示例#1
0
 def filter_asset(cls, asset, queryset):
     queryset = queryset.filter(
         Q(assets__hostname_group__contains=asset.hostname) |
         Q(assets__hostname_group__contains='*')
     )
     ids = [q.id for q in queryset if contains_ip(asset.ip, q.assets.get('ip_group', []))]
     queryset = cls.objects.filter(id__in=ids)
     return queryset
示例#2
0
 def allow_user_to_login(user, ip):
     acl = user.login_acls.valid().first()
     if not acl:
         return True
     is_contained = contains_ip(ip, acl.ip_group)
     if acl.action_allow and is_contained:
         return True
     if acl.action_reject and not is_contained:
         return True
     return False
示例#3
0
 def allow_user_confirm_if_need(user, ip):
     acl = LoginACL.filter_acl(user).filter(
         action=LoginACL.ActionChoices.confirm).first()
     acl = acl if acl and acl.reviewers.exists() else None
     if not acl:
         return False, acl
     ip_group = acl.rules.get('ip_group')
     time_periods = acl.rules.get('time_period')
     is_contain_ip = contains_ip(ip, ip_group)
     is_contain_time_period = contains_time_period(time_periods)
     return is_contain_ip and is_contain_time_period, acl
示例#4
0
 def match(cls, target_ip, protocol):
     for endpoint_rule in cls.objects.all().prefetch_related('endpoint'):
         if not contains_ip(target_ip, endpoint_rule.ip_group):
             continue
         if not endpoint_rule.endpoint:
             continue
         if endpoint_rule.endpoint.is_default():
             return endpoint_rule
         if not endpoint_rule.endpoint.host:
             continue
         if endpoint_rule.endpoint.get_port(protocol) == 0:
             continue
         return endpoint_rule
示例#5
0
    def allow_user_to_login(user, ip):
        acl = LoginACL.filter_acl(user).exclude(
            action=LoginACL.ActionChoices.confirm).first()
        if not acl:
            return True, ''
        ip_group = acl.rules.get('ip_group')
        time_periods = acl.rules.get('time_period')
        is_contain_ip = contains_ip(ip, ip_group)
        is_contain_time_period = contains_time_period(time_periods)

        reject_type = ''
        if is_contain_ip and is_contain_time_period:
            # 满足条件
            allow = acl.action_allow
            if not allow:
                reject_type = 'ip' if is_contain_ip else 'time'
        else:
            # 不满足条件
            # 如果acl本身允许,那就拒绝;如果本身拒绝,那就允许
            allow = not acl.action_allow
            if not allow:
                reject_type = 'ip' if not is_contain_ip else 'time'

        return allow, reject_type
示例#6
0
 def ip_in_white_list(self):
     return ip.contains_ip(self.ip, settings.SECURITY_LOGIN_IP_WHITE_LIST)
示例#7
0
 def ip_in_black_list(self):
     return ip.contains_ip(self.ip, settings.SECURITY_LOGIN_IP_BLACK_LIST)