diff options
author | Greg Hudson <ghudson@mit.edu> | 2011-10-15 15:35:46 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2011-10-15 15:35:46 +0000 |
commit | 249e5254d4d4cff2bda07deafc25d7d87ea5ac0f (patch) | |
tree | 1671eafde44d27a5f1ab74c78f96fa85cdad98ae /src/kdc/dispatch.c | |
parent | 5a9995350dbe2e6ab679d62e3d5074259ae2168a (diff) | |
download | krb5-249e5254d4d4cff2bda07deafc25d7d87ea5ac0f.tar.gz krb5-249e5254d4d4cff2bda07deafc25d7d87ea5ac0f.tar.xz krb5-249e5254d4d4cff2bda07deafc25d7d87ea5ac0f.zip |
Drop retransmits while processing requests
Supporting asynchronous preauth modules means that the KDC can receive
a retransmitted request before it finishes processing the initial
request. Ignore those retransmits instead of processing them.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25350 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kdc/dispatch.c')
-rw-r--r-- | src/kdc/dispatch.c | 29 |
1 files changed, 22 insertions, 7 deletions
diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c index 5f9c810e24..eeb95ff737 100644 --- a/src/kdc/dispatch.c +++ b/src/kdc/dispatch.c @@ -54,6 +54,11 @@ finish_dispatch(void *arg, krb5_error_code code, krb5_data *response) oldrespond = state->respond; oldarg = state->arg; +#ifndef NOCACHE + /* Remove our NULL cache entry to indicate request completion. */ + kdc_remove_lookaside(kdc_context, state->request); +#endif + if (state->is_tcp == 0 && response && response->length > max_dgram_reply_size) { krb5_free_data(kdc_context, response); @@ -67,7 +72,7 @@ finish_dispatch(void *arg, krb5_error_code code, krb5_data *response) #ifndef NOCACHE /* put the response into the lookaside buffer */ - else if (!code) + else if (!code && response) kdc_insert_lookaside(state->request, response); #endif @@ -104,20 +109,30 @@ dispatch(void *cb, struct sockaddr *local_saddr, const krb5_fulladdr *from, const char *name = 0; char buf[46]; - if (is_tcp != 0 || response->length <= max_dgram_reply_size) { + if (!response || is_tcp != 0 || + response->length <= max_dgram_reply_size) { name = inet_ntop (ADDRTYPE2FAMILY (from->address->addrtype), from->address->contents, buf, sizeof (buf)); if (name == 0) name = "[unknown address type]"; - krb5_klog_syslog(LOG_INFO, - "DISPATCH: repeated (retransmitted?) request " - "from %s, resending previous response", - name); + if (response) + krb5_klog_syslog(LOG_INFO, + "DISPATCH: repeated (retransmitted?) request " + "from %s, resending previous response", name); + else + krb5_klog_syslog(LOG_INFO, + "DISPATCH: repeated (retransmitted?) request " + "from %s during request processing, dropping " + "repeated request", name); } - finish_dispatch(state, 0, response); + finish_dispatch(state, response ? 0 : KRB5KDC_ERR_DISCARD, response); return; } + + /* Insert a NULL entry into the lookaside to indicate that this request + * is currently being processed. */ + kdc_insert_lookaside(pkt, NULL); #endif retval = krb5_crypto_us_timeofday(&now, &now_usec); |