X-Git-Url: https://diplodocus.org/git/nmh/blobdiff_plain/16f84dac4d414312e41433f7ae74aecc45166806..94187a80bd60baab4b9c4b949ad820d730578123:/sbr/ruserpass.c diff --git a/sbr/ruserpass.c b/sbr/ruserpass.c index f7f01792..5c47aa11 100644 --- a/sbr/ruserpass.c +++ b/sbr/ruserpass.c @@ -1,4 +1,5 @@ -/* +/* ruserpass.c -- parse .netrc-format file. + * * Portions of this code are * Copyright (c) 1985 Regents of the University of California. * All rights reserved. @@ -35,7 +36,7 @@ static FILE *cfile; #define ID 10 #define MACH 11 -#define MAX_TOKVAL_SIZE 1024 +#define MAX_TOKVAL_SIZE 1024 /* Including terminating NUL. */ struct toktab { char *tokstr; @@ -80,7 +81,7 @@ ruserpass(const char *host, char **aname, char **apass, int flags) switch(t) { case DEFAULT: usedefault = 1; - /* FALL THROUGH */ + /* FALLTHRU */ case MACH: if (!usedefault) { @@ -107,8 +108,8 @@ ruserpass(const char *host, char **aname, char **apass, int flags) (stb.st_mode & 077) != 0) { /* We make this a fatal error to force the user to correct it. */ - advise(NULL, "Error - file %s must not be world or " - "group readable.", credentials_file); + inform("group or other permissions, %#o, " + "forbidden: %s", stb.st_mode, credentials_file); adios(NULL, "Remove password or correct file " "permissions."); } @@ -147,10 +148,10 @@ ruserpass(const char *host, char **aname, char **apass, int flags) } printf("Name (%s:%s): ", host, myname); - if (fgets(tmp, sizeof(tmp) - 1, stdin) == NULL) { + if (fgets(tmp, sizeof tmp, stdin) == NULL) { advise ("tmp", "fgets"); } - TrimSuffixC(tmp, '\n'); + trim_suffix_c(tmp, '\n'); if (*tmp != '\0' || myname == NULL) { myname = tmp; } @@ -177,44 +178,47 @@ ruserpass(const char *host, char **aname, char **apass, int flags) static int token(char *tokval) { - char *cp; int c; + const char normalStop[] = "\t\n ,"; /* Each breaks a word. */ + const char *stop; + char *cp; struct toktab *t; - if (feof(cfile)) + if (feof(cfile) || ferror(cfile)) return TOK_EOF; - while ((c = getc(cfile)) != EOF && - (c == '\n' || c == '\t' || c == ' ' || c == ',')) - continue; + + stop = normalStop; + while ((c = getc(cfile)) != EOF && c && strchr(stop, c)) + ; if (c == EOF) return TOK_EOF; + cp = tokval; - if (c == '"') { - while ((c = getc(cfile)) != EOF && c != '"') { - if (c == '\\') - c = getc(cfile); - *cp++ = c; - if (cp - tokval > MAX_TOKVAL_SIZE-1) { - adios(NULL, "credential tokens restricted to length %d", - MAX_TOKVAL_SIZE - 1); - } - } - } else { - *cp++ = c; - while ((c = getc(cfile)) != EOF - && c != '\n' && c != '\t' && c != ' ' && c != ',') { - if (c == '\\') - c = getc(cfile); - *cp++ = c; - if (cp - tokval > MAX_TOKVAL_SIZE-1) { - adios(NULL, "credential tokens restricted to length %d", - MAX_TOKVAL_SIZE - 1); - } - } + if (c == '"') + /* FIXME: Where is the quoted-string syntax of netrc documented? + * This code treats «"foo""bar"» as two tokens without further + * separators. */ + stop = "\""; + else + /* Might be backslash. Get it again later. It's handled then. */ + if (ungetc(c, cfile) == EOF) + return TOK_EOF; + + while ((c = getc(cfile)) != EOF && c && !strchr(stop, c)) { + if (c == '\\' && (c = getc(cfile)) == EOF) + return TOK_EOF; /* Discard whole token. */ + + *cp++ = c; + if (cp - tokval > MAX_TOKVAL_SIZE-1) { + adios(NULL, "credential tokens restricted to length %d", + MAX_TOKVAL_SIZE - 1); + } } - *cp = 0; + *cp = '\0'; + for (t = toktabs; t->tokstr; t++) if (!strcmp(t->tokstr, tokval)) - return (t->tval); - return (ID); + return t->tval; + + return ID; }