2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 /* This file contains the code to handle UDP requests to the authentication
11 server using the MIT Kerberos protocol for obtaining tickets. It will only
12 handle authentication and get ticket requests to provide read-only protocol
13 level compatibility with the standard Kerberos servers. */
15 #include <afsconfig.h>
16 #include <afs/param.h>
21 #include <sys/types.h>
25 #include <afs/errmap_nt.h>
26 #define snprintf _snprintf
28 #include <sys/socket.h>
30 #include <netinet/in.h>
39 #include <afs/afsutil.h>
41 #include <afs/com_err.h>
53 #include "prot.h" /* protocol definitions */
55 #include "afs/audit.h"
58 /* my kerberos error codes */
59 #define KERB_ERR_BAD_MSG_TYPE 99
60 #define KERB_ERR_BAD_LIFETIME 98
61 #define KERB_ERR_NONNULL_REALM 97
62 #define KERB_ERR_PKT_LENGTH 96
63 #define KERB_ERR_TEXT_LENGTH 95
65 #define KDC_GEN_ERR 20
69 int krb_udp_debug = 0;
71 static int sock_kerb =-1; /* the socket we're using */
72 static int sock_kerb5=-1; /* the socket we're using */
76 struct sockaddr_in from;
82 char *rest; /* remaining bytes of packet */
83 char data[MAX_PKT_LEN];
86 extern struct kadstats dynamic_statistics;
87 extern char *lastOperation;
90 char udpAuthPrincipal[256];
91 char udptgsPrincipal[256];
92 char udptgsServerPrincipal[256];
94 #define putstr(name) if ((slen = strlen(name)) >= MAXKTCNAMELEN) return -1;\
95 else strcpy (answer, name), answer += slen+1
96 #define putint(num) num = htonl(num), \
97 memcpy(answer, &num, sizeof(afs_int32)), \
98 answer += sizeof(afs_int32)
100 #define getstr(name) if ((slen = strlen(packet)) >= sizeof(name)) return -1;\
101 strcpy (name, packet), packet += slen+1
102 #define getint(num) memcpy(&num, packet, sizeof(afs_int32)), \
103 num = ktohl (byteOrder, num), \
104 packet += sizeof(afs_int32)
106 /* this is just to close the log every five minutes to rm works */
110 static FiveMinuteCheckLWP()
113 printf("start 5 min check lwp\n");
117 IOMGR_Sleep(fiveminutes);
118 /* close the log so it can be removed */
119 ReOpenLog(AFSDIR_SERVER_KALOG_FILEPATH);/* no trunc, just append */
124 static afs_int32 create_cipher (cipher, cipherLen, sessionKey, sname, sinst,
125 start, end, kvno, ticket, ticketLen, key)
128 struct ktc_encryptionKey *sessionKey;
135 struct ktc_encryptionKey *key;
138 unsigned char life = time_to_life (start, end);
140 des_key_schedule schedule;
144 len = sizeof(*sessionKey) + strlen(sname) + strlen(sinst) +
145 strlen(lrealm) + 3/*nulls*/ + 3 + ticketLen + sizeof(Date);
146 if (len > *cipherLen) return KAANSWERTOOLONG;
147 if (ticketLen > 255) return KAANSWERTOOLONG;
148 if (kvno > 255) return KAANSWERTOOLONG;
150 memcpy(answer, sessionKey, sizeof(*sessionKey));
151 answer += sizeof(*sessionKey);
156 *answer++ = (unsigned char) kvno;
157 *answer++ = (unsigned char) ticketLen;
158 memcpy(answer, ticket, ticketLen);
163 printf ("Printing ticket (%d) and date: ", ticketLen);
164 ka_PrintBytes (ticket, ticketLen);
165 ka_PrintBytes (answer-4, 4);
169 if (code = des_key_sched (key, schedule))
170 printf ("In KAAuthenticate: key_sched returned %d\n", code);
171 des_pcbc_encrypt (cipher, cipher, len, schedule, key, ENCRYPT);
172 *cipherLen = round_up_to_ebs (len);
175 printf ("Printing cipher (%d): ", *cipherLen);
176 ka_PrintBytes (cipher, *cipherLen);
182 static afs_int32 create_reply (ans, name, inst, startTime, endTime, kvno,
187 Date startTime, endTime;
191 { char *answer = ans->data;
194 ans->len = 2 + strlen(name) + strlen(inst) + 3/*nulls*/ +
195 sizeof(afs_int32) + 1/*ntkts*/ + sizeof(afs_int32) + 1/*kvno*/ +
196 sizeof(short) + cipherLen;
197 if (ans->len > sizeof(ans->data)) return KAANSWERTOOLONG;
198 if (kvno > 255) return KAANSWERTOOLONG;
200 *answer++ = (unsigned char) KRB_PROT_VERSION;
201 *answer++ = (unsigned char) AUTH_MSG_KDC_REPLY;
202 /* always send claiming network byte order */
207 *answer++ = 1; /* undocumented number of tickets! */
209 *answer++ = (unsigned char) kvno;
210 { short w = (short) cipherLen;
212 memcpy(answer, &w, sizeof(short));
213 answer += sizeof(short);
215 memcpy(answer, cipher, cipherLen);
219 static afs_int32 check_auth (pkt, auth, authLen, key, name, inst, cell)
223 struct ktc_encryptionKey *key;
228 des_key_schedule schedule;
230 /* unsigned char time_msec; */
232 int byteOrder = pkt->byteOrder;
234 des_key_sched (key, schedule);
235 des_pcbc_encrypt (auth, auth, authLen, schedule, key, DECRYPT);
237 if (strcmp (packet, name) != 0) return KABADTICKET;
238 packet += strlen (packet) + 1;
239 if (strcmp (packet, inst) != 0) return KABADTICKET;
240 packet += strlen (packet) + 1;
241 if (strcmp (packet, cell) != 0) return KABADTICKET;
242 packet += strlen (packet) + 1;
244 /* time_msec = */ *(unsigned char *)packet++;
246 if ((packet-auth) > authLen) return KABADTICKET;
250 afs_int32 UDP_Authenticate (ksoc, client, name, inst, startTime, endTime, sname, sinst)
252 struct sockaddr_in *client;
259 { struct ubik_trans *tt;
260 afs_int32 to; /* offset of block */
261 struct kaentry tentry;
262 afs_int32 tgskvno; /* key version of service key */
263 struct ktc_encryptionKey tgskey; /* service key for encrypting ticket */
268 char ticket[MAXKTCTICKETLEN]; /* our copy of the ticket */
270 struct ktc_encryptionKey sessionKey; /* we have to invent a session key */
272 char cipher[2*MAXKTCTICKETLEN]; /* put encrypted part of answer here */
276 COUNT_REQ (UAuthenticate);
277 if (!name_instance_legal (name, inst)) return KERB_ERR_NAME_EXP; /* KABADNAME */
278 if (code = InitAuthServ (&tt, LOCKREAD, this_op)) return code;
280 code = FindBlock (tt, name, inst, &to, &tentry);
281 if (code) goto abort;
282 if (to) { /* if user exists check other stuff */
284 struct kaentry sentry;
285 save_principal (udpAuthPrincipal, name, inst, 0);
287 tgt = ((strcmp (sname, KA_TGS_NAME) == 0) &&
288 (strcmp (sinst, lrealm) == 0));
289 if ((ntohl(tentry.user_expiration) < now) ||
290 (tgt && (ntohl(tentry.flags) & KAFNOTGS))) {
291 code = KERB_ERR_NAME_EXP; /* KABADUSER */
294 code = FindBlock (tt, KA_TGS_NAME, lrealm, &sto, &sentry);
295 if (code) goto abort;
296 if (sto == 0) {code = KANOENT; goto abort; }
297 if ((ntohl(sentry.user_expiration) < now)) {
298 code = KERB_ERR_NAME_EXP; /* XXX Could use another error code XXX */
301 if (abs (startTime - now) > KTC_TIME_UNCERTAINTY) {
302 code = KERB_ERR_SERVICE_EXP; /* was KABADREQUEST */
306 if (tentry.misc_auth_bytes) {
307 unsigned char misc_auth_bytes[4];
308 afs_uint32 temp; /* unsigned for safety */
309 afs_uint32 pwexpires;
311 temp = ntohl(*((afs_int32 *)(tentry.misc_auth_bytes)));
312 unpack_long(temp, misc_auth_bytes);
313 pwexpires = misc_auth_bytes[0];
315 pwexpires= ntohl(tentry.change_password_time) + 24*60*60*pwexpires;
316 if ( pwexpires < now ) {
317 code = KERB_ERR_AUTH_EXP; /* was KAPWEXPIRED */
323 /* make the ticket */
324 code = des_random_key (&sessionKey);
326 code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
329 endTime = umin (endTime,
330 startTime + ntohl(tentry.max_ticket_lifetime));
331 if ((code = ka_LookupKey (tt, sname, sinst, &tgskvno, &tgskey)) ||
332 (code = tkt_MakeTicket (ticket, &ticketLen, &tgskey,
334 startTime, endTime, &sessionKey,
335 htonl(client->sin_addr.s_addr), sname, sinst)))
338 cipherLen = sizeof(cipher);
340 (cipher, &cipherLen, &sessionKey, sname, sinst,
341 startTime, endTime, tgskvno, ticket, ticketLen, &tentry.key);
342 if (code) goto abort;
343 } else { /* no such user */
345 tentry.key_version = 0;
347 code = ubik_EndTrans(tt);
351 code = create_reply (&ans, name, inst, startTime, endTime,
352 ntohl(tentry.key_version), cipher, cipherLen);
357 printf ("Sending %d bytes ending in: ", ans.len);
358 ka_PrintBytes (ans.data+ans.len-8, 8);
362 code = sendto (ksoc, ans.data, ans.len, 0,
363 (struct sockaddr *) client, sizeof(*client));
364 if (code != ans.len) {
365 perror ("calling sendto");
369 KALOG(name, inst, sname, sinst, NULL, client->sin_addr.s_addr, LOG_AUTHENTICATE);
370 osi_audit ( UDPAuthenticateEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_END);
375 ubik_AbortTrans (tt);
378 osi_audit ( UDPAuthenticateEvent, code, AUD_STR, name, AUD_STR, inst, AUD_END);
382 afs_int32 UDP_GetTicket (ksoc, pkt, kvno, authDomain, ticket, ticketLen, auth, authLen)
392 struct ktc_encryptionKey tgskey;
393 char name[MAXKTCNAMELEN];
394 char inst[MAXKTCNAMELEN];
395 char cell[MAXKTCREALMLEN];
396 struct ktc_encryptionKey authSessionKey;
406 int byteOrder = pkt->byteOrder;
407 char sname[MAXKTCNAMELEN];
408 char sinst[MAXKTCNAMELEN];
412 struct ubik_trans *tt;
414 struct kaentry caller;
415 struct kaentry server;
417 struct ktc_encryptionKey sessionKey;
419 char newTicket[MAXKTCTICKETLEN];
421 char cipher[2*MAXKTCTICKETLEN]; /* put encrypted part of answer here */
425 COUNT_REQ (UGetTicket);
427 if (code = InitAuthServ(&tt, LOCKREAD, this_op)) goto fail;
428 code = ka_LookupKvno (tt, KA_TGS_NAME,
429 ((strlen(authDomain) > 0) ? authDomain : lrealm),
431 if (code) goto abort;
433 code = tkt_DecodeTicket (ticket, ticketLen, &tgskey, name, inst, cell,
434 &authSessionKey, &host, &start, &authEnd);
439 code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */
442 save_principal (udptgsPrincipal, name, inst, cell);
443 code = tkt_CheckTimes (start, authEnd, now);
446 code = KERB_ERR_SERVICE_EXP; /* was RXKADEXPIRED */
449 code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */
452 celllen = strlen (cell);
454 if ((strlen(authDomain) > 0) && (strcmp (authDomain, lrealm) != 0))
456 if (import && (celllen == 0)) {
457 code = KERB_ERR_PKT_VER; /* was KABADTICKET */
461 strncpy (cell, lrealm, MAXKTCREALMLEN-1);
462 cell[MAXKTCREALMLEN-1] = 0;
466 printf ("UGetTicket: got ticket from '%s'.'%s'@'%s'\n",
470 code = check_auth (pkt, auth, authLen, &authSessionKey, name, inst, cell);
471 if (code) goto abort;
473 /* authenticator and all is OK so read actual request */
476 life = *(unsigned char *)packet++;
480 reqEnd = life_to_time (start, life);
482 printf ("UGetTicket: request for server '%s'.'%s'\n", sname, sinst);
484 save_principal (udptgsServerPrincipal, sname, sinst, 0);
487 strcpy (caller.userID.name, name);
488 strcpy (caller.userID.instance, inst);
489 caller.max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME);
492 code = FindBlock(tt, name, inst, &to, &caller);
493 if (code) goto abort;
495 ka_PrintUserID ("GetTicket: User ", name, inst, " unknown.\n");
496 code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */
499 if (ntohl(caller.flags) & KAFNOTGS)
500 { code = KERB_ERR_AUTH_EXP; /* was KABADUSER */
504 code = FindBlock (tt, sname, sinst, &to, &server); /* get server's entry */
505 if (code) goto abort;
506 if (to == 0) { /* entry not found */
507 ka_PrintUserID ("GetTicket: Server ", sname, sinst, " unknown.\n");
508 code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */
511 code = ubik_EndTrans (tt);
514 if (ntohl(server.flags) & KAFNOSEAL) return KABADSERVER;
516 code = des_random_key (&sessionKey);
518 code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
522 reqEnd = umin (umin (reqEnd, authEnd),
523 umin (start+ntohl(caller.max_ticket_lifetime),
524 start+ntohl(server.max_ticket_lifetime)));
526 code = tkt_MakeTicket (newTicket, &newTicketLen, &server.key,
527 caller.userID.name, caller.userID.instance, cell,
528 start, reqEnd, &sessionKey,
529 htonl(pkt->from.sin_addr.s_addr),
530 server.userID.name, server.userID.instance);
533 cipherLen = sizeof(cipher);
535 (cipher, &cipherLen, &sessionKey, sname, sinst,
536 start, reqEnd, ntohl(server.key_version),
537 newTicket, newTicketLen, &authSessionKey);
540 code = create_reply (&ans, name, inst, start, reqEnd, 0,
544 code = sendto (ksoc, ans.data, ans.len, 0,
545 (struct sockaddr *) &pkt->from, sizeof(pkt->from));
546 if (code != ans.len) {
547 perror ("calling sendto");
552 if (cipherLen != 0) {
553 KALOG(name, inst, sname, sinst, NULL, host, LOG_GETTICKET);
555 osi_audit ( UDPGetTicketEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_STR, cell, AUD_STR, sname, AUD_STR, sinst, AUD_END);
561 osi_audit ( UDPGetTicketEvent, code, AUD_STR, name, AUD_STR, inst, AUD_STR, NULL, AUD_STR, NULL, AUD_STR, NULL, AUD_END);
565 static int err_packet (ksoc, pkt, code, reason)
571 char *answer = ans.data;
575 if (reason == 0) reason = "";
576 snprintf (buf, 255, "code = %d: %s", code, reason);
579 printf ("Sending error packet to '%s'.'%s'@'%s' containing %s\n",
580 pkt->name, pkt->inst, pkt->realm, buf);
583 ans.len = 2 + strlen(pkt->name) + strlen(pkt->inst) + strlen(pkt->realm) +
584 3/* nulls */ + (2 * sizeof(afs_int32)) + strlen (buf) + 1;
585 if (ans.len > sizeof(ans.data)) {
586 printf ("Answer packet too long\n");
590 *answer++ = (unsigned char) KRB_PROT_VERSION;
591 *answer++ = (unsigned char) AUTH_MSG_ERR_REPLY;
592 /* always send claiming network byte order */
597 if ((code < 0) || (code > KERB_ERR_MAXIMUM)) {
598 /* It could be because of kauth errors so we should return something instead of success!! */
604 code = sendto(ksoc, ans.data, ans.len, 0,
605 (struct sockaddr *) &pkt->from, sizeof(pkt->from));
606 if (code != ans.len) {
608 printf ("call to sendto returned %d, sending error packet %d bytes long\n",
610 else perror ("err_packet: sendto");
616 process_udp_auth (ksoc, pkt)
619 { char *packet = pkt->rest;
620 char name[MAXKTCNAMELEN];
621 char inst[MAXKTCNAMELEN];
622 char realm[MAXKTCREALMLEN];
623 char sname[MAXKTCNAMELEN];
624 char sinst[MAXKTCNAMELEN];
627 Date startTime, endTime;
628 unsigned char lifetime;
638 printf ("Processing KDC Request from '%s'.'%s'@'%s'\n",
642 if ((strlen(realm) > 0) && (strcmp (realm, lrealm) != 0)) {
643 err_packet (ksoc, pkt, KERB_ERR_NONNULL_REALM,
644 "null realm name not allowed");
647 memcpy(&startTime, packet, sizeof(startTime));
648 packet += sizeof(startTime);
649 startTime = ktohl (pkt->byteOrder, startTime);
650 pkt->time = startTime;
651 lifetime = *packet++;
652 endTime = life_to_time (startTime, lifetime);
653 code = tkt_CheckTimes (startTime, endTime, now);
655 err_packet (ksoc, pkt, KERB_ERR_BAD_LIFETIME,
656 "requested ticket lifetime invalid");
661 if ((packet - pkt->data) != pkt->len) {
662 err_packet (ksoc, pkt, KERB_ERR_PKT_LENGTH, "packet length inconsistent");
666 code = UDP_Authenticate (ksoc, &pkt->from, name, inst,
667 startTime, endTime, sname, sinst);
669 if (code == KANOENT) {
670 code = KERB_ERR_PRINCIPAL_UNKNOWN;
671 err_packet (ksoc, pkt, code, (char *)error_message (code));
672 } else if (code == KAPWEXPIRED) {
673 code = KERB_ERR_NAME_EXP;
674 err_packet (ksoc, pkt, code, "password has expired");
676 err_packet (ksoc, pkt, code, (char *)error_message (code));
682 process_udp_appl (ksoc, pkt)
685 { char *packet = pkt->rest;
687 char realm[MAXKTCREALMLEN];
688 char ticket[MAXKTCTICKETLEN];
689 char auth[3*MAXKTCNAMELEN+4+5];
691 int ticketLen, authLen;
695 printf ("Processing APPL Request\n");
699 ticketLen = *(unsigned char *)packet++;
700 authLen = *(unsigned char *)packet++;
701 if (ticketLen > sizeof(ticket)) {
702 err_packet (ksoc, pkt, KERB_ERR_TEXT_LENGTH, "ticket too long");
705 memcpy(ticket, packet, ticketLen);
707 if (authLen > sizeof(auth)) {
708 err_packet (ksoc, pkt, KERB_ERR_TEXT_LENGTH, "authenticator too long");
711 memcpy(auth, packet, authLen);
712 pkt->rest = packet + authLen;
713 code = UDP_GetTicket (ksoc, pkt, kvno, realm, ticket, ticketLen, auth, authLen);
715 if (code == KANOENT) code = KERB_ERR_PRINCIPAL_UNKNOWN;
716 err_packet (ksoc, pkt, code, (char*)error_message (code));
723 process_udp_request (ksoc, pkt)
726 { char *packet = pkt->data;
727 unsigned char version, auth_msg_type;
730 if (version != KRB_PROT_VERSION) {
731 err_packet (ksoc, pkt, KERB_ERR_PKT_VER, "packet version number unknown");
734 auth_msg_type = *packet++;
735 pkt->byteOrder = auth_msg_type & 1;
737 switch (auth_msg_type & ~1) {
738 case AUTH_MSG_KDC_REQUEST:
739 process_udp_auth (ksoc, pkt);
741 case AUTH_MSG_APPL_REQUEST:
742 process_udp_appl (ksoc, pkt);
745 printf ("unknown msg type 0x%x\n", auth_msg_type);
746 err_packet (ksoc, pkt, KERB_ERR_BAD_MSG_TYPE, "message type not supported");
752 static SocketListener ()
755 struct packet packet;
759 printf ("Starting to listen for UDP packets\n");
762 if (sock_kerb >= 0) FD_SET(sock_kerb, &rfds);
763 if (sock_kerb5 >= 0) FD_SET(sock_kerb5, &rfds);
767 /* write and exception fd_set's are null */
768 code = IOMGR_Select(32, &rfds, NULL, NULL, &tv);
769 if (code == 0) { /* timeout */
770 /* printf ("Timeout\n"); */
774 perror ("calling IOMGR_Select");
778 fromLen = sizeof(packet.from);
779 if ((sock_kerb >= 0) && FD_ISSET(sock_kerb, &rfds)) {
780 code = recvfrom(sock_kerb, packet.data, sizeof(packet.data), 0,
781 (struct sockaddr *) &packet.from, &fromLen);
783 if (errno == EAGAIN || errno == ECONNREFUSED)
785 perror ("calling recvfrom");
790 printf ("Kerb:udp: Got %d bytes from addr %s which are '",
791 code, afs_inet_ntoa(packet.from.sin_addr.s_addr));
792 ka_PrintBytes (packet.data, packet.len);
795 packet.name = packet.inst = packet.realm = "";
797 process_udp_request (sock_kerb, &packet);
800 if ((sock_kerb5 >= 0) && FD_ISSET(sock_kerb5, &rfds)) {
801 code = recvfrom(sock_kerb5, packet.data, sizeof(packet.data), 0,
802 (struct sockaddr *) &packet.from, &fromLen);
804 if (errno == EAGAIN || errno == ECONNREFUSED)
806 perror ("calling recvfrom");
811 printf ("Kerb5:udp: Got %d bytes from addr %s which are '",
812 code, afs_inet_ntoa(packet.from.sin_addr.s_addr));
813 ka_PrintBytes (packet.data, packet.len);
816 packet.name = packet.inst = packet.realm = "";
818 process_udp_request (sock_kerb5, &packet);
821 if (sock_kerb >= 0) {
825 if (sock_kerb5 >= 0) {
829 printf("UDP SocketListener exiting due to error\n");
834 #include "AFS_component_version_number.c"
838 afs_int32 init_krb_udp ()
840 { struct sockaddr_in taddr;
841 static PROCESS slPid; /* socket listener pid */
842 static PROCESS checkPid; /* fiveminute check */
844 char* krb4name; /* kerberos version4 service */
850 static int inited = 0;
853 if (inited) return -1;
856 memset(&taddr, 0, sizeof(taddr));
857 krb4name = "kerberos4";
858 sp = getservbyname(krb4name, "udp");
859 taddr.sin_family = AF_INET; /* added for NCR port */
860 #ifdef STRUCT_SOCKADDR_HAS_SA_LEN
861 taddr.sin_len = sizeof(struct sockaddr_in);
865 /* if kerberos-4 is not available, try "kerberos-iv" */
866 krb4name = "kerberos-iv";
867 sp = getservbyname(krb4name, "udp");
871 /* if kerberos-iv is not available, try "kerberos" */
872 krb4name = "kerberos";
873 sp = getservbyname(krb4name, "udp");
877 "kerberos/udp is unknown; check /etc/services. Using port=%d as default\n",
879 taddr.sin_port = htons(KRB_PORT);
881 /* copy the port number */
882 fprintf (stderr, "%s/udp port=%hu\n", krb4name, (unsigned short)sp->s_port);
883 taddr.sin_port = sp->s_port;
885 kerb_port = taddr.sin_port;
886 sock_kerb = socket(AF_INET, SOCK_DGRAM, 0);
887 code = bind(sock_kerb, (struct sockaddr *) &taddr, sizeof(taddr));
889 perror ("calling bind");
893 sp = getservbyname("kerberos5", "udp");
896 "kerberos5/udp is unknown; check /etc/services. Using port=%d as default\n",
898 taddr.sin_port = htons(KRB5_PORT);
900 /* copy the port number */
901 fprintf (stderr, "kerberos5/udp port=%hu\n", (unsigned short)sp->s_port);
902 taddr.sin_port = sp->s_port;
904 if (taddr.sin_port != kerb_port) { /* a different port */
905 sock_kerb5 = socket(AF_INET, SOCK_DGRAM, 0);
906 code = bind(sock_kerb5, (struct sockaddr *) &taddr, sizeof(taddr));
908 perror ("calling bind");
913 /* Bail out if we can't bind with any port */
914 if ((sock_kerb < 0) && (sock_kerb5 < 0))
918 /* this has already been done */
919 LWP_InitializeProcessSupport(LWP_NORMAL_PRIORITY, &junk);
922 LWP_CreateProcess(SocketListener, /*stacksize*/16000, LWP_NORMAL_PRIORITY,
923 0, "Socket Listener", &slPid);
925 /* just to close the log every five minutes */
927 LWP_CreateProcess(FiveMinuteCheckLWP, 24*1024,
928 LWP_MAX_PRIORITY - 2, &fiveminutes,
929 "FiveMinuteChecks", &checkPid);
932 initialize_ka_error_table();
933 initialize_rxk_error_table();
934 while (1) /* don't just stand there, run it */
943 char *lastOperation; /* name of last operation */
944 char *lrealm = "REALMNAME";
945 struct kadstats dynamic_statistics;
947 static int InitAuthServ (tt, lock, this_op)
948 struct ubik_trans **tt;
949 int lock; /* read or write transaction */
950 int *this_op; /* op of RCP routine, for COUNT_ABO */
954 printf ("Calling InitAuthServ\n");
958 static int ubik_EndTrans (tt)
959 struct ubik_trans *tt;
961 printf ("Calling ubik_EndTrans\n");
965 static int ubik_AbortTrans (tt)
966 struct ubik_trans *tt;
968 printf ("Calling ubik_AbortTrans\n");
972 static int FindBlock (at, aname, ainstance, tentry)
973 struct ubik_trans *at;
976 struct kaentry *tentry;
978 printf ("Calling FindBlock with '%s'.'%s'\n", aname, ainstance);
979 strcpy (tentry->userID.name, aname);
980 strcpy (tentry->userID.instance, ainstance);
981 tentry->key_version = htonl(17);
982 des_string_to_key ("toa", &tentry->key);
983 tentry->flags = htonl(KAFNORMAL);
984 tentry->user_expiration = htonl(NEVERDATE);
985 tentry->max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME);
989 static int ka_LookupKey (tt, name, inst, kvno, key)
990 struct ubik_trans *tt;
993 afs_int32 *kvno; /* returned */
994 struct ktc_encryptionKey *key; /* copied out */
996 printf ("Calling ka_LookupKey with '%s'.'%s'\n", name, inst);
998 des_string_to_key ("applexx", key);
1001 static afs_int32 kvno_tgs_key (authDomain, kvno, tgskey)
1004 struct ktc_encryptionKey *tgskey;
1006 if (strcmp (authDomain, lrealm) != 0)
1007 printf ("Called with wrong %s as authDomain\n", authDomain);
1009 printf ("kvno_tgs_key: being called with wrong kvno: %d\n", kvno);
1010 des_string_to_key ("applexx", tgskey);
1017 name_instance_legal ()