diff options
| author | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2000-10-14 00:56:17 +0000 |
|---|---|---|
| committer | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2000-10-14 00:56:17 +0000 |
| commit | f6091bbe12538b3e722800dcd3e43cf014dc17e6 (patch) | |
| tree | 0061ec9397b880b94546484b17273eac081d654d /libexec/tcpd/tcpdchk | |
| parent | ea55ada60b971559c0cd36421576ee1f0502d9a3 (diff) | |
tcp wrapper support for IPv6. from netbsd.
TODO: scoped address support may need more consideration (we are taking
safer side now - rejects too much).
Diffstat (limited to 'libexec/tcpd/tcpdchk')
| -rw-r--r-- | libexec/tcpd/tcpdchk/scaffold.c | 63 | ||||
| -rw-r--r-- | libexec/tcpd/tcpdchk/tcpdchk.c | 38 |
2 files changed, 89 insertions, 12 deletions
diff --git a/libexec/tcpd/tcpdchk/scaffold.c b/libexec/tcpd/tcpdchk/scaffold.c index 1d51f3eb6df..8ce6f7257e7 100644 --- a/libexec/tcpd/tcpdchk/scaffold.c +++ b/libexec/tcpd/tcpdchk/scaffold.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scaffold.c,v 1.3 1999/06/06 18:58:54 deraadt Exp $ */ +/* $OpenBSD: scaffold.c,v 1.4 2000/10/14 00:56:14 itojun Exp $ */ /* * Routines for testing only. Not really industrial strength. @@ -10,7 +10,7 @@ #if 0 static char sccs_id[] = "@(#) scaffold.c 1.5 95/01/03 09:13:48"; #else -static char rcsid[] = "$OpenBSD: scaffold.c,v 1.3 1999/06/06 18:58:54 deraadt Exp $"; +static char rcsid[] = "$OpenBSD: scaffold.c,v 1.4 2000/10/14 00:56:14 itojun Exp $"; #endif #endif @@ -68,6 +68,7 @@ struct hostent *hp; exit(1); } memset((char *) &hb->host, 0, sizeof(hb->host)); + hb->host.h_addrtype = hp->h_addrtype; hb->host.h_length = hp->h_length; hb->host.h_addr_list = hb->addr_list; hb->host.h_addr_list[count] = 0; @@ -89,6 +90,9 @@ char *host; struct hostent *hp; static struct hostent h; static char *addr_list[2]; +#ifdef INET6 + static struct in6_addr in6; +#endif /* * Host address: translate it to internal form. @@ -97,8 +101,18 @@ char *host; h.h_addr_list = addr_list; h.h_addr_list[0] = (char *) &addr; h.h_length = sizeof(addr); + h.h_addrtype = AF_INET; return (dup_hostent(&h)); } +#ifdef INET6 + if (inet_pton(AF_INET6, host, &in6) == 1) { + h.h_addr_list = addr_list; + h.h_addr_list[0] = (char *) &in6; + h.h_length = sizeof(in6); + h.h_addrtype = AF_INET6; + return (dup_hostent(&h)); + } +#endif /* * Map host name to a series of addresses. Watch out for non-internet @@ -106,10 +120,28 @@ char *host; * been "enhanced" to accept numeric addresses. Make a copy of the * address list so that later gethostbyXXX() calls will not clobber it. */ - if (NOT_INADDR(host) == 0) { +#ifdef INET6 + if (NOT_INADDR(host) == 0 && inet_pton(AF_INET6, host, &in6) == 1) +#else + if (NOT_INADDR(host) == 0) +#endif + { tcpd_warn("%s: not an internet address", host); return (0); } +#ifdef INET6 + /* + * XXX this behavior may, or may not be desirable. + * - we may better use getipnodebyname() to addresses of get both AFs, + * however, getipnodebyname() is not widely implemented. + * - it may be better to have a way to specify the AF to use. + */ + if ((hp = gethostbyname2(host, AF_INET)) == 0 + && (hp = gethostbyname2(host, AF_INET6)) == 0) { + tcpd_warn("%s: host not found", host); + return (0); + } +#else if ((hp = gethostbyname(host)) == 0) { tcpd_warn("%s: host not found", host); return (0); @@ -118,6 +150,7 @@ char *host; tcpd_warn("%d: not an internet host", hp->h_addrtype); return (0); } +#endif if (STR_NE(host, hp->h_name)) { tcpd_warn("%s: hostname alias", host); tcpd_warn("(official name: %s)", hp->h_name); @@ -131,20 +164,36 @@ int check_dns(host) char *host; { struct request_info request; - struct sockaddr_in sin; + struct sockaddr_storage sin; struct hostent *hp; int count; char *addr; + char *ap; + int alen; if ((hp = find_inet_addr(host)) == 0) return (0); request_init(&request, RQ_CLIENT_SIN, &sin, 0); sock_methods(&request); memset((char *) &sin, 0, sizeof(sin)); - sin.sin_family = AF_INET; + sin.ss_family = hp->h_addrtype; + switch (hp->h_addrtype) { + case AF_INET: + ap = (char *)&((struct sockaddr_in *)&sin)->sin_addr; + alen = sizeof(struct in6_addr); + break; +#ifdef INET6 + case AF_INET6: + ap = (char *)&((struct sockaddr_in6 *)&sin)->sin6_addr; + alen = sizeof(struct in6_addr); + break; +#endif + default: + return (0); + } for (count = 0; (addr = hp->h_addr_list[count]) != 0; count++) { - memcpy((char *) &sin.sin_addr, addr, sizeof(sin.sin_addr)); + memcpy(ap, addr, alen); /* * Force host name and address conversions. Use the request structure @@ -186,7 +235,7 @@ struct request_info *request; /* ARGSUSED */ void rfc931(a1, a2, d1) -struct sockaddr_in *a1, *a2; +struct sockaddr *a1, *a2; char *d1; { } diff --git a/libexec/tcpd/tcpdchk/tcpdchk.c b/libexec/tcpd/tcpdchk/tcpdchk.c index ff076901616..fc9c140d60b 100644 --- a/libexec/tcpd/tcpdchk/tcpdchk.c +++ b/libexec/tcpd/tcpdchk/tcpdchk.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcpdchk.c,v 1.3 1999/06/06 15:34:57 deraadt Exp $ */ +/* $OpenBSD: tcpdchk.c,v 1.4 2000/10/14 00:56:14 itojun Exp $ */ /* * tcpdchk - examine all tcpd access control rules and inetd.conf entries @@ -20,7 +20,7 @@ #if 0 static char sccsid[] = "@(#) tcpdchk.c 1.8 97/02/12 02:13:25"; #else -static char rcsid[] = "$OpenBSD: tcpdchk.c,v 1.3 1999/06/06 15:34:57 deraadt Exp $"; +static char rcsid[] = "$OpenBSD: tcpdchk.c,v 1.4 2000/10/14 00:56:14 itojun Exp $"; #endif #endif @@ -28,6 +28,9 @@ static char rcsid[] = "$OpenBSD: tcpdchk.c,v 1.3 1999/06/06 15:34:57 deraadt Exp #include <sys/types.h> #include <sys/stat.h> +#ifdef INET6 +#include <sys/socket.h> +#endif #include <netinet/in.h> #include <arpa/inet.h> #include <stdio.h> @@ -331,15 +334,25 @@ char *list; char *cp; char *host; int clients = 0; +#ifdef INET6 + int l; +#endif strcpy(buf, list); for (cp = strtok(buf, sep); cp != 0; cp = strtok((char *) 0, sep)) { +#ifdef INET6 + l = strlen(cp); + if (cp[0] == '[' && cp[l - 1] == ']') { + cp[l - 1] = '\0'; + cp++; + } +#endif if (STR_EQ(cp, "EXCEPT")) { clients = 0; } else { clients++; - if ((host = split_at(cp + 1, '@'))) { /* user@host */ + if ((host = split_at(cp + 1, '@')) != NULL) { /* user@host */ check_user(cp); check_host(host); } else { @@ -430,8 +443,23 @@ char *pat; tcpd_warn("netgroup support disabled"); #endif #endif - } else if ((mask = split_at(pat, '/'))) { /* network/netmask */ - if (!dot_quad_addr_new(pat, NULL) || !dot_quad_addr_new(mask, NULL)) + } else if ((mask = split_at(pat, '/')) != NULL) { /* network/netmask */ +#ifdef INET6 + struct in6_addr in6; +#endif + if (dot_quad_addr_new(pat, NULL) + && dot_quad_addr_new(mask, NULL)) + ; /*okay*/ +#ifdef INET6 + else if (inet_pton(AF_INET6, pat, &in6) == 1 + && inet_pton(AF_INET6, mask, &in6) == 1) + ; /*okay*/ + else if (inet_pton(AF_INET6, pat, &in6) == 1 + && strchr(mask, ':') == NULL + && 0 <= atoi(mask) && atoi(mask) <= 128) + ; /*okay*/ +#endif + else tcpd_warn("%s/%s: bad net/mask pattern", pat, mask); } else if (STR_EQ(pat, "FAIL")) { /* obsolete */ tcpd_warn("FAIL is no longer recognized"); |