tcpdchk.c (51495) | tcpdchk.c (56977) |
---|---|
1 /* 2 * tcpdchk - examine all tcpd access control rules and inetd.conf entries 3 * 4 * Usage: tcpdchk [-a] [-d] [-i inet_conf] [-v] 5 * 6 * -a: complain about implicit "allow" at end of rule. 7 * 8 * -d: rules in current directory. 9 * 10 * -i: location of inetd.conf file. 11 * 12 * -v: show all rules. 13 * 14 * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. 15 * | 1 /* 2 * tcpdchk - examine all tcpd access control rules and inetd.conf entries 3 * 4 * Usage: tcpdchk [-a] [-d] [-i inet_conf] [-v] 5 * 6 * -a: complain about implicit "allow" at end of rule. 7 * 8 * -d: rules in current directory. 9 * 10 * -i: location of inetd.conf file. 11 * 12 * -v: show all rules. 13 * 14 * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. 15 * |
16 * $FreeBSD: head/contrib/tcp_wrappers/tcpdchk.c 51495 1999-09-21 09:09:57Z sheldonh $ | 16 * $FreeBSD: head/contrib/tcp_wrappers/tcpdchk.c 56977 2000-02-03 10:27:03Z shin $ |
17 */ 18 19#ifndef lint 20static char sccsid[] = "@(#) tcpdchk.c 1.8 97/02/12 02:13:25"; 21#endif 22 23/* System libraries. */ 24 25#include <sys/types.h> 26#include <sys/stat.h> | 17 */ 18 19#ifndef lint 20static char sccsid[] = "@(#) tcpdchk.c 1.8 97/02/12 02:13:25"; 21#endif 22 23/* System libraries. */ 24 25#include <sys/types.h> 26#include <sys/stat.h> |
27#ifdef INET6 28#include <sys/socket.h> 29#endif |
|
27#include <netinet/in.h> 28#include <arpa/inet.h> 29#include <stdio.h> 30#include <syslog.h> 31#include <setjmp.h> 32#include <errno.h> 33#include <netdb.h> 34#include <string.h> --- 363 unchanged lines hidden (view full) --- 398 } else if (STR_EQ(pat, "FAIL")) { /* obsolete */ 399 tcpd_warn("FAIL is no longer recognized"); 400 tcpd_warn("(use EXCEPT or DENY instead)"); 401 } else if (reserved_name(pat)) { 402 tcpd_warn("%s: user name may be reserved word", pat); 403 } 404} 405 | 30#include <netinet/in.h> 31#include <arpa/inet.h> 32#include <stdio.h> 33#include <syslog.h> 34#include <setjmp.h> 35#include <errno.h> 36#include <netdb.h> 37#include <string.h> --- 363 unchanged lines hidden (view full) --- 401 } else if (STR_EQ(pat, "FAIL")) { /* obsolete */ 402 tcpd_warn("FAIL is no longer recognized"); 403 tcpd_warn("(use EXCEPT or DENY instead)"); 404 } else if (reserved_name(pat)) { 405 tcpd_warn("%s: user name may be reserved word", pat); 406 } 407} 408 |
409#ifdef INET6 410static int is_inet6_addr(pat) 411 char *pat; 412{ 413 struct in6_addr addr; 414 int len, ret; 415 char ch; 416 417 if (*pat != '[') 418 return (0); 419 len = strlen(pat); 420 if ((ch = pat[len - 1]) != ']') 421 return (0); 422 pat[len - 1] = '\0'; 423 ret = inet_pton(AF_INET6, pat + 1, &addr); 424 pat[len - 1] = ch; 425 return (ret == 1); 426} 427#endif 428 |
|
406/* check_host - criticize host pattern */ 407 408static int check_host(pat) 409char *pat; 410{ 411 char buf[BUFSIZ]; 412 char *mask; 413 int addr_count = 1; --- 30 unchanged lines hidden (view full) --- 444 check_host(cp); 445 } 446 tcpd_context = saved_context; 447 fclose(fp); 448 } else if (errno != ENOENT) { 449 tcpd_warn("open %s: %m", pat); 450 } 451 } else if (mask = split_at(pat, '/')) { /* network/netmask */ | 429/* check_host - criticize host pattern */ 430 431static int check_host(pat) 432char *pat; 433{ 434 char buf[BUFSIZ]; 435 char *mask; 436 int addr_count = 1; --- 30 unchanged lines hidden (view full) --- 467 check_host(cp); 468 } 469 tcpd_context = saved_context; 470 fclose(fp); 471 } else if (errno != ENOENT) { 472 tcpd_warn("open %s: %m", pat); 473 } 474 } else if (mask = split_at(pat, '/')) { /* network/netmask */ |
475#ifdef INET6 476 int mask_len; 477 478 if ((dot_quad_addr(pat) == INADDR_NONE 479 || dot_quad_addr(mask) == INADDR_NONE) 480 && (!is_inet6_addr(pat) 481 || ((mask_len = atoi(mask)) < 0 || mask_len > 128))) 482#else |
|
452 if (dot_quad_addr(pat) == INADDR_NONE 453 || dot_quad_addr(mask) == INADDR_NONE) | 483 if (dot_quad_addr(pat) == INADDR_NONE 484 || dot_quad_addr(mask) == INADDR_NONE) |
485#endif |
|
454 tcpd_warn("%s/%s: bad net/mask pattern", pat, mask); 455 } else if (STR_EQ(pat, "FAIL")) { /* obsolete */ 456 tcpd_warn("FAIL is no longer recognized"); 457 tcpd_warn("(use EXCEPT or DENY instead)"); 458 } else if (reserved_name(pat)) { /* other reserved */ 459 /* void */ ; | 486 tcpd_warn("%s/%s: bad net/mask pattern", pat, mask); 487 } else if (STR_EQ(pat, "FAIL")) { /* obsolete */ 488 tcpd_warn("FAIL is no longer recognized"); 489 tcpd_warn("(use EXCEPT or DENY instead)"); 490 } else if (reserved_name(pat)) { /* other reserved */ 491 /* void */ ; |
492#ifdef INET6 493 } else if (is_inet6_addr(pat)) { /* IPv6 address */ 494 addr_count = 1; 495#endif |
|
460 } else if (NOT_INADDR(pat)) { /* internet name */ 461 if (pat[strlen(pat) - 1] == '.') { 462 tcpd_warn("%s: domain or host name ends in dot", pat); 463 } else if (pat[0] != '.') { 464 addr_count = check_dns(pat); 465 } 466 } else { /* numeric form */ 467 if (STR_EQ(pat, "0.0.0.0") || STR_EQ(pat, "255.255.255.255")) { --- 21 unchanged lines hidden --- | 496 } else if (NOT_INADDR(pat)) { /* internet name */ 497 if (pat[strlen(pat) - 1] == '.') { 498 tcpd_warn("%s: domain or host name ends in dot", pat); 499 } else if (pat[0] != '.') { 500 addr_count = check_dns(pat); 501 } 502 } else { /* numeric form */ 503 if (STR_EQ(pat, "0.0.0.0") || STR_EQ(pat, "255.255.255.255")) { --- 21 unchanged lines hidden --- |