2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 /* This file contains the code to handle UDP requests to the authentication
11 server using the MIT Kerberos protocol for obtaining tickets. It will only
12 handle authentication and get ticket requests to provide read-only protocol
13 level compatibility with the standard Kerberos servers. */
15 #include <afs/param.h>
16 #include <afsconfig.h>
21 #include <sys/types.h>
24 #define snprintf _snprintf
26 #include <sys/socket.h>
28 #include <netinet/in.h>
30 #include <afs/afsutil.h>
32 #include <afs/com_err.h>
44 #include "prot.h" /* protocol definitions */
46 #include "afs/audit.h"
49 /* my kerberos error codes */
50 #define KERB_ERR_BAD_MSG_TYPE 99
51 #define KERB_ERR_BAD_LIFETIME 98
52 #define KERB_ERR_NONNULL_REALM 97
53 #define KERB_ERR_PKT_LENGTH 96
54 #define KERB_ERR_TEXT_LENGTH 95
56 #define KDC_GEN_ERR 20
60 int krb_udp_debug = 0;
62 static int sock_kerb =-1; /* the socket we're using */
63 static int sock_kerb5=-1; /* the socket we're using */
67 struct sockaddr_in from;
73 char *rest; /* remaining bytes of packet */
74 char data[MAX_PKT_LEN];
77 extern struct kadstats dynamic_statistics;
78 extern char *lastOperation;
81 char udpAuthPrincipal[256];
82 char udptgsPrincipal[256];
83 char udptgsServerPrincipal[256];
85 #define putstr(name) if ((slen = strlen(name)) >= MAXKTCNAMELEN) return -1;\
86 else strcpy (answer, name), answer += slen+1
87 #define putint(num) num = htonl(num), \
88 bcopy (&num, answer, sizeof(afs_int32)), \
89 answer += sizeof(afs_int32)
91 #define getstr(name) if ((slen = strlen(packet)) >= sizeof(name)) return -1;\
92 strcpy (name, packet), packet += slen+1
93 #define getint(num) bcopy (packet, &num, sizeof(afs_int32)), \
94 num = ktohl (byteOrder, num), \
95 packet += sizeof(afs_int32)
97 /* this is just to close the log every five minutes to rm works */
101 static FiveMinuteCheckLWP()
105 printf("start 5 min check lwp\n");
109 IOMGR_Sleep(fiveminutes);
110 /* close the log so it can be removed */
111 ReOpenLog(AFSDIR_SERVER_KALOG_FILEPATH);/* no trunc, just append */
116 static afs_int32 create_cipher (cipher, cipherLen, sessionKey, sname, sinst,
117 start, end, kvno, ticket, ticketLen, key)
120 struct ktc_encryptionKey *sessionKey;
127 struct ktc_encryptionKey *key;
130 unsigned char life = time_to_life (start, end);
132 des_key_schedule schedule;
136 len = sizeof(*sessionKey) + strlen(sname) + strlen(sinst) +
137 strlen(lrealm) + 3/*nulls*/ + 3 + ticketLen + sizeof(Date);
138 if (len > *cipherLen) return KAANSWERTOOLONG;
139 if (ticketLen > 255) return KAANSWERTOOLONG;
140 if (kvno > 255) return KAANSWERTOOLONG;
142 bcopy (sessionKey, answer, sizeof(*sessionKey));
143 answer += sizeof(*sessionKey);
148 *answer++ = (unsigned char) kvno;
149 *answer++ = (unsigned char) ticketLen;
150 bcopy (ticket, answer, ticketLen);
155 printf ("Printing ticket (%d) and date: ", ticketLen);
156 ka_PrintBytes (ticket, ticketLen);
157 ka_PrintBytes (answer-4, 4);
161 if (code = des_key_sched (key, schedule))
162 printf ("In KAAuthenticate: key_sched returned %d\n", code);
163 des_pcbc_encrypt (cipher, cipher, len, schedule, key, ENCRYPT);
164 *cipherLen = round_up_to_ebs (len);
167 printf ("Printing cipher (%d): ", *cipherLen);
168 ka_PrintBytes (cipher, *cipherLen);
174 static afs_int32 create_reply (ans, name, inst, startTime, endTime, kvno,
179 Date startTime, endTime;
183 { char *answer = ans->data;
186 ans->len = 2 + strlen(name) + strlen(inst) + 3/*nulls*/ +
187 sizeof(afs_int32) + 1/*ntkts*/ + sizeof(afs_int32) + 1/*kvno*/ +
188 sizeof(short) + cipherLen;
189 if (ans->len > sizeof(ans->data)) return KAANSWERTOOLONG;
190 if (kvno > 255) return KAANSWERTOOLONG;
192 *answer++ = (unsigned char) KRB_PROT_VERSION;
193 *answer++ = (unsigned char) AUTH_MSG_KDC_REPLY;
194 /* always send claiming network byte order */
199 *answer++ = 1; /* undocumented number of tickets! */
201 *answer++ = (unsigned char) kvno;
202 { short w = (short) cipherLen;
204 bcopy (&w, answer, sizeof(short));
205 answer += sizeof(short);
207 bcopy (cipher, answer, cipherLen);
211 static afs_int32 check_auth (pkt, auth, authLen, key, name, inst, cell)
215 struct ktc_encryptionKey *key;
220 des_key_schedule schedule;
222 /* unsigned char time_msec; */
224 int byteOrder = pkt->byteOrder;
226 des_key_sched (key, schedule);
227 des_pcbc_encrypt (auth, auth, authLen, schedule, key, DECRYPT);
229 if (strcmp (packet, name) != 0) return KABADTICKET;
230 packet += strlen (packet) + 1;
231 if (strcmp (packet, inst) != 0) return KABADTICKET;
232 packet += strlen (packet) + 1;
233 if (strcmp (packet, cell) != 0) return KABADTICKET;
234 packet += strlen (packet) + 1;
236 /* time_msec = */ *(unsigned char *)packet++;
238 if ((packet-auth) > authLen) return KABADTICKET;
242 afs_int32 UDP_Authenticate (ksoc, client, name, inst, startTime, endTime, sname, sinst)
244 struct sockaddr_in *client;
251 { struct ubik_trans *tt;
252 afs_int32 to; /* offset of block */
253 struct kaentry tentry;
254 afs_int32 tgskvno; /* key version of service key */
255 struct ktc_encryptionKey tgskey; /* service key for encrypting ticket */
260 char ticket[MAXKTCTICKETLEN]; /* our copy of the ticket */
262 struct ktc_encryptionKey sessionKey; /* we have to invent a session key */
264 char cipher[2*MAXKTCTICKETLEN]; /* put encrypted part of answer here */
268 COUNT_REQ (UAuthenticate);
269 if (!name_instance_legal (name, inst)) return KERB_ERR_NAME_EXP; /* KABADNAME */
270 if (code = InitAuthServ (&tt, LOCKREAD, this_op)) return code;
272 code = FindBlock (tt, name, inst, &to, &tentry);
273 if (code) goto abort;
274 if (to) { /* if user exists check other stuff */
276 struct kaentry sentry;
277 save_principal (udpAuthPrincipal, name, inst, 0);
279 tgt = ((strcmp (sname, KA_TGS_NAME) == 0) &&
280 (strcmp (sinst, lrealm) == 0));
281 if ((ntohl(tentry.user_expiration) < now) ||
282 (tgt && (ntohl(tentry.flags) & KAFNOTGS))) {
283 code = KERB_ERR_NAME_EXP; /* KABADUSER */
286 code = FindBlock (tt, KA_TGS_NAME, lrealm, &sto, &sentry);
287 if (code) goto abort;
288 if (sto == 0) {code = KANOENT; goto abort; }
289 if ((ntohl(sentry.user_expiration) < now)) {
290 code = KERB_ERR_NAME_EXP; /* XXX Could use another error code XXX */
293 if (abs (startTime - now) > KTC_TIME_UNCERTAINTY) {
294 code = KERB_ERR_SERVICE_EXP; /* was KABADREQUEST */
298 if (tentry.misc_auth_bytes) {
299 unsigned char misc_auth_bytes[4];
300 afs_uint32 temp; /* unsigned for safety */
301 afs_uint32 pwexpires;
303 temp = ntohl(*((afs_int32 *)(tentry.misc_auth_bytes)));
304 unpack_long(temp, misc_auth_bytes);
305 pwexpires = misc_auth_bytes[0];
307 pwexpires= ntohl(tentry.change_password_time) + 24*60*60*pwexpires;
308 if ( pwexpires < now ) {
309 code = KERB_ERR_AUTH_EXP; /* was KAPWEXPIRED */
315 /* make the ticket */
316 code = des_random_key (&sessionKey);
318 code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
321 endTime = umin (endTime,
322 startTime + ntohl(tentry.max_ticket_lifetime));
323 if ((code = ka_LookupKey (tt, sname, sinst, &tgskvno, &tgskey)) ||
324 (code = tkt_MakeTicket (ticket, &ticketLen, &tgskey,
326 startTime, endTime, &sessionKey,
327 htonl(client->sin_addr.s_addr), sname, sinst)))
330 cipherLen = sizeof(cipher);
332 (cipher, &cipherLen, &sessionKey, sname, sinst,
333 startTime, endTime, tgskvno, ticket, ticketLen, &tentry.key);
334 if (code) goto abort;
335 } else { /* no such user */
337 tentry.key_version = 0;
339 code = ubik_EndTrans(tt);
343 code = create_reply (&ans, name, inst, startTime, endTime,
344 ntohl(tentry.key_version), cipher, cipherLen);
349 printf ("Sending %d bytes ending in: ", ans.len);
350 ka_PrintBytes (ans.data+ans.len-8, 8);
354 code = sendto (ksoc, ans.data, ans.len, 0,
355 (struct sockaddr *) client, sizeof(*client));
356 if (code != ans.len) {
357 perror ("calling sendto");
361 osi_audit ( UDPAuthenticateEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_END);
366 ubik_AbortTrans (tt);
369 osi_audit ( UDPAuthenticateEvent, code, AUD_STR, name, AUD_STR, inst, AUD_END);
373 afs_int32 UDP_GetTicket (ksoc, pkt, kvno, authDomain, ticket, ticketLen, auth, authLen)
383 struct ktc_encryptionKey tgskey;
384 char name[MAXKTCNAMELEN];
385 char inst[MAXKTCNAMELEN];
386 char cell[MAXKTCREALMLEN];
387 struct ktc_encryptionKey authSessionKey;
397 int byteOrder = pkt->byteOrder;
398 char sname[MAXKTCNAMELEN];
399 char sinst[MAXKTCNAMELEN];
403 struct ubik_trans *tt;
405 struct kaentry caller;
406 struct kaentry server;
408 struct ktc_encryptionKey sessionKey;
410 char newTicket[MAXKTCTICKETLEN];
412 char cipher[2*MAXKTCTICKETLEN]; /* put encrypted part of answer here */
416 COUNT_REQ (UGetTicket);
418 if (code = InitAuthServ(&tt, LOCKREAD, this_op)) goto fail;
419 code = ka_LookupKvno (tt, KA_TGS_NAME,
420 ((strlen(authDomain) > 0) ? authDomain : lrealm),
422 if (code) goto abort;
424 code = tkt_DecodeTicket (ticket, ticketLen, &tgskey, name, inst, cell,
425 &authSessionKey, &host, &start, &authEnd);
430 code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */
433 save_principal (udptgsPrincipal, name, inst, cell);
434 code = tkt_CheckTimes (start, authEnd, now);
437 code = KERB_ERR_SERVICE_EXP; /* was RXKADEXPIRED */
440 code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */
443 celllen = strlen (cell);
445 if ((strlen(authDomain) > 0) && (strcmp (authDomain, lrealm) != 0))
447 if (import && (celllen == 0)) {
448 code = KERB_ERR_PKT_VER; /* was KABADTICKET */
452 strncpy (cell, lrealm, MAXKTCREALMLEN-1);
453 cell[MAXKTCREALMLEN-1] = 0;
457 printf ("UGetTicket: got ticket from '%s'.'%s'@'%s'\n",
461 code = check_auth (pkt, auth, authLen, &authSessionKey, name, inst, cell);
462 if (code) goto abort;
464 /* authenticator and all is OK so read actual request */
467 life = *(unsigned char *)packet++;
471 reqEnd = life_to_time (start, life);
473 printf ("UGetTicket: request for server '%s'.'%s'\n", sname, sinst);
475 save_principal (udptgsServerPrincipal, sname, sinst, 0);
478 strcpy (caller.userID.name, name);
479 strcpy (caller.userID.instance, inst);
480 caller.max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME);
483 code = FindBlock(tt, name, inst, &to, &caller);
484 if (code) goto abort;
486 ka_PrintUserID ("GetTicket: User ", name, inst, " unknown.\n");
487 code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */
490 if (ntohl(caller.flags) & KAFNOTGS)
491 { code = KERB_ERR_AUTH_EXP; /* was KABADUSER */
495 code = FindBlock (tt, sname, sinst, &to, &server); /* get server's entry */
496 if (code) goto abort;
497 if (to == 0) { /* entry not found */
498 ka_PrintUserID ("GetTicket: Server ", sname, sinst, " unknown.\n");
499 code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */
502 code = ubik_EndTrans (tt);
505 if (ntohl(server.flags) & KAFNOSEAL) return KABADSERVER;
507 code = des_random_key (&sessionKey);
509 code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
513 reqEnd = umin (umin (reqEnd, authEnd),
514 umin (start+ntohl(caller.max_ticket_lifetime),
515 start+ntohl(server.max_ticket_lifetime)));
517 code = tkt_MakeTicket (newTicket, &newTicketLen, &server.key,
518 caller.userID.name, caller.userID.instance, cell,
519 start, reqEnd, &sessionKey,
520 htonl(pkt->from.sin_addr.s_addr),
521 server.userID.name, server.userID.instance);
524 cipherLen = sizeof(cipher);
526 (cipher, &cipherLen, &sessionKey, sname, sinst,
527 start, reqEnd, ntohl(server.key_version),
528 newTicket, newTicketLen, &authSessionKey);
531 code = create_reply (&ans, name, inst, start, reqEnd, 0,
535 code = sendto (ksoc, ans.data, ans.len, 0,
536 (struct sockaddr *) &pkt->from, sizeof(pkt->from));
537 if (code != ans.len) {
538 perror ("calling sendto");
543 if (cipherLen != 0) {
544 KALOG(name, inst, sname, sinst, NULL, host, LOG_GETTICKET);
546 osi_audit ( UDPGetTicketEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_STR, cell, AUD_STR, sname, AUD_STR, sinst, AUD_END);
552 osi_audit ( UDPGetTicketEvent, code, AUD_STR, name, AUD_STR, inst, AUD_STR, NULL, AUD_STR, NULL, AUD_STR, NULL, AUD_END);
556 static err_packet (ksoc, pkt, code, reason)
562 char *answer = ans.data;
566 if (reason == 0) reason = "";
567 snprintf (buf, 255, "code = %d: %s", code, reason);
570 printf ("Sending error packet to '%s'.'%s'@'%s' containing %s\n",
571 pkt->name, pkt->inst, pkt->realm, buf);
574 ans.len = 2 + strlen(pkt->name) + strlen(pkt->inst) + strlen(pkt->realm) +
575 3/* nulls */ + (2 * sizeof(afs_int32)) + strlen (buf) + 1;
576 if (ans.len > sizeof(ans.data)) {
577 printf ("Answer packet too long\n");
581 *answer++ = (unsigned char) KRB_PROT_VERSION;
582 *answer++ = (unsigned char) AUTH_MSG_ERR_REPLY;
583 /* always send claiming network byte order */
588 if ((code < 0) || (code > KERB_ERR_MAXIMUM)) {
589 /* It could be because of kauth errors so we should return something instead of success!! */
595 code = sendto(ksoc, ans.data, ans.len, 0,
596 (struct sockaddr *) &pkt->from, sizeof(pkt->from));
597 if (code != ans.len) {
599 printf ("call to sendto returned %d, sending error packet %d bytes long\n",
601 else perror ("err_packet: sendto");
605 process_udp_auth (ksoc, pkt)
608 { char *packet = pkt->rest;
609 char name[MAXKTCNAMELEN];
610 char inst[MAXKTCNAMELEN];
611 char realm[MAXKTCREALMLEN];
612 char sname[MAXKTCNAMELEN];
613 char sinst[MAXKTCNAMELEN];
616 Date startTime, endTime;
617 unsigned char lifetime;
627 printf ("Processing KDC Request from '%s'.'%s'@'%s'\n",
631 if ((strlen(realm) > 0) && (strcmp (realm, lrealm) != 0)) {
632 err_packet (ksoc, pkt, KERB_ERR_NONNULL_REALM,
633 "null realm name not allowed");
636 bcopy (packet, &startTime, sizeof(startTime));
637 packet += sizeof(startTime);
638 startTime = ktohl (pkt->byteOrder, startTime);
639 pkt->time = startTime;
640 lifetime = *packet++;
641 endTime = life_to_time (startTime, lifetime);
642 code = tkt_CheckTimes (startTime, endTime, now);
644 err_packet (ksoc, pkt, KERB_ERR_BAD_LIFETIME,
645 "requested ticket lifetime invalid");
650 if ((packet - pkt->data) != pkt->len) {
651 err_packet (ksoc, pkt, KERB_ERR_PKT_LENGTH, "packet length inconsistent");
655 code = UDP_Authenticate (ksoc, &pkt->from, name, inst,
656 startTime, endTime, sname, sinst);
658 if (code == KANOENT) {
659 code = KERB_ERR_PRINCIPAL_UNKNOWN;
660 err_packet (ksoc, pkt, code, (char *)error_message (code));
661 } else if (code == KAPWEXPIRED) {
662 code = KERB_ERR_NAME_EXP;
663 err_packet (ksoc, pkt, code, "password has expired");
665 err_packet (ksoc, pkt, code, (char *)error_message (code));
670 process_udp_appl (ksoc, pkt)
673 { char *packet = pkt->rest;
675 char realm[MAXKTCREALMLEN];
676 char ticket[MAXKTCTICKETLEN];
677 char auth[3*MAXKTCNAMELEN+4+5];
679 int ticketLen, authLen;
683 printf ("Processing APPL Request\n");
687 ticketLen = *(unsigned char *)packet++;
688 authLen = *(unsigned char *)packet++;
689 if (ticketLen > sizeof(ticket)) {
690 err_packet (ksoc, pkt, KERB_ERR_TEXT_LENGTH, "ticket too long");
693 bcopy (packet, ticket, ticketLen);
695 if (authLen > sizeof(auth)) {
696 err_packet (ksoc, pkt, KERB_ERR_TEXT_LENGTH, "authenticator too long");
699 bcopy (packet, auth, authLen);
700 pkt->rest = packet + authLen;
701 code = UDP_GetTicket (ksoc, pkt, kvno, realm, ticket, ticketLen, auth, authLen);
703 if (code == KANOENT) code = KERB_ERR_PRINCIPAL_UNKNOWN;
704 err_packet (ksoc, pkt, code, (char*)error_message (code));
709 process_udp_request (ksoc, pkt)
712 { char *packet = pkt->data;
713 unsigned char version, auth_msg_type;
716 if (version != KRB_PROT_VERSION) {
717 err_packet (ksoc, pkt, KERB_ERR_PKT_VER, "packet version number unknown");
720 auth_msg_type = *packet++;
721 pkt->byteOrder = auth_msg_type & 1;
723 switch (auth_msg_type & ~1) {
724 case AUTH_MSG_KDC_REQUEST:
725 process_udp_auth (ksoc, pkt);
727 case AUTH_MSG_APPL_REQUEST:
728 process_udp_appl (ksoc, pkt);
731 printf ("unknown msg type 0x%x\n", auth_msg_type);
732 err_packet (ksoc, pkt, KERB_ERR_BAD_MSG_TYPE, "message type not supported");
738 static SocketListener ()
741 struct packet packet;
745 printf ("Starting to listen for UDP packets\n");
748 if (sock_kerb >= 0) FD_SET(sock_kerb, &rfds);
749 if (sock_kerb5 >= 0) FD_SET(sock_kerb5, &rfds);
753 /* write and exception fd_set's are null */
754 code = IOMGR_Select(32, &rfds, NULL, NULL, &tv);
755 if (code == 0) { /* timeout */
756 /* printf ("Timeout\n"); */
760 perror ("calling IOMGR_Select");
764 fromLen = sizeof(packet.from);
765 if ((sock_kerb >= 0) && FD_ISSET(sock_kerb, &rfds)) {
766 code = recvfrom(sock_kerb, packet.data, sizeof(packet.data), 0,
767 (struct sockaddr *) &packet.from, &fromLen);
769 perror ("calling recvfrom");
774 printf ("Kerb:udp: Got %d bytes from addr %s which are '",
775 code, afs_inet_ntoa(packet.from.sin_addr.s_addr));
776 ka_PrintBytes (packet.data, packet.len);
779 packet.name = packet.inst = packet.realm = "";
781 process_udp_request (sock_kerb, &packet);
783 if ((sock_kerb5 >= 0) && FD_ISSET(sock_kerb5, &rfds)) {
784 code = recvfrom(sock_kerb5, packet.data, sizeof(packet.data), 0,
785 (struct sockaddr *) &packet.from, &fromLen);
787 perror ("calling recvfrom");
792 printf ("Kerb5:udp: Got %d bytes from addr %s which are '",
793 code, afs_inet_ntoa(packet.from.sin_addr.s_addr));
794 ka_PrintBytes (packet.data, packet.len);
797 packet.name = packet.inst = packet.realm = "";
799 process_udp_request (sock_kerb5, &packet);
806 #include "AFS_component_version_number.c"
810 afs_int32 init_krb_udp ()
812 { struct sockaddr_in taddr;
813 static PROCESS slPid; /* socket listener pid */
814 static PROCESS checkPid; /* fiveminute check */
816 char* krb4name; /* kerberos version4 service */
822 static int inited = 0;
825 if (inited) return -1;
828 bzero (&taddr, sizeof(taddr));
829 krb4name = "kerberos4";
830 sp = getservbyname(krb4name, "udp");
831 taddr.sin_family = AF_INET; /* added for NCR port */
834 /* if kerberos-4 is not available, try "kerberos-iv" */
835 krb4name = "kerberos-iv";
836 sp = getservbyname(krb4name, "udp");
840 /* if kerberos-iv is not available, try "kerberos" */
841 krb4name = "kerberos";
842 sp = getservbyname(krb4name, "udp");
846 "kerberos/udp is unknown; check /etc/services. Using port=%d as default\n",
848 taddr.sin_port = htons(KRB_PORT);
850 /* copy the port number */
851 fprintf (stderr, "%s/udp port=%hu\n", krb4name, (unsigned short)sp->s_port);
852 taddr.sin_port = sp->s_port;
854 kerb_port = taddr.sin_port;
855 sock_kerb = socket(AF_INET, SOCK_DGRAM, 0);
856 code = bind(sock_kerb, (struct sockaddr *) &taddr, sizeof(taddr));
858 perror ("calling bind");
862 sp = getservbyname("kerberos5", "udp");
865 "kerberos5/udp is unknown; check /etc/services. Using port=%d as default\n",
867 taddr.sin_port = htons(KRB5_PORT);
869 /* copy the port number */
870 fprintf (stderr, "kerberos5/udp port=%hu\n", (unsigned short)sp->s_port);
871 taddr.sin_port = sp->s_port;
873 if (taddr.sin_port != kerb_port) { /* a different port */
874 sock_kerb5 = socket(AF_INET, SOCK_DGRAM, 0);
875 code = bind(sock_kerb5, (struct sockaddr *) &taddr, sizeof(taddr));
877 perror ("calling bind");
882 /* Bail out if we can't bind with any port */
883 if ((sock_kerb < 0) && (sock_kerb5 < 0))
887 /* this has already been done */
888 LWP_InitializeProcessSupport(LWP_NORMAL_PRIORITY, &junk);
891 LWP_CreateProcess(SocketListener, /*stacksize*/16000, LWP_NORMAL_PRIORITY,
892 0, "Socket Listener", &slPid);
894 /* just to close the log every five minutes */
896 LWP_CreateProcess(FiveMinuteCheckLWP, 24*1024,
897 LWP_MAX_PRIORITY - 2, &fiveminutes,
898 "FiveMinuteChecks", &checkPid);
901 initialize_ka_error_table();
902 initialize_rxk_error_table();
903 while (1) /* don't just stand there, run it */
912 char *lastOperation; /* name of last operation */
913 char *lrealm = "REALMNAME";
914 struct kadstats dynamic_statistics;
916 static int InitAuthServ (tt, lock, this_op)
917 struct ubik_trans **tt;
918 int lock; /* read or write transaction */
919 int *this_op; /* op of RCP routine, for COUNT_ABO */
923 printf ("Calling InitAuthServ\n");
927 static int ubik_EndTrans (tt)
928 struct ubik_trans *tt;
930 printf ("Calling ubik_EndTrans\n");
934 static int ubik_AbortTrans (tt)
935 struct ubik_trans *tt;
937 printf ("Calling ubik_AbortTrans\n");
941 static int FindBlock (at, aname, ainstance, tentry)
942 struct ubik_trans *at;
945 struct kaentry *tentry;
947 printf ("Calling FindBlock with '%s'.'%s'\n", aname, ainstance);
948 strcpy (tentry->userID.name, aname);
949 strcpy (tentry->userID.instance, ainstance);
950 tentry->key_version = htonl(17);
951 des_string_to_key ("toa", &tentry->key);
952 tentry->flags = htonl(KAFNORMAL);
953 tentry->user_expiration = htonl(NEVERDATE);
954 tentry->max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME);
958 static int ka_LookupKey (tt, name, inst, kvno, key)
959 struct ubik_trans *tt;
962 afs_int32 *kvno; /* returned */
963 struct ktc_encryptionKey *key; /* copied out */
965 printf ("Calling ka_LookupKey with '%s'.'%s'\n", name, inst);
967 des_string_to_key ("applexx", key);
970 static afs_int32 kvno_tgs_key (authDomain, kvno, tgskey)
973 struct ktc_encryptionKey *tgskey;
975 if (strcmp (authDomain, lrealm) != 0)
976 printf ("Called with wrong %s as authDomain\n", authDomain);
978 printf ("kvno_tgs_key: being called with wrong kvno: %d\n", kvno);
979 des_string_to_key ("applexx", tgskey);
986 name_instance_legal ()