On Sun, 28 Jan 2007 14:42:54 -0800 Howard Chu hyc@symas.com wrote:
Michael B Allen wrote:
Anyway, I have GSS-SPNEGO almost working (only wrapping outgoing messages at the moment, unwrapping is tomorrow) but it required modifying libldap and liblber. I added an ldap_set_inspect_hdlr function that sets read/write callbacks. They're invoked in sockbuf.c:{ber_int_sb_read,ber_int_sb_write} if Sockbuf has a handler installed. The user must supply handler that read/write and "inspect" the buffers possibly writing alternative data (ie the gss_wrap'd data).
The modifications were pretty simple and clean. Is there a better way?
Assuming that OpenLDAP was the appropriate home for such code (which it is not) the correct approach would be to write a new Sockbuf handler and push it onto the existing stack of handlers. That's how both SASL and TLS are implemented. Mucking with sockbuf.c itself is definitely the wrong way. The whole point of the sockbuf infrastructure is that it allows arbitrary processing layers to be stacked without having to modify any core code.
Yup. That's exactly what I'm doing now. I just didn't see it before but cyrus.c seems to be the model for what I want to do. And I see ber_sockbuf_add_io et al is public so I'm hoping I can do it without touching libldap or liblber at all.
For reasons not worth dicussing I'm not very interested in using libsasl (at least not cyrus).
Thanks, Mike
PS: OpenLDAP is nice code. Well organised and understandable. Thanks to those involved.