diff options
| author | Greg Hudson <ghudson@mit.edu> | 2013-02-28 18:56:45 -0500 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2013-03-01 02:06:56 -0500 |
| commit | d77d40b0e2d3f60a49df0131d96cc05d80ca6107 (patch) | |
| tree | 8b1e8eefbc93b1cadeb6f02723f29239f67d30bf /src/lib | |
| parent | a39af2971e03d3dc6da2cfd8959feebd40a0ffc0 (diff) | |
| download | krb5-d77d40b0e2d3f60a49df0131d96cc05d80ca6107.tar.gz krb5-d77d40b0e2d3f60a49df0131d96cc05d80ca6107.tar.xz krb5-d77d40b0e2d3f60a49df0131d96cc05d80ca6107.zip | |
Simplify and clarify lookup_etypes_for_keytab
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/krb5/krb/gic_keytab.c | 48 |
1 files changed, 21 insertions, 27 deletions
diff --git a/src/lib/krb5/krb/gic_keytab.c b/src/lib/krb5/krb/gic_keytab.c index ff26c1832a..9eef3750d0 100644 --- a/src/lib/krb5/krb/gic_keytab.c +++ b/src/lib/krb5/krb/gic_keytab.c @@ -89,9 +89,10 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab, { krb5_kt_cursor cursor; krb5_keytab_entry entry; - krb5_enctype *p, *etypes = NULL; - krb5_kvno max_kvno = 0; + krb5_enctype *p, *etypes = NULL, etype; + krb5_kvno max_kvno = 0, vno; krb5_error_code ret; + krb5_boolean match; size_t count = 0; *etypes_out = NULL; @@ -102,53 +103,46 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab, if (ret != 0) return ret; - for (;;) { - ret = krb5_kt_next_entry(context, keytab, &entry, &cursor); - if (ret == KRB5_KT_END) - break; - if (ret) - goto cleanup; + while (!(ret = krb5_kt_next_entry(context, keytab, &entry, &cursor))) { + /* Extract what we need from the entry and free it. */ + etype = entry.key.enctype; + vno = entry.vno; + match = krb5_principal_compare(context, entry.principal, client); + krb5_free_keytab_entry_contents(context, &entry); - if (!krb5_c_valid_enctype(entry.key.enctype)) { - krb5_free_keytab_entry_contents(context, &entry); - continue; - } - if (!krb5_principal_compare(context, entry.principal, client)) { - krb5_free_keytab_entry_contents(context, &entry); + /* Filter out old or non-matching entries and invalid enctypes. */ + if (vno < max_kvno || !match || !krb5_c_valid_enctype(etype)) continue; - } - /* Make sure our list is for the highest kvno found for client. */ - if (entry.vno > max_kvno) { + + /* Update max_kvno and reset the list if we find a newer kvno. */ + if (vno > max_kvno) { + max_kvno = vno; free(etypes); etypes = NULL; count = 0; - max_kvno = entry.vno; - } else if (entry.vno != max_kvno) { - krb5_free_keytab_entry_contents(context, &entry); - continue; } /* Leave room for the terminator and possibly a second entry. */ p = realloc(etypes, (count + 3) * sizeof(*etypes)); if (p == NULL) { - krb5_free_keytab_entry_contents(context, &entry); ret = ENOMEM; goto cleanup; } etypes = p; - etypes[count++] = entry.key.enctype; + etypes[count++] = etype; /* All DES key types work with des-cbc-crc, which is more likely to be * accepted by the KDC (since MIT KDCs refuse des-cbc-md5). */ - if (entry.key.enctype == ENCTYPE_DES_CBC_MD5 || - entry.key.enctype == ENCTYPE_DES_CBC_MD4) + if (etype == ENCTYPE_DES_CBC_MD5 || etype == ENCTYPE_DES_CBC_MD4) etypes[count++] = ENCTYPE_DES_CBC_CRC; etypes[count] = 0; - krb5_free_keytab_entry_contents(context, &entry); } - + if (ret != KRB5_KT_END) + goto cleanup; ret = 0; + *etypes_out = etypes; etypes = NULL; + cleanup: krb5_kt_end_seq_get(context, keytab, &cursor); free(etypes); |