Date: Sat, 30 Mar 2002 18:26:01 -0800 (PST) From: Anatole Shaw <anatole@mindspring.com> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/36556: patch: regular expressions for tcpwrappers Message-ID: <200203310226.g2V2Q1w46100@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 36556 >Category: misc >Synopsis: patch: regular expressions for tcpwrappers >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sat Mar 30 18:30:01 PST 2002 >Closed-Date: >Last-Modified: >Originator: Anatole Shaw >Release: RELENG_4 >Organization: >Environment: >Description: This patch adds support to tcpwrappers for regex host patterns. Specifically, host patterns with a tilde ('~') at position [0] are interpreted as regular expressions starting from position [1]. >How-To-Repeat: >Fix: --- contrib/tcp_wrappers/hosts_access.c.orig Tue Jul 18 08:34:54 2000 +++ contrib/tcp_wrappers/hosts_access.c Thu Mar 14 06:45:02 2002 @@ -41,6 +41,7 @@ #include <errno.h> #include <setjmp.h> #include <string.h> +#include <regex.h> #ifdef INET6 #include <netdb.h> #endif @@ -93,6 +94,7 @@ static int host_match(); static int string_match(); static int masked_match(); +static int regex_match(); #ifdef INET6 static int masked_match4(); static int masked_match6(); @@ -336,6 +338,8 @@ if (tok[0] == '.') { /* suffix */ n = strlen(string) - strlen(tok); return (n > 0 && STR_EQ(tok, string + n)); + } else if (tok[0] == '~') { /* regex */ + return (regex_match(tok+1, string)); } else if (STR_EQ(tok, "ALL")) { /* all: match any */ return (YES); } else if (STR_EQ(tok, "KNOWN")) { /* not unknown */ @@ -378,6 +382,45 @@ #endif return (STR_EQ(tok, string)); } +} + +/* regex_match - match string against regular expression */ + +static int regex_match(exp, string) +char *exp; +char *string; +{ + regex_t preg; + int errn; + char errstr[256]; + + if ( *exp == '\0' ) { + tcpd_warn("null regular expression"); + return (NO); + } + errn = regcomp(&preg, exp, REG_EXTENDED | REG_ICASE | REG_NOSUB); + if ( errn != 0 ) { + regerror(errn, &preg, errstr, 256); + regfree(&preg); + tcpd_warn("error in regex: %s", errstr); + return (NO); + } + errn = regexec(&preg, string, 0, NULL, 0); + if ( errn == 0 ) { + regfree(&preg); + return (YES); + } else if ( errn == REG_NOMATCH ) { + regfree(&preg); + return (NO); + } else { + regerror(errn, &preg, errstr, 256); + regfree(&preg); + tcpd_warn("could not execute regex: %s", errstr); + return (NO); + } + /* unreached */ + regfree(&preg); + return (NO); } /* masked_match - match address against netnumber/netmask */ --- contrib/tcp_wrappers/hosts_access.5.orig Thu Feb 3 10:26:57 2000 +++ contrib/tcp_wrappers/hosts_access.5 Thu Mar 14 06:13:06 2002 @@ -103,6 +103,15 @@ zero or more lines with zero or more host name or address patterns separated by whitespace. A file name pattern can be used anywhere a host name or address pattern can be used. +.IP \(bu +A string that begins with a `~\' character. +The address (and hostname, if available) are matched +against the extended regular expression (see \fIre_format(7)\fR) +which follows the `~\' character. +For example, the pattern `~^nyc[0-9]+\\.example\\.com$\' matches the host name +`nyc23.example.com\' but neither `nyc.example.com\' nor `nyc42.example.com.au\'. +The comparison is not case-sensitive, and it is both impossible and useless +for spaces to appear in the expression. .SH WILDCARDS The access control language supports explicit wildcards: .IP ALL begin 600 tcpwrappers-regex-freebsd.patch.gz M'XL(`"MSICP``[56?U/;1A#]V_H46]H&&]E&_@F8DH&"T]`2TX(S:0=3YRRM M;17YI+D[Q="T?/;NW5FV[)`TZ4P]#)9N=]^^?;>WYTJE`G[,E0A'N\I/AG/! MD@2%W)W&4LDA\WV4LNI78Q%."OT4X<<T@MH^>/N=1K/3:D+=\SS'==W/02GT MIRF\8@)J3?#:G6:KX]4U0-TY/H9*LU9N@TO_]^#XV(&O0^Y':8#P'0K!X^KT M>7Y-HOICEFPN$@$^T8ON:E'@!.\7CN,`QW#>Z_;;^3".*AA9#^1!.#9L#AJ: MS4%SP48JID(?0JY`US2<,>5/BZ7#-8O-_[1MQN0=!BN;F[,9BKFP=:(?`6E^ M*D-;&W49C49;U]%H[)?W32'Z$XZAJ.*[&^\6CHY@N[I=@O>%0F%W!V0Z'H?W ML+/K0('#D:XH0EZTA96@DBU0M,Y>$*A2P:'(X3EX\.P97/>OAMU?M+V\D`-< MX"5=L,[\-V`D<9/`XXJ`D4+G-^[ZDZ7(BT2Q;BU+H,%A`SQ/8^ODXF*K9#)0 M`A9%'3`HP/B#K31+\5OW^M^P?NI=ONFMT'BL(.5W/)YS#644W]LWBN_7R\V6 M[63;5:L\'XJTJL%QZ<]Q,RELP22\_5Y(RB8LY-(T3AK1><+[1-`)"V/#POUH M<Y'?,J/C^E,*!=BAU</5FS73PGN[!S9>`668+'91P^I#N7@UD?1.D3?U5OOV M4#/(^LS`FUT>>-M`NJUVEB9%,)PSP8M;/(VB)ZK9ROHFWPB]RV4WV2]-A7J5 MPOUXEA2?::9E,+5>=7\8=G_M=WMGW3/XR[R>GYY<=Q?/O<OKU]]G:(:MP?KJ MB)IYC:H608A8%+6]#%D*4W,9J.AUHI.Q0+1$\H9<P0:-A+3R=N!;N97A?6'- M>(]^5K/=NS)X9>B]OKB@AP^+.WJJN*?YKI^+S0.\A+-*OCKIG[[\0N!<61;W M_Y3<C],H,"=62Y8J_*_:T]E,N4#F3S%8CJHG&:Q!4#@X.C@_J)<GFP6!;OKE MT:9+B:>S$8I=>M(1.E/ELV[KUN*VILOV!8X`&E#S.O5VI[7W);=U:^.VKC4Z M7GMU6]<\<T'JKYH=<W^BB(&:>A8+A"CD*&$>JNGZNDX!G,U0KV0U)TPI%%S2 M=88)$TR1KJ,'F$]#A3)A/E8!3F`<1FA#%_[@,PXCA%22/PWS^10%.L`^F20? M5'7<ZOG/,"B.4L<]R8:KFC)%'A/:!EL`@[>/@VTSYIA/&!36G^(2N,AX8%+J MC&5]--@[%D9L%&$)&-5L-A@#Q\WV5E$TWBNZ%HCX$S.\*!%A,#X7.!S'@L*+ M>Z7!^(I&-DE"O3*.HRB>2X/S`;47L<9BLR0B,MHC*_SMX^_\P;_Q*@>W[F!0 M7?C0$TW-;PC$TK2H2P4=]RT%U1N9NW8FWU&J.Y3$00':8</,8[O<K.<-598. MMA?BZ4G-1"BIVE":0^DSB16)7(8J?$?4M:JATM913)L0SI*8U"%1C86V+R*U M')<$`M,C1#P&W<C,S%6K<29IU8'J]4MX<WYQ=GIR=7;M@-E!T^GV+,011(Q/ G4C9!^A64)+%04@-$H4\LYF$4^$P$LD-`U#+TD\+Y!QOX22T["P`` >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200203310226.g2V2Q1w46100>