def key_by_ip_address(ip=None): if not ip: return None with key_lock: for k, key in keys.items(): if netacl_match(ip, key.hosts_assign): return k
def __cbFun(snmpEngine, stateReference, contextEngineId, contextName, varBinds, cbCtx): transportDomain, transportAddress = \ snmpEngine.msgAndPduDsp.getTransportInfo(stateReference) host = transportAddress[0] logging.debug('snmp trap from %s' % host) if config.hosts_allow: if not netacl_match(host, config.hosts_allow): logging.warning( 'snmp trap from %s denied by server configuration' % host) return data = {} for name, val in varBinds: logging.debug('snmp trap host: %s, data %s = %s' % \ (host, name.prettyPrint(), val.prettyPrint())) data[name.prettyPrint()] = val.prettyPrint() for i in subscribed_items: t = threading.Thread(target=i.process_snmp_trap, args=(host, data)) t.start()
def check(k, item=None, oid=None, allow=[], pvt_file=None, rpvt_uri=None, ip=None, master=False, sysfunc=False, any_item=False, ro_op=False): if eva.core.is_setup_mode(): return True if not k or not k in keys or (master and not keys[k].master): return False _k = keys[k] if _k.combined_from and _k.need_recombine: _recombine_acl(_k) if ip and not netacl_match(ip, _k.hosts_allow): return False if _k.master: return True if sysfunc and not _k.sysfunc: return False if any_item: if _k.groups_deny or _k.item_ids_deny: return False else: return '#' in _k.item_ids or '#' in _k.groups or ( ro_op and ('#' in _k.item_ids_ro or '#' in _k.groups_ro)) if item: # check access to PHI try: if ('#' not in _k.item_ids and item.phi_id not in _k.item_ids) or ( '#' not in _k.groups and 'phi' not in _k.groups): return False except: # check access to regular item try: grp = item.group except: grp = 'nogroup' if not ro_op and eva.item.item_match(item, _k.item_ids_deny, _k.groups_deny): return False if not eva.item.item_match(item, _k.item_ids, _k.groups): if ro_op: if not eva.item.item_match(item, _k.item_ids_ro, _k.groups_ro): return False else: return False if oid: if not eva.item.oid_match(oid, _k.item_ids, _k.groups): if ro_op: if not eva.item.oid_match(oid, _k.item_ids_ro, _k.groups_ro): return False else: return False if allow: for a in allow: if not a in _k.allow: return False if pvt_file: if '#' in _k.pvt_files or pvt_file in _k.pvt_files: return True for d in _k.pvt_files: p = d.find('#') if p > -1 and d[:p] == pvt_file[:p]: return True if d.find('+') > -1: g1 = d.split('/') g2 = pvt_file.split('/') if len(g1) == len(g2): match = True for i in range(0, len(g1)): if g1[i] != '+' and g1[i] != g2[i]: match = False break if match: return True return False if rpvt_uri: if rpvt_uri.find('//') != -1 and rpvt_uri[:3] not in ['uc/', 'lm/']: r = rpvt_uri.split('//', 1)[1] else: r = rpvt_uri if '#' in _k.rpvt_uris or r in _k.rpvt_uris: return True for d in _k.rpvt_uris: p = d.find('#') if p > -1 and d[:p] == r[:p]: return True if d.find('+') > -1: g1 = d.split('/') g2 = r.split('/') if len(g1) == len(g2): match = True for i in range(0, len(g1)): if g1[i] != '+' and g1[i] != g2[i]: match = False break if match: return True return False return True
def check_access(address, data=None): if data and data[0] == '|': return config.hosts_allow_encrypted and netacl_match( address, config.hosts_allow_encrypted) else: return config.hosts_allow and netacl_match(address, config.hosts_allow)
def check(k, item=None, allow=[], pvt_file=None, rpvt_uri=None, ip=None, master=False, sysfunc=False, ro_op=False): if eva.core.is_setup_mode(): return True if not k or not k in keys or (master and not keys[k].master): return False _k = keys[k] if ip and not netacl_match(ip, _k.hosts_allow): return False if _k.master: return True if sysfunc and not _k.sysfunc: return False if item: try: grp = item.group except: grp = 'nogroup' if not eva.item.item_match(item, _k.item_ids, _k.groups): if ro_op: if not eva.item.item_match(item, _k.item_ids_ro, _k.groups_ro): return False else: return False if allow: for a in allow: if not a in _k.allow: return False if pvt_file: if '#' in _k.pvt_files or pvt_file in _k.pvt_files: return True for d in _k.pvt_files: p = d.find('#') if p > -1 and d[:p] == pvt_file[:p]: return True if d.find('+') > -1: g1 = d.split('/') g2 = pvt_file.split('/') if len(g1) == len(g2): match = True for i in range(0, len(g1)): if g1[i] != '+' and g1[i] != g2[i]: match = False break if match: return True return False if rpvt_uri: if rpvt_uri.find('//') != -1 and rpvt_uri[:3] not in ['uc/', 'lm/']: r = rpvt_uri.split('//', 1)[1] else: r = rpvt_uri if '#' in _k.rpvt_uris or r in _k.rpvt_uris: return True for d in _k.rpvt_uris: p = d.find('#') if p > -1 and d[:p] == r[:p]: return True if d.find('+') > -1: g1 = d.split('/') g2 = r.split('/') if len(g1) == len(g2): match = True for i in range(0, len(g1)): if g1[i] != '+' and g1[i] != g2[i]: match = False break if match: return True return False return True
def key_by_ip_address(ip=None): if not ip: return None for k, key in keys.copy().items(): if netacl_match(ip, key.hosts_assign): return k