diff options
| author |  David Benjamin <davidben@mit.edu> | 2013-08-20 13:42:34 -0400 |
|---|---|---|
| committer |  Karl Ramm <kcr@1ts.org> | 2013-09-28 14:20:40 -0400 |
| commit | b13d9822d947d09749d7a0231d49705e2c2a3c17 (patch) | |
| tree | 2a03a90155ff42748ed7a2af3eb7b3361a675646 /h | |
| parent | f269734ef50e1a9aa22eb9f18125967ca772744b (diff) | |
Use the saved session keys in ZCheckZcodeAuthentication
This allows for authentication checking to continue working even when tickets
expire or are renewed.
Also include key expiration logic. This is possibly overly conservative and
paranoid by a couple orders of magnitude.
Intentionally do not use SERVACK because they're mildly annoying to get at and
aren't authenticated. When we receive a notice authenticated with a key, we
know the server has received it. From there, we can infer that sufficiently old
keys are stale. We can't remove stale keys immediately because some older
notices may still be in flight, but after a grace period they can go.
The timeout is set to 60 seconds, which is fairly high, but matches
Z_ReadWait's timeout.
Diffstat (limited to 'h')
| -rw-r--r-- | h/internal.h | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/h/internal.h b/h/internal.h index 54c595c..b6e6804 100644 --- a/h/internal.h +++ b/h/internal.h @@ -93,6 +93,16 @@ struct _Z_SessionKey { }; extern struct _Z_SessionKey *Z_keys_head, *Z_keys_tail; + +/* + * The maximum time we allow for a notice to get delivered. This is used for + * two timeouts in key expirey. First, we assume that any subscription notice + * was reached the server within that time; this allows us to assume old keys + * sent sufficiently long before a newer, verified key are stale. Second, we + * assume notices authenticated with an old key reach us in that time; this + * allows us to prune stale keys after a timeout. +*/ +#define KEY_TIMEOUT 60 #endif extern ZLocations_t *__locate_list; |