[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GSSAPI and realm lookup hook

On Fri, 14 Dec 2007 10:53:07 -0800
"Zeqing (Fred) Xia" <fxia@juniper.net> wrote:

> On another note, I wonder if the DNS lookup plugin function can be extended so that the plugin can not only tell Kerberos the IP but also the protocol to be used for connecting to KDC.

Why not supply everything to build a struct krb5_krbhst_info?

The krbhst.c:add_locate function builds krb5_krbhst_info structures
which are fairly self-contained so the callback could simply supply
those structures:

struct krb5_krbhst_info {
    enum { KRB5_KRBHST_UDP,
       KRB5_KRBHST_HTTP } proto;
    unsigned short port;
    unsigned short def_port;
    struct addrinfo *ai;
    struct krb5_krbhst_info *next;
    char hostname[1];

Or, a 'struct addrinfo' would be sufficient I think:

struct addrinfo {
    int     ai_flags;
    int     ai_family;
    int     ai_socktype;
    int     ai_protocol;
    size_t  ai_addrlen;
    struct sockaddr *ai_addr;
    char   *ai_canonname;
    struct addrinfo *ai_next;

So the callback could be roughly:

add_locate(void *ctx,
        int type,
        const struct addrinfo *ai)
    struct krb5_krbhst_info *hi;
    hi->proto = ai->ai_protocol;
    if (ai->ai_family == AF_INET) {
        struct sockaddr_in *sin = (struct sockaddr_in *)ai->ai_addr;
        hi->port = sin->sin_port;
    } else if (ai->ai_fam...
    // copy ai to hi->ai
    strcpy(hi->hostname, ai->ai_canonname);


Michael B Allen
PHP Active Directory SPNEGO SSO