Freeing memory when in a loop - Kerberos

This is a discussion on Freeing memory when in a loop - Kerberos ; The following code is in a loop, running periodically to see if Credential needs to be renewed (a lot of code is left out to make this easier to peruse): code = krb5_init_context( &context ); code = krb5_cc_default( context, &ccache ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Freeing memory when in a loop

  1. Freeing memory when in a loop

    The following code is in a loop, running periodically to see if
    Credential needs to be renewed (a lot of code is left out to make this
    easier to peruse):

    code = krb5_init_context( &context );
    code = krb5_cc_default( context, &ccache );
    code = krb5_cc_start_seq_get( context, ccache, &cursor);
    while ( 1 )
    {
    code = krb5_cc_next_cred( context, ccache, &cursor,
    &curCred );
    if ( code == KRB5_CC_END ) break;
    code = krb5_unparse_name( context, curCred.server,
    &principalName);
    if ( strncmp ( principalName, "krbtgt", 6 ) == 0 )
    {
    krb5_timeofday( context, &tNow );
    tStart = curCred.times.starttime;
    tEnd = curCred.times.endtime;
    }
    free( principalName );
    free( cursor );
    krb5_free_creds( context, &curCred );
    }
    code = krb5_cc_end_seq_get
    if ( ( ( tEnd - tStart ) / 4 > tEnd - tNow ) || ( tEnd < tNow )
    )
    {
    code = krb5_parse_name( context, (char *)kuser,
    &principal );
    krb5_cc_initialize( context, ccache, principal );
    krb5_build_principal( context, &tgs, ..., ..., ..., ...,
    NULL);
    myCreds.client = principal;
    myCreds.server = tgs;
    krb5_get_init_creds_opt_init( &options );
    code = krb5_get_init_creds_password(context, &myCreds,
    ...., ..., 0, 0, 0, 0, &options);
    krb5_cc_store_cred( context, ccache, &myCreds );
    }
    if (( ! code ))
    {
    krb5_free_creds( context, &myCreds );
    krb5_free_principal( context, tgs );
    krb5_free_principal( context, principal );
    krb5_free_context( context );
    }

    This whole loop is run periodically to insure a batch job doesn't loose
    it's credential if it runs longer than maximum Credential lifetime.

    I know keytabs might work better here, but Kerberos admins don't want to
    have to maintain them on the KDC. This is a personal workaround.

    It looks like it's not freeing memory correctly because job memory
    continually grows throughout job execution. Any ideas on what krb5_free
    calls I've missed?

    What would be a good recommendation on a Kerberos programming book that
    would cover this topic?

    Thanks.

    ----
    Not all who wander are lost.

    | ---- ___o | chuck.keagle@boeing.com
    Chuck Keagle | ------- \ <, | Work: (425) 865-1488
    Enterprise Servers: HPC | ----- ( )/ ( ) | Cell: (425) 417-3434
    http://card.web.boeing.com/Webcard.cfm?id=73990
    <>

    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos

  2. Re: Freeing memory when in a loop

    >The following code is in a loop, running periodically to see if
    >Credential needs to be renewed (a lot of code is left out to make this
    >easier to peruse):
    >[...]

    > free( principalName );
    > free( cursor );
    > krb5_free_creds( context, &curCred );

    I don't believe you can call free() on cursor ... it might contain
    stuff that points to other items (although it seems that in the file
    cache case, it does not). I thought the only way to free a cursor was
    to call krb5_cc_end_seq_get() (which you do down below, so I'm
    surprised there isn't something complaining about a double-free).

    > if (( ! code ))
    > {
    > krb5_free_creds( context, &myCreds );
    > krb5_free_principal( context, tgs );
    > krb5_free_principal( context, principal );
    > krb5_free_context( context );
    > }

    I think, no matter what ... you want to at least free myCreds, don't you?
    And if you're calling krb5_init_context again, then you want to always
    free it.

    >What would be a good recommendation on a Kerberos programming book that
    >would cover this topic?

    Sigh, I think we're all in the wilderness here. It looks like you've got
    most of it, though.

    --Ken
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos

  3. RE: Freeing memory when in a loop

    In the LDAP world there is the book referred to as the LDAP Bible,
    "Understanding and Developing LDAP Directory Services."

    When looking on the net, I see "Kerberos: The Definitive Guide",
    "Kerberos: A Network Authentication System", "Hundestammvater Und
    Kerberos", and "Iseries Access for Windows V5r2 Hot topics". I'm
    thinking the first two might help get ones feet wet. Which seems better
    to most?

    Thanks for pointing out the double free possibility. I hadn't picked up
    on it yet and removed the free(cursor) call in an inner loop to let
    krb5_cc_end_seq_get() take care of it after having been used more than
    once depending on how many cached entries there are. My original intent
    was that it needed to be done after each use.

    ----
    Not all who wander are lost.

    | ---- ___o | chuck.keagle@boeing.com
    Chuck Keagle | ------- \ <, | Work: (425) 865-1488
    Enterprise Servers: HPC | ----- ( )/ ( ) | Cell: (425) 417-3434
    http://card.web.boeing.com/Webcard.cfm?id=73990


    > -----Original Message-----
    > From: Ken Hornstein [mailto:kenh@cmf.nrl.navy.mil]
    > Sent: Thursday, November 09, 2006 8:08 AM
    > To: Keagle, Chuck
    > Cc: kerberos@mit.edu
    > Subject: Re: Freeing memory when in a loop
    >
    > >The following code is in a loop, running periodically to see if
    > >Credential needs to be renewed (a lot of code is left out to
    > make this
    > >easier to peruse):
    > >[...]
    >
    > > free( principalName );
    > > free( cursor );
    > > krb5_free_creds( context, &curCred );
    >
    > I don't believe you can call free() on cursor ... it might
    > contain stuff that points to other items (although it seems
    > that in the file cache case, it does not). I thought the
    > only way to free a cursor was to call krb5_cc_end_seq_get()
    > (which you do down below, so I'm surprised there isn't
    > something complaining about a double-free).
    >
    > > if (( ! code ))
    > > {
    > > krb5_free_creds( context, &myCreds );
    > > krb5_free_principal( context, tgs );
    > > krb5_free_principal( context, principal );
    > > krb5_free_context( context );
    > > }
    >
    > I think, no matter what ... you want to at least free
    > myCreds, don't you?
    > And if you're calling krb5_init_context again, then you want
    > to always free it.
    >
    > >What would be a good recommendation on a Kerberos
    > programming book that
    > >would cover this topic?
    >
    > Sigh, I think we're all in the wilderness here. It looks
    > like you've got most of it, though.
    >
    > --Ken
    >

    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos

+ Reply to Thread
« Re: JGSS: Integrity check on decrypted field failed (31) | Help with GSSAPI error message »