From 8a8f83a256cee4a8f9a39a9fdcd147d1ac9c6c91 Mon Sep 17 00:00:00 2001 From: Vasilis Tsiligiannis Date: Sun, 15 May 2011 09:37:17 +0000 Subject: [PATCH] tcp_wrappers: upstream patch for supporting n.n.n.n/len notation Actually, it needs to return the prefix in network byte order... htonl() and ntohl() tend to be identical. Signed-off-by: Philip Prindeville SVN-Revision: 26898 --- .../patches/004-ipv4_prefix.patch | 72 +++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 libs/tcp_wrappers/patches/004-ipv4_prefix.patch diff --git a/libs/tcp_wrappers/patches/004-ipv4_prefix.patch b/libs/tcp_wrappers/patches/004-ipv4_prefix.patch new file mode 100644 index 000000000..c8641eb42 --- /dev/null +++ b/libs/tcp_wrappers/patches/004-ipv4_prefix.patch @@ -0,0 +1,72 @@ +--- tcp_wrappers_7.6/hosts_access.5.orig 2011-05-05 22:34:39.000000000 -0600 ++++ tcp_wrappers_7.6/hosts_access.5 2011-05-05 22:39:43.000000000 -0600 +@@ -90,6 +90,9 @@ bitwise AND of the address and the `mask + pattern `131.155.72.0/255.255.254.0' matches every address in the + range `131.155.72.0' through `131.155.73.255'. + .IP \(bu ++An expression of the form `n.n.n.n/m\' is interpreted as a ++`net/prefixlen\' pair, as below, for IPv4 addresses. ++.IP \(bu + A string that begins with a `/' character is treated as a file + name. A host name or address is matched if it matches any host name + or address pattern listed in the named file. The file format is +--- tcp_wrappers_7.6/tcpd.h.orig 2011-05-05 22:34:39.000000000 -0600 ++++ tcp_wrappers_7.6/tcpd.h 2011-05-05 22:40:14.000000000 -0600 +@@ -93,6 +93,7 @@ extern void refuse __P((struct request_i + extern char *xgets __P((char *, int, FILE *)); /* fgets() on steroids */ + extern char *split_at __P((char *, int)); /* strchr() and split */ + extern unsigned long dot_quad_addr __P((char *)); /* restricted inet_addr() */ ++extern unsigned long prefix_to_netmask __P((char *)); /* 0-32 prefix length */ + + /* Global variables. */ + +--- tcp_wrappers_7.6/misc.c.orig 1996-02-11 09:01:30.000000000 -0700 ++++ tcp_wrappers_7.6/misc.c 2011-05-05 22:41:49.000000000 -0600 +@@ -14,6 +14,8 @@ static char sccsic[] = "@(#) misc.c 1.2 + #include + #include + #include ++#include ++#include + + #include "tcpd.h" + +@@ -85,3 +87,22 @@ char *str; + } + return (runs == 4 ? inet_addr(str) : INADDR_NONE); + } ++ ++/* prefix_to_netmask - convert prefix (0-32) to netmask */ ++ ++unsigned long prefix_to_netmask(str) ++char *str; ++{ ++ unsigned long prefix; ++ char *endptr; ++ ++ if (!isdigit(str[0])) ++ return INADDR_NONE; ++ ++ prefix = strtoul(str, &endptr, 10); ++ if ((endptr == str) || (*endptr != '\0') || (prefix > 32)) ++ return INADDR_NONE; ++ ++ return htonl(~0UL << (32 - prefix)); ++} ++ +--- tcp_wrappers_7.6/hosts_access.c.orig 2011-05-05 22:34:39.000000000 -0600 ++++ tcp_wrappers_7.6/hosts_access.c 2011-05-05 22:45:09.000000000 -0600 +@@ -345,7 +345,12 @@ char *string; + if ((addr = dot_quad_addr(string)) == INADDR_NONE) + return (NO); + if ((net = dot_quad_addr(net_tok)) == INADDR_NONE +- || (mask = dot_quad_addr(mask_tok)) == INADDR_NONE) { ++ || ((mask = dot_quad_addr(mask_tok)) == INADDR_NONE ++ && strcmp(mask_tok, "255.255.255.255") ++ && (mask = prefix_to_netmask(mask_tok)) == INADDR_NONE ++ && strcmp(mask_tok, "32"))) { ++ /* 255.255.255.255 == INADDR_NONE, separate check needed. TJ. */ ++ /* 32 == INADDR_NONE, separate check needed. philipp */ + tcpd_warn("bad net/mask expression: %s/%s", net_tok, mask_tok); + return (NO); /* not tcpd_jump() */ + } -- 2.30.2