2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 /* This file contains the code to handle UDP requests to the authentication
11 server using the MIT Kerberos protocol for obtaining tickets. It will only
12 handle authentication and get ticket requests to provide read-only protocol
13 level compatibility with the standard Kerberos servers. */
15 #include <afsconfig.h>
16 #include <afs/param.h>
22 #include <sys/types.h>
26 #include <afs/errmap_nt.h>
27 #define snprintf _snprintf
29 #include <sys/socket.h>
31 #include <netinet/in.h>
40 #include <afs/afsutil.h>
42 #include <afs/com_err.h>
54 #include "prot.h" /* protocol definitions */
56 #include "afs/audit.h"
59 /* my kerberos error codes */
60 #define KERB_ERR_BAD_MSG_TYPE 99
61 #define KERB_ERR_BAD_LIFETIME 98
62 #define KERB_ERR_NONNULL_REALM 97
63 #define KERB_ERR_PKT_LENGTH 96
64 #define KERB_ERR_TEXT_LENGTH 95
66 #define KDC_GEN_ERR 20
70 int krb_udp_debug = 0;
72 static int sock_kerb = -1; /* the socket we're using */
73 static int sock_kerb5 = -1; /* the socket we're using */
77 struct sockaddr_in from;
83 char *rest; /* remaining bytes of packet */
84 char data[MAX_PKT_LEN];
87 extern char *lastOperation;
90 char udpAuthPrincipal[256];
91 char udptgsPrincipal[256];
92 char udptgsServerPrincipal[256];
94 #define putstr(name) if ((slen = strlen(name)) >= MAXKTCNAMELEN) return -1;\
95 else strcpy (answer, name), answer += slen+1
96 #define putint(num) num = htonl(num), \
97 memcpy(answer, &num, sizeof(afs_int32)), \
98 answer += sizeof(afs_int32)
100 #define getstr(name) if ((slen = strlen(packet)) >= sizeof(name)) return -1;\
101 strcpy (name, packet), packet += slen+1
102 #define getint(num) memcpy(&num, packet, sizeof(afs_int32)), \
103 num = ktohl (byteOrder, num), \
104 packet += sizeof(afs_int32)
106 /* this is just to close the log every five minutes to rm works */
108 int fiveminutes = 300;
114 printf("start 5 min check lwp\n");
117 IOMGR_Sleep(fiveminutes);
118 /* close the log so it can be removed */
119 ReOpenLog(AFSDIR_SERVER_KALOG_FILEPATH); /* no trunc, just append */
125 create_cipher(cipher, cipherLen, sessionKey, sname, sinst, start, end, kvno,
126 ticket, ticketLen, key)
129 struct ktc_encryptionKey *sessionKey;
136 struct ktc_encryptionKey *key;
140 unsigned char life = time_to_life(start, end);
142 des_key_schedule schedule;
147 sizeof(*sessionKey) + strlen(sname) + strlen(sinst) + strlen(lrealm) +
148 3 /*nulls */ + 3 + ticketLen + sizeof(Date);
149 if (len > *cipherLen)
150 return KAANSWERTOOLONG;
152 return KAANSWERTOOLONG;
154 return KAANSWERTOOLONG;
156 memcpy(answer, sessionKey, sizeof(*sessionKey));
157 answer += sizeof(*sessionKey);
162 *answer++ = (unsigned char)kvno;
163 *answer++ = (unsigned char)ticketLen;
164 memcpy(answer, ticket, ticketLen);
169 printf("Printing ticket (%d) and date: ", ticketLen);
170 ka_PrintBytes(ticket, ticketLen);
171 ka_PrintBytes(answer - 4, 4);
175 if (code = des_key_sched(key, schedule))
176 printf("In KAAuthenticate: key_sched returned %d\n", code);
177 des_pcbc_encrypt(cipher, cipher, len, schedule, key, ENCRYPT);
178 *cipherLen = round_up_to_ebs(len);
181 printf("Printing cipher (%d): ", *cipherLen);
182 ka_PrintBytes(cipher, *cipherLen);
189 create_reply(ans, name, inst, startTime, endTime, kvno, cipher, cipherLen)
193 Date startTime, endTime;
198 char *answer = ans->data;
201 ans->len = 2 + strlen(name) + strlen(inst) + 3 /*nulls */ +
202 sizeof(afs_int32) + 1 /*ntkts */ + sizeof(afs_int32) + 1 /*kvno */ +
203 sizeof(short) + cipherLen;
204 if (ans->len > sizeof(ans->data))
205 return KAANSWERTOOLONG;
207 return KAANSWERTOOLONG;
209 *answer++ = (unsigned char)KRB_PROT_VERSION;
210 *answer++ = (unsigned char)AUTH_MSG_KDC_REPLY;
211 /* always send claiming network byte order */
216 *answer++ = 1; /* undocumented number of tickets! */
218 *answer++ = (unsigned char)kvno;
220 short w = (short)cipherLen;
222 memcpy(answer, &w, sizeof(short));
223 answer += sizeof(short);
225 memcpy(answer, cipher, cipherLen);
230 check_auth(pkt, auth, authLen, key, name, inst, cell)
234 struct ktc_encryptionKey *key;
240 des_key_schedule schedule;
242 /* unsigned char time_msec; */
244 int byteOrder = pkt->byteOrder;
246 des_key_sched(key, schedule);
247 des_pcbc_encrypt(auth, auth, authLen, schedule, key, DECRYPT);
249 if (strcmp(packet, name) != 0)
251 packet += strlen(packet) + 1;
252 if (strcmp(packet, inst) != 0)
254 packet += strlen(packet) + 1;
255 if (strcmp(packet, cell) != 0)
257 packet += strlen(packet) + 1;
259 /* time_msec = */ *(unsigned char *)packet++;
261 if ((packet - auth) > authLen)
267 UDP_Authenticate(ksoc, client, name, inst, startTime, endTime, sname, sinst)
269 struct sockaddr_in *client;
277 struct ubik_trans *tt;
278 afs_int32 to; /* offset of block */
279 struct kaentry tentry;
280 afs_int32 tgskvno; /* key version of service key */
281 struct ktc_encryptionKey tgskey; /* service key for encrypting ticket */
286 char ticket[MAXKTCTICKETLEN]; /* our copy of the ticket */
288 struct ktc_encryptionKey sessionKey; /* we have to invent a session key */
290 char cipher[2 * MAXKTCTICKETLEN]; /* put encrypted part of answer here */
294 COUNT_REQ(UAuthenticate);
295 if (!name_instance_legal(name, inst))
296 return KERB_ERR_NAME_EXP; /* KABADNAME */
297 if (code = InitAuthServ(&tt, LOCKREAD, this_op))
300 code = FindBlock(tt, name, inst, &to, &tentry);
303 if (to) { /* if user exists check other stuff */
305 struct kaentry sentry;
306 save_principal(udpAuthPrincipal, name, inst, 0);
308 tgt = ((strcmp(sname, KA_TGS_NAME) == 0)
309 && (strcmp(sinst, lrealm) == 0));
310 if ((ntohl(tentry.user_expiration) < now)
311 || (tgt && (ntohl(tentry.flags) & KAFNOTGS))) {
312 code = KERB_ERR_NAME_EXP; /* KABADUSER */
315 code = FindBlock(tt, KA_TGS_NAME, lrealm, &sto, &sentry);
322 if ((ntohl(sentry.user_expiration) < now)) {
323 code = KERB_ERR_NAME_EXP; /* XXX Could use another error code XXX */
326 if (abs(startTime - now) > KTC_TIME_UNCERTAINTY) {
327 code = KERB_ERR_SERVICE_EXP; /* was KABADREQUEST */
331 if (tentry.misc_auth_bytes) {
332 unsigned char misc_auth_bytes[4];
333 afs_uint32 temp; /* unsigned for safety */
334 afs_uint32 pwexpires;
336 temp = ntohl(*((afs_int32 *) (tentry.misc_auth_bytes)));
337 unpack_long(temp, misc_auth_bytes);
338 pwexpires = misc_auth_bytes[0];
341 ntohl(tentry.change_password_time) +
342 24 * 60 * 60 * pwexpires;
343 if (pwexpires < now) {
344 code = KERB_ERR_AUTH_EXP; /* was KAPWEXPIRED */
350 /* make the ticket */
351 code = des_random_key(&sessionKey);
353 code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
357 umin(endTime, startTime + ntohl(tentry.max_ticket_lifetime));
358 if ((code = ka_LookupKey(tt, sname, sinst, &tgskvno, &tgskey))
360 tkt_MakeTicket(ticket, &ticketLen, &tgskey, name, inst,
361 lrealm, startTime, endTime, &sessionKey,
362 htonl(client->sin_addr.s_addr), sname, sinst)))
365 cipherLen = sizeof(cipher);
367 create_cipher(cipher, &cipherLen, &sessionKey, sname, sinst,
368 startTime, endTime, tgskvno, ticket, ticketLen,
372 } else { /* no such user */
374 tentry.key_version = 0;
376 code = ubik_EndTrans(tt);
381 create_reply(&ans, name, inst, startTime, endTime,
382 ntohl(tentry.key_version), cipher, cipherLen);
387 printf("Sending %d bytes ending in: ", ans.len);
388 ka_PrintBytes(ans.data + ans.len - 8, 8);
393 sendto(ksoc, ans.data, ans.len, 0, (struct sockaddr *)client,
395 if (code != ans.len) {
396 perror("calling sendto");
400 KALOG(name, inst, sname, sinst, NULL, client->sin_addr.s_addr,
402 osi_audit(UDPAuthenticateEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_END);
410 osi_audit(UDPAuthenticateEvent, code, AUD_STR, name, AUD_STR, inst,
416 UDP_GetTicket(ksoc, pkt, kvno, authDomain, ticket, ticketLen, auth, authLen)
427 struct ktc_encryptionKey tgskey;
428 char name[MAXKTCNAMELEN];
429 char inst[MAXKTCNAMELEN];
430 char cell[MAXKTCREALMLEN];
431 struct ktc_encryptionKey authSessionKey;
441 int byteOrder = pkt->byteOrder;
442 char sname[MAXKTCNAMELEN];
443 char sinst[MAXKTCNAMELEN];
447 struct ubik_trans *tt;
449 struct kaentry caller;
450 struct kaentry server;
452 struct ktc_encryptionKey sessionKey;
454 char newTicket[MAXKTCTICKETLEN];
456 char cipher[2 * MAXKTCTICKETLEN]; /* put encrypted part of answer here */
460 COUNT_REQ(UGetTicket);
462 if (code = InitAuthServ(&tt, LOCKREAD, this_op))
465 ka_LookupKvno(tt, KA_TGS_NAME,
466 ((strlen(authDomain) > 0) ? authDomain : lrealm), kvno,
472 tkt_DecodeTicket(ticket, ticketLen, &tgskey, name, inst, cell,
473 &authSessionKey, &host, &start, &authEnd);
478 code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */
481 save_principal(udptgsPrincipal, name, inst, cell);
482 code = tkt_CheckTimes(start, authEnd, now);
485 code = KERB_ERR_SERVICE_EXP; /* was RXKADEXPIRED */
488 code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */
491 celllen = strlen(cell);
493 if ((strlen(authDomain) > 0) && (strcmp(authDomain, lrealm) != 0))
495 if (import && (celllen == 0)) {
496 code = KERB_ERR_PKT_VER; /* was KABADTICKET */
500 strncpy(cell, lrealm, MAXKTCREALMLEN - 1);
501 cell[MAXKTCREALMLEN - 1] = 0;
504 if (!krb4_cross && strcmp(lrealm, cell) != 0) {
505 code = KERB_ERR_PRINCIPAL_UNKNOWN;
510 printf("UGetTicket: got ticket from '%s'.'%s'@'%s'\n", name, inst,
514 code = check_auth(pkt, auth, authLen, &authSessionKey, name, inst, cell);
518 /* authenticator and all is OK so read actual request */
521 life = *(unsigned char *)packet++;
525 reqEnd = life_to_time(start, life);
527 printf("UGetTicket: request for server '%s'.'%s'\n", sname, sinst);
529 save_principal(udptgsServerPrincipal, sname, sinst, 0);
532 strcpy(caller.userID.name, name);
533 strcpy(caller.userID.instance, inst);
534 caller.max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME);
536 code = FindBlock(tt, name, inst, &to, &caller);
540 ka_PrintUserID("GetTicket: User ", name, inst, " unknown.\n");
541 code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */
544 if (ntohl(caller.flags) & KAFNOTGS) {
545 code = KERB_ERR_AUTH_EXP; /* was KABADUSER */
550 code = FindBlock(tt, sname, sinst, &to, &server); /* get server's entry */
553 if (to == 0) { /* entry not found */
554 ka_PrintUserID("GetTicket: Server ", sname, sinst, " unknown.\n");
555 code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */
558 code = ubik_EndTrans(tt);
562 if (ntohl(server.flags) & KAFNOSEAL)
565 code = des_random_key(&sessionKey);
567 code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
572 umin(umin(reqEnd, authEnd),
573 umin(start + ntohl(caller.max_ticket_lifetime),
574 start + ntohl(server.max_ticket_lifetime)));
577 tkt_MakeTicket(newTicket, &newTicketLen, &server.key,
578 caller.userID.name, caller.userID.instance, cell,
579 start, reqEnd, &sessionKey,
580 htonl(pkt->from.sin_addr.s_addr), server.userID.name,
581 server.userID.instance);
585 cipherLen = sizeof(cipher);
587 create_cipher(cipher, &cipherLen, &sessionKey, sname, sinst, start,
588 reqEnd, ntohl(server.key_version), newTicket,
589 newTicketLen, &authSessionKey);
594 create_reply(&ans, name, inst, start, reqEnd, 0, cipher, cipherLen);
599 sendto(ksoc, ans.data, ans.len, 0, (struct sockaddr *)&pkt->from,
601 if (code != ans.len) {
602 perror("calling sendto");
607 if (cipherLen != 0) {
608 KALOG(name, inst, sname, sinst, NULL, host, LOG_GETTICKET);
610 osi_audit(UDPGetTicketEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_STR,
611 cell, AUD_STR, sname, AUD_STR, sinst, AUD_END);
617 osi_audit(UDPGetTicketEvent, code, AUD_STR, name, AUD_STR, inst, AUD_STR,
618 NULL, AUD_STR, NULL, AUD_STR, NULL, AUD_END);
623 err_packet(ksoc, pkt, code, reason)
630 char *answer = ans.data;
636 snprintf(buf, 255, "code = %d: %s", code, reason);
639 printf("Sending error packet to '%s'.'%s'@'%s' containing %s\n",
640 pkt->name, pkt->inst, pkt->realm, buf);
644 2 + strlen(pkt->name) + strlen(pkt->inst) + strlen(pkt->realm) +
645 3 /* nulls */ + (2 * sizeof(afs_int32)) + strlen(buf) + 1;
646 if (ans.len > sizeof(ans.data)) {
647 printf("Answer packet too long\n");
651 *answer++ = (unsigned char)KRB_PROT_VERSION;
652 *answer++ = (unsigned char)AUTH_MSG_ERR_REPLY;
653 /* always send claiming network byte order */
658 if ((code < 0) || (code > KERB_ERR_MAXIMUM)) {
659 /* It could be because of kauth errors so we should return something instead of success!! */
666 sendto(ksoc, ans.data, ans.len, 0, (struct sockaddr *)&pkt->from,
668 if (code != ans.len) {
671 ("call to sendto returned %d, sending error packet %d bytes long\n",
674 perror("err_packet: sendto");
680 process_udp_auth(ksoc, pkt)
684 char *packet = pkt->rest;
685 char name[MAXKTCNAMELEN];
686 char inst[MAXKTCNAMELEN];
687 char realm[MAXKTCREALMLEN];
688 char sname[MAXKTCNAMELEN];
689 char sinst[MAXKTCNAMELEN];
692 Date startTime, endTime;
693 unsigned char lifetime;
703 printf("Processing KDC Request from '%s'.'%s'@'%s'\n", name, inst,
707 if ((strlen(realm) > 0) && (strcmp(realm, lrealm) != 0)) {
708 err_packet(ksoc, pkt, KERB_ERR_NONNULL_REALM,
709 "null realm name not allowed");
712 memcpy(&startTime, packet, sizeof(startTime));
713 packet += sizeof(startTime);
714 startTime = ktohl(pkt->byteOrder, startTime);
715 pkt->time = startTime;
716 lifetime = *packet++;
717 endTime = life_to_time(startTime, lifetime);
718 code = tkt_CheckTimes(startTime, endTime, now);
720 err_packet(ksoc, pkt, KERB_ERR_BAD_LIFETIME,
721 "requested ticket lifetime invalid");
726 if ((packet - pkt->data) != pkt->len) {
727 err_packet(ksoc, pkt, KERB_ERR_PKT_LENGTH,
728 "packet length inconsistent");
733 UDP_Authenticate(ksoc, &pkt->from, name, inst, startTime, endTime,
736 if (code == KANOENT) {
737 code = KERB_ERR_PRINCIPAL_UNKNOWN;
738 err_packet(ksoc, pkt, code, (char *)afs_error_message(code));
739 } else if (code == KAPWEXPIRED) {
740 code = KERB_ERR_NAME_EXP;
741 err_packet(ksoc, pkt, code, "password has expired");
743 err_packet(ksoc, pkt, code, (char *)afs_error_message(code));
749 process_udp_appl(ksoc, pkt)
753 char *packet = pkt->rest;
755 char realm[MAXKTCREALMLEN];
756 char ticket[MAXKTCTICKETLEN];
757 char auth[3 * MAXKTCNAMELEN + 4 + 5];
759 int ticketLen, authLen;
763 printf("Processing APPL Request\n");
767 ticketLen = *(unsigned char *)packet++;
768 authLen = *(unsigned char *)packet++;
769 if (ticketLen > sizeof(ticket)) {
770 err_packet(ksoc, pkt, KERB_ERR_TEXT_LENGTH, "ticket too long");
773 memcpy(ticket, packet, ticketLen);
775 if (authLen > sizeof(auth)) {
776 err_packet(ksoc, pkt, KERB_ERR_TEXT_LENGTH, "authenticator too long");
779 memcpy(auth, packet, authLen);
780 pkt->rest = packet + authLen;
782 UDP_GetTicket(ksoc, pkt, kvno, realm, ticket, ticketLen, auth,
786 code = KERB_ERR_PRINCIPAL_UNKNOWN;
787 err_packet(ksoc, pkt, code, (char *)afs_error_message(code));
794 process_udp_request(ksoc, pkt)
798 char *packet = pkt->data;
799 unsigned char version, auth_msg_type;
802 if (version != KRB_PROT_VERSION) {
803 err_packet(ksoc, pkt, KERB_ERR_PKT_VER,
804 "packet version number unknown");
807 auth_msg_type = *packet++;
808 pkt->byteOrder = auth_msg_type & 1;
810 switch (auth_msg_type & ~1) {
811 case AUTH_MSG_KDC_REQUEST:
812 process_udp_auth(ksoc, pkt);
814 case AUTH_MSG_APPL_REQUEST:
815 process_udp_appl(ksoc, pkt);
818 printf("unknown msg type 0x%x\n", auth_msg_type);
819 err_packet(ksoc, pkt, KERB_ERR_BAD_MSG_TYPE,
820 "message type not supported");
831 struct packet packet;
835 printf("Starting to listen for UDP packets\n");
839 FD_SET(sock_kerb, &rfds);
841 FD_SET(sock_kerb5, &rfds);
845 /* write and exception fd_set's are null */
846 code = IOMGR_Select(32, &rfds, NULL, NULL, &tv);
847 if (code == 0) { /* timeout */
848 /* printf ("Timeout\n"); */
850 } else if (code < 0) {
851 perror("calling IOMGR_Select");
855 fromLen = sizeof(packet.from);
856 if ((sock_kerb >= 0) && FD_ISSET(sock_kerb, &rfds)) {
858 recvfrom(sock_kerb, packet.data, sizeof(packet.data), 0,
859 (struct sockaddr *)&packet.from, &fromLen);
861 if (errno == EAGAIN || errno == ECONNREFUSED)
863 perror("calling recvfrom");
868 printf("Kerb:udp: Got %d bytes from addr %s which are '",
869 code, afs_inet_ntoa(packet.from.sin_addr.s_addr));
870 ka_PrintBytes(packet.data, packet.len);
873 packet.name = packet.inst = packet.realm = "";
875 process_udp_request(sock_kerb, &packet);
878 if ((sock_kerb5 >= 0) && FD_ISSET(sock_kerb5, &rfds)) {
880 recvfrom(sock_kerb5, packet.data, sizeof(packet.data), 0,
881 (struct sockaddr *)&packet.from, &fromLen);
883 if (errno == EAGAIN || errno == ECONNREFUSED)
885 perror("calling recvfrom");
890 printf("Kerb5:udp: Got %d bytes from addr %s which are '",
891 code, afs_inet_ntoa(packet.from.sin_addr.s_addr));
892 ka_PrintBytes(packet.data, packet.len);
895 packet.name = packet.inst = packet.realm = "";
897 process_udp_request(sock_kerb5, &packet);
900 if (sock_kerb >= 0) {
904 if (sock_kerb5 >= 0) {
908 printf("UDP SocketListener exiting due to error\n");
913 #include "AFS_component_version_number.c"
921 struct sockaddr_in taddr;
922 static PROCESS slPid; /* socket listener pid */
923 static PROCESS checkPid; /* fiveminute check */
925 char *krb4name; /* kerberos version4 service */
931 static int inited = 0;
938 memset(&taddr, 0, sizeof(taddr));
939 krb4name = "kerberos4";
940 sp = getservbyname(krb4name, "udp");
941 taddr.sin_family = AF_INET; /* added for NCR port */
942 #ifdef STRUCT_SOCKADDR_HAS_SA_LEN
943 taddr.sin_len = sizeof(struct sockaddr_in);
946 /* if kerberos-4 is not available, try "kerberos-iv" */
947 krb4name = "kerberos-iv";
948 sp = getservbyname(krb4name, "udp");
951 /* if kerberos-iv is not available, try "kerberos" */
952 krb4name = "kerberos";
953 sp = getservbyname(krb4name, "udp");
957 "kerberos/udp is unknown; check /etc/services. Using port=%d as default\n",
959 taddr.sin_port = htons(KRB_PORT);
961 /* copy the port number */
962 fprintf(stderr, "%s/udp port=%hu\n", krb4name,
963 (unsigned short)sp->s_port);
964 taddr.sin_port = sp->s_port;
966 kerb_port = taddr.sin_port;
967 sock_kerb = socket(AF_INET, SOCK_DGRAM, 0);
968 code = bind(sock_kerb, (struct sockaddr *)&taddr, sizeof(taddr));
970 perror("calling bind");
974 sp = getservbyname("kerberos5", "udp");
977 "kerberos5/udp is unknown; check /etc/services. Using port=%d as default\n",
979 taddr.sin_port = htons(KRB5_PORT);
981 /* copy the port number */
982 fprintf(stderr, "kerberos5/udp port=%hu\n",
983 (unsigned short)sp->s_port);
984 taddr.sin_port = sp->s_port;
986 if (taddr.sin_port != kerb_port) { /* a different port */
987 sock_kerb5 = socket(AF_INET, SOCK_DGRAM, 0);
988 code = bind(sock_kerb5, (struct sockaddr *)&taddr, sizeof(taddr));
990 perror("calling bind");
995 /* Bail out if we can't bind with any port */
996 if ((sock_kerb < 0) && (sock_kerb5 < 0))
1000 /* this has already been done */
1001 LWP_InitializeProcessSupport(LWP_NORMAL_PRIORITY, &junk);
1004 LWP_CreateProcess(SocketListener, /*stacksize */ 16000,
1005 LWP_NORMAL_PRIORITY, (void *)0, "Socket Listener",
1008 /* just to close the log every five minutes */
1010 LWP_CreateProcess(FiveMinuteCheckLWP, 24 * 1024, LWP_MAX_PRIORITY - 2,
1011 (void *)&fiveminutes, "FiveMinuteChecks", &checkPid);
1014 initialize_ka_error_table();
1015 initialize_rxk_error_table();
1016 while (1) /* don't just stand there, run it */
1025 char *lastOperation; /* name of last operation */
1026 char *lrealm = "REALMNAME";
1027 struct kadstats dynamic_statistics;
1030 InitAuthServ(tt, lock, this_op)
1031 struct ubik_trans **tt;
1032 int lock; /* read or write transaction */
1033 int *this_op; /* op of RCP routine, for COUNT_ABO */
1038 printf("Calling InitAuthServ\n");
1044 struct ubik_trans *tt;
1046 printf("Calling ubik_EndTrans\n");
1052 struct ubik_trans *tt;
1054 printf("Calling ubik_AbortTrans\n");
1059 FindBlock(at, aname, ainstance, tentry)
1060 struct ubik_trans *at;
1063 struct kaentry *tentry;
1065 printf("Calling FindBlock with '%s'.'%s'\n", aname, ainstance);
1066 strcpy(tentry->userID.name, aname);
1067 strcpy(tentry->userID.instance, ainstance);
1068 tentry->key_version = htonl(17);
1069 des_string_to_key("toa", &tentry->key);
1070 tentry->flags = htonl(KAFNORMAL);
1071 tentry->user_expiration = htonl(NEVERDATE);
1072 tentry->max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME);
1077 ka_LookupKey(tt, name, inst, kvno, key)
1078 struct ubik_trans *tt;
1081 afs_int32 *kvno; /* returned */
1082 struct ktc_encryptionKey *key; /* copied out */
1084 printf("Calling ka_LookupKey with '%s'.'%s'\n", name, inst);
1086 des_string_to_key("applexx", key);
1090 kvno_tgs_key(authDomain, kvno, tgskey)
1093 struct ktc_encryptionKey *tgskey;
1095 if (strcmp(authDomain, lrealm) != 0)
1096 printf("Called with wrong %s as authDomain\n", authDomain);
1098 printf("kvno_tgs_key: being called with wrong kvno: %d\n", kvno);
1099 des_string_to_key("applexx", tgskey);
1107 name_instance_legal()