svn commit: r310349 - head/usr.sbin/syslogd

Wed Dec 21 05:46:00 UTC 2016

Author: hrs
Date: Wed Dec 21 05:45:59 2016
New Revision: 310349
URL: https://svnweb.freebsd.org/changeset/base/310349

Log:
  - Use fnmatch(3) for domanname matching of -a options.
  - Document the patten matching.
  - Document -S flag in SYNOPSIS.

Modified:
  head/usr.sbin/syslogd/syslogd.8
  head/usr.sbin/syslogd/syslogd.c

Modified: head/usr.sbin/syslogd/syslogd.8
==============================================================================

--- head/usr.sbin/syslogd/syslogd.8	Wed Dec 21 03:23:35 2016	(r310348)
+++ head/usr.sbin/syslogd/syslogd.8	Wed Dec 21 05:45:59 2016	(r310349)
@@ -28,7 +28,7 @@
 .\"     @(#)syslogd.8	8.1 (Berkeley) 6/6/93
 .\" $FreeBSD$
 .\"
-.Dd June 16, 2015
+.Dd December 21, 2016
 .Dt SYSLOGD 8
 .Os
 .Sh NAME
@@ -44,6 +44,7 @@
 .Op Fl m Ar mark_interval
 .Op Fl P Ar pid_file
 .Op Fl p Ar log_socket
+.Op Fl S Ar logpriv_socket
 .Sh DESCRIPTION
 The
 .Nm
@@ -154,16 +155,9 @@ for the sender address.
 The meaning of
 .Ar service
 is as explained above.
-.It Xo
-.Sm off
-.No * Ar domainname Op \&: Ar service
-.Sm on
-.Xc
-Same as before, except that any source host whose name
-.Em ends
-in
 .Ar domainname
-will get permission.
+can contain special characters of a shell-style pattern such as
+.Ql Li \&* .
 .El
 .Pp
 The

Modified: head/usr.sbin/syslogd/syslogd.c
==============================================================================
--- head/usr.sbin/syslogd/syslogd.c	Wed Dec 21 03:23:35 2016	(r310348)
+++ head/usr.sbin/syslogd/syslogd.c	Wed Dec 21 05:45:59 2016	(r310349)
@@ -98,6 +98,7 @@ __FBSDID("$FreeBSD$");
 #include <err.h>
 #include <errno.h>
 #include <fcntl.h>
+#include <fnmatch.h>
 #include <libutil.h>
 #include <limits.h>
 #include <paths.h>
@@ -2476,8 +2477,7 @@ static int
 validate(struct sockaddr *sa, const char *hname)
 {
 	int i;
-	size_t l1, l2;
-	char *cp, name[NI_MAXHOST], ip[NI_MAXHOST], port[NI_MAXSERV];
+	char name[NI_MAXHOST], ip[NI_MAXHOST], port[NI_MAXSERV];
 	struct allowedpeer *ap;
 	struct sockaddr_in *sin4, *a4p = NULL, *m4p = NULL;
 #ifdef INET6
@@ -2558,23 +2558,11 @@ validate(struct sockaddr *sa, const char
 			else
 				continue;
 		} else {
-			cp = ap->a_name;
-			l1 = strlen(name);
-			if (*cp == '*') {
-				/* allow wildmatch */
-				cp++;
-				l2 = strlen(cp);
-				if (l2 > l1 || memcmp(cp, &name[l1 - l2], l2) != 0) {
-					dprintf("rejected in rule %d due to name mismatch.\n", i);
-					continue;
-				}
-			} else {
-				/* exact match */
-				l2 = strlen(cp);
-				if (l2 != l1 || memcmp(cp, name, l1) != 0) {
-					dprintf("rejected in rule %d due to name mismatch.\n", i);
-					continue;
-				}
+			if (fnmatch(ap->a_name, name, FNM_NOESCAPE) ==
+			    FNM_NOMATCH) {
+				dprintf("rejected in rule %d due to name "
+				    "mismatch.\n", i);
+				continue;
 			}
 		}
 		dprintf("accepted in rule %d.\n", i);
