diff options
author | Theodore Tso <tytso@mit.edu> | 1995-03-24 22:28:07 +0000 |
---|---|---|
committer | Theodore Tso <tytso@mit.edu> | 1995-03-24 22:28:07 +0000 |
commit | 67acd2cbf8e84362e975046704826ca93f24d6d2 (patch) | |
tree | 0df859861e874193eaf351959f62b8aee744e4e7 /src/kdc/replay.c | |
parent | 19d0adf1a7b57bcccf42d74a4d1f7f27f0733f83 (diff) | |
download | krb5-67acd2cbf8e84362e975046704826ca93f24d6d2.tar.gz krb5-67acd2cbf8e84362e975046704826ca93f24d6d2.tar.xz krb5-67acd2cbf8e84362e975046704826ca93f24d6d2.zip |
replay.c: The KDC replay cache needs to store the database
modification time, so that if the database is modified in
between when it receives a request and when it receives a
replay of the same request, it knows to throw away the
replay cache entry and generate a new response (since the
record in the database on which the response is based may
have been modified).
main.c (kdc_com_err_proc): Use syslog() instead of vsyslog().
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5233 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kdc/replay.c')
-rw-r--r-- | src/kdc/replay.c | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/src/kdc/replay.c b/src/kdc/replay.c index 05f070e75f..1ec38a35a8 100644 --- a/src/kdc/replay.c +++ b/src/kdc/replay.c @@ -33,6 +33,7 @@ typedef struct _krb5_kdc_replay_ent { struct _krb5_kdc_replay_ent *next; int num_hits; krb5_int32 timein; + time_t db_age; krb5_data *req_packet; krb5_data *reply_packet; } krb5_kdc_replay_ent; @@ -45,10 +46,12 @@ static int max_hits_per_entry = 0; static int num_entries = 0; #define STALE_TIME 2*60 /* two minutes */ -#define STALE(ptr) (abs((ptr)->timein - timenow) >= STALE_TIME) +#define STALE(ptr) ((abs((ptr)->timein - timenow) >= STALE_TIME) || \ + ((ptr)->db_age != db_age)) #define MATCH(ptr) (((ptr)->req_packet->length == inpkt->length) && \ - !memcmp((ptr)->req_packet->data, inpkt->data, inpkt->length)) + !memcmp((ptr)->req_packet->data, inpkt->data, inpkt->length) && \ + ((ptr)->db_age == db_age)) /* XXX Todo: quench the size of the queue... @@ -64,9 +67,11 @@ register krb5_data **outpkt; { krb5_int32 timenow; register krb5_kdc_replay_ent *eptr, *last, *hold; + time_t db_age; - if (krb5_timeofday(kdc_context, &timenow)) - return FALSE; + if (krb5_timeofday(kdc_context, &timenow) || + krb5_db_get_age(kdc_context, 0, &db_age)) + return FALSE; calls++; @@ -116,15 +121,18 @@ register krb5_data *outpkt; { register krb5_kdc_replay_ent *eptr; krb5_int32 timenow; + time_t db_age; - if (krb5_timeofday(kdc_context, &timenow)) - return; + if (krb5_timeofday(kdc_context, &timenow) || + krb5_db_get_age(kdc_context, 0, &db_age)) + return; /* this is a new entry */ eptr = (krb5_kdc_replay_ent *)calloc(1, sizeof(*eptr)); if (!eptr) return; eptr->timein = timenow; + eptr->db_age = db_age; if (krb5_copy_data(kdc_context, inpkt, &eptr->req_packet)) { krb5_xfree(eptr); return; |