[540] in Kerberos_V5_Development
Re: subroutines used by two modules
tytso@ATHENA.MIT.EDU (tytso@ATHENA.MIT.EDU)
Wed Dec 19 11:21:44 1990
We might want to go with (1) actually, since it turns out that kprop and
kpropd will also need to use krb5_read_message() and
krb5_write_message(). They're useful functions to have around, since
it's the easiest way to pass the various AP_REQ, AP_REP, KRB_SAFE, and
KRB_PRIV messages around. By passing the # of bytes over first (in
network byte order, of course), you read in a message with two calls to
krb5_net_read(). Short simple, minimal number of context switches, all
that good stuff.
If instead we use some sort of scheme involving ASN.1, there's no way to
ensure that we'll know how big the message will be in advance, since the
Basic Encoding Rules allow for an indefinite form, in which case there's
no way to figure out how much to read from the network except by parsing
a little, then reading a little bit more from the network, ad nasuem.
This is extremely inefficient, not to mention a pain to code.
Therefore, if you're going to be writing an application, you either need
to buy off on ASN.1 entirely --- and start using the ASN.1 compilers to
do your entire network protocol --- or, you need something like
krb5_{read,write}_message() that treats the various AP_REQ, et. al.
messages as magic strings which you send over a TCP/IP stream by sending
a length followed by the data. In the latter case, application doesn't
need to know anything about ASN.1 or even that Kerberos V is using them.
(Except maybe because the Kerberos V messages are much larger than the
corresponding Kerberos IV messages. :-)
