+Sat Mar 2 02:22:30 1996 Theodore Y. Ts'o <tytso@dcl>
+
+ * k5mech.c (krb5_gss_get_context): Initialize the serializers
+ here, instead of in export and import security context.
+ This will speed things up a little.
+
+ * export_sec_context.c (krb5_gss_export_sec_context):
+ * import_sec_context.c (krb5_gss_import_sec_context): Don't create
+ a serialization context just for importing/exporting
+ credentials. Use the passed-in gssapi context. This
+ speeds things up significantly. Assume the serializers
+ are initialized in krb5_gss_get_context.
+
Tue Feb 27 17:53:22 1996 Theodore Y. Ts'o <tytso@dcl>
* accept_sec_context.c (krb5_gss_accept_sec_context): Remove dead
Mon Feb 26 18:08:57 1996 Sam Hartman <hartmans@tertius.mit.edu>
- * k5mech.c : do not declare kg_context static as it is declared in another file, and declared extern in a header.
+ * k5mech.c : do not declare kg_context static as it is declared in
+ another file, and declared extern in a header.
Sat Feb 24 00:06:37 1996 Theodore Y. Ts'o <tytso@dcl>
gss_ctx_id_t *context_handle;
gss_buffer_t interprocess_token;
{
- krb5_context context = ct;
+ krb5_context ser_ctx = ct;
krb5_error_code kret;
OM_uint32 retval;
- krb5_context ser_ctx;
size_t bufsize, blen;
krb5_gss_ctx_id_t *ctx;
krb5_octet *obuffer, *obp;
/* Assume a tragic failure */
- ser_ctx = (krb5_context) NULL;
obuffer = (krb5_octet *) NULL;
retval = GSS_S_FAILURE;
*minor_status = 0;
- /* Get a fresh Kerberos context */
- if (!(kret = krb5_init_context(&ser_ctx))) {
- /* Initialize the serializers */
- if (!(kret = krb5_ser_context_init(ser_ctx)) &&
- !(kret = krb5_ser_auth_context_init(ser_ctx)) &&
- !(kret = krb5_ser_ccache_init(ser_ctx)) &&
- !(kret = krb5_ser_rcache_init(ser_ctx)) &&
- !(kret = krb5_ser_keytab_init(ser_ctx)) &&
- !(kret = kg_ser_context_init(ser_ctx))) {
- if (kg_validate_ctx_id(*context_handle)) {
- ctx = (krb5_gss_ctx_id_t *) *context_handle;
-
- /* Determine size needed for externalization of context */
- bufsize = 0;
- if (!(kret = krb5_size_opaque(ser_ctx,
- KG_CONTEXT,
- (krb5_pointer) ctx,
- &bufsize))) {
- /* Allocate the buffer */
- if ((obuffer = (krb5_octet *) xmalloc(bufsize))) {
- obp = obuffer;
- blen = bufsize;
- /* Externalize the context */
- if (!(kret = krb5_externalize_opaque(ser_ctx,
- KG_CONTEXT,
- (krb5_pointer)ctx,
- &obp,
- &blen))) {
- /* Success! Return the buffer */
- interprocess_token->length = bufsize - blen;
- interprocess_token->value = obuffer;
- *minor_status = 0;
- retval = GSS_S_COMPLETE;
+ if (!kg_validate_ctx_id(*context_handle)) {
+ kret = (OM_uint32) G_VALIDATE_FAILED;
+ retval = GSS_S_NO_CONTEXT;
+ goto error_out;
+ }
- /* Now, clean up the context state */
- (void) kg_delete_ctx_id((gss_ctx_id_t) ctx);
- if (ctx->enc.processed)
- krb5_finish_key(context,
- &ctx->enc.eblock);
- krb5_free_keyblock(context, ctx->enc.key);
- if (ctx->seq.processed)
- krb5_finish_key(context,
- &ctx->seq.eblock);
- krb5_free_keyblock(context, ctx->seq.key);
- krb5_free_principal(context, ctx->here);
- krb5_free_principal(context, ctx->there);
- krb5_free_keyblock(context, ctx->subkey);
+ ctx = (krb5_gss_ctx_id_t *) *context_handle;
- if (ctx->auth_context)
- krb5_auth_con_free(context, ctx->auth_context);
+ /* Determine size needed for externalization of context */
+ bufsize = 0;
+ if ((kret = krb5_size_opaque(ser_ctx, KG_CONTEXT, (krb5_pointer) ctx,
+ &bufsize)))
+ goto error_out;
- /* Zero out context */
- memset(ctx, 0, sizeof(*ctx));
- xfree(ctx);
- *context_handle = GSS_C_NO_CONTEXT;
- }
- }
- }
- }
- else {
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- retval = GSS_S_NO_CONTEXT;
- }
- }
- krb5_free_context(ser_ctx);
+ /* Allocate the buffer */
+ if ((obuffer = (krb5_octet *) xmalloc(bufsize)) == NULL) {
+ kret = ENOMEM;
+ goto error_out;
}
- if (retval != GSS_S_COMPLETE) {
- if (obuffer && bufsize) {
+
+ obp = obuffer;
+ blen = bufsize;
+ /* Externalize the context */
+ if ((kret = krb5_externalize_opaque(ser_ctx, KG_CONTEXT,
+ (krb5_pointer)ctx, &obp, &blen)))
+ goto error_out;
+
+ /* Success! Return the buffer */
+ interprocess_token->length = bufsize - blen;
+ interprocess_token->value = obuffer;
+ *minor_status = 0;
+ retval = GSS_S_COMPLETE;
+
+ /* Now, clean up the context state */
+ (void) kg_delete_ctx_id((gss_ctx_id_t) ctx);
+ if (ctx->enc.processed)
+ krb5_finish_key(ser_ctx, &ctx->enc.eblock);
+ krb5_free_keyblock(ser_ctx, ctx->enc.key);
+ if (ctx->seq.processed)
+ krb5_finish_key(ser_ctx, &ctx->seq.eblock);
+ krb5_free_keyblock(ser_ctx, ctx->seq.key);
+ krb5_free_principal(ser_ctx, ctx->here);
+ krb5_free_principal(ser_ctx, ctx->there);
+ krb5_free_keyblock(ser_ctx, ctx->subkey);
+
+ if (ctx->auth_context)
+ krb5_auth_con_free(ser_ctx, ctx->auth_context);
+
+ /* Zero out context */
+ memset(ctx, 0, sizeof(*ctx));
+ xfree(ctx);
+ *context_handle = GSS_C_NO_CONTEXT;
+
+ return (GSS_S_COMPLETE);
+
+error_out:
+ if (obuffer && bufsize) {
memset(obuffer, 0, bufsize);
krb5_xfree(obuffer);
- }
- if (*minor_status == 0)
- *minor_status = (OM_uint32) kret;
}
+ if (*minor_status == 0)
+ *minor_status = (OM_uint32) kret;
return(retval);
}
gss_buffer_t interprocess_token;
gss_ctx_id_t *context_handle;
{
- krb5_context context = ct;
- krb5_error_code kret;
+ krb5_context ser_ctx = ct;
+ krb5_error_code kret = 0;
OM_uint32 retval;
- krb5_context ser_ctx;
size_t blen;
krb5_gss_ctx_id_t *ctx;
krb5_octet *ibp;
/* Assume a tragic failure */
- ser_ctx = (krb5_context) NULL;
ctx = (krb5_gss_ctx_id_t *) NULL;
retval = GSS_S_FAILURE;
*minor_status = 0;
- /* Get a fresh Kerberos context */
- if (!(kret = krb5_init_context(&ser_ctx))) {
- /* Initialize the serializers */
- if (!(kret = krb5_ser_context_init(ser_ctx)) &&
- !(kret = krb5_ser_auth_context_init(ser_ctx)) &&
- !(kret = krb5_ser_ccache_init(ser_ctx)) &&
- !(kret = krb5_ser_rcache_init(ser_ctx)) &&
- !(kret = krb5_ser_keytab_init(ser_ctx)) &&
- !(kret = kg_ser_context_init(ser_ctx))) {
+ /* Internalize the context */
+ ibp = (krb5_octet *) interprocess_token->value;
+ blen = (size_t) interprocess_token->length;
+ if ((kret = krb5_internalize_opaque(ser_ctx, KG_CONTEXT,
+ (krb5_pointer *) &ctx,
+ &ibp, &blen)))
+ goto error_out;
- /* Internalize the context */
- ibp = (krb5_octet *) interprocess_token->value;
- blen = (size_t) interprocess_token->length;
- if (!(kret = krb5_internalize_opaque(ser_ctx,
- KG_CONTEXT,
- (krb5_pointer *) &ctx,
- &ibp,
- &blen))) {
- /* Make sure that everything is cool. */
- if (kg_validate_ctx_id((gss_ctx_id_t) ctx)) {
- *context_handle = (gss_ctx_id_t) ctx;
- retval = GSS_S_COMPLETE;
- }
- }
- }
- krb5_free_context(ser_ctx);
- }
- if (retval != GSS_S_COMPLETE) {
- if (ctx) {
- (void) kg_delete_ctx_id((gss_ctx_id_t) ctx);
- if (ctx->enc.processed)
- krb5_finish_key(context, &ctx->enc.eblock);
- krb5_free_keyblock(context, ctx->enc.key);
- if (ctx->seq.processed)
- krb5_finish_key(context, &ctx->seq.eblock);
- krb5_free_principal(context, ctx->here);
- krb5_free_principal(context, ctx->there);
- krb5_free_keyblock(context, ctx->subkey);
+ /* Make sure that everything is cool. */
+ if (!kg_validate_ctx_id((gss_ctx_id_t) ctx))
+ goto error_out;
+
+ *context_handle = (gss_ctx_id_t) ctx;
+
+ return (GSS_S_COMPLETE);
+
+error_out:
+ if (ctx) {
+ (void) kg_delete_ctx_id((gss_ctx_id_t) ctx);
+ if (ctx->enc.processed)
+ krb5_finish_key(ser_ctx, &ctx->enc.eblock);
+ krb5_free_keyblock(ser_ctx, ctx->enc.key);
+ if (ctx->seq.processed)
+ krb5_finish_key(ser_ctx, &ctx->seq.eblock);
+ krb5_free_principal(ser_ctx, ctx->here);
+ krb5_free_principal(ser_ctx, ctx->there);
+ krb5_free_keyblock(ser_ctx, ctx->subkey);
- /* Zero out context */
- memset(ctx, 0, sizeof(*ctx));
- xfree(ctx);
- }
- if (*minor_status == 0)
- *minor_status = (OM_uint32) kret;
+ /* Zero out context */
+ memset(ctx, 0, sizeof(*ctx));
+ xfree(ctx);
}
+ if (*minor_status == 0)
+ *minor_status = (OM_uint32) kret;
return(retval);
}