From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Thu, 22 May 2003 01:53:01 +0000 (+0000)
Subject: Don't assume that getgrnam() calls don't modify contents of
X-Git-Tag: SUDO_1_6_8~309
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=40b63be2fc1ff9af3793a802c8ec36ea0a353b53;p=sudo

Don't assume that getgrnam() calls don't modify contents of
struct passwd returned by getpwnam().  On FreeBSD w/ NIS this
can happen.  Based on a patch from Kirk Webb.
---

diff --git a/parse.c b/parse.c
index 7750e2717..20ae461dd 100644
--- a/parse.c
+++ b/parse.c
@@ -443,25 +443,27 @@ usergr_matches(group, user)
 {
     struct group *grp;
     struct passwd *pw;
+    gid_t pw_gid;
     char **cur;
 
     /* make sure we have a valid usergroup, sudo style */
     if (*group++ != '%')
 	return(FALSE);
 
-    if ((grp = getgrnam(group)) == NULL) 
+    /* look up user's primary gid in the passwd file (XXX - reduce lookups) */
+    if ((pw = getpwnam(user)) == NULL)
 	return(FALSE);
+    pw_gid = pw->pw_gid;
 
-    /*
-     * Check against user's real gid as well as group's user list
-     */
-    if ((pw = getpwnam(user)) == NULL)
+    if ((grp = getgrnam(group)) == NULL) 
 	return(FALSE);
 
-    if (grp->gr_gid == pw->pw_gid)
+    /* check against user's primary (passwd file) gid */
+    if (grp->gr_gid == pw_gid)
 	return(TRUE);
 
-    for (cur=grp->gr_mem; *cur; cur++) {
+    /* check to see if user is explicitly listed in the group */
+    for (cur = grp->gr_mem; *cur; cur++) {
 	if (strcmp(*cur, user) == 0)
 	    return(TRUE);
     }