static int allow_setgid(const struct passwd *pe, const struct group *ge)
{
char **look;
int notfound = 1;
char *pwd, *xpwd;
if (getuid() == 0)
/* root may do anything */
return TRUE;
if (ge->gr_gid == pe->pw_gid)
/* You can switch back to your default group */
return TRUE;
look = ge->gr_mem;
while (*look && (notfound = strcmp(*look++, pe->pw_name))) ;
if (!notfound)
/* member of group => OK */
return TRUE;
/* Ask for password. Often there is no password in /etc/group, so
* contrary to login et al. we let an empty password mean the same
* as in /etc/passwd */
/* check /etc/gshadow */
if (!(pwd = get_gshadow_pwd(ge->gr_name)))
pwd = ge->gr_passwd;
if (pwd && *pwd && (xpwd = xgetpass(stdin, _("Password: "******"crypt failed"));
else if (strcmp(pwd, cbuf) == 0)
return TRUE;
}
/* default to denial */
return FALSE;
}
static int allow_setgid(struct passwd *pe, struct group *ge)
{
char **look;
int notfound = 1;
char *pwd, *xpwd;
if (getuid() == 0)
/* root may do anything */
return TRUE;
if (ge->gr_gid == pe->pw_gid)
/* You can switch back to your default group */
return TRUE;
look = ge->gr_mem;
while (*look && (notfound = strcmp(*look++, pe->pw_name))) ;
if (!notfound)
/* member of group => OK */
return TRUE;
/* Ask for password. Often there is no password in /etc/group, so
* contrary to login et al. we let an empty password mean the same
* as in /etc/passwd */
/* check /etc/gshadow */
if (!(pwd = get_gshadow_pwd(ge->gr_name)))
pwd = ge->gr_passwd;
if (pwd && *pwd && (xpwd = getpass(_("Password: "))))
if (strcmp(pwd, crypt(xpwd, pwd)) == 0)
/* password accepted */
return TRUE;
/* default to denial */
return FALSE;
}
