Mercurial > dropbear
comparison svr-auth.c @ 1557:61a793b6e471 fuzz
merge from main
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Wed, 28 Feb 2018 21:28:59 +0800 |
| parents | bb8eaa26bc93 1acbdf64088e |
| children | 2f64cb3d3007 |
comparison
equal
deleted
inserted
replaced
| 1546:bb8eaa26bc93 | 1557:61a793b6e471 |
|---|---|
| 195 m_free(username); | 195 m_free(username); |
| 196 m_free(servicename); | 196 m_free(servicename); |
| 197 m_free(methodname); | 197 m_free(methodname); |
| 198 } | 198 } |
| 199 | 199 |
| 200 #ifdef HAVE_GETGROUPLIST | |
| 200 /* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ | 201 /* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ |
| 201 static int check_group_membership(gid_t check_gid, const char* username, gid_t user_gid) { | 202 static int check_group_membership(gid_t check_gid, const char* username, gid_t user_gid) { |
| 202 int ngroups, i, ret; | 203 int ngroups, i, ret; |
| 203 gid_t *grouplist = NULL; | 204 gid_t *grouplist = NULL; |
| 204 int match = DROPBEAR_FAILURE; | 205 int match = DROPBEAR_FAILURE; |
| 228 } | 229 } |
| 229 m_free(grouplist); | 230 m_free(grouplist); |
| 230 | 231 |
| 231 return match; | 232 return match; |
| 232 } | 233 } |
| 233 | 234 #endif |
| 234 | 235 |
| 235 /* Check that the username exists and isn't disallowed (root), and has a valid shell. | 236 /* Check that the username exists and isn't disallowed (root), and has a valid shell. |
| 236 * returns DROPBEAR_SUCCESS on valid username, DROPBEAR_FAILURE on failure */ | 237 * returns DROPBEAR_SUCCESS on valid username, DROPBEAR_FAILURE on failure */ |
| 237 static int checkusername(const char *username, unsigned int userlen) { | 238 static int checkusername(const char *username, unsigned int userlen) { |
| 238 | 239 |
| 298 ses.authstate.checkusername_failed = 1; | 299 ses.authstate.checkusername_failed = 1; |
| 299 return DROPBEAR_FAILURE; | 300 return DROPBEAR_FAILURE; |
| 300 } | 301 } |
| 301 | 302 |
| 302 /* check for login restricted to certain group if desired */ | 303 /* check for login restricted to certain group if desired */ |
| 304 #ifdef HAVE_GETGROUPLIST | |
| 303 if (svr_opts.restrict_group) { | 305 if (svr_opts.restrict_group) { |
| 304 if (check_group_membership(svr_opts.restrict_group_gid, | 306 if (check_group_membership(svr_opts.restrict_group_gid, |
| 305 ses.authstate.pw_name, ses.authstate.pw_gid) == DROPBEAR_FAILURE) { | 307 ses.authstate.pw_name, ses.authstate.pw_gid) == DROPBEAR_FAILURE) { |
| 306 dropbear_log(LOG_WARNING, | 308 dropbear_log(LOG_WARNING, |
| 307 "Logins are restricted to the group %s but user '%s' is not a member", | 309 "Logins are restricted to the group %s but user '%s' is not a member", |
| 308 svr_opts.restrict_group, ses.authstate.pw_name); | 310 svr_opts.restrict_group, ses.authstate.pw_name); |
| 309 ses.authstate.checkusername_failed = 1; | 311 ses.authstate.checkusername_failed = 1; |
| 310 return DROPBEAR_FAILURE; | 312 return DROPBEAR_FAILURE; |
| 311 } | 313 } |
| 312 } | 314 } |
| 315 #endif HAVE_GETGROUPLIST | |
| 313 | 316 |
| 314 TRACE(("shell is %s", ses.authstate.pw_shell)) | 317 TRACE(("shell is %s", ses.authstate.pw_shell)) |
| 315 | 318 |
| 316 /* check that the shell is set */ | 319 /* check that the shell is set */ |
| 317 usershell = ses.authstate.pw_shell; | 320 usershell = ses.authstate.pw_shell; |