- djm@cvs.openbsd.org 2008/07/04 03:44:59

[servconf.c groupaccess.h groupaccess.c] support negation of groups in "Match group" block (bz#1315); ok dtucker@
author: dtucker <dtucker> 2008-07-04 03:51:12 +0000
committer: dtucker <dtucker> 2008-07-04 03:51:12 +0000
commit: b620f95aaca88166eb67a80ef26b0fa9de03f954 (patch)
tree: 74911319f29454aa0a49e629025829a7f0aac255 /groupaccess.c
parent: 45fc665e55c72e2030fe4e7eeb23e780117d987b (diff)
download: openssh-b620f95aaca88166eb67a80ef26b0fa9de03f954.tar.gz
1 files changed, 26 insertions, 1 deletions
diff --git a/groupaccess.c b/groupaccess.c
index e73f62b2..2381aeb1 100644
--- a/groupaccess.c
+++ b/groupaccess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: groupaccess.c,v 1.12 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: groupaccess.c,v 1.13 2008/07/04 03:44:59 djm Exp $ */
 /*
  * Copyright (c) 2001 Kevin Steves.  All rights reserved.
  *
@@ -31,6 +31,7 @@
 #include <grp.h>
 #include <unistd.h>
 #include <stdarg.h>
+#include <string.h>
 
 #include "xmalloc.h"
 #include "groupaccess.h"
@@ -88,6 +89,30 @@ ga_match(char * const *groups, int n)
 }
 
 /*
+ * Return 1 if one of user's groups matches group_pattern list.
+ * Return 0 on negated or no match.
+ */
+int
+ga_match_pattern_list(const char *group_pattern)
+{
+	int i, found = 0;
+	size_t len = strlen(group_pattern);
+
+	for (i = 0; i < ngroups; i++) {
+		switch (match_pattern_list(groups_byname[i],
+		    group_pattern, len, 0)) {
+		case -1:
+			return 0;	/* Negated match wins */
+		case 0:
+			continue;
+		case 1:
+			found = 1;
+		}
+	}
+	return found;
+}
+
+/*
  * Free memory allocated for group access list.
  */
 void
author	dtucker <dtucker>	2008-07-04 03:51:12 +0000
committer	dtucker <dtucker>	2008-07-04 03:51:12 +0000
commit	b620f95aaca88166eb67a80ef26b0fa9de03f954 (patch)
tree	74911319f29454aa0a49e629025829a7f0aac255 /groupaccess.c
parent	45fc665e55c72e2030fe4e7eeb23e780117d987b (diff)
download	openssh-b620f95aaca88166eb67a80ef26b0fa9de03f954.tar.gz