github
/
teleport
mirror of https://github.com/tp4a/teleport
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

temp.

pull/105/head
Apex Liu 2017-12-20 02:01:13 +08:00
parent 206c9fdead
commit 001cf53e8f
4 changed files with 213 additions and 202 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
server/www/teleport/static/js/audit/auz-info.js
View File

@ -12,8 +12,8 @@ $app.on_init = function (cb_stack) {
btn_remove_auditor: $('#btn-remove-auditor'), btn_remove_auditor: $('#btn-remove-auditor'),
btn_refresh_auditee: $('#btn-refresh-auditee'), btn_refresh_auditee: $('#btn-refresh-auditee'),
btn_add_auditee_user: $('#btn-add-auditee-user'), // btn_add_auditee_user: $('#btn-add-auditee-user'),
btn_add_auditee_user_group: $('#btn-add-auditee-user-group'), // btn_add_auditee_user_group: $('#btn-add-auditee-user-group'),
btn_add_auditee_host: $('#btn-add-auditee-host'), btn_add_auditee_host: $('#btn-add-auditee-host'),
btn_add_auditee_host_group: $('#btn-add-auditee-host-group'), btn_add_auditee_host_group: $('#btn-add-auditee-host-group'),
select_all_auditee: $('#table-auditee-select-all'), select_all_auditee: $('#table-auditee-select-all'),
@ -277,6 +277,7 @@ $app.create_controls = function (cb_stack) {
$app.dlg_sel_auditor_user = $app.create_dlg_sel_auditor_user(); $app.dlg_sel_auditor_user = $app.create_dlg_sel_auditor_user();
cb_stack.add($app.dlg_sel_auditor_user.init); cb_stack.add($app.dlg_sel_auditor_user.init);
/*
//------------------------------- //-------------------------------
// 选择用户(资源)对话框 // 选择用户(资源)对话框
//------------------------------- //-------------------------------
@ -354,6 +355,7 @@ $app.create_controls = function (cb_stack) {
$app.dlg_sel_auditee_user = $app.create_dlg_sel_auditee_user(); $app.dlg_sel_auditee_user = $app.create_dlg_sel_auditee_user();
cb_stack.add($app.dlg_sel_auditee_user.init); cb_stack.add($app.dlg_sel_auditee_user.init);
*/
//------------------------------- //-------------------------------
// 选择用户组(操作者)对话框 // 选择用户组(操作者)对话框
@ -412,6 +414,7 @@ $app.create_controls = function (cb_stack) {
$app.dlg_sel_auditor_ug = $app.create_dlg_sel_auditor_ug(); $app.dlg_sel_auditor_ug = $app.create_dlg_sel_auditor_ug();
cb_stack.add($app.dlg_sel_auditor_ug.init); cb_stack.add($app.dlg_sel_auditor_ug.init);
/*
//------------------------------- //-------------------------------
// 选择用户组(资源)对话框 // 选择用户组(资源)对话框
//------------------------------- //-------------------------------
@ -468,6 +471,7 @@ $app.create_controls = function (cb_stack) {
$app.dlg_sel_auditee_ug = $app.create_dlg_sel_auditee_ug(); $app.dlg_sel_auditee_ug = $app.create_dlg_sel_auditee_ug();
cb_stack.add($app.dlg_sel_auditee_ug.init); cb_stack.add($app.dlg_sel_auditee_ug.init);
*/
//------------------------------- //-------------------------------
// 选择主机对话框 // 选择主机对话框
@ -623,12 +627,12 @@ $app.create_controls = function (cb_stack) {
$app.dom.btn_add_auditor_user_group.click(function () { $app.dom.btn_add_auditor_user_group.click(function () {
$app.dlg_sel_auditor_ug.show(); $app.dlg_sel_auditor_ug.show();
}); });
$app.dom.btn_add_auditee_user.click(function () { // $app.dom.btn_add_auditee_user.click(function () {
$app.dlg_sel_auditee_user.show(); // $app.dlg_sel_auditee_user.show();
}); // });
$app.dom.btn_add_auditee_user_group.click(function () { // $app.dom.btn_add_auditee_user_group.click(function () {
$app.dlg_sel_auditee_ug.show(); // $app.dlg_sel_auditee_ug.show();
}); // });
$app.dom.btn_add_auditee_host.click(function () { $app.dom.btn_add_auditee_host.click(function () {
$app.dlg_sel_host.show(); $app.dlg_sel_host.show();
}); });
@ -1132,7 +1136,7 @@ $app.create_dlg_sel_auditor_user = function () {
return dlg; return dlg;
}; };
/*
//------------------------------- //-------------------------------
// 选择用户(资源)对话框 // 选择用户(资源)对话框
//------------------------------- //-------------------------------
@ -1305,7 +1309,7 @@ $app.create_dlg_sel_auditee_user = function () {
return dlg; return dlg;
}; };
*/
//------------------------------- //-------------------------------
// 选择用户组(操作者)对话框 // 选择用户组(操作者)对话框
@ -1445,6 +1449,7 @@ $app.create_dlg_sel_auditor_ug = function () {
return dlg; return dlg;
}; };
/*
//------------------------------- //-------------------------------
// 选择用户组(资源)对话框 // 选择用户组(资源)对话框
//------------------------------- //-------------------------------
@ -1582,6 +1587,7 @@ $app.create_dlg_sel_auditee_ug = function () {
return dlg; return dlg;
}; };
*/
//------------------------------- //-------------------------------
// 选择主机对话框 // 选择主机对话框

166
server/www/teleport/view/audit/auz-info.mako
View File

@ -142,7 +142,7 @@
<div class="col-md-6"> <div class="col-md-6">
<div id="area-auditee"> <div id="area-auditee">
<div class="area-title"><span class="name">被审计资源</span><span class="desc">(被审计的用户或主机)</span></div> <div class="area-title"><span class="name">被审计资源</span><span class="desc">(被审计的主机)</span></div>
<div style="padding:5px;"> <div style="padding:5px;">
<div class="table-extend-area"> <div class="table-extend-area">
@ -153,8 +153,8 @@
</div> </div>
<div class="table-extend-cell table-item-counter"> <div class="table-extend-cell table-item-counter">
<div class="btn-group btn-group-sm"> <div class="btn-group btn-group-sm">
<btn class="btn btn-success" id="btn-add-auditee-user"><i class="fa fa-plus"></i> 添加用户</btn> ## <btn class="btn btn-success" id="btn-add-auditee-user"><i class="fa fa-plus"></i> 添加用户</btn>
<btn class="btn btn-primary" id="btn-add-auditee-user-group"><i class="fa fa-plus-circle"></i> 添加用户组</btn> ## <btn class="btn btn-primary" id="btn-add-auditee-user-group"><i class="fa fa-plus-circle"></i> 添加用户组</btn>
<btn class="btn btn-success" id="btn-add-auditee-host"><i class="fa fa-plus"></i> 添加主机</btn> <btn class="btn btn-success" id="btn-add-auditee-host"><i class="fa fa-plus"></i> 添加主机</btn>
<btn class="btn btn-primary" id="btn-add-auditee-host-group"><i class="fa fa-plus-circle"></i> 添加主机组</btn> <btn class="btn btn-primary" id="btn-add-auditee-host-group"><i class="fa fa-plus-circle"></i> 添加主机组</btn>
</div> </div>
@ -243,46 +243,46 @@
</div> </div>
</div> </div>
<div class="modal fade" id="dlg-sel-auditee-user" tabindex="-1" role="dialog"> ## <div class="modal fade" id="dlg-sel-auditee-user" tabindex="-1" role="dialog">
<div class="modal-dialog modal-lg" role="document"> ## <div class="modal-dialog modal-lg" role="document">
<div class="modal-content"> ## <div class="modal-content">
<div class="modal-header"> ## <div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close"><i class="fa fa-times-circle fa-fw"></i></button> ## <button type="button" class="close" data-dismiss="modal" aria-label="Close"><i class="fa fa-times-circle fa-fw"></i></button>
<h3 data-field="dlg-title" class="modal-title">选择用户</h3> ## <h3 data-field="dlg-title" class="modal-title">选择用户</h3>
</div> ## </div>
<div class="modal-body"> ## <div class="modal-body">
##
<table id="table-sel-auditee-user" class="table table-striped table-bordered table-hover table-data no-footer dtr-inline"></table> ## <table id="table-sel-auditee-user" class="table table-striped table-bordered table-hover table-data no-footer dtr-inline"></table>
<div class="table-extend-area"> ## <div class="table-extend-area">
<div class="table-extend-cell checkbox-select-all"><input data-action="sel-all" type="checkbox"/></div> ## <div class="table-extend-cell checkbox-select-all"><input data-action="sel-all" type="checkbox"/></div>
<div class="table-extend-cell group-actions"> ## <div class="table-extend-cell group-actions">
<div class="btn-group" role="group"> ## <div class="btn-group" role="group">
<button data-action="use-selected" type="button" class="btn btn-primary"><i class="fa fa-edit fa-fw"></i> 添加为被授权资源</button> ## <button data-action="use-selected" type="button" class="btn btn-primary"><i class="fa fa-edit fa-fw"></i> 添加为被授权资源</button>
</div> ## </div>
</div> ## </div>
<div class="table-extend-cell table-item-counter"> ## <div class="table-extend-cell table-item-counter">
<ol id="table-sel-auditee-user-paging"></ol> ## <ol id="table-sel-auditee-user-paging"></ol>
</div> ## </div>
</div> ## </div>
<div class="table-extend-area"> ## <div class="table-extend-area">
<div class="table-extend-cell"> ## <div class="table-extend-cell">
<div style="text-align:right;"> ## <div style="text-align:right;">
<nav> ## <nav>
<ul id="table-sel-auditee-user-pagination" class="pagination"></ul> ## <ul id="table-sel-auditee-user-pagination" class="pagination"></ul>
</nav> ## </nav>
</div> ## </div>
</div> ## </div>
</div> ## </div>
##
</div> ## </div>
##
##
<div class="modal-footer"> ## <div class="modal-footer">
<button type="button" class="btn btn-sm btn-default" data-dismiss="modal"><i class="fa fa-close fa-fw"></i> 关闭</button> ## <button type="button" class="btn btn-sm btn-default" data-dismiss="modal"><i class="fa fa-close fa-fw"></i> 关闭</button>
</div> ## </div>
</div> ## </div>
</div> ## </div>
</div> ## </div>
<div class="modal fade" id="dlg-sel-auditor-user-group" tabindex="-1" role="dialog"> <div class="modal fade" id="dlg-sel-auditor-user-group" tabindex="-1" role="dialog">
<div class="modal-dialog" role="document"> <div class="modal-dialog" role="document">
@ -325,46 +325,46 @@
</div> </div>
</div> </div>
<div class="modal fade" id="dlg-sel-auditee-user-group" tabindex="-1" role="dialog"> ## <div class="modal fade" id="dlg-sel-auditee-user-group" tabindex="-1" role="dialog">
<div class="modal-dialog" role="document"> ## <div class="modal-dialog" role="document">
<div class="modal-content"> ## <div class="modal-content">
<div class="modal-header"> ## <div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close"><i class="fa fa-times-circle fa-fw"></i></button> ## <button type="button" class="close" data-dismiss="modal" aria-label="Close"><i class="fa fa-times-circle fa-fw"></i></button>
<h3 data-field="dlg-title" class="modal-title">选择用户组</h3> ## <h3 data-field="dlg-title" class="modal-title">选择用户组</h3>
</div> ## </div>
<div class="modal-body"> ## <div class="modal-body">
##
<table id="table-sel-auditee-user-group" class="table table-striped table-bordered table-hover table-data no-footer dtr-inline"></table> ## <table id="table-sel-auditee-user-group" class="table table-striped table-bordered table-hover table-data no-footer dtr-inline"></table>
<div class="table-extend-area"> ## <div class="table-extend-area">
<div class="table-extend-cell checkbox-select-all"><input data-action="sel-all" type="checkbox"/></div> ## <div class="table-extend-cell checkbox-select-all"><input data-action="sel-all" type="checkbox"/></div>
<div class="table-extend-cell group-actions"> ## <div class="table-extend-cell group-actions">
<div class="btn-group" role="group"> ## <div class="btn-group" role="group">
<button data-action="use-selected" type="button" class="btn btn-primary"><i class="fa fa-edit fa-fw"></i> 添加为被授权资源</button> ## <button data-action="use-selected" type="button" class="btn btn-primary"><i class="fa fa-edit fa-fw"></i> 添加为被授权资源</button>
</div> ## </div>
</div> ## </div>
<div class="table-extend-cell table-item-counter"> ## <div class="table-extend-cell table-item-counter">
<ol id="table-sel-auditee-user-group-paging"></ol> ## <ol id="table-sel-auditee-user-group-paging"></ol>
</div> ## </div>
</div> ## </div>
<div class="table-extend-area"> ## <div class="table-extend-area">
<div class="table-extend-cell"> ## <div class="table-extend-cell">
<div style="text-align:right;"> ## <div style="text-align:right;">
<nav> ## <nav>
<ul id="table-sel-auditee-user-group-pagination" class="pagination"></ul> ## <ul id="table-sel-auditee-user-group-pagination" class="pagination"></ul>
</nav> ## </nav>
</div> ## </div>
</div> ## </div>
</div> ## </div>
##
</div> ## </div>
##
##
<div class="modal-footer"> ## <div class="modal-footer">
<button type="button" class="btn btn-sm btn-default" data-dismiss="modal"><i class="fa fa-close fa-fw"></i> 关闭</button> ## <button type="button" class="btn btn-sm btn-default" data-dismiss="modal"><i class="fa fa-close fa-fw"></i> 关闭</button>
</div> ## </div>
</div> ## </div>
</div> ## </div>
</div> ## </div>
<div class="modal fade" id="dlg-sel-host" tabindex="-1" role="dialog"> <div class="modal fade" id="dlg-sel-host" tabindex="-1" role="dialog">
<div class="modal-dialog modal-lg" role="document"> <div class="modal-dialog modal-lg" role="document">

8
server/www/teleport/webroot/app/const.py
View File

@ -101,10 +101,10 @@ TP_POLICY_AUTH_gUSER_gACC = 6 # 6=用户组:账号组
TP_POLICY_AUTH_gUSER_HOST = 7 # 7=用户组:主机 TP_POLICY_AUTH_gUSER_HOST = 7 # 7=用户组:主机
TP_POLICY_AUTH_gUSER_gHOST = 8 # 8=用户组:主机组 TP_POLICY_AUTH_gUSER_gHOST = 8 # 8=用户组:主机组
# 下列四个仅用于审计授权 # 下列四个仅用于审计授权
TP_POLICY_AUTH_USER_USER = 9 # 1=用户:用户 # TP_POLICY_AUTH_USER_USER = 9 # 1=用户:用户
TP_POLICY_AUTH_USER_gUSER = 10 # 2=用户:用户组 # TP_POLICY_AUTH_USER_gUSER = 10 # 2=用户:用户组
TP_POLICY_AUTH_gUSER_USER = 11 # 5=用户组:用户 # TP_POLICY_AUTH_gUSER_USER = 11 # 5=用户组:用户
TP_POLICY_AUTH_gUSER_gUSER = 12 # 6=用户组:用户组 # TP_POLICY_AUTH_gUSER_gUSER = 12 # 6=用户组:用户组
# ======================================================= # =======================================================

215
server/www/teleport/webroot/app/model/audit.py
View File

@ -487,10 +487,10 @@ def get_remotes(handler, sql_filter, sql_order, sql_limit):
def build_auz_map(): def build_auz_map():
_users = {} _users = {}
_hosts = {} _hosts = {}
_accs = {} # _accs = {}
_gusers = {} _gusers = {}
_ghosts = {} _ghosts = {}
_gaccs = {} # _gaccs = {}
_groups = {} _groups = {}
_policies = {} _policies = {}
@ -499,6 +499,10 @@ def build_auz_map():
_map = [] _map = []
db = get_db()
dbtp = db.table_prefix
db.exec('DELETE FROM {}audit_map'.format(dbtp))
s = SQL(get_db()) s = SQL(get_db())
# 加载所有策略 # 加载所有策略
@ -547,8 +551,8 @@ def build_auz_map():
_gusers[i.id] = [] _gusers[i.id] = []
elif i.type == TP_GROUP_HOST: elif i.type == TP_GROUP_HOST:
_ghosts[i.id] = [] _ghosts[i.id] = []
elif i.type == TP_GROUP_ACCOUNT: # elif i.type == TP_GROUP_ACCOUNT:
_gaccs[i.id] = [] # _gaccs[i.id] = []
# 加载所有的组 # 加载所有的组
err = s.reset().select_from('group_map', ['id', 'type', 'gid', 'mid'], alt_name='g').query() err = s.reset().select_from('group_map', ['id', 'type', 'gid', 'mid'], alt_name='g').query()
@ -563,10 +567,10 @@ def build_auz_map():
# if g.gid not in _ghosts: # if g.gid not in _ghosts:
# _ghosts[g.gid] = [] # _ghosts[g.gid] = []
_ghosts[g.gid].append(_hosts[g.mid]) _ghosts[g.gid].append(_hosts[g.mid])
# elif g.type == TP_GROUP_ACCOUNT: # elif g.type == TP_GROUP_ACCOUNT:
# # if g.gid not in _gaccs: # # if g.gid not in _gaccs:
# # _gaccs[g.gid] = [] # # _gaccs[g.gid] = []
# _gaccs[g.gid].append(_accs[g.mid]) # _gaccs[g.gid].append(_accs[g.mid])
# 加载所有策略明细 # 加载所有策略明细
err = s.reset().select_from('audit_auz', ['id', 'policy_id', 'type', 'rtype', 'rid'], alt_name='o').query() err = s.reset().select_from('audit_auz', ['id', 'policy_id', 'type', 'rtype', 'rid'], alt_name='o').query()
@ -613,94 +617,95 @@ def build_auz_map():
if i.policy_id not in _p_assets: if i.policy_id not in _p_assets:
_p_assets[i.policy_id] = [] _p_assets[i.policy_id] = []
if i.rtype == TP_ACCOUNT: # if i.rtype == TP_ACCOUNT:
a = _accs[i.rid] # a = _accs[i.rid]
h = _hosts[a.host_id] # h = _hosts[a.host_id]
# _p_assets[i.policy_id].append({
# 'a_id': i.rid,
# 'a_state': a.state,
# 'ga_id': 0,
# 'ga_state': 0,
# 'h_id': h.id,
# 'h_state': h.state,
# 'gh_id': 0,
# 'gh_state': 0,
# 'a_name': a.username,
# 'protocol_type': a.protocol_type,
# 'protocol_port': a.protocol_port,
# 'h_name': h.name,
# 'ip': h.ip,
# 'router_ip': h.router_ip,
# 'router_port': h.router_port,
# 'auth_to_': 'ACC'
# })
# elif i.rtype == TP_GROUP_ACCOUNT:
# for a in _gaccs[i.rid]:
# h = _hosts[a.host_id]
# _p_assets[i.policy_id].append({
# 'a_id': a.id,
# 'a_state': a.state,
# 'ga_id': i.rid,
# 'ga_state': _groups[i.rid].state,
# 'h_id': h.id,
# 'h_state': h.state,
# 'gh_id': 0,
# 'gh_state': 0,
# 'a_name': a.username,
# 'protocol_type': a.protocol_type,
# 'protocol_port': a.protocol_port,
# 'h_name': h.name,
# 'ip': h.ip,
# 'router_ip': h.router_ip,
# 'router_port': h.router_port,
# 'auth_to_': 'gACC'
# })
# el
if i.rtype == TP_HOST:
# for aid in _accs:
# if _accs[aid].host_id == i.rid:
# a = _accs[aid]
h = _hosts[i.rid]
_p_assets[i.policy_id].append({ _p_assets[i.policy_id].append({
'a_id': i.rid, # 'a_id': aid,
'a_state': a.state, # 'a_state': a.state,
'ga_id': 0, # 'ga_id': 0,
'ga_state': 0, # 'ga_state': 0,
'h_id': h.id, 'h_id': h.id,
'h_state': h.state, # 'h_state': h.state,
'gh_id': 0, 'gh_id': 0,
'gh_state': 0, # 'gh_state': 0,
'a_name': a.username, # 'a_name': a.username,
'protocol_type': a.protocol_type, # 'protocol_type': h.protocol_type,
'protocol_port': a.protocol_port, # 'protocol_port': h.protocol_port,
'h_name': h.name, 'h_name': h.name,
'ip': h.ip, 'ip': h.ip,
'router_ip': h.router_ip, 'router_ip': h.router_ip,
'router_port': h.router_port, 'router_port': h.router_port,
'auth_to_': 'ACC' 'auth_to_': 'HOST'
}) })
elif i.rtype == TP_GROUP_ACCOUNT: elif i.rtype == TP_GROUP_HOST:
for a in _gaccs[i.rid]: for h in _ghosts[i.rid]:
h = _hosts[a.host_id] # for aid in _accs:
# if _accs[aid].host_id == h.id:
# a = _accs[aid]
_p_assets[i.policy_id].append({ _p_assets[i.policy_id].append({
'a_id': a.id, # 'a_id': aid,
'a_state': a.state, # 'a_state': a.state,
'ga_id': i.rid, 'ga_id': 0,
'ga_state': _groups[i.rid].state, 'ga_state': 0,
'h_id': h.id, 'h_id': h.id,
'h_state': h.state, # 'h_state': h.state,
'gh_id': 0, 'gh_id': i.rid,
'gh_state': 0, # 'gh_state': _groups[i.rid].state,
'a_name': a.username, # 'a_name': a.username,
'protocol_type': a.protocol_type, # 'protocol_type': a.protocol_type,
'protocol_port': a.protocol_port, # 'protocol_port': a.protocol_port,
'h_name': h.name, 'h_name': h.name,
'ip': h.ip, 'ip': h.ip,
'router_ip': h.router_ip, 'router_ip': h.router_ip,
'router_port': h.router_port, 'router_port': h.router_port,
'auth_to_': 'gACC' 'auth_to_': 'gHOST'
}) })
elif i.rtype == TP_HOST:
for aid in _accs:
if _accs[aid].host_id == i.rid:
a = _accs[aid]
h = _hosts[i.rid]
_p_assets[i.policy_id].append({
'a_id': aid,
'a_state': a.state,
'ga_id': 0,
'ga_state': 0,
'h_id': h.id,
'h_state': h.state,
'gh_id': 0,
'gh_state': 0,
'a_name': a.username,
'protocol_type': a.protocol_type,
'protocol_port': a.protocol_port,
'h_name': h.name,
'ip': h.ip,
'router_ip': h.router_ip,
'router_port': h.router_port,
'auth_to_': 'HOST'
})
elif i.rtype == TP_GROUP_HOST:
for h in _ghosts[i.rid]:
for aid in _accs:
if _accs[aid].host_id == h.id:
a = _accs[aid]
_p_assets[i.policy_id].append({
'a_id': aid,
'a_state': a.state,
'ga_id': 0,
'ga_state': 0,
'h_id': h.id,
'h_state': h.state,
'gh_id': i.rid,
'gh_state': _groups[i.rid].state,
'a_name': a.username,
'protocol_type': a.protocol_type,
'protocol_port': a.protocol_port,
'h_name': h.name,
'ip': h.ip,
'router_ip': h.router_ip,
'router_port': h.router_port,
'auth_to_': 'gHOST'
})
else: else:
log.e('invalid asset type.\n') log.e('invalid asset type.\n')
return TPE_FAILED return TPE_FAILED
@ -725,47 +730,47 @@ def build_auz_map():
x.update(u) x.update(u)
x.update(a) x.update(a)
x.uni_id = '{}-{}-{}-{}-{}-{}-{}'.format(x.p_id, x.gu_id, x.u_id, x.gh_id, x.h_id, x.ga_id, x.a_id) x.uni_id = '{}-{}-{}-{}-{}'.format(x.p_id, x.gu_id, x.u_id, x.gh_id, x.h_id)
x.ua_id = 'u{}-a{}'.format(x.u_id, x.a_id) x.uh_id = 'u{}-h{}'.format(x.u_id, x.h_id)
x.policy_auth_type = TP_POLICY_AUTH_UNKNOWN x.policy_auth_type = TP_POLICY_AUTH_UNKNOWN
if u['auth_from_'] == 'USER' and a['auth_to_'] == 'ACC': # if u['auth_from_'] == 'USER' and a['auth_to_'] == 'ACC':
x.policy_auth_type = TP_POLICY_AUTH_USER_ACC # x.policy_auth_type = TP_POLICY_AUTH_USER_ACC
elif u['auth_from_'] == 'USER' and a['auth_to_'] == 'gACC': # elif u['auth_from_'] == 'USER' and a['auth_to_'] == 'gACC':
x.policy_auth_type = TP_POLICY_AUTH_USER_gACC # x.policy_auth_type = TP_POLICY_AUTH_USER_gACC
elif u['auth_from_'] == 'USER' and a['auth_to_'] == 'HOST': # el
if u['auth_from_'] == 'USER' and a['auth_to_'] == 'HOST':
x.policy_auth_type = TP_POLICY_AUTH_USER_HOST x.policy_auth_type = TP_POLICY_AUTH_USER_HOST
elif u['auth_from_'] == 'USER' and a['auth_to_'] == 'gHOST': elif u['auth_from_'] == 'USER' and a['auth_to_'] == 'gHOST':
x.policy_auth_type = TP_POLICY_AUTH_USER_gHOST x.policy_auth_type = TP_POLICY_AUTH_USER_gHOST
elif u['auth_from_'] == 'gUSER' and a['auth_to_'] == 'ACC': # elif u['auth_from_'] == 'gUSER' and a['auth_to_'] == 'ACC':
x.policy_auth_type = TP_POLICY_AUTH_gUSER_ACC # x.policy_auth_type = TP_POLICY_AUTH_gUSER_ACC
elif u['auth_from_'] == 'gUSER' and a['auth_to_'] == 'gACC': # elif u['auth_from_'] == 'gUSER' and a['auth_to_'] == 'gACC':
x.policy_auth_type = TP_POLICY_AUTH_gUSER_gACC # x.policy_auth_type = TP_POLICY_AUTH_gUSER_gACC
elif u['auth_from_'] == 'gUSER' and a['auth_to_'] == 'HOST': elif u['auth_from_'] == 'gUSER' and a['auth_to_'] == 'HOST':
x.policy_auth_type = TP_POLICY_AUTH_gUSER_HOST x.policy_auth_type = TP_POLICY_AUTH_gUSER_HOST
elif u['auth_from_'] == 'gUSER' and a['auth_to_'] == 'gHOST': elif u['auth_from_'] == 'gUSER' and a['auth_to_'] == 'gHOST':
x.policy_auth_type = TP_POLICY_AUTH_gUSER_gHOST x.policy_auth_type = TP_POLICY_AUTH_gUSER_gHOST
else:
log.w('invalid policy data.\n')
continue
_map.append(x) _map.append(x)
db = get_db() if len(_map) == 0:
dbtp = db.table_prefix return TPE_OK
db.exec('DELETE FROM {}audit_map'.format(dbtp))
values = [] values = []
for i in _map: for i in _map:
v = '("{uni_id}","{ua_id}",{p_id},{p_rank},{p_state},{policy_auth_type},{u_id},{u_state},{gu_id},{gu_state},{h_id},{h_state},{gh_id},{gh_state},{a_id},{a_state},{ga_id},{ga_state},' \ v = '("{uni_id}","{uh_id}",{p_id},{p_rank},{p_state},{policy_auth_type},{u_id},{u_state},{gu_id},{gu_state},{h_id},{gh_id},' \
'"{u_name}","{u_surname}","{h_name}","{ip}","{router_ip}",{router_port},"{a_name}",{protocol_type},{protocol_port})' \ '"{u_name}","{u_surname}","{h_name}","{ip}","{router_ip}",{router_port})' \
''.format(uni_id=i.uni_id, ua_id=i.ua_id, p_id=i.p_id, p_rank=i.p_rank, p_state=i.p_state,policy_auth_type=i.policy_auth_type, ''.format(uni_id=i.uni_id, uh_id=i.uh_id, p_id=i.p_id, p_rank=i.p_rank, p_state=i.p_state, policy_auth_type=i.policy_auth_type,
u_id=i.u_id, u_state=i.u_state, gu_id=i.gu_id, gu_state=i.gu_state, h_id=i.h_id, h_state=i.h_state, u_id=i.u_id, u_state=i.u_state, gu_id=i.gu_id, gu_state=i.gu_state, h_id=i.h_id,gh_id=i.gh_id,
gh_id=i.gh_id, gh_state=i.gh_state, a_id=i.a_id, a_state=i.a_state, ga_id=i.ga_id, ga_state=i.ga_state, u_name=i.u_name, u_surname=i.u_surname, h_name=i.h_name, ip=i.ip, router_ip=i.router_ip, router_port=i.router_port)
u_name=i.u_name, u_surname=i.u_surname, h_name=i.h_name, ip=i.ip, router_ip=i.router_ip, router_port=i.router_port,
a_name=i.a_name, protocol_type=i.protocol_type, protocol_port=i.protocol_port)
values.append(v) values.append(v)
sql = 'INSERT INTO `{dbtp}audit_map` (uni_id,ua_id,p_id,p_rank,p_state,policy_auth_type,u_id,u_state,gu_id,gu_state,h_id,h_state,gh_id,gh_state,a_id,a_state,ga_id,ga_state,' \ sql = 'INSERT INTO `{dbtp}audit_map` (uni_id,uh_id,p_id,p_rank,p_state,policy_auth_type,u_id,u_state,gu_id,gu_state,h_id,gh_id,' \
'u_name,u_surname,h_name,ip,router_ip,router_port,a_name,protocol_type,protocol_port) VALUES \n{values};' \ 'u_name,u_surname,h_name,ip,router_ip,router_port) VALUES \n{values};' \
''.format(dbtp=dbtp, values=',\n'.join(values)) ''.format(dbtp=dbtp, values=',\n'.join(values))
db_ret = db.exec(sql) db_ret = db.exec(sql)