def key_by_ip_address(ip=None):
if not ip:
return None
with key_lock:
for k, key in keys.items():
if netacl_match(ip, key.hosts_assign):
return k
def __cbFun(snmpEngine, stateReference, contextEngineId, contextName, varBinds,
cbCtx):
transportDomain, transportAddress = \
snmpEngine.msgAndPduDsp.getTransportInfo(stateReference)
host = transportAddress[0]
logging.debug('snmp trap from %s' % host)
if config.hosts_allow:
if not netacl_match(host, config.hosts_allow):
logging.warning(
'snmp trap from %s denied by server configuration' % host)
return
data = {}
for name, val in varBinds:
logging.debug('snmp trap host: %s, data %s = %s' % \
(host, name.prettyPrint(), val.prettyPrint()))
data[name.prettyPrint()] = val.prettyPrint()
for i in subscribed_items:
t = threading.Thread(target=i.process_snmp_trap, args=(host, data))
t.start()
def check(k,
item=None,
oid=None,
allow=[],
pvt_file=None,
rpvt_uri=None,
ip=None,
master=False,
sysfunc=False,
any_item=False,
ro_op=False):
if eva.core.is_setup_mode():
return True
if not k or not k in keys or (master and not keys[k].master):
return False
_k = keys[k]
if _k.combined_from and _k.need_recombine:
_recombine_acl(_k)
if ip and not netacl_match(ip, _k.hosts_allow):
return False
if _k.master:
return True
if sysfunc and not _k.sysfunc:
return False
if any_item:
if _k.groups_deny or _k.item_ids_deny:
return False
else:
return '#' in _k.item_ids or '#' in _k.groups or (
ro_op and ('#' in _k.item_ids_ro or '#' in _k.groups_ro))
if item:
# check access to PHI
try:
if ('#' not in _k.item_ids and item.phi_id not in _k.item_ids) or (
'#' not in _k.groups and 'phi' not in _k.groups):
return False
except:
# check access to regular item
try:
grp = item.group
except:
grp = 'nogroup'
if not ro_op and eva.item.item_match(item, _k.item_ids_deny,
_k.groups_deny):
return False
if not eva.item.item_match(item, _k.item_ids, _k.groups):
if ro_op:
if not eva.item.item_match(item, _k.item_ids_ro,
_k.groups_ro):
return False
else:
return False
if oid:
if not eva.item.oid_match(oid, _k.item_ids, _k.groups):
if ro_op:
if not eva.item.oid_match(oid, _k.item_ids_ro, _k.groups_ro):
return False
else:
return False
if allow:
for a in allow:
if not a in _k.allow:
return False
if pvt_file:
if '#' in _k.pvt_files or pvt_file in _k.pvt_files:
return True
for d in _k.pvt_files:
p = d.find('#')
if p > -1 and d[:p] == pvt_file[:p]:
return True
if d.find('+') > -1:
g1 = d.split('/')
g2 = pvt_file.split('/')
if len(g1) == len(g2):
match = True
for i in range(0, len(g1)):
if g1[i] != '+' and g1[i] != g2[i]:
match = False
break
if match:
return True
return False
if rpvt_uri:
if rpvt_uri.find('//') != -1 and rpvt_uri[:3] not in ['uc/', 'lm/']:
r = rpvt_uri.split('//', 1)[1]
else:
r = rpvt_uri
if '#' in _k.rpvt_uris or r in _k.rpvt_uris:
return True
for d in _k.rpvt_uris:
p = d.find('#')
if p > -1 and d[:p] == r[:p]:
return True
if d.find('+') > -1:
g1 = d.split('/')
g2 = r.split('/')
if len(g1) == len(g2):
match = True
for i in range(0, len(g1)):
if g1[i] != '+' and g1[i] != g2[i]:
match = False
break
if match:
return True
return False
return True
def check_access(address, data=None):
if data and data[0] == '|':
return config.hosts_allow_encrypted and netacl_match(
address, config.hosts_allow_encrypted)
else:
return config.hosts_allow and netacl_match(address, config.hosts_allow)
def check(k,
item=None,
allow=[],
pvt_file=None,
rpvt_uri=None,
ip=None,
master=False,
sysfunc=False,
ro_op=False):
if eva.core.is_setup_mode():
return True
if not k or not k in keys or (master and not keys[k].master): return False
_k = keys[k]
if ip and not netacl_match(ip, _k.hosts_allow):
return False
if _k.master: return True
if sysfunc and not _k.sysfunc: return False
if item:
try:
grp = item.group
except:
grp = 'nogroup'
if not eva.item.item_match(item, _k.item_ids, _k.groups):
if ro_op:
if not eva.item.item_match(item, _k.item_ids_ro, _k.groups_ro):
return False
else:
return False
if allow:
for a in allow:
if not a in _k.allow: return False
if pvt_file:
if '#' in _k.pvt_files or pvt_file in _k.pvt_files: return True
for d in _k.pvt_files:
p = d.find('#')
if p > -1 and d[:p] == pvt_file[:p]: return True
if d.find('+') > -1:
g1 = d.split('/')
g2 = pvt_file.split('/')
if len(g1) == len(g2):
match = True
for i in range(0, len(g1)):
if g1[i] != '+' and g1[i] != g2[i]:
match = False
break
if match: return True
return False
if rpvt_uri:
if rpvt_uri.find('//') != -1 and rpvt_uri[:3] not in ['uc/', 'lm/']:
r = rpvt_uri.split('//', 1)[1]
else:
r = rpvt_uri
if '#' in _k.rpvt_uris or r in _k.rpvt_uris: return True
for d in _k.rpvt_uris:
p = d.find('#')
if p > -1 and d[:p] == r[:p]: return True
if d.find('+') > -1:
g1 = d.split('/')
g2 = r.split('/')
if len(g1) == len(g2):
match = True
for i in range(0, len(g1)):
if g1[i] != '+' and g1[i] != g2[i]:
match = False
break
if match: return True
return False
return True
def key_by_ip_address(ip=None):
if not ip: return None
for k, key in keys.copy().items():
if netacl_match(ip, key.hosts_assign):
return k