Пример 1. реализации шлюза Cisco на BeanShell c управлением ssh
Материал из BiTel WiKi
(Различия между версиями)
Stark (Обсуждение | вклад) (обновил скрипт) |
Stark (Обсуждение | вклад) |
||
(3 промежуточные версии не показаны) | |||
Строка 1: | Строка 1: | ||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
<source lang="java"> | <source lang="java"> | ||
- | import java. | + | import java.util.*; |
- | import java.util. | + | import java.util.regex.*; |
- | import | + | import bitel.billing.common.module.ipn.*; |
- | import | + | import bitel.billing.server.ipn.bean.*; |
- | import java.util. | + | import bitel.billing.server.util.*; |
+ | import bitel.billing.server.util.ssh.*; | ||
+ | import bitel.billing.common.*; | ||
+ | import java.util.regex.Pattern; | ||
import java.util.regex.Matcher; | import java.util.regex.Matcher; | ||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
protected void doSync() | protected void doSync() | ||
{ | { | ||
- | + | host = gate.getHost(); | |
- | + | port = gate.getPort(); | |
- | + | gid = gate.getId(); | |
- | + | ||
+ | gateSetup = new DefaultServerSetup( gate.getConfig(), "\r\n" ); | ||
- | + | login = gateSetup.getStringValue( "login"); | |
+ | pswd = gate.getKeyword(); | ||
- | + | acl = gateSetup.getStringValue( "acl_name"); | |
- | + | result = new StringBuffer(); | |
- | + | ||
- | |||
- | |||
- | + | if( log.isDebugEnabled() ) | |
- | + | { | |
- | + | log.debug( gate.getId() + " gate: " + host + ":" + port + " login: " + login + " pswd: " + pswd ); | |
- | + | } | |
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | + | session = null; | |
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | try | |
- | + | { | |
- | + | session = new SSHSession( host, port, login, pswd ); | |
- | + | session.connect(); | |
- | + | ||
- | + | ||
- | + | result.append(session.command( "terminal length 0" ) ); | |
- | + | ||
- | |||
- | |||
- | |||
- | |||
- | + | result = new StringBuffer(); | |
- | + | result.append( session.command( "configure terminal" ) ); | |
- | + | result.append( session.command( "ip access-list standard " + acl ) ); | |
- | + | buffer = getBuffer( session, result, acl ); | |
- | + | doCommands( session, result, buffer ); | |
- | + | result.append( session.command( "end" ) ); | |
- | + | result.append( session.command( "exit", false ) ); | |
- | + | ||
- | |||
- | |||
+ | if (log.isDebugEnabled()) | ||
+ | { | ||
+ | log.debug( "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" ); | ||
+ | log.debug( result.toString() ); | ||
+ | log.debug( "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" ); | ||
+ | } | ||
+ | |||
+ | // пауза пока считает команду exit | ||
+ | Thread.sleep( 100 ); | ||
+ | } | ||
+ | catch ( Exception e ) | ||
+ | { | ||
+ | throw new RuntimeException ( e ); | ||
+ | } | ||
+ | finally | ||
+ | { | ||
+ | if( session != null ) | ||
+ | { | ||
+ | session.disconnect(); | ||
+ | } | ||
+ | } | ||
} | } | ||
+ | void doCommands( session, result, buffer ) | ||
+ | { | ||
+ | for( status : statusList ) | ||
+ | { | ||
+ | log.info( "status.status=" + status.status ); | ||
+ | isPermitted = isUserPermited ( status, buffer); | ||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | + | // если правило есть, а юзер заблокирован - удаляем правило | |
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | if ( isPermitted && status.status > 0 ) | |
- | if ( | + | |
- | + | ||
- | + | ||
- | + | ||
- | + | ||
{ | { | ||
- | rules = | + | rules = getCloseRules( status ); |
} | } | ||
- | + | else if ( !isPermitted && status.status == 0 ) | |
- | else if ( | + | // правила нет, а юзер открыт - добавляем правило |
- | { | + | { |
- | rules = | + | rules = getOpenRules( status ); |
} | } | ||
- | + | else | |
- | + | ||
{ | { | ||
- | for ( | + | continue; |
- | + | } | |
- | + | for ( rule : rules ) | |
- | + | { | |
- | + | result.append( session.command( rule ) ); | |
} | } | ||
+ | } | ||
+ | } | ||
- | |||
- | + | private List getOpenRules( status ) | |
+ | { | ||
- | + | log.info( "getting open rules" ); | |
- | + | return getRules( status, "\\[OPEN\\]((.|\n)*)\\[/OPEN\\]" ); | |
- | + | ||
- | return getRules( status, "\\[OPEN\\](.*)\\[/OPEN\\]" | + | |
} | } | ||
- | getCloseRules( status | + | private List getCloseRules( status ) |
{ | { | ||
- | + | log.info( "getting close rules" ); | |
- | return getRules( status, "\\[CLOSE\\](.*)\\[/CLOSE\\]" | + | return getRules( status, "\\[CLOSE\\]((.|\n)*)\\[/CLOSE\\]"); |
} | } | ||
- | |||
- | |||
- | |||
- | |||
- | |||
- | getRules( | + | |
+ | |||
+ | private List getRules( status, String template ) | ||
{ | { | ||
// пользовательское правило, без типа - то все оставляем как есть | // пользовательское правило, без типа - то все оставляем как есть | ||
- | + | rule = status.rule.getRuleText(); | |
- | + | ||
- | + | ||
- | + | ||
//типизированное правило | //типизированное правило | ||
Строка 251: | Строка 135: | ||
{ | { | ||
- | + | ruleText = ManadUtils.getRule( status.gateType, status.ruleType ); | |
- | + | Map replacements = new HashMap (); | |
- | + | rule = ManadUtils.generateRule( ruleText, status.rule.getRuleText(), replacements, status.ruleType ); | |
- | + | } | |
- | + | ||
- | + | ||
- | pattern = Pattern.compile( template | + | Pattern pattern = Pattern.compile( template ); |
- | m = pattern.matcher( rule ); | + | Matcher m = pattern.matcher( rule ); |
if (m.find()) | if (m.find()) | ||
{ | { | ||
- | + | rule = m.group( 1 ); | |
} | } | ||
+ | |||
+ | log.info("rule=" + rule); | ||
rule.replaceAll( "\r", "" ); | rule.replaceAll( "\r", "" ); | ||
- | |||
- | |||
parts = rule.split( "\n" ); | parts = rule.split( "\n" ); | ||
result = new ArrayList(); | result = new ArrayList(); | ||
- | for ( | + | for ( part : parts ) |
{ | { | ||
if ( !Utils.isEmptyString( part )) | if ( !Utils.isEmptyString( part )) | ||
Строка 278: | Строка 160: | ||
} | } | ||
} | } | ||
+ | |||
return result; | return result; | ||
- | } | + | } |
- | + | private getBuffer( session, result, acl ) | |
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
{ | { | ||
- | + | buffer = session.command( "do sh ip access-list " + acl ); | |
- | + | result.append( buffer ); | |
- | + | return buffer; | |
- | + | ||
- | return | + | |
} | } | ||
- | + | ||
- | private | + | private isUserPermited ( status, buffer) |
{ | { | ||
- | + | addreses = status.rule.getRuleText().split( "\\s*,\\s*" ); | |
- | + | // | |
- | + | for ( i = 0; i < addreses.length; i++) | |
- | + | { | |
- | // | + | address = IPUtils.convertLongIpToString( Utils.parseLongString( addreses[i], 0 ) ); |
- | + | log.info( "ip=" + address); | |
- | + | ||
- | + | address = address.replace( ".", "\\." ); | |
- | + | ||
- | { | + | Pattern pattern = Pattern.compile( ".*permit\\s" + address + "(\\s.*)?$", Pattern.DOTALL ); |
- | + | Matcher m = pattern.matcher( buffer ); | |
- | + | //если хотя бы один адрес отстуствует, то считаем что клиент закрыт | |
- | + | if ( !m.find() ) | |
- | + | { | |
- | + | log.info( "is not permitted" ); | |
- | + | return false; | |
- | + | } | |
- | + | ||
- | + | } | |
- | + | log.info( "is permitted" ); | |
- | + | return true; | |
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | } | + | |
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | return | + | |
} | } | ||
- | |||
</source> | </source> |
Текущая версия на 06:22, 16 апреля 2010
import java.util.*; import java.util.regex.*; import bitel.billing.common.module.ipn.*; import bitel.billing.server.ipn.bean.*; import bitel.billing.server.util.*; import bitel.billing.server.util.ssh.*; import bitel.billing.common.*; import java.util.regex.Pattern; import java.util.regex.Matcher; protected void doSync() { host = gate.getHost(); port = gate.getPort(); gid = gate.getId(); gateSetup = new DefaultServerSetup( gate.getConfig(), "\r\n" ); login = gateSetup.getStringValue( "login"); pswd = gate.getKeyword(); acl = gateSetup.getStringValue( "acl_name"); result = new StringBuffer(); if( log.isDebugEnabled() ) { log.debug( gate.getId() + " gate: " + host + ":" + port + " login: " + login + " pswd: " + pswd ); } session = null; try { session = new SSHSession( host, port, login, pswd ); session.connect(); result.append(session.command( "terminal length 0" ) ); result = new StringBuffer(); result.append( session.command( "configure terminal" ) ); result.append( session.command( "ip access-list standard " + acl ) ); buffer = getBuffer( session, result, acl ); doCommands( session, result, buffer ); result.append( session.command( "end" ) ); result.append( session.command( "exit", false ) ); if (log.isDebugEnabled()) { log.debug( "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" ); log.debug( result.toString() ); log.debug( "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" ); } // пауза пока считает команду exit Thread.sleep( 100 ); } catch ( Exception e ) { throw new RuntimeException ( e ); } finally { if( session != null ) { session.disconnect(); } } } void doCommands( session, result, buffer ) { for( status : statusList ) { log.info( "status.status=" + status.status ); isPermitted = isUserPermited ( status, buffer); // если правило есть, а юзер заблокирован - удаляем правило if ( isPermitted && status.status > 0 ) { rules = getCloseRules( status ); } else if ( !isPermitted && status.status == 0 ) // правила нет, а юзер открыт - добавляем правило { rules = getOpenRules( status ); } else { continue; } for ( rule : rules ) { result.append( session.command( rule ) ); } } } private List getOpenRules( status ) { log.info( "getting open rules" ); return getRules( status, "\\[OPEN\\]((.|\n)*)\\[/OPEN\\]" ); } private List getCloseRules( status ) { log.info( "getting close rules" ); return getRules( status, "\\[CLOSE\\]((.|\n)*)\\[/CLOSE\\]"); } private List getRules( status, String template ) { // пользовательское правило, без типа - то все оставляем как есть rule = status.rule.getRuleText(); //типизированное правило if( status.ruleType != null ) { ruleText = ManadUtils.getRule( status.gateType, status.ruleType ); Map replacements = new HashMap (); rule = ManadUtils.generateRule( ruleText, status.rule.getRuleText(), replacements, status.ruleType ); } Pattern pattern = Pattern.compile( template ); Matcher m = pattern.matcher( rule ); if (m.find()) { rule = m.group( 1 ); } log.info("rule=" + rule); rule.replaceAll( "\r", "" ); parts = rule.split( "\n" ); result = new ArrayList(); for ( part : parts ) { if ( !Utils.isEmptyString( part )) { result.add( part ); } } return result; } private getBuffer( session, result, acl ) { buffer = session.command( "do sh ip access-list " + acl ); result.append( buffer ); return buffer; } private isUserPermited ( status, buffer) { addreses = status.rule.getRuleText().split( "\\s*,\\s*" ); // for ( i = 0; i < addreses.length; i++) { address = IPUtils.convertLongIpToString( Utils.parseLongString( addreses[i], 0 ) ); log.info( "ip=" + address); address = address.replace( ".", "\\." ); Pattern pattern = Pattern.compile( ".*permit\\s" + address + "(\\s.*)?$", Pattern.DOTALL ); Matcher m = pattern.matcher( buffer ); //если хотя бы один адрес отстуствует, то считаем что клиент закрыт if ( !m.find() ) { log.info( "is not permitted" ); return false; } } log.info( "is permitted" ); return true; }