Mercurial > dropbear
changeset 1551:1acbdf64088e
add guard HAVE_GETGROUPLIST
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Tue, 27 Feb 2018 21:49:10 +0800 |
parents | 93a3726a36d6 |
children | e46f7f1da56a |
files | runopts.h svr-auth.c svr-runopts.c |
diffstat | 3 files changed, 18 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/runopts.h Tue Feb 27 21:41:56 2018 +0800 +++ b/runopts.h Tue Feb 27 21:49:10 2018 +0800 @@ -92,8 +92,14 @@ #endif int norootlogin; + +#ifdef HAVE_GETGROUPLIST + /* restrict_group is the group name if group restriction was enabled, + NULL otherwise */ char *restrict_group; + /* restrict_group_gid is only valid if restrict_group is set */ gid_t restrict_group_gid; +#endif int noauthpass; int norootpass;
--- a/svr-auth.c Tue Feb 27 21:41:56 2018 +0800 +++ b/svr-auth.c Tue Feb 27 21:49:10 2018 +0800 @@ -197,6 +197,7 @@ m_free(methodname); } +#ifdef HAVE_GETGROUPLIST /* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ static int check_group_membership(gid_t check_gid, const char* username, gid_t user_gid) { int ngroups, i, ret; @@ -230,7 +231,7 @@ return match; } - +#endif /* Check that the username exists and isn't disallowed (root), and has a valid shell. * returns DROPBEAR_SUCCESS on valid username, DROPBEAR_FAILURE on failure */ @@ -300,6 +301,7 @@ } /* check for login restricted to certain group if desired */ +#ifdef HAVE_GETGROUPLIST if (svr_opts.restrict_group) { if (check_group_membership(svr_opts.restrict_group_gid, ses.authstate.pw_name, ses.authstate.pw_gid) == DROPBEAR_FAILURE) { @@ -310,6 +312,7 @@ return DROPBEAR_FAILURE; } } +#endif HAVE_GETGROUPLIST TRACE(("shell is %s", ses.authstate.pw_shell))
--- a/svr-runopts.c Tue Feb 27 21:41:56 2018 +0800 +++ b/svr-runopts.c Tue Feb 27 21:49:10 2018 +0800 @@ -70,7 +70,9 @@ "-m Don't display the motd on login\n" #endif "-w Disallow root logins\n" +#ifdef HAVE_GETGROUPLIST "-G Restrict logins to members of specified group\n" +#endif #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH "-s Disable password logins\n" "-g Disable password logins for root\n" @@ -135,8 +137,10 @@ svr_opts.forced_command = NULL; svr_opts.forkbg = 1; svr_opts.norootlogin = 0; +#ifdef HAVE_GETGROUPLIST svr_opts.restrict_group = NULL; svr_opts.restrict_group_gid = 0; +#endif svr_opts.noauthpass = 0; svr_opts.norootpass = 0; svr_opts.allowblankpass = 0; @@ -235,9 +239,11 @@ case 'w': svr_opts.norootlogin = 1; break; +#ifdef HAVE_GETGROUPLIST case 'G': next = &svr_opts.restrict_group; break; +#endif case 'W': next = &recv_window_arg; break; @@ -340,6 +346,7 @@ buf_setpos(svr_opts.banner, 0); } +#ifdef HAVE_GETGROUPLIST if (svr_opts.restrict_group) { struct group *restrictedgroup = getgrnam(svr_opts.restrict_group); @@ -348,8 +355,8 @@ } else { dropbear_exit("Cannot restrict logins to group '%s' as the group does not exist", svr_opts.restrict_group); } - } +#endif if (recv_window_arg) { opts.recv_window = atol(recv_window_arg);