Date: Sat, 16 Mar 2002 17:26:24 +0000 From: Mark Murray <mark@grondar.za> To: Anatole Shaw <Anatole@mindspring.com> Cc: freebsd-audit@FreeBSD.ORG Subject: Re: regex for tcpwrappers Message-ID: <200203161726.g2GHQO0n011948@grimreaper.grondar.org> In-Reply-To: <20020316101232.C65694@ouch.Oof.NET> ; from Anatole Shaw <Anatole@mindspring.com> "Sat, 16 Mar 2002 10:12:32 GMT." References: <20020316101232.C65694@ouch.Oof.NET>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi This looks good; but please submit it to the TCP_wrapper author. You'll find him at www.porcupine.org (Wietse Venema). Thanks! M > > --qDbXVdCdHGoSgWSk > Content-Type: text/plain; charset=us-ascii > Content-Disposition: inline > > This is my patch that adds extended regular expressions to tcpwrappers. > I wrote it so that I could permit selected cities from DialSprint.net, > which lumps the city, state and other information all into the third > level of DNS. For example, with this patch, the tcpwrappers token > ~^sdn-ar-...cthart....\.dialsprint\.net$ > will only match the DialSprint pool in Hartford, Connecticut. Pretty > useful I think. Any committers care to review? > --Anatole Shaw > > --qDbXVdCdHGoSgWSk > Content-Type: text/plain; charset=us-ascii > Content-Disposition: attachment; filename="tcpwrappers-regex.patch" > > --- contrib/tcp_wrappers/hosts_access.c.orig Tue Jul 18 08:34:54 2000 > +++ contrib/tcp_wrappers/hosts_access.c Thu Mar 14 06:45:02 2002 > @@ -41,6 +41,7 @@ > #include <errno.h> > #include <setjmp.h> > #include <string.h> > +#include <regex.h> > #ifdef INET6 > #include <netdb.h> > #endif > @@ -93,6 +94,7 @@ > static int host_match(); > static int string_match(); > static int masked_match(); > +static int regex_match(); > #ifdef INET6 > static int masked_match4(); > static int masked_match6(); > @@ -336,6 +338,8 @@ > if (tok[0] == '.') { /* suffix */ > n = strlen(string) - strlen(tok); > return (n > 0 && STR_EQ(tok, string + n)); > + } else if (tok[0] == '~') { /* regex */ > + return (regex_match(tok+1, string)); > } else if (STR_EQ(tok, "ALL")) { /* all: match any */ > return (YES); > } else if (STR_EQ(tok, "KNOWN")) { /* not unknown */ > @@ -378,6 +382,45 @@ > #endif > return (STR_EQ(tok, string)); > } > +} > + > +/* regex_match - match string against regular expression */ > + > +static int regex_match(exp, string) > +char *exp; > +char *string; > +{ > + regex_t preg; > + int errn; > + char errstr[256]; > + > + if ( *exp == '\0' ) { > + tcpd_warn("null regular expression"); > + return (NO); > + } > + errn = regcomp(&preg, exp, REG_EXTENDED | REG_ICASE | REG_NOSUB); > + if ( errn != 0 ) { > + regerror(errn, &preg, errstr, 256); > + regfree(&preg); > + tcpd_warn("error in regex: %s", errstr); > + return (NO); > + } > + errn = regexec(&preg, string, 0, NULL, 0); > + if ( errn == 0 ) { > + regfree(&preg); > + return (YES); > + } else if ( errn == REG_NOMATCH ) { > + regfree(&preg); > + return (NO); > + } else { > + regerror(errn, &preg, errstr, 256); > + regfree(&preg); > + tcpd_warn("could not execute regex: %s", errstr); > + return (NO); > + } > + /* unreached */ > + regfree(&preg); > + return (NO); > } > > /* masked_match - match address against netnumber/netmask */ > --- contrib/tcp_wrappers/hosts_access.5.orig Thu Feb 3 10:26:57 2000 > +++ contrib/tcp_wrappers/hosts_access.5 Thu Mar 14 06:13:06 2002 > @@ -103,6 +103,15 @@ > zero or more lines with zero or more host name or address patterns > separated by whitespace. A file name pattern can be used anywhere > a host name or address pattern can be used. > +.IP \(bu > +A string that begins with a `~\' character. > +The address (and hostname, if available) are matched > +against the extended regular expression (see \fIre_format(7)\fR) > +which follows the `~\' character. > +For example, the pattern `~^nyc[0-9]+\\.example\\.com$\' matches the host name > +`nyc23.example.com\' but neither `nyc.example.com\' nor `nyc42.example.com.au\'. > +The comparison is not case-sensitive, and it is both impossible and useless > +for spaces to appear in the expression. > .SH WILDCARDS > The access control language supports explicit wildcards: > .IP ALL > > --qDbXVdCdHGoSgWSk-- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-audit" in the body of the message -- o Mark Murray \_ O.\_ Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200203161726.g2GHQO0n011948>