Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

source: trunk/minix/lib/ip/ruserok.c@ 12

Last change on this file since 12 was 9, checked in by Mattia Monga, 14 years ago
Minix 3.1.2a
File size: 4.6 KB

Line
1	/* ruserok() - hosts.equiv and .rhosts check Author: Kees J. Bot
2	* 25 May 2001
3	*
4	* Under Minix one can use IP addresses, CIDR network blocks, and hostnames
5	* with wildcards in .rhosts files. Only the iruserok() interface can be
6	* used, and the IP address is reverse/forward crosschecked if a hostname
7	* match is done. Ruserok() is dead and buried. The superuser parameter is
8	* ignored, because it makes root too special. Most users on Minix can be
9	* root, so hosts.equiv would become useless if root can't use it. Likewise
10	* .rhosts isn't checked to be root or user owned and stuff, users have to
11	* be careful themselves.
12	*/
13
14	#include <sys/types.h>
15	#include <string.h>
16	#include <stdio.h>
17	#include <ctype.h>
18	#include <limits.h>
19	#include <pwd.h>
20	#include <net/hton.h>
21	#include <net/gen/in.h>
22	#include <net/gen/netdb.h>
23	#include <net/gen/inet.h>
24	#include <net/gen/socket.h>
25	#include <net/gen/nameser.h>
26
27	/* Odd global variable. Seems to be used by lpd(8). */
28	int __check_rhosts_file = 1;
29
30	static int cidr_aton(char word, ipaddr_t addr, ipaddr_t *mask)
31	/* Try to interpret 'word' as an CIDR spec, e.g. 172.16.102.64/27. */
32	{
33	char *slash;
34	int r;
35	static char S32[]= "/32";
36
37	if (*word == 0) return 0;
38
39	if ((slash= strchr(word, '/')) == NULL) slash= S32;
40
41	*slash= 0;
42	r= inet_aton(word, addr);
43	*slash++= '/';
44	if (!r) return 0;
45
46	r= 0;
47	while ((*slash - '0') < 10u) {
48	r= 10r + (slash++ - '0');
49	if (r > 32) return 0;
50	}
51	if (*slash != 0 \|\| slash[-1] == '/') return 0;
52	*mask= htonl(r == 0 ? 0L : (0xFFFFFFFFUL >> (32 - r)) << (32 - r));
53	return 1;
54	}
55
56	static int match(const char word, const char pattern)
57	/* Match word onto a pattern. Pattern may contain the * wildcard. */
58	{
59	unsigned cw, cp;
60	#define lc(c, d) ((((c)= (d)) - 'A') <= ('Z' - 'A') ? (c)+= ('a' - 'A') : 0)
61
62	for (;;) {
63	lc(cw, *word);
64	lc(cp, *pattern);
65
66	if (cp == '*') {
67	do pattern++; while (pattern == '');
68	lc(cp, *pattern);
69	if (cp == 0) return 1;
70
71	while (cw != 0) {
72	if (cw == cp && match(word+1, pattern+1)) return 1;
73	word++;
74	lc(cw, *word);
75	}
76	return 0;
77	} else
78	if (cw == 0 \|\| cp == 0) {
79	return cw == cp;
80	} else
81	if (cw == cp) {
82	word++;
83	pattern++;
84	} else {
85	return 0;
86	}
87	}
88	#undef lc
89	}
90
91	static int get_name(ipaddr_t addr, char *name)
92	/* Do a reverse lookup on the remote IP address followed by a forward lookup
93	* to check if the host has that address. Return true if this is so, return
94	* either the true name or the ascii IP address in name[].
95	*/
96	{
97	struct hostent *he;
98	int ok, i;
99
100	ok= 0;
101	he= gethostbyaddr((char *) &addr, sizeof(addr), AF_INET);
102	if (he != NULL) {
103	strcpy(name, he->h_name);
104	he= gethostbyname(name);
105
106	if (he != NULL && he->h_addrtype == AF_INET) {
107	for (i= 0; he->h_addr_list[i] != NULL; i++) {
108	if (memcmp(he->h_addr_list[i], &addr, sizeof(addr)) == 0) {
109	ok= 1;
110	break;
111	}
112	}
113	}
114	}
115	strcpy(name, ok ? he->h_name : inet_ntoa(addr));
116	return ok;
117	}
118
119	int __ivaliduser(FILE *hostf, unsigned long raddr,
120	const char luser, const char ruser)
121	{
122	register char *p;
123	char buf[MAXDNAME + 128]; /* host + login */
124	char rhost[MAXDNAME]; /* remote host */
125	char *word[2];
126	int i, ch, got_name;
127	ipaddr_t addr, mask;
128
129	got_name = -1;
130
131	while (fgets(buf, sizeof(buf), hostf)) {
132	/* Skip lines that are too long. */
133	if (strchr(buf, '\n') == NULL) {
134	while ((ch = fgetc(hostf)) != '\n' && ch != EOF);
135	continue;
136	}
137	i = 0;
138	p = buf;
139	for (;;) {
140	while (isspace(p)) p++ = '\0';
141	if (*p == '\0') break;
142	if (i < 2) word[i] = p;
143	i++;
144	while (p != '\0' && !isspace(p)) p++;
145	}
146	if (i != 1 && i != 2) continue;
147	if (word[0][0] == '#') continue;
148	if (strcmp(ruser, i == 2 ? word[1] : luser) != 0) continue;
149
150	if (cidr_aton(word[0], &addr, &mask)) {
151	if (((raddr ^ addr) & mask) == 0) return (0);
152	continue;
153	}
154
155	if (got_name == -1) got_name = get_name(raddr, rhost);
156	if (match(rhost, word[0])) return (0);
157	}
158	return (-1);
159	}
160
161	int iruserok(unsigned long raddr, int superuser,
162	const char ruser, const char luser)
163	{
164	/* Returns 0 if ok, -1 if not ok. */
165	struct passwd *pwd;
166	FILE *hostf;
167	int i, r;
168	char pbuf[PATH_MAX];
169
170	for (i = 0; i < 2; i++) {
171	if (i == 0) {
172	strcpy(pbuf, _PATH_HEQUIV);
173	} else {
174	if (!__check_rhosts_file) return (-1);
175	if ((pwd = getpwnam(luser)) == NULL) return (-1);
176	(void)strcpy(pbuf, pwd->pw_dir);
177	(void)strcat(pbuf, "/.rhosts");
178	}
179
180	if ((hostf = fopen(pbuf, "r")) == NULL) return (-1);
181
182	r = __ivaliduser(hostf, raddr, luser, ruser);
183	(void)fclose(hostf);
184	if (r == 0) return (0);
185	}
186	return (-1);
187	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: