callback_access.c 1.7 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465
  1. /*
  2. * clish_access_callback.c
  3. *
  4. *
  5. * callback hook to check whether the current user is a
  6. * member of the specified group (access string)
  7. */
  8. #include <stdlib.h>
  9. #include <unistd.h>
  10. #include <sys/types.h>
  11. #include <assert.h>
  12. #include <string.h>
  13. #include <grp.h>
  14. #include "lub/string.h"
  15. #include "lub/db.h"
  16. #include "internal.h"
  17. /*--------------------------------------------------------- */
  18. bool_t clish_access_callback(const clish_shell_t * shell, const char *access)
  19. {
  20. bool_t allowed = BOOL_FALSE; /* assume the user is not allowed */
  21. int num_groups;
  22. long ngroups_max;
  23. gid_t *group_list;
  24. int i;
  25. char *tmp_access, *full_access;
  26. char *saveptr;
  27. assert(access);
  28. full_access = lub_string_dup(access);
  29. ngroups_max = sysconf(_SC_NGROUPS_MAX) + 1;
  30. group_list = (gid_t *)malloc(ngroups_max * sizeof(gid_t));
  31. /* Get the groups for the current user */
  32. num_groups = getgroups(ngroups_max, group_list);
  33. assert(num_groups != -1);
  34. /* Now check these against the access provided */
  35. /* The external loop goes trough the list of valid groups */
  36. /* The allowed groups are indicated by a colon-separated (:) list. */
  37. for (tmp_access = strtok_r(full_access, ":", &saveptr);
  38. tmp_access; tmp_access = strtok_r(NULL, ":", &saveptr)) {
  39. /* The internal loop goes trough the system group list */
  40. for (i = 0; i < num_groups; i++) {
  41. struct group *ptr = lub_db_getgrgid(group_list[i]);
  42. if (!ptr)
  43. continue;
  44. if (0 == strcmp(ptr->gr_name, tmp_access)) {
  45. /* The current user is permitted to use this command */
  46. allowed = BOOL_TRUE;
  47. free(ptr);
  48. break;
  49. }
  50. free(ptr);
  51. }
  52. }
  53. lub_string_free(full_access);
  54. free(group_list);
  55. return allowed;
  56. }
  57. /*--------------------------------------------------------- */