Examining structures exposed in the API
lha at stacken.kth.se
Tue Mar 11 16:58:32 EST 2003
Sam Hartman <hartmans at MIT.EDU> writes:
> Love asks us to compare our API against Heimdal and see what we can do
> to provide people with a way to write portable programs that access
> values currently in exposed structures. In particular, the
> krb5_credentials and krb5_ticket structures are exposed.
This is the three first issues I found, more to come.
KRB5_ADDRESS_* vs ADDRTYPE_*
It would be sad if heimdal needed to pollute the namespace, can you add
support glue ?
addrtype vs addr_type
length vs address.length
address vs address.data
A function to set all this would be good, I think a function pair like this
would be useful for (unix) applications.
krb5_sockaddr2address(krb5_context context, const struct sockaddr *sa,
krb5_addr2sockaddr(krb5_context context, const krb5_address *addr,
struct sockaddr *sa, krb5_socklen_t *sa_size, int port);
krb5_sockaddr2address() stores a address a struct sockaddr sa in the
krb5_addr2sockaddr() sets the struct sockaddr sockaddr from addr and
port. Sa_size should be initially contain the size of the sa, and after
the call, it will contain the actual length of the address.
There are more useful address functions in heimdal, but I don't think they
apply in this discussion.
How should a set function look like if not using a struct sockaddr ?
- ENCTYPE_ARCFOUR_HMAC vs ENCTYPE_ARCFOUR_HMAC_MD5
- ENCTYPE_ARCFOUR_HMAC_EXP vs ENCTYPE_ARCFOUR_HMAC_MD5_56
I can see why mit named them they way they did (from the draft), in
this case I think heimdal should add compat glue.
Does what, free function of krb5_get_permitted_enctypes and
krb5_is_permitted_enctype ? I think its badly named (ktypes takes a
Where in the code is krb5_is_permitted_enctype allowed to be used ? In
clint code or just in kdc/kadmin ? Samba 3.0 uses it for determin what
keyes to use when parsing a request (server end).
I think samba does horriable things, but that is another story. I think
that comes from guessing from non-existing documentation, a problem I try
(and I hope you too) try do solve with this discussion.
More information about the krbdev