diff options
| author | Volker Lendecke <vl@samba.org> | 2010-08-18 16:50:26 +0200 |
|---|---|---|
| committer | Volker Lendecke <vl@samba.org> | 2010-08-22 14:28:34 +0200 |
| commit | de951249356a3705fc2a3c51575134415ac0ea05 (patch) | |
| tree | 5e90f978ef201ea50584bf0c1c8d7dcf8f72bd5c /source3/lib/access.c | |
| parent | 70c5bed4b2ca4660e8a06cee6d4e813744cc7be8 (diff) | |
| download | samba-de951249356a3705fc2a3c51575134415ac0ea05.tar.gz samba-de951249356a3705fc2a3c51575134415ac0ea05.tar.xz samba-de951249356a3705fc2a3c51575134415ac0ea05.zip | |
s3: Move check_access to cgi.c, its only user
Diffstat (limited to 'source3/lib/access.c')
| -rw-r--r-- | source3/lib/access.c | 81 |
1 files changed, 0 insertions, 81 deletions
diff --git a/source3/lib/access.c b/source3/lib/access.c index 00cdd5cd13c..1293dc024e6 100644 --- a/source3/lib/access.c +++ b/source3/lib/access.c @@ -336,84 +336,3 @@ bool allow_access(const char **deny_list, SAFE_FREE(nc_caddr); return ret; } - -/* return true if the char* contains ip addrs only. Used to avoid -name lookup calls */ - -static bool only_ipaddrs_in_list(const char **list) -{ - bool only_ip = true; - - if (!list) { - return true; - } - - for (; *list ; list++) { - /* factor out the special strings */ - if (strequal(*list, "ALL") || strequal(*list, "FAIL") || - strequal(*list, "EXCEPT")) { - continue; - } - - if (!is_ipaddress(*list)) { - /* - * If we failed, make sure that it was not because - * the token was a network/netmask pair. Only - * network/netmask pairs have a '/' in them. - */ - if ((strchr_m(*list, '/')) == NULL) { - only_ip = false; - DEBUG(3,("only_ipaddrs_in_list: list has " - "non-ip address (%s)\n", - *list)); - break; - } - } - } - - return only_ip; -} - -/* return true if access should be allowed to a service for a socket */ -bool check_access(int sock, const char **allow_list, const char **deny_list) -{ - bool ret = false; - bool only_ip = false; - char addr[INET6_ADDRSTRLEN]; - - if ((!deny_list || *deny_list==0) && (!allow_list || *allow_list==0)) { - return true; - } - - /* Bypass name resolution calls if the lists - * only contain IP addrs */ - if (only_ipaddrs_in_list(allow_list) && - only_ipaddrs_in_list(deny_list)) { - only_ip = true; - DEBUG (3, ("check_access: no hostnames " - "in host allow/deny list.\n")); - ret = allow_access(deny_list, - allow_list, - "", - get_peer_addr(sock,addr,sizeof(addr))); - } else { - DEBUG (3, ("check_access: hostnames in " - "host allow/deny list.\n")); - ret = allow_access(deny_list, - allow_list, - get_peer_name(sock,true), - get_peer_addr(sock,addr,sizeof(addr))); - } - - if (ret) { - DEBUG(2,("Allowed connection from %s (%s)\n", - only_ip ? "" : get_peer_name(sock,true), - get_peer_addr(sock,addr,sizeof(addr)))); - } else { - DEBUG(0,("Denied connection from %s (%s)\n", - only_ip ? "" : get_peer_name(sock,true), - get_peer_addr(sock,addr,sizeof(addr)))); - } - - return(ret); -} |