add upstream lookaside cache fix RT#7082
This commit is contained in:
Nathaniel McCallum
parent
9e5f5995cd
commit
1b8eb90a4f
101
krb5-1.10-lookaside.patch
Normal file
101
krb5-1.10-lookaside.patch
Normal file
@ -0,0 +1,101 @@
|
||||
From 4b9eb1f3dc538f7b29e50b6852983f5b4ddc7536 Mon Sep 17 00:00:00 2001
|
||||
From: ghudson <ghudson@dc483132-0cff-0310-8789-dd5450dbe970>
|
||||
Date: Thu, 26 Jan 2012 21:56:16 +0000
|
||||
Subject: [PATCH 1/3] ticket: 7082 subject: Various lookaside cache fixes
|
||||
target_version: 1.10 tags: pullup
|
||||
|
||||
Don't touch the lookaside cache if we're responding with a lookaside
|
||||
cache entry. Also, leave the null entry behind if we're deliberately
|
||||
dropping a request (a rare case) so that we don't have to process it
|
||||
again. Fixes several lookaside problems in 1.10:
|
||||
|
||||
* When dropping a request because it was already being processed, we
|
||||
were erroneously removing the null entry, causing us to process the
|
||||
request again upon a second retransmit.
|
||||
|
||||
* When responding to a finished request with a lookaside entry, we
|
||||
were removing and re-adding the entry to the cache, resetting its
|
||||
time and performing unnecessary work.
|
||||
|
||||
* We were not caching responses we couldn't deliver because they were
|
||||
too big for UDP, causing us to re-process the request when it came
|
||||
in again via TCP instead of simply delivering the cached response.
|
||||
|
||||
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25660 dc483132-0cff-0310-8789-dd5450dbe970
|
||||
---
|
||||
src/kdc/dispatch.c | 40 ++++++++++++++++++++++------------------
|
||||
1 files changed, 22 insertions(+), 18 deletions(-)
|
||||
|
||||
diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c
|
||||
index b4c02f3..efe7098 100644
|
||||
--- a/src/kdc/dispatch.c
|
||||
+++ b/src/kdc/dispatch.c
|
||||
@@ -44,20 +44,11 @@ struct dispatch_state {
|
||||
};
|
||||
|
||||
static void
|
||||
-finish_dispatch(void *arg, krb5_error_code code, krb5_data *response)
|
||||
+finish_dispatch(struct dispatch_state *state, krb5_error_code code,
|
||||
+ krb5_data *response)
|
||||
{
|
||||
- struct dispatch_state *state = arg;
|
||||
- loop_respond_fn oldrespond;
|
||||
- void *oldarg;
|
||||
-
|
||||
- assert(state);
|
||||
- oldrespond = state->respond;
|
||||
- oldarg = state->arg;
|
||||
-
|
||||
-#ifndef NOCACHE
|
||||
- /* Remove our NULL cache entry to indicate request completion. */
|
||||
- kdc_remove_lookaside(kdc_context, state->request);
|
||||
-#endif
|
||||
+ loop_respond_fn oldrespond = state->respond;
|
||||
+ void *oldarg = state->arg;
|
||||
|
||||
if (state->is_tcp == 0 && response &&
|
||||
response->length > max_dgram_reply_size) {
|
||||
@@ -70,14 +61,27 @@ finish_dispatch(void *arg, krb5_error_code code, krb5_data *response)
|
||||
error_message(code));
|
||||
}
|
||||
|
||||
+ free(state);
|
||||
+ (*oldrespond)(oldarg, code, response);
|
||||
+}
|
||||
+
|
||||
+static void
|
||||
+finish_dispatch_cache(void *arg, krb5_error_code code, krb5_data *response)
|
||||
+{
|
||||
+ struct dispatch_state *state = arg;
|
||||
+
|
||||
#ifndef NOCACHE
|
||||
- /* put the response into the lookaside buffer */
|
||||
- else if (!code && response)
|
||||
+ /* Remove the null cache entry unless we actually want to discard this
|
||||
+ * request. */
|
||||
+ if (code != KRB5KDC_ERR_DISCARD)
|
||||
+ kdc_remove_lookaside(kdc_context, state->request);
|
||||
+
|
||||
+ /* Put the response into the lookaside buffer (if we produced one). */
|
||||
+ if (code == 0 && response != NULL)
|
||||
kdc_insert_lookaside(state->request, response);
|
||||
#endif
|
||||
|
||||
- free(state);
|
||||
- (*oldrespond)(oldarg, code, response);
|
||||
+ finish_dispatch(state, code, response);
|
||||
}
|
||||
|
||||
void
|
||||
@@ -167,7 +171,7 @@ dispatch(void *cb, struct sockaddr *local_saddr,
|
||||
* process_as_req frees the request if it is called
|
||||
*/
|
||||
if (!(retval = setup_server_realm(as_req->server))) {
|
||||
- process_as_req(as_req, pkt, from, vctx, finish_dispatch,
|
||||
+ process_as_req(as_req, pkt, from, vctx, finish_dispatch_cache,
|
||||
state);
|
||||
return;
|
||||
}
|
||||
--
|
||||
1.7.7.5
|
||||
|
||||
@ -15,7 +15,7 @@
|
||||
Summary: The Kerberos network authentication system
|
||||
Name: krb5
|
||||
Version: 1.10
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
# Maybe we should explode from the now-available-to-everybody tarball instead?
|
||||
# http://web.mit.edu/kerberos/dist/krb5/1.10/krb5-1.10-signed.tar
|
||||
Source0: krb5-%{version}.tar.gz
|
||||
@ -63,6 +63,7 @@ Patch102: krb5-trunk-7048.patch
|
||||
Patch103: krb5-1.10-gcc47.patch
|
||||
Patch104: krb5-1.10-crashfix.patch
|
||||
Patch105: krb5-kvno-230379.patch
|
||||
Patch106: krb5-1.10-lookaside.patch
|
||||
|
||||
License: MIT
|
||||
URL: http://web.mit.edu/kerberos/www/
|
||||
@ -234,6 +235,7 @@ ln -s NOTICE LICENSE
|
||||
%patch103 -p0 -b .gcc47
|
||||
%patch104 -p1 -b .crashfix
|
||||
%patch105 -p1 -b .kvno
|
||||
%patch106 -p1 -b .7082
|
||||
rm src/lib/krb5/krb/deltat.c
|
||||
|
||||
gzip doc/*.ps
|
||||
@ -745,6 +747,9 @@ exit 0
|
||||
%{_sbindir}/uuserver
|
||||
|
||||
%changelog
|
||||
* Tue Jan 31 2012 Nathaniel McCallum <nathaniel@natemccallum.com> - 1.10-3
|
||||
- Add upstream lookaside cache behavior fix (RT#7082)
|
||||
|
||||
* Mon Jan 30 2012 Nalin Dahyabhai <nalin@redhat.com> 1.10-2
|
||||
- add patch to accept keytab entries with vno==0 as matches when we're
|
||||
searching for an entry with a specific name/kvno (#230382/#782211,RT#3349)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user