1 /*
2 * This module implements a simple access control language that is based on
3 * host (or domain) names, NIS (host) netgroup names, IP addresses (or
4 * network numbers) and daemon process names. When a match is found the
5 * search is terminated, and depending on whether PROCESS_OPTIONS is defined,
6 * a list of options is executed or an optional shell command is executed.
7 *
8 * Host and user names are looked up on demand, provided that suitable endpoint
9 * information is available as sockaddr_in structures or TLI netbufs. As a
10 * side effect, the pattern matching process may change the contents of
11 * request structure fields.
12 *
13 * Diagnostics are reported through syslog(3).
14 *
15 * Compile with -DNETGROUP if your library provides support for netgroups.
16 *
17 * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
18 *
19 * $FreeBSD: head/contrib/tcp_wrappers/hosts_access.c 146187 2005-05-13 16:31:11Z ume $
20 */
21
22#ifndef lint
23static char sccsid[] = "@(#) hosts_access.c 1.21 97/02/12 02:13:22";
24#endif
25
26/* System libraries. */
27
--- 333 unchanged lines hidden (view full) ---
361 memcpy(&pat, res->ai_addr, sizeof(pat));
362 freeaddrinfo(res);
363 }
364 tok[len - 1] = ch;
365 if (ret != 0 || getaddrinfo(string, NULL, &hints, &res) != 0)
366 return NO;
367 memcpy(&addr, res->ai_addr, sizeof(addr));
368 freeaddrinfo(res);
369 if (pat.sin6_scope_id != 0 &&
370 addr.sin6_scope_id != pat.sin6_scope_id)
371 return NO;
372 return (!memcmp(&pat.sin6_addr, &addr.sin6_addr,
373 sizeof(struct in6_addr)));
374 return (ret);
375 }
376#endif
377 return (STR_EQ(tok, string));
378 }
379}
--- 85 unchanged lines hidden (view full) ---
465 return NO;
466 }
467 memcpy(&net, res->ai_addr, sizeof(net));
468 freeaddrinfo(res);
469 net_tok[len - 1] = ch;
470 if ((mask_len = atoi(mask_tok)) < 0 || mask_len > 128)
471 return NO;
472
473 if (net.sin6_scope_id != 0 && addr.sin6_scope_id != net.sin6_scope_id)
474 return NO;
475 while (mask_len > 0) {
476 if (mask_len < 32) {
477 mask = htonl(~(0xffffffff >> mask_len));
478 if ((*(u_int32_t *)&addr.sin6_addr.s6_addr[i] & mask) != (*(u_int32_t *)&net.sin6_addr.s6_addr[i] & mask))
479 return NO;
480 break;
481 }
482 if (*(u_int32_t *)&addr.sin6_addr.s6_addr[i] != *(u_int32_t *)&net.sin6_addr.s6_addr[i])
483 return NO;
484 i += 4;
485 mask_len -= 32;
486 }
487 return YES;
488}
489#endif /* INET6 */
2 * This module implements a simple access control language that is based on
3 * host (or domain) names, NIS (host) netgroup names, IP addresses (or
4 * network numbers) and daemon process names. When a match is found the
5 * search is terminated, and depending on whether PROCESS_OPTIONS is defined,
6 * a list of options is executed or an optional shell command is executed.
7 *
8 * Host and user names are looked up on demand, provided that suitable endpoint
9 * information is available as sockaddr_in structures or TLI netbufs. As a
10 * side effect, the pattern matching process may change the contents of
11 * request structure fields.
12 *
13 * Diagnostics are reported through syslog(3).
14 *
15 * Compile with -DNETGROUP if your library provides support for netgroups.
16 *
17 * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
18 *
19 * $FreeBSD: head/contrib/tcp_wrappers/hosts_access.c 146187 2005-05-13 16:31:11Z ume $
20 */
21
22#ifndef lint
23static char sccsid[] = "@(#) hosts_access.c 1.21 97/02/12 02:13:22";
24#endif
25
26/* System libraries. */
27
--- 333 unchanged lines hidden (view full) ---
361 memcpy(&pat, res->ai_addr, sizeof(pat));
362 freeaddrinfo(res);
363 }
364 tok[len - 1] = ch;
365 if (ret != 0 || getaddrinfo(string, NULL, &hints, &res) != 0)
366 return NO;
367 memcpy(&addr, res->ai_addr, sizeof(addr));
368 freeaddrinfo(res);
369 if (pat.sin6_scope_id != 0 &&
370 addr.sin6_scope_id != pat.sin6_scope_id)
371 return NO;
372 return (!memcmp(&pat.sin6_addr, &addr.sin6_addr,
373 sizeof(struct in6_addr)));
374 return (ret);
375 }
376#endif
377 return (STR_EQ(tok, string));
378 }
379}
--- 85 unchanged lines hidden (view full) ---
465 return NO;
466 }
467 memcpy(&net, res->ai_addr, sizeof(net));
468 freeaddrinfo(res);
469 net_tok[len - 1] = ch;
470 if ((mask_len = atoi(mask_tok)) < 0 || mask_len > 128)
471 return NO;
472
473 if (net.sin6_scope_id != 0 && addr.sin6_scope_id != net.sin6_scope_id)
474 return NO;
475 while (mask_len > 0) {
476 if (mask_len < 32) {
477 mask = htonl(~(0xffffffff >> mask_len));
478 if ((*(u_int32_t *)&addr.sin6_addr.s6_addr[i] & mask) != (*(u_int32_t *)&net.sin6_addr.s6_addr[i] & mask))
479 return NO;
480 break;
481 }
482 if (*(u_int32_t *)&addr.sin6_addr.s6_addr[i] != *(u_int32_t *)&net.sin6_addr.s6_addr[i])
483 return NO;
484 i += 4;
485 mask_len -= 32;
486 }
487 return YES;
488}
489#endif /* INET6 */