On Sun, Jun 23, 2002 at 04:31:06PM +0200, Tomas Svensson wrote:
> Sunday, June 23, 2002, 4:39:14 AM, you wrote:
> 
> AC> I plan to commit this next week, if there are no objections.  The patch
> AC> is in ftp://ftp.netbsd.org/pub/incoming/aidan/ftp-patch.tgz .
> 
> A much cleaner way (instead of changing every printf into sec_printf
> which breaks fflush and ferror, and the byte counting of cprintf,
> CPUTC etc) would be to change the FILE* functions (_read, _close,
> _seek, _write) of stdout/stdin, so that every method has it's own
> sec_write(FILE*, const char*, size_t), sec_read, sec_init, sec_close
> and sec_seek.

I agree in principle, but I can't do that in practice since there's no
portable API into the _read, _close, &c. methods in the FILE structure.
If we were using something like SFIO (which has a defined API for
stacking data transformers on input and output), I'd definitely go that
route, but stdio doesn't support it, so I don't do it.

fflush is unnecessary with the sec_file structure...  We're using
read()s and write()s directly, so we have control over the buffering
strategy.  ferror may be a problem...  It needs investigation.

> I still think that each method should handle everything after AUTH
> themselves too, since there's no other suitable methods besides gssapi
> and TLS. Right now too much in secure-server.c and secure-common.c is
> for gssapi and needs to be changed for TLS.

I'm reading the draft, now...

> The code probably needs a little cleanup too, for example the below
> isn't too pretty: 
> 
>     if(mech && !sec_complete) {
>         void *buf = malloc(strlen(auth_data));
>         size_t len; 

That's straight out of Heimdal, which I didn't want to change more
than I considered necessary.  There's bugs there, though, so I'll
audit it more carefully before committing.

--aidan