Timo Sirainen:
> On 27.4.2011, at 0.53, Victor Duchovni wrote:
>
> >> Just wondering: Is it really the nss-ldap code that is buggy or just
> >> the libc's getpwnam() call that is fundamentally broken? I recently
> >> changed Dovecot to use getpwnam_r() instead, since it allows proper
> >> error checking.
> >
> > Most likely a combination of both. It is not, for example, clear which
> > error returns from getpwnam_r() indicate a transient error, and which
> > "entry not found". This is an API problem.
>
> It is clear. getpwnam_r() returns 0 both on success and "user not
> found", you just need to check if the result is NULL or not. If
> it returns anything else than 0 it's a transient error. If the
> NSS code internally messes this up, that's its fault then. But I
> think getpwnam_r() API is fine.
That would be an improvement over waiting until getpwnam() semantics
is restored. Now need to fing out when getpwnam_r() was introduced,
as I don't want to retroactively break supported systems.
Wietse
