hook_access.c 2.0 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788
  1. /*
  2. * clish_access_callback.c
  3. *
  4. *
  5. * callback hook to check whether the current user is a
  6. * member of the specified group (access string)
  7. */
  8. #include <stdlib.h>
  9. #include <unistd.h>
  10. #include <sys/types.h>
  11. #include <assert.h>
  12. #include <string.h>
  13. #ifdef HAVE_CONFIG_H
  14. #include "config.h"
  15. #endif /* HAVE_CONFIG_H */
  16. #ifdef HAVE_GRP_H
  17. #include <grp.h>
  18. #endif
  19. #include "lub/string.h"
  20. #include "lub/db.h"
  21. #include "clish/shell.h"
  22. /*--------------------------------------------------------- */
  23. /* Return values:
  24. * 0 - access granted
  25. * !=0 - access denied
  26. */
  27. CLISH_HOOK_ACCESS(clish_hook_access)
  28. {
  29. bool_t allowed = -1; /* assume the user is not allowed */
  30. #ifdef HAVE_GRP_H
  31. int num_groups;
  32. long ngroups_max;
  33. gid_t *group_list;
  34. int i;
  35. char *tmp_access, *full_access;
  36. char *saveptr = NULL;
  37. assert(access);
  38. full_access = lub_string_dup(access);
  39. ngroups_max = sysconf(_SC_NGROUPS_MAX) + 1;
  40. group_list = (gid_t *)malloc(ngroups_max * sizeof(gid_t));
  41. /* Get the groups for the current user */
  42. num_groups = getgroups(ngroups_max, group_list);
  43. assert(num_groups != -1);
  44. /* Now check these against the access provided */
  45. /* The external loop goes trough the list of valid groups */
  46. /* The allowed groups are indicated by a colon-separated (:) list. */
  47. for (tmp_access = strtok_r(full_access, ":", &saveptr);
  48. tmp_access; tmp_access = strtok_r(NULL, ":", &saveptr)) {
  49. /* Check for the "*" wildcard */
  50. if (0 == strcmp("*", tmp_access)) {
  51. allowed = 0;
  52. break;
  53. }
  54. /* The internal loop goes trough the system group list */
  55. for (i = 0; i < num_groups; i++) {
  56. struct group *ptr = lub_db_getgrgid(group_list[i]);
  57. if (!ptr)
  58. continue;
  59. if (0 == strcmp(ptr->gr_name, tmp_access)) {
  60. /* The current user is permitted to use this command */
  61. allowed = 0;
  62. free(ptr);
  63. break;
  64. }
  65. free(ptr);
  66. }
  67. if (!allowed)
  68. break;
  69. }
  70. lub_string_free(full_access);
  71. free(group_list);
  72. #endif
  73. clish_shell = clish_shell; /* Happy compiler */
  74. return allowed;
  75. }
  76. /*--------------------------------------------------------- */