Re: [Nbd] authfile syntax

[Wouter V. <w...@ut...>]

On Tue, Jul 13, 2010 at 02:56:15PM -0400, Richard Huddleston wrote:
> i'm trying to get the nbd-server 1:2.9.14-2ubuntu1 authfile to work
> under ubuntu lucid
> 
> it's correctly parsing
> 
> 192.168.2.101
> 192.168.2.103
> 192.168.2.104
> 192.168.2.105
> 
> 
> but fails to parse
> 
> 192.168.2.0/24
> 
> and during a connection attempt nbd-server outputs
> 
> Invalid entry '192.168.2.0' in authfile '/etc/nbd-server/allow', so,
> refusing all connections.
> 
> what gives?

Logic reversal:

diff --git a/nbd-server.c b/nbd-server.c
index 52f777d..16d70f7 100644
--- a/nbd-server.c
+++ b/nbd-server.c
@@ -274,7 +274,7 @@ int authorized_client(CLIENT *opts) {
                                return 0;
                        }
                        *(tmp++)=0;
-                       if(inet_aton(line,&addr)) {
+                       if(!inet_aton(line,&addr)) {
                                msg4(LOG_CRIT, ERRMSG, line, opts->server->authn
                                return 0;
                        }


> in addition, i'm confused by
> 
> http://linux.die.net/man/5/nbd-server
> 
> With /etc/nbd-server/allow containing the following:
> 
> 127.0.0.1
> 192.168.0.0/8
> 192.168.1.1
> 
> does 192.168.0.0/8 make sense?
> 
> shouldn't it be either
> 
> 192.0.0.0/8
> 
> or
> 
> 192.168.0.0/16

Probably, but (with the above fix) nbd-server doesn't care about the
bits that are masked away. You can specify 192.168.0.1/8, and it won't
give you an error.

-- 
The biometric identification system at the gates of the CIA headquarters
works because there's a guard with a large gun making sure no one is
trying to fool the system.
  http://www.schneier.com/blog/archives/2009/01/biometrics.html