pythongssapi / python-gssapi

A Python interface to RFC 2743/2744 (plus common extensions)
ISC License
104 stars 46 forks source link

Support DCE IOV functions on macOS #258

Closed jborean93 closed 3 years ago

jborean93 commented 3 years ago

The DCE IOV functions on macOS are not exported by any public header on the GSS.Framework. This PR defines some macros in the C file that when compiled against the GSS.Framework will alias the private symbols to the ones expected by GSSAPI. While the symbols are considered to be private they haven't changed across any macOS version since the introduction of GSS.Framework and the inclusion of ext_dce is still dependent on whether the symbol is present at compile time.

This allows users of this library on macOS to better interop with Windows SSPI message encryption which typically require the IOV wrapping functions that were previously unavailable.

This is round 2 from https://github.com/pythongssapi/python-gssapi/pull/210 but I'm a lot more happier with this approach as the macros are defined in the .c file for the sdist allowing this to work on macOS without requiring a wheel. It is also not relying on dlopen/dlsym at runtime to get the path to the GSS.Framework library which is a big plus.

jborean93 commented 3 years ago

Oh and the change https://github.com/pythongssapi/python-gssapi/pull/258/files#diff-60f61ab7a8d1910d86d9fda2261620314edcae5894d5aaa236b821c7256badd7R125 is unrelated but clang will emit warning saying this -framework ... is unused as compiler args. You only need this during the linking phase.

frozencemetery commented 3 years ago

clang will emit warning saying this -framework ... is unused as compiler args. You only need this during the linking phase.

Makes sense. Should be mentioned in the commit description (unless you think it warrants its own commit).

jborean93 commented 3 years ago

Should be mentioned in the commit description

I'll amend the commit to include this.

jborean93 commented 3 years ago

Thanks @frozencemetery for the review, I've incorporated the changes and have manually tested again and things work just fine.