xref: /openbsd/usr.bin/ftp/ruserpass.c (revision 78b63d65) 
1 /*	$OpenBSD: ruserpass.c,v 1.12 2000/07/27 19:59:13 millert Exp $	*/
2 /*	$NetBSD: ruserpass.c,v 1.14 1997/07/20 09:46:01 lukem Exp $	*/
3 
4 /*
5  * Copyright (c) 1985, 1993, 1994
6  *	The Regents of the University of California.  All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  * 3. All advertising materials mentioning features or use of this software
17  *    must display the following acknowledgement:
18  *	This product includes software developed by the University of
19  *	California, Berkeley and its contributors.
20  * 4. Neither the name of the University nor the names of its contributors
21  *    may be used to endorse or promote products derived from this software
22  *    without specific prior written permission.
23  *
24  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34  * SUCH DAMAGE.
35  */
36 
37 #ifndef lint
38 #if 0
39 static char sccsid[] = "@(#)ruserpass.c	8.4 (Berkeley) 4/27/95";
40 #else
41 static char rcsid[] = "$OpenBSD: ruserpass.c,v 1.12 2000/07/27 19:59:13 millert Exp $";
42 #endif
43 #endif /* not lint */
44 
45 #include <sys/types.h>
46 #include <sys/stat.h>
47 
48 #include <ctype.h>
49 #include <err.h>
50 #include <errno.h>
51 #include <stdio.h>
52 #include <stdlib.h>
53 #include <string.h>
54 #include <unistd.h>
55 
56 #include "ftp_var.h"
57 
58 static	int token __P((void));
59 static	FILE *cfile;
60 
61 #define	DEFAULT	1
62 #define	LOGIN	2
63 #define	PASSWD	3
64 #define	ACCOUNT 4
65 #define MACDEF  5
66 #define	ID	10
67 #define	MACH	11
68 
69 static char tokval[100];
70 
71 static struct toktab {
72 	char *tokstr;
73 	int tval;
74 } toktab[]= {
75 	{ "default",	DEFAULT },
76 	{ "login",	LOGIN },
77 	{ "password",	PASSWD },
78 	{ "passwd",	PASSWD },
79 	{ "account",	ACCOUNT },
80 	{ "machine",	MACH },
81 	{ "macdef",	MACDEF },
82 	{ NULL,		0 }
83 };
84 
85 int
86 ruserpass(host, aname, apass, aacct)
87 	const char *host;
88 	char **aname, **apass, **aacct;
89 {
90 	char *hdir, buf[BUFSIZ], *tmp;
91 	char myname[MAXHOSTNAMELEN], *mydomain;
92 	int t, i, c, usedefault = 0;
93 	struct stat stb;
94 
95 	hdir = getenv("HOME");
96 	if (hdir == NULL)
97 		return (0);
98 	if (strlen(hdir) + sizeof(".netrc") < sizeof(buf)) {
99 		(void)sprintf(buf, "%s/.netrc", hdir);
100 	} else {
101 		warnx("%s/.netrc: %s", hdir, strerror(ENAMETOOLONG));
102 		return (0);
103 	}
104 	cfile = fopen(buf, "r");
105 	if (cfile == NULL) {
106 		if (errno != ENOENT)
107 			warn("%s", buf);
108 		return (0);
109 	}
110 	if (gethostname(myname, sizeof(myname)) < 0)
111 		myname[0] = '\0';
112 	if ((mydomain = strchr(myname, '.')) == NULL)
113 		mydomain = "";
114 next:
115 	while ((t = token())) switch(t) {
116 
117 	case DEFAULT:
118 		usedefault = 1;
119 		/* FALL THROUGH */
120 
121 	case MACH:
122 		if (!usedefault) {
123 			if (token() != ID)
124 				continue;
125 			/*
126 			 * Allow match either for user's input host name
127 			 * or official hostname.  Also allow match of
128 			 * incompletely-specified host in local domain.
129 			 */
130 			if (strcasecmp(host, tokval) == 0)
131 				goto match;
132 			if (strcasecmp(hostname, tokval) == 0)
133 				goto match;
134 			if ((tmp = strchr(hostname, '.')) != NULL &&
135 			    strcasecmp(tmp, mydomain) == 0 &&
136 			    strncasecmp(hostname, tokval,
137 			    (size_t)(tmp - hostname)) == 0 &&
138 			    tokval[tmp - hostname] == '\0')
139 				goto match;
140 			if ((tmp = strchr(host, '.')) != NULL &&
141 			    strcasecmp(tmp, mydomain) == 0 &&
142 			    strncasecmp(host, tokval,
143 			    (size_t)(tmp - host)) == 0 &&
144 			    tokval[tmp - host] == '\0')
145 				goto match;
146 			continue;
147 		}
148 	match:
149 		while ((t = token()) && t != MACH && t != DEFAULT) switch(t) {
150 
151 		case LOGIN:
152 			if (token()) {
153 				if (*aname == 0) {
154 					*aname = malloc((unsigned)
155 					    strlen(tokval) + 1);
156 					(void)strcpy(*aname, tokval);
157 				} else {
158 					if (strcmp(*aname, tokval))
159 						goto next;
160 				}
161 			}
162 			break;
163 		case PASSWD:
164 			if ((*aname == NULL || strcmp(*aname, "anonymous")) &&
165 			    fstat(fileno(cfile), &stb) >= 0 &&
166 			    (stb.st_mode & 077) != 0) {
167 	warnx("Error: .netrc file is readable by others.");
168 	warnx("Remove password or make file unreadable by others.");
169 				goto bad;
170 			}
171 			if (token() && *apass == 0) {
172 				*apass = malloc((unsigned) strlen(tokval) + 1);
173 				(void)strcpy(*apass, tokval);
174 			}
175 			break;
176 		case ACCOUNT:
177 			if (fstat(fileno(cfile), &stb) >= 0
178 			    && (stb.st_mode & 077) != 0) {
179 	warnx("Error: .netrc file is readable by others.");
180 	warnx("Remove account or make file unreadable by others.");
181 				goto bad;
182 			}
183 			if (token() && *aacct == 0) {
184 				*aacct = malloc((unsigned) strlen(tokval) + 1);
185 				(void)strcpy(*aacct, tokval);
186 			}
187 			break;
188 		case MACDEF:
189 			if (proxy) {
190 				(void)fclose(cfile);
191 				return (0);
192 			}
193 			while ((c = fgetc(cfile)) != EOF)
194 				if (c != ' ' && c != '\t')
195 					break;
196 			if (c == EOF || c == '\n') {
197 				fputs("Missing macdef name argument.\n", ttyout);
198 				goto bad;
199 			}
200 			if (macnum == 16) {
201 				fputs(
202 "Limit of 16 macros have already been defined.\n", ttyout);
203 				goto bad;
204 			}
205 			tmp = macros[macnum].mac_name;
206 			*tmp++ = c;
207 			for (i=0; i < 8 && (c = fgetc(cfile)) != EOF &&
208 			    !isspace(c); ++i) {
209 				*tmp++ = c;
210 			}
211 			if (c == EOF) {
212 				fputs(
213 "Macro definition missing null line terminator.\n", ttyout);
214 				goto bad;
215 			}
216 			*tmp = '\0';
217 			if (c != '\n') {
218 				while ((c = fgetc(cfile)) != EOF && c != '\n');
219 			}
220 			if (c == EOF) {
221 				fputs(
222 "Macro definition missing null line terminator.\n", ttyout);
223 				goto bad;
224 			}
225 			if (macnum == 0) {
226 				macros[macnum].mac_start = macbuf;
227 			}
228 			else {
229 				macros[macnum].mac_start =
230 				    macros[macnum-1].mac_end + 1;
231 			}
232 			tmp = macros[macnum].mac_start;
233 			while (tmp != macbuf + 4096) {
234 				if ((c = fgetc(cfile)) == EOF) {
235 				fputs(
236 "Macro definition missing null line terminator.\n", ttyout);
237 					goto bad;
238 				}
239 				*tmp = c;
240 				if (*tmp == '\n') {
241 					if (*(tmp-1) == '\0') {
242 					   macros[macnum++].mac_end = tmp - 1;
243 					   break;
244 					}
245 					*tmp = '\0';
246 				}
247 				tmp++;
248 			}
249 			if (tmp == macbuf + 4096) {
250 				fputs("4K macro buffer exceeded.\n", ttyout);
251 				goto bad;
252 			}
253 			break;
254 		default:
255 			warnx("Unknown .netrc keyword %s", tokval);
256 			break;
257 		}
258 		goto done;
259 	}
260 done:
261 	(void)fclose(cfile);
262 	return (0);
263 bad:
264 	(void)fclose(cfile);
265 	return (-1);
266 }
267 
268 static int
269 token()
270 {
271 	char *cp;
272 	int c;
273 	struct toktab *t;
274 
275 	if (feof(cfile) || ferror(cfile))
276 		return (0);
277 	while ((c = fgetc(cfile)) != EOF &&
278 	    (c == '\n' || c == '\t' || c == ' ' || c == ','))
279 		continue;
280 	if (c == EOF)
281 		return (0);
282 	cp = tokval;
283 	if (c == '"') {
284 		while ((c = fgetc(cfile)) != EOF && c != '"') {
285 			if (c == '\\')
286 				c = fgetc(cfile);
287 			*cp++ = c;
288 		}
289 	} else {
290 		*cp++ = c;
291 		while ((c = fgetc(cfile)) != EOF
292 		    && c != '\n' && c != '\t' && c != ' ' && c != ',') {
293 			if (c == '\\')
294 				c = fgetc(cfile);
295 			*cp++ = c;
296 		}
297 	}
298 	*cp = 0;
299 	if (tokval[0] == 0)
300 		return (0);
301 	for (t = toktab; t->tokstr; t++)
302 		if (!strcmp(t->tokstr, tokval))
303 			return (t->tval);
304 	return (ID);
305 }
306