blob: 9e188027fc0c4d0bd086dda40af754d06c8cc5f8 [file] [log] [blame]
Patrick Williamsc124f4f2015-09-15 14:41:29 -05001Upstream-Status: Backport
2
3See https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=17847
4
5diff -ruN tcp_wrappers_7.6.orig/hosts_access.5 tcp_wrappers_7.6/hosts_access.5
6--- tcp_wrappers_7.6.orig/hosts_access.5 2004-04-10 18:54:33.000000000 +0200
7+++ tcp_wrappers_7.6/hosts_access.5 2004-04-10 18:54:27.000000000 +0200
8@@ -89,6 +89,10 @@
9 bitwise AND of the address and the `mask\'. For example, the net/mask
10 pattern `131.155.72.0/255.255.254.0\' matches every address in the
11 range `131.155.72.0\' through `131.155.73.255\'.
12+.IP \(bu
13+Wildcards `*\' and `?\' can be used to match hostnames or IP addresses. This
14+method of matching cannot be used in conjunction with `net/mask\' matching,
15+hostname matching beginning with `.\' or IP address matching ending with `.\'.
16 .SH WILDCARDS
17 The access control language supports explicit wildcards:
18 .IP ALL
19diff -ruN tcp_wrappers_7.6.orig/hosts_access.c tcp_wrappers_7.6/hosts_access.c
20--- tcp_wrappers_7.6.orig/hosts_access.c 1997-02-12 02:13:23.000000000 +0100
21+++ tcp_wrappers_7.6/hosts_access.c 2004-04-10 18:52:21.000000000 +0200
22@@ -289,6 +289,11 @@
23 {
24 int n;
25
26+#ifndef DISABLE_WILDCARD_MATCHING
27+ if (strchr(tok, '*') || strchr(tok,'?')) { /* contains '*' or '?' */
28+ return (match_pattern_ylo(string,tok));
29+ } else
30+#endif
31 if (tok[0] == '.') { /* suffix */
32 n = strlen(string) - strlen(tok);
33 return (n > 0 && STR_EQ(tok, string + n));
34@@ -329,3 +334,71 @@
35 }
36 return ((addr & mask) == net);
37 }
38+
39+#ifndef DISABLE_WILDCARD_MATCHING
40+/* Note: this feature has been adapted in a pretty straightforward way
41+ from Tatu Ylonen's last SSH version under free license by
42+ Pekka Savola <pekkas@netcore.fi>.
43+
44+ Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
45+*/
46+
47+/* Returns true if the given string matches the pattern (which may contain
48+ ? and * as wildcards), and zero if it does not match. */
49+
50+int match_pattern_ylo(const char *s, const char *pattern)
51+{
52+ while (1)
53+ {
54+ /* If at end of pattern, accept if also at end of string. */
55+ if (!*pattern)
56+ return !*s;
57+
58+ /* Process '*'. */
59+ if (*pattern == '*')
60+ {
61+ /* Skip the asterisk. */
62+ pattern++;
63+
64+ /* If at end of pattern, accept immediately. */
65+ if (!*pattern)
66+ return 1;
67+
68+ /* If next character in pattern is known, optimize. */
69+ if (*pattern != '?' && *pattern != '*')
70+ {
71+ /* Look instances of the next character in pattern, and try
72+ to match starting from those. */
73+ for (; *s; s++)
74+ if (*s == *pattern &&
75+ match_pattern_ylo(s + 1, pattern + 1))
76+ return 1;
77+ /* Failed. */
78+ return 0;
79+ }
80+
81+ /* Move ahead one character at a time and try to match at each
82+ position. */
83+ for (; *s; s++)
84+ if (match_pattern_ylo(s, pattern))
85+ return 1;
86+ /* Failed. */
87+ return 0;
88+ }
89+
90+ /* There must be at least one more character in the string. If we are
91+ at the end, fail. */
92+ if (!*s)
93+ return 0;
94+
95+ /* Check if the next character of the string is acceptable. */
96+ if (*pattern != '?' && *pattern != *s)
97+ return 0;
98+
99+ /* Move to the next character, both in string and in pattern. */
100+ s++;
101+ pattern++;
102+ }
103+ /*NOTREACHED*/
104+}
105+#endif /* DISABLE_WILDCARD_MATCHING */