Hi Abhilash,
Thanks for contributing to OHAC. Please find my comments below:
1. It would be good to have #def variables in capitals. aka ., #define USER
"user"
2. I doubt if this code will work as desired.
249 if (errno == ERANGE) {
250 ds_internal_error("Data buffer for user %s "
251 "is not big enough",
user_name_st->val.val_str);
252 if (print_messages) {
253 (void) fprintf(stderr,
254 gettext("Data buffer for user %s "
255 "is not big enough.\n"),
256 user_name_st->val.val_str);
257 }
You are not returning here. Do you want to continue even with an error? For
this, you could move return statement to line # 270. ie. after the closing
brace.
268 return (1);
269 }
Where are you getting this "errno" from?
3. In the same code snip above, you are using ds_internal_error in the "if"
part and scds_syslog in the else part. Any specific reason?
4. /* Gets the username from the command line */
562 strcpy(user_name, user_name_st->val.val_str);
You may want to add (void) before this statement. Also, I feel it would be
better to do a strncpy with size as SCDS_ARRAY_SIZE.
5. I do not see any debug statements in the code. You may want to include some.
6. Please check the indentations properly.
7. Lastly, I would suggest you to do negative testing as well. Just doing
positive testing, may not help. Problems can be seen only in negative testing.
Thanks,
Swathi
----- Original Message -----
From: "Abhilash T.G" <abhi.t...@gmail.com>
Date: Wednesday, November 5, 2008 9:32 am
Subject: [ha-clusters-discuss] CR-6530498
To: clusters <ha-clusters-discuss at opensolaris.org>
> Hello,
>
> I am Abhilash T.G (OS0183). I have done the CR-6530498. The
> changes can
> be viewed at
> http://cr.opensolaris.org/~hari.sun/DNS_non-root_user_prop/webrev/
>
> The synopsis is ....
>
> *Bug ID* 6530498 *Synopsis* HA DNS should provide a property
> to allow
> the DNS service to be run as a non-root user *State*
> 1-Dispatched(Default State)
> *Category:Subcategory* suncluster:ha-dns *Keywords* DNS |
> named |
> non-root | oss-bite-size | oss-request | user *Sponsor*
> *Submitter*
> *Reported Against*
> *Duplicate Of*
> *Introduced In*
> *Commit to Fix*
> *Fixed In*
> *Release Fixed*
> *Related Bugs*
> *Submit Date* 02-MAR-2007 *Last Update Date* 20-DEC-2007 *
> Description*
>
> Customer request via the Sun Cluster forum:
>
> I'd like the DNS HA Agent for Sun Cluster 3.2 to be modified so that
> the admin can choose to run BIND as a
> non-root user ie. named. This functionality is desirable for security
> reasons, as it gives the admin a layer of protection in
> the event that BIND is compromised. As a non-root process, it
> won't be
> capable of doing
> as much damage as a compromised root process could. This behaviour is
> similar to how Apache works, and is already
> available by specifying "-u <userid>" when starting BIND from the
> command line, or setting 'user'
> and 'group' in method_credential in the SMF manifest.
>
>
>
>
>
>
>
>
>
> *Work Around*
>
> N/A
>
>
>
> My Sponsor Harish has done the testing...
>
> I request you all to please review the changes.
>
> Regards
> Abhilash
>
> --
> Have the courage to follow your heart and intuitions, they somehow
> alreadyknow what you truly wants
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mail.opensolaris.org/pipermail/ha-clusters-discuss/attachments/20081105/8c298391/attachment.html>
