static int allow_setgid(const struct passwd *pe, const struct group *ge) { char **look; int notfound = 1; char *pwd, *xpwd; if (getuid() == 0) /* root may do anything */ return TRUE; if (ge->gr_gid == pe->pw_gid) /* You can switch back to your default group */ return TRUE; look = ge->gr_mem; while (*look && (notfound = strcmp(*look++, pe->pw_name))) ; if (!notfound) /* member of group => OK */ return TRUE; /* Ask for password. Often there is no password in /etc/group, so * contrary to login et al. we let an empty password mean the same * as in /etc/passwd */ /* check /etc/gshadow */ if (!(pwd = get_gshadow_pwd(ge->gr_name))) pwd = ge->gr_passwd; if (pwd && *pwd && (xpwd = xgetpass(stdin, _("Password: "******"crypt failed")); else if (strcmp(pwd, cbuf) == 0) return TRUE; } /* default to denial */ return FALSE; }
static int allow_setgid(struct passwd *pe, struct group *ge) { char **look; int notfound = 1; char *pwd, *xpwd; if (getuid() == 0) /* root may do anything */ return TRUE; if (ge->gr_gid == pe->pw_gid) /* You can switch back to your default group */ return TRUE; look = ge->gr_mem; while (*look && (notfound = strcmp(*look++, pe->pw_name))) ; if (!notfound) /* member of group => OK */ return TRUE; /* Ask for password. Often there is no password in /etc/group, so * contrary to login et al. we let an empty password mean the same * as in /etc/passwd */ /* check /etc/gshadow */ if (!(pwd = get_gshadow_pwd(ge->gr_name))) pwd = ge->gr_passwd; if (pwd && *pwd && (xpwd = getpass(_("Password: ")))) if (strcmp(pwd, crypt(xpwd, pwd)) == 0) /* password accepted */ return TRUE; /* default to denial */ return FALSE; }