search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
- (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c]
[openssh-git.git] / match.c
blob8f12ef539ce2164db7332e2b7e9cba070ea5921e
1 /* $OpenBSD: match.c,v 1.25 2006/07/22 20:48:23 stevesk Exp $ */
2 /*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * All rights reserved
6 * Simple pattern matching, with '*' and '?' as wildcards.
7 *
8 * As far as I am concerned, the code I have written for this software
9 * can be used freely for any purpose. Any derived versions of this
10 * software must be clearly marked as such, and if the derived work is
11 * incompatible with the protocol description in the RFC file, it must be
12 * called by a name other than "ssh" or "Secure Shell".
13 */
14 /*
15 * Copyright (c) 2000 Markus Friedl. All rights reserved.
16 *
17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions
19 * are met:
20 * 1. Redistributions of source code must retain the above copyright
21 * notice, this list of conditions and the following disclaimer.
22 * 2. Redistributions in binary form must reproduce the above copyright
23 * notice, this list of conditions and the following disclaimer in the
24 * documentation and/or other materials provided with the distribution.
25 *
26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
27 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
29 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
30 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
31 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 */
37
38 #include "includes.h"
39
40 #include <ctype.h>
41 #include <string.h>
42
43 #include "match.h"
44 #include "xmalloc.h"
45
46 /*
47 * Returns true if the given string matches the pattern (which may contain ?
48 * and * as wildcards), and zero if it does not match.
49 */
50
51 int
52 match_pattern(const char *s, const char *pattern)
53 {
54 for (;;) {
55 /* If at end of pattern, accept if also at end of string. */
56 if (!*pattern)
57 return !*s;
58
59 if (*pattern == '*') {
60 /* Skip the asterisk. */
61 pattern++;
62
63 /* If at end of pattern, accept immediately. */
64 if (!*pattern)
65 return 1;
66
67 /* If next character in pattern is known, optimize. */
68 if (*pattern != '?' && *pattern != '*') {
69 /*
70 * Look instances of the next character in
71 * pattern, and try to match starting from
72 * those.
73 */
74 for (; *s; s++)
75 if (*s == *pattern &&
76 match_pattern(s + 1, pattern + 1))
77 return 1;
78 /* Failed. */
79 return 0;
80 }
81 /*
82 * Move ahead one character at a time and try to
83 * match at each position.
84 */
85 for (; *s; s++)
86 if (match_pattern(s, pattern))
87 return 1;
88 /* Failed. */
89 return 0;
90 }
91 /*
92 * There must be at least one more character in the string.
93 * If we are at the end, fail.
94 */
95 if (!*s)
96 return 0;
97
98 /* Check if the next character of the string is acceptable. */
99 if (*pattern != '?' && *pattern != *s)
100 return 0;
101
102 /* Move to the next character, both in string and in pattern. */
103 s++;
104 pattern++;
105 }
106 /* NOTREACHED */
107 }
108
109 /*
110 * Tries to match the string against the
111 * comma-separated sequence of subpatterns (each possibly preceded by ! to
112 * indicate negation). Returns -1 if negation matches, 1 if there is
113 * a positive match, 0 if there is no match at all.
114 */
115
116 int
117 match_pattern_list(const char *string, const char *pattern, u_int len,
118 int dolower)
119 {
120 char sub[1024];
121 int negated;
122 int got_positive;
123 u_int i, subi;
124
125 got_positive = 0;
126 for (i = 0; i < len;) {
127 /* Check if the subpattern is negated. */
128 if (pattern[i] == '!') {
129 negated = 1;
130 i++;
131 } else
132 negated = 0;
133
134 /*
135 * Extract the subpattern up to a comma or end. Convert the
136 * subpattern to lowercase.
137 */
138 for (subi = 0;
139 i < len && subi < sizeof(sub) - 1 && pattern[i] != ',';
140 subi++, i++)
141 sub[subi] = dolower && isupper(pattern[i]) ?
142 (char)tolower(pattern[i]) : pattern[i];
143 /* If subpattern too long, return failure (no match). */
144 if (subi >= sizeof(sub) - 1)
145 return 0;
146
147 /* If the subpattern was terminated by a comma, skip the comma. */
148 if (i < len && pattern[i] == ',')
149 i++;
150
151 /* Null-terminate the subpattern. */
152 sub[subi] = '\0';
153
154 /* Try to match the subpattern against the string. */
155 if (match_pattern(string, sub)) {
156 if (negated)
157 return -1; /* Negative */
158 else
159 got_positive = 1; /* Positive */
160 }
161 }
162
163 /*
164 * Return success if got a positive match. If there was a negative
165 * match, we have already returned -1 and never get here.
166 */
167 return got_positive;
168 }
169
170 /*
171 * Tries to match the host name (which must be in all lowercase) against the
172 * comma-separated sequence of subpatterns (each possibly preceded by ! to
173 * indicate negation). Returns -1 if negation matches, 1 if there is
174 * a positive match, 0 if there is no match at all.
175 */
176 int
177 match_hostname(const char *host, const char *pattern, u_int len)
178 {
179 return match_pattern_list(host, pattern, len, 1);
180 }
181
182 /*
183 * returns 0 if we get a negative match for the hostname or the ip
184 * or if we get no match at all. returns 1 otherwise.
185 */
186 int
187 match_host_and_ip(const char *host, const char *ipaddr,
188 const char *patterns)
189 {
190 int mhost, mip;
191
192 /* negative ipaddr match */
193 if ((mip = match_hostname(ipaddr, patterns, strlen(patterns))) == -1)
194 return 0;
195 /* negative hostname match */
196 if ((mhost = match_hostname(host, patterns, strlen(patterns))) == -1)
197 return 0;
198 /* no match at all */
199 if (mhost == 0 && mip == 0)
200 return 0;
201 return 1;
202 }
203
204 /*
205 * match user, user@host_or_ip, user@host_or_ip_list against pattern
206 */
207 int
208 match_user(const char *user, const char *host, const char *ipaddr,
209 const char *pattern)
210 {
211 char *p, *pat;
212 int ret;
213
214 if ((p = strchr(pattern,'@')) == NULL)
215 return match_pattern(user, pattern);
216
217 pat = xstrdup(pattern);
218 p = strchr(pat, '@');
219 *p++ = '\0';
220
221 if ((ret = match_pattern(user, pat)) == 1)
222 ret = match_host_and_ip(host, ipaddr, p);
223 xfree(pat);
224
225 return ret;
226 }
227
228 /*
229 * Returns first item from client-list that is also supported by server-list,
230 * caller must xfree() returned string.
231 */
232 #define MAX_PROP 40
233 #define SEP ","
234 char *
235 match_list(const char *client, const char *server, u_int *next)
236 {
237 char *sproposals[MAX_PROP];
238 char *c, *s, *p, *ret, *cp, *sp;
239 int i, j, nproposals;
240
241 c = cp = xstrdup(client);
242 s = sp = xstrdup(server);
243
244 for ((p = strsep(&sp, SEP)), i=0; p && *p != '\0';
245 (p = strsep(&sp, SEP)), i++) {
246 if (i < MAX_PROP)
247 sproposals[i] = p;
248 else
249 break;
250 }
251 nproposals = i;
252
253 for ((p = strsep(&cp, SEP)), i=0; p && *p != '\0';
254 (p = strsep(&cp, SEP)), i++) {
255 for (j = 0; j < nproposals; j++) {
256 if (strcmp(p, sproposals[j]) == 0) {
257 ret = xstrdup(p);
258 if (next != NULL)
259 *next = (cp == NULL) ?
260 strlen(c) : (u_int)(cp - c);
261 xfree(c);
262 xfree(s);
263 return ret;
264 }
265 }
266 }
267 if (next != NULL)
268 *next = strlen(c);
269 xfree(c);
270 xfree(s);
271 return NULL;
272 }
A clone of openssh git repository