1 /* This file is part of the Project Athena Zephyr Notification System.
2 * It contains source for the internal Zephyr routines.
4 * Created by: Robert French
8 * Copyright (c) 1987,1988,1991 by the Massachusetts Institute of
10 * For copying and distribution information, see the file
15 #include <arpa/inet.h>
16 #include <sys/socket.h>
19 static const char rcsid_Zinternal_c[] =
21 static const char copyright[] =
22 "Copyright (c) 1987,1988,1991 by the Massachusetts Institute of Technology.";
27 int __Zephyr_port = -1;
28 struct in_addr __My_addr;
29 int __Q_CompleteLength;
31 struct _Z_InputQ *__Q_Head, *__Q_Tail;
32 struct sockaddr_in __HM_addr;
33 struct sockaddr_in __HM_addr_real;
36 ZLocations_t *__locate_list;
39 ZSubscription_t *__subscriptions_list;
40 int __subscriptions_num;
41 int __subscriptions_next;
42 int Z_discarded_packets = 0;
45 /* This context is used throughout */
46 krb5_context Z_krb5_ctx;
48 static struct cksum_map_s {
52 /* per RFC1510 and draft-ietf-krb-wg-crypto-02.txt */
53 { ENCTYPE_NULL, CKSUMTYPE_RSA_MD5 },
54 { ENCTYPE_DES_CBC_CRC, CKSUMTYPE_RSA_MD5_DES },
55 { ENCTYPE_DES_CBC_MD4, CKSUMTYPE_RSA_MD4_DES },
56 { ENCTYPE_DES_CBC_MD5, CKSUMTYPE_RSA_MD5_DES },
59 * The implementors hate us, and are inconsistent with names for
60 * most things defined after RFC1510. Note that des3-cbc-sha1
61 * and des3-cbc-sha1-kd are listed by number to avoid confusion
62 * caused by inconsistency between the names used in the specs
63 * and those used by implementations.
64 * -- jhutz, 30-Nov-2002
67 /* source lost in history (an expired internet-draft) */
68 { 5 /* des3-cbc-md5 */, 9 /* rsa-md5-des3 */ },
69 { 7 /* des3-cbc-sha1 */, 13 /* hmac-sha1-des3 */ },
71 /* per draft-ietf-krb-wg-crypto-02.txt */
72 { 16 /* des3-cbc-sha1-kd */, 12 /* hmac-sha1-des3-kd */ },
74 /* per draft-raeburn-krb-rijndael-krb-02.txt */
75 { 17 /* aes128-cts-hmac-sha1-96 */, 15 /* hmac-sha1-96-aes128 */ },
76 { 18 /* aes256-cts-hmac-sha1-96 */, 16 /* hmac-sha1-96-aes256 */ },
78 /* per draft-brezak-win2k-krb-rc4-hmac-04.txt */
79 { 23 /* rc4-hmac */, -138 /* hmac-md5 */ },
80 { 24 /* rc4-hmac-exp */, -138 /* hmac-md5 */ },
82 #define N_CKSUM_MAP (sizeof(cksum_map) / sizeof(struct cksum_map_s))
85 Z_krb5_lookup_cksumtype(krb5_enctype e,
90 for (i = 0; i < N_CKSUM_MAP; i++) {
91 if (cksum_map[i].e == e) {
96 return KRB5_PROG_ETYPE_NOSUPP;
98 #endif /* HAVE_KRB5 */
100 char __Zephyr_realm[REALM_SZ];
103 void (*__Z_debug_print)(const char *fmt, va_list args, void *closure);
104 void *__Z_debug_print_closure;
107 #define min(a,b) ((a)<(b)?(a):(b))
109 static int Z_AddField(char **ptr, char *field, char *end);
110 static int find_or_insert_uid(ZUnique_Id_t *uid, ZNotice_Kind_t kind);
111 static Code_t Z_ZcodeFormatRawHeader(ZNotice_t *, char *, int, int *, char **,
112 int *, char **, char **, int cksumtype);
114 /* Find or insert uid in the old uids buffer. The buffer is a sorted
115 * circular queue. We make the assumption that most packets arrive in
116 * order, so we can usually search for a uid or just tack it onto the end.
117 * The first entry at at buffer[start], the last is at
118 * buffer[(start + num - 1) % size] */
120 find_or_insert_uid(ZUnique_Id_t *uid,
123 static struct _filter {
137 /* Initialize the uid buffer if it hasn't been done already. */
139 size = Z_INITFILTERSIZE;
140 buffer = (struct _filter *) malloc(size * sizeof(*buffer));
145 /* Age the uid buffer, discarding any uids older than the clock skew. */
147 while (num && (now - buffer[start % size].t) > CLOCK_SKEW)
151 /* Make room for a new uid, since we'll probably have to insert one. */
153 new_size = size * 2 + 2;
154 new = (struct _filter *) malloc(new_size * sizeof(*new));
157 for (i = 0; i < num; i++)
158 new[i] = buffer[(start + i) % size];
165 /* Search for this uid in the buffer, starting from the end. */
166 for (i = start + num - 1; i >= start; i--) {
167 result = memcmp(uid, &buffer[i % size].uid, sizeof(*uid));
168 if (result == 0 && buffer[i % size].kind == kind)
172 /* We didn't find it; stick it on the end */
174 buffer[i % size].uid = *uid;
175 buffer[i % size].kind = kind;
176 buffer[i % size].t = now;
183 /* Return 1 if there is a packet waiting, 0 otherwise */
186 Z_PacketWaiting(void)
191 tv.tv_sec = tv.tv_usec = 0;
193 FD_SET(ZGetFD(), &read);
194 return (select(ZGetFD() + 1, &read, NULL, NULL, &tv));
198 /* Wait for a complete notice to become available */
201 Z_WaitForComplete(void)
205 if (__Q_CompleteLength)
206 return (Z_ReadEnqueue());
208 while (!__Q_CompleteLength)
209 if ((retval = Z_ReadWait()) != ZERR_NONE)
216 /* Read any available packets and enqueue them */
224 return (ZERR_NOPORT);
226 while (Z_PacketWaiting())
227 if ((retval = Z_ReadWait()) != ZERR_NONE)
235 * Search the queue for a notice with the proper multiuid - remove any
236 * notices that haven't been touched in a while
240 Z_SearchQueue(ZUnique_Id_t *uid,
243 register struct _Z_InputQ *qptr;
244 struct _Z_InputQ *next;
247 (void) gettimeofday(&tv, (struct timezone *)0);
252 if (ZCompareUID(uid, &qptr->uid) && qptr->kind == kind)
255 if (qptr->timep && (qptr->timep+Z_NOTICETIMELIMIT < tv.tv_sec))
263 * Now we delve into really convoluted queue handling and
264 * fragmentation reassembly algorithms and other stuff you probably
265 * don't want to look at...
267 * This routine does NOT guarantee a complete packet will be ready when it
274 register struct _Z_InputQ *qptr;
277 struct sockaddr_in olddest, from;
278 unsigned int from_len;
279 int packet_len, zvlen, part, partof;
286 return (ZERR_NOPORT);
289 FD_SET(ZGetFD(), &fds);
293 if (select(ZGetFD() + 1, &fds, NULL, NULL, &tv) < 0)
295 if (!FD_ISSET(ZGetFD(), &fds))
298 from_len = sizeof(struct sockaddr_in);
300 packet_len = recvfrom(ZGetFD(), packet, sizeof(packet), 0,
301 (struct sockaddr *)&from, &from_len);
309 /* Ignore obviously non-Zephyr packets. */
310 zvlen = sizeof(ZVERSIONHDR) - 1;
311 if (packet_len < zvlen || memcmp(packet, ZVERSIONHDR, zvlen) != 0) {
312 Z_discarded_packets++;
316 /* Parse the notice */
317 if ((retval = ZParseNotice(packet, packet_len, ¬ice)) != ZERR_NONE)
321 * If we're not a server and the notice is of an appropriate kind,
322 * send back a CLIENTACK to whoever sent it to say we got it.
324 if (!__Zephyr_server) {
325 if (notice.z_kind != HMACK && notice.z_kind != SERVACK &&
326 notice.z_kind != SERVNAK && notice.z_kind != CLIENTACK) {
332 tmpnotice.z_kind = CLIENTACK;
333 tmpnotice.z_message_len = 0;
336 retval = ZFormatSmallRawNotice(&tmpnotice, pkt, &len);
337 if (retval == ZERR_NONE)
338 retval = ZSendPacket(pkt, len, 0);
340 if (retval != ZERR_NONE)
343 if (find_or_insert_uid(¬ice.z_uid, notice.z_kind))
346 /* Check authentication on the notice. */
347 notice.z_checked_auth = ZCheckAuthentication(¬ice, &from);
352 * Parse apart the z_multinotice field - if the field is blank for
353 * some reason, assume this packet stands by itself.
355 slash = strchr(notice.z_multinotice, '/');
357 part = atoi(notice.z_multinotice);
358 partof = atoi(slash+1);
359 if (part < 0 || part > partof || partof <= 0) {
361 partof = notice.z_message_len;
365 partof = notice.z_message_len;
368 /* Too big a packet...just ignore it! */
369 if (partof > Z_MAXNOTICESIZE)
373 * If we aren't a server and we can find a notice in the queue
374 * with the same multiuid field, insert the current fragment as
377 switch (notice.z_kind) {
380 /* The SERVACK and SERVNAK replies shouldn't be reassembled
381 (they have no parts). Instead, we should hold on to the reply
382 ONLY if it's the first part of a fragmented message, i.e.
383 multi_uid == uid. This allows programs to wait for the uid
384 of the first packet, and get a response when that notice
385 arrives. Acknowledgements of the other fragments are discarded
386 (XXX we assume here that they all carry the same information
387 regarding failure/success)
389 if (!__Zephyr_server &&
390 !ZCompareUID(¬ice.z_multiuid, ¬ice.z_uid))
391 /* they're not the same... throw away this packet. */
393 /* fall thru & process it */
395 /* for HMACK types, we assume no packet loss (local loopback
396 connections). The other types can be fragmented and MUST
397 run through this code. */
398 if (!__Zephyr_server && (qptr = Z_SearchQueue(¬ice.z_multiuid,
401 * If this is the first fragment, and we haven't already
402 * gotten a first fragment, grab the header from it.
404 if (part == 0 && !qptr->header) {
405 qptr->header_len = packet_len-notice.z_message_len;
406 qptr->header = (char *) malloc((unsigned) qptr->header_len);
409 (void) memcpy(qptr->header, packet, qptr->header_len);
411 return (Z_AddNoticeToEntry(qptr, ¬ice, part));
416 * We'll have to create a new entry...make sure the queue isn't
417 * going to get too big.
419 if (__Q_Size+(__Zephyr_server ? notice.z_message_len : partof) > Z_MAXQUEUESIZE)
423 * This is a notice we haven't heard of, so create a new queue
424 * entry for it and zero it out.
426 qptr = (struct _Z_InputQ *)malloc(sizeof(struct _Z_InputQ));
429 (void) memset((char *)qptr, 0, sizeof(struct _Z_InputQ));
431 /* Insert the entry at the end of the queue */
433 qptr->prev = __Q_Tail;
435 __Q_Tail->next = qptr;
442 /* Copy the from field, multiuid, kind, and checked authentication. */
444 qptr->uid = notice.z_multiuid;
445 qptr->kind = notice.z_kind;
446 qptr->auth = notice.z_checked_auth;
449 * If this is the first part of the notice, we take the header
450 * from it. We only take it if this is the first fragment so that
451 * the Unique ID's will be predictable.
453 * If a Zephyr Server, we always take the header.
455 if (__Zephyr_server || part == 0) {
456 qptr->header_len = packet_len-notice.z_message_len;
457 qptr->header = (char *) malloc((unsigned) qptr->header_len);
460 (void) memcpy(qptr->header, packet, qptr->header_len);
464 * If this is not a fragmented notice, then don't bother with a
466 * If we are a Zephyr server, all notices are treated as complete.
468 if (__Zephyr_server || (part == 0 && notice.z_message_len == partof)) {
469 __Q_CompleteLength++;
470 qptr->holelist = (struct _Z_Hole *) 0;
472 /* allocate a msg buf for this piece */
473 if (notice.z_message_len == 0)
475 else if (!(qptr->msg = (char *) malloc((unsigned) notice.z_message_len)))
478 (void) memcpy(qptr->msg, notice.z_message, notice.z_message_len);
479 qptr->msg_len = notice.z_message_len;
480 __Q_Size += notice.z_message_len;
481 qptr->packet_len = qptr->header_len+qptr->msg_len;
482 if (!(qptr->packet = (char *) malloc((unsigned) qptr->packet_len)))
484 (void) memcpy(qptr->packet, qptr->header, qptr->header_len);
486 (void) memcpy(qptr->packet+qptr->header_len, qptr->msg,
492 * We know how long the message is going to be (this is better
493 * than IP fragmentation...), so go ahead and allocate it all.
495 if (!(qptr->msg = (char *) malloc((unsigned) partof)) && partof)
497 qptr->msg_len = partof;
501 * Well, it's a fragmented notice...allocate a hole list and
502 * initialize it to the full packet size. Then insert the
505 if (!(qptr->holelist = (struct _Z_Hole *)
506 malloc(sizeof(struct _Z_Hole))))
508 qptr->holelist->next = (struct _Z_Hole *) 0;
509 qptr->holelist->first = 0;
510 qptr->holelist->last = partof-1;
511 return (Z_AddNoticeToEntry(qptr, ¬ice, part));
515 /* Fragment management routines - compliments, more or less, of RFC815 */
518 Z_AddNoticeToEntry(struct _Z_InputQ *qptr,
522 int last, oldfirst, oldlast;
523 struct _Z_Hole *hole, *lasthole;
526 /* Make sure this notice is expirable */
527 (void) gettimeofday(&tv, (struct timezone *)0);
528 qptr->timep = tv.tv_sec;
531 if (part < 0 || notice->z_message_len < 0 || part > qptr->msg_len
532 || notice->z_message_len > qptr->msg_len - part)
535 /* Incorporate this notice's checked authentication. */
536 if (notice->z_checked_auth == ZAUTH_FAILED)
537 qptr->auth = ZAUTH_FAILED;
538 else if (notice->z_checked_auth == ZAUTH_NO && qptr->auth != ZAUTH_FAILED)
539 qptr->auth = ZAUTH_NO;
541 last = part+notice->z_message_len-1;
543 hole = qptr->holelist;
544 lasthole = (struct _Z_Hole *) 0;
546 /* copy in the message body */
547 (void) memcpy(qptr->msg+part, notice->z_message, notice->z_message_len);
549 /* Search for a hole that overlaps with the current fragment */
551 if (part <= hole->last && last >= hole->first)
557 /* If we found one, delete it and reconstruct a new hole */
559 oldfirst = hole->first;
560 oldlast = hole->last;
562 lasthole->next = hole->next;
564 qptr->holelist = hole->next;
567 * Now create a new hole that is the original hole without the
570 if (part > oldfirst) {
571 /* Search for the end of the hole list */
572 hole = qptr->holelist;
573 lasthole = (struct _Z_Hole *) 0;
579 lasthole->next = (struct _Z_Hole *)malloc(sizeof(struct _Z_Hole));
580 if (lasthole->next == NULL)
582 hole = lasthole->next;
584 qptr->holelist = (struct _Z_Hole *)malloc(sizeof(struct _Z_Hole));
585 if (qptr->holelist == NULL)
587 hole = qptr->holelist;
590 hole->first = oldfirst;
593 if (last < oldlast) {
594 /* Search for the end of the hole list */
595 hole = qptr->holelist;
596 lasthole = (struct _Z_Hole *) 0;
602 lasthole->next = (struct _Z_Hole *)malloc(sizeof(struct _Z_Hole));
603 if (lasthole->next == NULL)
605 hole = lasthole->next;
607 qptr->holelist = (struct _Z_Hole *)malloc(sizeof(struct _Z_Hole));
608 if (qptr->holelist == NULL)
610 hole = qptr->holelist;
612 hole->next = (struct _Z_Hole *) 0;
613 hole->first = last+1;
614 hole->last = oldlast;
618 if (!qptr->holelist) {
620 __Q_CompleteLength++;
622 qptr->timep = 0; /* don't time out anymore */
623 qptr->packet_len = qptr->header_len+qptr->msg_len;
624 if (!(qptr->packet = (char *) malloc((unsigned) qptr->packet_len)))
626 (void) memcpy(qptr->packet, qptr->header, qptr->header_len);
627 (void) memcpy(qptr->packet+qptr->header_len, qptr->msg,
635 Z_gettimeofday(struct _ZTimeval *ztv,
639 (void) gettimeofday(&tv, tz); /* yeah, yeah, I know */
640 ztv->tv_sec=tv.tv_sec;
641 ztv->tv_usec=tv.tv_usec;
645 Z_FormatHeader(ZNotice_t *notice,
649 Z_AuthProc cert_routine)
652 static char version[BUFSIZ]; /* default init should be all \0 */
654 if (!notice->z_sender)
655 notice->z_sender = ZGetSender();
657 if (notice->z_port == 0) {
659 retval = ZOpenPort((u_short *)0);
660 if (retval != ZERR_NONE)
663 notice->z_port = __Zephyr_port;
666 notice->z_multinotice = "";
668 (void) Z_gettimeofday(¬ice->z_uid.tv, (struct timezone *)0);
669 notice->z_uid.tv.tv_sec = htonl((u_long) notice->z_uid.tv.tv_sec);
670 notice->z_uid.tv.tv_usec = htonl((u_long) notice->z_uid.tv.tv_usec);
672 (void) memcpy(¬ice->z_uid.zuid_addr, &__My_addr, sizeof(__My_addr));
674 if (notice->z_sender_sockaddr.ip4.sin_family == 0) {
675 (void) memset(¬ice->z_sender_sockaddr, 0, sizeof(notice->z_sender_sockaddr));
676 notice->z_sender_sockaddr.ip4.sin_family = AF_INET; /*XXX*/
677 notice->z_sender_sockaddr.ip4.sin_port = notice->z_port;
678 (void) memcpy(¬ice->z_sender_sockaddr.ip4.sin_addr, &__My_addr, sizeof(__My_addr));
679 #ifdef HAVE_SOCKADDR_IN_SIN_LEN
680 notice->z_sender_sockaddr.ip4.sin_len = sizeof(notice->z_sender_sockaddr.ip4);
684 notice->z_multiuid = notice->z_uid;
687 (void) sprintf(version, "%s%d.%d", ZVERSIONHDR, ZVERSIONMAJOR,
689 notice->z_version = version;
691 return Z_FormatAuthHeader(notice, buffer, buffer_len, len, cert_routine);
695 Z_NewFormatHeader(ZNotice_t *notice,
699 Z_AuthProc cert_routine)
702 static char version[BUFSIZ]; /* default init should be all \0 */
705 if (!notice->z_sender)
706 notice->z_sender = ZGetSender();
708 if (notice->z_port == 0) {
710 retval = ZOpenPort((u_short *)0);
711 if (retval != ZERR_NONE)
714 notice->z_port = __Zephyr_port;
717 notice->z_multinotice = "";
719 (void) gettimeofday(&tv, (struct timezone *)0);
720 notice->z_uid.tv.tv_sec = htonl((u_long) tv.tv_sec);
721 notice->z_uid.tv.tv_usec = htonl((u_long) tv.tv_usec);
723 (void) memcpy(¬ice->z_uid.zuid_addr, &__My_addr, sizeof(__My_addr));
725 (void) memset(¬ice->z_sender_sockaddr, 0, sizeof(notice->z_sender_sockaddr));
726 notice->z_sender_sockaddr.ip4.sin_family = AF_INET; /*XXX*/
727 notice->z_sender_sockaddr.ip4.sin_port = notice->z_port;
728 (void) memcpy(¬ice->z_sender_sockaddr.ip4.sin_addr, &__My_addr, sizeof(__My_addr));
729 #ifdef HAVE_SOCKADDR_IN_SIN_LEN
730 notice->z_sender_sockaddr.ip4.sin_len = sizeof(notice->z_sender_sockaddr.ip4);
733 notice->z_multiuid = notice->z_uid;
736 (void) sprintf(version, "%s%d.%d", ZVERSIONHDR, ZVERSIONMAJOR,
738 notice->z_version = version;
740 return Z_NewFormatAuthHeader(notice, buffer, buffer_len, len, cert_routine);
744 Z_FormatAuthHeader(ZNotice_t *notice,
748 Z_AuthProc cert_routine)
752 notice->z_authent_len = 0;
753 notice->z_ascii_authent = "";
754 notice->z_checksum = 0;
755 return (Z_FormatRawHeader(notice, buffer, buffer_len,
759 return ((*cert_routine)(notice, buffer, buffer_len, len));
763 Z_NewFormatAuthHeader(ZNotice_t *notice,
767 Z_AuthProc cert_routine)
771 notice->z_authent_len = 0;
772 notice->z_ascii_authent = "";
773 notice->z_checksum = 0;
774 return (Z_FormatRawHeader(notice, buffer, buffer_len,
778 return ((*cert_routine)(notice, buffer, buffer_len, len));
782 Z_NewFormatRawHeader(ZNotice_t *notice,
791 return(Z_ZcodeFormatRawHeader(notice, buffer, buffer_len, hdr_len,
792 cksum_start, cksum_len, cstart, cend, 0));
796 Z_AsciiFormatRawHeader(ZNotice_t *notice,
805 return(Z_ZcodeFormatRawHeader(notice, buffer, buffer_len, hdr_len,
806 cksum_start, cksum_len, cstart, cend, 1));
810 Z_ZcodeFormatRawHeader(ZNotice_t *notice,
820 static char version_nogalaxy[BUFSIZ]; /* default init should be all \0 */
821 char newrecip[BUFSIZ];
825 unsigned char *addraddr = NULL;
827 if (!(notice->z_sender_sockaddr.sa.sa_family == AF_INET ||
828 notice->z_sender_sockaddr.sa.sa_family == AF_INET6))
831 if (!notice->z_class)
832 notice->z_class = "";
834 if (!notice->z_class_inst)
835 notice->z_class_inst = "";
837 if (!notice->z_opcode)
838 notice->z_opcode = "";
840 if (!notice->z_recipient)
841 notice->z_recipient = "";
843 if (!notice->z_default_format)
844 notice->z_default_format = "";
847 end = buffer+buffer_len;
852 (void) sprintf(version_nogalaxy, "%s%d.%d", ZVERSIONHDR,
853 ZVERSIONMAJOR, ZVERSIONMINOR);
855 notice->z_version = version_nogalaxy;
857 if (Z_AddField(&ptr, version_nogalaxy, end))
858 return (ZERR_HEADERLEN);
860 if (ZMakeAscii32(ptr, end-ptr,
861 (notice->z_num_hdr_fields ? (notice->z_num_hdr_fields - notice->z_num_other_fields) : Z_NUMFIELDS) + notice->z_num_other_fields)
863 return (ZERR_HEADERLEN);
864 ptr += strlen(ptr)+1;
866 if (ZMakeAscii32(ptr, end-ptr, notice->z_kind) == ZERR_FIELDLEN)
867 return (ZERR_HEADERLEN);
868 ptr += strlen(ptr)+1;
870 if (ZMakeAscii(ptr, end-ptr, (unsigned char *)¬ice->z_uid,
871 sizeof(ZUnique_Id_t)) == ZERR_FIELDLEN)
872 return (ZERR_HEADERLEN);
873 ptr += strlen(ptr)+1;
875 if (ZMakeAscii16(ptr, end-ptr, ntohs(notice->z_port)) == ZERR_FIELDLEN)
876 return (ZERR_HEADERLEN);
877 ptr += strlen(ptr)+1;
879 if (ZMakeAscii32(ptr, end-ptr, notice->z_auth) == ZERR_FIELDLEN)
880 return (ZERR_HEADERLEN);
881 ptr += strlen(ptr)+1;
883 if (ZMakeAscii32(ptr, end-ptr, notice->z_authent_len) == ZERR_FIELDLEN)
884 return (ZERR_HEADERLEN);
885 ptr += strlen(ptr)+1;
887 if (Z_AddField(&ptr, notice->z_ascii_authent, end))
888 return (ZERR_HEADERLEN);
889 if (Z_AddField(&ptr, notice->z_class, end))
890 return (ZERR_HEADERLEN);
891 if (Z_AddField(&ptr, notice->z_class_inst, end))
892 return (ZERR_HEADERLEN);
893 if (Z_AddField(&ptr, notice->z_opcode, end))
894 return (ZERR_HEADERLEN);
895 if (Z_AddField(&ptr, notice->z_sender, end))
896 return (ZERR_HEADERLEN);
897 if (strchr(notice->z_recipient, '@') || !*notice->z_recipient) {
898 if (Z_AddField(&ptr, notice->z_recipient, end))
899 return (ZERR_HEADERLEN);
902 if (strlen(notice->z_recipient) + strlen(__Zephyr_realm) + 2 >
904 return (ZERR_HEADERLEN);
905 (void) sprintf(newrecip, "%s@%s", notice->z_recipient, __Zephyr_realm);
906 if (Z_AddField(&ptr, newrecip, end))
907 return (ZERR_HEADERLEN);
909 if (Z_AddField(&ptr, notice->z_default_format, end))
910 return (ZERR_HEADERLEN);
912 /* copy back the end pointer location for crypto checksum */
915 if (cksumstyle == 1) {
916 if (Z_AddField(&ptr, notice->z_ascii_checksum, end))
917 return (ZERR_HEADERLEN);
920 if (ZMakeZcode32(ptr, end-ptr, notice->z_checksum) == ZERR_FIELDLEN)
921 return ZERR_HEADERLEN;
923 if (ZMakeAscii32(ptr, end-ptr, notice->z_checksum) == ZERR_FIELDLEN)
924 return (ZERR_HEADERLEN);
926 ptr += strlen(ptr)+1;
931 if (Z_AddField(&ptr, notice->z_multinotice, end))
932 return (ZERR_HEADERLEN);
934 if (ZMakeAscii(ptr, end-ptr, (unsigned char *)¬ice->z_multiuid,
935 sizeof(ZUnique_Id_t)) == ZERR_FIELDLEN)
936 return (ZERR_HEADERLEN);
937 ptr += strlen(ptr)+1;
939 if (!notice->z_num_hdr_fields || notice->z_num_hdr_fields > 17) {
940 if (notice->z_sender_sockaddr.sa.sa_family == AF_INET) {
941 addrlen = sizeof(notice->z_sender_sockaddr.ip4.sin_addr);
942 addraddr = (unsigned char *)¬ice->z_sender_sockaddr.ip4.sin_addr;
943 } else if (notice->z_sender_sockaddr.sa.sa_family == AF_INET6) {
944 addrlen = sizeof(notice->z_sender_sockaddr.ip6.sin6_addr);
945 addraddr = (unsigned char *)¬ice->z_sender_sockaddr.ip6.sin6_addr;
948 if (ZMakeZcode(ptr, end-ptr, addraddr, addrlen) == ZERR_FIELDLEN)
949 return ZERR_HEADERLEN;
950 ptr += strlen(ptr) + 1;
953 if (!notice->z_num_hdr_fields || notice->z_num_hdr_fields > 18) {
954 if (ZMakeAscii16(ptr, end-ptr, ntohs(notice->z_charset)) == ZERR_FIELDLEN)
955 return ZERR_HEADERLEN;
956 ptr += strlen(ptr) + 1;
959 for (i=0;i<notice->z_num_other_fields;i++)
960 if (Z_AddField(&ptr, notice->z_other_fields[i], end))
961 return (ZERR_HEADERLEN);
964 *cksum_len = ptr-*cksum_start;
966 *hdr_len = ptr-buffer;
972 Z_FormatRawHeader(ZNotice_t *notice,
979 char newrecip[BUFSIZ];
983 unsigned char *addraddr = NULL;
985 if (!(notice->z_sender_sockaddr.sa.sa_family == AF_INET ||
986 notice->z_sender_sockaddr.sa.sa_family == AF_INET6))
987 notice->z_sender_sockaddr.sa.sa_family = AF_INET; /* \/\/hatever *//*XXX*/
989 if (!notice->z_class)
990 notice->z_class = "";
992 if (!notice->z_class_inst)
993 notice->z_class_inst = "";
995 if (!notice->z_opcode)
996 notice->z_opcode = "";
998 if (!notice->z_recipient)
999 notice->z_recipient = "";
1001 if (!notice->z_default_format)
1002 notice->z_default_format = "";
1005 end = buffer+buffer_len;
1007 if (buffer_len < strlen(notice->z_version)+1)
1008 return (ZERR_HEADERLEN);
1010 (void) strcpy(ptr, notice->z_version);
1011 ptr += strlen(ptr)+1;
1013 if (ZMakeAscii32(ptr, end-ptr, Z_NUMFIELDS + notice->z_num_other_fields)
1015 return (ZERR_HEADERLEN);
1016 ptr += strlen(ptr)+1;
1018 if (ZMakeAscii32(ptr, end-ptr, notice->z_kind) == ZERR_FIELDLEN)
1019 return (ZERR_HEADERLEN);
1020 ptr += strlen(ptr)+1;
1022 if (ZMakeAscii(ptr, end-ptr, (unsigned char *)¬ice->z_uid,
1023 sizeof(ZUnique_Id_t)) == ZERR_FIELDLEN)
1024 return (ZERR_HEADERLEN);
1025 ptr += strlen(ptr)+1;
1027 if (ZMakeAscii16(ptr, end-ptr, ntohs(notice->z_port)) == ZERR_FIELDLEN)
1028 return (ZERR_HEADERLEN);
1029 ptr += strlen(ptr)+1;
1031 if (ZMakeAscii32(ptr, end-ptr, notice->z_auth) == ZERR_FIELDLEN)
1032 return (ZERR_HEADERLEN);
1033 ptr += strlen(ptr)+1;
1035 if (ZMakeAscii32(ptr, end-ptr, notice->z_authent_len) == ZERR_FIELDLEN)
1036 return (ZERR_HEADERLEN);
1037 ptr += strlen(ptr)+1;
1039 if (Z_AddField(&ptr, notice->z_ascii_authent, end))
1040 return (ZERR_HEADERLEN);
1041 if (Z_AddField(&ptr, notice->z_class, end))
1042 return (ZERR_HEADERLEN);
1043 if (Z_AddField(&ptr, notice->z_class_inst, end))
1044 return (ZERR_HEADERLEN);
1045 if (Z_AddField(&ptr, notice->z_opcode, end))
1046 return (ZERR_HEADERLEN);
1047 if (Z_AddField(&ptr, notice->z_sender, end))
1048 return (ZERR_HEADERLEN);
1049 if (strchr(notice->z_recipient, '@') || !*notice->z_recipient) {
1050 if (Z_AddField(&ptr, notice->z_recipient, end))
1051 return (ZERR_HEADERLEN);
1054 if (strlen(notice->z_recipient) + strlen(__Zephyr_realm) + 2 >
1056 return (ZERR_HEADERLEN);
1057 (void) sprintf(newrecip, "%s@%s", notice->z_recipient, __Zephyr_realm);
1058 if (Z_AddField(&ptr, newrecip, end))
1059 return (ZERR_HEADERLEN);
1061 if (Z_AddField(&ptr, notice->z_default_format, end))
1062 return (ZERR_HEADERLEN);
1064 /* copy back the end pointer location for crypto checksum */
1067 if (ZMakeAscii32(ptr, end-ptr, notice->z_checksum) == ZERR_FIELDLEN)
1068 return (ZERR_HEADERLEN);
1069 ptr += strlen(ptr)+1;
1073 if (Z_AddField(&ptr, notice->z_multinotice, end))
1074 return (ZERR_HEADERLEN);
1076 if (ZMakeAscii(ptr, end-ptr, (unsigned char *)¬ice->z_multiuid,
1077 sizeof(ZUnique_Id_t)) == ZERR_FIELDLEN)
1078 return (ZERR_HEADERLEN);
1079 ptr += strlen(ptr)+1;
1081 if (notice->z_sender_sockaddr.sa.sa_family == AF_INET) {
1082 addrlen = sizeof(notice->z_sender_sockaddr.ip4.sin_addr);
1083 addraddr = (unsigned char *)¬ice->z_sender_sockaddr.ip4.sin_addr;
1084 if (ZMakeAscii(ptr, end - ptr, addraddr, addrlen) == ZERR_FIELDLEN)
1085 return ZERR_HEADERLEN;
1086 } else if (notice->z_sender_sockaddr.sa.sa_family == AF_INET6) {
1087 addrlen = sizeof(notice->z_sender_sockaddr.ip6.sin6_addr);
1088 addraddr = (unsigned char *)¬ice->z_sender_sockaddr.ip6.sin6_addr;
1089 if (ZMakeZcode(ptr, end - ptr, addraddr, addrlen) == ZERR_FIELDLEN)
1090 return ZERR_HEADERLEN;
1092 ptr += strlen(ptr) + 1;
1094 if (ZMakeAscii16(ptr, end-ptr, ntohs(notice->z_charset)) == ZERR_FIELDLEN)
1095 return ZERR_HEADERLEN;
1096 ptr += strlen(ptr) + 1;
1098 for (i=0;i<notice->z_num_other_fields;i++)
1099 if (Z_AddField(&ptr, notice->z_other_fields[i], end))
1100 return (ZERR_HEADERLEN);
1108 Z_AddField(char **ptr,
1114 len = field ? strlen (field) + 1 : 1;
1119 (void) strcpy(*ptr, field);
1128 Z_GetFirstComplete(void)
1130 struct _Z_InputQ *qptr;
1140 return ((struct _Z_InputQ *)0);
1144 Z_GetNextComplete(struct _Z_InputQ *qptr)
1153 return ((struct _Z_InputQ *)0);
1157 Z_RemQueue(struct _Z_InputQ *qptr)
1159 struct _Z_Hole *hole, *nexthole;
1162 __Q_CompleteLength--;
1164 __Q_Size -= qptr->msg_len;
1173 hole = qptr->holelist;
1175 nexthole = hole->next;
1180 if (qptr == __Q_Head && __Q_Head == __Q_Tail) {
1181 free ((char *)qptr);
1182 __Q_Head = (struct _Z_InputQ *)0;
1183 __Q_Tail = (struct _Z_InputQ *)0;
1187 if (qptr == __Q_Head) {
1188 __Q_Head = qptr->next;
1189 __Q_Head->prev = (struct _Z_InputQ *)0;
1190 free ((char *)qptr);
1193 if (qptr == __Q_Tail) {
1194 __Q_Tail = qptr->prev;
1195 __Q_Tail->next = (struct _Z_InputQ *)0;
1196 free ((char *)qptr);
1199 qptr->prev->next = qptr->next;
1200 qptr->next->prev = qptr->prev;
1201 free ((char *)qptr);
1206 Z_SendFragmentedNotice(ZNotice_t *notice,
1208 Z_AuthProc cert_func,
1209 Z_SendProc send_func)
1211 ZNotice_t partnotice;
1214 int offset, hdrsize, fragsize, ret_len, message_len, waitforack;
1217 hdrsize = len-notice->z_message_len;
1218 fragsize = Z_MAXPKTLEN-hdrsize-Z_FRAGFUDGE;
1222 waitforack = ((notice->z_kind == UNACKED || notice->z_kind == ACKED)
1223 && !__Zephyr_server);
1225 partnotice = *notice;
1227 while (offset < notice->z_message_len || !notice->z_message_len) {
1228 (void) sprintf(multi, "%d/%d", offset, notice->z_message_len);
1229 partnotice.z_multinotice = multi;
1231 (void) Z_gettimeofday(&partnotice.z_uid.tv,
1232 (struct timezone *)0);
1233 partnotice.z_uid.tv.tv_sec =
1234 htonl((u_long) partnotice.z_uid.tv.tv_sec);
1235 partnotice.z_uid.tv.tv_usec =
1236 htonl((u_long) partnotice.z_uid.tv.tv_usec);
1237 (void) memcpy((char *)&partnotice.z_uid.zuid_addr, &__My_addr,
1239 (void) memset(¬ice->z_sender_sockaddr, 0, sizeof(notice->z_sender_sockaddr));
1240 notice->z_sender_sockaddr.ip4.sin_family = AF_INET; /*XXX*/
1241 notice->z_sender_sockaddr.ip4.sin_port = notice->z_port;
1242 (void) memcpy(¬ice->z_sender_sockaddr.ip4.sin_addr, &__My_addr, sizeof(__My_addr));
1243 #ifdef HAVE_SOCKADDR_IN_SIN_LEN
1244 notice->z_sender_sockaddr.ip4.sin_len = sizeof(notice->z_sender_sockaddr.ip4);
1247 message_len = min(notice->z_message_len-offset, fragsize);
1248 partnotice.z_message = notice->z_message+offset;
1249 partnotice.z_message_len = message_len;
1250 if ((retval = Z_FormatAuthHeader(&partnotice, buffer, Z_MAXHEADERLEN,
1251 &ret_len, cert_func)) != ZERR_NONE) {
1254 memcpy(buffer + ret_len, partnotice.z_message, message_len);
1255 if ((retval = (*send_func)(&partnotice, buffer, ret_len+message_len,
1256 waitforack)) != ZERR_NONE) {
1260 if (!notice->z_message_len)
1268 Code_t Z_XmitFragment(ZNotice_t *notice,
1273 return(ZSendPacket(buf, len, wait));
1276 /* For debugging printing */
1277 const char *const ZNoticeKinds[] = {
1278 "UNSAFE", "UNACKED", "ACKED", "HMACK", "HMCTL", "SERVACK", "SERVNAK",
1286 Z_debug(const char *format, ...)
1289 if (!__Z_debug_print)
1291 va_start (pvar, format);
1292 (*__Z_debug_print) (format, pvar, __Z_debug_print_closure);
1297 Z_debug_stderr(const char *format,
1302 vfprintf (stderr, format, args);
1304 _doprnt (format, args, stderr);
1306 putc ('\n', stderr);
1311 ZSetDebug(void (*proc)(const char *, va_list, void *),
1314 __Z_debug_print = proc;
1315 __Z_debug_print_closure = arg;
1317 #endif /* Z_DEBUG */
1321 Z_Checksum(krb5_data *cksumbuf,
1322 krb5_keyblock *keyblock,
1323 krb5_cksumtype cksumtype,
1324 krb5_keyusage cksumusage,
1326 unsigned int *asn1_len)
1328 krb5_error_code result;
1329 unsigned char *data;
1331 #ifndef HAVE_KRB5_CRYPTO_INIT
1332 krb5_checksum checksum;
1335 krb5_crypto cryptctx;
1338 #ifndef HAVE_KRB5_CRYPTO_INIT
1339 /* Create the checksum -- MIT crypto API */
1340 result = krb5_c_make_checksum(Z_krb5_ctx, cksumtype,
1341 keyblock, cksumusage,
1342 cksumbuf, &checksum);
1345 /* HOLDING: checksum */
1347 data = checksum.contents;
1348 len = checksum.length;
1350 /* Create the checksum -- heimdal crypto API */
1351 result = krb5_crypto_init(Z_krb5_ctx, keyblock, keyblock->keytype,
1356 /* HOLDING: cryptctx */
1357 result = krb5_create_checksum(Z_krb5_ctx, cryptctx,
1358 cksumusage, cksumtype,
1359 cksumbuf->data, cksumbuf->length,
1361 krb5_crypto_destroy(Z_krb5_ctx, cryptctx);
1365 len = checksum.checksum.length;
1366 data = checksum.checksum.data;
1367 /* HOLDING: checksum */
1370 *asn1_data = malloc(len);
1371 if (*asn1_data == NULL)
1373 memcpy(*asn1_data, data, len);
1376 #ifndef HAVE_KRB5_CRYPTO_INIT
1377 krb5_free_checksum_contents(Z_krb5_ctx, &checksum);
1379 free_Checksum(&checksum);
1386 Z_InsertZcodeChecksum(krb5_keyblock *keyblock,
1397 int plain_len; /* length of part not to be checksummed */
1398 int cksum0_len; /* length of part before checksum */
1399 int cksum1_len; /* length of part after checksum */
1402 unsigned char *key_data;
1404 krb5_enctype enctype;
1405 krb5_cksumtype cksumtype;
1408 key_data = Z_keydata(keyblock);
1409 key_len = Z_keylen(keyblock);
1410 result = Z_ExtractEncCksum(keyblock, &enctype, &cksumtype);
1412 return (ZAUTH_FAILED);
1414 /* Assemble the things to be checksummed */
1415 plain_len = cksum_start - buffer;
1416 cksum0_len = cstart - cksum_start;
1417 cksum1_len = (cksum_start + cksum_len) - cend;
1418 memset(&cksumbuf, 0, sizeof(cksumbuf));
1419 cksumbuf.length = cksum0_len + cksum1_len + notice->z_message_len;
1420 cksumbuf.data = malloc(cksumbuf.length);
1423 memcpy(cksumbuf.data, cksum_start, cksum0_len);
1424 memcpy(cksumbuf.data + cksum0_len, cend, cksum1_len);
1425 memcpy(cksumbuf.data + cksum0_len + cksum1_len,
1426 notice->z_message, notice->z_message_len);
1427 /* compute the checksum */
1428 result = Z_Checksum(&cksumbuf, keyblock, cksumtype,
1429 from_server ? Z_KEYUSAGE_SRV_CKSUM
1430 : Z_KEYUSAGE_CLT_CKSUM,
1431 (char **)&cksum.data, &cksum.length);
1433 free(cksumbuf.data);
1438 * OK.... we can zcode to a space starting at 'cstart',
1439 * with a length of buffer_len - (plain_len + cksum_len).
1440 * Then we tack on the end part, which is located at
1441 * cksumbuf.data + cksum0_len and has length cksum1_len
1444 result = ZMakeZcode(cstart, buffer_len - (plain_len + cksum_len),
1445 (unsigned char *)cksum.data, cksum.length);
1448 int zcode_len = strlen(cstart) + 1;
1449 memcpy(cstart + zcode_len, cksumbuf.data + cksum0_len, cksum1_len);
1450 *length_adjust = zcode_len - cksum_len + (cksum0_len + cksum1_len);
1452 free(cksumbuf.data);
1457 Z_ExtractEncCksum(krb5_keyblock *keyblock,
1458 krb5_enctype *enctype,
1459 krb5_cksumtype *cksumtype)
1461 *enctype = Z_enctype(keyblock);
1462 return Z_krb5_lookup_cksumtype(*enctype, cksumtype);
1467 /* returns 0 if invalid or losing, 1 if valid, *sigh* */
1469 Z_krb5_verify_cksum(krb5_keyblock *keyblock,
1470 krb5_data *cksumbuf,
1471 krb5_cksumtype cksumtype,
1472 krb5_keyusage cksumusage,
1473 unsigned char *asn1_data,
1476 krb5_error_code result;
1477 #ifndef HAVE_KRB5_CRYPTO_INIT
1478 krb5_checksum checksum;
1481 krb5_crypto cryptctx;
1486 memset(&checksum, 0, sizeof(checksum));
1487 #ifndef HAVE_KRB5_CRYPTO_INIT
1488 /* Verify the checksum -- MIT crypto API */
1489 checksum.length = asn1_len;
1490 checksum.contents = asn1_data;
1491 checksum.checksum_type = cksumtype;
1492 result = krb5_c_verify_checksum(Z_krb5_ctx,
1493 keyblock, cksumusage,
1494 cksumbuf, &checksum, &valid);
1495 if (!result && valid)
1500 checksum.checksum.length = asn1_len;
1501 checksum.checksum.data = asn1_data;
1502 checksum.cksumtype = cksumtype;
1504 result = krb5_crypto_init(Z_krb5_ctx, keyblock, keyblock->keytype, &cryptctx);
1508 /* HOLDING: cryptctx */
1509 result = krb5_verify_checksum(Z_krb5_ctx, cryptctx, cksumusage,
1510 cksumbuf->data, cksumbuf->length,
1512 krb5_crypto_destroy(Z_krb5_ctx, cryptctx);