1 /* This file is part of the Project Athena Zephyr Notification System.
2 * It contains source for the internal Zephyr routines.
4 * Created by: Robert French
6 * $Id: Zinternal.c,v 1.42 2002/09/10 16:04:31 ghudson Exp $
8 * Copyright (c) 1987,1988,1991 by the Massachusetts Institute of
10 * For copying and distribution information, see the file
15 #include <arpa/inet.h>
16 #include <sys/socket.h>
20 static const char rcsid_Zinternal_c[] =
21 "$Id: Zinternal.c,v 1.42 2002/09/10 16:04:31 ghudson Exp $";
22 static const char copyright[] =
23 "Copyright (c) 1987,1988,1991 by the Massachusetts Institute of Technology.";
26 extern char *inet_ntoa ();
30 int __Zephyr_port = -1;
31 struct in_addr __My_addr;
32 int __Q_CompleteLength;
34 struct _Z_InputQ *__Q_Head, *__Q_Tail;
35 struct sockaddr_in __HM_addr;
36 struct sockaddr_in __HM_addr_real;
39 ZLocations_t *__locate_list;
42 ZSubscription_t *__subscriptions_list;
43 int __subscriptions_num;
44 int __subscriptions_next;
45 int Z_discarded_packets = 0;
48 /* This context is used throughout */
49 krb5_context Z_krb5_ctx;
51 static struct cksum_map_s {
55 /* per RFC1510 and draft-ietf-krb-wg-crypto-02.txt */
56 { ENCTYPE_NULL, CKSUMTYPE_RSA_MD5 },
57 { ENCTYPE_DES_CBC_CRC, CKSUMTYPE_RSA_MD5_DES },
58 { ENCTYPE_DES_CBC_MD4, CKSUMTYPE_RSA_MD4_DES },
59 { ENCTYPE_DES_CBC_MD5, CKSUMTYPE_RSA_MD5_DES },
62 * The implementors hate us, and are inconsistent with names for
63 * most things defined after RFC1510. Note that des3-cbc-sha1
64 * and des3-cbc-sha1-kd are listed by number to avoid confusion
65 * caused by inconsistency between the names used in the specs
66 * and those used by implementations.
67 * -- jhutz, 30-Nov-2002
70 /* source lost in history (an expired internet-draft) */
71 { 5 /* des3-cbc-md5 */, 9 /* rsa-md5-des3 */ },
72 { 7 /* des3-cbc-sha1 */, 12 /* hmac-sha1-des3 */ },
74 /* per draft-ietf-krb-wg-crypto-02.txt */
75 { 16 /* des3-cbc-sha1-kd */, 12 /* hmac-sha1-des3-kd */ },
77 /* per draft-raeburn-krb-rijndael-krb-02.txt */
78 { 17 /* aes128-cts-hmac-sha1-96 */, 10 /* hmac-sha1-96-aes128 */ },
79 { 18 /* aes256-cts-hmac-sha1-96 */, 11 /* hmac-sha1-96-aes256 */ },
81 /* per draft-brezak-win2k-krb-rc4-hmac-04.txt */
82 { 23 /* rc4-hmac */, -138 /* hmac-md5 */ },
83 { 24 /* rc4-hmac-exp */, -138 /* hmac-md5 */ },
85 #define N_CKSUM_MAP (sizeof(cksum_map) / sizeof(struct cksum_map_s))
87 Code_t Z_krb5_lookup_cksumtype(krb5_enctype e, krb5_cksumtype *c)
91 for (i = 0; i < N_CKSUM_MAP; i++) {
92 if (cksum_map[i].e == e) {
97 return KRB5_PROG_ETYPE_NOSUPP;
99 #endif /* HAVE_KRB5 */
101 char __Zephyr_realm[REALM_SZ];
104 void (*__Z_debug_print) __P((const char *fmt, va_list args, void *closure));
105 void *__Z_debug_print_closure;
108 #define min(a,b) ((a)<(b)?(a):(b))
110 static int Z_AddField __P((char **ptr, char *field, char *end));
111 static int find_or_insert_uid __P((ZUnique_Id_t *uid, ZNotice_Kind_t kind));
112 static Code_t Z_ZcodeFormatRawHeader __P((ZNotice_t *, char *, int, int *, char **,
113 int *, char **, char **, int cksumtype));
115 /* Find or insert uid in the old uids buffer. The buffer is a sorted
116 * circular queue. We make the assumption that most packets arrive in
117 * order, so we can usually search for a uid or insert it into the buffer
118 * by looking back just a few entries from the end. Since this code is
119 * only executed by the client, the implementation isn't microoptimized. */
120 static int find_or_insert_uid(uid, kind)
124 static struct _filter {
138 /* Initialize the uid buffer if it hasn't been done already. */
140 size = Z_INITFILTERSIZE;
141 buffer = (struct _filter *) malloc(size * sizeof(*buffer));
146 /* Age the uid buffer, discarding any uids older than the clock skew. */
148 while (num && (now - buffer[start % size].t) > CLOCK_SKEW)
152 /* Make room for a new uid, since we'll probably have to insert one. */
154 new_size = size * 2 + 2;
155 new = (struct _filter *) malloc(new_size * sizeof(*new));
158 for (i = 0; i < num; i++)
159 new[i] = buffer[(start + i) % size];
166 /* Search for this uid in the buffer, starting from the end. */
167 for (i = start + num - 1; i >= start; i--) {
168 result = memcmp(uid, &buffer[i % size].uid, sizeof(*uid));
169 if (result == 0 && buffer[i % size].kind == kind)
175 /* We didn't find it; insert the uid into the buffer after i. */
177 for (j = start + num; j > i; j--)
178 buffer[j % size] = buffer[(j - 1) % size];
179 buffer[i % size].uid = *uid;
180 buffer[i % size].kind = kind;
181 buffer[i % size].t = now;
188 /* Return 1 if there is a packet waiting, 0 otherwise */
190 int Z_PacketWaiting()
195 tv.tv_sec = tv.tv_usec = 0;
197 FD_SET(ZGetFD(), &read);
198 return (select(ZGetFD() + 1, &read, NULL, NULL, &tv));
202 /* Wait for a complete notice to become available */
204 Code_t Z_WaitForComplete()
208 if (__Q_CompleteLength)
209 return (Z_ReadEnqueue());
211 while (!__Q_CompleteLength)
212 if ((retval = Z_ReadWait()) != ZERR_NONE)
219 /* Read any available packets and enqueue them */
221 Code_t Z_ReadEnqueue()
226 return (ZERR_NOPORT);
228 while (Z_PacketWaiting())
229 if ((retval = Z_ReadWait()) != ZERR_NONE)
237 * Search the queue for a notice with the proper multiuid - remove any
238 * notices that haven't been touched in a while
241 struct _Z_InputQ *Z_SearchQueue(uid, kind)
245 register struct _Z_InputQ *qptr;
246 struct _Z_InputQ *next;
249 (void) gettimeofday(&tv, (struct timezone *)0);
254 if (ZCompareUID(uid, &qptr->uid) && qptr->kind == kind)
257 if (qptr->timep && (qptr->timep+Z_NOTICETIMELIMIT < tv.tv_sec))
265 * Now we delve into really convoluted queue handling and
266 * fragmentation reassembly algorithms and other stuff you probably
267 * don't want to look at...
269 * This routine does NOT guarantee a complete packet will be ready when it
275 register struct _Z_InputQ *qptr;
278 struct sockaddr_in olddest, from;
279 int from_len, packet_len, zvlen, part, partof;
286 return (ZERR_NOPORT);
289 FD_SET(ZGetFD(), &fds);
293 if (select(ZGetFD() + 1, &fds, NULL, NULL, &tv) < 0)
295 if (!FD_ISSET(ZGetFD(), &fds))
298 from_len = sizeof(struct sockaddr_in);
300 packet_len = recvfrom(ZGetFD(), packet, sizeof(packet), 0,
301 (struct sockaddr *)&from, &from_len);
309 /* Ignore obviously non-Zephyr packets. */
310 zvlen = sizeof(ZVERSIONHDR) - 1;
311 if (packet_len < zvlen || memcmp(packet, ZVERSIONHDR, zvlen) != 0) {
312 Z_discarded_packets++;
316 /* Parse the notice */
317 if ((retval = ZParseNotice(packet, packet_len, ¬ice)) != ZERR_NONE)
321 * If we're not a server and the notice is of an appropriate kind,
322 * send back a CLIENTACK to whoever sent it to say we got it.
324 if (!__Zephyr_server) {
325 if (notice.z_kind != HMACK && notice.z_kind != SERVACK &&
326 notice.z_kind != SERVNAK && notice.z_kind != CLIENTACK) {
332 tmpnotice.z_kind = CLIENTACK;
333 tmpnotice.z_message_len = 0;
336 if ((retval = ZFormatSmallRawNotice(&tmpnotice, pkt, &len))
339 if ((retval = ZSendPacket(pkt, len, 0)) != ZERR_NONE)
343 if (find_or_insert_uid(¬ice.z_uid, notice.z_kind))
346 /* Check authentication on the notice. */
347 notice.z_checked_auth = ZCheckAuthentication(¬ice, &from);
352 * Parse apart the z_multinotice field - if the field is blank for
353 * some reason, assume this packet stands by itself.
355 slash = strchr(notice.z_multinotice, '/');
357 part = atoi(notice.z_multinotice);
358 partof = atoi(slash+1);
359 if (part > partof || partof == 0) {
361 partof = notice.z_message_len;
366 partof = notice.z_message_len;
369 /* Too big a packet...just ignore it! */
370 if (partof > Z_MAXNOTICESIZE)
374 * If we aren't a server and we can find a notice in the queue
375 * with the same multiuid field, insert the current fragment as
378 switch (notice.z_kind) {
381 /* The SERVACK and SERVNAK replies shouldn't be reassembled
382 (they have no parts). Instead, we should hold on to the reply
383 ONLY if it's the first part of a fragmented message, i.e.
384 multi_uid == uid. This allows programs to wait for the uid
385 of the first packet, and get a response when that notice
386 arrives. Acknowledgements of the other fragments are discarded
387 (XXX we assume here that they all carry the same information
388 regarding failure/success)
390 if (!__Zephyr_server &&
391 !ZCompareUID(¬ice.z_multiuid, ¬ice.z_uid))
392 /* they're not the same... throw away this packet. */
394 /* fall thru & process it */
396 /* for HMACK types, we assume no packet loss (local loopback
397 connections). The other types can be fragmented and MUST
398 run through this code. */
399 if (!__Zephyr_server && (qptr = Z_SearchQueue(¬ice.z_multiuid,
402 * If this is the first fragment, and we haven't already
403 * gotten a first fragment, grab the header from it.
405 if (part == 0 && !qptr->header) {
406 qptr->header_len = packet_len-notice.z_message_len;
407 qptr->header = (char *) malloc((unsigned) qptr->header_len);
410 (void) memcpy(qptr->header, packet, qptr->header_len);
412 return (Z_AddNoticeToEntry(qptr, ¬ice, part));
417 * We'll have to create a new entry...make sure the queue isn't
418 * going to get too big.
420 if (__Q_Size+(__Zephyr_server ? notice.z_message_len : partof) > Z_MAXQUEUESIZE)
424 * This is a notice we haven't heard of, so create a new queue
425 * entry for it and zero it out.
427 qptr = (struct _Z_InputQ *)malloc(sizeof(struct _Z_InputQ));
430 (void) memset((char *)qptr, 0, sizeof(struct _Z_InputQ));
432 /* Insert the entry at the end of the queue */
434 qptr->prev = __Q_Tail;
436 __Q_Tail->next = qptr;
443 /* Copy the from field, multiuid, kind, and checked authentication. */
445 qptr->uid = notice.z_multiuid;
446 qptr->kind = notice.z_kind;
447 qptr->auth = notice.z_checked_auth;
450 * If this is the first part of the notice, we take the header
451 * from it. We only take it if this is the first fragment so that
452 * the Unique ID's will be predictable.
454 * If a Zephyr Server, we always take the header.
456 if (__Zephyr_server || part == 0) {
457 qptr->header_len = packet_len-notice.z_message_len;
458 qptr->header = (char *) malloc((unsigned) qptr->header_len);
461 (void) memcpy(qptr->header, packet, qptr->header_len);
465 * If this is not a fragmented notice, then don't bother with a
467 * If we are a Zephyr server, all notices are treated as complete.
469 if (__Zephyr_server || (part == 0 && notice.z_message_len == partof)) {
470 __Q_CompleteLength++;
471 qptr->holelist = (struct _Z_Hole *) 0;
473 /* allocate a msg buf for this piece */
474 if (notice.z_message_len == 0)
476 else if (!(qptr->msg = (char *) malloc((unsigned) notice.z_message_len)))
479 (void) memcpy(qptr->msg, notice.z_message, notice.z_message_len);
480 qptr->msg_len = notice.z_message_len;
481 __Q_Size += notice.z_message_len;
482 qptr->packet_len = qptr->header_len+qptr->msg_len;
483 if (!(qptr->packet = (char *) malloc((unsigned) qptr->packet_len)))
485 (void) memcpy(qptr->packet, qptr->header, qptr->header_len);
487 (void) memcpy(qptr->packet+qptr->header_len, qptr->msg,
493 * We know how long the message is going to be (this is better
494 * than IP fragmentation...), so go ahead and allocate it all.
496 if (!(qptr->msg = (char *) malloc((unsigned) partof)) && partof)
498 qptr->msg_len = partof;
502 * Well, it's a fragmented notice...allocate a hole list and
503 * initialize it to the full packet size. Then insert the
506 if (!(qptr->holelist = (struct _Z_Hole *)
507 malloc(sizeof(struct _Z_Hole))))
509 qptr->holelist->next = (struct _Z_Hole *) 0;
510 qptr->holelist->first = 0;
511 qptr->holelist->last = partof-1;
512 return (Z_AddNoticeToEntry(qptr, ¬ice, part));
516 /* Fragment management routines - compliments, more or less, of RFC815 */
518 Code_t Z_AddNoticeToEntry(qptr, notice, part)
519 struct _Z_InputQ *qptr;
523 int last, oldfirst, oldlast;
524 struct _Z_Hole *hole, *lasthole;
528 if (part < 0 || notice->z_message_len < 0 || part > qptr->msg_len
529 || notice->z_message_len > qptr->msg_len - part)
532 /* Incorporate this notice's checked authentication. */
533 if (notice->z_checked_auth == ZAUTH_FAILED)
534 qptr->auth = ZAUTH_FAILED;
535 else if (notice->z_checked_auth == ZAUTH_NO && qptr->auth != ZAUTH_FAILED)
536 qptr->auth = ZAUTH_NO;
538 (void) gettimeofday(&tv, (struct timezone *)0);
539 qptr->timep = tv.tv_sec;
541 last = part+notice->z_message_len-1;
543 hole = qptr->holelist;
544 lasthole = (struct _Z_Hole *) 0;
546 /* copy in the message body */
547 (void) memcpy(qptr->msg+part, notice->z_message, notice->z_message_len);
549 /* Search for a hole that overlaps with the current fragment */
551 if (part <= hole->last && last >= hole->first)
557 /* If we found one, delete it and reconstruct a new hole */
559 oldfirst = hole->first;
560 oldlast = hole->last;
562 lasthole->next = hole->next;
564 qptr->holelist = hole->next;
567 * Now create a new hole that is the original hole without the
570 if (part > oldfirst) {
571 /* Search for the end of the hole list */
572 hole = qptr->holelist;
573 lasthole = (struct _Z_Hole *) 0;
579 if (!(lasthole->next = (struct _Z_Hole *)
580 malloc(sizeof(struct _Z_InputQ))))
582 hole = lasthole->next;
585 if (!(qptr->holelist = (struct _Z_Hole *)
586 malloc(sizeof(struct _Z_InputQ))))
588 hole = qptr->holelist;
591 hole->first = oldfirst;
594 if (last < oldlast) {
595 /* Search for the end of the hole list */
596 hole = qptr->holelist;
597 lasthole = (struct _Z_Hole *) 0;
603 if (!(lasthole->next = (struct _Z_Hole *)
604 malloc(sizeof(struct _Z_InputQ))))
606 hole = lasthole->next;
609 if (!(qptr->holelist = (struct _Z_Hole *)
610 malloc(sizeof(struct _Z_InputQ))))
612 hole = qptr->holelist;
614 hole->next = (struct _Z_Hole *) 0;
615 hole->first = last+1;
616 hole->last = oldlast;
620 if (!qptr->holelist) {
622 __Q_CompleteLength++;
624 qptr->timep = 0; /* don't time out anymore */
625 qptr->packet_len = qptr->header_len+qptr->msg_len;
626 if (!(qptr->packet = (char *) malloc((unsigned) qptr->packet_len)))
628 (void) memcpy(qptr->packet, qptr->header, qptr->header_len);
629 (void) memcpy(qptr->packet+qptr->header_len, qptr->msg,
636 void Z_gettimeofday(struct _ZTimeval *ztv, struct timezone *tz)
639 (void) gettimeofday(&tv, tz); /* yeah, yeah, I know */
640 ztv->tv_sec=tv.tv_sec;
641 ztv->tv_usec=tv.tv_usec;
644 Code_t Z_FormatHeader(notice, buffer, buffer_len, len, cert_routine)
649 Z_AuthProc cert_routine;
652 static char version[BUFSIZ]; /* default init should be all \0 */
653 struct sockaddr_in name;
654 int namelen = sizeof(name);
656 if (!notice->z_sender)
657 notice->z_sender = ZGetSender();
659 if (notice->z_port == 0) {
661 retval = ZOpenPort((u_short *)0);
662 if (retval != ZERR_NONE)
665 retval = getsockname(ZGetFD(), (struct sockaddr *) &name, &namelen);
668 notice->z_port = name.sin_port;
671 notice->z_multinotice = "";
673 (void) Z_gettimeofday(¬ice->z_uid.tv, (struct timezone *)0);
674 notice->z_uid.tv.tv_sec = htonl((u_long) notice->z_uid.tv.tv_sec);
675 notice->z_uid.tv.tv_usec = htonl((u_long) notice->z_uid.tv.tv_usec);
677 (void) memcpy(¬ice->z_uid.zuid_addr, &__My_addr, sizeof(__My_addr));
679 notice->z_multiuid = notice->z_uid;
682 (void) sprintf(version, "%s%d.%d", ZVERSIONHDR, ZVERSIONMAJOR,
684 notice->z_version = version;
686 return Z_FormatAuthHeader(notice, buffer, buffer_len, len, cert_routine);
689 Code_t Z_NewFormatHeader(notice, buffer, buffer_len, len, cert_routine)
694 Z_AuthProc cert_routine;
697 static char version[BUFSIZ]; /* default init should be all \0 */
698 struct sockaddr_in name;
700 int namelen = sizeof(name);
702 if (!notice->z_sender)
703 notice->z_sender = ZGetSender();
705 if (notice->z_port == 0) {
707 retval = ZOpenPort((u_short *)0);
708 if (retval != ZERR_NONE)
711 retval = getsockname(ZGetFD(), (struct sockaddr *) &name, &namelen);
714 notice->z_port = name.sin_port;
717 notice->z_multinotice = "";
719 (void) gettimeofday(&tv, (struct timezone *)0);
720 notice->z_uid.tv.tv_sec = htonl((u_long) tv.tv_sec);
721 notice->z_uid.tv.tv_usec = htonl((u_long) tv.tv_usec);
723 (void) memcpy(¬ice->z_uid.zuid_addr, &__My_addr, sizeof(__My_addr));
725 notice->z_multiuid = notice->z_uid;
728 (void) sprintf(version, "%s%d.%d", ZVERSIONHDR, ZVERSIONMAJOR,
730 notice->z_version = version;
732 return Z_NewFormatAuthHeader(notice, buffer, buffer_len, len, cert_routine);
735 Code_t Z_FormatAuthHeader(notice, buffer, buffer_len, len, cert_routine)
740 Z_AuthProc cert_routine;
744 notice->z_authent_len = 0;
745 notice->z_ascii_authent = "";
746 notice->z_checksum = 0;
747 return (Z_FormatRawHeader(notice, buffer, buffer_len,
751 return ((*cert_routine)(notice, buffer, buffer_len, len));
754 Code_t Z_NewFormatAuthHeader(notice, buffer, buffer_len, len, cert_routine)
759 Z_AuthProc cert_routine;
763 notice->z_authent_len = 0;
764 notice->z_ascii_authent = "";
765 notice->z_checksum = 0;
766 return (Z_FormatRawHeader(notice, buffer, buffer_len,
770 return ((*cert_routine)(notice, buffer, buffer_len, len));
773 Code_t Z_NewFormatRawHeader(notice, buffer, buffer_len, hdr_len,
774 cksum_start, cksum_len, cstart, cend)
781 char **cstart, **cend;
783 return(Z_ZcodeFormatRawHeader(notice, buffer, buffer_len, hdr_len,
784 cksum_start, cksum_len, cstart, cend, 0));
787 Code_t Z_AsciiFormatRawHeader(notice, buffer, buffer_len, hdr_len,
788 cksum_start, cksum_len, cstart, cend)
795 char **cstart, **cend;
797 return(Z_ZcodeFormatRawHeader(notice, buffer, buffer_len, hdr_len,
798 cksum_start, cksum_len, cstart, cend, 1));
801 static Code_t Z_ZcodeFormatRawHeader(notice, buffer, buffer_len, hdr_len, cksum_start,
802 cksum_len, cstart, cend, cksumstyle)
809 char **cstart, **cend;
812 static char version_nogalaxy[BUFSIZ]; /* default init should be all \0 */
813 char newrecip[BUFSIZ];
817 if (!notice->z_class)
818 notice->z_class = "";
820 if (!notice->z_class_inst)
821 notice->z_class_inst = "";
823 if (!notice->z_opcode)
824 notice->z_opcode = "";
826 if (!notice->z_recipient)
827 notice->z_recipient = "";
829 if (!notice->z_default_format)
830 notice->z_default_format = "";
833 end = buffer+buffer_len;
838 (void) sprintf(version_nogalaxy, "%s%d.%d", ZVERSIONHDR,
839 ZVERSIONMAJOR, ZVERSIONMINOR);
841 notice->z_version = version_nogalaxy;
843 if (Z_AddField(&ptr, version_nogalaxy, end))
844 return (ZERR_HEADERLEN);
846 if (ZMakeAscii32(ptr, end-ptr,
847 Z_NUMFIELDS + notice->z_num_other_fields)
849 return (ZERR_HEADERLEN);
850 ptr += strlen(ptr)+1;
852 if (ZMakeAscii32(ptr, end-ptr, notice->z_kind) == ZERR_FIELDLEN)
853 return (ZERR_HEADERLEN);
854 ptr += strlen(ptr)+1;
856 if (ZMakeAscii(ptr, end-ptr, (unsigned char *)¬ice->z_uid,
857 sizeof(ZUnique_Id_t)) == ZERR_FIELDLEN)
858 return (ZERR_HEADERLEN);
859 ptr += strlen(ptr)+1;
861 if (ZMakeAscii16(ptr, end-ptr, ntohs(notice->z_port)) == ZERR_FIELDLEN)
862 return (ZERR_HEADERLEN);
863 ptr += strlen(ptr)+1;
865 if (ZMakeAscii32(ptr, end-ptr, notice->z_auth) == ZERR_FIELDLEN)
866 return (ZERR_HEADERLEN);
867 ptr += strlen(ptr)+1;
869 if (ZMakeAscii32(ptr, end-ptr, notice->z_authent_len) == ZERR_FIELDLEN)
870 return (ZERR_HEADERLEN);
871 ptr += strlen(ptr)+1;
873 if (Z_AddField(&ptr, notice->z_ascii_authent, end))
874 return (ZERR_HEADERLEN);
875 if (Z_AddField(&ptr, notice->z_class, end))
876 return (ZERR_HEADERLEN);
877 if (Z_AddField(&ptr, notice->z_class_inst, end))
878 return (ZERR_HEADERLEN);
879 if (Z_AddField(&ptr, notice->z_opcode, end))
880 return (ZERR_HEADERLEN);
881 if (Z_AddField(&ptr, notice->z_sender, end))
882 return (ZERR_HEADERLEN);
883 if (strchr(notice->z_recipient, '@') || !*notice->z_recipient) {
884 if (Z_AddField(&ptr, notice->z_recipient, end))
885 return (ZERR_HEADERLEN);
888 if (strlen(notice->z_recipient) + strlen(__Zephyr_realm) + 2 >
890 return (ZERR_HEADERLEN);
891 (void) sprintf(newrecip, "%s@%s", notice->z_recipient, __Zephyr_realm);
892 if (Z_AddField(&ptr, newrecip, end))
893 return (ZERR_HEADERLEN);
895 if (Z_AddField(&ptr, notice->z_default_format, end))
896 return (ZERR_HEADERLEN);
898 /* copy back the end pointer location for crypto checksum */
901 if (cksumstyle == 1) {
902 if (Z_AddField(&ptr, notice->z_ascii_checksum, end))
903 return (ZERR_HEADERLEN);
906 if (ZMakeZcode32(ptr, end-ptr, notice->z_checksum) == ZERR_FIELDLEN)
907 return ZERR_HEADERLEN;
909 if (ZMakeAscii32(ptr, end-ptr, notice->z_checksum) == ZERR_FIELDLEN)
910 return (ZERR_HEADERLEN);
912 ptr += strlen(ptr)+1;
917 if (Z_AddField(&ptr, notice->z_multinotice, end))
918 return (ZERR_HEADERLEN);
920 if (ZMakeAscii(ptr, end-ptr, (unsigned char *)¬ice->z_multiuid,
921 sizeof(ZUnique_Id_t)) == ZERR_FIELDLEN)
922 return (ZERR_HEADERLEN);
923 ptr += strlen(ptr)+1;
925 for (i=0;i<notice->z_num_other_fields;i++)
926 if (Z_AddField(&ptr, notice->z_other_fields[i], end))
927 return (ZERR_HEADERLEN);
930 *cksum_len = ptr-*cksum_start;
932 *hdr_len = ptr-buffer;
936 printf("Z_FormatRawHeader output:\n");
937 for (i = 0; i < *hdr_len; i += 16) {
940 for (i2 = i; i2 < i+16 && i2 < *hdr_len; i2++)
941 printf(" %02x", buffer[i2] & 0xff);
942 for (; i2 < i+16; i2++)
945 for (i2 = i; i2 < i+16 && i2 < *hdr_len; i2++)
947 ((buffer[i2] > 0 && buffer[i2] < 127 && isprint(buffer[i2]))
958 Code_t Z_FormatRawHeader(notice, buffer, buffer_len, len, cstart, cend)
963 char **cstart, **cend;
965 char newrecip[BUFSIZ];
969 if (!notice->z_class)
970 notice->z_class = "";
972 if (!notice->z_class_inst)
973 notice->z_class_inst = "";
975 if (!notice->z_opcode)
976 notice->z_opcode = "";
978 if (!notice->z_recipient)
979 notice->z_recipient = "";
981 if (!notice->z_default_format)
982 notice->z_default_format = "";
985 end = buffer+buffer_len;
987 if (buffer_len < strlen(notice->z_version)+1)
988 return (ZERR_HEADERLEN);
990 (void) strcpy(ptr, notice->z_version);
991 ptr += strlen(ptr)+1;
993 if (ZMakeAscii32(ptr, end-ptr, Z_NUMFIELDS + notice->z_num_other_fields)
995 return (ZERR_HEADERLEN);
996 ptr += strlen(ptr)+1;
998 if (ZMakeAscii32(ptr, end-ptr, notice->z_kind) == ZERR_FIELDLEN)
999 return (ZERR_HEADERLEN);
1000 ptr += strlen(ptr)+1;
1002 if (ZMakeAscii(ptr, end-ptr, (unsigned char *)¬ice->z_uid,
1003 sizeof(ZUnique_Id_t)) == ZERR_FIELDLEN)
1004 return (ZERR_HEADERLEN);
1005 ptr += strlen(ptr)+1;
1007 if (ZMakeAscii16(ptr, end-ptr, ntohs(notice->z_port)) == ZERR_FIELDLEN)
1008 return (ZERR_HEADERLEN);
1009 ptr += strlen(ptr)+1;
1011 if (ZMakeAscii32(ptr, end-ptr, notice->z_auth) == ZERR_FIELDLEN)
1012 return (ZERR_HEADERLEN);
1013 ptr += strlen(ptr)+1;
1015 if (ZMakeAscii32(ptr, end-ptr, notice->z_authent_len) == ZERR_FIELDLEN)
1016 return (ZERR_HEADERLEN);
1017 ptr += strlen(ptr)+1;
1019 if (Z_AddField(&ptr, notice->z_ascii_authent, end))
1020 return (ZERR_HEADERLEN);
1021 if (Z_AddField(&ptr, notice->z_class, end))
1022 return (ZERR_HEADERLEN);
1023 if (Z_AddField(&ptr, notice->z_class_inst, end))
1024 return (ZERR_HEADERLEN);
1025 if (Z_AddField(&ptr, notice->z_opcode, end))
1026 return (ZERR_HEADERLEN);
1027 if (Z_AddField(&ptr, notice->z_sender, end))
1028 return (ZERR_HEADERLEN);
1029 if (strchr(notice->z_recipient, '@') || !*notice->z_recipient) {
1030 if (Z_AddField(&ptr, notice->z_recipient, end))
1031 return (ZERR_HEADERLEN);
1034 if (strlen(notice->z_recipient) + strlen(__Zephyr_realm) + 2 >
1036 return (ZERR_HEADERLEN);
1037 (void) sprintf(newrecip, "%s@%s", notice->z_recipient, __Zephyr_realm);
1038 if (Z_AddField(&ptr, newrecip, end))
1039 return (ZERR_HEADERLEN);
1041 if (Z_AddField(&ptr, notice->z_default_format, end))
1042 return (ZERR_HEADERLEN);
1044 /* copy back the end pointer location for crypto checksum */
1047 if (ZMakeAscii32(ptr, end-ptr, notice->z_checksum) == ZERR_FIELDLEN)
1048 return (ZERR_HEADERLEN);
1049 ptr += strlen(ptr)+1;
1053 if (Z_AddField(&ptr, notice->z_multinotice, end))
1054 return (ZERR_HEADERLEN);
1056 if (ZMakeAscii(ptr, end-ptr, (unsigned char *)¬ice->z_multiuid,
1057 sizeof(ZUnique_Id_t)) == ZERR_FIELDLEN)
1058 return (ZERR_HEADERLEN);
1059 ptr += strlen(ptr)+1;
1061 for (i=0;i<notice->z_num_other_fields;i++)
1062 if (Z_AddField(&ptr, notice->z_other_fields[i], end))
1063 return (ZERR_HEADERLEN);
1071 Z_AddField(ptr, field, end)
1072 char **ptr, *field, *end;
1076 len = field ? strlen (field) + 1 : 1;
1081 (void) strcpy(*ptr, field);
1089 struct _Z_InputQ *Z_GetFirstComplete()
1091 struct _Z_InputQ *qptr;
1101 return ((struct _Z_InputQ *)0);
1104 struct _Z_InputQ *Z_GetNextComplete(qptr)
1105 struct _Z_InputQ *qptr;
1114 return ((struct _Z_InputQ *)0);
1117 void Z_RemQueue(qptr)
1118 struct _Z_InputQ *qptr;
1120 struct _Z_Hole *hole, *nexthole;
1123 __Q_CompleteLength--;
1125 __Q_Size -= qptr->msg_len;
1134 hole = qptr->holelist;
1136 nexthole = hole->next;
1141 if (qptr == __Q_Head && __Q_Head == __Q_Tail) {
1142 free ((char *)qptr);
1143 __Q_Head = (struct _Z_InputQ *)0;
1144 __Q_Tail = (struct _Z_InputQ *)0;
1148 if (qptr == __Q_Head) {
1149 __Q_Head = qptr->next;
1150 __Q_Head->prev = (struct _Z_InputQ *)0;
1151 free ((char *)qptr);
1154 if (qptr == __Q_Tail) {
1155 __Q_Tail = qptr->prev;
1156 __Q_Tail->next = (struct _Z_InputQ *)0;
1157 free ((char *)qptr);
1160 qptr->prev->next = qptr->next;
1161 qptr->next->prev = qptr->prev;
1162 free ((char *)qptr);
1166 Code_t Z_SendFragmentedNotice(notice, len, cert_func, send_func)
1169 Z_AuthProc cert_func;
1170 Z_SendProc send_func;
1172 ZNotice_t partnotice;
1175 int offset, hdrsize, fragsize, ret_len, message_len, waitforack;
1178 hdrsize = len-notice->z_message_len;
1179 fragsize = Z_MAXPKTLEN-hdrsize-Z_FRAGFUDGE;
1183 waitforack = ((notice->z_kind == UNACKED || notice->z_kind == ACKED)
1184 && !__Zephyr_server);
1186 partnotice = *notice;
1188 while (offset < notice->z_message_len || !notice->z_message_len) {
1189 (void) sprintf(multi, "%d/%d", offset, notice->z_message_len);
1190 partnotice.z_multinotice = multi;
1192 (void) Z_gettimeofday(&partnotice.z_uid.tv,
1193 (struct timezone *)0);
1194 partnotice.z_uid.tv.tv_sec =
1195 htonl((u_long) partnotice.z_uid.tv.tv_sec);
1196 partnotice.z_uid.tv.tv_usec =
1197 htonl((u_long) partnotice.z_uid.tv.tv_usec);
1198 (void) memcpy((char *)&partnotice.z_uid.zuid_addr, &__My_addr,
1201 message_len = min(notice->z_message_len-offset, fragsize);
1202 partnotice.z_message = notice->z_message+offset;
1203 partnotice.z_message_len = message_len;
1204 if ((retval = Z_FormatAuthHeader(&partnotice, buffer, Z_MAXHEADERLEN,
1205 &ret_len, cert_func)) != ZERR_NONE) {
1208 memcpy(buffer + ret_len, partnotice.z_message, message_len);
1209 if ((retval = (*send_func)(&partnotice, buffer, ret_len+message_len,
1210 waitforack)) != ZERR_NONE) {
1214 if (!notice->z_message_len)
1222 Code_t Z_XmitFragment(notice, buf, len, wait)
1228 return(ZSendPacket(buf, len, wait));
1232 /* For debugging printing */
1233 const char *const ZNoticeKinds[] = {
1234 "UNSAFE", "UNACKED", "ACKED", "HMACK", "HMCTL", "SERVACK", "SERVNAK",
1242 #ifdef HAVE_STDARG_H
1243 void Z_debug (const char *format, ...)
1246 if (!__Z_debug_print)
1248 va_start (pvar, format);
1249 (*__Z_debug_print) (format, pvar, __Z_debug_print_closure);
1253 void Z_debug (va_alist) va_dcl
1257 if (!__Z_debug_print)
1260 format = va_arg (pvar, char *);
1261 (*__Z_debug_print) (format, pvar, __Z_debug_print_closure);
1266 void Z_debug_stderr (format, args, closure)
1272 vfprintf (stderr, format, args);
1274 _doprnt (format, args, stderr);
1276 putc ('\n', stderr);
1280 int ZGetFD () { return __Zephyr_fd; }
1283 int ZQLength () { return __Q_CompleteLength; }
1286 struct sockaddr_in ZGetDestAddr () { return __HM_addr; }
1289 Zconst char * ZGetRealm () { return __Zephyr_realm; }
1292 void ZSetDebug(proc, arg)
1293 void (*proc) __P((const char *, va_list, void *));
1296 __Z_debug_print = proc;
1297 __Z_debug_print_closure = arg;
1299 #endif /* Z_DEBUG */
1302 Code_t Z_Checksum(krb5_data *cksumbuf, krb5_keyblock *keyblock,
1303 krb5_cksumtype cksumtype,
1304 char **asn1_data, int *asn1_len) {
1305 krb5_error_code result;
1308 #if HAVE_KRB5_C_MAKE_CHECKSUM
1309 krb5_checksum checksum;
1312 krb5_crypto cryptctx;
1315 #if HAVE_KRB5_C_MAKE_CHECKSUM
1316 /* Create the checksum -- MIT crypto API */
1317 result = krb5_c_make_checksum(Z_krb5_ctx, cksumtype,
1318 keyblock, Z_KEYUSAGE_CLT_CKSUM,
1319 cksumbuf, &checksum);
1322 /* HOLDING: checksum */
1324 data = checksum.contents;
1325 len = checksum.length;
1327 /* Create the checksum -- heimdal crypto API */
1328 result = krb5_crypto_init(Z_krb5_ctx, keyblock, keyblock->keytype,
1333 /* HOLDING: cryptctx */
1334 result = krb5_create_checksum(Z_krb5_ctx, cryptctx,
1335 Z_KEYUSAGE_CLT_CKSUM, cksumtype,
1336 cksumbuf->data, cksumbuf->length,
1338 krb5_crypto_destroy(Z_krb5_ctx, cryptctx);
1342 len = checksum.checksum.length;
1343 data = checksum.checksum.data;
1344 /* HOLDING: checksum */
1347 *asn1_data = malloc(len);
1348 if (*asn1_data == NULL)
1350 memcpy(*asn1_data, data, len);
1353 #if HAVE_KRB5_C_MAKE_CHECKSUM
1354 krb5_free_checksum_contents(Z_krb5_ctx, &checksum);
1356 free_Checksum(&checksum);
1363 Z_InsertZcodeChecksum(krb5_keyblock *keyblock, ZNotice_t *notice,
1364 char *buffer, char *cksum_start, int cksum_len,
1365 char *cstart, char *cend, int buffer_len,
1368 int plain_len; /* length of part not to be checksummed */
1369 int cksum0_len; /* length of part before checksum */
1370 int cksum1_len; /* length of part after checksum */
1375 krb5_enctype enctype;
1376 krb5_cksumtype cksumtype;
1379 key_data = Z_keydata(keyblock);
1380 key_len = Z_keylen(keyblock);
1381 result = Z_ExtractEncCksum(keyblock, &enctype, &cksumtype);
1383 return (ZAUTH_FAILED);
1385 /* Assemble the things to be checksummed */
1386 plain_len = cksum_start - buffer;
1387 cksum0_len = cstart - cksum_start;
1388 cksum1_len = (cksum_start + cksum_len) - cend;
1389 memset(&cksumbuf, 0, sizeof(cksumbuf));
1390 cksumbuf.length = cksum0_len + cksum1_len + notice->z_message_len;
1391 cksumbuf.data = malloc(cksumbuf.length);
1394 memcpy(cksumbuf.data, cksum_start, cksum0_len);
1395 memcpy(cksumbuf.data + cksum0_len, cend, cksum1_len);
1396 memcpy(cksumbuf.data + cksum0_len + cksum1_len,
1397 notice->z_message, notice->z_message_len);
1398 /* compute the checksum */
1399 result = Z_Checksum(&cksumbuf, keyblock, cksumtype,
1400 (char **)&cksum.data, &cksum.length);
1402 free(cksumbuf.data);
1407 * OK.... we can zcode to a space starting at 'cstart',
1408 * with a length of buffer_len - (plain_len + cksum_len).
1409 * Then we tack on the end part, which is located at
1410 * cksumbuf.data + cksum0_len and has length cksum1_len
1413 result = ZMakeZcode(cstart, buffer_len - (plain_len + cksum_len),
1414 cksum.data, cksum.length);
1417 int zcode_len = strlen(cstart) + 1;
1418 memcpy(cstart + zcode_len, cksumbuf.data + cksum0_len, cksum1_len);
1419 *length_adjust = zcode_len - cksum_len + (cksum0_len + cksum1_len);
1421 free(cksumbuf.data);
1426 Z_ExtractEncCksum(krb5_keyblock *keyblock, krb5_enctype *enctype,
1427 krb5_cksumtype *cksumtype) {
1428 #if HAVE_KRB5_CREDS_KEYBLOCK_ENCTYPE
1429 *enctype = keyblock->enctype;
1430 return Z_krb5_lookup_cksumtype(*enctype, cksumtype);
1437 result = krb5_keytype_to_enctypes(Z_krb5_ctx, keyblock->keytype,
1443 if (i == len) break;
1444 result = Z_krb5_lookup_cksumtype(val[i], cksumtype);
1446 } while (result != 0);
1451 *enctype = val[i-1];
1458 /* returns 0 if invalid or losing, 1 if valid, *sigh* */
1460 Z_krb5_verify_cksum(krb5_keyblock *keyblock, krb5_data *cksumbuf,
1461 krb5_cksumtype cksumtype, char *asn1_data,
1463 krb5_error_code result;
1464 #if HAVE_KRB5_C_MAKE_CHECKSUM
1465 krb5_checksum checksum;
1468 krb5_crypto cryptctx;
1473 memset(&checksum, 0, sizeof(checksum));
1474 #if HAVE_KRB5_C_MAKE_CHECKSUM
1475 /* Verify the checksum -- MIT crypto API */
1476 checksum.length = asn1_len;
1477 checksum.contents = asn1_data;
1478 checksum.checksum_type = cksumtype;
1479 result = krb5_c_verify_checksum(Z_krb5_ctx,
1480 keyblock, Z_KEYUSAGE_SRV_CKSUM,
1481 cksumbuf, &checksum, &valid);
1482 if (!result && valid)
1487 checksum.checksum.length = asn1_len;
1488 checksum.checksum.data = asn1_data;
1489 checksum.cksumtype = cksumtype;
1491 result = krb5_crypto_init(Z_krb5_ctx, keyblock, keyblock->keytype, &cryptctx);
1495 /* HOLDING: cryptctx */
1496 result = krb5_verify_checksum(Z_krb5_ctx, cryptctx,
1497 Z_KEYUSAGE_SRV_CKSUM,
1498 cksumbuf->data, cksumbuf->length,
1500 krb5_crypto_destroy(Z_krb5_ctx, cryptctx);