1 /* This file is part of the Project Athena Zephyr Notification System.
2 * It contains source for the internal Zephyr routines.
4 * Created by: Robert French
6 * $Id: Zinternal.c 2343 2009-03-23 13:50:35Z kcr $
8 * Copyright (c) 1987,1988,1991 by the Massachusetts Institute of
10 * For copying and distribution information, see the file
15 #include <arpa/inet.h>
16 #include <sys/socket.h>
20 static const char rcsid_Zinternal_c[] =
21 "$Id: Zinternal.c 2343 2009-03-23 13:50:35Z kcr $";
22 static const char copyright[] =
23 "Copyright (c) 1987,1988,1991 by the Massachusetts Institute of Technology.";
28 int __Zephyr_port = -1;
29 struct in_addr __My_addr;
30 int __Q_CompleteLength;
32 struct _Z_InputQ *__Q_Head, *__Q_Tail;
33 struct sockaddr_in __HM_addr;
34 struct sockaddr_in __HM_addr_real;
37 ZLocations_t *__locate_list;
40 ZSubscription_t *__subscriptions_list;
41 int __subscriptions_num;
42 int __subscriptions_next;
43 int Z_discarded_packets = 0;
46 /* This context is used throughout */
47 krb5_context Z_krb5_ctx;
49 static struct cksum_map_s {
53 /* per RFC1510 and draft-ietf-krb-wg-crypto-02.txt */
54 { ENCTYPE_NULL, CKSUMTYPE_RSA_MD5 },
55 { ENCTYPE_DES_CBC_CRC, CKSUMTYPE_RSA_MD5_DES },
56 { ENCTYPE_DES_CBC_MD4, CKSUMTYPE_RSA_MD4_DES },
57 { ENCTYPE_DES_CBC_MD5, CKSUMTYPE_RSA_MD5_DES },
60 * The implementors hate us, and are inconsistent with names for
61 * most things defined after RFC1510. Note that des3-cbc-sha1
62 * and des3-cbc-sha1-kd are listed by number to avoid confusion
63 * caused by inconsistency between the names used in the specs
64 * and those used by implementations.
65 * -- jhutz, 30-Nov-2002
68 /* source lost in history (an expired internet-draft) */
69 { 5 /* des3-cbc-md5 */, 9 /* rsa-md5-des3 */ },
70 { 7 /* des3-cbc-sha1 */, 13 /* hmac-sha1-des3 */ },
72 /* per draft-ietf-krb-wg-crypto-02.txt */
73 { 16 /* des3-cbc-sha1-kd */, 12 /* hmac-sha1-des3-kd */ },
75 /* per draft-raeburn-krb-rijndael-krb-02.txt */
76 { 17 /* aes128-cts-hmac-sha1-96 */, 15 /* hmac-sha1-96-aes128 */ },
77 { 18 /* aes256-cts-hmac-sha1-96 */, 16 /* hmac-sha1-96-aes256 */ },
79 /* per draft-brezak-win2k-krb-rc4-hmac-04.txt */
80 { 23 /* rc4-hmac */, -138 /* hmac-md5 */ },
81 { 24 /* rc4-hmac-exp */, -138 /* hmac-md5 */ },
83 #define N_CKSUM_MAP (sizeof(cksum_map) / sizeof(struct cksum_map_s))
86 Z_krb5_lookup_cksumtype(krb5_enctype e,
91 for (i = 0; i < N_CKSUM_MAP; i++) {
92 if (cksum_map[i].e == e) {
97 return KRB5_PROG_ETYPE_NOSUPP;
99 #endif /* HAVE_KRB5 */
101 char __Zephyr_realm[REALM_SZ];
104 void (*__Z_debug_print)(const char *fmt, va_list args, void *closure);
105 void *__Z_debug_print_closure;
108 #define min(a,b) ((a)<(b)?(a):(b))
110 static int Z_AddField(char **ptr, char *field, char *end);
111 static int find_or_insert_uid(ZUnique_Id_t *uid, ZNotice_Kind_t kind);
112 static Code_t Z_ZcodeFormatRawHeader(ZNotice_t *, char *, int, int *, char **,
113 int *, char **, char **, int cksumtype);
115 /* Find or insert uid in the old uids buffer. The buffer is a sorted
116 * circular queue. We make the assumption that most packets arrive in
117 * order, so we can usually search for a uid or insert it into the buffer
118 * by looking back just a few entries from the end. Since this code is
119 * only executed by the client, the implementation isn't microoptimized. */
121 find_or_insert_uid(ZUnique_Id_t *uid,
124 static struct _filter {
138 /* Initialize the uid buffer if it hasn't been done already. */
140 size = Z_INITFILTERSIZE;
141 buffer = (struct _filter *) malloc(size * sizeof(*buffer));
146 /* Age the uid buffer, discarding any uids older than the clock skew. */
148 while (num && (now - buffer[start % size].t) > CLOCK_SKEW)
152 /* Make room for a new uid, since we'll probably have to insert one. */
154 new_size = size * 2 + 2;
155 new = (struct _filter *) malloc(new_size * sizeof(*new));
158 for (i = 0; i < num; i++)
159 new[i] = buffer[(start + i) % size];
166 /* Search for this uid in the buffer, starting from the end. */
167 for (i = start + num - 1; i >= start; i--) {
168 result = memcmp(uid, &buffer[i % size].uid, sizeof(*uid));
169 if (result == 0 && buffer[i % size].kind == kind)
175 /* We didn't find it; insert the uid into the buffer after i. */
177 for (j = start + num; j > i; j--)
178 buffer[j % size] = buffer[(j - 1) % size];
179 buffer[i % size].uid = *uid;
180 buffer[i % size].kind = kind;
181 buffer[i % size].t = now;
188 /* Return 1 if there is a packet waiting, 0 otherwise */
191 Z_PacketWaiting(void)
196 tv.tv_sec = tv.tv_usec = 0;
198 FD_SET(ZGetFD(), &read);
199 return (select(ZGetFD() + 1, &read, NULL, NULL, &tv));
203 /* Wait for a complete notice to become available */
206 Z_WaitForComplete(void)
210 if (__Q_CompleteLength)
211 return (Z_ReadEnqueue());
213 while (!__Q_CompleteLength)
214 if ((retval = Z_ReadWait()) != ZERR_NONE)
221 /* Read any available packets and enqueue them */
229 return (ZERR_NOPORT);
231 while (Z_PacketWaiting())
232 if ((retval = Z_ReadWait()) != ZERR_NONE)
240 * Search the queue for a notice with the proper multiuid - remove any
241 * notices that haven't been touched in a while
245 Z_SearchQueue(ZUnique_Id_t *uid,
248 register struct _Z_InputQ *qptr;
249 struct _Z_InputQ *next;
252 (void) gettimeofday(&tv, (struct timezone *)0);
257 if (ZCompareUID(uid, &qptr->uid) && qptr->kind == kind)
260 if (qptr->timep && (qptr->timep+Z_NOTICETIMELIMIT < tv.tv_sec))
268 * Now we delve into really convoluted queue handling and
269 * fragmentation reassembly algorithms and other stuff you probably
270 * don't want to look at...
272 * This routine does NOT guarantee a complete packet will be ready when it
279 register struct _Z_InputQ *qptr;
282 struct sockaddr_in olddest, from;
283 unsigned int from_len;
284 int packet_len, zvlen, part, partof;
291 return (ZERR_NOPORT);
294 FD_SET(ZGetFD(), &fds);
298 if (select(ZGetFD() + 1, &fds, NULL, NULL, &tv) < 0)
300 if (!FD_ISSET(ZGetFD(), &fds))
303 from_len = sizeof(struct sockaddr_in);
305 packet_len = recvfrom(ZGetFD(), packet, sizeof(packet), 0,
306 (struct sockaddr *)&from, &from_len);
314 /* Ignore obviously non-Zephyr packets. */
315 zvlen = sizeof(ZVERSIONHDR) - 1;
316 if (packet_len < zvlen || memcmp(packet, ZVERSIONHDR, zvlen) != 0) {
317 Z_discarded_packets++;
321 /* Parse the notice */
322 if ((retval = ZParseNotice(packet, packet_len, ¬ice)) != ZERR_NONE)
326 * If we're not a server and the notice is of an appropriate kind,
327 * send back a CLIENTACK to whoever sent it to say we got it.
329 if (!__Zephyr_server) {
330 if (notice.z_kind != HMACK && notice.z_kind != SERVACK &&
331 notice.z_kind != SERVNAK && notice.z_kind != CLIENTACK) {
337 tmpnotice.z_kind = CLIENTACK;
338 tmpnotice.z_message_len = 0;
341 if ((retval = ZFormatSmallRawNotice(&tmpnotice, pkt, &len))
344 if ((retval = ZSendPacket(pkt, len, 0)) != ZERR_NONE)
348 if (find_or_insert_uid(¬ice.z_uid, notice.z_kind))
351 /* Check authentication on the notice. */
352 notice.z_checked_auth = ZCheckAuthentication(¬ice, &from);
357 * Parse apart the z_multinotice field - if the field is blank for
358 * some reason, assume this packet stands by itself.
360 slash = strchr(notice.z_multinotice, '/');
362 part = atoi(notice.z_multinotice);
363 partof = atoi(slash+1);
364 if (part > partof || partof == 0) {
366 partof = notice.z_message_len;
371 partof = notice.z_message_len;
374 /* Too big a packet...just ignore it! */
375 if (partof > Z_MAXNOTICESIZE)
379 * If we aren't a server and we can find a notice in the queue
380 * with the same multiuid field, insert the current fragment as
383 switch (notice.z_kind) {
386 /* The SERVACK and SERVNAK replies shouldn't be reassembled
387 (they have no parts). Instead, we should hold on to the reply
388 ONLY if it's the first part of a fragmented message, i.e.
389 multi_uid == uid. This allows programs to wait for the uid
390 of the first packet, and get a response when that notice
391 arrives. Acknowledgements of the other fragments are discarded
392 (XXX we assume here that they all carry the same information
393 regarding failure/success)
395 if (!__Zephyr_server &&
396 !ZCompareUID(¬ice.z_multiuid, ¬ice.z_uid))
397 /* they're not the same... throw away this packet. */
399 /* fall thru & process it */
401 /* for HMACK types, we assume no packet loss (local loopback
402 connections). The other types can be fragmented and MUST
403 run through this code. */
404 if (!__Zephyr_server && (qptr = Z_SearchQueue(¬ice.z_multiuid,
407 * If this is the first fragment, and we haven't already
408 * gotten a first fragment, grab the header from it.
410 if (part == 0 && !qptr->header) {
411 qptr->header_len = packet_len-notice.z_message_len;
412 qptr->header = (char *) malloc((unsigned) qptr->header_len);
415 (void) memcpy(qptr->header, packet, qptr->header_len);
417 return (Z_AddNoticeToEntry(qptr, ¬ice, part));
422 * We'll have to create a new entry...make sure the queue isn't
423 * going to get too big.
425 if (__Q_Size+(__Zephyr_server ? notice.z_message_len : partof) > Z_MAXQUEUESIZE)
429 * This is a notice we haven't heard of, so create a new queue
430 * entry for it and zero it out.
432 qptr = (struct _Z_InputQ *)malloc(sizeof(struct _Z_InputQ));
435 (void) memset((char *)qptr, 0, sizeof(struct _Z_InputQ));
437 /* Insert the entry at the end of the queue */
439 qptr->prev = __Q_Tail;
441 __Q_Tail->next = qptr;
448 /* Copy the from field, multiuid, kind, and checked authentication. */
450 qptr->uid = notice.z_multiuid;
451 qptr->kind = notice.z_kind;
452 qptr->auth = notice.z_checked_auth;
455 * If this is the first part of the notice, we take the header
456 * from it. We only take it if this is the first fragment so that
457 * the Unique ID's will be predictable.
459 * If a Zephyr Server, we always take the header.
461 if (__Zephyr_server || part == 0) {
462 qptr->header_len = packet_len-notice.z_message_len;
463 qptr->header = (char *) malloc((unsigned) qptr->header_len);
466 (void) memcpy(qptr->header, packet, qptr->header_len);
470 * If this is not a fragmented notice, then don't bother with a
472 * If we are a Zephyr server, all notices are treated as complete.
474 if (__Zephyr_server || (part == 0 && notice.z_message_len == partof)) {
475 __Q_CompleteLength++;
476 qptr->holelist = (struct _Z_Hole *) 0;
478 /* allocate a msg buf for this piece */
479 if (notice.z_message_len == 0)
481 else if (!(qptr->msg = (char *) malloc((unsigned) notice.z_message_len)))
484 (void) memcpy(qptr->msg, notice.z_message, notice.z_message_len);
485 qptr->msg_len = notice.z_message_len;
486 __Q_Size += notice.z_message_len;
487 qptr->packet_len = qptr->header_len+qptr->msg_len;
488 if (!(qptr->packet = (char *) malloc((unsigned) qptr->packet_len)))
490 (void) memcpy(qptr->packet, qptr->header, qptr->header_len);
492 (void) memcpy(qptr->packet+qptr->header_len, qptr->msg,
498 * We know how long the message is going to be (this is better
499 * than IP fragmentation...), so go ahead and allocate it all.
501 if (!(qptr->msg = (char *) malloc((unsigned) partof)) && partof)
503 qptr->msg_len = partof;
507 * Well, it's a fragmented notice...allocate a hole list and
508 * initialize it to the full packet size. Then insert the
511 if (!(qptr->holelist = (struct _Z_Hole *)
512 malloc(sizeof(struct _Z_Hole))))
514 qptr->holelist->next = (struct _Z_Hole *) 0;
515 qptr->holelist->first = 0;
516 qptr->holelist->last = partof-1;
517 return (Z_AddNoticeToEntry(qptr, ¬ice, part));
521 /* Fragment management routines - compliments, more or less, of RFC815 */
524 Z_AddNoticeToEntry(struct _Z_InputQ *qptr,
528 int last, oldfirst, oldlast;
529 struct _Z_Hole *hole, *lasthole;
533 if (part < 0 || notice->z_message_len < 0 || part > qptr->msg_len
534 || notice->z_message_len > qptr->msg_len - part)
537 /* Incorporate this notice's checked authentication. */
538 if (notice->z_checked_auth == ZAUTH_FAILED)
539 qptr->auth = ZAUTH_FAILED;
540 else if (notice->z_checked_auth == ZAUTH_NO && qptr->auth != ZAUTH_FAILED)
541 qptr->auth = ZAUTH_NO;
543 (void) gettimeofday(&tv, (struct timezone *)0);
544 qptr->timep = tv.tv_sec;
546 last = part+notice->z_message_len-1;
548 hole = qptr->holelist;
549 lasthole = (struct _Z_Hole *) 0;
551 /* copy in the message body */
552 (void) memcpy(qptr->msg+part, notice->z_message, notice->z_message_len);
554 /* Search for a hole that overlaps with the current fragment */
556 if (part <= hole->last && last >= hole->first)
562 /* If we found one, delete it and reconstruct a new hole */
564 oldfirst = hole->first;
565 oldlast = hole->last;
567 lasthole->next = hole->next;
569 qptr->holelist = hole->next;
572 * Now create a new hole that is the original hole without the
575 if (part > oldfirst) {
576 /* Search for the end of the hole list */
577 hole = qptr->holelist;
578 lasthole = (struct _Z_Hole *) 0;
584 if (!(lasthole->next = (struct _Z_Hole *)
585 malloc(sizeof(struct _Z_InputQ))))
587 hole = lasthole->next;
590 if (!(qptr->holelist = (struct _Z_Hole *)
591 malloc(sizeof(struct _Z_InputQ))))
593 hole = qptr->holelist;
596 hole->first = oldfirst;
599 if (last < oldlast) {
600 /* Search for the end of the hole list */
601 hole = qptr->holelist;
602 lasthole = (struct _Z_Hole *) 0;
608 if (!(lasthole->next = (struct _Z_Hole *)
609 malloc(sizeof(struct _Z_InputQ))))
611 hole = lasthole->next;
614 if (!(qptr->holelist = (struct _Z_Hole *)
615 malloc(sizeof(struct _Z_InputQ))))
617 hole = qptr->holelist;
619 hole->next = (struct _Z_Hole *) 0;
620 hole->first = last+1;
621 hole->last = oldlast;
625 if (!qptr->holelist) {
627 __Q_CompleteLength++;
629 qptr->timep = 0; /* don't time out anymore */
630 qptr->packet_len = qptr->header_len+qptr->msg_len;
631 if (!(qptr->packet = (char *) malloc((unsigned) qptr->packet_len)))
633 (void) memcpy(qptr->packet, qptr->header, qptr->header_len);
634 (void) memcpy(qptr->packet+qptr->header_len, qptr->msg,
642 Z_gettimeofday(struct _ZTimeval *ztv,
646 (void) gettimeofday(&tv, tz); /* yeah, yeah, I know */
647 ztv->tv_sec=tv.tv_sec;
648 ztv->tv_usec=tv.tv_usec;
652 Z_FormatHeader(ZNotice_t *notice,
656 Z_AuthProc cert_routine)
659 static char version[BUFSIZ]; /* default init should be all \0 */
660 struct sockaddr_in name;
661 unsigned int namelen = sizeof(name);
663 if (!notice->z_sender)
664 notice->z_sender = ZGetSender();
666 if (notice->z_port == 0) {
668 retval = ZOpenPort((u_short *)0);
669 if (retval != ZERR_NONE)
672 retval = getsockname(ZGetFD(), (struct sockaddr *) &name, &namelen);
675 notice->z_port = name.sin_port;
678 notice->z_multinotice = "";
680 (void) Z_gettimeofday(¬ice->z_uid.tv, (struct timezone *)0);
681 notice->z_uid.tv.tv_sec = htonl((u_long) notice->z_uid.tv.tv_sec);
682 notice->z_uid.tv.tv_usec = htonl((u_long) notice->z_uid.tv.tv_usec);
684 (void) memcpy(¬ice->z_uid.zuid_addr, &__My_addr, sizeof(__My_addr));
686 if (notice->z_sender_sockaddr.ip4.sin_family == 0) {
687 (void) memset(¬ice->z_sender_sockaddr, 0, sizeof(notice->z_sender_sockaddr));
688 notice->z_sender_sockaddr.ip4.sin_family = AF_INET; /*XXX*/
689 notice->z_sender_sockaddr.ip4.sin_port = notice->z_port;
690 (void) memcpy(¬ice->z_sender_sockaddr.ip4.sin_addr, &__My_addr, sizeof(__My_addr));
693 notice->z_multiuid = notice->z_uid;
696 (void) sprintf(version, "%s%d.%d", ZVERSIONHDR, ZVERSIONMAJOR,
698 notice->z_version = version;
700 return Z_FormatAuthHeader(notice, buffer, buffer_len, len, cert_routine);
704 Z_NewFormatHeader(ZNotice_t *notice,
708 Z_AuthProc cert_routine)
711 static char version[BUFSIZ]; /* default init should be all \0 */
712 struct sockaddr_in name;
714 unsigned int namelen = sizeof(name);
716 if (!notice->z_sender)
717 notice->z_sender = ZGetSender();
719 if (notice->z_port == 0) {
721 retval = ZOpenPort((u_short *)0);
722 if (retval != ZERR_NONE)
725 retval = getsockname(ZGetFD(), (struct sockaddr *) &name, &namelen);
728 notice->z_port = name.sin_port;
731 notice->z_multinotice = "";
733 (void) gettimeofday(&tv, (struct timezone *)0);
734 notice->z_uid.tv.tv_sec = htonl((u_long) tv.tv_sec);
735 notice->z_uid.tv.tv_usec = htonl((u_long) tv.tv_usec);
737 (void) memcpy(¬ice->z_uid.zuid_addr, &__My_addr, sizeof(__My_addr));
739 (void) memset(¬ice->z_sender_sockaddr, 0, sizeof(notice->z_sender_sockaddr));
740 notice->z_sender_sockaddr.ip4.sin_family = AF_INET; /*XXX*/
741 notice->z_sender_sockaddr.ip4.sin_port = notice->z_port;
742 (void) memcpy(¬ice->z_sender_sockaddr.ip4.sin_addr, &__My_addr, sizeof(__My_addr));
744 notice->z_multiuid = notice->z_uid;
747 (void) sprintf(version, "%s%d.%d", ZVERSIONHDR, ZVERSIONMAJOR,
749 notice->z_version = version;
751 return Z_NewFormatAuthHeader(notice, buffer, buffer_len, len, cert_routine);
755 Z_FormatAuthHeader(ZNotice_t *notice,
759 Z_AuthProc cert_routine)
763 notice->z_authent_len = 0;
764 notice->z_ascii_authent = "";
765 notice->z_checksum = 0;
766 return (Z_FormatRawHeader(notice, buffer, buffer_len,
770 return ((*cert_routine)(notice, buffer, buffer_len, len));
774 Z_NewFormatAuthHeader(ZNotice_t *notice,
778 Z_AuthProc cert_routine)
782 notice->z_authent_len = 0;
783 notice->z_ascii_authent = "";
784 notice->z_checksum = 0;
785 return (Z_FormatRawHeader(notice, buffer, buffer_len,
789 return ((*cert_routine)(notice, buffer, buffer_len, len));
793 Z_NewFormatRawHeader(ZNotice_t *notice,
802 return(Z_ZcodeFormatRawHeader(notice, buffer, buffer_len, hdr_len,
803 cksum_start, cksum_len, cstart, cend, 0));
807 Z_AsciiFormatRawHeader(ZNotice_t *notice,
816 return(Z_ZcodeFormatRawHeader(notice, buffer, buffer_len, hdr_len,
817 cksum_start, cksum_len, cstart, cend, 1));
821 Z_ZcodeFormatRawHeader(ZNotice_t *notice,
831 static char version_nogalaxy[BUFSIZ]; /* default init should be all \0 */
832 char newrecip[BUFSIZ];
836 unsigned char *addraddr = NULL;
838 if (!(notice->z_sender_sockaddr.sa.sa_family == AF_INET ||
839 notice->z_sender_sockaddr.sa.sa_family == AF_INET6))
842 if (!notice->z_class)
843 notice->z_class = "";
845 if (!notice->z_class_inst)
846 notice->z_class_inst = "";
848 if (!notice->z_opcode)
849 notice->z_opcode = "";
851 if (!notice->z_recipient)
852 notice->z_recipient = "";
854 if (!notice->z_default_format)
855 notice->z_default_format = "";
858 end = buffer+buffer_len;
863 (void) sprintf(version_nogalaxy, "%s%d.%d", ZVERSIONHDR,
864 ZVERSIONMAJOR, ZVERSIONMINOR);
866 notice->z_version = version_nogalaxy;
868 if (Z_AddField(&ptr, version_nogalaxy, end))
869 return (ZERR_HEADERLEN);
871 if (ZMakeAscii32(ptr, end-ptr,
872 Z_NUMFIELDS + notice->z_num_other_fields)
874 return (ZERR_HEADERLEN);
875 ptr += strlen(ptr)+1;
877 if (ZMakeAscii32(ptr, end-ptr, notice->z_kind) == ZERR_FIELDLEN)
878 return (ZERR_HEADERLEN);
879 ptr += strlen(ptr)+1;
881 if (ZMakeAscii(ptr, end-ptr, (unsigned char *)¬ice->z_uid,
882 sizeof(ZUnique_Id_t)) == ZERR_FIELDLEN)
883 return (ZERR_HEADERLEN);
884 ptr += strlen(ptr)+1;
886 if (ZMakeAscii16(ptr, end-ptr, ntohs(notice->z_port)) == ZERR_FIELDLEN)
887 return (ZERR_HEADERLEN);
888 ptr += strlen(ptr)+1;
890 if (ZMakeAscii32(ptr, end-ptr, notice->z_auth) == ZERR_FIELDLEN)
891 return (ZERR_HEADERLEN);
892 ptr += strlen(ptr)+1;
894 if (ZMakeAscii32(ptr, end-ptr, notice->z_authent_len) == ZERR_FIELDLEN)
895 return (ZERR_HEADERLEN);
896 ptr += strlen(ptr)+1;
898 if (Z_AddField(&ptr, notice->z_ascii_authent, end))
899 return (ZERR_HEADERLEN);
900 if (Z_AddField(&ptr, notice->z_class, end))
901 return (ZERR_HEADERLEN);
902 if (Z_AddField(&ptr, notice->z_class_inst, end))
903 return (ZERR_HEADERLEN);
904 if (Z_AddField(&ptr, notice->z_opcode, end))
905 return (ZERR_HEADERLEN);
906 if (Z_AddField(&ptr, notice->z_sender, end))
907 return (ZERR_HEADERLEN);
908 if (strchr(notice->z_recipient, '@') || !*notice->z_recipient) {
909 if (Z_AddField(&ptr, notice->z_recipient, end))
910 return (ZERR_HEADERLEN);
913 if (strlen(notice->z_recipient) + strlen(__Zephyr_realm) + 2 >
915 return (ZERR_HEADERLEN);
916 (void) sprintf(newrecip, "%s@%s", notice->z_recipient, __Zephyr_realm);
917 if (Z_AddField(&ptr, newrecip, end))
918 return (ZERR_HEADERLEN);
920 if (Z_AddField(&ptr, notice->z_default_format, end))
921 return (ZERR_HEADERLEN);
923 /* copy back the end pointer location for crypto checksum */
926 if (cksumstyle == 1) {
927 if (Z_AddField(&ptr, notice->z_ascii_checksum, end))
928 return (ZERR_HEADERLEN);
931 if (ZMakeZcode32(ptr, end-ptr, notice->z_checksum) == ZERR_FIELDLEN)
932 return ZERR_HEADERLEN;
934 if (ZMakeAscii32(ptr, end-ptr, notice->z_checksum) == ZERR_FIELDLEN)
935 return (ZERR_HEADERLEN);
937 ptr += strlen(ptr)+1;
942 if (Z_AddField(&ptr, notice->z_multinotice, end))
943 return (ZERR_HEADERLEN);
945 if (ZMakeAscii(ptr, end-ptr, (unsigned char *)¬ice->z_multiuid,
946 sizeof(ZUnique_Id_t)) == ZERR_FIELDLEN)
947 return (ZERR_HEADERLEN);
948 ptr += strlen(ptr)+1;
950 if (notice->z_sender_sockaddr.sa.sa_family == AF_INET) {
951 addrlen = sizeof(notice->z_sender_sockaddr.ip4.sin_addr);
952 addraddr = (unsigned char *)¬ice->z_sender_sockaddr.ip4.sin_addr;
953 } else if (notice->z_sender_sockaddr.sa.sa_family == AF_INET6) {
954 addrlen = sizeof(notice->z_sender_sockaddr.ip6.sin6_addr);
955 addraddr = (unsigned char *)¬ice->z_sender_sockaddr.ip6.sin6_addr;
958 if (ZMakeZcode(ptr, end-ptr, addraddr, addrlen) == ZERR_FIELDLEN)
959 return ZERR_HEADERLEN;
960 ptr += strlen(ptr) + 1;
962 if (ZMakeAscii16(ptr, end-ptr, ntohs(notice->z_charset)) == ZERR_FIELDLEN)
963 return ZERR_HEADERLEN;
964 ptr += strlen(ptr) + 1;
966 for (i=0;i<notice->z_num_other_fields;i++)
967 if (Z_AddField(&ptr, notice->z_other_fields[i], end))
968 return (ZERR_HEADERLEN);
971 *cksum_len = ptr-*cksum_start;
973 *hdr_len = ptr-buffer;
979 Z_FormatRawHeader(ZNotice_t *notice,
986 char newrecip[BUFSIZ];
990 unsigned char *addraddr = NULL;
992 if (!(notice->z_sender_sockaddr.sa.sa_family == AF_INET ||
993 notice->z_sender_sockaddr.sa.sa_family == AF_INET6))
994 notice->z_sender_sockaddr.sa.sa_family = AF_INET; /* \/\/hatever *//*XXX*/
996 if (!notice->z_class)
997 notice->z_class = "";
999 if (!notice->z_class_inst)
1000 notice->z_class_inst = "";
1002 if (!notice->z_opcode)
1003 notice->z_opcode = "";
1005 if (!notice->z_recipient)
1006 notice->z_recipient = "";
1008 if (!notice->z_default_format)
1009 notice->z_default_format = "";
1012 end = buffer+buffer_len;
1014 if (buffer_len < strlen(notice->z_version)+1)
1015 return (ZERR_HEADERLEN);
1017 (void) strcpy(ptr, notice->z_version);
1018 ptr += strlen(ptr)+1;
1020 if (ZMakeAscii32(ptr, end-ptr, Z_NUMFIELDS + notice->z_num_other_fields)
1022 return (ZERR_HEADERLEN);
1023 ptr += strlen(ptr)+1;
1025 if (ZMakeAscii32(ptr, end-ptr, notice->z_kind) == ZERR_FIELDLEN)
1026 return (ZERR_HEADERLEN);
1027 ptr += strlen(ptr)+1;
1029 if (ZMakeAscii(ptr, end-ptr, (unsigned char *)¬ice->z_uid,
1030 sizeof(ZUnique_Id_t)) == ZERR_FIELDLEN)
1031 return (ZERR_HEADERLEN);
1032 ptr += strlen(ptr)+1;
1034 if (ZMakeAscii16(ptr, end-ptr, ntohs(notice->z_port)) == ZERR_FIELDLEN)
1035 return (ZERR_HEADERLEN);
1036 ptr += strlen(ptr)+1;
1038 if (ZMakeAscii32(ptr, end-ptr, notice->z_auth) == ZERR_FIELDLEN)
1039 return (ZERR_HEADERLEN);
1040 ptr += strlen(ptr)+1;
1042 if (ZMakeAscii32(ptr, end-ptr, notice->z_authent_len) == ZERR_FIELDLEN)
1043 return (ZERR_HEADERLEN);
1044 ptr += strlen(ptr)+1;
1046 if (Z_AddField(&ptr, notice->z_ascii_authent, end))
1047 return (ZERR_HEADERLEN);
1048 if (Z_AddField(&ptr, notice->z_class, end))
1049 return (ZERR_HEADERLEN);
1050 if (Z_AddField(&ptr, notice->z_class_inst, end))
1051 return (ZERR_HEADERLEN);
1052 if (Z_AddField(&ptr, notice->z_opcode, end))
1053 return (ZERR_HEADERLEN);
1054 if (Z_AddField(&ptr, notice->z_sender, end))
1055 return (ZERR_HEADERLEN);
1056 if (strchr(notice->z_recipient, '@') || !*notice->z_recipient) {
1057 if (Z_AddField(&ptr, notice->z_recipient, end))
1058 return (ZERR_HEADERLEN);
1061 if (strlen(notice->z_recipient) + strlen(__Zephyr_realm) + 2 >
1063 return (ZERR_HEADERLEN);
1064 (void) sprintf(newrecip, "%s@%s", notice->z_recipient, __Zephyr_realm);
1065 if (Z_AddField(&ptr, newrecip, end))
1066 return (ZERR_HEADERLEN);
1068 if (Z_AddField(&ptr, notice->z_default_format, end))
1069 return (ZERR_HEADERLEN);
1071 /* copy back the end pointer location for crypto checksum */
1074 if (ZMakeAscii32(ptr, end-ptr, notice->z_checksum) == ZERR_FIELDLEN)
1075 return (ZERR_HEADERLEN);
1076 ptr += strlen(ptr)+1;
1080 if (Z_AddField(&ptr, notice->z_multinotice, end))
1081 return (ZERR_HEADERLEN);
1083 if (ZMakeAscii(ptr, end-ptr, (unsigned char *)¬ice->z_multiuid,
1084 sizeof(ZUnique_Id_t)) == ZERR_FIELDLEN)
1085 return (ZERR_HEADERLEN);
1086 ptr += strlen(ptr)+1;
1088 if (notice->z_sender_sockaddr.sa.sa_family == AF_INET) {
1089 addrlen = sizeof(notice->z_sender_sockaddr.ip4.sin_addr);
1090 addraddr = (unsigned char *)¬ice->z_sender_sockaddr.ip4.sin_addr;
1091 if (ZMakeAscii(ptr, end - ptr, addraddr, addrlen) == ZERR_FIELDLEN)
1092 return ZERR_HEADERLEN;
1093 } else if (notice->z_sender_sockaddr.sa.sa_family == AF_INET6) {
1094 addrlen = sizeof(notice->z_sender_sockaddr.ip6.sin6_addr);
1095 addraddr = (unsigned char *)¬ice->z_sender_sockaddr.ip6.sin6_addr;
1096 if (ZMakeZcode(ptr, end - ptr, addraddr, addrlen) == ZERR_FIELDLEN)
1097 return ZERR_HEADERLEN;
1099 ptr += strlen(ptr) + 1;
1101 if (ZMakeAscii16(ptr, end-ptr, ntohs(notice->z_charset)) == ZERR_FIELDLEN)
1102 return ZERR_HEADERLEN;
1103 ptr += strlen(ptr) + 1;
1105 for (i=0;i<notice->z_num_other_fields;i++)
1106 if (Z_AddField(&ptr, notice->z_other_fields[i], end))
1107 return (ZERR_HEADERLEN);
1115 Z_AddField(char **ptr,
1121 len = field ? strlen (field) + 1 : 1;
1126 (void) strcpy(*ptr, field);
1135 Z_GetFirstComplete(void)
1137 struct _Z_InputQ *qptr;
1147 return ((struct _Z_InputQ *)0);
1151 Z_GetNextComplete(struct _Z_InputQ *qptr)
1160 return ((struct _Z_InputQ *)0);
1164 Z_RemQueue(struct _Z_InputQ *qptr)
1166 struct _Z_Hole *hole, *nexthole;
1169 __Q_CompleteLength--;
1171 __Q_Size -= qptr->msg_len;
1180 hole = qptr->holelist;
1182 nexthole = hole->next;
1187 if (qptr == __Q_Head && __Q_Head == __Q_Tail) {
1188 free ((char *)qptr);
1189 __Q_Head = (struct _Z_InputQ *)0;
1190 __Q_Tail = (struct _Z_InputQ *)0;
1194 if (qptr == __Q_Head) {
1195 __Q_Head = qptr->next;
1196 __Q_Head->prev = (struct _Z_InputQ *)0;
1197 free ((char *)qptr);
1200 if (qptr == __Q_Tail) {
1201 __Q_Tail = qptr->prev;
1202 __Q_Tail->next = (struct _Z_InputQ *)0;
1203 free ((char *)qptr);
1206 qptr->prev->next = qptr->next;
1207 qptr->next->prev = qptr->prev;
1208 free ((char *)qptr);
1213 Z_SendFragmentedNotice(ZNotice_t *notice,
1215 Z_AuthProc cert_func,
1216 Z_SendProc send_func)
1218 ZNotice_t partnotice;
1221 int offset, hdrsize, fragsize, ret_len, message_len, waitforack;
1224 hdrsize = len-notice->z_message_len;
1225 fragsize = Z_MAXPKTLEN-hdrsize-Z_FRAGFUDGE;
1229 waitforack = ((notice->z_kind == UNACKED || notice->z_kind == ACKED)
1230 && !__Zephyr_server);
1232 partnotice = *notice;
1234 while (offset < notice->z_message_len || !notice->z_message_len) {
1235 (void) sprintf(multi, "%d/%d", offset, notice->z_message_len);
1236 partnotice.z_multinotice = multi;
1238 (void) Z_gettimeofday(&partnotice.z_uid.tv,
1239 (struct timezone *)0);
1240 partnotice.z_uid.tv.tv_sec =
1241 htonl((u_long) partnotice.z_uid.tv.tv_sec);
1242 partnotice.z_uid.tv.tv_usec =
1243 htonl((u_long) partnotice.z_uid.tv.tv_usec);
1244 (void) memcpy((char *)&partnotice.z_uid.zuid_addr, &__My_addr,
1246 (void) memset(¬ice->z_sender_sockaddr, 0, sizeof(notice->z_sender_sockaddr));
1247 notice->z_sender_sockaddr.ip4.sin_family = AF_INET; /*XXX*/
1248 notice->z_sender_sockaddr.ip4.sin_port = notice->z_port;
1249 (void) memcpy(¬ice->z_sender_sockaddr.ip4.sin_addr, &__My_addr, sizeof(__My_addr));
1251 message_len = min(notice->z_message_len-offset, fragsize);
1252 partnotice.z_message = notice->z_message+offset;
1253 partnotice.z_message_len = message_len;
1254 if ((retval = Z_FormatAuthHeader(&partnotice, buffer, Z_MAXHEADERLEN,
1255 &ret_len, cert_func)) != ZERR_NONE) {
1258 memcpy(buffer + ret_len, partnotice.z_message, message_len);
1259 if ((retval = (*send_func)(&partnotice, buffer, ret_len+message_len,
1260 waitforack)) != ZERR_NONE) {
1264 if (!notice->z_message_len)
1272 Code_t Z_XmitFragment(ZNotice_t *notice,
1277 return(ZSendPacket(buf, len, wait));
1281 /* For debugging printing */
1282 const char *const ZNoticeKinds[] = {
1283 "UNSAFE", "UNACKED", "ACKED", "HMACK", "HMCTL", "SERVACK", "SERVNAK",
1292 Z_debug(const char *format, ...)
1295 if (!__Z_debug_print)
1297 va_start (pvar, format);
1298 (*__Z_debug_print) (format, pvar, __Z_debug_print_closure);
1303 Z_debug_stderr(const char *format,
1308 vfprintf (stderr, format, args);
1310 _doprnt (format, args, stderr);
1312 putc ('\n', stderr);
1317 ZSetDebug(void (*proc) __P((const char *, va_list, void *)),
1320 __Z_debug_print = proc;
1321 __Z_debug_print_closure = arg;
1323 #endif /* Z_DEBUG */
1327 Z_Checksum(krb5_data *cksumbuf,
1328 krb5_keyblock *keyblock,
1329 krb5_cksumtype cksumtype,
1331 unsigned int *asn1_len)
1333 krb5_error_code result;
1334 unsigned char *data;
1336 #ifndef HAVE_KRB5_CRYPTO_INIT
1337 krb5_checksum checksum;
1340 krb5_crypto cryptctx;
1343 #ifndef HAVE_KRB5_CRYPTO_INIT
1344 /* Create the checksum -- MIT crypto API */
1345 result = krb5_c_make_checksum(Z_krb5_ctx, cksumtype,
1346 keyblock, Z_KEYUSAGE_CLT_CKSUM,
1347 cksumbuf, &checksum);
1350 /* HOLDING: checksum */
1352 data = checksum.contents;
1353 len = checksum.length;
1355 /* Create the checksum -- heimdal crypto API */
1356 result = krb5_crypto_init(Z_krb5_ctx, keyblock, keyblock->keytype,
1361 /* HOLDING: cryptctx */
1362 result = krb5_create_checksum(Z_krb5_ctx, cryptctx,
1363 Z_KEYUSAGE_CLT_CKSUM, cksumtype,
1364 cksumbuf->data, cksumbuf->length,
1366 krb5_crypto_destroy(Z_krb5_ctx, cryptctx);
1370 len = checksum.checksum.length;
1371 data = checksum.checksum.data;
1372 /* HOLDING: checksum */
1375 *asn1_data = malloc(len);
1376 if (*asn1_data == NULL)
1378 memcpy(*asn1_data, data, len);
1381 #ifndef HAVE_KRB5_CRYPTO_INIT
1382 krb5_free_checksum_contents(Z_krb5_ctx, &checksum);
1384 free_Checksum(&checksum);
1391 Z_InsertZcodeChecksum(krb5_keyblock *keyblock,
1401 int plain_len; /* length of part not to be checksummed */
1402 int cksum0_len; /* length of part before checksum */
1403 int cksum1_len; /* length of part after checksum */
1406 unsigned char *key_data;
1408 krb5_enctype enctype;
1409 krb5_cksumtype cksumtype;
1412 key_data = Z_keydata(keyblock);
1413 key_len = Z_keylen(keyblock);
1414 result = Z_ExtractEncCksum(keyblock, &enctype, &cksumtype);
1416 return (ZAUTH_FAILED);
1418 /* Assemble the things to be checksummed */
1419 plain_len = cksum_start - buffer;
1420 cksum0_len = cstart - cksum_start;
1421 cksum1_len = (cksum_start + cksum_len) - cend;
1422 memset(&cksumbuf, 0, sizeof(cksumbuf));
1423 cksumbuf.length = cksum0_len + cksum1_len + notice->z_message_len;
1424 cksumbuf.data = malloc(cksumbuf.length);
1427 memcpy(cksumbuf.data, cksum_start, cksum0_len);
1428 memcpy(cksumbuf.data + cksum0_len, cend, cksum1_len);
1429 memcpy(cksumbuf.data + cksum0_len + cksum1_len,
1430 notice->z_message, notice->z_message_len);
1431 /* compute the checksum */
1432 result = Z_Checksum(&cksumbuf, keyblock, cksumtype,
1433 (char **)&cksum.data, &cksum.length);
1435 free(cksumbuf.data);
1440 * OK.... we can zcode to a space starting at 'cstart',
1441 * with a length of buffer_len - (plain_len + cksum_len).
1442 * Then we tack on the end part, which is located at
1443 * cksumbuf.data + cksum0_len and has length cksum1_len
1446 result = ZMakeZcode(cstart, buffer_len - (plain_len + cksum_len),
1447 (unsigned char *)cksum.data, cksum.length);
1450 int zcode_len = strlen(cstart) + 1;
1451 memcpy(cstart + zcode_len, cksumbuf.data + cksum0_len, cksum1_len);
1452 *length_adjust = zcode_len - cksum_len + (cksum0_len + cksum1_len);
1454 free(cksumbuf.data);
1459 Z_ExtractEncCksum(krb5_keyblock *keyblock,
1460 krb5_enctype *enctype,
1461 krb5_cksumtype *cksumtype)
1463 *enctype = Z_enctype(keyblock);
1464 return Z_krb5_lookup_cksumtype(*enctype, cksumtype);
1469 /* returns 0 if invalid or losing, 1 if valid, *sigh* */
1471 Z_krb5_verify_cksum(krb5_keyblock *keyblock,
1472 krb5_data *cksumbuf,
1473 krb5_cksumtype cksumtype,
1474 unsigned char *asn1_data,
1477 krb5_error_code result;
1478 #ifndef HAVE_KRB5_CRYPTO_INIT
1479 krb5_checksum checksum;
1482 krb5_crypto cryptctx;
1487 memset(&checksum, 0, sizeof(checksum));
1488 #ifndef HAVE_KRB5_CRYPTO_INIT
1489 /* Verify the checksum -- MIT crypto API */
1490 checksum.length = asn1_len;
1491 checksum.contents = asn1_data;
1492 checksum.checksum_type = cksumtype;
1493 result = krb5_c_verify_checksum(Z_krb5_ctx,
1494 keyblock, Z_KEYUSAGE_SRV_CKSUM,
1495 cksumbuf, &checksum, &valid);
1496 if (!result && valid)
1501 checksum.checksum.length = asn1_len;
1502 checksum.checksum.data = asn1_data;
1503 checksum.cksumtype = cksumtype;
1505 result = krb5_crypto_init(Z_krb5_ctx, keyblock, keyblock->keytype, &cryptctx);
1509 /* HOLDING: cryptctx */
1510 result = krb5_verify_checksum(Z_krb5_ctx, cryptctx,
1511 Z_KEYUSAGE_SRV_CKSUM,
1512 cksumbuf->data, cksumbuf->length,
1514 krb5_crypto_destroy(Z_krb5_ctx, cryptctx);