KDC Audit project

Dmitri Pal dpal at redhat.com
Mon Jan 14 07:55:37 EST 2013 

On 01/13/2013 09:44 PM, Nico Williams wrote:
> On Thu, Jan 10, 2013 at 6:51 PM, Dmitri Pal <dpal at redhat.com> wrote:
>> On 01/10/2013 06:42 PM, Nico Williams wrote:
>>> Right, we agree.  Might I suggest the use of libheimbase for
>>> representing the structured event data in MIT Kerberos?  It's...
>>> really easy to use.  It's basically duck-typed data types for C, with
>>> array and dict container types and various scalar types (string,
>>> number, boolean, null), patterned after Core Foundation.
>> Can you post a pointer to a header please?
> https://github.com/heimdal/heimdal/tree/master/lib/base
>
> In particular look at heimbase.h
> (https://github.com/heimdal/heimdal/blob/master/lib/base/heimbase.h).
>
> There's doxygen docs in the sources.
>
> Note that there's JSON support (with some rough edges) and even
> XPath-like functionality -- very, very dumbed-down XPath, but still.
>
> To get use a dict you'd:
>
>   int ret;
>   heim_dict_t d;
>   heim_string_t k;
>   heim_number_t v;
>
>   d = heim_dict_create(19); /* 19 is the number of hash table buckets */
>   if (d == NULL)
>     ...
>
>   s = heim_string_create("some key");
>   if (s == NULL)
>     ...
>
>   n = heim_number_create(5);
>
>   ret = heim_dict_set_value(k, n);
>
>   if (ret)
>     /* handle ENOMEM */
>     ...
>
> Or to use JSON:
>
>   heim_object_t o, o2;
>   heim_error_t e;
>   heim_string path_el0, path_el2;
>   heim_number_t path_el1;
>
>   o = heim_json_create("{ some: [1, 2, { foo: \"bar\" }] }", 10,
> HEIM_JSON_F_STRICT, &e);
>   if (o == NULL)
>     /* Handle error */
>     ...
>
>   /* Get "some"/2/"foo", i.e., "bar" */
>   path_el0 = heim_string_create("some");
>   path_el1 = heim_number_create(2);
>   path_el2 = heim_string_create("foo");
>   o2 = heim_path_get(o, NULL, path_el0, path_el1, path_el2);
>   ...
>
> Memory management is semi-automated: you can heim_release() a root
> object and the release will be deep.  And objects are reference
> counted (except things like numbers, which as immediate values).
>
> Another nice touch is heim_show(), which is designed so you can call
> it from gdb to dump these objects.
>
> Nico
> --
> _______________________________________________
> krbdev mailing list             krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
>
>


This is nice but not exactly what I had in mind.
What is missing IMO is ability to combine objects into objects.
May be I am missing something but array or dictionary interfaces manage
objects but not objects themselves which does not allow for hierarchy
creation.
So the only choice for our use case is to construct JSON but the JSON
support of the library is pretty limited it can't manipulate JSON and
build it up from the elements, you have to have a string and then
serialize it.
By a quick look it seems that a c-JSON like library would fit better.

If on the other hand you plan to add ability to construct nested objects
to the library then it would also solve the problem and make the library
very useful.


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

More information about the krbdev mailing list