Группа :: Система/Серверы
Пакет: tcp_wrappers
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: tcp_wrappers_7.6-steveg-owl-match.patch
Скачать
Скачать
diff -ur tcp_wrappers_7.6.orig/hosts_access.c tcp_wrappers_7.6/hosts_access.c
--- tcp_wrappers_7.6.orig/hosts_access.c Wed Feb 12 04:13:23 1997
+++ tcp_wrappers_7.6/hosts_access.c Thu Dec 19 21:54:16 2002
@@ -57,6 +57,7 @@
#define YES 1
#define NO 0
+#define ERROR -1
/*
* These variables are globally visible so that they can be redirected in
@@ -92,7 +93,7 @@
int hosts_access(request)
struct request_info *request;
{
- int verdict;
+ int verdict, m1=NO, m2=NO;
/*
* If the (daemon, client) pair is matched by an entry in the file
@@ -108,17 +109,23 @@
* hosts_access() routine, bypassing the regular return from the
* table_match() function calls below.
*/
-
+ if (request->server == NULL)
+ tcpd_warn("Server is NULL");
+ if (request->client == NULL)
+ tcpd_warn("Client is NULL");
if (resident <= 0)
resident++;
verdict = setjmp(tcpd_buf);
if (verdict != 0)
return (verdict == AC_PERMIT);
- if (table_match(hosts_allow_table, request))
- return (YES);
- if (table_match(hosts_deny_table, request))
- return (NO);
- return (YES);
+ if ((m1 = table_match(hosts_allow_table, request)) == YES)
+ return YES;
+ if ((m2 = table_match(hosts_deny_table, request)) == YES)
+ return NO;
+ if ((m1 == ERROR) || (m2 == ERROR))
+ return NO;
+ else
+ return YES;
}
/* table_match - match table entries with (daemon, client) pair */
@@ -145,6 +152,7 @@
tcpd_context.file = table;
tcpd_context.line = 0;
while (match == NO && xgets(sv_list, sizeof(sv_list), fp) != 0) {
+ int m1, m2;
if (sv_list[strlen(sv_list) - 1] != '\n') {
tcpd_warn("missing newline or line too long");
continue;
@@ -156,17 +164,27 @@
continue;
}
sh_cmd = split_at(cl_list, ':');
- match = list_match(sv_list, request, server_match)
- && list_match(cl_list, request, client_match);
+ m1 = list_match(sv_list, request, server_match);
+ m2 = list_match(cl_list, request, client_match);
+ if ((m1 == ERROR) || (m2 == ERROR))
+ match = ERROR;
+ else
+ match = m1 && m2;
}
(void) fclose(fp);
} else if (errno != ENOENT) {
tcpd_warn("cannot open %s: %m", table);
+ match = ERROR;
}
- if (match) {
+ if (match == YES) {
+#if 0
+ if (hosts_access_verbose > 2)
+ tcpd_warn("matched: %s line %d",
+ tcpd_context.file, tcpd_context.line);
+#endif
if (hosts_access_verbose > 1)
- syslog(LOG_DEBUG, "matched: %s line %d",
- tcpd_context.file, tcpd_context.line);
+ syslog(LOG_DEBUG, "matched: %s line %d",
+ tcpd_context.file, tcpd_context.line);
if (sh_cmd) {
#ifdef PROCESS_OPTIONS
process_options(sh_cmd, request);
@@ -198,14 +216,25 @@
for (tok = strtok(list, sep); tok != 0; tok = strtok((char *) 0, sep)) {
if (STR_EQ(tok, "EXCEPT")) /* EXCEPT: give up */
- return (NO);
- if (match_fn(tok, request)) { /* YES: look for exceptions */
+ return NO;
+ if (match_fn(tok, request) == YES) { /* YES: look for exceptions */
while ((tok = strtok((char *) 0, sep)) && STR_NE(tok, "EXCEPT"))
/* VOID */ ;
- return (tok == 0 || list_match((char *) 0, request, match_fn) == 0);
+ if (tok == 0)
+ return YES;
+ else
+ {
+ int m1 = list_match((char *) 0, request, match_fn);
+ if (m1 == NO)
+ return YES;
+ else if (m1 == ERROR)
+ return ERROR;
+ else
+ return NO;
+ }
}
}
- return (NO);
+ return NO;
}
/* server_match - match server information */
@@ -217,10 +246,17 @@
char *host;
if ((host = split_at(tok + 1, '@')) == 0) { /* plain daemon */
- return (string_match(tok, eval_daemon(request)));
+ return string_match(tok, eval_daemon(request));
} else { /* daemon@host */
- return (string_match(tok, eval_daemon(request))
- && host_match(host, request->server));
+ int m1, m2;
+
+ m1 = host_match(host, request->server);
+ m2 = string_match(tok, eval_daemon(request));
+
+ if ( m1 == ERROR )
+ return m1;
+
+ return ( m1 && m2 );
}
}
@@ -232,11 +268,20 @@
{
char *host;
+ if (request->client == NULL)
+ tcpd_warn("client is NULL");
if ((host = split_at(tok + 1, '@')) == 0) { /* plain host */
- return (host_match(tok, request->client));
+ return host_match(tok, request->client);
} else { /* user@host */
- return (host_match(host, request->client)
- && string_match(tok, eval_user(request)));
+ int m1, m2;
+
+ m1 = host_match(host, request->client);
+ m2 = string_match(tok, eval_user(request));
+
+ if (m1 == ERROR)
+ return m1;
+
+ return ( m1 && m2 );
}
}
@@ -265,7 +310,7 @@
return (innetgr(tok + 1, eval_hostname(host), (char *) 0, mydomain));
#else
tcpd_warn("netgroup support is disabled"); /* not tcpd_jump() */
- return (NO);
+ return ERROR;
#endif
} else if (STR_EQ(tok, "KNOWN")) { /* check address and name */
char *name = eval_hostname(host);