diff options
| author | Greg Hudson <ghudson@mit.edu> | 2011-05-20 15:21:28 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2011-05-20 15:21:28 +0000 |
| commit | 723f909f3d532c5610aebecad83eb0601faba6d4 (patch) | |
| tree | ba4ec0030ebf2960d478b41faa8312f1bb149bde /src | |
| parent | 60fbd61b58c360679ad43aaf0bf9f7261319d168 (diff) | |
| download | krb5-723f909f3d532c5610aebecad83eb0601faba6d4.tar.gz krb5-723f909f3d532c5610aebecad83eb0601faba6d4.tar.xz krb5-723f909f3d532c5610aebecad83eb0601faba6d4.zip | |
Revert r5233 and mark get_age as deprecated in the DAL documentation.
We do not need to check reply retransmissions for staleness any more
than TCP needs to. A genuinely new request will have a different
nonce.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24936 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/kdb.h | 9 | ||||
| -rw-r--r-- | src/kdc/replay.c | 16 |
2 files changed, 6 insertions, 19 deletions
diff --git a/src/include/kdb.h b/src/include/kdb.h index 81e14e9f8..d58178801 100644 --- a/src/include/kdb.h +++ b/src/include/kdb.h @@ -831,13 +831,8 @@ typedef struct _kdb_vftabl { char **db_args); /* - * Optional: Set *age to the last modification time of the database. Used - * by the KDC lookaside cache to ensure that lookaside entries are not used - * if the database has changed since the entry was recorded. - * - * If this function is unimplemented, lookaside cache entries will - * effectively expire immediately. Another option is to supply the current - * time, which will cause lookaside cache entries to last for one second. + * Deprecated: No longer used as of krb5 1.10; can be removed in the next + * DAL revision. Modules should leave as NULL. */ krb5_error_code (*get_age)(krb5_context kcontext, char *db_name, time_t *age); diff --git a/src/kdc/replay.c b/src/kdc/replay.c index fc2a8b53b..96c84807e 100644 --- a/src/kdc/replay.c +++ b/src/kdc/replay.c @@ -34,7 +34,6 @@ typedef struct _krb5_kdc_replay_ent { struct _krb5_kdc_replay_ent *next; int num_hits; krb5_int32 timein; - time_t db_age; krb5_data *req_packet; krb5_data *reply_packet; } krb5_kdc_replay_ent; @@ -47,13 +46,11 @@ static int max_hits_per_entry = 0; static int num_entries = 0; #define STALE_TIME 2*60 /* two minutes */ -#define STALE(ptr) ((abs((ptr)->timein - timenow) >= STALE_TIME) || \ - ((ptr)->db_age != db_age)) +#define STALE(ptr) (abs((ptr)->timein - timenow) >= STALE_TIME) #define MATCH(ptr) (((ptr)->req_packet->length == inpkt->length) && \ !memcmp((ptr)->req_packet->data, inpkt->data, \ - inpkt->length) && \ - ((ptr)->db_age == db_age)) + inpkt->length)) /* XXX Todo: quench the size of the queue... */ @@ -66,10 +63,8 @@ kdc_check_lookaside(krb5_data *inpkt, krb5_data **outpkt) { krb5_int32 timenow; register krb5_kdc_replay_ent *eptr, *last, *hold; - time_t db_age; - if (krb5_timeofday(kdc_context, &timenow) || - krb5_db_get_age(kdc_context, 0, &db_age)) + if (krb5_timeofday(kdc_context, &timenow)) return FALSE; calls++; @@ -118,10 +113,8 @@ kdc_insert_lookaside(krb5_data *inpkt, krb5_data *outpkt) { register krb5_kdc_replay_ent *eptr; krb5_int32 timenow; - time_t db_age; - if (krb5_timeofday(kdc_context, &timenow) || - krb5_db_get_age(kdc_context, 0, &db_age)) + if (krb5_timeofday(kdc_context, &timenow)) return; /* this is a new entry */ @@ -129,7 +122,6 @@ kdc_insert_lookaside(krb5_data *inpkt, krb5_data *outpkt) if (!eptr) return; eptr->timein = timenow; - eptr->db_age = db_age; /* * This is going to hurt a lot malloc()-wise due to the need to * allocate memory for the krb5_data and krb5_address elements. |