Mercurial > dropbear
diff svr-runopts.c @ 1546:bb8eaa26bc93 fuzz
merge from main
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Mon, 26 Feb 2018 22:44:48 +0800 |
parents | 5916af64acd4 f20038b513a5 |
children | 61a793b6e471 |
line wrap: on
line diff
--- a/svr-runopts.c Wed Feb 21 21:59:52 2018 +0800 +++ b/svr-runopts.c Mon Feb 26 22:44:48 2018 +0800 @@ -30,6 +30,8 @@ #include "algo.h" #include "ecdsa.h" +#include <grp.h> + svr_runopts svr_opts; /* GLOBAL */ static void printhelp(const char * progname); @@ -68,6 +70,7 @@ "-m Don't display the motd on login\n" #endif "-w Disallow root logins\n" + "-G Restrict logins to members of specified group\n" #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH "-s Disable password logins\n" "-g Disable password logins for root\n" @@ -132,6 +135,8 @@ svr_opts.forced_command = NULL; svr_opts.forkbg = 1; svr_opts.norootlogin = 0; + svr_opts.restrict_group = NULL; + svr_opts.restrict_group_gid = 0; svr_opts.noauthpass = 0; svr_opts.norootpass = 0; svr_opts.allowblankpass = 0; @@ -230,6 +235,9 @@ case 'w': svr_opts.norootlogin = 1; break; + case 'G': + next = &svr_opts.restrict_group; + break; case 'W': next = &recv_window_arg; break; @@ -331,6 +339,17 @@ } buf_setpos(svr_opts.banner, 0); } + + if (svr_opts.restrict_group) { + struct group *restrictedgroup = getgrnam(svr_opts.restrict_group); + + if (restrictedgroup){ + svr_opts.restrict_group_gid = restrictedgroup->gr_gid; + } else { + dropbear_exit("Cannot restrict logins to group '%s' as the group does not exist", svr_opts.restrict_group); + } + + } if (recv_window_arg) { opts.recv_window = atol(recv_window_arg); @@ -511,17 +530,20 @@ m_free(hostkey_file); } + /* Only load default host keys if a host key is not specified by the user */ + if (svr_opts.num_hostkey_files == 0) { #if DROPBEAR_RSA - loadhostkey(RSA_PRIV_FILENAME, 0); + loadhostkey(RSA_PRIV_FILENAME, 0); #endif #if DROPBEAR_DSS - loadhostkey(DSS_PRIV_FILENAME, 0); + loadhostkey(DSS_PRIV_FILENAME, 0); #endif #if DROPBEAR_ECDSA - loadhostkey(ECDSA_PRIV_FILENAME, 0); + loadhostkey(ECDSA_PRIV_FILENAME, 0); #endif + } #if DROPBEAR_DELAY_HOSTKEY if (svr_opts.delay_hostkey) {