[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4756) IPv6 Addresses are not supported in ACL peername



Damon.Groenveld@ca.com wrote:
> Given that the code (in aclparse.c) calls inet_addr() with the
> peername.ip parameter, I can't see how it could will work with IPv6.
>
> The only possible workaround is using a regex instead of ip type which
> by passes the inet_addr() call.
>
> I raised it as a bug since the latest version (as far as I can tell) is
> meant to support IPv6 and there is no way that peername.ip does and
> there isn't an alternative.
>   
The peername.ip was designed with IPv4 in mind.  A patch to support IPv6 
in ACLs would be welcome, though.  In the meanwhile, I believe a regex 
style would be the solution, but note that I have no idea of how IPv6 
would be stringified in the peername.  Note that the whole issue is of 
questionable relevance, since IP-based access checking is not considered 
trustable.
> I asked the question regarding other ways to restrict access since I
> noted that the documentation mentions TCP Wrappers and has a see also of
> host_options(5) -- which does not exist,
Apparently that should be hosts_options(5):

$ apropos hosts_options
hosts_options        (5)  - host access control language extensions

Can you point me to the incorrect documentation?
>  so I was hoping that some
> advice might come while someone looked at the problem (if or when it was
> deemed important enough).
>   
p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------