Commit 9974abb5 authored by Leigh B Stoller's avatar Leigh B Stoller
Browse files

Rework the firewall code to deal with myip inthe right place.

parent c5f926d4
...@@ -312,9 +312,9 @@ sub MarkModified($) ...@@ -312,9 +312,9 @@ sub MarkModified($)
# Condomize a profile rspec by inserting the necessary firewall section # Condomize a profile rspec by inserting the necessary firewall section
# to each of the nodes. # to each of the nodes.
# #
sub Condomize($) sub CheckFirewall($$)
{ {
my ($self) = @_; my ($self, $condomize) = @_;
# Must be a real reference. # Must be a real reference.
return -1 return -1
...@@ -326,28 +326,37 @@ sub Condomize($) ...@@ -326,28 +326,37 @@ sub Condomize($)
return undef; return undef;
} }
foreach my $ref (GeniXML::FindNodes("n:node", $rspec)->get_nodelist()) { foreach my $ref (GeniXML::FindNodes("n:node", $rspec)->get_nodelist()) {
# if ($condomize) {
# No settings is easy; wrap it tight. #
# # No settings is easy; wrap it tight.
if (!GeniXML::HasFirewallSettings($ref)) { #
my $firewall = GeniXML::AddElement("firewall", $ref, if (!GeniXML::HasFirewallSettings($ref)) {
$GeniXML::EMULAB_NS); my $firewall = GeniXML::AddElement("firewall", $ref,
GeniXML::SetText("style", $firewall, "closed"); $GeniXML::EMULAB_NS);
next; GeniXML::SetText("style", $firewall, "closed");
next;
}
#
# Make sure the existing section has a reasonable setting.
#
my $settings = GeniXML::FindNodesNS("n:firewall", $ref,
$GeniXML::EMULAB_NS)->pop();
my $style = GeniXML::GetText("style", $settings);
if (!defined($style) || $style ne "basic" || $style ne "closed") {
GeniXML::SetText("style", $settings, "closed");
}
} }
# #
# Make sure the existing section has a reasonable setting. # Quick pass over the exceptions to see if we need to substitute
# the callers IP address.
# #
my $settings = GeniXML::FindNodesNS("n:firewall", $ref, foreach my $exception (GeniXML::FindNodesNS("n:firewall/n:exception",
$GeniXML::EMULAB_NS)->pop(); $ref, $GeniXML::EMULAB_NS)->get_nodelist()) {
my $style = GeniXML::GetText("style", $settings); my $ip = GeniXML::GetText("ip", $exception);
if (!defined($style) || $style ne "basic" || $style ne "closed") { if (defined($ip) && $ip eq "myip" && exists($ENV{'REMOTE_ADDR'})) {
GeniXML::SetText("style", $settings, "closed"); GeniXML::SetText("ip", $exception, $ENV{'REMOTE_ADDR'});
}
} }
#
# What about exceptions?
#
} }
return GeniXML::Serialize($rspec); return GeniXML::Serialize($rspec);
} }
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment