Subject: bin/26555: numeral IPv6 support for ftpusers(5)
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <seb@ssr.univ-paris7.fr>
List: netbsd-bugs
Date: 08/05/2004 14:29:37
>Number: 26555
>Category: bin
>Synopsis: numeral IPv6 support for ftpusers(5)
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Aug 05 12:45:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator: Stoned Elipot
>Release: NetBSD 2.0G
>Organization:
>Environment:
System: NetBSD runabout 2.0G NetBSD 2.0G (RUNABOUT) #1: Tue Aug 3 13:11:44 CEST 2004 seb@runabout:/u/seb/src/RUNABOUT/kernel/compile i386
Architecture: i386
Machine: i386
>Description:
ftpusers(5) supports numeral IPv4 but not IPv6. The enclosed patch adds
adds numeral IPv6 support.
>How-To-Repeat:
Try adding a numeral IPv6 specification in ftpusers(5)
>Fix:
Index: ftpd.c
===================================================================
RCS file: /cvsroot/src/libexec/ftpd/ftpd.c,v
retrieving revision 1.157
diff -u -u -r1.157 ftpd.c
--- ftpd.c 10 Dec 2003 01:18:56 -0000 1.157
+++ ftpd.c 5 Aug 2004 11:57:20 -0000
@@ -792,6 +792,63 @@
}
/*
+ * Return 1 if client address is in network 'net' 0 otherwise.
+ */
+static int
+match_his_prefix(char *net)
+{
+ int bits, nbits, nbytes;
+ unsigned char *phisaddr, *pnetaddr;
+ size_t netaddrsz;
+ struct in_addr netaddr4;
+#ifdef INET6
+ struct in6_addr netaddr6;
+#endif
+
+ if (strchr(net, ':') != NULL) {
+ if (his_addr.su_family == AF_INET)
+ return (0);
+ } else {
+ if (his_addr.su_family == AF_INET6)
+ return (0);
+ }
+
+ switch (his_addr.su_family) {
+ case AF_INET:
+ phisaddr = (unsigned char*) &his_addr.su_addr;
+ pnetaddr = (void *)&netaddr4;
+ netaddrsz = sizeof(netaddr4);
+ break;
+#ifdef INET6
+ case AF_INET6:
+ phisaddr = (unsigned char*) &his_addr.su_6addr;
+ pnetaddr = (void *)&netaddr6;
+ netaddrsz = sizeof(netaddr6);
+ break;
+#endif
+ default:
+ return (0);
+ }
+ bits = inet_net_pton(his_addr.su_family, net, pnetaddr, netaddrsz);
+ if (bits == -1)
+ return (0);
+ nbytes = bits / 8;
+ nbits = bits % 8;
+ if (nbytes > 0)
+ if (memcmp(phisaddr, pnetaddr, nbytes) != 0)
+ return (0);
+ if (nbits > 0) {
+ unsigned int bhis, bnetaddr, mask;
+ bhis = phisaddr[nbytes];
+ bnetaddr = pnetaddr[nbytes];
+ mask = (0xff << (8 - nbits)) & 0xff;
+ if ((bhis & mask) != (bnetaddr & mask))
+ return (0);
+ }
+ return (1);
+}
+
+/*
* Determine whether something is to happen (allow access, chroot)
* for a user. Each line is a shell-style glob followed by
* `yes' or `no'.
@@ -859,18 +916,14 @@
/* have a host specifier */
if ((p = strchr(word, '@')) != NULL) {
- unsigned long net, mask, addr;
- int bits;
-
*p++ = '\0';
/* check against network or CIDR */
- if (isdigit(*p) &&
- (bits = inet_net_pton(AF_INET, p,
- &net, sizeof(net))) != -1) {
- net = ntohl(net);
- mask = 0xffffffffU << (32 - bits);
- addr = ntohl(his_addr.su_addr.s_addr);
- if ((addr & mask) != net)
+ if (isdigit(*p)
+#ifdef INET6
+ || (*p == ':')
+#endif
+ ) {
+ if (match_his_prefix(p) == 0)
continue;
/* check against hostname glob */
>Release-Note:
>Audit-Trail:
>Unformatted: