-Implement noderange based ACLs

git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@2068 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd
This commit is contained in:
jbjohnso 2008-08-29 15:21:50 +00:00
parent a597e12173
commit d413784c79

View File

@ -1231,7 +1231,7 @@ sub validate {
my @policies = $policytable->getTable;
$policytable->close;
my $rule;
foreach $rule (@policies) {
RULE: foreach $rule (@policies) {
if ($rule->{name} and $rule->{name} ne '*') {
#TODO: more complex matching (lists, wildcards)
next unless ($peername and $peername eq $rule->{name});
@ -1260,7 +1260,33 @@ sub validate {
}
}
if ($rule->{noderange} and $rule->{noderange} ne '*') {
#TODO: not ignore this field
my $matchall=0;
if ($rule->{rule} =~ /allow/i or $rule->{rule} =~ /accept/i) {
$matchall=1;
}
if (defined $request->{noderange}->[0]) {
my @tmpn=noderange($request->{noderange}->[0]);
$request->{node}=\@tmpn;
}
unless (defined $request->{node}) {
next RULE;
}
my @reqnodes = @{$request->{node}};
my %matchnodes;
foreach (noderange($rule->{noderange})) {
$matchnodes{$_}=1;
}
REQN: foreach (@reqnodes) {
if (defined ($matchnodes{$_})) {
if ($matchall) {
next REQN;
} else {
last REQN;
}
} elsif ($matchall) {
next RULE;
}
}
}
# If we are still in, that means this rule is the first match and dictates behavior.
if ($rule->{rule}) {