[17283] in Kerberos_V5_Development
Re: NSS for PKINIT, in-progress patches available, feedback sought
daemon@ATHENA.MIT.EDU (Greg Hudson)
Tue Oct 11 13:37:23 2011
Message-ID: <4E947ED0.6060307@mit.edu>
Date: Tue, 11 Oct 2011 13:37:20 -0400
From: Greg Hudson <ghudson@mit.edu>
MIME-Version: 1.0
To: "nalin@redhat.com" <nalin@redhat.com>
In-Reply-To: <4E9372BB.2080601@mit.edu>
Cc: "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On 10/10/2011 06:33 PM, Greg Hudson wrote:
> I'm actually not sure where SECMOD_LoadUserModule looks for relative
> paths.
It appears to translate into a straight dlopen() call on Unix. On
Linux, dlopen() consults the rpath or runpath values in... something (I
can't figure out what exactly, but in my tests it was checking an rpath
value which either came from the pkinit module object or an NSS library,
since none was set on krb5kdc or the nspr library).
Anyway, I assume this problem will go away if and when nsspem becomes a
built-in module for NSS, so let's ignore this problem for now.
In a line-by-line review, I found just one more problem: don't use
strcpy, strcat, or sprintf, even safely; use strlcpy, strlcat, or
snprintf instead. (k5-platform.h and libkrb5support ensure the
availability of those functions.)
http://k5wiki.kerberos.org/wiki/Coding_style/Practices#String_Handling
If you fix those and modify the nsspem loading code to use
PR_GetLibraryName, I should be able to commit this.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
