RFR 6722928: Support SSPI as a native GSS-API provider
Nico Williams
Nico.Williams at twosigma.com
Wed Jan 2 22:23:41 UTC 2019
On Wed, Jan 02, 2019 at 04:21:52PM +0000, Nico Williams wrote:
> On Wed, Jan 02, 2019 at 10:59:26AM +0800, Weijun Wang wrote:
> > > On Dec 31, 2018, at 2:36 PM, Nico Williams <Nico.Williams at twosigma.com> wrote:
> > > On Fri, Dec 28, 2018 at 09:07:04PM +0800, Weijun Wang wrote:
> > >> If we are not going to use or implement new functions defined in RFC 5587, I
> > >> doubt if this is useful.
> > >
> > > Using pointers to incomplete structs is much better than pointers to
> > > void: you get static type safety. When we made that change in Solaris'
> > > libgss we found at least one serious bug.
> > >
> > >> And I don't think we can rewrite existing declarations in gssapi.h to use
> > >> these const types. Or can we?
> > >
> > > Actually, you can. Heimdal and MIT made those changes.
> >
> > Can you point out where they are using the new types in existing function
> > declarations? I searched for gss_const_buffer_t in their repos and it only
> > appears in new functions.
>
> I'll change Heimdal (I'm a maintainer). Thanks for noticing that.
Actually, Heimdal does constify older functions with the new gss_const_*
typedefs, e.g.:
https://github.com/heimdal/heimdal/blob/master/lib/gssapi/gssapi/gssapi.h#L473
MIT does not; I've told them, so hopefully they make this change as well.
Nico
--
More information about the security-dev
mailing list