match.c revision 1.32
1/* $OpenBSD: match.c,v 1.32 2016/09/21 16:55:42 djm Exp $ */ 2/* 3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * Simple pattern matching, with '*' and '?' as wildcards. 7 * 8 * As far as I am concerned, the code I have written for this software 9 * can be used freely for any purpose. Any derived versions of this 10 * software must be clearly marked as such, and if the derived work is 11 * incompatible with the protocol description in the RFC file, it must be 12 * called by a name other than "ssh" or "Secure Shell". 13 */ 14/* 15 * Copyright (c) 2000 Markus Friedl. All rights reserved. 16 * 17 * Redistribution and use in source and binary forms, with or without 18 * modification, are permitted provided that the following conditions 19 * are met: 20 * 1. Redistributions of source code must retain the above copyright 21 * notice, this list of conditions and the following disclaimer. 22 * 2. Redistributions in binary form must reproduce the above copyright 23 * notice, this list of conditions and the following disclaimer in the 24 * documentation and/or other materials provided with the distribution. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 27 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 28 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 29 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 30 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 31 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 32 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 33 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 34 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36 */ 37 38#include <sys/types.h> 39 40#include <ctype.h> 41#include <stdlib.h> 42#include <string.h> 43 44#include "xmalloc.h" 45#include "match.h" 46 47/* 48 * Returns true if the given string matches the pattern (which may contain ? 49 * and * as wildcards), and zero if it does not match. 50 */ 51 52int 53match_pattern(const char *s, const char *pattern) 54{ 55 for (;;) { 56 /* If at end of pattern, accept if also at end of string. */ 57 if (!*pattern) 58 return !*s; 59 60 if (*pattern == '*') { 61 /* Skip the asterisk. */ 62 pattern++; 63 64 /* If at end of pattern, accept immediately. */ 65 if (!*pattern) 66 return 1; 67 68 /* If next character in pattern is known, optimize. */ 69 if (*pattern != '?' && *pattern != '*') { 70 /* 71 * Look instances of the next character in 72 * pattern, and try to match starting from 73 * those. 74 */ 75 for (; *s; s++) 76 if (*s == *pattern && 77 match_pattern(s + 1, pattern + 1)) 78 return 1; 79 /* Failed. */ 80 return 0; 81 } 82 /* 83 * Move ahead one character at a time and try to 84 * match at each position. 85 */ 86 for (; *s; s++) 87 if (match_pattern(s, pattern)) 88 return 1; 89 /* Failed. */ 90 return 0; 91 } 92 /* 93 * There must be at least one more character in the string. 94 * If we are at the end, fail. 95 */ 96 if (!*s) 97 return 0; 98 99 /* Check if the next character of the string is acceptable. */ 100 if (*pattern != '?' && *pattern != *s) 101 return 0; 102 103 /* Move to the next character, both in string and in pattern. */ 104 s++; 105 pattern++; 106 } 107 /* NOTREACHED */ 108} 109 110/* 111 * Tries to match the string against the 112 * comma-separated sequence of subpatterns (each possibly preceded by ! to 113 * indicate negation). Returns -1 if negation matches, 1 if there is 114 * a positive match, 0 if there is no match at all. 115 */ 116int 117match_pattern_list(const char *string, const char *pattern, int dolower) 118{ 119 char sub[1024]; 120 int negated; 121 int got_positive; 122 u_int i, subi, len = strlen(pattern); 123 124 got_positive = 0; 125 for (i = 0; i < len;) { 126 /* Check if the subpattern is negated. */ 127 if (pattern[i] == '!') { 128 negated = 1; 129 i++; 130 } else 131 negated = 0; 132 133 /* 134 * Extract the subpattern up to a comma or end. Convert the 135 * subpattern to lowercase. 136 */ 137 for (subi = 0; 138 i < len && subi < sizeof(sub) - 1 && pattern[i] != ','; 139 subi++, i++) 140 sub[subi] = dolower && isupper((u_char)pattern[i]) ? 141 tolower((u_char)pattern[i]) : pattern[i]; 142 /* If subpattern too long, return failure (no match). */ 143 if (subi >= sizeof(sub) - 1) 144 return 0; 145 146 /* If the subpattern was terminated by a comma, skip the comma. */ 147 if (i < len && pattern[i] == ',') 148 i++; 149 150 /* Null-terminate the subpattern. */ 151 sub[subi] = '\0'; 152 153 /* Try to match the subpattern against the string. */ 154 if (match_pattern(string, sub)) { 155 if (negated) 156 return -1; /* Negative */ 157 else 158 got_positive = 1; /* Positive */ 159 } 160 } 161 162 /* 163 * Return success if got a positive match. If there was a negative 164 * match, we have already returned -1 and never get here. 165 */ 166 return got_positive; 167} 168 169/* 170 * Tries to match the host name (which must be in all lowercase) against the 171 * comma-separated sequence of subpatterns (each possibly preceded by ! to 172 * indicate negation). Returns -1 if negation matches, 1 if there is 173 * a positive match, 0 if there is no match at all. 174 */ 175int 176match_hostname(const char *host, const char *pattern) 177{ 178 return match_pattern_list(host, pattern, 1); 179} 180 181/* 182 * returns 0 if we get a negative match for the hostname or the ip 183 * or if we get no match at all. returns -1 on error, or 1 on 184 * successful match. 185 */ 186int 187match_host_and_ip(const char *host, const char *ipaddr, 188 const char *patterns) 189{ 190 int mhost, mip; 191 192 /* error in ipaddr match */ 193 if ((mip = addr_match_list(ipaddr, patterns)) == -2) 194 return -1; 195 else if (mip == -1) /* negative ip address match */ 196 return 0; 197 198 /* negative hostname match */ 199 if ((mhost = match_hostname(host, patterns)) == -1) 200 return 0; 201 /* no match at all */ 202 if (mhost == 0 && mip == 0) 203 return 0; 204 return 1; 205} 206 207/* 208 * match user, user@host_or_ip, user@host_or_ip_list against pattern 209 */ 210int 211match_user(const char *user, const char *host, const char *ipaddr, 212 const char *pattern) 213{ 214 char *p, *pat; 215 int ret; 216 217 if ((p = strchr(pattern,'@')) == NULL) 218 return match_pattern(user, pattern); 219 220 pat = xstrdup(pattern); 221 p = strchr(pat, '@'); 222 *p++ = '\0'; 223 224 if ((ret = match_pattern(user, pat)) == 1) 225 ret = match_host_and_ip(host, ipaddr, p); 226 free(pat); 227 228 return ret; 229} 230 231/* 232 * Returns first item from client-list that is also supported by server-list, 233 * caller must free the returned string. 234 */ 235#define MAX_PROP 40 236#define SEP "," 237char * 238match_list(const char *client, const char *server, u_int *next) 239{ 240 char *sproposals[MAX_PROP]; 241 char *c, *s, *p, *ret, *cp, *sp; 242 int i, j, nproposals; 243 244 c = cp = xstrdup(client); 245 s = sp = xstrdup(server); 246 247 for ((p = strsep(&sp, SEP)), i=0; p && *p != '\0'; 248 (p = strsep(&sp, SEP)), i++) { 249 if (i < MAX_PROP) 250 sproposals[i] = p; 251 else 252 break; 253 } 254 nproposals = i; 255 256 for ((p = strsep(&cp, SEP)), i=0; p && *p != '\0'; 257 (p = strsep(&cp, SEP)), i++) { 258 for (j = 0; j < nproposals; j++) { 259 if (strcmp(p, sproposals[j]) == 0) { 260 ret = xstrdup(p); 261 if (next != NULL) 262 *next = (cp == NULL) ? 263 strlen(c) : (u_int)(cp - c); 264 free(c); 265 free(s); 266 return ret; 267 } 268 } 269 } 270 if (next != NULL) 271 *next = strlen(c); 272 free(c); 273 free(s); 274 return NULL; 275} 276