From cb2ecb7ec8cd0885c06ecf4e4f1104ae1dc6f7cf Mon Sep 17 00:00:00 2001 From: Derrick Brashear Date: Fri, 30 May 2003 14:28:54 -0400 Subject: server: avoid blocking in tkt_lookup() tkt_lookup() is supposed to quickly obtain a ticket for a foreign realm if we already have a usable one, and quickly fail otherwise. Sending a request to a KDC and waiting for a response, as krb5_get_credentials() may do, defeats the purpose of tkt_retrieve() retrying failed requests in the background. So, use krb5_cc_retrieve_cred() instead. Extracted from Andrew zephyr/063 --- server/realm.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/server/realm.c b/server/realm.c index b2fc6f8..aef23c5 100644 --- a/server/realm.c +++ b/server/realm.c @@ -1264,13 +1264,14 @@ ticket_lookup(char *realm) krb5_error_code result; krb5_timestamp sec; krb5_ccache ccache; - krb5_creds creds_in, *creds; + krb5_creds creds_in, creds; result = krb5_cc_default(Z_krb5_ctx, &ccache); if (result) return 0; memset(&creds_in, 0, sizeof(creds_in)); + memset(&creds, 0, sizeof(creds)); result = krb5_cc_get_principal(Z_krb5_ctx, ccache, &creds_in.client); if (result) { @@ -1288,18 +1289,18 @@ ticket_lookup(char *realm) return 0; } - result = krb5_get_credentials(Z_krb5_ctx, 0 /* flags */, ccache, - &creds_in, &creds); + result = krb5_cc_retrieve_cred(Z_krb5_ctx, ccache, 0, &creds_in, &creds); krb5_cc_close(Z_krb5_ctx, ccache); /* good ticket? */ krb5_timeofday (Z_krb5_ctx, &sec); krb5_free_cred_contents(Z_krb5_ctx, &creds_in); /* hope this is OK */ - if ((result == 0) && (sec < creds->times.endtime)) { - krb5_free_creds(Z_krb5_ctx, creds); + if ((result == 0) && (sec < creds.times.endtime)) { + krb5_free_cred_contents(Z_krb5_ctx, &creds); return (1); } - if (!result) krb5_free_creds(Z_krb5_ctx, creds); + if (!result) + krb5_free_cred_contents(Z_krb5_ctx, &creds); return (0); } -- cgit v1.2.3