330
334
ret = allow_access_internal(deny_list, allow_list, nc_cname, nc_caddr);
337
("%s connection from %s (%s)\n",
338
ret ? "Allowed" : "Denied", nc_cname, nc_caddr));
332
340
SAFE_FREE(nc_cname);
333
341
SAFE_FREE(nc_caddr);
337
/* return true if the char* contains ip addrs only. Used to avoid
340
static bool only_ipaddrs_in_list(const char **list)
348
for (; *list ; list++) {
349
/* factor out the special strings */
350
if (strequal(*list, "ALL") || strequal(*list, "FAIL") ||
351
strequal(*list, "EXCEPT")) {
355
if (!is_ipaddress(*list)) {
357
* If we failed, make sure that it was not because
358
* the token was a network/netmask pair. Only
359
* network/netmask pairs have a '/' in them.
361
if ((strchr_m(*list, '/')) == NULL) {
363
DEBUG(3,("only_ipaddrs_in_list: list has "
364
"non-ip address (%s)\n",
374
/* return true if access should be allowed to a service for a socket */
375
bool check_access(int sock, const char **allow_list, const char **deny_list)
378
bool only_ip = false;
380
if ((!deny_list || *deny_list==0) && (!allow_list || *allow_list==0))
384
char addr[INET6_ADDRSTRLEN];
386
/* Bypass name resolution calls if the lists
387
* only contain IP addrs */
388
if (only_ipaddrs_in_list(allow_list) &&
389
only_ipaddrs_in_list(deny_list)) {
391
DEBUG (3, ("check_access: no hostnames "
392
"in host allow/deny list.\n"));
393
ret = allow_access(deny_list,
396
get_peer_addr(sock,addr,sizeof(addr)));
398
DEBUG (3, ("check_access: hostnames in "
399
"host allow/deny list.\n"));
400
ret = allow_access(deny_list,
402
get_peer_name(sock,true),
403
get_peer_addr(sock,addr,sizeof(addr)));
407
DEBUG(2,("Allowed connection from %s (%s)\n",
408
only_ip ? "" : get_peer_name(sock,true),
409
get_peer_addr(sock,addr,sizeof(addr))));
411
DEBUG(0,("Denied connection from %s (%s)\n",
412
only_ip ? "" : get_peer_name(sock,true),
413
get_peer_addr(sock,addr,sizeof(addr))));