1 /* $NetBSD: server.c,v 1.3 2007/03/18 10:00:42 plunky Exp $ */ 2 /* $DragonFly: src/usr.sbin/sdpd/server.c,v 1.1 2008/01/06 21:51:30 hasso Exp $ */ 3 4 /*- 5 * Copyright (c) 2006 Itronix Inc. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. The name of Itronix Inc. may not be used to endorse 17 * or promote products derived from this software without specific 18 * prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY 24 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 27 * ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 */ 32 /* 33 * server.c 34 * 35 * Copyright (c) 2004 Maksim Yevmenkin <m_evmenkin@yahoo.com> 36 * All rights reserved. 37 * 38 * Redistribution and use in source and binary forms, with or without 39 * modification, are permitted provided that the following conditions 40 * are met: 41 * 1. Redistributions of source code must retain the above copyright 42 * notice, this list of conditions and the following disclaimer. 43 * 2. Redistributions in binary form must reproduce the above copyright 44 * notice, this list of conditions and the following disclaimer in the 45 * documentation and/or other materials provided with the distribution. 46 * 47 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 48 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 49 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 50 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 51 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 52 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 53 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 54 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 55 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 56 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 57 * SUCH DAMAGE. 58 * 59 * $Id: server.c,v 1.1.1.1 2007/11/20 11:56:11 griffin Exp $ 60 * $FreeBSD: src/usr.sbin/bluetooth/sdpd/server.c,v 1.2 2005/12/06 17:56:36 emax Exp $ 61 */ 62 63 #include <sys/param.h> 64 #include <sys/select.h> 65 #include <sys/stat.h> 66 #include <sys/queue.h> 67 #include <sys/ucred.h> 68 #include <sys/un.h> 69 #include <sys/uio.h> 70 #include <netinet/in.h> 71 #include <arpa/inet.h> 72 #include <assert.h> 73 #include <bluetooth.h> 74 #include <errno.h> 75 #include <grp.h> 76 #include <pwd.h> 77 #include <sdp.h> 78 #include <stdio.h> 79 #include <stdlib.h> 80 #include <string.h> 81 #include <unistd.h> 82 #include "log.h" 83 #include "profile.h" 84 #include "provider.h" 85 #include "server.h" 86 87 static void server_accept_client (server_p srv, int32_t fd); 88 static int32_t server_process_request (server_p srv, int32_t fd); 89 static int32_t server_send_error_response (server_p srv, int32_t fd, 90 uint16_t error); 91 static void server_close_fd (server_p srv, int32_t fd); 92 #if 0 93 static int server_auth_check (server_p srv, struct sockcred *cred); 94 #endif 95 static int server_auth_check (server_p srv, struct cmsgcred *cred); 96 97 /* 98 * Initialize server 99 */ 100 101 int32_t 102 server_init(server_p srv, char const *control, char const *sgroup) 103 { 104 struct sockaddr_un un; 105 struct sockaddr_bt l2; 106 socklen_t size; 107 int32_t unsock, l2sock; 108 uint16_t imtu; 109 int opt; 110 111 assert(srv != NULL); 112 assert(control != NULL); 113 114 memset(srv, 0, sizeof(srv)); 115 srv->sgroup = sgroup; 116 117 /* Open control socket */ 118 if (unlink(control) < 0 && errno != ENOENT) { 119 log_crit("Could not unlink(%s). %s (%d)", 120 control, strerror(errno), errno); 121 return (-1); 122 } 123 124 unsock = socket(PF_LOCAL, SOCK_STREAM, 0); 125 if (unsock < 0) { 126 log_crit("Could not create control socket. %s (%d)", 127 strerror(errno), errno); 128 return (-1); 129 } 130 131 opt = 1; 132 #if 0 133 if (setsockopt(unsock, 0, LOCAL_CREDS, &opt, sizeof(opt)) < 0) 134 log_crit("Warning: No credential checks on control socket"); 135 #endif 136 memset(&un, 0, sizeof(un)); 137 un.sun_len = sizeof(un); 138 un.sun_family = AF_LOCAL; 139 strlcpy(un.sun_path, control, sizeof(un.sun_path)); 140 141 if (bind(unsock, (struct sockaddr *) &un, sizeof(un)) < 0) { 142 log_crit("Could not bind control socket. %s (%d)", 143 strerror(errno), errno); 144 close(unsock); 145 return (-1); 146 } 147 148 if (chmod(control, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH) < 0) { 149 log_crit("Could not change permissions on control socket. " \ 150 "%s (%d)", strerror(errno), errno); 151 close(unsock); 152 return (-1); 153 } 154 155 if (listen(unsock, 10) < 0) { 156 log_crit("Could not listen on control socket. %s (%d)", 157 strerror(errno), errno); 158 close(unsock); 159 return (-1); 160 } 161 162 /* Open L2CAP socket */ 163 l2sock = socket(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP); 164 if (l2sock < 0) { 165 log_crit("Could not create L2CAP socket. %s (%d)", 166 strerror(errno), errno); 167 close(unsock); 168 return (-1); 169 } 170 171 size = sizeof(imtu); 172 if (getsockopt(l2sock, BTPROTO_L2CAP, SO_L2CAP_IMTU, &imtu, &size) < 0) { 173 log_crit("Could not get L2CAP IMTU. %s (%d)", 174 strerror(errno), errno); 175 close(unsock); 176 close(l2sock); 177 return (-1); 178 } 179 180 memset(&l2, 0, sizeof(l2)); 181 l2.bt_len = sizeof(l2); 182 l2.bt_family = AF_BLUETOOTH; 183 l2.bt_psm = L2CAP_PSM_SDP; 184 bdaddr_copy(&l2.bt_bdaddr, BDADDR_ANY); 185 186 if (bind(l2sock, (struct sockaddr *) &l2, sizeof(l2)) < 0) { 187 log_crit("Could not bind L2CAP socket. %s (%d)", 188 strerror(errno), errno); 189 close(unsock); 190 close(l2sock); 191 return (-1); 192 } 193 194 if (listen(l2sock, 10) < 0) { 195 log_crit("Could not listen on L2CAP socket. %s (%d)", 196 strerror(errno), errno); 197 close(unsock); 198 close(l2sock); 199 return (-1); 200 } 201 202 /* Allocate incoming buffer */ 203 srv->imtu = (imtu > SDP_LOCAL_MTU)? imtu : SDP_LOCAL_MTU; 204 srv->req = (uint8_t *) calloc(srv->imtu, sizeof(srv->req[0])); 205 if (srv->req == NULL) { 206 log_crit("Could not allocate request buffer"); 207 close(unsock); 208 close(l2sock); 209 return (-1); 210 } 211 212 /* Allocate memory for descriptor index */ 213 srv->fdidx = (fd_idx_p) calloc(FD_SETSIZE, sizeof(srv->fdidx[0])); 214 if (srv->fdidx == NULL) { 215 log_crit("Could not allocate fd index"); 216 free(srv->req); 217 close(unsock); 218 close(l2sock); 219 return (-1); 220 } 221 222 /* Register Service Discovery profile (attach it to control socket) */ 223 if (provider_register_sd(unsock) < 0) { 224 log_crit("Could not register Service Discovery profile"); 225 free(srv->fdidx); 226 free(srv->req); 227 close(unsock); 228 close(l2sock); 229 return (-1); 230 } 231 232 /* 233 * If we got here then everything is fine. Add both control sockets 234 * to the index. 235 */ 236 237 FD_ZERO(&srv->fdset); 238 srv->maxfd = (unsock > l2sock)? unsock : l2sock; 239 240 FD_SET(unsock, &srv->fdset); 241 srv->fdidx[unsock].valid = 1; 242 srv->fdidx[unsock].server = 1; 243 srv->fdidx[unsock].control = 1; 244 srv->fdidx[unsock].priv = 0; 245 srv->fdidx[unsock].rsp_cs = 0; 246 srv->fdidx[unsock].rsp_size = 0; 247 srv->fdidx[unsock].rsp_limit = 0; 248 srv->fdidx[unsock].omtu = SDP_LOCAL_MTU; 249 srv->fdidx[unsock].rsp = NULL; 250 251 FD_SET(l2sock, &srv->fdset); 252 srv->fdidx[l2sock].valid = 1; 253 srv->fdidx[l2sock].server = 1; 254 srv->fdidx[l2sock].control = 0; 255 srv->fdidx[l2sock].priv = 0; 256 srv->fdidx[l2sock].rsp_cs = 0; 257 srv->fdidx[l2sock].rsp_size = 0; 258 srv->fdidx[l2sock].rsp_limit = 0; 259 srv->fdidx[l2sock].omtu = 0; /* unknown */ 260 srv->fdidx[l2sock].rsp = NULL; 261 262 return (0); 263 } 264 265 /* 266 * Shutdown server 267 */ 268 269 void 270 server_shutdown(server_p srv) 271 { 272 int fd; 273 274 assert(srv != NULL); 275 276 for (fd = 0; fd < srv->maxfd + 1; fd ++) 277 if (srv->fdidx[fd].valid) 278 server_close_fd(srv, fd); 279 280 free(srv->req); 281 free(srv->fdidx); 282 283 memset(srv, 0, sizeof(*srv)); 284 } 285 286 /* 287 * Do one server iteration 288 */ 289 290 int32_t 291 server_do(server_p srv) 292 { 293 fd_set fdset; 294 int32_t n, fd; 295 296 assert(srv != NULL); 297 298 /* Copy cached version of the fd set and call select */ 299 memcpy(&fdset, &srv->fdset, sizeof(fdset)); 300 n = select(srv->maxfd + 1, &fdset, NULL, NULL, NULL); 301 if (n < 0) { 302 if (errno == EINTR) 303 return (0); 304 305 log_err("Could not select(%d, %p). %s (%d)", 306 srv->maxfd + 1, &fdset, strerror(errno), errno); 307 308 return (-1); 309 } 310 311 /* Process descriptors */ 312 for (fd = 0; fd < srv->maxfd + 1 && n > 0; fd ++) { 313 if (!FD_ISSET(fd, &fdset)) 314 continue; 315 316 assert(srv->fdidx[fd].valid); 317 n --; 318 319 if (srv->fdidx[fd].server) 320 server_accept_client(srv, fd); 321 else if (server_process_request(srv, fd) != 0) 322 server_close_fd(srv, fd); 323 } 324 325 return (0); 326 327 } 328 329 /* 330 * Accept new client connection and register it with index 331 */ 332 333 static void 334 server_accept_client(server_p srv, int32_t fd) 335 { 336 uint8_t *rsp = NULL; 337 socklen_t size; 338 int32_t cfd; 339 uint16_t omtu; 340 341 do { 342 cfd = accept(fd, NULL, NULL); 343 } while (cfd < 0 && errno == EINTR); 344 345 if (cfd < 0) { 346 log_err("Could not accept connection on %s socket. %s (%d)", 347 srv->fdidx[fd].control? "control" : "L2CAP", 348 strerror(errno), errno); 349 return; 350 } 351 352 assert(!FD_ISSET(cfd, &srv->fdset)); 353 assert(!srv->fdidx[cfd].valid); 354 355 if (!srv->fdidx[fd].control) { 356 /* Get local BD_ADDR */ 357 size = sizeof(srv->req_sa); 358 if (getsockname(cfd,(struct sockaddr*)&srv->req_sa, &size) < 0) { 359 log_err("Could not get local BD_ADDR. %s (%d)", 360 strerror(errno), errno); 361 close(cfd); 362 return; 363 } 364 365 /* Get outgoing MTU */ 366 size = sizeof(omtu); 367 if (getsockopt(cfd, BTPROTO_L2CAP, SO_L2CAP_OMTU, &omtu, &size) < 0) { 368 log_err("Could not get L2CAP OMTU. %s (%d)", 369 strerror(errno), errno); 370 close(cfd); 371 return; 372 } 373 374 /* 375 * The maximum size of the L2CAP packet is 65536 bytes. 376 * The minimum L2CAP MTU is 43 bytes. That means we need 377 * 65536 / 43 = ~1524 chunks to transfer maximum packet 378 * size with minimum MTU. The "rsp_cs" field in fd_idx_t 379 * is 11 bit wide that gives us upto 2048 chunks. 380 */ 381 382 if (omtu < L2CAP_MTU_MINIMUM) { 383 log_err("L2CAP OMTU is too small (%d bytes)", omtu); 384 close(cfd); 385 return; 386 } 387 } else { 388 bdaddr_copy(&srv->req_sa.bt_bdaddr, BDADDR_ANY); 389 omtu = srv->fdidx[fd].omtu; 390 } 391 392 /* 393 * Allocate buffer. This is an overkill, but we can not know how 394 * big our reply is going to be. 395 */ 396 397 rsp = (uint8_t *) calloc(L2CAP_MTU_MAXIMUM, sizeof(rsp[0])); 398 if (rsp == NULL) { 399 log_crit("Could not allocate response buffer"); 400 close(cfd); 401 return; 402 } 403 404 /* Add client descriptor to the index */ 405 FD_SET(cfd, &srv->fdset); 406 if (srv->maxfd < cfd) 407 srv->maxfd = cfd; 408 srv->fdidx[cfd].valid = 1; 409 srv->fdidx[cfd].server = 0; 410 srv->fdidx[cfd].control = srv->fdidx[fd].control; 411 srv->fdidx[cfd].priv = 0; 412 srv->fdidx[cfd].rsp_cs = 0; 413 srv->fdidx[cfd].rsp_size = 0; 414 srv->fdidx[cfd].rsp_limit = 0; 415 srv->fdidx[cfd].omtu = omtu; 416 srv->fdidx[cfd].rsp = rsp; 417 } 418 419 /* 420 * Process request from the client 421 */ 422 423 static int32_t 424 server_process_request(server_p srv, int32_t fd) 425 { 426 uint8_t ctl[128]; 427 sdp_pdu_p pdu = (sdp_pdu_p) srv->req; 428 struct msghdr msg; 429 struct iovec iov; 430 int32_t len, error; 431 struct cmsghdr *cmsg; 432 433 assert(srv->imtu > 0); 434 assert(srv->req != NULL); 435 assert(FD_ISSET(fd, &srv->fdset)); 436 assert(srv->fdidx[fd].valid); 437 assert(!srv->fdidx[fd].server); 438 assert(srv->fdidx[fd].rsp != NULL); 439 assert(srv->fdidx[fd].omtu >= L2CAP_MTU_MINIMUM); 440 441 iov.iov_base = srv->req; 442 iov.iov_len = srv->imtu; 443 444 msg.msg_name = NULL; 445 msg.msg_namelen = 0; 446 msg.msg_iov = &iov; 447 msg.msg_iovlen = 1; 448 msg.msg_control = ctl; 449 msg.msg_controllen = sizeof(ctl); 450 msg.msg_flags = 0; 451 452 do { 453 len = recvmsg(fd, &msg, 0); 454 } while (len < 0 && errno == EINTR); 455 456 if (len < 0) { 457 log_err("Could not receive SDP request from %s socket. %s (%d)", 458 srv->fdidx[fd].control? "control" : "L2CAP", 459 strerror(errno), errno); 460 return (-1); 461 } 462 if (len == 0) { 463 log_info("Client on %s socket has disconnected", 464 srv->fdidx[fd].control? "control" : "L2CAP"); 465 return (-1); 466 } 467 468 #if XXX 469 if ((cmsg = CMSG_FIRSTHDR(&msg)) != NULL 470 && cmsg->cmsg_level == SOL_SOCKET 471 && cmsg->cmsg_type == SCM_CREDS 472 #if 0 473 && cmsg->cmsg_len >= CMSG_LEN(SOCKCREDSIZE(0)) 474 #endif 475 ) 476 srv->fdidx[fd].priv = 477 server_auth_check(srv, (struct cmsgcred *)CMSG_DATA(cmsg)); 478 #if 0 479 server_auth_check(srv, (struct sockcred *)CMSG_DATA(cmsg)); 480 #endif 481 #else 482 srv->fdidx[fd].priv = 1; 483 #endif 484 485 if (len >= sizeof(*pdu) 486 && (sizeof(*pdu) + (pdu->len = ntohs(pdu->len))) == len) { 487 switch (pdu->pid) { 488 case SDP_PDU_SERVICE_SEARCH_REQUEST: 489 error = server_prepare_service_search_response(srv, fd); 490 break; 491 492 case SDP_PDU_SERVICE_ATTRIBUTE_REQUEST: 493 error = server_prepare_service_attribute_response(srv, fd); 494 break; 495 496 case SDP_PDU_SERVICE_SEARCH_ATTRIBUTE_REQUEST: 497 error = server_prepare_service_search_attribute_response(srv, fd); 498 break; 499 500 case SDP_PDU_SERVICE_REGISTER_REQUEST: 501 error = server_prepare_service_register_response(srv, fd); 502 break; 503 504 case SDP_PDU_SERVICE_UNREGISTER_REQUEST: 505 error = server_prepare_service_unregister_response(srv, fd); 506 break; 507 508 case SDP_PDU_SERVICE_CHANGE_REQUEST: 509 error = server_prepare_service_change_response(srv, fd); 510 break; 511 512 default: 513 error = SDP_ERROR_CODE_INVALID_REQUEST_SYNTAX; 514 break; 515 } 516 } else 517 error = SDP_ERROR_CODE_INVALID_PDU_SIZE; 518 519 if (error == 0) { 520 switch (pdu->pid) { 521 case SDP_PDU_SERVICE_SEARCH_REQUEST: 522 error = server_send_service_search_response(srv, fd); 523 break; 524 525 case SDP_PDU_SERVICE_ATTRIBUTE_REQUEST: 526 error = server_send_service_attribute_response(srv, fd); 527 break; 528 529 case SDP_PDU_SERVICE_SEARCH_ATTRIBUTE_REQUEST: 530 error = server_send_service_search_attribute_response(srv, fd); 531 break; 532 533 case SDP_PDU_SERVICE_REGISTER_REQUEST: 534 error = server_send_service_register_response(srv, fd); 535 break; 536 537 case SDP_PDU_SERVICE_UNREGISTER_REQUEST: 538 error = server_send_service_unregister_response(srv, fd); 539 break; 540 541 case SDP_PDU_SERVICE_CHANGE_REQUEST: 542 error = server_send_service_change_response(srv, fd); 543 break; 544 545 default: 546 error = SDP_ERROR_CODE_INVALID_REQUEST_SYNTAX; 547 break; 548 } 549 550 if (error != 0) 551 log_err("Could not send SDP response to %s socket, " \ 552 "pdu->pid=%d, pdu->tid=%d, error=%d", 553 srv->fdidx[fd].control? "control" : "L2CAP", 554 pdu->pid, ntohs(pdu->tid), error); 555 } else { 556 log_err("Could not process SDP request from %s socket, " \ 557 "pdu->pid=%d, pdu->tid=%d, pdu->len=%d, len=%d, " \ 558 "error=%d", 559 srv->fdidx[fd].control? "control" : "L2CAP", 560 pdu->pid, ntohs(pdu->tid), pdu->len, len, error); 561 562 error = server_send_error_response(srv, fd, error); 563 if (error != 0) 564 log_err("Could not send SDP error response to %s " \ 565 "socket, pdu->pid=%d, pdu->tid=%d, error=%d", 566 srv->fdidx[fd].control? "control" : "L2CAP", 567 pdu->pid, ntohs(pdu->tid), error); 568 } 569 570 /* On error forget response (if any) */ 571 if (error != 0) { 572 srv->fdidx[fd].rsp_cs = 0; 573 srv->fdidx[fd].rsp_size = 0; 574 srv->fdidx[fd].rsp_limit = 0; 575 } 576 577 return (error); 578 } 579 580 /* 581 * Send SDP_Error_Response PDU 582 */ 583 584 static int32_t 585 server_send_error_response(server_p srv, int32_t fd, uint16_t error) 586 { 587 int32_t size; 588 589 struct { 590 sdp_pdu_t pdu; 591 uint16_t error; 592 } __attribute__ ((packed)) rsp; 593 594 /* Prepare and send SDP error response */ 595 rsp.pdu.pid = SDP_PDU_ERROR_RESPONSE; 596 rsp.pdu.tid = ((sdp_pdu_p)(srv->req))->tid; 597 rsp.pdu.len = htons(sizeof(rsp.error)); 598 rsp.error = htons(error); 599 600 do { 601 size = write(fd, &rsp, sizeof(rsp)); 602 } while (size < 0 && errno == EINTR); 603 604 return ((size < 0)? errno : 0); 605 } 606 607 /* 608 * Close descriptor and remove it from index 609 */ 610 611 static void 612 server_close_fd(server_p srv, int32_t fd) 613 { 614 provider_p provider = NULL, provider_next = NULL; 615 616 assert(FD_ISSET(fd, &srv->fdset)); 617 assert(srv->fdidx[fd].valid); 618 619 close(fd); 620 621 FD_CLR(fd, &srv->fdset); 622 if (fd == srv->maxfd) 623 srv->maxfd --; 624 625 if (srv->fdidx[fd].rsp != NULL) 626 free(srv->fdidx[fd].rsp); 627 628 memset(&srv->fdidx[fd], 0, sizeof(srv->fdidx[fd])); 629 630 for (provider = provider_get_first(); 631 provider != NULL; 632 provider = provider_next) { 633 provider_next = provider_get_next(provider); 634 635 if (provider->fd == fd) 636 provider_unregister(provider); 637 } 638 } 639 640 static int 641 /*server_auth_check(server_p srv, struct sockcred *cred)*/ 642 server_auth_check(server_p srv, struct cmsgcred *cred) 643 { 644 struct group *grp; 645 int n; 646 647 if (cred == NULL) 648 return 0; 649 650 if (cred->cmcred_uid == 0 || cred->cmcred_euid == 0) 651 return 1; 652 653 if (srv->sgroup == NULL) 654 return 0; 655 656 grp = getgrnam(srv->sgroup); 657 if (grp == NULL) { 658 log_err("No gid for group '%s'", srv->sgroup); 659 srv->sgroup = NULL; 660 return 0; 661 } 662 663 664 if (cred->cmcred_gid == grp->gr_gid) 665 return 1; 666 667 for (n = 0 ; n < cred->cmcred_ngroups ; n++) { 668 if (cred->cmcred_groups[n] == grp->gr_gid) 669 return 1; 670 } 671 672 return 0; 673 } 674