diff options
author | Greg Hudson <ghudson@mit.edu> | 2001-04-10 19:28:19 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2001-04-10 19:28:19 +0000 |
commit | 39885e5ba65feef6eb5ab5709b9d03b1bcaa7c5d (patch) | |
tree | e9ca3d97960f13a59bc57e926b4ac206d3bde33b | |
parent | 83ea0641b803587eb4f4acbb85ac01694d03654e (diff) |
Reintroduce checksum enforcement changes.
-rw-r--r-- | h/internal.h | 1 | ||||
-rw-r--r-- | server/dispatch.c | 17 | ||||
-rw-r--r-- | server/kstuff.c | 26 |
3 files changed, 13 insertions, 31 deletions
diff --git a/h/internal.h b/h/internal.h index 8544d3a..433a9b4 100644 --- a/h/internal.h +++ b/h/internal.h @@ -26,7 +26,6 @@ #define HM_SVC_FALLBACK htons((unsigned short) 2104) #define HM_SRV_SVC_FALLBACK htons((unsigned short) 2105) -#define ZAUTH_CKSUM_FAILED (-2) /* Used only by server. */ #define ZAUTH_UNSET (-3) /* Internal to client library. */ #define Z_MAXFRAGS 500 /* Max number of packet fragments */ #define Z_MAXNOTICESIZE 400000 /* Max size of incoming notice */ diff --git a/server/dispatch.c b/server/dispatch.c index f762926..493fcd4 100644 --- a/server/dispatch.c +++ b/server/dispatch.c @@ -257,20 +257,7 @@ dispatch(notice, auth, who, from_server) char dbg_buf[BUFSIZ]; #endif - /* Set "authflag" to 1 or 0 for handler functions. Treat - * ZAUTH_CKSUM_FAILED as authentic except for sendit(), which is - * handled below. */ - switch (auth) { - case ZAUTH_YES: - case ZAUTH_CKSUM_FAILED: - authflag = 1; - break; - case ZAUTH_FAILED: - case ZAUTH_NO: - default: - authflag = 0; - break; - } + authflag = (auth == ZAUTH_YES); if ((int) notice->z_kind < (int) UNSAFE || (int) notice->z_kind > (int) CLIENTACK) { @@ -324,8 +311,6 @@ dispatch(notice, auth, who, from_server) admin_notices.val++; status = server_adispatch(notice, authflag, who, me_server); } else { - if (auth == ZAUTH_CKSUM_FAILED) - authflag = 0; if (!realm_bound_for_realm(ZGetRealm(), notice->z_recipient)) { cp = strchr(notice->z_recipient, '@'); if (!cp || diff --git a/server/kstuff.c b/server/kstuff.c index 0848082..ca9f055 100644 --- a/server/kstuff.c +++ b/server/kstuff.c @@ -8,7 +8,8 @@ * "mit-copyright.h". */ /* - * $Id$ + * $Source$ + * $Header$ */ #include "zserver.h" @@ -188,13 +189,12 @@ ZCheckRealmAuthentication(notice, from, realm) return ZAUTH_FAILED; checksum = compute_rlm_checksum(notice, session_key); - /* If checksum matches, packet is authentic. Otherwise, check - * the authenticator as if we didn't have the session key cached - * and return ZAUTH_CKSUM_FAILED. This is a rare case (since the - * ticket isn't cached after a checksum failure), so don't worry - * about the extra des_quad_cksum() call. */ + /* If checksum matches, packet is authentic. If not, we might + * have an outdated session key, so keep going the slow way. + */ if (checksum == notice->z_checksum) { - memcpy(__Zephyr_session, session_key, sizeof(C_Block)); + (void) memcpy((char *)__Zephyr_session, (char *)session_key, + sizeof(C_Block)); /* For control_dispatch() */ return ZAUTH_YES; } @@ -231,7 +231,7 @@ ZCheckRealmAuthentication(notice, from, realm) checksum = compute_checksum(notice, dat.session); if (checksum != notice->z_checksum) #endif - return ZAUTH_CKSUM_FAILED; + return ZAUTH_FAILED; } /* Record the session key, expiry time, and source principal in the @@ -287,11 +287,9 @@ ZCheckAuthentication(notice, from) return ZAUTH_FAILED; checksum = compute_checksum(notice, session_key); - /* If the checksum matches, the packet is authentic. Otherwise, - * check authenticator as if we didn't have the session key cached - * and return ZAUTH_CKSUM_FAILED. This is a rare case (since the - * ticket isn't cached after a checksum failure), so don't worry - * about the extra des_quad_cksum() call. */ + /* If checksum matches, packet is authentic. If not, we might + * have an outdated session key, so keep going the slow way. + */ if (checksum == notice->z_checksum) { memcpy(__Zephyr_session, session_key, sizeof(C_Block)); return ZAUTH_YES; @@ -318,7 +316,7 @@ ZCheckAuthentication(notice, from) checksum = compute_checksum(notice, dat.session); #endif if (checksum != notice->z_checksum) - return ZAUTH_CKSUM_FAILED; + return ZAUTH_FAILED; /* Record the session key, expiry time, and source principal in the * hash table, so we can do a fast check next time. */ |