]> andersk Git - openssh.git/blobdiff - groupaccess.c
andersk / openssh.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
- djm@cvs.openbsd.org 2010/01/30 02:54:53
[openssh.git] / groupaccess.c
diff --git a/groupaccess.c b/groupaccess.c
index b907918323ed7a7dc8fbceb016db0940d912cd86..2381aeb15b57edf4deefacd0084ba5697a522149 100644 (file)
--- a/groupaccess.c
+++ b/groupaccess.c
@@ -1,3 +1,4 @@
+/* $OpenBSD: groupaccess.c,v 1.13 2008/07/04 03:44:59 djm Exp $ */
 /*
  * Copyright (c) 2001 Kevin Steves.  All rights reserved.
  *
@@ -23,15 +24,22 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: groupaccess.c,v 1.5 2002/03/04 17:27:39 stevesk Exp $");
 
-#include "groupaccess.h"
+#include <sys/types.h>
+#include <sys/param.h>
+
+#include <grp.h>
+#include <unistd.h>
+#include <stdarg.h>
+#include <string.h>
+
 #include "xmalloc.h"
+#include "groupaccess.h"
 #include "match.h"
 #include "log.h"
 
 static int ngroups;
-static char *groups_byname[NGROUPS_MAX + 1];   /* +1 for base/primary group */
+static char **groups_byname;
 
 /*
  * Initialize group access list for user with primary (base) and
@@ -40,19 +48,27 @@ static char *groups_byname[NGROUPS_MAX + 1];        /* +1 for base/primary group */
 int
 ga_init(const char *user, gid_t base)
 {
-       gid_t groups_bygid[NGROUPS_MAX + 1];
+       gid_t *groups_bygid;
        int i, j;
        struct group *gr;
 
        if (ngroups > 0)
                ga_free();
 
-       ngroups = sizeof(groups_bygid) / sizeof(gid_t);
+       ngroups = NGROUPS_MAX;
+#if defined(HAVE_SYSCONF) && defined(_SC_NGROUPS_MAX)
+       ngroups = MAX(NGROUPS_MAX, sysconf(_SC_NGROUPS_MAX));
+#endif
+
+       groups_bygid = xcalloc(ngroups, sizeof(*groups_bygid));
+       groups_byname = xcalloc(ngroups, sizeof(*groups_byname));
+
        if (getgrouplist(user, base, groups_bygid, &ngroups) == -1)
                logit("getgrouplist: groups list too small");
        for (i = 0, j = 0; i < ngroups; i++)
                if ((gr = getgrgid(groups_bygid[i])) != NULL)
                        groups_byname[j++] = xstrdup(gr->gr_name);
+       xfree(groups_bygid);
        return (ngroups = j);
 }
 
@@ -72,6 +88,30 @@ ga_match(char * const *groups, int n)
        return 0;
 }
 
+/*
+ * Return 1 if one of user's groups matches group_pattern list.
+ * Return 0 on negated or no match.
+ */
+int
+ga_match_pattern_list(const char *group_pattern)
+{
+       int i, found = 0;
+       size_t len = strlen(group_pattern);
+
+       for (i = 0; i < ngroups; i++) {
+               switch (match_pattern_list(groups_byname[i],
+                   group_pattern, len, 0)) {
+               case -1:
+                       return 0;       /* Negated match wins */
+               case 0:
+                       continue;
+               case 1:
+                       found = 1;
+               }
+       }
+       return found;
+}
+
 /*
  * Free memory allocated for group access list.
  */
@@ -84,5 +124,6 @@ ga_free(void)
                for (i = 0; i < ngroups; i++)
                        xfree(groups_byname[i]);
                ngroups = 0;
+               xfree(groups_byname);
        }
 }
git-cvsimport mirror of OpenSSH
This page took 1.0123 seconds and 4 git commands to generate.