2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 /* This file contains the code to handle UDP requests to the authentication
11 server using the MIT Kerberos protocol for obtaining tickets. It will only
12 handle authentication and get ticket requests to provide read-only protocol
13 level compatibility with the standard Kerberos servers. */
15 #include <afsconfig.h>
16 #include <afs/param.h>
21 #include <sys/types.h>
24 #define snprintf _snprintf
26 #include <sys/socket.h>
28 #include <netinet/in.h>
37 #include <afs/afsutil.h>
39 #include <afs/com_err.h>
51 #include "prot.h" /* protocol definitions */
53 #include "afs/audit.h"
56 /* my kerberos error codes */
57 #define KERB_ERR_BAD_MSG_TYPE 99
58 #define KERB_ERR_BAD_LIFETIME 98
59 #define KERB_ERR_NONNULL_REALM 97
60 #define KERB_ERR_PKT_LENGTH 96
61 #define KERB_ERR_TEXT_LENGTH 95
63 #define KDC_GEN_ERR 20
67 int krb_udp_debug = 0;
69 static int sock_kerb =-1; /* the socket we're using */
70 static int sock_kerb5=-1; /* the socket we're using */
74 struct sockaddr_in from;
80 char *rest; /* remaining bytes of packet */
81 char data[MAX_PKT_LEN];
84 extern struct kadstats dynamic_statistics;
85 extern char *lastOperation;
88 char udpAuthPrincipal[256];
89 char udptgsPrincipal[256];
90 char udptgsServerPrincipal[256];
92 #define putstr(name) if ((slen = strlen(name)) >= MAXKTCNAMELEN) return -1;\
93 else strcpy (answer, name), answer += slen+1
94 #define putint(num) num = htonl(num), \
95 memcpy(answer, &num, sizeof(afs_int32)), \
96 answer += sizeof(afs_int32)
98 #define getstr(name) if ((slen = strlen(packet)) >= sizeof(name)) return -1;\
99 strcpy (name, packet), packet += slen+1
100 #define getint(num) memcpy(&num, packet, sizeof(afs_int32)), \
101 num = ktohl (byteOrder, num), \
102 packet += sizeof(afs_int32)
104 /* this is just to close the log every five minutes to rm works */
108 static FiveMinuteCheckLWP()
111 printf("start 5 min check lwp\n");
115 IOMGR_Sleep(fiveminutes);
116 /* close the log so it can be removed */
117 ReOpenLog(AFSDIR_SERVER_KALOG_FILEPATH);/* no trunc, just append */
122 static afs_int32 create_cipher (cipher, cipherLen, sessionKey, sname, sinst,
123 start, end, kvno, ticket, ticketLen, key)
126 struct ktc_encryptionKey *sessionKey;
133 struct ktc_encryptionKey *key;
136 unsigned char life = time_to_life (start, end);
138 des_key_schedule schedule;
142 len = sizeof(*sessionKey) + strlen(sname) + strlen(sinst) +
143 strlen(lrealm) + 3/*nulls*/ + 3 + ticketLen + sizeof(Date);
144 if (len > *cipherLen) return KAANSWERTOOLONG;
145 if (ticketLen > 255) return KAANSWERTOOLONG;
146 if (kvno > 255) return KAANSWERTOOLONG;
148 memcpy(answer, sessionKey, sizeof(*sessionKey));
149 answer += sizeof(*sessionKey);
154 *answer++ = (unsigned char) kvno;
155 *answer++ = (unsigned char) ticketLen;
156 memcpy(answer, ticket, ticketLen);
161 printf ("Printing ticket (%d) and date: ", ticketLen);
162 ka_PrintBytes (ticket, ticketLen);
163 ka_PrintBytes (answer-4, 4);
167 if (code = des_key_sched (key, schedule))
168 printf ("In KAAuthenticate: key_sched returned %d\n", code);
169 des_pcbc_encrypt (cipher, cipher, len, schedule, key, ENCRYPT);
170 *cipherLen = round_up_to_ebs (len);
173 printf ("Printing cipher (%d): ", *cipherLen);
174 ka_PrintBytes (cipher, *cipherLen);
180 static afs_int32 create_reply (ans, name, inst, startTime, endTime, kvno,
185 Date startTime, endTime;
189 { char *answer = ans->data;
192 ans->len = 2 + strlen(name) + strlen(inst) + 3/*nulls*/ +
193 sizeof(afs_int32) + 1/*ntkts*/ + sizeof(afs_int32) + 1/*kvno*/ +
194 sizeof(short) + cipherLen;
195 if (ans->len > sizeof(ans->data)) return KAANSWERTOOLONG;
196 if (kvno > 255) return KAANSWERTOOLONG;
198 *answer++ = (unsigned char) KRB_PROT_VERSION;
199 *answer++ = (unsigned char) AUTH_MSG_KDC_REPLY;
200 /* always send claiming network byte order */
205 *answer++ = 1; /* undocumented number of tickets! */
207 *answer++ = (unsigned char) kvno;
208 { short w = (short) cipherLen;
210 memcpy(answer, &w, sizeof(short));
211 answer += sizeof(short);
213 memcpy(answer, cipher, cipherLen);
217 static afs_int32 check_auth (pkt, auth, authLen, key, name, inst, cell)
221 struct ktc_encryptionKey *key;
226 des_key_schedule schedule;
228 /* unsigned char time_msec; */
230 int byteOrder = pkt->byteOrder;
232 des_key_sched (key, schedule);
233 des_pcbc_encrypt (auth, auth, authLen, schedule, key, DECRYPT);
235 if (strcmp (packet, name) != 0) return KABADTICKET;
236 packet += strlen (packet) + 1;
237 if (strcmp (packet, inst) != 0) return KABADTICKET;
238 packet += strlen (packet) + 1;
239 if (strcmp (packet, cell) != 0) return KABADTICKET;
240 packet += strlen (packet) + 1;
242 /* time_msec = */ *(unsigned char *)packet++;
244 if ((packet-auth) > authLen) return KABADTICKET;
248 afs_int32 UDP_Authenticate (ksoc, client, name, inst, startTime, endTime, sname, sinst)
250 struct sockaddr_in *client;
257 { struct ubik_trans *tt;
258 afs_int32 to; /* offset of block */
259 struct kaentry tentry;
260 afs_int32 tgskvno; /* key version of service key */
261 struct ktc_encryptionKey tgskey; /* service key for encrypting ticket */
266 char ticket[MAXKTCTICKETLEN]; /* our copy of the ticket */
268 struct ktc_encryptionKey sessionKey; /* we have to invent a session key */
270 char cipher[2*MAXKTCTICKETLEN]; /* put encrypted part of answer here */
274 COUNT_REQ (UAuthenticate);
275 if (!name_instance_legal (name, inst)) return KERB_ERR_NAME_EXP; /* KABADNAME */
276 if (code = InitAuthServ (&tt, LOCKREAD, this_op)) return code;
278 code = FindBlock (tt, name, inst, &to, &tentry);
279 if (code) goto abort;
280 if (to) { /* if user exists check other stuff */
282 struct kaentry sentry;
283 save_principal (udpAuthPrincipal, name, inst, 0);
285 tgt = ((strcmp (sname, KA_TGS_NAME) == 0) &&
286 (strcmp (sinst, lrealm) == 0));
287 if ((ntohl(tentry.user_expiration) < now) ||
288 (tgt && (ntohl(tentry.flags) & KAFNOTGS))) {
289 code = KERB_ERR_NAME_EXP; /* KABADUSER */
292 code = FindBlock (tt, KA_TGS_NAME, lrealm, &sto, &sentry);
293 if (code) goto abort;
294 if (sto == 0) {code = KANOENT; goto abort; }
295 if ((ntohl(sentry.user_expiration) < now)) {
296 code = KERB_ERR_NAME_EXP; /* XXX Could use another error code XXX */
299 if (abs (startTime - now) > KTC_TIME_UNCERTAINTY) {
300 code = KERB_ERR_SERVICE_EXP; /* was KABADREQUEST */
304 if (tentry.misc_auth_bytes) {
305 unsigned char misc_auth_bytes[4];
306 afs_uint32 temp; /* unsigned for safety */
307 afs_uint32 pwexpires;
309 temp = ntohl(*((afs_int32 *)(tentry.misc_auth_bytes)));
310 unpack_long(temp, misc_auth_bytes);
311 pwexpires = misc_auth_bytes[0];
313 pwexpires= ntohl(tentry.change_password_time) + 24*60*60*pwexpires;
314 if ( pwexpires < now ) {
315 code = KERB_ERR_AUTH_EXP; /* was KAPWEXPIRED */
321 /* make the ticket */
322 code = des_random_key (&sessionKey);
324 code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
327 endTime = umin (endTime,
328 startTime + ntohl(tentry.max_ticket_lifetime));
329 if ((code = ka_LookupKey (tt, sname, sinst, &tgskvno, &tgskey)) ||
330 (code = tkt_MakeTicket (ticket, &ticketLen, &tgskey,
332 startTime, endTime, &sessionKey,
333 htonl(client->sin_addr.s_addr), sname, sinst)))
336 cipherLen = sizeof(cipher);
338 (cipher, &cipherLen, &sessionKey, sname, sinst,
339 startTime, endTime, tgskvno, ticket, ticketLen, &tentry.key);
340 if (code) goto abort;
341 } else { /* no such user */
343 tentry.key_version = 0;
345 code = ubik_EndTrans(tt);
349 code = create_reply (&ans, name, inst, startTime, endTime,
350 ntohl(tentry.key_version), cipher, cipherLen);
355 printf ("Sending %d bytes ending in: ", ans.len);
356 ka_PrintBytes (ans.data+ans.len-8, 8);
360 code = sendto (ksoc, ans.data, ans.len, 0,
361 (struct sockaddr *) client, sizeof(*client));
362 if (code != ans.len) {
363 perror ("calling sendto");
367 KALOG(name, inst, sname, sinst, NULL, client->sin_addr.s_addr, LOG_AUTHENTICATE);
368 osi_audit ( UDPAuthenticateEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_END);
373 ubik_AbortTrans (tt);
376 osi_audit ( UDPAuthenticateEvent, code, AUD_STR, name, AUD_STR, inst, AUD_END);
380 afs_int32 UDP_GetTicket (ksoc, pkt, kvno, authDomain, ticket, ticketLen, auth, authLen)
390 struct ktc_encryptionKey tgskey;
391 char name[MAXKTCNAMELEN];
392 char inst[MAXKTCNAMELEN];
393 char cell[MAXKTCREALMLEN];
394 struct ktc_encryptionKey authSessionKey;
404 int byteOrder = pkt->byteOrder;
405 char sname[MAXKTCNAMELEN];
406 char sinst[MAXKTCNAMELEN];
410 struct ubik_trans *tt;
412 struct kaentry caller;
413 struct kaentry server;
415 struct ktc_encryptionKey sessionKey;
417 char newTicket[MAXKTCTICKETLEN];
419 char cipher[2*MAXKTCTICKETLEN]; /* put encrypted part of answer here */
423 COUNT_REQ (UGetTicket);
425 if (code = InitAuthServ(&tt, LOCKREAD, this_op)) goto fail;
426 code = ka_LookupKvno (tt, KA_TGS_NAME,
427 ((strlen(authDomain) > 0) ? authDomain : lrealm),
429 if (code) goto abort;
431 code = tkt_DecodeTicket (ticket, ticketLen, &tgskey, name, inst, cell,
432 &authSessionKey, &host, &start, &authEnd);
437 code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */
440 save_principal (udptgsPrincipal, name, inst, cell);
441 code = tkt_CheckTimes (start, authEnd, now);
444 code = KERB_ERR_SERVICE_EXP; /* was RXKADEXPIRED */
447 code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */
450 celllen = strlen (cell);
452 if ((strlen(authDomain) > 0) && (strcmp (authDomain, lrealm) != 0))
454 if (import && (celllen == 0)) {
455 code = KERB_ERR_PKT_VER; /* was KABADTICKET */
459 strncpy (cell, lrealm, MAXKTCREALMLEN-1);
460 cell[MAXKTCREALMLEN-1] = 0;
464 printf ("UGetTicket: got ticket from '%s'.'%s'@'%s'\n",
468 code = check_auth (pkt, auth, authLen, &authSessionKey, name, inst, cell);
469 if (code) goto abort;
471 /* authenticator and all is OK so read actual request */
474 life = *(unsigned char *)packet++;
478 reqEnd = life_to_time (start, life);
480 printf ("UGetTicket: request for server '%s'.'%s'\n", sname, sinst);
482 save_principal (udptgsServerPrincipal, sname, sinst, 0);
485 strcpy (caller.userID.name, name);
486 strcpy (caller.userID.instance, inst);
487 caller.max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME);
490 code = FindBlock(tt, name, inst, &to, &caller);
491 if (code) goto abort;
493 ka_PrintUserID ("GetTicket: User ", name, inst, " unknown.\n");
494 code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */
497 if (ntohl(caller.flags) & KAFNOTGS)
498 { code = KERB_ERR_AUTH_EXP; /* was KABADUSER */
502 code = FindBlock (tt, sname, sinst, &to, &server); /* get server's entry */
503 if (code) goto abort;
504 if (to == 0) { /* entry not found */
505 ka_PrintUserID ("GetTicket: Server ", sname, sinst, " unknown.\n");
506 code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */
509 code = ubik_EndTrans (tt);
512 if (ntohl(server.flags) & KAFNOSEAL) return KABADSERVER;
514 code = des_random_key (&sessionKey);
516 code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
520 reqEnd = umin (umin (reqEnd, authEnd),
521 umin (start+ntohl(caller.max_ticket_lifetime),
522 start+ntohl(server.max_ticket_lifetime)));
524 code = tkt_MakeTicket (newTicket, &newTicketLen, &server.key,
525 caller.userID.name, caller.userID.instance, cell,
526 start, reqEnd, &sessionKey,
527 htonl(pkt->from.sin_addr.s_addr),
528 server.userID.name, server.userID.instance);
531 cipherLen = sizeof(cipher);
533 (cipher, &cipherLen, &sessionKey, sname, sinst,
534 start, reqEnd, ntohl(server.key_version),
535 newTicket, newTicketLen, &authSessionKey);
538 code = create_reply (&ans, name, inst, start, reqEnd, 0,
542 code = sendto (ksoc, ans.data, ans.len, 0,
543 (struct sockaddr *) &pkt->from, sizeof(pkt->from));
544 if (code != ans.len) {
545 perror ("calling sendto");
550 if (cipherLen != 0) {
551 KALOG(name, inst, sname, sinst, NULL, host, LOG_GETTICKET);
553 osi_audit ( UDPGetTicketEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_STR, cell, AUD_STR, sname, AUD_STR, sinst, AUD_END);
559 osi_audit ( UDPGetTicketEvent, code, AUD_STR, name, AUD_STR, inst, AUD_STR, NULL, AUD_STR, NULL, AUD_STR, NULL, AUD_END);
563 static int err_packet (ksoc, pkt, code, reason)
569 char *answer = ans.data;
573 if (reason == 0) reason = "";
574 snprintf (buf, 255, "code = %d: %s", code, reason);
577 printf ("Sending error packet to '%s'.'%s'@'%s' containing %s\n",
578 pkt->name, pkt->inst, pkt->realm, buf);
581 ans.len = 2 + strlen(pkt->name) + strlen(pkt->inst) + strlen(pkt->realm) +
582 3/* nulls */ + (2 * sizeof(afs_int32)) + strlen (buf) + 1;
583 if (ans.len > sizeof(ans.data)) {
584 printf ("Answer packet too long\n");
588 *answer++ = (unsigned char) KRB_PROT_VERSION;
589 *answer++ = (unsigned char) AUTH_MSG_ERR_REPLY;
590 /* always send claiming network byte order */
595 if ((code < 0) || (code > KERB_ERR_MAXIMUM)) {
596 /* It could be because of kauth errors so we should return something instead of success!! */
602 code = sendto(ksoc, ans.data, ans.len, 0,
603 (struct sockaddr *) &pkt->from, sizeof(pkt->from));
604 if (code != ans.len) {
606 printf ("call to sendto returned %d, sending error packet %d bytes long\n",
608 else perror ("err_packet: sendto");
614 process_udp_auth (ksoc, pkt)
617 { char *packet = pkt->rest;
618 char name[MAXKTCNAMELEN];
619 char inst[MAXKTCNAMELEN];
620 char realm[MAXKTCREALMLEN];
621 char sname[MAXKTCNAMELEN];
622 char sinst[MAXKTCNAMELEN];
625 Date startTime, endTime;
626 unsigned char lifetime;
636 printf ("Processing KDC Request from '%s'.'%s'@'%s'\n",
640 if ((strlen(realm) > 0) && (strcmp (realm, lrealm) != 0)) {
641 err_packet (ksoc, pkt, KERB_ERR_NONNULL_REALM,
642 "null realm name not allowed");
645 memcpy(&startTime, packet, sizeof(startTime));
646 packet += sizeof(startTime);
647 startTime = ktohl (pkt->byteOrder, startTime);
648 pkt->time = startTime;
649 lifetime = *packet++;
650 endTime = life_to_time (startTime, lifetime);
651 code = tkt_CheckTimes (startTime, endTime, now);
653 err_packet (ksoc, pkt, KERB_ERR_BAD_LIFETIME,
654 "requested ticket lifetime invalid");
659 if ((packet - pkt->data) != pkt->len) {
660 err_packet (ksoc, pkt, KERB_ERR_PKT_LENGTH, "packet length inconsistent");
664 code = UDP_Authenticate (ksoc, &pkt->from, name, inst,
665 startTime, endTime, sname, sinst);
667 if (code == KANOENT) {
668 code = KERB_ERR_PRINCIPAL_UNKNOWN;
669 err_packet (ksoc, pkt, code, (char *)error_message (code));
670 } else if (code == KAPWEXPIRED) {
671 code = KERB_ERR_NAME_EXP;
672 err_packet (ksoc, pkt, code, "password has expired");
674 err_packet (ksoc, pkt, code, (char *)error_message (code));
680 process_udp_appl (ksoc, pkt)
683 { char *packet = pkt->rest;
685 char realm[MAXKTCREALMLEN];
686 char ticket[MAXKTCTICKETLEN];
687 char auth[3*MAXKTCNAMELEN+4+5];
689 int ticketLen, authLen;
693 printf ("Processing APPL Request\n");
697 ticketLen = *(unsigned char *)packet++;
698 authLen = *(unsigned char *)packet++;
699 if (ticketLen > sizeof(ticket)) {
700 err_packet (ksoc, pkt, KERB_ERR_TEXT_LENGTH, "ticket too long");
703 memcpy(ticket, packet, ticketLen);
705 if (authLen > sizeof(auth)) {
706 err_packet (ksoc, pkt, KERB_ERR_TEXT_LENGTH, "authenticator too long");
709 memcpy(auth, packet, authLen);
710 pkt->rest = packet + authLen;
711 code = UDP_GetTicket (ksoc, pkt, kvno, realm, ticket, ticketLen, auth, authLen);
713 if (code == KANOENT) code = KERB_ERR_PRINCIPAL_UNKNOWN;
714 err_packet (ksoc, pkt, code, (char*)error_message (code));
721 process_udp_request (ksoc, pkt)
724 { char *packet = pkt->data;
725 unsigned char version, auth_msg_type;
728 if (version != KRB_PROT_VERSION) {
729 err_packet (ksoc, pkt, KERB_ERR_PKT_VER, "packet version number unknown");
732 auth_msg_type = *packet++;
733 pkt->byteOrder = auth_msg_type & 1;
735 switch (auth_msg_type & ~1) {
736 case AUTH_MSG_KDC_REQUEST:
737 process_udp_auth (ksoc, pkt);
739 case AUTH_MSG_APPL_REQUEST:
740 process_udp_appl (ksoc, pkt);
743 printf ("unknown msg type 0x%x\n", auth_msg_type);
744 err_packet (ksoc, pkt, KERB_ERR_BAD_MSG_TYPE, "message type not supported");
750 static SocketListener ()
753 struct packet packet;
757 printf ("Starting to listen for UDP packets\n");
760 if (sock_kerb >= 0) FD_SET(sock_kerb, &rfds);
761 if (sock_kerb5 >= 0) FD_SET(sock_kerb5, &rfds);
765 /* write and exception fd_set's are null */
766 code = IOMGR_Select(32, &rfds, NULL, NULL, &tv);
767 if (code == 0) { /* timeout */
768 /* printf ("Timeout\n"); */
772 perror ("calling IOMGR_Select");
776 fromLen = sizeof(packet.from);
777 if ((sock_kerb >= 0) && FD_ISSET(sock_kerb, &rfds)) {
778 code = recvfrom(sock_kerb, packet.data, sizeof(packet.data), 0,
779 (struct sockaddr *) &packet.from, &fromLen);
781 if (errno == EAGAIN || errno == ECONNREFUSED)
783 perror ("calling recvfrom");
788 printf ("Kerb:udp: Got %d bytes from addr %s which are '",
789 code, afs_inet_ntoa(packet.from.sin_addr.s_addr));
790 ka_PrintBytes (packet.data, packet.len);
793 packet.name = packet.inst = packet.realm = "";
795 process_udp_request (sock_kerb, &packet);
798 if ((sock_kerb5 >= 0) && FD_ISSET(sock_kerb5, &rfds)) {
799 code = recvfrom(sock_kerb5, packet.data, sizeof(packet.data), 0,
800 (struct sockaddr *) &packet.from, &fromLen);
802 if (errno == EAGAIN || errno == ECONNREFUSED)
804 perror ("calling recvfrom");
809 printf ("Kerb5:udp: Got %d bytes from addr %s which are '",
810 code, afs_inet_ntoa(packet.from.sin_addr.s_addr));
811 ka_PrintBytes (packet.data, packet.len);
814 packet.name = packet.inst = packet.realm = "";
816 process_udp_request (sock_kerb5, &packet);
819 if (sock_kerb >= 0) {
823 if (sock_kerb5 >= 0) {
827 printf("UDP SocketListener exiting due to error\n");
832 #include "AFS_component_version_number.c"
836 afs_int32 init_krb_udp ()
838 { struct sockaddr_in taddr;
839 static PROCESS slPid; /* socket listener pid */
840 static PROCESS checkPid; /* fiveminute check */
842 char* krb4name; /* kerberos version4 service */
848 static int inited = 0;
851 if (inited) return -1;
854 memset(&taddr, 0, sizeof(taddr));
855 krb4name = "kerberos4";
856 sp = getservbyname(krb4name, "udp");
857 taddr.sin_family = AF_INET; /* added for NCR port */
858 #ifdef STRUCT_SOCKADDR_HAS_SA_LEN
859 taddr.sin_len = sizeof(struct sockaddr_in);
863 /* if kerberos-4 is not available, try "kerberos-iv" */
864 krb4name = "kerberos-iv";
865 sp = getservbyname(krb4name, "udp");
869 /* if kerberos-iv is not available, try "kerberos" */
870 krb4name = "kerberos";
871 sp = getservbyname(krb4name, "udp");
875 "kerberos/udp is unknown; check /etc/services. Using port=%d as default\n",
877 taddr.sin_port = htons(KRB_PORT);
879 /* copy the port number */
880 fprintf (stderr, "%s/udp port=%hu\n", krb4name, (unsigned short)sp->s_port);
881 taddr.sin_port = sp->s_port;
883 kerb_port = taddr.sin_port;
884 sock_kerb = socket(AF_INET, SOCK_DGRAM, 0);
885 code = bind(sock_kerb, (struct sockaddr *) &taddr, sizeof(taddr));
887 perror ("calling bind");
891 sp = getservbyname("kerberos5", "udp");
894 "kerberos5/udp is unknown; check /etc/services. Using port=%d as default\n",
896 taddr.sin_port = htons(KRB5_PORT);
898 /* copy the port number */
899 fprintf (stderr, "kerberos5/udp port=%hu\n", (unsigned short)sp->s_port);
900 taddr.sin_port = sp->s_port;
902 if (taddr.sin_port != kerb_port) { /* a different port */
903 sock_kerb5 = socket(AF_INET, SOCK_DGRAM, 0);
904 code = bind(sock_kerb5, (struct sockaddr *) &taddr, sizeof(taddr));
906 perror ("calling bind");
911 /* Bail out if we can't bind with any port */
912 if ((sock_kerb < 0) && (sock_kerb5 < 0))
916 /* this has already been done */
917 LWP_InitializeProcessSupport(LWP_NORMAL_PRIORITY, &junk);
920 LWP_CreateProcess(SocketListener, /*stacksize*/16000, LWP_NORMAL_PRIORITY,
921 0, "Socket Listener", &slPid);
923 /* just to close the log every five minutes */
925 LWP_CreateProcess(FiveMinuteCheckLWP, 24*1024,
926 LWP_MAX_PRIORITY - 2, &fiveminutes,
927 "FiveMinuteChecks", &checkPid);
930 initialize_ka_error_table();
931 initialize_rxk_error_table();
932 while (1) /* don't just stand there, run it */
941 char *lastOperation; /* name of last operation */
942 char *lrealm = "REALMNAME";
943 struct kadstats dynamic_statistics;
945 static int InitAuthServ (tt, lock, this_op)
946 struct ubik_trans **tt;
947 int lock; /* read or write transaction */
948 int *this_op; /* op of RCP routine, for COUNT_ABO */
952 printf ("Calling InitAuthServ\n");
956 static int ubik_EndTrans (tt)
957 struct ubik_trans *tt;
959 printf ("Calling ubik_EndTrans\n");
963 static int ubik_AbortTrans (tt)
964 struct ubik_trans *tt;
966 printf ("Calling ubik_AbortTrans\n");
970 static int FindBlock (at, aname, ainstance, tentry)
971 struct ubik_trans *at;
974 struct kaentry *tentry;
976 printf ("Calling FindBlock with '%s'.'%s'\n", aname, ainstance);
977 strcpy (tentry->userID.name, aname);
978 strcpy (tentry->userID.instance, ainstance);
979 tentry->key_version = htonl(17);
980 des_string_to_key ("toa", &tentry->key);
981 tentry->flags = htonl(KAFNORMAL);
982 tentry->user_expiration = htonl(NEVERDATE);
983 tentry->max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME);
987 static int ka_LookupKey (tt, name, inst, kvno, key)
988 struct ubik_trans *tt;
991 afs_int32 *kvno; /* returned */
992 struct ktc_encryptionKey *key; /* copied out */
994 printf ("Calling ka_LookupKey with '%s'.'%s'\n", name, inst);
996 des_string_to_key ("applexx", key);
999 static afs_int32 kvno_tgs_key (authDomain, kvno, tgskey)
1002 struct ktc_encryptionKey *tgskey;
1004 if (strcmp (authDomain, lrealm) != 0)
1005 printf ("Called with wrong %s as authDomain\n", authDomain);
1007 printf ("kvno_tgs_key: being called with wrong kvno: %d\n", kvno);
1008 des_string_to_key ("applexx", tgskey);
1015 name_instance_legal ()
git://git.openafs.org / openafs.git / blob