[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GSSAPI and realm lookup hook

To: "Zeqing (Fred) Xia" <fxia@juniper.net>
Subject: Re: GSSAPI and realm lookup hook
From: Michael B Allen <miallen@ioplex.com>
Date: Fri, 14 Dec 2007 15:02:08 -0500
Cc: Love Hörnquist Åstrand <lha@kth.se>, <heimdal-discuss@sics.se>
In-Reply-To: <61663514904A90488C38CE60FEDF67F40535A057@antitop.jnpr.net>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
Organization: IOPLEX Software
References: <20071214001032.805f0a8a.miallen@ioplex.com><61663514904A90488C38CE60FEDF67F40535A057@antitop.jnpr.net>
Reply-To: heimdal-discuss@sics.se, Michael B Allen <miallen@ioplex.com>

On Fri, 14 Dec 2007 10:53:07 -0800
"Zeqing (Fred) Xia" <fxia@juniper.net> wrote:

> On another note, I wonder if the DNS lookup plugin function can be extended so that the plugin can not only tell Kerberos the IP but also the protocol to be used for connecting to KDC.

Why not supply everything to build a struct krb5_krbhst_info?

The krbhst.c:add_locate function builds krb5_krbhst_info structures
which are fairly self-contained so the callback could simply supply
those structures:

struct krb5_krbhst_info {
    enum { KRB5_KRBHST_UDP,
       KRB5_KRBHST_TCP,
       KRB5_KRBHST_HTTP } proto;
    unsigned short port;
    unsigned short def_port;
    struct addrinfo *ai;
    struct krb5_krbhst_info *next;
    char hostname[1];
};

Or, a 'struct addrinfo' would be sufficient I think:

struct addrinfo {
    int     ai_flags;
    int     ai_family;
    int     ai_socktype;
    int     ai_protocol;
    size_t  ai_addrlen;
    struct sockaddr *ai_addr;
    char   *ai_canonname;
    struct addrinfo *ai_next;
};

So the callback could be roughly:

krb5_error_code 
add_locate(void *ctx,
        int type,
        const struct addrinfo *ai)
{
    struct krb5_krbhst_info *hi;
    ...
    hi->proto = ai->ai_protocol;
    if (ai->ai_family == AF_INET) {
        struct sockaddr_in *sin = (struct sockaddr_in *)ai->ai_addr;
        hi->port = sin->sin_port;
    } else if (ai->ai_fam...
    }
    // copy ai to hi->ai
    strcpy(hi->hostname, ai->ai_canonname);
    ...

Mike

-- 
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/

Follow-Ups:
- RE: GSSAPI and realm lookup hook
  - From: "Zeqing (Fred) Xia" <fxia@juniper.net>

References:
- Re: GSSAPI and realm lookup hook
  - From: Michael B Allen <miallen@ioplex.com>
- RE: GSSAPI and realm lookup hook
  - From: "Zeqing (Fred) Xia" <fxia@juniper.net>

Prev by Date: RE: GSSAPI and realm lookup hook
Next by Date: Listing of anesthesiologists and 34 more specialties
Prev by thread: RE: GSSAPI and realm lookup hook
Next by thread: RE: GSSAPI and realm lookup hook
Index(es):
- Date
- Thread