xref: /titanic_50/usr/src/cmd/ssh/libssh/common/match.c (revision 275c9da86e89f8abf71135cf63d9fc23671b2e60)
1 /*
2  * Author: Tatu Ylonen <ylo@cs.hut.fi>
3  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4  *                    All rights reserved
5  * Simple pattern matching, with '*' and '?' as wildcards.
6  *
7  * As far as I am concerned, the code I have written for this software
8  * can be used freely for any purpose.  Any derived versions of this
9  * software must be clearly marked as such, and if the derived work is
10  * incompatible with the protocol description in the RFC file, it must be
11  * called by a name other than "ssh" or "Secure Shell".
12  */
13 /*
14  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
15  *
16  * Redistribution and use in source and binary forms, with or without
17  * modification, are permitted provided that the following conditions
18  * are met:
19  * 1. Redistributions of source code must retain the above copyright
20  *    notice, this list of conditions and the following disclaimer.
21  * 2. Redistributions in binary form must reproduce the above copyright
22  *    notice, this list of conditions and the following disclaimer in the
23  *    documentation and/or other materials provided with the distribution.
24  *
25  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
26  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
27  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
28  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
29  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35  */
36 
37 #include "includes.h"
38 RCSID("$OpenBSD: match.c,v 1.19 2002/03/01 13:12:10 markus Exp $");
39 
40 #pragma ident	"%Z%%M%	%I%	%E% SMI"
41 
42 #include "match.h"
43 #include "xmalloc.h"
44 
45 /*
46  * Returns true if the given string matches the pattern (which may contain ?
47  * and * as wildcards), and zero if it does not match.
48  */
49 
50 int
51 match_pattern(const char *s, const char *pattern)
52 {
53 	for (;;) {
54 		/* If at end of pattern, accept if also at end of string. */
55 		if (!*pattern)
56 			return !*s;
57 
58 		if (*pattern == '*') {
59 			/* Skip the asterisk. */
60 			pattern++;
61 
62 			/* If at end of pattern, accept immediately. */
63 			if (!*pattern)
64 				return 1;
65 
66 			/* If next character in pattern is known, optimize. */
67 			if (*pattern != '?' && *pattern != '*') {
68 				/*
69 				 * Look instances of the next character in
70 				 * pattern, and try to match starting from
71 				 * those.
72 				 */
73 				for (; *s; s++)
74 					if (*s == *pattern &&
75 					    match_pattern(s + 1, pattern + 1))
76 						return 1;
77 				/* Failed. */
78 				return 0;
79 			}
80 			/*
81 			 * Move ahead one character at a time and try to
82 			 * match at each position.
83 			 */
84 			for (; *s; s++)
85 				if (match_pattern(s, pattern))
86 					return 1;
87 			/* Failed. */
88 			return 0;
89 		}
90 		/*
91 		 * There must be at least one more character in the string.
92 		 * If we are at the end, fail.
93 		 */
94 		if (!*s)
95 			return 0;
96 
97 		/* Check if the next character of the string is acceptable. */
98 		if (*pattern != '?' && *pattern != *s)
99 			return 0;
100 
101 		/* Move to the next character, both in string and in pattern. */
102 		s++;
103 		pattern++;
104 	}
105 	/* NOTREACHED */
106 }
107 
108 /*
109  * Tries to match the string against the
110  * comma-separated sequence of subpatterns (each possibly preceded by ! to
111  * indicate negation).  Returns -1 if negation matches, 1 if there is
112  * a positive match, 0 if there is no match at all.
113  */
114 
115 int
116 match_pattern_list(const char *string, const char *pattern, u_int len,
117     int dolower)
118 {
119 	char sub[1024];
120 	int negated;
121 	int got_positive;
122 	u_int i, subi;
123 
124 	got_positive = 0;
125 	for (i = 0; i < len;) {
126 		/* Check if the subpattern is negated. */
127 		if (pattern[i] == '!') {
128 			negated = 1;
129 			i++;
130 		} else
131 			negated = 0;
132 
133 		/*
134 		 * Extract the subpattern up to a comma or end.  Convert the
135 		 * subpattern to lowercase.
136 		 */
137 		for (subi = 0;
138 		    i < len && subi < sizeof(sub) - 1 && pattern[i] != ',';
139 		    subi++, i++)
140 			sub[subi] = dolower && isupper(pattern[i]) ?
141 			    tolower(pattern[i]) : pattern[i];
142 		/* If subpattern too long, return failure (no match). */
143 		if (subi >= sizeof(sub) - 1)
144 			return 0;
145 
146 		/* If the subpattern was terminated by a comma, skip the comma. */
147 		if (i < len && pattern[i] == ',')
148 			i++;
149 
150 		/* Null-terminate the subpattern. */
151 		sub[subi] = '\0';
152 
153 		/* Try to match the subpattern against the string. */
154 		if (match_pattern(string, sub)) {
155 			if (negated)
156 				return -1;		/* Negative */
157 			else
158 				got_positive = 1;	/* Positive */
159 		}
160 	}
161 
162 	/*
163 	 * Return success if got a positive match.  If there was a negative
164 	 * match, we have already returned -1 and never get here.
165 	 */
166 	return got_positive;
167 }
168 
169 /*
170  * Tries to match the host name (which must be in all lowercase) against the
171  * comma-separated sequence of subpatterns (each possibly preceded by ! to
172  * indicate negation).  Returns -1 if negation matches, 1 if there is
173  * a positive match, 0 if there is no match at all.
174  */
175 int
176 match_hostname(const char *host, const char *pattern, u_int len)
177 {
178 	return match_pattern_list(host, pattern, len, 1);
179 }
180 
181 /*
182  * returns 0 if we get a negative match for the hostname or the ip
183  * or if we get no match at all.  returns 1 otherwise.
184  */
185 int
186 match_host_and_ip(const char *host, const char *ipaddr,
187     const char *patterns)
188 {
189 	int mhost, mip;
190 
191 	/* negative ipaddr match */
192 	if ((mip = match_hostname(ipaddr, patterns, strlen(patterns))) == -1)
193 		return 0;
194 	/* negative hostname match */
195 	if ((mhost = match_hostname(host, patterns, strlen(patterns))) == -1)
196 		return 0;
197 	/* no match at all */
198 	if (mhost == 0 && mip == 0)
199 		return 0;
200 	return 1;
201 }
202 
203 /*
204  * match user, user@host_or_ip, user@host_or_ip_list against pattern
205  */
206 int
207 match_user(const char *user, const char *host, const char *ipaddr,
208     const char *pattern)
209 {
210 	char *p, *pat;
211 	int ret;
212 
213 	if ((p = strchr(pattern,'@')) == NULL)
214 		return match_pattern(user, pattern);
215 
216 	pat = xstrdup(pattern);
217 	p = strchr(pat, '@');
218 	*p++ = '\0';
219 
220 	if ((ret = match_pattern(user, pat)) == 1)
221 		ret = match_host_and_ip(host, ipaddr, p);
222 	xfree(pat);
223 
224 	return ret;
225 }
226 
227 /*
228  * Returns first item from client-list that is also supported by server-list,
229  * caller must xfree() returned string.
230  */
231 #define	MAX_PROP	40
232 #define	SEP	","
233 char *
234 match_list(const char *client, const char *server, u_int *next)
235 {
236 	char *sproposals[MAX_PROP];
237 	char *c, *s, *p, *ret, *cp, *sp;
238 	int i, j, nproposals;
239 
240 	c = cp = xstrdup(client);
241 	s = sp = xstrdup(server);
242 
243 	for ((p = strsep(&sp, SEP)), i=0; p && *p != '\0';
244 	    (p = strsep(&sp, SEP)), i++) {
245 		if (i < MAX_PROP)
246 			sproposals[i] = p;
247 		else
248 			break;
249 	}
250 	nproposals = i;
251 
252 	for ((p = strsep(&cp, SEP)), i=0; p && *p != '\0';
253 	    (p = strsep(&cp, SEP)), i++) {
254 		for (j = 0; j < nproposals; j++) {
255 			if (strcmp(p, sproposals[j]) == 0) {
256 				ret = xstrdup(p);
257 				if (next != NULL)
258 					*next = (cp == NULL) ?
259 					    strlen(c) : cp - c;
260 				xfree(c);
261 				xfree(s);
262 				return ret;
263 			}
264 		}
265 	}
266 	if (next != NULL)
267 		*next = strlen(c);
268 	xfree(c);
269 	xfree(s);
270 	return NULL;
271 }
272