[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GSSAPI and realm lookup hook
On Thu, 13 Dec 2007 21:28:01 +0100
Love Hörnquist Åstrand <lha@kth.se> wrote:
> Hello Fred, Michael,
>
> If you propose a plugin interface, I would happly add it to heimdal
Well if you follow your existing plugin technique the below would be
work (I think - I just wrote this free-hand). The only problem I
have with this is that I would like to be able to get to the krb5_context
(e.g. for calling krb5_set_error_string, krb5_getportbyname, etc).
typedef krb5_error_code
(*krb5plugin_service_realm_lookup) (void *,
const char *targethost,
int (*)(void *,const char *),
void *);
typedef struct krb5plugin_service_realm_ftable {
int minor_version;
krb5_error_code (*init)(krb5_context, void **);
void (*fini)(void *);
krb5plugin_service_realm_lookup lookup;
} krb5plugin_service_realm_ftable;
...
static krb5_error_code
my_lookup(void *ctx,
const char *targethost,
int (*add)(void *,const char *),
void *addctx)
{
char realm[MAXHOSTNAMELEN];
if (do_some_kind_of_realm_lookup(ctx, targethost, realm, sizeof(realm)) < 0)
return KRB5_ERR_HOST_REALM_UNKNOWN;
(*add)(addctx, realm);
return 0;
}
krb5plugin_service_realm_ftable my = {
0,
my_init,
my_fini,
my_lookup
};
int
main(int argc, char **argv)
{
...
ret = krb5_plugin_register(context, PLUGIN_TYPE_DATA, "my", &my);
...
}
> 12 dec 2007 kl. 21.35 skrev Zeqing (Fred) Xia:
>
> >
> > That's right. I need to add specialized logic to determine the realm
> > name given a host name. The application will then be able to use its
> > own logic to influence the decision.
> >
> > Thanks.
> >
> >
> >
> > Fred
> >
> >
> > -----Original Message-----
> > From: Michael B Allen [mailto:miallen@ioplex.com]
> > Sent: Wed 12/12/2007 9:48 AM
> > To: Zeqing (Fred) Xia
> > Cc: heimdal-discuss@sics.se
> > Subject: Re: GSSAPI and realm lookup hook
> >
> > On Wed, 12 Dec 2007 09:22:20 -0800
> > "Zeqing (Fred) Xia" <fxia@juniper.net> wrote:
> >
> >>
> >> Thanks a lot for the info. I was going to patch
> >> krb5_get_host_realm() in get_host_realm.c.
> >
> > I see. You want the realms for a host, not the hosts for a realm. Yes,
> > get_host_realm.c would be the right place to do that.
> >
> > I've overloaded that myself too but for different reasons no doubt
> > [1].
> >
> > Mike
> >
> > [1] http://www.stacken.kth.se/lists/heimdal-discuss/2007-03/msg00038.html
> >
> >> -----Original Message-----
> >> From: Michael B Allen [mailto:miallen@ioplex.com]
> >> Sent: Tue 12/11/2007 11:08 PM
> >> To: Zeqing (Fred) Xia
> >> Cc: heimdal-discuss@sics.se
> >> Subject: Re: GSSAPI and realm lookup hook
> >>
> >> On Tue, 11 Dec 2007 18:48:15 -0800
> >> "Zeqing (Fred) Xia" <fxia@juniper.net> wrote:
> >>
> >>> Hi All,
> >>>
> >>> I have a need to do realm lookup with a plugin, because the current
> >>> realm determination logic, other than dns lookup, is not
> >>> sufficient for
> >>> the scenario I'm dealing with.
> >>
> >> Hi Fred,
> >>
> >> Do you mean that you want to alter how Heimdal resolves servers given
> >> a realm?
> >>
> >> I don't know about the new plugin code but I have found that
> >> replacing
> >> lib/krb5/krbhst.c:srv_find_realm with my own implementation works
> >> quite well since the data structures involved are isolated and
> >> non-complicated.
--
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/