[1500] in Kerberos-V5-bugs
Question for the Kerberos Implementors
daemon@ATHENA.MIT.EDU (Dan Nessett)
Tue Jun 27 18:15:42 1995
Date: Tue, 27 Jun 1995 15:14:31 -0700 (PDT)
From: Danny.Nessett@Eng.Sun.COM (Dan Nessett)
To: krb5-bugs@MIT.EDU
After a reading from the implementor, I am filing this as a bug.
Dan
----- Begin Included Message -----
From nessett Wed Jun 21 08:50:12 1995
To: kerberos@MIT.EDU
Subject: Question for the Kerberos Implementors
The Kerberos V5 implementation has two programming interfaces, the native
interface and a GSS-API interface. It appears from the gssapi interface code
that the implementors have striven to strictly layer gssapi over the Kerberos
native code. Specifically, in the directory
src/lib/gssapi
there are two subdirectories, krb5 and generic. krb5 holds the gssapi
implementation that specifically depends on the underlying Kerberos software,
while generic holds code that does not call any Kerberos functionality.
This organization has made it possible to use the krb5 internal routines,
which are of the form krb5_gss_<rest of gssapi routine name>, in a
multi-mechanism glue layer library that exports the gssapi interface.
However, it isn't clear whether strict separation of this functionality
is a design goal or is just a reflection of multiple implementors working on
the same software. If it is the former, then there is a problem within
src/lib/gssapi/krb5/inquire_cred.c in the routine krb5_gss_inquire_cred()
In it is the following code :
if (name) {
if (! kg_save_name((gss_name_t) ret_name)) {
(void)gss_release_oid_set(minor_status, &mechs);
krb5_free_principal(ret_name);
*minor_status = G_VALIDATE_FAILED;
return(GSS_S_FAILURE);
}
Here gss_release_oid_set() is called instead of the "internal" entry point
generic_gss_release_oid_set(). This is causing the object file krb5_gss_glue.o
to be called in by the linker, which holds all of the gss_ routine entry
points. As a result, I am getting multiple definition errors during the
link stage. This problem can be easily fixed by changing the reference to
generic_gss_release_oid_set().
Could I have a reading from the implementors on the layering objectives for
the Kerberos V5 code? If this is a bug, I will file it at
krb5-bugs@mit.edu
Thanks,
Dan
----- End Included Message -----
