[SCM] The rsync repository. - branch master updated
Rsync CVS commit messages
rsync-cvs at lists.samba.org
Mon Jul 13 02:46:37 UTC 2020
The branch, master has been updated
via 2f130496 Add "@netgroup" names to host matching.
from af531cf7 Add the --stop-after & --stop-at options.
https://git.samba.org/?p=rsync.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 2f130496008394de7436fc3bb17bf37e0d72c4ba
Author: Wayne Davison <wayne at opencoder.net>
Date: Sun Jul 12 19:15:50 2020 -0700
Add "@netgroup" names to host matching.
-----------------------------------------------------------------------
Summary of changes:
NEWS.md | 3 +++
access.c | 5 +++++
configure.ac | 2 +-
rsyncd.conf.5.md | 16 +++++++++-------
4 files changed, 18 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/NEWS.md b/NEWS.md
index 30a74128..a545af1f 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -25,6 +25,9 @@
`--time-limit=MINS` option accepted as an alias for `--stop-after`). This
is an enhanced version of the time-limit patch from the patches repo.
+ - Added the ability to specify "@netgroup" names to the `hosts allow` and
+ `hosts deny` daemon parameters.
+
- Added some compatibility code for HPE NonStop platforms.
### INTERNAL:
diff --git a/access.c b/access.c
index d7bf01cc..39a7752a 100644
--- a/access.c
+++ b/access.c
@@ -34,6 +34,11 @@ static int match_hostname(const char **host_ptr, const char *addr, const char *t
if (!host || !*host)
return 0;
+#ifdef HAVE_INNETGR
+ if (*tok == '@' && tok[1])
+ return innetgr(tok + 1, host, NULL, NULL);
+#endif
+
/* First check if the reverse-DNS-determined hostname matches. */
if (iwildmatch(tok, host))
return 1;
diff --git a/configure.ac b/configure.ac
index fac166c8..d9636962 100644
--- a/configure.ac
+++ b/configure.ac
@@ -822,7 +822,7 @@ AC_FUNC_UTIME_NULL
AC_FUNC_ALLOCA
AC_CHECK_FUNCS(waitpid wait4 getcwd chown chmod lchmod mknod mkfifo \
fchmod fstat ftruncate strchr readlink link utime utimes lutimes strftime \
- chflags getattrlist mktime \
+ chflags getattrlist mktime innetgr \
memmove lchown vsnprintf snprintf vasprintf asprintf setsid strpbrk \
strlcat strlcpy strtol mallinfo getgroups setgroups geteuid getegid \
setlocale setmode open64 lseek64 mkstemp64 mtrace va_copy __va_copy \
diff --git a/rsyncd.conf.5.md b/rsyncd.conf.5.md
index 11f77cb0..8b696b40 100644
--- a/rsyncd.conf.5.md
+++ b/rsyncd.conf.5.md
@@ -685,7 +685,7 @@ the values of parameters. See the GLOBAL PARAMETERS section for more details.
client's hostname and IP address. If none of the patterns match, then the
connection is rejected.
- Each pattern can be in one of five forms:
+ Each pattern can be in one of six forms:
- a dotted decimal IPv4 address of the form a.b.c.d, or an IPv6 address of
the form a:b:c::d:e:f. In this case the incoming machine's IP address
@@ -705,6 +705,8 @@ the values of parameters. See the GLOBAL PARAMETERS section for more details.
connecting IP (if "reverse lookup" is enabled), and/or the IP of the
given hostname is matched against the connecting IP (if "forward lookup"
is enabled, as it is by default). Any match will be allowed in.
+ - an '@' followed by a netgroup name, which will match if the reverse DNS
+ of the connecting IP is in the specified netgroup.
Note IPv6 link-local addresses can have a scope in the address
specification:
@@ -713,12 +715,12 @@ the values of parameters. See the GLOBAL PARAMETERS section for more details.
> fe80::%link1/64
> fe80::%link1/ffff:ffff:ffff:ffff::
- You can also combine "hosts allow" with a separate "hosts deny" parameter.
- If both parameters are specified then the "hosts allow" parameter is
- checked first and a match results in the client being able to connect. The
- "hosts deny" parameter is then checked and a match means that the host is
- rejected. If the host does not match either the "hosts allow" or the
- "hosts deny" patterns then it is allowed to connect.
+ You can also combine "hosts allow" with "hosts deny" as a way to add
+ exceptions to your deny list. When both parameters are specified, the
+ "hosts allow" parameter is checked first and a match results in the client
+ being able to connect. A non-allowed host is then matched against the
+ "hosts deny" list to see if it should be rejected. A host that does not
+ match either list is allowed to connect.
The default is no "hosts allow" parameter, which means all hosts can
connect.
--
The rsync repository.
More information about the rsync-cvs
mailing list