#include <afsconfig.h>
#include <afs/param.h>
-RCSID
- ("$Header$");
#include <afs/stds.h>
#include <sys/types.h>
#include <netdb.h>
#include <netinet/in.h>
#endif
-#ifdef HAVE_STRING_H
#include <string.h>
-#else
-#ifdef HAVE_STRINGS_H
-#include <strings.h>
-#endif
-#endif
#include <afs/afsutil.h>
#include <time.h>
#include <afs/com_err.h>
#include <lwp.h>
#include <des.h>
+#include <des_prototypes.h>
#include <rx/xdr.h>
#include <rx/rx.h>
#include <rx/rxkad.h>
#include "kauth.h"
#include "kautils.h"
+#include "kauth_internal.h"
#include "kaserver.h"
#include "prot.h" /* protocol definitions */
#include "kaport.h"
#include "afs/audit.h"
#include "kalog.h"
+#include "kadatabase.h"
/* my kerberos error codes */
#define KERB_ERR_BAD_MSG_TYPE 99
#define KDC_GEN_ERR 20
#endif
+#ifndef AFS_NT40_ENV
+#define closesocket close
+#endif
int krb_udp_debug = 0;
int fiveminutes = 300;
-static
-FiveMinuteCheckLWP()
+static void *
+FiveMinuteCheckLWP(void *unused)
{
printf("start 5 min check lwp\n");
/* close the log so it can be removed */
ReOpenLog(AFSDIR_SERVER_KALOG_FILEPATH); /* no trunc, just append */
}
+ return NULL;
}
static afs_int32
-create_cipher(cipher, cipherLen, sessionKey, sname, sinst, start, end, kvno,
- ticket, ticketLen, key)
- char *cipher;
- int *cipherLen;
- struct ktc_encryptionKey *sessionKey;
- char *sname;
- char *sinst;
- Date start, end;
- afs_int32 kvno;
- char *ticket;
- int ticketLen;
- struct ktc_encryptionKey *key;
+create_cipher(char *cipher, int *cipherLen,
+ struct ktc_encryptionKey *sessionKey, char *sname,
+ char *sinst, Date start, Date end, afs_int32 kvno,
+ char *ticket, int ticketLen, struct ktc_encryptionKey *key)
{
char *answer;
int slen;
printf("\n");
}
- if (code = des_key_sched(key, schedule))
+ if ((code = des_key_sched(ktc_to_cblock(key), schedule)))
printf("In KAAuthenticate: key_sched returned %d\n", code);
- des_pcbc_encrypt(cipher, cipher, len, schedule, key, ENCRYPT);
+ des_pcbc_encrypt(cipher, cipher, len, schedule, ktc_to_cblockptr(key), ENCRYPT);
*cipherLen = round_up_to_ebs(len);
if (krb_udp_debug) {
}
static afs_int32
-create_reply(ans, name, inst, startTime, endTime, kvno, cipher, cipherLen)
- struct packet *ans;
- char *name;
- char *inst;
- Date startTime, endTime;
- afs_int32 kvno;
- char *cipher;
- int cipherLen;
+create_reply(struct packet *ans, char *name, char *inst, Date startTime,
+ Date endTime, afs_int32 kvno, char *cipher, int cipherLen)
{
char *answer = ans->data;
int slen;
}
static afs_int32
-check_auth(pkt, auth, authLen, key, name, inst, cell)
- struct packet *pkt;
- char *auth;
- int authLen;
- struct ktc_encryptionKey *key;
- char *name;
- char *inst;
- char *cell;
+check_auth(struct packet *pkt, char *auth, int authLen,
+ struct ktc_encryptionKey *key, char *name, char *inst,
+ char *cell)
{
char *packet;
des_key_schedule schedule;
afs_int32 cksum;
- /* unsigned char time_msec; */
afs_int32 time_sec;
int byteOrder = pkt->byteOrder;
- des_key_sched(key, schedule);
- des_pcbc_encrypt(auth, auth, authLen, schedule, key, DECRYPT);
+ des_key_sched(ktc_to_cblock(key), schedule);
+ des_pcbc_encrypt(auth, auth, authLen, schedule, ktc_to_cblockptr(key), DECRYPT);
packet = auth;
if (strcmp(packet, name) != 0)
return KABADTICKET;
return KABADTICKET;
packet += strlen(packet) + 1;
getint(cksum);
- /* time_msec = */ *(unsigned char *)packet++;
+ /* Comments in the original IBM source suggest this byte was/is "time_msec" */
+ packet++;
getint(time_sec);
if ((packet - auth) > authLen)
return KABADTICKET;
}
afs_int32
-UDP_Authenticate(ksoc, client, name, inst, startTime, endTime, sname, sinst)
- int ksoc;
- struct sockaddr_in *client;
- char *name;
- char *inst;
- Date startTime;
- Date endTime;
- char *sname;
- char *sinst;
+UDP_Authenticate(int ksoc, struct sockaddr_in *client, char *name,
+ char *inst, Date startTime, Date endTime, char *sname,
+ char *sinst)
{
struct ubik_trans *tt;
afs_int32 to; /* offset of block */
COUNT_REQ(UAuthenticate);
if (!name_instance_legal(name, inst))
return KERB_ERR_NAME_EXP; /* KABADNAME */
- if (code = InitAuthServ(&tt, LOCKREAD, this_op))
+ if ((code = InitAuthServ(&tt, LOCKREAD, this_op)))
return code;
code = FindBlock(tt, name, inst, &to, &tentry);
}
/* make the ticket */
- code = des_random_key(&sessionKey);
+ code = des_random_key(ktc_to_cblock(&sessionKey));
if (code) {
code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
goto abort;
}
KALOG(name, inst, sname, sinst, NULL, client->sin_addr.s_addr,
LOG_AUTHENTICATE);
+
+ if (cipherLen != 0) {
+ KALOG(name, inst, sname, sinst, NULL, client->sin_addr.s_addr,
+ LOG_TGTREQUEST);
+ }
osi_audit(UDPAuthenticateEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_END);
return 0;
}
afs_int32
-UDP_GetTicket(ksoc, pkt, kvno, authDomain, ticket, ticketLen, auth, authLen)
- int ksoc;
- struct packet *pkt;
- afs_int32 kvno;
- char *authDomain;
- char *ticket;
- int ticketLen;
- char *auth;
- int authLen;
+UDP_GetTicket(int ksoc, struct packet *pkt, afs_int32 kvno,
+ char *authDomain, char *ticket, int ticketLen, char *auth,
+ int authLen)
{
afs_int32 code;
struct ktc_encryptionKey tgskey;
COUNT_REQ(UGetTicket);
- if (code = InitAuthServ(&tt, LOCKREAD, this_op))
+ if ((code = InitAuthServ(&tt, LOCKREAD, this_op)))
goto fail;
code =
ka_LookupKvno(tt, KA_TGS_NAME,
if (ntohl(server.flags) & KAFNOSEAL)
return KABADSERVER;
- code = des_random_key(&sessionKey);
+ code = des_random_key(ktc_to_cblock(&sessionKey));
if (code) {
code = KERB_ERR_NULL_KEY; /* was KANOKEYS */
goto fail;
}
static int
-err_packet(ksoc, pkt, code, reason)
- int ksoc;
- struct packet *pkt;
- afs_int32 code;
- char *reason;
+err_packet(int ksoc, struct packet *pkt, afs_int32 code, char *reason)
{
struct packet ans;
char *answer = ans.data;
}
int
-process_udp_auth(ksoc, pkt)
- int ksoc;
- struct packet *pkt;
+process_udp_auth(int ksoc, struct packet *pkt)
{
char *packet = pkt->rest;
char name[MAXKTCNAMELEN];
if (code) {
if (code == KANOENT) {
code = KERB_ERR_PRINCIPAL_UNKNOWN;
- err_packet(ksoc, pkt, code, (char *)error_message(code));
+ err_packet(ksoc, pkt, code, (char *)afs_error_message(code));
} else if (code == KAPWEXPIRED) {
code = KERB_ERR_NAME_EXP;
err_packet(ksoc, pkt, code, "password has expired");
} else
- err_packet(ksoc, pkt, code, (char *)error_message(code));
+ err_packet(ksoc, pkt, code, (char *)afs_error_message(code));
}
return 0;
}
int
-process_udp_appl(ksoc, pkt)
- int ksoc;
- struct packet *pkt;
+process_udp_appl(int ksoc, struct packet *pkt)
{
char *packet = pkt->rest;
afs_int32 kvno;
if (code) {
if (code == KANOENT)
code = KERB_ERR_PRINCIPAL_UNKNOWN;
- err_packet(ksoc, pkt, code, (char *)error_message(code));
+ err_packet(ksoc, pkt, code, (char *)afs_error_message(code));
return -1;
}
return 0;
}
void
-process_udp_request(ksoc, pkt)
- int ksoc;
- struct packet *pkt;
+process_udp_request(int ksoc, struct packet *pkt)
{
char *packet = pkt->data;
unsigned char version, auth_msg_type;
return;
}
-static
-SocketListener()
+static void *
+SocketListener(void *unused)
{
fd_set rfds;
struct timeval tv;
struct packet packet;
- int fromLen;
+ socklen_t fromLen;
afs_int32 code;
printf("Starting to listen for UDP packets\n");
}
}
if (sock_kerb >= 0) {
- close(sock_kerb);
+ closesocket(sock_kerb);
sock_kerb = -1;
}
if (sock_kerb5 >= 0) {
- close(sock_kerb5);
+ closesocket(sock_kerb5);
sock_kerb5 = -1;
}
printf("UDP SocketListener exiting due to error\n");
+
+ return NULL;
}
#if MAIN
#include "AFS_component_version_number.c"
-main()
+int
+main(int, char **)
#else
afs_int32
-init_krb_udp()
+init_krb_udp(void)
#endif
{
struct sockaddr_in taddr;
git://git.openafs.org / openafs.git / blobdiff