[krb5] add upstream lookaside cache fix RT#7082

Nathaniel McCallum npmccallum at fedoraproject.org
Tue Jan 31 18:42:26 UTC 2012 

commit 1b8eb90a4fb6436cb4be9a575e27aa6e6b4658fa
Author: Nathaniel McCallum <nathaniel at themccallums.org>
Date:   Tue Jan 31 13:42:23 2012 -0500

    add upstream lookaside cache fix RT#7082

 krb5-1.10-lookaside.patch |  101 +++++++++++++++++++++++++++++++++++++++++++++
 krb5.spec                 |    7 +++-
 2 files changed, 107 insertions(+), 1 deletions(-)
---
diff --git a/krb5-1.10-lookaside.patch b/krb5-1.10-lookaside.patch
new file mode 100644
index 0000000..1afdd82
--- /dev/null
+++ b/krb5-1.10-lookaside.patch
@@ -0,0 +1,101 @@
+From 4b9eb1f3dc538f7b29e50b6852983f5b4ddc7536 Mon Sep 17 00:00:00 2001
+From: ghudson <ghudson at dc483132-0cff-0310-8789-dd5450dbe970>
+Date: Thu, 26 Jan 2012 21:56:16 +0000
+Subject: [PATCH 1/3] ticket: 7082 subject: Various lookaside cache fixes
+ target_version: 1.10 tags: pullup
+
+Don't touch the lookaside cache if we're responding with a lookaside
+cache entry.  Also, leave the null entry behind if we're deliberately
+dropping a request (a rare case) so that we don't have to process it
+again.  Fixes several lookaside problems in 1.10:
+
+* When dropping a request because it was already being processed, we
+  were erroneously removing the null entry, causing us to process the
+  request again upon a second retransmit.
+
+* When responding to a finished request with a lookaside entry, we
+  were removing and re-adding the entry to the cache, resetting its
+  time and performing unnecessary work.
+
+* We were not caching responses we couldn't deliver because they were
+  too big for UDP, causing us to re-process the request when it came
+  in again via TCP instead of simply delivering the cached response.
+
+git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25660 dc483132-0cff-0310-8789-dd5450dbe970
+---
+ src/kdc/dispatch.c |   40 ++++++++++++++++++++++------------------
+ 1 files changed, 22 insertions(+), 18 deletions(-)
+
+diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c
+index b4c02f3..efe7098 100644
+--- a/src/kdc/dispatch.c
++++ b/src/kdc/dispatch.c
+@@ -44,20 +44,11 @@ struct dispatch_state {
+ };
+ 
+ static void
+-finish_dispatch(void *arg, krb5_error_code code, krb5_data *response)
++finish_dispatch(struct dispatch_state *state, krb5_error_code code,
++                krb5_data *response)
+ {
+-    struct dispatch_state *state = arg;
+-    loop_respond_fn oldrespond;
+-    void *oldarg;
+-
+-    assert(state);
+-    oldrespond = state->respond;
+-    oldarg = state->arg;
+-
+-#ifndef NOCACHE
+-    /* Remove our NULL cache entry to indicate request completion. */
+-    kdc_remove_lookaside(kdc_context, state->request);
+-#endif
++    loop_respond_fn oldrespond = state->respond;
++    void *oldarg = state->arg;
+ 
+     if (state->is_tcp == 0 && response &&
+         response->length > max_dgram_reply_size) {
+@@ -70,14 +61,27 @@ finish_dispatch(void *arg, krb5_error_code code, krb5_data *response)
+                              error_message(code));
+     }
+ 
++    free(state);
++    (*oldrespond)(oldarg, code, response);
++}
++
++static void
++finish_dispatch_cache(void *arg, krb5_error_code code, krb5_data *response)
++{
++    struct dispatch_state *state = arg;
++
+ #ifndef NOCACHE
+-    /* put the response into the lookaside buffer */
+-    else if (!code && response)
++    /* Remove the null cache entry unless we actually want to discard this
++     * request. */
++    if (code != KRB5KDC_ERR_DISCARD)
++        kdc_remove_lookaside(kdc_context, state->request);
++
++    /* Put the response into the lookaside buffer (if we produced one). */
++    if (code == 0 && response != NULL)
+         kdc_insert_lookaside(state->request, response);
+ #endif
+ 
+-    free(state);
+-    (*oldrespond)(oldarg, code, response);
++    finish_dispatch(state, code, response);
+ }
+ 
+ void
+@@ -167,7 +171,7 @@ dispatch(void *cb, struct sockaddr *local_saddr,
+              * process_as_req frees the request if it is called
+              */
+             if (!(retval = setup_server_realm(as_req->server))) {
+-                process_as_req(as_req, pkt, from, vctx, finish_dispatch,
++                process_as_req(as_req, pkt, from, vctx, finish_dispatch_cache,
+                                state);
+                 return;
+             }
+-- 
+1.7.7.5
+
diff --git a/krb5.spec b/krb5.spec
index 22f154d..1180d82 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -15,7 +15,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.10
-Release: 2%{?dist}
+Release: 3%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.10/krb5-1.10-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -63,6 +63,7 @@ Patch102: krb5-trunk-7048.patch
 Patch103: krb5-1.10-gcc47.patch
 Patch104: krb5-1.10-crashfix.patch
 Patch105: krb5-kvno-230379.patch
+Patch106: krb5-1.10-lookaside.patch
 
 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@@ -234,6 +235,7 @@ ln -s NOTICE LICENSE
 %patch103 -p0 -b .gcc47
 %patch104 -p1 -b .crashfix
 %patch105 -p1 -b .kvno
+%patch106 -p1 -b .7082
 rm src/lib/krb5/krb/deltat.c
 
 gzip doc/*.ps
@@ -745,6 +747,9 @@ exit 0
 %{_sbindir}/uuserver
 
 %changelog
+* Tue Jan 31 2012 Nathaniel McCallum <nathaniel at natemccallum.com> - 1.10-3
+- Add upstream lookaside cache behavior fix (RT#7082)
+
 * Mon Jan 30 2012 Nalin Dahyabhai <nalin at redhat.com> 1.10-2
 - add patch to accept keytab entries with vno==0 as matches when we're
   searching for an entry with a specific name/kvno (#230382/#782211,RT#3349)

More information about the scm-commits mailing list