3143 – hosts allow/deny does not recurse EXCEPT clauses

Bug 3143 - hosts allow/deny does not recurse EXCEPT clauses

Summary: hosts allow/deny does not recurse EXCEPT clauses

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Samba 3.0
Classification:	Unclassified
Component:	Config Files (show other bugs)
Version:	3.0.20a
Hardware:	All Linux

Importance:	P3 normal
Target Milestone:	none
Assignee:	Samba Bugzilla Account
QA Contact:	Samba QA Contact

URL:	http://bugs.debian.org/253686
Keywords:

Depends on:
Blocks:

Reported:	2005-10-06 05:30 UTC by Noël Köthe
Modified:	2005-10-13 07:23 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Noël Köthe 2005-10-06 05:30:01 UTC

Hello,

a forwarded bug:

Sometime between samba 2.2.3 and samba 3.0.2, EXCEPT clauses in hosts
allow/deny stopped being recursive. The following works as expected:

  # allow 10.0. subnet, deny 10.0.0. subnet
  hosts allow = 10.0. EXCEPT 10.0.0. 

but this does not:

  # allow 10.0. subnet, deny 10.0.0. subnet, allow 10.0.0.1 host
  hosts allow = 10.0. EXCEPT 10.0.0. EXCEPT 10.0.0.1

The following patch appears to fix the problem:

--- access.c.old	Thu Jun 10 10:51:00 2004
+++ access.c	Thu Jun 10 10:51:35 2004
@@ -186,8 +186,9 @@
 		while (*list  && !strequal(*list, "EXCEPT"))
 			list++;
 
-		for (; *list; list++) {
-			if ((*match_fn) (*list, item)) /* Exception Found */
+		list++;
+
+		if (list_match(list,item,match_fn) != False) {
 				return False;
 		}
 	}

Comment 1 Gerald (Jerry) Carter (dead mail address) 2005-10-13 07:23:48 UTC

IMO recursive EXCEPT clauses a more confusing than just 

host allow = 10. 10.0.0.1
hosts deny = 10.0.0.

And since there has been no other requests for this feature,
I'm going to have to let this one drop.  Thanks for supplying 
the diff though in case anyone else wants to patch their 
local installation.