[Bug 1315] New: Match Group does not support negation
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Thu May 17 17:48:28 EST 2007
http://bugzilla.mindrot.org/show_bug.cgi?id=1315
Summary: Match Group does not support negation
Product: Portable OpenSSH
Version: 4.6p1
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: sshd
AssignedTo: bitbucket at mindrot.org
ReportedBy: wknox at mitre.org
Created an attachment (id=1283)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1283)
Suggested patch
A Match conditional with a Group keyword does not support negation of
groups (i.e. don't apply if the person is a member of the named group).
The following patch adds this functionality. A small change to wording
on line 534 of servconf.c is also in order, but I haven't added that. I
also did not check to see if this causes any major headaches with
AllowGroups or DenyGroups, which also use the modified function
(ga_match), but I don't believe it should. The one assumption which
should be spelled out is that if you get a negation match, that is a
breaker which causes further matching to stop.
--
Configure bugmail: http://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list