source: trunk/minix/lib/ip/ruserok.c@ 16

Last change on this file since 16 was 9, checked in by Mattia Monga, 14 years ago

Minix 3.1.2a
File size: 4.6 KB
RevLine 
[9]1/* ruserok() - hosts.equiv and .rhosts check Author: Kees J. Bot
2 * 25 May 2001
3 *
4 * Under Minix one can use IP addresses, CIDR network blocks, and hostnames
5 * with wildcards in .rhosts files. Only the iruserok() interface can be
6 * used, and the IP address is reverse/forward crosschecked if a hostname
7 * match is done. Ruserok() is dead and buried. The superuser parameter is
8 * ignored, because it makes root too special. Most users on Minix can be
9 * root, so hosts.equiv would become useless if root can't use it. Likewise
10 * .rhosts isn't checked to be root or user owned and stuff, users have to
11 * be careful themselves.
12 */
13
14#include <sys/types.h>
15#include <string.h>
16#include <stdio.h>
17#include <ctype.h>
18#include <limits.h>
19#include <pwd.h>
20#include <net/hton.h>
21#include <net/gen/in.h>
22#include <net/gen/netdb.h>
23#include <net/gen/inet.h>
24#include <net/gen/socket.h>
25#include <net/gen/nameser.h>
26
27/* Odd global variable. Seems to be used by lpd(8). */
28int __check_rhosts_file = 1;
29
30static int cidr_aton(char *word, ipaddr_t *addr, ipaddr_t *mask)
31/* Try to interpret 'word' as an CIDR spec, e.g. 172.16.102.64/27. */
32{
33 char *slash;
34 int r;
35 static char S32[]= "/32";
36
37 if (*word == 0) return 0;
38
39 if ((slash= strchr(word, '/')) == NULL) slash= S32;
40
41 *slash= 0;
42 r= inet_aton(word, addr);
43 *slash++= '/';
44 if (!r) return 0;
45
46 r= 0;
47 while ((*slash - '0') < 10u) {
48 r= 10*r + (*slash++ - '0');
49 if (r > 32) return 0;
50 }
51 if (*slash != 0 || slash[-1] == '/') return 0;
52 *mask= htonl(r == 0 ? 0L : (0xFFFFFFFFUL >> (32 - r)) << (32 - r));
53 return 1;
54}
55
56static int match(const char *word, const char *pattern)
57/* Match word onto a pattern. Pattern may contain the * wildcard. */
58{
59 unsigned cw, cp;
60#define lc(c, d) ((((c)= (d)) - 'A') <= ('Z' - 'A') ? (c)+= ('a' - 'A') : 0)
61
62 for (;;) {
63 lc(cw, *word);
64 lc(cp, *pattern);
65
66 if (cp == '*') {
67 do pattern++; while (*pattern == '*');
68 lc(cp, *pattern);
69 if (cp == 0) return 1;
70
71 while (cw != 0) {
72 if (cw == cp && match(word+1, pattern+1)) return 1;
73 word++;
74 lc(cw, *word);
75 }
76 return 0;
77 } else
78 if (cw == 0 || cp == 0) {
79 return cw == cp;
80 } else
81 if (cw == cp) {
82 word++;
83 pattern++;
84 } else {
85 return 0;
86 }
87 }
88#undef lc
89}
90
91static int get_name(ipaddr_t addr, char *name)
92/* Do a reverse lookup on the remote IP address followed by a forward lookup
93 * to check if the host has that address. Return true if this is so, return
94 * either the true name or the ascii IP address in name[].
95 */
96{
97 struct hostent *he;
98 int ok, i;
99
100 ok= 0;
101 he= gethostbyaddr((char *) &addr, sizeof(addr), AF_INET);
102 if (he != NULL) {
103 strcpy(name, he->h_name);
104 he= gethostbyname(name);
105
106 if (he != NULL && he->h_addrtype == AF_INET) {
107 for (i= 0; he->h_addr_list[i] != NULL; i++) {
108 if (memcmp(he->h_addr_list[i], &addr, sizeof(addr)) == 0) {
109 ok= 1;
110 break;
111 }
112 }
113 }
114 }
115 strcpy(name, ok ? he->h_name : inet_ntoa(addr));
116 return ok;
117}
118
119int __ivaliduser(FILE *hostf, unsigned long raddr,
120 const char *luser, const char *ruser)
121{
122 register char *p;
123 char buf[MAXDNAME + 128]; /* host + login */
124 char rhost[MAXDNAME]; /* remote host */
125 char *word[2];
126 int i, ch, got_name;
127 ipaddr_t addr, mask;
128
129 got_name = -1;
130
131 while (fgets(buf, sizeof(buf), hostf)) {
132 /* Skip lines that are too long. */
133 if (strchr(buf, '\n') == NULL) {
134 while ((ch = fgetc(hostf)) != '\n' && ch != EOF);
135 continue;
136 }
137 i = 0;
138 p = buf;
139 for (;;) {
140 while (isspace(*p)) *p++ = '\0';
141 if (*p == '\0') break;
142 if (i < 2) word[i] = p;
143 i++;
144 while (*p != '\0' && !isspace(*p)) p++;
145 }
146 if (i != 1 && i != 2) continue;
147 if (word[0][0] == '#') continue;
148 if (strcmp(ruser, i == 2 ? word[1] : luser) != 0) continue;
149
150 if (cidr_aton(word[0], &addr, &mask)) {
151 if (((raddr ^ addr) & mask) == 0) return (0);
152 continue;
153 }
154
155 if (got_name == -1) got_name = get_name(raddr, rhost);
156 if (match(rhost, word[0])) return (0);
157 }
158 return (-1);
159}
160
161int iruserok(unsigned long raddr, int superuser,
162 const char *ruser, const char *luser)
163{
164 /* Returns 0 if ok, -1 if not ok. */
165 struct passwd *pwd;
166 FILE *hostf;
167 int i, r;
168 char pbuf[PATH_MAX];
169
170 for (i = 0; i < 2; i++) {
171 if (i == 0) {
172 strcpy(pbuf, _PATH_HEQUIV);
173 } else {
174 if (!__check_rhosts_file) return (-1);
175 if ((pwd = getpwnam(luser)) == NULL) return (-1);
176 (void)strcpy(pbuf, pwd->pw_dir);
177 (void)strcat(pbuf, "/.rhosts");
178 }
179
180 if ((hostf = fopen(pbuf, "r")) == NULL) return (-1);
181
182 r = __ivaliduser(hostf, raddr, luser, ruser);
183 (void)fclose(hostf);
184 if (r == 0) return (0);
185 }
186 return (-1);
187}
Note: See TracBrowser for help on using the repository browser.