Commit 9974abb5 authored by Leigh B Stoller's avatar Leigh B Stoller
Browse files

Rework the firewall code to deal with myip inthe right place.

parent c5f926d4
......@@ -312,9 +312,9 @@ sub MarkModified($)
# Condomize a profile rspec by inserting the necessary firewall section
# to each of the nodes.
#
sub Condomize($)
sub CheckFirewall($$)
{
my ($self) = @_;
my ($self, $condomize) = @_;
# Must be a real reference.
return -1
......@@ -326,6 +326,7 @@ sub Condomize($)
return undef;
}
foreach my $ref (GeniXML::FindNodes("n:node", $rspec)->get_nodelist()) {
if ($condomize) {
#
# No settings is easy; wrap it tight.
#
......@@ -344,10 +345,18 @@ sub Condomize($)
if (!defined($style) || $style ne "basic" || $style ne "closed") {
GeniXML::SetText("style", $settings, "closed");
}
}
#
# What about exceptions?
# Quick pass over the exceptions to see if we need to substitute
# the callers IP address.
#
foreach my $exception (GeniXML::FindNodesNS("n:firewall/n:exception",
$ref, $GeniXML::EMULAB_NS)->get_nodelist()) {
my $ip = GeniXML::GetText("ip", $exception);
if (defined($ip) && $ip eq "myip" && exists($ENV{'REMOTE_ADDR'})) {
GeniXML::SetText("ip", $exception, $ENV{'REMOTE_ADDR'});
}
}
}
return GeniXML::Serialize($rspec);
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment