Annotation of src/usr.bin/ftp/ruserpass.c, Revision 1.12
1.12 ! millert 1: /* $OpenBSD: ruserpass.c,v 1.11 1998/03/30 06:59:35 deraadt Exp $ */
1.9 millert 2: /* $NetBSD: ruserpass.c,v 1.14 1997/07/20 09:46:01 lukem Exp $ */
1.1 deraadt 3:
4: /*
5: * Copyright (c) 1985, 1993, 1994
6: * The Regents of the University of California. All rights reserved.
7: *
8: * Redistribution and use in source and binary forms, with or without
9: * modification, are permitted provided that the following conditions
10: * are met:
11: * 1. Redistributions of source code must retain the above copyright
12: * notice, this list of conditions and the following disclaimer.
13: * 2. Redistributions in binary form must reproduce the above copyright
14: * notice, this list of conditions and the following disclaimer in the
15: * documentation and/or other materials provided with the distribution.
16: * 3. All advertising materials mentioning features or use of this software
17: * must display the following acknowledgement:
18: * This product includes software developed by the University of
19: * California, Berkeley and its contributors.
20: * 4. Neither the name of the University nor the names of its contributors
21: * may be used to endorse or promote products derived from this software
22: * without specific prior written permission.
23: *
24: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34: * SUCH DAMAGE.
35: */
36:
37: #ifndef lint
1.4 millert 38: #if 0
1.1 deraadt 39: static char sccsid[] = "@(#)ruserpass.c 8.4 (Berkeley) 4/27/95";
1.4 millert 40: #else
1.12 ! millert 41: static char rcsid[] = "$OpenBSD: ruserpass.c,v 1.11 1998/03/30 06:59:35 deraadt Exp $";
1.4 millert 42: #endif
1.1 deraadt 43: #endif /* not lint */
44:
45: #include <sys/types.h>
46: #include <sys/stat.h>
47:
48: #include <ctype.h>
49: #include <err.h>
50: #include <errno.h>
51: #include <stdio.h>
52: #include <stdlib.h>
53: #include <string.h>
54: #include <unistd.h>
55:
56: #include "ftp_var.h"
57:
58: static int token __P((void));
59: static FILE *cfile;
60:
61: #define DEFAULT 1
62: #define LOGIN 2
63: #define PASSWD 3
64: #define ACCOUNT 4
65: #define MACDEF 5
66: #define ID 10
67: #define MACH 11
68:
69: static char tokval[100];
70:
71: static struct toktab {
72: char *tokstr;
73: int tval;
74: } toktab[]= {
75: { "default", DEFAULT },
76: { "login", LOGIN },
77: { "password", PASSWD },
78: { "passwd", PASSWD },
79: { "account", ACCOUNT },
80: { "machine", MACH },
81: { "macdef", MACDEF },
82: { NULL, 0 }
83: };
84:
85: int
86: ruserpass(host, aname, apass, aacct)
1.4 millert 87: const char *host;
88: char **aname, **apass, **aacct;
1.1 deraadt 89: {
90: char *hdir, buf[BUFSIZ], *tmp;
91: char myname[MAXHOSTNAMELEN], *mydomain;
92: int t, i, c, usedefault = 0;
93: struct stat stb;
94:
95: hdir = getenv("HOME");
96: if (hdir == NULL)
1.12 ! millert 97: return (0);
1.4 millert 98: if (strlen(hdir) + sizeof(".netrc") < sizeof(buf)) {
1.5 millert 99: (void)sprintf(buf, "%s/.netrc", hdir);
1.3 millert 100: } else {
101: warnx("%s/.netrc: %s", hdir, strerror(ENAMETOOLONG));
102: return (0);
103: }
1.1 deraadt 104: cfile = fopen(buf, "r");
105: if (cfile == NULL) {
106: if (errno != ENOENT)
107: warn("%s", buf);
108: return (0);
109: }
110: if (gethostname(myname, sizeof(myname)) < 0)
111: myname[0] = '\0';
112: if ((mydomain = strchr(myname, '.')) == NULL)
113: mydomain = "";
114: next:
115: while ((t = token())) switch(t) {
116:
117: case DEFAULT:
118: usedefault = 1;
119: /* FALL THROUGH */
120:
121: case MACH:
122: if (!usedefault) {
123: if (token() != ID)
124: continue;
125: /*
126: * Allow match either for user's input host name
1.4 millert 127: * or official hostname. Also allow match of
1.1 deraadt 128: * incompletely-specified host in local domain.
129: */
130: if (strcasecmp(host, tokval) == 0)
131: goto match;
132: if (strcasecmp(hostname, tokval) == 0)
133: goto match;
134: if ((tmp = strchr(hostname, '.')) != NULL &&
135: strcasecmp(tmp, mydomain) == 0 &&
1.9 millert 136: strncasecmp(hostname, tokval,
137: (size_t)(tmp - hostname)) == 0 &&
1.1 deraadt 138: tokval[tmp - hostname] == '\0')
139: goto match;
140: if ((tmp = strchr(host, '.')) != NULL &&
141: strcasecmp(tmp, mydomain) == 0 &&
1.9 millert 142: strncasecmp(host, tokval,
143: (size_t)(tmp - host)) == 0 &&
1.1 deraadt 144: tokval[tmp - host] == '\0')
145: goto match;
146: continue;
147: }
148: match:
149: while ((t = token()) && t != MACH && t != DEFAULT) switch(t) {
150:
151: case LOGIN:
1.11 deraadt 152: if (token()) {
1.4 millert 153: if (*aname == 0) {
154: *aname = malloc((unsigned)
155: strlen(tokval) + 1);
1.5 millert 156: (void)strcpy(*aname, tokval);
1.1 deraadt 157: } else {
158: if (strcmp(*aname, tokval))
159: goto next;
160: }
1.11 deraadt 161: }
1.1 deraadt 162: break;
163: case PASSWD:
164: if ((*aname == NULL || strcmp(*aname, "anonymous")) &&
165: fstat(fileno(cfile), &stb) >= 0 &&
166: (stb.st_mode & 077) != 0) {
167: warnx("Error: .netrc file is readable by others.");
168: warnx("Remove password or make file unreadable by others.");
169: goto bad;
170: }
171: if (token() && *apass == 0) {
172: *apass = malloc((unsigned) strlen(tokval) + 1);
1.5 millert 173: (void)strcpy(*apass, tokval);
1.1 deraadt 174: }
175: break;
176: case ACCOUNT:
177: if (fstat(fileno(cfile), &stb) >= 0
178: && (stb.st_mode & 077) != 0) {
179: warnx("Error: .netrc file is readable by others.");
180: warnx("Remove account or make file unreadable by others.");
181: goto bad;
182: }
183: if (token() && *aacct == 0) {
184: *aacct = malloc((unsigned) strlen(tokval) + 1);
1.5 millert 185: (void)strcpy(*aacct, tokval);
1.1 deraadt 186: }
187: break;
188: case MACDEF:
189: if (proxy) {
1.5 millert 190: (void)fclose(cfile);
1.1 deraadt 191: return (0);
192: }
1.10 millert 193: while ((c = fgetc(cfile)) != EOF)
1.4 millert 194: if (c != ' ' && c != '\t')
195: break;
1.1 deraadt 196: if (c == EOF || c == '\n') {
1.8 deraadt 197: fputs("Missing macdef name argument.\n", ttyout);
1.1 deraadt 198: goto bad;
199: }
200: if (macnum == 16) {
1.8 deraadt 201: fputs(
202: "Limit of 16 macros have already been defined.\n", ttyout);
1.1 deraadt 203: goto bad;
204: }
205: tmp = macros[macnum].mac_name;
206: *tmp++ = c;
1.10 millert 207: for (i=0; i < 8 && (c = fgetc(cfile)) != EOF &&
1.1 deraadt 208: !isspace(c); ++i) {
209: *tmp++ = c;
210: }
211: if (c == EOF) {
1.8 deraadt 212: fputs(
213: "Macro definition missing null line terminator.\n", ttyout);
1.1 deraadt 214: goto bad;
215: }
216: *tmp = '\0';
217: if (c != '\n') {
1.10 millert 218: while ((c = fgetc(cfile)) != EOF && c != '\n');
1.1 deraadt 219: }
220: if (c == EOF) {
1.8 deraadt 221: fputs(
222: "Macro definition missing null line terminator.\n", ttyout);
1.1 deraadt 223: goto bad;
224: }
225: if (macnum == 0) {
226: macros[macnum].mac_start = macbuf;
227: }
228: else {
1.4 millert 229: macros[macnum].mac_start =
230: macros[macnum-1].mac_end + 1;
1.1 deraadt 231: }
232: tmp = macros[macnum].mac_start;
233: while (tmp != macbuf + 4096) {
1.10 millert 234: if ((c = fgetc(cfile)) == EOF) {
1.8 deraadt 235: fputs(
236: "Macro definition missing null line terminator.\n", ttyout);
1.1 deraadt 237: goto bad;
238: }
239: *tmp = c;
240: if (*tmp == '\n') {
241: if (*(tmp-1) == '\0') {
242: macros[macnum++].mac_end = tmp - 1;
243: break;
244: }
245: *tmp = '\0';
246: }
247: tmp++;
248: }
249: if (tmp == macbuf + 4096) {
1.8 deraadt 250: fputs("4K macro buffer exceeded.\n", ttyout);
1.1 deraadt 251: goto bad;
252: }
253: break;
254: default:
255: warnx("Unknown .netrc keyword %s", tokval);
256: break;
257: }
258: goto done;
259: }
260: done:
1.5 millert 261: (void)fclose(cfile);
1.1 deraadt 262: return (0);
263: bad:
1.5 millert 264: (void)fclose(cfile);
1.1 deraadt 265: return (-1);
266: }
267:
268: static int
269: token()
270: {
271: char *cp;
272: int c;
273: struct toktab *t;
274:
275: if (feof(cfile) || ferror(cfile))
276: return (0);
1.10 millert 277: while ((c = fgetc(cfile)) != EOF &&
1.1 deraadt 278: (c == '\n' || c == '\t' || c == ' ' || c == ','))
279: continue;
280: if (c == EOF)
281: return (0);
282: cp = tokval;
283: if (c == '"') {
1.10 millert 284: while ((c = fgetc(cfile)) != EOF && c != '"') {
1.1 deraadt 285: if (c == '\\')
1.10 millert 286: c = fgetc(cfile);
1.1 deraadt 287: *cp++ = c;
288: }
289: } else {
290: *cp++ = c;
1.10 millert 291: while ((c = fgetc(cfile)) != EOF
1.1 deraadt 292: && c != '\n' && c != '\t' && c != ' ' && c != ',') {
293: if (c == '\\')
1.10 millert 294: c = fgetc(cfile);
1.1 deraadt 295: *cp++ = c;
296: }
297: }
298: *cp = 0;
299: if (tokval[0] == 0)
300: return (0);
301: for (t = toktab; t->tokstr; t++)
302: if (!strcmp(t->tokstr, tokval))
303: return (t->tval);
304: return (ID);
305: }