[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: gss_wrap/gss_unwrap sasl buffers?
On Sun, 28 Jan 2007 14:42:54 -0800
Howard Chu <hyc@symas.com> wrote:
> Michael B Allen wrote:
> > Anyway, I have GSS-SPNEGO almost working (only wrapping outgoing
> > messages at the moment, unwrapping is tomorrow) but it required
> > modifying libldap and liblber. I added an ldap_set_inspect_hdlr
> > function that sets read/write callbacks. They're invoked in
> > sockbuf.c:{ber_int_sb_read,ber_int_sb_write} if Sockbuf has a handler
> > installed. The user must supply handler that read/write and "inspect"
> > the buffers possibly writing alternative data (ie the gss_wrap'd data).
> >
> > The modifications were pretty simple and clean. Is there a better way?
>
> Assuming that OpenLDAP was the appropriate home for such code (which it is
> not) the correct approach would be to write a new Sockbuf handler and push it
> onto the existing stack of handlers. That's how both SASL and TLS are
> implemented. Mucking with sockbuf.c itself is definitely the wrong way. The
> whole point of the sockbuf infrastructure is that it allows arbitrary
> processing layers to be stacked without having to modify any core code.
Yup. That's exactly what I'm doing now. I just didn't see it before
but cyrus.c seems to be the model for what I want to do. And I see
ber_sockbuf_add_io et al is public so I'm hoping I can do it without
touching libldap or liblber at all.
For reasons not worth dicussing I'm not very interested in using libsasl
(at least not cyrus).
Thanks,
Mike
PS: OpenLDAP is nice code. Well organised and understandable. Thanks to
those involved.