Skip Menu |

This queue is for tickets about the Net-Server CPAN distribution.

Report information
The Basics
Id: 11770
Status: resolved
Priority: 0/
Queue: Net-Server
People
Owner: Nobody in particular
Requestors: carsten [...] wolffcarsten.de
Cc:
AdminCc:
Bug Information
Severity: Wishlist
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Sat Mar 05 17:09:23 2005 Guest - Ticket created
Subject: Patch to allow CIDR allow and deny statements
See Debian Bug#296137. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=296137 This patch adds the ability to use cidr_allow and cidr_deny statements in the configuration used by Net::Server.
--- orig/lib/Net/Server.pm +++ mod/lib/Net/Server.pm @@ -29,6 +29,7 @@ use IO::Select (); use POSIX (); use Fcntl (); +use Net::CIDR; use Net::Server::Proto (); use Net::Server::Daemonize qw(check_pid_file create_pid_file get_uid get_gid set_uid set_gid @@ -272,6 +273,10 @@ ### make sure that allow and deny look like array refs $prop->{allow} = [] unless defined($prop->{allow}) && ref($prop->{allow}); $prop->{deny} = [] unless defined($prop->{deny}) && ref($prop->{deny} ); + $prop->{cidr_allow} = [] unless + defined($prop->{cidr_allow}) && ref($prop->{cidr_allow}); + $prop->{cidr_deny} = [] unless + defined($prop->{cidr_deny}) && ref($prop->{cidr_deny} ); } @@ -717,15 +722,22 @@ } ### if no allow or deny parameters are set, allow all - return 1 unless @{ $prop->{allow} } || @{ $prop->{deny} }; + return 1 unless( @{ $prop->{cidr_allow} } || @{ $prop->{allow} } || + @{ $prop->{cidr_deny} } || @{ $prop->{deny} } ); ### if the addr or host matches a deny, reject it immediately + if( @{ $prop->{cidr_deny} }){ + return 0 if Net::CIDR::cidrlookup($prop->{peeraddr}, @{$prop->{cidr_deny}}); + } foreach ( @{ $prop->{deny} } ){ return 0 if $prop->{peerhost} =~ /^$_$/ && defined($prop->{reverse_lookups}); return 0 if $prop->{peeraddr} =~ /^$_$/; } ### if the addr or host isn't blocked yet, allow it if it is allowed + if( @{ $prop->{cidr_allow} }){ + return 1 if Net::CIDR::cidrlookup($prop->{peeraddr}, @{$prop->{cidr_allow}}); + } foreach ( @{ $prop->{allow} } ){ return 1 if $prop->{peerhost} =~ /^$_$/ && defined($prop->{reverse_lookups}); return 1 if $prop->{peeraddr} =~ /^$_$/; @@ -1092,7 +1104,7 @@ my $prop = $self->{server}; my $ref = shift; - foreach ( qw(port allow deny) ){ + foreach ( qw(port allow deny cidr_allow cidr_deny) ){ $prop->{$_} = [] unless exists $prop->{$_}; $ref->{$_} = $prop->{$_}; } @@ -1548,6 +1560,8 @@ reverse_lookups 1 undef allow /regex/ none deny /regex/ none + cidr_allow CIDR none + cidr_deny CIDR none ## daemonization parameters pid_file "filename" undef @@ -1673,6 +1687,13 @@ the client connection will be closed. Defaults to empty array refs. +=item cidr_allow/cidr_deny + +May be specified multiple times. Contains a CIDR block to compare to +incoming peeraddr. If cidr_allow or cidr_deny options are given, the +incoming client must match a cidr_allow and not match a cidr_deny or +the client connection will be closed. Defaults to empty array refs. + =item chroot Directory to chroot to after bind process has taken place @@ -1787,6 +1808,9 @@ allow .+\.(net|com) allow domain\.com deny a.+ + cidr_allow 127.0.0.0/8 + cidr_allow 192.0.2.0/24 + cidr_deny 192.0.2.4/30 ### background the process? background 1
  Mon Jun 20 17:12:31 2005 paul [...] seamons.com - Status changed from 'new' to 'open'
  Wed Jun 22 12:06:34 2005 paul [...] seamons.com - Status changed from 'open' to 'resolved'