2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 /* This file contains the code to handle UDP requests to the authentication
11 server using the MIT Kerberos protocol for obtaining tickets. It will only
12 handle authentication and get ticket requests to provide read-only protocol
13 level compatibility with the standard Kerberos servers. */
15 #include <afsconfig.h>
16 #include <afs/param.h>
21 #include <sys/types.h>
24 #define snprintf _snprintf
26 #include <sys/socket.h>
28 #include <netinet/in.h>
30 #include <afs/afsutil.h>
32 #include <afs/com_err.h>
44 #include "prot.h" /* protocol definitions */
46 #include "afs/audit.h"
49 /* my kerberos error codes */
50 #define KERB_ERR_BAD_MSG_TYPE 99
51 #define KERB_ERR_BAD_LIFETIME 98
52 #define KERB_ERR_NONNULL_REALM 97
53 #define KERB_ERR_PKT_LENGTH 96
54 #define KERB_ERR_TEXT_LENGTH 95
56 #define KDC_GEN_ERR 20
60 int krb_udp_debug = 0;
62 static int sock_kerb =-1; /* the socket we're using */
63 static int sock_kerb5=-1; /* the socket we're using */
67 struct sockaddr_in from;
73 char *rest; /* remaining bytes of packet */
74 char data[MAX_PKT_LEN];
77 extern struct kadstats dynamic_statistics;
78 extern char *lastOperation;
81 char udpAuthPrincipal[256];
82 char udptgsPrincipal[256];
83 char udptgsServerPrincipal[256];
85 #define putstr(name) if ((slen = strlen(name)) >= MAXKTCNAMELEN) return -1;\
86 else strcpy (answer, name), answer += slen+1
87 #define putint(num) num = htonl(num), \
88 memcpy(answer, &num, sizeof(afs_int32)), \
89 answer += sizeof(afs_int32)
91 #define getstr(name) if ((slen = strlen(packet)) >= sizeof(name)) return -1;\
92 strcpy (name, packet), packet += slen+1
93 #define getint(num) memcpy(&num, packet, sizeof(afs_int32)), \
94 num = ktohl (byteOrder, num), \
95 packet += sizeof(afs_int32)
97 /* this is just to close the log every five minutes to rm works */
101 static FiveMinuteCheckLWP()
104 printf("start 5 min check lwp\n");
108 IOMGR_Sleep(fiveminutes);
109 /* close the log so it can be removed */
110 ReOpenLog(AFSDIR_SERVER_KALOG_FILEPATH);/* no trunc, just append */
115 static afs_int32 create_cipher (cipher, cipherLen, sessionKey, sname, sinst,
116 start, end, kvno, ticket, ticketLen, key)
119 struct ktc_encryptionKey *sessionKey;
126 struct ktc_encryptionKey *key;
129 unsigned char life = time_to_life (start, end);
131 des_key_schedule schedule;
135 len = sizeof(*sessionKey) + strlen(sname) + strlen(sinst) +
136 strlen(lrealm) + 3/*nulls*/ + 3 + ticketLen + sizeof(Date);
137 if (len > *cipherLen) return KAANSWERTOOLONG;
138 if (ticketLen > 255) return KAANSWERTOOLONG;
139 if (kvno > 255) return KAANSWERTOOLONG;
141 memcpy(answer, sessionKey, sizeof(*sessionKey));
142 answer += sizeof(*sessionKey);
147 *answer++ = (unsigned char) kvno;
148 *answer++ = (unsigned char) ticketLen;
149 memcpy(answer, ticket, ticketLen);
154 printf ("Printing ticket (%d) and date: ", ticketLen);
155 ka_PrintBytes (ticket, ticketLen);
156 ka_PrintBytes (answer-4, 4);
160 if (code = des_key_sched (key, schedule))
161 printf ("In KAAuthenticate: key_sched returned %d\n", code);
162 des_pcbc_encrypt (cipher, cipher, len, schedule, key, ENCRYPT);
163 *cipherLen = round_up_to_ebs (len);
166 printf ("Printing cipher (%d): ", *cipherLen);
167 ka_PrintBytes (cipher, *cipherLen);
173 static afs_int32 create_reply (ans, name, inst, startTime, endTime, kvno,
178 Date startTime, endTime;
182 { char *answer = ans->data;
185 ans->len = 2 + strlen(name) + strlen(inst) + 3/*nulls*/ +
186 sizeof(afs_int32) + 1/*ntkts*/ + sizeof(afs_int32) + 1/*kvno*/ +
187 sizeof(short) + cipherLen;
188 if (ans->len > sizeof(ans->data)) return KAANSWERTOOLONG;
189 if (kvno > 255) return KAANSWERTOOLONG;
191 *answer++ = (unsigned char) KRB_PROT_VERSION;
192 *answer++ = (unsigned char) AUTH_MSG_KDC_REPLY;
193 /* always send claiming network byte order */
198 *answer++ = 1; /* undocumented number of tickets! */
200 *answer++ = (unsigned char) kvno;
201 { short w = (short) cipherLen;
203 memcpy(answer, &w, sizeof(short));
204 answer += sizeof(short);
206 memcpy(answer, cipher, cipherLen);
210 static afs_int32 check_auth (pkt, auth, authLen, key, name, inst, cell)
214 struct ktc_encryptionKey *key;
219 des_key_schedule schedule;
221 /* unsigned char time_msec; */
223 int byteOrder = pkt->byteOrder;
225 des_key_sched (key, schedule);
226 des_pcbc_encrypt (auth, auth, authLen, schedule, key, DECRYPT);
228 if (strcmp (packet, name) != 0) return KABADTICKET;
229 packet += strlen (packet) + 1;
230 if (strcmp (packet, inst) != 0) return KABADTICKET;
231 packet += strlen (packet) + 1;
232 if (strcmp (packet, cell) != 0) return KABADTICKET;
233 packet += strlen (packet) + 1;
235 /* time_msec = */ *(unsigned char *)packet++;
237 if ((packet-auth) > authLen) return KABADTICKET;
241 afs_int32 UDP_Authenticate (ksoc, client, name, inst, startTime, endTime, sname, sinst)
243 struct sockaddr_in *client;
250 { struct ubik_trans *tt;
251 afs_int32 to; /* offset of block */
252 struct kaentry tentry;
253 afs_int32 tgskvno; /* key version of service key */
254 struct ktc_encryptionKey tgskey; /* service key for encrypting ticket */
259 char ticket[MAXKTCTICKETLEN]; /* our copy of the ticket */
261 struct ktc_encryptionKey sessionKey; /* we have to invent a session key */
263 char cipher[2*MAXKTCTICKETLEN]; /* put encrypted part of answer here */
267 COUNT_REQ (UAuthenticate);
268 if (!name_instance_legal (name, inst)) return KERB_ERR_NAME_EXP; /* KABADNAME */
269 if (code = InitAuthServ (&tt, LOCKREAD, this_op)) return code;
271 code = FindBlock (tt, name, inst, &to, &tentry);
272 if (code) goto abort;
273 if (to) { /* if user exists check other stuff */
275 struct kaentry sentry;
276 save_principal (udpAuthPrincipal, name, inst, 0);
278 tgt = ((strcmp (sname, KA_TGS_NAME) == 0) &&
279 (strcmp (sinst, lrealm) == 0));
280 if ((ntohl(tentry.user_expiration) < now) ||
281 (tgt && (ntohl(tentry.flags) & KAFNOTGS))) {
282 code = KERB_ERR_NAME_EXP; /* KABADUSER */
285 code = FindBlock (tt, KA_TGS_NAME, lrealm, &sto, &sentry);
286 if (code) goto abort;
287 if (sto == 0) {code = KANOENT; goto abort; }
288 if ((ntohl(sentry.user_expiration) < now)) {
289 code = KERB_ERR_NAME_EXP; /* XXX Could use another error code XXX */
292 if (abs (startTime - now) > KTC_TIME_UNCERTAINTY) {
293 code = KERB_ERR_SERVICE_EXP; /* was KABADREQUEST */
297 if (tentry.misc_auth_bytes) {
298 unsigned char misc_auth_bytes[4];
299 afs_uint32 temp; /* unsigned for safety */
300 afs_uint32 pwexpires;
302 temp = ntohl(*((afs_int32 *)(tentry.misc_auth_bytes)));
303 unpack_long(temp, misc_auth_bytes);
304 pwexpires = misc_auth_bytes[0];
306 pwexpires= ntohl(tentry.change_password_time) + 24*60*60*pwexpires;
307 if ( pwexpires < now ) {
308 code = KERB_ERR_AUTH_EXP; /* was KAPWEXPIRED */
314 /* make the ticket */
315 code = des_random_key (&sessionKey);
317 code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
320 endTime = umin (endTime,
321 startTime + ntohl(tentry.max_ticket_lifetime));
322 if ((code = ka_LookupKey (tt, sname, sinst, &tgskvno, &tgskey)) ||
323 (code = tkt_MakeTicket (ticket, &ticketLen, &tgskey,
325 startTime, endTime, &sessionKey,
326 htonl(client->sin_addr.s_addr), sname, sinst)))
329 cipherLen = sizeof(cipher);
331 (cipher, &cipherLen, &sessionKey, sname, sinst,
332 startTime, endTime, tgskvno, ticket, ticketLen, &tentry.key);
333 if (code) goto abort;
334 } else { /* no such user */
336 tentry.key_version = 0;
338 code = ubik_EndTrans(tt);
342 code = create_reply (&ans, name, inst, startTime, endTime,
343 ntohl(tentry.key_version), cipher, cipherLen);
348 printf ("Sending %d bytes ending in: ", ans.len);
349 ka_PrintBytes (ans.data+ans.len-8, 8);
353 code = sendto (ksoc, ans.data, ans.len, 0,
354 (struct sockaddr *) client, sizeof(*client));
355 if (code != ans.len) {
356 perror ("calling sendto");
360 KALOG(name, inst, sname, sinst, NULL, client->sin_addr.s_addr, LOG_AUTHENTICATE);
361 osi_audit ( UDPAuthenticateEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_END);
366 ubik_AbortTrans (tt);
369 osi_audit ( UDPAuthenticateEvent, code, AUD_STR, name, AUD_STR, inst, AUD_END);
373 afs_int32 UDP_GetTicket (ksoc, pkt, kvno, authDomain, ticket, ticketLen, auth, authLen)
383 struct ktc_encryptionKey tgskey;
384 char name[MAXKTCNAMELEN];
385 char inst[MAXKTCNAMELEN];
386 char cell[MAXKTCREALMLEN];
387 struct ktc_encryptionKey authSessionKey;
397 int byteOrder = pkt->byteOrder;
398 char sname[MAXKTCNAMELEN];
399 char sinst[MAXKTCNAMELEN];
403 struct ubik_trans *tt;
405 struct kaentry caller;
406 struct kaentry server;
408 struct ktc_encryptionKey sessionKey;
410 char newTicket[MAXKTCTICKETLEN];
412 char cipher[2*MAXKTCTICKETLEN]; /* put encrypted part of answer here */
416 COUNT_REQ (UGetTicket);
418 if (code = InitAuthServ(&tt, LOCKREAD, this_op)) goto fail;
419 code = ka_LookupKvno (tt, KA_TGS_NAME,
420 ((strlen(authDomain) > 0) ? authDomain : lrealm),
422 if (code) goto abort;
424 code = tkt_DecodeTicket (ticket, ticketLen, &tgskey, name, inst, cell,
425 &authSessionKey, &host, &start, &authEnd);
430 code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */
433 save_principal (udptgsPrincipal, name, inst, cell);
434 code = tkt_CheckTimes (start, authEnd, now);
437 code = KERB_ERR_SERVICE_EXP; /* was RXKADEXPIRED */
440 code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */
443 celllen = strlen (cell);
445 if ((strlen(authDomain) > 0) && (strcmp (authDomain, lrealm) != 0))
447 if (import && (celllen == 0)) {
448 code = KERB_ERR_PKT_VER; /* was KABADTICKET */
452 strncpy (cell, lrealm, MAXKTCREALMLEN-1);
453 cell[MAXKTCREALMLEN-1] = 0;
457 printf ("UGetTicket: got ticket from '%s'.'%s'@'%s'\n",
461 code = check_auth (pkt, auth, authLen, &authSessionKey, name, inst, cell);
462 if (code) goto abort;
464 /* authenticator and all is OK so read actual request */
467 life = *(unsigned char *)packet++;
471 reqEnd = life_to_time (start, life);
473 printf ("UGetTicket: request for server '%s'.'%s'\n", sname, sinst);
475 save_principal (udptgsServerPrincipal, sname, sinst, 0);
478 strcpy (caller.userID.name, name);
479 strcpy (caller.userID.instance, inst);
480 caller.max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME);
483 code = FindBlock(tt, name, inst, &to, &caller);
484 if (code) goto abort;
486 ka_PrintUserID ("GetTicket: User ", name, inst, " unknown.\n");
487 code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */
490 if (ntohl(caller.flags) & KAFNOTGS)
491 { code = KERB_ERR_AUTH_EXP; /* was KABADUSER */
495 code = FindBlock (tt, sname, sinst, &to, &server); /* get server's entry */
496 if (code) goto abort;
497 if (to == 0) { /* entry not found */
498 ka_PrintUserID ("GetTicket: Server ", sname, sinst, " unknown.\n");
499 code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */
502 code = ubik_EndTrans (tt);
505 if (ntohl(server.flags) & KAFNOSEAL) return KABADSERVER;
507 code = des_random_key (&sessionKey);
509 code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
513 reqEnd = umin (umin (reqEnd, authEnd),
514 umin (start+ntohl(caller.max_ticket_lifetime),
515 start+ntohl(server.max_ticket_lifetime)));
517 code = tkt_MakeTicket (newTicket, &newTicketLen, &server.key,
518 caller.userID.name, caller.userID.instance, cell,
519 start, reqEnd, &sessionKey,
520 htonl(pkt->from.sin_addr.s_addr),
521 server.userID.name, server.userID.instance);
524 cipherLen = sizeof(cipher);
526 (cipher, &cipherLen, &sessionKey, sname, sinst,
527 start, reqEnd, ntohl(server.key_version),
528 newTicket, newTicketLen, &authSessionKey);
531 code = create_reply (&ans, name, inst, start, reqEnd, 0,
535 code = sendto (ksoc, ans.data, ans.len, 0,
536 (struct sockaddr *) &pkt->from, sizeof(pkt->from));
537 if (code != ans.len) {
538 perror ("calling sendto");
543 if (cipherLen != 0) {
544 KALOG(name, inst, sname, sinst, NULL, host, LOG_GETTICKET);
546 osi_audit ( UDPGetTicketEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_STR, cell, AUD_STR, sname, AUD_STR, sinst, AUD_END);
552 osi_audit ( UDPGetTicketEvent, code, AUD_STR, name, AUD_STR, inst, AUD_STR, NULL, AUD_STR, NULL, AUD_STR, NULL, AUD_END);
556 static int err_packet (ksoc, pkt, code, reason)
562 char *answer = ans.data;
566 if (reason == 0) reason = "";
567 snprintf (buf, 255, "code = %d: %s", code, reason);
570 printf ("Sending error packet to '%s'.'%s'@'%s' containing %s\n",
571 pkt->name, pkt->inst, pkt->realm, buf);
574 ans.len = 2 + strlen(pkt->name) + strlen(pkt->inst) + strlen(pkt->realm) +
575 3/* nulls */ + (2 * sizeof(afs_int32)) + strlen (buf) + 1;
576 if (ans.len > sizeof(ans.data)) {
577 printf ("Answer packet too long\n");
581 *answer++ = (unsigned char) KRB_PROT_VERSION;
582 *answer++ = (unsigned char) AUTH_MSG_ERR_REPLY;
583 /* always send claiming network byte order */
588 if ((code < 0) || (code > KERB_ERR_MAXIMUM)) {
589 /* It could be because of kauth errors so we should return something instead of success!! */
595 code = sendto(ksoc, ans.data, ans.len, 0,
596 (struct sockaddr *) &pkt->from, sizeof(pkt->from));
597 if (code != ans.len) {
599 printf ("call to sendto returned %d, sending error packet %d bytes long\n",
601 else perror ("err_packet: sendto");
607 process_udp_auth (ksoc, pkt)
610 { char *packet = pkt->rest;
611 char name[MAXKTCNAMELEN];
612 char inst[MAXKTCNAMELEN];
613 char realm[MAXKTCREALMLEN];
614 char sname[MAXKTCNAMELEN];
615 char sinst[MAXKTCNAMELEN];
618 Date startTime, endTime;
619 unsigned char lifetime;
629 printf ("Processing KDC Request from '%s'.'%s'@'%s'\n",
633 if ((strlen(realm) > 0) && (strcmp (realm, lrealm) != 0)) {
634 err_packet (ksoc, pkt, KERB_ERR_NONNULL_REALM,
635 "null realm name not allowed");
638 memcpy(&startTime, packet, sizeof(startTime));
639 packet += sizeof(startTime);
640 startTime = ktohl (pkt->byteOrder, startTime);
641 pkt->time = startTime;
642 lifetime = *packet++;
643 endTime = life_to_time (startTime, lifetime);
644 code = tkt_CheckTimes (startTime, endTime, now);
646 err_packet (ksoc, pkt, KERB_ERR_BAD_LIFETIME,
647 "requested ticket lifetime invalid");
652 if ((packet - pkt->data) != pkt->len) {
653 err_packet (ksoc, pkt, KERB_ERR_PKT_LENGTH, "packet length inconsistent");
657 code = UDP_Authenticate (ksoc, &pkt->from, name, inst,
658 startTime, endTime, sname, sinst);
660 if (code == KANOENT) {
661 code = KERB_ERR_PRINCIPAL_UNKNOWN;
662 err_packet (ksoc, pkt, code, (char *)error_message (code));
663 } else if (code == KAPWEXPIRED) {
664 code = KERB_ERR_NAME_EXP;
665 err_packet (ksoc, pkt, code, "password has expired");
667 err_packet (ksoc, pkt, code, (char *)error_message (code));
673 process_udp_appl (ksoc, pkt)
676 { char *packet = pkt->rest;
678 char realm[MAXKTCREALMLEN];
679 char ticket[MAXKTCTICKETLEN];
680 char auth[3*MAXKTCNAMELEN+4+5];
682 int ticketLen, authLen;
686 printf ("Processing APPL Request\n");
690 ticketLen = *(unsigned char *)packet++;
691 authLen = *(unsigned char *)packet++;
692 if (ticketLen > sizeof(ticket)) {
693 err_packet (ksoc, pkt, KERB_ERR_TEXT_LENGTH, "ticket too long");
696 memcpy(ticket, packet, ticketLen);
698 if (authLen > sizeof(auth)) {
699 err_packet (ksoc, pkt, KERB_ERR_TEXT_LENGTH, "authenticator too long");
702 memcpy(auth, packet, authLen);
703 pkt->rest = packet + authLen;
704 code = UDP_GetTicket (ksoc, pkt, kvno, realm, ticket, ticketLen, auth, authLen);
706 if (code == KANOENT) code = KERB_ERR_PRINCIPAL_UNKNOWN;
707 err_packet (ksoc, pkt, code, (char*)error_message (code));
714 process_udp_request (ksoc, pkt)
717 { char *packet = pkt->data;
718 unsigned char version, auth_msg_type;
721 if (version != KRB_PROT_VERSION) {
722 err_packet (ksoc, pkt, KERB_ERR_PKT_VER, "packet version number unknown");
725 auth_msg_type = *packet++;
726 pkt->byteOrder = auth_msg_type & 1;
728 switch (auth_msg_type & ~1) {
729 case AUTH_MSG_KDC_REQUEST:
730 process_udp_auth (ksoc, pkt);
732 case AUTH_MSG_APPL_REQUEST:
733 process_udp_appl (ksoc, pkt);
736 printf ("unknown msg type 0x%x\n", auth_msg_type);
737 err_packet (ksoc, pkt, KERB_ERR_BAD_MSG_TYPE, "message type not supported");
743 static SocketListener ()
746 struct packet packet;
750 printf ("Starting to listen for UDP packets\n");
753 if (sock_kerb >= 0) FD_SET(sock_kerb, &rfds);
754 if (sock_kerb5 >= 0) FD_SET(sock_kerb5, &rfds);
758 /* write and exception fd_set's are null */
759 code = IOMGR_Select(32, &rfds, NULL, NULL, &tv);
760 if (code == 0) { /* timeout */
761 /* printf ("Timeout\n"); */
765 perror ("calling IOMGR_Select");
769 fromLen = sizeof(packet.from);
770 if ((sock_kerb >= 0) && FD_ISSET(sock_kerb, &rfds)) {
771 code = recvfrom(sock_kerb, packet.data, sizeof(packet.data), 0,
772 (struct sockaddr *) &packet.from, &fromLen);
774 perror ("calling recvfrom");
779 printf ("Kerb:udp: Got %d bytes from addr %s which are '",
780 code, afs_inet_ntoa(packet.from.sin_addr.s_addr));
781 ka_PrintBytes (packet.data, packet.len);
784 packet.name = packet.inst = packet.realm = "";
786 process_udp_request (sock_kerb, &packet);
788 if ((sock_kerb5 >= 0) && FD_ISSET(sock_kerb5, &rfds)) {
789 code = recvfrom(sock_kerb5, packet.data, sizeof(packet.data), 0,
790 (struct sockaddr *) &packet.from, &fromLen);
792 perror ("calling recvfrom");
797 printf ("Kerb5:udp: Got %d bytes from addr %s which are '",
798 code, afs_inet_ntoa(packet.from.sin_addr.s_addr));
799 ka_PrintBytes (packet.data, packet.len);
802 packet.name = packet.inst = packet.realm = "";
804 process_udp_request (sock_kerb5, &packet);
811 #include "AFS_component_version_number.c"
815 afs_int32 init_krb_udp ()
817 { struct sockaddr_in taddr;
818 static PROCESS slPid; /* socket listener pid */
819 static PROCESS checkPid; /* fiveminute check */
821 char* krb4name; /* kerberos version4 service */
827 static int inited = 0;
830 if (inited) return -1;
833 memset(&taddr, 0, sizeof(taddr));
834 krb4name = "kerberos4";
835 sp = getservbyname(krb4name, "udp");
836 taddr.sin_family = AF_INET; /* added for NCR port */
839 /* if kerberos-4 is not available, try "kerberos-iv" */
840 krb4name = "kerberos-iv";
841 sp = getservbyname(krb4name, "udp");
845 /* if kerberos-iv is not available, try "kerberos" */
846 krb4name = "kerberos";
847 sp = getservbyname(krb4name, "udp");
851 "kerberos/udp is unknown; check /etc/services. Using port=%d as default\n",
853 taddr.sin_port = htons(KRB_PORT);
855 /* copy the port number */
856 fprintf (stderr, "%s/udp port=%hu\n", krb4name, (unsigned short)sp->s_port);
857 taddr.sin_port = sp->s_port;
859 kerb_port = taddr.sin_port;
860 sock_kerb = socket(AF_INET, SOCK_DGRAM, 0);
861 code = bind(sock_kerb, (struct sockaddr *) &taddr, sizeof(taddr));
863 perror ("calling bind");
867 sp = getservbyname("kerberos5", "udp");
870 "kerberos5/udp is unknown; check /etc/services. Using port=%d as default\n",
872 taddr.sin_port = htons(KRB5_PORT);
874 /* copy the port number */
875 fprintf (stderr, "kerberos5/udp port=%hu\n", (unsigned short)sp->s_port);
876 taddr.sin_port = sp->s_port;
878 if (taddr.sin_port != kerb_port) { /* a different port */
879 sock_kerb5 = socket(AF_INET, SOCK_DGRAM, 0);
880 code = bind(sock_kerb5, (struct sockaddr *) &taddr, sizeof(taddr));
882 perror ("calling bind");
887 /* Bail out if we can't bind with any port */
888 if ((sock_kerb < 0) && (sock_kerb5 < 0))
892 /* this has already been done */
893 LWP_InitializeProcessSupport(LWP_NORMAL_PRIORITY, &junk);
896 LWP_CreateProcess(SocketListener, /*stacksize*/16000, LWP_NORMAL_PRIORITY,
897 0, "Socket Listener", &slPid);
899 /* just to close the log every five minutes */
901 LWP_CreateProcess(FiveMinuteCheckLWP, 24*1024,
902 LWP_MAX_PRIORITY - 2, &fiveminutes,
903 "FiveMinuteChecks", &checkPid);
906 initialize_ka_error_table();
907 initialize_rxk_error_table();
908 while (1) /* don't just stand there, run it */
917 char *lastOperation; /* name of last operation */
918 char *lrealm = "REALMNAME";
919 struct kadstats dynamic_statistics;
921 static int InitAuthServ (tt, lock, this_op)
922 struct ubik_trans **tt;
923 int lock; /* read or write transaction */
924 int *this_op; /* op of RCP routine, for COUNT_ABO */
928 printf ("Calling InitAuthServ\n");
932 static int ubik_EndTrans (tt)
933 struct ubik_trans *tt;
935 printf ("Calling ubik_EndTrans\n");
939 static int ubik_AbortTrans (tt)
940 struct ubik_trans *tt;
942 printf ("Calling ubik_AbortTrans\n");
946 static int FindBlock (at, aname, ainstance, tentry)
947 struct ubik_trans *at;
950 struct kaentry *tentry;
952 printf ("Calling FindBlock with '%s'.'%s'\n", aname, ainstance);
953 strcpy (tentry->userID.name, aname);
954 strcpy (tentry->userID.instance, ainstance);
955 tentry->key_version = htonl(17);
956 des_string_to_key ("toa", &tentry->key);
957 tentry->flags = htonl(KAFNORMAL);
958 tentry->user_expiration = htonl(NEVERDATE);
959 tentry->max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME);
963 static int ka_LookupKey (tt, name, inst, kvno, key)
964 struct ubik_trans *tt;
967 afs_int32 *kvno; /* returned */
968 struct ktc_encryptionKey *key; /* copied out */
970 printf ("Calling ka_LookupKey with '%s'.'%s'\n", name, inst);
972 des_string_to_key ("applexx", key);
975 static afs_int32 kvno_tgs_key (authDomain, kvno, tgskey)
978 struct ktc_encryptionKey *tgskey;
980 if (strcmp (authDomain, lrealm) != 0)
981 printf ("Called with wrong %s as authDomain\n", authDomain);
983 printf ("kvno_tgs_key: being called with wrong kvno: %d\n", kvno);
984 des_string_to_key ("applexx", tgskey);
991 name_instance_legal ()
git://git.openafs.org / openafs.git / blob