/* string_match - match string against token */ static bool string_match(TALLOC_CTX *mem_ctx, const char *tok,const char *s, char *invalid_char) { size_t tok_len; size_t str_len; const char *cut; *invalid_char = '\0'; /* Return true if a token has the magic value "ALL". Return * FAIL if the token is "FAIL". If the token starts with a "." * (domain name), return true if it matches the last fields of * the string. If the token has the magic value "LOCAL", * return true if the string does not contain a "." * character. If the token ends on a "." (network number), * return true if it matches the first fields of the * string. If the token begins with a "@" (netgroup name), * return true if the string is a (host) member of the * netgroup. Return true if the token fully matches the * string. If the token is a netnumber/netmask pair, return * true if the address is a member of the specified subnet. */ if (tok[0] == '.') { /* domain: match last fields */ if ((str_len = strlen(s)) > (tok_len = strlen(tok)) && strcasecmp(tok, s + str_len - tok_len)==0) { return true; } } else if (tok[0] == '@') { /* netgroup: look it up */ DEBUG(0,("access: netgroup support is not available\n")); return false; } else if (strcmp(tok, "ALL")==0) { /* all: match any */ return true; } else if (strcmp(tok, "FAIL")==0) { /* fail: match any */ return FAIL; } else if (strcmp(tok, "LOCAL")==0) { /* local: no dots */ if (strchr(s, '.') == 0 && strcasecmp(s, "unknown") != 0) { return true; } } else if (strcasecmp(tok, s)==0) { /* match host name or address */ return true; } else if (tok[(tok_len = strlen(tok)) - 1] == '.') { /* network */ if (strncmp(tok, s, tok_len) == 0) return true; } else if ((cut = strchr(tok, '/')) != 0) { /* netnumber/netmask */ if (isdigit((int)s[0]) && masked_match(mem_ctx, tok, cut, s)) return true; } else if (strchr(tok, '*') != 0) { *invalid_char = '*'; } else if (strchr(tok, '?') != 0) { *invalid_char = '?'; } return false; }
/* string_match - match string s against token tok */ static bool string_match(const char *tok,const char *s) { size_t tok_len; size_t str_len; const char *cut; /* Return true if a token has the magic value "ALL". Return * true if the token is "FAIL". If the token starts with a "." * (domain name), return true if it matches the last fields of * the string. If the token has the magic value "LOCAL", * return true if the string does not contain a "." * character. If the token ends on a "." (network number), * return true if it matches the first fields of the * string. If the token begins with a "@" (netgroup name), * return true if the string is a (host) member of the * netgroup. Return true if the token fully matches the * string. If the token is a netnumber/netmask pair, return * true if the address is a member of the specified subnet. */ if (tok[0] == '.') { /* domain: match last fields */ if ((str_len = strlen(s)) > (tok_len = strlen(tok)) && strequal(tok, s + str_len - tok_len)) { return true; } } else if (tok[0] == '@') { /* netgroup: look it up */ #ifdef HAVE_NETGROUP DATA_BLOB tmp; char *mydomain = NULL; char *hostname = NULL; bool netgroup_ok = false; if (memcache_lookup( NULL, SINGLETON_CACHE, data_blob_string_const_null("yp_default_domain"), &tmp)) { SMB_ASSERT(tmp.length > 0); mydomain = (tmp.data[0] == '\0') ? NULL : (char *)tmp.data; } else { yp_get_default_domain(&mydomain); memcache_add( NULL, SINGLETON_CACHE, data_blob_string_const_null("yp_default_domain"), data_blob_string_const_null(mydomain?mydomain:"")); } if (!mydomain) { DEBUG(0,("Unable to get default yp domain. " "Try without it.\n")); } if (!(hostname = SMB_STRDUP(s))) { DEBUG(1,("out of memory for strdup!\n")); return false; } netgroup_ok = innetgr(tok + 1, hostname, (char *) 0, mydomain); DEBUG(5,("looking for %s of domain %s in netgroup %s gave %s\n", hostname, mydomain?mydomain:"(ANY)", tok+1, BOOLSTR(netgroup_ok))); SAFE_FREE(hostname); if (netgroup_ok) return true; #else DEBUG(0,("access: netgroup support is not configured\n")); return false; #endif } else if (strequal(tok, "ALL")) { /* all: match any */ return true; } else if (strequal(tok, "FAIL")) { /* fail: match any */ return true; } else if (strequal(tok, "LOCAL")) { /* local: no dots */ if (strchr_m(s, '.') == 0 && !strequal(s, "unknown")) { return true; } } else if (strequal(tok, s)) { /* match host name or address */ return true; } else if (tok[(tok_len = strlen(tok)) - 1] == '.') { /* network */ if (strncmp(tok, s, tok_len) == 0) { return true; } } else if ((cut = strchr_m(tok, '/')) != 0) { /* netnumber/netmask */ if ((isdigit(s[0]) && strchr_m(tok, '.') != NULL) || (tok[0] == '[' && cut > tok && cut[-1] == ']') || ((isxdigit(s[0]) || s[0] == ':') && strchr_m(tok, ':') != NULL)) { /* IPv4/netmask or * [IPv6:addr]/netmask or IPv6:addr/netmask */ return masked_match(tok, cut, s); } } else if (strchr_m(tok, '*') != 0 || strchr_m(tok, '?')) { return unix_wild_match(tok, s); } return false; }
/* string_match - match string against token */ static int string_match(char *tok,char *s) { int tok_len; int str_len; char *cut; /* * Return YES if a token has the magic value "ALL". Return FAIL if the * token is "FAIL". If the token starts with a "." (domain name), return * YES if it matches the last fields of the string. If the token has the * magic value "LOCAL", return YES if the string does not contain a "." * character. If the token ends on a "." (network number), return YES if * it matches the first fields of the string. If the token begins with a * "@" (netgroup name), return YES if the string is a (host) member of * the netgroup. Return YES if the token fully matches the string. If the * token is a netnumber/netmask pair, return YES if the address is a * member of the specified subnet. */ if (tok[0] == '.') { /* domain: match last fields */ if ((str_len = strlen(s)) > (tok_len = strlen(tok)) && strcasecmp(tok, s + str_len - tok_len) == 0) return (YES); } else if (tok[0] == '@') { /* netgroup: look it up */ #ifdef NETGROUP static char *mydomain = NULL; char *hostname = NULL; BOOL netgroup_ok = False; if (!mydomain) yp_get_default_domain(&mydomain); if (!mydomain) { DEBUG(0,("Unable to get default yp domain.\n")); return NO; } if (!(hostname = strdup(s))) { DEBUG(1,("out of memory for strdup!\n")); return NO; } netgroup_ok = innetgr(tok + 1, hostname, (char *) 0, mydomain); DEBUG(5,("looking for %s of domain %s in netgroup %s gave %s\n", hostname, mydomain, tok+1, BOOLSTR(netgroup_ok))); #ifdef NETGROUP_INSECURE /* if you really want netgroups that match non qualified names then define NETGROUP_INSECURE. It can, however, be a big security hole */ { char *clnt_domain; if (!netgroup_ok && (clnt_domain=strchr(hostname,'.'))) { *clnt_domain++ = '\0'; netgroup_ok = innetgr(tok + 1, hostname, (char *) 0, mydomain); } } #endif free(hostname); if (netgroup_ok) return(YES); #else DEBUG(0,("access: netgroup support is not configured\n")); return (NO); #endif } else if (strcasecmp(tok, "ALL") == 0) { /* all: match any */ return (YES); } else if (strcasecmp(tok, "FAIL") == 0) { /* fail: match any */ return (FAIL); } else if (strcasecmp(tok, "LOCAL") == 0) { /* local: no dots */ if (strchr(s, '.') == 0 && strcasecmp(s, "unknown") != 0) return (YES); } else if (!strcasecmp(tok, s)) { /* match host name or address */ return (YES); } else if (tok[(tok_len = strlen(tok)) - 1] == '.') { /* network */ if (strncmp(tok, s, tok_len) == 0) return (YES); } else if ((cut = strchr(tok, '/')) != 0) { /* netnumber/netmask */ if (isdigit(s[0]) && masked_match(tok, cut, s)) return (YES); } return (NO); }