*/
#include "includes.h"
+RCSID("$OpenBSD: groupaccess.c,v 1.6 2003/04/08 20:21:28 itojun Exp $");
#include "groupaccess.h"
-#include "ssh.h"
#include "xmalloc.h"
#include "match.h"
+#include "log.h"
static int ngroups;
-static char *groups_byname[NGROUPS_MAX + 1]; /* +1 for base/primary group */
+static char **groups_byname;
+/*
+ * Initialize group access list for user with primary (base) and
+ * supplementary groups. Return the number of groups in the list.
+ */
int
ga_init(const char *user, gid_t base)
{
- gid_t groups_bygid[NGROUPS_MAX + 1];
+ gid_t *groups_bygid;
int i, j;
struct group *gr;
if (ngroups > 0)
ga_free();
- ngroups = sizeof(groups_bygid) / sizeof(gid_t);
+ ngroups = NGROUPS_MAX;
+#if defined(HAVE_SYSCONF) && defined(_SC_NGROUPS_MAX)
+ ngroups = MAX(NGROUPS_MAX, sysconf(_SC_NGROUPS_MAX));
+#endif
+
+ groups_bygid = xmalloc(ngroups * sizeof(*groups_bygid));
+ groups_byname = xmalloc(ngroups * sizeof(*groups_byname));
+
if (getgrouplist(user, base, groups_bygid, &ngroups) == -1)
- log("getgrouplist: groups list too small");
+ logit("getgrouplist: groups list too small");
for (i = 0, j = 0; i < ngroups; i++)
if ((gr = getgrgid(groups_bygid[i])) != NULL)
groups_byname[j++] = xstrdup(gr->gr_name);
+ xfree(groups_bygid);
return (ngroups = j);
}
+/*
+ * Return 1 if one of user's groups is contained in groups.
+ * Return 0 otherwise. Use match_pattern() for string comparison.
+ */
int
ga_match(char * const *groups, int n)
{
return 0;
}
+/*
+ * Free memory allocated for group access list.
+ */
void
ga_free(void)
{
for (i = 0; i < ngroups; i++)
xfree(groups_byname[i]);
ngroups = 0;
+ xfree(groups_byname);
}
}
andersk / openssh.git / blobdiff