From: | raeburn@mit.edu |
Subject: | CVS Commit |
The replay lookaside cache includes the sending address, but the krb5
library replay cache does not. So, if the same message arrives from
two different source addresses, it is considered a replay by the KDC.
If the client isn't receiving the replies for some reason, and the
client has multiple addresses it uses to contact different addresses
on the KDC (and trying to reach the KDC via both IPv4 and IPv6 is an
obvious such case), this can cause errors to be returned by the KDC.
* replay.c (krb5_kdc_replay_ent): Remove "addrs" field.
(MATCH): Don't check it.
(kdc_check_lookaside, kdc_insert_lookaside): Remove "from" argument.
* kdc_util.h (kdc_check_lookaside, kdc_insert_lookaside): Update decls.
* dispatch.c (dispatch): Update calls.
Commit By: raeburn
Revision: 17970
Changed Files:
U trunk/src/kdc/dispatch.c
U trunk/src/kdc/kdc_util.h
U trunk/src/kdc/replay.c
library replay cache does not. So, if the same message arrives from
two different source addresses, it is considered a replay by the KDC.
If the client isn't receiving the replies for some reason, and the
client has multiple addresses it uses to contact different addresses
on the KDC (and trying to reach the KDC via both IPv4 and IPv6 is an
obvious such case), this can cause errors to be returned by the KDC.
* replay.c (krb5_kdc_replay_ent): Remove "addrs" field.
(MATCH): Don't check it.
(kdc_check_lookaside, kdc_insert_lookaside): Remove "from" argument.
* kdc_util.h (kdc_check_lookaside, kdc_insert_lookaside): Update decls.
* dispatch.c (dispatch): Update calls.
Commit By: raeburn
Revision: 17970
Changed Files:
U trunk/src/kdc/dispatch.c
U trunk/src/kdc/kdc_util.h
U trunk/src/kdc/replay.c