fixes #116

ac8ffba0 · Bach Dániel · 6625e283 · ac8ffba0 · ac8ffba0 · ac8ffba0
Commit ac8ffba0 authored Apr 03, 2013 by Bach Dániel
Hide whitespace changes
Inline Side-by-side

Showing with 91 additions and 43 deletions

cloud/urls.py
+1 -1

firewall/models.py
+70 -12

one/models.py
+3 -14

one/templates/show.html
+3 -3

one/views.py
+14 -13

No files found.
--- a/cloud/urls.py
+++ b/cloud/urls.py
@@ -37,7 +37,7 @@ urlpatterns = patterns('',
    url(r'^vm/renew/(?P<which>(suspend|delete))/(?P<iid>\d+)/$',
        'one.views.vm_renew', ),
    url(r'^vm/port_add/(?P<iid>\d+)/$', 'one.views.vm_port_add', ),
-    url(r'^vm/port_del/(?P<iid>\d+)/(?P<proto>tcp|udp)/(?P<public>\d+)/$',
+    url(r'^vm/port_del/(?P<iid>\d+)/(?P<proto>tcp|udp)/(?P<private>\d+)/$',
        'one.views.vm_port_del', ),
    url(r'^ajax/shareEdit/(?P<id>\d+)/$', 'one.views.ajax_share_edit_wizard',
        name='ajax_share_edit_wizard'),

--- a/firewall/models.py
+++ b/firewall/models.py
@@ -174,15 +174,30 @@ class Host(models.Model):
    def enable_net(self):
        self.groups.add(Group.objects.get(name="netezhet"))

-    def add_port(self, proto, public, private = 0):
+    def add_port(self, proto, public=None, private=None):
        proto = "tcp" if proto == "tcp" else "udp"
        if self.shared_ip:
-            if public < 1024:
-                raise ValidationError(_("Only ports above 1024 can be used."))
-            for host in Host.objects.filter(pub_ipv4=self.pub_ipv4):
-                if host.rules.filter(nat=True, proto=proto, dport=public):
+            used_ports = Rule.objects.filter(host__pub_ipv4=self.pub_ipv4,
+                    nat=True, proto=proto).values_list('dport', flat=True)
+
+            if public is None:
+                public = random.randint(1024, 21000)
+                if public in used_ports:
+                    for i in range(1024, 21000) + range(24000, 65535):
+                        if i not in used_ports:
+                            public = i
+                            break
+                    else:
+                        raise ValidationError(_("Port %s %s is already in use.") %
+                                (proto, public))
+
+            else:
+                if public < 1024:
+                    raise ValidationError(_("Only ports above 1024 can be used."))
+                if public in used_ports:
                    raise ValidationError(_("Port %s %s is already in use.") %
                            (proto, public))
+
            rule = Rule(direction='1', owner=self.owner, dport=public,
                    proto=proto, nat=True, accept=True, r_type="host",
                    nat_dport=private, host=self, foreign_network=VlanGroup.
@@ -199,15 +214,58 @@ class Host(models.Model):
        rule.full_clean()
        rule.save()

-    def del_port(self, proto, public):
-        self.rules.filter(owner=self.owner, proto=proto, host=self,
-                dport=public).delete()
+    def del_port(self, proto, private):
+        if self.shared_ip:
+            self.rules.filter(owner=self.owner, proto=proto, host=self,
+                nat_dport=private).delete()
+        else:
+            self.rules.filter(owner=self.owner, proto=proto, host=self,
+                dport=private).delete()
+
+    def get_hostname(self, proto):
+        try:
+            if proto == 'ipv6':
+                res = self.record_set.filter(type='AAAA')
+            elif proto == 'ipv4':
+                if self.shared_ip:
+                    res = Record.objects.filter(type='A',
+                            address=self.pub_ipv4)
+                else:
+                    res = self.record_set.filter(type='A')
+            return unicode(res[0].get_data()['name'])
+        except:
+            raise
+            if self.shared_ip:
+                return self.pub_ipv4
+            else:
+                return self.ipv4

    def list_ports(self):
-        return [{'proto': rule.proto,
-                 'public': rule.dport,
-                 'private': rule.nat_dport} for rule in
-                self.rules.filter(owner=self.owner)]
+        retval = []
+        for rule in self.rules.filter(owner=self.owner):
+            private = rule.nat_dport if self.shared_ip else rule.dport
+            forward = {
+                'proto': rule.proto,
+                'private': private,
+            }
+            if self.shared_ip:
+                public4 = rule.dport
+                public6 = rule.nat_dport
+            else:
+                public4 = public6 = rule.dport
+
+            if True:      # ipv4
+                forward['ipv4'] = {
+                    'host': self.get_hostname(proto='ipv4'),
+                    'port': public4,
+                }
+            if self.ipv6: # ipv6
+                forward['ipv6'] = {
+                    'host': self.get_hostname(proto='ipv6'),
+                    'port': public6,
+                }
+            retval.append(forward)
+        return retval

    def get_fqdn(self):
        return self.hostname + u'.' + unicode(self.vlan.domain)

--- a/one/models.py
+++ b/one/models.py
@@ -433,24 +433,13 @@ class Instance(models.Model):
            return {"rdp": 23000, "nx": 22000, "ssh": 22000}[proto] + int(self.ip.split('.')[2]) * 256 + int(self.ip.split('.')[3])
        else:
            return {"rdp": 3389, "nx": 22, "ssh": 22}[proto]
+
    def get_connect_host(self, use_ipv6=False):
        """Get public hostname."""
        if self.firewall_host is None:
            return _('None')
-        try:
-            if use_ipv6:
-                return self.firewall_host.record_set.filter(type='AAAA')[0].get_data()['name']
-            else:
-                if self.template.network.nat:
-                    ip = self.firewall_host.pub_ipv4
-                    return Record.objects.filter(type='A', address=ip)[0].get_data()['name']
-                else:
-                    return self.firewall_host.record_set.filter(type='A')[0].get_data()['name']
-        except:
-            if self.template.network.nat:
-                return self.firewall_host.pub_ipv4
-            else:
-                return self.firewall_host.ipv4
+        proto = 'ipv6' if use_ipv6 else 'ipv4'
+        return self.firewall_host.get_hostname(proto=proto)

    def get_connect_uri(self, use_ipv6=False):
        """Get access parameters in URI format."""

--- a/one/templates/show.html
+++ b/one/templates/show.html
@@ -163,7 +163,7 @@
                            {% endif %}
                        </td>
                        <td>
-                            <a href="{% url one.views.vm_port_del i.id port.proto port.public %}">{% trans "Delete" %}</a>
+                            <a href="{% url one.views.vm_port_del i.id port.proto port.private %}">{% trans "Delete" %}</a>
                        </td>
                    </tr>
                    <tr>
@@ -182,7 +182,7 @@
                            {% endif %}
                        </td>
                        <td>
-                            <a href="{% url one.views.vm_port_del i.id port.proto port.public %}">{% trans "Delete" %}</a>
+                            <a href="{% url one.views.vm_port_del i.id port.proto port.private %}">{% trans "Delete" %}</a>
                        </td>
                    </tr>
                    {% endfor %}
@@ -198,7 +198,7 @@
                            </select>
                        </td>
                        <td>
-                            <input style="min-width:70px;width:70px;" type="text" name="public"/>
+                            <input style="min-width:70px;width:70px;" type="text" name="port"/>
                        </td>
                        <td>
                            <input type="submit" style="min-width:3em" value="{% trans "Add" %}" />

--- a/one/views.py
+++ b/one/views.py
@@ -423,20 +423,20 @@ def boot_token(request, token):
 class VmPortAddView(View):
    def post(self, request, iid, *args, **kwargs):
        try:
-            public = int(request.POST['public'])
-
-            if public >= 22000 and public < 24000:
-                raise ValidationError(_("Port number is in a restricted domain (22000 to 24000)."))
+            port = int(request.POST['port'])
            inst = get_object_or_404(Instance, id=iid, owner=request.user)
-            if inst.template.network.nat:
-                private = private=int(request.POST['private'])
+            if inst.firewall_host.shared_ip:
+                inst.firewall_host.add_port(proto=request.POST['proto'],
+                        public=None, private=port)
            else:
-                private = 0
-            inst.firewall_host.add_port(proto=request.POST['proto'], public=public, private=private)
-            messages.success(request, _(u"Port %d successfully added.") % public)
+                inst.firewall_host.add_port(proto=request.POST['proto'],
+                        public=private, private=None)
+
        except:
            messages.error(request, _(u"Adding port failed."))
-#            raise
+            raise
+        else:
+            messages.success(request, _(u"Port %d successfully added.") % port)
        return redirect('/vm/show/%d/' % int(iid))

    def get(self, request, iid, *args, **kwargs):
@@ -447,11 +447,12 @@ vm_port_add = login_required(VmPortAddView.as_view())
 @require_safe
 @login_required
 @require_GET
-def vm_port_del(request, iid, proto, public):
+def vm_port_del(request, iid, proto, private):
    inst = get_object_or_404(Instance, id=iid, owner=request.user)
    try:
-        inst.firewall_host.del_port(proto=proto, public=public)
-        messages.success(request, _(u"Port %s successfully removed.") % public)
+        inst.firewall_host.del_port(proto=proto, private=private)
+        messages.success(request, _(u"Port %s successfully removed.") %
+                private)
    except:
        messages.error(request, _(u"Removing port failed."))
    return redirect('/vm/show/%d/' % int(iid))