-Implement noderange based ACLs
git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@2068 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd
This commit is contained in:
parent
a597e12173
commit
d413784c79
@ -1231,7 +1231,7 @@ sub validate {
|
||||
my @policies = $policytable->getTable;
|
||||
$policytable->close;
|
||||
my $rule;
|
||||
foreach $rule (@policies) {
|
||||
RULE: foreach $rule (@policies) {
|
||||
if ($rule->{name} and $rule->{name} ne '*') {
|
||||
#TODO: more complex matching (lists, wildcards)
|
||||
next unless ($peername and $peername eq $rule->{name});
|
||||
@ -1260,7 +1260,33 @@ sub validate {
|
||||
}
|
||||
}
|
||||
if ($rule->{noderange} and $rule->{noderange} ne '*') {
|
||||
#TODO: not ignore this field
|
||||
my $matchall=0;
|
||||
if ($rule->{rule} =~ /allow/i or $rule->{rule} =~ /accept/i) {
|
||||
$matchall=1;
|
||||
}
|
||||
if (defined $request->{noderange}->[0]) {
|
||||
my @tmpn=noderange($request->{noderange}->[0]);
|
||||
$request->{node}=\@tmpn;
|
||||
}
|
||||
unless (defined $request->{node}) {
|
||||
next RULE;
|
||||
}
|
||||
my @reqnodes = @{$request->{node}};
|
||||
my %matchnodes;
|
||||
foreach (noderange($rule->{noderange})) {
|
||||
$matchnodes{$_}=1;
|
||||
}
|
||||
REQN: foreach (@reqnodes) {
|
||||
if (defined ($matchnodes{$_})) {
|
||||
if ($matchall) {
|
||||
next REQN;
|
||||
} else {
|
||||
last REQN;
|
||||
}
|
||||
} elsif ($matchall) {
|
||||
next RULE;
|
||||
}
|
||||
}
|
||||
}
|
||||
# If we are still in, that means this rule is the first match and dictates behavior.
|
||||
if ($rule->{rule}) {
|
||||
|
Loading…
Reference in New Issue
Block a user