oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

krb5: improve comments in get_cred_kdc_capath_worker

Browse Source 
Change-Id: I0d47ada32fdc9f7938d69d93022f1daac80d4e88
This commit is contained in:
Nicolas Williams
2015-03-12 21:20:09 -04:00
committed by Jeffrey Altman
parent 4f074487b4
commit b84bdf213d
1 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
lib/krb5/get_cred.c
View File

@@ -778,6 +778,10 @@ get_cred_kdc_capath_worker(krb5_context context,
{ {
krb5_creds tgts; krb5_creds tgts;
/*
* If we have krbtgt/server_realm@try_realm cached, use it and we're
* done.
*/
ret = find_cred(context, ccache, tmp_creds.server, ret = find_cred(context, ccache, tmp_creds.server,
*ret_tgts, &tgts); *ret_tgts, &tgts);
if (ret == 0) { if (ret == 0) {
@@ -811,7 +815,16 @@ get_cred_kdc_capath_worker(krb5_context context,
goto out; goto out;
} }
/* XXX this can loop forever */ /*
* XXX This can loop forever, plus we recurse, so we can't just keep a
* count here. The count would have to get passed around by reference.
*
* The KDCs check for transit loops for us, and capath data is finite, so
* in fact we'll fall out of this loop at some point. We should do our own
* transit loop checking (like get_cred_kdc_referral()), and we should
* impose a max number of iterations altogether. But barring malicious or
* broken KDCs, this is good enough.
*/
while (1) { while (1) {
heim_general_string tgt_inst; heim_general_string tgt_inst;