Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1rJaFh-00EFlO-4X for pgsql-hackers@arkaria.postgresql.org; Sat, 30 Dec 2023 14:23:50 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1rJaFf-000NYa-QQ for pgsql-hackers@arkaria.postgresql.org; Sat, 30 Dec 2023 14:23:47 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1rJaFf-000NYR-9q for pgsql-hackers@lists.postgresql.org; Sat, 30 Dec 2023 14:23:47 +0000 Received: from mail.postgrespro.ru ([93.174.131.139]) by magus.postgresql.org with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1rJaFb-00EfFn-Gp for pgsql-hackers@lists.postgresql.org; Sat, 30 Dec 2023 14:23:46 +0000 Received: from [192.168.0.104] (unknown [62.217.189.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: p.luzanov@postgrespro.ru) by mail.postgrespro.ru (Postfix/587) with ESMTPSA id 1152FE21050; Sat, 30 Dec 2023 17:23:41 +0300 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=postgrespro.ru; s=mx2023; t=1703946221; bh=+h5brMmGtGgK6z0n821Qw3wW/192TW8YbyHB4dfoA5c=; h=Message-ID:Date:User-Agent:Subject:To:References:From:In-Reply-To: From; b=jXxrJUc0mkwnSvEufxSAQBqrCabGlSmUhXh7gKJo44d60zFjXBggVgdzQWZo18whX 9/Ihek5EGq7LqNlhs1JI1WLUeKTn+Pv9tJ2S0Ek2Z5Av0zax+5EfzZGkZTyKb+R/nT PM11VeLIynsmSaODHTjgBVLi5wEqYm7MIXeqTif9UXT//Ia9h/JSOtjVHajwubBswT jtBng8T84mMvydVRJtcr99wFaCejsl3m+DNTM+EQZ4E1plNTu++7i7ouzDT+UyNRqe excjz1wTijUC0uIqFDNqBt88j7/iW04iee6Dlul3mYvwfbhaLOrcklK7nDXKzMozzX HuH5y6EPhrO9Q== Content-Type: multipart/mixed; boundary="------------Jv5OJn0uNrj8oYH41JhcYMcM" Message-ID: <27f87cb9-229b-478b-81b2-157f94239d55@postgrespro.ru> Date: Sat, 30 Dec 2023 17:23:40 +0300 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Things I don't like about \du's "Attributes" column Content-Language: en-US, ru-RU To: Tom Lane , pgsql-hackers@lists.postgresql.org References: <4133242.1687481416@sss.pgh.pa.us> From: Pavel Luzanov In-Reply-To: <4133242.1687481416@sss.pgh.pa.us> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk This is a multi-part message in MIME format. --------------Jv5OJn0uNrj8oYH41JhcYMcM Content-Type: multipart/alternative; boundary="------------JcEqM2bVNHgw4z4NLPCJe2ka" --------------JcEqM2bVNHgw4z4NLPCJe2ka Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Now I'm ready for discussion. On 23.06.2023 03:50, Tom Lane wrote: > Nearby I dissed psql's \du command for its incoherent "Attributes" > column [1]. It's too late to think about changing that for v16, > but here's some things I think we should consider for v17: > > * It seems weird that some attributes are described in the negative > ("Cannot login", "No inheritance"). I realize that this corresponds > to the defaults, so that a user created by CREATE USER with no options > shows nothing in the Attributes column; but I wonder how much that's > worth. As far as "Cannot login" goes, you could argue that the silent > default ought to be for the properties assigned by CREATE ROLE, since > the table describes itself as "List of roles". I'm not dead set on > changing this, but it seems like a topic that deserves a fresh look. Agree. The negative form looks strange. Fresh look suggests to move login attribute to own column. The attribute separates users and group roles, this is very important information, it deserves to be placed in a separate column. Of course, it can be returned back to "Attributes" if such change is very radical. On the other hand, rolinherit attribute lost its importance in v16. I don't see serious reasons in changing the default value, so we can leave it in the "Attributes" column. In most cases it will be hidden. > * I do not like the display of rolconnlimit, ie "No connections" or > "%d connection(s)". A person not paying close attention might think > that that means the number of *current* connections the user has. > A minimal fix could be to word it like "No connections allowed" or > "%d connection(s) allowed". But see below. connlimit attribute moved from "Attributes" column to separate column "Max connections" in extended mode. But without any modifications to it's values. For me it looks normal. > * I do not like the display of rolvaliduntil, either. Moved from "Attributes" column to separate columnĀ  "Password expire time" in extended mode (+). > I suggest that maybe it'd > be okay to change the pg_roles view along the lines of > > - '********'::text as rolpassword, > + case when rolpassword is not null then '********'::text end as rolpassword, Done. The same changes to pg_user.passwd for consistency. > Then we could fix \du to say nothing if rolpassword is null, > and when it isn't, print "Password valid until infinity" whenever > that is the case (ie, rolvaliduntil is null or infinity). I think that writing the value "infinity" in places where there is no value is not a good thing. This hides the real value of the column. In addition, there is no reason to set "infinity" when the password is always valid with default NULL. My suggestion to add new column "Has password?" in extended mode with yes/no values and leave rolvaliduntil values as is. > * On a purely presentation level, how did we possibly arrive > at the idea that the connection-limit and valid-until properties > deserve their own lines in the Attributes column while the other > properties are comma-separated? That makes no sense whatsoever, > nor does it look nice in \x display format. > (b) move these two things into separate columns. Implemented this approach. In a result describeRoles function significantly simplified and rewritten for the convenience of printing the whole query result. All the magic of building "Attributes" column moved to SELECT statement for easy viewing by users via ECHO_HIDDEN variable. Here is an example output. --DROP ROLE alice, bob, charlie, admin; CREATE ROLE alice LOGIN SUPERUSER NOINHERIT PASSWORD 'alice' VALID UNTIL 'infinity' CONNECTION LIMIT 5; CREATE ROLE bob LOGIN REPLICATION BYPASSRLS CREATEDB VALID UNTIL '2022-01-01'; CREATE ROLE charlie LOGIN CREATEROLE PASSWORD 'charlie' CONNECTION LIMIT 0; CREATE ROLE admin; COMMENT ON ROLE alice IS 'Superuser but with connection limit and with no inheritance'; COMMENT ON ROLE bob IS 'No password but with expire time'; COMMENT ON ROLE charlie IS 'No connections allowed'; COMMENT ON ROLE admin IS 'Group role without login'; Master. =# \du List of roles Role name | Attributes -----------+------------------------------------------------------------ admin | Cannot login alice | Superuser, No inheritance + | 5 connections + | Password valid until infinity bob | Create DB, Replication, Bypass RLS + | Password valid until 2022-01-01 00:00:00+03 charlie | Create role + | No connections postgres | Superuser, Create role, Create DB, Replication, Bypass RLS =# \du+ List of roles Role name | Attributes | Description -----------+------------------------------------------------------------+------------------------------------------------------------- admin | Cannot login | Group role without login alice | Superuser, No inheritance +| Superuser but with connection limit and with no inheritance | 5 connections +| | Password valid until infinity | bob | Create DB, Replication, Bypass RLS +| No password but with expire time | Password valid until 2022-01-01 00:00:00+03 | charlie | Create role +| No connections allowed | No connections | postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | Patched. =# \du List of roles Role name | Can login? | Attributes -----------+------------+------------------------------------------------------------ admin | no | alice | yes | Superuser, No inheritance bob | yes | Create DB, Replication, Bypass RLS charlie | yes | Create role postgres | yes | Superuser, Create role, Create DB, Replication, Bypass RLS (5 rows) =# \du+ List of roles Role name | Can login? | Attributes | Has password? | Password expire time | Max connections | Description -----------+------------+------------------------------------------------------------+---------------+------------------------+-----------------+------------------------------------------------------------- admin | no | | no | | -1 | Group role without login alice | yes | Superuser, No inheritance | yes | infinity | 5 | Superuser but with connection limit and with no inheritance bob | yes | Create DB, Replication, Bypass RLS | no | 2022-01-01 00:00:00+03 | -1 | No password but with expire time charlie | yes | Create role | yes | | 0 | No connections allowed postgres | yes | Superuser, Create role, Create DB, Replication, Bypass RLS | yes | | -1 | (5 rows) v1 of the patch attached. There are no tests and documentation yet. make check fall in 2 existing tests due changes in pg_roles and \du. Will be corrected. Any opinions? I plan to add a patch to the January commitfest. -- Pavel Luzanov Postgres Professional:https://postgrespro.com --------------JcEqM2bVNHgw4z4NLPCJe2ka Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit Now I'm ready for discussion.

On 23.06.2023 03:50, Tom Lane wrote:
Nearby I dissed psql's \du command for its incoherent "Attributes"
column [1].  It's too late to think about changing that for v16,
but here's some things I think we should consider for v17:

* It seems weird that some attributes are described in the negative
("Cannot login", "No inheritance").  I realize that this corresponds
to the defaults, so that a user created by CREATE USER with no options
shows nothing in the Attributes column; but I wonder how much that's
worth.  As far as "Cannot login" goes, you could argue that the silent
default ought to be for the properties assigned by CREATE ROLE, since
the table describes itself as "List of roles".  I'm not dead set on
changing this, but it seems like a topic that deserves a fresh look.

Agree. The negative form looks strange.

Fresh look suggests to move login attribute to own column.
The attribute separates users and group roles, this is very important information,
it deserves to be placed in a separate column. Of course, it can be
returned back to "Attributes" if such change is very radical.

On the other hand, rolinherit attribute lost its importance in v16.
I don't see serious reasons in changing the default value, so we can leave it
in the "Attributes" column. In most cases it will be hidden.


* I do not like the display of rolconnlimit, ie "No connections" or
"%d connection(s)".  A person not paying close attention might think
that that means the number of *current* connections the user has.
A minimal fix could be to word it like "No connections allowed" or
"%d connection(s) allowed".  But see below.

connlimit attribute moved from "Attributes" column to separate column
"Max connections" in extended mode. But without any modifications to it's values.
For me it looks normal.


* I do not like the display of rolvaliduntil, either.

Moved from "Attributes" column to separate columnĀ  "Password expire time"
in extended mode (+).


I suggest that maybe it'd
be okay to change the pg_roles view along the lines of

-       '********'::text as rolpassword,
+       case when rolpassword is not null then '********'::text end as rolpassword,

Done.
The same changes to pg_user.passwd for consistency.
Then we could fix \du to say nothing if rolpassword is null,
and when it isn't, print "Password valid until infinity" whenever
that is the case (ie, rolvaliduntil is null or infinity).

I think that writing the value "infinity" in places where there is no value is
not a good thing. This hides the real value of the column. In addition,
there is no reason to set "infinity" when the password is always valid with
default NULL.

My suggestion to add new column "Has password?" in extended mode with
yes/no values and leave rolvaliduntil values as is.


* On a purely presentation level, how did we possibly arrive
at the idea that the connection-limit and valid-until properties
deserve their own lines in the Attributes column while the other
properties are comma-separated?  That makes no sense whatsoever,
nor does it look nice in \x display format.
(b) move these two things into separate columns.

Implemented this approach.

In a result describeRoles function significantly simplified and rewritten for the convenience
of printing the whole query result. All the magic of building "Attributes" column
moved to SELECT statement for easy viewing by users via ECHO_HIDDEN variable.

Here is an example output.

--DROP ROLE alice, bob, charlie, admin;

CREATE ROLE alice LOGIN SUPERUSER NOINHERIT PASSWORD 'alice' VALID UNTIL 'infinity' CONNECTION LIMIT 5;
CREATE ROLE bob LOGIN REPLICATION BYPASSRLS CREATEDB VALID UNTIL '2022-01-01';
CREATE ROLE charlie LOGIN CREATEROLE PASSWORD 'charlie' CONNECTION LIMIT 0;
CREATE ROLE admin;

COMMENT ON ROLE alice IS 'Superuser but with connection limit and with no inheritance';
COMMENT ON ROLE bob IS 'No password but with expire time';
COMMENT ON ROLE charlie IS 'No connections allowed';
COMMENT ON ROLE admin IS 'Group role without login';


Master.
=# \du
                             List of roles
 Role name |                         Attributes                         
-----------+------------------------------------------------------------
 admin     | Cannot login
 alice     | Superuser, No inheritance                                 +
           | 5 connections                                             +
           | Password valid until infinity
 bob       | Create DB, Replication, Bypass RLS                        +
           | Password valid until 2022-01-01 00:00:00+03
 charlie   | Create role                                               +
           | No connections
 postgres  | Superuser, Create role, Create DB, Replication, Bypass RLS

=# \du+
                                                            List of roles
 Role name |                         Attributes                         |                         Description                         
-----------+------------------------------------------------------------+-------------------------------------------------------------
 admin     | Cannot login                                               | Group role without login
 alice     | Superuser, No inheritance                                 +| Superuser but with connection limit and with no inheritance
           | 5 connections                                             +| 
           | Password valid until infinity                              | 
 bob       | Create DB, Replication, Bypass RLS                        +| No password but with expire time
           | Password valid until 2022-01-01 00:00:00+03                | 
 charlie   | Create role                                               +| No connections allowed
           | No connections                                             | 
 postgres  | Superuser, Create role, Create DB, Replication, Bypass RLS | 


Patched.
=# \du
                                    List of roles
 Role name | Can login? |                         Attributes                         
-----------+------------+------------------------------------------------------------
 admin     | no         | 
 alice     | yes        | Superuser, No inheritance
 bob       | yes        | Create DB, Replication, Bypass RLS
 charlie   | yes        | Create role
 postgres  | yes        | Superuser, Create role, Create DB, Replication, Bypass RLS
(5 rows)

=# \du+
                                                                                                List of roles
 Role name | Can login? |                         Attributes                         | Has password? |  Password expire time  | Max connections |                         Description                         
-----------+------------+------------------------------------------------------------+---------------+------------------------+-----------------+-------------------------------------------------------------
 admin     | no         |                                                            | no            |                        |              -1 | Group role without login
 alice     | yes        | Superuser, No inheritance                                  | yes           | infinity               |               5 | Superuser but with connection limit and with no inheritance
 bob       | yes        | Create DB, Replication, Bypass RLS                         | no            | 2022-01-01 00:00:00+03 |              -1 | No password but with expire time
 charlie   | yes        | Create role                                                | yes           |                        |               0 | No connections allowed
 postgres  | yes        | Superuser, Create role, Create DB, Replication, Bypass RLS | yes           |                        |              -1 | 
(5 rows)


v1 of the patch attached. There are no tests and documentation yet.
make check fall in 2 existing tests due changes in pg_roles and \du. Will be corrected.

Any opinions?

I plan to add a patch to the January commitfest.

-- 
Pavel Luzanov
Postgres Professional: https://postgrespro.com
--------------JcEqM2bVNHgw4z4NLPCJe2ka-- --------------Jv5OJn0uNrj8oYH41JhcYMcM Content-Type: text/x-patch; charset=UTF-8; name="v1-0001-psql-Rethinking-of-du-command.patch" Content-Disposition: attachment; filename="v1-0001-psql-Rethinking-of-du-command.patch" Content-Transfer-Encoding: base64 RnJvbSA3OGNhZjA5M2U2OGQ2MTY2NDc3YmFmNTk5MzRkNTNmNTAxMDM4MzZhIE1vbiBTZXAg MTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBQYXZlbCBMdXphbm92IDxwLmx1emFub3ZAcG9zdGdy ZXNwcm8ucnU+CkRhdGU6IFNhdCwgMzAgRGVjIDIwMjMgMTU6NDg6MTggKzAzMDAKU3ViamVj dDogW1BBVENIIHYxXSBwc3FsOiBSZXRoaW5raW5nIG9mIFxkdSBjb21tYW5kCgpDaGFuZ2Vz OgoqIGxvZ2luIGF0dHJpYnV0ZSBtb3ZlZCBmcm9tICJBdHRyaWJ1dGVzIiBjb2x1bW4gdG8g c2VwYXJhdGUgY29sdW1uCiAgIkNhbiBsb2dpbj8iIHdpdGggeWVzL25vIHZhbHVlcy4KKiBj b25ubGltaXQgYXR0cmlidXRlIG1vdmVkIGZyb20gIkF0dHJpYnV0ZXMiIGNvbHVtbiB0byBz ZXBhcmF0ZSBjb2x1bW4KICAiTWF4IGNvbm5lY3Rpb25zIiBpbiBleHRlbmRlZCBtb2RlKCsp LgoqICd2YWxpZCB1bnRpbCcgYXR0cmlidXRlIG1vdmVkIGZyb20gIkF0dHJpYnV0ZXMiIGNv bHVtbiB0byBzZXBhcmF0ZQogICBjb2x1bW4gIlBhc3N3b3JkIGV4cGlyZSB0aW1lIiBpbiBl eHRlbmRlZCBtb2RlLgoqIEFkZGVkIG5ldyBjb2x1bW4gIkhhcyBwYXNzd29yZD8iIGluIGV4 dGVuZGVkIG1vZGUgYmFzZWQgb24gY2hhbmdlZAogIHBnX3JvbGVzLnJvbHBhc3N3b3JkLiBU aGUgcm9scGFzc3dvcmQgY29sdW1uIG9mIHRoZSBwZ19yb2xlcyB2aWV3CiAgbW9kaWZpZWQg c28gdGhhdCBpdCBpcyBlYXN5IHRvIGlkZW50aWZ5IHRoZSBwcmVzZW5jZSBvZiBhIHBhc3N3 b3JkLgogIFRoZSBzYW1lIGNoYW5nZXMgbWFkZSBmb3IgcGdfdXNlci5wYXNzd2QgZm9yIGNv bnNpc3RlbmN5LgoqIGRlc2NyaWJlUm9sZXMgZnVuY3Rpb24gcmV3cml0dGVuIGZvciB0aGUg Y29udmVuaWVuY2Ugb2YgcHJpbnRpbmcKICB0aGUgd2hvbGUgcXVlcnkgcmVzdWx0LiBBbGwg dGhlIG1hZ2ljIG9mIGJ1aWxkaW5nICJBdHRyaWJ1dGVzIiBjb2x1bW4KICBtb3ZlZCB0byBT RUxFQ1Qgc3RhdGVtZW50IGZvciBlYXN5IHZpZXdpbmcgYnkgdXNlcnMgdmlhIEVDSE9fSElE REVOCiAgdmFyaWFibGUuCgpQZXIgc3VnZ2VzdGlvbnMgZnJvbSBUb20gTGFuZS4KCkF1dGhv cjogUGF2ZWwgTHV6YW5vdgpEaXNjdXNzaW9uOiBodHRwczovL3d3dy5wb3N0Z3Jlc3FsLm9y Zy9tZXNzYWdlLWlkLzQxMzMyNDIuMTY4NzQ4MTQxNiU0MHNzcy5wZ2gucGEudXMKLS0tCiBz cmMvYmFja2VuZC9jYXRhbG9nL3N5c3RlbV92aWV3cy5zcWwgfCAgIDYgKy0KIHNyYy9iaW4v cHNxbC9kZXNjcmliZS5jICAgICAgICAgICAgICB8IDE0NiArKysrKysrKy0tLS0tLS0tLS0t LS0tLS0tLS0KIDIgZmlsZXMgY2hhbmdlZCwgNDMgaW5zZXJ0aW9ucygrKSwgMTA5IGRlbGV0 aW9ucygtKQoKZGlmZiAtLWdpdCBhL3NyYy9iYWNrZW5kL2NhdGFsb2cvc3lzdGVtX3ZpZXdz LnNxbCBiL3NyYy9iYWNrZW5kL2NhdGFsb2cvc3lzdGVtX3ZpZXdzLnNxbAppbmRleCAwNThm YzQ3YzkxLi5mZWQyMjFmNzg3IDEwMDY0NAotLS0gYS9zcmMvYmFja2VuZC9jYXRhbG9nL3N5 c3RlbV92aWV3cy5zcWwKKysrIGIvc3JjL2JhY2tlbmQvY2F0YWxvZy9zeXN0ZW1fdmlld3Mu c3FsCkBAIC0yNCwxMCArMjQsMTAgQEAgQ1JFQVRFIFZJRVcgcGdfcm9sZXMgQVMKICAgICAg ICAgcm9sY2FubG9naW4sCiAgICAgICAgIHJvbHJlcGxpY2F0aW9uLAogICAgICAgICByb2xj b25ubGltaXQsCi0gICAgICAgICcqKioqKioqKic6OnRleHQgYXMgcm9scGFzc3dvcmQsCisg ICAgICAgIENBU0UgV0hFTiByb2xwYXNzd29yZCBJUyBOT1QgTlVMTCBUSEVOICcqKioqKioq Kic6OnRleHQgRU5EIEFTIHJvbHBhc3N3b3JkLAogICAgICAgICByb2x2YWxpZHVudGlsLAog ICAgICAgICByb2xieXBhc3NybHMsCi0gICAgICAgIHNldGNvbmZpZyBhcyByb2xjb25maWcs CisgICAgICAgIHNldGNvbmZpZyBBUyByb2xjb25maWcsCiAgICAgICAgIHBnX2F1dGhpZC5v aWQKICAgICBGUk9NIHBnX2F1dGhpZCBMRUZUIEpPSU4gcGdfZGJfcm9sZV9zZXR0aW5nIHMK ICAgICBPTiAocGdfYXV0aGlkLm9pZCA9IHNldHJvbGUgQU5EIHNldGRhdGFiYXNlID0gMCk7 CkBAIC02NSw3ICs2NSw3IEBAIENSRUFURSBWSUVXIHBnX3VzZXIgQVMKICAgICAgICAgdXNl c3VwZXIsCiAgICAgICAgIHVzZXJlcGwsCiAgICAgICAgIHVzZWJ5cGFzc3JscywKLSAgICAg ICAgJyoqKioqKioqJzo6dGV4dCBhcyBwYXNzd2QsCisgICAgICAgIENBU0UgV0hFTiBwYXNz d2QgSVMgTk9UIE5VTEwgVEhFTiAnKioqKioqKionOjp0ZXh0IEVORCBBUyBwYXNzd2QsCiAg ICAgICAgIHZhbHVudGlsLAogICAgICAgICB1c2Vjb25maWcKICAgICBGUk9NIHBnX3NoYWRv dzsKZGlmZiAtLWdpdCBhL3NyYy9iaW4vcHNxbC9kZXNjcmliZS5jIGIvc3JjL2Jpbi9wc3Fs L2Rlc2NyaWJlLmMKaW5kZXggNTA3N2U3YjM1OC4uYjZjY2IwMTNhYSAxMDA2NDQKLS0tIGEv c3JjL2Jpbi9wc3FsL2Rlc2NyaWJlLmMKKysrIGIvc3JjL2Jpbi9wc3FsL2Rlc2NyaWJlLmMK QEAgLTM2LDcgKzM2LDYgQEAgc3RhdGljIGJvb2wgZGVzY3JpYmVPbmVUYWJsZURldGFpbHMo Y29uc3QgY2hhciAqc2NoZW1hbmFtZSwKIAkJCQkJCQkJCWJvb2wgdmVyYm9zZSk7CiBzdGF0 aWMgdm9pZCBhZGRfdGFibGVzcGFjZV9mb290ZXIocHJpbnRUYWJsZUNvbnRlbnQgKmNvbnN0 IGNvbnQsIGNoYXIgcmVsa2luZCwKIAkJCQkJCQkJICBPaWQgdGFibGVzcGFjZSwgY29uc3Qg Ym9vbCBuZXdsaW5lKTsKLXN0YXRpYyB2b2lkIGFkZF9yb2xlX2F0dHJpYnV0ZShQUUV4cEJ1 ZmZlciBidWYsIGNvbnN0IGNoYXIgKmNvbnN0IHN0cik7CiBzdGF0aWMgYm9vbCBsaXN0VFNQ YXJzZXJzVmVyYm9zZShjb25zdCBjaGFyICpwYXR0ZXJuKTsKIHN0YXRpYyBib29sIGRlc2Ny aWJlT25lVFNQYXJzZXIoY29uc3QgY2hhciAqb2lkLCBjb25zdCBjaGFyICpuc3BuYW1lLAog CQkJCQkJCQljb25zdCBjaGFyICpwcnNuYW1lKTsKQEAgLTM2NTQsMzQgKzM2NTMsNDkgQEAg ZGVzY3JpYmVSb2xlcyhjb25zdCBjaGFyICpwYXR0ZXJuLCBib29sIHZlcmJvc2UsIGJvb2wg c2hvd1N5c3RlbSkKIHsKIAlQUUV4cEJ1ZmZlckRhdGEgYnVmOwogCVBHcmVzdWx0ICAgKnJl czsKLQlwcmludFRhYmxlQ29udGVudCBjb250OwotCXByaW50VGFibGVPcHQgbXlvcHQgPSBw c2V0LnBvcHQudG9wdDsKLQlpbnQJCQluY29scyA9IDI7Ci0JaW50CQkJbnJvd3MgPSAwOwot CWludAkJCWk7Ci0JaW50CQkJY29ubnM7Ci0JY29uc3QgY2hhcglhbGlnbiA9ICdsJzsKLQlj aGFyCSAgKiphdHRyOwotCi0JbXlvcHQuZGVmYXVsdF9mb290ZXIgPSBmYWxzZTsKKwlwcmlu dFF1ZXJ5T3B0IG15b3B0ID0gcHNldC5wb3B0OwogCiAJaW5pdFBRRXhwQnVmZmVyKCZidWYp OwotCiAJcHJpbnRmUFFFeHBCdWZmZXIoJmJ1ZiwKLQkJCQkJICAiU0VMRUNUIHIucm9sbmFt ZSwgci5yb2xzdXBlciwgci5yb2xpbmhlcml0LFxuIgotCQkJCQkgICIgIHIucm9sY3JlYXRl cm9sZSwgci5yb2xjcmVhdGVkYiwgci5yb2xjYW5sb2dpbixcbiIKLQkJCQkJICAiICByLnJv bGNvbm5saW1pdCwgci5yb2x2YWxpZHVudGlsIik7CisJCQkJCSAgIlNFTEVDVCByLnJvbG5h bWUgQVMgXCIlc1wiLFxuIgorCQkJCQkgICIgIENBU0UgV0hFTiByLnJvbGNhbmxvZ2luIFRI RU4gJyVzJyBFTFNFICclcycgRU5EIEFTIFwiJXNcIixcbiIKKwkJCQkJICAiICBwZ19jYXRh bG9nLmNvbmNhdF93cygnLCAnLFxuIgorCQkJCQkgICIgICAgQ0FTRSBXSEVOIHIucm9sc3Vw ZXIgVEhFTiAnJXMnIEVORCxcbiIKKwkJCQkJICAiICAgIENBU0UgV0hFTiBOT1Qgci5yb2xp bmhlcml0IFRIRU4gJyVzJyBFTkQsXG4iCisJCQkJCSAgIiAgICBDQVNFIFdIRU4gci5yb2xj cmVhdGVyb2xlIFRIRU4gJyVzJyBFTkQsXG4iCisJCQkJCSAgIiAgICBDQVNFIFdIRU4gci5y b2xjcmVhdGVkYiBUSEVOICclcycgRU5ELFxuIgorCQkJCQkgICIgICAgQ0FTRSBXSEVOIHIu cm9scmVwbGljYXRpb24gVEhFTiAnJXMnIEVORCIsCisJCQkJCSAgZ2V0dGV4dF9ub29wKCJS b2xlIG5hbWUiKSwKKwkJCQkJICBnZXR0ZXh0X25vb3AoInllcyIpLCBnZXR0ZXh0X25vb3Ao Im5vIiksCisJCQkJCSAgZ2V0dGV4dF9ub29wKCJDYW4gbG9naW4/IiksCisJCQkJCSAgZ2V0 dGV4dF9ub29wKCJTdXBlcnVzZXIiKSwKKwkJCQkJICBnZXR0ZXh0X25vb3AoIk5vIGluaGVy aXRhbmNlIiksCisJCQkJCSAgZ2V0dGV4dF9ub29wKCJDcmVhdGUgcm9sZSIpLAorCQkJCQkg IGdldHRleHRfbm9vcCgiQ3JlYXRlIERCIiksCisJCQkJCSAgZ2V0dGV4dF9ub29wKCJSZXBs aWNhdGlvbiIpKTsKKworCWlmIChwc2V0LnN2ZXJzaW9uID49IDkwNTAwKQorCQlhcHBlbmRQ UUV4cEJ1ZmZlcigmYnVmLAorCQkJCQkJICAiLFxuICAgIENBU0UgV0hFTiByLnJvbGJ5cGFz c3JscyBUSEVOICclcycgRU5EIiwKKwkJCQkJCSAgZ2V0dGV4dF9ub29wKCJCeXBhc3MgUkxT IikpOworCisJYXBwZW5kUFFFeHBCdWZmZXIoJmJ1ZiwgIlxuICApIEFTIFwiJXNcIiIsIGdl dHRleHRfbm9vcCgiQXR0cmlidXRlcyIpKTsKIAogCWlmICh2ZXJib3NlKQogCXsKLQkJYXBw ZW5kUFFFeHBCdWZmZXJTdHIoJmJ1ZiwgIlxuLCBwZ19jYXRhbG9nLnNob2JqX2Rlc2NyaXB0 aW9uKHIub2lkLCAncGdfYXV0aGlkJykgQVMgZGVzY3JpcHRpb24iKTsKLQkJbmNvbHMrKzsK LQl9Ci0JYXBwZW5kUFFFeHBCdWZmZXJTdHIoJmJ1ZiwgIlxuLCByLnJvbHJlcGxpY2F0aW9u Iik7CisJCWlmIChwc2V0LnN2ZXJzaW9uID49IDE3MDAwMCkKKwkJCWFwcGVuZFBRRXhwQnVm ZmVyKCZidWYsCisJCQkJCQkJICAiLFxuICBDQVNFIFdIRU4gci5yb2xwYXNzd29yZCBJUyBO VUxMIFRIRU4gJyVzJyBFTFNFICclcycgRU5EIEFTIFwiJXNcIiIsCisJCQkJCQkJICBnZXR0 ZXh0X25vb3AoIm5vIiksIGdldHRleHRfbm9vcCgieWVzIiksCisJCQkJCQkJICBnZXR0ZXh0 X25vb3AoIkhhcyBwYXNzd29yZD8iKSk7CiAKLQlpZiAocHNldC5zdmVyc2lvbiA+PSA5MDUw MCkKLQl7Ci0JCWFwcGVuZFBRRXhwQnVmZmVyU3RyKCZidWYsICJcbiwgci5yb2xieXBhc3Ny bHMiKTsKKwkJYXBwZW5kUFFFeHBCdWZmZXIoJmJ1ZiwKKwkJCQkJCSAgIixcbiAgci5yb2x2 YWxpZHVudGlsIEFTIFwiJXNcIixcbiIKKwkJCQkJCSAgIiAgci5yb2xjb25ubGltaXQgQVMg XCIlc1wiLFxuIgorCQkJCQkJICAiICBwZ19jYXRhbG9nLnNob2JqX2Rlc2NyaXB0aW9uKHIu b2lkLCAncGdfYXV0aGlkJykgQVMgXCIlc1wiIiwKKwkJCQkJCSAgZ2V0dGV4dF9ub29wKCJQ YXNzd29yZCBleHBpcmUgdGltZSIpLAorCQkJCQkJICBnZXR0ZXh0X25vb3AoIk1heCBjb25u ZWN0aW9ucyIpLAorCQkJCQkJICBnZXR0ZXh0X25vb3AoIkRlc2NyaXB0aW9uIikpOwogCX0K IAogCWFwcGVuZFBRRXhwQnVmZmVyU3RyKCZidWYsICJcbkZST00gcGdfY2F0YWxvZy5wZ19y b2xlcyByXG4iKTsKQEAgLTM3MDAsOTkgKzM3MTQsMTkgQEAgZGVzY3JpYmVSb2xlcyhjb25z dCBjaGFyICpwYXR0ZXJuLCBib29sIHZlcmJvc2UsIGJvb2wgc2hvd1N5c3RlbSkKIAlhcHBl bmRQUUV4cEJ1ZmZlclN0cigmYnVmLCAiT1JERVIgQlkgMTsiKTsKIAogCXJlcyA9IFBTUUxl eGVjKGJ1Zi5kYXRhKTsKKwl0ZXJtUFFFeHBCdWZmZXIoJmJ1Zik7CiAJaWYgKCFyZXMpCiAJ CXJldHVybiBmYWxzZTsKIAotCW5yb3dzID0gUFFudHVwbGVzKHJlcyk7Ci0JYXR0ciA9IHBn X21hbGxvYzAoKG5yb3dzICsgMSkgKiBzaXplb2YoKmF0dHIpKTsKLQotCXByaW50VGFibGVJ bml0KCZjb250LCAmbXlvcHQsIF8oIkxpc3Qgb2Ygcm9sZXMiKSwgbmNvbHMsIG5yb3dzKTsK LQotCXByaW50VGFibGVBZGRIZWFkZXIoJmNvbnQsIGdldHRleHRfbm9vcCgiUm9sZSBuYW1l IiksIHRydWUsIGFsaWduKTsKLQlwcmludFRhYmxlQWRkSGVhZGVyKCZjb250LCBnZXR0ZXh0 X25vb3AoIkF0dHJpYnV0ZXMiKSwgdHJ1ZSwgYWxpZ24pOwotCi0JaWYgKHZlcmJvc2UpCi0J CXByaW50VGFibGVBZGRIZWFkZXIoJmNvbnQsIGdldHRleHRfbm9vcCgiRGVzY3JpcHRpb24i KSwgdHJ1ZSwgYWxpZ24pOwotCi0JZm9yIChpID0gMDsgaSA8IG5yb3dzOyBpKyspCi0Jewot CQlwcmludFRhYmxlQWRkQ2VsbCgmY29udCwgUFFnZXR2YWx1ZShyZXMsIGksIDApLCBmYWxz ZSwgZmFsc2UpOwotCi0JCXJlc2V0UFFFeHBCdWZmZXIoJmJ1Zik7Ci0JCWlmIChzdHJjbXAo UFFnZXR2YWx1ZShyZXMsIGksIDEpLCAidCIpID09IDApCi0JCQlhZGRfcm9sZV9hdHRyaWJ1 dGUoJmJ1ZiwgXygiU3VwZXJ1c2VyIikpOwotCi0JCWlmIChzdHJjbXAoUFFnZXR2YWx1ZShy ZXMsIGksIDIpLCAidCIpICE9IDApCi0JCQlhZGRfcm9sZV9hdHRyaWJ1dGUoJmJ1ZiwgXygi Tm8gaW5oZXJpdGFuY2UiKSk7Ci0KLQkJaWYgKHN0cmNtcChQUWdldHZhbHVlKHJlcywgaSwg MyksICJ0IikgPT0gMCkKLQkJCWFkZF9yb2xlX2F0dHJpYnV0ZSgmYnVmLCBfKCJDcmVhdGUg cm9sZSIpKTsKLQotCQlpZiAoc3RyY21wKFBRZ2V0dmFsdWUocmVzLCBpLCA0KSwgInQiKSA9 PSAwKQotCQkJYWRkX3JvbGVfYXR0cmlidXRlKCZidWYsIF8oIkNyZWF0ZSBEQiIpKTsKLQot CQlpZiAoc3RyY21wKFBRZ2V0dmFsdWUocmVzLCBpLCA1KSwgInQiKSAhPSAwKQotCQkJYWRk X3JvbGVfYXR0cmlidXRlKCZidWYsIF8oIkNhbm5vdCBsb2dpbiIpKTsKLQotCQlpZiAoc3Ry Y21wKFBRZ2V0dmFsdWUocmVzLCBpLCAodmVyYm9zZSA/IDkgOiA4KSksICJ0IikgPT0gMCkK LQkJCWFkZF9yb2xlX2F0dHJpYnV0ZSgmYnVmLCBfKCJSZXBsaWNhdGlvbiIpKTsKLQotCQlp ZiAocHNldC5zdmVyc2lvbiA+PSA5MDUwMCkKLQkJCWlmIChzdHJjbXAoUFFnZXR2YWx1ZShy ZXMsIGksICh2ZXJib3NlID8gMTAgOiA5KSksICJ0IikgPT0gMCkKLQkJCQlhZGRfcm9sZV9h dHRyaWJ1dGUoJmJ1ZiwgXygiQnlwYXNzIFJMUyIpKTsKLQotCQljb25ucyA9IGF0b2koUFFn ZXR2YWx1ZShyZXMsIGksIDYpKTsKLQkJaWYgKGNvbm5zID49IDApCi0JCXsKLQkJCWlmIChi dWYubGVuID4gMCkKLQkJCQlhcHBlbmRQUUV4cEJ1ZmZlckNoYXIoJmJ1ZiwgJ1xuJyk7Ci0K LQkJCWlmIChjb25ucyA9PSAwKQotCQkJCWFwcGVuZFBRRXhwQnVmZmVyU3RyKCZidWYsIF8o Ik5vIGNvbm5lY3Rpb25zIikpOwotCQkJZWxzZQotCQkJCWFwcGVuZFBRRXhwQnVmZmVyKCZi dWYsIG5nZXR0ZXh0KCIlZCBjb25uZWN0aW9uIiwKLQkJCQkJCQkJCQkJCSAiJWQgY29ubmVj dGlvbnMiLAotCQkJCQkJCQkJCQkJIGNvbm5zKSwKLQkJCQkJCQkJICBjb25ucyk7Ci0JCX0K LQotCQlpZiAoc3RyY21wKFBRZ2V0dmFsdWUocmVzLCBpLCA3KSwgIiIpICE9IDApCi0JCXsK LQkJCWlmIChidWYubGVuID4gMCkKLQkJCQlhcHBlbmRQUUV4cEJ1ZmZlckNoYXIoJmJ1Ziwg J1xuJyk7Ci0JCQlhcHBlbmRQUUV4cEJ1ZmZlclN0cigmYnVmLCBfKCJQYXNzd29yZCB2YWxp ZCB1bnRpbCAiKSk7Ci0JCQlhcHBlbmRQUUV4cEJ1ZmZlclN0cigmYnVmLCBQUWdldHZhbHVl KHJlcywgaSwgNykpOwotCQl9Ci0KLQkJYXR0cltpXSA9IHBnX3N0cmR1cChidWYuZGF0YSk7 Ci0KLQkJcHJpbnRUYWJsZUFkZENlbGwoJmNvbnQsIGF0dHJbaV0sIGZhbHNlLCBmYWxzZSk7 Ci0KLQkJaWYgKHZlcmJvc2UpCi0JCQlwcmludFRhYmxlQWRkQ2VsbCgmY29udCwgUFFnZXR2 YWx1ZShyZXMsIGksIDgpLCBmYWxzZSwgZmFsc2UpOwotCX0KLQl0ZXJtUFFFeHBCdWZmZXIo JmJ1Zik7Ci0KLQlwcmludFRhYmxlKCZjb250LCBwc2V0LnF1ZXJ5Rm91dCwgZmFsc2UsIHBz ZXQubG9nZmlsZSk7Ci0JcHJpbnRUYWJsZUNsZWFudXAoJmNvbnQpOworCW15b3B0LnRpdGxl ID0gXygiTGlzdCBvZiByb2xlcyIpOworCW15b3B0LnRyYW5zbGF0ZV9oZWFkZXIgPSB0cnVl OwogCi0JZm9yIChpID0gMDsgaSA8IG5yb3dzOyBpKyspCi0JCWZyZWUoYXR0cltpXSk7Ci0J ZnJlZShhdHRyKTsKKwlwcmludFF1ZXJ5KHJlcywgJm15b3B0LCBwc2V0LnF1ZXJ5Rm91dCwg ZmFsc2UsIHBzZXQubG9nZmlsZSk7CiAKIAlQUWNsZWFyKHJlcyk7CiAJcmV0dXJuIHRydWU7 CiB9CiAKLXN0YXRpYyB2b2lkCi1hZGRfcm9sZV9hdHRyaWJ1dGUoUFFFeHBCdWZmZXIgYnVm LCBjb25zdCBjaGFyICpjb25zdCBzdHIpCi17Ci0JaWYgKGJ1Zi0+bGVuID4gMCkKLQkJYXBw ZW5kUFFFeHBCdWZmZXJTdHIoYnVmLCAiLCAiKTsKLQotCWFwcGVuZFBRRXhwQnVmZmVyU3Ry KGJ1Ziwgc3RyKTsKLX0KLQogLyoKICAqIFxkcmRzCiAgKi8KLS0gCjIuMzQuMQoK --------------Jv5OJn0uNrj8oYH41JhcYMcM--