1 /* This file is part of the Project Athena Zephyr Notification System.
2 * It contains source for the internal Zephyr routines.
4 * Created by: Robert French
8 * Copyright (c) 1987,1988,1991 by the Massachusetts Institute of
10 * For copying and distribution information, see the file
15 #include <arpa/inet.h>
16 #include <sys/socket.h>
20 static const char rcsid_Zinternal_c[] =
22 static const char copyright[] =
23 "Copyright (c) 1987,1988,1991 by the Massachusetts Institute of Technology.";
28 int __Zephyr_port = -1;
29 struct in_addr __My_addr;
30 int __Q_CompleteLength;
32 struct _Z_InputQ *__Q_Head, *__Q_Tail;
33 struct sockaddr_in __HM_addr;
34 struct sockaddr_in __HM_addr_real;
37 ZLocations_t *__locate_list;
40 ZSubscription_t *__subscriptions_list;
41 int __subscriptions_num;
42 int __subscriptions_next;
43 int Z_discarded_packets = 0;
46 /* This context is used throughout */
47 krb5_context Z_krb5_ctx;
49 static struct cksum_map_s {
53 /* per RFC1510 and draft-ietf-krb-wg-crypto-02.txt */
54 { ENCTYPE_NULL, CKSUMTYPE_RSA_MD5 },
55 { ENCTYPE_DES_CBC_CRC, CKSUMTYPE_RSA_MD5_DES },
56 { ENCTYPE_DES_CBC_MD4, CKSUMTYPE_RSA_MD4_DES },
57 { ENCTYPE_DES_CBC_MD5, CKSUMTYPE_RSA_MD5_DES },
60 * The implementors hate us, and are inconsistent with names for
61 * most things defined after RFC1510. Note that des3-cbc-sha1
62 * and des3-cbc-sha1-kd are listed by number to avoid confusion
63 * caused by inconsistency between the names used in the specs
64 * and those used by implementations.
65 * -- jhutz, 30-Nov-2002
68 /* source lost in history (an expired internet-draft) */
69 { 5 /* des3-cbc-md5 */, 9 /* rsa-md5-des3 */ },
70 { 7 /* des3-cbc-sha1 */, 13 /* hmac-sha1-des3 */ },
72 /* per draft-ietf-krb-wg-crypto-02.txt */
73 { 16 /* des3-cbc-sha1-kd */, 12 /* hmac-sha1-des3-kd */ },
75 /* per draft-raeburn-krb-rijndael-krb-02.txt */
76 { 17 /* aes128-cts-hmac-sha1-96 */, 15 /* hmac-sha1-96-aes128 */ },
77 { 18 /* aes256-cts-hmac-sha1-96 */, 16 /* hmac-sha1-96-aes256 */ },
79 /* per draft-brezak-win2k-krb-rc4-hmac-04.txt */
80 { 23 /* rc4-hmac */, -138 /* hmac-md5 */ },
81 { 24 /* rc4-hmac-exp */, -138 /* hmac-md5 */ },
83 #define N_CKSUM_MAP (sizeof(cksum_map) / sizeof(struct cksum_map_s))
86 Z_krb5_lookup_cksumtype(krb5_enctype e,
91 for (i = 0; i < N_CKSUM_MAP; i++) {
92 if (cksum_map[i].e == e) {
97 return KRB5_PROG_ETYPE_NOSUPP;
99 #endif /* HAVE_KRB5 */
101 char __Zephyr_realm[REALM_SZ];
104 void (*__Z_debug_print)(const char *fmt, va_list args, void *closure);
105 void *__Z_debug_print_closure;
108 #define min(a,b) ((a)<(b)?(a):(b))
110 static int Z_AddField(char **ptr, char *field, char *end);
111 static int find_or_insert_uid(ZUnique_Id_t *uid, ZNotice_Kind_t kind);
112 static Code_t Z_ZcodeFormatRawHeader(ZNotice_t *, char *, int, int *, char **,
113 int *, char **, char **, int cksumtype);
115 /* Find or insert uid in the old uids buffer. The buffer is a sorted
116 * circular queue. We make the assumption that most packets arrive in
117 * order, so we can usually search for a uid or insert it into the buffer
118 * by looking back just a few entries from the end. Since this code is
119 * only executed by the client, the implementation isn't microoptimized. */
121 find_or_insert_uid(ZUnique_Id_t *uid,
124 static struct _filter {
138 /* Initialize the uid buffer if it hasn't been done already. */
140 size = Z_INITFILTERSIZE;
141 buffer = (struct _filter *) malloc(size * sizeof(*buffer));
146 /* Age the uid buffer, discarding any uids older than the clock skew. */
148 while (num && (now - buffer[start % size].t) > CLOCK_SKEW)
152 /* Make room for a new uid, since we'll probably have to insert one. */
154 new_size = size * 2 + 2;
155 new = (struct _filter *) malloc(new_size * sizeof(*new));
158 for (i = 0; i < num; i++)
159 new[i] = buffer[(start + i) % size];
166 /* Search for this uid in the buffer, starting from the end. */
167 for (i = start + num - 1; i >= start; i--) {
168 result = memcmp(uid, &buffer[i % size].uid, sizeof(*uid));
169 if (result == 0 && buffer[i % size].kind == kind)
175 /* We didn't find it; insert the uid into the buffer after i. */
177 for (j = start + num; j > i; j--)
178 buffer[j % size] = buffer[(j - 1) % size];
179 buffer[i % size].uid = *uid;
180 buffer[i % size].kind = kind;
181 buffer[i % size].t = now;
188 /* Return 1 if there is a packet waiting, 0 otherwise */
191 Z_PacketWaiting(void)
196 tv.tv_sec = tv.tv_usec = 0;
198 FD_SET(ZGetFD(), &read);
199 return (select(ZGetFD() + 1, &read, NULL, NULL, &tv));
203 /* Wait for a complete notice to become available */
206 Z_WaitForComplete(void)
210 if (__Q_CompleteLength)
211 return (Z_ReadEnqueue());
213 while (!__Q_CompleteLength)
214 if ((retval = Z_ReadWait()) != ZERR_NONE)
221 /* Read any available packets and enqueue them */
229 return (ZERR_NOPORT);
231 while (Z_PacketWaiting())
232 if ((retval = Z_ReadWait()) != ZERR_NONE)
240 * Search the queue for a notice with the proper multiuid - remove any
241 * notices that haven't been touched in a while
245 Z_SearchQueue(ZUnique_Id_t *uid,
248 register struct _Z_InputQ *qptr;
249 struct _Z_InputQ *next;
252 (void) gettimeofday(&tv, (struct timezone *)0);
257 if (ZCompareUID(uid, &qptr->uid) && qptr->kind == kind)
260 if (qptr->timep && (qptr->timep+Z_NOTICETIMELIMIT < tv.tv_sec))
268 * Now we delve into really convoluted queue handling and
269 * fragmentation reassembly algorithms and other stuff you probably
270 * don't want to look at...
272 * This routine does NOT guarantee a complete packet will be ready when it
279 register struct _Z_InputQ *qptr;
282 struct sockaddr_in olddest, from;
283 int from_len, packet_len, zvlen, part, partof;
290 return (ZERR_NOPORT);
293 FD_SET(ZGetFD(), &fds);
297 if (select(ZGetFD() + 1, &fds, NULL, NULL, &tv) < 0)
299 if (!FD_ISSET(ZGetFD(), &fds))
302 from_len = sizeof(struct sockaddr_in);
304 packet_len = recvfrom(ZGetFD(), packet, sizeof(packet), 0,
305 (struct sockaddr *)&from, &from_len);
313 /* Ignore obviously non-Zephyr packets. */
314 zvlen = sizeof(ZVERSIONHDR) - 1;
315 if (packet_len < zvlen || memcmp(packet, ZVERSIONHDR, zvlen) != 0) {
316 Z_discarded_packets++;
320 /* Parse the notice */
321 if ((retval = ZParseNotice(packet, packet_len, ¬ice)) != ZERR_NONE)
325 * If we're not a server and the notice is of an appropriate kind,
326 * send back a CLIENTACK to whoever sent it to say we got it.
328 if (!__Zephyr_server) {
329 if (notice.z_kind != HMACK && notice.z_kind != SERVACK &&
330 notice.z_kind != SERVNAK && notice.z_kind != CLIENTACK) {
336 tmpnotice.z_kind = CLIENTACK;
337 tmpnotice.z_message_len = 0;
340 if ((retval = ZFormatSmallRawNotice(&tmpnotice, pkt, &len))
343 if ((retval = ZSendPacket(pkt, len, 0)) != ZERR_NONE)
347 if (find_or_insert_uid(¬ice.z_uid, notice.z_kind))
350 /* Check authentication on the notice. */
351 notice.z_checked_auth = ZCheckAuthentication(¬ice, &from);
356 * Parse apart the z_multinotice field - if the field is blank for
357 * some reason, assume this packet stands by itself.
359 slash = strchr(notice.z_multinotice, '/');
361 part = atoi(notice.z_multinotice);
362 partof = atoi(slash+1);
363 if (part > partof || partof == 0) {
365 partof = notice.z_message_len;
370 partof = notice.z_message_len;
373 /* Too big a packet...just ignore it! */
374 if (partof > Z_MAXNOTICESIZE)
378 * If we aren't a server and we can find a notice in the queue
379 * with the same multiuid field, insert the current fragment as
382 switch (notice.z_kind) {
385 /* The SERVACK and SERVNAK replies shouldn't be reassembled
386 (they have no parts). Instead, we should hold on to the reply
387 ONLY if it's the first part of a fragmented message, i.e.
388 multi_uid == uid. This allows programs to wait for the uid
389 of the first packet, and get a response when that notice
390 arrives. Acknowledgements of the other fragments are discarded
391 (XXX we assume here that they all carry the same information
392 regarding failure/success)
394 if (!__Zephyr_server &&
395 !ZCompareUID(¬ice.z_multiuid, ¬ice.z_uid))
396 /* they're not the same... throw away this packet. */
398 /* fall thru & process it */
400 /* for HMACK types, we assume no packet loss (local loopback
401 connections). The other types can be fragmented and MUST
402 run through this code. */
403 if (!__Zephyr_server && (qptr = Z_SearchQueue(¬ice.z_multiuid,
406 * If this is the first fragment, and we haven't already
407 * gotten a first fragment, grab the header from it.
409 if (part == 0 && !qptr->header) {
410 qptr->header_len = packet_len-notice.z_message_len;
411 qptr->header = (char *) malloc((unsigned) qptr->header_len);
414 (void) memcpy(qptr->header, packet, qptr->header_len);
416 return (Z_AddNoticeToEntry(qptr, ¬ice, part));
421 * We'll have to create a new entry...make sure the queue isn't
422 * going to get too big.
424 if (__Q_Size+(__Zephyr_server ? notice.z_message_len : partof) > Z_MAXQUEUESIZE)
428 * This is a notice we haven't heard of, so create a new queue
429 * entry for it and zero it out.
431 qptr = (struct _Z_InputQ *)malloc(sizeof(struct _Z_InputQ));
434 (void) memset((char *)qptr, 0, sizeof(struct _Z_InputQ));
436 /* Insert the entry at the end of the queue */
438 qptr->prev = __Q_Tail;
440 __Q_Tail->next = qptr;
447 /* Copy the from field, multiuid, kind, and checked authentication. */
449 qptr->uid = notice.z_multiuid;
450 qptr->kind = notice.z_kind;
451 qptr->auth = notice.z_checked_auth;
454 * If this is the first part of the notice, we take the header
455 * from it. We only take it if this is the first fragment so that
456 * the Unique ID's will be predictable.
458 * If a Zephyr Server, we always take the header.
460 if (__Zephyr_server || part == 0) {
461 qptr->header_len = packet_len-notice.z_message_len;
462 qptr->header = (char *) malloc((unsigned) qptr->header_len);
465 (void) memcpy(qptr->header, packet, qptr->header_len);
469 * If this is not a fragmented notice, then don't bother with a
471 * If we are a Zephyr server, all notices are treated as complete.
473 if (__Zephyr_server || (part == 0 && notice.z_message_len == partof)) {
474 __Q_CompleteLength++;
475 qptr->holelist = (struct _Z_Hole *) 0;
477 /* allocate a msg buf for this piece */
478 if (notice.z_message_len == 0)
480 else if (!(qptr->msg = (char *) malloc((unsigned) notice.z_message_len)))
483 (void) memcpy(qptr->msg, notice.z_message, notice.z_message_len);
484 qptr->msg_len = notice.z_message_len;
485 __Q_Size += notice.z_message_len;
486 qptr->packet_len = qptr->header_len+qptr->msg_len;
487 if (!(qptr->packet = (char *) malloc((unsigned) qptr->packet_len)))
489 (void) memcpy(qptr->packet, qptr->header, qptr->header_len);
491 (void) memcpy(qptr->packet+qptr->header_len, qptr->msg,
497 * We know how long the message is going to be (this is better
498 * than IP fragmentation...), so go ahead and allocate it all.
500 if (!(qptr->msg = (char *) malloc((unsigned) partof)) && partof)
502 qptr->msg_len = partof;
506 * Well, it's a fragmented notice...allocate a hole list and
507 * initialize it to the full packet size. Then insert the
510 if (!(qptr->holelist = (struct _Z_Hole *)
511 malloc(sizeof(struct _Z_Hole))))
513 qptr->holelist->next = (struct _Z_Hole *) 0;
514 qptr->holelist->first = 0;
515 qptr->holelist->last = partof-1;
516 return (Z_AddNoticeToEntry(qptr, ¬ice, part));
520 /* Fragment management routines - compliments, more or less, of RFC815 */
523 Z_AddNoticeToEntry(struct _Z_InputQ *qptr,
527 int last, oldfirst, oldlast;
528 struct _Z_Hole *hole, *lasthole;
532 if (part < 0 || notice->z_message_len < 0 || part > qptr->msg_len
533 || notice->z_message_len > qptr->msg_len - part)
536 /* Incorporate this notice's checked authentication. */
537 if (notice->z_checked_auth == ZAUTH_FAILED)
538 qptr->auth = ZAUTH_FAILED;
539 else if (notice->z_checked_auth == ZAUTH_NO && qptr->auth != ZAUTH_FAILED)
540 qptr->auth = ZAUTH_NO;
542 (void) gettimeofday(&tv, (struct timezone *)0);
543 qptr->timep = tv.tv_sec;
545 last = part+notice->z_message_len-1;
547 hole = qptr->holelist;
548 lasthole = (struct _Z_Hole *) 0;
550 /* copy in the message body */
551 (void) memcpy(qptr->msg+part, notice->z_message, notice->z_message_len);
553 /* Search for a hole that overlaps with the current fragment */
555 if (part <= hole->last && last >= hole->first)
561 /* If we found one, delete it and reconstruct a new hole */
563 oldfirst = hole->first;
564 oldlast = hole->last;
566 lasthole->next = hole->next;
568 qptr->holelist = hole->next;
571 * Now create a new hole that is the original hole without the
574 if (part > oldfirst) {
575 /* Search for the end of the hole list */
576 hole = qptr->holelist;
577 lasthole = (struct _Z_Hole *) 0;
583 if (!(lasthole->next = (struct _Z_Hole *)
584 malloc(sizeof(struct _Z_InputQ))))
586 hole = lasthole->next;
589 if (!(qptr->holelist = (struct _Z_Hole *)
590 malloc(sizeof(struct _Z_InputQ))))
592 hole = qptr->holelist;
595 hole->first = oldfirst;
598 if (last < oldlast) {
599 /* Search for the end of the hole list */
600 hole = qptr->holelist;
601 lasthole = (struct _Z_Hole *) 0;
607 if (!(lasthole->next = (struct _Z_Hole *)
608 malloc(sizeof(struct _Z_InputQ))))
610 hole = lasthole->next;
613 if (!(qptr->holelist = (struct _Z_Hole *)
614 malloc(sizeof(struct _Z_InputQ))))
616 hole = qptr->holelist;
618 hole->next = (struct _Z_Hole *) 0;
619 hole->first = last+1;
620 hole->last = oldlast;
624 if (!qptr->holelist) {
626 __Q_CompleteLength++;
628 qptr->timep = 0; /* don't time out anymore */
629 qptr->packet_len = qptr->header_len+qptr->msg_len;
630 if (!(qptr->packet = (char *) malloc((unsigned) qptr->packet_len)))
632 (void) memcpy(qptr->packet, qptr->header, qptr->header_len);
633 (void) memcpy(qptr->packet+qptr->header_len, qptr->msg,
641 Z_gettimeofday(struct _ZTimeval *ztv,
645 (void) gettimeofday(&tv, tz); /* yeah, yeah, I know */
646 ztv->tv_sec=tv.tv_sec;
647 ztv->tv_usec=tv.tv_usec;
651 Z_FormatHeader(ZNotice_t *notice,
655 Z_AuthProc cert_routine)
658 static char version[BUFSIZ]; /* default init should be all \0 */
659 struct sockaddr_in name;
660 int namelen = sizeof(name);
662 if (!notice->z_sender)
663 notice->z_sender = ZGetSender();
665 if (notice->z_port == 0) {
667 retval = ZOpenPort((u_short *)0);
668 if (retval != ZERR_NONE)
671 retval = getsockname(ZGetFD(), (struct sockaddr *) &name, &namelen);
674 notice->z_port = name.sin_port;
677 notice->z_multinotice = "";
679 (void) Z_gettimeofday(¬ice->z_uid.tv, (struct timezone *)0);
680 notice->z_uid.tv.tv_sec = htonl((u_long) notice->z_uid.tv.tv_sec);
681 notice->z_uid.tv.tv_usec = htonl((u_long) notice->z_uid.tv.tv_usec);
683 (void) memcpy(¬ice->z_uid.zuid_addr, &__My_addr, sizeof(__My_addr));
685 notice->z_multiuid = notice->z_uid;
688 (void) sprintf(version, "%s%d.%d", ZVERSIONHDR, ZVERSIONMAJOR,
690 notice->z_version = version;
692 return Z_FormatAuthHeader(notice, buffer, buffer_len, len, cert_routine);
696 Z_NewFormatHeader(ZNotice_t *notice,
700 Z_AuthProc cert_routine)
703 static char version[BUFSIZ]; /* default init should be all \0 */
704 struct sockaddr_in name;
706 int namelen = sizeof(name);
708 if (!notice->z_sender)
709 notice->z_sender = ZGetSender();
711 if (notice->z_port == 0) {
713 retval = ZOpenPort((u_short *)0);
714 if (retval != ZERR_NONE)
717 retval = getsockname(ZGetFD(), (struct sockaddr *) &name, &namelen);
720 notice->z_port = name.sin_port;
723 notice->z_multinotice = "";
725 (void) gettimeofday(&tv, (struct timezone *)0);
726 notice->z_uid.tv.tv_sec = htonl((u_long) tv.tv_sec);
727 notice->z_uid.tv.tv_usec = htonl((u_long) tv.tv_usec);
729 (void) memcpy(¬ice->z_uid.zuid_addr, &__My_addr, sizeof(__My_addr));
731 notice->z_multiuid = notice->z_uid;
734 (void) sprintf(version, "%s%d.%d", ZVERSIONHDR, ZVERSIONMAJOR,
736 notice->z_version = version;
738 return Z_NewFormatAuthHeader(notice, buffer, buffer_len, len, cert_routine);
742 Z_FormatAuthHeader(ZNotice_t *notice,
746 Z_AuthProc cert_routine)
750 notice->z_authent_len = 0;
751 notice->z_ascii_authent = "";
752 notice->z_checksum = 0;
753 return (Z_FormatRawHeader(notice, buffer, buffer_len,
757 return ((*cert_routine)(notice, buffer, buffer_len, len));
761 Z_NewFormatAuthHeader(ZNotice_t *notice,
765 Z_AuthProc cert_routine)
769 notice->z_authent_len = 0;
770 notice->z_ascii_authent = "";
771 notice->z_checksum = 0;
772 return (Z_FormatRawHeader(notice, buffer, buffer_len,
776 return ((*cert_routine)(notice, buffer, buffer_len, len));
780 Z_NewFormatRawHeader(ZNotice_t *notice,
789 return(Z_ZcodeFormatRawHeader(notice, buffer, buffer_len, hdr_len,
790 cksum_start, cksum_len, cstart, cend, 0));
794 Z_AsciiFormatRawHeader(ZNotice_t *notice,
803 return(Z_ZcodeFormatRawHeader(notice, buffer, buffer_len, hdr_len,
804 cksum_start, cksum_len, cstart, cend, 1));
808 Z_ZcodeFormatRawHeader(ZNotice_t *notice,
818 static char version_nogalaxy[BUFSIZ]; /* default init should be all \0 */
819 char newrecip[BUFSIZ];
823 if (!notice->z_class)
824 notice->z_class = "";
826 if (!notice->z_class_inst)
827 notice->z_class_inst = "";
829 if (!notice->z_opcode)
830 notice->z_opcode = "";
832 if (!notice->z_recipient)
833 notice->z_recipient = "";
835 if (!notice->z_default_format)
836 notice->z_default_format = "";
839 end = buffer+buffer_len;
844 (void) sprintf(version_nogalaxy, "%s%d.%d", ZVERSIONHDR,
845 ZVERSIONMAJOR, ZVERSIONMINOR);
847 notice->z_version = version_nogalaxy;
849 if (Z_AddField(&ptr, version_nogalaxy, end))
850 return (ZERR_HEADERLEN);
852 if (ZMakeAscii32(ptr, end-ptr,
853 Z_NUMFIELDS + notice->z_num_other_fields)
855 return (ZERR_HEADERLEN);
856 ptr += strlen(ptr)+1;
858 if (ZMakeAscii32(ptr, end-ptr, notice->z_kind) == ZERR_FIELDLEN)
859 return (ZERR_HEADERLEN);
860 ptr += strlen(ptr)+1;
862 if (ZMakeAscii(ptr, end-ptr, (unsigned char *)¬ice->z_uid,
863 sizeof(ZUnique_Id_t)) == ZERR_FIELDLEN)
864 return (ZERR_HEADERLEN);
865 ptr += strlen(ptr)+1;
867 if (ZMakeAscii16(ptr, end-ptr, ntohs(notice->z_port)) == ZERR_FIELDLEN)
868 return (ZERR_HEADERLEN);
869 ptr += strlen(ptr)+1;
871 if (ZMakeAscii32(ptr, end-ptr, notice->z_auth) == ZERR_FIELDLEN)
872 return (ZERR_HEADERLEN);
873 ptr += strlen(ptr)+1;
875 if (ZMakeAscii32(ptr, end-ptr, notice->z_authent_len) == ZERR_FIELDLEN)
876 return (ZERR_HEADERLEN);
877 ptr += strlen(ptr)+1;
879 if (Z_AddField(&ptr, notice->z_ascii_authent, end))
880 return (ZERR_HEADERLEN);
881 if (Z_AddField(&ptr, notice->z_class, end))
882 return (ZERR_HEADERLEN);
883 if (Z_AddField(&ptr, notice->z_class_inst, end))
884 return (ZERR_HEADERLEN);
885 if (Z_AddField(&ptr, notice->z_opcode, end))
886 return (ZERR_HEADERLEN);
887 if (Z_AddField(&ptr, notice->z_sender, end))
888 return (ZERR_HEADERLEN);
889 if (strchr(notice->z_recipient, '@') || !*notice->z_recipient) {
890 if (Z_AddField(&ptr, notice->z_recipient, end))
891 return (ZERR_HEADERLEN);
894 if (strlen(notice->z_recipient) + strlen(__Zephyr_realm) + 2 >
896 return (ZERR_HEADERLEN);
897 (void) sprintf(newrecip, "%s@%s", notice->z_recipient, __Zephyr_realm);
898 if (Z_AddField(&ptr, newrecip, end))
899 return (ZERR_HEADERLEN);
901 if (Z_AddField(&ptr, notice->z_default_format, end))
902 return (ZERR_HEADERLEN);
904 /* copy back the end pointer location for crypto checksum */
907 if (cksumstyle == 1) {
908 if (Z_AddField(&ptr, notice->z_ascii_checksum, end))
909 return (ZERR_HEADERLEN);
912 if (ZMakeZcode32(ptr, end-ptr, notice->z_checksum) == ZERR_FIELDLEN)
913 return ZERR_HEADERLEN;
915 if (ZMakeAscii32(ptr, end-ptr, notice->z_checksum) == ZERR_FIELDLEN)
916 return (ZERR_HEADERLEN);
918 ptr += strlen(ptr)+1;
923 if (Z_AddField(&ptr, notice->z_multinotice, end))
924 return (ZERR_HEADERLEN);
926 if (ZMakeAscii(ptr, end-ptr, (unsigned char *)¬ice->z_multiuid,
927 sizeof(ZUnique_Id_t)) == ZERR_FIELDLEN)
928 return (ZERR_HEADERLEN);
929 ptr += strlen(ptr)+1;
931 for (i=0;i<notice->z_num_other_fields;i++)
932 if (Z_AddField(&ptr, notice->z_other_fields[i], end))
933 return (ZERR_HEADERLEN);
936 *cksum_len = ptr-*cksum_start;
938 *hdr_len = ptr-buffer;
944 Z_FormatRawHeader(ZNotice_t *notice,
951 char newrecip[BUFSIZ];
955 if (!notice->z_class)
956 notice->z_class = "";
958 if (!notice->z_class_inst)
959 notice->z_class_inst = "";
961 if (!notice->z_opcode)
962 notice->z_opcode = "";
964 if (!notice->z_recipient)
965 notice->z_recipient = "";
967 if (!notice->z_default_format)
968 notice->z_default_format = "";
971 end = buffer+buffer_len;
973 if (buffer_len < strlen(notice->z_version)+1)
974 return (ZERR_HEADERLEN);
976 (void) strcpy(ptr, notice->z_version);
977 ptr += strlen(ptr)+1;
979 if (ZMakeAscii32(ptr, end-ptr, Z_NUMFIELDS + notice->z_num_other_fields)
981 return (ZERR_HEADERLEN);
982 ptr += strlen(ptr)+1;
984 if (ZMakeAscii32(ptr, end-ptr, notice->z_kind) == ZERR_FIELDLEN)
985 return (ZERR_HEADERLEN);
986 ptr += strlen(ptr)+1;
988 if (ZMakeAscii(ptr, end-ptr, (unsigned char *)¬ice->z_uid,
989 sizeof(ZUnique_Id_t)) == ZERR_FIELDLEN)
990 return (ZERR_HEADERLEN);
991 ptr += strlen(ptr)+1;
993 if (ZMakeAscii16(ptr, end-ptr, ntohs(notice->z_port)) == ZERR_FIELDLEN)
994 return (ZERR_HEADERLEN);
995 ptr += strlen(ptr)+1;
997 if (ZMakeAscii32(ptr, end-ptr, notice->z_auth) == ZERR_FIELDLEN)
998 return (ZERR_HEADERLEN);
999 ptr += strlen(ptr)+1;
1001 if (ZMakeAscii32(ptr, end-ptr, notice->z_authent_len) == ZERR_FIELDLEN)
1002 return (ZERR_HEADERLEN);
1003 ptr += strlen(ptr)+1;
1005 if (Z_AddField(&ptr, notice->z_ascii_authent, end))
1006 return (ZERR_HEADERLEN);
1007 if (Z_AddField(&ptr, notice->z_class, end))
1008 return (ZERR_HEADERLEN);
1009 if (Z_AddField(&ptr, notice->z_class_inst, end))
1010 return (ZERR_HEADERLEN);
1011 if (Z_AddField(&ptr, notice->z_opcode, end))
1012 return (ZERR_HEADERLEN);
1013 if (Z_AddField(&ptr, notice->z_sender, end))
1014 return (ZERR_HEADERLEN);
1015 if (strchr(notice->z_recipient, '@') || !*notice->z_recipient) {
1016 if (Z_AddField(&ptr, notice->z_recipient, end))
1017 return (ZERR_HEADERLEN);
1020 if (strlen(notice->z_recipient) + strlen(__Zephyr_realm) + 2 >
1022 return (ZERR_HEADERLEN);
1023 (void) sprintf(newrecip, "%s@%s", notice->z_recipient, __Zephyr_realm);
1024 if (Z_AddField(&ptr, newrecip, end))
1025 return (ZERR_HEADERLEN);
1027 if (Z_AddField(&ptr, notice->z_default_format, end))
1028 return (ZERR_HEADERLEN);
1030 /* copy back the end pointer location for crypto checksum */
1033 if (ZMakeAscii32(ptr, end-ptr, notice->z_checksum) == ZERR_FIELDLEN)
1034 return (ZERR_HEADERLEN);
1035 ptr += strlen(ptr)+1;
1039 if (Z_AddField(&ptr, notice->z_multinotice, end))
1040 return (ZERR_HEADERLEN);
1042 if (ZMakeAscii(ptr, end-ptr, (unsigned char *)¬ice->z_multiuid,
1043 sizeof(ZUnique_Id_t)) == ZERR_FIELDLEN)
1044 return (ZERR_HEADERLEN);
1045 ptr += strlen(ptr)+1;
1047 for (i=0;i<notice->z_num_other_fields;i++)
1048 if (Z_AddField(&ptr, notice->z_other_fields[i], end))
1049 return (ZERR_HEADERLEN);
1057 Z_AddField(char **ptr,
1063 len = field ? strlen (field) + 1 : 1;
1068 (void) strcpy(*ptr, field);
1077 Z_GetFirstComplete(void)
1079 struct _Z_InputQ *qptr;
1089 return ((struct _Z_InputQ *)0);
1093 Z_GetNextComplete(struct _Z_InputQ *qptr)
1102 return ((struct _Z_InputQ *)0);
1106 Z_RemQueue(struct _Z_InputQ *qptr)
1108 struct _Z_Hole *hole, *nexthole;
1111 __Q_CompleteLength--;
1113 __Q_Size -= qptr->msg_len;
1122 hole = qptr->holelist;
1124 nexthole = hole->next;
1129 if (qptr == __Q_Head && __Q_Head == __Q_Tail) {
1130 free ((char *)qptr);
1131 __Q_Head = (struct _Z_InputQ *)0;
1132 __Q_Tail = (struct _Z_InputQ *)0;
1136 if (qptr == __Q_Head) {
1137 __Q_Head = qptr->next;
1138 __Q_Head->prev = (struct _Z_InputQ *)0;
1139 free ((char *)qptr);
1142 if (qptr == __Q_Tail) {
1143 __Q_Tail = qptr->prev;
1144 __Q_Tail->next = (struct _Z_InputQ *)0;
1145 free ((char *)qptr);
1148 qptr->prev->next = qptr->next;
1149 qptr->next->prev = qptr->prev;
1150 free ((char *)qptr);
1155 Z_SendFragmentedNotice(ZNotice_t *notice,
1157 Z_AuthProc cert_func,
1158 Z_SendProc send_func)
1160 ZNotice_t partnotice;
1163 int offset, hdrsize, fragsize, ret_len, message_len, waitforack;
1166 hdrsize = len-notice->z_message_len;
1167 fragsize = Z_MAXPKTLEN-hdrsize-Z_FRAGFUDGE;
1171 waitforack = ((notice->z_kind == UNACKED || notice->z_kind == ACKED)
1172 && !__Zephyr_server);
1174 partnotice = *notice;
1176 while (offset < notice->z_message_len || !notice->z_message_len) {
1177 (void) sprintf(multi, "%d/%d", offset, notice->z_message_len);
1178 partnotice.z_multinotice = multi;
1180 (void) Z_gettimeofday(&partnotice.z_uid.tv,
1181 (struct timezone *)0);
1182 partnotice.z_uid.tv.tv_sec =
1183 htonl((u_long) partnotice.z_uid.tv.tv_sec);
1184 partnotice.z_uid.tv.tv_usec =
1185 htonl((u_long) partnotice.z_uid.tv.tv_usec);
1186 (void) memcpy((char *)&partnotice.z_uid.zuid_addr, &__My_addr,
1189 message_len = min(notice->z_message_len-offset, fragsize);
1190 partnotice.z_message = notice->z_message+offset;
1191 partnotice.z_message_len = message_len;
1192 if ((retval = Z_FormatAuthHeader(&partnotice, buffer, Z_MAXHEADERLEN,
1193 &ret_len, cert_func)) != ZERR_NONE) {
1196 memcpy(buffer + ret_len, partnotice.z_message, message_len);
1197 if ((retval = (*send_func)(&partnotice, buffer, ret_len+message_len,
1198 waitforack)) != ZERR_NONE) {
1202 if (!notice->z_message_len)
1210 Code_t Z_XmitFragment(ZNotice_t *notice,
1215 return(ZSendPacket(buf, len, wait));
1219 /* For debugging printing */
1220 const char *const ZNoticeKinds[] = {
1221 "UNSAFE", "UNACKED", "ACKED", "HMACK", "HMCTL", "SERVACK", "SERVNAK",
1230 Z_debug(const char *format, ...)
1233 if (!__Z_debug_print)
1235 va_start (pvar, format);
1236 (*__Z_debug_print) (format, pvar, __Z_debug_print_closure);
1241 Z_debug_stderr(const char *format,
1246 vfprintf (stderr, format, args);
1248 _doprnt (format, args, stderr);
1250 putc ('\n', stderr);
1254 int ZGetFD (void) { return __Zephyr_fd; }
1257 int ZQLength (void) { return __Q_CompleteLength; }
1260 struct sockaddr_in ZGetDestAddr (void) { return __HM_addr; }
1263 Zconst char * ZGetRealm (void) { return __Zephyr_realm; }
1267 ZSetDebug(void (*proc) __P((const char *, va_list, void *)),
1270 __Z_debug_print = proc;
1271 __Z_debug_print_closure = arg;
1273 #endif /* Z_DEBUG */
1277 Z_Checksum(krb5_data *cksumbuf,
1278 krb5_keyblock *keyblock,
1279 krb5_cksumtype cksumtype,
1283 krb5_error_code result;
1286 #if HAVE_KRB5_C_MAKE_CHECKSUM
1287 krb5_checksum checksum;
1290 krb5_crypto cryptctx;
1293 #if HAVE_KRB5_C_MAKE_CHECKSUM
1294 /* Create the checksum -- MIT crypto API */
1295 result = krb5_c_make_checksum(Z_krb5_ctx, cksumtype,
1296 keyblock, Z_KEYUSAGE_CLT_CKSUM,
1297 cksumbuf, &checksum);
1300 /* HOLDING: checksum */
1302 data = checksum.contents;
1303 len = checksum.length;
1305 /* Create the checksum -- heimdal crypto API */
1306 result = krb5_crypto_init(Z_krb5_ctx, keyblock, keyblock->keytype,
1311 /* HOLDING: cryptctx */
1312 result = krb5_create_checksum(Z_krb5_ctx, cryptctx,
1313 Z_KEYUSAGE_CLT_CKSUM, cksumtype,
1314 cksumbuf->data, cksumbuf->length,
1316 krb5_crypto_destroy(Z_krb5_ctx, cryptctx);
1320 len = checksum.checksum.length;
1321 data = checksum.checksum.data;
1322 /* HOLDING: checksum */
1325 *asn1_data = malloc(len);
1326 if (*asn1_data == NULL)
1328 memcpy(*asn1_data, data, len);
1331 #if HAVE_KRB5_C_MAKE_CHECKSUM
1332 krb5_free_checksum_contents(Z_krb5_ctx, &checksum);
1334 free_Checksum(&checksum);
1341 Z_InsertZcodeChecksum(krb5_keyblock *keyblock,
1351 int plain_len; /* length of part not to be checksummed */
1352 int cksum0_len; /* length of part before checksum */
1353 int cksum1_len; /* length of part after checksum */
1358 krb5_enctype enctype;
1359 krb5_cksumtype cksumtype;
1362 key_data = Z_keydata(keyblock);
1363 key_len = Z_keylen(keyblock);
1364 result = Z_ExtractEncCksum(keyblock, &enctype, &cksumtype);
1366 return (ZAUTH_FAILED);
1368 /* Assemble the things to be checksummed */
1369 plain_len = cksum_start - buffer;
1370 cksum0_len = cstart - cksum_start;
1371 cksum1_len = (cksum_start + cksum_len) - cend;
1372 memset(&cksumbuf, 0, sizeof(cksumbuf));
1373 cksumbuf.length = cksum0_len + cksum1_len + notice->z_message_len;
1374 cksumbuf.data = malloc(cksumbuf.length);
1377 memcpy(cksumbuf.data, cksum_start, cksum0_len);
1378 memcpy(cksumbuf.data + cksum0_len, cend, cksum1_len);
1379 memcpy(cksumbuf.data + cksum0_len + cksum1_len,
1380 notice->z_message, notice->z_message_len);
1381 /* compute the checksum */
1382 result = Z_Checksum(&cksumbuf, keyblock, cksumtype,
1383 (char **)&cksum.data, &cksum.length);
1385 free(cksumbuf.data);
1390 * OK.... we can zcode to a space starting at 'cstart',
1391 * with a length of buffer_len - (plain_len + cksum_len).
1392 * Then we tack on the end part, which is located at
1393 * cksumbuf.data + cksum0_len and has length cksum1_len
1396 result = ZMakeZcode(cstart, buffer_len - (plain_len + cksum_len),
1397 cksum.data, cksum.length);
1400 int zcode_len = strlen(cstart) + 1;
1401 memcpy(cstart + zcode_len, cksumbuf.data + cksum0_len, cksum1_len);
1402 *length_adjust = zcode_len - cksum_len + (cksum0_len + cksum1_len);
1404 free(cksumbuf.data);
1409 Z_ExtractEncCksum(krb5_keyblock *keyblock,
1410 krb5_enctype *enctype,
1411 krb5_cksumtype *cksumtype)
1413 *enctype = Z_enctype(keyblock);
1414 return Z_krb5_lookup_cksumtype(*enctype, cksumtype);
1419 /* returns 0 if invalid or losing, 1 if valid, *sigh* */
1421 Z_krb5_verify_cksum(krb5_keyblock *keyblock,
1422 krb5_data *cksumbuf,
1423 krb5_cksumtype cksumtype,
1427 krb5_error_code result;
1428 #if HAVE_KRB5_C_MAKE_CHECKSUM
1429 krb5_checksum checksum;
1432 krb5_crypto cryptctx;
1437 memset(&checksum, 0, sizeof(checksum));
1438 #if HAVE_KRB5_C_MAKE_CHECKSUM
1439 /* Verify the checksum -- MIT crypto API */
1440 checksum.length = asn1_len;
1441 checksum.contents = asn1_data;
1442 checksum.checksum_type = cksumtype;
1443 result = krb5_c_verify_checksum(Z_krb5_ctx,
1444 keyblock, Z_KEYUSAGE_SRV_CKSUM,
1445 cksumbuf, &checksum, &valid);
1446 if (!result && valid)
1451 checksum.checksum.length = asn1_len;
1452 checksum.checksum.data = asn1_data;
1453 checksum.cksumtype = cksumtype;
1455 result = krb5_crypto_init(Z_krb5_ctx, keyblock, keyblock->keytype, &cryptctx);
1459 /* HOLDING: cryptctx */
1460 result = krb5_verify_checksum(Z_krb5_ctx, cryptctx,
1461 Z_KEYUSAGE_SRV_CKSUM,
1462 cksumbuf->data, cksumbuf->length,
1464 krb5_crypto_destroy(Z_krb5_ctx, cryptctx);