RFR 6722928: Support SSPI as a native GSS-API provider

Nico Williams Nico.Williams at twosigma.com
Wed Jan 2 22:23:41 UTC 2019


On Wed, Jan 02, 2019 at 04:21:52PM +0000, Nico Williams wrote:
> On Wed, Jan 02, 2019 at 10:59:26AM +0800, Weijun Wang wrote:
> > > On Dec 31, 2018, at 2:36 PM, Nico Williams <Nico.Williams at twosigma.com> wrote:
> > > On Fri, Dec 28, 2018 at 09:07:04PM +0800, Weijun Wang wrote:
> > >> If we are not going to use or implement new functions defined in RFC 5587, I
> > >> doubt if this is useful.
> > > 
> > > Using pointers to incomplete structs is much better than pointers to
> > > void: you get static type safety.  When we made that change in Solaris'
> > > libgss we found at least one serious bug.
> > > 
> > >> And I don't think we can rewrite existing declarations in gssapi.h to use
> > >> these const types. Or can we?
> > > 
> > > Actually, you can.  Heimdal and MIT made those changes.
> > 
> > Can you point out where they are using the new types in existing function
> > declarations? I searched for gss_const_buffer_t in their repos and it only
> > appears in new functions.
> 
> I'll change Heimdal (I'm a maintainer).  Thanks for noticing that.

Actually, Heimdal does constify older functions with the new gss_const_*
typedefs, e.g.:

https://github.com/heimdal/heimdal/blob/master/lib/gssapi/gssapi/gssapi.h#L473

MIT does not; I've told them, so hopefully they make this change as well.

Nico
-- 



More information about the security-dev mailing list