From 56c473b795bad9d29430bf794f9204bd096c9c3d Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 13 May 1998 08:03:47 +0000 Subject: added hosts allow and hosts deny support. I ended up writing my own as the tcpd code is not quite what I wanted. --- access.c | 127 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 127 insertions(+) create mode 100644 access.c (limited to 'access.c') diff --git a/access.c b/access.c new file mode 100644 index 00000000..f1a8bd75 --- /dev/null +++ b/access.c @@ -0,0 +1,127 @@ +/* + Copyright (C) Andrew Tridgell 1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +/* + hosts allow/deny code for rsync + + */ + +#include "rsync.h" + + +static int match_hostname(char *host, char *tok) +{ + if (!host || !*host) return 0; + return (fnmatch(tok, host, 0) == 0); +} + + +static int match_address(char *addr, char *tok) +{ + char *p; + unsigned long a, t, mask = ~0; + + if (!addr || !*addr) return 0; + + if (!isdigit(tok[0])) return 0; + + p = strchr(tok,'/'); + if (p) *p = 0; + + a = inet_addr(addr); + t = inet_addr(tok); + + if (p) { + *p = '/'; + } + + if (t == INADDR_NONE) { + rprintf(FERROR,"malformed address %s\n", tok); + return 0; + } + + a = ntohl(a); + t = ntohl(t); + + if (p) { + if (strchr(p+1,'.')) { + mask = inet_addr(p+1); + if (mask == INADDR_NONE) { + rprintf(FERROR,"malformed mask in %s\n", tok); + return 0; + } + mask = ntohl(mask); + } else { + int bits = atoi(p+1); + if (bits <= 0 || bits > 32) { + rprintf(FERROR,"malformed mask in %s\n", tok); + return 0; + } + mask &= (mask << (32-bits)); + } + } + + return ((a&mask) == (t&mask)); +} + +static int access_match(char *list, char *addr, char *host) +{ + char *tok; + char *list2 = strdup(list); + + if (!list2) out_of_memory("access_match"); + + for (tok=strtok(list2," ,\t"); tok; tok=strtok(NULL," ,\t")) { + if (match_hostname(host, tok) || match_address(addr, tok)) { + free(list2); + return 1; + } + } + + free(list2); + return 0; +} + +int allow_access(char *addr, char *host, char *allow_list, char *deny_list) +{ + /* if theres no deny list and no allow list then allow access */ + if ((!deny_list || !*deny_list) && (!allow_list || !*allow_list)) + return 1; + + /* if there is an allow list but no deny list then allow only hosts + on the allow list */ + if (!deny_list || !*deny_list) + return(access_match(allow_list, addr, host)); + + /* if theres a deny list but no allow list then allow + all hosts not on the deny list */ + if (!allow_list || !*allow_list) + return(!access_match(deny_list,addr,host)); + + /* if there are both type of list then allow all hosts on the + allow list */ + if (access_match(allow_list,addr,host)) + return 1; + + /* if there are both type of list and it's not on the allow then + allow it if its not on the deny */ + if (access_match(deny_list,addr,host)) + return 0; + + return 1; +} -- cgit v1.2.3