OpenGrok

Cross Reference: libgss
xref: /onnv/onnv-gate/usr/src/lib/libgss
Home | History | Annotate | only in /onnv/onnv-gate/usr/src/lib/libgss
Up to higher level directory
NameDateSize
amd64/29-Oct-2010
g_accept_sec_context.c29-Oct-20109.6K
g_acquire_cred.c29-Oct-201013.8K
g_acquire_cred_with_pw.c29-Oct-201011.5K
g_buffer_set.c29-Oct-20102K
g_canon_name.c29-Oct-20105.4K
g_compare_name.c29-Oct-20106.1K
g_context_time.c29-Oct-20102K
g_delete_sec_context.c29-Oct-20102.5K
g_dsp_name.c29-Oct-20103.6K
g_dsp_status.c29-Oct-201010K
g_dup_name.c29-Oct-20104.1K
g_exp_sec_context.c29-Oct-20103.5K
g_export_name.c29-Oct-20102K
g_glue.c29-Oct-201018.7K
g_imp_name.c29-Oct-201010.5K
g_imp_sec_context.c29-Oct-20103.9K
g_init_sec_context.c29-Oct-20106K
g_initialize.c29-Oct-201023.1K
g_inq_context_oid.c29-Oct-20102.5K
g_inquire_context.c29-Oct-20103.6K
g_inquire_cred.c29-Oct-20107.2K
g_inquire_names.c29-Oct-20104.4K
g_oid_ops.c29-Oct-20102.8K
g_process_context.c29-Oct-20102.1K
g_rel_buffer.c29-Oct-20101.5K
g_rel_cred.c29-Oct-20102.6K
g_rel_name.c29-Oct-20102.1K
g_rel_oid_set.c29-Oct-20101.6K
g_seal.c29-Oct-20104.6K
g_sign.c29-Oct-20102.9K
g_store_cred.c29-Oct-20105.4K
g_unseal.c29-Oct-20103K
g_userok.c29-Oct-20103.1K
g_utils.c29-Oct-20106.7K
g_verify.c29-Oct-20102.5K
gssd_pname_to_uid.c29-Oct-201013.3K
i386/29-Oct-2010
inc.flg29-Oct-20101K
llib-lgss29-Oct-20101K
Makefile29-Oct-20102.4K
Makefile.com29-Oct-20107.5K
mapfile-vers29-Oct-20103.4K
oid_ops.c29-Oct-201013.1K
README.spi29-Oct-20104.7K
req.flg29-Oct-20101.1K
sparc/29-Oct-2010
sparcv9/29-Oct-2010
THIRDPARTYLICENSE29-Oct-20102.1K
THIRDPARTYLICENSE.descrip29-Oct-201038

README.spi

      1 
      2  CDDL HEADER START
      3 
      4  The contents of this file are subject to the terms of the
      5  Common Development and Distribution License (the "License").
      6  You may not use this file except in compliance with the License.
      7 
      8  You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
      9  or http://www.opensolaris.org/os/licensing.
     10  See the License for the specific language governing permissions
     11  and limitations under the License.
     12 
     13  When distributing Covered Code, include this CDDL HEADER in each
     14  file and include the License file at usr/src/OPENSOLARIS.LICENSE.
     15  If applicable, add the following below this CDDL HEADER, with the
     16  fields enclosed by brackets "[]" replaced with your own identifying
     17  information: Portions Copyright [yyyy] [name of copyright owner]
     18 
     19  CDDL HEADER END
     20 
     21  Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
     22  Use is subject to license terms.
     23 
     24 
     25 	The Service Provider Interface for libgss and its Mechanisms
     26 	------------------------------------------------------------
     27 
     28 1.  The libgss SPI upto 11/2004
     29 
     30     Prior to PSARC 2004/810 the libgss SPI consisted of a function
     31     provided by each mechanism whose return value is a pointer to a
     32     structure full of references to the mechanism's entry points
     33     (hereinafter: methods).
     34 
     35     This structure does not include any hooks for versioning, which
     36     means that additions of any mechanism methods at micro/patch
     37     releases require patching libgss.so.1 and all the GSS mechanisms
     38     shipped with Solaris (Kerberos V, DH, SPNEGO).
     39 
     40 2.  The libgss SPI after PSARC 2004/810
     41 
     42     In order to avoid changing the gss_config struct and patching all
     43     three mechanisms (four, if the dummy mech counts) and libgss
     44     together and in anticipation of a cleaner SPI in the future (see
     45     next section) the SPI after PSARC 2004/810 will be as before but
     46     supplemented as follows:
     47 
     48      - any new SPI mechanism methods will NOT be placed in gss_config,
     49        instead there is a new gss_config_ext structure, which is to be
     50        used _only_ by libgss (to avoid struct versioning and/or patch
     51        issues), which should be extended to have a pointer to the new
     52        method;
     53 
     54      - there is a new libgss function, __gss_get_mechanism_ext(), which
     55        is used to get at the gss_config_ext for a mechanism;
     56 
     57      - __gss_get_mechanism_ext() uses dlsym() to build the
     58        gss_config_ext struct for the mech by individually loading each
     59        and every mechanism method that isn't part of the old gss_config
     60        struct -- this happens only once per-method, of course; the
     61        result is cached.
     62 
     63        The symbol names that are dlsym()ed are of the form gssspi_* and
     64        correspond to gss_*; e.g., gssspi_acquire_cred_with_password().
     65 
     66        New methods also have a corresponding typedef named
     67        <gss_func>_sfct -- the 's' in 'sfct' is for "SPI" and the 'fct'
     68        is for "function."  This is used to keep cast expressions short.
     69 
     70 3.  The Future libgss SPI
     71 
     72     Once the Solaris krb5 source is resync'ed with MIT krb5 1.4 there
     73     will be no further need for the 'void *context' argument to all the
     74     libgss mechanisms' methods.
     75 
     76     At that point it will be possible to remove this 'void *context'
     77     argument from all the libgss SPI function prototypes, the main
     78     result of which will be that the mechanisms' methods will then have
     79     the same function signature as the corresponding GSS-API functions.
     80 
     81     We can then rename all mechanisms' methods from <mech>_<gss-func> to
     82     <gss-func>.  The corresponding typedefs will be renamed to
     83     <gss-func>_fct.
     84 
     85     The SPI, then, will be almost exactly the same as the API.
     86 
     87     There will be some minor differences, primarily that some API
     88     functions won't have a corresponding SPI method, such as
     89     gss_release_buffer(3GSS), for example.
     90 
     91     Some time later we may open the SPI to third party implementors;
     92     this could be particularly useful as a way to get access to 3rd
     93     party implementations of SPKM and LIPKEY (assuming any ever exist --
     94     SPKM's is a very problematic specification).
     95 
     96     Third party mechanisms should just export all the symbols for the
     97     GSS-API functions, like MIT krb5 does, but functions which libgss
     98     won't call (e.g., gss_release_buffer(3GSS)) should either not be
     99     implemented or should be weak symbols.
    100 
    101     Solaris native mechanisms may still provide the mechanism method
    102     registration function as usual for optimization purposes -- to
    103     reduce the number of calls to dlsym().
    104 
    105     Mechanisms that do not provide the old method registration function
    106     will be loaded as follows:
    107 
    108      - libgss will look for and find the mechanism's
    109        GSS_Indicate_mechs() method and will call it to discover the
    110        mechanism provider's mechanism OIDs.
    111 
    112      - libgss will dlsym() each mechanism provider SPI method.
    113