summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
5a99953)
Supporting asynchronous preauth modules means that the KDC can receive
a retransmitted request before it finishes processing the initial
request. Ignore those retransmits instead of processing them.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25350
dc483132-0cff-0310-8789-
dd5450dbe970
oldrespond = state->respond;
oldarg = state->arg;
oldrespond = state->respond;
oldarg = state->arg;
+#ifndef NOCACHE
+ /* Remove our NULL cache entry to indicate request completion. */
+ kdc_remove_lookaside(kdc_context, state->request);
+#endif
+
if (state->is_tcp == 0 && response &&
response->length > max_dgram_reply_size) {
krb5_free_data(kdc_context, response);
if (state->is_tcp == 0 && response &&
response->length > max_dgram_reply_size) {
krb5_free_data(kdc_context, response);
#ifndef NOCACHE
/* put the response into the lookaside buffer */
#ifndef NOCACHE
/* put the response into the lookaside buffer */
+ else if (!code && response)
kdc_insert_lookaside(state->request, response);
#endif
kdc_insert_lookaside(state->request, response);
#endif
const char *name = 0;
char buf[46];
const char *name = 0;
char buf[46];
- if (is_tcp != 0 || response->length <= max_dgram_reply_size) {
+ if (!response || is_tcp != 0 ||
+ response->length <= max_dgram_reply_size) {
name = inet_ntop (ADDRTYPE2FAMILY (from->address->addrtype),
from->address->contents, buf, sizeof (buf));
if (name == 0)
name = "[unknown address type]";
name = inet_ntop (ADDRTYPE2FAMILY (from->address->addrtype),
from->address->contents, buf, sizeof (buf));
if (name == 0)
name = "[unknown address type]";
- krb5_klog_syslog(LOG_INFO,
- "DISPATCH: repeated (retransmitted?) request "
- "from %s, resending previous response",
- name);
+ if (response)
+ krb5_klog_syslog(LOG_INFO,
+ "DISPATCH: repeated (retransmitted?) request "
+ "from %s, resending previous response", name);
+ else
+ krb5_klog_syslog(LOG_INFO,
+ "DISPATCH: repeated (retransmitted?) request "
+ "from %s during request processing, dropping "
+ "repeated request", name);
- finish_dispatch(state, 0, response);
+ finish_dispatch(state, response ? 0 : KRB5KDC_ERR_DISCARD, response);
+
+ /* Insert a NULL entry into the lookaside to indicate that this request
+ * is currently being processed. */
+ kdc_insert_lookaside(pkt, NULL);
#endif
retval = krb5_crypto_us_timeofday(&now, &now_usec);
#endif
retval = krb5_crypto_us_timeofday(&now, &now_usec);
/* replay.c */
krb5_boolean kdc_check_lookaside (krb5_data *, krb5_data **);
void kdc_insert_lookaside (krb5_data *, krb5_data *);
/* replay.c */
krb5_boolean kdc_check_lookaside (krb5_data *, krb5_data **);
void kdc_insert_lookaside (krb5_data *, krb5_data *);
+void kdc_remove_lookaside (krb5_context kcontext, krb5_data *);
void kdc_free_lookaside(krb5_context);
/* kdc_util.c */
void kdc_free_lookaside(krb5_context);
/* kdc_util.c */
Todo: quench the size of the queue...
*/
Todo: quench the size of the queue...
*/
+/* Removes the most recent cache entry for a given packet. */
+void
+kdc_remove_lookaside(krb5_context kcontext, krb5_data *inpkt)
+{
+ register krb5_kdc_replay_ent *eptr, *last;
+
+ if (!root_ptr.next)
+ return;
+
+ for (last = &root_ptr, eptr = root_ptr.next;
+ eptr;
+ last = eptr, eptr = eptr->next) {
+ if (!MATCH(eptr))
+ continue;
+
+ last->next = eptr->next;
+ krb5_free_data(kcontext, eptr->req_packet);
+ krb5_free_data(kcontext, eptr->reply_packet);
+ free(eptr);
+ return;
+ }
+}
+
/* return TRUE if outpkt is filled in with a packet to reply with,
FALSE if the caller should do the work */
/* return TRUE if outpkt is filled in with a packet to reply with,
FALSE if the caller should do the work */