summaryrefslogtreecommitdiff
path: root/server
diff options
context:
space:
mode:
authorGravatar Derrick Brashear <shadow@dementix.org>2003-05-30 14:28:54 -0400
committerGravatar Jeffrey Hutzelman <jhutz@cmu.edu>2012-11-24 18:13:15 -0500
commitcb2ecb7ec8cd0885c06ecf4e4f1104ae1dc6f7cf (patch)
tree0104126e90fe991cec8dfe922e864d3edb1c0f0d /server
parent5c362db8305068a22e5e00915c7e2139d3a3f904 (diff)
server: avoid blocking in tkt_lookup()
tkt_lookup() is supposed to quickly obtain a ticket for a foreign realm if we already have a usable one, and quickly fail otherwise. Sending a request to a KDC and waiting for a response, as krb5_get_credentials() may do, defeats the purpose of tkt_retrieve() retrying failed requests in the background. So, use krb5_cc_retrieve_cred() instead. Extracted from Andrew zephyr/063
Diffstat (limited to 'server')
-rw-r--r--server/realm.c13
1 files changed, 7 insertions, 6 deletions
diff --git a/server/realm.c b/server/realm.c
index b2fc6f8..aef23c5 100644
--- a/server/realm.c
+++ b/server/realm.c
@@ -1264,13 +1264,14 @@ ticket_lookup(char *realm)
krb5_error_code result;
krb5_timestamp sec;
krb5_ccache ccache;
- krb5_creds creds_in, *creds;
+ krb5_creds creds_in, creds;
result = krb5_cc_default(Z_krb5_ctx, &ccache);
if (result)
return 0;
memset(&creds_in, 0, sizeof(creds_in));
+ memset(&creds, 0, sizeof(creds));
result = krb5_cc_get_principal(Z_krb5_ctx, ccache, &creds_in.client);
if (result) {
@@ -1288,18 +1289,18 @@ ticket_lookup(char *realm)
return 0;
}
- result = krb5_get_credentials(Z_krb5_ctx, 0 /* flags */, ccache,
- &creds_in, &creds);
+ result = krb5_cc_retrieve_cred(Z_krb5_ctx, ccache, 0, &creds_in, &creds);
krb5_cc_close(Z_krb5_ctx, ccache);
/* good ticket? */
krb5_timeofday (Z_krb5_ctx, &sec);
krb5_free_cred_contents(Z_krb5_ctx, &creds_in); /* hope this is OK */
- if ((result == 0) && (sec < creds->times.endtime)) {
- krb5_free_creds(Z_krb5_ctx, creds);
+ if ((result == 0) && (sec < creds.times.endtime)) {
+ krb5_free_cred_contents(Z_krb5_ctx, &creds);
return (1);
}
- if (!result) krb5_free_creds(Z_krb5_ctx, creds);
+ if (!result)
+ krb5_free_cred_contents(Z_krb5_ctx, &creds);
return (0);
}