diff options
| author | shin <shin@FreeBSD.org> | 2000-02-03 10:27:03 +0000 |
|---|---|---|
| committer | shin <shin@FreeBSD.org> | 2000-02-03 10:27:03 +0000 |
| commit | 225d233deb08e4006d8cabd0a6572f76d729f90d (patch) | |
| tree | 5e244ba219acd7cbeb17a0c5dc92b62227ab2828 /contrib/tcp_wrappers/tcpdmatch.c | |
| parent | 22aa8f5f0343020efcf93d4ebc043c5f558995d5 (diff) | |
| download | FreeBSD-src-225d233deb08e4006d8cabd0a6572f76d729f90d.zip FreeBSD-src-225d233deb08e4006d8cabd0a6572f76d729f90d.tar.gz | |
Missing tcp_wrapper IPv6 support seemed to be a bug, so commit it.
Now when tcp_wrapper is enabled by inetd -wW,
several accesses which should be permitted are refused only for IPv6,
if hostname is used to decide the host to be allowed.
IPv6 users will be just upset.
About security related concern.
-All extensions are wrapped by #ifdef INET6, so people can completely
disable the extension by recompile libwrap without INET6 option.
-Access via IPv6 is not enabled by default.
People need to enable IPv6 access by changing /etc/inetd.conf at first,
by adding tcp6 and/or tcp46 entries.
-The base of patches are from KAME package and are actually daily used
for more than a year in several Japanese IPv6 environments.
-Patches are reviewed by markm.
Approved by: jkh
Submitted by: Hajimu UMEMOTO <ume@mahoroba.org>
Reviewed by: markm
Obtained from: KAME project
Diffstat (limited to 'contrib/tcp_wrappers/tcpdmatch.c')
| -rw-r--r-- | contrib/tcp_wrappers/tcpdmatch.c | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/contrib/tcp_wrappers/tcpdmatch.c b/contrib/tcp_wrappers/tcpdmatch.c index b1cf75f2..f8c8dc1 100644 --- a/contrib/tcp_wrappers/tcpdmatch.c +++ b/contrib/tcp_wrappers/tcpdmatch.c @@ -11,6 +11,8 @@ * that would normally be reported via the syslog daemon. * * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. + * + * $FreeBSD$ */ #ifndef lint @@ -68,8 +70,15 @@ char **argv; int ch; char *inetcf = 0; int count; +#ifdef INET6 + struct sockaddr_storage server_sin; + struct sockaddr_storage client_sin; + char *ap; + int alen; +#else struct sockaddr_in server_sin; struct sockaddr_in client_sin; +#endif struct stat st; /* @@ -173,12 +182,35 @@ char **argv; if ((hp = find_inet_addr(server)) == 0) exit(1); memset((char *) &server_sin, 0, sizeof(server_sin)); +#ifdef INET6 + server_sin.ss_family = hp->h_addrtype; + switch (hp->h_addrtype) { + case AF_INET: + ap = (char *)&((struct sockaddr_in *)&server_sin)->sin_addr; + alen = sizeof(struct sockaddr_in); + break; + case AF_INET6: + ap = (char *)&((struct sockaddr_in6 *)&server_sin)->sin6_addr; + alen = sizeof(struct sockaddr_in6); + break; + default: + exit(1); + } +#ifdef SIN6_LEN + server_sin.ss_len = alen; +#endif +#else server_sin.sin_family = AF_INET; +#endif request_set(&request, RQ_SERVER_SIN, &server_sin, 0); for (count = 0; (addr = hp->h_addr_list[count]) != 0; count++) { +#ifdef INET6 + memcpy(ap, addr, alen); +#else memcpy((char *) &server_sin.sin_addr, addr, sizeof(server_sin.sin_addr)); +#endif /* * Force evaluation of server host name and address. Host name @@ -230,12 +262,35 @@ char **argv; if ((hp = find_inet_addr(client)) == 0) exit(1); memset((char *) &client_sin, 0, sizeof(client_sin)); +#ifdef INET6 + client_sin.ss_family = hp->h_addrtype; + switch (hp->h_addrtype) { + case AF_INET: + ap = (char *)&((struct sockaddr_in *)&client_sin)->sin_addr; + alen = sizeof(struct sockaddr_in); + break; + case AF_INET6: + ap = (char *)&((struct sockaddr_in6 *)&client_sin)->sin6_addr; + alen = sizeof(struct sockaddr_in6); + break; + default: + exit(1); + } +#ifdef SIN6_LEN + client_sin.ss_len = alen; +#endif +#else client_sin.sin_family = AF_INET; +#endif request_set(&request, RQ_CLIENT_SIN, &client_sin, 0); for (count = 0; (addr = hp->h_addr_list[count]) != 0; count++) { +#ifdef INET6 + memcpy(ap, addr, alen); +#else memcpy((char *) &client_sin.sin_addr, addr, sizeof(client_sin.sin_addr)); +#endif /* * Force evaluation of client host name and address. Host name |
