2
* Copyright (c) 2010, 2012 Todd C. Miller <Todd.Miller@courtesan.com>
4
* Permission to use, copy, modify, and distribute this software for any
5
* purpose with or without fee is hereby granted, provided that the above
6
* copyright notice and this permission notice appear in all copies.
8
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
#include <sys/types.h>
20
#include <sys/param.h>
31
#endif /* STDC_HEADERS */
35
# include "compat/stdbool.h"
36
#endif /* HAVE_STDBOOL_H */
38
# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
42
#endif /* HAVE_STRING_H */
45
#endif /* HAVE_STRINGS_H */
48
#endif /* HAVE_UNISTD_H */
52
# include "compat/dlfcn.h"
61
#include "sudo_plugin.h"
65
# define RTLD_DEFAULT NULL
69
* Sudoers group plugin that does group name-based lookups using the system
70
* group database functions, similar to how sudo behaved prior to 1.7.3.
71
* This can be used on systems where lookups by group ID are problematic.
74
static sudo_printf_t sudo_log;
76
typedef struct group * (*sysgroup_getgrnam_t)(const char *);
77
typedef struct group * (*sysgroup_getgrgid_t)(gid_t);
78
typedef void (*sysgroup_gr_delref_t)(struct group *);
80
static sysgroup_getgrnam_t sysgroup_getgrnam;
81
static sysgroup_getgrgid_t sysgroup_getgrgid;
82
static sysgroup_gr_delref_t sysgroup_gr_delref;
83
static bool need_setent;
86
sysgroup_init(int version, sudo_printf_t sudo_printf, char *const argv[])
90
sudo_log = sudo_printf;
92
if (GROUP_API_VERSION_GET_MAJOR(version) != GROUP_API_VERSION_MAJOR) {
93
sudo_log(SUDO_CONV_ERROR_MSG,
94
"sysgroup_group: incompatible major version %d, expected %d\n",
95
GROUP_API_VERSION_GET_MAJOR(version),
96
GROUP_API_VERSION_MAJOR);
100
/* Share group cache with sudo if possible. */
101
handle = dlsym(RTLD_DEFAULT, "sudo_getgrnam");
102
if (handle != NULL) {
103
sysgroup_getgrnam = (sysgroup_getgrnam_t)handle;
105
sysgroup_getgrnam = (sysgroup_getgrnam_t)getgrnam;
109
handle = dlsym(RTLD_DEFAULT, "sudo_getgrgid");
110
if (handle != NULL) {
111
sysgroup_getgrgid = (sysgroup_getgrgid_t)handle;
113
sysgroup_getgrgid = (sysgroup_getgrgid_t)getgrgid;
117
handle = dlsym(RTLD_DEFAULT, "gr_delref");
119
sysgroup_gr_delref = (sysgroup_gr_delref_t)handle;
128
sysgroup_cleanup(void)
135
* Returns true if "user" is a member of "group", else false.
138
sysgroup_query(const char *user, const char *group, const struct passwd *pwd)
140
char **member, *ep = '\0';
143
grp = sysgroup_getgrnam(group);
144
if (grp == NULL && group[0] == '#' && group[1] != '\0') {
145
long lval = strtol(group + 1, &ep, 10);
147
if ((lval != LONG_MAX && lval != LONG_MIN) || errno != ERANGE)
148
grp = sysgroup_getgrgid((gid_t)lval);
152
for (member = grp->gr_mem; *member != NULL; member++) {
153
if (strcasecmp(user, *member) == 0) {
154
if (sysgroup_gr_delref)
155
sysgroup_gr_delref(grp);
159
if (sysgroup_gr_delref)
160
sysgroup_gr_delref(grp);
166
struct sudoers_group_plugin group_plugin = {