Darren J Moffat wrote:
> verma wrote:
>> Hi all,
>>
>> I tried the following program for my learning purpose on i386 machine.
>> The getexecuser() works fine but match_execattr() failed.
>> Could any one help me to sort out this problem. I think there are some
>> problem in passing the arguments of match_execattr().
>> my output is:
>> Profile Name = Printer Management
>> Profile Type = cmd
>> Policy = suser
>> match_execattr() fail
>> match_execattr:: Error 0
>
> I believe you may have found a bug in the implementaiton of
> match_execattr().
>
> http://src.opensolaris.org/source/xref/zfs-crypto/gate/usr/src/lib/libsecdb/common/getexecattr.c#187
>
> I think there is a missing "break" or "return (execp)" at line 198 (ie
> inside the for loop for the case where the if statement *did* match).
>
Yes, the code in match_execattr() is wrong. I just filed CR 6701622.
I speculate that the bug has gone unnoticed for so long because there
are no callers of match_execattr() in OpenSolaris. That's because it
usually isn't needed.
In the example program that demonstrated this problem, you could simply
use the pointer returned by getexecuser() without ever calling
match_execattr(). The latter function is only needed if getexecuser()
returns multiple matches and you need to further refine the matching
criteria. If you just want the first match, call getexecuser() with GET_ONE.
Scott
