search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
NFE - Change default RX ring size from 128 -> 256, Adjust moderation timer.
[dragonfly.git] / crypto / openssh / match.c
blob2389477789043df3384bfcad1e4858279b99cf5d
1 /* $OpenBSD: match.c,v 1.27 2008/06/10 23:06:19 djm Exp $ */
2 /*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * All rights reserved
6 * Simple pattern matching, with '*' and '?' as wildcards.
7 *
8 * As far as I am concerned, the code I have written for this software
9 * can be used freely for any purpose. Any derived versions of this
10 * software must be clearly marked as such, and if the derived work is
11 * incompatible with the protocol description in the RFC file, it must be
12 * called by a name other than "ssh" or "Secure Shell".
13 */
14 /*
15 * Copyright (c) 2000 Markus Friedl. All rights reserved.
16 *
17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions
19 * are met:
20 * 1. Redistributions of source code must retain the above copyright
21 * notice, this list of conditions and the following disclaimer.
22 * 2. Redistributions in binary form must reproduce the above copyright
23 * notice, this list of conditions and the following disclaimer in the
24 * documentation and/or other materials provided with the distribution.
25 *
26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
27 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
29 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
30 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
31 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 */
37
38 #include "includes.h"
39
40 #include <sys/types.h>
41
42 #include <ctype.h>
43 #include <string.h>
44
45 #include "xmalloc.h"
46 #include "match.h"
47
48 /*
49 * Returns true if the given string matches the pattern (which may contain ?
50 * and * as wildcards), and zero if it does not match.
51 */
52
53 int
54 match_pattern(const char *s, const char *pattern)
55 {
56 for (;;) {
57 /* If at end of pattern, accept if also at end of string. */
58 if (!*pattern)
59 return !*s;
60
61 if (*pattern == '*') {
62 /* Skip the asterisk. */
63 pattern++;
64
65 /* If at end of pattern, accept immediately. */
66 if (!*pattern)
67 return 1;
68
69 /* If next character in pattern is known, optimize. */
70 if (*pattern != '?' && *pattern != '*') {
71 /*
72 * Look instances of the next character in
73 * pattern, and try to match starting from
74 * those.
75 */
76 for (; *s; s++)
77 if (*s == *pattern &&
78 match_pattern(s + 1, pattern + 1))
79 return 1;
80 /* Failed. */
81 return 0;
82 }
83 /*
84 * Move ahead one character at a time and try to
85 * match at each position.
86 */
87 for (; *s; s++)
88 if (match_pattern(s, pattern))
89 return 1;
90 /* Failed. */
91 return 0;
92 }
93 /*
94 * There must be at least one more character in the string.
95 * If we are at the end, fail.
96 */
97 if (!*s)
98 return 0;
99
100 /* Check if the next character of the string is acceptable. */
101 if (*pattern != '?' && *pattern != *s)
102 return 0;
103
104 /* Move to the next character, both in string and in pattern. */
105 s++;
106 pattern++;
107 }
108 /* NOTREACHED */
109 }
110
111 /*
112 * Tries to match the string against the
113 * comma-separated sequence of subpatterns (each possibly preceded by ! to
114 * indicate negation). Returns -1 if negation matches, 1 if there is
115 * a positive match, 0 if there is no match at all.
116 */
117
118 int
119 match_pattern_list(const char *string, const char *pattern, u_int len,
120 int dolower)
121 {
122 char sub[1024];
123 int negated;
124 int got_positive;
125 u_int i, subi;
126
127 got_positive = 0;
128 for (i = 0; i < len;) {
129 /* Check if the subpattern is negated. */
130 if (pattern[i] == '!') {
131 negated = 1;
132 i++;
133 } else
134 negated = 0;
135
136 /*
137 * Extract the subpattern up to a comma or end. Convert the
138 * subpattern to lowercase.
139 */
140 for (subi = 0;
141 i < len && subi < sizeof(sub) - 1 && pattern[i] != ',';
142 subi++, i++)
143 sub[subi] = dolower && isupper(pattern[i]) ?
144 (char)tolower(pattern[i]) : pattern[i];
145 /* If subpattern too long, return failure (no match). */
146 if (subi >= sizeof(sub) - 1)
147 return 0;
148
149 /* If the subpattern was terminated by a comma, skip the comma. */
150 if (i < len && pattern[i] == ',')
151 i++;
152
153 /* Null-terminate the subpattern. */
154 sub[subi] = '\0';
155
156 /* Try to match the subpattern against the string. */
157 if (match_pattern(string, sub)) {
158 if (negated)
159 return -1; /* Negative */
160 else
161 got_positive = 1; /* Positive */
162 }
163 }
164
165 /*
166 * Return success if got a positive match. If there was a negative
167 * match, we have already returned -1 and never get here.
168 */
169 return got_positive;
170 }
171
172 /*
173 * Tries to match the host name (which must be in all lowercase) against the
174 * comma-separated sequence of subpatterns (each possibly preceded by ! to
175 * indicate negation). Returns -1 if negation matches, 1 if there is
176 * a positive match, 0 if there is no match at all.
177 */
178 int
179 match_hostname(const char *host, const char *pattern, u_int len)
180 {
181 return match_pattern_list(host, pattern, len, 1);
182 }
183
184 /*
185 * returns 0 if we get a negative match for the hostname or the ip
186 * or if we get no match at all. returns -1 on error, or 1 on
187 * successful match.
188 */
189 int
190 match_host_and_ip(const char *host, const char *ipaddr,
191 const char *patterns)
192 {
193 int mhost, mip;
194
195 /* error in ipaddr match */
196 if ((mip = addr_match_list(ipaddr, patterns)) == -2)
197 return -1;
198 else if (mip == -1) /* negative ip address match */
199 return 0;
200
201 /* negative hostname match */
202 if ((mhost = match_hostname(host, patterns, strlen(patterns))) == -1)
203 return 0;
204 /* no match at all */
205 if (mhost == 0 && mip == 0)
206 return 0;
207 return 1;
208 }
209
210 /*
211 * match user, user@host_or_ip, user@host_or_ip_list against pattern
212 */
213 int
214 match_user(const char *user, const char *host, const char *ipaddr,
215 const char *pattern)
216 {
217 char *p, *pat;
218 int ret;
219
220 if ((p = strchr(pattern,'@')) == NULL)
221 return match_pattern(user, pattern);
222
223 pat = xstrdup(pattern);
224 p = strchr(pat, '@');
225 *p++ = '\0';
226
227 if ((ret = match_pattern(user, pat)) == 1)
228 ret = match_host_and_ip(host, ipaddr, p);
229 xfree(pat);
230
231 return ret;
232 }
233
234 /*
235 * Returns first item from client-list that is also supported by server-list,
236 * caller must xfree() returned string.
237 */
238 #define MAX_PROP 40
239 #define SEP ","
240 char *
241 match_list(const char *client, const char *server, u_int *next)
242 {
243 char *sproposals[MAX_PROP];
244 char *c, *s, *p, *ret, *cp, *sp;
245 int i, j, nproposals;
246
247 c = cp = xstrdup(client);
248 s = sp = xstrdup(server);
249
250 for ((p = strsep(&sp, SEP)), i=0; p && *p != '\0';
251 (p = strsep(&sp, SEP)), i++) {
252 if (i < MAX_PROP)
253 sproposals[i] = p;
254 else
255 break;
256 }
257 nproposals = i;
258
259 for ((p = strsep(&cp, SEP)), i=0; p && *p != '\0';
260 (p = strsep(&cp, SEP)), i++) {
261 for (j = 0; j < nproposals; j++) {
262 if (strcmp(p, sproposals[j]) == 0) {
263 ret = xstrdup(p);
264 if (next != NULL)
265 *next = (cp == NULL) ?
266 strlen(c) : (u_int)(cp - c);
267 xfree(c);
268 xfree(s);
269 return ret;
270 }
271 }
272 }
273 if (next != NULL)
274 *next = strlen(c);
275 xfree(c);
276 xfree(s);
277 return NULL;
278 }
DragonFly BSD