FreeBSD Bugzilla – Attachment 128967 Details for
Bug 172888
[patch] authpf(8) feature enhancement
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
file.diff
file.diff (text/plain), 2.48 KB, created by
Frank Timmers
on 2012-10-19 23:50:00 UTC
(
hide
)
Description:
file.diff
Filename:
MIME Type:
Creator:
Frank Timmers
Created:
2012-10-19 23:50:00 UTC
Size:
2.48 KB
patch
obsolete
>diff -up contrib/pf/authpf.orig/authpf.8 contrib/pf/authpf/authpf.8 >--- contrib/pf/authpf.orig/authpf.8 2012-01-03 04:24:44.000000000 +0100 >+++ contrib/pf/authpf/authpf.8 2012-10-20 00:42:15.000000000 +0200 >@@ -139,14 +139,20 @@ Filter and translation rules are stored > .Pa authpf.rules . > This file will first be searched for in > .Pa /etc/authpf/users/$USER/ >-and then in >+, then in >+.Pa /etc/authpf/groups/$GROUP/ >+and finally in > .Pa /etc/authpf/ . >-Only one of these files will be used if both are present. >+Only the the first found file will be used. > .Pp > Per-user rules from the > .Pa /etc/authpf/users/$USER/ > directory are intended to be used when non-default rules > are needed on an individual user basis. >+Per-group rules from the >+.Pa /etc/authpf/groups/$GROUP/ >+directory are intended to be used when non-default rules >+are needed on a group basis. > It is important to ensure that a user can not write or change > these configuration files. > .Pp >diff -up contrib/pf/authpf.orig/authpf.c contrib/pf/authpf/authpf.c >--- contrib/pf/authpf.orig/authpf.c 2012-01-03 04:24:44.000000000 +0100 >+++ contrib/pf/authpf/authpf.c 2012-10-20 00:44:58.000000000 +0200 >@@ -758,6 +758,12 @@ change_filter(int add, const char *l_use > > if (add) { > struct stat sb; >+ struct group *grent; >+ if((grent = getgrgid(getgid())) == NULL) { >+ syslog(LOG_ERR, "group id %d for user %s is ot found in groupfile!", >+ getgid(), luser); >+ } >+ > char *pargv[13] = { > "pfctl", "-p", "/dev/pf", "-q", "-a", "anchor/ruleset", > "-D", "user_id=X", "-D", "user_ip=X", "-f", "file", NULL >@@ -781,8 +787,12 @@ change_filter(int add, const char *l_use > goto no_mem; > if (stat(fn, &sb) == -1) { > free(fn); >- if ((fn = strdup(PATH_PFRULES)) == NULL) >+ if(asprintf(&fn, "%s/%s/authpf.rules", PATH_GROUP_DIR, grent->gr_name) == -1) > goto no_mem; >+ if(stat(fn, &sb) == -1) { >+ if ((fn = strdup(PATH_PFRULES)) == NULL) >+ goto no_mem; >+ } > } > pargv[2] = fdpath; > pargv[5] = rsn; >diff -up contrib/pf/authpf.orig/pathnames.h contrib/pf/authpf/pathnames.h >--- contrib/pf/authpf.orig/pathnames.h 2012-01-03 04:24:44.000000000 +0100 >+++ contrib/pf/authpf/pathnames.h 2012-10-20 00:42:15.000000000 +0200 >@@ -31,6 +31,7 @@ > #define PATH_PROBLEM "/etc/authpf/authpf.problem" > #define PATH_MESSAGE "/etc/authpf/authpf.message" > #define PATH_USER_DIR "/etc/authpf/users" >+#define PATH_GROUP_DIR "/etc/authpf/groups" > #define PATH_BAN_DIR "/etc/authpf/banned" > #define PATH_DEVFILE "/dev/pf" > #define PATH_PIDFILE "/var/authpf"
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=128967">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 172888
: 128967