[zcommit.git] / src / zsend-0.0.1 / ZCkAuth.c

/* Modifications for tzc by Darrell Kindred <dkindred@cmu.edu>, April 1997:
 *   - cache the kerberos credentials, so we can continue to check auth
 *     even if the user re-kinits.
 */

/* This file is part of the Project Athena Zephyr Notification System.
 * It contains source for the ZCheckAuthentication function.
 *
 *	Created by:	Robert French
 *
 *	/mit/zephyr/src/CVS/zephyr/lib/zephyr/ZCkAuth.c,v
 *	ghudson
 *
 *	Copyright (c) 1987,1991 by the Massachusetts Institute of Technology.
 *	For copying and distribution information, see the file
 *	"mit-copyright.h". 
 */
/* /mit/zephyr/src/CVS/zephyr/lib/zephyr/ZCkAuth.c,v 1.21 1995/06/30 22:03:53 ghudson Exp */


#if 0
#include <internal.h>
#else
#include <zephyr/zephyr.h>
#define ZAUTH_UNSET (-3)      /* from internal.h */
#include <stdio.h>	      /* for NULL */
#endif

/* Check authentication of the notice.
   If it looks authentic but fails the Kerberos check, return -1.
   If it looks authentic and passes the Kerberos check, return 1.
   If it doesn't look authentic, return 0

   When not using Kerberos, return true if the notice claims to be authentic.
   Only used by clients; the server uses its own routine.
 */
Code_t ZCheckAuthentication(notice, from)
    ZNotice_t *notice;
    struct sockaddr_in *from;
{	
#ifdef ZEPHYR_USES_KERBEROS
    int result;
    ZChecksum_t our_checksum;
    static CREDENTIALS cred;
    static int got_cred = 0;

    /* If the value is already known, return it. */
    if (notice->z_checked_auth != ZAUTH_UNSET)
	return (notice->z_checked_auth);

    if (!notice->z_auth)
	return (ZAUTH_NO);
	
    if (!got_cred &&
	(result = krb_get_cred(SERVER_SERVICE, SERVER_INSTANCE, 
			       __Zephyr_realm, &cred)) != 0)
      return (ZAUTH_NO);

    got_cred = 1;

#ifdef NOENCRYPTION
    our_checksum = 0;
#else /* NOENCRYPTION */
    our_checksum = des_quad_cksum(notice->z_packet, NULL, 
                                notice->z_default_format+
                                strlen(notice->z_default_format)+1-
                                notice->z_packet, 0, cred.session);
#endif /* NOENCRYPTION */
    /* if mismatched checksum, then the packet was corrupted */
    return ((our_checksum == notice->z_checksum) ? ZAUTH_YES : ZAUTH_FAILED);

#else /* ZEPHYR_USES_KERBEROS */
    return (notice->z_auth ? ZAUTH_YES : ZAUTH_NO);
#endif
}
Commit	Line	Data
a0223729 GB	1	/* Modifications for tzc by Darrell Kindred <dkindred@cmu.edu>, April 1997:
	2	* - cache the kerberos credentials, so we can continue to check auth
	3	* even if the user re-kinits.
	4	*/
	5
	6	/* This file is part of the Project Athena Zephyr Notification System.
	7	* It contains source for the ZCheckAuthentication function.
	8	*
	9	* Created by: Robert French
	10	*
	11	* /mit/zephyr/src/CVS/zephyr/lib/zephyr/ZCkAuth.c,v
	12	* ghudson
	13	*
	14	* Copyright (c) 1987,1991 by the Massachusetts Institute of Technology.
	15	* For copying and distribution information, see the file
	16	* "mit-copyright.h".
	17	*/
	18	/* /mit/zephyr/src/CVS/zephyr/lib/zephyr/ZCkAuth.c,v 1.21 1995/06/30 22:03:53 ghudson Exp */
	19
	20
	21	#if 0
	22	#include <internal.h>
	23	#else
	24	#include <zephyr/zephyr.h>
	25	#define ZAUTH_UNSET (-3) /* from internal.h */
	26	#include <stdio.h> /* for NULL */
	27	#endif
	28
	29	/* Check authentication of the notice.
	30	If it looks authentic but fails the Kerberos check, return -1.
	31	If it looks authentic and passes the Kerberos check, return 1.
	32	If it doesn't look authentic, return 0
	33
	34	When not using Kerberos, return true if the notice claims to be authentic.
	35	Only used by clients; the server uses its own routine.
	36	*/
	37	Code_t ZCheckAuthentication(notice, from)
	38	ZNotice_t *notice;
	39	struct sockaddr_in *from;
	40	{
	41	#ifdef ZEPHYR_USES_KERBEROS
	42	int result;
	43	ZChecksum_t our_checksum;
	44	static CREDENTIALS cred;
	45	static int got_cred = 0;
	46
	47	/* If the value is already known, return it. */
	48	if (notice->z_checked_auth != ZAUTH_UNSET)
	49	return (notice->z_checked_auth);
	50
	51	if (!notice->z_auth)
	52	return (ZAUTH_NO);
	53
	54	if (!got_cred &&
	55	(result = krb_get_cred(SERVER_SERVICE, SERVER_INSTANCE,
	56	__Zephyr_realm, &cred)) != 0)
	57	return (ZAUTH_NO);
	58
	59	got_cred = 1;
	60
	61	#ifdef NOENCRYPTION
	62	our_checksum = 0;
	63	#else /* NOENCRYPTION */
	64	our_checksum = des_quad_cksum(notice->z_packet, NULL,
65	notice->z_default_format+
66	strlen(notice->z_default_format)+1-
67	notice->z_packet, 0, cred.session);
68	#endif /* NOENCRYPTION */
69	/* if mismatched checksum, then the packet was corrupted */
70	return ((our_checksum == notice->z_checksum) ? ZAUTH_YES : ZAUTH_FAILED);
71
72	#else /* ZEPHYR_USES_KERBEROS */
73	return (notice->z_auth ? ZAUTH_YES : ZAUTH_NO);
74	#endif
75	}