From bjaspan@MIT.EDU  Wed Nov 20 14:56:45 1996
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id OAA26957 for <bugs@RT-11.MIT.EDU>; Wed, 20 Nov 1996 14:56:45 -0500
Received: from BEEBLEBROX.MIT.EDU by MIT.EDU with SMTP
	id AA17052; Wed, 20 Nov 96 14:56:44 EST
Received: by beeblebrox.MIT.EDU (940816.SGI.8.6.9/4.7) id TAA29480; Wed, 20 Nov 1996 19:56:43 GMT
Message-Id: <199611201956.TAA29480@beeblebrox.MIT.EDU>
Date: Wed, 20 Nov 1996 19:56:43 GMT
From: bjaspan@MIT.EDU
Reply-To: bjaspan@MIT.EDU
To: krb5-bugs@MIT.EDU
Subject: minor improvement to gss_acquire_cred
X-Send-Pr-Version: 3.99

>Number:         210
>Category:       krb5-libs
>Synopsis:       minor improvement to gss_acquire_cred
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    krb5-unassigned
>State:          closed
>Class:          sw-bug
>Submitter-Id:   unknown
>Arrival-Date:   Wed Nov 20 14:57:01 EST 1996
>Last-Modified:  Wed Dec 04 13:07:28 EST 1996
>Originator:     Barry Jaspan
>Organization:
mit
>Release:        1.0-development
>Environment:
	
System: IRIX beeblebrox 5.3 11091812 IP22 mips


>Description:

The following patch changes the krb5 gss_acquire_cred to use
krb5_kt_get_entry instead of iterating through the entire keytab
looking for a matching principal.  The latter is more efficient.  This
is not a necessary fix for 1.0.

Index: acquire_cred.c
===================================================================
RCS file: /mit/krbdev/.cvsroot/src/lib/gssapi/krb5/acquire_cred.c,v
retrieving revision 1.18
diff -c -r1.18 acquire_cred.c
*** acquire_cred.c	1996/10/10 17:51:42	1.18
--- acquire_cred.c	1996/11/20 17:43:02
***************
*** 77,119 ****
        princ = (krb5_principal) desired_name;
     }
  
!    /* iterate over the keytab searching for the principal */
! 
!    if (code = krb5_kt_start_seq_get(context, kt, &cur)) {
!       (void) krb5_kt_close(context, kt);
!       *minor_status = code;
!       return(GSS_S_FAILURE);
!    }
! 
!    while (!(code = krb5_kt_next_entry(context, kt, &entry, &cur))) {
!       if (krb5_principal_compare(context, entry.principal, princ)) {
! 	 code = 0;
! 	 krb5_kt_free_entry(context, &entry);
! 	 break;
!       } 
!       krb5_kt_free_entry(context, &entry);
!    }
! 
!    if (code == KRB5_KT_END) {
!       /* this means that the principal wasn't in the keytab */
!       (void)krb5_kt_end_seq_get(context, kt, &cur);
!       (void) krb5_kt_close(context, kt);
!       *minor_status = KG_KEYTAB_NOMATCH;
!       return(GSS_S_CRED_UNAVAIL);
!    } else if (code) {
!       /* this means some error occurred reading the keytab */
!       (void)krb5_kt_end_seq_get(context, kt, &cur);
!       (void) krb5_kt_close(context, kt);
!       *minor_status = code;
!       return(GSS_S_FAILURE);
!    } else {
!       /* this means that we found a matching entry */
!       if (code = krb5_kt_end_seq_get(context, kt, &cur)) {
! 	 (void) krb5_kt_close(context, kt);
! 	 *minor_status = code;
! 	 return(GSS_S_FAILURE);
!       }
     }
  
     /* hooray.  we made it */
  
--- 77,91 ----
        princ = (krb5_principal) desired_name;
     }
  
!    if (code = krb5_kt_get_entry(context, kt, princ, 0, 0, &entry)) {
! 	(void) krb5_kt_close(context, kt);
! 	if (code == KRB5_KT_NOTFOUND)
! 	     *minor_status = KG_KEYTAB_NOMATCH;
! 	else
! 	     *minor_status = code;
! 	return(GSS_S_CRED_UNAVAIL);
     }
+    krb5_kt_free_entry(context, &entry);
  
     /* hooray.  we made it */
  


>How-To-Repeat:
	
>Fix:
	
>Audit-Trail:

State-Changed-From-To: open-closed
State-Changed-By: bjaspan
State-Changed-When: Wed Dec  4 13:07:16 1996
State-Changed-Why:

Fixed.  Files:

lib/gssapi/krb5/ChangeLog
lib/gssapi/krb5/acquire_cred.c

>Unformatted: