2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 /* This file contains the code to handle UDP requests to the authentication
11 server using the MIT Kerberos protocol for obtaining tickets. It will only
12 handle authentication and get ticket requests to provide read-only protocol
13 level compatibility with the standard Kerberos servers. */
15 #include <afsconfig.h>
16 #include <afs/param.h>
21 #include <sys/types.h>
25 #include <afs/errmap_nt.h>
26 #define snprintf _snprintf
28 #include <sys/socket.h>
30 #include <netinet/in.h>
33 #include <afs/afsutil.h>
35 #include <afs/com_err.h>
38 #include <des_prototypes.h>
47 #include "kauth_internal.h"
49 #include "prot.h" /* protocol definitions */
51 #include "afs/audit.h"
53 #include "kadatabase.h"
55 /* my kerberos error codes */
56 #define KERB_ERR_BAD_MSG_TYPE 99
57 #define KERB_ERR_BAD_LIFETIME 98
58 #define KERB_ERR_NONNULL_REALM 97
59 #define KERB_ERR_PKT_LENGTH 96
60 #define KERB_ERR_TEXT_LENGTH 95
62 #define KDC_GEN_ERR 20
66 #define closesocket close
69 int krb_udp_debug = 0;
71 static int sock_kerb = -1; /* the socket we're using */
72 static int sock_kerb5 = -1; /* the socket we're using */
76 struct sockaddr_in from;
82 char *rest; /* remaining bytes of packet */
83 char data[MAX_PKT_LEN];
86 extern char *lastOperation;
89 char udpAuthPrincipal[256];
90 char udptgsPrincipal[256];
91 char udptgsServerPrincipal[256];
93 #define putstr(name) if ((slen = strlen(name)) >= MAXKTCNAMELEN) return -1;\
94 else strcpy (answer, name), answer += slen+1
95 #define putint(num) num = htonl(num), \
96 memcpy(answer, &num, sizeof(afs_int32)), \
97 answer += sizeof(afs_int32)
99 #define getstr(name) if ((slen = strlen(packet)) >= sizeof(name)) return -1;\
100 strcpy (name, packet), packet += slen+1
101 #define getint(num) memcpy(&num, packet, sizeof(afs_int32)), \
102 num = ktohl (byteOrder, num), \
103 packet += sizeof(afs_int32)
105 /* this is just to close the log every five minutes to rm works */
107 int fiveminutes = 300;
110 FiveMinuteCheckLWP(void *unused)
113 printf("start 5 min check lwp\n");
116 IOMGR_Sleep(fiveminutes);
117 /* close the log so it can be removed */
118 ReOpenLog(AFSDIR_SERVER_KALOG_FILEPATH); /* no trunc, just append */
125 create_cipher(char *cipher, int *cipherLen,
126 struct ktc_encryptionKey *sessionKey, char *sname,
127 char *sinst, Date start, Date end, afs_int32 kvno,
128 char *ticket, int ticketLen, struct ktc_encryptionKey *key)
132 unsigned char life = time_to_life(start, end);
134 des_key_schedule schedule;
139 sizeof(*sessionKey) + strlen(sname) + strlen(sinst) + strlen(lrealm) +
140 3 /*nulls */ + 3 + ticketLen + sizeof(Date);
141 if (len > *cipherLen)
142 return KAANSWERTOOLONG;
144 return KAANSWERTOOLONG;
146 return KAANSWERTOOLONG;
148 memcpy(answer, sessionKey, sizeof(*sessionKey));
149 answer += sizeof(*sessionKey);
154 *answer++ = (unsigned char)kvno;
155 *answer++ = (unsigned char)ticketLen;
156 memcpy(answer, ticket, ticketLen);
161 printf("Printing ticket (%d) and date: ", ticketLen);
162 ka_PrintBytes(ticket, ticketLen);
163 ka_PrintBytes(answer - 4, 4);
167 if ((code = des_key_sched(ktc_to_cblock(key), schedule)))
168 printf("In KAAuthenticate: key_sched returned %d\n", code);
169 des_pcbc_encrypt(cipher, cipher, len, schedule, ktc_to_cblockptr(key), ENCRYPT);
170 *cipherLen = round_up_to_ebs(len);
173 printf("Printing cipher (%d): ", *cipherLen);
174 ka_PrintBytes(cipher, *cipherLen);
181 create_reply(struct packet *ans, char *name, char *inst, Date startTime,
182 Date endTime, afs_int32 kvno, char *cipher, int cipherLen)
184 char *answer = ans->data;
187 ans->len = 2 + strlen(name) + strlen(inst) + 3 /*nulls */ +
188 sizeof(afs_int32) + 1 /*ntkts */ + sizeof(afs_int32) + 1 /*kvno */ +
189 sizeof(short) + cipherLen;
190 if (ans->len > sizeof(ans->data))
191 return KAANSWERTOOLONG;
193 return KAANSWERTOOLONG;
195 *answer++ = (unsigned char)KRB_PROT_VERSION;
196 *answer++ = (unsigned char)AUTH_MSG_KDC_REPLY;
197 /* always send claiming network byte order */
202 *answer++ = 1; /* undocumented number of tickets! */
204 *answer++ = (unsigned char)kvno;
206 short w = (short)cipherLen;
208 memcpy(answer, &w, sizeof(short));
209 answer += sizeof(short);
211 memcpy(answer, cipher, cipherLen);
216 check_auth(struct packet *pkt, char *auth, int authLen,
217 struct ktc_encryptionKey *key, char *name, char *inst,
221 des_key_schedule schedule;
224 int byteOrder = pkt->byteOrder;
226 des_key_sched(ktc_to_cblock(key), schedule);
227 des_pcbc_encrypt(auth, auth, authLen, schedule, ktc_to_cblockptr(key), DECRYPT);
229 if (strcmp(packet, name) != 0)
231 packet += strlen(packet) + 1;
232 if (strcmp(packet, inst) != 0)
234 packet += strlen(packet) + 1;
235 if (strcmp(packet, cell) != 0)
237 packet += strlen(packet) + 1;
239 /* Comments in the original IBM source suggest this byte was/is "time_msec" */
242 if ((packet - auth) > authLen)
248 UDP_Authenticate(int ksoc, struct sockaddr_in *client, char *name,
249 char *inst, Date startTime, Date endTime, char *sname,
252 struct ubik_trans *tt;
253 afs_int32 to; /* offset of block */
254 struct kaentry tentry;
255 afs_int32 tgskvno; /* key version of service key */
256 struct ktc_encryptionKey tgskey; /* service key for encrypting ticket */
261 char ticket[MAXKTCTICKETLEN]; /* our copy of the ticket */
263 struct ktc_encryptionKey sessionKey; /* we have to invent a session key */
265 char cipher[2 * MAXKTCTICKETLEN]; /* put encrypted part of answer here */
269 COUNT_REQ(UAuthenticate);
270 if (!name_instance_legal(name, inst))
271 return KERB_ERR_NAME_EXP; /* KABADNAME */
272 if ((code = InitAuthServ(&tt, LOCKREAD, this_op)))
275 code = FindBlock(tt, name, inst, &to, &tentry);
278 if (to) { /* if user exists check other stuff */
280 struct kaentry sentry;
281 save_principal(udpAuthPrincipal, name, inst, 0);
283 tgt = ((strcmp(sname, KA_TGS_NAME) == 0)
284 && (strcmp(sinst, lrealm) == 0));
285 if ((ntohl(tentry.user_expiration) < now)
286 || (tgt && (ntohl(tentry.flags) & KAFNOTGS))) {
287 code = KERB_ERR_NAME_EXP; /* KABADUSER */
290 code = FindBlock(tt, KA_TGS_NAME, lrealm, &sto, &sentry);
297 if ((ntohl(sentry.user_expiration) < now)) {
298 code = KERB_ERR_NAME_EXP; /* XXX Could use another error code XXX */
301 if (abs(startTime - now) > KTC_TIME_UNCERTAINTY) {
302 code = KERB_ERR_SERVICE_EXP; /* was KABADREQUEST */
306 if (tentry.misc_auth_bytes) {
307 unsigned char misc_auth_bytes[4];
308 afs_uint32 temp; /* unsigned for safety */
309 afs_uint32 pwexpires;
311 memcpy(&temp, tentry.misc_auth_bytes, sizeof(afs_uint32));
313 unpack_long(temp, misc_auth_bytes);
314 pwexpires = misc_auth_bytes[0];
317 ntohl(tentry.change_password_time) +
318 24 * 60 * 60 * pwexpires;
319 if (pwexpires < now) {
320 code = KERB_ERR_AUTH_EXP; /* was KAPWEXPIRED */
326 /* make the ticket */
327 code = des_random_key(ktc_to_cblock(&sessionKey));
329 code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
333 umin(endTime, startTime + ntohl(tentry.max_ticket_lifetime));
334 if ((code = ka_LookupKey(tt, sname, sinst, &tgskvno, &tgskey))
336 tkt_MakeTicket(ticket, &ticketLen, &tgskey, name, inst,
337 lrealm, startTime, endTime, &sessionKey,
338 htonl(client->sin_addr.s_addr), sname, sinst)))
341 cipherLen = sizeof(cipher);
343 create_cipher(cipher, &cipherLen, &sessionKey, sname, sinst,
344 startTime, endTime, tgskvno, ticket, ticketLen,
348 } else { /* no such user */
350 tentry.key_version = 0;
352 code = ubik_EndTrans(tt);
357 create_reply(&ans, name, inst, startTime, endTime,
358 ntohl(tentry.key_version), cipher, cipherLen);
363 printf("Sending %d bytes ending in: ", ans.len);
364 ka_PrintBytes(ans.data + ans.len - 8, 8);
369 sendto(ksoc, ans.data, ans.len, 0, (struct sockaddr *)client,
371 if (code != ans.len) {
372 perror("calling sendto");
376 KALOG(name, inst, sname, sinst, NULL, client->sin_addr.s_addr,
379 if (cipherLen != 0) {
380 KALOG(name, inst, sname, sinst, NULL, client->sin_addr.s_addr,
383 osi_audit(UDPAuthenticateEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_END);
391 osi_audit(UDPAuthenticateEvent, code, AUD_STR, name, AUD_STR, inst,
397 UDP_GetTicket(int ksoc, struct packet *pkt, afs_int32 kvno,
398 char *authDomain, char *ticket, int ticketLen, char *auth,
402 struct ktc_encryptionKey tgskey;
403 char name[MAXKTCNAMELEN];
404 char inst[MAXKTCNAMELEN];
405 char cell[MAXKTCREALMLEN];
406 struct ktc_encryptionKey authSessionKey;
416 int byteOrder = pkt->byteOrder;
417 char sname[MAXKTCNAMELEN];
418 char sinst[MAXKTCNAMELEN];
422 struct ubik_trans *tt;
424 struct kaentry caller;
425 struct kaentry server;
427 struct ktc_encryptionKey sessionKey;
429 char newTicket[MAXKTCTICKETLEN];
431 char cipher[2 * MAXKTCTICKETLEN]; /* put encrypted part of answer here */
435 COUNT_REQ(UGetTicket);
437 if ((code = InitAuthServ(&tt, LOCKREAD, this_op)))
440 ka_LookupKvno(tt, KA_TGS_NAME,
441 ((strlen(authDomain) > 0) ? authDomain : lrealm), kvno,
447 tkt_DecodeTicket(ticket, ticketLen, &tgskey, name, inst, cell,
448 &authSessionKey, &host, &start, &authEnd);
453 code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */
456 save_principal(udptgsPrincipal, name, inst, cell);
457 code = tkt_CheckTimes(start, authEnd, now);
460 code = KERB_ERR_SERVICE_EXP; /* was RXKADEXPIRED */
463 code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */
466 celllen = strlen(cell);
468 if ((strlen(authDomain) > 0) && (strcmp(authDomain, lrealm) != 0))
470 if (import && (celllen == 0)) {
471 code = KERB_ERR_PKT_VER; /* was KABADTICKET */
475 strncpy(cell, lrealm, MAXKTCREALMLEN - 1);
476 cell[MAXKTCREALMLEN - 1] = 0;
479 if (!krb4_cross && strcmp(lrealm, cell) != 0) {
480 code = KERB_ERR_PRINCIPAL_UNKNOWN;
485 printf("UGetTicket: got ticket from '%s'.'%s'@'%s'\n", name, inst,
489 code = check_auth(pkt, auth, authLen, &authSessionKey, name, inst, cell);
493 /* authenticator and all is OK so read actual request */
496 life = *(unsigned char *)packet++;
500 reqEnd = life_to_time(start, life);
502 printf("UGetTicket: request for server '%s'.'%s'\n", sname, sinst);
504 save_principal(udptgsServerPrincipal, sname, sinst, 0);
507 strcpy(caller.userID.name, name);
508 strcpy(caller.userID.instance, inst);
509 caller.max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME);
511 code = FindBlock(tt, name, inst, &to, &caller);
515 ka_PrintUserID("GetTicket: User ", name, inst, " unknown.\n");
516 code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */
519 if (ntohl(caller.flags) & KAFNOTGS) {
520 code = KERB_ERR_AUTH_EXP; /* was KABADUSER */
525 code = FindBlock(tt, sname, sinst, &to, &server); /* get server's entry */
528 if (to == 0) { /* entry not found */
529 ka_PrintUserID("GetTicket: Server ", sname, sinst, " unknown.\n");
530 code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */
533 code = ubik_EndTrans(tt);
537 if (ntohl(server.flags) & KAFNOSEAL)
540 code = des_random_key(ktc_to_cblock(&sessionKey));
542 code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
547 umin(umin(reqEnd, authEnd),
548 umin(start + ntohl(caller.max_ticket_lifetime),
549 start + ntohl(server.max_ticket_lifetime)));
552 tkt_MakeTicket(newTicket, &newTicketLen, &server.key,
553 caller.userID.name, caller.userID.instance, cell,
554 start, reqEnd, &sessionKey,
555 htonl(pkt->from.sin_addr.s_addr), server.userID.name,
556 server.userID.instance);
560 cipherLen = sizeof(cipher);
562 create_cipher(cipher, &cipherLen, &sessionKey, sname, sinst, start,
563 reqEnd, ntohl(server.key_version), newTicket,
564 newTicketLen, &authSessionKey);
569 create_reply(&ans, name, inst, start, reqEnd, 0, cipher, cipherLen);
574 sendto(ksoc, ans.data, ans.len, 0, (struct sockaddr *)&pkt->from,
576 if (code != ans.len) {
577 perror("calling sendto");
582 if (cipherLen != 0) {
583 KALOG(name, inst, sname, sinst, NULL, host, LOG_GETTICKET);
585 osi_audit(UDPGetTicketEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_STR,
586 cell, AUD_STR, sname, AUD_STR, sinst, AUD_END);
592 osi_audit(UDPGetTicketEvent, code, AUD_STR, name, AUD_STR, inst, AUD_STR,
593 NULL, AUD_STR, NULL, AUD_STR, NULL, AUD_END);
598 err_packet(int ksoc, struct packet *pkt, afs_int32 code, char *reason)
601 char *answer = ans.data;
607 snprintf(buf, 255, "code = %d: %s", code, reason);
610 printf("Sending error packet to '%s'.'%s'@'%s' containing %s\n",
611 pkt->name, pkt->inst, pkt->realm, buf);
615 2 + strlen(pkt->name) + strlen(pkt->inst) + strlen(pkt->realm) +
616 3 /* nulls */ + (2 * sizeof(afs_int32)) + strlen(buf) + 1;
617 if (ans.len > sizeof(ans.data)) {
618 printf("Answer packet too long\n");
622 *answer++ = (unsigned char)KRB_PROT_VERSION;
623 *answer++ = (unsigned char)AUTH_MSG_ERR_REPLY;
624 /* always send claiming network byte order */
629 if ((code < 0) || (code > KERB_ERR_MAXIMUM)) {
630 /* It could be because of kauth errors so we should return something instead of success!! */
637 sendto(ksoc, ans.data, ans.len, 0, (struct sockaddr *)&pkt->from,
639 if (code != ans.len) {
642 ("call to sendto returned %d, sending error packet %d bytes long\n",
645 perror("err_packet: sendto");
651 process_udp_auth(int ksoc, struct packet *pkt)
653 char *packet = pkt->rest;
654 char name[MAXKTCNAMELEN];
655 char inst[MAXKTCNAMELEN];
656 char realm[MAXKTCREALMLEN];
657 char sname[MAXKTCNAMELEN];
658 char sinst[MAXKTCNAMELEN];
661 Date startTime, endTime;
662 unsigned char lifetime;
672 printf("Processing KDC Request from '%s'.'%s'@'%s'\n", name, inst,
676 if ((strlen(realm) > 0) && (strcmp(realm, lrealm) != 0)) {
677 err_packet(ksoc, pkt, KERB_ERR_NONNULL_REALM,
678 "null realm name not allowed");
681 memcpy(&startTime, packet, sizeof(startTime));
682 packet += sizeof(startTime);
683 startTime = ktohl(pkt->byteOrder, startTime);
684 pkt->time = startTime;
685 lifetime = *packet++;
686 endTime = life_to_time(startTime, lifetime);
687 code = tkt_CheckTimes(startTime, endTime, now);
689 err_packet(ksoc, pkt, KERB_ERR_BAD_LIFETIME,
690 "requested ticket lifetime invalid");
695 if ((packet - pkt->data) != pkt->len) {
696 err_packet(ksoc, pkt, KERB_ERR_PKT_LENGTH,
697 "packet length inconsistent");
702 UDP_Authenticate(ksoc, &pkt->from, name, inst, startTime, endTime,
705 if (code == KANOENT) {
706 code = KERB_ERR_PRINCIPAL_UNKNOWN;
707 err_packet(ksoc, pkt, code, (char *)afs_error_message(code));
708 } else if (code == KAPWEXPIRED) {
709 code = KERB_ERR_NAME_EXP;
710 err_packet(ksoc, pkt, code, "password has expired");
712 err_packet(ksoc, pkt, code, (char *)afs_error_message(code));
718 process_udp_appl(int ksoc, struct packet *pkt)
720 char *packet = pkt->rest;
722 char realm[MAXKTCREALMLEN];
723 char ticket[MAXKTCTICKETLEN];
724 char auth[3 * MAXKTCNAMELEN + 4 + 5];
726 int ticketLen, authLen;
730 printf("Processing APPL Request\n");
734 ticketLen = *(unsigned char *)packet++;
735 authLen = *(unsigned char *)packet++;
736 if (ticketLen > sizeof(ticket)) {
737 err_packet(ksoc, pkt, KERB_ERR_TEXT_LENGTH, "ticket too long");
740 memcpy(ticket, packet, ticketLen);
742 if (authLen > sizeof(auth)) {
743 err_packet(ksoc, pkt, KERB_ERR_TEXT_LENGTH, "authenticator too long");
746 memcpy(auth, packet, authLen);
747 pkt->rest = packet + authLen;
749 UDP_GetTicket(ksoc, pkt, kvno, realm, ticket, ticketLen, auth,
753 code = KERB_ERR_PRINCIPAL_UNKNOWN;
754 err_packet(ksoc, pkt, code, (char *)afs_error_message(code));
761 process_udp_request(int ksoc, struct packet *pkt)
763 char *packet = pkt->data;
764 unsigned char version, auth_msg_type;
767 if (version != KRB_PROT_VERSION) {
768 err_packet(ksoc, pkt, KERB_ERR_PKT_VER,
769 "packet version number unknown");
772 auth_msg_type = *packet++;
773 pkt->byteOrder = auth_msg_type & 1;
775 switch (auth_msg_type & ~1) {
776 case AUTH_MSG_KDC_REQUEST:
777 process_udp_auth(ksoc, pkt);
779 case AUTH_MSG_APPL_REQUEST:
780 process_udp_appl(ksoc, pkt);
783 printf("unknown msg type 0x%x\n", auth_msg_type);
784 err_packet(ksoc, pkt, KERB_ERR_BAD_MSG_TYPE,
785 "message type not supported");
792 SocketListener(void *unused)
796 struct packet packet;
801 printf("Starting to listen for UDP packets\n");
805 FD_SET(sock_kerb, &rfds);
807 FD_SET(sock_kerb5, &rfds);
811 /* write and exception fd_set's are null */
812 code = IOMGR_Select(32, &rfds, NULL, NULL, &tv);
813 if (code == 0) { /* timeout */
814 /* printf ("Timeout\n"); */
816 } else if (code < 0) {
817 perror("calling IOMGR_Select");
821 fromLen = sizeof(packet.from);
822 if ((sock_kerb >= 0) && FD_ISSET(sock_kerb, &rfds)) {
824 recvfrom(sock_kerb, packet.data, sizeof(packet.data), 0,
825 (struct sockaddr *)&packet.from, &fromLen);
827 if (errno == EAGAIN || errno == ECONNREFUSED)
829 perror("calling recvfrom");
834 printf("Kerb:udp: Got %d bytes from addr %s which are '",
835 code, afs_inet_ntoa_r(packet.from.sin_addr.s_addr, hoststr));
836 ka_PrintBytes(packet.data, packet.len);
839 packet.name = packet.inst = packet.realm = "";
841 process_udp_request(sock_kerb, &packet);
844 if ((sock_kerb5 >= 0) && FD_ISSET(sock_kerb5, &rfds)) {
846 recvfrom(sock_kerb5, packet.data, sizeof(packet.data), 0,
847 (struct sockaddr *)&packet.from, &fromLen);
849 if (errno == EAGAIN || errno == ECONNREFUSED)
851 perror("calling recvfrom");
856 printf("Kerb5:udp: Got %d bytes from addr %s which are '",
857 code, afs_inet_ntoa_r(packet.from.sin_addr.s_addr, hoststr));
858 ka_PrintBytes(packet.data, packet.len);
861 packet.name = packet.inst = packet.realm = "";
863 process_udp_request(sock_kerb5, &packet);
866 if (sock_kerb >= 0) {
867 closesocket(sock_kerb);
870 if (sock_kerb5 >= 0) {
871 closesocket(sock_kerb5);
874 printf("UDP SocketListener exiting due to error\n");
881 #include "AFS_component_version_number.c"
890 struct sockaddr_in taddr;
891 static PROCESS slPid; /* socket listener pid */
892 static PROCESS checkPid; /* fiveminute check */
894 char *krb4name; /* kerberos version4 service */
900 static int inited = 0;
907 memset(&taddr, 0, sizeof(taddr));
908 krb4name = "kerberos4";
909 sp = getservbyname(krb4name, "udp");
910 taddr.sin_family = AF_INET; /* added for NCR port */
911 #ifdef STRUCT_SOCKADDR_HAS_SA_LEN
912 taddr.sin_len = sizeof(struct sockaddr_in);
915 /* if kerberos-4 is not available, try "kerberos-iv" */
916 krb4name = "kerberos-iv";
917 sp = getservbyname(krb4name, "udp");
920 /* if kerberos-iv is not available, try "kerberos" */
921 krb4name = "kerberos";
922 sp = getservbyname(krb4name, "udp");
926 "kerberos/udp is unknown; check /etc/services. Using port=%d as default\n",
928 taddr.sin_port = htons(KRB_PORT);
930 /* copy the port number */
931 fprintf(stderr, "%s/udp port=%hu\n", krb4name,
932 (unsigned short)sp->s_port);
933 taddr.sin_port = sp->s_port;
935 kerb_port = taddr.sin_port;
936 sock_kerb = socket(AF_INET, SOCK_DGRAM, 0);
937 code = bind(sock_kerb, (struct sockaddr *)&taddr, sizeof(taddr));
939 perror("calling bind");
943 sp = getservbyname("kerberos5", "udp");
946 "kerberos5/udp is unknown; check /etc/services. Using port=%d as default\n",
948 taddr.sin_port = htons(KRB5_PORT);
950 /* copy the port number */
951 fprintf(stderr, "kerberos5/udp port=%hu\n",
952 (unsigned short)sp->s_port);
953 taddr.sin_port = sp->s_port;
955 if (taddr.sin_port != kerb_port) { /* a different port */
956 sock_kerb5 = socket(AF_INET, SOCK_DGRAM, 0);
957 code = bind(sock_kerb5, (struct sockaddr *)&taddr, sizeof(taddr));
959 perror("calling bind");
964 /* Bail out if we can't bind with any port */
965 if ((sock_kerb < 0) && (sock_kerb5 < 0))
969 /* this has already been done */
970 LWP_InitializeProcessSupport(LWP_NORMAL_PRIORITY, &junk);
973 LWP_CreateProcess(SocketListener, /*stacksize */ 16000,
974 LWP_NORMAL_PRIORITY, (void *)0, "Socket Listener",
977 /* just to close the log every five minutes */
979 LWP_CreateProcess(FiveMinuteCheckLWP, 24 * 1024, LWP_MAX_PRIORITY - 2,
980 (void *)&fiveminutes, "FiveMinuteChecks", &checkPid);
983 initialize_ka_error_table();
984 initialize_rxk_error_table();
985 while (1) /* don't just stand there, run it */
994 char *lastOperation; /* name of last operation */
995 char *lrealm = "REALMNAME";
996 struct kadstats dynamic_statistics;
999 InitAuthServ(tt, lock, this_op)
1000 struct ubik_trans **tt;
1001 int lock; /* read or write transaction */
1002 int *this_op; /* op of RCP routine, for COUNT_ABO */
1007 printf("Calling InitAuthServ\n");
1013 struct ubik_trans *tt;
1015 printf("Calling ubik_EndTrans\n");
1021 struct ubik_trans *tt;
1023 printf("Calling ubik_AbortTrans\n");
1028 FindBlock(at, aname, ainstance, tentry)
1029 struct ubik_trans *at;
1032 struct kaentry *tentry;
1034 printf("Calling FindBlock with '%s'.'%s'\n", aname, ainstance);
1035 strcpy(tentry->userID.name, aname);
1036 strcpy(tentry->userID.instance, ainstance);
1037 tentry->key_version = htonl(17);
1038 des_string_to_key("toa", &tentry->key);
1039 tentry->flags = htonl(KAFNORMAL);
1040 tentry->user_expiration = htonl(NEVERDATE);
1041 tentry->max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME);
1046 ka_LookupKey(tt, name, inst, kvno, key)
1047 struct ubik_trans *tt;
1050 afs_int32 *kvno; /* returned */
1051 struct ktc_encryptionKey *key; /* copied out */
1053 printf("Calling ka_LookupKey with '%s'.'%s'\n", name, inst);
1055 des_string_to_key("applexx", key);
1059 kvno_tgs_key(authDomain, kvno, tgskey)
1062 struct ktc_encryptionKey *tgskey;
1064 if (strcmp(authDomain, lrealm) != 0)
1065 printf("Called with wrong %s as authDomain\n", authDomain);
1067 printf("kvno_tgs_key: being called with wrong kvno: %d\n", kvno);
1068 des_string_to_key("applexx", tgskey);
1076 name_instance_legal()