I am committing the unforgivable sin of committing big glop of code with a

[1ts-debian.git] / zephyr / server / dispatch.c

diff --git a/zephyr/server/dispatch.c b/zephyr/server/dispatch.c
index ad743a87f44a74295ba7f53c42f33dffbeb8b013..89e4dddb2dfb7e2971e2f0e81398c5c4bc202de5 100644 (file)
--- a/zephyr/server/dispatch.c
+++ b/zephyr/server/dispatch.c
@@ -14,6 +14,7 @@
 #include <zephyr/mit-copyright.h>
 #include "zserver.h"
 #include <sys/socket.h>
+#include <com_err.h>
 
 #ifndef lint
 #ifndef SABER
@@ -588,6 +589,7 @@ xmit_frag(notice, buf, len, waitforack)
     return(ZERR_NONE);
 }
 
+
 /*
  * Send the notice to the client.  After transmitting, put it onto the
  * not ack'ed list.
@@ -621,14 +623,23 @@ xmit(notice, dest, auth, client)
                                   we are distributing authentic and
                                   we have a pointer to auth info
                                   */
-#ifdef HAVE_KRB4
-       retval = ZFormatAuthenticNotice(notice, noticepack, packlen, &packlen,
-                                       client->session_key);
-       if (retval != ZERR_NONE) {
-           syslog(LOG_ERR, "xmit auth format: %s", error_message(retval));
-           free(noticepack);
-           return;
-       }
+#ifdef HAVE_KRB5
+         retval = ZFormatAuthenticNoticeV5(notice, noticepack, packlen,
+                                           &packlen, client->session_keyblock);
+         if (retval != ZERR_NONE) {
+              syslog(LOG_ERR, "xmit auth format: %s", error_message(retval));
+              free(noticepack);
+              return;
+         }
+#else
+#if defined(HAVE_KRB4)
+         retval = ZFormatAuthenticNotice(notice, noticepack, packlen,
+                                           &packlen, client->session_key);
+         if (retval != ZERR_NONE) {
+              syslog(LOG_ERR, "xmit auth format: %s", error_message(retval));
+              free(noticepack);
+              return;
+         }
 #else /* !HAVE_KRB4 */
        notice->z_auth = 1;
        retval = ZFormatSmallRawNotice(notice, noticepack, &packlen);
@@ -638,6 +649,7 @@ xmit(notice, dest, auth, client)
            return;
        }
 #endif /* HAVE_KRB4 */
+#endif /* HAVE_KRB5 */
     } else {
        notice->z_auth = 0;
        notice->z_authent_len = 0;
@@ -1165,9 +1177,27 @@ control_dispatch(notice, auth, who, server)
                clt_ack(notice, who, AUTH_FAILED);
            return ZERR_NONE;
        }
+#ifdef HAVE_KRB5
+        if (client->session_keyblock) {
+             krb5_free_keyblock_contents(Z_krb5_ctx, client->session_keyblock);
+             retval = krb5_copy_keyblock_contents(Z_krb5_ctx, ZGetSession(),
+                                         client->session_keyblock);
+        } else {
+             retval = krb5_copy_keyblock(Z_krb5_ctx, ZGetSession(), 
+                                &client->session_keyblock);
+        }
+        if (retval) {
+             syslog(LOG_WARNING, "keyblock copy failed in subscr: %s",
+                    error_message(retval));
+             if (server == me_server)
+                  nack(notice, who);
+             return ZERR_NONE;
+        }
+#else
 #ifdef HAVE_KRB4
        /* in case it's changed */
        memcpy(client->session_key, ZGetSession(), sizeof(C_Block));
+#endif
 #endif
        retval = subscr_subscribe(client, notice, server);
        if (retval != ZERR_NONE) {