Hi,
I am right now busy with my end semester exam. I will look into all your
suggestions as soon as my exams are over.
Regards
Abhilash
2008/11/6 Swathi Devulapalli <Swathi.Devulapalli at sun.com>
> Hi Abhilash,
>
> Thanks for contributing to OHAC. Please find my comments below:
>
> 1. It would be good to have #def variables in capitals. aka ., #define USER
> "user"
>
> 2. I doubt if this code will work as desired.
>
> *249 if (errno == ERANGE) {*
> *250 ds_internal_error("Data buffer for user %s "*
> *251 "is not big enough",
> user_name_st->val.val_str);*
>
> *252 if (print_messages) {*
> * 253 (void) fprintf(stderr,*
> *254 gettext("Data buffer for user
> %s "*
> *255 "is not big
> enough.\n"),*
> * 256
> user_name_st->val.val_str);*
> *257 }*
> You are not returning here. Do you want to continue even with an error? For
> this, you could move return statement to line # 270. ie. after the closing
> brace.
>
> *268 return (1);*
> *269 }*
> Where are you getting this "errno" from?
>
> 3. In the same code snip above, you are using ds_internal_error in the "if"
> part and scds_syslog in the else part. Any specific reason?
>
> 4. */* Gets the username from the command line */*
>
> *562 strcpy(user_name, user_name_st->val.val_str);*
>
> *You may want to add (void) before this statement. Also, I feel it would
> be better to do a strncpy with size as SCDS_ARRAY_SIZE.*
>
> *5. I do not see any debug statements in the code. You may want to include
> some. *
>
> *6. Please check the indentations properly.*
>
> *7. Lastly, I would suggest you to do negative testing as well. Just doing
> positive testing, may not help. Problems can be seen only in negative
> testing.*
>
> *Thanks,*
>
> *Swathi*
>
>
>
> ----- Original Message -----
> From: "Abhilash T.G" <abhi.tg4u at gmail.com>
> Date: Wednesday, November 5, 2008 9:32 am
> Subject: [ha-clusters-discuss] CR-6530498
> To: clusters <ha-clusters-discuss at opensolaris.org>
>
> > Hello,
> >
> > I am Abhilash T.G (OS0183). I have done the CR-6530498. The
> > changes can
> > be viewed at
> > http://cr.opensolaris.org/~hari.sun/DNS_non-root_user_prop/webrev/<http://cr.opensolaris.org/%7Ehari.sun/DNS_non-root_user_prop/webrev/>
> >
> > The synopsis is ....
> >
> > *Bug ID* 6530498 *Synopsis* HA DNS should provide a property
> > to allow
> > the DNS service to be run as a non-root user *State*
> > 1-Dispatched(Default State)
> > *Category:Subcategory* suncluster:ha-dns *Keywords* DNS |
> > named |
> > non-root | oss-bite-size | oss-request | user *Sponsor*
> > *Submitter*
> > *Reported Against*
> > *Duplicate Of*
> > *Introduced In*
> > *Commit to Fix*
> > *Fixed In*
> > *Release Fixed*
> > *Related Bugs*
> > *Submit Date* 02-MAR-2007 *Last Update Date* 20-DEC-2007 *
> > Description*
> >
> > Customer request via the Sun Cluster forum:
> >
> > I'd like the DNS HA Agent for Sun Cluster 3.2 to be modified so that
> > the admin can choose to run BIND as a
> > non-root user ie. named. This functionality is desirable for security
> > reasons, as it gives the admin a layer of protection in
> > the event that BIND is compromised. As a non-root process, it
> > won't be
> > capable of doing
> > as much damage as a compromised root process could. This behaviour is
> > similar to how Apache works, and is already
> > available by specifying "-u <userid>" when starting BIND from the
> > command line, or setting 'user'
> > and 'group' in method_credential in the SMF manifest.
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > *Work Around*
> >
> > N/A
> >
> >
> >
> > My Sponsor Harish has done the testing...
> >
> > I request you all to please review the changes.
> >
> > Regards
> > Abhilash
> >
> > --
> > Have the courage to follow your heart and intuitions, they somehow
> > alreadyknow what you truly wants
> >
>
--
Have the courage to follow your heart and intuitions, they somehow already
know what you truly wants
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mail.opensolaris.org/pipermail/ha-clusters-discuss/attachments/20081106/9a458250/attachment.html>
