2025-02-02 09:47:23 +03:00 · 2010-08-18 16:50:26 +02:00 · 2010-08-18 16:50:26 +02:00 · de95124935
commit de95124935
parent 70c5bed4b2
3 changed files with 81 additions and 82 deletions
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@ -351,7 +351,6 @@ bool allow_access(const char **deny_list,
 		const char **allow_list,
 		const char *cname,
 		const char *caddr);
-bool check_access(int sock, const char **allow_list, const char **deny_list);

 /* The following definitions come from passdb/account_pol.c  */

--- a/source3/lib/access.c
+++ b/source3/lib/access.c
@ -336,84 +336,3 @@ bool allow_access(const char **deny_list,
 	SAFE_FREE(nc_caddr);
 	return ret;
 }
-
-/* return true if the char* contains ip addrs only.  Used to avoid
-name lookup calls */
-
-static bool only_ipaddrs_in_list(const char **list)
-{
-	bool only_ip = true;
-
-	if (!list) {
-		return true;
-	}
-
-	for (; *list ; list++) {
-		/* factor out the special strings */
-		if (strequal(*list, "ALL") || strequal(*list, "FAIL") ||
-		    strequal(*list, "EXCEPT")) {
-			continue;
-		}
-
-		if (!is_ipaddress(*list)) {
-			/*
-			 * If we failed, make sure that it was not because
-			 * the token was a network/netmask pair. Only
-			 * network/netmask pairs have a '/' in them.
-			 */
-			if ((strchr_m(*list, '/')) == NULL) {
-				only_ip = false;
-				DEBUG(3,("only_ipaddrs_in_list: list has "
-					"non-ip address (%s)\n",
-					*list));
-				break;
-			}
-		}
-	}
-
-	return only_ip;
-}
-
-/* return true if access should be allowed to a service for a socket */
-bool check_access(int sock, const char **allow_list, const char **deny_list)
-{
-	bool ret = false;
-	bool only_ip = false;
-	char addr[INET6_ADDRSTRLEN];
-
-	if ((!deny_list || *deny_list==0) && (!allow_list || *allow_list==0)) {
-		return true;
-	}
-
-	/* Bypass name resolution calls if the lists
-	 * only contain IP addrs */
-	if (only_ipaddrs_in_list(allow_list) &&
-	    only_ipaddrs_in_list(deny_list)) {
-		only_ip = true;
-		DEBUG (3, ("check_access: no hostnames "
-			   "in host allow/deny list.\n"));
-		ret = allow_access(deny_list,
-				   allow_list,
-				   "",
-				   get_peer_addr(sock,addr,sizeof(addr)));
-	} else {
-		DEBUG (3, ("check_access: hostnames in "
-			   "host allow/deny list.\n"));
-		ret = allow_access(deny_list,
-				   allow_list,
-				   get_peer_name(sock,true),
-				   get_peer_addr(sock,addr,sizeof(addr)));
-	}
-
-	if (ret) {
-		DEBUG(2,("Allowed connection from %s (%s)\n",
-			 only_ip ? "" : get_peer_name(sock,true),
-			 get_peer_addr(sock,addr,sizeof(addr))));
-	} else {
-		DEBUG(0,("Denied connection from %s (%s)\n",
-			 only_ip ? "" : get_peer_name(sock,true),
-			 get_peer_addr(sock,addr,sizeof(addr))));
-	}
-
-	return(ret);
-}
--- a/source3/web/cgi.c
+++ b/source3/web/cgi.c
@ -506,6 +506,87 @@ static void cgi_download(char *file)



+/* return true if the char* contains ip addrs only.  Used to avoid
+name lookup calls */
+
+static bool only_ipaddrs_in_list(const char **list)
+{
+	bool only_ip = true;
+
+	if (!list) {
+		return true;
+	}
+
+	for (; *list ; list++) {
+		/* factor out the special strings */
+		if (strequal(*list, "ALL") || strequal(*list, "FAIL") ||
+		    strequal(*list, "EXCEPT")) {
+			continue;
+		}
+
+		if (!is_ipaddress(*list)) {
+			/*
+			 * If we failed, make sure that it was not because
+			 * the token was a network/netmask pair. Only
+			 * network/netmask pairs have a '/' in them.
+			 */
+			if ((strchr_m(*list, '/')) == NULL) {
+				only_ip = false;
+				DEBUG(3,("only_ipaddrs_in_list: list has "
+					"non-ip address (%s)\n",
+					*list));
+				break;
+			}
+		}
+	}
+
+	return only_ip;
+}
+
+/* return true if access should be allowed to a service for a socket */
+static bool check_access(int sock, const char **allow_list,
+			 const char **deny_list)
+{
+	bool ret = false;
+	bool only_ip = false;
+	char addr[INET6_ADDRSTRLEN];
+
+	if ((!deny_list || *deny_list==0) && (!allow_list || *allow_list==0)) {
+		return true;
+	}
+
+	/* Bypass name resolution calls if the lists
+	 * only contain IP addrs */
+	if (only_ipaddrs_in_list(allow_list) &&
+	    only_ipaddrs_in_list(deny_list)) {
+		only_ip = true;
+		DEBUG (3, ("check_access: no hostnames "
+			   "in host allow/deny list.\n"));
+		ret = allow_access(deny_list,
+				   allow_list,
+				   "",
+				   get_peer_addr(sock,addr,sizeof(addr)));
+	} else {
+		DEBUG (3, ("check_access: hostnames in "
+			   "host allow/deny list.\n"));
+		ret = allow_access(deny_list,
+				   allow_list,
+				   get_peer_name(sock,true),
+				   get_peer_addr(sock,addr,sizeof(addr)));
+	}
+
+	if (ret) {
+		DEBUG(2,("Allowed connection from %s (%s)\n",
+			 only_ip ? "" : get_peer_name(sock,true),
+			 get_peer_addr(sock,addr,sizeof(addr))));
+	} else {
+		DEBUG(0,("Denied connection from %s (%s)\n",
+			 only_ip ? "" : get_peer_name(sock,true),
+			 get_peer_addr(sock,addr,sizeof(addr))));
+	}
+
+	return(ret);
+}

 /**
 * @brief Setup the CGI framework.