]>
Commit | Line | Data |
---|---|---|
7bafbb87 | 1 | diff -Nru tcp_wrappers_7.6/hosts_access.5 tcp_wrappers_7.6.new/hosts_access.5 |
2 | --- tcp_wrappers_7.6/hosts_access.5 Thu Feb 8 07:42:23 2001 | |
3 | +++ tcp_wrappers_7.6.new/hosts_access.5 Thu Feb 8 07:44:42 2001 | |
4 | @@ -96,6 +96,12 @@ | |
5 | address. For example, the [net]/prefixlen pattern | |
6 | `[3ffe:505:2:1::]/64\' matches every address in the range | |
7 | `3ffe:505:2:1::\' through `3ffe:505:2:1:ffff:ffff:ffff:ffff\'. | |
8 | +A string that begins with a `/\' character is treated as a file | |
9 | +name. A host name or address is matched if it matches any host name | |
10 | +or address pattern listed in the named file. The file format is | |
11 | +zero or more lines with zero or more host name or address patterns | |
12 | +separated by whitespace. A file name pattern can be used anywhere | |
13 | +a host name or address pattern can be used. | |
14 | .SH WILDCARDS | |
15 | The access control language supports explicit wildcards: | |
16 | .IP ALL | |
17 | diff -Nru tcp_wrappers_7.6/hosts_access.c tcp_wrappers_7.6.new/hosts_access.c | |
18 | --- tcp_wrappers_7.6/hosts_access.c Thu Feb 8 07:42:23 2001 | |
19 | +++ tcp_wrappers_7.6.new/hosts_access.c Thu Feb 8 07:41:30 2001 | |
20 | @@ -253,6 +253,26 @@ | |
21 | } | |
22 | } | |
23 | ||
24 | +/* hostfile_match - look up host patterns from file */ | |
25 | + | |
26 | +static int hostfile_match(path, host) | |
27 | +char *path; | |
28 | +struct hosts_info *host; | |
29 | +{ | |
30 | + char tok[BUFSIZ]; | |
31 | + int match = NO; | |
32 | + FILE *fp; | |
33 | + | |
34 | + if ((fp = fopen(path, "r")) != 0) { | |
35 | + while (fscanf(fp, "%s", tok) == 1 && !(match = host_match(tok, host))) | |
36 | + /* void */ ; | |
37 | + fclose(fp); | |
38 | + } else if (errno != ENOENT) { | |
39 | + tcpd_warn("open %s: %m", path); | |
40 | + } | |
41 | + return (match); | |
42 | +} | |
43 | + | |
44 | /* host_match - match host name and/or address against pattern */ | |
45 | ||
46 | static int host_match(tok, host) | |
47 | @@ -280,6 +300,8 @@ | |
48 | tcpd_warn("netgroup support is disabled"); /* not tcpd_jump() */ | |
49 | return (NO); | |
50 | #endif | |
51 | + } else if (tok[0] == '/') { /* /file hack */ | |
52 | + return (hostfile_match(tok, host)); | |
53 | } else if (STR_EQ(tok, "KNOWN")) { /* check address and name */ | |
54 | char *name = eval_hostname(host); | |
55 | return (STR_NE(eval_hostaddr(host), unknown) && HOSTNAME_KNOWN(name)); |