From 723f909f3d532c5610aebecad83eb0601faba6d4 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Fri, 20 May 2011 15:21:28 +0000 Subject: [PATCH] Revert r5233 and mark get_age as deprecated in the DAL documentation. We do not need to check reply retransmissions for staleness any more than TCP needs to. A genuinely new request will have a different nonce. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24936 dc483132-0cff-0310-8789-dd5450dbe970 --- src/include/kdb.h | 9 ++------- src/kdc/replay.c | 16 ++++------------ 2 files changed, 6 insertions(+), 19 deletions(-) diff --git a/src/include/kdb.h b/src/include/kdb.h index 81e14e9f8..d58178801 100644 --- a/src/include/kdb.h +++ b/src/include/kdb.h @@ -831,13 +831,8 @@ typedef struct _kdb_vftabl { char **db_args); /* - * Optional: Set *age to the last modification time of the database. Used - * by the KDC lookaside cache to ensure that lookaside entries are not used - * if the database has changed since the entry was recorded. - * - * If this function is unimplemented, lookaside cache entries will - * effectively expire immediately. Another option is to supply the current - * time, which will cause lookaside cache entries to last for one second. + * Deprecated: No longer used as of krb5 1.10; can be removed in the next + * DAL revision. Modules should leave as NULL. */ krb5_error_code (*get_age)(krb5_context kcontext, char *db_name, time_t *age); diff --git a/src/kdc/replay.c b/src/kdc/replay.c index fc2a8b53b..96c84807e 100644 --- a/src/kdc/replay.c +++ b/src/kdc/replay.c @@ -34,7 +34,6 @@ typedef struct _krb5_kdc_replay_ent { struct _krb5_kdc_replay_ent *next; int num_hits; krb5_int32 timein; - time_t db_age; krb5_data *req_packet; krb5_data *reply_packet; } krb5_kdc_replay_ent; @@ -47,13 +46,11 @@ static int max_hits_per_entry = 0; static int num_entries = 0; #define STALE_TIME 2*60 /* two minutes */ -#define STALE(ptr) ((abs((ptr)->timein - timenow) >= STALE_TIME) || \ - ((ptr)->db_age != db_age)) +#define STALE(ptr) (abs((ptr)->timein - timenow) >= STALE_TIME) #define MATCH(ptr) (((ptr)->req_packet->length == inpkt->length) && \ !memcmp((ptr)->req_packet->data, inpkt->data, \ - inpkt->length) && \ - ((ptr)->db_age == db_age)) + inpkt->length)) /* XXX Todo: quench the size of the queue... */ @@ -66,10 +63,8 @@ kdc_check_lookaside(krb5_data *inpkt, krb5_data **outpkt) { krb5_int32 timenow; register krb5_kdc_replay_ent *eptr, *last, *hold; - time_t db_age; - if (krb5_timeofday(kdc_context, &timenow) || - krb5_db_get_age(kdc_context, 0, &db_age)) + if (krb5_timeofday(kdc_context, &timenow)) return FALSE; calls++; @@ -118,10 +113,8 @@ kdc_insert_lookaside(krb5_data *inpkt, krb5_data *outpkt) { register krb5_kdc_replay_ent *eptr; krb5_int32 timenow; - time_t db_age; - if (krb5_timeofday(kdc_context, &timenow) || - krb5_db_get_age(kdc_context, 0, &db_age)) + if (krb5_timeofday(kdc_context, &timenow)) return; /* this is a new entry */ @@ -129,7 +122,6 @@ kdc_insert_lookaside(krb5_data *inpkt, krb5_data *outpkt) if (!eptr) return; eptr->timein = timenow; - eptr->db_age = db_age; /* * This is going to hurt a lot malloc()-wise due to the need to * allocate memory for the krb5_data and krb5_address elements. -- 2.26.2