Mercurial > dropbear
diff svr-runopts.c @ 1537:6a83b1944432
Fix restricted group code for BSDs, move to separate function
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Mon, 26 Feb 2018 21:17:13 +0800 |
| parents | b918ad1c5b25 |
| children | f20038b513a5 |
line wrap: on
line diff
--- a/svr-runopts.c Thu Feb 22 23:07:13 2018 +0800 +++ b/svr-runopts.c Mon Feb 26 21:17:13 2018 +0800 @@ -70,7 +70,7 @@ "-m Don't display the motd on login\n" #endif "-w Disallow root logins\n" - "-G Restrict logins to members of specified group\n" + "-G Restrict logins to members of specified group\n" #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH "-s Disable password logins\n" "-g Disable password logins for root\n" @@ -135,8 +135,8 @@ svr_opts.forced_command = NULL; svr_opts.forkbg = 1; svr_opts.norootlogin = 0; - svr_opts.grouploginname = NULL; - svr_opts.grouploginid = NULL; + svr_opts.restrict_group = NULL; + svr_opts.restrict_group_gid = 0; svr_opts.noauthpass = 0; svr_opts.norootpass = 0; svr_opts.allowblankpass = 0; @@ -235,11 +235,9 @@ case 'w': svr_opts.norootlogin = 1; break; - - case 'G': - next = &svr_opts.grouploginname; - break; - + case 'G': + next = &svr_opts.restrict_group; + break; case 'W': next = &recv_window_arg; break; @@ -342,17 +340,16 @@ buf_setpos(svr_opts.banner, 0); } - if (svr_opts.grouploginname) { - struct group *restrictedgroup = getgrnam(svr_opts.grouploginname); + if (svr_opts.restrict_group) { + struct group *restrictedgroup = getgrnam(svr_opts.restrict_group); - if (restrictedgroup){ - svr_opts.grouploginid = malloc(sizeof(gid_t)); - *svr_opts.grouploginid = restrictedgroup->gr_gid; - } else { - dropbear_exit("Cannot restrict logins to group '%s' as the group does not exist", svr_opts.grouploginname); - } + if (restrictedgroup){ + svr_opts.restrict_group_gid = restrictedgroup->gr_gid; + } else { + dropbear_exit("Cannot restrict logins to group '%s' as the group does not exist", svr_opts.restrict_group); + } - } + } if (recv_window_arg) { opts.recv_window = atol(recv_window_arg);