From 462a85a15800828f21dc3ee7ddb0e6a05c1b52af Mon Sep 17 00:00:00 2001 From: eik Date: Wed, 5 May 2004 13:23:14 +0000 Subject: update to exim 4.33 + exiscan 20 /usr/local/share/doc/exim/ChangeLog /usr/local/share/doc/exim/NewStuff http://duncanthrax.net/exiscan-acl/CHANGELOG --- mail/exim/Makefile | 4 +- mail/exim/distinfo | 8 +- mail/exim/files/patch-doc::spec.txt | 12 +- mail/exim/files/patch-mbx_lock | 67 ----- mail/exim/files/patch-scripts::exim_install | 12 +- mail/exim/files/patch-src::configure.default | 18 +- mail/exim/files/patch-src::verify.c | 68 ----- mail/exim/files/wishlist-iplsearch.patch | 395 --------------------------- 8 files changed, 27 insertions(+), 557 deletions(-) delete mode 100644 mail/exim/files/patch-mbx_lock delete mode 100644 mail/exim/files/patch-src::verify.c delete mode 100644 mail/exim/files/wishlist-iplsearch.patch (limited to 'mail/exim') diff --git a/mail/exim/Makefile b/mail/exim/Makefile index 052bbb6..ea3a054 100644 --- a/mail/exim/Makefile +++ b/mail/exim/Makefile @@ -24,8 +24,8 @@ PATCH_DIST_STRIP= -p1 MAINTAINER= eik@FreeBSD.org COMMENT?= High performance MTA for Unix systems on the Internet -EXIM_VERSION= 4.32 -EXISCAN_VERSION=19 +EXIM_VERSION= 4.33 +EXISCAN_VERSION=20 .if !defined(EXIMON_ONLY) .if defined(PKGNAMESUFFIX) diff --git a/mail/exim/distinfo b/mail/exim/distinfo index 56208d4..70f24c4 100644 --- a/mail/exim/distinfo +++ b/mail/exim/distinfo @@ -1,4 +1,4 @@ -MD5 (exim/exim-4.32.tar.bz2) = f2dcbca57a8051c4d89d2cc8d96efd94 -SIZE (exim/exim-4.32.tar.bz2) = 1321711 -MD5 (exim/exiscan-acl-4.32-19.patch.bz2) = d1a3e095ab8c0733bc242155437d1729 -SIZE (exim/exiscan-acl-4.32-19.patch.bz2) = 73403 +MD5 (exim/exim-4.33.tar.bz2) = 8514c800172e4ab4e9cb90553605e1f2 +SIZE (exim/exim-4.33.tar.bz2) = 1327741 +MD5 (exim/exiscan-acl-4.33-20.patch.bz2) = 30a3ec5845f02a564c2300290371c475 +SIZE (exim/exiscan-acl-4.33-20.patch.bz2) = 74187 diff --git a/mail/exim/files/patch-doc::spec.txt b/mail/exim/files/patch-doc::spec.txt index 4d7ad28..5293ecc 100644 --- a/mail/exim/files/patch-doc::spec.txt +++ b/mail/exim/files/patch-doc::spec.txt @@ -1,8 +1,8 @@ ---- doc/spec.txt.orig Wed Dec 19 13:50:32 2001 -+++ doc/spec.txt Tue Jan 15 15:52:05 2002 -@@ -14403,6 +14403,19 @@ - be adequate for all your requirements if you are mainly interested in - encrypting transfers, and not in secure identification. +--- doc/spec.txt.orig Wed May 5 12:08:37 2004 ++++ doc/spec.txt Wed May 5 15:10:17 2004 +@@ -14432,6 +14432,19 @@ + message_prefix = "\1\1\1\1\n" + message_suffix = "\1\1\1\1\n" +However, many clients require that the certificate presented by Exim be a user +(also called "leaf" or "site") certificate, and not a self-signed certificate. @@ -18,5 +18,5 @@ + http://ospkibook.sourceforge.net/ + + create_directory Type: boolean Default: true - 39. CUSTOMIZING ERROR AND WARNING MESSAGES diff --git a/mail/exim/files/patch-mbx_lock b/mail/exim/files/patch-mbx_lock deleted file mode 100644 index 72d5886..0000000 --- a/mail/exim/files/patch-mbx_lock +++ /dev/null @@ -1,67 +0,0 @@ -# -# Race condition in MBX locking -# http://www.exim.org/pipermail/exim-users/Week-of-Mon-20040419/070394.html -# ---- src/exim_lock.c 2004-04-15 09:27:01.000000000 +0100 -+++ src/exim_lock.c 2004-04-22 15:34:29.000000000 +0100 -@@ -308,7 +308,7 @@ - for (j = 0; j < lock_retries; j++) - { - int sleep_before_retry = TRUE; -- struct stat statbuf; -+ struct stat statbuf, ostatbuf; - - /* Try to build a lock file if so configured */ - -@@ -395,7 +395,7 @@ - if (use_fcntl) - printf("exim_lock: fcntl() read lock successfully applied\n"); - if (use_flock) -- printf("exim_lock: fcntl() read lock successfully applied\n"); -+ printf("exim_lock: flock() read lock successfully applied\n"); - } - } - else goto RETRY; /* Message already output */ -@@ -451,7 +451,16 @@ - printf("exim_lock: flock() lock successfully applied to mbx " - "lock file %s\n", tempname); - } -- break; -+ -+ if (lstat(tempname, &statbuf) || fstat(md, &ostatbuf) || -+ (statbuf.st_dev != ostatbuf.st_dev) || -+ (statbuf.st_ino != ostatbuf.st_ino)) -+ { -+ if (!quiet) printf("exim_lock: mbx lock file %s changed between " -+ "creation and locking\n", tempname); -+ goto RETRY; -+ } -+ else break; - } - else goto RETRY; /* Message already output */ - } ---- src/transports/appendfile.c 2004-04-15 09:27:01.000000000 +0100 -+++ src/transports/appendfile.c 2004-04-22 15:46:41.000000000 +0100 -@@ -1971,7 +1971,20 @@ - - if (apply_lock(mbx_lockfd, F_WRLCK, ob->use_fcntl, - ob->lock_fcntl_timeout, ob->use_flock, ob->lock_flock_timeout) >= 0) -- break; -+ { -+ struct stat ostatbuf; -+ if (lstat(mbx_lockname, &statbuf) || -+ fstat(mbx_lockfd, &ostatbuf) || -+ (statbuf.st_dev != ostatbuf.st_dev) || -+ (statbuf.st_ino != ostatbuf.st_ino)) -+ { -+ DEBUG(D_transport) debug_printf("MBX lockfile %s changed " -+ "between creation and locking\n", mbx_lockname); -+ close(mbx_lockfd); -+ mbx_lockfd = -1; -+ } -+ else break; -+ } - - DEBUG(D_transport) debug_printf("failed to lock %s: %s\n", mbx_lockname, - strerror(errno)); - diff --git a/mail/exim/files/patch-scripts::exim_install b/mail/exim/files/patch-scripts::exim_install index c60ee09..7874ce9 100644 --- a/mail/exim/files/patch-scripts::exim_install +++ b/mail/exim/files/patch-scripts::exim_install @@ -1,6 +1,6 @@ ---- scripts/exim_install.orig Wed Dec 18 12:28:00 2002 -+++ scripts/exim_install Mon Jan 6 11:11:46 2003 -@@ -330,9 +330,8 @@ +--- scripts/exim_install.orig Wed May 5 12:08:35 2004 ++++ scripts/exim_install Wed May 5 15:07:53 2004 +@@ -357,9 +357,8 @@ echo $com ' ' ${CONFIGURE_FILE} echo $com Therefore, skipping automatic installation. @@ -12,7 +12,7 @@ if [ "${SYSTEM_ALIASES_FILE}" = "" ] ; then SYSTEM_ALIASES_FILE=/etc/aliases echo $com This configuration has system aliases in ${SYSTEM_ALIASES_FILE}. -@@ -343,7 +342,7 @@ +@@ -370,7 +369,7 @@ echo sed -e '\\' echo " \"/SYSTEM_ALIASES_FILE/ s'SYSTEM_ALIASES_FILE'${ACTUAL_SYSTEM_ALIASES_FILE}'\"" '\\' @@ -21,7 +21,7 @@ # I can't find a way of writing this using the ${real} feature because # it seems that the output redirection always happens, even when -n was -@@ -352,7 +351,7 @@ +@@ -379,7 +378,7 @@ if [ "$real" = "" ] ; then sed -e \ "/SYSTEM_ALIASES_FILE/ s'SYSTEM_ALIASES_FILE'${ACTUAL_SYSTEM_ALIASES_FILE}'" \ @@ -30,7 +30,7 @@ else true fi -@@ -372,8 +371,6 @@ +@@ -399,8 +398,6 @@ ${real} ${CP} ../src/aliases.default ${SYSTEM_ALIASES_FILE} fi diff --git a/mail/exim/files/patch-src::configure.default b/mail/exim/files/patch-src::configure.default index 56a0a11..de3f6dc 100644 --- a/mail/exim/files/patch-src::configure.default +++ b/mail/exim/files/patch-src::configure.default @@ -1,5 +1,5 @@ ---- src/configure.default.orig Mon May 12 15:39:18 2003 -+++ src/configure.default Thu Jun 12 16:40:25 2003 +--- src/configure.default.orig Wed May 5 12:08:35 2004 ++++ src/configure.default Wed May 5 15:09:40 2004 @@ -56,7 +56,7 @@ domainlist local_domains = @ @@ -9,16 +9,16 @@ # Most straightforward access control requirements can be obtained by # appropriate settings of the above options. In more complicated situations, you -@@ -147,6 +147,8 @@ - # were a normal user. This isn't usually a problem, as most sites have an alias - # for root that redirects such mail to a human administrator. +@@ -153,6 +153,8 @@ + # as if it were a normal user. This isn't usually a problem, as most sites have + # an alias for root that redirects such mail to a human administrator. +exim_user = XX_EXIM_USER_XX +exim_group = XX_EXIM_GROUP_XX never_users = root -@@ -378,7 +380,8 @@ +@@ -412,7 +414,8 @@ allow_fail allow_defer data = ${lookup{$local_part}lsearch{SYSTEM_ALIASES_FILE}} @@ -28,15 +28,15 @@ file_transport = address_file pipe_transport = address_pipe -@@ -412,6 +415,7 @@ +@@ -446,6 +449,7 @@ file_transport = address_file pipe_transport = address_pipe reply_transport = address_reply + condition = ${if exists{$home/.forward} {yes} {no} } - # This router matches local user mailboxes. -@@ -455,8 +459,10 @@ + # This router matches local user mailboxes. If the router fails, the error +@@ -491,8 +495,10 @@ delivery_date_add envelope_to_add return_path_add diff --git a/mail/exim/files/patch-src::verify.c b/mail/exim/files/patch-src::verify.c deleted file mode 100644 index 848c864..0000000 --- a/mail/exim/files/patch-src::verify.c +++ /dev/null @@ -1,68 +0,0 @@ -# -# A rewrite-influenced bug was introduced in 4.31. -# http://www.exim.org/pipermail/exim-users/Week-of-Mon-20040419/070387.html -# -*** src/verify.c Thu Apr 15 09:27:01 2004 ---- verify.c Wed Apr 21 16:28:18 2004 -*************** -*** 758,764 **** - address_item *addr_succeed = NULL; - uschar *ko_prefix, *cr; - uschar *address = vaddr->address; -! uschar *save_sender = sender_address; - uschar null_sender[] = { 0 }; /* Ensure writeable memory */ - - /* Set up a prefix and suffix for error message which allow us to use the same ---- 758,764 ---- - address_item *addr_succeed = NULL; - uschar *ko_prefix, *cr; - uschar *address = vaddr->address; -! uschar *save_sender; - uschar null_sender[] = { 0 }; /* Ensure writeable memory */ - - /* Set up a prefix and suffix for error message which allow us to use the same -*************** -*** 816,825 **** - - /* If the address was rewritten to <> no verification can be done, and we have - to return OK. This rewriting is permitted only for sender addresses; for other -! addresses, such rewriting faile. */ - - if (address[0] == 0) return OK; - - /* Update the address structure with the possibly qualified and rewritten - address. Set it up as the starting address on the chain of new addresses. */ - ---- 816,830 ---- - - /* If the address was rewritten to <> no verification can be done, and we have - to return OK. This rewriting is permitted only for sender addresses; for other -! addresses, such rewriting fails. */ - - if (address[0] == 0) return OK; - -+ /* Save a copy of the sender address for re-instating if we change it to <> -+ while verifying a sender address (a nice bit of self-reference there). */ -+ -+ save_sender = sender_address; -+ - /* Update the address structure with the possibly qualified and rewritten - address. Set it up as the starting address on the chain of new addresses. */ - -*************** -*** 898,904 **** - if (!is_recipient) sender_address = null_sender; - rc = route_address(addr, &addr_local, &addr_remote, &addr_new, - &addr_succeed, verify_type); -! sender_address = save_sender; - } - - /* If routing an address succeeded, set the flag that remembers, for use when ---- 903,909 ---- - if (!is_recipient) sender_address = null_sender; - rc = route_address(addr, &addr_local, &addr_remote, &addr_new, - &addr_succeed, verify_type); -! sender_address = save_sender; /* Put back the real sender */ - } - - /* If routing an address succeeded, set the flag that remembers, for use when diff --git a/mail/exim/files/wishlist-iplsearch.patch b/mail/exim/files/wishlist-iplsearch.patch deleted file mode 100644 index 72083ae..0000000 --- a/mail/exim/files/wishlist-iplsearch.patch +++ /dev/null @@ -1,395 +0,0 @@ -# -# Wishlist #254 (2) iplsearch -# http://www.exim.org/pipermail/exim-users/Week-of-Mon-20040419/070420.html -# -diff -uNr src/drtables.c exim-4.32.with-iplsearch/src/drtables.c ---- src/drtables.c 2004-04-15 10:27:01.000000000 +0200 -+++ exim-4.32.with-iplsearch/src/drtables.c 2004-04-23 16:16:53.000000000 +0200 -@@ -212,6 +212,23 @@ - #endif - }, - -+/* Linear search of single file with ip-addresses and networks */ -+ -+ { -+ US"iplsearch", /* lookup name */ -+ lookup_absfile, /* uses absolute file name */ -+#ifdef LOOKUP_LSEARCH -+ lsearch_open, /* open function */ -+ lsearch_check, /* check function */ -+ iplsearch_find, /* find function */ -+ lsearch_close, /* close function */ -+ NULL, /* no tidy function */ -+ NULL /* no quoting function */ -+#else -+ NULL, NULL, NULL, NULL, NULL, NULL /* lookup not present */ -+#endif -+ }, -+ - /* LDAP lookup, allowing data from only one entry to be returned */ - - { -diff -uNr src/exim.c exim-4.32.with-iplsearch/src/exim.c ---- src/exim.c 2004-04-15 10:27:01.000000000 +0200 -+++ exim-4.32.with-iplsearch/src/exim.c 2004-04-23 16:17:14.000000000 +0200 -@@ -814,7 +814,7 @@ - - fprintf(f, "Lookups:"); - #ifdef LOOKUP_LSEARCH -- fprintf(f, " lsearch wildlsearch nwildlsearch"); -+ fprintf(f, " lsearch wildlsearch nwildlsearch iplsearch"); - #endif - #ifdef LOOKUP_CDB - fprintf(f, " cdb"); -diff -uNr src/functions.h exim-4.32.with-iplsearch/src/functions.h ---- src/functions.h 2004-04-15 10:27:01.000000000 +0200 -+++ exim-4.32.with-iplsearch/src/functions.h 2004-04-23 16:01:44.000000000 +0200 -@@ -104,6 +104,7 @@ - extern int host_find_bydns(host_item *, uschar *, int, uschar *, BOOL, BOOL, - uschar **, BOOL *); - extern ip_address_item *host_find_interfaces(void); -+extern BOOL host_is_in_net(uschar *, uschar *); - extern void host_mask(int, int *, int); - extern int host_name_lookup(void); - extern int host_nmtoa(int, int *, int, uschar *); -diff -uNr src/host.c exim-4.32.with-iplsearch/src/host.c ---- src/host.c 2004-04-15 10:27:01.000000000 +0200 -+++ exim-4.32.with-iplsearch/src/host.c 2004-04-23 16:29:34.000000000 +0200 -@@ -2689,7 +2689,84 @@ - return yield; - } - -+/*********************************** -+* host_is_in_net * -+***********************************/ -+ -+/* Checks an host to be part of a network. -+ -+Arguments: -+ host The string representation of the ip-address to check -+ net The string representation of the network, with optional -+ cidr-mask -+ -+Returns: -+ TRUE if the host is inside the network -+ FALSE if the host is NOT inside the network -+*/ - -+BOOL -+host_is_in_net(uschar *host, uschar *net) -+{ -+int maskoffset; -+int i; -+int address[4]; -+int incoming[4]; -+int mlen; -+int size = host_aton(net, address); -+int insize; -+ -+if (!string_is_ip_address(net, &maskoffset)) return FALSE; -+ -+/* No mask => all bits to be checked */ -+ -+if (maskoffset == 0) mlen = 99999; /* Big number */ -+else -+ { -+ mlen = Uatoi(net + maskoffset + 1); -+ net[maskoffset] = '/'; /* restore the slash */ -+ } -+ -+/* Convert the incoming address to binary. */ -+ -+insize = host_aton(host, incoming); -+ -+/* Convert IPv4 addresses given in IPv6 compatible mode, which represent -+ connections from IPv4 hosts to IPv6 hosts, that is, addresses of the form -+ ::ffff:, to IPv4 format. */ -+ -+if (insize == 4 && incoming[0] == 0 && incoming[1] == 0 && -+ incoming[2] == 0xffff) -+ { -+ insize = 1; -+ incoming[0] = incoming[3]; -+ } -+ -+/* No match if the sizes don't agree. */ -+ -+if (insize != size) return FALSE; -+ -+/* Else do the masked comparison. */ -+ -+for (i = 0; i < size; i++) -+ { -+ int mask; -+ if (mlen == 0) mask = 0; -+ else if (mlen < 32) -+ { -+ mask = (-1) << (32 - mlen); -+ mlen = 0; -+ } -+ else -+ { -+ mask = -1; -+ mlen -= 32; -+ } -+ if ((incoming[i] & mask) != (address[i] & mask)) return FALSE; -+ } -+return TRUE; -+ -+} - - - /************************************************* -diff -uNr src/lookups/lsearch.c exim-4.32.with-iplsearch/src/lookups/lsearch.c ---- src/lookups/lsearch.c 2004-04-15 10:27:01.000000000 +0200 -+++ exim-4.32.with-iplsearch/src/lookups/lsearch.c 2004-04-23 16:31:20.000000000 +0200 -@@ -9,7 +9,12 @@ - #include "lf_functions.h" - #include "lsearch.h" - -- -+enum { -+ LSEARCH_PLAIN, -+ LSEARCH_WILD, -+ LSEARCH_NWILD, -+ LSEARCH_IP -+}; - - /************************************************* - * Open entry point * -@@ -61,7 +66,7 @@ - - static int - internal_lsearch_find(void *handle, uschar *filename, uschar *keystring, -- int length, uschar **result, uschar **errmsg, BOOL wild, BOOL expand) -+ int length, uschar **result, uschar **errmsg, int type) - { - FILE *f = (FILE *)handle; - BOOL last_was_eol = TRUE; -@@ -136,34 +141,53 @@ - linekeylength = s - buffer; - } - -- /* A wild lsearch treats each key as a possible wildcarded string. */ -- -- if (wild) -- { -- int rc; -- int save = buffer[linekeylength]; -- uschar *list = buffer; -- buffer[linekeylength] = 0; -- rc = match_isinlist(keystring, -- &list, -- UCHAR_MAX+(expand? 1:2), /* Single-item list, possibly expanded */ -- NULL, /* No anchor */ -- NULL, /* No caching */ -- MCL_STRING, -- TRUE, /* Caseless */ -- NULL); -- buffer[linekeylength] = save; - -- if (rc == FAIL) continue; -- if (rc == DEFER) return DEFER; -- } -- -- /* A non-wild lsearch treats each key as a litersl */ -- -- else -+ switch(type) - { -+ /* A non-wild lsearch treats each key as a literal */ -+ case LSEARCH_PLAIN: - if (linekeylength != length || strncmpic(buffer, keystring, length) != 0) - continue; -+ break; -+ -+ /* A wild lsearch treats each key as a possible wildcarded string. */ -+ case LSEARCH_WILD: -+ /* Like wildlsearch, but without expanding the key */ -+ case LSEARCH_NWILD: -+ { -+ int rc; -+ int save = buffer[linekeylength]; -+ uschar *list = buffer; -+ buffer[linekeylength] = 0; -+ rc = match_isinlist(keystring, -+ &list, -+ /* Single-item list, possibly expanded */ -+ UCHAR_MAX+(type == LSEARCH_WILD? 1:2), -+ NULL, /* No anchor */ -+ NULL, /* No caching */ -+ MCL_STRING, -+ TRUE, /* Caseless */ -+ NULL); -+ buffer[linekeylength] = save; -+ -+ if (rc == FAIL) continue; -+ if (rc == DEFER) return DEFER; -+ }; -+ break; -+ /* Compare an ip address against a list of network/ip addresses */ -+ case LSEARCH_IP: -+ /* Allow * as search-key */ -+ if (!(length == 1 && linekeylength == 1 && -+ buffer[0] == '*' && keystring[0] == '*')) -+ { -+ /* This was no wildcard, so try to match key and buffer */ -+ int save = buffer[linekeylength]; -+ buffer[linekeylength] = 0; -+ if (!host_is_in_net(keystring, buffer)) -+ continue; -+ buffer[linekeylength] = save; -+ } -+ break; - } - - /* The key has matched. Skip spaces after the key, and allow an optional -@@ -245,7 +269,7 @@ - uschar **result, uschar **errmsg) - { - return internal_lsearch_find(handle, filename, keystring, length, result, -- errmsg, FALSE, FALSE); -+ errmsg, LSEARCH_PLAIN); - } - - -@@ -261,7 +285,7 @@ - uschar **result, uschar **errmsg) - { - return internal_lsearch_find(handle, filename, keystring, length, result, -- errmsg, TRUE, TRUE); -+ errmsg, LSEARCH_WILD); - } - - -@@ -277,7 +301,31 @@ - uschar **result, uschar **errmsg) - { - return internal_lsearch_find(handle, filename, keystring, length, result, -- errmsg, TRUE, FALSE); -+ errmsg, LSEARCH_NWILD); -+} -+ -+ -+/************************************************* -+* Find entry point for iplsearch * -+*************************************************/ -+ -+/* See local README for interface description */ -+ -+int -+iplsearch_find(void *handle, uschar *filename, uschar *keystring, int length, -+ uschar **result, uschar **errmsg) -+{ -+if (string_is_ip_address(keystring, NULL) -+ || (length == 1 && keystring[0] == '*')) -+ { -+ return internal_lsearch_find(handle, filename, keystring, length, result, -+ errmsg, LSEARCH_IP); -+ } -+ else -+ { -+ *errmsg = string_sprintf("\"%s\" is not a valid iplsearch key", keystring); -+ return DEFER; -+ }; - } - - -diff -uNr src/lookups/lsearch.h exim-4.32.with-iplsearch/src/lookups/lsearch.h ---- src/lookups/lsearch.h 2004-04-15 10:27:01.000000000 +0200 -+++ exim-4.32.with-iplsearch/src/lookups/lsearch.h 2004-04-23 12:24:32.000000000 +0200 -@@ -15,4 +15,6 @@ - extern int wildlsearch_find(void *, uschar *, uschar *, int, uschar **, uschar **); - extern int nwildlsearch_find(void *, uschar *, uschar *, int, uschar **, uschar **); - -+extern int iplsearch_find(void *, uschar *, uschar *, int, uschar **, uschar **); -+ - /* End of lookups/lsearch.h */ -diff -uNr src/verify.c exim-4.32.with-iplsearch/src/verify.c ---- src/verify.c 2004-04-15 10:27:01.000000000 +0200 -+++ exim-4.32.with-iplsearch/src/verify.c 2004-04-25 16:09:11.000000000 +0200 -@@ -1683,10 +1683,10 @@ - check_host(void *arg, uschar *ss, uschar **valueptr, uschar **error) - { - check_host_block *cb = (check_host_block *)arg; --int maskoffset; - BOOL isquery = FALSE; - uschar *semicolon, *t; - uschar **aliases; -+int maskoffset; - - /* Optimize for the special case when the pattern is "*". */ - -@@ -1714,69 +1714,11 @@ - } - } - --/* If the pattern is an IP address, optionally followed by a bitmask count, --mask it and the current IP address, and do a binary comparison on them. --The function string_is_ip_address(), when given a non-NULL second argument, --puts the offset of a '/' in there and clobbers the '/' to a zero. */ -+/* If the pattern is an IP address, use host_is_in_net for checking. */ - - if (string_is_ip_address(ss, &maskoffset)) -- { -- int i; -- int address[4]; -- int incoming[4]; -- int mlen; -- int size = host_aton(ss, address); -- int insize; -- -- /* No mask => all bits to be checked */ -- -- if (maskoffset == 0) mlen = 99999; /* Big number */ -- else -- { -- mlen = Uatoi(ss + maskoffset + 1); -- ss[maskoffset] = '/'; /* restore the slash */ -- } -- -- /* Convert the incoming address to binary. */ -- -- insize = host_aton(cb->host_address, incoming); -- -- /* Convert IPv4 addresses given in IPv6 compatible mode, which represent -- connections from IPv4 hosts to IPv6 hosts, that is, addresses of the form -- ::ffff:, to IPv4 format. */ -- -- if (insize == 4 && incoming[0] == 0 && incoming[1] == 0 && -- incoming[2] == 0xffff) -- { -- insize = 1; -- incoming[0] = incoming[3]; -- } -- -- /* No match if the sizes don't agree. */ -- -- if (insize != size) return FAIL; -- -- /* Else do the masked comparison. */ -- -- for (i = 0; i < size; i++) -- { -- int mask; -- if (mlen == 0) mask = 0; -- else if (mlen < 32) -- { -- mask = (-1) << (32 - mlen); -- mlen = 0; -- } -- else -- { -- mask = -1; -- mlen -= 32; -- } -- if ((incoming[i] & mask) != (address[i] & mask)) return FAIL; -- } -- return OK; -- } -- -+ return (host_is_in_net(cb->host_address, ss) ? OK : FAIL); -+ - /* If the item is of the form net[n]-lookup; then it is a lookup on - a masked IP network, in textual form. The net- stuff really only applies to - single-key lookups where the key is implicit. For query-style lookups the key -- cgit v1.1