X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=authbind.git;a=blobdiff_plain;f=authbind.1;h=46abb3ab132b5d04b2759a8838bb216c68daf713;hp=b8710f5e807f2460335131904153886cc5f6c0a5;hb=1fe15d20963240b9cf021602eac927dfe97f7aaa;hpb=e9fb37fdd9029a2084040d6524ed54de0a6185c7 diff --git a/authbind.1 b/authbind.1 index b8710f5..46abb3a 100644 --- a/authbind.1 +++ b/authbind.1 @@ -86,10 +86,14 @@ Secondly, if that test fails to resolve the matter, (any protocol) or failing that .BI /etc/authbind/byaddr/ addr : port (IPv4 only) -is tested, in the same manner as above. (Here +is tested, in the same manner as above. Here .I addr is as from -.BR inet_ntop .) +.BR inet_ntop . +Since this is not completely predictable for IPv6, +for IPv6 a variant of +.I addr +is also tested which does not contain any ommitted zeroes or colons. .PP Thirdly, if the question is still unresolved, the file .BI /etc/authbind/byuid/ uid @@ -101,21 +105,23 @@ will return .RI ( "Operation not permitted" ", or " "Not owner" ). If the file does exist it will be searched for a line of the form .nf -.IR addrmin [\fB\-\fR addrmax ]\fB,\fR portmin \fB\-\fR portmax +.IR addrmin [\fB\-\fR addrmax ]\fB,\fR portmin [\fB\-\fR portmax ] +.IR addr [\fB/\fR length ]\fB,\fR portmin [\fB\-\fR portmax ] .IB addr4 / length : portmin , portmax .fi matching the request. The first form requires that the address lies in the relevant range (inclusive at both ends). -The second form requires that the initial +The second and third forms require that the initial .I length bits of .I addr match those in the proposed .B bind -call and is only available for IPv4. -Addresses can -be in any form acceptable to inet_pton. In both cases +call. The third form is only available for IPv4 since IPv6 addresses +contain colons. +Addresses in the byuid file can +be in any form acceptable to inet_pton. In all cases the proposed port number must lie is in the inclusive range specified. If such a line is found then the binding is authorised. Otherwise it is not, and