Attachment #1538 for bug #1315




#include <grp.h>
#include <unistd.h>
#include <stdarg.h>
#include <string.h>

#include "xmalloc.h"
#include "groupaccess.h"

			if (match_pattern(groups_byname[i], groups[j]))
				return 1;
	return 0;
}

/*
 * Return 1 if one of user's groups matches group_pattern list.
 * Return 0 on negated or no match.
 */
int
ga_match_pattern_list(const char *group_pattern)
{
	int i, found = 0;
	size_t len = strlen(group_pattern);

	for (i = 0; i < ngroups; i++) {
		switch (match_pattern_list(groups_byname[i],
		    group_pattern, len, 0)) {
		case -1:
			return 0;	/* Negated match wins */
		case 0:
			continue;
		case 1:
			found = 1;
		}
	}
	return found;
}

/*

Lines 29-34 Link Here

(-)groupaccess.h (+1 lines)
29		29
30	int ga_init(const char *, gid_t);	30	int ga_init(const char *, gid_t);
31	int ga_match(char * const *, int);	31	int ga_match(char * const *, int);
		32	int ga_match_pattern_list(const char *);
32	void ga_free(void);	33	void ga_free(void);
33		34
34	#endif	35	#endif




match_cfg_line_group(const char *grps, int line, const char *user)
{
	int result = 0;
	u_int ngrps = 0;
	char *arg, *p, *cp, *grplist[MAX_MATCH_GROUPS];
	struct passwd *pw;

	/*
	 * Even if we do not have a user yet, we still need to check for
	 * valid syntax.
	 */
	arg = cp = xstrdup(grps);
	while ((p = strsep(&cp, ",")) != NULL && *p != '\0') {
		if (ngrps >= MAX_MATCH_GROUPS) {
			error("line %d: too many groups in Match Group", line);
			result = -1;
			goto out;
		}
		grplist[ngrps++] = p;
	}

	if (user == NULL)
		goto out;


	} else if (ga_init(pw->pw_name, pw->pw_gid) == 0) {
		debug("Can't Match group because user %.100s not in any group "
		    "at line %d", user, line);
	} else if (ga_match_pattern_list(grps) != 1) {
		debug("user %.100s does not match group list %.100s at line %d",
		    user, grps, line);
	} else {
		debug("user %.100s matched group list %.100s at line %d", user,
		    grps, line);
		result = 1;
	}
out:
	ga_free();
	xfree(arg);
	return result;
}


Return to bug 1315

Lines 488-511 static int Link Here

(-)servconf.c (-22 / +5 lines)
488	match_cfg_line_group(const char grps, int line, const char user)	488	match_cfg_line_group(const char grps, int line, const char user)
489	{	489	{
490	int result = 0;	490	int result = 0;
491	u_int ngrps = 0;
492	char arg, p, cp, grplist[MAX_MATCH_GROUPS];
493	struct passwd *pw;	491	struct passwd *pw;
494		492
495	/*
496	* Even if we do not have a user yet, we still need to check for
497	* valid syntax.
498	*/
499	arg = cp = xstrdup(grps);
500	while ((p = strsep(&cp, ",")) != NULL && *p != '\0') {
501	if (ngrps >= MAX_MATCH_GROUPS) {
502	error("line %d: too many groups in Match Group", line);
503	result = -1;
504	goto out;
505	}
506	grplist[ngrps++] = p;
507	}
508
509	if (user == NULL)	493	if (user == NULL)
510	goto out;	494	goto out;
511		495
Lines 515-531 match_cfg_line_group(const char *grps, i Link Here
515	} else if (ga_init(pw->pw_name, pw->pw_gid) == 0) {	499	} else if (ga_init(pw->pw_name, pw->pw_gid) == 0) {
516	debug("Can't Match group because user %.100s not in any group "	500	debug("Can't Match group because user %.100s not in any group "
517	"at line %d", user, line);	501	"at line %d", user, line);
518	} else if (ga_match(grplist, ngrps) != 1) {	502	} else if (ga_match_pattern_list(grps) != 1) {
519	debug("user %.100s does not match group %.100s at line %d",	503	debug("user %.100s does not match group list %.100s at line %d",
520	user, arg, line);	504	user, grps, line);
521	} else {	505	} else {
522	debug("user %.100s matched group %.100s at line %d", user,	506	debug("user %.100s matched group list %.100s at line %d", user,
523	arg, line);	507	grps, line);
524	result = 1;	508	result = 1;
525	}	509	}
526	out:	510	out:
527	ga_free();	511	ga_free();
528	xfree(arg);
529	return result;	512	return result;
530	}	513	}
531		514

Lines 29-34 Link Here

(-)groupaccess.c (+25 lines)
29	#include <grp.h>	29	#include <grp.h>
30	#include <unistd.h>	30	#include <unistd.h>
31	#include <stdarg.h>	31	#include <stdarg.h>
		32	#include <string.h>
32		33
33	#include "xmalloc.h"	34	#include "xmalloc.h"
34	#include "groupaccess.h"	35	#include "groupaccess.h"
Lines 75-80 ga_match(char * const *groups, int n) Link Here
75	if (match_pattern(groups_byname[i], groups[j]))	76	if (match_pattern(groups_byname[i], groups[j]))
76	return 1;	77	return 1;
77	return 0;	78	return 0;
		79	}
		80
		81	/*
		82	* Return 1 if one of user's groups matches group_pattern list.
		83	* Return 0 on negated or no match.
		84	*/
		85	int
		86	ga_match_pattern_list(const char *group_pattern)
		87	{
		88	int i, found = 0;
		89	size_t len = strlen(group_pattern);
		90
		91	for (i = 0; i < ngroups; i++) {
		92	switch (match_pattern_list(groups_byname[i],
		93	group_pattern, len, 0)) {
		94	case -1:
		95	return 0; /* Negated match wins */
		96	case 0:
		97	continue;
		98	case 1:
		99	found = 1;
		100	}
		101	}
		102	return found;
78	}	103	}
79		104
80	/*	105	/*