END_TEST START_TEST (netaddr_ncmp_test) { pr_netaddr_t *addr, *addr2; int res; unsigned int nbits = 0; const char *name; res = pr_netaddr_ncmp(NULL, NULL, nbits); fail_unless(res == 0, "Expected 0, got %d", res); name = "127.0.0.1"; addr = pr_netaddr_get_addr(p, name, NULL); fail_unless(addr != NULL, "Failed to resolve '%s': %s", name, strerror(errno)); res = pr_netaddr_ncmp(addr, NULL, nbits); fail_unless(res == 1, "Expected 1, got %d", res); res = pr_netaddr_ncmp(NULL, addr, nbits); fail_unless(res == -1, "Expected -1, got %d", res); res = pr_netaddr_ncmp(NULL, addr, nbits); fail_unless(res == -1, "Expected -1, got %d", res); nbits = 48; res = pr_netaddr_ncmp(addr, addr, nbits); fail_unless(res == -1, "Expected -1, got %d", res); fail_unless(errno == EINVAL, "Expected EINVAL (%d), got %s (%d)", EINVAL, strerror(errno), errno); name = "::1"; addr2 = pr_netaddr_get_addr(p, name, NULL); fail_unless(addr2 != NULL, "Failed to resolve '%s': %s", name, strerror(errno)); nbits = 0; res = pr_netaddr_ncmp(addr, addr2, nbits); fail_unless(res == -1, "Expected -1, got %d", res); res = pr_netaddr_ncmp(addr2, addr, nbits); fail_unless(res == -1, "Expected -1, got %d", res); name = "::ffff:127.0.0.1"; addr2 = pr_netaddr_get_addr(p, name, NULL); fail_unless(addr2 != NULL, "Failed to resolve '%s': %s", name, strerror(errno)); res = pr_netaddr_ncmp(addr, addr2, nbits); fail_unless(res == 0, "Expected 0, got %d", res); res = pr_netaddr_ncmp(addr2, addr, nbits); fail_unless(res == 0, "Expected 0, got %d", res); nbits = 24; res = pr_netaddr_ncmp(addr2, addr, nbits); fail_unless(res == 0, "Expected 0, got %d", res); }
/* Returns 1 if there was a positive match, -1 if there was a negative * match, -2 if there was an error, and zero if there was no match at all. */ int pr_netacl_match(const pr_netacl_t *acl, const pr_netaddr_t *addr) { pool *tmp_pool; if (acl == NULL || addr == NULL) { errno = EINVAL; return -2; } tmp_pool = make_sub_pool(permanent_pool); switch (acl->type) { case PR_NETACL_TYPE_ALL: pr_trace_msg(trace_channel, 10, "addr '%s' matched rule 'ALL' ('%s')", pr_netaddr_get_ipstr(addr), pr_netacl_get_str(tmp_pool, acl)); destroy_pool(tmp_pool); return 1; case PR_NETACL_TYPE_NONE: pr_trace_msg(trace_channel, 10, "addr '%s' matched rule 'NONE'", pr_netaddr_get_ipstr(addr)); destroy_pool(tmp_pool); return -1; case PR_NETACL_TYPE_IPMASK: pr_trace_msg(trace_channel, 10, "checking addr '%s' against IP mask rule '%s'", pr_netaddr_get_ipstr(addr), acl->aclstr); if (pr_netaddr_ncmp(addr, acl->addr, acl->masklen) == 0) { pr_trace_msg(trace_channel, 10, "addr '%s' matched IP mask rule '%s'", pr_netaddr_get_ipstr(addr), acl->aclstr); destroy_pool(tmp_pool); if (acl->negated) return -1; return 1; } else { if (acl->negated) { destroy_pool(tmp_pool); return 1; } } break; case PR_NETACL_TYPE_IPMATCH: pr_trace_msg(trace_channel, 10, "checking addr '%s' against IP address rule '%s'", pr_netaddr_get_ipstr(addr), acl->aclstr); if (pr_netaddr_cmp(addr, acl->addr) == 0) { pr_trace_msg(trace_channel, 10, "addr '%s' matched IP address rule '%s'", pr_netaddr_get_ipstr(addr), acl->aclstr); destroy_pool(tmp_pool); if (acl->negated) return -1; return 1; } else { if (acl->negated) { destroy_pool(tmp_pool); return 1; } } break; case PR_NETACL_TYPE_DNSMATCH: pr_trace_msg(trace_channel, 10, "checking addr '%s' against DNS name rule '%s'", pr_netaddr_get_dnsstr(addr), acl->pattern); if (strcmp(pr_netaddr_get_dnsstr(addr), acl->pattern) == 0) { pr_trace_msg(trace_channel, 10, "addr '%s' (%s) matched DNS name rule '%s'", pr_netaddr_get_ipstr(addr), pr_netaddr_get_dnsstr(addr), acl->aclstr); destroy_pool(tmp_pool); if (acl->negated) return -1; return 1; } else { if (acl->negated) { destroy_pool(tmp_pool); return 1; } } break; case PR_NETACL_TYPE_IPGLOB: pr_trace_msg(trace_channel, 10, "checking addr '%s' against IP glob rule '%s'", pr_netaddr_get_ipstr(addr), acl->aclstr); if (pr_netaddr_fnmatch(addr, acl->pattern, PR_NETADDR_MATCH_IP) == TRUE) { pr_trace_msg(trace_channel, 10, "addr '%s' matched IP glob rule '%s'", pr_netaddr_get_ipstr(addr), acl->aclstr); destroy_pool(tmp_pool); if (acl->negated) return -1; return 1; } else { if (acl->negated) { destroy_pool(tmp_pool); return 1; } } break; case PR_NETACL_TYPE_DNSGLOB: if (ServerUseReverseDNS) { pr_trace_msg(trace_channel, 10, "checking addr '%s' against DNS glob rule '%s'", pr_netaddr_get_dnsstr(addr), acl->pattern); if (pr_netaddr_fnmatch(addr, acl->pattern, PR_NETADDR_MATCH_DNS) == TRUE) { pr_trace_msg(trace_channel, 10, "addr '%s' (%s) matched DNS glob rule '%s'", pr_netaddr_get_ipstr(addr), pr_netaddr_get_dnsstr(addr), acl->aclstr); destroy_pool(tmp_pool); if (acl->negated) return -1; return 1; } else { if (acl->negated) { destroy_pool(tmp_pool); return 1; } } } else { pr_trace_msg(trace_channel, 10, "skipping comparing addr '%s' (%s) against DNS glob rule '%s' " "because UseReverseDNS is off", pr_netaddr_get_ipstr(addr), pr_netaddr_get_dnsstr(addr), acl->aclstr); } break; } destroy_pool(tmp_pool); return 0; }