[krb5] add upstream lookaside cache fix RT#7082
Nathaniel McCallum
npmccallum at fedoraproject.org
Tue Jan 31 18:42:26 UTC 2012
commit 1b8eb90a4fb6436cb4be9a575e27aa6e6b4658fa
Author: Nathaniel McCallum <nathaniel at themccallums.org>
Date: Tue Jan 31 13:42:23 2012 -0500
add upstream lookaside cache fix RT#7082
krb5-1.10-lookaside.patch | 101 +++++++++++++++++++++++++++++++++++++++++++++
krb5.spec | 7 +++-
2 files changed, 107 insertions(+), 1 deletions(-)
---
diff --git a/krb5-1.10-lookaside.patch b/krb5-1.10-lookaside.patch
new file mode 100644
index 0000000..1afdd82
--- /dev/null
+++ b/krb5-1.10-lookaside.patch
@@ -0,0 +1,101 @@
+From 4b9eb1f3dc538f7b29e50b6852983f5b4ddc7536 Mon Sep 17 00:00:00 2001
+From: ghudson <ghudson at dc483132-0cff-0310-8789-dd5450dbe970>
+Date: Thu, 26 Jan 2012 21:56:16 +0000
+Subject: [PATCH 1/3] ticket: 7082 subject: Various lookaside cache fixes
+ target_version: 1.10 tags: pullup
+
+Don't touch the lookaside cache if we're responding with a lookaside
+cache entry. Also, leave the null entry behind if we're deliberately
+dropping a request (a rare case) so that we don't have to process it
+again. Fixes several lookaside problems in 1.10:
+
+* When dropping a request because it was already being processed, we
+ were erroneously removing the null entry, causing us to process the
+ request again upon a second retransmit.
+
+* When responding to a finished request with a lookaside entry, we
+ were removing and re-adding the entry to the cache, resetting its
+ time and performing unnecessary work.
+
+* We were not caching responses we couldn't deliver because they were
+ too big for UDP, causing us to re-process the request when it came
+ in again via TCP instead of simply delivering the cached response.
+
+git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25660 dc483132-0cff-0310-8789-dd5450dbe970
+---
+ src/kdc/dispatch.c | 40 ++++++++++++++++++++++------------------
+ 1 files changed, 22 insertions(+), 18 deletions(-)
+
+diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c
+index b4c02f3..efe7098 100644
+--- a/src/kdc/dispatch.c
++++ b/src/kdc/dispatch.c
+@@ -44,20 +44,11 @@ struct dispatch_state {
+ };
+
+ static void
+-finish_dispatch(void *arg, krb5_error_code code, krb5_data *response)
++finish_dispatch(struct dispatch_state *state, krb5_error_code code,
++ krb5_data *response)
+ {
+- struct dispatch_state *state = arg;
+- loop_respond_fn oldrespond;
+- void *oldarg;
+-
+- assert(state);
+- oldrespond = state->respond;
+- oldarg = state->arg;
+-
+-#ifndef NOCACHE
+- /* Remove our NULL cache entry to indicate request completion. */
+- kdc_remove_lookaside(kdc_context, state->request);
+-#endif
++ loop_respond_fn oldrespond = state->respond;
++ void *oldarg = state->arg;
+
+ if (state->is_tcp == 0 && response &&
+ response->length > max_dgram_reply_size) {
+@@ -70,14 +61,27 @@ finish_dispatch(void *arg, krb5_error_code code, krb5_data *response)
+ error_message(code));
+ }
+
++ free(state);
++ (*oldrespond)(oldarg, code, response);
++}
++
++static void
++finish_dispatch_cache(void *arg, krb5_error_code code, krb5_data *response)
++{
++ struct dispatch_state *state = arg;
++
+ #ifndef NOCACHE
+- /* put the response into the lookaside buffer */
+- else if (!code && response)
++ /* Remove the null cache entry unless we actually want to discard this
++ * request. */
++ if (code != KRB5KDC_ERR_DISCARD)
++ kdc_remove_lookaside(kdc_context, state->request);
++
++ /* Put the response into the lookaside buffer (if we produced one). */
++ if (code == 0 && response != NULL)
+ kdc_insert_lookaside(state->request, response);
+ #endif
+
+- free(state);
+- (*oldrespond)(oldarg, code, response);
++ finish_dispatch(state, code, response);
+ }
+
+ void
+@@ -167,7 +171,7 @@ dispatch(void *cb, struct sockaddr *local_saddr,
+ * process_as_req frees the request if it is called
+ */
+ if (!(retval = setup_server_realm(as_req->server))) {
+- process_as_req(as_req, pkt, from, vctx, finish_dispatch,
++ process_as_req(as_req, pkt, from, vctx, finish_dispatch_cache,
+ state);
+ return;
+ }
+--
+1.7.7.5
+
diff --git a/krb5.spec b/krb5.spec
index 22f154d..1180d82 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -15,7 +15,7 @@
Summary: The Kerberos network authentication system
Name: krb5
Version: 1.10
-Release: 2%{?dist}
+Release: 3%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.10/krb5-1.10-signed.tar
Source0: krb5-%{version}.tar.gz
@@ -63,6 +63,7 @@ Patch102: krb5-trunk-7048.patch
Patch103: krb5-1.10-gcc47.patch
Patch104: krb5-1.10-crashfix.patch
Patch105: krb5-kvno-230379.patch
+Patch106: krb5-1.10-lookaside.patch
License: MIT
URL: http://web.mit.edu/kerberos/www/
@@ -234,6 +235,7 @@ ln -s NOTICE LICENSE
%patch103 -p0 -b .gcc47
%patch104 -p1 -b .crashfix
%patch105 -p1 -b .kvno
+%patch106 -p1 -b .7082
rm src/lib/krb5/krb/deltat.c
gzip doc/*.ps
@@ -745,6 +747,9 @@ exit 0
%{_sbindir}/uuserver
%changelog
+* Tue Jan 31 2012 Nathaniel McCallum <nathaniel at natemccallum.com> - 1.10-3
+- Add upstream lookaside cache behavior fix (RT#7082)
+
* Mon Jan 30 2012 Nalin Dahyabhai <nalin at redhat.com> 1.10-2
- add patch to accept keytab entries with vno==0 as matches when we're
searching for an entry with a specific name/kvno (#230382/#782211,RT#3349)
More information about the scm-commits
mailing list