1 /* 2 * This module implements a simple access control language that is based on 3 * host (or domain) names, NIS (host) netgroup names, IP addresses (or 4 * network numbers) and daemon process names. When a match is found the 5 * search is terminated, and depending on whether PROCESS_OPTIONS is defined, 6 * a list of options is executed or an optional shell command is executed. 7 * 8 * Host and user names are looked up on demand, provided that suitable endpoint 9 * information is available as sockaddr_in structures or TLI netbufs. As a 10 * side effect, the pattern matching process may change the contents of 11 * request structure fields. 12 * 13 * Diagnostics are reported through syslog(3). 14 * 15 * Compile with -DNETGROUP if your library provides support for netgroups. 16 * 17 * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. 18 * |
19 * $FreeBSD: head/contrib/tcp_wrappers/hosts_access.c 146187 2005-05-13 16:31:11Z ume $ |
20 */ 21 22#ifndef lint 23static char sccsid[] = "@(#) hosts_access.c 1.21 97/02/12 02:13:22"; 24#endif 25 26/* System libraries. */ 27 --- 333 unchanged lines hidden (view full) --- 361 memcpy(&pat, res->ai_addr, sizeof(pat)); 362 freeaddrinfo(res); 363 } 364 tok[len - 1] = ch; 365 if (ret != 0 || getaddrinfo(string, NULL, &hints, &res) != 0) 366 return NO; 367 memcpy(&addr, res->ai_addr, sizeof(addr)); 368 freeaddrinfo(res); |
369 if (pat.sin6_scope_id != 0 && 370 addr.sin6_scope_id != pat.sin6_scope_id) 371 return NO; |
372 return (!memcmp(&pat.sin6_addr, &addr.sin6_addr, 373 sizeof(struct in6_addr))); 374 return (ret); 375 } 376#endif 377 return (STR_EQ(tok, string)); 378 } 379} --- 85 unchanged lines hidden (view full) --- 465 return NO; 466 } 467 memcpy(&net, res->ai_addr, sizeof(net)); 468 freeaddrinfo(res); 469 net_tok[len - 1] = ch; 470 if ((mask_len = atoi(mask_tok)) < 0 || mask_len > 128) 471 return NO; 472 |
473 if (net.sin6_scope_id != 0 && addr.sin6_scope_id != net.sin6_scope_id) 474 return NO; |
475 while (mask_len > 0) { 476 if (mask_len < 32) { 477 mask = htonl(~(0xffffffff >> mask_len)); 478 if ((*(u_int32_t *)&addr.sin6_addr.s6_addr[i] & mask) != (*(u_int32_t *)&net.sin6_addr.s6_addr[i] & mask)) 479 return NO; 480 break; 481 } 482 if (*(u_int32_t *)&addr.sin6_addr.s6_addr[i] != *(u_int32_t *)&net.sin6_addr.s6_addr[i]) 483 return NO; 484 i += 4; 485 mask_len -= 32; 486 } 487 return YES; 488} 489#endif /* INET6 */ |