diff options
| author | Matt Johnston <matt@ucc.asn.au> | 2018-02-26 22:44:48 +0800 |
|---|---|---|
| committer | Matt Johnston <matt@ucc.asn.au> | 2018-02-26 22:44:48 +0800 |
| commit | 5df73215f887bbc4ebd122e725fe5497d92f511f (patch) | |
| tree | 5eaaab331c7f481b736dcd6d0e526de1e2248a14 /svr-runopts.c | |
| parent | 573838a0278e56225bf2a4a1e386105525a6a91a (diff) | |
| parent | 3996e93a2045b68cbec6d645e7a166358dac95f7 (diff) | |
merge from main
--HG--
branch : fuzz
Diffstat (limited to 'svr-runopts.c')
| -rw-r--r-- | svr-runopts.c | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/svr-runopts.c b/svr-runopts.c index b0c8cf8..00854df 100644 --- a/svr-runopts.c +++ b/svr-runopts.c @@ -30,6 +30,8 @@ #include "algo.h" #include "ecdsa.h" +#include <grp.h> + svr_runopts svr_opts; /* GLOBAL */ static void printhelp(const char * progname); @@ -68,6 +70,7 @@ static void printhelp(const char * progname) { "-m Don't display the motd on login\n" #endif "-w Disallow root logins\n" + "-G Restrict logins to members of specified group\n" #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH "-s Disable password logins\n" "-g Disable password logins for root\n" @@ -132,6 +135,8 @@ void svr_getopts(int argc, char ** argv) { svr_opts.forced_command = NULL; svr_opts.forkbg = 1; svr_opts.norootlogin = 0; + svr_opts.restrict_group = NULL; + svr_opts.restrict_group_gid = 0; svr_opts.noauthpass = 0; svr_opts.norootpass = 0; svr_opts.allowblankpass = 0; @@ -230,6 +235,9 @@ void svr_getopts(int argc, char ** argv) { case 'w': svr_opts.norootlogin = 1; break; + case 'G': + next = &svr_opts.restrict_group; + break; case 'W': next = &recv_window_arg; break; @@ -331,6 +339,17 @@ void svr_getopts(int argc, char ** argv) { } buf_setpos(svr_opts.banner, 0); } + + if (svr_opts.restrict_group) { + struct group *restrictedgroup = getgrnam(svr_opts.restrict_group); + + if (restrictedgroup){ + svr_opts.restrict_group_gid = restrictedgroup->gr_gid; + } else { + dropbear_exit("Cannot restrict logins to group '%s' as the group does not exist", svr_opts.restrict_group); + } + + } if (recv_window_arg) { opts.recv_window = atol(recv_window_arg); @@ -511,17 +530,20 @@ void load_all_hostkeys() { m_free(hostkey_file); } + /* Only load default host keys if a host key is not specified by the user */ + if (svr_opts.num_hostkey_files == 0) { #if DROPBEAR_RSA - loadhostkey(RSA_PRIV_FILENAME, 0); + loadhostkey(RSA_PRIV_FILENAME, 0); #endif #if DROPBEAR_DSS - loadhostkey(DSS_PRIV_FILENAME, 0); + loadhostkey(DSS_PRIV_FILENAME, 0); #endif #if DROPBEAR_ECDSA - loadhostkey(ECDSA_PRIV_FILENAME, 0); + loadhostkey(ECDSA_PRIV_FILENAME, 0); #endif + } #if DROPBEAR_DELAY_HOSTKEY if (svr_opts.delay_hostkey) { |