request-key: Find best match rather than first match

When an upcall happens currently, either a file by the name
"/etc/request-key.d/<type>.conf" is scanned or the default file
"/etc/request-key.conf" is scanned and then the first match (including
wildcards) is selected.

Change this to read all the files in the conf directory and then read the
default file.  The best rule is then chosen and executed.

"Best" is defined as the rule with the least number of characters that are
skipped by matching a wildcard (e.g. string "foo:bar" matches pattern
"foo:*" with the number of characters being skipped being 3).

Further, the operation, type, description and callout_info columns are
matched individually and in order, so that a skip of 1 in the operation
column, say, is less preferable than an exact match there and a skip of 2
in the type column.

For example, take:

	create  dns_resolver afsdb:*	*	/sbin/key.afsdb %k
	create  dns_resolver afsdb:*	hello*	/sbin/key.xxxx %k

if both lines match, the second one will be picked, but, on the other hand,

	create  dns_resolver afsdb:*	*	/sbin/key.afsdb %k
	creat*  dns_resolver afsdb:*	hello*	/sbin/key.xxxx %k

the first will be picked.

Signed-off-by: David Howells <>
Tested-by: Dave Jiang <>
3 files changed