https://bugs.openldap.org/show_bug.cgi?id=9603
Issue ID: 9603 Summary: tcp wrappers no longer works with IPv6 Product: OpenLDAP Version: 2.5.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs@openldap.org Reporter: toby@inf.ed.ac.uk Target Milestone: ---
Hi,
OpenLDAP 2.5.5 Testing on Scientific Linux 7.9
It looks like slapd no longer passes an IPv6 address correctly to tcp wrappers.
Steps to Reproduce: connect to 2.5.5 slapd over IPv6 with tcp-wrappers enabled. Actual Results: access is always denied Expected Results: access permitted for IP addresses in /etc/hosts.allow
Additional information:
The problem seems to be that an IPv6 address is passed to hosts_ctl (~line 2324 in servers/slapd/daemon.c) as "[ipv6-address]" (with enclosing '[' and ']') - rather than "ipv6-address", e.g. the logged output is:
warning: can't resolve hostname ([2001:630:3c1:212:a2d3:c1ff:fe25:eec3]): Name or service not known fd=19 DENIED from unknown ([2001:630:3c1:212:a2d3:c1ff:fe25:eec3]
... when compared to a 2.4.59 slapd:
fd=19 DENIED from unknown (2001:630:3c1:212:a2d3:c1ff:fe25:eec3)
IPv4 connections work OK.
Thanks Toby Blake School of Informatics University of Edinburgh