diff options
author | brian <brian@FreeBSD.org> | 2000-07-12 23:13:52 +0000 |
---|---|---|
committer | brian <brian@FreeBSD.org> | 2000-07-12 23:13:52 +0000 |
commit | bf36609078a18030efd57cdd671bf095af25d9b8 (patch) | |
tree | 179ddd4eddfc09bb8eea4a8c1a985595304e4335 /usr.sbin | |
parent | a378d2d97e98f6373cebcb85e73c7b3b9e2b577f (diff) | |
download | FreeBSD-src-bf36609078a18030efd57cdd671bf095af25d9b8.zip FreeBSD-src-bf36609078a18030efd57cdd671bf095af25d9b8.tar.gz |
Permit multiple ``allow user'' lines in any given section
This avoids line length limits when large numbers of users are allowed
access to ppp.
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/ppp/ppp.8 | 7 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp.8.m4 | 7 | ||||
-rw-r--r-- | usr.sbin/ppp/systems.c | 13 |
3 files changed, 19 insertions, 8 deletions
diff --git a/usr.sbin/ppp/ppp.8 b/usr.sbin/ppp/ppp.8 index 40c57ee..5050bca 100644 --- a/usr.sbin/ppp/ppp.8 +++ b/usr.sbin/ppp/ppp.8 @@ -3065,10 +3065,11 @@ The .Sq default section is always checked first (even though it is only ever automatically loaded at startup). -Each successive .Dq allow users -command overrides the previous one, so it's possible to allow users access -to everything except a given label by specifying default users in the +commands are cumulative in a given section, but users allowed in any given +section override users allowed in the default section, so it's possible to +allow users access to everything except a given label by specifying default +users in the .Sq default section, and then specifying a new user list for that label. .Pp diff --git a/usr.sbin/ppp/ppp.8.m4 b/usr.sbin/ppp/ppp.8.m4 index 40c57ee..5050bca 100644 --- a/usr.sbin/ppp/ppp.8.m4 +++ b/usr.sbin/ppp/ppp.8.m4 @@ -3065,10 +3065,11 @@ The .Sq default section is always checked first (even though it is only ever automatically loaded at startup). -Each successive .Dq allow users -command overrides the previous one, so it's possible to allow users access -to everything except a given label by specifying default users in the +commands are cumulative in a given section, but users allowed in any given +section override users allowed in the default section, so it's possible to +allow users access to everything except a given label by specifying default +users in the .Sq default section, and then specifying a new user list for that label. .Pp diff --git a/usr.sbin/ppp/systems.c b/usr.sbin/ppp/systems.c index a51491c..90e1183 100644 --- a/usr.sbin/ppp/systems.c +++ b/usr.sbin/ppp/systems.c @@ -201,7 +201,9 @@ AllowUsers(struct cmdargs const *arg) int f; struct passwd *pwd; - userok = 0; + if (userok == -1) + userok = 0; + pwd = getpwuid(ID0realuid()); if (pwd != NULL) for (f = arg->argn; f < arg->argc; f++) @@ -422,15 +424,19 @@ system_IsValid(const char *name, struct prompt *prompt, int mode) * functions. arg->bundle will be set to NULL for these commands ! */ int def, how, rs; + int defuserok; def = !strcmp(name, "default"); how = ID0realuid() == 0 ? SYSTEM_EXISTS : SYSTEM_VALIDATE; - userok = 0; + userok = -1; modeok = 1; modereq = mode; rs = ReadSystem(NULL, "default", CONFFILE, prompt, NULL, how); + defuserok = userok; + userok = -1; + if (!def) { if (rs == -1) rs = 0; /* we don't care that ``default'' doesn't exist */ @@ -445,6 +451,9 @@ system_IsValid(const char *name, struct prompt *prompt, int mode) return _PATH_PPP "/" CONFFILE ": File not found"; } + if (userok == -1) + userok = defuserok; + if (how == SYSTEM_EXISTS) userok = modeok = 1; |