From: Jeff Layton <jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
To: linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Cc: samba-technical-w/Ol4Ecudpl8XjKLYN78aQ@public.gmane.org,
jfdey-rEd9KcVInK8dYYaOPf09RA@public.gmane.org
Subject: [cifs-utils PATCHv2 3/6] cifs.upcall: make the krb5_context a static global variable
Date: Thu, 25 Aug 2016 10:17:42 -0400 [thread overview]
Message-ID: <1472134665-4014-4-git-send-email-jlayton@samba.org> (raw)
In-Reply-To: <1472134665-4014-1-git-send-email-jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
There's no need to keep initing a new context for every function. Just
do it once and reuse as needed.
Signed-off-by: Jeff Layton <jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
---
cifs.upcall.c | 61 ++++++++++++++++-------------------------------------------
1 file changed, 16 insertions(+), 45 deletions(-)
diff --git a/cifs.upcall.c b/cifs.upcall.c
index d0f6d089d8e1..8448d00f6061 100644
--- a/cifs.upcall.c
+++ b/cifs.upcall.c
@@ -52,7 +52,9 @@
#include "spnego.h"
#include "cifs_spnego.h"
-static const char *prog = "cifs.upcall";
+static krb5_context context;
+static const char *prog = "cifs.upcall";
+
typedef enum _sectype {
NONE = 0,
KRB5,
@@ -69,9 +71,7 @@ typedef enum _sectype {
* @return pointer to the realm
*
*/
-
-static char *cifs_krb5_principal_get_realm(krb5_context context __attribute__ ((unused)),
- krb5_principal principal)
+static char *cifs_krb5_principal_get_realm(krb5_principal principal)
{
#ifdef HAVE_KRB5_PRINCIPAL_GET_REALM /* Heimdal */
return krb5_principal_get_realm(context, principal);
@@ -104,7 +104,6 @@ krb5_auth_con_getsendsubkey(krb5_context context,
/* does the ccache have a valid TGT? */
static time_t get_tgt_time(const char *ccname)
{
- krb5_context context;
krb5_ccache ccache;
krb5_cc_cursor cur;
krb5_creds creds;
@@ -112,11 +111,6 @@ static time_t get_tgt_time(const char *ccname)
time_t credtime = 0;
char *realm = NULL;
- if (krb5_init_context(&context)) {
- syslog(LOG_DEBUG, "%s: unable to init krb5 context", __func__);
- return 0;
- }
-
if (krb5_cc_resolve(context, ccname, &ccache)) {
syslog(LOG_DEBUG, "%s: unable to resolve krb5 cache", __func__);
goto err_cache;
@@ -137,7 +131,7 @@ static time_t get_tgt_time(const char *ccname)
goto err_ccstart;
}
- if ((realm = cifs_krb5_principal_get_realm(context, principal)) == NULL) {
+ if ((realm = cifs_krb5_principal_get_realm(principal)) == NULL) {
syslog(LOG_DEBUG, "%s: unable to get realm", __func__);
goto err_ccstart;
}
@@ -168,34 +162,23 @@ err_princ:
#endif
krb5_cc_close(context, ccache);
err_cache:
- krb5_free_context(context);
return credtime;
}
static char *
get_default_cc(void)
{
- krb5_error_code ret;
const char *ccname;
char *rcc = NULL;
- krb5_context context = NULL;
-
- ret = krb5_init_context(&context);
- if (ret) {
- syslog(LOG_DEBUG, "krb5_init_context: %d", (int)ret);
- return NULL;
- }
ccname = krb5_cc_default_name(context);
if (!ccname) {
syslog(LOG_DEBUG, "krb5_cc_default returned NULL.");
- goto out_free_context;
+ return NULL;
}
if (get_tgt_time(ccname))
rcc = strdup(ccname);
-out_free_context:
- krb5_free_context(context);
return rcc;
}
@@ -203,7 +186,6 @@ out_free_context:
static char *
init_cc_from_keytab(const char *keytab_name, const char *user)
{
- krb5_context context = NULL;
krb5_error_code ret;
krb5_creds my_creds;
krb5_keytab keytab = NULL;
@@ -213,12 +195,6 @@ init_cc_from_keytab(const char *keytab_name, const char *user)
memset((char *) &my_creds, 0, sizeof(my_creds));
- ret = krb5_init_context(&context);
- if (ret) {
- syslog(LOG_DEBUG, "krb5_init_context: %d", (int)ret);
- goto icfk_cleanup;
- }
-
if (keytab_name)
ret = krb5_kt_resolve(context, keytab_name, &keytab);
else
@@ -273,8 +249,6 @@ icfk_cleanup:
krb5_cc_close(context, cc);
if (keytab)
krb5_kt_close(context, keytab);
- if (context)
- krb5_free_context(context);
return ccname;
}
@@ -284,7 +258,6 @@ cifs_krb5_get_req(const char *host, const char *ccname,
{
krb5_error_code ret;
krb5_keyblock *tokb;
- krb5_context context;
krb5_ccache ccache;
krb5_creds in_creds, *out_creds;
krb5_data apreq_pkt, in_data;
@@ -292,26 +265,19 @@ cifs_krb5_get_req(const char *host, const char *ccname,
#if defined(HAVE_KRB5_AUTH_CON_SETADDRS) && defined(HAVE_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE)
static const uint8_t gss_cksum[24] = { 0x10, 0x00, /* ... */};
#endif
-
- ret = krb5_init_context(&context);
- if (ret) {
- syslog(LOG_DEBUG, "%s: unable to init krb5 context", __func__);
- return ret;
- }
-
if (ccname) {
ret = krb5_cc_resolve(context, ccname, &ccache);
if (ret) {
syslog(LOG_DEBUG, "%s: unable to resolve %s to ccache\n",
__func__, ccname);
- goto out_free_context;
+ return ret;
}
} else {
ret = krb5_cc_default(context, &ccache);
if (ret) {
syslog(LOG_DEBUG, "%s: krb5_cc_default: %d",
__func__, (int)ret);
- goto out_free_context;
+ return ret;
}
}
@@ -383,7 +349,6 @@ cifs_krb5_get_req(const char *host, const char *ccname,
/* MIT krb5 < 1.7 is missing the prototype, but still has the symbol */
#if !HAVE_DECL_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE
krb5_error_code krb5_auth_con_set_req_cksumtype(
- krb5_context context,
krb5_auth_context auth_context,
krb5_cksumtype cksumtype);
#endif
@@ -427,8 +392,6 @@ out_free_ccache:
krb5_cc_set_flags(context, ccache, KRB5_TC_OPENCLOSE);
#endif
krb5_cc_close(context, ccache);
-out_free_context:
- krb5_free_context(context);
return ret;
}
@@ -866,6 +829,12 @@ int main(const int argc, char *const argv[])
goto out;
}
+ rc = krb5_init_context(&context);
+ if (rc) {
+ syslog(LOG_ERR, "unable to init krb5 context: %ld", rc);
+ goto out;
+ }
+
ccname = get_default_cc();
/* Couldn't find credcache? Try to use keytab */
if (ccname == NULL && arg.username != NULL)
@@ -1006,6 +975,8 @@ out:
}
data_blob_free(&secblob);
data_blob_free(&sess_key);
+ if (context)
+ krb5_free_context(context);
SAFE_FREE(ccname);
SAFE_FREE(arg.hostname);
SAFE_FREE(arg.ip);
--
2.7.4
next prev parent reply other threads:[~2016-08-25 14:17 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-25 14:17 [cifs-utils PATCHv2 0/6] cifs.upcall: cleanup and overhaul of the cifs.upcall krb5 handling code Jeff Layton
2016-08-25 14:17 ` [cifs-utils PATCHv2 1/6] aclocal: fix typo in idmap.m4 Jeff Layton
2016-08-25 14:17 ` [cifs-utils PATCHv2 2/6] cifs.upcall: use krb5 routines to get default ccname Jeff Layton
[not found] ` <1472134665-4014-1-git-send-email-jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
2016-08-25 14:17 ` Jeff Layton [this message]
2016-08-25 14:17 ` [cifs-utils PATCHv2 4/6] cifs.upcall: remove KRB5_TC_OPENCLOSE Jeff Layton
2016-08-25 14:17 ` [cifs-utils PATCHv2 5/6] cifs.upcall: make get_tgt_time take a ccache arg Jeff Layton
2016-08-25 14:17 ` [cifs-utils PATCHv2 6/6] cifs.upcall: stop passing around ccache name strings Jeff Layton
2016-08-25 16:05 ` [cifs-utils PATCHv2 0/6] cifs.upcall: cleanup and overhaul of the cifs.upcall krb5 handling code Isaac Boukris
[not found] ` <CAC-fF8S_K49oDzNMQ8PrjWyWEokdsRo2gC5xUQobWe4TTBYaCA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-08-25 16:44 ` Jeff Layton
[not found] ` <1472143488.3160.7.camel-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
2016-08-25 19:59 ` Isaac Boukris
2016-08-25 20:51 ` Jeff Layton
2016-08-26 12:53 ` Simo
[not found] ` <1472216025.17759.9.camel-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
2016-08-26 13:44 ` Jeff Layton
2016-08-26 13:54 ` Simo
2016-08-27 17:11 ` Isaac Boukris
2016-08-26 12:46 ` Simo
[not found] ` <1472215575.17759.3.camel-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
2016-08-27 18:06 ` Isaac Boukris
[not found] ` <CAC-fF8TP8T_qzmLNjTcs-u+nG46WWsEVyEQMqRBdgscQno3L5g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-08-27 21:25 ` Simo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1472134665-4014-4-git-send-email-jlayton@samba.org \
--to=jlayton-eunubhrolfbytjvyw6ydsg@public.gmane.org \
--cc=jfdey-rEd9KcVInK8dYYaOPf09RA@public.gmane.org \
--cc=linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=samba-technical-w/Ol4Ecudpl8XjKLYN78aQ@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.