2 * Copyright (c) 1996, 1998-2005, 2007-2013
3 * Todd C. Miller <Todd.Miller@courtesan.com>
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
17 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
19 * Sponsored in part by the Defense Advanced Research Projects
20 * Agency (DARPA) and Air Force Research Laboratory, Air Force
21 * Materiel Command, USAF, under agreement number F39502-99-1-0512.
26 #include <sys/types.h>
27 #include <sys/socket.h>
36 #endif /* STDC_HEADERS */
39 #endif /* HAVE_STRING_H */
42 #endif /* HAVE_STRINGS_H */
45 #endif /* HAVE_UNISTD_H */
46 #include <netinet/in.h>
47 #include <arpa/inet.h>
50 #include "interfaces.h"
53 addr_matches_if(char *n)
55 union sudo_in_addr_un addr;
56 struct interface *ifp;
57 #ifdef HAVE_STRUCT_IN6_ADDR
61 debug_decl(addr_matches_if, SUDO_DEBUG_MATCH)
63 #ifdef HAVE_STRUCT_IN6_ADDR
64 if (inet_pton(AF_INET6, n, &addr.ip6) > 0) {
67 #endif /* HAVE_STRUCT_IN6_ADDR */
70 addr.ip4.s_addr = inet_addr(n);
73 for (ifp = get_interfaces(); ifp != NULL; ifp = ifp->next) {
74 if (ifp->family != family)
78 if (ifp->addr.ip4.s_addr == addr.ip4.s_addr ||
79 (ifp->addr.ip4.s_addr & ifp->netmask.ip4.s_addr)
81 debug_return_bool(true);
83 #ifdef HAVE_STRUCT_IN6_ADDR
85 if (memcmp(ifp->addr.ip6.s6_addr, addr.ip6.s6_addr,
86 sizeof(addr.ip6.s6_addr)) == 0)
87 debug_return_bool(true);
88 for (j = 0; j < sizeof(addr.ip6.s6_addr); j++) {
89 if ((ifp->addr.ip6.s6_addr[j] & ifp->netmask.ip6.s6_addr[j]) != addr.ip6.s6_addr[j])
92 if (j == sizeof(addr.ip6.s6_addr))
93 debug_return_bool(true);
95 #endif /* HAVE_STRUCT_IN6_ADDR */
99 debug_return_bool(false);
103 addr_matches_if_netmask(char *n, char *m)
106 union sudo_in_addr_un addr, mask;
107 struct interface *ifp;
108 #ifdef HAVE_STRUCT_IN6_ADDR
112 debug_decl(addr_matches_if, SUDO_DEBUG_MATCH)
114 #ifdef HAVE_STRUCT_IN6_ADDR
115 if (inet_pton(AF_INET6, n, &addr.ip6) > 0)
118 #endif /* HAVE_STRUCT_IN6_ADDR */
121 addr.ip4.s_addr = inet_addr(n);
124 if (family == AF_INET) {
125 if (strchr(m, '.')) {
126 mask.ip4.s_addr = inet_addr(m);
132 mask.ip4.s_addr = 0xffffffff;
134 mask.ip4.s_addr = 0xffffffff - (1 << (32 - i)) + 1;
135 mask.ip4.s_addr = htonl(mask.ip4.s_addr);
137 addr.ip4.s_addr &= mask.ip4.s_addr;
139 #ifdef HAVE_STRUCT_IN6_ADDR
141 if (inet_pton(AF_INET6, m, &mask.ip6) <= 0) {
143 for (i = 0; i < sizeof(addr.ip6.s6_addr); i++) {
145 mask.ip6.s6_addr[i] = 0;
146 else if (i * 8 + 8 <= j)
147 mask.ip6.s6_addr[i] = 0xff;
149 mask.ip6.s6_addr[i] = 0xff00 >> (j - i * 8);
150 addr.ip6.s6_addr[i] &= mask.ip6.s6_addr[i];
154 #endif /* HAVE_STRUCT_IN6_ADDR */
156 for (ifp = get_interfaces(); ifp != NULL; ifp = ifp->next) {
157 if (ifp->family != family)
161 if ((ifp->addr.ip4.s_addr & mask.ip4.s_addr) == addr.ip4.s_addr)
162 debug_return_bool(true);
164 #ifdef HAVE_STRUCT_IN6_ADDR
166 for (j = 0; j < sizeof(addr.ip6.s6_addr); j++) {
167 if ((ifp->addr.ip6.s6_addr[j] & mask.ip6.s6_addr[j]) != addr.ip6.s6_addr[j])
170 if (j == sizeof(addr.ip6.s6_addr))
171 debug_return_bool(true);
173 #endif /* HAVE_STRUCT_IN6_ADDR */
177 debug_return_bool(false);
181 * Returns true if "n" is one of our ip addresses or if
182 * "n" is a network that we are on, else returns false.
185 addr_matches(char *n)
189 debug_decl(addr_matches, SUDO_DEBUG_MATCH)
191 /* If there's an explicit netmask, use it. */
192 if ((m = strchr(n, '/'))) {
194 retval = addr_matches_if_netmask(n, m);
197 retval = addr_matches_if(n);
199 debug_return_bool(retval);