+
+int
+user_in_group(pw, group)
+ struct passwd *pw;
+ const char *group;
+{
+#ifdef HAVE_MBR_CHECK_MEMBERSHIP
+ uuid_t gu, uu;
+ int ismember;
+#else
+ char **gr_mem;
+ int i;
+#endif
+ struct group *grp;
+
+#ifdef HAVE_SETAUTHDB
+ aix_setauthdb(pw->pw_name);
+#endif
+ grp = sudo_getgrnam(group);
+#ifdef HAVE_SETAUTHDB
+ aix_restoreauthdb();
+#endif
+ if (grp == NULL)
+ return(FALSE);
+
+ /* check against user's primary (passwd file) gid */
+ if (grp->gr_gid == pw->pw_gid)
+ return(TRUE);
+
+#ifdef HAVE_MBR_CHECK_MEMBERSHIP
+ /* If we are matching the invoking user use the stashed uuid. */
+ if (strcmp(pw->pw_name, user_name) == 0) {
+ if (mbr_gid_to_uuid(grp->gr_gid, gu) == 0 &&
+ mbr_check_membership(user_uuid, gu, &ismember) == 0 && ismember)
+ return(TRUE);
+ } else {
+ if (mbr_uid_to_uuid(pw->pw_uid, uu) == 0 &&
+ mbr_gid_to_uuid(grp->gr_gid, gu) == 0 &&
+ mbr_check_membership(uu, gu, &ismember) == 0 && ismember)
+ return(TRUE);
+ }
+#else /* HAVE_MBR_CHECK_MEMBERSHIP */
+# ifdef HAVE_GETGROUPS
+ /*
+ * If we are matching the invoking or list user and that user has a
+ * supplementary group vector, check it.
+ */
+ if (user_ngroups > 0 &&
+ strcmp(pw->pw_name, list_pw ? list_pw->pw_name : user_name) == 0) {
+ for (i = 0; i < user_ngroups; i++) {
+ if (grp->gr_gid == user_groups[i])
+ return(TRUE);
+ }
+ } else
+# endif /* HAVE_GETGROUPS */
+ {
+ if (grp != NULL && grp->gr_mem != NULL) {
+ for (gr_mem = grp->gr_mem; *gr_mem; gr_mem++) {
+ if (strcmp(*gr_mem, pw->pw_name) == 0)
+ return(TRUE);
+ }
+ }
+ }
+#endif /* HAVE_MBR_CHECK_MEMBERSHIP */
+
+ return(FALSE);
+}