[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Exporting gssapi context, take two

I've run into a couple of issues implementing the krb5_gss_set_allowable
_enctypes() function.

First, the call to gss_acquire_cred, to get the cred handle, is going 
through the mechglue layer which returns a handle to the mechglue's 
union_cred, not a Kerberos cred handle.  This requires a glue function 
for set_allowable_enctypes() to translate from the union_cred handle to 
the Kerberos handle.

Second, the easiest way to implement the glue function is to require 
another parameter for the mechanism.  Changing the signature as follows:

-krb5_gss_set_allowable_enctypes(OM_uint32 *minor_status, 
-				gss_cred_id_t cred,
-				OM_uint32 num_ktypes,
-				krb5_enctype *ktypes);

+gss_set_allowable_enctypes(OM_uint32 *minor_status, 
+			   gss_cred_id_t cred,
+			   gss_OID mechanism,
+			   OM_uint32 num_ktypes,
+			   void * *ktypes);

Any suggestions for a cleaner/clearer approach?