Пример 1. реализации шлюза Cisco на BeanShell c управлением ssh
Материал из BiTel WiKi
import java.util.*; import java.util.regex.*; import bitel.billing.common.module.ipn.*; import bitel.billing.server.ipn.bean.*; import bitel.billing.server.util.*; import bitel.billing.server.util.ssh.*; import bitel.billing.common.*; import java.util.regex.Pattern; import java.util.regex.Matcher;
protected void doSync() { host = gate.getHost(); port = gate.getPort(); gid = gate.getId();
gateSetup = new DefaultServerSetup( gate.getConfig(), "\r\n" );
login = gateSetup.getStringValue( "login"); pswd = gate.getKeyword();
acl = gateSetup.getStringValue( "acl_name"); result = new StringBuffer();
if( log.isDebugEnabled() )
{
log.debug( gate.getId() + " gate: " + host + ":" + port + " login: " + login + " pswd: " + pswd );
}
session = null;
try
{
session = new SSHSession( host, port, login, pswd ); session.connect();
result.append(session.command( "terminal length 0" ) );
result = new StringBuffer();
result.append( session.command( "configure terminal" ) );
result.append( session.command( "ip access-list standard " + acl ) );
buffer = getBuffer( session, result, acl ); doCommands( session, result, buffer );
result.append( session.command( "end" ) );
result.append( session.command( "exit", false ) );
if (log.isDebugEnabled())
{
log.debug( "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" );
log.debug( result.toString() );
log.debug( "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" );
}
// пауза пока считает команду exit
Thread.sleep( 100 );
}
catch ( Exception e )
{
throw new RuntimeException ( e );
}
finally
{
if( session != null )
{
session.disconnect();
}
}
}
void doCommands( session, result, buffer ) { for( status : statusList ) { log.info( "status.status=" + status.status ); isPermitted = isUserPermited ( status, buffer);
// если правило есть, а юзер заблокирован - удаляем правило
if ( isPermitted && status.status > 0 ) { rules = getCloseRules( status ); } else if ( !isPermitted && status.status == 0 ) // правила нет, а юзер открыт - добавляем правило { rules = getOpenRules( status ); } else { continue; } for ( rule : rules ) { result.append( session.command( rule ) ); } } }
private List getOpenRules( status )
{
log.info( "getting open rules" ); return getRules( status, "\\[OPEN\\]((.|\n)*)\\[/OPEN\\]" ); }
private List getCloseRules( status ) { log.info( "getting close rules" ); return getRules( status, "\\[CLOSE\\]((.|\n)*)\\[/CLOSE\\]"); }
private List getRules( status, String template )
{
// пользовательское правило, без типа - то все оставляем как есть
rule = status.rule.getRuleText();
//типизированное правило
if( status.ruleType != null )
{ ruleText = ManadUtils.getRule( status.gateType, status.ruleType ); Map replacements = new HashMap (); rule = ManadUtils.generateRule( ruleText, status.rule.getRuleText(), replacements, status.ruleType ); }
Pattern pattern = Pattern.compile( template ); Matcher m = pattern.matcher( rule ); if (m.find()) { rule = m.group( 1 ); }
log.info("rule=" + rule);
rule.replaceAll( "\r", "" ); parts = rule.split( "\n" );
result = new ArrayList(); for ( part : parts ) { if ( !Utils.isEmptyString( part )) { result.add( part ); } }
return result;
}
private getBuffer( session, result, acl ) { buffer = session.command( "do sh ip access-list " + acl ); result.append( buffer ); return buffer; }
private isUserPermited ( status, buffer) { addreses = status.rule.getRuleText().split( "\\s*,\\s*" ); // for ( i = 0; i < addreses.length; i++) { address = IPUtils.convertLongIpToString( Utils.parseLongString( addreses[i], 0 ) ); log.info( "ip=" + address);
address = address.replace( ".", "\\." );
Pattern pattern = Pattern.compile( ".*permit\\s" + address + "(\\s.*)?$", Pattern.DOTALL );
Matcher m = pattern.matcher( buffer );
//если хотя бы один адрес отстуствует, то считаем что клиент закрыт if ( !m.find() ) { log.info( "is not permitted" ); return false; }
} log.info( "is permitted" ); return true; }
