hook_access.c 1.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081
  1. /*
  2. * clish_access_callback.c
  3. *
  4. *
  5. * callback hook to check whether the current user is a
  6. * member of the specified group (access string)
  7. */
  8. #include <stdlib.h>
  9. #include <unistd.h>
  10. #include <sys/types.h>
  11. #include <assert.h>
  12. #include <string.h>
  13. #ifdef HAVE_CONFIG_H
  14. #include "config.h"
  15. #endif /* HAVE_CONFIG_H */
  16. #ifdef HAVE_GRP_H
  17. #include <grp.h>
  18. #endif
  19. #include "lub/string.h"
  20. #include "lub/db.h"
  21. #include "clish/shell.h"
  22. /*--------------------------------------------------------- */
  23. CLISH_HOOK_ACCESS(clish_hook_access)
  24. {
  25. bool_t allowed = BOOL_FALSE; /* assume the user is not allowed */
  26. #ifdef HAVE_GRP_H
  27. int num_groups;
  28. long ngroups_max;
  29. gid_t *group_list;
  30. int i;
  31. char *tmp_access, *full_access;
  32. char *saveptr;
  33. assert(access);
  34. full_access = lub_string_dup(access);
  35. ngroups_max = sysconf(_SC_NGROUPS_MAX) + 1;
  36. group_list = (gid_t *)malloc(ngroups_max * sizeof(gid_t));
  37. /* Get the groups for the current user */
  38. num_groups = getgroups(ngroups_max, group_list);
  39. assert(num_groups != -1);
  40. /* Now check these against the access provided */
  41. /* The external loop goes trough the list of valid groups */
  42. /* The allowed groups are indicated by a colon-separated (:) list. */
  43. for (tmp_access = strtok_r(full_access, ":", &saveptr);
  44. tmp_access; tmp_access = strtok_r(NULL, ":", &saveptr)) {
  45. /* Check for the "*" wildcard */
  46. if (0 == strcmp("*", tmp_access)) {
  47. allowed = BOOL_TRUE;
  48. break;
  49. }
  50. /* The internal loop goes trough the system group list */
  51. for (i = 0; i < num_groups; i++) {
  52. struct group *ptr = lub_db_getgrgid(group_list[i]);
  53. if (!ptr)
  54. continue;
  55. if (0 == strcmp(ptr->gr_name, tmp_access)) {
  56. /* The current user is permitted to use this command */
  57. allowed = BOOL_TRUE;
  58. free(ptr);
  59. break;
  60. }
  61. free(ptr);
  62. }
  63. if (BOOL_TRUE == allowed)
  64. break;
  65. }
  66. lub_string_free(full_access);
  67. free(group_list);
  68. #endif
  69. return allowed;
  70. }
  71. /*--------------------------------------------------------- */