def pursue(identity, candidate):
"""Try to detain this identity if applicable
If profile says to not keep closed, we lift the detention for this
identity after detaining the new interface. This also means that when
detaining manually we keep all interfaces closed as this was the behavior
in the old code.
"""
_logger.info("%s is active on interface %s", candidate.mac,
candidate.interface)
# Check if this reason is a part of any detention profile. If it is we
# need to fetch the vlans from that profile and see if the new ip is on
# one of those vlans or have to be skipped.
profile = is_detained_by_profile(identity)
if profile and not should_pursue(identity, profile):
return
try:
raise_if_detainment_not_allowed(candidate.interface)
except DetainmentNotAllowedError as error:
_logger.error(error)
return
identity.autoenablestep = find_autoenable_step(identity)
detain(identity, candidate)
if profile and profile.keep_closed == 'n':
try:
open_port(identity, getpass.getuser(),
'Blocked on another interface')
except GeneralException as error:
_logger.error(error)
def main():
"""Main controller"""
init_generic_logging(
logfile=nav.buildconf.localstatedir + "/log/arnold/autoenable.log",
stderr=False,
read_config=True,
)
LOGGER.info("Starting autoenable")
candidates = Identity.objects.filter(
autoenable__lte=datetime.now(), status__in=['disabled', 'quarantined'])
if len(candidates) <= 0:
LOGGER.info("No ports ready for opening.")
sys.exit(0)
# For each port that is blocked, try to enable the port.
for candidate in candidates:
try:
open_port(candidate, getpass.getuser(),
eventcomment="Opened automatically by autoenable")
interface = candidate.interface
netbox = interface.netbox
LOGGER.info("Opening %s %s:%s for %s",
netbox.sysname, interface.module, interface.baseport,
candidate.mac)
except GeneralException as why:
LOGGER.error(why)
continue
def main():
"""Main controller"""
init_logging(nav.buildconf.localstatedir + "/log/arnold/autoenable.log")
LOGGER.info("Starting autoenable")
candidates = Identity.objects.filter(
autoenable__lte=datetime.now(), status__in=['disabled', 'quarantined'])
if len(candidates) <= 0:
LOGGER.info("No ports ready for opening.")
sys.exit(0)
# For each port that is blocked, try to enable the port.
for candidate in candidates:
try:
open_port(candidate, getpass.getuser(),
eventcomment="Opened automatically by autoenable")
interface = candidate.interface
netbox = interface.netbox
LOGGER.info("Opening %s %s:%s for %s" % (
netbox.sysname, interface.module,
interface.baseport, candidate.mac))
except GeneralException, why:
LOGGER.error(why)
continue
def lift_detentions(request):
"""Lift all detentions given in form"""
if request.method == 'POST':
account = get_account(request)
for detentionid in request.POST.getlist('detentions'):
identity = Identity.objects.get(pk=detentionid)
open_port(identity, account.login, 'Enabled from web')
return redirect('arnold-detainedports')
def lift_detentions(request):
"""Lift all detentions given in form"""
if request.method == 'POST':
account = get_account(request)
for detentionid in request.POST.getlist('detentions'):
identity = Identity.objects.get(pk=detentionid)
open_port(identity, account.login, 'Enabled from web')
return redirect('arnold-detainedports')
profile = is_detained_by_profile(identity)
if profile and not should_pursue(identity, profile):
return
try:
raise_if_detainment_not_allowed(candidate.interface)
except DetainmentNotAllowedError, error:
LOGGER.error(error)
return
identity.autoenablestep = find_autoenable_step(identity)
detain(identity, candidate)
if profile and profile.keep_closed == 'n':
try:
open_port(identity, getpass.getuser(),
'Blocked on another interface')
except GeneralException, error:
LOGGER.error(error)
def is_detained_by_profile(identity):
"""Check that this identity is detained with a detention profile"""
try:
return DetentionProfile.objects.get(
justification=identity.justification)
except DetentionProfile.DoesNotExist:
return None
def find_autoenable_step(identity):
"""Find and set autoenablestep"""
profile = is_detained_by_profile(identity)
if profile and not should_pursue(identity, profile):
return
try:
raise_if_detainment_not_allowed(candidate.interface)
except DetainmentNotAllowedError, error:
LOGGER.error(error)
return
identity.autoenablestep = find_autoenable_step(identity)
detain(identity, candidate)
if profile and profile.keep_closed == 'n':
try:
open_port(identity, getpass.getuser(),
'Blocked on another interface')
except GeneralException, error:
LOGGER.error(error)
def is_detained_by_profile(identity):
"""Check that this identity is detained with a detention profile"""
try:
return DetentionProfile.objects.get(
justification=identity.justification)
except DetentionProfile.DoesNotExist:
return None
def find_autoenable_step(identity):
"""Find and set autoenablestep"""
