Questions about iter check in profile_iterator()

Greg Hudson ghudson at
Wed Jan 14 13:09:07 EST 2015

On 01/13/2015 01:45 AM, Shawn M Emery wrote:
> We may want to change other functions like krb5_425_conv_principal if 
> this is the intended conditional.

I need to amend my previous answer on this.

When the iteration has finished, profile_iterator() returns 0 with
*iter_p, *ret_name, and *ret_value all set to NULL.
krb5_425_conv_principal() detects this at line 290 and breaks out of the
loop.  The code quoted in this post's original thread doesn't do that,
instead continuing on to call profile_iterator() once again with a null

I don't think a change to krb5_425_conv_principal() is warranted.  There
are several ways to correctly terminate a profile iteration loop and it
uses one of them.  If I were writing an iteration loop myself, I would
probably write:

    for (;;) {
        ret = profile_iterator(&state, &name, &value);
        if (ret)
            goto cleanup; /* ... or otherwise handle the error */
        if (name == NULL)
        /* Do stuff with name and value. */

I will submit a pull request to restore the 1.9 behavior of
profile_iterator() on a null *iter_p, but correct calling code should
not be relying on that behavior.

More information about the krbdev mailing list