The file login.access(5) can be used to restrict access for users coming from certain remote hosts, or on certain local terminals. For example, we have some users who are allowed to log in from virtual terminals only. However, it is tedious and error-prone to list all of the terminal devices in the file. The entry has to look like this: +:foo bar:ttyv0 ttyv1 ttyv2 ttyv3 ttyv4 ttyv5 ttyv6 ttyv7 +:foo bar:ttyv8 ttyv9 ttyva ttyvb ttyvc ttyvd ttyve ttyvf Th patch presented in this PR allows to use patterns like those used by the bourne shell (using wildcards "*", "?" and "["). The above entry is now much easier: +:foo bar:ttyv? Similarly, "ttyd?" can be used to restrict all of the serial dial-in lines. The patch is quite simple. Basically I just replaced the strcasecmp(3) function with fnmatch(3). Normally, the special wildcard characters ("*", "?", "[") don't appear in terminal device names, and they're also forbidden in host names, so there shouldn't be any regression cases. The login.access(5) file is used at three different places in the FreeBSD source tree: in src/usr.bin/login, in src/lib/libpam/modules/pam_login_access, and in src/cryp- to/heimdal/appl/login. The latter is third-party software, so I'm not sure if it's appropriate to patch it in the FreeBSD source tree. However, for consistency, I patched it in the same way and include the patch below for your consideration. The patch set also includes updates to the manual pages which describe the feature, and also a clarification that all matches are performed in a case-insensitive way. (The latter is even true without my patch, but that behaviour was undocumented.) How-To-Repeat: n/a
For bugs matching the following criteria: Status: In Progress Changed: (is less than) 2014-06-01 Reset to default assignee and clear in-progress tags. Mail being skipped
Keyword: patch or patch-ready – in lieu of summary line prefix: [patch] * bulk change for the keyword * summary lines may be edited manually (not in bulk). Keyword descriptions and search interface: <https://bugs.freebsd.org/bugzilla/describekeywords.cgi>