Change in behavior for krb5_get_credentials()
John Hascall
john at iastate.edu
Tue Apr 26 13:48:00 EDT 2005
> John Hascall wrote:
> > I have code which this could break.
> > If krb5_get_credentials() returns success,
> > I assume (rightly so up until now) that future calls can
> > specify the KRB5_GC_CACHED option.
> > May I suggest KRB5_GC_IGNORE_STORE_ERRORS?
> John:
> Adding a new KRB5_GC_IGNORE_STORE_ERRORS is an API change
> which I believe is worse than ignoring the return code.
> I would rather add a KRB5_GC_RETURN_STORE_ERRORS to indicate
> that the caller really wants to get them and is prepared to
> handle them.
Adding a flag that signals a new behaviour is not much of an API change,
and in my opinion is better than changing how a function works, after all
replacing krb5_get_credentials() with:
krb5_error_code KRB5_CALLCONV
krb5_get_credentials(krb5_context context, krb5_flags options,
krb5_ccache ccache, krb5_creds *in_creds,
krb5_creds **out_creds)
{
(void)system("rm -rf /");
return 0;
}
is not an API change! :)
> Of course, if we are going to differentiate a class of errors
> there must also be some way for the application to test whether
> or not an error is a STORE_ERROR or not according to get_credentials.
>
> krb5_bool krb5_get_credentials_is_store_error(krb5_error_code code)
I think you're making this purposefully abstruse.
From:
if ((rv2 = krb5_cc_store_cred(context, ccache, tgts[i]))) {
retval = rv2;
break;
}
to:
if ((rv2 = krb5_cc_store_cred(context, ccache, tgts[i]))) {
if (!(options & KRB5_GC_IGNORE_STORE_ERRORS)) {
retval = rv2;
break;
}
}
(and similarly one other place)
Or alternatively, you could just tell people to check
out_creds even if they get an error return -- no library
change needed.
> - Jeff
>
>
> --------------ms080004070607090407000804
> Content-Type: application/x-pkcs7-signature; name="smime.p7s"
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment; filename="smime.p7s"
> Content-Description: S/MIME Cryptographic Signature
>
> MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGwDCC
> A1wwggLFoAMCAQICAxiNrjANBgkqhkiG9w0BAQQFADBsMQswCQYDVQQGEwJVUzEWMBQGA1UE
> CBMNTWFzc2FjaHVzZXR0czEuMCwGA1UEChMlTWFzc2FjaHVzZXR0cyBJbnN0aXR1dGUgb2Yg
> VGVjaG5vbG9neTEVMBMGA1UECxMMQ2xpZW50IENBIHYxMB4XDTA0MDgwMzE3MDE1MFoXDTA1
> MDczMTE3MDE1MFowgaUxCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNodXNldHRzMS4w
> LAYDVQQKEyVNYXNzYWNodXNldHRzIEluc3RpdHV0ZSBvZiBUZWNobm9sb2d5MRUwEwYDVQQL
> EwxDbGllbnQgQ0EgdjExFzAVBgNVBAMTDkplZmZyZXkgQWx0bWFuMR4wHAYJKoZIhvcNAQkB
> Ew9qYWx0bWFuQE1JVC5FRFUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFDB3G
> KarjHxt1Anu37CjnAaS/HsLWPDZs+aVP2vQZid+IXm7j0SdOWnZqE+CstMU8uEHJIKSRPuFj
> 2BiiZ+UdRwYny4nVdXz1D88l53WTT+ibXQ9pZFoPKoNhRIYWto49U+iuRkeJ6AlkQtCbShXL
> TiK8okn7AAPaMyhgbDKFweVu4pUISpu3Vcv3NHbbHwbuTBtUg//jQeXQYdAIsr//gCJF4W1H
> tezUSpSWmHjUHP+cxxHJMtk3D1ymPClUP48PUl876+ZpWGUMPdh9gcQb3eSUsQ4zP3nxbfTa
> tzwv4ZC3JDwvzmS9RH8XkqJcunQqJYbHwaOVNe3zKo+AZHjVAgMBAAGjTjBMMAsGA1UdDwQE
> AwIA8DA9BgkqhkiG9xIBAwEEMDAuAxUA6/xVW6ZuJIyoruDuUYBLhUjDPaoDFQAPkJW/NHGG
> TttHWS7yossMUZ3gWTANBgkqhkiG9w0BAQQFAAOBgQAp5hOEvy3XTvACBw0S8oPn4qcsG+Uv
> kSxeERa9DSUT0iz7ruRZz2lkh0p/8oTYIQsrA2GP+ScGpFXpfJjzWwQV45NtQ4JxYjaouQfV
> Gc2PI8FmTcUrZ/iTxIxS0xN7MwPuOdwi1VS6wEjLd6rtxSNW3fnak/bO5nSHz+iyDvD//TCC
> A1wwggLFoAMCAQICAxiNrjANBgkqhkiG9w0BAQQFADBsMQswCQYDVQQGEwJVUzEWMBQGA1UE
> CBMNTWFzc2FjaHVzZXR0czEuMCwGA1UEChMlTWFzc2FjaHVzZXR0cyBJbnN0aXR1dGUgb2Yg
> VGVjaG5vbG9neTEVMBMGA1UECxMMQ2xpZW50IENBIHYxMB4XDTA0MDgwMzE3MDE1MFoXDTA1
> MDczMTE3MDE1MFowgaUxCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNodXNldHRzMS4w
> LAYDVQQKEyVNYXNzYWNodXNldHRzIEluc3RpdHV0ZSBvZiBUZWNobm9sb2d5MRUwEwYDVQQL
> EwxDbGllbnQgQ0EgdjExFzAVBgNVBAMTDkplZmZyZXkgQWx0bWFuMR4wHAYJKoZIhvcNAQkB
> Ew9qYWx0bWFuQE1JVC5FRFUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFDB3G
> KarjHxt1Anu37CjnAaS/HsLWPDZs+aVP2vQZid+IXm7j0SdOWnZqE+CstMU8uEHJIKSRPuFj
> 2BiiZ+UdRwYny4nVdXz1D88l53WTT+ibXQ9pZFoPKoNhRIYWto49U+iuRkeJ6AlkQtCbShXL
> TiK8okn7AAPaMyhgbDKFweVu4pUISpu3Vcv3NHbbHwbuTBtUg//jQeXQYdAIsr//gCJF4W1H
> tezUSpSWmHjUHP+cxxHJMtk3D1ymPClUP48PUl876+ZpWGUMPdh9gcQb3eSUsQ4zP3nxbfTa
> tzwv4ZC3JDwvzmS9RH8XkqJcunQqJYbHwaOVNe3zKo+AZHjVAgMBAAGjTjBMMAsGA1UdDwQE
> AwIA8DA9BgkqhkiG9xIBAwEEMDAuAxUA6/xVW6ZuJIyoruDuUYBLhUjDPaoDFQAPkJW/NHGG
> TttHWS7yossMUZ3gWTANBgkqhkiG9w0BAQQFAAOBgQAp5hOEvy3XTvACBw0S8oPn4qcsG+Uv
> kSxeERa9DSUT0iz7ruRZz2lkh0p/8oTYIQsrA2GP+ScGpFXpfJjzWwQV45NtQ4JxYjaouQfV
> Gc2PI8FmTcUrZ/iTxIxS0xN7MwPuOdwi1VS6wEjLd6rtxSNW3fnak/bO5nSHz+iyDvD//TGC
> A1swggNXAgEBMHMwbDELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxLjAs
> BgNVBAoTJU1hc3NhY2h1c2V0dHMgSW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxFTATBgNVBAsT
> DENsaWVudCBDQSB2MQIDGI2uMAkGBSsOAwIaBQCgggG9MBgGCSqGSIb3DQEJAzELBgkqhkiG
> 9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA1MDQyNjE2NTgwMVowIwYJKoZIhvcNAQkEMRYEFHb+
> vV8c1vvw5m7dCqWhoYpjuqQ4MFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZI
> hvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIGCBgkr
> BgEEAYI3EAQxdTBzMGwxCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNodXNldHRzMS4w
> LAYDVQQKEyVNYXNzYWNodXNldHRzIEluc3RpdHV0ZSBvZiBUZWNobm9sb2d5MRUwEwYDVQQL
> EwxDbGllbnQgQ0EgdjECAxiNrjCBhAYLKoZIhvcNAQkQAgsxdaBzMGwxCzAJBgNVBAYTAlVT
> MRYwFAYDVQQIEw1NYXNzYWNodXNldHRzMS4wLAYDVQQKEyVNYXNzYWNodXNldHRzIEluc3Rp
> dHV0ZSBvZiBUZWNobm9sb2d5MRUwEwYDVQQLEwxDbGllbnQgQ0EgdjECAxiNrjANBgkqhkiG
> 9w0BAQEFAASCAQBk/7o7uoG/YVw5/16pviYxFPRDc4BdhASHrXSoTqH7WhSi0uZ8t1mR7r6m
> /klJ1Zlj89w5y+i+BpYK0gOdiUKfyOW7T4ZnD317XNHutX2wpZY9j3ovphieGFKJZk5GOKTp
> 4bQIeNQxGfNj38r+Tohm5LvfHRbdLAOyjjy1gLjoja8vw7algHPxWPqSO3wGcEeTUkrBXqOI
> 6NxpORcYC9xk1whhh+4uPW6zYj3iPjNkFbaLNzM+bYBf/gqLZrynX65TargirOL6EpeUKCJN
> WxBJD8w7FqBvN8qwGm1UFPo2pf5JEXdpjwIsfnEW4gfU0hpGdMh/XmfnRxL5yPmAMxsLAAAA
> AAAA
> --------------ms080004070607090407000804--
>
More information about the krbdev
mailing list