search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
connect OSS to the build (clean and install only)
[minix.git] / lib / ip / ruserok.c
blobec00a792f7352ba092ecaeba52918db921541a29
1 /* ruserok() - hosts.equiv and .rhosts check Author: Kees J. Bot
2 * 25 May 2001
3 *
4 * Under Minix one can use IP addresses, CIDR network blocks, and hostnames
5 * with wildcards in .rhosts files. Only the iruserok() interface can be
6 * used, and the IP address is reverse/forward crosschecked if a hostname
7 * match is done. Ruserok() is dead and buried. The superuser parameter is
8 * ignored, because it makes root too special. Most users on Minix can be
9 * root, so hosts.equiv would become useless if root can't use it. Likewise
10 * .rhosts isn't checked to be root or user owned and stuff, users have to
11 * be careful themselves.
12 */
13
14 #include <sys/types.h>
15 #include <errno.h>
16 #include <string.h>
17 #include <stdio.h>
18 #include <ctype.h>
19 #include <limits.h>
20 #include <pwd.h>
21 #include <net/hton.h>
22 #include <net/gen/in.h>
23 #include <net/gen/netdb.h>
24 #include <net/gen/inet.h>
25 #include <net/gen/socket.h>
26 #include <net/gen/nameser.h>
27
28 /* Odd global variable. Seems to be used by lpd(8). */
29 int __check_rhosts_file = 1;
30
31 static int cidr_aton(char *word, ipaddr_t *addr, ipaddr_t *mask)
32 /* Try to interpret 'word' as an CIDR spec, e.g. 172.16.102.64/27. */
33 {
34 char *slash;
35 int r;
36 static char S32[]= "/32";
37
38 if (*word == 0) return 0;
39
40 if ((slash= strchr(word, '/')) == NULL) slash= S32;
41
42 *slash= 0;
43 r= inet_aton(word, addr);
44 *slash++= '/';
45 if (!r) return 0;
46
47 r= 0;
48 while ((*slash - '0') < 10u) {
49 r= 10*r + (*slash++ - '0');
50 if (r > 32) return 0;
51 }
52 if (*slash != 0 || slash[-1] == '/') return 0;
53 *mask= htonl(r == 0 ? 0L : (0xFFFFFFFFUL >> (32 - r)) << (32 - r));
54 return 1;
55 }
56
57 static int match(const char *word, const char *pattern)
58 /* Match word onto a pattern. Pattern may contain the * wildcard. */
59 {
60 unsigned cw, cp;
61 #define lc(c, d) ((((c)= (d)) - 'A') <= ('Z' - 'A') ? (c)+= ('a' - 'A') : 0)
62
63 for (;;) {
64 lc(cw, *word);
65 lc(cp, *pattern);
66
67 if (cp == '*') {
68 do pattern++; while (*pattern == '*');
69 lc(cp, *pattern);
70 if (cp == 0) return 1;
71
72 while (cw != 0) {
73 if (cw == cp && match(word+1, pattern+1)) return 1;
74 word++;
75 lc(cw, *word);
76 }
77 return 0;
78 } else
79 if (cw == 0 || cp == 0) {
80 return cw == cp;
81 } else
82 if (cw == cp) {
83 word++;
84 pattern++;
85 } else {
86 return 0;
87 }
88 }
89 #undef lc
90 }
91
92 static int get_name(ipaddr_t addr, char *name)
93 /* Do a reverse lookup on the remote IP address followed by a forward lookup
94 * to check if the host has that address. Return true if this is so, return
95 * either the true name or the ascii IP address in name[].
96 */
97 {
98 struct hostent *he;
99 int ok, i;
100
101 ok= 0;
102 he= gethostbyaddr((char *) &addr, sizeof(addr), AF_INET);
103 if (he != NULL) {
104 strcpy(name, he->h_name);
105 he= gethostbyname(name);
106
107 if (he != NULL && he->h_addrtype == AF_INET) {
108 for (i= 0; he->h_addr_list[i] != NULL; i++) {
109 if (memcmp(he->h_addr_list[i], &addr, sizeof(addr)) == 0) {
110 ok= 1;
111 break;
112 }
113 }
114 }
115 }
116 strcpy(name, ok ? he->h_name : inet_ntoa(addr));
117 return ok;
118 }
119
120 int __ivaliduser(FILE *hostf, unsigned long raddr,
121 const char *luser, const char *ruser)
122 {
123 register char *p;
124 char buf[MAXDNAME + 128]; /* host + login */
125 char rhost[MAXDNAME]; /* remote host */
126 char *word[2];
127 int i, ch, got_name;
128 ipaddr_t addr, mask;
129
130 got_name = -1;
131
132 while (fgets(buf, sizeof(buf), hostf)) {
133 /* Skip lines that are too long. */
134 if (strchr(buf, '\n') == NULL) {
135 while ((ch = fgetc(hostf)) != '\n' && ch != EOF);
136 continue;
137 }
138 i = 0;
139 p = buf;
140 for (;;) {
141 while (isspace(*p)) *p++ = '\0';
142 if (*p == '\0') break;
143 if (i < 2) word[i] = p;
144 i++;
145 while (*p != '\0' && !isspace(*p)) p++;
146 }
147 if (i != 1 && i != 2) continue;
148 if (word[0][0] == '#') continue;
149 if (strcmp(ruser, i == 2 ? word[1] : luser) != 0) continue;
150
151 if (cidr_aton(word[0], &addr, &mask)) {
152 if (((raddr ^ addr) & mask) == 0) return (0);
153 continue;
154 }
155
156 if (got_name == -1) got_name = get_name(raddr, rhost);
157 if (match(rhost, word[0])) return (0);
158 }
159 return (-1);
160 }
161
162 int iruserok(unsigned long raddr, int superuser,
163 const char *ruser, const char *luser)
164 {
165 /* Returns 0 if ok, -1 if not ok. */
166 struct passwd *pwd;
167 FILE *hostf;
168 int i, r;
169 char pbuf[PATH_MAX];
170
171 for (i = 0; i < 2; i++) {
172 if (i == 0) {
173 strcpy(pbuf, _PATH_HEQUIV);
174 } else {
175 if (!__check_rhosts_file) return (-1);
176 if ((pwd = getpwnam(luser)) == NULL) return (-1);
177 (void)strcpy(pbuf, pwd->pw_dir);
178 (void)strcat(pbuf, "/.rhosts");
179 }
180
181 if ((hostf = fopen(pbuf, "r")) == NULL)
182 {
183 if (errno == ENOENT)
184 continue;
185 return (-1);
186 }
187
188 r = __ivaliduser(hostf, raddr, luser, ruser);
189 (void)fclose(hostf);
190 if (r == 0) return (0);
191 }
192 return (-1);
193 }
MINIX 3 (repo.or.cz mirror)