Examining structures exposed in the API

Love lha at stacken.kth.se
Tue Mar 11 16:58:32 EST 2003 

Sam Hartman <hartmans at MIT.EDU> writes:

> Love asks us to compare our API against Heimdal and see what we can do
> to provide people with a way to write portable programs that access
> values currently in exposed structures.  In particular, the
> krb5_credentials and krb5_ticket structures are exposed.

This is the three first issues I found, more to come.

- krb5_address

  KRB5_ADDRESS_* vs ADDRTYPE_*

It would be sad if heimdal needed to pollute the namespace, can you add
support glue ?

  addrtype vs addr_type
  length vs address.length
  address vs address.data

A function to set all this would be good, I think a function pair like this
would be useful for (unix) applications.

     krb5_error_code
     krb5_sockaddr2address(krb5_context context, const struct sockaddr *sa,
             krb5_address *addr);

     krb5_error_code
     krb5_addr2sockaddr(krb5_context context, const krb5_address *addr,
             struct sockaddr *sa, krb5_socklen_t *sa_size, int port);

     krb5_sockaddr2address() stores a address a struct sockaddr sa in the
     krb5_address addr.

     krb5_addr2sockaddr() sets the struct sockaddr sockaddr from addr and
     port.  Sa_size should be initially contain the size of the sa, and after
     the call, it will contain the actual length of the address.

There are more useful address functions in heimdal, but I don't think they
apply in this discussion.

How should a set function look like if not using a struct sockaddr ?

- ENCTYPE_ARCFOUR_HMAC vs ENCTYPE_ARCFOUR_HMAC_MD5
- ENCTYPE_ARCFOUR_HMAC_EXP vs ENCTYPE_ARCFOUR_HMAC_MD5_56

I can see why mit named them they way they did (from the draft), in
this case I think heimdal should add compat glue.

- krb5_free_ktypes

Does what, free function of krb5_get_permitted_enctypes and
krb5_is_permitted_enctype ? I think its badly named (ktypes takes a
etype argument)

Where in the code is krb5_is_permitted_enctype allowed to be used ? In
clint code or just in kdc/kadmin ? Samba 3.0 uses it for determin what
keyes to use when parsing a request (server end).

I think samba does horriable things, but that is another story. I think
that comes from guessing from non-existing documentation, a problem I try
(and I hope you too) try do solve with this discussion.

Love

More information about the krbdev mailing list