netgroups patch for rsync 2.6.0
G'day, I figured some others might benefit from this patch. It allows you to use the samba style @netgroup names in hosts allow and hosts deny. I've tested it on solaris and linux with no apparent problems.. I'll get rid of the static string in a couple of days when I have to worry about trying to get this into prod .. but with any luck someone else may have done that for me.. :) --- access.c2003-07-30 16:12:27.0 +1000 +++ ../rsync-2.6.0-Linux/access.c 2004-01-31 23:15:37.0 +1100 @@ -22,10 +22,31 @@ */ #include rsync.h +#include netdb.h static int match_hostname(char *host, char *tok) { + char netgroup[512]; + char *machinep; + char *userp; + char *domainp; + + if(strlen(tok)){ + if(tok[0]=='@'){ + strcpy(netgroup, ); + sscanf(tok, @%s, netgroup); + setnetgrent(netgroup); + while(getnetgrent(machinep, userp, domainp)){ + if(machinep!=NULL){ + if(strcmp(host, machinep)==0){ + return(1); + } + } + } + } + } if (!host || !*host) return 0; return wildmatch(tok, host); } Travis http://www.deakin.edu.au/~travis/sig.html -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: netgroups patch for rsync 2.6.0
On Sat, Jan 31, 2004 at 11:39:11PM +1100, Travis Freeland wrote: G'day, I figured some others might benefit from this patch. It allows you to use the samba style @netgroup names in hosts allow and hosts deny. I've tested it on solaris and linux with no apparent problems.. I'll get rid of the static string in a couple of days when I have to worry about trying to get this into prod .. but with any luck someone else may have done that for me.. :) Very nice idea and good of you to produce a patch. With improvements this would have a good chance of inclusion. This would have to be conditional on an #ifdef from autoconf regarding the existance of netgroups. The code could be tightened a bit. To start with, the sscanf is unnecessary. I've not done any netgroup programming and lack manpages but it seems that iterating over getnetgrent() is the wrong approach, especially since netgroup uses recursive data, and something like a single call to innetgr() would be more appropriate. It seems to me that if we are to add netgroups it should also apply to auth users as well. And given the selectivity of netgroups the user authorization should permit the by-host restrictions. -- J.W. SchultzPegasystems Technologies email address: [EMAIL PROTECTED] Remember Cernan and Schmitt -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html