[16929] in Kerberos-V5-bugs
[krbdev.mit.edu #9120] profile final flag limitations
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Fri Apr 12 16:57:19 2024
From: "Greg Hudson via RT" <rt-comment@kerborg-prod-app-1.mit.edu>
In-Reply-To:
Message-ID: <rt-4.4.3-2-1528752-1712955432-492.9120-4-0@kerborg-prod-app-1.mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #9120":;
Date: Fri, 12 Apr 2024 16:57:12 -0400
MIME-Version: 1.0
Reply-To: rt-comment@kerborg-prod-app-1.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
Fri Apr 12 16:57:12 2024: Request 9120 was acted upon.
Transaction: Ticket created by ghudson@mit.edu
Queue: krb5
Subject: profile final flag limitations
Owner: Nobody
Requestors: ghudson@mit.edu
Status: new
Ticket <URL: http://kerborg-prod-app-1.mit.edu/rt/Ticket/Display.html?id=9120 >
The profile library supports setting the final flag on a node by placing a "*"
character after the tag part of an assignment or after a close bracket (for a
section) or a brace (for a subsection). The general idea is to ignore further
assignments to the section, subsection, or relation. There are two important
limitations of the final flag implementation which render it minimally useful:
1. It is only checked when deciding whether to proceed from one file data
object to the next during node iteration. It does not suppress further
assignments within the same profile file, or within files included via
"include" or "includedir" directives.
2. Although there is support for setting the flag on relations, it has no
effect there; it only works on sections and subsections.
Additionally, there is no way to set the final flag via the profile write APIs
(profile_add_relation() etc.), only via parsing. This may not matter in some
ideal interpretations of the profile model, as write operations could be
taken to apply strictly post-parsing. It does matter if profile writes
continue to affect only the first file in a multi-file profile, or if we add
the ability to compose profiles.
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
