2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 /* This file contains the code to handle UDP requests to the authentication
11 server using the MIT Kerberos protocol for obtaining tickets. It will only
12 handle authentication and get ticket requests to provide read-only protocol
13 level compatibility with the standard Kerberos servers. */
15 #include <afsconfig.h>
16 #include <afs/param.h>
20 #include <sys/types.h>
24 #include <afs/errmap_nt.h>
25 #define snprintf _snprintf
27 #include <sys/socket.h>
29 #include <netinet/in.h>
32 #include <afs/afsutil.h>
34 #include <afs/com_err.h>
46 #include "prot.h" /* protocol definitions */
48 #include "afs/audit.h"
51 /* my kerberos error codes */
52 #define KERB_ERR_BAD_MSG_TYPE 99
53 #define KERB_ERR_BAD_LIFETIME 98
54 #define KERB_ERR_NONNULL_REALM 97
55 #define KERB_ERR_PKT_LENGTH 96
56 #define KERB_ERR_TEXT_LENGTH 95
58 #define KDC_GEN_ERR 20
62 #define closesocket close
65 int krb_udp_debug = 0;
67 static int sock_kerb = -1; /* the socket we're using */
68 static int sock_kerb5 = -1; /* the socket we're using */
72 struct sockaddr_in from;
78 char *rest; /* remaining bytes of packet */
79 char data[MAX_PKT_LEN];
82 extern char *lastOperation;
85 char udpAuthPrincipal[256];
86 char udptgsPrincipal[256];
87 char udptgsServerPrincipal[256];
89 #define putstr(name) if ((slen = strlen(name)) >= MAXKTCNAMELEN) return -1;\
90 else strcpy (answer, name), answer += slen+1
91 #define putint(num) num = htonl(num), \
92 memcpy(answer, &num, sizeof(afs_int32)), \
93 answer += sizeof(afs_int32)
95 #define getstr(name) if ((slen = strlen(packet)) >= sizeof(name)) return -1;\
96 strcpy (name, packet), packet += slen+1
97 #define getint(num) memcpy(&num, packet, sizeof(afs_int32)), \
98 num = ktohl (byteOrder, num), \
99 packet += sizeof(afs_int32)
101 /* this is just to close the log every five minutes to rm works */
103 int fiveminutes = 300;
106 FiveMinuteCheckLWP(void *unused)
109 printf("start 5 min check lwp\n");
112 IOMGR_Sleep(fiveminutes);
113 /* close the log so it can be removed */
114 ReOpenLog(AFSDIR_SERVER_KALOG_FILEPATH); /* no trunc, just append */
121 create_cipher(cipher, cipherLen, sessionKey, sname, sinst, start, end, kvno,
122 ticket, ticketLen, key)
125 struct ktc_encryptionKey *sessionKey;
132 struct ktc_encryptionKey *key;
136 unsigned char life = time_to_life(start, end);
138 des_key_schedule schedule;
143 sizeof(*sessionKey) + strlen(sname) + strlen(sinst) + strlen(lrealm) +
144 3 /*nulls */ + 3 + ticketLen + sizeof(Date);
145 if (len > *cipherLen)
146 return KAANSWERTOOLONG;
148 return KAANSWERTOOLONG;
150 return KAANSWERTOOLONG;
152 memcpy(answer, sessionKey, sizeof(*sessionKey));
153 answer += sizeof(*sessionKey);
158 *answer++ = (unsigned char)kvno;
159 *answer++ = (unsigned char)ticketLen;
160 memcpy(answer, ticket, ticketLen);
165 printf("Printing ticket (%d) and date: ", ticketLen);
166 ka_PrintBytes(ticket, ticketLen);
167 ka_PrintBytes(answer - 4, 4);
171 if (code = des_key_sched(key, schedule))
172 printf("In KAAuthenticate: key_sched returned %d\n", code);
173 des_pcbc_encrypt(cipher, cipher, len, schedule, key, ENCRYPT);
174 *cipherLen = round_up_to_ebs(len);
177 printf("Printing cipher (%d): ", *cipherLen);
178 ka_PrintBytes(cipher, *cipherLen);
185 create_reply(ans, name, inst, startTime, endTime, kvno, cipher, cipherLen)
189 Date startTime, endTime;
194 char *answer = ans->data;
197 ans->len = 2 + strlen(name) + strlen(inst) + 3 /*nulls */ +
198 sizeof(afs_int32) + 1 /*ntkts */ + sizeof(afs_int32) + 1 /*kvno */ +
199 sizeof(short) + cipherLen;
200 if (ans->len > sizeof(ans->data))
201 return KAANSWERTOOLONG;
203 return KAANSWERTOOLONG;
205 *answer++ = (unsigned char)KRB_PROT_VERSION;
206 *answer++ = (unsigned char)AUTH_MSG_KDC_REPLY;
207 /* always send claiming network byte order */
212 *answer++ = 1; /* undocumented number of tickets! */
214 *answer++ = (unsigned char)kvno;
216 short w = (short)cipherLen;
218 memcpy(answer, &w, sizeof(short));
219 answer += sizeof(short);
221 memcpy(answer, cipher, cipherLen);
226 check_auth(pkt, auth, authLen, key, name, inst, cell)
230 struct ktc_encryptionKey *key;
236 des_key_schedule schedule;
238 /* unsigned char time_msec; */
240 int byteOrder = pkt->byteOrder;
242 des_key_sched(key, schedule);
243 des_pcbc_encrypt(auth, auth, authLen, schedule, key, DECRYPT);
245 if (strcmp(packet, name) != 0)
247 packet += strlen(packet) + 1;
248 if (strcmp(packet, inst) != 0)
250 packet += strlen(packet) + 1;
251 if (strcmp(packet, cell) != 0)
253 packet += strlen(packet) + 1;
255 /* time_msec = */ *(unsigned char *)packet++;
257 if ((packet - auth) > authLen)
263 UDP_Authenticate(ksoc, client, name, inst, startTime, endTime, sname, sinst)
265 struct sockaddr_in *client;
273 struct ubik_trans *tt;
274 afs_int32 to; /* offset of block */
275 struct kaentry tentry;
276 afs_int32 tgskvno; /* key version of service key */
277 struct ktc_encryptionKey tgskey; /* service key for encrypting ticket */
282 char ticket[MAXKTCTICKETLEN]; /* our copy of the ticket */
284 struct ktc_encryptionKey sessionKey; /* we have to invent a session key */
286 char cipher[2 * MAXKTCTICKETLEN]; /* put encrypted part of answer here */
290 COUNT_REQ(UAuthenticate);
291 if (!name_instance_legal(name, inst))
292 return KERB_ERR_NAME_EXP; /* KABADNAME */
293 if (code = InitAuthServ(&tt, LOCKREAD, this_op))
296 code = FindBlock(tt, name, inst, &to, &tentry);
299 if (to) { /* if user exists check other stuff */
301 struct kaentry sentry;
302 save_principal(udpAuthPrincipal, name, inst, 0);
304 tgt = ((strcmp(sname, KA_TGS_NAME) == 0)
305 && (strcmp(sinst, lrealm) == 0));
306 if ((ntohl(tentry.user_expiration) < now)
307 || (tgt && (ntohl(tentry.flags) & KAFNOTGS))) {
308 code = KERB_ERR_NAME_EXP; /* KABADUSER */
311 code = FindBlock(tt, KA_TGS_NAME, lrealm, &sto, &sentry);
318 if ((ntohl(sentry.user_expiration) < now)) {
319 code = KERB_ERR_NAME_EXP; /* XXX Could use another error code XXX */
322 if (abs(startTime - now) > KTC_TIME_UNCERTAINTY) {
323 code = KERB_ERR_SERVICE_EXP; /* was KABADREQUEST */
327 if (tentry.misc_auth_bytes) {
328 unsigned char misc_auth_bytes[4];
329 afs_uint32 temp; /* unsigned for safety */
330 afs_uint32 pwexpires;
332 temp = ntohl(*((afs_int32 *) (tentry.misc_auth_bytes)));
333 unpack_long(temp, misc_auth_bytes);
334 pwexpires = misc_auth_bytes[0];
337 ntohl(tentry.change_password_time) +
338 24 * 60 * 60 * pwexpires;
339 if (pwexpires < now) {
340 code = KERB_ERR_AUTH_EXP; /* was KAPWEXPIRED */
346 /* make the ticket */
347 code = des_random_key(&sessionKey);
349 code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
353 umin(endTime, startTime + ntohl(tentry.max_ticket_lifetime));
354 if ((code = ka_LookupKey(tt, sname, sinst, &tgskvno, &tgskey))
356 tkt_MakeTicket(ticket, &ticketLen, &tgskey, name, inst,
357 lrealm, startTime, endTime, &sessionKey,
358 htonl(client->sin_addr.s_addr), sname, sinst)))
361 cipherLen = sizeof(cipher);
363 create_cipher(cipher, &cipherLen, &sessionKey, sname, sinst,
364 startTime, endTime, tgskvno, ticket, ticketLen,
368 } else { /* no such user */
370 tentry.key_version = 0;
372 code = ubik_EndTrans(tt);
377 create_reply(&ans, name, inst, startTime, endTime,
378 ntohl(tentry.key_version), cipher, cipherLen);
383 printf("Sending %d bytes ending in: ", ans.len);
384 ka_PrintBytes(ans.data + ans.len - 8, 8);
389 sendto(ksoc, ans.data, ans.len, 0, (struct sockaddr *)client,
391 if (code != ans.len) {
392 perror("calling sendto");
396 KALOG(name, inst, sname, sinst, NULL, client->sin_addr.s_addr,
399 if (cipherLen != 0) {
400 KALOG(name, inst, sname, sinst, NULL, client->sin_addr.s_addr,
403 osi_audit(UDPAuthenticateEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_END);
411 osi_audit(UDPAuthenticateEvent, code, AUD_STR, name, AUD_STR, inst,
417 UDP_GetTicket(ksoc, pkt, kvno, authDomain, ticket, ticketLen, auth, authLen)
428 struct ktc_encryptionKey tgskey;
429 char name[MAXKTCNAMELEN];
430 char inst[MAXKTCNAMELEN];
431 char cell[MAXKTCREALMLEN];
432 struct ktc_encryptionKey authSessionKey;
442 int byteOrder = pkt->byteOrder;
443 char sname[MAXKTCNAMELEN];
444 char sinst[MAXKTCNAMELEN];
448 struct ubik_trans *tt;
450 struct kaentry caller;
451 struct kaentry server;
453 struct ktc_encryptionKey sessionKey;
455 char newTicket[MAXKTCTICKETLEN];
457 char cipher[2 * MAXKTCTICKETLEN]; /* put encrypted part of answer here */
461 COUNT_REQ(UGetTicket);
463 if (code = InitAuthServ(&tt, LOCKREAD, this_op))
466 ka_LookupKvno(tt, KA_TGS_NAME,
467 ((strlen(authDomain) > 0) ? authDomain : lrealm), kvno,
473 tkt_DecodeTicket(ticket, ticketLen, &tgskey, name, inst, cell,
474 &authSessionKey, &host, &start, &authEnd);
479 code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */
482 save_principal(udptgsPrincipal, name, inst, cell);
483 code = tkt_CheckTimes(start, authEnd, now);
486 code = KERB_ERR_SERVICE_EXP; /* was RXKADEXPIRED */
489 code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */
492 celllen = strlen(cell);
494 if ((strlen(authDomain) > 0) && (strcmp(authDomain, lrealm) != 0))
496 if (import && (celllen == 0)) {
497 code = KERB_ERR_PKT_VER; /* was KABADTICKET */
501 strncpy(cell, lrealm, MAXKTCREALMLEN - 1);
502 cell[MAXKTCREALMLEN - 1] = 0;
505 if (!krb4_cross && strcmp(lrealm, cell) != 0) {
506 code = KERB_ERR_PRINCIPAL_UNKNOWN;
511 printf("UGetTicket: got ticket from '%s'.'%s'@'%s'\n", name, inst,
515 code = check_auth(pkt, auth, authLen, &authSessionKey, name, inst, cell);
519 /* authenticator and all is OK so read actual request */
522 life = *(unsigned char *)packet++;
526 reqEnd = life_to_time(start, life);
528 printf("UGetTicket: request for server '%s'.'%s'\n", sname, sinst);
530 save_principal(udptgsServerPrincipal, sname, sinst, 0);
533 strcpy(caller.userID.name, name);
534 strcpy(caller.userID.instance, inst);
535 caller.max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME);
537 code = FindBlock(tt, name, inst, &to, &caller);
541 ka_PrintUserID("GetTicket: User ", name, inst, " unknown.\n");
542 code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */
545 if (ntohl(caller.flags) & KAFNOTGS) {
546 code = KERB_ERR_AUTH_EXP; /* was KABADUSER */
551 code = FindBlock(tt, sname, sinst, &to, &server); /* get server's entry */
554 if (to == 0) { /* entry not found */
555 ka_PrintUserID("GetTicket: Server ", sname, sinst, " unknown.\n");
556 code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */
559 code = ubik_EndTrans(tt);
563 if (ntohl(server.flags) & KAFNOSEAL)
566 code = des_random_key(&sessionKey);
568 code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
573 umin(umin(reqEnd, authEnd),
574 umin(start + ntohl(caller.max_ticket_lifetime),
575 start + ntohl(server.max_ticket_lifetime)));
578 tkt_MakeTicket(newTicket, &newTicketLen, &server.key,
579 caller.userID.name, caller.userID.instance, cell,
580 start, reqEnd, &sessionKey,
581 htonl(pkt->from.sin_addr.s_addr), server.userID.name,
582 server.userID.instance);
586 cipherLen = sizeof(cipher);
588 create_cipher(cipher, &cipherLen, &sessionKey, sname, sinst, start,
589 reqEnd, ntohl(server.key_version), newTicket,
590 newTicketLen, &authSessionKey);
595 create_reply(&ans, name, inst, start, reqEnd, 0, cipher, cipherLen);
600 sendto(ksoc, ans.data, ans.len, 0, (struct sockaddr *)&pkt->from,
602 if (code != ans.len) {
603 perror("calling sendto");
608 if (cipherLen != 0) {
609 KALOG(name, inst, sname, sinst, NULL, host, LOG_GETTICKET);
611 osi_audit(UDPGetTicketEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_STR,
612 cell, AUD_STR, sname, AUD_STR, sinst, AUD_END);
618 osi_audit(UDPGetTicketEvent, code, AUD_STR, name, AUD_STR, inst, AUD_STR,
619 NULL, AUD_STR, NULL, AUD_STR, NULL, AUD_END);
624 err_packet(ksoc, pkt, code, reason)
631 char *answer = ans.data;
637 snprintf(buf, 255, "code = %d: %s", code, reason);
640 printf("Sending error packet to '%s'.'%s'@'%s' containing %s\n",
641 pkt->name, pkt->inst, pkt->realm, buf);
645 2 + strlen(pkt->name) + strlen(pkt->inst) + strlen(pkt->realm) +
646 3 /* nulls */ + (2 * sizeof(afs_int32)) + strlen(buf) + 1;
647 if (ans.len > sizeof(ans.data)) {
648 printf("Answer packet too long\n");
652 *answer++ = (unsigned char)KRB_PROT_VERSION;
653 *answer++ = (unsigned char)AUTH_MSG_ERR_REPLY;
654 /* always send claiming network byte order */
659 if ((code < 0) || (code > KERB_ERR_MAXIMUM)) {
660 /* It could be because of kauth errors so we should return something instead of success!! */
667 sendto(ksoc, ans.data, ans.len, 0, (struct sockaddr *)&pkt->from,
669 if (code != ans.len) {
672 ("call to sendto returned %d, sending error packet %d bytes long\n",
675 perror("err_packet: sendto");
681 process_udp_auth(ksoc, pkt)
685 char *packet = pkt->rest;
686 char name[MAXKTCNAMELEN];
687 char inst[MAXKTCNAMELEN];
688 char realm[MAXKTCREALMLEN];
689 char sname[MAXKTCNAMELEN];
690 char sinst[MAXKTCNAMELEN];
693 Date startTime, endTime;
694 unsigned char lifetime;
704 printf("Processing KDC Request from '%s'.'%s'@'%s'\n", name, inst,
708 if ((strlen(realm) > 0) && (strcmp(realm, lrealm) != 0)) {
709 err_packet(ksoc, pkt, KERB_ERR_NONNULL_REALM,
710 "null realm name not allowed");
713 memcpy(&startTime, packet, sizeof(startTime));
714 packet += sizeof(startTime);
715 startTime = ktohl(pkt->byteOrder, startTime);
716 pkt->time = startTime;
717 lifetime = *packet++;
718 endTime = life_to_time(startTime, lifetime);
719 code = tkt_CheckTimes(startTime, endTime, now);
721 err_packet(ksoc, pkt, KERB_ERR_BAD_LIFETIME,
722 "requested ticket lifetime invalid");
727 if ((packet - pkt->data) != pkt->len) {
728 err_packet(ksoc, pkt, KERB_ERR_PKT_LENGTH,
729 "packet length inconsistent");
734 UDP_Authenticate(ksoc, &pkt->from, name, inst, startTime, endTime,
737 if (code == KANOENT) {
738 code = KERB_ERR_PRINCIPAL_UNKNOWN;
739 err_packet(ksoc, pkt, code, (char *)afs_error_message(code));
740 } else if (code == KAPWEXPIRED) {
741 code = KERB_ERR_NAME_EXP;
742 err_packet(ksoc, pkt, code, "password has expired");
744 err_packet(ksoc, pkt, code, (char *)afs_error_message(code));
750 process_udp_appl(ksoc, pkt)
754 char *packet = pkt->rest;
756 char realm[MAXKTCREALMLEN];
757 char ticket[MAXKTCTICKETLEN];
758 char auth[3 * MAXKTCNAMELEN + 4 + 5];
760 int ticketLen, authLen;
764 printf("Processing APPL Request\n");
768 ticketLen = *(unsigned char *)packet++;
769 authLen = *(unsigned char *)packet++;
770 if (ticketLen > sizeof(ticket)) {
771 err_packet(ksoc, pkt, KERB_ERR_TEXT_LENGTH, "ticket too long");
774 memcpy(ticket, packet, ticketLen);
776 if (authLen > sizeof(auth)) {
777 err_packet(ksoc, pkt, KERB_ERR_TEXT_LENGTH, "authenticator too long");
780 memcpy(auth, packet, authLen);
781 pkt->rest = packet + authLen;
783 UDP_GetTicket(ksoc, pkt, kvno, realm, ticket, ticketLen, auth,
787 code = KERB_ERR_PRINCIPAL_UNKNOWN;
788 err_packet(ksoc, pkt, code, (char *)afs_error_message(code));
795 process_udp_request(ksoc, pkt)
799 char *packet = pkt->data;
800 unsigned char version, auth_msg_type;
803 if (version != KRB_PROT_VERSION) {
804 err_packet(ksoc, pkt, KERB_ERR_PKT_VER,
805 "packet version number unknown");
808 auth_msg_type = *packet++;
809 pkt->byteOrder = auth_msg_type & 1;
811 switch (auth_msg_type & ~1) {
812 case AUTH_MSG_KDC_REQUEST:
813 process_udp_auth(ksoc, pkt);
815 case AUTH_MSG_APPL_REQUEST:
816 process_udp_appl(ksoc, pkt);
819 printf("unknown msg type 0x%x\n", auth_msg_type);
820 err_packet(ksoc, pkt, KERB_ERR_BAD_MSG_TYPE,
821 "message type not supported");
828 SocketListener(void *unused)
832 struct packet packet;
836 printf("Starting to listen for UDP packets\n");
840 FD_SET(sock_kerb, &rfds);
842 FD_SET(sock_kerb5, &rfds);
846 /* write and exception fd_set's are null */
847 code = IOMGR_Select(32, &rfds, NULL, NULL, &tv);
848 if (code == 0) { /* timeout */
849 /* printf ("Timeout\n"); */
851 } else if (code < 0) {
852 perror("calling IOMGR_Select");
856 fromLen = sizeof(packet.from);
857 if ((sock_kerb >= 0) && FD_ISSET(sock_kerb, &rfds)) {
859 recvfrom(sock_kerb, packet.data, sizeof(packet.data), 0,
860 (struct sockaddr *)&packet.from, &fromLen);
862 if (errno == EAGAIN || errno == ECONNREFUSED)
864 perror("calling recvfrom");
869 printf("Kerb:udp: Got %d bytes from addr %s which are '",
870 code, afs_inet_ntoa(packet.from.sin_addr.s_addr));
871 ka_PrintBytes(packet.data, packet.len);
874 packet.name = packet.inst = packet.realm = "";
876 process_udp_request(sock_kerb, &packet);
879 if ((sock_kerb5 >= 0) && FD_ISSET(sock_kerb5, &rfds)) {
881 recvfrom(sock_kerb5, packet.data, sizeof(packet.data), 0,
882 (struct sockaddr *)&packet.from, &fromLen);
884 if (errno == EAGAIN || errno == ECONNREFUSED)
886 perror("calling recvfrom");
891 printf("Kerb5:udp: Got %d bytes from addr %s which are '",
892 code, afs_inet_ntoa(packet.from.sin_addr.s_addr));
893 ka_PrintBytes(packet.data, packet.len);
896 packet.name = packet.inst = packet.realm = "";
898 process_udp_request(sock_kerb5, &packet);
901 if (sock_kerb >= 0) {
902 closesocket(sock_kerb);
905 if (sock_kerb5 >= 0) {
906 closesocket(sock_kerb5);
909 printf("UDP SocketListener exiting due to error\n");
916 #include "AFS_component_version_number.c"
924 struct sockaddr_in taddr;
925 static PROCESS slPid; /* socket listener pid */
926 static PROCESS checkPid; /* fiveminute check */
928 char *krb4name; /* kerberos version4 service */
934 static int inited = 0;
941 memset(&taddr, 0, sizeof(taddr));
942 krb4name = "kerberos4";
943 sp = getservbyname(krb4name, "udp");
944 taddr.sin_family = AF_INET; /* added for NCR port */
945 #ifdef STRUCT_SOCKADDR_HAS_SA_LEN
946 taddr.sin_len = sizeof(struct sockaddr_in);
949 /* if kerberos-4 is not available, try "kerberos-iv" */
950 krb4name = "kerberos-iv";
951 sp = getservbyname(krb4name, "udp");
954 /* if kerberos-iv is not available, try "kerberos" */
955 krb4name = "kerberos";
956 sp = getservbyname(krb4name, "udp");
960 "kerberos/udp is unknown; check /etc/services. Using port=%d as default\n",
962 taddr.sin_port = htons(KRB_PORT);
964 /* copy the port number */
965 fprintf(stderr, "%s/udp port=%hu\n", krb4name,
966 (unsigned short)sp->s_port);
967 taddr.sin_port = sp->s_port;
969 kerb_port = taddr.sin_port;
970 sock_kerb = socket(AF_INET, SOCK_DGRAM, 0);
971 code = bind(sock_kerb, (struct sockaddr *)&taddr, sizeof(taddr));
973 perror("calling bind");
977 sp = getservbyname("kerberos5", "udp");
980 "kerberos5/udp is unknown; check /etc/services. Using port=%d as default\n",
982 taddr.sin_port = htons(KRB5_PORT);
984 /* copy the port number */
985 fprintf(stderr, "kerberos5/udp port=%hu\n",
986 (unsigned short)sp->s_port);
987 taddr.sin_port = sp->s_port;
989 if (taddr.sin_port != kerb_port) { /* a different port */
990 sock_kerb5 = socket(AF_INET, SOCK_DGRAM, 0);
991 code = bind(sock_kerb5, (struct sockaddr *)&taddr, sizeof(taddr));
993 perror("calling bind");
998 /* Bail out if we can't bind with any port */
999 if ((sock_kerb < 0) && (sock_kerb5 < 0))
1003 /* this has already been done */
1004 LWP_InitializeProcessSupport(LWP_NORMAL_PRIORITY, &junk);
1007 LWP_CreateProcess(SocketListener, /*stacksize */ 16000,
1008 LWP_NORMAL_PRIORITY, (void *)0, "Socket Listener",
1011 /* just to close the log every five minutes */
1013 LWP_CreateProcess(FiveMinuteCheckLWP, 24 * 1024, LWP_MAX_PRIORITY - 2,
1014 (void *)&fiveminutes, "FiveMinuteChecks", &checkPid);
1017 initialize_ka_error_table();
1018 initialize_rxk_error_table();
1019 while (1) /* don't just stand there, run it */
1028 char *lastOperation; /* name of last operation */
1029 char *lrealm = "REALMNAME";
1030 struct kadstats dynamic_statistics;
1033 InitAuthServ(tt, lock, this_op)
1034 struct ubik_trans **tt;
1035 int lock; /* read or write transaction */
1036 int *this_op; /* op of RCP routine, for COUNT_ABO */
1041 printf("Calling InitAuthServ\n");
1047 struct ubik_trans *tt;
1049 printf("Calling ubik_EndTrans\n");
1055 struct ubik_trans *tt;
1057 printf("Calling ubik_AbortTrans\n");
1062 FindBlock(at, aname, ainstance, tentry)
1063 struct ubik_trans *at;
1066 struct kaentry *tentry;
1068 printf("Calling FindBlock with '%s'.'%s'\n", aname, ainstance);
1069 strcpy(tentry->userID.name, aname);
1070 strcpy(tentry->userID.instance, ainstance);
1071 tentry->key_version = htonl(17);
1072 des_string_to_key("toa", &tentry->key);
1073 tentry->flags = htonl(KAFNORMAL);
1074 tentry->user_expiration = htonl(NEVERDATE);
1075 tentry->max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME);
1080 ka_LookupKey(tt, name, inst, kvno, key)
1081 struct ubik_trans *tt;
1084 afs_int32 *kvno; /* returned */
1085 struct ktc_encryptionKey *key; /* copied out */
1087 printf("Calling ka_LookupKey with '%s'.'%s'\n", name, inst);
1089 des_string_to_key("applexx", key);
1093 kvno_tgs_key(authDomain, kvno, tgskey)
1096 struct ktc_encryptionKey *tgskey;
1098 if (strcmp(authDomain, lrealm) != 0)
1099 printf("Called with wrong %s as authDomain\n", authDomain);
1101 printf("kvno_tgs_key: being called with wrong kvno: %d\n", kvno);
1102 des_string_to_key("applexx", tgskey);
1110 name_instance_legal()