Mercurial > dropbear

comparison svr-runopts.c @ 1537:6a83b1944432

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix restricted group code for BSDs, move to separate function
author Matt Johnston <matt@ucc.asn.au>
date Mon, 26 Feb 2018 21:17:13 +0800
parents b918ad1c5b25
children f20038b513a5
comparison
equal deleted inserted replaced
1536:a55a6901a181 1537:6a83b1944432
68 #endif 68 #endif
69 #if DO_MOTD 69 #if DO_MOTD
70 "-m Don't display the motd on login\n" 70 "-m Don't display the motd on login\n"
71 #endif 71 #endif
72 "-w Disallow root logins\n" 72 "-w Disallow root logins\n"
73 "-G Restrict logins to members of specified group\n" 73 "-G Restrict logins to members of specified group\n"
74 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH 74 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH
75 "-s Disable password logins\n" 75 "-s Disable password logins\n"
76 "-g Disable password logins for root\n" 76 "-g Disable password logins for root\n"
77 "-B Allow blank password logins\n" 77 "-B Allow blank password logins\n"
78 #endif 78 #endif
133 svr_opts.bannerfile = NULL; 133 svr_opts.bannerfile = NULL;
134 svr_opts.banner = NULL; 134 svr_opts.banner = NULL;
135 svr_opts.forced_command = NULL; 135 svr_opts.forced_command = NULL;
136 svr_opts.forkbg = 1; 136 svr_opts.forkbg = 1;
137 svr_opts.norootlogin = 0; 137 svr_opts.norootlogin = 0;
138 svr_opts.grouploginname = NULL; 138 svr_opts.restrict_group = NULL;
139 svr_opts.grouploginid = NULL; 139 svr_opts.restrict_group_gid = 0;
140 svr_opts.noauthpass = 0; 140 svr_opts.noauthpass = 0;
141 svr_opts.norootpass = 0; 141 svr_opts.norootpass = 0;
142 svr_opts.allowblankpass = 0; 142 svr_opts.allowblankpass = 0;
143 svr_opts.maxauthtries = MAX_AUTH_TRIES; 143 svr_opts.maxauthtries = MAX_AUTH_TRIES;
144 svr_opts.inetdmode = 0; 144 svr_opts.inetdmode = 0;
233 break; 233 break;
234 #endif 234 #endif
235 case 'w': 235 case 'w':
236 svr_opts.norootlogin = 1; 236 svr_opts.norootlogin = 1;
237 break; 237 break;
238 238 case 'G':
239 case 'G': 239 next = &svr_opts.restrict_group;
240 next = &svr_opts.grouploginname; 240 break;
241 break;
242
243 case 'W': 241 case 'W':
244 next = &recv_window_arg; 242 next = &recv_window_arg;
245 break; 243 break;
246 case 'K': 244 case 'K':
247 next = &keepalive_arg; 245 next = &keepalive_arg;
340 svr_opts.bannerfile); 338 svr_opts.bannerfile);
341 } 339 }
342 buf_setpos(svr_opts.banner, 0); 340 buf_setpos(svr_opts.banner, 0);
343 } 341 }
344 342
345 if (svr_opts.grouploginname) { 343 if (svr_opts.restrict_group) {
346 struct group *restrictedgroup = getgrnam(svr_opts.grouploginname); 344 struct group *restrictedgroup = getgrnam(svr_opts.restrict_group);
347 345
348 if (restrictedgroup){ 346 if (restrictedgroup){
349 svr_opts.grouploginid = malloc(sizeof(gid_t)); 347 svr_opts.restrict_group_gid = restrictedgroup->gr_gid;
350 *svr_opts.grouploginid = restrictedgroup->gr_gid; 348 } else {
351 } else { 349 dropbear_exit("Cannot restrict logins to group '%s' as the group does not exist", svr_opts.restrict_group);
352 dropbear_exit("Cannot restrict logins to group '%s' as the group does not exist", svr_opts.grouploginname); 350 }
353 } 351
354 352 }
355 }
356 353
357 if (recv_window_arg) { 354 if (recv_window_arg) {
358 opts.recv_window = atol(recv_window_arg); 355 opts.recv_window = atol(recv_window_arg);
359 if (opts.recv_window == 0 || opts.recv_window > MAX_RECV_WINDOW) { 356 if (opts.recv_window == 0 || opts.recv_window > MAX_RECV_WINDOW) {
360 dropbear_exit("Bad recv window '%s'", recv_window_arg); 357 dropbear_exit("Bad recv window '%s'", recv_window_arg);