Parse all kadm5.acl fields at startup
Parse the client principal name, target principal name, and
restrictions field of kadm5.acl entries when the file is loaded, not
later on when an attempt is made to match the entry.
This change affects the error-handling behavior of kadm5.acl files.
Previously, a syntax error in the line structure (such as having only
one field) would cause the whole file to be rejected, but an error
within a principal name or restrictions string would cause only that
entry to be discarded. After this change, any parsing failure will
cause the whole file to be rejected.
Author: Greg Hudson <firstname.lastname@example.org>
src/kadmin/server/auth_acl.c | 91 +++++++++++++----------------------------
1 files changed, 29 insertions(+), 62 deletions(-)