From 97bd36c44627cb78585c5ddcd4d27bdd9e344755 Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Sat, 2 Mar 1996 08:02:16 +0000 Subject: [PATCH] k5mech.c (krb5_gss_get_context): Initialize the serializers here, instead of in export and import security context. This will speed things up a little. export_sec_context.c (krb5_gss_export_sec_context): import_sec_context.c (krb5_gss_import_sec_context): Don't create a serialization context just for importing/exporting credentials. Use the passed-in gssapi context. This speeds things up significantly. Assume the serializers are initialized in krb5_gss_get_context. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7582 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/krb5/ChangeLog | 16 ++- src/lib/gssapi/krb5/export_sec_context.c | 126 ++++++++++------------- src/lib/gssapi/krb5/import_sec_context.c | 80 ++++++-------- src/lib/gssapi/krb5/k5mech.c | 22 ++-- 4 files changed, 119 insertions(+), 125 deletions(-) diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index 6f6b86c3d..cef0f5033 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,16 @@ +Sat Mar 2 02:22:30 1996 Theodore Y. Ts'o + + * k5mech.c (krb5_gss_get_context): Initialize the serializers + here, instead of in export and import security context. + This will speed things up a little. + + * export_sec_context.c (krb5_gss_export_sec_context): + * import_sec_context.c (krb5_gss_import_sec_context): Don't create + a serialization context just for importing/exporting + credentials. Use the passed-in gssapi context. This + speeds things up significantly. Assume the serializers + are initialized in krb5_gss_get_context. + Tue Feb 27 17:53:22 1996 Theodore Y. Ts'o * accept_sec_context.c (krb5_gss_accept_sec_context): Remove dead @@ -11,7 +24,8 @@ Tue Feb 27 17:53:22 1996 Theodore Y. Ts'o Mon Feb 26 18:08:57 1996 Sam Hartman - * k5mech.c : do not declare kg_context static as it is declared in another file, and declared extern in a header. + * k5mech.c : do not declare kg_context static as it is declared in + another file, and declared extern in a header. Sat Feb 24 00:06:37 1996 Theodore Y. Ts'o diff --git a/src/lib/gssapi/krb5/export_sec_context.c b/src/lib/gssapi/krb5/export_sec_context.c index 6ebb1f9ce..180cc2ef5 100644 --- a/src/lib/gssapi/krb5/export_sec_context.c +++ b/src/lib/gssapi/krb5/export_sec_context.c @@ -35,93 +35,79 @@ krb5_gss_export_sec_context(ct, gss_ctx_id_t *context_handle; gss_buffer_t interprocess_token; { - krb5_context context = ct; + krb5_context ser_ctx = ct; krb5_error_code kret; OM_uint32 retval; - krb5_context ser_ctx; size_t bufsize, blen; krb5_gss_ctx_id_t *ctx; krb5_octet *obuffer, *obp; /* Assume a tragic failure */ - ser_ctx = (krb5_context) NULL; obuffer = (krb5_octet *) NULL; retval = GSS_S_FAILURE; *minor_status = 0; - /* Get a fresh Kerberos context */ - if (!(kret = krb5_init_context(&ser_ctx))) { - /* Initialize the serializers */ - if (!(kret = krb5_ser_context_init(ser_ctx)) && - !(kret = krb5_ser_auth_context_init(ser_ctx)) && - !(kret = krb5_ser_ccache_init(ser_ctx)) && - !(kret = krb5_ser_rcache_init(ser_ctx)) && - !(kret = krb5_ser_keytab_init(ser_ctx)) && - !(kret = kg_ser_context_init(ser_ctx))) { - if (kg_validate_ctx_id(*context_handle)) { - ctx = (krb5_gss_ctx_id_t *) *context_handle; - - /* Determine size needed for externalization of context */ - bufsize = 0; - if (!(kret = krb5_size_opaque(ser_ctx, - KG_CONTEXT, - (krb5_pointer) ctx, - &bufsize))) { - /* Allocate the buffer */ - if ((obuffer = (krb5_octet *) xmalloc(bufsize))) { - obp = obuffer; - blen = bufsize; - /* Externalize the context */ - if (!(kret = krb5_externalize_opaque(ser_ctx, - KG_CONTEXT, - (krb5_pointer)ctx, - &obp, - &blen))) { - /* Success! Return the buffer */ - interprocess_token->length = bufsize - blen; - interprocess_token->value = obuffer; - *minor_status = 0; - retval = GSS_S_COMPLETE; + if (!kg_validate_ctx_id(*context_handle)) { + kret = (OM_uint32) G_VALIDATE_FAILED; + retval = GSS_S_NO_CONTEXT; + goto error_out; + } - /* Now, clean up the context state */ - (void) kg_delete_ctx_id((gss_ctx_id_t) ctx); - if (ctx->enc.processed) - krb5_finish_key(context, - &ctx->enc.eblock); - krb5_free_keyblock(context, ctx->enc.key); - if (ctx->seq.processed) - krb5_finish_key(context, - &ctx->seq.eblock); - krb5_free_keyblock(context, ctx->seq.key); - krb5_free_principal(context, ctx->here); - krb5_free_principal(context, ctx->there); - krb5_free_keyblock(context, ctx->subkey); + ctx = (krb5_gss_ctx_id_t *) *context_handle; - if (ctx->auth_context) - krb5_auth_con_free(context, ctx->auth_context); + /* Determine size needed for externalization of context */ + bufsize = 0; + if ((kret = krb5_size_opaque(ser_ctx, KG_CONTEXT, (krb5_pointer) ctx, + &bufsize))) + goto error_out; - /* Zero out context */ - memset(ctx, 0, sizeof(*ctx)); - xfree(ctx); - *context_handle = GSS_C_NO_CONTEXT; - } - } - } - } - else { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - retval = GSS_S_NO_CONTEXT; - } - } - krb5_free_context(ser_ctx); + /* Allocate the buffer */ + if ((obuffer = (krb5_octet *) xmalloc(bufsize)) == NULL) { + kret = ENOMEM; + goto error_out; } - if (retval != GSS_S_COMPLETE) { - if (obuffer && bufsize) { + + obp = obuffer; + blen = bufsize; + /* Externalize the context */ + if ((kret = krb5_externalize_opaque(ser_ctx, KG_CONTEXT, + (krb5_pointer)ctx, &obp, &blen))) + goto error_out; + + /* Success! Return the buffer */ + interprocess_token->length = bufsize - blen; + interprocess_token->value = obuffer; + *minor_status = 0; + retval = GSS_S_COMPLETE; + + /* Now, clean up the context state */ + (void) kg_delete_ctx_id((gss_ctx_id_t) ctx); + if (ctx->enc.processed) + krb5_finish_key(ser_ctx, &ctx->enc.eblock); + krb5_free_keyblock(ser_ctx, ctx->enc.key); + if (ctx->seq.processed) + krb5_finish_key(ser_ctx, &ctx->seq.eblock); + krb5_free_keyblock(ser_ctx, ctx->seq.key); + krb5_free_principal(ser_ctx, ctx->here); + krb5_free_principal(ser_ctx, ctx->there); + krb5_free_keyblock(ser_ctx, ctx->subkey); + + if (ctx->auth_context) + krb5_auth_con_free(ser_ctx, ctx->auth_context); + + /* Zero out context */ + memset(ctx, 0, sizeof(*ctx)); + xfree(ctx); + *context_handle = GSS_C_NO_CONTEXT; + + return (GSS_S_COMPLETE); + +error_out: + if (obuffer && bufsize) { memset(obuffer, 0, bufsize); krb5_xfree(obuffer); - } - if (*minor_status == 0) - *minor_status = (OM_uint32) kret; } + if (*minor_status == 0) + *minor_status = (OM_uint32) kret; return(retval); } diff --git a/src/lib/gssapi/krb5/import_sec_context.c b/src/lib/gssapi/krb5/import_sec_context.c index 3f61f4624..d802ecdd0 100644 --- a/src/lib/gssapi/krb5/import_sec_context.c +++ b/src/lib/gssapi/krb5/import_sec_context.c @@ -35,66 +35,52 @@ krb5_gss_import_sec_context(ct, gss_buffer_t interprocess_token; gss_ctx_id_t *context_handle; { - krb5_context context = ct; - krb5_error_code kret; + krb5_context ser_ctx = ct; + krb5_error_code kret = 0; OM_uint32 retval; - krb5_context ser_ctx; size_t blen; krb5_gss_ctx_id_t *ctx; krb5_octet *ibp; /* Assume a tragic failure */ - ser_ctx = (krb5_context) NULL; ctx = (krb5_gss_ctx_id_t *) NULL; retval = GSS_S_FAILURE; *minor_status = 0; - /* Get a fresh Kerberos context */ - if (!(kret = krb5_init_context(&ser_ctx))) { - /* Initialize the serializers */ - if (!(kret = krb5_ser_context_init(ser_ctx)) && - !(kret = krb5_ser_auth_context_init(ser_ctx)) && - !(kret = krb5_ser_ccache_init(ser_ctx)) && - !(kret = krb5_ser_rcache_init(ser_ctx)) && - !(kret = krb5_ser_keytab_init(ser_ctx)) && - !(kret = kg_ser_context_init(ser_ctx))) { + /* Internalize the context */ + ibp = (krb5_octet *) interprocess_token->value; + blen = (size_t) interprocess_token->length; + if ((kret = krb5_internalize_opaque(ser_ctx, KG_CONTEXT, + (krb5_pointer *) &ctx, + &ibp, &blen))) + goto error_out; - /* Internalize the context */ - ibp = (krb5_octet *) interprocess_token->value; - blen = (size_t) interprocess_token->length; - if (!(kret = krb5_internalize_opaque(ser_ctx, - KG_CONTEXT, - (krb5_pointer *) &ctx, - &ibp, - &blen))) { - /* Make sure that everything is cool. */ - if (kg_validate_ctx_id((gss_ctx_id_t) ctx)) { - *context_handle = (gss_ctx_id_t) ctx; - retval = GSS_S_COMPLETE; - } - } - } - krb5_free_context(ser_ctx); - } - if (retval != GSS_S_COMPLETE) { - if (ctx) { - (void) kg_delete_ctx_id((gss_ctx_id_t) ctx); - if (ctx->enc.processed) - krb5_finish_key(context, &ctx->enc.eblock); - krb5_free_keyblock(context, ctx->enc.key); - if (ctx->seq.processed) - krb5_finish_key(context, &ctx->seq.eblock); - krb5_free_principal(context, ctx->here); - krb5_free_principal(context, ctx->there); - krb5_free_keyblock(context, ctx->subkey); + /* Make sure that everything is cool. */ + if (!kg_validate_ctx_id((gss_ctx_id_t) ctx)) + goto error_out; + + *context_handle = (gss_ctx_id_t) ctx; + + return (GSS_S_COMPLETE); + +error_out: + if (ctx) { + (void) kg_delete_ctx_id((gss_ctx_id_t) ctx); + if (ctx->enc.processed) + krb5_finish_key(ser_ctx, &ctx->enc.eblock); + krb5_free_keyblock(ser_ctx, ctx->enc.key); + if (ctx->seq.processed) + krb5_finish_key(ser_ctx, &ctx->seq.eblock); + krb5_free_principal(ser_ctx, ctx->here); + krb5_free_principal(ser_ctx, ctx->there); + krb5_free_keyblock(ser_ctx, ctx->subkey); - /* Zero out context */ - memset(ctx, 0, sizeof(*ctx)); - xfree(ctx); - } - if (*minor_status == 0) - *minor_status = (OM_uint32) kret; + /* Zero out context */ + memset(ctx, 0, sizeof(*ctx)); + xfree(ctx); } + if (*minor_status == 0) + *minor_status = (OM_uint32) kret; return(retval); } diff --git a/src/lib/gssapi/krb5/k5mech.c b/src/lib/gssapi/krb5/k5mech.c index 3855b96f0..ac3a2909a 100644 --- a/src/lib/gssapi/krb5/k5mech.c +++ b/src/lib/gssapi/krb5/k5mech.c @@ -85,15 +85,23 @@ void ** context; { if (context == NULL) return GSS_S_FAILURE; - - if (kg_context) + if (kg_context) { *context = kg_context; - else { - if (krb5_init_context(&kg_context)) - return GSS_S_FAILURE; - else - *context = kg_context; + return (GSS_S_COMPLETE); + } + if (krb5_init_context(&kg_context)) + return GSS_S_FAILURE; + if (krb5_ser_context_init(kg_context) || + krb5_ser_auth_context_init(kg_context) || + krb5_ser_ccache_init(kg_context) || + krb5_ser_rcache_init(kg_context) || + krb5_ser_keytab_init(kg_context) || + kg_ser_context_init(kg_context)) { + krb5_free_context(kg_context); + kg_context = 0; + return (GSS_S_FAILURE); } + *context = kg_context; return GSS_S_COMPLETE; } -- 2.26.2