[augeas-devel] adjustment to the krb5.aug lense

Wed Aug 1 15:06:26 UTC 2012

On 08/01/2012 09:22 AM, Raphaël Pinson wrote:
> Hi Pat,
>
> Sorry for the long delay in replying to you.

No worries, I've been busy too!
>
>
> On Thu, Apr 19, 2012 at 11:47 PM, Pat Riehecky <riehecky at fnal.gov 
> <mailto:riehecky at fnal.gov>> wrote:
>
>
>     (Apologies for the return of this old thread, but the history
>     seemed to help provide context)
>
>     I've almost got this working the way I think it should and reading
>     my site's krb5.conf.  The only remaining issue I'm running into is
>     with 'default_tgs_enctypes'.  I'd love to get it into a sequence,
>     but I can't seem to figure out how.  The attached patch gets me
>     really close, where I've got a sequence called 'type' under
>     default_tgs_enctypes, but the extra part of the tree seems to be
>     extra rather than useful, plus it seems to make setting those
>     things a bit messy when it wasn't before - Was
>     /files/etc/krb5.conf/libdefaults/default_tgs_enctypes = 'thing' my
>     changes make
>     /files/etc/krb5.conf/libdefaults/default_tgs_enctypes/type[x] =
>     'thing' which is not right.....
>
>
>
> The patch you attached leads to an ambiguity:
>
> $ augparse -I . krb5.aug
> Syntax error in lens definition
> krb5.aug:49.0-53.87:Failed to compile libdefaults
> krb5.aug:47.26-.71:exception: ambiguous iteration
>       Iterated regexp: /([a-zA-Z0-9]+-[a-zA-Z0-9]+-[a-zA-Z0-9]+)([ \t,]*)/
>       'A-A-AAA-A-A' can be split into
>       'A-A-A|=|AA-A-A'
>
>      and
>       'A-A-AA|=|A-A-A'
>
>     Iterated lens: krb5.aug:47.26-.70:
>
Hmmm, this is quite the puzzle.

When one value is specified ('A-A-A') it is followed by a new line, read 
terminates, no problem.  When multiples are set they are delimited by 
spaces, tabs, commas, or a combination of all three.  However, the one 
at the end may or may not have a trailing delimiter.  So I'm not sure I 
can enforce delimiters to separate the items.

Currently the third item ('A-A-B', the B) seems to be limited to 3 or 4 
characters with a minimum of 3, but it appears that a smaller one is 
possible.  Grumble....  All of these appear to be valid entries: 
rc4-hmac arcfour-hmac arcfour-hmac-md5 aes128-cts des3-cbc-sha1 rc4-hmac 
des-cbc-md5 des-cbc-crc

Can augeas do word boundaries?  Most of my regex is perl style rather 
than POSIX  That should solve the ambiguity but my googling is only 
turning up perl style....

>
>     If I may ask three questions:
>
>     So what can I do to get the sequence to populate when there are
>     multiple items, but not when there are not?
>     And how do I use the regex match for the sequence name?
>     Is my attempt at a fix even on the right track?
>
>
>
> If you mean to generate an array only where there is more than one 
> element, and use a fix value otherwise, dynamically, then it's a 
> rather bad idea, since it will make it hard to add a second value to 
> an existing unique one.
>
> However, if supporting arrays vs single values is linked to specific 
> keys, they you could explicitely split the cases to have a lens for 
> array entries and another lens for simple entries. This is already 
> done in quite a few modules.
>
I'll look more closely into the second option here.  May I request a 
module to pattern my code after?

Pat