From: Sam Hartman Date: Sun, 18 Nov 2001 23:46:32 +0000 (+0000) Subject: When initiating GSSAPI context override tgs-enctypes X-Git-Tag: krb5-1.3-alpha1~951 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=6e67fcdfe9b6974c196929b33adff851cee0108e;p=krb5.git When initiating GSSAPI context override tgs-enctypes rather than trying all acceptable enctypes in a loop. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13989 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/include/ChangeLog b/src/include/ChangeLog index 9c1f3e6d3..8e8390573 100644 --- a/src/include/ChangeLog +++ b/src/include/ChangeLog @@ -1,3 +1,7 @@ +2001-11-18 Sam Hartman + + * krb5.hin: Add krb5_set_default_tgs_enctypes + 2001-11-15 Sam Hartman * krb5.hin: Add krb5_c_random_add_entropy and diff --git a/src/include/krb5.hin b/src/include/krb5.hin index cd27bdbdc..e94eaad91 100644 --- a/src/include/krb5.hin +++ b/src/include/krb5.hin @@ -1327,6 +1327,10 @@ krb5_error_code krb5_get_default_in_tkt_ktypes krb5_error_code krb5_set_default_tgs_ktypes (krb5_context, krb5_const krb5_enctype *); +krb5_error_code KRB5_CALLCONV +krb5_set_default_tgs_enctypes + (krb5_context, + krb5_const krb5_enctype *); krb5_error_code KRB5_CALLCONV krb5_get_tgs_ktypes (krb5_context, krb5_const_principal, diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index 5d6982149..4a6bd8e79 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,9 @@ +2001-11-18 Sam Hartman + + * init_sec_context.c (get_credentials): Override + default_tgs_enctypes rather than looping over credentials. Avoids + hits on the KDC. + 2001-10-30 Ezra Peisach * k5unseal.c: Fix whitespace in copyright message. diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index 6a88a4ebc..72e3ccfac 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -113,31 +113,11 @@ static krb5_error_code get_credentials(context, cred, server, now, in_creds.keyblock.enctype = 0; - /* - * Initial iteration is necessary to catch a non-matching - * credential prior to looping through the GSSAPI-supported - * enctypes, since an enctype mismatch in the loop below will - * return KRB5_CC_NOTFOUND rather than one of the other error - * codes. - */ - code = krb5_get_credentials(context, 0, cred->ccache, - &in_creds, out_creds); + code = krb5_set_default_tgs_enctypes (context, enctypes); if (code) - goto cleanup; - krb5_free_creds(context, *out_creds); - *out_creds = NULL; - for (i = 0; enctypes[i]; i++) { - in_creds.keyblock.enctype = enctypes[i]; - code = krb5_get_credentials(context, 0, cred->ccache, - &in_creds, out_creds); - if (code != KRB5_CC_NOT_KTYPE && code != KRB5_CC_NOTFOUND - && code != KRB5KDC_ERR_ETYPE_NOSUPP) - break; - } - if (enctypes[i] == 0) { - code = KRB5_CONFIG_ETYPE_NOSUPP; - goto cleanup; - } + goto cleanup; + code = krb5_get_credentials(context, 0, cred->ccache, + &in_creds, out_creds); if (code) goto cleanup; diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index 83558a028..1b91275b3 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,8 @@ +2001-11-16 Sam Hartman + + * init_ctx.c (krb5_set_default_tgs_enctypes): rename from + set_default_ktypes; old function provided as APIA + 2001-11-16 Ezra Peisach * init_ctx.c (DEFAULT_ETYPE_LIST): Ensure space present after diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c index 45af231f2..6d87c73ae 100644 --- a/src/lib/krb5/krb/init_ctx.c +++ b/src/lib/krb5/krb/init_ctx.c @@ -388,8 +388,8 @@ krb5_get_default_in_tkt_ktypes(context, ktypes) context->in_tkt_ktypes)); } -krb5_error_code -krb5_set_default_tgs_ktypes(context, ktypes) +krb5_error_code KRB5_CALLCONV +krb5_set_default_tgs_enctypes (context, ktypes) krb5_context context; const krb5_enctype *ktypes; { @@ -420,6 +420,13 @@ krb5_set_default_tgs_ktypes(context, ktypes) return 0; } +krb5_error_code krb5_set_default_tgs_ktypes +(krb5_context context, const krb5_enctype *etypes) +{ + return (krb5_set_default_tgs_enctypes (context, etypes)); +} + + void KRB5_CALLCONV krb5_free_ktypes (context, val)