RFR 6722928: Support SSPI as a native GSS-API provider
Nico Williams
Nico.Williams at twosigma.com
Wed Jan 2 16:21:52 UTC 2019
On Wed, Jan 02, 2019 at 10:59:26AM +0800, Weijun Wang wrote:
> > On Dec 31, 2018, at 2:36 PM, Nico Williams <Nico.Williams at twosigma.com> wrote:
> > On Fri, Dec 28, 2018 at 09:07:04PM +0800, Weijun Wang wrote:
> >> If we are not going to use or implement new functions defined in RFC 5587, I
> >> doubt if this is useful.
> >
> > Using pointers to incomplete structs is much better than pointers to
> > void: you get static type safety. When we made that change in Solaris'
> > libgss we found at least one serious bug.
> >
> >> And I don't think we can rewrite existing declarations in gssapi.h to use
> >> these const types. Or can we?
> >
> > Actually, you can. Heimdal and MIT made those changes.
>
> Can you point out where they are using the new types in existing function
> declarations? I searched for gss_const_buffer_t in their repos and it only
> appears in new functions.
I'll change Heimdal (I'm a maintainer). Thanks for noticing that.
> I understand it's probably ABI-compatible to use the new types. I am OK with
> using them temporarily for compile check but feel uncomfortable to modify the
> existing gssapi.h, especially it is also used by the native bridge itself.
It is both, an ABI- and a source-compatible change to make.
Nico
--
More information about the security-dev
mailing list