RFR 6722928: Support SSPI as a native GSS-API provider
Weijun Wang
weijun.wang at oracle.com
Thu Jan 17 15:19:14 UTC 2019
Webrev updated at
https://cr.openjdk.java.net/~weijun/6722928/webrev.03
Changes since webrev.02:
- gss_name_struct, gss_ctx_id_struct, and gss_cred_id_struct defined and gssapi.h is updated to use them to define pointer types gss_name_t, gss_cred_id_t, and gss_ctx_id_t.
- small bug found in NativeFunc.h with the new types above defined.
- A bug found in NegTokenTarg.java. The responseToken field was duplicated as the mechListMIC field. I don't know the history but this could not be correct.
Others in sspi.cpp:
- debug output not on stderr.
- Since AcquireCredentialsHandle cannot return a useful timestamp, use the endTime in TGT.
- No more translation between krb5 token and SPNEGO token. SEC_WINNT_AUTH_IDENTITY_EX.PackageList is now used to only enable kerberos in SPNEGO. Thus gss_cred_id_struct contains 2 CredHandles now.
- Other fine tuning. For example, all functions and variables now start with lowercase letters.
Thanks
Max
More information about the security-dev
mailing list