1 /* This file is part of the Project Athena Zephyr Notification System.
2 * It contains source for the internal Zephyr routines.
4 * Created by: Robert French
6 * $Id: Zinternal.c,v 1.42 2002/09/10 16:04:31 ghudson Exp $
8 * Copyright (c) 1987,1988,1991 by the Massachusetts Institute of
10 * For copying and distribution information, see the file
15 #include <arpa/inet.h>
16 #include <sys/socket.h>
20 static const char rcsid_Zinternal_c[] =
21 "$Id: Zinternal.c,v 1.42 2002/09/10 16:04:31 ghudson Exp $";
22 static const char copyright[] =
23 "Copyright (c) 1987,1988,1991 by the Massachusetts Institute of Technology.";
26 extern char *inet_ntoa ();
30 int __Zephyr_port = -1;
31 struct in_addr __My_addr;
32 int __Q_CompleteLength;
34 struct _Z_InputQ *__Q_Head, *__Q_Tail;
35 struct sockaddr_in __HM_addr;
36 struct sockaddr_in __HM_addr_real;
39 ZLocations_t *__locate_list;
42 ZSubscription_t *__subscriptions_list;
43 int __subscriptions_num;
44 int __subscriptions_next;
45 int Z_discarded_packets = 0;
48 /* This context is used throughout */
49 krb5_context Z_krb5_ctx;
51 static struct cksum_map_s {
55 /* per RFC1510 and draft-ietf-krb-wg-crypto-02.txt */
56 { ENCTYPE_NULL, CKSUMTYPE_RSA_MD5 },
57 { ENCTYPE_DES_CBC_CRC, CKSUMTYPE_RSA_MD5_DES },
58 { ENCTYPE_DES_CBC_MD4, CKSUMTYPE_RSA_MD4_DES },
59 { ENCTYPE_DES_CBC_MD5, CKSUMTYPE_RSA_MD5_DES },
62 * The implementors hate us, and are inconsistent with names for
63 * most things defined after RFC1510. Note that des3-cbc-sha1
64 * and des3-cbc-sha1-kd are listed by number to avoid confusion
65 * caused by inconsistency between the names used in the specs
66 * and those used by implementations.
67 * -- jhutz, 30-Nov-2002
70 /* source lost in history (an expired internet-draft) */
71 { 5 /* des3-cbc-md5 */, 9 /* rsa-md5-des3 */ },
72 { 7 /* des3-cbc-sha1 */, 12 /* hmac-sha1-des3 */ },
74 /* per draft-ietf-krb-wg-crypto-02.txt */
75 { 16 /* des3-cbc-sha1-kd */, 12 /* hmac-sha1-des3-kd */ },
77 /* per draft-raeburn-krb-rijndael-krb-02.txt */
78 { 17 /* aes128-cts-hmac-sha1-96 */, 10 /* hmac-sha1-96-aes128 */ },
79 { 18 /* aes256-cts-hmac-sha1-96 */, 11 /* hmac-sha1-96-aes256 */ },
81 /* per draft-brezak-win2k-krb-rc4-hmac-04.txt */
82 { 23 /* rc4-hmac */, -138 /* hmac-md5 */ },
83 { 24 /* rc4-hmac-exp */, -138 /* hmac-md5 */ },
85 #define N_CKSUM_MAP (sizeof(cksum_map) / sizeof(struct cksum_map_s))
87 Code_t Z_krb5_lookup_cksumtype(krb5_enctype e, krb5_cksumtype *c)
91 for (i = 0; i < N_CKSUM_MAP; i++) {
92 if (cksum_map[i].e == e) {
97 return KRB5_PROG_ETYPE_NOSUPP;
99 #endif /* HAVE_KRB5 */
101 char __Zephyr_realm[REALM_SZ];
104 void (*__Z_debug_print) __P((const char *fmt, va_list args, void *closure));
105 void *__Z_debug_print_closure;
108 #define min(a,b) ((a)<(b)?(a):(b))
110 static int Z_AddField __P((char **ptr, char *field, char *end));
111 static int find_or_insert_uid __P((ZUnique_Id_t *uid, ZNotice_Kind_t kind));
113 /* Find or insert uid in the old uids buffer. The buffer is a sorted
114 * circular queue. We make the assumption that most packets arrive in
115 * order, so we can usually search for a uid or insert it into the buffer
116 * by looking back just a few entries from the end. Since this code is
117 * only executed by the client, the implementation isn't microoptimized. */
118 static int find_or_insert_uid(uid, kind)
122 static struct _filter {
136 /* Initialize the uid buffer if it hasn't been done already. */
138 size = Z_INITFILTERSIZE;
139 buffer = (struct _filter *) malloc(size * sizeof(*buffer));
144 /* Age the uid buffer, discarding any uids older than the clock skew. */
146 while (num && (now - buffer[start % size].t) > CLOCK_SKEW)
150 /* Make room for a new uid, since we'll probably have to insert one. */
152 new_size = size * 2 + 2;
153 new = (struct _filter *) malloc(new_size * sizeof(*new));
156 for (i = 0; i < num; i++)
157 new[i] = buffer[(start + i) % size];
164 /* Search for this uid in the buffer, starting from the end. */
165 for (i = start + num - 1; i >= start; i--) {
166 result = memcmp(uid, &buffer[i % size].uid, sizeof(*uid));
167 if (result == 0 && buffer[i % size].kind == kind)
173 /* We didn't find it; insert the uid into the buffer after i. */
175 for (j = start + num; j > i; j--)
176 buffer[j % size] = buffer[(j - 1) % size];
177 buffer[i % size].uid = *uid;
178 buffer[i % size].kind = kind;
179 buffer[i % size].t = now;
186 /* Return 1 if there is a packet waiting, 0 otherwise */
188 int Z_PacketWaiting()
193 tv.tv_sec = tv.tv_usec = 0;
195 FD_SET(ZGetFD(), &read);
196 return (select(ZGetFD() + 1, &read, NULL, NULL, &tv));
200 /* Wait for a complete notice to become available */
202 Code_t Z_WaitForComplete()
206 if (__Q_CompleteLength)
207 return (Z_ReadEnqueue());
209 while (!__Q_CompleteLength)
210 if ((retval = Z_ReadWait()) != ZERR_NONE)
217 /* Read any available packets and enqueue them */
219 Code_t Z_ReadEnqueue()
224 return (ZERR_NOPORT);
226 while (Z_PacketWaiting())
227 if ((retval = Z_ReadWait()) != ZERR_NONE)
235 * Search the queue for a notice with the proper multiuid - remove any
236 * notices that haven't been touched in a while
239 struct _Z_InputQ *Z_SearchQueue(uid, kind)
243 register struct _Z_InputQ *qptr;
244 struct _Z_InputQ *next;
247 (void) gettimeofday(&tv, (struct timezone *)0);
252 if (ZCompareUID(uid, &qptr->uid) && qptr->kind == kind)
255 if (qptr->timep && (qptr->timep+Z_NOTICETIMELIMIT < tv.tv_sec))
263 * Now we delve into really convoluted queue handling and
264 * fragmentation reassembly algorithms and other stuff you probably
265 * don't want to look at...
267 * This routine does NOT guarantee a complete packet will be ready when it
273 register struct _Z_InputQ *qptr;
276 struct sockaddr_in olddest, from;
277 int from_len, packet_len, zvlen, part, partof;
284 return (ZERR_NOPORT);
287 FD_SET(ZGetFD(), &fds);
291 if (select(ZGetFD() + 1, &fds, NULL, NULL, &tv) < 0)
293 if (!FD_ISSET(ZGetFD(), &fds))
296 from_len = sizeof(struct sockaddr_in);
298 packet_len = recvfrom(ZGetFD(), packet, sizeof(packet), 0,
299 (struct sockaddr *)&from, &from_len);
307 /* Ignore obviously non-Zephyr packets. */
308 zvlen = sizeof(ZVERSIONHDR) - 1;
309 if (packet_len < zvlen || memcmp(packet, ZVERSIONHDR, zvlen) != 0) {
310 Z_discarded_packets++;
314 /* Parse the notice */
315 if ((retval = ZParseNotice(packet, packet_len, ¬ice)) != ZERR_NONE)
319 * If we're not a server and the notice is of an appropriate kind,
320 * send back a CLIENTACK to whoever sent it to say we got it.
322 if (!__Zephyr_server) {
323 if (notice.z_kind != HMACK && notice.z_kind != SERVACK &&
324 notice.z_kind != SERVNAK && notice.z_kind != CLIENTACK) {
330 tmpnotice.z_kind = CLIENTACK;
331 tmpnotice.z_message_len = 0;
334 if ((retval = ZFormatSmallRawNotice(&tmpnotice, pkt, &len))
337 if ((retval = ZSendPacket(pkt, len, 0)) != ZERR_NONE)
341 if (find_or_insert_uid(¬ice.z_uid, notice.z_kind))
344 /* Check authentication on the notice. */
345 notice.z_checked_auth = ZCheckAuthentication(¬ice, &from);
350 * Parse apart the z_multinotice field - if the field is blank for
351 * some reason, assume this packet stands by itself.
353 slash = strchr(notice.z_multinotice, '/');
355 part = atoi(notice.z_multinotice);
356 partof = atoi(slash+1);
357 if (part > partof || partof == 0) {
359 partof = notice.z_message_len;
364 partof = notice.z_message_len;
367 /* Too big a packet...just ignore it! */
368 if (partof > Z_MAXNOTICESIZE)
372 * If we aren't a server and we can find a notice in the queue
373 * with the same multiuid field, insert the current fragment as
376 switch (notice.z_kind) {
379 /* The SERVACK and SERVNAK replies shouldn't be reassembled
380 (they have no parts). Instead, we should hold on to the reply
381 ONLY if it's the first part of a fragmented message, i.e.
382 multi_uid == uid. This allows programs to wait for the uid
383 of the first packet, and get a response when that notice
384 arrives. Acknowledgements of the other fragments are discarded
385 (XXX we assume here that they all carry the same information
386 regarding failure/success)
388 if (!__Zephyr_server &&
389 !ZCompareUID(¬ice.z_multiuid, ¬ice.z_uid))
390 /* they're not the same... throw away this packet. */
392 /* fall thru & process it */
394 /* for HMACK types, we assume no packet loss (local loopback
395 connections). The other types can be fragmented and MUST
396 run through this code. */
397 if (!__Zephyr_server && (qptr = Z_SearchQueue(¬ice.z_multiuid,
400 * If this is the first fragment, and we haven't already
401 * gotten a first fragment, grab the header from it.
403 if (part == 0 && !qptr->header) {
404 qptr->header_len = packet_len-notice.z_message_len;
405 qptr->header = (char *) malloc((unsigned) qptr->header_len);
408 (void) memcpy(qptr->header, packet, qptr->header_len);
410 return (Z_AddNoticeToEntry(qptr, ¬ice, part));
415 * We'll have to create a new entry...make sure the queue isn't
416 * going to get too big.
418 if (__Q_Size+(__Zephyr_server ? notice.z_message_len : partof) > Z_MAXQUEUESIZE)
422 * This is a notice we haven't heard of, so create a new queue
423 * entry for it and zero it out.
425 qptr = (struct _Z_InputQ *)malloc(sizeof(struct _Z_InputQ));
428 (void) memset((char *)qptr, 0, sizeof(struct _Z_InputQ));
430 /* Insert the entry at the end of the queue */
432 qptr->prev = __Q_Tail;
434 __Q_Tail->next = qptr;
441 /* Copy the from field, multiuid, kind, and checked authentication. */
443 qptr->uid = notice.z_multiuid;
444 qptr->kind = notice.z_kind;
445 qptr->auth = notice.z_checked_auth;
448 * If this is the first part of the notice, we take the header
449 * from it. We only take it if this is the first fragment so that
450 * the Unique ID's will be predictable.
452 * If a Zephyr Server, we always take the header.
454 if (__Zephyr_server || part == 0) {
455 qptr->header_len = packet_len-notice.z_message_len;
456 qptr->header = (char *) malloc((unsigned) qptr->header_len);
459 (void) memcpy(qptr->header, packet, qptr->header_len);
463 * If this is not a fragmented notice, then don't bother with a
465 * If we are a Zephyr server, all notices are treated as complete.
467 if (__Zephyr_server || (part == 0 && notice.z_message_len == partof)) {
468 __Q_CompleteLength++;
469 qptr->holelist = (struct _Z_Hole *) 0;
471 /* allocate a msg buf for this piece */
472 if (notice.z_message_len == 0)
474 else if (!(qptr->msg = (char *) malloc((unsigned) notice.z_message_len)))
477 (void) memcpy(qptr->msg, notice.z_message, notice.z_message_len);
478 qptr->msg_len = notice.z_message_len;
479 __Q_Size += notice.z_message_len;
480 qptr->packet_len = qptr->header_len+qptr->msg_len;
481 if (!(qptr->packet = (char *) malloc((unsigned) qptr->packet_len)))
483 (void) memcpy(qptr->packet, qptr->header, qptr->header_len);
485 (void) memcpy(qptr->packet+qptr->header_len, qptr->msg,
491 * We know how long the message is going to be (this is better
492 * than IP fragmentation...), so go ahead and allocate it all.
494 if (!(qptr->msg = (char *) malloc((unsigned) partof)) && partof)
496 qptr->msg_len = partof;
500 * Well, it's a fragmented notice...allocate a hole list and
501 * initialize it to the full packet size. Then insert the
504 if (!(qptr->holelist = (struct _Z_Hole *)
505 malloc(sizeof(struct _Z_Hole))))
507 qptr->holelist->next = (struct _Z_Hole *) 0;
508 qptr->holelist->first = 0;
509 qptr->holelist->last = partof-1;
510 return (Z_AddNoticeToEntry(qptr, ¬ice, part));
514 /* Fragment management routines - compliments, more or less, of RFC815 */
516 Code_t Z_AddNoticeToEntry(qptr, notice, part)
517 struct _Z_InputQ *qptr;
521 int last, oldfirst, oldlast;
522 struct _Z_Hole *hole, *lasthole;
526 if (part < 0 || notice->z_message_len < 0 || part > qptr->msg_len
527 || notice->z_message_len > qptr->msg_len - part)
530 /* Incorporate this notice's checked authentication. */
531 if (notice->z_checked_auth == ZAUTH_FAILED)
532 qptr->auth = ZAUTH_FAILED;
533 else if (notice->z_checked_auth == ZAUTH_NO && qptr->auth != ZAUTH_FAILED)
534 qptr->auth = ZAUTH_NO;
536 (void) gettimeofday(&tv, (struct timezone *)0);
537 qptr->timep = tv.tv_sec;
539 last = part+notice->z_message_len-1;
541 hole = qptr->holelist;
542 lasthole = (struct _Z_Hole *) 0;
544 /* copy in the message body */
545 (void) memcpy(qptr->msg+part, notice->z_message, notice->z_message_len);
547 /* Search for a hole that overlaps with the current fragment */
549 if (part <= hole->last && last >= hole->first)
555 /* If we found one, delete it and reconstruct a new hole */
557 oldfirst = hole->first;
558 oldlast = hole->last;
560 lasthole->next = hole->next;
562 qptr->holelist = hole->next;
565 * Now create a new hole that is the original hole without the
568 if (part > oldfirst) {
569 /* Search for the end of the hole list */
570 hole = qptr->holelist;
571 lasthole = (struct _Z_Hole *) 0;
577 if (!(lasthole->next = (struct _Z_Hole *)
578 malloc(sizeof(struct _Z_InputQ))))
580 hole = lasthole->next;
583 if (!(qptr->holelist = (struct _Z_Hole *)
584 malloc(sizeof(struct _Z_InputQ))))
586 hole = qptr->holelist;
589 hole->first = oldfirst;
592 if (last < oldlast) {
593 /* Search for the end of the hole list */
594 hole = qptr->holelist;
595 lasthole = (struct _Z_Hole *) 0;
601 if (!(lasthole->next = (struct _Z_Hole *)
602 malloc(sizeof(struct _Z_InputQ))))
604 hole = lasthole->next;
607 if (!(qptr->holelist = (struct _Z_Hole *)
608 malloc(sizeof(struct _Z_InputQ))))
610 hole = qptr->holelist;
612 hole->next = (struct _Z_Hole *) 0;
613 hole->first = last+1;
614 hole->last = oldlast;
618 if (!qptr->holelist) {
620 __Q_CompleteLength++;
622 qptr->timep = 0; /* don't time out anymore */
623 qptr->packet_len = qptr->header_len+qptr->msg_len;
624 if (!(qptr->packet = (char *) malloc((unsigned) qptr->packet_len)))
626 (void) memcpy(qptr->packet, qptr->header, qptr->header_len);
627 (void) memcpy(qptr->packet+qptr->header_len, qptr->msg,
634 void Z_gettimeofday(struct _ZTimeval *ztv, struct timezone *tz)
637 (void) gettimeofday(&tv, tz); /* yeah, yeah, I know */
638 ztv->tv_sec=tv.tv_sec;
639 ztv->tv_usec=tv.tv_usec;
642 Code_t Z_FormatHeader(notice, buffer, buffer_len, len, cert_routine)
647 Z_AuthProc cert_routine;
650 static char version[BUFSIZ]; /* default init should be all \0 */
651 struct sockaddr_in name;
652 int namelen = sizeof(name);
654 if (!notice->z_sender)
655 notice->z_sender = ZGetSender();
657 if (notice->z_port == 0) {
659 retval = ZOpenPort((u_short *)0);
660 if (retval != ZERR_NONE)
663 retval = getsockname(ZGetFD(), (struct sockaddr *) &name, &namelen);
666 notice->z_port = name.sin_port;
669 notice->z_multinotice = "";
671 (void) Z_gettimeofday(¬ice->z_uid.tv, (struct timezone *)0);
672 notice->z_uid.tv.tv_sec = htonl((u_long) notice->z_uid.tv.tv_sec);
673 notice->z_uid.tv.tv_usec = htonl((u_long) notice->z_uid.tv.tv_usec);
675 (void) memcpy(¬ice->z_uid.zuid_addr, &__My_addr, sizeof(__My_addr));
677 notice->z_multiuid = notice->z_uid;
680 (void) sprintf(version, "%s%d.%d", ZVERSIONHDR, ZVERSIONMAJOR,
682 notice->z_version = version;
684 return Z_FormatAuthHeader(notice, buffer, buffer_len, len, cert_routine);
687 Code_t Z_NewFormatHeader(notice, buffer, buffer_len, len, cert_routine)
692 Z_AuthProc cert_routine;
695 static char version[BUFSIZ]; /* default init should be all \0 */
696 struct sockaddr_in name;
697 int namelen = sizeof(name);
699 if (!notice->z_sender)
700 notice->z_sender = ZGetSender();
702 if (notice->z_port == 0) {
704 retval = ZOpenPort((u_short *)0);
705 if (retval != ZERR_NONE)
708 retval = getsockname(ZGetFD(), (struct sockaddr *) &name, &namelen);
711 notice->z_port = name.sin_port;
714 notice->z_multinotice = "";
716 (void) gettimeofday(¬ice->z_uid.tv, (struct timezone *)0);
717 notice->z_uid.tv.tv_sec = htonl((u_long) notice->z_uid.tv.tv_sec);
718 notice->z_uid.tv.tv_usec = htonl((u_long) notice->z_uid.tv.tv_usec);
720 (void) memcpy(¬ice->z_uid.zuid_addr, &__My_addr, sizeof(__My_addr));
722 notice->z_multiuid = notice->z_uid;
725 (void) sprintf(version, "%s%d.%d", ZVERSIONHDR, ZVERSIONMAJOR,
727 notice->z_version = version;
729 return Z_NewFormatAuthHeader(notice, buffer, buffer_len, len, cert_routine);
732 Code_t Z_FormatAuthHeader(notice, buffer, buffer_len, len, cert_routine)
737 Z_AuthProc cert_routine;
741 notice->z_authent_len = 0;
742 notice->z_ascii_authent = "";
743 notice->z_checksum = 0;
744 return (Z_FormatRawHeader(notice, buffer, buffer_len,
748 return ((*cert_routine)(notice, buffer, buffer_len, len));
751 Code_t Z_NewFormatAuthHeader(notice, buffer, buffer_len, len, cert_routine)
756 Z_AuthProc cert_routine;
760 notice->z_authent_len = 0;
761 notice->z_ascii_authent = "";
762 notice->z_checksum = 0;
763 return (Z_FormatRawHeader(notice, buffer, buffer_len,
767 return ((*cert_routine)(notice, buffer, buffer_len, len));
770 Code_t Z_NewFormatRawHeader(notice, buffer, buffer_len, hdr_len,
771 cksum_start, cksum_len, cstart, cend)
778 char **cstart, **cend;
780 return(Z_ZcodeFormatRawHeader(notice, buffer, buffer_len, hdr_len,
781 cksum_start, cksum_len, cstart, cend, 0));
784 Code_t Z_AsciiFormatRawHeader(notice, buffer, buffer_len, hdr_len,
785 cksum_start, cksum_len, cstart, cend)
792 char **cstart, **cend;
794 return(Z_ZcodeFormatRawHeader(notice, buffer, buffer_len, hdr_len,
795 cksum_start, cksum_len, cstart, cend, 1));
798 Code_t Z_ZcodeFormatRawHeader(notice, buffer, buffer_len, hdr_len, cksum_start,
799 cksum_len, cstart, cend, cksumstyle)
806 char **cstart, **cend;
809 static char version_nogalaxy[BUFSIZ]; /* default init should be all \0 */
810 char newrecip[BUFSIZ];
814 if (!notice->z_class)
815 notice->z_class = "";
817 if (!notice->z_class_inst)
818 notice->z_class_inst = "";
820 if (!notice->z_opcode)
821 notice->z_opcode = "";
823 if (!notice->z_recipient)
824 notice->z_recipient = "";
826 if (!notice->z_default_format)
827 notice->z_default_format = "";
830 end = buffer+buffer_len;
835 (void) sprintf(version_nogalaxy, "%s%d.%d", ZVERSIONHDR,
836 ZVERSIONMAJOR, ZVERSIONMINOR);
838 notice->z_version = version_nogalaxy;
840 if (Z_AddField(&ptr, version_nogalaxy, end))
841 return (ZERR_HEADERLEN);
843 if (ZMakeAscii32(ptr, end-ptr,
844 Z_NUMFIELDS + notice->z_num_other_fields)
846 return (ZERR_HEADERLEN);
847 ptr += strlen(ptr)+1;
849 if (ZMakeAscii32(ptr, end-ptr, notice->z_kind) == ZERR_FIELDLEN)
850 return (ZERR_HEADERLEN);
851 ptr += strlen(ptr)+1;
853 if (ZMakeAscii(ptr, end-ptr, (unsigned char *)¬ice->z_uid,
854 sizeof(ZUnique_Id_t)) == ZERR_FIELDLEN)
855 return (ZERR_HEADERLEN);
856 ptr += strlen(ptr)+1;
858 if (ZMakeAscii16(ptr, end-ptr, ntohs(notice->z_port)) == ZERR_FIELDLEN)
859 return (ZERR_HEADERLEN);
860 ptr += strlen(ptr)+1;
862 if (ZMakeAscii32(ptr, end-ptr, notice->z_auth) == ZERR_FIELDLEN)
863 return (ZERR_HEADERLEN);
864 ptr += strlen(ptr)+1;
866 if (ZMakeAscii32(ptr, end-ptr, notice->z_authent_len) == ZERR_FIELDLEN)
867 return (ZERR_HEADERLEN);
868 ptr += strlen(ptr)+1;
870 if (Z_AddField(&ptr, notice->z_ascii_authent, end))
871 return (ZERR_HEADERLEN);
872 if (Z_AddField(&ptr, notice->z_class, end))
873 return (ZERR_HEADERLEN);
874 if (Z_AddField(&ptr, notice->z_class_inst, end))
875 return (ZERR_HEADERLEN);
876 if (Z_AddField(&ptr, notice->z_opcode, end))
877 return (ZERR_HEADERLEN);
878 if (Z_AddField(&ptr, notice->z_sender, end))
879 return (ZERR_HEADERLEN);
880 if (strchr(notice->z_recipient, '@') || !*notice->z_recipient) {
881 if (Z_AddField(&ptr, notice->z_recipient, end))
882 return (ZERR_HEADERLEN);
885 if (strlen(notice->z_recipient) + strlen(__Zephyr_realm) + 2 >
887 return (ZERR_HEADERLEN);
888 (void) sprintf(newrecip, "%s@%s", notice->z_recipient, __Zephyr_realm);
889 if (Z_AddField(&ptr, newrecip, end))
890 return (ZERR_HEADERLEN);
892 if (Z_AddField(&ptr, notice->z_default_format, end))
893 return (ZERR_HEADERLEN);
895 /* copy back the end pointer location for crypto checksum */
898 if (cksumstyle == 1) {
899 if (Z_AddField(&ptr, notice->z_ascii_checksum, end))
900 return (ZERR_HEADERLEN);
903 if (ZMakeZcode32(ptr, end-ptr, notice->z_checksum) == ZERR_FIELDLEN)
904 return ZERR_HEADERLEN;
906 if (ZMakeAscii32(ptr, end-ptr, notice->z_checksum) == ZERR_FIELDLEN)
907 return (ZERR_HEADERLEN);
909 ptr += strlen(ptr)+1;
914 if (Z_AddField(&ptr, notice->z_multinotice, end))
915 return (ZERR_HEADERLEN);
917 if (ZMakeAscii(ptr, end-ptr, (unsigned char *)¬ice->z_multiuid,
918 sizeof(ZUnique_Id_t)) == ZERR_FIELDLEN)
919 return (ZERR_HEADERLEN);
920 ptr += strlen(ptr)+1;
922 for (i=0;i<notice->z_num_other_fields;i++)
923 if (Z_AddField(&ptr, notice->z_other_fields[i], end))
924 return (ZERR_HEADERLEN);
927 *cksum_len = ptr-*cksum_start;
929 *hdr_len = ptr-buffer;
933 printf("Z_FormatRawHeader output:\n");
934 for (i = 0; i < *hdr_len; i += 16) {
937 for (i2 = i; i2 < i+16 && i2 < *hdr_len; i2++)
938 printf(" %02x", buffer[i2] & 0xff);
939 for (; i2 < i+16; i2++)
942 for (i2 = i; i2 < i+16 && i2 < *hdr_len; i2++)
944 ((buffer[i2] > 0 && buffer[i2] < 127 && isprint(buffer[i2]))
955 Code_t Z_FormatRawHeader(notice, buffer, buffer_len, len, cstart, cend)
960 char **cstart, **cend;
962 char newrecip[BUFSIZ];
966 if (!notice->z_class)
967 notice->z_class = "";
969 if (!notice->z_class_inst)
970 notice->z_class_inst = "";
972 if (!notice->z_opcode)
973 notice->z_opcode = "";
975 if (!notice->z_recipient)
976 notice->z_recipient = "";
978 if (!notice->z_default_format)
979 notice->z_default_format = "";
982 end = buffer+buffer_len;
984 if (buffer_len < strlen(notice->z_version)+1)
985 return (ZERR_HEADERLEN);
987 (void) strcpy(ptr, notice->z_version);
988 ptr += strlen(ptr)+1;
990 if (ZMakeAscii32(ptr, end-ptr, Z_NUMFIELDS + notice->z_num_other_fields)
992 return (ZERR_HEADERLEN);
993 ptr += strlen(ptr)+1;
995 if (ZMakeAscii32(ptr, end-ptr, notice->z_kind) == ZERR_FIELDLEN)
996 return (ZERR_HEADERLEN);
997 ptr += strlen(ptr)+1;
999 if (ZMakeAscii(ptr, end-ptr, (unsigned char *)¬ice->z_uid,
1000 sizeof(ZUnique_Id_t)) == ZERR_FIELDLEN)
1001 return (ZERR_HEADERLEN);
1002 ptr += strlen(ptr)+1;
1004 if (ZMakeAscii16(ptr, end-ptr, ntohs(notice->z_port)) == ZERR_FIELDLEN)
1005 return (ZERR_HEADERLEN);
1006 ptr += strlen(ptr)+1;
1008 if (ZMakeAscii32(ptr, end-ptr, notice->z_auth) == ZERR_FIELDLEN)
1009 return (ZERR_HEADERLEN);
1010 ptr += strlen(ptr)+1;
1012 if (ZMakeAscii32(ptr, end-ptr, notice->z_authent_len) == ZERR_FIELDLEN)
1013 return (ZERR_HEADERLEN);
1014 ptr += strlen(ptr)+1;
1016 if (Z_AddField(&ptr, notice->z_ascii_authent, end))
1017 return (ZERR_HEADERLEN);
1018 if (Z_AddField(&ptr, notice->z_class, end))
1019 return (ZERR_HEADERLEN);
1020 if (Z_AddField(&ptr, notice->z_class_inst, end))
1021 return (ZERR_HEADERLEN);
1022 if (Z_AddField(&ptr, notice->z_opcode, end))
1023 return (ZERR_HEADERLEN);
1024 if (Z_AddField(&ptr, notice->z_sender, end))
1025 return (ZERR_HEADERLEN);
1026 if (strchr(notice->z_recipient, '@') || !*notice->z_recipient) {
1027 if (Z_AddField(&ptr, notice->z_recipient, end))
1028 return (ZERR_HEADERLEN);
1031 if (strlen(notice->z_recipient) + strlen(__Zephyr_realm) + 2 >
1033 return (ZERR_HEADERLEN);
1034 (void) sprintf(newrecip, "%s@%s", notice->z_recipient, __Zephyr_realm);
1035 if (Z_AddField(&ptr, newrecip, end))
1036 return (ZERR_HEADERLEN);
1038 if (Z_AddField(&ptr, notice->z_default_format, end))
1039 return (ZERR_HEADERLEN);
1041 /* copy back the end pointer location for crypto checksum */
1044 if (ZMakeAscii32(ptr, end-ptr, notice->z_checksum) == ZERR_FIELDLEN)
1045 return (ZERR_HEADERLEN);
1046 ptr += strlen(ptr)+1;
1050 if (Z_AddField(&ptr, notice->z_multinotice, end))
1051 return (ZERR_HEADERLEN);
1053 if (ZMakeAscii(ptr, end-ptr, (unsigned char *)¬ice->z_multiuid,
1054 sizeof(ZUnique_Id_t)) == ZERR_FIELDLEN)
1055 return (ZERR_HEADERLEN);
1056 ptr += strlen(ptr)+1;
1058 for (i=0;i<notice->z_num_other_fields;i++)
1059 if (Z_AddField(&ptr, notice->z_other_fields[i], end))
1060 return (ZERR_HEADERLEN);
1068 Z_AddField(ptr, field, end)
1069 char **ptr, *field, *end;
1073 len = field ? strlen (field) + 1 : 1;
1078 (void) strcpy(*ptr, field);
1086 struct _Z_InputQ *Z_GetFirstComplete()
1088 struct _Z_InputQ *qptr;
1098 return ((struct _Z_InputQ *)0);
1101 struct _Z_InputQ *Z_GetNextComplete(qptr)
1102 struct _Z_InputQ *qptr;
1111 return ((struct _Z_InputQ *)0);
1114 void Z_RemQueue(qptr)
1115 struct _Z_InputQ *qptr;
1117 struct _Z_Hole *hole, *nexthole;
1120 __Q_CompleteLength--;
1122 __Q_Size -= qptr->msg_len;
1131 hole = qptr->holelist;
1133 nexthole = hole->next;
1138 if (qptr == __Q_Head && __Q_Head == __Q_Tail) {
1139 free ((char *)qptr);
1140 __Q_Head = (struct _Z_InputQ *)0;
1141 __Q_Tail = (struct _Z_InputQ *)0;
1145 if (qptr == __Q_Head) {
1146 __Q_Head = qptr->next;
1147 __Q_Head->prev = (struct _Z_InputQ *)0;
1148 free ((char *)qptr);
1151 if (qptr == __Q_Tail) {
1152 __Q_Tail = qptr->prev;
1153 __Q_Tail->next = (struct _Z_InputQ *)0;
1154 free ((char *)qptr);
1157 qptr->prev->next = qptr->next;
1158 qptr->next->prev = qptr->prev;
1159 free ((char *)qptr);
1163 Code_t Z_SendFragmentedNotice(notice, len, cert_func, send_func)
1166 Z_AuthProc cert_func;
1167 Z_SendProc send_func;
1169 ZNotice_t partnotice;
1172 int offset, hdrsize, fragsize, ret_len, message_len, waitforack;
1175 hdrsize = len-notice->z_message_len;
1176 fragsize = Z_MAXPKTLEN-hdrsize-Z_FRAGFUDGE;
1180 waitforack = ((notice->z_kind == UNACKED || notice->z_kind == ACKED)
1181 && !__Zephyr_server);
1183 partnotice = *notice;
1185 while (offset < notice->z_message_len || !notice->z_message_len) {
1186 (void) sprintf(multi, "%d/%d", offset, notice->z_message_len);
1187 partnotice.z_multinotice = multi;
1189 (void) Z_gettimeofday(&partnotice.z_uid.tv,
1190 (struct timezone *)0);
1191 partnotice.z_uid.tv.tv_sec =
1192 htonl((u_long) partnotice.z_uid.tv.tv_sec);
1193 partnotice.z_uid.tv.tv_usec =
1194 htonl((u_long) partnotice.z_uid.tv.tv_usec);
1195 (void) memcpy((char *)&partnotice.z_uid.zuid_addr, &__My_addr,
1198 message_len = min(notice->z_message_len-offset, fragsize);
1199 partnotice.z_message = notice->z_message+offset;
1200 partnotice.z_message_len = message_len;
1201 if ((retval = Z_FormatAuthHeader(&partnotice, buffer, Z_MAXHEADERLEN,
1202 &ret_len, cert_func)) != ZERR_NONE) {
1205 memcpy(buffer + ret_len, partnotice.z_message, message_len);
1206 if ((retval = (*send_func)(&partnotice, buffer, ret_len+message_len,
1207 waitforack)) != ZERR_NONE) {
1211 if (!notice->z_message_len)
1219 Code_t Z_XmitFragment(notice, buf, len, wait)
1225 return(ZSendPacket(buf, len, wait));
1229 /* For debugging printing */
1230 const char *const ZNoticeKinds[] = {
1231 "UNSAFE", "UNACKED", "ACKED", "HMACK", "HMCTL", "SERVACK", "SERVNAK",
1239 #ifdef HAVE_STDARG_H
1240 void Z_debug (const char *format, ...)
1243 if (!__Z_debug_print)
1245 va_start (pvar, format);
1246 (*__Z_debug_print) (format, pvar, __Z_debug_print_closure);
1250 void Z_debug (va_alist) va_dcl
1254 if (!__Z_debug_print)
1257 format = va_arg (pvar, char *);
1258 (*__Z_debug_print) (format, pvar, __Z_debug_print_closure);
1263 void Z_debug_stderr (format, args, closure)
1269 vfprintf (stderr, format, args);
1271 _doprnt (format, args, stderr);
1273 putc ('\n', stderr);
1277 int ZGetFD () { return __Zephyr_fd; }
1280 int ZQLength () { return __Q_CompleteLength; }
1283 struct sockaddr_in ZGetDestAddr () { return __HM_addr; }
1286 Zconst char * ZGetRealm () { return __Zephyr_realm; }
1289 void ZSetDebug(proc, arg)
1290 void (*proc) __P((const char *, va_list, void *));
1293 __Z_debug_print = proc;
1294 __Z_debug_print_closure = arg;
1296 #endif /* Z_DEBUG */
1299 Code_t Z_Checksum(krb5_data *cksumbuf, krb5_keyblock *keyblock, krb5_cksumtype cksumtype, char **asn1_data, int *asn1_len) {
1300 krb5_error_code result;
1303 #if HAVE_KRB5_C_MAKE_CHECKSUM
1304 krb5_checksum checksum;
1307 krb5_crypto cryptctx;
1310 #if HAVE_KRB5_C_MAKE_CHECKSUM
1311 /* Create the checksum -- MIT crypto API */
1312 result = krb5_c_make_checksum(Z_krb5_ctx, cksumtype,
1313 keyblock, Z_KEYUSAGE_CLT_CKSUM,
1314 cksumbuf, &checksum);
1317 /* HOLDING: checksum */
1319 data = checksum.contents;
1320 len = checksum.length;
1322 /* Create the checksum -- heimdal crypto API */
1323 result = krb5_crypto_init(Z_krb5_ctx, keyblock, enctype, &cryptctx);
1327 /* HOLDING: cryptctx */
1328 result = krb5_create_checksum(Z_krb5_ctx, cryptctx,
1329 Z_KEYUSAGE_CLT_CKSUM, cksumtype,
1330 cksumbuf->data, cksumbuf->length,
1332 krb5_crypto_destroy(Z_krb5_ctx, cryptctx);
1336 len = checksum.checksum.length;
1337 data = checksum.checksum.data;
1338 /* HOLDING: checksum */
1341 *asn1_data = malloc(len);
1342 if (*asn1_data == NULL)
1344 memcpy(*asn1_data, data, len);
1347 #if HAVE_KRB5_C_MAKE_CHECKSUM
1348 krb5_free_checksum_contents(Z_krb5_ctx, &checksum);
1350 free_Checksum(&checksum);
1357 Z_ExtractEncCksum(krb5_keyblock *keyblock, krb5_enctype *enctype, krb5_cksumtype *cksumtype) {
1358 #if HAVE_KRB5_CREDS_KEYBLOCK_ENCTYPE
1359 *enctype = keyblock->enctype;
1360 return Z_krb5_lookup_cksumtype(*enctype, cksumtype);
1366 result = krb5_keytype_to_enctypes(Z_krb5_ctx, keyblock->keytype,
1372 if (i == len) break;
1373 result = Z_krb5_lookup_cksumtype(val[i], cksumtype);
1375 } while (result != 0);
1380 *enctype = val[i-1];
1387 /* returns 0 if invalid or losing, 1 if valid, *sigh* */
1389 Z_krb5_verify_cksum(krb5_keyblock *keyblock, krb5_data *cksumbuf, krb5_cksumtype cksumtype, char *asn1_data, int asn1_len) {
1390 krb5_error_code result;
1391 #if HAVE_KRB5_C_MAKE_CHECKSUM
1392 krb5_checksum checksum;
1395 krb5_crypto cryptctx;
1400 memset(&checksum, 0, sizeof(checksum));
1401 #if HAVE_KRB5_C_MAKE_CHECKSUM
1402 /* Verify the checksum -- MIT crypto API */
1403 checksum.length = asn1_len;
1404 checksum.contents = asn1_data;
1405 checksum.checksum_type = cksumtype;
1406 result = krb5_c_verify_checksum(Z_krb5_ctx,
1407 keyblock, Z_KEYUSAGE_SRV_CKSUM,
1408 cksumbuf, &checksum, &valid);
1409 if (!result && valid)
1414 checksum.checksum.length = asn1_len;
1415 checksum.checksum.data = asn1_data;
1416 checksum.cksumtype = cksumtype;
1418 result = krb5_crypto_init(Z_krb5_ctx, keyblock, enctype, &cryptctx);
1422 /* HOLDING: cryptctx */
1423 result = krb5_verify_checksum(Z_krb5_ctx, cryptctx,
1424 Z_KEYUSAGE_SRV_CKSUM,
1425 cksumbuf.data, cksumbuf.length,
1427 krb5_crypto_destroy(Z_krb5_ctx, cryptctx);