[PATCH] Check sudo group membership if user to determine if he can elevate privileges

Tue Jun 24 18:10:14 CEST 2014

# HG changeset patch
# User Andre Heinecke <andre.heinecke at intevation.de>
# Date 1403626210 -7200
# Node ID c7a35fa302ec64f2e52eac3e97694b4758769f9b
# Parent  be30d50bc4f06c51a368d244ea25afba6b633dc6
Check sudo group membership if user to determine if he can elevate privileges

diff -r be30d50bc4f0 -r c7a35fa302ec common/util.c

--- a/common/util.c	Tue Jun 24 15:24:09 2014 +0200
+++ b/common/util.c	Tue Jun 24 18:10:10 2014 +0200
@@ -7,10 +7,14 @@
  */
 #include "util.h"
 #include "logging.h"
+#include "strhelp.h"
 
 #ifndef _WIN32
 #include <unistd.h>
 #include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <string.h>
 #else
 #include <windows.h>
 #endif
@@ -42,7 +46,58 @@
 bool is_admin()
 {
 #ifndef _WIN32
-  /* TODO implement */
+  struct passwd *current_user = getpwuid (geteuid());
+  int ngroups = 0,
+      ret = 0,
+      i = 0;
+  gid_t * groups = NULL;
+
+  if (current_user == NULL)
+    {
+      ERRORPRINTF ("Failed to obtain user information.");
+      return false;
+    }
+
+  ret = getgrouplist (current_user->pw_name, current_user->pw_gid, NULL,
+                      &ngroups);
+
+  if (ret != -1 || ngroups <= 0)
+    {
+      ERRORPRINTF ("Unknown error in getgrouplist call");
+      return false;
+    }
+
+  groups = xmalloc (((unsigned int)ngroups) * sizeof (gid_t));
+
+  ret = getgrouplist (current_user->pw_name, current_user->pw_gid, groups,
+                      &ngroups);
+
+  if (ret != ngroups)
+    {
+      ERRORPRINTF ("Group length mismatch.");
+      xfree (groups);
+      return false;
+    }
+
+  for (i = 0; i < ngroups; i++)
+    {
+      struct group *gr = getgrgid (groups[i]);
+      if (gr == NULL)
+        {
+          ERRORPRINTF ("Error in group enumeration");
+          xfree (groups);
+          return false;
+        }
+      if (strcmp("sudo", gr->gr_name) == 0)
+        {
+          DEBUGPRINTF ("User is in sudo group \n");
+          xfree (groups);
+          return true;
+        }
+    }
+
+  DEBUGPRINTF ("User is not in sudo group");
+
   return false;
 #else
   bool retval = false;
