crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[config,firewall_new,ipt,ldap_crans] bl_carte_et_definitif = True, sursis d'une semaine même avec bl_carte_et_definitif

Browse source 
Ignore-this: aef64ec3880b96beda0ec95c7c6c255c

darcs-hash:20121119160943-3a55a-309f4e1bf82cc4ef955c7a7a723220704e74ba18.gz
This commit is contained in:
Valentin Samir 2012-11-19 17:09:43 +01:00
parent 11f461576b
commit b92229f0f1
4 changed files with 63 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

4
gestion/config.py
View file

@ -40,9 +40,9 @@ else:
# /!\ Par sécurité, ces valeurs sont considérées comme False si # /!\ Par sécurité, ces valeurs sont considérées comme False si
# periode_transitoire est True # periode_transitoire est True
# Soft (au niveau du Squid) # Soft (au niveau du Squid)
bl_carte_et_actif = False bl_carte_et_actif = True
# Hard (l'adhérent est considéré comme paiement pas ok) # Hard (l'adhérent est considéré comme paiement pas ok)
bl_carte_et_definitif = False bl_carte_et_definitif = True
#Sursis pour les inscription après le 1/11 pour fournir la carte étudiant #Sursis pour les inscription après le 1/11 pour fournir la carte étudiant
sursis_carte=8*24*3600 sursis_carte=8*24*3600

29
gestion/gen_confs/firewall_new.py
View file

@ -37,7 +37,7 @@ from ldap_crans import AssociationCrans, Machine, MachineWifi, BorneWifi
from affich_tools import * from affich_tools import *
from commands import getstatusoutput from commands import getstatusoutput
from iptools import AddrInNet, NetSubnets, IpSubnet from iptools import AddrInNet, NetSubnets, IpSubnet
from config import NETs, mac_komaz, mac_wifi, mac_titanic, mac_g, conf_fw, p2p, vlans, debit_max_radin, adm_users, accueil_route, blacklist_sanctions, blacklist_sanctions_soft from config import NETs, mac_komaz, mac_wifi, mac_titanic, mac_g, conf_fw, p2p, vlans, debit_max_radin, adm_users, accueil_route, blacklist_sanctions, blacklist_sanctions_soft, periode_transitoire
from ipset import IpsetError, Ipset from ipset import IpsetError, Ipset
from lc_ldap import lc_ldap from lc_ldap import lc_ldap
syslog.openlog('firewall') syslog.openlog('firewall')
@ -1088,7 +1088,12 @@ class firewall_komaz(firewall_crans) :
# Recherche sur le champ paiement seulement (clubs compris) et plus ablacklist pour capturer aussi les deconnection pour chambre invalide et carte étudiant # Recherche sur le champ paiement seulement (clubs compris) et plus ablacklist pour capturer aussi les deconnection pour chambre invalide et carte étudiant
search = db.search('paiement=ok') search = db.search('paiement=%s' % ann_scol)
if periode_transitoire:
tmp=db.search('paiement=%s' % ann_scol-1)
search['adherent'].entend(tmp['adherent'])
search['club'].entend(tmp['club'])
del tmp
self.anim = anim("\tBlackliste adhérents+clubs", 2*len(search['adherent']+search['club'])) self.anim = anim("\tBlackliste adhérents+clubs", 2*len(search['adherent']+search['club']))
for entite in search['adherent'] + search['club']: for entite in search['adherent'] + search['club']:
self.anim.cycle() self.anim.cycle()
@ -1108,7 +1113,9 @@ class firewall_komaz(firewall_crans) :
print OK print OK
# Recherche sur le champ mblacklist # Recherche sur le champ mblacklist
search = db.search('mblacklist=*&paiement=ok') search = db.search('mblacklist=*&paiement=%s' % ann_scol)
if periode_transitoire:
search['machine'].entend(db.search('mblacklist=*&paiement=%s' % ann_scol-1)['machine'])
self.anim = anim("\tBlackliste machines", 2*len(search['machine'])) self.anim = anim("\tBlackliste machines", 2*len(search['machine']))
for entite in search['machine']: for entite in search['machine']:
self.anim.cycle() self.anim.cycle()
@ -1267,8 +1274,11 @@ class firewall_zamok(firewall_crans) :
def filter_table(self): def filter_table(self):
self.anim = anim('\tStructure de la table filter') self.anim = anim('\tStructure de la table filter')
iptables('-t filter -N SERV_OUT_ADM') try:
iptables('-t filter -N TEST_MAC-IP') iptables('-t filter -N SERV_OUT_ADM')
iptables('-t filter -N TEST_MAC-IP')
except:
pass
iptables("-t filter -A OUTPUT -d 224.0.0.0/4 -j DROP") iptables("-t filter -A OUTPUT -d 224.0.0.0/4 -j DROP")
# <!> à placer dans filter # <!> à placer dans filter
@ -1304,8 +1314,13 @@ class firewall_zamok(firewall_crans) :
self.filter_table() self.filter_table()
# Recherche sur le champ ablacklist (clubs compris) # Recherche des adherent blacklisté (club compris)
search = db.search('ablacklist=*&paiement=ok') search = db.search('paiement=%s' % ann_scol)
if periode_transitoire:
tmp=db.search('paiement=%s' % ann_scol-1)
search['adherent'].entend(tmp['adherent'])
search['club'].entend(tmp['club'])
del tmp
self.anim = anim("\tBlackliste des comptes Crans", len(search['adherent'])) self.anim = anim("\tBlackliste des comptes Crans", len(search['adherent']))
for adh in search['adherent']: for adh in search['adherent']:
self.anim.cycle() self.anim.cycle()

13
gestion/ipt.py
View file

@ -25,7 +25,7 @@ import os, re, syslog, cPickle
from ldap_crans import crans_ldap, hostname from ldap_crans import crans_ldap, hostname
from commands import getstatusoutput from commands import getstatusoutput
from config import NETs, role, prefix, mid, output_file, filter_policy from config import NETs, role, prefix, mid, output_file, filter_policy
from config import blacklist_sanctions, blacklist_sanctions_soft, file_pickle from config import blacklist_sanctions, blacklist_sanctions_soft, file_pickle, ann_scol, periode_transitoire
from iptools import AddrInNet from iptools import AddrInNet
from midtools import Mid from midtools import Mid
import subprocess import subprocess
@ -667,14 +667,21 @@ def blacklist(ipt):
blcklst = [] blcklst = []
s = db.search('paiement=ok') s = db.search('paiement=%s' % ann_scol)
if periode_transitoire:
tmp=db.search('paiement=%s' % ann_scol-1)
s['adherent'].entend(tmp['adherent'])
s['club'].entend(tmp['club'])
del tmp
for target in s['adherent'] + s['club']: for target in s['adherent'] + s['club']:
sanctions = target.blacklist_actif() sanctions = target.blacklist_actif()
if [x for x in sanctions if x in blacklist_sanctions]: if [x for x in sanctions if x in blacklist_sanctions]:
blcklst.extend(target.machines()) blcklst.extend(target.machines())
s = db.search('mblacklist=*&paiement=ok') s = db.search('mblacklist=*&paiement=%s' % ann_scol)
if periode_transitoire:
s['machine'].entend(db.s('mblacklist=*&paiement=%s' % ann_scol-1)['machine'])
for target in s['machine']: for target in s['machine']:
sanctions = target.blacklist_actif() sanctions = target.blacklist_actif()

38
gestion/ldap_crans.py
View file

@ -892,7 +892,7 @@ class CransLdap:
if uid == "grosminet": if uid == "grosminet":
proprio = self.search("nom=grosminet", mode)['adherent'][0] proprio = self.search("nom=grosminet", mode)['adherent'][0]
return proprio return proprio
__machines = () __machines = ()
def all_machines(self, graphic=False): def all_machines(self, graphic=False):
""" """
@ -907,8 +907,14 @@ class CransLdap:
# Machines de l'assoce # Machines de l'assoce
self.__machines = AssociationCrans(conn = self.conn).machines() self.__machines = AssociationCrans(conn = self.conn).machines()
# Machines des adhérents et clubs de l'année en cours # Machines des adhérents et clubs de l'année en cours
base = self.search('paiement=ok') #base = self.search('paiement=ok')
base = self.search('paiement=%s' % ann_scol)
base = base['adherent'] + base['club'] base = base['adherent'] + base['club']
if config.periode_transitoire:
tmp=self.search('paiement=%s' % ann_scol-1)
base.entend(tmp['adherent'] + tmp['club'])
del tmp
base=[a for a in base if a.paiement_ok()]
if graphic: a = anim('\tTri des machines', len(base)) if graphic: a = anim('\tTri des machines', len(base))
for adh in base: for adh in base:
if graphic: a.cycle() if graphic: a.cycle()
@ -976,13 +982,8 @@ class BaseClasseCrans(CransLdap):
bl_liste += p.blacklist() bl_liste += p.blacklist()
elif isinstance(self, Adherent) and (config.ann_scol in self.paiement()): elif isinstance(self, Adherent) and (config.ann_scol in self.paiement()):
# blacklistes virtuelle si on est un adhérent pour carte étudiant et chambre invalides # blacklistes virtuelle si on est un adhérent pour carte étudiant et chambre invalides
if not config.periode_transitoire and config.bl_carte_et_actif and not (config.ann_scol in self.carteEtudiant()): if not config.periode_transitoire and config.bl_carte_et_actif and not (config.ann_scol in self.carteEtudiant()) and not self.sursis_carte():
for h in self.historique()[::-1]: actifs['carte_etudiant']=('-','-')
x=re.match("(.*),.* : .*(paiement\+%s|inscription).*" % config.ann_scol,h)
if x != None:
if (time.time()-time.mktime(time.strptime(x.group(1),'%d/%m/%Y %H:%M')))>config.sursis_carte:
actifs['carte_etudiant']=('-','-')
break
if self.chbre() == '????': if self.chbre() == '????':
actifs['chambre_invalide']=('-','-') actifs['chambre_invalide']=('-','-')
@ -1735,6 +1736,25 @@ class BaseProprietaire(BaseClasseCrans):
si négatif le supprime si négatif le supprime
""" """
return self._an('paiement', action) return self._an('paiement', action)
def sursis_carte(self):
for h in self.historique()[::-1]:
x=re.match("(.*),.* : .*(paiement\+%s|inscription).*" % config.ann_scol,h)
if x != None:
if (time.time()-time.mktime(time.strptime(x.group(1),'%d/%m/%Y %H:%M')))<=config.sursis_carte:
return True
break
return False
def paiement_ok(self):
if config.ann_scol in self.paiement() or (config.periode_transitoire and (config.ann_scol-1) in self.paiement()):
if config.periode_transitoire or not isinstance(self, Adherent) or not config.bl_carte_et_definitif or config.ann_scol in self.carteEtudiant():
return True
else:
return self.sursis_carte()
else:
return False
def delete(self, comment=''): def delete(self, comment=''):
"""Destruction du propriétaire""" """Destruction du propriétaire"""