1 /* $OpenBSD: match.c,v 1.24 2006/03/25 13:17:02 djm Exp $ */
3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
6 * Simple pattern matching, with '*' and '?' as wildcards.
8 * As far as I am concerned, the code I have written for this software
9 * can be used freely for any purpose. Any derived versions of this
10 * software must be clearly marked as such, and if the derived work is
11 * incompatible with the protocol description in the RFC file, it must be
12 * called by a name other than "ssh" or "Secure Shell".
15 * Copyright (c) 2000 Markus Friedl. All rights reserved.
17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions
20 * 1. Redistributions of source code must retain the above copyright
21 * notice, this list of conditions and the following disclaimer.
22 * 2. Redistributions in binary form must reproduce the above copyright
23 * notice, this list of conditions and the following disclaimer in the
24 * documentation and/or other materials provided with the distribution.
26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
27 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
29 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
30 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
31 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
46 * Returns true if the given string matches the pattern (which may contain ?
47 * and * as wildcards), and zero if it does not match.
51 match_pattern(const char *s
, const char *pattern
)
54 /* If at end of pattern, accept if also at end of string. */
58 if (*pattern
== '*') {
59 /* Skip the asterisk. */
62 /* If at end of pattern, accept immediately. */
66 /* If next character in pattern is known, optimize. */
67 if (*pattern
!= '?' && *pattern
!= '*') {
69 * Look instances of the next character in
70 * pattern, and try to match starting from
75 match_pattern(s
+ 1, pattern
+ 1))
81 * Move ahead one character at a time and try to
82 * match at each position.
85 if (match_pattern(s
, pattern
))
91 * There must be at least one more character in the string.
92 * If we are at the end, fail.
97 /* Check if the next character of the string is acceptable. */
98 if (*pattern
!= '?' && *pattern
!= *s
)
101 /* Move to the next character, both in string and in pattern. */
109 * Tries to match the string against the
110 * comma-separated sequence of subpatterns (each possibly preceded by ! to
111 * indicate negation). Returns -1 if negation matches, 1 if there is
112 * a positive match, 0 if there is no match at all.
116 match_pattern_list(const char *string
, const char *pattern
, u_int len
,
125 for (i
= 0; i
< len
;) {
126 /* Check if the subpattern is negated. */
127 if (pattern
[i
] == '!') {
134 * Extract the subpattern up to a comma or end. Convert the
135 * subpattern to lowercase.
138 i
< len
&& subi
< sizeof(sub
) - 1 && pattern
[i
] != ',';
140 sub
[subi
] = dolower
&& isupper(pattern
[i
]) ?
141 (char)tolower(pattern
[i
]) : pattern
[i
];
142 /* If subpattern too long, return failure (no match). */
143 if (subi
>= sizeof(sub
) - 1)
146 /* If the subpattern was terminated by a comma, skip the comma. */
147 if (i
< len
&& pattern
[i
] == ',')
150 /* Null-terminate the subpattern. */
153 /* Try to match the subpattern against the string. */
154 if (match_pattern(string
, sub
)) {
156 return -1; /* Negative */
158 got_positive
= 1; /* Positive */
163 * Return success if got a positive match. If there was a negative
164 * match, we have already returned -1 and never get here.
170 * Tries to match the host name (which must be in all lowercase) against the
171 * comma-separated sequence of subpatterns (each possibly preceded by ! to
172 * indicate negation). Returns -1 if negation matches, 1 if there is
173 * a positive match, 0 if there is no match at all.
176 match_hostname(const char *host
, const char *pattern
, u_int len
)
178 return match_pattern_list(host
, pattern
, len
, 1);
182 * returns 0 if we get a negative match for the hostname or the ip
183 * or if we get no match at all. returns 1 otherwise.
186 match_host_and_ip(const char *host
, const char *ipaddr
,
187 const char *patterns
)
191 /* negative ipaddr match */
192 if ((mip
= match_hostname(ipaddr
, patterns
, strlen(patterns
))) == -1)
194 /* negative hostname match */
195 if ((mhost
= match_hostname(host
, patterns
, strlen(patterns
))) == -1)
197 /* no match at all */
198 if (mhost
== 0 && mip
== 0)
204 * match user, user@host_or_ip, user@host_or_ip_list against pattern
207 match_user(const char *user
, const char *host
, const char *ipaddr
,
213 if ((p
= strchr(pattern
,'@')) == NULL
)
214 return match_pattern(user
, pattern
);
216 pat
= xstrdup(pattern
);
217 p
= strchr(pat
, '@');
220 if ((ret
= match_pattern(user
, pat
)) == 1)
221 ret
= match_host_and_ip(host
, ipaddr
, p
);
228 * Returns first item from client-list that is also supported by server-list,
229 * caller must xfree() returned string.
234 match_list(const char *client
, const char *server
, u_int
*next
)
236 char *sproposals
[MAX_PROP
];
237 char *c
, *s
, *p
, *ret
, *cp
, *sp
;
238 int i
, j
, nproposals
;
240 c
= cp
= xstrdup(client
);
241 s
= sp
= xstrdup(server
);
243 for ((p
= strsep(&sp
, SEP
)), i
=0; p
&& *p
!= '\0';
244 (p
= strsep(&sp
, SEP
)), i
++) {
252 for ((p
= strsep(&cp
, SEP
)), i
=0; p
&& *p
!= '\0';
253 (p
= strsep(&cp
, SEP
)), i
++) {
254 for (j
= 0; j
< nproposals
; j
++) {
255 if (strcmp(p
, sproposals
[j
]) == 0) {
258 *next
= (cp
== NULL
) ?
259 strlen(c
) : (u_int
)(cp
- c
);