version 1.19.10.2, 2012/04/23 23:40:41 |
version 1.20, 2012/03/21 10:10:37 |
Line 72 static char sep[] = ", \t\r\n"; |
|
Line 72 static char sep[] = ", \t\r\n"; |
|
* verification mode. |
* verification mode. |
*/ |
*/ |
|
|
char *hosts_allow_table = HOSTS_ALLOW; |
const char *hosts_allow_table = HOSTS_ALLOW; |
char *hosts_deny_table = HOSTS_DENY; |
const char *hosts_deny_table = HOSTS_DENY; |
int hosts_access_verbose = 0; |
int hosts_access_verbose = 0; |
|
|
/* |
/* |
Line 84 int resident = (-1); /* -1, 0: unkn |
|
Line 84 int resident = (-1); /* -1, 0: unkn |
|
|
|
/* Forward declarations. */ |
/* Forward declarations. */ |
|
|
static int table_match __P((char *, struct request_info *)); |
static int table_match(const char *, struct request_info *); |
static int list_match __P((char *, struct request_info *, |
static int list_match(char *, struct request_info *, |
int (*)(char *, struct request_info *))); |
int (*)(char *, struct request_info *)); |
static int server_match __P((char *, struct request_info *)); |
static int server_match(char *, struct request_info *); |
static int client_match __P((char *, struct request_info *)); |
static int client_match(char *, struct request_info *); |
static int host_match __P((char *, struct host_info *)); |
static int host_match(char *, struct host_info *); |
static int hostfile_match __P((char *, struct host_info *)); |
static int hostfile_match(char *, struct host_info *); |
static int rbl_match __P((char *, char *)); |
static int rbl_match(char *, char *); |
static int string_match __P((char *, char *)); |
static int string_match(char *, char *); |
static int masked_match __P((char *, char *, char *)); |
static int masked_match(char *, char *, char *); |
static int masked_match4 __P((char *, char *, char *)); |
static int masked_match4(char *, char *, char *); |
#ifdef INET6 |
#ifdef INET6 |
static int masked_match6 __P((char *, char *, char *)); |
static int masked_match6(char *, char *, char *); |
#endif |
#endif |
|
|
/* Size of logical line buffer. */ |
/* Size of logical line buffer. */ |
Line 105 static int masked_match6 __P((char *, ch |
|
Line 105 static int masked_match6 __P((char *, ch |
|
|
|
/* hosts_access - host access control facility */ |
/* hosts_access - host access control facility */ |
|
|
int hosts_access(request) |
int |
struct request_info *request; |
hosts_access(struct request_info *request) |
{ |
{ |
int verdict; |
int verdict; |
|
|
Line 139 struct request_info *request; |
|
Line 139 struct request_info *request; |
|
|
|
/* table_match - match table entries with (daemon, client) pair */ |
/* table_match - match table entries with (daemon, client) pair */ |
|
|
static int table_match(table, request) |
static int |
char *table; |
table_match(const char *table, struct request_info *request) |
struct request_info *request; |
|
{ |
{ |
FILE *fp; |
FILE *fp; |
char sv_list[BUFLEN]; /* becomes list of daemons */ |
char sv_list[BUFLEN]; /* becomes list of daemons */ |
Line 198 struct request_info *request; |
|
Line 197 struct request_info *request; |
|
|
|
/* list_match - match a request against a list of patterns with exceptions */ |
/* list_match - match a request against a list of patterns with exceptions */ |
|
|
static int list_match(list, request, match_fn) |
static int |
char *list; |
list_match(char *list, struct request_info *request, |
struct request_info *request; |
int (*match_fn)(char *, struct request_info *)) |
int (*match_fn) __P((char *, struct request_info *)); |
|
{ |
{ |
char *tok; |
char *tok; |
static char *last; |
static char *last; |
Line 234 int (*match_fn) __P((char *, struct re |
|
Line 232 int (*match_fn) __P((char *, struct re |
|
|
|
/* server_match - match server information */ |
/* server_match - match server information */ |
|
|
static int server_match(tok, request) |
static int |
char *tok; |
server_match(char *tok, struct request_info *request) |
struct request_info *request; |
|
{ |
{ |
char *host; |
char *host; |
|
|
Line 250 struct request_info *request; |
|
Line 247 struct request_info *request; |
|
|
|
/* client_match - match client information */ |
/* client_match - match client information */ |
|
|
static int client_match(tok, request) |
static int |
char *tok; |
client_match(char *tok, struct request_info *request) |
struct request_info *request; |
|
{ |
{ |
char *host; |
char *host; |
|
|
Line 266 struct request_info *request; |
|
Line 262 struct request_info *request; |
|
|
|
/* host_match - match host name and/or address against pattern */ |
/* host_match - match host name and/or address against pattern */ |
|
|
static int host_match(tok, host) |
static int |
char *tok; |
host_match(char *tok, struct host_info *host) |
struct host_info *host; |
|
{ |
{ |
char *mask; |
char *mask; |
|
|
Line 311 struct host_info *host; |
|
Line 306 struct host_info *host; |
|
|
|
/* hostfile_match - look up host patterns from file */ |
/* hostfile_match - look up host patterns from file */ |
|
|
static int hostfile_match(path, host) |
static int |
char *path; |
hostfile_match(char *path, struct host_info *host) |
struct host_info *host; |
|
{ |
{ |
char tok[BUFSIZ]; |
char tok[BUFSIZ]; |
int match = NO; |
int match = NO; |
Line 331 struct host_info *host; |
|
Line 325 struct host_info *host; |
|
|
|
/* rbl_match() - match host by looking up in RBL domain */ |
/* rbl_match() - match host by looking up in RBL domain */ |
|
|
static int rbl_match(rbl_domain, rbl_hostaddr) |
static int |
char *rbl_domain; /* RBL domain */ |
rbl_match( |
char *rbl_hostaddr; /* hostaddr */ |
char *rbl_domain, /* RBL domain */ |
|
char *rbl_hostaddr) /* hostaddr */ |
{ |
{ |
char *rbl_name; |
char *rbl_name; |
unsigned long host_address; |
unsigned long host_address; |
Line 368 char *rbl_hostaddr; /* hostaddr */ |
|
Line 363 char *rbl_hostaddr; /* hostaddr */ |
|
|
|
/* string_match - match string against pattern */ |
/* string_match - match string against pattern */ |
|
|
static int string_match(tok, string) |
static int |
char *tok; |
string_match(char *tok, char *string) |
char *string; |
|
{ |
{ |
int n; |
int n; |
|
|
|
|
|
|
/* masked_match - match address against netnumber/netmask */ |
/* masked_match - match address against netnumber/netmask */ |
|
|
static int masked_match(net_tok, mask_tok, string) |
static int |
char *net_tok; |
masked_match(char *net_tok, char *mask_tok, char *string) |
char *mask_tok; |
|
char *string; |
|
{ |
{ |
#ifndef INET6 |
#ifndef INET6 |
return masked_match4(net_tok, mask_tok, string); |
return masked_match4(net_tok, mask_tok, string); |
|
|
* If we could get rid of shortened IPv4 form, we could just always use |
* If we could get rid of shortened IPv4 form, we could just always use |
* masked_match6(). |
* masked_match6(). |
*/ |
*/ |
if (dot_quad_addr(net_tok, NULL) != INADDR_NONE && |
if (dot_quad_addr(net_tok, NULL) != -1 && |
dot_quad_addr(mask_tok, NULL) != INADDR_NONE && |
dot_quad_addr(mask_tok, NULL) != -1 && |
dot_quad_addr(string, NULL) != INADDR_NONE) { |
dot_quad_addr(string, NULL) != -1) { |
return masked_match4(net_tok, mask_tok, string); |
return masked_match4(net_tok, mask_tok, string); |
} else |
} else |
return masked_match6(net_tok, mask_tok, string); |
return masked_match6(net_tok, mask_tok, string); |
#endif |
#endif |
} |
} |
|
|
static int masked_match4(net_tok, mask_tok, string) |
static int |
char *net_tok; |
masked_match4(char *net_tok, char *mask_tok, char *string) |
char *mask_tok; |
|
char *string; |
|
{ |
{ |
unsigned long net; |
unsigned long net; |
unsigned long mask; |
unsigned long mask; |
|
|
} |
} |
|
|
#ifdef INET6 |
#ifdef INET6 |
static int masked_match6(net_tok, mask_tok, string) |
static int |
char *net_tok; |
masked_match6(char *net_tok, char *mask_tok, char *string) |
char *mask_tok; |
|
char *string; |
|
{ |
{ |
union { |
union { |
struct sockaddr sa; |
struct sockaddr sa; |
|
|
struct addrinfo hints, *res; |
struct addrinfo hints, *res; |
unsigned long masklen; |
unsigned long masklen; |
char *ep; |
char *ep; |
int i; |
size_t i; |
char *np, *mp, *ap; |
char *np, *mp, *ap; |
int alen; |
size_t alen; |
|
|
memset(&hints, 0, sizeof(hints)); |
memset(&hints, 0, sizeof(hints)); |
hints.ai_family = PF_UNSPEC; |
hints.ai_family = PF_UNSPEC; |