1 /* $OpenBSD: match.c,v 1.38 2018/07/04 13:49:31 djm Exp $ */
3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
6 * Simple pattern matching, with '*' and '?' as wildcards.
8 * As far as I am concerned, the code I have written for this software
9 * can be used freely for any purpose. Any derived versions of this
10 * software must be clearly marked as such, and if the derived work is
11 * incompatible with the protocol description in the RFC file, it must be
12 * called by a name other than "ssh" or "Secure Shell".
15 * Copyright (c) 2000 Markus Friedl. All rights reserved.
17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions
20 * 1. Redistributions of source code must retain the above copyright
21 * notice, this list of conditions and the following disclaimer.
22 * 2. Redistributions in binary form must reproduce the above copyright
23 * notice, this list of conditions and the following disclaimer in the
24 * documentation and/or other materials provided with the distribution.
26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
27 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
29 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
30 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
31 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
40 #include <sys/types.h>
52 * Returns true if the given string matches the pattern (which may contain ?
53 * and * as wildcards), and zero if it does not match.
57 match_pattern(const char *s, const char *pattern)
60 /* If at end of pattern, accept if also at end of string. */
64 if (*pattern == '*') {
65 /* Skip the asterisk. */
68 /* If at end of pattern, accept immediately. */
72 /* If next character in pattern is known, optimize. */
73 if (*pattern != '?' && *pattern != '*') {
75 * Look instances of the next character in
76 * pattern, and try to match starting from
81 match_pattern(s + 1, pattern + 1))
87 * Move ahead one character at a time and try to
88 * match at each position.
91 if (match_pattern(s, pattern))
97 * There must be at least one more character in the string.
98 * If we are at the end, fail.
103 /* Check if the next character of the string is acceptable. */
104 if (*pattern != '?' && *pattern != *s)
107 /* Move to the next character, both in string and in pattern. */
115 * Tries to match the string against the
116 * comma-separated sequence of subpatterns (each possibly preceded by ! to
117 * indicate negation). Returns -1 if negation matches, 1 if there is
118 * a positive match, 0 if there is no match at all.
121 match_pattern_list(const char *string, const char *pattern, int dolower)
126 u_int i, subi, len = strlen(pattern);
129 for (i = 0; i < len;) {
130 /* Check if the subpattern is negated. */
131 if (pattern[i] == '!') {
138 * Extract the subpattern up to a comma or end. Convert the
139 * subpattern to lowercase.
142 i < len && subi < sizeof(sub) - 1 && pattern[i] != ',';
144 sub[subi] = dolower && isupper((u_char)pattern[i]) ?
145 tolower((u_char)pattern[i]) : pattern[i];
146 /* If subpattern too long, return failure (no match). */
147 if (subi >= sizeof(sub) - 1)
150 /* If the subpattern was terminated by a comma, then skip it. */
151 if (i < len && pattern[i] == ',')
154 /* Null-terminate the subpattern. */
157 /* Try to match the subpattern against the string. */
158 if (match_pattern(string, sub)) {
160 return -1; /* Negative */
162 got_positive = 1; /* Positive */
167 * Return success if got a positive match. If there was a negative
168 * match, we have already returned -1 and never get here.
174 * Tries to match the host name (which must be in all lowercase) against the
175 * comma-separated sequence of subpatterns (each possibly preceded by ! to
176 * indicate negation). Returns -1 if negation matches, 1 if there is
177 * a positive match, 0 if there is no match at all.
180 match_hostname(const char *host, const char *pattern)
182 char *hostcopy = xstrdup(host);
186 r = match_pattern_list(hostcopy, pattern, 1);
192 * returns 0 if we get a negative match for the hostname or the ip
193 * or if we get no match at all. returns -1 on error, or 1 on
197 match_host_and_ip(const char *host, const char *ipaddr,
198 const char *patterns)
202 if ((mip = addr_match_list(ipaddr, patterns)) == -2)
203 return -1; /* error in ipaddr match */
204 else if (host == NULL || ipaddr == NULL || mip == -1)
205 return 0; /* negative ip address match, or testing pattern */
207 /* negative hostname match */
208 if ((mhost = match_hostname(host, patterns)) == -1)
210 /* no match at all */
211 if (mhost == 0 && mip == 0)
217 * Match user, user@host_or_ip, user@host_or_ip_list against pattern.
218 * If user, host and ipaddr are all NULL then validate pattern/
219 * Returns -1 on invalid pattern, 0 on no match, 1 on match.
222 match_user(const char *user, const char *host, const char *ipaddr,
229 if (user == NULL && host == NULL && ipaddr == NULL) {
230 if ((p = strchr(pattern, '@')) != NULL &&
231 match_host_and_ip(NULL, NULL, p + 1) < 0)
236 if ((p = strchr(pattern,'@')) == NULL)
237 return match_pattern(user, pattern);
239 pat = xstrdup(pattern);
240 p = strchr(pat, '@');
243 if ((ret = match_pattern(user, pat)) == 1)
244 ret = match_host_and_ip(host, ipaddr, p);
251 * Returns first item from client-list that is also supported by server-list,
252 * caller must free the returned string.
257 match_list(const char *client, const char *server, u_int *next)
259 char *sproposals[MAX_PROP];
260 char *c, *s, *p, *ret, *cp, *sp;
261 int i, j, nproposals;
263 c = cp = xstrdup(client);
264 s = sp = xstrdup(server);
266 for ((p = strsep(&sp, SEP)), i=0; p && *p != '\0';
267 (p = strsep(&sp, SEP)), i++) {
275 for ((p = strsep(&cp, SEP)), i=0; p && *p != '\0';
276 (p = strsep(&cp, SEP)), i++) {
277 for (j = 0; j < nproposals; j++) {
278 if (strcmp(p, sproposals[j]) == 0) {
281 *next = (cp == NULL) ?
282 strlen(c) : (u_int)(cp - c);
297 * Filter proposal using pattern-list filter.
298 * "blacklist" determines sense of filter:
299 * non-zero indicates that items matching filter should be excluded.
300 * zero indicates that only items matching filter should be included.
301 * returns NULL on allocation error, otherwise caller must free result.
304 filter_list(const char *proposal, const char *filter, int blacklist)
306 size_t len = strlen(proposal) + 1;
307 char *fix_prop = malloc(len);
308 char *orig_prop = strdup(proposal);
312 if (fix_prop == NULL || orig_prop == NULL) {
320 while ((cp = strsep(&tmp, ",")) != NULL) {
321 r = match_pattern_list(cp, filter, 0);
322 if ((blacklist && r != 1) || (!blacklist && r == 1)) {
323 if (*fix_prop != '\0')
324 strlcat(fix_prop, ",", len);
325 strlcat(fix_prop, cp, len);
333 * Filters a comma-separated list of strings, excluding any entry matching
334 * the 'filter' pattern list. Caller must free returned string.
337 match_filter_blacklist(const char *proposal, const char *filter)
339 return filter_list(proposal, filter, 1);
343 * Filters a comma-separated list of strings, including only entries matching
344 * the 'filter' pattern list. Caller must free returned string.
347 match_filter_whitelist(const char *proposal, const char *filter)
349 return filter_list(proposal, filter, 0);