modification time, so that if the database is modified in
between when it receives a request and when it receives a
replay of the same request, it knows to throw away the
replay cache entry and generate a new response (since the
record in the database on which the response is based may
have been modified).
main.c (kdc_com_err_proc): Use syslog() instead of vsyslog().
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5233
dc483132-0cff-0310-8789-
dd5450dbe970
+Fri Mar 24 14:58:07 1995 <tytso@rsx-11.mit.edu>
+
+ * replay.c: The KDC replay cache needs to store the database
+ modification time, so that if the database is modified in
+ between when it receives a request and when it receives a
+ replay of the same request, it knows to throw away the
+ replay cache entry and generate a new response (since the
+ record in the database on which the response is based may
+ have been modified).
+
+ * main.c (kdc_com_err_proc): Use syslog() instead of vsyslog().
+
Sat Mar 18 18:59:45 1995 John Gilmore (gnu at toad.com)
* kerberos_v4.c: Replace STDARG_PROTOTYPES with HAVE_STDARG_H.
va_list pvar;
{
/* XXX need some way to do this better... */
-
#ifndef __STDC__
extern int vfprintf();
#endif
+ char syslogbuf[10240], tmpbuf[10240];
+
+ memset(syslogbuf, 0, sizeof(syslogbuf));
+ memset(tmpbuf, 0, sizeof(tmpbuf));
+
if (whoami) {
fputs(whoami, stderr);
fputs(": ", stderr);
}
+
if (code) {
- fputs(error_message(code), stderr);
- fputs(" ", stderr);
+ sprintf(tmpbuf, error_message(code));
+ strcat(syslogbuf, tmpbuf);
+ strcat(syslogbuf, " ");
}
+
if (format) {
- vfprintf (stderr, format, pvar);
+ vsprintf(tmpbuf, format, pvar);
+ strcat(syslogbuf, tmpbuf);
}
+
+ fprintf(stderr, syslogbuf);
putc('\n', stderr);
- /* should do this only on a tty in raw mode */
- putc('\r', stderr);
+ putc('\r', stderr); /* should do this only on a tty in raw mode */
fflush(stderr);
- if (format) {
- /* now need to frob the format a bit... */
- if (code) {
- char *nfmt;
- nfmt = malloc(strlen(format)+strlen(error_message(code))+2);
- strcpy(nfmt, error_message(code));
- strcat(nfmt, " ");
- strcat(nfmt, format);
- vsyslog(LOG_ERR, nfmt, pvar);
- } else
- vsyslog(LOG_ERR, format, pvar);
- } else {
- if (code)
- syslog(LOG_ERR, "%s", error_message(code));
- }
+
+ syslog(LOG_ERR, "%s", syslogbuf);
return;
}
struct _krb5_kdc_replay_ent *next;
int num_hits;
krb5_int32 timein;
+ time_t db_age;
krb5_data *req_packet;
krb5_data *reply_packet;
} krb5_kdc_replay_ent;
static int num_entries = 0;
#define STALE_TIME 2*60 /* two minutes */
-#define STALE(ptr) (abs((ptr)->timein - timenow) >= STALE_TIME)
+#define STALE(ptr) ((abs((ptr)->timein - timenow) >= STALE_TIME) || \
+ ((ptr)->db_age != db_age))
#define MATCH(ptr) (((ptr)->req_packet->length == inpkt->length) && \
- !memcmp((ptr)->req_packet->data, inpkt->data, inpkt->length))
+ !memcmp((ptr)->req_packet->data, inpkt->data, inpkt->length) && \
+ ((ptr)->db_age == db_age))
/* XXX
Todo: quench the size of the queue...
{
krb5_int32 timenow;
register krb5_kdc_replay_ent *eptr, *last, *hold;
+ time_t db_age;
- if (krb5_timeofday(kdc_context, &timenow))
- return FALSE;
+ if (krb5_timeofday(kdc_context, &timenow) ||
+ krb5_db_get_age(kdc_context, 0, &db_age))
+ return FALSE;
calls++;
{
register krb5_kdc_replay_ent *eptr;
krb5_int32 timenow;
+ time_t db_age;
- if (krb5_timeofday(kdc_context, &timenow))
- return;
+ if (krb5_timeofday(kdc_context, &timenow) ||
+ krb5_db_get_age(kdc_context, 0, &db_age))
+ return;
/* this is a new entry */
eptr = (krb5_kdc_replay_ent *)calloc(1, sizeof(*eptr));
if (!eptr)
return;
eptr->timein = timenow;
+ eptr->db_age = db_age;
if (krb5_copy_data(kdc_context, inpkt, &eptr->req_packet)) {
krb5_xfree(eptr);
return;