match.c revision 1.5
1/* $NetBSD: match.c,v 1.5 2015/04/03 23:58:19 christos Exp $ */ 2/* $OpenBSD: match.c,v 1.29 2013/11/20 20:54:10 deraadt Exp $ */ 3/* 4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 5 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 6 * All rights reserved 7 * Simple pattern matching, with '*' and '?' as wildcards. 8 * 9 * As far as I am concerned, the code I have written for this software 10 * can be used freely for any purpose. Any derived versions of this 11 * software must be clearly marked as such, and if the derived work is 12 * incompatible with the protocol description in the RFC file, it must be 13 * called by a name other than "ssh" or "Secure Shell". 14 */ 15/* 16 * Copyright (c) 2000 Markus Friedl. All rights reserved. 17 * 18 * Redistribution and use in source and binary forms, with or without 19 * modification, are permitted provided that the following conditions 20 * are met: 21 * 1. Redistributions of source code must retain the above copyright 22 * notice, this list of conditions and the following disclaimer. 23 * 2. Redistributions in binary form must reproduce the above copyright 24 * notice, this list of conditions and the following disclaimer in the 25 * documentation and/or other materials provided with the distribution. 26 * 27 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 28 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 29 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 30 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 31 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 32 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 33 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 34 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 35 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 36 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 37 */ 38 39#include "includes.h" 40__RCSID("$NetBSD: match.c,v 1.5 2015/04/03 23:58:19 christos Exp $"); 41#include <sys/types.h> 42 43#include <ctype.h> 44#include <stdlib.h> 45#include <string.h> 46 47#include "xmalloc.h" 48#include "match.h" 49 50/* 51 * Returns true if the given string matches the pattern (which may contain ? 52 * and * as wildcards), and zero if it does not match. 53 */ 54 55int 56match_pattern(const char *s, const char *pattern) 57{ 58 for (;;) { 59 /* If at end of pattern, accept if also at end of string. */ 60 if (!*pattern) 61 return !*s; 62 63 if (*pattern == '*') { 64 /* Skip the asterisk. */ 65 pattern++; 66 67 /* If at end of pattern, accept immediately. */ 68 if (!*pattern) 69 return 1; 70 71 /* If next character in pattern is known, optimize. */ 72 if (*pattern != '?' && *pattern != '*') { 73 /* 74 * Look instances of the next character in 75 * pattern, and try to match starting from 76 * those. 77 */ 78 for (; *s; s++) 79 if (*s == *pattern && 80 match_pattern(s + 1, pattern + 1)) 81 return 1; 82 /* Failed. */ 83 return 0; 84 } 85 /* 86 * Move ahead one character at a time and try to 87 * match at each position. 88 */ 89 for (; *s; s++) 90 if (match_pattern(s, pattern)) 91 return 1; 92 /* Failed. */ 93 return 0; 94 } 95 /* 96 * There must be at least one more character in the string. 97 * If we are at the end, fail. 98 */ 99 if (!*s) 100 return 0; 101 102 /* Check if the next character of the string is acceptable. */ 103 if (*pattern != '?' && *pattern != *s) 104 return 0; 105 106 /* Move to the next character, both in string and in pattern. */ 107 s++; 108 pattern++; 109 } 110 /* NOTREACHED */ 111} 112 113/* 114 * Tries to match the string against the 115 * comma-separated sequence of subpatterns (each possibly preceded by ! to 116 * indicate negation). Returns -1 if negation matches, 1 if there is 117 * a positive match, 0 if there is no match at all. 118 */ 119 120int 121match_pattern_list(const char *string, const char *pattern, u_int len, 122 int dolower) 123{ 124 char sub[1024]; 125 int negated; 126 int got_positive; 127 u_int i, subi; 128 129 got_positive = 0; 130 for (i = 0; i < len;) { 131 /* Check if the subpattern is negated. */ 132 if (pattern[i] == '!') { 133 negated = 1; 134 i++; 135 } else 136 negated = 0; 137 138 /* 139 * Extract the subpattern up to a comma or end. Convert the 140 * subpattern to lowercase. 141 */ 142 for (subi = 0; 143 i < len && subi < sizeof(sub) - 1 && pattern[i] != ','; 144 subi++, i++) 145 sub[subi] = dolower && isupper((u_char)pattern[i]) ? 146 tolower((u_char)pattern[i]) : pattern[i]; 147 /* If subpattern too long, return failure (no match). */ 148 if (subi >= sizeof(sub) - 1) 149 return 0; 150 151 /* If the subpattern was terminated by a comma, skip the comma. */ 152 if (i < len && pattern[i] == ',') 153 i++; 154 155 /* Null-terminate the subpattern. */ 156 sub[subi] = '\0'; 157 158 /* Try to match the subpattern against the string. */ 159 if (match_pattern(string, sub)) { 160 if (negated) 161 return -1; /* Negative */ 162 else 163 got_positive = 1; /* Positive */ 164 } 165 } 166 167 /* 168 * Return success if got a positive match. If there was a negative 169 * match, we have already returned -1 and never get here. 170 */ 171 return got_positive; 172} 173 174/* 175 * Tries to match the host name (which must be in all lowercase) against the 176 * comma-separated sequence of subpatterns (each possibly preceded by ! to 177 * indicate negation). Returns -1 if negation matches, 1 if there is 178 * a positive match, 0 if there is no match at all. 179 */ 180int 181match_hostname(const char *host, const char *pattern, u_int len) 182{ 183 return match_pattern_list(host, pattern, len, 1); 184} 185 186/* 187 * returns 0 if we get a negative match for the hostname or the ip 188 * or if we get no match at all. returns -1 on error, or 1 on 189 * successful match. 190 */ 191int 192match_host_and_ip(const char *host, const char *ipaddr, 193 const char *patterns) 194{ 195 int mhost, mip; 196 197 /* error in ipaddr match */ 198 if ((mip = addr_match_list(ipaddr, patterns)) == -2) 199 return -1; 200 else if (mip == -1) /* negative ip address match */ 201 return 0; 202 203 /* negative hostname match */ 204 if ((mhost = match_hostname(host, patterns, strlen(patterns))) == -1) 205 return 0; 206 /* no match at all */ 207 if (mhost == 0 && mip == 0) 208 return 0; 209 return 1; 210} 211 212/* 213 * match user, user@host_or_ip, user@host_or_ip_list against pattern 214 */ 215int 216match_user(const char *user, const char *host, const char *ipaddr, 217 const char *pattern) 218{ 219 char *p, *pat; 220 int ret; 221 222 if ((p = strchr(pattern,'@')) == NULL) 223 return match_pattern(user, pattern); 224 225 pat = xstrdup(pattern); 226 p = strchr(pat, '@'); 227 *p++ = '\0'; 228 229 if ((ret = match_pattern(user, pat)) == 1) 230 ret = match_host_and_ip(host, ipaddr, p); 231 free(pat); 232 233 return ret; 234} 235 236/* 237 * Returns first item from client-list that is also supported by server-list, 238 * caller must free the returned string. 239 */ 240#define MAX_PROP 40 241#define SEP "," 242char * 243match_list(const char *client, const char *server, u_int *next) 244{ 245 char *sproposals[MAX_PROP]; 246 char *c, *s, *p, *ret, *cp, *sp; 247 int i, j, nproposals; 248 249 c = cp = xstrdup(client); 250 s = sp = xstrdup(server); 251 252 for ((p = strsep(&sp, SEP)), i=0; p && *p != '\0'; 253 (p = strsep(&sp, SEP)), i++) { 254 if (i < MAX_PROP) 255 sproposals[i] = p; 256 else 257 break; 258 } 259 nproposals = i; 260 261 for ((p = strsep(&cp, SEP)), i=0; p && *p != '\0'; 262 (p = strsep(&cp, SEP)), i++) { 263 for (j = 0; j < nproposals; j++) { 264 if (strcmp(p, sproposals[j]) == 0) { 265 ret = xstrdup(p); 266 if (next != NULL) 267 *next = (cp == NULL) ? 268 strlen(c) : (u_int)(cp - c); 269 free(c); 270 free(s); 271 return ret; 272 } 273 } 274 } 275 if (next != NULL) 276 *next = strlen(c); 277 free(c); 278 free(s); 279 return NULL; 280} 281