diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/Bcfg2/Server/Core.py | 7 | ||||
| -rw-r--r-- | src/lib/Bcfg2/Server/Plugins/Acl.py | 10 |
2 files changed, 13 insertions, 4 deletions
diff --git a/src/lib/Bcfg2/Server/Core.py b/src/lib/Bcfg2/Server/Core.py index c9fd76325..c01b493de 100644 --- a/src/lib/Bcfg2/Server/Core.py +++ b/src/lib/Bcfg2/Server/Core.py @@ -1072,13 +1072,12 @@ class BaseCore(object): return self.metadata.AuthenticateConnection(acert, user, password, address) - def check_acls(self, client): + def check_acls(self, client_ip): """ Check if client IP is in list of accepted IPs """ try: - return (client in self.plugins['Acl'].config.ips or - '*' in self.plugins['Acl'].config.ips) + return self.plugins['Acl'].config.check_acl(client_ip) except KeyError: - # No ACL means accept all incoming ips (wildcard) + # No ACL means accept all incoming ips return True @exposed diff --git a/src/lib/Bcfg2/Server/Plugins/Acl.py b/src/lib/Bcfg2/Server/Plugins/Acl.py index 71275de27..1f7b27b53 100644 --- a/src/lib/Bcfg2/Server/Plugins/Acl.py +++ b/src/lib/Bcfg2/Server/Plugins/Acl.py @@ -1,5 +1,6 @@ import os import logging +import netaddr import Bcfg2.Server.Plugin class AclFile(Bcfg2.Server.Plugin.XMLFileBacked): @@ -23,6 +24,7 @@ class AclFile(Bcfg2.Server.Plugin.XMLFileBacked): Bcfg2.Server.Plugin.XMLFileBacked.__init__(self, filename, fam=fam, should_monitor=True) self.core = core + self.cidr_ips = [] self.ips = [] self.logger = logging.getLogger(self.__class__.__name__) @@ -30,6 +32,14 @@ class AclFile(Bcfg2.Server.Plugin.XMLFileBacked): Bcfg2.Server.Plugin.XMLFileBacked.Index(self) for entry in self.xdata.xpath('//IPs'): [self.ips.append(i.get('name')) for i in entry.findall('IP')] + [self.cidr_ips.append(i.get('name')) for i in entry.findall('CIDR')] + + def check_acl(self, ip): + if ('*' in self.ips or + ip in self.ips or + IP(ip) in [CIDR(cidr_ip) for cidr_ip in self.cidr_ips]): + return True + return False class Acl(Bcfg2.Server.Plugin.Plugin, Bcfg2.Server.Plugin.Connector): |