From 3db52feb1f3b2c07ce0b06ad4a7099fa6efe3fc7 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Mon, 13 Dec 1999 13:27:58 +0000
Subject: first pass at updating head branch to be to be the same as the
 SAMBA_2_0 branch (This used to be commit
 453a822a76780063dff23526c35408866d0c0154)

---
 source3/lib/access.c | 38 ++++++++++++++++++++++++++++++++------
 1 file changed, 32 insertions(+), 6 deletions(-)

(limited to 'source3/lib/access.c')

diff --git a/source3/lib/access.c b/source3/lib/access.c
index 0fa383d84a..01f559750f 100644
--- a/source3/lib/access.c
+++ b/source3/lib/access.c
@@ -38,12 +38,14 @@ static int masked_match(char *tok, char *slash, char *s)
 }
 
 /* string_match - match string against token */
-static int string_match(char *tok,char *s)
+static int string_match(char *tok,char *s, char *invalid_char)
 {
-	int     tok_len;
-	int     str_len;
+	size_t     tok_len;
+	size_t     str_len;
 	char   *cut;
 
+	*invalid_char = '\0';
+
 	/* Return True if a token has the magic value "ALL". Return
 	 * FAIL if the token is "FAIL". If the token starts with a "."
 	 * (domain name), return True if it matches the last fields of
@@ -108,6 +110,10 @@ static int string_match(char *tok,char *s)
 	} else if ((cut = strchr(tok, '/')) != 0) {	/* netnumber/netmask */
 		if (isdigit((int)s[0]) && masked_match(tok, cut, s))
 			return (True);
+	} else if (strchr(tok, '*') != 0) {
+		*invalid_char = '*';
+	} else if (strchr(tok, '?') != 0) {
+		*invalid_char = '?';
 	}
 	return (False);
 }
@@ -118,15 +124,26 @@ static int client_match(char *tok,char *item)
 {
     char **client = (char **)item;
     int     match;
+	char invalid_char = '\0';
 
     /*
      * Try to match the address first. If that fails, try to match the host
      * name if available.
      */
 
-    if ((match = string_match(tok, client[1])) == 0)
-	if (client[0][0] != 0)
-	    match = string_match(tok, client[0]);
+    if ((match = string_match(tok, client[1], &invalid_char)) == 0) {
+		if(invalid_char)
+			DEBUG(0,("client_match: address match failing due to invalid character '%c' found in \
+token '%s' in an allow/deny hosts line.\n", invalid_char, tok ));
+
+		if (client[0][0] != 0)
+			match = string_match(tok, client[0], &invalid_char);
+
+		if(invalid_char)
+			DEBUG(0,("client_match: address match failing due to invalid character '%c' found in \
+token '%s' in an allow/deny hosts line.\n", invalid_char, tok ));
+	}
+
     return (match);
 }
 
@@ -184,6 +201,15 @@ BOOL allow_access(char *deny_list,char *allow_list,
 	client[0] = cname;
 	client[1] = caddr;  
 
+	/* if it is loopback then always allow unless specifically denied */
+	if (strcmp(caddr, "127.0.0.1") == 0) {
+		if (deny_list && 
+		    list_match(deny_list,(char *)client,client_match)) {
+			return False;
+		}
+		return True;
+	}
+
 	/* if theres no deny list and no allow list then allow access */
 	if ((!deny_list || *deny_list == 0) && 
 	    (!allow_list || *allow_list == 0)) {
-- 
cgit