On 2000-09-29 at 18:29 +0200, Phil Pennock gifted us with:
> On 2000-09-29 at 16:56 +0100, Philip Hazel gifted us with:
> > (2) Invent a notional flag that is set for certain options, restricting
> > them to admin users only. This is not a huge amount of work, and I think
> > there are only a few such options:
>
> How much work would it be to change the parser to accept:
> fred_private
> to be option 'fred' but marked as private? A bit like 'nofred'?
>
> Then just let the administrator choose, when they perform the
> configuration.
Patch to allow "secret_fred". You can't use it in combination with
"no_" or "not_" - just use "secret_booloption = no" for that. It's not
extensively tested, but It Seems To Work (tm).
Oh, and the very last bit should probably be ignored - but it does
minimally push vim towards the correct indentation. :^)
-----------------------------< cut here >-------------------------------
--- macros.h.orig Thu Jul 20 13:08:49 2000
+++ macros.h Fri Sep 29 18:42:00 2000
@@ -352,6 +352,7 @@
#define opt_hidden 0x100
#define opt_public 0x200
#define opt_set 0x400
+#define opt_secret 0x800
#define opt_mask 0x0ff
/* Verify types when directing and routing */
--- readconf.c.orig Thu Jul 20 13:08:50 2000
+++ readconf.c Fri Sep 29 19:15:28 2000
@@ -687,6 +687,7 @@
uid_t uid;
gid_t gid;
BOOL boolvalue = TRUE;
+BOOL secretvalue = FALSE;
BOOL freesptr = TRUE;
optionlist *ol, *ol2;
transport_instance *tp;
@@ -728,6 +729,14 @@
offset = 4;
}
+/* Options which only an admin user should be able to see */
+
+if (strncmp(name, "secret_", 7) == 0)
+ {
+ secretvalue = TRUE;
+ offset = 7;
+ }
+
/* Search the list for the given name. A non-existent name, or an option that
is set twice, is a disaster. */
@@ -750,12 +759,18 @@
ol->type |= opt_set;
type = ol->type & opt_mask;
+/* Handle the secret options (only visible to admin users) */
+if (secretvalue)
+ {
+ ol->type |= opt_secret;
+ }
+
/* Types with data values must be followed by '='; the "no[t]_" prefix
applies only to boolean values. */
if (type != opt_bool && type != opt_bool_verify && type != opt_bool_set)
{
- if (offset != 0)
+ if ((offset != 0) && (!secretvalue))
log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
"negation prefix applied to a non-boolean option in line %d",
config_lineno);
@@ -773,7 +788,7 @@
else if (*s != 0)
{
- if (offset != 0)
+ if ((offset != 0) && (!secretvalue))
log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
"extra characters follow boolean value "
"for %s in line %d", name, config_lineno);
@@ -1790,7 +1805,8 @@
for (ol = optionlist_config;
ol < optionlist_config + optionlist_config_size; ol++)
{
- if ((ol->type & opt_hidden) == 0)
+ if (((ol->type & opt_hidden) == 0) &&
+ (((ol->type & opt_secret) == 0) || (admin_user == TRUE)))
print_ol(ol, ol->name, NULL, optionlist_config, optionlist_config_size);
}
return;
@@ -3003,4 +3019,4 @@
}
}
-/* End of readconf.c */
+/* End of readconf.c */ /* vim: set cinoptions=>2{2: */
-----------------------------< cut here >-------------------------------
--
Civilisation: where they cut down the trees and name streets after them.
