andersk Git - openssh.git/blame_incremental

... / ...

Commit	Line	Data
	1	/* $OpenBSD: match.c,v 1.24 2006/03/25 13:17:02 djm Exp $ */
	2	/*
	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
	5	* All rights reserved
	6	* Simple pattern matching, with '*' and '?' as wildcards.
	7	*
	8	* As far as I am concerned, the code I have written for this software
	9	* can be used freely for any purpose. Any derived versions of this
	10	* software must be clearly marked as such, and if the derived work is
	11	* incompatible with the protocol description in the RFC file, it must be
	12	* called by a name other than "ssh" or "Secure Shell".
	13	*/
	14	/*
	15	* Copyright (c) 2000 Markus Friedl. All rights reserved.
	16	*
	17	* Redistribution and use in source and binary forms, with or without
	18	* modification, are permitted provided that the following conditions
	19	* are met:
	20	* 1. Redistributions of source code must retain the above copyright
	21	* notice, this list of conditions and the following disclaimer.
	22	* 2. Redistributions in binary form must reproduce the above copyright
	23	* notice, this list of conditions and the following disclaimer in the
	24	* documentation and/or other materials provided with the distribution.
	25	*
	26	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	27	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	28	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	29	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	30	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	31	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	32	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	33	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	34	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	35	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	36	*/
	37
	38	#include "includes.h"
	39
	40	#include <ctype.h>
	41
	42	#include "match.h"
	43	#include "xmalloc.h"
	44
	45	/*
	46	* Returns true if the given string matches the pattern (which may contain ?
	47	* and * as wildcards), and zero if it does not match.
	48	*/
	49
	50	int
	51	match_pattern(const char s, const char pattern)
	52	{
	53	for (;;) {
	54	/* If at end of pattern, accept if also at end of string. */
	55	if (!*pattern)
	56	return !*s;
	57
	58	if (pattern == '') {
	59	/* Skip the asterisk. */
	60	pattern++;
	61
	62	/* If at end of pattern, accept immediately. */
	63	if (!*pattern)
	64	return 1;
	65
	66	/* If next character in pattern is known, optimize. */
	67	if (pattern != '?' && pattern != '*') {
	68	/*
	69	* Look instances of the next character in
	70	* pattern, and try to match starting from
	71	* those.
	72	*/
	73	for (; *s; s++)
	74	if (s == pattern &&
	75	match_pattern(s + 1, pattern + 1))
	76	return 1;
	77	/* Failed. */
	78	return 0;
	79	}
	80	/*
	81	* Move ahead one character at a time and try to
	82	* match at each position.
	83	*/
	84	for (; *s; s++)
	85	if (match_pattern(s, pattern))
	86	return 1;
	87	/* Failed. */
	88	return 0;
	89	}
	90	/*
	91	* There must be at least one more character in the string.
	92	* If we are at the end, fail.
	93	*/
	94	if (!*s)
	95	return 0;
	96
	97	/* Check if the next character of the string is acceptable. */
	98	if (pattern != '?' && pattern != *s)
	99	return 0;
	100
	101	/* Move to the next character, both in string and in pattern. */
	102	s++;
	103	pattern++;
	104	}
	105	/* NOTREACHED */
	106	}
	107
	108	/*
	109	* Tries to match the string against the
	110	* comma-separated sequence of subpatterns (each possibly preceded by ! to
	111	* indicate negation). Returns -1 if negation matches, 1 if there is
	112	* a positive match, 0 if there is no match at all.
	113	*/
	114
	115	int
	116	match_pattern_list(const char string, const char pattern, u_int len,
	117	int dolower)
	118	{
	119	char sub[1024];
	120	int negated;
	121	int got_positive;
	122	u_int i, subi;
	123
	124	got_positive = 0;
	125	for (i = 0; i < len;) {
	126	/* Check if the subpattern is negated. */
	127	if (pattern[i] == '!') {
	128	negated = 1;
	129	i++;
	130	} else
	131	negated = 0;
	132
	133	/*
	134	* Extract the subpattern up to a comma or end. Convert the
	135	* subpattern to lowercase.
	136	*/
	137	for (subi = 0;
	138	i < len && subi < sizeof(sub) - 1 && pattern[i] != ',';
	139	subi++, i++)
	140	sub[subi] = dolower && isupper(pattern[i]) ?
	141	(char)tolower(pattern[i]) : pattern[i];
	142	/* If subpattern too long, return failure (no match). */
	143	if (subi >= sizeof(sub) - 1)
	144	return 0;
	145
	146	/* If the subpattern was terminated by a comma, skip the comma. */
	147	if (i < len && pattern[i] == ',')
	148	i++;
	149
	150	/* Null-terminate the subpattern. */
	151	sub[subi] = '\0';
	152
	153	/* Try to match the subpattern against the string. */
	154	if (match_pattern(string, sub)) {
	155	if (negated)
	156	return -1; /* Negative */
	157	else
	158	got_positive = 1; /* Positive */
	159	}
	160	}
	161
	162	/*
	163	* Return success if got a positive match. If there was a negative
	164	* match, we have already returned -1 and never get here.
	165	*/
	166	return got_positive;
	167	}
	168
	169	/*
	170	* Tries to match the host name (which must be in all lowercase) against the
	171	* comma-separated sequence of subpatterns (each possibly preceded by ! to
	172	* indicate negation). Returns -1 if negation matches, 1 if there is
	173	* a positive match, 0 if there is no match at all.
	174	*/
	175	int
	176	match_hostname(const char host, const char pattern, u_int len)
	177	{
	178	return match_pattern_list(host, pattern, len, 1);
	179	}
	180
	181	/*
	182	* returns 0 if we get a negative match for the hostname or the ip
	183	* or if we get no match at all. returns 1 otherwise.
	184	*/
	185	int
	186	match_host_and_ip(const char host, const char ipaddr,
	187	const char *patterns)
	188	{
	189	int mhost, mip;
	190
	191	/* negative ipaddr match */
	192	if ((mip = match_hostname(ipaddr, patterns, strlen(patterns))) == -1)
	193	return 0;
	194	/* negative hostname match */
	195	if ((mhost = match_hostname(host, patterns, strlen(patterns))) == -1)
	196	return 0;
	197	/* no match at all */
	198	if (mhost == 0 && mip == 0)
	199	return 0;
	200	return 1;
	201	}
	202
	203	/*
	204	* match user, user@host_or_ip, user@host_or_ip_list against pattern
	205	*/
	206	int
	207	match_user(const char user, const char host, const char *ipaddr,
	208	const char *pattern)
	209	{
	210	char p, pat;
	211	int ret;
	212
	213	if ((p = strchr(pattern,'@')) == NULL)
	214	return match_pattern(user, pattern);
	215
	216	pat = xstrdup(pattern);
	217	p = strchr(pat, '@');
	218	*p++ = '\0';
	219
	220	if ((ret = match_pattern(user, pat)) == 1)
	221	ret = match_host_and_ip(host, ipaddr, p);
	222	xfree(pat);
	223
	224	return ret;
	225	}
	226
	227	/*
	228	* Returns first item from client-list that is also supported by server-list,
	229	* caller must xfree() returned string.
	230	*/
	231	#define MAX_PROP 40
	232	#define SEP ","
	233	char *
	234	match_list(const char client, const char server, u_int *next)
	235	{
	236	char *sproposals[MAX_PROP];
	237	char c, s, p, ret, cp, sp;
	238	int i, j, nproposals;
	239
	240	c = cp = xstrdup(client);
	241	s = sp = xstrdup(server);
	242
	243	for ((p = strsep(&sp, SEP)), i=0; p && *p != '\0';
	244	(p = strsep(&sp, SEP)), i++) {
	245	if (i < MAX_PROP)
	246	sproposals[i] = p;
	247	else
	248	break;
	249	}
	250	nproposals = i;
	251
	252	for ((p = strsep(&cp, SEP)), i=0; p && *p != '\0';
	253	(p = strsep(&cp, SEP)), i++) {
	254	for (j = 0; j < nproposals; j++) {
	255	if (strcmp(p, sproposals[j]) == 0) {
	256	ret = xstrdup(p);
	257	if (next != NULL)
	258	*next = (cp == NULL) ?
	259	strlen(c) : (u_int)(cp - c);
	260	xfree(c);
	261	xfree(s);
	262	return ret;
	263	}
	264	}
	265	}
	266	if (next != NULL)
	267	*next = strlen(c);
	268	xfree(c);
	269	xfree(s);
	270	return NULL;
	271	}