WolfSSL
/
wolfssh
mirror of https://github.com/wolfSSL/wolfssh.git
1
0
Fork 0
Code Issues Releases Wiki Activity

adjust set and get groups

pull/527/head
JacobBarthelmeh 2023-06-15 01:48:31 -06:00
parent 15cc7c491d
commit aaf8b04fae
2 changed files with 27 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
apps/wolfsshd/auth.c
View File

@ -71,6 +71,8 @@ struct WOLFSSHD_AUTH {
const WOLFSSHD_CONFIG* conf; const WOLFSSHD_CONFIG* conf;
int gid; int gid;
int uid; int uid;
int sGid; /* saved gid */
int sUid; /* saved uid */
int attempts; int attempts;
void* heap; void* heap;
}; };
@ -1035,6 +1037,8 @@ WOLFSSHD_AUTH* wolfSSHD_AuthCreateUser(void* heap, const WOLFSSHD_CONFIG* conf)
if (ret == WS_SUCCESS) { if (ret == WS_SUCCESS) {
auth->gid = pwInfo->pw_gid; auth->gid = pwInfo->pw_gid;
auth->uid = pwInfo->pw_uid; auth->uid = pwInfo->pw_uid;
auth->sGid = getgid();
auth->sUid = getuid();
} }
/* error case in setting one of the default callbacks */ /* error case in setting one of the default callbacks */
@ -1066,12 +1070,12 @@ int wolfSSHD_AuthRaisePermissions(WOLFSSHD_AUTH* auth)
wolfSSH_Log(WS_LOG_INFO, "[SSHD] Attempting to raise permissions level"); wolfSSH_Log(WS_LOG_INFO, "[SSHD] Attempting to raise permissions level");
if (auth) { if (auth) {
if (setegid(0) != 0) { if (setegid(auth->sGid) != 0) {
wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error rasing gid"); wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error rasing gid");
ret = WS_FATAL_ERROR; ret = WS_FATAL_ERROR;
} }
if (seteuid(0) != 0) { if (seteuid(auth->sUid) != 0) {
wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error rasing uid"); wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error rasing uid");
ret = WS_FATAL_ERROR; ret = WS_FATAL_ERROR;
} }

30
apps/wolfsshd/wolfsshd.c
View File

@ -449,6 +449,13 @@ static int SCP_Subsystem(WOLFSSHD_CONNECTION* conn, WOLFSSH* ssh,
return WS_FATAL_ERROR; return WS_FATAL_ERROR;
} }
/* set additional groups if needed */
if (wolfSSHD_AuthSetGroups(conn->auth, wolfSSH_GetUsername(ssh),
pPasswd->pw_gid) != WS_SUCCESS) {
wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error setting groups");
ret = WS_FATAL_ERROR;
}
if (ret == WS_SUCCESS) { if (ret == WS_SUCCESS) {
error = SetupChroot(usrConf); error = SetupChroot(usrConf);
if (error < 0) { if (error < 0) {
@ -522,6 +529,13 @@ static int SFTP_Subsystem(WOLFSSHD_CONNECTION* conn, WOLFSSH* ssh,
return WS_FATAL_ERROR; return WS_FATAL_ERROR;
} }
/* set additional groups if needed */
if (wolfSSHD_AuthSetGroups(conn->auth, wolfSSH_GetUsername(ssh),
pPasswd->pw_gid) != WS_SUCCESS) {
wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error setting groups");
ret = WS_FATAL_ERROR;
}
if (ret == WS_SUCCESS) { if (ret == WS_SUCCESS) {
error = SetupChroot(usrConf); error = SetupChroot(usrConf);
if (error == 1) { if (error == 1) {
@ -707,6 +721,13 @@ static int SHELL_Subsystem(WOLFSSHD_CONNECTION* conn, WOLFSSH* ssh,
signal(SIGINT, SIG_DFL); signal(SIGINT, SIG_DFL);
signal(SIGCHLD, SIG_DFL); signal(SIGCHLD, SIG_DFL);
/* set additional groups if needed */
if (wolfSSHD_AuthSetGroups(conn->auth, wolfSSH_GetUsername(ssh),
pPasswd->pw_gid) != WS_SUCCESS) {
wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error setting groups");
ret = WS_FATAL_ERROR;
}
rc = SetupChroot(usrConf); rc = SetupChroot(usrConf);
if (rc < 0) { if (rc < 0) {
wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error setting chroot"); wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error setting chroot");
@ -995,15 +1016,6 @@ static void* HandleConnection(void* arg)
wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error getting user info"); wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error getting user info");
ret = WS_FATAL_ERROR; ret = WS_FATAL_ERROR;
} }
/* set additional groups if needed */
if (ret != WS_FATAL_ERROR &&
wolfSSHD_AuthSetGroups(conn->auth, usr, pPasswd->pw_gid) !=
WS_SUCCESS) {
wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error setting groups");
ret = WS_FATAL_ERROR;
}
} }
if (ret != WS_FATAL_ERROR) { if (ret != WS_FATAL_ERROR) {