From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Mon, 18 Dec 1995 02:51:30 +0000 (+0000)
Subject: added group support
X-Git-Tag: SUDO_1_4_0~48
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7617fde66659f2ccf0eb9606c281b582273128ce;p=sudo

added group support
---

diff --git a/parse.c b/parse.c
index 668befd2a..f41242f3d 100644
--- a/parse.c
+++ b/parse.c
@@ -47,6 +47,7 @@ static char rcsid[] = "$Id$";
 #include <malloc.h>
 #endif /* HAVE_MALLOC_H && !STDC_HEADERS */
 #include <ctype.h>
+#include <grp.h>
 #include <sys/param.h>
 #include <sys/types.h>
 #include <netinet/in.h>
@@ -273,6 +274,36 @@ int addr_matches(n)
 
 
 
+int usergr_matches(group, user)
+    char *group;
+    char *user;
+{
+    struct group *grpent;
+    char **cur;
+
+    /* make sure we have a valid usergroup, sudo style */
+    if (*group++ != '%')
+	return(FALSE);
+
+    if ((grpent = getgrnam(group)) == NULL) 
+	return(FALSE);
+
+    /*
+     * Check against user's real gid as well as group's user list
+     */
+    if (getgid() == grpent->gr_gid)
+	return(TRUE);
+
+    for (cur=grpent->gr_mem; *cur; cur++) {
+	if (strcmp(*cur, user) == 0)
+	    return(TRUE);
+    }
+
+    return(FALSE);
+}
+
+
+
 int netgr_matches(netgr, host, user)
     char *netgr;
     char *host;
@@ -285,7 +316,7 @@ int netgr_matches(netgr, host, user)
 #endif /* HAVE_GETDOMAINNAME */
 
     /* make sure we have a valid netgroup, sudo style */
-    if (*netgr != '+')
+    if (*netgr++ != '+')
 	return(FALSE);
 
 #ifdef HAVE_GETDOMAINNAME
@@ -305,7 +336,7 @@ int netgr_matches(netgr, host, user)
 #endif /* HAVE_GETDOMAINNAME */
 
 #ifdef HAVE_INNETGR
-    return(innetgr(netgr+1, host, user, domain));
+    return(innetgr(netgr, host, user, domain));
 #else
     return(FALSE);
 #endif /* HAVE_INNETGR */
diff --git a/parse.lex b/parse.lex
index f08f749c4..83affac2c 100644
--- a/parse.lex
+++ b/parse.lex
@@ -152,6 +152,11 @@ N			[0-9][0-9]?[0-9]?
 			    return(NETGROUP);
 			 }
 
+\%[a-zA-Z][a-zA-Z0-9_-]* {
+			    fill(yytext, yyleng);
+			    return(USERGROUP);
+			 }
+
 {N}\.{N}\.{N}\.{N}	{
 			    fill(yytext, yyleng);
 			    return(NTWKADDR);
diff --git a/parse.yacc b/parse.yacc
index bf1c16125..ccc9ea93c 100644
--- a/parse.yacc
+++ b/parse.yacc
@@ -99,6 +99,7 @@ int top = 0;
 extern int path_matches		__P((char *, char *));
 extern int addr_matches		__P((char *));
 extern int netgr_matches	__P((char *, char *, char *));
+extern int usergr_matches	__P((char *, char *));
 static int find_alias		__P((char *, int));
 static int add_alias		__P((char *, int));
 static int more_aliases		__P((size_t));
@@ -130,6 +131,7 @@ void yyerror(s)
 %token <string>	ALIAS			/* an UPPERCASE alias name */
 %token <string> NTWKADDR		/* w.x.y.z */
 %token <string> NETGROUP		/* a netgroup (+NAME) */
+%token <string> USERGROUP		/* a usergroup (*NAME) */
 %token <string> COMMAND			/* an absolute pathname + args */
 %token <string> NAME			/* a mixed-case name */
 %token <tok>	COMMENT			/* comment and/or carriage return */
@@ -334,6 +336,12 @@ user		:	NAME {
 			    (void) free($1);
 			    $1 = NULL; /* XXX */
 			}
+		|	USERGROUP {
+			    if (usergr_matches($1, user_name))
+				user_matches = TRUE;
+			    (void) free($1);
+			    $1 = NULL; /* XXX */
+			}
 		|	NETGROUP {
 			    if (netgr_matches($1, NULL, user_name))
 				user_matches = TRUE;
diff --git a/visudo.c b/visudo.c
index 371b1e104..bf43afa88 100644
--- a/visudo.c
+++ b/visudo.c
@@ -85,6 +85,7 @@ static void setup_signals	__P((void));
 int path_matches		__P((char *, char *));
 int addr_matches		__P((char *));
 int netgr_matches		__P((char *, char *, char *));
+int usergr_matches		__P((char *, char *));
 
 
 /*
@@ -375,6 +376,12 @@ int addr_matches(n)
     return(TRUE);
 }
 
+int usergr_matches(g, u)
+    char *g, *u;
+{
+    return(TRUE);
+}
+
 
 int netgr_matches(n, h, u)
     char *n, *h, *u;