Mercurial > dropbear

comparison svr-auth.c @ 782:e0084f136cb8

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
If running as non-root only allow that user to log in
author Matt Johnston <matt@ucc.asn.au>
date Wed, 17 Apr 2013 22:29:18 +0800
parents c58a15983808
children 7dcb46da72d9 d7784616409a
comparison
equal deleted inserted replaced
781:f110d321fe7a 782:e0084f136cb8
224 * returns DROPBEAR_SUCCESS on valid username, DROPBEAR_FAILURE on failure */ 224 * returns DROPBEAR_SUCCESS on valid username, DROPBEAR_FAILURE on failure */
225 static int checkusername(unsigned char *username, unsigned int userlen) { 225 static int checkusername(unsigned char *username, unsigned int userlen) {
226 226
227 char* listshell = NULL; 227 char* listshell = NULL;
228 char* usershell = NULL; 228 char* usershell = NULL;
229 int uid;
229 TRACE(("enter checkusername")) 230 TRACE(("enter checkusername"))
230 if (userlen > MAX_USERNAME_LEN) { 231 if (userlen > MAX_USERNAME_LEN) {
231 return DROPBEAR_FAILURE; 232 return DROPBEAR_FAILURE;
232 } 233 }
233 234
253 svr_ses.addrstring); 254 svr_ses.addrstring);
254 send_msg_userauth_failure(0, 1); 255 send_msg_userauth_failure(0, 1);
255 return DROPBEAR_FAILURE; 256 return DROPBEAR_FAILURE;
256 } 257 }
257 258
259 /* check if we are running as non-root, and login user is different from the server */
260 uid = geteuid();
261 if (uid != 0 && uid != ses.authstate.pw_uid) {
262 TRACE(("running as nonroot, only server uid is allowed"))
263 dropbear_log(LOG_WARNING,
264 "Login attempt with wrong user %s from %s",
265 ses.authstate.pw_name,
266 svr_ses.addrstring);
267 send_msg_userauth_failure(0, 1);
268 return DROPBEAR_FAILURE;
269 }
270
258 /* check for non-root if desired */ 271 /* check for non-root if desired */
259 if (svr_opts.norootlogin && ses.authstate.pw_uid == 0) { 272 if (svr_opts.norootlogin && ses.authstate.pw_uid == 0) {
260 TRACE(("leave checkusername: root login disabled")) 273 TRACE(("leave checkusername: root login disabled"))
261 dropbear_log(LOG_WARNING, "root login rejected"); 274 dropbear_log(LOG_WARNING, "root login rejected");
262 send_msg_userauth_failure(0, 1); 275 send_msg_userauth_failure(0, 1);