RFR 6722928: Support SSPI as a native GSS-API provider

Weijun Wang weijun.wang at oracle.com
Wed Jan 2 23:39:19 UTC 2019



> On Jan 3, 2019, at 6:23 AM, Nico Williams <Nico.Williams at twosigma.com> wrote:
> 
> On Wed, Jan 02, 2019 at 04:21:52PM +0000, Nico Williams wrote:
>> On Wed, Jan 02, 2019 at 10:59:26AM +0800, Weijun Wang wrote:
>>>> On Dec 31, 2018, at 2:36 PM, Nico Williams <Nico.Williams at twosigma.com> wrote:
>>>> On Fri, Dec 28, 2018 at 09:07:04PM +0800, Weijun Wang wrote:
>>>>> If we are not going to use or implement new functions defined in RFC 5587, I
>>>>> doubt if this is useful.
>>>> 
>>>> Using pointers to incomplete structs is much better than pointers to
>>>> void: you get static type safety.  When we made that change in Solaris'
>>>> libgss we found at least one serious bug.
>>>> 
>>>>> And I don't think we can rewrite existing declarations in gssapi.h to use
>>>>> these const types. Or can we?
>>>> 
>>>> Actually, you can.  Heimdal and MIT made those changes.
>>> 
>>> Can you point out where they are using the new types in existing function
>>> declarations? I searched for gss_const_buffer_t in their repos and it only
>>> appears in new functions.
>> 
>> I'll change Heimdal (I'm a maintainer).  Thanks for noticing that.
> 
> Actually, Heimdal does constify older functions with the new gss_const_*
> typedefs, e.g.:
> 
> https://github.com/heimdal/heimdal/blob/master/lib/gssapi/gssapi/gssapi.h#L473

You're right, I only searched for gss_const_buffer_t.

--Max

> 
> MIT does not; I've told them, so hopefully they make this change as well.
> 
> Nico
> -- 



More information about the security-dev mailing list