RFR 6722928: Support SSPI as a native GSS-API provider

Weijun Wang weijun.wang at oracle.com
Wed Jan 2 02:59:26 UTC 2019



> On Dec 31, 2018, at 2:36 PM, Nico Williams <Nico.Williams at twosigma.com> wrote:
> 
> On Fri, Dec 28, 2018 at 09:07:04PM +0800, Weijun Wang wrote:
>> If we are not going to use or implement new functions defined in RFC 5587, I
>> doubt if this is useful.
> 
> Using pointers to incomplete structs is much better than pointers to
> void: you get static type safety.  When we made that change in Solaris'
> libgss we found at least one serious bug.
> 
>> And I don't think we can rewrite existing declarations in gssapi.h to use
>> these const types. Or can we?
> 
> Actually, you can.  Heimdal and MIT made those changes.

Can you point out where they are using the new types in existing function declarations? I searched for gss_const_buffer_t in their repos and it only appears in new functions.

I understand it's probably ABI-compatible to use the new types. I am OK with using them temporarily for compile check but feel uncomfortable to modify the existing gssapi.h, especially it is also used by the native bridge itself.

Thanks,
Max

> 
> Nico
> -- 




More information about the security-dev mailing list