int main(void)
{
log_init();
log_set_level(LOG_DEBUG, NULL);
log_set_file("ip_addr_check.log");
ip_addr_check();
ip_addr_ctor_from_str_check();
ip_addr_routable_check();
broadcast_check();
scm_conv_check();
log_fini();
return EXIT_SUCCESS;
}
/*
* auth_ip_addr - check whether the peer is authorized to use
* a given IP address. Returns 1 if authorized, 0 otherwise.
*/
int
auth_ip_addr(int unit, u32_t addr)
{
return ip_addr_check(addr, addresses[unit]);
}
/*
* scan_authfile - Scan an authorization file for a secret suitable
* for authenticating `client' on `server'. The return value is -1
* if no secret is found, otherwise >= 0. The return value has
* NONWILD_CLIENT set if the secret didn't have "*" for the client, and
* NONWILD_SERVER set if the secret didn't have "*" for the server.
* Any following words on the line (i.e. address authorization
* info) are placed in a wordlist and returned in *addrs.
*/
static int
scan_authfile(FILE *f, char *client, char *server, u_int32_t ipaddr,
char *secret, struct wordlist **addrs, char *filename)
{
int newline, xxx;
int got_flag, best_flag;
FILE *sf;
struct wordlist *ap, *addr_list, *alist, *alast;
char word[MAXWORDLEN];
char atfile[MAXWORDLEN];
char lsecret[MAXWORDLEN];
if (addrs != NULL)
*addrs = NULL;
addr_list = NULL;
if (!getword(f, word, &newline, filename))
return -1; /* file is empty??? */
newline = 1;
best_flag = -1;
for (;;) {
/*
* Skip until we find a word at the start of a line.
*/
while (!newline && getword(f, word, &newline, filename))
;
if (!newline)
break; /* got to end of file */
/*
* Got a client - check if it's a match or a wildcard.
*/
got_flag = 0;
if (client != NULL && strcmp(word, client) != 0 && !ISWILD(word)) {
newline = 0;
continue;
}
if (!ISWILD(word))
got_flag = NONWILD_CLIENT;
/*
* Now get a server and check if it matches.
*/
if (!getword(f, word, &newline, filename))
break;
if (newline)
continue;
if (server != NULL && strcmp(word, server) != 0 && !ISWILD(word))
continue;
if (!ISWILD(word))
got_flag |= NONWILD_SERVER;
/*
* Got some sort of a match - see if it's better than what
* we have already.
*/
if (got_flag <= best_flag)
continue;
/*
* Get the secret.
*/
if (!getword(f, word, &newline, filename))
break;
if (newline)
continue;
/*
* Special syntax: @filename means read secret from file.
*/
if (word[0] == '@') {
strcpy(atfile, word+1);
if ((sf = fopen(atfile, "r")) == NULL) {
syslog(LOG_WARNING, "can't open indirect secret file %s",
atfile);
continue;
}
check_access(sf, atfile);
if (!getword(sf, word, &xxx, atfile)) {
syslog(LOG_WARNING, "no secret in indirect secret file %s",
atfile);
fclose(sf);
continue;
}
fclose(sf);
}
if (secret != NULL)
strcpy(lsecret, word);
/*
* Now read address authorization info and make a wordlist.
*/
alist = alast = NULL;
for (;;) {
if (!getword(f, word, &newline, filename) || newline)
break;
ap = (struct wordlist *) malloc(sizeof(struct wordlist)
+ strlen(word));
if (ap == NULL)
novm("authorized addresses");
ap->next = NULL;
strcpy(ap->word, word);
if (alist == NULL)
alist = ap;
else
alast->next = ap;
alast = ap;
}
/*
* Check if the given IP address is allowed by the wordlist.
*/
if (ipaddr != 0 && !ip_addr_check(ipaddr, alist)) {
free_wordlist(alist);
continue;
}
/*
* This is the best so far; remember it.
*/
best_flag = got_flag;
if (addr_list)
free_wordlist(addr_list);
addr_list = alist;
if (secret != NULL)
strcpy(secret, lsecret);
if (!newline)
break;
}
if (addrs != NULL)
*addrs = addr_list;
else if (addr_list != NULL)
free_wordlist(addr_list);
non_wildclient = (best_flag & NONWILD_CLIENT) && client != NULL &&
*client != '\0';
return best_flag;
}
