1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
See https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=17847
(Though the original code needs to be patched to be case-insensitive.)
--- a/hosts_access.5
+++ b/hosts_access.5
@@ -89,6 +89,10 @@ An expression of the form `n.n.n.n/m.m.m
bitwise AND of the address and the `mask\'. For example, the net/mask
pattern `131.155.72.0/255.255.254.0\' matches every address in the
range `131.155.72.0\' through `131.155.73.255\'.
+.IP \(bu
+Wildcards `*\' and `?\' can be used to match hostnames or IP addresses. This
+method of matching cannot be used in conjunction with `net/mask\' matching,
+hostname matching beginning with `.\' or IP address matching ending with `.\'.
.SH WILDCARDS
The access control language supports explicit wildcards:
.IP ALL
--- a/hosts_access.c
+++ b/hosts_access.c
@@ -82,6 +82,7 @@ static int client_match();
static int host_match();
static int string_match();
static int masked_match();
+static int match_pattern_ylo();
/* Size of logical line buffer. */
@@ -289,6 +290,11 @@ char *string;
{
int n;
+#ifndef DISABLE_WILDCARD_MATCHING
+ if (strchr(tok, '*') || strchr(tok,'?')) { /* contains '*' or '?' */
+ return (match_pattern_ylo(string,tok));
+ } else
+#endif
if (tok[0] == '.') { /* suffix */
n = strlen(string) - strlen(tok);
return (n > 0 && STR_EQ(tok, string + n));
@@ -329,3 +335,78 @@ char *string;
}
return ((addr & mask) == net);
}
+
+#ifndef DISABLE_WILDCARD_MATCHING
+/* Note: this feature has been adapted in a pretty straightforward way
+ from Tatu Ylonen's last SSH version under free license by
+ Pekka Savola <pekkas@netcore.fi>.
+
+ Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+*/
+
+/* Returns true if the given string matches the pattern (which may contain
+ ? and * as wildcards), and zero if it does not match. */
+
+static int match_pattern_ylo(const char *s, const char *pattern)
+{
+ char src;
+ char pat;
+ while (1)
+ {
+ /* If at end of pattern, accept if also at end of string. */
+ if (!*pattern)
+ return !*s;
+
+ /* Process '*'. */
+ if (*pattern == '*')
+ {
+ /* Skip the asterisk. */
+ pattern++;
+
+ /* If at end of pattern, accept immediately. */
+ if (!*pattern)
+ return 1;
+
+ /* If next character in pattern is known, optimize. */
+ if (*pattern != '?' && *pattern != '*')
+ {
+ /* Look instances of the next character in pattern, and try
+ to match starting from those. */
+ pat = *pattern;
+ for (; *s; s++) {
+ src = *s;
+ if (toupper(src) == toupper(pat) &&
+ match_pattern_ylo(s + 1, pattern + 1))
+ return 1;
+ }
+ /* Failed. */
+ return 0;
+ }
+
+ /* Move ahead one character at a time and try to match at each
+ position. */
+ for (; *s; s++)
+ if (match_pattern_ylo(s, pattern))
+ return 1;
+ /* Failed. */
+ return 0;
+ }
+
+ /* There must be at least one more character in the string. If we are
+ at the end, fail. */
+ if (!*s)
+ return 0;
+
+ /* Check if the next character of the string is acceptable. */
+ pat = *pattern;
+ src = *s;
+ if (*pattern != '?' && toupper(pat) != toupper(src))
+ return 0;
+
+ /* Move to the next character, both in string and in pattern. */
+ s++;
+ pattern++;
+ }
+ /*NOTREACHED*/
+}
+#endif /* DISABLE_WILDCARD_MATCHING */
|
