[Cvsnt] gserver impersonation

Tony Hoyle tmh at nothing-on.tv
Mon Feb 25 21:15:25 GMT 2002 

Brian Smith wrote:
>>> (1) when is the disconnect function supposed to be called (e.g.
>>> gserver_disconnect)? It doesn't seem like it is ever getting called.
>>>
>
> On the client or the server? Could you add a little more documentation
> to about the protocol_interface structure describing when each of the
> functions is supposed to be called, and whether they are called on the
> client and/or the server?
>
In the client.  Basically it goes like:

destroy
            - both   - class destructor
validate_details   - client - called during cvsroot parsing
connect            - client - called after parsing to connect server
disconnect         - client - (should be) called when the client exits
login              - client - called by 'cvs login'
logout             - client - called by 'cvs logout'
wrap               - both   - perform encryption/decryption and signing
auth_protocol_connect - server - check if authentication is valid for
				this library
get_port
    - client - get port number
read_data
    - client - Read data from the server
write_data
    - client - Write data to the server
flush_data
    - client - flush write buffers
shutdown
    - client - shutdown server socket
impersonate
    - server - perform protocol specific impersonation

The server side always uses stdin/stdout to communicate so it's a lot
simpler to implement.

>> Mapping the DLLs is just a matter of deciding search order (calling it
>> 'protocol_adgserver.dll' would be enough, as the filenames come in in
>> alphabetical order).  The AD version would have to be a separate file
>> (replacing the gssapi_win32 stuff probably) - The MIT stuff has to
>> stay the same for the unix versions.
>
>
> I don't think that will work because I want to be able to support MIT
> Kerberos on Windows 2000 too. Instead, I am thinking of having a single
> "gserver_protocol" DLL that uses a flag to decide between MIT and
> Microsoft implementations (each of which would reside in a different DLL).

You can do it that way with a flag as well - just make the first
protocol dll return CVSPROTO_NOTME if it's disabled.  On NT4 of course
the AD DLL won't even load (because it will be linked to Win2k libraries).

If you can make it work with a single DLL without getting overly complex
(and without breaking the unix version) then go ahead...

Tony

_______________________________________________
Cvsnt mailing list
Cvsnt at cvsnt.org
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt

More information about the cvsnt mailing list