changeset 1551:1acbdf64088e

add guard HAVE_GETGROUPLIST
author Matt Johnston <matt@ucc.asn.au>
date Tue, 27 Feb 2018 21:49:10 +0800
parents 93a3726a36d6
children e46f7f1da56a
files runopts.h svr-auth.c svr-runopts.c
diffstat 3 files changed, 18 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/runopts.h	Tue Feb 27 21:41:56 2018 +0800
+++ b/runopts.h	Tue Feb 27 21:49:10 2018 +0800
@@ -92,8 +92,14 @@
 #endif
 
 	int norootlogin;
+
+#ifdef HAVE_GETGROUPLIST
+	/* restrict_group is the group name if group restriction was enabled, 
+	NULL otherwise */
 	char *restrict_group;
+	/* restrict_group_gid is only valid if restrict_group is set */
 	gid_t restrict_group_gid;
+#endif
 
 	int noauthpass;
 	int norootpass;
--- a/svr-auth.c	Tue Feb 27 21:41:56 2018 +0800
+++ b/svr-auth.c	Tue Feb 27 21:49:10 2018 +0800
@@ -197,6 +197,7 @@
 	m_free(methodname);
 }
 
+#ifdef HAVE_GETGROUPLIST
 /* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
 static int check_group_membership(gid_t check_gid, const char* username, gid_t user_gid) {
 	int ngroups, i, ret;
@@ -230,7 +231,7 @@
 
 	return match;
 }
-
+#endif
 
 /* Check that the username exists and isn't disallowed (root), and has a valid shell.
  * returns DROPBEAR_SUCCESS on valid username, DROPBEAR_FAILURE on failure */
@@ -300,6 +301,7 @@
 	}
 
 	/* check for login restricted to certain group if desired */
+#ifdef HAVE_GETGROUPLIST
 	if (svr_opts.restrict_group) {
 		if (check_group_membership(svr_opts.restrict_group_gid,
 				ses.authstate.pw_name, ses.authstate.pw_gid) == DROPBEAR_FAILURE) {
@@ -310,6 +312,7 @@
 			return DROPBEAR_FAILURE;
 		}
 	}
+#endif HAVE_GETGROUPLIST
 
 	TRACE(("shell is %s", ses.authstate.pw_shell))
 
--- a/svr-runopts.c	Tue Feb 27 21:41:56 2018 +0800
+++ b/svr-runopts.c	Tue Feb 27 21:49:10 2018 +0800
@@ -70,7 +70,9 @@
 					"-m		Don't display the motd on login\n"
 #endif
 					"-w		Disallow root logins\n"
+#ifdef HAVE_GETGROUPLIST
 					"-G		Restrict logins to members of specified group\n"
+#endif
 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH
 					"-s		Disable password logins\n"
 					"-g		Disable password logins for root\n"
@@ -135,8 +137,10 @@
 	svr_opts.forced_command = NULL;
 	svr_opts.forkbg = 1;
 	svr_opts.norootlogin = 0;
+#ifdef HAVE_GETGROUPLIST
 	svr_opts.restrict_group = NULL;
 	svr_opts.restrict_group_gid = 0;
+#endif
 	svr_opts.noauthpass = 0;
 	svr_opts.norootpass = 0;
 	svr_opts.allowblankpass = 0;
@@ -235,9 +239,11 @@
 				case 'w':
 					svr_opts.norootlogin = 1;
 					break;
+#ifdef HAVE_GETGROUPLIST
 				case 'G':
 					next = &svr_opts.restrict_group;
 					break;
+#endif
 				case 'W':
 					next = &recv_window_arg;
 					break;
@@ -340,6 +346,7 @@
 		buf_setpos(svr_opts.banner, 0);
 	}
 
+#ifdef HAVE_GETGROUPLIST
 	if (svr_opts.restrict_group) {
 		struct group *restrictedgroup = getgrnam(svr_opts.restrict_group);
 
@@ -348,8 +355,8 @@
 		} else {
 			dropbear_exit("Cannot restrict logins to group '%s' as the group does not exist", svr_opts.restrict_group);
 		}
-
 	}
+#endif
 	
 	if (recv_window_arg) {
 		opts.recv_window = atol(recv_window_arg);