Bug 3143 - hosts allow/deny does not recurse EXCEPT clauses
hosts allow/deny does not recurse EXCEPT clauses
Status: RESOLVED WONTFIX
Product: Samba 3.0
Classification: Unclassified
Component: Config Files
3.0.20a
All Linux
: P3 normal
: none
Assigned To: Samba Bugzilla Account
Samba QA Contact
http://bugs.debian.org/253686
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2005-10-06 05:30 UTC by Noël Köthe
Modified: 2005-10-13 07:23 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Noël Köthe 2005-10-06 05:30:01 UTC
Hello,

a forwarded bug:

Sometime between samba 2.2.3 and samba 3.0.2, EXCEPT clauses in hosts
allow/deny stopped being recursive. The following works as expected:

  # allow 10.0. subnet, deny 10.0.0. subnet
  hosts allow = 10.0. EXCEPT 10.0.0. 

but this does not:

  # allow 10.0. subnet, deny 10.0.0. subnet, allow 10.0.0.1 host
  hosts allow = 10.0. EXCEPT 10.0.0. EXCEPT 10.0.0.1

The following patch appears to fix the problem:

--- access.c.old	Thu Jun 10 10:51:00 2004
+++ access.c	Thu Jun 10 10:51:35 2004
@@ -186,8 +186,9 @@
 		while (*list  && !strequal(*list, "EXCEPT"))
 			list++;
 
-		for (; *list; list++) {
-			if ((*match_fn) (*list, item)) /* Exception Found */
+		list++;
+
+		if (list_match(list,item,match_fn) != False) {
 				return False;
 		}
 	}
Comment 1 Gerald (Jerry) Carter 2005-10-13 07:23:48 UTC
IMO recursive EXCEPT clauses a more confusing than just 

host allow = 10. 10.0.0.1
hosts deny = 10.0.0.

And since there has been no other requests for this feature,
I'm going to have to let this one drop.  Thanks for supplying 
the diff though in case anyone else wants to patch their 
local installation.