search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Commented-out a test that wasn't consistent across all platforms.
[rsync.git] / access.c
blob4cbd9a1eb35a6368cc760b74140e2721bf63d541
1 /*
2 Copyright (C) Andrew Tridgell 1998
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2 of the License, or
7 (at your option) any later version.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
17 */
18
19 /*
20 hosts allow/deny code for rsync
21
22 */
23
24 #include "rsync.h"
25
26
27 static int match_hostname(char *host, char *tok)
28 {
29 if (!host || !*host) return 0;
30 return (fnmatch(tok, host, 0) == 0);
31 }
32
33 static int match_binary(char *b1, char *b2, char *mask, int addrlen)
34 {
35 int i;
36
37 for (i=0; i<addrlen; i++) {
38 if ((b1[i]^b2[i])&mask[i]) {
39 return 0;
40 }
41 }
42
43 return 1;
44 }
45
46 static void make_mask(char *mask, int plen, int addrlen) {
47 int w, b;
48
49 w = plen >> 3;
50 b = plen & 0x7;
51
52 if (w)
53 memset(mask, 0xff, w);
54 if (w < addrlen)
55 mask[w] = 0xff & (0xff<<(8-b));
56 if (w+1 < addrlen)
57 memset(mask+w+1, 0, addrlen-w-1);
58
59 return;
60 }
61
62 static int match_address(char *addr, char *tok)
63 {
64 char *p;
65 struct addrinfo hints, *resa, *rest;
66 int gai;
67 int ret = 0;
68 int addrlen = 0;
69 #ifdef HAVE_STRTOL
70 long int bits;
71 #else
72 int bits;
73 #endif
74 char mask[16];
75 char *a = NULL, *t = NULL;
76
77 if (!addr || !*addr) return 0;
78
79 p = strchr(tok,'/');
80 if (p) *p = 0;
81
82 /* skip if last char is not a digit (i.e. not an address) */
83 /* (don't check first char - might be 11.22.33.44.an.isp) */
84 if (!*tok) return 0; /* nothing to check */
85 if (!isdigit(*(unsigned char*)tok+strlen(tok)-1)) return 0;
86
87 memset(&hints, 0, sizeof(hints));
88 hints.ai_family = PF_UNSPEC;
89 hints.ai_socktype = SOCK_STREAM;
90 #ifdef AI_NUMERICHOST
91 hints.ai_flags = AI_NUMERICHOST;
92 #endif
93
94 gai = getaddrinfo(addr, NULL, &hints, &resa);
95 if (gai) return 0;
96
97 gai = getaddrinfo(tok, NULL, &hints, &rest);
98 if (p)
99 *p++ = '/';
100 if (gai) {
101 rprintf(FERROR,"malformed address %s\n", tok);
102 freeaddrinfo(resa);
103 return 0;
104 }
105
106 if (rest->ai_family != resa->ai_family) {
107 ret = 0;
108 goto out;
109 }
110
111 switch(resa->ai_family) {
112 case PF_INET:
113 a = (char *)&((struct sockaddr_in *)resa->ai_addr)->sin_addr;
114 t = (char *)&((struct sockaddr_in *)rest->ai_addr)->sin_addr;
115 addrlen = 4;
116
117 break;
118
119 #ifdef INET6
120 case PF_INET6:
121 {
122 struct sockaddr_in6 *sin6a, *sin6t;
123
124 sin6a = (struct sockaddr_in6 *)resa->ai_addr;
125 sin6t = (struct sockaddr_in6 *)rest->ai_addr;
126
127 a = (char *)&sin6a->sin6_addr;
128 t = (char *)&sin6t->sin6_addr;
129
130 addrlen = 16;
131
132 #ifdef HAVE_SOCKADDR_IN6_SCOPE_ID
133 if (sin6t->sin6_scope_id &&
134 sin6a->sin6_scope_id != sin6t->sin6_scope_id) {
135 ret = 0;
136 goto out;
137 }
138 #endif
139
140 break;
141 }
142 #endif
143 default:
144 rprintf(FERROR,"unknown family %u\n", rest->ai_family);
145 ret = 0;
146 goto out;
147 }
148
149 bits = -1;
150 if (p) {
151 if (inet_pton(resa->ai_addr->sa_family, p, mask) <= 0) {
152 #ifdef HAVE_STRTOL
153 char *ep = NULL;
154 #else
155 unsigned char *pp;
156 #endif
157
158 #ifdef HAVE_STRTOL
159 bits = strtol(p, &ep, 10);
160 if (!*p || *ep) {
161 rprintf(FERROR,"malformed mask in %s\n", tok);
162 ret = 0;
163 goto out;
164 }
165 #else
166 for (pp = (unsigned char *)p; *pp; pp++) {
167 if (!isascii(*pp) || !isdigit(*pp)) {
168 rprintf(FERROR,"malformed mask in %s\n", tok);
169 ret = 0;
170 goto out;
171 }
172 }
173 bits = atoi(p);
174 #endif
175 if (bits == 0) {
176 ret = 1;
177 goto out;
178 }
179 if (bits < 0 || bits > (addrlen << 3)) {
180 rprintf(FERROR,"malformed mask in %s\n", tok);
181 ret = 0;
182 goto out;
183 }
184 }
185 } else {
186 bits = 128;
187 }
188
189 if (bits >= 0)
190 make_mask(mask, bits, addrlen);
191
192 ret = match_binary(a, t, mask, addrlen);
193
194 out:
195 freeaddrinfo(resa);
196 freeaddrinfo(rest);
197 return ret;
198 }
199
200 static int access_match(char *list, char *addr, char *host)
201 {
202 char *tok;
203 char *list2 = strdup(list);
204
205 if (!list2) out_of_memory("access_match");
206
207 strlower(list2);
208 if (host) strlower(host);
209
210 for (tok=strtok(list2," ,\t"); tok; tok=strtok(NULL," ,\t")) {
211 if (match_hostname(host, tok) || match_address(addr, tok)) {
212 free(list2);
213 return 1;
214 }
215 }
216
217 free(list2);
218 return 0;
219 }
220
221 int allow_access(char *addr, char *host, char *allow_list, char *deny_list)
222 {
223 /* if theres no deny list and no allow list then allow access */
224 if ((!deny_list || !*deny_list) && (!allow_list || !*allow_list))
225 return 1;
226
227 /* if there is an allow list but no deny list then allow only hosts
228 on the allow list */
229 if (!deny_list || !*deny_list)
230 return(access_match(allow_list, addr, host));
231
232 /* if theres a deny list but no allow list then allow
233 all hosts not on the deny list */
234 if (!allow_list || !*allow_list)
235 return(!access_match(deny_list,addr,host));
236
237 /* if there are both type of list then allow all hosts on the
238 allow list */
239 if (access_match(allow_list,addr,host))
240 return 1;
241
242 /* if there are both type of list and it's not on the allow then
243 allow it if its not on the deny */
244 if (access_match(deny_list,addr,host))
245 return 0;
246
247 return 1;
248 }
rsync: a fast, versatile, remote (and local) file-copying tool