RFR 6722928: Support SSPI as a native GSS-API provider

Weijun Wang weijun.wang at oracle.com
Thu Jan 17 15:19:14 UTC 2019


Webrev updated at

   https://cr.openjdk.java.net/~weijun/6722928/webrev.03

Changes since webrev.02:

- gss_name_struct, gss_ctx_id_struct, and gss_cred_id_struct defined and gssapi.h is updated to use them to define pointer types gss_name_t, gss_cred_id_t, and gss_ctx_id_t.

- small bug found in NativeFunc.h with the new types above defined.

- A bug found in NegTokenTarg.java. The responseToken field was duplicated as the mechListMIC field. I don't know the history but this could not be correct.

Others in sspi.cpp:

- debug output not on stderr.

- Since AcquireCredentialsHandle cannot return a useful timestamp, use the endTime in TGT.

- No more translation between krb5 token and SPNEGO token. SEC_WINNT_AUTH_IDENTITY_EX.PackageList is now used to only enable kerberos in SPNEGO. Thus gss_cred_id_struct contains 2 CredHandles now.

- Other fine tuning. For example, all functions and variables now start with lowercase letters.

Thanks
Max




More information about the security-dev mailing list