Annotation of src/usr.bin/ftp/ruserpass.c, Revision 1.30
1.30 ! deraadt 1: /* $OpenBSD: ruserpass.c,v 1.29 2014/05/20 01:25:23 guenther Exp $ */
1.9 millert 2: /* $NetBSD: ruserpass.c,v 1.14 1997/07/20 09:46:01 lukem Exp $ */
1.1 deraadt 3:
4: /*
5: * Copyright (c) 1985, 1993, 1994
6: * The Regents of the University of California. All rights reserved.
7: *
8: * Redistribution and use in source and binary forms, with or without
9: * modification, are permitted provided that the following conditions
10: * are met:
11: * 1. Redistributions of source code must retain the above copyright
12: * notice, this list of conditions and the following disclaimer.
13: * 2. Redistributions in binary form must reproduce the above copyright
14: * notice, this list of conditions and the following disclaimer in the
15: * documentation and/or other materials provided with the distribution.
1.16 millert 16: * 3. Neither the name of the University nor the names of its contributors
1.1 deraadt 17: * may be used to endorse or promote products derived from this software
18: * without specific prior written permission.
19: *
20: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30: * SUCH DAMAGE.
31: */
32:
1.24 pyr 33: #ifndef SMALL
1.1 deraadt 34:
35: #include <sys/types.h>
36: #include <sys/stat.h>
37:
38: #include <ctype.h>
39: #include <err.h>
40: #include <errno.h>
41: #include <stdio.h>
42: #include <stdlib.h>
43: #include <string.h>
44: #include <unistd.h>
45:
46: #include "ftp_var.h"
47:
1.13 millert 48: static int token(void);
1.1 deraadt 49: static FILE *cfile;
50:
51: #define DEFAULT 1
52: #define LOGIN 2
53: #define PASSWD 3
54: #define ACCOUNT 4
55: #define MACDEF 5
56: #define ID 10
57: #define MACH 11
58:
59: static char tokval[100];
60:
61: static struct toktab {
62: char *tokstr;
63: int tval;
64: } toktab[]= {
65: { "default", DEFAULT },
66: { "login", LOGIN },
67: { "password", PASSWD },
68: { "passwd", PASSWD },
69: { "account", ACCOUNT },
70: { "machine", MACH },
71: { "macdef", MACDEF },
72: { NULL, 0 }
73: };
74:
75: int
1.18 deraadt 76: ruserpass(const char *host, char **aname, char **apass, char **aacct)
1.1 deraadt 77: {
1.30 ! deraadt 78: char *hdir, buf[PATH_MAX], *tmp;
! 79: char myname[HOST_NAME_MAX+1], *mydomain;
1.1 deraadt 80: int t, i, c, usedefault = 0;
81: struct stat stb;
82:
83: hdir = getenv("HOME");
1.14 millert 84: if (hdir == NULL || *hdir == '\0')
1.12 millert 85: return (0);
1.22 moritz 86: i = snprintf(buf, sizeof(buf), "%s/.netrc", hdir);
87: if (i < 0 || i >= sizeof(buf)) {
1.29 guenther 88: warnc(ENAMETOOLONG, "%s/.netrc", hdir);
1.3 millert 89: return (0);
90: }
1.1 deraadt 91: cfile = fopen(buf, "r");
92: if (cfile == NULL) {
93: if (errno != ENOENT)
94: warn("%s", buf);
95: return (0);
96: }
97: if (gethostname(myname, sizeof(myname)) < 0)
98: myname[0] = '\0';
99: if ((mydomain = strchr(myname, '.')) == NULL)
100: mydomain = "";
101: next:
1.21 moritz 102: while ((t = token()) > 0) switch(t) {
1.1 deraadt 103:
104: case DEFAULT:
105: usedefault = 1;
1.20 ray 106: /* FALLTHROUGH */
1.1 deraadt 107:
108: case MACH:
109: if (!usedefault) {
1.21 moritz 110: if ((t = token()) == -1)
111: goto bad;
112: if (t != ID)
1.1 deraadt 113: continue;
114: /*
115: * Allow match either for user's input host name
1.4 millert 116: * or official hostname. Also allow match of
1.1 deraadt 117: * incompletely-specified host in local domain.
118: */
119: if (strcasecmp(host, tokval) == 0)
120: goto match;
121: if (strcasecmp(hostname, tokval) == 0)
122: goto match;
123: if ((tmp = strchr(hostname, '.')) != NULL &&
124: strcasecmp(tmp, mydomain) == 0 &&
1.9 millert 125: strncasecmp(hostname, tokval,
126: (size_t)(tmp - hostname)) == 0 &&
1.1 deraadt 127: tokval[tmp - hostname] == '\0')
128: goto match;
129: if ((tmp = strchr(host, '.')) != NULL &&
130: strcasecmp(tmp, mydomain) == 0 &&
1.9 millert 131: strncasecmp(host, tokval,
132: (size_t)(tmp - host)) == 0 &&
1.1 deraadt 133: tokval[tmp - host] == '\0')
134: goto match;
135: continue;
136: }
137: match:
1.21 moritz 138: while ((t = token()) > 0 &&
139: t != MACH && t != DEFAULT) switch(t) {
1.1 deraadt 140:
141: case LOGIN:
1.21 moritz 142: if ((t = token()) == -1)
143: goto bad;
144: if (t) {
1.25 moritz 145: if (*aname == 0) {
146: if ((*aname = strdup(tokval)) == NULL)
147: err(1, "strdup");
148: } else {
1.1 deraadt 149: if (strcmp(*aname, tokval))
150: goto next;
151: }
1.11 deraadt 152: }
1.1 deraadt 153: break;
154: case PASSWD:
155: if ((*aname == NULL || strcmp(*aname, "anonymous")) &&
156: fstat(fileno(cfile), &stb) >= 0 &&
157: (stb.st_mode & 077) != 0) {
158: warnx("Error: .netrc file is readable by others.");
159: warnx("Remove password or make file unreadable by others.");
160: goto bad;
161: }
1.21 moritz 162: if ((t = token()) == -1)
163: goto bad;
1.25 moritz 164: if (t && *apass == 0) {
165: if ((*apass = strdup(tokval)) == NULL)
166: err(1, "strdup");
167: }
1.1 deraadt 168: break;
169: case ACCOUNT:
170: if (fstat(fileno(cfile), &stb) >= 0
171: && (stb.st_mode & 077) != 0) {
172: warnx("Error: .netrc file is readable by others.");
173: warnx("Remove account or make file unreadable by others.");
174: goto bad;
175: }
1.21 moritz 176: if ((t = token()) == -1)
177: goto bad;
1.25 moritz 178: if (t && *aacct == 0) {
179: if ((*aacct = strdup(tokval)) == NULL)
180: err(1, "strdup");
181: }
1.1 deraadt 182: break;
183: case MACDEF:
184: if (proxy) {
1.5 millert 185: (void)fclose(cfile);
1.1 deraadt 186: return (0);
187: }
1.10 millert 188: while ((c = fgetc(cfile)) != EOF)
1.4 millert 189: if (c != ' ' && c != '\t')
190: break;
1.1 deraadt 191: if (c == EOF || c == '\n') {
1.8 deraadt 192: fputs("Missing macdef name argument.\n", ttyout);
1.1 deraadt 193: goto bad;
194: }
195: if (macnum == 16) {
1.8 deraadt 196: fputs(
197: "Limit of 16 macros have already been defined.\n", ttyout);
1.1 deraadt 198: goto bad;
199: }
200: tmp = macros[macnum].mac_name;
201: *tmp++ = c;
1.10 millert 202: for (i=0; i < 8 && (c = fgetc(cfile)) != EOF &&
1.1 deraadt 203: !isspace(c); ++i) {
204: *tmp++ = c;
205: }
206: if (c == EOF) {
1.8 deraadt 207: fputs(
208: "Macro definition missing null line terminator.\n", ttyout);
1.1 deraadt 209: goto bad;
210: }
211: *tmp = '\0';
212: if (c != '\n') {
1.10 millert 213: while ((c = fgetc(cfile)) != EOF && c != '\n');
1.1 deraadt 214: }
215: if (c == EOF) {
1.8 deraadt 216: fputs(
217: "Macro definition missing null line terminator.\n", ttyout);
1.1 deraadt 218: goto bad;
219: }
220: if (macnum == 0) {
221: macros[macnum].mac_start = macbuf;
222: }
223: else {
1.4 millert 224: macros[macnum].mac_start =
225: macros[macnum-1].mac_end + 1;
1.1 deraadt 226: }
227: tmp = macros[macnum].mac_start;
228: while (tmp != macbuf + 4096) {
1.10 millert 229: if ((c = fgetc(cfile)) == EOF) {
1.8 deraadt 230: fputs(
231: "Macro definition missing null line terminator.\n", ttyout);
1.1 deraadt 232: goto bad;
233: }
234: *tmp = c;
235: if (*tmp == '\n') {
1.23 moritz 236: if (tmp == macros[macnum].mac_start) {
237: macros[macnum++].mac_end = tmp;
238: break;
239: } else if (*(tmp-1) == '\0') {
240: macros[macnum++].mac_end =
241: tmp - 1;
242: break;
1.1 deraadt 243: }
244: *tmp = '\0';
245: }
246: tmp++;
247: }
248: if (tmp == macbuf + 4096) {
1.8 deraadt 249: fputs("4K macro buffer exceeded.\n", ttyout);
1.1 deraadt 250: goto bad;
251: }
252: break;
253: default:
254: warnx("Unknown .netrc keyword %s", tokval);
255: break;
256: }
257: goto done;
258: }
259: done:
1.21 moritz 260: if (t == -1)
261: goto bad;
1.5 millert 262: (void)fclose(cfile);
1.1 deraadt 263: return (0);
264: bad:
1.5 millert 265: (void)fclose(cfile);
1.1 deraadt 266: return (-1);
267: }
268:
269: static int
1.18 deraadt 270: token(void)
1.1 deraadt 271: {
272: char *cp;
273: int c;
274: struct toktab *t;
275:
276: if (feof(cfile) || ferror(cfile))
277: return (0);
1.10 millert 278: while ((c = fgetc(cfile)) != EOF &&
1.1 deraadt 279: (c == '\n' || c == '\t' || c == ' ' || c == ','))
280: continue;
281: if (c == EOF)
282: return (0);
283: cp = tokval;
284: if (c == '"') {
1.10 millert 285: while ((c = fgetc(cfile)) != EOF && c != '"') {
1.25 moritz 286: if (c == '\\' && (c = fgetc(cfile)) == EOF)
287: break;
1.1 deraadt 288: *cp++ = c;
1.21 moritz 289: if (cp == tokval + sizeof(tokval)) {
290: warnx("Token in .netrc too long");
291: return (-1);
292: }
1.1 deraadt 293: }
294: } else {
295: *cp++ = c;
1.10 millert 296: while ((c = fgetc(cfile)) != EOF
1.1 deraadt 297: && c != '\n' && c != '\t' && c != ' ' && c != ',') {
1.25 moritz 298: if (c == '\\' && (c = fgetc(cfile)) == EOF)
299: break;
1.1 deraadt 300: *cp++ = c;
1.21 moritz 301: if (cp == tokval + sizeof(tokval)) {
302: warnx("Token in .netrc too long");
303: return (-1);
304: }
1.1 deraadt 305: }
306: }
307: *cp = 0;
308: if (tokval[0] == 0)
309: return (0);
310: for (t = toktab; t->tokstr; t++)
311: if (!strcmp(t->tokstr, tokval))
312: return (t->tval);
313: return (ID);
314: }
1.28 martynas 315:
1.26 martynas 316: #endif /* !SMALL */
1.28 martynas 317: