2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 /* This file contains the code to handle UDP requests to the authentication
11 server using the MIT Kerberos protocol for obtaining tickets. It will only
12 handle authentication and get ticket requests to provide read-only protocol
13 level compatibility with the standard Kerberos servers. */
15 #include <afsconfig.h>
16 #include <afs/param.h>
22 #include <sys/types.h>
26 #include <afs/errmap_nt.h>
27 #define snprintf _snprintf
29 #include <sys/socket.h>
31 #include <netinet/in.h>
34 #include <afs/afsutil.h>
36 #include <afs/com_err.h>
48 #include "prot.h" /* protocol definitions */
50 #include "afs/audit.h"
53 /* my kerberos error codes */
54 #define KERB_ERR_BAD_MSG_TYPE 99
55 #define KERB_ERR_BAD_LIFETIME 98
56 #define KERB_ERR_NONNULL_REALM 97
57 #define KERB_ERR_PKT_LENGTH 96
58 #define KERB_ERR_TEXT_LENGTH 95
60 #define KDC_GEN_ERR 20
64 int krb_udp_debug = 0;
66 static int sock_kerb = -1; /* the socket we're using */
67 static int sock_kerb5 = -1; /* the socket we're using */
71 struct sockaddr_in from;
77 char *rest; /* remaining bytes of packet */
78 char data[MAX_PKT_LEN];
81 extern char *lastOperation;
84 char udpAuthPrincipal[256];
85 char udptgsPrincipal[256];
86 char udptgsServerPrincipal[256];
88 #define putstr(name) if ((slen = strlen(name)) >= MAXKTCNAMELEN) return -1;\
89 else strcpy (answer, name), answer += slen+1
90 #define putint(num) num = htonl(num), \
91 memcpy(answer, &num, sizeof(afs_int32)), \
92 answer += sizeof(afs_int32)
94 #define getstr(name) if ((slen = strlen(packet)) >= sizeof(name)) return -1;\
95 strcpy (name, packet), packet += slen+1
96 #define getint(num) memcpy(&num, packet, sizeof(afs_int32)), \
97 num = ktohl (byteOrder, num), \
98 packet += sizeof(afs_int32)
100 /* this is just to close the log every five minutes to rm works */
102 int fiveminutes = 300;
108 printf("start 5 min check lwp\n");
111 IOMGR_Sleep(fiveminutes);
112 /* close the log so it can be removed */
113 ReOpenLog(AFSDIR_SERVER_KALOG_FILEPATH); /* no trunc, just append */
119 create_cipher(cipher, cipherLen, sessionKey, sname, sinst, start, end, kvno,
120 ticket, ticketLen, key)
123 struct ktc_encryptionKey *sessionKey;
130 struct ktc_encryptionKey *key;
134 unsigned char life = time_to_life(start, end);
136 des_key_schedule schedule;
141 sizeof(*sessionKey) + strlen(sname) + strlen(sinst) + strlen(lrealm) +
142 3 /*nulls */ + 3 + ticketLen + sizeof(Date);
143 if (len > *cipherLen)
144 return KAANSWERTOOLONG;
146 return KAANSWERTOOLONG;
148 return KAANSWERTOOLONG;
150 memcpy(answer, sessionKey, sizeof(*sessionKey));
151 answer += sizeof(*sessionKey);
156 *answer++ = (unsigned char)kvno;
157 *answer++ = (unsigned char)ticketLen;
158 memcpy(answer, ticket, ticketLen);
163 printf("Printing ticket (%d) and date: ", ticketLen);
164 ka_PrintBytes(ticket, ticketLen);
165 ka_PrintBytes(answer - 4, 4);
169 if (code = des_key_sched(key, schedule))
170 printf("In KAAuthenticate: key_sched returned %d\n", code);
171 des_pcbc_encrypt(cipher, cipher, len, schedule, key, ENCRYPT);
172 *cipherLen = round_up_to_ebs(len);
175 printf("Printing cipher (%d): ", *cipherLen);
176 ka_PrintBytes(cipher, *cipherLen);
183 create_reply(ans, name, inst, startTime, endTime, kvno, cipher, cipherLen)
187 Date startTime, endTime;
192 char *answer = ans->data;
195 ans->len = 2 + strlen(name) + strlen(inst) + 3 /*nulls */ +
196 sizeof(afs_int32) + 1 /*ntkts */ + sizeof(afs_int32) + 1 /*kvno */ +
197 sizeof(short) + cipherLen;
198 if (ans->len > sizeof(ans->data))
199 return KAANSWERTOOLONG;
201 return KAANSWERTOOLONG;
203 *answer++ = (unsigned char)KRB_PROT_VERSION;
204 *answer++ = (unsigned char)AUTH_MSG_KDC_REPLY;
205 /* always send claiming network byte order */
210 *answer++ = 1; /* undocumented number of tickets! */
212 *answer++ = (unsigned char)kvno;
214 short w = (short)cipherLen;
216 memcpy(answer, &w, sizeof(short));
217 answer += sizeof(short);
219 memcpy(answer, cipher, cipherLen);
224 check_auth(pkt, auth, authLen, key, name, inst, cell)
228 struct ktc_encryptionKey *key;
234 des_key_schedule schedule;
236 /* unsigned char time_msec; */
238 int byteOrder = pkt->byteOrder;
240 des_key_sched(key, schedule);
241 des_pcbc_encrypt(auth, auth, authLen, schedule, key, DECRYPT);
243 if (strcmp(packet, name) != 0)
245 packet += strlen(packet) + 1;
246 if (strcmp(packet, inst) != 0)
248 packet += strlen(packet) + 1;
249 if (strcmp(packet, cell) != 0)
251 packet += strlen(packet) + 1;
253 /* time_msec = */ *(unsigned char *)packet++;
255 if ((packet - auth) > authLen)
261 UDP_Authenticate(ksoc, client, name, inst, startTime, endTime, sname, sinst)
263 struct sockaddr_in *client;
271 struct ubik_trans *tt;
272 afs_int32 to; /* offset of block */
273 struct kaentry tentry;
274 afs_int32 tgskvno; /* key version of service key */
275 struct ktc_encryptionKey tgskey; /* service key for encrypting ticket */
280 char ticket[MAXKTCTICKETLEN]; /* our copy of the ticket */
282 struct ktc_encryptionKey sessionKey; /* we have to invent a session key */
284 char cipher[2 * MAXKTCTICKETLEN]; /* put encrypted part of answer here */
288 COUNT_REQ(UAuthenticate);
289 if (!name_instance_legal(name, inst))
290 return KERB_ERR_NAME_EXP; /* KABADNAME */
291 if (code = InitAuthServ(&tt, LOCKREAD, this_op))
294 code = FindBlock(tt, name, inst, &to, &tentry);
297 if (to) { /* if user exists check other stuff */
299 struct kaentry sentry;
300 save_principal(udpAuthPrincipal, name, inst, 0);
302 tgt = ((strcmp(sname, KA_TGS_NAME) == 0)
303 && (strcmp(sinst, lrealm) == 0));
304 if ((ntohl(tentry.user_expiration) < now)
305 || (tgt && (ntohl(tentry.flags) & KAFNOTGS))) {
306 code = KERB_ERR_NAME_EXP; /* KABADUSER */
309 code = FindBlock(tt, KA_TGS_NAME, lrealm, &sto, &sentry);
316 if ((ntohl(sentry.user_expiration) < now)) {
317 code = KERB_ERR_NAME_EXP; /* XXX Could use another error code XXX */
320 if (abs(startTime - now) > KTC_TIME_UNCERTAINTY) {
321 code = KERB_ERR_SERVICE_EXP; /* was KABADREQUEST */
325 if (tentry.misc_auth_bytes) {
326 unsigned char misc_auth_bytes[4];
327 afs_uint32 temp; /* unsigned for safety */
328 afs_uint32 pwexpires;
330 temp = ntohl(*((afs_int32 *) (tentry.misc_auth_bytes)));
331 unpack_long(temp, misc_auth_bytes);
332 pwexpires = misc_auth_bytes[0];
335 ntohl(tentry.change_password_time) +
336 24 * 60 * 60 * pwexpires;
337 if (pwexpires < now) {
338 code = KERB_ERR_AUTH_EXP; /* was KAPWEXPIRED */
344 /* make the ticket */
345 code = des_random_key(&sessionKey);
347 code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
351 umin(endTime, startTime + ntohl(tentry.max_ticket_lifetime));
352 if ((code = ka_LookupKey(tt, sname, sinst, &tgskvno, &tgskey))
354 tkt_MakeTicket(ticket, &ticketLen, &tgskey, name, inst,
355 lrealm, startTime, endTime, &sessionKey,
356 htonl(client->sin_addr.s_addr), sname, sinst)))
359 cipherLen = sizeof(cipher);
361 create_cipher(cipher, &cipherLen, &sessionKey, sname, sinst,
362 startTime, endTime, tgskvno, ticket, ticketLen,
366 } else { /* no such user */
368 tentry.key_version = 0;
370 code = ubik_EndTrans(tt);
375 create_reply(&ans, name, inst, startTime, endTime,
376 ntohl(tentry.key_version), cipher, cipherLen);
381 printf("Sending %d bytes ending in: ", ans.len);
382 ka_PrintBytes(ans.data + ans.len - 8, 8);
387 sendto(ksoc, ans.data, ans.len, 0, (struct sockaddr *)client,
389 if (code != ans.len) {
390 perror("calling sendto");
394 KALOG(name, inst, sname, sinst, NULL, client->sin_addr.s_addr,
396 osi_audit(UDPAuthenticateEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_END);
404 osi_audit(UDPAuthenticateEvent, code, AUD_STR, name, AUD_STR, inst,
410 UDP_GetTicket(ksoc, pkt, kvno, authDomain, ticket, ticketLen, auth, authLen)
421 struct ktc_encryptionKey tgskey;
422 char name[MAXKTCNAMELEN];
423 char inst[MAXKTCNAMELEN];
424 char cell[MAXKTCREALMLEN];
425 struct ktc_encryptionKey authSessionKey;
435 int byteOrder = pkt->byteOrder;
436 char sname[MAXKTCNAMELEN];
437 char sinst[MAXKTCNAMELEN];
441 struct ubik_trans *tt;
443 struct kaentry caller;
444 struct kaentry server;
446 struct ktc_encryptionKey sessionKey;
448 char newTicket[MAXKTCTICKETLEN];
450 char cipher[2 * MAXKTCTICKETLEN]; /* put encrypted part of answer here */
454 COUNT_REQ(UGetTicket);
456 if (code = InitAuthServ(&tt, LOCKREAD, this_op))
459 ka_LookupKvno(tt, KA_TGS_NAME,
460 ((strlen(authDomain) > 0) ? authDomain : lrealm), kvno,
466 tkt_DecodeTicket(ticket, ticketLen, &tgskey, name, inst, cell,
467 &authSessionKey, &host, &start, &authEnd);
472 code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */
475 save_principal(udptgsPrincipal, name, inst, cell);
476 code = tkt_CheckTimes(start, authEnd, now);
479 code = KERB_ERR_SERVICE_EXP; /* was RXKADEXPIRED */
482 code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */
485 celllen = strlen(cell);
487 if ((strlen(authDomain) > 0) && (strcmp(authDomain, lrealm) != 0))
489 if (import && (celllen == 0)) {
490 code = KERB_ERR_PKT_VER; /* was KABADTICKET */
494 strncpy(cell, lrealm, MAXKTCREALMLEN - 1);
495 cell[MAXKTCREALMLEN - 1] = 0;
498 if (!krb4_cross && strcmp(lrealm, cell) != 0) {
499 code = KERB_ERR_PRINCIPAL_UNKNOWN;
504 printf("UGetTicket: got ticket from '%s'.'%s'@'%s'\n", name, inst,
508 code = check_auth(pkt, auth, authLen, &authSessionKey, name, inst, cell);
512 /* authenticator and all is OK so read actual request */
515 life = *(unsigned char *)packet++;
519 reqEnd = life_to_time(start, life);
521 printf("UGetTicket: request for server '%s'.'%s'\n", sname, sinst);
523 save_principal(udptgsServerPrincipal, sname, sinst, 0);
526 strcpy(caller.userID.name, name);
527 strcpy(caller.userID.instance, inst);
528 caller.max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME);
530 code = FindBlock(tt, name, inst, &to, &caller);
534 ka_PrintUserID("GetTicket: User ", name, inst, " unknown.\n");
535 code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */
538 if (ntohl(caller.flags) & KAFNOTGS) {
539 code = KERB_ERR_AUTH_EXP; /* was KABADUSER */
544 code = FindBlock(tt, sname, sinst, &to, &server); /* get server's entry */
547 if (to == 0) { /* entry not found */
548 ka_PrintUserID("GetTicket: Server ", sname, sinst, " unknown.\n");
549 code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */
552 code = ubik_EndTrans(tt);
556 if (ntohl(server.flags) & KAFNOSEAL)
559 code = des_random_key(&sessionKey);
561 code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
566 umin(umin(reqEnd, authEnd),
567 umin(start + ntohl(caller.max_ticket_lifetime),
568 start + ntohl(server.max_ticket_lifetime)));
571 tkt_MakeTicket(newTicket, &newTicketLen, &server.key,
572 caller.userID.name, caller.userID.instance, cell,
573 start, reqEnd, &sessionKey,
574 htonl(pkt->from.sin_addr.s_addr), server.userID.name,
575 server.userID.instance);
579 cipherLen = sizeof(cipher);
581 create_cipher(cipher, &cipherLen, &sessionKey, sname, sinst, start,
582 reqEnd, ntohl(server.key_version), newTicket,
583 newTicketLen, &authSessionKey);
588 create_reply(&ans, name, inst, start, reqEnd, 0, cipher, cipherLen);
593 sendto(ksoc, ans.data, ans.len, 0, (struct sockaddr *)&pkt->from,
595 if (code != ans.len) {
596 perror("calling sendto");
601 if (cipherLen != 0) {
602 KALOG(name, inst, sname, sinst, NULL, host, LOG_GETTICKET);
604 osi_audit(UDPGetTicketEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_STR,
605 cell, AUD_STR, sname, AUD_STR, sinst, AUD_END);
611 osi_audit(UDPGetTicketEvent, code, AUD_STR, name, AUD_STR, inst, AUD_STR,
612 NULL, AUD_STR, NULL, AUD_STR, NULL, AUD_END);
617 err_packet(ksoc, pkt, code, reason)
624 char *answer = ans.data;
630 snprintf(buf, 255, "code = %d: %s", code, reason);
633 printf("Sending error packet to '%s'.'%s'@'%s' containing %s\n",
634 pkt->name, pkt->inst, pkt->realm, buf);
638 2 + strlen(pkt->name) + strlen(pkt->inst) + strlen(pkt->realm) +
639 3 /* nulls */ + (2 * sizeof(afs_int32)) + strlen(buf) + 1;
640 if (ans.len > sizeof(ans.data)) {
641 printf("Answer packet too long\n");
645 *answer++ = (unsigned char)KRB_PROT_VERSION;
646 *answer++ = (unsigned char)AUTH_MSG_ERR_REPLY;
647 /* always send claiming network byte order */
652 if ((code < 0) || (code > KERB_ERR_MAXIMUM)) {
653 /* It could be because of kauth errors so we should return something instead of success!! */
660 sendto(ksoc, ans.data, ans.len, 0, (struct sockaddr *)&pkt->from,
662 if (code != ans.len) {
665 ("call to sendto returned %d, sending error packet %d bytes long\n",
668 perror("err_packet: sendto");
674 process_udp_auth(ksoc, pkt)
678 char *packet = pkt->rest;
679 char name[MAXKTCNAMELEN];
680 char inst[MAXKTCNAMELEN];
681 char realm[MAXKTCREALMLEN];
682 char sname[MAXKTCNAMELEN];
683 char sinst[MAXKTCNAMELEN];
686 Date startTime, endTime;
687 unsigned char lifetime;
697 printf("Processing KDC Request from '%s'.'%s'@'%s'\n", name, inst,
701 if ((strlen(realm) > 0) && (strcmp(realm, lrealm) != 0)) {
702 err_packet(ksoc, pkt, KERB_ERR_NONNULL_REALM,
703 "null realm name not allowed");
706 memcpy(&startTime, packet, sizeof(startTime));
707 packet += sizeof(startTime);
708 startTime = ktohl(pkt->byteOrder, startTime);
709 pkt->time = startTime;
710 lifetime = *packet++;
711 endTime = life_to_time(startTime, lifetime);
712 code = tkt_CheckTimes(startTime, endTime, now);
714 err_packet(ksoc, pkt, KERB_ERR_BAD_LIFETIME,
715 "requested ticket lifetime invalid");
720 if ((packet - pkt->data) != pkt->len) {
721 err_packet(ksoc, pkt, KERB_ERR_PKT_LENGTH,
722 "packet length inconsistent");
727 UDP_Authenticate(ksoc, &pkt->from, name, inst, startTime, endTime,
730 if (code == KANOENT) {
731 code = KERB_ERR_PRINCIPAL_UNKNOWN;
732 err_packet(ksoc, pkt, code, (char *)afs_error_message(code));
733 } else if (code == KAPWEXPIRED) {
734 code = KERB_ERR_NAME_EXP;
735 err_packet(ksoc, pkt, code, "password has expired");
737 err_packet(ksoc, pkt, code, (char *)afs_error_message(code));
743 process_udp_appl(ksoc, pkt)
747 char *packet = pkt->rest;
749 char realm[MAXKTCREALMLEN];
750 char ticket[MAXKTCTICKETLEN];
751 char auth[3 * MAXKTCNAMELEN + 4 + 5];
753 int ticketLen, authLen;
757 printf("Processing APPL Request\n");
761 ticketLen = *(unsigned char *)packet++;
762 authLen = *(unsigned char *)packet++;
763 if (ticketLen > sizeof(ticket)) {
764 err_packet(ksoc, pkt, KERB_ERR_TEXT_LENGTH, "ticket too long");
767 memcpy(ticket, packet, ticketLen);
769 if (authLen > sizeof(auth)) {
770 err_packet(ksoc, pkt, KERB_ERR_TEXT_LENGTH, "authenticator too long");
773 memcpy(auth, packet, authLen);
774 pkt->rest = packet + authLen;
776 UDP_GetTicket(ksoc, pkt, kvno, realm, ticket, ticketLen, auth,
780 code = KERB_ERR_PRINCIPAL_UNKNOWN;
781 err_packet(ksoc, pkt, code, (char *)afs_error_message(code));
788 process_udp_request(ksoc, pkt)
792 char *packet = pkt->data;
793 unsigned char version, auth_msg_type;
796 if (version != KRB_PROT_VERSION) {
797 err_packet(ksoc, pkt, KERB_ERR_PKT_VER,
798 "packet version number unknown");
801 auth_msg_type = *packet++;
802 pkt->byteOrder = auth_msg_type & 1;
804 switch (auth_msg_type & ~1) {
805 case AUTH_MSG_KDC_REQUEST:
806 process_udp_auth(ksoc, pkt);
808 case AUTH_MSG_APPL_REQUEST:
809 process_udp_appl(ksoc, pkt);
812 printf("unknown msg type 0x%x\n", auth_msg_type);
813 err_packet(ksoc, pkt, KERB_ERR_BAD_MSG_TYPE,
814 "message type not supported");
825 struct packet packet;
829 printf("Starting to listen for UDP packets\n");
833 FD_SET(sock_kerb, &rfds);
835 FD_SET(sock_kerb5, &rfds);
839 /* write and exception fd_set's are null */
840 code = IOMGR_Select(32, &rfds, NULL, NULL, &tv);
841 if (code == 0) { /* timeout */
842 /* printf ("Timeout\n"); */
844 } else if (code < 0) {
845 perror("calling IOMGR_Select");
849 fromLen = sizeof(packet.from);
850 if ((sock_kerb >= 0) && FD_ISSET(sock_kerb, &rfds)) {
852 recvfrom(sock_kerb, packet.data, sizeof(packet.data), 0,
853 (struct sockaddr *)&packet.from, &fromLen);
855 if (errno == EAGAIN || errno == ECONNREFUSED)
857 perror("calling recvfrom");
862 printf("Kerb:udp: Got %d bytes from addr %s which are '",
863 code, afs_inet_ntoa(packet.from.sin_addr.s_addr));
864 ka_PrintBytes(packet.data, packet.len);
867 packet.name = packet.inst = packet.realm = "";
869 process_udp_request(sock_kerb, &packet);
872 if ((sock_kerb5 >= 0) && FD_ISSET(sock_kerb5, &rfds)) {
874 recvfrom(sock_kerb5, packet.data, sizeof(packet.data), 0,
875 (struct sockaddr *)&packet.from, &fromLen);
877 if (errno == EAGAIN || errno == ECONNREFUSED)
879 perror("calling recvfrom");
884 printf("Kerb5:udp: Got %d bytes from addr %s which are '",
885 code, afs_inet_ntoa(packet.from.sin_addr.s_addr));
886 ka_PrintBytes(packet.data, packet.len);
889 packet.name = packet.inst = packet.realm = "";
891 process_udp_request(sock_kerb5, &packet);
894 if (sock_kerb >= 0) {
898 if (sock_kerb5 >= 0) {
902 printf("UDP SocketListener exiting due to error\n");
907 #include "AFS_component_version_number.c"
915 struct sockaddr_in taddr;
916 static PROCESS slPid; /* socket listener pid */
917 static PROCESS checkPid; /* fiveminute check */
919 char *krb4name; /* kerberos version4 service */
925 static int inited = 0;
932 memset(&taddr, 0, sizeof(taddr));
933 krb4name = "kerberos4";
934 sp = getservbyname(krb4name, "udp");
935 taddr.sin_family = AF_INET; /* added for NCR port */
936 #ifdef STRUCT_SOCKADDR_HAS_SA_LEN
937 taddr.sin_len = sizeof(struct sockaddr_in);
940 /* if kerberos-4 is not available, try "kerberos-iv" */
941 krb4name = "kerberos-iv";
942 sp = getservbyname(krb4name, "udp");
945 /* if kerberos-iv is not available, try "kerberos" */
946 krb4name = "kerberos";
947 sp = getservbyname(krb4name, "udp");
951 "kerberos/udp is unknown; check /etc/services. Using port=%d as default\n",
953 taddr.sin_port = htons(KRB_PORT);
955 /* copy the port number */
956 fprintf(stderr, "%s/udp port=%hu\n", krb4name,
957 (unsigned short)sp->s_port);
958 taddr.sin_port = sp->s_port;
960 kerb_port = taddr.sin_port;
961 sock_kerb = socket(AF_INET, SOCK_DGRAM, 0);
962 code = bind(sock_kerb, (struct sockaddr *)&taddr, sizeof(taddr));
964 perror("calling bind");
968 sp = getservbyname("kerberos5", "udp");
971 "kerberos5/udp is unknown; check /etc/services. Using port=%d as default\n",
973 taddr.sin_port = htons(KRB5_PORT);
975 /* copy the port number */
976 fprintf(stderr, "kerberos5/udp port=%hu\n",
977 (unsigned short)sp->s_port);
978 taddr.sin_port = sp->s_port;
980 if (taddr.sin_port != kerb_port) { /* a different port */
981 sock_kerb5 = socket(AF_INET, SOCK_DGRAM, 0);
982 code = bind(sock_kerb5, (struct sockaddr *)&taddr, sizeof(taddr));
984 perror("calling bind");
989 /* Bail out if we can't bind with any port */
990 if ((sock_kerb < 0) && (sock_kerb5 < 0))
994 /* this has already been done */
995 LWP_InitializeProcessSupport(LWP_NORMAL_PRIORITY, &junk);
998 LWP_CreateProcess(SocketListener, /*stacksize */ 16000,
999 LWP_NORMAL_PRIORITY, (void *)0, "Socket Listener",
1002 /* just to close the log every five minutes */
1004 LWP_CreateProcess(FiveMinuteCheckLWP, 24 * 1024, LWP_MAX_PRIORITY - 2,
1005 (void *)&fiveminutes, "FiveMinuteChecks", &checkPid);
1008 initialize_ka_error_table();
1009 initialize_rxk_error_table();
1010 while (1) /* don't just stand there, run it */
1019 char *lastOperation; /* name of last operation */
1020 char *lrealm = "REALMNAME";
1021 struct kadstats dynamic_statistics;
1024 InitAuthServ(tt, lock, this_op)
1025 struct ubik_trans **tt;
1026 int lock; /* read or write transaction */
1027 int *this_op; /* op of RCP routine, for COUNT_ABO */
1032 printf("Calling InitAuthServ\n");
1038 struct ubik_trans *tt;
1040 printf("Calling ubik_EndTrans\n");
1046 struct ubik_trans *tt;
1048 printf("Calling ubik_AbortTrans\n");
1053 FindBlock(at, aname, ainstance, tentry)
1054 struct ubik_trans *at;
1057 struct kaentry *tentry;
1059 printf("Calling FindBlock with '%s'.'%s'\n", aname, ainstance);
1060 strcpy(tentry->userID.name, aname);
1061 strcpy(tentry->userID.instance, ainstance);
1062 tentry->key_version = htonl(17);
1063 des_string_to_key("toa", &tentry->key);
1064 tentry->flags = htonl(KAFNORMAL);
1065 tentry->user_expiration = htonl(NEVERDATE);
1066 tentry->max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME);
1071 ka_LookupKey(tt, name, inst, kvno, key)
1072 struct ubik_trans *tt;
1075 afs_int32 *kvno; /* returned */
1076 struct ktc_encryptionKey *key; /* copied out */
1078 printf("Calling ka_LookupKey with '%s'.'%s'\n", name, inst);
1080 des_string_to_key("applexx", key);
1084 kvno_tgs_key(authDomain, kvno, tgskey)
1087 struct ktc_encryptionKey *tgskey;
1089 if (strcmp(authDomain, lrealm) != 0)
1090 printf("Called with wrong %s as authDomain\n", authDomain);
1092 printf("kvno_tgs_key: being called with wrong kvno: %d\n", kvno);
1093 des_string_to_key("applexx", tgskey);
1101 name_instance_legal()