IpAclManager erweitert

picontrolserver auf IpAclManager umgeschrieben
2025-11-08 23:23:52 +01:00 · 2018-03-11 15:28:44 +01:00
parent 1210f84664
commit f34227fa6e
9 changed files with 99 additions and 124 deletions
--- a/doc/helper.html
+++ b/doc/helper.html
@@ -26,9 +26,6 @@ Classes</h3>
 Functions</h3>
 <table>
 <tr>
 <td><a style="color:#0000FF" href="#_ipmatch">_ipmatch</a></td>
 <td>Prueft IP gegen ACL List und gibt ACL aus.</td>
 </tr><tr>
 <td><a style="color:#0000FF" href="#_setuprt">_setuprt</a></td>
 <td>Konfiguriert Programm fuer den RT-Scheduler.</td>
 </tr><tr>
@@ -51,7 +48,7 @@ None
 <h3 style="background-color:#FFFFFF;color:#FF0000">
 Class Attributes</h3>
 <table>
-<tr><td>acl</td></tr>
+<tr><td>acl</td></tr><tr><td>regex_acl</td></tr>
 </table>
 <h3 style="background-color:#FFFFFF;color:#FF0000">
 Class Methods</h3>
@@ -68,14 +65,17 @@ Methods</h3>
 <td><a style="color:#0000FF" href="#IpAclManager.__get_acl">__get_acl</a></td>
 <td>Getter fuer den rohen ACL-String.</td>
 </tr><tr>
-<td><a style="color:#0000FF" href="#IpAclManager.__refullmatch">__refullmatch</a></td>
+<td><a style="color:#0000FF" href="#IpAclManager.__get_regex_acl">__get_regex_acl</a></td>
-<td>re.fullmatch wegen alter python version aus wheezy nachgebaut.</td>
+<td>Gibt formatierten RegEx-String zurueck.</td>
 </tr><tr>
 <td><a style="color:#0000FF" href="#IpAclManager.__set_acl">__set_acl</a></td>
 <td>Uebernimmt neue ACL-Liste fuer die Ausertung der Level.</td>
 </tr><tr>
 <td><a style="color:#0000FF" href="#IpAclManager.get_acllevel">get_acllevel</a></td>
 <td>Prueft IP gegen ACL List und gibt ACL-Wert aus.</td>
 </tr><tr>
 <td><a style="color:#0000FF" href="#IpAclManager.valid_acl_string">valid_acl_string</a></td>
 <td>Prueft ob ein ACL-String gueltig ist.</td>
 </tr>
 </table>
 <h3 style="background-color:#FFFFFF;color:#FF0000">
@@ -86,7 +86,7 @@ Static Methods</h3>
 <a NAME="IpAclManager.__init__" ID="IpAclManager.__init__"></a>
 <h3 style="background-color:#FFFFFF;color:#FF0000">
 IpAclManager (Constructor)</h3>
-<b>IpAclManager</b>(<i>acl=None, minlevel=0, maxlevel=1</i>)
+<b>IpAclManager</b>(<i>acl=None, minlevel=0, maxlevel=0</i>)
 <p>
 Init IpAclManager class.
 </p><dl>
@@ -101,26 +101,14 @@ IpAclManager.__get_acl</h3>
 <p>
 Getter fuer den rohen ACL-String.
        return ACLs als <class 'str'>
-</p><a NAME="IpAclManager.__refullmatch" ID="IpAclManager.__refullmatch"></a>
+</p><a NAME="IpAclManager.__get_regex_acl" ID="IpAclManager.__get_regex_acl"></a>
 <h3 style="background-color:#FFFFFF;color:#FF0000">
-IpAclManager.__refullmatch</h3>
+IpAclManager.__get_regex_acl</h3>
-<b>__refullmatch</b>(<i>regex, string</i>)
+<b>__get_regex_acl</b>(<i></i>)
 <p>
-re.fullmatch wegen alter python version aus wheezy nachgebaut.
+Gibt formatierten RegEx-String zurueck.
-</p><dl>
+        return RegEx Code als <class 'str'>
-<dt><i>regex</i></dt>
+</p><a NAME="IpAclManager.__set_acl" ID="IpAclManager.__set_acl"></a>
 <dd>
 RegEx Statement
 </dd><dt><i>string</i></dt>
 <dd>
 Zeichenfolge gegen die getestet wird
 </dd>
 </dl><dl>
 <dt>Returns:</dt>
 <dd>
 True, wenn komplett passt sonst False
 </dd>
 </dl><a NAME="IpAclManager.__set_acl" ID="IpAclManager.__set_acl"></a>
 <h3 style="background-color:#FFFFFF;color:#FF0000">
 IpAclManager.__set_acl</h3>
 <b>__set_acl</b>(<i>value</i>)
@@ -145,28 +133,19 @@ zum pruefen
 </dl><dl>
 <dt>Returns:</dt>
 <dd>
-int() ACL Wert oder -1 wenn nicht gefunden
+<class 'int'> ACL Wert oder -1 wenn nicht gefunden
 </dd>
-</dl>
+</dl><a NAME="IpAclManager.valid_acl_string" ID="IpAclManager.valid_acl_string"></a>
-<div align="right"><a style="color:#0000FF" href="#top">Up</a></div>
+<h3 style="background-color:#FFFFFF;color:#FF0000">
-<hr /><hr />
+IpAclManager.valid_acl_string</h3>
-<a NAME="_ipmatch" ID="_ipmatch"></a>
+<b>valid_acl_string</b>(<i>str_acl</i>)
 <h2 style="background-color:#FFFFFF;color:#0000FF">_ipmatch</h2>
 <b>_ipmatch</b>(<i>ipaddress, dict_acl</i>)
 <p>
-Prueft IP gegen ACL List und gibt ACL aus.
+Prueft ob ein ACL-String gueltig ist.
 </p><dl>
-<dt><i>ipaddress</i></dt>
+<dt><i>str_acl</i></dt>
 <dd>
-zum pruefen
+<class 'str'> zum ueberpruefen
-</dd><dt><i>dict_acl</i></dt>
+        return ACL Level als <class 'int'>
 <dd>
 ACL Dict gegen die IP zu pruefen ist
 </dd>
 </dl><dl>
 <dt>Returns:</dt>
 <dd>
 int() ACL Wert oder -1 wenn nicht gefunden
 </dd>
 </dl>
 <div align="right"><a style="color:#0000FF" href="#top">Up</a></div>
--- a/doc/picontrolserver.html
+++ b/doc/picontrolserver.html
@@ -81,7 +81,7 @@ Static Methods</h3>
 <a NAME="RevPiSlave.__init__" ID="RevPiSlave.__init__"></a>
 <h3 style="background-color:#FFFFFF;color:#FF0000">
 RevPiSlave (Constructor)</h3>
-<b>RevPiSlave</b>(<i>acl, port=55234</i>)
+<b>RevPiSlave</b>(<i>ipacl, port=55234</i>)
 <p>
 Instantiiert RevPiSlave-Klasse.
 </p><dl>
--- a/doc/revpipyload.html
+++ b/doc/revpipyload.html
@@ -32,7 +32,7 @@ begrenzt werden!
 <h3 style="background-color:#FFFFFF;color:#FF0000">
 Global Attributes</h3>
 <table>
-<tr><td>pyloadversion</td></tr><tr><td>re_ipacl</td></tr>
+<tr><td>pyloadversion</td></tr>
 </table>
 <h3 style="background-color:#FFFFFF;color:#FF0000">
 Classes</h3>
--- a/doc/xrpcserver.html
+++ b/doc/xrpcserver.html
@@ -87,7 +87,7 @@ SimpleXMLRPCServer
 <h3 style="background-color:#FFFFFF;color:#FF0000">
 Class Attributes</h3>
 <table>
-<tr><td>aclmgr</td></tr>
+<tr><td>None</td></tr>
 </table>
 <h3 style="background-color:#FFFFFF;color:#FF0000">
 Class Methods</h3>
@@ -119,7 +119,7 @@ Static Methods</h3>
 <a NAME="SaveXMLRPCServer.__init__" ID="SaveXMLRPCServer.__init__"></a>
 <h3 style="background-color:#FFFFFF;color:#FF0000">
 SaveXMLRPCServer (Constructor)</h3>
-<b>SaveXMLRPCServer</b>(<i>addr, logRequests=True, allow_none=False, use_builtin_types=False, acl=""</i>)
+<b>SaveXMLRPCServer</b>(<i>addr, logRequests=True, allow_none=False, use_builtin_types=False, ipacl=IpAclManager()</i>)
 <p>
 Init SaveXMLRPCServer class.
 </p><a NAME="SaveXMLRPCServer.isAlive" ID="SaveXMLRPCServer.isAlive"></a>
--- a/eric-revpipyload.api
+++ b/eric-revpipyload.api
@@ -1,10 +1,11 @@
 helper.IpAclManager.__get_acl?6()
-helper.IpAclManager.__refullmatch?6(regex, string)
+helper.IpAclManager.__get_regex_acl?6()
 helper.IpAclManager.__set_acl?6(value)
 helper.IpAclManager.acl?7
 helper.IpAclManager.get_acllevel?4(ipaddress)
-helper.IpAclManager?1(acl=None, minlevel=0, maxlevel=1)
+helper.IpAclManager.regex_acl?7
-helper._ipmatch?5(ipaddress, dict_acl)
+helper.IpAclManager.valid_acl_string?4(str_acl)
 helper.IpAclManager?1(acl=None, minlevel=0, maxlevel=0)
 helper._setuprt?5(pid, evt_exit)
 helper._zeroprocimg?5()
 helper.refullmatch?4(regex, string)
@@ -22,7 +23,7 @@ logsystem.PipeLogwriter?1(logfilename)
 picontrolserver.RevPiSlave.newlogfile?4()
 picontrolserver.RevPiSlave.run?4()
 picontrolserver.RevPiSlave.stop?4()
-picontrolserver.RevPiSlave?1(acl, port=55234)
+picontrolserver.RevPiSlave?1(ipacl, port=55234)
 picontrolserver.RevPiSlaveDev.run?4()
 picontrolserver.RevPiSlaveDev.stop?4()
 picontrolserver.RevPiSlaveDev?1(devcon, acl)
@@ -83,10 +84,8 @@ revpipyload.RevPiPyLoad.xml_setconfig?4(dc, loadnow=False)
 revpipyload.RevPiPyLoad.xml_setpictoryrsc?4(filebytes, reset=False)
 revpipyload.RevPiPyLoad?1()
 revpipyload.pyloadversion?7
 revpipyload.re_ipacl?7
 xrpcserver.SaveXMLRPCRequestHandler.parse_request?4()
 xrpcserver.SaveXMLRPCServer.aclmgr?7
 xrpcserver.SaveXMLRPCServer.isAlive?4()
 xrpcserver.SaveXMLRPCServer.start?4()
 xrpcserver.SaveXMLRPCServer.stop?4()
-xrpcserver.SaveXMLRPCServer?1(addr, logRequests=True, allow_none=False, use_builtin_types=False, acl="")
+xrpcserver.SaveXMLRPCServer?1(addr, logRequests=True, allow_none=False, use_builtin_types=False, ipacl=IpAclManager())
--- a/revpipyload/helper.py
+++ b/revpipyload/helper.py
@@ -16,13 +16,16 @@ class IpAclManager():
    """Verwaltung fuer IP Adressen und deren ACL Level."""
-    def __init__(self, acl=None, minlevel=0, maxlevel=1):
+    def __init__(self, acl=None, minlevel=0, maxlevel=0):
        """Init IpAclManager class.
        @param acl ACL Liste fuer Berechtigungen als <class 'str'>"""
-        if minlevel >= maxlevel:
+        if minlevel > maxlevel:
-            raise ValueError("minlevel is smaller or equal than maxlevel")
+            raise ValueError("minlevel is smaller than maxlevel")
        if minlevel < 0:
            raise ValueError("minlevel must be 0 or more")
        self.__dict_acl = {}
        self.__dict_ips = {}
        self.__rawacl = ""
        self.__re_ipacl = "(([\\d\\*]{1,3}\\.){3}[\\d\\*]{1,3},[" \
            + str(minlevel) + "-" + str(maxlevel) + "] ?)*"
@@ -36,16 +39,10 @@ class IpAclManager():
        return ACLs als <class 'str'>"""
        return self.__rawacl
-    def __refullmatch(self, regex, string):
+    def __get_regex_acl(self):
-        """re.fullmatch wegen alter python version aus wheezy nachgebaut.
+        """Gibt formatierten RegEx-String zurueck.
-
+        return RegEx Code als <class 'str'>"""
-        @param regex RegEx Statement
+        return self.__re_ipacl
        @param string Zeichenfolge gegen die getestet wird
        @return True, wenn komplett passt sonst False
        """
        m = rematch(regex, string)
        return m is not None and m.end() == len(string)
    def __set_acl(self, value):
        """Uebernimmt neue ACL-Liste fuer die Ausertung der Level.
@@ -53,11 +50,12 @@ class IpAclManager():
        if type(value) != str:
            raise ValueError("parameter acl must be <class 'str'>")
-        if not self.__refullmatch(self.__re_ipacl, value):
+        if not self.valid_acl_string(value):
            raise ValueError("acl format ist not okay - 1.2.3.4,0 5.6.7.8,1")
        # Klassenwerte übernehmen
        self.__dict_acl = {}
        self.__dict_ips = {}
        self.__rawacl = value
        # Liste neu füllen mit regex Strings
@@ -69,28 +67,29 @@ class IpAclManager():
    def get_acllevel(self, ipaddress):
        """Prueft IP gegen ACL List und gibt ACL-Wert aus.
        @param ipaddress zum pruefen
-        @return int() ACL Wert oder -1 wenn nicht gefunden"""
+        @return <class 'int'> ACL Wert oder -1 wenn nicht gefunden"""
        # Bei bereits aufgelösten IPs direkt ACL auswerten
        if ipaddress in self.__dict_ips:
            return self.__dict_ips[ipaddress]
        for aclip in sorted(self.__dict_acl, reverse=True):
-            if self.__refullmatch(aclip, ipaddress):
+            if refullmatch(aclip, ipaddress):
                # IP und Level merken
                self.__dict_ips[ipaddress] = self.__dict_acl[aclip]
                # Level zurückgeben
                return self.__dict_acl[aclip]
        return -1
    def valid_acl_string(self, str_acl):
        """Prueft ob ein ACL-String gueltig ist.
        @param str_acl <class 'str'> zum ueberpruefen
        return ACL Level als <class 'int'>"""
        return refullmatch(self.__re_ipacl, str_acl)
    acl = property(__get_acl, __set_acl)
-
+    regex_acl = property(__get_regex_acl)
 def _ipmatch(ipaddress, dict_acl):
    """Prueft IP gegen ACL List und gibt ACL aus.
    @param ipaddress zum pruefen
    @param dict_acl ACL Dict gegen die IP zu pruefen ist
    @return int() ACL Wert oder -1 wenn nicht gefunden
    """
    for aclip in sorted(dict_acl, reverse=True):
        regex = aclip.replace(".", "\\.").replace("*", "\\d{1,3}")
        if refullmatch(regex, ipaddress):
            return dict_acl[aclip]
    return -1
 def _setuprt(pid, evt_exit):
--- a/revpipyload/picontrolserver.py
+++ b/revpipyload/picontrolserver.py
@@ -8,7 +8,6 @@
 """Modul fuer die Verwaltung der PLC-Slave Funktionen."""
 import proginit
 import socket
 from helper import _ipmatch
 from threading import Event, Thread
 from timeit import default_timer
@@ -24,11 +23,12 @@ class RevPiSlave(Thread):
    """
-    def __init__(self, acl, port=55234):
+    def __init__(self, ipacl, port=55234):
        """Instantiiert RevPiSlave-Klasse.
        @param acl Stringliste mit Leerstellen getrennt
        @param port Listen Port fuer plc Slaveserver"""
        super().__init__()
        self.__ipacl = ipacl
        self._evt_exit = Event()
        self.exitcode = None
        self._port = port
@@ -37,13 +37,6 @@ class RevPiSlave(Thread):
        self.zeroonerror = False
        self.zeroonexit = False
        # ACLs aufbereiten
        self.dict_acl = {}
        for host in acl.split():
            aclsplit = host.split(",")
            self.dict_acl[aclsplit[0]] = \
                0 if len(aclsplit) == 1 else int(aclsplit[1])
    def newlogfile(self):
        """Konfiguriert die FileHandler auf neue Logdatei."""
        pass
@@ -78,7 +71,7 @@ class RevPiSlave(Thread):
                continue
            # ACL prüfen
-            aclstatus = _ipmatch(tup_sock[1][0], self.dict_acl)
+            aclstatus = self.__ipacl.get_acllevel(tup_sock[1][0])
            if aclstatus == -1:
                tup_sock[0].close()
                proginit.logger.warning(
--- a/revpipyload/revpipyload.py
+++ b/revpipyload/revpipyload.py
@@ -40,7 +40,7 @@ import signal
 import tarfile
 import zipfile
 from configparser import ConfigParser
-from helper import refullmatch
+from helper import refullmatch, IpAclManager
 from json import loads as jloads
 from shutil import rmtree
 from tempfile import mkstemp
@@ -50,7 +50,6 @@ from xmlrpc.client import Binary
 from xrpcserver import SaveXMLRPCServer
 pyloadversion = "0.6.0"
 re_ipacl = "(([\\d\\*]{1,3}\\.){3}[\\d\\*]{1,3},[0-1] ?)*"
 class RevPiPyLoad():
@@ -120,36 +119,33 @@ class RevPiPyLoad():
            self.globalconfig["DEFAULT"].get("plcarguments", "")
        self.plcworkdir = \
            self.globalconfig["DEFAULT"].get("plcworkdir", ".")
        self.plcslave = \
            int(self.globalconfig["DEFAULT"].get("plcslave", 0))
        # PLC Slave ACL laden und prüfen
-        plcslaveacl = \
+        self.plcslave = \
-            self.globalconfig["DEFAULT"].get("plcslaveacl", "")
+            int(self.globalconfig["DEFAULT"].get("plcslave", 0))
-        if len(plcslaveacl) > 0 and not refullmatch(re_ipacl, plcslaveacl):
+        self.plcslaveacl = IpAclManager(minlevel=0, maxlevel=1)
-            self.plcslaveacl = ""
+        str_acl = self.globalconfig["DEFAULT"].get("plcslaveacl", "")
        if not self.plcslaveacl.valid_acl_string(str_acl):
            proginit.logger.warning("can not load plcslaveacl - wrong format")
        else:
-            self.plcslaveacl = plcslaveacl
+            self.plcslaveacl.acl = str_acl
        self.plcslaveport = \
            int(self.globalconfig["DEFAULT"].get("plcslaveport", 55234))
        self.pythonver = \
            int(self.globalconfig["DEFAULT"].get("pythonversion", 3))
        self.rtlevel = \
            int(self.globalconfig["DEFAULT"].get("rtlevel", 0))
        self.xmlrpc = \
            int(self.globalconfig["DEFAULT"].get("xmlrpc", 0))
        # XML ACL laden und prüfen
-        # TODO: xmlrpcacl auswerten
+        self.xmlrpc = \
-        xmlrpcacl = \
+            int(self.globalconfig["DEFAULT"].get("xmlrpc", 0))
-            self.globalconfig["DEFAULT"].get("xmlrpcacl", "")
+        self.xmlrpcacl = IpAclManager(minlevel=0, maxlevel=3)
-        if len(xmlrpcacl) > 0 and not refullmatch(re_ipacl, xmlrpcacl):
+        str_acl = self.globalconfig["DEFAULT"].get("xmlrpcacl", "")
-            self.xmlrpcacl = ""
+        if not self.xmlrpcacl.valid_acl_string(str_acl):
            proginit.logger.warning("can not load xmlrpcacl - wrong format")
        else:
-            self.xmlrpcacl = xmlrpcacl
+            self.xmlrpcacl.acl = str_acl
        self.zeroonerror = \
            int(self.globalconfig["DEFAULT"].get("zeroonerror", 1))
@@ -177,7 +173,7 @@ class RevPiPyLoad():
                ),
                logRequests=False,
                allow_none=True,
-                acl=self.xmlrpcacl
+                ipacl=self.xmlrpcacl
            )
            self.xsrv.register_introspection_functions()
            self.xsrv.register_multicall_functions()
@@ -466,12 +462,12 @@ class RevPiPyLoad():
        dc["plcprogram"] = self.plcprog
        dc["plcarguments"] = self.plcarguments
        dc["plcslave"] = self.plcslave
-        dc["plcslaveacl"] = self.plcslaveacl
+        dc["plcslaveacl"] = self.plcslaveacl.acl
        dc["plcslaveport"] = self.plcslaveport
        dc["pythonversion"] = self.pythonver
        dc["rtlevel"] = self.rtlevel
        dc["xmlrpc"] = self.xmlrpc
-        dc["xmlrpcacl"] = self.xmlrpcacl
+        dc["xmlrpcacl"] = self.xmlrpcacl.acl
        dc["zeroonerror"] = self.zeroonerror
        dc["zeroonexit"] = self.zeroonexit
        return dc
@@ -640,12 +636,12 @@ class RevPiPyLoad():
            "plcprogram": ".+",
            "plcarguments": ".*",
            "plcslave": "[01]",
-            "plcslaveacl": re_ipacl,
+            "plcslaveacl": self.plcslaveacl.regex_acl,
            "plcslaveport": "[0-9]{,5}",
            "pythonversion": "[23]",
            "rtlevel": "[0-1]",
            "xmlrpc": "[0-3]",
-            "xmlrpcacl": re_ipacl,
+            "xmlrpcacl": self.xmlrpcacl.regex_acl,
            "zeroonerror": "[01]",
            "zeroonexit": "[01]"
        }
--- a/revpipyload/xrpcserver.py
+++ b/revpipyload/xrpcserver.py
@@ -6,6 +6,7 @@
 # (c) Sven Sager, License: LGPLv3
 #
 """XML-RPC Server anpassungen fuer Absicherung."""
 import proginit
 from helper import IpAclManager
 from concurrent import futures
 from xmlrpc.server import SimpleXMLRPCServer, SimpleXMLRPCRequestHandler
@@ -15,14 +16,11 @@ class SaveXMLRPCServer(SimpleXMLRPCServer):
    """Erstellt einen erweiterten XMLRPCServer."""
    aclmgr = IpAclManager()
    def __init__(
            self, addr, logRequests=True, allow_none=False,
-            use_builtin_types=False, acl=""):
+            use_builtin_types=False, ipacl=IpAclManager()):
        """Init SaveXMLRPCServer class."""
-
+        proginit.logger.debug("enter SaveXMLRPCServer.__init__()")
        SaveXMLRPCServer.aclmgr.acl = acl
        # Vererbte Klasse instantiieren
        super().__init__(
@@ -36,9 +34,12 @@ class SaveXMLRPCServer(SimpleXMLRPCServer):
        )
        # Klassenvariablen
        self.aclmgr = ipacl
        self.tpe = futures.ThreadPoolExecutor(max_workers=1)
        self.fut = None
        proginit.logger.debug("leave SaveXMLRPCServer.__init__()")
    def isAlive(self):
        """Prueft ob der XML RPC Server laeuft.
        @return True, wenn Server noch laeuft"""
@@ -46,6 +47,8 @@ class SaveXMLRPCServer(SimpleXMLRPCServer):
    def start(self):
        """Startet den XML-RPC Server."""
        proginit.logger.debug("enter SaveXMLRPCServer.start()")
        if self.fut is None:
            self.server_bind()
            self.server_activate()
@@ -53,8 +56,12 @@ class SaveXMLRPCServer(SimpleXMLRPCServer):
        else:
            raise RuntimeError("savexmlrpcservers can only be started once")
        proginit.logger.debug("leave SaveXMLRPCServer.start()")
    def stop(self):
        """Stoppt den XML-RPC Server."""
        proginit.logger.debug("enter SaveXMLRPCServer.stop()")
        if self.fut is not None:
            self.shutdown()
            self.tpe.shutdown()
@@ -62,6 +69,8 @@ class SaveXMLRPCServer(SimpleXMLRPCServer):
        else:
            raise RuntimeError("save xml rpc server was not started")
        proginit.logger.debug("leave SaveXMLRPCServer.stop()")
 class SaveXMLRPCRequestHandler(SimpleXMLRPCRequestHandler):
@@ -75,7 +84,7 @@ class SaveXMLRPCRequestHandler(SimpleXMLRPCRequestHandler):
            return False
        # IP-Adresse prüfen
-        int_acl = SaveXMLRPCServer.aclmgr.get_acllevel(self.address_string())
+        int_acl = self.server.aclmgr.get_acllevel(self.address_string())
        if int_acl >= 0:
            return True
        else: