From: Theo de Raadt (deraadtcvs.openbsd.org)
Date: Wed Jan 02 2008 - 14:44:20 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> I don't think it is a stupid idea, and we have argued over doing something
> similar for LDAP. We argued because it is quite tricky to get right.
> Some things to consider:
>
> - How do you handle your socket being closed and its fd reused from
> under you? E.g. if an application calls closefrom() and then
> subsequently opens some files. You should consider using a datagram
> socket (with retry logic) or not hold the connection open. Basically,
> your socket FD *must* be completely invisible to a getpw*-using
> application.

Actually, it is a lot simpler than that.

You must close your socket, unless something like setpwent() has been
used to say that you can keep it open.

Look at the YP code to see how it does this.

> - What do you do when the socket is not listening? (you should probably
> fall back to pwd.db lookups).

Lookups should be handled same way as YP does it now. For YP we use a
+ marker in the file. I recommend another marker to indicate "use the
other subsystem". It is simpler that way to get deterministic
behaviour.

> - What do you do if the socket does not respond in time? How do you figure
> this out?
> - How do apps know to use the socket at all? Do they always try it?

Best to use a passwd file marker.

> - How does your scheme work with chroot applications?

I already privately mentioned that to him, as well.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]