Home Explore Help
Sign In
p_kosyh
/
klish
forked from pkun/klish
1
0
Fork 0
Files
Tree: 2b1c1bf0a9
Branches Tags
klish
/
plugins
/
clish
/
hook_access.c

hook_access.c 2.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384 
  1. /*
    2. 

  2.  * clish_access_callback.c
    3. 

  3.  *
    4. 

  4.  *
    5. 

  5.  * callback hook to check whether the current user is a 
    6. 

  6.  * member of the specified group (access string)
    7. 

  7.  */
    8. 

  8. 

  9. #include <stdlib.h>
    10. 

  10. #include <unistd.h>
    11. 

  11. #include <sys/types.h>
    12. 

  12. #include <assert.h>
    13. 

  13. #include <string.h>
    14. 

  14. 

  15. #ifdef HAVE_CONFIG_H
    16. 

  16. #include "config.h"
    17. 

  17. #endif /* HAVE_CONFIG_H */
    18. 

  18. 

  19. #ifdef HAVE_GRP_H
    20. 

  20. #include <grp.h>
    21. 

  21. #endif
    22. 

  22. 

  23. #include "lub/string.h"
    24. 

  24. #include "lub/db.h"
    25. 

  25. #include "clish/shell.h"
    26. 

  26. 

  27. /*--------------------------------------------------------- */
    28. 

  28. CLISH_HOOK_ACCESS(clish_hook_access)
    29. 

  29. {
    30. 

  30. 	bool_t allowed = BOOL_FALSE; /* assume the user is not allowed */
    31. 

  31. #ifdef HAVE_GRP_H
    32. 

  32. 	int num_groups;
    33. 

  33. 	long ngroups_max;
    34. 

  34. 	gid_t *group_list;
    35. 

  35. 	int i;
    36. 

  36. 	char *tmp_access, *full_access;
    37. 

  37. 	char *saveptr;
    38. 

  38. 

  39. 	assert(access);
    40. 

  40. 	full_access = lub_string_dup(access);
    41. 

  41. 	ngroups_max = sysconf(_SC_NGROUPS_MAX) + 1;
    42. 

  42. 	group_list = (gid_t *)malloc(ngroups_max * sizeof(gid_t));
    43. 

  43. 

  44. 	/* Get the groups for the current user */
    45. 

  45. 	num_groups = getgroups(ngroups_max, group_list);
    46. 

  46. 	assert(num_groups != -1);
    47. 

  47. 

  48. 	/* Now check these against the access provided */
    49. 

  49. 	/* The external loop goes trough the list of valid groups */
    50. 

  50. 	/* The allowed groups are indicated by a colon-separated (:) list. */
    51. 

  51. 	for (tmp_access = strtok_r(full_access, ":", &saveptr);
    52. 

  52. 		tmp_access; tmp_access = strtok_r(NULL, ":", &saveptr)) {
    53. 

  53. 		/* Check for the "*" wildcard */
    54. 

  54. 		if (0 == strcmp("*", tmp_access)) {
    55. 

  55. 			allowed = BOOL_TRUE;
    56. 

  56. 			break;
    57. 

  57. 		}
    58. 

  58. 		/* The internal loop goes trough the system group list */
    59. 

  59. 		for (i = 0; i < num_groups; i++) {
    60. 

  60. 			struct group *ptr = lub_db_getgrgid(group_list[i]);
    61. 

  61. 			if (!ptr)
    62. 

  62. 				continue;
    63. 

  63. 			if (0 == strcmp(ptr->gr_name, tmp_access)) {
    64. 

  64. 				/* The current user is permitted to use this command */
    65. 

  65. 				allowed = BOOL_TRUE;
    66. 

  66. 				free(ptr);
    67. 

  67. 				break;
    68. 

  68. 			}
    69. 

  69. 			free(ptr);
    70. 

  70. 		}
    71. 

  71. 		if (BOOL_TRUE == allowed)
    72. 

  72. 			break;
    73. 

  73. 	}
    74. 

  74. 

  75. 	lub_string_free(full_access);
    76. 

  76. 	free(group_list);
    77. 

  77. #endif
    78. 

  78. 

  79. 	clish_context = clish_context; /* Happy compiler */
    80. 

  80. 

  81. 	return allowed;
    82. 

  82. }
    83. 

  83. 

  84. /*--------------------------------------------------------- */
    85.