Hi guys,
I'm now hitting a wall with the codec.
We used a technique where each message is having its own grammar, as
many messages are used in other messages. For instance, a Ticket is used
as a standalone message, but also in a KDC-REQ-BODY, a KDC-REP, an
AP-REP, a KRB-CRED. Sadly, if we do call another grammar from inside a
grammar, then if the PDU is fragmented, we have no way to start again
where we just stopped, as we have to go down to the grammar we are
dealing with.
This is not currently handled.
I have to think about it and try to find a fix for that.
Otherwise, we still can process the Kerberos messages in one big
grammar, as it's done for LDAP, but it will be a giant one, as we won't
be able to factorize the decoding of common parts like PrincipalName
(one of the issue is that if you depend on a part of the grammar to
decode, say, a PrincipalName, then we have to know what will be the next
step. Here, we have some conflict, as a PrincipalName may be present
inside many message, but with no way to now what was the message we were
decoding).
I will try to think about options.
Note that this is not totally a dead end. What has been done is not lost.
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
