From e1f4d82f475de76a0ca64e887aa6bffe05a6ec05 Mon Sep 17 00:00:00 2001
From: Johan Danielsson <joda@pdc.kth.se>
Date: Wed, 7 May 1997 17:50:54 +0000
Subject: [PATCH] Changed checkaccess to make no file mean `allow'. Added shell
 matching to names (if fnmatch is available).

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@1676 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 appl/ftp/ftpd/ftpd.c | 41 ++++++++++++++++++++++-------------------
 1 file changed, 22 insertions(+), 19 deletions(-)

diff --git a/appl/ftp/ftpd/ftpd.c b/appl/ftp/ftpd/ftpd.c
index 23319d1b9..2e19c9dac 100644
--- a/appl/ftp/ftpd/ftpd.c
+++ b/appl/ftp/ftpd/ftpd.c
@@ -682,15 +682,21 @@ checkuser(char *fname, char *name)
  * If the user is not found in the file, but the pseudo-user `*' is,
  * the permission is taken from that line.
  *
- * This is probably not the best way to do this, but it preserves
- * the old semantics where if a user was listed in the file he was
- * denied, otherwise he was allowed.
+ * This preserves the old semantics where if a user was listed in the
+ * file he was denied, otherwise he was allowed.
  *
- * There is one change in the semantics, however; ftpd will now `fail
- * safe' and deny all access if there's no /etc/ftpusers file.
- *
- * Return 1 if the user is denied, or 0 if he is allowed.
- */
+ * Return 1 if the user is denied, or 0 if he is allowed.  */
+
+static int
+match(const char *pattern, const char *string)
+{
+#ifdef HAVE_FNMATCH
+    return fnmatch(pattern, string, FNM_NOESCAPE);
+#else
+    return strcmp(pattern, "*") != 0 && strcmp(pattern, string) != 0;
+#endif
+}
+
 static int
 checkaccess(char *name)
 {
@@ -700,29 +706,26 @@ checkaccess(char *name)
     int allowed = ALLOWED;
     char *user, *perm, line[BUFSIZ];
     
-    if ((fd = fopen(_PATH_FTPUSERS, "r")) == NULL)
-	return NOT_ALLOWED;
+    fd = fopen(_PATH_FTPUSERS, "r");
     
+    if(fd == NULL)
+	return allowed;
+
     while (fgets(line, sizeof(line), fd) != NULL)  {
 	user = strtok(line, " \t\n");
 	if (user[0] == '#')
 	    continue;
 	perm = strtok(NULL, " \t\n");
-	if (strcmp(user, "*") == 0)  {
-	    if (perm != NULL && strcmp(perm, "allow") == 0)
+	if (match(user, name) == 0){
+	    if(perm && strcmp(perm, "allow") == 0)
 		allowed = ALLOWED;
 	    else
 		allowed = NOT_ALLOWED;
-	}
-	if (strcmp(user, name) == 0)  {
-	    if (perm != NULL && strcmp(perm, "allow") == 0)
-		return ALLOWED;
-	    else
-		return NOT_ALLOWED;
+	    break;
 	}
     }
     fclose(fd);
-    return (allowed);
+    return allowed;
 }
 #undef	ALLOWED
 #undef	NOT_ALLOWED