diff options
| author |  Greg Hudson <ghudson@mit.edu> | 2001-04-10 19:28:19 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2001-04-10 19:28:19 +0000 |
| commit | 39885e5ba65feef6eb5ab5709b9d03b1bcaa7c5d (patch) | |
| tree | e9ca3d97960f13a59bc57e926b4ac206d3bde33b /server/kstuff.c | |
| parent | 83ea0641b803587eb4f4acbb85ac01694d03654e (diff) | |
Reintroduce checksum enforcement changes.
Diffstat (limited to 'server/kstuff.c')
| -rw-r--r-- | server/kstuff.c | 26 |
1 files changed, 12 insertions, 14 deletions
diff --git a/server/kstuff.c b/server/kstuff.c index 0848082..ca9f055 100644 --- a/server/kstuff.c +++ b/server/kstuff.c @@ -8,7 +8,8 @@ * "mit-copyright.h". */ /* - * $Id$ + * $Source$ + * $Header$ */ #include "zserver.h" @@ -188,13 +189,12 @@ ZCheckRealmAuthentication(notice, from, realm) return ZAUTH_FAILED; checksum = compute_rlm_checksum(notice, session_key); - /* If checksum matches, packet is authentic. Otherwise, check - * the authenticator as if we didn't have the session key cached - * and return ZAUTH_CKSUM_FAILED. This is a rare case (since the - * ticket isn't cached after a checksum failure), so don't worry - * about the extra des_quad_cksum() call. */ + /* If checksum matches, packet is authentic. If not, we might + * have an outdated session key, so keep going the slow way. + */ if (checksum == notice->z_checksum) { - memcpy(__Zephyr_session, session_key, sizeof(C_Block)); + (void) memcpy((char *)__Zephyr_session, (char *)session_key, + sizeof(C_Block)); /* For control_dispatch() */ return ZAUTH_YES; } @@ -231,7 +231,7 @@ ZCheckRealmAuthentication(notice, from, realm) checksum = compute_checksum(notice, dat.session); if (checksum != notice->z_checksum) #endif - return ZAUTH_CKSUM_FAILED; + return ZAUTH_FAILED; } /* Record the session key, expiry time, and source principal in the @@ -287,11 +287,9 @@ ZCheckAuthentication(notice, from) return ZAUTH_FAILED; checksum = compute_checksum(notice, session_key); - /* If the checksum matches, the packet is authentic. Otherwise, - * check authenticator as if we didn't have the session key cached - * and return ZAUTH_CKSUM_FAILED. This is a rare case (since the - * ticket isn't cached after a checksum failure), so don't worry - * about the extra des_quad_cksum() call. */ + /* If checksum matches, packet is authentic. If not, we might + * have an outdated session key, so keep going the slow way. + */ if (checksum == notice->z_checksum) { memcpy(__Zephyr_session, session_key, sizeof(C_Block)); return ZAUTH_YES; @@ -318,7 +316,7 @@ ZCheckAuthentication(notice, from) checksum = compute_checksum(notice, dat.session); #endif if (checksum != notice->z_checksum) - return ZAUTH_CKSUM_FAILED; + return ZAUTH_FAILED; /* Record the session key, expiry time, and source principal in the * hash table, so we can do a fast check next time. */ |