From aea6ef768d3f61e38f311399c2d81bcc3c8dd11f Mon Sep 17 00:00:00 2001
From: NaruX <akira@narux.de>
Date: Thu, 5 Apr 2018 14:58:45 +0200
Subject: [PATCH] PLC-Slave ACL wird gegen bestehende Verbindungen angewendet

---
 doc/picontrolserver.html       | 11 ++++++++++-
 eric-revpipyload.api           |  1 +
 revpipyload.e4p                |  4 ++--
 revpipyload/picontrolserver.py | 19 +++++++++++++++++++
 revpipyload/revpipyload.py     |  8 ++++++--
 setup.py                       |  2 +-
 6 files changed, 39 insertions(+), 6 deletions(-)

diff --git a/doc/picontrolserver.html b/doc/picontrolserver.html
index ac57eb0..816899f 100644
--- a/doc/picontrolserver.html
+++ b/doc/picontrolserver.html
@@ -63,6 +63,9 @@ Methods</h3>
 <td><a style="color:#0000FF" href="#RevPiSlave.__init__">RevPiSlave</a></td>
 <td>Instantiiert RevPiSlave-Klasse.</td>
 </tr><tr>
+<td><a style="color:#0000FF" href="#RevPiSlave.check_connectedacl">check_connectedacl</a></td>
+<td>Prueft bei neuen ACLs bestehende Verbindungen.</td>
+</tr><tr>
 <td><a style="color:#0000FF" href="#RevPiSlave.newlogfile">newlogfile</a></td>
 <td>Konfiguriert die FileHandler auf neue Logdatei.</td>
 </tr><tr>
@@ -92,7 +95,13 @@ AclManager <class 'IpAclManager'>
 <dd>
 Listen Port fuer plc Slaveserver
 </dd>
-</dl><a NAME="RevPiSlave.newlogfile" ID="RevPiSlave.newlogfile"></a>
+</dl><a NAME="RevPiSlave.check_connectedacl" ID="RevPiSlave.check_connectedacl"></a>
+<h3 style="background-color:#FFFFFF;color:#FF0000">
+RevPiSlave.check_connectedacl</h3>
+<b>check_connectedacl</b>(<i></i>)
+<p>
+Prueft bei neuen ACLs bestehende Verbindungen.
+</p><a NAME="RevPiSlave.newlogfile" ID="RevPiSlave.newlogfile"></a>
 <h3 style="background-color:#FFFFFF;color:#FF0000">
 RevPiSlave.newlogfile</h3>
 <b>newlogfile</b>(<i></i>)
diff --git a/eric-revpipyload.api b/eric-revpipyload.api
index 11fd074..8921fbc 100644
--- a/eric-revpipyload.api
+++ b/eric-revpipyload.api
@@ -12,6 +12,7 @@ logsystem.PipeLogwriter.newlogfile?4()
 logsystem.PipeLogwriter.run?4()
 logsystem.PipeLogwriter.stop?4()
 logsystem.PipeLogwriter?1(logfilename)
+picontrolserver.RevPiSlave.check_connectedacl?4()
 picontrolserver.RevPiSlave.newlogfile?4()
 picontrolserver.RevPiSlave.run?4()
 picontrolserver.RevPiSlave.stop?4()
diff --git a/revpipyload.e4p b/revpipyload.e4p
index d2fe227..1141676 100644
--- a/revpipyload.e4p
+++ b/revpipyload.e4p
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE Project SYSTEM "Project-5.1.dtd">
 <!-- eric project file for project revpipyload -->
-<!-- Saved: 2018-04-05, 14:14:27 -->
+<!-- Saved: 2018-04-05, 14:57:19 -->
 <!-- Copyright (C) 2018 Sven Sager, akira@narux.de -->
 <Project version="5.1">
   <Language>en_US</Language>
@@ -9,7 +9,7 @@
   <ProgLanguage mixed="0">Python3</ProgLanguage>
   <ProjectType>Console</ProjectType>
   <Description>Dieser Loader wird über das Init-System geladen und führt das angegebene Pythonprogramm aus. Es ist für den RevolutionPi gedacht um automatisch das SPS-Programm zu starten.</Description>
-  <Version>0.6.3</Version>
+  <Version>0.6.4</Version>
   <Author>Sven Sager</Author>
   <Email>akira@narux.de</Email>
   <Eol index="1"/>
diff --git a/revpipyload/picontrolserver.py b/revpipyload/picontrolserver.py
index 809a8e8..3fb8705 100644
--- a/revpipyload/picontrolserver.py
+++ b/revpipyload/picontrolserver.py
@@ -44,6 +44,25 @@ class RevPiSlave(Thread):
         self.zeroonerror = False
         self.zeroonexit = False
 
+    def check_connectedacl(self):
+        """Prueft bei neuen ACLs bestehende Verbindungen."""
+        for dev in self._th_dev:
+            ip,  port = dev._addr
+            level = self.__ipacl.get_acllevel(ip)
+            if level < 0:
+                # Verbindung killen
+                proginit.logger.warning(
+                    "client {} not in acl - disconnect!".format(ip)
+                )
+                dev.stop()
+            elif level != dev._acl:
+                # ACL Level anpassen
+                proginit.logger.warning(
+                    "change acl level from {} to {} on existing connection {}"
+                    "".format(level, dev._acl, ip)
+                )
+                dev._acl = level
+
     def newlogfile(self):
         """Konfiguriert die FileHandler auf neue Logdatei."""
         pass
diff --git a/revpipyload/revpipyload.py b/revpipyload/revpipyload.py
index 509a38d..1c9185a 100755
--- a/revpipyload/revpipyload.py
+++ b/revpipyload/revpipyload.py
@@ -50,7 +50,7 @@ from time import asctime
 from xmlrpc.client import Binary
 from xrpcserver import SaveXMLRPCServer
 
-pyloadversion = "0.6.3"
+pyloadversion = "0.6.4"
 
 
 class RevPiPyLoad():
@@ -191,7 +191,7 @@ class RevPiPyLoad():
             self.plcslave = \
                 int(self.globalconfig["PLCSLAVE"].get("plcslave", 0))
 
-            # Berechtigungen laden, wenn aktiv ist
+            # Berechtigungen laden
             if not self.plcslaveacl.loadaclfile(
                     self.globalconfig["PLCSLAVE"].get("aclfile", "")):
                 proginit.logger.warning(
@@ -268,6 +268,10 @@ class RevPiPyLoad():
                 proginit.logger.info("restart plc slave after reload")
                 self.th_plcslave.start()
 
+        # PLC-Slave ACL prüfen
+        if self.th_plcslave is not None:
+            self.th_plcslave.check_connectedacl()
+
         # XMLRPC-Server Instantiieren und konfigurieren
         if self.xmlrpc == 0:
             self.xmlrpc = None
diff --git a/setup.py b/setup.py
index 9565b6d..9e6a1b3 100644
--- a/setup.py
+++ b/setup.py
@@ -27,7 +27,7 @@ setup(
 
     license="LGPLv3",
     name="revpipyload",
-    version="0.6.3",
+    version="0.6.4",
 
     scripts=["data/revpipyload"],