Ignore dotfiles in profile includedir

Editors and filesystems may create artifacts related to .conf files
which don't change the file suffix; these artifacts generally begin
with "." so that they don't appear in normal directory listings
(e.g. ".#filename" for emacs interlock files).  Make sure to ignore
any such artifacts when processing a profile includedir directive.

(cherry picked from commit e8e1d841f8e43e4f441b451d91333a01e43c1b6f)

ticket: 8563
version_fixed: 1.15.2

diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst
index 653aad613cbc5809381f551826de02f06f1afe58..02a935961ea469b11cde2ac272712af8ff11124f 100644 (file)
--- a/doc/admin/conf_files/krb5_conf.rst
+++ b/doc/admin/conf_files/krb5_conf.rst
@@ -55,9 +55,10 @@ following directives at the beginning of a line::
 directory must exist and be readable.  Including a directory includes
 all files within the directory whose names consist solely of
 alphanumeric characters, dashes, or underscores.  Starting in release
-1.15, files with names ending in ".conf" are also included.  Included
-profile files are syntactically independent of their parents, so each
-included file must begin with a section header.
+1.15, files with names ending in ".conf" are also included, unless the
+name begins with ".".  Included profile files are syntactically
+independent of their parents, so each included file must begin with a
+section header.
 
 The krb5.conf file can specify that configuration should be obtained
 from a loadable module, rather than the file itself, using the

diff --git a/src/util/profile/prof_parse.c b/src/util/profile/prof_parse.c
index e7c1f65aa09f3506ba66f266d9be725d1f7ef0cc..1baceea9e8a9e4eb9632a21ab6c7651dd5e67401 100644 (file)
--- a/src/util/profile/prof_parse.c
+++ b/src/util/profile/prof_parse.c
@@ -222,12 +222,16 @@ static errcode_t parse_include_file(const char *filename,
 }
 
 /* Return non-zero if filename contains only alphanumeric characters, dashes,
- * and underscores, or if the filename ends in ".conf". */
+ * and underscores, or if the filename ends in ".conf" and is not a dotfile. */
 static int valid_name(const char *filename)
 {
     const char *p;
     size_t len = strlen(filename);
 
+    /* Ignore dotfiles, which might be editor or filesystem artifacts. */
+    if (*filename == '.')
+        return 0;
+
     if (len >= 5 && !strcmp(filename + len - 5, ".conf"))
         return 1;