rpms/tcp_wrappers
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

auto-import changelog data from tcp_wrappers-7.6-18.src.rpm

Browse Source 
Mon Feb 05 2001 Preston Brown <pbrown@redhat.com>
- fix gethostbyname to work better with dot "." notation (#16949)
Sat Dec 30 2000 Jeff Johnson <jbj@redhat.com>
- permit hosts.{allow,deny} to be assembled from included components
    (#17795).
- permit '*' and '?' wildcard matches on hostnames (#17847).
This commit is contained in:
cvsdist 2004-09-09 13:06:45 +00:00
parent 2ce06a00d0
commit 9200525651
4 changed files with 198 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
tcp_wrappers-7.6-bug17795.patch Normal file
View File

@ -0,0 +1,54 @@
--- tcp_wrappers_7.6/hosts_access.c Wed Feb 12 03:13:23 1997
+++ tcp_wrappers/hosts_access.c Wed Jul 19 08:37:02 2000
@@ -240,6 +255,26 @@
}
}
+/* hostfile_match - look up host patterns from file */
+
+static int hostfile_match(path, host)
+char *path;
+struct hosts_info *host;
+{
+ char tok[BUFSIZ];
+ int match = NO;
+ FILE *fp;
+
+ if ((fp = fopen(path, "r")) != 0) {
+ while (fscanf(fp, "%s", tok) == 1 && !(match = host_match(tok, host)))
+ /* void */ ;
+ fclose(fp);
+ } else if (errno != ENOENT) {
+ tcpd_warn("open %s: %m", path);
+ }
+ return (match);
+}
+
/* host_match - match host name and/or address against pattern */
static int host_match(tok, host)
@@ -267,6 +302,8 @@
tcpd_warn("netgroup support is disabled"); /* not tcpd_jump() */
return (NO);
#endif
+ } else if (tok[0] == '/') { /* /file hack */
+ return (hostfile_match(tok, host));
} else if (STR_EQ(tok, "KNOWN")) { /* check address and name */
char *name = eval_hostname(host);
return (STR_NE(eval_hostaddr(host), unknown) && HOSTNAME_KNOWN(name));
--- tcp_wrappers_7.6/hosts_access.5 Mon Jan 30 20:51:47 1995
+++ tcp_wrappers.new/hosts_access.5 Wed Sep 20 22:24:29 2000
@@ -89,6 +89,13 @@
bitwise AND of the address and the `mask\'. For example, the net/mask
pattern `131.155.72.0/255.255.254.0\' matches every address in the
range `131.155.72.0\' through `131.155.73.255\'.
+.IP \(bu
+A string that begins with a `/\' character is treated as a file
+name. A host name or address is matched if it matches any host name
+or address pattern listed in the named file. The file format is
+zero or more lines with zero or more host name or address patterns
+separated by whitespace. A file name pattern can be used anywhere
+a host name or address pattern can be used.
.SH WILDCARDS
The access control language supports explicit wildcards:
.IP ALL

101
tcp_wrappers-7.6-bug17847.patch Normal file
View File

@ -0,0 +1,101 @@
diff -uNr tcp_wrappers_7.6/hosts_access.5 tcp_wrappers_7.6.new/hosts_access.5
--- tcp_wrappers_7.6/hosts_access.5 Fri Sep 22 21:29:24 2000
+++ tcp_wrappers_7.6.new/hosts_access.5 Fri Sep 22 21:28:44 2000
@@ -96,6 +96,10 @@
zero or more lines with zero or more host name or address patterns
separated by whitespace. A file name pattern can be used anywhere
a host name or address pattern can be used.
+.IP \(bu
+Wildcards `*\' and `?\' can be used to match hostnames or IP addresses. This
+method of matching cannot be used in conjunction with `net/mask\' matching,
+hostname matching beginning with `.\' or IP address matching ending with `.\'.
.SH WILDCARDS
The access control language supports explicit wildcards:
.IP ALL
diff -uNr tcp_wrappers_7.6/hosts_access.c tcp_wrappers_7.6.new/hosts_access.c
--- tcp_wrappers_7.6/hosts_access.c Fri Sep 22 21:29:24 2000
+++ tcp_wrappers_7.6.new/hosts_access.c Fri Sep 22 21:18:09 2000
@@ -311,6 +311,11 @@
{
int n;
+#ifndef DISABLE_WILDCARD_MATCHING
+ if (strchr(tok, '*') || strchr(tok,'?')) { /* contains '*' or '?' */
+ return (match_pattern_ylo(string,tok));
+ } else
+#endif
if (tok[0] == '.') { /* suffix */
n = strlen(string) - strlen(tok);
return (n > 0 && STR_EQ(tok, string + n));
@@ -351,3 +356,71 @@
}
return ((addr & mask) == net);
}
+
+#ifndef DISABLE_WILDCARD_MATCHING
+/* Note: this feature has been adapted in a pretty straightforward way
+ from Tatu Ylonen's last SSH version under free license by
+ Pekka Savola <pekkas@netcore.fi>.
+
+ Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+*/
+
+/* Returns true if the given string matches the pattern (which may contain
+ ? and * as wildcards), and zero if it does not match. */
+
+int match_pattern_ylo(const char *s, const char *pattern)
+{
+ while (1)
+ {
+ /* If at end of pattern, accept if also at end of string. */
+ if (!*pattern)
+ return !*s;
+
+ /* Process '*'. */
+ if (*pattern == '*')
+ {
+ /* Skip the asterisk. */
+ pattern++;
+
+ /* If at end of pattern, accept immediately. */
+ if (!*pattern)
+ return 1;
+
+ /* If next character in pattern is known, optimize. */
+ if (*pattern != '?' && *pattern != '*')
+ {
+ /* Look instances of the next character in pattern, and try
+ to match starting from those. */
+ for (; *s; s++)
+ if (*s == *pattern &&
+ match_pattern_ylo(s + 1, pattern + 1))
+ return 1;
+ /* Failed. */
+ return 0;
+ }
+
+ /* Move ahead one character at a time and try to match at each
+ position. */
+ for (; *s; s++)
+ if (match_pattern_ylo(s, pattern))
+ return 1;
+ /* Failed. */
+ return 0;
+ }
+
+ /* There must be at least one more character in the string. If we are
+ at the end, fail. */
+ if (!*s)
+ return 0;
+
+ /* Check if the next character of the string is acceptable. */
+ if (*pattern != '?' && *pattern != *s)
+ return 0;
+
+ /* Move to the next character, both in string and in pattern. */
+ s++;
+ pattern++;
+ }
+ /*NOTREACHED*/
+}
+#endif /* DISABLE_WILDCARD_MATCHING */

27
tcp_wrappers-7.6-fixgethostbyname.patch Normal file
View File

@ -0,0 +1,27 @@
--- tcp_wrappers_7.6/socket.c.fixgethostbyname Fri Mar 21 13:27:25 1997
+++ tcp_wrappers_7.6/socket.c Mon Feb 5 14:09:40 2001
@@ -52,7 +52,8 @@
char *name;
{
char dot_name[MAXHOSTNAMELEN + 1];
-
+ struct hostent *hp;
+
/*
* Don't append dots to unqualified names. Such names are likely to come
* from local hosts files or from NIS.
@@ -61,8 +62,12 @@
if (strchr(name, '.') == 0 || strlen(name) >= MAXHOSTNAMELEN - 1) {
return (gethostbyname(name));
} else {
- sprintf(dot_name, "%s.", name);
- return (gethostbyname(dot_name));
+ sprintf(dot_name, "%s.", name);
+ hp = gethostbyname(dot_name);
+ if (hp)
+ return hp;
+ else
+ return (gethostbyname(name));
}
}

23
tcp_wrappers.spec
View File

@ -1,14 +1,17 @@
Summary: A security tool which acts as a wrapper for TCP daemons.
Name: tcp_wrappers
Version: 7.6
Release: 16
Release: 18
Copyright: Distributable
Group: System Environment/Daemons
Source: ftp://coast.cs.purdue.edu/pub/tools/unix/tcp_wrappers/tcp_wrappers_7.6.tar.gz
Patch: tcpw7.2-config.patch
Patch0: tcpw7.2-config.patch
Patch1: tcpw7.2-setenv.patch
Patch2: tcpw7.6-netgroup.patch
Patch3: tcp_wrappers-7.6-bug11881.patch
Patch4: tcp_wrappers-7.6-bug17795.patch
Patch5: tcp_wrappers-7.6-bug17847.patch
Patch6: tcp_wrappers-7.6-fixgethostbyname.patch
BuildRoot: %{_tmppath}/%{name}-root
%description
@ -25,13 +28,12 @@ filtering incoming network services requests.
%patch1 -p1 -b .setenv
%patch2 -p1 -b .netgroup
%patch3 -p1 -b .bug11881
%patch4 -p1 -b .bug17795
%patch5 -p1 -b .bug17847
%patch6 -p1 -b .fixgethostbyname
%build
%ifarch ia64 sparc sparc64 sparcv9
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC"
export RPM_OPT_FLAGS
%endif
make linux
make RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC" linux
%install
rm -rf ${RPM_BUILD_ROOT}
@ -69,6 +71,13 @@ rm -rf ${RPM_BUILD_ROOT}
%{_sbindir}/*
%changelog
* Mon Feb 5 2001 Preston Brown <pbrown@redhat.com>
- fix gethostbyname to work better with dot "." notation (#16949)
* Sat Dec 30 2000 Jeff Johnson <jbj@redhat.com>
- permit hosts.{allow,deny} to be assembled from included components (#17795).
- permit '*' and '?' wildcard matches on hostnames (#17847).
* Sun Nov 19 2000 Bill Nottingham <notting@redhat.com>
- ia64 needs -fPIC too