Bug 1523 - hosts allow/deny does not recurse EXCEPT clauses
Summary: hosts allow/deny does not recurse EXCEPT clauses
Status: RESOLVED WONTFIX
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: Config Files (show other bugs)
Version: 3.0.4
Hardware: All All
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-07-13 08:33 UTC by Scott Barker
Modified: 2006-04-08 22:25 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Scott Barker 2004-07-13 08:33:20 UTC
Sometime since samba 2.2.3, EXCEPT clauses in hosts allow/deny stopped being
recursive. The following works as expected:

  # allow 10.0. subnet, deny 10.0.0. subnet
  hosts allow = 10.0. EXCEPT 10.0.0. 

but this does not:

  # allow 10.0. subnet, deny 10.0.0. subnet, allow 10.0.0.1 host
  hosts allow = 10.0. EXCEPT 10.0.0. EXCEPT 10.0.0.1

The following patch appears to fix the problem:

--- access.c.old	Thu Jun 10 10:51:00 2004
+++ access.c	Thu Jun 10 10:51:35 2004
@@ -186,8 +186,9 @@
 		while (*list  && !strequal(*list, "EXCEPT"))
 			list++;
 
-		for (; *list; list++) {
-			if ((*match_fn) (*list, item)) /* Exception Found */
+		list++;
+
+		if (list_match(list,item,match_fn) != False) {
 				return False;
 		}
 	}
Comment 1 Gerald (Jerry) Carter (dead mail address) 2006-04-08 22:25:48 UTC
I don't really think recursive EXCEPT clauses are a good idea.
You can bring this up on the samba-tech ml though if you like.