La liste des utilisateurs systeme est hardcode dans la classe parente.

Pas besoin de la surcharger dans les classes filles. darcs-hash:20050523160921-f163d-7e0ad512be4b0ea1d7460b7ce53f6a0cd838759f.gz
2005-05-23 18:09:21 +02:00 · 2005-05-23 18:09:21 +02:00 · bb446eb94f
commit bb446eb94f
parent 46e19322a2
1 changed files with 16 additions and 15 deletions
--- a/gestion/gen_confs/firewall_crans.py
+++ b/gestion/gen_confs/firewall_crans.py
@ -22,6 +22,7 @@ import sys
 sys.path.append('/usr/scripts/gestion')

 import syslog
+import pwd
 from  lock import *
 from ldap_crans import  crans_ldap, ann_scol, machine, crans, invite
 from affich_tools import *
@ -73,7 +74,8 @@ class firewall_crans :
    zone_serveur="138.231.136.0/28"
    vlan_adm="138.231.144.0/28"

-    adm_uids = [ 0, 1, 38, 103, 105, 106, 111, 112 ]
+    adm_users = [ "root", "identd", "daemon", "postfix", "freerad", "clamav", "amavis" ]
+    
                      
    mac_wifi = '00:0c:f1:fa:f1:4b'
    
@ -209,15 +211,6 @@ class firewall_crans :
        """ Arrête le firewall """
        cprint("Arrêt du firewall",'gras')
 	self.disable_route()
-	"""
-	if self.hostname == 'komaz':
-	    self.anim  = anim("    Arrêt routage")
-	    status,output=getstatusoutput('echo 0 > /proc/sys/net/ipv4/ip_forward')
-	    if status :
-		print ERREUR
-	    else :
-		print OK
-	"""
        self.exception_catcher(self.__stop)
        cprint("     -> fin de la procédure d'arrêt",'vert')
    
@ -248,16 +241,24 @@ class firewall_crans :
        self.exception_catcher(procedure)

    def serv_out_adm(self) :
-        self.anim = anim('    Output vers VLAN adm', len(self.adm_uids))
-        for uid in self.adm_uids :
-            self.anim.cycle() 
-            iptables("-t nat -A SERV_OUT_ADM -m owner --uid-owner %d -j ACCEPT" % uid)
+        self.anim = anim('    Output vers VLAN adm', len(self.adm_users))
+        for user in self.adm_users :
+            self.anim.cycle()
+            try:
+                iptables("-t nat -A SERV_OUT_ADM -m owner --uid-owner %d -j ACCEPT" % pwd.getpwnam(user)[2])
+            except KeyError:
+                continue
+            except:
+                print "Erreur inattendue: ", sys.exc_info()[0]
+
+        iptables("-t nat -A SERV_OUT_ADM -p tcp --dport ldap -j ACCEPT")
+        iptables("-t nat -A SERV_OUT_ADM -p udp --dport ldap -j ACCEPT")
        iptables("-t nat -A SERV_OUT_ADM -j DROP")
        self.anim.reinit()
        print OK
        
    def __test_mac_ip(self,machine):
-        ip=machine.ip()
+        ip=machine.ip() 
        mac=machine.mac()
        if machine.ipsec():
            # Machine wifi, c'est la mac de Nectaris