From d413784c799be3301daa92a893c3674fb2759a5b Mon Sep 17 00:00:00 2001 From: jbjohnso Date: Fri, 29 Aug 2008 15:21:50 +0000 Subject: [PATCH] -Implement noderange based ACLs git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@2068 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd --- xCAT-server/sbin/xcatd | 30 ++++++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/xCAT-server/sbin/xcatd b/xCAT-server/sbin/xcatd index e50d854fb..544ed302e 100755 --- a/xCAT-server/sbin/xcatd +++ b/xCAT-server/sbin/xcatd @@ -1231,7 +1231,7 @@ sub validate { my @policies = $policytable->getTable; $policytable->close; my $rule; - foreach $rule (@policies) { + RULE: foreach $rule (@policies) { if ($rule->{name} and $rule->{name} ne '*') { #TODO: more complex matching (lists, wildcards) next unless ($peername and $peername eq $rule->{name}); @@ -1260,7 +1260,33 @@ sub validate { } } if ($rule->{noderange} and $rule->{noderange} ne '*') { - #TODO: not ignore this field + my $matchall=0; + if ($rule->{rule} =~ /allow/i or $rule->{rule} =~ /accept/i) { + $matchall=1; + } + if (defined $request->{noderange}->[0]) { + my @tmpn=noderange($request->{noderange}->[0]); + $request->{node}=\@tmpn; + } + unless (defined $request->{node}) { + next RULE; + } + my @reqnodes = @{$request->{node}}; + my %matchnodes; + foreach (noderange($rule->{noderange})) { + $matchnodes{$_}=1; + } + REQN: foreach (@reqnodes) { + if (defined ($matchnodes{$_})) { + if ($matchall) { + next REQN; + } else { + last REQN; + } + } elsif ($matchall) { + next RULE; + } + } } # If we are still in, that means this rule is the first match and dictates behavior. if ($rule->{rule}) {