[Bug 1043] Trusted IRIX Support

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat May 21 13:17:09 EST 2005


http://bugzilla.mindrot.org/show_bug.cgi?id=1043





------- Additional Comments From dtucker at zip.com.au  2005-05-21 13:17 -------
(From update of attachment 919)
For the most part, it looks pretty good.  The platform-specific bits are where
they're supposed to be and the code looks OK.  I can't comment on it's
functionality since I don't know IRIX at all.

There's a few minor stylistic things.  If you haven't already, please take a
look at http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9

>+         AC_DEFINE(WITH_IRIX_CAP)
>+         AC_DEFINE(WITH_IRIX_MAC)

We're slowly moving toward the 3-arg form of AC_DEFINE rather than acconfig.h
entries, eg:
	   AC_DEFINE(WITH_IRIX_MAC, 1, [Use IRIX MAC Label support])

>+ #ifdef WITH_IRIX_CAP
>+ void
>+ irix_set_cap(const char * cap_string)
>+ {
>+         cap_t running_cap;
>+         if(cap_string == NULL)

Most of the code (and the examples in style(9) have a blank line after variable
declarations.

>+                 fatal("irix_set_cap received NULL for input!");
>+         if(sysconf(_SC_CAP) != 0) {

ditto space after "if".

>--- openssh-4.0p1.trix/session.c        Thu May 12 13:03:23 2005
[...]
>+ #ifdef WITH_IRIX_CAP
>+         /* Set the user's capabilities before running their RC files!!
>+            Only if we won't use login(1), as login handles setting
>+            capabilities itself */
>+         if (!options.use_login) {
>+                 if(child_get_env(env,"CAP") == NULL)
>+                         irix_set_cap("all=");
>+                 else
>+                         irix_set_cap(child_get_env(env,"CAP"));
>+         }
>+ #endif /* WITH_IRIX_CAP */

This is OK for now.  Some time in the future, we're going to attempt to factor
out the platform specific code that does things like this on various platforms,
in an attempt to make the main code easier to sync and maintain.  At that time,
this could be moved to platform_set_credentials() or whatever it ends up being
called.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list