1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
|
/* accessfile.c: Handle trusted network access file and per-user
overrides.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
Portions of this software are Copyright 1995 by Randall Atkinson and Dan
McDonald, All Rights Reserved. All Rights under this copyright are assigned
to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.31. Include syslog.h on debug.
Modified by cmetz for OPIE 2.3. Send debug info to syslog.
Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al.
Ifdef around some headers. Remove extra semicolon.
Modified at NRL for OPIE 2.2. Moved from accessfile.c to
libopie/opieaccessfile.c.
Modified at NRL for OPIE 2.0.
Written at Bellcore for the S/Key Version 1 software distribution
(login.c).
*/
#include "opie_cfg.h"
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#if HAVE_STRING_H
#include <string.h>
#endif /* HAVE_STRING_H */
#if HAVE_UNISTD_H
#include <unistd.h>
#endif /* HAVE_UNISTD_H */
#if HAVE_STDLIB_H
#include <stdlib.h>
#endif /* HAVE_STDLIB_H */
#ifdef DEBUG
#include <syslog.h>
#endif /* DEBUG */
#include "opie.h"
int opieaccessfile FUNCTION((host), char *host)
{
#ifdef PATH_ACCESS_FILE
/* Turn host into an IP address and then look it up in the authorization
* database to determine if ordinary password logins are OK
*/
long n;
struct hostent *hp;
FILE *fp;
char buf[128], **lp;
#ifdef DEBUG
syslog(LOG_DEBUG, "accessfile: host=%s", host);
#endif /* DEBUG */
if (!host[0])
/* Local login, okay */
return (1);
if (isaddr(host)) {
n = inet_addr(host);
return rdnets(n);
} else {
hp = gethostbyname(host);
if (!hp) {
printf("Unknown host %s\n", host);
return 0;
}
for (lp = hp->h_addr_list; *lp; lp++) {
memcpy((char *) &n, *lp, sizeof(n));
if (rdnets(n))
return (1);
}
return (0);
}
}
int rdnets FUNCTION((host), long host)
{
FILE *fp;
char buf[128], *cp;
long pattern, mask;
int permit_it;
if (!(fp = fopen(PATH_ACCESS_FILE, "r")))
return 0;
while (fgets(buf, sizeof(buf), fp), !feof(fp)) {
if (buf[0] == '#')
continue; /* Comment */
if (!(cp = strtok(buf, " \t")))
continue;
/* two choices permit of deny */
if (strncasecmp(cp, "permit", 4) == 0) {
permit_it = 1;
} else {
if (strncasecmp(cp, "deny", 4) == 0) {
permit_it = 0;
} else {
continue; /* ignore; it is not permit/deny */
}
}
if (!(cp = strtok(NULL, " \t")))
continue; /* Invalid line */
pattern = inet_addr(cp);
if (!(cp = strtok(NULL, " \t")))
continue; /* Invalid line */
mask = inet_addr(cp);
#ifdef DEBUG
syslog(LOG_DEBUG, "accessfile: %08x & %08x == %08x (%s)", host, mask, pattern, ((host & mask) == pattern) ? "true" : "false");
#endif /* DEBUG */
if ((host & mask) == pattern) {
fclose(fp);
return permit_it;
}
}
fclose(fp);
return 0;
}
/* Return TRUE if string appears to be an IP address in dotted decimal;
* return FALSE otherwise (i.e., if string is a domain name)
*/
int isaddr FUNCTION((s), register char *s)
{
char c;
if (!s)
return 1; /* Can't happen */
while ((c = *s++) != '\0') {
if (c != '[' && c != ']' && !isdigit(c) && c != '.')
return 0;
}
return 1;
#else /* PATH_ACCESS_FILE */
return !host[0];
#endif /* PATH_ACCESS_FILE */
}
/* Returns the opposite of what you might expect */
/* Returns 1 on error (allow)... this might not be what you want */
int opiealways FUNCTION((homedir), char *homedir)
{
char *opiealwayspath;
int i;
if (!homedir)
return 1;
if (!(opiealwayspath = malloc(strlen(homedir) + sizeof(OPIE_ALWAYS_FILE) + 1)))
return 1;
strcpy(opiealwayspath, homedir);
strcat(opiealwayspath, "/");
strcat(opiealwayspath, OPIE_ALWAYS_FILE);
i = access(opiealwayspath, F_OK);
free(opiealwayspath);
return (i);
}
|
