Merge remote-tracking branch 'upstream/master' into krbldap

aadamowski · Jan 29, 2012 · dee5302 · dee5302
2 parents 8abbe1f + 18e3031
commit dee5302
Show file tree

Hide file tree

Showing 8 changed files with 1,439 additions and 1,781 deletions.
diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c
@@ -44,23 +44,14 @@ struct dispatch_state {
 };
 
 static void
-finish_dispatch(void *arg, krb5_error_code code, krb5_data *response)
+finish_dispatch(struct dispatch_state *state, krb5_error_code code,
+                krb5_data *response)
 {
-    struct dispatch_state *state = arg;
-    loop_respond_fn oldrespond;
-    void *oldarg;
-
-    assert(state);
-    oldrespond = state->respond;
-    oldarg = state->arg;
-
-#ifndef NOCACHE
-    /* Remove our NULL cache entry to indicate request completion. */
-    kdc_remove_lookaside(kdc_context, state->request);
-#endif
+    loop_respond_fn oldrespond = state->respond;
+    void *oldarg = state->arg;
 
     if (state->is_tcp == 0 && response &&
-        response->length > max_dgram_reply_size) {
+        response->length > (unsigned int)max_dgram_reply_size) {
         krb5_free_data(kdc_context, response);
         response = NULL;
         code = make_too_big_error(&response);
@@ -70,14 +61,27 @@ finish_dispatch(void *arg, krb5_error_code code, krb5_data *response)
                              error_message(code));
     }
 
+    free(state);
+    (*oldrespond)(oldarg, code, response);
+}
+
+static void
+finish_dispatch_cache(void *arg, krb5_error_code code, krb5_data *response)
+{
+    struct dispatch_state *state = arg;
+
 #ifndef NOCACHE
-    /* put the response into the lookaside buffer */
-    else if (!code && response)
+    /* Remove the null cache entry unless we actually want to discard this
+     * request. */
+    if (code != KRB5KDC_ERR_DISCARD)
+        kdc_remove_lookaside(kdc_context, state->request);
+
+    /* Put the response into the lookaside buffer (if we produced one). */
+    if (code == 0 && response != NULL)
         kdc_insert_lookaside(state->request, response);
 #endif
 
-    free(state);
-    (*oldrespond)(oldarg, code, response);
+    finish_dispatch(state, code, response);
 }
 
 void
@@ -110,22 +114,19 @@ dispatch(void *cb, struct sockaddr *local_saddr,
         const char *name = 0;
         char buf[46];
 
-        if (!response || is_tcp != 0 ||
-            response->length <= max_dgram_reply_size) {
-            name = inet_ntop (ADDRTYPE2FAMILY (from->address->addrtype),
-                              from->address->contents, buf, sizeof (buf));
-            if (name == 0)
-                name = "[unknown address type]";
-            if (response)
-                krb5_klog_syslog(LOG_INFO,
-                                 "DISPATCH: repeated (retransmitted?) request "
-                                 "from %s, resending previous response", name);
-            else
-                krb5_klog_syslog(LOG_INFO,
-                                 "DISPATCH: repeated (retransmitted?) request "
-                                 "from %s during request processing, dropping "
-                                 "repeated request", name);
-        }
+        name = inet_ntop (ADDRTYPE2FAMILY (from->address->addrtype),
+                          from->address->contents, buf, sizeof (buf));
+        if (name == 0)
+            name = "[unknown address type]";
+        if (response)
+            krb5_klog_syslog(LOG_INFO,
+                             "DISPATCH: repeated (retransmitted?) request "
+                             "from %s, resending previous response", name);
+        else
+            krb5_klog_syslog(LOG_INFO,
+                             "DISPATCH: repeated (retransmitted?) request "
+                             "from %s during request processing, dropping "
+                             "repeated request", name);
 
         finish_dispatch(state, response ? 0 : KRB5KDC_ERR_DISCARD, response);
         return;
@@ -167,7 +168,7 @@ dispatch(void *cb, struct sockaddr *local_saddr,
              * process_as_req frees the request if it is called
              */
             if (!(retval = setup_server_realm(as_req->server))) {
-                process_as_req(as_req, pkt, from, vctx, finish_dispatch,
+                process_as_req(as_req, pkt, from, vctx, finish_dispatch_cache,
                                state);
                 return;
             }

diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
@@ -102,6 +102,7 @@ struct as_req_state {
     loop_respond_fn respond;
     void *arg;
 
+    krb5_principal_data client_princ;
     krb5_enc_tkt_part enc_tkt_reply;
     krb5_enc_kdc_rep_part reply_encpart;
     krb5_ticket ticket_reply;
@@ -458,7 +459,6 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
     krb5_error_code errcode;
     krb5_timestamp rtime;
     unsigned int s_flags = 0;
-    krb5_principal_data client_princ;
     krb5_data encoded_req_body;
     krb5_enctype useenctype;
     struct as_req_state *state;
@@ -680,13 +680,13 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
 
     state->enc_tkt_reply.session = &state->session_key;
     if (isflagset(state->c_flags, KRB5_KDB_FLAG_CANONICALIZE)) {
-        client_princ = *(state->client->princ);
+        state->client_princ = *(state->client->princ);
     } else {
-        client_princ = *(state->request->client);
+        state->client_princ = *(state->request->client);
         /* The realm is always canonicalized */
-        client_princ.realm = state->client->princ->realm;
+        state->client_princ.realm = state->client->princ->realm;
     }
-    state->enc_tkt_reply.client = &client_princ;
+    state->enc_tkt_reply.client = &state->client_princ;
     state->enc_tkt_reply.transited.tr_type = KRB5_DOMAIN_X500_COMPRESS;
     state->enc_tkt_reply.transited.tr_contents = empty_string;