/*
* returns 0 if we get a negative match for the hostname or the ip
* or if we get no match at all. returns -1 on error, or 1 on
* successful match.
*/
int
match_host_and_ip(const char *host, const char *ipaddr,
const char *patterns)
{
int mhost, mip;
/* error in ipaddr match */
if ((mip = addr_match_list(ipaddr, patterns)) == -2)
return -1;
else if (mip == -1) /* negative ip address match */
return 0;
/* negative hostname match */
if ((mhost = match_hostname(host, patterns, strlen(patterns))) == -1)
return 0;
/* no match at all */
if (mhost == 0 && mip == 0)
return 0;
return 1;
}
static int
match_cfg_line(char **condition, int line, const char *user, const char *host,
const char *address)
{
int result = 1;
char *arg, *attrib, *cp = *condition;
size_t len;
if (user == NULL)
debug3("checking syntax for 'Match %s'", cp);
else
debug3("checking match for '%s' user %s host %s addr %s", cp,
user ? user : "******", host ? host : "(null)",
address ? address : "(null)");
while ((attrib = strdelim(&cp)) && *attrib != '\0') {
if ((arg = strdelim(&cp)) == NULL || *arg == '\0') {
error("Missing Match criteria for %s", attrib);
return -1;
}
len = strlen(arg);
if (strcasecmp(attrib, "user") == 0) {
if (!user) {
result = 0;
continue;
}
if (match_pattern_list(user, arg, len, 0) != 1)
result = 0;
else
debug("user %.100s matched 'User %.100s' at "
"line %d", user, arg, line);
} else if (strcasecmp(attrib, "group") == 0) {
switch (match_cfg_line_group(arg, line, user)) {
case -1:
return -1;
case 0:
result = 0;
}
} else if (strcasecmp(attrib, "host") == 0) {
if (!host) {
result = 0;
continue;
}
if (match_hostname(host, arg, len) != 1)
result = 0;
else
debug("connection from %.100s matched 'Host "
"%.100s' at line %d", host, arg, line);
} else if (strcasecmp(attrib, "address") == 0) {
switch (addr_match_list(address, arg)) {
case 1:
debug("connection from %.100s matched 'Address "
"%.100s' at line %d", address, arg, line);
break;
case 0:
case -1:
result = 0;
break;
case -2:
return -1;
}
} else {
error("Unsupported Match attribute %s", attrib);
return -1;
}
}
if (user != NULL)
debug3("match %sfound", result ? "" : "not ");
*condition = cp;
return result;
}
void
tests(void)
{
TEST_START("match_pattern");
ASSERT_INT_EQ(match_pattern("", ""), 1);
ASSERT_INT_EQ(match_pattern("", "aaa"), 0);
ASSERT_INT_EQ(match_pattern("aaa", ""), 0);
ASSERT_INT_EQ(match_pattern("aaa", "aaaa"), 0);
ASSERT_INT_EQ(match_pattern("aaaa", "aaa"), 0);
TEST_DONE();
TEST_START("match_pattern wildcard");
ASSERT_INT_EQ(match_pattern("", "*"), 1);
ASSERT_INT_EQ(match_pattern("a", "?"), 1);
ASSERT_INT_EQ(match_pattern("aa", "a?"), 1);
ASSERT_INT_EQ(match_pattern("a", "*"), 1);
ASSERT_INT_EQ(match_pattern("aa", "a*"), 1);
ASSERT_INT_EQ(match_pattern("aa", "?*"), 1);
ASSERT_INT_EQ(match_pattern("aa", "**"), 1);
ASSERT_INT_EQ(match_pattern("aa", "?a"), 1);
ASSERT_INT_EQ(match_pattern("aa", "*a"), 1);
ASSERT_INT_EQ(match_pattern("ba", "a?"), 0);
ASSERT_INT_EQ(match_pattern("ba", "a*"), 0);
ASSERT_INT_EQ(match_pattern("ab", "?a"), 0);
ASSERT_INT_EQ(match_pattern("ab", "*a"), 0);
TEST_DONE();
TEST_START("match_pattern_list");
ASSERT_INT_EQ(match_pattern_list("", "", 0), 0); /* no patterns */
ASSERT_INT_EQ(match_pattern_list("", "*", 0), 1);
ASSERT_INT_EQ(match_pattern_list("", "!*", 0), -1);
ASSERT_INT_EQ(match_pattern_list("", "!a,*", 0), 1);
ASSERT_INT_EQ(match_pattern_list("", "*,!a", 0), 1);
ASSERT_INT_EQ(match_pattern_list("", "a,!*", 0), -1);
ASSERT_INT_EQ(match_pattern_list("", "!*,a", 0), -1);
ASSERT_INT_EQ(match_pattern_list("a", "", 0), 0);
ASSERT_INT_EQ(match_pattern_list("a", "*", 0), 1);
ASSERT_INT_EQ(match_pattern_list("a", "!*", 0), -1);
ASSERT_INT_EQ(match_pattern_list("a", "!a", 0), -1);
/* XXX negated ASSERT_INT_EQ(match_pattern_list("a", "!b", 0), 1); */
ASSERT_INT_EQ(match_pattern_list("a", "!a,*", 0), -1);
ASSERT_INT_EQ(match_pattern_list("b", "!a,*", 0), 1);
ASSERT_INT_EQ(match_pattern_list("a", "*,!a", 0), -1);
ASSERT_INT_EQ(match_pattern_list("b", "*,!a", 0), 1);
ASSERT_INT_EQ(match_pattern_list("a", "a,!*", 0), -1);
ASSERT_INT_EQ(match_pattern_list("b", "a,!*", 0), -1);
ASSERT_INT_EQ(match_pattern_list("a", "a,!a", 0), -1);
/* XXX negated ASSERT_INT_EQ(match_pattern_list("b", "a,!a", 0), 1); */
ASSERT_INT_EQ(match_pattern_list("a", "!*,a", 0), -1);
ASSERT_INT_EQ(match_pattern_list("b", "!*,a", 0), -1);
TEST_DONE();
TEST_START("match_pattern_list lowercase");
ASSERT_INT_EQ(match_pattern_list("abc", "ABC", 0), 0);
ASSERT_INT_EQ(match_pattern_list("ABC", "abc", 0), 0);
ASSERT_INT_EQ(match_pattern_list("abc", "ABC", 1), 1);
ASSERT_INT_EQ(match_pattern_list("ABC", "abc", 1), 0);
TEST_DONE();
TEST_START("addr_match_list");
ASSERT_INT_EQ(addr_match_list("127.0.0.1", "127.0.0.1/44"), -2);
ASSERT_INT_EQ(addr_match_list(NULL, "127.0.0.1/44"), -2);
ASSERT_INT_EQ(addr_match_list("a", "*"), 0);
ASSERT_INT_EQ(addr_match_list("127.0.0.1", "*"), 1);
ASSERT_INT_EQ(addr_match_list(NULL, "*"), 0);
ASSERT_INT_EQ(addr_match_list("127.0.0.1", "127.0.0.1"), 1);
ASSERT_INT_EQ(addr_match_list("127.0.0.1", "127.0.0.2"), 0);
ASSERT_INT_EQ(addr_match_list("127.0.0.1", "!127.0.0.1"), -1);
/* XXX negated ASSERT_INT_EQ(addr_match_list("127.0.0.1", "!127.0.0.2"), 1); */
ASSERT_INT_EQ(addr_match_list("127.0.0.255", "127.0.0.0/24"), 1);
ASSERT_INT_EQ(addr_match_list("127.0.1.1", "127.0.0.0/24"), 0);
ASSERT_INT_EQ(addr_match_list("127.0.0.1", "127.0.0.0/24"), 1);
ASSERT_INT_EQ(addr_match_list("127.0.0.1", "127.0.1.0/24"), 0);
ASSERT_INT_EQ(addr_match_list("127.0.0.1", "!127.0.0.0/24"), -1);
/* XXX negated ASSERT_INT_EQ(addr_match_list("127.0.0.1", "!127.0.1.0/24"), 1); */
ASSERT_INT_EQ(addr_match_list("127.0.0.1", "10.0.0.1,!127.0.0.1"), -1);
ASSERT_INT_EQ(addr_match_list("127.0.0.1", "!127.0.0.1,10.0.0.1"), -1);
ASSERT_INT_EQ(addr_match_list("127.0.0.1", "10.0.0.1,127.0.0.2"), 0);
ASSERT_INT_EQ(addr_match_list("127.0.0.1", "127.0.0.2,10.0.0.1"), 0);
/* XXX negated ASSERT_INT_EQ(addr_match_list("127.0.0.1", "10.0.0.1,!127.0.0.2"), 1); */
/* XXX negated ASSERT_INT_EQ(addr_match_list("127.0.0.1", "!127.0.0.2,10.0.0.1"), 1); */
TEST_DONE();
#define CHECK_FILTER(string,filter,expected) \
do { \
char *result = match_filter_list((string), (filter)); \
ASSERT_STRING_EQ(result, expected); \
free(result); \
} while (0)
TEST_START("match_filter_list");
CHECK_FILTER("a,b,c", "", "a,b,c");
CHECK_FILTER("a,b,c", "a", "b,c");
CHECK_FILTER("a,b,c", "b", "a,c");
CHECK_FILTER("a,b,c", "c", "a,b");
CHECK_FILTER("a,b,c", "a,b", "c");
CHECK_FILTER("a,b,c", "a,c", "b");
CHECK_FILTER("a,b,c", "b,c", "a");
CHECK_FILTER("a,b,c", "a,b,c", "");
CHECK_FILTER("a,b,c", "b,c", "a");
CHECK_FILTER("", "a,b,c", "");
TEST_DONE();
/*
* XXX TODO
* int match_host_and_ip(const char *, const char *, const char *);
* int match_user(const char *, const char *, const char *, const char *);
* char *match_list(const char *, const char *, u_int *);
* int addr_match_cidr_list(const char *, const char *);
*/
}
