Index: hosts_access.5 =================================================================== RCS file: /cvs/misc/tcp_wrappers/hosts_access.5,v retrieving revision 1.1.1.1 diff -c -r1.1.1.1 hosts_access.5 *** hosts_access.5 1995/08/11 17:33:12 1.1.1.1 --- hosts_access.5 1998/10/08 01:11:40 *************** *** 112,117 **** --- 112,122 ---- built with -DPARANOID (default mode), it drops requests from such clients even before looking at the access control tables. Build without -DPARANOID when you want more control over such requests. + .IP "{RBL}.\fIdomain\fR" + Matches any host whose reversed address appears in the DNS under + \fIdomain\fR. Example domains used for blocking unsolicited + commercial e-mail (aka `spam\') are `.rbl.maps.vix.com\', + `.dul.maps.vix.com\', and `.relays.orbs.org\'. .ne 6 .SH OPERATORS .IP EXCEPT Index: hosts_access.c =================================================================== RCS file: /cvs/misc/tcp_wrappers/hosts_access.c,v retrieving revision 1.1.1.3 diff -c -r1.1.1.3 hosts_access.c *** hosts_access.c 1997/05/24 23:07:38 1.1.1.3 --- hosts_access.c 1999/03/08 04:12:09 *************** *** 80,85 **** --- 80,86 ---- static int server_match(); static int client_match(); static int host_match(); + static int rbl_match(); static int string_match(); static int masked_match(); *************** *** 273,284 **** --- 274,325 ---- } else if (STR_EQ(tok, "LOCAL")) { /* local: no dots in name */ char *name = eval_hostname(host); return (strchr(name, '.') == 0 && HOSTNAME_KNOWN(name)); + } else if (strncmp(tok, "{RBL}.", 6) == 0) { /* RBL lookup in domain */ + return rbl_match(tok+6, eval_hostaddr(host)); } else if ((mask = split_at(tok, '/')) != 0) { /* net/mask */ return (masked_match(tok, mask, eval_hostaddr(host))); } else { /* anything else */ return (string_match(tok, eval_hostaddr(host)) || (NOT_INADDR(tok) && string_match(tok, eval_hostname(host)))); } + } + + /* rbl_match() - match host by looking up in RBL domain */ + + static int rbl_match(rbl_domain, rbl_hostaddr) + char *rbl_domain; /* RBL domain */ + char *rbl_hostaddr; /* hostaddr */ + { + char *rbl_name; + unsigned long host_address; + char *p; + int ret = NO; + extern char *malloc(); + + if ((host_address = dot_quad_addr(rbl_hostaddr)) == INADDR_NONE) { + tcpd_warn("unable to convert %s to address", rbl_hostaddr); + return (NO); + } + /* construct the rbl name to look up */ + if ((rbl_name = malloc(sizeof("255.255.255.255.") + strlen(rbl_domain) + 1)) == NULL) { + tcpd_jump("not enough memory to build RBL name for %s in %s", rbl_hostaddr, rbl_domain); + /* NOTREACHED */ + } + p = (char *) (void *) &host_address; + + #define UC(byte) (((int)(byte)) & 0xff) + + sprintf(rbl_name, "%d.%d.%d.%d.%s", UC(p[3]), UC(p[2]), UC(p[1]), UC(p[0]), rbl_domain); + #undef UC + /* look it up */ + if (gethostbyname(rbl_name) != NULL) { + /* successful lookup - they're on the RBL list */ + /* XXX convention is the A RR returned should be 127.0.0.2 */ + ret = YES; + } + free(rbl_name); + + return ret; } /* string_match - match string against pattern */ .