/* string_match - match string against token */
static bool string_match(TALLOC_CTX *mem_ctx, const char *tok,const char *s, char *invalid_char)
{
size_t tok_len;
size_t str_len;
const char *cut;
*invalid_char = '\0';
/* Return true if a token has the magic value "ALL". Return
* FAIL if the token is "FAIL". If the token starts with a "."
* (domain name), return true if it matches the last fields of
* the string. If the token has the magic value "LOCAL",
* return true if the string does not contain a "."
* character. If the token ends on a "." (network number),
* return true if it matches the first fields of the
* string. If the token begins with a "@" (netgroup name),
* return true if the string is a (host) member of the
* netgroup. Return true if the token fully matches the
* string. If the token is a netnumber/netmask pair, return
* true if the address is a member of the specified subnet.
*/
if (tok[0] == '.') { /* domain: match last fields */
if ((str_len = strlen(s)) > (tok_len = strlen(tok))
&& strcasecmp(tok, s + str_len - tok_len)==0) {
return true;
}
} else if (tok[0] == '@') { /* netgroup: look it up */
DEBUG(0,("access: netgroup support is not available\n"));
return false;
} else if (strcmp(tok, "ALL")==0) { /* all: match any */
return true;
} else if (strcmp(tok, "FAIL")==0) { /* fail: match any */
return FAIL;
} else if (strcmp(tok, "LOCAL")==0) { /* local: no dots */
if (strchr(s, '.') == 0 && strcasecmp(s, "unknown") != 0) {
return true;
}
} else if (strcasecmp(tok, s)==0) { /* match host name or address */
return true;
} else if (tok[(tok_len = strlen(tok)) - 1] == '.') { /* network */
if (strncmp(tok, s, tok_len) == 0)
return true;
} else if ((cut = strchr(tok, '/')) != 0) { /* netnumber/netmask */
if (isdigit((int)s[0]) && masked_match(mem_ctx, tok, cut, s))
return true;
} else if (strchr(tok, '*') != 0) {
*invalid_char = '*';
} else if (strchr(tok, '?') != 0) {
*invalid_char = '?';
}
return false;
}
/* string_match - match string s against token tok */
static bool string_match(const char *tok,const char *s)
{
size_t tok_len;
size_t str_len;
const char *cut;
/* Return true if a token has the magic value "ALL". Return
* true if the token is "FAIL". If the token starts with a "."
* (domain name), return true if it matches the last fields of
* the string. If the token has the magic value "LOCAL",
* return true if the string does not contain a "."
* character. If the token ends on a "." (network number),
* return true if it matches the first fields of the
* string. If the token begins with a "@" (netgroup name),
* return true if the string is a (host) member of the
* netgroup. Return true if the token fully matches the
* string. If the token is a netnumber/netmask pair, return
* true if the address is a member of the specified subnet.
*/
if (tok[0] == '.') { /* domain: match last fields */
if ((str_len = strlen(s)) > (tok_len = strlen(tok))
&& strequal(tok, s + str_len - tok_len)) {
return true;
}
} else if (tok[0] == '@') { /* netgroup: look it up */
#ifdef HAVE_NETGROUP
DATA_BLOB tmp;
char *mydomain = NULL;
char *hostname = NULL;
bool netgroup_ok = false;
if (memcache_lookup(
NULL, SINGLETON_CACHE,
data_blob_string_const_null("yp_default_domain"),
&tmp)) {
SMB_ASSERT(tmp.length > 0);
mydomain = (tmp.data[0] == '\0')
? NULL : (char *)tmp.data;
}
else {
yp_get_default_domain(&mydomain);
memcache_add(
NULL, SINGLETON_CACHE,
data_blob_string_const_null("yp_default_domain"),
data_blob_string_const_null(mydomain?mydomain:""));
}
if (!mydomain) {
DEBUG(0,("Unable to get default yp domain. "
"Try without it.\n"));
}
if (!(hostname = SMB_STRDUP(s))) {
DEBUG(1,("out of memory for strdup!\n"));
return false;
}
netgroup_ok = innetgr(tok + 1, hostname, (char *) 0, mydomain);
DEBUG(5,("looking for %s of domain %s in netgroup %s gave %s\n",
hostname,
mydomain?mydomain:"(ANY)",
tok+1,
BOOLSTR(netgroup_ok)));
SAFE_FREE(hostname);
if (netgroup_ok)
return true;
#else
DEBUG(0,("access: netgroup support is not configured\n"));
return false;
#endif
} else if (strequal(tok, "ALL")) { /* all: match any */
return true;
} else if (strequal(tok, "FAIL")) { /* fail: match any */
return true;
} else if (strequal(tok, "LOCAL")) { /* local: no dots */
if (strchr_m(s, '.') == 0 && !strequal(s, "unknown")) {
return true;
}
} else if (strequal(tok, s)) { /* match host name or address */
return true;
} else if (tok[(tok_len = strlen(tok)) - 1] == '.') { /* network */
if (strncmp(tok, s, tok_len) == 0) {
return true;
}
} else if ((cut = strchr_m(tok, '/')) != 0) { /* netnumber/netmask */
if ((isdigit(s[0]) && strchr_m(tok, '.') != NULL) ||
(tok[0] == '[' && cut > tok && cut[-1] == ']') ||
((isxdigit(s[0]) || s[0] == ':') &&
strchr_m(tok, ':') != NULL)) {
/* IPv4/netmask or
* [IPv6:addr]/netmask or IPv6:addr/netmask */
return masked_match(tok, cut, s);
}
} else if (strchr_m(tok, '*') != 0 || strchr_m(tok, '?')) {
return unix_wild_match(tok, s);
}
return false;
}
/* string_match - match string against token */
static int string_match(char *tok,char *s)
{
int tok_len;
int str_len;
char *cut;
/*
* Return YES if a token has the magic value "ALL". Return FAIL if the
* token is "FAIL". If the token starts with a "." (domain name), return
* YES if it matches the last fields of the string. If the token has the
* magic value "LOCAL", return YES if the string does not contain a "."
* character. If the token ends on a "." (network number), return YES if
* it matches the first fields of the string. If the token begins with a
* "@" (netgroup name), return YES if the string is a (host) member of
* the netgroup. Return YES if the token fully matches the string. If the
* token is a netnumber/netmask pair, return YES if the address is a
* member of the specified subnet.
*/
if (tok[0] == '.') { /* domain: match last fields */
if ((str_len = strlen(s)) > (tok_len = strlen(tok))
&& strcasecmp(tok, s + str_len - tok_len) == 0)
return (YES);
} else if (tok[0] == '@') { /* netgroup: look it up */
#ifdef NETGROUP
static char *mydomain = NULL;
char *hostname = NULL;
BOOL netgroup_ok = False;
if (!mydomain) yp_get_default_domain(&mydomain);
if (!mydomain) {
DEBUG(0,("Unable to get default yp domain.\n"));
return NO;
}
if (!(hostname = strdup(s))) {
DEBUG(1,("out of memory for strdup!\n"));
return NO;
}
netgroup_ok = innetgr(tok + 1, hostname, (char *) 0, mydomain);
DEBUG(5,("looking for %s of domain %s in netgroup %s gave %s\n",
hostname,
mydomain,
tok+1,
BOOLSTR(netgroup_ok)));
#ifdef NETGROUP_INSECURE
/* if you really want netgroups that match non qualified names
then define NETGROUP_INSECURE. It can, however, be a big
security hole */
{
char *clnt_domain;
if (!netgroup_ok && (clnt_domain=strchr(hostname,'.'))) {
*clnt_domain++ = '\0';
netgroup_ok = innetgr(tok + 1, hostname, (char *) 0, mydomain);
}
}
#endif
free(hostname);
if (netgroup_ok) return(YES);
#else
DEBUG(0,("access: netgroup support is not configured\n"));
return (NO);
#endif
} else if (strcasecmp(tok, "ALL") == 0) { /* all: match any */
return (YES);
} else if (strcasecmp(tok, "FAIL") == 0) { /* fail: match any */
return (FAIL);
} else if (strcasecmp(tok, "LOCAL") == 0) { /* local: no dots */
if (strchr(s, '.') == 0 && strcasecmp(s, "unknown") != 0)
return (YES);
} else if (!strcasecmp(tok, s)) { /* match host name or address */
return (YES);
} else if (tok[(tok_len = strlen(tok)) - 1] == '.') { /* network */
if (strncmp(tok, s, tok_len) == 0)
return (YES);
} else if ((cut = strchr(tok, '/')) != 0) { /* netnumber/netmask */
if (isdigit(s[0]) && masked_match(tok, cut, s))
return (YES);
}
return (NO);
}
