2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 /* This file contains the code to handle UDP requests to the authentication
11 server using the MIT Kerberos protocol for obtaining tickets. It will only
12 handle authentication and get ticket requests to provide read-only protocol
13 level compatibility with the standard Kerberos servers. */
15 #include <afs/param.h>
17 #include <sys/types.h>
21 #include <sys/socket.h>
23 #include <netinet/in.h>
25 #include <afs/afsutil.h>
27 #include <afs/com_err.h>
39 #include "prot.h" /* protocol definitions */
41 #include "afs/audit.h"
44 #include "../permit_xprt.h"
47 /* my kerberos error codes */
48 #define KERB_ERR_BAD_MSG_TYPE 99
49 #define KERB_ERR_BAD_LIFETIME 98
50 #define KERB_ERR_NONNULL_REALM 97
51 #define KERB_ERR_PKT_LENGTH 96
52 #define KERB_ERR_TEXT_LENGTH 95
54 #define KDC_GEN_ERR 20
58 int krb_udp_debug = 0;
60 static int sock_kerb =-1; /* the socket we're using */
61 static int sock_kerb5=-1; /* the socket we're using */
65 struct sockaddr_in from;
71 char *rest; /* remaining bytes of packet */
72 char data[MAX_PKT_LEN];
75 extern struct kadstats dynamic_statistics;
76 extern char *lastOperation;
79 char udpAuthPrincipal[256];
80 char udptgsPrincipal[256];
81 char udptgsServerPrincipal[256];
83 #define putstr(name) if ((slen = strlen(name)) >= MAXKTCNAMELEN) return -1;\
84 else strcpy (answer, name), answer += slen+1
85 #define putint(num) num = htonl(num), \
86 bcopy (&num, answer, sizeof(afs_int32)), \
87 answer += sizeof(afs_int32)
89 #define getstr(name) if ((slen = strlen(packet)) >= sizeof(name)) return -1;\
90 strcpy (name, packet), packet += slen+1
91 #define getint(num) bcopy (packet, &num, sizeof(afs_int32)), \
92 num = ktohl (byteOrder, num), \
93 packet += sizeof(afs_int32)
95 /* this is just to close the log every five minutes to rm works */
99 static FiveMinuteCheckLWP()
103 printf("start 5 min check lwp\n");
107 IOMGR_Sleep(fiveminutes);
108 /* close the log so it can be removed */
109 ReOpenLog(AFSDIR_SERVER_KALOG_FILEPATH);/* no trunc, just append */
114 static afs_int32 create_cipher (cipher, cipherLen, sessionKey, sname, sinst,
115 start, end, kvno, ticket, ticketLen, key)
118 struct ktc_encryptionKey *sessionKey;
125 struct ktc_encryptionKey *key;
128 unsigned char life = time_to_life (start, end);
130 des_key_schedule schedule;
134 len = sizeof(*sessionKey) + strlen(sname) + strlen(sinst) +
135 strlen(lrealm) + 3/*nulls*/ + 3 + ticketLen + sizeof(Date);
136 if (len > *cipherLen) return KAANSWERTOOLONG;
137 if (ticketLen > 255) return KAANSWERTOOLONG;
138 if (kvno > 255) return KAANSWERTOOLONG;
140 bcopy (sessionKey, answer, sizeof(*sessionKey));
141 answer += sizeof(*sessionKey);
146 *answer++ = (unsigned char) kvno;
147 *answer++ = (unsigned char) ticketLen;
148 bcopy (ticket, answer, ticketLen);
153 printf ("Printing ticket (%d) and date: ", ticketLen);
154 ka_PrintBytes (ticket, ticketLen);
155 ka_PrintBytes (answer-4, 4);
159 if (code = des_key_sched (key, schedule))
160 printf ("In KAAuthenticate: key_sched returned %d\n", code);
161 des_pcbc_encrypt (cipher, cipher, len, schedule, key, ENCRYPT);
162 *cipherLen = round_up_to_ebs (len);
165 printf ("Printing cipher (%d): ", *cipherLen);
166 ka_PrintBytes (cipher, *cipherLen);
172 static afs_int32 create_reply (ans, name, inst, startTime, endTime, kvno,
177 Date startTime, endTime;
181 { char *answer = ans->data;
184 ans->len = 2 + strlen(name) + strlen(inst) + 3/*nulls*/ +
185 sizeof(afs_int32) + 1/*ntkts*/ + sizeof(afs_int32) + 1/*kvno*/ +
186 sizeof(short) + cipherLen;
187 if (ans->len > sizeof(ans->data)) return KAANSWERTOOLONG;
188 if (kvno > 255) return KAANSWERTOOLONG;
190 *answer++ = (unsigned char) KRB_PROT_VERSION;
191 *answer++ = (unsigned char) AUTH_MSG_KDC_REPLY;
192 /* always send claiming network byte order */
197 *answer++ = 1; /* undocumented number of tickets! */
199 *answer++ = (unsigned char) kvno;
200 { short w = (short) cipherLen;
202 bcopy (&w, answer, sizeof(short));
203 answer += sizeof(short);
205 bcopy (cipher, answer, cipherLen);
209 static afs_int32 check_auth (pkt, auth, authLen, key, name, inst, cell)
213 struct ktc_encryptionKey *key;
218 des_key_schedule schedule;
220 /* unsigned char time_msec; */
222 int byteOrder = pkt->byteOrder;
224 des_key_sched (key, schedule);
225 des_pcbc_encrypt (auth, auth, authLen, schedule, key, DECRYPT);
227 if (strcmp (packet, name) != 0) return KABADTICKET;
228 packet += strlen (packet) + 1;
229 if (strcmp (packet, inst) != 0) return KABADTICKET;
230 packet += strlen (packet) + 1;
231 if (strcmp (packet, cell) != 0) return KABADTICKET;
232 packet += strlen (packet) + 1;
234 /* time_msec = */ *(unsigned char *)packet++;
236 if ((packet-auth) > authLen) return KABADTICKET;
240 afs_int32 UDP_Authenticate (ksoc, client, name, inst, startTime, endTime, sname, sinst)
242 struct sockaddr_in *client;
249 { struct ubik_trans *tt;
250 afs_int32 to; /* offset of block */
251 struct kaentry tentry;
252 afs_int32 tgskvno; /* key version of service key */
253 struct ktc_encryptionKey tgskey; /* service key for encrypting ticket */
258 char ticket[MAXKTCTICKETLEN]; /* our copy of the ticket */
260 struct ktc_encryptionKey sessionKey; /* we have to invent a session key */
262 char cipher[2*MAXKTCTICKETLEN]; /* put encrypted part of answer here */
266 COUNT_REQ (UAuthenticate);
267 if (!name_instance_legal (name, inst)) return KERB_ERR_NAME_EXP; /* KABADNAME */
268 if (code = InitAuthServ (&tt, LOCKREAD, this_op)) return code;
270 code = FindBlock (tt, name, inst, &to, &tentry);
271 if (code) goto abort;
272 if (to) { /* if user exists check other stuff */
274 struct kaentry sentry;
275 save_principal (udpAuthPrincipal, name, inst, 0);
277 tgt = ((strcmp (sname, KA_TGS_NAME) == 0) &&
278 (strcmp (sinst, lrealm) == 0));
279 if ((ntohl(tentry.user_expiration) < now) ||
280 (tgt && (ntohl(tentry.flags) & KAFNOTGS))) {
281 code = KERB_ERR_NAME_EXP; /* KABADUSER */
284 code = FindBlock (tt, KA_TGS_NAME, lrealm, &sto, &sentry);
285 if (code) goto abort;
286 if (sto == 0) {code = KANOENT; goto abort; }
287 if ((ntohl(sentry.user_expiration) < now)) {
288 code = KERB_ERR_NAME_EXP; /* XXX Could use another error code XXX */
291 if (abs (startTime - now) > KTC_TIME_UNCERTAINTY) {
292 code = KERB_ERR_SERVICE_EXP; /* was KABADREQUEST */
296 if (tentry.misc_auth_bytes) {
297 unsigned char misc_auth_bytes[4];
298 afs_uint32 temp; /* unsigned for safety */
299 afs_uint32 pwexpires;
301 temp = ntohl(*((afs_int32 *)(tentry.misc_auth_bytes)));
302 unpack_long(temp, misc_auth_bytes);
303 pwexpires = misc_auth_bytes[0];
305 pwexpires= ntohl(tentry.change_password_time) + 24*60*60*pwexpires;
306 if ( pwexpires < now ) {
307 code = KERB_ERR_AUTH_EXP; /* was KAPWEXPIRED */
313 /* make the ticket */
314 code = des_random_key (&sessionKey);
316 code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
319 endTime = umin (endTime,
320 startTime + ntohl(tentry.max_ticket_lifetime));
321 if ((code = ka_LookupKey (tt, sname, sinst, &tgskvno, &tgskey)) ||
322 (code = tkt_MakeTicket (ticket, &ticketLen, &tgskey,
324 startTime, endTime, &sessionKey,
325 htonl(client->sin_addr.s_addr), sname, sinst)))
328 cipherLen = sizeof(cipher);
330 (cipher, &cipherLen, &sessionKey, sname, sinst,
331 startTime, endTime, tgskvno, ticket, ticketLen, &tentry.key);
332 if (code) goto abort;
333 } else { /* no such user */
335 tentry.key_version = 0;
337 code = ubik_EndTrans(tt);
341 code = create_reply (&ans, name, inst, startTime, endTime,
342 ntohl(tentry.key_version), cipher, cipherLen);
347 printf ("Sending %d bytes ending in: ", ans.len);
348 ka_PrintBytes (ans.data+ans.len-8, 8);
352 code = sendto (ksoc, ans.data, ans.len, 0,
353 (struct sockaddr *) client, sizeof(*client));
354 if (code != ans.len) {
355 perror ("calling sendto");
359 osi_audit ( UDPAuthenticateEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_END);
364 ubik_AbortTrans (tt);
367 osi_audit ( UDPAuthenticateEvent, code, AUD_STR, name, AUD_STR, inst, AUD_END);
371 afs_int32 UDP_GetTicket (ksoc, pkt, kvno, authDomain, ticket, ticketLen, auth, authLen)
381 struct ktc_encryptionKey tgskey;
382 char name[MAXKTCNAMELEN];
383 char inst[MAXKTCNAMELEN];
384 char cell[MAXKTCREALMLEN];
385 struct ktc_encryptionKey authSessionKey;
395 int byteOrder = pkt->byteOrder;
396 char sname[MAXKTCNAMELEN];
397 char sinst[MAXKTCNAMELEN];
401 struct ubik_trans *tt;
403 struct kaentry caller;
404 struct kaentry server;
406 struct ktc_encryptionKey sessionKey;
408 char newTicket[MAXKTCTICKETLEN];
410 char cipher[2*MAXKTCTICKETLEN]; /* put encrypted part of answer here */
414 COUNT_REQ (UGetTicket);
416 if (code = InitAuthServ(&tt, LOCKREAD, this_op)) goto fail;
417 code = ka_LookupKvno (tt, KA_TGS_NAME,
418 ((strlen(authDomain) > 0) ? authDomain : lrealm),
420 if (code) goto abort;
422 code = tkt_DecodeTicket (ticket, ticketLen, &tgskey, name, inst, cell,
423 &authSessionKey, &host, &start, &authEnd);
428 code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */
431 save_principal (udptgsPrincipal, name, inst, cell);
432 code = tkt_CheckTimes (start, authEnd, now);
435 code = KERB_ERR_SERVICE_EXP; /* was RXKADEXPIRED */
438 code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */
441 celllen = strlen (cell);
443 if ((strlen(authDomain) > 0) && (strcmp (authDomain, lrealm) != 0))
445 if (import && (celllen == 0)) {
446 code = KERB_ERR_PKT_VER; /* was KABADTICKET */
450 strncpy (cell, lrealm, MAXKTCREALMLEN-1);
451 cell[MAXKTCREALMLEN-1] = 0;
455 printf ("UGetTicket: got ticket from '%s'.'%s'@'%s'\n",
459 code = check_auth (pkt, auth, authLen, &authSessionKey, name, inst, cell);
460 if (code) goto abort;
462 /* authenticator and all is OK so read actual request */
465 life = *(unsigned char *)packet++;
469 reqEnd = life_to_time (start, life);
471 printf ("UGetTicket: request for server '%s'.'%s'\n", sname, sinst);
473 save_principal (udptgsServerPrincipal, sname, sinst, 0);
476 strcpy (caller.userID.name, name);
477 strcpy (caller.userID.instance, inst);
478 caller.max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME);
481 code = FindBlock(tt, name, inst, &to, &caller);
482 if (code) goto abort;
484 ka_PrintUserID ("GetTicket: User ", name, inst, " unknown.\n");
485 code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */
488 if (ntohl(caller.flags) & KAFNOTGS)
489 { code = KERB_ERR_AUTH_EXP; /* was KABADUSER */
493 code = FindBlock (tt, sname, sinst, &to, &server); /* get server's entry */
494 if (code) goto abort;
495 if (to == 0) { /* entry not found */
496 ka_PrintUserID ("GetTicket: Server ", sname, sinst, " unknown.\n");
497 code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */
500 code = ubik_EndTrans (tt);
503 if (ntohl(server.flags) & KAFNOSEAL) return KABADSERVER;
505 code = des_random_key (&sessionKey);
507 code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
511 reqEnd = umin (umin (reqEnd, authEnd),
512 umin (start+ntohl(caller.max_ticket_lifetime),
513 start+ntohl(server.max_ticket_lifetime)));
515 code = tkt_MakeTicket (newTicket, &newTicketLen, &server.key,
516 caller.userID.name, caller.userID.instance, cell,
517 start, reqEnd, &sessionKey,
518 htonl(pkt->from.sin_addr.s_addr),
519 server.userID.name, server.userID.instance);
522 cipherLen = sizeof(cipher);
524 (cipher, &cipherLen, &sessionKey, sname, sinst,
525 start, reqEnd, ntohl(server.key_version),
526 newTicket, newTicketLen, &authSessionKey);
529 code = create_reply (&ans, name, inst, start, reqEnd, 0,
533 code = sendto (ksoc, ans.data, ans.len, 0,
534 (struct sockaddr *) &pkt->from, sizeof(pkt->from));
535 if (code != ans.len) {
536 perror ("calling sendto");
541 if (cipherLen != 0) {
542 KALOG(name, inst, sname, sinst, NULL, host, LOG_GETTICKET);
544 osi_audit ( UDPGetTicketEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_STR, cell, AUD_STR, sname, AUD_STR, sinst, AUD_END);
550 osi_audit ( UDPGetTicketEvent, code, AUD_STR, name, AUD_STR, inst, AUD_STR, NULL, AUD_STR, NULL, AUD_STR, NULL, AUD_END);
554 static err_packet (ksoc, pkt, code, reason)
560 char *answer = ans.data;
564 if (reason == 0) reason = "";
565 snprintf (buf, 255, "code = %d: %s", code, reason);
568 printf ("Sending error packet to '%s'.'%s'@'%s' containing %s\n",
569 pkt->name, pkt->inst, pkt->realm, buf);
572 ans.len = 2 + strlen(pkt->name) + strlen(pkt->inst) + strlen(pkt->realm) +
573 3/* nulls */ + (2 * sizeof(afs_int32)) + strlen (buf) + 1;
574 if (ans.len > sizeof(ans.data)) {
575 printf ("Answer packet too long\n");
579 *answer++ = (unsigned char) KRB_PROT_VERSION;
580 *answer++ = (unsigned char) AUTH_MSG_ERR_REPLY;
581 /* always send claiming network byte order */
586 if ((code < 0) || (code > KERB_ERR_MAXIMUM)) {
587 /* It could be because of kauth errors so we should return something instead of success!! */
593 code = sendto(ksoc, ans.data, ans.len, 0,
594 (struct sockaddr *) &pkt->from, sizeof(pkt->from));
595 if (code != ans.len) {
597 printf ("call to sendto returned %d, sending error packet %d bytes long\n",
599 else perror ("err_packet: sendto");
603 process_udp_auth (ksoc, pkt)
606 { char *packet = pkt->rest;
607 char name[MAXKTCNAMELEN];
608 char inst[MAXKTCNAMELEN];
609 char realm[MAXKTCREALMLEN];
610 char sname[MAXKTCNAMELEN];
611 char sinst[MAXKTCNAMELEN];
614 Date startTime, endTime;
615 unsigned char lifetime;
625 printf ("Processing KDC Request from '%s'.'%s'@'%s'\n",
629 if ((strlen(realm) > 0) && (strcmp (realm, lrealm) != 0)) {
630 err_packet (ksoc, pkt, KERB_ERR_NONNULL_REALM,
631 "null realm name not allowed");
634 bcopy (packet, &startTime, sizeof(startTime));
635 packet += sizeof(startTime);
636 startTime = ktohl (pkt->byteOrder, startTime);
637 pkt->time = startTime;
638 lifetime = *packet++;
639 endTime = life_to_time (startTime, lifetime);
640 code = tkt_CheckTimes (startTime, endTime, now);
642 err_packet (ksoc, pkt, KERB_ERR_BAD_LIFETIME,
643 "requested ticket lifetime invalid");
648 if ((packet - pkt->data) != pkt->len) {
649 err_packet (ksoc, pkt, KERB_ERR_PKT_LENGTH, "packet length inconsistent");
653 code = UDP_Authenticate (ksoc, &pkt->from, name, inst,
654 startTime, endTime, sname, sinst);
656 if (code == KANOENT) {
657 code = KERB_ERR_PRINCIPAL_UNKNOWN;
658 err_packet (ksoc, pkt, code, (char *)error_message (code));
659 } else if (code == KAPWEXPIRED) {
660 code = KERB_ERR_NAME_EXP;
661 err_packet (ksoc, pkt, code, "password has expired");
663 err_packet (ksoc, pkt, code, (char *)error_message (code));
668 process_udp_appl (ksoc, pkt)
671 { char *packet = pkt->rest;
673 char realm[MAXKTCREALMLEN];
674 char ticket[MAXKTCTICKETLEN];
675 char auth[3*MAXKTCNAMELEN+4+5];
677 int ticketLen, authLen;
681 printf ("Processing APPL Request\n");
685 ticketLen = *(unsigned char *)packet++;
686 authLen = *(unsigned char *)packet++;
687 if (ticketLen > sizeof(ticket)) {
688 err_packet (ksoc, pkt, KERB_ERR_TEXT_LENGTH, "ticket too long");
691 bcopy (packet, ticket, ticketLen);
693 if (authLen > sizeof(auth)) {
694 err_packet (ksoc, pkt, KERB_ERR_TEXT_LENGTH, "authenticator too long");
697 bcopy (packet, auth, authLen);
698 pkt->rest = packet + authLen;
699 code = UDP_GetTicket (ksoc, pkt, kvno, realm, ticket, ticketLen, auth, authLen);
701 if (code == KANOENT) code = KERB_ERR_PRINCIPAL_UNKNOWN;
702 err_packet (ksoc, pkt, code, (char*)error_message (code));
707 process_udp_request (ksoc, pkt)
710 { char *packet = pkt->data;
711 unsigned char version, auth_msg_type;
714 if (version != KRB_PROT_VERSION) {
715 err_packet (ksoc, pkt, KERB_ERR_PKT_VER, "packet version number unknown");
718 auth_msg_type = *packet++;
719 pkt->byteOrder = auth_msg_type & 1;
721 switch (auth_msg_type & ~1) {
722 case AUTH_MSG_KDC_REQUEST:
723 process_udp_auth (ksoc, pkt);
725 case AUTH_MSG_APPL_REQUEST:
726 process_udp_appl (ksoc, pkt);
729 printf ("unknown msg type 0x%x\n", auth_msg_type);
730 err_packet (ksoc, pkt, KERB_ERR_BAD_MSG_TYPE, "message type not supported");
736 static SocketListener ()
739 struct packet packet;
743 printf ("Starting to listen for UDP packets\n");
746 if (sock_kerb >= 0) FD_SET(sock_kerb, &rfds);
747 if (sock_kerb5 >= 0) FD_SET(sock_kerb5, &rfds);
751 /* write and exception fd_set's are null */
752 code = IOMGR_Select(32, &rfds, NULL, NULL, &tv);
753 if (code == 0) { /* timeout */
754 /* printf ("Timeout\n"); */
758 perror ("calling IOMGR_Select");
762 fromLen = sizeof(packet.from);
763 if ((sock_kerb >= 0) && FD_ISSET(sock_kerb, &rfds)) {
764 code = recvfrom(sock_kerb, packet.data, sizeof(packet.data), 0,
765 (struct sockaddr *) &packet.from, &fromLen);
767 perror ("calling recvfrom");
772 printf ("Kerb:udp: Got %d bytes from addr %s which are '",
773 code, afs_inet_ntoa(packet.from.sin_addr.s_addr));
774 ka_PrintBytes (packet.data, packet.len);
777 packet.name = packet.inst = packet.realm = "";
779 process_udp_request (sock_kerb, &packet);
781 if ((sock_kerb5 >= 0) && FD_ISSET(sock_kerb5, &rfds)) {
782 code = recvfrom(sock_kerb5, packet.data, sizeof(packet.data), 0,
783 (struct sockaddr *) &packet.from, &fromLen);
785 perror ("calling recvfrom");
790 printf ("Kerb5:udp: Got %d bytes from addr %s which are '",
791 code, afs_inet_ntoa(packet.from.sin_addr.s_addr));
792 ka_PrintBytes (packet.data, packet.len);
795 packet.name = packet.inst = packet.realm = "";
797 process_udp_request (sock_kerb5, &packet);
804 #include "AFS_component_version_number.c"
808 afs_int32 init_krb_udp ()
810 { struct sockaddr_in taddr;
811 static PROCESS slPid; /* socket listener pid */
812 static PROCESS checkPid; /* fiveminute check */
814 char* krb4name; /* kerberos version4 service */
820 static int inited = 0;
823 if (inited) return -1;
826 bzero (&taddr, sizeof(taddr));
827 krb4name = "kerberos4";
828 sp = getservbyname(krb4name, "udp");
829 taddr.sin_family = AF_INET; /* added for NCR port */
832 /* if kerberos-4 is not available, try "kerberos-iv" */
833 krb4name = "kerberos-iv";
834 sp = getservbyname(krb4name, "udp");
838 /* if kerberos-iv is not available, try "kerberos" */
839 krb4name = "kerberos";
840 sp = getservbyname(krb4name, "udp");
844 "kerberos/udp is unknown; check /etc/services. Using port=%d as default\n",
846 taddr.sin_port = htons(KRB_PORT);
848 /* copy the port number */
849 fprintf (stderr, "%s/udp port=%hu\n", krb4name, (unsigned short)sp->s_port);
850 taddr.sin_port = sp->s_port;
852 kerb_port = taddr.sin_port;
853 sock_kerb = socket(AF_INET, SOCK_DGRAM, 0);
854 code = bind(sock_kerb, (struct sockaddr *) &taddr, sizeof(taddr));
856 perror ("calling bind");
860 sp = getservbyname("kerberos5", "udp");
863 "kerberos5/udp is unknown; check /etc/services. Using port=%d as default\n",
865 taddr.sin_port = htons(KRB5_PORT);
867 /* copy the port number */
868 fprintf (stderr, "kerberos5/udp port=%hu\n", (unsigned short)sp->s_port);
869 taddr.sin_port = sp->s_port;
871 if (taddr.sin_port != kerb_port) { /* a different port */
872 sock_kerb5 = socket(AF_INET, SOCK_DGRAM, 0);
873 code = bind(sock_kerb5, (struct sockaddr *) &taddr, sizeof(taddr));
875 perror ("calling bind");
880 /* Bail out if we can't bind with any port */
881 if ((sock_kerb < 0) && (sock_kerb5 < 0))
885 /* this has already been done */
886 LWP_InitializeProcessSupport(LWP_NORMAL_PRIORITY, &junk);
889 LWP_CreateProcess(SocketListener, /*stacksize*/16000, LWP_NORMAL_PRIORITY,
890 0, "Socket Listener", &slPid);
892 /* just to close the log every five minutes */
894 LWP_CreateProcess(FiveMinuteCheckLWP, 24*1024,
895 LWP_MAX_PRIORITY - 2, &fiveminutes,
896 "FiveMinuteChecks", &checkPid);
899 initialize_ka_error_table();
900 initialize_rxk_error_table();
901 while (1) /* don't just stand there, run it */
910 char *lastOperation; /* name of last operation */
911 char *lrealm = "REALMNAME";
912 struct kadstats dynamic_statistics;
914 static int InitAuthServ (tt, lock, this_op)
915 struct ubik_trans **tt;
916 int lock; /* read or write transaction */
917 int *this_op; /* op of RCP routine, for COUNT_ABO */
921 printf ("Calling InitAuthServ\n");
925 static int ubik_EndTrans (tt)
926 struct ubik_trans *tt;
928 printf ("Calling ubik_EndTrans\n");
932 static int ubik_AbortTrans (tt)
933 struct ubik_trans *tt;
935 printf ("Calling ubik_AbortTrans\n");
939 static int FindBlock (at, aname, ainstance, tentry)
940 struct ubik_trans *at;
943 struct kaentry *tentry;
945 printf ("Calling FindBlock with '%s'.'%s'\n", aname, ainstance);
946 strcpy (tentry->userID.name, aname);
947 strcpy (tentry->userID.instance, ainstance);
948 tentry->key_version = htonl(17);
949 des_string_to_key ("toa", &tentry->key);
950 tentry->flags = htonl(KAFNORMAL);
951 tentry->user_expiration = htonl(NEVERDATE);
952 tentry->max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME);
956 static int ka_LookupKey (tt, name, inst, kvno, key)
957 struct ubik_trans *tt;
960 afs_int32 *kvno; /* returned */
961 struct ktc_encryptionKey *key; /* copied out */
963 printf ("Calling ka_LookupKey with '%s'.'%s'\n", name, inst);
965 des_string_to_key ("applexx", key);
968 static afs_int32 kvno_tgs_key (authDomain, kvno, tgskey)
971 struct ktc_encryptionKey *tgskey;
973 if (strcmp (authDomain, lrealm) != 0)
974 printf ("Called with wrong %s as authDomain\n", authDomain);
976 printf ("kvno_tgs_key: being called with wrong kvno: %d\n", kvno);
977 des_string_to_key ("applexx", tgskey);
984 name_instance_legal ()