| blob | 22e3791e9702805670f57fd9455b4f42130c1f51 |
1 See https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=17847
2 (Though the original code needs to be patched to be case-insensitive.)
4 --- a/hosts_access.5
5 +++ b/hosts_access.5
6 @@ -89,6 +89,10 @@ An expression of the form `n.n.n.n/m.m.m
7 bitwise AND of the address and the `mask\'. For example, the net/mask
8 pattern `131.155.72.0/255.255.254.0\' matches every address in the
9 range `131.155.72.0\' through `131.155.73.255\'.
10 +.IP \(bu
11 +Wildcards `*\' and `?\' can be used to match hostnames or IP addresses. This
12 +method of matching cannot be used in conjunction with `net/mask\' matching,
13 +hostname matching beginning with `.\' or IP address matching ending with `.\'.
14 .SH WILDCARDS
15 The access control language supports explicit wildcards:
16 .IP ALL
17 --- a/hosts_access.c
18 +++ b/hosts_access.c
19 @@ -82,6 +82,7 @@ static int client_match();
20 static int host_match();
21 static int string_match();
22 static int masked_match();
23 +static int match_pattern_ylo();
25 /* Size of logical line buffer. */
27 @@ -289,6 +290,11 @@ char *string;
28 {
29 int n;
31 +#ifndef DISABLE_WILDCARD_MATCHING
32 + if (strchr(tok, '*') || strchr(tok,'?')) { /* contains '*' or '?' */
33 + return (match_pattern_ylo(string,tok));
34 + } else
35 +#endif
36 if (tok[0] == '.') { /* suffix */
37 n = strlen(string) - strlen(tok);
38 return (n > 0 && STR_EQ(tok, string + n));
39 @@ -329,3 +335,78 @@ char *string;
40 }
41 return ((addr & mask) == net);
42 }
43 +
44 +#ifndef DISABLE_WILDCARD_MATCHING
45 +/* Note: this feature has been adapted in a pretty straightforward way
46 + from Tatu Ylonen's last SSH version under free license by
47 + Pekka Savola <pekkas@netcore.fi>.
48 +
49 + Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
50 +*/
51 +
52 +/* Returns true if the given string matches the pattern (which may contain
53 + ? and * as wildcards), and zero if it does not match. */
54 +
55 +static int match_pattern_ylo(const char *s, const char *pattern)
56 +{
57 + char src;
58 + char pat;
59 + while (1)
60 + {
61 + /* If at end of pattern, accept if also at end of string. */
62 + if (!*pattern)
63 + return !*s;
64 +
65 + /* Process '*'. */
66 + if (*pattern == '*')
67 + {
68 + /* Skip the asterisk. */
69 + pattern++;
70 +
71 + /* If at end of pattern, accept immediately. */
72 + if (!*pattern)
73 + return 1;
74 +
75 + /* If next character in pattern is known, optimize. */
76 + if (*pattern != '?' && *pattern != '*')
77 + {
78 + /* Look instances of the next character in pattern, and try
79 + to match starting from those. */
80 + pat = *pattern;
81 + for (; *s; s++) {
82 + src = *s;
83 + if (toupper(src) == toupper(pat) &&
84 + match_pattern_ylo(s + 1, pattern + 1))
85 + return 1;
86 + }
87 + /* Failed. */
88 + return 0;
89 + }
90 +
91 + /* Move ahead one character at a time and try to match at each
92 + position. */
93 + for (; *s; s++)
94 + if (match_pattern_ylo(s, pattern))
95 + return 1;
96 + /* Failed. */
97 + return 0;
98 + }
99 +
100 + /* There must be at least one more character in the string. If we are
101 + at the end, fail. */
102 + if (!*s)
103 + return 0;
104 +
105 + /* Check if the next character of the string is acceptable. */
106 + pat = *pattern;
107 + src = *s;
108 + if (*pattern != '?' && toupper(pat) != toupper(src))
109 + return 0;
110 +
111 + /* Move to the next character, both in string and in pattern. */
112 + s++;
113 + pattern++;
114 + }
115 + /*NOTREACHED*/
116 +}
117 +#endif /* DISABLE_WILDCARD_MATCHING */