+Tue Jul 21 20:29:38 1998 Tom Yu <tlyu@mit.edu>
+
+ * replay.c (kdc_check_lookaside):
+ (kdc_insert_lookaside): Add code to originating address of packet,
+ as krb4 initial ticket requests don't contain an address. This
+ would cause a subtle problem wherein two simultaneous krb4 initial
+ ticket requests for the same principal originating from different
+ addresses would result in both replies containing the same
+ address.
+
+ * kdc_util.h: Modify prototype for lookaside functions.
+
+ * dispatch.c (dispatch): Update to new calling conventions of the
+ lookaside functions.
+
Wed Jul 15 18:32:07 1998 Tom Yu <tlyu@mit.edu>
* configure.in: Add CHECK_SIGNALS so that POSIX_SIGNALS gets
/* decode incoming packet, and dispatch */
/* try the replay lookaside buffer */
- if (kdc_check_lookaside(pkt, response)) {
+ if (kdc_check_lookaside(pkt, from, response)) {
/* a hit! */
krb5_klog_syslog(LOG_INFO, "DISPATCH: replay found and re-transmitted");
return 0;
retval = KRB5KRB_AP_ERR_MSG_TYPE;
/* put the response into the lookaside buffer */
if (!retval)
- kdc_insert_lookaside(pkt, *response);
+ kdc_insert_lookaside(pkt, from, *response);
return retval;
}
time_t db_age;
krb5_data *req_packet;
krb5_data *reply_packet;
+ krb5_address *addr; /* XXX should these not be pointers? */
} krb5_kdc_replay_ent;
static krb5_kdc_replay_ent root_ptr = {0};
static int num_entries = 0;
#define STALE_TIME 2*60 /* two minutes */
-#define STALE(ptr) ((abs((ptr)->timein - timenow) >= STALE_TIME) || \
+#define STALE(ptr) ((abs((ptr)->timein - timenow) >= STALE_TIME) || \
((ptr)->db_age != db_age))
-#define MATCH(ptr) (((ptr)->req_packet->length == inpkt->length) && \
- !memcmp((ptr)->req_packet->data, inpkt->data, inpkt->length) && \
+#define MATCH(ptr) (((ptr)->req_packet->length == inpkt->length) && \
+ !memcmp((ptr)->req_packet->data, inpkt->data, \
+ inpkt->length) && \
+ ((ptr)->addr->length == from->address->length) && \
+ !memcmp((ptr)->addr->contents, from->address, \
+ from->address->length)&& \
((ptr)->db_age == db_age))
-
/* XXX
Todo: quench the size of the queue...
*/
FALSE if the caller should do the work */
krb5_boolean
-kdc_check_lookaside(inpkt, outpkt)
-register krb5_data *inpkt;
-register krb5_data **outpkt;
+kdc_check_lookaside(inpkt, from, outpkt)
+ register krb5_data *inpkt;
+ register krb5_fulladdr *from;
+ register krb5_data **outpkt;
{
krb5_int32 timenow;
register krb5_kdc_replay_ent *eptr, *last, *hold;
if (krb5_timeofday(kdc_context, &timenow) ||
krb5_db_get_age(kdc_context, 0, &db_age))
- return FALSE;
+ return FALSE;
calls++;
max_hits_per_entry = max(max_hits_per_entry, eptr->num_hits);
krb5_free_data(kdc_context, eptr->req_packet);
krb5_free_data(kdc_context, eptr->reply_packet);
+ krb5_free_address(kdc_context, eptr->addr);
hold = eptr;
last->next = eptr->next;
eptr = last;
already there, and can fail softly due to other weird errors. */
void
-kdc_insert_lookaside(inpkt, outpkt)
-register krb5_data *inpkt;
-register krb5_data *outpkt;
+kdc_insert_lookaside(inpkt, from, outpkt)
+ register krb5_data *inpkt;
+ register krb5_fulladdr *from;
+ register krb5_data *outpkt;
{
register krb5_kdc_replay_ent *eptr;
krb5_int32 timenow;
if (krb5_timeofday(kdc_context, &timenow) ||
krb5_db_get_age(kdc_context, 0, &db_age))
- return;
+ return;
/* this is a new entry */
eptr = (krb5_kdc_replay_ent *)calloc(1, sizeof(*eptr));
return;
eptr->timein = timenow;
eptr->db_age = db_age;
+ /*
+ * This is going to hurt a lot malloc()-wise due to the need to
+ * allocate memory for the krb5_data and krb5_address elements.
+ * ARGH!
+ */
if (krb5_copy_data(kdc_context, inpkt, &eptr->req_packet)) {
free(eptr);
return;
free(eptr);
return;
}
+ if (krb5_copy_addr(kdc_context, from->address, &eptr->addr)) {
+ krb5_free_data(kdc_context, eptr->req_packet);
+ krb5_free_data(kdc_context, eptr->reply_packet);
+ free(eptr);
+ return;
+ }
eptr->next = root_ptr.next;
root_ptr.next = eptr;
num_entries++;
projects / krb5.git / commitdiff