+static gboolean
+is_disk_allowed(
+ disk_t *disk)
+{
+ dumptype_t *dt = disk->config;
+ host_limit_t *rl = NULL;
+ char *peer;
+ char *dle_hostname;
+ GSList *iter;
+
+ /* get the config: either for the DLE or the global config */
+ if (dt) {
+ if (dumptype_seen(dt, DUMPTYPE_RECOVERY_LIMIT)) {
+ g_debug("using recovery limit from DLE");
+ rl = dumptype_get_recovery_limit(dt);
+ }
+ }
+ if (!rl) {
+ if (getconf_seen(CNF_RECOVERY_LIMIT)) {
+ g_debug("using global recovery limit");
+ rl = getconf_recovery_limit(CNF_RECOVERY_LIMIT);
+ }
+ }
+ if (!rl) {
+ g_debug("no recovery limit found; allowing access");
+ return TRUE;
+ }
+
+ peer = getenv("AMANDA_AUTHENTICATED_PEER");
+ if (!peer || !*peer) {
+ g_warning("DLE has a recovery-limit, but no authenticated peer name is "
+ "available; rejecting");
+ return FALSE;
+ }
+
+ /* check same-host */
+ dle_hostname = disk->host? disk->host->hostname : NULL;
+ if (rl->same_host && dle_hostname) {
+ if (0 == g_ascii_strcasecmp(peer, dle_hostname)) {
+ g_debug("peer matched same-host ('%s')", dle_hostname);
+ return TRUE;
+ }
+ }
+
+ /* check server */
+ if (rl->server) {
+ char myhostname[MAX_HOSTNAME_LENGTH+1];
+ if (gethostname(myhostname, MAX_HOSTNAME_LENGTH) == 0) {
+ myhostname[MAX_HOSTNAME_LENGTH] = '\0';
+ g_debug("server hostname: %s", myhostname);
+ if (0 == g_ascii_strcasecmp(peer, myhostname)) {
+ g_debug("peer matched server ('%s')", myhostname);
+ return TRUE;
+ }
+ }
+ }
+
+ /* check the match list */
+ for (iter = rl->match_pats; iter; iter = iter->next) {
+ char *pat = iter->data;
+ if (match_host(pat, peer))
+ return TRUE;
+ }
+
+ g_warning("peer '%s' does not match any of the recovery-limit restrictions; rejecting",
+ peer);
+
+ return FALSE;
+}
+