/*
- * Copyright (c) 1996, 1998-2005, 2007-2009
+ * Copyright (c) 1996, 1998-2005, 2007-2010
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#endif /* STDC_HEADERS */
#ifdef HAVE_STRING_H
# include <string.h>
-#else
-# ifdef HAVE_STRINGS_H
-# include <strings.h>
-# endif
#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif /* HAVE_UNISTD_H */
char *n;
{
int i;
- struct in_addr addr;
+ union sudo_in_addr_un addr;
struct interface *ifp;
#ifdef HAVE_IN6_ADDR
- struct in6_addr addr6;
int j;
#endif
int family;
#ifdef HAVE_IN6_ADDR
- if (inet_pton(AF_INET6, n, &addr6) > 0) {
+ if (inet_pton(AF_INET6, n, &addr.ip6) > 0) {
family = AF_INET6;
} else
#endif
{
family = AF_INET;
- addr.s_addr = inet_addr(n);
+ addr.ip4.s_addr = inet_addr(n);
}
for (i = 0; i < num_interfaces; i++) {
continue;
switch(family) {
case AF_INET:
- if (ifp->addr.ip4.s_addr == addr.s_addr ||
+ if (ifp->addr.ip4.s_addr == addr.ip4.s_addr ||
(ifp->addr.ip4.s_addr & ifp->netmask.ip4.s_addr)
- == addr.s_addr)
+ == addr.ip4.s_addr)
return(TRUE);
break;
#ifdef HAVE_IN6_ADDR
case AF_INET6:
- if (memcmp(ifp->addr.ip6.s6_addr, addr6.s6_addr,
- sizeof(addr6.s6_addr)) == 0)
+ if (memcmp(ifp->addr.ip6.s6_addr, addr.ip6.s6_addr,
+ sizeof(addr.ip6.s6_addr)) == 0)
return(TRUE);
- for (j = 0; j < sizeof(addr6.s6_addr); j++) {
- if ((ifp->addr.ip6.s6_addr[j] & ifp->netmask.ip6.s6_addr[j]) != addr6.s6_addr[j])
+ for (j = 0; j < sizeof(addr.ip6.s6_addr); j++) {
+ if ((ifp->addr.ip6.s6_addr[j] & ifp->netmask.ip6.s6_addr[j]) != addr.ip6.s6_addr[j])
break;
}
- if (j == sizeof(addr6.s6_addr))
+ if (j == sizeof(addr.ip6.s6_addr))
return(TRUE);
#endif
}
char *m;
{
int i;
- struct in_addr addr, mask;
+ union sudo_in_addr_un addr, mask;
struct interface *ifp;
#ifdef HAVE_IN6_ADDR
- struct in6_addr addr6, mask6;
int j;
#endif
int family;
#ifdef HAVE_IN6_ADDR
- if (inet_pton(AF_INET6, n, &addr6) > 0)
+ if (inet_pton(AF_INET6, n, &addr.ip6) > 0)
family = AF_INET6;
else
#endif
{
family = AF_INET;
- addr.s_addr = inet_addr(n);
+ addr.ip4.s_addr = inet_addr(n);
}
if (family == AF_INET) {
if (strchr(m, '.'))
- mask.s_addr = inet_addr(m);
+ mask.ip4.s_addr = inet_addr(m);
else {
i = 32 - atoi(m);
- mask.s_addr = 0xffffffff;
- mask.s_addr >>= i;
- mask.s_addr <<= i;
- mask.s_addr = htonl(mask.s_addr);
+ mask.ip4.s_addr = 0xffffffff;
+ mask.ip4.s_addr >>= i;
+ mask.ip4.s_addr <<= i;
+ mask.ip4.s_addr = htonl(mask.ip4.s_addr);
}
}
#ifdef HAVE_IN6_ADDR
else {
- if (inet_pton(AF_INET6, m, &mask6) <= 0) {
+ if (inet_pton(AF_INET6, m, &mask.ip6) <= 0) {
j = atoi(m);
for (i = 0; i < 16; i++) {
if (j < i * 8)
- mask6.s6_addr[i] = 0;
+ mask.ip6.s6_addr[i] = 0;
else if (i * 8 + 8 <= j)
- mask6.s6_addr[i] = 0xff;
+ mask.ip6.s6_addr[i] = 0xff;
else
- mask6.s6_addr[i] = 0xff00 >> (j - i * 8);
+ mask.ip6.s6_addr[i] = 0xff00 >> (j - i * 8);
}
}
}
continue;
switch(family) {
case AF_INET:
- if ((ifp->addr.ip4.s_addr & mask.s_addr) == addr.s_addr)
+ if ((ifp->addr.ip4.s_addr & mask.ip4.s_addr) == addr.ip4.s_addr)
return(TRUE);
#ifdef HAVE_IN6_ADDR
case AF_INET6:
- for (j = 0; j < sizeof(addr6.s6_addr); j++) {
- if ((ifp->addr.ip6.s6_addr[j] & mask6.s6_addr[j]) != addr6.s6_addr[j])
+ for (j = 0; j < sizeof(addr.ip6.s6_addr); j++) {
+ if ((ifp->addr.ip6.s6_addr[j] & mask.ip6.s6_addr[j]) != addr.ip6.s6_addr[j])
break;
}
- if (j == sizeof(addr6.s6_addr))
+ if (j == sizeof(addr.ip6.s6_addr))
return(TRUE);
#endif /* HAVE_IN6_ADDR */
}
char *user;
struct passwd *pw;
{
- struct group *grp = NULL;
- char **cur;
- int i;
-
/* make sure we have a valid usergroup, sudo style */
if (*group++ != '%')
return(FALSE);
/* look up user's primary gid in the passwd file */
if (pw == NULL && (pw = sudo_getpwnam(user)) == NULL)
- goto try_supplementary;
+ return(FALSE);
- /* check against user's primary (passwd file) gid */
- if ((grp = sudo_getgrnam(group)) == NULL)
- goto try_supplementary;
- if (grp->gr_gid == pw->pw_gid)
+ if (user_in_group(pw, group))
return(TRUE);
- /*
- * If we are matching the invoking or list user and that user has a
- * supplementary group vector, check it first.
- */
- if (strcmp(user, list_pw ? list_pw->pw_name : user_name) == 0) {
- for (i = 0; i < user_ngroups; i++)
- if (grp->gr_gid == user_groups[i])
- return(TRUE);
- }
-
-try_supplementary:
- if (grp != NULL && grp->gr_mem != NULL) {
- for (cur = grp->gr_mem; *cur; cur++)
- if (strcmp(*cur, user) == 0)
- return(TRUE);
- }
-
#ifdef USING_NONUNIX_GROUPS
/* not a Unix group, could be an AD group */
if (sudo_nonunix_groupcheck_available() &&