From: Andreas Schneider Date: Thu, 19 Sep 2019 14:34:36 +0000 (+0200) Subject: Record start time of AS requests earlier in KDC X-Git-Tag: krb5-1.18-beta1~41 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=76dfd983d821773ad9029bb9cb9ddefebefb4d33;p=thirdparty%2Fkrb5.git Record start time of AS requests earlier in KDC In process_as_req(), get the current time before any KDB lookups, so that KDB modules can more correctly audit how long the processing of an AS request takes. [ghudson@mit.edu: rewrote commit message] ticket: 8842 (new) --- diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index 64d48cf28e..f0798f8eaa 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -546,6 +546,11 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, /* Seed the audit trail with the request ID and basic information. */ kau_as_req(kdc_context, TRUE, au_state); + errcode = krb5_timeofday(kdc_context, &state->kdc_time); + if (errcode) + goto errout; + state->authtime = state->kdc_time; + if (fetch_asn1_field((unsigned char *) req_pkt->data, 1, 4, &encoded_req_body) != 0) { errcode = ASN1_BAD_ID; @@ -671,10 +676,6 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, au_state->stage = VALIDATE_POL; - if ((errcode = krb5_timeofday(kdc_context, &state->kdc_time))) - goto errout; - state->authtime = state->kdc_time; /* for audit_as_request() */ - if ((errcode = validate_as_request(kdc_active_realm, state->request, *state->client, *state->server, state->kdc_time,