예제 #1
0
파일: login.py 프로젝트: sveinou/DF 
    def cli_login(self, username, password, ip):
        
        indata = self.check_input(username, password, ip)
        dhcp = Dhcp()    
        auth = Auth(indata['username'],indata['password'])
        firewall = Firewall()
        mac = dhcp.find_mac(indata['ip_addr'])
        data = Data()

        if mac == False:
            # ip/mac pair does not exist in leasefile
            print "FEIL Mac/IP combo"
            sys.exit(conf.exit_status.ip_mac_mismatch_error)
        elif auth.login() != True:
            print "Login failed."
            self.log.info("LOGIN FAILED: "+indata['username']+" at "+ indata['ip_addr'])
            #sys.exit(conf.exit_status.login_error)
            sys.exit(1)
        dbcheck = data.mark_user_active(indata['username'],mac,indata['ip_addr'])
        if not dbcheck[0]:
            print "LOGIN FAILED, duplicates."
            print "User: %s \nMAC: %s \nIPv4: %s" % (dbcheck[1],dbcheck[2],dbcheck[3])
            sys.exit(conf.exit_status.user_already_logged_in)
        else:
            firewall.accept_ip4(indata['ip_addr'])

        ## DATABASE GOES HERE

        #data.add_row(indata['username'],mac,indata['ip_addr'],"IPv6")
        self.log.info("LOGIN OK: "+indata['username']+" at "+ indata['ip_addr'])
#        print lease[1]+" "+lease[0]
        ### WRITE SOMETHING TO A LOGFILE? (this goes to stdout)
        print "Login successful, {0} at ip {1}".format(indata['username'], indata['ip_addr'])        
        return True
예제 #2
0
파일: drop.py 프로젝트: sveinou/DF 
    def ip4(self,ip):
        """
        Drops IPv4 address from iptables and database
        """
        checkip = re.compile(conf.filter.ipv4_exact)
        if checkip.match(ip) == None:
            print "Invalid IP:\n"+ip
            self.log.error("Tried to drop invalid IP %s" % ip)
            exit(conf.exit_status.input_error)
        
        firewall = Firewall()
        data = Data()

        self.log.info("DROPPED: "+ip)
        firewall.drop_ip4(ip)
        data.active_ip4(ip,0)
예제 #3
0
파일: login.py 프로젝트: sveinou/DF 
    def ip4(self,username, password, ip):
        indata = self.check_input(username, password, ip)
        dhcp = Dhcp()    
        auth = Auth(indata['username'],indata['password'])
        firewall = Firewall()
        mac = dhcp.find_mac(indata['ip_addr'])
        data = Data()
        
        if not os.getuid() == 0:
            cmd = 'sudo /usr/local/bin/dynfw login %s %s %s' % (ip, username, password)
            #code = subprocess.call(cmd)
            code = subprocess.call(['sudo', '/usr/local/bin/dynfw', 'login', ip, username, password])
            self.log.warn("NEED SUDO. \nCommand: %s \nExit code: %s" % (cmd, code))
            return code == 0
            
        if not mac:
            # ip/mac pair does not exist in leasefile
            print "FEIL Mac/IP combo"
            return False
#            exit(conf.exit_status.ip_mac_mismatch_error)
        elif auth.login() != True:
            print "Login failed."
            self.log.info("LOGIN FAILED: "+indata['username']+" at "+ indata['ip_addr'])
            return False
#            exit(conf.exit_status.login_error)
        dbcheck = data.mark_user_active(indata['username'],mac,indata['ip_addr'])
        if not dbcheck[0]:
            self.log.info( "LOGIN FAILED, duplicates.")
            self.log.info( "User: %s \nMAC: %s \nIPv4: %s" % (dbcheck[3],dbcheck[2],dbcheck[1]))
            return False
        else:
            firewall.accept_ip4(indata['ip_addr'])

        ## DATABASE GOES HERE
        self.log.info("LOGIN OK: "+indata['username']+" at "+ indata['ip_addr'])
        #data.add_row(indata['username'],mac,indata['ip_addr'],"IPv6")
#        print lease[1]+" "+lease[0]
        ### WRITE SOMETHING TO A LOGFILE? (this goes to stdout)
        print "Login successful, {0} at ip {1}".format(indata['username'], indata['ip_addr'])        
        return True
예제 #4
0
파일: views.py 프로젝트: sveinou/DF 
def firewall(request, action):
    if request.user.is_anonymous() or not request.user.is_staff:
        return redirect("/")
        log.info("detected anon-user in adminpanel. Thrown out...")
    result = ""
    rules_form = FirewallRule()
    f = Firewall()
    log.debug("inside manager.views.firewall()")
    if action == "add" and request.method == "POST":
        log.debug("-- DETECTED ADD-RULE")
        form = FirewallRule(request.POST)
        rule = Rule()
        if form.is_valid():
            log.debug("-- -- form is valid")
            rule.src = form.cleaned_data.get("src_ip")
            rule.src += "/" + str(form.cleaned_data.get("src_subnet"))
            rule.spt = form.cleaned_data.get("src_port")
            rule.dst = form.cleaned_data.get("dst_ip")
            if rule.dst:
                rule.dst += "/" + str(form.cleaned_data.get("dst_subnet"))
            rule.dpt = form.cleaned_data.get("dst_port")
            rule.action = form.cleaned_data.get("action")
            rule.chain = form.cleaned_data.get("chain")
            rule.prot = form.cleaned_data.get("protocol")
            rule.save()
            log.debug("-- -- rule saved to db, sending rule to firewall.add_custom_rule")
            result = f.add_custom_rule(rule.chain, rule.src, rule.spt, rule.dst, rule.dpt, rule.action, rule.prot)
        rules_form = form
    elif action == "delete" and request.method == "POST":
        log.debug("-- DETECTED DELETE-RULE")
        rule = str(request.POST.get("ruleid"))
        chain = str(request.POST.get("chain"))
        f.del_custom_rule(chain, rule)
    elif action == "flush" and request.method == "POST":
        log.debug("-- DETECTED FLUSH")
        chain = request.POST.get("chain")
        f.flush_custom_rules(chain)

    return render_to_response(
        "firewall.html",
        {"result": result, "forward": f.get_custom_forward(), "input": f.get_custom_input(), "form": rules_form},
        context_instance=RequestContext(request),
    )
예제 #5
0
파일: migrate.py 프로젝트: sveinou/DF 
 def _openfw(self, ip, user, mac):
     f = Firewall()
     d = Data()
     f.accept_ip4(ip)
     d.mark_user_active(user, mac, ip)
예제 #6
0
파일: views.py 프로젝트: sveinou/DF 
def list_active(request, action=None):
    if request.user.is_anonymous() or not request.user.is_staff:
        return redirect("/")

    f = Firewall()
    error = False
    user = None
    try:
        if action and action == "limit" and request.POST:
            user = LoggedInUser.objects.get(last_seen_ip=request.POST.get("victim"))
            limit = request.POST.get("setlimit")
            if user:
                if limit == "TX":
                    f.limit_tx(user.last_seen_ip)
                elif limit == "RX":
                    f.limit_rx(user.last_seen_ip)
                elif limit == "C":
                    f.limit_connections(user.last_seen_ip)
                #            user.is_active = False
                else:
                    error = True
            else:
                error = True

        elif action and action == "kick" and request.POST:
            user = LoggedInUser.objects.get(last_seen_ip=request.POST.get("victim"))
            if user:
                Drop().ip4(user.last_seen_ip)
                [s.delete() for s in Session.objects.all() if s.get_decoded().get("_auth_user_id") == user.id]
            else:
                error = True

        elif action and action == "free" and request.POST:
            user = LoggedInUser.objects.get(last_seen_ip=request.POST.get("victim"))
            if user:
                user.is_active = True
                f.rm_limit(user.last_seen_ip)
            else:
                error = True
        allowed = [
            LoggedInUser.objects.filter(last_seen_ip=user[-1]).order_by("-last_login")[0]
            for user in f.get_allowed()
            if user[-1] != "0.0.0.0/0"
        ]

        limited = [
            LoggedInUser.objects.filter(last_seen_ip=user[-1]).order_by("-last_login")[0]
            for user in f.get_limited()
            if user[-1] != "0.0.0.0/0"
        ]
        limited += [
            LoggedInUser.objects.filter(last_seen_ip=user[-2]).order_by("-last_login")[0]
            for user in f.get_limited()
            if user[-2] != "0.0.0.0/0" and user[2] != "CONNLIMIT"
        ]

    except LoggedInUser.DoesNotExist:
        return render_to_response(
            "active_users.html",
            {"limited": None, "active": None, "user": None, "error": True, "action": None},
            context_instance=RequestContext(request),
        )

    return render_to_response(
        "active_users.html",
        {"limited": limited, "active": allowed, "user": user, "error": error, "action": action},
        context_instance=RequestContext(request),
    )