1523 – hosts allow/deny does not recurse EXCEPT clauses

Bug 1523 - hosts allow/deny does not recurse EXCEPT clauses

Summary: hosts allow/deny does not recurse EXCEPT clauses

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Samba 3.0
Classification:	Unclassified
Component:	Config Files (show other bugs)
Version:	3.0.4
Hardware:	All All

Importance:	P3 normal
Target Milestone:	none
Assignee:	Samba Bugzilla Account
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2004-07-13 08:33 UTC by Scott Barker
Modified:	2006-04-08 22:25 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Scott Barker 2004-07-13 08:33:20 UTC

Sometime since samba 2.2.3, EXCEPT clauses in hosts allow/deny stopped being
recursive. The following works as expected:

  # allow 10.0. subnet, deny 10.0.0. subnet
  hosts allow = 10.0. EXCEPT 10.0.0. 

but this does not:

  # allow 10.0. subnet, deny 10.0.0. subnet, allow 10.0.0.1 host
  hosts allow = 10.0. EXCEPT 10.0.0. EXCEPT 10.0.0.1

The following patch appears to fix the problem:

--- access.c.old	Thu Jun 10 10:51:00 2004
+++ access.c	Thu Jun 10 10:51:35 2004
@@ -186,8 +186,9 @@
 		while (*list  && !strequal(*list, "EXCEPT"))
 			list++;
 
-		for (; *list; list++) {
-			if ((*match_fn) (*list, item)) /* Exception Found */
+		list++;
+
+		if (list_match(list,item,match_fn) != False) {
 				return False;
 		}
 	}

Comment 1 Gerald (Jerry) Carter (dead mail address) 2006-04-08 22:25:48 UTC

I don't really think recursive EXCEPT clauses are a good idea.
You can bring this up on the samba-tech ml though if you like.