diff options
author | sheldonh <sheldonh@FreeBSD.org> | 1999-09-21 09:09:57 +0000 |
---|---|---|
committer | sheldonh <sheldonh@FreeBSD.org> | 1999-09-21 09:09:57 +0000 |
commit | 54fb6a7e4423b9ae7a86524e539fddb845f42980 (patch) | |
tree | 7344a9023f0f252cf91def1e58d890753d9ec37a /contrib/tcp_wrappers/hosts_access.c | |
parent | eb97f5a4deba0dc534270e6fe9b3c49f35c34f59 (diff) | |
download | FreeBSD-src-54fb6a7e4423b9ae7a86524e539fddb845f42980.zip FreeBSD-src-54fb6a7e4423b9ae7a86524e539fddb845f42980.tar.gz |
Add the ``blacklist'' feature, which allows a path to a filename to
be used as a valid pattern in the access control language.
Patch obtained from ftp://ftp.porcupine.org/pub/security/ .
Requested by: markm
Diffstat (limited to 'contrib/tcp_wrappers/hosts_access.c')
-rw-r--r-- | contrib/tcp_wrappers/hosts_access.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/contrib/tcp_wrappers/hosts_access.c b/contrib/tcp_wrappers/hosts_access.c index 9bdc7bc..27dd81d 100644 --- a/contrib/tcp_wrappers/hosts_access.c +++ b/contrib/tcp_wrappers/hosts_access.c @@ -15,6 +15,8 @@ * Compile with -DNETGROUP if your library provides support for netgroups. * * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. + * + * $FreeBSD$ */ #ifndef lint @@ -240,6 +242,26 @@ struct request_info *request; } } +/* hostfile_match - look up host patterns from file */ + +static int hostfile_match(path, host) +char *path; +struct hosts_info *host; +{ + char tok[BUFSIZ]; + int match = NO; + FILE *fp; + + if ((fp = fopen(path, "r")) != 0) { + while (fscanf(fp, "%s", tok) == 1 && !(match = host_match(tok, host))) + /* void */ ; + fclose(fp); + } else if (errno != ENOENT) { + tcpd_warn("open %s: %m", path); + } + return (match); +} + /* host_match - match host name and/or address against pattern */ static int host_match(tok, host) @@ -267,6 +289,8 @@ struct host_info *host; tcpd_warn("netgroup support is disabled"); /* not tcpd_jump() */ return (NO); #endif + } else if (tok[0] == '/') { /* /file hack */ + return (hostfile_match(tok, host)); } else if (STR_EQ(tok, "KNOWN")) { /* check address and name */ char *name = eval_hostname(host); return (STR_NE(eval_hostaddr(host), unknown) && HOSTNAME_KNOWN(name)); |