]>
Commit | Line | Data |
---|---|---|
a0223729 GB |
1 | /* Modifications for tzc by Darrell Kindred <dkindred@cmu.edu>, April 1997: |
2 | * - cache the kerberos credentials, so we can continue to check auth | |
3 | * even if the user re-kinits. | |
4 | */ | |
5 | ||
6 | /* This file is part of the Project Athena Zephyr Notification System. | |
7 | * It contains source for the ZCheckAuthentication function. | |
8 | * | |
9 | * Created by: Robert French | |
10 | * | |
11 | * /mit/zephyr/src/CVS/zephyr/lib/zephyr/ZCkAuth.c,v | |
12 | * ghudson | |
13 | * | |
14 | * Copyright (c) 1987,1991 by the Massachusetts Institute of Technology. | |
15 | * For copying and distribution information, see the file | |
16 | * "mit-copyright.h". | |
17 | */ | |
18 | /* /mit/zephyr/src/CVS/zephyr/lib/zephyr/ZCkAuth.c,v 1.21 1995/06/30 22:03:53 ghudson Exp */ | |
19 | ||
20 | ||
21 | #if 0 | |
22 | #include <internal.h> | |
23 | #else | |
24 | #include <zephyr/zephyr.h> | |
25 | #define ZAUTH_UNSET (-3) /* from internal.h */ | |
26 | #include <stdio.h> /* for NULL */ | |
27 | #endif | |
28 | ||
29 | /* Check authentication of the notice. | |
30 | If it looks authentic but fails the Kerberos check, return -1. | |
31 | If it looks authentic and passes the Kerberos check, return 1. | |
32 | If it doesn't look authentic, return 0 | |
33 | ||
34 | When not using Kerberos, return true if the notice claims to be authentic. | |
35 | Only used by clients; the server uses its own routine. | |
36 | */ | |
37 | Code_t ZCheckAuthentication(notice, from) | |
38 | ZNotice_t *notice; | |
39 | struct sockaddr_in *from; | |
40 | { | |
41 | #ifdef ZEPHYR_USES_KERBEROS | |
42 | int result; | |
43 | ZChecksum_t our_checksum; | |
44 | static CREDENTIALS cred; | |
45 | static int got_cred = 0; | |
46 | ||
47 | /* If the value is already known, return it. */ | |
48 | if (notice->z_checked_auth != ZAUTH_UNSET) | |
49 | return (notice->z_checked_auth); | |
50 | ||
51 | if (!notice->z_auth) | |
52 | return (ZAUTH_NO); | |
53 | ||
54 | if (!got_cred && | |
55 | (result = krb_get_cred(SERVER_SERVICE, SERVER_INSTANCE, | |
56 | __Zephyr_realm, &cred)) != 0) | |
57 | return (ZAUTH_NO); | |
58 | ||
59 | got_cred = 1; | |
60 | ||
61 | #ifdef NOENCRYPTION | |
62 | our_checksum = 0; | |
63 | #else /* NOENCRYPTION */ | |
64 | our_checksum = des_quad_cksum(notice->z_packet, NULL, | |
65 | notice->z_default_format+ | |
66 | strlen(notice->z_default_format)+1- | |
67 | notice->z_packet, 0, cred.session); | |
68 | #endif /* NOENCRYPTION */ | |
69 | /* if mismatched checksum, then the packet was corrupted */ | |
70 | return ((our_checksum == notice->z_checksum) ? ZAUTH_YES : ZAUTH_FAILED); | |
71 | ||
72 | #else /* ZEPHYR_USES_KERBEROS */ | |
73 | return (notice->z_auth ? ZAUTH_YES : ZAUTH_NO); | |
74 | #endif | |
75 | } |