netbsd-bugs: lib/6837: RBL patch for libwrap

Subject: lib/6837: RBL patch for libwrap
To: None <gnats-bugs@gnats.netbsd.org>
From: None <woods@proven.weird.com>
List: netbsd-bugs
Date: 01/18/1999 12:11:47
>Number:         6837
>Category:       lib
>Synopsis:       RBL patch for libwrap
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    lib-bug-people (Library Bug People)
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Mon Jan 18 09:20:02 1999
>Last-Modified:
>Originator:     Greg A. Woods
>Organization:
Planix, Inc.; Toronto, Ontario; Canada
>Release:        NetBSD-current
>Environment:

System: NetBSD 1.3I

>Description:

	This is a patch to provide RBL domain lookup capabilities to libwrap.

>How-To-Repeat:

>Fix:

	line numbers may be off for the hosts_access.5 hunk....

cvs diff: Diffing lib/libwrap
Index: lib/libwrap/Makefile.cflags
===================================================================
RCS file: /cvs/NetBSD/src/lib/libwrap/Makefile.cflags,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 Makefile.cflags
--- lib/libwrap/Makefile.cflags	1998/02/20 00:33:03	1.1.1.1
+++ lib/libwrap/Makefile.cflags	1999/01/13 02:34:26
@@ -6,6 +6,9 @@
 CPPFLAGS+=-DHOSTS_ALLOW=\"/etc/hosts.allow\" -DHOSTS_DENY=\"/etc/hosts.deny\"
 CPPFLAGS+=-DPROCESS_OPTIONS -DNETGROUP
 
+# and these are what Weitse suggests for NetBSD:
+CPPFLAGS+=-DLIBC_CALLS_STRTOK
+
 # -DPARANOID is not used by libwrap, only by programs that use it.
 # in this case inetd does not use it (probably rightly so) and so
 # we don't want to use it in wrapper-related utilities (such as
Index: lib/libwrap/hosts_access.5
===================================================================
RCS file: /cvs/NetBSD/src/lib/libwrap/hosts_access.5,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 hosts_access.5
--- lib/libwrap/hosts_access.5	1998/02/20 00:33:03	1.1.1.1
+++ lib/libwrap/hosts_access.5	1998/10/25 03:17:25
@@ -123,6 +121,10 @@
 does not automatically drop these requests; you must explicitly
 drop them in your \fI/etc/hosts.allow\fR or \fI/etc/hosts.deny\fR 
 file.
+.IP "{RBL}.\fIdomain\fR"
+Matches any host whose reversed address appears in the DNS under
+\fIdomain\fR.  The primary such domain used for blocking unsolicited
+commercial e-mail (spam) is `.rbl.maps.vix.com\'.
 .ne 6
 .SH OPERATORS
 .IP EXCEPT
Index: lib/libwrap/hosts_access.c
===================================================================
RCS file: /cvs/NetBSD/src/lib/libwrap/hosts_access.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 hosts_access.c
--- lib/libwrap/hosts_access.c	1998/02/20 00:33:03	1.1.1.1
+++ lib/libwrap/hosts_access.c	1999/01/13 02:39:33
@@ -35,11 +35,13 @@
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <stdio.h>
+#include <stdlib.h>
 #include <syslog.h>
 #include <ctype.h>
 #include <errno.h>
 #include <setjmp.h>
 #include <string.h>
+#include <netdb.h>
 #ifdef  NETGROUP
 #include <netgroup.h>
 #include <rpcsvc/ypclnt.h>
@@ -91,6 +93,7 @@
 static int server_match __P((char *, struct request_info *));
 static int client_match __P((char *, struct request_info *));
 static int host_match __P((char *, struct host_info *));
+static int rbl_match __P((char *, char *));
 static int string_match __P((char *, char *));
 static int masked_match __P((char *, char *, char *));
 
@@ -283,12 +286,49 @@
     } else if (STR_EQ(tok, "LOCAL")) {		/* local: no dots in name */
 	char   *name = eval_hostname(host);
 	return (strchr(name, '.') == 0 && HOSTNAME_KNOWN(name));
+    } else if (strncmp(tok, "{RBL}.", 6) == 0) { /* RBL lookup in domain */
+	return rbl_match(tok+6, eval_hostaddr(host));
     } else if ((mask = split_at(tok, '/')) != 0) {	/* net/mask */
 	return (masked_match(tok, mask, eval_hostaddr(host)));
     } else {					/* anything else */
 	return (string_match(tok, eval_hostaddr(host))
 	    || (NOT_INADDR(tok) && string_match(tok, eval_hostname(host))));
     }
+}
+
+/* rbl_match() - match host by looking up in RBL domain */
+
+static int rbl_match(rbl_domain, rbl_hostaddr)
+char   *rbl_domain;				/* RBL domain */
+char   *rbl_hostaddr;				/* hostaddr */
+{
+    char *rbl_name;
+    unsigned long host_address;
+    int ret = NO;
+ 
+    if ((host_address = dot_quad_addr(rbl_hostaddr)) == INADDR_NONE) {
+	tcpd_warn("unable to convert %s to address", rbl_hostaddr);
+	return (NO);
+    }
+    /*  construct the rbl name to look up */
+    if ((rbl_name = malloc(strlen(rbl_domain) + (4*4) + 2)) == NULL) {
+	tcpd_jump("not enough memory to build RBL name for %s in %s", rbl_hostaddr, rbl_domain);
+	/* NOTREACHED */
+    }
+    sprintf(rbl_name, "%u.%u.%u.%u.%s",
+	    (unsigned int) ((host_address) & 0xff),
+	    (unsigned int) ((host_address >> 8) & 0xff),
+	    (unsigned int) ((host_address >> 16) & 0xff),
+	    (unsigned int) ((host_address >> 24) & 0xff),
+	    rbl_domain);
+    /* look it up */
+    if (gethostbyname(rbl_name) != NULL) {
+	/* successful lookup - they're on the RBL list */
+	ret = YES;
+    }
+    free(rbl_name);
+
+    return ret;
 }
 
 /* string_match - match string against pattern */
Index: lib/libwrap/tcpd.h
===================================================================
RCS file: /cvs/NetBSD/src/lib/libwrap/tcpd.h,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 tcpd.h
--- lib/libwrap/tcpd.h	1998/02/20 00:33:04	1.1.1.1
+++ lib/libwrap/tcpd.h	1999/01/13 02:29:44
@@ -222,6 +222,7 @@
 #endif
 
 #ifdef GETPEERNAME_BUG			/* claims success with UDP */
+#include <sys/socket.h>			/* XXX serious hack! */
 #define getpeername fix_getpeername
 extern int fix_getpeername __P((int, struct sockaddr *, int *));
 #endif
>Audit-Trail:
>Unformatted: