diff options
| author | Sam Hartman <hartmans@mit.edu> | 2001-11-18 23:46:32 +0000 |
|---|---|---|
| committer | Sam Hartman <hartmans@mit.edu> | 2001-11-18 23:46:32 +0000 |
| commit | 6e67fcdfe9b6974c196929b33adff851cee0108e (patch) | |
| tree | f52bbda03c3abe467ba8d078f607cfe67af605c9 /src/lib/gssapi | |
| parent | 4b50e8f97119084be1c76e86c67993bbad351840 (diff) | |
| download | krb5-6e67fcdfe9b6974c196929b33adff851cee0108e.tar.gz krb5-6e67fcdfe9b6974c196929b33adff851cee0108e.tar.xz krb5-6e67fcdfe9b6974c196929b33adff851cee0108e.zip | |
When initiating GSSAPI context override tgs-enctypes
rather than trying all acceptable enctypes in a loop.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13989 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/gssapi')
| -rw-r--r-- | src/lib/gssapi/krb5/ChangeLog | 6 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/init_sec_context.c | 28 |
2 files changed, 10 insertions, 24 deletions
diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index 5d6982149..4a6bd8e79 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,9 @@ +2001-11-18 Sam Hartman <hartmans@mit.edu> + + * init_sec_context.c (get_credentials): Override + default_tgs_enctypes rather than looping over credentials. Avoids + hits on the KDC. + 2001-10-30 Ezra Peisach <epeisach@mit.edu> * k5unseal.c: Fix whitespace in copyright message. diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index 6a88a4ebc..72e3ccfac 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -113,31 +113,11 @@ static krb5_error_code get_credentials(context, cred, server, now, in_creds.keyblock.enctype = 0; - /* - * Initial iteration is necessary to catch a non-matching - * credential prior to looping through the GSSAPI-supported - * enctypes, since an enctype mismatch in the loop below will - * return KRB5_CC_NOTFOUND rather than one of the other error - * codes. - */ - code = krb5_get_credentials(context, 0, cred->ccache, - &in_creds, out_creds); + code = krb5_set_default_tgs_enctypes (context, enctypes); if (code) - goto cleanup; - krb5_free_creds(context, *out_creds); - *out_creds = NULL; - for (i = 0; enctypes[i]; i++) { - in_creds.keyblock.enctype = enctypes[i]; - code = krb5_get_credentials(context, 0, cred->ccache, - &in_creds, out_creds); - if (code != KRB5_CC_NOT_KTYPE && code != KRB5_CC_NOTFOUND - && code != KRB5KDC_ERR_ETYPE_NOSUPP) - break; - } - if (enctypes[i] == 0) { - code = KRB5_CONFIG_ETYPE_NOSUPP; - goto cleanup; - } + goto cleanup; + code = krb5_get_credentials(context, 0, cred->ccache, + &in_creds, out_creds); if (code) goto cleanup; |