Return to group_file.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / plugins / group_file |
1.1 ! misho 1: /* ! 2: * Copyright (c) 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com> ! 3: * ! 4: * Permission to use, copy, modify, and distribute this software for any ! 5: * purpose with or without fee is hereby granted, provided that the above ! 6: * copyright notice and this permission notice appear in all copies. ! 7: * ! 8: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES ! 9: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF ! 10: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ! 11: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES ! 12: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ! 13: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF ! 14: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ! 15: */ ! 16: ! 17: #include <config.h> ! 18: ! 19: #include <sys/types.h> ! 20: #include <sys/stat.h> ! 21: ! 22: #include <stdio.h> ! 23: #ifdef STDC_HEADERS ! 24: # include <stdlib.h> ! 25: # include <stddef.h> ! 26: #else ! 27: # ifdef HAVE_STDLIB_H ! 28: # include <stdlib.h> ! 29: # endif ! 30: #endif /* STDC_HEADERS */ ! 31: #ifdef HAVE_STDBOOL_H ! 32: # include <stdbool.h> ! 33: #else ! 34: # include "compat/stdbool.h" ! 35: #endif /* HAVE_STDBOOL_H */ ! 36: #ifdef HAVE_STRING_H ! 37: # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) ! 38: # include <memory.h> ! 39: # endif ! 40: # include <string.h> ! 41: #endif /* HAVE_STRING_H */ ! 42: #ifdef HAVE_STRINGS_H ! 43: # include <strings.h> ! 44: #endif /* HAVE_STRINGS_H */ ! 45: #ifdef HAVE_UNISTD_H ! 46: # include <unistd.h> ! 47: #endif /* HAVE_UNISTD_H */ ! 48: #include <ctype.h> ! 49: #include <errno.h> ! 50: #include <fcntl.h> ! 51: #include <limits.h> ! 52: #include <grp.h> ! 53: #include <pwd.h> ! 54: ! 55: #include "sudo_plugin.h" ! 56: #include "missing.h" ! 57: ! 58: /* ! 59: * Sample sudoers group plugin that uses an extra group file with the ! 60: * same format as /etc/group. ! 61: */ ! 62: ! 63: static sudo_printf_t sudo_log; ! 64: ! 65: extern void mysetgrfile(const char *); ! 66: extern void mysetgrent(void); ! 67: extern void myendgrent(void); ! 68: extern struct group *mygetgrnam(const char *); ! 69: ! 70: static int ! 71: sample_init(int version, sudo_printf_t sudo_printf, char *const argv[]) ! 72: { ! 73: struct stat sb; ! 74: ! 75: sudo_log = sudo_printf; ! 76: ! 77: if (GROUP_API_VERSION_GET_MAJOR(version) != GROUP_API_VERSION_MAJOR) { ! 78: sudo_log(SUDO_CONV_ERROR_MSG, ! 79: "group_file: incompatible major version %d, expected %d\n", ! 80: GROUP_API_VERSION_GET_MAJOR(version), ! 81: GROUP_API_VERSION_MAJOR); ! 82: return -1; ! 83: } ! 84: ! 85: /* Sanity check the specified group file. */ ! 86: if (argv == NULL || argv[0] == NULL) { ! 87: sudo_log(SUDO_CONV_ERROR_MSG, ! 88: "group_file: path to group file not specified\n"); ! 89: return -1; ! 90: } ! 91: if (stat(argv[0], &sb) != 0) { ! 92: sudo_log(SUDO_CONV_ERROR_MSG, ! 93: "group_file: %s: %s\n", argv[0], strerror(errno)); ! 94: return -1; ! 95: } ! 96: if ((sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { ! 97: sudo_log(SUDO_CONV_ERROR_MSG, ! 98: "%s must be only be writable by owner\n", argv[0]); ! 99: return -1; ! 100: } ! 101: ! 102: mysetgrfile(argv[0]); ! 103: mysetgrent(); ! 104: ! 105: return true; ! 106: } ! 107: ! 108: static void ! 109: sample_cleanup(void) ! 110: { ! 111: myendgrent(); ! 112: } ! 113: ! 114: /* ! 115: * Returns true if "user" is a member of "group", else false. ! 116: */ ! 117: static int ! 118: sample_query(const char *user, const char *group, const struct passwd *pwd) ! 119: { ! 120: struct group *grp; ! 121: char **member; ! 122: ! 123: grp = mygetgrnam(group); ! 124: if (grp != NULL) { ! 125: for (member = grp->gr_mem; *member != NULL; member++) { ! 126: if (strcasecmp(user, *member) == 0) ! 127: return true; ! 128: } ! 129: } ! 130: ! 131: return false; ! 132: } ! 133: ! 134: __dso_public struct sudoers_group_plugin group_plugin = { ! 135: GROUP_API_VERSION, ! 136: sample_init, ! 137: sample_cleanup, ! 138: sample_query ! 139: };