RFR 6722928: Support SSPI as a native GSS-API provider

Weijun Wang weijun.wang at oracle.com
Tue Jan 22 02:52:59 UTC 2019


Webrev updated again at

  https://cr.openjdk.java.net/~weijun/6722928/webrev.04/

This time I updated gssapi.h to make use of gss_const_xyz_t types. The types in NativeFunc.h and sspi.cpp are updated as well. (I wish there is an automatic tool to check the consistence).

Several Windows API calls (QueryContextAttributes, MakeSignature, VerifySignature, EncryptMessage, DecryptMessage) need an explicit cast (from const *p to *p) because they don't announce the pointer to be const, but I think it's safe.

No other change.

Thanks,
Max

> On Jan 18, 2019, at 3:04 AM, Nico Williams <Nico.Williams at twosigma.com> wrote:
> 
> On Thu, Jan 17, 2019 at 11:19:14PM +0800, Weijun Wang wrote:
>> Webrev updated at
>> 
>>   https://cr.openjdk.java.net/~weijun/6722928/webrev.03
>> 
>> Changes since webrev.02:
>> 
>> - gss_name_struct, gss_ctx_id_struct, and gss_cred_id_struct defined and
>>  gssapi.h is updated to use them to define pointer types gss_name_t,
>>  gss_cred_id_t, and gss_ctx_id_t.
> 
> Excellent.
> 
> And then you can actually define those structures and avoid casting these
> pointers' types.
> 
>> - No more translation between krb5 token and SPNEGO token.
>>  SEC_WINNT_AUTH_IDENTITY_EX.PackageList is now used to only enable kerberos
>>  in SPNEGO. Thus gss_cred_id_struct contains 2 CredHandles now.
> 
> Nice!  That's great.  Thanks so much for doing that.
> 
> I'll review this next week,
> 
> Nico
> -- 




More information about the security-dev mailing list