[20506] in Kerberos_V5_Development
Using std::regex for pkinit on Windows
daemon@ATHENA.MIT.EDU (Ken Hornstein via krbdev)
Fri Nov 22 21:30:53 2024
Message-Id: <202411230230.4AN2UdkY009513@hedwig.cmf.nrl.navy.mil>
To: krbdev@mit.edu
MIME-Version: 1.0
Date: Fri, 22 Nov 2024 21:30:39 -0500
From: Ken Hornstein via krbdev <krbdev@mit.edu>
Reply-To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
A while back I brought up the issue of the PKINIT plugin not being
supported on Windows, and it seemed like the sticking point was the
lack of availability of a license-compatible C regular expression library on
Windows. At the time Greg did bring up maybe trying to write some glue
to call the C++ std::regex functions but I thought that would have been
too hairy.
I had reason to revisit that thought recently, and I decided to look
harder at it. It turns out that it was a lot simpler than I thought,
so after some noodling around I was able to cobble together some simple
glue code that made a regex(3)-compatible API that called std::regex.
It's not yet completely complete and I only tested this on MacOS X for
starters, but let's presume there won't be huge issues with getting it
working on Windows.
What comes to mind, though, is should this code be specific to PKINIT
or to the rest of the krb5 libraries in general? From my looking
besides PKINIT, regular expression calls are used in the following
places:
- The kadm5srv library (for principal matching for "getprincs")
- The kadmin "dump" command
- The "update_princ_encryption" command for dbutil
- The "RULE" type for a2ln rules
That's not a lot, and I know the KDC isn't supported on Windows but I
wonder if that's because of the lack of regex support or other things.
This begs the question: should this glue code be specific to PKINIT or
should it be a general Kerberos compatibility layer? The latter might
end up pulling in a C++ library dependency for all Kerberos programs so
that might not be desirable (but maybe no one would even notice such a
thing).
--Ken
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
