diff options
| author | Matt Johnston <matt@ucc.asn.au> | 2018-02-26 21:17:13 +0800 |
|---|---|---|
| committer | Matt Johnston <matt@ucc.asn.au> | 2018-02-26 21:17:13 +0800 |
| commit | 36ccfd21e71ecbf7c5441194b8d38bfe1ffe61a6 (patch) | |
| tree | cb2581b24dc3b26595b73719eb8e6a0f08672e73 /svr-runopts.c | |
| parent | 44c323872a4f090742c6223bfc92c197e5bc513f (diff) | |
Fix restricted group code for BSDs, move to separate function
Diffstat (limited to 'svr-runopts.c')
| -rw-r--r-- | svr-runopts.c | 31 |
1 files changed, 14 insertions, 17 deletions
diff --git a/svr-runopts.c b/svr-runopts.c index 78764a1..1b057cf 100644 --- a/svr-runopts.c +++ b/svr-runopts.c @@ -70,7 +70,7 @@ static void printhelp(const char * progname) { "-m Don't display the motd on login\n" #endif "-w Disallow root logins\n" - "-G Restrict logins to members of specified group\n" + "-G Restrict logins to members of specified group\n" #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH "-s Disable password logins\n" "-g Disable password logins for root\n" @@ -135,8 +135,8 @@ void svr_getopts(int argc, char ** argv) { svr_opts.forced_command = NULL; svr_opts.forkbg = 1; svr_opts.norootlogin = 0; - svr_opts.grouploginname = NULL; - svr_opts.grouploginid = NULL; + svr_opts.restrict_group = NULL; + svr_opts.restrict_group_gid = 0; svr_opts.noauthpass = 0; svr_opts.norootpass = 0; svr_opts.allowblankpass = 0; @@ -235,11 +235,9 @@ void svr_getopts(int argc, char ** argv) { case 'w': svr_opts.norootlogin = 1; break; - - case 'G': - next = &svr_opts.grouploginname; - break; - + case 'G': + next = &svr_opts.restrict_group; + break; case 'W': next = &recv_window_arg; break; @@ -342,17 +340,16 @@ void svr_getopts(int argc, char ** argv) { buf_setpos(svr_opts.banner, 0); } - if (svr_opts.grouploginname) { - struct group *restrictedgroup = getgrnam(svr_opts.grouploginname); + if (svr_opts.restrict_group) { + struct group *restrictedgroup = getgrnam(svr_opts.restrict_group); - if (restrictedgroup){ - svr_opts.grouploginid = malloc(sizeof(gid_t)); - *svr_opts.grouploginid = restrictedgroup->gr_gid; - } else { - dropbear_exit("Cannot restrict logins to group '%s' as the group does not exist", svr_opts.grouploginname); - } + if (restrictedgroup){ + svr_opts.restrict_group_gid = restrictedgroup->gr_gid; + } else { + dropbear_exit("Cannot restrict logins to group '%s' as the group does not exist", svr_opts.restrict_group); + } - } + } if (recv_window_arg) { opts.recv_window = atol(recv_window_arg); |