1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
|
#ifndef __INTERNAL_H__
#define __INTERNAL_H__
#include <sysdep.h>
#include <zephyr/zephyr.h>
#include <netdb.h>
#ifdef HAVE_KRB4
#include <krb.h>
#include <krb_err.h>
#endif
#ifdef HAVE_KRB5
#include <krb5.h>
#endif
#ifdef HAVE_HESIOD
#include <hesiod.h>
#endif
#include <arpa/nameser.h>
#ifdef HAVE_ARPA_NAMESER_COMPAT_H
#include <arpa/nameser_compat.h>
#endif
#ifndef REALM_SZ /* XXX */
#define REALM_SZ NS_MAXDNAME
#endif
#define MAX_PRINCIPAL_SIZE 1024
#define SERVER_SVC_FALLBACK htons((unsigned short) 2103)
#define HM_SVC_FALLBACK htons((unsigned short) 2104)
#define HM_SRV_SVC_FALLBACK htons((unsigned short) 2105)
#define ZSUBAUTH (Z_MakeAuthenticationSaveKey)
#define ZAUTH_UNSET (-3) /* Internal to client library. */
#define Z_MAXFRAGS 500 /* Max number of packet fragments */
#define Z_MAXNOTICESIZE 400000 /* Max size of incoming notice */
#define Z_MAXQUEUESIZE 1500000 /* Max size of input queue notices */
#define Z_FRAGFUDGE 13 /* Room to for multinotice field */
#define Z_NOTICETIMELIMIT 30 /* Time to wait for fragments */
#define Z_INITFILTERSIZE 30 /* Starting size of uid filter */
#define Z_FILTERTIMELIMIT 900 /* Max time to cache packet ids */
#define Z_AUTHMODE_NONE 0 /* no authentication */
#define Z_AUTHMODE_KRB4 1 /* authenticate using Kerberos V4 */
#define Z_AUTHMODE_KRB5 2 /* authenticate using Kerberos V5 */
#define Z_KEYUSAGE_CLT_CKSUM 1027 /* client->server notice checksum */
#define Z_KEYUSAGE_SRV_CKSUM 1029 /* server->client notice checksum */
struct _Z_Hole {
struct _Z_Hole *next;
int first;
int last;
};
struct _Z_InputQ {
struct _Z_InputQ *next;
struct _Z_InputQ *prev;
ZNotice_Kind_t kind;
unsigned ZEPHYR_INT32 timep;
int packet_len;
char *packet;
int complete;
struct sockaddr_in from;
struct _Z_Hole *holelist;
ZUnique_Id_t uid;
int auth;
int header_len;
char *header;
int msg_len;
char *msg;
};
extern struct _Z_InputQ *__Q_Head, *__Q_Tail;
extern int __Zephyr_open; /* 0 if FD opened, 1 otherwise */
extern int __HM_set; /* 0 if dest addr set, 1 otherwise */
extern int __Zephyr_server; /* 0 if normal client, 1 if server or zhm */
#ifdef HAVE_KRB5
extern krb5_context Z_krb5_ctx;
Code_t Z_krb5_lookup_cksumtype(krb5_enctype, krb5_cksumtype *);
struct _Z_SessionKey {
struct _Z_SessionKey *next;
struct _Z_SessionKey *prev;
krb5_keyblock *keyblock;
time_t send_time;
time_t first_use;
};
extern struct _Z_SessionKey *Z_keys_head, *Z_keys_tail;
/*
* The maximum time we allow for a notice to get delivered. This is used for
* two timeouts in key expirey. First, we assume that any subscription notice
* was reached the server within that time; this allows us to assume old keys
* sent sufficiently long before a newer, verified key are stale. Second, we
* assume notices authenticated with an old key reach us in that time; this
* allows us to prune stale keys after a timeout.
*/
#define KEY_TIMEOUT 60
#endif
extern ZLocations_t *__locate_list;
extern int __locate_num;
extern int __locate_next;
extern ZSubscription_t *__subscriptions_list;
extern int __subscriptions_num;
extern int __subscriptions_next;
extern int __Zephyr_port; /* Port number */
extern struct in_addr __My_addr;
extern int __Zephyr_fd;
extern int __Q_CompleteLength;
extern struct sockaddr_in __HM_addr;
extern char __Zephyr_realm[];
typedef Code_t (*Z_SendProc) (ZNotice_t *, char *, int, int);
struct _Z_InputQ *Z_GetFirstComplete (void);
struct _Z_InputQ *Z_GetNextComplete (struct _Z_InputQ *);
struct _Z_InputQ *Z_SearchQueue (ZUnique_Id_t *, ZNotice_Kind_t);
Code_t Z_XmitFragment (ZNotice_t*, char *,int,int);
void Z_RemQueue (struct _Z_InputQ *);
Code_t Z_AddNoticeToEntry (struct _Z_InputQ*, ZNotice_t*, int);
Code_t Z_FormatAuthHeader (ZNotice_t *, char *, int, int *, Z_AuthProc);
Code_t Z_FormatAuthHeaderWithASCIIAddress (ZNotice_t *, char *, int, int *);
Code_t Z_FormatHeader (ZNotice_t *, char *, int, int *, Z_AuthProc);
Code_t Z_FormatRawHeader (ZNotice_t *, char*, int,
int*, char **, char **);
Code_t Z_ReadEnqueue (void);
Code_t Z_ReadWait (void);
int Z_PacketWaiting (void);
Code_t Z_SendLocation (char*, char*, char*, Z_AuthProc, char*);
Code_t Z_SendFragmentedNotice (ZNotice_t *notice, int len,
Z_AuthProc cert_func,
Z_SendProc send_func);
Code_t Z_WaitForComplete (void);
Code_t Z_WaitForNotice (ZNotice_t *notice,
int (*pred)(ZNotice_t *, void *), void *arg,
int timeout);
Code_t Z_NewFormatHeader (ZNotice_t *, char *, int, int *, Z_AuthProc);
Code_t Z_NewFormatAuthHeader (ZNotice_t *, char *, int, int *, Z_AuthProc);
Code_t Z_NewFormatRawHeader (ZNotice_t *, char *, int, int *, char **,
int *, char **, char **);
Code_t Z_AsciiFormatRawHeader (ZNotice_t *, char *, int, int *, char **,
int *, char **, char **);
void Z_gettimeofday(struct _ZTimeval *ztv, struct timezone *tz);
Code_t Z_MakeAuthenticationSaveKey(ZNotice_t*, char *,int, int*);
#ifdef HAVE_KRB5
int ZGetCreds(krb5_creds **creds_out);
int ZGetCredsRealm(krb5_creds **creds_out, char *realm);
Code_t Z_Checksum(krb5_data *cksumbuf, krb5_keyblock *keyblock,
krb5_cksumtype cksumtype, krb5_keyusage cksumusage,
char **asn1_data, unsigned int *asn1_len);
Code_t Z_ExtractEncCksum(krb5_keyblock *keyblock, krb5_enctype *enctype,
krb5_cksumtype *cksumtype);
int Z_krb5_verify_cksum(krb5_keyblock *keyblock, krb5_data *cksumbuf,
krb5_cksumtype cksumtype, krb5_keyusage cksumusage,
unsigned char *asn1_data, int asn1_len);
Code_t Z_MakeZcodeAuthentication(register ZNotice_t *notice,
char *buffer, int buffer_len,
int *phdr_len,
krb5_creds *creds);
Code_t Z_InsertZcodeChecksum(krb5_keyblock *keyblock, ZNotice_t *notice,
char *buffer,
char *cksum_start, int cksum_len,
char *cstart, char *cend, int buffer_len,
int *length_ajdust, int from_server);
unsigned long z_quad_cksum(const unsigned char *, uint32_t *, long,
int, unsigned char *);
Code_t ZFormatAuthenticNoticeV5(ZNotice_t*, char*, int, int*, krb5_keyblock *);
#endif
#ifdef HAVE_KRB4
Code_t ZFormatAuthenticNotice(ZNotice_t*, char*, int, int*, C_Block);
#endif
#ifdef HAVE_KRB5_CREDS_KEYBLOCK_ENCTYPE
#define Z_keydata(keyblock) ((keyblock)->contents)
#define Z_keylen(keyblock) ((keyblock)->length)
#define Z_credskey(creds) (&(creds)->keyblock)
#define Z_enctype(keyblock) ((keyblock)->enctype)
#else
#define Z_keydata(keyblock) ((keyblock)->keyvalue.data)
#define Z_keylen(keyblock) ((keyblock)->keyvalue.length)
#define Z_credskey(creds) (&(creds)->session)
#define Z_enctype(keyblock) ((keyblock)->keytype)
#endif
#ifdef HAVE_KRB5_TICKET_ENC_PART2
#define Z_tktprincp(tkt) ((tkt)->enc_part2 != 0)
#define Z_tktprinc(tkt) ((tkt)->enc_part2->client)
#else
#define Z_tktprincp(tkt) ((tkt)->client != 0)
#define Z_tktprinc(tkt) ((tkt)->client)
#endif
#endif /* __INTERNAL_H__ */
|
