mirror of
https://github.com/clearml/dropbear
synced 2025-03-15 08:08:30 +00:00
add guard HAVE_GETGROUPLIST
This commit is contained in:
Matt Johnston
parent
bf6f04cbe6
commit
6eabc0fe87
@ -92,8 +92,14 @@ typedef struct svr_runopts {
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
int norootlogin;
|
int norootlogin;
|
||||||
|
|
||||||
|
#ifdef HAVE_GETGROUPLIST
|
||||||
|
/* restrict_group is the group name if group restriction was enabled,
|
||||||
|
NULL otherwise */
|
||||||
char *restrict_group;
|
char *restrict_group;
|
||||||
|
/* restrict_group_gid is only valid if restrict_group is set */
|
||||||
gid_t restrict_group_gid;
|
gid_t restrict_group_gid;
|
||||||
|
#endif
|
||||||
|
|
||||||
int noauthpass;
|
int noauthpass;
|
||||||
int norootpass;
|
int norootpass;
|
||||||
|
|||||||
@ -197,6 +197,7 @@ out:
|
|||||||
m_free(methodname);
|
m_free(methodname);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef HAVE_GETGROUPLIST
|
||||||
/* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
|
/* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
|
||||||
static int check_group_membership(gid_t check_gid, const char* username, gid_t user_gid) {
|
static int check_group_membership(gid_t check_gid, const char* username, gid_t user_gid) {
|
||||||
int ngroups, i, ret;
|
int ngroups, i, ret;
|
||||||
@ -230,7 +231,7 @@ static int check_group_membership(gid_t check_gid, const char* username, gid_t u
|
|||||||
|
|
||||||
return match;
|
return match;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Check that the username exists and isn't disallowed (root), and has a valid shell.
|
/* Check that the username exists and isn't disallowed (root), and has a valid shell.
|
||||||
* returns DROPBEAR_SUCCESS on valid username, DROPBEAR_FAILURE on failure */
|
* returns DROPBEAR_SUCCESS on valid username, DROPBEAR_FAILURE on failure */
|
||||||
@ -300,6 +301,7 @@ static int checkusername(const char *username, unsigned int userlen) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* check for login restricted to certain group if desired */
|
/* check for login restricted to certain group if desired */
|
||||||
|
#ifdef HAVE_GETGROUPLIST
|
||||||
if (svr_opts.restrict_group) {
|
if (svr_opts.restrict_group) {
|
||||||
if (check_group_membership(svr_opts.restrict_group_gid,
|
if (check_group_membership(svr_opts.restrict_group_gid,
|
||||||
ses.authstate.pw_name, ses.authstate.pw_gid) == DROPBEAR_FAILURE) {
|
ses.authstate.pw_name, ses.authstate.pw_gid) == DROPBEAR_FAILURE) {
|
||||||
@ -310,6 +312,7 @@ static int checkusername(const char *username, unsigned int userlen) {
|
|||||||
return DROPBEAR_FAILURE;
|
return DROPBEAR_FAILURE;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#endif HAVE_GETGROUPLIST
|
||||||
|
|
||||||
TRACE(("shell is %s", ses.authstate.pw_shell))
|
TRACE(("shell is %s", ses.authstate.pw_shell))
|
||||||
|
|
||||||
|
|||||||
@ -70,7 +70,9 @@ static void printhelp(const char * progname) {
|
|||||||
"-m Don't display the motd on login\n"
|
"-m Don't display the motd on login\n"
|
||||||
#endif
|
#endif
|
||||||
"-w Disallow root logins\n"
|
"-w Disallow root logins\n"
|
||||||
|
#ifdef HAVE_GETGROUPLIST
|
||||||
"-G Restrict logins to members of specified group\n"
|
"-G Restrict logins to members of specified group\n"
|
||||||
|
#endif
|
||||||
#if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH
|
#if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH
|
||||||
"-s Disable password logins\n"
|
"-s Disable password logins\n"
|
||||||
"-g Disable password logins for root\n"
|
"-g Disable password logins for root\n"
|
||||||
@ -135,8 +137,10 @@ void svr_getopts(int argc, char ** argv) {
|
|||||||
svr_opts.forced_command = NULL;
|
svr_opts.forced_command = NULL;
|
||||||
svr_opts.forkbg = 1;
|
svr_opts.forkbg = 1;
|
||||||
svr_opts.norootlogin = 0;
|
svr_opts.norootlogin = 0;
|
||||||
|
#ifdef HAVE_GETGROUPLIST
|
||||||
svr_opts.restrict_group = NULL;
|
svr_opts.restrict_group = NULL;
|
||||||
svr_opts.restrict_group_gid = 0;
|
svr_opts.restrict_group_gid = 0;
|
||||||
|
#endif
|
||||||
svr_opts.noauthpass = 0;
|
svr_opts.noauthpass = 0;
|
||||||
svr_opts.norootpass = 0;
|
svr_opts.norootpass = 0;
|
||||||
svr_opts.allowblankpass = 0;
|
svr_opts.allowblankpass = 0;
|
||||||
@ -235,9 +239,11 @@ void svr_getopts(int argc, char ** argv) {
|
|||||||
case 'w':
|
case 'w':
|
||||||
svr_opts.norootlogin = 1;
|
svr_opts.norootlogin = 1;
|
||||||
break;
|
break;
|
||||||
|
#ifdef HAVE_GETGROUPLIST
|
||||||
case 'G':
|
case 'G':
|
||||||
next = &svr_opts.restrict_group;
|
next = &svr_opts.restrict_group;
|
||||||
break;
|
break;
|
||||||
|
#endif
|
||||||
case 'W':
|
case 'W':
|
||||||
next = &recv_window_arg;
|
next = &recv_window_arg;
|
||||||
break;
|
break;
|
||||||
@ -340,6 +346,7 @@ void svr_getopts(int argc, char ** argv) {
|
|||||||
buf_setpos(svr_opts.banner, 0);
|
buf_setpos(svr_opts.banner, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef HAVE_GETGROUPLIST
|
||||||
if (svr_opts.restrict_group) {
|
if (svr_opts.restrict_group) {
|
||||||
struct group *restrictedgroup = getgrnam(svr_opts.restrict_group);
|
struct group *restrictedgroup = getgrnam(svr_opts.restrict_group);
|
||||||
|
|
||||||
@ -348,8 +355,8 @@ void svr_getopts(int argc, char ** argv) {
|
|||||||
} else {
|
} else {
|
||||||
dropbear_exit("Cannot restrict logins to group '%s' as the group does not exist", svr_opts.restrict_group);
|
dropbear_exit("Cannot restrict logins to group '%s' as the group does not exist", svr_opts.restrict_group);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
if (recv_window_arg) {
|
if (recv_window_arg) {
|
||||||
opts.recv_window = atol(recv_window_arg);
|
opts.recv_window = atol(recv_window_arg);
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user