andersk Git - openssh.git/blame_incremental

... / ...

Commit	Line	Data
	1	/* $OpenBSD: match.c,v 1.25 2006/07/22 20:48:23 stevesk Exp $ */
	2	/*
	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
	5	* All rights reserved
	6	* Simple pattern matching, with '*' and '?' as wildcards.
	7	*
	8	* As far as I am concerned, the code I have written for this software
	9	* can be used freely for any purpose. Any derived versions of this
	10	* software must be clearly marked as such, and if the derived work is
	11	* incompatible with the protocol description in the RFC file, it must be
	12	* called by a name other than "ssh" or "Secure Shell".
	13	*/
	14	/*
	15	* Copyright (c) 2000 Markus Friedl. All rights reserved.
	16	*
	17	* Redistribution and use in source and binary forms, with or without
	18	* modification, are permitted provided that the following conditions
	19	* are met:
	20	* 1. Redistributions of source code must retain the above copyright
	21	* notice, this list of conditions and the following disclaimer.
	22	* 2. Redistributions in binary form must reproduce the above copyright
	23	* notice, this list of conditions and the following disclaimer in the
	24	* documentation and/or other materials provided with the distribution.
	25	*
	26	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	27	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	28	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	29	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	30	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	31	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	32	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	33	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	34	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	35	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	36	*/
	37
	38	#include "includes.h"
	39
	40	#include <ctype.h>
	41	#include <string.h>
	42
	43	#include "match.h"
	44	#include "xmalloc.h"
	45
	46	/*
	47	* Returns true if the given string matches the pattern (which may contain ?
	48	* and * as wildcards), and zero if it does not match.
	49	*/
	50
	51	int
	52	match_pattern(const char s, const char pattern)
	53	{
	54	for (;;) {
	55	/* If at end of pattern, accept if also at end of string. */
	56	if (!*pattern)
	57	return !*s;
	58
	59	if (pattern == '') {
	60	/* Skip the asterisk. */
	61	pattern++;
	62
	63	/* If at end of pattern, accept immediately. */
	64	if (!*pattern)
	65	return 1;
	66
	67	/* If next character in pattern is known, optimize. */
	68	if (pattern != '?' && pattern != '*') {
	69	/*
	70	* Look instances of the next character in
	71	* pattern, and try to match starting from
	72	* those.
	73	*/
	74	for (; *s; s++)
	75	if (s == pattern &&
	76	match_pattern(s + 1, pattern + 1))
	77	return 1;
	78	/* Failed. */
	79	return 0;
	80	}
	81	/*
	82	* Move ahead one character at a time and try to
	83	* match at each position.
	84	*/
	85	for (; *s; s++)
	86	if (match_pattern(s, pattern))
	87	return 1;
	88	/* Failed. */
	89	return 0;
	90	}
	91	/*
	92	* There must be at least one more character in the string.
	93	* If we are at the end, fail.
	94	*/
	95	if (!*s)
	96	return 0;
	97
	98	/* Check if the next character of the string is acceptable. */
	99	if (pattern != '?' && pattern != *s)
	100	return 0;
	101
	102	/* Move to the next character, both in string and in pattern. */
	103	s++;
	104	pattern++;
	105	}
	106	/* NOTREACHED */
	107	}
	108
	109	/*
	110	* Tries to match the string against the
	111	* comma-separated sequence of subpatterns (each possibly preceded by ! to
	112	* indicate negation). Returns -1 if negation matches, 1 if there is
	113	* a positive match, 0 if there is no match at all.
	114	*/
	115
	116	int
	117	match_pattern_list(const char string, const char pattern, u_int len,
	118	int dolower)
	119	{
	120	char sub[1024];
	121	int negated;
	122	int got_positive;
	123	u_int i, subi;
	124
	125	got_positive = 0;
	126	for (i = 0; i < len;) {
	127	/* Check if the subpattern is negated. */
	128	if (pattern[i] == '!') {
	129	negated = 1;
	130	i++;
	131	} else
	132	negated = 0;
	133
	134	/*
	135	* Extract the subpattern up to a comma or end. Convert the
	136	* subpattern to lowercase.
	137	*/
	138	for (subi = 0;
	139	i < len && subi < sizeof(sub) - 1 && pattern[i] != ',';
	140	subi++, i++)
	141	sub[subi] = dolower && isupper(pattern[i]) ?
	142	(char)tolower(pattern[i]) : pattern[i];
	143	/* If subpattern too long, return failure (no match). */
	144	if (subi >= sizeof(sub) - 1)
	145	return 0;
	146
	147	/* If the subpattern was terminated by a comma, skip the comma. */
	148	if (i < len && pattern[i] == ',')
	149	i++;
	150
	151	/* Null-terminate the subpattern. */
	152	sub[subi] = '\0';
	153
	154	/* Try to match the subpattern against the string. */
	155	if (match_pattern(string, sub)) {
	156	if (negated)
	157	return -1; /* Negative */
	158	else
	159	got_positive = 1; /* Positive */
	160	}
	161	}
	162
	163	/*
	164	* Return success if got a positive match. If there was a negative
	165	* match, we have already returned -1 and never get here.
	166	*/
	167	return got_positive;
	168	}
	169
	170	/*
	171	* Tries to match the host name (which must be in all lowercase) against the
	172	* comma-separated sequence of subpatterns (each possibly preceded by ! to
	173	* indicate negation). Returns -1 if negation matches, 1 if there is
	174	* a positive match, 0 if there is no match at all.
	175	*/
	176	int
	177	match_hostname(const char host, const char pattern, u_int len)
	178	{
	179	return match_pattern_list(host, pattern, len, 1);
	180	}
	181
	182	/*
	183	* returns 0 if we get a negative match for the hostname or the ip
	184	* or if we get no match at all. returns 1 otherwise.
	185	*/
	186	int
	187	match_host_and_ip(const char host, const char ipaddr,
	188	const char *patterns)
	189	{
	190	int mhost, mip;
	191
	192	/* negative ipaddr match */
	193	if ((mip = match_hostname(ipaddr, patterns, strlen(patterns))) == -1)
	194	return 0;
	195	/* negative hostname match */
	196	if ((mhost = match_hostname(host, patterns, strlen(patterns))) == -1)
	197	return 0;
	198	/* no match at all */
	199	if (mhost == 0 && mip == 0)
	200	return 0;
	201	return 1;
	202	}
	203
	204	/*
	205	* match user, user@host_or_ip, user@host_or_ip_list against pattern
	206	*/
	207	int
	208	match_user(const char user, const char host, const char *ipaddr,
	209	const char *pattern)
	210	{
	211	char p, pat;
	212	int ret;
	213
	214	if ((p = strchr(pattern,'@')) == NULL)
	215	return match_pattern(user, pattern);
	216
	217	pat = xstrdup(pattern);
	218	p = strchr(pat, '@');
	219	*p++ = '\0';
	220
	221	if ((ret = match_pattern(user, pat)) == 1)
	222	ret = match_host_and_ip(host, ipaddr, p);
	223	xfree(pat);
	224
	225	return ret;
	226	}
	227
	228	/*
	229	* Returns first item from client-list that is also supported by server-list,
	230	* caller must xfree() returned string.
	231	*/
	232	#define MAX_PROP 40
	233	#define SEP ","
	234	char *
	235	match_list(const char client, const char server, u_int *next)
	236	{
	237	char *sproposals[MAX_PROP];
	238	char c, s, p, ret, cp, sp;
	239	int i, j, nproposals;
	240
	241	c = cp = xstrdup(client);
	242	s = sp = xstrdup(server);
	243
	244	for ((p = strsep(&sp, SEP)), i=0; p && *p != '\0';
	245	(p = strsep(&sp, SEP)), i++) {
	246	if (i < MAX_PROP)
	247	sproposals[i] = p;
	248	else
	249	break;
	250	}
	251	nproposals = i;
	252
	253	for ((p = strsep(&cp, SEP)), i=0; p && *p != '\0';
	254	(p = strsep(&cp, SEP)), i++) {
	255	for (j = 0; j < nproposals; j++) {
	256	if (strcmp(p, sproposals[j]) == 0) {
	257	ret = xstrdup(p);
	258	if (next != NULL)
	259	*next = (cp == NULL) ?
	260	strlen(c) : (u_int)(cp - c);
	261	xfree(c);
	262	xfree(s);
	263	return ret;
	264	}
	265	}
	266	}
	267	if (next != NULL)
	268	*next = strlen(c);
	269	xfree(c);
	270	xfree(s);
	271	return NULL;
	272	}