The branch, master has been updated
via 7269e45 docs-xml/smb.conf.5: %i and %I no longer contain IPv4
mapped IPv6 addresses
via a3a38ee s3:lib/util_sock: listen on IPv6 addresses with IPV6_ONLY
(bug #7383)
via 4bfe2d5 s3:lib/access: normalize IPv4 mapped IPv6 addresses in both
directions (bug #7383)
from 40e0079 s3: Some build farm machines do not have /bin/true
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 7269e455a7d4f659777b4ab7db5d8b68376c8d19
Author: Stefan Metzmacher <[email protected]>
Date: Mon Apr 25 17:40:25 2011 +0200
docs-xml/smb.conf.5: %i and %I no longer contain IPv4 mapped IPv6 addresses
metze
Autobuild-User: Stefan Metzmacher <[email protected]>
Autobuild-Date: Mon Apr 25 18:38:16 CEST 2011 on sn-devel-104
commit a3a38ee90ab4ab2be68ac71d9c581daa6b9ee189
Author: Stefan Metzmacher <[email protected]>
Date: Sat Apr 23 11:29:51 2011 +0200
s3:lib/util_sock: listen on IPv6 addresses with IPV6_ONLY (bug #7383)
This avoids getting IPv4 addresses as mapped IPv6 addresses
(e.g. ::ffff:192.168.0.1).
Before the bahavior was inconsistent between operating system
and distributions. Some system have IPV6_ONLY as default.
Now we consistently get AF_INET for IPv4 addresses and AF_INET6
for IPv6 addresses.
It also makes it possible to listen only on IPv6 now
as "::" doesn't imply "0.0.0.0" anymore. Which also
avoids confusing log messages that we were not able to
bind to "0.0.0.0".
metze
commit 4bfe2d5655d97fbc7e65744425b5a098e77f5ba1
Author: Stefan Metzmacher <[email protected]>
Date: Sun Apr 24 21:20:19 2011 +0200
s3:lib/access: normalize IPv4 mapped IPv6 addresses in both directions (bug
#7383)
metze
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages-3/smb.conf.5.xml | 4 ++++
source3/lib/access.c | 31 +++++++++++++++++--------------
source3/lib/util_sock.c | 26 ++++++++++++++++++++++++++
3 files changed, 47 insertions(+), 14 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages-3/smb.conf.5.xml
b/docs-xml/manpages-3/smb.conf.5.xml
index 2b93065..f5f252b 100644
--- a/docs-xml/manpages-3/smb.conf.5.xml
+++ b/docs-xml/manpages-3/smb.conf.5.xml
@@ -503,12 +503,16 @@ chmod 1770 /usr/local/samba/lib/usershares
<varlistentry>
<term>%I</term>
<listitem><para>the IP address of the client machine.</para>
+ <para>Before 3.6.0 it could contain IPv4 mapped IPv6 addresses,
+ now it only contains IPv4 or IPv6 addresses.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>%i</term>
<listitem><para>the local IP address to which a client
connected.</para>
+ <para>Before 3.6.0 it could contain IPv4 mapped IPv6 addresses,
+ now it only contains IPv4 or IPv6 addresses.</para>
</listitem>
</varlistentry>
diff --git a/source3/lib/access.c b/source3/lib/access.c
index a7475a5..f9cd9d5 100644
--- a/source3/lib/access.c
+++ b/source3/lib/access.c
@@ -182,29 +182,32 @@ static bool string_match(const char *tok,const char *s)
bool client_match(const char *tok, const void *item)
{
const char **client = (const char **)item;
+ const char *tok_addr = tok;
+ const char *cli_addr = client[ADDR_INDEX];
+
+ /*
+ * tok and client[ADDR_INDEX] can be an IPv4 mapped to IPv6,
+ * we try and match the IPv4 part of address only.
+ * Bug #5311 and #7383.
+ */
+
+ if (strnequal(tok_addr, "::ffff:",7)) {
+ tok_addr += 7;
+ }
+
+ if (strnequal(cli_addr,"::ffff:",7)) {
+ cli_addr += 7;
+ }
/*
* Try to match the address first. If that fails, try to match the host
* name if available.
*/
- if (string_match(tok, client[ADDR_INDEX])) {
+ if (string_match(tok_addr, cli_addr)) {
return true;
}
- if (strnequal(client[ADDR_INDEX],"::ffff:",7) &&
- !strnequal(tok, "::ffff:",7)) {
- /* client[ADDR_INDEX] is an IPv4 mapped to IPv6, but
- * the list item is not. Try and match the IPv4 part of
- * address only. This will happen a lot on IPv6 enabled
- * systems with IPv4 allow/deny lists in smb.conf.
- * Bug #5311. JRA.
- */
- if (string_match(tok, (client[ADDR_INDEX])+7)) {
- return true;
- }
- }
-
if (client[NAME_INDEX][0] != 0) {
if (string_match(tok, client[NAME_INDEX])) {
return true;
diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c
index 71f6a8f..eb74b75 100644
--- a/source3/lib/util_sock.c
+++ b/source3/lib/util_sock.c
@@ -787,6 +787,32 @@ int open_socket_in(int type,
#endif /* SO_REUSEPORT */
}
+#ifdef HAVE_IPV6
+ /*
+ * As IPV6_V6ONLY is the default on some systems,
+ * we better try to be consistent and always use it.
+ *
+ * This also avoids using IPv4 via AF_INET6 sockets
+ * and makes sure %I never resolves to a '::ffff:192.168.0.1'
+ * string.
+ */
+ if (sock.ss_family == AF_INET6) {
+ int val = 1;
+ int ret;
+
+ ret = setsockopt(res, IPPROTO_IPV6, IPV6_V6ONLY,
+ (const void *)&val, sizeof(val));
+ if (ret == -1) {
+ if(DEBUGLVL(0)) {
+ dbgtext("open_socket_in(): IPV6_ONLY failed: ");
+ dbgtext("%s\n", strerror(errno));
+ }
+ close(res);
+ return -1;
+ }
+ }
+#endif
+
/* now we've got a socket - we need to bind it */
if (bind(res, (struct sockaddr *)&sock, slen) == -1 ) {
if( DEBUGLVL(dlevel) && (port == SMB_PORT1 ||
--
Samba Shared Repository
