[config,firewall,portail_captif] Blacklist virtuelle pour les gens non à jour du paiement

2013-10-08 10:16:04 +02:00 · 2013-10-08 10:16:04 +02:00 · 8e2fef80cb
commit 8e2fef80cb
parent 81eddeb0ff
3 changed files with 14 additions and 21 deletions
--- a/gestion/config/config.py
+++ b/gestion/config/config.py
@ -315,11 +315,11 @@ file_pickle = { 4 : '/tmp/ipt_pickle',
                6 : '/tmp/ip6t_pickle'
              }

-blacklist_sanctions = ['warez', 'p2p', 'autodisc_p2p','autodisc_virus','virus', 'bloq']
+blacklist_sanctions = ['warez', 'p2p', 'autodisc_p2p','autodisc_virus','virus', 'bloq', 'paiement']
 if bl_carte_et_definitif:
    blacklist_sanctions.append('carte_etudiant')
 blacklist_sanctions_soft  = ['autodisc_virus','ipv6_ra','mail_invalide','virus',
-         'warez', 'p2p', 'autodisc_p2p', 'bloq','carte_etudiant','chambre_invalide']
+         'warez', 'p2p', 'autodisc_p2p', 'bloq','carte_etudiant','chambre_invalide', 'paiement']
 blacklist_bridage_upload = ['autodisc_upload', 'upload']

 adm_users = [ 'root', 'identd', 'daemon', 'postfix', 'freerad', 'amavis',
--- a/gestion/gen_confs/firewall4.py
+++ b/gestion/gen_confs/firewall4.py
@ -17,6 +17,7 @@ import lc_ldap.attributs
 import socket
 from ipset import IpsetError, Ipset
 from iptools import AddrInNet, NetSubnets, IpSubnet, NetInNets
+import netaddr
 import subprocess
 import syslog
 from affich_tools import anim, OK, cprint
@ -83,25 +84,15 @@ class firewall_base(object) :
        """Renvois la liste de toutes les machines ayant une blackliste actives"""
        if self._blacklisted_machines:
            return self._blacklisted_machines
-        if self._machines:
-            self._blacklisted_machines = [ machine for machine in self._machines if machine.blacklist_actif() ]
-            return self._blacklisted_machines
-        blacklisted = [ machine for machine in self.conn.search(u"blacklist=*",sizelimit=4096) if machine.blacklist_actif() ]
-        self._blacklisted_machines = set()
-        for item in blacklisted:
-            if isinstance(item, lc_ldap.objets.proprio):
-                 self._blacklisted_machines = self._blacklisted_machines.union(item.machines())
-            elif isinstance(item, lc_ldap.objets.machine):
-                self._blacklisted_machines.add(item)
-            else:
-                print >> sys.stderr, 'Objet %s inconnu blacklisté' %  a.__class__.__name__
+        self._blacklisted_machines = [ machine for machine in self.machines() if machine.blacklist_actif() ]
        return self._blacklisted_machines

-    def blacklisted_adherents(self):
+    def blacklisted_adherents(self, excepts=[]):
        """Renvois la liste de tous les adhérents ayant une blackliste active"""
-        if self._blacklisted_adherents:
+        if self._blacklisted_adherents and self._blacklisted_adherents_type == set(excepts):
            return self._blacklisted_adherents
-        self._blacklisted_adherents = filter(lambda adh: adh.blacklist_actif(), self.adherents())
+        self._blacklisted_adherents = filter(lambda adh: adh.blacklist_actif(excepts), self.adherents())
+        self._blacklisted_adherents_type = set(excepts)
        return self._blacklisted_adherents

    def add(self, table, chain, rule):
@ -253,6 +244,7 @@ class firewall_base(object) :
        """Démarre le pare-feu : génère les règles, puis les restore"""
        anim('\tChargement des machines')
        self.machines()
+        self.blacklisted_machines()
        print OK

        if squeeze:
@ -348,7 +340,7 @@ class firewall_base(object) :
            bl_hard_ips = set(
                str(ip) for ips in
                [
-                    machine['ipHostNumber'] for machine in self.blacklisted_machines()
+                    machine['ipHostNumber'] for machine in self.blacklisted_machines() if reduce(lambda x,y: x or y, ( ip.value in netaddr.IPNetwork(n) for n in  config.NETs['all'] for ip in machine['ipHostNumber']))
                    if set([bl.value['type'] for bl in machine.blacklist_actif() ]).intersection(blacklist_sanctions)
                ]
                for ip in ips
@ -745,7 +737,7 @@ class firewall_komaz(firewall_base_routeur):
            bl_soft_ips = set(
                str(ip) for ips in
                [
-                    machine['ipHostNumber'] for machine in self.blacklisted_machines()
+                    machine['ipHostNumber'] for machine in self.blacklisted_machines() if reduce(lambda x,y: x or y, ( ip.value in netaddr.IPNetwork(n) for n in  config.NETs['all'] for ip in machine['ipHostNumber']))
                    if set([bl.value['type'] for bl in machine.blacklist_actif() ]).intersection(blacklist_sanctions_soft)
                ]
                for ip in ips
@ -1085,7 +1077,7 @@ class firewall_zamok(firewall_base):
            self.add(table, chain, '-d 127.0.0.1/8 -j RETURN')
            for net in NETs['all']:
                        self.add(table, chain, '-d %s -j RETURN' % net)
-            for adh in self.blacklisted_adherents():
+            for adh in self.blacklisted_adherents(['paiement']):
                if 'uidNumber' in adh.attrs.keys():
                    self.add(table, chain, '-m owner --uid-owner %s -j REJECT' % adh['uidNumber'][0])
            print OK
--- a/utils/portail_captif.py
+++ b/utils/portail_captif.py
@ -45,6 +45,7 @@ deco={
 	'bloq':'ERR_CUSTOM_BLOQ.html',
 	
 	'nouvelle_annee':'ERR_CUSTOM_NOUVELLE_ANNEE.html',
+	'paiement': 'ERR_CUSTOM_NOUVELLE_ANNEE.html',
 	'proxy_local':'ERR_CUSTOM_PROXY_LOCAL.html',
 	
 	'virus':'ERR_CUSTOM_BL_VIRUS.html',
@ -62,7 +63,7 @@ blacklist_key = [
 	'p2p','autodisc_p2p','upload','autodisc_uplaod','warez',
 	'carte_etudiant','chambre_invalide','mail_invalide',
 	'bloq',
-	'nouvelle_annee','proxy_local',
+	'nouvelle_annee','proxy_local', 'paiement',
 	'inscrit'
 	]