Bug 3143 - hosts allow/deny does not recurse EXCEPT clauses
Summary: hosts allow/deny does not recurse EXCEPT clauses
Status: RESOLVED WONTFIX
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: Config Files (show other bugs)
Version: 3.0.20a
Hardware: All Linux
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL: http://bugs.debian.org/253686
Keywords:
Depends on:
Blocks:
 
Reported: 2005-10-06 05:30 UTC by Noël Köthe
Modified: 2005-10-13 07:23 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Noël Köthe 2005-10-06 05:30:01 UTC
Hello,

a forwarded bug:

Sometime between samba 2.2.3 and samba 3.0.2, EXCEPT clauses in hosts
allow/deny stopped being recursive. The following works as expected:

  # allow 10.0. subnet, deny 10.0.0. subnet
  hosts allow = 10.0. EXCEPT 10.0.0. 

but this does not:

  # allow 10.0. subnet, deny 10.0.0. subnet, allow 10.0.0.1 host
  hosts allow = 10.0. EXCEPT 10.0.0. EXCEPT 10.0.0.1

The following patch appears to fix the problem:

--- access.c.old	Thu Jun 10 10:51:00 2004
+++ access.c	Thu Jun 10 10:51:35 2004
@@ -186,8 +186,9 @@
 		while (*list  && !strequal(*list, "EXCEPT"))
 			list++;
 
-		for (; *list; list++) {
-			if ((*match_fn) (*list, item)) /* Exception Found */
+		list++;
+
+		if (list_match(list,item,match_fn) != False) {
 				return False;
 		}
 	}
Comment 1 Gerald (Jerry) Carter (dead mail address) 2005-10-13 07:23:48 UTC
IMO recursive EXCEPT clauses a more confusing than just 

host allow = 10. 10.0.0.1
hosts deny = 10.0.0.

And since there has been no other requests for this feature,
I'm going to have to let this one drop.  Thanks for supplying 
the diff though in case anyone else wants to patch their 
local installation.