+ # check that the request-limit for this DLE allows this recovery. because
+ # of the bass-ackward way that amrecover specifies the dump to us, we can't
+ # check the results until *after* the plan was created.
+ my $dump = $plan->{'dumps'}->[0];
+ my $dle = Amanda::Disklist::get_disk($dump->{'hostname'}, $dump->{'diskname'});
+ my $recovery_limit;
+ if ($dle && dumptype_seen($dle->{'config'}, $DUMPTYPE_RECOVERY_LIMIT)) {
+ debug("using DLE recovery limit");
+ $recovery_limit = dumptype_getconf($dle->{'config'}, $DUMPTYPE_RECOVERY_LIMIT);
+ } elsif (getconf_seen($CNF_RECOVERY_LIMIT)) {
+ debug("using global recovery limit as default");
+ $recovery_limit = getconf($CNF_RECOVERY_LIMIT);
+ }
+ my $peer = $ENV{'AMANDA_AUTHENTICATED_PEER'};
+ if (defined $recovery_limit) { # undef -> no recovery limit
+ if (!$peer) {
+ warning("a recovery limit is specified for this DLE, but no authenticated ".
+ "peer name is available; rejecting request.");
+ $self->sendmessage("No matching dumps found");
+ return $self->quit();
+ }
+ my $matched = 0;
+ for my $rl (@$recovery_limit) {
+ if (!defined $rl) {
+ # handle same-host with a case-insensitive string compare, not match_host
+ if (lc($peer) eq lc($dump->{'hostname'})) {
+ $matched = 1;
+ last;
+ }
+ } else {
+ # otherwise use match_host to allow match expressions
+ if (match_host($rl, $peer)) {
+ $matched = 1;
+ last;
+ }
+ }
+ }
+ if (!$matched) {
+ warning("authenticated peer '$peer' did not match recovery-limit ".
+ "config; rejecting request");
+ $self->sendmessage("No matching dumps found");
+ return $self->quit();
+ }
+ }
+