diff options
author | Greg Hudson <ghudson@mit.edu> | 2000-02-11 15:59:35 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2000-02-11 15:59:35 +0000 |
commit | f3cf3884c935fa5d3561e87512766e337f11beb2 (patch) | |
tree | 06d776fb3eaedc66e89b53dccaf68e8fe0c09a4d /server/kstuff.c | |
parent | ce7beebd593f970d40ca45e201a1f0d0a1e2a41a (diff) |
Remove an old compatibility compromise from back when we started requiring
checksums on messages. With this change, you can't fiddle with subs if
you don't have a valid checksum.
Diffstat (limited to 'server/kstuff.c')
-rw-r--r-- | server/kstuff.c | 20 |
1 files changed, 8 insertions, 12 deletions
diff --git a/server/kstuff.c b/server/kstuff.c index 8090272..04396fa 100644 --- a/server/kstuff.c +++ b/server/kstuff.c @@ -189,11 +189,9 @@ ZCheckRealmAuthentication(notice, from, realm) return ZAUTH_FAILED; checksum = compute_rlm_checksum(notice, session_key); - /* If checksum matches, packet is authentic. Otherwise, check - * the authenticator as if we didn't have the session key cached - * and return ZAUTH_CKSUM_FAILED. This is a rare case (since the - * ticket isn't cached after a checksum failure), so don't worry - * about the extra des_quad_cksum() call. */ + /* If checksum matches, packet is authentic. If not, we might + * have an outdated session key, so keep going the slow way. + */ if (checksum == notice->z_checksum) { memcpy(__Zephyr_session, session_key, sizeof(C_Block)); return ZAUTH_YES; @@ -219,7 +217,7 @@ ZCheckRealmAuthentication(notice, from, realm) checksum = compute_rlm_checksum(notice, dat.session); #endif if (checksum != notice->z_checksum) - return ZAUTH_CKSUM_FAILED; + return ZAUTH_FAILED; /* Record the session key, expiry time, and source principal in the * hash table, so we can do a fast check next time. */ @@ -274,11 +272,9 @@ ZCheckAuthentication(notice, from) return ZAUTH_FAILED; checksum = compute_checksum(notice, session_key); - /* If the checksum matches, the packet is authentic. Otherwise, - * check authenticator as if we didn't have the session key cached - * and return ZAUTH_CKSUM_FAILED. This is a rare case (since the - * ticket isn't cached after a checksum failure), so don't worry - * about the extra des_quad_cksum() call. */ + /* If checksum matches, packet is authentic. If not, we might + * have an outdated session key, so keep going the slow way. + */ if (checksum == notice->z_checksum) { memcpy(__Zephyr_session, session_key, sizeof(C_Block)); return ZAUTH_YES; @@ -305,7 +301,7 @@ ZCheckAuthentication(notice, from) checksum = compute_checksum(notice, dat.session); #endif if (checksum != notice->z_checksum) - return ZAUTH_CKSUM_FAILED; + return ZAUTH_FAILED; /* Record the session key, expiry time, and source principal in the * hash table, so we can do a fast check next time. */ |