/* Portions taken from the skey distribution on Oct 21 1993 */
#if (MAXHOSTNAMELEN < 64) /* AIX weirdness */
#define MAXHOSTNAMELEN 255
#define MAXADDR 16 /* how many addresses can a machine
* Turn host into an IP address and then look it up in the authorization
* database to determine if ordinary password logins are OK
return rdnets(inet_addr(host
));
* Stash away a copy of the host address list because it will be
* clobbered by other gethostbyXXX() calls.
hp
= gethostbyname(host
);
syslog(LOG_ERR
, "unknown host: %s", host
);
if (hp
->h_addrtype
!= AF_INET
) {
syslog(LOG_ERR
, "unknown network family: %d", hp
->h_addrtype
);
for (lp
= hp
->h_addr_list
, ap
= addr
; ap
< addr
+ MAXADDR
; lp
++, ap
++) {
if ((*ap
= malloc(hp
->h_length
)) == 0) {
syslog(LOG_ERR
, "out of memory");
memcpy(*ap
, *lp
, hp
->h_length
);
addr_length
= hp
->h_length
;
* See if any of the addresses matches a pattern in the control file.
* Report and skip the address if it does not belong to the remote
* host. Assume localhost == localhost.domain.
#define NEQ(x,y) (strcasecmp((x),(y)) != 0)
memcpy((char *) &n
, *ap
, addr_length
);
if ((hp
= gethostbyaddr(*ap
, addr_length
, AF_INET
)) == 0
|| (NEQ(host
, hp
->h_name
) && NEQ(host
, "localhost"))) {
syslog(LOG_ERR
, "IP address %s not registered for host %s",
inet_ntoa(*(struct in_addr
*) * ap
), host
);
fp
= fopen("/etc/skey.access", "r");
while (fgets(buf
, sizeof(buf
), fp
), !feof(fp
)) {
/* two choices permit or deny */
if (strncasecmp(cp
, "permit", 4) == 0) {
if (strncasecmp(cp
, "deny", 4) == 0) {
continue; /* ignore this it is not
cp
= strtok(NULL
, " \t");
continue; /* Invalid line */
cp
= strtok(NULL
, " \t");
continue; /* Invalid line */
if ((host
& mask
) == pattern
) {
* Return TRUE if string appears to be an IP address in dotted decimal;
* return FALSE otherwise (i.e., if string is a domain name)
return 1; /* Can't happen */
while ((c
= *s
++) != '\0') {
if (c
!= '[' && c
!= ']' && !isdigit(c
) && c
!= '.')