Permit multiple ``allow user'' lines in any given section

This avoids line length limits when large numbers of users are allowed
access to ppp.
This commit is contained in:
Brian Somers 2000-07-12 23:13:52 +00:00
parent 4da144c091
commit dd49e719c1
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=63052
3 changed files with 19 additions and 8 deletions

View File

@ -3065,10 +3065,11 @@ The
.Sq default
section is always checked first (even though it is only ever automatically
loaded at startup).
Each successive
.Dq allow users
command overrides the previous one, so it's possible to allow users access
to everything except a given label by specifying default users in the
commands are cumulative in a given section, but users allowed in any given
section override users allowed in the default section, so it's possible to
allow users access to everything except a given label by specifying default
users in the
.Sq default
section, and then specifying a new user list for that label.
.Pp

View File

@ -3065,10 +3065,11 @@ The
.Sq default
section is always checked first (even though it is only ever automatically
loaded at startup).
Each successive
.Dq allow users
command overrides the previous one, so it's possible to allow users access
to everything except a given label by specifying default users in the
commands are cumulative in a given section, but users allowed in any given
section override users allowed in the default section, so it's possible to
allow users access to everything except a given label by specifying default
users in the
.Sq default
section, and then specifying a new user list for that label.
.Pp

View File

@ -201,7 +201,9 @@ AllowUsers(struct cmdargs const *arg)
int f;
struct passwd *pwd;
if (userok == -1)
userok = 0;
pwd = getpwuid(ID0realuid());
if (pwd != NULL)
for (f = arg->argn; f < arg->argc; f++)
@ -422,15 +424,19 @@ system_IsValid(const char *name, struct prompt *prompt, int mode)
* functions. arg->bundle will be set to NULL for these commands !
*/
int def, how, rs;
int defuserok;
def = !strcmp(name, "default");
how = ID0realuid() == 0 ? SYSTEM_EXISTS : SYSTEM_VALIDATE;
userok = 0;
userok = -1;
modeok = 1;
modereq = mode;
rs = ReadSystem(NULL, "default", CONFFILE, prompt, NULL, how);
defuserok = userok;
userok = -1;
if (!def) {
if (rs == -1)
rs = 0; /* we don't care that ``default'' doesn't exist */
@ -445,6 +451,9 @@ system_IsValid(const char *name, struct prompt *prompt, int mode)
return _PATH_PPP "/" CONFFILE ": File not found";
}
if (userok == -1)
userok = defuserok;
if (how == SYSTEM_EXISTS)
userok = modeok = 1;