135/netdisco
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

use check_acl for dns->no acl

Browse Source
This commit is contained in:
Oliver Gorwits
2017-05-10 21:13:03 +01:00
parent 156f2abfa7
commit 4df2bc45ea
2 changed files with 7 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
lib/App/Netdisco/Util/DNS.pm
View File

@@ -8,6 +8,8 @@ use Net::DNS;
use AnyEvent::DNS;
use NetAddr::IP::Lite ':lower';
use App::Netdisco::Util::Permission 'check_acl';
use base 'Exporter';
our @EXPORT = ();
our @EXPORT_OK = qw/
@@ -118,7 +120,8 @@ addresses which resolved.
=cut
sub hostnames_resolve_async {
my $ips = shift;
my $ips = shift;
my $skip = setting('dns')->{'no'};
# Set up the condvar
my $done = AE::cv;
@@ -126,7 +129,7 @@ sub hostnames_resolve_async {
IP: foreach my $hash_ref (@$ips) {
my $ip = $hash_ref->{'ip'} || $hash_ref->{'alias'};
next IP if no_resolve($ip);
next IP if check_acl($ip, $skip);
# check /etc/hosts file and short-circuit if found
foreach my $name (reverse sort keys %HOSTS) {
@@ -153,31 +156,4 @@ sub hostnames_resolve_async {
return $ips;
}
=head2 no_resolve( $ip )
Given an IP address, returns true if excluded from DNS resolution by the
"C<< dns -> no >>" configuration directive, otherwise returns false.
=cut
sub no_resolve {
my $ip = shift;
my $config = setting('dns')->{no} || [];
return 0 if not scalar @$config;
my $addr = NetAddr::IP::Lite->new($ip)
or return 1;
foreach my $item (@$config) {
my $c_ip = NetAddr::IP::Lite->new($item)
or next;
next unless $c_ip->bits == $addr->bits;
return 1 if ($c_ip->contains($addr));
}
return 0;
}
1;

3
lib/App/Netdisco/Util/Permission.pm
View File

@@ -86,13 +86,14 @@ sub check_acl {
$config = [$config] if ref [] ne ref $config;
my $addr = NetAddr::IP::Lite->new($real_ip);
my $name = hostname_from_ip($addr->addr) || '!!NO_HOSTNAME!!';
my $all = (scalar grep {m/^op:and$/} @$config);
my $name = undef; # only look up once, and only if qr// is used
INLIST: foreach my $item (@$config) {
next INLIST if $item eq 'op:and';
if (ref qr// eq ref $item) {
$name = ($name || hostname_from_ip($addr->addr) || '!!none!!');
if ($name =~ $item) {
return 1 if not $all;
}