CIDR notation working for IP based ACLs

author: Matt Schwager <schwag09@gmail.com> 2012-10-29 13:35:59 -0400
committer: Chris St. Pierre <chris.a.st.pierre@gmail.com> 2013-02-12 08:35:32 -0500
commit: ee0911a6183f4d367719804e695039051851ef3f (patch)
tree: 4d2c82028c8d50b7785c44b98916e1cc1733cf00 /src
parent: 0253b04b9ba7c3e4ef139bf352b7a57de823daaa (diff)
download: bcfg2-ee0911a6183f4d367719804e695039051851ef3f.tar.gz
bcfg2-ee0911a6183f4d367719804e695039051851ef3f.tar.bz2
bcfg2-ee0911a6183f4d367719804e695039051851ef3f.zip
1 files changed, 4 insertions, 3 deletions
diff --git a/src/lib/Bcfg2/Server/Plugins/Acl.py b/src/lib/Bcfg2/Server/Plugins/Acl.py
index 1f7b27b53..cdfe9e181 100644
--- a/src/lib/Bcfg2/Server/Plugins/Acl.py
+++ b/src/lib/Bcfg2/Server/Plugins/Acl.py
@@ -35,10 +35,11 @@ class AclFile(Bcfg2.Server.Plugin.XMLFileBacked):
             [self.cidr_ips.append(i.get('name')) for i in entry.findall('CIDR')]
     
     def check_acl(self, ip):
-        if ('*' in self.ips or 
-            ip in self.ips  or
-            IP(ip) in [CIDR(cidr_ip) for cidr_ip in self.cidr_ips]):
+        if ip in self.ips:
             return True
+        for cidr_ip in self.cidr_ips:
+            if netaddr.IPAddress(ip) in netaddr.IPNetwork(cidr_ip):
+                return True
         return False
 
 class Acl(Bcfg2.Server.Plugin.Plugin,
author	Matt Schwager <schwag09@gmail.com>	2012-10-29 13:35:59 -0400
committer	Chris St. Pierre <chris.a.st.pierre@gmail.com>	2013-02-12 08:35:32 -0500
commit	ee0911a6183f4d367719804e695039051851ef3f (patch)
tree	4d2c82028c8d50b7785c44b98916e1cc1733cf00 /src
parent	0253b04b9ba7c3e4ef139bf352b7a57de823daaa (diff)
download	bcfg2-ee0911a6183f4d367719804e695039051851ef3f.tar.gz bcfg2-ee0911a6183f4d367719804e695039051851ef3f.tar.bz2 bcfg2-ee0911a6183f4d367719804e695039051851ef3f.zip