2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 /* This file contains the code to handle UDP requests to the authentication
11 server using the MIT Kerberos protocol for obtaining tickets. It will only
12 handle authentication and get ticket requests to provide read-only protocol
13 level compatibility with the standard Kerberos servers. */
15 #include <afsconfig.h>
16 #include <afs/param.h>
20 #include <sys/types.h>
24 #include <afs/errmap_nt.h>
25 #define snprintf _snprintf
27 #include <sys/socket.h>
29 #include <netinet/in.h>
32 #include <afs/afsutil.h>
34 #include <afs/com_err.h>
37 #include <des_prototypes.h>
46 #include "kauth_internal.h"
48 #include "prot.h" /* protocol definitions */
50 #include "afs/audit.h"
52 #include "kadatabase.h"
54 /* my kerberos error codes */
55 #define KERB_ERR_BAD_MSG_TYPE 99
56 #define KERB_ERR_BAD_LIFETIME 98
57 #define KERB_ERR_NONNULL_REALM 97
58 #define KERB_ERR_PKT_LENGTH 96
59 #define KERB_ERR_TEXT_LENGTH 95
61 #define KDC_GEN_ERR 20
65 #define closesocket close
68 int krb_udp_debug = 0;
70 static int sock_kerb = -1; /* the socket we're using */
71 static int sock_kerb5 = -1; /* the socket we're using */
75 struct sockaddr_in from;
81 char *rest; /* remaining bytes of packet */
82 char data[MAX_PKT_LEN];
85 extern char *lastOperation;
88 char udpAuthPrincipal[256];
89 char udptgsPrincipal[256];
90 char udptgsServerPrincipal[256];
92 #define putstr(name) if ((slen = strlen(name)) >= MAXKTCNAMELEN) return -1;\
93 else strcpy (answer, name), answer += slen+1
94 #define putint(num) num = htonl(num), \
95 memcpy(answer, &num, sizeof(afs_int32)), \
96 answer += sizeof(afs_int32)
98 #define getstr(name) if ((slen = strlen(packet)) >= sizeof(name)) return -1;\
99 strcpy (name, packet), packet += slen+1
100 #define getint(num) memcpy(&num, packet, sizeof(afs_int32)), \
101 num = ktohl (byteOrder, num), \
102 packet += sizeof(afs_int32)
104 /* this is just to close the log every five minutes to rm works */
106 int fiveminutes = 300;
109 FiveMinuteCheckLWP(void *unused)
112 printf("start 5 min check lwp\n");
115 IOMGR_Sleep(fiveminutes);
116 /* close the log so it can be removed */
117 ReOpenLog(AFSDIR_SERVER_KALOG_FILEPATH); /* no trunc, just append */
124 create_cipher(char *cipher, int *cipherLen,
125 struct ktc_encryptionKey *sessionKey, char *sname,
126 char *sinst, Date start, Date end, afs_int32 kvno,
127 char *ticket, int ticketLen, struct ktc_encryptionKey *key)
131 unsigned char life = time_to_life(start, end);
133 des_key_schedule schedule;
138 sizeof(*sessionKey) + strlen(sname) + strlen(sinst) + strlen(lrealm) +
139 3 /*nulls */ + 3 + ticketLen + sizeof(Date);
140 if (len > *cipherLen)
141 return KAANSWERTOOLONG;
143 return KAANSWERTOOLONG;
145 return KAANSWERTOOLONG;
147 memcpy(answer, sessionKey, sizeof(*sessionKey));
148 answer += sizeof(*sessionKey);
153 *answer++ = (unsigned char)kvno;
154 *answer++ = (unsigned char)ticketLen;
155 memcpy(answer, ticket, ticketLen);
160 printf("Printing ticket (%d) and date: ", ticketLen);
161 ka_PrintBytes(ticket, ticketLen);
162 ka_PrintBytes(answer - 4, 4);
166 if ((code = des_key_sched(ktc_to_cblock(key), schedule)))
167 printf("In KAAuthenticate: key_sched returned %d\n", code);
168 des_pcbc_encrypt(cipher, cipher, len, schedule, ktc_to_cblockptr(key), ENCRYPT);
169 *cipherLen = round_up_to_ebs(len);
172 printf("Printing cipher (%d): ", *cipherLen);
173 ka_PrintBytes(cipher, *cipherLen);
180 create_reply(struct packet *ans, char *name, char *inst, Date startTime,
181 Date endTime, afs_int32 kvno, char *cipher, int cipherLen)
183 char *answer = ans->data;
186 ans->len = 2 + strlen(name) + strlen(inst) + 3 /*nulls */ +
187 sizeof(afs_int32) + 1 /*ntkts */ + sizeof(afs_int32) + 1 /*kvno */ +
188 sizeof(short) + cipherLen;
189 if (ans->len > sizeof(ans->data))
190 return KAANSWERTOOLONG;
192 return KAANSWERTOOLONG;
194 *answer++ = (unsigned char)KRB_PROT_VERSION;
195 *answer++ = (unsigned char)AUTH_MSG_KDC_REPLY;
196 /* always send claiming network byte order */
201 *answer++ = 1; /* undocumented number of tickets! */
203 *answer++ = (unsigned char)kvno;
205 short w = (short)cipherLen;
207 memcpy(answer, &w, sizeof(short));
208 answer += sizeof(short);
210 memcpy(answer, cipher, cipherLen);
215 check_auth(struct packet *pkt, char *auth, int authLen,
216 struct ktc_encryptionKey *key, char *name, char *inst,
220 des_key_schedule schedule;
222 /* unsigned char time_msec; */
224 int byteOrder = pkt->byteOrder;
226 des_key_sched(ktc_to_cblock(key), schedule);
227 des_pcbc_encrypt(auth, auth, authLen, schedule, ktc_to_cblockptr(key), DECRYPT);
229 if (strcmp(packet, name) != 0)
231 packet += strlen(packet) + 1;
232 if (strcmp(packet, inst) != 0)
234 packet += strlen(packet) + 1;
235 if (strcmp(packet, cell) != 0)
237 packet += strlen(packet) + 1;
239 /* time_msec = */ *(unsigned char *)packet++;
241 if ((packet - auth) > authLen)
247 UDP_Authenticate(int ksoc, struct sockaddr_in *client, char *name,
248 char *inst, Date startTime, Date endTime, char *sname,
251 struct ubik_trans *tt;
252 afs_int32 to; /* offset of block */
253 struct kaentry tentry;
254 afs_int32 tgskvno; /* key version of service key */
255 struct ktc_encryptionKey tgskey; /* service key for encrypting ticket */
260 char ticket[MAXKTCTICKETLEN]; /* our copy of the ticket */
262 struct ktc_encryptionKey sessionKey; /* we have to invent a session key */
264 char cipher[2 * MAXKTCTICKETLEN]; /* put encrypted part of answer here */
268 COUNT_REQ(UAuthenticate);
269 if (!name_instance_legal(name, inst))
270 return KERB_ERR_NAME_EXP; /* KABADNAME */
271 if ((code = InitAuthServ(&tt, LOCKREAD, this_op)))
274 code = FindBlock(tt, name, inst, &to, &tentry);
277 if (to) { /* if user exists check other stuff */
279 struct kaentry sentry;
280 save_principal(udpAuthPrincipal, name, inst, 0);
282 tgt = ((strcmp(sname, KA_TGS_NAME) == 0)
283 && (strcmp(sinst, lrealm) == 0));
284 if ((ntohl(tentry.user_expiration) < now)
285 || (tgt && (ntohl(tentry.flags) & KAFNOTGS))) {
286 code = KERB_ERR_NAME_EXP; /* KABADUSER */
289 code = FindBlock(tt, KA_TGS_NAME, lrealm, &sto, &sentry);
296 if ((ntohl(sentry.user_expiration) < now)) {
297 code = KERB_ERR_NAME_EXP; /* XXX Could use another error code XXX */
300 if (abs(startTime - now) > KTC_TIME_UNCERTAINTY) {
301 code = KERB_ERR_SERVICE_EXP; /* was KABADREQUEST */
305 if (tentry.misc_auth_bytes) {
306 unsigned char misc_auth_bytes[4];
307 afs_uint32 temp; /* unsigned for safety */
308 afs_uint32 pwexpires;
310 temp = ntohl(*((afs_int32 *) (tentry.misc_auth_bytes)));
311 unpack_long(temp, misc_auth_bytes);
312 pwexpires = misc_auth_bytes[0];
315 ntohl(tentry.change_password_time) +
316 24 * 60 * 60 * pwexpires;
317 if (pwexpires < now) {
318 code = KERB_ERR_AUTH_EXP; /* was KAPWEXPIRED */
324 /* make the ticket */
325 code = des_random_key(ktc_to_cblock(&sessionKey));
327 code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
331 umin(endTime, startTime + ntohl(tentry.max_ticket_lifetime));
332 if ((code = ka_LookupKey(tt, sname, sinst, &tgskvno, &tgskey))
334 tkt_MakeTicket(ticket, &ticketLen, &tgskey, name, inst,
335 lrealm, startTime, endTime, &sessionKey,
336 htonl(client->sin_addr.s_addr), sname, sinst)))
339 cipherLen = sizeof(cipher);
341 create_cipher(cipher, &cipherLen, &sessionKey, sname, sinst,
342 startTime, endTime, tgskvno, ticket, ticketLen,
346 } else { /* no such user */
348 tentry.key_version = 0;
350 code = ubik_EndTrans(tt);
355 create_reply(&ans, name, inst, startTime, endTime,
356 ntohl(tentry.key_version), cipher, cipherLen);
361 printf("Sending %d bytes ending in: ", ans.len);
362 ka_PrintBytes(ans.data + ans.len - 8, 8);
367 sendto(ksoc, ans.data, ans.len, 0, (struct sockaddr *)client,
369 if (code != ans.len) {
370 perror("calling sendto");
374 KALOG(name, inst, sname, sinst, NULL, client->sin_addr.s_addr,
377 if (cipherLen != 0) {
378 KALOG(name, inst, sname, sinst, NULL, client->sin_addr.s_addr,
381 osi_audit(UDPAuthenticateEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_END);
389 osi_audit(UDPAuthenticateEvent, code, AUD_STR, name, AUD_STR, inst,
395 UDP_GetTicket(int ksoc, struct packet *pkt, afs_int32 kvno,
396 char *authDomain, char *ticket, int ticketLen, char *auth,
400 struct ktc_encryptionKey tgskey;
401 char name[MAXKTCNAMELEN];
402 char inst[MAXKTCNAMELEN];
403 char cell[MAXKTCREALMLEN];
404 struct ktc_encryptionKey authSessionKey;
414 int byteOrder = pkt->byteOrder;
415 char sname[MAXKTCNAMELEN];
416 char sinst[MAXKTCNAMELEN];
420 struct ubik_trans *tt;
422 struct kaentry caller;
423 struct kaentry server;
425 struct ktc_encryptionKey sessionKey;
427 char newTicket[MAXKTCTICKETLEN];
429 char cipher[2 * MAXKTCTICKETLEN]; /* put encrypted part of answer here */
433 COUNT_REQ(UGetTicket);
435 if ((code = InitAuthServ(&tt, LOCKREAD, this_op)))
438 ka_LookupKvno(tt, KA_TGS_NAME,
439 ((strlen(authDomain) > 0) ? authDomain : lrealm), kvno,
445 tkt_DecodeTicket(ticket, ticketLen, &tgskey, name, inst, cell,
446 &authSessionKey, &host, &start, &authEnd);
451 code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */
454 save_principal(udptgsPrincipal, name, inst, cell);
455 code = tkt_CheckTimes(start, authEnd, now);
458 code = KERB_ERR_SERVICE_EXP; /* was RXKADEXPIRED */
461 code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */
464 celllen = strlen(cell);
466 if ((strlen(authDomain) > 0) && (strcmp(authDomain, lrealm) != 0))
468 if (import && (celllen == 0)) {
469 code = KERB_ERR_PKT_VER; /* was KABADTICKET */
473 strncpy(cell, lrealm, MAXKTCREALMLEN - 1);
474 cell[MAXKTCREALMLEN - 1] = 0;
477 if (!krb4_cross && strcmp(lrealm, cell) != 0) {
478 code = KERB_ERR_PRINCIPAL_UNKNOWN;
483 printf("UGetTicket: got ticket from '%s'.'%s'@'%s'\n", name, inst,
487 code = check_auth(pkt, auth, authLen, &authSessionKey, name, inst, cell);
491 /* authenticator and all is OK so read actual request */
494 life = *(unsigned char *)packet++;
498 reqEnd = life_to_time(start, life);
500 printf("UGetTicket: request for server '%s'.'%s'\n", sname, sinst);
502 save_principal(udptgsServerPrincipal, sname, sinst, 0);
505 strcpy(caller.userID.name, name);
506 strcpy(caller.userID.instance, inst);
507 caller.max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME);
509 code = FindBlock(tt, name, inst, &to, &caller);
513 ka_PrintUserID("GetTicket: User ", name, inst, " unknown.\n");
514 code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */
517 if (ntohl(caller.flags) & KAFNOTGS) {
518 code = KERB_ERR_AUTH_EXP; /* was KABADUSER */
523 code = FindBlock(tt, sname, sinst, &to, &server); /* get server's entry */
526 if (to == 0) { /* entry not found */
527 ka_PrintUserID("GetTicket: Server ", sname, sinst, " unknown.\n");
528 code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */
531 code = ubik_EndTrans(tt);
535 if (ntohl(server.flags) & KAFNOSEAL)
538 code = des_random_key(ktc_to_cblock(&sessionKey));
540 code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
545 umin(umin(reqEnd, authEnd),
546 umin(start + ntohl(caller.max_ticket_lifetime),
547 start + ntohl(server.max_ticket_lifetime)));
550 tkt_MakeTicket(newTicket, &newTicketLen, &server.key,
551 caller.userID.name, caller.userID.instance, cell,
552 start, reqEnd, &sessionKey,
553 htonl(pkt->from.sin_addr.s_addr), server.userID.name,
554 server.userID.instance);
558 cipherLen = sizeof(cipher);
560 create_cipher(cipher, &cipherLen, &sessionKey, sname, sinst, start,
561 reqEnd, ntohl(server.key_version), newTicket,
562 newTicketLen, &authSessionKey);
567 create_reply(&ans, name, inst, start, reqEnd, 0, cipher, cipherLen);
572 sendto(ksoc, ans.data, ans.len, 0, (struct sockaddr *)&pkt->from,
574 if (code != ans.len) {
575 perror("calling sendto");
580 if (cipherLen != 0) {
581 KALOG(name, inst, sname, sinst, NULL, host, LOG_GETTICKET);
583 osi_audit(UDPGetTicketEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_STR,
584 cell, AUD_STR, sname, AUD_STR, sinst, AUD_END);
590 osi_audit(UDPGetTicketEvent, code, AUD_STR, name, AUD_STR, inst, AUD_STR,
591 NULL, AUD_STR, NULL, AUD_STR, NULL, AUD_END);
596 err_packet(int ksoc, struct packet *pkt, afs_int32 code, char *reason)
599 char *answer = ans.data;
605 snprintf(buf, 255, "code = %d: %s", code, reason);
608 printf("Sending error packet to '%s'.'%s'@'%s' containing %s\n",
609 pkt->name, pkt->inst, pkt->realm, buf);
613 2 + strlen(pkt->name) + strlen(pkt->inst) + strlen(pkt->realm) +
614 3 /* nulls */ + (2 * sizeof(afs_int32)) + strlen(buf) + 1;
615 if (ans.len > sizeof(ans.data)) {
616 printf("Answer packet too long\n");
620 *answer++ = (unsigned char)KRB_PROT_VERSION;
621 *answer++ = (unsigned char)AUTH_MSG_ERR_REPLY;
622 /* always send claiming network byte order */
627 if ((code < 0) || (code > KERB_ERR_MAXIMUM)) {
628 /* It could be because of kauth errors so we should return something instead of success!! */
635 sendto(ksoc, ans.data, ans.len, 0, (struct sockaddr *)&pkt->from,
637 if (code != ans.len) {
640 ("call to sendto returned %d, sending error packet %d bytes long\n",
643 perror("err_packet: sendto");
649 process_udp_auth(int ksoc, struct packet *pkt)
651 char *packet = pkt->rest;
652 char name[MAXKTCNAMELEN];
653 char inst[MAXKTCNAMELEN];
654 char realm[MAXKTCREALMLEN];
655 char sname[MAXKTCNAMELEN];
656 char sinst[MAXKTCNAMELEN];
659 Date startTime, endTime;
660 unsigned char lifetime;
670 printf("Processing KDC Request from '%s'.'%s'@'%s'\n", name, inst,
674 if ((strlen(realm) > 0) && (strcmp(realm, lrealm) != 0)) {
675 err_packet(ksoc, pkt, KERB_ERR_NONNULL_REALM,
676 "null realm name not allowed");
679 memcpy(&startTime, packet, sizeof(startTime));
680 packet += sizeof(startTime);
681 startTime = ktohl(pkt->byteOrder, startTime);
682 pkt->time = startTime;
683 lifetime = *packet++;
684 endTime = life_to_time(startTime, lifetime);
685 code = tkt_CheckTimes(startTime, endTime, now);
687 err_packet(ksoc, pkt, KERB_ERR_BAD_LIFETIME,
688 "requested ticket lifetime invalid");
693 if ((packet - pkt->data) != pkt->len) {
694 err_packet(ksoc, pkt, KERB_ERR_PKT_LENGTH,
695 "packet length inconsistent");
700 UDP_Authenticate(ksoc, &pkt->from, name, inst, startTime, endTime,
703 if (code == KANOENT) {
704 code = KERB_ERR_PRINCIPAL_UNKNOWN;
705 err_packet(ksoc, pkt, code, (char *)afs_error_message(code));
706 } else if (code == KAPWEXPIRED) {
707 code = KERB_ERR_NAME_EXP;
708 err_packet(ksoc, pkt, code, "password has expired");
710 err_packet(ksoc, pkt, code, (char *)afs_error_message(code));
716 process_udp_appl(int ksoc, struct packet *pkt)
718 char *packet = pkt->rest;
720 char realm[MAXKTCREALMLEN];
721 char ticket[MAXKTCTICKETLEN];
722 char auth[3 * MAXKTCNAMELEN + 4 + 5];
724 int ticketLen, authLen;
728 printf("Processing APPL Request\n");
732 ticketLen = *(unsigned char *)packet++;
733 authLen = *(unsigned char *)packet++;
734 if (ticketLen > sizeof(ticket)) {
735 err_packet(ksoc, pkt, KERB_ERR_TEXT_LENGTH, "ticket too long");
738 memcpy(ticket, packet, ticketLen);
740 if (authLen > sizeof(auth)) {
741 err_packet(ksoc, pkt, KERB_ERR_TEXT_LENGTH, "authenticator too long");
744 memcpy(auth, packet, authLen);
745 pkt->rest = packet + authLen;
747 UDP_GetTicket(ksoc, pkt, kvno, realm, ticket, ticketLen, auth,
751 code = KERB_ERR_PRINCIPAL_UNKNOWN;
752 err_packet(ksoc, pkt, code, (char *)afs_error_message(code));
759 process_udp_request(int ksoc, struct packet *pkt)
761 char *packet = pkt->data;
762 unsigned char version, auth_msg_type;
765 if (version != KRB_PROT_VERSION) {
766 err_packet(ksoc, pkt, KERB_ERR_PKT_VER,
767 "packet version number unknown");
770 auth_msg_type = *packet++;
771 pkt->byteOrder = auth_msg_type & 1;
773 switch (auth_msg_type & ~1) {
774 case AUTH_MSG_KDC_REQUEST:
775 process_udp_auth(ksoc, pkt);
777 case AUTH_MSG_APPL_REQUEST:
778 process_udp_appl(ksoc, pkt);
781 printf("unknown msg type 0x%x\n", auth_msg_type);
782 err_packet(ksoc, pkt, KERB_ERR_BAD_MSG_TYPE,
783 "message type not supported");
790 SocketListener(void *unused)
794 struct packet packet;
798 printf("Starting to listen for UDP packets\n");
802 FD_SET(sock_kerb, &rfds);
804 FD_SET(sock_kerb5, &rfds);
808 /* write and exception fd_set's are null */
809 code = IOMGR_Select(32, &rfds, NULL, NULL, &tv);
810 if (code == 0) { /* timeout */
811 /* printf ("Timeout\n"); */
813 } else if (code < 0) {
814 perror("calling IOMGR_Select");
818 fromLen = sizeof(packet.from);
819 if ((sock_kerb >= 0) && FD_ISSET(sock_kerb, &rfds)) {
821 recvfrom(sock_kerb, packet.data, sizeof(packet.data), 0,
822 (struct sockaddr *)&packet.from, &fromLen);
824 if (errno == EAGAIN || errno == ECONNREFUSED)
826 perror("calling recvfrom");
831 printf("Kerb:udp: Got %d bytes from addr %s which are '",
832 code, afs_inet_ntoa(packet.from.sin_addr.s_addr));
833 ka_PrintBytes(packet.data, packet.len);
836 packet.name = packet.inst = packet.realm = "";
838 process_udp_request(sock_kerb, &packet);
841 if ((sock_kerb5 >= 0) && FD_ISSET(sock_kerb5, &rfds)) {
843 recvfrom(sock_kerb5, packet.data, sizeof(packet.data), 0,
844 (struct sockaddr *)&packet.from, &fromLen);
846 if (errno == EAGAIN || errno == ECONNREFUSED)
848 perror("calling recvfrom");
853 printf("Kerb5:udp: Got %d bytes from addr %s which are '",
854 code, afs_inet_ntoa(packet.from.sin_addr.s_addr));
855 ka_PrintBytes(packet.data, packet.len);
858 packet.name = packet.inst = packet.realm = "";
860 process_udp_request(sock_kerb5, &packet);
863 if (sock_kerb >= 0) {
864 closesocket(sock_kerb);
867 if (sock_kerb5 >= 0) {
868 closesocket(sock_kerb5);
871 printf("UDP SocketListener exiting due to error\n");
878 #include "AFS_component_version_number.c"
887 struct sockaddr_in taddr;
888 static PROCESS slPid; /* socket listener pid */
889 static PROCESS checkPid; /* fiveminute check */
891 char *krb4name; /* kerberos version4 service */
897 static int inited = 0;
904 memset(&taddr, 0, sizeof(taddr));
905 krb4name = "kerberos4";
906 sp = getservbyname(krb4name, "udp");
907 taddr.sin_family = AF_INET; /* added for NCR port */
908 #ifdef STRUCT_SOCKADDR_HAS_SA_LEN
909 taddr.sin_len = sizeof(struct sockaddr_in);
912 /* if kerberos-4 is not available, try "kerberos-iv" */
913 krb4name = "kerberos-iv";
914 sp = getservbyname(krb4name, "udp");
917 /* if kerberos-iv is not available, try "kerberos" */
918 krb4name = "kerberos";
919 sp = getservbyname(krb4name, "udp");
923 "kerberos/udp is unknown; check /etc/services. Using port=%d as default\n",
925 taddr.sin_port = htons(KRB_PORT);
927 /* copy the port number */
928 fprintf(stderr, "%s/udp port=%hu\n", krb4name,
929 (unsigned short)sp->s_port);
930 taddr.sin_port = sp->s_port;
932 kerb_port = taddr.sin_port;
933 sock_kerb = socket(AF_INET, SOCK_DGRAM, 0);
934 code = bind(sock_kerb, (struct sockaddr *)&taddr, sizeof(taddr));
936 perror("calling bind");
940 sp = getservbyname("kerberos5", "udp");
943 "kerberos5/udp is unknown; check /etc/services. Using port=%d as default\n",
945 taddr.sin_port = htons(KRB5_PORT);
947 /* copy the port number */
948 fprintf(stderr, "kerberos5/udp port=%hu\n",
949 (unsigned short)sp->s_port);
950 taddr.sin_port = sp->s_port;
952 if (taddr.sin_port != kerb_port) { /* a different port */
953 sock_kerb5 = socket(AF_INET, SOCK_DGRAM, 0);
954 code = bind(sock_kerb5, (struct sockaddr *)&taddr, sizeof(taddr));
956 perror("calling bind");
961 /* Bail out if we can't bind with any port */
962 if ((sock_kerb < 0) && (sock_kerb5 < 0))
966 /* this has already been done */
967 LWP_InitializeProcessSupport(LWP_NORMAL_PRIORITY, &junk);
970 LWP_CreateProcess(SocketListener, /*stacksize */ 16000,
971 LWP_NORMAL_PRIORITY, (void *)0, "Socket Listener",
974 /* just to close the log every five minutes */
976 LWP_CreateProcess(FiveMinuteCheckLWP, 24 * 1024, LWP_MAX_PRIORITY - 2,
977 (void *)&fiveminutes, "FiveMinuteChecks", &checkPid);
980 initialize_ka_error_table();
981 initialize_rxk_error_table();
982 while (1) /* don't just stand there, run it */
991 char *lastOperation; /* name of last operation */
992 char *lrealm = "REALMNAME";
993 struct kadstats dynamic_statistics;
996 InitAuthServ(tt, lock, this_op)
997 struct ubik_trans **tt;
998 int lock; /* read or write transaction */
999 int *this_op; /* op of RCP routine, for COUNT_ABO */
1004 printf("Calling InitAuthServ\n");
1010 struct ubik_trans *tt;
1012 printf("Calling ubik_EndTrans\n");
1018 struct ubik_trans *tt;
1020 printf("Calling ubik_AbortTrans\n");
1025 FindBlock(at, aname, ainstance, tentry)
1026 struct ubik_trans *at;
1029 struct kaentry *tentry;
1031 printf("Calling FindBlock with '%s'.'%s'\n", aname, ainstance);
1032 strcpy(tentry->userID.name, aname);
1033 strcpy(tentry->userID.instance, ainstance);
1034 tentry->key_version = htonl(17);
1035 des_string_to_key("toa", &tentry->key);
1036 tentry->flags = htonl(KAFNORMAL);
1037 tentry->user_expiration = htonl(NEVERDATE);
1038 tentry->max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME);
1043 ka_LookupKey(tt, name, inst, kvno, key)
1044 struct ubik_trans *tt;
1047 afs_int32 *kvno; /* returned */
1048 struct ktc_encryptionKey *key; /* copied out */
1050 printf("Calling ka_LookupKey with '%s'.'%s'\n", name, inst);
1052 des_string_to_key("applexx", key);
1056 kvno_tgs_key(authDomain, kvno, tgskey)
1059 struct ktc_encryptionKey *tgskey;
1061 if (strcmp(authDomain, lrealm) != 0)
1062 printf("Called with wrong %s as authDomain\n", authDomain);
1064 printf("kvno_tgs_key: being called with wrong kvno: %d\n", kvno);
1065 des_string_to_key("applexx", tgskey);
1073 name_instance_legal()
git://git.openafs.org / openafs.git / blob