[pmg-devel] applied: [PATCH pmg-api v2] fix #1653: parse ipv6 xforward correctly

[Thomas Lamprecht]

On 1/23/20 11:22 AM, Stoiko Ivanov wrote:
> Thanks for the v2!
> Tried it again (with a CIDR and an individual ipv6 address) - it works as
> expected.
> 
> On Wed, 22 Jan 2020 14:26:29 +0100
> Dominik Csapak <d.csapak at proxmox.com> wrote:
> 
>> postfix prepends an ipv6 address in the xforward message with 'IPv6:'
>> we did not remove it and our later checks in who objects fail silently.
>>
>> we now check if the addr is prefixed with this and remove it to
>> allow the who objects to work.
>>
>> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
>> ---
>> changes from v1:
>> * fix subject
>> * move prefix removal to 'from_match'
>>   since we actually need the xfoward field to keep that format for
>>   the postfix server that sends the email to the recipient
>>   we do not need to do this anyplace else, since 'to_match' does
>>   not get an ip anyway and there is no other place where we check who
>>   matches
>>
>>  src/PMG/RuleCache.pm | 5 +++++
>>  1 file changed, 5 insertions(+)
>>
>> diff --git a/src/PMG/RuleCache.pm b/src/PMG/RuleCache.pm
>> index 0b97839..9b18e7e 100644
>> --- a/src/PMG/RuleCache.pm
>> +++ b/src/PMG/RuleCache.pm
>> @@ -239,6 +239,11 @@ sub from_match {
>>  
>>      return 1 if !defined ($from);
>>  
>> +    # postfix prefixes ipv6 addresses with IPv6:
>> +    if ($ip =~ /^IPv6:(.*)/) {
> hm - the v1 had a case-insensitive match for the IPv6 - maybe we want to
> add the 'i' in the end?
> As said - it works without it as well - and I guess it's very unlikely
> that postfix will change that part of it's output (since quite many
> proxies are using and relying on it ;)
> 
> apart from that option:
> Tested-By: Stoiko Ivanov <s.ivanov at proxmox.com>
> Reviewed-By: Stoiko Ivanov <s.ivanov at proxmox.com>
> 

With your T-b and R-b applied, thanks to both!

> 
>> +	$ip = $1;
>> +    }
>> +
>>      foreach my $obj (@$from) {
>>  	return 1 if $obj->who_match($addr, $ip, $ldap);
>>      }