X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~mdw/git/checkpath/blobdiff_plain/972ca7cda65ce3fc9f150c20a56ad4836f3a7414..refs/heads/mdw/privgrp:/chkpath.c

diff --git a/chkpath.c b/chkpath.c
index a7158d3..a3f6bf3 100644
--- a/chkpath.c
+++ b/chkpath.c
@@ -57,7 +57,7 @@ static void report(unsigned what, int verbose,
 /* --- @usage@ --- */
 
 static void usage(FILE *fp)
-  { fprintf(fp, "Usage: %s [-pqstv] [-g NAME] [PATH...]\n", QUIS); }
+  { fprintf(fp, "Usage: %s [-Tpqstv] [-g NAME] [PATH...]\n", QUIS); }
 
 /* --- @version@ --- */
 
@@ -83,6 +83,8 @@ Options provided are:\n\
 -V, --version		Display the program's version number.\n\
 -u, --usage		Show a terse usage summary.\n\
 \n\
+-T, --private-group	Accept paths writable by primary group if it has\n\
+			no other members.\n\
 -g, --group NAME	Consider members of group NAME trustworthy.\n\
 -p, --print		Write the secure path elements to standard output.\n\
 -q, --quiet		Be quiet about the search progress (cumulative).\n\
@@ -100,6 +102,7 @@ int main(int argc, char *argv[])
   int i;
   char *p, *q, *path;
   struct checkpath cp;
+  gid_t gid;
   int f = 0;
 
 #define f_print 1u
@@ -125,6 +128,7 @@ int main(int argc, char *argv[])
       { "help",		0,		0,	'h' },
       { "version",	0,		0,	'V' },
       { "usage",	0,		0,	'u' },
+      { "private-group", 0,		0,	'T' },
       { "group",	OPTF_ARGREQ,	0,	'g' },
       { "print",	0,		0,	'p' },
       { "quiet",	0,		0,	'q' },
@@ -134,7 +138,7 @@ int main(int argc, char *argv[])
       { 0,		0,		0,	0 }
     };
 
-    i = mdwopt(argc, argv, "hVu" "g:pqstv", opts, 0, 0, 0);
+    i = mdwopt(argc, argv, "hVu" "Tg:pqstv", opts, 0, 0, 0);
     if (i < 0)
       break;
     switch (i) {
@@ -147,6 +151,11 @@ int main(int argc, char *argv[])
       case 'u':
 	usage(stdout);
 	exit(0);
+      case 'T':
+	if (!private_group(&gid, cp.cp_verbose) &&
+	    checkpath_addgid(&cp, gid))
+	  die(1, "too many groups");
+	break;
       case 'g':
 	allowgroup(&cp, optarg);
 	break;