From: Timo Sirainen Date: Fri, 24 Oct 2014 23:39:00 +0000 (+0300) Subject: auth: allow_nets=local matches now connections without any IP address X-Git-Tag: 2.2.15~11 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=42e23ab53a1921ca87a73bbe4abaebf51da5b3aa;p=thirdparty%2Fdovecot%2Fcore.git auth: allow_nets=local matches now connections without any IP address --- diff --git a/src/auth/auth-request.c b/src/auth/auth-request.c index 4c3a1a14e7..b0c0efdfc2 100644 --- a/src/auth/auth-request.c +++ b/src/auth/auth-request.c @@ -1279,30 +1279,33 @@ static void auth_request_validate_networks(struct auth_request *request, unsigned int bits; bool found = FALSE; - if (request->remote_ip.family == 0) { - /* IP not known */ - auth_request_log_info(request, AUTH_SUBSYS_DB, - "allow_nets check failed: Remote IP not known"); - request->failed = TRUE; - return; - } - for (net = t_strsplit_spaces(networks, ", "); *net != NULL; net++) { auth_request_log_debug(request, AUTH_SUBSYS_DB, "allow_nets: Matching for network %s", *net); + if (strcmp(*net, "local") == 0 && request->remote_ip.family == 0) { + found = TRUE; + break; + } + if (net_parse_range(*net, &net_ip, &bits) < 0) { auth_request_log_info(request, AUTH_SUBSYS_DB, "allow_nets: Invalid network '%s'", *net); } - if (net_is_in_network(&request->remote_ip, &net_ip, bits)) { + if (request->remote_ip.family != 0 && + net_is_in_network(&request->remote_ip, &net_ip, bits)) { found = TRUE; break; } } - if (!found) { + if (found) + ; + else if (request->remote_ip.family == 0) { + auth_request_log_info(request, AUTH_SUBSYS_DB, + "allow_nets check failed: Remote IP not known and 'local' missing"); + } else if (!found) { auth_request_log_info(request, AUTH_SUBSYS_DB, "allow_nets check failed: IP not in allowed networks"); }