Commit c284bf82 authored by Francesc Guasch's avatar Francesc Guasch
Browse files

[#51] close other IPs after opening for client

parent 0b1f1e75
......@@ -98,7 +98,11 @@ before 'start' => \&_start_preconditions;
after 'start' => \&_post_start;
before 'pause' => \&_allow_manage;
after 'pause' => \&_post_pause;
before 'resume' => \&_allow_manage;
after 'resume' => \&_post_resume;
before 'shutdown' => \&_allow_manage_args;
after 'shutdown' => \&_post_shutdown;
......@@ -700,6 +704,13 @@ sub clone {
);
}
sub _post_pause {
my $self = shift;
my $user = shift;
$self->_remove_iptables(user => $user);
}
sub _post_shutdown {
my $self = shift;
......@@ -715,9 +726,15 @@ sub _remove_iptables {
my $ipt_obj = _open_iptables();
my $iptables = $self->_last_iptable($args->{user});
$ipt_obj->delete_ip_rule(@$iptables) if $iptables;
my $sth = $$CONNECTOR->dbh->prepare(
"UPDATE iptables SET time_deleted=?"
." WHERE id=?"
);
for my $row ($self->_active_iptables($args->{user})) {
my ($id, $iptables) = @$row;
$ipt_obj->delete_ip_rule(@$iptables);
$sth->execute(Ravada::Utils::now(), $id);
}
}
sub _remove_temporary_machine {
......@@ -743,6 +760,10 @@ sub _remove_temporary_machine {
}
}
sub _post_resume {
return _post_start(@_);
}
sub _post_start {
my $self = shift;
......@@ -771,9 +792,17 @@ sub _add_iptable {
,{'protocol' => 'tcp', 's_port' => 0, 'd_port' => $local_port});
my ($rv, $out_ar, $errs_ar) = $ipt_obj->append_ip_rule(@iptables_arg);
$self->{_iptables} = \@iptables_arg;
$self->_store_log(command => 'create', iptables => \@iptables_arg, @_);
$self->_log_iptable(iptables => \@iptables_arg, @_);
@iptables_arg = ( '0.0.0.0'
,$local_ip, 'filter', $IPTABLES_CHAIN, 'DROP',
,{'protocol' => 'tcp', 's_port' => 0, 'd_port' => $local_port});
($rv, $out_ar, $errs_ar) = $ipt_obj->append_ip_rule(@iptables_arg);
$self->_log_iptable(iptables => \@iptables_arg, @_);
}
sub _open_iptables {
......@@ -813,7 +842,7 @@ sub _open_iptables {
return $ipt_obj;
}
sub _store_log {
sub _log_iptable {
my $self = shift;
if (scalar(@_) %2 ) {
carp "Odd number ".Dumper(\@_);
......@@ -823,35 +852,36 @@ sub _store_log {
lock_hash(%args);
my $remote_ip = $args{remote_ip};#~ or return;
my $user = $args{user};
my $command = $args{command};
my $iptables = $args{iptables};
my $sth = $$CONNECTOR->dbh->prepare(
"INSERT INTO log_commands"
."(id_domain, id_user, command, remote_ip, timereq, iptables)"
."VALUES(?, ?, ?, ?, ?, ?)"
"INSERT INTO iptables "
."(id_domain, id_user, remote_ip, time_req, iptables)"
."VALUES(?, ?, ?, ?, ?)"
);
$sth->execute($self->id, $user->id,$command, $remote_ip, Ravada::Utils::now()
$sth->execute($self->id, $user->id, $remote_ip, Ravada::Utils::now()
,encode_json($iptables));
$sth->finish;
}
sub _last_iptable {
sub _active_iptables {
my $self = shift;
my $user = shift;
my $sth = $$CONNECTOR->dbh->prepare(
"SELECT iptables FROM log_commands"
." WHERE command='create' "
." AND id_domain=?"
"SELECT id,iptables FROM iptables "
." WHERE "
." id_domain=?"
." AND id_user=? "
." ORDER BY timereq DESC "
." AND time_deleted IS NULL"
." ORDER BY time_req DESC "
);
$sth->execute($self->id, $user->id);
while (my ($iptables) = $sth->fetchrow) {
return decode_json($iptables);
my @iptables;
while (my ($id, $iptables) = $sth->fetchrow) {
push @iptables, [ $id, decode_json($iptables)];
}
return;
return @iptables;
}
1;
......@@ -24,7 +24,7 @@ our %FIELD_RO = map { $_ => 1 } qw(id name);
our $args_manage = { name => 1 , uid => 1 };
our $args_prepare = { id_domain => 1 , uid => 1 };
our $args_remove_base = { domain => 1 , uid => 1 };
our $args_manage_ip = {%$args_manage, remote_ip => 1};
our %VALID_ARG = (
create_domain => {
......@@ -38,10 +38,11 @@ our %VALID_ARG = (
,disk => 2
,network => 2
}
,open_iptables => $args_manage_ip
,remove_base => $args_remove_base
,prepare_base => $args_prepare
,pause_domain => $args_manage
,resume_domain => $args_manage
,resume_domain => {%$args_manage, remote_ip => 1 }
,remove_domain => $args_manage
,shutdown_domain => { name => 1, uid => 1, timeout => 2 }
,screenshot_domain => { id_domain => 1, filename => 2 }
......
SQL:= ../sqlite/bases.sql ../sqlite/iso_images.sql ../sqlite/lxc_templates.sql ../sqlite/requests.sql ../sqlite/file_base_images.sql ../sqlite/domains_network.sql ../sqlite/messages.sql ../sqlite/networks.sql ../sqlite/domains.sql ../sqlite/users.sql ../sqlite/log_commands.sql
SQL:= ../sqlite/bases.sql ../sqlite/iso_images.sql ../sqlite/lxc_templates.sql ../sqlite/requests.sql ../sqlite/file_base_images.sql ../sqlite/domains_network.sql ../sqlite/messages.sql ../sqlite/networks.sql ../sqlite/domains.sql ../sqlite/users.sql ../sqlite/iptables.sql
ALL: $(SQL)
......
CREATE TABLE log_commands(
CREATE TABLE iptables (
id integer auto_increment primary key,
id_domain int not null,
id_user int not null,
command char(32) not null,
remote_ip char(16) not null,
timereq datetime not null,
time_req datetime not null,
time_deleted datetime ,
iptables varchar(255) not null
);
CREATE TABLE log_commands(
CREATE TABLE iptables (
id integer PRIMARY KEY AUTOINCREMENT
, id_domain int not null
, id_user int not null
, command char(32) not null
, remote_ip char(16) not null
, timereq datetime not null
, time_req datetime not null
, time_deleted datetime
, iptables varchar(255) not null
);
......@@ -8,7 +8,7 @@ sql:
- ../../sql/sqlite/messages.sql
- ../../sql/sqlite/networks.sql
- ../../sql/sqlite/domains_network.sql
- ../../sql/sqlite/log_commands.sql
- ../../sql/sqlite/iptables.sql
- ../../sql/data/insert_lxc_templates.sql
- ../../sql/data/insert_networks.sql
- ../../sql/sqlite/file_base_images.sql
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment