From: Theodore Tso Date: Fri, 24 Mar 1995 22:28:07 +0000 (+0000) Subject: replay.c: The KDC replay cache needs to store the database X-Git-Tag: krb5-1.0-beta5~477 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=67acd2cbf8e84362e975046704826ca93f24d6d2;p=krb5.git replay.c: The KDC replay cache needs to store the database modification time, so that if the database is modified in between when it receives a request and when it receives a replay of the same request, it knows to throw away the replay cache entry and generate a new response (since the record in the database on which the response is based may have been modified). main.c (kdc_com_err_proc): Use syslog() instead of vsyslog(). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5233 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog index 210c6d90c..cc6fd4b74 100644 --- a/src/kdc/ChangeLog +++ b/src/kdc/ChangeLog @@ -1,3 +1,15 @@ +Fri Mar 24 14:58:07 1995 + + * replay.c: The KDC replay cache needs to store the database + modification time, so that if the database is modified in + between when it receives a request and when it receives a + replay of the same request, it knows to throw away the + replay cache entry and generate a new response (since the + record in the database on which the response is based may + have been modified). + + * main.c (kdc_com_err_proc): Use syslog() instead of vsyslog(). + Sat Mar 18 18:59:45 1995 John Gilmore (gnu at toad.com) * kerberos_v4.c: Replace STDARG_PROTOTYPES with HAVE_STDARG_H. diff --git a/src/kdc/main.c b/src/kdc/main.c index 731fb373d..844903b2b 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c @@ -49,41 +49,37 @@ kdc_com_err_proc(whoami, code, format, pvar) va_list pvar; { /* XXX need some way to do this better... */ - #ifndef __STDC__ extern int vfprintf(); #endif + char syslogbuf[10240], tmpbuf[10240]; + + memset(syslogbuf, 0, sizeof(syslogbuf)); + memset(tmpbuf, 0, sizeof(tmpbuf)); + if (whoami) { fputs(whoami, stderr); fputs(": ", stderr); } + if (code) { - fputs(error_message(code), stderr); - fputs(" ", stderr); + sprintf(tmpbuf, error_message(code)); + strcat(syslogbuf, tmpbuf); + strcat(syslogbuf, " "); } + if (format) { - vfprintf (stderr, format, pvar); + vsprintf(tmpbuf, format, pvar); + strcat(syslogbuf, tmpbuf); } + + fprintf(stderr, syslogbuf); putc('\n', stderr); - /* should do this only on a tty in raw mode */ - putc('\r', stderr); + putc('\r', stderr); /* should do this only on a tty in raw mode */ fflush(stderr); - if (format) { - /* now need to frob the format a bit... */ - if (code) { - char *nfmt; - nfmt = malloc(strlen(format)+strlen(error_message(code))+2); - strcpy(nfmt, error_message(code)); - strcat(nfmt, " "); - strcat(nfmt, format); - vsyslog(LOG_ERR, nfmt, pvar); - } else - vsyslog(LOG_ERR, format, pvar); - } else { - if (code) - syslog(LOG_ERR, "%s", error_message(code)); - } + + syslog(LOG_ERR, "%s", syslogbuf); return; } diff --git a/src/kdc/replay.c b/src/kdc/replay.c index 05f070e75..1ec38a35a 100644 --- a/src/kdc/replay.c +++ b/src/kdc/replay.c @@ -33,6 +33,7 @@ typedef struct _krb5_kdc_replay_ent { struct _krb5_kdc_replay_ent *next; int num_hits; krb5_int32 timein; + time_t db_age; krb5_data *req_packet; krb5_data *reply_packet; } krb5_kdc_replay_ent; @@ -45,10 +46,12 @@ static int max_hits_per_entry = 0; static int num_entries = 0; #define STALE_TIME 2*60 /* two minutes */ -#define STALE(ptr) (abs((ptr)->timein - timenow) >= STALE_TIME) +#define STALE(ptr) ((abs((ptr)->timein - timenow) >= STALE_TIME) || \ + ((ptr)->db_age != db_age)) #define MATCH(ptr) (((ptr)->req_packet->length == inpkt->length) && \ - !memcmp((ptr)->req_packet->data, inpkt->data, inpkt->length)) + !memcmp((ptr)->req_packet->data, inpkt->data, inpkt->length) && \ + ((ptr)->db_age == db_age)) /* XXX Todo: quench the size of the queue... @@ -64,9 +67,11 @@ register krb5_data **outpkt; { krb5_int32 timenow; register krb5_kdc_replay_ent *eptr, *last, *hold; + time_t db_age; - if (krb5_timeofday(kdc_context, &timenow)) - return FALSE; + if (krb5_timeofday(kdc_context, &timenow) || + krb5_db_get_age(kdc_context, 0, &db_age)) + return FALSE; calls++; @@ -116,15 +121,18 @@ register krb5_data *outpkt; { register krb5_kdc_replay_ent *eptr; krb5_int32 timenow; + time_t db_age; - if (krb5_timeofday(kdc_context, &timenow)) - return; + if (krb5_timeofday(kdc_context, &timenow) || + krb5_db_get_age(kdc_context, 0, &db_age)) + return; /* this is a new entry */ eptr = (krb5_kdc_replay_ent *)calloc(1, sizeof(*eptr)); if (!eptr) return; eptr->timein = timenow; + eptr->db_age = db_age; if (krb5_copy_data(kdc_context, inpkt, &eptr->req_packet)) { krb5_xfree(eptr); return;