2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 /* This file contains the code to handle UDP requests to the authentication
11 server using the MIT Kerberos protocol for obtaining tickets. It will only
12 handle authentication and get ticket requests to provide read-only protocol
13 level compatibility with the standard Kerberos servers. */
15 #include <afs/param.h>
17 #include <sys/types.h>
21 #include <sys/socket.h>
23 #include <netinet/in.h>
25 #include <afs/afsutil.h>
27 #include <afs/com_err.h>
39 #include "prot.h" /* protocol definitions */
41 #include "afs/audit.h"
44 #include "../permit_xprt.h"
47 /* my kerberos error codes */
48 #define KERB_ERR_BAD_MSG_TYPE 99
49 #define KERB_ERR_BAD_LIFETIME 98
50 #define KERB_ERR_NONNULL_REALM 97
51 #define KERB_ERR_PKT_LENGTH 96
52 #define KERB_ERR_TEXT_LENGTH 95
54 #define KDC_GEN_ERR 20
58 int krb_udp_debug = 0;
60 static int sock_kerb =-1; /* the socket we're using */
61 static int sock_kerb5=-1; /* the socket we're using */
65 struct sockaddr_in from;
71 char *rest; /* remaining bytes of packet */
72 char data[MAX_PKT_LEN];
75 extern struct kadstats dynamic_statistics;
76 extern char *lastOperation;
79 char udpAuthPrincipal[256];
80 char udptgsPrincipal[256];
81 char udptgsServerPrincipal[256];
83 #define putstr(name) if ((slen = strlen(name)) >= MAXKTCNAMELEN) return -1;\
84 else strcpy (answer, name), answer += slen+1
85 #define putint(num) num = htonl(num), \
86 bcopy (&num, answer, sizeof(afs_int32)), \
87 answer += sizeof(afs_int32)
89 #define getstr(name) if ((slen = strlen(packet)) >= sizeof(name)) return -1;\
90 strcpy (name, packet), packet += slen+1
91 #define getint(num) bcopy (packet, &num, sizeof(afs_int32)), \
92 num = ktohl (byteOrder, num), \
93 packet += sizeof(afs_int32)
95 /* this is just to close the log every five minutes to rm works */
99 static FiveMinuteCheckLWP()
103 printf("start 5 min check lwp\n");
107 IOMGR_Sleep(fiveminutes);
108 /* close the log so it can be removed */
109 ReOpenLog(AFSDIR_SERVER_KALOG_FILEPATH);/* no trunc, just append */
114 static afs_int32 create_cipher (cipher, cipherLen, sessionKey, sname, sinst,
115 start, end, kvno, ticket, ticketLen, key)
118 struct ktc_encryptionKey *sessionKey;
125 struct ktc_encryptionKey *key;
128 unsigned char life = time_to_life (start, end);
130 des_key_schedule schedule;
134 len = sizeof(*sessionKey) + strlen(sname) + strlen(sinst) +
135 strlen(lrealm) + 3/*nulls*/ + 3 + ticketLen + sizeof(Date);
136 if (len > *cipherLen) return KAANSWERTOOLONG;
137 if (ticketLen > 255) return KAANSWERTOOLONG;
138 if (kvno > 255) return KAANSWERTOOLONG;
140 bcopy (sessionKey, answer, sizeof(*sessionKey));
141 answer += sizeof(*sessionKey);
146 *answer++ = (unsigned char) kvno;
147 *answer++ = (unsigned char) ticketLen;
148 bcopy (ticket, answer, ticketLen);
153 printf ("Printing ticket (%d) and date: ", ticketLen);
154 ka_PrintBytes (ticket, ticketLen);
155 ka_PrintBytes (answer-4, 4);
159 if (code = des_key_sched (key, schedule))
160 printf ("In KAAuthenticate: key_sched returned %d\n", code);
161 des_pcbc_encrypt (cipher, cipher, len, schedule, key, ENCRYPT);
162 *cipherLen = round_up_to_ebs (len);
165 printf ("Printing cipher (%d): ", *cipherLen);
166 ka_PrintBytes (cipher, *cipherLen);
172 static afs_int32 create_reply (ans, name, inst, startTime, endTime, kvno,
177 Date startTime, endTime;
181 { char *answer = ans->data;
184 ans->len = 2 + strlen(name) + strlen(inst) + 3/*nulls*/ +
185 sizeof(afs_int32) + 1/*ntkts*/ + sizeof(afs_int32) + 1/*kvno*/ +
186 sizeof(short) + cipherLen;
187 if (ans->len > sizeof(ans->data)) return KAANSWERTOOLONG;
188 if (kvno > 255) return KAANSWERTOOLONG;
190 *answer++ = (unsigned char) KRB_PROT_VERSION;
191 *answer++ = (unsigned char) AUTH_MSG_KDC_REPLY;
192 /* always send claiming network byte order */
197 *answer++ = 1; /* undocumented number of tickets! */
199 *answer++ = (unsigned char) kvno;
200 { short w = (short) cipherLen;
202 bcopy (&w, answer, sizeof(short));
203 answer += sizeof(short);
205 bcopy (cipher, answer, cipherLen);
209 static afs_int32 check_auth (pkt, auth, authLen, key, name, inst, cell)
213 struct ktc_encryptionKey *key;
218 des_key_schedule schedule;
220 /* unsigned char time_msec; */
222 int byteOrder = pkt->byteOrder;
224 des_key_sched (key, schedule);
225 des_pcbc_encrypt (auth, auth, authLen, schedule, key, DECRYPT);
227 if (strcmp (packet, name) != 0) return KABADTICKET;
228 packet += strlen (packet) + 1;
229 if (strcmp (packet, inst) != 0) return KABADTICKET;
230 packet += strlen (packet) + 1;
231 if (strcmp (packet, cell) != 0) return KABADTICKET;
232 packet += strlen (packet) + 1;
234 /* time_msec = */ *(unsigned char *)packet++;
236 if ((packet-auth) > authLen) return KABADTICKET;
240 afs_int32 UDP_Authenticate (ksoc, client, name, inst, startTime, endTime, sname, sinst)
242 struct sockaddr_in *client;
249 { struct ubik_trans *tt;
250 afs_int32 to; /* offset of block */
251 struct kaentry tentry;
252 afs_int32 tgskvno; /* key version of service key */
253 struct ktc_encryptionKey tgskey; /* service key for encrypting ticket */
258 char ticket[MAXKTCTICKETLEN]; /* our copy of the ticket */
260 struct ktc_encryptionKey sessionKey; /* we have to invent a session key */
262 char cipher[2*MAXKTCTICKETLEN]; /* put encrypted part of answer here */
266 COUNT_REQ (UAuthenticate);
267 if (!name_instance_legal (name, inst)) return KERB_ERR_NAME_EXP; /* KABADNAME */
268 if (code = InitAuthServ (&tt, LOCKREAD, this_op)) return code;
270 code = FindBlock (tt, name, inst, &to, &tentry);
271 if (code) goto abort;
272 if (to) { /* if user exists check other stuff */
274 struct kaentry sentry;
275 save_principal (udpAuthPrincipal, name, inst, 0);
277 tgt = ((strcmp (sname, KA_TGS_NAME) == 0) &&
278 (strcmp (sinst, lrealm) == 0));
279 if ((ntohl(tentry.user_expiration) < now) ||
280 (tgt && (ntohl(tentry.flags) & KAFNOTGS))) {
281 code = KERB_ERR_NAME_EXP; /* KABADUSER */
284 code = FindBlock (tt, KA_TGS_NAME, lrealm, &sto, &sentry);
285 if (code) goto abort;
286 if (sto == 0) {code = KANOENT; goto abort; }
287 if ((ntohl(sentry.user_expiration) < now)) {
288 code = KERB_ERR_NAME_EXP; /* XXX Could use another error code XXX */
291 if (abs (startTime - now) > KTC_TIME_UNCERTAINTY) {
292 code = KERB_ERR_SERVICE_EXP; /* was KABADREQUEST */
296 if (tentry.misc_auth_bytes) {
297 unsigned char misc_auth_bytes[4];
298 afs_uint32 temp; /* unsigned for safety */
299 afs_uint32 pwexpires;
301 temp = ntohl(*((afs_int32 *)(tentry.misc_auth_bytes)));
302 unpack_long(temp, misc_auth_bytes);
303 pwexpires = misc_auth_bytes[0];
305 pwexpires= ntohl(tentry.change_password_time) + 24*60*60*pwexpires;
306 if ( pwexpires < now ) {
307 code = KERB_ERR_AUTH_EXP; /* was KAPWEXPIRED */
313 /* make the ticket */
314 code = des_random_key (&sessionKey);
316 code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
319 endTime = umin (endTime,
320 startTime + ntohl(tentry.max_ticket_lifetime));
321 if ((code = ka_LookupKey (tt, sname, sinst, &tgskvno, &tgskey)) ||
322 (code = tkt_MakeTicket (ticket, &ticketLen, &tgskey,
324 startTime, endTime, &sessionKey,
325 htonl(client->sin_addr.s_addr), sname, sinst)))
328 cipherLen = sizeof(cipher);
330 (cipher, &cipherLen, &sessionKey, sname, sinst,
331 startTime, endTime, tgskvno, ticket, ticketLen, &tentry.key);
332 if (code) goto abort;
333 } else { /* no such user */
335 tentry.key_version = 0;
337 code = ubik_EndTrans(tt);
341 code = create_reply (&ans, name, inst, startTime, endTime,
342 ntohl(tentry.key_version), cipher, cipherLen);
347 printf ("Sending %d bytes ending in: ", ans.len);
348 ka_PrintBytes (ans.data+ans.len-8, 8);
352 code = sendto (ksoc, ans.data, ans.len, 0,
353 (struct sockaddr *) client, sizeof(*client));
354 if (code != ans.len) {
355 perror ("calling sendto");
359 osi_audit ( UDPAuthenticateEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_END);
364 ubik_AbortTrans (tt);
367 osi_audit ( UDPAuthenticateEvent, code, AUD_STR, name, AUD_STR, inst, AUD_END);
371 afs_int32 UDP_GetTicket (ksoc, pkt, kvno, authDomain, ticket, ticketLen, auth, authLen)
381 struct ktc_encryptionKey tgskey;
382 char name[MAXKTCNAMELEN];
383 char inst[MAXKTCNAMELEN];
384 char cell[MAXKTCREALMLEN];
385 struct ktc_encryptionKey authSessionKey;
395 int byteOrder = pkt->byteOrder;
396 char sname[MAXKTCNAMELEN];
397 char sinst[MAXKTCNAMELEN];
401 struct ubik_trans *tt;
403 struct kaentry caller;
404 struct kaentry server;
406 struct ktc_encryptionKey sessionKey;
408 char newTicket[MAXKTCTICKETLEN];
410 char cipher[2*MAXKTCTICKETLEN]; /* put encrypted part of answer here */
414 COUNT_REQ (UGetTicket);
416 if (code = InitAuthServ(&tt, LOCKREAD, this_op)) goto fail;
417 code = ka_LookupKvno (tt, KA_TGS_NAME,
418 ((strlen(authDomain) > 0) ? authDomain : lrealm),
420 if (code) goto abort;
422 code = tkt_DecodeTicket (ticket, ticketLen, &tgskey, name, inst, cell,
423 &authSessionKey, &host, &start, &authEnd);
428 code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */
431 save_principal (udptgsPrincipal, name, inst, cell);
432 code = tkt_CheckTimes (start, authEnd, now);
435 code = KERB_ERR_SERVICE_EXP; /* was RXKADEXPIRED */
438 code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */
441 celllen = strlen (cell);
443 if ((strlen(authDomain) > 0) && (strcmp (authDomain, lrealm) != 0))
445 if (import && (celllen == 0)) {
446 code = KERB_ERR_PKT_VER; /* was KABADTICKET */
449 if (celllen == 0) strcpy (cell, lrealm);
452 printf ("UGetTicket: got ticket from '%s'.'%s'@'%s'\n",
456 code = check_auth (pkt, auth, authLen, &authSessionKey, name, inst, cell);
457 if (code) goto abort;
459 /* authenticator and all is OK so read actual request */
462 life = *(unsigned char *)packet++;
466 reqEnd = life_to_time (start, life);
468 printf ("UGetTicket: request for server '%s'.'%s'\n", sname, sinst);
470 save_principal (udptgsServerPrincipal, sname, sinst, 0);
473 strcpy (caller.userID.name, name);
474 strcpy (caller.userID.instance, inst);
475 caller.max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME);
478 code = FindBlock(tt, name, inst, &to, &caller);
479 if (code) goto abort;
481 ka_PrintUserID ("GetTicket: User ", name, inst, " unknown.\n");
482 code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */
485 if (ntohl(caller.flags) & KAFNOTGS)
486 { code = KERB_ERR_AUTH_EXP; /* was KABADUSER */
490 code = FindBlock (tt, sname, sinst, &to, &server); /* get server's entry */
491 if (code) goto abort;
492 if (to == 0) { /* entry not found */
493 ka_PrintUserID ("GetTicket: Server ", sname, sinst, " unknown.\n");
494 code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */
497 code = ubik_EndTrans (tt);
500 if (ntohl(server.flags) & KAFNOSEAL) return KABADSERVER;
502 code = des_random_key (&sessionKey);
504 code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
508 reqEnd = umin (umin (reqEnd, authEnd),
509 umin (start+ntohl(caller.max_ticket_lifetime),
510 start+ntohl(server.max_ticket_lifetime)));
512 code = tkt_MakeTicket (newTicket, &newTicketLen, &server.key,
513 caller.userID.name, caller.userID.instance, cell,
514 start, reqEnd, &sessionKey,
515 htonl(pkt->from.sin_addr.s_addr),
516 server.userID.name, server.userID.instance);
519 cipherLen = sizeof(cipher);
521 (cipher, &cipherLen, &sessionKey, sname, sinst,
522 start, reqEnd, ntohl(server.key_version),
523 newTicket, newTicketLen, &authSessionKey);
526 code = create_reply (&ans, name, inst, start, reqEnd, 0,
530 code = sendto (ksoc, ans.data, ans.len, 0,
531 (struct sockaddr *) &pkt->from, sizeof(pkt->from));
532 if (code != ans.len) {
533 perror ("calling sendto");
538 if (cipherLen != 0) {
539 KALOG(name, inst, sname, sinst, NULL, host, LOG_GETTICKET);
541 osi_audit ( UDPGetTicketEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_STR, cell, AUD_STR, sname, AUD_STR, sinst, AUD_END);
547 osi_audit ( UDPGetTicketEvent, code, AUD_STR, name, AUD_STR, inst, AUD_STR, NULL, AUD_STR, NULL, AUD_STR, NULL, AUD_END);
551 static err_packet (ksoc, pkt, code, reason)
557 char *answer = ans.data;
561 if (reason == 0) reason = "";
562 else if (strlen(reason) + 20 > sizeof(buf)) reason = "reason too long";
563 sprintf (buf, "code = %d: %s", code, reason);
566 printf ("Sending error packet to '%s'.'%s'@'%s' containing %s\n",
567 pkt->name, pkt->inst, pkt->realm, buf);
570 ans.len = 2 + strlen(pkt->name) + strlen(pkt->inst) + strlen(pkt->realm) +
571 3/* nulls */ + sizeof(afs_int32) + strlen (buf) + 1;
572 if (ans.len > sizeof(ans.data)) {
573 printf ("Answer packet too long\n");
577 *answer++ = (unsigned char) KRB_PROT_VERSION;
578 *answer++ = (unsigned char) AUTH_MSG_ERR_REPLY;
579 /* always send claiming network byte order */
584 if ((code < 0) || (code > KERB_ERR_MAXIMUM)) {
585 /* It could be because of kauth errors so we should return something instead of success!! */
591 code = sendto(ksoc, ans.data, ans.len, 0,
592 (struct sockaddr *) &pkt->from, sizeof(pkt->from));
593 if (code != ans.len) {
595 printf ("call to sendto returned %d, sending error packet %d bytes long\n",
597 else perror ("err_packet: sendto");
601 process_udp_auth (ksoc, pkt)
604 { char *packet = pkt->rest;
605 char name[MAXKTCNAMELEN];
606 char inst[MAXKTCNAMELEN];
607 char realm[MAXKTCREALMLEN];
608 char sname[MAXKTCNAMELEN];
609 char sinst[MAXKTCNAMELEN];
612 Date startTime, endTime;
613 unsigned char lifetime;
623 printf ("Processing KDC Request from '%s'.'%s'@'%s'\n",
627 if ((strlen(realm) > 0) && (strcmp (realm, lrealm) != 0)) {
628 err_packet (ksoc, pkt, KERB_ERR_NONNULL_REALM,
629 "null realm name not allowed");
632 bcopy (packet, &startTime, sizeof(startTime));
633 packet += sizeof(startTime);
634 startTime = ktohl (pkt->byteOrder, startTime);
635 pkt->time = startTime;
636 lifetime = *packet++;
637 endTime = life_to_time (startTime, lifetime);
638 code = tkt_CheckTimes (startTime, endTime, now);
640 err_packet (ksoc, pkt, KERB_ERR_BAD_LIFETIME,
641 "requested ticket lifetime invalid");
646 if ((packet - pkt->data) != pkt->len) {
647 err_packet (ksoc, pkt, KERB_ERR_PKT_LENGTH, "packet length inconsistent");
651 code = UDP_Authenticate (ksoc, &pkt->from, name, inst,
652 startTime, endTime, sname, sinst);
654 if (code == KANOENT) {
655 code = KERB_ERR_PRINCIPAL_UNKNOWN;
656 err_packet (ksoc, pkt, code, (char *)error_message (code));
657 } else if (code == KAPWEXPIRED) {
658 code = KERB_ERR_NAME_EXP;
659 err_packet (ksoc, pkt, code, "password has expired");
661 err_packet (ksoc, pkt, code, (char *)error_message (code));
666 process_udp_appl (ksoc, pkt)
669 { char *packet = pkt->rest;
671 char realm[MAXKTCREALMLEN];
672 char ticket[MAXKTCTICKETLEN];
673 char auth[3*MAXKTCNAMELEN+4+5];
675 int ticketLen, authLen;
679 printf ("Processing APPL Request\n");
683 ticketLen = *(unsigned char *)packet++;
684 authLen = *(unsigned char *)packet++;
685 if (ticketLen > sizeof(ticket)) {
686 err_packet (ksoc, pkt, KERB_ERR_TEXT_LENGTH, "ticket too long");
689 bcopy (packet, ticket, ticketLen);
691 if (authLen > sizeof(auth)) {
692 err_packet (ksoc, pkt, KERB_ERR_TEXT_LENGTH, "authenticator too long");
695 bcopy (packet, auth, authLen);
696 pkt->rest = packet + authLen;
697 code = UDP_GetTicket (ksoc, pkt, kvno, realm, ticket, ticketLen, auth, authLen);
699 if (code == KANOENT) code = KERB_ERR_PRINCIPAL_UNKNOWN;
700 err_packet (ksoc, pkt, code, (char*)error_message (code));
705 process_udp_request (ksoc, pkt)
708 { char *packet = pkt->data;
709 unsigned char version, auth_msg_type;
712 if (version != KRB_PROT_VERSION) {
713 err_packet (ksoc, pkt, KERB_ERR_PKT_VER, "packet version number unknown");
716 auth_msg_type = *packet++;
717 pkt->byteOrder = auth_msg_type & 1;
719 switch (auth_msg_type & ~1) {
720 case AUTH_MSG_KDC_REQUEST:
721 process_udp_auth (ksoc, pkt);
723 case AUTH_MSG_APPL_REQUEST:
724 process_udp_appl (ksoc, pkt);
727 printf ("unknown msg type 0x%x\n", auth_msg_type);
728 err_packet (ksoc, pkt, KERB_ERR_BAD_MSG_TYPE, "message type not supported");
734 static SocketListener ()
737 struct packet packet;
741 printf ("Starting to listen for UDP packets\n");
744 if (sock_kerb >= 0) FD_SET(sock_kerb, &rfds);
745 if (sock_kerb5 >= 0) FD_SET(sock_kerb5, &rfds);
749 /* write and exception fd_set's are null */
750 code = IOMGR_Select(32, &rfds, NULL, NULL, &tv);
751 if (code == 0) { /* timeout */
752 /* printf ("Timeout\n"); */
756 perror ("calling IOMGR_Select");
760 fromLen = sizeof(packet.from);
761 if ((sock_kerb >= 0) && FD_ISSET(sock_kerb, &rfds)) {
762 code = recvfrom(sock_kerb, packet.data, sizeof(packet.data), 0,
763 (struct sockaddr *) &packet.from, &fromLen);
765 perror ("calling recvfrom");
770 printf ("Kerb:udp: Got %d bytes from addr %s which are '",
771 code, afs_inet_ntoa(packet.from.sin_addr.s_addr));
772 ka_PrintBytes (packet.data, packet.len);
775 packet.name = packet.inst = packet.realm = "";
777 process_udp_request (sock_kerb, &packet);
779 if ((sock_kerb5 >= 0) && FD_ISSET(sock_kerb5, &rfds)) {
780 code = recvfrom(sock_kerb5, packet.data, sizeof(packet.data), 0,
781 (struct sockaddr *) &packet.from, &fromLen);
783 perror ("calling recvfrom");
788 printf ("Kerb5:udp: Got %d bytes from addr %s which are '",
789 code, afs_inet_ntoa(packet.from.sin_addr.s_addr));
790 ka_PrintBytes (packet.data, packet.len);
793 packet.name = packet.inst = packet.realm = "";
795 process_udp_request (sock_kerb5, &packet);
802 #include "AFS_component_version_number.c"
806 afs_int32 init_krb_udp ()
808 { struct sockaddr_in taddr;
809 static PROCESS slPid; /* socket listener pid */
810 static PROCESS checkPid; /* fiveminute check */
812 char* krb4name; /* kerberos version4 service */
818 static int inited = 0;
821 if (inited) return -1;
824 bzero (&taddr, sizeof(taddr));
825 krb4name = "kerberos4";
826 sp = getservbyname(krb4name, "udp");
827 taddr.sin_family = AF_INET; /* added for NCR port */
830 /* if kerberos-4 is not available, try "kerberos" */
831 krb4name = "kerberos";
832 sp = getservbyname(krb4name, "udp");
836 "kerberos/udp is unknown; check /etc/services. Using port=%d as default\n",
838 taddr.sin_port = htons(KRB_PORT);
840 /* copy the port number */
841 fprintf (stderr, "%s/udp port=%hu\n", krb4name, (unsigned short)sp->s_port);
842 taddr.sin_port = sp->s_port;
844 kerb_port = taddr.sin_port;
845 sock_kerb = socket(AF_INET, SOCK_DGRAM, 0);
846 code = bind(sock_kerb, (struct sockaddr *) &taddr, sizeof(taddr));
848 perror ("calling bind");
852 sp = getservbyname("kerberos5", "udp");
855 "kerberos5/udp is unknown; check /etc/services. Using port=%d as default\n",
857 taddr.sin_port = htons(KRB5_PORT);
859 /* copy the port number */
860 fprintf (stderr, "kerberos5/udp port=%hu\n", (unsigned short)sp->s_port);
861 taddr.sin_port = sp->s_port;
863 if (taddr.sin_port != kerb_port) { /* a different port */
864 sock_kerb5 = socket(AF_INET, SOCK_DGRAM, 0);
865 code = bind(sock_kerb5, (struct sockaddr *) &taddr, sizeof(taddr));
867 perror ("calling bind");
872 /* Bail out if we can't bind with any port */
873 if ((sock_kerb < 0) && (sock_kerb5 < 0))
877 /* this has already been done */
878 LWP_InitializeProcessSupport(LWP_NORMAL_PRIORITY, &junk);
881 LWP_CreateProcess(SocketListener, /*stacksize*/16000, LWP_NORMAL_PRIORITY,
882 0, "Socket Listener", &slPid);
884 /* just to close the log every five minutes */
886 LWP_CreateProcess(FiveMinuteCheckLWP, 24*1024,
887 LWP_MAX_PRIORITY - 2, &fiveminutes,
888 "FiveMinuteChecks", &checkPid);
891 initialize_ka_error_table();
892 initialize_rxk_error_table();
893 while (1) /* don't just stand there, run it */
902 char *lastOperation; /* name of last operation */
903 char *lrealm = "REALMNAME";
904 struct kadstats dynamic_statistics;
906 static int InitAuthServ (tt, lock, this_op)
907 struct ubik_trans **tt;
908 int lock; /* read or write transaction */
909 int *this_op; /* op of RCP routine, for COUNT_ABO */
913 printf ("Calling InitAuthServ\n");
917 static int ubik_EndTrans (tt)
918 struct ubik_trans *tt;
920 printf ("Calling ubik_EndTrans\n");
924 static int ubik_AbortTrans (tt)
925 struct ubik_trans *tt;
927 printf ("Calling ubik_AbortTrans\n");
931 static int FindBlock (at, aname, ainstance, tentry)
932 struct ubik_trans *at;
935 struct kaentry *tentry;
937 printf ("Calling FindBlock with '%s'.'%s'\n", aname, ainstance);
938 strcpy (tentry->userID.name, aname);
939 strcpy (tentry->userID.instance, ainstance);
940 tentry->key_version = htonl(17);
941 des_string_to_key ("toa", &tentry->key);
942 tentry->flags = htonl(KAFNORMAL);
943 tentry->user_expiration = htonl(NEVERDATE);
944 tentry->max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME);
948 static int ka_LookupKey (tt, name, inst, kvno, key)
949 struct ubik_trans *tt;
952 afs_int32 *kvno; /* returned */
953 struct ktc_encryptionKey *key; /* copied out */
955 printf ("Calling ka_LookupKey with '%s'.'%s'\n", name, inst);
957 des_string_to_key ("applexx", key);
960 static afs_int32 kvno_tgs_key (authDomain, kvno, tgskey)
963 struct ktc_encryptionKey *tgskey;
965 if (strcmp (authDomain, lrealm) != 0)
966 printf ("Called with wrong %s as authDomain\n", authDomain);
968 printf ("kvno_tgs_key: being called with wrong kvno: %d\n", kvno);
969 des_string_to_key ("applexx", tgskey);
976 name_instance_legal ()