Attachment 1538 Details for Bug 1315 – separate ga_match_pattern_list() function

[patch] separate ga_match_pattern_list() function

matchgroup.diff (text/plain), 3.05 KB, created by Damien Miller on 2008-07-03 13:25:15 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: Damien Miller

Created: 2008-07-03 13:25:15 AEST

Size: 3.05 KB

patch

obsolete

>Index: groupaccess.c
>===================================================================
>RCS file: /cvs/src/usr.bin/ssh/groupaccess.c,v
>retrieving revision 1.12
>diff -u -p -r1.12 groupaccess.c
>--- groupaccess.c	3 Aug 2006 03:34:42 -0000	1.12
>+++ groupaccess.c	3 Jul 2008 03:23:16 -0000
>@@ -29,6 +29,7 @@
> #include <grp.h>
> #include <unistd.h>
> #include <stdarg.h>
>+#include <string.h>
> 
> #include "xmalloc.h"
> #include "groupaccess.h"
>@@ -75,6 +76,30 @@ ga_match(char * const *groups, int n)
> 			if (match_pattern(groups_byname[i], groups[j]))
> 				return 1;
> 	return 0;
>+}
>+
>+/*
>+ * Return 1 if one of user's groups matches group_pattern list.
>+ * Return 0 on negated or no match.
>+ */
>+int
>+ga_match_pattern_list(const char *group_pattern)
>+{
>+	int i, found = 0;
>+	size_t len = strlen(group_pattern);
>+
>+	for (i = 0; i < ngroups; i++) {
>+		switch (match_pattern_list(groups_byname[i],
>+		    group_pattern, len, 0)) {
>+		case -1:
>+			return 0;	/* Negated match wins */
>+		case 0:
>+			continue;
>+		case 1:
>+			found = 1;
>+		}
>+	}
>+	return found;
> }
> 
> /*
>Index: groupaccess.h
>===================================================================
>RCS file: /cvs/src/usr.bin/ssh/groupaccess.h,v
>retrieving revision 1.7
>diff -u -p -r1.7 groupaccess.h
>--- groupaccess.h	3 Aug 2006 03:34:42 -0000	1.7
>+++ groupaccess.h	3 Jul 2008 03:23:16 -0000
>@@ -29,6 +29,7 @@
> 
> int	 ga_init(const char *, gid_t);
> int	 ga_match(char * const *, int);
>+int	 ga_match_pattern_list(const char *);
> void	 ga_free(void);
> 
> #endif
>Index: servconf.c
>===================================================================
>RCS file: /cvs/src/usr.bin/ssh/servconf.c,v
>retrieving revision 1.185
>diff -u -p -r1.185 servconf.c
>--- servconf.c	2 Jul 2008 02:24:18 -0000	1.185
>+++ servconf.c	3 Jul 2008 03:23:16 -0000
>@@ -488,24 +488,8 @@ static int
> match_cfg_line_group(const char *grps, int line, const char *user)
> {
> 	int result = 0;
>-	u_int ngrps = 0;
>-	char *arg, *p, *cp, *grplist[MAX_MATCH_GROUPS];
> 	struct passwd *pw;
> 
>-	/*
>-	 * Even if we do not have a user yet, we still need to check for
>-	 * valid syntax.
>-	 */
>-	arg = cp = xstrdup(grps);
>-	while ((p = strsep(&cp, ",")) != NULL && *p != '\0') {
>-		if (ngrps >= MAX_MATCH_GROUPS) {
>-			error("line %d: too many groups in Match Group", line);
>-			result = -1;
>-			goto out;
>-		}
>-		grplist[ngrps++] = p;
>-	}
>-
> 	if (user == NULL)
> 		goto out;
> 
>@@ -515,17 +499,16 @@ match_cfg_line_group(const char *grps, i
> 	} else if (ga_init(pw->pw_name, pw->pw_gid) == 0) {
> 		debug("Can't Match group because user %.100s not in any group "
> 		    "at line %d", user, line);
>-	} else if (ga_match(grplist, ngrps) != 1) {
>-		debug("user %.100s does not match group %.100s at line %d",
>-		    user, arg, line);
>+	} else if (ga_match_pattern_list(grps) != 1) {
>+		debug("user %.100s does not match group list %.100s at line %d",
>+		    user, grps, line);
> 	} else {
>-		debug("user %.100s matched group %.100s at line %d", user,
>-		    arg, line);
>+		debug("user %.100s matched group list %.100s at line %d", user,
>+		    grps, line);
> 		result = 1;
> 	}
> out:
> 	ga_free();
>-	xfree(arg);
> 	return result;
> }
>

Flags:

dtucker: ok+

Actions: View | Diff

Attachments on bug 1315: 1283 | 1538