[src/trunk]: src Apply IPv6 support patch.

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src Apply IPv6 support patch.
From: itojun <itojun%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 06:11:36 +0000
details:   https://anonhg.NetBSD.org/src/rev/04d341739413
branches:  trunk
changeset: 475959:04d341739413
user:      itojun <itojun%NetBSD.org@localhost>
date:      Tue Aug 31 13:58:58 1999 +0000

description:
Apply IPv6 support patch.
Note that all IPv6 address must be wrapped with square bracket, like:
        ALL: [::1/128] 127.0.0.1/255.255.255.255
Increase shlib minor.

ftp://ftp.kame.net/pub/kame/misc/tcp_wrappers-76-v6-19990831.diff.gz

diffstat:

 distrib/sets/lists/base/shl.mi |    4 +-
 lib/libwrap/Makefile.cflags    |    6 ++-
 lib/libwrap/fix_options.c      |   18 ++++++-
 lib/libwrap/hosts_access.5     |   14 +++++-
 lib/libwrap/hosts_access.c     |  100 ++++++++++++++++++++++++++++++++++++++++-
 lib/libwrap/misc.c             |   28 ++++++++++-
 lib/libwrap/rfc931.c           |   93 +++++++++++++++++++++++++++++++------
 lib/libwrap/shlib_version      |    4 +-
 lib/libwrap/socket.c           |   86 ++++++++++++++++++++++++++--------
 lib/libwrap/tcpd.h             |    6 +-
 lib/libwrap/update.c           |    8 +-
 lib/libwrap/workarounds.c      |    8 +-
 usr.sbin/tcpdchk/scaffold.c    |   61 ++++++++++++++++++++++--
 usr.sbin/tcpdchk/tcpdchk.c     |   35 ++++++++++++-
 usr.sbin/tcpdmatch/tcpdmatch.8 |    7 ++-
 usr.sbin/tcpdmatch/tcpdmatch.c |   58 +++++++++++++++++++----
 16 files changed, 454 insertions(+), 82 deletions(-)

diffs (truncated from 1092 to 300 lines):

diff -r 81ddd1da65e3 -r 04d341739413 distrib/sets/lists/base/shl.mi
--- a/distrib/sets/lists/base/shl.mi    Tue Aug 31 13:50:47 1999 +0000
+++ b/distrib/sets/lists/base/shl.mi    Tue Aug 31 13:58:58 1999 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: shl.mi,v 1.34 1999/08/27 16:24:02 itojun Exp $
+# $NetBSD: shl.mi,v 1.35 1999/08/31 13:58:59 itojun Exp $
 ./usr/lib/libamu.so.1.1
 ./usr/lib/libbfd.so.3.0
 ./usr/lib/libbz2.so.0.0
@@ -24,5 +24,5 @@
 ./usr/lib/libtermlib.so.0.0
 ./usr/lib/libusb.so.0.0
 ./usr/lib/libutil.so.5.1
-./usr/lib/libwrap.so.0.1
+./usr/lib/libwrap.so.0.2
 ./usr/lib/libz.so.0.1
diff -r 81ddd1da65e3 -r 04d341739413 lib/libwrap/Makefile.cflags
--- a/lib/libwrap/Makefile.cflags       Tue Aug 31 13:50:47 1999 +0000
+++ b/lib/libwrap/Makefile.cflags       Tue Aug 31 13:58:58 1999 +0000
@@ -1,13 +1,17 @@
-#      $NetBSD: Makefile.cflags,v 1.4 1997/10/26 20:52:47 christos Exp $
+#      $NetBSD: Makefile.cflags,v 1.5 1999/08/31 13:58:58 itojun Exp $
 
 CPPFLAGS+=-DFACILITY=LOG_AUTHPRIV -DSEVERITY=LOG_INFO
 CPPFLAGS+=-DREAL_DAEMON_DIR=\"/usr/libexec\" -DHOSTS_ACCESS -DDAEMON_UMASK=022
 CPPFLAGS+=-DRFC931_TIMEOUT=10 -DALWAYS_HOSTNAME -DSYS_ERRLIST_DEFINED
 CPPFLAGS+=-DHOSTS_ALLOW=\"/etc/hosts.allow\" -DHOSTS_DENY=\"/etc/hosts.deny\"
 CPPFLAGS+=-DPROCESS_OPTIONS -DNETGROUP
+CPPFLAGS+=-Dss_family=__ss_family -Dss_len=__ss_len
 
 # -DPARANOID is not used by libwrap, only by programs that use it.
 # in this case inetd does not use it (probably rightly so) and so
 # we don't want to use it in wrapper-related utilities (such as
 # tcpdmatch) that include this file.
 #CPPFLAGS+=-DPARANOID
+
+# IPv6
+CPPFLAGS+=-DINET6
diff -r 81ddd1da65e3 -r 04d341739413 lib/libwrap/fix_options.c
--- a/lib/libwrap/fix_options.c Tue Aug 31 13:50:47 1999 +0000
+++ b/lib/libwrap/fix_options.c Tue Aug 31 13:58:58 1999 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: fix_options.c,v 1.4 1999/08/27 16:06:17 itojun Exp $   */
+/*     $NetBSD: fix_options.c,v 1.5 1999/08/31 13:58:58 itojun Exp $   */
 
  /*
   * Routine to disable IP-level socket options. This code was taken from 4.4BSD
@@ -12,7 +12,7 @@
 #if 0
 static char sccsid[] = "@(#) fix_options.c 1.6 97/04/08 02:29:19";
 #else
-__RCSID("$NetBSD: fix_options.c,v 1.4 1999/08/27 16:06:17 itojun Exp $");
+__RCSID("$NetBSD: fix_options.c,v 1.5 1999/08/31 13:58:58 itojun Exp $");
 #endif
 #endif
 
@@ -53,7 +53,21 @@
     unsigned int opt;
     int     optlen;
     struct in_addr dummy;
+    struct sockaddr_storage ss;
+    int sslen;
 
+    /*
+     * check if this is AF_INET socket
+     * XXX IPv6 support?
+     */
+    sslen = sizeof(ss);
+    if (getsockname(fd, (struct sockaddr *)&ss, &sslen < 0)) {
+       syslog(LOG_ERR, "getpeername: %m");
+       clean_exit(request);
+    }
+    if (ss.ss_family != AF_INET)
+       return;
+  
     if ((ip = getprotobyname("ip")) != 0)
        ipproto = ip->p_proto;
     else
diff -r 81ddd1da65e3 -r 04d341739413 lib/libwrap/hosts_access.5
--- a/lib/libwrap/hosts_access.5        Tue Aug 31 13:50:47 1999 +0000
+++ b/lib/libwrap/hosts_access.5        Tue Aug 31 13:58:58 1999 +0000
@@ -64,6 +64,8 @@
 \fIclient_list\fR is a list
 of one or more host names, host addresses, patterns or wildcards (see
 below) that will be matched against the client host name or address.
+When a client_list item needs to include colon character (for IPv6 addresses),
+the item needs to be wrapped with square bracket.
 .PP
 The more complex forms \fIdaemon@host\fR and \fIuser@host\fR are
 explained in the sections on server endpoint patterns and on client
@@ -97,6 +99,16 @@
 bitwise AND of the address and the `mask\'. For example, the net/mask
 pattern `131.155.72.0/255.255.254.0\' matches every address in the
 range `131.155.72.0\' through `131.155.73.255\'.
+Note that `m.m.m.m\' portion must always be specified.
+.IP \(bu
+An expression of the form `ipv6-addr/ipv6-mask\' is interpreted as
+masked IPv6 address match, just like masked IPv4 address match (see above).
+Note that `ipv6-mask\' portion must always be specified.
+.IP \(bu
+An expression of the form `ipv6-addr/prefixlen\' is interpreted as
+masked IPv6 address match (with mask specified by numeric prefixlen),
+just like masked IPv4 address match (see above).
+Note that `prefixlen\' portion must always be specified.
 .SH WILDCARDS
 The access control language supports explicit wildcards:
 .IP ALL
@@ -378,4 +390,4 @@
 Den Dolech 2, P.O. Box 513, 
 5600 MB Eindhoven, The Netherlands
 \" @(#) hosts_access.5 1.20 95/01/30 19:51:46
-\"     $NetBSD: hosts_access.5,v 1.9 1999/08/02 16:09:41 bouyer Exp $
+\"     $NetBSD: hosts_access.5,v 1.10 1999/08/31 13:58:58 itojun Exp $
diff -r 81ddd1da65e3 -r 04d341739413 lib/libwrap/hosts_access.c
--- a/lib/libwrap/hosts_access.c        Tue Aug 31 13:50:47 1999 +0000
+++ b/lib/libwrap/hosts_access.c        Tue Aug 31 13:58:58 1999 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: hosts_access.c,v 1.9 1999/08/27 16:06:17 itojun Exp $  */
+/*     $NetBSD: hosts_access.c,v 1.10 1999/08/31 13:58:58 itojun Exp $ */
 
  /*
   * This module implements a simple access control language that is based on
@@ -24,7 +24,7 @@
 #if 0
 static char sccsid[] = "@(#) hosts_access.c 1.21 97/02/12 02:13:22";
 #else
-__RCSID("$NetBSD: hosts_access.c,v 1.9 1999/08/27 16:06:17 itojun Exp $");
+__RCSID("$NetBSD: hosts_access.c,v 1.10 1999/08/31 13:58:58 itojun Exp $");
 #endif
 #endif
 
@@ -32,6 +32,9 @@
 
 #include <sys/types.h>
 #include <sys/param.h>
+#ifdef INET6
+#include <sys/socket.h>
+#endif
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <stdio.h>
@@ -96,6 +99,10 @@
 static int rbl_match __P((char *, char *));
 static int string_match __P((char *, char *));
 static int masked_match __P((char *, char *, char *));
+static int masked_match4 __P((char *, char *, char *));
+#ifdef INET6
+static int masked_match6 __P((char *, char *, char *));
+#endif
 
 /* Size of logical line buffer. */
 
@@ -202,6 +209,7 @@
 int   (*match_fn) __P((char *, struct request_info *));
 {
     char   *tok;
+    int l;
 
     /*
      * Process tokens one at a time. We have exhausted all possible matches
@@ -213,6 +221,11 @@
     for (tok = strtok(list, sep); tok != 0; tok = strtok((char *) 0, sep)) {
        if (STR_EQ(tok, "EXCEPT"))              /* EXCEPT: give up */
            return (NO);
+       l = strlen(tok);
+       if (*tok == '[' && tok[l - 1] == ']') {
+           tok[l - 1] = '\0';
+           tok++;
+       }
        if (match_fn(tok, request)) {           /* YES: look for exceptions */
            while ((tok = strtok((char *) 0, sep)) && STR_NE(tok, "EXCEPT"))
                 /* VOID */ ;
@@ -362,6 +375,23 @@
 char   *mask_tok;
 char   *string;
 {
+#ifndef INET6
+    return masked_match4(net_tok, mask_tok, string);
+#else
+    if (dot_quad_addr(net_tok, NULL) != INADDR_NONE
+     && dot_quad_addr(mask_tok, NULL) != INADDR_NONE
+     && dot_quad_addr(string, NULL) != INADDR_NONE) {
+       return masked_match4(net_tok, mask_tok, string);
+    } else
+       return masked_match6(net_tok, mask_tok, string);
+#endif
+}
+
+static int masked_match4(net_tok, mask_tok, string)
+char   *net_tok;
+char   *mask_tok;
+char   *string;
+{
     unsigned long net;
     unsigned long mask;
     unsigned long addr;
@@ -381,3 +411,69 @@
     }
     return ((addr & mask) == net);
 }
+
+#ifdef INET6
+/* Ugly because it covers IPv4 mapped address.  I hate mapped addresses. */
+static int masked_match6(net_tok, mask_tok, string)
+char   *net_tok;
+char   *mask_tok;
+char   *string;
+{
+    struct in6_addr net;
+    struct in6_addr mask;
+    struct in6_addr addr;
+    int masklen;
+    int fail;
+    int i;
+    int maskoff;
+    int netaf;
+    const int sizoff64 = sizeof(struct in6_addr) - sizeof(struct in_addr);
+
+    memset(&addr, 0, sizeof(addr));
+    if (inet_pton(AF_INET6, string, &addr) == 1)
+       ; /* okay */
+    else if (inet_pton(AF_INET, string, &addr.s6_addr[sizoff64]) == 1)
+       addr.s6_addr[10] = addr.s6_addr[11] = 0xff;
+    else
+       return NO;
+
+    memset(&net, 0, sizeof(net));
+    if (inet_pton(AF_INET6, net_tok, &net) == 1) {
+       netaf = AF_INET6;
+       maskoff = 0;
+    } else if (inet_pton(AF_INET, net_tok, &net.s6_addr[sizoff64]) == 1) {
+       netaf = AF_INET;
+       maskoff = sizoff64;
+       net.s6_addr[10] = net.s6_addr[11] = 0xff;
+    } else
+       return NO;
+
+    fail = 0;
+    if (mask_tok[strspn(mask_tok, "0123456789")] == '\0') {
+       masklen = atoi(mask_tok) + maskoff * 8;
+       if (0 <= masklen && masklen <= 128) {
+           memset(&mask, 0, sizeof(mask));
+           memset(&mask, 0xff, masklen / 8);
+           if (masklen % 8) {
+               ((u_char *)&mask)[masklen / 8] =
+                       (0xff00 >> (masklen % 8)) & 0xff;
+           }
+       } else
+           fail++;
+    } else if (netaf == AF_INET6 && inet_pton(AF_INET6, mask_tok, &mask) == 1)
+       ; /* okay */
+    else if (netaf == AF_INET
+         && inet_pton(AF_INET, mask_tok, &mask.s6_addr[12]) == 1) {
+       memset(&mask, 0xff, sizoff64);
+    } else
+       fail++;
+    if (fail) {
+       tcpd_warn("bad net/mask expression: %s/%s", net_tok, mask_tok);
+       return (NO);                            /* not tcpd_jump() */
+    }
+
+    for (i = 0; i < sizeof(addr); i++)
+       addr.s6_addr[i] &= mask.s6_addr[i];
+    return (memcmp(&addr, &net, sizeof(addr)) == 0);
+}
+#endif
diff -r 81ddd1da65e3 -r 04d341739413 lib/libwrap/misc.c
--- a/lib/libwrap/misc.c        Tue Aug 31 13:50:47 1999 +0000
+++ b/lib/libwrap/misc.c        Tue Aug 31 13:58:58 1999 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: misc.c,v 1.6 1999/07/03 12:30:41 simonb Exp $  */
+/*     $NetBSD: misc.c,v 1.7 1999/08/31 13:58:58 itojun Exp $  */
 
  /*
   * Misc routines that are used by tcpd and by tcpdchk.
@@ -11,7 +11,7 @@
 #if 0
 static char sccsic[] = "@(#) misc.c 1.2 96/02/11 17:01:29";
 #else
-__RCSID("$NetBSD: misc.c,v 1.6 1999/07/03 12:30:41 simonb Exp $");
+__RCSID("$NetBSD: misc.c,v 1.7 1999/08/31 13:58:58 itojun Exp $");
 #endif
 #endif
 
@@ -61,11 +61,35 @@
 char   *string;
 int     delimiter;
 {
+#if 0
     char   *cp;
 
     if ((cp = strchr(string, delimiter)) != 0)
        *cp++ = 0;
     return (cp);
+#else
+    char *cp;
+    int bracket;
+
+    bracket = 0;
+    for (cp = string; cp && *cp; cp++) {
Prev by Date: [src/trunk]: src/sys Add a new flag, used by vn_open() which prevent symlinks...
Next by Date: [src/trunk]: src/usr.bin/ftp The port number might have changed in the proxy ...
Previous by Thread: [src/trunk]: src/sys Add a new flag, used by vn_open() which prevent symlinks...
Next by Thread: [src/trunk]: src/usr.bin/ftp The port number might have changed in the proxy ...
Indexes:
Home | Main Index | Thread Index | Old Index