]> granicus.if.org Git - sudo/commitdiff
projects / sudo / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 61e7453)
Don't assume that getgrnam() calls don't modify contents of
authorTodd C. Miller <Todd.Miller@courtesan.com>
Thu, 22 May 2003 01:53:01 +0000 (01:53 +0000)
committerTodd C. Miller <Todd.Miller@courtesan.com>
Thu, 22 May 2003 01:53:01 +0000 (01:53 +0000)
struct passwd returned by getpwnam().  On FreeBSD w/ NIS this
can happen.  Based on a patch from Kirk Webb.

parse.c patch | blob | history

diff --git a/parse.c b/parse.c
index 7750e271701dd5f4a5ff16f627731b18d114095e..20ae461ddff9dd651d7a43c30029ec40dec3bc66 100644 (file)
--- a/parse.c
+++ b/parse.c
@@ -443,25 +443,27 @@ usergr_matches(group, user)
 {
     struct group *grp;
     struct passwd *pw;
+    gid_t pw_gid;
     char **cur;
 
     /* make sure we have a valid usergroup, sudo style */
     if (*group++ != '%')
        return(FALSE);
 
-    if ((grp = getgrnam(group)) == NULL) 
+    /* look up user's primary gid in the passwd file (XXX - reduce lookups) */
+    if ((pw = getpwnam(user)) == NULL)
        return(FALSE);
+    pw_gid = pw->pw_gid;
 
-    /*
-     * Check against user's real gid as well as group's user list
-     */
-    if ((pw = getpwnam(user)) == NULL)
+    if ((grp = getgrnam(group)) == NULL) 
        return(FALSE);
 
-    if (grp->gr_gid == pw->pw_gid)
+    /* check against user's primary (passwd file) gid */
+    if (grp->gr_gid == pw_gid)
        return(TRUE);
 
-    for (cur=grp->gr_mem; *cur; cur++) {
+    /* check to see if user is explicitly listed in the group */
+    for (cur = grp->gr_mem; *cur; cur++) {
        if (strcmp(*cur, user) == 0)
            return(TRUE);
     }
Unnamed repository; edit this file 'description' to name the repository.