From 39885e5ba65feef6eb5ab5709b9d03b1bcaa7c5d Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Tue, 10 Apr 2001 19:28:19 +0000
Subject: Reintroduce checksum enforcement changes.

---
 server/kstuff.c | 26 ++++++++++++--------------
 1 file changed, 12 insertions(+), 14 deletions(-)

(limited to 'server/kstuff.c')

diff --git a/server/kstuff.c b/server/kstuff.c
index 0848082..ca9f055 100644
--- a/server/kstuff.c
+++ b/server/kstuff.c
@@ -8,7 +8,8 @@
  *	"mit-copyright.h". 
  */
 /*
- *	$Id$
+ *	$Source$
+ *	$Header$
  */
 
 #include "zserver.h"
@@ -188,13 +189,12 @@ ZCheckRealmAuthentication(notice, from, realm)
             return ZAUTH_FAILED;
         checksum = compute_rlm_checksum(notice, session_key);
 
-        /* If checksum matches, packet is authentic.  Otherwise, check
-         * the authenticator as if we didn't have the session key cached
-         * and return ZAUTH_CKSUM_FAILED.  This is a rare case (since the
-         * ticket isn't cached after a checksum failure), so don't worry
-         * about the extra des_quad_cksum() call. */
+        /* If checksum matches, packet is authentic.  If not, we might
+         * have an outdated session key, so keep going the slow way.
+         */
         if (checksum == notice->z_checksum) {
-          memcpy(__Zephyr_session, session_key, sizeof(C_Block)); 
+          (void) memcpy((char *)__Zephyr_session, (char *)session_key, 
+                        sizeof(C_Block)); /* For control_dispatch() */
           return ZAUTH_YES;
         }
 
@@ -231,7 +231,7 @@ ZCheckRealmAuthentication(notice, from, realm)
       checksum = compute_checksum(notice, dat.session);
       if (checksum != notice->z_checksum)
 #endif
-         return ZAUTH_CKSUM_FAILED;
+        return ZAUTH_FAILED;
     }
 
     /* Record the session key, expiry time, and source principal in the
@@ -287,11 +287,9 @@ ZCheckAuthentication(notice, from)
 	    return ZAUTH_FAILED;
 	checksum = compute_checksum(notice, session_key);
 
-	/* If the checksum matches, the packet is authentic.  Otherwise,
-	 * check authenticator as if we didn't have the session key cached
-	 * and return ZAUTH_CKSUM_FAILED.  This is a rare case (since the
-	 * ticket isn't cached after a checksum failure), so don't worry
-	 * about the extra des_quad_cksum() call. */
+        /* If checksum matches, packet is authentic.  If not, we might
+	 * have an outdated session key, so keep going the slow way.
+	 */
 	if (checksum == notice->z_checksum) {
 	    memcpy(__Zephyr_session, session_key, sizeof(C_Block));
 	    return ZAUTH_YES;
@@ -318,7 +316,7 @@ ZCheckAuthentication(notice, from)
     checksum = compute_checksum(notice, dat.session);
 #endif
     if (checksum != notice->z_checksum)
-	return ZAUTH_CKSUM_FAILED;
+	return ZAUTH_FAILED;
 
     /* Record the session key, expiry time, and source principal in the
      * hash table, so we can do a fast check next time. */
-- 
cgit v1.2.3