Record start time of AS requests earlier in KDC

In process_as_req(), get the current time before any KDB lookups, so
that KDB modules can more correctly audit how long the processing of
an AS request takes.

[ghudson@mit.edu: rewrote commit message]

ticket: 8842 (new)

diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
index 64d48cf28e474d0296d870f3aac2b2a522086231..f0798f8eaab0e2fe580e6eef8b81952ba1a7fe51 100644 (file)
--- a/src/kdc/do_as_req.c
+++ b/src/kdc/do_as_req.c
@@ -546,6 +546,11 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
     /* Seed the audit trail with the request ID and basic information. */
     kau_as_req(kdc_context, TRUE, au_state);
 
+    errcode = krb5_timeofday(kdc_context, &state->kdc_time);
+    if (errcode)
+        goto errout;
+    state->authtime = state->kdc_time;
+
     if (fetch_asn1_field((unsigned char *) req_pkt->data,
                          1, 4, &encoded_req_body) != 0) {
         errcode = ASN1_BAD_ID;
@@ -671,10 +676,6 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
 
     au_state->stage = VALIDATE_POL;
 
-    if ((errcode = krb5_timeofday(kdc_context, &state->kdc_time)))
-        goto errout;
-    state->authtime = state->kdc_time; /* for audit_as_request() */
-
     if ((errcode = validate_as_request(kdc_active_realm,
                                        state->request, *state->client,
                                        *state->server, state->kdc_time,