comparison svr-auth.c @ 1557:61a793b6e471 fuzz

merge from main
author Matt Johnston <matt@ucc.asn.au>
date Wed, 28 Feb 2018 21:28:59 +0800
parents bb8eaa26bc93 1acbdf64088e
children 2f64cb3d3007
comparison
equal deleted inserted replaced
1546:bb8eaa26bc93 1557:61a793b6e471
195 m_free(username); 195 m_free(username);
196 m_free(servicename); 196 m_free(servicename);
197 m_free(methodname); 197 m_free(methodname);
198 } 198 }
199 199
200 #ifdef HAVE_GETGROUPLIST
200 /* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ 201 /* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
201 static int check_group_membership(gid_t check_gid, const char* username, gid_t user_gid) { 202 static int check_group_membership(gid_t check_gid, const char* username, gid_t user_gid) {
202 int ngroups, i, ret; 203 int ngroups, i, ret;
203 gid_t *grouplist = NULL; 204 gid_t *grouplist = NULL;
204 int match = DROPBEAR_FAILURE; 205 int match = DROPBEAR_FAILURE;
228 } 229 }
229 m_free(grouplist); 230 m_free(grouplist);
230 231
231 return match; 232 return match;
232 } 233 }
233 234 #endif
234 235
235 /* Check that the username exists and isn't disallowed (root), and has a valid shell. 236 /* Check that the username exists and isn't disallowed (root), and has a valid shell.
236 * returns DROPBEAR_SUCCESS on valid username, DROPBEAR_FAILURE on failure */ 237 * returns DROPBEAR_SUCCESS on valid username, DROPBEAR_FAILURE on failure */
237 static int checkusername(const char *username, unsigned int userlen) { 238 static int checkusername(const char *username, unsigned int userlen) {
238 239
298 ses.authstate.checkusername_failed = 1; 299 ses.authstate.checkusername_failed = 1;
299 return DROPBEAR_FAILURE; 300 return DROPBEAR_FAILURE;
300 } 301 }
301 302
302 /* check for login restricted to certain group if desired */ 303 /* check for login restricted to certain group if desired */
304 #ifdef HAVE_GETGROUPLIST
303 if (svr_opts.restrict_group) { 305 if (svr_opts.restrict_group) {
304 if (check_group_membership(svr_opts.restrict_group_gid, 306 if (check_group_membership(svr_opts.restrict_group_gid,
305 ses.authstate.pw_name, ses.authstate.pw_gid) == DROPBEAR_FAILURE) { 307 ses.authstate.pw_name, ses.authstate.pw_gid) == DROPBEAR_FAILURE) {
306 dropbear_log(LOG_WARNING, 308 dropbear_log(LOG_WARNING,
307 "Logins are restricted to the group %s but user '%s' is not a member", 309 "Logins are restricted to the group %s but user '%s' is not a member",
308 svr_opts.restrict_group, ses.authstate.pw_name); 310 svr_opts.restrict_group, ses.authstate.pw_name);
309 ses.authstate.checkusername_failed = 1; 311 ses.authstate.checkusername_failed = 1;
310 return DROPBEAR_FAILURE; 312 return DROPBEAR_FAILURE;
311 } 313 }
312 } 314 }
315 #endif HAVE_GETGROUPLIST
313 316
314 TRACE(("shell is %s", ses.authstate.pw_shell)) 317 TRACE(("shell is %s", ses.authstate.pw_shell))
315 318
316 /* check that the shell is set */ 319 /* check that the shell is set */
317 usershell = ses.authstate.pw_shell; 320 usershell = ses.authstate.pw_shell;