La liste des utilisateurs systeme est hardcode dans la classe parente.
Pas besoin de la surcharger dans les classes filles. darcs-hash:20050523160921-f163d-7e0ad512be4b0ea1d7460b7ce53f6a0cd838759f.gz
This commit is contained in:
segaud
parent
46e19322a2
commit
bb446eb94f
1 changed files with 16 additions and 15 deletions
|
|
@ -22,6 +22,7 @@ import sys
|
||||||
sys.path.append('/usr/scripts/gestion')
|
sys.path.append('/usr/scripts/gestion')
|
||||||
|
|
||||||
import syslog
|
import syslog
|
||||||
|
import pwd
|
||||||
from lock import *
|
from lock import *
|
||||||
from ldap_crans import crans_ldap, ann_scol, machine, crans, invite
|
from ldap_crans import crans_ldap, ann_scol, machine, crans, invite
|
||||||
from affich_tools import *
|
from affich_tools import *
|
||||||
|
|
@ -73,7 +74,8 @@ class firewall_crans :
|
||||||
zone_serveur="138.231.136.0/28"
|
zone_serveur="138.231.136.0/28"
|
||||||
vlan_adm="138.231.144.0/28"
|
vlan_adm="138.231.144.0/28"
|
||||||
|
|
||||||
adm_uids = [ 0, 1, 38, 103, 105, 106, 111, 112 ]
|
adm_users = [ "root", "identd", "daemon", "postfix", "freerad", "clamav", "amavis" ]
|
||||||
|
|
||||||
|
|
||||||
mac_wifi = '00:0c:f1:fa:f1:4b'
|
mac_wifi = '00:0c:f1:fa:f1:4b'
|
||||||
|
|
||||||
|
|
@ -209,15 +211,6 @@ class firewall_crans :
|
||||||
""" Arrête le firewall """
|
""" Arrête le firewall """
|
||||||
cprint("Arrêt du firewall",'gras')
|
cprint("Arrêt du firewall",'gras')
|
||||||
self.disable_route()
|
self.disable_route()
|
||||||
"""
|
|
||||||
if self.hostname == 'komaz':
|
|
||||||
self.anim = anim(" Arrêt routage")
|
|
||||||
status,output=getstatusoutput('echo 0 > /proc/sys/net/ipv4/ip_forward')
|
|
||||||
if status :
|
|
||||||
print ERREUR
|
|
||||||
else :
|
|
||||||
print OK
|
|
||||||
"""
|
|
||||||
self.exception_catcher(self.__stop)
|
self.exception_catcher(self.__stop)
|
||||||
cprint(" -> fin de la procédure d'arrêt",'vert')
|
cprint(" -> fin de la procédure d'arrêt",'vert')
|
||||||
|
|
||||||
|
|
@ -248,16 +241,24 @@ class firewall_crans :
|
||||||
self.exception_catcher(procedure)
|
self.exception_catcher(procedure)
|
||||||
|
|
||||||
def serv_out_adm(self) :
|
def serv_out_adm(self) :
|
||||||
self.anim = anim(' Output vers VLAN adm', len(self.adm_uids))
|
self.anim = anim(' Output vers VLAN adm', len(self.adm_users))
|
||||||
for uid in self.adm_uids :
|
for user in self.adm_users :
|
||||||
self.anim.cycle()
|
self.anim.cycle()
|
||||||
iptables("-t nat -A SERV_OUT_ADM -m owner --uid-owner %d -j ACCEPT" % uid)
|
try:
|
||||||
|
iptables("-t nat -A SERV_OUT_ADM -m owner --uid-owner %d -j ACCEPT" % pwd.getpwnam(user)[2])
|
||||||
|
except KeyError:
|
||||||
|
continue
|
||||||
|
except:
|
||||||
|
print "Erreur inattendue: ", sys.exc_info()[0]
|
||||||
|
|
||||||
|
iptables("-t nat -A SERV_OUT_ADM -p tcp --dport ldap -j ACCEPT")
|
||||||
|
iptables("-t nat -A SERV_OUT_ADM -p udp --dport ldap -j ACCEPT")
|
||||||
iptables("-t nat -A SERV_OUT_ADM -j DROP")
|
iptables("-t nat -A SERV_OUT_ADM -j DROP")
|
||||||
self.anim.reinit()
|
self.anim.reinit()
|
||||||
print OK
|
print OK
|
||||||
|
|
||||||
def __test_mac_ip(self,machine):
|
def __test_mac_ip(self,machine):
|
||||||
ip=machine.ip()
|
ip=machine.ip()
|
||||||
mac=machine.mac()
|
mac=machine.mac()
|
||||||
if machine.ipsec():
|
if machine.ipsec():
|
||||||
# Machine wifi, c'est la mac de Nectaris
|
# Machine wifi, c'est la mac de Nectaris
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue