Bug #14299

IPv6 / AAAA dns records not supported?

Added by old_intimus about 17 years ago. Updated about 15 years ago.

Status:
Closed
Priority:
Should have
Category:
Backend API
Target version:
-
Start date:
2004-08-31
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
3.8.0rc1
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Our webserver address has both an A and an AAAA record. Browsers prefer using the IPv6 (AAAA) record, which results in the impossiblity of logging into the backend. When manually using the IPv4 address instead of the DNS name, FE login works.

(issue imported from #M331)


Files

class.t3lib_div.php.ipv6.patch (3.87 KB) class.t3lib_div.php.ipv6.patch Administrator Admin, 2005-04-19 00:15
t3lib_div_ipv6.patch (6 KB) t3lib_div_ipv6.patch Administrator Admin, 2006-03-01 23:47
match_ipv6.diff (5.67 KB) match_ipv6.diff Administrator Admin, 2006-03-07 10:43

Related issues

Has duplicate TYPO3 Core - Feature #15677: t3lib::cmpIP matches only IPv4 Addresses and not IPv6 AddressesClosedMichael Stucki2006-02-20

Actions
#1

Updated by Ingmar Schlecht about 17 years ago

Could you please try if disabling the IPLock for your backend user works?

Of course that would just be a workaround, but it if did work, we would at least know what is causing the problem.

#2

Updated by Michael Stucki about 17 years ago

Obviously the function t3lib_div::cmpIP() is not (yet) IPv6 compatible.

However this requires that you have set at least one of:
[BE][IPmaskList]
[BE][enabledBeUserIPLock]
[FE][IPmaskMountGroup]
config.beLoginLinkIPList (in template setup)

Can you please check this?

#3

Updated by Sven Wilhelm about 17 years ago

IPv6 address using '":" for block separation. Also they can be written in short terms like 43FB::BB3F:A0A0:0 which means 43FB:0000:0000:0000:0000:BB3F:A0A0:0000

That has to be solved for IPv6 compatibility. More informations on IPv6 at http://www.raiden.net/techhelp/intro-ipv6.htm or http://www.benedikt-stockebrand.de/

#4

Updated by old_intimus about 17 years ago

Set [BE][enabledBeUserIPLock] = 0
Also set [FE][lockIP] = 0.
[BE][IPmaskList] =
(so IPmaskList is empty).

Still, I can't login to the FE. Whenever trying to login, I get the message "Your login attempt did not succeed. Make sure to spell your username and password correctly, including upper/lowercase characters."

When using the V4 instead of the V6 address, everything seems to work fine.

Could this also mean that the cookie handling doesn't support V6? I'm not too familiar with the TYPO3 framework, so I'm just speculating...

Here's the localconf (or parts of it):
$TYPO3_CONF_VARS["GFX"]["gdlib_png"] = '1'; // Modified or inserted by TYPO3 Install Tool.
$TYPO3_CONF_VARS["GFX"]["im"] = '1'; // Modified or inserted by TYPO3 Install Tool.
$TYPO3_CONF_VARS["GFX"]["im_combine_filename"] = 'composite'; // Modified or inserted by TYPO3 Install Tool.
$TYPO3_CONF_VARS["GFX"]["im_path"] = ''; // Modified or inserted by TYPO3 Install Tool.
$TYPO3_CONF_VARS["GFX"]["im_path_lzw"] = ''; // Modified or inserted by TYPO3 Install Tool.
$TYPO3_CONF_VARS["SYS"]["sitename"] = 'Netzwert AG'; // Modified or inserted by TYPO3 Install Tool.
// Updated by TYPO3 Install Tool 31-08-2004 15:50:03

$TYPO3_CONF_VARS['EXT']['extConf']['templavoila'] = 'a:1:{s:7:"enable.";a:1:{s:20:"pageTemplateSelector";s:1:"1";}}'; // Modified or insert
ed by TYPO3 Extension Manager.
$TYPO3_CONF_VARS['EXT']['extList'] = 'css_styled_content,tsconfig_help,context_help,extra_page_cm_options,rte,impexp,sys_note,tstemplate,tstem
plate_ceditor,tstemplate_info,tstemplate_objbrowser,tstemplate_analyzer,tstemplate_styler,func_wizards,wizard_crpages,wizard_sortpages,lowleve
l,install,belog,beuser,phpmyadmin,aboutmodules,imagelist,setup,taskcenter,sys_notepad,taskcenter_recent,taskcenter_rootlist,info_pagetsconfig,
viewpage,templavoila,lorem_ipsum,rte_chooser'; // Modified or inserted by TYPO3 Extension Manager.
$TYPO3_CONF_VARS['EXT']['extConf']['css_styled_content'] = 'a:1:{s:15:"setPageTSconfig";s:1:"1";}'; // Modified or inserted by TYPO3 Ext
ension Manager.
// Updated by TYPO3 Extension Manager 03-09-2004 14:44:35
// Updated by TYPO3 Install Tool 03-09-2004 17:46:18
// Updated by TYPO3 Extension Manager 06-09-2004 18:18:59
$TYPO3_CONF_VARS["BE"]["enabledBeUserIPLock"] = '0'; // Modified or inserted by TYPO3 Install Tool.
$TYPO3_CONF_VARS["FE"]["lockIP"] = '0'; // Modified or inserted by TYPO3 Install Tool.

#5

Updated by Michael Stucki about 17 years ago

Fine, thanks for the information. I think you mean that you "cannot login to the BE" not FE...(?)

Can you please run some tests:

- make a backup of your typo3/index.php and edit the file
- in the function checkRedirect() comment out the first if() statement (the long line) and replace it with something like this:

if(1==1)

So this will always return true. Does this help?

Please note that this is NOT the solution nor a workaround, it's just to locate where the problem resides...

- michael

#6

Updated by old_intimus about 17 years ago

Sorry for mixing up FE and BE. You're right - I obviously menat BE...

Commented out the first if line and replaced it by "if (1==1) {" in typo3/index.php

Now, I get a "Login-error:

Yeah, that's a classic. No cookies, no TYPO3.

Please accept cookies from TYPO3 - otherwise you'll not be able to use the system."

When reloading, the error changes to "Login-error
No user logged in! Sorry, I can't proceed then!
(You must have cookies enabled!)"

#7

Updated by Sven Wilhelm about 17 years ago

will need some time to fix ipv6 complete
writing a static function checkValidIPv6($ip) for validating a given address against a set of ipv6 regular expressions

#8

Updated by old_void over 16 years ago

I might also be experiencing a problem related to this bug. My BE admin was working fine until recently untill the sessions started timing out prematurely. I now get the classic "No user logged in! Sorry, ..." message.

Im thinking that my hosting provider has changed something (perhaps to IPv6 ) which ahs caused this. Is this a possibility?

Has this been resolved yet. I'm using v3.7.0

#9

Updated by old_intimus over 16 years ago

Workaround: Disable IP Lock for user. It then works with IPv6 in 3.7 (didn't verify in 3.6).

#10

Updated by old_void over 16 years ago

Violla! Thanks so much

I added ["BE"]["lockIP"] = '0' and ["BE"]["enabledBeUserIPLock"] = '0' to my localconfig and now I can work in the BE again.

Will there be a fix to 3.7.1?

#11

Updated by Michael Stucki over 16 years ago

I don't think that this will make it into 3.7.1 (use the work-around so long) but in 3.8 this should definitely be solved!

However there's no patch yet... - Sven, are you reading this?

#12

Updated by Sven Wilhelm over 16 years ago

validateIPv6 and normalizeIPv6 are written, compIPv6 should be ready at 16.03.
I will create a diff when sf.net cvs is back.

#13

Updated by Matthias Kall over 16 years ago

I've had the same problem with TYPO 3.7.0.
It's solved by extending the field length of the session logging in the fe_sessions and be_sessions tables
ALTER TABLE `be_sessions` CHANGE `ses_iplock` `ses_iplock` VARCHAR(39) NOT NULL ALTER TABLE `fe_sessions` CHANGE `ses_iplock` `ses_iplock` VARCHAR(39) NOT NULL <code> Normally they are varchar(15) which is to short for IPv6 Adresses.

#14

Updated by Michael Stucki over 16 years ago

Hi Sven, can you please add the patches here?
Thanks! michael

#15

Updated by Michael Stucki over 16 years ago

@matthiaskall: I have changed the DB field length in 3.8.0beta2

#16

Updated by Sven Wilhelm over 16 years ago

Added class.t3lib_div.php.ipv6.patch

IMPORTANT!!!!
Patch is NOT ready yet. It's the first part, if anyone has time to proceed please do it, I'm under heavy load at the moment.

function normalizeIPv6($address) - Finished
function validIPv6($ip) - Finished
function cmpIPv6($baseIP, $list) - Most to write

Idea is NOT to mix the code for IPv4 and IPv6 because IPv6 could get complex. The cmpIPv6 code should be implemented to check against a full address and /48 /64 prefixes, that should be enough for first release.

#17

Updated by Sven Wilhelm over 15 years ago

  • cmpIP is now a wrapper to cmpIPv4 and cmpIPv6
  • cmpIPv4: old name cmpIP
  • added new methods:
    -> IPv6Hex2Bin
    -> normalizeIPv6
    -> validIPv6

Only testing for /48 and /64 prefixes or full 128 bit IPv6 addresses. IPv6 does not support flexible subnetting. Later cmpIPv6 should be improved to test also for special IPv6 addresses with IPv4 subpart.

#18

Updated by Michael Stucki over 15 years ago

Thanks Sven for fixing this. I have made a patch that integrates your latest version which you sent me. It will hopefully be accepted for 4.0. Keep you updated...

Also available in: Atom PDF