Robert,
Perhaps you don't see the context, which is that I'm testing the ip which is allegedly for an ldap server, in order to ask for a password. I'm not saying qpsmtpd can't run on 0.0.0.0 all interfaces, which you may have thought. Since you always chop off the entire message you reply to, it's easy to act clueless, since the clues are gone at that point. It could happen to anybody, after the clues are gone.
Also, auth and ldap are passing **in the clear**, so I'd really prefer nothing but localhost. Maybe I should just enforce that until we explicitly use ssl methods, which we don't, they're different methods in Net::LDAP, and the ldap server would have to be set up differently. Possibly I could just use sslserver ahead of tinyldap, I haven't thought about it. That's definitely not automatic, ssl calls are currently not in auth_ldap.
Bob wrote:
Robert Spier wrote:
Works with stuff this bad--won't allow n.n.n.0 though. almost war_ipv4()
n.n.n.0 is a perfectly valid IP.
What are you trying to do?
As John pointed out, Data::Validate::IP has "is_ivp4" and other methods which test a string for whether it is, not contains, but is an ip, also known as a dotted quad, of the form n.n.n.n, where n is between 0 and 255
I want a host, so the last n ought not to be zero(most likely a network), or 0.0.0.0, worse, meaning open on all interfaces. Mainly I don't want a bad config string to be or to get parsed down to "", stored as 0, assumed to mean 0.0.0.0, where we DON'T want to advertise passwords. That's my goal.
My get_ipv4 gets an ip(sub-string) out of a string that contains an ip, rather than testing the whole string as is_ipv4 and its family in Data::Validate::IP.
war_ipv4 loops on a string or array or stdin, stripping off the head which is a string containing a regex qualified sub string that looks like an ip, feeding each one of those into get_ipv4. I don't need that, but for headers, if somebody needed to deal with lines which would fool get_ispv4(any number to the left of an ip will cause it to fail even though there may be an ip or several ip's to the right--it just needs war_ipv4 to pass it sub-strings--then it could pull ip's from headers--or ram--or sit on the wire[less]--more stuff I don't need).
I don't need war_ipv4 and I think John already has ip's from headers to count ip's and hosts for loop detection, so he does not need war, either. war_ipv4 is generally the most inefficient means of reducing conflict(which is what serves the most real people), but counting ip's and hosts in headers, up to ten I would agree, sounds like loop detection for real people.
my $get_ipv4 = sub { my ( $ip , $i , $n ) = ( '' , 0 , 0 ) ; map { $ip = ( length ( $_ ) and ( $n = int $_ ) and $n >= 0 and $n <= 255 and ++$i < 4 or ( $i == 4 and $n > 0 ) ) ? ( length ( $ip ) ? $ip . "." . $n : $n ) : '' ; } split ( /[^\d]+/ , shift ) ; return ( $ip ) if ( my @octet = split /\./ , $ip ) == 4 ; } ;
example--
Works with stuff this bad--won't allow n.n.n.0 though. almost war_ipv4()
but any number to the left of an ip will block it, and any real ip will stop
it from looking for other ip's.
print "\n" . $get_ipv4->(' x #comment127.0.0.1 #comment ') ; print "\n" . $get_ipv4->(' x #comment027.0.9.1 #comment ') ; print "\n" . $get_ipv4->(' x #comment027.0.09.1 #comment ') ; print "\n" . $get_ipv4->(' x #comment127.0.999.1 #comment ') ; print "\n" . $get_ipv4->(' x #comment127.0.0.0 #comment ') ; print "\n" . $get_ipv4->(' x #comment255.255.255.255 #comment ') ; print "\n" . $get_ipv4->('0255.0255.0255.0255') ; print "\n" . $get_ipv4->(' x #comment0.0.0.0 #comment ') ; print "\n" . $get_ipv4->('0.0.0.0') ;
-Bob Dodds
