diff -up tcp_wrappers_7.6/hosts_access.5.patch5 tcp_wrappers_7.6/hosts_access.5 --- tcp_wrappers_7.6/hosts_access.5.patch5 1995-01-30 19:51:47.000000000 +0100 +++ tcp_wrappers_7.6/hosts_access.5 2008-08-29 09:45:12.000000000 +0200 @@ -89,6 +89,13 @@ An expression of the form `n.n.n.n/m.m.m bitwise AND of the address and the `mask\'. For example, the net/mask pattern `131.155.72.0/255.255.254.0\' matches every address in the range `131.155.72.0\' through `131.155.73.255\'. +.IP \(bu +A string that begins with a `/\' character is treated as a file +name. A host name or address is matched if it matches any host name +or address pattern listed in the named file. The file format is +zero or more lines with zero or more host name or address patterns +separated by whitespace. A file name pattern can be used anywhere +a host name or address pattern can be used. .SH WILDCARDS The access control language supports explicit wildcards: .IP ALL diff -up tcp_wrappers_7.6/hosts_access.c.patch5 tcp_wrappers_7.6/hosts_access.c --- tcp_wrappers_7.6/hosts_access.c.patch5 1997-02-12 02:13:23.000000000 +0100 +++ tcp_wrappers_7.6/hosts_access.c 2008-08-29 09:45:12.000000000 +0200 @@ -240,6 +240,26 @@ struct request_info *request; } } +/* hostfile_match - look up host patterns from file */ + +static int hostfile_match(path, host) +char *path; +struct hosts_info *host; +{ + char tok[BUFSIZ]; + int match = NO; + FILE *fp; + + if ((fp = fopen(path, "r")) != 0) { + while (fscanf(fp, "%s", tok) == 1 && !(match = host_match(tok, host))) + /* void */ ; + fclose(fp); + } else if (errno != ENOENT) { + tcpd_warn("open %s: %m", path); + } + return (match); +} + /* host_match - match host name and/or address against pattern */ static int host_match(tok, host) @@ -267,6 +287,8 @@ struct host_info *host; tcpd_warn("netgroup support is disabled"); /* not tcpd_jump() */ return (NO); #endif + } else if (tok[0] == '/') { /* /file hack */ + return (hostfile_match(tok, host)); } else if (STR_EQ(tok, "KNOWN")) { /* check address and name */ char *name = eval_hostname(host); return (STR_NE(eval_hostaddr(host), unknown) && HOSTNAME_KNOWN(name));