src/protocols/zephyr/ZMkAuth.c

   1 /* This file is part of the Project Athena Zephyr Notification System.
   2  * It contains source for the ZMakeAuthentication function.
   3  *
   4  *      Created by:     Robert French
   5  *
   6  *      $Source$
   7  *      $Author: warmenhoven $
   8  *
   9  *      Copyright (c) 1987 by the Massachusetts Institute of Technology.
  10  *      For copying and distribution information, see the file
  11  *      "mit-copyright.h".
  12  */
  13 /* $Id: ZMkAuth.c 2096 2001-07-31 01:00:39Z warmenhoven $ */
  14
  15 #include <internal.h>
  16
  17 #ifndef lint
  18 static const char rcsid_ZMakeAuthentication_c[] = "$Id: ZMkAuth.c 2096 2001-07-31 01:00:39Z warmenhoven $";
  19 #endif
  20
  21 #ifdef ZEPHYR_USES_KERBEROS
  22 #include <krb_err.h>
  23 static long last_authent_time = 0L;
  24 static KTEXT_ST last_authent;
  25 #endif
  26
  27 Code_t ZResetAuthentication () {
  28 #ifdef ZEPHYR_USES_KERBEROS
  29     last_authent_time = 0L;
  30 #endif
  31     return ZERR_NONE;
  32 }
  33
  34 Code_t ZMakeAuthentication(notice, buffer, buffer_len, len)
  35     register ZNotice_t *notice;
  36     char *buffer;
  37     int buffer_len;
  38     int *len;
  39 {
  40 #ifdef ZEPHYR_USES_KERBEROS
  41     int result;
  42     time_t now;
  43     KTEXT_ST authent;
  44     char *cstart, *cend;
  45     ZChecksum_t checksum;
  46     CREDENTIALS cred;
  47     extern unsigned long des_quad_cksum();
  48
  49     now = time(0);
  50     if (last_authent_time == 0 || (now - last_authent_time > 120)) {
  51         result = krb_mk_req(&authent, SERVER_SERVICE,
  52                             SERVER_INSTANCE, __Zephyr_realm, 0);
  53         if (result != MK_AP_OK) {
  54             last_authent_time = 0;
  55             return (result+krb_err_base);
  56         }
  57         last_authent_time = now;
  58         last_authent = authent;
  59     }
  60     else {
  61         authent = last_authent;
  62     }
  63     notice->z_auth = 1;
  64     notice->z_authent_len = authent.length;
  65     notice->z_ascii_authent = (char *)malloc((unsigned)authent.length*3);
  66     /* zero length authent is an error, so malloc(0) is not a problem */
  67     if (!notice->z_ascii_authent)
  68         return (ENOMEM);
  69     if ((result = ZMakeAscii(notice->z_ascii_authent,
  70                              authent.length*3,
  71                              authent.dat,
  72                              authent.length)) != ZERR_NONE) {
  73         free(notice->z_ascii_authent);
  74         return (result);
  75     }
  76     result = Z_FormatRawHeader(notice, buffer, buffer_len, len, &cstart,
  77                                &cend);
  78     free(notice->z_ascii_authent);
  79     notice->z_authent_len = 0;
  80     if (result)
  81         return(result);
  82
  83     /* Compute a checksum over the header and message. */
  84     if ((result = krb_get_cred(SERVER_SERVICE, SERVER_INSTANCE,
  85                               __Zephyr_realm, &cred)) != 0)
  86         return result;
  87     checksum = des_quad_cksum(buffer, NULL, cstart - buffer, 0, cred.session);
  88     checksum ^= des_quad_cksum(cend, NULL, buffer + *len - cend, 0,
  89                                cred.session);
  90     checksum ^= des_quad_cksum(notice->z_message, NULL, notice->z_message_len,
  91                                0, cred.session);
  92     notice->z_checksum = checksum;
  93     ZMakeAscii32(cstart, buffer + buffer_len - cstart, checksum);
  94
  95     return (ZERR_NONE);
  96 #else
  97     notice->z_checksum = 0;
  98     notice->z_auth = 1;
  99     notice->z_authent_len = 0;
 100     notice->z_ascii_authent = "";
 101     return (Z_FormatRawHeader(notice, buffer, buffer_len, len, NULL, NULL));
 102 #endif
 103 }