diff options
author | Paul Traina <pst@FreeBSD.org> | 1997-02-06 17:52:29 +0000 |
---|---|---|
committer | Paul Traina <pst@FreeBSD.org> | 1997-02-06 17:52:29 +0000 |
commit | 3c491303b581cc737565ed3b33913ac4ceded990 (patch) | |
tree | ec9d150c9da4390c2d223a04ac002523cbfd7f36 /contrib/opie/libopie/accessfile.c | |
download | src-3c491303b581cc737565ed3b33913ac4ceded990.tar.gz src-3c491303b581cc737565ed3b33913ac4ceded990.zip |
Initial import of OPIE v2.3 fromvendor/opie/2.3
ftp://ftp.nrl.navy.mil/pub/security/opie/
Notes
Notes:
svn path=/vendor/opie/dist/; revision=22347
svn path=/vendor/opie/2.3/; revision=22349; tag=vendor/opie/2.3
Diffstat (limited to 'contrib/opie/libopie/accessfile.c')
-rw-r--r-- | contrib/opie/libopie/accessfile.c | 165 |
1 files changed, 165 insertions, 0 deletions
diff --git a/contrib/opie/libopie/accessfile.c b/contrib/opie/libopie/accessfile.c new file mode 100644 index 000000000000..7b1866ebca27 --- /dev/null +++ b/contrib/opie/libopie/accessfile.c @@ -0,0 +1,165 @@ +/* accessfile.c: Handle trusted network access file and per-user + overrides. + +%%% portions-copyright-cmetz +Portions of this software are Copyright 1996 by Craig Metz, All Rights +Reserved. The Inner Net License Version 2 applies to these portions of +the software. +You should have received a copy of the license with this software. If +you didn't get a copy, you may request one from <license@inner.net>. + +Portions of this software are Copyright 1995 by Randall Atkinson and Dan +McDonald, All Rights Reserved. All Rights under this copyright are assigned +to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and +License Agreement applies to this software. + + History: + + Modified by cmetz for OPIE 2.3. Send debug info to syslog. + Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al. + Ifdef around some headers. Remove extra semicolon. + Modified at NRL for OPIE 2.2. Moved from accessfile.c to + libopie/opieaccessfile.c. + Modified at NRL for OPIE 2.0. + Written at Bellcore for the S/Key Version 1 software distribution + (login.c). +*/ +#include "opie_cfg.h" + +#include <stdio.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <arpa/inet.h> +#include <netdb.h> +#if HAVE_STRING_H +#include <string.h> +#endif /* HAVE_STRING_H */ +#if HAVE_UNISTD_H +#include <unistd.h> +#endif /* HAVE_UNISTD_H */ +#if HAVE_STDLIB_H +#include <stdlib.h> +#endif /* HAVE_STDLIB_H */ + +#include "opie.h" + +int opieaccessfile FUNCTION((host), char *host) +{ +#ifdef PATH_ACCESS_FILE +/* Turn host into an IP address and then look it up in the authorization + * database to determine if ordinary password logins are OK + */ + long n; + struct hostent *hp; + FILE *fp; + char buf[128], **lp; + +#ifdef DEBUG + syslog(LOG_DEBUG, "accessfile: host=%s", host); +#endif /* DEBUG */ + if (!host[0]) + /* Local login, okay */ + return (1); + if (isaddr(host)) { + n = inet_addr(host); + return rdnets(n); + } else { + hp = gethostbyname(host); + if (!hp) { + printf("Unknown host %s\n", host); + return 0; + } + for (lp = hp->h_addr_list; *lp; lp++) { + memcpy((char *) &n, *lp, sizeof(n)); + if (rdnets(n)) + return (1); + } + return (0); + } +} + +int rdnets FUNCTION((host), long host) +{ + FILE *fp; + char buf[128], *cp; + long pattern, mask; + int permit_it; + + if (!(fp = fopen(PATH_ACCESS_FILE, "r"))) + return 0; + + while (fgets(buf, sizeof(buf), fp), !feof(fp)) { + if (buf[0] == '#') + continue; /* Comment */ + if (!(cp = strtok(buf, " \t"))) + continue; + /* two choices permit of deny */ + if (strncasecmp(cp, "permit", 4) == 0) { + permit_it = 1; + } else { + if (strncasecmp(cp, "deny", 4) == 0) { + permit_it = 0; + } else { + continue; /* ignore; it is not permit/deny */ + } + } + if (!(cp = strtok(NULL, " \t"))) + continue; /* Invalid line */ + pattern = inet_addr(cp); + if (!(cp = strtok(NULL, " \t"))) + continue; /* Invalid line */ + mask = inet_addr(cp); +#ifdef DEBUG + syslog(LOG_DEBUG, "accessfile: %08x & %08x == %08x (%s)", host, mask, pattern, ((host & mask) == pattern) ? "true" : "false"); +#endif /* DEBUG */ + if ((host & mask) == pattern) { + fclose(fp); + return permit_it; + } + } + fclose(fp); + return 0; +} + + +/* Return TRUE if string appears to be an IP address in dotted decimal; + * return FALSE otherwise (i.e., if string is a domain name) + */ +int isaddr FUNCTION((s), register char *s) +{ + char c; + + if (!s) + return 1; /* Can't happen */ + + while ((c = *s++) != '\0') { + if (c != '[' && c != ']' && !isdigit(c) && c != '.') + return 0; + } + return 1; +#else /* PATH_ACCESS_FILE */ + return !host[0]; +#endif /* PATH_ACCESS_FILE */ +} + +/* Returns the opposite of what you might expect */ +/* Returns 1 on error (allow)... this might not be what you want */ +int opiealways FUNCTION((homedir), char *homedir) +{ + char *opiealwayspath; + int i; + + if (!homedir) + return 1; + + if (!(opiealwayspath = malloc(strlen(homedir) + sizeof(OPIE_ALWAYS_FILE) + 1))) + return 1; + + strcpy(opiealwayspath, homedir); + strcat(opiealwayspath, "/"); + strcat(opiealwayspath, OPIE_ALWAYS_FILE); + i = access(opiealwayspath, F_OK); + free(opiealwayspath); + return (i); +} |