Code modularity
Ezra Peisach
epeisach at MIT.EDU
Mon Dec 7 18:18:08 EST 2009
I would think that code that logically follows from one function -
should share the same file as the generator.
One such example:
lib/krb5/os/def_realm.c
1. krb5_set_default_realm
2. krb5_get_default_realm
3. krb5_free_default_realm
4. krb5int_get_domain_realm_mapping
I would think that the krb5_get_default_realm should be paired with
krb5_free_default_realm. If you are not using the latter - you have a
memory leak. Yes you can use free on your own - but I've heard there are
issues with malloc pools on some platforms - and need to have the same
shared lib/dll do the allocation and free....
I know you are trying to break down equivalences - I think some logic
makes sense...
Also - I hope whenever you do this - private library specific header
files are used instead of dumping alot of prototypes in k5-int.h.
Ezra
Zhanna Tsitkova wrote:
> Hello,
>
> The approach that was explained in the parent message was applied to
> the src/lib files with the exclusion of the subdirectories asn1, rpc,
> crypto_tests, openssl,old,raw, unit-test. It suggests the file
> partitions as it is detailed at the end of this message. The file
> names there are followed by numbered groups of functions. Each group
> represents a candidate for a new file.
>
> Lets consider the first file as an example. File lib/krb5/krb/
> rd_req_dec.c is recommended to be divided into files to hold
> functions from group 1 and 2
>
> 1. decrypt_authenticator , krb5_rd_req_decrypt_tkt_part,
> krb5_rd_req_decoded, decode_etype_list, negotiate_etype,
> krb5_rd_req_decoded_opt krb5_rd_req_decoded_anyflag
>
> 2. krb5int_check_clockskew
>
> Apparently, group one is referred in APIs krb5_verify_init_creds,
> krb5_rd_req, krb5_recvauth, krb5_recvauth_version while group 2 - in
> krb5_get_init_creds_password, kadm5_init, krb5_rd_cred,
> krb5_change_password, kadm5_init_with_creds, krb5_rd_priv,
> krb5_set_password_using_ccache, krb5_verify_init_creds,
> krb5_set_password, krb5_rd_safe, krb5_recvauth, krb5_recvauth_version,
> kadm5_init_with_password, krb5_rd_req, kadm5_init_with_skey
>
> Even though asn1 was dropped off from the analysis in the anticipation
> of the major design reconstruction there, one can suggest the dividing
> the existing files to recognize somewhat independent parts such as
> sam, fast, srv etc.
>
> =============
>
> lib/kr lib/krb5/krb/rd_req_dec.c
>
> 1. decrypt_authenticator , krb5_rd_req_decrypt_tkt_part,
> krb5_rd_req_decoded, decode_etype_list, negotiate_etype,
> krb5_rd_req_decoded_opt krb5_rd_req_decoded_anyflag
> 2. krb5int_check_clockskew
>
> lib/krb5/krb/preauth2.c
>
> 1. krb5_init_preauth_context, krb5_free_preauth_context
> 2. krb5_preauth_supply_preauth_data
> 3. krb5_preauth_prepare_request, krb5_do_preauth_tryagain,
> krb5_preauth_request_context_init, krb5_run_preauth_plugins,
> krb5_do_preauth, pa_sam, grow_ktypes, client_data_proc, grow_pa_list
> 4. krb5_clear_preauth_context_use_counts,
> krb5_preauth_request_context_fini
> 5. pa_salt, padata2data
> 6. pa_pkinit_gen_req
> 7. pa_pkinit_parse_rep, local_kdc_cert_match
> 8. pa_enc_timestamp
> 9. pa_sam_2
> 10. pa_sam
> 11. sam_challenge_banner
> 12. pa_fx_cookie
> 13. pa_s4u_x509_user
> 14. pa_types
>
> lib/krb5/krb/get_in_tkt.c
>
> 1. krb5_libdefault_boolean, _krb5_conf_boolean,
> krb5_libdefault_string
> 2. krb5_get_init_creds, make_preauth_list,
> sort_krb5_padata_sequence, send_as_request, decrypt_as_reply,
> stash_as_reply, verify_as_reply, build_in_tkt_name
> 3. krb5_get_in_tkt, rewrite_server_realm
>
> lib/krb5/krb/copy_auth.c
>
> 1. krb5_merge_authdata, krb5_copy_authdata, krb5_copy_authdatum
> 2. krb5_decode_authdata_container, find_authdata_1,
> grow_find_authdata, krb5int_find_authdata,
> krb5_verify_authdata_kdc_issued
> 3. krb5_encode_authdata_container
> 4. krb5_make_authdata_kdc_issued
>
> lib/krb5/krb/mk_req_ext.c
>
> 1. krb5int_generate_and_save_subkey
> 2. krb5_mk_req_extended, krb5_generate_authenticator,
> make_etype_list
>
> lib/krb5/krb/init_ctx.c
>
> 1. krb5_init_context, krb5_init_secure_context,
> krb5int_init_context_kdc, krb5_free_context, init_common,
> krb5_set_default_in_tkt_ktypes, krb5_set_default_tgs_ktypes,
> krb5_set_default_tgs_enctypes, set_default_etype_var
> 2. copy_enctypes
> 3. krb5_get_permitted_enctypes, krb5_get_default_in_tkt_ktypes,
> mod_list, krb5int_parse_enctype_list, get_profile_etype_list,
> krb5_get_tgs_ktypes, krb5_is_permitted_enctype,
> krb5_is_permitted_enctype_ext, krb5_free_ktypes,
> 4. krb5_copy_context
>
> lib/krb5/krb/gic_pwd.c
>
> 1. krb5_get_init_creds_password, krb5_get_as_key_password,
> krb5_init_creds_set_password, krb5_get_in_tkt_with_password
> 2. krb5int_populate_gic_opt
>
> lib/krb5/krb/gic_opt.c
>
> 1. krb5_get_init_creds_opt_init krb5_get_init_creds_opt_alloc
> init_common krb5_get_init_creds_opt_set_tkt_life
> krb5_get_init_creds_opt_set_xxx etc. free_gic_opt_ext_preauth_data
> krb5int_gic_opte_private_free krb5_get_init_creds_opt_free
> krb5int_gic_opte_alloc krb5int_gic_opte_private_alloc
> 2. krb5int_gic_opt_to_opte krb5int_gic_opte_copy
> 3. krb5_get_init_creds_opt_set_pa add_gic_opt_ext_preauth_data
> 4. krb5_get_init_creds_opt_get_pa krb5_get_init_creds_opt_free_pa
> 5. krb5_get_init_creds_opt_set_fast_ccache_name
>
> lib/krb5/os/init_os_ctx.c
>
> 1. krb5_free_config_files, free_filespecs,
> 2. krb5_os_init_context, krb5_os_free_context,
> krb5_secure_config_files, add_kdc_config_file, os_init_paths
> 3. krb5_get_default_config_files, os_get_default_config_files,
> get_from_windows_dir, get_from_module_dir, get_from_registry,
> 4. krb5_get_profile, krb5_set_config_files
>
> lib/krb5/os/hst_realm.c
>
> 1. krb5int_clean_hostname
> 2. krb5_get_fallback_host_realm, domain_heuristic
> 3. krb5_try_realm_txt_rr
> 4. krb5int_translate_gai_error. krb5int_get_fq_local_hostname,
> krb5int_get_fq_hostname
> 5. krb5_get_host_realm
>
> lib/krb5/os/sendto_kdc.c
>
> 1. service_tcp_fd setup_connection getcurtime service_udp_fd
> service_fds krb5int_sendto krb5int_cm_call_select
> set_conn_state_msg_length start_connection kill_conn get_so_error
> maybe_send krb5int_print_addrlist
> 2. krb5_sendto_kdc check_for_svc_unavailable in_addrlist
> merge_addrlists
>
> lib/krb5/os/def_realm.c
>
> 1. krb5_set_default_realm
> 2. krb5_get_default_realm
> 3. krb5_free_default_realm
> 4. krb5int_get_domain_realm_mapping
>
> lib/crypto/krb/dk/checksum.c
>
> 1. krb5int_dk_make_checksum
> 2. krb5int_dk_make_checksum_iov
>
> lib/crypto/krb/keyhash_provider/hmac_md5.c
>
> 1. k5_hmac_md5_hash
> 2. k5_hmac_md5_hash_iov
>
> lib/crypto/krb/prng.c
>
> 1. krb5_c_random_make_octets
> 2. krb5_c_random_add_entropy, krb5_c_random_seed, entropy_estimate
> 3. krb5_c_random_os_entropy, read_entropy_from_device
> 4. krb5int_prng_init, krb5int_prng_cleanup
>
> lib/crypto/builtin/hmac.c
>
> 1. krb5int_hmac_iov, krb5int_hmac_iov_keyblock
> 2. krb5int_hmac, krb5int_hmac_keyblock
>
> lib/gssapi/krb5/krb5_gss_glue.c
>
> 1. gss_krb5_ccache_name,
> 2. krb5_gss_use_kdc_context
> 3. gss_krb5_get_tkt_flags
> 4. gss_krb5_copy_ccache, gss_krb5_set_allowable_enctypes,
> gss_krb5_set_cred_rcache
> 5. gss_krb5_export_lucid_sec_context
> 6. gss_krb5_ccache_name
> 7. gss_krb5_free_lucid_sec_context
> 8. krb5_gss_register_acceptor_identity
> 9. gsskrb5_extract_authz_data_from_sec_context
> 10. gsskrb5_extract_authtime_from_sec_context
>
> lib/kadm5/clnt/client_principal.c
>
> 1. kadm5_setkey_principal kadm5_setkey_principal_3
> 2. kadm5_chpass_principal_3 kadm5_chpass_principal
> kadm5_get_principal
> 3. kadm5_create_principal_3 kadm5_create_principal
> 4. kadm5_delete_principal
> 5. kadm5_modify_principal
> 6. kadm5_get_principal
> 7. kadm5_get_principals
> 8. kadm5_rename_principal
> 9. kadm5_setv4key_principal
> 10. kadm5_randkey_principal kadm5_randkey_principal_3
>
> lib/kadm5/srv/svr_policy.c
>
> 1. kadm5_create_policy, kadm5_create_policy_internal
> 2. kadm5_modify_policy, kadm5_modify_policy_internal
> 3. kadm5_delete_policy
> 4. kadm5_get_policy
>
> lib/kadm5/srv/server_kdb.c
>
> 1. kdb_iter_entry. kdb_iter_func
> 2. kdb_delete_entry
> 3. kdb_init_master, kdb_init_hist
> 4. kdb_get_entry, kdb_free_entry
> 5. kdb_put_entry
>
> lib/kadm5/srv/svr_principal.c
>
> 1. kadm5_copy_principal
> 2. check_pw_reuse
> 3. kadm5_chpass_principal_3, kadm5_chpass_principal,
> create_history_entry, free_history_entry, add_to_history,
> kadm5_use_password_server, kadm5_set_use_password_server,
> kadm5_launch_task
> 4. cleanup_key_data <<<== This is in lib/kdb/kdb_cpw.c, but is
> static – Make it krb5int???
> 5. kadm5_setv4key_principal /* kadmind4 */
> 6. kadm5_create_principal, kadm5_create_principal_3,
> 7. kadm5_delete_principal,
> 8. kadm5_modify_principal
> 9. kadm5_get_principal, krb5_copy_key_data_contents , dup_tl_data
> 10. kadm5_rename_principal, kadm5_free_principal
> 11. kadm5_randkey_principal, kadm5_randkey_principal_3
> 12. kadm5_setkey_principal, kadm5_setkey_principal_3
> 13. kadm5_get_principal_keys
> 14. decrypt_key_data
> 15. kadm5_decrypt_key
>
> lib/kdb/kdb_cpw.c
>
> 1. krb5_dbe_crk, krb5_dbe_ark, add_key_rnd
> 2. krb5_dbe_def_cpw, krb5_dbe_apw, add_key_pwd
> 3. cleanup_key_data <<<== see ./lib/kadm5/srv/svr_principal.c
> #185 Make it krb5int???
> 4. krb5_db_get_key_data_kvno
>
> lib/kadm5/alt_prof.c
>
> 1. kadm5_get_admin_service_name, kadm5_get_config_params
> krb5_aprof_finish krb5_aprof_init string_to_boolean krb5_aprof_getvals
> krb5_aprof_get_boolean krb5_aprof_get_string krb5_aprof_get_deltat
> krb5_aprof_get_int32 kadm5_free_config_params, get_port_param
> get_string_param copy_key_salt_tuple get_deltat_param
> 2. krb5_read_realm_params krb5_free_realm_params
> krb5_aprof_get_string_all krb5_match_config_pattern
>
> lib/kadm5/misc_free.c - depends on kfree status
>
> 1. kadm5_free_policy_ent, kadm5_free_name_list
> 2. krb5_free_key_data_contents , kadm5_free_key_data
> 3. kadm5_free_principal_ent
>
> lib/krb5/krb/enc_helper.c
>
> 1. krb5_encrypt_keyhelper
> 2. krb5_encrypt_helper
>
> lib/krb5/krb/gic_keytab.c
>
> 1. krb5_get_init_creds_keytab
> 2. krb5_get_in_tkt_with_keytab
> 3. get_as_key_keytab
>
> lib/krb5/krb/authdata.c
> 1. krb5_authdata_context_init, krb5int_authdata_verify,
> krb5_authdata_context_free, krb5_authdata_export_authdata (diff in
> gss_krb5_export_lucid_sec_context) k5_get_kdc_issued_authdata,
> k5_ad_module_count, k5_ad_init_modules
> 2. krb5_authdata_export_attributes,
> 3. krb5_authdata_export_internal
> 4. krb5_authdata_free_internal
> 5. krb5_authdata_context_copy, k5_copy_ad_module_data
> 6. krb5_authdata_context_size, k5_ad_size
> 7. krb5_authdata_context_internalize,
> 8. krb5_authdata_context_externalize
> 9. krb5_ser_authdata_context_init
> 10. k5_ad_find_module
> 11. k5_ad_externalize,
> 12. krb5_authdata_import_attributes, k5_ad_internalize
> 13. krb5_authdata_get_attribute_types, k5_merge_data_list
> 14. krb5_authdata_get_attribute
> 15. krb5_authdata_set_attribute
> 16. krb5_authdata_delete_attribute
>
> lib/krb5/krb/pac.c
>
> 1. krb5_pac_verify, k5_pac_validate_client ,
> k5_pac_verify_server_checksum, k5_pac_zero_signature,
> k5_pac_verify_kdc_checksum, k5_time_to_seconds_since_1970
> 2. krb5int_pac_sign, k5_insert_client_info
> 3. krb5_pac_add_buffer, k5_pac_add_buffer
> 4. krb5_pac_free, krb5_pac_init
> 5. krb5_pac_get_buffer, k5_pac_locate_buffer
> 6. krb5_pac_get_types
> 7. krb5_pac_parse
> 8. mspac_xxx - PAC auth data attribute backend, k5_pac_copy
>
> lib/krb5/krb/get_creds.c
>
> 1. krb5_validate_or_renew_creds, krb5_get_validated_creds,
> krb5_get_renewed_creds
> 2. krb5int_construct_matching_creds, krb5_get_credentials
> 3. krb5_get_credentials_val_renew_core,
> krb5_get_credentials_validate, krb5_get_credentials_renew
>
> lib/crypto/krb/verify_checksum.c
>
> 1. krb5_c_verify_checksum
> 2. krb5_k_verify_checksum
>
> lib/crypto/krb/decrypt.c
>
> 1. krb5_c_decrypt
> 2. krb5_k_decrypt
>
> lib/crypto/krb/encrypt.c
>
> 1. krb5_k_encrypt
> 2. krb5_c_encrypt
>
> lib/krb5/krb/kerrs.c
>
> 1. krb5_clear_error_message
> 2. krb5_free_error_message, krb5_get_error_message
> 3. krb5_set_error_message
> 4. krb5_copy_error_message
> 5. krb5_set_error_message_fl
>
> lib/crypto/krb/make_checksum.c
>
> 1. krb5_k_make_checksum
> 2. krb5_c_make_checksum
>
> lib/gssapi/mechglue/g_glue.c
>
> 1. gssint_export_internal_name, gssint_import_internal_name,
> gssint_display_internal_name, gssint_release_internal_name,
> gssint_delete_internal_sec_context
> 2. gssint_convert_name_to_union_name
> 3. gssint_create_copy_buffer
> 4. gssint_get_mechanism_cred
> 5. gssint_get_mech_type, gssint_get_mech_type_oid
> 6. gssint_get_der_length
> 7. gssint_put_der_length gssint_der_length_size
>
> lib/gssapi/mechglue/g_seal.c
>
> 1. gss_wrap, gss_seal, val_wrap_args
> 2. gssint_wrap_size_limit_iov_shim, gss_wrap_size_limit
>
> lib/krb5/krb/kfree.c - ?
>
> lib/krb5/krb/str_conv.c
>
> 1. krb5_string_to_timestamp, krb5_string_to_salttype,
> 2. krb5_timestamp_to_string
> 3. krb5_salttype_to_string
> 4. krb5_timestamp_to_sfstring
> 5. krb5_deltat_to_string
>
> lib/krb5/ccache/ccbase.c
>
> 1. krb5int_cc_initialize, krb5int_cc_finalize,
> krb5int_cc_getops, krb5_cc_register, krb5_cc_resolve
> 2. krb5int_cc_typecursor_new, krb5int_cc_typecursor_next
> krb5int_cc_typecursor_free
> 3. krb5_cc_new_unique
> 4. krb5_cc_move
> 5. krb5_cccol_lock krb5_cccol_unlock k5_cccol_force_unlock
> 6. k5_cc_mutex_unlock k5_cc_mutex_lock k5_cc_mutex_init
> k5_cc_mutex_finish_init k5_cc_mutex_assert_unlocked
> k5_cc_mutex_force_unlock
>
> lib/krb5/os/locate_kdc.c
>
> 1. krb5_locate_kdc krb5_locate_srv_dns_1 module_callback
> krb5_locate_srv_conf_1 krb5int_locate_server dns_locate_server
> module_locate_server prof_locate_server
> 2. krb5int_grow_addrlist krb5int_free_addrlist
> krb5int_add_host_to_list call_freeaddrinfo add_addrinfo_to_list
> 3. _krb5_use_dns_kdc maybe_use_dns _krb5_use_dns_realm
>
> lib/kdb/kdb_convert.c
>
> 1. ulog_conv_2dbentry, set_from_utf8str, conv_princ_2db
> 2. find_changed_attrs, data_to_utf8str, conv_princ_2ulog,
> ulog_conv_2logentry
> 3. ulog_free_entries
>
> lib/crypto/krb/dk/derive.c
>
> 1. add_cached_dkey, find_cached_dkey, krb5int_derive_key
> 2. krb5int_derive_keyblock
> 3. krb5int_derive_random (test vectors.c only)
>
> lib/kadm5/srv/server_init.c
>
> 1. kadm5_init, kadm5_init_with_creds, kadm5_init_with_password,
> kadm5_init_with_skey, kadm5_destroy, dup_db_args
> 2. kadm5_init_iprop
> 3. kadm5_init_krb5_context
> 4. kadm5_flush
> 5. kadm5_unlock, kadm5_lock
> 6. free_db_args
>
> lib/kadm5/clnt/client_init.c
>
> 1. kadm5_init_any, kadm5_setup_gss, kadm5_gic_iter,
> kadm5_rpc_auth, kadm5_get_init_creds, kadm5_init,
> kadm5_init_with_creds, kadm5_init_with_password, kadm5_init_with_skey
> 2. kadm5_init_krb5_context
> 3. kadm5_destroy
> 4. kadm5_lock, kadm5_unlock,
> kadm5_flush,_kadm5_check_handle,kadm5_init_iprop
>
>
>
> Thanks,
>
> Zhanna
>
> On Oct 28, 2009, at 11:33 AM, Zhanna Tsitkova wrote:
>
>
>
>
>> Hello,
>> This is the initial write-up for the Code Modularity proj. It's goal
>> is to reorganize the code to simplify the construction of the code
>> subsets (clients, servers, u2u etc for mobile devices, embedded
>> systems etc) and, potentially, improve the quality of the code.
>>
>> After analyzing various approaches in the constructing of the subsets,
>> we agreed that the best one is to have related functions in the
>> separate files so that building these files would produce the minimal
>> lib with the required functionality. It is somewhat one-function-per-
>> file approach without going into extremes of literal "one function in
>> one file", rather "file is a holder of the equivalent functions".
>> Equivalence relation is defined in terms of reflexivity, symmetry and
>> transitivity.
>>
>> We define two functions to be equivalent if they have the same parent.
>>
>> Let X1, X2, X3, ... Xn denote kerb API's and lets call them "parents".
>>
>> Example 1.
>> Suppose that x-reference analyzer shows the following function call
>> stack:
>> X1 -> C1 -> B -> (A1, A2) ( i.e X1 calls C1 which calls B, which
>> calls two functions A1 and A2)
>> X2 -> C2 -> B -> (A1, A2)
>> Then the parents are:
>> X1 -----> X1
>> C1 -----> X1
>> X2-----> X2
>> C2 -----> X2
>> B -----> X1, X2 ( i.e. X1 and X2 are parents of B)
>> A1-----> X1, X2
>> A2-----> X1, X2
>> This brings us to the conclusion that the following functions are
>> equivalent and may live in three separate files: (X1,C1), (X2, C2),
>> (B, A1, A2).
>>
>> Example 2.
>> Let x-ref for X1 and X2 be the same as in example 1 and add a new API
>> X3 which calls only A2. Now the parenthood is:
>> X1 -----> X1
>> C1 -----> X1
>> X2-----> X2
>> C2 -----> X2
>> X3-----> X3
>> B -----> X1, X2
>> A1-----> X1, X2
>> A2-----> X1, X2, X3
>> resulting into five separate function holders (X1,C1), (X2, C2), (X3),
>> (B, A1), (A2)
>>
>> We might consider the case when X2 and X3 are serving similar purpose.
>> For example, they are client-only code. Then, we can define group, say
>> G23:
>> X1 -----> X1
>> C1 -----> X1
>> X2-----> X2
>> C2 -----> X2
>> X3-----> X3
>> B -----> X1, G23
>> A1-----> X1, G23
>> A2-----> X1, G23
>> so one needs four files to hold equivalent functions (X1,C1), (X2,
>> C2), (X3), (B, A1, A2)
>>
>> Thanks,
>> Zhanna
>>
>>
>>
>>
>>
>>
>
> Zhanna Tsitkova
> tsitkova at mit.edu
>
>
>
>
> _______________________________________________
> krbdev mailing list krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
>
More information about the krbdev
mailing list