static void sudoers_policy_close(int exit_status, int error_code) { if (sigsetjmp(error_jmp, 1)) { /* called via error(), errorx() or log_error() */ return; } /* We do not currently log the exit status. */ if (error_code) warningx(_("unable to execute %s: %s"), safe_cmnd, strerror(error_code)); /* Close the session we opened in sudoers_policy_init_session(). */ if (ISSET(sudo_mode, MODE_RUN|MODE_EDIT)) (void)sudo_auth_end_session(runas_pw); /* Free remaining references to password and group entries. */ pw_delref(sudo_user.pw); pw_delref(runas_pw); if (runas_gr != NULL) gr_delref(runas_gr); if (user_group_list != NULL) grlist_delref(user_group_list); }
int user_in_group(struct passwd *pw, const char *group) { #ifdef HAVE_MBR_CHECK_MEMBERSHIP uuid_t gu, uu; int ismember; #else char **gr_mem; int i; #endif struct group *grp; int retval = FALSE; #ifdef HAVE_SETAUTHDB aix_setauthdb(pw->pw_name); #endif grp = sudo_getgrnam(group); #ifdef HAVE_SETAUTHDB aix_restoreauthdb(); #endif if (grp == NULL) goto done; /* check against user's primary (passwd file) gid */ if (grp->gr_gid == pw->pw_gid) { retval = TRUE; goto done; } #ifdef HAVE_MBR_CHECK_MEMBERSHIP /* If we are matching the invoking user use the stashed uuid. */ if (strcmp(pw->pw_name, user_name) == 0) { if (mbr_gid_to_uuid(grp->gr_gid, gu) == 0 && mbr_check_membership(user_uuid, gu, &ismember) == 0 && ismember) { retval = TRUE; goto done; } } else { if (mbr_uid_to_uuid(pw->pw_uid, uu) == 0 && mbr_gid_to_uuid(grp->gr_gid, gu) == 0 && mbr_check_membership(uu, gu, &ismember) == 0 && ismember) { retval = TRUE; goto done; } } #else /* HAVE_MBR_CHECK_MEMBERSHIP */ # ifdef HAVE_GETGROUPS /* * If we are matching the invoking or list user and that user has a * supplementary group vector, check it. */ if (user_ngroups > 0 && strcmp(pw->pw_name, list_pw ? list_pw->pw_name : user_name) == 0) { for (i = 0; i < user_ngroups; i++) { if (grp->gr_gid == user_groups[i]) { retval = TRUE; goto done; } } } else # endif /* HAVE_GETGROUPS */ { if (grp != NULL && grp->gr_mem != NULL) { for (gr_mem = grp->gr_mem; *gr_mem; gr_mem++) { if (strcmp(*gr_mem, pw->pw_name) == 0) { retval = TRUE; goto done; } } } } #endif /* HAVE_MBR_CHECK_MEMBERSHIP */ done: if (grp != NULL) gr_delref(grp); return retval; }