access control: also include ipv6 in 'all'

Net::IP objects are bound to a version - 0/0 is treated as ipv4 only.
If 'all' is present in the allow_from/deny_from list we should also
add ::/0 for matching all ipv6 addresses.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>

diff --git a/PVE/APIServer/Utils.pm b/PVE/APIServer/Utils.pm
index 8470f803425b89ac06cbb5e8f6cd45f218cf5dbc..449d764fd1b153572c4f6cb617e643cfbbfbe843 100644 (file)
--- a/PVE/APIServer/Utils.pm
+++ b/PVE/APIServer/Utils.pm
@@ -33,7 +33,11 @@ sub read_proxy_config {
        if ($key eq 'ALLOW_FROM' || $key eq 'DENY_FROM') {
            my $ips = [];
            foreach my $ip (split(/,/, $value)) {
-               $ip = "0/0" if $ip eq 'all';
+               if ($ip eq 'all') {
+                   push @$ips, Net::IP->new('0/0') || die Net::IP::Error() . "\n";
+                   push @$ips, Net::IP->new('::/0') || die Net::IP::Error() . "\n";
+                   next;
+               }
                push @$ips, Net::IP->new(normalize_v4_in_v6($ip)) || die Net::IP::Error() . "\n";
            }
            $res->{$key} = $ips;