[base, komaz, utils, zamok] Factorisation de code via l'ajout de la methode blacklisted_ips

De plus, on rend le code plus jolie en prenant en compte l'ajout récent de méthodes dans
lc_ldap.

gestion/gen_confs/firewall4/base.py

@@ -3,7 +3,6 @@
 import os
 import sys
 import socket
-import netaddr
 
 import utils
 from utils import pretty_print, anim, OK, cprint
@@ -96,7 +95,7 @@ class firewall(utils.firewall_tools) :
 #        for ip in ip_list:
 #            machine = self.conn.search(u"ipHostNumber=%s" % ip)
 #            # Est-ce qu'il y a des blacklists hard parmis les blacklists de la machine
-#            if machine and set([bl.value['type'] for bl in machine[0].blacklist_actif() ]).intersection(config.blacklist_sanctions):
+#            if machine and set([bl['type'] for bl in machine[0].blacklist_actif() ]).intersection(config.blacklist_sanctions):
 #                try: self.ipset['blacklist']['hard'].add(ip)
 #                except IpsetError: pass
 #            else:
@@ -112,15 +111,7 @@ class firewall(utils.firewall_tools) :
         if fill_ipset:
             anim('\tRestoration de l\'ipset %s' % self.ipset['blacklist']['hard'])
             # On récupère la liste de toutes les ips blacklistés hard
-            bl_hard_ips = set(
+            bl_hard_ips = self.blacklisted_ips(config.blacklist_sanctions, config.NETs['all'])
-                str(ip) for ips in
-                [
-                    machine['ipHostNumber'] for machine in self.blacklisted_machines() if machine['ipHostNumber'] and reduce(lambda x,y: x or y, ( ip.value in netaddr.IPNetwork(n) for n in  config.NETs['all'] for ip in machine['ipHostNumber']))
-                    if set([bl.value['type'] for bl in machine.blacklist_actif() ]).intersection(config.blacklist_sanctions)
-                ]
-                for ip in ips
-            )
-
             self.ipset['blacklist']['hard'].restore(bl_hard_ips)
             print OK
 

gestion/gen_confs/firewall4/komaz.py

@@ -298,7 +298,7 @@ class firewall(base.firewall_routeur):
 #        for ip in ip_list:
 #            machine = self.conn.search(u"ipHostNumber=%s" % ip)
 #            # Est-ce qu'il y a des blacklists soft parmis les blacklists de la machine
-#            if machine and set([bl.value['type'] for bl in machine[0].blacklist_actif() ]).intersection(base.config.blacklist_sanctions_soft):
+#            if machine and set([bl['type'] for bl in machine[0].blacklist_actif() ]).intersection(base.config.blacklist_sanctions_soft):
 #                try: self.ipset['blacklist']['soft'].add(ip)
 #                except IpsetError: pass
 #            else:
@@ -312,15 +312,7 @@ class firewall(base.firewall_routeur):
         if fill_ipset:
             anim('\tRestoration de l\'ipset %s' % self.ipset['blacklist']['soft'])
             # On récupère la liste de toutes les ips blacklistés soft
-            bl_soft_ips = set(
+            bl_soft_ips = self.blacklisted_ips(base.config.blacklist_sanctions_soft, base.config.NETs['all'])
-                str(ip) for ips in
-                [
-                    machine['ipHostNumber'] for machine in self.blacklisted_machines() if machine['ipHostNumber'] and reduce(lambda x,y: x or y, ( ip.value in base.netaddr.IPNetwork(n) for n in  base.config.NETs['all'] for ip in machine['ipHostNumber']))
-                    if set([bl.value['type'] for bl in machine.blacklist_actif() ]).intersection(base.config.blacklist_sanctions_soft)
-                ]
-                for ip in ips
-            )
-
             self.ipset['blacklist']['soft'].restore(bl_soft_ips)
             print OK
 
@@ -348,7 +340,7 @@ class firewall(base.firewall_routeur):
 #        for ip in ip_list:
 #            machine = self.conn.search(u"ipHostNumber=%s" % ip)
 #            # Est-ce qu'il y a des blacklists pour upload parmis les blacklists de la machine
-#            if machine and set([bl.value['type'] for bl in machine[0].blacklist_actif() ]).intersection(blacklist_bridage_upload):
+#            if machine and set([bl['type'] for bl in machine[0].blacklist_actif() ]).intersection(blacklist_bridage_upload):
 #                try: self.ipset['blacklist']['upload'].add(ip)
 #                except IpsetError: pass
 #            else:
@@ -362,15 +354,7 @@ class firewall(base.firewall_routeur):
         if fill_ipset:
             anim('\tRestoration de l\'ipset %s' % self.ipset['blacklist']['upload'])
             # On récupère la liste de toutes les ips blacklistés pour upload
-            bl_upload_ips = set(
+            bl_upload_ips = self.blacklisted_ips(base.config.blacklist_bridage_upload, base.config.NETs['all'])
-                str(ip) for ips in
-                [
-                    machine['ipHostNumber'] for machine in self.blacklisted_machines()
-                    if set([bl.value['type'] for bl in machine.blacklist_actif() ]).intersection(base.config.blacklist_bridage_upload)
-                ]
-                for ip in ips
-            )
-
             self.ipset['blacklist']['upload'].restore(bl_upload_ips)
             print OK
 
@@ -446,13 +430,13 @@ class firewall(base.firewall_routeur):
 
             for machine in self.machines():
                 for ip in machine['ipHostNumber']:
-                    if 'portTCPout' in machine.attrs.keys():
+                    if 'portTCPout' in machine:
                         add_ports(ip, machine, 'tcp', 'out')
-                    if 'portUDPout' in machine.attrs.keys():
+                    if 'portUDPout' in machine:
                         add_ports(ip, machine, 'udp', 'out')
-                    if 'portTCPin' in machine.attrs.keys():
+                    if 'portTCPin' in machine:
                         add_ports(ip, machine, 'tcp', 'in')
-                    if 'portUDPin' in machine.attrs.keys():
+                    if 'portUDPin' in machine:
                         add_ports(ip, machine, 'udp', 'in')
 
             self.add(table, chain, '-j REJECT')

gestion/gen_confs/firewall4/utils.py

@@ -2,6 +2,7 @@
 # -*- coding: utf-8 -*-
 import os
 import sys
+import netaddr
 
 if '/usr/scripts/' not in sys.path:
     sys.path.append('/usr/scripts/')
@@ -58,11 +59,19 @@ class firewall_tools(object) :
         """Renvois la liste de toutes les machines"""
         if self._machines:
             return self._machines
+        # On utilise allMachinesAdherents car on a besoin que
+        # les machine.proprio() soit déjà peuplés. En effet, on regarde
+        # les blacklistes d'un proprio lorsque l'on regarde les blacklistes 
+        # d'une machine
         self._machines, self._adherents = self.conn.allMachinesAdherents()
+        self._adherents = [ adh for adh in self._adherents if adh.paiement_ok() ]
         return self._machines
 
     def adherents(self):
-        """Renvois la liste de tous les adhérents"""
+        """
+        Renvois la liste de tous les adhérents à jour de paiement
+        (car on suppose que la blackliste paiement est hard)
+        """
         if self._adherents:
             return self._adherents
         self._machines, self._adherents = self.conn.allMachinesAdherents()
@@ -76,8 +85,22 @@ class firewall_tools(object) :
         self._blacklisted_machines = [ machine for machine in self.machines() if machine.blacklist_actif() ]
         return self._blacklisted_machines
 
+    def blacklisted_ips(self, blacklist_sanctions=None, nets=None):
+        """Renvois l'ensemble des ips des machines ayant une blacklist dans blacklist_sanctions et étant dans nets si spécifié"""
+        bl_ips = set()
+        for machine in self.blacklisted_machines():
+            if blacklist_sanctions is None or set(bl['type'] for bl in machine.blacklist_actif()).intersection(blacklist_sanctions):
+                for ip in machine['ipHostNumber']:
+                    if nets is None:
+                        bl_ips.add(str(ip))
+                    else:
+                        for net in nets:
+                            if ip in netaddr.IPNetwork(net):
+                                bl_ips.add(str(ip))
+        return bl_ips
+
     def blacklisted_adherents(self, excepts=[]):
-        """Renvois la liste de tous les adhérents ayant une blackliste active"""
+        """Renvois la liste de tous les adhérents ayant une blackliste active en ignorant les blacklist de excepts"""
         if self._blacklisted_adherents and self._blacklisted_adherents_type == set(excepts):
             return self._blacklisted_adherents
         self._blacklisted_adherents = filter(lambda adh: adh.blacklist_actif(excepts), self.adherents())

gestion/gen_confs/firewall4/zamok.py

@@ -102,8 +102,8 @@ class firewall(base.firewall):
             self.add(table, chain, '-d 127.0.0.1/8 -j RETURN')
             for net in base.config.NETs['all']:
                         self.add(table, chain, '-d %s -j RETURN' % net)
-            for adh in self.blacklisted_adherents(['paiement']):
+            for adh in self.blacklisted_adherents():
-                if 'uidNumber' in adh.attrs.keys():
+                if 'uidNumber' in adh:
                     self.add(table, chain, '-m owner --uid-owner %s -j REJECT' % adh['uidNumber'][0])
             print OK