# !/usr/bin/env python -tt
|
|
# -*- encoding: utf-8 -*-
|
|
|
|
from __future__ import with_statement
|
|
# this is already implemented in Python 2.6.x
|
|
auth_methods = (
|
|
u'trust',
|
|
u'reject',
|
|
u'md5',
|
|
u'crypt',
|
|
u'password',
|
|
u'gss',
|
|
u'sspi',
|
|
u'krb5',
|
|
u'ident',
|
|
u'pam',
|
|
u'ldap',
|
|
)
|
|
|
|
net_connection_types = (
|
|
u'host',
|
|
u'hostssl',
|
|
u'hostnossl',
|
|
)
|
|
no_net_connection_types = (
|
|
u'local',
|
|
)
|
|
connection_types = no_net_connection_types + net_connection_types
|
|
|
|
connection_type_equiv = {
|
|
u'local' : (u'local',),
|
|
u'host' : (u'host', u'hostssl', u'hostnossl'),
|
|
u'hostssl' : (u'host', u'hostssl',),
|
|
u'hostnossl' : (u'host', u'hostnossl',),
|
|
}
|
|
|
|
class Rule(object):
|
|
"""
|
|
A single HBA rule.
|
|
(?# CONNECTION_TYPE DATABASES USERS CIDR-ADDRESS? METHOD OPTION?)
|
|
"""
|
|
def __init__(self,
|
|
ctype, method, users, databases,
|
|
cidr = None, options = None, comment = None,
|
|
):
|
|
if ctype is not None and ctype not in connection_types:
|
|
raise ValueError("unknown connection type, '%s'" %(ctype,))
|
|
if ctype == 'local':
|
|
if cidr is not None:
|
|
raise ValueError("cidr must be None for local rules")
|
|
self.cidr = None
|
|
else:
|
|
self.cidr = cidr
|
|
|
|
self.ctype = ctype
|
|
|
|
if u'all' in users:
|
|
self.users = (u'all',)
|
|
else:
|
|
self.users = users
|
|
|
|
if u'all' in databases:
|
|
self.databases = (u'all',)
|
|
else:
|
|
self.databases = databases
|
|
|
|
self.method = method
|
|
self.options = options
|
|
self.comment = comment
|
|
self.line = None
|
|
|
|
def get_hba(path):
|
|
all_lines = {}
|
|
laws = {}
|
|
with open(path, 'r') as f:
|
|
read_data = f.readlines()
|
|
lineno = 1
|
|
for line in read_data:
|
|
all_lines[lineno] = line
|
|
if line.startswith(u'#') or len(line.strip())==0:
|
|
pass
|
|
else:
|
|
laws[lineno] = line
|
|
lineno = lineno +1
|
|
return all_lines, laws
|
|
|
|
def test(t):
|
|
get_hba(u'/etc/postgresql/8.4/main/pg_hba.conf')
|
|
if t == u'error':
|
|
error = Rule(u'local',u'trust',u'all',u'all','192.168.1.1/32')
|
|
else:
|
|
good = Rule(u'local',u'trust',u'all',u'all')
|
|
if __name__ == '__main__':
|
|
test(u'aa')
|
|
|