1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
#!/usr/bin/python
#
# example-terminate.py
#
# This is a script that can be ADDED to the updown scripts. Normally this would
# be added to /usr/libexec/ipsec/_updown.xfrm (for protostack=xfrm)
# This is an example that logs XAUTH users to /tmp/terminate.log when the
# tunnel goes down:
#
# Inside _updown.xfrm add a call to this script, like:
#
#
# down-client)
# # connection to my client subnet going down
# downrule
# # If you are doing a custom version, firewall commands go here.
# restoreresolvconf
# /usr/local/sbin/example-terminate.py $PLUTO_XAUTH_USERNAME
#
import os, sys, pipes
import commands
import requests
import signal
def child(username):
# Send a GET request to our logserver to log disconnecting client
# this might block if unavailable, so we must be detached from
# pluto.
url = 'https://logserver.example.com/delete/'
payload = {'username': username}
r = requests.get(url, data=payload)
fp = open("/tmp/terminate.log","a")
fp.write("Termination notification sent for %s\n"%username)
fp.write("HTTP status code:%s\n"%r.status_code)
fp.write(r.text)
fp.write("\n")
fp.close()
os._exit(0)
if __name__ == '__main__':
if len(sys.argv) < 2:
# nothing to log
sys.exit(0)
username = sys.argv[1]
if username != pipes.quote(username):
sys.exit("bogus characters in username '%s', ignored termination request"%username)
# Redirect standard file descriptors to ensure pluto does not block on us
os.close(0)
os.close(1)
os.close(2)
os.close(3) # pluto.log - workaround for bug #202
# Do a double fork to decouple from the parent environment
pid = os.fork()
if pid > 0:
# exit first parent
sys.exit(0)
os.chdir("/")
os.setsid()
os.umask(0)
# do second fork
pid = os.fork()
if pid > 0:
# exit from second parent
sys.exit(0)
# we're fully detached now - take as long as needed to do the work
child(username)
|
