int in_group(const char *name) { int r; gid_t gid; r = get_group_creds(&name, &gid); if (r < 0) return r; return in_gid(gid); }
int search_acl_groups(char*** dst, const char* path, bool* belong) { acl_t acl; assert(path); assert(belong); acl = acl_get_file(path, ACL_TYPE_DEFAULT); if (acl) { acl_entry_t entry; int r; r = acl_get_entry(acl, ACL_FIRST_ENTRY, &entry); while (r > 0) { acl_tag_t tag; gid_t *gid; char *name; r = acl_get_tag_type(entry, &tag); if (r < 0) break; if (tag != ACL_GROUP) goto next; gid = acl_get_qualifier(entry); if (!gid) break; if (in_gid(*gid) > 0) { *belong = true; break; } name = gid_to_name(*gid); if (!name) { acl_free(acl); return log_oom(); } r = strv_consume(dst, name); if (r < 0) { acl_free(acl); return log_oom(); } next: r = acl_get_entry(acl, ACL_NEXT_ENTRY, &entry); } acl_free(acl); } return 0; }
static int condition_test_group(Condition *c) { gid_t id; int r; assert(c); assert(c->parameter); assert(c->type == CONDITION_GROUP); r = parse_gid(c->parameter, &id); if (r >= 0) return in_gid(id); /* Avoid any NSS lookups if we are PID1 */ if (getpid_cached() == 1) return streq(c->parameter, "root"); return in_group(c->parameter) > 0; }
int acl_search_groups(const char *path, char ***ret_groups) { _cleanup_strv_free_ char **g = NULL; _cleanup_(acl_freep) acl_t acl = NULL; bool ret = false; acl_entry_t entry; int r; assert(path); acl = acl_get_file(path, ACL_TYPE_DEFAULT); if (!acl) return -errno; r = acl_get_entry(acl, ACL_FIRST_ENTRY, &entry); for (;;) { _cleanup_(acl_free_gid_tpp) gid_t *gid = NULL; acl_tag_t tag; if (r < 0) return -errno; if (r == 0) break; if (acl_get_tag_type(entry, &tag) < 0) return -errno; if (tag != ACL_GROUP) goto next; gid = acl_get_qualifier(entry); if (!gid) return -errno; if (in_gid(*gid) > 0) { if (!ret_groups) return true; ret = true; } if (ret_groups) { char *name; name = gid_to_name(*gid); if (!name) return -ENOMEM; r = strv_consume(&g, name); if (r < 0) return r; } next: r = acl_get_entry(acl, ACL_NEXT_ENTRY, &entry); } if (ret_groups) *ret_groups = TAKE_PTR(g); return ret; }