Code modularity
Zhanna Tsitkova
tsitkova at MIT.EDU
Mon Dec 7 16:09:05 EST 2009
Hello,
The approach that was explained in the parent message was applied to
the src/lib files with the exclusion of the subdirectories asn1, rpc,
crypto_tests, openssl,old,raw, unit-test. It suggests the file
partitions as it is detailed at the end of this message. The file
names there are followed by numbered groups of functions. Each group
represents a candidate for a new file.
Lets consider the first file as an example. File lib/krb5/krb/
rd_req_dec.c is recommended to be divided into files to hold
functions from group 1 and 2
1. decrypt_authenticator , krb5_rd_req_decrypt_tkt_part,
krb5_rd_req_decoded, decode_etype_list, negotiate_etype,
krb5_rd_req_decoded_opt krb5_rd_req_decoded_anyflag
2. krb5int_check_clockskew
Apparently, group one is referred in APIs krb5_verify_init_creds,
krb5_rd_req, krb5_recvauth, krb5_recvauth_version while group 2 - in
krb5_get_init_creds_password, kadm5_init, krb5_rd_cred,
krb5_change_password, kadm5_init_with_creds, krb5_rd_priv,
krb5_set_password_using_ccache, krb5_verify_init_creds,
krb5_set_password, krb5_rd_safe, krb5_recvauth, krb5_recvauth_version,
kadm5_init_with_password, krb5_rd_req, kadm5_init_with_skey
Even though asn1 was dropped off from the analysis in the anticipation
of the major design reconstruction there, one can suggest the dividing
the existing files to recognize somewhat independent parts such as
sam, fast, srv etc.
=============
lib/kr lib/krb5/krb/rd_req_dec.c
1. decrypt_authenticator , krb5_rd_req_decrypt_tkt_part,
krb5_rd_req_decoded, decode_etype_list, negotiate_etype,
krb5_rd_req_decoded_opt krb5_rd_req_decoded_anyflag
2. krb5int_check_clockskew
lib/krb5/krb/preauth2.c
1. krb5_init_preauth_context, krb5_free_preauth_context
2. krb5_preauth_supply_preauth_data
3. krb5_preauth_prepare_request, krb5_do_preauth_tryagain,
krb5_preauth_request_context_init, krb5_run_preauth_plugins,
krb5_do_preauth, pa_sam, grow_ktypes, client_data_proc, grow_pa_list
4. krb5_clear_preauth_context_use_counts,
krb5_preauth_request_context_fini
5. pa_salt, padata2data
6. pa_pkinit_gen_req
7. pa_pkinit_parse_rep, local_kdc_cert_match
8. pa_enc_timestamp
9. pa_sam_2
10. pa_sam
11. sam_challenge_banner
12. pa_fx_cookie
13. pa_s4u_x509_user
14. pa_types
lib/krb5/krb/get_in_tkt.c
1. krb5_libdefault_boolean, _krb5_conf_boolean,
krb5_libdefault_string
2. krb5_get_init_creds, make_preauth_list,
sort_krb5_padata_sequence, send_as_request, decrypt_as_reply,
stash_as_reply, verify_as_reply, build_in_tkt_name
3. krb5_get_in_tkt, rewrite_server_realm
lib/krb5/krb/copy_auth.c
1. krb5_merge_authdata, krb5_copy_authdata, krb5_copy_authdatum
2. krb5_decode_authdata_container, find_authdata_1,
grow_find_authdata, krb5int_find_authdata,
krb5_verify_authdata_kdc_issued
3. krb5_encode_authdata_container
4. krb5_make_authdata_kdc_issued
lib/krb5/krb/mk_req_ext.c
1. krb5int_generate_and_save_subkey
2. krb5_mk_req_extended, krb5_generate_authenticator,
make_etype_list
lib/krb5/krb/init_ctx.c
1. krb5_init_context, krb5_init_secure_context,
krb5int_init_context_kdc, krb5_free_context, init_common,
krb5_set_default_in_tkt_ktypes, krb5_set_default_tgs_ktypes,
krb5_set_default_tgs_enctypes, set_default_etype_var
2. copy_enctypes
3. krb5_get_permitted_enctypes, krb5_get_default_in_tkt_ktypes,
mod_list, krb5int_parse_enctype_list, get_profile_etype_list,
krb5_get_tgs_ktypes, krb5_is_permitted_enctype,
krb5_is_permitted_enctype_ext, krb5_free_ktypes,
4. krb5_copy_context
lib/krb5/krb/gic_pwd.c
1. krb5_get_init_creds_password, krb5_get_as_key_password,
krb5_init_creds_set_password, krb5_get_in_tkt_with_password
2. krb5int_populate_gic_opt
lib/krb5/krb/gic_opt.c
1. krb5_get_init_creds_opt_init krb5_get_init_creds_opt_alloc
init_common krb5_get_init_creds_opt_set_tkt_life
krb5_get_init_creds_opt_set_xxx etc. free_gic_opt_ext_preauth_data
krb5int_gic_opte_private_free krb5_get_init_creds_opt_free
krb5int_gic_opte_alloc krb5int_gic_opte_private_alloc
2. krb5int_gic_opt_to_opte krb5int_gic_opte_copy
3. krb5_get_init_creds_opt_set_pa add_gic_opt_ext_preauth_data
4. krb5_get_init_creds_opt_get_pa krb5_get_init_creds_opt_free_pa
5. krb5_get_init_creds_opt_set_fast_ccache_name
lib/krb5/os/init_os_ctx.c
1. krb5_free_config_files, free_filespecs,
2. krb5_os_init_context, krb5_os_free_context,
krb5_secure_config_files, add_kdc_config_file, os_init_paths
3. krb5_get_default_config_files, os_get_default_config_files,
get_from_windows_dir, get_from_module_dir, get_from_registry,
4. krb5_get_profile, krb5_set_config_files
lib/krb5/os/hst_realm.c
1. krb5int_clean_hostname
2. krb5_get_fallback_host_realm, domain_heuristic
3. krb5_try_realm_txt_rr
4. krb5int_translate_gai_error. krb5int_get_fq_local_hostname,
krb5int_get_fq_hostname
5. krb5_get_host_realm
lib/krb5/os/sendto_kdc.c
1. service_tcp_fd setup_connection getcurtime service_udp_fd
service_fds krb5int_sendto krb5int_cm_call_select
set_conn_state_msg_length start_connection kill_conn get_so_error
maybe_send krb5int_print_addrlist
2. krb5_sendto_kdc check_for_svc_unavailable in_addrlist
merge_addrlists
lib/krb5/os/def_realm.c
1. krb5_set_default_realm
2. krb5_get_default_realm
3. krb5_free_default_realm
4. krb5int_get_domain_realm_mapping
lib/crypto/krb/dk/checksum.c
1. krb5int_dk_make_checksum
2. krb5int_dk_make_checksum_iov
lib/crypto/krb/keyhash_provider/hmac_md5.c
1. k5_hmac_md5_hash
2. k5_hmac_md5_hash_iov
lib/crypto/krb/prng.c
1. krb5_c_random_make_octets
2. krb5_c_random_add_entropy, krb5_c_random_seed, entropy_estimate
3. krb5_c_random_os_entropy, read_entropy_from_device
4. krb5int_prng_init, krb5int_prng_cleanup
lib/crypto/builtin/hmac.c
1. krb5int_hmac_iov, krb5int_hmac_iov_keyblock
2. krb5int_hmac, krb5int_hmac_keyblock
lib/gssapi/krb5/krb5_gss_glue.c
1. gss_krb5_ccache_name,
2. krb5_gss_use_kdc_context
3. gss_krb5_get_tkt_flags
4. gss_krb5_copy_ccache, gss_krb5_set_allowable_enctypes,
gss_krb5_set_cred_rcache
5. gss_krb5_export_lucid_sec_context
6. gss_krb5_ccache_name
7. gss_krb5_free_lucid_sec_context
8. krb5_gss_register_acceptor_identity
9. gsskrb5_extract_authz_data_from_sec_context
10. gsskrb5_extract_authtime_from_sec_context
lib/kadm5/clnt/client_principal.c
1. kadm5_setkey_principal kadm5_setkey_principal_3
2. kadm5_chpass_principal_3 kadm5_chpass_principal
kadm5_get_principal
3. kadm5_create_principal_3 kadm5_create_principal
4. kadm5_delete_principal
5. kadm5_modify_principal
6. kadm5_get_principal
7. kadm5_get_principals
8. kadm5_rename_principal
9. kadm5_setv4key_principal
10. kadm5_randkey_principal kadm5_randkey_principal_3
lib/kadm5/srv/svr_policy.c
1. kadm5_create_policy, kadm5_create_policy_internal
2. kadm5_modify_policy, kadm5_modify_policy_internal
3. kadm5_delete_policy
4. kadm5_get_policy
lib/kadm5/srv/server_kdb.c
1. kdb_iter_entry. kdb_iter_func
2. kdb_delete_entry
3. kdb_init_master, kdb_init_hist
4. kdb_get_entry, kdb_free_entry
5. kdb_put_entry
lib/kadm5/srv/svr_principal.c
1. kadm5_copy_principal
2. check_pw_reuse
3. kadm5_chpass_principal_3, kadm5_chpass_principal,
create_history_entry, free_history_entry, add_to_history,
kadm5_use_password_server, kadm5_set_use_password_server,
kadm5_launch_task
4. cleanup_key_data <<<== This is in lib/kdb/kdb_cpw.c, but is
static – Make it krb5int???
5. kadm5_setv4key_principal /* kadmind4 */
6. kadm5_create_principal, kadm5_create_principal_3,
7. kadm5_delete_principal,
8. kadm5_modify_principal
9. kadm5_get_principal, krb5_copy_key_data_contents , dup_tl_data
10. kadm5_rename_principal, kadm5_free_principal
11. kadm5_randkey_principal, kadm5_randkey_principal_3
12. kadm5_setkey_principal, kadm5_setkey_principal_3
13. kadm5_get_principal_keys
14. decrypt_key_data
15. kadm5_decrypt_key
lib/kdb/kdb_cpw.c
1. krb5_dbe_crk, krb5_dbe_ark, add_key_rnd
2. krb5_dbe_def_cpw, krb5_dbe_apw, add_key_pwd
3. cleanup_key_data <<<== see ./lib/kadm5/srv/svr_principal.c
#185 Make it krb5int???
4. krb5_db_get_key_data_kvno
lib/kadm5/alt_prof.c
1. kadm5_get_admin_service_name, kadm5_get_config_params
krb5_aprof_finish krb5_aprof_init string_to_boolean krb5_aprof_getvals
krb5_aprof_get_boolean krb5_aprof_get_string krb5_aprof_get_deltat
krb5_aprof_get_int32 kadm5_free_config_params, get_port_param
get_string_param copy_key_salt_tuple get_deltat_param
2. krb5_read_realm_params krb5_free_realm_params
krb5_aprof_get_string_all krb5_match_config_pattern
lib/kadm5/misc_free.c - depends on kfree status
1. kadm5_free_policy_ent, kadm5_free_name_list
2. krb5_free_key_data_contents , kadm5_free_key_data
3. kadm5_free_principal_ent
lib/krb5/krb/enc_helper.c
1. krb5_encrypt_keyhelper
2. krb5_encrypt_helper
lib/krb5/krb/gic_keytab.c
1. krb5_get_init_creds_keytab
2. krb5_get_in_tkt_with_keytab
3. get_as_key_keytab
lib/krb5/krb/authdata.c
1. krb5_authdata_context_init, krb5int_authdata_verify,
krb5_authdata_context_free, krb5_authdata_export_authdata (diff in
gss_krb5_export_lucid_sec_context) k5_get_kdc_issued_authdata,
k5_ad_module_count, k5_ad_init_modules
2. krb5_authdata_export_attributes,
3. krb5_authdata_export_internal
4. krb5_authdata_free_internal
5. krb5_authdata_context_copy, k5_copy_ad_module_data
6. krb5_authdata_context_size, k5_ad_size
7. krb5_authdata_context_internalize,
8. krb5_authdata_context_externalize
9. krb5_ser_authdata_context_init
10. k5_ad_find_module
11. k5_ad_externalize,
12. krb5_authdata_import_attributes, k5_ad_internalize
13. krb5_authdata_get_attribute_types, k5_merge_data_list
14. krb5_authdata_get_attribute
15. krb5_authdata_set_attribute
16. krb5_authdata_delete_attribute
lib/krb5/krb/pac.c
1. krb5_pac_verify, k5_pac_validate_client ,
k5_pac_verify_server_checksum, k5_pac_zero_signature,
k5_pac_verify_kdc_checksum, k5_time_to_seconds_since_1970
2. krb5int_pac_sign, k5_insert_client_info
3. krb5_pac_add_buffer, k5_pac_add_buffer
4. krb5_pac_free, krb5_pac_init
5. krb5_pac_get_buffer, k5_pac_locate_buffer
6. krb5_pac_get_types
7. krb5_pac_parse
8. mspac_xxx - PAC auth data attribute backend, k5_pac_copy
lib/krb5/krb/get_creds.c
1. krb5_validate_or_renew_creds, krb5_get_validated_creds,
krb5_get_renewed_creds
2. krb5int_construct_matching_creds, krb5_get_credentials
3. krb5_get_credentials_val_renew_core,
krb5_get_credentials_validate, krb5_get_credentials_renew
lib/crypto/krb/verify_checksum.c
1. krb5_c_verify_checksum
2. krb5_k_verify_checksum
lib/crypto/krb/decrypt.c
1. krb5_c_decrypt
2. krb5_k_decrypt
lib/crypto/krb/encrypt.c
1. krb5_k_encrypt
2. krb5_c_encrypt
lib/krb5/krb/kerrs.c
1. krb5_clear_error_message
2. krb5_free_error_message, krb5_get_error_message
3. krb5_set_error_message
4. krb5_copy_error_message
5. krb5_set_error_message_fl
lib/crypto/krb/make_checksum.c
1. krb5_k_make_checksum
2. krb5_c_make_checksum
lib/gssapi/mechglue/g_glue.c
1. gssint_export_internal_name, gssint_import_internal_name,
gssint_display_internal_name, gssint_release_internal_name,
gssint_delete_internal_sec_context
2. gssint_convert_name_to_union_name
3. gssint_create_copy_buffer
4. gssint_get_mechanism_cred
5. gssint_get_mech_type, gssint_get_mech_type_oid
6. gssint_get_der_length
7. gssint_put_der_length gssint_der_length_size
lib/gssapi/mechglue/g_seal.c
1. gss_wrap, gss_seal, val_wrap_args
2. gssint_wrap_size_limit_iov_shim, gss_wrap_size_limit
lib/krb5/krb/kfree.c - ?
lib/krb5/krb/str_conv.c
1. krb5_string_to_timestamp, krb5_string_to_salttype,
2. krb5_timestamp_to_string
3. krb5_salttype_to_string
4. krb5_timestamp_to_sfstring
5. krb5_deltat_to_string
lib/krb5/ccache/ccbase.c
1. krb5int_cc_initialize, krb5int_cc_finalize,
krb5int_cc_getops, krb5_cc_register, krb5_cc_resolve
2. krb5int_cc_typecursor_new, krb5int_cc_typecursor_next
krb5int_cc_typecursor_free
3. krb5_cc_new_unique
4. krb5_cc_move
5. krb5_cccol_lock krb5_cccol_unlock k5_cccol_force_unlock
6. k5_cc_mutex_unlock k5_cc_mutex_lock k5_cc_mutex_init
k5_cc_mutex_finish_init k5_cc_mutex_assert_unlocked
k5_cc_mutex_force_unlock
lib/krb5/os/locate_kdc.c
1. krb5_locate_kdc krb5_locate_srv_dns_1 module_callback
krb5_locate_srv_conf_1 krb5int_locate_server dns_locate_server
module_locate_server prof_locate_server
2. krb5int_grow_addrlist krb5int_free_addrlist
krb5int_add_host_to_list call_freeaddrinfo add_addrinfo_to_list
3. _krb5_use_dns_kdc maybe_use_dns _krb5_use_dns_realm
lib/kdb/kdb_convert.c
1. ulog_conv_2dbentry, set_from_utf8str, conv_princ_2db
2. find_changed_attrs, data_to_utf8str, conv_princ_2ulog,
ulog_conv_2logentry
3. ulog_free_entries
lib/crypto/krb/dk/derive.c
1. add_cached_dkey, find_cached_dkey, krb5int_derive_key
2. krb5int_derive_keyblock
3. krb5int_derive_random (test vectors.c only)
lib/kadm5/srv/server_init.c
1. kadm5_init, kadm5_init_with_creds, kadm5_init_with_password,
kadm5_init_with_skey, kadm5_destroy, dup_db_args
2. kadm5_init_iprop
3. kadm5_init_krb5_context
4. kadm5_flush
5. kadm5_unlock, kadm5_lock
6. free_db_args
lib/kadm5/clnt/client_init.c
1. kadm5_init_any, kadm5_setup_gss, kadm5_gic_iter,
kadm5_rpc_auth, kadm5_get_init_creds, kadm5_init,
kadm5_init_with_creds, kadm5_init_with_password, kadm5_init_with_skey
2. kadm5_init_krb5_context
3. kadm5_destroy
4. kadm5_lock, kadm5_unlock,
kadm5_flush,_kadm5_check_handle,kadm5_init_iprop
Thanks,
Zhanna
On Oct 28, 2009, at 11:33 AM, Zhanna Tsitkova wrote:
> Hello,
> This is the initial write-up for the Code Modularity proj. It's goal
> is to reorganize the code to simplify the construction of the code
> subsets (clients, servers, u2u etc for mobile devices, embedded
> systems etc) and, potentially, improve the quality of the code.
>
> After analyzing various approaches in the constructing of the subsets,
> we agreed that the best one is to have related functions in the
> separate files so that building these files would produce the minimal
> lib with the required functionality. It is somewhat one-function-per-
> file approach without going into extremes of literal "one function in
> one file", rather "file is a holder of the equivalent functions".
> Equivalence relation is defined in terms of reflexivity, symmetry and
> transitivity.
>
> We define two functions to be equivalent if they have the same parent.
>
> Let X1, X2, X3, ... Xn denote kerb API's and lets call them "parents".
>
> Example 1.
> Suppose that x-reference analyzer shows the following function call
> stack:
> X1 -> C1 -> B -> (A1, A2) ( i.e X1 calls C1 which calls B, which
> calls two functions A1 and A2)
> X2 -> C2 -> B -> (A1, A2)
> Then the parents are:
> X1 -----> X1
> C1 -----> X1
> X2-----> X2
> C2 -----> X2
> B -----> X1, X2 ( i.e. X1 and X2 are parents of B)
> A1-----> X1, X2
> A2-----> X1, X2
> This brings us to the conclusion that the following functions are
> equivalent and may live in three separate files: (X1,C1), (X2, C2),
> (B, A1, A2).
>
> Example 2.
> Let x-ref for X1 and X2 be the same as in example 1 and add a new API
> X3 which calls only A2. Now the parenthood is:
> X1 -----> X1
> C1 -----> X1
> X2-----> X2
> C2 -----> X2
> X3-----> X3
> B -----> X1, X2
> A1-----> X1, X2
> A2-----> X1, X2, X3
> resulting into five separate function holders (X1,C1), (X2, C2), (X3),
> (B, A1), (A2)
>
> We might consider the case when X2 and X3 are serving similar purpose.
> For example, they are client-only code. Then, we can define group, say
> G23:
> X1 -----> X1
> C1 -----> X1
> X2-----> X2
> C2 -----> X2
> X3-----> X3
> B -----> X1, G23
> A1-----> X1, G23
> A2-----> X1, G23
> so one needs four files to hold equivalent functions (X1,C1), (X2,
> C2), (X3), (B, A1, A2)
>
> Thanks,
> Zhanna
>
>
>
>
>
Zhanna Tsitkova
tsitkova at mit.edu
More information about the krbdev
mailing list