ermyth/src/cidr.C

/**
 * cidr.C: CIDR matching.
 *
 * Copyright © 2007 Pippijn van Steenhoven / The Ermyth Team
 * Rights to this code are as documented in COPYING.
 *
 *
 * Portions of this file were derived from sources bearing the following license:
 * Rights to this code are documented in doc/pod/license.pod.
 *
 * Most code in this file has been copied from ratbox, src/match.c and
 * src/irc_string.c. It provides CIDR matching for IPv4 and IPv6 without
 * special OS support.
 *
 * Copyright © 1996-2002 Hybrid Development Team
 * Copyright © 2002-2005 ircd-ratbox development team
 * Copyright © 2005-2007 Atheme Project (http://www.atheme.org)           
 */

static char const rcsid[] = "$Id: cidr.C,v 1.4 2007-08-28 17:08:12 pippijn Exp $";

#include "atheme.h"

#ifndef INADDRSZ
#define INADDRSZ 4
#endif
#ifndef IN6ADDRSZ
#define IN6ADDRSZ 16
#endif
#ifndef INT16SZ
#define INT16SZ 2
#endif

/* compares the first 'mask' bits
 * returns 1 if equal, 0 if not */
static int
comp_with_mask (void *addr, void *dest, unsigned mask)
{
  if (memcmp (addr, dest, mask / 8) == 0)
    {
      int n = mask / 8;
      int m = ((-1) << (8 - (mask % 8)));
      if (mask % 8 == 0 || (((unsigned char *) addr)[n] & m) == (((unsigned char *) dest)[n] & m))
        {
          return (1);
        }
    }
  return (0);
}

/*
 * inet_pton4() and inet_pton6() are
 * Copyright © 1996-1999 by Internet Software Consortium.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
 * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
 * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
 * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 * SOFTWARE.
 */

/*
 * WARNING: Don't even consider trying to compile this on a system where
 * sizeof(int) < 4.  sizeof(int) > 4 is fine; all the world's not a VAX.
 */

/* int
 * inet_pton4(src, dst)
 *      like inet_aton() but without all the hexadecimal and shorthand.
 * return:
 *      1 if `src' is a valid dotted quad, else 0.
 * notice:
 *      does not touch `dst' unless it's returning 1.
 * author:
 *      Paul Vixie, 1996.
 */
static int
inet_pton4 (char const *src, unsigned char *dst)
{
  int saw_digit, octets, ch;
  unsigned char tmp[INADDRSZ], *tp;

  saw_digit = 0;
  octets = 0;
  *(tp = tmp) = 0;
  while ((ch = *src++) != '\0')
    {
      if (ch >= '0' && ch <= '9')
        {
          unsigned newtp = *tp * 10 + (ch - '0');

          if (newtp > 255)
            return (0);
          *tp = newtp;
          if (!saw_digit)
            {
              if (++octets > 4)
                return (0);
              saw_digit = 1;
            }
        }
      else if (ch == '.' && saw_digit)
        {
          if (octets == 4)
            return (0);
          *++tp = 0;
          saw_digit = 0;
        }
      else
        return (0);
    }
  if (octets < 4)
    return (0);
  memcpy (dst, tmp, INADDRSZ);
  return (1);
}

/* int
 * inet_pton6(src, dst)
 *      convert presentation level address to network order binary form.
 * return:
 *      1 if `src' is a valid [RFC1884 2.2] address, else 0.
 * notice:
 *      (1) does not touch `dst' unless it's returning 1.
 *      (2) :: in a full address is silently ignored.
 * credit:
 *      inspired by Mark Andrews.
 * author:
 *      Paul Vixie, 1996.
 */
static int
inet_pton6 (char const *src, unsigned char *dst)
{
  static const char xdigits[] = "0123456789abcdef";
  unsigned char tmp[IN6ADDRSZ], *tp, *endp, *colonp;
  char const *curtok;
  int ch, saw_xdigit;
  unsigned val;

  tp = static_cast<unsigned char *> (memset (tmp, '\0', IN6ADDRSZ));
  endp = tp + IN6ADDRSZ;
  colonp = NULL;
  /* Leading :: requires some special handling. */
  if (*src == ':')
    if (*++src != ':')
      return (0);
  curtok = src;
  saw_xdigit = 0;
  val = 0;
  while ((ch = tolower (*src++)) != '\0')
    {
      char const *pch;

      pch = strchr (xdigits, ch);
      if (pch != NULL)
        {
          val <<= 4;
          val |= (pch - xdigits);
          if (val > 0xffff)
            return (0);
          saw_xdigit = 1;
          continue;
        }
      if (ch == ':')
        {
          curtok = src;
          if (!saw_xdigit)
            {
              if (colonp)
                return (0);
              colonp = tp;
              continue;
            }
          else if (*src == '\0')
            {
              return (0);
            }
          if (tp + INT16SZ > endp)
            return (0);
          *tp++ = (unsigned char) (val >> 8) & 0xff;
          *tp++ = (unsigned char) val & 0xff;
          saw_xdigit = 0;
          val = 0;
          continue;
        }
      if (*src != '\0' && ch == '.')
        {
          if (((tp + INADDRSZ) <= endp) && inet_pton4 (curtok, tp) > 0)
            {
              tp += INADDRSZ;
              saw_xdigit = 0;
              break;            /* '\0' was seen by inet_pton4(). */
            }
        }
      else
        continue;
      return (0);
    }
  if (saw_xdigit)
    {
      if (tp + INT16SZ > endp)
        return (0);
      *tp++ = (unsigned char) (val >> 8) & 0xff;
      *tp++ = (unsigned char) val & 0xff;
    }
  if (colonp != NULL)
    {
      /*
       * Since some memmove()'s erroneously fail to handle
       * overlapping regions, we'll do the shift by hand.
       */
      const int n = tp - colonp;
      int i;

      if (tp == endp)
        return (0);
      for (i = 1; i <= n; i++)
        {
          endp[-i] = colonp[n - i];
          colonp[n - i] = 0;
        }
      tp = endp;
    }
  if (tp != endp)
    return (0);
  memcpy (dst, tmp, IN6ADDRSZ);
  return (1);
}

/*
 * match_ips()
 *
 * Input - cidr ip mask, address
 * Output - 0 = Matched 1 = Did not match
 * switched 0 and 1 to be consistent with match() -- jilles
 */
int
match_ips (char const * const s1, char const * const s2)
{
  unsigned char ipaddr[IN6ADDRSZ], maskaddr[IN6ADDRSZ];
  char ipmask[BUFSIZE];
  char ip[HOSTLEN + 1];
  char *len;
  int cidrlen;

  strlcpy (ipmask, s1, sizeof ipmask);
  strlcpy (ip, s2, sizeof ip);

  len = strrchr (ipmask, '/');
  if (len == NULL)
    return 1;

  *len++ = '\0';

  cidrlen = atoi (len);
  if (cidrlen == 0)
    return 1;

  if (strchr (ip, ':') && strchr (ipmask, ':'))
    {
      if (cidrlen > 128)
        return 1;
      if (!inet_pton6 (ip, ipaddr))
        return 1;
      if (!inet_pton6 (ipmask, maskaddr))
        return 1;
      return !comp_with_mask (ipaddr, maskaddr, cidrlen);
    }
  else if (!strchr (ip, ':') && !strchr (ipmask, ':'))
    {
      if (cidrlen > 32)
        return 1;
      if (!inet_pton4 (ip, ipaddr))
        return 1;
      if (!inet_pton4 (ipmask, maskaddr))
        return 1;
      return !comp_with_mask (ipaddr, maskaddr, cidrlen);
    }
  else
    return 1;
}

/* match_cidr()
 *
 * Input - mask n!u@i/c, address n!u@i
 * Output - 0 = Matched 1 = Did not match
 * switched 0 and 1 to be consistent with match() -- jilles
 */
int
match_cidr (char const * const s1, char const * const s2)
{
  unsigned char ipaddr[IN6ADDRSZ], maskaddr[IN6ADDRSZ];
  char mask[BUFSIZE];
  char address[NICKLEN + USERLEN + HOSTLEN + 6];
  char *ipmask;
  char *ip;
  char *len;
  int cidrlen;

  strlcpy (mask, s1, sizeof mask);
  strlcpy (address, s2, sizeof address);

  ipmask = strrchr (mask, '@');
  if (ipmask == NULL)
    return 1;

  *ipmask++ = '\0';

  ip = strrchr (address, '@');
  if (ip == NULL)
    return 1;
  *ip++ = '\0';

  len = strrchr (ipmask, '/');
  if (len == NULL)
    return 1;

  *len++ = '\0';

  cidrlen = atoi (len);
  if (cidrlen == 0)
    return 1;

  if (strchr (ip, ':') && strchr (ipmask, ':'))
    {
      if (cidrlen > 128)
        return 1;
      if (!inet_pton6 (ip, ipaddr))
        return 1;
      if (!inet_pton6 (ipmask, maskaddr))
        return 1;
      return !comp_with_mask (ipaddr, maskaddr, cidrlen) || match (mask, address);
    }
  else if (!strchr (ip, ':') && !strchr (ipmask, ':'))
    {
      if (cidrlen > 32)
        return 1;
      if (!inet_pton4 (ip, ipaddr))
        return 1;
      if (!inet_pton4 (ipmask, maskaddr))
        return 1;
      return !comp_with_mask (ipaddr, maskaddr, cidrlen) || match (mask, address);
    }
  else
    return 1;
}

/* vim:cinoptions=>s,e0,n0,f0,{0,}0,^0,=s,ps,t0,c3,+s,(2s,us,)20,*30,gs,hs
 * vim:ts=8
 * vim:sw=8
 * vim:noexpandtab
 */
Revision:	1.5
Committed:	Sun Sep 16 18:54:44 2007 UTC (16 years, 8 months ago) by pippijn
Content type:	text/plain
Branch:	MAIN
CVS Tags:	HEAD
Changes since 1.4:	+7 -1 lines
Log Message:	#defines to enum
#	User	Rev	Content
1	pippijn	1.1	/**
2			* cidr.C: CIDR matching.
3	pippijn	1.5	*
4			* Copyright © 2007 Pippijn van Steenhoven / The Ermyth Team
5			* Rights to this code are as documented in COPYING.
6			*
7			*
8			* Portions of this file were derived from sources bearing the following license:
9	pippijn	1.2	* Rights to this code are documented in doc/pod/license.pod.
10	pippijn	1.1	*
11			* Most code in this file has been copied from ratbox, src/match.c and
12			* src/irc_string.c. It provides CIDR matching for IPv4 and IPv6 without
13			* special OS support.
14			*
15	pippijn	1.4	* Copyright © 1996-2002 Hybrid Development Team
16			* Copyright © 2002-2005 ircd-ratbox development team
17			* Copyright © 2005-2007 Atheme Project (http://www.atheme.org)
18	pippijn	1.1	*/
19
20	pippijn	1.5	static char const rcsid[] = "$Id: cidr.C,v 1.4 2007-08-28 17:08:12 pippijn Exp $";
21	pippijn	1.1
22			#include "atheme.h"
23
24			#ifndef INADDRSZ
25			#define INADDRSZ 4
26			#endif
27			#ifndef IN6ADDRSZ
28			#define IN6ADDRSZ 16
29			#endif
30			#ifndef INT16SZ
31			#define INT16SZ 2
32			#endif
33
34			/* compares the first 'mask' bits
35			* returns 1 if equal, 0 if not */
36			static int
37			comp_with_mask (void addr, void dest, unsigned mask)
38			{
39			if (memcmp (addr, dest, mask / 8) == 0)
40			{
41			int n = mask / 8;
42			int m = ((-1) << (8 - (mask % 8)));
43			if (mask % 8 == 0 \|\| (((unsigned char ) addr)[n] & m) == (((unsigned char ) dest)[n] & m))
44			{
45			return (1);
46			}
47			}
48			return (0);
49			}
50
51			/*
52			* inet_pton4() and inet_pton6() are
53	pippijn	1.4	* Copyright © 1996-1999 by Internet Software Consortium.
54	pippijn	1.1	*
55			* Permission to use, copy, modify, and distribute this software for any
56			* purpose with or without fee is hereby granted, provided that the above
57			* copyright notice and this permission notice appear in all copies.
58			*
59			* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
60			* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
61			* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
62			* CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
63			* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
64			* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
65			* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
66			* SOFTWARE.
67			*/
68
69			/*
70			* WARNING: Don't even consider trying to compile this on a system where
71			* sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX.
72			*/
73
74			/* int
75			* inet_pton4(src, dst)
76			* like inet_aton() but without all the hexadecimal and shorthand.
77			* return:
78			* 1 if `src' is a valid dotted quad, else 0.
79			* notice:
80			* does not touch `dst' unless it's returning 1.
81			* author:
82			* Paul Vixie, 1996.
83			*/
84			static int
85			inet_pton4 (char const src, unsigned char dst)
86			{
87			int saw_digit, octets, ch;
88			unsigned char tmp[INADDRSZ], *tp;
89
90			saw_digit = 0;
91			octets = 0;
92			*(tp = tmp) = 0;
93			while ((ch = *src++) != '\0')
94			{
95			if (ch >= '0' && ch <= '9')
96			{
97			unsigned newtp = tp 10 + (ch - '0');
98
99			if (newtp > 255)
100			return (0);
101			*tp = newtp;
102			if (!saw_digit)
103			{
104			if (++octets > 4)
105			return (0);
106			saw_digit = 1;
107			}
108			}
109			else if (ch == '.' && saw_digit)
110			{
111			if (octets == 4)
112			return (0);
113			*++tp = 0;
114			saw_digit = 0;
115			}
116			else
117			return (0);
118			}
119			if (octets < 4)
120			return (0);
121			memcpy (dst, tmp, INADDRSZ);
122			return (1);
123			}
124
125			/* int
126			* inet_pton6(src, dst)
127			* convert presentation level address to network order binary form.
128			* return:
129			* 1 if `src' is a valid [RFC1884 2.2] address, else 0.
130			* notice:
131			* (1) does not touch `dst' unless it's returning 1.
132			* (2) :: in a full address is silently ignored.
133			* credit:
134			* inspired by Mark Andrews.
135			* author:
136			* Paul Vixie, 1996.
137			*/
138			static int
139			inet_pton6 (char const src, unsigned char dst)
140			{
141			static const char xdigits[] = "0123456789abcdef";
142			unsigned char tmp[IN6ADDRSZ], tp, endp, *colonp;
143	pippijn	1.4	char const *curtok;
144	pippijn	1.1	int ch, saw_xdigit;
145			unsigned val;
146
147			tp = static_cast<unsigned char *> (memset (tmp, '\0', IN6ADDRSZ));
148			endp = tp + IN6ADDRSZ;
149			colonp = NULL;
150			/* Leading :: requires some special handling. */
151			if (*src == ':')
152			if (*++src != ':')
153			return (0);
154			curtok = src;
155			saw_xdigit = 0;
156			val = 0;
157			while ((ch = tolower (*src++)) != '\0')
158			{
159	pippijn	1.4	char const *pch;
160	pippijn	1.1
161			pch = strchr (xdigits, ch);
162			if (pch != NULL)
163			{
164			val <<= 4;
165			val \|= (pch - xdigits);
166			if (val > 0xffff)
167			return (0);
168			saw_xdigit = 1;
169			continue;
170			}
171			if (ch == ':')
172			{
173			curtok = src;
174			if (!saw_xdigit)
175			{
176			if (colonp)
177			return (0);
178			colonp = tp;
179			continue;
180			}
181			else if (*src == '\0')
182			{
183			return (0);
184			}
185			if (tp + INT16SZ > endp)
186			return (0);
187			*tp++ = (unsigned char) (val >> 8) & 0xff;
188			*tp++ = (unsigned char) val & 0xff;
189			saw_xdigit = 0;
190			val = 0;
191			continue;
192			}
193			if (*src != '\0' && ch == '.')
194			{
195			if (((tp + INADDRSZ) <= endp) && inet_pton4 (curtok, tp) > 0)
196			{
197			tp += INADDRSZ;
198			saw_xdigit = 0;
199			break; /* '\0' was seen by inet_pton4(). */
200			}
201			}
202			else
203			continue;
204			return (0);
205			}
206			if (saw_xdigit)
207			{
208			if (tp + INT16SZ > endp)
209			return (0);
210			*tp++ = (unsigned char) (val >> 8) & 0xff;
211			*tp++ = (unsigned char) val & 0xff;
212			}
213			if (colonp != NULL)
214			{
215			/*
216			* Since some memmove()'s erroneously fail to handle
217			* overlapping regions, we'll do the shift by hand.
218			*/
219			const int n = tp - colonp;
220			int i;
221
222			if (tp == endp)
223			return (0);
224			for (i = 1; i <= n; i++)
225			{
226			endp[-i] = colonp[n - i];
227			colonp[n - i] = 0;
228			}
229			tp = endp;
230			}
231			if (tp != endp)
232			return (0);
233			memcpy (dst, tmp, IN6ADDRSZ);
234			return (1);
235			}
236
237			/*
238			* match_ips()
239			*
240			* Input - cidr ip mask, address
241			* Output - 0 = Matched 1 = Did not match
242			* switched 0 and 1 to be consistent with match() -- jilles
243			*/
244			int
245	pippijn	1.4	match_ips (char const * const s1, char const * const s2)
246	pippijn	1.1	{
247			unsigned char ipaddr[IN6ADDRSZ], maskaddr[IN6ADDRSZ];
248			char ipmask[BUFSIZE];
249			char ip[HOSTLEN + 1];
250			char *len;
251			int cidrlen;
252
253			strlcpy (ipmask, s1, sizeof ipmask);
254			strlcpy (ip, s2, sizeof ip);
255
256			len = strrchr (ipmask, '/');
257			if (len == NULL)
258			return 1;
259
260			*len++ = '\0';
261
262			cidrlen = atoi (len);
263			if (cidrlen == 0)
264			return 1;
265
266			if (strchr (ip, ':') && strchr (ipmask, ':'))
267			{
268			if (cidrlen > 128)
269			return 1;
270			if (!inet_pton6 (ip, ipaddr))
271			return 1;
272			if (!inet_pton6 (ipmask, maskaddr))
273			return 1;
274			return !comp_with_mask (ipaddr, maskaddr, cidrlen);
275			}
276			else if (!strchr (ip, ':') && !strchr (ipmask, ':'))
277			{
278			if (cidrlen > 32)
279			return 1;
280			if (!inet_pton4 (ip, ipaddr))
281			return 1;
282			if (!inet_pton4 (ipmask, maskaddr))
283			return 1;
284			return !comp_with_mask (ipaddr, maskaddr, cidrlen);
285			}
286			else
287			return 1;
288			}
289
290			/* match_cidr()
291			*
292			* Input - mask n!u@i/c, address n!u@i
293			* Output - 0 = Matched 1 = Did not match
294			* switched 0 and 1 to be consistent with match() -- jilles
295			*/
296			int
297	pippijn	1.4	match_cidr (char const * const s1, char const * const s2)
298	pippijn	1.1	{
299			unsigned char ipaddr[IN6ADDRSZ], maskaddr[IN6ADDRSZ];
300			char mask[BUFSIZE];
301			char address[NICKLEN + USERLEN + HOSTLEN + 6];
302			char *ipmask;
303			char *ip;
304			char *len;
305			int cidrlen;
306
307			strlcpy (mask, s1, sizeof mask);
308			strlcpy (address, s2, sizeof address);
309
310			ipmask = strrchr (mask, '@');
311			if (ipmask == NULL)
312			return 1;
313
314			*ipmask++ = '\0';
315
316			ip = strrchr (address, '@');
317			if (ip == NULL)
318			return 1;
319			*ip++ = '\0';
320
321			len = strrchr (ipmask, '/');
322			if (len == NULL)
323			return 1;
324
325			*len++ = '\0';
326
327			cidrlen = atoi (len);
328			if (cidrlen == 0)
329			return 1;
330
331			if (strchr (ip, ':') && strchr (ipmask, ':'))
332			{
333			if (cidrlen > 128)
334			return 1;
335			if (!inet_pton6 (ip, ipaddr))
336			return 1;
337			if (!inet_pton6 (ipmask, maskaddr))
338			return 1;
339			return !comp_with_mask (ipaddr, maskaddr, cidrlen) \|\| match (mask, address);
340			}
341			else if (!strchr (ip, ':') && !strchr (ipmask, ':'))
342			{
343			if (cidrlen > 32)
344			return 1;
345			if (!inet_pton4 (ip, ipaddr))
346			return 1;
347			if (!inet_pton4 (ipmask, maskaddr))
348			return 1;
349			return !comp_with_mask (ipaddr, maskaddr, cidrlen) \|\| match (mask, address);
350			}
351			else
352			return 1;
353			}
354
355			/* vim:cinoptions=>s,e0,n0,f0,{0,}0,^0,=s,ps,t0,c3,+s,(2s,us,)20,*30,gs,hs
356			* vim:ts=8
357			* vim:sw=8
358			* vim:noexpandtab
359			*/