--- lmtp2nntp_config.c 2002/02/04 14:48:30 1.38
+++ lmtp2nntp_config.c 2002/02/04 15:43:01 1.39
@@ -221,6 +221,7 @@
try {
char *cp;
int i;
+ int somepass;
if ( (val_get(ctx->val, "option.acl", &ov) != VAL_OK)
|| (ov->ndata < 0)
@@ -230,8 +231,22 @@
for (i = 0; i < ov->ndata; i++)
log2(ctx, TRACE, "--acl[%d] = \"%s\"", i, (ov->data.m)[i]);
+ /* check if only blocking ACLs exist */
+ somepass = FALSE;
+ if (ov->ndata >= 1) {
+ for (i = 0; i < ov->ndata; i++) {
+ cp = (ov->data.m)[i];
+ if (cp[0] != '!') {
+ somepass = TRUE;
+ break;
+ }
+ }
+ }
+
+ /* if only blocking ACLs exist, reserve space for two additional pass-through wildcards */
+ if ((ctx->pacl = (struct acl *)malloc((ov->ndata + somepass ? 0 : 2 ) * sizeof(struct acl))) == NULL) throw(0,0,0);
+
if (ov->ndata >= 1) {
- if ((ctx->pacl = (struct acl *)malloc(ov->ndata * sizeof(struct acl))) == NULL) throw(0,0,0);
for (i = 0; i < ov->ndata; i++) {
cp = (ov->data.m)[i];
log2(ctx, DEBUG, "cp = (data.m)[%d] = \"%s\"", i, cp);
@@ -241,7 +256,7 @@
}
else {
ctx->pacl[i].acl = strdup(cp);
- ctx->pacl[i].not = TRUE;
+ ctx->pacl[i].not = FALSE;
}
log2(ctx, DEBUG, "ctx->pacl[%d].not = %s", i, ctx->pacl[i].not == TRUE ? "TRUE" : "FALSE");
log2(ctx, DEBUG, "ctx->pacl[%d].acl = %s", i, ctx->pacl[i].acl);
@@ -262,6 +277,42 @@
}
ctx->nacl = i;
}
+
+ /* if only blocking ACLs exist, append a wildcard pass-through for IPv4 */
+ if (!somepass) {
+ i = ctx->nacl;
+ ctx->pacl[i].acl = "0.0.0.0";
+ ctx->pacl[i].not = FALSE;
+ ctx->pacl[i].prefixlen = 0;
+ if ((rc = sa_addr_create(&ctx->pacl[i].saa)) != SA_OK) {
+ log1(ctx, ERROR, "option --acl, create IPv4 pass-through address (internal) failed with \"%s\"", sa_error(rc));
+ throw(0,0,0);
+ }
+ if ((rc = sa_addr_u2a(ctx->pacl[i].saa, "inet://%s:0", ctx->pacl[i].acl)) != SA_OK) {
+ log2(ctx, ERROR, "option --acl, parsing IPv4 pass-through address (%s) failed with \"%s\"", ctx->pacl[i].acl, sa_error(rc));
+ throw(0,0,0);
+ }
+ i++;
+ ctx->nacl = i;
+ }
+
+ /* if only blocking ACLs exist, append a wildcard pass-through for IPv6 */
+ if (!somepass) {
+ i = ctx->nacl;
+ ctx->pacl[i].acl = "[::]";
+ ctx->pacl[i].not = FALSE;
+ ctx->pacl[i].prefixlen = 0;
+ if ((rc = sa_addr_create(&ctx->pacl[i].saa)) != SA_OK) {
+ log1(ctx, ERROR, "option --acl, create IPv6 pass-through address (internal) failed with \"%s\"", sa_error(rc));
+ throw(0,0,0);
+ }
+ if ((rc = sa_addr_u2a(ctx->pacl[i].saa, "inet://%s:0", ctx->pacl[i].acl)) != SA_OK) {
+ log2(ctx, ERROR, "option --acl, parsing IPv6 pass-through address (%s) failed with \"%s\"", ctx->pacl[i].acl, sa_error(rc));
+ throw(0,0,0);
+ }
+ i++;
+ ctx->nacl = i;
+ }
}
catch (ex)
rethrow;
|
