1 /* $OpenBSD: match.c,v 1.30 2015/05/04 06:10:48 djm Exp $ */ 2 /* 3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * Simple pattern matching, with '*' and '?' as wildcards. 7 * 8 * As far as I am concerned, the code I have written for this software 9 * can be used freely for any purpose. Any derived versions of this 10 * software must be clearly marked as such, and if the derived work is 11 * incompatible with the protocol description in the RFC file, it must be 12 * called by a name other than "ssh" or "Secure Shell". 13 */ 14 /* 15 * Copyright (c) 2000 Markus Friedl. All rights reserved. 16 * 17 * Redistribution and use in source and binary forms, with or without 18 * modification, are permitted provided that the following conditions 19 * are met: 20 * 1. Redistributions of source code must retain the above copyright 21 * notice, this list of conditions and the following disclaimer. 22 * 2. Redistributions in binary form must reproduce the above copyright 23 * notice, this list of conditions and the following disclaimer in the 24 * documentation and/or other materials provided with the distribution. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 27 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 28 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 29 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 30 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 31 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 32 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 33 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 34 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36 */ 37 38 #include "includes.h" 39 40 #include <sys/types.h> 41 42 #include <ctype.h> 43 #include <stdlib.h> 44 #include <string.h> 45 46 #include "xmalloc.h" 47 #include "match.h" 48 49 /* 50 * Returns true if the given string matches the pattern (which may contain ? 51 * and * as wildcards), and zero if it does not match. 52 */ 53 54 int 55 match_pattern(const char *s, const char *pattern) 56 { 57 for (;;) { 58 /* If at end of pattern, accept if also at end of string. */ 59 if (!*pattern) 60 return !*s; 61 62 if (*pattern == '*') { 63 /* Skip the asterisk. */ 64 pattern++; 65 66 /* If at end of pattern, accept immediately. */ 67 if (!*pattern) 68 return 1; 69 70 /* If next character in pattern is known, optimize. */ 71 if (*pattern != '?' && *pattern != '*') { 72 /* 73 * Look instances of the next character in 74 * pattern, and try to match starting from 75 * those. 76 */ 77 for (; *s; s++) 78 if (*s == *pattern && 79 match_pattern(s + 1, pattern + 1)) 80 return 1; 81 /* Failed. */ 82 return 0; 83 } 84 /* 85 * Move ahead one character at a time and try to 86 * match at each position. 87 */ 88 for (; *s; s++) 89 if (match_pattern(s, pattern)) 90 return 1; 91 /* Failed. */ 92 return 0; 93 } 94 /* 95 * There must be at least one more character in the string. 96 * If we are at the end, fail. 97 */ 98 if (!*s) 99 return 0; 100 101 /* Check if the next character of the string is acceptable. */ 102 if (*pattern != '?' && *pattern != *s) 103 return 0; 104 105 /* Move to the next character, both in string and in pattern. */ 106 s++; 107 pattern++; 108 } 109 /* NOTREACHED */ 110 } 111 112 /* 113 * Tries to match the string against the 114 * comma-separated sequence of subpatterns (each possibly preceded by ! to 115 * indicate negation). Returns -1 if negation matches, 1 if there is 116 * a positive match, 0 if there is no match at all. 117 */ 118 int 119 match_pattern_list(const char *string, const char *pattern, int dolower) 120 { 121 char sub[1024]; 122 int negated; 123 int got_positive; 124 u_int i, subi, len = strlen(pattern); 125 126 got_positive = 0; 127 for (i = 0; i < len;) { 128 /* Check if the subpattern is negated. */ 129 if (pattern[i] == '!') { 130 negated = 1; 131 i++; 132 } else 133 negated = 0; 134 135 /* 136 * Extract the subpattern up to a comma or end. Convert the 137 * subpattern to lowercase. 138 */ 139 for (subi = 0; 140 i < len && subi < sizeof(sub) - 1 && pattern[i] != ','; 141 subi++, i++) 142 sub[subi] = dolower && isupper((u_char)pattern[i]) ? 143 tolower((u_char)pattern[i]) : pattern[i]; 144 /* If subpattern too long, return failure (no match). */ 145 if (subi >= sizeof(sub) - 1) 146 return 0; 147 148 /* If the subpattern was terminated by a comma, skip the comma. */ 149 if (i < len && pattern[i] == ',') 150 i++; 151 152 /* Null-terminate the subpattern. */ 153 sub[subi] = '\0'; 154 155 /* Try to match the subpattern against the string. */ 156 if (match_pattern(string, sub)) { 157 if (negated) 158 return -1; /* Negative */ 159 else 160 got_positive = 1; /* Positive */ 161 } 162 } 163 164 /* 165 * Return success if got a positive match. If there was a negative 166 * match, we have already returned -1 and never get here. 167 */ 168 return got_positive; 169 } 170 171 /* 172 * Tries to match the host name (which must be in all lowercase) against the 173 * comma-separated sequence of subpatterns (each possibly preceded by ! to 174 * indicate negation). Returns -1 if negation matches, 1 if there is 175 * a positive match, 0 if there is no match at all. 176 */ 177 int 178 match_hostname(const char *host, const char *pattern) 179 { 180 return match_pattern_list(host, pattern, 1); 181 } 182 183 /* 184 * returns 0 if we get a negative match for the hostname or the ip 185 * or if we get no match at all. returns -1 on error, or 1 on 186 * successful match. 187 */ 188 int 189 match_host_and_ip(const char *host, const char *ipaddr, 190 const char *patterns) 191 { 192 int mhost, mip; 193 194 /* error in ipaddr match */ 195 if ((mip = addr_match_list(ipaddr, patterns)) == -2) 196 return -1; 197 else if (mip == -1) /* negative ip address match */ 198 return 0; 199 200 /* negative hostname match */ 201 if ((mhost = match_hostname(host, patterns)) == -1) 202 return 0; 203 /* no match at all */ 204 if (mhost == 0 && mip == 0) 205 return 0; 206 return 1; 207 } 208 209 /* 210 * match user, user@host_or_ip, user@host_or_ip_list against pattern 211 */ 212 int 213 match_user(const char *user, const char *host, const char *ipaddr, 214 const char *pattern) 215 { 216 char *p, *pat; 217 int ret; 218 219 if ((p = strchr(pattern,'@')) == NULL) 220 return match_pattern(user, pattern); 221 222 pat = xstrdup(pattern); 223 p = strchr(pat, '@'); 224 *p++ = '\0'; 225 226 if ((ret = match_pattern(user, pat)) == 1) 227 ret = match_host_and_ip(host, ipaddr, p); 228 free(pat); 229 230 return ret; 231 } 232 233 /* 234 * Returns first item from client-list that is also supported by server-list, 235 * caller must free the returned string. 236 */ 237 #define MAX_PROP 40 238 #define SEP "," 239 char * 240 match_list(const char *client, const char *server, u_int *next) 241 { 242 char *sproposals[MAX_PROP]; 243 char *c, *s, *p, *ret, *cp, *sp; 244 int i, j, nproposals; 245 246 c = cp = xstrdup(client); 247 s = sp = xstrdup(server); 248 249 for ((p = strsep(&sp, SEP)), i=0; p && *p != '\0'; 250 (p = strsep(&sp, SEP)), i++) { 251 if (i < MAX_PROP) 252 sproposals[i] = p; 253 else 254 break; 255 } 256 nproposals = i; 257 258 for ((p = strsep(&cp, SEP)), i=0; p && *p != '\0'; 259 (p = strsep(&cp, SEP)), i++) { 260 for (j = 0; j < nproposals; j++) { 261 if (strcmp(p, sproposals[j]) == 0) { 262 ret = xstrdup(p); 263 if (next != NULL) 264 *next = (cp == NULL) ? 265 strlen(c) : (u_int)(cp - c); 266 free(c); 267 free(s); 268 return ret; 269 } 270 } 271 } 272 if (next != NULL) 273 *next = strlen(c); 274 free(c); 275 free(s); 276 return NULL; 277 } 278