"GOT", but the "O" is a cute, smiling pufferfish. Index | Thread | Search

From:
Omar Polo <op@omarpolo.com>
Subject:
Re: gotd: support UIDs in the `user' directive
To:
Omar Polo <op@omarpolo.com>
Cc:
gameoftrees@openbsd.org
Date:
Mon, 05 Aug 2024 20:30:35 +0200

Download raw body.

Thread
On 2024/08/05 18:37:32 +0200, Omar Polo <op@omarpolo.com> wrote:
> This adds support to use both user ids in addition to user login names
> in the `user' directive.
> 
> My first attempt was more like `connection limit user' is handled, i.e.
> with gotd_parseuid(), except that I found awkward to parse /etc/passwd
> twice, hence the user_name/user_id split in this diff.

This is conceptually the same but for the `permit'/`deny' rules, as
noticed by PyR3X on IRC.

This also opens the question to do the same for gotwebd, still haven't
cooked a diff for it.

diff /home/op/w/got
commit - 5683b9e3833a68f31b55c7a6c775301934a3012e
path + /home/op/w/got
blob - 5066273319dfa7857e7a994b726d0e9aa7e0b00a
file + gotd/parse.y
--- gotd/parse.y
+++ gotd/parse.y
@@ -133,6 +133,7 @@ typedef struct {
 %token	<v.string>	STRING
 %token	<v.number>	NUMBER
 %type	<v.tv>		timeout
+%type	<v.string>	numberstring
 
 %%
 
@@ -161,6 +162,15 @@ varset		: STRING '=' STRING	{
 		}
 		;
 
+numberstring	: STRING
+		| NUMBER {
+			if (asprintf(&$$, "%lld", (long long)$1) == -1) {
+				yyerror("asprintf: %s", strerror(errno));
+				YYERROR;
+			}
+		}
+		;
+
 timeout		: NUMBER {
 			if ($1 < 0) {
 				yyerror("invalid timeout: %lld", $1);
@@ -711,14 +721,14 @@ repoopts1	: PATH STRING {
 			}
 			free($2);
 		}
-		| PERMIT RO STRING {
+		| PERMIT RO numberstring {
 			if (gotd_proc_id == PROC_AUTH) {
 				conf_new_access_rule(new_repo,
 				    GOTD_ACCESS_PERMITTED, GOTD_AUTH_READ, $3);
 			} else
 				free($3);
 		}
-		| PERMIT RW STRING {
+		| PERMIT RW numberstring {
 			if (gotd_proc_id == PROC_AUTH) {
 				conf_new_access_rule(new_repo,
 				    GOTD_ACCESS_PERMITTED,
@@ -726,7 +736,7 @@ repoopts1	: PATH STRING {
 			} else
 				free($3);
 		}
-		| DENY STRING {
+		| DENY numberstring {
 			if (gotd_proc_id == PROC_AUTH) {
 				conf_new_access_rule(new_repo,
 				    GOTD_ACCESS_DENIED, 0, $2);