#define TKTLIFETIME 120
#define tkt_lifetime(val) ((long) val * 5L * 60L)
-#ifndef NOENCRYPTION
extern C_Block serv_key;
extern Sched serv_ksched;
-#endif
#endif /* HAVE_KRB4 */
static Timer *bdump_timer;
ticket_time = NOW;
}
-#ifndef NOENCRYPTION
retval = read_service_key(SERVER_SERVICE, SERVER_INSTANCE,
ZGetRealm(), 0 /*kvno*/,
srvtab_file, (char *)serv_key);
return 1;
}
des_key_sched(serv_key, serv_ksched.s);
-#endif /* !NOENCRYPTION */
}
#ifdef HAVE_KRB5
/* XXX */
syslog(LOG_ERR,"brl bad cblk read: %s (%s)",
error_message(retval), cp);
} else {
-#ifdef NOENCRYPTION
- memcpy(cblock, client->session_key, sizeof(C_Block));
-#else
des_ecb_encrypt(cblock, client->session_key, serv_ksched.s,
DES_DECRYPT);
-#endif
}
}
#endif /* HAVE_KRB4 */
}
/* Check the cryptographic checksum. */
-#ifdef NOENCRYPTION
- checksum = 0;
-#else
checksum = compute_checksum(notice, dat.session);
-#endif
+
if (checksum != notice->z_checksum)
return ZAUTH_FAILED;
compute_checksum(ZNotice_t *notice,
C_Block session_key)
{
-#ifdef NOENCRYPTION
- return 0;
-#else
ZChecksum_t checksum;
char *cstart, *cend, *hstart = notice->z_packet, *hend = notice->z_message;
checksum ^= des_quad_cksum((unsigned char *)notice->z_message, NULL, notice->z_message_len,
0, (C_Block *)session_key);
return checksum;
-#endif
}
static ZChecksum_t compute_rlm_checksum(ZNotice_t *notice,
C_Block session_key)
{
-#ifdef NOENCRYPTION
- return 0;
-#else
ZChecksum_t checksum;
char *cstart, *cend, *hstart = notice->z_packet;
cstart = notice->z_default_format + strlen(notice->z_default_format) + 1;
cend = cstart + strlen(cstart) + 1;
checksum = des_quad_cksum((unsigned char *)hstart, NULL, cstart - hstart, 0, (C_Block *)session_key);
+
return checksum;
-#endif
}
#ifdef HAVE_KRB5
*/
#ifdef HAVE_KRB4
-#ifndef NOENCRYPTION
C_Block serv_key;
Sched serv_ksched;
#endif
-#endif
/* for compatibility when sending subscription information to old clients */
#endif /* HAVE_KRB4 */
#else /* HAVE_KRB5 */
#ifdef HAVE_KRB4
-#ifdef NOENCRYPTION
- memcpy(cblock, client->session_key, sizeof(C_Block));
-#else /* NOENCRYPTION */
des_ecb_encrypt(client->session_key, cblock, serv_ksched.s, DES_ENCRYPT);
-#endif /* NOENCRYPTION */
retval = ZMakeAscii(buf, sizeof(buf), cblock, sizeof(C_Block));
#endif /* HAVE_KRB4 */
#define NOW t_local.tv_sec
#ifdef HAVE_KRB4
-#ifndef NOENCRYPTION
/* Kerberos shouldn't stick us with array types... */
typedef struct {
des_key_schedule s;
} Sched;
#endif
-#endif
typedef struct _Destination Destination;
typedef struct _Destlist Destlist;