Services4User review

Luke Howard lukeh at
Fri Sep 11 08:47:38 EDT 2009

>  * I wasn't sure what the get_in_tkt.c changes were for.  They relate
> to changing the server name for referrals in an as-req, which seems  
> only
> peripherally related to S4U at most.

s4u_identify_user() will fail to chase referrals without this change.

>  * I wasn't able to intuit what "gcvt" was supposed to stand for, even
> after you added the comment to krb5int_send_tgs.


>  * There's some mech logic in s4u_gss_glue.c (conversion between OID
> membership in a list and prerfc_mech/rfc_mech flags) which appears  
> to be
> common with acquire_cred.c and should be factored out.

Presently not fixed.

>  * Going forward, the preferred pattern for handling output parameters
> is to (1) initialize them to NULL (or something appropriate for
> non-pointer types), and (2) not touch them after that until a  
> successful
> return is guaranteed.  This facilitates static analysis tools like
> Coverity in determining the correspondence between return values and
> allocation of return pointers.


>  * In future work, please briefly document the purpose of new internal
> functions with a comment above the function definition.


-- Luke

More information about the krbdev mailing list