2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 /* This file contains the code to handle UDP requests to the authentication
11 server using the MIT Kerberos protocol for obtaining tickets. It will only
12 handle authentication and get ticket requests to provide read-only protocol
13 level compatibility with the standard Kerberos servers. */
15 #include <afsconfig.h>
16 #include <afs/param.h>
22 #include <sys/types.h>
26 #include <afs/errmap_nt.h>
27 #define snprintf _snprintf
29 #include <sys/socket.h>
31 #include <netinet/in.h>
40 #include <afs/afsutil.h>
42 #include <afs/com_err.h>
54 #include "prot.h" /* protocol definitions */
56 #include "afs/audit.h"
59 /* my kerberos error codes */
60 #define KERB_ERR_BAD_MSG_TYPE 99
61 #define KERB_ERR_BAD_LIFETIME 98
62 #define KERB_ERR_NONNULL_REALM 97
63 #define KERB_ERR_PKT_LENGTH 96
64 #define KERB_ERR_TEXT_LENGTH 95
66 #define KDC_GEN_ERR 20
70 int krb_udp_debug = 0;
72 static int sock_kerb = -1; /* the socket we're using */
73 static int sock_kerb5 = -1; /* the socket we're using */
77 struct sockaddr_in from;
83 char *rest; /* remaining bytes of packet */
84 char data[MAX_PKT_LEN];
87 extern char *lastOperation;
90 char udpAuthPrincipal[256];
91 char udptgsPrincipal[256];
92 char udptgsServerPrincipal[256];
94 #define putstr(name) if ((slen = strlen(name)) >= MAXKTCNAMELEN) return -1;\
95 else strcpy (answer, name), answer += slen+1
96 #define putint(num) num = htonl(num), \
97 memcpy(answer, &num, sizeof(afs_int32)), \
98 answer += sizeof(afs_int32)
100 #define getstr(name) if ((slen = strlen(packet)) >= sizeof(name)) return -1;\
101 strcpy (name, packet), packet += slen+1
102 #define getint(num) memcpy(&num, packet, sizeof(afs_int32)), \
103 num = ktohl (byteOrder, num), \
104 packet += sizeof(afs_int32)
106 /* this is just to close the log every five minutes to rm works */
108 int fiveminutes = 300;
114 printf("start 5 min check lwp\n");
117 IOMGR_Sleep(fiveminutes);
118 /* close the log so it can be removed */
119 ReOpenLog(AFSDIR_SERVER_KALOG_FILEPATH); /* no trunc, just append */
125 create_cipher(cipher, cipherLen, sessionKey, sname, sinst, start, end, kvno,
126 ticket, ticketLen, key)
129 struct ktc_encryptionKey *sessionKey;
136 struct ktc_encryptionKey *key;
140 unsigned char life = time_to_life(start, end);
142 des_key_schedule schedule;
147 sizeof(*sessionKey) + strlen(sname) + strlen(sinst) + strlen(lrealm) +
148 3 /*nulls */ + 3 + ticketLen + sizeof(Date);
149 if (len > *cipherLen)
150 return KAANSWERTOOLONG;
152 return KAANSWERTOOLONG;
154 return KAANSWERTOOLONG;
156 memcpy(answer, sessionKey, sizeof(*sessionKey));
157 answer += sizeof(*sessionKey);
162 *answer++ = (unsigned char)kvno;
163 *answer++ = (unsigned char)ticketLen;
164 memcpy(answer, ticket, ticketLen);
169 printf("Printing ticket (%d) and date: ", ticketLen);
170 ka_PrintBytes(ticket, ticketLen);
171 ka_PrintBytes(answer - 4, 4);
175 if (code = des_key_sched(key, schedule))
176 printf("In KAAuthenticate: key_sched returned %d\n", code);
177 des_pcbc_encrypt(cipher, cipher, len, schedule, key, ENCRYPT);
178 *cipherLen = round_up_to_ebs(len);
181 printf("Printing cipher (%d): ", *cipherLen);
182 ka_PrintBytes(cipher, *cipherLen);
189 create_reply(ans, name, inst, startTime, endTime, kvno, cipher, cipherLen)
193 Date startTime, endTime;
198 char *answer = ans->data;
201 ans->len = 2 + strlen(name) + strlen(inst) + 3 /*nulls */ +
202 sizeof(afs_int32) + 1 /*ntkts */ + sizeof(afs_int32) + 1 /*kvno */ +
203 sizeof(short) + cipherLen;
204 if (ans->len > sizeof(ans->data))
205 return KAANSWERTOOLONG;
207 return KAANSWERTOOLONG;
209 *answer++ = (unsigned char)KRB_PROT_VERSION;
210 *answer++ = (unsigned char)AUTH_MSG_KDC_REPLY;
211 /* always send claiming network byte order */
216 *answer++ = 1; /* undocumented number of tickets! */
218 *answer++ = (unsigned char)kvno;
220 short w = (short)cipherLen;
222 memcpy(answer, &w, sizeof(short));
223 answer += sizeof(short);
225 memcpy(answer, cipher, cipherLen);
230 check_auth(pkt, auth, authLen, key, name, inst, cell)
234 struct ktc_encryptionKey *key;
240 des_key_schedule schedule;
242 /* unsigned char time_msec; */
244 int byteOrder = pkt->byteOrder;
246 des_key_sched(key, schedule);
247 des_pcbc_encrypt(auth, auth, authLen, schedule, key, DECRYPT);
249 if (strcmp(packet, name) != 0)
251 packet += strlen(packet) + 1;
252 if (strcmp(packet, inst) != 0)
254 packet += strlen(packet) + 1;
255 if (strcmp(packet, cell) != 0)
257 packet += strlen(packet) + 1;
259 /* time_msec = */ *(unsigned char *)packet++;
261 if ((packet - auth) > authLen)
267 UDP_Authenticate(ksoc, client, name, inst, startTime, endTime, sname, sinst)
269 struct sockaddr_in *client;
277 struct ubik_trans *tt;
278 afs_int32 to; /* offset of block */
279 struct kaentry tentry;
280 afs_int32 tgskvno; /* key version of service key */
281 struct ktc_encryptionKey tgskey; /* service key for encrypting ticket */
286 char ticket[MAXKTCTICKETLEN]; /* our copy of the ticket */
288 struct ktc_encryptionKey sessionKey; /* we have to invent a session key */
290 char cipher[2 * MAXKTCTICKETLEN]; /* put encrypted part of answer here */
294 COUNT_REQ(UAuthenticate);
295 if (!name_instance_legal(name, inst))
296 return KERB_ERR_NAME_EXP; /* KABADNAME */
297 if (code = InitAuthServ(&tt, LOCKREAD, this_op))
300 code = FindBlock(tt, name, inst, &to, &tentry);
303 if (to) { /* if user exists check other stuff */
305 struct kaentry sentry;
306 save_principal(udpAuthPrincipal, name, inst, 0);
308 tgt = ((strcmp(sname, KA_TGS_NAME) == 0)
309 && (strcmp(sinst, lrealm) == 0));
310 if ((ntohl(tentry.user_expiration) < now)
311 || (tgt && (ntohl(tentry.flags) & KAFNOTGS))) {
312 code = KERB_ERR_NAME_EXP; /* KABADUSER */
315 code = FindBlock(tt, KA_TGS_NAME, lrealm, &sto, &sentry);
322 if ((ntohl(sentry.user_expiration) < now)) {
323 code = KERB_ERR_NAME_EXP; /* XXX Could use another error code XXX */
326 if (abs(startTime - now) > KTC_TIME_UNCERTAINTY) {
327 code = KERB_ERR_SERVICE_EXP; /* was KABADREQUEST */
331 if (tentry.misc_auth_bytes) {
332 unsigned char misc_auth_bytes[4];
333 afs_uint32 temp; /* unsigned for safety */
334 afs_uint32 pwexpires;
336 temp = ntohl(*((afs_int32 *) (tentry.misc_auth_bytes)));
337 unpack_long(temp, misc_auth_bytes);
338 pwexpires = misc_auth_bytes[0];
341 ntohl(tentry.change_password_time) +
342 24 * 60 * 60 * pwexpires;
343 if (pwexpires < now) {
344 code = KERB_ERR_AUTH_EXP; /* was KAPWEXPIRED */
350 /* make the ticket */
351 code = des_random_key(&sessionKey);
353 code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
357 umin(endTime, startTime + ntohl(tentry.max_ticket_lifetime));
358 if ((code = ka_LookupKey(tt, sname, sinst, &tgskvno, &tgskey))
360 tkt_MakeTicket(ticket, &ticketLen, &tgskey, name, inst,
361 lrealm, startTime, endTime, &sessionKey,
362 htonl(client->sin_addr.s_addr), sname, sinst)))
365 cipherLen = sizeof(cipher);
367 create_cipher(cipher, &cipherLen, &sessionKey, sname, sinst,
368 startTime, endTime, tgskvno, ticket, ticketLen,
372 } else { /* no such user */
374 tentry.key_version = 0;
376 code = ubik_EndTrans(tt);
381 create_reply(&ans, name, inst, startTime, endTime,
382 ntohl(tentry.key_version), cipher, cipherLen);
387 printf("Sending %d bytes ending in: ", ans.len);
388 ka_PrintBytes(ans.data + ans.len - 8, 8);
393 sendto(ksoc, ans.data, ans.len, 0, (struct sockaddr *)client,
395 if (code != ans.len) {
396 perror("calling sendto");
400 KALOG(name, inst, sname, sinst, NULL, client->sin_addr.s_addr,
403 if (cipherLen != 0) {
404 KALOG(name, inst, sname, sinst, NULL, client->sin_addr.s_addr,
407 osi_audit(UDPAuthenticateEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_END);
415 osi_audit(UDPAuthenticateEvent, code, AUD_STR, name, AUD_STR, inst,
421 UDP_GetTicket(ksoc, pkt, kvno, authDomain, ticket, ticketLen, auth, authLen)
432 struct ktc_encryptionKey tgskey;
433 char name[MAXKTCNAMELEN];
434 char inst[MAXKTCNAMELEN];
435 char cell[MAXKTCREALMLEN];
436 struct ktc_encryptionKey authSessionKey;
446 int byteOrder = pkt->byteOrder;
447 char sname[MAXKTCNAMELEN];
448 char sinst[MAXKTCNAMELEN];
452 struct ubik_trans *tt;
454 struct kaentry caller;
455 struct kaentry server;
457 struct ktc_encryptionKey sessionKey;
459 char newTicket[MAXKTCTICKETLEN];
461 char cipher[2 * MAXKTCTICKETLEN]; /* put encrypted part of answer here */
465 COUNT_REQ(UGetTicket);
467 if (code = InitAuthServ(&tt, LOCKREAD, this_op))
470 ka_LookupKvno(tt, KA_TGS_NAME,
471 ((strlen(authDomain) > 0) ? authDomain : lrealm), kvno,
477 tkt_DecodeTicket(ticket, ticketLen, &tgskey, name, inst, cell,
478 &authSessionKey, &host, &start, &authEnd);
483 code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */
486 save_principal(udptgsPrincipal, name, inst, cell);
487 code = tkt_CheckTimes(start, authEnd, now);
490 code = KERB_ERR_SERVICE_EXP; /* was RXKADEXPIRED */
493 code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */
496 celllen = strlen(cell);
498 if ((strlen(authDomain) > 0) && (strcmp(authDomain, lrealm) != 0))
500 if (import && (celllen == 0)) {
501 code = KERB_ERR_PKT_VER; /* was KABADTICKET */
505 strncpy(cell, lrealm, MAXKTCREALMLEN - 1);
506 cell[MAXKTCREALMLEN - 1] = 0;
509 if (!krb4_cross && strcmp(lrealm, cell) != 0) {
510 code = KERB_ERR_PRINCIPAL_UNKNOWN;
515 printf("UGetTicket: got ticket from '%s'.'%s'@'%s'\n", name, inst,
519 code = check_auth(pkt, auth, authLen, &authSessionKey, name, inst, cell);
523 /* authenticator and all is OK so read actual request */
526 life = *(unsigned char *)packet++;
530 reqEnd = life_to_time(start, life);
532 printf("UGetTicket: request for server '%s'.'%s'\n", sname, sinst);
534 save_principal(udptgsServerPrincipal, sname, sinst, 0);
537 strcpy(caller.userID.name, name);
538 strcpy(caller.userID.instance, inst);
539 caller.max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME);
541 code = FindBlock(tt, name, inst, &to, &caller);
545 ka_PrintUserID("GetTicket: User ", name, inst, " unknown.\n");
546 code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */
549 if (ntohl(caller.flags) & KAFNOTGS) {
550 code = KERB_ERR_AUTH_EXP; /* was KABADUSER */
555 code = FindBlock(tt, sname, sinst, &to, &server); /* get server's entry */
558 if (to == 0) { /* entry not found */
559 ka_PrintUserID("GetTicket: Server ", sname, sinst, " unknown.\n");
560 code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */
563 code = ubik_EndTrans(tt);
567 if (ntohl(server.flags) & KAFNOSEAL)
570 code = des_random_key(&sessionKey);
572 code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
577 umin(umin(reqEnd, authEnd),
578 umin(start + ntohl(caller.max_ticket_lifetime),
579 start + ntohl(server.max_ticket_lifetime)));
582 tkt_MakeTicket(newTicket, &newTicketLen, &server.key,
583 caller.userID.name, caller.userID.instance, cell,
584 start, reqEnd, &sessionKey,
585 htonl(pkt->from.sin_addr.s_addr), server.userID.name,
586 server.userID.instance);
590 cipherLen = sizeof(cipher);
592 create_cipher(cipher, &cipherLen, &sessionKey, sname, sinst, start,
593 reqEnd, ntohl(server.key_version), newTicket,
594 newTicketLen, &authSessionKey);
599 create_reply(&ans, name, inst, start, reqEnd, 0, cipher, cipherLen);
604 sendto(ksoc, ans.data, ans.len, 0, (struct sockaddr *)&pkt->from,
606 if (code != ans.len) {
607 perror("calling sendto");
612 if (cipherLen != 0) {
613 KALOG(name, inst, sname, sinst, NULL, host, LOG_GETTICKET);
615 osi_audit(UDPGetTicketEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_STR,
616 cell, AUD_STR, sname, AUD_STR, sinst, AUD_END);
622 osi_audit(UDPGetTicketEvent, code, AUD_STR, name, AUD_STR, inst, AUD_STR,
623 NULL, AUD_STR, NULL, AUD_STR, NULL, AUD_END);
628 err_packet(ksoc, pkt, code, reason)
635 char *answer = ans.data;
641 snprintf(buf, 255, "code = %d: %s", code, reason);
644 printf("Sending error packet to '%s'.'%s'@'%s' containing %s\n",
645 pkt->name, pkt->inst, pkt->realm, buf);
649 2 + strlen(pkt->name) + strlen(pkt->inst) + strlen(pkt->realm) +
650 3 /* nulls */ + (2 * sizeof(afs_int32)) + strlen(buf) + 1;
651 if (ans.len > sizeof(ans.data)) {
652 printf("Answer packet too long\n");
656 *answer++ = (unsigned char)KRB_PROT_VERSION;
657 *answer++ = (unsigned char)AUTH_MSG_ERR_REPLY;
658 /* always send claiming network byte order */
663 if ((code < 0) || (code > KERB_ERR_MAXIMUM)) {
664 /* It could be because of kauth errors so we should return something instead of success!! */
671 sendto(ksoc, ans.data, ans.len, 0, (struct sockaddr *)&pkt->from,
673 if (code != ans.len) {
676 ("call to sendto returned %d, sending error packet %d bytes long\n",
679 perror("err_packet: sendto");
685 process_udp_auth(ksoc, pkt)
689 char *packet = pkt->rest;
690 char name[MAXKTCNAMELEN];
691 char inst[MAXKTCNAMELEN];
692 char realm[MAXKTCREALMLEN];
693 char sname[MAXKTCNAMELEN];
694 char sinst[MAXKTCNAMELEN];
697 Date startTime, endTime;
698 unsigned char lifetime;
708 printf("Processing KDC Request from '%s'.'%s'@'%s'\n", name, inst,
712 if ((strlen(realm) > 0) && (strcmp(realm, lrealm) != 0)) {
713 err_packet(ksoc, pkt, KERB_ERR_NONNULL_REALM,
714 "null realm name not allowed");
717 memcpy(&startTime, packet, sizeof(startTime));
718 packet += sizeof(startTime);
719 startTime = ktohl(pkt->byteOrder, startTime);
720 pkt->time = startTime;
721 lifetime = *packet++;
722 endTime = life_to_time(startTime, lifetime);
723 code = tkt_CheckTimes(startTime, endTime, now);
725 err_packet(ksoc, pkt, KERB_ERR_BAD_LIFETIME,
726 "requested ticket lifetime invalid");
731 if ((packet - pkt->data) != pkt->len) {
732 err_packet(ksoc, pkt, KERB_ERR_PKT_LENGTH,
733 "packet length inconsistent");
738 UDP_Authenticate(ksoc, &pkt->from, name, inst, startTime, endTime,
741 if (code == KANOENT) {
742 code = KERB_ERR_PRINCIPAL_UNKNOWN;
743 err_packet(ksoc, pkt, code, (char *)afs_error_message(code));
744 } else if (code == KAPWEXPIRED) {
745 code = KERB_ERR_NAME_EXP;
746 err_packet(ksoc, pkt, code, "password has expired");
748 err_packet(ksoc, pkt, code, (char *)afs_error_message(code));
754 process_udp_appl(ksoc, pkt)
758 char *packet = pkt->rest;
760 char realm[MAXKTCREALMLEN];
761 char ticket[MAXKTCTICKETLEN];
762 char auth[3 * MAXKTCNAMELEN + 4 + 5];
764 int ticketLen, authLen;
768 printf("Processing APPL Request\n");
772 ticketLen = *(unsigned char *)packet++;
773 authLen = *(unsigned char *)packet++;
774 if (ticketLen > sizeof(ticket)) {
775 err_packet(ksoc, pkt, KERB_ERR_TEXT_LENGTH, "ticket too long");
778 memcpy(ticket, packet, ticketLen);
780 if (authLen > sizeof(auth)) {
781 err_packet(ksoc, pkt, KERB_ERR_TEXT_LENGTH, "authenticator too long");
784 memcpy(auth, packet, authLen);
785 pkt->rest = packet + authLen;
787 UDP_GetTicket(ksoc, pkt, kvno, realm, ticket, ticketLen, auth,
791 code = KERB_ERR_PRINCIPAL_UNKNOWN;
792 err_packet(ksoc, pkt, code, (char *)afs_error_message(code));
799 process_udp_request(ksoc, pkt)
803 char *packet = pkt->data;
804 unsigned char version, auth_msg_type;
807 if (version != KRB_PROT_VERSION) {
808 err_packet(ksoc, pkt, KERB_ERR_PKT_VER,
809 "packet version number unknown");
812 auth_msg_type = *packet++;
813 pkt->byteOrder = auth_msg_type & 1;
815 switch (auth_msg_type & ~1) {
816 case AUTH_MSG_KDC_REQUEST:
817 process_udp_auth(ksoc, pkt);
819 case AUTH_MSG_APPL_REQUEST:
820 process_udp_appl(ksoc, pkt);
823 printf("unknown msg type 0x%x\n", auth_msg_type);
824 err_packet(ksoc, pkt, KERB_ERR_BAD_MSG_TYPE,
825 "message type not supported");
836 struct packet packet;
840 printf("Starting to listen for UDP packets\n");
844 FD_SET(sock_kerb, &rfds);
846 FD_SET(sock_kerb5, &rfds);
850 /* write and exception fd_set's are null */
851 code = IOMGR_Select(32, &rfds, NULL, NULL, &tv);
852 if (code == 0) { /* timeout */
853 /* printf ("Timeout\n"); */
855 } else if (code < 0) {
856 perror("calling IOMGR_Select");
860 fromLen = sizeof(packet.from);
861 if ((sock_kerb >= 0) && FD_ISSET(sock_kerb, &rfds)) {
863 recvfrom(sock_kerb, packet.data, sizeof(packet.data), 0,
864 (struct sockaddr *)&packet.from, &fromLen);
866 if (errno == EAGAIN || errno == ECONNREFUSED)
868 perror("calling recvfrom");
873 printf("Kerb:udp: Got %d bytes from addr %s which are '",
874 code, afs_inet_ntoa(packet.from.sin_addr.s_addr));
875 ka_PrintBytes(packet.data, packet.len);
878 packet.name = packet.inst = packet.realm = "";
880 process_udp_request(sock_kerb, &packet);
883 if ((sock_kerb5 >= 0) && FD_ISSET(sock_kerb5, &rfds)) {
885 recvfrom(sock_kerb5, packet.data, sizeof(packet.data), 0,
886 (struct sockaddr *)&packet.from, &fromLen);
888 if (errno == EAGAIN || errno == ECONNREFUSED)
890 perror("calling recvfrom");
895 printf("Kerb5:udp: Got %d bytes from addr %s which are '",
896 code, afs_inet_ntoa(packet.from.sin_addr.s_addr));
897 ka_PrintBytes(packet.data, packet.len);
900 packet.name = packet.inst = packet.realm = "";
902 process_udp_request(sock_kerb5, &packet);
905 if (sock_kerb >= 0) {
909 if (sock_kerb5 >= 0) {
913 printf("UDP SocketListener exiting due to error\n");
918 #include "AFS_component_version_number.c"
926 struct sockaddr_in taddr;
927 static PROCESS slPid; /* socket listener pid */
928 static PROCESS checkPid; /* fiveminute check */
930 char *krb4name; /* kerberos version4 service */
936 static int inited = 0;
943 memset(&taddr, 0, sizeof(taddr));
944 krb4name = "kerberos4";
945 sp = getservbyname(krb4name, "udp");
946 taddr.sin_family = AF_INET; /* added for NCR port */
947 #ifdef STRUCT_SOCKADDR_HAS_SA_LEN
948 taddr.sin_len = sizeof(struct sockaddr_in);
951 /* if kerberos-4 is not available, try "kerberos-iv" */
952 krb4name = "kerberos-iv";
953 sp = getservbyname(krb4name, "udp");
956 /* if kerberos-iv is not available, try "kerberos" */
957 krb4name = "kerberos";
958 sp = getservbyname(krb4name, "udp");
962 "kerberos/udp is unknown; check /etc/services. Using port=%d as default\n",
964 taddr.sin_port = htons(KRB_PORT);
966 /* copy the port number */
967 fprintf(stderr, "%s/udp port=%hu\n", krb4name,
968 (unsigned short)sp->s_port);
969 taddr.sin_port = sp->s_port;
971 kerb_port = taddr.sin_port;
972 sock_kerb = socket(AF_INET, SOCK_DGRAM, 0);
973 code = bind(sock_kerb, (struct sockaddr *)&taddr, sizeof(taddr));
975 perror("calling bind");
979 sp = getservbyname("kerberos5", "udp");
982 "kerberos5/udp is unknown; check /etc/services. Using port=%d as default\n",
984 taddr.sin_port = htons(KRB5_PORT);
986 /* copy the port number */
987 fprintf(stderr, "kerberos5/udp port=%hu\n",
988 (unsigned short)sp->s_port);
989 taddr.sin_port = sp->s_port;
991 if (taddr.sin_port != kerb_port) { /* a different port */
992 sock_kerb5 = socket(AF_INET, SOCK_DGRAM, 0);
993 code = bind(sock_kerb5, (struct sockaddr *)&taddr, sizeof(taddr));
995 perror("calling bind");
1000 /* Bail out if we can't bind with any port */
1001 if ((sock_kerb < 0) && (sock_kerb5 < 0))
1005 /* this has already been done */
1006 LWP_InitializeProcessSupport(LWP_NORMAL_PRIORITY, &junk);
1009 LWP_CreateProcess(SocketListener, /*stacksize */ 16000,
1010 LWP_NORMAL_PRIORITY, (void *)0, "Socket Listener",
1013 /* just to close the log every five minutes */
1015 LWP_CreateProcess(FiveMinuteCheckLWP, 24 * 1024, LWP_MAX_PRIORITY - 2,
1016 (void *)&fiveminutes, "FiveMinuteChecks", &checkPid);
1019 initialize_ka_error_table();
1020 initialize_rxk_error_table();
1021 while (1) /* don't just stand there, run it */
1030 char *lastOperation; /* name of last operation */
1031 char *lrealm = "REALMNAME";
1032 struct kadstats dynamic_statistics;
1035 InitAuthServ(tt, lock, this_op)
1036 struct ubik_trans **tt;
1037 int lock; /* read or write transaction */
1038 int *this_op; /* op of RCP routine, for COUNT_ABO */
1043 printf("Calling InitAuthServ\n");
1049 struct ubik_trans *tt;
1051 printf("Calling ubik_EndTrans\n");
1057 struct ubik_trans *tt;
1059 printf("Calling ubik_AbortTrans\n");
1064 FindBlock(at, aname, ainstance, tentry)
1065 struct ubik_trans *at;
1068 struct kaentry *tentry;
1070 printf("Calling FindBlock with '%s'.'%s'\n", aname, ainstance);
1071 strcpy(tentry->userID.name, aname);
1072 strcpy(tentry->userID.instance, ainstance);
1073 tentry->key_version = htonl(17);
1074 des_string_to_key("toa", &tentry->key);
1075 tentry->flags = htonl(KAFNORMAL);
1076 tentry->user_expiration = htonl(NEVERDATE);
1077 tentry->max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME);
1082 ka_LookupKey(tt, name, inst, kvno, key)
1083 struct ubik_trans *tt;
1086 afs_int32 *kvno; /* returned */
1087 struct ktc_encryptionKey *key; /* copied out */
1089 printf("Calling ka_LookupKey with '%s'.'%s'\n", name, inst);
1091 des_string_to_key("applexx", key);
1095 kvno_tgs_key(authDomain, kvno, tgskey)
1098 struct ktc_encryptionKey *tgskey;
1100 if (strcmp(authDomain, lrealm) != 0)
1101 printf("Called with wrong %s as authDomain\n", authDomain);
1103 printf("kvno_tgs_key: being called with wrong kvno: %d\n", kvno);
1104 des_string_to_key("applexx", tgskey);
1112 name_instance_legal()
git://git.openafs.org / openafs.git / blob