Hi,
during my work on pam_hbac I ran into some issues in libipa_hbac that I
would like to fix. And before doing the work I wanted to check if anyone
is opposed to these changes.
I would like to:
1) Stop using C99 in libipa_hbac. pam_hbac can run on old and/or
strange platforms that don't support C99 compilers.
2) Stop using sss_utf8_case_eq unconditionally and rather use an
externally-provided function, a bit like we already set the debug
function. I was thinking even about creating hbac_init() that
would accept these functions and return a context which would then
be passed to other libipa_hbac functions, but this would be an API
break. Alternatively, we could just use a function setter, I just think
the context might be clearer..and IIRC the C libipa_hbac API is used
only by the python bindings at the moment.
3) Also add a private context to the debug function to pass
additional data. Again, this is an API break. If the other
developers don't like changing the API, we can alternatively add
hbac_enable_debug_ex() with the private pointer.
4) Do not include header files from the sssd deamon tree at all.
5) Move the hbac_evaluator.c and ipa_hbac.h files from
src/providers/ipa/ to src/lib/libipa_hbac. This is already the same
as the idmapping library.
6) Some minor enhancements: Fixes to doxygen comments and change
some internally-used errno codes that might not exist on all
platforms (ENOMATCH)
I would welcome other's opinion, especially on the API break..
_______________________________________________
sssd-devel mailing list
[email protected]
https://lists.fedorahosted.org/admin/lists/[email protected]
