diff options
| author | brian <brian@cvs.openbsd.org> | 2000-07-12 23:14:33 +0000 |
|---|---|---|
| committer | brian <brian@cvs.openbsd.org> | 2000-07-12 23:14:33 +0000 |
| commit | 7dce2538c1d2b6b7bd61388e57a23d3e14381de8 (patch) | |
| tree | a884297cb4017a40a52633a26166acf0c0b65ed1 | |
| parent | 48ccfd26f61401bb74e5ccb15700be938564ffcf (diff) | |
Permit multiple ``allow user'' lines in any given section
This avoids line length limits when large numbers of users are allowed
access to ppp.
| -rw-r--r-- | usr.sbin/ppp/ppp/ppp.8 | 9 | ||||
| -rw-r--r-- | usr.sbin/ppp/ppp/systems.c | 15 |
2 files changed, 17 insertions, 7 deletions
diff --git a/usr.sbin/ppp/ppp/ppp.8 b/usr.sbin/ppp/ppp/ppp.8 index d22b5edfaf3..b4d4a2c7d86 100644 --- a/usr.sbin/ppp/ppp/ppp.8 +++ b/usr.sbin/ppp/ppp/ppp.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ppp.8,v 1.88 2000/07/12 16:33:53 brian Exp $ +.\" $OpenBSD: ppp.8,v 1.89 2000/07/12 23:14:31 brian Exp $ .Dd 20 September 1995 .nr XX \w'\fC00' .Dt PPP 8 @@ -3065,10 +3065,11 @@ The .Sq default section is always checked first (even though it is only ever automatically loaded at startup). -Each successive .Dq allow users -command overrides the previous one, so it's possible to allow users access -to everything except a given label by specifying default users in the +commands are cumulative in a given section, but users allowed in any given +section override users allowed in the default section, so it's possible to +allow users access to everything except a given label by specifying default +users in the .Sq default section, and then specifying a new user list for that label. .Pp diff --git a/usr.sbin/ppp/ppp/systems.c b/usr.sbin/ppp/ppp/systems.c index 6d6df47320e..5ee7cf118c9 100644 --- a/usr.sbin/ppp/ppp/systems.c +++ b/usr.sbin/ppp/ppp/systems.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $OpenBSD: systems.c,v 1.14 2000/04/03 19:56:35 brian Exp $ + * $OpenBSD: systems.c,v 1.15 2000/07/12 23:14:32 brian Exp $ * * TODO: */ @@ -201,7 +201,9 @@ AllowUsers(struct cmdargs const *arg) int f; struct passwd *pwd; - userok = 0; + if (userok == -1) + userok = 0; + pwd = getpwuid(ID0realuid()); if (pwd != NULL) for (f = arg->argn; f < arg->argc; f++) @@ -422,15 +424,19 @@ system_IsValid(const char *name, struct prompt *prompt, int mode) * functions. arg->bundle will be set to NULL for these commands ! */ int def, how, rs; + int defuserok; def = !strcmp(name, "default"); how = ID0realuid() == 0 ? SYSTEM_EXISTS : SYSTEM_VALIDATE; - userok = 0; + userok = -1; modeok = 1; modereq = mode; rs = ReadSystem(NULL, "default", CONFFILE, prompt, NULL, how); + defuserok = userok; + userok = -1; + if (!def) { if (rs == -1) rs = 0; /* we don't care that ``default'' doesn't exist */ @@ -445,6 +451,9 @@ system_IsValid(const char *name, struct prompt *prompt, int mode) return _PATH_PPP "/" CONFFILE ": File not found"; } + if (userok == -1) + userok = defuserok; + if (how == SYSTEM_EXISTS) userok = modeok = 1; |