[30599] in CVS-changelog-for-Kerberos-V5

home help back first fref pref prev next nref lref last post

krb5 commit: Record start time of AS requests earlier in KDC

daemon@ATHENA.MIT.EDU (Greg Hudson)
Sun Nov 3 16:02:21 2019

Date: Sun, 3 Nov 2019 16:02:16 -0500
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <201911032102.xA3L2GRu011777@drugstore.mit.edu>
To: <cvs-krb5@mit.edu>
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu

https://github.com/krb5/krb5/commit/76dfd983d821773ad9029bb9cb9ddefebefb4d33
commit 76dfd983d821773ad9029bb9cb9ddefebefb4d33
Author: Andreas Schneider <asn@samba.org>
Date:   Thu Sep 19 16:34:36 2019 +0200

    Record start time of AS requests earlier in KDC
    
    In process_as_req(), get the current time before any KDB lookups, so
    that KDB modules can more correctly audit how long the processing of
    an AS request takes.
    
    [ghudson@mit.edu: rewrote commit message]
    
    ticket: 8842 (new)

 src/kdc/do_as_req.c |    9 +++++----
 1 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
index 64d48cf..f0798f8 100644
--- a/src/kdc/do_as_req.c
+++ b/src/kdc/do_as_req.c
@@ -546,6 +546,11 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
     /* Seed the audit trail with the request ID and basic information. */
     kau_as_req(kdc_context, TRUE, au_state);
 
+    errcode = krb5_timeofday(kdc_context, &state->kdc_time);
+    if (errcode)
+        goto errout;
+    state->authtime = state->kdc_time;
+
     if (fetch_asn1_field((unsigned char *) req_pkt->data,
                          1, 4, &encoded_req_body) != 0) {
         errcode = ASN1_BAD_ID;
@@ -671,10 +676,6 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
 
     au_state->stage = VALIDATE_POL;
 
-    if ((errcode = krb5_timeofday(kdc_context, &state->kdc_time)))
-        goto errout;
-    state->authtime = state->kdc_time; /* for audit_as_request() */
-
     if ((errcode = validate_as_request(kdc_active_realm,
                                        state->request, *state->client,
                                        *state->server, state->kdc_time,
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
home help back first fref pref prev next nref lref last post