diff options
author | Garry Zacheiss <zacheiss@mit.edu> | 2001-02-26 23:48:50 +0000 |
---|---|---|
committer | Garry Zacheiss <zacheiss@mit.edu> | 2001-02-26 23:48:50 +0000 |
commit | 83e73e1e12c9cabfc7af77113d4588b926acca3a (patch) | |
tree | 252f486c60436e90cc6d63423ff4150b4eb8e2dd /server/kstuff.c | |
parent | 4bd9bf736946ebdec00cd184f195669b0b45cd80 (diff) |
Changes from CMU:
* Better interrealm support: be prepared to try old and new style
checksumming, and make NOENCRYPTION case work.
Diffstat (limited to 'server/kstuff.c')
-rw-r--r-- | server/kstuff.c | 29 |
1 files changed, 22 insertions, 7 deletions
diff --git a/server/kstuff.c b/server/kstuff.c index 04396fa..ca9f055 100644 --- a/server/kstuff.c +++ b/server/kstuff.c @@ -8,7 +8,8 @@ * "mit-copyright.h". */ /* - * $Id$ + * $Source$ + * $Header$ */ #include "zserver.h" @@ -121,7 +122,6 @@ SendKerberosData(fd, ticket, service, host) { int rem; char p[32]; - char krb_realm[REALM_SZ]; int written; int size_to_write; @@ -190,8 +190,18 @@ ZCheckRealmAuthentication(notice, from, realm) checksum = compute_rlm_checksum(notice, session_key); /* If checksum matches, packet is authentic. If not, we might - * have an outdated session key, so keep going the slow way. - */ + * have an outdated session key, so keep going the slow way. + */ + if (checksum == notice->z_checksum) { + (void) memcpy((char *)__Zephyr_session, (char *)session_key, + sizeof(C_Block)); /* For control_dispatch() */ + return ZAUTH_YES; + } + + /* Try again. This way we can switch to the same checksums + * that the rest of Zephyr uses at a future date, but for now + * we need to be compatible */ + checksum = compute_checksum(notice, session_key); if (checksum == notice->z_checksum) { memcpy(__Zephyr_session, session_key, sizeof(C_Block)); return ZAUTH_YES; @@ -212,12 +222,17 @@ ZCheckRealmAuthentication(notice, from, realm) /* Check the cryptographic checksum. */ #ifdef NOENCRYPTION - our_checksum = 0; + checksum = 0; #else checksum = compute_rlm_checksum(notice, dat.session); #endif - if (checksum != notice->z_checksum) + if (checksum != notice->z_checksum) { +#ifndef NOENCRYPTION + checksum = compute_checksum(notice, dat.session); + if (checksum != notice->z_checksum) +#endif return ZAUTH_FAILED; + } /* Record the session key, expiry time, and source principal in the * hash table, so we can do a fast check next time. */ @@ -296,7 +311,7 @@ ZCheckAuthentication(notice, from) /* Check the cryptographic checksum. */ #ifdef NOENCRYPTION - our_checksum = 0; + checksum = 0; #else checksum = compute_checksum(notice, dat.session); #endif |