1
0

callback_access.c 1.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869
  1. /*
  2. * clish_access_callback.c
  3. *
  4. *
  5. * callback hook to check whether the current user is a
  6. * member of the specified group (access string)
  7. */
  8. #include <stdlib.h>
  9. #include <unistd.h>
  10. #include <sys/types.h>
  11. #include <assert.h>
  12. #include <string.h>
  13. #ifdef HAVE_GRP_H
  14. #include <grp.h>
  15. #endif
  16. #include "lub/string.h"
  17. #include "lub/db.h"
  18. #include "internal.h"
  19. /*--------------------------------------------------------- */
  20. bool_t clish_access_callback(const clish_shell_t * shell, const char *access)
  21. {
  22. bool_t allowed = BOOL_FALSE; /* assume the user is not allowed */
  23. #ifdef HAVE_GRP_H
  24. int num_groups;
  25. long ngroups_max;
  26. gid_t *group_list;
  27. int i;
  28. char *tmp_access, *full_access;
  29. char *saveptr;
  30. assert(access);
  31. full_access = lub_string_dup(access);
  32. ngroups_max = sysconf(_SC_NGROUPS_MAX) + 1;
  33. group_list = (gid_t *)malloc(ngroups_max * sizeof(gid_t));
  34. /* Get the groups for the current user */
  35. num_groups = getgroups(ngroups_max, group_list);
  36. assert(num_groups != -1);
  37. /* Now check these against the access provided */
  38. /* The external loop goes trough the list of valid groups */
  39. /* The allowed groups are indicated by a colon-separated (:) list. */
  40. for (tmp_access = strtok_r(full_access, ":", &saveptr);
  41. tmp_access; tmp_access = strtok_r(NULL, ":", &saveptr)) {
  42. /* The internal loop goes trough the system group list */
  43. for (i = 0; i < num_groups; i++) {
  44. struct group *ptr = lub_db_getgrgid(group_list[i]);
  45. if (!ptr)
  46. continue;
  47. if (0 == strcmp(ptr->gr_name, tmp_access)) {
  48. /* The current user is permitted to use this command */
  49. allowed = BOOL_TRUE;
  50. free(ptr);
  51. break;
  52. }
  53. free(ptr);
  54. }
  55. }
  56. lub_string_free(full_access);
  57. free(group_list);
  58. #endif
  59. return allowed;
  60. }
  61. /*--------------------------------------------------------- */