WolfSSL
/
wolfssh
mirror of https://github.com/wolfSSL/wolfssh.git
1
0
Fork 0
Code Issues Releases Wiki Activity

add secondary groups as well

pull/515/head
JacobBarthelmeh 2023-05-05 15:20:27 -07:00
parent e0b641bafc
commit b11e87b384
3 changed files with 47 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
apps/wolfsshd/auth.c
View File

@ -1122,6 +1122,38 @@ int wolfSSHD_AuthReducePermissions(WOLFSSHD_AUTH* auth)
return ret; return ret;
} }
/* sets the extended groups the user is in, returns WS_SUCCESS on success */
int wolfSSHD_AuthSetGroups(const WOLFSSHD_AUTH* auth, const char* usr,
WGID_T gid)
{
int grpListSz = 0;
gid_t* grpList = NULL;
int ret = WS_SUCCESS;
/* should return -1 if grpListSz is smaller than actual groups */
if (getgrouplist(usr, gid, NULL, &grpListSz) == -1) {
grpList = (gid_t*)WMALLOC(sizeof(gid_t) * grpListSz, auth->heap,
DYNTYPE_SSHD);
if (grpList == NULL) {
ret = WS_MEMORY_E;
}
else {
if (getgrouplist(usr, gid, grpList, &grpListSz)
!= grpListSz) {
ret = WS_FATAL_ERROR;
}
else {
setgroups(grpListSz, grpList);
}
WFREE(grpList, auth->heap, DYNTYPE_SSHD);
}
}
return ret;
}
/* return the time in seconds for grace timeout period */ /* return the time in seconds for grace timeout period */
long wolfSSHD_AuthGetGraceTime(const WOLFSSHD_AUTH* auth) long wolfSSHD_AuthGetGraceTime(const WOLFSSHD_AUTH* auth)
{ {

2
apps/wolfsshd/auth.h
View File

@ -62,6 +62,8 @@ int wolfSSHD_AuthReducePermissions(WOLFSSHD_AUTH* auth);
int wolfSSHD_AuthRaisePermissions(WOLFSSHD_AUTH* auth); int wolfSSHD_AuthRaisePermissions(WOLFSSHD_AUTH* auth);
int wolfSSHD_AuthReducePermissionsUser(WOLFSSHD_AUTH* auth, WUID_T uid, int wolfSSHD_AuthReducePermissionsUser(WOLFSSHD_AUTH* auth, WUID_T uid,
WGID_T gid); WGID_T gid);
int wolfSSHD_AuthSetGroups(const WOLFSSHD_AUTH* auth, const char* usr,
WGID_T gid);
long wolfSSHD_AuthGetGraceTime(const WOLFSSHD_AUTH* auth); long wolfSSHD_AuthGetGraceTime(const WOLFSSHD_AUTH* auth);
WOLFSSHD_CONFIG* wolfSSHD_AuthGetUserConf(const WOLFSSHD_AUTH* auth, WOLFSSHD_CONFIG* wolfSSHD_AuthGetUserConf(const WOLFSSHD_AUTH* auth,
const char* usr, const char* host, const char* usr, const char* host,

13
apps/wolfsshd/wolfsshd.c
View File

@ -490,6 +490,12 @@ static int SFTP_Subsystem(WOLFSSHD_CONNECTION* conn, WOLFSSH* ssh,
} }
} }
/* set additional groups if needed */
if (ret == WS_SUCCESS) {
ret = wolfSSHD_AuthSetGroups(conn->auth, wolfSSH_GetUsername(ssh),
pPasswd->pw_gid);
}
if (wolfSSHD_AuthReducePermissionsUser(conn->auth, pPasswd->pw_uid, if (wolfSSHD_AuthReducePermissionsUser(conn->auth, pPasswd->pw_uid,
pPasswd->pw_gid) != WS_SUCCESS) { pPasswd->pw_gid) != WS_SUCCESS) {
wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error setting user ID"); wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error setting user ID");
@ -668,6 +674,13 @@ static int SHELL_Subsystem(WOLFSSHD_CONNECTION* conn, WOLFSSH* ssh,
} }
} }
/* set additional groups if needed */
if ( wolfSSHD_AuthSetGroups(conn->auth, wolfSSH_GetUsername(ssh),
pPasswd->pw_gid) != WS_SUCCESS) {
wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error setting user groups");
return WS_FATAL_ERROR;
}
if (wolfSSHD_AuthReducePermissionsUser(conn->auth, pPasswd->pw_uid, if (wolfSSHD_AuthReducePermissionsUser(conn->auth, pPasswd->pw_uid,
pPasswd->pw_gid) != WS_SUCCESS) { pPasswd->pw_gid) != WS_SUCCESS) {
wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error setting user ID"); wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Error setting user ID");