adjust set and get groups

2023-06-15 01:48:31 -06:00 · 2023-06-15 01:48:31 -06:00 · aaf8b04fae
parent 15cc7c491d
commit aaf8b04fae
2 changed files with 27 additions and 11 deletions
--- a/apps/wolfsshd/auth.c
+++ b/apps/wolfsshd/auth.c
@ -71,6 +71,8 @@ struct WOLFSSHD_AUTH {
    const WOLFSSHD_CONFIG* conf;
    int gid;
    int uid;
+    int sGid; /* saved gid */
+    int sUid; /* saved uid */
    int attempts;
    void* heap;
 };
@ -1035,6 +1037,8 @@ WOLFSSHD_AUTH* wolfSSHD_AuthCreateUser(void* heap, const WOLFSSHD_CONFIG* conf)
        if (ret == WS_SUCCESS) {
            auth->gid = pwInfo->pw_gid;
            auth->uid = pwInfo->pw_uid;
+            auth->sGid = getgid();
+            auth->sUid = getuid();
        }

        /* error case in setting one of the default callbacks */
@ -1066,12 +1070,12 @@ int wolfSSHD_AuthRaisePermissions(WOLFSSHD_AUTH* auth)

    wolfSSH_Log(WS_LOG_INFO, "[SSHD] Attempting to raise permissions level");
    if (auth) {
-        if (setegid(0) != 0) {
+        if (setegid(auth->sGid) != 0) {
            wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error rasing gid");
            ret = WS_FATAL_ERROR;
        }

-        if (seteuid(0) != 0) {
+        if (seteuid(auth->sUid) != 0) {
            wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error rasing uid");
            ret = WS_FATAL_ERROR;
        }
--- a/apps/wolfsshd/wolfsshd.c
+++ b/apps/wolfsshd/wolfsshd.c
@ -449,6 +449,13 @@ static int SCP_Subsystem(WOLFSSHD_CONNECTION* conn, WOLFSSH* ssh,
        return WS_FATAL_ERROR;
    }

+    /* set additional groups if needed */
+    if (wolfSSHD_AuthSetGroups(conn->auth, wolfSSH_GetUsername(ssh),
+            pPasswd->pw_gid) != WS_SUCCESS) {
+        wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error setting groups");
+        ret = WS_FATAL_ERROR;
+    }
+
    if (ret == WS_SUCCESS) {
        error = SetupChroot(usrConf);
        if (error < 0) {
@ -522,6 +529,13 @@ static int SFTP_Subsystem(WOLFSSHD_CONNECTION* conn, WOLFSSH* ssh,
        return WS_FATAL_ERROR;
    }

+    /* set additional groups if needed */
+    if (wolfSSHD_AuthSetGroups(conn->auth, wolfSSH_GetUsername(ssh),
+            pPasswd->pw_gid) != WS_SUCCESS) {
+        wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error setting groups");
+        ret = WS_FATAL_ERROR;
+    }
+
    if (ret == WS_SUCCESS) {
        error = SetupChroot(usrConf);
        if (error == 1) {
@ -707,6 +721,13 @@ static int SHELL_Subsystem(WOLFSSHD_CONNECTION* conn, WOLFSSH* ssh,
        signal(SIGINT,  SIG_DFL);
        signal(SIGCHLD, SIG_DFL);

+        /* set additional groups if needed */
+        if (wolfSSHD_AuthSetGroups(conn->auth, wolfSSH_GetUsername(ssh),
+                pPasswd->pw_gid) != WS_SUCCESS) {
+            wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error setting groups");
+            ret = WS_FATAL_ERROR;
+        }
+
        rc = SetupChroot(usrConf);
        if (rc < 0) {
            wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error setting chroot");
@ -995,15 +1016,6 @@ static void* HandleConnection(void* arg)
                wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error getting user info");
                ret = WS_FATAL_ERROR;
            }
-
-            /* set additional groups if needed */
-            if (ret != WS_FATAL_ERROR &&
-                    wolfSSHD_AuthSetGroups(conn->auth, usr, pPasswd->pw_gid) !=
-                    WS_SUCCESS) {
-
-               wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error setting groups");
-               ret = WS_FATAL_ERROR;
-            }
        }

        if (ret != WS_FATAL_ERROR) {