[2478] in Kerberos-V5-bugs
krb5-libs/210: minor improvement to gss_acquire_cred
daemon@ATHENA.MIT.EDU (bjaspan@MIT.EDU)
Wed Nov 20 14:57:48 1996
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: krb5-unassigned@RT-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, bjaspan@MIT.EDU
Date: Wed, 20 Nov 1996 19:56:43 GMT
From: bjaspan@MIT.EDU
Reply-To: bjaspan@MIT.EDU
To: krb5-bugs@MIT.EDU
>Number: 210
>Category: krb5-libs
>Synopsis: minor improvement to gss_acquire_cred
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Nov 20 14:57:01 EST 1996
>Last-Modified:
>Originator: Barry Jaspan
>Organization:
mit
>Release: 1.0-development
>Environment:
System: IRIX beeblebrox 5.3 11091812 IP22 mips
>Description:
The following patch changes the krb5 gss_acquire_cred to use
krb5_kt_get_entry instead of iterating through the entire keytab
looking for a matching principal. The latter is more efficient. This
is not a necessary fix for 1.0.
Index: acquire_cred.c
===================================================================
RCS file: /mit/krbdev/.cvsroot/src/lib/gssapi/krb5/acquire_cred.c,v
retrieving revision 1.18
diff -c -r1.18 acquire_cred.c
*** acquire_cred.c 1996/10/10 17:51:42 1.18
--- acquire_cred.c 1996/11/20 17:43:02
***************
*** 77,119 ****
princ = (krb5_principal) desired_name;
}
! /* iterate over the keytab searching for the principal */
!
! if (code = krb5_kt_start_seq_get(context, kt, &cur)) {
! (void) krb5_kt_close(context, kt);
! *minor_status = code;
! return(GSS_S_FAILURE);
! }
!
! while (!(code = krb5_kt_next_entry(context, kt, &entry, &cur))) {
! if (krb5_principal_compare(context, entry.principal, princ)) {
! code = 0;
! krb5_kt_free_entry(context, &entry);
! break;
! }
! krb5_kt_free_entry(context, &entry);
! }
!
! if (code == KRB5_KT_END) {
! /* this means that the principal wasn't in the keytab */
! (void)krb5_kt_end_seq_get(context, kt, &cur);
! (void) krb5_kt_close(context, kt);
! *minor_status = KG_KEYTAB_NOMATCH;
! return(GSS_S_CRED_UNAVAIL);
! } else if (code) {
! /* this means some error occurred reading the keytab */
! (void)krb5_kt_end_seq_get(context, kt, &cur);
! (void) krb5_kt_close(context, kt);
! *minor_status = code;
! return(GSS_S_FAILURE);
! } else {
! /* this means that we found a matching entry */
! if (code = krb5_kt_end_seq_get(context, kt, &cur)) {
! (void) krb5_kt_close(context, kt);
! *minor_status = code;
! return(GSS_S_FAILURE);
! }
}
/* hooray. we made it */
--- 77,91 ----
princ = (krb5_principal) desired_name;
}
! if (code = krb5_kt_get_entry(context, kt, princ, 0, 0, &entry)) {
! (void) krb5_kt_close(context, kt);
! if (code == KRB5_KT_NOTFOUND)
! *minor_status = KG_KEYTAB_NOMATCH;
! else
! *minor_status = code;
! return(GSS_S_CRED_UNAVAIL);
}
+ krb5_kt_free_entry(context, &entry);
/* hooray. we made it */
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Unformatted:
