Apply IPv6 support patch.
Note that all IPv6 address must be wrapped with square bracket, like: ALL: [::1/128] 127.0.0.1/255.255.255.255 Increase shlib minor. ftp://ftp.kame.net/pub/kame/misc/tcp_wrappers-76-v6-19990831.diff.gz
This commit is contained in:
parent
343d06b5f6
commit
1e8c736a70
|
@ -1,4 +1,4 @@
|
||||||
# $NetBSD: shl.mi,v 1.34 1999/08/27 16:24:02 itojun Exp $
|
# $NetBSD: shl.mi,v 1.35 1999/08/31 13:58:59 itojun Exp $
|
||||||
./usr/lib/libamu.so.1.1
|
./usr/lib/libamu.so.1.1
|
||||||
./usr/lib/libbfd.so.3.0
|
./usr/lib/libbfd.so.3.0
|
||||||
./usr/lib/libbz2.so.0.0
|
./usr/lib/libbz2.so.0.0
|
||||||
|
@ -24,5 +24,5 @@
|
||||||
./usr/lib/libtermlib.so.0.0
|
./usr/lib/libtermlib.so.0.0
|
||||||
./usr/lib/libusb.so.0.0
|
./usr/lib/libusb.so.0.0
|
||||||
./usr/lib/libutil.so.5.1
|
./usr/lib/libutil.so.5.1
|
||||||
./usr/lib/libwrap.so.0.1
|
./usr/lib/libwrap.so.0.2
|
||||||
./usr/lib/libz.so.0.1
|
./usr/lib/libz.so.0.1
|
||||||
|
|
|
@ -1,13 +1,17 @@
|
||||||
# $NetBSD: Makefile.cflags,v 1.4 1997/10/26 20:52:47 christos Exp $
|
# $NetBSD: Makefile.cflags,v 1.5 1999/08/31 13:58:58 itojun Exp $
|
||||||
|
|
||||||
CPPFLAGS+=-DFACILITY=LOG_AUTHPRIV -DSEVERITY=LOG_INFO
|
CPPFLAGS+=-DFACILITY=LOG_AUTHPRIV -DSEVERITY=LOG_INFO
|
||||||
CPPFLAGS+=-DREAL_DAEMON_DIR=\"/usr/libexec\" -DHOSTS_ACCESS -DDAEMON_UMASK=022
|
CPPFLAGS+=-DREAL_DAEMON_DIR=\"/usr/libexec\" -DHOSTS_ACCESS -DDAEMON_UMASK=022
|
||||||
CPPFLAGS+=-DRFC931_TIMEOUT=10 -DALWAYS_HOSTNAME -DSYS_ERRLIST_DEFINED
|
CPPFLAGS+=-DRFC931_TIMEOUT=10 -DALWAYS_HOSTNAME -DSYS_ERRLIST_DEFINED
|
||||||
CPPFLAGS+=-DHOSTS_ALLOW=\"/etc/hosts.allow\" -DHOSTS_DENY=\"/etc/hosts.deny\"
|
CPPFLAGS+=-DHOSTS_ALLOW=\"/etc/hosts.allow\" -DHOSTS_DENY=\"/etc/hosts.deny\"
|
||||||
CPPFLAGS+=-DPROCESS_OPTIONS -DNETGROUP
|
CPPFLAGS+=-DPROCESS_OPTIONS -DNETGROUP
|
||||||
|
CPPFLAGS+=-Dss_family=__ss_family -Dss_len=__ss_len
|
||||||
|
|
||||||
# -DPARANOID is not used by libwrap, only by programs that use it.
|
# -DPARANOID is not used by libwrap, only by programs that use it.
|
||||||
# in this case inetd does not use it (probably rightly so) and so
|
# in this case inetd does not use it (probably rightly so) and so
|
||||||
# we don't want to use it in wrapper-related utilities (such as
|
# we don't want to use it in wrapper-related utilities (such as
|
||||||
# tcpdmatch) that include this file.
|
# tcpdmatch) that include this file.
|
||||||
#CPPFLAGS+=-DPARANOID
|
#CPPFLAGS+=-DPARANOID
|
||||||
|
|
||||||
|
# IPv6
|
||||||
|
CPPFLAGS+=-DINET6
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $NetBSD: fix_options.c,v 1.4 1999/08/27 16:06:17 itojun Exp $ */
|
/* $NetBSD: fix_options.c,v 1.5 1999/08/31 13:58:58 itojun Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Routine to disable IP-level socket options. This code was taken from 4.4BSD
|
* Routine to disable IP-level socket options. This code was taken from 4.4BSD
|
||||||
|
@ -12,7 +12,7 @@
|
||||||
#if 0
|
#if 0
|
||||||
static char sccsid[] = "@(#) fix_options.c 1.6 97/04/08 02:29:19";
|
static char sccsid[] = "@(#) fix_options.c 1.6 97/04/08 02:29:19";
|
||||||
#else
|
#else
|
||||||
__RCSID("$NetBSD: fix_options.c,v 1.4 1999/08/27 16:06:17 itojun Exp $");
|
__RCSID("$NetBSD: fix_options.c,v 1.5 1999/08/31 13:58:58 itojun Exp $");
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -53,6 +53,20 @@ struct request_info *request;
|
||||||
unsigned int opt;
|
unsigned int opt;
|
||||||
int optlen;
|
int optlen;
|
||||||
struct in_addr dummy;
|
struct in_addr dummy;
|
||||||
|
struct sockaddr_storage ss;
|
||||||
|
int sslen;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* check if this is AF_INET socket
|
||||||
|
* XXX IPv6 support?
|
||||||
|
*/
|
||||||
|
sslen = sizeof(ss);
|
||||||
|
if (getsockname(fd, (struct sockaddr *)&ss, &sslen < 0)) {
|
||||||
|
syslog(LOG_ERR, "getpeername: %m");
|
||||||
|
clean_exit(request);
|
||||||
|
}
|
||||||
|
if (ss.ss_family != AF_INET)
|
||||||
|
return;
|
||||||
|
|
||||||
if ((ip = getprotobyname("ip")) != 0)
|
if ((ip = getprotobyname("ip")) != 0)
|
||||||
ipproto = ip->p_proto;
|
ipproto = ip->p_proto;
|
||||||
|
|
|
@ -64,6 +64,8 @@ daemon_list : client_list : option : option ...
|
||||||
\fIclient_list\fR is a list
|
\fIclient_list\fR is a list
|
||||||
of one or more host names, host addresses, patterns or wildcards (see
|
of one or more host names, host addresses, patterns or wildcards (see
|
||||||
below) that will be matched against the client host name or address.
|
below) that will be matched against the client host name or address.
|
||||||
|
When a client_list item needs to include colon character (for IPv6 addresses),
|
||||||
|
the item needs to be wrapped with square bracket.
|
||||||
.PP
|
.PP
|
||||||
The more complex forms \fIdaemon@host\fR and \fIuser@host\fR are
|
The more complex forms \fIdaemon@host\fR and \fIuser@host\fR are
|
||||||
explained in the sections on server endpoint patterns and on client
|
explained in the sections on server endpoint patterns and on client
|
||||||
|
@ -97,6 +99,16 @@ An expression of the form `n.n.n.n/m.m.m.m\' is interpreted as a
|
||||||
bitwise AND of the address and the `mask\'. For example, the net/mask
|
bitwise AND of the address and the `mask\'. For example, the net/mask
|
||||||
pattern `131.155.72.0/255.255.254.0\' matches every address in the
|
pattern `131.155.72.0/255.255.254.0\' matches every address in the
|
||||||
range `131.155.72.0\' through `131.155.73.255\'.
|
range `131.155.72.0\' through `131.155.73.255\'.
|
||||||
|
Note that `m.m.m.m\' portion must always be specified.
|
||||||
|
.IP \(bu
|
||||||
|
An expression of the form `ipv6-addr/ipv6-mask\' is interpreted as
|
||||||
|
masked IPv6 address match, just like masked IPv4 address match (see above).
|
||||||
|
Note that `ipv6-mask\' portion must always be specified.
|
||||||
|
.IP \(bu
|
||||||
|
An expression of the form `ipv6-addr/prefixlen\' is interpreted as
|
||||||
|
masked IPv6 address match (with mask specified by numeric prefixlen),
|
||||||
|
just like masked IPv4 address match (see above).
|
||||||
|
Note that `prefixlen\' portion must always be specified.
|
||||||
.SH WILDCARDS
|
.SH WILDCARDS
|
||||||
The access control language supports explicit wildcards:
|
The access control language supports explicit wildcards:
|
||||||
.IP ALL
|
.IP ALL
|
||||||
|
@ -378,4 +390,4 @@ Eindhoven University of Technology
|
||||||
Den Dolech 2, P.O. Box 513,
|
Den Dolech 2, P.O. Box 513,
|
||||||
5600 MB Eindhoven, The Netherlands
|
5600 MB Eindhoven, The Netherlands
|
||||||
\" @(#) hosts_access.5 1.20 95/01/30 19:51:46
|
\" @(#) hosts_access.5 1.20 95/01/30 19:51:46
|
||||||
\" $NetBSD: hosts_access.5,v 1.9 1999/08/02 16:09:41 bouyer Exp $
|
\" $NetBSD: hosts_access.5,v 1.10 1999/08/31 13:58:58 itojun Exp $
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $NetBSD: hosts_access.c,v 1.9 1999/08/27 16:06:17 itojun Exp $ */
|
/* $NetBSD: hosts_access.c,v 1.10 1999/08/31 13:58:58 itojun Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* This module implements a simple access control language that is based on
|
* This module implements a simple access control language that is based on
|
||||||
|
@ -24,7 +24,7 @@
|
||||||
#if 0
|
#if 0
|
||||||
static char sccsid[] = "@(#) hosts_access.c 1.21 97/02/12 02:13:22";
|
static char sccsid[] = "@(#) hosts_access.c 1.21 97/02/12 02:13:22";
|
||||||
#else
|
#else
|
||||||
__RCSID("$NetBSD: hosts_access.c,v 1.9 1999/08/27 16:06:17 itojun Exp $");
|
__RCSID("$NetBSD: hosts_access.c,v 1.10 1999/08/31 13:58:58 itojun Exp $");
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -32,6 +32,9 @@ __RCSID("$NetBSD: hosts_access.c,v 1.9 1999/08/27 16:06:17 itojun Exp $");
|
||||||
|
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
#include <sys/param.h>
|
#include <sys/param.h>
|
||||||
|
#ifdef INET6
|
||||||
|
#include <sys/socket.h>
|
||||||
|
#endif
|
||||||
#include <netinet/in.h>
|
#include <netinet/in.h>
|
||||||
#include <arpa/inet.h>
|
#include <arpa/inet.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
|
@ -96,6 +99,10 @@ static int host_match __P((char *, struct host_info *));
|
||||||
static int rbl_match __P((char *, char *));
|
static int rbl_match __P((char *, char *));
|
||||||
static int string_match __P((char *, char *));
|
static int string_match __P((char *, char *));
|
||||||
static int masked_match __P((char *, char *, char *));
|
static int masked_match __P((char *, char *, char *));
|
||||||
|
static int masked_match4 __P((char *, char *, char *));
|
||||||
|
#ifdef INET6
|
||||||
|
static int masked_match6 __P((char *, char *, char *));
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Size of logical line buffer. */
|
/* Size of logical line buffer. */
|
||||||
|
|
||||||
|
@ -202,6 +209,7 @@ struct request_info *request;
|
||||||
int (*match_fn) __P((char *, struct request_info *));
|
int (*match_fn) __P((char *, struct request_info *));
|
||||||
{
|
{
|
||||||
char *tok;
|
char *tok;
|
||||||
|
int l;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Process tokens one at a time. We have exhausted all possible matches
|
* Process tokens one at a time. We have exhausted all possible matches
|
||||||
|
@ -213,6 +221,11 @@ int (*match_fn) __P((char *, struct request_info *));
|
||||||
for (tok = strtok(list, sep); tok != 0; tok = strtok((char *) 0, sep)) {
|
for (tok = strtok(list, sep); tok != 0; tok = strtok((char *) 0, sep)) {
|
||||||
if (STR_EQ(tok, "EXCEPT")) /* EXCEPT: give up */
|
if (STR_EQ(tok, "EXCEPT")) /* EXCEPT: give up */
|
||||||
return (NO);
|
return (NO);
|
||||||
|
l = strlen(tok);
|
||||||
|
if (*tok == '[' && tok[l - 1] == ']') {
|
||||||
|
tok[l - 1] = '\0';
|
||||||
|
tok++;
|
||||||
|
}
|
||||||
if (match_fn(tok, request)) { /* YES: look for exceptions */
|
if (match_fn(tok, request)) { /* YES: look for exceptions */
|
||||||
while ((tok = strtok((char *) 0, sep)) && STR_NE(tok, "EXCEPT"))
|
while ((tok = strtok((char *) 0, sep)) && STR_NE(tok, "EXCEPT"))
|
||||||
/* VOID */ ;
|
/* VOID */ ;
|
||||||
|
@ -361,6 +374,23 @@ static int masked_match(net_tok, mask_tok, string)
|
||||||
char *net_tok;
|
char *net_tok;
|
||||||
char *mask_tok;
|
char *mask_tok;
|
||||||
char *string;
|
char *string;
|
||||||
|
{
|
||||||
|
#ifndef INET6
|
||||||
|
return masked_match4(net_tok, mask_tok, string);
|
||||||
|
#else
|
||||||
|
if (dot_quad_addr(net_tok, NULL) != INADDR_NONE
|
||||||
|
&& dot_quad_addr(mask_tok, NULL) != INADDR_NONE
|
||||||
|
&& dot_quad_addr(string, NULL) != INADDR_NONE) {
|
||||||
|
return masked_match4(net_tok, mask_tok, string);
|
||||||
|
} else
|
||||||
|
return masked_match6(net_tok, mask_tok, string);
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
static int masked_match4(net_tok, mask_tok, string)
|
||||||
|
char *net_tok;
|
||||||
|
char *mask_tok;
|
||||||
|
char *string;
|
||||||
{
|
{
|
||||||
unsigned long net;
|
unsigned long net;
|
||||||
unsigned long mask;
|
unsigned long mask;
|
||||||
|
@ -381,3 +411,69 @@ char *string;
|
||||||
}
|
}
|
||||||
return ((addr & mask) == net);
|
return ((addr & mask) == net);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef INET6
|
||||||
|
/* Ugly because it covers IPv4 mapped address. I hate mapped addresses. */
|
||||||
|
static int masked_match6(net_tok, mask_tok, string)
|
||||||
|
char *net_tok;
|
||||||
|
char *mask_tok;
|
||||||
|
char *string;
|
||||||
|
{
|
||||||
|
struct in6_addr net;
|
||||||
|
struct in6_addr mask;
|
||||||
|
struct in6_addr addr;
|
||||||
|
int masklen;
|
||||||
|
int fail;
|
||||||
|
int i;
|
||||||
|
int maskoff;
|
||||||
|
int netaf;
|
||||||
|
const int sizoff64 = sizeof(struct in6_addr) - sizeof(struct in_addr);
|
||||||
|
|
||||||
|
memset(&addr, 0, sizeof(addr));
|
||||||
|
if (inet_pton(AF_INET6, string, &addr) == 1)
|
||||||
|
; /* okay */
|
||||||
|
else if (inet_pton(AF_INET, string, &addr.s6_addr[sizoff64]) == 1)
|
||||||
|
addr.s6_addr[10] = addr.s6_addr[11] = 0xff;
|
||||||
|
else
|
||||||
|
return NO;
|
||||||
|
|
||||||
|
memset(&net, 0, sizeof(net));
|
||||||
|
if (inet_pton(AF_INET6, net_tok, &net) == 1) {
|
||||||
|
netaf = AF_INET6;
|
||||||
|
maskoff = 0;
|
||||||
|
} else if (inet_pton(AF_INET, net_tok, &net.s6_addr[sizoff64]) == 1) {
|
||||||
|
netaf = AF_INET;
|
||||||
|
maskoff = sizoff64;
|
||||||
|
net.s6_addr[10] = net.s6_addr[11] = 0xff;
|
||||||
|
} else
|
||||||
|
return NO;
|
||||||
|
|
||||||
|
fail = 0;
|
||||||
|
if (mask_tok[strspn(mask_tok, "0123456789")] == '\0') {
|
||||||
|
masklen = atoi(mask_tok) + maskoff * 8;
|
||||||
|
if (0 <= masklen && masklen <= 128) {
|
||||||
|
memset(&mask, 0, sizeof(mask));
|
||||||
|
memset(&mask, 0xff, masklen / 8);
|
||||||
|
if (masklen % 8) {
|
||||||
|
((u_char *)&mask)[masklen / 8] =
|
||||||
|
(0xff00 >> (masklen % 8)) & 0xff;
|
||||||
|
}
|
||||||
|
} else
|
||||||
|
fail++;
|
||||||
|
} else if (netaf == AF_INET6 && inet_pton(AF_INET6, mask_tok, &mask) == 1)
|
||||||
|
; /* okay */
|
||||||
|
else if (netaf == AF_INET
|
||||||
|
&& inet_pton(AF_INET, mask_tok, &mask.s6_addr[12]) == 1) {
|
||||||
|
memset(&mask, 0xff, sizoff64);
|
||||||
|
} else
|
||||||
|
fail++;
|
||||||
|
if (fail) {
|
||||||
|
tcpd_warn("bad net/mask expression: %s/%s", net_tok, mask_tok);
|
||||||
|
return (NO); /* not tcpd_jump() */
|
||||||
|
}
|
||||||
|
|
||||||
|
for (i = 0; i < sizeof(addr); i++)
|
||||||
|
addr.s6_addr[i] &= mask.s6_addr[i];
|
||||||
|
return (memcmp(&addr, &net, sizeof(addr)) == 0);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $NetBSD: misc.c,v 1.6 1999/07/03 12:30:41 simonb Exp $ */
|
/* $NetBSD: misc.c,v 1.7 1999/08/31 13:58:58 itojun Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Misc routines that are used by tcpd and by tcpdchk.
|
* Misc routines that are used by tcpd and by tcpdchk.
|
||||||
|
@ -11,7 +11,7 @@
|
||||||
#if 0
|
#if 0
|
||||||
static char sccsic[] = "@(#) misc.c 1.2 96/02/11 17:01:29";
|
static char sccsic[] = "@(#) misc.c 1.2 96/02/11 17:01:29";
|
||||||
#else
|
#else
|
||||||
__RCSID("$NetBSD: misc.c,v 1.6 1999/07/03 12:30:41 simonb Exp $");
|
__RCSID("$NetBSD: misc.c,v 1.7 1999/08/31 13:58:58 itojun Exp $");
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -61,11 +61,35 @@ char *split_at(string, delimiter)
|
||||||
char *string;
|
char *string;
|
||||||
int delimiter;
|
int delimiter;
|
||||||
{
|
{
|
||||||
|
#if 0
|
||||||
char *cp;
|
char *cp;
|
||||||
|
|
||||||
if ((cp = strchr(string, delimiter)) != 0)
|
if ((cp = strchr(string, delimiter)) != 0)
|
||||||
*cp++ = 0;
|
*cp++ = 0;
|
||||||
return (cp);
|
return (cp);
|
||||||
|
#else
|
||||||
|
char *cp;
|
||||||
|
int bracket;
|
||||||
|
|
||||||
|
bracket = 0;
|
||||||
|
for (cp = string; cp && *cp; cp++) {
|
||||||
|
switch (*cp) {
|
||||||
|
case '[':
|
||||||
|
bracket++;
|
||||||
|
break;
|
||||||
|
case ']':
|
||||||
|
bracket--;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
if (bracket == 0 && *cp == delimiter) {
|
||||||
|
*cp++ = 0;
|
||||||
|
return cp;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return NULL;
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
/* dot_quad_addr - convert dotted quad to internal form */
|
/* dot_quad_addr - convert dotted quad to internal form */
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $NetBSD: rfc931.c,v 1.5 1999/07/03 12:30:41 simonb Exp $ */
|
/* $NetBSD: rfc931.c,v 1.6 1999/08/31 13:58:58 itojun Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* rfc931() speaks a common subset of the RFC 931, AUTH, TAP, IDENT and RFC
|
* rfc931() speaks a common subset of the RFC 931, AUTH, TAP, IDENT and RFC
|
||||||
|
@ -16,7 +16,7 @@
|
||||||
#if 0
|
#if 0
|
||||||
static char sccsid[] = "@(#) rfc931.c 1.10 95/01/02 16:11:34";
|
static char sccsid[] = "@(#) rfc931.c 1.10 95/01/02 16:11:34";
|
||||||
#else
|
#else
|
||||||
__RCSID("$NetBSD: rfc931.c,v 1.5 1999/07/03 12:30:41 simonb Exp $");
|
__RCSID("$NetBSD: rfc931.c,v 1.6 1999/08/31 13:58:58 itojun Exp $");
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -80,19 +80,56 @@ int sig;
|
||||||
/* rfc931 - return remote user name, given socket structures */
|
/* rfc931 - return remote user name, given socket structures */
|
||||||
|
|
||||||
void rfc931(rmt_sin, our_sin, dest)
|
void rfc931(rmt_sin, our_sin, dest)
|
||||||
struct sockaddr_in *rmt_sin;
|
struct sockaddr *rmt_sin;
|
||||||
struct sockaddr_in *our_sin;
|
struct sockaddr *our_sin;
|
||||||
char *dest;
|
char *dest;
|
||||||
{
|
{
|
||||||
unsigned rmt_port;
|
unsigned rmt_port;
|
||||||
unsigned our_port;
|
unsigned our_port;
|
||||||
struct sockaddr_in rmt_query_sin;
|
struct sockaddr_storage rmt_query_sin;
|
||||||
struct sockaddr_in our_query_sin;
|
struct sockaddr_storage our_query_sin;
|
||||||
char user[256]; /* XXX */
|
char user[256]; /* XXX */
|
||||||
char buffer[512]; /* XXX */
|
char buffer[512]; /* XXX */
|
||||||
char *cp;
|
char *cp;
|
||||||
char *result = unknown;
|
char *result = unknown;
|
||||||
FILE *fp;
|
FILE *fp;
|
||||||
|
int salen;
|
||||||
|
u_short *rmt_portp;
|
||||||
|
u_short *our_portp;
|
||||||
|
|
||||||
|
/* address family must be the same */
|
||||||
|
if (rmt_sin->sa_family != our_sin->sa_family) {
|
||||||
|
STRN_CPY(dest, result, STRING_LENGTH);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
switch (rmt_sin->sa_family) {
|
||||||
|
case AF_INET:
|
||||||
|
salen = sizeof(struct sockaddr_in);
|
||||||
|
rmt_portp = &((struct sockaddr_in *)&rmt_sin)->sin_port;
|
||||||
|
break;
|
||||||
|
#ifdef INET6
|
||||||
|
case AF_INET6:
|
||||||
|
salen = sizeof(struct sockaddr_in6);
|
||||||
|
rmt_portp = &((struct sockaddr_in6 *)&rmt_sin)->sin6_port;
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
default:
|
||||||
|
STRN_CPY(dest, result, STRING_LENGTH);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
switch (our_sin->sa_family) {
|
||||||
|
case AF_INET:
|
||||||
|
our_portp = &((struct sockaddr_in *)&our_sin)->sin_port;
|
||||||
|
break;
|
||||||
|
#ifdef INET6
|
||||||
|
case AF_INET6:
|
||||||
|
our_portp = &((struct sockaddr_in6 *)&our_sin)->sin6_port;
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
default:
|
||||||
|
STRN_CPY(dest, result, STRING_LENGTH);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
#ifdef __GNUC__
|
#ifdef __GNUC__
|
||||||
(void)&result; /* Avoid longjmp clobbering */
|
(void)&result; /* Avoid longjmp clobbering */
|
||||||
|
@ -109,7 +146,7 @@ char *dest;
|
||||||
* sockets.
|
* sockets.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
if ((fp = fsocket(AF_INET, SOCK_STREAM, 0)) != 0) {
|
if ((fp = fsocket(rmt_sin->sa_family, SOCK_STREAM, 0)) != 0) {
|
||||||
setbuf(fp, (char *) 0);
|
setbuf(fp, (char *) 0);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -129,15 +166,37 @@ char *dest;
|
||||||
* addresses from the query socket.
|
* addresses from the query socket.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
our_query_sin = *our_sin;
|
memcpy(&our_query_sin, our_sin, salen);
|
||||||
our_query_sin.sin_port = htons(ANY_PORT);
|
switch (our_query_sin.ss_family) {
|
||||||
rmt_query_sin = *rmt_sin;
|
case AF_INET:
|
||||||
rmt_query_sin.sin_port = htons(RFC931_PORT);
|
((struct sockaddr_in *)&our_query_sin)->sin_port =
|
||||||
|
htons(ANY_PORT);
|
||||||
|
break;
|
||||||
|
#ifdef INET6
|
||||||
|
case AF_INET6:
|
||||||
|
((struct sockaddr_in6 *)&our_query_sin)->sin6_port =
|
||||||
|
htons(ANY_PORT);
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
memcpy(&rmt_query_sin, rmt_sin, salen);
|
||||||
|
switch (rmt_query_sin.ss_family) {
|
||||||
|
case AF_INET:
|
||||||
|
((struct sockaddr_in *)&rmt_query_sin)->sin_port =
|
||||||
|
htons(RFC931_PORT);
|
||||||
|
break;
|
||||||
|
#ifdef INET6
|
||||||
|
case AF_INET6:
|
||||||
|
((struct sockaddr_in6 *)&rmt_query_sin)->sin6_port =
|
||||||
|
htons(RFC931_PORT);
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
if (bind(fileno(fp), (struct sockaddr *) & our_query_sin,
|
if (bind(fileno(fp), (struct sockaddr *) & our_query_sin,
|
||||||
sizeof(our_query_sin)) >= 0 &&
|
salen) >= 0 &&
|
||||||
connect(fileno(fp), (struct sockaddr *) & rmt_query_sin,
|
connect(fileno(fp), (struct sockaddr *) & rmt_query_sin,
|
||||||
sizeof(rmt_query_sin)) >= 0) {
|
salen) >= 0) {
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Send query to server. Neglect the risk that a 13-byte
|
* Send query to server. Neglect the risk that a 13-byte
|
||||||
|
@ -146,8 +205,8 @@ char *dest;
|
||||||
*/
|
*/
|
||||||
|
|
||||||
fprintf(fp, "%u,%u\r\n",
|
fprintf(fp, "%u,%u\r\n",
|
||||||
ntohs(rmt_sin->sin_port),
|
ntohs(*rmt_portp),
|
||||||
ntohs(our_sin->sin_port));
|
ntohs(*our_portp));
|
||||||
fflush(fp);
|
fflush(fp);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -161,8 +220,8 @@ char *dest;
|
||||||
&& ferror(fp) == 0 && feof(fp) == 0
|
&& ferror(fp) == 0 && feof(fp) == 0
|
||||||
&& sscanf(buffer, "%u , %u : USERID :%*[^:]:%255s",
|
&& sscanf(buffer, "%u , %u : USERID :%*[^:]:%255s",
|
||||||
&rmt_port, &our_port, user) == 3
|
&rmt_port, &our_port, user) == 3
|
||||||
&& ntohs(rmt_sin->sin_port) == rmt_port
|
&& ntohs(*rmt_portp) == rmt_port
|
||||||
&& ntohs(our_sin->sin_port) == our_port) {
|
&& ntohs(*our_portp) == our_port) {
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Strip trailing carriage return. It is part of the
|
* Strip trailing carriage return. It is part of the
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# $NetBSD: shlib_version,v 1.4 1999/08/27 16:24:01 itojun Exp $
|
# $NetBSD: shlib_version,v 1.5 1999/08/31 13:58:58 itojun Exp $
|
||||||
# Remember to update distrib/sets/lists/base/shl.* when changing
|
# Remember to update distrib/sets/lists/base/shl.* when changing
|
||||||
#
|
#
|
||||||
major=0
|
major=0
|
||||||
minor=1
|
minor=2
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $NetBSD: socket.c,v 1.6 1999/08/27 16:06:17 itojun Exp $ */
|
/* $NetBSD: socket.c,v 1.7 1999/08/31 13:58:58 itojun Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* This module determines the type of socket (datagram, stream), the client
|
* This module determines the type of socket (datagram, stream), the client
|
||||||
|
@ -22,7 +22,7 @@
|
||||||
#if 0
|
#if 0
|
||||||
static char sccsid[] = "@(#) socket.c 1.15 97/03/21 19:27:24";
|
static char sccsid[] = "@(#) socket.c 1.15 97/03/21 19:27:24";
|
||||||
#else
|
#else
|
||||||
__RCSID("$NetBSD: socket.c,v 1.6 1999/08/27 16:06:17 itojun Exp $");
|
__RCSID("$NetBSD: socket.c,v 1.7 1999/08/31 13:58:58 itojun Exp $");
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -81,8 +81,8 @@ char *name;
|
||||||
void sock_host(request)
|
void sock_host(request)
|
||||||
struct request_info *request;
|
struct request_info *request;
|
||||||
{
|
{
|
||||||
static struct sockaddr_in client;
|
static struct sockaddr_storage client;
|
||||||
static struct sockaddr_in server;
|
static struct sockaddr_storage server;
|
||||||
int len;
|
int len;
|
||||||
char buf[BUFSIZ];
|
char buf[BUFSIZ];
|
||||||
int fd = request->fd;
|
int fd = request->fd;
|
||||||
|
@ -96,6 +96,8 @@ struct request_info *request;
|
||||||
* really should verify that client.sin_family gets the value AF_INET,
|
* really should verify that client.sin_family gets the value AF_INET,
|
||||||
* but this program has already caused too much grief on systems with
|
* but this program has already caused too much grief on systems with
|
||||||
* broken library code.
|
* broken library code.
|
||||||
|
*
|
||||||
|
* XXX the last sentence is untrue as we support AF_INET6 as well :-)
|
||||||
*/
|
*/
|
||||||
|
|
||||||
len = sizeof(client);
|
len = sizeof(client);
|
||||||
|
@ -111,7 +113,7 @@ struct request_info *request;
|
||||||
memset(buf, 0 sizeof(buf));
|
memset(buf, 0 sizeof(buf));
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
request->client->sin = &client;
|
request->client->sin = (struct sockaddr *)&client;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Determine the server binding. This is used for client username
|
* Determine the server binding. This is used for client username
|
||||||
|
@ -124,7 +126,7 @@ struct request_info *request;
|
||||||
tcpd_warn("getsockname: %m");
|
tcpd_warn("getsockname: %m");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
request->server->sin = &server;
|
request->server->sin = (struct sockaddr *)&server;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* sock_hostaddr - map endpoint address to printable form */
|
/* sock_hostaddr - map endpoint address to printable form */
|
||||||
|
@ -132,10 +134,28 @@ struct request_info *request;
|
||||||
void sock_hostaddr(host)
|
void sock_hostaddr(host)
|
||||||
struct host_info *host;
|
struct host_info *host;
|
||||||
{
|
{
|
||||||
struct sockaddr_in *sin = host->sin;
|
struct sockaddr *sa = host->sin;
|
||||||
|
int alen, af;
|
||||||
|
char *ap;
|
||||||
|
|
||||||
if (sin != 0)
|
if (!sa)
|
||||||
STRN_CPY(host->addr, inet_ntoa(sin->sin_addr), sizeof(host->addr));
|
return;
|
||||||
|
switch (sa->sa_family) {
|
||||||
|
case AF_INET:
|
||||||
|
ap = (char *)&((struct sockaddr_in *)sa)->sin_addr;
|
||||||
|
alen = sizeof(struct in_addr);
|
||||||
|
break;
|
||||||
|
#ifdef INET6
|
||||||
|
case AF_INET6:
|
||||||
|
ap = (char *)&((struct sockaddr_in6 *)sa)->sin6_addr;
|
||||||
|
alen = sizeof(struct in6_addr);
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
default:
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
host->addr[0] = '\0';
|
||||||
|
inet_ntop(af, ap, host->addr, sizeof(host->addr));
|
||||||
}
|
}
|
||||||
|
|
||||||
/* sock_hostname - map endpoint address to host name */
|
/* sock_hostname - map endpoint address to host name */
|
||||||
|
@ -143,9 +163,12 @@ struct host_info *host;
|
||||||
void sock_hostname(host)
|
void sock_hostname(host)
|
||||||
struct host_info *host;
|
struct host_info *host;
|
||||||
{
|
{
|
||||||
struct sockaddr_in *sin = host->sin;
|
struct sockaddr *sin = host->sin;
|
||||||
struct hostent *hp;
|
struct hostent *hp;
|
||||||
int i;
|
int i;
|
||||||
|
int af, alen;
|
||||||
|
char *ap;
|
||||||
|
char hbuf[MAXHOSTNAMELEN];
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* On some systems, for example Solaris 2.3, gethostbyaddr(0.0.0.0) does
|
* On some systems, for example Solaris 2.3, gethostbyaddr(0.0.0.0) does
|
||||||
|
@ -154,9 +177,31 @@ struct host_info *host;
|
||||||
* have to special-case 0.0.0.0, in order to avoid false alerts from the
|
* have to special-case 0.0.0.0, in order to avoid false alerts from the
|
||||||
* host name/address checking code below.
|
* host name/address checking code below.
|
||||||
*/
|
*/
|
||||||
if (sin != 0 && sin->sin_addr.s_addr != 0
|
if (!sin)
|
||||||
&& (hp = gethostbyaddr((char *) &(sin->sin_addr),
|
return;
|
||||||
sizeof(sin->sin_addr), AF_INET)) != 0) {
|
switch (af = sin->sa_family) {
|
||||||
|
case AF_INET:
|
||||||
|
if (((struct sockaddr_in *)sin)->sin_addr.s_addr == 0)
|
||||||
|
return;
|
||||||
|
ap = (char *)&((struct sockaddr_in *)sin)->sin_addr;
|
||||||
|
alen = sizeof(struct in_addr);
|
||||||
|
break;
|
||||||
|
#ifdef INET6
|
||||||
|
case AF_INET6:
|
||||||
|
ap = (char *)&((struct sockaddr_in6 *)sin)->sin6_addr;
|
||||||
|
alen = sizeof(struct in6_addr);
|
||||||
|
/* special case on reverse lookup: mapped addr. I hate it */
|
||||||
|
if (IN6_IS_ADDR_V4MAPPED((struct in6_addr *)ap)) {
|
||||||
|
af = AF_INET;
|
||||||
|
ap += (sizeof(struct in6_addr) - sizeof(struct in_addr));
|
||||||
|
alen = sizeof(struct in_addr);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
default:
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if ((hp = gethostbyaddr(ap, alen, af)) != 0) {
|
||||||
|
|
||||||
STRN_CPY(host->name, hp->h_name, sizeof(host->name));
|
STRN_CPY(host->name, hp->h_name, sizeof(host->name));
|
||||||
|
|
||||||
|
@ -173,15 +218,15 @@ struct host_info *host;
|
||||||
* we're in big trouble anyway.
|
* we're in big trouble anyway.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
if ((hp = gethostbyname(host->name)) == 0) {
|
if ((hp = gethostbyname2(host->name, af)) == 0) {
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Unable to verify that the host name matches the address. This
|
* Unable to verify that the host name matches the address. This
|
||||||
* may be a transient problem or a botched name server setup.
|
* may be a transient problem or a botched name server setup.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
tcpd_warn("can't verify hostname: gethostbyname(%s) failed",
|
tcpd_warn("can't verify hostname: gethostbyname2(%s, %d) failed",
|
||||||
host->name);
|
host->name, af);
|
||||||
|
|
||||||
} else if (STR_NE(host->name, hp->h_name)
|
} else if (STR_NE(host->name, hp->h_name)
|
||||||
&& STR_NE(host->name, "localhost")) {
|
&& STR_NE(host->name, "localhost")) {
|
||||||
|
@ -205,9 +250,7 @@ struct host_info *host;
|
||||||
*/
|
*/
|
||||||
|
|
||||||
for (i = 0; hp->h_addr_list[i]; i++) {
|
for (i = 0; hp->h_addr_list[i]; i++) {
|
||||||
if (memcmp(hp->h_addr_list[i],
|
if (memcmp(hp->h_addr_list[i], (char *) ap, alen) == 0)
|
||||||
(char *) &sin->sin_addr,
|
|
||||||
sizeof(sin->sin_addr)) == 0)
|
|
||||||
return; /* name is good, keep it */
|
return; /* name is good, keep it */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -218,7 +261,8 @@ struct host_info *host;
|
||||||
*/
|
*/
|
||||||
|
|
||||||
tcpd_warn("host name/address mismatch: %s != %.*s",
|
tcpd_warn("host name/address mismatch: %s != %.*s",
|
||||||
inet_ntoa(sin->sin_addr), STRING_LENGTH, hp->h_name);
|
inet_ntop(af, ap, hbuf, sizeof(hbuf)),
|
||||||
|
STRING_LENGTH, hp->h_name);
|
||||||
}
|
}
|
||||||
/* name is bad, clobber it */
|
/* name is bad, clobber it */
|
||||||
(void)strncpy(host->name, paranoid, sizeof(host->name) - 1);
|
(void)strncpy(host->name, paranoid, sizeof(host->name) - 1);
|
||||||
|
@ -231,7 +275,7 @@ static void sock_sink(fd)
|
||||||
int fd;
|
int fd;
|
||||||
{
|
{
|
||||||
char buf[BUFSIZ];
|
char buf[BUFSIZ];
|
||||||
struct sockaddr_in sin;
|
struct sockaddr_storage sin;
|
||||||
int size = sizeof(sin);
|
int size = sizeof(sin);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $NetBSD: tcpd.h,v 1.7 1999/07/03 12:30:42 simonb Exp $ */
|
/* $NetBSD: tcpd.h,v 1.8 1999/08/31 13:58:58 itojun Exp $ */
|
||||||
/*
|
/*
|
||||||
* @(#) tcpd.h 1.5 96/03/19 16:22:24
|
* @(#) tcpd.h 1.5 96/03/19 16:22:24
|
||||||
*
|
*
|
||||||
|
@ -12,7 +12,7 @@
|
||||||
struct host_info {
|
struct host_info {
|
||||||
char name[STRING_LENGTH]; /* access via eval_hostname(host) */
|
char name[STRING_LENGTH]; /* access via eval_hostname(host) */
|
||||||
char addr[STRING_LENGTH]; /* access via eval_hostaddr(host) */
|
char addr[STRING_LENGTH]; /* access via eval_hostaddr(host) */
|
||||||
struct sockaddr_in *sin; /* socket address or 0 */
|
struct sockaddr *sin; /* socket address or 0 */
|
||||||
struct t_unitdata *unit; /* TLI transport address or 0 */
|
struct t_unitdata *unit; /* TLI transport address or 0 */
|
||||||
struct request_info *request; /* for shared information */
|
struct request_info *request; /* for shared information */
|
||||||
};
|
};
|
||||||
|
@ -81,7 +81,7 @@ extern void shell_cmd /* execute shell command */
|
||||||
extern char *percent_x /* do %<char> expansion */
|
extern char *percent_x /* do %<char> expansion */
|
||||||
__P((char *, int, char *, struct request_info *));
|
__P((char *, int, char *, struct request_info *));
|
||||||
extern void rfc931 /* client name from RFC 931 daemon */
|
extern void rfc931 /* client name from RFC 931 daemon */
|
||||||
__P((struct sockaddr_in *, struct sockaddr_in *, char *));
|
__P((struct sockaddr *, struct sockaddr *, char *));
|
||||||
extern void clean_exit /* clean up and exit */
|
extern void clean_exit /* clean up and exit */
|
||||||
__P((struct request_info *));
|
__P((struct request_info *));
|
||||||
extern void refuse /* clean up and exit */
|
extern void refuse /* clean up and exit */
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $NetBSD: update.c,v 1.5 1999/07/03 12:30:42 simonb Exp $ */
|
/* $NetBSD: update.c,v 1.6 1999/08/31 13:58:58 itojun Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Routines for controlled update/initialization of request structures.
|
* Routines for controlled update/initialization of request structures.
|
||||||
|
@ -20,7 +20,7 @@
|
||||||
#if 0
|
#if 0
|
||||||
static char sccsid[] = "@(#) update.c 1.1 94/12/28 17:42:56";
|
static char sccsid[] = "@(#) update.c 1.1 94/12/28 17:42:56";
|
||||||
#else
|
#else
|
||||||
__RCSID("$NetBSD: update.c,v 1.5 1999/07/03 12:30:42 simonb Exp $");
|
__RCSID("$NetBSD: update.c,v 1.6 1999/08/31 13:58:58 itojun Exp $");
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -56,10 +56,10 @@ va_list ap;
|
||||||
request->fd = va_arg(ap, int);
|
request->fd = va_arg(ap, int);
|
||||||
continue;
|
continue;
|
||||||
case RQ_CLIENT_SIN:
|
case RQ_CLIENT_SIN:
|
||||||
request->client->sin = va_arg(ap, struct sockaddr_in *);
|
request->client->sin = va_arg(ap, struct sockaddr *);
|
||||||
continue;
|
continue;
|
||||||
case RQ_SERVER_SIN:
|
case RQ_SERVER_SIN:
|
||||||
request->server->sin = va_arg(ap, struct sockaddr_in *);
|
request->server->sin = va_arg(ap, struct sockaddr *);
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $NetBSD: workarounds.c,v 1.4 1999/07/03 12:30:42 simonb Exp $ */
|
/* $NetBSD: workarounds.c,v 1.5 1999/08/31 13:58:58 itojun Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Workarounds for known system software bugs. This module provides wrappers
|
* Workarounds for known system software bugs. This module provides wrappers
|
||||||
|
@ -14,7 +14,7 @@
|
||||||
#if 0
|
#if 0
|
||||||
char sccsid[] = "@(#) workarounds.c 1.6 96/03/19 16:22:25";
|
char sccsid[] = "@(#) workarounds.c 1.6 96/03/19 16:22:25";
|
||||||
#else
|
#else
|
||||||
__RCSID("$NetBSD: workarounds.c,v 1.4 1999/07/03 12:30:42 simonb Exp $");
|
__RCSID("$NetBSD: workarounds.c,v 1.5 1999/08/31 13:58:58 itojun Exp $");
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -141,10 +141,10 @@ int *fromlen;
|
||||||
|
|
||||||
if ((ret = recvfrom(sock, buf, buflen, flags, from, fromlen)) >= 0) {
|
if ((ret = recvfrom(sock, buf, buflen, flags, from, fromlen)) >= 0) {
|
||||||
if (from->sa_family == 0) {
|
if (from->sa_family == 0) {
|
||||||
struct sockaddr my_addr;
|
struct sockaddr_storage my_addr;
|
||||||
int my_addr_len = sizeof(my_addr);
|
int my_addr_len = sizeof(my_addr);
|
||||||
|
|
||||||
if (getsockname(0, &my_addr, &my_addr_len)) {
|
if (getsockname(0, (struct sockaddr *)&my_addr, &my_addr_len)) {
|
||||||
tcpd_warn("getsockname: %m");
|
tcpd_warn("getsockname: %m");
|
||||||
} else {
|
} else {
|
||||||
from->sa_family = my_addr.sa_family;
|
from->sa_family = my_addr.sa_family;
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $NetBSD: scaffold.c,v 1.6 1999/08/27 16:07:23 itojun Exp $ */
|
/* $NetBSD: scaffold.c,v 1.7 1999/08/31 13:58:58 itojun Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Routines for testing only. Not really industrial strength.
|
* Routines for testing only. Not really industrial strength.
|
||||||
|
@ -11,7 +11,7 @@
|
||||||
#if 0
|
#if 0
|
||||||
static char sccs_id[] = "@(#) scaffold.c 1.6 97/03/21 19:27:24";
|
static char sccs_id[] = "@(#) scaffold.c 1.6 97/03/21 19:27:24";
|
||||||
#else
|
#else
|
||||||
__RCSID("$NetBSD: scaffold.c,v 1.6 1999/08/27 16:07:23 itojun Exp $");
|
__RCSID("$NetBSD: scaffold.c,v 1.7 1999/08/31 13:58:58 itojun Exp $");
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -70,6 +70,7 @@ struct hostent *hp;
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
memset((char *) &hb->host, 0, sizeof(hb->host));
|
memset((char *) &hb->host, 0, sizeof(hb->host));
|
||||||
|
hb->host.h_addrtype = hp->h_addrtype;
|
||||||
hb->host.h_length = hp->h_length;
|
hb->host.h_length = hp->h_length;
|
||||||
hb->host.h_addr_list = hb->addr_list;
|
hb->host.h_addr_list = hb->addr_list;
|
||||||
hb->host.h_addr_list[count] = 0;
|
hb->host.h_addr_list[count] = 0;
|
||||||
|
@ -92,6 +93,9 @@ char *host;
|
||||||
struct hostent *hp;
|
struct hostent *hp;
|
||||||
static struct hostent h;
|
static struct hostent h;
|
||||||
static char *addr_list[2];
|
static char *addr_list[2];
|
||||||
|
#ifdef INET6
|
||||||
|
static struct in6_addr in6;
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Host address: translate it to internal form.
|
* Host address: translate it to internal form.
|
||||||
|
@ -101,8 +105,18 @@ char *host;
|
||||||
h.h_addr_list = addr_list;
|
h.h_addr_list = addr_list;
|
||||||
h.h_addr_list[0] = (char *) &addr;
|
h.h_addr_list[0] = (char *) &addr;
|
||||||
h.h_length = sizeof(addr);
|
h.h_length = sizeof(addr);
|
||||||
|
h.h_addrtype = AF_INET;
|
||||||
return (dup_hostent(&h));
|
return (dup_hostent(&h));
|
||||||
}
|
}
|
||||||
|
#ifdef INET6
|
||||||
|
if (inet_pton(AF_INET6, host, &in6) == 1) {
|
||||||
|
h.h_addr_list = addr_list;
|
||||||
|
h.h_addr_list[0] = (char *) &in6;
|
||||||
|
h.h_length = sizeof(in6);
|
||||||
|
h.h_addrtype = AF_INET6;
|
||||||
|
return (dup_hostent(&h));
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Map host name to a series of addresses. Watch out for non-internet
|
* Map host name to a series of addresses. Watch out for non-internet
|
||||||
|
@ -110,10 +124,28 @@ char *host;
|
||||||
* been "enhanced" to accept numeric addresses. Make a copy of the
|
* been "enhanced" to accept numeric addresses. Make a copy of the
|
||||||
* address list so that later gethostbyXXX() calls will not clobber it.
|
* address list so that later gethostbyXXX() calls will not clobber it.
|
||||||
*/
|
*/
|
||||||
if (NOT_INADDR(host) == 0) {
|
#ifdef INET6
|
||||||
|
if (NOT_INADDR(host) == 0 && inet_pton(AF_INET6, host, &in6) == 1)
|
||||||
|
#else
|
||||||
|
if (NOT_INADDR(host) == 0)
|
||||||
|
#endif
|
||||||
|
{
|
||||||
tcpd_warn("%s: not an internet address", host);
|
tcpd_warn("%s: not an internet address", host);
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
|
#ifdef INET6
|
||||||
|
/*
|
||||||
|
* XXX this behavior may, or may not be desirable.
|
||||||
|
* - we may better use getipnodebyname() to addresses of get both AFs,
|
||||||
|
* however, getipnodebyname() is not widely implemented.
|
||||||
|
* - it may be better to have a way to specify the AF to use.
|
||||||
|
*/
|
||||||
|
if ((hp = gethostbyname2(host, AF_INET)) == 0
|
||||||
|
&& (hp = gethostbyname2(host, AF_INET6)) == 0) {
|
||||||
|
tcpd_warn("%s: host not found", host);
|
||||||
|
return (0);
|
||||||
|
}
|
||||||
|
#else
|
||||||
if ((hp = gethostbyname(host)) == 0) {
|
if ((hp = gethostbyname(host)) == 0) {
|
||||||
tcpd_warn("%s: host not found", host);
|
tcpd_warn("%s: host not found", host);
|
||||||
return (0);
|
return (0);
|
||||||
|
@ -122,6 +154,7 @@ char *host;
|
||||||
tcpd_warn("%d: not an internet host", hp->h_addrtype);
|
tcpd_warn("%d: not an internet host", hp->h_addrtype);
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
if (STR_NE(host, hp->h_name)) {
|
if (STR_NE(host, hp->h_name)) {
|
||||||
tcpd_warn("%s: hostname alias", host);
|
tcpd_warn("%s: hostname alias", host);
|
||||||
tcpd_warn("(official name: %.*s)", STRING_LENGTH, hp->h_name);
|
tcpd_warn("(official name: %.*s)", STRING_LENGTH, hp->h_name);
|
||||||
|
@ -135,20 +168,36 @@ int check_dns(host)
|
||||||
char *host;
|
char *host;
|
||||||
{
|
{
|
||||||
struct request_info request;
|
struct request_info request;
|
||||||
struct sockaddr_in sin;
|
struct sockaddr_storage sin;
|
||||||
struct hostent *hp;
|
struct hostent *hp;
|
||||||
int count;
|
int count;
|
||||||
char *addr;
|
char *addr;
|
||||||
|
char *ap;
|
||||||
|
int alen;
|
||||||
|
|
||||||
if ((hp = find_inet_addr(host)) == 0)
|
if ((hp = find_inet_addr(host)) == 0)
|
||||||
return (0);
|
return (0);
|
||||||
request_init(&request, RQ_CLIENT_SIN, &sin, 0);
|
request_init(&request, RQ_CLIENT_SIN, &sin, 0);
|
||||||
sock_methods(&request);
|
sock_methods(&request);
|
||||||
memset((char *) &sin, 0, sizeof(sin));
|
memset((char *) &sin, 0, sizeof(sin));
|
||||||
sin.sin_family = AF_INET;
|
sin.ss_family = hp->h_addrtype;
|
||||||
|
switch (hp->h_addrtype) {
|
||||||
|
case AF_INET:
|
||||||
|
ap = (char *)&((struct sockaddr_in *)&sin)->sin_addr;
|
||||||
|
alen = sizeof(struct in6_addr);
|
||||||
|
break;
|
||||||
|
#ifdef INET6
|
||||||
|
case AF_INET6:
|
||||||
|
ap = (char *)&((struct sockaddr_in6 *)&sin)->sin6_addr;
|
||||||
|
alen = sizeof(struct in6_addr);
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
default:
|
||||||
|
return (0);
|
||||||
|
}
|
||||||
|
|
||||||
for (count = 0; (addr = hp->h_addr_list[count]) != 0; count++) {
|
for (count = 0; (addr = hp->h_addr_list[count]) != 0; count++) {
|
||||||
memcpy((char *) &sin.sin_addr, addr, sizeof(sin.sin_addr));
|
memcpy(ap, addr, alen);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Force host name and address conversions. Use the request structure
|
* Force host name and address conversions. Use the request structure
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $NetBSD: tcpdchk.c,v 1.8 1999/08/27 16:07:23 itojun Exp $ */
|
/* $NetBSD: tcpdchk.c,v 1.9 1999/08/31 13:58:58 itojun Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* tcpdchk - examine all tcpd access control rules and inetd.conf entries
|
* tcpdchk - examine all tcpd access control rules and inetd.conf entries
|
||||||
|
@ -21,7 +21,7 @@
|
||||||
#if 0
|
#if 0
|
||||||
static char sccsid[] = "@(#) tcpdchk.c 1.8 97/02/12 02:13:25";
|
static char sccsid[] = "@(#) tcpdchk.c 1.8 97/02/12 02:13:25";
|
||||||
#else
|
#else
|
||||||
__RCSID("$NetBSD: tcpdchk.c,v 1.8 1999/08/27 16:07:23 itojun Exp $");
|
__RCSID("$NetBSD: tcpdchk.c,v 1.9 1999/08/31 13:58:58 itojun Exp $");
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -29,6 +29,9 @@ __RCSID("$NetBSD: tcpdchk.c,v 1.8 1999/08/27 16:07:23 itojun Exp $");
|
||||||
|
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
#include <sys/stat.h>
|
#include <sys/stat.h>
|
||||||
|
#ifdef INET6
|
||||||
|
#include <sys/socket.h>
|
||||||
|
#endif
|
||||||
#include <netinet/in.h>
|
#include <netinet/in.h>
|
||||||
#include <arpa/inet.h>
|
#include <arpa/inet.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
|
@ -341,10 +344,20 @@ char *list;
|
||||||
char *cp;
|
char *cp;
|
||||||
char *host;
|
char *host;
|
||||||
int clients = 0;
|
int clients = 0;
|
||||||
|
#ifdef INET6
|
||||||
|
int l;
|
||||||
|
#endif
|
||||||
|
|
||||||
strcpy(buf, list);
|
strcpy(buf, list);
|
||||||
|
|
||||||
for (cp = strtok(buf, sep); cp != 0; cp = strtok((char *) 0, sep)) {
|
for (cp = strtok(buf, sep); cp != 0; cp = strtok((char *) 0, sep)) {
|
||||||
|
#ifdef INET6
|
||||||
|
l = strlen(cp);
|
||||||
|
if (cp[0] == '[' && cp[l - 1] == ']') {
|
||||||
|
cp[l - 1] = '\0';
|
||||||
|
cp++;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
if (STR_EQ(cp, "EXCEPT")) {
|
if (STR_EQ(cp, "EXCEPT")) {
|
||||||
clients = 0;
|
clients = 0;
|
||||||
} else {
|
} else {
|
||||||
|
@ -441,8 +454,22 @@ char *pat;
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
} else if ((mask = split_at(pat, '/')) != NULL) { /* network/netmask */
|
} else if ((mask = split_at(pat, '/')) != NULL) { /* network/netmask */
|
||||||
if (dot_quad_addr(pat, NULL) != 0
|
#ifdef INET6
|
||||||
|| dot_quad_addr(mask, NULL) != 0)
|
struct in6_addr in6;
|
||||||
|
#endif
|
||||||
|
if (dot_quad_addr(pat, NULL) != INADDR_NONE
|
||||||
|
|| dot_quad_addr(mask, NULL) != INADDR_NONE)
|
||||||
|
; /*okay*/
|
||||||
|
#ifdef INET6
|
||||||
|
else if (inet_pton(AF_INET6, pat, &in6) == 1
|
||||||
|
&& inet_pton(AF_INET6, mask, &in6) == 1)
|
||||||
|
; /*okay*/
|
||||||
|
else if (inet_pton(AF_INET6, pat, &in6) == 1
|
||||||
|
&& strchr(mask, ':') == NULL
|
||||||
|
&& 0 <= atoi(mask) && atoi(mask) <= 128)
|
||||||
|
; /*okay*/
|
||||||
|
#endif
|
||||||
|
else
|
||||||
tcpd_warn("%s/%s: bad net/mask pattern", pat, mask);
|
tcpd_warn("%s/%s: bad net/mask pattern", pat, mask);
|
||||||
} else if (STR_EQ(pat, "FAIL")) { /* obsolete */
|
} else if (STR_EQ(pat, "FAIL")) { /* obsolete */
|
||||||
tcpd_warn("FAIL is no longer recognized");
|
tcpd_warn("FAIL is no longer recognized");
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
.\" $NetBSD: tcpdmatch.8,v 1.3 1998/01/09 08:11:51 perry Exp $
|
.\" $NetBSD: tcpdmatch.8,v 1.4 1999/08/31 13:58:58 itojun Exp $
|
||||||
.\"
|
.\"
|
||||||
.TH TCPDMATCH 8
|
.TH TCPDMATCH 8
|
||||||
.SH NAME
|
.SH NAME
|
||||||
|
@ -98,3 +98,8 @@ Eindhoven University of Technology
|
||||||
Den Dolech 2, P.O. Box 513,
|
Den Dolech 2, P.O. Box 513,
|
||||||
5600 MB Eindhoven, The Netherlands
|
5600 MB Eindhoven, The Netherlands
|
||||||
\" @(#) tcpdmatch.8 1.5 96/02/11 17:01:35
|
\" @(#) tcpdmatch.8 1.5 96/02/11 17:01:35
|
||||||
|
.SH BUGS
|
||||||
|
If you specify FQDN hostname as client,
|
||||||
|
they will be recognized only as IPv4 or IPv6 address,
|
||||||
|
which should be recognized as both.
|
||||||
|
This should be solved when getipnodebyname(3) is supplied.
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $NetBSD: tcpdmatch.c,v 1.5 1999/05/09 16:06:33 christos Exp $ */
|
/* $NetBSD: tcpdmatch.c,v 1.6 1999/08/31 13:58:58 itojun Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* tcpdmatch - explain what tcpd would do in a specific case
|
* tcpdmatch - explain what tcpd would do in a specific case
|
||||||
|
@ -20,7 +20,7 @@
|
||||||
#if 0
|
#if 0
|
||||||
static char sccsid[] = "@(#) tcpdmatch.c 1.5 96/02/11 17:01:36";
|
static char sccsid[] = "@(#) tcpdmatch.c 1.5 96/02/11 17:01:36";
|
||||||
#else
|
#else
|
||||||
__RCSID("$NetBSD: tcpdmatch.c,v 1.5 1999/05/09 16:06:33 christos Exp $");
|
__RCSID("$NetBSD: tcpdmatch.c,v 1.6 1999/08/31 13:58:58 itojun Exp $");
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -75,9 +75,14 @@ char **argv;
|
||||||
int ch;
|
int ch;
|
||||||
char *inetcf = 0;
|
char *inetcf = 0;
|
||||||
int count;
|
int count;
|
||||||
struct sockaddr_in server_sin;
|
struct sockaddr_storage server_sin;
|
||||||
struct sockaddr_in client_sin;
|
struct sockaddr_storage client_sin;
|
||||||
struct stat st;
|
struct stat st;
|
||||||
|
char *ap;
|
||||||
|
int alen;
|
||||||
|
#ifdef INET6
|
||||||
|
struct sockaddr_in6 in6;
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Show what rule actually matched.
|
* Show what rule actually matched.
|
||||||
|
@ -180,12 +185,25 @@ char **argv;
|
||||||
if ((hp = find_inet_addr(server)) == 0)
|
if ((hp = find_inet_addr(server)) == 0)
|
||||||
exit(1);
|
exit(1);
|
||||||
memset((char *) &server_sin, 0, sizeof(server_sin));
|
memset((char *) &server_sin, 0, sizeof(server_sin));
|
||||||
server_sin.sin_family = AF_INET;
|
server_sin.ss_family = hp->h_addrtype;
|
||||||
|
switch (hp->h_addrtype) {
|
||||||
|
case AF_INET:
|
||||||
|
ap = (char *)&((struct sockaddr_in *)&server_sin)->sin_addr;
|
||||||
|
alen = sizeof(struct in_addr);
|
||||||
|
break;
|
||||||
|
#ifdef INET6
|
||||||
|
case AF_INET6:
|
||||||
|
ap = (char *)&((struct sockaddr_in6 *)&server_sin)->sin6_addr;
|
||||||
|
alen = sizeof(struct in6_addr);
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
default:
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
request_set(&request, RQ_SERVER_SIN, &server_sin, 0);
|
request_set(&request, RQ_SERVER_SIN, &server_sin, 0);
|
||||||
|
|
||||||
for (count = 0; (addr = hp->h_addr_list[count]) != 0; count++) {
|
for (count = 0; (addr = hp->h_addr_list[count]) != 0; count++) {
|
||||||
memcpy((char *) &server_sin.sin_addr, addr,
|
memcpy(ap, addr, alen);
|
||||||
sizeof(server_sin.sin_addr));
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Force evaluation of server host name and address. Host name
|
* Force evaluation of server host name and address. Host name
|
||||||
|
@ -215,6 +233,13 @@ char **argv;
|
||||||
tcpdmatch(&request);
|
tcpdmatch(&request);
|
||||||
exit(0);
|
exit(0);
|
||||||
}
|
}
|
||||||
|
#ifdef INET6
|
||||||
|
if (inet_pton(AF_INET6, client, &in6) == 1) {
|
||||||
|
request_set(&request, RQ_CLIENT_ADDR, client, 0);
|
||||||
|
tcpdmatch(&request);
|
||||||
|
exit(0);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Perhaps they are testing special client hostname patterns that aren't
|
* Perhaps they are testing special client hostname patterns that aren't
|
||||||
|
@ -237,12 +262,25 @@ char **argv;
|
||||||
if ((hp = find_inet_addr(client)) == 0)
|
if ((hp = find_inet_addr(client)) == 0)
|
||||||
exit(1);
|
exit(1);
|
||||||
memset((char *) &client_sin, 0, sizeof(client_sin));
|
memset((char *) &client_sin, 0, sizeof(client_sin));
|
||||||
client_sin.sin_family = AF_INET;
|
client_sin.ss_family = hp->h_addrtype;
|
||||||
|
switch (hp->h_addrtype) {
|
||||||
|
case AF_INET:
|
||||||
|
ap = (char *)&((struct sockaddr_in *)&client_sin)->sin_addr;
|
||||||
|
alen = sizeof(struct in_addr);
|
||||||
|
break;
|
||||||
|
#ifdef INET6
|
||||||
|
case AF_INET6:
|
||||||
|
ap = (char *)&((struct sockaddr_in6 *)&client_sin)->sin6_addr;
|
||||||
|
alen = sizeof(struct in6_addr);
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
default:
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
request_set(&request, RQ_CLIENT_SIN, &client_sin, 0);
|
request_set(&request, RQ_CLIENT_SIN, &client_sin, 0);
|
||||||
|
|
||||||
for (count = 0; (addr = hp->h_addr_list[count]) != 0; count++) {
|
for (count = 0; (addr = hp->h_addr_list[count]) != 0; count++) {
|
||||||
memcpy((char *) &client_sin.sin_addr, addr,
|
memcpy(ap, addr, alen);
|
||||||
sizeof(client_sin.sin_addr));
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Force evaluation of client host name and address. Host name
|
* Force evaluation of client host name and address. Host name
|
||||||
|
|
Loading…
Reference in New Issue