summaryrefslogtreecommitdiffstats
path: root/usr.sbin
diff options
context:
space:
mode:
authorbrian <brian@FreeBSD.org>2000-07-12 23:13:52 +0000
committerbrian <brian@FreeBSD.org>2000-07-12 23:13:52 +0000
commitbf36609078a18030efd57cdd671bf095af25d9b8 (patch)
tree179ddd4eddfc09bb8eea4a8c1a985595304e4335 /usr.sbin
parenta378d2d97e98f6373cebcb85e73c7b3b9e2b577f (diff)
downloadFreeBSD-src-bf36609078a18030efd57cdd671bf095af25d9b8.zip
FreeBSD-src-bf36609078a18030efd57cdd671bf095af25d9b8.tar.gz
Permit multiple ``allow user'' lines in any given section
This avoids line length limits when large numbers of users are allowed access to ppp.
Diffstat (limited to 'usr.sbin')
-rw-r--r--usr.sbin/ppp/ppp.87
-rw-r--r--usr.sbin/ppp/ppp.8.m47
-rw-r--r--usr.sbin/ppp/systems.c13
3 files changed, 19 insertions, 8 deletions
diff --git a/usr.sbin/ppp/ppp.8 b/usr.sbin/ppp/ppp.8
index 40c57ee..5050bca 100644
--- a/usr.sbin/ppp/ppp.8
+++ b/usr.sbin/ppp/ppp.8
@@ -3065,10 +3065,11 @@ The
.Sq default
section is always checked first (even though it is only ever automatically
loaded at startup).
-Each successive
.Dq allow users
-command overrides the previous one, so it's possible to allow users access
-to everything except a given label by specifying default users in the
+commands are cumulative in a given section, but users allowed in any given
+section override users allowed in the default section, so it's possible to
+allow users access to everything except a given label by specifying default
+users in the
.Sq default
section, and then specifying a new user list for that label.
.Pp
diff --git a/usr.sbin/ppp/ppp.8.m4 b/usr.sbin/ppp/ppp.8.m4
index 40c57ee..5050bca 100644
--- a/usr.sbin/ppp/ppp.8.m4
+++ b/usr.sbin/ppp/ppp.8.m4
@@ -3065,10 +3065,11 @@ The
.Sq default
section is always checked first (even though it is only ever automatically
loaded at startup).
-Each successive
.Dq allow users
-command overrides the previous one, so it's possible to allow users access
-to everything except a given label by specifying default users in the
+commands are cumulative in a given section, but users allowed in any given
+section override users allowed in the default section, so it's possible to
+allow users access to everything except a given label by specifying default
+users in the
.Sq default
section, and then specifying a new user list for that label.
.Pp
diff --git a/usr.sbin/ppp/systems.c b/usr.sbin/ppp/systems.c
index a51491c..90e1183 100644
--- a/usr.sbin/ppp/systems.c
+++ b/usr.sbin/ppp/systems.c
@@ -201,7 +201,9 @@ AllowUsers(struct cmdargs const *arg)
int f;
struct passwd *pwd;
- userok = 0;
+ if (userok == -1)
+ userok = 0;
+
pwd = getpwuid(ID0realuid());
if (pwd != NULL)
for (f = arg->argn; f < arg->argc; f++)
@@ -422,15 +424,19 @@ system_IsValid(const char *name, struct prompt *prompt, int mode)
* functions. arg->bundle will be set to NULL for these commands !
*/
int def, how, rs;
+ int defuserok;
def = !strcmp(name, "default");
how = ID0realuid() == 0 ? SYSTEM_EXISTS : SYSTEM_VALIDATE;
- userok = 0;
+ userok = -1;
modeok = 1;
modereq = mode;
rs = ReadSystem(NULL, "default", CONFFILE, prompt, NULL, how);
+ defuserok = userok;
+ userok = -1;
+
if (!def) {
if (rs == -1)
rs = 0; /* we don't care that ``default'' doesn't exist */
@@ -445,6 +451,9 @@ system_IsValid(const char *name, struct prompt *prompt, int mode)
return _PATH_PPP "/" CONFFILE ": File not found";
}
+ if (userok == -1)
+ userok = defuserok;
+
if (how == SYSTEM_EXISTS)
userok = modeok = 1;
OpenPOWER on IntegriCloud