diff options
| author | Jeremy Allison <jra@samba.org> | 2011-03-24 12:11:02 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2011-03-24 13:07:36 -0700 |
| commit | 5176a0b2af1bb16e530412faaa2f36108f312a03 (patch) | |
| tree | 6c80fdef8ee87d81d3af446e7ec86e1c5df8eca1 | |
| parent | 72bd60b2fee20dc85c1cc88d5d4e2efdfb74b701 (diff) | |
| download | samba-5176a0b2af1bb16e530412faaa2f36108f312a03.tar.gz samba-5176a0b2af1bb16e530412faaa2f36108f312a03.tar.bz2 samba-5176a0b2af1bb16e530412faaa2f36108f312a03.zip | |
Fix is_myname_or_ipaddr() to be robust against strange DNS setups.
If IPv6 DNS names are turned on, but Samba isn't configured to
listen on an IPv6 interface, then is_myname_or_ipaddr() can return
false on a valid DNS name that it should detect is our own. If the
IPv6 addr is returned by preference, then looking at the first addr
only causes is_myname_or_ipaddr() to fail. We need to look at all the
addresses returned by the DNS lookup and check all of them against
our interface list. This is an order N^2 lookup, but there shouldn't
be enough addresses to make this a practical problem.
Jeremy.
| -rw-r--r-- | source3/lib/util_sock.c | 86 |
1 files changed, 56 insertions, 30 deletions
diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c index eea153ad91..0c7db2e134 100644 --- a/source3/lib/util_sock.c +++ b/source3/lib/util_sock.c @@ -1578,13 +1578,46 @@ const char *get_mydnsfullname(void) } /************************************************************ + Is this my ip address ? +************************************************************/ + +static bool is_my_ipaddr(const char *ipaddr_str) +{ + struct sockaddr_storage ss; + struct iface_struct *nics; + int i, n; + + if (!interpret_string_addr(&ss, ipaddr_str, AI_NUMERICHOST)) { + return false; + } + + if (ismyaddr((struct sockaddr *)&ss)) { + return true; + } + + if (is_zero_addr(&ss) || + is_loopback_addr((struct sockaddr *)&ss)) { + return false; + } + + n = get_interfaces(talloc_tos(), &nics); + for (i=0; i<n; i++) { + if (sockaddr_equal((struct sockaddr *)&nics[i].ip, (struct sockaddr *)&ss)) { + TALLOC_FREE(nics); + return true; + } + } + TALLOC_FREE(nics); + return false; +} + +/************************************************************ Is this my name ? ************************************************************/ bool is_myname_or_ipaddr(const char *s) { TALLOC_CTX *ctx = talloc_tos(); - char addr[INET6_ADDRSTRLEN]; char *name = NULL; const char *dnsname; char *servername = NULL; @@ -1632,45 +1665,38 @@ bool is_myname_or_ipaddr(const char *s) return true; } - /* Handle possible CNAME records - convert to an IP addr. */ - if (!is_ipaddress(servername)) { - /* Use DNS to resolve the name, but only the first address */ - struct sockaddr_storage ss; - if (interpret_string_addr(&ss, servername, 0)) { - print_sockaddr(addr, - sizeof(addr), - &ss); - servername = addr; - } - } - /* Maybe its an IP address? */ if (is_ipaddress(servername)) { - struct sockaddr_storage ss; - struct iface_struct *nics; - int i, n; - - if (!interpret_string_addr(&ss, servername, AI_NUMERICHOST)) { - return false; - } + return is_my_ipaddr(servername); + } - if (ismyaddr((struct sockaddr *)&ss)) { - return true; - } + /* Handle possible CNAME records - convert to an IP addr. list. */ + { + /* Use DNS to resolve the name, check all addresses. */ + struct addrinfo *p = NULL; + struct addrinfo *res = NULL; - if (is_zero_addr(&ss) || - is_loopback_addr((struct sockaddr *)&ss)) { + if (!interpret_string_addr_internal(&res, + servername, + AI_ADDRCONFIG)) { return false; } - n = get_interfaces(talloc_tos(), &nics); - for (i=0; i<n; i++) { - if (sockaddr_equal((struct sockaddr *)&nics[i].ip, (struct sockaddr *)&ss)) { - TALLOC_FREE(nics); + for (p = res; p; p = p->ai_next) { + char addr[INET6_ADDRSTRLEN]; + struct sockaddr_storage ss; + + ZERO_STRUCT(ss); + memcpy(&ss, p->ai_addr, p->ai_addrlen); + print_sockaddr(addr, + sizeof(addr), + &ss); + if (is_my_ipaddr(addr)) { + freeaddrinfo(res); return true; } } - TALLOC_FREE(nics); + freeaddrinfo(res); } /* No match */ |