G'day,
I figured some others might benefit from this patch. It allows you to use
the samba style @netgroup names in hosts allow and hosts deny.
I've tested it on solaris and linux with no apparent problems..
I'll get rid of the static string in a couple of days when I have to worry
about trying to get this into prod .. but with any luck someone else may have
done that for me.. :)
--- access.c 2003-07-30 16:12:27.000000000 +1000
+++ ../rsync-2.6.0-Linux/access.c 2004-01-31 23:15:37.000000000 +1100
@@ -22,10 +22,31 @@
*/
#include "rsync.h"
+#include <netdb.h>
static int match_hostname(char *host, char *tok)
{
+ char netgroup[512];
+ char *machinep;
+ char *userp;
+ char *domainp;
+
+ if(strlen(tok)){
+ if(tok[0]=='@'){
+ strcpy(netgroup, "");
+ sscanf(tok, "@%s", netgroup);
+ setnetgrent(netgroup);
+ while(getnetgrent(&machinep, &userp, &domainp)){
+ if(machinep!=NULL){
+ if(strcmp(host, machinep)==0){
+ return(1);
+ }
+ }
+ }
+ }
+ }
if (!host || !*host) return 0;
return wildmatch(tok, host);
}
Travis
http://www.deakin.edu.au/~travis/sig.html
On Sat, Jan 31, 2004 at 11:39:11PM +1100, Travis Freeland wrote:> > G'day, > > I figured some others might benefit from this patch. It allows you to use > the samba style @netgroup names in hosts allow and hosts deny. > > I've tested it on solaris and linux with no apparent problems.. > > I'll get rid of the static string in a couple of days when I have to worry > about trying to get this into prod .. but with any luck someone else may have > done that for me.. :)Very nice idea and good of you to produce a patch. With improvements this would have a good chance of inclusion. This would have to be conditional on an #ifdef from autoconf regarding the existance of netgroups. The code could be tightened a bit. To start with, the sscanf is unnecessary. I've not done any netgroup programming and lack manpages but it seems that iterating over getnetgrent() is the wrong approach, especially since netgroup uses recursive data, and something like a single call to innetgr() would be more appropriate. It seems to me that if we are to add netgroups it should also apply to "auth users" as well. And given the selectivity of netgroups the user authorization should permit the by-host restrictions. -- ________________________________________________________________ J.W. Schultz Pegasystems Technologies email address: jw@pegasys.ws Remember Cernan and Schmitt