[OpenAFS-devel] hidden commands

Steven Jenkins steven.jenkins@gmail.com
Thu, 7 Jun 2007 21:18:28 -0400


------=_Part_40602_13932250.1181265508389
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

There  has been a discussion over on openafs-docs about vos online/offline &
hidden commands -- there is a desire to have all commands and all options
documented and visible for consistency's sake, although the documentation
may note where a command is dangerous or requires special privileges.

I did a quick check of the source and found the following CMD_HIDDEN
commands:

- cmd.c: all commands have hidden 'version', and 'help' flags.
- admin_tools.c: kas setkey
- admin_tools.c: kas getpassword/getpasswd(which I couldn't get to work --
see transcript below)
- admin_tools.c: kas getrandomkey
- admin_tools.c: kas getticket
- admin_tools.c: kas debuginfo
- fs.c: fs monitor
- vos.c: vos online
- vos.c: vos offline

Jeff Altman suggested I start a discussion of which should be made visible.
Apparently some of these commands were made hidden simply because IBM was
not permitted to "add new features" at the time the command was added (e.g.,
vos online/offline), although I don't know the history of these commands.

Steven

Notes:

- kas getpassword:

I did not take time to debug this, not knowing if it is even expected to
work.  It's a side issue that shouldn't detract from the discussion of 'what
should be done about hidden commands' -- I include it here for reference:

[admin@sjfcafs11 ]$ tokens

Tokens held by the Cache Manager:

User's (AFS ID 15) tokens for afs@example.org [Expires Jun  8 22:31]
   --End of list--
[admin@sjfcafs11 ]$ id
uid=15(admin) gid=501(admin) groups=501(admin)
[admin@sjfcafs11 ]$ kas getpassword -name admin
kas:getpassword: caller not authorized getting admin's password via loopback
connection to GetPassword

I also tried unsuccessfully as root, with admin's token.

------=_Part_40602_13932250.1181265508389
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

<br>There&nbsp; has been a discussion over on openafs-docs about vos online/offline &amp; hidden commands -- there is a desire to have all commands and all options documented and visible for consistency&#39;s sake, although the documentation may note where a command is dangerous or requires special privileges.&nbsp; 
<br><br>I did a quick check of the source and found the following CMD_HIDDEN commands:<br><br>- cmd.c: all commands have hidden &#39;version&#39;, and &#39;help&#39; flags.
<br>- admin_tools.c: kas setkey <br>- admin_tools.c: kas getpassword/getpasswd(which I couldn&#39;t get to work -- see transcript below)<br>- admin_tools.c: kas getrandomkey<br>- admin_tools.c: kas getticket<br>- admin_tools.c: kas debuginfo
<br>- fs.c: fs monitor<br>- vos.c: vos online<br>- vos.c: vos offline<br><br>Jeff Altman suggested I start a discussion of which should be made visible.<br>Apparently some of these commands were made hidden simply because IBM was not
permitted to &quot;add new features&quot; at the time the command was added (e.g., vos online/offline), although I don&#39;t know the history of these commands.<br><br>Steven<br><br>Notes:<br><br>- kas getpassword:
<br><br>I did not take time to debug this, not knowing if it is even expected to work.&nbsp; It&#39;s a side issue that shouldn&#39;t detract from the discussion of &#39;what should be done about hidden commands&#39; -- I include it here for reference:
<br><br>[admin@sjfcafs11 ]$ tokens<br><br>Tokens held by the Cache Manager:<br><br>User&#39;s (AFS ID 15) tokens for 
<a href="mailto:afs@example.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">afs@example.org</a> [Expires Jun&nbsp; 8 22:31]<br>&nbsp;&nbsp; --End of list--<br>[admin@sjfcafs11 ]$ id<br>uid=15(admin) gid=501(admin) groups=501(admin)
<br>[admin@sjfcafs11 ]$ kas getpassword -name admin
<br>kas:getpassword: caller not authorized getting admin&#39;s password via loopback connection to GetPassword<br><br>I also tried unsuccessfully as root, with admin&#39;s token.<br><br>

------=_Part_40602_13932250.1181265508389--