revpi/revpipyload
1
0
Fork 0
mirror of https://github.com/naruxde/revpipyload.git synced 2025-11-08 15:13:52 +01:00
Code Issues Packages Releases Wiki Activity

IpAclManager erweitert

Browse Source 
picontrolserver auf IpAclManager umgeschrieben
This commit is contained in:
Sven Sager
2018-03-11 15:28:44 +01:00
parent 1210f84664
commit f34227fa6e
9 changed files with 99 additions and 124 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
doc/helper.html
View File

@@ -26,9 +26,6 @@ Classes</h3>
Functions</h3>
<table>
<tr>
<td><a style="color:#0000FF" href="#_ipmatch">_ipmatch</a></td>
<td>Prueft IP gegen ACL List und gibt ACL aus.</td>
</tr><tr>
<td><a style="color:#0000FF" href="#_setuprt">_setuprt</a></td>
<td>Konfiguriert Programm fuer den RT-Scheduler.</td>
</tr><tr>
@@ -51,7 +48,7 @@ None
<h3 style="background-color:#FFFFFF;color:#FF0000">
Class Attributes</h3>
<table>
<tr><td>acl</td></tr>
<tr><td>acl</td></tr><tr><td>regex_acl</td></tr>
</table>
<h3 style="background-color:#FFFFFF;color:#FF0000">
Class Methods</h3>
@@ -68,14 +65,17 @@ Methods</h3>
<td><a style="color:#0000FF" href="#IpAclManager.__get_acl">__get_acl</a></td>
<td>Getter fuer den rohen ACL-String.</td>
</tr><tr>
<td><a style="color:#0000FF" href="#IpAclManager.__refullmatch">__refullmatch</a></td>
<td>re.fullmatch wegen alter python version aus wheezy nachgebaut.</td>
<td><a style="color:#0000FF" href="#IpAclManager.__get_regex_acl">__get_regex_acl</a></td>
<td>Gibt formatierten RegEx-String zurueck.</td>
</tr><tr>
<td><a style="color:#0000FF" href="#IpAclManager.__set_acl">__set_acl</a></td>
<td>Uebernimmt neue ACL-Liste fuer die Ausertung der Level.</td>
</tr><tr>
<td><a style="color:#0000FF" href="#IpAclManager.get_acllevel">get_acllevel</a></td>
<td>Prueft IP gegen ACL List und gibt ACL-Wert aus.</td>
</tr><tr>
<td><a style="color:#0000FF" href="#IpAclManager.valid_acl_string">valid_acl_string</a></td>
<td>Prueft ob ein ACL-String gueltig ist.</td>
</tr>
</table>
<h3 style="background-color:#FFFFFF;color:#FF0000">
@@ -86,7 +86,7 @@ Static Methods</h3>
<a NAME="IpAclManager.__init__" ID="IpAclManager.__init__"></a>
<h3 style="background-color:#FFFFFF;color:#FF0000">
IpAclManager (Constructor)</h3>
<b>IpAclManager</b>(<i>acl=None, minlevel=0, maxlevel=1</i>)
<b>IpAclManager</b>(<i>acl=None, minlevel=0, maxlevel=0</i>)
<p>
Init IpAclManager class.
</p><dl>
@@ -101,26 +101,14 @@ IpAclManager.__get_acl</h3>
<p>
Getter fuer den rohen ACL-String.
return ACLs als <class 'str'>
</p><a NAME="IpAclManager.__refullmatch" ID="IpAclManager.__refullmatch"></a>
</p><a NAME="IpAclManager.__get_regex_acl" ID="IpAclManager.__get_regex_acl"></a>
<h3 style="background-color:#FFFFFF;color:#FF0000">
IpAclManager.__refullmatch</h3>
<b>__refullmatch</b>(<i>regex, string</i>)
IpAclManager.__get_regex_acl</h3>
<b>__get_regex_acl</b>(<i></i>)
<p>
re.fullmatch wegen alter python version aus wheezy nachgebaut.
</p><dl>
<dt><i>regex</i></dt>
<dd>
RegEx Statement
</dd><dt><i>string</i></dt>
<dd>
Zeichenfolge gegen die getestet wird
</dd>
</dl><dl>
<dt>Returns:</dt>
<dd>
True, wenn komplett passt sonst False
</dd>
</dl><a NAME="IpAclManager.__set_acl" ID="IpAclManager.__set_acl"></a>
Gibt formatierten RegEx-String zurueck.
return RegEx Code als <class 'str'>
</p><a NAME="IpAclManager.__set_acl" ID="IpAclManager.__set_acl"></a>
<h3 style="background-color:#FFFFFF;color:#FF0000">
IpAclManager.__set_acl</h3>
<b>__set_acl</b>(<i>value</i>)
@@ -145,28 +133,19 @@ zum pruefen
</dl><dl>
<dt>Returns:</dt>
<dd>
int() ACL Wert oder -1 wenn nicht gefunden
<class 'int'> ACL Wert oder -1 wenn nicht gefunden
</dd>
</dl>
<div align="right"><a style="color:#0000FF" href="#top">Up</a></div>
<hr /><hr />
<a NAME="_ipmatch" ID="_ipmatch"></a>
<h2 style="background-color:#FFFFFF;color:#0000FF">_ipmatch</h2>
<b>_ipmatch</b>(<i>ipaddress, dict_acl</i>)
</dl><a NAME="IpAclManager.valid_acl_string" ID="IpAclManager.valid_acl_string"></a>
<h3 style="background-color:#FFFFFF;color:#FF0000">
IpAclManager.valid_acl_string</h3>
<b>valid_acl_string</b>(<i>str_acl</i>)
<p>
Prueft IP gegen ACL List und gibt ACL aus.
Prueft ob ein ACL-String gueltig ist.
</p><dl>
<dt><i>ipaddress</i></dt>
<dt><i>str_acl</i></dt>
<dd>
zum pruefen
</dd><dt><i>dict_acl</i></dt>
<dd>
ACL Dict gegen die IP zu pruefen ist
</dd>
</dl><dl>
<dt>Returns:</dt>
<dd>
int() ACL Wert oder -1 wenn nicht gefunden
<class 'str'> zum ueberpruefen
return ACL Level als <class 'int'>
</dd>
</dl>
<div align="right"><a style="color:#0000FF" href="#top">Up</a></div>

2
doc/picontrolserver.html
View File

@@ -81,7 +81,7 @@ Static Methods</h3>
<a NAME="RevPiSlave.__init__" ID="RevPiSlave.__init__"></a>
<h3 style="background-color:#FFFFFF;color:#FF0000">
RevPiSlave (Constructor)</h3>
<b>RevPiSlave</b>(<i>acl, port=55234</i>)
<b>RevPiSlave</b>(<i>ipacl, port=55234</i>)
<p>
Instantiiert RevPiSlave-Klasse.
</p><dl>

2
doc/revpipyload.html
View File

@@ -32,7 +32,7 @@ begrenzt werden!
<h3 style="background-color:#FFFFFF;color:#FF0000">
Global Attributes</h3>
<table>
<tr><td>pyloadversion</td></tr><tr><td>re_ipacl</td></tr>
<tr><td>pyloadversion</td></tr>
</table>
<h3 style="background-color:#FFFFFF;color:#FF0000">
Classes</h3>

4
doc/xrpcserver.html
View File

@@ -87,7 +87,7 @@ SimpleXMLRPCServer
<h3 style="background-color:#FFFFFF;color:#FF0000">
Class Attributes</h3>
<table>
<tr><td>aclmgr</td></tr>
<tr><td>None</td></tr>
</table>
<h3 style="background-color:#FFFFFF;color:#FF0000">
Class Methods</h3>
@@ -119,7 +119,7 @@ Static Methods</h3>
<a NAME="SaveXMLRPCServer.__init__" ID="SaveXMLRPCServer.__init__"></a>
<h3 style="background-color:#FFFFFF;color:#FF0000">
SaveXMLRPCServer (Constructor)</h3>
<b>SaveXMLRPCServer</b>(<i>addr, logRequests=True, allow_none=False, use_builtin_types=False, acl=""</i>)
<b>SaveXMLRPCServer</b>(<i>addr, logRequests=True, allow_none=False, use_builtin_types=False, ipacl=IpAclManager()</i>)
<p>
Init SaveXMLRPCServer class.
</p><a NAME="SaveXMLRPCServer.isAlive" ID="SaveXMLRPCServer.isAlive"></a>

13
eric-revpipyload.api
View File

@@ -1,10 +1,11 @@
helper.IpAclManager.__get_acl?6()
helper.IpAclManager.__refullmatch?6(regex, string)
helper.IpAclManager.__get_regex_acl?6()
helper.IpAclManager.__set_acl?6(value)
helper.IpAclManager.acl?7
helper.IpAclManager.get_acllevel?4(ipaddress)
helper.IpAclManager?1(acl=None, minlevel=0, maxlevel=1)
helper._ipmatch?5(ipaddress, dict_acl)
helper.IpAclManager.regex_acl?7
helper.IpAclManager.valid_acl_string?4(str_acl)
helper.IpAclManager?1(acl=None, minlevel=0, maxlevel=0)
helper._setuprt?5(pid, evt_exit)
helper._zeroprocimg?5()
helper.refullmatch?4(regex, string)
@@ -22,7 +23,7 @@ logsystem.PipeLogwriter?1(logfilename)
picontrolserver.RevPiSlave.newlogfile?4()
picontrolserver.RevPiSlave.run?4()
picontrolserver.RevPiSlave.stop?4()
picontrolserver.RevPiSlave?1(acl, port=55234)
picontrolserver.RevPiSlave?1(ipacl, port=55234)
picontrolserver.RevPiSlaveDev.run?4()
picontrolserver.RevPiSlaveDev.stop?4()
picontrolserver.RevPiSlaveDev?1(devcon, acl)
@@ -83,10 +84,8 @@ revpipyload.RevPiPyLoad.xml_setconfig?4(dc, loadnow=False)
revpipyload.RevPiPyLoad.xml_setpictoryrsc?4(filebytes, reset=False)
revpipyload.RevPiPyLoad?1()
revpipyload.pyloadversion?7
revpipyload.re_ipacl?7
xrpcserver.SaveXMLRPCRequestHandler.parse_request?4()
xrpcserver.SaveXMLRPCServer.aclmgr?7
xrpcserver.SaveXMLRPCServer.isAlive?4()
xrpcserver.SaveXMLRPCServer.start?4()
xrpcserver.SaveXMLRPCServer.stop?4()
xrpcserver.SaveXMLRPCServer?1(addr, logRequests=True, allow_none=False, use_builtin_types=False, acl="")
xrpcserver.SaveXMLRPCServer?1(addr, logRequests=True, allow_none=False, use_builtin_types=False, ipacl=IpAclManager())

61
revpipyload/helper.py
View File

@@ -16,13 +16,16 @@ class IpAclManager():
"""Verwaltung fuer IP Adressen und deren ACL Level."""
def __init__(self, acl=None, minlevel=0, maxlevel=1):
def __init__(self, acl=None, minlevel=0, maxlevel=0):
"""Init IpAclManager class.
@param acl ACL Liste fuer Berechtigungen als <class 'str'>"""
if minlevel >= maxlevel:
raise ValueError("minlevel is smaller or equal than maxlevel")
if minlevel > maxlevel:
raise ValueError("minlevel is smaller than maxlevel")
if minlevel < 0:
raise ValueError("minlevel must be 0 or more")
self.__dict_acl = {}
self.__dict_ips = {}
self.__rawacl = ""
self.__re_ipacl = "(([\\d\\*]{1,3}\\.){3}[\\d\\*]{1,3},[" \
+ str(minlevel) + "-" + str(maxlevel) + "] ?)*"
@@ -36,16 +39,10 @@ class IpAclManager():
return ACLs als <class 'str'>"""
return self.__rawacl
def __refullmatch(self, regex, string):
"""re.fullmatch wegen alter python version aus wheezy nachgebaut.
@param regex RegEx Statement
@param string Zeichenfolge gegen die getestet wird
@return True, wenn komplett passt sonst False
"""
m = rematch(regex, string)
return m is not None and m.end() == len(string)
def __get_regex_acl(self):
"""Gibt formatierten RegEx-String zurueck.
return RegEx Code als <class 'str'>"""
return self.__re_ipacl
def __set_acl(self, value):
"""Uebernimmt neue ACL-Liste fuer die Ausertung der Level.
@@ -53,11 +50,12 @@ class IpAclManager():
if type(value) != str:
raise ValueError("parameter acl must be <class 'str'>")
if not self.__refullmatch(self.__re_ipacl, value):
if not self.valid_acl_string(value):
raise ValueError("acl format ist not okay - 1.2.3.4,0 5.6.7.8,1")
# Klassenwerte übernehmen
self.__dict_acl = {}
self.__dict_ips = {}
self.__rawacl = value
# Liste neu füllen mit regex Strings
@@ -69,28 +67,29 @@ class IpAclManager():
def get_acllevel(self, ipaddress):
"""Prueft IP gegen ACL List und gibt ACL-Wert aus.
@param ipaddress zum pruefen
@return int() ACL Wert oder -1 wenn nicht gefunden"""
@return <class 'int'> ACL Wert oder -1 wenn nicht gefunden"""
# Bei bereits aufgelösten IPs direkt ACL auswerten
if ipaddress in self.__dict_ips:
return self.__dict_ips[ipaddress]
for aclip in sorted(self.__dict_acl, reverse=True):
if self.__refullmatch(aclip, ipaddress):
if refullmatch(aclip, ipaddress):
# IP und Level merken
self.__dict_ips[ipaddress] = self.__dict_acl[aclip]
# Level zurückgeben
return self.__dict_acl[aclip]
return -1
def valid_acl_string(self, str_acl):
"""Prueft ob ein ACL-String gueltig ist.
@param str_acl <class 'str'> zum ueberpruefen
return ACL Level als <class 'int'>"""
return refullmatch(self.__re_ipacl, str_acl)
acl = property(__get_acl, __set_acl)
def _ipmatch(ipaddress, dict_acl):
"""Prueft IP gegen ACL List und gibt ACL aus.
@param ipaddress zum pruefen
@param dict_acl ACL Dict gegen die IP zu pruefen ist
@return int() ACL Wert oder -1 wenn nicht gefunden
"""
for aclip in sorted(dict_acl, reverse=True):
regex = aclip.replace(".", "\\.").replace("*", "\\d{1,3}")
if refullmatch(regex, ipaddress):
return dict_acl[aclip]
return -1
regex_acl = property(__get_regex_acl)
def _setuprt(pid, evt_exit):

13
revpipyload/picontrolserver.py
View File

@@ -8,7 +8,6 @@
"""Modul fuer die Verwaltung der PLC-Slave Funktionen."""
import proginit
import socket
from helper import _ipmatch
from threading import Event, Thread
from timeit import default_timer
@@ -24,11 +23,12 @@ class RevPiSlave(Thread):
"""
def __init__(self, acl, port=55234):
def __init__(self, ipacl, port=55234):
"""Instantiiert RevPiSlave-Klasse.
@param acl Stringliste mit Leerstellen getrennt
@param port Listen Port fuer plc Slaveserver"""
super().__init__()
self.__ipacl = ipacl
self._evt_exit = Event()
self.exitcode = None
self._port = port
@@ -37,13 +37,6 @@ class RevPiSlave(Thread):
self.zeroonerror = False
self.zeroonexit = False
# ACLs aufbereiten
self.dict_acl = {}
for host in acl.split():
aclsplit = host.split(",")
self.dict_acl[aclsplit[0]] = \
0 if len(aclsplit) == 1 else int(aclsplit[1])
def newlogfile(self):
"""Konfiguriert die FileHandler auf neue Logdatei."""
pass
@@ -78,7 +71,7 @@ class RevPiSlave(Thread):
continue
# ACL prüfen
aclstatus = _ipmatch(tup_sock[1][0], self.dict_acl)
aclstatus = self.__ipacl.get_acllevel(tup_sock[1][0])
if aclstatus == -1:
tup_sock[0].close()
proginit.logger.warning(

42
revpipyload/revpipyload.py
View File

@@ -40,7 +40,7 @@ import signal
import tarfile
import zipfile
from configparser import ConfigParser
from helper import refullmatch
from helper import refullmatch, IpAclManager
from json import loads as jloads
from shutil import rmtree
from tempfile import mkstemp
@@ -50,7 +50,6 @@ from xmlrpc.client import Binary
from xrpcserver import SaveXMLRPCServer
pyloadversion = "0.6.0"
re_ipacl = "(([\\d\\*]{1,3}\\.){3}[\\d\\*]{1,3},[0-1] ?)*"
class RevPiPyLoad():
@@ -120,36 +119,33 @@ class RevPiPyLoad():
self.globalconfig["DEFAULT"].get("plcarguments", "")
self.plcworkdir = \
self.globalconfig["DEFAULT"].get("plcworkdir", ".")
self.plcslave = \
int(self.globalconfig["DEFAULT"].get("plcslave", 0))
# PLC Slave ACL laden und prüfen
plcslaveacl = \
self.globalconfig["DEFAULT"].get("plcslaveacl", "")
if len(plcslaveacl) > 0 and not refullmatch(re_ipacl, plcslaveacl):
self.plcslaveacl = ""
self.plcslave = \
int(self.globalconfig["DEFAULT"].get("plcslave", 0))
self.plcslaveacl = IpAclManager(minlevel=0, maxlevel=1)
str_acl = self.globalconfig["DEFAULT"].get("plcslaveacl", "")
if not self.plcslaveacl.valid_acl_string(str_acl):
proginit.logger.warning("can not load plcslaveacl - wrong format")
else:
self.plcslaveacl = plcslaveacl
self.plcslaveacl.acl = str_acl
self.plcslaveport = \
int(self.globalconfig["DEFAULT"].get("plcslaveport", 55234))
self.pythonver = \
int(self.globalconfig["DEFAULT"].get("pythonversion", 3))
self.rtlevel = \
int(self.globalconfig["DEFAULT"].get("rtlevel", 0))
self.xmlrpc = \
int(self.globalconfig["DEFAULT"].get("xmlrpc", 0))
# XML ACL laden und prüfen
# TODO: xmlrpcacl auswerten
xmlrpcacl = \
self.globalconfig["DEFAULT"].get("xmlrpcacl", "")
if len(xmlrpcacl) > 0 and not refullmatch(re_ipacl, xmlrpcacl):
self.xmlrpcacl = ""
self.xmlrpc = \
int(self.globalconfig["DEFAULT"].get("xmlrpc", 0))
self.xmlrpcacl = IpAclManager(minlevel=0, maxlevel=3)
str_acl = self.globalconfig["DEFAULT"].get("xmlrpcacl", "")
if not self.xmlrpcacl.valid_acl_string(str_acl):
proginit.logger.warning("can not load xmlrpcacl - wrong format")
else:
self.xmlrpcacl = xmlrpcacl
self.xmlrpcacl.acl = str_acl
self.zeroonerror = \
int(self.globalconfig["DEFAULT"].get("zeroonerror", 1))
@@ -177,7 +173,7 @@ class RevPiPyLoad():
),
logRequests=False,
allow_none=True,
acl=self.xmlrpcacl
ipacl=self.xmlrpcacl
)
self.xsrv.register_introspection_functions()
self.xsrv.register_multicall_functions()
@@ -466,12 +462,12 @@ class RevPiPyLoad():
dc["plcprogram"] = self.plcprog
dc["plcarguments"] = self.plcarguments
dc["plcslave"] = self.plcslave
dc["plcslaveacl"] = self.plcslaveacl
dc["plcslaveacl"] = self.plcslaveacl.acl
dc["plcslaveport"] = self.plcslaveport
dc["pythonversion"] = self.pythonver
dc["rtlevel"] = self.rtlevel
dc["xmlrpc"] = self.xmlrpc
dc["xmlrpcacl"] = self.xmlrpcacl
dc["xmlrpcacl"] = self.xmlrpcacl.acl
dc["zeroonerror"] = self.zeroonerror
dc["zeroonexit"] = self.zeroonexit
return dc
@@ -640,12 +636,12 @@ class RevPiPyLoad():
"plcprogram": ".+",
"plcarguments": ".*",
"plcslave": "[01]",
"plcslaveacl": re_ipacl,
"plcslaveacl": self.plcslaveacl.regex_acl,
"plcslaveport": "[0-9]{,5}",
"pythonversion": "[23]",
"rtlevel": "[0-1]",
"xmlrpc": "[0-3]",
"xmlrpcacl": re_ipacl,
"xmlrpcacl": self.xmlrpcacl.regex_acl,
"zeroonerror": "[01]",
"zeroonexit": "[01]"
}

21
revpipyload/xrpcserver.py
View File

@@ -6,6 +6,7 @@
# (c) Sven Sager, License: LGPLv3
#
"""XML-RPC Server anpassungen fuer Absicherung."""
import proginit
from helper import IpAclManager
from concurrent import futures
from xmlrpc.server import SimpleXMLRPCServer, SimpleXMLRPCRequestHandler
@@ -15,14 +16,11 @@ class SaveXMLRPCServer(SimpleXMLRPCServer):
"""Erstellt einen erweiterten XMLRPCServer."""
aclmgr = IpAclManager()
def __init__(
self, addr, logRequests=True, allow_none=False,
use_builtin_types=False, acl=""):
use_builtin_types=False, ipacl=IpAclManager()):
"""Init SaveXMLRPCServer class."""
SaveXMLRPCServer.aclmgr.acl = acl
proginit.logger.debug("enter SaveXMLRPCServer.__init__()")
# Vererbte Klasse instantiieren
super().__init__(
@@ -36,9 +34,12 @@ class SaveXMLRPCServer(SimpleXMLRPCServer):
)
# Klassenvariablen
self.aclmgr = ipacl
self.tpe = futures.ThreadPoolExecutor(max_workers=1)
self.fut = None
proginit.logger.debug("leave SaveXMLRPCServer.__init__()")
def isAlive(self):
"""Prueft ob der XML RPC Server laeuft.
@return True, wenn Server noch laeuft"""
@@ -46,6 +47,8 @@ class SaveXMLRPCServer(SimpleXMLRPCServer):
def start(self):
"""Startet den XML-RPC Server."""
proginit.logger.debug("enter SaveXMLRPCServer.start()")
if self.fut is None:
self.server_bind()
self.server_activate()
@@ -53,8 +56,12 @@ class SaveXMLRPCServer(SimpleXMLRPCServer):
else:
raise RuntimeError("savexmlrpcservers can only be started once")
proginit.logger.debug("leave SaveXMLRPCServer.start()")
def stop(self):
"""Stoppt den XML-RPC Server."""
proginit.logger.debug("enter SaveXMLRPCServer.stop()")
if self.fut is not None:
self.shutdown()
self.tpe.shutdown()
@@ -62,6 +69,8 @@ class SaveXMLRPCServer(SimpleXMLRPCServer):
else:
raise RuntimeError("save xml rpc server was not started")
proginit.logger.debug("leave SaveXMLRPCServer.stop()")
class SaveXMLRPCRequestHandler(SimpleXMLRPCRequestHandler):
@@ -75,7 +84,7 @@ class SaveXMLRPCRequestHandler(SimpleXMLRPCRequestHandler):
return False
# IP-Adresse prüfen
int_acl = SaveXMLRPCServer.aclmgr.get_acllevel(self.address_string())
int_acl = self.server.aclmgr.get_acllevel(self.address_string())
if int_acl >= 0:
return True
else: