"GOT", but the "O" is a cute, smiling pufferfish. Index | Thread | Search

From:
Stefan Sperling <stsp@stsp.name>
Subject:
Re: gotd: support UIDs in the `user' directive
To:
Omar Polo <op@omarpolo.com>
Cc:
gameoftrees@openbsd.org
Date:
Tue, 6 Aug 2024 15:34:50 +0200

Download raw body.

Thread
On Tue, Aug 06, 2024 at 02:33:30PM +0200, Omar Polo wrote:
> On 2024/08/06 08:48:00 +0200, Stefan Sperling <stsp@stsp.name> wrote:
> > On Mon, Aug 05, 2024 at 06:37:32PM +0200, Omar Polo wrote:
> > > This adds support to use both user ids in addition to user login names
> > > in the `user' directive.
> > > 
> > > My first attempt was more like `connection limit user' is handled, i.e.
> > > with gotd_parseuid(), except that I found awkward to parse /etc/passwd
> > > twice, hence the user_name/user_id split in this diff.
> > > 
> > > thoughts/comments?
> > 
> > Special cases where either username or uid are not set will
> > harm us one day.
> > 
> > I would feel better with having fully initialized user info
> > (name and uid) available as early as possible, even if that
> > means multiple passes over the password database. This won't
> > be a performance problem.
> 
> 
> here's a different/simpler diff.  instead of using got_parseuid() we can
> defer that check in main(): this avoids both an extra lookup and
> handling two different views on the user (uid and string).
> 
> I'm wondering if we should attempt first to parse the string as a number
> to avoid an extra lookup in that case (i know it's not even remotely
> performance sensitive, but it's still an extra lookup :P)
> 
> I'm also bundling the diff for permit/deny since the `user' one now
> builds on top of it.

Thank you, I like this approach much better. ok by me