Home Explore Help
Sign In
pkun
/
klish
1
0
Fork 1
Files Issues 0 Pull Requests 0
Tree: 254f216120
Branches Tags
klish
/
plugins
/
klish
/
hook_access.c

hook_access.c 2.0 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788 
  1. /*
    2. 

  2.  * clish_access_callback.c
    3. 

  3.  *
    4. 

  4.  *
    5. 

  5.  * callback hook to check whether the current user is a 
    6. 

  6.  * member of the specified group (access string)
    7. 

  7.  */
    8. 

  8. 

  9. #include <stdlib.h>
    10. 

  10. #include <unistd.h>
    11. 

  11. #include <sys/types.h>
    12. 

  12. #include <assert.h>
    13. 

  13. #include <string.h>
    14. 

  14. 

  15. #ifdef HAVE_CONFIG_H
    16. 

  16. #include "config.h"
    17. 

  17. #endif /* HAVE_CONFIG_H */
    18. 

  18. 

  19. #ifdef HAVE_GRP_H
    20. 

  20. #include <grp.h>
    21. 

  21. #endif
    22. 

  22. 

  23. #include "lub/string.h"
    24. 

  24. #include "lub/db.h"
    25. 

  25. #include "clish/shell.h"
    26. 

  26. 

  27. /*--------------------------------------------------------- */
    28. 

  28. /* Return values:
    29. 

  29.  *    0 - access granted
    30. 

  30.  *    !=0 - access denied
    31. 

  31.  */
    32. 

  32. CLISH_HOOK_ACCESS(clish_hook_access)
    33. 

  33. {
    34. 

  34. 	int allowed = -1; /* assume the user is not allowed */
    35. 

  35. #ifdef HAVE_GRP_H
    36. 

  36. 	int num_groups;
    37. 

  37. 	long ngroups_max;
    38. 

  38. 	gid_t *group_list;
    39. 

  39. 	int i;
    40. 

  40. 	char *tmp_access, *full_access;
    41. 

  41. 	char *saveptr = NULL;
    42. 

  42. 

  43. 	assert(access);
    44. 

  44. 	full_access = lub_string_dup(access);
    45. 

  45. 	ngroups_max = sysconf(_SC_NGROUPS_MAX) + 1;
    46. 

  46. 	group_list = (gid_t *)malloc(ngroups_max * sizeof(gid_t));
    47. 

  47. 

  48. 	/* Get the groups for the current user */
    49. 

  49. 	num_groups = getgroups(ngroups_max, group_list);
    50. 

  50. 	assert(num_groups != -1);
    51. 

  51. 

  52. 	/* Now check these against the access provided */
    53. 

  53. 	/* The external loop goes trough the list of valid groups */
    54. 

  54. 	/* The allowed groups are indicated by a colon-separated (:) list. */
    55. 

  55. 	for (tmp_access = strtok_r(full_access, ":", &saveptr);
    56. 

  56. 		tmp_access; tmp_access = strtok_r(NULL, ":", &saveptr)) {
    57. 

  57. 		/* Check for the "*" wildcard */
    58. 

  58. 		if (0 == strcmp("*", tmp_access)) {
    59. 

  59. 			allowed = 0;
    60. 

  60. 			break;
    61. 

  61. 		}
    62. 

  62. 		/* The internal loop goes trough the system group list */
    63. 

  63. 		for (i = 0; i < num_groups; i++) {
    64. 

  64. 			struct group *ptr = lub_db_getgrgid(group_list[i]);
    65. 

  65. 			if (!ptr)
    66. 

  66. 				continue;
    67. 

  67. 			if (0 == strcmp(ptr->gr_name, tmp_access)) {
    68. 

  68. 				/* The current user is permitted to use this command */
    69. 

  69. 				allowed = 0;
    70. 

  70. 				free(ptr);
    71. 

  71. 				break;
    72. 

  72. 			}
    73. 

  73. 			free(ptr);
    74. 

  74. 		}
    75. 

  75. 		if (!allowed)
    76. 

  76. 			break;
    77. 

  77. 	}
    78. 

  78. 

  79. 	lub_string_free(full_access);
    80. 

  80. 	free(group_list);
    81. 

  81. #endif
    82. 

  82. 

  83. 	clish_shell = clish_shell; /* Happy compiler */
    84. 

  84. 

  85. 	return allowed;
    86. 

  86. }
    87. 

  87. 

  88. /*--------------------------------------------------------- */
    89.