dovecot-2.2: auth: allow_nets=local matches now connections with...

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-2.2/rev/d1aefed4589b
changeset: 18004:d1aefed4589b
user:      Timo Sirainen <tss at iki.fi>
date:      Sat Oct 25 02:39:00 2014 +0300
description:
auth: allow_nets=local matches now connections without any IP address

diffstat:

 src/auth/auth-request.c |  23 +++++++++++++----------
 1 files changed, 13 insertions(+), 10 deletions(-)

diffs (47 lines):

diff -r 37a3c6c001b7 -r d1aefed4589b src/auth/auth-request.c
--- a/src/auth/auth-request.c	Sat Oct 25 02:13:36 2014 +0300
+++ b/src/auth/auth-request.c	Sat Oct 25 02:39:00 2014 +0300
@@ -1279,30 +1279,33 @@
 	unsigned int bits;
 	bool found = FALSE;
 
-	if (request->remote_ip.family == 0) {
-		/* IP not known */
-		auth_request_log_info(request, AUTH_SUBSYS_DB,
-			"allow_nets check failed: Remote IP not known");
-		request->failed = TRUE;
-		return;
-	}
-
 	for (net = t_strsplit_spaces(networks, ", "); *net != NULL; net++) {
 		auth_request_log_debug(request, AUTH_SUBSYS_DB,
 			"allow_nets: Matching for network %s", *net);
 
+		if (strcmp(*net, "local") == 0 && request->remote_ip.family == 0) {
+			found = TRUE;
+			break;
+		}
+
 		if (net_parse_range(*net, &net_ip, &bits) < 0) {
 			auth_request_log_info(request, AUTH_SUBSYS_DB,
 				"allow_nets: Invalid network '%s'", *net);
 		}
 
-		if (net_is_in_network(&request->remote_ip, &net_ip, bits)) {
+		if (request->remote_ip.family != 0 &&
+		    net_is_in_network(&request->remote_ip, &net_ip, bits)) {
 			found = TRUE;
 			break;
 		}
 	}
 
-	if (!found) {
+	if (found)
+		;
+	else if (request->remote_ip.family == 0) {
+		auth_request_log_info(request, AUTH_SUBSYS_DB,
+			"allow_nets check failed: Remote IP not known and 'local' missing");
+	} else if (!found) {
 		auth_request_log_info(request, AUTH_SUBSYS_DB,
 			"allow_nets check failed: IP not in allowed networks");
 	}