X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=blobdiff_plain;f=src%2FPVE%2FAPI2%2FFirewall%2FAliases.pm;h=33ac669d6381f76c6f5c8ce46156925bb22ca1d7;hp=2a66abdbbe72d47ff179f10cddfa37e0e64ca13f;hb=HEAD;hpb=75a12a9d84e749011676edc8a52afd6c685bbae2

diff --git a/src/PVE/API2/Firewall/Aliases.pm b/src/PVE/API2/Firewall/Aliases.pm
index 2a66abd..33ac669 100644
--- a/src/PVE/API2/Firewall/Aliases.pm
+++ b/src/PVE/API2/Firewall/Aliases.pm
@@ -25,6 +25,12 @@ my $api_properties = {
     },
 };
 
+sub lock_config {
+    my ($class, $param, $code) = @_;
+
+    die "implement this in subclass";
+}
+
 sub load_config {
     my ($class, $param) = @_;
 
@@ -137,19 +143,23 @@ sub register_create_alias {
 	code => sub {
 	    my ($param) = @_;
 
-	    my ($fw_conf, $aliases) = $class->load_config($param);
+	    $class->lock_config($param, sub {
+		my ($param) = @_;
 
-	    my $name = lc($param->{name});
+		my ($fw_conf, $aliases) = $class->load_config($param);
+
+		my $name = lc($param->{name});
 
-	    raise_param_exc({ name => "alias '$param->{name}' already exists" })
-		if defined($aliases->{$name});
+		raise_param_exc({ name => "alias '$param->{name}' already exists" })
+		    if defined($aliases->{$name});
 
-	    my $data = { name => $param->{name}, cidr => $param->{cidr} };
-	    $data->{comment} = $param->{comment} if $param->{comment};
+		my $data = { name => $param->{name}, cidr => $param->{cidr} };
+		$data->{comment} = $param->{comment} if $param->{comment};
 
-	    $aliases->{$name} = $data;
+		$aliases->{$name} = $data;
 
-	    $class->save_aliases($param, $fw_conf, $aliases);
+		$class->save_aliases($param, $fw_conf, $aliases);
+	    });
 
 	    return undef;
 	}});
@@ -213,35 +223,39 @@ sub register_update_alias {
 	code => sub {
 	    my ($param) = @_;
 
-	    my ($fw_conf, $aliases) = $class->load_config($param);
+	    $class->lock_config($param, sub {
+		my ($param) = @_;
 
-	    my $list = &$aliases_to_list($aliases);
+		my ($fw_conf, $aliases) = $class->load_config($param);
 
-	    my (undef, $digest) = PVE::Firewall::copy_list_with_digest($list);
+		my $list = &$aliases_to_list($aliases);
 
-	    PVE::Tools::assert_if_modified($digest, $param->{digest});
+		my (undef, $digest) = PVE::Firewall::copy_list_with_digest($list);
 
-	    my $name = lc($param->{name});
+		PVE::Tools::assert_if_modified($digest, $param->{digest});
 
-	    raise_param_exc({ name => "no such alias" }) if !$aliases->{$name};
+		my $name = lc($param->{name});
 
-	    my $data = { name => $param->{name}, cidr => $param->{cidr} };
-	    $data->{comment} = $param->{comment} if $param->{comment};
+		raise_param_exc({ name => "no such alias" }) if !$aliases->{$name};
 
-	    $aliases->{$name} = $data;
+		my $data = { name => $param->{name}, cidr => $param->{cidr} };
+		$data->{comment} = $param->{comment} if $param->{comment};
 
-	    my $rename = $param->{rename};
-	    $rename = lc($rename) if $rename;
+		$aliases->{$name} = $data;
 
-	    if ($rename && ($name ne $rename)) {
-		raise_param_exc({ name => "alias '$param->{rename}' already exists" })
-		    if defined($aliases->{$rename});
-		$aliases->{$name}->{name} = $param->{rename};
-		$aliases->{$rename} = $aliases->{$name};
-		delete $aliases->{$name};
-	    }
+		my $rename = $param->{rename};
+		$rename = lc($rename) if $rename;
+
+		if ($rename && ($name ne $rename)) {
+		    raise_param_exc({ name => "alias '$param->{rename}' already exists" })
+			if defined($aliases->{$rename});
+		    $aliases->{$name}->{name} = $param->{rename};
+		    $aliases->{$rename} = $aliases->{$name};
+		    delete $aliases->{$name};
+		}
 
-	    $class->save_aliases($param, $fw_conf, $aliases);
+		$class->save_aliases($param, $fw_conf, $aliases);
+	    });
 
 	    return undef;
 	}});
@@ -270,16 +284,20 @@ sub register_delete_alias {
 	code => sub {
 	    my ($param) = @_;
 
-	    my ($fw_conf, $aliases) = $class->load_config($param);
+	    $class->lock_config($param, sub {
+		my ($param) = @_;
 
-	    my $list = &$aliases_to_list($aliases);
-	    my (undef, $digest) = PVE::Firewall::copy_list_with_digest($list);
-	    PVE::Tools::assert_if_modified($digest, $param->{digest});
+		my ($fw_conf, $aliases) = $class->load_config($param);
 
-	    my $name = lc($param->{name});
-	    delete $aliases->{$name};
+		my $list = &$aliases_to_list($aliases);
+		my (undef, $digest) = PVE::Firewall::copy_list_with_digest($list);
+		PVE::Tools::assert_if_modified($digest, $param->{digest});
+
+		my $name = lc($param->{name});
+		delete $aliases->{$name};
 
-	    $class->save_aliases($param, $fw_conf, $aliases);
+		$class->save_aliases($param, $fw_conf, $aliases);
+	    });
 
 	    return undef;
 	}});
@@ -308,6 +326,12 @@ sub rule_env {
     return 'cluster';
 }
 
+sub lock_config {
+    my ($class, $param, $code) = @_;
+
+    PVE::Firewall::lock_clusterfw_conf(10, $code, $param);
+}
+
 sub load_config {
     my ($class, $param) = @_;
 
@@ -345,6 +369,12 @@ __PACKAGE__->additional_parameters({
     vmid => get_standard_option('pve-vmid'),
 });
 
+sub lock_config {
+    my ($class, $param, $code) = @_;
+
+    PVE::Firewall::lock_vmfw_conf($param->{vmid}, 10, $code, $param);
+}
+
 sub load_config {
     my ($class, $param) = @_;
 
@@ -383,6 +413,12 @@ __PACKAGE__->additional_parameters({
     vmid => get_standard_option('pve-vmid'),
 });
 
+sub lock_config {
+    my ($class, $param, $code) = @_;
+
+    PVE::Firewall::lock_vmfw_conf($param->{vmid}, 10, $code, $param);
+}
+
 sub load_config {
     my ($class, $param) = @_;