2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 /* This file contains the code to handle UDP requests to the authentication
11 server using the MIT Kerberos protocol for obtaining tickets. It will only
12 handle authentication and get ticket requests to provide read-only protocol
13 level compatibility with the standard Kerberos servers. */
15 #include <afsconfig.h>
16 #include <afs/param.h>
20 #include <sys/types.h>
24 #include <afs/errmap_nt.h>
25 #define snprintf _snprintf
27 #include <sys/socket.h>
29 #include <netinet/in.h>
32 #include <afs/afsutil.h>
34 #include <afs/com_err.h>
37 #include <des_prototypes.h>
46 #include "kauth_internal.h"
48 #include "prot.h" /* protocol definitions */
50 #include "afs/audit.h"
52 #include "kadatabase.h"
54 /* my kerberos error codes */
55 #define KERB_ERR_BAD_MSG_TYPE 99
56 #define KERB_ERR_BAD_LIFETIME 98
57 #define KERB_ERR_NONNULL_REALM 97
58 #define KERB_ERR_PKT_LENGTH 96
59 #define KERB_ERR_TEXT_LENGTH 95
61 #define KDC_GEN_ERR 20
65 #define closesocket close
68 int krb_udp_debug = 0;
70 static int sock_kerb = -1; /* the socket we're using */
71 static int sock_kerb5 = -1; /* the socket we're using */
75 struct sockaddr_in from;
81 char *rest; /* remaining bytes of packet */
82 char data[MAX_PKT_LEN];
85 extern char *lastOperation;
88 char udpAuthPrincipal[256];
89 char udptgsPrincipal[256];
90 char udptgsServerPrincipal[256];
92 #define putstr(name) if ((slen = strlen(name)) >= MAXKTCNAMELEN) return -1;\
93 else strcpy (answer, name), answer += slen+1
94 #define putint(num) num = htonl(num), \
95 memcpy(answer, &num, sizeof(afs_int32)), \
96 answer += sizeof(afs_int32)
98 #define getstr(name) if ((slen = strlen(packet)) >= sizeof(name)) return -1;\
99 strcpy (name, packet), packet += slen+1
100 #define getint(num) memcpy(&num, packet, sizeof(afs_int32)), \
101 num = ktohl (byteOrder, num), \
102 packet += sizeof(afs_int32)
104 /* this is just to close the log every five minutes to rm works */
106 int fiveminutes = 300;
109 FiveMinuteCheckLWP(void *unused)
112 printf("start 5 min check lwp\n");
115 IOMGR_Sleep(fiveminutes);
116 /* close the log so it can be removed */
117 ReOpenLog(AFSDIR_SERVER_KALOG_FILEPATH); /* no trunc, just append */
124 create_cipher(char *cipher, int *cipherLen,
125 struct ktc_encryptionKey *sessionKey, char *sname,
126 char *sinst, Date start, Date end, afs_int32 kvno,
127 char *ticket, int ticketLen, struct ktc_encryptionKey *key)
131 unsigned char life = time_to_life(start, end);
133 des_key_schedule schedule;
138 sizeof(*sessionKey) + strlen(sname) + strlen(sinst) + strlen(lrealm) +
139 3 /*nulls */ + 3 + ticketLen + sizeof(Date);
140 if (len > *cipherLen)
141 return KAANSWERTOOLONG;
143 return KAANSWERTOOLONG;
145 return KAANSWERTOOLONG;
147 memcpy(answer, sessionKey, sizeof(*sessionKey));
148 answer += sizeof(*sessionKey);
153 *answer++ = (unsigned char)kvno;
154 *answer++ = (unsigned char)ticketLen;
155 memcpy(answer, ticket, ticketLen);
160 printf("Printing ticket (%d) and date: ", ticketLen);
161 ka_PrintBytes(ticket, ticketLen);
162 ka_PrintBytes(answer - 4, 4);
166 if ((code = des_key_sched(ktc_to_cblock(key), schedule)))
167 printf("In KAAuthenticate: key_sched returned %d\n", code);
168 des_pcbc_encrypt(cipher, cipher, len, schedule, ktc_to_cblockptr(key), ENCRYPT);
169 *cipherLen = round_up_to_ebs(len);
172 printf("Printing cipher (%d): ", *cipherLen);
173 ka_PrintBytes(cipher, *cipherLen);
180 create_reply(struct packet *ans, char *name, char *inst, Date startTime,
181 Date endTime, afs_int32 kvno, char *cipher, int cipherLen)
183 char *answer = ans->data;
186 ans->len = 2 + strlen(name) + strlen(inst) + 3 /*nulls */ +
187 sizeof(afs_int32) + 1 /*ntkts */ + sizeof(afs_int32) + 1 /*kvno */ +
188 sizeof(short) + cipherLen;
189 if (ans->len > sizeof(ans->data))
190 return KAANSWERTOOLONG;
192 return KAANSWERTOOLONG;
194 *answer++ = (unsigned char)KRB_PROT_VERSION;
195 *answer++ = (unsigned char)AUTH_MSG_KDC_REPLY;
196 /* always send claiming network byte order */
201 *answer++ = 1; /* undocumented number of tickets! */
203 *answer++ = (unsigned char)kvno;
205 short w = (short)cipherLen;
207 memcpy(answer, &w, sizeof(short));
208 answer += sizeof(short);
210 memcpy(answer, cipher, cipherLen);
215 check_auth(struct packet *pkt, char *auth, int authLen,
216 struct ktc_encryptionKey *key, char *name, char *inst,
220 des_key_schedule schedule;
223 int byteOrder = pkt->byteOrder;
225 des_key_sched(ktc_to_cblock(key), schedule);
226 des_pcbc_encrypt(auth, auth, authLen, schedule, ktc_to_cblockptr(key), DECRYPT);
228 if (strcmp(packet, name) != 0)
230 packet += strlen(packet) + 1;
231 if (strcmp(packet, inst) != 0)
233 packet += strlen(packet) + 1;
234 if (strcmp(packet, cell) != 0)
236 packet += strlen(packet) + 1;
238 /* Comments in the original IBM source suggest this byte was/is "time_msec" */
241 if ((packet - auth) > authLen)
247 UDP_Authenticate(int ksoc, struct sockaddr_in *client, char *name,
248 char *inst, Date startTime, Date endTime, char *sname,
251 struct ubik_trans *tt;
252 afs_int32 to; /* offset of block */
253 struct kaentry tentry;
254 afs_int32 tgskvno; /* key version of service key */
255 struct ktc_encryptionKey tgskey; /* service key for encrypting ticket */
260 char ticket[MAXKTCTICKETLEN]; /* our copy of the ticket */
262 struct ktc_encryptionKey sessionKey; /* we have to invent a session key */
264 char cipher[2 * MAXKTCTICKETLEN]; /* put encrypted part of answer here */
268 COUNT_REQ(UAuthenticate);
269 if (!name_instance_legal(name, inst))
270 return KERB_ERR_NAME_EXP; /* KABADNAME */
271 if ((code = InitAuthServ(&tt, LOCKREAD, this_op)))
274 code = FindBlock(tt, name, inst, &to, &tentry);
277 if (to) { /* if user exists check other stuff */
279 struct kaentry sentry;
280 save_principal(udpAuthPrincipal, name, inst, 0);
282 tgt = ((strcmp(sname, KA_TGS_NAME) == 0)
283 && (strcmp(sinst, lrealm) == 0));
284 if ((ntohl(tentry.user_expiration) < now)
285 || (tgt && (ntohl(tentry.flags) & KAFNOTGS))) {
286 code = KERB_ERR_NAME_EXP; /* KABADUSER */
289 code = FindBlock(tt, KA_TGS_NAME, lrealm, &sto, &sentry);
296 if ((ntohl(sentry.user_expiration) < now)) {
297 code = KERB_ERR_NAME_EXP; /* XXX Could use another error code XXX */
300 if (abs(startTime - now) > KTC_TIME_UNCERTAINTY) {
301 code = KERB_ERR_SERVICE_EXP; /* was KABADREQUEST */
305 if (tentry.misc_auth_bytes) {
306 unsigned char misc_auth_bytes[4];
307 afs_uint32 temp; /* unsigned for safety */
308 afs_uint32 pwexpires;
310 memcpy(&temp, tentry.misc_auth_bytes, sizeof(afs_uint32));
312 unpack_long(temp, misc_auth_bytes);
313 pwexpires = misc_auth_bytes[0];
316 ntohl(tentry.change_password_time) +
317 24 * 60 * 60 * pwexpires;
318 if (pwexpires < now) {
319 code = KERB_ERR_AUTH_EXP; /* was KAPWEXPIRED */
325 /* make the ticket */
326 code = des_random_key(ktc_to_cblock(&sessionKey));
328 code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
332 umin(endTime, startTime + ntohl(tentry.max_ticket_lifetime));
333 if ((code = ka_LookupKey(tt, sname, sinst, &tgskvno, &tgskey))
335 tkt_MakeTicket(ticket, &ticketLen, &tgskey, name, inst,
336 lrealm, startTime, endTime, &sessionKey,
337 htonl(client->sin_addr.s_addr), sname, sinst)))
340 cipherLen = sizeof(cipher);
342 create_cipher(cipher, &cipherLen, &sessionKey, sname, sinst,
343 startTime, endTime, tgskvno, ticket, ticketLen,
347 } else { /* no such user */
349 tentry.key_version = 0;
351 code = ubik_EndTrans(tt);
356 create_reply(&ans, name, inst, startTime, endTime,
357 ntohl(tentry.key_version), cipher, cipherLen);
362 printf("Sending %d bytes ending in: ", ans.len);
363 ka_PrintBytes(ans.data + ans.len - 8, 8);
368 sendto(ksoc, ans.data, ans.len, 0, (struct sockaddr *)client,
370 if (code != ans.len) {
371 perror("calling sendto");
375 KALOG(name, inst, sname, sinst, NULL, client->sin_addr.s_addr,
378 if (cipherLen != 0) {
379 KALOG(name, inst, sname, sinst, NULL, client->sin_addr.s_addr,
382 osi_audit(UDPAuthenticateEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_END);
390 osi_audit(UDPAuthenticateEvent, code, AUD_STR, name, AUD_STR, inst,
396 UDP_GetTicket(int ksoc, struct packet *pkt, afs_int32 kvno,
397 char *authDomain, char *ticket, int ticketLen, char *auth,
401 struct ktc_encryptionKey tgskey;
402 char name[MAXKTCNAMELEN];
403 char inst[MAXKTCNAMELEN];
404 char cell[MAXKTCREALMLEN];
405 struct ktc_encryptionKey authSessionKey;
415 int byteOrder = pkt->byteOrder;
416 char sname[MAXKTCNAMELEN];
417 char sinst[MAXKTCNAMELEN];
421 struct ubik_trans *tt;
423 struct kaentry caller;
424 struct kaentry server;
426 struct ktc_encryptionKey sessionKey;
428 char newTicket[MAXKTCTICKETLEN];
430 char cipher[2 * MAXKTCTICKETLEN]; /* put encrypted part of answer here */
434 COUNT_REQ(UGetTicket);
436 if ((code = InitAuthServ(&tt, LOCKREAD, this_op)))
439 ka_LookupKvno(tt, KA_TGS_NAME,
440 ((strlen(authDomain) > 0) ? authDomain : lrealm), kvno,
446 tkt_DecodeTicket(ticket, ticketLen, &tgskey, name, inst, cell,
447 &authSessionKey, &host, &start, &authEnd);
452 code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */
455 save_principal(udptgsPrincipal, name, inst, cell);
456 code = tkt_CheckTimes(start, authEnd, now);
459 code = KERB_ERR_SERVICE_EXP; /* was RXKADEXPIRED */
462 code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */
465 celllen = strlen(cell);
467 if ((strlen(authDomain) > 0) && (strcmp(authDomain, lrealm) != 0))
469 if (import && (celllen == 0)) {
470 code = KERB_ERR_PKT_VER; /* was KABADTICKET */
474 strncpy(cell, lrealm, MAXKTCREALMLEN - 1);
475 cell[MAXKTCREALMLEN - 1] = 0;
478 if (!krb4_cross && strcmp(lrealm, cell) != 0) {
479 code = KERB_ERR_PRINCIPAL_UNKNOWN;
484 printf("UGetTicket: got ticket from '%s'.'%s'@'%s'\n", name, inst,
488 code = check_auth(pkt, auth, authLen, &authSessionKey, name, inst, cell);
492 /* authenticator and all is OK so read actual request */
495 life = *(unsigned char *)packet++;
499 reqEnd = life_to_time(start, life);
501 printf("UGetTicket: request for server '%s'.'%s'\n", sname, sinst);
503 save_principal(udptgsServerPrincipal, sname, sinst, 0);
506 strcpy(caller.userID.name, name);
507 strcpy(caller.userID.instance, inst);
508 caller.max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME);
510 code = FindBlock(tt, name, inst, &to, &caller);
514 ka_PrintUserID("GetTicket: User ", name, inst, " unknown.\n");
515 code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */
518 if (ntohl(caller.flags) & KAFNOTGS) {
519 code = KERB_ERR_AUTH_EXP; /* was KABADUSER */
524 code = FindBlock(tt, sname, sinst, &to, &server); /* get server's entry */
527 if (to == 0) { /* entry not found */
528 ka_PrintUserID("GetTicket: Server ", sname, sinst, " unknown.\n");
529 code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */
532 code = ubik_EndTrans(tt);
536 if (ntohl(server.flags) & KAFNOSEAL)
539 code = des_random_key(ktc_to_cblock(&sessionKey));
541 code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
546 umin(umin(reqEnd, authEnd),
547 umin(start + ntohl(caller.max_ticket_lifetime),
548 start + ntohl(server.max_ticket_lifetime)));
551 tkt_MakeTicket(newTicket, &newTicketLen, &server.key,
552 caller.userID.name, caller.userID.instance, cell,
553 start, reqEnd, &sessionKey,
554 htonl(pkt->from.sin_addr.s_addr), server.userID.name,
555 server.userID.instance);
559 cipherLen = sizeof(cipher);
561 create_cipher(cipher, &cipherLen, &sessionKey, sname, sinst, start,
562 reqEnd, ntohl(server.key_version), newTicket,
563 newTicketLen, &authSessionKey);
568 create_reply(&ans, name, inst, start, reqEnd, 0, cipher, cipherLen);
573 sendto(ksoc, ans.data, ans.len, 0, (struct sockaddr *)&pkt->from,
575 if (code != ans.len) {
576 perror("calling sendto");
581 if (cipherLen != 0) {
582 KALOG(name, inst, sname, sinst, NULL, host, LOG_GETTICKET);
584 osi_audit(UDPGetTicketEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_STR,
585 cell, AUD_STR, sname, AUD_STR, sinst, AUD_END);
591 osi_audit(UDPGetTicketEvent, code, AUD_STR, name, AUD_STR, inst, AUD_STR,
592 NULL, AUD_STR, NULL, AUD_STR, NULL, AUD_END);
597 err_packet(int ksoc, struct packet *pkt, afs_int32 code, char *reason)
600 char *answer = ans.data;
606 snprintf(buf, 255, "code = %d: %s", code, reason);
609 printf("Sending error packet to '%s'.'%s'@'%s' containing %s\n",
610 pkt->name, pkt->inst, pkt->realm, buf);
614 2 + strlen(pkt->name) + strlen(pkt->inst) + strlen(pkt->realm) +
615 3 /* nulls */ + (2 * sizeof(afs_int32)) + strlen(buf) + 1;
616 if (ans.len > sizeof(ans.data)) {
617 printf("Answer packet too long\n");
621 *answer++ = (unsigned char)KRB_PROT_VERSION;
622 *answer++ = (unsigned char)AUTH_MSG_ERR_REPLY;
623 /* always send claiming network byte order */
628 if ((code < 0) || (code > KERB_ERR_MAXIMUM)) {
629 /* It could be because of kauth errors so we should return something instead of success!! */
636 sendto(ksoc, ans.data, ans.len, 0, (struct sockaddr *)&pkt->from,
638 if (code != ans.len) {
641 ("call to sendto returned %d, sending error packet %d bytes long\n",
644 perror("err_packet: sendto");
650 process_udp_auth(int ksoc, struct packet *pkt)
652 char *packet = pkt->rest;
653 char name[MAXKTCNAMELEN];
654 char inst[MAXKTCNAMELEN];
655 char realm[MAXKTCREALMLEN];
656 char sname[MAXKTCNAMELEN];
657 char sinst[MAXKTCNAMELEN];
660 Date startTime, endTime;
661 unsigned char lifetime;
671 printf("Processing KDC Request from '%s'.'%s'@'%s'\n", name, inst,
675 if ((strlen(realm) > 0) && (strcmp(realm, lrealm) != 0)) {
676 err_packet(ksoc, pkt, KERB_ERR_NONNULL_REALM,
677 "null realm name not allowed");
680 memcpy(&startTime, packet, sizeof(startTime));
681 packet += sizeof(startTime);
682 startTime = ktohl(pkt->byteOrder, startTime);
683 pkt->time = startTime;
684 lifetime = *packet++;
685 endTime = life_to_time(startTime, lifetime);
686 code = tkt_CheckTimes(startTime, endTime, now);
688 err_packet(ksoc, pkt, KERB_ERR_BAD_LIFETIME,
689 "requested ticket lifetime invalid");
694 if ((packet - pkt->data) != pkt->len) {
695 err_packet(ksoc, pkt, KERB_ERR_PKT_LENGTH,
696 "packet length inconsistent");
701 UDP_Authenticate(ksoc, &pkt->from, name, inst, startTime, endTime,
704 if (code == KANOENT) {
705 code = KERB_ERR_PRINCIPAL_UNKNOWN;
706 err_packet(ksoc, pkt, code, (char *)afs_error_message(code));
707 } else if (code == KAPWEXPIRED) {
708 code = KERB_ERR_NAME_EXP;
709 err_packet(ksoc, pkt, code, "password has expired");
711 err_packet(ksoc, pkt, code, (char *)afs_error_message(code));
717 process_udp_appl(int ksoc, struct packet *pkt)
719 char *packet = pkt->rest;
721 char realm[MAXKTCREALMLEN];
722 char ticket[MAXKTCTICKETLEN];
723 char auth[3 * MAXKTCNAMELEN + 4 + 5];
725 int ticketLen, authLen;
729 printf("Processing APPL Request\n");
733 ticketLen = *(unsigned char *)packet++;
734 authLen = *(unsigned char *)packet++;
735 if (ticketLen > sizeof(ticket)) {
736 err_packet(ksoc, pkt, KERB_ERR_TEXT_LENGTH, "ticket too long");
739 memcpy(ticket, packet, ticketLen);
741 if (authLen > sizeof(auth)) {
742 err_packet(ksoc, pkt, KERB_ERR_TEXT_LENGTH, "authenticator too long");
745 memcpy(auth, packet, authLen);
746 pkt->rest = packet + authLen;
748 UDP_GetTicket(ksoc, pkt, kvno, realm, ticket, ticketLen, auth,
752 code = KERB_ERR_PRINCIPAL_UNKNOWN;
753 err_packet(ksoc, pkt, code, (char *)afs_error_message(code));
760 process_udp_request(int ksoc, struct packet *pkt)
762 char *packet = pkt->data;
763 unsigned char version, auth_msg_type;
766 if (version != KRB_PROT_VERSION) {
767 err_packet(ksoc, pkt, KERB_ERR_PKT_VER,
768 "packet version number unknown");
771 auth_msg_type = *packet++;
772 pkt->byteOrder = auth_msg_type & 1;
774 switch (auth_msg_type & ~1) {
775 case AUTH_MSG_KDC_REQUEST:
776 process_udp_auth(ksoc, pkt);
778 case AUTH_MSG_APPL_REQUEST:
779 process_udp_appl(ksoc, pkt);
782 printf("unknown msg type 0x%x\n", auth_msg_type);
783 err_packet(ksoc, pkt, KERB_ERR_BAD_MSG_TYPE,
784 "message type not supported");
791 SocketListener(void *unused)
795 struct packet packet;
800 printf("Starting to listen for UDP packets\n");
804 FD_SET(sock_kerb, &rfds);
806 FD_SET(sock_kerb5, &rfds);
810 /* write and exception fd_set's are null */
811 code = IOMGR_Select(32, &rfds, NULL, NULL, &tv);
812 if (code == 0) { /* timeout */
813 /* printf ("Timeout\n"); */
815 } else if (code < 0) {
816 perror("calling IOMGR_Select");
820 fromLen = sizeof(packet.from);
821 if ((sock_kerb >= 0) && FD_ISSET(sock_kerb, &rfds)) {
823 recvfrom(sock_kerb, packet.data, sizeof(packet.data), 0,
824 (struct sockaddr *)&packet.from, &fromLen);
826 if (errno == EAGAIN || errno == ECONNREFUSED)
828 perror("calling recvfrom");
833 printf("Kerb:udp: Got %d bytes from addr %s which are '",
834 code, afs_inet_ntoa_r(packet.from.sin_addr.s_addr, hoststr));
835 ka_PrintBytes(packet.data, packet.len);
838 packet.name = packet.inst = packet.realm = "";
840 process_udp_request(sock_kerb, &packet);
843 if ((sock_kerb5 >= 0) && FD_ISSET(sock_kerb5, &rfds)) {
845 recvfrom(sock_kerb5, packet.data, sizeof(packet.data), 0,
846 (struct sockaddr *)&packet.from, &fromLen);
848 if (errno == EAGAIN || errno == ECONNREFUSED)
850 perror("calling recvfrom");
855 printf("Kerb5:udp: Got %d bytes from addr %s which are '",
856 code, afs_inet_ntoa_r(packet.from.sin_addr.s_addr, hoststr));
857 ka_PrintBytes(packet.data, packet.len);
860 packet.name = packet.inst = packet.realm = "";
862 process_udp_request(sock_kerb5, &packet);
865 if (sock_kerb >= 0) {
866 closesocket(sock_kerb);
869 if (sock_kerb5 >= 0) {
870 closesocket(sock_kerb5);
873 printf("UDP SocketListener exiting due to error\n");
880 #include "AFS_component_version_number.c"
889 struct sockaddr_in taddr;
890 static PROCESS slPid; /* socket listener pid */
891 static PROCESS checkPid; /* fiveminute check */
893 char *krb4name; /* kerberos version4 service */
899 static int inited = 0;
906 memset(&taddr, 0, sizeof(taddr));
907 krb4name = "kerberos4";
908 sp = getservbyname(krb4name, "udp");
909 taddr.sin_family = AF_INET; /* added for NCR port */
910 #ifdef STRUCT_SOCKADDR_HAS_SA_LEN
911 taddr.sin_len = sizeof(struct sockaddr_in);
914 /* if kerberos-4 is not available, try "kerberos-iv" */
915 krb4name = "kerberos-iv";
916 sp = getservbyname(krb4name, "udp");
919 /* if kerberos-iv is not available, try "kerberos" */
920 krb4name = "kerberos";
921 sp = getservbyname(krb4name, "udp");
925 "kerberos/udp is unknown; check /etc/services. Using port=%d as default\n",
927 taddr.sin_port = htons(KRB_PORT);
929 /* copy the port number */
930 fprintf(stderr, "%s/udp port=%hu\n", krb4name,
931 (unsigned short)sp->s_port);
932 taddr.sin_port = sp->s_port;
934 kerb_port = taddr.sin_port;
935 sock_kerb = socket(AF_INET, SOCK_DGRAM, 0);
936 code = bind(sock_kerb, (struct sockaddr *)&taddr, sizeof(taddr));
938 perror("calling bind");
942 sp = getservbyname("kerberos5", "udp");
945 "kerberos5/udp is unknown; check /etc/services. Using port=%d as default\n",
947 taddr.sin_port = htons(KRB5_PORT);
949 /* copy the port number */
950 fprintf(stderr, "kerberos5/udp port=%hu\n",
951 (unsigned short)sp->s_port);
952 taddr.sin_port = sp->s_port;
954 if (taddr.sin_port != kerb_port) { /* a different port */
955 sock_kerb5 = socket(AF_INET, SOCK_DGRAM, 0);
956 code = bind(sock_kerb5, (struct sockaddr *)&taddr, sizeof(taddr));
958 perror("calling bind");
963 /* Bail out if we can't bind with any port */
964 if ((sock_kerb < 0) && (sock_kerb5 < 0))
968 /* this has already been done */
969 LWP_InitializeProcessSupport(LWP_NORMAL_PRIORITY, &junk);
972 LWP_CreateProcess(SocketListener, /*stacksize */ 16000,
973 LWP_NORMAL_PRIORITY, (void *)0, "Socket Listener",
976 /* just to close the log every five minutes */
978 LWP_CreateProcess(FiveMinuteCheckLWP, 24 * 1024, LWP_MAX_PRIORITY - 2,
979 (void *)&fiveminutes, "FiveMinuteChecks", &checkPid);
982 initialize_ka_error_table();
983 initialize_rxk_error_table();
984 while (1) /* don't just stand there, run it */
993 char *lastOperation; /* name of last operation */
994 char *lrealm = "REALMNAME";
995 struct kadstats dynamic_statistics;
998 InitAuthServ(tt, lock, this_op)
999 struct ubik_trans **tt;
1000 int lock; /* read or write transaction */
1001 int *this_op; /* op of RCP routine, for COUNT_ABO */
1006 printf("Calling InitAuthServ\n");
1012 struct ubik_trans *tt;
1014 printf("Calling ubik_EndTrans\n");
1020 struct ubik_trans *tt;
1022 printf("Calling ubik_AbortTrans\n");
1027 FindBlock(at, aname, ainstance, tentry)
1028 struct ubik_trans *at;
1031 struct kaentry *tentry;
1033 printf("Calling FindBlock with '%s'.'%s'\n", aname, ainstance);
1034 strcpy(tentry->userID.name, aname);
1035 strcpy(tentry->userID.instance, ainstance);
1036 tentry->key_version = htonl(17);
1037 des_string_to_key("toa", &tentry->key);
1038 tentry->flags = htonl(KAFNORMAL);
1039 tentry->user_expiration = htonl(NEVERDATE);
1040 tentry->max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME);
1045 ka_LookupKey(tt, name, inst, kvno, key)
1046 struct ubik_trans *tt;
1049 afs_int32 *kvno; /* returned */
1050 struct ktc_encryptionKey *key; /* copied out */
1052 printf("Calling ka_LookupKey with '%s'.'%s'\n", name, inst);
1054 des_string_to_key("applexx", key);
1058 kvno_tgs_key(authDomain, kvno, tgskey)
1061 struct ktc_encryptionKey *tgskey;
1063 if (strcmp(authDomain, lrealm) != 0)
1064 printf("Called with wrong %s as authDomain\n", authDomain);
1066 printf("kvno_tgs_key: being called with wrong kvno: %d\n", kvno);
1067 des_string_to_key("applexx", tgskey);
1075 name_instance_legal()