diff options
Diffstat (limited to 'lib/ZMkAuth.c')
-rw-r--r-- | lib/ZMkAuth.c | 31 |
1 files changed, 26 insertions, 5 deletions
diff --git a/lib/ZMkAuth.c b/lib/ZMkAuth.c index 3c19e26..a11b87b 100644 --- a/lib/ZMkAuth.c +++ b/lib/ZMkAuth.c @@ -37,9 +37,12 @@ Code_t ZMakeAuthentication(notice, buffer, buffer_len, len) int *len; { #ifdef Z_HaveKerberos - int retval, result; + int result; long now,time(); KTEXT_ST authent; + char *cstart, *cend; + long checksum; + CREDENTIALS cred; now = time(0); if (last_authent_time == 0 || (now - last_authent_time > 120)) { @@ -61,19 +64,37 @@ Code_t ZMakeAuthentication(notice, buffer, buffer_len, len) /* zero length authent is an error, so malloc(0) is not a problem */ if (!notice->z_ascii_authent) return (ENOMEM); - if ((retval = ZMakeAscii(notice->z_ascii_authent, + if ((result = ZMakeAscii(notice->z_ascii_authent, authent.length*3, authent.dat, authent.length)) != ZERR_NONE) { free(notice->z_ascii_authent); - return (retval); + return (result); } - retval = Z_FormatRawHeader(notice, buffer, buffer_len, len, (char **) 0); + result = Z_FormatRawHeader(notice, buffer, buffer_len, len, &cstart, + &cend); free(notice->z_ascii_authent); notice->z_authent_len = 0; + if (result) + return(result); - return (retval); + /* Compute a checksum over the header and message. */ + if (result = krb_get_cred(SERVER_SERVICE, SERVER_INSTANCE, + __Zephyr_realm, &cred)) + return result; + checksum = des_quad_cksum(buffer, NULL, cstart - buffer, 0, cred.session); + checksum ^= des_quad_cksum(cend, NULL, buffer + *len - cend, 0, + cred.session); + checksum ^= des_quad_cksum(notice->z_message, NULL, notice->message_len, 0, + cred.session); + notice->z_checksum = (ZChecksum_t) checksum; + checksum = htonl(checksum); + ZMakeAscii(cptr, buffer + buffer_len - cptr, (unsigned char *) &checksum, + sizeof(checksum)); + + return (ZERR_NONE); #else + notice->z_checksum = 0; notice->z_auth = 1; notice->z_authent_len = 0; notice->z_ascii_authent = ""; |