1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
import os
import logging
import netaddr
import Bcfg2.Server.Plugin
class AclFile(Bcfg2.Server.Plugin.XMLFileBacked):
""" representation of ACL config.xml """
# 'name' error without this tag
__identifier__ = None
def __init__(self, filename, core=None):
# create config.xml if missing
if not os.path.exists(filename):
LOGGER.warning("Acl: %s missing. "
"Creating empty one for you." % filename)
open(filename, "w").write("<IPs></IPs>")
try:
fam = core.fam
except AttributeError:
fam = None
Bcfg2.Server.Plugin.XMLFileBacked.__init__(self, filename, fam=fam,
should_monitor=True)
self.core = core
self.cidr_ips = []
self.ips = []
self.logger = logging.getLogger(self.__class__.__name__)
def Index(self):
Bcfg2.Server.Plugin.XMLFileBacked.Index(self)
for entry in self.xdata.xpath('//IPs'):
[self.ips.append(i.get('name')) for i in entry.findall('IP')]
[self.cidr_ips.append(i.get('name')) for i in entry.findall('CIDR')]
def check_acl(self, ip):
if ip in self.ips:
return True
for cidr_ip in self.cidr_ips:
if netaddr.IPAddress(ip) in netaddr.IPNetwork(cidr_ip):
return True
return False
class Acl(Bcfg2.Server.Plugin.Plugin,
Bcfg2.Server.Plugin.Connector):
""" allow connections to bcfg-server based on IP address """
def __init__(self, core, datastore):
Bcfg2.Server.Plugin.Plugin.__init__(self, core, datastore)
Bcfg2.Server.Plugin.Connector.__init__(self)
self.config = AclFile(os.path.join(self.data, 'config.xml'), core=core)
|