2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 /* This file contains the code to handle UDP requests to the authentication
11 server using the MIT Kerberos protocol for obtaining tickets. It will only
12 handle authentication and get ticket requests to provide read-only protocol
13 level compatibility with the standard Kerberos servers. */
15 #include <afsconfig.h>
16 #include <afs/param.h>
21 #include <sys/types.h>
24 #define snprintf _snprintf
26 #include <sys/socket.h>
28 #include <netinet/in.h>
37 #include <afs/afsutil.h>
39 #include <afs/com_err.h>
51 #include "prot.h" /* protocol definitions */
53 #include "afs/audit.h"
56 /* my kerberos error codes */
57 #define KERB_ERR_BAD_MSG_TYPE 99
58 #define KERB_ERR_BAD_LIFETIME 98
59 #define KERB_ERR_NONNULL_REALM 97
60 #define KERB_ERR_PKT_LENGTH 96
61 #define KERB_ERR_TEXT_LENGTH 95
63 #define KDC_GEN_ERR 20
67 int krb_udp_debug = 0;
69 static int sock_kerb =-1; /* the socket we're using */
70 static int sock_kerb5=-1; /* the socket we're using */
74 struct sockaddr_in from;
80 char *rest; /* remaining bytes of packet */
81 char data[MAX_PKT_LEN];
84 extern struct kadstats dynamic_statistics;
85 extern char *lastOperation;
88 char udpAuthPrincipal[256];
89 char udptgsPrincipal[256];
90 char udptgsServerPrincipal[256];
92 #define putstr(name) if ((slen = strlen(name)) >= MAXKTCNAMELEN) return -1;\
93 else strcpy (answer, name), answer += slen+1
94 #define putint(num) num = htonl(num), \
95 memcpy(answer, &num, sizeof(afs_int32)), \
96 answer += sizeof(afs_int32)
98 #define getstr(name) if ((slen = strlen(packet)) >= sizeof(name)) return -1;\
99 strcpy (name, packet), packet += slen+1
100 #define getint(num) memcpy(&num, packet, sizeof(afs_int32)), \
101 num = ktohl (byteOrder, num), \
102 packet += sizeof(afs_int32)
104 /* this is just to close the log every five minutes to rm works */
108 static FiveMinuteCheckLWP()
111 printf("start 5 min check lwp\n");
115 IOMGR_Sleep(fiveminutes);
116 /* close the log so it can be removed */
117 ReOpenLog(AFSDIR_SERVER_KALOG_FILEPATH);/* no trunc, just append */
122 static afs_int32 create_cipher (cipher, cipherLen, sessionKey, sname, sinst,
123 start, end, kvno, ticket, ticketLen, key)
126 struct ktc_encryptionKey *sessionKey;
133 struct ktc_encryptionKey *key;
136 unsigned char life = time_to_life (start, end);
138 des_key_schedule schedule;
142 len = sizeof(*sessionKey) + strlen(sname) + strlen(sinst) +
143 strlen(lrealm) + 3/*nulls*/ + 3 + ticketLen + sizeof(Date);
144 if (len > *cipherLen) return KAANSWERTOOLONG;
145 if (ticketLen > 255) return KAANSWERTOOLONG;
146 if (kvno > 255) return KAANSWERTOOLONG;
148 memcpy(answer, sessionKey, sizeof(*sessionKey));
149 answer += sizeof(*sessionKey);
154 *answer++ = (unsigned char) kvno;
155 *answer++ = (unsigned char) ticketLen;
156 memcpy(answer, ticket, ticketLen);
161 printf ("Printing ticket (%d) and date: ", ticketLen);
162 ka_PrintBytes (ticket, ticketLen);
163 ka_PrintBytes (answer-4, 4);
167 if (code = des_key_sched (key, schedule))
168 printf ("In KAAuthenticate: key_sched returned %d\n", code);
169 des_pcbc_encrypt (cipher, cipher, len, schedule, key, ENCRYPT);
170 *cipherLen = round_up_to_ebs (len);
173 printf ("Printing cipher (%d): ", *cipherLen);
174 ka_PrintBytes (cipher, *cipherLen);
180 static afs_int32 create_reply (ans, name, inst, startTime, endTime, kvno,
185 Date startTime, endTime;
189 { char *answer = ans->data;
192 ans->len = 2 + strlen(name) + strlen(inst) + 3/*nulls*/ +
193 sizeof(afs_int32) + 1/*ntkts*/ + sizeof(afs_int32) + 1/*kvno*/ +
194 sizeof(short) + cipherLen;
195 if (ans->len > sizeof(ans->data)) return KAANSWERTOOLONG;
196 if (kvno > 255) return KAANSWERTOOLONG;
198 *answer++ = (unsigned char) KRB_PROT_VERSION;
199 *answer++ = (unsigned char) AUTH_MSG_KDC_REPLY;
200 /* always send claiming network byte order */
205 *answer++ = 1; /* undocumented number of tickets! */
207 *answer++ = (unsigned char) kvno;
208 { short w = (short) cipherLen;
210 memcpy(answer, &w, sizeof(short));
211 answer += sizeof(short);
213 memcpy(answer, cipher, cipherLen);
217 static afs_int32 check_auth (pkt, auth, authLen, key, name, inst, cell)
221 struct ktc_encryptionKey *key;
226 des_key_schedule schedule;
228 /* unsigned char time_msec; */
230 int byteOrder = pkt->byteOrder;
232 des_key_sched (key, schedule);
233 des_pcbc_encrypt (auth, auth, authLen, schedule, key, DECRYPT);
235 if (strcmp (packet, name) != 0) return KABADTICKET;
236 packet += strlen (packet) + 1;
237 if (strcmp (packet, inst) != 0) return KABADTICKET;
238 packet += strlen (packet) + 1;
239 if (strcmp (packet, cell) != 0) return KABADTICKET;
240 packet += strlen (packet) + 1;
242 /* time_msec = */ *(unsigned char *)packet++;
244 if ((packet-auth) > authLen) return KABADTICKET;
248 afs_int32 UDP_Authenticate (ksoc, client, name, inst, startTime, endTime, sname, sinst)
250 struct sockaddr_in *client;
257 { struct ubik_trans *tt;
258 afs_int32 to; /* offset of block */
259 struct kaentry tentry;
260 afs_int32 tgskvno; /* key version of service key */
261 struct ktc_encryptionKey tgskey; /* service key for encrypting ticket */
266 char ticket[MAXKTCTICKETLEN]; /* our copy of the ticket */
268 struct ktc_encryptionKey sessionKey; /* we have to invent a session key */
270 char cipher[2*MAXKTCTICKETLEN]; /* put encrypted part of answer here */
274 COUNT_REQ (UAuthenticate);
275 if (!name_instance_legal (name, inst)) return KERB_ERR_NAME_EXP; /* KABADNAME */
276 if (code = InitAuthServ (&tt, LOCKREAD, this_op)) return code;
278 code = FindBlock (tt, name, inst, &to, &tentry);
279 if (code) goto abort;
280 if (to) { /* if user exists check other stuff */
282 struct kaentry sentry;
283 save_principal (udpAuthPrincipal, name, inst, 0);
285 tgt = ((strcmp (sname, KA_TGS_NAME) == 0) &&
286 (strcmp (sinst, lrealm) == 0));
287 if ((ntohl(tentry.user_expiration) < now) ||
288 (tgt && (ntohl(tentry.flags) & KAFNOTGS))) {
289 code = KERB_ERR_NAME_EXP; /* KABADUSER */
292 code = FindBlock (tt, KA_TGS_NAME, lrealm, &sto, &sentry);
293 if (code) goto abort;
294 if (sto == 0) {code = KANOENT; goto abort; }
295 if ((ntohl(sentry.user_expiration) < now)) {
296 code = KERB_ERR_NAME_EXP; /* XXX Could use another error code XXX */
299 if (abs (startTime - now) > KTC_TIME_UNCERTAINTY) {
300 code = KERB_ERR_SERVICE_EXP; /* was KABADREQUEST */
304 if (tentry.misc_auth_bytes) {
305 unsigned char misc_auth_bytes[4];
306 afs_uint32 temp; /* unsigned for safety */
307 afs_uint32 pwexpires;
309 temp = ntohl(*((afs_int32 *)(tentry.misc_auth_bytes)));
310 unpack_long(temp, misc_auth_bytes);
311 pwexpires = misc_auth_bytes[0];
313 pwexpires= ntohl(tentry.change_password_time) + 24*60*60*pwexpires;
314 if ( pwexpires < now ) {
315 code = KERB_ERR_AUTH_EXP; /* was KAPWEXPIRED */
321 /* make the ticket */
322 code = des_random_key (&sessionKey);
324 code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
327 endTime = umin (endTime,
328 startTime + ntohl(tentry.max_ticket_lifetime));
329 if ((code = ka_LookupKey (tt, sname, sinst, &tgskvno, &tgskey)) ||
330 (code = tkt_MakeTicket (ticket, &ticketLen, &tgskey,
332 startTime, endTime, &sessionKey,
333 htonl(client->sin_addr.s_addr), sname, sinst)))
336 cipherLen = sizeof(cipher);
338 (cipher, &cipherLen, &sessionKey, sname, sinst,
339 startTime, endTime, tgskvno, ticket, ticketLen, &tentry.key);
340 if (code) goto abort;
341 } else { /* no such user */
343 tentry.key_version = 0;
345 code = ubik_EndTrans(tt);
349 code = create_reply (&ans, name, inst, startTime, endTime,
350 ntohl(tentry.key_version), cipher, cipherLen);
355 printf ("Sending %d bytes ending in: ", ans.len);
356 ka_PrintBytes (ans.data+ans.len-8, 8);
360 code = sendto (ksoc, ans.data, ans.len, 0,
361 (struct sockaddr *) client, sizeof(*client));
362 if (code != ans.len) {
363 perror ("calling sendto");
367 KALOG(name, inst, sname, sinst, NULL, client->sin_addr.s_addr, LOG_AUTHENTICATE);
368 osi_audit ( UDPAuthenticateEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_END);
373 ubik_AbortTrans (tt);
376 osi_audit ( UDPAuthenticateEvent, code, AUD_STR, name, AUD_STR, inst, AUD_END);
380 afs_int32 UDP_GetTicket (ksoc, pkt, kvno, authDomain, ticket, ticketLen, auth, authLen)
390 struct ktc_encryptionKey tgskey;
391 char name[MAXKTCNAMELEN];
392 char inst[MAXKTCNAMELEN];
393 char cell[MAXKTCREALMLEN];
394 struct ktc_encryptionKey authSessionKey;
404 int byteOrder = pkt->byteOrder;
405 char sname[MAXKTCNAMELEN];
406 char sinst[MAXKTCNAMELEN];
410 struct ubik_trans *tt;
412 struct kaentry caller;
413 struct kaentry server;
415 struct ktc_encryptionKey sessionKey;
417 char newTicket[MAXKTCTICKETLEN];
419 char cipher[2*MAXKTCTICKETLEN]; /* put encrypted part of answer here */
423 COUNT_REQ (UGetTicket);
425 if (code = InitAuthServ(&tt, LOCKREAD, this_op)) goto fail;
426 code = ka_LookupKvno (tt, KA_TGS_NAME,
427 ((strlen(authDomain) > 0) ? authDomain : lrealm),
429 if (code) goto abort;
431 code = tkt_DecodeTicket (ticket, ticketLen, &tgskey, name, inst, cell,
432 &authSessionKey, &host, &start, &authEnd);
437 code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */
440 save_principal (udptgsPrincipal, name, inst, cell);
441 code = tkt_CheckTimes (start, authEnd, now);
444 code = KERB_ERR_SERVICE_EXP; /* was RXKADEXPIRED */
447 code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */
450 celllen = strlen (cell);
452 if ((strlen(authDomain) > 0) && (strcmp (authDomain, lrealm) != 0))
454 if (import && (celllen == 0)) {
455 code = KERB_ERR_PKT_VER; /* was KABADTICKET */
459 strncpy (cell, lrealm, MAXKTCREALMLEN-1);
460 cell[MAXKTCREALMLEN-1] = 0;
464 printf ("UGetTicket: got ticket from '%s'.'%s'@'%s'\n",
468 code = check_auth (pkt, auth, authLen, &authSessionKey, name, inst, cell);
469 if (code) goto abort;
471 /* authenticator and all is OK so read actual request */
474 life = *(unsigned char *)packet++;
478 reqEnd = life_to_time (start, life);
480 printf ("UGetTicket: request for server '%s'.'%s'\n", sname, sinst);
482 save_principal (udptgsServerPrincipal, sname, sinst, 0);
485 strcpy (caller.userID.name, name);
486 strcpy (caller.userID.instance, inst);
487 caller.max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME);
490 code = FindBlock(tt, name, inst, &to, &caller);
491 if (code) goto abort;
493 ka_PrintUserID ("GetTicket: User ", name, inst, " unknown.\n");
494 code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */
497 if (ntohl(caller.flags) & KAFNOTGS)
498 { code = KERB_ERR_AUTH_EXP; /* was KABADUSER */
502 code = FindBlock (tt, sname, sinst, &to, &server); /* get server's entry */
503 if (code) goto abort;
504 if (to == 0) { /* entry not found */
505 ka_PrintUserID ("GetTicket: Server ", sname, sinst, " unknown.\n");
506 code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */
509 code = ubik_EndTrans (tt);
512 if (ntohl(server.flags) & KAFNOSEAL) return KABADSERVER;
514 code = des_random_key (&sessionKey);
516 code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
520 reqEnd = umin (umin (reqEnd, authEnd),
521 umin (start+ntohl(caller.max_ticket_lifetime),
522 start+ntohl(server.max_ticket_lifetime)));
524 code = tkt_MakeTicket (newTicket, &newTicketLen, &server.key,
525 caller.userID.name, caller.userID.instance, cell,
526 start, reqEnd, &sessionKey,
527 htonl(pkt->from.sin_addr.s_addr),
528 server.userID.name, server.userID.instance);
531 cipherLen = sizeof(cipher);
533 (cipher, &cipherLen, &sessionKey, sname, sinst,
534 start, reqEnd, ntohl(server.key_version),
535 newTicket, newTicketLen, &authSessionKey);
538 code = create_reply (&ans, name, inst, start, reqEnd, 0,
542 code = sendto (ksoc, ans.data, ans.len, 0,
543 (struct sockaddr *) &pkt->from, sizeof(pkt->from));
544 if (code != ans.len) {
545 perror ("calling sendto");
550 if (cipherLen != 0) {
551 KALOG(name, inst, sname, sinst, NULL, host, LOG_GETTICKET);
553 osi_audit ( UDPGetTicketEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_STR, cell, AUD_STR, sname, AUD_STR, sinst, AUD_END);
559 osi_audit ( UDPGetTicketEvent, code, AUD_STR, name, AUD_STR, inst, AUD_STR, NULL, AUD_STR, NULL, AUD_STR, NULL, AUD_END);
563 static int err_packet (ksoc, pkt, code, reason)
569 char *answer = ans.data;
573 if (reason == 0) reason = "";
574 snprintf (buf, 255, "code = %d: %s", code, reason);
577 printf ("Sending error packet to '%s'.'%s'@'%s' containing %s\n",
578 pkt->name, pkt->inst, pkt->realm, buf);
581 ans.len = 2 + strlen(pkt->name) + strlen(pkt->inst) + strlen(pkt->realm) +
582 3/* nulls */ + (2 * sizeof(afs_int32)) + strlen (buf) + 1;
583 if (ans.len > sizeof(ans.data)) {
584 printf ("Answer packet too long\n");
588 *answer++ = (unsigned char) KRB_PROT_VERSION;
589 *answer++ = (unsigned char) AUTH_MSG_ERR_REPLY;
590 /* always send claiming network byte order */
595 if ((code < 0) || (code > KERB_ERR_MAXIMUM)) {
596 /* It could be because of kauth errors so we should return something instead of success!! */
602 code = sendto(ksoc, ans.data, ans.len, 0,
603 (struct sockaddr *) &pkt->from, sizeof(pkt->from));
604 if (code != ans.len) {
606 printf ("call to sendto returned %d, sending error packet %d bytes long\n",
608 else perror ("err_packet: sendto");
614 process_udp_auth (ksoc, pkt)
617 { char *packet = pkt->rest;
618 char name[MAXKTCNAMELEN];
619 char inst[MAXKTCNAMELEN];
620 char realm[MAXKTCREALMLEN];
621 char sname[MAXKTCNAMELEN];
622 char sinst[MAXKTCNAMELEN];
625 Date startTime, endTime;
626 unsigned char lifetime;
636 printf ("Processing KDC Request from '%s'.'%s'@'%s'\n",
640 if ((strlen(realm) > 0) && (strcmp (realm, lrealm) != 0)) {
641 err_packet (ksoc, pkt, KERB_ERR_NONNULL_REALM,
642 "null realm name not allowed");
645 memcpy(&startTime, packet, sizeof(startTime));
646 packet += sizeof(startTime);
647 startTime = ktohl (pkt->byteOrder, startTime);
648 pkt->time = startTime;
649 lifetime = *packet++;
650 endTime = life_to_time (startTime, lifetime);
651 code = tkt_CheckTimes (startTime, endTime, now);
653 err_packet (ksoc, pkt, KERB_ERR_BAD_LIFETIME,
654 "requested ticket lifetime invalid");
659 if ((packet - pkt->data) != pkt->len) {
660 err_packet (ksoc, pkt, KERB_ERR_PKT_LENGTH, "packet length inconsistent");
664 code = UDP_Authenticate (ksoc, &pkt->from, name, inst,
665 startTime, endTime, sname, sinst);
667 if (code == KANOENT) {
668 code = KERB_ERR_PRINCIPAL_UNKNOWN;
669 err_packet (ksoc, pkt, code, (char *)error_message (code));
670 } else if (code == KAPWEXPIRED) {
671 code = KERB_ERR_NAME_EXP;
672 err_packet (ksoc, pkt, code, "password has expired");
674 err_packet (ksoc, pkt, code, (char *)error_message (code));
680 process_udp_appl (ksoc, pkt)
683 { char *packet = pkt->rest;
685 char realm[MAXKTCREALMLEN];
686 char ticket[MAXKTCTICKETLEN];
687 char auth[3*MAXKTCNAMELEN+4+5];
689 int ticketLen, authLen;
693 printf ("Processing APPL Request\n");
697 ticketLen = *(unsigned char *)packet++;
698 authLen = *(unsigned char *)packet++;
699 if (ticketLen > sizeof(ticket)) {
700 err_packet (ksoc, pkt, KERB_ERR_TEXT_LENGTH, "ticket too long");
703 memcpy(ticket, packet, ticketLen);
705 if (authLen > sizeof(auth)) {
706 err_packet (ksoc, pkt, KERB_ERR_TEXT_LENGTH, "authenticator too long");
709 memcpy(auth, packet, authLen);
710 pkt->rest = packet + authLen;
711 code = UDP_GetTicket (ksoc, pkt, kvno, realm, ticket, ticketLen, auth, authLen);
713 if (code == KANOENT) code = KERB_ERR_PRINCIPAL_UNKNOWN;
714 err_packet (ksoc, pkt, code, (char*)error_message (code));
721 process_udp_request (ksoc, pkt)
724 { char *packet = pkt->data;
725 unsigned char version, auth_msg_type;
728 if (version != KRB_PROT_VERSION) {
729 err_packet (ksoc, pkt, KERB_ERR_PKT_VER, "packet version number unknown");
732 auth_msg_type = *packet++;
733 pkt->byteOrder = auth_msg_type & 1;
735 switch (auth_msg_type & ~1) {
736 case AUTH_MSG_KDC_REQUEST:
737 process_udp_auth (ksoc, pkt);
739 case AUTH_MSG_APPL_REQUEST:
740 process_udp_appl (ksoc, pkt);
743 printf ("unknown msg type 0x%x\n", auth_msg_type);
744 err_packet (ksoc, pkt, KERB_ERR_BAD_MSG_TYPE, "message type not supported");
750 static SocketListener ()
753 struct packet packet;
757 printf ("Starting to listen for UDP packets\n");
760 if (sock_kerb >= 0) FD_SET(sock_kerb, &rfds);
761 if (sock_kerb5 >= 0) FD_SET(sock_kerb5, &rfds);
765 /* write and exception fd_set's are null */
766 code = IOMGR_Select(32, &rfds, NULL, NULL, &tv);
767 if (code == 0) { /* timeout */
768 /* printf ("Timeout\n"); */
772 perror ("calling IOMGR_Select");
776 fromLen = sizeof(packet.from);
777 if ((sock_kerb >= 0) && FD_ISSET(sock_kerb, &rfds)) {
778 code = recvfrom(sock_kerb, packet.data, sizeof(packet.data), 0,
779 (struct sockaddr *) &packet.from, &fromLen);
781 perror ("calling recvfrom");
786 printf ("Kerb:udp: Got %d bytes from addr %s which are '",
787 code, afs_inet_ntoa(packet.from.sin_addr.s_addr));
788 ka_PrintBytes (packet.data, packet.len);
791 packet.name = packet.inst = packet.realm = "";
793 process_udp_request (sock_kerb, &packet);
795 if ((sock_kerb5 >= 0) && FD_ISSET(sock_kerb5, &rfds)) {
796 code = recvfrom(sock_kerb5, packet.data, sizeof(packet.data), 0,
797 (struct sockaddr *) &packet.from, &fromLen);
799 perror ("calling recvfrom");
804 printf ("Kerb5:udp: Got %d bytes from addr %s which are '",
805 code, afs_inet_ntoa(packet.from.sin_addr.s_addr));
806 ka_PrintBytes (packet.data, packet.len);
809 packet.name = packet.inst = packet.realm = "";
811 process_udp_request (sock_kerb5, &packet);
818 #include "AFS_component_version_number.c"
822 afs_int32 init_krb_udp ()
824 { struct sockaddr_in taddr;
825 static PROCESS slPid; /* socket listener pid */
826 static PROCESS checkPid; /* fiveminute check */
828 char* krb4name; /* kerberos version4 service */
834 static int inited = 0;
837 if (inited) return -1;
840 memset(&taddr, 0, sizeof(taddr));
841 krb4name = "kerberos4";
842 sp = getservbyname(krb4name, "udp");
843 taddr.sin_family = AF_INET; /* added for NCR port */
846 /* if kerberos-4 is not available, try "kerberos-iv" */
847 krb4name = "kerberos-iv";
848 sp = getservbyname(krb4name, "udp");
852 /* if kerberos-iv is not available, try "kerberos" */
853 krb4name = "kerberos";
854 sp = getservbyname(krb4name, "udp");
858 "kerberos/udp is unknown; check /etc/services. Using port=%d as default\n",
860 taddr.sin_port = htons(KRB_PORT);
862 /* copy the port number */
863 fprintf (stderr, "%s/udp port=%hu\n", krb4name, (unsigned short)sp->s_port);
864 taddr.sin_port = sp->s_port;
866 kerb_port = taddr.sin_port;
867 sock_kerb = socket(AF_INET, SOCK_DGRAM, 0);
868 code = bind(sock_kerb, (struct sockaddr *) &taddr, sizeof(taddr));
870 perror ("calling bind");
874 sp = getservbyname("kerberos5", "udp");
877 "kerberos5/udp is unknown; check /etc/services. Using port=%d as default\n",
879 taddr.sin_port = htons(KRB5_PORT);
881 /* copy the port number */
882 fprintf (stderr, "kerberos5/udp port=%hu\n", (unsigned short)sp->s_port);
883 taddr.sin_port = sp->s_port;
885 if (taddr.sin_port != kerb_port) { /* a different port */
886 sock_kerb5 = socket(AF_INET, SOCK_DGRAM, 0);
887 code = bind(sock_kerb5, (struct sockaddr *) &taddr, sizeof(taddr));
889 perror ("calling bind");
894 /* Bail out if we can't bind with any port */
895 if ((sock_kerb < 0) && (sock_kerb5 < 0))
899 /* this has already been done */
900 LWP_InitializeProcessSupport(LWP_NORMAL_PRIORITY, &junk);
903 LWP_CreateProcess(SocketListener, /*stacksize*/16000, LWP_NORMAL_PRIORITY,
904 0, "Socket Listener", &slPid);
906 /* just to close the log every five minutes */
908 LWP_CreateProcess(FiveMinuteCheckLWP, 24*1024,
909 LWP_MAX_PRIORITY - 2, &fiveminutes,
910 "FiveMinuteChecks", &checkPid);
913 initialize_ka_error_table();
914 initialize_rxk_error_table();
915 while (1) /* don't just stand there, run it */
924 char *lastOperation; /* name of last operation */
925 char *lrealm = "REALMNAME";
926 struct kadstats dynamic_statistics;
928 static int InitAuthServ (tt, lock, this_op)
929 struct ubik_trans **tt;
930 int lock; /* read or write transaction */
931 int *this_op; /* op of RCP routine, for COUNT_ABO */
935 printf ("Calling InitAuthServ\n");
939 static int ubik_EndTrans (tt)
940 struct ubik_trans *tt;
942 printf ("Calling ubik_EndTrans\n");
946 static int ubik_AbortTrans (tt)
947 struct ubik_trans *tt;
949 printf ("Calling ubik_AbortTrans\n");
953 static int FindBlock (at, aname, ainstance, tentry)
954 struct ubik_trans *at;
957 struct kaentry *tentry;
959 printf ("Calling FindBlock with '%s'.'%s'\n", aname, ainstance);
960 strcpy (tentry->userID.name, aname);
961 strcpy (tentry->userID.instance, ainstance);
962 tentry->key_version = htonl(17);
963 des_string_to_key ("toa", &tentry->key);
964 tentry->flags = htonl(KAFNORMAL);
965 tentry->user_expiration = htonl(NEVERDATE);
966 tentry->max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME);
970 static int ka_LookupKey (tt, name, inst, kvno, key)
971 struct ubik_trans *tt;
974 afs_int32 *kvno; /* returned */
975 struct ktc_encryptionKey *key; /* copied out */
977 printf ("Calling ka_LookupKey with '%s'.'%s'\n", name, inst);
979 des_string_to_key ("applexx", key);
982 static afs_int32 kvno_tgs_key (authDomain, kvno, tgskey)
985 struct ktc_encryptionKey *tgskey;
987 if (strcmp (authDomain, lrealm) != 0)
988 printf ("Called with wrong %s as authDomain\n", authDomain);
990 printf ("kvno_tgs_key: being called with wrong kvno: %d\n", kvno);
991 des_string_to_key ("applexx", tgskey);
998 name_instance_legal ()