[Freeipa-devel] [PATCH] first version of LOCAL pam backend
Sumit Bose
sbose at redhat.com
Mon Mar 2 15:33:23 UTC 2009
Martin Nagy schrieb:
> On Mon, 02 Mar 2009 13:14:38 +0100, Sumit Bose <sbose at redhat.com> wrote:
>
>> Hi,
>>
>> please find enclosed a first version of the pam backend for the LOCAL
>> domain.
>>
>> - currently authenticate, chauthtok and acct_mgmt work
>> - so far only glibc compatible sha512 passwords are used
>> - NSS is used for sha512 and random number generation
>> - currently I use direct libldb calls to be able to test things, I
>> will change this when Simo's work on sysdb is done
>>
>> bye,
>> Sumit
>
> Hi, I didn't review the patch, but I have one tip:
> I'd personally change NEQ_CHECK_OR_JUMP macro to something like this:
> #define CHECK(expr, msg) do { \
> if ((expr)) { \
> DEBUG(1, (msg)); \
> pam_status = PAM_SYSTEM_ERR; \
> goto done; \
> } \
> } while (0)
>
> Same for NULL_CHECK_OR_JUMP:
> #define CHECK_NULL(var, msg) CHECK((var) == NULL, (msg))
>
> It's less flexible, but also much less verbose, you just need to stick
> to one convention, which you already are doing. Names are of course
> just my opinion, but I wouldn't make them too long. If it's a commonly
> used macro, people reading the code will remember what it does.
>
I basically took CONFDB_ZERO_CHECK_OR_JUMP from confdb.c and added a
debug message. After I have applied the sysdb changes I will try to
simplify the macros as you suggested. Thanks.
bye,
Sumit
More information about the Freeipa-devel
mailing list