summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2011-03-24 12:11:02 -0700
committerJeremy Allison <jra@samba.org>2011-03-24 13:07:36 -0700
commit5176a0b2af1bb16e530412faaa2f36108f312a03 (patch)
tree6c80fdef8ee87d81d3af446e7ec86e1c5df8eca1 /source3
parent72bd60b2fee20dc85c1cc88d5d4e2efdfb74b701 (diff)
downloadsamba-5176a0b2af1bb16e530412faaa2f36108f312a03.tar.gz
samba-5176a0b2af1bb16e530412faaa2f36108f312a03.tar.bz2
samba-5176a0b2af1bb16e530412faaa2f36108f312a03.zip
Fix is_myname_or_ipaddr() to be robust against strange DNS setups.
If IPv6 DNS names are turned on, but Samba isn't configured to listen on an IPv6 interface, then is_myname_or_ipaddr() can return false on a valid DNS name that it should detect is our own. If the IPv6 addr is returned by preference, then looking at the first addr only causes is_myname_or_ipaddr() to fail. We need to look at all the addresses returned by the DNS lookup and check all of them against our interface list. This is an order N^2 lookup, but there shouldn't be enough addresses to make this a practical problem. Jeremy.
Diffstat (limited to 'source3')
-rw-r--r--source3/lib/util_sock.c86
1 files changed, 56 insertions, 30 deletions
diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c
index eea153ad91..0c7db2e134 100644
--- a/source3/lib/util_sock.c
+++ b/source3/lib/util_sock.c
@@ -1578,13 +1578,46 @@ const char *get_mydnsfullname(void)
}
/************************************************************
+ Is this my ip address ?
+************************************************************/
+
+static bool is_my_ipaddr(const char *ipaddr_str)
+{
+ struct sockaddr_storage ss;
+ struct iface_struct *nics;
+ int i, n;
+
+ if (!interpret_string_addr(&ss, ipaddr_str, AI_NUMERICHOST)) {
+ return false;
+ }
+
+ if (ismyaddr((struct sockaddr *)&ss)) {
+ return true;
+ }
+
+ if (is_zero_addr(&ss) ||
+ is_loopback_addr((struct sockaddr *)&ss)) {
+ return false;
+ }
+
+ n = get_interfaces(talloc_tos(), &nics);
+ for (i=0; i<n; i++) {
+ if (sockaddr_equal((struct sockaddr *)&nics[i].ip, (struct sockaddr *)&ss)) {
+ TALLOC_FREE(nics);
+ return true;
+ }
+ }
+ TALLOC_FREE(nics);
+ return false;
+}
+
+/************************************************************
Is this my name ?
************************************************************/
bool is_myname_or_ipaddr(const char *s)
{
TALLOC_CTX *ctx = talloc_tos();
- char addr[INET6_ADDRSTRLEN];
char *name = NULL;
const char *dnsname;
char *servername = NULL;
@@ -1632,45 +1665,38 @@ bool is_myname_or_ipaddr(const char *s)
return true;
}
- /* Handle possible CNAME records - convert to an IP addr. */
- if (!is_ipaddress(servername)) {
- /* Use DNS to resolve the name, but only the first address */
- struct sockaddr_storage ss;
- if (interpret_string_addr(&ss, servername, 0)) {
- print_sockaddr(addr,
- sizeof(addr),
- &ss);
- servername = addr;
- }
- }
-
/* Maybe its an IP address? */
if (is_ipaddress(servername)) {
- struct sockaddr_storage ss;
- struct iface_struct *nics;
- int i, n;
-
- if (!interpret_string_addr(&ss, servername, AI_NUMERICHOST)) {
- return false;
- }
+ return is_my_ipaddr(servername);
+ }
- if (ismyaddr((struct sockaddr *)&ss)) {
- return true;
- }
+ /* Handle possible CNAME records - convert to an IP addr. list. */
+ {
+ /* Use DNS to resolve the name, check all addresses. */
+ struct addrinfo *p = NULL;
+ struct addrinfo *res = NULL;
- if (is_zero_addr(&ss) ||
- is_loopback_addr((struct sockaddr *)&ss)) {
+ if (!interpret_string_addr_internal(&res,
+ servername,
+ AI_ADDRCONFIG)) {
return false;
}
- n = get_interfaces(talloc_tos(), &nics);
- for (i=0; i<n; i++) {
- if (sockaddr_equal((struct sockaddr *)&nics[i].ip, (struct sockaddr *)&ss)) {
- TALLOC_FREE(nics);
+ for (p = res; p; p = p->ai_next) {
+ char addr[INET6_ADDRSTRLEN];
+ struct sockaddr_storage ss;
+
+ ZERO_STRUCT(ss);
+ memcpy(&ss, p->ai_addr, p->ai_addrlen);
+ print_sockaddr(addr,
+ sizeof(addr),
+ &ss);
+ if (is_my_ipaddr(addr)) {
+ freeaddrinfo(res);
return true;
}
}
- TALLOC_FREE(nics);
+ freeaddrinfo(res);
}
/* No match */