[SCM] Samba Shared Repository - branch master updated

Stefan Metzmacher metze at samba.org
Mon Apr 25 10:39:02 MDT 2011 

The branch, master has been updated
       via  7269e45 docs-xml/smb.conf.5: %i and %I no longer contain IPv4 mapped IPv6 addresses
       via  a3a38ee s3:lib/util_sock: listen on IPv6 addresses with IPV6_ONLY (bug #7383)
       via  4bfe2d5 s3:lib/access: normalize IPv4 mapped IPv6 addresses in both directions (bug #7383)
      from  40e0079 s3: Some build farm machines do not have /bin/true

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 7269e455a7d4f659777b4ab7db5d8b68376c8d19
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Apr 25 17:40:25 2011 +0200

    docs-xml/smb.conf.5: %i and %I no longer contain IPv4 mapped IPv6 addresses
    
    metze
    
    Autobuild-User: Stefan Metzmacher <metze at samba.org>
    Autobuild-Date: Mon Apr 25 18:38:16 CEST 2011 on sn-devel-104

commit a3a38ee90ab4ab2be68ac71d9c581daa6b9ee189
Author: Stefan Metzmacher <metze at samba.org>
Date:   Sat Apr 23 11:29:51 2011 +0200

    s3:lib/util_sock: listen on IPv6 addresses with IPV6_ONLY (bug #7383)
    
    This avoids getting IPv4 addresses as mapped IPv6 addresses
    (e.g. ::ffff:192.168.0.1).
    
    Before the bahavior was inconsistent between operating system
    and distributions. Some system have IPV6_ONLY as default.
    
    Now we consistently get AF_INET for IPv4 addresses and AF_INET6
    for IPv6 addresses.
    
    It also makes it possible to listen only on IPv6 now
    as "::" doesn't imply "0.0.0.0" anymore. Which also
    avoids confusing log messages that we were not able to
    bind to "0.0.0.0".
    
    metze

commit 4bfe2d5655d97fbc7e65744425b5a098e77f5ba1
Author: Stefan Metzmacher <metze at samba.org>
Date:   Sun Apr 24 21:20:19 2011 +0200

    s3:lib/access: normalize IPv4 mapped IPv6 addresses in both directions (bug #7383)
    
    metze

-----------------------------------------------------------------------

Summary of changes:
 docs-xml/manpages-3/smb.conf.5.xml |    4 ++++
 source3/lib/access.c               |   31 +++++++++++++++++--------------
 source3/lib/util_sock.c            |   26 ++++++++++++++++++++++++++
 3 files changed, 47 insertions(+), 14 deletions(-)


Changeset truncated at 500 lines:

diff --git a/docs-xml/manpages-3/smb.conf.5.xml b/docs-xml/manpages-3/smb.conf.5.xml
index 2b93065..f5f252b 100644
--- a/docs-xml/manpages-3/smb.conf.5.xml
+++ b/docs-xml/manpages-3/smb.conf.5.xml
@@ -503,12 +503,16 @@ chmod 1770 /usr/local/samba/lib/usershares
 		<varlistentry>
 		<term>%I</term>
 		<listitem><para>the IP address of the client machine.</para>
+		<para>Before 3.6.0 it could contain IPv4 mapped IPv6 addresses,
+			now it only contains IPv4 or IPv6 addresses.</para>
 		</listitem>
 		</varlistentry>
 
 		<varlistentry>
 		<term>%i</term>
 		<listitem><para>the local IP address to which a client connected.</para>
+		<para>Before 3.6.0 it could contain IPv4 mapped IPv6 addresses,
+			now it only contains IPv4 or IPv6 addresses.</para>
 		</listitem>
 		</varlistentry>
 
diff --git a/source3/lib/access.c b/source3/lib/access.c
index a7475a5..f9cd9d5 100644
--- a/source3/lib/access.c
+++ b/source3/lib/access.c
@@ -182,29 +182,32 @@ static bool string_match(const char *tok,const char *s)
 bool client_match(const char *tok, const void *item)
 {
 	const char **client = (const char **)item;
+	const char *tok_addr = tok;
+	const char *cli_addr = client[ADDR_INDEX];
+
+	/*
+	 * tok and client[ADDR_INDEX] can be an IPv4 mapped to IPv6,
+	 * we try and match the IPv4 part of address only.
+	 * Bug #5311 and #7383.
+	 */
+
+	if (strnequal(tok_addr, "::ffff:",7)) {
+		tok_addr += 7;
+	}
+
+	if (strnequal(cli_addr,"::ffff:",7)) {
+		cli_addr += 7;
+	}
 
 	/*
 	 * Try to match the address first. If that fails, try to match the host
 	 * name if available.
 	 */
 
-	if (string_match(tok, client[ADDR_INDEX])) {
+	if (string_match(tok_addr, cli_addr)) {
 		return true;
 	}
 
-	if (strnequal(client[ADDR_INDEX],"::ffff:",7) &&
-			!strnequal(tok, "::ffff:",7)) {
-		/* client[ADDR_INDEX] is an IPv4 mapped to IPv6, but
- 		 * the list item is not. Try and match the IPv4 part of
- 		 * address only. This will happen a lot on IPv6 enabled
- 		 * systems with IPv4 allow/deny lists in smb.conf.
- 		 * Bug #5311. JRA.
- 		 */
-		if (string_match(tok, (client[ADDR_INDEX])+7)) {
-			return true;
-		}
-	}
-
 	if (client[NAME_INDEX][0] != 0) {
 		if (string_match(tok, client[NAME_INDEX])) {
 			return true;
diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c
index 71f6a8f..eb74b75 100644
--- a/source3/lib/util_sock.c
+++ b/source3/lib/util_sock.c
@@ -787,6 +787,32 @@ int open_socket_in(int type,
 #endif /* SO_REUSEPORT */
 	}
 
+#ifdef HAVE_IPV6
+	/*
+	 * As IPV6_V6ONLY is the default on some systems,
+	 * we better try to be consistent and always use it.
+	 *
+	 * This also avoids using IPv4 via AF_INET6 sockets
+	 * and makes sure %I never resolves to a '::ffff:192.168.0.1'
+	 * string.
+	 */
+	if (sock.ss_family == AF_INET6) {
+		int val = 1;
+		int ret;
+
+		ret = setsockopt(res, IPPROTO_IPV6, IPV6_V6ONLY,
+				 (const void *)&val, sizeof(val));
+		if (ret == -1) {
+			if(DEBUGLVL(0)) {
+				dbgtext("open_socket_in(): IPV6_ONLY failed: ");
+				dbgtext("%s\n", strerror(errno));
+			}
+			close(res);
+			return -1;
+		}
+	}
+#endif
+
 	/* now we've got a socket - we need to bind it */
 	if (bind(res, (struct sockaddr *)&sock, slen) == -1 ) {
 		if( DEBUGLVL(dlevel) && (port == SMB_PORT1 ||


-- 
Samba Shared Repository

More information about the samba-cvs mailing list