<table>
<tr>
<td><a style="color:#0000FF" href="#IpAclManager.__init__">IpAclManager</a></td>
<td>Init IpAclManager class.</td>
</tr><tr>
<td><a style="color:#0000FF" href="#IpAclManager.__get_acl">__get_acl</a></td>
<td>Getter fuer den rohen ACL-String.</td>
</tr><tr>
<td><a style="color:#0000FF" href="#IpAclManager.__get_filename">__get_filename</a></td>
<td>Getter fuer Dateinamen.</td>
</tr><tr>
<td><a style="color:#0000FF" href="#IpAclManager.__get_regex_acl">__get_regex_acl</a></td>
<td>Gibt formatierten RegEx-String zurueck.</td>
</tr><tr>
<td><a style="color:#0000FF" href="#IpAclManager.__iter__">__iter__</a></td>
<td>Gibt einzelne ACLs als <class 'tuple'> aus.</td>
</tr><tr>
<td><a style="color:#0000FF" href="#IpAclManager.__set_acl">__set_acl</a></td>
<td>Uebernimmt neue ACL-Liste fuer die Ausertung der Level.</td>
</tr><tr>
<td><a style="color:#0000FF" href="#IpAclManager.get_acllevel">get_acllevel</a></td>
<td>Prueft IP gegen ACL List und gibt ACL-Wert aus.</td>
</tr><tr>
<td><a style="color:#0000FF" href="#IpAclManager.loadacl">loadacl</a></td>
<td>Laed ACL String und gibt erfolg zurueck.</td>
</tr><tr>
<td><a style="color:#0000FF" href="#IpAclManager.loadaclfile">loadaclfile</a></td>
<td>Laed ACL Definitionen aus Datei.</td>
</tr><tr>
<td><a style="color:#0000FF" href="#IpAclManager.writeaclfile">writeaclfile</a></td>
<td>Schreibt ACL Definitionen in Datei.</td>
</tr>
</table>
<h3 style="background-color:#FFFFFF;color:#FF0000">
Static Methods</h3>
<table>
<tr><td>None</td></tr>
</table>
<a NAME="IpAclManager.__init__" ID="IpAclManager.__init__"></a>
<h3 style="background-color:#FFFFFF;color:#FF0000">
IpAclManager (Constructor)</h3>
<b>IpAclManager</b>(<i>minlevel, maxlevel, acl=None</i>)
<p>
Init IpAclManager class.
</p><dl>
<dt><i>minlevel</i></dt>
<dd>
Smallest access level (min. 0)
</dd><dt><i>maxlevel</i></dt>
<dd>
Biggest access level (max. 9)
</dd><dt><i>acl</i></dt>
<dd>
ACL Liste fuer Berechtigungen als <class 'str'>
</dd>
</dl><a NAME="IpAclManager.__get_acl" ID="IpAclManager.__get_acl"></a>
<h3 style="background-color:#FFFFFF;color:#FF0000">
IpAclManager.__get_acl</h3>
<b>__get_acl</b>(<i></i>)
<p>
Getter fuer den rohen ACL-String.
return ACLs als <class 'str'>
</p><a NAME="IpAclManager.__get_filename" ID="IpAclManager.__get_filename"></a>
<h3 style="background-color:#FFFFFF;color:#FF0000">
IpAclManager.__get_filename</h3>
<b>__get_filename</b>(<i></i>)
<p>
Getter fuer Dateinamen.
</p><dl>
<dt>Returns:</dt>
<dd>
Filename der ACL <class 'str'>
</dd>
</dl><a NAME="IpAclManager.__get_regex_acl" ID="IpAclManager.__get_regex_acl"></a>
<h3 style="background-color:#FFFFFF;color:#FF0000">
IpAclManager.__get_regex_acl</h3>
<b>__get_regex_acl</b>(<i></i>)
<p>
Gibt formatierten RegEx-String zurueck.
return RegEx Code als <class 'str'>
</p><a NAME="IpAclManager.__iter__" ID="IpAclManager.__iter__"></a>
<h3 style="background-color:#FFFFFF;color:#FF0000">
IpAclManager.__iter__</h3>
<b>__iter__</b>(<i></i>)
<p>
Gibt einzelne ACLs als <class 'tuple'> aus.
</p><a NAME="IpAclManager.__set_acl" ID="IpAclManager.__set_acl"></a>
<h3 style="background-color:#FFFFFF;color:#FF0000">
IpAclManager.__set_acl</h3>
<b>__set_acl</b>(<i>value</i>)
<p>
Uebernimmt neue ACL-Liste fuer die Ausertung der Level.
</p><dl>
<dt><i>value</i></dt>
<dd>
Neue ACL-Liste als <class 'str'>
</dd>
</dl><a NAME="IpAclManager.get_acllevel" ID="IpAclManager.get_acllevel"></a>
<h3 style="background-color:#FFFFFF;color:#FF0000">
IpAclManager.get_acllevel</h3>
<b>get_acllevel</b>(<i>ipaddress</i>)
<p>
Prueft IP gegen ACL List und gibt ACL-Wert aus.
</p><dl>
<dt><i>ipaddress</i></dt>
<dd>
zum pruefen
</dd>
</dl><dl>
<dt>Returns:</dt>
<dd>
<class 'int'> ACL Wert oder -1 wenn nicht gefunden
</dd>
</dl><a NAME="IpAclManager.loadacl" ID="IpAclManager.loadacl"></a>
<h3 style="background-color:#FFFFFF;color:#FF0000">
IpAclManager.loadacl</h3>
<b>loadacl</b>(<i>str_acl</i>)
<p>
Laed ACL String und gibt erfolg zurueck.
</p><dl>
<dt><i>str_acl</i></dt>
<dd>
ACL als <class 'str'>
</dd>
</dl><dl>
<dt>Returns:</dt>
<dd>
True, wenn erfolgreich uebernommen
</dd>
</dl><a NAME="IpAclManager.loadaclfile" ID="IpAclManager.loadaclfile"></a>
<h3 style="background-color:#FFFFFF;color:#FF0000">
IpAclManager.loadaclfile</h3>
<b>loadaclfile</b>(<i>filename</i>)
<p>
Laed ACL Definitionen aus Datei.
</p><dl>
<dt><i>filename</i></dt>
<dd>
Dateiname fuer Definitionen
</dd>
</dl><dl>
<dt>Returns:</dt>
<dd>
True, wenn Laden erfolgreich war
</dd>
</dl><a NAME="IpAclManager.writeaclfile" ID="IpAclManager.writeaclfile"></a>
<h3 style="background-color:#FFFFFF;color:#FF0000">
IpAclManager.writeaclfile</h3>
<b>writeaclfile</b>(<i>filename=None, aclname=None</i>)
<p>
Schreibt ACL Definitionen in Datei.
</p><dl>
<dt><i>filename</i></dt>
<dd>
Dateiname fuer Definitionen
</dd>
</dl><dl>
<dt>Returns:</dt>
<dd>
True, wenn Schreiben erfolgreich war
</dd>
</dl>
<div align="right"><a style="color:#0000FF" href="#top">Up</a></div>
<hr /><hr />
<a NAME="refullmatch" ID="refullmatch"></a>
<h2 style="background-color:#FFFFFF;color:#0000FF">refullmatch</h2>
<b>refullmatch</b>(<i>regex, string</i>)
<p>
re.fullmatch wegen alter python version aus wheezy nachgebaut.
</p><dl>
<dt><i>regex</i></dt>
<dd>
RegEx Statement
</dd><dt><i>string</i></dt>
<dd>
Zeichenfolge gegen die getestet wird
</dd>
</dl><dl>
<dt>Returns:</dt>
<dd>
True, wenn komplett passt sonst False
</dd>
</dl>
<div align="right"><a style="color:#0000FF" href="#top">Up</a></div>
<hr />
</body></html>

7
doc/xrpcserver.html
View File

@@ -128,7 +128,12 @@ SaveXMLRPCServer (Constructor)</h3>
<b>SaveXMLRPCServer</b>(<i>addr, logRequests=True, allow_none=False, use_builtin_types=False, ipacl=None</i>)
<p>
Init SaveXMLRPCServer class.
</p><a NAME="SaveXMLRPCServer._dispatch" ID="SaveXMLRPCServer._dispatch"></a>
</p><dl>
<dt><i>ipacl</i></dt>
<dd>
AclManager <class 'IpAclManager'>
</dd>
</dl><a NAME="SaveXMLRPCServer._dispatch" ID="SaveXMLRPCServer._dispatch"></a>
<h3 style="background-color:#FFFFFF;color:#FF0000">
SaveXMLRPCServer._dispatch</h3>
<b>_dispatch</b>(<i>method, params</i>)

25
eric-revpipyload.api
View File

@@ -1,12 +1,3 @@
helper.IpAclManager.__get_acl?6()
helper.IpAclManager.__get_regex_acl?6()
helper.IpAclManager.__iter__?6()
helper.IpAclManager.__set_acl?6(value)
helper.IpAclManager.acl?7
helper.IpAclManager.get_acllevel?4(ipaddress)
helper.IpAclManager.loadacl?4(str_acl)
helper.IpAclManager.regex_acl?7
helper.IpAclManager?1(minlevel, maxlevel, acl=None)
helper._setuprt?5(pid, evt_exit)
helper._zeroprocimg?5()
helper.refullmatch?4(regex, string)
@@ -42,7 +33,7 @@ procimgserver.ProcimgServer.setvalue?4(device, io, value)
procimgserver.ProcimgServer.start?4()
procimgserver.ProcimgServer.stop?4()
procimgserver.ProcimgServer.values?4()
procimgserver.ProcimgServer?1(xmlserver, aclmode)
procimgserver.ProcimgServer?1(xmlserver)
proginit.cleanup?4()
proginit.configure?4()
proginit.forked?7
@@ -85,6 +76,20 @@ revpipyload.RevPiPyLoad.xml_setconfig?4(dc, loadnow=False)
revpipyload.RevPiPyLoad.xml_setpictoryrsc?4(filebytes, reset=False)
revpipyload.RevPiPyLoad?1()
revpipyload.pyloadversion?7
revpipyload.shared.ipaclmanager.IpAclManager.__get_acl?6()
revpipyload.shared.ipaclmanager.IpAclManager.__get_filename?6()
revpipyload.shared.ipaclmanager.IpAclManager.__get_regex_acl?6()
revpipyload.shared.ipaclmanager.IpAclManager.__iter__?6()
revpipyload.shared.ipaclmanager.IpAclManager.__set_acl?6(value)
revpipyload.shared.ipaclmanager.IpAclManager.acl?7
revpipyload.shared.ipaclmanager.IpAclManager.filename?7
revpipyload.shared.ipaclmanager.IpAclManager.get_acllevel?4(ipaddress)
revpipyload.shared.ipaclmanager.IpAclManager.loadacl?4(str_acl)
revpipyload.shared.ipaclmanager.IpAclManager.loadaclfile?4(filename)
revpipyload.shared.ipaclmanager.IpAclManager.regex_acl?7
revpipyload.shared.ipaclmanager.IpAclManager.writeaclfile?4(filename=None, aclname=None)
revpipyload.shared.ipaclmanager.IpAclManager?1(minlevel, maxlevel, acl=None)
revpipyload.shared.ipaclmanager.refullmatch?4(regex, string)
xrpcserver.SaveXMLRPCRequestHandler.parse_request?4()
xrpcserver.SaveXMLRPCServer._dispatch?5(method, params)
xrpcserver.SaveXMLRPCServer.isAlive?4()

4
revpipyload.e4p
View File

@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE Project SYSTEM "Project-5.1.dtd">
<!-- eric project file for project revpipyload -->
<!-- Saved: 2018-04-03, 20:12:25 -->
<!-- Saved: 2018-04-04, 13:23:14 -->
<!-- Copyright (C) 2018 Sven Sager, akira@narux.de -->
<Project version="5.1">
<Language>en_US</Language>
@@ -9,7 +9,7 @@
<ProgLanguage mixed="0">Python3</ProgLanguage>
<ProjectType>Console</ProjectType>
<Description>Dieser Loader wird über das Init-System geladen und führt das angegebene Pythonprogramm aus. Es ist für den RevolutionPi gedacht um automatisch das SPS-Programm zu starten.</Description>
<Version>0.6.1</Version>
<Version>0.6.2</Version>
<Author>Sven Sager</Author>
<Email>akira@narux.de</Email>
<Eol index="1"/>

104
revpipyload/helper.py
View File

@@ -12,110 +12,6 @@ from re import match as rematch
from subprocess import Popen, PIPE
class IpAclManager():
"""Verwaltung fuer IP Adressen und deren ACL Level."""
def __init__(self, minlevel, maxlevel, acl=None):
"""Init IpAclManager class.
@param minlevel Smallest access level (min. 0)
@param maxlevel Biggest access level (max. 9)
@param acl ACL Liste fuer Berechtigungen als <class 'str'>
"""
if type(minlevel) != int:
raise ValueError("parameter minlevel must be <class 'int'>")
if type(maxlevel) != int:
raise ValueError("parameter maxlevel must be <class 'int'>")
if minlevel < 0:
raise ValueError("minlevel must be 0 or more")
if maxlevel > 9:
raise ValueError("maxlevel maximum is 9")
if minlevel > maxlevel:
raise ValueError("minlevel is smaller than maxlevel")
self.__dict_acl = {}
self.__dict_regex = {}
self.__dict_knownips = {}
self.__re_ipacl = "(([\\d\\*]{1,3}\\.){3}[\\d\\*]{1,3},[" \
+ str(minlevel) + "-" + str(maxlevel) + "] ?)*"
# Liste erstellen, wenn übergeben
if acl is not None:
self.__set_acl(acl)
def __iter__(self):
"""Gibt einzelne ACLs als <class 'tuple'> aus."""
for aclip in sorted(self.__dict_acl):
yield (aclip, self.__dict_acl[aclip])
def __get_acl(self):
"""Getter fuer den rohen ACL-String.
return ACLs als <class 'str'>"""
str_acl = ""
for aclip in sorted(self.__dict_acl):
str_acl += "{},{} ".format(aclip, self.__dict_acl[aclip])
return str_acl.strip()
def __get_regex_acl(self):
"""Gibt formatierten RegEx-String zurueck.
return RegEx Code als <class 'str'>"""
return self.__re_ipacl
def __set_acl(self, value):
"""Uebernimmt neue ACL-Liste fuer die Ausertung der Level.
@param value Neue ACL-Liste als <class 'str'>"""
if type(value) != str:
raise ValueError("parameter acl must be <class 'str'>")
value = value.strip()
if not refullmatch(self.__re_ipacl, value):
raise ValueError("acl format ist not okay - 1.2.3.4,0 5.6.7.8,1")
# Klassenwerte übernehmen
self.__dict_acl = {}
self.__dict_regex = {}
self.__dict_knownips = {}
# Liste neu füllen mit regex Strings
for ip_level in value.split():
ip, level = ip_level.split(",", 1)
self.__dict_acl[ip] = int(level)
self.__dict_regex[ip] = \
ip.replace(".", "\\.").replace("*", "\\d{1,3}")
def get_acllevel(self, ipaddress):
"""Prueft IP gegen ACL List und gibt ACL-Wert aus.
@param ipaddress zum pruefen
@return <class 'int'> ACL Wert oder -1 wenn nicht gefunden"""
# Bei bereits aufgelösten IPs direkt ACL auswerten
if ipaddress in self.__dict_knownips:
return self.__dict_knownips[ipaddress]
for aclip in sorted(self.__dict_acl, reverse=True):
if refullmatch(self.__dict_regex[aclip], ipaddress):
# IP und Level merken
self.__dict_knownips[ipaddress] = self.__dict_acl[aclip]
# Level zurückgeben
return self.__dict_acl[aclip]
return -1
def loadacl(self, str_acl):
"""Laed ACL String und gibt erfolg zurueck.
@param str_acl ACL als <class 'str'>
@return True, wenn erfolgreich uebernommen"""
if not refullmatch(self.__re_ipacl, str_acl):
return False
self.__set_acl(str_acl)
return True
acl = property(__get_acl, __set_acl)
regex_acl = property(__get_regex_acl)
def _setuprt(pid, evt_exit):
"""Konfiguriert Programm fuer den RT-Scheduler.
@param pid PID, der angehoben werden soll

8
revpipyload/picontrolserver.py
View File

@@ -8,6 +8,7 @@
"""Modul fuer die Verwaltung der PLC-Slave Funktionen."""
import proginit
import socket
from shared.ipaclmanager import IpAclManager
from threading import Event, Thread
from timeit import default_timer
@@ -26,8 +27,13 @@ class RevPiSlave(Thread):
def __init__(self, ipacl, port=55234):
"""Instantiiert RevPiSlave-Klasse.
@param acl Stringliste mit Leerstellen getrennt
@param ipacl AclManager <class 'IpAclManager'>
@param port Listen Port fuer plc Slaveserver"""
if not type(ipacl) == IpAclManager:
raise ValueError("parameter ipacl must be <class 'IpAclManager'>")
if not type(port) == int:
raise ValueError("parameter port must be <class 'int'>")
super().__init__()
self.__ipacl = ipacl
self._evt_exit = Event()

23
revpipyload/procimgserver.py
View File

@@ -28,17 +28,12 @@ class ProcimgServer():
"""
def __init__(self, xmlserver, aclmode):
def __init__(self, xmlserver):
"""Instantiiert RevPiCheckServer()-Klasse.
@param xmlserver XML-RPC Server
@param aclmode Zugriffsrechte
"""
@param xmlserver XML-RPC Server"""
# Logger übernehmen
proginit.logger.debug("enter ProcimgServer.__init__()")
self.acl = aclmode
self.rpi = None
# XML-Server übernehmen
@@ -121,13 +116,6 @@ class ProcimgServer():
@return list() [device, io, status, msg]
"""
# Zugriffsrechte prüfen
if self.acl < 3:
return [
device, io, False,
"not allowed in XML-RPC permission mode {}".format(self.acl)
]
# Binary() in bytes() umwandeln
if type(value) == Binary:
value = value.data
@@ -192,9 +180,8 @@ class ProcimgServer():
for xmlfunc in self.xmlreadfuncs:
if xmlfunc in self.xmlsrv.funcs:
del self.xmlsrv.funcs[xmlfunc]
if self.acl >= 3:
for xmlfunc in self.xmlwritefuncs:
if xmlfunc in self.xmlsrv.funcs:
del self.xmlsrv.funcs[xmlfunc]
for xmlfunc in self.xmlwritefuncs:
if xmlfunc in self.xmlsrv.funcs:
del self.xmlsrv.funcs[xmlfunc]
proginit.logger.debug("leave ProcimgServer.stop()")

60
revpipyload/revpipyload.py
View File

@@ -40,8 +40,9 @@ import signal
import tarfile
import zipfile
from configparser import ConfigParser
from helper import refullmatch, IpAclManager
from helper import refullmatch
from json import loads as jloads
from shared.ipaclmanager import IpAclManager
from shutil import rmtree
from tempfile import mkstemp
from threading import Event
@@ -49,7 +50,7 @@ from time import asctime
from xmlrpc.client import Binary
from xrpcserver import SaveXMLRPCServer
pyloadversion = "0.6.1"
pyloadversion = "0.6.2"
class RevPiPyLoad():
@@ -140,8 +141,8 @@ class RevPiPyLoad():
self.plcslave = \
int(self.globalconfig["PLCSLAVE"].get("plcslave", 0))
self.plcslaveacl = IpAclManager(minlevel=0, maxlevel=1)
if not self.plcslaveacl.loadacl(
self.globalconfig["PLCSLAVE"].get("acl", "")):
if not self.plcslaveacl.loadaclfile(
self.globalconfig["PLCSLAVE"].get("aclfile", "")):
proginit.logger.warning(
"can not load plcslave acl - wrong format"
)
@@ -163,8 +164,8 @@ class RevPiPyLoad():
self.xmlrpc = \
int(self.globalconfig["XMLRPC"].get("xmlrpc", 0))
self.xmlrpcacl = IpAclManager(minlevel=0, maxlevel=4)
if not self.xmlrpcacl.loadacl(
self.globalconfig["XMLRPC"].get("acl", "")):
if not self.xmlrpcacl.loadaclfile(
self.globalconfig["XMLRPC"].get("aclfile", "")):
proginit.logger.warning(
"can not load xmlrpc acl - wrong format"
)
@@ -228,9 +229,7 @@ class RevPiPyLoad():
# Erweiterte Funktionen anmelden
try:
import procimgserver
self.xml_ps = procimgserver.ProcimgServer(
self.xsrv, self.xmlrpc
)
self.xml_ps = procimgserver.ProcimgServer(self.xsrv)
self.xsrv.register_function(1, self.xml_psstart, "psstart")
self.xsrv.register_function(1, self.xml_psstop, "psstop")
except:
@@ -719,11 +718,46 @@ class RevPiPyLoad():
)
)
return False
self.globalconfig.set(
sektion,
key if localkey == "" else localkey,
str(dc[key])
if localkey != "acl":
self.globalconfig.set(
sektion,
key if localkey == "" else localkey,
str(dc[key])
)
# ACLs sofort übernehmen und schreiben
str_acl = dc.get("plcslaveacl", None)
if str_acl is not None and self.plcslaveacl.acl != str_acl:
self.plcslaveacl.acl = str_acl
if not self.plcslaveacl.writeaclfile(aclname="PLC-SLAVE"):
proginit.logger.error(
"can not write acl file '{}' for PLC-SLAVE".format(
self.plcslaveacl.filename
)
)
return False
else:
proginit.logger.info(
"wrote new acl file '{}' for PLC-SLAVE".format(
self.plcslaveacl.filename
)
)
str_acl = dc.get("xmlrpcacl", None)
if str_acl is not None and self.xmlrpcacl.acl != str_acl:
self.xmlrpcacl.acl = str_acl
if not self.xmlrpcacl.writeaclfile(aclname="XML-RPC"):
proginit.logger.error(
"can not write acl file '{}' for XML-RPC".format(
self.xmlrpcacl.filename
)
)
return False
else:
proginit.logger.info(
"wrote new acl file '{}' for XML-RPC".format(
self.xmlrpcacl.filename
)
)
# conf-Datei schreiben
with open(proginit.globalconffile, "w") as fh:

1
revpipyload/shared/__init__.py Normal file
View File

@@ -0,0 +1 @@
"""Shared modules."""

189
revpipyload/shared/ipaclmanager.py Normal file
View File

@@ -0,0 +1,189 @@
# -*- coding: utf-8 -*-
#
# IpAclManager
#
# (c) Sven Sager, License: LGPLv3
# Version 0.1.0
#
"""Verwaltet IP Adressen und deren ACLs."""
from os import access, R_OK, W_OK
from re import match as rematch
def refullmatch(regex, string):
"""re.fullmatch wegen alter python version aus wheezy nachgebaut.
@param regex RegEx Statement
@param string Zeichenfolge gegen die getestet wird
@return True, wenn komplett passt sonst False
"""
m = rematch(regex, string)
return m is not None and m.end() == len(string)
class IpAclManager():
"""Verwaltung fuer IP Adressen und deren ACL Level."""
def __init__(self, minlevel, maxlevel, acl=None):
"""Init IpAclManager class.
@param minlevel Smallest access level (min. 0)
@param maxlevel Biggest access level (max. 9)
@param acl ACL Liste fuer Berechtigungen als <class 'str'>
"""
if type(minlevel) != int:
raise ValueError("parameter minlevel must be <class 'int'>")
if type(maxlevel) != int:
raise ValueError("parameter maxlevel must be <class 'int'>")
if minlevel < 0:
raise ValueError("minlevel must be 0 or more")
if maxlevel > 9:
raise ValueError("maxlevel maximum is 9")
if minlevel > maxlevel:
raise ValueError("minlevel is smaller than maxlevel")
self.__dict_acl = {}
self.__dict_regex = {}
self.__dict_knownips = {}
self.__filename = None
self.__re_ipacl = "(([\\d\\*]{1,3}\\.){3}[\\d\\*]{1,3},[" \
+ str(minlevel) + "-" + str(maxlevel) + "] ?)*"
# Liste erstellen, wenn übergeben
if acl is not None:
self.__set_acl(acl)
def __iter__(self):
"""Gibt einzelne ACLs als <class 'tuple'> aus."""
for aclip in sorted(self.__dict_acl):
yield (aclip, self.__dict_acl[aclip])
def __get_acl(self):
"""Getter fuer den rohen ACL-String.
return ACLs als <class 'str'>"""
str_acl = ""
for aclip in sorted(self.__dict_acl):
str_acl += "{},{} ".format(aclip, self.__dict_acl[aclip])
return str_acl.strip()
def __get_filename(self):
"""Getter fuer Dateinamen.
@return Filename der ACL <class 'str'>"""
return "" if self.__filename is None else self.__filename
def __get_regex_acl(self):
"""Gibt formatierten RegEx-String zurueck.
return RegEx Code als <class 'str'>"""
return self.__re_ipacl
def __set_acl(self, value):
"""Uebernimmt neue ACL-Liste fuer die Ausertung der Level.
@param value Neue ACL-Liste als <class 'str'>"""
if type(value) != str:
raise ValueError("parameter acl must be <class 'str'>")
value = value.strip()
if not refullmatch(self.__re_ipacl, value):
raise ValueError("acl format ist not okay - 1.2.3.4,0 5.6.7.8,1")
# Klassenwerte übernehmen
self.__dict_acl = {}
self.__dict_regex = {}
self.__dict_knownips = {}
# Liste neu füllen mit regex Strings
for ip_level in value.split():
ip, level = ip_level.split(",", 1)
self.__dict_acl[ip] = int(level)
self.__dict_regex[ip] = \
ip.replace(".", "\\.").replace("*", "\\d{1,3}")
def get_acllevel(self, ipaddress):
"""Prueft IP gegen ACL List und gibt ACL-Wert aus.
@param ipaddress zum pruefen
@return <class 'int'> ACL Wert oder -1 wenn nicht gefunden"""
# Bei bereits aufgelösten IPs direkt ACL auswerten
if ipaddress in self.__dict_knownips:
return self.__dict_knownips[ipaddress]
for aclip in sorted(self.__dict_acl, reverse=True):
if refullmatch(self.__dict_regex[aclip], ipaddress):
# IP und Level merken
self.__dict_knownips[ipaddress] = self.__dict_acl[aclip]
# Level zurückgeben
return self.__dict_acl[aclip]
return -1
def loadacl(self, str_acl):
"""Laed ACL String und gibt erfolg zurueck.
@param str_acl ACL als <class 'str'>
@return True, wenn erfolgreich uebernommen"""
if not refullmatch(self.__re_ipacl, str_acl):
return False
self.__set_acl(str_acl)
return True
def loadaclfile(self, filename):
"""Laed ACL Definitionen aus Datei.
@param filename Dateiname fuer Definitionen
@return True, wenn Laden erfolgreich war"""
if type(filename) != str:
raise ValueError("parameter filename must be <class 'str'>")
# Zugriffsrecht prüfen
if not access(filename, R_OK):
return False
str_acl = ""
with open(filename, "r") as fh:
while True:
buff = fh.readline()
if buff == "":
break
buff = buff.split("#")[0].strip()
if len(buff) > 0:
str_acl += buff + " "
acl_okay = self.loadacl(str_acl.strip())
if acl_okay:
# Dateinamen für Schreiben übernehmen
self.__filename = filename
return acl_okay
def writeaclfile(self, filename=None, aclname=None):
"""Schreibt ACL Definitionen in Datei.
@param filename Dateiname fuer Definitionen
@return True, wenn Schreiben erfolgreich war"""
if filename is not None and type(filename) != str:
raise ValueError("parameter filename must be <class 'str'>")
if aclname is not None and type(aclname) != str:
raise ValueError("parameter aclname must be <class 'str'>")
# Dateinamen prüfen
if filename is None and self.__filename is not None:
filename = self.__filename
# Zugriffsrecht prüfen
if not access(filename, W_OK):
return False
header = "# {}Access Control List (acl)\n" \
"# One entry per Line IPADRESS,LEVEL\n" \
"#\n".format("" if aclname is None else aclname + " ")
with open(filename, "w") as fh:
fh.write(header)
for aclip in sorted(self.__dict_acl):
fh.write("{},{}\n".format(aclip, self.__dict_acl[aclip]))
return True
acl = property(__get_acl, __set_acl)
filename = property(__get_filename)
regex_acl = property(__get_regex_acl)

8
revpipyload/xrpcserver.py
View File

@@ -7,7 +7,7 @@
#
"""XML-RPC Server anpassungen fuer Absicherung."""
import proginit
from helper import IpAclManager
from shared.ipaclmanager import IpAclManager
from concurrent import futures
from xmlrpc.server import SimpleXMLRPCServer, SimpleXMLRPCRequestHandler
@@ -19,9 +19,13 @@ class SaveXMLRPCServer(SimpleXMLRPCServer):
def __init__(
self, addr, logRequests=True, allow_none=False,
use_builtin_types=False, ipacl=None):
"""Init SaveXMLRPCServer class."""
"""Init SaveXMLRPCServer class.
@param ipacl AclManager <class 'IpAclManager'>"""
proginit.logger.debug("enter SaveXMLRPCServer.__init__()")
if ipacl is not None and type(ipacl) != IpAclManager:
raise ValueError("parameter ipacl must be <class 'IpAclManager'>")
# Vererbte Klasse instantiieren
super().__init__(
addr=addr,

2
setup.py
View File

@@ -27,7 +27,7 @@ setup(
license="LGPLv3",
name="revpipyload",
version="0.6.1",
version="0.6.2",
scripts=["data/revpipyload"],