1 /*
2 * This module implements a simple access control language that is based on
3 * host (or domain) names, NIS (host) netgroup names, IP addresses (or
4 * network numbers) and daemon process names. When a match is found the
5 * search is terminated, and depending on whether PROCESS_OPTIONS is defined,
6 * a list of options is executed or an optional shell command is executed.
7 *
8 * Host and user names are looked up on demand, provided that suitable endpoint
9 * information is available as sockaddr_in structures or TLI netbufs. As a
10 * side effect, the pattern matching process may change the contents of
11 * request structure fields.
12 *
13 * Diagnostics are reported through syslog(3).
14 *
15 * Compile with -DNETGROUP if your library provides support for netgroups.
16 *
17 * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
18 *
19 * $FreeBSD: head/contrib/tcp_wrappers/hosts_access.c 63158 2000-07-14 17:15:34Z ume $
20 */
21
22#ifndef lint
23static char sccsid[] = "@(#) hosts_access.c 1.21 97/02/12 02:13:22";
24#endif
25
26/* System libraries. */
27
--- 333 unchanged lines hidden (view full) ---
361 memcpy(&pat, res->ai_addr, sizeof(pat));
362 freeaddrinfo(res);
363 }
364 tok[len - 1] = ch;
365 if (ret != 0 || getaddrinfo(string, NULL, &hints, &res) != 0)
366 return NO;
367 memcpy(&addr, res->ai_addr, sizeof(addr));
368 freeaddrinfo(res);
369#ifdef NI_WITHSCOPEID
370 if (pat.sin6_scope_id != 0 &&
371 addr.sin6_scope_id != pat.sin6_scope_id)
372 return NO;
373#endif
374 return (!memcmp(&pat.sin6_addr, &addr.sin6_addr,
375 sizeof(struct in6_addr)));
376 return (ret);
377 }
378#endif
379 return (STR_EQ(tok, string));
380 }
381}
--- 85 unchanged lines hidden (view full) ---
467 return NO;
468 }
469 memcpy(&net, res->ai_addr, sizeof(net));
470 freeaddrinfo(res);
471 net_tok[len - 1] = ch;
472 if ((mask_len = atoi(mask_tok)) < 0 || mask_len > 128)
473 return NO;
474
475#ifdef NI_WITHSCOPEID
476 if (net.sin6_scope_id != 0 && addr.sin6_scope_id != net.sin6_scope_id)
477 return NO;
478#endif
479 while (mask_len > 0) {
480 if (mask_len < 32) {
481 mask = htonl(~(0xffffffff >> mask_len));
482 if ((*(u_int32_t *)&addr.sin6_addr.s6_addr[i] & mask) != (*(u_int32_t *)&net.sin6_addr.s6_addr[i] & mask))
483 return NO;
484 break;
485 }
486 if (*(u_int32_t *)&addr.sin6_addr.s6_addr[i] != *(u_int32_t *)&net.sin6_addr.s6_addr[i])
487 return NO;
488 i += 4;
489 mask_len -= 32;
490 }
491 return YES;
492}
493#endif /* INET6 */
2 * This module implements a simple access control language that is based on
3 * host (or domain) names, NIS (host) netgroup names, IP addresses (or
4 * network numbers) and daemon process names. When a match is found the
5 * search is terminated, and depending on whether PROCESS_OPTIONS is defined,
6 * a list of options is executed or an optional shell command is executed.
7 *
8 * Host and user names are looked up on demand, provided that suitable endpoint
9 * information is available as sockaddr_in structures or TLI netbufs. As a
10 * side effect, the pattern matching process may change the contents of
11 * request structure fields.
12 *
13 * Diagnostics are reported through syslog(3).
14 *
15 * Compile with -DNETGROUP if your library provides support for netgroups.
16 *
17 * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
18 *
19 * $FreeBSD: head/contrib/tcp_wrappers/hosts_access.c 63158 2000-07-14 17:15:34Z ume $
20 */
21
22#ifndef lint
23static char sccsid[] = "@(#) hosts_access.c 1.21 97/02/12 02:13:22";
24#endif
25
26/* System libraries. */
27
--- 333 unchanged lines hidden (view full) ---
361 memcpy(&pat, res->ai_addr, sizeof(pat));
362 freeaddrinfo(res);
363 }
364 tok[len - 1] = ch;
365 if (ret != 0 || getaddrinfo(string, NULL, &hints, &res) != 0)
366 return NO;
367 memcpy(&addr, res->ai_addr, sizeof(addr));
368 freeaddrinfo(res);
369#ifdef NI_WITHSCOPEID
370 if (pat.sin6_scope_id != 0 &&
371 addr.sin6_scope_id != pat.sin6_scope_id)
372 return NO;
373#endif
374 return (!memcmp(&pat.sin6_addr, &addr.sin6_addr,
375 sizeof(struct in6_addr)));
376 return (ret);
377 }
378#endif
379 return (STR_EQ(tok, string));
380 }
381}
--- 85 unchanged lines hidden (view full) ---
467 return NO;
468 }
469 memcpy(&net, res->ai_addr, sizeof(net));
470 freeaddrinfo(res);
471 net_tok[len - 1] = ch;
472 if ((mask_len = atoi(mask_tok)) < 0 || mask_len > 128)
473 return NO;
474
475#ifdef NI_WITHSCOPEID
476 if (net.sin6_scope_id != 0 && addr.sin6_scope_id != net.sin6_scope_id)
477 return NO;
478#endif
479 while (mask_len > 0) {
480 if (mask_len < 32) {
481 mask = htonl(~(0xffffffff >> mask_len));
482 if ((*(u_int32_t *)&addr.sin6_addr.s6_addr[i] & mask) != (*(u_int32_t *)&net.sin6_addr.s6_addr[i] & mask))
483 return NO;
484 break;
485 }
486 if (*(u_int32_t *)&addr.sin6_addr.s6_addr[i] != *(u_int32_t *)&net.sin6_addr.s6_addr[i])
487 return NO;
488 i += 4;
489 mask_len -= 32;
490 }
491 return YES;
492}
493#endif /* INET6 */