1700
|
1 /* This file is part of the Project Athena Zephyr Notification System.
|
|
2 * It contains source for the ZCheckAuthentication function.
|
|
3 *
|
|
4 * Created by: Robert French
|
|
5 *
|
|
6 * $Source$
|
|
7 * $Author: warmenhoven $
|
|
8 *
|
|
9 * Copyright (c) 1987,1991 by the Massachusetts Institute of Technology.
|
|
10 * For copying and distribution information, see the file
|
|
11 * "mit-copyright.h".
|
|
12 */
|
|
13 /* $Header$ */
|
|
14
|
|
15 #ifndef lint
|
|
16 static char rcsid_ZCheckAuthentication_c[] =
|
|
17 "$Zephyr: /mit/zephyr/src/lib/RCS/ZCheckAuthentication.c,v 1.14 89/03/24 14:17:38 jtkohl Exp Locker: raeburn $";
|
|
18 #endif
|
|
19
|
|
20 #include <internal.h>
|
|
21
|
|
22 /* Check authentication of the notice.
|
|
23 If it looks authentic but fails the Kerberos check, return -1.
|
|
24 If it looks authentic and passes the Kerberos check, return 1.
|
|
25 If it doesn't look authentic, return 0
|
|
26
|
|
27 When not using Kerberos, return true if the notice claims to be authentic.
|
|
28 Only used by clients; the server uses its own routine.
|
|
29 */
|
|
30 Code_t ZCheckAuthentication(notice, from)
|
|
31 ZNotice_t *notice;
|
|
32 struct sockaddr_in *from;
|
|
33 {
|
|
34 #ifdef ZEPHYR_USES_KERBEROS
|
|
35 int result;
|
|
36 ZChecksum_t our_checksum;
|
|
37 CREDENTIALS cred;
|
|
38
|
|
39 /* If the value is already known, return it. */
|
|
40 if (notice->z_checked_auth != ZAUTH_UNSET)
|
|
41 return (notice->z_checked_auth);
|
|
42
|
|
43 if (!notice->z_auth)
|
|
44 return (ZAUTH_NO);
|
|
45
|
|
46 if ((result = krb_get_cred(SERVER_SERVICE, SERVER_INSTANCE,
|
|
47 __Zephyr_realm, &cred)) != 0)
|
|
48 return (ZAUTH_NO);
|
|
49
|
|
50 #ifdef NOENCRYPTION
|
|
51 our_checksum = 0;
|
|
52 #else
|
|
53 our_checksum = des_quad_cksum(notice->z_packet, NULL,
|
|
54 notice->z_default_format+
|
|
55 strlen(notice->z_default_format)+1-
|
|
56 notice->z_packet, 0, cred.session);
|
|
57 #endif
|
|
58 /* if mismatched checksum, then the packet was corrupted */
|
|
59 return ((our_checksum == notice->z_checksum) ? ZAUTH_YES : ZAUTH_FAILED);
|
|
60
|
|
61 #else
|
|
62 return (notice->z_auth ? ZAUTH_YES : ZAUTH_NO);
|
|
63 #endif
|
|
64 }
|