changeset 644:c7a35fa302ec

Check sudo group membership if user to determine if he can elevate privileges
author Andre Heinecke <andre.heinecke@intevation.de>
date Tue, 24 Jun 2014 18:10:10 +0200
parents be30d50bc4f0
children a9a57dc1eb2f
files common/util.c
diffstat 1 files changed, 56 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/common/util.c	Tue Jun 24 15:24:09 2014 +0200
+++ b/common/util.c	Tue Jun 24 18:10:10 2014 +0200
@@ -7,10 +7,14 @@
  */
 #include "util.h"
 #include "logging.h"
+#include "strhelp.h"
 
 #ifndef _WIN32
 #include <unistd.h>
 #include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <string.h>
 #else
 #include <windows.h>
 #endif
@@ -42,7 +46,58 @@
 bool is_admin()
 {
 #ifndef _WIN32
-  /* TODO implement */
+  struct passwd *current_user = getpwuid (geteuid());
+  int ngroups = 0,
+      ret = 0,
+      i = 0;
+  gid_t * groups = NULL;
+
+  if (current_user == NULL)
+    {
+      ERRORPRINTF ("Failed to obtain user information.");
+      return false;
+    }
+
+  ret = getgrouplist (current_user->pw_name, current_user->pw_gid, NULL,
+                      &ngroups);
+
+  if (ret != -1 || ngroups <= 0)
+    {
+      ERRORPRINTF ("Unknown error in getgrouplist call");
+      return false;
+    }
+
+  groups = xmalloc (((unsigned int)ngroups) * sizeof (gid_t));
+
+  ret = getgrouplist (current_user->pw_name, current_user->pw_gid, groups,
+                      &ngroups);
+
+  if (ret != ngroups)
+    {
+      ERRORPRINTF ("Group length mismatch.");
+      xfree (groups);
+      return false;
+    }
+
+  for (i = 0; i < ngroups; i++)
+    {
+      struct group *gr = getgrgid (groups[i]);
+      if (gr == NULL)
+        {
+          ERRORPRINTF ("Error in group enumeration");
+          xfree (groups);
+          return false;
+        }
+      if (strcmp("sudo", gr->gr_name) == 0)
+        {
+          DEBUGPRINTF ("User is in sudo group \n");
+          xfree (groups);
+          return true;
+        }
+    }
+
+  DEBUGPRINTF ("User is not in sudo group");
+
   return false;
 #else
   bool retval = false;

http://wald.intevation.org/projects/trustbridge/