use check_acl for dns->no acl
This commit is contained in:
Oliver Gorwits
@@ -8,6 +8,8 @@ use Net::DNS;
|
|||||||
use AnyEvent::DNS;
|
use AnyEvent::DNS;
|
||||||
use NetAddr::IP::Lite ':lower';
|
use NetAddr::IP::Lite ':lower';
|
||||||
|
|
||||||
|
use App::Netdisco::Util::Permission 'check_acl';
|
||||||
|
|
||||||
use base 'Exporter';
|
use base 'Exporter';
|
||||||
our @EXPORT = ();
|
our @EXPORT = ();
|
||||||
our @EXPORT_OK = qw/
|
our @EXPORT_OK = qw/
|
||||||
@@ -119,6 +121,7 @@ addresses which resolved.
|
|||||||
|
|
||||||
sub hostnames_resolve_async {
|
sub hostnames_resolve_async {
|
||||||
my $ips = shift;
|
my $ips = shift;
|
||||||
|
my $skip = setting('dns')->{'no'};
|
||||||
|
|
||||||
# Set up the condvar
|
# Set up the condvar
|
||||||
my $done = AE::cv;
|
my $done = AE::cv;
|
||||||
@@ -126,7 +129,7 @@ sub hostnames_resolve_async {
|
|||||||
|
|
||||||
IP: foreach my $hash_ref (@$ips) {
|
IP: foreach my $hash_ref (@$ips) {
|
||||||
my $ip = $hash_ref->{'ip'} || $hash_ref->{'alias'};
|
my $ip = $hash_ref->{'ip'} || $hash_ref->{'alias'};
|
||||||
next IP if no_resolve($ip);
|
next IP if check_acl($ip, $skip);
|
||||||
|
|
||||||
# check /etc/hosts file and short-circuit if found
|
# check /etc/hosts file and short-circuit if found
|
||||||
foreach my $name (reverse sort keys %HOSTS) {
|
foreach my $name (reverse sort keys %HOSTS) {
|
||||||
@@ -153,31 +156,4 @@ sub hostnames_resolve_async {
|
|||||||
return $ips;
|
return $ips;
|
||||||
}
|
}
|
||||||
|
|
||||||
=head2 no_resolve( $ip )
|
|
||||||
|
|
||||||
Given an IP address, returns true if excluded from DNS resolution by the
|
|
||||||
"C<< dns -> no >>" configuration directive, otherwise returns false.
|
|
||||||
|
|
||||||
=cut
|
|
||||||
|
|
||||||
sub no_resolve {
|
|
||||||
my $ip = shift;
|
|
||||||
|
|
||||||
my $config = setting('dns')->{no} || [];
|
|
||||||
return 0 if not scalar @$config;
|
|
||||||
|
|
||||||
my $addr = NetAddr::IP::Lite->new($ip)
|
|
||||||
or return 1;
|
|
||||||
|
|
||||||
foreach my $item (@$config) {
|
|
||||||
my $c_ip = NetAddr::IP::Lite->new($item)
|
|
||||||
or next;
|
|
||||||
next unless $c_ip->bits == $addr->bits;
|
|
||||||
|
|
||||||
return 1 if ($c_ip->contains($addr));
|
|
||||||
}
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
|
||||||
|
|||||||
@@ -86,13 +86,14 @@ sub check_acl {
|
|||||||
|
|
||||||
$config = [$config] if ref [] ne ref $config;
|
$config = [$config] if ref [] ne ref $config;
|
||||||
my $addr = NetAddr::IP::Lite->new($real_ip);
|
my $addr = NetAddr::IP::Lite->new($real_ip);
|
||||||
my $name = hostname_from_ip($addr->addr) || '!!NO_HOSTNAME!!';
|
|
||||||
my $all = (scalar grep {m/^op:and$/} @$config);
|
my $all = (scalar grep {m/^op:and$/} @$config);
|
||||||
|
my $name = undef; # only look up once, and only if qr// is used
|
||||||
|
|
||||||
INLIST: foreach my $item (@$config) {
|
INLIST: foreach my $item (@$config) {
|
||||||
next INLIST if $item eq 'op:and';
|
next INLIST if $item eq 'op:and';
|
||||||
|
|
||||||
if (ref qr// eq ref $item) {
|
if (ref qr// eq ref $item) {
|
||||||
|
$name = ($name || hostname_from_ip($addr->addr) || '!!none!!');
|
||||||
if ($name =~ $item) {
|
if ($name =~ $item) {
|
||||||
return 1 if not $all;
|
return 1 if not $all;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user