Commit c053c2c3 authored by Francesc Guasch's avatar Francesc Guasch
Browse files

[#51] iptables information stored to remove the rule later

parent 2aec1d4f
......@@ -3,14 +3,17 @@ package Ravada::Domain;
use warnings;
use strict;
use Carp qw(confess croak cluck);
use Carp qw(carp confess croak cluck);
use Data::Dumper;
use Hash::Util qw(lock_hash);
use Image::Magick;
use JSON::XS;
use Moose::Role;
use Sys::Statistics::Linux;
use IPTables::ChainMgr;
use Ravada::Utils;
our $TIMEOUT_SHUTDOWN = 20;
our $CONNECTOR;
......@@ -125,6 +128,7 @@ sub _vm_disconnect {
}
sub _start_preconditions{
if (scalar @_ %2 ) {
_allow_manage_args(@_);
} else {
......@@ -132,6 +136,7 @@ sub _start_preconditions{
}
_check_free_memory();
_check_used_memory(@_);
}
sub _allow_manage_args {
......@@ -686,9 +691,11 @@ sub _post_shutdown {
sub _remove_iptables {
my $self = shift;
my $args = {@_};
my $ipt_obj = _open_iptables();
my $iptables = $self->{_iptables};
my $iptables = $self->_last_iptable($args->{user});
$ipt_obj->delete_ip_rule(@$iptables) if $iptables;
}
......@@ -719,6 +726,11 @@ sub _remove_temporary_machine {
sub _post_start {
my $self = shift;
$self->_add_iptable(@_);
}
sub _add_iptable {
my $self = shift;
return if scalar @_ % 2;
my %args = @_;
......@@ -740,6 +752,8 @@ sub _post_start {
my ($rv, $out_ar, $errs_ar) = $ipt_obj->append_ip_rule(@iptables_arg);
$self->{_iptables} = \@iptables_arg;
$self->_store_log(command => 'create', iptables => \@iptables_arg, @_);
}
sub _open_iptables {
......@@ -778,4 +792,46 @@ sub _open_iptables {
return $ipt_obj;
}
sub _store_log {
my $self = shift;
if (scalar(@_) %2 ) {
carp "Odd number ".Dumper(\@_);
return;
}
my %args = @_;
lock_hash(%args);
my $remote_ip = $args{remote_ip};#~ or return;
my $user = $args{user};
my $command = $args{command};
my $iptables = $args{iptables};
my $sth = $$CONNECTOR->dbh->prepare(
"INSERT INTO log_commands"
."(id_domain, id_user, command, remote_ip, timereq, iptables)"
."VALUES(?, ?, ?, ?, ?, ?)"
);
$sth->execute($self->id, $user->id,$command, $remote_ip, Ravada::Utils::now()
,encode_json($iptables));
$sth->finish;
}
sub _last_iptable {
my $self = shift;
my $user = shift;
my $sth = $$CONNECTOR->dbh->prepare(
"SELECT iptables FROM log_commands"
." WHERE command='create' "
." AND id_domain=?"
." AND id_user=? "
." ORDER BY timereq DESC "
);
$sth->execute($self->id, $user->id);
while (my ($iptables) = $sth->fetchrow) {
return decode_json($iptables);
}
return;
}
1;
package Ravada::Utils;
=head2 now
Returns the current datetime
=cut
sub now {
my @now = localtime(time);
$now[5]+=1900;
$now[4]++;
for ( 0 .. 4 ) {
$now[$_] = "0".$now[$_] if length($now[$_])<2;
}
return "$now[5]-$now[4]-$now[3] $now[2]:$now[1]:$now[0].0";
}
1;
......@@ -67,3 +67,13 @@ VALUES("Mint/Mate 18 - 64 bits","Linux Mint Mate 18 (Sarah) 64 bits"
,'http://mirrors.evowise.com/linuxmint/stable/18/linuxmint-18-mate-64bit.iso'
,'629d138d03ae594d403df0cd2502d26c'
);
INSERT INTO iso_images
(name,description,arch,xml,xml_volume,url,md5)
VALUES("Mint/Mate 18 - 32 bits","Linux Mint Mate 18 (Sarah) 32 bits"
,'i386'
,'sarah-i386.xml'
,'sarah-volume.xml'
,'http://mirrors.evowise.com/linuxmint/stable/18/linuxmint-18-mate-32bit.iso'
,'b5b804b0cfb7c91a90ea97e038007f07'
);
SQL:= ../sqlite/bases.sql ../sqlite/iso_images.sql ../sqlite/lxc_templates.sql ../sqlite/requests.sql ../sqlite/file_base_images.sql ../sqlite/domains_network.sql ../sqlite/messages.sql ../sqlite/networks.sql ../sqlite/domains.sql ../sqlite/users.sql
SQL:= ../sqlite/bases.sql ../sqlite/iso_images.sql ../sqlite/lxc_templates.sql ../sqlite/requests.sql ../sqlite/file_base_images.sql ../sqlite/domains_network.sql ../sqlite/messages.sql ../sqlite/networks.sql ../sqlite/domains.sql ../sqlite/users.sql ../sqlite/log_commands.sql
ALL: $(SQL)
......
CREATE TABLE log_commands(
id integer auto_increment primary key
id_domain int not null,
id_user int not null,
command char(32) not null,
remote_ip char(16) not null,
timereq datetime not null,
iptables varchar(255) not null
);
CREATE TABLE log_commands(
id integer PRIMARY KEY AUTOINCREMENT
, id_domain int not null
, id_user int not null
, command char(32) not null
, remote_ip char(16) not null
, timereq datetime not null
, iptables varchar(255) not null
);
......@@ -8,6 +8,7 @@ sql:
- ../../sql/sqlite/messages.sql
- ../../sql/sqlite/networks.sql
- ../../sql/sqlite/domains_network.sql
- ../../sql/sqlite/log_commands.sql
- ../../sql/data/insert_lxc_templates.sql
- ../../sql/data/insert_networks.sql
- ../../sql/sqlite/file_base_images.sql
......@@ -83,6 +83,33 @@ sub test_fw_domain {
test_chain($vm_name, $local_ip,$local_port, $remote_ip, 0);
}
sub test_fw_domain_stored {
my ($vm_name, $domain_name) = @_;
my $remote_ip = '99.88.77.66';
my $vm = $RVD_BACK->search_vm($vm_name);
my $local_ip = $vm->ip;
my $local_port;
{
my $domain = $vm->search_domain($domain_name);
ok($domain,"Searching for domain $domain_name") or return;
$domain->start( user => $USER, remote_ip => $remote_ip);
my $display = $domain->display($USER);
($local_port) = $display =~ m{\d+\.\d+\.\d+\.\d+\:(\d+)};
ok(defined $local_port, "Expecting a port in display '$display'") or return;
ok($domain->is_active);
test_chain($vm_name, $local_ip,$local_port, $remote_ip, 1);
}
my $domain = $vm->search_domain($domain_name);
$domain->shutdown_now( $USER );
test_chain($vm_name, $local_ip,$local_port, $remote_ip, 0);
}
sub open_ipt {
my %opts = (
'use_ipv6' => 0, # can set to 1 to force ip6tables usage
......@@ -158,6 +185,9 @@ for my $vm_name (qw( Void KVM )) {
my $domain = test_create_domain($vm_name);
test_fw_domain($vm_name, $domain);
my $domain2 = test_create_domain($vm_name);
test_fw_domain_stored($vm_name, $domain2->name);
};
}
flush_rules();
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment