diff options
| author |  Greg Hudson <ghudson@mit.edu> | 2000-02-11 15:59:35 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2000-02-11 15:59:35 +0000 |
| commit | f3cf3884c935fa5d3561e87512766e337f11beb2 (patch) | |
| tree | 06d776fb3eaedc66e89b53dccaf68e8fe0c09a4d /server | |
| parent | ce7beebd593f970d40ca45e201a1f0d0a1e2a41a (diff) | |
Remove an old compatibility compromise from back when we started requiring
checksums on messages. With this change, you can't fiddle with subs if
you don't have a valid checksum.
Diffstat (limited to 'server')
| -rw-r--r-- | server/dispatch.c | 17 | ||||
| -rw-r--r-- | server/kstuff.c | 20 |
2 files changed, 9 insertions, 28 deletions
diff --git a/server/dispatch.c b/server/dispatch.c index ece4ff8..12f9c04 100644 --- a/server/dispatch.c +++ b/server/dispatch.c @@ -243,20 +243,7 @@ dispatch(notice, auth, who, from_server) char dbg_buf[BUFSIZ]; #endif - /* Set "authflag" to 1 or 0 for handler functions. Treat - * ZAUTH_CKSUM_FAILED as authentic except for sendit(), which is - * handled below. */ - switch (auth) { - case ZAUTH_YES: - case ZAUTH_CKSUM_FAILED: - authflag = 1; - break; - case ZAUTH_FAILED: - case ZAUTH_NO: - default: - authflag = 0; - break; - } + authflag = (auth == ZAUTH_YES); if ((int) notice->z_kind < (int) UNSAFE || (int) notice->z_kind > (int) CLIENTACK) { @@ -311,8 +298,6 @@ dispatch(notice, auth, who, from_server) admin_notices.val++; status = server_adispatch(notice, authflag, who, me_server); } else { - if (auth == ZAUTH_CKSUM_FAILED) - authflag = 0; if (!bound_for_local_realm(notice)) { cp = strchr(notice->z_recipient, '@'); if (!cp || diff --git a/server/kstuff.c b/server/kstuff.c index 8090272..04396fa 100644 --- a/server/kstuff.c +++ b/server/kstuff.c @@ -189,11 +189,9 @@ ZCheckRealmAuthentication(notice, from, realm) return ZAUTH_FAILED; checksum = compute_rlm_checksum(notice, session_key); - /* If checksum matches, packet is authentic. Otherwise, check - * the authenticator as if we didn't have the session key cached - * and return ZAUTH_CKSUM_FAILED. This is a rare case (since the - * ticket isn't cached after a checksum failure), so don't worry - * about the extra des_quad_cksum() call. */ + /* If checksum matches, packet is authentic. If not, we might + * have an outdated session key, so keep going the slow way. + */ if (checksum == notice->z_checksum) { memcpy(__Zephyr_session, session_key, sizeof(C_Block)); return ZAUTH_YES; @@ -219,7 +217,7 @@ ZCheckRealmAuthentication(notice, from, realm) checksum = compute_rlm_checksum(notice, dat.session); #endif if (checksum != notice->z_checksum) - return ZAUTH_CKSUM_FAILED; + return ZAUTH_FAILED; /* Record the session key, expiry time, and source principal in the * hash table, so we can do a fast check next time. */ @@ -274,11 +272,9 @@ ZCheckAuthentication(notice, from) return ZAUTH_FAILED; checksum = compute_checksum(notice, session_key); - /* If the checksum matches, the packet is authentic. Otherwise, - * check authenticator as if we didn't have the session key cached - * and return ZAUTH_CKSUM_FAILED. This is a rare case (since the - * ticket isn't cached after a checksum failure), so don't worry - * about the extra des_quad_cksum() call. */ + /* If checksum matches, packet is authentic. If not, we might + * have an outdated session key, so keep going the slow way. + */ if (checksum == notice->z_checksum) { memcpy(__Zephyr_session, session_key, sizeof(C_Block)); return ZAUTH_YES; @@ -305,7 +301,7 @@ ZCheckAuthentication(notice, from) checksum = compute_checksum(notice, dat.session); #endif if (checksum != notice->z_checksum) - return ZAUTH_CKSUM_FAILED; + return ZAUTH_FAILED; /* Record the session key, expiry time, and source principal in the * hash table, so we can do a fast check next time. */ |