merge in HEAD

author: Matt Johnston <matt@ucc.asn.au> 2013-05-21 12:09:35 +0800
committer: Matt Johnston <matt@ucc.asn.au> 2013-05-21 12:09:35 +0800
commit: a0da2d6e81a883a2a1b38d464603cec9a5e8aabd (patch)
tree: 935d2110c0dec496ebb8b24fbc4a9596d73100fb /svr-auth.c
parent: 7eac89cbd9b2e2da5bb6bf9e8f1686059cdcf7b6 (diff)
parent: 123bd5d43879bc87ea5362b6ef64ac599d7390d0 (diff)
download: dropbear-a0da2d6e81a883a2a1b38d464603cec9a5e8aabd.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/svr-auth.c b/svr-auth.c
index eb518fc..acac6f8 100644
--- a/svr-auth.c
+++ b/svr-auth.c
@@ -225,6 +225,7 @@ static int checkusername(unsigned char *username, unsigned int userlen) {
 
 	char* listshell = NULL;
 	char* usershell = NULL;
+	int   uid;
 	TRACE(("enter checkusername"))
 	if (userlen > MAX_USERNAME_LEN) {
 		return DROPBEAR_FAILURE;
@@ -254,6 +255,18 @@ static int checkusername(unsigned char *username, unsigned int userlen) {
 		return DROPBEAR_FAILURE;
 	}
 
+	/* check if we are running as non-root, and login user is different from the server */
+	uid = geteuid();
+	if (uid != 0 && uid != ses.authstate.pw_uid) {
+		TRACE(("running as nonroot, only server uid is allowed"))
+		dropbear_log(LOG_WARNING,
+				"Login attempt with wrong user %s from %s",
+				ses.authstate.pw_name,
+				svr_ses.addrstring);
+		send_msg_userauth_failure(0, 1);
+		return DROPBEAR_FAILURE;
+	}
+
 	/* check for non-root if desired */
 	if (svr_opts.norootlogin && ses.authstate.pw_uid == 0) {
 		TRACE(("leave checkusername: root login disabled"))
author	Matt Johnston <matt@ucc.asn.au>	2013-05-21 12:09:35 +0800
committer	Matt Johnston <matt@ucc.asn.au>	2013-05-21 12:09:35 +0800
commit	a0da2d6e81a883a2a1b38d464603cec9a5e8aabd (patch)
tree	935d2110c0dec496ebb8b24fbc4a9596d73100fb /svr-auth.c
parent	7eac89cbd9b2e2da5bb6bf9e8f1686059cdcf7b6 (diff)
parent	123bd5d43879bc87ea5362b6ef64ac599d7390d0 (diff)
download	dropbear-a0da2d6e81a883a2a1b38d464603cec9a5e8aabd.tar.gz