# --- SDE-COPYRIGHT-NOTE-BEGIN --- # This copyright note is auto-generated by ./scripts/Create-CopyPatch. # # Filename: package/.../tcp_wrappers/0005-tcp_wrappers-7.6-wildcard-matching.patch # Copyright (C) 2011 The OpenSDE Project # # More information can be found in the files COPYING and README. # # This patch file is dual-licensed. It is available under the license the # patched project is licensed under, as long as it is an OpenSource license # as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms # of the GNU General Public License as published by the Free Software # Foundation; either version 2 of the License, or (at your option) any later # version. # --- SDE-COPYRIGHT-NOTE-END --- See https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=17847 (Though the original code needs to be patched to be case-insensitive.) --- a/hosts_access.5 +++ b/hosts_access.5 @@ -89,6 +89,10 @@ An expression of the form `n.n.n.n/m.m.m bitwise AND of the address and the `mask\'. For example, the net/mask pattern `131.155.72.0/255.255.254.0\' matches every address in the range `131.155.72.0\' through `131.155.73.255\'. +.IP \(bu +Wildcards `*\' and `?\' can be used to match hostnames or IP addresses. This +method of matching cannot be used in conjunction with `net/mask\' matching, +hostname matching beginning with `.\' or IP address matching ending with `.\'. .SH WILDCARDS The access control language supports explicit wildcards: .IP ALL --- a/hosts_access.c +++ b/hosts_access.c @@ -82,6 +82,7 @@ static int client_match(); static int host_match(); static int string_match(); static int masked_match(); +static int match_pattern_ylo(); /* Size of logical line buffer. */ @@ -289,6 +290,11 @@ char *string; { int n; +#ifndef DISABLE_WILDCARD_MATCHING + if (strchr(tok, '*') || strchr(tok,'?')) { /* contains '*' or '?' */ + return (match_pattern_ylo(string,tok)); + } else +#endif if (tok[0] == '.') { /* suffix */ n = strlen(string) - strlen(tok); return (n > 0 && STR_EQ(tok, string + n)); @@ -329,3 +335,78 @@ char *string; } return ((addr & mask) == net); } + +#ifndef DISABLE_WILDCARD_MATCHING +/* Note: this feature has been adapted in a pretty straightforward way + from Tatu Ylonen's last SSH version under free license by + Pekka Savola . + + Copyright (c) 1995 Tatu Ylonen , Espoo, Finland +*/ + +/* Returns true if the given string matches the pattern (which may contain + ? and * as wildcards), and zero if it does not match. */ + +static int match_pattern_ylo(const char *s, const char *pattern) +{ + char src; + char pat; + while (1) + { + /* If at end of pattern, accept if also at end of string. */ + if (!*pattern) + return !*s; + + /* Process '*'. */ + if (*pattern == '*') + { + /* Skip the asterisk. */ + pattern++; + + /* If at end of pattern, accept immediately. */ + if (!*pattern) + return 1; + + /* If next character in pattern is known, optimize. */ + if (*pattern != '?' && *pattern != '*') + { + /* Look instances of the next character in pattern, and try + to match starting from those. */ + pat = *pattern; + for (; *s; s++) { + src = *s; + if (toupper(src) == toupper(pat) && + match_pattern_ylo(s + 1, pattern + 1)) + return 1; + } + /* Failed. */ + return 0; + } + + /* Move ahead one character at a time and try to match at each + position. */ + for (; *s; s++) + if (match_pattern_ylo(s, pattern)) + return 1; + /* Failed. */ + return 0; + } + + /* There must be at least one more character in the string. If we are + at the end, fail. */ + if (!*s) + return 0; + + /* Check if the next character of the string is acceptable. */ + pat = *pattern; + src = *s; + if (*pattern != '?' && toupper(pat) != toupper(src)) + return 0; + + /* Move to the next character, both in string and in pattern. */ + s++; + pattern++; + } + /*NOTREACHED*/ +} +#endif /* DISABLE_WILDCARD_MATCHING */