+static int hostaccessvol(int type, const char *volname, const char *args, const AFPObj *obj)
+{
+ int mask_int;
+ char buf[MAXPATHLEN + 1], *p, *b;
+ DSI *dsi = obj->handle;
+ struct sockaddr_storage client;
+
+ if (!args)
+ return -1;
+
+ strlcpy(buf, args, sizeof(buf));
+ if ((p = strtok_r(buf, ",", &b)) == NULL) /* nothing, return okay */
+ return -1;
+
+ if (obj->proto != AFPPROTO_DSI)
+ return -1;
+
+ while (p) {
+ int ret;
+ char *ipaddr, *mask_char;
+ struct addrinfo hints, *ai;
+
+ ipaddr = strtok(p, "/");
+ mask_char = strtok(NULL,"/");
+
+ /* Get address from string with getaddrinfo */
+ memset(&hints, 0, sizeof hints);
+ hints.ai_family = AF_UNSPEC;
+ hints.ai_socktype = SOCK_STREAM;
+ if ((ret = getaddrinfo(ipaddr, NULL, &hints, &ai)) != 0) {
+ LOG(log_error, logtype_afpd, "hostaccessvol: getaddrinfo: %s\n", gai_strerror(ret));
+ continue;
+ }
+
+ /* netmask */
+ if (mask_char != NULL)
+ mask_int = atoi(mask_char); /* apply_ip_mask does range checking on it */
+ else {
+ if (ai->ai_family == AF_INET) /* IPv4 */
+ mask_int = 32;
+ else /* IPv6 */
+ mask_int = 128;
+ }
+
+ /* Apply mask to addresses */
+ client = dsi->client;
+ apply_ip_mask((struct sockaddr *)&client, mask_int);
+ apply_ip_mask(ai->ai_addr, mask_int);
+
+ if (compare_ip((struct sockaddr *)&client, ai->ai_addr) == 0) {
+ if (type == VOLOPT_DENIED_HOSTS)
+ LOG(log_info, logtype_afpd, "AFP access denied for client IP '%s' to volume '%s' by denied list",
+ getip_string((struct sockaddr *)&client), volname);
+ freeaddrinfo(ai);
+ return 1;
+ }
+
+ /* next address */
+ freeaddrinfo(ai);
+ p = strtok_r(NULL, ",", &b);
+ }
+
+ if (type == VOLOPT_ALLOWED_HOSTS)
+ LOG(log_info, logtype_afpd, "AFP access denied for client IP '%s' to volume '%s', not in allowed list",
+ getip_string((struct sockaddr *)&dsi->client), volname);
+ return 0;
+}
+
+static void setextmap(char *ext, char *type, char *creator, int user)