Pushing the ABI to the limit (Re: kinit -S and krb 1.6)

[Nicolas Williams]

On Mon, Jul 30, 2007 at 07:00:26PM +0200, Mark Phalan wrote:
> The fundamental problem is that its not known how the service name
> passed to krb5_get_init_creds() was generated and hence its not clear
> how to cache the resulting principal - with or without the realm.

Even more fundamentally: we're constrained by the ABI to not change the
layouts, and even the sizes, of any structures that appear in krb5.h.

In particular we cannot change the sizes of any structures that might be
allocated via automatic variable declarations.

This is a terrible state of affairs, and a solution will be needed.

Some possible, broad approaches:

 - new API, new ABI

    - lots of development work
    - lots of migration work
    - ouch

 - new magic values, structure constructors

    - provide constructors for all types we want to extend
    - deprecate automatic and other non-constructor allocation of such
      types
    - add new, opaque things to the ends of such types (but with new
      names, such as _krb5_principal_ext)
    - use new magic values to determine whether a given instance of a
      type (like krb5_principal) can be cast to the new type.

    - easy to do
    - more branches, harder to maintain

Nico
--