allow shell wildcards in auth users lines

2 files changed, 10 insertions, 9 deletions

diff --git a/authenticate.c b/authenticate.c
index 9aae72d3..40582201 100644
--- a/authenticate.c
+++ b/authenticate.c
@@ -234,12 +234,12 @@ char *auth_server(int fd, int module, char *addr, char *leader)
 	if (sscanf(line,"%99s %29s", user, pass) != 2) {
 		return NULL;
 	}
-
+	
 	users = strdup(users);
 	if (!users) return NULL;
 
 	for (tok=strtok(users," ,\t"); tok; tok = strtok(NULL," ,\t")) {
-		if (strcmp(tok, user) == 0) break;
+		if (fnmatch(tok, user, 0) == 0) break;
 	}
 	free(users);
 
diff --git a/rsyncd.conf.yo b/rsyncd.conf.yo
index 6977d12a..4673b53c 100644
--- a/rsyncd.conf.yo
+++ b/rsyncd.conf.yo
@@ -208,13 +208,14 @@ on the server that contains include patterns, one per line. This is
 equivalent to the client specifying the --include-from option with a
 equivalent file.
 
-dit(bf(auth users)) The "auth users" option specifies a comma
-and space separated list of usernames that will be allowed to connect
-to this module. The usernames do not need to exist on the local
-system. If "auth users" is set then the client will be challenged to
-supply a username and password to connect to the module. A challenge
-response authentication protocol is used for this exchange. The plain
-text usernames are passwords are stored in the file specified by the
+dit(bf(auth users)) The "auth users" option specifies a comma and
+space separated list of usernames that will be allowed to connect to
+this module. The usernames do not need to exist on the local
+system. The usernames may also contain shell wildcard characters. If
+"auth users" is set then the client will be challenged to supply a
+username and password to connect to the module. A challenge response
+authentication protocol is used for this exchange. The plain text
+usernames are passwords are stored in the file specified by the
 "secrets file" option. The default is for all users to be able to
 connect without a password (this is called "anonymous rsync").