From 114f01fa19916d34107f90446562447dd1e1c398 Mon Sep 17 00:00:00 2001 From: Soner Tari Date: Thu, 7 Oct 2021 12:22:36 +0300 Subject: [PATCH] Fix missing all desc rules without user spec If no user specified in an all desc (desc *) rule, we should set all_user, otherwise the rule cannot be translated to data structs, they go missing. --- src/filter.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/filter.c b/src/filter.c index e36618a..fed21e3 100644 --- a/src/filter.c +++ b/src/filter.c @@ -1779,11 +1779,14 @@ filter_rule_translate(opts_t *opts, const char *name, int argc, char **argv, int return -1; #ifndef WITHOUT_USERAUTH if (equal(argv[i], "user") || equal(argv[i], "desc")) { + // The existence of user or desc should increment precedence, all_users or not + // user spec is more specific than ip spec + rule->action.precedence++; + if (equal(argv[i], "user")) { if ((i = filter_arg_index_inc(i, argc, argv[i], line_num)) == -1) return -1; - rule->action.precedence++; rule->all_users = filter_is_all(argv[i]); if (!rule->all_users) { @@ -1799,7 +1802,12 @@ filter_rule_translate(opts_t *opts, const char *name, int argc, char **argv, int if ((i = filter_arg_index_inc(i, argc, argv[i], line_num)) == -1) return -1; - if (!filter_is_all(argv[i])) { + if (filter_is_all(argv[i])) { + if (!rule->user) { + rule->all_users = 1; + } + } + else { rule->exact_desc = filter_is_exact(argv[i]); if (filter_field_set(&rule->desc, argv[i], line_num) == -1) return -1;