dhcp: dnsmasq: untaint when deleting configuration files

[pve-network.git] / src / PVE / Network / SDN / Dhcp / Dnsmasq.pm

diff --git a/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm b/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
index a9843bfee48a346a3eb4433ca45958a09fd6d6e1..2844943e66eedc168857a4357215da50b68e3c3e 100644 (file)
--- a/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
+++ b/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
@@ -21,6 +21,18 @@ sub type {
     return 'dnsmasq';
 }
 
+my sub assert_dnsmasq_installed {
+    my ($noerr) = @_;
+
+    my $bin_path = "/usr/sbin/dnsmasq";
+    if (!-e $bin_path) {
+       return if $noerr; # just ignore, e.g., in case zone doesn't use DHCP at all
+       log_warn("please install the 'dnsmasq' package in order to use the DHCP feature!");
+       die "cannot reload with missing 'dnsmasq' package\n";
+    }
+    return 1;
+}
+
 sub add_ip_mapping {
     my ($class, $dhcpid, $macdb, $mac, $ip4, $ip6) = @_;
 
@@ -222,11 +234,19 @@ CFG
        $default_dnsmasq_config
     );
 
-    unlink glob "$config_directory/10-*.conf";
+    my @config_files = ();
+    PVE::Tools::dir_glob_foreach($config_directory, '10-.*\.conf', sub {
+       my ($file) = @_;
+       push @config_files, "$config_directory/$file";
+    });
+
+    unlink @config_files;
 }
 
 sub after_configure {
-    my ($class, $dhcpid) = @_;
+    my ($class, $dhcpid, $noerr) = @_;
+
+    return if !assert_dnsmasq_installed($noerr);
 
     my $service_name = "dnsmasq\@$dhcpid";
 
@@ -236,13 +256,9 @@ sub after_configure {
 }
 
 sub before_regenerate {
-    my ($class) = @_;
+    my ($class, $noerr) = @_;
 
-    my $bin_path = "/usr/sbin/dnsmasq";
-    if (!-e $bin_path) {
-       log_warn("Please install dnsmasq in order to use the DHCP feature!");
-       die;
-    }
+    return if !assert_dnsmasq_installed($noerr);
 
     PVE::Tools::run_command(['systemctl', 'stop', "dnsmasq@*"]);
     PVE::Tools::run_command(['systemctl', 'disable', 'dnsmasq@']);