Adding new authorisations for reload on ip_ssh_eth0

2018-03-09 16:09:33 +01:00 · 2018-03-09 16:09:33 +01:00 · d33fa9c421
parent 0ff7961616
commit d33fa9c421
3 changed files with 21 additions and 2 deletions
--- a/creolefuncs/netmask.py
+++ b/creolefuncs/netmask.py
@ -0,0 +1,16 @@
+# -*- coding: utf-8 -*-
+
+def toCidr(ip,mask=False):
+    """ Convert to CIDR notation
+        ip can be like this : 192.168.5.100/255.255.255.0
+        or you can provide the ip and the mask
+    """
+    from IPy import IP
+    try:
+        if mask:
+            data="{0}/{1}".format(ip,mask)
+        else:
+            data=ip
+        return str(IP(data))
+    except:
+        return data
--- a/tmpl/handler-nginx.conf
+++ b/tmpl/handler-nginx.conf
@ -44,6 +44,9 @@ server {

  location = /reload {
    allow 127.0.0.1;
+%for ipaddr in %%ip_ssh_eth0
+	allow %%toCidr(%%ipaddr, %%ipaddr.netmask_ssh_eth0)
+%end for
    deny all;
    include /etc/nginx/fastcgi_params;
    fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
--- a/tmpl/lmConf-1.js
+++ b/tmpl/lmConf-1.js
@ -170,7 +170,7 @@
    "portalDisplayAppslist": 1,
    "confirmFormMethod": "post",
    "domain": "%%nom_domaine_local",
-    "cfgNum": "9",
+    "cfgNum": "1",
    "authentication": "LDAP",
    "samlNameIDFormatMapWindows": "uid",
    "authChoiceModules": {},
@ -354,7 +354,7 @@
    "mailUrl": "https://%%authWebName/mail.pl",
    "maintenance": 0,
    "jsRedirect": 0,
-    "cfgAuthor": "dwho",
+    "cfgAuthor": "Cadoles",
    "persistentStorageOptions": {
        "LockDirectory": "/var/lib/lemonldap-ng/psessions/lock",
        "Directory": "/var/lib/lemonldap-ng/psessions"