2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 /* This file contains the code to handle UDP requests to the authentication
11 server using the MIT Kerberos protocol for obtaining tickets. It will only
12 handle authentication and get ticket requests to provide read-only protocol
13 level compatibility with the standard Kerberos servers. */
15 #include <afsconfig.h>
16 #include <afs/param.h>
21 #ifdef IGNORE_SOME_GCC_WARNINGS
22 # pragma GCC diagnostic warning "-Wdeprecated-declarations"
26 #include <afs/errmap_nt.h>
30 #include <hcrypto/des.h>
32 #include <afs/com_err.h>
37 #include <rx/rxkad_convert.h>
43 #include "kauth_internal.h"
45 #include "prot.h" /* protocol definitions */
47 #include "afs/audit.h"
49 #include "kadatabase.h"
51 /* my kerberos error codes */
52 #define KERB_ERR_BAD_MSG_TYPE 99
53 #define KERB_ERR_BAD_LIFETIME 98
54 #define KERB_ERR_NONNULL_REALM 97
55 #define KERB_ERR_PKT_LENGTH 96
56 #define KERB_ERR_TEXT_LENGTH 95
58 #define KDC_GEN_ERR 20
62 #define closesocket close
65 int krb_udp_debug = 0;
67 static int sock_kerb = -1; /* the socket we're using */
68 static int sock_kerb5 = -1; /* the socket we're using */
72 struct sockaddr_in from;
78 char *rest; /* remaining bytes of packet */
79 char data[MAX_PKT_LEN];
82 extern char *lastOperation;
85 char udpAuthPrincipal[256];
86 char udptgsPrincipal[256];
87 char udptgsServerPrincipal[256];
89 #define putstr(name) if ((slen = strlen(name)) >= MAXKTCNAMELEN) return -1;\
90 else strcpy (answer, name), answer += slen+1
91 #define putint(num) num = htonl(num), \
92 memcpy(answer, &num, sizeof(afs_int32)), \
93 answer += sizeof(afs_int32)
95 #define getstr(name) if ((slen = strlen(packet)) >= sizeof(name)) return -1;\
96 strcpy (name, packet), packet += slen+1
97 #define getint(num) memcpy(&num, packet, sizeof(afs_int32)), \
98 num = ktohl (byteOrder, num), \
99 packet += sizeof(afs_int32)
101 /* this is just to close the log every five minutes to rm works */
103 int fiveminutes = 300;
106 FiveMinuteCheckLWP(void *unused)
109 printf("start 5 min check lwp\n");
112 IOMGR_Sleep(fiveminutes);
113 /* close the log so it can be removed */
114 ReOpenLog(AFSDIR_SERVER_KALOG_FILEPATH); /* no trunc, just append */
121 create_cipher(char *cipher, int *cipherLen,
122 struct ktc_encryptionKey *sessionKey, char *sname,
123 char *sinst, Date start, Date end, afs_int32 kvno,
124 char *ticket, int ticketLen, struct ktc_encryptionKey *key)
128 unsigned char life = time_to_life(start, end);
130 DES_key_schedule schedule;
135 sizeof(*sessionKey) + strlen(sname) + strlen(sinst) + strlen(lrealm) +
136 3 /*nulls */ + 3 + ticketLen + sizeof(Date);
137 if (len > *cipherLen)
138 return KAANSWERTOOLONG;
140 return KAANSWERTOOLONG;
142 return KAANSWERTOOLONG;
144 memcpy(answer, sessionKey, sizeof(*sessionKey));
145 answer += sizeof(*sessionKey);
150 *answer++ = (unsigned char)kvno;
151 *answer++ = (unsigned char)ticketLen;
152 memcpy(answer, ticket, ticketLen);
157 printf("Printing ticket (%d) and date: ", ticketLen);
158 ka_PrintBytes(ticket, ticketLen);
159 ka_PrintBytes(answer - 4, 4);
163 if ((code = DES_key_sched(ktc_to_cblock(key), &schedule)))
164 printf("In KAAuthenticate: key_sched returned %d\n", code);
165 DES_pcbc_encrypt(cipher, cipher, len, &schedule, ktc_to_cblockptr(key), ENCRYPT);
166 *cipherLen = round_up_to_ebs(len);
169 printf("Printing cipher (%d): ", *cipherLen);
170 ka_PrintBytes(cipher, *cipherLen);
177 create_reply(struct packet *ans, char *name, char *inst, Date startTime,
178 Date endTime, afs_int32 kvno, char *cipher, int cipherLen)
180 char *answer = ans->data;
183 ans->len = 2 + strlen(name) + strlen(inst) + 3 /*nulls */ +
184 sizeof(afs_int32) + 1 /*ntkts */ + sizeof(afs_int32) + 1 /*kvno */ +
185 sizeof(short) + cipherLen;
186 if (ans->len > sizeof(ans->data))
187 return KAANSWERTOOLONG;
189 return KAANSWERTOOLONG;
191 *answer++ = (unsigned char)KRB_PROT_VERSION;
192 *answer++ = (unsigned char)AUTH_MSG_KDC_REPLY;
193 /* always send claiming network byte order */
198 *answer++ = 1; /* undocumented number of tickets! */
200 *answer++ = (unsigned char)kvno;
202 short w = (short)cipherLen;
204 memcpy(answer, &w, sizeof(short));
205 answer += sizeof(short);
207 memcpy(answer, cipher, cipherLen);
212 check_auth(struct packet *pkt, char *auth, int authLen,
213 struct ktc_encryptionKey *key, char *name, char *inst,
217 DES_key_schedule schedule;
220 int byteOrder = pkt->byteOrder;
222 DES_key_sched(ktc_to_cblock(key), &schedule);
223 DES_pcbc_encrypt(auth, auth, authLen, &schedule, ktc_to_cblockptr(key), DECRYPT);
225 if (strcmp(packet, name) != 0)
227 packet += strlen(packet) + 1;
228 if (strcmp(packet, inst) != 0)
230 packet += strlen(packet) + 1;
231 if (strcmp(packet, cell) != 0)
233 packet += strlen(packet) + 1;
235 /* Comments in the original IBM source suggest this byte was/is "time_msec" */
238 if ((packet - auth) > authLen)
244 UDP_Authenticate(int ksoc, struct sockaddr_in *client, char *name,
245 char *inst, Date startTime, Date endTime, char *sname,
248 struct ubik_trans *tt;
249 afs_int32 to; /* offset of block */
250 struct kaentry tentry;
251 afs_int32 tgskvno; /* key version of service key */
252 struct ktc_encryptionKey tgskey; /* service key for encrypting ticket */
257 char ticket[MAXKTCTICKETLEN]; /* our copy of the ticket */
259 struct ktc_encryptionKey sessionKey; /* we have to invent a session key */
261 char cipher[2 * MAXKTCTICKETLEN]; /* put encrypted part of answer here */
265 COUNT_REQ(UAuthenticate);
266 if (!name_instance_legal(name, inst))
267 return KERB_ERR_NAME_EXP; /* KABADNAME */
268 if ((code = InitAuthServ(&tt, LOCKREAD, this_op)))
271 code = FindBlock(tt, name, inst, &to, &tentry);
274 if (to) { /* if user exists check other stuff */
276 struct kaentry sentry;
277 save_principal(udpAuthPrincipal, name, inst, 0);
279 tgt = ((strcmp(sname, KA_TGS_NAME) == 0)
280 && (strcmp(sinst, lrealm) == 0));
281 if ((ntohl(tentry.user_expiration) < now)
282 || (tgt && (ntohl(tentry.flags) & KAFNOTGS))) {
283 code = KERB_ERR_NAME_EXP; /* KABADUSER */
286 code = FindBlock(tt, KA_TGS_NAME, lrealm, &sto, &sentry);
293 if ((ntohl(sentry.user_expiration) < now)) {
294 code = KERB_ERR_NAME_EXP; /* XXX Could use another error code XXX */
297 if (startTime - now > KTC_TIME_UNCERTAINTY) {
298 code = KERB_ERR_SERVICE_EXP; /* was KABADREQUEST */
302 if (tentry.misc_auth_bytes) {
303 unsigned char misc_auth_bytes[4];
304 afs_uint32 temp; /* unsigned for safety */
305 afs_uint32 pwexpires;
307 memcpy(&temp, tentry.misc_auth_bytes, sizeof(afs_uint32));
309 unpack_long(temp, misc_auth_bytes);
310 pwexpires = misc_auth_bytes[0];
313 ntohl(tentry.change_password_time) +
314 24 * 60 * 60 * pwexpires;
315 if (pwexpires < now) {
316 code = KERB_ERR_AUTH_EXP; /* was KAPWEXPIRED */
322 /* make the ticket */
323 code = DES_new_random_key(ktc_to_cblock(&sessionKey));
325 code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
329 umin(endTime, startTime + ntohl(tentry.max_ticket_lifetime));
330 if ((code = ka_LookupKey(tt, sname, sinst, &tgskvno, &tgskey))
332 tkt_MakeTicket(ticket, &ticketLen, &tgskey, name, inst,
333 lrealm, startTime, endTime, &sessionKey,
334 htonl(client->sin_addr.s_addr), sname, sinst)))
337 cipherLen = sizeof(cipher);
339 create_cipher(cipher, &cipherLen, &sessionKey, sname, sinst,
340 startTime, endTime, tgskvno, ticket, ticketLen,
344 } else { /* no such user */
346 tentry.key_version = 0;
348 code = ubik_EndTrans(tt);
353 create_reply(&ans, name, inst, startTime, endTime,
354 ntohl(tentry.key_version), cipher, cipherLen);
359 printf("Sending %d bytes ending in: ", ans.len);
360 ka_PrintBytes(ans.data + ans.len - 8, 8);
365 sendto(ksoc, ans.data, ans.len, 0, (struct sockaddr *)client,
367 if (code != ans.len) {
368 perror("calling sendto");
372 KALOG(name, inst, sname, sinst, NULL, client->sin_addr.s_addr,
375 if (cipherLen != 0) {
376 KALOG(name, inst, sname, sinst, NULL, client->sin_addr.s_addr,
379 osi_audit(UDPAuthenticateEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_END);
387 osi_audit(UDPAuthenticateEvent, code, AUD_STR, name, AUD_STR, inst,
393 UDP_GetTicket(int ksoc, struct packet *pkt, afs_int32 kvno,
394 char *authDomain, char *ticket, int ticketLen, char *auth,
398 struct ktc_encryptionKey tgskey;
399 char name[MAXKTCNAMELEN];
400 char inst[MAXKTCNAMELEN];
401 char cell[MAXKTCREALMLEN];
402 struct ktc_encryptionKey authSessionKey;
412 int byteOrder = pkt->byteOrder;
413 char sname[MAXKTCNAMELEN];
414 char sinst[MAXKTCNAMELEN];
418 struct ubik_trans *tt;
420 struct kaentry caller;
421 struct kaentry server;
423 struct ktc_encryptionKey sessionKey;
425 char newTicket[MAXKTCTICKETLEN];
427 char cipher[2 * MAXKTCTICKETLEN]; /* put encrypted part of answer here */
431 COUNT_REQ(UGetTicket);
433 if ((code = InitAuthServ(&tt, LOCKREAD, this_op)))
436 ka_LookupKvno(tt, KA_TGS_NAME,
437 ((strlen(authDomain) > 0) ? authDomain : lrealm), kvno,
443 tkt_DecodeTicket(ticket, ticketLen, &tgskey, name, inst, cell,
444 &authSessionKey, &host, &start, &authEnd);
449 code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */
452 save_principal(udptgsPrincipal, name, inst, cell);
453 code = tkt_CheckTimes(start, authEnd, now);
456 code = KERB_ERR_SERVICE_EXP; /* was RXKADEXPIRED */
459 code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */
462 celllen = strlen(cell);
464 if ((strlen(authDomain) > 0) && (strcmp(authDomain, lrealm) != 0))
466 if (import && (celllen == 0)) {
467 code = KERB_ERR_PKT_VER; /* was KABADTICKET */
471 strncpy(cell, lrealm, MAXKTCREALMLEN - 1);
472 cell[MAXKTCREALMLEN - 1] = 0;
475 if (!krb4_cross && strcmp(lrealm, cell) != 0) {
476 code = KERB_ERR_PRINCIPAL_UNKNOWN;
481 printf("UGetTicket: got ticket from '%s'.'%s'@'%s'\n", name, inst,
485 code = check_auth(pkt, auth, authLen, &authSessionKey, name, inst, cell);
489 /* authenticator and all is OK so read actual request */
492 life = *(unsigned char *)packet++;
496 reqEnd = life_to_time(start, life);
498 printf("UGetTicket: request for server '%s'.'%s'\n", sname, sinst);
500 save_principal(udptgsServerPrincipal, sname, sinst, 0);
503 strcpy(caller.userID.name, name);
504 strcpy(caller.userID.instance, inst);
505 caller.max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME);
507 code = FindBlock(tt, name, inst, &to, &caller);
511 ka_PrintUserID("GetTicket: User ", name, inst, " unknown.\n");
512 code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */
515 if (ntohl(caller.flags) & KAFNOTGS) {
516 code = KERB_ERR_AUTH_EXP; /* was KABADUSER */
521 code = FindBlock(tt, sname, sinst, &to, &server); /* get server's entry */
524 if (to == 0) { /* entry not found */
525 ka_PrintUserID("GetTicket: Server ", sname, sinst, " unknown.\n");
526 code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */
529 code = ubik_EndTrans(tt);
533 if (ntohl(server.flags) & KAFNOSEAL)
536 code = DES_new_random_key(ktc_to_cblock(&sessionKey));
538 code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
543 umin(umin(reqEnd, authEnd),
544 umin(start + ntohl(caller.max_ticket_lifetime),
545 start + ntohl(server.max_ticket_lifetime)));
548 tkt_MakeTicket(newTicket, &newTicketLen, &server.key,
549 caller.userID.name, caller.userID.instance, cell,
550 start, reqEnd, &sessionKey,
551 htonl(pkt->from.sin_addr.s_addr), server.userID.name,
552 server.userID.instance);
556 cipherLen = sizeof(cipher);
558 create_cipher(cipher, &cipherLen, &sessionKey, sname, sinst, start,
559 reqEnd, ntohl(server.key_version), newTicket,
560 newTicketLen, &authSessionKey);
565 create_reply(&ans, name, inst, start, reqEnd, 0, cipher, cipherLen);
570 sendto(ksoc, ans.data, ans.len, 0, (struct sockaddr *)&pkt->from,
572 if (code != ans.len) {
573 perror("calling sendto");
578 if (cipherLen != 0) {
579 KALOG(name, inst, sname, sinst, NULL, host, LOG_GETTICKET);
581 osi_audit(UDPGetTicketEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_STR,
582 cell, AUD_STR, sname, AUD_STR, sinst, AUD_END);
588 osi_audit(UDPGetTicketEvent, code, AUD_STR, name, AUD_STR, inst, AUD_STR,
589 NULL, AUD_STR, NULL, AUD_STR, NULL, AUD_END);
594 err_packet(int ksoc, struct packet *pkt, afs_int32 code, char *reason)
597 char *answer = ans.data;
603 snprintf(buf, 255, "code = %d: %s", code, reason);
606 printf("Sending error packet to '%s'.'%s'@'%s' containing %s\n",
607 pkt->name, pkt->inst, pkt->realm, buf);
611 2 + strlen(pkt->name) + strlen(pkt->inst) + strlen(pkt->realm) +
612 3 /* nulls */ + (2 * sizeof(afs_int32)) + strlen(buf) + 1;
613 if (ans.len > sizeof(ans.data)) {
614 printf("Answer packet too long\n");
618 *answer++ = (unsigned char)KRB_PROT_VERSION;
619 *answer++ = (unsigned char)AUTH_MSG_ERR_REPLY;
620 /* always send claiming network byte order */
625 if ((code < 0) || (code > KERB_ERR_MAXIMUM)) {
626 /* It could be because of kauth errors so we should return something instead of success!! */
633 sendto(ksoc, ans.data, ans.len, 0, (struct sockaddr *)&pkt->from,
635 if (code != ans.len) {
638 ("call to sendto returned %d, sending error packet %d bytes long\n",
641 perror("err_packet: sendto");
647 process_udp_auth(int ksoc, struct packet *pkt)
649 char *packet = pkt->rest;
650 char name[MAXKTCNAMELEN];
651 char inst[MAXKTCNAMELEN];
652 char realm[MAXKTCREALMLEN];
653 char sname[MAXKTCNAMELEN];
654 char sinst[MAXKTCNAMELEN];
657 Date startTime, endTime;
658 unsigned char lifetime;
668 printf("Processing KDC Request from '%s'.'%s'@'%s'\n", name, inst,
672 if ((strlen(realm) > 0) && (strcmp(realm, lrealm) != 0)) {
673 err_packet(ksoc, pkt, KERB_ERR_NONNULL_REALM,
674 "null realm name not allowed");
677 memcpy(&startTime, packet, sizeof(startTime));
678 packet += sizeof(startTime);
679 startTime = ktohl(pkt->byteOrder, startTime);
680 pkt->time = startTime;
681 lifetime = *packet++;
682 endTime = life_to_time(startTime, lifetime);
683 code = tkt_CheckTimes(startTime, endTime, now);
685 err_packet(ksoc, pkt, KERB_ERR_BAD_LIFETIME,
686 "requested ticket lifetime invalid");
691 if ((packet - pkt->data) != pkt->len) {
692 err_packet(ksoc, pkt, KERB_ERR_PKT_LENGTH,
693 "packet length inconsistent");
698 UDP_Authenticate(ksoc, &pkt->from, name, inst, startTime, endTime,
701 if (code == KANOENT) {
702 code = KERB_ERR_PRINCIPAL_UNKNOWN;
703 err_packet(ksoc, pkt, code, (char *)afs_error_message(code));
704 } else if (code == KAPWEXPIRED) {
705 code = KERB_ERR_NAME_EXP;
706 err_packet(ksoc, pkt, code, "password has expired");
708 err_packet(ksoc, pkt, code, (char *)afs_error_message(code));
714 process_udp_appl(int ksoc, struct packet *pkt)
716 char *packet = pkt->rest;
718 char realm[MAXKTCREALMLEN];
719 char ticket[MAXKTCTICKETLEN];
720 char auth[3 * MAXKTCNAMELEN + 4 + 5];
722 int ticketLen, authLen;
726 printf("Processing APPL Request\n");
730 ticketLen = *(unsigned char *)packet++;
731 authLen = *(unsigned char *)packet++;
732 if (ticketLen > sizeof(ticket)) {
733 err_packet(ksoc, pkt, KERB_ERR_TEXT_LENGTH, "ticket too long");
736 memcpy(ticket, packet, ticketLen);
738 if (authLen > sizeof(auth)) {
739 err_packet(ksoc, pkt, KERB_ERR_TEXT_LENGTH, "authenticator too long");
742 memcpy(auth, packet, authLen);
743 pkt->rest = packet + authLen;
745 UDP_GetTicket(ksoc, pkt, kvno, realm, ticket, ticketLen, auth,
749 code = KERB_ERR_PRINCIPAL_UNKNOWN;
750 err_packet(ksoc, pkt, code, (char *)afs_error_message(code));
757 process_udp_request(int ksoc, struct packet *pkt)
759 char *packet = pkt->data;
760 unsigned char version, auth_msg_type;
763 if (version != KRB_PROT_VERSION) {
764 err_packet(ksoc, pkt, KERB_ERR_PKT_VER,
765 "packet version number unknown");
768 auth_msg_type = *packet++;
769 pkt->byteOrder = auth_msg_type & 1;
771 switch (auth_msg_type & ~1) {
772 case AUTH_MSG_KDC_REQUEST:
773 process_udp_auth(ksoc, pkt);
775 case AUTH_MSG_APPL_REQUEST:
776 process_udp_appl(ksoc, pkt);
779 printf("unknown msg type 0x%x\n", auth_msg_type);
780 err_packet(ksoc, pkt, KERB_ERR_BAD_MSG_TYPE,
781 "message type not supported");
788 SocketListener(void *unused)
792 struct packet packet;
797 printf("Starting to listen for UDP packets\n");
801 FD_SET(sock_kerb, &rfds);
803 FD_SET(sock_kerb5, &rfds);
807 /* write and exception fd_set's are null */
808 code = IOMGR_Select(32, &rfds, NULL, NULL, &tv);
809 if (code == 0) { /* timeout */
810 /* printf ("Timeout\n"); */
812 } else if (code < 0) {
813 perror("calling IOMGR_Select");
817 fromLen = sizeof(packet.from);
818 if ((sock_kerb >= 0) && FD_ISSET(sock_kerb, &rfds)) {
820 recvfrom(sock_kerb, packet.data, sizeof(packet.data), 0,
821 (struct sockaddr *)&packet.from, &fromLen);
823 if (errno == EAGAIN || errno == ECONNREFUSED)
825 perror("calling recvfrom");
830 printf("Kerb:udp: Got %d bytes from addr %s which are '",
831 code, afs_inet_ntoa_r(packet.from.sin_addr.s_addr, hoststr));
832 ka_PrintBytes(packet.data, packet.len);
835 packet.name = packet.inst = packet.realm = "";
837 process_udp_request(sock_kerb, &packet);
840 if ((sock_kerb5 >= 0) && FD_ISSET(sock_kerb5, &rfds)) {
842 recvfrom(sock_kerb5, packet.data, sizeof(packet.data), 0,
843 (struct sockaddr *)&packet.from, &fromLen);
845 if (errno == EAGAIN || errno == ECONNREFUSED)
847 perror("calling recvfrom");
852 printf("Kerb5:udp: Got %d bytes from addr %s which are '",
853 code, afs_inet_ntoa_r(packet.from.sin_addr.s_addr, hoststr));
854 ka_PrintBytes(packet.data, packet.len);
857 packet.name = packet.inst = packet.realm = "";
859 process_udp_request(sock_kerb5, &packet);
862 if (sock_kerb >= 0) {
863 closesocket(sock_kerb);
866 if (sock_kerb5 >= 0) {
867 closesocket(sock_kerb5);
870 printf("UDP SocketListener exiting due to error\n");
877 #include "AFS_component_version_number.c"
886 struct sockaddr_in taddr;
887 static PROCESS slPid; /* socket listener pid */
888 static PROCESS checkPid; /* fiveminute check */
890 char *krb4name; /* kerberos version4 service */
896 static int inited = 0;
903 memset(&taddr, 0, sizeof(taddr));
904 krb4name = "kerberos4";
905 sp = getservbyname(krb4name, "udp");
906 taddr.sin_family = AF_INET; /* added for NCR port */
907 #ifdef STRUCT_SOCKADDR_HAS_SA_LEN
908 taddr.sin_len = sizeof(struct sockaddr_in);
911 /* if kerberos-4 is not available, try "kerberos-iv" */
912 krb4name = "kerberos-iv";
913 sp = getservbyname(krb4name, "udp");
916 /* if kerberos-iv is not available, try "kerberos" */
917 krb4name = "kerberos";
918 sp = getservbyname(krb4name, "udp");
922 "kerberos/udp is unknown; check /etc/services. Using port=%d as default\n",
924 taddr.sin_port = htons(KRB_PORT);
926 /* copy the port number */
927 fprintf(stderr, "%s/udp port=%hu\n", krb4name,
928 (unsigned short)sp->s_port);
929 taddr.sin_port = sp->s_port;
931 kerb_port = taddr.sin_port;
932 sock_kerb = socket(AF_INET, SOCK_DGRAM, 0);
933 code = bind(sock_kerb, (struct sockaddr *)&taddr, sizeof(taddr));
935 perror("calling bind");
939 sp = getservbyname("kerberos5", "udp");
942 "kerberos5/udp is unknown; check /etc/services. Using port=%d as default\n",
944 taddr.sin_port = htons(KRB5_PORT);
946 /* copy the port number */
947 fprintf(stderr, "kerberos5/udp port=%hu\n",
948 (unsigned short)sp->s_port);
949 taddr.sin_port = sp->s_port;
951 if (taddr.sin_port != kerb_port) { /* a different port */
952 sock_kerb5 = socket(AF_INET, SOCK_DGRAM, 0);
953 code = bind(sock_kerb5, (struct sockaddr *)&taddr, sizeof(taddr));
955 perror("calling bind");
960 /* Bail out if we can't bind with any port */
961 if ((sock_kerb < 0) && (sock_kerb5 < 0))
965 /* this has already been done */
966 LWP_InitializeProcessSupport(LWP_NORMAL_PRIORITY, &junk);
969 LWP_CreateProcess(SocketListener, /*stacksize */ 16000,
970 LWP_NORMAL_PRIORITY, (void *)0, "Socket Listener",
973 /* just to close the log every five minutes */
975 LWP_CreateProcess(FiveMinuteCheckLWP, 24 * 1024, LWP_MAX_PRIORITY - 2,
976 (void *)&fiveminutes, "FiveMinuteChecks", &checkPid);
979 initialize_ka_error_table();
980 initialize_rxk_error_table();
981 while (1) /* don't just stand there, run it */
990 char *lastOperation; /* name of last operation */
991 char *lrealm = "REALMNAME";
992 struct kadstats dynamic_statistics;
995 InitAuthServ(tt, lock, this_op)
996 struct ubik_trans **tt;
997 int lock; /* read or write transaction */
998 int *this_op; /* op of RCP routine, for COUNT_ABO */
1003 printf("Calling InitAuthServ\n");
1009 struct ubik_trans *tt;
1011 printf("Calling ubik_EndTrans\n");
1017 struct ubik_trans *tt;
1019 printf("Calling ubik_AbortTrans\n");
1024 FindBlock(at, aname, ainstance, tentry)
1025 struct ubik_trans *at;
1028 struct kaentry *tentry;
1030 printf("Calling FindBlock with '%s'.'%s'\n", aname, ainstance);
1031 strcpy(tentry->userID.name, aname);
1032 strcpy(tentry->userID.instance, ainstance);
1033 tentry->key_version = htonl(17);
1034 DES_string_to_key("toa", &tentry->key);
1035 tentry->flags = htonl(KAFNORMAL);
1036 tentry->user_expiration = htonl(NEVERDATE);
1037 tentry->max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME);
1042 ka_LookupKey(tt, name, inst, kvno, key)
1043 struct ubik_trans *tt;
1046 afs_int32 *kvno; /* returned */
1047 struct ktc_encryptionKey *key; /* copied out */
1049 printf("Calling ka_LookupKey with '%s'.'%s'\n", name, inst);
1051 DES_string_to_key("applexx", key);
1055 kvno_tgs_key(authDomain, kvno, tgskey)
1058 struct ktc_encryptionKey *tgskey;
1060 if (strcmp(authDomain, lrealm) != 0)
1061 printf("Called with wrong %s as authDomain\n", authDomain);
1063 printf("kvno_tgs_key: being called with wrong kvno: %d\n", kvno);
1064 DES_string_to_key("applexx", tgskey);
1072 name_instance_legal()