diff svr-runopts.c @ 1536:a55a6901a181

Merge branch 'stellarpower-master'
author Matt Johnston <matt@ucc.asn.au>
date Thu, 22 Feb 2018 23:07:13 +0800
parents b918ad1c5b25
children 6a83b1944432
line wrap: on
line diff
--- a/svr-runopts.c	Thu Feb 22 21:57:47 2018 +0800
+++ b/svr-runopts.c	Thu Feb 22 23:07:13 2018 +0800
@@ -30,6 +30,8 @@
 #include "algo.h"
 #include "ecdsa.h"
 
+#include <grp.h>
+
 svr_runopts svr_opts; /* GLOBAL */
 
 static void printhelp(const char * progname);
@@ -68,6 +70,7 @@
 					"-m		Don't display the motd on login\n"
 #endif
 					"-w		Disallow root logins\n"
+                                        "-G		Restrict logins to members of specified group\n"
 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH
 					"-s		Disable password logins\n"
 					"-g		Disable password logins for root\n"
@@ -132,6 +135,8 @@
 	svr_opts.forced_command = NULL;
 	svr_opts.forkbg = 1;
 	svr_opts.norootlogin = 0;
+        svr_opts.grouploginname = NULL;
+        svr_opts.grouploginid = NULL;
 	svr_opts.noauthpass = 0;
 	svr_opts.norootpass = 0;
 	svr_opts.allowblankpass = 0;
@@ -230,6 +235,11 @@
 				case 'w':
 					svr_opts.norootlogin = 1;
 					break;
+
+                                case 'G':
+                                        next = &svr_opts.grouploginname;
+                                        break;
+
 				case 'W':
 					next = &recv_window_arg;
 					break;
@@ -331,6 +341,18 @@
 		}
 		buf_setpos(svr_opts.banner, 0);
 	}
+
+        if (svr_opts.grouploginname) {
+                struct group *restrictedgroup = getgrnam(svr_opts.grouploginname);
+
+                if (restrictedgroup){
+                    svr_opts.grouploginid = malloc(sizeof(gid_t));
+                    *svr_opts.grouploginid = restrictedgroup->gr_gid;
+                } else {
+                    dropbear_exit("Cannot restrict logins to group '%s' as the group does not exist", svr_opts.grouploginname);
+                }
+
+        }
 	
 	if (recv_window_arg) {
 		opts.recv_window = atol(recv_window_arg);