|
|
e615632 |
diff -up tcp_wrappers_7.6/hosts_access.5.patch5 tcp_wrappers_7.6/hosts_access.5
|
|
|
e615632 |
--- tcp_wrappers_7.6/hosts_access.5.patch5 1995-01-30 19:51:47.000000000 +0100
|
|
|
e615632 |
+++ tcp_wrappers_7.6/hosts_access.5 2008-08-29 09:45:12.000000000 +0200
|
|
|
e615632 |
@@ -89,6 +89,13 @@ An expression of the form `n.n.n.n/m.m.m
|
|
|
e615632 |
bitwise AND of the address and the `mask\'. For example, the net/mask
|
|
|
e615632 |
pattern `131.155.72.0/255.255.254.0\' matches every address in the
|
|
|
e615632 |
range `131.155.72.0\' through `131.155.73.255\'.
|
|
|
e615632 |
+.IP \(bu
|
|
|
e615632 |
+A string that begins with a `/\' character is treated as a file
|
|
|
e615632 |
+name. A host name or address is matched if it matches any host name
|
|
|
e615632 |
+or address pattern listed in the named file. The file format is
|
|
|
e615632 |
+zero or more lines with zero or more host name or address patterns
|
|
|
e615632 |
+separated by whitespace. A file name pattern can be used anywhere
|
|
|
e615632 |
+a host name or address pattern can be used.
|
|
|
e615632 |
.SH WILDCARDS
|
|
|
e615632 |
The access control language supports explicit wildcards:
|
|
|
e615632 |
.IP ALL
|
|
|
e615632 |
diff -up tcp_wrappers_7.6/hosts_access.c.patch5 tcp_wrappers_7.6/hosts_access.c
|
|
|
e615632 |
--- tcp_wrappers_7.6/hosts_access.c.patch5 1997-02-12 02:13:23.000000000 +0100
|
|
|
e615632 |
+++ tcp_wrappers_7.6/hosts_access.c 2008-08-29 09:45:12.000000000 +0200
|
|
|
e615632 |
@@ -240,6 +240,26 @@ struct request_info *request;
|
|
cvsdist |
9200525 |
}
|
|
cvsdist |
9200525 |
}
|
|
cvsdist |
9200525 |
|
|
cvsdist |
9200525 |
+/* hostfile_match - look up host patterns from file */
|
|
cvsdist |
9200525 |
+
|
|
cvsdist |
9200525 |
+static int hostfile_match(path, host)
|
|
cvsdist |
9200525 |
+char *path;
|
|
cvsdist |
9200525 |
+struct hosts_info *host;
|
|
cvsdist |
9200525 |
+{
|
|
cvsdist |
9200525 |
+ char tok[BUFSIZ];
|
|
cvsdist |
9200525 |
+ int match = NO;
|
|
cvsdist |
9200525 |
+ FILE *fp;
|
|
cvsdist |
9200525 |
+
|
|
cvsdist |
9200525 |
+ if ((fp = fopen(path, "r")) != 0) {
|
|
cvsdist |
9200525 |
+ while (fscanf(fp, "%s", tok) == 1 && !(match = host_match(tok, host)))
|
|
cvsdist |
9200525 |
+ /* void */ ;
|
|
cvsdist |
9200525 |
+ fclose(fp);
|
|
cvsdist |
9200525 |
+ } else if (errno != ENOENT) {
|
|
cvsdist |
9200525 |
+ tcpd_warn("open %s: %m", path);
|
|
cvsdist |
9200525 |
+ }
|
|
cvsdist |
9200525 |
+ return (match);
|
|
cvsdist |
9200525 |
+}
|
|
cvsdist |
9200525 |
+
|
|
cvsdist |
9200525 |
/* host_match - match host name and/or address against pattern */
|
|
cvsdist |
9200525 |
|
|
cvsdist |
9200525 |
static int host_match(tok, host)
|
|
|
e615632 |
@@ -267,6 +287,8 @@ struct host_info *host;
|
|
cvsdist |
9200525 |
tcpd_warn("netgroup support is disabled"); /* not tcpd_jump() */
|
|
cvsdist |
9200525 |
return (NO);
|
|
cvsdist |
9200525 |
#endif
|
|
cvsdist |
9200525 |
+ } else if (tok[0] == '/') { /* /file hack */
|
|
cvsdist |
9200525 |
+ return (hostfile_match(tok, host));
|
|
cvsdist |
9200525 |
} else if (STR_EQ(tok, "KNOWN")) { /* check address and name */
|
|
cvsdist |
9200525 |
char *name = eval_hostname(host);
|
|
cvsdist |
9200525 |
return (STR_NE(eval_hostaddr(host), unknown) && HOSTNAME_KNOWN(name));
|