X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/2cee8a259409cd05774252e2694e1c6f76bc9292..9b9be9983e36b6dccbbc63ef7e972dc8c8c11184:/match.c

diff --git a/match.c b/match.c
index 2e2d6309..23894777 100644
--- a/match.c
+++ b/match.c
@@ -1,3 +1,4 @@
+/* $OpenBSD: match.c,v 1.27 2008/06/10 23:06:19 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,10 +36,14 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: match.c,v 1.13 2001/06/24 05:25:10 markus Exp $");
 
-#include "match.h"
+#include <sys/types.h>
+
+#include <ctype.h>
+#include <string.h>
+
 #include "xmalloc.h"
+#include "match.h"
 
 /*
  * Returns true if the given string matches the pattern (which may contain ?
@@ -104,14 +109,15 @@ match_pattern(const char *s, const char *pattern)
 }
 
 /*
- * Tries to match the host name (which must be in all lowercase) against the
+ * Tries to match the string against the
  * comma-separated sequence of subpatterns (each possibly preceded by ! to
  * indicate negation).  Returns -1 if negation matches, 1 if there is
  * a positive match, 0 if there is no match at all.
  */
 
 int
-match_hostname(const char *host, const char *pattern, u_int len)
+match_pattern_list(const char *string, const char *pattern, u_int len,
+    int dolower)
 {
 	char sub[1024];
 	int negated;
@@ -132,9 +138,10 @@ match_hostname(const char *host, const char *pattern, u_int len)
 		 * subpattern to lowercase.
 		 */
 		for (subi = 0;
-		     i < len && subi < sizeof(sub) - 1 && pattern[i] != ',';
-		     subi++, i++)
-			sub[subi] = isupper(pattern[i]) ? tolower(pattern[i]) : pattern[i];
+		    i < len && subi < sizeof(sub) - 1 && pattern[i] != ',';
+		    subi++, i++)
+			sub[subi] = dolower && isupper(pattern[i]) ?
+			    (char)tolower(pattern[i]) : pattern[i];
 		/* If subpattern too long, return failure (no match). */
 		if (subi >= sizeof(sub) - 1)
 			return 0;
@@ -146,8 +153,8 @@ match_hostname(const char *host, const char *pattern, u_int len)
 		/* Null-terminate the subpattern. */
 		sub[subi] = '\0';
 
-		/* Try to match the subpattern against the host name. */
-		if (match_pattern(host, sub)) {
+		/* Try to match the subpattern against the string. */
+		if (match_pattern(string, sub)) {
 			if (negated)
 				return -1;		/* Negative */
 			else
@@ -162,9 +169,22 @@ match_hostname(const char *host, const char *pattern, u_int len)
 	return got_positive;
 }
 
+/*
+ * Tries to match the host name (which must be in all lowercase) against the
+ * comma-separated sequence of subpatterns (each possibly preceded by ! to
+ * indicate negation).  Returns -1 if negation matches, 1 if there is
+ * a positive match, 0 if there is no match at all.
+ */
+int
+match_hostname(const char *host, const char *pattern, u_int len)
+{
+	return match_pattern_list(host, pattern, len, 1);
+}
+
 /*
  * returns 0 if we get a negative match for the hostname or the ip
- * or if we get no match at all.  returns 1 otherwise.
+ * or if we get no match at all.  returns -1 on error, or 1 on
+ * successful match.
  */
 int
 match_host_and_ip(const char *host, const char *ipaddr,
@@ -172,9 +192,12 @@ match_host_and_ip(const char *host, const char *ipaddr,
 {
 	int mhost, mip;
 
-	/* negative ipaddr match */
-	if ((mip = match_hostname(ipaddr, patterns, strlen(patterns))) == -1)
+	/* error in ipaddr match */
+	if ((mip = addr_match_list(ipaddr, patterns)) == -2)
+		return -1;
+	else if (mip == -1) /* negative ip address match */
 		return 0;
+
 	/* negative hostname match */
 	if ((mhost = match_hostname(host, patterns, strlen(patterns))) == -1)
 		return 0;
@@ -184,11 +207,35 @@ match_host_and_ip(const char *host, const char *ipaddr,
 	return 1;
 }
 
+/*
+ * match user, user@host_or_ip, user@host_or_ip_list against pattern
+ */
+int
+match_user(const char *user, const char *host, const char *ipaddr,
+    const char *pattern)
+{
+	char *p, *pat;
+	int ret;
+
+	if ((p = strchr(pattern,'@')) == NULL)
+		return match_pattern(user, pattern);
+
+	pat = xstrdup(pattern);
+	p = strchr(pat, '@');
+	*p++ = '\0';
+
+	if ((ret = match_pattern(user, pat)) == 1)
+		ret = match_host_and_ip(host, ipaddr, p);
+	xfree(pat);
+
+	return ret;
+}
+
 /*
  * Returns first item from client-list that is also supported by server-list,
  * caller must xfree() returned string.
  */
-#define	MAX_PROP	20
+#define	MAX_PROP	40
 #define	SEP	","
 char *
 match_list(const char *client, const char *server, u_int *next)
@@ -201,7 +248,7 @@ match_list(const char *client, const char *server, u_int *next)
 	s = sp = xstrdup(server);
 
 	for ((p = strsep(&sp, SEP)), i=0; p && *p != '\0';
-	     (p = strsep(&sp, SEP)), i++) {
+	    (p = strsep(&sp, SEP)), i++) {
 		if (i < MAX_PROP)
 			sproposals[i] = p;
 		else
@@ -210,13 +257,13 @@ match_list(const char *client, const char *server, u_int *next)
 	nproposals = i;
 
 	for ((p = strsep(&cp, SEP)), i=0; p && *p != '\0';
-	     (p = strsep(&cp, SEP)), i++) {
+	    (p = strsep(&cp, SEP)), i++) {
 		for (j = 0; j < nproposals; j++) {
 			if (strcmp(p, sproposals[j]) == 0) {
 				ret = xstrdup(p);
 				if (next != NULL)
 					*next = (cp == NULL) ?
-					    strlen(c) : cp - c;
+					    strlen(c) : (u_int)(cp - c);
 				xfree(c);
 				xfree(s);
 				return ret;