Mercurial > dropbear
comparison svr-runopts.c @ 1537:6a83b1944432
Fix restricted group code for BSDs, move to separate function
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Mon, 26 Feb 2018 21:17:13 +0800 |
parents | b918ad1c5b25 |
children | f20038b513a5 |
comparison
equal
deleted
inserted
replaced
1536:a55a6901a181 | 1537:6a83b1944432 |
---|---|
68 #endif | 68 #endif |
69 #if DO_MOTD | 69 #if DO_MOTD |
70 "-m Don't display the motd on login\n" | 70 "-m Don't display the motd on login\n" |
71 #endif | 71 #endif |
72 "-w Disallow root logins\n" | 72 "-w Disallow root logins\n" |
73 "-G Restrict logins to members of specified group\n" | 73 "-G Restrict logins to members of specified group\n" |
74 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH | 74 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH |
75 "-s Disable password logins\n" | 75 "-s Disable password logins\n" |
76 "-g Disable password logins for root\n" | 76 "-g Disable password logins for root\n" |
77 "-B Allow blank password logins\n" | 77 "-B Allow blank password logins\n" |
78 #endif | 78 #endif |
133 svr_opts.bannerfile = NULL; | 133 svr_opts.bannerfile = NULL; |
134 svr_opts.banner = NULL; | 134 svr_opts.banner = NULL; |
135 svr_opts.forced_command = NULL; | 135 svr_opts.forced_command = NULL; |
136 svr_opts.forkbg = 1; | 136 svr_opts.forkbg = 1; |
137 svr_opts.norootlogin = 0; | 137 svr_opts.norootlogin = 0; |
138 svr_opts.grouploginname = NULL; | 138 svr_opts.restrict_group = NULL; |
139 svr_opts.grouploginid = NULL; | 139 svr_opts.restrict_group_gid = 0; |
140 svr_opts.noauthpass = 0; | 140 svr_opts.noauthpass = 0; |
141 svr_opts.norootpass = 0; | 141 svr_opts.norootpass = 0; |
142 svr_opts.allowblankpass = 0; | 142 svr_opts.allowblankpass = 0; |
143 svr_opts.maxauthtries = MAX_AUTH_TRIES; | 143 svr_opts.maxauthtries = MAX_AUTH_TRIES; |
144 svr_opts.inetdmode = 0; | 144 svr_opts.inetdmode = 0; |
233 break; | 233 break; |
234 #endif | 234 #endif |
235 case 'w': | 235 case 'w': |
236 svr_opts.norootlogin = 1; | 236 svr_opts.norootlogin = 1; |
237 break; | 237 break; |
238 | 238 case 'G': |
239 case 'G': | 239 next = &svr_opts.restrict_group; |
240 next = &svr_opts.grouploginname; | 240 break; |
241 break; | |
242 | |
243 case 'W': | 241 case 'W': |
244 next = &recv_window_arg; | 242 next = &recv_window_arg; |
245 break; | 243 break; |
246 case 'K': | 244 case 'K': |
247 next = &keepalive_arg; | 245 next = &keepalive_arg; |
340 svr_opts.bannerfile); | 338 svr_opts.bannerfile); |
341 } | 339 } |
342 buf_setpos(svr_opts.banner, 0); | 340 buf_setpos(svr_opts.banner, 0); |
343 } | 341 } |
344 | 342 |
345 if (svr_opts.grouploginname) { | 343 if (svr_opts.restrict_group) { |
346 struct group *restrictedgroup = getgrnam(svr_opts.grouploginname); | 344 struct group *restrictedgroup = getgrnam(svr_opts.restrict_group); |
347 | 345 |
348 if (restrictedgroup){ | 346 if (restrictedgroup){ |
349 svr_opts.grouploginid = malloc(sizeof(gid_t)); | 347 svr_opts.restrict_group_gid = restrictedgroup->gr_gid; |
350 *svr_opts.grouploginid = restrictedgroup->gr_gid; | 348 } else { |
351 } else { | 349 dropbear_exit("Cannot restrict logins to group '%s' as the group does not exist", svr_opts.restrict_group); |
352 dropbear_exit("Cannot restrict logins to group '%s' as the group does not exist", svr_opts.grouploginname); | 350 } |
353 } | 351 |
354 | 352 } |
355 } | |
356 | 353 |
357 if (recv_window_arg) { | 354 if (recv_window_arg) { |
358 opts.recv_window = atol(recv_window_arg); | 355 opts.recv_window = atol(recv_window_arg); |
359 if (opts.recv_window == 0 || opts.recv_window > MAX_RECV_WINDOW) { | 356 if (opts.recv_window == 0 || opts.recv_window > MAX_RECV_WINDOW) { |
360 dropbear_exit("Bad recv window '%s'", recv_window_arg); | 357 dropbear_exit("Bad recv window '%s'", recv_window_arg); |