2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 /* This file contains the code to handle UDP requests to the authentication
11 server using the MIT Kerberos protocol for obtaining tickets. It will only
12 handle authentication and get ticket requests to provide read-only protocol
13 level compatibility with the standard Kerberos servers. */
15 #include <afsconfig.h>
16 #include <afs/param.h>
20 #include <sys/types.h>
24 #include <afs/errmap_nt.h>
25 #define snprintf _snprintf
27 #include <sys/socket.h>
29 #include <netinet/in.h>
32 #include <afs/afsutil.h>
34 #include <afs/com_err.h>
37 #include <des_prototypes.h>
46 #include "kauth_internal.h"
48 #include "prot.h" /* protocol definitions */
50 #include "afs/audit.h"
52 #include "kadatabase.h"
54 /* my kerberos error codes */
55 #define KERB_ERR_BAD_MSG_TYPE 99
56 #define KERB_ERR_BAD_LIFETIME 98
57 #define KERB_ERR_NONNULL_REALM 97
58 #define KERB_ERR_PKT_LENGTH 96
59 #define KERB_ERR_TEXT_LENGTH 95
61 #define KDC_GEN_ERR 20
65 #define closesocket close
68 int krb_udp_debug = 0;
70 static int sock_kerb = -1; /* the socket we're using */
71 static int sock_kerb5 = -1; /* the socket we're using */
75 struct sockaddr_in from;
81 char *rest; /* remaining bytes of packet */
82 char data[MAX_PKT_LEN];
85 extern char *lastOperation;
88 char udpAuthPrincipal[256];
89 char udptgsPrincipal[256];
90 char udptgsServerPrincipal[256];
92 #define putstr(name) if ((slen = strlen(name)) >= MAXKTCNAMELEN) return -1;\
93 else strcpy (answer, name), answer += slen+1
94 #define putint(num) num = htonl(num), \
95 memcpy(answer, &num, sizeof(afs_int32)), \
96 answer += sizeof(afs_int32)
98 #define getstr(name) if ((slen = strlen(packet)) >= sizeof(name)) return -1;\
99 strcpy (name, packet), packet += slen+1
100 #define getint(num) memcpy(&num, packet, sizeof(afs_int32)), \
101 num = ktohl (byteOrder, num), \
102 packet += sizeof(afs_int32)
104 /* this is just to close the log every five minutes to rm works */
106 int fiveminutes = 300;
109 FiveMinuteCheckLWP(void *unused)
112 printf("start 5 min check lwp\n");
115 IOMGR_Sleep(fiveminutes);
116 /* close the log so it can be removed */
117 ReOpenLog(AFSDIR_SERVER_KALOG_FILEPATH); /* no trunc, just append */
124 create_cipher(char *cipher, int *cipherLen,
125 struct ktc_encryptionKey *sessionKey, char *sname,
126 char *sinst, Date start, Date end, afs_int32 kvno,
127 char *ticket, int ticketLen, struct ktc_encryptionKey *key)
131 unsigned char life = time_to_life(start, end);
133 des_key_schedule schedule;
138 sizeof(*sessionKey) + strlen(sname) + strlen(sinst) + strlen(lrealm) +
139 3 /*nulls */ + 3 + ticketLen + sizeof(Date);
140 if (len > *cipherLen)
141 return KAANSWERTOOLONG;
143 return KAANSWERTOOLONG;
145 return KAANSWERTOOLONG;
147 memcpy(answer, sessionKey, sizeof(*sessionKey));
148 answer += sizeof(*sessionKey);
153 *answer++ = (unsigned char)kvno;
154 *answer++ = (unsigned char)ticketLen;
155 memcpy(answer, ticket, ticketLen);
160 printf("Printing ticket (%d) and date: ", ticketLen);
161 ka_PrintBytes(ticket, ticketLen);
162 ka_PrintBytes(answer - 4, 4);
166 if ((code = des_key_sched(ktc_to_cblock(key), schedule)))
167 printf("In KAAuthenticate: key_sched returned %d\n", code);
168 des_pcbc_encrypt(cipher, cipher, len, schedule, ktc_to_cblockptr(key), ENCRYPT);
169 *cipherLen = round_up_to_ebs(len);
172 printf("Printing cipher (%d): ", *cipherLen);
173 ka_PrintBytes(cipher, *cipherLen);
180 create_reply(struct packet *ans, char *name, char *inst, Date startTime,
181 Date endTime, afs_int32 kvno, char *cipher, int cipherLen)
183 char *answer = ans->data;
186 ans->len = 2 + strlen(name) + strlen(inst) + 3 /*nulls */ +
187 sizeof(afs_int32) + 1 /*ntkts */ + sizeof(afs_int32) + 1 /*kvno */ +
188 sizeof(short) + cipherLen;
189 if (ans->len > sizeof(ans->data))
190 return KAANSWERTOOLONG;
192 return KAANSWERTOOLONG;
194 *answer++ = (unsigned char)KRB_PROT_VERSION;
195 *answer++ = (unsigned char)AUTH_MSG_KDC_REPLY;
196 /* always send claiming network byte order */
201 *answer++ = 1; /* undocumented number of tickets! */
203 *answer++ = (unsigned char)kvno;
205 short w = (short)cipherLen;
207 memcpy(answer, &w, sizeof(short));
208 answer += sizeof(short);
210 memcpy(answer, cipher, cipherLen);
215 check_auth(struct packet *pkt, char *auth, int authLen,
216 struct ktc_encryptionKey *key, char *name, char *inst,
220 des_key_schedule schedule;
223 int byteOrder = pkt->byteOrder;
225 des_key_sched(ktc_to_cblock(key), schedule);
226 des_pcbc_encrypt(auth, auth, authLen, schedule, ktc_to_cblockptr(key), DECRYPT);
228 if (strcmp(packet, name) != 0)
230 packet += strlen(packet) + 1;
231 if (strcmp(packet, inst) != 0)
233 packet += strlen(packet) + 1;
234 if (strcmp(packet, cell) != 0)
236 packet += strlen(packet) + 1;
238 /* Comments in the original IBM source suggest this byte was/is "time_msec" */
241 if ((packet - auth) > authLen)
247 UDP_Authenticate(int ksoc, struct sockaddr_in *client, char *name,
248 char *inst, Date startTime, Date endTime, char *sname,
251 struct ubik_trans *tt;
252 afs_int32 to; /* offset of block */
253 struct kaentry tentry;
254 afs_int32 tgskvno; /* key version of service key */
255 struct ktc_encryptionKey tgskey; /* service key for encrypting ticket */
260 char ticket[MAXKTCTICKETLEN]; /* our copy of the ticket */
262 struct ktc_encryptionKey sessionKey; /* we have to invent a session key */
264 char cipher[2 * MAXKTCTICKETLEN]; /* put encrypted part of answer here */
268 COUNT_REQ(UAuthenticate);
269 if (!name_instance_legal(name, inst))
270 return KERB_ERR_NAME_EXP; /* KABADNAME */
271 if ((code = InitAuthServ(&tt, LOCKREAD, this_op)))
274 code = FindBlock(tt, name, inst, &to, &tentry);
277 if (to) { /* if user exists check other stuff */
279 struct kaentry sentry;
280 save_principal(udpAuthPrincipal, name, inst, 0);
282 tgt = ((strcmp(sname, KA_TGS_NAME) == 0)
283 && (strcmp(sinst, lrealm) == 0));
284 if ((ntohl(tentry.user_expiration) < now)
285 || (tgt && (ntohl(tentry.flags) & KAFNOTGS))) {
286 code = KERB_ERR_NAME_EXP; /* KABADUSER */
289 code = FindBlock(tt, KA_TGS_NAME, lrealm, &sto, &sentry);
296 if ((ntohl(sentry.user_expiration) < now)) {
297 code = KERB_ERR_NAME_EXP; /* XXX Could use another error code XXX */
300 if (abs(startTime - now) > KTC_TIME_UNCERTAINTY) {
301 code = KERB_ERR_SERVICE_EXP; /* was KABADREQUEST */
305 if (tentry.misc_auth_bytes) {
306 unsigned char misc_auth_bytes[4];
307 afs_uint32 temp; /* unsigned for safety */
308 afs_uint32 pwexpires;
310 memcpy(&temp, tentry.misc_auth_bytes, sizeof(afs_uint32));
312 unpack_long(temp, misc_auth_bytes);
313 pwexpires = misc_auth_bytes[0];
316 ntohl(tentry.change_password_time) +
317 24 * 60 * 60 * pwexpires;
318 if (pwexpires < now) {
319 code = KERB_ERR_AUTH_EXP; /* was KAPWEXPIRED */
325 /* make the ticket */
326 code = des_random_key(ktc_to_cblock(&sessionKey));
328 code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
332 umin(endTime, startTime + ntohl(tentry.max_ticket_lifetime));
333 if ((code = ka_LookupKey(tt, sname, sinst, &tgskvno, &tgskey))
335 tkt_MakeTicket(ticket, &ticketLen, &tgskey, name, inst,
336 lrealm, startTime, endTime, &sessionKey,
337 htonl(client->sin_addr.s_addr), sname, sinst)))
340 cipherLen = sizeof(cipher);
342 create_cipher(cipher, &cipherLen, &sessionKey, sname, sinst,
343 startTime, endTime, tgskvno, ticket, ticketLen,
347 } else { /* no such user */
349 tentry.key_version = 0;
351 code = ubik_EndTrans(tt);
356 create_reply(&ans, name, inst, startTime, endTime,
357 ntohl(tentry.key_version), cipher, cipherLen);
362 printf("Sending %d bytes ending in: ", ans.len);
363 ka_PrintBytes(ans.data + ans.len - 8, 8);
368 sendto(ksoc, ans.data, ans.len, 0, (struct sockaddr *)client,
370 if (code != ans.len) {
371 perror("calling sendto");
375 KALOG(name, inst, sname, sinst, NULL, client->sin_addr.s_addr,
378 if (cipherLen != 0) {
379 KALOG(name, inst, sname, sinst, NULL, client->sin_addr.s_addr,
382 osi_audit(UDPAuthenticateEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_END);
390 osi_audit(UDPAuthenticateEvent, code, AUD_STR, name, AUD_STR, inst,
396 UDP_GetTicket(int ksoc, struct packet *pkt, afs_int32 kvno,
397 char *authDomain, char *ticket, int ticketLen, char *auth,
401 struct ktc_encryptionKey tgskey;
402 char name[MAXKTCNAMELEN];
403 char inst[MAXKTCNAMELEN];
404 char cell[MAXKTCREALMLEN];
405 struct ktc_encryptionKey authSessionKey;
415 int byteOrder = pkt->byteOrder;
416 char sname[MAXKTCNAMELEN];
417 char sinst[MAXKTCNAMELEN];
421 struct ubik_trans *tt;
423 struct kaentry caller;
424 struct kaentry server;
426 struct ktc_encryptionKey sessionKey;
428 char newTicket[MAXKTCTICKETLEN];
430 char cipher[2 * MAXKTCTICKETLEN]; /* put encrypted part of answer here */
434 COUNT_REQ(UGetTicket);
436 if ((code = InitAuthServ(&tt, LOCKREAD, this_op)))
439 ka_LookupKvno(tt, KA_TGS_NAME,
440 ((strlen(authDomain) > 0) ? authDomain : lrealm), kvno,
446 tkt_DecodeTicket(ticket, ticketLen, &tgskey, name, inst, cell,
447 &authSessionKey, &host, &start, &authEnd);
452 code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */
455 save_principal(udptgsPrincipal, name, inst, cell);
456 code = tkt_CheckTimes(start, authEnd, now);
459 code = KERB_ERR_SERVICE_EXP; /* was RXKADEXPIRED */
462 code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */
465 celllen = strlen(cell);
467 if ((strlen(authDomain) > 0) && (strcmp(authDomain, lrealm) != 0))
469 if (import && (celllen == 0)) {
470 code = KERB_ERR_PKT_VER; /* was KABADTICKET */
474 strncpy(cell, lrealm, MAXKTCREALMLEN - 1);
475 cell[MAXKTCREALMLEN - 1] = 0;
478 if (!krb4_cross && strcmp(lrealm, cell) != 0) {
479 code = KERB_ERR_PRINCIPAL_UNKNOWN;
484 printf("UGetTicket: got ticket from '%s'.'%s'@'%s'\n", name, inst,
488 code = check_auth(pkt, auth, authLen, &authSessionKey, name, inst, cell);
492 /* authenticator and all is OK so read actual request */
495 life = *(unsigned char *)packet++;
499 reqEnd = life_to_time(start, life);
501 printf("UGetTicket: request for server '%s'.'%s'\n", sname, sinst);
503 save_principal(udptgsServerPrincipal, sname, sinst, 0);
506 strcpy(caller.userID.name, name);
507 strcpy(caller.userID.instance, inst);
508 caller.max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME);
510 code = FindBlock(tt, name, inst, &to, &caller);
514 ka_PrintUserID("GetTicket: User ", name, inst, " unknown.\n");
515 code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */
518 if (ntohl(caller.flags) & KAFNOTGS) {
519 code = KERB_ERR_AUTH_EXP; /* was KABADUSER */
524 code = FindBlock(tt, sname, sinst, &to, &server); /* get server's entry */
527 if (to == 0) { /* entry not found */
528 ka_PrintUserID("GetTicket: Server ", sname, sinst, " unknown.\n");
529 code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */
532 code = ubik_EndTrans(tt);
536 if (ntohl(server.flags) & KAFNOSEAL)
539 code = des_random_key(ktc_to_cblock(&sessionKey));
541 code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
546 umin(umin(reqEnd, authEnd),
547 umin(start + ntohl(caller.max_ticket_lifetime),
548 start + ntohl(server.max_ticket_lifetime)));
551 tkt_MakeTicket(newTicket, &newTicketLen, &server.key,
552 caller.userID.name, caller.userID.instance, cell,
553 start, reqEnd, &sessionKey,
554 htonl(pkt->from.sin_addr.s_addr), server.userID.name,
555 server.userID.instance);
559 cipherLen = sizeof(cipher);
561 create_cipher(cipher, &cipherLen, &sessionKey, sname, sinst, start,
562 reqEnd, ntohl(server.key_version), newTicket,
563 newTicketLen, &authSessionKey);
568 create_reply(&ans, name, inst, start, reqEnd, 0, cipher, cipherLen);
573 sendto(ksoc, ans.data, ans.len, 0, (struct sockaddr *)&pkt->from,
575 if (code != ans.len) {
576 perror("calling sendto");
581 if (cipherLen != 0) {
582 KALOG(name, inst, sname, sinst, NULL, host, LOG_GETTICKET);
584 osi_audit(UDPGetTicketEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_STR,
585 cell, AUD_STR, sname, AUD_STR, sinst, AUD_END);
591 osi_audit(UDPGetTicketEvent, code, AUD_STR, name, AUD_STR, inst, AUD_STR,
592 NULL, AUD_STR, NULL, AUD_STR, NULL, AUD_END);
597 err_packet(int ksoc, struct packet *pkt, afs_int32 code, char *reason)
600 char *answer = ans.data;
606 snprintf(buf, 255, "code = %d: %s", code, reason);
609 printf("Sending error packet to '%s'.'%s'@'%s' containing %s\n",
610 pkt->name, pkt->inst, pkt->realm, buf);
614 2 + strlen(pkt->name) + strlen(pkt->inst) + strlen(pkt->realm) +
615 3 /* nulls */ + (2 * sizeof(afs_int32)) + strlen(buf) + 1;
616 if (ans.len > sizeof(ans.data)) {
617 printf("Answer packet too long\n");
621 *answer++ = (unsigned char)KRB_PROT_VERSION;
622 *answer++ = (unsigned char)AUTH_MSG_ERR_REPLY;
623 /* always send claiming network byte order */
628 if ((code < 0) || (code > KERB_ERR_MAXIMUM)) {
629 /* It could be because of kauth errors so we should return something instead of success!! */
636 sendto(ksoc, ans.data, ans.len, 0, (struct sockaddr *)&pkt->from,
638 if (code != ans.len) {
641 ("call to sendto returned %d, sending error packet %d bytes long\n",
644 perror("err_packet: sendto");
650 process_udp_auth(int ksoc, struct packet *pkt)
652 char *packet = pkt->rest;
653 char name[MAXKTCNAMELEN];
654 char inst[MAXKTCNAMELEN];
655 char realm[MAXKTCREALMLEN];
656 char sname[MAXKTCNAMELEN];
657 char sinst[MAXKTCNAMELEN];
660 Date startTime, endTime;
661 unsigned char lifetime;
671 printf("Processing KDC Request from '%s'.'%s'@'%s'\n", name, inst,
675 if ((strlen(realm) > 0) && (strcmp(realm, lrealm) != 0)) {
676 err_packet(ksoc, pkt, KERB_ERR_NONNULL_REALM,
677 "null realm name not allowed");
680 memcpy(&startTime, packet, sizeof(startTime));
681 packet += sizeof(startTime);
682 startTime = ktohl(pkt->byteOrder, startTime);
683 pkt->time = startTime;
684 lifetime = *packet++;
685 endTime = life_to_time(startTime, lifetime);
686 code = tkt_CheckTimes(startTime, endTime, now);
688 err_packet(ksoc, pkt, KERB_ERR_BAD_LIFETIME,
689 "requested ticket lifetime invalid");
694 if ((packet - pkt->data) != pkt->len) {
695 err_packet(ksoc, pkt, KERB_ERR_PKT_LENGTH,
696 "packet length inconsistent");
701 UDP_Authenticate(ksoc, &pkt->from, name, inst, startTime, endTime,
704 if (code == KANOENT) {
705 code = KERB_ERR_PRINCIPAL_UNKNOWN;
706 err_packet(ksoc, pkt, code, (char *)afs_error_message(code));
707 } else if (code == KAPWEXPIRED) {
708 code = KERB_ERR_NAME_EXP;
709 err_packet(ksoc, pkt, code, "password has expired");
711 err_packet(ksoc, pkt, code, (char *)afs_error_message(code));
717 process_udp_appl(int ksoc, struct packet *pkt)
719 char *packet = pkt->rest;
721 char realm[MAXKTCREALMLEN];
722 char ticket[MAXKTCTICKETLEN];
723 char auth[3 * MAXKTCNAMELEN + 4 + 5];
725 int ticketLen, authLen;
729 printf("Processing APPL Request\n");
733 ticketLen = *(unsigned char *)packet++;
734 authLen = *(unsigned char *)packet++;
735 if (ticketLen > sizeof(ticket)) {
736 err_packet(ksoc, pkt, KERB_ERR_TEXT_LENGTH, "ticket too long");
739 memcpy(ticket, packet, ticketLen);
741 if (authLen > sizeof(auth)) {
742 err_packet(ksoc, pkt, KERB_ERR_TEXT_LENGTH, "authenticator too long");
745 memcpy(auth, packet, authLen);
746 pkt->rest = packet + authLen;
748 UDP_GetTicket(ksoc, pkt, kvno, realm, ticket, ticketLen, auth,
752 code = KERB_ERR_PRINCIPAL_UNKNOWN;
753 err_packet(ksoc, pkt, code, (char *)afs_error_message(code));
760 process_udp_request(int ksoc, struct packet *pkt)
762 char *packet = pkt->data;
763 unsigned char version, auth_msg_type;
766 if (version != KRB_PROT_VERSION) {
767 err_packet(ksoc, pkt, KERB_ERR_PKT_VER,
768 "packet version number unknown");
771 auth_msg_type = *packet++;
772 pkt->byteOrder = auth_msg_type & 1;
774 switch (auth_msg_type & ~1) {
775 case AUTH_MSG_KDC_REQUEST:
776 process_udp_auth(ksoc, pkt);
778 case AUTH_MSG_APPL_REQUEST:
779 process_udp_appl(ksoc, pkt);
782 printf("unknown msg type 0x%x\n", auth_msg_type);
783 err_packet(ksoc, pkt, KERB_ERR_BAD_MSG_TYPE,
784 "message type not supported");
791 SocketListener(void *unused)
795 struct packet packet;
799 printf("Starting to listen for UDP packets\n");
803 FD_SET(sock_kerb, &rfds);
805 FD_SET(sock_kerb5, &rfds);
809 /* write and exception fd_set's are null */
810 code = IOMGR_Select(32, &rfds, NULL, NULL, &tv);
811 if (code == 0) { /* timeout */
812 /* printf ("Timeout\n"); */
814 } else if (code < 0) {
815 perror("calling IOMGR_Select");
819 fromLen = sizeof(packet.from);
820 if ((sock_kerb >= 0) && FD_ISSET(sock_kerb, &rfds)) {
822 recvfrom(sock_kerb, packet.data, sizeof(packet.data), 0,
823 (struct sockaddr *)&packet.from, &fromLen);
825 if (errno == EAGAIN || errno == ECONNREFUSED)
827 perror("calling recvfrom");
832 printf("Kerb:udp: Got %d bytes from addr %s which are '",
833 code, afs_inet_ntoa(packet.from.sin_addr.s_addr));
834 ka_PrintBytes(packet.data, packet.len);
837 packet.name = packet.inst = packet.realm = "";
839 process_udp_request(sock_kerb, &packet);
842 if ((sock_kerb5 >= 0) && FD_ISSET(sock_kerb5, &rfds)) {
844 recvfrom(sock_kerb5, packet.data, sizeof(packet.data), 0,
845 (struct sockaddr *)&packet.from, &fromLen);
847 if (errno == EAGAIN || errno == ECONNREFUSED)
849 perror("calling recvfrom");
854 printf("Kerb5:udp: Got %d bytes from addr %s which are '",
855 code, afs_inet_ntoa(packet.from.sin_addr.s_addr));
856 ka_PrintBytes(packet.data, packet.len);
859 packet.name = packet.inst = packet.realm = "";
861 process_udp_request(sock_kerb5, &packet);
864 if (sock_kerb >= 0) {
865 closesocket(sock_kerb);
868 if (sock_kerb5 >= 0) {
869 closesocket(sock_kerb5);
872 printf("UDP SocketListener exiting due to error\n");
879 #include "AFS_component_version_number.c"
888 struct sockaddr_in taddr;
889 static PROCESS slPid; /* socket listener pid */
890 static PROCESS checkPid; /* fiveminute check */
892 char *krb4name; /* kerberos version4 service */
898 static int inited = 0;
905 memset(&taddr, 0, sizeof(taddr));
906 krb4name = "kerberos4";
907 sp = getservbyname(krb4name, "udp");
908 taddr.sin_family = AF_INET; /* added for NCR port */
909 #ifdef STRUCT_SOCKADDR_HAS_SA_LEN
910 taddr.sin_len = sizeof(struct sockaddr_in);
913 /* if kerberos-4 is not available, try "kerberos-iv" */
914 krb4name = "kerberos-iv";
915 sp = getservbyname(krb4name, "udp");
918 /* if kerberos-iv is not available, try "kerberos" */
919 krb4name = "kerberos";
920 sp = getservbyname(krb4name, "udp");
924 "kerberos/udp is unknown; check /etc/services. Using port=%d as default\n",
926 taddr.sin_port = htons(KRB_PORT);
928 /* copy the port number */
929 fprintf(stderr, "%s/udp port=%hu\n", krb4name,
930 (unsigned short)sp->s_port);
931 taddr.sin_port = sp->s_port;
933 kerb_port = taddr.sin_port;
934 sock_kerb = socket(AF_INET, SOCK_DGRAM, 0);
935 code = bind(sock_kerb, (struct sockaddr *)&taddr, sizeof(taddr));
937 perror("calling bind");
941 sp = getservbyname("kerberos5", "udp");
944 "kerberos5/udp is unknown; check /etc/services. Using port=%d as default\n",
946 taddr.sin_port = htons(KRB5_PORT);
948 /* copy the port number */
949 fprintf(stderr, "kerberos5/udp port=%hu\n",
950 (unsigned short)sp->s_port);
951 taddr.sin_port = sp->s_port;
953 if (taddr.sin_port != kerb_port) { /* a different port */
954 sock_kerb5 = socket(AF_INET, SOCK_DGRAM, 0);
955 code = bind(sock_kerb5, (struct sockaddr *)&taddr, sizeof(taddr));
957 perror("calling bind");
962 /* Bail out if we can't bind with any port */
963 if ((sock_kerb < 0) && (sock_kerb5 < 0))
967 /* this has already been done */
968 LWP_InitializeProcessSupport(LWP_NORMAL_PRIORITY, &junk);
971 LWP_CreateProcess(SocketListener, /*stacksize */ 16000,
972 LWP_NORMAL_PRIORITY, (void *)0, "Socket Listener",
975 /* just to close the log every five minutes */
977 LWP_CreateProcess(FiveMinuteCheckLWP, 24 * 1024, LWP_MAX_PRIORITY - 2,
978 (void *)&fiveminutes, "FiveMinuteChecks", &checkPid);
981 initialize_ka_error_table();
982 initialize_rxk_error_table();
983 while (1) /* don't just stand there, run it */
992 char *lastOperation; /* name of last operation */
993 char *lrealm = "REALMNAME";
994 struct kadstats dynamic_statistics;
997 InitAuthServ(tt, lock, this_op)
998 struct ubik_trans **tt;
999 int lock; /* read or write transaction */
1000 int *this_op; /* op of RCP routine, for COUNT_ABO */
1005 printf("Calling InitAuthServ\n");
1011 struct ubik_trans *tt;
1013 printf("Calling ubik_EndTrans\n");
1019 struct ubik_trans *tt;
1021 printf("Calling ubik_AbortTrans\n");
1026 FindBlock(at, aname, ainstance, tentry)
1027 struct ubik_trans *at;
1030 struct kaentry *tentry;
1032 printf("Calling FindBlock with '%s'.'%s'\n", aname, ainstance);
1033 strcpy(tentry->userID.name, aname);
1034 strcpy(tentry->userID.instance, ainstance);
1035 tentry->key_version = htonl(17);
1036 des_string_to_key("toa", &tentry->key);
1037 tentry->flags = htonl(KAFNORMAL);
1038 tentry->user_expiration = htonl(NEVERDATE);
1039 tentry->max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME);
1044 ka_LookupKey(tt, name, inst, kvno, key)
1045 struct ubik_trans *tt;
1048 afs_int32 *kvno; /* returned */
1049 struct ktc_encryptionKey *key; /* copied out */
1051 printf("Calling ka_LookupKey with '%s'.'%s'\n", name, inst);
1053 des_string_to_key("applexx", key);
1057 kvno_tgs_key(authDomain, kvno, tgskey)
1060 struct ktc_encryptionKey *tgskey;
1062 if (strcmp(authDomain, lrealm) != 0)
1063 printf("Called with wrong %s as authDomain\n", authDomain);
1065 printf("kvno_tgs_key: being called with wrong kvno: %d\n", kvno);
1066 des_string_to_key("applexx", tgskey);
1074 name_instance_legal()