RFR 6722928: Support SSPI as a native GSS-API provider

Nico Williams Nico.Williams at twosigma.com
Wed Jan 2 16:21:52 UTC 2019


On Wed, Jan 02, 2019 at 10:59:26AM +0800, Weijun Wang wrote:
> > On Dec 31, 2018, at 2:36 PM, Nico Williams <Nico.Williams at twosigma.com> wrote:
> > On Fri, Dec 28, 2018 at 09:07:04PM +0800, Weijun Wang wrote:
> >> If we are not going to use or implement new functions defined in RFC 5587, I
> >> doubt if this is useful.
> > 
> > Using pointers to incomplete structs is much better than pointers to
> > void: you get static type safety.  When we made that change in Solaris'
> > libgss we found at least one serious bug.
> > 
> >> And I don't think we can rewrite existing declarations in gssapi.h to use
> >> these const types. Or can we?
> > 
> > Actually, you can.  Heimdal and MIT made those changes.
> 
> Can you point out where they are using the new types in existing function
> declarations? I searched for gss_const_buffer_t in their repos and it only
> appears in new functions.

I'll change Heimdal (I'm a maintainer).  Thanks for noticing that.

> I understand it's probably ABI-compatible to use the new types. I am OK with
> using them temporarily for compile check but feel uncomfortable to modify the
> existing gssapi.h, especially it is also used by the native bridge itself.

It is both, an ABI- and a source-compatible change to make.

Nico
-- 



More information about the security-dev mailing list