kauth: Catch ka_KeyCheckSum failures

[openafs.git] / src / kauth / kaprocs.c

diff --git a/src/kauth/kaprocs.c b/src/kauth/kaprocs.c
index 5da46ef..f3f1ead 100644 (file)
--- a/src/kauth/kaprocs.c
+++ b/src/kauth/kaprocs.c
@@ -12,6 +12,7 @@
 #include <afs/stds.h>
 
 #include <roken.h>
+#include <afs/opr.h>
 
 #ifdef HAVE_SYS_RESOURCE_H
 # include <sys/resource.h>
@@ -32,6 +33,7 @@
 #include <rx/xdr.h>
 #include <rx/rx.h>
 #include <rx/rxkad.h>
+#include <rx/rxkad_convert.h>
 #include <afs/cellconfig.h>
 #include <afs/auth.h>
 #include <afs/com_err.h>
@@ -646,8 +648,8 @@ kamCreateUser(struct rx_call *call, char *aname, char *ainstance,
        return code;
     }
     code = ubik_EndTrans(tt);
-    KALOG(aname, ainstance, NULL, NULL, NULL, call->conn->peer->host,
-         LOG_CRUSER);
+    KALOG(aname, ainstance, NULL, NULL, NULL,
+         rx_HostOf(rx_PeerOf(rx_ConnectionOf(call))), LOG_CRUSER);
     return code;
 }
 
@@ -922,8 +924,8 @@ kamSetPassword(struct rx_call *call, char *aname, char *ainstance,
        goto abort;
 
     code = ubik_EndTrans(tt);
-    KALOG(aname, ainstance, NULL, NULL, NULL, call->conn->peer->host,
-         LOG_CHPASSWD);
+    KALOG(aname, ainstance, NULL, NULL, NULL,
+         rx_HostOf(rx_PeerOf(rx_ConnectionOf(call))), LOG_CHPASSWD);
     return code;
 
   abort:
@@ -1245,15 +1247,15 @@ Authenticate(int version, struct rx_call *call, char *aname, char *ainstance,
     DES_pcbc_encrypt(oanswer->SeqBody, oanswer->SeqBody, oanswer->SeqLen,
                     &user_schedule, ktc_to_cblockptr(&tentry.key), ENCRYPT);
     code = ubik_EndTrans(tt);
-    KALOG(aname, ainstance, sname, sinst, NULL, call->conn->peer->host,
-         LOG_AUTHENTICATE);
+    KALOG(aname, ainstance, sname, sinst, NULL,
+         rx_HostOf(rx_PeerOf(rx_ConnectionOf(call))), LOG_AUTHENTICATE);
     return code;
 
   abort:
     COUNT_ABO;
     ubik_AbortTrans(tt);
-    KALOG(aname, ainstance, sname, sinst, NULL, call->conn->peer->host,
-         LOG_AUTHFAILED);
+    KALOG(aname, ainstance, sname, sinst, NULL,
+         rx_HostOf(rx_PeerOf(rx_ConnectionOf(call))), LOG_AUTHFAILED);
     return code;
 }
 
@@ -1454,8 +1456,8 @@ kamSetFields(struct rx_call *call,
        goto abort;
 
     code = ubik_EndTrans(tt);
-    KALOG(aname, ainstance, NULL, NULL, NULL, call->conn->peer->host,
-         LOG_SETFIELDS);
+    KALOG(aname, ainstance, NULL, NULL, NULL,
+         rx_HostOf(rx_PeerOf(rx_ConnectionOf(call))), LOG_SETFIELDS);
     return code;
 
   abort:
@@ -1527,8 +1529,8 @@ kamDeleteUser(struct rx_call *call, char *aname, char *ainstance)
        goto abort;
 
     code = ubik_EndTrans(tt);
-    KALOG(aname, ainstance, NULL, NULL, NULL, call->conn->peer->host,
-         LOG_DELUSER);
+    KALOG(aname, ainstance, NULL, NULL, NULL,
+         rx_HostOf(rx_PeerOf(rx_ConnectionOf(call))), LOG_DELUSER);
     return code;
 }
 
@@ -1630,13 +1632,17 @@ kamGetEntry(struct rx_call *call,
      * only return user's key if security disabled or if admin and
      * we have an encrypted connection to the user
      */
-    rxkad_GetServerInfo(call->conn, &enc_level, 0, 0, 0, 0, 0);
+    rxkad_GetServerInfo(rx_ConnectionOf(call), &enc_level, 0, 0, 0, 0, 0);
     if ((noAuthenticationRequired)
        || (callerIsAdmin && enc_level == rxkad_crypt))
        memcpy(&aentry->key, &tentry.key, sizeof(struct ktc_encryptionKey));
     else
        memset(&aentry->key, 0, sizeof(aentry->key));
+
     code = ka_KeyCheckSum((char *)&tentry.key, &aentry->keyCheckSum);
+    if (code)
+       goto abort;
+
     if (!tentry.pwsums[0] && npwSums > 1 && !tentry.pwsums[1]) {
        aentry->reserved3 = 0x12340000;
     } else {
@@ -1931,7 +1937,7 @@ GetTicket(int version,
                     &schedule, ktc_to_cblockptr(&authSessionKey), ENCRYPT);
     code = ubik_EndTrans(tt);
     KALOG(name, instance, sname, sinstance, (import ? authDomain : NULL),
-         call->conn->peer->host, LOG_GETTICKET);
+         rx_HostOf(rx_PeerOf(rx_ConnectionOf(call))), LOG_GETTICKET);
     return code;
 
   abort:
@@ -2257,8 +2263,8 @@ SKAM_Unlock(struct rx_call *call,
     kaux_write(to, 0, 0);      /* zero failure counters at this offset */
 
     code = ubik_EndTrans(tt);
-    KALOG(aname, ainstance, NULL, NULL, NULL, call->conn->peer->host,
-         LOG_UNLOCK);
+    KALOG(aname, ainstance, NULL, NULL, NULL,
+         rx_HostOf(rx_PeerOf(rx_ConnectionOf(call))), LOG_UNLOCK);
     goto exit;
 
   abort: