krb5 commit: Record start time of AS requests earlier in KDC
Greg Hudson
ghudson at mit.edu
Sun Nov 3 16:02:16 EST 2019
https://github.com/krb5/krb5/commit/76dfd983d821773ad9029bb9cb9ddefebefb4d33
commit 76dfd983d821773ad9029bb9cb9ddefebefb4d33
Author: Andreas Schneider <asn at samba.org>
Date: Thu Sep 19 16:34:36 2019 +0200
Record start time of AS requests earlier in KDC
In process_as_req(), get the current time before any KDB lookups, so
that KDB modules can more correctly audit how long the processing of
an AS request takes.
[ghudson at mit.edu: rewrote commit message]
ticket: 8842 (new)
src/kdc/do_as_req.c | 9 +++++----
1 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
index 64d48cf..f0798f8 100644
--- a/src/kdc/do_as_req.c
+++ b/src/kdc/do_as_req.c
@@ -546,6 +546,11 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
/* Seed the audit trail with the request ID and basic information. */
kau_as_req(kdc_context, TRUE, au_state);
+ errcode = krb5_timeofday(kdc_context, &state->kdc_time);
+ if (errcode)
+ goto errout;
+ state->authtime = state->kdc_time;
+
if (fetch_asn1_field((unsigned char *) req_pkt->data,
1, 4, &encoded_req_body) != 0) {
errcode = ASN1_BAD_ID;
@@ -671,10 +676,6 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
au_state->stage = VALIDATE_POL;
- if ((errcode = krb5_timeofday(kdc_context, &state->kdc_time)))
- goto errout;
- state->authtime = state->kdc_time; /* for audit_as_request() */
-
if ((errcode = validate_as_request(kdc_active_realm,
state->request, *state->client,
*state->server, state->kdc_time,
More information about the cvs-krb5
mailing list