From patchwork Mon Aug 22 12:29:22 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Layton X-Patchwork-Id: 9293447 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 81832608A7 for ; Mon, 22 Aug 2016 12:29:27 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 71EE428977 for ; Mon, 22 Aug 2016 12:29:27 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 66BE928984; Mon, 22 Aug 2016 12:29:27 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E73E22897D for ; Mon, 22 Aug 2016 12:29:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752299AbcHVM30 (ORCPT ); Mon, 22 Aug 2016 08:29:26 -0400 Received: from mx1.redhat.com ([209.132.183.28]:44216 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752597AbcHVM3Z (ORCPT ); Mon, 22 Aug 2016 08:29:25 -0400 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 478EB81F01; Mon, 22 Aug 2016 12:29:25 +0000 (UTC) Received: from tlielax.poochiereds.net (ovpn-116-47.rdu2.redhat.com [10.10.116.47]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u7MCTNMQ019328; Mon, 22 Aug 2016 08:29:24 -0400 From: Jeff Layton To: linux-cifs@vger.kernel.org Cc: "Dey, John F" Subject: [cifs-utils PATCH 3/3] cifs.upcall: make the krb5_context a static global variable Date: Mon, 22 Aug 2016 08:29:22 -0400 Message-Id: <1471868962-7312-4-git-send-email-jlayton@samba.org> In-Reply-To: <1471868962-7312-1-git-send-email-jlayton@samba.org> References: <1471868962-7312-1-git-send-email-jlayton@samba.org> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Mon, 22 Aug 2016 12:29:25 +0000 (UTC) Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP There's no need to keep initing a new context for every function. Just do it once and reuse as needed. Signed-off-by: Jeff Layton --- cifs.upcall.c | 61 ++++++++++++++++------------------------------------------- 1 file changed, 16 insertions(+), 45 deletions(-) diff --git a/cifs.upcall.c b/cifs.upcall.c index d0f6d089d8e1..8448d00f6061 100644 --- a/cifs.upcall.c +++ b/cifs.upcall.c @@ -52,7 +52,9 @@ #include "spnego.h" #include "cifs_spnego.h" -static const char *prog = "cifs.upcall"; +static krb5_context context; +static const char *prog = "cifs.upcall"; + typedef enum _sectype { NONE = 0, KRB5, @@ -69,9 +71,7 @@ typedef enum _sectype { * @return pointer to the realm * */ - -static char *cifs_krb5_principal_get_realm(krb5_context context __attribute__ ((unused)), - krb5_principal principal) +static char *cifs_krb5_principal_get_realm(krb5_principal principal) { #ifdef HAVE_KRB5_PRINCIPAL_GET_REALM /* Heimdal */ return krb5_principal_get_realm(context, principal); @@ -104,7 +104,6 @@ krb5_auth_con_getsendsubkey(krb5_context context, /* does the ccache have a valid TGT? */ static time_t get_tgt_time(const char *ccname) { - krb5_context context; krb5_ccache ccache; krb5_cc_cursor cur; krb5_creds creds; @@ -112,11 +111,6 @@ static time_t get_tgt_time(const char *ccname) time_t credtime = 0; char *realm = NULL; - if (krb5_init_context(&context)) { - syslog(LOG_DEBUG, "%s: unable to init krb5 context", __func__); - return 0; - } - if (krb5_cc_resolve(context, ccname, &ccache)) { syslog(LOG_DEBUG, "%s: unable to resolve krb5 cache", __func__); goto err_cache; @@ -137,7 +131,7 @@ static time_t get_tgt_time(const char *ccname) goto err_ccstart; } - if ((realm = cifs_krb5_principal_get_realm(context, principal)) == NULL) { + if ((realm = cifs_krb5_principal_get_realm(principal)) == NULL) { syslog(LOG_DEBUG, "%s: unable to get realm", __func__); goto err_ccstart; } @@ -168,34 +162,23 @@ err_princ: #endif krb5_cc_close(context, ccache); err_cache: - krb5_free_context(context); return credtime; } static char * get_default_cc(void) { - krb5_error_code ret; const char *ccname; char *rcc = NULL; - krb5_context context = NULL; - - ret = krb5_init_context(&context); - if (ret) { - syslog(LOG_DEBUG, "krb5_init_context: %d", (int)ret); - return NULL; - } ccname = krb5_cc_default_name(context); if (!ccname) { syslog(LOG_DEBUG, "krb5_cc_default returned NULL."); - goto out_free_context; + return NULL; } if (get_tgt_time(ccname)) rcc = strdup(ccname); -out_free_context: - krb5_free_context(context); return rcc; } @@ -203,7 +186,6 @@ out_free_context: static char * init_cc_from_keytab(const char *keytab_name, const char *user) { - krb5_context context = NULL; krb5_error_code ret; krb5_creds my_creds; krb5_keytab keytab = NULL; @@ -213,12 +195,6 @@ init_cc_from_keytab(const char *keytab_name, const char *user) memset((char *) &my_creds, 0, sizeof(my_creds)); - ret = krb5_init_context(&context); - if (ret) { - syslog(LOG_DEBUG, "krb5_init_context: %d", (int)ret); - goto icfk_cleanup; - } - if (keytab_name) ret = krb5_kt_resolve(context, keytab_name, &keytab); else @@ -273,8 +249,6 @@ icfk_cleanup: krb5_cc_close(context, cc); if (keytab) krb5_kt_close(context, keytab); - if (context) - krb5_free_context(context); return ccname; } @@ -284,7 +258,6 @@ cifs_krb5_get_req(const char *host, const char *ccname, { krb5_error_code ret; krb5_keyblock *tokb; - krb5_context context; krb5_ccache ccache; krb5_creds in_creds, *out_creds; krb5_data apreq_pkt, in_data; @@ -292,26 +265,19 @@ cifs_krb5_get_req(const char *host, const char *ccname, #if defined(HAVE_KRB5_AUTH_CON_SETADDRS) && defined(HAVE_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE) static const uint8_t gss_cksum[24] = { 0x10, 0x00, /* ... */}; #endif - - ret = krb5_init_context(&context); - if (ret) { - syslog(LOG_DEBUG, "%s: unable to init krb5 context", __func__); - return ret; - } - if (ccname) { ret = krb5_cc_resolve(context, ccname, &ccache); if (ret) { syslog(LOG_DEBUG, "%s: unable to resolve %s to ccache\n", __func__, ccname); - goto out_free_context; + return ret; } } else { ret = krb5_cc_default(context, &ccache); if (ret) { syslog(LOG_DEBUG, "%s: krb5_cc_default: %d", __func__, (int)ret); - goto out_free_context; + return ret; } } @@ -383,7 +349,6 @@ cifs_krb5_get_req(const char *host, const char *ccname, /* MIT krb5 < 1.7 is missing the prototype, but still has the symbol */ #if !HAVE_DECL_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE krb5_error_code krb5_auth_con_set_req_cksumtype( - krb5_context context, krb5_auth_context auth_context, krb5_cksumtype cksumtype); #endif @@ -427,8 +392,6 @@ out_free_ccache: krb5_cc_set_flags(context, ccache, KRB5_TC_OPENCLOSE); #endif krb5_cc_close(context, ccache); -out_free_context: - krb5_free_context(context); return ret; } @@ -866,6 +829,12 @@ int main(const int argc, char *const argv[]) goto out; } + rc = krb5_init_context(&context); + if (rc) { + syslog(LOG_ERR, "unable to init krb5 context: %ld", rc); + goto out; + } + ccname = get_default_cc(); /* Couldn't find credcache? Try to use keytab */ if (ccname == NULL && arg.username != NULL) @@ -1006,6 +975,8 @@ out: } data_blob_free(&secblob); data_blob_free(&sess_key); + if (context) + krb5_free_context(context); SAFE_FREE(ccname); SAFE_FREE(arg.hostname); SAFE_FREE(arg.ip);