[16122] in Kerberos_V5_Development
Re: Profile include support
daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Aug 23 17:38:01 2010
From: Greg Hudson <ghudson@mit.edu>
To: Russ Allbery <rra@stanford.edu>
In-Reply-To: <874oeldrku.fsf@windlord.stanford.edu>
Date: Mon, 23 Aug 2010 17:37:48 -0400
Message-ID: <1282599468.8066.1310.camel@ray>
Mime-Version: 1.0
Cc: "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Mon, 2010-08-23 at 16:03 -0400, Russ Allbery wrote:
> > Note that because of the profile library architecture, it cannot
> > generate extended errors.
> That's sufficiently bad that I think you should consider finding some way
> to fix that as part of this work.
After looking at the profile code a bit, I think that's about a 3x
expansion in scope. The least invasive approach would be to create a
new variant of profile_init() which takes a struct errinfo * argument,
and then to revise a bunch of internal APIs so that it can be used by
the bottom-level code which does the actual parsing.
I'm still pondering whether I think my schedule can accomodate that
amount of scope creep.
> For the record, most software that I'm familiar with implements only
> include <file> and include <directory>, where the latter includes
> every file in the directory except for those meeting some exclusion
> criteria [...]
I think that would be fine, and I hadn't considered it; I had assumed
globbing support was the only good way to avoid including .rpmsave and ~
files.
That approach is probably more code than using glob() (though, of
course, much less code than implementing glob() on any hypothetical
platforms which don't have it). It does have the virtue of simplifying
the error cases.
> We recently ran into a bug that took us a full day to track down to
> krb5.conf not being world-readable; at no point did we get useful
> error messages out of the version of Kerberos being used (whatever
> came with RHEL 4, I believe).
That's probably a bug. profile_init() treats ENOENT, EACCESS, and EPERM
as non-fatal errors, when it should probably only treat ENOENT as
non-fatal. I'll fix that right now since it's a one-liner.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
