RFR 6722928: Support SSPI as a native GSS-API provider
Weijun Wang
weijun.wang at oracle.com
Wed Jan 2 02:59:26 UTC 2019
> On Dec 31, 2018, at 2:36 PM, Nico Williams <Nico.Williams at twosigma.com> wrote:
>
> On Fri, Dec 28, 2018 at 09:07:04PM +0800, Weijun Wang wrote:
>> If we are not going to use or implement new functions defined in RFC 5587, I
>> doubt if this is useful.
>
> Using pointers to incomplete structs is much better than pointers to
> void: you get static type safety. When we made that change in Solaris'
> libgss we found at least one serious bug.
>
>> And I don't think we can rewrite existing declarations in gssapi.h to use
>> these const types. Or can we?
>
> Actually, you can. Heimdal and MIT made those changes.
Can you point out where they are using the new types in existing function declarations? I searched for gss_const_buffer_t in their repos and it only appears in new functions.
I understand it's probably ABI-compatible to use the new types. I am OK with using them temporarily for compile check but feel uncomfortable to modify the existing gssapi.h, especially it is also used by the native bridge itself.
Thanks,
Max
>
> Nico
> --
More information about the security-dev
mailing list