def UrlCheck(uid, sub_pid, obj_pid, sub_proc, obj_src, obj_dst, sip_dip):
global GMUTEX_URL
global GURLDIC
global GURLWHITESTAT
global GURLBLACKSTAT
host = obj_src
uri = obj_dst
url_all = host + '/*'
url = host + uri
if GMUTEX_URL.acquire(1):
if GURLWHITESTAT == 1: # 白名单开启
if GURLDIC.has_key(url_all): # 包含hots/*
if GURLDIC[url_all] == 0: # 类型是白名单(0)全部放行
GMUTEX_URL.release()
return 0
if GURLDIC.has_key(url): # 包含hots/uri的放行
if GURLDIC[url] == 0: # 类型是白名单(0)全部放行
GMUTEX_URL.release()
return 0
# 其他禁止
GMUTEX_URL.release()
sql = 'insert into log (id, type, user, subpid, objpid, subproc, objsrcpath, objdstpath, sipdip, status, perm, time) ' + \
'values(null, "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", datetime())' % ('URL-白名单', \
pwd.getpwuid(uid).pw_name, sub_pid, obj_pid, sub_proc, obj_src, obj_dst, sip_dip, '开启', '拦截')
logdb.LogAddOne(sql)
return 1
if GURLBLACKSTAT == 1: # 黑名单开启
if GURLDIC.has_key(url_all): # 包含hots/*
if GURLDIC[url_all] == 1: # 类型是黑名单(1)全部禁止
GMUTEX_URL.release()
sql = 'insert into log (id, type, user, subpid, objpid, subproc, objsrcpath, objdstpath, sipdip, status, perm, time) ' + \
'values(null, "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", datetime())' % ('URL-黑名单', \
pwd.getpwuid(uid).pw_name, sub_pid, obj_pid, sub_proc, obj_src, obj_dst, sip_dip, '开启', '拦截')
logdb.LogAddOne(sql)
return 1
if GURLDIC.has_key(url): # 包含hots/uri的禁止
if GURLDIC[url] == 1: # 类型是黑名单(1)全部禁止
GMUTEX_URL.release()
sql = 'insert into log (id, type, user, subpid, objpid, subproc, objsrcpath, objdstpath, sipdip, status, perm, time) ' + \
'values(null, "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", datetime())' % ('URL-黑名单', \
pwd.getpwuid(uid).pw_name, sub_pid, obj_pid, sub_proc, obj_src, obj_dst, sip_dip, '开启', '拦截')
logdb.LogAddOne(sql)
return 1
# 其他放行
GMUTEX_URL.release()
return 0
GMUTEX_URL.release()
return ret
def SpecrcCheckSetTime(uid, sub_pid, obj_pid, sub_pro, obj_src, obj_dst,
sip_dip):
global GSPECRCSETTIMESTAT
global GMUTEX_SPECRC
ret = 0
if GMUTEX_SPECRC.acquire(1):
if GSPECRCSETTIMESTAT == 1: # 时间保护开启
ret = 1
try:
tm1 = time.strftime("%Y-%m-%d %H:%M:%S",
time.localtime(int(obj_src)))
tm2 = time.strftime("%Y-%m-%d %H:%M:%S",
time.localtime(int(obj_dst)))
tm = "%s -> %s" % (tm1, tm2)
sql = 'insert into log (id, type, user, subpid, objpid, subproc, objsrcpath, objdstpath, sipdip, status, perm, time) ' + \
'values(null, "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", datetime())' % ('特殊资源-时间', \
pwd.getpwuid(uid).pw_name, sub_pid, obj_pid, sub_pro, tm, '', sip_dip, '开启', '拦截')
logdb.LogAddOne(sql)
except:
pass
else:
ret = 0
GMUTEX_SPECRC.release()
return ret
def UrlCheckUsb(uid, sub_pid, obj_pid, sub_pro, obj_src, obj_dst, sip_dip):
global GDEVICEUSBSTAT
global GMUTEX_DEVICE
ret= 0
if GMUTEX_DEVICE.acquire(1):
if GDEVICEUSBSTAT == 1: # USB保护开启
sql = 'insert into log (id, type, user, subpid, objpid, subproc, objsrcpath, objdstpath, sipdip, status, perm, time) ' + \
'values(null, "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", datetime())' % ('外设管理-USB', \
pwd.getpwuid(uid).pw_name, sub_pid, obj_pid, sub_pro, obj_src, obj_dst, sip_dip, '开启', '拦截')
logdb.LogAddOne(sql)
ret = 1
else:
ret = 0
GMUTEX_DEVICE.release()
return ret
def SpecrcCheckShutDown(uid, sub_pid, obj_pid, sub_pro, obj_src, obj_dst,
sip_dip):
global GSPECRCSHUTDOWNSTAT
global GMUTEX_SPECRC
ret = 0
if GMUTEX_SPECRC.acquire(1):
if GSPECRCSHUTDOWNSTAT == 1: # 关机保护开启
sql = 'insert into log (id, type, user, subpid, objpid, subproc, objsrcpath, objdstpath, sipdip, status, perm, time) ' + \
'values(null, "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", datetime())' % ('特殊资源-关机', \
pwd.getpwuid(uid).pw_name, sub_pid, obj_pid, sub_pro, obj_src, obj_dst, sip_dip, '开启', '拦截')
logdb.LogAddOne(sql)
ret = 1
else:
ret = 0
GMUTEX_SPECRC.release()
return ret