On 27.4.2011, at 18.04, Wietse Venema wrote: >> I think the POSIX API works in all OSes commonly used nowadays. FreeBSD >> 5.1, NetBSD 3.0, OpenBSD 4.4, Solaris 5(?), OS X (some version), Linux >> for last 5+ years. >> I wrote some wrappers for these and people haven't complained about them >> much yet (just that OpenBSD had a bug): >> http://hg.dovecot.org/dovecot-2.0/raw-file/tip/src/lib/ipwd.c > > Unfortunately, lack of complaints does not prove that rare errors > are handled correctly :-) Witness the bug that led to this thread, > which is at least five years old.
I think the original bug was probably because of the use of getpwnam(). But because its API is pretty much unfixable by now the only realistic way to fix that is by modifying Postfix to not use it. So the only problems left with replacing its use with getpwnam_r() are: a) Does the code not compile? (Can be checked automatically at compile time.) b) Does the code compile, but not actually work because of an API difference? (Is there such an OS where this isn't caught by a) ?) c) Does the code more or less randomly fail? I think in most cases where its use doesn't work it can be caught by a compiler error. If it works but somewhat randomly gives "error" instead of "user doesn't exist" it's not really any worse than the current getpwnam() interface. And I'm sure getpwnam_r() is at least somewhat tested in use by now so that a "user doesn't exist" won't consistently give "error", so that's not a problem either. So the only problem is to get it to run and not crash/fail at startup. Since it's immediately obvious if either one of them happens, I think it's pretty safe to just do the modification and add workarounds (like a wrapper to getpwnam()) later if people start to complain. You can't make everything work in all ancient OSes anyway. > SunOS POSIX as of 5.5 but requires compile-time switch > Solaris 2.4 and earlier releases provided definitions of the > getpwnam_r() and getpwuid_r() functions as specified in POSIX.1c > Draft 6. The final POSIX.1c standard changed the interface > for these functions. > ... > For POSIX.1c-conforming applications, the _POSIX_PTHREAD_SEMANTICS > and _REENTRANT flags are automatically turned on by defining > the _POSIX_C_SOURCE flag with a value >=199506L. > > Unfortunately, setting _POSIX_C_SOURCE changes more than just this, > and so should be done carefully. Yes, I definitely wouldn't want to enable it globally, that's why I added it only to one specific .c file with the wrapper functions. > In any case, this code should be used only after it is verified to > work. Manpages do not always describe reality. Sure. You can wait a while longer to see how Dovecot does with this change. :)
