2 * Copyright (c) 1996, 1998-2005, 2007-2011
3 * Todd C. Miller <Todd.Miller@courtesan.com>
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 * Sponsored in part by the Defense Advanced Research Projects
18 * Agency (DARPA) and Air Force Research Laboratory, Air Force
19 * Materiel Command, USAF, under agreement number F39502-99-1-0512.
24 #include <sys/types.h>
26 #include <sys/param.h>
35 #endif /* STDC_HEADERS */
37 # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
41 #endif /* HAVE_STRING_H */
44 #endif /* HAVE_STRINGS_H */
47 #endif /* HAVE_UNISTD_H */
50 #endif /* HAVE_SETAUTHDB */
55 #endif /* HAVE_UTMPX_H */
64 * The passwd and group caches.
66 static struct rbtree *pwcache_byuid, *pwcache_byname;
67 static struct rbtree *grcache_bygid, *grcache_byname;
68 static struct rbtree *grlist_cache;
70 static int cmp_pwuid(const void *, const void *);
71 static int cmp_pwnam(const void *, const void *);
72 static int cmp_grgid(const void *, const void *);
74 #define cmp_grnam cmp_pwnam
76 #define ptr_to_item(p) ((struct cache_item *)((char *)p - offsetof(struct cache_item_##p, p)))
79 * Generic cache element.
93 struct group_list *grlist;
98 * Container structs to simpify size and offset calculations and guarantee
99 * proper aligment of struct passwd, group and group_list.
101 struct cache_item_pw {
102 struct cache_item cache;
106 struct cache_item_gr {
107 struct cache_item cache;
111 struct cache_item_grlist {
112 struct cache_item cache;
113 struct group_list grlist;
114 /* actually bigger */
121 cmp_pwuid(const void *v1, const void *v2)
123 const struct cache_item *ci1 = (const struct cache_item *) v1;
124 const struct cache_item *ci2 = (const struct cache_item *) v2;
125 return ci1->k.uid - ci2->k.uid;
129 * Compare by user name.
132 cmp_pwnam(const void *v1, const void *v2)
134 const struct cache_item *ci1 = (const struct cache_item *) v1;
135 const struct cache_item *ci2 = (const struct cache_item *) v2;
136 return strcmp(ci1->k.name, ci2->k.name);
139 #define FIELD_SIZE(src, name, size) \
142 size = strlen(src->name) + 1; \
147 #define FIELD_COPY(src, dst, name, size) \
150 memcpy(cp, src->name, size); \
157 * Dynamically allocate space for a struct item plus the key and data
158 * elements. If name is non-NULL it is used as the key, else the
159 * uid is the key. Fills in datum from struct password.
161 static struct cache_item *
162 make_pwitem(const struct passwd *pw, const char *name)
165 const char *pw_shell;
166 size_t nsize, psize, csize, gsize, dsize, ssize, total;
167 struct cache_item_pw *pwitem;
168 struct passwd *newpw;
169 debug_decl(make_pwitem, SUDO_DEBUG_NSS)
171 /* If shell field is empty, expand to _PATH_BSHELL. */
172 pw_shell = (pw->pw_shell == NULL || pw->pw_shell[0] == '\0')
173 ? _PATH_BSHELL : pw->pw_shell;
175 /* Allocate in one big chunk for easy freeing. */
176 nsize = psize = csize = gsize = dsize = ssize = 0;
177 total = sizeof(*pwitem);
178 FIELD_SIZE(pw, pw_name, nsize);
179 FIELD_SIZE(pw, pw_passwd, psize);
180 #ifdef HAVE_LOGIN_CAP_H
181 FIELD_SIZE(pw, pw_class, csize);
183 FIELD_SIZE(pw, pw_gecos, gsize);
184 FIELD_SIZE(pw, pw_dir, dsize);
185 /* Treat shell specially since we expand "" -> _PATH_BSHELL */
186 ssize = strlen(pw_shell) + 1;
189 total += strlen(name) + 1;
191 /* Allocate space for struct item, struct passwd and the strings. */
192 pwitem = ecalloc(1, total);
196 * Copy in passwd contents and make strings relative to space
197 * at the end of the struct.
199 memcpy(newpw, pw, sizeof(*pw));
200 cp = (char *)(pwitem + 1);
201 FIELD_COPY(pw, newpw, pw_name, nsize);
202 FIELD_COPY(pw, newpw, pw_passwd, psize);
203 #ifdef HAVE_LOGIN_CAP_H
204 FIELD_COPY(pw, newpw, pw_class, csize);
206 FIELD_COPY(pw, newpw, pw_gecos, gsize);
207 FIELD_COPY(pw, newpw, pw_dir, dsize);
208 /* Treat shell specially since we expand "" -> _PATH_BSHELL */
209 memcpy(cp, pw_shell, ssize);
210 newpw->pw_shell = cp;
213 /* Set key and datum. */
215 memcpy(cp, name, strlen(name) + 1);
216 pwitem->cache.k.name = cp;
218 pwitem->cache.k.uid = pw->pw_uid;
220 pwitem->cache.d.pw = newpw;
221 pwitem->cache.refcnt = 1;
223 debug_return_ptr(&pwitem->cache);
227 pw_addref(struct passwd *pw)
229 debug_decl(pw_addref, SUDO_DEBUG_NSS)
230 ptr_to_item(pw)->refcnt++;
235 pw_delref_item(void *v)
237 struct cache_item *item = v;
238 debug_decl(pw_delref_item, SUDO_DEBUG_NSS)
240 if (--item->refcnt == 0)
247 pw_delref(struct passwd *pw)
249 debug_decl(pw_delref, SUDO_DEBUG_NSS)
250 pw_delref_item(ptr_to_item(pw));
255 * Get a password entry by uid and allocate space for it.
258 sudo_getpwuid(uid_t uid)
260 struct cache_item key, *item;
262 debug_decl(sudo_getpwuid, SUDO_DEBUG_NSS)
265 if ((node = rbfind(pwcache_byuid, &key)) != NULL) {
266 item = (struct cache_item *) node->data;
270 * Cache passwd db entry if it exists or a negative response if not.
272 #ifdef HAVE_SETAUTHDB
273 aix_setauthdb(IDtouser(uid));
275 if ((key.d.pw = getpwuid(uid)) != NULL) {
276 item = make_pwitem(key.d.pw, NULL);
277 if (rbinsert(pwcache_byuid, item) != NULL)
278 errorx(1, _("unable to cache uid %u (%s), already exists"),
279 (unsigned int) uid, item->d.pw->pw_name);
281 item = ecalloc(1, sizeof(*item));
284 /* item->d.pw = NULL; */
285 if (rbinsert(pwcache_byuid, item) != NULL)
286 errorx(1, _("unable to cache uid %u, already exists"),
289 #ifdef HAVE_SETAUTHDB
294 debug_return_ptr(item->d.pw);
298 * Get a password entry by name and allocate space for it.
301 sudo_getpwnam(const char *name)
303 struct cache_item key, *item;
306 debug_decl(sudo_getpwnam, SUDO_DEBUG_NSS)
308 key.k.name = (char *) name;
309 if ((node = rbfind(pwcache_byname, &key)) != NULL) {
310 item = (struct cache_item *) node->data;
314 * Cache passwd db entry if it exists or a negative response if not.
316 #ifdef HAVE_SETAUTHDB
317 aix_setauthdb((char *) name);
319 if ((key.d.pw = getpwnam(name)) != NULL) {
320 item = make_pwitem(key.d.pw, name);
321 if (rbinsert(pwcache_byname, item) != NULL)
322 errorx(1, _("unable to cache user %s, already exists"), name);
324 len = strlen(name) + 1;
325 item = ecalloc(1, sizeof(*item) + len);
327 item->k.name = (char *) item + sizeof(*item);
328 memcpy(item->k.name, name, len);
329 /* item->d.pw = NULL; */
330 if (rbinsert(pwcache_byname, item) != NULL)
331 errorx(1, _("unable to cache user %s, already exists"), name);
333 #ifdef HAVE_SETAUTHDB
338 debug_return_ptr(item->d.pw);
342 * Take a user, uid and gid and return a faked up passwd struct.
345 sudo_fakepwnamid(const char *user, uid_t uid, gid_t gid)
347 struct cache_item_pw *pwitem;
352 debug_decl(sudo_fakepwnam, SUDO_DEBUG_NSS)
354 namelen = strlen(user);
355 len = sizeof(*pwitem) + namelen + 1 /* pw_name */ +
356 sizeof("*") /* pw_passwd */ + sizeof("") /* pw_gecos */ +
357 sizeof("/") /* pw_dir */ + sizeof(_PATH_BSHELL);
359 for (i = 0; i < 2; i++) {
360 pwitem = ecalloc(1, len);
364 pw->pw_name = (char *)(pwitem + 1);
365 memcpy(pw->pw_name, user, namelen + 1);
366 pw->pw_passwd = pw->pw_name + namelen + 1;
367 memcpy(pw->pw_passwd, "*", 2);
368 pw->pw_gecos = pw->pw_passwd + 2;
369 pw->pw_gecos[0] = '\0';
370 pw->pw_dir = pw->pw_gecos + 1;
371 memcpy(pw->pw_dir, "/", 2);
372 pw->pw_shell = pw->pw_dir + 2;
373 memcpy(pw->pw_shell, _PATH_BSHELL, sizeof(_PATH_BSHELL));
375 pwitem->cache.refcnt = 1;
376 pwitem->cache.d.pw = pw;
378 /* Store by uid, overwriting cached version. */
379 pwitem->cache.k.uid = pw->pw_uid;
380 if ((node = rbinsert(pwcache_byuid, &pwitem->cache)) != NULL) {
381 pw_delref_item(node->data);
382 node->data = &pwitem->cache;
385 /* Store by name, overwriting cached version. */
386 pwitem->cache.k.name = pw->pw_name;
387 if ((node = rbinsert(pwcache_byname, &pwitem->cache)) != NULL) {
388 pw_delref_item(node->data);
389 node->data = &pwitem->cache;
393 pwitem->cache.refcnt++;
394 debug_return_ptr(pw);
398 * Take a uid in string form "#123" and return a faked up passwd struct.
401 sudo_fakepwnam(const char *user, gid_t gid)
405 uid = (uid_t) atoi(user + 1);
406 return sudo_fakepwnamid(user, uid, gid);
412 debug_decl(sudo_setpwent, SUDO_DEBUG_NSS)
415 if (pwcache_byuid == NULL)
416 pwcache_byuid = rbcreate(cmp_pwuid);
417 if (pwcache_byname == NULL)
418 pwcache_byname = rbcreate(cmp_pwnam);
424 sudo_freepwcache(void)
426 debug_decl(sudo_freepwcache, SUDO_DEBUG_NSS)
428 if (pwcache_byuid != NULL) {
429 rbdestroy(pwcache_byuid, pw_delref_item);
430 pwcache_byuid = NULL;
432 if (pwcache_byname != NULL) {
433 rbdestroy(pwcache_byname, pw_delref_item);
434 pwcache_byname = NULL;
443 debug_decl(sudo_endpwent, SUDO_DEBUG_NSS)
455 cmp_grgid(const void *v1, const void *v2)
457 const struct cache_item *ci1 = (const struct cache_item *) v1;
458 const struct cache_item *ci2 = (const struct cache_item *) v2;
459 return ci1->k.gid - ci2->k.gid;
463 * Dynamically allocate space for a struct item plus the key and data
464 * elements. If name is non-NULL it is used as the key, else the
465 * gid is the key. Fills in datum from struct group.
467 static struct cache_item *
468 make_gritem(const struct group *gr, const char *name)
471 size_t nsize, psize, nmem, total, len;
472 struct cache_item_gr *gritem;
474 debug_decl(make_gritem, SUDO_DEBUG_NSS)
476 /* Allocate in one big chunk for easy freeing. */
477 nsize = psize = nmem = 0;
478 total = sizeof(*gritem);
479 FIELD_SIZE(gr, gr_name, nsize);
480 FIELD_SIZE(gr, gr_passwd, psize);
482 for (nmem = 0; gr->gr_mem[nmem] != NULL; nmem++)
483 total += strlen(gr->gr_mem[nmem]) + 1;
485 total += sizeof(char *) * nmem;
488 total += strlen(name) + 1;
490 gritem = ecalloc(1, total);
493 * Copy in group contents and make strings relative to space
494 * at the end of the buffer. Note that gr_mem must come
495 * immediately after struct group to guarantee proper alignment.
498 memcpy(newgr, gr, sizeof(*gr));
499 cp = (char *)(gritem + 1);
501 newgr->gr_mem = (char **)cp;
502 cp += sizeof(char *) * nmem;
503 for (nmem = 0; gr->gr_mem[nmem] != NULL; nmem++) {
504 len = strlen(gr->gr_mem[nmem]) + 1;
505 memcpy(cp, gr->gr_mem[nmem], len);
506 newgr->gr_mem[nmem] = cp;
509 newgr->gr_mem[nmem] = NULL;
511 FIELD_COPY(gr, newgr, gr_passwd, psize);
512 FIELD_COPY(gr, newgr, gr_name, nsize);
514 /* Set key and datum. */
516 memcpy(cp, name, strlen(name) + 1);
517 gritem->cache.k.name = cp;
519 gritem->cache.k.gid = gr->gr_gid;
521 gritem->cache.d.gr = newgr;
522 gritem->cache.refcnt = 1;
524 debug_return_ptr(&gritem->cache);
528 # define GROUPNAME_LEN (sizeof((struct utmpx *)0)->ut_user + 1)
530 # ifdef HAVE_STRUCT_UTMP_UT_USER
531 # define GROUPNAME_LEN (sizeof((struct utmp *)0)->ut_user + 1)
533 # define GROUPNAME_LEN (sizeof((struct utmp *)0)->ut_name + 1)
535 #endif /* HAVE_UTMPX_H */
538 * Dynamically allocate space for a struct item plus the key and data
539 * elements. Fills in datum from the groups and gids arrays.
541 static struct cache_item *
542 make_grlist_item(const char *user, GETGROUPS_T *gids, int ngids)
545 size_t i, nsize, ngroups, total, len;
546 struct cache_item_grlist *grlitem;
547 struct group_list *grlist;
549 debug_decl(make_grlist_item, SUDO_DEBUG_NSS)
551 #ifdef HAVE_SETAUTHDB
552 aix_setauthdb((char *) user);
555 /* Allocate in one big chunk for easy freeing. */
556 nsize = strlen(user) + 1;
557 total = sizeof(*grlitem) + nsize;
558 total += sizeof(char *) * ngids;
559 total += sizeof(gid_t *) * ngids;
560 total += GROUPNAME_LEN * ngids;
563 grlitem = ecalloc(1, total);
566 * Copy in group list and make pointers relative to space
567 * at the end of the buffer. Note that the groups array must come
568 * immediately after struct group to guarantee proper alignment.
570 grlist = &grlitem->grlist;
571 cp = (char *)(grlitem + 1);
572 grlist->groups = (char **)cp;
573 cp += sizeof(char *) * ngids;
574 grlist->gids = (gid_t *)cp;
575 cp += sizeof(gid_t) * ngids;
577 /* Set key and datum. */
578 memcpy(cp, user, nsize);
579 grlitem->cache.k.name = cp;
580 grlitem->cache.d.grlist = grlist;
581 grlitem->cache.refcnt = 1;
587 for (i = 0; i < ngids; i++)
588 grlist->gids[i] = gids[i];
589 grlist->ngids = ngids;
592 * Resolve and store group names by ID.
595 for (i = 0; i < ngids; i++) {
596 if ((grp = sudo_getgrgid(gids[i])) != NULL) {
597 len = strlen(grp->gr_name) + 1;
598 if (cp - (char *)grlitem + len > total) {
599 total += len + GROUPNAME_LEN;
604 memcpy(cp, grp->gr_name, len);
605 grlist->groups[ngroups++] = cp;
610 grlist->ngroups = ngroups;
612 #ifdef HAVE_SETAUTHDB
616 debug_return_ptr(&grlitem->cache);
620 gr_addref(struct group *gr)
622 debug_decl(gr_addref, SUDO_DEBUG_NSS)
623 ptr_to_item(gr)->refcnt++;
628 gr_delref_item(void *v)
630 struct cache_item *item = v;
631 debug_decl(gr_delref_item, SUDO_DEBUG_NSS)
633 if (--item->refcnt == 0)
640 gr_delref(struct group *gr)
642 debug_decl(gr_delref, SUDO_DEBUG_NSS)
643 gr_delref_item(ptr_to_item(gr));
648 * Get a group entry by gid and allocate space for it.
651 sudo_getgrgid(gid_t gid)
653 struct cache_item key, *item;
655 debug_decl(sudo_getgrgid, SUDO_DEBUG_NSS)
658 if ((node = rbfind(grcache_bygid, &key)) != NULL) {
659 item = (struct cache_item *) node->data;
663 * Cache group db entry if it exists or a negative response if not.
665 if ((key.d.gr = getgrgid(gid)) != NULL) {
666 item = make_gritem(key.d.gr, NULL);
667 if (rbinsert(grcache_bygid, item) != NULL)
668 errorx(1, _("unable to cache gid %u (%s), already exists"),
669 (unsigned int) gid, key.d.gr->gr_name);
671 item = ecalloc(1, sizeof(*item));
674 /* item->d.gr = NULL; */
675 if (rbinsert(grcache_bygid, item) != NULL)
676 errorx(1, _("unable to cache gid %u, already exists"),
681 debug_return_ptr(item->d.gr);
685 * Get a group entry by name and allocate space for it.
688 sudo_getgrnam(const char *name)
690 struct cache_item key, *item;
693 debug_decl(sudo_getgrnam, SUDO_DEBUG_NSS)
695 key.k.name = (char *) name;
696 if ((node = rbfind(grcache_byname, &key)) != NULL) {
697 item = (struct cache_item *) node->data;
701 * Cache group db entry if it exists or a negative response if not.
703 if ((key.d.gr = getgrnam(name)) != NULL) {
704 item = make_gritem(key.d.gr, name);
705 if (rbinsert(grcache_byname, item) != NULL)
706 errorx(1, _("unable to cache group %s, already exists"), name);
708 len = strlen(name) + 1;
709 item = ecalloc(1, sizeof(*item) + len);
711 item->k.name = (char *) item + sizeof(*item);
712 memcpy(item->k.name, name, len);
713 /* item->d.gr = NULL; */
714 if (rbinsert(grcache_byname, item) != NULL)
715 errorx(1, _("unable to cache group %s, already exists"), name);
719 debug_return_ptr(item->d.gr);
723 * Take a gid in string form "#123" and return a faked up group struct.
726 sudo_fakegrnam(const char *group)
728 struct cache_item_gr *gritem;
733 debug_decl(sudo_fakegrnam, SUDO_DEBUG_NSS)
735 namelen = strlen(group);
736 len = sizeof(*gritem) + namelen + 1;
738 for (i = 0; i < 2; i++) {
739 gritem = ecalloc(1, len);
741 gr->gr_gid = (gid_t) atoi(group + 1);
742 gr->gr_name = (char *)(gritem + 1);
743 memcpy(gr->gr_name, group, namelen + 1);
745 gritem->cache.refcnt = 1;
746 gritem->cache.d.gr = gr;
748 /* Store by gid, overwriting cached version. */
749 gritem->cache.k.gid = gr->gr_gid;
750 if ((node = rbinsert(grcache_bygid, &gritem->cache)) != NULL) {
751 gr_delref_item(node->data);
752 node->data = &gritem->cache;
755 /* Store by name, overwriting cached version. */
756 gritem->cache.k.name = gr->gr_name;
757 if ((node = rbinsert(grcache_byname, &gritem->cache)) != NULL) {
758 gr_delref_item(node->data);
759 node->data = &gritem->cache;
763 gritem->cache.refcnt++;
764 debug_return_ptr(gr);
768 grlist_addref(struct group_list *grlist)
770 debug_decl(gr_addref, SUDO_DEBUG_NSS)
771 ptr_to_item(grlist)->refcnt++;
776 grlist_delref_item(void *v)
778 struct cache_item *item = v;
779 debug_decl(gr_delref_item, SUDO_DEBUG_NSS)
781 if (--item->refcnt == 0)
788 grlist_delref(struct group_list *grlist)
790 debug_decl(gr_delref, SUDO_DEBUG_NSS)
791 grlist_delref_item(ptr_to_item(grlist));
798 debug_decl(sudo_setgrent, SUDO_DEBUG_NSS)
801 if (grcache_bygid == NULL)
802 grcache_bygid = rbcreate(cmp_grgid);
803 if (grcache_byname == NULL)
804 grcache_byname = rbcreate(cmp_grnam);
805 if (grlist_cache == NULL)
806 grlist_cache = rbcreate(cmp_grnam);
812 sudo_freegrcache(void)
814 debug_decl(sudo_freegrcache, SUDO_DEBUG_NSS)
816 if (grcache_bygid != NULL) {
817 rbdestroy(grcache_bygid, gr_delref_item);
818 grcache_bygid = NULL;
820 if (grcache_byname != NULL) {
821 rbdestroy(grcache_byname, gr_delref_item);
822 grcache_byname = NULL;
824 if (grlist_cache != NULL) {
825 rbdestroy(grlist_cache, grlist_delref_item);
835 debug_decl(sudo_endgrent, SUDO_DEBUG_NSS)
844 get_group_list(struct passwd *pw)
846 struct cache_item key, *item;
851 debug_decl(get_group_list, SUDO_DEBUG_NSS)
853 key.k.name = pw->pw_name;
854 if ((node = rbfind(grlist_cache, &key)) != NULL) {
855 item = (struct cache_item *) node->data;
859 * Cache group db entry if it exists or a negative response if not.
861 #if defined(HAVE_SYSCONF) && defined(_SC_NGROUPS_MAX)
862 ngids = (int)sysconf(_SC_NGROUPS_MAX) * 2;
865 ngids = NGROUPS_MAX * 2;
866 gids = emalloc2(ngids, sizeof(GETGROUPS_T));
867 if (getgrouplist(pw->pw_name, pw->pw_gid, gids, &ngids) == -1) {
869 gids = emalloc2(ngids, sizeof(GETGROUPS_T));
870 if (getgrouplist(pw->pw_name, pw->pw_gid, gids, &ngids) == -1) {
872 debug_return_ptr(NULL);
876 if ((item = make_grlist_item(pw->pw_name, gids, ngids)) == NULL)
877 errorx(1, "unable to parse group list for %s", pw->pw_name);
879 if (rbinsert(grlist_cache, item) != NULL)
880 errorx(1, "unable to cache group list for %s, already exists",
883 /* Should not happen. */
884 len = strlen(pw->pw_name) + 1;
885 item = ecalloc(1, sizeof(*item) + len);
887 item->k.name = (char *) item + sizeof(*item);
888 memcpy(item->k.name, pw->pw_name, len);
889 /* item->d.grlist = NULL; */
890 if (rbinsert(grlist_cache, item) != NULL)
891 errorx(1, "unable to cache group list for %s, already exists",
896 debug_return_ptr(item->d.grlist);
900 set_group_list(const char *user, GETGROUPS_T *gids, int ngids)
902 struct cache_item key, *item;
904 debug_decl(set_group_list, SUDO_DEBUG_NSS)
907 * Cache group db entry if it doesn't already exist
909 key.k.name = (char *) user;
910 if ((node = rbfind(grlist_cache, &key)) == NULL) {
911 if ((item = make_grlist_item(user, gids, ngids)) == NULL)
912 errorx(1, "unable to parse group list for %s", user);
913 if (rbinsert(grlist_cache, item) != NULL)
914 errorx(1, "unable to cache group list for %s, already exists",
921 user_in_group(struct passwd *pw, const char *group)
923 struct group_list *grlist;
924 struct group *grp = NULL;
926 bool matched = false;
927 debug_decl(user_in_group, SUDO_DEBUG_NSS)
929 if ((grlist = get_group_list(pw)) != NULL) {
931 * If it could be a sudo-style group ID check gids first.
933 if (group[0] == '#') {
934 gid_t gid = atoi(group + 1);
935 if (gid == pw->pw_gid) {
939 for (i = 0; i < grlist->ngids; i++) {
940 if (gid == grlist->gids[i]) {
948 * Next check the supplementary group vector.
949 * It usually includes the password db group too.
951 for (i = 0; i < grlist->ngroups; i++) {
952 if (strcasecmp(group, grlist->groups[i]) == 0) {
958 /* Finally check against user's primary (passwd file) group. */
959 if ((grp = sudo_getgrgid(pw->pw_gid)) != NULL) {
960 if (strcasecmp(group, grp->gr_name) == 0) {
968 grlist_delref(grlist);
970 debug_return_bool(matched);