Allow addresses as well as interface names in --auth-server.

2025-12-19 10:18:25 +00:00 · 2012-12-10 20:45:53 +00:00
parent b5a8dd1dec
commit 429798fd08
3 changed files with 63 additions and 28 deletions
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -755,7 +755,8 @@ extern struct daemon {
  char *lease_file; 
  char *username, *groupname, *scriptuser;
  char *luascript;
-  char *authserver, *authinterface, *hostmaster;
+  char *authserver, *hostmaster;
+  struct iname *authinterface;
  struct name_list *secondary_forward_server;
  int group_set, osport;
  char *domain_suffix;
--- a/src/network.c
+++ b/src/network.c
@@ -114,17 +114,9 @@ int iface_check(int family, struct all_addr *addr, char *name, int *auth)

  /* Note: have to check all and not bail out early, so that we set the
     "used" flags. */
-
+  
  if (auth)
-    {
-      if (daemon->authinterface && strcmp(daemon->authinterface, name) == 0)
-	{
-	  *auth = 1;
-	  return 1;
-	}
-      else 
-	*auth = 0;
-    }	
+    *auth = 0;
  
  if (daemon->if_names || daemon->if_addrs)
    {
@@ -134,25 +126,48 @@ int iface_check(int family, struct all_addr *addr, char *name, int *auth)
 	if (tmp->name && (strcmp(tmp->name, name) == 0))
 	  ret = tmp->used = 1;
 	        
-      for (tmp = daemon->if_addrs; tmp; tmp = tmp->next)
-	if (tmp->addr.sa.sa_family == family)
-	  {
-	    if (family == AF_INET &&
-		tmp->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr)
-	      ret = tmp->used = 1;
+      if (addr)
+	for (tmp = daemon->if_addrs; tmp; tmp = tmp->next)
+	  if (tmp->addr.sa.sa_family == family)
+	    {
+	      if (family == AF_INET &&
+		  tmp->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr)
+		ret = tmp->used = 1;
 #ifdef HAVE_IPV6
-	    else if (family == AF_INET6 &&
-		     IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, 
-					&addr->addr.addr6))
-	      ret = tmp->used = 1;
+	      else if (family == AF_INET6 &&
+		       IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, 
+					  &addr->addr.addr6))
+		ret = tmp->used = 1;
 #endif
-	  }          
+	    }          
    }
  
  for (tmp = daemon->if_except; tmp; tmp = tmp->next)
    if (tmp->name && (strcmp(tmp->name, name) == 0))
      ret = 0;
    
+
+  for (tmp = daemon->authinterface; tmp; tmp = tmp->next)
+    if (tmp->name)
+      {
+	if (strcmp(tmp->name, name) == 0)
+	  break;
+      }
+    else if (addr && tmp->addr.sa.sa_family == AF_INET && family == AF_INET &&
+	     tmp->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr)
+      break;
+#ifdef HAVE_IPV6
+    else if (addr && tmp->addr.sa.sa_family == AF_INET6 && family == AF_INET6 &&
+	     IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, &addr->addr.addr6))
+      break;
+#endif      
+
+  if (tmp && auth) 
+    {
+      *auth = 1;
+      ret = 1;
+    }
+
  return ret; 
 }
      
--- a/src/option.c
+++ b/src/option.c
@@ -1544,8 +1544,27 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	ret_err(gen_err);
      
      daemon->authserver = opt_string_alloc(arg);
-      daemon->authinterface = opt_string_alloc(comma);
-      
+      arg = comma;
+      do {
+	struct iname *new = opt_malloc(sizeof(struct iname));
+	comma = split(arg);
+	new->name = NULL;
+	unhide_metas(arg);
+	if ((new->addr.in.sin_addr.s_addr = inet_addr(arg)) != (in_addr_t)-1)
+	  new->addr.sa.sa_family = AF_INET;
+#ifdef HAVE_IPV6
+	else if (inet_pton(AF_INET6, arg, &new->addr.in6.sin6_addr) > 0)
+	  new->addr.sa.sa_family = AF_INET6;
+#endif
+	else
+	  new->name = opt_string_alloc(arg);
+	
+	new->next = daemon->authinterface;
+	daemon->authinterface = new;
+	
+	arg = comma;
+      } while (arg);
+            
      break;

    case LOPT_AUTHSFS: /* --auth-sec-servers */
@@ -1554,7 +1573,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma

 	do {
 	  comma = split(arg);
-	  new = safe_malloc(sizeof(struct name_list));
+	  new = opt_malloc(sizeof(struct name_list));
 	  new->name = opt_string_alloc(arg);
 	  new->next = daemon->secondary_forward_server;
 	  daemon->secondary_forward_server = new;
@@ -1571,7 +1590,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	if (!comma)
 	  ret_err(gen_err);
 	
-	new = safe_malloc(sizeof(struct auth_zone));
+	new = opt_malloc(sizeof(struct auth_zone));
 	new->domain = opt_string_alloc(arg);
 	new->subnet = NULL;
 	new->next = daemon->auth_zones;
@@ -1581,7 +1600,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	  {
 	    int prefixlen = 0;
 	    char *prefix;
-	    struct subnet *subnet =  safe_malloc(sizeof(struct subnet));
+	    struct subnet *subnet =  opt_malloc(sizeof(struct subnet));
 	    
 	    subnet->next = new->subnet;
 	    new->subnet = subnet;
@@ -1660,7 +1679,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	    {
 	      if (comma)
 		{
-		  struct cond_domain *new = safe_malloc(sizeof(struct cond_domain));
+		  struct cond_domain *new = opt_malloc(sizeof(struct cond_domain));
 		  char *netpart;

 		  unhide_metas(comma);