[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#4756) IPv6 Addresses are not supported in ACL peername
Damon.Groenveld@ca.com wrote:
> Given that the code (in aclparse.c) calls inet_addr() with the
> peername.ip parameter, I can't see how it could will work with IPv6.
>
> The only possible workaround is using a regex instead of ip type which
> by passes the inet_addr() call.
>
> I raised it as a bug since the latest version (as far as I can tell) is
> meant to support IPv6 and there is no way that peername.ip does and
> there isn't an alternative.
>
The peername.ip was designed with IPv4 in mind. A patch to support IPv6
in ACLs would be welcome, though. In the meanwhile, I believe a regex
style would be the solution, but note that I have no idea of how IPv6
would be stringified in the peername. Note that the whole issue is of
questionable relevance, since IP-based access checking is not considered
trustable.
> I asked the question regarding other ways to restrict access since I
> noted that the documentation mentions TCP Wrappers and has a see also of
> host_options(5) -- which does not exist,
Apparently that should be hosts_options(5):
$ apropos hosts_options
hosts_options (5) - host access control language extensions
Can you point me to the incorrect documentation?
> so I was hoping that some
> advice might come while someone looked at the problem (if or when it was
> deemed important enough).
>
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office: +39.02.23998309
Mobile: +39.333.4963172
Email: pierangelo.masarati@sys-net.it
------------------------------------------