On Wed, 20 Sep 2000, Pekka Savola wrote:
> - Support for including external files to hosts.allow for specific
> services.
> * This would make hosts.allow easier to maintain
> (esp. wrt. synchronization) if a lot of different services use
> /etc/hosts.allow. This has been done in recent versions of FreeBSD.
The implementation in FreeBSD applies quite cleanly into Red Hat Linux
version of TCP wrappers. Patch attached.
Too bad you have recompile corresponding servers against newer libwrap if
if you want to use this feature.
Comments welcome. I'll file this in Bugzilla later.
If I have time, I'll try to see about the other feature.
--
Pekka Savola "Tell me of difficulties surmounted,
[EMAIL PROTECTED] not those you stumble over and fall"
--- tcp_wrappers_7.6/hosts_access.c Wed Feb 12 03:13:23 1997
+++ tcp_wrappers/hosts_access.c Wed Jul 19 08:37:02 2000
@@ -240,6 +255,26 @@
}
}
+/* hostfile_match - look up host patterns from file */
+
+static int hostfile_match(path, host)
+char *path;
+struct hosts_info *host;
+{
+ char tok[BUFSIZ];
+ int match = NO;
+ FILE *fp;
+
+ if ((fp = fopen(path, "r")) != 0) {
+ while (fscanf(fp, "%s", tok) == 1 && !(match = host_match(tok, host)))
+ /* void */ ;
+ fclose(fp);
+ } else if (errno != ENOENT) {
+ tcpd_warn("open %s: %m", path);
+ }
+ return (match);
+}
+
/* host_match - match host name and/or address against pattern */
static int host_match(tok, host)
@@ -267,6 +302,8 @@
tcpd_warn("netgroup support is disabled"); /* not tcpd_jump() */
return (NO);
#endif
+ } else if (tok[0] == '/') { /* /file hack */
+ return (hostfile_match(tok, host));
} else if (STR_EQ(tok, "KNOWN")) { /* check address and name */
char *name = eval_hostname(host);
return (STR_NE(eval_hostaddr(host), unknown) && HOSTNAME_KNOWN(name));
--- tcp_wrappers_7.6/hosts_access.5 Mon Jan 30 20:51:47 1995
+++ tcp_wrappers.new/hosts_access.5 Wed Sep 20 22:24:29 2000
@@ -89,6 +89,13 @@
bitwise AND of the address and the `mask\'. For example, the net/mask
pattern `131.155.72.0/255.255.254.0\' matches every address in the
range `131.155.72.0\' through `131.155.73.255\'.
+.IP \(bu
+A string that begins with a `/\' character is treated as a file
+name. A host name or address is matched if it matches any host name
+or address pattern listed in the named file. The file format is
+zero or more lines with zero or more host name or address patterns
+separated by whitespace. A file name pattern can be used anywhere
+a host name or address pattern can be used.
.SH WILDCARDS
The access control language supports explicit wildcards:
.IP ALL
