Project review: GSS credential store extensions
Simo Sorce
simo at redhat.com
Thu Jul 12 15:22:56 EDT 2012
On Thu, 2012-07-12 at 12:43 -0400, Sam Hartman wrote:
> >>>>> "Greg" == Greg Hudson <ghudson at MIT.EDU> writes:
>
> Ok. Well, add me to Nico in the strong disagreement camp here. If it
> were just the buffers, I would agree with you.
> I'm actually a bit puzzled about why you're bringing up buffers though;
> this structure does not include buffers.
>
> My concern is the array
> of pointers to buffers and what happens when you want to try and
> manipulate them. My experience with memory management for oid sets
> suggests this is an area where even in non-performance-sensitive areas
> it gets really messy.
>
> Even if Nico and I aren't able to build a consensus in favor of a better
> memory management approach, I think it's critical that we document the
> assumptions of this approach. Namely, you cannot free a cred_set you
> didn't allocate. You cannot manipulate one; you must copy to manipulate.
In my view the cred_store is not something you manipulate within gssapi,
it's a configuration store for credential, not a 'communication means'.
So leaving memory management to the application seem quite reasonable
and safe.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the krbdev
mailing list