KDC Audit project

Nico Williams nico at cryptonector.com
Sun Jan 13 21:44:45 EST 2013

On Thu, Jan 10, 2013 at 6:51 PM, Dmitri Pal <dpal at redhat.com> wrote:
> On 01/10/2013 06:42 PM, Nico Williams wrote:
>> Right, we agree.  Might I suggest the use of libheimbase for
>> representing the structured event data in MIT Kerberos?  It's...
>> really easy to use.  It's basically duck-typed data types for C, with
>> array and dict container types and various scalar types (string,
>> number, boolean, null), patterned after Core Foundation.
> Can you post a pointer to a header please?


In particular look at heimbase.h

There's doxygen docs in the sources.

Note that there's JSON support (with some rough edges) and even
XPath-like functionality -- very, very dumbed-down XPath, but still.

To get use a dict you'd:

  int ret;
  heim_dict_t d;
  heim_string_t k;
  heim_number_t v;

  d = heim_dict_create(19); /* 19 is the number of hash table buckets */
  if (d == NULL)

  s = heim_string_create("some key");
  if (s == NULL)

  n = heim_number_create(5);

  ret = heim_dict_set_value(k, n);

  if (ret)
    /* handle ENOMEM */

Or to use JSON:

  heim_object_t o, o2;
  heim_error_t e;
  heim_string path_el0, path_el2;
  heim_number_t path_el1;

  o = heim_json_create("{ some: [1, 2, { foo: \"bar\" }] }", 10,
  if (o == NULL)
    /* Handle error */

  /* Get "some"/2/"foo", i.e., "bar" */
  path_el0 = heim_string_create("some");
  path_el1 = heim_number_create(2);
  path_el2 = heim_string_create("foo");
  o2 = heim_path_get(o, NULL, path_el0, path_el1, path_el2);

Memory management is semi-automated: you can heim_release() a root
object and the release will be deep.  And objects are reference
counted (except things like numbers, which as immediate values).

Another nice touch is heim_show(), which is designed so you can call
it from gdb to dump these objects.


More information about the krbdev mailing list