Attached below is a small patch that adds NIS netgroup support to the
mod_access.c module. With this change, you can do host authorization
based on NIS netgroups. For example:
Allow from @trusted
will allow access to all hosts in netgroup "trusted". The @ syntax was
copied from the /etc/exports syntax used by the nfs server.
--
Dick Streefland //// De Bilt
[EMAIL PROTECTED] (@ @) The Netherlands
------------------------------oOO--(_)--OOo------------------
--- httpd-2.0/docs/manual/mod/mod_access.html.orig Sun Sep 23 00:12:16 2001
+++ httpd-2.0/docs/manual/mod/mod_access.html Sat Oct 20 00:27:44 2001
@@ -117,6 +117,12 @@
href="core.html#hostnamelookups">HostNameLookups</a>
directive.</dd>
+ <dt>The @ character, followed by a NIS netgroup name</dt>
+
+ <dd>Example: <code>Allow from @trusted</code><br />
+ Hosts that are a member of the specified netgroup are
+ allowed access.</dd>
+
<dt>A full IP address</dt>
<dd>Example: <code>Allow from 10.1.2.3</code><br />
--- httpd-2.0/modules/aaa/mod_access.c.orig Sat Aug 11 06:12:13 2001
+++ httpd-2.0/modules/aaa/mod_access.c Sat Oct 20 00:10:25 2001
@@ -277,8 +277,13 @@
gothost = 2;
}
- if ((gothost == 2) && in_domain(ap[i].x.from, remotehost))
- return 1;
+ if (gothost == 2)
+ if (ap[i].x.from[0] == '@') {
+ if (innetgr(ap[i].x.from + 1, remotehost, NULL, NULL))
+ return 1;
+ }
+ else if (in_domain(ap[i].x.from, remotehost))
+ return 1;
break;
case T_FAIL:
