* main.c: Move kdc_initialize_rcache() to kdc_util.c

	* kdc_util.c (kdc_initialize_rcache): Move kdc_initialize_rcache()
	back here since it's needed for rtest to work.  process_tgs_req()
	which is called from rtest needs to call kdc_intiialize_rcache()
	and we can't very well link rtest with main.o

	* kdc_preauth.c (verify_sam_response): Ooops.  Get rc_lifetime
	from kdc_util, since it's actually declared there.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12093 dc483132-0cff-0310-8789-dd5450dbe970

4 files changed, 59 insertions, 56 deletions

diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog
index 89520df5b..62a1f21dc 100644
--- a/src/kdc/ChangeLog
+++ b/src/kdc/ChangeLog
@@ -1,5 +1,15 @@
 2000-03-01  Tom Yu  <tlyu@mit.edu>
 
+	* main.c: Move kdc_initialize_rcache() to kdc_util.c
+
+	* kdc_util.c (kdc_initialize_rcache): Move kdc_initialize_rcache()
+	back here since it's needed for rtest to work.  process_tgs_req()
+	which is called from rtest needs to call kdc_intiialize_rcache()
+	and we can't very well link rtest with main.o
+
+	* kdc_preauth.c (verify_sam_response): Ooops.  Get rc_lifetime
+	from kdc_util, since it's actually declared there.
+
 	* configure.in: Fix --enable-kdc-replay-cache to actually default
 	to "yes".
 
diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
index cc957016b..41152f2f6 100644
--- a/src/kdc/kdc_preauth.c
+++ b/src/kdc/kdc_preauth.c
@@ -1267,17 +1267,12 @@ verify_sam_response(context, client, request, enc_tkt_reply, pa)
 #ifdef USE_RCACHE
     {
 	krb5_donot_replay rep;
-	krb5_deltat rc_lifetime;
+	extern krb5_deltat rc_lifetime;
 	/*
 	 * Verify this response came back in a timely manner.
 	 * We do this b/c otherwise very old (expunged from the rcache)
 	 * psr's would be able to be replayed.
 	 */
-	retval = krb5_rc_get_lifespan(kdc_context, kdc_rcache, &rc_lifetime);
-	if (retval) {
-	    com_err("krb5kdc", retval, "while getting rcache lifespan");
-	    goto cleanup;
-	}
 	if (timenow - psr->stime > rc_lifetime) {
 	    com_err("krb5kdc", retval = KRB5KDC_ERR_PREAUTH_FAILED,
 	    "SAM psr came back too late! -- replay attack?");
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
index a988b28cc..f5a0016b7 100644
--- a/src/kdc/kdc_util.c
+++ b/src/kdc/kdc_util.c
@@ -35,6 +35,54 @@
 #include "adm.h"
 #include "adm_proto.h"
 
+#ifdef USE_RCACHE
+static char *kdc_current_rcname = (char *) NULL;
+krb5_deltat rc_lifetime; /* See kdc_initialize_rcache() */
+#endif
+
+#ifdef USE_RCACHE
+/*
+ * initialize the replay cache.
+ */
+krb5_error_code
+kdc_initialize_rcache(kcontext, rcache_name)
+    krb5_context	kcontext;
+    char 		*rcache_name;
+{
+    krb5_error_code	retval;
+    char		*rcname;
+    char		*sname;
+
+    rcname = (rcache_name) ? rcache_name : kdc_current_rcname;
+
+    /* rc_lifetime used elsewhere to verify we're not */
+    /*  replaying really old data                     */
+    rc_lifetime = kcontext->clockskew;
+
+    if (!rcname)
+	rcname = KDCRCACHE;
+    if (!(retval = krb5_rc_resolve_full(kcontext, &kdc_rcache, rcname))) {
+	/* Recover or initialize the replay cache */
+	if (!(retval = krb5_rc_recover(kcontext, kdc_rcache)) ||
+	    !(retval = krb5_rc_initialize(kcontext,
+					  kdc_rcache,
+					  kcontext->clockskew))
+	    ) {
+	    /* Expunge the replay cache */
+	    if (!(retval = krb5_rc_expunge(kcontext, kdc_rcache))) {
+		sname = kdc_current_rcname;
+		kdc_current_rcname = strdup(rcname);
+		if (sname)
+		    free(sname);
+	    }
+	}
+	if (retval)
+	    krb5_rc_close(kcontext, kdc_rcache);
+    }
+    return(retval);
+}
+#endif
+
 /*
  * concatenate first two authdata arrays, returning an allocated replacement.
  * The replacement should be freed with krb5_free_authdata().
diff --git a/src/kdc/main.c b/src/kdc/main.c
index aca5165e7..473b902d0 100644
--- a/src/kdc/main.c
+++ b/src/kdc/main.c
@@ -60,64 +60,14 @@ void initialize_realms PROTOTYPE((krb5_context, int, char **));
 void finish_realms PROTOTYPE((char *));
 
 static int nofork = 0;
-#ifdef USE_RCACHE
-static char *kdc_current_rcname = (char *) NULL;
-#endif
 static int rkey_init_done = 0;
 
-#ifdef USE_RCACHE
-krb5_deltat rc_lifetime; /* See kdc_initialize_rcache() */
-#endif /* USE_RCACHE */
-
 #ifdef POSIX_SIGNALS
 static struct sigaction s_action;
 #endif /* POSIX_SIGNALS */
 
 #define	KRB5_KDC_MAX_REALMS	32
 
-#ifdef USE_RCACHE
-/*
- * initialize the replay cache.
- */
-krb5_error_code
-kdc_initialize_rcache(kcontext, rcache_name)
-    krb5_context	kcontext;
-    char 		*rcache_name;
-{
-    krb5_error_code	retval;
-    char		*rcname;
-    char		*sname;
-
-    rcname = (rcache_name) ? rcache_name : kdc_current_rcname;
-
-    /* rc_lifetime used elsewhere to verify we're not */
-    /*  replaying really old data                     */
-    rc_lifetime = kcontext->clockskew;
-
-    if (!rcname)
-	rcname = KDCRCACHE;
-    if (!(retval = krb5_rc_resolve_full(kcontext, &kdc_rcache, rcname))) {
-	/* Recover or initialize the replay cache */
-	if (!(retval = krb5_rc_recover(kcontext, kdc_rcache)) ||
-	    !(retval = krb5_rc_initialize(kcontext,
-					  kdc_rcache,
-					  kcontext->clockskew))
-	    ) {
-	    /* Expunge the replay cache */
-	    if (!(retval = krb5_rc_expunge(kcontext, kdc_rcache))) {
-		sname = kdc_current_rcname;
-		kdc_current_rcname = strdup(rcname);
-		if (sname)
-		    free(sname);
-	    }
-	}
-	if (retval)
-	    krb5_rc_close(kcontext, kdc_rcache);
-    }
-    return(retval);
-}
-#endif
-
 /*
  * Find the realm entry for a given realm.
  */