Mercurial > dropbear
comparison svr-auth.c @ 1557:61a793b6e471 fuzz
merge from main
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Wed, 28 Feb 2018 21:28:59 +0800 |
parents | bb8eaa26bc93 1acbdf64088e |
children | 2f64cb3d3007 |
comparison
equal
deleted
inserted
replaced
1546:bb8eaa26bc93 | 1557:61a793b6e471 |
---|---|
195 m_free(username); | 195 m_free(username); |
196 m_free(servicename); | 196 m_free(servicename); |
197 m_free(methodname); | 197 m_free(methodname); |
198 } | 198 } |
199 | 199 |
200 #ifdef HAVE_GETGROUPLIST | |
200 /* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ | 201 /* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ |
201 static int check_group_membership(gid_t check_gid, const char* username, gid_t user_gid) { | 202 static int check_group_membership(gid_t check_gid, const char* username, gid_t user_gid) { |
202 int ngroups, i, ret; | 203 int ngroups, i, ret; |
203 gid_t *grouplist = NULL; | 204 gid_t *grouplist = NULL; |
204 int match = DROPBEAR_FAILURE; | 205 int match = DROPBEAR_FAILURE; |
228 } | 229 } |
229 m_free(grouplist); | 230 m_free(grouplist); |
230 | 231 |
231 return match; | 232 return match; |
232 } | 233 } |
233 | 234 #endif |
234 | 235 |
235 /* Check that the username exists and isn't disallowed (root), and has a valid shell. | 236 /* Check that the username exists and isn't disallowed (root), and has a valid shell. |
236 * returns DROPBEAR_SUCCESS on valid username, DROPBEAR_FAILURE on failure */ | 237 * returns DROPBEAR_SUCCESS on valid username, DROPBEAR_FAILURE on failure */ |
237 static int checkusername(const char *username, unsigned int userlen) { | 238 static int checkusername(const char *username, unsigned int userlen) { |
238 | 239 |
298 ses.authstate.checkusername_failed = 1; | 299 ses.authstate.checkusername_failed = 1; |
299 return DROPBEAR_FAILURE; | 300 return DROPBEAR_FAILURE; |
300 } | 301 } |
301 | 302 |
302 /* check for login restricted to certain group if desired */ | 303 /* check for login restricted to certain group if desired */ |
304 #ifdef HAVE_GETGROUPLIST | |
303 if (svr_opts.restrict_group) { | 305 if (svr_opts.restrict_group) { |
304 if (check_group_membership(svr_opts.restrict_group_gid, | 306 if (check_group_membership(svr_opts.restrict_group_gid, |
305 ses.authstate.pw_name, ses.authstate.pw_gid) == DROPBEAR_FAILURE) { | 307 ses.authstate.pw_name, ses.authstate.pw_gid) == DROPBEAR_FAILURE) { |
306 dropbear_log(LOG_WARNING, | 308 dropbear_log(LOG_WARNING, |
307 "Logins are restricted to the group %s but user '%s' is not a member", | 309 "Logins are restricted to the group %s but user '%s' is not a member", |
308 svr_opts.restrict_group, ses.authstate.pw_name); | 310 svr_opts.restrict_group, ses.authstate.pw_name); |
309 ses.authstate.checkusername_failed = 1; | 311 ses.authstate.checkusername_failed = 1; |
310 return DROPBEAR_FAILURE; | 312 return DROPBEAR_FAILURE; |
311 } | 313 } |
312 } | 314 } |
315 #endif HAVE_GETGROUPLIST | |
313 | 316 |
314 TRACE(("shell is %s", ses.authstate.pw_shell)) | 317 TRACE(("shell is %s", ses.authstate.pw_shell)) |
315 | 318 |
316 /* check that the shell is set */ | 319 /* check that the shell is set */ |
317 usershell = ses.authstate.pw_shell; | 320 usershell = ses.authstate.pw_shell; |