[pmg-devel] [PATCH pmg-api v2] fix #1653: parse ipv6 xforward correctly
Stoiko Ivanov
s.ivanov at proxmox.com
Thu Jan 23 11:22:55 CET 2020
Thanks for the v2!
Tried it again (with a CIDR and an individual ipv6 address) - it works as
expected.
On Wed, 22 Jan 2020 14:26:29 +0100
Dominik Csapak <d.csapak at proxmox.com> wrote:
> postfix prepends an ipv6 address in the xforward message with 'IPv6:'
> we did not remove it and our later checks in who objects fail silently.
>
> we now check if the addr is prefixed with this and remove it to
> allow the who objects to work.
>
> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
> ---
> changes from v1:
> * fix subject
> * move prefix removal to 'from_match'
> since we actually need the xfoward field to keep that format for
> the postfix server that sends the email to the recipient
> we do not need to do this anyplace else, since 'to_match' does
> not get an ip anyway and there is no other place where we check who
> matches
>
> src/PMG/RuleCache.pm | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/src/PMG/RuleCache.pm b/src/PMG/RuleCache.pm
> index 0b97839..9b18e7e 100644
> --- a/src/PMG/RuleCache.pm
> +++ b/src/PMG/RuleCache.pm
> @@ -239,6 +239,11 @@ sub from_match {
>
> return 1 if !defined ($from);
>
> + # postfix prefixes ipv6 addresses with IPv6:
> + if ($ip =~ /^IPv6:(.*)/) {
hm - the v1 had a case-insensitive match for the IPv6 - maybe we want to
add the 'i' in the end?
As said - it works without it as well - and I guess it's very unlikely
that postfix will change that part of it's output (since quite many
proxies are using and relying on it ;)
apart from that option:
Tested-By: Stoiko Ivanov <s.ivanov at proxmox.com>
Reviewed-By: Stoiko Ivanov <s.ivanov at proxmox.com>
> + $ip = $1;
> + }
> +
> foreach my $obj (@$from) {
> return 1 if $obj->who_match($addr, $ip, $ldap);
> }
More information about the pmg-devel
mailing list