1 /* Modifications for tzc by Darrell Kindred <dkindred@cmu.edu>, April 1997:
2 * - cache the kerberos credentials, so we can continue to check auth
3 * even if the user re-kinits.
6 /* This file is part of the Project Athena Zephyr Notification System.
7 * It contains source for the ZCheckAuthentication function.
9 * Created by: Robert French
11 * /mit/zephyr/src/CVS/zephyr/lib/zephyr/ZCkAuth.c,v
14 * Copyright (c) 1987,1991 by the Massachusetts Institute of Technology.
15 * For copying and distribution information, see the file
18 /* /mit/zephyr/src/CVS/zephyr/lib/zephyr/ZCkAuth.c,v 1.21 1995/06/30 22:03:53 ghudson Exp */
24 #include <zephyr/zephyr.h>
25 #define ZAUTH_UNSET (-3) /* from internal.h */
26 #include <stdio.h> /* for NULL */
29 /* Check authentication of the notice.
30 If it looks authentic but fails the Kerberos check, return -1.
31 If it looks authentic and passes the Kerberos check, return 1.
32 If it doesn't look authentic, return 0
34 When not using Kerberos, return true if the notice claims to be authentic.
35 Only used by clients; the server uses its own routine.
37 Code_t ZCheckAuthentication(notice, from)
39 struct sockaddr_in *from;
41 #ifdef ZEPHYR_USES_KERBEROS
43 ZChecksum_t our_checksum;
44 static CREDENTIALS cred;
45 static int got_cred = 0;
47 /* If the value is already known, return it. */
48 if (notice->z_checked_auth != ZAUTH_UNSET)
49 return (notice->z_checked_auth);
55 (result = krb_get_cred(SERVER_SERVICE, SERVER_INSTANCE,
56 __Zephyr_realm, &cred)) != 0)
63 #else /* NOENCRYPTION */
64 our_checksum = des_quad_cksum(notice->z_packet, NULL,
65 notice->z_default_format+
66 strlen(notice->z_default_format)+1-
67 notice->z_packet, 0, cred.session);
68 #endif /* NOENCRYPTION */
69 /* if mismatched checksum, then the packet was corrupted */
70 return ((our_checksum == notice->z_checksum) ? ZAUTH_YES : ZAUTH_FAILED);
72 #else /* ZEPHYR_USES_KERBEROS */
73 return (notice->z_auth ? ZAUTH_YES : ZAUTH_NO);