]>
Commit | Line | Data |
---|---|---|
7bafbb87 | 1 | diff -Nru tcp_wrappers_7.6/hosts_access.5 tcp_wrappers_7.6.new/hosts_access.5 |
2 | --- tcp_wrappers_7.6/hosts_access.5 Thu Feb 8 07:47:40 2001 | |
3 | +++ tcp_wrappers_7.6.new/hosts_access.5 Thu Feb 8 07:47:18 2001 | |
4 | @@ -102,6 +102,10 @@ | |
5 | zero or more lines with zero or more host name or address patterns | |
6 | separated by whitespace. A file name pattern can be used anywhere | |
7 | a host name or address pattern can be used. | |
8 | +.IP \(bu | |
9 | +Wildcards `*\' and `?\' can be used to match hostnames or IP addresses. This | |
10 | +method of matching cannot be used in conjunction with `net/mask\' matching, | |
11 | +hostname matching beginning with `.\' or IP address matching ending with `.\'. | |
12 | .SH WILDCARDS | |
13 | The access control language supports explicit wildcards: | |
14 | .IP ALL | |
15 | diff -Nru tcp_wrappers_7.6/hosts_access.c tcp_wrappers_7.6.new/hosts_access.c | |
16 | --- tcp_wrappers_7.6/hosts_access.c Thu Feb 8 07:47:40 2001 | |
17 | +++ tcp_wrappers_7.6.new/hosts_access.c Thu Feb 8 07:51:02 2001 | |
18 | @@ -324,6 +324,11 @@ | |
19 | { | |
20 | int n; | |
21 | ||
22 | +#ifndef DISABLE_WILDCARD_MATCHING | |
23 | + if (strchr(tok, '*') || strchr(tok,'?')) { /* contains '*' or '?' */ | |
24 | + return (match_pattern_ylo(string,tok)); | |
25 | + } else | |
26 | +#endif | |
27 | #ifdef INET6 | |
28 | /* convert IPv4 mapped IPv6 address to IPv4 address */ | |
29 | if (STRN_EQ(string, "::ffff:", 7) | |
30 | @@ -425,6 +430,75 @@ | |
31 | } | |
32 | return ((addr & mask) == net); | |
33 | } | |
34 | + | |
35 | + | |
36 | +#ifndef DISABLE_WILDCARD_MATCHING | |
37 | +/* Note: this feature has been adapted in a pretty straightforward way | |
38 | + from Tatu Ylonen's last SSH version under free license by | |
39 | + Pekka Savola <pekkas@netcore.fi>. | |
40 | + | |
41 | + Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | |
42 | +*/ | |
43 | + | |
44 | +/* Returns true if the given string matches the pattern (which may contain | |
45 | + ? and * as wildcards), and zero if it does not match. */ | |
46 | + | |
47 | +int match_pattern_ylo(const char *s, const char *pattern) | |
48 | +{ | |
49 | + while (1) | |
50 | + { | |
51 | + /* If at end of pattern, accept if also at end of string. */ | |
52 | + if (!*pattern) | |
53 | + return !*s; | |
54 | + | |
55 | + /* Process '*'. */ | |
56 | + if (*pattern == '*') | |
57 | + { | |
58 | + /* Skip the asterisk. */ | |
59 | + pattern++; | |
60 | + | |
61 | + /* If at end of pattern, accept immediately. */ | |
62 | + if (!*pattern) | |
63 | + return 1; | |
64 | + | |
65 | + /* If next character in pattern is known, optimize. */ | |
66 | + if (*pattern != '?' && *pattern != '*') | |
67 | + { | |
68 | + /* Look instances of the next character in pattern, and try | |
69 | + to match starting from those. */ | |
70 | + for (; *s; s++) | |
71 | + if (*s == *pattern && | |
72 | + match_pattern_ylo(s + 1, pattern + 1)) | |
73 | + return 1; | |
74 | + /* Failed. */ | |
75 | + return 0; | |
76 | + } | |
77 | + | |
78 | + /* Move ahead one character at a time and try to match at each | |
79 | + position. */ | |
80 | + for (; *s; s++) | |
81 | + if (match_pattern_ylo(s, pattern)) | |
82 | + return 1; | |
83 | + /* Failed. */ | |
84 | + return 0; | |
85 | + } | |
86 | + | |
87 | + /* There must be at least one more character in the string. If we are | |
88 | + at the end, fail. */ | |
89 | + if (!*s) | |
90 | + return 0; | |
91 | + | |
92 | + /* Check if the next character of the string is acceptable. */ | |
93 | + if (*pattern != '?' && *pattern != *s) | |
94 | + return 0; | |
95 | + | |
96 | + /* Move to the next character, both in string and in pattern. */ | |
97 | + s++; | |
98 | + pattern++; | |
99 | + } | |
100 | + /*NOTREACHED*/ | |
101 | +} | |
102 | +#endif /* DISABLE_WILDCARD_MATCHING */ | |
103 | ||
104 | #ifdef INET6 | |
105 | static int masked_match6(net_tok, mask_tok, string) |