Freeing memory when in a loop

Keagle, Chuck chuck.keagle at boeing.com
Wed Nov 8 19:28:06 EST 2006 

The following code is in a loop, running periodically to see if
Credential needs to be renewed (a lot of code is left out to make this
easier to peruse):

	code = krb5_init_context( &context );
	code = krb5_cc_default( context, &ccache );
	code = krb5_cc_start_seq_get( context, ccache, &cursor);
	while ( 1 )
	{
		code = krb5_cc_next_cred( context, ccache, &cursor,
&curCred );
		if ( code == KRB5_CC_END ) break;
		code = krb5_unparse_name( context, curCred.server,
&principalName);
		if ( strncmp ( principalName, "krbtgt", 6 ) == 0 )
		{
			krb5_timeofday( context, &tNow );
			tStart = curCred.times.starttime;
			tEnd = curCred.times.endtime;
		}
		free( principalName );
		free( cursor );
		krb5_free_creds( context, &curCred );
	}
	code = krb5_cc_end_seq_get
	if ( ( ( tEnd - tStart ) / 4 > tEnd - tNow ) || ( tEnd < tNow )
)
	{
		code = krb5_parse_name( context, (char *)kuser,
&principal );
		krb5_cc_initialize( context, ccache, principal );
		krb5_build_principal( context, &tgs, ..., ..., ..., ...,
NULL);
		myCreds.client = principal;
		myCreds.server = tgs;
		krb5_get_init_creds_opt_init( &options );
		code = krb5_get_init_creds_password(context, &myCreds,
..., ..., 0, 0, 0, 0, &options);
		krb5_cc_store_cred( context, ccache, &myCreds );
	}
	if (( ! code ))
	{
		krb5_free_creds( context, &myCreds );
		krb5_free_principal( context, tgs );
		krb5_free_principal( context, principal );
		krb5_free_context( context );
	}

This whole loop is run periodically to insure a batch job doesn't loose
it's credential if it runs longer than maximum Credential lifetime.

I know keytabs might work better here, but Kerberos admins don't want to
have to maintain them on the KDC.  This is a personal workaround.

It looks like it's not freeing memory correctly because job memory
continually grows throughout job execution.  Any ideas on what krb5_free
calls I've missed?

What would be a good recommendation on a Kerberos programming book that
would cover this topic?

Thanks.

----
Not all who wander are lost.

                          |     ----  ___o  |  chuck.keagle at boeing.com
Chuck Keagle              |  -------  \ <,  |  Work:  (425) 865-1488
Enterprise Servers:  HPC  |  ----- ( )/ ( ) |  Cell:  (425) 417-3434
http://card.web.boeing.com/Webcard.cfm?id=73990
 <<Keagle, Chuck.vcf>>

More information about the Kerberos mailing list