Matt McCutchen's Web Site / rsync / rsync.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Split code to generate "rwx-----" strings into lib/permstring.c so it
[rsync/rsync.git] / access.c
CommitLineData
56c473b7
AT		 1/*
2 Copyright (C) Andrew Tridgell 1998
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2 of the License, or
7 (at your option) any later version.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
17*/
18
19/*
20 hosts allow/deny code for rsync
21
22 */
23
24#include "rsync.h"
25
26
27static int match_hostname(char *host, char *tok)
28{
29 if (!host || !*host) return 0;
30 return (fnmatch(tok, host, 0) == 0);
31}
32
33
34static int match_address(char *addr, char *tok)
35{
36 char *p;
505c7ea2 37 unsigned long a, t, mask = (unsigned long)~0;
56c473b7
AT		 38
39 if (!addr || !*addr) return 0;
40
41 if (!isdigit(tok[0])) return 0;
42
43 p = strchr(tok,'/');
44 if (p) *p = 0;
45
46 a = inet_addr(addr);
47 t = inet_addr(tok);
48
49 if (p) {
50 *p = '/';
51 }
52
53 if (t == INADDR_NONE) {
54 rprintf(FERROR,"malformed address %s\n", tok);
55 return 0;
56 }
57
58 a = ntohl(a);
59 t = ntohl(t);
60
61 if (p) {
62 if (strchr(p+1,'.')) {
63 mask = inet_addr(p+1);
64 if (mask == INADDR_NONE) {
65 rprintf(FERROR,"malformed mask in %s\n", tok);
66 return 0;
67 }
68 mask = ntohl(mask);
69 } else {
70 int bits = atoi(p+1);
43e46b4c 71 if (bits == 0) return 1;
56c473b7
AT		 72 if (bits <= 0 || bits > 32) {
73 rprintf(FERROR,"malformed mask in %s\n", tok);
74 return 0;
75 }
76 mask &= (mask << (32-bits));
77 }
78 }
79
80 return ((a&mask) == (t&mask));
81}
82
83static int access_match(char *list, char *addr, char *host)
84{
85 char *tok;
86 char *list2 = strdup(list);
87
88 if (!list2) out_of_memory("access_match");
89
5a96ee05
AT		 90 strlower(list2);
91 if (host) strlower(host);
92
56c473b7
AT		 93 for (tok=strtok(list2," ,\t"); tok; tok=strtok(NULL," ,\t")) {
94 if (match_hostname(host, tok) || match_address(addr, tok)) {
95 free(list2);
96 return 1;
97 }
98 }
99
100 free(list2);
101 return 0;
102}
103
104int allow_access(char *addr, char *host, char *allow_list, char *deny_list)
105{
106 /* if theres no deny list and no allow list then allow access */
107 if ((!deny_list || !*deny_list) && (!allow_list || !*allow_list))
108 return 1;
109
110 /* if there is an allow list but no deny list then allow only hosts
111 on the allow list */
112 if (!deny_list || !*deny_list)
113 return(access_match(allow_list, addr, host));
114
115 /* if theres a deny list but no allow list then allow
116 all hosts not on the deny list */
117 if (!allow_list || !*allow_list)
118 return(!access_match(deny_list,addr,host));
119
120 /* if there are both type of list then allow all hosts on the
121 allow list */
122 if (access_match(allow_list,addr,host))
123 return 1;
124
125 /* if there are both type of list and it's not on the allow then
126 allow it if its not on the deny */
127 if (access_match(deny_list,addr,host))
128 return 0;
129
130 return 1;
131}
Matt McCutchen's repository for rsync, the fast and versatile remote file copier