Commit 9974abb5 authored by Leigh B Stoller's avatar Leigh B Stoller
Browse files

Rework the firewall code to deal with myip inthe right place.

parent c5f926d4
...@@ -312,9 +312,9 @@ sub MarkModified($) ...@@ -312,9 +312,9 @@ sub MarkModified($)
# Condomize a profile rspec by inserting the necessary firewall section # Condomize a profile rspec by inserting the necessary firewall section
# to each of the nodes. # to each of the nodes.
# #
sub Condomize($) sub CheckFirewall($$)
{ {
my ($self) = @_; my ($self, $condomize) = @_;
# Must be a real reference. # Must be a real reference.
return -1 return -1
...@@ -326,6 +326,7 @@ sub Condomize($) ...@@ -326,6 +326,7 @@ sub Condomize($)
return undef; return undef;
} }
foreach my $ref (GeniXML::FindNodes("n:node", $rspec)->get_nodelist()) { foreach my $ref (GeniXML::FindNodes("n:node", $rspec)->get_nodelist()) {
if ($condomize) {
# #
# No settings is easy; wrap it tight. # No settings is easy; wrap it tight.
# #
...@@ -344,10 +345,18 @@ sub Condomize($) ...@@ -344,10 +345,18 @@ sub Condomize($)
if (!defined($style) || $style ne "basic" || $style ne "closed") { if (!defined($style) || $style ne "basic" || $style ne "closed") {
GeniXML::SetText("style", $settings, "closed"); GeniXML::SetText("style", $settings, "closed");
} }
}
# #
# What about exceptions? # Quick pass over the exceptions to see if we need to substitute
# the callers IP address.
# #
foreach my $exception (GeniXML::FindNodesNS("n:firewall/n:exception",
$ref, $GeniXML::EMULAB_NS)->get_nodelist()) {
my $ip = GeniXML::GetText("ip", $exception);
if (defined($ip) && $ip eq "myip" && exists($ENV{'REMOTE_ADDR'})) {
GeniXML::SetText("ip", $exception, $ENV{'REMOTE_ADDR'});
}
}
} }
return GeniXML::Serialize($rspec); return GeniXML::Serialize($rspec);
} }
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment