k5mech.c (krb5_gss_get_context): Initialize the serializers here,
authorTheodore Tso <tytso@mit.edu>
Sat, 2 Mar 1996 08:02:16 +0000 (08:02 +0000)
committerTheodore Tso <tytso@mit.edu>
Sat, 2 Mar 1996 08:02:16 +0000 (08:02 +0000)
instead of in export and import security context.  This will speed
things up a little.

export_sec_context.c (krb5_gss_export_sec_context):
import_sec_context.c (krb5_gss_import_sec_context): Don't create
a serialization context just for importing/exporting credentials.
Use the passed-in gssapi context.  This speeds things up
significantly.  Assume the serializers are initialized in
krb5_gss_get_context.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7582 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/gssapi/krb5/ChangeLog
src/lib/gssapi/krb5/export_sec_context.c
src/lib/gssapi/krb5/import_sec_context.c
src/lib/gssapi/krb5/k5mech.c

index 6f6b86c3d48bfd13d5e0625aa06f9b3f82acd86b..cef0f50334699de45bd6e852f46ddc0acc093f07 100644 (file)
@@ -1,3 +1,16 @@
+Sat Mar  2 02:22:30 1996  Theodore Y. Ts'o  <tytso@dcl>
+
+       * k5mech.c (krb5_gss_get_context): Initialize the serializers
+               here, instead of in export and import security context.
+               This will speed things up a little.
+
+       * export_sec_context.c (krb5_gss_export_sec_context): 
+       * import_sec_context.c (krb5_gss_import_sec_context): Don't create
+               a serialization context just for importing/exporting
+               credentials.  Use the passed-in gssapi context.  This
+               speeds things up significantly.  Assume the serializers
+               are initialized in krb5_gss_get_context.
+
 Tue Feb 27 17:53:22 1996  Theodore Y. Ts'o  <tytso@dcl>
 
        * accept_sec_context.c (krb5_gss_accept_sec_context): Remove dead
@@ -11,7 +24,8 @@ Tue Feb 27 17:53:22 1996  Theodore Y. Ts'o  <tytso@dcl>
 
 Mon Feb 26 18:08:57 1996  Sam Hartman  <hartmans@tertius.mit.edu>
 
-       * k5mech.c : do not declare kg_context static as it is declared in another file, and declared extern in a header.
+       * k5mech.c : do not declare kg_context static as it is declared in
+               another file, and declared extern in a header.
 
 Sat Feb 24 00:06:37 1996  Theodore Y. Ts'o  <tytso@dcl>
 
index 6ebb1f9cea5895a644b83346977bbd7fba8f30b6..180cc2ef597204ee1754ee0f395cfa5f9ce26db1 100644 (file)
@@ -35,93 +35,79 @@ krb5_gss_export_sec_context(ct,
     gss_ctx_id_t       *context_handle;
     gss_buffer_t       interprocess_token;
 {
-    krb5_context       context = ct;
+    krb5_context       ser_ctx = ct;
     krb5_error_code    kret;
     OM_uint32          retval;
-    krb5_context       ser_ctx;
     size_t             bufsize, blen;
     krb5_gss_ctx_id_t  *ctx;
     krb5_octet         *obuffer, *obp;
 
     /* Assume a tragic failure */
-    ser_ctx = (krb5_context) NULL;
     obuffer = (krb5_octet *) NULL;
     retval = GSS_S_FAILURE;
     *minor_status = 0;
 
-    /* Get a fresh Kerberos context */
-    if (!(kret = krb5_init_context(&ser_ctx))) {
-       /* Initialize the serializers */
-       if (!(kret = krb5_ser_context_init(ser_ctx)) &&
-           !(kret = krb5_ser_auth_context_init(ser_ctx)) &&
-           !(kret = krb5_ser_ccache_init(ser_ctx)) &&
-           !(kret = krb5_ser_rcache_init(ser_ctx)) &&
-           !(kret = krb5_ser_keytab_init(ser_ctx)) &&
-           !(kret = kg_ser_context_init(ser_ctx))) {
-           if (kg_validate_ctx_id(*context_handle)) {
-               ctx = (krb5_gss_ctx_id_t *) *context_handle;
-
-               /* Determine size needed for externalization of context */
-               bufsize = 0;
-               if (!(kret = krb5_size_opaque(ser_ctx,
-                                             KG_CONTEXT,
-                                             (krb5_pointer) ctx,
-                                             &bufsize))) {
-                   /* Allocate the buffer */
-                   if ((obuffer = (krb5_octet *) xmalloc(bufsize))) {
-                       obp = obuffer;
-                       blen = bufsize;
-                       /* Externalize the context */
-                       if (!(kret = krb5_externalize_opaque(ser_ctx,
-                                                            KG_CONTEXT,
-                                                            (krb5_pointer)ctx,
-                                                            &obp,
-                                                            &blen))) {
-                           /* Success!  Return the buffer */
-                           interprocess_token->length = bufsize - blen;
-                           interprocess_token->value = obuffer;
-                           *minor_status = 0;
-                           retval = GSS_S_COMPLETE;
+    if (!kg_validate_ctx_id(*context_handle)) {
+           kret = (OM_uint32) G_VALIDATE_FAILED;
+           retval = GSS_S_NO_CONTEXT;
+           goto error_out;
+    }
 
-                           /* Now, clean up the context state */
-                           (void) kg_delete_ctx_id((gss_ctx_id_t) ctx);
-                           if (ctx->enc.processed)
-                               krb5_finish_key(context,
-                                               &ctx->enc.eblock);
-                           krb5_free_keyblock(context, ctx->enc.key);
-                           if (ctx->seq.processed)
-                               krb5_finish_key(context,
-                                               &ctx->seq.eblock);
-                           krb5_free_keyblock(context, ctx->seq.key);
-                           krb5_free_principal(context, ctx->here);
-                           krb5_free_principal(context, ctx->there);
-                           krb5_free_keyblock(context, ctx->subkey);
+    ctx = (krb5_gss_ctx_id_t *) *context_handle;
 
-                           if (ctx->auth_context)
-                               krb5_auth_con_free(context, ctx->auth_context);
+    /* Determine size needed for externalization of context */
+    bufsize = 0;
+    if ((kret = krb5_size_opaque(ser_ctx, KG_CONTEXT, (krb5_pointer) ctx,
+                                 &bufsize)))
+           goto error_out;
 
-                           /* Zero out context */
-                           memset(ctx, 0, sizeof(*ctx));
-                           xfree(ctx);
-                           *context_handle = GSS_C_NO_CONTEXT;
-                       }
-                   }
-               }
-           }
-           else {
-               *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-               retval = GSS_S_NO_CONTEXT;
-           }
-       }
-       krb5_free_context(ser_ctx);
+    /* Allocate the buffer */
+    if ((obuffer = (krb5_octet *) xmalloc(bufsize)) == NULL) {
+           kret = ENOMEM;
+           goto error_out;
     }
-    if (retval != GSS_S_COMPLETE) {
-       if (obuffer && bufsize) {
+
+    obp = obuffer;
+    blen = bufsize;
+    /* Externalize the context */
+    if ((kret = krb5_externalize_opaque(ser_ctx, KG_CONTEXT,
+                                       (krb5_pointer)ctx, &obp, &blen)))
+           goto error_out;
+
+    /* Success!  Return the buffer */
+    interprocess_token->length = bufsize - blen;
+    interprocess_token->value = obuffer;
+    *minor_status = 0;
+    retval = GSS_S_COMPLETE;
+
+    /* Now, clean up the context state */
+    (void) kg_delete_ctx_id((gss_ctx_id_t) ctx);
+    if (ctx->enc.processed)
+           krb5_finish_key(ser_ctx, &ctx->enc.eblock);
+    krb5_free_keyblock(ser_ctx, ctx->enc.key);
+    if (ctx->seq.processed)
+           krb5_finish_key(ser_ctx, &ctx->seq.eblock);
+    krb5_free_keyblock(ser_ctx, ctx->seq.key);
+    krb5_free_principal(ser_ctx, ctx->here);
+    krb5_free_principal(ser_ctx, ctx->there);
+    krb5_free_keyblock(ser_ctx, ctx->subkey);
+
+    if (ctx->auth_context)
+           krb5_auth_con_free(ser_ctx, ctx->auth_context);
+
+    /* Zero out context */
+    memset(ctx, 0, sizeof(*ctx));
+    xfree(ctx);
+    *context_handle = GSS_C_NO_CONTEXT;
+
+    return (GSS_S_COMPLETE);
+
+error_out:
+    if (obuffer && bufsize) {
            memset(obuffer, 0, bufsize);
            krb5_xfree(obuffer);
-       }
-       if (*minor_status == 0) 
-           *minor_status = (OM_uint32) kret;
     }
+    if (*minor_status == 0) 
+           *minor_status = (OM_uint32) kret;
     return(retval);
 }
index 3f61f462472c2b5fc2588e3fea5bd2b35912d797..d802ecdd00bdc9d0e9b26e6b998cf271dec819a0 100644 (file)
@@ -35,66 +35,52 @@ krb5_gss_import_sec_context(ct,
     gss_buffer_t       interprocess_token;
     gss_ctx_id_t       *context_handle;
 {
-    krb5_context       context = ct;
-    krb5_error_code    kret;
+    krb5_context       ser_ctx = ct;
+    krb5_error_code    kret = 0;
     OM_uint32          retval;
-    krb5_context       ser_ctx;
     size_t             blen;
     krb5_gss_ctx_id_t  *ctx;
     krb5_octet         *ibp;
 
     /* Assume a tragic failure */
-    ser_ctx = (krb5_context) NULL;
     ctx = (krb5_gss_ctx_id_t *) NULL;
     retval = GSS_S_FAILURE;
     *minor_status = 0;
 
-    /* Get a fresh Kerberos context */
-    if (!(kret = krb5_init_context(&ser_ctx))) {
-       /* Initialize the serializers */
-       if (!(kret = krb5_ser_context_init(ser_ctx)) &&
-           !(kret = krb5_ser_auth_context_init(ser_ctx)) &&
-           !(kret = krb5_ser_ccache_init(ser_ctx)) &&
-           !(kret = krb5_ser_rcache_init(ser_ctx)) &&
-           !(kret = krb5_ser_keytab_init(ser_ctx)) &&
-           !(kret = kg_ser_context_init(ser_ctx))) {
+    /* Internalize the context */
+    ibp = (krb5_octet *) interprocess_token->value;
+    blen = (size_t) interprocess_token->length;
+    if ((kret = krb5_internalize_opaque(ser_ctx, KG_CONTEXT,
+                                       (krb5_pointer *) &ctx,
+                                       &ibp, &blen)))
+       goto error_out;
 
-           /* Internalize the context */
-           ibp = (krb5_octet *) interprocess_token->value;
-           blen = (size_t) interprocess_token->length;
-           if (!(kret = krb5_internalize_opaque(ser_ctx,
-                                                KG_CONTEXT,
-                                                (krb5_pointer *) &ctx,
-                                                &ibp,
-                                                &blen))) {
 
-               /* Make sure that everything is cool. */
-               if (kg_validate_ctx_id((gss_ctx_id_t) ctx)) {
-                   *context_handle = (gss_ctx_id_t) ctx;
-                   retval = GSS_S_COMPLETE;
-               }
-           }
-       }
-       krb5_free_context(ser_ctx);
-    }
-    if (retval != GSS_S_COMPLETE) {
-       if (ctx) {
-           (void) kg_delete_ctx_id((gss_ctx_id_t) ctx);
-           if (ctx->enc.processed)
-               krb5_finish_key(context, &ctx->enc.eblock);
-           krb5_free_keyblock(context, ctx->enc.key);
-           if (ctx->seq.processed)
-               krb5_finish_key(context, &ctx->seq.eblock);
-           krb5_free_principal(context, ctx->here);
-           krb5_free_principal(context, ctx->there);
-           krb5_free_keyblock(context, ctx->subkey);
+    /* Make sure that everything is cool. */
+    if (!kg_validate_ctx_id((gss_ctx_id_t) ctx))
+       goto error_out;
+    
+    *context_handle = (gss_ctx_id_t) ctx;
+
+    return (GSS_S_COMPLETE);
+
+error_out:
+    if (ctx) {
+       (void) kg_delete_ctx_id((gss_ctx_id_t) ctx);
+       if (ctx->enc.processed)
+           krb5_finish_key(ser_ctx, &ctx->enc.eblock);
+       krb5_free_keyblock(ser_ctx, ctx->enc.key);
+       if (ctx->seq.processed)
+           krb5_finish_key(ser_ctx, &ctx->seq.eblock);
+       krb5_free_principal(ser_ctx, ctx->here);
+       krb5_free_principal(ser_ctx, ctx->there);
+       krb5_free_keyblock(ser_ctx, ctx->subkey);
            
-           /* Zero out context */
-           memset(ctx, 0, sizeof(*ctx));
-           xfree(ctx);
-       }
-       if (*minor_status == 0)
-           *minor_status = (OM_uint32) kret;
+       /* Zero out context */
+       memset(ctx, 0, sizeof(*ctx));
+       xfree(ctx);
     }
+    if (*minor_status == 0)
+       *minor_status = (OM_uint32) kret;
     return(retval);
 }
index 3855b96f099f69d4e5048ef7ed281c7a774f7bf4..ac3a2909a908b2ab6e5470c4839a57ed7883ec78 100644 (file)
@@ -85,15 +85,23 @@ void **     context;
 {
     if (context == NULL)
        return GSS_S_FAILURE;
-
-    if (kg_context) 
+    if (kg_context) {
        *context = kg_context;
-    else {
-       if (krb5_init_context(&kg_context))
-           return GSS_S_FAILURE;
-       else
-           *context = kg_context;
+       return (GSS_S_COMPLETE);
+    }
+    if (krb5_init_context(&kg_context))
+       return GSS_S_FAILURE;
+    if (krb5_ser_context_init(kg_context) ||
+       krb5_ser_auth_context_init(kg_context) ||
+       krb5_ser_ccache_init(kg_context) ||
+       krb5_ser_rcache_init(kg_context) ||
+       krb5_ser_keytab_init(kg_context) ||
+       kg_ser_context_init(kg_context)) {
+       krb5_free_context(kg_context);
+       kg_context = 0;
+       return (GSS_S_FAILURE);
     }
+    *context = kg_context;
     return GSS_S_COMPLETE;
 }