Hi,
I tried to use an authfile with nbd-server 3.8 and it always fails to authorize
IPv4 client connection.
It seems that the comparison of the addresses in function address_matches() is
done on the sa_data field of the sockaddr structure; but in sockaddr_in, the
first 2 bytes in sa_data is the port, not the address.
Here is a patch that passes the complete sockaddr structure to function
address_matches:
diff -Nru nbd-3.8/nbdsrv.c nbd-3.8.new/nbdsrv.c
--- nbd-3.8/nbdsrv.c 2014-03-02 01:16:06.000000000 +0100
+++ nbd-3.8.new/nbdsrv.c 2014-08-30 15:13:25.760247069 +0200
@@ -21,11 +21,12 @@
#include <cliserv.h>
-bool address_matches(const char* mask, const void* addr, int af, GError** err)
{
+bool address_matches(const char* mask, const struct sockaddr* addr, GError**
err) {
struct addrinfo *res, *aitmp, hints;
char *masksep;
char privmask[strlen(mask)+1];
int masklen;
+ int af = addr->sa_family;
int addrlen = af == AF_INET ? 4 : 16;
assert(af == AF_INET || af == AF_INET6);
@@ -50,7 +51,7 @@
}
aitmp = res;
while(res) {
- const uint8_t* byte_s = addr;
+ const uint8_t* byte_s;
uint8_t* byte_t;
uint8_t mask = 0;
int len_left = masklen;
@@ -59,9 +60,11 @@
}
switch(af) {
case AF_INET:
+ byte_s = (const uint8_t*)(&(((struct
sockaddr_in*)addr)->sin_addr));
byte_t = (uint8_t*)(&(((struct
sockaddr_in*)(res->ai_addr))->sin_addr));
break;
case AF_INET6:
+ byte_s = (const uint8_t*)(&(((struct
sockaddr_in6*)addr)->sin6_addr));
byte_t = (uint8_t*)(&(((struct
sockaddr_in6*)(res->ai_addr))->sin6_addr));
break;
}
@@ -129,8 +132,7 @@
if(!(*pos)) {
continue;
}
- struct sockaddr* sa = (struct sockaddr*)&opts->clientaddr;
- if(address_matches(line, sa->sa_data, sa->sa_family, NULL)) {
+ if(address_matches(line, (struct sockaddr*)&opts->clientaddr, NULL)) {
fclose(f);
return 1;
}
diff -Nru nbd-3.8/nbdsrv.h nbd-3.8.new/nbdsrv.h
--- nbd-3.8/nbdsrv.h 2014-03-02 01:16:06.000000000 +0100
+++ nbd-3.8.new/nbdsrv.h 2014-08-30 15:07:39.724364463 +0200
@@ -124,13 +124,12 @@
*
* @param mask the address or netmask to check against, in ASCII
representation
* @param addr the address to check, in network byte order
- * @param af the address family of the passed address (AF_INET or AF_INET6)
*
* @return true if the address matches the mask, false otherwise; in case of
* failure to parse netmask, returns false with err set appropriately.
* @todo decide what to do with v6-mapped IPv4 addresses.
*/
-bool address_matches(const char* mask, const void* addr, int af, GError** err);
+bool address_matches(const char* mask, const struct sockaddr* addr, GError**
err);
/**
* Gets a byte to allow for address masking.
Thank you
CDr
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Nbd-general mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nbd-general
