diff options
| author | Matt Johnston <matt@ucc.asn.au> | 2018-02-22 23:06:45 +0800 |
|---|---|---|
| committer | Matt Johnston <matt@ucc.asn.au> | 2018-02-22 23:06:45 +0800 |
| commit | 094972ea848b793e9f09c4f31f94af1998b4f6fd (patch) | |
| tree | 15fd99a1f3dc4ed156e30a5fea450129ecdea0db /svr-runopts.c | |
| parent | 2707f054a545788ded23f7886d61ff173a699ddb (diff) | |
| parent | d17dedfa4f864b2b4d1a7fcb5fcda411ea8fa65b (diff) | |
Merge branch 'master' of git://github.com/stellarpower/dropbear into stellarpower-master
Diffstat (limited to 'svr-runopts.c')
| -rw-r--r-- | svr-runopts.c | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/svr-runopts.c b/svr-runopts.c index 182366f..78764a1 100644 --- a/svr-runopts.c +++ b/svr-runopts.c @@ -30,6 +30,8 @@ #include "algo.h" #include "ecdsa.h" +#include <grp.h> + svr_runopts svr_opts; /* GLOBAL */ static void printhelp(const char * progname); @@ -68,6 +70,7 @@ static void printhelp(const char * progname) { "-m Don't display the motd on login\n" #endif "-w Disallow root logins\n" + "-G Restrict logins to members of specified group\n" #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH "-s Disable password logins\n" "-g Disable password logins for root\n" @@ -132,6 +135,8 @@ void svr_getopts(int argc, char ** argv) { svr_opts.forced_command = NULL; svr_opts.forkbg = 1; svr_opts.norootlogin = 0; + svr_opts.grouploginname = NULL; + svr_opts.grouploginid = NULL; svr_opts.noauthpass = 0; svr_opts.norootpass = 0; svr_opts.allowblankpass = 0; @@ -230,6 +235,11 @@ void svr_getopts(int argc, char ** argv) { case 'w': svr_opts.norootlogin = 1; break; + + case 'G': + next = &svr_opts.grouploginname; + break; + case 'W': next = &recv_window_arg; break; @@ -331,6 +341,18 @@ void svr_getopts(int argc, char ** argv) { } buf_setpos(svr_opts.banner, 0); } + + if (svr_opts.grouploginname) { + struct group *restrictedgroup = getgrnam(svr_opts.grouploginname); + + if (restrictedgroup){ + svr_opts.grouploginid = malloc(sizeof(gid_t)); + *svr_opts.grouploginid = restrictedgroup->gr_gid; + } else { + dropbear_exit("Cannot restrict logins to group '%s' as the group does not exist", svr_opts.grouploginname); + } + + } if (recv_window_arg) { opts.recv_window = atol(recv_window_arg); |