Date: Sat, 30 Mar 2002 18:26:01 -0800 (PST) From: Anatole Shaw <anatole@mindspring.com> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/36556: patch: regular expressions for tcpwrappers Message-ID: <200203310226.g2V2Q1w46100@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 36556
>Category: misc
>Synopsis: patch: regular expressions for tcpwrappers
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sat Mar 30 18:30:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: Anatole Shaw
>Release: RELENG_4
>Organization:
>Environment:
>Description:
This patch adds support to tcpwrappers for regex host patterns. Specifically, host patterns with a tilde ('~') at position [0] are interpreted as regular expressions starting from position [1].
>How-To-Repeat:
>Fix:
--- contrib/tcp_wrappers/hosts_access.c.orig Tue Jul 18 08:34:54 2000
+++ contrib/tcp_wrappers/hosts_access.c Thu Mar 14 06:45:02 2002
@@ -41,6 +41,7 @@
#include <errno.h>
#include <setjmp.h>
#include <string.h>
+#include <regex.h>
#ifdef INET6
#include <netdb.h>
#endif
@@ -93,6 +94,7 @@
static int host_match();
static int string_match();
static int masked_match();
+static int regex_match();
#ifdef INET6
static int masked_match4();
static int masked_match6();
@@ -336,6 +338,8 @@
if (tok[0] == '.') { /* suffix */
n = strlen(string) - strlen(tok);
return (n > 0 && STR_EQ(tok, string + n));
+ } else if (tok[0] == '~') { /* regex */
+ return (regex_match(tok+1, string));
} else if (STR_EQ(tok, "ALL")) { /* all: match any */
return (YES);
} else if (STR_EQ(tok, "KNOWN")) { /* not unknown */
@@ -378,6 +382,45 @@
#endif
return (STR_EQ(tok, string));
}
+}
+
+/* regex_match - match string against regular expression */
+
+static int regex_match(exp, string)
+char *exp;
+char *string;
+{
+ regex_t preg;
+ int errn;
+ char errstr[256];
+
+ if ( *exp == '\0' ) {
+ tcpd_warn("null regular expression");
+ return (NO);
+ }
+ errn = regcomp(&preg, exp, REG_EXTENDED | REG_ICASE | REG_NOSUB);
+ if ( errn != 0 ) {
+ regerror(errn, &preg, errstr, 256);
+ regfree(&preg);
+ tcpd_warn("error in regex: %s", errstr);
+ return (NO);
+ }
+ errn = regexec(&preg, string, 0, NULL, 0);
+ if ( errn == 0 ) {
+ regfree(&preg);
+ return (YES);
+ } else if ( errn == REG_NOMATCH ) {
+ regfree(&preg);
+ return (NO);
+ } else {
+ regerror(errn, &preg, errstr, 256);
+ regfree(&preg);
+ tcpd_warn("could not execute regex: %s", errstr);
+ return (NO);
+ }
+ /* unreached */
+ regfree(&preg);
+ return (NO);
}
/* masked_match - match address against netnumber/netmask */
--- contrib/tcp_wrappers/hosts_access.5.orig Thu Feb 3 10:26:57 2000
+++ contrib/tcp_wrappers/hosts_access.5 Thu Mar 14 06:13:06 2002
@@ -103,6 +103,15 @@
zero or more lines with zero or more host name or address patterns
separated by whitespace. A file name pattern can be used anywhere
a host name or address pattern can be used.
+.IP \(bu
+A string that begins with a `~\' character.
+The address (and hostname, if available) are matched
+against the extended regular expression (see \fIre_format(7)\fR)
+which follows the `~\' character.
+For example, the pattern `~^nyc[0-9]+\\.example\\.com$\' matches the host name
+`nyc23.example.com\' but neither `nyc.example.com\' nor `nyc42.example.com.au\'.
+The comparison is not case-sensitive, and it is both impossible and useless
+for spaces to appear in the expression.
.SH WILDCARDS
The access control language supports explicit wildcards:
.IP ALL
begin 600 tcpwrappers-regex-freebsd.patch.gz
M'XL(`"MSICP``[56?U/;1A#]V_H46]H&&]E&_@F8DH&"T]`2TX(S:0=3YRRM
M;17YI+D[Q="T?/;NW5FV[)`TZ4P]#)9N=]^^?;>WYTJE`G[,E0A'N\I/AG/!
MD@2%W)W&4LDA\WV4LNI78Q%."OT4X<<T@MH^>/N=1K/3:D+=\SS'==W/02GT
MIRF\8@)J3?#:G6:KX]4U0-TY/H9*LU9N@TO_]^#XV(&O0^Y':8#P'0K!X^KT
M>7Y-HOICEFPN$@$^T8ON:E'@!.\7CN,`QW#>Z_;;^3".*AA9#^1!.#9L#AJ:
MS4%SP48JID(?0JY`US2<,>5/BZ7#-8O-_[1MQN0=!BN;F[,9BKFP=:(?`6E^
M*D-;&W49C49;U]%H[)?W32'Z$XZAJ.*[&^\6CHY@N[I=@O>%0F%W!V0Z'H?W
ML+/K0('#D:XH0EZTA96@DBU0M,Y>$*A2P:'(X3EX\.P97/>OAMU?M+V\D`-<
MX"5=L,[\-V`D<9/`XXJ`D4+G-^[ZDZ7(BT2Q;BU+H,%A`SQ/8^ODXF*K9#)0
M`A9%'3`HP/B#K31+\5OW^M^P?NI=ONFMT'BL(.5W/)YS#644W]LWBN_7R\V6
M[63;5:L\'XJTJL%QZ<]Q,RELP22\_5Y(RB8LY-(T3AK1><+[1-`)"V/#POUH
M<Y'?,J/C^E,*!=BAU</5FS73PGN[!S9>`668+'91P^I#N7@UD?1.D3?U5OOV
M4#/(^LS`FUT>>-M`NJUVEB9%,)PSP8M;/(VB)ZK9ROHFWPB]RV4WV2]-A7J5
MPOUXEA2?::9E,+5>=7\8=G_M=WMGW3/XR[R>GYY<=Q?/O<OKU]]G:(:MP?KJ
MB)IYC:H608A8%+6]#%D*4W,9J.AUHI.Q0+1$\H9<P0:-A+3R=N!;N97A?6'-
M>(]^5K/=NS)X9>B]OKB@AP^+.WJJN*?YKI^+S0.\A+-*OCKIG[[\0N!<61;W
M_Y3<C],H,"=62Y8J_*_:T]E,N4#F3S%8CJHG&:Q!4#@X.C@_J)<GFP6!;OKE
MT:9+B:>S$8I=>M(1.E/ELV[KUN*VILOV!8X`&E#S.O5VI[7W);=U:^.VKC4Z
M7GMU6]<\<T'JKYH=<W^BB(&:>A8+A"CD*&$>JNGZNDX!G,U0KV0U)TPI%%S2
M=88)$TR1KJ,'F$]#A3)A/E8!3F`<1FA#%_[@,PXCA%22/PWS^10%.L`^F20?
M5'7<ZOG/,"B.4L<]R8:KFC)%'A/:!EL`@[>/@VTSYIA/&!36G^(2N,AX8%+J
MC&5]--@[%D9L%&$)&-5L-A@#Q\WV5E$TWBNZ%HCX$S.\*!%A,#X7.!S'@L*+
M>Z7!^(I&-DE"O3*.HRB>2X/S`;47L<9BLR0B,MHC*_SMX^_\P;_Q*@>W[F!0
M7?C0$TW-;PC$TK2H2P4=]RT%U1N9NW8FWU&J.Y3$00':8</,8[O<K.<-598.
MMA?BZ4G-1"BIVE":0^DSB16)7(8J?$?4M:JATM913)L0SI*8U"%1C86V+R*U
M')<$`M,C1#P&W<C,S%6K<29IU8'J]4MX<WYQ=GIR=7;M@-E!T^GV+,011(Q/
G4C9!^A64)+%04@-$H4\LYF$4^$P$LD-`U#+TD\+Y!QOX22T["P``
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200203310226.g2V2Q1w46100>