[SCM] The rsync repository. - branch master updated

Rsync CVS commit messages rsync-cvs at lists.samba.org
Mon Jul 13 02:46:37 UTC 2020 

The branch, master has been updated
       via  2f130496 Add "@netgroup" names to host matching.
      from  af531cf7 Add the --stop-after & --stop-at options.

https://git.samba.org/?p=rsync.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 2f130496008394de7436fc3bb17bf37e0d72c4ba
Author: Wayne Davison <wayne at opencoder.net>
Date:   Sun Jul 12 19:15:50 2020 -0700

    Add "@netgroup" names to host matching.

-----------------------------------------------------------------------

Summary of changes:
 NEWS.md          |  3 +++
 access.c         |  5 +++++
 configure.ac     |  2 +-
 rsyncd.conf.5.md | 16 +++++++++-------
 4 files changed, 18 insertions(+), 8 deletions(-)


Changeset truncated at 500 lines:

diff --git a/NEWS.md b/NEWS.md
index 30a74128..a545af1f 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -25,6 +25,9 @@
    `--time-limit=MINS` option accepted as an alias for `--stop-after`).  This
    is an enhanced version of the time-limit patch from the patches repo.
 
+ - Added the ability to specify "@netgroup" names to the `hosts allow` and
+   `hosts deny` daemon parameters.
+
  - Added some compatibility code for HPE NonStop platforms.
 
 ### INTERNAL:
diff --git a/access.c b/access.c
index d7bf01cc..39a7752a 100644
--- a/access.c
+++ b/access.c
@@ -34,6 +34,11 @@ static int match_hostname(const char **host_ptr, const char *addr, const char *t
 	if (!host || !*host)
 		return 0;
 
+#ifdef HAVE_INNETGR
+	if (*tok == '@' && tok[1])
+		return innetgr(tok + 1, host, NULL, NULL);
+#endif
+
 	/* First check if the reverse-DNS-determined hostname matches. */
 	if (iwildmatch(tok, host))
 		return 1;
diff --git a/configure.ac b/configure.ac
index fac166c8..d9636962 100644
--- a/configure.ac
+++ b/configure.ac
@@ -822,7 +822,7 @@ AC_FUNC_UTIME_NULL
 AC_FUNC_ALLOCA
 AC_CHECK_FUNCS(waitpid wait4 getcwd chown chmod lchmod mknod mkfifo \
     fchmod fstat ftruncate strchr readlink link utime utimes lutimes strftime \
-    chflags getattrlist mktime \
+    chflags getattrlist mktime innetgr \
     memmove lchown vsnprintf snprintf vasprintf asprintf setsid strpbrk \
     strlcat strlcpy strtol mallinfo getgroups setgroups geteuid getegid \
     setlocale setmode open64 lseek64 mkstemp64 mtrace va_copy __va_copy \
diff --git a/rsyncd.conf.5.md b/rsyncd.conf.5.md
index 11f77cb0..8b696b40 100644
--- a/rsyncd.conf.5.md
+++ b/rsyncd.conf.5.md
@@ -685,7 +685,7 @@ the values of parameters.  See the GLOBAL PARAMETERS section for more details.
     client's hostname and IP address.  If none of the patterns match, then the
     connection is rejected.
 
-    Each pattern can be in one of five forms:
+    Each pattern can be in one of six forms:
 
     - a dotted decimal IPv4 address of the form a.b.c.d, or an IPv6 address of
       the form a:b:c::d:e:f. In this case the incoming machine's IP address
@@ -705,6 +705,8 @@ the values of parameters.  See the GLOBAL PARAMETERS section for more details.
       connecting IP (if "reverse lookup" is enabled), and/or the IP of the
       given hostname is matched against the connecting IP (if "forward lookup"
       is enabled, as it is by default).  Any match will be allowed in.
+    - an '@' followed by a netgroup name, which will match if the reverse DNS
+      of the connecting IP is in the specified netgroup.
 
     Note IPv6 link-local addresses can have a scope in the address
     specification:
@@ -713,12 +715,12 @@ the values of parameters.  See the GLOBAL PARAMETERS section for more details.
     >     fe80::%link1/64
     >     fe80::%link1/ffff:ffff:ffff:ffff::
 
-    You can also combine "hosts allow" with a separate "hosts deny" parameter.
-    If both parameters are specified then the "hosts allow" parameter is
-    checked first and a match results in the client being able to connect. The
-    "hosts deny" parameter is then checked and a match means that the host is
-    rejected. If the host does not match either the "hosts allow" or the
-    "hosts deny" patterns then it is allowed to connect.
+    You can also combine "hosts allow" with "hosts deny" as a way to add
+    exceptions to your deny list.  When both parameters are specified, the
+    "hosts allow" parameter is checked first and a match results in the client
+    being able to connect.  A non-allowed host is then matched against the
+    "hosts deny" list to see if it should be rejected.  A host that does not
+    match either list is allowed to connect.
 
     The default is no "hosts allow" parameter, which means all hosts can
     connect.


-- 
The rsync repository.

More information about the rsync-cvs mailing list