@@ -0,0 +1,54 @@
+--- hosts_access.5.orig
++++ hosts_access.5
+@@ -90,6 +90,13 @@ bitwise AND of the address and the `mask
+ pattern `131.155.72.0/255.255.254.0\' matches every address in the
+ range `131.155.72.0\' through `131.155.73.255\'.
+ .IP \(bu
++A string that begins with a `/\' character is treated as a file
++name. A host name or address is matched if it matches any host name
++or address pattern listed in the named file. The file format is
++zero or more lines with zero or more host name or address patterns
++separated by whitespace. A file name pattern can be used anywhere
++a host name or address pattern can be used.
++.IP \(bu
+ An expression of the form `[n:n:n:n:n:n:n:n]/m\' is interpreted as a
+ `[net]/prefixlen\' pair. A IPv6 host address is matched if
+ `prefixlen\' bits of `net\' is equal to the `prefixlen\' bits of the
+--- hosts_access.c.orig
++++ hosts_access.c
+@@ -273,6 +273,26 @@ struct request_info *request;
+ }
+ }
+
++/* hostfile_match - look up host patterns from file */
++
++static int hostfile_match(path, host)
++char *path;
++struct hosts_info *host;
++{
++ char tok[BUFSIZ];
++ int match = NO;
++ FILE *fp;
++
++ if ((fp = fopen(path, "r")) != 0) {
++ while (fscanf(fp, "%s", tok) == 1 && !(match = host_match(tok, host)))
++ /* void */ ;
++ fclose(fp);
++ } else if (errno != ENOENT) {
++ tcpd_warn("open %s: %m", path);
++ }
++ return (match);
++}
++
+ /* host_match - match host name and/or address against pattern */
+
+ static int host_match(tok, host)
+@@ -300,6 +320,8 @@ struct host_info *host;
+ tcpd_warn("netgroup support is disabled"); /* not tcpd_jump() */
+ return (NO);
+ #endif
++ } else if (tok[0] == '/') { /* /file hack */
++ return (hostfile_match(tok, host));
+ } else if (STR_EQ(tok, "KNOWN")) { /* check address and name */
+ char *name = eval_hostname(host);
+ return (STR_NE(eval_hostaddr(host), unknown) && HOSTNAME_KNOWN(name));
|