Mercurial > dropbear
diff svr-runopts.c @ 1536:a55a6901a181
Merge branch 'stellarpower-master'
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 22 Feb 2018 23:07:13 +0800 |
parents | b918ad1c5b25 |
children | 6a83b1944432 |
line wrap: on
line diff
--- a/svr-runopts.c Thu Feb 22 21:57:47 2018 +0800 +++ b/svr-runopts.c Thu Feb 22 23:07:13 2018 +0800 @@ -30,6 +30,8 @@ #include "algo.h" #include "ecdsa.h" +#include <grp.h> + svr_runopts svr_opts; /* GLOBAL */ static void printhelp(const char * progname); @@ -68,6 +70,7 @@ "-m Don't display the motd on login\n" #endif "-w Disallow root logins\n" + "-G Restrict logins to members of specified group\n" #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH "-s Disable password logins\n" "-g Disable password logins for root\n" @@ -132,6 +135,8 @@ svr_opts.forced_command = NULL; svr_opts.forkbg = 1; svr_opts.norootlogin = 0; + svr_opts.grouploginname = NULL; + svr_opts.grouploginid = NULL; svr_opts.noauthpass = 0; svr_opts.norootpass = 0; svr_opts.allowblankpass = 0; @@ -230,6 +235,11 @@ case 'w': svr_opts.norootlogin = 1; break; + + case 'G': + next = &svr_opts.grouploginname; + break; + case 'W': next = &recv_window_arg; break; @@ -331,6 +341,18 @@ } buf_setpos(svr_opts.banner, 0); } + + if (svr_opts.grouploginname) { + struct group *restrictedgroup = getgrnam(svr_opts.grouploginname); + + if (restrictedgroup){ + svr_opts.grouploginid = malloc(sizeof(gid_t)); + *svr_opts.grouploginid = restrictedgroup->gr_gid; + } else { + dropbear_exit("Cannot restrict logins to group '%s' as the group does not exist", svr_opts.grouploginname); + } + + } if (recv_window_arg) { opts.recv_window = atol(recv_window_arg);