1 /* $NetBSD: groupaccess.c,v 1.2 2009/06/07 22:38:46 christos Exp $ */ 2 /* $OpenBSD: groupaccess.c,v 1.13 2008/07/04 03:44:59 djm Exp $ */ 3 /* 4 * Copyright (c) 2001 Kevin Steves. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27 #include "includes.h" 28 __RCSID("$NetBSD: groupaccess.c,v 1.2 2009/06/07 22:38:46 christos Exp $"); 29 #include <sys/types.h> 30 #include <sys/param.h> 31 32 #include <grp.h> 33 #include <unistd.h> 34 #include <stdarg.h> 35 #include <string.h> 36 37 #include "xmalloc.h" 38 #include "groupaccess.h" 39 #include "match.h" 40 #include "log.h" 41 42 static int ngroups; 43 static char *groups_byname[NGROUPS_MAX + 1]; /* +1 for base/primary group */ 44 45 /* 46 * Initialize group access list for user with primary (base) and 47 * supplementary groups. Return the number of groups in the list. 48 */ 49 int 50 ga_init(const char *user, gid_t base) 51 { 52 gid_t groups_bygid[NGROUPS_MAX + 1]; 53 int i, j; 54 struct group *gr; 55 56 if (ngroups > 0) 57 ga_free(); 58 59 ngroups = sizeof(groups_bygid) / sizeof(gid_t); 60 if (getgrouplist(user, base, groups_bygid, &ngroups) == -1) 61 logit("getgrouplist: groups list too small"); 62 for (i = 0, j = 0; i < ngroups; i++) 63 if ((gr = getgrgid(groups_bygid[i])) != NULL) 64 groups_byname[j++] = xstrdup(gr->gr_name); 65 return (ngroups = j); 66 } 67 68 /* 69 * Return 1 if one of user's groups is contained in groups. 70 * Return 0 otherwise. Use match_pattern() for string comparison. 71 */ 72 int 73 ga_match(char * const *groups, int n) 74 { 75 int i, j; 76 77 for (i = 0; i < ngroups; i++) 78 for (j = 0; j < n; j++) 79 if (match_pattern(groups_byname[i], groups[j])) 80 return 1; 81 return 0; 82 } 83 84 /* 85 * Return 1 if one of user's groups matches group_pattern list. 86 * Return 0 on negated or no match. 87 */ 88 int 89 ga_match_pattern_list(const char *group_pattern) 90 { 91 int i, found = 0; 92 size_t len = strlen(group_pattern); 93 94 for (i = 0; i < ngroups; i++) { 95 switch (match_pattern_list(groups_byname[i], 96 group_pattern, len, 0)) { 97 case -1: 98 return 0; /* Negated match wins */ 99 case 0: 100 continue; 101 case 1: 102 found = 1; 103 } 104 } 105 return found; 106 } 107 108 /* 109 * Free memory allocated for group access list. 110 */ 111 void 112 ga_free(void) 113 { 114 int i; 115 116 if (ngroups > 0) { 117 for (i = 0; i < ngroups; i++) 118 xfree(groups_byname[i]); 119 ngroups = 0; 120 } 121 } 122