9355f5c2b9
Squashed commit of the following:
commit 4081e22202693bd7c4ea00e95daad8e628c6fd5a
Author: Oliver Gorwits <oliver@cpan.org>
Date: Mon May 29 21:02:07 2023 +0100
large rename of check_acl* to acl_matches*
commit 3cfa284ddd24d68765c255578cc5c184afbdcd83
Author: Oliver Gorwits <oliver@cpan.org>
Date: Fri May 19 20:39:03 2023 +0100
update permission doc
commit 8c7bb93cc5e9fafb770f98f446e45cbd94b14894
Author: Oliver Gorwits <oliver@cpan.org>
Date: Wed May 17 21:50:07 2023 +0100
migrate most check_acl_only to acl_matches_only
commit c47f699f2a22f08f2f3e093ed0f24c891e6f9a82
Author: Oliver Gorwits <oliver@cpan.org>
Date: Wed May 17 21:39:19 2023 +0100
rename check_acl* to be acl_matches*
commit a884a22c3ab1f3262118c3a47ed8e25b0b0a7336
Author: Oliver Gorwits <oliver@cpan.org>
Date: Sun May 14 16:50:42 2023 +0100
update macsuck_no_deviceports to use acl_matches
commit 8c256af728721329b64d071fa529dfc844073ac6
Author: Oliver Gorwits <oliver@cpan.org>
Date: Sun May 7 22:54:33 2023 +0100
update hide_deviceports to use acl_matches multi @things
commit cd5d9978aba1da459be4fed4500f395df13f7784
Author: Oliver Gorwits <oliver@cpan.org>
Date: Sun May 7 22:53:38 2023 +0100
check_acl fix to allow all @things to offer a property before fallback to missing as empty string
commit 1a3ab9a7646e9f994f03126d45fc36e9e5a13ed5
Author: Oliver Gorwits <oliver@cpan.org>
Date: Tue May 2 15:31:17 2023 +0100
add ignore_deviceports to portproperties discover; improve comments
commit 51385ce89458dc939587dae902fda431719c22c9
Merge: b97c07d2 3f8ffe78
Author: Oliver Gorwits <oliver@cpan.org>
Date: Tue May 2 15:21:48 2023 +0100
Merge branch 'master' into og-acl_multidict
commit b97c07d237d750c1d9eb3095d8ff3908512eac2a
Author: Oliver Gorwits <oliver@cpan.org>
Date: Sat Mar 25 14:37:53 2023 +0000
add support for arrayref of items, and unblessed hash, to check_acl
206 lines
4.6 KiB
Perl
206 lines
4.6 KiB
Perl
package App::Netdisco::Util::Node;
|
|
|
|
use Dancer qw/:syntax :script/;
|
|
use Dancer::Plugin::DBIC 'schema';
|
|
|
|
use NetAddr::MAC;
|
|
use App::Netdisco::Util::Permission qw/acl_matches acl_matches_only/;
|
|
|
|
use base 'Exporter';
|
|
our @EXPORT = ();
|
|
our @EXPORT_OK = qw/
|
|
check_mac
|
|
is_nbtstatable
|
|
store_arp
|
|
/;
|
|
our %EXPORT_TAGS = (all => \@EXPORT_OK);
|
|
|
|
=head1 NAME
|
|
|
|
App::Netdisco::Util::Node
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
A set of helper subroutines to support parts of the Netdisco application.
|
|
|
|
There are no default exports, however the C<:all> tag will export all
|
|
subroutines.
|
|
|
|
=head1 EXPORT_OK
|
|
|
|
=head2 check_mac( $node, $device?, $port_macs? )
|
|
|
|
Given a MAC address, perform various sanity checks which need to be done
|
|
before writing an ARP/Neighbor entry to the database storage.
|
|
|
|
Returns false, and might log a debug level message, if the checks fail.
|
|
|
|
Returns a true value (the MAC address in IEEE format) if these checks pass:
|
|
|
|
=over 4
|
|
|
|
=item *
|
|
|
|
MAC address is well-formed (according to common formats)
|
|
|
|
=item *
|
|
|
|
MAC address is not all-zero, broadcast, CLIP, VRRP or HSRP
|
|
|
|
=back
|
|
|
|
Optionally pass a Device instance or IP to use in logging.
|
|
|
|
Optionally pass a cached set of Device port MAC addresses as the third
|
|
argument, in which case an additional check is added:
|
|
|
|
=over 4
|
|
|
|
=item *
|
|
|
|
MAC address does not belong to an interface on any known Device
|
|
|
|
=back
|
|
|
|
=cut
|
|
|
|
sub check_mac {
|
|
my ($node, $device, $port_macs) = @_;
|
|
return 0 if !$node;
|
|
|
|
my $mac = NetAddr::MAC->new(mac => ($node || ''));
|
|
my $devip = ($device ? (ref $device ? $device->ip : $device) : '');
|
|
$port_macs ||= {};
|
|
|
|
# incomplete MAC addresses (BayRS frame relay DLCI, etc)
|
|
if (!defined $mac or $mac->errstr) {
|
|
debug sprintf ' [%s] check_mac - mac [%s] malformed - skipping',
|
|
$devip, $node;
|
|
return 0;
|
|
}
|
|
else {
|
|
# lower case, hex, colon delimited, 8-bit groups
|
|
$node = lc $mac->as_ieee;
|
|
}
|
|
|
|
# broadcast MAC addresses
|
|
return 0 if $mac->is_broadcast;
|
|
|
|
# all-zero MAC addresses
|
|
return 0 if $node eq '00:00:00:00:00:00';
|
|
|
|
# CLIP
|
|
return 0 if $node eq '00:00:00:00:00:01';
|
|
|
|
# multicast
|
|
if ($mac->is_multicast and not $mac->is_msnlb) {
|
|
debug sprintf ' [%s] check_mac - multicast mac [%s] - skipping',
|
|
$devip, $node;
|
|
return 0;
|
|
}
|
|
|
|
# VRRP
|
|
if ($mac->is_vrrp) {
|
|
debug sprintf ' [%s] check_mac - VRRP mac [%s] - skipping',
|
|
$devip, $node;
|
|
return 0;
|
|
}
|
|
|
|
# HSRP
|
|
if ($mac->is_hsrp or $mac->is_hsrp2) {
|
|
debug sprintf ' [%s] check_mac - HSRP mac [%s] - skipping',
|
|
$devip, $node;
|
|
return 0;
|
|
}
|
|
|
|
# device's own MACs
|
|
if ($port_macs and exists $port_macs->{$node}) {
|
|
debug sprintf ' [%s] check_mac - mac [%s] is device port - skipping',
|
|
$devip, $node;
|
|
return 0;
|
|
}
|
|
|
|
return $node;
|
|
}
|
|
|
|
=head2 is_nbtstatable( $ip )
|
|
|
|
Given an IP address, returns C<true> if Netdisco on this host is permitted by
|
|
the local configuration to nbtstat the node.
|
|
|
|
The configuration items C<nbtstat_no> and C<nbtstat_only> are checked
|
|
against the given IP.
|
|
|
|
Returns false if the host is not permitted to nbtstat the target node.
|
|
|
|
=cut
|
|
|
|
sub is_nbtstatable {
|
|
my $ip = shift;
|
|
|
|
return if acl_matches($ip, 'nbtstat_no');
|
|
|
|
return unless acl_matches_only($ip, 'nbtstat_only');
|
|
|
|
return 1;
|
|
}
|
|
|
|
=head2 store_arp( \%host, $now? )
|
|
|
|
Stores a new entry to the C<node_ip> table with the given MAC, IP (v4 or v6)
|
|
and DNS host name. Host details are provided in a Hash ref:
|
|
|
|
{
|
|
ip => '192.0.2.1',
|
|
node => '00:11:22:33:44:55',
|
|
dns => 'myhost.example.com',
|
|
}
|
|
|
|
The C<dns> entry is optional. The update will mark old entries for this IP as
|
|
no longer C<active>.
|
|
|
|
Optionally a literal string can be passed in the second argument for the
|
|
C<time_last> timestamp, otherwise the current timestamp (C<LOCALTIMESTAMP>) is used.
|
|
|
|
=cut
|
|
|
|
sub store_arp {
|
|
my ($hash_ref, $now) = @_;
|
|
$now ||= 'LOCALTIMESTAMP';
|
|
my $ip = $hash_ref->{'ip'};
|
|
my $mac = NetAddr::MAC->new(mac => ($hash_ref->{'node'} || $hash_ref->{'mac'} || ''));
|
|
my $name = $hash_ref->{'dns'};
|
|
|
|
return if !defined $mac or $mac->errstr;
|
|
|
|
debug sprintf 'store_arp - mac %s ip %s', $mac->as_ieee, $ip;
|
|
|
|
schema(vars->{'tenant'})->txn_do(sub {
|
|
schema(vars->{'tenant'})->resultset('NodeIp')
|
|
->search(
|
|
{ ip => $ip, -bool => 'active'},
|
|
{ columns => [qw/mac ip/] })->update({active => \'false'});
|
|
|
|
my $row = schema(vars->{'tenant'})->resultset('NodeIp')
|
|
->update_or_new(
|
|
{
|
|
mac => $mac->as_ieee,
|
|
ip => $ip,
|
|
dns => $name,
|
|
active => \'true',
|
|
time_last => \$now,
|
|
},
|
|
{
|
|
key => 'primary',
|
|
for => 'update',
|
|
});
|
|
|
|
if (! $row->in_storage) {
|
|
$row->set_column(time_first => \$now);
|
|
$row->insert;
|
|
}
|
|
});
|
|
}
|
|
|
|
1;
|