mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-01 09:46:50 +08:00
05764b9286
[auth-krb5.c auth-options.h auth.h authfd.h authfile.h bufaux.h buffer.h channels.h cipher.h compat.h compress.h crc32.h deattack.c getput.h groupaccess.c misc.c mpaux.h packet.h readconf.h rsa.h scard.h servconf.h ssh-agent.c ssh.h ssh2.h sshpty.h sshtty.c ttymodes.h uuencode.c xmalloc.h] $OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c files. ok markus@
89 lines
2.6 KiB
C
89 lines
2.6 KiB
C
/*
|
|
* Copyright (c) 2001 Kevin Steves. All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
#include "includes.h"
|
|
RCSID("$OpenBSD: groupaccess.c,v 1.5 2002/03/04 17:27:39 stevesk Exp $");
|
|
|
|
#include "groupaccess.h"
|
|
#include "xmalloc.h"
|
|
#include "match.h"
|
|
#include "log.h"
|
|
|
|
static int ngroups;
|
|
static char *groups_byname[NGROUPS_MAX + 1]; /* +1 for base/primary group */
|
|
|
|
/*
|
|
* Initialize group access list for user with primary (base) and
|
|
* supplementary groups. Return the number of groups in the list.
|
|
*/
|
|
int
|
|
ga_init(const char *user, gid_t base)
|
|
{
|
|
gid_t groups_bygid[NGROUPS_MAX + 1];
|
|
int i, j;
|
|
struct group *gr;
|
|
|
|
if (ngroups > 0)
|
|
ga_free();
|
|
|
|
ngroups = sizeof(groups_bygid) / sizeof(gid_t);
|
|
if (getgrouplist(user, base, groups_bygid, &ngroups) == -1)
|
|
log("getgrouplist: groups list too small");
|
|
for (i = 0, j = 0; i < ngroups; i++)
|
|
if ((gr = getgrgid(groups_bygid[i])) != NULL)
|
|
groups_byname[j++] = xstrdup(gr->gr_name);
|
|
return (ngroups = j);
|
|
}
|
|
|
|
/*
|
|
* Return 1 if one of user's groups is contained in groups.
|
|
* Return 0 otherwise. Use match_pattern() for string comparison.
|
|
*/
|
|
int
|
|
ga_match(char * const *groups, int n)
|
|
{
|
|
int i, j;
|
|
|
|
for (i = 0; i < ngroups; i++)
|
|
for (j = 0; j < n; j++)
|
|
if (match_pattern(groups_byname[i], groups[j]))
|
|
return 1;
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Free memory allocated for group access list.
|
|
*/
|
|
void
|
|
ga_free(void)
|
|
{
|
|
int i;
|
|
|
|
if (ngroups > 0) {
|
|
for (i = 0; i < ngroups; i++)
|
|
xfree(groups_byname[i]);
|
|
ngroups = 0;
|
|
}
|
|
}
|