From: Omar Polo Subject: Re: gotd: support UIDs in the `user' directive To: Omar Polo Cc: gameoftrees@openbsd.org Date: Mon, 05 Aug 2024 20:30:35 +0200 On 2024/08/05 18:37:32 +0200, Omar Polo wrote: > This adds support to use both user ids in addition to user login names > in the `user' directive. > > My first attempt was more like `connection limit user' is handled, i.e. > with gotd_parseuid(), except that I found awkward to parse /etc/passwd > twice, hence the user_name/user_id split in this diff. This is conceptually the same but for the `permit'/`deny' rules, as noticed by PyR3X on IRC. This also opens the question to do the same for gotwebd, still haven't cooked a diff for it. diff /home/op/w/got commit - 5683b9e3833a68f31b55c7a6c775301934a3012e path + /home/op/w/got blob - 5066273319dfa7857e7a994b726d0e9aa7e0b00a file + gotd/parse.y --- gotd/parse.y +++ gotd/parse.y @@ -133,6 +133,7 @@ typedef struct { %token STRING %token NUMBER %type timeout +%type numberstring %% @@ -161,6 +162,15 @@ varset : STRING '=' STRING { } ; +numberstring : STRING + | NUMBER { + if (asprintf(&$$, "%lld", (long long)$1) == -1) { + yyerror("asprintf: %s", strerror(errno)); + YYERROR; + } + } + ; + timeout : NUMBER { if ($1 < 0) { yyerror("invalid timeout: %lld", $1); @@ -711,14 +721,14 @@ repoopts1 : PATH STRING { } free($2); } - | PERMIT RO STRING { + | PERMIT RO numberstring { if (gotd_proc_id == PROC_AUTH) { conf_new_access_rule(new_repo, GOTD_ACCESS_PERMITTED, GOTD_AUTH_READ, $3); } else free($3); } - | PERMIT RW STRING { + | PERMIT RW numberstring { if (gotd_proc_id == PROC_AUTH) { conf_new_access_rule(new_repo, GOTD_ACCESS_PERMITTED, @@ -726,7 +736,7 @@ repoopts1 : PATH STRING { } else free($3); } - | DENY STRING { + | DENY numberstring { if (gotd_proc_id == PROC_AUTH) { conf_new_access_rule(new_repo, GOTD_ACCESS_DENIED, 0, $2);