rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity

add upstream lookaside cache fix RT#7082

Browse Source
This commit is contained in:
Nathaniel McCallum 2012-01-31 13:42:23 -05:00
parent 9e5f5995cd
commit 1b8eb90a4f
2 changed files with 107 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
krb5-1.10-lookaside.patch Normal file
View File

@ -0,0 +1,101 @@
From 4b9eb1f3dc538f7b29e50b6852983f5b4ddc7536 Mon Sep 17 00:00:00 2001
From: ghudson <ghudson@dc483132-0cff-0310-8789-dd5450dbe970>
Date: Thu, 26 Jan 2012 21:56:16 +0000
Subject: [PATCH 1/3] ticket: 7082 subject: Various lookaside cache fixes
target_version: 1.10 tags: pullup
Don't touch the lookaside cache if we're responding with a lookaside
cache entry. Also, leave the null entry behind if we're deliberately
dropping a request (a rare case) so that we don't have to process it
again. Fixes several lookaside problems in 1.10:
* When dropping a request because it was already being processed, we
were erroneously removing the null entry, causing us to process the
request again upon a second retransmit.
* When responding to a finished request with a lookaside entry, we
were removing and re-adding the entry to the cache, resetting its
time and performing unnecessary work.
* We were not caching responses we couldn't deliver because they were
too big for UDP, causing us to re-process the request when it came
in again via TCP instead of simply delivering the cached response.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25660 dc483132-0cff-0310-8789-dd5450dbe970
---
src/kdc/dispatch.c | 40 ++++++++++++++++++++++------------------
1 files changed, 22 insertions(+), 18 deletions(-)
diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c
index b4c02f3..efe7098 100644
--- a/src/kdc/dispatch.c
+++ b/src/kdc/dispatch.c
@@ -44,20 +44,11 @@ struct dispatch_state {
};
static void
-finish_dispatch(void *arg, krb5_error_code code, krb5_data *response)
+finish_dispatch(struct dispatch_state *state, krb5_error_code code,
+ krb5_data *response)
{
- struct dispatch_state *state = arg;
- loop_respond_fn oldrespond;
- void *oldarg;
-
- assert(state);
- oldrespond = state->respond;
- oldarg = state->arg;
-
-#ifndef NOCACHE
- /* Remove our NULL cache entry to indicate request completion. */
- kdc_remove_lookaside(kdc_context, state->request);
-#endif
+ loop_respond_fn oldrespond = state->respond;
+ void *oldarg = state->arg;
if (state->is_tcp == 0 && response &&
response->length > max_dgram_reply_size) {
@@ -70,14 +61,27 @@ finish_dispatch(void *arg, krb5_error_code code, krb5_data *response)
error_message(code));
}
+ free(state);
+ (*oldrespond)(oldarg, code, response);
+}
+
+static void
+finish_dispatch_cache(void *arg, krb5_error_code code, krb5_data *response)
+{
+ struct dispatch_state *state = arg;
+
#ifndef NOCACHE
- /* put the response into the lookaside buffer */
- else if (!code && response)
+ /* Remove the null cache entry unless we actually want to discard this
+ * request. */
+ if (code != KRB5KDC_ERR_DISCARD)
+ kdc_remove_lookaside(kdc_context, state->request);
+
+ /* Put the response into the lookaside buffer (if we produced one). */
+ if (code == 0 && response != NULL)
kdc_insert_lookaside(state->request, response);
#endif
- free(state);
- (*oldrespond)(oldarg, code, response);
+ finish_dispatch(state, code, response);
}
void
@@ -167,7 +171,7 @@ dispatch(void *cb, struct sockaddr *local_saddr,
* process_as_req frees the request if it is called
*/
if (!(retval = setup_server_realm(as_req->server))) {
- process_as_req(as_req, pkt, from, vctx, finish_dispatch,
+ process_as_req(as_req, pkt, from, vctx, finish_dispatch_cache,
state);
return;
}
--
1.7.7.5

7
krb5.spec
View File

@ -15,7 +15,7 @@
Summary: The Kerberos network authentication system Summary: The Kerberos network authentication system
Name: krb5 Name: krb5
Version: 1.10 Version: 1.10
Release: 2%{?dist} Release: 3%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead? # Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.10/krb5-1.10-signed.tar # http://web.mit.edu/kerberos/dist/krb5/1.10/krb5-1.10-signed.tar
Source0: krb5-%{version}.tar.gz Source0: krb5-%{version}.tar.gz
@ -63,6 +63,7 @@ Patch102: krb5-trunk-7048.patch
Patch103: krb5-1.10-gcc47.patch Patch103: krb5-1.10-gcc47.patch
Patch104: krb5-1.10-crashfix.patch Patch104: krb5-1.10-crashfix.patch
Patch105: krb5-kvno-230379.patch Patch105: krb5-kvno-230379.patch
Patch106: krb5-1.10-lookaside.patch
License: MIT License: MIT
URL: http://web.mit.edu/kerberos/www/ URL: http://web.mit.edu/kerberos/www/
@ -234,6 +235,7 @@ ln -s NOTICE LICENSE
%patch103 -p0 -b .gcc47 %patch103 -p0 -b .gcc47
%patch104 -p1 -b .crashfix %patch104 -p1 -b .crashfix
%patch105 -p1 -b .kvno %patch105 -p1 -b .kvno
%patch106 -p1 -b .7082
rm src/lib/krb5/krb/deltat.c rm src/lib/krb5/krb/deltat.c
gzip doc/*.ps gzip doc/*.ps
@ -745,6 +747,9 @@ exit 0
%{_sbindir}/uuserver %{_sbindir}/uuserver
%changelog %changelog
* Tue Jan 31 2012 Nathaniel McCallum <nathaniel@natemccallum.com> - 1.10-3
- Add upstream lookaside cache behavior fix (RT#7082)
* Mon Jan 30 2012 Nalin Dahyabhai <nalin@redhat.com> 1.10-2 * Mon Jan 30 2012 Nalin Dahyabhai <nalin@redhat.com> 1.10-2
- add patch to accept keytab entries with vno==0 as matches when we're - add patch to accept keytab entries with vno==0 as matches when we're
searching for an entry with a specific name/kvno (#230382/#782211,RT#3349) searching for an entry with a specific name/kvno (#230382/#782211,RT#3349)