diff options
author | Stefan Metzmacher <metze@samba.org> | 2011-04-24 21:20:19 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2011-04-25 17:41:56 +0200 |
commit | 4bfe2d5655d97fbc7e65744425b5a098e77f5ba1 (patch) | |
tree | e9d2b54120ba7e7c154c860895ea61a9eff56c39 | |
parent | 40e0079bae731f691a620a280b74ada951018458 (diff) | |
download | samba-4bfe2d5655d97fbc7e65744425b5a098e77f5ba1.tar.gz samba-4bfe2d5655d97fbc7e65744425b5a098e77f5ba1.tar.bz2 samba-4bfe2d5655d97fbc7e65744425b5a098e77f5ba1.zip |
s3:lib/access: normalize IPv4 mapped IPv6 addresses in both directions (bug #7383)
metze
-rw-r--r-- | source3/lib/access.c | 31 |
1 files changed, 17 insertions, 14 deletions
diff --git a/source3/lib/access.c b/source3/lib/access.c index a7475a5edc..f9cd9d547c 100644 --- a/source3/lib/access.c +++ b/source3/lib/access.c @@ -182,29 +182,32 @@ static bool string_match(const char *tok,const char *s) bool client_match(const char *tok, const void *item) { const char **client = (const char **)item; + const char *tok_addr = tok; + const char *cli_addr = client[ADDR_INDEX]; + + /* + * tok and client[ADDR_INDEX] can be an IPv4 mapped to IPv6, + * we try and match the IPv4 part of address only. + * Bug #5311 and #7383. + */ + + if (strnequal(tok_addr, "::ffff:",7)) { + tok_addr += 7; + } + + if (strnequal(cli_addr,"::ffff:",7)) { + cli_addr += 7; + } /* * Try to match the address first. If that fails, try to match the host * name if available. */ - if (string_match(tok, client[ADDR_INDEX])) { + if (string_match(tok_addr, cli_addr)) { return true; } - if (strnequal(client[ADDR_INDEX],"::ffff:",7) && - !strnequal(tok, "::ffff:",7)) { - /* client[ADDR_INDEX] is an IPv4 mapped to IPv6, but - * the list item is not. Try and match the IPv4 part of - * address only. This will happen a lot on IPv6 enabled - * systems with IPv4 allow/deny lists in smb.conf. - * Bug #5311. JRA. - */ - if (string_match(tok, (client[ADDR_INDEX])+7)) { - return true; - } - } - if (client[NAME_INDEX][0] != 0) { if (string_match(tok, client[NAME_INDEX])) { return true; |