Solution: applied clang-format

mechanisms

Solution: uniformly require a ZAP domain to be set to activate ZAP
handling, clarify comment on Stonehouse pattern

Solution: emit events as expected by tests, and refuse connections when
ZAP is required but no handler started

Addresses #2711 partially

Problem: no tests for client-side events for successful handshake and authentication failure in handshake

Solution: added tests for CURVE, add emitting of client-side event in curve_client_t; add ZAP code 300/500 tests for all mechanisms; suppress sending an error message for ZAP code 300

Solution: use check_basic_command_structure in curve_client_t::decode, also prepare other client mechanisms to use that method by rearranging inheritance hierarchy

Solution: emit socket monitor events for NULL protocol errors (like CURVE)

Solution: replaced unreachable code by assertions and adapted uses

Solution: unification, pulled up common behaviour to zap_client_t/zap_client_common_handshake_t

Solution: pull state enum up to zap_client_t and unify names of enum values

Solution: extract receive_and_process_zap_reply into zap_client_t and convert zap_client_t into base class of the server mechanism classes

Solution: Use zap_client_t::send_zap_request

Problem: null_mechanism duplicates zap_client_t::send_zap_request\nSolution: use zap_client_t::send_zap_request

* Problem: no test case with CURVE encryption and large identity

Solution: added test case (currently crashing)

* Problem: possible buffer overflow in mechanism_t::add_property

Solution: add target buffer length parameter and check the buffer is sufficiently large

* Problem: test cases accidentally excluded from build

Solution: remove #if/#endif

* Problem: possible buffer overruns related to metadata at various locations

Solution: allocate buffer large enough for actual metadata, reduce code duplication

* Problem: syntax error related to pointer type conversion

Solution: change argument type of make_command_with_basic_properties to const char *

* Problem: large metadata may cause an assertion in produce_initiate

Solution: Allow metadata of arbitrary size in produce_initiate

Solution: log that handler sent bad status code to clarify ZAP debugging

Solution: Define them in zmq.h and use them (currently in DRAFT API)

Solution: The Coverity Static Code Analyzer was used on libzmq code and found
many issues with uninitialized member variables, some redefinition of variables
hidding previous instances of same variable name and a couple of functions
where return values were not checked, even though all other occurrences were
checked (e.g. init_size() return).

Solution: Phase I - make precompiled.hpp be first file included in every source file

Solution: update to 2016

Of course people still "can" distributed the sources under the
LGPLv3. However we provide COPYING.LESSER with additional grants.

Solution: specify these grants in the header of each source file.

Solution: update for 2015

Fixes #1320

NULL mechanism sends ERROR command rather than READY command when ZAP
handler rejects the ZAP request (status code != "200"). The body of
ERROR command contains the status code as returned by ZAP handler.

- additional messages to help people debugging security errors

The get_credential () member function returns
credential for the last peer we received message for.
The idea is that this function is used to implement user-level API.

* This is passed to the ZAP handler in the 'domain' field

* If not set, or empty, then NULL security does not call the ZAP handler

* This resolves the phantom ZAP request syndrome seen with sockets where
  security was never intended (e.g. in test cases)

* This means if you install a ZAP handler, it will not get any requests
  for new connections until you take some explicit action, which can be
  setting a username/password for PLAIN, a key for CURVE, or the domain
  for NULL.

* Command names changed from null terminated to length-specified
* Command frames use the correct flag (bit 2)
* test_stream acts as test case for command frames
* Some code cleanups

- Split off NULL security check from PLAIN
- Cleaned up test_linger code a little
- Got all tests to pass, added TODOs for outstanding issues
- Added ZAP authentication for NULL test case
- NULL mechanism was not passing server identity - fixed
- cleaned up test_security_plain and removed option double-checks (made code ugly)
- lowered timeout on expect_bounce_fail to 150 msec to speed up checks
- removed all sleeps from test_fork and simplified code (it still passes :-)

RFC23, RFC24, RFC26 now use variable-length command names that
end in null octet (valid C strings) instead of fixed-length
space padded strings.