diff options
author | Greg Hudson <ghudson@mit.edu> | 1994-11-01 12:51:23 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 1994-11-01 12:51:23 +0000 |
commit | 9bad14966361640e95c8b8e4c29990bd59828c2e (patch) | |
tree | 59aba4296409739f5683ac95dc37d49201f1d40c /lib/ZCkAuth.c | |
parent | 4eff1d544e4684f7344dee715c8732c11ca57afa (diff) |
Changes for better authentication
Diffstat (limited to 'lib/ZCkAuth.c')
-rw-r--r-- | lib/ZCkAuth.c | 32 |
1 files changed, 5 insertions, 27 deletions
diff --git a/lib/ZCkAuth.c b/lib/ZCkAuth.c index 58c9cba..999950b 100644 --- a/lib/ZCkAuth.c +++ b/lib/ZCkAuth.c @@ -27,6 +27,7 @@ static char rcsid_ZCheckAuthentication_c[] = If it doesn't look authentic, return 0 When not using Kerberos, return (looks-authentic-p) + Only used by clients; the server uses its own routine. */ int ZCheckAuthentication(notice, from) ZNotice_t *notice; @@ -40,36 +41,13 @@ int ZCheckAuthentication(notice, from) ZChecksum_t our_checksum; CREDENTIALS cred; + /* If the value is already known, return it. */ + if (notice->z_checked_auth != ZAUTH_UNSET) + return (notice->z_checked_auth); + if (!notice->z_auth) return (ZAUTH_NO); - if (__Zephyr_server) { - /* XXX: This routine needs to know where the server ticket - file is! */ - if (notice->z_authent_len <= 0) /* bogus length */ - return(ZAUTH_FAILED); - if (ZReadAscii(notice->z_ascii_authent, - strlen(notice->z_ascii_authent)+1, - (unsigned char *)authent.dat, - notice->z_authent_len) == ZERR_BADFIELD) { - return (ZAUTH_FAILED); - } - authent.length = notice->z_authent_len; - result = krb_rd_req(&authent, SERVER_SERVICE, - SERVER_INSTANCE, from->sin_addr.s_addr, - &dat, SERVER_SRVTAB); - if (result == RD_AP_OK) { - (void) memcpy((char *)__Zephyr_session, (char *)dat.session, - sizeof(C_Block)); - (void) sprintf(srcprincipal, "%s%s%s@%s", dat.pname, - dat.pinst[0]?".":"", dat.pinst, dat.prealm); - if (strcmp(srcprincipal, notice->z_sender)) - return (ZAUTH_FAILED); - return(ZAUTH_YES); - } else - return (ZAUTH_FAILED); /* didn't decode correctly */ - } - if (result = krb_get_cred(SERVER_SERVICE, SERVER_INSTANCE, __Zephyr_realm, &cred)) return (ZAUTH_NO); |