summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormarkm <markm@FreeBSD.org>1997-09-04 06:04:33 +0000
committermarkm <markm@FreeBSD.org>1997-09-04 06:04:33 +0000
commita8a89cfaf983bc64f4b42f7c35209a5a36dd0fe8 (patch)
tree0b84977f19022a965f8c6145f067f951173f6290
downloadFreeBSD-src-a8a89cfaf983bc64f4b42f7c35209a5a36dd0fe8.zip
FreeBSD-src-a8a89cfaf983bc64f4b42f7c35209a5a36dd0fe8.tar.gz
Initial import of KTH eBones. This has been cleaned up to only include
the "core" Kerberos functionality. The rest of the userland will get their own changes later.
-rw-r--r--crypto/kerberosIV/COPYRIGHT166
-rw-r--r--crypto/kerberosIV/ChangeLog3761
-rw-r--r--crypto/kerberosIV/Makefile.in70
-rw-r--r--crypto/kerberosIV/NEWS563
-rw-r--r--crypto/kerberosIV/PROBLEMS74
-rw-r--r--crypto/kerberosIV/README44
-rw-r--r--crypto/kerberosIV/README-WIN3230
-rw-r--r--crypto/kerberosIV/TODO42
-rw-r--r--crypto/kerberosIV/acconfig.h282
-rw-r--r--crypto/kerberosIV/aclocal.m4543
-rw-r--r--crypto/kerberosIV/admin/Makefile.in104
-rw-r--r--crypto/kerberosIV/admin/adm_locl.h91
-rw-r--r--crypto/kerberosIV/admin/ext_srvtab.c143
-rw-r--r--crypto/kerberosIV/admin/kdb_destroy.c57
-rw-r--r--crypto/kerberosIV/admin/kdb_edit.c404
-rw-r--r--crypto/kerberosIV/admin/kdb_init.c174
-rw-r--r--crypto/kerberosIV/admin/kdb_util.c496
-rw-r--r--crypto/kerberosIV/admin/kstash.c56
-rw-r--r--crypto/kerberosIV/appl/Makefile.in43
-rw-r--r--crypto/kerberosIV/appl/bsd/Makefile.in135
-rw-r--r--crypto/kerberosIV/appl/bsd/README.login20
-rw-r--r--crypto/kerberosIV/appl/bsd/bsd_locl.h380
-rw-r--r--crypto/kerberosIV/appl/bsd/encrypt.c311
-rw-r--r--crypto/kerberosIV/appl/bsd/forkpty.c461
-rw-r--r--crypto/kerberosIV/appl/bsd/iruserok.c279
-rw-r--r--crypto/kerberosIV/appl/bsd/kcmd.c270
-rw-r--r--crypto/kerberosIV/appl/bsd/klogin.c184
-rw-r--r--crypto/kerberosIV/appl/bsd/krcmd.c117
-rw-r--r--crypto/kerberosIV/appl/bsd/login.c990
-rw-r--r--crypto/kerberosIV/appl/bsd/login_access.c221
-rw-r--r--crypto/kerberosIV/appl/bsd/login_fbtab.c144
-rw-r--r--crypto/kerberosIV/appl/bsd/pathnames.h191
-rw-r--r--crypto/kerberosIV/appl/bsd/rcmd_util.c246
-rw-r--r--crypto/kerberosIV/appl/bsd/rcp.c1019
-rw-r--r--crypto/kerberosIV/appl/bsd/rcp_util.c97
-rw-r--r--crypto/kerberosIV/appl/bsd/rlogin.c707
-rw-r--r--crypto/kerberosIV/appl/bsd/rlogind.c934
-rw-r--r--crypto/kerberosIV/appl/bsd/rsh.c353
-rw-r--r--crypto/kerberosIV/appl/bsd/rshd.c635
-rw-r--r--crypto/kerberosIV/appl/bsd/stty_default.c105
-rw-r--r--crypto/kerberosIV/appl/bsd/su.c452
-rw-r--r--crypto/kerberosIV/appl/bsd/sysv_default.c95
-rw-r--r--crypto/kerberosIV/appl/bsd/sysv_default.h18
-rw-r--r--crypto/kerberosIV/appl/bsd/sysv_environ.c192
-rw-r--r--crypto/kerberosIV/appl/bsd/sysv_shadow.c45
-rw-r--r--crypto/kerberosIV/appl/bsd/sysv_shadow.h5
-rw-r--r--crypto/kerberosIV/appl/bsd/tty.c75
-rw-r--r--crypto/kerberosIV/appl/bsd/utmp_login.c121
-rw-r--r--crypto/kerberosIV/appl/bsd/utmpx_login.c88
-rw-r--r--crypto/kerberosIV/appl/ftp/Makefile.in41
-rw-r--r--crypto/kerberosIV/appl/ftp/common/Makefile.in52
-rw-r--r--crypto/kerberosIV/appl/ftp/common/base64.c149
-rw-r--r--crypto/kerberosIV/appl/ftp/common/base64.h47
-rw-r--r--crypto/kerberosIV/appl/ftp/common/buffer.c73
-rw-r--r--crypto/kerberosIV/appl/ftp/common/common.h62
-rw-r--r--crypto/kerberosIV/appl/ftp/common/glob.c835
-rw-r--r--crypto/kerberosIV/appl/ftp/common/glob.h84
-rw-r--r--crypto/kerberosIV/appl/ftp/common/sockbuf.c61
-rw-r--r--crypto/kerberosIV/appl/ftp/ftp/Makefile.in76
-rw-r--r--crypto/kerberosIV/appl/ftp/ftp/cmds.c2073
-rw-r--r--crypto/kerberosIV/appl/ftp/ftp/cmdtab.c193
-rw-r--r--crypto/kerberosIV/appl/ftp/ftp/domacro.c138
-rw-r--r--crypto/kerberosIV/appl/ftp/ftp/extern.h167
-rw-r--r--crypto/kerberosIV/appl/ftp/ftp/ftp.c1658
-rw-r--r--crypto/kerberosIV/appl/ftp/ftp/ftp_locl.h145
-rw-r--r--crypto/kerberosIV/appl/ftp/ftp/ftp_var.h127
-rw-r--r--crypto/kerberosIV/appl/ftp/ftp/globals.c76
-rw-r--r--crypto/kerberosIV/appl/ftp/ftp/kauth.c145
-rw-r--r--crypto/kerberosIV/appl/ftp/ftp/krb4.c567
-rw-r--r--crypto/kerberosIV/appl/ftp/ftp/krb4.h81
-rw-r--r--crypto/kerberosIV/appl/ftp/ftp/main.c542
-rw-r--r--crypto/kerberosIV/appl/ftp/ftp/pathnames.h44
-rw-r--r--crypto/kerberosIV/appl/ftp/ftp/ruserpass.c274
-rw-r--r--crypto/kerberosIV/appl/ftp/ftpd/Makefile.in84
-rw-r--r--crypto/kerberosIV/appl/ftp/ftpd/auth.c249
-rw-r--r--crypto/kerberosIV/appl/ftp/ftpd/auth.h109
-rw-r--r--crypto/kerberosIV/appl/ftp/ftpd/extern.h141
-rw-r--r--crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y1408
-rw-r--r--crypto/kerberosIV/appl/ftp/ftpd/ftpd.c2076
-rw-r--r--crypto/kerberosIV/appl/ftp/ftpd/kauth.c325
-rw-r--r--crypto/kerberosIV/appl/ftp/ftpd/krb4.c372
-rw-r--r--crypto/kerberosIV/appl/ftp/ftpd/krb4.h61
-rw-r--r--crypto/kerberosIV/appl/ftp/ftpd/logwtmp.c136
-rw-r--r--crypto/kerberosIV/appl/ftp/ftpd/pathnames.h55
-rw-r--r--crypto/kerberosIV/appl/ftp/ftpd/popen.c224
-rw-r--r--crypto/kerberosIV/appl/kauth/Makefile.in112
-rw-r--r--crypto/kerberosIV/appl/kauth/encdata.c101
-rw-r--r--crypto/kerberosIV/appl/kauth/kauth.c312
-rw-r--r--crypto/kerberosIV/appl/kauth/kauth.h118
-rw-r--r--crypto/kerberosIV/appl/kauth/kauthd.c201
-rw-r--r--crypto/kerberosIV/appl/kauth/ksrvtgt.in14
-rw-r--r--crypto/kerberosIV/appl/kauth/marshall.c97
-rw-r--r--crypto/kerberosIV/appl/kauth/rkinit.c222
-rw-r--r--crypto/kerberosIV/appl/kauth/zrefresh12
-rw-r--r--crypto/kerberosIV/appl/kip/Makefile.in96
-rw-r--r--crypto/kerberosIV/appl/kip/common.c178
-rw-r--r--crypto/kerberosIV/appl/kip/kip.c179
-rw-r--r--crypto/kerberosIV/appl/kip/kip.h106
-rw-r--r--crypto/kerberosIV/appl/kip/kipd.c128
-rw-r--r--crypto/kerberosIV/config.guess696
-rw-r--r--crypto/kerberosIV/config.sub932
-rw-r--r--crypto/kerberosIV/configure9343
-rw-r--r--crypto/kerberosIV/configure.in970
-rw-r--r--crypto/kerberosIV/doc/Makefile.in65
-rw-r--r--crypto/kerberosIV/doc/ack.texi80
-rw-r--r--crypto/kerberosIV/doc/index.texi6
-rw-r--r--crypto/kerberosIV/doc/install.texi368
-rw-r--r--crypto/kerberosIV/doc/intro.texi69
-rw-r--r--crypto/kerberosIV/doc/kth-krb.texi300
-rw-r--r--crypto/kerberosIV/doc/latin1.tex95
-rw-r--r--crypto/kerberosIV/doc/otp.texi127
-rw-r--r--crypto/kerberosIV/doc/problems.texi156
-rw-r--r--crypto/kerberosIV/doc/setup.texi794
-rw-r--r--crypto/kerberosIV/doc/whatis.texi137
-rw-r--r--crypto/kerberosIV/eBones-p9.README26
-rw-r--r--crypto/kerberosIV/etc/README41
-rw-r--r--crypto/kerberosIV/etc/default.login47
-rw-r--r--crypto/kerberosIV/etc/fbtab15
-rw-r--r--crypto/kerberosIV/etc/hosts.equiv1
-rw-r--r--crypto/kerberosIV/etc/inetd.conf.changes33
-rw-r--r--crypto/kerberosIV/etc/krb.conf56
-rw-r--r--crypto/kerberosIV/etc/krb.equiv14
-rw-r--r--crypto/kerberosIV/etc/krb.realms51
-rw-r--r--crypto/kerberosIV/etc/login.access54
-rw-r--r--crypto/kerberosIV/etc/services.append22
-rw-r--r--crypto/kerberosIV/include/Makefile.in147
-rw-r--r--crypto/kerberosIV/include/config.h.in984
-rw-r--r--crypto/kerberosIV/include/ktypes.c64
-rw-r--r--crypto/kerberosIV/include/protos.h276
-rw-r--r--crypto/kerberosIV/include/sys/Makefile.in53
-rw-r--r--crypto/kerberosIV/include/sys/cdefs.H149
-rw-r--r--crypto/kerberosIV/install-sh250
-rw-r--r--crypto/kerberosIV/kadmin/Design.txt23
-rw-r--r--crypto/kerberosIV/kadmin/Makefile.in125
-rw-r--r--crypto/kerberosIV/kadmin/admin_server.c432
-rw-r--r--crypto/kerberosIV/kadmin/kadm_funcs.c411
-rw-r--r--crypto/kerberosIV/kadmin/kadm_locl.h148
-rw-r--r--crypto/kerberosIV/kadmin/kadm_ser_wrap.c213
-rw-r--r--crypto/kerberosIV/kadmin/kadm_server.c198
-rw-r--r--crypto/kerberosIV/kadmin/kadm_server.h66
-rw-r--r--crypto/kerberosIV/kadmin/kadmin.c845
-rw-r--r--crypto/kerberosIV/kadmin/kpasswd.c163
-rw-r--r--crypto/kerberosIV/kadmin/ksrvutil.c601
-rw-r--r--crypto/kerberosIV/kadmin/ksrvutil.h54
-rw-r--r--crypto/kerberosIV/kadmin/ksrvutil_get.c400
-rw-r--r--crypto/kerberosIV/kadmin/new_pwd.c146
-rw-r--r--crypto/kerberosIV/kadmin/pw_check.c87
-rw-r--r--crypto/kerberosIV/kadmin/pw_check.h45
-rw-r--r--crypto/kerberosIV/kuser/Makefile.in92
-rw-r--r--crypto/kerberosIV/kuser/kdestroy.c72
-rw-r--r--crypto/kerberosIV/kuser/kinit.c158
-rw-r--r--crypto/kerberosIV/kuser/klist.c314
-rw-r--r--crypto/kerberosIV/kuser/kuser_locl.h86
-rw-r--r--crypto/kerberosIV/lib/Makefile.in46
-rw-r--r--crypto/kerberosIV/lib/acl/Makefile.in84
-rw-r--r--crypto/kerberosIV/lib/acl/acl.h53
-rw-r--r--crypto/kerberosIV/lib/acl/acl_files.c540
-rw-r--r--crypto/kerberosIV/lib/acl/acl_files.doc107
-rw-r--r--crypto/kerberosIV/lib/kadm/Makefile.in92
-rw-r--r--crypto/kerberosIV/lib/kadm/kadm.h143
-rw-r--r--crypto/kerberosIV/lib/kadm/kadm_cli_wrap.c545
-rw-r--r--crypto/kerberosIV/lib/kadm/kadm_err.et59
-rw-r--r--crypto/kerberosIV/lib/kadm/kadm_locl.h90
-rw-r--r--crypto/kerberosIV/lib/kadm/kadm_stream.c299
-rw-r--r--crypto/kerberosIV/lib/kadm/kadm_supp.c111
-rw-r--r--crypto/kerberosIV/lib/kafs/Makefile.in90
-rw-r--r--crypto/kerberosIV/lib/kafs/afskrb.c373
-rw-r--r--crypto/kerberosIV/lib/kafs/afsl.exp6
-rw-r--r--crypto/kerberosIV/lib/kafs/afslib.c60
-rw-r--r--crypto/kerberosIV/lib/kafs/afslib.exp3
-rw-r--r--crypto/kerberosIV/lib/kafs/afssys.c293
-rw-r--r--crypto/kerberosIV/lib/kafs/afssysdefs.h87
-rw-r--r--crypto/kerberosIV/lib/kafs/dlfcn.c570
-rw-r--r--crypto/kerberosIV/lib/kafs/dlfcn.h46
-rw-r--r--crypto/kerberosIV/lib/kafs/kafs.h100
-rw-r--r--crypto/kerberosIV/lib/kafs/kafs_locl.h96
-rw-r--r--crypto/kerberosIV/lib/kdb/Makefile.in83
-rw-r--r--crypto/kerberosIV/lib/kdb/base64.c150
-rw-r--r--crypto/kerberosIV/lib/kdb/base64.h47
-rw-r--r--crypto/kerberosIV/lib/kdb/copykey.c55
-rw-r--r--crypto/kerberosIV/lib/kdb/kdb_locl.h98
-rw-r--r--crypto/kerberosIV/lib/kdb/kdc.h34
-rw-r--r--crypto/kerberosIV/lib/kdb/krb_cache.c189
-rw-r--r--crypto/kerberosIV/lib/kdb/krb_db.h137
-rw-r--r--crypto/kerberosIV/lib/kdb/krb_dbm.c823
-rw-r--r--crypto/kerberosIV/lib/kdb/krb_kdb_utils.c261
-rw-r--r--crypto/kerberosIV/lib/kdb/krb_lib.c259
-rw-r--r--crypto/kerberosIV/lib/kdb/print_princ.c48
-rw-r--r--crypto/kerberosIV/lib/krb/Makefile.in269
-rw-r--r--crypto/kerberosIV/lib/krb/check_time.c56
-rw-r--r--crypto/kerberosIV/lib/krb/cr_err_reply.c99
-rw-r--r--crypto/kerberosIV/lib/krb/create_auth_reply.c131
-rw-r--r--crypto/kerberosIV/lib/krb/create_ciph.c117
-rw-r--r--crypto/kerberosIV/lib/krb/create_death_packet.c85
-rw-r--r--crypto/kerberosIV/lib/krb/create_ticket.c134
-rw-r--r--crypto/kerberosIV/lib/krb/debug_decl.c29
-rw-r--r--crypto/kerberosIV/lib/krb/decomp_ticket.c119
-rw-r--r--crypto/kerberosIV/lib/krb/dest_tkt.c82
-rw-r--r--crypto/kerberosIV/lib/krb/dllmain.c128
-rw-r--r--crypto/kerberosIV/lib/krb/encrypt_ktext.c51
-rw-r--r--crypto/kerberosIV/lib/krb/et_list.c74
-rw-r--r--crypto/kerberosIV/lib/krb/get_ad_tkt.c190
-rw-r--r--crypto/kerberosIV/lib/krb/get_cred.c70
-rw-r--r--crypto/kerberosIV/lib/krb/get_default_principal.c94
-rw-r--r--crypto/kerberosIV/lib/krb/get_host.c292
-rw-r--r--crypto/kerberosIV/lib/krb/get_in_tkt.c99
-rw-r--r--crypto/kerberosIV/lib/krb/get_krbrlm.c116
-rw-r--r--crypto/kerberosIV/lib/krb/get_svc_in_tkt.c76
-rw-r--r--crypto/kerberosIV/lib/krb/get_tf_fullname.c70
-rw-r--r--crypto/kerberosIV/lib/krb/get_tf_realm.c41
-rw-r--r--crypto/kerberosIV/lib/krb/getaddrs.c130
-rw-r--r--crypto/kerberosIV/lib/krb/getrealm.c184
-rw-r--r--crypto/kerberosIV/lib/krb/getst.c45
-rw-r--r--crypto/kerberosIV/lib/krb/gettimeofday.c56
-rw-r--r--crypto/kerberosIV/lib/krb/k_concat.c116
-rw-r--r--crypto/kerberosIV/lib/krb/k_flock.c95
-rw-r--r--crypto/kerberosIV/lib/krb/k_gethostname.c58
-rw-r--r--crypto/kerberosIV/lib/krb/k_getport.c57
-rw-r--r--crypto/kerberosIV/lib/krb/k_getsockinst.c73
-rw-r--r--crypto/kerberosIV/lib/krb/k_localtime.c48
-rw-r--r--crypto/kerberosIV/lib/krb/kdc_reply.c131
-rw-r--r--crypto/kerberosIV/lib/krb/klog.h47
-rw-r--r--crypto/kerberosIV/lib/krb/kntoln.c180
-rw-r--r--crypto/kerberosIV/lib/krb/krb.def92
-rw-r--r--crypto/kerberosIV/lib/krb/krb.h565
-rw-r--r--crypto/kerberosIV/lib/krb/krb.mak3065
-rw-r--r--crypto/kerberosIV/lib/krb/krb_check_auth.c76
-rw-r--r--crypto/kerberosIV/lib/krb/krb_equiv.c144
-rw-r--r--crypto/kerberosIV/lib/krb/krb_err.et257
-rw-r--r--crypto/kerberosIV/lib/krb/krb_err_txt.c299
-rw-r--r--crypto/kerberosIV/lib/krb/krb_get_in_tkt.c175
-rw-r--r--crypto/kerberosIV/lib/krb/krb_locl.h163
-rw-r--r--crypto/kerberosIV/lib/krb/kuserok.c156
-rw-r--r--crypto/kerberosIV/lib/krb/lifetime.c213
-rw-r--r--crypto/kerberosIV/lib/krb/logging.c240
-rw-r--r--crypto/kerberosIV/lib/krb/lsb_addr_comp.c105
-rw-r--r--crypto/kerberosIV/lib/krb/lsb_addr_comp.h26
-rw-r--r--crypto/kerberosIV/lib/krb/mk_auth.c96
-rw-r--r--crypto/kerberosIV/lib/krb/mk_err.c56
-rw-r--r--crypto/kerberosIV/lib/krb/mk_priv.c125
-rw-r--r--crypto/kerberosIV/lib/krb/mk_req.c215
-rw-r--r--crypto/kerberosIV/lib/krb/mk_safe.c131
-rw-r--r--crypto/kerberosIV/lib/krb/month_sname.c39
-rw-r--r--crypto/kerberosIV/lib/krb/name2name.c102
-rw-r--r--crypto/kerberosIV/lib/krb/netread.c55
-rw-r--r--crypto/kerberosIV/lib/krb/netwrite.c52
-rw-r--r--crypto/kerberosIV/lib/krb/one.c27
-rw-r--r--crypto/kerberosIV/lib/krb/parse_name.c199
-rw-r--r--crypto/kerberosIV/lib/krb/prot.h105
-rw-r--r--crypto/kerberosIV/lib/krb/rd_err.c82
-rw-r--r--crypto/kerberosIV/lib/krb/rd_priv.c129
-rw-r--r--crypto/kerberosIV/lib/krb/rd_req.c324
-rw-r--r--crypto/kerberosIV/lib/krb/rd_safe.c178
-rw-r--r--crypto/kerberosIV/lib/krb/read_service_key.c116
-rw-r--r--crypto/kerberosIV/lib/krb/realm_parse.c88
-rw-r--r--crypto/kerberosIV/lib/krb/recvauth.c190
-rw-r--r--crypto/kerberosIV/lib/krb/resolve.c288
-rw-r--r--crypto/kerberosIV/lib/krb/resolve.h110
-rw-r--r--crypto/kerberosIV/lib/krb/rw.c128
-rw-r--r--crypto/kerberosIV/lib/krb/save_credentials.c59
-rw-r--r--crypto/kerberosIV/lib/krb/send_to_kdc.c251
-rw-r--r--crypto/kerberosIV/lib/krb/sendauth.c163
-rw-r--r--crypto/kerberosIV/lib/krb/sizetest.c41
-rw-r--r--crypto/kerberosIV/lib/krb/stime.c35
-rw-r--r--crypto/kerberosIV/lib/krb/str2key.c103
-rw-r--r--crypto/kerberosIV/lib/krb/swab.c56
-rw-r--r--crypto/kerberosIV/lib/krb/tf_util.c645
-rw-r--r--crypto/kerberosIV/lib/krb/ticket_memory.c438
-rw-r--r--crypto/kerberosIV/lib/krb/ticket_memory.h69
-rw-r--r--crypto/kerberosIV/lib/krb/tkt_string.c85
-rw-r--r--crypto/kerberosIV/lib/krb/unparse_name.c105
-rw-r--r--crypto/kerberosIV/lib/krb/util.c64
-rw-r--r--crypto/kerberosIV/lib/krb/verify_user.c111
-rw-r--r--crypto/kerberosIV/lib/roken/Makefile.in94
-rw-r--r--crypto/kerberosIV/lib/roken/chown.c50
-rw-r--r--crypto/kerberosIV/lib/roken/daemon.c89
-rw-r--r--crypto/kerberosIV/lib/roken/err.c53
-rw-r--r--crypto/kerberosIV/lib/roken/err.h76
-rw-r--r--crypto/kerberosIV/lib/roken/errx.c53
-rw-r--r--crypto/kerberosIV/lib/roken/fchown.c50
-rw-r--r--crypto/kerberosIV/lib/roken/get_window_size.c96
-rw-r--r--crypto/kerberosIV/lib/roken/getcwd.c59
-rw-r--r--crypto/kerberosIV/lib/roken/getdtablesize.c102
-rw-r--r--crypto/kerberosIV/lib/roken/getopt.c128
-rw-r--r--crypto/kerberosIV/lib/roken/getusershell.c160
-rw-r--r--crypto/kerberosIV/lib/roken/hstrerror.c87
-rw-r--r--crypto/kerberosIV/lib/roken/inaddr2str.c88
-rw-r--r--crypto/kerberosIV/lib/roken/inet_aton.c68
-rw-r--r--crypto/kerberosIV/lib/roken/initgroups.c50
-rw-r--r--crypto/kerberosIV/lib/roken/k_getpwnam.c69
-rw-r--r--crypto/kerberosIV/lib/roken/k_getpwuid.c69
-rw-r--r--crypto/kerberosIV/lib/roken/lstat.c50
-rw-r--r--crypto/kerberosIV/lib/roken/memmove.c67
-rw-r--r--crypto/kerberosIV/lib/roken/mini_inetd.c99
-rw-r--r--crypto/kerberosIV/lib/roken/mkstemp.c89
-rw-r--r--crypto/kerberosIV/lib/roken/putenv.c81
-rw-r--r--crypto/kerberosIV/lib/roken/rcmd.c57
-rw-r--r--crypto/kerberosIV/lib/roken/roken.def4
-rw-r--r--crypto/kerberosIV/lib/roken/roken.h338
-rw-r--r--crypto/kerberosIV/lib/roken/roken.mak278
-rw-r--r--crypto/kerberosIV/lib/roken/setegid.c60
-rw-r--r--crypto/kerberosIV/lib/roken/setenv.c71
-rw-r--r--crypto/kerberosIV/lib/roken/seteuid.c60
-rw-r--r--crypto/kerberosIV/lib/roken/signal.c86
-rw-r--r--crypto/kerberosIV/lib/roken/snprintf.c520
-rw-r--r--crypto/kerberosIV/lib/roken/strcasecmp.c118
-rw-r--r--crypto/kerberosIV/lib/roken/strdup.c55
-rw-r--r--crypto/kerberosIV/lib/roken/strerror.c62
-rw-r--r--crypto/kerberosIV/lib/roken/strftime.c299
-rw-r--r--crypto/kerberosIV/lib/roken/strlwr.c58
-rw-r--r--crypto/kerberosIV/lib/roken/strnlen.c53
-rw-r--r--crypto/kerberosIV/lib/roken/strtok_r.c70
-rw-r--r--crypto/kerberosIV/lib/roken/strupr.c58
-rw-r--r--crypto/kerberosIV/lib/roken/tm2time.c66
-rw-r--r--crypto/kerberosIV/lib/roken/unsetenv.c75
-rw-r--r--crypto/kerberosIV/lib/roken/verify.c67
-rw-r--r--crypto/kerberosIV/lib/roken/verr.c50
-rw-r--r--crypto/kerberosIV/lib/roken/verrx.c50
-rw-r--r--crypto/kerberosIV/lib/roken/vwarn.c50
-rw-r--r--crypto/kerberosIV/lib/roken/vwarnx.c51
-rw-r--r--crypto/kerberosIV/lib/roken/warn.c53
-rw-r--r--crypto/kerberosIV/lib/roken/warnerr.c86
-rw-r--r--crypto/kerberosIV/lib/roken/warnx.c53
-rw-r--r--crypto/kerberosIV/lib/roken/xdbm.h75
-rw-r--r--crypto/kerberosIV/lib/sl/Makefile.in84
-rw-r--r--crypto/kerberosIV/lib/sl/sl.c190
-rw-r--r--crypto/kerberosIV/lib/sl/sl.h58
-rw-r--r--crypto/kerberosIV/lib/sl/sl_locl.h48
-rw-r--r--crypto/kerberosIV/man/Makefile.in95
-rw-r--r--crypto/kerberosIV/man/acl_check.3182
-rw-r--r--crypto/kerberosIV/man/ext_srvtab.862
-rw-r--r--crypto/kerberosIV/man/getusershell.399
-rw-r--r--crypto/kerberosIV/man/kadmin.8176
-rw-r--r--crypto/kerberosIV/man/kadmind.8125
-rw-r--r--crypto/kerberosIV/man/kafs.3122
-rw-r--r--crypto/kerberosIV/man/kauth.165
-rw-r--r--crypto/kerberosIV/man/kauthd.827
-rw-r--r--crypto/kerberosIV/man/kdb_destroy.832
-rw-r--r--crypto/kerberosIV/man/kdb_edit.854
-rw-r--r--crypto/kerberosIV/man/kdb_init.837
-rw-r--r--crypto/kerberosIV/man/kdb_util.868
-rw-r--r--crypto/kerberosIV/man/kdestroy.188
-rw-r--r--crypto/kerberosIV/man/kerberos.1258
-rw-r--r--crypto/kerberosIV/man/kerberos.3460
-rw-r--r--crypto/kerberosIV/man/kerberos.844
-rw-r--r--crypto/kerberosIV/man/kinit.1136
-rw-r--r--crypto/kerberosIV/man/klist.183
-rw-r--r--crypto/kerberosIV/man/kprop.858
-rw-r--r--crypto/kerberosIV/man/kpropd.863
-rw-r--r--crypto/kerberosIV/man/krb.conf.531
-rw-r--r--crypto/kerberosIV/man/krb.equiv.528
-rw-r--r--crypto/kerberosIV/man/krb.realms.538
-rw-r--r--crypto/kerberosIV/man/krb_realmofhost.3160
-rw-r--r--crypto/kerberosIV/man/krb_sendauth.3347
-rw-r--r--crypto/kerberosIV/man/krb_set_tkt_string.342
-rw-r--r--crypto/kerberosIV/man/ksrvtgt.150
-rw-r--r--crypto/kerberosIV/man/ksrvutil.8104
-rw-r--r--crypto/kerberosIV/man/kstash.840
-rw-r--r--crypto/kerberosIV/man/kuserok.366
-rw-r--r--crypto/kerberosIV/man/tf_util.3150
-rw-r--r--crypto/kerberosIV/mkinstalldirs40
-rw-r--r--crypto/kerberosIV/server/Makefile.in79
-rw-r--r--crypto/kerberosIV/server/kerberos.c846
-rw-r--r--crypto/kerberosIV/slave/Makefile.in82
-rw-r--r--crypto/kerberosIV/slave/kprop.c530
-rw-r--r--crypto/kerberosIV/slave/kprop.h19
-rw-r--r--crypto/kerberosIV/slave/kpropd.c301
-rw-r--r--crypto/kerberosIV/slave/slav_locl.h101
368 files changed, 82832 insertions, 0 deletions
diff --git a/crypto/kerberosIV/COPYRIGHT b/crypto/kerberosIV/COPYRIGHT
new file mode 100644
index 0000000..1ec6394
--- /dev/null
+++ b/crypto/kerberosIV/COPYRIGHT
@@ -0,0 +1,166 @@
+Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+(Royal Institute of Technology, Stockholm, Sweden).
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+3. All advertising materials mentioning features or use of this software
+ must display the following acknowledgement:
+ This product includes software developed by the Kungliga Tekniska
+ Högskolan and its contributors.
+
+4. Neither the name of the Institute nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+
+
+Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the copyright
+ notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+3. All advertising materials mentioning features or use of this software
+ must display the following acknowledgement:
+ This product includes software developed by Eric Young (eay@mincom.oz.au)
+
+THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+
+
+Copyright (c) 1983, 1990 The Regents of the University of California.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+3. All advertising materials mentioning features or use of this software
+ must display the following acknowledgement:
+ This product includes software developed by the University of
+ California, Berkeley and its contributors.
+
+4. Neither the name of the University nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+
+
+Copyright (C) 1990 by the Massachusetts Institute of Technology
+
+Export of this software from the United States of America is assumed
+to require a specific license from the United States Government.
+It is the responsibility of any person or organization contemplating
+export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+
+
+Copyright 1987, 1989 by the Student Information Processing Board
+ of the Massachusetts Institute of Technology
+
+Permission to use, copy, modify, and distribute this software
+and its documentation for any purpose and without fee is
+hereby granted, provided that the above copyright notice
+appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation,
+and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
+used in advertising or publicity pertaining to distribution
+of the software without specific, written prior permission.
+M.I.T. and the M.I.T. S.I.P.B. make no representations about
+the suitability of this software for any purpose. It is
+provided "as is" without express or implied warranty.
+
+
+
+Copyright 1992 Simmule Turner and Rich Salz. All rights reserved.
+
+This software is not subject to any license of the American Telephone
+and Telegraph Company or of the Regents of the University of California.
+
+Permission is granted to anyone to use this software for any purpose on
+any computer system, and to alter it and redistribute it freely, subject
+to the following restrictions:
+
+1. The authors are not responsible for the consequences of use of this
+ software, no matter how awful, even if they arise from flaws in it.
+
+2. The origin of this software must not be misrepresented, either by
+ explicit claim or by omission. Since few users ever read sources,
+ credits must appear in the documentation.
+
+3. Altered versions must be plainly marked as such, and must not be
+ misrepresented as being the original software. Since few users
+ ever read sources, credits must appear in the documentation.
+
+4. This notice may not be removed or altered.
+
diff --git a/crypto/kerberosIV/ChangeLog b/crypto/kerberosIV/ChangeLog
new file mode 100644
index 0000000..1467488
--- /dev/null
+++ b/crypto/kerberosIV/ChangeLog
@@ -0,0 +1,3761 @@
+Tue Jun 3 1997
+
+ * Release 0.9.6
+
+ * appl/kx/rxtelnet.in, appl/kx/rxterm.in: new argument '-w
+ term_emulator' for specifiying which terminal emulator to use.
+ Based on a patch from <arve@nada.kth.se>.
+
+Mon Jun 2 1997
+
+ * appl/xnlock/Makefile.in, appl/kx/Makefile.in,
+ lib/auth/Makefile.in: fix the Makefile to do the for loops the
+ automake way.
+
+Sun Jun 1 1997
+
+ * appl/xnlock/Makefile.in, appl/kx/Makefile.in: do install
+ correctly even if there are no programs to install
+
+ * configure.in: Check for `h_nerr'.
+
+ * lib/auth/pam/pam.c: Include <security/pam_appl.h> to make it
+ compile on Solaris 2.6
+
+ lib/sl/sl.c, lib/krb/realm_parse.c, appl/ftp/ftpd/popen.c,
+ appl/ftp/ftpd/ftpd.c, appl/bsd/login_fbtab.c,
+ appl/bsd/login_access.c: Initialize the `lasts' to NULL before
+ calling strtok_r the first time. With our strtok_r it's not
+ necessary, but the man-page on SGIs says it should be done.
+
+Fri May 30 1997
+
+ * lib/krb/mk_req.c (krb_mk_req, get_ad_tkt): Support for
+ multi-realm ticket files by using the best matching TGT to define
+ the realm of the ticket holder.
+
+
+ * appl/bsd/utmpx_login.c (utmpx_update): Set `ut_id' if we're
+ using utmpx
+
+ * appl/telnet/telnetd/sys_term.c (start_login): Set `ut_id' if
+ we're using utmpx
+
+Wed May 28 1997
+
+ * lib/roken/daemon.c: New file.
+
+ * include/protos.H: <sys/types.h> needed on solaris 2.4
+
+Mon May 26 1997
+
+ * appl/bsd/su.c (kerberos): If kerberos password is zero length
+ immediately try next scheme.
+
+
+ * lib/kafs/afskrb.c (k_afsklog_uid): Token lifetime should be even
+ if we don't know the proper ViceId.
+
+
+ * Release 0.9.5
+
+ * man/Makefile.in: Install preformatted manual pages with correct
+ suffix on *BSD.
+
+Sun May 25 1997
+
+ * appl/kpopper/popper.h: Remove XTND, and XTND XMIT. Rename XTND
+ XOVER to XOVER.
+
+
+ * appl/telnet/telnetd/sys_term.c: Only include <utmp.h> and
+ <utmpx.h> once
+
+ * fix-export: Also create cat manpages.
+
+ * appl/ftp/ftpd/logwtmp.c: Check for `_PATH_WTMP'
+
+ * appl/telnet/telnetd/sys_term.c: Ditto.
+ Remove stupid macros.
+
+ * appl/ftp/ftp/cmds.c (setpeer): Check for `__unix'. This is
+ (apparently) a standard with many representations.
+
+ * appl/ftp/ftpd/ftpcmd.y (SYST): Ditto.
+
+ * appl/ftp/ftpd/ftpd.c (retrieve): file must exist to apply a
+ command to it.
+
+ * appl/ftp/ftpd/ftpd.c (retrieve): Generalise list of commands and
+ basename argument.
+
+ * appl/ftp/ftpd/popen.c (ftpd_popen): Try standard binary if the
+ one in ~ftp fails.
+
+ * appl/telnet/telnetd/sys_term.c: Use `_getpty' if there's one
+
+ * appl/bsd/forkpty.c: Use `_getpty' if there's one
+
+ * configure.in: check for `_getpty'
+
+ * acconfig.h: correct test for IRIX
+
+ * lib/roken/snprintf.c: code for checking the correct functioning
+ of *nprintf is now #ifdef PARANOIA
+
+ * appl/bsd/rlogind.c: fix logging in wtmp and parsing of winsize
+
+ * appl/bsd/rlogin.c: New option `-p'.
+
+ * lib/des/fcrypt.c: removed `inline' from `des_set_key'
+
+Thu May 22 1997
+
+ * lib/des/md5.c (MD5Final): Made signature compliant with FreeBSD.
+
+ * lib/des/md5.h: Remove digest from MD5_CTX, it is now an argument
+ to MD5Final instead.
+
+ * lib/des/fcrypt.c: Also support MD5 style crypt(2).
+
+Tue May 20 1997
+
+ * appl/telnet/telnetd/sys_term.c: utmp stuff now seems to be
+ compatible with login
+
+ * appl/ftp/ftpd/logwtmp.c: Add support for logging to wtmpx
+
+
+ * (*/)*/Makefile.in:s (install): Avoid redundant multiple
+ recursion in install targets.
+
+ * Made things compile with socks5-v1.0r1.
+
+
+ * appl/telnet/telnetd/sys_term.c: changed utmp-stuff not to use
+ ut_id at all
+
+ * appl/bsd/utmpx_login.c: handle case where there's no wtmpx (such
+ as HP-UX 10)
+
+ * appl/bsd/rlogind.c: Added support for utmpx
+
+Sun May 18 1997
+
+ * lib/roken: removed herror, strchr, and strrchr
+
+ * lib/krb/dest_tkt.c(dest_tkt): Only use `lstat' iff HAVE_LSTAT
+
+ * lib/krb: snprintf, strdup, strtok_r, and strcasecmp always live
+ in lib/roken and get linked here when needed.
+
+ * lib/roken: removed strchr, strrchr.
+
+ * appl/telnet/telnet/telnet.c: Always use our own `setupterm' for
+ compatibility reasons.
+
+ * appl/telnet/telnetd/telnetd.c: Removed <curses.h> and <term.h>.
+ They doesn't seem to be used and breaks on fujitsu.
+
+ * appl/kx/kx.c: try to give a better error message (than a core
+ dump :-) when talking to an old kxd.
+
+ * appl/kx/kxd.c, appl/kip/kipd.c, appl/kauth/kauthd.c: corrected
+ fencepost error with KRB_SENDAUTH_VLEN.
+
+ * appl/ftp/common/buffer.c: new file.
+
+ * configure.in: cray hides their bitypes in <bind/bitypes.h>.
+ Also check for this file.
+
+ * appl/telnet/telnet/telnet_locl.h: moved termios.h before
+ curses.h. This was needed to compile on cray, but will probably
+ break on some other host.
+
+Thu May 15 1997
+
+ * server/kerberos.c: Implement changes to the tcp protocol, while
+ being compatible with the old protocol.
+
+ * lib/krb/send_to_kdc.c: The old method to signal end of
+ transmission by closing the sending side of the socket does not
+ work well through some firewalls. This is now changed so that the
+ client instead sends the length of the request as a four byte
+ integer (in network byte order) before sending the data.
+
+Wed May 14 1997
+
+ * appl/telnet/telnetd/sys_term.c: HAVE_UTMPX -> HAVE_UTMPX_H. Fix
+ for OSF1.
+
+ * appl/bsd/utmp_login.c: UTMPX_DOES_UTMP_LOGGING -> HAVE_UTMPX_H
+
+ * appl/bsd/sysv_environ.c: Use k_concat rather than snprintf.
+
+Tue May 13 1997
+
+ * kuser/klist.c: updated usage string
+
+ * lib/otp/otp_print.c: make word table and reverse word table
+ constant
+
+Sun May 11 1997
+
+ * */*: Added some __attribute__ ((format (printf))) and fixes
+ where needed.
+
+ * appl/ftp/common/sockbuf.c: start probing at 4Mb
+
+ * appl/ftp/ftpd/ftpd.c: use MAP_FAILED
+
+ * appl/ftp/ftp/ftp.c: Use MAP_FAILED.
+ (alloc_buffer): new function for allocating a buffer of size
+ max(BUFSIZ, st.st_blksize) (Based on a patch from
+ <haba@pdc.kth.se>)
+
+ * appl/ftpd/ftpdcmd.y: hack for reget.
+
+ * appl/kx/kxd.c: Give a error message to old-version kx.
+
+ * replaced vsprintf with vsnprintf.
+
+ * lib/roken/vsyslog.c: not used. removed.
+
+ * Changed <sys/bitypes.h> -> <ktypes.h>
+
+ * include/Makefile.in: Added ktypes.h
+
+ * include/sys/Makefile.in: removed bitypes.h
+
+Wed May 7 1997
+
+ * appl/ftp/ftp/ftp.c: Open files in binary mode.
+
+ * appl/ftp/ftpd/ftpd.c (checkaccess): Changed to make absent file
+ mean `allow'. Added shell matching to names (if fnmatch is
+ available).
+
+
+ * appl/ftp/ftpd/kauth.c (kauth): Use `DEFAULT_TKT_LIFE'
+
+ * appl/ftp/ftpd/ftpcmd.y, appl/ftp/ftpd/ftpd.c: always cast to
+ (long) before printing out an `off_t'
+
+ * lib/kdb/print_princ.c (krb_print_principal),
+ lib/kdb/krb_lib.c (kerb_put_principal),
+ admin/kdb_edit.c (change_principal),
+ admin/kdb_util.c (print_time) : gmtime should never return
+ tm_year > 1900
+
+ * appl/ftp/ftpd/ftpcmd.y: Year 2000 fix
+
+ * appl/telnet/telnetd/telnetd.c: removed code that used `getent'
+
+ * lib/roken/getent.c: removed
+
+Mon May 5 1997
+
+ * appl/ftp/ftpd/ftpd.c: fix for mmap and restart_point
+
+ * kadmin/ksrvutil_get.c (ksrvutil_get): get correct default realm
+
+Sun May 4 1997
+
+ * configure.in (REAL_PICFLAGS): Use `-fPIC' instead of `-fpic',
+ otherwise it's not possible to make libotp on hpux.
+
+ * configure.in: try sending picflags even when linking a shared
+ library with $CC
+
+ * lib/roken/getent.c: remove getstr
+
+ * configure.in: removed unneeded REAL_-variables working shared
+ libraries on *bsd*
+
+ * appl/kip/kip.h: Added <net/if_var.h>
+
+ * */Makefile.in: Use @LDSHARED@
+
+ * configure.in: Fix shared libraries on HP/UX.
+ check for curses.h
+ check for `getstr' and `cgetstr' in curses
+
+ * appl/telnet/telnet: clean-up
+
+ * lib/kafs/afssys.c: ifdef-out the code that is not used to avoid
+ referencing `syscall' on AIX.
+
+ * lib/krb/et_list.c: s/WEAK_PRAGMA/PRAGMA_WEAK/
+
+ * aclocal.m4 (AC_HAVE_PRAGMA_WEAK): redirect output
+
+ * lib/roken/snprintf.c: fix for the case of max_sz == 0
+
+ * doc/kth-krb.texi: Add @dircategory and @direntry to enable
+ `install-info' to install this entry in `dir'.
+
+ * appl/telnet/telnetd/Makefile.in: Don't link with getstr
+
+
+ * lib/auth/sia/krb4_matrix.conf: Fix entries for ses_release and
+ chk_user.
+
+Sat May 3 1997
+
+ * lib/auth/sia/sia.c: Some cleanup.
+
+Fri May 2 1997
+
+ * configure.in: only link the programs that need it with the
+ db/dbm library
+
+
+ * lib/auth/sia/sia.c: Merge code for for normal and su
+ authentication.
+
+
+ * Replaced sprintf with snprintf and asprintf all over the place.
+
+ * lib/roken/snprintf.c: Added asnprintf and vasnprintf
+
+ * lib/roken/snprintf.c: implemented asprintf, vasprintf
+
+ * lib/roken/snprintf.c: new file
+
+Thu May 1 1997
+
+ * lib/kafs/afskrb.c (k_afsklog_all_local_cells): Use `k_concat'
+
+Wed Apr 30 1997
+
+ * lib/krb/{get_host,get_krbrlm,getrealm,realm_parse}.c: Fix some
+ potential buffer overruns.
+
+ * lib/krb/k_concat.c: Safely concatenate two strings.
+
+Sat Apr 26 1997
+
+ * appl/telnet/libtelnet/kerberos.c: removed stupid #if 0
+
+ * appl/bsd/rlogind.c (send_oob): different default for `last_oob'
+ to avoid losing first OOB packet
+
+Fri Apr 25 1997
+
+ * appl/voodoo/AuthOption.cpp: provoke the telnetd in turning on
+ encryption
+
+Wed Apr 23 1997
+
+ * lib/kafs/afskrb.c (realm_of_cell): don't overflow buffer with
+ result from `gethostbyaddr'
+
+ * lib/krb/name2name.c (krb_name_to_name): new parameter
+ `phost_size' to disable buffer overflowing. Changed all callers.
+
+ * lib/krb/k_getsockinst.c: New parameter `inst_size' to disable
+ buffer overflowing. Changed all callers.
+
+ * appl/kpopper/Makefile.in: soriasis make stupidity
+
+ * appl/kx/Makefile.in: don't include encdata.c in SOURCES_COMMON,
+ otherwise DEC make gets upset.
+
+Tue Apr 22 1997
+
+ * lib/krb/k_getsockinst.c: Use same name as in krb_get_phost.
+
+
+ * acconfig.h: hp-ux 10 also has `pututxline' that writes both to
+ utmp and utmpx.
+
+Sun Apr 20 1997
+
+ * include/win32/config.h: adapted to win95/NT
+
+ * appl/voodoo: Merged in win32-telnet from <d93-jka@nada.kth.se>
+
+ * lib/krb/tkt_string.c: dummy `getuid' function.
+
+ * lib/krb/ticket_memory.c (tf_setup): implement
+
+ * lib/roken/roken.mak, roken.def: new files
+
+ * lib/des/des.def: Removed des_random_{seed,key}
+
+ * lib/krb/dllmain.c: Rewrote `msg'.
+ Better explanation when it fails to spawn `krbmanager'.
+
+ * lib/krb/tf_util.c: backwards `in_tkt' added.
+
+ * lib/krb/in_tkt.c: removed
+
+ * lib/kclient/KClient: Reformatted and fixed.
+
+Sat Apr 19 1997
+
+ * appl/ftp/ftpd/ftpd.c: Incorporate /etc/ftpusers changes from
+ NetBSD.
+
+ * appl/ftp/ftpd/ftpd.c: Handle oob-stuff better.
+
+Fri Apr 18 1997
+
+ * appl/kpopper/pop_{dropinfo,send,updt}.c: Fix 'From ' line
+ parsing bug.
+
+ * appl/kpopper/pop_dropinfo.c: Add support for xover.
+
+ * appl/kpopper/pop_xover.c: Add some kind of xover support.
+
+ * appl/kpopper/pop_debug.c: New tiny popper debugging program.
+
+Tue Apr 15 1997
+
+ * lib/krb/kdc_reply.c (kdc_reply_cred): fix sanity checks.
+
+ * appl/bsd/rshd.c: k_afsklog so that remote command gets a token.
+ fix usage string.
+
+Sat Apr 12 1997
+
+ * appl/bsd/rcp.c (main): Rcp implements encrypted file transfer
+ without using the kshell service.
+
+
+ * lib/krb/mk_safe.c: Emit new checksum.
+
+ * lib/krb/rd_safe.c: New code to handle both new and old
+ checksums.
+
+ * lib/des/qud_cksm.c: Fix compatibility with mit deslib.
+
+Fri Apr 11 1997
+
+ * lib/sl/sl.c (sl_match): initialize `partial_cmd'
+
+Sun Apr 6 1997
+
+ * lib/kafs/kafs.h: Ugly addition of `_P'
+
+ * lib/kafs/afssys.c: <sys/socket.h> contains the definition of
+ `_IOW' on cygwin32.
+
+ * appl/telnet/telnet/utilities.c: <sys/socket.h> needed by
+ cygwin32
+
+ * doc/Makefile.in: always run $(MAKEINFO).
+
+ * lib/otp/otp_md.c (sha_finito_little_endian): byte-swap
+ correctly.
+
+ * include/sys/bitypes.H: Added #ifndef for types
+
+ * configure.in: test for types
+
+ * aclocal.m4: Stolen AC_GROK_TYPES? from heimdal
+
+
+ * appl/ftp/ftp/ftp.c: Fix passive mode.
+
+Sat Apr 5 1997
+
+ * appl/kauth/ksrvtgt.in: New ksrvtgt script.
+
+Fri Apr 4 1997
+
+ * lib/krb/kdc_reply.c: Add some range checking.
+
+
+ * lib/otp/otptest.c: Updated tests from `draft-ietf-otp-01.txt'.
+ Passes verification examples from appendix C.
+
+ * admin/kdb_util.c: All usage strings are now consistent (and even
+ with the code)!
+
+Thu Apr 3 1997
+
+ * lib/kafs/afssys.c (k_pioctl): Separate syscall functionality and
+ kerberos convenience routines into afssys.c and afskrb.c. This to
+ make it possible to use k_pioctl() without linking in all
+ libraries in the world.
+
+Tue Apr 1 1997
+
+ * appl/telnet/telnet/commands.c: Rename suspend to telnetsuspend,
+ since Unicos has one of its own.
+
+Sun Mar 30 1997
+
+ * appl/bsd/{rsh,rlogin}.c: Don't look at argv[0].
+
+
+ * man/tenletxr.1: new file
+
+ * appl/kx/rxtelnet.in, appl/kx/rxterm.in, appl/kx/tenletxr.in:
+ Support `-k'
+
+ * appl/kx/tenletxr.in: new script for running kx in backwards
+ mode.
+
+ * appl/kx: New version of protocol.
+
+ * appl/kauth: Use err & c:o
+
+ * appl/kauth/encdata.c (read_encrypted): Give better return code
+ for EOF
+
+
+ * appl/ftp/ftp/krb4.c: Use stdout rather than stderr. Add newlines
+ to many strings.
+
+ * kuser/kdestroy.c: Use set_progname, make -q equal to -f, remove
+ bell.
+
+ * lib/roken/warnerr.c: New function set_progname.
+ * aclocal.m4: Invert test of AC_NEED_DECLARATION and rename it to
+ AC_CHECK_DECLARATION. Add new function AC_CHECK_VAR, that looks
+ for a variable, including a declaration.
+
+ * lib/roken/roken.h: Add optional declaration for __progname.
+
+ * lib/roken/*{err,warn}.c: Restructure err and warn functions.
+
+Sat Mar 29 1997
+
+ * appl/telnet/telnet/sys_bsd.c: Maybe-fix for HP-UX 10: Ifdef
+ SO_OOBINLINE, don't even select for exceptional conditions.
+
+ * lib/otp/otp_md.c: always downcase the seed.
+ byte-swap the SHA result.
+
+Thu Mar 27 1997
+
+ * appl/otp/otp.c: removed bad free of global data
+
+Sun Mar 23 1997
+
+ * configure.in: moved version.h and config.h to include
+
+
+ * acconfig.h: Fix utmp/utmpx stuff on OSF/1.
+
+
+ * appl/bsd/rlogind.c (control): Rewritten to handle the case of
+ there being no `ws_xpixel' and `ws_ypixel'
+
+ * appl/bsd/rlogin.c (sendwindow): Rewritten to handle the case of
+ there being no `ws_xpixel' and `ws_ypixel'
+
+ * aclocal.m4 (AC_KRB_STRUCT_WINSIZE): Also test for `ws_xpixel'
+ and `ws_ypixel'
+
+ * lib/otp/otp.h: Change default global timeout
+
+ * lib/krb/tf_util.c (tf_setup): Also take `pname' and `pinst'
+
+ * appl/telnet/telnetd/sys_term.c, appl/bsd/utmpx_login.c: Do
+ gettimeofday and then copy the data for the sake of those systems
+ like SGI that can have different timevals in file and memory.
+
+ * configure.in: Allow `--with-readline'
+
+ * lib/editline/edit_compat.c (readline): strdup data before
+ returning it.
+
+
+ * appl/telnet/telnetd/state.c: Change size of subbuffer to 2k.
+
+Thu Mar 20 1997
+
+ * lib/krb/decomp_ticket.c: Add some range checking.
+
+ * appl/ftp/ftpd/krb4.c: Check return value from krb_net_write.
+
+ * appl/ftp/ftp/ftp.c: Fix hash mark printing.
+
+Wed Mar 19 1997
+
+ * appl/kauth/kauthd.c: more logging
+
+ * man/kx.1, man/kxd.8: Updated.
+
+ * appl/kx/kx.c, kxd.c: Hacked so that all TCP-connections are kx
+ -> kxd
+
+
+ * lib/editline/edit_compat.c: BSD libedit comatibility.
+
+Wed Mar 12 1997
+
+ * appl/ftp/ftpd/ftpd.c: Set `byte_count' even when using mmap.
+ Log foreign IP address together with hostname.
+
+Mon Mar 10 1997
+
+ * server/kerberos.c: Fix log file muddle.
+
+Sun Mar 9 1997
+
+ * appl/bsd/kcmd.c (kcmd): check malloc for failure.
+
+Tue Feb 25 1997
+
+ * man/ftpd.8: Documented the `-g' option.
+
+ * appl/ftp/ftpd/ftpd.c: New option `-g umask' for specifying the
+ umask for anonymous users.
+
+ * appl/ftp/ftpd/ftpd.c: conditionalize SIGURG
+
+ * appl/otp/otp.c: More fixes from Fabien COELHO
+ <coelho@cri.ensmp.fr>. Check for current OTP before allowing the
+ update.
+
+Wed Feb 19 1997
+
+ * appl/otp/otp.c: updated help string
+
+ * appl/bsd/Makefile.in: Fixed installation of suid programs.
+
+ * appl/telnet/libtelnet/kerberos.c: fix some stuff to get
+ forwarding code to compile
+
+ * lib/otp/otp_db.c: fix for signed char overflow.
+
+
+ * lib/krb/resolve.c: Patch from Jörgen Wahlsten
+ <wahlsten@pathfinder.com>: Zero out resource record, and send
+ correct length to dn_expand.
+
+Mon Feb 17 1997
+
+ * lib/roken/roken.h: Check for `_setsid'
+
+ * appl/ftp/ftp/ftp.c: s/__CYGWIN32__/HAVE_H_ERRNO/
+
+ * include/Makefile.in: Generete krb_err.h and kadm_err.h before
+ linking/copying them
+
+ * aclocal.m4: AC_FIND_FUNC: Add the library at the beginning of
+ the list.
+
+ * configure.in: Use AC_PROG_RANLIB
+ Always use EMXOMF under OS/2
+ Check for sys/termio.h and _setsid
+
+
+ * configure.in: A preliminary fix for editline.
+
+ * appl/telnet/libtelnet/kerberos.c: Include ticket forwarding
+ stuff.
+
+ * lib/krb/krb_get_in_tkt.c: Use tf_setup.
+
+ * lib/krb/krb_get_in_tkt.c: New function tf_setup.
+
+Sat Feb 15 1997
+
+ * man/otp.1: updated
+
+ * appl/otp/otp.c: New options `-d' and `-r'. From Fabien COELHO
+ <coelho@cri.ensmp.fr>
+
+ * lib/otp/otp.h: Changed default from md4 to md5
+ * lib/otp/otp_db.c (otp_get, otp_simple_get): New functions.
+
+Thu Feb 13 1997
+
+ * appl/kx/rxtelnet.in: allow specification of port number
+
+ * appl/otp/otp.c: Add `-u' option
+
+Sun Feb 9 1997
+
+ * appl/ftp/common/glob.c: Rename FOO -> CHAR_FOO to avoid
+ collision with symbol in sys/ioctl.h
+
+Fri Feb 7 1997
+
+ * man/kpropd.8: updated
+
+ * appl/bsd/rcmd_util.c: warning needs to know what program is
+ used.
+
+ * slave/kpropd.c: New explicit flag `-i' for interactive. Don't
+ use AI to figure out if we have been started by inetd or not.
+
+Thu Feb 6 1997
+
+ * appl/kx/rxtelnet.in, appl/kx/rxterm.in: Patch for sending -l to
+ kx. From <map@stacken.kth.se>
+
+ * kuser/klist.c: corrected alignment of `expired'
+
+ * appl/telnet/telnet/commands.c: replaced lots of \n by \r\n
+
+Mon Feb 3 1997
+
+ * configure.in (socket, gethostbyname, getsockopt, setsockopt):
+ Better tests.
+ (HAVE_H_ERRNO): New test
+
+ * lib/roken/herror.c (herror): Check HAVE_H_ERRNO
+ lots of other files as well.
+
+Sat Feb 1 1997
+
+ * appl/bsd/rcp.c: Work around the non-working getpw* in cygwin32
+
+ * lib/krb/logging.c: Init function for `std_log´
+
+ * appl/telnet/telnet/utilities.c: Remove `upcase´
+ Check HAVE_SETSOCKOPT
+
+ * appl/telnet/telnet/telnet.c: Use `strupr´ instead of `upcase´
+
+ * appl/telnet/telnet/commands.c, appl/movemail/pop.c,
+ appl/kauth/rkinit.c, appl/ftp/ftp/ftp.c,
+ appl/sample/sample_client.c: Ifdef around for the non-existence of
+ `h_errno' in cygwin32.
+
+ * lib/des/read_pwd.c: work-around for cygwin32
+
+ * appl/telnet/telnet/sys_bsd.c: work-around for cygwin32
+
+Fri Jan 31 1997
+
+ * lib/krb/tf_util.c: gnu-win32 needs to open files with O_BINARY.
+
+Sun Jan 26 1997
+
+ * configure.in: removed duplicate of initgroups and lstat
+ Use AC_KRB_STRUCT_WINSIZE
+
+ * aclocal.m4 (AC_KRB_STRUCT_WINSIZE): New test
+
+ * lib/krb/getaddrs.c: Check for SIOCGIFFLAGS and SIOCGIFADDR
+
+ * appl/bsd/rlogin.c: conditional on SIGWINCH
+
+ * appl/bsd/rcmd_util.c et al: conditional getsockopt
+
+ * configure.in (cygwin32): New target
+ (getsockopt, getsockopt): Test for
+ (herror, hstrerror): Better tests
+
+ * aclocal.m4 (AC_FIND_IF_NOT_BROKEN): Pass arguments to
+ AC_FIND_FUNC
+
+Thu Jan 23 1997
+
+ * configure.in: Add EXECSUFFIX
+
+ * appl/kx/rxterm.in: rsh -n
+
+ * lib/krb/unparse_name.c (krb_unparse_name_long_r): new function
+
+
+ * lib/auth/sia/sia.c: Fix a bug with ticket filename. Add afs
+ support.
+
+ * lib/krb/get_host.c: Use KRB_SERVICE.
+
+Wed Jan 22 1997
+
+ * lib/auth/sia/Makefile.in: Add linker magic fix for broken,
+ conflicting kerberos code in xdm.
+
+Tue Jan 21 1997
+
+ * appl/xnlock/xnlock.c (verify): Change the "LOGOUT" password to
+ be manageable as X-resource XNlock*logoutPasswd. The password is
+ stored in UNIX crypt format so that it can be stored in a global
+ resource file for sites that whish to keep it a secret.
+
+
+ * configure.in: Check for winsize in sys/ioctl.h also.
+
+Sat Jan 18 1997
+
+ * lib/krb/get_default_principal.c: Use principal from
+ KRB4PRINCIPAL before using uid.
+
+Wed Jan 15 1997
+
+ * appl/telnet/telnet/sys_bsd.c: Use `get_window_size'
+
+ * lib/roken/get_window_size.c: New file
+
+ * appl/bsd/rlogin.c: Use `get_window_size'
+
+ * appl/bsd/forkpty.c, appl/bsd/rlogind.c: conditionalize on
+ TIOCSWINSZ
+
+ * configure.in: Check for `_scrsize' and `struct winsize'
+
+Tue Jan 14 1997
+
+ * Makefile.in (install-strip, travelkit-strip): New targets.
+
+Thu Jan 9 1997
+
+ * */Makefile.in: Use @foo_prefix@ and @program_transform_name@
+ Add code to uninstall target
+
+Thu Dec 19 1996
+
+ * configure.in: Set LIBPREFIX
+
+ * config.sub: Add os2 as a system
+
+ * config.guess: Try to recognize i386-pc-os2_emx
+
+ * configure.in: case for *-*-os2_emx
+ NEED_PROTO for `strtok_r'
+
+ * aclocal.m4: ranlib is apparently calld EMXOMF on OS/2
+ (AC_KRB_PROG_LN_S): New test that uses cp if ln fails
+
+Wed Dec 18 1996
+
+ * appl/bsd/login.c (main): First try to verify password using
+ standard UNIX method and if it fails try kerberos authentication.
+
+Sat Dec 14 1996
+
+ * appl/bsd/rcp.c: consider case of no fchmod
+
+ * appl/kpopper/pop_init.c: Use k_getsockinst.
+
+ * lib/roken/{strupr,strlwr,strchr,strrchr,lstat,initgroups,chown,
+ fchown,rcmd}.c: new files
+
+ * appl/kpopper/pop_lower.c: Removed.
+
+ * Makefile.in (travelkit): New target.
+
+Tue Dec 10 1996
+
+ * lib/krb/parse_name.c (kname_parse): Only copy realm if it is
+ specified.
+
+ * lib/krb/get_host.c (krb_get_host): Treat no realm as local
+ realm.
+
+Mon Dec 9 1996
+
+ * appl/ftp/ftpd/ftpd.c: Get afs-tokens when logging in with
+ password.
+
+
+ * slave/kprop.c: flock with K_LOCK_SH
+
+Wed Dec 4 1996
+
+ * appl/telnet/telnet/commands.c: Also export XAUTHORITY
+
+Sun Dec 1 1996
+
+ * kadmin/ksrvutil.c: If realm is not specified, use the local one.
+
+Sat Nov 30 1996
+
+ * appl/kauth/kauthd.c: Use KAUTH_VERSION. Try to give correct
+ error messages back to kauth.
+
+ * config.sub, config.guess: Merged in changes from autoconf 2.12
+
+ * appl/bsd/rsh.c: quick hack to make `-n' to the right thing.
+
+ * kadmin/kadm_locl.h: Add prototype for FascistCheck.
+
+Thu Nov 28 1996
+
+ * man/afslog.1: Documented `-createuser'
+
+ * appl/afsutil/aklog.c: removed `cell_of_file' Added option
+ `-createuser' to run pts to create a foreign principal.
+
+Tue Nov 26 1996
+
+ * lib/otp/otp_challenge.c: Initialize error string and check for
+ NULL from strdup.
+
+ * lib/roken/mini_inetd.c: Initialize `sin_family'
+
+ * appl/kpopper/pop_init.c: Add `-p' option and make `-a'
+ auth-style
+
+ * appl/bsd/rshd.c: Add `-p' option.
+
+ * appl/bsd/rlogind.c: Handle `-p' correctly.
+
+ * appl/bsd/login.c: Removed confusing initialization of
+ `login_timeout'
+
+ * appl/kpopper/pop_dropinfo.c: Remove white-space at the beginning
+ of UIDL-string.
+
+Sun Nov 24 1996
+
+ * Release 0.9.3
+
+Sat Nov 23 1996
+
+ * kadmin/ksrvutil_get.c: Use `krb_unparse_name_long' Better
+ defaults.
+
+ * lib/krb/krb.h: Added *_to_key
+
+ * lib/krb/get_svc_in_tkt.c (srvtab_to_key): Make public
+
+ * kadmin/kadmin.c (do_init): `-p' is a synonym for `-u'
+ (do_init): more logical defaults
+ (help): removed old code
+ better error messages
+
+ * lib/krb/get_in_tkt.c (passwd_to_key, passwd_to_afskey): Export
+ and remove functionality for reading passwords.
+
+ * lib/sl/sl.c: Nicer help output.
+
+ * lib/otp/otp_challenge.c: Initialize `challengep'
+
+ * lib/krb/Makefile.in: Removed get_pw_tkt.c
+
+Fri Nov 22 1996
+
+ * lib/auth/sia/sia.c: Now compiles under Digital UNIX 4.0.
+
+Wed Nov 20 1996
+
+ * lib/auth/pam/pam.c: Chown ticketfile to correct GID.
+
+Tue Nov 19 1996
+
+ * appl/kx/rxtelnet.in: Try to set the screen number as well.
+
+ * Be careful not to thrust `h_length' from gethostby{name,addr}
+
+ * appl/bsd/rcmd_util.c (ip_options_and_die): New function.
+
+ * configure.in: moved headers before functions.
+ call AC_PATH_XTRA_XTRA.
+ Add strchr, index, rindex, and strrchr to AC_CHECK_FUNCS.
+ remove strchr and strrchr, add strtok_r from/to AC_BROKEN.
+
+ * aclocal.m4 (AC_PATH_XTRA_XTRA): New macro.
+
+ * aclocal.m4 (AC_FIND_FUNC, AC_FIND_FUNC_NO_LIBS): Two new
+ arguments: includes and arguments)
+
+ * configure.in: Need to supply arguments and includes to test for
+ `res_search' and `dn_expand'
+
+ * lib/kafs/afssys.c (k_setpag): Handle AFS_SYSCALL3
+
+ * Use `k_getpw{nam,uid}' instead of getpw{nam,uid}.
+
+ * Replace lots of `strtok' with `strtok_r'.
+
+ * lib/sl/sl.c: Allow unlimited number of arguments. Use
+ `strtok_r' to divide up string into arguments.
+
+ * lib/roken/roken.h: Added `strtok_r'
+
+ * configure.in: Test for `strtok_r'
+
+ * include/Makefile.in: Don't build in ss
+
+ * Makefile.export: Fixed ChangeLog-generation
+
+ * lib/sl/sl.c: Let `readline' to the \n-removal. Handle empty
+ lines. Don't store empty lines in the history.
+
+Mon Nov 18 1996
+
+ * lib/sl/sl.c: Use readline compatible i/o.
+
+
+ * lib/otp/otp_locl.h: Changed location of otp database to /etc
+
+ * appl/otp/Makefile.in: Install otp setuid root.
+
+ * util/Makefile.in: don't build SS
+
+ * lib/sl: New directory.
+
+ * kadmin/kadmin.c: Replaced SS by SL.
+
+Sun Nov 17 1996
+
+ * kadmin/kadm_funcs.c: Improved log messages.
+
+
+ * Use KRB_TICKET_GRANTING_TICKET.
+
+
+ * server/kerberos.c: Don't do any special logging when running as
+ slave.
+
+
+ * Lots of files: remove unnecessary `(void)'
+
+ * Lots of files: remove unnecessary `register' declaration.
+
+
+ * lib/krb/get_host.c: Only keep list of hosts from requested
+ realm.
+
+
+ * man/otpprint.1, otp.1: New files.
+
+ * appl/otp/otp.c: `-s' is now default.
+
+ * appl/otp/otp.c: removed count
+
+ * lib/des/destest.c: more general quad_cksum test.
+
+ * lib/otp/otp_print.c (otp_print_stddict_extended,
+ otp_print_hex_extended): New functions.
+
+ * lib/otp/otptest.c: New file.
+
+
+ * appl/ftp/ftpd/ftpd.c: Change default auth level to what was
+ formerly known as `user'.
+
+ * appl/ftp/ftpd/ftpd.c: Orthogonalize arguments to -a
+
+
+ * appl/kip/kip.c: Try all addresses we get back from the name
+ server.
+
+ * kadmin/kpasswd.c: updated to new functions.
+
+ * lib/otp/otp_db.c (otp_db_open): Do a few retries. Unlock in
+ case this file cannot be opened.
+
+ * doc/kth-krb.texi: New chapter about OTPs.
+
+ * appl/otp/otpprint.c, appl/otp/otp.c: Use OTP_ALG_DEFAULT.
+ Consistent language Check return value from des_read_pw_string.
+
+ * lib/otp/otp.h: Add OTP_ALG_DEFAULT
+
+
+ * lib/krb/parse_name.c: New function krb_parse_name
+
+Sat Nov 16 1996
+
+ * appl/bsd/login.c: removed S/Key.
+ Added OTP with option `-a otp'
+ Reorganized verification loop.
+
+ * appl/bsd/Makefile.in (login): Remove skey and add OTP
+
+ * configure.in: Test for `uid_t' and `off_t'
+
+ * appl/telnet/telnetd/telnetd.c: Removed `-s' for securID and
+ added `-a otp' for OTP.
+
+ * appl/kpopper: removed s/key and added OTP support. Updated
+ man-page.
+
+ * lib/otp/otp.h: more fields in the struct and a new function.
+
+ * appl/ftp/ftpd/ftpd.c: Full OTP support.
+
+ * appl/kx/rxterm.in: Add options: -l username, -r args_to_rsh, and
+ -x args_to_xterm
+
+ * appl/kx/rxtelnet.in: Add options: -l username, -t
+ args_to_telnet, and -x args_to_xterm
+
+ * man/kx.cat1: regenerated
+
+ * man/kx.1: Added `-l' option.
+
+ * appl/kx/kxd.c: Accept username from `kx'
+
+ * appl/kx/kx.c: Introduced option `-l user' to be able to login as
+ some other user.
+
+Fri Nov 15 1996
+
+ * appl/kx/kx.c: Print out display and not display_nr
+
+ * lib/auth/Makefile.in: Fix the case with empty SUBDIRS.
+
+ * */Makefile.in: Use $(LN_S) instead of ln -s
+
+ * */Makefile.in: Add @SET_MAKE@
+
+ * doc/latin1.tex: New file.
+
+ * doc/kth-krb.texi: Use latin1.tex to be able to use one letter
+ that some bear seem to think is important.
+
+ * doc/kth-krb.texi: Added acknowledgements.
+
+ * lib/auth/Makefile.in: Only build relevant subdirectories.
+
+ * configure.in: Set @LIB_AUTH_SUBDIRS@ to the subdirectories of
+ lib/auth that should be built.
+
+
+ * lib/kafs/afssys.c: Only get tokens for each cell once.
+
+Thu Nov 14 1996
+
+ * man: Added man pages for movemail(1) and kerberos(8).
+
+
+ * kadmin/kadmin_cmds.ct: Add `add' for add_new_key and `passwd'
+ for change_password.
+
+
+ * lib/krb/logging.c: Now actually compiles!
+
+
+ * config.{guess,sub}: Merge changes from Autoconf
+
+
+ * lib/krb/{recv,send}auth.c: Don't return errno if there is a
+ system error.
+
+Wed Nov 13 1996
+
+ * util/ss/Makefile.in: Now even compiles with BSD make!
+
+ * appl/kx: Now send the complete display from `kxd' to `kx'. This
+ should enable it to work better with Xlibraries that don't support
+ unix sockets.
+
+ * kuser/klist.c: conditionally include <sys/ioctl.h> and
+ <sys/ioccom.h> before <kafs.h>
+
+ * lib/krb/resolve.h: Add fallback for `T_TXT'.
+
+ * appl/otp/otp.c: removed print-functionality.
+
+ * appl/otp/otpprint.c: New file.
+
+ * appl/otp/Makefile.in: New program `otpprint'
+
+ * lots of Makefile.in: Now should be possible to build with makes
+ that have broken VPATH-handling.
+
+ * configure.in: Always replace REAL_SHARED & c:o so that some
+ libraries may be built as shared.
+ Removed unused AC_SUBST.
+ Only build afskauthlib on irix.
+
+ * lib/auth/afskauthlib/Makefile.in, lib/auth/sia/Makefile.in,
+ lib/auth/pam/Makefile.in: Always build as a shared library.
+
+ * appl/kx/rxtelnet.in, appl/kx/rxterm.in: export PATH (from
+ <jas@pdc.kth.se>).
+
+
+ * lib/krb/{pkt_cipher,fgetst}.c: Removed
+
+ * lib/krb/name2name.c: Renamed k_name_to_name to krb_name_to_name
+
+Mon Nov 11 1996
+
+ * appl/telnet/telnetd/sys_term.c: Really remove bad stuff from
+ environment.
+
+Fri Nov 8 1996
+
+ * appl/bsd/rlogind.c (main): `portnum' should be int.
+
+ * appl/bsd/sysv_environ.c: Use _PATH_ETC_ENVIRONMENT
+
+ * appl/bsd/pathnames.h: _PATH_ETC_ENVIRONMENT: new
+
+ * lib/krb/get_host.c (srv_find_realm): New parameter `service'
+
+
+ * lib/krb/unparse_name.c: New function.
+
+Tue Nov 5 1996
+
+ * lib/auth/pam/pam.c: Add PAM Kerberos module.
+
+Mon Nov 4 1996
+
+ * configure.in: configure in lib/auth/afskauthlib
+
+ * lib/kafs/afssys.c: New function `k_afsklog_uid'.
+
+ * lib/auth/afskauthlib: New library that works like
+ `afskauthlib.so' from Transarc.
+
+
+ *lib/krb/get_host.c, lib/krb/getrealm.c, lib/kafs/afssys.c: Use
+ dns_lookup().
+
+ * lib/krb/resolve.c (dns_lookup): Replaced several different
+ resolver functions with one more generalized.
+
+Sun Nov 3 1996
+
+ * Add check target in lib/krb.
+
+ * appl/bsd/login.c (main): Sleep 10 seconds before bailing out so
+ that there is a chance of reading the error message.
+
+ * appl/bsd/rsh.c (main): When invoked as rlogin equivalent change
+ to real uid before execing rlogin.
+
+Sat Nov 2 1996
+
+ * appl/bsd/utmp_login.c: Do the right thing on systems where
+ UTMPX_DOES_UTMP_LOGGING is defined.
+
+
+ * lib/krb/krb.h: names for `krb_kuserok' prototype
+
+ * lib/krb/get_host.c: Add tcp/kerberos.REALM as well.
+
+ * appl/bsd/su.c: Replace call to `kuserok' by `krb_kuserok'.
+
+ * lib/otp/otp_parse.c: Add support for parsing extended responses
+ (draft-ietf-otp-ext-01).
+
+ * lib/otp/otp.h: Define OTP_HEXPREFIX and OTP_WORDPREFIX.
+
+ * appl/otp/otp.c: Add option `-e' for printing responses in
+ extended mode (according to draft-ietf-otp-ext-01.txt).
+
+
+ * lib/krb/kuserok.c: Function krb_kuserok now takes name,
+ instance, realm rather than an AUTH_DAT.
+
+Fri Nov 1 1996
+
+ * lib/auth/sia: Add SIA Kerberos module.
+
+
+ * lib/roken/roken.h: Need to include signal.h prior to defining
+ SIG_ERR.
+
+ * appl/bsd/utmpx_login.c (utmpx_update): Minor restructuring for
+ simplified maintainability.
+
+ * appl/bsd/utmp_login.c (utmp_login): Even when there are utmpx
+ files on this system we should also log to the utmp files. If
+ there are no utmp files we of course don't have to log to them.
+
+
+ * Makefile.export: now generate PROBLEMS and COPYRIGHT as well.
+
+ * PROBLEMS, COPYRIGHT, doc/kth-krb.info: removed
+
+ * doc/kth-krb.texi: Put copyrights in marketing order.
+
+ * appl/kpopper/popper.h: client and ipaddr should be char [] so
+ that we can store the names there.
+
+ * appl/kpopper/pop_init.c: save copies of addresses that otherwise
+ get overwritten.
+
+Mon Oct 28 1996
+
+ * lib/krb/send_to_kdc.c (send_recv_it): Use `recv' not `recvfrom'
+ to make winsock happy. Also don't care anymore about from which
+ address we got the answer since we do a `connect'.
+
+ * admin/adm_locl.h, lib/kdb/kdb_locl.h, kadmin/kadm_locl.h,
+ lib/krb/krb_locl.h, lib/roken/strftime.c, server/kerberos.c: Do
+ not use #if, use #ifdef.
+
+ * configure.in: Test for `rand' and `getuid'
+
+
+ * slave/kprop.c: Don't terminate on trivial errors in slaves-file.
+
+Sun Oct 27 1996
+
+ * doc/Makefile.in: Install from source directory if necessary.
+
+ * lib/krb/kuserok.c: Do not use `k_getpwnam' in libkrb.
+
+ * configure.in: You can't even use `unset', Ultrix sh does not
+ have it.
+
+
+ * several files: Check status from des_read_pw_string.
+
+
+ * server/kerberos.c: Make sure all data is recieved on a tcp
+ socket before trying to reply.
+
+
+ * lib/krb/krb.h: Add <time.h> for `struct tm'
+
+ * appl/kx/Makefile.in: Both kx and kxd requires @XauWriteAuth@
+
+ * configure.in: Fix test for `XauReadAuth'
+
+Fri Oct 25 1996
+
+ * lib/krb/get_host.c (init_hosts): Must ntohs(KRB_PORT) on
+ machines running backwards.
+
+ * More consistent use of CRLF in telnet and telnetd.
+
+ * Removed redundant -I$(srcsdir)/../../include from compiler args.
+
+
+ * appl/ftp/ftpd/ftpd.c: New option `-a otp' to allow OTPs but no
+ ordinary passwords in cleartext.
+
+ * appl/ftp/ftpd/Makefile.in: Link `ftpd' with -lotp
+
+ * lib/Makefile.in: Add otp
+
+ * include/Makefile.in: Add otp.h
+
+ * configure.in: Test for ndbm.h
+ Generate Makefiles in lib/otp and appl/otp
+
+ * appl/otp: New program to set up and generate OTPs.
+
+ * lib/otp: New library for one-time passwords (RFC1938).
+
+ * lib/krb/get_host.c (srv_find_realm): Added parameter `proto'
+
+ * lib/des/Makefile.in: Add md4 and sha. run `mdtest' from check.
+
+ * lib/des/md4.h, lib/des/md4.c, lib/des/sha.c, lib/des/sha.h,
+ lib/des/mdtest.c: New files.
+
+ * appl/kauth/Makefile.in: Make $(libexedir) as well.
+
+Thu Oct 24 1996
+
+ * appl/bsd/rlogind.c (setup_term): Actually set the speed of the
+ terminal.
+
+ * appl/bsd/rlogin.c (main): Do a `speed_t2int' before putting the
+ speed in the TERM variable.
+
+ * appl/bsd/rcmd_util.c: New functions: `speed_t2int' and
+ `int2speed_t'.
+
+ * appl/bsd/bsd_locl.h: Added prototype of `speed_t2int' and
+ `int2speed_t'.
+
+Sun Oct 20 1996
+
+ * appl/bsd/login.c: Do `getspnam' before change the UID. Also call
+ `endspent'
+
+ * appl/krbmanager: New program used on PCs by kclient.
+
+ * lib/kclient: New library.
+
+ * lib/des, lib/krb: Added some PC-specific files.
+
+ * doc/kth-krb.info: Regenerated.
+
+ * doc/Makefile.in (kth-krb.info): Some stupid makes don't
+ understand $<
+ (kth-krb.html): New rule.
+
+ * doc/kth-krb.texi (Compiling from source): Added some references
+ about Socks.
+
+Sat Oct 19 1996
+
+ * doc/kth-krb.texi: Added text about ``--with-socks''.
+
+ * configure.in: Use `AC_TEST_PACKAGE' for skey and socks.
+
+ * aclocal.m4: Replaced `AC_TEST_SOCKS' and `AC_TEST_SKEY' with the
+ more general `AC_TEST_PACKAGE'.
+
+Fri Oct 18 1996
+
+ * configure.in: call AC_TEST_SOCKS
+
+ * acconfig.h: SOCKS
+
+ * aclocal.m4: Added AC_TEST_SOCKS
+
+ * lib/krb/send_to_kdc.c (send_to_kdc): Removed unused `f' and
+ close.
+
+Thu Oct 17 1996
+
+ * man/popper.8: Option `-i'
+
+ * appl/kpopper/pop_send.c: clean-up
+
+ * appl/kpopper/popper.h: Removed old garbage and added SKEY.
+
+ * appl/kpopper/pop_xmit.c: clean up
+
+ * appl/kpopper/pop_user.c: SKEY-support
+
+ * appl/kpopper/pop_pass.c: Added support for spaces in passwords
+ and S/Key.
+
+ * appl/kpopper/pop_init.c: Moved some variables into struct pop
+ (main): Added support for `-i'
+
+ * appl/kpopper/pop_get_command.c: New command "HELP".
+
+ * appl/kpopper/Makefile.in: Add SKEY-stuff.
+
+ * lib/krb/get_host.c: Use `k_getportbyname(KRB_SERVICE,...)' as a
+ default instead of KRB_PORT
+
+ * lib/krb/getaddrs.c (k_get_all_addrs): Add
+ gethostbyname(k_gethostname()) as a fallback.
+
+ * lib/krb/k_getport.c (k_getportbyname): proto can be NULL
+
+ * lib/krb/krb.h: Only include <sys/types.h> if HAVE_SYS_TYPES_H
+
+ * lib/krb/prot.h: KRB_SERVICE: Added
+
+
+ * server/kerberos.c: Replaced linked list with a vector.
+
+Wed Oct 16 1996
+
+ * server/kerberos.c: Add support for TCP connections.
+
+ * lib/krb/send_to_kdc.c: On stream sockets, use krb_net_read
+ rather than recvfrom.
+
+Mon Oct 14 1996
+
+ * doc/kth-krb.texi: Only use `kdb_edit' to add the initial
+ `nisse.admin'. Add all other users with `kadmin'.
+
+ * doc/kth-krb.info: new file.
+
+ * doc/kth-krb.texi: Added some text about kx and ftp.
+
+ * appl/ftp/ftpd/ftpcmd.y,
+ util/ss/ct.y,
+ util/et/error_table.y :
+ Added code for handling the case of using `bison' and having no
+ `alloca'. Alloca is usually never called anyway, so we just use
+ `malloc'.
+
+ * appl/kx/kxd.c: All static variables are now global and in
+ common.c.
+ (doit_conn, doit): Turn on TCP_NODELAY.
+ (create_and_write_cookie, suspicious_address): Moved to common.c
+
+ * appl/kx/kx.c (connect_host): Try all addresses of `host'. Turn
+ on TCP_NODELAY.
+ (doit): prepare for TCP-only hosts.
+ (usage,main): add `-t'
+ (main): Passive mode is possible again.
+
+ * appl/kx/kx.h: More #ifdefs for include files. Declarations for
+ global variables.
+
+ * appl/kx/common.c (get_xsockets): Try to chmod
+ dirname(`X_UNIX_PATH')
+ (get_xsockets): Turn on TCP_NODELAY on TCP connections.
+
+ * doc/Makefile.in: New file
+
+ * Makefile.in: Added `doc' to `SUBDIRS'
+
+ * configure.in: Generate `doc/Makefile'
+
+Sun Oct 13 1996
+
+ * appl/bsd/rcp.c (main): Made rcp AFS aware.
+
+ * lib/krb/kuserok.c (kuserok): Act as if luser@LOCALREALM is
+ always an entry of .klogin.
+
+Sat Oct 12 1996
+
+ * appl/kx/rxtelnet.in: Start the `xterm' process correctly.
+
+ * lib/des/rnd_keys.c (sumFile): consider the case that `res' is
+ not longword-aligned.
+
+ * lib/krb/get_host.c (parse_address): `getservbyname' should
+ really get proto = NULL
+
+ * lib/krb/send_to_kdc.c (krb_udp_port): removed
+ (send_to_kdc): removed `addrlist'
+
+ * lib/krb/send_to_kdc.c: Support not only UDP.
+
+ * lib/krb/get_host.c (krb_get_admhst): Really ask for a admin host
+ if that's what we want.
+
+Thu Oct 10 1996
+
+ * lib/krb/get_host.c: Simplified some code. Added stub-support for
+ SRV-records.
+
+Wed Oct 9 1996
+
+ * appl/kx/rxtelnet.in, appl/kx/rxterm.in: PDC are unable to give
+ correct instructions to their users and therefore we have to add
+ strange directories to the PATH.
+
+ * appl/kx/rxtelnet.in: Support sending arguments to telnet.
+
+ * appl/kx/rxterm.in: rsh can reside in path or %bindir% support
+ extra arguments to xterm (from <jas@pdc.kth.se>).
+
+ * appl/kx/rxtelnet.in: Try to find some kind of terminal emulator
+ for X.
+
+ * appl/kx/rxterm.in, appl/kx/rxtelnet.in: Look for kx in $PATH and
+ %bindir%.
+
+ * appl/kx/common.c (get_xsockets): `mkdir' the correct directory.
+ From <jas@pdc.kth.se>
+
+
+ * lib/krb/send_to_kdc.c: Changes to allow other than udp port 750
+ connections.
+
+ * lib/krb/get_host.c: rewrite of krb_get_{adm,krb}hst.
+
+Sun Oct 6 1996
+
+ * appl/ftp/ftpd/ftpd.c (retrieve): Got rid of `sprintf'.
+
+ * configure.in: Fix order for x libs. From <jas@pdc.kth.se>.
+ Check for `fcntl', `alloca', `winsock.h', and `io.h'.
+
+ * lib/krb/krb_locl.h: Check for <io.h> and <winsock.h>
+
+ * lib/krb/krb.h: Check for winsock.h
+
+ * lib/krb/k_flock.c: Better test for `fcntl' with locking.
+
+ * lib/krb/et_list.c: Hopefully correct pragma this time. From
+ <jas@pdc.kth.se>
+
+Thu Oct 3 1996
+
+ * lib/krb/klog.c (klog): Do not forget to print the text.
+
+ * lib/krb/log.c (krb_log): Print space after time in log.
+
+Wed Oct 2 1996
+
+ * appl/kpopper/popper.h: Add field msg_id to hold Message-Id for
+ UIDL command.
+
+ * appl/kpopper/pop_dropinfo.c (pop_dropinfo): Support for UIDL
+ command. Saves Message-Id to be used as unique id. Everything is
+ #ifdef:ed UIDL.
+
+ * appl/kpopper/pop_get_command.c: Recognize UIDL command.
+
+ * appl/kpopper/pop_uidl.c (pop_uidl): POP3 UIDL command
+ implementation.
+
+ * appl/kpopper/Makefile.in: New file pop_uidl.c.
+
+
+ * configure.in: Made some of the tests into macros defined in
+ aclocal.m4
+
+ * appl/telnet/libtelnet/kerberos.c: Given better error message
+ when user is not authorized to login.
+
+ * lib/roken/k_getpwuid.c, lib/roken/k_getpwnam.c: Call `endpwent'.
+ If we are using a BSD-kind of system we should not leave the
+ shadow password database open.
+
+ * appl/xnlock/xnlock.c: Got rid of all `register' declarations.
+
+ * appl/kx/rxterm.in, appl/kx/rxtelnet.in: Use `set --'
+
+Mon Sep 30 1996
+
+ * lib/roken/k_getpwnam.c, lib/roken_k_getpwuid.c: Call `endspent'
+ to try to close the shadow password file.
+
+ * appl/ftp/ftpd/ftpd.c (retrieve): Cut the argument to the command
+ and the first character of the extension.
+
+ * lib/krb/send_to_kdc.c: Sun doesn't have any strerror so we can't
+ use that here. We are only printing debug messages anyway, so
+ just print errno for now.
+
+ * appl/kx/rxtelnet.in: Now using SIGUSR2.
+
+ * appl/kx/kx.c: Now using SIGUSR1 to mean `exit when number of
+ children goes down to zero'. SIGUSR2 is `exit when number of
+ children is equal to zero'.
+
+ * appl/xnlock/xnlock.c: More fixup of old code.
+
+ * appl/ftp/ftpd/ftpd.c: Only call `filename_check' for guest
+ users.
+
+ * configure.in: Added tests for more header files. Also added
+ more ifdefs when actually including those files.
+
+ * appl/kx/Makefile.in: Do not build programs if we have no X11.
+
+Sun Sep 29 1996
+
+ * appl/xnlock/xnlock.c (main): Support for shadow passwords.
+
+ * lib/roken/k_getpwuid.c: New file, better support for shadow
+ passwords.
+
+
+ * appl/telnet/Makefile.in: Use SET_MAKE
+
+
+ * appl/ftp/ftpd/ftpcmd.y: Remove access to several commands for
+ anonymous users.
+
+ * lib/krb/get_krbhst.c: Look for kerberos-#.realm.
+
+ * appl/ftp/ftpd/popen.c: Execute files from ~ftp if possible.
+
+ * appl/ftp/ftpd/ftpd.c: Add find site command.
+
+ * appl/ftp/ftpd/ftpd.c: Add special handling of nonexistant files
+ with extensions {,.tar}{,.gz,Z}.
+
+Sat Sep 28 1996
+
+ * configure.in: Check for sys/times.h, sys/param.h, and
+ sys/timeb.h
+
+ * lib/des: autoconfed a little to make it compile.
+
+ * lib/roken/roken.h: Add `max', `min', and definitions for broken
+ syslogs.
+
+ * appl/bsd/bsd_locl.h: Removed SYSLOG-garbage and max.
+
+ * appl/kx/kx.h: Remove prototype of childhandler.
+
+ * appl/kx/common.c: Remove childhandler. Not common any more.
+
+ * appl/kx/rxterm.in: Send SIGUSR1 to kx before starting xterm.
+
+ * appl/kx/rxtelnet.in: Send USR1 to kx at appropriate moment.
+
+ * appl/kx/kx.c: Die after receiving SIGUSR1 and when number of
+ children goes to zero.
+
+ * lib/roken/roken.h: Add STDERR_FILENO
+
+ * lib/roken/mini_inetd.c (mini_inetd): Also dup onto stderr.
+
+ * lib/kafs/Makefile.in (afslib.so): Change argument so they work
+ with `ld' instead of `cc'
+
+ * appl/kx/kxd.c: writeauth.c as separate file.
+
+ * appl/kx/kx.c: `-d' option to disable forking.
+
+ * appl/kx/Makefile.in: Compile and link writeauth.c if necessary.
+ For some stupid reason $< does not work correctly in BSD make.
+ Use $(srcdir) instead.
+
+ * appl/ftp/ftp/ftp_locl.h: Only include <roken.h> once.
+
+ * configure.in: Use strange X flags when looking for XauReadAuth.
+ Add XauWriteAuth if we need to include it.
+
+Fri Sep 27 1996
+
+ * appl/sample: Sample programs work again.
+
+
+ * appl/kx/kxd.c (main): use `mini_inetd'
+
+ * appl/kx/kx.c: Use KX_PORT
+
+ * appl/kx/kx.h: Remove SOMAXCONN and add KX_PORT
+
+ * appl/kauth/kauthd.c (main): use `mini_inetd'
+
+ * appl/ftp/ftpd/ftpd.c: Removed `conn_wait' and use `mini_inetd'
+ instead.
+
+ * appl/bsd/bsd_locl.h: Prototypes for `get_shell_port' and
+ `get_login_port'
+
+ * appl/bsd/rcmd_util.c: New file.
+
+ * appl/bsd/Makefile.in: Added rcmd_util.c
+
+ * appl/bsd/rcp.c: Moved `get_shell_port' to rcmd_util.c
+
+ * appl/bsd/rsh.c: Moved `get_shell_port' to rcmd_util.c
+
+ * appl/bsd/rlogind.c (main): Use `mini_inetd'
+
+ * appl/bsd/rshd.c (main): Add support for interactive mode with
+ `-i'.
+
+ * appl/telnet/telnetd/telnetd.c (main): use `mini_inetd'
+
+ * lib/roken/roken.h: Added prototype for `mini_inetd', and
+ fallback definitions for SOMAXCONN, STDIN_FILENO, and
+ STDOUT_FILENO.
+
+ * lib/roken/Makefile.in: Added mini_inetd.o
+
+ * lib/roken/mini_inetd.c: New file.
+
+Thu Sep 26 1996
+
+ * appl/kx/kxd.c (doit): read port number in ascii.
+
+ * appl/kx/kx.c (doit): write port number in ascii.
+
+ * appl/kauth/rkinit.c (doit_host): Check return value from
+ `read_encrypted'.
+
+ * appl/kauth/kauthd.c (doit): Removed unnecessary sprintf's before
+ syslog.
+
+ * lib/krb/krb_get_in_tkt.c (krb_get_in_tkt): Return error code
+ from `tf_create' and not always INTK_ERR.
+
+ * lib/krb/tf_util.c (tf_create): Correct check for return value
+ from `open'.
+
+ * lib/des/rnd_keys.c (des_rand_data): Try /dev/urandom as well.
+
+Wed Sep 25 1996
+
+ * appl/afsutil/pagsh.c (main): One-of error hopefully fixed this
+ time.
+
+ * configure.in: Add test for <sys/un.h>
+
+ * kadmin/Makefile.in: Add back $(CRACKLIB)
+
+Mon Sep 16 1996
+
+ * appl/kx/Makefile.in: Create rxterm and rxtelnet at compile time.
+
+ * kstring2key moved to appl/afsutil.
+
+Sun Sep 15 1996
+
+ * appl/kx/kx.c (main): For now always use passive mode. That's
+ the only thing that has been tested and not a lot of people are
+ going to use non-passive anyways.
+
+ * appl/kx/kx.c (connect_host): write display_number in ascii.
+
+ * appl/kx/kxd.c (doit): read display_number in ascii.
+
+ * appl/kx/common.c (get_local_xsocket): Generate the
+ /tmp/.X11-unix directory with the sticky bit set.
+
+ * configure.in: Generate appl/kx/rxterm and appl/kx/rxtelnet.
+
+ * appl/kx/Makefile.in: Install rxterm and rxtelnet.
+
+ * appl/kx/rxterm.in, appl/kx/rxtelnet.in: New files.
+
+ * appl/kx/common.c (get_local_xsocket): try to bind the socket
+ instead of checking for existence with lstat.
+
+
+ * appl/kx/kxd.c: Detect remote termination and cleanup on exit.
+
+Sat Sep 14 1996
+
+ * lib/des/rnd_keys.c: Hack for systems that lack setitimer (like
+ crays).
+
+
+ * appl/kx/kxd.c (doit): Send over the display number and the
+ authority file actually used to kx.
+
+ (create_and_write_cookie): New function to generate and write into a
+ file a local cookie used between this pseudo-server and the
+ clients on this host.
+
+ (start_session): New function to check and remove the local cookie
+ before the data is sent over to `kx'.
+
+ * appl/kx/kx.c (display_num, xauthfile): New variables. Now `kx'
+ prints out the values of those two variables and then goes to the
+ background to enable some script to set these on the other host.
+
+ (start_session): New function that adds a local cookie before sending
+ the rest of the connection to the local X-server.
+
+ (main): Also recognize "unix" as a local DISPLAY.
+
+ * appl/kx/kx.h: <X11/Xauth.h> used.
+ (get_local_xsocket): Changed parameter.
+
+ * appl/kx/common.c (get_local_xsocket): Now try to allocate the
+ first free socket in /tmp/.X11-unix. Also `mkdir' this directory
+ first. Return the number of the display opened.
+
+ * appl/kx/Makefile.in: Added X libraries.
+
+ * lib/des/des.h: Added prototype for `des_rand_data'.
+
+ * lib/des/rnd_keys.c: Made `des_rand_data' non-static. This
+ function is useful and now even used.
+
+Wed Sep 11 1996
+
+ * appl/bsd/login.c: Use k_afs_cell_of_file() to get tokens for the
+ cell of the home catalog rather than the local cell.
+
+ * lib/kafs/afssys.c: Add k_afs_cell_of_file.
+
+Tue Sep 10 1996
+
+ * appl/telnet/telnetd/telnetd.c, appl/telnet/telnetd/sys_term.c:
+ Removed all convex code.
+
+Mon Sep 9 1996
+
+ * appl/telnet/telnetd/termstat.c: UNICOS5: removed
+
+ * appl/telnet/telnetd/telnetd.c, appl/telnet/telnetd/sys_term.c:
+ NEWINIT, UNICOS7x, UNICOS5: removed
+
+ STREAMSPTY: added variable `really_stream' Now able to handle the
+ case where the OS supports stream ptys but we run out of them and
+ start using ordinary BSD ones.
+
+ * appl/telnet/telnetd/state.c: UNICOS5: removed
+
+ * appl/telnet/telnetd/pathnames.h: BFTPPATH: removed
+
+ * appl/telnet/telnetd/ext.h, appl/telnet/telnetd/global.c:
+ BFTPDAEMON: removed.
+ UNICOS5: removed.
+
+ * appl/telnet/telnetd/ext.h: STREAMSPTY: added variable
+ `really_stream'.
+
+ * lib/krb/stime.c (krb_stime): argument should be `time_t'.
+ lib/krb/krb_locl.h: changed prototype.
+
+Sun Sep 8 1996
+
+ * configure.in: Also generate `appl/sample/Makefile'
+
+ * appl/Makefile.in: Use @SET_MAKE@.
+ Include sample
+
+ * lib/krb/Makefile.in: Add krb_stime, krb_mk_auth, and
+ krb_check_auth.
+
+ * util/et/compile_et.c (main): Include <foo.h> in foo.c
+
+ * slave/kprop.c: exit with return code == 1 to indicate failure.
+
+ * server/kerberos.c (usage): Fixed usage string.
+
+ * lib/krb/tkt_string.c (tkt_string): Removed bogus extern
+ declaration of `getuid'.
+
+ * lib/krb/tf_util.c (tf_save_cred): Removed bogus extern
+ declaration of `lseek'.
+
+ * lib/krb/stime.c (stime): Renamed to `krb_stime'
+
+ * lib/krb/sendauth.c (krb_sendauth): reimplemented using
+ `krb_mk_auth' and `krb_check_auth'.
+
+ * lib/krb/send_to_kdc.c (send_recv): Removed stupid cast.
+
+ * lib/krb/recvauth.c: Removed KRB_SENDAUTH_VERS
+
+ * lib/krb/prot.h: create_auth_reply: correct prototype.
+ krb_create_death_packet: ditto.
+ KRB_SENDAUTH_VERS: moved here from sendauth.c and recvauth.c
+
+ * lib/krb/month_sname.c: Made `month_sname' const.
+
+ * lib/krb/mk_req.c: Remove stupid `register'
+
+ * lib/krb/log.c (krb_log): Use `krb_stime'
+
+ * lib/krb/kuserok.c (kuserok): Nightmare Filesystem might return
+ ESTALE. Treat it the same way as ENOENT.
+
+ * lib/krb/krb_locl.h: Added prototype for `krb_stime'
+
+ * lib/krb/krb_check_auth.c: New file with `krb_check_auth',
+ implemented for compatibility with CNS.
+ lib/krb/krb_mk_auth.c: Ditto.
+
+ * lib/krb/krb.h: Removed duplicate declarations of `get_request'
+ and `krb_get_admhst'.
+ Added declarations for `krb_mk_auth' and `krb_check_auth'.
+
+ * lib/krb/kparse.h: removed prototype for `strsave'
+
+ * lib/krb/kparse.c (fGetParameterSet): Use `strdup' instead of
+ `strsave'.
+ (strsave): Removed.
+
+ * lib/krb/kname_parse.c: Removed stupid `register' declarations.
+
+ * lib/krb/klog.c (klog): Use `krb_stime'
+
+ * lib/krb/get_phost.c: Handle the case where the name has no dots
+ in it by just returning it as-is.
+
+ * lib/knet/Imakefile, lib/knet/getkdata.c, lib/knet/phost.c,
+ lib/knet/sendkdata.c: removed unused files.
+
+ * lib/kadm/kadm_cli_wrap.c (kadm_init_link): use `k_getportbyname'
+
+ * kadmin/ksrvutil_get.c (get_srvtab_ent): Erase the key if
+ something goes wrong. Include realm in the message when writing a
+ key.
+ (parseinput): New function that removes quotes and backslashes
+ from input.
+ (ksrvutil_get): Use `parseinput' to read input.
+
+ * kadmin/ksrvutil.c (safe_read_stdin): Correct use of printf.
+ Removed bogus casts and fflush of stdin.
+ (main): Use `return' instead of `exit'.
+
+ * kadmin/kpasswd.c (main): Use `return' instead of `exit'.
+
+ * kadmin/admin_server.c: exit with return code == 1 to indicate
+ failure.
+
+ * appl/sample/sample_server.c: Rewrote to use all new functions.
+
+ * appl/sample/sample_client.c: Rewrote to use all new functions.
+
+ * appl/sample/sample.h: new file.
+
+ * appl/sample/Makefile.in: new file.
+
+ * appl/movemail/pop.c (socket_connection): use `k_getportbyname'
+
+ * appl/kpopper/pop_init.c: exit with return code == 1 to indicate
+ failure.
+
+ * appl/kauth/kauth.c (doexec): new-style definition. ret should
+ be a `pid_t'.
+ (main): new-style definition. Use `prog' instead of `argv[0]'
+
+ * appl/ftp/ftp/extern.h: Removed unused `abortsend'
+
+ * appl/ftp/Makefile.in: Use @SET_MAKE@
+
+ * appl/bsd/rsh.c: get_shell_port: use `k_getportbyname'
+
+ * appl/bsd/rlogin.c: get_login_port: use `k_getportbyname'
+
+ * appl/bsd/kcmd.c: Removed bogus casts to `caddr_t'
+
+ * admin/kstash.c: Removed bogus flushing of stderr. Replaced lots
+ of `exit(-1)' by `return 1'
+
+ * admin/kdb_util.c: Removed unused variable `aprinc'.
+ Removed bogus flushing of stderr.
+ Replaced lots of `exit(-1)' by `return 1'.
+
+ * admin/kdb_edit.c, admin/kdb_init.c: use `return' instead of
+ calling `exit' and use 1, not -1, for failure.
+
+ * Makefile.in: Use @SET_MAKE@
+
+ * aclocal.m4: AC_NEED_PROTO: need macro to determine if we need to
+ define a prototype for a function.
+
+ * configure.in: Reordered. Removed unused stuff. Start using
+ AC_NEED_PROTO.
+
+ * config.guess: merged in FSF version from 960908.
+
+Tue Sep 3 1996
+
+ * include/protos.H: Added optarg, opterr, optind, optopt and
+ (fclose under Sunos 4). Removed these declarations from lots of
+ other files.
+
+ * acconfig.h: Add undefs for h_errno, h_errlist, optarg, optind,
+ opterr, and optopt.
+
+ * configure.in: Use `AC_NEED_DECLARATION' for h_errno, h_errlist,
+ optarg, optind, opterr, and optopt.
+
+ * aclocal.m4: New macro `AC_NEED_DECLARATION' to figure out if we
+ need to have an external declaration of a variable.
+
+Mon Sep 2 1996
+
+ * lib/krb/krb.h: Removed unused `req_act_vno' and `k_log'.
+ Changed all callers.
+
+ * lib/krb/krb.h: Removed definition of `MAX_HSTNM'.
+
+ * lib/krb/send_to_kdc.c: Removed use of `MAX_HSTNM'.
+
+ * appl/afsutil/pagsh.c: Some reformatting and fixed the off-by-one
+ args bug.
+
+Sat Aug 31 1996
+
+ * lib/krb/{send_to_kdc.c, getrealm.c}, appl/xnlock/xnlock.c,
+ appl/kauthkauth.c, appl/bsd/{rshd.c,rlogind.c}: Removed '#if 0'-ed
+ code.
+
+ * lib/krb/get_in_tkt.c: Removed '#if 0'-ed code and now compiles
+ with NOENCRYPTION.
+
+ * kadmin/ksrvutil.c: Now compiles with NOENCRYPTION.
+
+ * appl/ftp/ftpd/ftpcmd.y: Throw away passwd after use.
+
+ * appl/ftp/ftpd/ftpd.c: Fixed old comment.
+
+ * slave/kpropd.c: s/sa_len/salen/ Irix has a #define for sa_len.
+
+ * lib/kdb/krb_dbm.c: If key->dptr is not a `char *' we have to
+ cast it before adding to it.
+
+ * configure.in: Old test for `sa_len' in `struct sockaddr' fails
+ on IRIX 6.2. Try to compile a program refering to that field
+ instead of grepping for it in <sys/socket.h>.
+
+ * appl/bsd/kcmd.c: Removed old and broken code.
+
+ * configure.in: Check for `gethostname', `uname', and
+ <sys/utsname.h>
+
+ * lib/krb/k_gethostname.c: Try to use `uname' if we have no
+ `gethostname'.
+
+ * appl/ftp/ftpd/klogin.c: Incorrect use of `gethostname' replaced
+ by correct use of `k_gethostname'.
+
+
+ * lib/roken/verify.c: Change name verify_unix_user ->
+ unix_verify_user in analogy with krb_verify_user.
+
+Fri Aug 30 1996
+
+ * appl/xnlock/Makefile.in: Install man-page.
+
+ * configure.in, */Makefile.in: Replace `-shared' with some other
+ option when not using gcc.
+
+ * lib/kafs/afssys.c: Do not start by checking if we have AFS in
+ `k_afsklog'.
+
+ * appl/bsd/rlogin.c: More kludges to make it work with rlogin on
+ linux: Do not select for an exceptional condition on `rem' after
+ having received EINVAL.
+
+ Also rewrote ifndef NOENCRYPTION stuff.
+
+ * appl/bsd/rlogind.c: More kludges to make it work with rlogin on
+ linux: Only send oob data just after having sent normal data to
+ make sure we never send two consecutive bytes of oob data.
+
+ Also rewrote ifndef NOENCRYPTION stuff.
+
+Thu Aug 29 1996
+
+ * lib/kafs/Makefile.in: Use `ld' instead of `cc' for linking
+ afslib.so. Not everybody has cc.
+
+Wed Aug 28 1996
+
+ * Release 0.9.2a
+
+Mon Aug 26 1996
+
+ * appl/bsd/login.c: Clean-up. Made static a lot of functions and
+ variables. Rewrote some function definitions to ANSI-style.
+
+ * appl/bsd/sysv_environ.c: KRB4_MAILDIR may and may not contain a
+ trailing slash. We need to be very careful to make sure the
+ contents of $MAIL does not contain two, because RMAIL in emacs
+ uses it and emacs is no friend with double slashing.
+
+
+ * lib/kafs/afssys.c (k_afsklog_all_local_cells): Now should return
+ correct value.
+
+Sun Aug 25 1996
+
+ * Release 0.9.2.
+
+Sat Aug 24 1996
+
+ * lib/roken/hstrerror.c: Check for h_errlist prototype.
+
+Thu Aug 22 1996
+
+ * lib/krb/send_to_kdc.c, etc/services.append, server/kerberos.c:
+ Changed `kerberos' to `kerberos-iv' now that it has been
+ registered with IANA.
+
+ * man/rshd.8, man/rlogind.8: updated documentation of `-a'
+
+ * lib/roken/roken.h: Added declaration of `h_errno'
+
+ * kuser/Makefile.in: Link kdestroy with KRB_KAFS_LIB
+
+ * appl/kauth/kauth.h: Stupid declarations for syslog.
+
+ * appl/kauth/kauthd.c: syslog errors and success.
+
+ * include/protos.H: Removed `h_errno', now in roken.h Declare
+ `getusershell' under solaris.
+
+ * configure.in, acconfig.h: Figure out if we have to declare
+ `h_errno'.
+
+ * appl/ftp/ftp/kauth.c: Added support for afs_string_to_key.
+
+Wed Aug 21 1996
+
+ * lib/kafs/afssys.c: Look for AFS database servers in dns also.
+
+ * lib/kafs/afssys.c: Add support for a ~/.TheseCells-file.
+
+Sun Aug 18 1996
+
+ * appl/bsd/rlogind.c: Removed unused `check_all' variable. Use
+ `inaddr2str'.
+
+ * appl/bsd/rshd.c: Use `inaddr2str'.
+
+ * appl/bsd/iruserok.c: Removed potential buffer overrun after
+ `gethostbyaddr'.
+
+ * lib/roken/inet_aton.c: Some const-ness.
+
+ * lib/roken/Makefile.in: Add `inaddr2str.o'.
+
+ * appl/ftp/ftpd/ftpd.c: Use `inaddr2str'.
+
+ * lib/roken/inaddr2str.c, lib/roken/roken.h: New function
+ `inaddr2str' to convert an IP address into a verified hostname or
+ a string of the form x.y.z.a
+
+ * lib/krb/{krb_locl.h, krb.h, k_name_to_name.c, k_getsockinst.c,
+ getrealm.c}: Some const-ness.
+
+ * appl/bsd/bsd_locl.h: Removed another prototype for `crypt'.
+
+ * appl/kpopper/popper.h: Some const-ness to get rid of a warning.
+
+ * appl/bsd/rshd.c: Always check reverse mapping. Removed
+ `local_domain' and `top_domain'. Added some const-ness.
+
+Sat Aug 17 1996
+
+ * include/Makefile.in: Removed VPATH. With it this makefile does
+ not work correctly.
+
+ * lib/krb/rw.c, lib/krb/krb_locl.h: Changed parameters to
+ `krb_{get,put}'-functions to void *.
+
+ * include/protos.H: Add `getusershell' in solaris.
+
+ * appl/kauth/kauthd.c, appl/bsd/{rlogin.c,rlogind.c}: Less
+ warnings because of arguments to `setsockopt'.
+
+ * lib/roken/roken.h: Fixed prototype of `inet_aton'
+
+Wed Aug 14 1996
+
+ * lib/roken/verify.c: Use <crypt.h> if there is one.
+
+ * lib/kafs/Makefile.in: AFS_EXTRA_LIBS is always called
+ `afslib.so'. Otherwise some makes get upset when there is no such
+ library to be made.
+
+ * appl/telnet/telnetd/telnetd.h: <protos.h> are needed to get
+ prototype for `ptsname'.
+
+ * appl/bsd/rlogind.c, appl/kpopper/pop_dropinfo.c,
+ appl/telnet/libtelnet/{auth.h,enc_des.c,kerberos.c},
+ appl/telnet/telnet/utilities.c, appl/telnet/telnetd/{sys_term.c,
+ telnetd.h, kadmin/admin_server.c, kuser/klist.c,
+ lib/kdb/{krb_cache.c, krb_dbm.c}, lib/krb/{fgetst.c, getst.c,
+ log.c, tf_util.c}: Include type `int' on all definitions and
+ remove unnecessary `register'.
+
+ * appl/bsd/login_access.c: Fix parameter declaration to
+ `netgroup_match'.
+
+ * appl/bsd/forkpty.c, include/protos.h: s/__sgi__/__sgi//g
+
+ * admin/kdb_util.c: Use `errno' for error message instead of
+ uninitialized variable.
+
+Tue Aug 13 1996
+
+ * appl/kauth/rkinit.c: Default port should be the same in kauth
+ and kauthd.
+
+Sun Aug 11 1996
+
+ * configure.in: Added `AC_REVISION'
+
+ * slave/kpropd.c: Cleaned up structure. Now returns useful value.
+
+ * lib/roken/verify.c: Broken OSes need declartion of `crypt'.
+
+ * lib/roken/roken.h: Added prototype for `verify_unix_user'.
+
+ * lib/krb/lsb_addr_comp.h: Added prototype for `lsb_time'.
+
+ * lib/krb/{get_admhst.c, get_default_principal.c, get_krbhst.c,
+ get_krbrlm.c, getrealm.c, realm_parse.c} : Check for buffer
+ overwrite correctly.
+
+ * lib/krb/rw.c, lib/krb/krb_locl.h: Prepended `krb_' to `get_int',
+ `put_int', `get_address', `put_address', `put_string',
+ `get_string', `get_nir', and `put_nir'. Changed all callers.
+
+ * lib/kdb/krb_db.h: Added prototype for `kerb_delete_principal'
+ and `kerb_db_delete_principal'.
+
+ * lib/kadm/kadm_cli_wrap.c: Removed unused variable.
+
+ * appl/telnet/telnetd/telnetd.c: Changed bogus `strncpy' to
+ `strcpy'.
+
+ * appl/bsd/su.c: Fixed error messages from execv.
+
+ * appl/bsd/rlogin.c: Fixed potential buffer overrun when reading
+ "TERM".
+
+Thu Aug 8 1996
+
+ * appl/telnet/telnet/commands.c, appl/kauth/rkinit.c: Replaced
+ `herror' by `hstrerror'.
+
+ * appl/bsd/login.c: chmod the tty so that it is writable for group
+ tty.
+
+ * configure.in: Use AC_FIND_IF_NOT_BROKEN for herror and
+ hstrerror.
+
+ * aclocal.m4: New macro `AC_FIND_IF_NOT_BROKEN'
+
+ * config.guess: Add 686
+
+Tue Aug 6 1996
+
+ * lib/krb/getrealm.c: Fallback for `T_TXT'
+
+ * configure.in: Look for `res_search' and `dn_expand' in
+ libresolv.
+
+Mon Aug 5 1996
+
+ * */Makefile.in: Add Id to those missing it.
+
+ * configure.in: Small fix in comment.
+
+
+ * Release 0.9.1.
+
+
+ * appl/ftp/ftpd/ftpcmd.y: s/timeout/ftpd_timeout/
+
+ * appl/kstring2key/kstring2key.c: `usage' changed to void.
+
+ * lib/krb/mk_req.c: `build_request' changed to void.
+
+ * appl/ftp/ftp/ftp_locl.h: Changed order of includes.
+
+ * appl/bsd/login.c, appl/ftp/ftpd/*: s/timeout/login_timeout/
+
+ * lib/kafs/afssysdefs.h: undef AFS_SYSCALL if we are defining it.
+
+Sun Aug 4 1996
+
+ * lib/kafs/afssys.c: AIX systems will now correctly (I hope)
+ detect whether AFS is loaded or not. This is currently a bit
+ kludgy, and involves loading an external shared library,
+ afslib.so, which can be put in athena/lib or pointed to with
+ environment variable AFSLIBPATH. This is only tested on AIX 4
+ (due to lack of an AIX 3 system).
+
+
+ * lib/krb/getrealm.c: Range-check the result from the DNS.
+
+ * lib/krb/get_krbrlm.c: Try to use the DNS to find out which realm
+ this host belongs to.
+
+ * kadmin/ksrvutil_get.c: Fixed error message.
+
+
+ * lib/kafs/*: Fix aix/afs brokenness.
+
+ * lib/kadm/kadm_stream.c (stv_string): Range check.
+
+Fri Jul 26 1996
+
+ * appl/ftp/common/{ftp,ruserpass}.c: Less bogus domain name
+ handling.
+
+Mon Jul 22 1996
+
+ * lib/krb/mk_req.c: Use encrypt_ktext()
+
+ * configure.in, lib/kafs/afssys.c: Add option to exclude AFS
+ support (this is useful only on AIX systems that doesn't have
+ AFS).
+
+ * configure.in: Removed configuration from subdirectories.
+
+Sat Jul 13 1996
+
+ * appl/ftp/ftp/extern.h, appl/ftp/ftp/ftp.c: Substitute `struct
+ fd_set' with `fd_set'.
+
+Mon Jul 8 1996
+
+ * Makefile.in: install should depend on all.
+
+Sun Jul 7 1996
+
+ * appl/bsd/su.c: Allow root to set the uid without entering a
+ password.
+
+Fri Jul 5 1996
+
+ * lib/krb/getrealm.c: Add automatic dns realm search.
+
+Thu Jul 4 1996
+
+ * lib/krb/log.c (krb_log): Renamed k_log(...) to krb_log(...) for
+ compatibility with CNS. There is still a #define k_log krb_log.
+
+ * util/et/et_list.c: Hack to resolve _et_list in shared libraries.
+
+Fri Jun 28 1996
+
+ * appl/bsd/rlogin.c (reader): If after a select rlogin fails to
+ read expected OOB data try to read ordinary data before continuing.
+
+ * appl/bsd/rlogin.c (oob_real): SunOS5 tty race kludge.
+
+ * appl/bsd/rlogind.c: Cleanup oobdata stuff.
+
+Thu Jun 27 1996
+
+ * appl/bsd/login.c (main): Also check for complete tty name with
+ `rootterm'.
+
+ * lib/krb/check_time.c: New function `krb_check_tm'.
+
+ * lib/roken/tm2time.c: New function `tm2time', mktime generalized
+ to local timezone and UTC.
+
+ * kadmin, admin: Use `tm2time' and `krb_check_time' instead of
+ `maketime'.
+
+Tue Jun 25 1996
+
+ * lib/krb/mk_priv.c (krb_mk_priv): Send correct address.
+
+ * appl/kauth/kauthd.c: Set ticket file to some sane default, and
+ add -i debugging switch.
+
+Mon Jun 24 1996
+
+ * appl/xnlock, appl/kauth, appl/telnet/telnetd: Use BINDIR and not
+ `/usr/athena/bin'.
+
+Wed Jun 19 1996
+
+ * appl/bsd/rlogin.c: consistent usage of oob_real.
+
+ * appl/bsd/rlogind.c: Do not send oob garbage when running
+ solaris? Seems that linux is unable to handle the duplicate
+ urgent data that is the result.
+
+ * appl/bsd/rlogind.c: Fix usage.
+
+ * appl/bsd/kcmd.c: Don't F_SETOWN.
+
+Mon Jun 17 1996
+
+ * lib/krb/rw.c: Add get_address() and put_address().
+
+
+ * appl/telnet/telnetd/telnetd.c: updated usage
+
+ * appl/bsd/su.c: Replaced getpass by des_read_pw_string
+
+ * appl/bsd/forkpty.c (ptym_open): Removed unused `ptr2'.
+
+ * appl/bsd/rlogind.c: Removed unused functions and made others
+ static.
+
+Sun Jun 16 1996
+
+ * Release 0.9.
+
+
+ * appl/ftp/ftpd/ftpd.c: Don't just send data in plain when doing
+ NLST.
+
+
+ * configure.in: test for setresgid.
+
+ * kadmin/ksrvutil_get.c: Fixed byte manipulations of keys.
+
+Sat Jun 15 1996
+
+ * lib/des/rnd_keys.c (des_rand_data): At least `srandom'.
+
+ * appl/ftp/ftp/cmds.c: Support longer passwords when retrying
+ login.
+
+ * kadmin/admin_server.c, man/kadmind.8, kth-krb.texi: Reading key
+ file from file is now the default. Use `-m' to enter it manually.
+ `-n' is currently a no-op.
+
+ * appl/ftp/ftpd/ftpd.c: Add S/Key support.
+
+ * appl/ftp/ftpd/Makefile.in: Link with S/Key.
+
+ * appl/ftp/configure.in: Test for S/key.
+
+ * configure.in, aclocal.m4: Moved skey test
+ to aclocal.m4.
+
+ * appl/bsd/login.c: Correct argument to `skeyaccess'.
+
+Fri Jun 14 1996
+
+ * lib/krb/verify_user.c: New parameter to specify service key
+ instance, NULL means "rcmd".
+
+ * lots of files: All ticket filenames uses `TKT_ROOT'.
+
+ * appl/bsd/rlogind.c: Check for uid == 0 and user != "root".
+
+Tue Jun 11 1996
+
+ * appl/kpopper/pop_init.c(pop_init): Got rid of some old ifdef'ed
+ code.
+
+ * lib/kdb/krb_dbm.c: Add macro for `dbm_delete' for the people
+ that are ndbm challenged.
+
+Mon Jun 10 1996
+
+ * lib/krb/kname_parse.c: Got rid of duplicate defintions.
+
+ * appl/ftp/ftp/ruserpass.c: Get hostname even if user has no
+ '.netrc' file.
+
+
+ * lib/kadm, lib/kdb, kadmin: Add database delete operation.
+
+ * lib/krb/kname_parse.c: Allow dots in instances.
+
+
+ * appl/bsd/rlogind.c (logwtmp): Only define `logwtmp' if it does
+ not exist. Log more garbage.
+
+Sun Jun 9 1996
+
+ * appl/telnet/configure.in: Check for `logwtmp'.
+
+ * appl/ftp/configure.in: Use `AC_FUNC_MMAP'
+
+
+ * appl/bsd/forkpty.c: Removed all ugly pty search stuff from
+ ptym_open().
+
+ * configure.in: Modified the creation of version.h, now actually
+ shows up with ident.It is now also slightly more keen on creating
+ a new version.h.
+
+Sat Jun 8 1996
+
+ * lib/roken/verify.c: <stdio.h> for NULL.
+
+ * appl/xnlock/xnlock.c (leave): Call XCloseDisplay, otherwise
+ screen saver changes are not updated before closing the X
+ connection.
+
+
+ * appl/bsd/utmp_login.c: Remove tty-prefix from ut_id; this field
+ is usually very short.
+
+Fri Jun 7 1996
+
+ * slave/kpropd.c: Add option -m to merge rather then load
+ database.
+
+Thu Jun 6 1996
+
+ * admin/kdb_util.c: Add a merge operation. (One day it might be
+ used to propagate only patches to the database)
+
+Wed Jun 5 1996
+
+ * appl/kpopper: Support both POP3 and KPOP3.
+
+ * appl/xnlock/xnlock.c: Use `verify_unix_user'
+
+ * lib/roken/verify.c: verify_unix_user: New function from xnlock
+ for checking passwd in `/etc/passwd'.
+
+ * appl/telnet/telnetd/sys_term.c: gettimeofday buglet
+
+
+ * slave/kpropd.c: Rewrite of kpropd.
+
+ * admin/kdb_util.c: Sanity check on input to load_db.
+
+ * slave/kpropd.c: Use default value for fname.
+
+ * slave/kprop.c: Use some sane default values for data_file and
+ slaves_file.
+
+ * admin/kdb_util.c: If there isn't any database when loading,
+ create an empty one.
+
+Mon Jun 3 1996
+
+ * appl/telnet/telnetd/sys_term.c: Somewhat changed the way utmpx
+ entries are created. It should now work on both Solaris and IRIX,
+ without stale login information.
+
+Sat Jun 1 1996
+
+ * lib/krb/k_gethostname.c (k_gethostname): Fallback.
+
+ * lib/krb/send_to_kdc.c (send_to_kdc),
+ kadmin/kadm_ser_wrap.c (kadm_ser_init),
+ slave/kprop.c (prop_to_slaves),
+ slave/kpropd.c (main): Use `k_getportbyname'.
+
+Fri May 31 1996
+
+ * Lots of files: more #includes ifdefad and cleaned up.
+
+Thu May 30 1996
+
+ * Lots of files: Replaced bcopy/bzero/bcmp with
+ memcpy/memset/memcmp.
+
+
+ * lib/krb/get_default_principal.c: Use getlogin() if it is the BSD
+ variant that actually gives some information.
+
+ * lib/krb/create_ticket.c: Write correct address byteorder.
+
+ * lib/kadm/kadm_stream.c,kadm_cli_wrap.c: Don't assume int32_t is
+ four bytes.
+
+ * kadmin/kpasswd.c: Allow principal without -n.
+
+ * kadmin/kadmin.c: Use krb_get_default_principal.
+
+ * appl/ftp/ftpd/ftpd.c: Fix bare newline bug.
+
+ * appl/bsd/rlogind.c: Add -i and -p options to start rlogind from
+ command line (for debugging).
+
+ * INSTALL: Rewritten.
+
+Wed May 29 1996
+
+ * appl/ftp/ftp/krb4.c: Handle different sizes of returned
+ checksum.
+
+
+ * appl/bsd/Makefile.in: Don't install login setuid.
+
+Fri May 24 1996
+
+ * appl/bsd/rsh.c: Don't run away yelling if someone calls you
+ `remsh'.
+
+Sun May 19 1996
+
+ * lib/krb/kdc_reply.c: Remove unused function decrypt_tkt. Sanity
+ check on decrypted ticket.
+
+Wed May 15 1996
+
+ * server/kerberos.c: Should work with the new libkrb
+
+ * appl/kip: Support more than one tunnel device.
+
+
+ * lib/krb/*.c: All functions that create or decode kerberos
+ packets have been rewritten. Hopefully, everything still
+ works. This is to eliminate problems with wierd systems, like
+ Crays, that doesn't have any two or four byte integers. Some of
+ these changes could be a lot more pretty, and *many* assumptions
+ that sizeof(int32) == 4 still exist in the rest of the code,
+ though.
+
+ As a side effect, all packets sent are now in network byte order.
+
+Mon May 13 1996
+
+ * configure.in: Shared libraries for Irix
+
+
+ * Several fixes for UNICOS.
+
+ * appl/ftp/ftp/krb4.c: Allow default data protection level through
+ a "prot level" in .netrc. This really should be done in a more
+ useful manner.
+
+Sun May 12 1996
+
+ * appl/xnlock/xnlock.c: Cleaned up user verification code. Now
+ uses new function krb_verify_user. Also fixed a few problems with
+ the password prompt box.
+
+ * lib/krb/verify_user.c: New function krb_verify_user to verify a
+ user with kerberos.
+
+
+ * appl/kip: New program for forwarding IP packets over kerberised
+ connections using tunnel devices.
+
+ * appl/kauth/kauth.c, kadmin/ksrvutil.c: Use
+ krb_get_default_principal
+
+ * appl/bsd/rlogind.c: Do not change portnumber to host order if
+ using kerberos. This will cause the magic
+ `reverse-time-if-port-is-less-than' to fail.
+
+ * lib/des/GNUmakefile: Removed file. This file causes problem
+ when building in the source directory and when using GNU make
+ which prefers this file to the generated Makefile.
+
+ * appl/bsd/login.c: More careful when handling returned value from
+ `getspnam'.
+
+Sat May 11 1996
+
+ * lib/krb/realm_parse.c: New function to expand a non-complete
+ realm to its official name, e.g nada -> NADA.KTH.SE.
+
+ * lib/krb/get_default_principal.c: New function to guess the
+ default principal to use. Looks at any existing ticket file first,
+ then at uid/logname etc.
+
+
+ * kadmin/kadmin.c: Use kname_parse and allow different instances
+ and realms.
+
+ * lib/roken/k_getpwnam.c: New function k_getpwnam that should work
+ with and without shadow passwords.
+
+ * Lots of files: s/getpwnam/k_&/g.
+
+Tue May 7 1996
+
+ * lib/des/des_locl.h: DES library updated to version 3.23,
+ des_locl.h now includes configure.h to get HAVE_TERMIOS etc.
+
+ * lib/des/des.h: On the alpha define DES_LONG to unsigned int.
+
+
+ * kuser/kinit.c: Handle passwords longer than 16 characters.
+
+ * appl/xnlock/xnlock.c (GetPasswd): Handle longer passwords than
+ 16 characters.
+
+Sun May 5 1996
+
+ * Release 0.8.
+
+
+ * appl/ftp/ftpd/kauth.c: Klist command.
+
+
+ * appl/ftp/ftpd: Removed `-g' from calls to ls.
+
+ * appl/ftp/ftp/cmds.c (setpeer): Fix so that opening a second
+ connection to a specified port works.
+
+ * appl/telnet/telnet: Default is binary.
+
+ * appl: Now build under Ultrix.
+
+ * appl/kx: Now even builds on AIX.
+
+Sat May 4 1996
+
+ * lib/des: Now merged in libdes 3.21 on main branch.
+
+
+ * appl/ftp/ftpd/logwtmp.c: Slightly different functionality. Works
+ on systems that has more fields in struct utmp such as OSF/1.
+ Still some questions about Solaris.
+
+ * lib/krb/lsb_addr_comp.c: Now byteorder independent.
+
+
+ * appl/kx: Rewrote kx & kxd to share more code. They are also now
+ able to talk both ways.
+
+ * lib/kdb/krb_dbm.c (kerb_db_rename): Now works properly when
+ using berkeley DB.
+
+Thu Apr 25 1996
+
+ * lib/krb/get_krbrlm.c (krb_get_default_realm): New function for
+ SunOS5 compat.
+
+ * When building shared libraries link libkrb with libdes to be
+ compatible with SunOS5.
+
+ * Move lib/krb/krb_err.et to lib/kadm since it is only used there,
+ no longer need to link libkrb against libcom_err.
+
+Wed Apr 24 1996
+
+ * lib/krb/lsb_addr_comp.h: Renamed ugly lsb_addr_comp.
+
+ * Some porting to UNICOS.
+
+Tue Apr 23 1996
+
+ * Moved some junk from appl/bsd to libroken.
+
+ * lib/roken/Makefile.in (LIBNAME): Added header file roken.h for
+ library libroken.a.
+
+
+ * Add kerberized ftp.
+
+ * Add libroken.
+
+Mon Apr 22 1996
+
+ * appl/kauth/kauth.c: When commands are given to kauth, a new
+ ticket file is used.
+
+Sat Apr 20 1996
+
+ * appl/xnlock/xnlock.c: Fixed a potential overwrite bug. Also
+ works with more than one screen, only fancy stuff on screen 0,
+ though.
+
+Fri Apr 19 1996
+
+ * appl/bsd/login.c, su.c, rshd.c, rlogind.c: Syslog and abort when
+ getpwnam returns uid == 0 but user is not root. This is usually
+ the result of an attack on NIS (former YP).
+
+Wed Apr 17 1996
+
+ * kadmin/ksrvutil.c (get_key_from_password): Support for
+ generating AFS keys. From <flag@it.kth.se>
+
+Sun Apr 14 1996
+
+ * appl/kx: New program for forwarding a X connection.
+
+Mon Apr 8 1996
+
+ * appl/bsd/rsh.c (get_shell_port): Default port number for ekshell
+ changed from 2106 to 545.
+
+ * appl/bsd/login.c (doremotelogin): Remove terminal speed from the
+ value of $TERM in the case of an ancient rlogind being used.
+
+Thu Apr 4 1996
+
+ * lib/kafs/afssys.c (k_afsklog): Try to read from
+ /usr/vice/etc/TheseCells for list of cells we should try to obtain
+ tokens for.
+
+ * appl/kauth/kauth.c (renew): Use cell even when renewing.
+
+ * appl/kauth/kauth.c, appl/xnlock/xnlock.c: Always call k_afsklog
+ with realm == NULL.
+
+
+ * lib/kafs/afssys.c: More thorough guessing of what realm a cell
+ belongs to.
+
+Wed Apr 3 1996
+
+ * appl/bsd/login.c: If setuid() failes and not logging in as root,
+ exit.
+
+Tue Apr 2 1996
+
+ * server/kerberos.c: Set name, inst, and realm to NULL in
+ APPL_REQUEST, error replies tend to look a bit funny otherwise.
+
+Thu Mar 28 1996
+
+ * appl/bsd/iruserok.c (iruserok): Imported iruserok() FreeBSD.
+
+Tue Mar 26 1996
+
+ * lib/des/Makefile.in: Removed enc_read.c enc_writ.c.
+
+ * appl/bsd/Makefile.in: New file with the old functions from
+ libdes.
+
+
+ * appl/bsd/utmp_login.c: Fixed (hopefully) double utmp-entries in
+ Solaris. Only put entries in one of utmp/utmpx, since they both
+ get updated by putut*ent() anyway.
+
+Mon Mar 25 1996
+
+ * kuser/klist.c (main): Use verbose option (-v) to list key
+ version numbers.
+
+
+ * Release 0.7.
+
+Sun Mar 24 1996
+
+ * appl/bsd/rlogin.c (doit): Moved signal junk (as far as possible)
+ to doit().
+
+
+ * configure.in: Check for getmsg with AC_TRY_RUN instead.
+ Otherwise it fails under AIx 3.2. Now rlogind works on this
+ so-called OS. Also cache value of berkeley db check.
+
+
+ * lib/kdb/krb_kdb_utils.c: New experimental masterkey generation,
+ enabled with --enable-random-mkey. This makes kdb_init et al
+ generate random master keys, based on random input from the
+ user. This comes in a package with auto-kstash, and possibility to
+ enter lost master keys as base64.
+
+ Moved default master key file from /.k to
+ /var/kerberos/master-key, override with --with-mkey=file.
+
+
+ * kadmin/kadmin.c (do_init): Handle the `-t' option to kadmin,
+ meaning do not get a new ticket file. (From CNS).
+
+Fri Mar 22 1996
+
+ * appl/xnlock/xnlock.c: Removed some dead code, and a few unused
+ header files.
+
+
+ * kadmin/pw_check.c (kadm_pw_check): If kadm_pw_check()
+ fails *pw_msg can't be 0! At the very least use the
+ empty string but a descriptive error-message is preferred.
+
+ * libtelnet: add nonbroken signal() function.
+
+Wed Mar 20 1996
+
+ * appl/kpopper/pop_pass.c (pop_pass): Use kuserok to determine if
+ user is allowed to fetch mail.
+
+ * appl/kpopper/*. Got rid of some ugly codes and some warnings.
+
+ * appl/bsd/Makefile.in: signal.o was not included in OBJECTS,
+ which made strange makes not doing what they should.
+
+ * configure.in, appl/kpopper/popper.h, appl/bsd/pathnames.h: Now
+ should work on systems that do not have mail spool files in
+ /var/spool/mail. Looks for MAILDIR or _PATH_MAILDIR, usually from
+ <paths.h> or <maillock.h>. Defaults to /var/spool/mail.
+
+Mon Mar 18 1996
+
+ * appl/bsd/bsd_locl.h: TIOCPKT for those systems missing it.
+
+Fri Mar 15 1996
+
+ * lib/kafs/kafs.h: Use <sys/ioctl.h> instead of <sys/ioccom.h>
+
+ * appl/bsd/rshd.c (doit): Don't set environ, send it as an
+ argument to execle instead.
+
+ * lib/kafs/kafs.h: Find definition of _IOW.
+
+ * configure.in: Check for random.
+
+ * appl/bsd/bsd_locl.h: Including <crypt.h> gives too many conflicts.
+
+ * appl/afsutil/pagsh.c: Check for random.
+
+Thu Mar 14 1996
+
+ * appl/bsd/bsd_locl.h, appl/telnet/telnetd/defs.h: Default values
+ of `TIOCPKT_FLUSHWRITE' & c:o.
+
+ * appl/telnet/telnet{,d}/Makefile.in (telnetd): Change order of
+ linking in libraries.
+
+ * configure.in: Check for interesting functions in libsocket and
+ libnsl and not strange soriasis inventions.
+
+Wed Mar 13 1996
+
+ * appl/bsd/bsd_locl.h (fatal): Only use prototype or iruserok if
+ the function does not exist.
+
+Mon Mar 11 1996
+
+ * lib/krb/krb_err_txt.c (krb_get_err_text): Changed name of
+ krb_err_msg to krb_get_err_text(int) to be compatible with the CNS
+ distribution. This function is used for instance by CVS-1.7.
+
+Sun Mar 10 1996
+
+ * configure.in, appl/Makefile.in: removed rkinit
+
+ * etc/inetd.conf.changes, etc/services.append: Added kauth.
+
+ * appl/kauth: Integrated rkinit into kauth.
+
+ * appl/kauth/kauth.c (main): Only look for principal name if no -p
+ has been given.
+
+ * lots of files: prototypes and other small fixes.
+
+ * appl/bsd/sysv_shadow.h: spwd multiple defined.
+
+ * appl/bsd/bsd_locl.h: include <crypt.h>
+
+ * configure.in: Added afsutil and rkinit.
+
+ * */Makefile.in: Do cd $$i && $(MAKE). Otherwise, if cd fails you
+ end up with an infinite recursion.
+
+ * kuser/klist.c (display_tktfile): Another warning removed.
+
+Tue Mar 5 1996
+
+ * appl/bsd/forkpty.c (forkpty): Kludge for Ultrix, rlogind now
+ works properly also under this system.
+
+
+ * appl/afsutil: New aklog and pagsh
+
+
+ * lib/krb/krb_equiv.c (krb_equiv): Fix bugs with '\\'.
+
+ * lib/des/rnd_keys.c: Include <sys/time.h>.
+
+Mon Mar 4 1996
+
+ * appl/kauth/kauth.c (main): Handle name when given after options.
+
+Sun Mar 3 1996
+
+ * appl/rkinit/rkinit.c (getalladdrs): Check for herror. Solaris
+ apparently does not have any.
+ (main): Use memset instead of bzero.
+
+ * appl/rkinit/rkinitd.c (decrypt_remote_tkt): bcopy -> memcpy.
+
+ * kuser/kinit.c (main): Corrected lifetime.
+
+ * lib/krb/krb_equiv.c (krb_equiv): Now handles longer lines,
+ continuation lines and addresses of the form 193.10.156.0/24.
+
+
+ * kuser/Makefile.in (kdestroy): Link kdestroy with libkafs.
+
+Wed Feb 28 1996
+
+ * Replaced all occurencies of krb_err_txt[] with new function
+ krb_err_msg(), that does some sanity checks before indexing
+ krb_err_txt.
+
+Mon Feb 26 1996
+
+ * appl/telnet/telnetd: Added flags -z to have telnetd log
+ unauthenticated logins, such as when using an old telnet
+ client. Unfortunately in most of these cases, the user name is not
+ known.
+
+ There should also be a way to tell the difference between bad
+ authentication (such as with expired tickets) and no attempt to
+ provide authentication (such as with an old client).
+
+Sun Feb 25 1996
+
+ * kuser/kdestroy.c: Remove afs-tokens as well as tickets, -t flags
+ added to prevent this.
+
+Thu Feb 22 1996
+
+ * appl/rkinit/rkinitd.c (doit): Use k_getsockinst to make it work
+ correctly for multi-homed hosts.
+
+ * appl/rkinit: New program with rkinit functionality.
+
+ * lib/krb/k_getport.c: Function for finding port in /etc/services
+ with fallback.
+
+ * lib/krb/netread.c,netwrite.c (krb_net_{read,write}): Now correct
+ prototype with void * and size_t.
+
+Wed Feb 21 1996
+
+ * kadmin/new_pwd.c (get_pw_new_pwd): Moved get_pw_new_pwd to
+ seperate file. Now called both from kadmin and kpasswd.
+
+ * kadmin/pw_check.c (kadm_pw_check): Handle the case of no
+ password provided. This is really a policy decision. The server
+ should be able to say `use a client that sends the password'.
+
+ * appl/bsd/rlogind.c (local_domain): MAXHOSTNAMELEN -> MaxHostNameLen.
+
+Sun Feb 18 1996
+
+ * appl/bsd/rcp.c (answer_auth): Made rcp multihome aware.
+
+ * appl/bsd/rlogind.c (do_krb_login): Made rlogind multihome aware.
+
+ * appl/bsd/rshd.c (doit): Made rshd multihome aware.
+
+ * lib/krb/k_getsockinst.c (k_getsockinst): New function to figure
+ out the instance name of interfaces on multihomed hosts. Use this
+ function when making daemons multihome aware.
+
+ * appl/telnet/libtelnet/kerberos.c (kerberos4_is): Made telnetd
+ multihome aware.
+
+Mon Feb 12 1996
+
+ * Release 0.6.
+
+Sun Feb 11 1996
+
+ * lots of files: hacks to make it all compile.
+
+ * configure.in, appl/telnet/configure.in: More broken AIX.
+
+
+ * appl/bsd/bsd_locl.h: Fix for old syslogs (as in Ultrix).
+
+
+ * appl/telnet/libtelnet/encrypt.c: encrypt_verbose by default.
+
+
+ * appl/telnet/libtelnet/kerberos.c: Show difference between
+ MUTUAL and ONE_WAY KERBEROS4.
+
+ * appl/telnet/libtelnet/encrypt.c:
+ Print message about not encrypting when receiving WONT or DONT encrypt.
+
+
+ * configure.in: Automatic check for HAVE_NEW_DB.
+
+
+ * lib/krb/getaddrs.c (k_get_all_addrs): Fixed for systems with
+ SOCKADDR_HAS_SA_LEN, aka 4.4BSD-based.
+
+ * appl/telnet/telnetd/global.c: Removed some multiple defined
+ variables.
+
+ * appl/bsd/rlogind.c (cleanup): ifndef HAVE_VHANGUP.
+
+ * appl/bsd/sysv_shadow.h: Add DAY and DAY_NOW ifndef.
+
+ * configure.in: Check if `struct sockaddr' has `sa_len'.
+
+Sat Feb 10 1996
+
+ * appl/telnet/telnetd/telnetd.c (recv_ayt): pty -> ourpty.
+
+ * appl/bsd/bsd_locl.h: More include-files: <sys/uio.h> and <userpw.h>
+
+ * appl/kpopper/popper.c (catchSIGHUP): Got rid of some warnings.
+
+ * lib/krb/log.c (new_log): Yet another year 2000.
+
+ * appl/bsd/sysv_environ.c (read_etc_environment): Support setting
+ environment variables from /etc/environment.
+
+ * appl/bsd/bsd_locl.h: <usersec.h>
+
+ * configure.in: check for setpcred, libs.a and <usersec.h>.
+
+ * appl/bsd/login.c (main): setpcred is used on AIX.
+
+ * appl/bsd/rshd.c (doit): Added setpcred for AIX.
+
+ * lib/krb/getaddrs.c: <sys/sockio.h> is sometimes needed.
+
+ * admin/kdb_init.c (main): Now verifies master key.
+
+ * lib/kdb/krb_kdb_utils.c (kdb_get_master_key): Added possibility
+ of asking for verfication.
+
+ * appl/bsd/bsd_locl.h: Try to include <sys/stream.h>
+
+ * appl/telnet/telnetd/utility.c (printsub): Mismatch arguments.
+
+ * lib/krb/send_to_kdc.c (send_to_kdc): Send to all A records and
+ accept an answer from anything we have sent to.
+
+ * appl/kauth/kauth.c (renew): Use strange return types for strange
+ OSes.
+ (doexec): Remove tokens.
+
+ * server/kerberos.c (main): Uses k_get_all_addrs and binds to each
+ of these addresses.
+
+ * kadmin/ksrvutil_get.c (ksrvutil_get): Added support for
+ specifying key to create on command line to get.
+
+Wed Feb 7 1996
+
+ * lib/krb/log.c (k_log): Now using YYYY for years.
+
+ * lib/krb/klog.c (klog): Preparing for the year 2000.
+
+ * kuser/kinit.c (main): Added option -p to get changepw-tickets.
+
+ * lib/krb/getaddrs.c: New file to get all the addresses of all the
+ interfaces on this machine.
+
+Tue Feb 6 1996
+
+ * configure.in: Support for S/Key in login.c. Use --with-skeylib
+ switch to configure. The code assumes that the skeylib.a comes
+ from logdaemon.
+
+ * General support for shadow password files if there is an
+ shadow.h.
+
+ * appl/bsd/su.c: Arrange so that it supports shadow passords.
+
+Sun Feb 4 1996
+
+ * appl/telnet/*: Hacks to make it work on strange OSes.
+
+ * appl/bsd/bsd_locl.h: Check for sys/ptyvar.h
+
+ * appl/telnet/configure.in (telnet_msg): sys/str_tty.h, sys/uio.h
+
+ * configure.in: test for crypt.h and sys/ptyvar.h
+
+ * appl/telnet/telnetd/*.c: pty -> ourpty.
+
+
+ * telnetd: Changes to make more systems work better, specifically
+ AIX 4. Hopefully this will work on both STREAM and BSD
+ systems. Not tested on some systems, like CRAY and Linux.
+
+
+ * util/ss/mk_cmds.c: Generating cleaner code.
+
+ * lib/krb/krb_err_txt.c (krb_err_txt): Clarification.
+
+ * kadmin/admin_server.c: Less varnings.
+
+ * appl/xnlock/xnlock.c: Changed some types and added some casts.
+
+ * appl/movemail/movemail.c: Not using syswait.h anymore.
+
+ * appl/xnlock/xnlock.c: God rid of some warnings.
+
+ * util/ss/*.[ch]: cleanup
+
+ * util/et/*.[ch]: cleanup
+
+ * appl/bsd/rcp.c: Less warnings.
+
+ * kadmin/admin_server.c (kadm_listen): Get rid of another warning.
+
+ * kadmin/pw_check.c (kadm_pw_check): Support for letting cracklib
+ check the quality of the password.
+
+ * kadmin/pw_check.h (kadm_pw_check): New argument to
+ kadm_pw_check: list of useful strings to check for.
+
+ * kadmin/kadm_server.c (kadm_ser_cpw): Send a few `useful' strings
+ to kadm_pw_check (name, instance, and realm).
+
+ * kadmin/Makefile.in (kadmind): Linking with -lcrack.
+
+ * configure.in: Support for --with-cracklib and --with-dictpath.
+
+ * kadmin/ksrvutil_get.c: Now seems to be working.
+
+ * kadmin/ksrvutil.h: Some new parameters.
+
+ * kadmin/ksrvutil.c: Some reorganisation and uses a working
+ ksrvutil_get.
+
+ * appl/movemail/movemail.c: Some more include-files.
+
+ * appl/bsd/rlogind.c: Testing for the existence of vhangup.
+
+Wed Jan 31 1996
+
+ * configure.in: Massaged the configure files so that we can build
+ under NEXTSTEP 3.3. Some kludges to prevent cpp bugs and link
+ errors where also neccessary.
+
+Tue Jan 30 1996
+
+ * appl/xnlock/xnlock.c (main): Improved user feedback on password
+ input.
+
+ * appl/xnlock/xnlock.c: Applied patch made by flag@it.kth.se that
+ enables C-u to erase the password field.
+
+ * lib/krb/lifetime.c: configure now creates a version string which
+ is referenced here. Use what and grep version to figure out where,
+ when and by whom binaries where created.
+
+ * appl/bsd/forkpty.c (ptys_open): Call revoke before pty slave is
+ opened. Add revoke using vhangup for those system lacking revoke.
+ Also call vhangup when rlogind exits.
+
+Mon Jan 29 1996
+
+ * lib/krb/send_to_kdc.c (send_to_kdc): Removed kludge for SunOS
+ 3.2 and Ultrix 2.2 that prevented multihomed kerberos servers to
+ operate correctly.
+
+ * kadmin/kadmin.c (change_key): Add new subcommand change_key so
+ that it is possible to enter keys in the DB on binary form. Most
+ usefull for sites running AFS.
+
+Fri Jan 26 1996
+
+ * appl/bsd/su.c (koktologin): New option -i root-instance. If you
+ want a user.afs ticket in a root shell and user.afs is on root's
+ ACL then do a "su -i afs".
+
+ * Makefile.in: Rearrange the order of object files to make shared
+ libraries slightly more efficient.
+
+ * appl/kauth/kauth.c (main): Always up case realm. Better error
+ messages on failed exec.
+
+Mon Jan 22 1996
+
+ * appl/bsd/rshd.c (main): New option -P to prevent rshd from using
+ a new PAG. Expert use only!
+
+ * appl/bsd/rlogind.c (doit): Avoid race when setting tty size.
+
+ * appl/bsd/rlogin.c (reader): Use select rather than horrible
+ signal hacks to handle OOB data.
+
+ * appl/bsd/login.c (main) sysv_environ.c (sysv_newenv): Login does
+ now honor the -p switch when invoked by root. This is used by
+ telnetd to export environment variables.
+
+Fri Jan 5 1996
+
+ * appl/bsd/signal.c (signal): New BSD compatible signal
+ function. Most r* applications assume reliable signals.
+
+
+ * appl/bsd/login.c (main): Check HAVE_ULIMIT.
+
+ * appl/bsd/bsd_locl.h: Include sys/ioctl.h.
+
+ * configure.in: Check for ulimit.
+
+ * admin/kdb_edit.c: Flush stdout after printing prompts.
+
+ * appl/kpopper/pop_xmit.c: Remember to include config.h.
+
+Tue Jan 2 1996
+
+ * appl/bsd/login.c (main): New function stty_default to setup
+ default tty settings.
+
+Fri Dec 29 1995
+
+ * appl/kstring2key/kstring2key.c (main): New program that converts
+ passwords to DES keys, either using des_string_to_key or
+ afs_string_to_key.
+
+ * server/kerberos.c: Kerberos server now listen on 2 ports,
+ kerberos/udp and kerberos-sec/udp.
+
+Wed Dec 27 1995
+
+ * appl/bsd/rcp.c (main): Integrated -x option to rcp. This
+ required some real horrible hacks in lib/des/enc_{read,write}.c
+
+ * acconfig.h: Enabled MULTIHOMED_KADMIN in acconfig.h.
+
+ * Add RCSID stuff to telnet files.
+
+Fri Dec 22 1995
+
+ * appl/bsd/login.c (main): The login program does now by default
+ read /etc/default/login, even on non Psoriasis systems. Unifdef
+ SYSV4, this was essentially only for prompting.
+
+Mon Dec 18 1995
+
+ * appl/kpopper/popper.c (main): Integrate default timeout of 120
+ seconds from Qualcomm popper. Timeout is also set able with -T
+ seconds.
+
+
+ * lib/kadm/kadm_cli_wrap.c (kadm_change_pw_plain): If there's no
+ password, don't even send the empty string.
+
+Thu Dec 7 1995
+
+ * lots of files: all debug messages now printed to stderr (from
+ <lama@pdc.kth.se>)
+
+ * lib/krb/tf_util.c (tf_create): New method for creating a new
+ ticket file. Remove the old old and then open with O_CREAT and
+ O_EXCL.
+
+ * server/kerberos.c, slave/kpropd.c: Some casts to get rid of warnings.
+
+ * configure.in: Added checks for unistd.h, memmove and const.
+
+ * appl/telnet/telnet/commands.c: Changed types of functions to
+ confirm with struct Command.
+
+ * appl/telnet/configure.in: Check for setpgid.
+
+ * appl/bsd/rlogin.c: Get rid of another warning.
+
+ * appl/bsd/bsd_locl.h, appl/telnet/acconfig.h: New synonym for
+ solaris.
+
+Wed Dec 6 1995
+
+ * (movemail): Now from emacs-19.30. If you have a newish emacs
+ there is no reason to use this movemail.
+
+ * (kadm): Added support for server side password checks. Hopefully
+ this is compatible with kerberos 4.10. Old kpasswd:s will give
+ funny error messages. For examples of checks, see
+ kadmin/pw_check.c. Since this is mostly political matters,
+ kadm_pw_check() should probably return KADM_SUCCESS by default.
+
+Mon Nov 27 1995
+
+ * appl/telnet/telnetd/telnetd.c (main): Kludge to fix encryption
+ problem with Mac NCSA telnet 2.6.
+
+
+ * lib/krb/stime.c: Now using YYYY for years. (2000 is soon here).
+
+ * appl/bsd/rsh.c, rcp.c, rlogin.c: Fixed fallback for port number
+ (added missing ntohs).
+
+Sun Nov 12 1995
+
+ * (many files): More ANSI/ISO 9899-1990 to the people!
+ Now actually builds (not including util) with DEC "cc -std1" and
+ Sun "acc -Xc". There are still major prototype conflicts, but
+ there isn't much to do about this.
+
+Sat Oct 28 1995
+
+ * lib/kadm/kadm_cli_wrap.c: Fallback for kerberos and
+ kerberos_master services.
+
+Fri Oct 27 1995
+
+ * Released version 0.5
+
+
+ * lib/des/read_pwd.c: Redifine TIOCGETP and TIOCSETP so that the
+ same code is used both for posix termios and others.
+
+ * rsh, rlogin: Add environment variable RSTAR_NO_WARN which when
+ set to "yes" make warnings about "rlogin: warning, using standard
+ rlogin: remote host doesn't support Kerberos." go away.
+
+Tue Oct 24 1995
+
+ * admin/kdb_util.c (load_db) lib/kdb/krb_dbm.c (kerb_db_update):
+ Optimized so that it can handle large databases, previously a
+ 10000 entry DB would take *many* minutes, this can now be done in
+ under a minute.
+
+Sat Oct 21 1995
+
+ * Changes in server/kerberos.c, kadmin/*.c slave/*.c to support 64
+ bit machines. Source should now be free of 64 bit assumptions.
+
+ * admin/copykey.c (copy_from_key): New functions for copying to
+ and from keys. Neccessary to solve som problems with longs on 64
+ bit machines in kdb_init, kdb_edit, kdb_util and ext_srvtab.
+
+ * lib/kdb/krb_kdb_utils.c (kdb_verify_master_key): More problems
+ with longs on 64 bit machines.
+
+Mon Oct 16 1995
+
+ * appl/bsd/login.c (main): Lots of stuff to support Psoriasis
+ login. Courtesy of gertz@lysator.liu.se.
+
+ * configure.in, all Makefile.in's: Support for Linux shared
+ libraries. Courtesy of svedja@lysator.liu.se.
+
+ * lib/krb/cr_err_reply.c server/kerberos.c: Moved int req_act_vno
+ = KRB_PROT_VERSION; from server kode to libkrb where it really
+ belongs.
+
+ * appl/bsd/forkpty.c (forkpty): New function that allocates master
+ and slave ptys in a portable way. Used by rlogind.
+
+ * appl/telnet/telnetd/sys_term.c (start_login): Under SunOS5 the
+ same utmpx slot got used by sevral sessions. Courtesy of
+ gertz@lysator.liu.se.
+
+Wed Oct 4 1995
+
+ * util/{ss, et}/Makefile.in (LEX): Use flex or lex. Courtesy of
+ svedja@lysator.liu.se.
+
+ * Fix the above Makefiles to work around bugs in Solaris and OSF/1
+ make rules that was triggered by VPATH functionality in the yacc
+ and lex rules.
+
+Mon Oct 2 1995
+
+ * appl/kpopper/pop_log.c (pop_log) appl/kpopper/pop_msg.c (pop_msg):
+ Use stdarg instead of varargs. The code is still broken though,
+ you'll realize that on a machine with 64 bit pointers and 32 bit
+ int:s and no vsprintf, let's hope there will be no such beasts ;-).
+
+ * appl/telnet/telnetd/sys_term.c (getptyslave): Not all systems
+ have (or need) modules ttcompat and pckt so don't flag it as a
+ fatal error if they don't exist.
+
+Mon Sep 25 1995
+
+ * kadmin/admin_server.c (kadm_listen) kadmind/kadm_ser_wrap.c
+ (kadm_listen): Add kludge for kadmind running on a multihomed
+ server. #ifdef:ed under MULTIHOMED_KADMIN. Change in acconfig.h
+ if you need this feature.
+
+ * appl/Makefile.in (SUBDIRS): Add applications movemail kpopper
+ and xnlock.
+
+Wed Sep 20 1995
+
+ * appl/bsd/rlogin.c (main): New rlogind.c, forkpty() is not
+ implemented yet though.
+
+Wed Sep 13 1995
+
+ * appl/xnlock/Makefile.in: Some stubs for X11 programs in
+ configure.in as well as a kerberized version of xnlock.
+
+ * appl/bsd/{rlogin.c, rsh.c, rcp.c}: Add code to support fallback
+ port numbers if they can not be found using getservbyname.
+
+Tue Sep 12 1995
+
+ * appl/bsd/klogin.c (klogin): Use differnet ticket files for each
+ login so that a malicous user won't be able to destroy our tickets
+ with a failed login attempt.
+
+ * lib/kafs/afssys.c (k_afsklog): First we try afs.cell@REALM, if
+ there is no such thing try afs@CELL instead. There is now two
+ arguments to k_afslog(char *cell, char *realm).
+
+Mon Sep 11 1995
+
+ * kadmin/admin_server.c (kadm_listen): If we are multihomed we
+ need to figure out which local address that is used this time
+ since it is used in "direction" comparison.
+
+Wed Sep 6 1995
+
+ * kadmin/kadm_ser_wrap.c (kadm_ser_init): Fallback to use default
+ port number.
+
+ * lib/krb/send_to_kdc.c (send_to_kdc): Default port number
+ (KRB_PORT) was not in network byte order.
+
+Tue Sep 5 1995
+
+ * lib/krb/send_to_kdc.c (send_recv): Linux clears timeout struct
+ when selecting.
+
+
+Mon Sep 4 1995
+
+ * appl/bsd/rcp.c, appl/bsd/rlogin.c, appl/bsd/rsh.c:
+ Now does fallback if there isn't any entries in /etc/services for
+ klogin/kshell. This also made the code a bit more pretty.
+
+
+ * appl/bsd/login.c: Added support for lots of more struct utmp fields.
+ If there is no ttyslot() use setutent and friends.
+
+ * appl/bsd/Makefile.in, appl/bsd/rlogind.c, appl/bsd/rshd.c:
+ Added extern iruserok().
+
+ * appl/bsd/iruserok.c: Initial revision
+
+ * appl/bsd/bsd_locl.h: Must include sys/filio.h on Psoriasis.
+
+ * appl/bsd/Makefile.in: New install
+
+ * appl/bsd/pathnames.h: Fix default path, rsh and rlogin.
+
+ * appl/bsd/rshd.c: Extend default PATH with bindir to find rcp.
+
+
+ * appl/bsd/login.c (login): If there is no ttyslot use setutent
+ and friends. Added support for lots of more struct utmp fields.
+
+ * server/kerberos.c (main) lib/kafs/afssys.c appl/bsd/bsd_locl.h:
+ Must include sys/filio.h on Psoriasis to find _IOW and FIO* macros.
+
+ * appl/bsd/rlogind.c (doit): Use _PATH_DEFPATH rather than
+ _PATH_DEF.
+
+ * appl/bsd/login.c, su.c (main): Use fallback to bourne shell if
+ running as root.
+
+ * appl/bsd/su.c (main): Update usage message to reflect that '-'
+ option must come after the ordinary options and before login-id.
+
+Sat Sep 2 1995
+
+ * appl/telnet/telnetd/telnetd.c (doit): If remote host name is to
+ long to fit into utmp try to remove domain part if it does match
+ our local domain.
+
+ (main): Add new option -L /bin/login so that it is possible to
+ specify an alternate login program.
+
+ * appl/telnet/telnet/commands.c (env_init): When exporting
+ variable DISPLAY and if hostname is not the full name, try to get
+ the full name from DNS.
+
+ * appl/telnet/telnet/main.c (main): Option -k realm was broken due
+ to a bogous external declaration.
+
+Fri Sep 1 1995
+
+ * kadmin/kadmin.c (add_new_key): Kadmin now properly sets
+ lifetime, expiration date and attributes in add_new_key command.
+
+Wed Aug 30 1995
+
+ * appl/bsd/su.c (main): Don't handle '-' option with getopt.
+
+ * appl/telnet/telnet/externs.h: Removed protection for multiple
+ inclusions of termio(s).h since it broke definition of termio
+ macro on POSIX systems.
+
+Tue Aug 29 1995
+
+ * lib/krb/lifetime.c (krb_life_to_time): If you want to disable
+ AFS compatible long lifetimes set krb_no_long_lifetimes = 1.
+
+ Please note that the long lifetimes are 100% compatible up to
+ 10h so this should rarely be necessary.
+
+ * lib/krb/krb_equiv.c (krb_equiv): If you don't want to use
+ ipaddress protection of tickets set krb_ignore_ip_address. This
+ makes it possible for an intruder to steal a ticket and then use
+ it from som other machine anywhere on the net.
+
+Mon Aug 28 1995
+
+ * kadmin/kadm_ser_wrap.c (kadm_ser_init): Don't bind to only one
+ local address. Accept request on all interfaces.
+
+ * admin/kdb_edit.c (change_principal): Don't accept illegal
+ dates. Courtesy of gertz@lysator.liu.se.
+
+Sat Aug 26 1995
+
+ * configure.in: AIX specific libraries needed when using standard
+ libc routine getttyent, IBM should be ashamed!
+
+ * lib/krb/recvauth.c (krb_recvauth): Long that should be int32_t
+ problem.
+
+ * Added strdup for su and rlogin.
+
+ * Fix for old syslog macros in appl/bsd/bsd_locl.
+
+Fri Aug 25 1995
+
+ * lib/kdb/krb_dbm.c (kerb_db_rename) admin/kdb_destroy.c: New
+ ifdef HAVE_NEW_DB for new databases residing in one file only.
+
+ * appl/bsd/rlogin.c (oob): Add workaround for Linux.
+
+Mon Aug 21 1995
+
+ * appl/bsd/getpass.c: New routine that reads up to 127 char
+ passwords. Used in su.c and login.c.
+
+Tue Aug 15 1995
+
+ * appl/telnet/telnetd/sys_term.c (login_tty): Ioctl TIOCSCTTY
+ should not be used on HP-UX.
+
+Mon Aug 14 1995
+
+ * appl/bsd/rlogin.c (main): Added dummy rlogind that tells user to
+ rather use telnet.
+
+Thu Aug 10 1995
+
+ * lib/krb/ krb.h, decomp_ticket.c, getrealm.c, get_krbhst.c,
+ get_krbrlm.c, get_admhst.c:
+
+ Use multiple configuration directories for krb.conf and
+ krb.realms, KRB_CONF and KRB_REALM_TRANS macros substituted with
+ KRB_CNF_FILES and KRB_RLM_FILES. Currently /etc and
+ /etc/kerberosIV are searched. Directory specified by envioronment
+ variable KRBCONFDIR is searched first if set. No hardcoded
+ realmname or kerberos server. Instead use domainname for deafult
+ realm and kerberos.domain as kerberos server if they are not
+ listed in krb.conf and/or krb.realms. In the normal case there
+ should be no need for configuration files if administrators add a
+ CNAME pointing to the kerberos server.
+
+ * appl/bsd/Makefile.in and friends: GNU make should no longer be
+ neccessary unless building with VPATH.
+
+Wed Aug 9 1995
+
+ * appl/bsd/klogin.c (klogin): Old ticket file need to be removed
+ before we call krb_get_pw_in_tkt or we might get a Kerberos intkt
+ error because the wrong user owns the file.
+
+Tue Aug 8 1995
+
+ * configure.in : Telnet.beta2 is now official and has been moved
+ to appl/telnet.
+
+ * appl/bsd/su.c (main): Reenable -K flag, won't work if not
+ PASSWD_FALLBACK is enabled. Cosmetics for Password prompt.
+
+Fri Aug 4 1995
+
+ * appl/bsd/su.c (kerberos): Don't allow su from possibly bogous
+ kerberos server. Controlled by #ifdef KLOGIN_PARANOID.
+
+ * lib/kafs/afssys.c (SIGSYS_handler): Need to reinstall handler on
+ SYSV.
+
+Mon Jul 24 1995
+
+ * lib/kafs/afssys.c (k_afsklog): Use default realm on null argument.
+
+ * appl/bsd/rlogin.c, login.c: New programs.
+
+Fri Jul 21 1995
+
+ * appl/bsd/kcmd.c rsh.c rlogin.c: Use POSIX signals.
+
+ * appl/telnet.95.05.31.NE/telnetd/sys_term.c, telnetd.c: Port to
+ IRIX.
+
+Tue Jul 11 1995
+
+ * admin/kdb_init.c (main): Use new random generator. Dito in
+ admin/kdb_edit.c. Use master key to initialize random sequence.
+
+Mon Jul 10 1995
+
+ * kadmin/kadmin.c (get_password): Fix for random passwords.
+ Dito for admin/kdb_edit.c
+
+ * appl/kauth/kauth.c (main): Updated for krb distribution, now
+ uses new library libkafs.
+
+ * appl/telnet.beta/telnet/main.c (main): New telnet with
+ encryption hacks from ftp.funet.fi:/pub/unix/security/esrasrc-1.0.
+ Encryption does not currently work though.
+
+Tue Jun 20 1995
+
+ * New library to support AFS. Routines:
+
+ int k_hasafs(void);
+ int k_afsklog(...);
+ int k_setpag(void);
+ int k_unlog(void);
+ int k_pioctl(char *, int, struct ViceIoctl *, int);
+
+ Modified it to support more than one single entry point AFS
+ syscalls (needed by HPUX and OSF/1 when running DFS). Don't rely
+ on transarc headers or library code.
+
+ This has not been tested and will most probably need some
+ serious violence to get working under AIX. (AIX has since been
+ fixed to. /bg)
+
+Fri Jun 16 1995
+
+ * lib/krb/krb_equiv.c (krb_equiv): Compare IP adresses using
+ krb_equiv() to allow for hosts with more than one address in files
+ rd_priv.c rd_req.c and rd_safe.c.
+
+ * slave/kpropd.c (main): Fix uninitialized variables and rewind
+ file in kprop.c.
+
+Thu Jun 15 1995
+
+ * appl/bsd/rcp.c (allocbuf): Fix various bugs.
+
+ * slave/kpropd.c (main): Responder uses
+ KPROP_SERVICE_NAME.`hostname' and requestor always uses
+ KPROP_SERVICE_NAME.KRB_MASTER, i.e rcmd.kerberos in kprop/kpropd
+ protocol.
+
+Wed Jun 14 1995
+
+ * appl/bsd/rshd.c (doit): Encryption should now work both ways.
+
+Tue Jun 13 1995
+
+ * appl/bsd/pathnames.h: Fixup paths.
+
+ * server/Makefile.in and friends (install): Install daemons in in
+ libexec and administrator programs in sbin.
+
+
+ * Makefile.in: Joda (d91-jda) added install target
+
+Wed Jun 7 1995
+
+ * lib/krb/k_strerror.c: New function k_strerror() to use instead
+ of the non portable sys_errlist[].
diff --git a/crypto/kerberosIV/Makefile.in b/crypto/kerberosIV/Makefile.in
new file mode 100644
index 0000000..afa77fb
--- /dev/null
+++ b/crypto/kerberosIV/Makefile.in
@@ -0,0 +1,70 @@
+# $Id: Makefile.in,v 1.30 1997/05/20 18:58:34 bg Exp $
+
+srcdir = @srcdir@
+prefix = @prefix@
+VPATH = @srcdir@
+
+SHELL = /bin/sh
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_DATA = @INSTALL_DATA@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+TRAVELKIT = appl/kauth/kauth kuser/klist appl/telnet/telnet/telnet \
+ appl/ftp/ftp/ftp appl/kx/kx appl/kx/rxtelnet
+
+@SET_MAKE@
+
+SUBDIRS = util include lib kuser server slave admin kadmin appl man doc
+
+all:
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) all); done
+
+Wall:
+ make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+check:
+ cd lib && $(MAKE) $(MFLAGS) check
+
+install:
+ $(MKINSTALLDIRS) $(prefix)
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) install); done
+
+install-strip:
+ $(MAKE) INSTALL_PROGRAM='$(INSTALL_PROGRAM) -s' install
+
+uninstall:
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done
+
+travelkit: all
+ $(MKINSTALLDIRS) tmp
+ for i in $(TRAVELKIT); \
+ do $(INSTALL_PROGRAM) $$i tmp; done
+ (cd tmp; tar cf ../travelkit.tar `for i in $(TRAVELKIT); do basename $$i; done`)
+ rm -rf tmp
+
+travelkit-strip:
+ $(MAKE) INSTALL_PROGRAM='$(INSTALL_PROGRAM) -s' travelkit
+
+TAGS:
+ find . -name '*.[chyl]' -print | etags -
+
+clean:
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) clean); done
+
+mostlyclean: clean
+
+distclean:
+ $(MAKE) clean
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) distclean); done
+ rm -f Makefile config.status config.cache config.log version.h newversion.h.in version.h.in *~
+
+realclean:
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) realclean); done
+
+.PHONY: all install install-strip uninstall travelkit travelkit-strip clean distclean realclean mostlyclean
diff --git a/crypto/kerberosIV/NEWS b/crypto/kerberosIV/NEWS
new file mode 100644
index 0000000..cddbb22
--- /dev/null
+++ b/crypto/kerberosIV/NEWS
@@ -0,0 +1,563 @@
+Minor changes in release 0.9.6:
+
+* utmp(x) works correctly on systems with utmpx.
+
+* A security-related bug in ftpd fixed.
+
+* Compiles on solaris 2.4, 2.6 and on WinNT/95 with cygwin32 beta18.
+
+* New option `-w' to rxtelnet, rxterm.
+
+Major changes in release 0.9.5:
+
+* We made some changes to be compatible with the other kerberised ftp
+ implementations and this means that an old kerberised ftp client will
+ not be able to talk to a new ftp server. So try to upgrade your ftp
+ clients and servers at the same time. The reason for this change is
+ described in more detail below.
+
+* The interpretation of /etc/ftpusers has changed slightly, see
+ ftpusers(5). These changes come from NetBSD.
+
+* The function `des_quad_cksum', which is used by `krb_rd_safe', and
+ `krb_mk_safe', has never been compatible with MIT's DES
+ library. This has now been fixed.
+
+ This fix will however break some programs that used those functions,
+ for instance `ftp'. In this version `krb_rd_safe' is modified to
+ accept checksums of both the new and the old format; `krb_mk_safe'
+ will always emit checksums of the new type *unless* `krb_rd_safe'
+ has detected that the client is using the old checksum (this feature
+ may be removed in some future release).
+
+ If you have programs that use `krb_mk_safe' and `krb_rd_safe' you
+ should upgrade all clients before upgrading your servers. Client is
+ here defined as the program that first calls `krb_rd_safe'.
+
+ If you are using some protocol that talks to more than one client or
+ server in one session, the heuristics to detect which kind of
+ checksum to use might fail.
+
+ The problem with `des_quad_cksum' was just a byte-order problem, so
+ there are no security problems with using the old versions. Thanks
+ to Derrick J Brashear <shadow@DEMENTIA.ORG> for pointing in the
+ right general direction.
+
+* Rewrote kx to work always open TCP connections in the same
+ direction. This was needed to make it work through NATs and is
+ generally a cleaner way of doing it. Also added `tenletxr'.
+ Unfortunately the new protocol is not compatible with the old one.
+ The new kx and kxd programs try to figure out if they are talking to
+ old versions.
+
+* Quite a bit of new functionality in otp. Changed default hash
+ function to `md5'. Fixed implementation of SHA and added downcasing
+ of seed to conform with `draft-ietf-otp-01.txt'. All verification
+ examples in the draft now work.
+
+* Fixed buffer overflows.
+
+* Add history/line editing in kadmin and ftp.
+
+* utmp/utmpx and wtmp/wtmpx might work better on strange machines.
+
+* Bug fixes for `rsh -n' and `rcp -x'.
+
+* reget now works in ftp and ftpd. Passive mode works. Other minor
+ bug fixes as well.
+
+* New option `-g umask' to ftpd for specifying the umask for anonymous users.
+
+* Fix for `-l' option in rxtelnet and rxterm.
+
+* XOVER support in popper.
+
+* Better support for building shared libraries.
+
+* Better support for talking to the KDC over TCP. This could make it
+ easier to use brain-damaged firewalls.
+
+* Support FreeBSD-style MD5 /etc/passwd.
+
+* New option `-createuser' to afslog.
+
+* Upgraded to work with socks5-v1.0r1.
+
+* Almost compiles and works on OS/2 with EMX, and Win95/NT with gnu-win32.
+
+* Merged in win32-telnet, see README-WIN32 for more details.
+
+* Possibly fixed telnet bug on HP-UX 10.
+
+* Updated man-pages.
+
+* Support for NetBSD/OpenBSD manual page circus.
+
+* Bug fixes.
+
+Major changes in release 0.9.3:
+
+* kx has been rewritten and is now a lot easier to use. Two new
+ scripts: rxtelnet and rxterm. It also works on machines such as
+ Cray where the X-libraries cannot talk unix sockets.
+
+* experimental OTP (RFC1938). Included in login, ftpd, and popper.
+
+* authentication modules: PAM for linux, SIA for OSF/1, and
+ afskauthlib for Irix.
+
+* popper now has the UIDL command.
+
+* ftpd can now tar and compress files and directories on the fly, also
+ added a find site command.
+
+* updated documentation and man pages.
+
+* Change kuserok so that it acts as if luser@LOCALREALM is always an
+ entry of .klogin, even when it's not possible to verify that there
+ is no such file or the file is unreadable.
+
+* Support for SRV-records.
+
+* Socks v5 support.
+
+* rcp is AFS-aware.
+
+* allow for other transport mechanisms than udp (useful for firewall
+ tormented souls); as a side effect the format of krb.conf had to
+ become more flexible
+
+* sample programs included.
+
+* work arounds for Linux networking bugs in rlogind and rlogin.
+
+* more portable
+
+* quite a number of improvments/bugfixes
+
+* New platforms: HP-UX 10, Irix 6.2
+
+Major changes in release 0.9.2a:
+
+* fix annoying bug with kauth (et al) returning incorrect error
+
+Major changes in release 0.9.2:
+
+* service `kerberos-iv' and port 750 has been registered with IANA.
+
+* Bugfixes.
+
+ - Compiles with gcc on AIX.
+
+ - Compiles with really old resolvers.
+
+ - ftp works with afs string-to-key.
+
+ - shared libraries should work on Linux/ELF.
+
+ - some potential buffer overruns.
+
+ - general code clean-up.
+
+* Better Cray/UNICOS support.
+
+* New platforms: AIX 4.2, IRIX 6.1, and Linux 2.0
+
+Major changes in release 0.9.1:
+
+* Mostly bugfixes.
+
+ - No hardcoded references to /usr/athena
+
+ - Better Linux support with rlogin
+
+ - Fix for broken handling of NULL password in kadmind (such as with
+ `ksrvutil change')
+
+ - AFS-aware programs should work on AIX systems without AFS
+
+* New platforms: Digital UNIX 4.0 and Fujitsu UXP/V
+
+* New mechanism to determine realm from hostname based on DNS. To find
+ the realm of a.b.c.d it tries to find krb4-realm.a.b.c.d and then
+ krb4-realm.b.c.d and so on. The entry in DNS should be a TXT record
+ with the realm name.
+
+ krb4-realm.pdc.kth.se. 7200 TXT "NADA.KTH.SE"
+
+Major changes in release 0.9:
+
+* Tested platforms:
+
+Dec Alpha OSF/1 3.2 with cc -std1
+HP 9000/735 HP/UX 9.05 with gcc
+DEC Pmax Ultrix 4.4 with gcc (cc does not work)
+IBM RS/6000 AIX 4.1 with xlc (gcc works, cc does not)
+SGI IRIX 5.3 with cc
+Sun SunOS 4.1.4 with gcc (cc is not ANSI and does not work)
+Sun SunOS 5.5 with gcc
+Intel i386 NetBSD 1.2 with gcc
+Intel i386 Linux 1.3.95 with gcc
+Cray J90 Unicos 9 with cc
+
+* Mostly ported to Crays running Unicos 9.
+
+* S/Key-support in ftpd.
+
+* Delete operation supported in kerberos database.
+
+* Cleaner and more portable code.
+
+* Even less bugs than before.
+
+* kpopper now supports the old pop3 protocol and has been renamed to popper.
+
+* rsh can be renamed remsh.
+
+* Experimental program for forwarding IP over a kerberos tunnel.
+
+* Updated to libdes 3.23.
+
+Major changes in release 0.8:
+
+* New programs: ftp & ftpd.
+
+* New programs: kx & kxd. These programs forward X connections over
+ kerberos-encrypted connections.
+
+* Incorporated version 3.21 of libdes.
+
+* login: No double utmp-entries on Solaris.
+
+* kafs
+
+ * Better guessing of what realm a cell belongs to.
+
+ * Support for authenticating to several cells. Reads
+ /usr/vice/etc/TheseCells, if present.
+
+* ksrvutil: Support for generating AFS keys.
+
+* login, su, rshd, rlogind: tries to counter possible NIS-attack.
+
+* xnlock: several bug fixes and support for more than one screen.
+
+* Default port number for ekshell changed from 2106 to 545. kauth
+ port changed from 4711 to 2120.
+
+* Rumored to work on Fujitsu UXP/V and Cray UNICOS.
+
+Major changes in release 0.7:
+
+* New experimental masterkey generation. Enable with
+ --enable-random-mkey. Also the default place for the master key has
+ moved from /.k to /var/kerberos/master-key. This is customizable
+ with --with-mkey=file. If you don't want you master key to be on the
+ same backup medium as your database, remember to use this flag. All
+ relevant programs still checks for /.k.
+
+* `-t' option to kadmin.
+
+* Kpopper uses kuserok to verify if user is allowed to pop mail.
+
+* Kpopper tries to locate the mail spool directory: /var/mail or
+ /var/spool/mail.
+
+* kauth has ability to get ticket on a remove host with the `-h' option.
+
+* afslog (aklog clone) and pagsh included.
+
+* New format for /etc/krb.equiv.
+
+* Better multi-homed hosts support in kauth, rcp, rlogin, rlogind,
+ rshd, telnet, telnetd.
+
+* rlogind works on ultrix and aix 3.2.
+
+* lots of bug fixes.
+
+Major changes in release 0.6:
+
+* Tested platforms:
+
+DEC/Alpha OSF3.2
+HP700 HPux 9.x
+Dec/Pmax Ultrix 4.4 (rlogind not working)
+IBM RS/6000 AIX 3.2 (rlogind not working)
+IBM RS/6000 AIX 4.1
+SGI Irix 5.3
+Sun Sunos 4.1.x
+Sun Sunos 5.4
+386 BSD/OS 2.0.1
+386 NetBSD 1.1
+386 Linux 1.2.13
+
+It is rumored to work to some extent on NextStep 3.3.
+
+* ksrvutil get to create new keys and put them in the database at the
+same time.
+
+* Support for S/Key in login.
+
+* kstring2key: new program to show string to key conversion.
+
+* Kerberos server should now listen on all available network
+interfaces and on both port 88 and 750.
+
+* Timeout in kpopper.
+
+* Support password quality checks in kadmind. Use --with-crack-lib to
+link kadmind with cracklib. The patches in cracklib.patch are needed.
+
+* Movemail from emacs 19.30.
+
+* Logging format uses four digits for years.
+
+* Fallback if port numbers are not listed in /etc/services.
+
+
+ * Relesed version 0.5
+
+ * lib/des/read_pwd.c: Redifine TIOCGETP and TIOCSETP so that the
+ same code is used both for posix termios and others.
+
+ * rsh, rlogin: Add environment variable RSTAR_NO_WARN which when
+ set to "yes" make warnings about "rlogin: warning, using standard
+ rlogin: remote host doesn't support Kerberos." go away.
+
+ * admin/kdb_util.c (load_db) lib/kdb/krb_dbm.c (kerb_db_update):
+ Optimized so that it can handle large databases, previously a
+ 10000 entry DB would take *many* minutes, this can now be done in
+ under a minute.
+
+ * Changes in server/kerberos.c, kadmin/*.c slave/*.c to support 64
+ bit machines. Source should now be free of 64 bit assumptions.
+
+ * admin/copykey.c (copy_from_key): New functions for copying to
+ and from keys. Neccessary to solve som problems with longs on 64
+ bit machines in kdb_init, kdb_edit, kdb_util and ext_srvtab.
+
+ * lib/kdb/krb_kdb_utils.c (kdb_verify_master_key): More problems
+ with longs on 64 bit machines.
+
+ * appl/bsd/login.c (main): Lots of stuff to support Psoriasis
+ login. Courtesy of gertz@lysator.liu.se.
+
+ * configure.in, all Makefile.in's: Support for Linux shared
+ libraries. Courtesy of svedja@lysator.liu.se.
+
+ * lib/krb/cr_err_reply.c server/kerberos.c: Moved int req_act_vno
+ = KRB_PROT_VERSION; from server kode to libkrb where it really
+ belongs.
+
+ * appl/bsd/forkpty.c (forkpty): New function that allocates master
+ and slave ptys in a portable way. Used by rlogind.
+
+ * appl/telnet/telnetd/sys_term.c (start_login): Under SunOS5 the
+ same utmpx slot got used by sevral sessions. Courtesy of
+ gertz@lysator.liu.se.
+
+ * util/{ss, et}/Makefile.in (LEX): Use flex or lex. Courtesy of
+ svedja@lysator.liu.se.
+
+ * Fix the above Makefiles to work around bugs in Solaris and OSF/1
+ make rules that was triggered by VPATH functionality in the yacc
+ and lex rules.
+
+ * appl/kpopper/pop_log.c (pop_log) appl/kpopper/pop_msg.c (pop_msg):
+ Use stdarg instead of varargs. The code is still broken though,
+ you'll realize that on a machine with 64 bit pointers and 32 bit
+ int:s and no vsprintf, let's hope there will be no such beasts ;-).
+
+ * appl/telnet/telnetd/sys_term.c (getptyslave): Not all systems
+ have (or need) modules ttcompat and pckt so don't flag it as a
+ fatal error if they don't exist.
+
+ * kadmin/admin_server.c (kadm_listen) kadmind/kadm_ser_wrap.c
+ (kadm_listen): Add kludge for kadmind running on a multihomed
+ server. #ifdef:ed under MULTIHOMED_KADMIN. Change in acconfig.h
+ if you need this feature.
+
+ * appl/Makefile.in (SUBDIRS): Add applications movemail kpopper
+ and xnlock.
+
+ * appl/bsd/rlogin.c (main): New rlogind.c, forkpty() is not
+ implemented yet though.
+
+ * appl/xnlock/Makefile.in: Some stubs for X11 programs in
+ configure.in as well as a kerberized version of xnlock.
+
+ * appl/bsd/{rlogin.c, rsh.c, rcp.c}: Add code to support fallback
+ port numbers if they can not be found using getservbyname.
+
+ * appl/bsd/klogin.c (klogin): Use differnet ticket files for each
+ login so that a malicous user won't be able to destroy our tickets
+ with a failed login attempt.
+
+ * lib/kafs/afssys.c (k_afsklog): First we try afs.cell@REALM, if
+ there is no such thing try afs@CELL instead. There is now two
+ arguments to k_afslog(char *cell, char *realm).
+
+ * kadmin/admin_server.c (kadm_listen): If we are multihomed we
+ need to figure out which local address that is used this time
+ since it is used in "direction" comparison.
+
+ * kadmin/kadm_ser_wrap.c (kadm_ser_init): Fallback to use default
+ port number.
+
+ * lib/krb/send_to_kdc.c (send_to_kdc): Default port number
+ (KRB_PORT) was not in network byte order.
+
+ * lib/krb/send_to_kdc.c (send_recv): Linux clears timeout struct
+ when selecting.
+
+ * appl/bsd/rcp.c, appl/bsd/rlogin.c, appl/bsd/rsh.c:
+ Now does fallback if there isn't any entries in /etc/services for
+ klogin/kshell. This also made the code a bit more pretty.
+
+ * appl/bsd/login.c: Added support for lots of more struct utmp fields.
+ If there is no ttyslot() use setutent and friends.
+
+ * appl/bsd/Makefile.in, appl/bsd/rlogind.c, appl/bsd/rshd.c:
+ Added extern iruserok().
+
+ * appl/bsd/iruserok.c: Initial revision
+
+ * appl/bsd/bsd_locl.h: Must include sys/filio.h on Psoriasis.
+
+ * appl/bsd/Makefile.in: New install
+
+ * appl/bsd/pathnames.h: Fix default path, rsh and rlogin.
+
+ * appl/bsd/rshd.c: Extend default PATH with bindir to find rcp.
+
+ * appl/bsd/login.c (login): If there is no ttyslot use setutent
+ and friends. Added support for lots of more struct utmp fields.
+
+ * server/kerberos.c (main) lib/kafs/afssys.c appl/bsd/bsd_locl.h:
+ Must include sys/filio.h on Psoriasis to find _IOW and FIO* macros.
+
+ * appl/bsd/rlogind.c (doit): Use _PATH_DEFPATH rather than
+ _PATH_DEF.
+
+ * appl/bsd/login.c, su.c (main): Use fallback to bourne shell if
+ running as root.
+
+ * appl/bsd/su.c (main): Update usage message to reflect that '-'
+ option must come after the ordinary options and before login-id.
+
+ * appl/telnet/telnetd/telnetd.c (doit): If remote host name is to
+ long to fit into utmp try to remove domain part if it does match
+ our local domain.
+
+ (main): Add new option -L /bin/login so that it is possible to
+ specify an alternate login program.
+
+ * appl/telnet/telnet/commands.c (env_init): When exporting
+ variable DISPLAY and if hostname is not the full name, try to get
+ the full name from DNS.
+
+ * appl/telnet/telnet/main.c (main): Option -k realm was broken due
+ to a bogous external declaration.
+
+ * kadmin/kadmin.c (add_new_key): Kadmin now properly sets
+ lifetime, expiration date and attributes in add_new_key command.
+
+ * appl/bsd/su.c (main): Don't handle '-' option with getopt.
+
+ * appl/telnet/telnet/externs.h: Removed protection for multiple
+ inclusions of termio(s).h since it broke definition of termio
+ macro on POSIX systems.
+
+ * lib/krb/lifetime.c (krb_life_to_time): If you want to disable
+ AFS compatible long lifetimes set krb_no_long_lifetimes = 1.
+
+ Please note that the long lifetimes are 100% compatible up to
+ 10h so this should rarely be necessary.
+
+ * lib/krb/krb_equiv.c (krb_equiv): If you don't want to use
+ ipaddress protection of tickets set krb_ignore_ip_address. This
+ makes it possible for an intruder to steal a ticket and then use
+ it from som other machine anywhere on the net.
+
+ * kadmin/kadm_ser_wrap.c (kadm_ser_init): Don't bind to only one
+ local address. Accept request on all interfaces.
+
+ * admin/kdb_edit.c (change_principal): Don't accept illegal
+ dates. Courtesy of gertz@lysator.liu.se.
+
+ * configure.in: AIX specific libraries needed when using standard
+ libc routine getttyent, IBM should be ashamed!
+
+ * lib/krb/recvauth.c (krb_recvauth): Long that should be int32_t
+ problem.
+
+ * Added strdup for su and rlogin.
+
+ * Fix for old syslog macros in appl/bsd/bsd_locl.
+
+ * lib/kdb/krb_dbm.c (kerb_db_rename) admin/kdb_destroy.c: New
+ ifdef HAVE_NEW_DB for new databases residing in one file only.
+
+ * appl/bsd/rlogin.c (oob): Add workaround for Linux.
+
+ * appl/bsd/getpass.c: New routine that reads up to 127 char
+ passwords. Used in su.c and login.c.
+
+ * appl/telnet/telnetd/sys_term.c (login_tty): Ioctl TIOCSCTTY
+ should not be used on HP-UX.
+
+==========================*** Released 0.2? ***=============================
+
+ksrvutil
+ If there is a dot in the about to be added principals name there is
+ no need to ask for instance name.
+
+kerberos & kadmind
+ Logfiles are created with small permissions (600).
+
+krb.conf and krb.realms
+ Use domain part as realm name if there is no match in krb.realms.
+ Use kerberos.REALMNAME if there is no match in krb.realms.
+
+rlogin
+ The rlogin client is supported both with and without encryption,
+ there is no rlogind yet though.
+
+login
+ There is login program that supports the -f option. Both kerberos
+ and /etc/passwd authentication is enabled.
+
+ Vendors login programs typically have no -f option (needed by
+ telnetd) and also does not know how to verify passwords againts
+ kerberos.
+
+appl/bsd/*
+ Now uses POSIX signals.
+
+kdb_edit, kadmin
+ Generate random passwords if administrator enters empty password.
+
+lib/kafs
+ New library to support AFS. Routines:
+ int k_hasafs(void);
+ int k_afsklog(...); or some other name
+ int k_setpag(void);
+ int k_unlog(void);
+ int k_pioctl(char *, int, struct ViceIoctl *, int);
+
+ Library supports more than one single entry point AFS syscalls
+ (needed be HP/UX and OSF/1 when running DFS). Doesn't rely on
+ transarc headers or library code. Same binaries can be used both on
+ machines running AFS and others.
+
+ This library is used in telnetd, login and the r* programs.
+
+telnet & telnetd
+ Based on telnet.95.05.31.NE but with the encryption hacks from
+ ftp.funet.fi:/pub/unix/security/esrasrc-1.0 added. This encryption
+ stuff needed some more modifications (done by joda@nada.kth.se)
+ before it was usable. Telnet has also been modified to use GNU
+ autoconf.
+
+Numerous other changes that are long since forgotten.
diff --git a/crypto/kerberosIV/PROBLEMS b/crypto/kerberosIV/PROBLEMS
new file mode 100644
index 0000000..f6eeeef
--- /dev/null
+++ b/crypto/kerberosIV/PROBLEMS
@@ -0,0 +1,74 @@
+
+Problems compiling Kerberos
+===========================
+
+Many compilers require a switch to become ANSI compliant. Since kth-krb
+is written in ANSI C it is necessary to specify the name of the compiler
+to be used and the required switch to make it ANSI compliant. This is
+most easily done when running configure using the `env' command. For
+instance to build under HP-UX using the native compiler do:
+
+ datan$ env CC="cc -Ae" ./configure
+
+In general `gcc' works. The following combinations have also been
+verified to successfully compile the distribution:
+
+`HP-UX'
+ `cc -Ae'
+
+`Digital UNIX'
+ `cc -std1'
+
+`AIX'
+ `xlc'
+
+`Solaris 2.x'
+ `cc' (unbundled one)
+
+`IRIX'
+ `cc'
+
+Linux problems
+--------------
+
+Some systems have lost `/usr/include/ndbm.h' which is necessary to
+build kth-krb correctly. There is a `ndbm.h.Linux' right next to the
+source distribution.
+
+There has been reports of non-working `libdb' on some Linux
+distributions. If that happens, use the `--without-berkeley-db' when
+configuring.
+
+HP-UX problems
+--------------
+
+The shared library `/usr/lib/libndbm.sl' doesn't exist on all systems.
+To make problems even worse, there is never an archive version for
+static linking either. Therefore, when building "truly portable"
+binaries first install GNU gdbm or Berkeley DB, and make sure that you
+are linking against that library.
+
+Cray problems
+-------------
+
+`rlogind' won't work on Crays until `forkpty()' has been ported, in the
+mean time use `telnetd'.
+
+AIX problems
+------------
+
+`gcc' version 2.7.2.1 has a bug which makes it miscompile
+`appl/telnet/telnetd/sys_term.c' (and possibily `appl/bsd/forkpty.c'),
+if used with too much optimization.
+
+C2 problems
+-----------
+
+The programs that checks passwords works with `passwd', OTP, and
+Kerberos paswords. This is problem if you use C2 security (or use some
+other password database), that normally keeps passwords in some obscure
+place. If you want to use Kerberos with C2 security you will have to
+think about what kind of changes are necessary. See also the discussion
+about Digital's SIA and C2 security, see *Note Digital SIA::.
+
+
diff --git a/crypto/kerberosIV/README b/crypto/kerberosIV/README
new file mode 100644
index 0000000..0647614
--- /dev/null
+++ b/crypto/kerberosIV/README
@@ -0,0 +1,44 @@
+This is a severly hacked up version of Eric Young's eBones-p9 kerberos
+version. The DES library has been updated with his 3.23 version and
+numerous patches collected over the years have been applied to both
+the kerberos and DES sources, most notably the CMU patches for extended
+lifetimes that AFS uses. There is also support for AFS built into most
+programs.
+
+The source has been changed to use ANSI C and POSIX to the largest
+possible extent. The code in util/et and appl/bsd have not been
+updated in this way though (they really need it).
+
+Telnet and telnetd are based on the telnet.95.10.23.NE.tar.Z. Kerberos
+authentication is the default and warnings are issued by telnetd if
+the telnet client does not turn on encryption.
+
+The r* programs in appl/bsd have been updated with newer sources from
+NetBSD and FreeBSD. NOTE: use of telnet is prefered to the use of
+rlogin which is a temporary hack and not an Internet standard (and has
+only been documented quite recently). Telnet uses kerberos
+authentication to prevent the passing of cleartext passwords and is
+thus superior to rlogin.
+
+The distribution has been configured to primarily use kerberos
+authentication with a fallback to /etc/passwd passwords. This should
+make it easy to do a slow migration to kerberos. OTP support is also
+included in login, popper, and ftpd.
+
+All programs in this distribution follow these conventions:
+
+/usr/athena/bin: User programs
+/usr/athena/sbin: Administrator programs
+/usr/athena/libexec: Daemons
+/etc: Configuration files
+/var/log: Logfiles
+/var/kerberos: Kerberos database and ACL files
+
+A W3-page is at http://www.pdc.kth.se/kth-krb/
+
+You can get some documentation from ftp://ftp.pdc.kth.se/pub/krb/doc.
+
+Please report bugs and problems to kth-krb-bugs@nada.kth.se
+
+There is a mailing list discussing kerberos at krb4@sics.se, send a
+message to majordomo@sics.se to subscribe.
diff --git a/crypto/kerberosIV/README-WIN32 b/crypto/kerberosIV/README-WIN32
new file mode 100644
index 0000000..ba74c46
--- /dev/null
+++ b/crypto/kerberosIV/README-WIN32
@@ -0,0 +1,30 @@
+It should be possible to build several of the libraries and the GUI
+telnet ``voodoo'' on Win95/NT. In case you don't want to try there
+are binaries available at
+ftp://ftp.pdc.kth.se/pub/krb/binaries/i386-unknown-winnt4.0.
+
+In case you want to build from source and possibly hack some on them
+yourself here's a short guide:
+
+You need to build the libraries (DLLs) first and in this order:
+
+lib/roken
+lib/des
+lib/krb
+lib/kclient
+
+And then the two applications:
+
+appl/krbmanager
+appl/voodoo
+
+In each case there is a Visual-C++ generated makefile with the name
+*.mak in the corresponding directory. You might be able to load that
+into Microsoft whatever Studio and you might be able to just run nmake
+on them.
+
+Once you have ended up with 4 DLLs and 2 EXEs you only have to place
+them in a directory in your PATH and start voodoo.
+
+In case it doesn't work, you have discovered bugs or added some more
+features the mail address to use is <kth-krb-bugs@nada.kth.se>
diff --git a/crypto/kerberosIV/TODO b/crypto/kerberosIV/TODO
new file mode 100644
index 0000000..66aa1f1
--- /dev/null
+++ b/crypto/kerberosIV/TODO
@@ -0,0 +1,42 @@
+-*- indented-text -*-
+rlogind, rshd, popper, ftpd (telnetd uses nonce?)
+ Add a replay cache.
+
+telnet, rlogin, rsh, rcp
+ Some form of support for ticket forwarding, perhaps only for AFS tickets.
+
+telnet, telnetd
+ Add negotiation for keep-alives.
+
+rlogind
+ Fix utmp logging.
+
+documentation
+ Write more info on:
+ * how to use
+
+rshd
+ Read default environment from /etc/default/login and other files.
+ Encryption without secondary port is bugged, it currently does no
+ encryption. But, nobody uses it anyway.
+
+autoconf
+
+libraries
+ generate archive and shared libraries in some portable way.
+
+k_get_all_addrs
+ for Cray UNICOS
+
+ftpd
+
+kx
+ Compress and recode X protocol?
+
+kip
+ Other kinds of encapsulations?
+ Tunnel device as loadable kernel module.
+ Speed?
+
+BUGS
+ Where?
diff --git a/crypto/kerberosIV/acconfig.h b/crypto/kerberosIV/acconfig.h
new file mode 100644
index 0000000..bb7b7aa
--- /dev/null
+++ b/crypto/kerberosIV/acconfig.h
@@ -0,0 +1,282 @@
+/* $Id: acconfig.h,v 1.71 1997/06/01 22:32:24 assar Exp $ */
+
+/* Define this if RETSIGTYPE == void */
+#undef VOID_RETSIGTYPE
+
+/* Define this if struct utmp have ut_user */
+#undef HAVE_UT_USER
+
+/* Define this if struct utmp have ut_host */
+#undef HAVE_UT_HOST
+
+/* Define this if struct utmp have ut_addr */
+#undef HAVE_UT_ADDR
+
+/* Define this if struct utmp have ut_type */
+#undef HAVE_UT_TYPE
+
+/* Define this if struct utmp have ut_pid */
+#undef HAVE_UT_PID
+
+/* Define this if struct utmp have ut_id */
+#undef HAVE_UT_ID
+
+/* Define this if struct utmpx have ut_syslen */
+#undef HAVE_UT_SYSLEN
+
+/* Define this if struct winsize is declared in sys/termios.h */
+#undef HAVE_STRUCT_WINSIZE
+
+/* Define this if struct winsize have ws_xpixel */
+#undef HAVE_WS_XPIXEL
+
+/* Define this if struct winsize have ws_ypixel */
+#undef HAVE_WS_YPIXEL
+
+/* Define this to be the directory where the dictionary for cracklib */
+/* resides */
+#undef DICTPATH
+
+/* Define this if you want to use SOCKS v5 */
+#undef SOCKS
+
+/* Define this to the path of the mail spool directory */
+#undef KRB4_MAILDIR
+
+/* Define this if `struct sockaddr' includes sa_len */
+#undef SOCKADDR_HAS_SA_LEN
+
+/* Define this if `struct siaentity' includes ouid */
+#undef SIAENTITY_HAS_OUID
+
+/* Define if getlogin has POSIX flavour, as opposed to BSD */
+#undef POSIX_GETLOGIN
+
+/* Define if getpwnam_r has POSIX flavour */
+#undef POSIX_GETPWNAM_R
+
+/* define if getcwd() is broken (such as in SunOS) */
+#undef BROKEN_GETCWD
+
+/* define if the system is missing a prototype for crypt() */
+#undef NEED_CRYPT_PROTO
+
+/* define if the system is missing a prototype for strtok_r() */
+#undef NEED_STRTOK_R_PROTO
+
+/* define if /bin/ls takes -A */
+#undef HAVE_LS_A
+
+/* define if you have h_errno */
+#undef HAVE_H_ERRNO
+
+/* define if you have h_errlist but not hstrerror */
+#undef HAVE_H_ERRLIST
+
+/* define if you have h_nerr but not hstrerror */
+#undef HAVE_H_NERR
+
+/* define if your system doesn't declare h_errlist */
+#undef HAVE_H_ERRLIST_DECLARATION
+
+/* define if your system doesn't declare h_nerr */
+#undef HAVE_H_NERR_DECLARATION
+
+/* define this if you need a declaration for h_errno */
+#undef HAVE_H_ERRNO_DECLARATION
+
+/* define if you need a declaration for optarg */
+#undef HAVE_OPTARG_DECLARATION
+
+/* define if you need a declaration for optind */
+#undef HAVE_OPTIND_DECLARATION
+
+/* define if you need a declaration for opterr */
+#undef HAVE_OPTERR_DECLARATION
+
+/* define if you need a declaration for optopt */
+#undef HAVE_OPTOPT_DECLARATION
+
+/* define if you need a declaration for __progname */
+#undef HAVE___PROGNAME_DECLARATION
+
+@BOTTOM@
+
+#undef HAVE_INT8_T
+#undef HAVE_INT16_T
+#undef HAVE_INT32_T
+#undef HAVE_INT64_T
+#undef HAVE_U_INT8_T
+#undef HAVE_U_INT16_T
+#undef HAVE_U_INT32_T
+#undef HAVE_U_INT64_T
+
+#define RCSID(msg) \
+static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
+
+/*
+ * Set ORGANIZATION to be the desired organization string printed
+ * by the 'kinit' program. It may have spaces.
+ */
+#define ORGANIZATION "eBones International"
+
+#if 0
+#undef BINDIR
+#undef LIBDIR
+#undef LIBEXECDIR
+#undef SBINDIR
+#endif
+
+#if 0
+#define KRB_CNF_FILES { "/etc/krb.conf", "/etc/kerberosIV/krb.conf", 0}
+#define KRB_RLM_FILES { "/etc/krb.realms", "/etc/kerberosIV/krb.realms", 0}
+#define KRB_EQUIV "/etc/krb.equiv"
+
+#define KEYFILE "/etc/srvtab"
+
+#define KRBDIR "/var/kerberos"
+#define DBM_FILE KRBDIR "/principal"
+#define DEFAULT_ACL_DIR KRBDIR
+
+#define KRBLOG "/var/log/kerberos.log" /* master server */
+#define KRBSLAVELOG "/var/log/kerberos_slave.log" /* slave server */
+#define KADM_SYSLOG "/var/log/admin_server.syslog"
+#define K_LOGFIL "/var/log/kpropd.log"
+#endif
+
+/* Maximum values on all known systems */
+#define MaxHostNameLen (64+4)
+#define MaxPathLen (1024+4)
+
+/*
+ * Define NDBM if you are using the 4.3 ndbm library (which is part of
+ * libc). If not defined, 4.2 dbm will be assumed.
+ */
+#if defined(HAVE_DBM_FIRSTKEY)
+#define NDBM
+#endif
+
+/* ftp stuff -------------------------------------------------- */
+
+#define KERBEROS
+
+/* telnet stuff ----------------------------------------------- */
+
+/* define this if you have kerberos 4 */
+#undef KRB4
+
+/* define this if you want encryption */
+#undef ENCRYPTION
+
+/* define this if you want authentication */
+#undef AUTHENTICATION
+
+#if defined(ENCRYPTION) && !defined(AUTHENTICATION)
+#define AUTHENTICATION 1
+#endif
+
+/* Set this if you want des encryption */
+#undef DES_ENCRYPTION
+
+/* Set this to the default system lead string for telnetd
+ * can contain %-escapes: %s=sysname, %m=machine, %r=os-release
+ * %v=os-version, %t=tty, %h=hostname, %d=date and time
+ */
+#undef USE_IM
+
+/* define this if you want diagnostics in telnetd */
+#undef DIAGNOSTICS
+
+/* define this if you want support for broken ENV_{VALUE,VAR} systems */
+#undef ENV_HACK
+
+/* */
+#undef OLD_ENVIRON
+
+/* Used with login -p */
+#undef LOGIN_ARGS
+
+/* Define if there are working stream ptys */
+#undef STREAMSPTY
+
+/* set this to a sensible login */
+#ifndef LOGIN_PATH
+#define LOGIN_PATH BINDIR "/login"
+#endif
+
+
+/* ------------------------------------------------------------ */
+
+/*
+ * Define this if your ndbm-library really is berkeley db and creates
+ * files that ends in .db.
+ */
+#undef HAVE_NEW_DB
+
+/* Define this if you have a working getmsg */
+#undef HAVE_GETMSG
+
+/* Define to enable new master key code */
+#undef RANDOM_MKEY
+
+/* Location of the master key file, default value lives in <kdc.h> */
+#undef MKEYFILE
+
+/* Define if you don't want support for afs, might be a good idea on
+ AIX if you don't have afs */
+#undef NO_AFS
+
+/* Define if you have a readline compatible library */
+#undef HAVE_READLINE
+
+#ifdef VOID_RETSIGTYPE
+#define SIGRETURN(x) return
+#else
+#define SIGRETURN(x) return (RETSIGTYPE)(x)
+#endif
+
+/* Define this if your compiler supports '#pragma weak' */
+#undef HAVE_PRAGMA_WEAK
+
+/* Temporary fixes for krb_{rd,mk}_safe */
+#define DES_QUAD_GUESS 0
+#define DES_QUAD_NEW 1
+#define DES_QUAD_OLD 2
+
+/* Set this to one of the constants above to specify default checksum
+ type to emit */
+#undef DES_QUAD_DEFAULT
+
+/*
+ * AIX braindamage!
+ */
+#if _AIX
+#define _ALL_SOURCE
+#define _POSIX_SOURCE
+/* this is left for hysteric reasons :-) */
+#define unix /* well, ok... */
+#endif
+
+/*
+ * SunOS braindamage! (Sun include files are generally braindead)
+ */
+#if (defined(sun) || defined(__sun))
+#if defined(__svr4__) || defined(__SVR4)
+#define SunOS 5
+#else
+#define SunOS 4
+#endif
+#endif
+
+#if defined(__sgi) || defined(sgi)
+#if defined(__SYSTYPE_SVR4) || defined(_SYSTYPE_SVR4)
+#define IRIX 5
+#else
+#define IRIX 4
+#endif
+#endif
+
+/* IRIX 4 braindamage */
+#if IRIX == 4 && !defined(__STDC__)
+#define __STDC__ 0
+#endif
diff --git a/crypto/kerberosIV/aclocal.m4 b/crypto/kerberosIV/aclocal.m4
new file mode 100644
index 0000000..133e19d
--- /dev/null
+++ b/crypto/kerberosIV/aclocal.m4
@@ -0,0 +1,543 @@
+dnl
+dnl $Id: aclocal.m4,v 1.38 1997/05/18 18:47:30 assar Exp $
+dnl
+
+dnl
+dnl General tests
+dnl
+
+dnl
+dnl Look for function in any of the specified libraries
+dnl
+
+dnl AC_FIND_FUNC_NO_LIBS(func, libraries, includes, arguments)
+AC_DEFUN(AC_FIND_FUNC_NO_LIBS, [
+
+AC_MSG_CHECKING([for $1])
+AC_CACHE_VAL(ac_cv_funclib_$1,
+[
+if eval "test \"\$ac_cv_func_$1\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" $2; do
+ if test -n "$ac_lib"; then
+ ac_lib="-l$ac_lib"
+ LIBS="$ac_lib $ac_save_LIBS"
+ fi
+ AC_TRY_LINK([$3],[$1($4)],eval "if test -n \"$ac_lib\";then ac_cv_funclib_$1=$ac_lib; else ac_cv_funclib_$1=yes; fi";break)
+ done
+ eval "ac_cv_funclib_$1=\${ac_cv_funclib_$1-no}"
+ LIBS="$ac_save_LIBS"
+fi
+])
+
+eval "ac_res=\$ac_cv_funclib_$1"
+
+# autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs $1"@@@
+@@@libs="$libs $2"@@@
+END
+
+changequote(, )dnl
+eval "ac_tr_func=HAVE_`echo $1 | tr '[a-z]' '[A-Z]'`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+eval "LIB_$1=$ac_res"
+changequote([, ])dnl
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_$1=yes"
+ eval "LIB_$1="
+ AC_DEFINE_UNQUOTED($ac_tr_func)
+ AC_MSG_RESULT([yes])
+ ;;
+ no)
+ eval "ac_cv_func_$1=no"
+ eval "LIB_$1="
+ AC_MSG_RESULT([no])
+ ;;
+ *)
+ eval "ac_cv_func_$1=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ AC_DEFINE_UNQUOTED($ac_tr_func)
+ AC_DEFINE_UNQUOTED($ac_tr_lib)
+ AC_MSG_RESULT([yes, in $ac_res])
+ ;;
+esac
+AC_SUBST(LIB_$1)
+])
+
+dnl AC_FIND_FUNC(func, libraries, includes, arguments)
+AC_DEFUN(AC_FIND_FUNC, [
+AC_FIND_FUNC_NO_LIBS([$1], [$2], [$3], [$4])
+if test -n "$LIB_$1"; then
+ LIBS="$LIB_$1 $LIBS"
+fi
+])
+
+dnl
+dnl Same as AC _REPLACE_FUNCS, just define HAVE_func if found in normal
+dnl libraries
+
+AC_DEFUN(AC_BROKEN,
+[for ac_func in $1
+do
+AC_CHECK_FUNC($ac_func, [
+changequote(, )dnl
+ac_tr_func=HAVE_`echo $ac_func | tr '[a-z]' '[A-Z]'`
+changequote([, ])dnl
+AC_DEFINE_UNQUOTED($ac_tr_func)],[LIBOBJS="$LIBOBJS ${ac_func}.o"])
+# autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs $1"@@@
+END
+done
+AC_SUBST(LIBOBJS)dnl
+])
+
+dnl
+dnl Mix between AC_FIND_FUNC and AC_BROKEN
+dnl
+
+AC_DEFUN(AC_FIND_IF_NOT_BROKEN,
+[AC_FIND_FUNC([$1], [$2], [$3], [$4])
+if eval "test \"$ac_cv_func_$1\" != yes"; then
+LIBOBJS="$LIBOBJS $1.o"
+fi
+AC_SUBST(LIBOBJS)dnl
+])
+
+dnl
+dnl
+dnl
+
+dnl AC_TEST_PACKAGE(package,header,lib,linkline)
+AC_DEFUN(AC_TEST_PACKAGE,
+[
+AC_MSG_CHECKING(for $1)
+AC_ARG_WITH($1,
+[ --with-$1=dir use $1 in dir],
+[if test "$with_$1" = "no"; then
+ with_$1=
+fi]
+)
+AC_ARG_WITH($1-lib,
+[ --with-$1-lib=dir use $1-lib in dir],
+[if test "$withval" = "yes" -o "$withval" = "no"; then
+ AC_MSG_ERROR([No argument for --with-$1-lib])
+elif test "X$with_$1" = "X"; then
+ with_$1=yes
+fi]
+)
+AC_ARG_WITH($1-include,
+[ --with-$1-include=dir use $1-include in dir],
+[if test "$withval" = "yes" -o "$withval" = "no"; then
+ AC_MSG_ERROR([No argument for --with-$1-include])
+elif test "X$with_$1" = "X"; then
+ with_$1=yes
+fi]
+)
+
+define([foo], translit($1, [a-z], [A-Z]))
+: << END
+@@@syms="$syms foo"@@@
+END
+
+if test -n "$with_$1"; then
+ AC_DEFINE([foo])
+ if test "$with_$1" != "yes"; then
+ $1_dir=$with_$1
+ fi
+dnl Try to find include
+ if test -n "$with_$1_include"; then
+ trydir=$with_$1_include
+ elif test "$with_$1" != "yes"; then
+ trydir="$with_$1 $with_$1/include"
+ else
+ trydir=
+ fi
+ found=
+ for i in $trydir ""; do
+ if test -n "$i"; then
+ if test -f $i/$2; then
+ found=yes; res=$i; break
+ fi
+ else
+ AC_TRY_CPP([#include <$2>], [found=yes; res=$i; break])
+ fi
+ done
+ if test -n "$found"; then
+ $1_include=$res
+ else
+ AC_MSG_ERROR(Cannot find $2)
+ fi
+dnl Try to find lib
+ if test -n "$with_$1_lib"; then
+ trydir=$with_$1_lib
+ elif test "$with_$1" != "yes"; then
+ trydir="$with_$1 $with_$1/lib"
+ else
+ trydir=
+ fi
+ found=
+ for i in $trydir ""; do
+ if test -n "$i"; then
+ if test -f $i/$3; then
+ found=yes; res=$i; break
+ fi
+ else
+ old_LIBS=$LIBS
+ LIBS="$4 $LIBS"
+ AC_TRY_LINK([], [], [found=yes; res=$i; LIBS=$old_LIBS; break])
+ LIBS=$old_LIBS
+ fi
+ done
+ if test -n "$found"; then
+ $1_lib=$res
+ else
+ AC_MSG_ERROR(Cannot find $3)
+ fi
+ AC_MSG_RESULT([headers $$1_include, libraries $$1_lib])
+ AC_DEFINE_UNQUOTED(foo)
+ if test -n "$$1_include"; then
+ foo[INCLUDE]="-I$$1_include"
+ fi
+ AC_SUBST(foo[INCLUDE])
+ if test -n "$$1_lib"; then
+ foo[LIB]="-L$$1_lib"
+ fi
+ foo[LIB]="$foo[LIB] $4"
+ AC_SUBST(foo[LIB])
+else
+ AC_MSG_RESULT(no)
+fi
+undefine([foo])
+])
+
+dnl
+dnl Check if we need the declaration of a variable
+dnl
+
+dnl AC_HAVE_DECLARATION(includes, variable)
+AC_DEFUN(AC_CHECK_DECLARATION, [
+AC_MSG_CHECKING([if $2 is properly declared])
+AC_CACHE_VAL(ac_cv_var_$2_declaration, [
+AC_TRY_COMPILE([$1
+extern struct { int foo; } $2;],
+[$2.foo = 1;],
+eval "ac_cv_var_$2_declaration=no",
+eval "ac_cv_var_$2_declaration=yes")
+])
+
+ac_tr_var=[HAVE_]translit($2, [a-z], [A-Z])[_DECLARATION]
+
+define([foo], [HAVE_]translit($2, [a-z], [A-Z])[_DECLARATION])
+: << END
+@@@syms="$syms foo"@@@
+END
+undefine([foo])
+
+AC_MSG_RESULT($ac_cv_var_$2_declaration)
+if eval "test \"\$ac_cv_var_$2_declaration\" = yes"; then
+ AC_DEFINE_UNQUOTED($ac_tr_var)
+fi
+])
+
+dnl
+dnl
+dnl
+
+dnl AC_CHECK_VAR(includes, variable)
+AC_DEFUN(AC_CHECK_VAR, [
+AC_MSG_CHECKING(for $2)
+AC_CACHE_VAL(ac_cv_var_$2, [
+AC_TRY_LINK([extern int $2;
+int foo() { return $2; }],
+ [foo()],
+ ac_cv_var_$2=yes, ac_cv_var_$2=no)
+])
+eval "ac_tr_var=[HAVE_]translit($2,[a-z],[A-Z])"
+
+define([foo], [HAVE_]translit($2, [a-z], [A-Z]))
+: << END
+@@@syms="$syms foo"@@@
+END
+undefine([foo])
+
+AC_MSG_RESULT(`eval echo \\$ac_cv_var_$2`)
+if test `eval echo \\$ac_cv_var_$2` = yes; then
+ AC_DEFINE_UNQUOTED($ac_tr_var)
+ AC_CHECK_DECLARATION([$1],[$2])
+fi
+])
+
+dnl
+dnl Check if we need the prototype for a function
+dnl
+
+dnl AC_NEED_PROTO(includes, function)
+
+AC_DEFUN(AC_NEED_PROTO, [
+AC_CACHE_CHECK([if $2 needs a prototype], ac_cv_func_$2_noproto,
+AC_TRY_COMPILE([$1],
+[struct foo { int foo; } xx;
+extern int $2 (struct foo*);
+$2(&xx);
+],
+eval "ac_cv_func_$2_noproto=yes",
+eval "ac_cv_func_$2_noproto=no"))
+define([foo], [NEED_]translit($2, [a-z], [A-Z])[_PROTO])
+if test "$ac_cv_func_$2_noproto" = yes; then
+ AC_DEFINE(foo)
+fi
+: << END
+@@@syms="$syms foo"@@@
+END
+undefine([foo])
+])
+
+dnl AC_MSG_RESULT($ac_cv_func_$3_proto)
+dnl if eval "test \"\$ac_cv_func_$3_proto\" = yes"; then
+dnl AC_DEFINE_UNQUOTED($ac_tr_func)
+dnl fi
+dnl ])
+dnl
+dnl AC_DEFUN(AC_NEED_PROTO, [
+dnl AC_MSG_CHECKING([if $3 needs a proto])
+dnl AC_CACHE_VAL(ac_cv_func_$3_proto, [
+dnl AC_TRY_COMPILE([$1],
+dnl [$2],
+dnl eval "ac_cv_func_$3_proto=no",
+dnl eval "ac_cv_func_$3_proto=yes")
+dnl ])
+dnl changequote(, )dnl
+dnl eval "ac_tr_func=NEED_`echo $3 | tr '[a-z]' '[A-Z]'`_PROTO"
+dnl changequote([, ])dnl
+dnl
+dnl define([foo], [NEED_]translit($3, [a-z], [A-Z])[_PROTO])
+dnl : << END
+dnl @@@syms="$syms foo"@@@
+dnl END
+dnl undefine([foo])
+dnl
+dnl AC_MSG_RESULT($ac_cv_func_$3_proto)
+dnl if eval "test \"\$ac_cv_func_$3_proto\" = yes"; then
+dnl AC_DEFINE_UNQUOTED($ac_tr_func)
+dnl fi
+dnl ])
+
+AC_DEFUN(AC_GROK_TYPE, [
+AC_CACHE_VAL(ac_cv_type_$1,
+AC_TRY_COMPILE([
+#include "confdefs.h"
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_BIND_BITYPES_H
+#include <bind/bitypes.h>
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+#include <netinet/in6_machtypes.h>
+#endif
+],
+$i x;
+,
+eval ac_cv_type_$1=yes,
+eval ac_cv_type_$1=no))])
+
+
+AC_DEFUN(AC_GROK_TYPES, [
+for i in $1; do
+ AC_MSG_CHECKING(for $i)
+ AC_GROK_TYPE($i)
+ eval ac_res=\$ac_cv_type_$i
+ if test "$ac_res" = yes; then
+ type=HAVE_`echo $i | tr '[a-z]' '[A-Z]'`
+ AC_DEFINE_UNQUOTED($type)
+ fi
+ AC_MSG_RESULT($ac_res)
+done
+])
+
+dnl
+dnl Specific tests
+dnl
+
+dnl
+dnl We prefer byacc or yacc because they do not use `alloca'
+dnl
+
+AC_DEFUN(AC_KRB_PROG_YACC,
+[AC_CHECK_PROGS(YACC, byacc yacc 'bison -y')])
+
+dnl
+dnl Also look for EMXOMF for OS/2
+dnl
+
+AC_DEFUN(AC_KRB_PROG_RANLIB,
+[AC_CHECK_PROGS(RANLIB, ranlib EMXOMF, :)])
+
+dnl
+dnl Better test for ln -s, ln or cp
+dnl
+
+AC_DEFUN(AC_KRB_PROG_LN_S,
+[AC_MSG_CHECKING(for ln -s or something else)
+AC_CACHE_VAL(ac_cv_prog_LN_S,
+[rm -f conftestdata
+if ln -s X conftestdata 2>/dev/null
+then
+ rm -f conftestdata
+ ac_cv_prog_LN_S="ln -s"
+else
+ touch conftestdata1
+ if ln conftestdata1 conftestdata2; then
+ rm -f conftestdata*
+ ac_cv_prog_LN_S=ln
+ else
+ ac_cv_prog_LN_S=cp
+ fi
+fi])dnl
+LN_S="$ac_cv_prog_LN_S"
+AC_MSG_RESULT($ac_cv_prog_LN_S)
+AC_SUBST(LN_S)dnl
+])
+
+dnl
+dnl NEXTSTEP is not posix compliant by default,
+dnl you need a switch -posix to the compiler
+dnl
+
+AC_DEFUN(AC_KRB_SYS_NEXTSTEP, [
+AC_MSG_CHECKING(for NEXTSTEP)
+AC_CACHE_VAL(krb_cv_sys_nextstep,
+AC_EGREP_CPP(yes,
+[#ifdef NeXT
+ yes
+#endif
+], krb_cv_sys_nextstep=yes, krb_cv_sys_nextstep=no) )
+if test "$krb_cv_sys_nextstep" = "yes"; then
+ CFLAGS="$CFLAGS -posix"
+ LIBS="$LIBS -posix"
+fi
+AC_MSG_RESULT($krb_cv_sys_nextstep)
+])
+
+dnl
+dnl AIX have a very different syscall convention
+dnl
+AC_DEFUN(AC_KRB_SYS_AIX, [
+AC_MSG_CHECKING(for AIX)
+AC_CACHE_VAL(krb_cv_sys_aix,
+AC_EGREP_CPP(yes,
+[#ifdef _AIX
+ yes
+#endif
+], krb_cv_sys_aix=yes, krb_cv_sys_aix=no) )
+AC_MSG_RESULT($krb_cv_sys_aix)
+])
+
+dnl
+dnl test for broken getcwd in (SunOS braindamage)
+dnl
+
+AC_DEFUN(AC_KRB_FUNC_GETCWD_BROKEN, [
+if test "$ac_cv_func_getcwd" = yes; then
+AC_MSG_CHECKING(if getcwd is broken)
+AC_CACHE_VAL(ac_cv_func_getcwd_broken, [
+ac_cv_func_getcwd_broken=no
+
+AC_TRY_RUN([
+#include <errno.h>
+char *getcwd(char*, int);
+
+void *popen(char *cmd, char *mode)
+{
+ errno = ENOTTY;
+ return 0;
+}
+
+int main()
+{
+ char *ret;
+ ret = getcwd(0, 1024);
+ if(ret == 0 && errno == ENOTTY)
+ return 0;
+ return 1;
+}
+], ac_cv_func_getcwd_broken=yes,:,:)
+])
+if test "$ac_cv_func_getcwd_broken" = yes; then
+ AC_DEFINE(BROKEN_GETCWD, 1)dnl
+ LIBOBJS="$LIBOBJS getcwd.o"
+ AC_SUBST(LIBOBJS)dnl
+ AC_MSG_RESULT($ac_cv_func_getcwd_broken)
+else
+ AC_MSG_RESULT([seems ok])
+fi
+fi
+])
+
+
+AC_DEFUN(AC_HAVE_PRAGMA_WEAK, [
+if test "${with_shared}" = "yes"; then
+AC_MSG_CHECKING(for pragma weak)
+AC_CACHE_VAL(ac_have_pragma_weak, [
+ac_have_pragma_weak=no
+cat > conftest_foo.$ac_ext <<'EOF'
+[#]line __oline__ "configure"
+#include "confdefs.h"
+#pragma weak foo = _foo
+int _foo = 17;
+EOF
+cat > conftest_bar.$ac_ext <<'EOF'
+[#]line __oline__ "configure"
+#include "confdefs.h"
+extern int foo;
+
+int t() {
+ return foo;
+}
+
+int main() {
+ return t();
+}
+EOF
+if AC_TRY_EVAL('CC -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest_foo.$ac_ext conftest_bar.$ac_ext 1>&AC_FD_CC'); then
+ac_have_pragma_weak=yes
+fi
+rm -rf conftest*
+])
+if test "$ac_have_pragma_weak" = "yes"; then
+ AC_DEFINE(HAVE_PRAGMA_WEAK, 1)dnl
+fi
+AC_MSG_RESULT($ac_have_pragma_weak)
+fi
+])
+
+dnl
+dnl Search for struct winsize
+dnl
+
+AC_DEFUN(AC_KRB_STRUCT_WINSIZE, [
+AC_MSG_CHECKING(for struct winsize)
+AC_CACHE_VAL(ac_cv_struct_winsize, [
+ac_cv_struct_winsize=no
+for i in sys/termios.h sys/ioctl.h; do
+AC_EGREP_HEADER(
+changequote(, )dnl
+struct[ ]*winsize,dnl
+changequote([,])dnl
+$i, ac_cv_struct_winsize=yes; break)dnl
+done
+])
+if test "$ac_cv_struct_winsize" = "yes"; then
+ AC_DEFINE(HAVE_STRUCT_WINSIZE, 1)dnl
+fi
+AC_MSG_RESULT($ac_cv_struct_winsize)
+AC_EGREP_HEADER(ws_xpixel, termios.h, AC_DEFINE(HAVE_WS_XPIXEL))
+AC_EGREP_HEADER(ws_ypixel, termios.h, AC_DEFINE(HAVE_WS_YPIXEL))
+])
diff --git a/crypto/kerberosIV/admin/Makefile.in b/crypto/kerberosIV/admin/Makefile.in
new file mode 100644
index 0000000..d0b68b1
--- /dev/null
+++ b/crypto/kerberosIV/admin/Makefile.in
@@ -0,0 +1,104 @@
+# $Id: Makefile.in,v 1.26 1997/05/04 08:33:50 assar Exp $
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+CC = @CC@
+AR = ar
+RANLIB = @RANLIB@
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@
+LD_FLAGS = @LD_FLAGS@
+LIBS = @LIBS@
+LIB_DBM = @LIB_DBM@
+
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+sbindir = @sbindir@
+transform=@program_transform_name@
+EXECSUFFIX=@EXECSUFFIX@
+
+PROGS = ext_srvtab$(EXECSUFFIX) \
+ kdb_destroy$(EXECSUFFIX) \
+ kdb_edit$(EXECSUFFIX) \
+ kdb_init$(EXECSUFFIX) \
+ kdb_util$(EXECSUFFIX) \
+ kstash$(EXECSUFFIX)
+
+SOURCES = ext_srvtab.c kdb_destroy.c kdb_edit.c \
+ kdb_init.c kdb_util.c kstash.c
+
+OBJECTS = ext_srvtab.o kdb_destroy.o kdb_edit.o \
+ kdb_init.o kdb_util.o kstash.o
+
+all: $(PROGS)
+
+Wall:
+ make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+ $(CC) -c $(CPPFLAGS) $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $<
+
+install: all
+ $(MKINSTALLDIRS) $(sbindir)
+ for x in $(PROGS); do \
+ $(INSTALL_PROGRAM) $$x $(sbindir)/`echo $$x|sed '$(transform)'`; \
+ done
+
+uninstall:
+ for x in $(PROGS); do \
+ rm -f $(sbindir)/`echo $$x|sed '$(transform)'`; \
+ done
+
+TAGS: $(SOURCES)
+ etags $(SOURCES)
+
+check:
+
+clean:
+ rm -f *.a *.o $(PROGS)
+
+mostlyclean: clean
+
+distclean: clean
+ rm -f Makefile *.tab.c *~
+
+realclean: distclean
+ rm -f TAGS
+
+dist: $(DISTFILES)
+ for file in $(DISTFILES); do \
+ ln $$file ../`cat ../.fname`/lib \
+ || cp -p $$file ../`cat ../.fname`/lib; \
+ done
+
+KLIB=-L../lib/kdb -lkdb -L../lib/krb -lkrb -L../lib/des -ldes
+LIBROKEN= -L../lib/roken -lroken
+
+ext_srvtab$(EXECSUFFIX): ext_srvtab.o
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ ext_srvtab.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
+
+kdb_destroy$(EXECSUFFIX): kdb_destroy.o
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_destroy.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
+
+kdb_edit$(EXECSUFFIX): kdb_edit.o
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_edit.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
+
+kdb_init$(EXECSUFFIX): kdb_init.o
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_init.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
+
+kdb_util$(EXECSUFFIX): kdb_util.o
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_util.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
+
+kstash$(EXECSUFFIX): kstash.o
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kstash.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
+
+$(OBJECTS): ../include/config.h
diff --git a/crypto/kerberosIV/admin/adm_locl.h b/crypto/kerberosIV/admin/adm_locl.h
new file mode 100644
index 0000000..6cbd20d
--- /dev/null
+++ b/crypto/kerberosIV/admin/adm_locl.h
@@ -0,0 +1,91 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: adm_locl.h,v 1.16 1997/04/20 05:46:14 assar Exp $ */
+
+#ifndef __adm_locl_h
+#define __adm_locl_h
+
+#include "config.h"
+#include "protos.h"
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <assert.h>
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif /* !TIME_WITH_SYS_TIME */
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#include <signal.h>
+#include <errno.h>
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+
+#include <err.h>
+
+#include <roken.h>
+
+#include <des.h>
+#include <krb.h>
+#include <krb_db.h>
+#include <kdc.h>
+#include <kadm.h>
+
+#endif /* __adm_locl_h */
diff --git a/crypto/kerberosIV/admin/ext_srvtab.c b/crypto/kerberosIV/admin/ext_srvtab.c
new file mode 100644
index 0000000..9c02921
--- /dev/null
+++ b/crypto/kerberosIV/admin/ext_srvtab.c
@@ -0,0 +1,143 @@
+/*
+ * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * Description
+ */
+
+#include "adm_locl.h"
+
+RCSID("$Id: ext_srvtab.c,v 1.13 1997/05/02 14:27:33 assar Exp $");
+
+static des_cblock master_key;
+static des_cblock session_key;
+static des_key_schedule master_key_schedule;
+static char realm[REALM_SZ];
+
+static void
+usage(void)
+{
+ fprintf(stderr,
+ "Usage: %s [-n] [-r realm] instance [instance ...]\n",
+ __progname);
+ exit(1);
+}
+
+static void
+StampOutSecrets(void)
+{
+ memset(master_key, 0, sizeof master_key);
+ memset(session_key, 0, sizeof session_key);
+ memset(master_key_schedule, 0, sizeof master_key_schedule);
+}
+
+static void
+Die(void)
+{
+ StampOutSecrets();
+ exit(1);
+}
+
+static void
+FWrite(void *p, int size, int n, FILE *f)
+{
+ if (fwrite(p, size, n, f) != n) {
+ printf("Error writing output file. Terminating.\n");
+ Die();
+ }
+}
+
+int
+main(int argc, char **argv)
+{
+ FILE *fout;
+ char fname[1024];
+ int fopen_errs = 0;
+ int arg;
+ Principal princs[40];
+ int more;
+ int prompt = KDB_GET_PROMPT;
+ int n, i;
+
+ set_progname (argv[0]);
+ memset(realm, 0, sizeof(realm));
+
+ /* Parse commandline arguments */
+ if (argc < 2)
+ usage();
+ else {
+ for (i = 1; i < argc; i++) {
+ if (strcmp(argv[i], "-n") == 0)
+ prompt = FALSE;
+ else if (strcmp(argv[i], "-r") == 0) {
+ if (++i >= argc)
+ usage();
+ else {
+ strcpy(realm, argv[i]);
+ /*
+ * This is to humor the broken way commandline
+ * argument parsing is done. Later, this
+ * program ignores everything that starts with -.
+ */
+ argv[i][0] = '-';
+ }
+ }
+ else if (argv[i][0] == '-')
+ usage();
+ else
+ if (!k_isinst(argv[i])) {
+ warnx("bad instance name: %s", argv[i]);
+ usage();
+ }
+ }
+ }
+
+ if (kdb_get_master_key (prompt, &master_key, master_key_schedule) != 0)
+ errx (1, "Couldn't read master key.");
+
+ if (kdb_verify_master_key (&master_key, master_key_schedule, stderr) < 0) {
+ exit(1);
+ }
+
+ /* For each arg, search for instances of arg, and produce */
+ /* srvtab file */
+ if (!realm[0])
+ if (krb_get_lrealm(realm, 1) != KSUCCESS)
+ errx (1, "couldn't get local realm");
+ umask(077);
+
+ for (arg = 1; arg < argc; arg++) {
+ if (argv[arg][0] == '-')
+ continue;
+ snprintf(fname, sizeof(fname), "%s-new-srvtab", argv[arg]);
+ if ((fout = fopen(fname, "w")) == NULL) {
+ warn("Couldn't create file '%s'.", fname);
+ fopen_errs++;
+ continue;
+ }
+ printf("Generating '%s'....\n", fname);
+ n = kerb_get_principal("*", argv[arg], &princs[0], 40, &more);
+ if (more)
+ fprintf(stderr, "More than 40 found...\n");
+ for (i = 0; i < n; i++) {
+ FWrite(princs[i].name, strlen(princs[i].name) + 1, 1, fout);
+ FWrite(princs[i].instance, strlen(princs[i].instance) + 1,
+ 1, fout);
+ FWrite(realm, strlen(realm) + 1, 1, fout);
+ FWrite(&princs[i].key_version,
+ sizeof(princs[i].key_version), 1, fout);
+ copy_to_key(&princs[i].key_low, &princs[i].key_high, session_key);
+ kdb_encrypt_key (&session_key, &session_key,
+ &master_key, master_key_schedule, DES_DECRYPT);
+ FWrite(session_key, sizeof session_key, 1, fout);
+ }
+ fclose(fout);
+ }
+
+ StampOutSecrets();
+
+ return fopen_errs; /* 0 errors if successful */
+
+}
diff --git a/crypto/kerberosIV/admin/kdb_destroy.c b/crypto/kerberosIV/admin/kdb_destroy.c
new file mode 100644
index 0000000..fca339f
--- /dev/null
+++ b/crypto/kerberosIV/admin/kdb_destroy.c
@@ -0,0 +1,57 @@
+/*
+ * Copyright 1988 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * Description.
+ */
+
+#include "adm_locl.h"
+
+RCSID("$Id: kdb_destroy.c,v 1.7 1997/03/31 02:25:21 assar Exp $");
+
+int
+main(int argc, char **argv)
+{
+ char answer[10]; /* user input */
+ char dbm[256]; /* database path and name */
+ char dbm1[256]; /* database path and name */
+#ifdef HAVE_NEW_DB
+ char *file; /* database file names */
+#else
+ char *file1, *file2; /* database file names */
+#endif
+
+ set_progname (argv[0]);
+
+ strcpy(dbm, DBM_FILE);
+#ifdef HAVE_NEW_DB
+ file = strcat(dbm, ".db");
+#else
+ strcpy(dbm1, DBM_FILE);
+ file1 = strcat(dbm, ".dir");
+ file2 = strcat(dbm1, ".pag");
+#endif
+
+ printf("You are about to destroy the Kerberos database ");
+ printf("on this machine.\n");
+ printf("Are you sure you want to do this (y/n)? ");
+ fgets(answer, sizeof(answer), stdin);
+
+ if (answer[0] == 'y' || answer[0] == 'Y') {
+#ifdef HAVE_NEW_DB
+ if (unlink(file) == 0)
+#else
+ if (unlink(file1) == 0 && unlink(file2) == 0)
+#endif
+ {
+ warnx ("Database deleted at %s", DBM_FILE);
+ return 0;
+ }
+ else
+ warn ("Database cannot be deleted at %s", DBM_FILE);
+ } else
+ warnx ("Database not deleted at %s", DBM_FILE);
+ return 1;
+}
diff --git a/crypto/kerberosIV/admin/kdb_edit.c b/crypto/kerberosIV/admin/kdb_edit.c
new file mode 100644
index 0000000..5d07135
--- /dev/null
+++ b/crypto/kerberosIV/admin/kdb_edit.c
@@ -0,0 +1,404 @@
+/*
+ * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
+ * of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * This routine changes the Kerberos encryption keys for principals,
+ * i.e., users or services.
+ */
+
+/*
+ * exit returns 0 ==> success -1 ==> error
+ */
+
+#include "adm_locl.h"
+
+RCSID("$Id: kdb_edit.c,v 1.25 1997/05/07 01:34:05 assar Exp $");
+
+#ifdef DEBUG
+extern kerb_debug;
+#endif
+
+#define zaptime(foo) memset((foo), 0, sizeof(*(foo)))
+
+static int nflag = 0;
+static int debug;
+
+static des_cblock new_key;
+
+static int i, j;
+static int more;
+
+static char input_name[ANAME_SZ];
+static char input_instance[INST_SZ];
+
+#define MAX_PRINCIPAL 10
+static Principal principal_data[MAX_PRINCIPAL];
+
+static Principal old_principal;
+static Principal default_princ;
+
+static des_cblock master_key;
+static des_cblock session_key;
+static des_key_schedule master_key_schedule;
+static char pw_str[255];
+static long master_key_version;
+
+static void
+Usage(void)
+{
+ fprintf(stderr, "Usage: %s [-n]\n", __progname);
+ exit(1);
+}
+
+static char *
+n_gets(char *buf, int size)
+{
+ char *p;
+ char *ret;
+ ret = fgets(buf, size, stdin);
+
+ if (ret && (p = strchr(buf, '\n')))
+ *p = 0;
+ return ret;
+}
+
+
+static int
+change_principal(void)
+{
+ static char temp[255];
+ int creating = 0;
+ int editpw = 0;
+ int changed = 0;
+ long temp_long; /* Don't change to int32_t, used by scanf */
+ int n;
+ struct tm *tp, edate;
+
+ fprintf(stdout, "\nPrincipal name: ");
+ fflush(stdout);
+ if (!n_gets(input_name, sizeof(input_name)) || *input_name == '\0')
+ return 0;
+ fprintf(stdout, "Instance: ");
+ fflush(stdout);
+ /* instance can be null */
+ n_gets(input_instance, sizeof(input_instance));
+ j = kerb_get_principal(input_name, input_instance, principal_data,
+ MAX_PRINCIPAL, &more);
+ if (!j) {
+ fprintf(stdout, "\n\07\07<Not found>, Create [y] ? ");
+ fflush(stdout);
+ n_gets(temp, sizeof(temp)); /* Default case should work, it didn't */
+ if (temp[0] != 'y' && temp[0] != 'Y' && temp[0] != '\0')
+ return -1;
+ /* make a new principal, fill in defaults */
+ j = 1;
+ creating = 1;
+ strcpy(principal_data[0].name, input_name);
+ strcpy(principal_data[0].instance, input_instance);
+ principal_data[0].old = NULL;
+ principal_data[0].exp_date = default_princ.exp_date;
+ if (strcmp(input_instance, "admin") == 0)
+ principal_data[0].max_life = 1 + (CLOCK_SKEW/(5*60)); /*5+5 minutes*/
+ else if (strcmp(input_instance, "root") == 0)
+ principal_data[0].max_life = 96; /* 8 hours */
+ else
+ principal_data[0].max_life = default_princ.max_life;
+ principal_data[0].attributes = default_princ.attributes;
+ principal_data[0].kdc_key_ver = (unsigned char) master_key_version;
+ principal_data[0].key_version = 0; /* bumped up later */
+ }
+ tp = k_localtime(&principal_data[0].exp_date);
+ snprintf(principal_data[0].exp_date_txt,
+ sizeof(principal_data[0].exp_date_txt),
+ "%4d-%02d-%02d",
+ tp->tm_year + 1900,
+ tp->tm_mon + 1, tp->tm_mday); /* January is 0, not 1 */
+ for (i = 0; i < j; i++) {
+ for (;;) {
+ fprintf(stdout,
+ "\nPrincipal: %s, Instance: %s, kdc_key_ver: %d",
+ principal_data[i].name, principal_data[i].instance,
+ principal_data[i].kdc_key_ver);
+ fflush(stdout);
+ editpw = 1;
+ changed = 0;
+ if (!creating) {
+ /*
+ * copy the existing data so we can use the old values
+ * for the qualifier clause of the replace
+ */
+ principal_data[i].old = (char *) &old_principal;
+ memcpy(&old_principal, &principal_data[i],
+ sizeof(old_principal));
+ printf("\nChange password [n] ? ");
+ n_gets(temp, sizeof(temp));
+ if (strcmp("y", temp) && strcmp("Y", temp))
+ editpw = 0;
+ }
+ /* password */
+ if (editpw) {
+#ifdef NOENCRYPTION
+ placebo_read_pw_string(pw_str, sizeof pw_str,
+ "\nNew Password: ", TRUE);
+#else
+ if(des_read_pw_string(pw_str, sizeof pw_str,
+ "\nNew Password: ", TRUE))
+ continue;
+#endif
+ if ( strcmp(pw_str, "RANDOM") == 0
+ || strcmp(pw_str, "") == 0) {
+ printf("\nRandom password [y] ? ");
+ n_gets(temp, sizeof(temp));
+ if (!strcmp("n", temp) || !strcmp("N", temp)) {
+ /* no, use literal */
+#ifdef NOENCRYPTION
+ memset(new_key, 0, sizeof(des_cblock));
+ new_key[0] = 127;
+#else
+ des_string_to_key(pw_str, &new_key);
+#endif
+ memset(pw_str, 0, sizeof pw_str); /* "RANDOM" */
+ } else {
+#ifdef NOENCRYPTION
+ memset(new_key, 0, sizeof(des_cblock));
+ new_key[0] = 127;
+#else
+ des_new_random_key(&new_key);
+#endif
+ memset(pw_str, 0, sizeof pw_str);
+ }
+ } else if (!strcmp(pw_str, "NULL")) {
+ printf("\nNull Key [y] ? ");
+ n_gets(temp, sizeof(temp));
+ if (!strcmp("n", temp) || !strcmp("N", temp)) {
+ /* no, use literal */
+#ifdef NOENCRYPTION
+ memset(new_key, 0, sizeof(des_cblock));
+ new_key[0] = 127;
+#else
+ des_string_to_key(pw_str, &new_key);
+#endif
+ memset(pw_str, 0, sizeof pw_str); /* "NULL" */
+ } else {
+
+ principal_data[i].key_low = 0;
+ principal_data[i].key_high = 0;
+ goto null_key;
+ }
+ } else {
+#ifdef NOENCRYPTION
+ memset(new_key, 0, sizeof(des_cblock));
+ new_key[0] = 127;
+#else
+ des_string_to_key(pw_str, &new_key);
+#endif
+ memset(pw_str, 0, sizeof pw_str);
+ }
+
+ /* seal it under the kerberos master key */
+ kdb_encrypt_key (&new_key, &new_key,
+ &master_key, master_key_schedule,
+ DES_ENCRYPT);
+ copy_from_key(new_key,
+ &principal_data[i].key_low,
+ &principal_data[i].key_high);
+ memset(new_key, 0, sizeof(new_key));
+ null_key:
+ /* set master key version */
+ principal_data[i].kdc_key_ver =
+ (unsigned char) master_key_version;
+ /* bump key version # */
+ principal_data[i].key_version++;
+ fprintf(stdout,
+ "\nPrincipal's new key version = %d\n",
+ principal_data[i].key_version);
+ fflush(stdout);
+ changed = 1;
+ }
+ /* expiration date */
+ fprintf(stdout, "Expiration date (enter yyyy-mm-dd) [ %s ] ? ",
+ principal_data[i].exp_date_txt);
+ fflush(stdout);
+ zaptime(&edate);
+ while (n_gets(temp, sizeof(temp)) && ((n = strlen(temp)) >
+ sizeof(principal_data[0].exp_date_txt))) {
+ bad_date:
+ fprintf(stdout, "\07\07Date Invalid\n");
+ fprintf(stdout,
+ "Expiration date (enter yyyy-mm-dd) [ %s ] ? ",
+ principal_data[i].exp_date_txt);
+ fflush(stdout);
+ zaptime(&edate);
+ }
+
+ if (*temp) {
+ if (sscanf(temp, "%d-%d-%d", &edate.tm_year,
+ &edate.tm_mon, &edate.tm_mday) != 3)
+ goto bad_date;
+ edate.tm_mon--; /* January is 0, not 1 */
+ edate.tm_hour = 23; /* nearly midnight at the end of the */
+ edate.tm_min = 59; /* specified day */
+ if (krb_check_tm (edate))
+ goto bad_date;
+ edate.tm_year -= 1900;
+ temp_long = tm2time (edate, 1);
+ strcpy(principal_data[i].exp_date_txt, temp);
+ principal_data[i].exp_date = temp_long;
+ changed = 1;
+ }
+
+ /* maximum lifetime */
+ fprintf(stdout, "Max ticket lifetime (*5 minutes) [ %d ] ? ",
+ principal_data[i].max_life);
+ fflush(stdout);
+ while (n_gets(temp, sizeof(temp)) && *temp) {
+ if (sscanf(temp, "%ld", &temp_long) != 1)
+ goto bad_life;
+ if (temp_long > 255 || (temp_long < 0)) {
+ bad_life:
+ fprintf(stdout, "\07\07Invalid, choose 0-255\n");
+ fprintf(stdout,
+ "Max ticket lifetime (*5 minutes) [ %d ] ? ",
+ principal_data[i].max_life);
+ fflush(stdout);
+ continue;
+ }
+ changed = 1;
+ /* dont clobber */
+ principal_data[i].max_life = (unsigned short) temp_long;
+ break;
+ }
+
+ /* attributes */
+ fprintf(stdout, "Attributes [ %d ] ? ",
+ principal_data[i].attributes);
+ fflush(stdout);
+ while (n_gets(temp, sizeof(temp)) && *temp) {
+ if (sscanf(temp, "%ld", &temp_long) != 1)
+ goto bad_att;
+ if (temp_long > 65535 || (temp_long < 0)) {
+ bad_att:
+ fprintf(stdout, "\07\07Invalid, choose 0-65535\n");
+ fprintf(stdout, "Attributes [ %d ] ? ",
+ principal_data[i].attributes);
+ fflush(stdout);
+ continue;
+ }
+ changed = 1;
+ /* dont clobber */
+ principal_data[i].attributes =
+ (unsigned short) temp_long;
+ break;
+ }
+
+ /*
+ * remaining fields -- key versions and mod info, should
+ * not be directly manipulated
+ */
+ if (changed) {
+ if (kerb_put_principal(&principal_data[i], 1)) {
+ fprintf(stdout,
+ "\nError updating Kerberos database");
+ } else {
+ fprintf(stdout, "Edit O.K.");
+ }
+ } else {
+ fprintf(stdout, "Unchanged");
+ }
+
+
+ memset(&principal_data[i].key_low, 0, 4);
+ memset(&principal_data[i].key_high, 0, 4);
+ fflush(stdout);
+ break;
+ }
+ }
+ if (more) {
+ fprintf(stdout, "\nThere were more tuples found ");
+ fprintf(stdout, "than there were space for");
+ }
+ return 1;
+}
+
+static void
+cleanup(void)
+{
+
+ memset(master_key, 0, sizeof(master_key));
+ memset(session_key, 0, sizeof(session_key));
+ memset(master_key_schedule, 0, sizeof(master_key_schedule));
+ memset(principal_data, 0, sizeof(principal_data));
+ memset(new_key, 0, sizeof(new_key));
+ memset(pw_str, 0, sizeof(pw_str));
+}
+
+int
+main(int argc, char **argv)
+{
+ /* Local Declarations */
+
+ long n;
+
+ set_progname (argv[0]);
+
+ while (--argc > 0 && (*++argv)[0] == '-')
+ for (i = 1; argv[0][i] != '\0'; i++) {
+ switch (argv[0][i]) {
+
+ /* debug flag */
+ case 'd':
+ debug = 1;
+ continue;
+
+ /* debug flag */
+#ifdef DEBUG
+ case 'l':
+ kerb_debug |= 1;
+ continue;
+#endif
+ case 'n': /* read MKEYFILE for master key */
+ nflag = 1;
+ continue;
+
+ default:
+ warnx ("illegal flag \"%c\"", argv[0][i]);
+ Usage(); /* Give message and die */
+ }
+ }
+
+ fprintf(stdout, "Opening database...\n");
+ fflush(stdout);
+ kerb_init();
+ if (argc > 0)
+ if (kerb_db_set_name(*argv) != 0)
+ errx (1, "Could not open altername database name");
+
+ if (kdb_get_master_key ((nflag == 0) ? KDB_GET_PROMPT : 0,
+ &master_key, master_key_schedule) != 0)
+ errx (1, "Couldn't read master key.");
+
+ if ((master_key_version = kdb_verify_master_key(&master_key,
+ master_key_schedule,
+ stdout)) < 0)
+ return 1;
+
+ /* Initialize non shared random sequence */
+ des_init_random_number_generator(&master_key);
+
+ /* lookup the default values */
+ n = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST,
+ &default_princ, 1, &more);
+ if (n != 1)
+ errx (1, "Kerberos error on default value lookup, %ld found.", n);
+ fprintf(stdout, "Previous or default values are in [brackets] ,\n");
+ fprintf(stdout, "enter return to leave the same, or new value.\n");
+
+ while (change_principal()) {
+ }
+
+ cleanup();
+ return 0;
+}
diff --git a/crypto/kerberosIV/admin/kdb_init.c b/crypto/kerberosIV/admin/kdb_init.c
new file mode 100644
index 0000000..b9ea009
--- /dev/null
+++ b/crypto/kerberosIV/admin/kdb_init.c
@@ -0,0 +1,174 @@
+/*
+ * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * program to initialize the database, reports error if database file
+ * already exists.
+ */
+
+#include "adm_locl.h"
+
+RCSID("$Id: kdb_init.c,v 1.23 1997/03/30 17:45:05 assar Exp $");
+
+enum ap_op {
+ NULL_KEY, /* setup null keys */
+ MASTER_KEY, /* use master key as new key */
+ RANDOM_KEY /* choose a random key */
+};
+
+static des_cblock master_key;
+static des_key_schedule master_key_schedule;
+
+/* use a return code to indicate success or failure. check the return */
+/* values of the routines called by this routine. */
+
+static int
+add_principal(char *name, char *instance, enum ap_op aap_op, int maxlife)
+{
+ Principal principal;
+ struct tm *tm;
+ des_cblock new_key;
+
+ memset(&principal, 0, sizeof(principal));
+ strncpy(principal.name, name, ANAME_SZ);
+ strncpy(principal.instance, instance, INST_SZ);
+ switch (aap_op) {
+ case NULL_KEY:
+ principal.key_low = 0;
+ principal.key_high = 0;
+ break;
+ case RANDOM_KEY:
+#ifdef NOENCRYPTION
+ memset(new_key, 0, sizeof(des_cblock));
+ new_key[0] = 127;
+#else
+ des_new_random_key(&new_key);
+#endif
+ kdb_encrypt_key (&new_key, &new_key, &master_key, master_key_schedule,
+ DES_ENCRYPT);
+ copy_from_key(new_key, &principal.key_low, &principal.key_high);
+ memset(new_key, 0, sizeof(new_key));
+ break;
+ case MASTER_KEY:
+ memcpy(new_key, master_key, sizeof (des_cblock));
+ kdb_encrypt_key (&new_key, &new_key, &master_key, master_key_schedule,
+ DES_ENCRYPT);
+ copy_from_key(new_key, &principal.key_low, &principal.key_high);
+ break;
+ }
+ principal.exp_date = 946702799; /* Happy new century */
+ strncpy(principal.exp_date_txt, "12/31/99", DATE_SZ);
+ principal.mod_date = time(0);
+
+ tm = k_localtime(&principal.mod_date);
+ principal.attributes = 0;
+ principal.max_life = maxlife;
+
+ principal.kdc_key_ver = 1;
+ principal.key_version = 1;
+
+ strncpy(principal.mod_name, "db_creation", ANAME_SZ);
+ strncpy(principal.mod_instance, "", INST_SZ);
+ principal.old = 0;
+
+ if (kerb_db_put_principal(&principal, 1) != 1)
+ return -1; /* FAIL */
+
+ /* let's play it safe */
+ memset(new_key, 0, sizeof (des_cblock));
+ memset(&principal.key_low, 0, 4);
+ memset(&principal.key_high, 0, 4);
+ return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+ char realm[REALM_SZ];
+ char *cp;
+ int code;
+ char *database;
+
+ set_progname (argv[0]);
+
+ if (argc > 3) {
+ fprintf(stderr, "Usage: %s [realm-name] [database-name]\n", argv[0]);
+ return 1;
+ }
+ if (argc == 3) {
+ database = argv[2];
+ --argc;
+ } else
+ database = DBM_FILE;
+
+ /* Do this first, it'll fail if the database exists */
+ if ((code = kerb_db_create(database)) != 0)
+ err (1, "Couldn't create database %s", database);
+ kerb_db_set_name(database);
+
+ if (argc == 2)
+ strncpy(realm, argv[1], REALM_SZ);
+ else {
+ if (krb_get_lrealm(realm, 1) != KSUCCESS)
+ strcpy(realm, KRB_REALM);
+ fprintf(stderr, "Realm name [default %s ]: ", realm);
+ if (fgets(realm, sizeof(realm), stdin) == NULL)
+ errx (1, "\nEOF reading realm");
+ if ((cp = strchr(realm, '\n')))
+ *cp = '\0';
+ if (!*realm) /* no realm given */
+ if (krb_get_lrealm(realm, 1) != KSUCCESS)
+ strcpy(realm, KRB_REALM);
+ }
+ if (!k_isrealm(realm))
+ errx (1, "Bad kerberos realm name \"%s\"", realm);
+#ifndef RANDOM_MKEY
+ printf("You will be prompted for the database Master Password.\n");
+ printf("It is important that you NOT FORGET this password.\n");
+#else
+ printf("To generate a master key, please enter some random data.\n");
+ printf("You do not have to remember this.\n");
+#endif
+ fflush(stdout);
+
+ if (kdb_get_master_key (KDB_GET_TWICE, &master_key,
+ master_key_schedule) != 0)
+ errx (1, "Couldn't read master key.");
+
+#ifdef RANDOM_MKEY
+ if(kdb_kstash(&master_key, MKEYFILE) < 0)
+ err (1, "Error writing master key");
+ fprintf(stderr, "Wrote master key to %s\n", MKEYFILE);
+#endif
+
+ /* Initialize non shared random sequence */
+ des_init_random_number_generator(&master_key);
+
+ /* Maximum lifetime for changepw.kerberos (kadmin) tickets, 10 minutes */
+#define ADMLIFE (1 + (CLOCK_SKEW/(5*60)))
+
+ /* Maximum lifetime for ticket granting tickets, 4 days or 21.25h */
+#define TGTLIFE ((krb_life_to_time(0, 162) >= 24*60*60) ? 161 : 255)
+
+ /* This means that default lifetimes have not been initialized */
+#define DEFLIFE 255
+
+#define NOLIFE 0
+
+ if (
+ add_principal(KERB_M_NAME, KERB_M_INST, MASTER_KEY, NOLIFE) ||
+ add_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, NULL_KEY,DEFLIFE)||
+ add_principal(KRB_TICKET_GRANTING_TICKET, realm, RANDOM_KEY, TGTLIFE)||
+ add_principal(PWSERV_NAME, KRB_MASTER, RANDOM_KEY, ADMLIFE)
+ ) {
+ putc ('\n', stderr);
+ errx (1, "couldn't initialize database.");
+ }
+
+ /* play it safe */
+ memset(master_key, 0, sizeof (des_cblock));
+ memset(master_key_schedule, 0, sizeof (des_key_schedule));
+ return 0;
+}
diff --git a/crypto/kerberosIV/admin/kdb_util.c b/crypto/kerberosIV/admin/kdb_util.c
new file mode 100644
index 0000000..b221fdd
--- /dev/null
+++ b/crypto/kerberosIV/admin/kdb_util.c
@@ -0,0 +1,496 @@
+/*
+ * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * Kerberos database manipulation utility. This program allows you to
+ * dump a kerberos database to an ascii readable file and load this
+ * file into the database. Read locking of the database is done during a
+ * dump operation. NO LOCKING is done during a load operation. Loads
+ * should happen with other processes shutdown.
+ *
+ * Written July 9, 1987 by Jeffrey I. Schiller
+ */
+
+#include "adm_locl.h"
+
+RCSID("$Id: kdb_util.c,v 1.35 1997/05/07 00:57:45 assar Exp $");
+
+static des_cblock master_key, new_master_key;
+static des_key_schedule master_key_schedule, new_master_key_schedule;
+
+#define zaptime(foo) memset((foo), 0, sizeof(*(foo)))
+
+/* cv_key is a procedure which takes a principle and changes its key,
+ either for a new method of encrypting the keys, or a new master key.
+ if cv_key is null no transformation of key is done (other than net byte
+ order). */
+
+struct callback_args {
+ void (*cv_key)(Principal *);
+ FILE *output_file;
+};
+
+static void
+print_time(FILE *file, time_t timeval)
+{
+ struct tm *tm;
+ tm = gmtime(&timeval);
+ fprintf(file, " %04d%02d%02d%02d%02d",
+ tm->tm_year + 1900,
+ tm->tm_mon + 1,
+ tm->tm_mday,
+ tm->tm_hour,
+ tm->tm_min);
+}
+
+static long
+time_explode(char *cp)
+{
+ char wbuf[5];
+ struct tm tp;
+ int local;
+
+ zaptime(&tp); /* clear out the struct */
+
+ if (strlen(cp) > 10) { /* new format */
+ strncpy(wbuf, cp, 4);
+ wbuf[4] = 0;
+ tp.tm_year = atoi(wbuf) - 1900;
+ cp += 4; /* step over the year */
+ local = 0; /* GMT */
+ } else { /* old format: local time,
+ year is 2 digits, assuming 19xx */
+ wbuf[0] = *cp++;
+ wbuf[1] = *cp++;
+ wbuf[2] = 0;
+ tp.tm_year = atoi(wbuf);
+ local = 1; /* local */
+ }
+
+ wbuf[0] = *cp++;
+ wbuf[1] = *cp++;
+ wbuf[2] = 0;
+ tp.tm_mon = atoi(wbuf)-1;
+
+ wbuf[0] = *cp++;
+ wbuf[1] = *cp++;
+ tp.tm_mday = atoi(wbuf);
+
+ wbuf[0] = *cp++;
+ wbuf[1] = *cp++;
+ tp.tm_hour = atoi(wbuf);
+
+ wbuf[0] = *cp++;
+ wbuf[1] = *cp++;
+ tp.tm_min = atoi(wbuf);
+
+
+ return(tm2time(tp, local));
+}
+
+static int
+dump_db_1(void *arg, Principal *principal)
+{ /* replace null strings with "*" */
+ struct callback_args *a = (struct callback_args *)arg;
+
+ if (principal->instance[0] == '\0') {
+ principal->instance[0] = '*';
+ principal->instance[1] = '\0';
+ }
+ if (principal->mod_name[0] == '\0') {
+ principal->mod_name[0] = '*';
+ principal->mod_name[1] = '\0';
+ }
+ if (principal->mod_instance[0] == '\0') {
+ principal->mod_instance[0] = '*';
+ principal->mod_instance[1] = '\0';
+ }
+ if (a->cv_key != NULL) {
+ (*a->cv_key) (principal);
+ }
+ fprintf(a->output_file, "%s %s %d %d %d %d %x %x",
+ principal->name,
+ principal->instance,
+ principal->max_life,
+ principal->kdc_key_ver,
+ principal->key_version,
+ principal->attributes,
+ (int)htonl (principal->key_low),
+ (int)htonl (principal->key_high));
+ print_time(a->output_file, principal->exp_date);
+ print_time(a->output_file, principal->mod_date);
+ fprintf(a->output_file, " %s %s\n",
+ principal->mod_name,
+ principal->mod_instance);
+ return 0;
+}
+
+static int
+dump_db (char *db_file, FILE *output_file, void (*cv_key) (Principal *))
+{
+ struct callback_args a;
+
+ a.cv_key = cv_key;
+ a.output_file = output_file;
+
+ kerb_db_iterate ((k_iter_proc_t)dump_db_1, &a);
+ return fflush(output_file);
+}
+
+static int
+add_file(void *db, FILE *file)
+{
+ int ret;
+ int lineno = 0;
+ char line[1024];
+ unsigned long key[2]; /* yes, long */
+ Principal pr;
+
+ char exp_date[64], mod_date[64];
+
+ int life, kkvno, kvno;
+
+ while(1){
+ memset(&pr, 0, sizeof(pr));
+ errno = 0;
+ if(fgets(line, sizeof(line), file) == NULL){
+ if(errno != 0)
+ err (1, "fgets");
+ break;
+ }
+ lineno++;
+ ret = sscanf(line, "%s %s %d %d %d %hd %lx %lx %s %s %s %s",
+ pr.name, pr.instance,
+ &life, &kkvno, &kvno,
+ &pr.attributes,
+ &key[0], &key[1],
+ exp_date, mod_date,
+ pr.mod_name, pr.mod_instance);
+ if(ret != 12){
+ warnx("Line %d malformed (ignored)", lineno);
+ continue;
+ }
+ pr.key_low = ntohl (key[0]);
+ pr.key_high = ntohl (key[1]);
+ pr.max_life = life;
+ pr.kdc_key_ver = kkvno;
+ pr.key_version = kvno;
+ pr.exp_date = time_explode(exp_date);
+ pr.mod_date = time_explode(mod_date);
+ if (pr.instance[0] == '*')
+ pr.instance[0] = 0;
+ if (pr.mod_name[0] == '*')
+ pr.mod_name[0] = 0;
+ if (pr.mod_instance[0] == '*')
+ pr.mod_instance[0] = 0;
+ if (kerb_db_update(db, &pr, 1) != 1) {
+ warn ("store %s.%s aborted",
+ pr.name, pr.instance);
+ return 1;
+ }
+ }
+ return 0;
+}
+
+static void
+load_db (char *db_file, FILE *input_file)
+{
+ long *db;
+ int temp1;
+ int code;
+ char *temp_db_file;
+
+ temp1 = strlen(db_file)+2;
+ temp_db_file = malloc (temp1);
+ strcpy(temp_db_file, db_file);
+ strcat(temp_db_file, "~");
+
+ /* Create the database */
+ if ((code = kerb_db_create(temp_db_file)) != 0)
+ err (1, "creating temp database %s", temp_db_file);
+ kerb_db_set_name(temp_db_file);
+ db = kerb_db_begin_update();
+ if (db == NULL)
+ err (1, "opening temp database %s", temp_db_file);
+
+ if(add_file(db, input_file))
+ errx (1, "Load aborted");
+
+ kerb_db_end_update(db);
+ if ((code = kerb_db_rename(temp_db_file, db_file)) != 0)
+ warn("database rename failed");
+ fclose(input_file);
+ free(temp_db_file);
+}
+
+static void
+merge_db(char *db_file, FILE *input_file)
+{
+ void *db;
+
+ db = kerb_db_begin_update();
+ if(db == NULL)
+ err (1, "Couldn't open database");
+ if(add_file(db, input_file))
+ errx (1, "Merge aborted");
+ kerb_db_end_update(db);
+}
+
+static void
+update_ok_file (char *file_name)
+{
+ /* handle slave locking/failure stuff */
+ char *file_ok;
+ int fd;
+ static char ok[]=".dump_ok";
+
+ asprintf (&file_ok, "%s%s", file_name, ok);
+ if (file_ok == NULL)
+ errx (1, "out of memory");
+ if ((fd = open(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0400)) < 0)
+ err (1, "Error creating %s", file_ok);
+ free(file_ok);
+ close(fd);
+}
+
+static void
+convert_key_new_master (Principal *p)
+{
+ des_cblock key;
+
+ /* leave null keys alone */
+ if ((p->key_low == 0) && (p->key_high == 0)) return;
+
+ /* move current key to des_cblock for encryption, special case master key
+ since that's changing */
+ if ((strncmp (p->name, KERB_M_NAME, ANAME_SZ) == 0) &&
+ (strncmp (p->instance, KERB_M_INST, INST_SZ) == 0)) {
+ memcpy (key, new_master_key, sizeof(des_cblock));
+ (p->key_version)++;
+ } else {
+ copy_to_key(&p->key_low, &p->key_high, key);
+ kdb_encrypt_key (&key, &key, &master_key, master_key_schedule, DES_DECRYPT);
+ }
+
+ kdb_encrypt_key (&key, &key, &new_master_key, new_master_key_schedule, DES_ENCRYPT);
+
+ copy_from_key(key, &(p->key_low), &(p->key_high));
+ memset(key, 0, sizeof (key)); /* a little paranoia ... */
+
+ (p->kdc_key_ver)++;
+}
+
+static void
+clear_secrets (void)
+{
+ memset(master_key, 0, sizeof (des_cblock));
+ memset(master_key_schedule, 0, sizeof (des_key_schedule));
+ memset(new_master_key, 0, sizeof (des_cblock));
+ memset(new_master_key_schedule, 0, sizeof (des_key_schedule));
+}
+
+static void
+convert_new_master_key (char *db_file, FILE *out)
+{
+#ifdef RANDOM_MKEY
+ errx (1, "Sorry, this function is not available with "
+ "the new master key scheme.");
+#else
+ printf ("\n\nEnter the CURRENT master key.");
+ if (kdb_get_master_key (KDB_GET_PROMPT, &master_key,
+ master_key_schedule) != 0) {
+ clear_secrets ();
+ errx (1, "Couldn't get master key.");
+ }
+
+ if (kdb_verify_master_key (&master_key, master_key_schedule, stderr) < 0) {
+ clear_secrets ();
+ exit (1);
+ }
+
+ printf ("\n\nNow enter the NEW master key. Do not forget it!!");
+ if (kdb_get_master_key (KDB_GET_TWICE, &new_master_key,
+ new_master_key_schedule) != 0) {
+ clear_secrets ();
+ errx (1, "Couldn't get new master key.");
+ }
+
+ dump_db (db_file, out, convert_key_new_master);
+ {
+ char fname[128];
+ snprintf(fname, sizeof(fname), "%s.new", MKEYFILE);
+ kdb_kstash(&new_master_key, fname);
+ }
+#endif /* RANDOM_MKEY */
+}
+
+static void
+convert_key_old_db (Principal *p)
+{
+ des_cblock key;
+
+ /* leave null keys alone */
+ if ((p->key_low == 0) && (p->key_high == 0)) return;
+
+ copy_to_key(&p->key_low, &p->key_high, key);
+
+#ifndef NOENCRYPTION
+ des_pcbc_encrypt((des_cblock *)key,(des_cblock *)key,
+ (long)sizeof(des_cblock),master_key_schedule,
+ (des_cblock *)master_key_schedule, DES_DECRYPT);
+#endif
+
+ /* make new key, new style */
+ kdb_encrypt_key (&key, &key, &master_key, master_key_schedule, DES_ENCRYPT);
+
+ copy_from_key(key, &(p->key_low), &(p->key_high));
+ memset(key, 0, sizeof (key)); /* a little paranoia ... */
+}
+
+static void
+convert_old_format_db (char *db_file, FILE *out)
+{
+ des_cblock key_from_db;
+ Principal principal_data[1];
+ int n, more;
+
+ if (kdb_get_master_key (KDB_GET_PROMPT, &master_key,
+ master_key_schedule) != 0L) {
+ clear_secrets();
+ errx (1, "Couldn't get master key.");
+ }
+
+ /* can't call kdb_verify_master_key because this is an old style db */
+ /* lookup the master key version */
+ n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data,
+ 1 /* only one please */, &more);
+ if ((n != 1) || more)
+ errx (1, "verify_master_key: Kerberos error on master key lookup, %d found.\n", n);
+
+ /* set up the master key */
+ fprintf(stderr, "Current Kerberos master key version is %d.\n",
+ principal_data[0].kdc_key_ver);
+
+ /*
+ * now use the master key to decrypt (old style) the key in the db, had better
+ * be the same!
+ */
+ copy_to_key(&principal_data[0].key_low,
+ &principal_data[0].key_high,
+ key_from_db);
+#ifndef NOENCRYPTION
+ des_pcbc_encrypt(&key_from_db,&key_from_db,(long)sizeof(key_from_db),
+ master_key_schedule,(des_cblock *)master_key_schedule, DES_DECRYPT);
+#endif
+ /* the decrypted database key had better equal the master key */
+
+ n = memcmp(master_key, key_from_db, sizeof(master_key));
+ memset(key_from_db, 0, sizeof(key_from_db));
+
+ if (n) {
+ fprintf(stderr, "\n\07\07verify_master_key: Invalid master key, ");
+ fprintf(stderr, "does not match database.\n");
+ exit (1);
+ }
+
+ fprintf(stderr, "Master key verified.\n");
+
+ dump_db (db_file, out, convert_key_old_db);
+}
+
+int
+main(int argc, char **argv)
+{
+ int ret;
+ FILE *file;
+ enum {
+ OP_LOAD,
+ OP_MERGE,
+ OP_DUMP,
+ OP_SLAVE_DUMP,
+ OP_NEW_MASTER,
+ OP_CONVERT_OLD_DB
+ } op;
+ char *file_name;
+ char *db_name;
+
+ set_progname (argv[0]);
+
+ if (argc != 3 && argc != 4) {
+ fprintf(stderr, "Usage: %s operation file [database name].\n",
+ argv[0]);
+ fprintf(stderr, "Operation is one of: "
+ "load, merge, dump, slave_dump, new_master_key, "
+ "convert_old_db\n");
+ exit(1);
+ }
+ if (argc == 3)
+ db_name = DBM_FILE;
+ else
+ db_name = argv[3];
+
+ ret = kerb_db_set_name (db_name);
+
+ /* this makes starting slave servers ~14.3 times easier */
+ if(ret && strcmp(argv[1], "load") == 0)
+ ret = kerb_db_create (db_name);
+
+ if(ret)
+ err (1, "Can't open database");
+
+ if (!strcmp(argv[1], "load"))
+ op = OP_LOAD;
+ else if (!strcmp(argv[1], "merge"))
+ op = OP_MERGE;
+ else if (!strcmp(argv[1], "dump"))
+ op = OP_DUMP;
+ else if (!strcmp(argv[1], "slave_dump"))
+ op = OP_SLAVE_DUMP;
+ else if (!strcmp(argv[1], "new_master_key"))
+ op = OP_NEW_MASTER;
+ else if (!strcmp(argv[1], "convert_old_db"))
+ op = OP_CONVERT_OLD_DB;
+ else {
+ warnx ("%s is an invalid operation.", argv[1]);
+ warnx ("Valid operations are \"load\", \"merge\", "
+ "\"dump\", \"slave_dump\", \"new_master_key\", "
+ "and \"convert_old_db\"");
+ return 1;
+ }
+
+ file_name = argv[2];
+ file = fopen(file_name, (op == OP_LOAD || op == OP_MERGE) ? "r" : "w");
+ if (file == NULL)
+ err (1, "open %s", argv[2]);
+
+ switch (op) {
+ case OP_DUMP:
+ if ((dump_db (db_name, file, (void (*)(Principal *)) 0) == EOF) ||
+ (fclose(file) == EOF))
+ err (1, "%s", file_name);
+ break;
+ case OP_SLAVE_DUMP:
+ if ((dump_db (db_name, file, (void (*)(Principal *)) 0) == EOF) ||
+ (fclose(file) == EOF))
+ err (1, "%s", file_name);
+ update_ok_file (file_name);
+ break;
+ case OP_LOAD:
+ load_db (db_name, file);
+ break;
+ case OP_MERGE:
+ merge_db (db_name, file);
+ break;
+ case OP_NEW_MASTER:
+ convert_new_master_key (db_name, file);
+ printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name);
+ break;
+ case OP_CONVERT_OLD_DB:
+ convert_old_format_db (db_name, file);
+ printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name);
+ break;
+ }
+ return 0;
+}
diff --git a/crypto/kerberosIV/admin/kstash.c b/crypto/kerberosIV/admin/kstash.c
new file mode 100644
index 0000000..4595de5
--- /dev/null
+++ b/crypto/kerberosIV/admin/kstash.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
+ * of Technology
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * Description.
+ */
+
+#include "adm_locl.h"
+
+RCSID("$Id: kstash.c,v 1.10 1997/03/30 17:35:37 assar Exp $");
+
+/* change this later, but krblib_dbm needs it for now */
+
+static des_cblock master_key;
+static des_key_schedule master_key_schedule;
+
+static void
+clear_secrets(void)
+{
+ memset(master_key_schedule, 0, sizeof(master_key_schedule));
+ memset(master_key, 0, sizeof(master_key));
+}
+
+int
+main(int argc, char **argv)
+{
+ long n;
+ int ret = 0;
+ set_progname (argv[0]);
+
+ if ((n = kerb_init()))
+ errx(1, "Kerberos db and cache init failed = %ld\n", n);
+
+ if (kdb_get_master_key (KDB_GET_PROMPT, &master_key,
+ master_key_schedule) != 0) {
+ clear_secrets();
+ errx(1, "Couldn't read master key.");
+ }
+
+ if (kdb_verify_master_key (&master_key, master_key_schedule, stderr) < 0) {
+ clear_secrets();
+ return 1;
+ }
+
+ ret = kdb_kstash(&master_key, MKEYFILE);
+ if(ret < 0)
+ warn("writing master key");
+ else
+ fprintf(stderr, "Wrote master key to %s\n", MKEYFILE);
+
+ clear_secrets();
+ return ret;
+}
diff --git a/crypto/kerberosIV/appl/Makefile.in b/crypto/kerberosIV/appl/Makefile.in
new file mode 100644
index 0000000..c951258
--- /dev/null
+++ b/crypto/kerberosIV/appl/Makefile.in
@@ -0,0 +1,43 @@
+# $Id: Makefile.in,v 1.27 1997/05/20 18:58:37 bg Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+SHELL = /bin/sh
+
+@SET_MAKE@
+
+SUBDIRS = sample kauth bsd movemail afsutil \
+ kpopper xnlock kx otp @APPL_KIP_DIR@ ftp telnet
+
+all:
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) all); done
+
+Wall:
+ make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+install:
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) install); done
+
+uninstall:
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done
+
+clean:
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) clean); done
+
+mostlyclean: clean
+
+distclean:
+ for i in $(SUBDIRS);\
+ do (cd $$i && $(MAKE) $(MFLAGS) distclean); done
+ rm -f Makefile *~
+
+realclean:
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) realclean); done
+
+.PHONY: all install uninstall clean distclean realclean mostlyclean
diff --git a/crypto/kerberosIV/appl/bsd/Makefile.in b/crypto/kerberosIV/appl/bsd/Makefile.in
new file mode 100644
index 0000000..57a8108
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/Makefile.in
@@ -0,0 +1,135 @@
+# $Id: Makefile.in,v 1.56 1997/05/20 20:35:04 assar Exp $
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+
+topdir = ../..
+
+CC = @CC@
+AR = ar
+RANLIB = @RANLIB@
+DEFS = @DEFS@ -DBINDIR='"$(bindir)"'
+CFLAGS = @CFLAGS@
+LD_FLAGS = @LD_FLAGS@
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+LIBS = @LIBS@
+LIB_DBM = @LIB_DBM@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+libexecdir = @libexecdir@
+bindir = @bindir@
+transform=@program_transform_name@
+EXECSUFFIX=@EXECSUFFIX@
+
+# Beware, these are all setuid root programs
+PROG_SUIDBIN = rsh$(EXECSUFFIX) \
+ rcp$(EXECSUFFIX) \
+ rlogin$(EXECSUFFIX) \
+ su$(EXECSUFFIX)
+PROG_BIN = login$(EXECSUFFIX)
+PROG_LIBEXEC = rshd$(EXECSUFFIX) \
+ rlogind$(EXECSUFFIX)
+PROGS = $(PROG_SUIDBIN) $(PROG_BIN) $(PROG_LIBEXEC)
+
+SOURCES = rsh.c kcmd.c krcmd.c rlogin.c rcp.c rcp_util.c rshd.c \
+ login.c klogin.c login_access.c su.c rlogind.c iruserok.c \
+ login_fbtab.c forkpty.c sysv_default.c sysv_environ.c sysv_shadow.c \
+ utmp_login.c utmpx_login.c stty_default.c encrypt.c rcmd_util.c tty.c
+
+rsh_OBJS = rsh.o kcmd.o krcmd.o encrypt.o rcmd_util.o
+rcp_OBJS = rcp.o rcp_util.o kcmd.o krcmd.o encrypt.o rcmd_util.o
+rlogin_OBJS = rlogin.o kcmd.o krcmd.o encrypt.o rcmd_util.o
+login_OBJS = login.o klogin.o login_fbtab.o login_access.o \
+ sysv_default.o sysv_environ.o sysv_shadow.o \
+ utmp_login.o utmpx_login.o stty_default.o tty.o
+su_OBJS = su.o
+rshd_OBJS = rshd.o iruserok.o encrypt.o rcmd_util.o
+rlogind_OBJS = rlogind.o iruserok.o forkpty.o encrypt.o rcmd_util.o tty.o
+
+
+all: $(PROGS)
+
+Wall:
+ make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+ $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $<
+
+install: all
+ $(MKINSTALLDIRS) $(libexecdir)
+ for x in $(PROG_LIBEXEC); do \
+ $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x| sed '$(transform)'`; \
+ done
+ $(MKINSTALLDIRS) $(bindir)
+ for x in $(PROG_BIN); do \
+ $(INSTALL_PROGRAM) $$x $(bindir)/`echo $$x| sed '$(transform)'`; \
+ done
+ -for x in $(PROG_SUIDBIN); do \
+ $(INSTALL_PROGRAM) -o root -m 04555 $$x $(bindir)/`echo $$x| sed '$(transform)'`; \
+ done
+
+uninstall:
+ for x in $(PROG_LIBEXEC); do \
+ rm -f $(libexecdir)/`echo $$x| sed '$(transform)'`; \
+ done
+ for x in $(PROG_BIN); do \
+ rm -f $(bindir)/`echo $$x| sed '$(transform)'`; \
+ done
+ for x in $(PROG_SUIDBIN); do \
+ rm -f $(bindir)/`echo $$x| sed '$(transform)'`; \
+ done
+
+TAGS: $(SOURCES)
+ etags $(SOURCES)
+
+check:
+
+clean:
+ rm -f *.a *.o $(PROGS)
+
+mostlyclean: clean
+
+distclean: clean
+ rm -f Makefile *.tab.c *~
+
+realclean: distclean
+ rm -f TAGS
+
+dist: $(DISTFILES)
+ for file in $(DISTFILES); do \
+ ln $$file ../`cat ../.fname`/lib \
+ || cp -p $$file ../`cat ../.fname`/lib; \
+ done
+
+KLIB=-L../../lib/krb -lkrb -L../../lib/des -ldes
+KLIB_AFS=@KRB_KAFS_LIB@ $(KLIB)
+OTPLIB=-L../../lib/otp -lotp
+LIBROKEN=-L../../lib/roken -lroken
+
+rcp$(EXECSUFFIX): $(rcp_OBJS)
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rcp_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+rsh$(EXECSUFFIX): $(rsh_OBJS)
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rsh_OBJS) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+rshd$(EXECSUFFIX): $(rshd_OBJS)
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rshd_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+rlogin$(EXECSUFFIX): $(rlogin_OBJS)
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rlogin_OBJS) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+rlogind$(EXECSUFFIX): $(rlogind_OBJS)
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rlogind_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+login$(EXECSUFFIX): $(login_OBJS)
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(login_OBJS) $(OTPLIB) $(KLIB_AFS) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
+
+su$(EXECSUFFIX): $(su_OBJS)
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(su_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN)
diff --git a/crypto/kerberosIV/appl/bsd/README.login b/crypto/kerberosIV/appl/bsd/README.login
new file mode 100644
index 0000000..c072969
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/README.login
@@ -0,0 +1,20 @@
+This login has additional functionalities. They are all based on (part of)
+Wietse Venema's logdaemon package.
+
+
+The following defines can be used:
+1) LOGIN_ACCESS to allow access control on a per tty/user combination
+2) LOGALL to log all logins
+
+-Guido
+
+This login has some of Berkeley's paranoid/broken (depending on your point
+of view) Kerberos code conditionalized out, so that by default it works like
+klogin does at MIT-LCS. You can define KLOGIN_PARANOID to re-enable this code.
+This define also controls whether a warning message is printed when logging
+into a system with no krb.conf file, which usually means that Kerberos is
+not configured.
+
+-GAWollman
+
+(removed S/Key, /assar)
diff --git a/crypto/kerberosIV/appl/bsd/bsd_locl.h b/crypto/kerberosIV/appl/bsd/bsd_locl.h
new file mode 100644
index 0000000..d0b37aa
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/bsd_locl.h
@@ -0,0 +1,380 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: bsd_locl.h,v 1.98 1997/05/25 01:14:17 assar Exp $ */
+
+#define LOGALL
+#define KERBEROS
+#define KLOGIN_PARANOID
+#define LOGIN_ACCESS
+#define PASSWD_FALLBACK
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+/* Any better way to test NO_MOTD? */
+#if (SunOS == 5) || defined(__hpux)
+#define NO_MOTD
+#endif
+
+#ifdef HAVE_SHADOW_H
+#define SYSV_SHADOW
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <setjmp.h>
+
+#include <stdarg.h>
+
+#include <errno.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
+#ifndef S_ISTXT
+#ifdef S_ISVTX
+#define S_ISTXT S_ISVTX
+#else
+#define S_ISTXT 0
+#endif
+#endif
+
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_DIRENT_H
+#include <dirent.h>
+#endif
+#include <signal.h>
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif /* HAVE_SYS_RESOURCE_H */
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+
+#ifndef NCARGS
+#define NCARGS 0x100000 /* (absolute) max # characters in exec arglist */
+#endif
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+
+#ifdef HAVE_GRP_H
+#include <grp.h>
+#endif
+#ifdef HAVE_UTIME_H
+#include <utime.h>
+#endif
+
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN_SYSTM_H
+#include <netinet/in_systm.h>
+#endif
+#ifdef HAVE_NETINET_IP_H
+#include <netinet/ip.h>
+#endif
+#ifdef HAVE_NETINET_TCP_H
+#include <netinet/tcp.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4
+#include <sys/ioctl.h>
+#endif
+#ifdef HAVE_SYS_IOCCOM_H
+#include <sys/ioccom.h>
+#endif
+
+#ifdef HAVE_SYS_SOCKIO_H
+#include <sys/sockio.h>
+#endif
+
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+
+#ifdef HAVE_SYS_FILIO_H
+#include <sys/filio.h>
+#endif
+
+#ifdef HAVE_SYS_STREAM_H
+#ifdef HAVE_SYS_UIO_H
+#include <sys/uio.h>
+#endif /* HAVE_SYS_UIO_H */
+#include <sys/stream.h>
+#endif /* HAVE_SYS_STREAM_H */
+
+#ifdef HAVE_SYS_PTYVAR_H
+#ifdef HAVE_SYS_PROC_H
+#include <sys/proc.h>
+#endif
+#ifdef HAVE_SYS_TTY_H
+#include <sys/tty.h>
+#endif
+#ifdef HAVE_SYS_PTYIO_H
+#include <sys/ptyio.h>
+#endif
+#include <sys/ptyvar.h>
+#endif /* HAVE_SYS_PTYVAR_H */
+
+/* Cray stuff */
+#ifdef HAVE_UDB_H
+#include <udb.h>
+#endif
+#ifdef HAVE_SYS_CATEGORY_H
+#include <sys/category.h>
+#endif
+
+/* Strange ioctls that are not always defined */
+
+#ifndef TIOCPKT_FLUSHWRITE
+#define TIOCPKT_FLUSHWRITE 0x02
+#endif
+
+#ifndef TIOCPKT_NOSTOP
+#define TIOCPKT_NOSTOP 0x10
+#endif
+
+#ifndef TIOCPKT_DOSTOP
+#define TIOCPKT_DOSTOP 0x20
+#endif
+
+#ifndef TIOCPKT
+#define TIOCPKT _IOW('t', 112, int) /* pty: set/clear packet mode */
+#endif
+
+#ifdef HAVE_LASTLOG_H
+#include <lastlog.h>
+#endif
+
+#ifdef HAVE_LOGIN_H
+#include <login.h>
+#endif
+
+#ifdef HAVE_TTYENT_H
+#include <ttyent.h>
+#endif
+
+#ifdef HAVE_STROPTS_H
+#include <stropts.h>
+#endif
+
+#ifdef HAVE_UTMP_H
+#include <utmp.h>
+#endif
+#ifndef UT_NAMESIZE
+#define UT_NAMESIZE sizeof(((struct utmp *)0)->ut_name)
+#endif
+
+#ifdef HAVE_UTMPX_H
+#include <utmpx.h>
+#endif
+
+#ifdef HAVE_USERPW_H
+#include <userpw.h>
+#endif /* HAVE_USERPW_H */
+
+#ifdef HAVE_USERSEC_H
+#include <usersec.h>
+#endif /* HAVE_USERSEC_H */
+
+#ifndef PRIO_PROCESS
+#define PRIO_PROCESS 0
+#endif
+
+#include <err.h>
+
+#include <roken.h>
+
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+#include <des.h>
+#include <krb.h>
+#include <kafs.h>
+
+int kcmd(int *sock, char **ahost, u_int16_t rport, char *locuser,
+ char *remuser, char *cmd, int *fd2p, KTEXT ticket,
+ char *service, char *realm, CREDENTIALS *cred,
+ Key_schedule schedule, MSG_DAT *msg_data,
+ struct sockaddr_in *laddr, struct sockaddr_in *faddr,
+ int32_t authopts);
+
+int krcmd(char **ahost, u_int16_t rport, char *remuser, char *cmd,
+ int *fd2p, char *realm);
+
+int krcmd_mutual(char **ahost, u_int16_t rport, char *remuser,
+ char *cmd,int *fd2p, char *realm,
+ CREDENTIALS *cred, Key_schedule sched);
+
+int klogin(struct passwd *pw, char *instance, char *localhost, char *password);
+
+typedef struct {
+ int cnt;
+ char *buf;
+} BUF;
+
+char *colon(char *cp);
+int okname(char *cp0);
+int susystem(char *s, int userid);
+
+int forkpty(int *amaster, char *name,
+ struct termios *termp, struct winsize *winp);
+
+#ifndef MODEMASK
+#define MODEMASK (S_ISUID|S_ISGID|S_ISTXT|S_IRWXU|S_IRWXG|S_IRWXO)
+#endif
+
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+#ifdef HAVE_MAILLOCK_H
+#include <maillock.h>
+#endif
+#include "pathnames.h"
+
+void stty_default (void);
+
+int utmpx_login(char *line, char *user, char *host);
+
+extern char **environ;
+
+void sysv_newenv(int argc, char **argv, struct passwd *pwd,
+ char *term, int pflag);
+
+int login_access(char *user, char *from);
+#ifndef HAVE_IRUSEROK
+int iruserok(u_int32_t raddr, int superuser, const char *ruser,
+ const char *luser);
+#endif
+void fatal(int f, const char *msg, int syserr);
+
+extern int LEFT_JUSTIFIED;
+int des_enc_read(int fd,char *buf,int len,des_key_schedule sched,
+ des_cblock *iv);
+int des_enc_write(int fd,char *buf,int len,des_key_schedule sched,
+ des_cblock *iv);
+
+void sysv_defaults(void);
+void utmp_login(char *tty, char *username, char *hostname);
+void sleepexit (int);
+
+#ifndef HAVE_SETPRIORITY
+#define setpriority(which, who, niceval) 0
+#endif
+
+#ifndef HAVE_GETPRIORITY
+#define getpriority(which, who) 0
+#endif
+
+#ifdef HAVE_TERMIOS_H
+#include <termios.h>
+#endif
+
+#ifndef _POSIX_VDISABLE
+#define _POSIX_VDISABLE 0
+#endif /* _POSIX_VDISABLE */
+#if SunOS == 4
+#include <sys/ttold.h>
+#endif
+
+#if defined(_AIX)
+#include <sys/termio.h>
+#endif
+
+#ifndef CEOF
+#define CEOF 04
+#endif
+
+/* concession to Sun */
+#ifndef SIGUSR1
+#define SIGUSR1 30
+#endif
+
+#ifndef TIOCPKT_WINDOW
+#define TIOCPKT_WINDOW 0x80
+#endif
+
+int get_shell_port(int kerberos, int encryption);
+int get_login_port(int kerberos, int encryption);
+int speed_t2int (speed_t);
+speed_t int2speed_t (int);
+void ip_options_and_die (int sock, struct sockaddr_in *);
+void warning(const char *fmt, ...)
+#ifdef __GNUC__
+__attribute__ ((format (printf, 1, 2)))
+#endif
+;
+
+char *clean_ttyname (char *tty);
+char *make_id (char *tty);
+void prepare_utmp (struct utmp *utmp, char *tty, char *username,
+ char *hostname);
diff --git a/crypto/kerberosIV/appl/bsd/encrypt.c b/crypto/kerberosIV/appl/bsd/encrypt.c
new file mode 100644
index 0000000..b74f329
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/encrypt.c
@@ -0,0 +1,311 @@
+/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
+ * All rights reserved.
+ *
+ * This file is part of an SSL implementation written
+ * by Eric Young (eay@mincom.oz.au).
+ * The implementation was written so as to conform with Netscapes SSL
+ * specification. This library and applications are
+ * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
+ * as long as the following conditions are aheared to.
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed. If this code is used in a product,
+ * Eric Young should be given attribution as the author of the parts used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Eric Young (eay@mincom.oz.au)
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: encrypt.c,v 1.3 1996/04/30 13:50:54 bg Exp $");
+
+#undef BSIZE
+
+/* used in des_read and des_write */
+#define MAXWRITE (1024*16)
+#define BSIZE (MAXWRITE+4)
+
+/* replacements for htonl and ntohl since I have no idea what to do
+ * when faced with machines with 8 byte longs. */
+#define HDRSIZE 4
+
+#define n2l(c,l) (l =((u_int32_t)(*((c)++)))<<24, \
+ l|=((u_int32_t)(*((c)++)))<<16, \
+ l|=((u_int32_t)(*((c)++)))<< 8, \
+ l|=((u_int32_t)(*((c)++))))
+
+#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+ *((c)++)=(unsigned char)(((l) )&0xff))
+
+/* This has some uglies in it but it works - even over sockets. */
+extern int errno;
+int des_rw_mode=DES_PCBC_MODE;
+int LEFT_JUSTIFIED = 0;
+
+int
+des_enc_read(int fd, char *buf, int len, struct des_ks_struct *sched, des_cblock *iv)
+{
+ /* data to be unencrypted */
+ int net_num=0;
+ unsigned char net[BSIZE];
+ /* extra unencrypted data
+ * for when a block of 100 comes in but is des_read one byte at
+ * a time. */
+ static char unnet[BSIZE];
+ static int unnet_start=0;
+ static int unnet_left=0;
+ int i;
+ long num=0,rnum;
+ unsigned char *p;
+
+ /* left over data from last decrypt */
+ if (unnet_left != 0)
+ {
+ if (unnet_left < len)
+ {
+ /* we still still need more data but will return
+ * with the number of bytes we have - should always
+ * check the return value */
+ memcpy(buf,&(unnet[unnet_start]),unnet_left);
+ /* eay 26/08/92 I had the next 2 lines
+ * reversed :-( */
+ i=unnet_left;
+ unnet_start=unnet_left=0;
+ }
+ else
+ {
+ memcpy(buf,&(unnet[unnet_start]),len);
+ unnet_start+=len;
+ unnet_left-=len;
+ i=len;
+ }
+ return(i);
+ }
+
+ /* We need to get more data. */
+ if (len > MAXWRITE) len=MAXWRITE;
+
+ /* first - get the length */
+ net_num=0;
+ while (net_num < HDRSIZE)
+ {
+ i=read(fd,&(net[net_num]),(unsigned int)HDRSIZE-net_num);
+ if ((i == -1) && (errno == EINTR)) continue;
+ if (i <= 0) return(0);
+ net_num+=i;
+ }
+
+ /* we now have at net_num bytes in net */
+ p=net;
+ num=0;
+ n2l(p,num);
+ /* num should be rounded up to the next group of eight
+ * we make sure that we have read a multiple of 8 bytes from the net.
+ */
+ if ((num > MAXWRITE) || (num < 0)) /* error */
+ return(-1);
+ rnum=(num < 8)?8:((num+7)/8*8);
+
+ net_num=0;
+ while (net_num < rnum)
+ {
+ i=read(fd,&(net[net_num]),(unsigned int)rnum-net_num);
+ if ((i == -1) && (errno == EINTR)) continue;
+ if (i <= 0) return(0);
+ net_num+=i;
+ }
+
+ /* Check if there will be data left over. */
+ if (len < num)
+ {
+ if (des_rw_mode & DES_PCBC_MODE)
+ des_pcbc_encrypt((des_cblock *)net,(des_cblock *)unnet,
+ num,sched,iv,DES_DECRYPT);
+ else
+ des_cbc_encrypt((des_cblock *)net,(des_cblock *)unnet,
+ num,sched,iv,DES_DECRYPT);
+ memcpy(buf,unnet,len);
+ unnet_start=len;
+ unnet_left=num-len;
+
+ /* The following line is done because we return num
+ * as the number of bytes read. */
+ num=len;
+ }
+ else
+ {
+ /* >output is a multiple of 8 byes, if len < rnum
+ * >we must be careful. The user must be aware that this
+ * >routine will write more bytes than he asked for.
+ * >The length of the buffer must be correct.
+ * FIXED - Should be ok now 18-9-90 - eay */
+ if (len < rnum)
+ {
+ char tmpbuf[BSIZE];
+
+ if (des_rw_mode & DES_PCBC_MODE)
+ des_pcbc_encrypt((des_cblock *)net,
+ (des_cblock *)tmpbuf,
+ num,sched,iv,DES_DECRYPT);
+ else
+ des_cbc_encrypt((des_cblock *)net,
+ (des_cblock *)tmpbuf,
+ num,sched,iv,DES_DECRYPT);
+
+ /* eay 26/08/92 fix a bug that returned more
+ * bytes than you asked for (returned len bytes :-( */
+ if (LEFT_JUSTIFIED || (len >= 8))
+ memcpy(buf,tmpbuf,num);
+ else
+ memcpy(buf,tmpbuf+(8-num),num); /* Right justified */
+ }
+ else if (num >= 8)
+ {
+ if (des_rw_mode & DES_PCBC_MODE)
+ des_pcbc_encrypt((des_cblock *)net,
+ (des_cblock *)buf,num,sched,iv,
+ DES_DECRYPT);
+ else
+ des_cbc_encrypt((des_cblock *)net,
+ (des_cblock *)buf,num,sched,iv,
+ DES_DECRYPT);
+ }
+ else
+ {
+ if (des_rw_mode & DES_PCBC_MODE)
+ des_pcbc_encrypt((des_cblock *)net,
+ (des_cblock *)buf,8,sched,iv,
+ DES_DECRYPT);
+ else
+ des_cbc_encrypt((des_cblock *)net,
+ (des_cblock *)buf,8,sched,iv,
+ DES_DECRYPT);
+ if (!LEFT_JUSTIFIED)
+ memcpy(buf, buf+(8-num), num); /* Right justified */
+ }
+ }
+ return(num);
+}
+
+int
+des_enc_write(int fd, char *buf, int len, struct des_ks_struct *sched, des_cblock *iv)
+{
+ long rnum;
+ int i,j,k,outnum;
+ char outbuf[BSIZE+HDRSIZE];
+ char shortbuf[8];
+ char *p;
+ static int start=1;
+
+ /* If we are sending less than 8 bytes, the same char will look
+ * the same if we don't pad it out with random bytes */
+ if (start)
+ {
+ start=0;
+ srand(time(NULL));
+ }
+
+ /* lets recurse if we want to send the data in small chunks */
+ if (len > MAXWRITE)
+ {
+ j=0;
+ for (i=0; i<len; i+=k)
+ {
+ k=des_enc_write(fd,&(buf[i]),
+ ((len-i) > MAXWRITE)?MAXWRITE:(len-i),sched,iv);
+ if (k < 0)
+ return(k);
+ else
+ j+=k;
+ }
+ return(j);
+ }
+
+ /* write length first */
+ p=outbuf;
+ l2n(len,p);
+
+ /* pad short strings */
+ if (len < 8)
+ {
+ if (LEFT_JUSTIFIED)
+ {
+ p=shortbuf;
+ memcpy(shortbuf,buf,(unsigned int)len);
+ for (i=len; i<8; i++)
+ shortbuf[i]=rand();
+ rnum=8;
+ }
+ else
+ {
+ p=shortbuf;
+ for (i=0; i<8-len; i++)
+ shortbuf[i]=rand();
+ memcpy(shortbuf + 8 - len, buf, len);
+ rnum=8;
+ }
+ }
+ else
+ {
+ p=buf;
+ rnum=((len+7)/8*8); /* round up to nearest eight */
+ }
+
+ if (des_rw_mode & DES_PCBC_MODE)
+ des_pcbc_encrypt((des_cblock *)p,(des_cblock *)&(outbuf[HDRSIZE]),
+ (long)((len<8)?8:len),sched,iv,DES_ENCRYPT);
+ else
+ des_cbc_encrypt((des_cblock *)p,(des_cblock *)&(outbuf[HDRSIZE]),
+ (long)((len<8)?8:len),sched,iv,DES_ENCRYPT);
+
+ /* output */
+ outnum=rnum+HDRSIZE;
+
+ for (j=0; j<outnum; j+=i)
+ {
+ /* eay 26/08/92 I was not doing writing from where we
+ * got upto. */
+ i=write(fd,&(outbuf[j]),(unsigned int)(outnum-j));
+ if (i == -1)
+ {
+ if (errno == EINTR)
+ i=0;
+ else /* This is really a bad error - very bad
+ * It will stuff-up both ends. */
+ return(-1);
+ }
+ }
+
+ return(len);
+}
diff --git a/crypto/kerberosIV/appl/bsd/forkpty.c b/crypto/kerberosIV/appl/bsd/forkpty.c
new file mode 100644
index 0000000..5c0aaaf
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/forkpty.c
@@ -0,0 +1,461 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+#ifndef HAVE_FORKPTY
+
+RCSID("$Id: forkpty.c,v 1.52 1997/05/25 07:37:01 assar Exp $");
+
+/* Only CRAY is known to have problems with forkpty(). */
+#if defined(CRAY)
+static int forkpty_ok = 0;
+#else
+static int forkpty_ok = 1;
+#endif
+
+#ifndef HAVE_PTSNAME
+static char *ptsname(int fd)
+{
+#ifdef HAVE_TTYNAME
+ return ttyname(fd);
+#else
+ return NULL;
+#endif
+}
+#endif
+
+#ifndef HAVE_GRANTPT
+#define grantpt(fdm) (0)
+#endif
+
+#ifndef HAVE_UNLOCKPT
+#define unlockpt(fdm) (0)
+#endif
+
+#ifndef HAVE_VHANGUP
+#define vhangup() (0)
+#endif
+
+#ifndef HAVE_REVOKE
+static
+void
+revoke(char *line)
+{
+ int slave;
+ RETSIGTYPE (*ofun)();
+
+ if ( (slave = open(line, O_RDWR)) < 0)
+ return;
+
+ ofun = signal(SIGHUP, SIG_IGN);
+ vhangup();
+ signal(SIGHUP, ofun);
+ /*
+ * Some systems (atleast SunOS4) want to have the slave end open
+ * at all times to prevent a race in the child. Login will close
+ * it so it should really not be a problem. However for the
+ * paranoid we use the close on exec flag so it will only be open
+ * in the parent. Additionally since this will be the controlling
+ * tty of rlogind the final vhangup() in rlogind should hangup all
+ * processes. A working revoke would of course have been prefered
+ * though (sigh).
+ */
+ fcntl(slave, F_SETFD, 1);
+ /* close(slave); */
+}
+#endif
+
+
+static int pty_major, pty_minor;
+
+static void
+pty_scan_start(void)
+{
+ pty_major = -1;
+ pty_minor = 0;
+}
+
+static char *bsd_1 = "0123456789abcdefghijklmnopqrstuv";
+/* there are many more */
+static char *bsd_2 = "pqrstuvwxyzabcdefghijklmnoABCDEFGHIJKLMNOPQRSTUVWXYZ";
+
+static int
+pty_scan_next(char *buf, size_t sz)
+{
+#ifdef CRAY
+ if(++pty_major >= sysconf(_SC_CRAY_NPTY))
+ return -1;
+ snprintf(buf, sz, "/dev/pty/%03d", pty_major);
+#else
+ if(++pty_major == strlen(bsd_1)){
+ pty_major = 0;
+ if(++pty_minor == strlen(bsd_2))
+ return -1;
+ }
+#ifdef __hpux
+ snprintf(buf, sz, "/dev/ptym/pty%c%c", bsd_2[pty_major], bsd_1[pty_minor]);
+#else
+ snprintf(buf, sz, "/dev/pty%c%c", bsd_2[pty_major], bsd_1[pty_minor]);
+#endif /* __hpux */
+#endif /* CRAY */
+ return 0;
+}
+
+static void
+pty_scan_tty(char *buf, size_t sz)
+{
+#ifdef CRAY
+ snprintf(buf, sz, "/dev/ttyp%03d", pty_major);
+#elif defined(__hpux)
+ snprintf(buf, sz, "/dev/pty/tty%c%c", bsd_2[pty_major], bsd_1[pty_minor]);
+#else
+ snprintf(buf, sz, "/dev/tty%c%c", bsd_2[pty_major], bsd_1[pty_minor]);
+#endif
+}
+
+static int
+ptym_open_streams_flavor(char *pts_name, int *streams_pty)
+{
+ /* Try clone device master ptys */
+ const char *const clone[] = { "/dev/ptc", "/dev/ptmx",
+ "/dev/ptm", "/dev/ptym/clone", 0 };
+ int fdm;
+ const char *const *q;
+
+ for (q = clone; *q; q++) {
+ fdm = open(*q, O_RDWR);
+ if (fdm >= 0)
+ break;
+ }
+ if (fdm >= 0) {
+ char *ptr1;
+ if ((ptr1 = ptsname(fdm)) != NULL) /* Get slave's name */
+ strcpy(pts_name, ptr1); /* Return name of slave */
+ else {
+ close(fdm);
+ return(-4);
+ }
+ if (grantpt(fdm) < 0) { /* Grant access to slave */
+ close(fdm);
+ return(-2);
+ }
+ if (unlockpt(fdm) < 0) { /* Clear slave's lock flag */
+ close(fdm);
+ return(-3);
+ }
+ return(fdm); /* return fd of master */
+ }
+ return -1;
+}
+
+static int
+ptym_open_bsd_flavor(char *pts_name, int *streams_pty)
+{
+ int fdm;
+ char ptm[MaxPathLen];
+
+ pty_scan_start();
+
+ while (pty_scan_next(ptm, sizeof(ptm)) != -1) {
+ fdm = open(ptm, O_RDWR);
+ if (fdm < 0)
+ continue;
+#if SunOS == 4
+ /* Avoid a bug in SunOS4 ttydriver */
+ if (fdm > 0) {
+ int pgrp;
+ if ((ioctl(fdm, TIOCGPGRP, &pgrp) == -1)
+ && (errno == EIO))
+ /* All fine */;
+ else {
+ close(fdm);
+ continue;
+ }
+ }
+#endif
+ pty_scan_tty(pts_name, sizeof(ptm));
+#if CRAY
+ /* this is some magic from the telnet code */
+ {
+ struct stat sb;
+ if(stat(pts_name, &sb) < 0) {
+ close(fdm);
+ continue;
+ }
+ if(sb.st_uid || sb.st_gid || sb.st_mode != 0600) {
+ chown(pts_name, 0, 0);
+ chmod(pts_name, 0600);
+ close(fdm);
+ fdm = open(ptm, 2);
+ if (fdm < 0)
+ continue;
+ }
+ }
+ /*
+ * Now it should be safe...check for accessability.
+ */
+ if (access(pts_name, 6) != 0){
+ /* no tty side to pty so skip it */
+ close(fdm);
+ continue;
+ }
+#endif
+ return fdm; /* All done! */
+ }
+
+ /* We failed to find BSD style pty */
+ errno = ENOENT;
+ return -1;
+}
+
+/*
+ *
+ * Open a master pty either using the STREAM flavor or the BSD flavor.
+ * Depending on if there are any free ptys in the different classes we
+ * need to try both. Normally try STREAMS first and then BSD.
+ *
+ * Kludge alert: Under HP-UX 10 and perhaps other systems STREAM ptys
+ * doesn't get initialized properly so we try them in different order
+ * until the problem has been resolved.
+ *
+ */
+static int
+ptym_open(char *pts_name, size_t pts_name_sz, int *streams_pty)
+{
+ int fdm;
+
+#ifdef HAVE__GETPTY
+ {
+ char *p = _getpty(&fdm, O_RDWR, 0600, 1);
+ if (p) {
+ *streams_pty = 1;
+ strcpy (pts_name, p);
+ return fdm;
+ }
+ }
+#endif
+
+#ifdef STREAMSPTY
+ fdm = ptym_open_streams_flavor(pts_name, streams_pty);
+ if (fdm >= 0)
+ {
+ *streams_pty = 1;
+ return fdm;
+ }
+#endif
+
+ fdm = ptym_open_bsd_flavor(pts_name, streams_pty);
+ if (fdm >= 0)
+ {
+ *streams_pty = 0;
+ return fdm;
+ }
+
+#ifndef STREAMSPTY
+ fdm = ptym_open_streams_flavor(pts_name, streams_pty);
+ if (fdm >= 0)
+ {
+ *streams_pty = 1;
+ return fdm;
+ }
+#endif
+
+ return -1;
+}
+
+static int
+maybe_push_modules(int fd, char **modules)
+{
+#ifdef I_PUSH
+ char **p;
+ int err;
+
+ for(p=modules; *p; p++){
+ err=ioctl(fd, I_FIND, *p);
+ if(err == 1)
+ break;
+ if(err < 0 && errno != EINVAL)
+ return -17;
+ /* module not pushed or does not exist */
+ }
+ /* p points to null or to an already pushed module, now push all
+ modules before this one */
+
+ for(p--; p >= modules; p--){
+ err = ioctl(fd, I_PUSH, *p);
+ if(err < 0 && errno != EINVAL)
+ return -17;
+ }
+#endif
+ return 0;
+}
+
+static int
+ptys_open(int fdm, char *pts_name, int streams_pty)
+{
+ int fds;
+
+ if (streams_pty) {
+ /* Streams style slave ptys */
+ if ( (fds = open(pts_name, O_RDWR)) < 0) {
+ close(fdm);
+ return(-5);
+ }
+
+ {
+ char *ttymodules[] = { "ttcompat", "ldterm", "ptem", NULL };
+ char *ptymodules[] = { "pckt", NULL };
+
+ if(maybe_push_modules(fds, ttymodules)<0){
+ close(fdm);
+ close(fds);
+ return -6;
+ }
+ if(maybe_push_modules(fdm, ptymodules)<0){
+ close(fdm);
+ close(fds);
+ return -7;
+ }
+ }
+ } else {
+ /* BSD style slave ptys */
+ struct group *grptr;
+ int gid;
+ if ( (grptr = getgrnam("tty")) != NULL)
+ gid = grptr->gr_gid;
+ else
+ gid = -1; /* group tty is not in the group file */
+
+ /* Grant access to slave */
+ chown(pts_name, getuid(), gid);
+ chmod(pts_name, S_IRUSR | S_IWUSR | S_IWGRP);
+
+ if ( (fds = open(pts_name, O_RDWR)) < 0) {
+ close(fdm);
+ return(-1);
+ }
+ }
+ return(fds);
+}
+
+int
+forkpty(int *ptrfdm,
+ char *slave_name,
+ struct termios *slave_termios,
+ struct winsize *slave_winsize)
+{
+ int fdm, fds, streams_pty;
+ pid_t pid;
+ char pts_name[20];
+
+ if (!forkpty_ok)
+ fatal(0, "Protocol not yet supported, use telnet", 0);
+
+ if ( (fdm = ptym_open(pts_name, sizeof(pts_name), &streams_pty)) < 0)
+ return -1;
+
+ if (slave_name != NULL)
+ strcpy(slave_name, pts_name); /* Return name of slave */
+
+ pid = fork();
+ if (pid < 0)
+ return(-1);
+ else if (pid == 0) { /* Child */
+ if (setsid() < 0)
+ fatal(0, "setsid() failure", errno);
+
+ revoke(slave_name);
+
+#if defined(NeXT) || defined(ultrix)
+ /* The NeXT is severely broken, this makes things slightly
+ * better but we still doesn't get a working pty. If there
+ * where a TIOCSCTTY we could perhaps fix things but... The
+ * same problem also exists in xterm! */
+ if (setpgrp(0, 0) < 0)
+ fatal(0, "NeXT kludge failed setpgrp", errno);
+#endif
+
+ /* SVR4 acquires controlling terminal on open() */
+ if ( (fds = ptys_open(fdm, pts_name, streams_pty)) < 0)
+ return -1;
+ close(fdm); /* All done with master in child */
+
+#if defined(TIOCSCTTY) && !defined(CIBAUD) && !defined(__hpux)
+ /* 44BSD way to acquire controlling terminal */
+ /* !CIBAUD to avoid doing this under SunOS */
+ if (ioctl(fds, TIOCSCTTY, (char *) 0) < 0)
+ return -1;
+#endif
+#if defined(NeXT)
+ {
+ int t = open("/dev/tty", O_RDWR);
+ if (t < 0)
+ fatal(0, "Failed to open /dev/tty", errno);
+ close(fds);
+ fds = t;
+ }
+#endif
+ /* Set slave's termios and window size */
+ if (slave_termios != NULL) {
+ if (tcsetattr(fds, TCSANOW, slave_termios) < 0)
+ return -1;
+ }
+#ifdef TIOCSWINSZ
+ if (slave_winsize != NULL) {
+ if (ioctl(fds, TIOCSWINSZ, slave_winsize) < 0)
+ return -1;
+ }
+#endif
+ /* slave becomes stdin/stdout/stderr of child */
+ if (dup2(fds, STDIN_FILENO) != STDIN_FILENO)
+ return -1;
+ if (dup2(fds, STDOUT_FILENO) != STDOUT_FILENO)
+ return -1;
+ if (dup2(fds, STDERR_FILENO) != STDERR_FILENO)
+ return -1;
+ if (fds > STDERR_FILENO)
+ close(fds);
+ return(0); /* child returns 0 just like fork() */
+ }
+ else { /* Parent */
+ *ptrfdm = fdm; /* Return fd of master */
+ return(pid); /* Parent returns pid of child */
+ }
+}
+#endif /* HAVE_FORKPTY */
diff --git a/crypto/kerberosIV/appl/bsd/iruserok.c b/crypto/kerberosIV/appl/bsd/iruserok.c
new file mode 100644
index 0000000..8349d85
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/iruserok.c
@@ -0,0 +1,279 @@
+/*
+ * Copyright (c) 1983, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: iruserok.c,v 1.15 1997/03/23 04:54:00 assar Exp $");
+
+#ifndef HAVE_IRUSEROK
+
+int __check_rhosts_file = 1;
+char *__rcmd_errstr = 0;
+
+/*
+ * Returns "true" if match, 0 if no match.
+ */
+static
+int
+__icheckhost(u_int32_t raddr, const char *lhost)
+{
+ struct hostent *hp;
+ u_long laddr;
+ char **pp;
+
+ /* Try for raw ip address first. */
+ if (isdigit(*lhost) && (long)(laddr = inet_addr(lhost)) != -1)
+ return (raddr == laddr);
+
+ /* Better be a hostname. */
+ if ((hp = gethostbyname(lhost)) == NULL)
+ return (0);
+
+ /* Spin through ip addresses. */
+ for (pp = hp->h_addr_list; *pp; ++pp)
+ if (memcmp(&raddr, *pp, sizeof(u_long)) == 0)
+ return (1);
+
+ /* No match. */
+ return (0);
+}
+
+#ifndef HAVE_INNETGR
+static int
+innetgr(const char *netgroup, const char *machine,
+ const char *user, const char *domain)
+{
+ return 0;
+}
+#endif
+
+/*
+ * Returns 0 if ok, -1 if not ok.
+ */
+static
+int
+__ivaliduser(FILE *hostf, u_int32_t raddr, const char *luser,
+ const char *ruser)
+{
+ char *user, *p;
+ int ch;
+ char buf[MaxHostNameLen + 128]; /* host + login */
+ char hname[MaxHostNameLen];
+ struct hostent *hp;
+ /* Presumed guilty until proven innocent. */
+ int userok = 0, hostok = 0;
+#ifdef HAVE_YP_GET_DEFAULT_DOMAIN
+ char *ypdomain;
+
+ if (yp_get_default_domain(&ypdomain))
+ ypdomain = NULL;
+#else
+#define ypdomain NULL
+#endif
+ /* We need to get the damn hostname back for netgroup matching. */
+ if ((hp = gethostbyaddr((char *)&raddr,
+ sizeof(u_long),
+ AF_INET)) == NULL)
+ return (-1);
+ strncpy(hname, hp->h_name, sizeof(hname));
+ hname[sizeof(hname) - 1] = '\0';
+
+ while (fgets(buf, sizeof(buf), hostf)) {
+ p = buf;
+ /* Skip lines that are too long. */
+ if (strchr(p, '\n') == NULL) {
+ while ((ch = getc(hostf)) != '\n' && ch != EOF);
+ continue;
+ }
+ if (*p == '\n' || *p == '#') {
+ /* comment... */
+ continue;
+ }
+ while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') {
+ *p = isupper(*p) ? tolower(*p) : *p;
+ p++;
+ }
+ if (*p == ' ' || *p == '\t') {
+ *p++ = '\0';
+ while (*p == ' ' || *p == '\t')
+ p++;
+ user = p;
+ while (*p != '\n' && *p != ' ' &&
+ *p != '\t' && *p != '\0')
+ p++;
+ } else
+ user = p;
+ *p = '\0';
+ /*
+ * Do +/- and +@/-@ checking. This looks really nasty,
+ * but it matches SunOS's behavior so far as I can tell.
+ */
+ switch(buf[0]) {
+ case '+':
+ if (!buf[1]) { /* '+' matches all hosts */
+ hostok = 1;
+ break;
+ }
+ if (buf[1] == '@') /* match a host by netgroup */
+ hostok = innetgr((char *)&buf[2],
+ (char *)&hname, NULL, ypdomain);
+ else /* match a host by addr */
+ hostok = __icheckhost(raddr,(char *)&buf[1]);
+ break;
+ case '-': /* reject '-' hosts and all their users */
+ if (buf[1] == '@') {
+ if (innetgr((char *)&buf[2],
+ (char *)&hname, NULL, ypdomain))
+ return(-1);
+ } else {
+ if (__icheckhost(raddr,(char *)&buf[1]))
+ return(-1);
+ }
+ break;
+ default: /* if no '+' or '-', do a simple match */
+ hostok = __icheckhost(raddr, buf);
+ break;
+ }
+ switch(*user) {
+ case '+':
+ if (!*(user+1)) { /* '+' matches all users */
+ userok = 1;
+ break;
+ }
+ if (*(user+1) == '@') /* match a user by netgroup */
+ userok = innetgr(user+2, NULL, (char *)ruser,
+ ypdomain);
+ else /* match a user by direct specification */
+ userok = !(strcmp(ruser, user+1));
+ break;
+ case '-': /* if we matched a hostname, */
+ if (hostok) { /* check for user field rejections */
+ if (!*(user+1))
+ return(-1);
+ if (*(user+1) == '@') {
+ if (innetgr(user+2, NULL,
+ (char *)ruser, ypdomain))
+ return(-1);
+ } else {
+ if (!strcmp(ruser, user+1))
+ return(-1);
+ }
+ }
+ break;
+ default: /* no rejections: try to match the user */
+ if (hostok)
+ userok = !(strcmp(ruser,*user ? user : luser));
+ break;
+ }
+ if (hostok && userok)
+ return(0);
+ }
+ return (-1);
+}
+
+/*
+ * New .rhosts strategy: We are passed an ip address. We spin through
+ * hosts.equiv and .rhosts looking for a match. When the .rhosts only
+ * has ip addresses, we don't have to trust a nameserver. When it
+ * contains hostnames, we spin through the list of addresses the nameserver
+ * gives us and look for a match.
+ *
+ * Returns 0 if ok, -1 if not ok.
+ */
+int
+iruserok(u_int32_t raddr, int superuser, const char *ruser, const char *luser)
+{
+ char *cp;
+ struct stat sbuf;
+ struct passwd *pwd;
+ FILE *hostf;
+ uid_t uid;
+ int first;
+ char pbuf[MaxPathLen];
+
+ first = 1;
+ hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r");
+again:
+ if (hostf) {
+ if (__ivaliduser(hostf, raddr, luser, ruser) == 0) {
+ fclose(hostf);
+ return (0);
+ }
+ fclose(hostf);
+ }
+ if (first == 1 && (__check_rhosts_file || superuser)) {
+ first = 0;
+ if ((pwd = k_getpwnam((char*)luser)) == NULL)
+ return (-1);
+ strcpy(pbuf, pwd->pw_dir);
+ strcat(pbuf, "/.rhosts");
+
+ /*
+ * Change effective uid while opening .rhosts. If root and
+ * reading an NFS mounted file system, can't read files that
+ * are protected read/write owner only.
+ */
+ uid = geteuid();
+ seteuid(pwd->pw_uid);
+ hostf = fopen(pbuf, "r");
+ seteuid(uid);
+
+ if (hostf == NULL)
+ return (-1);
+ /*
+ * If not a regular file, or is owned by someone other than
+ * user or root or if writeable by anyone but the owner, quit.
+ */
+ cp = NULL;
+ if (lstat(pbuf, &sbuf) < 0)
+ cp = ".rhosts lstat failed";
+ else if (!S_ISREG(sbuf.st_mode))
+ cp = ".rhosts not regular file";
+ else if (fstat(fileno(hostf), &sbuf) < 0)
+ cp = ".rhosts fstat failed";
+ else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid)
+ cp = "bad .rhosts owner";
+ else if (sbuf.st_mode & (S_IWGRP|S_IWOTH))
+ cp = ".rhosts writeable by other than owner";
+ /* If there were any problems, quit. */
+ if (cp) {
+ __rcmd_errstr = cp;
+ fclose(hostf);
+ return (-1);
+ }
+ goto again;
+ }
+ return (-1);
+}
+
+#endif /* !HAVE_IRUSEROK */
diff --git a/crypto/kerberosIV/appl/bsd/kcmd.c b/crypto/kerberosIV/appl/bsd/kcmd.c
new file mode 100644
index 0000000..9fa7ab2
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/kcmd.c
@@ -0,0 +1,270 @@
+/*
+ * Copyright (c) 1983, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: kcmd.c,v 1.19 1997/05/02 14:27:42 assar Exp $");
+
+#define START_PORT 5120 /* arbitrary */
+
+static int
+getport(int *alport)
+{
+ struct sockaddr_in sin;
+ int s;
+
+ sin.sin_family = AF_INET;
+ sin.sin_addr.s_addr = INADDR_ANY;
+ s = socket(AF_INET, SOCK_STREAM, 0);
+ if (s < 0)
+ return (-1);
+ for (;;) {
+ sin.sin_port = htons((u_short)*alport);
+ if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
+ return (s);
+ if (errno != EADDRINUSE) {
+ close(s);
+ return (-1);
+ }
+ (*alport)--;
+#ifdef ATHENA_COMPAT
+ if (*alport == IPPORT_RESERVED/2) {
+#else
+ if (*alport == IPPORT_RESERVED) {
+#endif
+ close(s);
+ errno = EAGAIN; /* close */
+ return (-1);
+ }
+ }
+}
+
+int
+kcmd(int *sock,
+ char **ahost,
+ u_int16_t rport,
+ char *locuser,
+ char *remuser,
+ char *cmd,
+ int *fd2p,
+ KTEXT ticket,
+ char *service,
+ char *realm,
+ CREDENTIALS *cred,
+ Key_schedule schedule,
+ MSG_DAT *msg_data,
+ struct sockaddr_in *laddr,
+ struct sockaddr_in *faddr,
+ int32_t authopts)
+{
+ int s, timo = 1;
+ pid_t pid;
+ struct sockaddr_in sin, from;
+ char c;
+#ifdef ATHENA_COMPAT
+ int lport = IPPORT_RESERVED - 1;
+#else
+ int lport = START_PORT;
+#endif
+ struct hostent *hp;
+ int rc;
+ char *host_save;
+ int status;
+
+ pid = getpid();
+ hp = gethostbyname(*ahost);
+ if (hp == NULL) {
+ /* fprintf(stderr, "%s: unknown host\n", *ahost); */
+ return (-1);
+ }
+
+ host_save = strdup(hp->h_name);
+ if (host_save == NULL)
+ return -1;
+ *ahost = host_save;
+
+ /* If realm is null, look up from table */
+ if (realm == NULL || realm[0] == '\0')
+ realm = krb_realmofhost(host_save);
+
+ for (;;) {
+ s = getport(&lport);
+ if (s < 0) {
+ if (errno == EAGAIN)
+ warnx("kcmd(socket): All ports in use\n");
+ else
+ warn("kcmd: socket");
+ return (-1);
+ }
+ sin.sin_family = hp->h_addrtype;
+ memcpy (&sin.sin_addr, hp->h_addr, sizeof(sin.sin_addr));
+ sin.sin_port = rport;
+ if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
+ break;
+ close(s);
+ if (errno == EADDRINUSE) {
+ lport--;
+ continue;
+ }
+ /*
+ * don't wait very long for Kerberos rcmd.
+ */
+ if (errno == ECONNREFUSED && timo <= 4) {
+ /* sleep(timo); don't wait at all here */
+ timo *= 2;
+ continue;
+ }
+ if (hp->h_addr_list[1] != NULL) {
+ warn ("kcmd: connect (%s)",
+ inet_ntoa(sin.sin_addr));
+ hp->h_addr_list++;
+ memcpy(&sin.sin_addr,
+ hp->h_addr_list[0],
+ sizeof(sin.sin_addr));
+ fprintf(stderr, "Trying %s...\n",
+ inet_ntoa(sin.sin_addr));
+ continue;
+ }
+ if (errno != ECONNREFUSED)
+ warn ("connect(%s)", hp->h_name);
+ return (-1);
+ }
+ lport--;
+ if (fd2p == 0) {
+ write(s, "", 1);
+ lport = 0;
+ } else {
+ char num[8];
+ int s2 = getport(&lport), s3;
+ int len = sizeof(from);
+
+ if (s2 < 0) {
+ status = -1;
+ goto bad;
+ }
+ listen(s2, 1);
+ snprintf(num, sizeof(num), "%d", lport);
+ if (write(s, num, strlen(num) + 1) != strlen(num) + 1) {
+ warn("kcmd(write): setting up stderr");
+ close(s2);
+ status = -1;
+ goto bad;
+ }
+ {
+ fd_set fds;
+ FD_ZERO(&fds);
+ FD_SET(s, &fds);
+ FD_SET(s2, &fds);
+ status = select(FD_SETSIZE, &fds, NULL, NULL, NULL);
+ if(FD_ISSET(s, &fds)){
+ warnx("kcmd: connection unexpectedly closed.");
+ close(s2);
+ status = -1;
+ goto bad;
+ }
+ }
+ s3 = accept(s2, (struct sockaddr *)&from, &len);
+ close(s2);
+ if (s3 < 0) {
+ warn ("kcmd: accept");
+ lport = 0;
+ status = -1;
+ goto bad;
+ }
+
+ *fd2p = s3;
+ from.sin_port = ntohs((u_short)from.sin_port);
+ if (from.sin_family != AF_INET ||
+ from.sin_port >= IPPORT_RESERVED) {
+ warnx("kcmd(socket): "
+ "protocol failure in circuit setup.");
+ status = -1;
+ goto bad2;
+ }
+ }
+ /*
+ * Kerberos-authenticated service. Don't have to send locuser,
+ * since its already in the ticket, and we'll extract it on
+ * the other side.
+ */
+ /* write(s, locuser, strlen(locuser)+1); */
+
+ /* set up the needed stuff for mutual auth, but only if necessary */
+ if (authopts & KOPT_DO_MUTUAL) {
+ int sin_len;
+ *faddr = sin;
+
+ sin_len = sizeof(struct sockaddr_in);
+ if (getsockname(s, (struct sockaddr *)laddr, &sin_len) < 0) {
+ warn("kcmd(getsockname)");
+ status = -1;
+ goto bad2;
+ }
+ }
+ if ((status = krb_sendauth(authopts, s, ticket, service, *ahost,
+ realm, (unsigned long) getpid(), msg_data,
+ cred, schedule,
+ laddr,
+ faddr,
+ "KCMDV0.1")) != KSUCCESS)
+ goto bad2;
+
+ write(s, remuser, strlen(remuser)+1);
+ write(s, cmd, strlen(cmd)+1);
+
+ if ((rc = read(s, &c, 1)) != 1) {
+ if (rc == -1)
+ warn("read(%s)", *ahost);
+ else
+ warnx("kcmd: bad connection with remote host");
+ status = -1;
+ goto bad2;
+ }
+ if (c != '\0') {
+ while (read(s, &c, 1) == 1) {
+ write(2, &c, 1);
+ if (c == '\n')
+ break;
+ }
+ status = -1;
+ goto bad2;
+ }
+ *sock = s;
+ return (KSUCCESS);
+bad2:
+ if (lport)
+ close(*fd2p);
+bad:
+ close(s);
+ return (status);
+}
diff --git a/crypto/kerberosIV/appl/bsd/klogin.c b/crypto/kerberosIV/appl/bsd/klogin.c
new file mode 100644
index 0000000..321da64
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/klogin.c
@@ -0,0 +1,184 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: klogin.c,v 1.20 1997/05/02 14:27:42 assar Exp $");
+
+#ifdef KERBEROS
+
+#define VERIFY_SERVICE "rcmd"
+
+extern int notickets;
+extern char *krbtkfile_env;
+
+static char tkt_location[MaxPathLen];
+
+/*
+ * Attempt to log the user in using Kerberos authentication
+ *
+ * return 0 on success (will be logged in)
+ * 1 if Kerberos failed (try local password in login)
+ */
+int
+klogin(struct passwd *pw, char *instance, char *localhost, char *password)
+{
+ int kerror;
+ AUTH_DAT authdata;
+ KTEXT_ST ticket;
+ struct hostent *hp;
+ u_int32_t faddr;
+ char realm[REALM_SZ], savehost[MaxHostNameLen];
+ extern int noticketsdontcomplain;
+
+#ifdef KLOGIN_PARANOID
+ noticketsdontcomplain = 0; /* enable warning message */
+#endif
+ /*
+ * Root logins don't use Kerberos.
+ * If we have a realm, try getting a ticket-granting ticket
+ * and using it to authenticate. Otherwise, return
+ * failure so that we can try the normal passwd file
+ * for a password. If that's ok, log the user in
+ * without issuing any tickets.
+ */
+ if (strcmp(pw->pw_name, "root") == 0 ||
+ krb_get_lrealm(realm, 0) != KSUCCESS)
+ return (1);
+
+ noticketsdontcomplain = 0; /* enable warning message */
+
+ /*
+ * get TGT for local realm
+ * tickets are stored in a file named TKT_ROOT plus uid
+ * except for user.root tickets.
+ */
+
+ if (strcmp(instance, "root") != 0)
+ snprintf(tkt_location, sizeof(tkt_location),
+ "%s%u_%u",
+ TKT_ROOT, (unsigned)pw->pw_uid, (unsigned)getpid());
+ else {
+ snprintf(tkt_location, sizeof(tkt_location),
+ "%s_root_%d", TKT_ROOT,
+ (unsigned)pw->pw_uid);
+ }
+ krbtkfile_env = tkt_location;
+ krb_set_tkt_string(tkt_location);
+
+ kerror = krb_get_pw_in_tkt(pw->pw_name, instance,
+ realm, KRB_TICKET_GRANTING_TICKET, realm,
+ DEFAULT_TKT_LIFE, password);
+
+ /*
+ * If we got a TGT, get a local "rcmd" ticket and check it so as to
+ * ensure that we are not talking to a bogus Kerberos server.
+ *
+ * There are 2 cases where we still allow a login:
+ * 1: the VERIFY_SERVICE doesn't exist in the KDC
+ * 2: local host has no srvtab, as (hopefully) indicated by a
+ * return value of RD_AP_UNDEC from krb_rd_req().
+ */
+ if (kerror != INTK_OK) {
+ if (kerror != INTK_BADPW && kerror != KDC_PR_UNKNOWN) {
+ syslog(LOG_ERR, "Kerberos intkt error: %s",
+ krb_get_err_text(kerror));
+ dest_tkt();
+ }
+ return (1);
+ }
+
+ if (chown(TKT_FILE, pw->pw_uid, pw->pw_gid) < 0)
+ syslog(LOG_ERR, "chown tkfile (%s): %m", TKT_FILE);
+
+ strncpy(savehost, krb_get_phost(localhost), sizeof(savehost));
+ savehost[sizeof(savehost)-1] = '\0';
+
+#ifdef KLOGIN_PARANOID
+ /*
+ * if the "VERIFY_SERVICE" doesn't exist in the KDC for this host,
+ * don't allow kerberos login, also log the error condition.
+ */
+
+ kerror = krb_mk_req(&ticket, VERIFY_SERVICE, savehost, realm, 33);
+ if (kerror == KDC_PR_UNKNOWN) {
+ syslog(LOG_NOTICE,
+ "warning: TGT not verified (%s); %s.%s not registered, or srvtab is wrong?",
+ krb_get_err_text(kerror), VERIFY_SERVICE, savehost);
+ notickets = 0;
+ return (1);
+ }
+
+ if (kerror != KSUCCESS) {
+ warnx("unable to use TGT: (%s)", krb_get_err_text(kerror));
+ syslog(LOG_NOTICE, "unable to use TGT: (%s)",
+ krb_get_err_text(kerror));
+ dest_tkt();
+ return (1);
+ }
+
+ if (!(hp = gethostbyname(localhost))) {
+ syslog(LOG_ERR, "couldn't get local host address");
+ dest_tkt();
+ return (1);
+ }
+
+ memcpy(&faddr, hp->h_addr, sizeof(faddr));
+
+ kerror = krb_rd_req(&ticket, VERIFY_SERVICE, savehost, faddr,
+ &authdata, "");
+
+ if (kerror == KSUCCESS) {
+ notickets = 0;
+ return (0);
+ }
+
+ /* undecipherable: probably didn't have a srvtab on the local host */
+ if (kerror == RD_AP_UNDEC) {
+ syslog(LOG_NOTICE, "krb_rd_req: (%s)\n", krb_get_err_text(kerror));
+ dest_tkt();
+ return (1);
+ }
+ /* failed for some other reason */
+ warnx("unable to verify %s ticket: (%s)", VERIFY_SERVICE,
+ krb_get_err_text(kerror));
+ syslog(LOG_NOTICE, "couldn't verify %s ticket: %s", VERIFY_SERVICE,
+ krb_get_err_text(kerror));
+ dest_tkt();
+ return (1);
+#else
+ notickets = 0;
+ return (0);
+#endif
+}
+#endif
diff --git a/crypto/kerberosIV/appl/bsd/krcmd.c b/crypto/kerberosIV/appl/bsd/krcmd.c
new file mode 100644
index 0000000..8c3c6f3
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/krcmd.c
@@ -0,0 +1,117 @@
+/*
+ * Copyright (c) 1989, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: krcmd.c,v 1.10 1997/03/30 18:20:18 joda Exp $");
+
+#define SERVICE_NAME "rcmd"
+
+/*
+ * krcmd: simplified version of Athena's "kcmd"
+ * returns a socket attached to the destination, -1 or krb error on error
+ * if fd2p is non-NULL, another socket is filled in for it
+ */
+
+int
+krcmd(char **ahost, u_short rport, char *remuser, char *cmd, int *fd2p, char *realm)
+{
+ int sock = -1, err = 0;
+ KTEXT_ST ticket;
+ long authopts = 0L;
+
+ err = kcmd(
+ &sock,
+ ahost,
+ rport,
+ NULL, /* locuser not used */
+ remuser,
+ cmd,
+ fd2p,
+ &ticket,
+ SERVICE_NAME,
+ realm,
+ (CREDENTIALS *) NULL, /* credentials not used */
+ 0, /* key schedule not used */
+ (MSG_DAT *) NULL, /* MSG_DAT not used */
+ (struct sockaddr_in *) NULL, /* local addr not used */
+ (struct sockaddr_in *) NULL, /* foreign addr not used */
+ authopts
+ );
+
+ if (err > KSUCCESS && err < MAX_KRB_ERRORS) {
+ warning("krcmd: %s", krb_get_err_text(err));
+ return(-1);
+ }
+ if (err < 0)
+ return(-1);
+ return(sock);
+}
+
+int
+krcmd_mutual(char **ahost, u_short rport, char *remuser, char *cmd, int *fd2p, char *realm, CREDENTIALS *cred, Key_schedule sched)
+{
+ int sock, err;
+ KTEXT_ST ticket;
+ MSG_DAT msg_dat;
+ struct sockaddr_in laddr, faddr;
+ long authopts = KOPT_DO_MUTUAL;
+
+ err = kcmd(
+ &sock,
+ ahost,
+ rport,
+ NULL, /* locuser not used */
+ remuser,
+ cmd,
+ fd2p,
+ &ticket,
+ SERVICE_NAME,
+ realm,
+ cred, /* filled in */
+ sched, /* filled in */
+ &msg_dat, /* filled in */
+ &laddr, /* filled in */
+ &faddr, /* filled in */
+ authopts
+ );
+
+ if (err > KSUCCESS && err < MAX_KRB_ERRORS) {
+ warnx("krcmd_mutual: %s", krb_get_err_text(err));
+ return(-1);
+ }
+
+ if (err < 0)
+ return (-1);
+ return(sock);
+}
diff --git a/crypto/kerberosIV/appl/bsd/login.c b/crypto/kerberosIV/appl/bsd/login.c
new file mode 100644
index 0000000..c436f8d
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/login.c
@@ -0,0 +1,990 @@
+/*-
+ * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * login [ name ]
+ * login -h hostname (for telnetd, etc.)
+ * login -f name (for pre-authenticated login: datakit, xterm, etc.)
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: login.c,v 1.104 1997/05/20 20:35:06 assar Exp $");
+
+#include <otp.h>
+
+#include "sysv_default.h"
+#ifdef SYSV_SHADOW
+#include "sysv_shadow.h"
+#endif
+
+static void badlogin (char *);
+static void checknologin (void);
+static void dolastlog (int);
+static void getloginname (int);
+static int rootterm (char *);
+static char *stypeof (char *);
+static RETSIGTYPE timedout (int);
+static int doremotelogin (char *);
+void login_fbtab (char *, uid_t, gid_t);
+#ifdef KERBEROS
+int klogin (struct passwd *, char *, char *, char *);
+#endif
+
+#define TTYGRPNAME "tty" /* name of group to own ttys */
+
+/*
+ * This bounds the time given to login. Change it in
+ * `/etc/default/login'.
+ */
+
+static u_int login_timeout;
+
+#ifdef KERBEROS
+int notickets = 1;
+int noticketsdontcomplain = 1;
+char *instance;
+char *krbtkfile_env;
+int authok;
+#endif
+
+#ifdef HAVE_SHADOW_H
+static struct spwd *spwd = NULL;
+#endif
+
+static char *ttyprompt;
+
+static struct passwd *pwd;
+static int failures;
+static char term[64], *hostname, *username, *tty;
+
+static char rusername[100], lusername[100];
+
+static int
+change_passwd(struct passwd *who)
+{
+ int status;
+ int pid;
+ int wpid;
+
+ switch (pid = fork()) {
+ case -1:
+ warn("fork /bin/passwd");
+ sleepexit(1);
+ case 0:
+ execlp("/bin/passwd", "passwd", who->pw_name, (char *) 0);
+ _exit(1);
+ default:
+ while ((wpid = wait(&status)) != -1 && wpid != pid)
+ /* void */ ;
+ return (status);
+ }
+}
+
+#ifndef NO_MOTD /* message of the day stuff */
+
+jmp_buf motdinterrupt;
+
+static RETSIGTYPE
+sigint(int signo)
+{
+ longjmp(motdinterrupt, 1);
+}
+
+static void
+motd(void)
+{
+ int fd, nchars;
+ RETSIGTYPE (*oldint)();
+ char tbuf[8192];
+
+ if ((fd = open(_PATH_MOTDFILE, O_RDONLY, 0)) < 0)
+ return;
+ oldint = signal(SIGINT, sigint);
+ if (setjmp(motdinterrupt) == 0)
+ while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0)
+ write(fileno(stdout), tbuf, nchars);
+ signal(SIGINT, oldint);
+ close(fd);
+}
+
+#endif /* !NO_MOTD */
+
+#define AUTH_NONE 0
+#define AUTH_OTP 1
+
+/*
+ * getpwnam and try to detect the worst form of NIS attack.
+ */
+
+static struct passwd *
+paranoid_getpwnam (char *user)
+{
+ struct passwd *p;
+
+ p = k_getpwnam (user);
+ if (p == NULL)
+ return p;
+ if (p->pw_uid == 0 && strcmp (username, "root") != 0) {
+ syslog (LOG_ALERT,
+ "NIS attack, user %s has uid 0", username);
+ return NULL;
+ }
+ return p;
+}
+
+int
+main(int argc, char **argv)
+{
+ struct group *gr;
+ int ask, ch, cnt, fflag, hflag, pflag, quietlog, nomailcheck;
+ int rootlogin, rval;
+ int rflag;
+ int changepass = 0;
+ uid_t uid;
+ char *domain, *p, passwd[128], *ttyn;
+ char tbuf[MaxPathLen + 2], tname[sizeof(_PATH_TTY) + 10];
+ char localhost[MaxHostNameLen];
+ char full_hostname[MaxHostNameLen];
+ int auth_level = AUTH_NONE;
+ OtpContext otp_ctx;
+ int mask = 022; /* Default umask (set below) */
+ int maxtrys = 5; /* Default number of allowed failed logins */
+
+ set_progname(argv[0]);
+
+ openlog("login", LOG_ODELAY, LOG_AUTH);
+
+ /* Read defaults file and set the login timeout period. */
+ sysv_defaults();
+ login_timeout = atoi(default_timeout);
+ maxtrys = atoi(default_maxtrys);
+ if (sscanf(default_umask, "%o", &mask) != 1 || (mask & ~0777))
+ syslog(LOG_WARNING, "bad umask default: %s", default_umask);
+ else
+ umask(mask);
+
+ signal(SIGALRM, timedout);
+ alarm(login_timeout);
+ signal(SIGQUIT, SIG_IGN);
+ signal(SIGINT, SIG_IGN);
+ setpriority(PRIO_PROCESS, 0, 0);
+
+ /*
+ * -p is used by getty to tell login not to destroy the environment
+ * -f is used to skip a second login authentication
+ * -h is used by other servers to pass the name of the remote
+ * host to login so that it may be placed in utmp and wtmp
+ * -r is used by old-style rlogind to execute the autologin protocol
+ */
+
+ *full_hostname = '\0';
+ domain = NULL;
+ if (k_gethostname(localhost, sizeof(localhost)) < 0)
+ syslog(LOG_ERR, "couldn't get local hostname: %m");
+ else
+ domain = strchr(localhost, '.');
+
+ fflag = hflag = pflag = rflag = 0;
+ uid = getuid();
+ while ((ch = getopt(argc, argv, "a:d:fh:pr:")) != EOF)
+ switch (ch) {
+ case 'a':
+ if (strcmp (optarg, "none") == 0)
+ auth_level = AUTH_NONE;
+ else if (strcmp (optarg, "otp") == 0)
+ auth_level = AUTH_OTP;
+ else
+ warnx ("bad value for -a: %s", optarg);
+ break;
+ case 'd':
+ break;
+ case 'f':
+ fflag = 1;
+ break;
+ case 'h':
+ if (rflag || hflag) {
+ printf("Only one of -r and -h allowed\n");
+ exit(1);
+ }
+ if (uid)
+ errx(1, "-h option: %s", strerror(EPERM));
+ hflag = 1;
+ strncpy(full_hostname, optarg, sizeof(full_hostname)-1);
+ if (domain && (p = strchr(optarg, '.')) &&
+ strcasecmp(p, domain) == 0)
+ *p = 0;
+ hostname = optarg;
+ break;
+ case 'p':
+ if (getuid()) {
+ warnx("-p for super-user only.");
+ exit(1);
+ }
+ pflag = 1;
+ break;
+ case 'r':
+ if (rflag || hflag) {
+ warnx("Only one of -r and -h allowed\n");
+ exit(1);
+ }
+ if (getuid()) {
+ warnx("-r for super-user only.");
+ exit(1);
+ }
+ rflag = 1;
+ strncpy(full_hostname, optarg, sizeof(full_hostname)-1);
+ if (domain && (p = strchr(optarg, '.')) &&
+ strcasecmp(p, domain) == 0)
+ *p = 0;
+ hostname = optarg;
+ fflag = (doremotelogin(full_hostname) == 0);
+ break;
+ case '?':
+ default:
+ if (!uid)
+ syslog(LOG_ERR, "invalid flag %c", ch);
+ fprintf(stderr,
+ "usage: login [-fp] [-a otp]"
+ "[-h hostname | -r hostname] [username]\n");
+ exit(1);
+ }
+ argc -= optind;
+ argv += optind;
+
+ if (geteuid() != 0) {
+ warnx("only root may use login, use su");
+ /* Or install login setuid root, which is not necessary */
+ sleep(10);
+ exit(1);
+ }
+ /*
+ * Figure out if we should ask for the username or not. The name
+ * may be given on the command line or via the environment, and
+ * it may even be in the terminal input queue.
+ */
+ if (rflag) {
+ username = lusername;
+ ask = 0;
+ } else
+ if (*argv && strchr(*argv, '=')) {
+ ask = 1;
+ } else
+ if (*argv && strcmp(*argv, "-") == 0) {
+ argc--;
+ argv++;
+ ask = 1;
+ } else
+ if (*argv) {
+ username = *argv;
+ ask = 0;
+ argc--;
+ argv++;
+ } else if ((ttyprompt = getenv("TTYPROMPT")) && *ttyprompt) {
+ getloginname(0);
+ ask = 0;
+ } else
+ ask = 1;
+
+ /* Default tty settings. */
+ stty_default();
+
+ for (cnt = getdtablesize(); cnt > 2; cnt--)
+ close(cnt);
+
+ /*
+ * Determine the tty name. BSD takes the basename, SYSV4 takes
+ * whatever remains after stripping the "/dev/" prefix. The code
+ * below should produce sensible results in either environment.
+ */
+ ttyn = ttyname(STDIN_FILENO);
+ if (ttyn == NULL || *ttyn == '\0') {
+ snprintf(tname, sizeof(tname), "%s??", _PATH_TTY);
+ ttyn = tname;
+ }
+ if ((tty = strchr(ttyn + 1, '/')))
+ ++tty;
+ else
+ tty = ttyn;
+
+ for (cnt = 0;; ask = 1) {
+ char prompt[128], ss[256];
+ if (ask) {
+ fflag = 0;
+ getloginname(1);
+ }
+ rootlogin = 0;
+ rval = 1;
+#ifdef KERBEROS
+ if ((instance = strchr(username, '.')) != NULL) {
+ if (strcmp(instance, ".root") == 0)
+ rootlogin = 1;
+ *instance++ = '\0';
+ } else
+ instance = "";
+#endif
+ if (strlen(username) > UT_NAMESIZE)
+ username[UT_NAMESIZE] = '\0';
+
+ /*
+ * Note if trying multiple user names; log failures for
+ * previous user name, but don't bother logging one failure
+ * for nonexistent name (mistyped username).
+ */
+ if (failures && strcmp(tbuf, username)) {
+ if (failures > (pwd ? 0 : 1))
+ badlogin(tbuf);
+ failures = 0;
+ }
+ strcpy(tbuf, username);
+
+ pwd = paranoid_getpwnam (username);
+
+ /*
+ * if we have a valid account name, and it doesn't have a
+ * password, or the -f option was specified and the caller
+ * is root or the caller isn't changing their uid, don't
+ * authenticate.
+ */
+ if (pwd) {
+ if (pwd->pw_uid == 0)
+ rootlogin = 1;
+
+ if (fflag && (uid == 0 || uid == pwd->pw_uid)) {
+ /* already authenticated */
+ break;
+ } else if (pwd->pw_passwd[0] == '\0') {
+ /* pretend password okay */
+ rval = 0;
+ goto ttycheck;
+ }
+ }
+
+ fflag = 0;
+
+ setpriority(PRIO_PROCESS, 0, -4);
+
+ if (otp_challenge (&otp_ctx, username,
+ ss, sizeof(ss)) == 0)
+ snprintf (prompt, sizeof(prompt), "%s's %s Password: ",
+ username, ss);
+ else {
+ if (auth_level == AUTH_NONE)
+ snprintf(prompt, sizeof(prompt), "%s's Password: ",
+ username);
+ else {
+ char *s;
+
+ rval = 1;
+ s = otp_error(&otp_ctx);
+ if(s)
+ printf ("OTP: %s\n", s);
+ continue;
+ }
+ }
+
+ if (des_read_pw_string (passwd, sizeof(passwd) - 1, prompt, 0))
+ continue;
+ passwd[sizeof(passwd) - 1] = '\0';
+
+ /* Verify it somehow */
+
+ if (otp_verify_user (&otp_ctx, passwd) == 0)
+ rval = 0;
+ else if (pwd == NULL)
+ ;
+ else if (auth_level == AUTH_NONE) {
+ uid_t pwd_uid = pwd->pw_uid;
+
+ rval = unix_verify_user (username, passwd);
+
+ if (rval == 0)
+ {
+ if (rootlogin && pwd_uid != 0)
+ rootlogin = 0;
+ }
+ else
+ {
+ rval = klogin(pwd, instance, localhost, passwd);
+ if (rval != 0 && rootlogin && pwd_uid != 0)
+ rootlogin = 0;
+ if (rval == 0)
+ authok = 1;
+ }
+ } else {
+ char *s;
+
+ rval = 1;
+ if ((s = otp_error(&otp_ctx)))
+ printf ("OTP: %s\n", s);
+ }
+
+ memset (passwd, 0, sizeof(passwd));
+ setpriority (PRIO_PROCESS, 0, 0);
+
+ /*
+ * Santa Claus, give me a portable and reentrant getpwnam.
+ */
+ pwd = paranoid_getpwnam (username);
+
+ ttycheck:
+ /*
+ * If trying to log in as root without Kerberos,
+ * but with insecure terminal, refuse the login attempt.
+ */
+#ifdef KERBEROS
+ if (authok == 0)
+#endif
+ if (pwd && !rval && rootlogin && !rootterm(tty)
+ && !rootterm(ttyn)) {
+ warnx("%s login refused on this terminal.",
+ pwd->pw_name);
+ if (hostname)
+ syslog(LOG_NOTICE,
+ "LOGIN %s REFUSED FROM %s ON TTY %s",
+ pwd->pw_name, hostname, tty);
+ else
+ syslog(LOG_NOTICE,
+ "LOGIN %s REFUSED ON TTY %s",
+ pwd->pw_name, tty);
+ continue;
+ }
+
+ if (rval == 0)
+ break;
+
+ printf("Login incorrect\n");
+ failures++;
+
+ /* max number of attemps and delays taken from defaults file */
+ /* we allow maxtrys tries, but after 2 we start backing off */
+ if (++cnt > 2) {
+ if (cnt >= maxtrys) {
+ badlogin(username);
+ sleepexit(1);
+ }
+ sleep((u_int)((cnt - 2) * atoi(default_sleep)));
+ }
+ }
+
+ /* committed to login -- turn off timeout */
+ alarm(0);
+
+ endpwent();
+
+#if defined(HAVE_GETUDBNAM) && defined(HAVE_SETLIM)
+ {
+ struct udb *udb;
+ long t;
+ const long maxcpu = 46116860184; /* some random constant */
+ udb = getudbnam(pwd->pw_name);
+ if(udb == UDB_NULL){
+ warnx("Failed to get UDB entry.");
+ exit(1);
+ }
+ t = udb->ue_pcpulim[UDBRC_INTER];
+ if(t == 0 || t > maxcpu)
+ t = CPUUNLIM;
+ else
+ t *= 100 * CLOCKS_PER_SEC;
+
+ if(limit(C_PROC, 0, L_CPU, t) < 0)
+ warn("limit C_PROC");
+
+ t = udb->ue_jcpulim[UDBRC_INTER];
+ if(t == 0 || t > maxcpu)
+ t = CPUUNLIM;
+ else
+ t *= 100 * CLOCKS_PER_SEC;
+
+ if(limit(C_JOBPROCS, 0, L_CPU, t) < 0)
+ warn("limit C_JOBPROCS");
+
+ nice(udb->ue_nice[UDBRC_INTER]);
+ }
+#endif
+ /* if user not super-user, check for disabled logins */
+ if (!rootlogin)
+ checknologin();
+
+ if (chdir(pwd->pw_dir) < 0) {
+ printf("No home directory %s!\n", pwd->pw_dir);
+ if (chdir("/"))
+ exit(0);
+ pwd->pw_dir = "/";
+ printf("Logging in with home = \"/\".\n");
+ }
+
+ quietlog = access(_PATH_HUSHLOGIN, F_OK) == 0;
+ nomailcheck = access(_PATH_NOMAILCHECK, F_OK) == 0;
+
+#if defined(HAVE_PASSWD_CHANGE) && defined(HAVE_PASSWD_EXPIRE)
+ if (pwd->pw_change || pwd->pw_expire)
+ gettimeofday(&tp, (struct timezone *)NULL);
+
+ if (pwd->pw_change)
+ if (tp.tv_sec >= pwd->pw_change) {
+ printf("Sorry -- your password has expired.\n");
+ changepass=1;
+ } else if (pwd->pw_change - tp.tv_sec <
+ 2 * DAYSPERWEEK * SECSPERDAY && !quietlog)
+ printf("Warning: your password expires on %s",
+ ctime(&pwd->pw_change));
+ if (pwd->pw_expire)
+ if (tp.tv_sec >= pwd->pw_expire) {
+ printf("Sorry -- your account has expired.\n");
+ sleepexit(1);
+ } else if (pwd->pw_expire - tp.tv_sec <
+ 2 * DAYSPERWEEK * SECSPERDAY && !quietlog)
+ printf("Warning: your account expires on %s",
+ ctime(&pwd->pw_expire));
+#endif /* defined(HAVE_PASSWD_CHANGE) && defined(HAVE_PASSWD_EXPIRE) */
+
+ /* Nothing else left to fail -- really log in. */
+
+ /*
+ * Update the utmp files, both BSD and SYSV style.
+ */
+ if (utmpx_login(tty, username, hostname ? hostname : "") != 0
+ && !fflag) {
+ printf("No utmpx entry. You must exec \"login\" from the lowest level \"sh\".\n");
+ sleepexit(0);
+ }
+ utmp_login(ttyn, username, hostname ? hostname : "");
+ dolastlog(quietlog);
+
+ /*
+ * Set device protections, depending on what terminal the
+ * user is logged in. This feature is used on Suns to give
+ * console users better privacy.
+ */
+ login_fbtab(tty, pwd->pw_uid, pwd->pw_gid);
+
+ chown(ttyn, pwd->pw_uid,
+ (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid);
+ chmod(ttyn, S_IRUSR | S_IWUSR | S_IWGRP);
+ setgid(pwd->pw_gid);
+
+ initgroups(username, pwd->pw_gid);
+
+ if (*pwd->pw_shell == '\0')
+ pwd->pw_shell = _PATH_BSHELL;
+
+ /*
+ * Set up a new environment. With SYSV, some variables are always
+ * preserved; some varables are never preserved, and some variables
+ * are always clobbered. With BSD, nothing is always preserved, and
+ * some variables are always clobbered. We add code to make sure
+ * that LD_* and IFS are never preserved.
+ */
+ if (term[0] == '\0')
+ strncpy(term, stypeof(tty), sizeof(term));
+ /* set up a somewhat censored environment. */
+ sysv_newenv(argc, argv, pwd, term, pflag);
+#ifdef KERBEROS
+ if (krbtkfile_env)
+ setenv("KRBTKFILE", krbtkfile_env, 1);
+#endif
+
+ if (tty[sizeof("tty")-1] == 'd')
+ syslog(LOG_INFO, "DIALUP %s, %s", tty, pwd->pw_name);
+
+ /* If fflag is on, assume caller/authenticator has logged root login. */
+ if (rootlogin && fflag == 0)
+ if (hostname)
+ syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s FROM %s",
+ username, tty, hostname);
+ else
+ syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s", username, tty);
+
+#ifdef KERBEROS
+ if (!quietlog && notickets == 1 && !noticketsdontcomplain)
+ printf("Warning: no Kerberos tickets issued.\n");
+#endif
+
+#ifdef LOGALL
+ /*
+ * Syslog each successful login, so we don't have to watch hundreds
+ * of wtmp or lastlogin files.
+ */
+ if (hostname) {
+ syslog(LOG_INFO, "login from %s as %s", hostname, pwd->pw_name);
+ } else {
+ syslog(LOG_INFO, "login on %s as %s", tty, pwd->pw_name);
+ }
+#endif
+
+#ifndef NO_MOTD
+ /*
+ * Optionally show the message of the day. System V login leaves
+ * motd and mail stuff up to the shell startup file.
+ */
+ if (!quietlog) {
+ struct stat st;
+#if 0
+ printf("%s\n\t%s %s\n\n",
+ "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994",
+ "The Regents of the University of California. ",
+ "All rights reserved.");
+#endif
+ motd();
+ if(!nomailcheck){
+ snprintf(tbuf, sizeof(tbuf), "%s/%s", _PATH_MAILDIR, pwd->pw_name);
+ if (stat(tbuf, &st) == 0 && st.st_size != 0)
+ printf("You have %smail.\n",
+ (st.st_mtime > st.st_atime) ? "new " : "");
+ }
+ }
+#endif /* NO_MOTD */
+
+#ifdef LOGIN_ACCESS
+ if (login_access(pwd->pw_name, hostname ? full_hostname : tty) == 0) {
+ printf("Permission denied\n");
+ if (hostname)
+ syslog(LOG_NOTICE, "%s LOGIN REFUSED FROM %s",
+ pwd->pw_name, hostname);
+ else
+ syslog(LOG_NOTICE, "%s LOGIN REFUSED ON %s",
+ pwd->pw_name, tty);
+ sleepexit(1);
+ }
+#endif
+
+ signal(SIGALRM, SIG_DFL);
+ signal(SIGQUIT, SIG_DFL);
+ signal(SIGINT, SIG_DFL);
+ signal(SIGTSTP, SIG_IGN);
+
+ tbuf[0] = '-';
+ strcpy(tbuf + 1, (p = strrchr(pwd->pw_shell, '/')) ?
+ p + 1 : pwd->pw_shell);
+
+#ifdef HAVE_SETLOGIN
+ if (setlogin(pwd->pw_name) < 0)
+ syslog(LOG_ERR, "setlogin() failure: %m");
+#endif
+
+#ifdef HAVE_SETPCRED
+ if (setpcred (pwd->pw_name, NULL) == -1)
+ syslog(LOG_ERR, "setpcred() failure: %m");
+#endif /* HAVE_SETPCRED */
+
+#if defined(SYSV_SHADOW) && defined(HAVE_GETSPNAM)
+ spwd = getspnam (username);
+ endspent ();
+#endif
+ /* Discard permissions last so can't get killed and drop core. */
+ {
+ int uid = rootlogin ? 0 : pwd->pw_uid;
+ if(setuid(uid) != 0){
+ warn("setuid(%d)", uid);
+ if(!rootlogin)
+ exit(1);
+ }
+ }
+
+
+ /*
+ * After dropping privileges and after cleaning up the environment,
+ * optionally run, as the user, /bin/passwd.
+ */
+
+ if (pwd->pw_passwd[0] == 0 &&
+ strcasecmp(default_passreq, "YES") == 0) {
+ printf("You don't have a password. Choose one.\n");
+ if (change_passwd(pwd))
+ sleepexit(0);
+ changepass = 0;
+ }
+
+#ifdef SYSV_SHADOW
+ if (spwd && sysv_expire(spwd)) {
+ if (change_passwd(pwd))
+ sleepexit(0);
+ changepass = 0;
+ }
+#endif /* SYSV_SHADOW */
+ if (changepass) {
+ int res;
+ if ((res=system(_PATH_CHPASS)))
+ sleepexit(1);
+ }
+
+ if (k_hasafs()) {
+ char cell[64];
+ k_setpag();
+ if(k_afs_cell_of_file(pwd->pw_dir, cell, sizeof(cell)) == 0)
+ k_afsklog(cell, 0);
+ k_afsklog(0, 0);
+ }
+
+ execlp(pwd->pw_shell, tbuf, 0);
+ if (getuid() == 0) {
+ warnx("Can't exec %s, trying %s\n",
+ pwd->pw_shell, _PATH_BSHELL);
+ execlp(_PATH_BSHELL, tbuf, 0);
+ err(1, "%s", _PATH_BSHELL);
+ }
+ err(1, "%s", pwd->pw_shell);
+ return 1;
+}
+
+#ifdef KERBEROS
+#define NBUFSIZ (UT_NAMESIZE + 1 + 5) /* .root suffix */
+#else
+#define NBUFSIZ (UT_NAMESIZE + 1)
+#endif
+
+static void
+getloginname(int prompt)
+{
+ int ch;
+ char *p;
+ static char nbuf[NBUFSIZ];
+
+ for (;;) {
+ if (prompt)
+ if (ttyprompt && *ttyprompt)
+ printf("%s", ttyprompt);
+ else
+ printf("login: ");
+ prompt = 1;
+ for (p = nbuf; (ch = getchar()) != '\n'; ) {
+ if (ch == EOF) {
+ badlogin(username);
+ exit(0);
+ }
+ if (p < nbuf + (NBUFSIZ - 1))
+ *p++ = ch;
+ }
+ if (p > nbuf)
+ if (nbuf[0] == '-')
+ warnx("login names may not start with '-'.");
+ else {
+ *p = '\0';
+ username = nbuf;
+ break;
+ }
+ }
+}
+
+static int
+rootterm(char *ttyn)
+{
+#ifndef HAVE_TTYENT_H
+ return (default_console == 0 || strcmp(default_console, ttyname(0)) == 0);
+#else
+ struct ttyent *t;
+
+ return ((t = getttynam(ttyn)) && t->ty_status & TTY_SECURE);
+#endif
+}
+
+static RETSIGTYPE
+timedout(int signo)
+{
+ fprintf(stderr, "Login timed out after %d seconds\n",
+ login_timeout);
+ exit(0);
+}
+
+static void
+checknologin(void)
+{
+ int fd, nchars;
+ char tbuf[8192];
+
+ if ((fd = open(_PATH_NOLOGIN, O_RDONLY, 0)) >= 0) {
+ while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0)
+ write(fileno(stdout), tbuf, nchars);
+ sleepexit(0);
+ }
+}
+
+static void
+dolastlog(int quiet)
+{
+#if defined(HAVE_LASTLOG_H) || defined(HAVE_LOGIN_H) || defined(SYSV_SHADOW)
+ struct lastlog ll;
+ int fd;
+
+ if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) {
+ lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET);
+#ifdef SYSV_SHADOW
+ if (read(fd, &ll, sizeof(ll)) == sizeof(ll) &&
+ ll.ll_time != 0) {
+ if (pwd->pw_uid && spwd && spwd->sp_inact > 0
+ && ll.ll_time / (24 * 60 * 60)
+ + spwd->sp_inact < time(0)) {
+ printf("Your account has been inactive too long.\n");
+ sleepexit(1);
+ }
+ if (!quiet) {
+ printf("Last login: %.*s ",
+ 24-5, ctime(&ll.ll_time));
+ if (*ll.ll_host != '\0') {
+ printf("from %.*s\n",
+ (int)sizeof(ll.ll_host),
+ ll.ll_host);
+ } else
+ printf("on %.*s\n",
+ (int)sizeof(ll.ll_line),
+ ll.ll_line);
+ }
+ }
+ lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET);
+#else /* SYSV_SHADOW */
+ if (!quiet) {
+ if (read(fd, &ll, sizeof(ll)) == sizeof(ll) &&
+ ll.ll_time != 0) {
+ printf("Last login: %.*s ",
+ 24-5, ctime(&ll.ll_time));
+ if (*ll.ll_host != '\0')
+ printf("from %.*s\n",
+ (int)sizeof(ll.ll_host),
+ ll.ll_host);
+ else
+ printf("on %.*s\n",
+ (int)sizeof(ll.ll_line),
+ ll.ll_line);
+ }
+ lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET);
+ }
+#endif /* SYSV_SHADOW */
+ memset(&ll, 0, sizeof(ll));
+ time(&ll.ll_time);
+ strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
+ if (hostname)
+ strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));
+ write(fd, &ll, sizeof(ll));
+ close(fd);
+ }
+#endif /* DOLASTLOG */
+}
+
+static void
+badlogin(char *name)
+{
+
+ if (failures == 0)
+ return;
+ if (hostname) {
+ syslog(LOG_NOTICE, "%d LOGIN FAILURE%s FROM %s",
+ failures, failures > 1 ? "S" : "", hostname);
+ syslog(LOG_AUTHPRIV|LOG_NOTICE,
+ "%d LOGIN FAILURE%s FROM %s, %s",
+ failures, failures > 1 ? "S" : "", hostname, name);
+ } else {
+ syslog(LOG_NOTICE, "%d LOGIN FAILURE%s ON %s",
+ failures, failures > 1 ? "S" : "", tty);
+ syslog(LOG_AUTHPRIV|LOG_NOTICE,
+ "%d LOGIN FAILURE%s ON %s, %s",
+ failures, failures > 1 ? "S" : "", tty, name);
+ }
+}
+
+#undef UNKNOWN
+#define UNKNOWN "su"
+
+static char *
+stypeof(char *ttyid)
+{
+ /* TERM is probably a better guess than anything else. */
+ char *term = getenv("TERM");
+
+ if (term != 0 && term[0] != 0)
+ return term;
+
+ {
+#ifndef HAVE_TTYENT_H
+ return UNKNOWN;
+#else
+ struct ttyent *t;
+ return (ttyid && (t = getttynam(ttyid)) ? t->ty_type : UNKNOWN);
+#endif
+ }
+}
+
+static void
+xgetstr(char *buf, int cnt, char *err)
+{
+ char ch;
+
+ do {
+ if (read(0, &ch, sizeof(ch)) != sizeof(ch))
+ exit(1);
+ if (--cnt < 0) {
+ fprintf(stderr, "%s too long\r\n", err);
+ sleepexit(1);
+ }
+ *buf++ = ch;
+ } while (ch);
+}
+
+/*
+ * Some old rlogind's unknowingly pass remuser, locuser and
+ * terminal_type/speed so we need to take care of that part of the
+ * protocol here. Also, we can't make a getpeername(2) on the socket
+ * so we have to trust that rlogind resolved the name correctly.
+ */
+
+static int
+doremotelogin(char *host)
+{
+ int code;
+ char *cp;
+
+ xgetstr(rusername, sizeof (rusername), "remuser");
+ xgetstr(lusername, sizeof (lusername), "locuser");
+ xgetstr(term, sizeof(term), "Terminal type");
+ cp = strchr(term, '/');
+ if (cp != 0)
+ *cp = 0; /* For now ignore speed/bg */
+ pwd = k_getpwnam(lusername);
+ if (pwd == NULL)
+ return(-1);
+ code = ruserok(host, (pwd->pw_uid == 0), rusername, lusername);
+ if (code == 0)
+ syslog(LOG_NOTICE,
+ "Warning: An old rlogind accepted login probably from host %s",
+ host);
+ return(code);
+}
+
+void
+sleepexit(int eval)
+{
+
+ sleep(5);
+ exit(eval);
+}
diff --git a/crypto/kerberosIV/appl/bsd/login_access.c b/crypto/kerberosIV/appl/bsd/login_access.c
new file mode 100644
index 0000000..0e017b1
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/login_access.c
@@ -0,0 +1,221 @@
+ /*
+ * This module implements a simple but effective form of login access
+ * control based on login names and on host (or domain) names, internet
+ * addresses (or network numbers), or on terminal line names in case of
+ * non-networked logins. Diagnostics are reported through syslog(3).
+ *
+ * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: login_access.c,v 1.15 1997/06/01 03:12:28 assar Exp $");
+
+#ifdef LOGIN_ACCESS
+
+ /* Delimiters for fields and for lists of users, ttys or hosts. */
+
+static char fs[] = ":"; /* field separator */
+static char sep[] = ", \t"; /* list-element separator */
+
+ /* Constants to be used in assignments only, not in comparisons... */
+
+#define YES 1
+#define NO 0
+
+static int list_match(char *list, char *item, int (*match_fn)(char *, char *));
+static int user_match(char *tok, char *string);
+static int from_match(char *tok, char *string);
+static int string_match(char *tok, char *string);
+
+/* login_access - match username/group and host/tty with access control file */
+
+int login_access(char *user, char *from)
+{
+ FILE *fp;
+ char line[BUFSIZ];
+ char *perm; /* becomes permission field */
+ char *users; /* becomes list of login names */
+ char *froms; /* becomes list of terminals or hosts */
+ int match = NO;
+ int end;
+ int lineno = 0; /* for diagnostics */
+ char *foo;
+
+ /*
+ * Process the table one line at a time and stop at the first match.
+ * Blank lines and lines that begin with a '#' character are ignored.
+ * Non-comment lines are broken at the ':' character. All fields are
+ * mandatory. The first field should be a "+" or "-" character. A
+ * non-existing table means no access control.
+ */
+
+ if ((fp = fopen(_PATH_LOGACCESS, "r")) != 0) {
+ while (!match && fgets(line, sizeof(line), fp)) {
+ lineno++;
+ if (line[end = strlen(line) - 1] != '\n') {
+ syslog(LOG_ERR, "%s: line %d: missing newline or line too long",
+ _PATH_LOGACCESS, lineno);
+ continue;
+ }
+ if (line[0] == '#')
+ continue; /* comment line */
+ while (end > 0 && isspace(line[end - 1]))
+ end--;
+ line[end] = 0; /* strip trailing whitespace */
+ if (line[0] == 0) /* skip blank lines */
+ continue;
+ foo = NULL;
+ if (!(perm = strtok_r(line, fs, &foo))
+ || !(users = strtok_r(NULL, fs, &foo))
+ || !(froms = strtok_r(NULL, fs, &foo))
+ || strtok_r(NULL, fs, &foo)) {
+ syslog(LOG_ERR, "%s: line %d: bad field count",
+ _PATH_LOGACCESS,
+ lineno);
+ continue;
+ }
+ if (perm[0] != '+' && perm[0] != '-') {
+ syslog(LOG_ERR, "%s: line %d: bad first field",
+ _PATH_LOGACCESS,
+ lineno);
+ continue;
+ }
+ match = (list_match(froms, from, from_match)
+ && list_match(users, user, user_match));
+ }
+ fclose(fp);
+ } else if (errno != ENOENT) {
+ syslog(LOG_ERR, "cannot open %s: %m", _PATH_LOGACCESS);
+ }
+ return (match == 0 || (line[0] == '+'));
+}
+
+/* list_match - match an item against a list of tokens with exceptions */
+
+static int
+list_match(char *list, char *item, int (*match_fn)(char *, char *))
+{
+ char *tok;
+ int match = NO;
+ char *foo = NULL;
+
+ /*
+ * Process tokens one at a time. We have exhausted all possible matches
+ * when we reach an "EXCEPT" token or the end of the list. If we do find
+ * a match, look for an "EXCEPT" list and recurse to determine whether
+ * the match is affected by any exceptions.
+ */
+
+ for (tok = strtok_r(list, sep, &foo);
+ tok != NULL;
+ tok = strtok_r(NULL, sep, &foo)) {
+ if (strcasecmp(tok, "EXCEPT") == 0) /* EXCEPT: give up */
+ break;
+ if ((match = (*match_fn) (tok, item)) != 0) /* YES */
+ break;
+ }
+ /* Process exceptions to matches. */
+
+ if (match != NO) {
+ while ((tok = strtok_r(NULL, sep, &foo)) && strcasecmp(tok, "EXCEPT"))
+ /* VOID */ ;
+ if (tok == 0 || list_match(NULL, item, match_fn) == NO)
+ return (match);
+ }
+ return (NO);
+}
+
+/* netgroup_match - match group against machine or user */
+
+static int netgroup_match(char *group, char *machine, char *user)
+{
+#ifdef HAVE_YP_GET_DEFAULT_DOMAIN
+ static char *mydomain = 0;
+
+ if (mydomain == 0)
+ yp_get_default_domain(&mydomain);
+ return (innetgr(group, machine, user, mydomain));
+#else
+ syslog(LOG_ERR, "NIS netgroup support not configured");
+ return 0;
+#endif
+}
+
+/* user_match - match a username against one token */
+
+static int user_match(char *tok, char *string)
+{
+ struct group *group;
+ int i;
+
+ /*
+ * If a token has the magic value "ALL" the match always succeeds.
+ * Otherwise, return YES if the token fully matches the username, or if
+ * the token is a group that contains the username.
+ */
+
+ if (tok[0] == '@') { /* netgroup */
+ return (netgroup_match(tok + 1, (char *) 0, string));
+ } else if (string_match(tok, string)) { /* ALL or exact match */
+ return (YES);
+ } else if ((group = getgrnam(tok)) != 0) { /* try group membership */
+ for (i = 0; group->gr_mem[i]; i++)
+ if (strcasecmp(string, group->gr_mem[i]) == 0)
+ return (YES);
+ }
+ return (NO);
+}
+
+/* from_match - match a host or tty against a list of tokens */
+
+static int from_match(char *tok, char *string)
+{
+ int tok_len;
+ int str_len;
+
+ /*
+ * If a token has the magic value "ALL" the match always succeeds. Return
+ * YES if the token fully matches the string. If the token is a domain
+ * name, return YES if it matches the last fields of the string. If the
+ * token has the magic value "LOCAL", return YES if the string does not
+ * contain a "." character. If the token is a network number, return YES
+ * if it matches the head of the string.
+ */
+
+ if (tok[0] == '@') { /* netgroup */
+ return (netgroup_match(tok + 1, string, (char *) 0));
+ } else if (string_match(tok, string)) { /* ALL or exact match */
+ return (YES);
+ } else if (tok[0] == '.') { /* domain: match last fields */
+ if ((str_len = strlen(string)) > (tok_len = strlen(tok))
+ && strcasecmp(tok, string + str_len - tok_len) == 0)
+ return (YES);
+ } else if (strcasecmp(tok, "LOCAL") == 0) { /* local: no dots */
+ if (strchr(string, '.') == 0)
+ return (YES);
+ } else if (tok[(tok_len = strlen(tok)) - 1] == '.' /* network */
+ && strncmp(tok, string, tok_len) == 0) {
+ return (YES);
+ }
+ return (NO);
+}
+
+/* string_match - match a string against one token */
+
+static int string_match(char *tok, char *string)
+{
+
+ /*
+ * If the token has the magic value "ALL" the match always succeeds.
+ * Otherwise, return YES if the token fully matches the string.
+ */
+
+ if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */
+ return (YES);
+ } else if (strcasecmp(tok, string) == 0) { /* try exact match */
+ return (YES);
+ }
+ return (NO);
+}
+#endif /* LOGIN_ACCES */
diff --git a/crypto/kerberosIV/appl/bsd/login_fbtab.c b/crypto/kerberosIV/appl/bsd/login_fbtab.c
new file mode 100644
index 0000000..f7f53aa
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/login_fbtab.c
@@ -0,0 +1,144 @@
+/************************************************************************
+* Copyright 1995 by Wietse Venema. All rights reserved.
+*
+* This material was originally written and compiled by Wietse Venema at
+* Eindhoven University of Technology, The Netherlands, in 1990, 1991,
+* 1992, 1993, 1994 and 1995.
+*
+* Redistribution and use in source and binary forms are permitted
+* provided that this entire copyright notice is duplicated in all such
+* copies.
+*
+* This software is provided "as is" and without any expressed or implied
+* warranties, including, without limitation, the implied warranties of
+* merchantibility and fitness for any particular purpose.
+************************************************************************/
+/*
+ SYNOPSIS
+ void login_fbtab(tty, uid, gid)
+ char *tty;
+ uid_t uid;
+ gid_t gid;
+
+ DESCRIPTION
+ This module implements device security as described in the
+ SunOS 4.1.x fbtab(5) and SunOS 5.x logindevperm(4) manual
+ pages. The program first looks for /etc/fbtab. If that file
+ cannot be opened it attempts to process /etc/logindevperm.
+ We expect entries with the folowing format:
+
+ Comments start with a # and extend to the end of the line.
+
+ Blank lines or lines with only a comment are ignored.
+
+ All other lines consist of three fields delimited by
+ whitespace: a login device (/dev/console), an octal
+ permission number (0600), and a ":"-delimited list of
+ devices (/dev/kbd:/dev/mouse). All device names are
+ absolute paths. A path that ends in "/*" refers to all
+ directory entries except "." and "..".
+
+ If the tty argument (relative path) matches a login device
+ name (absolute path), the permissions of the devices in the
+ ":"-delimited list are set as specified in the second
+ field, and their ownership is changed to that of the uid
+ and gid arguments.
+
+ DIAGNOSTICS
+ Problems are reported via the syslog daemon with severity
+ LOG_ERR.
+
+ BUGS
+
+ AUTHOR
+ Wietse Venema (wietse@wzv.win.tue.nl)
+ Eindhoven University of Technology
+ The Netherlands
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: login_fbtab.c,v 1.10 1997/06/01 03:12:54 assar Exp $");
+
+void login_protect (char *, char *, int, uid_t, gid_t);
+void login_fbtab (char *tty, uid_t uid, gid_t gid);
+
+#define WSPACE " \t\n"
+
+/* login_fbtab - apply protections specified in /etc/fbtab or logindevperm */
+
+void
+login_fbtab(char *tty, uid_t uid, gid_t gid)
+{
+ FILE *fp;
+ char buf[BUFSIZ];
+ char *devname;
+ char *cp;
+ int prot;
+ char *table;
+ char *foo;
+
+ if ((fp = fopen(table = _PATH_FBTAB, "r")) == 0
+ && (fp = fopen(table = _PATH_LOGINDEVPERM, "r")) == 0)
+ return;
+
+ while (fgets(buf, sizeof(buf), fp)) {
+ if ((cp = strchr(buf, '#')) != 0)
+ *cp = 0; /* strip comment */
+ foo = NULL;
+ if ((cp = devname = strtok_r(buf, WSPACE, &foo)) == 0)
+ continue; /* empty or comment */
+ if (strncmp(devname, "/dev/", 5) != 0
+ || (cp = strtok_r(NULL, WSPACE, &foo)) == 0
+ || *cp != '0'
+ || sscanf(cp, "%o", &prot) == 0
+ || prot == 0
+ || (prot & 0777) != prot
+ || (cp = strtok_r(NULL, WSPACE, &foo)) == 0) {
+ syslog(LOG_ERR, "%s: bad entry: %s", table, cp ? cp : "(null)");
+ continue;
+ }
+ if (strcmp(devname + 5, tty) == 0) {
+ foo = NULL;
+ for (cp = strtok_r(cp, ":", &foo);
+ cp;
+ cp = strtok_r(NULL, ":", &foo)) {
+ login_protect(table, cp, prot, uid, gid);
+ }
+ }
+ }
+ fclose(fp);
+}
+
+/* login_protect - protect one device entry */
+
+void
+login_protect(char *table, char *path, int mask, uid_t uid, gid_t gid)
+{
+ char buf[BUFSIZ];
+ int pathlen = strlen(path);
+ struct dirent *ent;
+ DIR *dir;
+
+ if (strcmp("/*", path + pathlen - 2) != 0) {
+ if (chmod(path, mask) && errno != ENOENT)
+ syslog(LOG_ERR, "%s: chmod(%s): %m", table, path);
+ if (chown(path, uid, gid) && errno != ENOENT)
+ syslog(LOG_ERR, "%s: chown(%s): %m", table, path);
+ } else {
+ strcpy(buf, path);
+ buf[pathlen - 1] = 0;
+ if ((dir = opendir(buf)) == 0) {
+ syslog(LOG_ERR, "%s: opendir(%s): %m", table, path);
+ } else {
+ while ((ent = readdir(dir)) != 0) {
+ if (strcmp(ent->d_name, ".") != 0
+ && strcmp(ent->d_name, "..") != 0) {
+ strcpy(buf + pathlen - 1, ent->d_name);
+ login_protect(table, buf, mask, uid, gid);
+ }
+ }
+ closedir(dir);
+ }
+ }
+}
diff --git a/crypto/kerberosIV/appl/bsd/pathnames.h b/crypto/kerberosIV/appl/bsd/pathnames.h
new file mode 100644
index 0000000..3c10bff
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/pathnames.h
@@ -0,0 +1,191 @@
+/*
+ * Copyright (c) 1989 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * from: @(#)pathnames.h 5.2 (Berkeley) 4/9/90
+ * $Id: pathnames.h,v 1.23 1996/11/17 06:36:42 joda Exp $
+ */
+
+/******* First fix default path, we stick to _PATH_DEFPATH everywhere */
+
+#if !defined(_PATH_DEFPATH) && defined(_PATH_USERPATH)
+#define _PATH_DEFPATH _PATH_USERPATH
+#endif
+
+#if defined(_PATH_DEFPATH) && !defined(_DEF_PATH)
+#define _DEF_PATH _PATH_DEFPATH
+#endif
+
+#if !defined(_PATH_DEFPATH) && defined(_DEF_PATH)
+#define _PATH_DEFPATH _DEF_PATH
+#endif
+
+#ifndef _PATH_DEFPATH
+#define _PATH_DEFPATH "/usr/ucb:/usr/bin:/bin"
+#define _DEF_PATH _PATH_DEFPATH
+#endif /* !_PATH_DEFPATH */
+
+#ifndef _PATH_DEFSUPATH
+#define _PATH_DEFSUPATH "/usr/sbin:" _DEF_PATH
+#endif /* _PATH_DEFSUPATH */
+
+/******* Default PATH fixed! */
+
+#undef _PATH_RLOGIN /* Redifine rlogin */
+#define _PATH_RLOGIN BINDIR "/rlogin"
+
+#undef _PATH_RSH /* Redifine rsh */
+#define _PATH_RSH BINDIR "/rsh"
+
+#undef _PATH_LOGIN
+#define _PATH_LOGIN BINDIR "/login"
+
+/******* The rest is fallback defaults */
+
+#ifndef _PATH_DEV
+#define _PATH_DEV "/dev/"
+#endif
+
+#ifndef _PATH_CP
+#define _PATH_CP "/bin/cp"
+#endif /* _PATH_CP */
+
+#ifndef _PATH_SHELLS
+#define _PATH_SHELLS "/etc/shells"
+#endif /* _PATH_SHELLS */
+
+#ifndef _PATH_BSHELL
+#define _PATH_BSHELL "/bin/sh"
+#endif /* _PATH_BSHELL */
+
+#ifndef _PATH_CSHELL
+#define _PATH_CSHELL "/bin/csh"
+#endif /* _PATH_CSHELL */
+
+#ifndef _PATH_NOLOGIN
+#define _PATH_NOLOGIN "/etc/nologin"
+#endif /* _PATH_NOLOGIN */
+
+#ifndef _PATH_TTY
+#define _PATH_TTY "/dev/tty"
+#endif /* _PATH_TTY */
+
+#ifndef _PATH_HUSHLOGIN
+#define _PATH_HUSHLOGIN ".hushlogin"
+#endif /* _PATH_HUSHLOGIN */
+
+#ifndef _PATH_NOMAILCHECK
+#define _PATH_NOMAILCHECK ".nomailcheck"
+#endif /* _PATH_NOMAILCHECK */
+
+#ifndef _PATH_MOTDFILE
+#define _PATH_MOTDFILE "/etc/motd"
+#endif /* _PATH_MOTDFILE */
+
+#ifndef _PATH_LOGACCESS
+#define _PATH_LOGACCESS "/etc/login.access"
+#endif /* _PATH_LOGACCESS */
+
+#ifndef _PATH_HEQUIV
+#define _PATH_HEQUIV "/etc/hosts.equiv"
+#endif
+
+#ifndef _PATH_FBTAB
+#define _PATH_FBTAB "/etc/fbtab"
+#endif /* _PATH_FBTAB */
+
+#ifndef _PATH_LOGINDEVPERM
+#define _PATH_LOGINDEVPERM "/etc/logindevperm"
+#endif /* _PATH_LOGINDEVPERM */
+
+#ifndef _PATH_CHPASS
+#define _PATH_CHPASS "/usr/bin/passwd"
+#endif /* _PATH_CHPASS */
+
+#if defined(__hpux)
+#define __FALLBACK_MAILDIR__ "/usr/mail"
+#else
+#define __FALLBACK_MAILDIR__ "/usr/spool/mail"
+#endif
+
+#ifndef KRB4_MAILDIR
+#ifndef _PATH_MAILDIR
+#ifdef MAILDIR
+#define _PATH_MAILDIR MAILDIR
+#else
+#define _PATH_MAILDIR __FALLBACK_MAILDIR__
+#endif
+#endif /* _PATH_MAILDIR */
+#define KRB4_MAILDIR _PATH_MAILDIR
+#endif
+
+#ifndef _PATH_LASTLOG
+#define _PATH_LASTLOG "/var/adm/lastlog"
+#endif
+
+#if defined(UTMP_FILE) && !defined(_PATH_UTMP)
+#define _PATH_UTMP UTMP_FILE
+#endif
+
+#ifndef _PATH_UTMP
+#define _PATH_UTMP "/etc/utmp"
+#endif
+
+#if defined(WTMP_FILE) && !defined(_PATH_WTMP)
+#define _PATH_WTMP WTMP_FILE
+#endif
+
+#ifndef _PATH_WTMP
+#define _PATH_WTMP "/usr/adm/wtmp"
+#endif
+
+#ifndef _PATH_ETC_DEFAULT_LOGIN
+#define _PATH_ETC_DEFAULT_LOGIN "/etc/default/login"
+#endif
+
+#ifndef _PATH_ETC_ENVIRONMENT
+#define _PATH_ETC_ENVIRONMENT "/etc/environment"
+#endif
+
+/*
+ * NeXT KLUDGE ALERT!!!!!!!!!!!!!!!!!!
+ * Some sort of bug in the NEXTSTEP cpp.
+ */
+#ifdef NeXT
+#undef _PATH_DEFSUPATH
+#define _PATH_DEFSUPATH "/usr/sbin:/usr/ucb:/usr/bin:/bin"
+#undef _PATH_RLOGIN
+#define _PATH_RLOGIN "/usr/athena/bin/rlogin"
+#undef _PATH_RSH
+#define _PATH_RSH "/usr/athena/bin/rsh"
+#undef _PATH_LOGIN
+#define _PATH_LOGIN "/usr/athena/bin/login"
+#endif
diff --git a/crypto/kerberosIV/appl/bsd/rcmd_util.c b/crypto/kerberosIV/appl/bsd/rcmd_util.c
new file mode 100644
index 0000000..4669009
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/rcmd_util.c
@@ -0,0 +1,246 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: rcmd_util.c,v 1.15 1997/05/02 14:27:44 assar Exp $");
+
+int
+get_login_port(int kerberos, int encryption)
+{
+ char *service="login";
+ int port=htons(513);
+
+ if(kerberos && encryption){
+ service="eklogin";
+ port=htons(2105);
+ }
+
+ if(kerberos && !encryption){
+ service="klogin";
+ port=htons(543);
+ }
+ return k_getportbyname (service, "tcp", port);
+}
+
+int
+get_shell_port(int kerberos, int encryption)
+{
+ char *service="shell";
+ int port=htons(514);
+
+ if(kerberos && encryption){
+ service="ekshell";
+ port=htons(545);
+ }
+
+ if(kerberos && !encryption){
+ service="kshell";
+ port=htons(544);
+ }
+
+ return k_getportbyname (service, "tcp", port);
+}
+
+/*
+ * On reasonable systems, `cf[gs]et[io]speed' use values of bit/s
+ * directly, and the following functions are just identity functions.
+ * This is however a slower way of doing those
+ * should-be-but-are-not-always idenity functions.
+ */
+
+static struct { int speed; int bps; } conv[] = {
+#ifdef B0
+ {B0, 0},
+#endif
+#ifdef B50
+ {B50, 50},
+#endif
+#ifdef B75
+ {B75, 75},
+#endif
+#ifdef B110
+ {B110, 110},
+#endif
+#ifdef B134
+ {B134, 134},
+#endif
+#ifdef B150
+ {B150, 150},
+#endif
+#ifdef B200
+ {B200, 200},
+#endif
+#ifdef B300
+ {B300, 300},
+#endif
+#ifdef B600
+ {B600, 600},
+#endif
+#ifdef B1200
+ {B1200, 1200},
+#endif
+#ifdef B1800
+ {B1800, 1800},
+#endif
+#ifdef B2400
+ {B2400, 2400},
+#endif
+#ifdef B4800
+ {B4800, 4800},
+#endif
+#ifdef B9600
+ {B9600, 9600},
+#endif
+#ifdef B19200
+ {B19200, 19200},
+#endif
+#ifdef B38400
+ {B38400, 38400},
+#endif
+#ifdef B57600
+ {B57600, 57600},
+#endif
+#ifdef B115200
+ {B115200, 115200},
+#endif
+#ifdef B153600
+ {B153600, 153600},
+#endif
+#ifdef B230400
+ {B230400, 230400},
+#endif
+#ifdef B307200
+ {B307200, 307200},
+#endif
+#ifdef B460800
+ {B460800, 460800},
+#endif
+};
+
+#define N (sizeof(conv)/sizeof(*conv))
+
+int
+speed_t2int (speed_t s)
+{
+ int l, r, m;
+
+ l = 0;
+ r = N - 1;
+ while(l <= r) {
+ m = (l + r) / 2;
+ if (conv[m].speed == s)
+ return conv[m].bps;
+ else if(conv[m].speed < s)
+ l = m + 1;
+ else
+ r = m - 1;
+ }
+ return -1;
+}
+
+/*
+ *
+ */
+
+speed_t
+int2speed_t (int i)
+{
+ int l, r, m;
+
+ l = 0;
+ r = N - 1;
+ while(l <= r) {
+ m = (l + r) / 2;
+ if (conv[m].bps == i)
+ return conv[m].speed;
+ else if(conv[m].bps < i)
+ l = m + 1;
+ else
+ r = m - 1;
+ }
+ return -1;
+}
+
+/*
+ * If there are any IP options on `sock', die.
+ */
+
+void
+ip_options_and_die (int sock, struct sockaddr_in *fromp)
+{
+#if defined(IP_OPTIONS) && defined(HAVE_GETSOCKOPT)
+ u_char optbuf[BUFSIZ/3], *cp;
+ char lbuf[BUFSIZ], *lp;
+ int optsize = sizeof(optbuf), ipproto;
+ struct protoent *ip;
+
+ if ((ip = getprotobyname("ip")) != NULL)
+ ipproto = ip->p_proto;
+ else
+ ipproto = IPPROTO_IP;
+ if (getsockopt(sock, ipproto, IP_OPTIONS,
+ (void *)optbuf, &optsize) == 0 &&
+ optsize != 0) {
+ lp = lbuf;
+ for (cp = optbuf; optsize > 0; cp++, optsize--, lp += 3)
+ snprintf(lp, sizeof(lbuf) - (lp - lbuf), " %2.2x", *cp);
+ syslog(LOG_NOTICE,
+ "Connection received from %s using IP options (dead):%s",
+ inet_ntoa(fromp->sin_addr), lbuf);
+ exit(1);
+ }
+#endif
+}
+
+void
+warning(const char *fmt, ...)
+{
+ char *rstar_no_warn = getenv("RSTAR_NO_WARN");
+ va_list args;
+
+ va_start(args, fmt);
+ if (rstar_no_warn == NULL)
+ rstar_no_warn = "";
+ if (strncmp(rstar_no_warn, "yes", 3) != 0) {
+ /* XXX */
+ fprintf(stderr, "%s: warning, using standard ", __progname);
+ warnx(fmt, args);
+ }
+ va_end(args);
+}
diff --git a/crypto/kerberosIV/appl/bsd/rcp.c b/crypto/kerberosIV/appl/bsd/rcp.c
new file mode 100644
index 0000000..6dfb472
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/rcp.c
@@ -0,0 +1,1019 @@
+/*
+ * Copyright (c) 1983, 1990, 1992, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: rcp.c,v 1.43 1997/05/13 09:41:26 bg Exp $");
+
+/* Globals */
+static char dst_realm_buf[REALM_SZ];
+static char *dest_realm = NULL;
+static int use_kerberos = 1;
+
+static int doencrypt = 0;
+#define OPTIONS "dfKk:prtx"
+
+static int errs, rem;
+static struct passwd *pwd;
+static u_short port;
+static uid_t userid;
+static int pflag, iamremote, iamrecursive, targetshouldbedirectory;
+
+#define CMDNEEDS 64
+static char cmd[CMDNEEDS]; /* must hold "rcp -r -p -d\0" */
+
+void rsource(char *name, struct stat *statp);
+
+#define SERVICE_NAME "rcmd"
+
+CREDENTIALS cred;
+MSG_DAT msg_data;
+struct sockaddr_in foreign, local;
+Key_schedule schedule;
+
+KTEXT_ST ticket;
+AUTH_DAT kdata;
+
+static void
+send_auth(char *h, char *r)
+{
+ int lslen, fslen, status;
+ long opts;
+
+ lslen = sizeof(struct sockaddr_in);
+ if (getsockname(rem, (struct sockaddr *)&local, &lslen) < 0)
+ err(1, "getsockname");
+ fslen = sizeof(struct sockaddr_in);
+ if (getpeername(rem, (struct sockaddr *)&foreign, &fslen) < 0)
+ err(1, "getpeername");
+ if ((r == NULL) || (*r == '\0'))
+ r = krb_realmofhost(h);
+ opts = KOPT_DO_MUTUAL;
+ if ((status = krb_sendauth(opts, rem, &ticket, SERVICE_NAME, h, r,
+ (unsigned long)getpid(), &msg_data, &cred,
+ schedule, &local,
+ &foreign, "KCMDV0.1")) != KSUCCESS)
+ errx(1, "krb_sendauth failure: %s", krb_get_err_text(status));
+}
+
+static void
+answer_auth(void)
+{
+ int lslen, fslen, status;
+ long opts;
+ char inst[INST_SZ], v[9];
+
+ lslen = sizeof(struct sockaddr_in);
+ if (getsockname(rem, (struct sockaddr *)&local, &lslen) < 0)
+ err(1, "getsockname");
+ fslen = sizeof(struct sockaddr_in);
+ if(getpeername(rem, (struct sockaddr *)&foreign, &fslen) < 0)
+ err(1, "getperrname");
+ k_getsockinst(rem, inst, sizeof(inst));
+ opts = KOPT_DO_MUTUAL;
+ if ((status = krb_recvauth(opts, rem, &ticket, SERVICE_NAME, inst,
+ &foreign, &local,
+ &kdata, "", schedule, v)) != KSUCCESS)
+ errx(1, "krb_recvauth failure: %s", krb_get_err_text(status));
+}
+
+static int
+des_read(int fd, char *buf, int len)
+{
+ if (doencrypt)
+ return(des_enc_read(fd, buf, len, schedule,
+ (iamremote? &kdata.session : &cred.session)));
+ else
+ return(read(fd, buf, len));
+}
+
+static int
+des_write(int fd, char *buf, int len)
+{
+ if (doencrypt)
+ return(des_enc_write(fd, buf, len, schedule,
+ (iamremote? &kdata.session : &cred.session)));
+ else
+ return(write(fd, buf, len));
+}
+
+static void run_err(const char *fmt, ...)
+#ifdef __GNUC__
+__attribute__ ((format (printf, 1, 2)))
+#endif
+;
+
+
+static void
+run_err(const char *fmt, ...)
+{
+ char errbuf[1024];
+
+ va_list args;
+ va_start(args, fmt);
+ ++errs;
+#define RCPERR "\001rcp: "
+ strcpy (errbuf, RCPERR);
+ vsnprintf (errbuf + strlen(RCPERR), sizeof(errbuf) - strlen(RCPERR),
+ fmt, args);
+ strcat (errbuf, "\n");
+ des_write (rem, errbuf, strlen(errbuf));
+ if (!iamremote)
+ vwarnx(fmt, args);
+ va_end(args);
+}
+
+static void
+verifydir(char *cp)
+{
+ struct stat stb;
+
+ if (!stat(cp, &stb)) {
+ if (S_ISDIR(stb.st_mode))
+ return;
+ errno = ENOTDIR;
+ }
+ run_err("%s: %s", cp, strerror(errno));
+ exit(1);
+}
+
+#define ROUNDUP(x, y) ((((x)+((y)-1))/(y))*(y))
+
+static BUF *
+allocbuf(BUF *bp, int fd, int blksize)
+{
+ struct stat stb;
+ size_t size;
+
+ if (fstat(fd, &stb) < 0) {
+ run_err("fstat: %s", strerror(errno));
+ return (0);
+ }
+#ifdef HAVE_ST_BLKSIZE
+ size = ROUNDUP(stb.st_blksize, blksize);
+#else
+ size = blksize;
+#endif
+ if (size == 0)
+ size = blksize;
+ if (bp->cnt >= size)
+ return (bp);
+ if (bp->buf == NULL)
+ bp->buf = malloc(size);
+ else
+ bp->buf = realloc(bp->buf, size);
+ if (bp->buf == NULL) {
+ bp->cnt = 0;
+ run_err("%s", strerror(errno));
+ return (0);
+ }
+ bp->cnt = size;
+ return (bp);
+}
+
+static void
+usage(void)
+{
+ fprintf(stderr, "%s\n\t%s\n",
+ "usage: rcp [-Kpx] [-k realm] f1 f2",
+ "or: rcp [-Kprx] [-k realm] f1 ... fn directory");
+ exit(1);
+}
+
+static void
+oldw(const char *s)
+{
+ char *rstar_no_warn = getenv("RSTAR_NO_WARN");
+ if (rstar_no_warn == 0)
+ rstar_no_warn = "";
+ if (strncmp(rstar_no_warn, "yes", 3) != 0)
+ warnx("%s, using standard rcp", s);
+}
+
+static RETSIGTYPE
+lostconn(int signo)
+{
+ if (!iamremote)
+ warnx("lost connection");
+ exit(1);
+}
+
+static int
+response(void)
+{
+ char ch, *cp, resp, rbuf[BUFSIZ];
+
+ if (des_read(rem, &resp, sizeof(resp)) != sizeof(resp))
+ lostconn(0);
+
+ cp = rbuf;
+ switch(resp) {
+ case 0: /* ok */
+ return (0);
+ default:
+ *cp++ = resp;
+ /* FALLTHROUGH */
+ case 1: /* error, followed by error msg */
+ case 2: /* fatal error, "" */
+ do {
+ if (des_read(rem, &ch, sizeof(ch)) != sizeof(ch))
+ lostconn(0);
+ *cp++ = ch;
+ } while (cp < &rbuf[BUFSIZ] && ch != '\n');
+
+ if (!iamremote)
+ write(STDERR_FILENO, rbuf, cp - rbuf);
+ ++errs;
+ if (resp == 1)
+ return (-1);
+ exit(1);
+ }
+ /* NOTREACHED */
+}
+
+static void
+source(int argc, char **argv)
+{
+ struct stat stb;
+ static BUF buffer;
+ BUF *bp;
+ off_t i;
+ int amt, fd, haderr, indx, result;
+ char *last, *name, buf[BUFSIZ];
+
+ for (indx = 0; indx < argc; ++indx) {
+ name = argv[indx];
+ if ((fd = open(name, O_RDONLY, 0)) < 0)
+ goto syserr;
+ if (fstat(fd, &stb)) {
+syserr: run_err("%s: %s", name, strerror(errno));
+ goto next;
+ }
+ switch (stb.st_mode & S_IFMT) {
+ case S_IFREG:
+ break;
+ case S_IFDIR:
+ if (iamrecursive) {
+ rsource(name, &stb);
+ goto next;
+ }
+ /* FALLTHROUGH */
+ default:
+ run_err("%s: not a regular file", name);
+ goto next;
+ }
+ if ((last = strrchr(name, '/')) == NULL)
+ last = name;
+ else
+ ++last;
+ if (pflag) {
+ /*
+ * Make it compatible with possible future
+ * versions expecting microseconds.
+ */
+ snprintf(buf, sizeof(buf), "T%ld 0 %ld 0\n",
+ (long)stb.st_mtime, (long)stb.st_atime);
+ des_write(rem, buf, strlen(buf));
+ if (response() < 0)
+ goto next;
+ }
+ snprintf(buf, sizeof(buf), "C%04o %ld %s\n",
+ (int)stb.st_mode & MODEMASK, (long) stb.st_size, last);
+ des_write(rem, buf, strlen(buf));
+ if (response() < 0)
+ goto next;
+ if ((bp = allocbuf(&buffer, fd, BUFSIZ)) == NULL) {
+next: close(fd);
+ continue;
+ }
+
+ /* Keep writing after an error so that we stay sync'd up. */
+ for (haderr = i = 0; i < stb.st_size; i += bp->cnt) {
+ amt = bp->cnt;
+ if (i + amt > stb.st_size)
+ amt = stb.st_size - i;
+ if (!haderr) {
+ result = read(fd, bp->buf, amt);
+ if (result != amt)
+ haderr = result >= 0 ? EIO : errno;
+ }
+ if (haderr)
+ des_write(rem, bp->buf, amt);
+ else {
+ result = des_write(rem, bp->buf, amt);
+ if (result != amt)
+ haderr = result >= 0 ? EIO : errno;
+ }
+ }
+ if (close(fd) && !haderr)
+ haderr = errno;
+ if (!haderr)
+ des_write(rem, "", 1);
+ else
+ run_err("%s: %s", name, strerror(haderr));
+ response();
+ }
+}
+
+void
+rsource(char *name, struct stat *statp)
+{
+ DIR *dirp;
+ struct dirent *dp;
+ char *last, *vect[1], path[MaxPathLen];
+
+ if (!(dirp = opendir(name))) {
+ run_err("%s: %s", name, strerror(errno));
+ return;
+ }
+ last = strrchr(name, '/');
+ if (last == 0)
+ last = name;
+ else
+ last++;
+ if (pflag) {
+ snprintf(path, sizeof(path), "T%ld 0 %ld 0\n",
+ (long)statp->st_mtime, (long)statp->st_atime);
+ des_write(rem, path, strlen(path));
+ if (response() < 0) {
+ closedir(dirp);
+ return;
+ }
+ }
+ snprintf(path, sizeof(path),
+ "D%04o %d %s\n", (int)statp->st_mode & MODEMASK, 0, last);
+ des_write(rem, path, strlen(path));
+ if (response() < 0) {
+ closedir(dirp);
+ return;
+ }
+ while ((dp = readdir(dirp))) {
+ if (dp->d_ino == 0)
+ continue;
+ if (!strcmp(dp->d_name, ".") || !strcmp(dp->d_name, ".."))
+ continue;
+ if (strlen(name) + 1 + strlen(dp->d_name) >= MaxPathLen - 1) {
+ run_err("%s/%s: name too long", name, dp->d_name);
+ continue;
+ }
+ if (snprintf(path, sizeof(path),
+ "%s/%s", name, dp->d_name) >= sizeof(path)) {
+ run_err("%s/%s: name too long", name, dp->d_name);
+ continue;
+ }
+ vect[0] = path;
+ source(1, vect);
+ }
+ closedir(dirp);
+ des_write(rem, "E\n", 2);
+ response();
+}
+
+static int
+kerberos(char **host, char *bp, char *locuser, char *user)
+{
+ int sock = -1, err;
+again:
+ if (use_kerberos) {
+ rem = KSUCCESS;
+ errno = 0;
+ if (dest_realm == NULL)
+ dest_realm = krb_realmofhost(*host);
+
+#if 0
+ rem = krcmd(host, port, user, bp, 0, dest_realm);
+#else
+ err = kcmd(
+ &sock,
+ host,
+ port,
+ NULL, /* locuser not used */
+ user,
+ bp,
+ 0,
+ &ticket,
+ SERVICE_NAME,
+ dest_realm,
+ (CREDENTIALS *) NULL, /* credentials not used */
+ 0, /* key schedule not used */
+ (MSG_DAT *) NULL, /* MSG_DAT not used */
+ (struct sockaddr_in *) NULL, /* local addr not used */
+ (struct sockaddr_in *) NULL, /* foreign addr not used */
+ 0L); /* authopts */
+ if (err > KSUCCESS && err < MAX_KRB_ERRORS) {
+ warnx("kcmd: %s", krb_get_err_text(err));
+ rem = -1;
+ } else if (err < 0)
+ rem = -1;
+ else
+ rem = sock;
+#endif
+ if (rem < 0) {
+ use_kerberos = 0;
+ port = get_shell_port(use_kerberos, 0);
+ if (errno == ECONNREFUSED)
+ oldw("remote host doesn't support Kerberos");
+ else if (errno == ENOENT)
+ oldw("can't provide Kerberos authentication data");
+ goto again;
+ }
+ } else {
+ if (doencrypt)
+ errx(1,
+ "the -x option requires Kerberos authentication");
+ if (geteuid() != 0) {
+ errx(1, "not installed setuid root, "
+ "only root may use non kerberized rcp");
+ }
+ rem = rcmd(host, port, locuser, user, bp, 0);
+ }
+ return (rem);
+}
+
+static void
+toremote(char *targ, int argc, char **argv)
+{
+ int i, len;
+#ifdef IP_TOS
+ int tos;
+#endif
+ char *bp, *host, *src, *suser, *thost, *tuser;
+
+ *targ++ = 0;
+ if (*targ == 0)
+ targ = ".";
+
+ if ((thost = strchr(argv[argc - 1], '@'))) {
+ /* user@host */
+ *thost++ = 0;
+ tuser = argv[argc - 1];
+ if (*tuser == '\0')
+ tuser = NULL;
+ else if (!okname(tuser))
+ exit(1);
+ } else {
+ thost = argv[argc - 1];
+ tuser = NULL;
+ }
+
+ for (i = 0; i < argc - 1; i++) {
+ src = colon(argv[i]);
+ if (src) { /* remote to remote */
+ *src++ = 0;
+ if (*src == 0)
+ src = ".";
+ host = strchr(argv[i], '@');
+ len = strlen(_PATH_RSH) + strlen(argv[i]) +
+ strlen(src) + (tuser ? strlen(tuser) : 0) +
+ strlen(thost) + strlen(targ) + CMDNEEDS + 20;
+ if (!(bp = malloc(len)))
+ err(1, " ");
+ if (host) {
+ *host++ = 0;
+ suser = argv[i];
+ if (*suser == '\0')
+ suser = pwd->pw_name;
+ else if (!okname(suser))
+ continue;
+ snprintf(bp, len,
+ "%s %s -l %s -n %s %s '%s%s%s:%s'",
+ _PATH_RSH, host, suser, cmd, src,
+ tuser ? tuser : "", tuser ? "@" : "",
+ thost, targ);
+ } else
+ snprintf(bp, len,
+ "exec %s %s -n %s %s '%s%s%s:%s'",
+ _PATH_RSH, argv[i], cmd, src,
+ tuser ? tuser : "", tuser ? "@" : "",
+ thost, targ);
+ susystem(bp, userid);
+ free(bp);
+ } else { /* local to remote */
+ if (rem == -1) {
+ len = strlen(targ) + CMDNEEDS + 20;
+ if (!(bp = malloc(len)))
+ err(1, " ");
+ snprintf(bp, len, "%s -t %s", cmd, targ);
+ host = thost;
+ if (use_kerberos)
+ rem = kerberos(&host, bp,
+#ifdef __CYGWIN32__
+ tuser,
+#else
+ pwd->pw_name,
+#endif
+ tuser ? tuser : pwd->pw_name);
+ else
+ rem = rcmd(&host, port,
+#ifdef __CYGWIN32__
+ tuser,
+#else
+ pwd->pw_name,
+#endif
+ tuser ? tuser : pwd->pw_name,
+ bp, 0);
+ if (rem < 0)
+ exit(1);
+#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
+ tos = IPTOS_THROUGHPUT;
+ if (setsockopt(rem, IPPROTO_IP, IP_TOS,
+ (void *)&tos, sizeof(int)) < 0)
+ warn("TOS (ignored)");
+#endif /* IP_TOS */
+ if (doencrypt)
+ send_auth(host, dest_realm);
+ if (response() < 0)
+ exit(1);
+ free(bp);
+ setuid(userid);
+ }
+ source(1, argv+i);
+ }
+ }
+}
+
+static void
+sink(int argc, char **argv)
+{
+ static BUF buffer;
+ struct stat stb;
+ struct timeval tv[2];
+ enum { YES, NO, DISPLAYED } wrerr;
+ BUF *bp;
+ off_t i, j;
+ int amt, count, exists, first, mask, mode, ofd, omode;
+ int setimes, size, targisdir, wrerrno=0;
+ char ch, *cp, *np, *targ, *why, *vect[1], buf[BUFSIZ];
+
+#define atime tv[0]
+#define mtime tv[1]
+#define SCREWUP(str) { why = str; goto screwup; }
+
+ setimes = targisdir = 0;
+ mask = umask(0);
+ if (!pflag)
+ umask(mask);
+ if (argc != 1) {
+ run_err("ambiguous target");
+ exit(1);
+ }
+ targ = *argv;
+ if (targetshouldbedirectory)
+ verifydir(targ);
+ des_write(rem, "", 1);
+ if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode))
+ targisdir = 1;
+ for (first = 1;; first = 0) {
+ cp = buf;
+ if (des_read(rem, cp, 1) <= 0)
+ return;
+ if (*cp++ == '\n')
+ SCREWUP("unexpected <newline>");
+ do {
+ if (des_read(rem, &ch, sizeof(ch)) != sizeof(ch))
+ SCREWUP("lost connection");
+ *cp++ = ch;
+ } while (cp < &buf[BUFSIZ - 1] && ch != '\n');
+ *cp = 0;
+
+ if (buf[0] == '\01' || buf[0] == '\02') {
+ if (iamremote == 0)
+ write(STDERR_FILENO,
+ buf + 1, strlen(buf + 1));
+ if (buf[0] == '\02')
+ exit(1);
+ ++errs;
+ continue;
+ }
+ if (buf[0] == 'E') {
+ des_write(rem, "", 1);
+ return;
+ }
+
+ if (ch == '\n')
+ *--cp = 0;
+
+#define getnum(t) (t) = 0; while (isdigit(*cp)) (t) = (t) * 10 + (*cp++ - '0');
+ cp = buf;
+ if (*cp == 'T') {
+ setimes++;
+ cp++;
+ getnum(mtime.tv_sec);
+ if (*cp++ != ' ')
+ SCREWUP("mtime.sec not delimited");
+ getnum(mtime.tv_usec);
+ if (*cp++ != ' ')
+ SCREWUP("mtime.usec not delimited");
+ getnum(atime.tv_sec);
+ if (*cp++ != ' ')
+ SCREWUP("atime.sec not delimited");
+ getnum(atime.tv_usec);
+ if (*cp++ != '\0')
+ SCREWUP("atime.usec not delimited");
+ des_write(rem, "", 1);
+ continue;
+ }
+ if (*cp != 'C' && *cp != 'D') {
+ /*
+ * Check for the case "rcp remote:foo\* local:bar".
+ * In this case, the line "No match." can be returned
+ * by the shell before the rcp command on the remote is
+ * executed so the ^Aerror_message convention isn't
+ * followed.
+ */
+ if (first) {
+ run_err("%s", cp);
+ exit(1);
+ }
+ SCREWUP("expected control record");
+ }
+ mode = 0;
+ for (++cp; cp < buf + 5; cp++) {
+ if (*cp < '0' || *cp > '7')
+ SCREWUP("bad mode");
+ mode = (mode << 3) | (*cp - '0');
+ }
+ if (*cp++ != ' ')
+ SCREWUP("mode not delimited");
+
+ for (size = 0; isdigit(*cp);)
+ size = size * 10 + (*cp++ - '0');
+ if (*cp++ != ' ')
+ SCREWUP("size not delimited");
+ if (targisdir) {
+ static char *namebuf;
+ static int cursize;
+ size_t need;
+
+ need = strlen(targ) + strlen(cp) + 250;
+ if (need > cursize) {
+ if (!(namebuf = malloc(need)))
+ run_err("%s", strerror(errno));
+ }
+ snprintf(namebuf, need, "%s%s%s", targ,
+ *targ ? "/" : "", cp);
+ np = namebuf;
+ } else
+ np = targ;
+ exists = stat(np, &stb) == 0;
+ if (buf[0] == 'D') {
+ int mod_flag = pflag;
+ if (exists) {
+ if (!S_ISDIR(stb.st_mode)) {
+ errno = ENOTDIR;
+ goto bad;
+ }
+ if (pflag)
+ chmod(np, mode);
+ } else {
+ /* Handle copying from a read-only directory */
+ mod_flag = 1;
+ if (mkdir(np, mode | S_IRWXU) < 0)
+ goto bad;
+ }
+ vect[0] = np;
+ sink(1, vect);
+ if (setimes) {
+ struct utimbuf times;
+ times.actime = atime.tv_sec;
+ times.modtime = mtime.tv_sec;
+ setimes = 0;
+ if (utime(np, &times) < 0)
+ run_err("%s: set times: %s",
+ np, strerror(errno));
+ }
+ if (mod_flag)
+ chmod(np, mode);
+ continue;
+ }
+ omode = mode;
+ mode |= S_IWRITE;
+ if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) {
+bad: run_err("%s: %s", np, strerror(errno));
+ continue;
+ }
+ des_write(rem, "", 1);
+ if ((bp = allocbuf(&buffer, ofd, BUFSIZ)) == NULL) {
+ close(ofd);
+ continue;
+ }
+ cp = bp->buf;
+ wrerr = NO;
+ for (count = i = 0; i < size; i += BUFSIZ) {
+ amt = BUFSIZ;
+ if (i + amt > size)
+ amt = size - i;
+ count += amt;
+ do {
+ j = des_read(rem, cp, amt);
+ if (j <= 0) {
+ run_err("%s", j ? strerror(errno) :
+ "dropped connection");
+ exit(1);
+ }
+ amt -= j;
+ cp += j;
+ } while (amt > 0);
+ if (count == bp->cnt) {
+ /* Keep reading so we stay sync'd up. */
+ if (wrerr == NO) {
+ j = write(ofd, bp->buf, count);
+ if (j != count) {
+ wrerr = YES;
+ wrerrno = j >= 0 ? EIO : errno;
+ }
+ }
+ count = 0;
+ cp = bp->buf;
+ }
+ }
+ if (count != 0 && wrerr == NO &&
+ (j = write(ofd, bp->buf, count)) != count) {
+ wrerr = YES;
+ wrerrno = j >= 0 ? EIO : errno;
+ }
+ if (ftruncate(ofd, size)) {
+ run_err("%s: truncate: %s", np, strerror(errno));
+ wrerr = DISPLAYED;
+ }
+ if (pflag) {
+ if (exists || omode != mode)
+#ifdef HAVE_FCHMOD
+ if (fchmod(ofd, omode))
+#else
+ if (chmod(np, omode))
+#endif
+ run_err("%s: set mode: %s",
+ np, strerror(errno));
+ } else {
+ if (!exists && omode != mode)
+#ifdef HAVE_FCHMOD
+ if (fchmod(ofd, omode & ~mask))
+#else
+ if (chmod(np, omode & ~mask))
+#endif
+ run_err("%s: set mode: %s",
+ np, strerror(errno));
+ }
+ close(ofd);
+ response();
+ if (setimes && wrerr == NO) {
+ struct utimbuf times;
+ times.actime = atime.tv_sec;
+ times.modtime = mtime.tv_sec;
+ setimes = 0;
+ if (utime(np, &times) < 0) {
+ run_err("%s: set times: %s",
+ np, strerror(errno));
+ wrerr = DISPLAYED;
+ }
+ }
+ switch(wrerr) {
+ case YES:
+ run_err("%s: %s", np, strerror(wrerrno));
+ break;
+ case NO:
+ des_write(rem, "", 1);
+ break;
+ case DISPLAYED:
+ break;
+ }
+ }
+screwup:
+ run_err("protocol error: %s", why);
+ exit(1);
+}
+
+static void
+tolocal(int argc, char **argv)
+{
+ int i, len;
+#ifdef IP_TOS
+ int tos;
+#endif
+ char *bp, *host, *src, *suser;
+
+ for (i = 0; i < argc - 1; i++) {
+ if (!(src = colon(argv[i]))) { /* Local to local. */
+ len = strlen(_PATH_CP) + strlen(argv[i]) +
+ strlen(argv[argc - 1]) + 20;
+ if (!(bp = malloc(len)))
+ err(1, " ");
+ snprintf(bp, len, "exec %s%s%s %s %s", _PATH_CP,
+ iamrecursive ? " -r" : "", pflag ? " -p" : "",
+ argv[i], argv[argc - 1]);
+ if (susystem(bp, userid))
+ ++errs;
+ free(bp);
+ continue;
+ }
+ *src++ = 0;
+ if (*src == 0)
+ src = ".";
+ if ((host = strchr(argv[i], '@')) == NULL) {
+#ifdef __CYGWIN32__
+ errx (1, "Sorry, you need to specify the username");
+#else
+ host = argv[i];
+ suser = pwd->pw_name;
+#endif
+ } else {
+ *host++ = 0;
+ suser = argv[i];
+ if (*suser == '\0')
+#ifdef __CYGWIN32__
+ errx (1, "Sorry, you need to specify the username");
+#else
+ suser = pwd->pw_name;
+#endif
+ else if (!okname(suser))
+ continue;
+ }
+ len = strlen(src) + CMDNEEDS + 20;
+ if ((bp = malloc(len)) == NULL)
+ err(1, " ");
+ snprintf(bp, len, "%s -f %s", cmd, src);
+ rem =
+ use_kerberos ?
+ kerberos(&host, bp,
+#ifndef __CYGWIN32__
+ pwd->pw_name,
+#else
+ suser,
+#endif
+ suser) :
+ rcmd(&host, port,
+#ifndef __CYGWIN32__
+ pwd->pw_name,
+#else
+ suser,
+#endif
+ suser, bp, 0);
+ free(bp);
+ if (rem < 0) {
+ ++errs;
+ continue;
+ }
+ seteuid(userid);
+#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
+ tos = IPTOS_THROUGHPUT;
+ if (setsockopt(rem, IPPROTO_IP, IP_TOS, (void *)&tos,
+ sizeof(int)) < 0)
+ warn("TOS (ignored)");
+#endif /* IP_TOS */
+ if (doencrypt)
+ send_auth(host, dest_realm);
+ sink(1, argv + argc - 1);
+ seteuid(0);
+ close(rem);
+ rem = -1;
+ }
+}
+
+
+int
+main(int argc, char **argv)
+{
+ int ch, fflag, tflag;
+ char *targ;
+
+ set_progname(argv[0]);
+ fflag = tflag = 0;
+ while ((ch = getopt(argc, argv, OPTIONS)) != EOF)
+ switch(ch) { /* User-visible flags. */
+ case 'K':
+ use_kerberos = 0;
+ break;
+ case 'k':
+ dest_realm = dst_realm_buf;
+ strncpy(dst_realm_buf, optarg, REALM_SZ);
+ break;
+ case 'x':
+ doencrypt = 1;
+ LEFT_JUSTIFIED = 1;
+ break;
+ case 'p':
+ pflag = 1;
+ break;
+ case 'r':
+ iamrecursive = 1;
+ break;
+ /* Server options. */
+ case 'd':
+ targetshouldbedirectory = 1;
+ break;
+ case 'f': /* "from" */
+ iamremote = 1;
+ fflag = 1;
+ break;
+ case 't': /* "to" */
+ iamremote = 1;
+ tflag = 1;
+ break;
+ case '?':
+ default:
+ usage();
+ }
+ argc -= optind;
+ argv += optind;
+
+ /* Rcp implements encrypted file transfer without using the
+ * kshell service, pass 0 for no encryption */
+ port = get_shell_port(use_kerberos, 0);
+
+#ifndef __CYGWIN32__
+ if ((pwd = k_getpwuid(userid = getuid())) == NULL)
+ errx(1, "unknown user %d", (int)userid);
+#endif
+
+ rem = STDIN_FILENO; /* XXX */
+
+ if (fflag) { /* Follow "protocol", send data. */
+ if (doencrypt)
+ answer_auth();
+ response();
+ setuid(userid);
+ if (k_hasafs()) {
+ /* Sometimes we will need cell specific tokens
+ * to be able to read and write files, thus,
+ * the token stuff done in rshd might not
+ * suffice.
+ */
+ char cell[64];
+ if (k_afs_cell_of_file(pwd->pw_dir,
+ cell, sizeof(cell)) == 0)
+ k_afsklog(cell, 0);
+ k_afsklog(0, 0);
+ }
+ source(argc, argv);
+ exit(errs);
+ }
+
+ if (tflag) { /* Receive data. */
+ if (doencrypt)
+ answer_auth();
+ setuid(userid);
+ if (k_hasafs()) {
+ char cell[64];
+ if (k_afs_cell_of_file(pwd->pw_dir,
+ cell, sizeof(cell)) == 0)
+ k_afsklog(cell, 0);
+ k_afsklog(0, 0);
+ }
+ sink(argc, argv);
+ exit(errs);
+ }
+
+ if (argc < 2)
+ usage();
+ if (argc > 2)
+ targetshouldbedirectory = 1;
+
+ rem = -1;
+ /* Command to be executed on remote system using "rsh". */
+ snprintf(cmd, sizeof(cmd),
+ "rcp%s%s%s%s", iamrecursive ? " -r" : "",
+ (doencrypt && use_kerberos ? " -x" : ""),
+ pflag ? " -p" : "", targetshouldbedirectory ? " -d" : "");
+
+ signal(SIGPIPE, lostconn);
+
+ if ((targ = colon(argv[argc - 1]))) /* Dest is remote host. */
+ toremote(targ, argc, argv);
+ else {
+ tolocal(argc, argv); /* Dest is local host. */
+ if (targetshouldbedirectory)
+ verifydir(argv[argc - 1]);
+ }
+ exit(errs);
+}
diff --git a/crypto/kerberosIV/appl/bsd/rcp_util.c b/crypto/kerberosIV/appl/bsd/rcp_util.c
new file mode 100644
index 0000000..6f0c5f0
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/rcp_util.c
@@ -0,0 +1,97 @@
+/*-
+ * Copyright (c) 1992, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: rcp_util.c,v 1.7 1996/11/17 20:23:05 assar Exp $");
+
+char *
+colon(char *cp)
+{
+ if (*cp == ':') /* Leading colon is part of file name. */
+ return (0);
+
+ for (; *cp; ++cp) {
+ if (*cp == ':')
+ return (cp);
+ if (*cp == '/')
+ return (0);
+ }
+ return (0);
+}
+
+int
+okname(char *cp0)
+{
+ int c;
+ char *cp;
+
+ cp = cp0;
+ do {
+ c = *cp;
+ if (c & 0200)
+ goto bad;
+ if (!isalpha(c) && !isdigit(c) && c != '_' && c != '-')
+ goto bad;
+ } while (*++cp);
+ return (1);
+
+bad: warnx("%s: invalid user name", cp0);
+ return (0);
+}
+
+int
+susystem(char *s, int userid)
+{
+ RETSIGTYPE (*istat)(), (*qstat)();
+ int status;
+ pid_t pid;
+
+ pid = fork();
+ switch (pid) {
+ case -1:
+ return (127);
+
+ case 0:
+ setuid(userid);
+ execl(_PATH_BSHELL, "sh", "-c", s, NULL);
+ _exit(127);
+ }
+ istat = signal(SIGINT, SIG_IGN);
+ qstat = signal(SIGQUIT, SIG_IGN);
+ if (waitpid(pid, &status, 0) < 0)
+ status = -1;
+ signal(SIGINT, istat);
+ signal(SIGQUIT, qstat);
+ return (status);
+}
diff --git a/crypto/kerberosIV/appl/bsd/rlogin.c b/crypto/kerberosIV/appl/bsd/rlogin.c
new file mode 100644
index 0000000..27aa8f0
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/rlogin.c
@@ -0,0 +1,707 @@
+/*
+ * Copyright (c) 1983, 1990, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * rlogin - remote login
+ */
+#include "bsd_locl.h"
+
+RCSID("$Id: rlogin.c,v 1.61 1997/05/25 01:14:47 assar Exp $");
+
+CREDENTIALS cred;
+Key_schedule schedule;
+int use_kerberos = 1, doencrypt;
+char dst_realm_buf[REALM_SZ], *dest_realm = NULL;
+
+#ifndef CCEQ
+#define c2uc(x) ((unsigned char) x)
+#define CCEQ__(val, c) (c == val ? val != c2uc(_POSIX_VDISABLE) : 0)
+#define CCEQ(val, c) CCEQ__(c2uc(val), c2uc(c))
+#endif
+
+int eight, rem;
+struct termios deftty;
+
+int noescape;
+char escapechar = '~';
+
+struct winsize winsize;
+
+int parent, rcvcnt;
+char rcvbuf[8 * 1024];
+
+int child;
+
+static void
+echo(char c)
+{
+ char *p;
+ char buf[8];
+
+ p = buf;
+ c &= 0177;
+ *p++ = escapechar;
+ if (c < ' ') {
+ *p++ = '^';
+ *p++ = c + '@';
+ } else if (c == 0177) {
+ *p++ = '^';
+ *p++ = '?';
+ } else
+ *p++ = c;
+ *p++ = '\r';
+ *p++ = '\n';
+ write(STDOUT_FILENO, buf, p - buf);
+}
+
+static void
+mode(int f)
+{
+ struct termios tty;
+
+ switch (f) {
+ case 0:
+ tcsetattr(0, TCSANOW, &deftty);
+ break;
+ case 1:
+ tcgetattr(0, &deftty);
+ tty = deftty;
+ /* This is loosely derived from sys/compat/tty_compat.c. */
+ tty.c_lflag &= ~(ECHO|ICANON|ISIG|IEXTEN);
+ tty.c_iflag &= ~ICRNL;
+ tty.c_oflag &= ~OPOST;
+ tty.c_cc[VMIN] = 1;
+ tty.c_cc[VTIME] = 0;
+ if (eight) {
+ tty.c_iflag &= IXOFF;
+ tty.c_cflag &= ~(CSIZE|PARENB);
+ tty.c_cflag |= CS8;
+ }
+ tcsetattr(0, TCSANOW, &tty);
+ break;
+ default:
+ return;
+ }
+}
+
+static void
+done(int status)
+{
+ int w, wstatus;
+
+ mode(0);
+ if (child > 0) {
+ /* make sure catch_child does not snap it up */
+ signal(SIGCHLD, SIG_DFL);
+ if (kill(child, SIGKILL) >= 0)
+ while ((w = wait(&wstatus)) > 0 && w != child);
+ }
+ exit(status);
+}
+
+static
+RETSIGTYPE
+catch_child(int foo)
+{
+ int status;
+ int pid;
+
+ for (;;) {
+ pid = waitpid(-1, &status, WNOHANG|WUNTRACED);
+ if (pid == 0)
+ return;
+ /* if the child (reader) dies, just quit */
+ if (pid < 0 || (pid == child && !WIFSTOPPED(status)))
+ done(WTERMSIG(status) | WEXITSTATUS(status));
+ }
+ /* NOTREACHED */
+}
+
+/*
+ * There is a race in the SunOS5 rlogind. If the slave end has not yet
+ * been opened by the child when setting tty size the size is reset to
+ * zero when the child opens it. Therefore we send the window update
+ * twice.
+ */
+
+static int tty_kludge = 1;
+
+/* Return the number of OOB bytes processed. */
+static int
+oob_real(void)
+{
+ struct termios tty;
+ int atmark, n, out, rcvd;
+ char waste[BUFSIZ], mark;
+
+ out = O_RDWR;
+ rcvd = 0;
+ if (recv(rem, &mark, 1, MSG_OOB) < 0) {
+ return -1;
+ }
+ if (mark & TIOCPKT_WINDOW) {
+ /* Let server know about window size changes */
+ kill(parent, SIGUSR1);
+ } else if (tty_kludge) {
+ /* Let server know about window size changes */
+ kill(parent, SIGUSR1);
+ tty_kludge = 0;
+ }
+ if (!eight && (mark & TIOCPKT_NOSTOP)) {
+ tcgetattr(0, &tty);
+ tty.c_iflag &= ~IXON;
+ tcsetattr(0, TCSANOW, &tty);
+ }
+ if (!eight && (mark & TIOCPKT_DOSTOP)) {
+ tcgetattr(0, &tty);
+ tty.c_iflag |= (deftty.c_iflag & IXON);
+ tcsetattr(0, TCSANOW, &tty);
+ }
+ if (mark & TIOCPKT_FLUSHWRITE) {
+#ifdef TCOFLUSH
+ tcflush(1, TCOFLUSH);
+#else
+ ioctl(1, TIOCFLUSH, (char *)&out);
+#endif
+ for (;;) {
+ if (ioctl(rem, SIOCATMARK, &atmark) < 0) {
+ warn("ioctl");
+ break;
+ }
+ if (atmark)
+ break;
+ n = read(rem, waste, sizeof (waste));
+ if (n <= 0)
+ break;
+ }
+ /*
+ * Don't want any pending data to be output, so clear the recv
+ * buffer. If we were hanging on a write when interrupted,
+ * don't want it to restart. If we were reading, restart
+ * anyway.
+ */
+ rcvcnt = 0;
+ }
+
+ /* oob does not do FLUSHREAD (alas!) */
+ return 1;
+}
+
+/* reader: read from remote: line -> 1 */
+static int
+reader(void)
+{
+ int n, remaining;
+ char *bufp;
+ int kludgep = 1;
+
+ bufp = rcvbuf;
+ for (;;) {
+ fd_set readfds, exceptfds;
+ while ((remaining = rcvcnt - (bufp - rcvbuf)) > 0) {
+ n = write(STDOUT_FILENO, bufp, remaining);
+ if (n < 0) {
+ if (errno != EINTR)
+ return (-1);
+ continue;
+ }
+ bufp += n;
+ }
+ bufp = rcvbuf;
+ rcvcnt = 0;
+
+ FD_ZERO (&readfds);
+ FD_SET (rem, &readfds);
+ FD_ZERO (&exceptfds);
+ if (kludgep)
+ FD_SET (rem, &exceptfds);
+ if (select(rem+1, &readfds, 0, &exceptfds, 0) == -1) {
+ if (errno == EINTR)
+ continue; /* Got signal */
+ else
+ errx(1, "select failed mysteriously");
+ }
+
+ if (!FD_ISSET(rem, &exceptfds) && !FD_ISSET(rem, &readfds)) {
+ warnx("select: nothing to read?");
+ continue;
+ }
+
+ if (FD_ISSET(rem, &exceptfds)) {
+ int foo = oob_real ();
+ if (foo >= 1)
+ continue; /* First check if there is more OOB data. */
+ else if (foo < 0)
+ kludgep = 0;
+ }
+
+ if (!FD_ISSET(rem, &readfds))
+ continue; /* Nothing to read. */
+
+ kludgep = 1;
+#ifndef NOENCRYPTION
+ if (doencrypt)
+ rcvcnt = des_enc_read(rem, rcvbuf,
+ sizeof(rcvbuf),
+ schedule, &cred.session);
+ else
+#endif
+ rcvcnt = read(rem, rcvbuf, sizeof (rcvbuf));
+ if (rcvcnt == 0)
+ return (0);
+ if (rcvcnt < 0) {
+ if (errno == EINTR)
+ continue;
+ warn("read");
+ return (-1);
+ }
+ }
+}
+
+/*
+ * Send the window size to the server via the magic escape
+ */
+static void
+sendwindow(void)
+{
+ char obuf[4 + 4 * sizeof (u_int16_t)];
+ unsigned short *p;
+
+ p = (u_int16_t *)(obuf + 4);
+ obuf[0] = 0377;
+ obuf[1] = 0377;
+ obuf[2] = 's';
+ obuf[3] = 's';
+ *p++ = htons(winsize.ws_row);
+ *p++ = htons(winsize.ws_col);
+#ifdef HAVE_WS_XPIXEL
+ *p++ = htons(winsize.ws_xpixel);
+#else
+ *p++ = htons(0);
+#endif
+#ifdef HAVE_WS_YPIXEL
+ *p++ = htons(winsize.ws_ypixel);
+#else
+ *p++ = htons(0);
+#endif
+
+#ifndef NOENCRYPTION
+ if(doencrypt)
+ des_enc_write(rem, obuf, sizeof(obuf), schedule,
+ &cred.session);
+ else
+#endif
+ write(rem, obuf, sizeof(obuf));
+}
+
+static
+RETSIGTYPE
+sigwinch(int foo)
+{
+ struct winsize ws;
+
+ if (get_window_size(0, &ws) == 0 &&
+ memcmp(&ws, &winsize, sizeof(ws))) {
+ winsize = ws;
+ sendwindow();
+ }
+}
+
+static void
+stop(int all)
+{
+ mode(0);
+ signal(SIGCHLD, SIG_IGN);
+ kill(all ? 0 : getpid(), SIGTSTP);
+ signal(SIGCHLD, catch_child);
+ mode(1);
+#ifdef SIGWINCH
+ kill(SIGWINCH, getpid()); /* check for size changes, if caught */
+#endif
+}
+
+/*
+ * writer: write to remote: 0 -> line.
+ * ~. terminate
+ * ~^Z suspend rlogin process.
+ * ~<delayed-suspend char> suspend rlogin process, but leave reader alone.
+ */
+static void
+writer(void)
+{
+ int bol, local, n;
+ char c;
+
+ bol = 1; /* beginning of line */
+ local = 0;
+ for (;;) {
+ n = read(STDIN_FILENO, &c, 1);
+ if (n <= 0) {
+ if (n < 0 && errno == EINTR)
+ continue;
+ break;
+ }
+ /*
+ * If we're at the beginning of the line and recognize a
+ * command character, then we echo locally. Otherwise,
+ * characters are echo'd remotely. If the command character
+ * is doubled, this acts as a force and local echo is
+ * suppressed.
+ */
+ if (bol) {
+ bol = 0;
+ if (!noescape && c == escapechar) {
+ local = 1;
+ continue;
+ }
+ } else if (local) {
+ local = 0;
+ if (c == '.' || CCEQ(deftty.c_cc[VEOF], c)) {
+ echo(c);
+ break;
+ }
+ if (CCEQ(deftty.c_cc[VSUSP], c)) {
+ bol = 1;
+ echo(c);
+ stop(1);
+ continue;
+ }
+#ifdef VDSUSP
+ /* Is VDSUSP called something else on Linux?
+ * Perhaps VDELAY is a better thing? */
+ if (CCEQ(deftty.c_cc[VDSUSP], c)) {
+ bol = 1;
+ echo(c);
+ stop(0);
+ continue;
+ }
+#endif /* VDSUSP */
+ if (c != escapechar)
+#ifndef NOENCRYPTION
+ if (doencrypt)
+ des_enc_write(rem, &escapechar,1, schedule, &cred.session);
+ else
+#endif
+ write(rem, &escapechar, 1);
+ }
+
+ if (doencrypt) {
+#ifdef NOENCRYPTION
+ if (write(rem, &c, 1) == 0) {
+#else
+ if (des_enc_write(rem, &c, 1, schedule, &cred.session) == 0) {
+#endif
+ warnx("line gone");
+ break;
+ }
+ } else
+ if (write(rem, &c, 1) == 0) {
+ warnx("line gone");
+ break;
+ }
+ bol = CCEQ(deftty.c_cc[VKILL], c) ||
+ CCEQ(deftty.c_cc[VEOF], c) ||
+ CCEQ(deftty.c_cc[VINTR], c) ||
+ CCEQ(deftty.c_cc[VSUSP], c) ||
+ c == '\r' || c == '\n';
+ }
+}
+
+static
+RETSIGTYPE
+lostpeer(int foo)
+{
+ signal(SIGPIPE, SIG_IGN);
+ warnx("\aconnection closed.\r");
+ done(1);
+}
+
+/*
+ * This is called in the parent when the reader process gets the
+ * out-of-band (urgent) request to turn on the window-changing
+ * protocol. It is signalled from the child(reader).
+ */
+static
+RETSIGTYPE
+sigusr1(int foo)
+{
+ /*
+ * Now we now daemon supports winsize hack,
+ */
+ sendwindow();
+#ifdef SIGWINCH
+ signal(SIGWINCH, sigwinch); /* so we start to support it */
+#endif
+ SIGRETURN(0);
+}
+
+static void
+doit(void)
+{
+ signal(SIGINT, SIG_IGN);
+ signal(SIGHUP, SIG_IGN);
+ signal(SIGQUIT, SIG_IGN);
+
+ signal(SIGCHLD, catch_child);
+
+ /*
+ * Child sends parent this signal for window size hack.
+ */
+ signal(SIGUSR1, sigusr1);
+
+ signal(SIGPIPE, lostpeer);
+
+ mode(1);
+ parent = getpid();
+ child = fork();
+ if (child == -1) {
+ warn("fork");
+ done(1);
+ }
+ if (child == 0) {
+ signal(SIGCHLD, SIG_IGN);
+ signal(SIGTTOU, SIG_IGN);
+ if (reader() == 0)
+ errx(1, "connection closed.\r");
+ sleep(1);
+ errx(1, "\aconnection closed.\r");
+ }
+
+ writer();
+ warnx("closed connection.\r");
+ done(0);
+}
+
+static void
+usage(void)
+{
+ fprintf(stderr,
+ "usage: rlogin [ -%s]%s[-e char] [ -l username ] host\n",
+ "8DEKLdx", " [-k realm] ");
+ exit(1);
+}
+
+static u_int
+getescape(char *p)
+{
+ long val;
+ int len;
+
+ if ((len = strlen(p)) == 1) /* use any single char, including '\' */
+ return ((u_int)*p);
+ /* otherwise, \nnn */
+ if (*p == '\\' && len >= 2 && len <= 4) {
+ val = strtol(++p, NULL, 8);
+ for (;;) {
+ if (!*++p)
+ return ((u_int)val);
+ if (*p < '0' || *p > '8')
+ break;
+ }
+ }
+ warnx("illegal option value -- e");
+ usage();
+ return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+ struct passwd *pw;
+ int sv_port, user_port = 0;
+ int argoff, ch, dflag, Dflag, one, uid;
+ char *host, *user, term[1024];
+
+ argoff = dflag = Dflag = 0;
+ one = 1;
+ host = user = NULL;
+
+ set_progname(argv[0]);
+
+ /* handle "rlogin host flags" */
+ if (argc > 2 && argv[1][0] != '-') {
+ host = argv[1];
+ argoff = 1;
+ }
+
+#define OPTIONS "8DEKLde:k:l:xp:"
+ while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != EOF)
+ switch(ch) {
+ case '8':
+ eight = 1;
+ break;
+ case 'D':
+ Dflag = 1;
+ break;
+ case 'E':
+ noescape = 1;
+ break;
+ case 'K':
+ use_kerberos = 0;
+ break;
+ case 'd':
+ dflag = 1;
+ break;
+ case 'e':
+ noescape = 0;
+ escapechar = getescape(optarg);
+ break;
+ case 'k':
+ dest_realm = dst_realm_buf;
+ strncpy(dest_realm, optarg, REALM_SZ);
+ break;
+ case 'l':
+ user = optarg;
+ break;
+ case 'x':
+ doencrypt = 1;
+ break;
+ case 'p':
+ user_port = htons(atoi(optarg));
+ break;
+ case '?':
+ default:
+ usage();
+ }
+ optind += argoff;
+ argc -= optind;
+ argv += optind;
+
+ /* if haven't gotten a host yet, do so */
+ if (!host && !(host = *argv++))
+ usage();
+
+ if (*argv)
+ usage();
+
+ if (!(pw = k_getpwuid(uid = getuid())))
+ errx(1, "unknown user id.");
+ if (!user)
+ user = pw->pw_name;
+
+
+ if (user_port)
+ sv_port = user_port;
+ else
+ sv_port = get_login_port(use_kerberos, doencrypt);
+
+ {
+ char *p = getenv("TERM");
+ struct termios tty;
+ int i;
+
+ if (p == NULL)
+ p = "network";
+
+ if (tcgetattr(0, &tty) == 0
+ && (i = speed_t2int (cfgetospeed(&tty))) > 0)
+ snprintf (term, sizeof(term),
+ "%s/%d",
+ p, i);
+ else
+ snprintf (term, sizeof(term),
+ "%s",
+ p);
+ }
+
+ get_window_size(0, &winsize);
+
+ try_connect:
+ if (use_kerberos) {
+ struct hostent *hp;
+
+ /* Fully qualify hostname (needed for krb_realmofhost). */
+ hp = gethostbyname(host);
+ if (hp != NULL && !(host = strdup(hp->h_name))) {
+ errno = ENOMEM;
+ err(1, NULL);
+ }
+
+ rem = KSUCCESS;
+ errno = 0;
+ if (dest_realm == NULL)
+ dest_realm = krb_realmofhost(host);
+
+ if (doencrypt)
+ rem = krcmd_mutual(&host, sv_port, user, term, 0,
+ dest_realm, &cred, schedule);
+ else
+ rem = krcmd(&host, sv_port, user, term, 0,
+ dest_realm);
+ if (rem < 0) {
+ use_kerberos = 0;
+ if (user_port == 0)
+ sv_port = get_login_port(use_kerberos,
+ doencrypt);
+ if (errno == ECONNREFUSED)
+ warning("remote host doesn't support Kerberos");
+ if (errno == ENOENT)
+ warning("can't provide Kerberos auth data");
+ goto try_connect;
+ }
+ } else {
+ if (doencrypt)
+ errx(1, "the -x flag requires Kerberos authentication.");
+ if (geteuid() != 0)
+ errx(1, "not installed setuid root, "
+ "only root may use non kerberized rlogin");
+ rem = rcmd(&host, sv_port, pw->pw_name, user, term, 0);
+ }
+
+ if (rem < 0)
+ exit(1);
+
+#ifdef HAVE_SETSOCKOPT
+#ifdef SO_DEBUG
+ if (dflag &&
+ setsockopt(rem, SOL_SOCKET, SO_DEBUG, (void *)&one,
+ sizeof(one)) < 0)
+ warn("setsockopt");
+#endif
+#ifdef TCP_NODELAY
+ if (Dflag &&
+ setsockopt(rem, IPPROTO_TCP, TCP_NODELAY, (void *)&one,
+ sizeof(one)) < 0)
+ warn("setsockopt(TCP_NODELAY)");
+#endif
+#ifdef IP_TOS
+ one = IPTOS_LOWDELAY;
+ if (setsockopt(rem, IPPROTO_IP, IP_TOS, (void *)&one, sizeof(int)) < 0)
+ warn("setsockopt(IP_TOS)");
+#endif /* IP_TOS */
+#endif /* HAVE_SETSOCKOPT */
+
+ setuid(uid);
+ doit();
+ return 0;
+}
diff --git a/crypto/kerberosIV/appl/bsd/rlogind.c b/crypto/kerberosIV/appl/bsd/rlogind.c
new file mode 100644
index 0000000..c5d80774
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/rlogind.c
@@ -0,0 +1,934 @@
+/*-
+ * Copyright (c) 1983, 1988, 1989, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * remote login server:
+ * \0
+ * remuser\0
+ * locuser\0
+ * terminal_type/speed\0
+ * data
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: rlogind.c,v 1.100 1997/05/25 01:15:20 assar Exp $");
+
+extern int __check_rhosts_file;
+
+char *INSECURE_MESSAGE =
+"\r\n*** Connection not encrypted! Communication may be eavesdropped. ***"
+"\r\n*** Use telnet or rlogin -x instead! ***\r\n";
+
+#ifndef NOENCRYPTION
+char *SECURE_MESSAGE =
+"This rlogin session is using DES encryption for all transmissions.\r\n";
+#else
+#define SECURE_MESSAGE INSECURE_MESSAGE
+#endif
+
+AUTH_DAT *kdata;
+KTEXT ticket;
+u_char auth_buf[sizeof(AUTH_DAT)];
+u_char tick_buf[sizeof(KTEXT_ST)];
+Key_schedule schedule;
+int doencrypt, retval, use_kerberos, vacuous;
+
+#define ARGSTR "Daip:lnkvxL:"
+
+char *env[2];
+#define NMAX 30
+char lusername[NMAX+1], rusername[NMAX+1];
+static char term[64] = "TERM=";
+#define ENVSIZE (sizeof("TERM=")-1) /* skip null for concatenation */
+int keepalive = 1;
+int check_all = 0;
+int no_delay = 0;
+
+struct passwd *pwd;
+
+static const char *new_login = _PATH_LOGIN;
+
+static void doit (int, struct sockaddr_in *);
+static int control (int, char *, int);
+static void protocol (int, int);
+static RETSIGTYPE cleanup (int);
+void fatal (int, const char *, int);
+static int do_rlogin (struct sockaddr_in *);
+static void setup_term (int);
+static int do_krb_login (struct sockaddr_in *);
+static void usage (void);
+
+static int
+readstream(int p, char *ibuf, int bufsize)
+{
+#ifndef HAVE_GETMSG
+ return read(p, ibuf, bufsize);
+#else
+ static int flowison = -1; /* current state of flow: -1 is unknown */
+ static struct strbuf strbufc, strbufd;
+ static unsigned char ctlbuf[BUFSIZ];
+ static int use_read = 1;
+
+ int flags = 0;
+ int ret;
+ struct termios tsp;
+
+ struct iocblk ip;
+ char vstop, vstart;
+ int ixon;
+ int newflow;
+
+ if (use_read)
+ {
+ ret = read(p, ibuf, bufsize);
+ if (ret < 0 && errno == EBADMSG)
+ use_read = 0;
+ else
+ return ret;
+ }
+
+ strbufc.maxlen = BUFSIZ;
+ strbufc.buf = (char *)ctlbuf;
+ strbufd.maxlen = bufsize-1;
+ strbufd.len = 0;
+ strbufd.buf = ibuf+1;
+ ibuf[0] = 0;
+
+ ret = getmsg(p, &strbufc, &strbufd, &flags);
+ if (ret < 0) /* error of some sort -- probably EAGAIN */
+ return(-1);
+
+ if (strbufc.len <= 0 || ctlbuf[0] == M_DATA) {
+ /* data message */
+ if (strbufd.len > 0) { /* real data */
+ return(strbufd.len + 1); /* count header char */
+ } else {
+ /* nothing there */
+ errno = EAGAIN;
+ return(-1);
+ }
+ }
+
+ /*
+ * It's a control message. Return 1, to look at the flag we set
+ */
+
+ switch (ctlbuf[0]) {
+ case M_FLUSH:
+ if (ibuf[1] & FLUSHW)
+ ibuf[0] = TIOCPKT_FLUSHWRITE;
+ return(1);
+
+ case M_IOCTL:
+ memcpy(&ip, (ibuf+1), sizeof(ip));
+
+ switch (ip.ioc_cmd) {
+#ifdef TCSETS
+ case TCSETS:
+ case TCSETSW:
+ case TCSETSF:
+ memcpy(&tsp,
+ (ibuf+1 + sizeof(struct iocblk)),
+ sizeof(tsp));
+ vstop = tsp.c_cc[VSTOP];
+ vstart = tsp.c_cc[VSTART];
+ ixon = tsp.c_iflag & IXON;
+ break;
+#endif
+ default:
+ errno = EAGAIN;
+ return(-1);
+ }
+
+ newflow = (ixon && (vstart == 021) && (vstop == 023)) ? 1 : 0;
+ if (newflow != flowison) { /* it's a change */
+ flowison = newflow;
+ ibuf[0] = newflow ? TIOCPKT_DOSTOP : TIOCPKT_NOSTOP;
+ return(1);
+ }
+ }
+
+ /* nothing worth doing anything about */
+ errno = EAGAIN;
+ return(-1);
+#endif
+}
+
+#ifdef HAVE_UTMPX_H
+static int
+logout(const char *line)
+{
+ struct utmpx utmpx, *utxp;
+ int ret = 1;
+
+ setutxent ();
+ memset(&utmpx, 0, sizeof(utmpx));
+ utmpx.ut_type = USER_PROCESS;
+ strncpy(utmpx.ut_line, line, sizeof(utmpx.ut_line));
+ utxp = getutxline(&utmpx);
+ if (utxp) {
+ strcpy(utxp->ut_user, "");
+ utxp->ut_type = DEAD_PROCESS;
+#ifdef _STRUCT___EXIT_STATUS
+ utxp->ut_exit.__e_termination = 0;
+ utxp->ut_exit.__e_exit = 0;
+#elif defined(__osf__) /* XXX */
+ utxp->ut_exit.ut_termination = 0;
+ utxp->ut_exit.ut_exit = 0;
+#else
+ utxp->ut_exit.e_termination = 0;
+ utxp->ut_exit.e_exit = 0;
+#endif
+ gettimeofday(&utxp->ut_tv, NULL);
+ pututxline(utxp);
+#ifdef WTMPX_FILE
+ updwtmpx(WTMPX_FILE, utxp);
+#else
+ ret = 0;
+#endif
+ }
+ endutxent();
+ return ret;
+}
+#else
+static int
+logout(const char *line)
+{
+ FILE *fp;
+ struct utmp ut;
+ int rval;
+
+ if (!(fp = fopen(_PATH_UTMP, "r+")))
+ return(0);
+ rval = 1;
+ while (fread(&ut, sizeof(struct utmp), 1, fp) == 1) {
+ if (!ut.ut_name[0] ||
+ strncmp(ut.ut_line, line, sizeof(ut.ut_line)))
+ continue;
+ memset(ut.ut_name, 0, sizeof(ut.ut_name));
+#ifdef HAVE_UT_HOST
+ memset(ut.ut_host, 0, sizeof(ut.ut_host));
+#endif
+ time(&ut.ut_time);
+ fseek(fp, (long)-sizeof(struct utmp), SEEK_CUR);
+ fwrite(&ut, sizeof(struct utmp), 1, fp);
+ fseek(fp, (long)0, SEEK_CUR);
+ rval = 0;
+ }
+ fclose(fp);
+ return(rval);
+}
+#endif
+
+#ifndef HAVE_LOGWTMP
+static void
+logwtmp(const char *line, const char *name, const char *host)
+{
+ struct utmp ut;
+ struct stat buf;
+ int fd;
+
+ memset (&ut, 0, sizeof(ut));
+ if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) < 0)
+ return;
+ if (!fstat(fd, &buf)) {
+ strncpy(ut.ut_line, line, sizeof(ut.ut_line));
+ strncpy(ut.ut_name, name, sizeof(ut.ut_name));
+#ifdef HAVE_UT_HOST
+ strncpy(ut.ut_host, host, sizeof(ut.ut_host));
+#endif
+#ifdef HAVE_UT_PID
+ ut.ut_pid = getpid();
+#endif
+#ifdef HAVE_UT_TYPE
+ if(name[0])
+ ut.ut_type = USER_PROCESS;
+ else
+ ut.ut_type = DEAD_PROCESS;
+#endif
+ time(&ut.ut_time);
+ if (write(fd, &ut, sizeof(struct utmp)) !=
+ sizeof(struct utmp))
+ ftruncate(fd, buf.st_size);
+ }
+ close(fd);
+}
+#endif
+
+int
+main(int argc, char **argv)
+{
+ struct sockaddr_in from;
+ int ch, fromlen, on;
+ int interactive = 0;
+ int portnum = 0;
+
+ set_progname(argv[0]);
+
+ openlog("rlogind", LOG_PID | LOG_CONS, LOG_AUTH);
+
+ opterr = 0;
+ while ((ch = getopt(argc, argv, ARGSTR)) != EOF)
+ switch (ch) {
+ case 'D':
+ no_delay = 1;
+ break;
+ case 'a':
+ break;
+ case 'i':
+ interactive = 1;
+ break;
+ case 'p':
+ portnum = htons(atoi(optarg));
+ break;
+ case 'l':
+ __check_rhosts_file = 0;
+ break;
+ case 'n':
+ keepalive = 0;
+ break;
+ case 'k':
+ use_kerberos = 1;
+ break;
+ case 'v':
+ vacuous = 1;
+ break;
+ case 'x':
+ doencrypt = 1;
+ break;
+ case 'L':
+ new_login = optarg;
+ break;
+ case '?':
+ default:
+ usage();
+ break;
+ }
+ argc -= optind;
+ argv += optind;
+
+ if (use_kerberos && vacuous) {
+ usage();
+ fatal(STDERR_FILENO, "only one of -k and -v allowed", 0);
+ }
+ if (interactive) {
+ if(portnum == 0)
+ portnum = get_login_port (use_kerberos, doencrypt);
+ mini_inetd (portnum);
+ }
+
+ fromlen = sizeof (from);
+ if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
+ syslog(LOG_ERR,"Can't get peer name of remote host: %m");
+ fatal(STDERR_FILENO, "Can't get peer name of remote host", 1);
+ }
+ on = 1;
+#ifdef HAVE_SETSOCKOPT
+#ifdef SO_KEEPALIVE
+ if (keepalive &&
+ setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
+ sizeof (on)) < 0)
+ syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
+#endif
+#ifdef TCP_NODELAY
+ if (no_delay &&
+ setsockopt(0, IPPROTO_TCP, TCP_NODELAY, (void *)&on,
+ sizeof(on)) < 0)
+ syslog(LOG_WARNING, "setsockopt (TCP_NODELAY): %m");
+#endif
+
+#ifdef IP_TOS
+ on = IPTOS_LOWDELAY;
+ if (setsockopt(0, IPPROTO_IP, IP_TOS, (void *)&on, sizeof(int)) < 0)
+ syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
+#endif
+#endif /* HAVE_SETSOCKOPT */
+ doit(0, &from);
+ return 0;
+}
+
+int child;
+int netf;
+char line[MaxPathLen];
+int confirmed;
+
+struct winsize win = { 0, 0, 0, 0 };
+
+
+static void
+doit(int f, struct sockaddr_in *fromp)
+{
+ int master, pid, on = 1;
+ int authenticated = 0;
+ char hostname[2 * MaxHostNameLen + 1];
+ char c;
+
+ alarm(60);
+ read(f, &c, 1);
+
+ if (c != 0)
+ exit(1);
+ if (vacuous)
+ fatal(f, "Remote host requires Kerberos authentication", 0);
+
+ alarm(0);
+ inaddr2str (fromp->sin_addr, hostname, sizeof(hostname));
+
+ if (use_kerberos) {
+ retval = do_krb_login(fromp);
+ if (retval == 0)
+ authenticated++;
+ else if (retval > 0)
+ fatal(f, krb_get_err_text(retval), 0);
+ write(f, &c, 1);
+ confirmed = 1; /* we sent the null! */
+ } else {
+ fromp->sin_port = ntohs((u_short)fromp->sin_port);
+ if (fromp->sin_family != AF_INET ||
+ fromp->sin_port >= IPPORT_RESERVED ||
+ fromp->sin_port < IPPORT_RESERVED/2) {
+ syslog(LOG_NOTICE, "Connection from %s on illegal port",
+ inet_ntoa(fromp->sin_addr));
+ fatal(f, "Permission denied", 0);
+ }
+ ip_options_and_die (0, fromp);
+ if (do_rlogin(fromp) == 0)
+ authenticated++;
+ }
+ if (confirmed == 0) {
+ write(f, "", 1);
+ confirmed = 1; /* we sent the null! */
+ }
+#ifndef NOENCRYPTION
+ if (doencrypt)
+ des_enc_write(f, SECURE_MESSAGE,
+ strlen(SECURE_MESSAGE),
+ schedule, &kdata->session);
+ else
+#endif
+ write(f, INSECURE_MESSAGE, strlen(INSECURE_MESSAGE));
+ netf = f;
+
+ pid = forkpty(&master, line, NULL, NULL);
+ if (pid < 0) {
+ if (errno == ENOENT)
+ fatal(f, "Out of ptys", 0);
+ else
+ fatal(f, "Forkpty", 1);
+ }
+ if (pid == 0) {
+ if (f > 2) /* f should always be 0, but... */
+ close(f);
+ setup_term(0);
+ if (lusername[0] == '-'){
+ syslog(LOG_ERR, "tried to pass user \"%s\" to login",
+ lusername);
+ fatal(STDERR_FILENO, "invalid user", 0);
+ }
+ if (authenticated) {
+ if (use_kerberos && (pwd->pw_uid == 0))
+ syslog(LOG_INFO|LOG_AUTH,
+ "ROOT Kerberos login from %s on %s\n",
+ krb_unparse_name_long(kdata->pname,
+ kdata->pinst,
+ kdata->prealm),
+ hostname);
+
+ execl(new_login, "login", "-p",
+ "-h", hostname, "-f", "--", lusername, 0);
+ } else
+ execl(new_login, "login", "-p",
+ "-h", hostname, "--", lusername, 0);
+ fatal(STDERR_FILENO, new_login, 1);
+ /*NOTREACHED*/
+ }
+ /*
+ * If encrypted, don't turn on NBIO or the des read/write
+ * routines will croak.
+ */
+
+ if (!doencrypt)
+ ioctl(f, FIONBIO, &on);
+ ioctl(master, FIONBIO, &on);
+ ioctl(master, TIOCPKT, &on);
+ signal(SIGTSTP, SIG_IGN);
+ signal(SIGCHLD, cleanup);
+ setsid();
+ protocol(f, master);
+ signal(SIGCHLD, SIG_IGN);
+ cleanup(0);
+}
+
+const char magic[2] = { 0377, 0377 };
+
+/*
+ * Handle a "control" request (signaled by magic being present)
+ * in the data stream. For now, we are only willing to handle
+ * window size changes.
+ */
+static int
+control(int master, char *cp, int n)
+{
+ struct winsize w;
+ char *p;
+ u_int32_t tmp;
+
+ if (n < 4 + 4 * sizeof (u_int16_t) || cp[2] != 's' || cp[3] != 's')
+ return (0);
+#ifdef TIOCSWINSZ
+ p = cp + 4;
+ p += krb_get_int(p, &tmp, 2, 0);
+ w.ws_row = tmp;
+ p += krb_get_int(p, &tmp, 2, 0);
+ w.ws_col = tmp;
+
+ p += krb_get_int(p, &tmp, 2, 0);
+#ifdef HAVE_WS_XPIXEL
+ w.ws_xpixel = tmp;
+#endif
+ p += krb_get_int(p, &tmp, 2, 0);
+#ifdef HAVE_WS_YPIXEL
+ w.ws_ypixel = tmp;
+#endif
+ ioctl(master, TIOCSWINSZ, &w);
+#endif
+ return p - cp;
+}
+
+static
+void
+send_oob(int fd, char c)
+{
+ static char last_oob = 0xFF;
+
+#if (SunOS == 5) || defined(__hpux)
+ /*
+ * PSoriasis and HP-UX always send TIOCPKT_DOSTOP at startup so we
+ * can avoid sending OOB data and thus not break on Linux by merging
+ * TIOCPKT_DOSTOP into the first TIOCPKT_WINDOW.
+ */
+ static int oob_kludge = 2;
+ if (oob_kludge == 2)
+ {
+ oob_kludge--; /* First time send nothing */
+ return;
+ }
+ else if (oob_kludge == 1)
+ {
+ oob_kludge--; /* Second time merge TIOCPKT_WINDOW */
+ c |= TIOCPKT_WINDOW;
+ }
+#endif
+
+#define pkcontrol(c) ((c)&(TIOCPKT_FLUSHWRITE|TIOCPKT_NOSTOP|TIOCPKT_DOSTOP))
+ c = pkcontrol(c);
+ /* Multiple OOB data breaks on Linux, avoid it when possible. */
+ if (c != last_oob)
+ send(fd, &c, 1, MSG_OOB);
+ last_oob = c;
+}
+
+/*
+ * rlogin "protocol" machine.
+ */
+static void
+protocol(int f, int master)
+{
+ char pibuf[1024+1], fibuf[1024], *pbp, *fbp;
+ int pcc = 0, fcc = 0;
+ int cc, nfd, n;
+ char cntl;
+ unsigned char oob_queue = 0;
+
+ /*
+ * Must ignore SIGTTOU, otherwise we'll stop
+ * when we try and set slave pty's window shape
+ * (our controlling tty is the master pty).
+ */
+ signal(SIGTTOU, SIG_IGN);
+
+ send_oob(f, TIOCPKT_WINDOW); /* indicate new rlogin */
+
+ if (f > master)
+ nfd = f + 1;
+ else
+ nfd = master + 1;
+ if (nfd > FD_SETSIZE) {
+ syslog(LOG_ERR, "select mask too small, increase FD_SETSIZE");
+ fatal(f, "internal error (select mask too small)", 0);
+ }
+ for (;;) {
+ fd_set ibits, obits, ebits, *omask;
+
+ FD_ZERO(&ebits);
+ FD_ZERO(&ibits);
+ FD_ZERO(&obits);
+ omask = (fd_set *)NULL;
+ if (fcc) {
+ FD_SET(master, &obits);
+ omask = &obits;
+ } else
+ FD_SET(f, &ibits);
+ if (pcc >= 0)
+ if (pcc) {
+ FD_SET(f, &obits);
+ omask = &obits;
+ } else
+ FD_SET(master, &ibits);
+ FD_SET(master, &ebits);
+ if ((n = select(nfd, &ibits, omask, &ebits, 0)) < 0) {
+ if (errno == EINTR)
+ continue;
+ fatal(f, "select", 1);
+ }
+ if (n == 0) {
+ /* shouldn't happen... */
+ sleep(5);
+ continue;
+ }
+ if (FD_ISSET(master, &ebits)) {
+ cc = readstream(master, &cntl, 1);
+ if (cc == 1 && pkcontrol(cntl)) {
+#if 0 /* Kludge around */
+ send_oob(f, cntl);
+#endif
+ oob_queue = cntl;
+ if (cntl & TIOCPKT_FLUSHWRITE) {
+ pcc = 0;
+ FD_CLR(master, &ibits);
+ }
+ }
+ }
+ if (FD_ISSET(f, &ibits)) {
+#ifndef NOENCRYPTION
+ if (doencrypt)
+ fcc = des_enc_read(f, fibuf,
+ sizeof(fibuf),
+ schedule, &kdata->session);
+ else
+#endif
+ fcc = read(f, fibuf, sizeof(fibuf));
+ if (fcc < 0 && errno == EWOULDBLOCK)
+ fcc = 0;
+ else {
+ char *cp;
+ int left, n;
+
+ if (fcc <= 0)
+ break;
+ fbp = fibuf;
+
+ top:
+ for (cp = fibuf; cp < fibuf+fcc-1; cp++)
+ if (cp[0] == magic[0] &&
+ cp[1] == magic[1]) {
+ left = fcc - (cp-fibuf);
+ n = control(master, cp, left);
+ if (n) {
+ left -= n;
+ if (left > 0)
+ memmove(cp, cp+n, left);
+ fcc -= n;
+ goto top; /* n^2 */
+ }
+ }
+ FD_SET(master, &obits); /* try write */
+ }
+ }
+
+ if (FD_ISSET(master, &obits) && fcc > 0) {
+ cc = write(master, fbp, fcc);
+ if (cc > 0) {
+ fcc -= cc;
+ fbp += cc;
+ }
+ }
+
+ if (FD_ISSET(master, &ibits)) {
+ pcc = readstream(master, pibuf, sizeof (pibuf));
+ pbp = pibuf;
+ if (pcc < 0 && errno == EWOULDBLOCK)
+ pcc = 0;
+ else if (pcc <= 0)
+ break;
+ else if (pibuf[0] == 0) {
+ pbp++, pcc--;
+ if (!doencrypt)
+ FD_SET(f, &obits); /* try write */
+ } else {
+ if (pkcontrol(pibuf[0])) {
+ oob_queue = pibuf[0];
+#if 0 /* Kludge around */
+ send_oob(f, pibuf[0]);
+#endif
+ }
+ pcc = 0;
+ }
+ }
+ if ((FD_ISSET(f, &obits)) && pcc > 0) {
+#ifndef NOENCRYPTION
+ if (doencrypt)
+ cc = des_enc_write(f, pbp, pcc, schedule, &kdata->session);
+ else
+#endif
+ cc = write(f, pbp, pcc);
+ if (cc < 0 && errno == EWOULDBLOCK) {
+ /*
+ * This happens when we try write after read
+ * from p, but some old kernels balk at large
+ * writes even when select returns true.
+ */
+ if (!FD_ISSET(master, &ibits))
+ sleep(5);
+ continue;
+ }
+ if (cc > 0) {
+ pcc -= cc;
+ pbp += cc;
+ /* Only send urg data when normal data
+ * has just been sent.
+ * Linux has deep problems with more
+ * than one byte of OOB data.
+ */
+ if (oob_queue) {
+ send_oob (f, oob_queue);
+ oob_queue = 0;
+ }
+ }
+ }
+ }
+}
+
+static RETSIGTYPE
+cleanup(int signo)
+{
+ char *p = clean_ttyname (line);
+
+ if (logout(p) == 0)
+ logwtmp(p, "", "");
+ chmod(line, 0666);
+ chown(line, 0, 0);
+ *p = 'p';
+ chmod(line, 0666);
+ chown(line, 0, 0);
+ shutdown(netf, 2);
+ signal(SIGHUP, SIG_IGN);
+#ifdef HAVE_VHANGUP
+ vhangup();
+#endif /* HAVE_VHANGUP */
+ exit(1);
+}
+
+void
+fatal(int f, const char *msg, int syserr)
+{
+ int len;
+ char buf[BUFSIZ], *bp = buf;
+
+ /*
+ * Prepend binary one to message if we haven't sent
+ * the magic null as confirmation.
+ */
+ if (!confirmed)
+ *bp++ = '\01'; /* error indicator */
+ if (syserr)
+ snprintf(bp, sizeof(buf) - (bp - buf),
+ "rlogind: %s: %s.\r\n",
+ msg, strerror(errno));
+ else
+ snprintf(bp, sizeof(buf) - (bp - buf),
+ "rlogind: %s.\r\n", msg);
+ len = strlen(bp);
+#ifndef NOENCRYPTION
+ if (doencrypt)
+ des_enc_write(f, buf, bp + len - buf, schedule, &kdata->session);
+ else
+#endif
+ write(f, buf, bp + len - buf);
+ exit(1);
+}
+
+static void
+xgetstr(char *buf, int cnt, char *errmsg)
+{
+ char c;
+
+ do {
+ if (read(0, &c, 1) != 1)
+ exit(1);
+ if (--cnt < 0)
+ fatal(STDOUT_FILENO, errmsg, 0);
+ *buf++ = c;
+ } while (c != 0);
+}
+
+static int
+do_rlogin(struct sockaddr_in *dest)
+{
+ xgetstr(rusername, sizeof(rusername), "remuser too long");
+ xgetstr(lusername, sizeof(lusername), "locuser too long");
+ xgetstr(term+ENVSIZE, sizeof(term)-ENVSIZE, "Terminal type too long");
+
+ pwd = k_getpwnam(lusername);
+ if (pwd == NULL)
+ return (-1);
+ if (pwd->pw_uid == 0 && strcmp("root", lusername) != 0)
+ {
+ syslog(LOG_ALERT, "NIS attack, user %s has uid 0", lusername);
+ return (-1);
+ }
+ return (iruserok(dest->sin_addr.s_addr,
+ (pwd->pw_uid == 0),
+ rusername,
+ lusername));
+}
+
+static void
+setup_term(int fd)
+{
+ char *cp = strchr(term+ENVSIZE, '/');
+ char *speed;
+ struct termios tt;
+
+ tcgetattr(fd, &tt);
+ if (cp) {
+ int s;
+
+ *cp++ = '\0';
+ speed = cp;
+ cp = strchr(speed, '/');
+ if (cp)
+ *cp++ = '\0';
+ s = int2speed_t (atoi (speed));
+ if (s > 0) {
+ cfsetospeed (&tt, s);
+ cfsetispeed (&tt, s);
+ }
+ }
+
+ tt.c_iflag &= ~INPCK;
+ tt.c_iflag |= ICRNL|IXON;
+ tt.c_oflag |= OPOST|ONLCR;
+#ifdef TAB3
+ tt.c_oflag |= TAB3;
+#endif /* TAB3 */
+#ifdef ONLRET
+ tt.c_oflag &= ~ONLRET;
+#endif /* ONLRET */
+ tt.c_lflag |= (ECHO|ECHOE|ECHOK|ISIG|ICANON);
+ tt.c_cflag &= ~PARENB;
+ tt.c_cflag |= CS8;
+ tt.c_cc[VMIN] = 1;
+ tt.c_cc[VTIME] = 0;
+ tt.c_cc[VEOF] = CEOF;
+ tcsetattr(fd, TCSAFLUSH, &tt);
+
+ env[0] = term;
+ env[1] = 0;
+ environ = env;
+}
+
+#define VERSION_SIZE 9
+
+/*
+ * Do the remote kerberos login to the named host with the
+ * given inet address
+ *
+ * Return 0 on valid authorization
+ * Return -1 on valid authentication, no authorization
+ * Return >0 for error conditions
+ */
+static int
+do_krb_login(struct sockaddr_in *dest)
+{
+ int rc;
+ char instance[INST_SZ], version[VERSION_SIZE];
+ long authopts = 0L; /* !mutual */
+ struct sockaddr_in faddr;
+
+ kdata = (AUTH_DAT *) auth_buf;
+ ticket = (KTEXT) tick_buf;
+
+ k_getsockinst(0, instance, sizeof(instance));
+
+ if (doencrypt) {
+ rc = sizeof(faddr);
+ if (getsockname(0, (struct sockaddr *)&faddr, &rc))
+ return (-1);
+ authopts = KOPT_DO_MUTUAL;
+ rc = krb_recvauth(
+ authopts, 0,
+ ticket, "rcmd",
+ instance, dest, &faddr,
+ kdata, "", schedule, version);
+ des_set_key(&kdata->session, schedule);
+
+ } else
+ rc = krb_recvauth(
+ authopts, 0,
+ ticket, "rcmd",
+ instance, dest, (struct sockaddr_in *) 0,
+ kdata, "", 0, version);
+
+ if (rc != KSUCCESS)
+ return (rc);
+
+ xgetstr(lusername, sizeof(lusername), "locuser");
+ /* get the "cmd" in the rcmd protocol */
+ xgetstr(term+ENVSIZE, sizeof(term)-ENVSIZE, "Terminal type");
+
+ pwd = k_getpwnam(lusername);
+ if (pwd == NULL)
+ return (-1);
+ if (pwd->pw_uid == 0 && strcmp("root", lusername) != 0)
+ {
+ syslog(LOG_ALERT, "NIS attack, user %s has uid 0", lusername);
+ return (-1);
+ }
+
+ /* returns nonzero for no access */
+ if (kuserok(kdata, lusername) != 0)
+ return (-1);
+
+ return (0);
+
+}
+
+static void
+usage(void)
+{
+ syslog(LOG_ERR,
+ "usage: rlogind [-Dailn] [-p port] [-x] [-L login] [-k | -v]");
+ exit(1);
+}
diff --git a/crypto/kerberosIV/appl/bsd/rsh.c b/crypto/kerberosIV/appl/bsd/rsh.c
new file mode 100644
index 0000000..329ebf7
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/rsh.c
@@ -0,0 +1,353 @@
+/*-
+ * Copyright (c) 1983, 1990 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: rsh.c,v 1.35 1997/03/30 18:20:22 joda Exp $");
+
+CREDENTIALS cred;
+Key_schedule schedule;
+int use_kerberos = 1, doencrypt;
+char dst_realm_buf[REALM_SZ], *dest_realm;
+
+/*
+ * rsh - remote shell
+ */
+int rfd2;
+
+static void
+usage(void)
+{
+ fprintf(stderr,
+ "usage: rsh [-ndKx] [-k realm] [-l login] host [command]\n");
+ exit(1);
+}
+
+static char *
+copyargs(char **argv)
+{
+ int cc;
+ char **ap, *p;
+ char *args;
+
+ cc = 0;
+ for (ap = argv; *ap; ++ap)
+ cc += strlen(*ap) + 1;
+ if (!(args = malloc(cc)))
+ errx(1, "Out of memory.");
+ for (p = args, ap = argv; *ap; ++ap) {
+ strcpy(p, *ap);
+ for (p = strcpy(p, *ap); *p; ++p);
+ if (ap[1])
+ *p++ = ' ';
+ }
+ return(args);
+}
+
+static RETSIGTYPE
+sendsig(int signo_)
+{
+ char signo = signo_;
+#ifndef NOENCRYPTION
+ if (doencrypt)
+ des_enc_write(rfd2, &signo, 1, schedule, &cred.session);
+ else
+#endif
+ write(rfd2, &signo, 1);
+}
+
+static void
+talk(int nflag, sigset_t omask, int pid, int rem)
+{
+ int cc, wc;
+ char *bp;
+ fd_set readfrom, ready, rembits;
+ char buf[BUFSIZ];
+
+ if (pid == 0) {
+ if (nflag)
+ goto done;
+
+ close(rfd2);
+
+ reread: errno = 0;
+ if ((cc = read(0, buf, sizeof buf)) <= 0)
+ goto done;
+ bp = buf;
+
+ rewrite: FD_ZERO(&rembits);
+ FD_SET(rem, &rembits);
+ if (select(16, 0, &rembits, 0, 0) < 0) {
+ if (errno != EINTR)
+ err(1, "select");
+ goto rewrite;
+ }
+ if (!FD_ISSET(rem, &rembits))
+ goto rewrite;
+#ifndef NOENCRYPTION
+ if (doencrypt)
+ wc = des_enc_write(rem, bp, cc, schedule, &cred.session);
+ else
+#endif
+ wc = write(rem, bp, cc);
+ if (wc < 0) {
+ if (errno == EWOULDBLOCK)
+ goto rewrite;
+ goto done;
+ }
+ bp += wc;
+ cc -= wc;
+ if (cc == 0)
+ goto reread;
+ goto rewrite;
+ done:
+ shutdown(rem, 1);
+ exit(0);
+ }
+
+ if (sigprocmask(SIG_SETMASK, &omask, 0) != 0)
+ warn("sigprocmask");
+ FD_ZERO(&readfrom);
+ FD_SET(rem, &readfrom);
+ FD_SET(rfd2, &readfrom);
+ do {
+ ready = readfrom;
+ if (select(16, &ready, 0, 0, 0) < 0) {
+ if (errno != EINTR)
+ err(1, "select");
+ continue;
+ }
+ if (FD_ISSET(rfd2, &ready)) {
+ errno = 0;
+#ifndef NOENCRYPTION
+ if (doencrypt)
+ cc = des_enc_read(rfd2, buf, sizeof buf,
+ schedule, &cred.session);
+ else
+#endif
+ cc = read(rfd2, buf, sizeof buf);
+ if (cc <= 0) {
+ if (errno != EWOULDBLOCK)
+ FD_CLR(rfd2, &readfrom);
+ } else
+ write(2, buf, cc);
+ }
+ if (FD_ISSET(rem, &ready)) {
+ errno = 0;
+#ifndef NOENCRYPTION
+ if (doencrypt)
+ cc = des_enc_read(rem, buf, sizeof buf,
+ schedule, &cred.session);
+ else
+#endif
+ cc = read(rem, buf, sizeof buf);
+ if (cc <= 0) {
+ if (errno != EWOULDBLOCK)
+ FD_CLR(rem, &readfrom);
+ } else
+ write(1, buf, cc);
+ }
+ } while (FD_ISSET(rfd2, &readfrom) || FD_ISSET(rem, &readfrom));
+}
+
+int
+main(int argc, char **argv)
+{
+ struct passwd *pw;
+ int sv_port;
+ sigset_t omask;
+ int argoff, ch, dflag, nflag, nfork, one, pid, rem, uid;
+ char *args, *host, *user, *local_user;
+
+ argoff = dflag = nflag = nfork = 0;
+ one = 1;
+ host = user = NULL;
+ pid = 1;
+
+ set_progname(argv[0]);
+
+ /* handle "rsh host flags" */
+ if (!host && argc > 2 && argv[1][0] != '-') {
+ host = argv[1];
+ argoff = 1;
+ }
+
+#define OPTIONS "+8KLde:k:l:nwx"
+ while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != EOF)
+ switch(ch) {
+ case 'K':
+ use_kerberos = 0;
+ break;
+ case 'L': /* -8Lew are ignored to allow rlogin aliases */
+ case 'e':
+ case 'w':
+ case '8':
+ break;
+ case 'd':
+ dflag = 1;
+ break;
+ case 'l':
+ user = optarg;
+ break;
+ case 'k':
+ dest_realm = dst_realm_buf;
+ strncpy(dest_realm, optarg, REALM_SZ);
+ break;
+ case 'n':
+ nflag = nfork = 1;
+ break;
+ case 'x':
+ doencrypt = 1;
+ break;
+ case '?':
+ default:
+ usage();
+ }
+ optind += argoff;
+
+ /* if haven't gotten a host yet, do so */
+ if (!host && !(host = argv[optind++]))
+ usage();
+
+ /* if no further arguments, must have been called as rlogin. */
+ if (!argv[optind]) {
+ *argv = "rlogin";
+ setuid(getuid());
+ execv(_PATH_RLOGIN, argv);
+ err(1, "can't exec %s", _PATH_RLOGIN);
+ }
+
+ argc -= optind;
+ argv += optind;
+
+#ifndef __CYGWIN32__
+ if (!(pw = k_getpwuid(uid = getuid())))
+ errx(1, "unknown user id.");
+ local_user = pw->pw_name;
+ if (!user)
+ user = local_user;
+#else
+ if (!user)
+ errx(1, "Sorry, you need to specify the username (with -l)");
+ local_user = user;
+#endif
+
+ /* -n must still fork but does not turn of the -n functionality */
+ if (doencrypt)
+ nfork = 0;
+
+ args = copyargs(argv);
+
+ sv_port=get_shell_port(use_kerberos, doencrypt);
+
+try_connect:
+ if (use_kerberos) {
+ rem = KSUCCESS;
+ errno = 0;
+ if (dest_realm == NULL)
+ dest_realm = krb_realmofhost(host);
+
+ if (doencrypt)
+ rem = krcmd_mutual(&host, sv_port, user, args,
+ &rfd2, dest_realm, &cred, schedule);
+ else
+ rem = krcmd(&host, sv_port, user, args, &rfd2,
+ dest_realm);
+ if (rem < 0) {
+ if (errno == ECONNREFUSED)
+ warning("remote host doesn't support Kerberos");
+ if (errno == ENOENT)
+ warning("can't provide Kerberos auth data");
+ use_kerberos = 0;
+ sv_port=get_shell_port(use_kerberos, doencrypt);
+ goto try_connect;
+ }
+ } else {
+ if (doencrypt)
+ errx(1, "the -x flag requires Kerberos authentication.");
+ if (geteuid() != 0)
+ errx(1, "not installed setuid root, "
+ "only root may use non kerberized rsh");
+ rem = rcmd(&host, sv_port, local_user, user, args, &rfd2);
+ }
+
+ if (rem < 0)
+ exit(1);
+
+ if (rfd2 < 0)
+ errx(1, "can't establish stderr.");
+#if defined(SO_DEBUG) && defined(HAVE_SETSOCKOPT)
+ if (dflag) {
+ if (setsockopt(rem, SOL_SOCKET, SO_DEBUG, (void *)&one,
+ sizeof(one)) < 0)
+ warn("setsockopt");
+ if (setsockopt(rfd2, SOL_SOCKET, SO_DEBUG, (void *)&one,
+ sizeof(one)) < 0)
+ warn("setsockopt");
+ }
+#endif
+
+ setuid(uid);
+ {
+ sigset_t sigmsk;
+ sigemptyset(&sigmsk);
+ sigaddset(&sigmsk, SIGINT);
+ sigaddset(&sigmsk, SIGQUIT);
+ sigaddset(&sigmsk, SIGTERM);
+ if (sigprocmask(SIG_BLOCK, &sigmsk, &omask) != 0)
+ warn("sigprocmask");
+ }
+ if (signal(SIGINT, SIG_IGN) != SIG_IGN)
+ signal(SIGINT, sendsig);
+ if (signal(SIGQUIT, SIG_IGN) != SIG_IGN)
+ signal(SIGQUIT, sendsig);
+ if (signal(SIGTERM, SIG_IGN) != SIG_IGN)
+ signal(SIGTERM, sendsig);
+
+ if (!nfork) {
+ pid = fork();
+ if (pid < 0)
+ err(1, "fork");
+ }
+
+ if (!doencrypt) {
+ ioctl(rfd2, FIONBIO, &one);
+ ioctl(rem, FIONBIO, &one);
+ }
+
+ talk(nflag, omask, pid, rem);
+
+ if (!nflag)
+ kill(pid, SIGKILL);
+ exit(0);
+}
diff --git a/crypto/kerberosIV/appl/bsd/rshd.c b/crypto/kerberosIV/appl/bsd/rshd.c
new file mode 100644
index 0000000..75ca1df
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/rshd.c
@@ -0,0 +1,635 @@
+/*-
+ * Copyright (c) 1988, 1989, 1992, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * remote shell server:
+ * [port]\0
+ * remuser\0
+ * locuser\0
+ * command\0
+ * data
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: rshd.c,v 1.51 1997/05/13 09:42:39 bg Exp $");
+
+extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */
+extern int __check_rhosts_file;
+
+static int keepalive = 1;
+static int log_success; /* If TRUE, log all successful accesses */
+static int new_pag = 1; /* Put process in new PAG by default */
+static int no_inetd = 0;
+static int sent_null;
+
+static void doit (struct sockaddr_in *);
+static void error (const char *, ...)
+#ifdef __GNUC__
+__attribute__ ((format (printf, 1, 2)))
+#endif
+;
+static void usage (void);
+
+#define VERSION_SIZE 9
+#define SECURE_MESSAGE "This rsh session is using DES encryption for all transmissions.\r\n"
+#define OPTIONS "alnkvxLp:Pi"
+AUTH_DAT authbuf;
+KTEXT_ST tickbuf;
+int doencrypt, use_kerberos, vacuous;
+Key_schedule schedule;
+
+int
+main(int argc, char *argv[])
+{
+ struct linger linger;
+ int ch, on = 1, fromlen;
+ struct sockaddr_in from;
+ int portnum = 0;
+
+ set_progname(argv[0]);
+
+ openlog("rshd", LOG_PID | LOG_ODELAY, LOG_DAEMON);
+
+ opterr = 0;
+ while ((ch = getopt(argc, argv, OPTIONS)) != EOF)
+ switch (ch) {
+ case 'a':
+ break;
+ case 'l':
+ __check_rhosts_file = 0;
+ break;
+ case 'n':
+ keepalive = 0;
+ break;
+ case 'k':
+ use_kerberos = 1;
+ break;
+
+ case 'v':
+ vacuous = 1;
+ break;
+
+ case 'x':
+ doencrypt = 1;
+ break;
+ case 'L':
+ log_success = 1;
+ break;
+ case 'p':
+ portnum = htons(atoi(optarg));
+ break;
+ case 'P':
+ new_pag = 0;
+ break;
+ case 'i':
+ no_inetd = 1;
+ break;
+ case '?':
+ default:
+ usage();
+ break;
+ }
+
+ argc -= optind;
+ argv += optind;
+
+ if (use_kerberos && vacuous) {
+ syslog(LOG_ERR, "only one of -k and -v allowed");
+ exit(2);
+ }
+ if (doencrypt && !use_kerberos) {
+ syslog(LOG_ERR, "-k is required for -x");
+ exit(2);
+ }
+
+ if (no_inetd) {
+ if(portnum == 0)
+ portnum = get_shell_port (use_kerberos, doencrypt);
+ mini_inetd (portnum);
+ }
+
+ fromlen = sizeof (from);
+ if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
+ syslog(LOG_ERR, "getpeername: %m");
+ _exit(1);
+ }
+#ifdef HAVE_SETSOCKOPT
+#ifdef SO_KEEPALIVE
+ if (keepalive &&
+ setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
+ sizeof(on)) < 0)
+ syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
+#endif
+#ifdef SO_LINGER
+ linger.l_onoff = 1;
+ linger.l_linger = 60; /* XXX */
+ if (setsockopt(0, SOL_SOCKET, SO_LINGER, (void *)&linger,
+ sizeof (linger)) < 0)
+ syslog(LOG_WARNING, "setsockopt (SO_LINGER): %m");
+#endif
+#endif /* HAVE_SETSOCKOPT */
+ doit(&from);
+ /* NOTREACHED */
+ return 0;
+}
+
+char username[20] = "USER=";
+char homedir[64] = "HOME=";
+char shell[64] = "SHELL=";
+char path[100] = "PATH=";
+char *envinit[] =
+{homedir, shell, path, username, 0};
+
+static void
+xgetstr(char *buf, int cnt, char *err)
+{
+ char c;
+
+ do {
+ if (read(STDIN_FILENO, &c, 1) != 1)
+ exit(1);
+ *buf++ = c;
+ if (--cnt == 0) {
+ error("%s too long\n", err);
+ exit(1);
+ }
+ } while (c != 0);
+}
+
+static void
+doit(struct sockaddr_in *fromp)
+{
+ struct passwd *pwd;
+ u_short port;
+ fd_set ready, readfrom;
+ int cc, nfd, pv[2], pid, s;
+ int one = 1;
+ const char *errorhost = "";
+ char *errorstr;
+ char *cp, sig, buf[BUFSIZ];
+ char cmdbuf[NCARGS+1], locuser[16], remuser[16];
+ char remotehost[2 * MaxHostNameLen + 1];
+
+ AUTH_DAT *kdata;
+ KTEXT ticket;
+ char instance[INST_SZ], version[VERSION_SIZE];
+ struct sockaddr_in fromaddr;
+ int rc;
+ long authopts;
+ int pv1[2], pv2[2];
+ fd_set wready, writeto;
+
+ fromaddr = *fromp;
+
+ signal(SIGINT, SIG_DFL);
+ signal(SIGQUIT, SIG_DFL);
+ signal(SIGTERM, SIG_DFL);
+#ifdef DEBUG
+ { int t = open(_PATH_TTY, 2);
+ if (t >= 0) {
+ ioctl(t, TIOCNOTTY, (char *)0);
+ close(t);
+ }
+ }
+#endif
+ fromp->sin_port = ntohs((u_short)fromp->sin_port);
+ if (fromp->sin_family != AF_INET) {
+ syslog(LOG_ERR, "malformed \"from\" address (af %d)\n",
+ fromp->sin_family);
+ exit(1);
+ }
+
+
+ if (!use_kerberos) {
+ ip_options_and_die (0, fromp);
+ if (fromp->sin_port >= IPPORT_RESERVED ||
+ fromp->sin_port < IPPORT_RESERVED/2) {
+ syslog(LOG_NOTICE|LOG_AUTH,
+ "Connection from %s on illegal port %u",
+ inet_ntoa(fromp->sin_addr),
+ fromp->sin_port);
+ exit(1);
+ }
+ }
+
+ alarm(60);
+ port = 0;
+ for (;;) {
+ char c;
+ if ((cc = read(STDIN_FILENO, &c, 1)) != 1) {
+ if (cc < 0)
+ syslog(LOG_NOTICE, "read: %m");
+ shutdown(0, 1+1);
+ exit(1);
+ }
+ if (c== 0)
+ break;
+ port = port * 10 + c - '0';
+ }
+
+ alarm(0);
+ if (port != 0) {
+ int lport = IPPORT_RESERVED - 1;
+ s = rresvport(&lport);
+ if (s < 0) {
+ syslog(LOG_ERR, "can't get stderr port: %m");
+ exit(1);
+ }
+ if (!use_kerberos)
+ if (port >= IPPORT_RESERVED) {
+ syslog(LOG_ERR, "2nd port not reserved\n");
+ exit(1);
+ }
+ fromp->sin_port = htons(port);
+ if (connect(s, (struct sockaddr *)fromp, sizeof (*fromp)) < 0) {
+ syslog(LOG_INFO, "connect second port %d: %m", port);
+ exit(1);
+ }
+ }
+
+ if (vacuous) {
+ error("rshd: remote host requires Kerberos authentication\n");
+ exit(1);
+ }
+
+ errorstr = NULL;
+ inaddr2str (fromp->sin_addr, remotehost, sizeof(remotehost));
+
+ if (use_kerberos) {
+ kdata = &authbuf;
+ ticket = &tickbuf;
+ authopts = 0L;
+ k_getsockinst(0, instance, sizeof(instance));
+ version[VERSION_SIZE - 1] = '\0';
+ if (doencrypt) {
+ struct sockaddr_in local_addr;
+ rc = sizeof(local_addr);
+ if (getsockname(0, (struct sockaddr *)&local_addr,
+ &rc) < 0) {
+ syslog(LOG_ERR, "getsockname: %m");
+ error("rlogind: getsockname: %m");
+ exit(1);
+ }
+ authopts = KOPT_DO_MUTUAL;
+ rc = krb_recvauth(authopts, 0, ticket,
+ "rcmd", instance, &fromaddr,
+ &local_addr, kdata, "", schedule,
+ version);
+#ifndef NOENCRYPTION
+ des_set_key(&kdata->session, schedule);
+#else
+ memset(schedule, 0, sizeof(schedule));
+#endif
+ } else
+ rc = krb_recvauth(authopts, 0, ticket, "rcmd",
+ instance, &fromaddr,
+ (struct sockaddr_in *) 0,
+ kdata, "", 0, version);
+ if (rc != KSUCCESS) {
+ error("Kerberos authentication failure: %s\n",
+ krb_get_err_text(rc));
+ exit(1);
+ }
+ } else
+ xgetstr(remuser, sizeof(remuser), "remuser");
+
+ xgetstr(locuser, sizeof(locuser), "locuser");
+ xgetstr(cmdbuf, sizeof(cmdbuf), "command");
+ setpwent();
+ pwd = k_getpwnam(locuser);
+ if (pwd == NULL) {
+ syslog(LOG_INFO|LOG_AUTH,
+ "%s@%s as %s: unknown login. cmd='%.80s'",
+ remuser, remotehost, locuser, cmdbuf);
+ if (errorstr == NULL)
+ errorstr = "Login incorrect.\n";
+ goto fail;
+ }
+ if (pwd->pw_uid == 0 && strcmp("root", locuser) != 0)
+ {
+ syslog(LOG_ALERT, "NIS attack, user %s has uid 0", locuser);
+ if (errorstr == NULL)
+ errorstr = "Login incorrect.\n";
+ goto fail;
+ }
+ if (chdir(pwd->pw_dir) < 0) {
+ chdir("/");
+#ifdef notdef
+ syslog(LOG_INFO|LOG_AUTH,
+ "%s@%s as %s: no home directory. cmd='%.80s'",
+ remuser, remotehost, locuser, cmdbuf);
+ error("No remote directory.\n");
+ exit(1);
+#endif
+ }
+
+ if (use_kerberos) {
+ if (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0') {
+ if (kuserok(kdata, locuser) != 0) {
+ syslog(LOG_INFO|LOG_AUTH,
+ "Kerberos rsh denied to %s",
+ krb_unparse_name_long(kdata->pname,
+ kdata->pinst,
+ kdata->prealm));
+ error("Permission denied.\n");
+ exit(1);
+ }
+ }
+ } else
+
+ if (errorstr ||
+ pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' &&
+ iruserok(fromp->sin_addr.s_addr, pwd->pw_uid == 0,
+ remuser, locuser) < 0) {
+ if (__rcmd_errstr)
+ syslog(LOG_INFO|LOG_AUTH,
+ "%s@%s as %s: permission denied (%s). cmd='%.80s'",
+ remuser, remotehost, locuser,
+ __rcmd_errstr, cmdbuf);
+ else
+ syslog(LOG_INFO|LOG_AUTH,
+ "%s@%s as %s: permission denied. cmd='%.80s'",
+ remuser, remotehost, locuser, cmdbuf);
+ fail:
+ if (errorstr == NULL)
+ errorstr = "Permission denied.\n";
+ error(errorstr, errorhost);
+ exit(1);
+ }
+
+ if (pwd->pw_uid && !access(_PATH_NOLOGIN, F_OK)) {
+ error("Logins currently disabled.\n");
+ exit(1);
+ }
+
+ write(STDERR_FILENO, "\0", 1);
+ sent_null = 1;
+
+ if (port) {
+ if (pipe(pv) < 0) {
+ error("Can't make pipe.\n");
+ exit(1);
+ }
+ if (doencrypt) {
+ if (pipe(pv1) < 0) {
+ error("Can't make 2nd pipe.\n");
+ exit(1);
+ }
+ if (pipe(pv2) < 0) {
+ error("Can't make 3rd pipe.\n");
+ exit(1);
+ }
+ }
+ pid = fork();
+ if (pid == -1) {
+ error("Can't fork; try again.\n");
+ exit(1);
+ }
+ if (pid) {
+ if (doencrypt) {
+ static char msg[] = SECURE_MESSAGE;
+ close(pv1[1]);
+ close(pv2[0]);
+#ifndef NOENCRYPTION
+ des_enc_write(s, msg, sizeof(msg) - 1, schedule, &kdata->session);
+#else
+ write(s, msg, sizeof(msg) - 1);
+#endif
+ } else {
+ close(0);
+ close(1);
+ }
+ close(2);
+ close(pv[1]);
+
+ FD_ZERO(&readfrom);
+ FD_SET(s, &readfrom);
+ FD_SET(pv[0], &readfrom);
+ if (pv[0] > s)
+ nfd = pv[0];
+ else
+ nfd = s;
+ if (doencrypt) {
+ FD_ZERO(&writeto);
+ FD_SET(pv2[1], &writeto);
+ FD_SET(pv1[0], &readfrom);
+ FD_SET(STDIN_FILENO, &readfrom);
+
+ nfd = max(nfd, pv2[1]);
+ nfd = max(nfd, pv1[0]);
+ } else
+ ioctl(pv[0], FIONBIO, (char *)&one);
+
+ /* should set s nbio! */
+ nfd++;
+ do {
+ ready = readfrom;
+ if (doencrypt) {
+ wready = writeto;
+ if (select(nfd, &ready,
+ &wready, 0,
+ (struct timeval *) 0) < 0)
+ break;
+ } else
+ if (select(nfd, &ready, 0,
+ 0, (struct timeval *)0) < 0)
+ break;
+ if (FD_ISSET(s, &ready)) {
+ int ret;
+ if (doencrypt)
+#ifndef NOENCRYPTION
+ ret = des_enc_read(s, &sig, 1, schedule, &kdata->session);
+#else
+ ret = read(s, &sig, 1);
+#endif
+ else
+ ret = read(s, &sig, 1);
+ if (ret <= 0)
+ FD_CLR(s, &readfrom);
+ else
+ kill(-pid, sig);
+ }
+ if (FD_ISSET(pv[0], &ready)) {
+ errno = 0;
+ cc = read(pv[0], buf, sizeof(buf));
+ if (cc <= 0) {
+ shutdown(s, 1+1);
+ FD_CLR(pv[0], &readfrom);
+ } else {
+ if (doencrypt)
+#ifndef NOENCRYPTION
+ des_enc_write(s, buf, cc, schedule, &kdata->session);
+#else
+ write(s, buf, cc);
+#endif
+ else
+ (void)
+ write(s, buf, cc);
+ }
+ }
+ if (doencrypt && FD_ISSET(pv1[0], &ready)) {
+ errno = 0;
+ cc = read(pv1[0], buf, sizeof(buf));
+ if (cc <= 0) {
+ shutdown(pv1[0], 1+1);
+ FD_CLR(pv1[0], &readfrom);
+ } else
+#ifndef NOENCRYPTION
+ des_enc_write(STDOUT_FILENO, buf, cc, schedule, &kdata->session);
+#else
+ write(STDOUT_FILENO, buf, cc);
+#endif
+ }
+
+ if (doencrypt
+ && FD_ISSET(STDIN_FILENO, &ready)
+ && FD_ISSET(pv2[1], &wready)) {
+ errno = 0;
+#ifndef NOENCRYPTION
+ cc = des_enc_read(STDIN_FILENO, buf, sizeof(buf), schedule, &kdata->session);
+#else
+ cc = read(STDIN_FILENO, buf, sizeof(buf));
+#endif
+ if (cc <= 0) {
+ shutdown(STDIN_FILENO, 0);
+ FD_CLR(STDIN_FILENO, &readfrom);
+ close(pv2[1]);
+ FD_CLR(pv2[1], &writeto);
+ } else
+ write(pv2[1], buf, cc);
+ }
+
+ } while (FD_ISSET(s, &readfrom) ||
+ (doencrypt && FD_ISSET(pv1[0], &readfrom)) ||
+ FD_ISSET(pv[0], &readfrom));
+ exit(0);
+ }
+ setsid();
+ close(s);
+ close(pv[0]);
+ if (doencrypt) {
+ close(pv1[0]);
+ close(pv2[1]);
+ dup2(pv1[1], 1);
+ dup2(pv2[0], 0);
+ close(pv1[1]);
+ close(pv2[0]);
+ }
+ dup2(pv[1], 2);
+ close(pv[1]);
+ }
+ if (*pwd->pw_shell == '\0')
+ pwd->pw_shell = _PATH_BSHELL;
+#ifdef HAVE_SETLOGIN
+ if (setlogin(pwd->pw_name) < 0)
+ syslog(LOG_ERR, "setlogin() failed: %m");
+#endif
+
+#ifdef HAVE_SETPCRED
+ if (setpcred (pwd->pw_name, NULL) == -1)
+ syslog(LOG_ERR, "setpcred() failure: %m");
+#endif /* HAVE_SETPCRED */
+ setgid((gid_t)pwd->pw_gid);
+ initgroups(pwd->pw_name, pwd->pw_gid);
+ setuid((uid_t)pwd->pw_uid);
+ strncat(homedir, pwd->pw_dir, sizeof(homedir)-6);
+
+ /* Need to extend path to find rcp */
+ strncat(path, BINDIR, sizeof(path)-1);
+ strncat(path, ":", sizeof(path)-1);
+ strncat(path, _PATH_DEFPATH, sizeof(path)-1);
+ path[sizeof(path)-1] = '\0';
+
+ strncat(shell, pwd->pw_shell, sizeof(shell)-7);
+ strncat(username, pwd->pw_name, sizeof(username)-6);
+ cp = strrchr(pwd->pw_shell, '/');
+ if (cp)
+ cp++;
+ else
+ cp = pwd->pw_shell;
+ endpwent();
+ if (log_success || pwd->pw_uid == 0) {
+ if (use_kerberos)
+ syslog(LOG_INFO|LOG_AUTH,
+ "Kerberos shell from %s on %s as %s, cmd='%.80s'",
+ krb_unparse_name_long(kdata->pname,
+ kdata->pinst,
+ kdata->prealm),
+ remotehost, locuser, cmdbuf);
+ else
+ syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: cmd='%.80s'",
+ remuser, remotehost, locuser, cmdbuf);
+ }
+ if (k_hasafs()) {
+ if (new_pag)
+ k_setpag(); /* Put users process in an new pag */
+ k_afsklog(0, 0);
+ }
+ execle(pwd->pw_shell, cp, "-c", cmdbuf, 0, envinit);
+ err(1, pwd->pw_shell);
+}
+
+/*
+ * Report error to client. Note: can't be used until second socket has
+ * connected to client, or older clients will hang waiting for that
+ * connection first.
+ */
+
+static void
+error(const char *fmt, ...)
+{
+ va_list ap;
+ int len;
+ char *bp, buf[BUFSIZ];
+
+ va_start(ap, fmt);
+ bp = buf;
+ if (sent_null == 0) {
+ *bp++ = 1;
+ len = 1;
+ } else
+ len = 0;
+ len = vsnprintf (bp, sizeof(buf) - len, fmt, ap);
+ write (STDERR_FILENO, buf, len);
+ va_end(ap);
+}
+
+static void
+usage()
+{
+
+ syslog(LOG_ERR,
+ "usage: rshd [-alnkvxLPi] [-p port]");
+ exit(2);
+}
diff --git a/crypto/kerberosIV/appl/bsd/stty_default.c b/crypto/kerberosIV/appl/bsd/stty_default.c
new file mode 100644
index 0000000..b7112c1
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/stty_default.c
@@ -0,0 +1,105 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: stty_default.c,v 1.6 1997/04/01 08:17:17 joda Exp $");
+
+#include <termios.h>
+
+/* HP-UX 9.0 termios doesn't define these */
+#ifndef FLUSHO
+#define FLUSHO 0
+#endif
+
+#ifndef XTABS
+#define XTABS 0
+#endif
+
+#ifndef OXTABS
+#define OXTABS XTABS
+#endif
+
+/* Ultrix... */
+#ifndef ECHOPRT
+#define ECHOPRT 0
+#endif
+
+#ifndef ECHOCTL
+#define ECHOCTL 0
+#endif
+
+#ifndef ECHOKE
+#define ECHOKE 0
+#endif
+
+#ifndef IMAXBEL
+#define IMAXBEL 0
+#endif
+
+#define Ctl(x) ((x) ^ 0100)
+
+void
+stty_default(void)
+{
+ struct termios termios;
+
+ /*
+ * Finalize the terminal settings. Some systems default to 8 bits,
+ * others to 7, so we should leave that alone.
+ */
+ tcgetattr(0, &termios);
+
+ termios.c_iflag |= (BRKINT|IGNPAR|ICRNL|IXON|IMAXBEL);
+ termios.c_iflag &= ~IXANY;
+
+ termios.c_lflag |= (ISIG|IEXTEN|ICANON|ECHO|ECHOE|ECHOK|ECHOCTL|ECHOKE);
+ termios.c_lflag &= ~(ECHOPRT|TOSTOP|FLUSHO);
+
+ termios.c_oflag |= (OPOST|ONLCR);
+ termios.c_oflag &= ~OXTABS;
+
+ termios.c_cc[VINTR] = Ctl('C');
+ termios.c_cc[VERASE] = Ctl('H');
+ termios.c_cc[VKILL] = Ctl('U');
+ termios.c_cc[VEOF] = Ctl('D');
+
+ termios.c_cc[VSUSP] = Ctl('Z');
+
+ tcsetattr(0, TCSANOW, &termios);
+}
diff --git a/crypto/kerberosIV/appl/bsd/su.c b/crypto/kerberosIV/appl/bsd/su.c
new file mode 100644
index 0000000..8c610e1
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/su.c
@@ -0,0 +1,452 @@
+/*
+ * Copyright (c) 1988 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID ("$Id: su.c,v 1.59 1997/05/26 17:45:54 bg Exp $");
+
+#ifdef SYSV_SHADOW
+#include "sysv_shadow.h"
+#endif
+
+static int kerberos (char *username, char *user, int uid);
+static int chshell (char *sh);
+static char *ontty (void);
+static int koktologin (char *name, char *realm, char *toname);
+static int chshell (char *sh);
+
+/* Handle '-' option after all the getopt options */
+#define ARGSTR "Kflmi:"
+
+static int use_kerberos = 1;
+static char *root_inst = "root";
+
+int
+main (int argc, char **argv)
+{
+ struct passwd *pwd;
+ char *p, **g;
+ struct group *gr;
+ uid_t ruid;
+ int asme, ch, asthem, fastlogin, prio;
+ enum { UNSET, YES, NO } iscsh = UNSET;
+ char *user, *shell, *avshell, *username, **np;
+ char shellbuf[MaxPathLen], avshellbuf[MaxPathLen];
+
+ set_progname (argv[0]);
+
+ asme = asthem = fastlogin = 0;
+ while ((ch = getopt (argc, argv, ARGSTR)) != EOF)
+ switch ((char) ch) {
+ case 'K':
+ use_kerberos = 0;
+ break;
+ case 'f':
+ fastlogin = 1;
+ break;
+ case 'l':
+ asme = 0;
+ asthem = 1;
+ break;
+ case 'm':
+ asme = 1;
+ asthem = 0;
+ break;
+ case 'i':
+ root_inst = optarg;
+ break;
+ case '?':
+ default:
+ fprintf (stderr,
+ "usage: su [-Kflm] [-i root-instance] [-] [login]\n");
+ exit (1);
+ }
+ /* Don't handle '-' option with getopt */
+ if (optind < argc && strcmp (argv[optind], "-") == 0) {
+ asme = 0;
+ asthem = 1;
+ optind++;
+ }
+ argv += optind;
+
+ if (use_kerberos) {
+ int fd = open (KEYFILE, O_RDONLY);
+
+ if (fd >= 0)
+ close (fd);
+ else
+ use_kerberos = 0;
+ }
+ errno = 0;
+ prio = getpriority (PRIO_PROCESS, 0);
+ if (errno)
+ prio = 0;
+ setpriority (PRIO_PROCESS, 0, -2);
+ openlog ("su", LOG_CONS, 0);
+
+ /* get current login name and shell */
+ ruid = getuid ();
+ username = getlogin ();
+ if (username == NULL || (pwd = k_getpwnam (username)) == NULL ||
+ pwd->pw_uid != ruid)
+ pwd = k_getpwuid (ruid);
+ if (pwd == NULL)
+ errx (1, "who are you?");
+ username = strdup (pwd->pw_name);
+ if (asme)
+ if (pwd->pw_shell && *pwd->pw_shell)
+ shell = strcpy (shellbuf, pwd->pw_shell);
+ else {
+ shell = _PATH_BSHELL;
+ iscsh = NO;
+ }
+
+ /* get target login information, default to root */
+ user = *argv ? *argv : "root";
+ np = *argv ? argv : argv - 1;
+
+ pwd = k_getpwnam (user);
+ if (pwd == NULL)
+ errx (1, "unknown login %s", user);
+ if (pwd->pw_uid == 0 && strcmp ("root", user) != 0) {
+ syslog (LOG_ALERT, "NIS attack, user %s has uid 0", user);
+ errx (1, "unknown login %s", user);
+ }
+ if (!use_kerberos || kerberos (username, user, pwd->pw_uid)) {
+#ifndef PASSWD_FALLBACK
+ errx (1, "won't use /etc/passwd authentication");
+#endif
+ /* getpwnam() is not reentrant and kerberos might use it! */
+ pwd = k_getpwnam (user);
+ if (pwd == NULL)
+ errx (1, "unknown login %s", user);
+ /* only allow those in group zero to su to root. */
+ if (pwd->pw_uid == 0 && (gr = getgrgid ((gid_t) 0)))
+ for (g = gr->gr_mem;; ++g) {
+ if (!*g) {
+#if 1
+ /* if group 0 is empty or only
+ contains root su is still ok. */
+ if (gr->gr_mem[0] == 0)
+ break; /* group 0 is empty */
+ if (gr->gr_mem[1] == 0 &&
+ strcmp (gr->gr_mem[0], "root") == 0)
+ break; /* only root in group 0 */
+#endif
+ errx (1, "you are not in the correct group to su %s.",
+ user);
+ }
+ if (!strcmp (username, *g))
+ break;
+ }
+ /* if target requires a password, verify it */
+ if (ruid && *pwd->pw_passwd) {
+ char prompt[128];
+ char passwd[256];
+
+ snprintf (prompt, sizeof(prompt), "%s's Password: ", pwd->pw_name);
+ if (des_read_pw_string (passwd, sizeof (passwd),
+ prompt, 0)) {
+ memset (passwd, 0, sizeof (passwd));
+ exit (1);
+ }
+ if (strcmp (pwd->pw_passwd,
+ crypt (passwd, pwd->pw_passwd))) {
+ memset (passwd, 0, sizeof (passwd));
+ syslog (LOG_AUTH | LOG_WARNING,
+ "BAD SU %s to %s%s", username,
+ user, ontty ());
+ errx (1, "Sorry");
+ }
+ memset (passwd, 0, sizeof (passwd));
+ }
+ }
+ if (asme) {
+ /* if asme and non-standard target shell, must be root */
+ if (!chshell (pwd->pw_shell) && ruid)
+ errx (1, "permission denied (shell '%s' not in /etc/shells).",
+ pwd->pw_shell);
+ } else if (pwd->pw_shell && *pwd->pw_shell) {
+ shell = pwd->pw_shell;
+ iscsh = UNSET;
+ } else {
+ shell = _PATH_BSHELL;
+ iscsh = NO;
+ }
+
+ if ((p = strrchr (shell, '/')) != 0)
+ avshell = p + 1;
+ else
+ avshell = shell;
+
+ /* if we're forking a csh, we want to slightly muck the args */
+ if (iscsh == UNSET)
+ iscsh = strcmp (avshell, "csh") ? NO : YES;
+
+ /* set permissions */
+
+ if (setgid (pwd->pw_gid) < 0)
+ err (1, "setgid");
+ if (initgroups (user, pwd->pw_gid))
+ errx (1, "initgroups failed.");
+
+ if (setuid (pwd->pw_uid) < 0)
+ err (1, "setuid");
+
+ if (!asme) {
+ if (asthem) {
+ char *k = getenv ("KRBTKFILE");
+ char *t = getenv ("TERM");
+
+ environ = malloc (10 * sizeof (char *));
+ environ[0] = NULL;
+ setenv ("PATH", _PATH_DEFPATH, 1);
+ if (t)
+ setenv ("TERM", t, 1);
+ if (k)
+ setenv ("KRBTKFILE", k, 1);
+ if (chdir (pwd->pw_dir) < 0)
+ errx (1, "no directory");
+ }
+ if (asthem || pwd->pw_uid)
+ setenv ("USER", pwd->pw_name, 1);
+ setenv ("HOME", pwd->pw_dir, 1);
+ setenv ("SHELL", shell, 1);
+ }
+ if (iscsh == YES) {
+ if (fastlogin)
+ *np-- = "-f";
+ if (asme)
+ *np-- = "-m";
+ }
+ if (asthem) {
+ avshellbuf[0] = '-';
+ strcpy (avshellbuf + 1, avshell);
+ avshell = avshellbuf;
+ } else if (iscsh == YES) {
+ /* csh strips the first character... */
+ avshellbuf[0] = '_';
+ strcpy (avshellbuf + 1, avshell);
+ avshell = avshellbuf;
+ }
+ *np = avshell;
+
+ if (ruid != 0)
+ syslog (LOG_NOTICE | LOG_AUTH, "%s to %s%s",
+ username, user, ontty ());
+
+ setpriority (PRIO_PROCESS, 0, prio);
+
+ if (k_hasafs ()) {
+ int code;
+
+ if (k_setpag () != 0)
+ warn ("setpag");
+ code = k_afsklog (0, 0);
+ if (code != KSUCCESS && code != KDC_PR_UNKNOWN)
+ warnx ("afsklog: %s", krb_get_err_text (code));
+ }
+ execv (shell, np);
+ warn ("execv(%s)", shell);
+ if (getuid () == 0) {
+ execv (_PATH_BSHELL, np);
+ warn ("execv(%s)", _PATH_BSHELL);
+ }
+ exit (1);
+}
+
+static int
+chshell (char *sh)
+{
+ char *cp;
+
+ while ((cp = getusershell ()) != NULL)
+ if (!strcmp (cp, sh))
+ return (1);
+ return (0);
+}
+
+static char *
+ontty (void)
+{
+ char *p;
+ static char buf[MaxPathLen + 4];
+
+ buf[0] = 0;
+ if ((p = ttyname (STDERR_FILENO)) != 0)
+ snprintf (buf, sizeof(buf), " on %s", p);
+ return (buf);
+}
+
+static int
+kerberos (char *username, char *user, int uid)
+{
+ KTEXT_ST ticket;
+ AUTH_DAT authdata;
+ struct hostent *hp;
+ int kerno;
+ u_long faddr;
+ char lrealm[REALM_SZ], krbtkfile[MaxPathLen];
+ char hostname[MaxHostNameLen], savehost[MaxHostNameLen];
+
+ if (krb_get_lrealm (lrealm, 1) != KSUCCESS)
+ return (1);
+ if (koktologin (username, lrealm, user) && !uid) {
+#ifndef PASSWD_FALLBACK
+ warnx ("not in %s's ACL.", user);
+#endif
+ return (1);
+ }
+ snprintf (krbtkfile, sizeof(krbtkfile),
+ "%s_%s_to_%s_%u", TKT_ROOT, username, user,
+ (unsigned) getpid ());
+
+ setenv ("KRBTKFILE", krbtkfile, 1);
+ krb_set_tkt_string (krbtkfile);
+ /*
+ * Little trick here -- if we are su'ing to root, we need to get a ticket
+ * for "xxx.root", where xxx represents the name of the person su'ing.
+ * Otherwise (non-root case), we need to get a ticket for "yyy.", where
+ * yyy represents the name of the person being su'd to, and the instance
+ * is null
+ *
+ * We should have a way to set the ticket lifetime, with a system default
+ * for root.
+ */
+ {
+ char prompt[128];
+ char passw[256];
+
+ snprintf (prompt, sizeof(prompt),
+ "%s's Password: ",
+ krb_unparse_name_long ((uid == 0 ? username : user),
+ (uid == 0 ? root_inst : ""),
+ lrealm));
+ if (des_read_pw_string (passw, sizeof (passw), prompt, 0)) {
+ memset (passw, 0, sizeof (passw));
+ return (1);
+ }
+ if (strlen(passw) == 0)
+ return (1); /* Empty passwords is not allowed */
+ kerno = krb_get_pw_in_tkt ((uid == 0 ? username : user),
+ (uid == 0 ? root_inst : ""), lrealm,
+ KRB_TICKET_GRANTING_TICKET,
+ lrealm,
+ DEFAULT_TKT_LIFE,
+ passw);
+ memset (passw, 0, strlen (passw));
+ }
+
+ if (kerno != KSUCCESS) {
+ if (kerno == KDC_PR_UNKNOWN) {
+ warnx ("principal unknown: %s",
+ krb_unparse_name_long ((uid == 0 ? username : user),
+ (uid == 0 ? root_inst : ""),
+ lrealm));
+ return (1);
+ }
+ warnx ("unable to su: %s", krb_get_err_text (kerno));
+ syslog (LOG_NOTICE | LOG_AUTH,
+ "BAD SU: %s to %s%s: %s",
+ username, user, ontty (), krb_get_err_text (kerno));
+ return (1);
+ }
+ if (chown (krbtkfile, uid, -1) < 0) {
+ warn ("chown");
+ unlink (krbtkfile);
+ return (1);
+ }
+ setpriority (PRIO_PROCESS, 0, -2);
+
+ if (k_gethostname (hostname, sizeof (hostname)) == -1) {
+ warn ("gethostname");
+ dest_tkt ();
+ return (1);
+ }
+ strncpy (savehost, krb_get_phost (hostname), sizeof (savehost));
+ savehost[sizeof (savehost) - 1] = '\0';
+
+ kerno = krb_mk_req (&ticket, "rcmd", savehost, lrealm, 33);
+
+ if (kerno == KDC_PR_UNKNOWN) {
+ warnx ("Warning: TGT not verified.");
+ syslog (LOG_NOTICE | LOG_AUTH,
+ "%s to %s%s, TGT not verified (%s); "
+ "%s.%s not registered?",
+ username, user, ontty (), krb_get_err_text (kerno),
+ "rcmd", savehost);
+#ifdef KLOGIN_PARANOID
+ /*
+ * if the "VERIFY_SERVICE" doesn't exist in the KDC for this host, *
+ * don't allow kerberos login, also log the error condition.
+ */
+ warnx ("Trying local password!");
+ return (1);
+#endif
+ } else if (kerno != KSUCCESS) {
+ warnx ("Unable to use TGT: %s", krb_get_err_text (kerno));
+ syslog (LOG_NOTICE | LOG_AUTH, "failed su: %s to %s%s: %s",
+ username, user, ontty (), krb_get_err_text (kerno));
+ dest_tkt ();
+ return (1);
+ } else {
+ if (!(hp = gethostbyname (hostname))) {
+ warnx ("can't get addr of %s", hostname);
+ dest_tkt ();
+ return (1);
+ }
+ memcpy (&faddr, hp->h_addr, sizeof (faddr));
+
+ if ((kerno = krb_rd_req (&ticket, "rcmd", savehost, faddr,
+ &authdata, "")) != KSUCCESS) {
+ warnx ("unable to verify rcmd ticket: %s",
+ krb_get_err_text (kerno));
+ syslog (LOG_NOTICE | LOG_AUTH,
+ "failed su: %s to %s%s: %s", username,
+ user, ontty (), krb_get_err_text (kerno));
+ dest_tkt ();
+ return (1);
+ }
+ }
+ fprintf (stderr, "Don't forget to kdestroy before exiting the shell.\n");
+ return (0);
+}
+
+static int
+koktologin (char *name, char *realm, char *toname)
+{
+ return krb_kuserok (name,
+ strcmp (toname, "root") == 0 ? root_inst : "",
+ realm,
+ toname);
+}
diff --git a/crypto/kerberosIV/appl/bsd/sysv_default.c b/crypto/kerberosIV/appl/bsd/sysv_default.c
new file mode 100644
index 0000000..cb36b84
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/sysv_default.c
@@ -0,0 +1,95 @@
+/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: sysv_default.c,v 1.9 1997/03/31 01:47:59 assar Exp $");
+
+#include "sysv_default.h"
+
+ /*
+ * Default values for stuff that can be read from the defaults file. The
+ * SunOS 5.1 documentation is incomplete and often disagrees with reality.
+ */
+
+static char default_umask_value[] = "022";
+
+char *default_console = 0;
+char *default_altsh = "YES";
+char *default_passreq = "NO";
+char *default_timezone= 0;
+char *default_hz = 0;
+char *default_path = _PATH_DEFPATH;
+char *default_supath = _PATH_DEFSUPATH;
+char *default_ulimit = 0;
+char *default_timeout = "60";
+char *default_umask = default_umask_value;
+char *default_sleep = "4";
+char *default_maxtrys = "5";
+
+static struct sysv_default {
+ char **valptr;
+ char *prefix;
+ int prefix_len;
+} defaults[] = {
+ {&default_console, "CONSOLE=", sizeof("CONSOLE=") -1},
+ {&default_altsh, "ALTSHELL=", sizeof("ALTSHELL=") -1},
+ {&default_passreq, "PASSREQ=", sizeof("PASSREQ=") -1},
+ {&default_timezone, "TIMEZONE=", sizeof("TIMEZONE=") -1},
+ {&default_hz, "HZ=", sizeof("HZ=") -1},
+ {&default_path, "PATH=", sizeof("PATH=") -1},
+ {&default_supath, "SUPATH=", sizeof("SUPATH=") -1},
+ {&default_ulimit, "ULIMIT=", sizeof("ULIMIT=") -1},
+ {&default_timeout, "TIMEOUT=", sizeof("TIMEOUT=") -1},
+ {&default_umask, "UMASK=", sizeof("UMASK=") -1},
+ {&default_sleep, "SLEEPTIME=", sizeof("SLEEPTIME=") -1},
+ {&default_maxtrys, "MAXTRYS=", sizeof("MAXTRYS=") -1},
+ {0},
+};
+
+#define trim(s) { \
+ char *cp = s + strlen(s); \
+ while (cp > s && isspace(cp[-1])) \
+ cp--; \
+ *cp = 0; \
+}
+
+/* sysv_defaults - read login defaults file */
+
+void
+sysv_defaults()
+{
+ struct sysv_default *dp;
+ FILE *fp;
+ char buf[BUFSIZ];
+
+ if ((fp = fopen(_PATH_ETC_DEFAULT_LOGIN, "r"))) {
+
+ /* Stupid quadratic algorithm. */
+
+ while (fgets(buf, sizeof(buf), fp)) {
+
+ /* Skip comments and blank lines. */
+
+ if (buf[0] == '#')
+ continue;
+ trim(buf);
+ if (buf[0] == 0)
+ continue;
+
+ /* Assign defaults from file. */
+
+#define STREQN(x,y,l) (x[0] == y[0] && strncmp(x,y,l) == 0)
+
+ for (dp = defaults; dp->valptr; dp++) {
+ if (STREQN(buf, dp->prefix, dp->prefix_len)) {
+ if ((*(dp->valptr) = strdup(buf + dp->prefix_len)) == 0) {
+ warnx("Insufficient memory resources - try later.");
+ sleepexit(1);
+ }
+ break;
+ }
+ }
+ }
+ fclose(fp);
+ }
+}
diff --git a/crypto/kerberosIV/appl/bsd/sysv_default.h b/crypto/kerberosIV/appl/bsd/sysv_default.h
new file mode 100644
index 0000000..0056059
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/sysv_default.h
@@ -0,0 +1,18 @@
+/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */
+
+/* $Id: sysv_default.h,v 1.5 1996/10/27 23:51:14 assar Exp $ */
+
+extern char *default_console;
+extern char *default_altsh;
+extern char *default_passreq;
+extern char *default_timezone;
+extern char *default_hz;
+extern char *default_path;
+extern char *default_supath;
+extern char *default_ulimit;
+extern char *default_timeout;
+extern char *default_umask;
+extern char *default_sleep;
+extern char *default_maxtrys;
+
+void sysv_defaults(void);
diff --git a/crypto/kerberosIV/appl/bsd/sysv_environ.c b/crypto/kerberosIV/appl/bsd/sysv_environ.c
new file mode 100644
index 0000000..f5e782d
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/sysv_environ.c
@@ -0,0 +1,192 @@
+/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: sysv_environ.c,v 1.21 1997/05/14 17:34:15 joda Exp $");
+
+#ifdef HAVE_ULIMIT_H
+#include <ulimit.h>
+#endif
+
+#ifndef UL_SETFSIZE
+#define UL_SETFSIZE 2
+#endif
+
+#include "sysv_default.h"
+
+/*
+ * Set
+ */
+
+static void
+read_etc_environment (void)
+{
+ FILE *f;
+ char buf[BUFSIZ];
+
+ f = fopen(_PATH_ETC_ENVIRONMENT, "r");
+ if (f) {
+ char *val;
+
+ while (fgets (buf, sizeof(buf), f) != NULL) {
+ if (buf[0] == '\n' || buf[0] == '#')
+ continue;
+ buf[strlen(buf) - 1] = '\0';
+ val = strchr (buf, '=');
+ if (val == NULL)
+ continue;
+ *val = '\0';
+ setenv(buf, val + 1, 1);
+ }
+ fclose (f);
+ }
+}
+
+ /*
+ * Environment variables that are preserved (but may still be overruled by
+ * other means). Only TERM and TZ appear to survive (SunOS 5.1). These are
+ * typically inherited from the ttymon process.
+ */
+
+static struct preserved {
+ char *name;
+ char *value;
+} preserved[] = {
+ {"TZ", 0},
+ {"TERM", 0},
+ {0},
+};
+
+ /*
+ * Environment variables that are not preserved and that cannot be specified
+ * via commandline or stdin. Except for the LD_xxx (runtime linker) stuff,
+ * the list applies to most SYSV systems. The manpage mentions only that
+ * SHELL and PATH are censored. HOME, LOGNAME and MAIL are always
+ * overwritten; they are in the list to make the censoring explicit.
+ */
+
+static struct censored {
+ char *prefix;
+ int length;
+} censored[] = {
+ {"SHELL=", sizeof("SHELL=") - 1},
+ {"HOME=", sizeof("HOME=") - 1},
+ {"LOGNAME=", sizeof("LOGNAME=") - 1},
+ {"MAIL=", sizeof("MAIL=") - 1},
+ {"CDPATH=", sizeof("CDPATH=") - 1},
+ {"IFS=", sizeof("IFS=") - 1},
+ {"PATH=", sizeof("PATH=") - 1},
+ {"LD_", sizeof("LD_") - 1},
+ {0},
+};
+
+/* sysv_newenv - set up final environment after logging in */
+
+void sysv_newenv(int argc, char **argv, struct passwd *pwd,
+ char *term, int pflag)
+{
+ unsigned umask_val;
+ long limit_val;
+ char buf[BUFSIZ];
+ int count = 0;
+ struct censored *cp;
+ struct preserved *pp;
+
+ /* Preserve a selection of the environment. */
+
+ for (pp = preserved; pp->name; pp++)
+ pp->value = getenv(pp->name);
+
+ /*
+ * Note: it is a bad idea to assign a static array to the global environ
+ * variable. Reason is that putenv() can run into problems when it tries
+ * to realloc() the environment table. Instead, we just clear environ[0]
+ * and let putenv() work things out.
+ */
+
+ if (!pflag && environ)
+ environ[0] = 0;
+
+ /* Restore preserved environment variables. */
+
+ for (pp = preserved; pp->name; pp++)
+ if (pp->value)
+ setenv(pp->name, pp->value, 1);
+
+ /* The TERM definition from e.g. rlogind can override an existing one. */
+
+ if (term[0])
+ setenv("TERM", term, 1);
+
+ /*
+ * Environment definitions from the command line overrule existing ones,
+ * but can be overruled by definitions from stdin. Some variables are
+ * censored.
+ *
+ * Omission: we do not support environment definitions from stdin.
+ */
+
+#define STREQN(x,y,l) (x[0] == y[0] && strncmp(x,y,l) == 0)
+
+ while (argc && *argv) {
+ if (strchr(*argv, '=') == 0) {
+ snprintf(buf, sizeof(buf), "L%d", count++);
+ setenv(buf, *argv, 1);
+ } else {
+ for (cp = censored; cp->prefix; cp++)
+ if (STREQN(*argv, cp->prefix, cp->length))
+ break;
+ if (cp->prefix == 0)
+ putenv(*argv);
+ }
+ argc--, argv++;
+ }
+
+ /* PATH is always reset. */
+
+ setenv("PATH", pwd->pw_uid ? default_path : default_supath, 1);
+
+ /* Undocumented: HOME, MAIL and LOGNAME are always reset (SunOS 5.1). */
+
+ setenv("HOME", pwd->pw_dir, 1);
+ {
+ char *sep = "/";
+ if(KRB4_MAILDIR[strlen(KRB4_MAILDIR) - 1] == '/')
+ sep = "";
+ k_concat(buf, sizeof(buf), KRB4_MAILDIR, sep, pwd->pw_name, NULL);
+ }
+ setenv("MAIL", buf, 1);
+ setenv("LOGNAME", pwd->pw_name, 1);
+ setenv("USER", pwd->pw_name, 1);
+
+ /*
+ * Variables that may be set according to specifications in the defaults
+ * file. HZ and TZ are set only if they are still uninitialized.
+ *
+ * Extension: when ALTSHELL=YES, we set the SHELL variable even if it is
+ * /bin/sh.
+ */
+
+ if (strcasecmp(default_altsh, "YES") == 0)
+ setenv("SHELL", pwd->pw_shell, 1);
+ if (default_hz)
+ setenv("HZ", default_hz, 0);
+ if (default_timezone)
+ setenv("TZ", default_timezone, 0);
+
+ /* Non-environment stuff. */
+
+ if (default_umask) {
+ if (sscanf(default_umask, "%o", &umask_val) == 1 && umask_val)
+ umask(umask_val);
+ }
+#ifdef HAVE_ULIMIT
+ if (default_ulimit) {
+ if (sscanf(default_ulimit, "%ld", &limit_val) == 1 && limit_val)
+ if (ulimit(UL_SETFSIZE, limit_val) < 0)
+ warn ("ulimit(UL_SETFSIZE, %ld)", limit_val);
+ }
+#endif
+ read_etc_environment();
+}
+
diff --git a/crypto/kerberosIV/appl/bsd/sysv_shadow.c b/crypto/kerberosIV/appl/bsd/sysv_shadow.c
new file mode 100644
index 0000000..6839441
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/sysv_shadow.c
@@ -0,0 +1,45 @@
+/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: sysv_shadow.c,v 1.7 1997/03/23 04:56:05 assar Exp $");
+
+#ifdef SYSV_SHADOW
+
+#include <sysv_shadow.h>
+
+/* sysv_expire - check account and password expiration times */
+
+int
+sysv_expire(struct spwd *spwd)
+{
+ long today;
+
+ tzset();
+ today = time(0);
+
+ if (spwd->sp_expire > 0) {
+ if (today > spwd->sp_expire) {
+ printf("Your account has expired.\n");
+ sleepexit(1);
+ } else if (spwd->sp_expire - today < 14) {
+ printf("Your account will expire in %d days.\n",
+ (int)(spwd->sp_expire - today));
+ return (0);
+ }
+ }
+ if (spwd->sp_max > 0) {
+ if (today > (spwd->sp_lstchg + spwd->sp_max)) {
+ printf("Your password has expired. Choose a new one.\n");
+ return (1);
+ } else if (spwd->sp_warn > 0
+ && (today > (spwd->sp_lstchg + spwd->sp_max - spwd->sp_warn))) {
+ printf("Your password will expire in %d days.\n",
+ (int)(spwd->sp_lstchg + spwd->sp_max - today));
+ return (0);
+ }
+ }
+ return (0);
+}
+
+#endif /* SYSV_SHADOW */
diff --git a/crypto/kerberosIV/appl/bsd/sysv_shadow.h b/crypto/kerberosIV/appl/bsd/sysv_shadow.h
new file mode 100644
index 0000000..4f07b49
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/sysv_shadow.h
@@ -0,0 +1,5 @@
+/* $Id: sysv_shadow.h,v 1.6 1997/03/23 04:55:51 assar Exp $ */
+
+#include <shadow.h>
+
+extern sysv_expire(struct spwd *);
diff --git a/crypto/kerberosIV/appl/bsd/tty.c b/crypto/kerberosIV/appl/bsd/tty.c
new file mode 100644
index 0000000..3192426
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/tty.c
@@ -0,0 +1,75 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: tty.c,v 1.2 1997/05/25 01:14:22 assar Exp $");
+
+/*
+ * Clean the tty name. Return a pointer to the cleaned version.
+ */
+
+char *
+clean_ttyname (char *tty)
+{
+ char *res = tty;
+
+ if (strncmp (res, _PATH_DEV, strlen(_PATH_DEV)) == 0)
+ res += strlen(_PATH_DEV);
+ if (strncmp (res, "pty/", 4) == 0)
+ res += 4;
+ if (strncmp (res, "ptym/", 5) == 0)
+ res += 5;
+ return res;
+}
+
+/*
+ * Generate a name usable as an `ut_id', typically without `tty'.
+ */
+
+char *
+make_id (char *tty)
+{
+ char *res = tty;
+
+ if (strncmp (res, "pts/", 4) == 0)
+ res += 4;
+ if (strncmp (res, "tty", 3) == 0)
+ res += 3;
+ return res;
+}
diff --git a/crypto/kerberosIV/appl/bsd/utmp_login.c b/crypto/kerberosIV/appl/bsd/utmp_login.c
new file mode 100644
index 0000000..da3f96a
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/utmp_login.c
@@ -0,0 +1,121 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: utmp_login.c,v 1.13 1997/05/20 13:46:21 assar Exp $");
+
+void
+prepare_utmp (struct utmp *utmp, char *tty, char *username, char *hostname)
+{
+ char *ttyx = clean_ttyname (tty);
+
+ memset(utmp, 0, sizeof(*utmp));
+ utmp->ut_time = time(NULL);
+ strncpy(utmp->ut_line, ttyx, sizeof(utmp->ut_line));
+ strncpy(utmp->ut_name, username, sizeof(utmp->ut_name));
+
+# ifdef HAVE_UT_USER
+ strncpy(utmp->ut_user, username, sizeof(utmp->ut_user));
+# endif
+
+# ifdef HAVE_UT_ADDR
+ if (hostname[0]) {
+ struct hostent *he;
+ if ((he = gethostbyname(hostname)))
+ memcpy(&utmp->ut_addr, he->h_addr_list[0],
+ sizeof(utmp->ut_addr));
+ }
+# endif
+
+# ifdef HAVE_UT_HOST
+ strncpy(utmp->ut_host, hostname, sizeof(utmp->ut_host));
+# endif
+
+# ifdef HAVE_UT_TYPE
+ utmp->ut_type = USER_PROCESS;
+# endif
+
+# ifdef HAVE_UT_PID
+ utmp->ut_pid = getpid();
+# endif
+
+# ifdef HAVE_UT_ID
+ strncpy(utmp->ut_id, make_id(ttyx), sizeof(utmp->ut_id));
+# endif
+}
+
+#ifdef HAVE_UTMPX_H
+void utmp_login(char *tty, char *username, char *hostname) { return; }
+#else
+
+/* update utmp and wtmp - the BSD way */
+
+void utmp_login(char *tty, char *username, char *hostname)
+{
+ struct utmp utmp;
+ int fd;
+
+ prepare_utmp (&utmp, tty, username, hostname);
+
+#ifdef HAVE_SETUTENT
+ utmpname(_PATH_UTMP);
+ setutent();
+ pututline(&utmp);
+ endutent();
+#else
+
+#ifdef HAVE_TTYSLOT
+ {
+ int ttyno;
+ ttyno = ttyslot();
+ if (ttyno > 0 && (fd = open(_PATH_UTMP, O_WRONLY, 0)) >= 0) {
+ lseek(fd, (long)(ttyno * sizeof(struct utmp)), SEEK_SET);
+ write(fd, &utmp, sizeof(struct utmp));
+ close(fd);
+ }
+ }
+#endif /* HAVE_TTYSLOT */
+#endif /* HAVE_SETUTENT */
+
+ if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) {
+ write(fd, &utmp, sizeof(struct utmp));
+ close(fd);
+ }
+}
+#endif /* !HAVE_UTMPX_H */
diff --git a/crypto/kerberosIV/appl/bsd/utmpx_login.c b/crypto/kerberosIV/appl/bsd/utmpx_login.c
new file mode 100644
index 0000000..005eca5
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/utmpx_login.c
@@ -0,0 +1,88 @@
+/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: utmpx_login.c,v 1.20 1997/06/01 03:13:15 assar Exp $");
+
+/* utmpx_login - update utmp and wtmp after login */
+
+#ifndef HAVE_UTMPX_H
+int utmpx_login(char *line, char *user, char *host) { return 0; }
+#else
+
+static void
+utmpx_update(struct utmpx *ut, char *line, char *user, char *host)
+{
+ struct timeval tmp;
+ char *clean_tty = clean_ttyname(line);
+
+ strncpy(ut->ut_line, clean_tty, sizeof(ut->ut_line));
+#ifdef HAVE_UT_ID
+ strncpy(ut->ut_id, make_id(clean_tty), sizeof(ut->ut_id));
+#endif
+ strncpy(ut->ut_user, user, sizeof(ut->ut_user));
+ strncpy(ut->ut_host, host, sizeof(ut->ut_host));
+#ifdef HAVE_UT_SYSLEN
+ ut->ut_syslen = strlen(host) + 1;
+ if (ut->ut_syslen > sizeof(ut->ut_host))
+ ut->ut_syslen = sizeof(ut->ut_host);
+#endif
+ ut->ut_type = USER_PROCESS;
+ gettimeofday (&tmp, 0);
+ ut->ut_tv.tv_sec = tmp.tv_sec;
+ ut->ut_tv.tv_usec = tmp.tv_usec;
+ pututxline(ut);
+#ifdef WTMPX_FILE
+ updwtmpx(WTMPX_FILE, ut);
+#elif defined(WTMP_FILE)
+ {
+ struct utmp utmp;
+ int fd;
+
+ prepare_utmp (&utmp, line, user, host);
+ if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) {
+ write(fd, &utmp, sizeof(struct utmp));
+ close(fd);
+ }
+ }
+#endif
+}
+
+int
+utmpx_login(char *line, char *user, char *host)
+{
+ struct utmpx *ut;
+ pid_t mypid = getpid();
+ int ret = (-1);
+
+ /*
+ * SYSV4 ttymon and login use tty port names with the "/dev/" prefix
+ * stripped off. Rlogind and telnetd, on the other hand, make utmpx
+ * entries with device names like /dev/pts/nnn. We therefore cannot use
+ * getutxline(). Return nonzero if no utmp entry was found with our own
+ * process ID for a login or user process.
+ */
+
+ while ((ut = getutxent())) {
+ /* Try to find a reusable entry */
+ if (ut->ut_pid == mypid
+ && ( ut->ut_type == INIT_PROCESS
+ || ut->ut_type == LOGIN_PROCESS
+ || ut->ut_type == USER_PROCESS)) {
+ utmpx_update(ut, line, user, host);
+ ret = 0;
+ break;
+ }
+ }
+ if (ret == -1) {
+ /* Grow utmpx file by one record. */
+ struct utmpx newut;
+ memset(&newut, 0, sizeof(newut));
+ newut.ut_pid = mypid;
+ utmpx_update(&newut, line, user, host);
+ ret = 0;
+ }
+ endutxent();
+ return (ret);
+}
+#endif /* HAVE_UTMPX_H */
diff --git a/crypto/kerberosIV/appl/ftp/Makefile.in b/crypto/kerberosIV/appl/ftp/Makefile.in
new file mode 100644
index 0000000..6d0c420
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/Makefile.in
@@ -0,0 +1,41 @@
+# $Id: Makefile.in,v 1.9 1997/03/23 13:03:54 assar Exp $
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+
+SHELL = /bin/sh
+
+@SET_MAKE@
+
+CC = @CC@
+RANLIB = @RANLIB@
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@
+
+INSTALL = @INSTALL@
+
+prefix = @prefix@
+
+SUBDIRS=common ftp ftpd
+
+all:
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) all); done
+
+install: all
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) install); done
+
+uninstall:
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done
+
+clean cleandir:
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) clean); done
+
+distclean:
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) distclean); done
+ rm -f Makefile *~
diff --git a/crypto/kerberosIV/appl/ftp/common/Makefile.in b/crypto/kerberosIV/appl/ftp/common/Makefile.in
new file mode 100644
index 0000000..9ce1aa5
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/common/Makefile.in
@@ -0,0 +1,52 @@
+# $Id: Makefile.in,v 1.17 1997/05/18 20:00:06 assar Exp $
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+
+CC = @CC@
+AR = ar
+RANLIB = @RANLIB@
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@
+
+INSTALL = @INSTALL@
+
+prefix = @prefix@
+
+SOURCES = base64.c glob.c sockbuf.c buffer.c
+OBJECTS = $(libcommon_OBJS)
+
+libcommon_OBJS = base64.o glob.o sockbuf.o buffer.o
+
+LIBNAME = $(LIBPREFIX)common
+LIBEXT = a
+LIBPREFIX = @LIBPREFIX@
+LIB = $(LIBNAME).$(LIBEXT)
+
+all: $(LIB)
+
+.c.o:
+ $(CC) -c $(CFLAGS) -I$(srcdir) -I../../../include $(DEFS) $<
+
+$(LIB): $(libcommon_OBJS)
+ rm -f $@
+ ar cr $@ $(libcommon_OBJS)
+ -$(RANLIB) $@
+
+install:
+
+uninstall:
+
+TAGS: $(SOURCES)
+ etags $(SOURCES)
+
+clean cleandir:
+ rm -f *~ *.o libcommon.a core \#*
+
+distclean:
+ rm -f Makefile
+
+$(OBJECTS): ../../../include/config.h
diff --git a/crypto/kerberosIV/appl/ftp/common/base64.c b/crypto/kerberosIV/appl/ftp/common/base64.c
new file mode 100644
index 0000000..648f32d
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/common/base64.c
@@ -0,0 +1,149 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: base64.c,v 1.6 1997/05/30 17:24:06 assar Exp $");
+#endif
+#include <stdlib.h>
+#include <string.h>
+#include "base64.h"
+
+static char base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+static int pos(char c)
+{
+ char *p;
+ for(p = base64; *p; p++)
+ if(*p == c)
+ return p - base64;
+ return -1;
+}
+
+int base64_encode(const void *data, int size, char **str)
+{
+ char *s, *p;
+ int i;
+ int c;
+ unsigned char *q;
+
+ p = s = (char*)malloc(size*4/3+4);
+ q = (unsigned char*)data;
+ i=0;
+ for(i = 0; i < size;){
+ c=q[i++];
+ c*=256;
+ if(i < size)
+ c+=q[i];
+ i++;
+ c*=256;
+ if(i < size)
+ c+=q[i];
+ i++;
+ p[0]=base64[(c&0x00fc0000) >> 18];
+ p[1]=base64[(c&0x0003f000) >> 12];
+ p[2]=base64[(c&0x00000fc0) >> 6];
+ p[3]=base64[(c&0x0000003f) >> 0];
+ if(i > size)
+ p[3]='=';
+ if(i > size+1)
+ p[2]='=';
+ p+=4;
+ }
+ *p=0;
+ *str = s;
+ return strlen(s);
+}
+
+int base64_decode(const char *str, void *data)
+{
+ const char *p;
+ unsigned char *q;
+ int c;
+ int x;
+ int done = 0;
+ q=(unsigned char*)data;
+ for(p=str; *p && !done; p+=4){
+ x = pos(p[0]);
+ if(x >= 0)
+ c = x;
+ else{
+ done = 3;
+ break;
+ }
+ c*=64;
+
+ x = pos(p[1]);
+ if(x >= 0)
+ c += x;
+ else
+ return -1;
+ c*=64;
+
+ if(p[2] == '=')
+ done++;
+ else{
+ x = pos(p[2]);
+ if(x >= 0)
+ c += x;
+ else
+ return -1;
+ }
+ c*=64;
+
+ if(p[3] == '=')
+ done++;
+ else{
+ if(done)
+ return -1;
+ x = pos(p[3]);
+ if(x >= 0)
+ c += x;
+ else
+ return -1;
+ }
+ if(done < 3)
+ *q++=(c&0x00ff0000)>>16;
+
+ if(done < 2)
+ *q++=(c&0x0000ff00)>>8;
+ if(done < 1)
+ *q++=(c&0x000000ff)>>0;
+ }
+ return q - (unsigned char*)data;
+}
diff --git a/crypto/kerberosIV/appl/ftp/common/base64.h b/crypto/kerberosIV/appl/ftp/common/base64.h
new file mode 100644
index 0000000..fe799a2
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/common/base64.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: base64.h,v 1.5 1997/04/01 08:17:19 joda Exp $ */
+
+#ifndef _BASE64_H_
+#define _BASE64_H_
+
+int base64_encode(const void *data, int size, char **str);
+int base64_decode(const char *str, void *data);
+
+#endif
diff --git a/crypto/kerberosIV/appl/ftp/common/buffer.c b/crypto/kerberosIV/appl/ftp/common/buffer.c
new file mode 100644
index 0000000..5b7829a
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/common/buffer.c
@@ -0,0 +1,73 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "common.h"
+#include <stdio.h>
+#include "roken.h"
+
+RCSID("$Id: buffer.c,v 1.1 1997/05/18 19:59:24 assar Exp $");
+
+/*
+ * Allocate a buffer enough to handle st->st_blksize, if
+ * there is such a field, otherwise BUFSIZ.
+ */
+
+void *
+alloc_buffer (void *oldbuf, size_t *sz, struct stat *st)
+{
+ size_t new_sz;
+
+ new_sz = BUFSIZ;
+#ifdef HAVE_ST_BLKSIZE
+ if (st)
+ new_sz = max(BUFSIZ, st->st_blksize);
+#endif
+ if(new_sz > *sz) {
+ if (oldbuf)
+ free (oldbuf);
+ oldbuf = malloc (new_sz);
+ if (oldbuf == NULL) {
+ warn ("malloc");
+ *sz = 0;
+ return NULL;
+ }
+ *sz = new_sz;
+ }
+ return oldbuf;
+}
+
diff --git a/crypto/kerberosIV/appl/ftp/common/common.h b/crypto/kerberosIV/appl/ftp/common/common.h
new file mode 100644
index 0000000..4ec3149
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/common/common.h
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: common.h,v 1.9 1997/05/18 19:59:58 assar Exp $ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#ifndef __COMMON_H__
+#define __COMMON_H__
+
+#include "base64.h"
+
+void set_buffer_size(int, int);
+
+#include <stdlib.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
+void *alloc_buffer (void *oldbuf, size_t *sz, struct stat *st);
+
+#endif /* __COMMON_H__ */
diff --git a/crypto/kerberosIV/appl/ftp/common/glob.c b/crypto/kerberosIV/appl/ftp/common/glob.c
new file mode 100644
index 0000000..8f19d7c
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/common/glob.c
@@ -0,0 +1,835 @@
+/*
+ * Copyright (c) 1989, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Guido van Rossum.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * glob(3) -- a superset of the one defined in POSIX 1003.2.
+ *
+ * The [!...] convention to negate a range is supported (SysV, Posix, ksh).
+ *
+ * Optional extra services, controlled by flags not defined by POSIX:
+ *
+ * GLOB_QUOTE:
+ * Escaping convention: \ inhibits any special meaning the following
+ * character might have (except \ at end of string is retained).
+ * GLOB_MAGCHAR:
+ * Set in gl_flags if pattern contained a globbing character.
+ * GLOB_NOMAGIC:
+ * Same as GLOB_NOCHECK, but it will only append pattern if it did
+ * not contain any magic characters. [Used in csh style globbing]
+ * GLOB_ALTDIRFUNC:
+ * Use alternately specified directory access functions.
+ * GLOB_TILDE:
+ * expand ~user/foo to the /home/dir/of/user/foo
+ * GLOB_BRACE:
+ * expand {1,2}{a,b} to 1a 1b 2a 2b
+ * gl_matchc:
+ * Number of matches in the current invocation of glob.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
+#include <ctype.h>
+#ifdef HAVE_DIRENT_H
+#include <dirent.h>
+#endif
+#include <errno.h>
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#include "glob.h"
+#include "roken.h"
+
+#define CHAR_DOLLAR '$'
+#define CHAR_DOT '.'
+#define CHAR_EOS '\0'
+#define CHAR_LBRACKET '['
+#define CHAR_NOT '!'
+#define CHAR_QUESTION '?'
+#define CHAR_QUOTE '\\'
+#define CHAR_RANGE '-'
+#define CHAR_RBRACKET ']'
+#define CHAR_SEP '/'
+#define CHAR_STAR '*'
+#define CHAR_TILDE '~'
+#define CHAR_UNDERSCORE '_'
+#define CHAR_LBRACE '{'
+#define CHAR_RBRACE '}'
+#define CHAR_SLASH '/'
+#define CHAR_COMMA ','
+
+#ifndef DEBUG
+
+#define M_QUOTE 0x8000
+#define M_PROTECT 0x4000
+#define M_MASK 0xffff
+#define M_ASCII 0x00ff
+
+typedef u_short Char;
+
+#else
+
+#define M_QUOTE 0x80
+#define M_PROTECT 0x40
+#define M_MASK 0xff
+#define M_ASCII 0x7f
+
+typedef char Char;
+
+#endif
+
+
+#define CHAR(c) ((Char)((c)&M_ASCII))
+#define META(c) ((Char)((c)|M_QUOTE))
+#define M_ALL META('*')
+#define M_END META(']')
+#define M_NOT META('!')
+#define M_ONE META('?')
+#define M_RNG META('-')
+#define M_SET META('[')
+#define ismeta(c) (((c)&M_QUOTE) != 0)
+
+
+static int compare (const void *, const void *);
+static void g_Ctoc (const Char *, char *);
+static int g_lstat (Char *, struct stat *, glob_t *);
+static DIR *g_opendir (Char *, glob_t *);
+static Char *g_strchr (Char *, int);
+#ifdef notdef
+static Char *g_strcat (Char *, const Char *);
+#endif
+static int g_stat (Char *, struct stat *, glob_t *);
+static int glob0 (const Char *, glob_t *);
+static int glob1 (Char *, glob_t *);
+static int glob2 (Char *, Char *, Char *, glob_t *);
+static int glob3 (Char *, Char *, Char *, Char *, glob_t *);
+static int globextend (const Char *, glob_t *);
+static const Char * globtilde (const Char *, Char *, glob_t *);
+static int globexp1 (const Char *, glob_t *);
+static int globexp2 (const Char *, const Char *, glob_t *, int *);
+static int match (Char *, Char *, Char *);
+#ifdef DEBUG
+static void qprintf (const char *, Char *);
+#endif
+
+int
+glob(const char *pattern,
+ int flags,
+ int (*errfunc)(const char *, int),
+ glob_t *pglob)
+{
+ const u_char *patnext;
+ int c;
+ Char *bufnext, *bufend, patbuf[MaxPathLen+1];
+
+ patnext = (u_char *) pattern;
+ if (!(flags & GLOB_APPEND)) {
+ pglob->gl_pathc = 0;
+ pglob->gl_pathv = NULL;
+ if (!(flags & GLOB_DOOFFS))
+ pglob->gl_offs = 0;
+ }
+ pglob->gl_flags = flags & ~GLOB_MAGCHAR;
+ pglob->gl_errfunc = errfunc;
+ pglob->gl_matchc = 0;
+
+ bufnext = patbuf;
+ bufend = bufnext + MaxPathLen;
+ if (flags & GLOB_QUOTE) {
+ /* Protect the quoted characters. */
+ while (bufnext < bufend && (c = *patnext++) != CHAR_EOS)
+ if (c == CHAR_QUOTE) {
+ if ((c = *patnext++) == CHAR_EOS) {
+ c = CHAR_QUOTE;
+ --patnext;
+ }
+ *bufnext++ = c | M_PROTECT;
+ }
+ else
+ *bufnext++ = c;
+ }
+ else
+ while (bufnext < bufend && (c = *patnext++) != CHAR_EOS)
+ *bufnext++ = c;
+ *bufnext = CHAR_EOS;
+
+ if (flags & GLOB_BRACE)
+ return globexp1(patbuf, pglob);
+ else
+ return glob0(patbuf, pglob);
+}
+
+/*
+ * Expand recursively a glob {} pattern. When there is no more expansion
+ * invoke the standard globbing routine to glob the rest of the magic
+ * characters
+ */
+static int globexp1(const Char *pattern, glob_t *pglob)
+{
+ const Char* ptr = pattern;
+ int rv;
+
+ /* Protect a single {}, for find(1), like csh */
+ if (pattern[0] == CHAR_LBRACE && pattern[1] == CHAR_RBRACE && pattern[2] == CHAR_EOS)
+ return glob0(pattern, pglob);
+
+ while ((ptr = (const Char *) g_strchr((Char *) ptr, CHAR_LBRACE)) != NULL)
+ if (!globexp2(ptr, pattern, pglob, &rv))
+ return rv;
+
+ return glob0(pattern, pglob);
+}
+
+
+/*
+ * Recursive brace globbing helper. Tries to expand a single brace.
+ * If it succeeds then it invokes globexp1 with the new pattern.
+ * If it fails then it tries to glob the rest of the pattern and returns.
+ */
+static int globexp2(const Char *ptr, const Char *pattern,
+ glob_t *pglob, int *rv)
+{
+ int i;
+ Char *lm, *ls;
+ const Char *pe, *pm, *pl;
+ Char patbuf[MaxPathLen + 1];
+
+ /* copy part up to the brace */
+ for (lm = patbuf, pm = pattern; pm != ptr; *lm++ = *pm++)
+ continue;
+ ls = lm;
+
+ /* Find the balanced brace */
+ for (i = 0, pe = ++ptr; *pe; pe++)
+ if (*pe == CHAR_LBRACKET) {
+ /* Ignore everything between [] */
+ for (pm = pe++; *pe != CHAR_RBRACKET && *pe != CHAR_EOS; pe++)
+ continue;
+ if (*pe == CHAR_EOS) {
+ /*
+ * We could not find a matching CHAR_RBRACKET.
+ * Ignore and just look for CHAR_RBRACE
+ */
+ pe = pm;
+ }
+ }
+ else if (*pe == CHAR_LBRACE)
+ i++;
+ else if (*pe == CHAR_RBRACE) {
+ if (i == 0)
+ break;
+ i--;
+ }
+
+ /* Non matching braces; just glob the pattern */
+ if (i != 0 || *pe == CHAR_EOS) {
+ *rv = glob0(patbuf, pglob);
+ return 0;
+ }
+
+ for (i = 0, pl = pm = ptr; pm <= pe; pm++)
+ switch (*pm) {
+ case CHAR_LBRACKET:
+ /* Ignore everything between [] */
+ for (pl = pm++; *pm != CHAR_RBRACKET && *pm != CHAR_EOS; pm++)
+ continue;
+ if (*pm == CHAR_EOS) {
+ /*
+ * We could not find a matching CHAR_RBRACKET.
+ * Ignore and just look for CHAR_RBRACE
+ */
+ pm = pl;
+ }
+ break;
+
+ case CHAR_LBRACE:
+ i++;
+ break;
+
+ case CHAR_RBRACE:
+ if (i) {
+ i--;
+ break;
+ }
+ /* FALLTHROUGH */
+ case CHAR_COMMA:
+ if (i && *pm == CHAR_COMMA)
+ break;
+ else {
+ /* Append the current string */
+ for (lm = ls; (pl < pm); *lm++ = *pl++)
+ continue;
+ /*
+ * Append the rest of the pattern after the
+ * closing brace
+ */
+ for (pl = pe + 1; (*lm++ = *pl++) != CHAR_EOS;)
+ continue;
+
+ /* Expand the current pattern */
+#ifdef DEBUG
+ qprintf("globexp2:", patbuf);
+#endif
+ *rv = globexp1(patbuf, pglob);
+
+ /* move after the comma, to the next string */
+ pl = pm + 1;
+ }
+ break;
+
+ default:
+ break;
+ }
+ *rv = 0;
+ return 0;
+}
+
+
+
+/*
+ * expand tilde from the passwd file.
+ */
+static const Char *
+globtilde(const Char *pattern, Char *patbuf, glob_t *pglob)
+{
+ struct passwd *pwd;
+ char *h;
+ const Char *p;
+ Char *b;
+
+ if (*pattern != CHAR_TILDE || !(pglob->gl_flags & GLOB_TILDE))
+ return pattern;
+
+ /* Copy up to the end of the string or / */
+ for (p = pattern + 1, h = (char *) patbuf; *p && *p != CHAR_SLASH;
+ *h++ = *p++)
+ continue;
+
+ *h = CHAR_EOS;
+
+ if (((char *) patbuf)[0] == CHAR_EOS) {
+ /*
+ * handle a plain ~ or ~/ by expanding $HOME
+ * first and then trying the password file
+ */
+ if ((h = getenv("HOME")) == NULL) {
+ if ((pwd = k_getpwuid(getuid())) == NULL)
+ return pattern;
+ else
+ h = pwd->pw_dir;
+ }
+ }
+ else {
+ /*
+ * Expand a ~user
+ */
+ if ((pwd = k_getpwnam((char*) patbuf)) == NULL)
+ return pattern;
+ else
+ h = pwd->pw_dir;
+ }
+
+ /* Copy the home directory */
+ for (b = patbuf; *h; *b++ = *h++)
+ continue;
+
+ /* Append the rest of the pattern */
+ while ((*b++ = *p++) != CHAR_EOS)
+ continue;
+
+ return patbuf;
+}
+
+
+/*
+ * The main glob() routine: compiles the pattern (optionally processing
+ * quotes), calls glob1() to do the real pattern matching, and finally
+ * sorts the list (unless unsorted operation is requested). Returns 0
+ * if things went well, nonzero if errors occurred. It is not an error
+ * to find no matches.
+ */
+static int
+glob0(const Char *pattern, glob_t *pglob)
+{
+ const Char *qpatnext;
+ int c, err, oldpathc;
+ Char *bufnext, patbuf[MaxPathLen+1];
+
+ qpatnext = globtilde(pattern, patbuf, pglob);
+ oldpathc = pglob->gl_pathc;
+ bufnext = patbuf;
+
+ /* We don't need to check for buffer overflow any more. */
+ while ((c = *qpatnext++) != CHAR_EOS) {
+ switch (c) {
+ case CHAR_LBRACKET:
+ c = *qpatnext;
+ if (c == CHAR_NOT)
+ ++qpatnext;
+ if (*qpatnext == CHAR_EOS ||
+ g_strchr((Char *) qpatnext+1, CHAR_RBRACKET) == NULL) {
+ *bufnext++ = CHAR_LBRACKET;
+ if (c == CHAR_NOT)
+ --qpatnext;
+ break;
+ }
+ *bufnext++ = M_SET;
+ if (c == CHAR_NOT)
+ *bufnext++ = M_NOT;
+ c = *qpatnext++;
+ do {
+ *bufnext++ = CHAR(c);
+ if (*qpatnext == CHAR_RANGE &&
+ (c = qpatnext[1]) != CHAR_RBRACKET) {
+ *bufnext++ = M_RNG;
+ *bufnext++ = CHAR(c);
+ qpatnext += 2;
+ }
+ } while ((c = *qpatnext++) != CHAR_RBRACKET);
+ pglob->gl_flags |= GLOB_MAGCHAR;
+ *bufnext++ = M_END;
+ break;
+ case CHAR_QUESTION:
+ pglob->gl_flags |= GLOB_MAGCHAR;
+ *bufnext++ = M_ONE;
+ break;
+ case CHAR_STAR:
+ pglob->gl_flags |= GLOB_MAGCHAR;
+ /* collapse adjacent stars to one,
+ * to avoid exponential behavior
+ */
+ if (bufnext == patbuf || bufnext[-1] != M_ALL)
+ *bufnext++ = M_ALL;
+ break;
+ default:
+ *bufnext++ = CHAR(c);
+ break;
+ }
+ }
+ *bufnext = CHAR_EOS;
+#ifdef DEBUG
+ qprintf("glob0:", patbuf);
+#endif
+
+ if ((err = glob1(patbuf, pglob)) != 0)
+ return(err);
+
+ /*
+ * If there was no match we are going to append the pattern
+ * if GLOB_NOCHECK was specified or if GLOB_NOMAGIC was specified
+ * and the pattern did not contain any magic characters
+ * GLOB_NOMAGIC is there just for compatibility with csh.
+ */
+ if (pglob->gl_pathc == oldpathc &&
+ ((pglob->gl_flags & GLOB_NOCHECK) ||
+ ((pglob->gl_flags & GLOB_NOMAGIC) &&
+ !(pglob->gl_flags & GLOB_MAGCHAR))))
+ return(globextend(pattern, pglob));
+ else if (!(pglob->gl_flags & GLOB_NOSORT))
+ qsort(pglob->gl_pathv + pglob->gl_offs + oldpathc,
+ pglob->gl_pathc - oldpathc, sizeof(char *), compare);
+ return(0);
+}
+
+static int
+compare(const void *p, const void *q)
+{
+ return(strcmp(*(char **)p, *(char **)q));
+}
+
+static int
+glob1(Char *pattern, glob_t *pglob)
+{
+ Char pathbuf[MaxPathLen+1];
+
+ /* A null pathname is invalid -- POSIX 1003.1 sect. 2.4. */
+ if (*pattern == CHAR_EOS)
+ return(0);
+ return(glob2(pathbuf, pathbuf, pattern, pglob));
+}
+
+/*
+ * The functions glob2 and glob3 are mutually recursive; there is one level
+ * of recursion for each segment in the pattern that contains one or more
+ * meta characters.
+ */
+
+#ifndef S_ISLNK
+#if defined(S_IFLNK) && defined(S_IFMT)
+#define S_ISLNK(mode) (((mode) & S_IFMT) == S_IFLNK)
+#else
+#define S_ISLNK(mode) 0
+#endif
+#endif
+
+static int
+glob2(Char *pathbuf, Char *pathend, Char *pattern, glob_t *pglob)
+{
+ struct stat sb;
+ Char *p, *q;
+ int anymeta;
+
+ /*
+ * Loop over pattern segments until end of pattern or until
+ * segment with meta character found.
+ */
+ for (anymeta = 0;;) {
+ if (*pattern == CHAR_EOS) { /* End of pattern? */
+ *pathend = CHAR_EOS;
+ if (g_lstat(pathbuf, &sb, pglob))
+ return(0);
+
+ if (((pglob->gl_flags & GLOB_MARK) &&
+ pathend[-1] != CHAR_SEP) && (S_ISDIR(sb.st_mode)
+ || (S_ISLNK(sb.st_mode) &&
+ (g_stat(pathbuf, &sb, pglob) == 0) &&
+ S_ISDIR(sb.st_mode)))) {
+ *pathend++ = CHAR_SEP;
+ *pathend = CHAR_EOS;
+ }
+ ++pglob->gl_matchc;
+ return(globextend(pathbuf, pglob));
+ }
+
+ /* Find end of next segment, copy tentatively to pathend. */
+ q = pathend;
+ p = pattern;
+ while (*p != CHAR_EOS && *p != CHAR_SEP) {
+ if (ismeta(*p))
+ anymeta = 1;
+ *q++ = *p++;
+ }
+
+ if (!anymeta) { /* No expansion, do next segment. */
+ pathend = q;
+ pattern = p;
+ while (*pattern == CHAR_SEP)
+ *pathend++ = *pattern++;
+ } else /* Need expansion, recurse. */
+ return(glob3(pathbuf, pathend, pattern, p, pglob));
+ }
+ /* CHAR_NOTREACHED */
+}
+
+static int
+glob3(Char *pathbuf, Char *pathend, Char *pattern, Char *restpattern,
+ glob_t *pglob)
+{
+ struct dirent *dp;
+ DIR *dirp;
+ int err;
+ char buf[MaxPathLen];
+
+ /*
+ * The readdirfunc declaration can't be prototyped, because it is
+ * assigned, below, to two functions which are prototyped in glob.h
+ * and dirent.h as taking pointers to differently typed opaque
+ * structures.
+ */
+ struct dirent *(*readdirfunc)(void *);
+
+ *pathend = CHAR_EOS;
+ errno = 0;
+
+ if ((dirp = g_opendir(pathbuf, pglob)) == NULL) {
+ /* TODO: don't call for ENOENT or ENOTDIR? */
+ if (pglob->gl_errfunc) {
+ g_Ctoc(pathbuf, buf);
+ if (pglob->gl_errfunc(buf, errno) ||
+ pglob->gl_flags & GLOB_ERR)
+ return (GLOB_ABEND);
+ }
+ return(0);
+ }
+
+ err = 0;
+
+ /* Search directory for matching names. */
+ if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+ readdirfunc = pglob->gl_readdir;
+ else
+ readdirfunc = (struct dirent *(*)(void *))readdir;
+ while ((dp = (*readdirfunc)(dirp))) {
+ u_char *sc;
+ Char *dc;
+
+ /* Initial CHAR_DOT must be matched literally. */
+ if (dp->d_name[0] == CHAR_DOT && *pattern != CHAR_DOT)
+ continue;
+ for (sc = (u_char *) dp->d_name, dc = pathend;
+ (*dc++ = *sc++) != CHAR_EOS;)
+ continue;
+ if (!match(pathend, pattern, restpattern)) {
+ *pathend = CHAR_EOS;
+ continue;
+ }
+ err = glob2(pathbuf, --dc, restpattern, pglob);
+ if (err)
+ break;
+ }
+
+ if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+ (*pglob->gl_closedir)(dirp);
+ else
+ closedir(dirp);
+ return(err);
+}
+
+
+/*
+ * Extend the gl_pathv member of a glob_t structure to accomodate a new item,
+ * add the new item, and update gl_pathc.
+ *
+ * This assumes the BSD realloc, which only copies the block when its size
+ * crosses a power-of-two boundary; for v7 realloc, this would cause quadratic
+ * behavior.
+ *
+ * Return 0 if new item added, error code if memory couldn't be allocated.
+ *
+ * Invariant of the glob_t structure:
+ * Either gl_pathc is zero and gl_pathv is NULL; or gl_pathc > 0 and
+ * gl_pathv points to (gl_offs + gl_pathc + 1) items.
+ */
+static int
+globextend(const Char *path, glob_t *pglob)
+{
+ char **pathv;
+ int i;
+ u_int newsize;
+ char *copy;
+ const Char *p;
+
+ newsize = sizeof(*pathv) * (2 + pglob->gl_pathc + pglob->gl_offs);
+ pathv = pglob->gl_pathv ?
+ realloc(pglob->gl_pathv, newsize) :
+ malloc(newsize);
+ if (pathv == NULL)
+ return(GLOB_NOSPACE);
+
+ if (pglob->gl_pathv == NULL && pglob->gl_offs > 0) {
+ /* first time around -- clear initial gl_offs items */
+ pathv += pglob->gl_offs;
+ for (i = pglob->gl_offs; --i >= 0; )
+ *--pathv = NULL;
+ }
+ pglob->gl_pathv = pathv;
+
+ for (p = path; *p++;)
+ continue;
+ if ((copy = malloc(p - path)) != NULL) {
+ g_Ctoc(path, copy);
+ pathv[pglob->gl_offs + pglob->gl_pathc++] = copy;
+ }
+ pathv[pglob->gl_offs + pglob->gl_pathc] = NULL;
+ return(copy == NULL ? GLOB_NOSPACE : 0);
+}
+
+
+/*
+ * pattern matching function for filenames. Each occurrence of the *
+ * pattern causes a recursion level.
+ */
+static int
+match(Char *name, Char *pat, Char *patend)
+{
+ int ok, negate_range;
+ Char c, k;
+
+ while (pat < patend) {
+ c = *pat++;
+ switch (c & M_MASK) {
+ case M_ALL:
+ if (pat == patend)
+ return(1);
+ do
+ if (match(name, pat, patend))
+ return(1);
+ while (*name++ != CHAR_EOS);
+ return(0);
+ case M_ONE:
+ if (*name++ == CHAR_EOS)
+ return(0);
+ break;
+ case M_SET:
+ ok = 0;
+ if ((k = *name++) == CHAR_EOS)
+ return(0);
+ if ((negate_range = ((*pat & M_MASK) == M_NOT)) != CHAR_EOS)
+ ++pat;
+ while (((c = *pat++) & M_MASK) != M_END)
+ if ((*pat & M_MASK) == M_RNG) {
+ if (c <= k && k <= pat[1])
+ ok = 1;
+ pat += 2;
+ } else if (c == k)
+ ok = 1;
+ if (ok == negate_range)
+ return(0);
+ break;
+ default:
+ if (*name++ != c)
+ return(0);
+ break;
+ }
+ }
+ return(*name == CHAR_EOS);
+}
+
+/* Free allocated data belonging to a glob_t structure. */
+void
+globfree(glob_t *pglob)
+{
+ int i;
+ char **pp;
+
+ if (pglob->gl_pathv != NULL) {
+ pp = pglob->gl_pathv + pglob->gl_offs;
+ for (i = pglob->gl_pathc; i--; ++pp)
+ if (*pp)
+ free(*pp);
+ free(pglob->gl_pathv);
+ }
+}
+
+static DIR *
+g_opendir(Char *str, glob_t *pglob)
+{
+ char buf[MaxPathLen];
+
+ if (!*str)
+ strcpy(buf, ".");
+ else
+ g_Ctoc(str, buf);
+
+ if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+ return((*pglob->gl_opendir)(buf));
+
+ return(opendir(buf));
+}
+
+static int
+g_lstat(Char *fn, struct stat *sb, glob_t *pglob)
+{
+ char buf[MaxPathLen];
+
+ g_Ctoc(fn, buf);
+ if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+ return((*pglob->gl_lstat)(buf, sb));
+ return(lstat(buf, sb));
+}
+
+static int
+g_stat(Char *fn, struct stat *sb, glob_t *pglob)
+{
+ char buf[MaxPathLen];
+
+ g_Ctoc(fn, buf);
+ if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+ return((*pglob->gl_stat)(buf, sb));
+ return(stat(buf, sb));
+}
+
+static Char *
+g_strchr(Char *str, int ch)
+{
+ do {
+ if (*str == ch)
+ return (str);
+ } while (*str++);
+ return (NULL);
+}
+
+#ifdef notdef
+static Char *
+g_strcat(Char *dst, const Char *src)
+{
+ Char *sdst = dst;
+
+ while (*dst++)
+ continue;
+ --dst;
+ while((*dst++ = *src++) != CHAR_EOS)
+ continue;
+
+ return (sdst);
+}
+#endif
+
+static void
+g_Ctoc(const Char *str, char *buf)
+{
+ char *dc;
+
+ for (dc = buf; (*dc++ = *str++) != CHAR_EOS;)
+ continue;
+}
+
+#ifdef DEBUG
+static void
+qprintf(const Char *str, Char *s)
+{
+ Char *p;
+
+ printf("%s:\n", str);
+ for (p = s; *p; p++)
+ printf("%c", CHAR(*p));
+ printf("\n");
+ for (p = s; *p; p++)
+ printf("%c", *p & M_PROTECT ? '"' : ' ');
+ printf("\n");
+ for (p = s; *p; p++)
+ printf("%c", ismeta(*p) ? '_' : ' ');
+ printf("\n");
+}
+#endif
diff --git a/crypto/kerberosIV/appl/ftp/common/glob.h b/crypto/kerberosIV/appl/ftp/common/glob.h
new file mode 100644
index 0000000..bece48a
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/common/glob.h
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 1989, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Guido van Rossum.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)glob.h 8.1 (Berkeley) 6/2/93
+ */
+
+#ifndef _GLOB_H_
+#define _GLOB_H_
+
+struct stat;
+typedef struct {
+ int gl_pathc; /* Count of total paths so far. */
+ int gl_matchc; /* Count of paths matching pattern. */
+ int gl_offs; /* Reserved at beginning of gl_pathv. */
+ int gl_flags; /* Copy of flags parameter to glob. */
+ char **gl_pathv; /* List of paths matching pattern. */
+ /* Copy of errfunc parameter to glob. */
+ int (*gl_errfunc) (const char *, int);
+
+ /*
+ * Alternate filesystem access methods for glob; replacement
+ * versions of closedir(3), readdir(3), opendir(3), stat(2)
+ * and lstat(2).
+ */
+ void (*gl_closedir) (void *);
+ struct dirent *(*gl_readdir) (void *);
+ void *(*gl_opendir) (const char *);
+ int (*gl_lstat) (const char *, struct stat *);
+ int (*gl_stat) (const char *, struct stat *);
+} glob_t;
+
+#define GLOB_APPEND 0x0001 /* Append to output from previous call. */
+#define GLOB_DOOFFS 0x0002 /* Use gl_offs. */
+#define GLOB_ERR 0x0004 /* Return on error. */
+#define GLOB_MARK 0x0008 /* Append / to matching directories. */
+#define GLOB_NOCHECK 0x0010 /* Return pattern itself if nothing matches. */
+#define GLOB_NOSORT 0x0020 /* Don't sort. */
+
+#define GLOB_ALTDIRFUNC 0x0040 /* Use alternately specified directory funcs. */
+#define GLOB_BRACE 0x0080 /* Expand braces ala csh. */
+#define GLOB_MAGCHAR 0x0100 /* Pattern had globbing characters. */
+#define GLOB_NOMAGIC 0x0200 /* GLOB_NOCHECK without magic chars (csh). */
+#define GLOB_QUOTE 0x0400 /* Quote special chars with \. */
+#define GLOB_TILDE 0x0800 /* Expand tilde names from the passwd file. */
+
+#define GLOB_NOSPACE (-1) /* Malloc call failed. */
+#define GLOB_ABEND (-2) /* Unignored error. */
+
+int glob (const char *, int, int (*)(const char *, int), glob_t *);
+void globfree (glob_t *);
+
+#endif /* !_GLOB_H_ */
diff --git a/crypto/kerberosIV/appl/ftp/common/sockbuf.c b/crypto/kerberosIV/appl/ftp/common/sockbuf.c
new file mode 100644
index 0000000..ab8c293
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/common/sockbuf.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "common.h"
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+
+RCSID("$Id: sockbuf.c,v 1.2 1997/05/11 10:01:48 assar Exp $");
+
+void
+set_buffer_size(int fd, int read)
+{
+#if defined(SO_RCVBUF) && defined(SO_SNDBUF) && defined(HAVE_SETSOCKOPT)
+ size_t size = 4194304;
+ while(size >= 131072 &&
+ setsockopt(fd, SOL_SOCKET, read ? SO_RCVBUF : SO_SNDBUF,
+ (void *)&size, sizeof(size)) < 0)
+ size /= 2;
+#endif
+}
+
+
diff --git a/crypto/kerberosIV/appl/ftp/ftp/Makefile.in b/crypto/kerberosIV/appl/ftp/ftp/Makefile.in
new file mode 100644
index 0000000..62bde3b
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/Makefile.in
@@ -0,0 +1,76 @@
+#
+# $Id: Makefile.in,v 1.24 1997/03/23 13:03:55 assar Exp $
+#
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+
+topdir = ../../..
+
+CC = @CC@
+RANLIB = @RANLIB@
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@
+CPPFLAGS= @CPPFLAGS@ -I. -I$(srcdir) -I$(topdir) -I$(top_srcdir) -I$(topdir)/include -I$(top_srcdir)/include -I$(srcdir)/../common @INCLUDE_readline@
+LD_FLAGS = @LD_FLAGS@
+LIB_tgetent = @LIB_tgetent@
+LIBS = @LIBS@ @LIB_readline@
+MKINSTALLDIRS = $(top_srcdir)/mkinstalldirs
+
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+bindir = @bindir@
+libdir = @libdir@
+transform=@program_transform_name@
+EXECSUFFIX=@EXECSUFFIX@
+
+INCTOP = $(topdir)/include
+
+LIBTOP = $(topdir)/lib
+
+PROGS = ftp$(EXECSUFFIX)
+
+ftp_OBJS = cmds.o cmdtab.o ftp.o krb4.o main.o ruserpass.o domacro.o \
+ globals.o kauth.o
+
+ftp_SOURCES = cmds.c cmdtab.c ftp.c krb4.c main.c ruserpass.c \
+ domacro.c globals.c kauth.c
+
+OBJECTS = $(ftp_OBJS)
+SOURCES = $(ftp_SOURCES)
+
+all: $(PROGS)
+
+.c.o:
+ $(CC) -c $(CFLAGS) $(CPPFLAGS) $(DEFS) $<
+
+install: all
+ $(MKINSTALLDIRS) $(bindir)
+ for x in $(PROGS); do \
+ $(INSTALL_PROGRAM) $$x $(bindir)/`echo $$x | sed '$(transform)'`; \
+ done
+
+uninstall:
+ for x in $(PROGS); do \
+ rm -f $(bindir)/`echo $$x | sed '$(transform)'`; \
+ done
+
+ftp$(EXECSUFFIX): $(ftp_OBJS) # ../common/libcommon.a
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(ftp_OBJS) -L../common -lcommon -L$(LIBTOP)/krb -lkrb -L$(LIBTOP)/des -ldes -L$(LIBTOP)/roken -lroken $(LIBS) -L$(LIBTOP)/roken -lroken
+
+TAGS: $(SOURCES)
+ etags $(SOURCES)
+
+clean cleandir:
+ rm -f *~ *.o core ftp \#*
+
+distclean:
+ rm -f Makefile
+
+$(OBJECTS): ../../../include/config.h
diff --git a/crypto/kerberosIV/appl/ftp/ftp/cmds.c b/crypto/kerberosIV/appl/ftp/ftp/cmds.c
new file mode 100644
index 0000000..5e1980b
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/cmds.c
@@ -0,0 +1,2073 @@
+/*
+ * Copyright (c) 1985, 1989, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * FTP User Program -- Command Routines.
+ */
+
+#include "ftp_locl.h"
+RCSID("$Id: cmds.c,v 1.23 1997/06/01 22:52:37 assar Exp $");
+
+typedef void (*sighand)(int);
+
+jmp_buf jabort;
+char *mname;
+char *home = "/";
+
+/*
+ * `Another' gets another argument, and stores the new argc and argv.
+ * It reverts to the top level (via main.c's intr()) on EOF/error.
+ *
+ * Returns false if no new arguments have been added.
+ */
+int
+another(int *pargc, char ***pargv, char *prompt)
+{
+ int len = strlen(line), ret;
+
+ if (len >= sizeof(line) - 3) {
+ printf("sorry, arguments too long\n");
+ intr(0);
+ }
+ printf("(%s) ", prompt);
+ line[len++] = ' ';
+ if (fgets(&line[len], sizeof(line) - len, stdin) == NULL)
+ intr(0);
+ len += strlen(&line[len]);
+ if (len > 0 && line[len - 1] == '\n')
+ line[len - 1] = '\0';
+ makeargv();
+ ret = margc > *pargc;
+ *pargc = margc;
+ *pargv = margv;
+ return (ret);
+}
+
+/*
+ * Connect to peer server and
+ * auto-login, if possible.
+ */
+void
+setpeer(int argc, char **argv)
+{
+ char *host;
+ short port;
+ struct servent *sp;
+
+ if (connected) {
+ printf("Already connected to %s, use close first.\n",
+ hostname);
+ code = -1;
+ return;
+ }
+ if (argc < 2)
+ another(&argc, &argv, "to");
+ if (argc < 2 || argc > 3) {
+ printf("usage: %s host-name [port]\n", argv[0]);
+ code = -1;
+ return;
+ }
+ sp = getservbyname("ftp", "tcp");
+ if (sp == NULL)
+ errx(1, "You bastard. You removed ftp/tcp from services");
+ port = sp->s_port;
+ if (argc > 2) {
+ port = atoi(argv[2]);
+ if (port <= 0) {
+ printf("%s: bad port number-- %s\n", argv[1], argv[2]);
+ printf ("usage: %s host-name [port]\n", argv[0]);
+ code = -1;
+ return;
+ }
+ port = htons(port);
+ }
+ host = hookup(argv[1], port);
+ if (host) {
+ int overbose;
+
+ connected = 1;
+ /*
+ * Set up defaults for FTP.
+ */
+ strcpy(typename, "ascii"), type = TYPE_A;
+ curtype = TYPE_A;
+ strcpy(formname, "non-print"), form = FORM_N;
+ strcpy(modename, "stream"), mode = MODE_S;
+ strcpy(structname, "file"), stru = STRU_F;
+ strcpy(bytename, "8"), bytesize = 8;
+ if (autologin)
+ login(argv[1]);
+
+#if (defined(unix) || defined(__unix__) || defined(__unix) || defined(_AIX) || defined(_CRAY)) && NBBY == 8
+/*
+ * this ifdef is to keep someone form "porting" this to an incompatible
+ * system and not checking this out. This way they have to think about it.
+ */
+ overbose = verbose;
+ if (debug == 0)
+ verbose = -1;
+ if (command("SYST") == COMPLETE && overbose) {
+ char *cp, c;
+ cp = strchr(reply_string+4, ' ');
+ if (cp == NULL)
+ cp = strchr(reply_string+4, '\r');
+ if (cp) {
+ if (cp[-1] == '.')
+ cp--;
+ c = *cp;
+ *cp = '\0';
+ }
+
+ printf("Remote system type is %s.\n",
+ reply_string+4);
+ if (cp)
+ *cp = c;
+ }
+ if (!strncmp(reply_string, "215 UNIX Type: L8", 17)) {
+ if (proxy)
+ unix_proxy = 1;
+ else
+ unix_server = 1;
+ /*
+ * Set type to 0 (not specified by user),
+ * meaning binary by default, but don't bother
+ * telling server. We can use binary
+ * for text files unless changed by the user.
+ */
+ type = 0;
+ strcpy(typename, "binary");
+ if (overbose)
+ printf("Using %s mode to transfer files.\n",
+ typename);
+ } else {
+ if (proxy)
+ unix_proxy = 0;
+ else
+ unix_server = 0;
+ if (overbose &&
+ !strncmp(reply_string, "215 TOPS20", 10))
+ printf(
+"Remember to set tenex mode when transfering binary files from this machine.\n");
+ }
+ verbose = overbose;
+#endif /* unix */
+ }
+}
+
+struct types {
+ char *t_name;
+ char *t_mode;
+ int t_type;
+ char *t_arg;
+} types[] = {
+ { "ascii", "A", TYPE_A, 0 },
+ { "binary", "I", TYPE_I, 0 },
+ { "image", "I", TYPE_I, 0 },
+ { "ebcdic", "E", TYPE_E, 0 },
+ { "tenex", "L", TYPE_L, bytename },
+ { NULL }
+};
+
+/*
+ * Set transfer type.
+ */
+void
+settype(int argc, char **argv)
+{
+ struct types *p;
+ int comret;
+
+ if (argc > 2) {
+ char *sep;
+
+ printf("usage: %s [", argv[0]);
+ sep = " ";
+ for (p = types; p->t_name; p++) {
+ printf("%s%s", sep, p->t_name);
+ sep = " | ";
+ }
+ printf(" ]\n");
+ code = -1;
+ return;
+ }
+ if (argc < 2) {
+ printf("Using %s mode to transfer files.\n", typename);
+ code = 0;
+ return;
+ }
+ for (p = types; p->t_name; p++)
+ if (strcmp(argv[1], p->t_name) == 0)
+ break;
+ if (p->t_name == 0) {
+ printf("%s: unknown mode\n", argv[1]);
+ code = -1;
+ return;
+ }
+ if ((p->t_arg != NULL) && (*(p->t_arg) != '\0'))
+ comret = command ("TYPE %s %s", p->t_mode, p->t_arg);
+ else
+ comret = command("TYPE %s", p->t_mode);
+ if (comret == COMPLETE) {
+ strcpy(typename, p->t_name);
+ curtype = type = p->t_type;
+ }
+}
+
+/*
+ * Internal form of settype; changes current type in use with server
+ * without changing our notion of the type for data transfers.
+ * Used to change to and from ascii for listings.
+ */
+void
+changetype(int newtype, int show)
+{
+ struct types *p;
+ int comret, oldverbose = verbose;
+
+ if (newtype == 0)
+ newtype = TYPE_I;
+ if (newtype == curtype)
+ return;
+ if (debug == 0 && show == 0)
+ verbose = 0;
+ for (p = types; p->t_name; p++)
+ if (newtype == p->t_type)
+ break;
+ if (p->t_name == 0) {
+ printf("ftp: internal error: unknown type %d\n", newtype);
+ return;
+ }
+ if (newtype == TYPE_L && bytename[0] != '\0')
+ comret = command("TYPE %s %s", p->t_mode, bytename);
+ else
+ comret = command("TYPE %s", p->t_mode);
+ if (comret == COMPLETE)
+ curtype = newtype;
+ verbose = oldverbose;
+}
+
+char *stype[] = {
+ "type",
+ "",
+ 0
+};
+
+/*
+ * Set binary transfer type.
+ */
+/*VARARGS*/
+void
+setbinary(int argc, char **argv)
+{
+
+ stype[1] = "binary";
+ settype(2, stype);
+}
+
+/*
+ * Set ascii transfer type.
+ */
+/*VARARGS*/
+void
+setascii(int argc, char **argv)
+{
+
+ stype[1] = "ascii";
+ settype(2, stype);
+}
+
+/*
+ * Set tenex transfer type.
+ */
+/*VARARGS*/
+void
+settenex(int argc, char **argv)
+{
+
+ stype[1] = "tenex";
+ settype(2, stype);
+}
+
+/*
+ * Set file transfer mode.
+ */
+/*ARGSUSED*/
+void
+setftmode(int argc, char **argv)
+{
+
+ printf("We only support %s mode, sorry.\n", modename);
+ code = -1;
+}
+
+/*
+ * Set file transfer format.
+ */
+/*ARGSUSED*/
+void
+setform(int argc, char **argv)
+{
+
+ printf("We only support %s format, sorry.\n", formname);
+ code = -1;
+}
+
+/*
+ * Set file transfer structure.
+ */
+/*ARGSUSED*/
+void
+setstruct(int argc, char **argv)
+{
+
+ printf("We only support %s structure, sorry.\n", structname);
+ code = -1;
+}
+
+/*
+ * Send a single file.
+ */
+void
+put(int argc, char **argv)
+{
+ char *cmd;
+ int loc = 0;
+ char *oldargv1, *oldargv2;
+
+ if (argc == 2) {
+ argc++;
+ argv[2] = argv[1];
+ loc++;
+ }
+ if (argc < 2 && !another(&argc, &argv, "local-file"))
+ goto usage;
+ if (argc < 3 && !another(&argc, &argv, "remote-file")) {
+usage:
+ printf("usage: %s local-file remote-file\n", argv[0]);
+ code = -1;
+ return;
+ }
+ oldargv1 = argv[1];
+ oldargv2 = argv[2];
+ if (!globulize(&argv[1])) {
+ code = -1;
+ return;
+ }
+ /*
+ * If "globulize" modifies argv[1], and argv[2] is a copy of
+ * the old argv[1], make it a copy of the new argv[1].
+ */
+ if (argv[1] != oldargv1 && argv[2] == oldargv1) {
+ argv[2] = argv[1];
+ }
+ cmd = (argv[0][0] == 'a') ? "APPE" : ((sunique) ? "STOU" : "STOR");
+ if (loc && ntflag) {
+ argv[2] = dotrans(argv[2]);
+ }
+ if (loc && mapflag) {
+ argv[2] = domap(argv[2]);
+ }
+ sendrequest(cmd, argv[1], argv[2],
+ argv[1] != oldargv1 || argv[2] != oldargv2);
+}
+
+/* ARGSUSED */
+static RETSIGTYPE
+mabort(int signo)
+{
+ int ointer;
+
+ printf("\n");
+ fflush(stdout);
+ if (mflag && fromatty) {
+ ointer = interactive;
+ interactive = 1;
+ if (confirm("Continue with", mname)) {
+ interactive = ointer;
+ longjmp(jabort,0);
+ }
+ interactive = ointer;
+ }
+ mflag = 0;
+ longjmp(jabort,0);
+}
+
+/*
+ * Send multiple files.
+ */
+void
+mput(int argc, char **argv)
+{
+ int i;
+ RETSIGTYPE (*oldintr)();
+ int ointer;
+ char *tp;
+
+ if (argc < 2 && !another(&argc, &argv, "local-files")) {
+ printf("usage: %s local-files\n", argv[0]);
+ code = -1;
+ return;
+ }
+ mname = argv[0];
+ mflag = 1;
+ oldintr = signal(SIGINT, mabort);
+ setjmp(jabort);
+ if (proxy) {
+ char *cp, *tp2, tmpbuf[MaxPathLen];
+
+ while ((cp = remglob(argv,0)) != NULL) {
+ if (*cp == 0) {
+ mflag = 0;
+ continue;
+ }
+ if (mflag && confirm(argv[0], cp)) {
+ tp = cp;
+ if (mcase) {
+ while (*tp && !islower(*tp)) {
+ tp++;
+ }
+ if (!*tp) {
+ tp = cp;
+ tp2 = tmpbuf;
+ while ((*tp2 = *tp) != '\0') {
+ if (isupper(*tp2)) {
+ *tp2 = 'a' + *tp2 - 'A';
+ }
+ tp++;
+ tp2++;
+ }
+ }
+ tp = tmpbuf;
+ }
+ if (ntflag) {
+ tp = dotrans(tp);
+ }
+ if (mapflag) {
+ tp = domap(tp);
+ }
+ sendrequest((sunique) ? "STOU" : "STOR",
+ cp, tp, cp != tp || !interactive);
+ if (!mflag && fromatty) {
+ ointer = interactive;
+ interactive = 1;
+ if (confirm("Continue with","mput")) {
+ mflag++;
+ }
+ interactive = ointer;
+ }
+ }
+ }
+ signal(SIGINT, oldintr);
+ mflag = 0;
+ return;
+ }
+ for (i = 1; i < argc; i++) {
+ char **cpp;
+ glob_t gl;
+ int flags;
+
+ if (!doglob) {
+ if (mflag && confirm(argv[0], argv[i])) {
+ tp = (ntflag) ? dotrans(argv[i]) : argv[i];
+ tp = (mapflag) ? domap(tp) : tp;
+ sendrequest((sunique) ? "STOU" : "STOR",
+ argv[i], tp, tp != argv[i] || !interactive);
+ if (!mflag && fromatty) {
+ ointer = interactive;
+ interactive = 1;
+ if (confirm("Continue with","mput")) {
+ mflag++;
+ }
+ interactive = ointer;
+ }
+ }
+ continue;
+ }
+
+ memset(&gl, 0, sizeof(gl));
+ flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
+ if (glob(argv[i], flags, NULL, &gl) || gl.gl_pathc == 0) {
+ warnx("%s: not found", argv[i]);
+ globfree(&gl);
+ continue;
+ }
+ for (cpp = gl.gl_pathv; cpp && *cpp != NULL; cpp++) {
+ if (mflag && confirm(argv[0], *cpp)) {
+ tp = (ntflag) ? dotrans(*cpp) : *cpp;
+ tp = (mapflag) ? domap(tp) : tp;
+ sendrequest((sunique) ? "STOU" : "STOR",
+ *cpp, tp, *cpp != tp || !interactive);
+ if (!mflag && fromatty) {
+ ointer = interactive;
+ interactive = 1;
+ if (confirm("Continue with","mput")) {
+ mflag++;
+ }
+ interactive = ointer;
+ }
+ }
+ }
+ globfree(&gl);
+ }
+ signal(SIGINT, oldintr);
+ mflag = 0;
+}
+
+void
+reget(int argc, char **argv)
+{
+
+ getit(argc, argv, 1, "r+w");
+}
+
+void
+get(int argc, char **argv)
+{
+
+ getit(argc, argv, 0, restart_point ? "r+w" : "w" );
+}
+
+/*
+ * Receive one file.
+ */
+int
+getit(int argc, char **argv, int restartit, char *mode)
+{
+ int loc = 0;
+ char *oldargv1, *oldargv2;
+
+ if (argc == 2) {
+ argc++;
+ argv[2] = argv[1];
+ loc++;
+ }
+ if (argc < 2 && !another(&argc, &argv, "remote-file"))
+ goto usage;
+ if (argc < 3 && !another(&argc, &argv, "local-file")) {
+usage:
+ printf("usage: %s remote-file [ local-file ]\n", argv[0]);
+ code = -1;
+ return (0);
+ }
+ oldargv1 = argv[1];
+ oldargv2 = argv[2];
+ if (!globulize(&argv[2])) {
+ code = -1;
+ return (0);
+ }
+ if (loc && mcase) {
+ char *tp = argv[1], *tp2, tmpbuf[MaxPathLen];
+
+ while (*tp && !islower(*tp)) {
+ tp++;
+ }
+ if (!*tp) {
+ tp = argv[2];
+ tp2 = tmpbuf;
+ while ((*tp2 = *tp) != '\0') {
+ if (isupper(*tp2)) {
+ *tp2 = 'a' + *tp2 - 'A';
+ }
+ tp++;
+ tp2++;
+ }
+ argv[2] = tmpbuf;
+ }
+ }
+ if (loc && ntflag)
+ argv[2] = dotrans(argv[2]);
+ if (loc && mapflag)
+ argv[2] = domap(argv[2]);
+ if (restartit) {
+ struct stat stbuf;
+ int ret;
+
+ ret = stat(argv[2], &stbuf);
+ if (restartit == 1) {
+ if (ret < 0) {
+ warn("local: %s", argv[2]);
+ return (0);
+ }
+ restart_point = stbuf.st_size;
+ } else {
+ if (ret == 0) {
+ int overbose;
+
+ overbose = verbose;
+ if (debug == 0)
+ verbose = -1;
+ if (command("MDTM %s", argv[1]) == COMPLETE) {
+ int yy, mo, day, hour, min, sec;
+ struct tm *tm;
+ verbose = overbose;
+ sscanf(reply_string,
+ "%*s %04d%02d%02d%02d%02d%02d",
+ &yy, &mo, &day, &hour, &min, &sec);
+ tm = gmtime(&stbuf.st_mtime);
+ tm->tm_mon++;
+ if (tm->tm_year > yy%100)
+ return (1);
+ if ((tm->tm_year == yy%100 &&
+ tm->tm_mon > mo) ||
+ (tm->tm_mon == mo &&
+ tm->tm_mday > day) ||
+ (tm->tm_mday == day &&
+ tm->tm_hour > hour) ||
+ (tm->tm_hour == hour &&
+ tm->tm_min > min) ||
+ (tm->tm_min == min &&
+ tm->tm_sec > sec))
+ return (1);
+ } else {
+ printf("%s\n", reply_string);
+ verbose = overbose;
+ return (0);
+ }
+ }
+ }
+ }
+
+ recvrequest("RETR", argv[2], argv[1], mode,
+ argv[1] != oldargv1 || argv[2] != oldargv2);
+ restart_point = 0;
+ return (0);
+}
+
+/*
+ * Get multiple files.
+ */
+void
+mget(int argc, char **argv)
+{
+ sighand oldintr;
+ int ch, ointer;
+ char *cp, *tp, *tp2, tmpbuf[MaxPathLen];
+
+ if (argc < 2 && !another(&argc, &argv, "remote-files")) {
+ printf("usage: %s remote-files\n", argv[0]);
+ code = -1;
+ return;
+ }
+ mname = argv[0];
+ mflag = 1;
+ oldintr = signal(SIGINT, mabort);
+ setjmp(jabort);
+ while ((cp = remglob(argv,proxy)) != NULL) {
+ if (*cp == '\0') {
+ mflag = 0;
+ continue;
+ }
+ if (mflag && confirm(argv[0], cp)) {
+ tp = cp;
+ if (mcase) {
+ for (tp2 = tmpbuf; (ch = *tp++);)
+ *tp2++ = isupper(ch) ? tolower(ch) : ch;
+ *tp2 = '\0';
+ tp = tmpbuf;
+ }
+ if (ntflag) {
+ tp = dotrans(tp);
+ }
+ if (mapflag) {
+ tp = domap(tp);
+ }
+ recvrequest("RETR", tp, cp, "w",
+ tp != cp || !interactive);
+ if (!mflag && fromatty) {
+ ointer = interactive;
+ interactive = 1;
+ if (confirm("Continue with","mget")) {
+ mflag++;
+ }
+ interactive = ointer;
+ }
+ }
+ }
+ signal(SIGINT,oldintr);
+ mflag = 0;
+}
+
+char *
+remglob(char **argv, int doswitch)
+{
+ char temp[16];
+ static char buf[MaxPathLen];
+ static FILE *ftemp = NULL;
+ static char **args;
+ int oldverbose, oldhash;
+ char *cp, *mode;
+
+ if (!mflag) {
+ if (!doglob) {
+ args = NULL;
+ }
+ else {
+ if (ftemp) {
+ fclose(ftemp);
+ ftemp = NULL;
+ }
+ }
+ return (NULL);
+ }
+ if (!doglob) {
+ if (args == NULL)
+ args = argv;
+ if ((cp = *++args) == NULL)
+ args = NULL;
+ return (cp);
+ }
+ if (ftemp == NULL) {
+ strcpy(temp, _PATH_TMP_XXX);
+ mktemp(temp);
+ oldverbose = verbose, verbose = 0;
+ oldhash = hash, hash = 0;
+ if (doswitch) {
+ pswitch(!proxy);
+ }
+ for (mode = "w"; *++argv != NULL; mode = "a")
+ recvrequest ("NLST", temp, *argv, mode, 0);
+ if (doswitch) {
+ pswitch(!proxy);
+ }
+ verbose = oldverbose; hash = oldhash;
+ ftemp = fopen(temp, "r");
+ unlink(temp);
+ if (ftemp == NULL) {
+ printf("can't find list of remote files, oops\n");
+ return (NULL);
+ }
+ }
+ if (fgets(buf, sizeof (buf), ftemp) == NULL) {
+ fclose(ftemp);
+ ftemp = NULL;
+ return (NULL);
+ }
+ if ((cp = strchr(buf, '\n')) != NULL)
+ *cp = '\0';
+ return (buf);
+}
+
+char *
+onoff(int bool)
+{
+
+ return (bool ? "on" : "off");
+}
+
+/*
+ * Show status.
+ */
+/*ARGSUSED*/
+void
+status(int argc, char **argv)
+{
+ int i;
+
+ if (connected)
+ printf("Connected to %s.\n", hostname);
+ else
+ printf("Not connected.\n");
+ if (!proxy) {
+ pswitch(1);
+ if (connected) {
+ printf("Connected for proxy commands to %s.\n", hostname);
+ }
+ else {
+ printf("No proxy connection.\n");
+ }
+ pswitch(0);
+ }
+ sec_status();
+ printf("Mode: %s; Type: %s; Form: %s; Structure: %s\n",
+ modename, typename, formname, structname);
+ printf("Verbose: %s; Bell: %s; Prompting: %s; Globbing: %s\n",
+ onoff(verbose), onoff(bell), onoff(interactive),
+ onoff(doglob));
+ printf("Store unique: %s; Receive unique: %s\n", onoff(sunique),
+ onoff(runique));
+ printf("Case: %s; CR stripping: %s\n",onoff(mcase),onoff(crflag));
+ if (ntflag) {
+ printf("Ntrans: (in) %s (out) %s\n", ntin,ntout);
+ }
+ else {
+ printf("Ntrans: off\n");
+ }
+ if (mapflag) {
+ printf("Nmap: (in) %s (out) %s\n", mapin, mapout);
+ }
+ else {
+ printf("Nmap: off\n");
+ }
+ printf("Hash mark printing: %s; Use of PORT cmds: %s\n",
+ onoff(hash), onoff(sendport));
+ if (macnum > 0) {
+ printf("Macros:\n");
+ for (i=0; i<macnum; i++) {
+ printf("\t%s\n",macros[i].mac_name);
+ }
+ }
+ code = 0;
+}
+
+/*
+ * Set beep on cmd completed mode.
+ */
+/*VARARGS*/
+void
+setbell(int argc, char **argv)
+{
+
+ bell = !bell;
+ printf("Bell mode %s.\n", onoff(bell));
+ code = bell;
+}
+
+/*
+ * Turn on packet tracing.
+ */
+/*VARARGS*/
+void
+settrace(int argc, char **argv)
+{
+
+ trace = !trace;
+ printf("Packet tracing %s.\n", onoff(trace));
+ code = trace;
+}
+
+/*
+ * Toggle hash mark printing during transfers.
+ */
+/*VARARGS*/
+void
+sethash(int argc, char **argv)
+{
+
+ hash = !hash;
+ printf("Hash mark printing %s", onoff(hash));
+ code = hash;
+ if (hash)
+ printf(" (%d bytes/hash mark)", 1024);
+ printf(".\n");
+}
+
+/*
+ * Turn on printing of server echo's.
+ */
+/*VARARGS*/
+void
+setverbose(int argc, char **argv)
+{
+
+ verbose = !verbose;
+ printf("Verbose mode %s.\n", onoff(verbose));
+ code = verbose;
+}
+
+/*
+ * Toggle PORT cmd use before each data connection.
+ */
+/*VARARGS*/
+void
+setport(int argc, char **argv)
+{
+
+ sendport = !sendport;
+ printf("Use of PORT cmds %s.\n", onoff(sendport));
+ code = sendport;
+}
+
+/*
+ * Turn on interactive prompting
+ * during mget, mput, and mdelete.
+ */
+/*VARARGS*/
+void
+setprompt(int argc, char **argv)
+{
+
+ interactive = !interactive;
+ printf("Interactive mode %s.\n", onoff(interactive));
+ code = interactive;
+}
+
+/*
+ * Toggle metacharacter interpretation
+ * on local file names.
+ */
+/*VARARGS*/
+void
+setglob(int argc, char **argv)
+{
+
+ doglob = !doglob;
+ printf("Globbing %s.\n", onoff(doglob));
+ code = doglob;
+}
+
+/*
+ * Set debugging mode on/off and/or
+ * set level of debugging.
+ */
+/*VARARGS*/
+void
+setdebug(int argc, char **argv)
+{
+ int val;
+
+ if (argc > 1) {
+ val = atoi(argv[1]);
+ if (val < 0) {
+ printf("%s: bad debugging value.\n", argv[1]);
+ code = -1;
+ return;
+ }
+ } else
+ val = !debug;
+ debug = val;
+ if (debug)
+ options |= SO_DEBUG;
+ else
+ options &= ~SO_DEBUG;
+ printf("Debugging %s (debug=%d).\n", onoff(debug), debug);
+ code = debug > 0;
+}
+
+/*
+ * Set current working directory
+ * on remote machine.
+ */
+void
+cd(int argc, char **argv)
+{
+
+ if (argc < 2 && !another(&argc, &argv, "remote-directory")) {
+ printf("usage: %s remote-directory\n", argv[0]);
+ code = -1;
+ return;
+ }
+ if (command("CWD %s", argv[1]) == ERROR && code == 500) {
+ if (verbose)
+ printf("CWD command not recognized, trying XCWD\n");
+ command("XCWD %s", argv[1]);
+ }
+}
+
+/*
+ * Set current working directory
+ * on local machine.
+ */
+void
+lcd(int argc, char **argv)
+{
+ char buf[MaxPathLen];
+
+ if (argc < 2)
+ argc++, argv[1] = home;
+ if (argc != 2) {
+ printf("usage: %s local-directory\n", argv[0]);
+ code = -1;
+ return;
+ }
+ if (!globulize(&argv[1])) {
+ code = -1;
+ return;
+ }
+ if (chdir(argv[1]) < 0) {
+ warn("local: %s", argv[1]);
+ code = -1;
+ return;
+ }
+ if (getcwd(buf, sizeof(buf)) != NULL)
+ printf("Local directory now %s\n", buf);
+ else
+ warnx("getwd: %s", buf);
+ code = 0;
+}
+
+/*
+ * Delete a single file.
+ */
+void
+delete(int argc, char **argv)
+{
+
+ if (argc < 2 && !another(&argc, &argv, "remote-file")) {
+ printf("usage: %s remote-file\n", argv[0]);
+ code = -1;
+ return;
+ }
+ command("DELE %s", argv[1]);
+}
+
+/*
+ * Delete multiple files.
+ */
+void
+mdelete(int argc, char **argv)
+{
+ sighand oldintr;
+ int ointer;
+ char *cp;
+
+ if (argc < 2 && !another(&argc, &argv, "remote-files")) {
+ printf("usage: %s remote-files\n", argv[0]);
+ code = -1;
+ return;
+ }
+ mname = argv[0];
+ mflag = 1;
+ oldintr = signal(SIGINT, mabort);
+ setjmp(jabort);
+ while ((cp = remglob(argv,0)) != NULL) {
+ if (*cp == '\0') {
+ mflag = 0;
+ continue;
+ }
+ if (mflag && confirm(argv[0], cp)) {
+ command("DELE %s", cp);
+ if (!mflag && fromatty) {
+ ointer = interactive;
+ interactive = 1;
+ if (confirm("Continue with", "mdelete")) {
+ mflag++;
+ }
+ interactive = ointer;
+ }
+ }
+ }
+ signal(SIGINT, oldintr);
+ mflag = 0;
+}
+
+/*
+ * Rename a remote file.
+ */
+void
+renamefile(int argc, char **argv)
+{
+
+ if (argc < 2 && !another(&argc, &argv, "from-name"))
+ goto usage;
+ if (argc < 3 && !another(&argc, &argv, "to-name")) {
+usage:
+ printf("%s from-name to-name\n", argv[0]);
+ code = -1;
+ return;
+ }
+ if (command("RNFR %s", argv[1]) == CONTINUE)
+ command("RNTO %s", argv[2]);
+}
+
+/*
+ * Get a directory listing
+ * of remote files.
+ */
+void
+ls(int argc, char **argv)
+{
+ char *cmd;
+
+ if (argc < 2)
+ argc++, argv[1] = NULL;
+ if (argc < 3)
+ argc++, argv[2] = "-";
+ if (argc > 3) {
+ printf("usage: %s remote-directory local-file\n", argv[0]);
+ code = -1;
+ return;
+ }
+ cmd = argv[0][0] == 'n' ? "NLST" : "LIST";
+ if (strcmp(argv[2], "-") && !globulize(&argv[2])) {
+ code = -1;
+ return;
+ }
+ if (strcmp(argv[2], "-") && *argv[2] != '|')
+ if (!globulize(&argv[2]) || !confirm("output to local-file:", argv[2])) {
+ code = -1;
+ return;
+ }
+ recvrequest(cmd, argv[2], argv[1], "w", 0);
+}
+
+/*
+ * Get a directory listing
+ * of multiple remote files.
+ */
+void
+mls(int argc, char **argv)
+{
+ sighand oldintr;
+ int ointer, i;
+ char *cmd, mode[1], *dest;
+
+ if (argc < 2 && !another(&argc, &argv, "remote-files"))
+ goto usage;
+ if (argc < 3 && !another(&argc, &argv, "local-file")) {
+usage:
+ printf("usage: %s remote-files local-file\n", argv[0]);
+ code = -1;
+ return;
+ }
+ dest = argv[argc - 1];
+ argv[argc - 1] = NULL;
+ if (strcmp(dest, "-") && *dest != '|')
+ if (!globulize(&dest) ||
+ !confirm("output to local-file:", dest)) {
+ code = -1;
+ return;
+ }
+ cmd = argv[0][1] == 'l' ? "NLST" : "LIST";
+ mname = argv[0];
+ mflag = 1;
+ oldintr = signal(SIGINT, mabort);
+ setjmp(jabort);
+ for (i = 1; mflag && i < argc-1; ++i) {
+ *mode = (i == 1) ? 'w' : 'a';
+ recvrequest(cmd, dest, argv[i], mode, 0);
+ if (!mflag && fromatty) {
+ ointer = interactive;
+ interactive = 1;
+ if (confirm("Continue with", argv[0])) {
+ mflag ++;
+ }
+ interactive = ointer;
+ }
+ }
+ signal(SIGINT, oldintr);
+ mflag = 0;
+}
+
+/*
+ * Do a shell escape
+ */
+/*ARGSUSED*/
+void
+shell(int argc, char **argv)
+{
+ pid_t pid;
+ RETSIGTYPE (*old1)(), (*old2)();
+ char shellnam[40], *shell, *namep;
+ int status;
+
+ old1 = signal (SIGINT, SIG_IGN);
+ old2 = signal (SIGQUIT, SIG_IGN);
+ if ((pid = fork()) == 0) {
+ for (pid = 3; pid < 20; pid++)
+ close(pid);
+ signal(SIGINT, SIG_DFL);
+ signal(SIGQUIT, SIG_DFL);
+ shell = getenv("SHELL");
+ if (shell == NULL)
+ shell = _PATH_BSHELL;
+ namep = strrchr(shell,'/');
+ if (namep == NULL)
+ namep = shell;
+ strcpy(shellnam,"-");
+ strcat(shellnam, ++namep);
+ if (strcmp(namep, "sh") != 0)
+ shellnam[0] = '+';
+ if (debug) {
+ printf ("%s\n", shell);
+ fflush (stdout);
+ }
+ if (argc > 1) {
+ execl(shell,shellnam,"-c",altarg,(char *)0);
+ }
+ else {
+ execl(shell,shellnam,(char *)0);
+ }
+ warn("%s", shell);
+ code = -1;
+ exit(1);
+ }
+ if (pid > 0)
+ while (waitpid(-1, &status, 0) != pid)
+ ;
+ signal(SIGINT, old1);
+ signal(SIGQUIT, old2);
+ if (pid == -1) {
+ warn("%s", "Try again later");
+ code = -1;
+ }
+ else {
+ code = 0;
+ }
+}
+
+/*
+ * Send new user information (re-login)
+ */
+void
+user(int argc, char **argv)
+{
+ char acct[80];
+ int n, aflag = 0;
+ char tmp[256];
+
+ if (argc < 2)
+ another(&argc, &argv, "username");
+ if (argc < 2 || argc > 4) {
+ printf("usage: %s username [password] [account]\n", argv[0]);
+ code = -1;
+ return;
+ }
+ n = command("USER %s", argv[1]);
+ if (n == CONTINUE) {
+ if (argc < 3 ) {
+ des_read_pw_string (tmp,
+ sizeof(tmp),
+ "Password: ", 0);
+ argv[2] = tmp;
+ argc++;
+ }
+ n = command("PASS %s", argv[2]);
+ }
+ if (n == CONTINUE) {
+ if (argc < 4) {
+ printf("Account: "); fflush(stdout);
+ fgets(acct, sizeof(acct) - 1, stdin);
+ acct[strlen(acct) - 1] = '\0';
+ argv[3] = acct; argc++;
+ }
+ n = command("ACCT %s", argv[3]);
+ aflag++;
+ }
+ if (n != COMPLETE) {
+ fprintf(stdout, "Login failed.\n");
+ return;
+ }
+ if (!aflag && argc == 4) {
+ command("ACCT %s", argv[3]);
+ }
+}
+
+/*
+ * Print working directory.
+ */
+/*VARARGS*/
+void
+pwd(int argc, char **argv)
+{
+ int oldverbose = verbose;
+
+ /*
+ * If we aren't verbose, this doesn't do anything!
+ */
+ verbose = 1;
+ if (command("PWD") == ERROR && code == 500) {
+ printf("PWD command not recognized, trying XPWD\n");
+ command("XPWD");
+ }
+ verbose = oldverbose;
+}
+
+/*
+ * Make a directory.
+ */
+void
+makedir(int argc, char **argv)
+{
+
+ if (argc < 2 && !another(&argc, &argv, "directory-name")) {
+ printf("usage: %s directory-name\n", argv[0]);
+ code = -1;
+ return;
+ }
+ if (command("MKD %s", argv[1]) == ERROR && code == 500) {
+ if (verbose)
+ printf("MKD command not recognized, trying XMKD\n");
+ command("XMKD %s", argv[1]);
+ }
+}
+
+/*
+ * Remove a directory.
+ */
+void
+removedir(int argc, char **argv)
+{
+
+ if (argc < 2 && !another(&argc, &argv, "directory-name")) {
+ printf("usage: %s directory-name\n", argv[0]);
+ code = -1;
+ return;
+ }
+ if (command("RMD %s", argv[1]) == ERROR && code == 500) {
+ if (verbose)
+ printf("RMD command not recognized, trying XRMD\n");
+ command("XRMD %s", argv[1]);
+ }
+}
+
+/*
+ * Send a line, verbatim, to the remote machine.
+ */
+void
+quote(int argc, char **argv)
+{
+
+ if (argc < 2 && !another(&argc, &argv, "command line to send")) {
+ printf("usage: %s line-to-send\n", argv[0]);
+ code = -1;
+ return;
+ }
+ quote1("", argc, argv);
+}
+
+/*
+ * Send a SITE command to the remote machine. The line
+ * is sent verbatim to the remote machine, except that the
+ * word "SITE" is added at the front.
+ */
+void
+site(int argc, char **argv)
+{
+
+ if (argc < 2 && !another(&argc, &argv, "arguments to SITE command")) {
+ printf("usage: %s line-to-send\n", argv[0]);
+ code = -1;
+ return;
+ }
+ quote1("SITE ", argc, argv);
+}
+
+/*
+ * Turn argv[1..argc) into a space-separated string, then prepend initial text.
+ * Send the result as a one-line command and get response.
+ */
+void
+quote1(char *initial, int argc, char **argv)
+{
+ int i, len;
+ char buf[BUFSIZ]; /* must be >= sizeof(line) */
+
+ strcpy(buf, initial);
+ if (argc > 1) {
+ len = strlen(buf);
+ len += strlen(strcpy(&buf[len], argv[1]));
+ for (i = 2; i < argc; i++) {
+ buf[len++] = ' ';
+ len += strlen(strcpy(&buf[len], argv[i]));
+ }
+ }
+ if (command(buf) == PRELIM) {
+ while (getreply(0) == PRELIM)
+ continue;
+ }
+}
+
+void
+do_chmod(int argc, char **argv)
+{
+
+ if (argc < 2 && !another(&argc, &argv, "mode"))
+ goto usage;
+ if (argc < 3 && !another(&argc, &argv, "file-name")) {
+usage:
+ printf("usage: %s mode file-name\n", argv[0]);
+ code = -1;
+ return;
+ }
+ command("SITE CHMOD %s %s", argv[1], argv[2]);
+}
+
+void
+do_umask(int argc, char **argv)
+{
+ int oldverbose = verbose;
+
+ verbose = 1;
+ command(argc == 1 ? "SITE UMASK" : "SITE UMASK %s", argv[1]);
+ verbose = oldverbose;
+}
+
+void
+ftp_idle(int argc, char **argv)
+{
+ int oldverbose = verbose;
+
+ verbose = 1;
+ command(argc == 1 ? "SITE IDLE" : "SITE IDLE %s", argv[1]);
+ verbose = oldverbose;
+}
+
+/*
+ * Ask the other side for help.
+ */
+void
+rmthelp(int argc, char **argv)
+{
+ int oldverbose = verbose;
+
+ verbose = 1;
+ command(argc == 1 ? "HELP" : "HELP %s", argv[1]);
+ verbose = oldverbose;
+}
+
+/*
+ * Terminate session and exit.
+ */
+/*VARARGS*/
+void
+quit(int argc, char **argv)
+{
+
+ if (connected)
+ disconnect(0, 0);
+ pswitch(1);
+ if (connected) {
+ disconnect(0, 0);
+ }
+ exit(0);
+}
+
+/*
+ * Terminate session, but don't exit.
+ */
+void
+disconnect(int argc, char **argv)
+{
+
+ if (!connected)
+ return;
+ command("QUIT");
+ if (cout) {
+ fclose(cout);
+ }
+ cout = NULL;
+ connected = 0;
+ krb4_quit();
+ data = -1;
+ if (!proxy) {
+ macnum = 0;
+ }
+}
+
+int
+confirm(char *cmd, char *file)
+{
+ char line[BUFSIZ];
+
+ if (!interactive)
+ return (1);
+ printf("%s %s? ", cmd, file);
+ fflush(stdout);
+ if (fgets(line, sizeof line, stdin) == NULL)
+ return (0);
+ return (*line != 'n' && *line != 'N');
+}
+
+void
+fatal(char *msg)
+{
+
+ errx(1, "%s", msg);
+}
+
+/*
+ * Glob a local file name specification with
+ * the expectation of a single return value.
+ * Can't control multiple values being expanded
+ * from the expression, we return only the first.
+ */
+int
+globulize(char **cpp)
+{
+ glob_t gl;
+ int flags;
+
+ if (!doglob)
+ return (1);
+
+ flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
+ memset(&gl, 0, sizeof(gl));
+ if (glob(*cpp, flags, NULL, &gl) ||
+ gl.gl_pathc == 0) {
+ warnx("%s: not found", *cpp);
+ globfree(&gl);
+ return (0);
+ }
+ *cpp = strdup(gl.gl_pathv[0]); /* XXX - wasted memory */
+ globfree(&gl);
+ return (1);
+}
+
+void
+account(int argc, char **argv)
+{
+ char acct[50];
+
+ if (argc > 1) {
+ ++argv;
+ --argc;
+ strncpy(acct,*argv,49);
+ acct[49] = '\0';
+ while (argc > 1) {
+ --argc;
+ ++argv;
+ strncat(acct,*argv, 49-strlen(acct));
+ }
+ }
+ else {
+ des_read_pw_string(acct, sizeof(acct), "Account:", 0);
+ }
+ command("ACCT %s", acct);
+}
+
+jmp_buf abortprox;
+
+static RETSIGTYPE
+proxabort(int sig)
+{
+
+ if (!proxy) {
+ pswitch(1);
+ }
+ if (connected) {
+ proxflag = 1;
+ }
+ else {
+ proxflag = 0;
+ }
+ pswitch(0);
+ longjmp(abortprox,1);
+}
+
+void
+doproxy(int argc, char **argv)
+{
+ struct cmd *c;
+ RETSIGTYPE (*oldintr)();
+
+ if (argc < 2 && !another(&argc, &argv, "command")) {
+ printf("usage: %s command\n", argv[0]);
+ code = -1;
+ return;
+ }
+ c = getcmd(argv[1]);
+ if (c == (struct cmd *) -1) {
+ printf("?Ambiguous command\n");
+ fflush(stdout);
+ code = -1;
+ return;
+ }
+ if (c == 0) {
+ printf("?Invalid command\n");
+ fflush(stdout);
+ code = -1;
+ return;
+ }
+ if (!c->c_proxy) {
+ printf("?Invalid proxy command\n");
+ fflush(stdout);
+ code = -1;
+ return;
+ }
+ if (setjmp(abortprox)) {
+ code = -1;
+ return;
+ }
+ oldintr = signal(SIGINT, proxabort);
+ pswitch(1);
+ if (c->c_conn && !connected) {
+ printf("Not connected\n");
+ fflush(stdout);
+ pswitch(0);
+ signal(SIGINT, oldintr);
+ code = -1;
+ return;
+ }
+ (*c->c_handler)(argc-1, argv+1);
+ if (connected) {
+ proxflag = 1;
+ }
+ else {
+ proxflag = 0;
+ }
+ pswitch(0);
+ signal(SIGINT, oldintr);
+}
+
+void
+setcase(int argc, char **argv)
+{
+
+ mcase = !mcase;
+ printf("Case mapping %s.\n", onoff(mcase));
+ code = mcase;
+}
+
+void
+setcr(int argc, char **argv)
+{
+
+ crflag = !crflag;
+ printf("Carriage Return stripping %s.\n", onoff(crflag));
+ code = crflag;
+}
+
+void
+setntrans(int argc, char **argv)
+{
+ if (argc == 1) {
+ ntflag = 0;
+ printf("Ntrans off.\n");
+ code = ntflag;
+ return;
+ }
+ ntflag++;
+ code = ntflag;
+ strncpy(ntin, argv[1], 16);
+ ntin[16] = '\0';
+ if (argc == 2) {
+ ntout[0] = '\0';
+ return;
+ }
+ strncpy(ntout, argv[2], 16);
+ ntout[16] = '\0';
+}
+
+char *
+dotrans(char *name)
+{
+ static char new[MaxPathLen];
+ char *cp1, *cp2 = new;
+ int i, ostop, found;
+
+ for (ostop = 0; *(ntout + ostop) && ostop < 16; ostop++)
+ continue;
+ for (cp1 = name; *cp1; cp1++) {
+ found = 0;
+ for (i = 0; *(ntin + i) && i < 16; i++) {
+ if (*cp1 == *(ntin + i)) {
+ found++;
+ if (i < ostop) {
+ *cp2++ = *(ntout + i);
+ }
+ break;
+ }
+ }
+ if (!found) {
+ *cp2++ = *cp1;
+ }
+ }
+ *cp2 = '\0';
+ return (new);
+}
+
+void
+setnmap(int argc, char **argv)
+{
+ char *cp;
+
+ if (argc == 1) {
+ mapflag = 0;
+ printf("Nmap off.\n");
+ code = mapflag;
+ return;
+ }
+ if (argc < 3 && !another(&argc, &argv, "mapout")) {
+ printf("Usage: %s [mapin mapout]\n",argv[0]);
+ code = -1;
+ return;
+ }
+ mapflag = 1;
+ code = 1;
+ cp = strchr(altarg, ' ');
+ if (proxy) {
+ while(*++cp == ' ')
+ continue;
+ altarg = cp;
+ cp = strchr(altarg, ' ');
+ }
+ *cp = '\0';
+ strncpy(mapin, altarg, MaxPathLen - 1);
+ while (*++cp == ' ')
+ continue;
+ strncpy(mapout, cp, MaxPathLen - 1);
+}
+
+char *
+domap(char *name)
+{
+ static char new[MaxPathLen];
+ char *cp1 = name, *cp2 = mapin;
+ char *tp[9], *te[9];
+ int i, toks[9], toknum = 0, match = 1;
+
+ for (i=0; i < 9; ++i) {
+ toks[i] = 0;
+ }
+ while (match && *cp1 && *cp2) {
+ switch (*cp2) {
+ case '\\':
+ if (*++cp2 != *cp1) {
+ match = 0;
+ }
+ break;
+ case '$':
+ if (*(cp2+1) >= '1' && (*cp2+1) <= '9') {
+ if (*cp1 != *(++cp2+1)) {
+ toks[toknum = *cp2 - '1']++;
+ tp[toknum] = cp1;
+ while (*++cp1 && *(cp2+1)
+ != *cp1);
+ te[toknum] = cp1;
+ }
+ cp2++;
+ break;
+ }
+ /* FALLTHROUGH */
+ default:
+ if (*cp2 != *cp1) {
+ match = 0;
+ }
+ break;
+ }
+ if (match && *cp1) {
+ cp1++;
+ }
+ if (match && *cp2) {
+ cp2++;
+ }
+ }
+ if (!match && *cp1) /* last token mismatch */
+ {
+ toks[toknum] = 0;
+ }
+ cp1 = new;
+ *cp1 = '\0';
+ cp2 = mapout;
+ while (*cp2) {
+ match = 0;
+ switch (*cp2) {
+ case '\\':
+ if (*(cp2 + 1)) {
+ *cp1++ = *++cp2;
+ }
+ break;
+ case '[':
+LOOP:
+ if (*++cp2 == '$' && isdigit(*(cp2+1))) {
+ if (*++cp2 == '0') {
+ char *cp3 = name;
+
+ while (*cp3) {
+ *cp1++ = *cp3++;
+ }
+ match = 1;
+ }
+ else if (toks[toknum = *cp2 - '1']) {
+ char *cp3 = tp[toknum];
+
+ while (cp3 != te[toknum]) {
+ *cp1++ = *cp3++;
+ }
+ match = 1;
+ }
+ }
+ else {
+ while (*cp2 && *cp2 != ',' &&
+ *cp2 != ']') {
+ if (*cp2 == '\\') {
+ cp2++;
+ }
+ else if (*cp2 == '$' &&
+ isdigit(*(cp2+1))) {
+ if (*++cp2 == '0') {
+ char *cp3 = name;
+
+ while (*cp3) {
+ *cp1++ = *cp3++;
+ }
+ }
+ else if (toks[toknum =
+ *cp2 - '1']) {
+ char *cp3=tp[toknum];
+
+ while (cp3 !=
+ te[toknum]) {
+ *cp1++ = *cp3++;
+ }
+ }
+ }
+ else if (*cp2) {
+ *cp1++ = *cp2++;
+ }
+ }
+ if (!*cp2) {
+ printf("nmap: unbalanced brackets\n");
+ return (name);
+ }
+ match = 1;
+ cp2--;
+ }
+ if (match) {
+ while (*++cp2 && *cp2 != ']') {
+ if (*cp2 == '\\' && *(cp2 + 1)) {
+ cp2++;
+ }
+ }
+ if (!*cp2) {
+ printf("nmap: unbalanced brackets\n");
+ return (name);
+ }
+ break;
+ }
+ switch (*++cp2) {
+ case ',':
+ goto LOOP;
+ case ']':
+ break;
+ default:
+ cp2--;
+ goto LOOP;
+ }
+ break;
+ case '$':
+ if (isdigit(*(cp2 + 1))) {
+ if (*++cp2 == '0') {
+ char *cp3 = name;
+
+ while (*cp3) {
+ *cp1++ = *cp3++;
+ }
+ }
+ else if (toks[toknum = *cp2 - '1']) {
+ char *cp3 = tp[toknum];
+
+ while (cp3 != te[toknum]) {
+ *cp1++ = *cp3++;
+ }
+ }
+ break;
+ }
+ /* intentional drop through */
+ default:
+ *cp1++ = *cp2;
+ break;
+ }
+ cp2++;
+ }
+ *cp1 = '\0';
+ if (!*new) {
+ return (name);
+ }
+ return (new);
+}
+
+void
+setpassive(int argc, char **argv)
+{
+
+ passivemode = !passivemode;
+ printf("Passive mode %s.\n", onoff(passivemode));
+ code = passivemode;
+}
+
+void
+setsunique(int argc, char **argv)
+{
+
+ sunique = !sunique;
+ printf("Store unique %s.\n", onoff(sunique));
+ code = sunique;
+}
+
+void
+setrunique(int argc, char **argv)
+{
+
+ runique = !runique;
+ printf("Receive unique %s.\n", onoff(runique));
+ code = runique;
+}
+
+/* change directory to perent directory */
+void
+cdup(int argc, char **argv)
+{
+
+ if (command("CDUP") == ERROR && code == 500) {
+ if (verbose)
+ printf("CDUP command not recognized, trying XCUP\n");
+ command("XCUP");
+ }
+}
+
+/* restart transfer at specific point */
+void
+restart(int argc, char **argv)
+{
+
+ if (argc != 2)
+ printf("restart: offset not specified\n");
+ else {
+ restart_point = atol(argv[1]);
+ printf("restarting at %ld. %s\n", (long)restart_point,
+ "execute get, put or append to initiate transfer");
+ }
+}
+
+/* show remote system type */
+void
+syst(int argc, char **argv)
+{
+
+ command("SYST");
+}
+
+void
+macdef(int argc, char **argv)
+{
+ char *tmp;
+ int c;
+
+ if (macnum == 16) {
+ printf("Limit of 16 macros have already been defined\n");
+ code = -1;
+ return;
+ }
+ if (argc < 2 && !another(&argc, &argv, "macro name")) {
+ printf("Usage: %s macro_name\n",argv[0]);
+ code = -1;
+ return;
+ }
+ if (interactive) {
+ printf("Enter macro line by line, terminating it with a null line\n");
+ }
+ strncpy(macros[macnum].mac_name, argv[1], 8);
+ if (macnum == 0) {
+ macros[macnum].mac_start = macbuf;
+ }
+ else {
+ macros[macnum].mac_start = macros[macnum - 1].mac_end + 1;
+ }
+ tmp = macros[macnum].mac_start;
+ while (tmp != macbuf+4096) {
+ if ((c = getchar()) == EOF) {
+ printf("macdef:end of file encountered\n");
+ code = -1;
+ return;
+ }
+ if ((*tmp = c) == '\n') {
+ if (tmp == macros[macnum].mac_start) {
+ macros[macnum++].mac_end = tmp;
+ code = 0;
+ return;
+ }
+ if (*(tmp-1) == '\0') {
+ macros[macnum++].mac_end = tmp - 1;
+ code = 0;
+ return;
+ }
+ *tmp = '\0';
+ }
+ tmp++;
+ }
+ while (1) {
+ while ((c = getchar()) != '\n' && c != EOF)
+ /* LOOP */;
+ if (c == EOF || getchar() == '\n') {
+ printf("Macro not defined - 4k buffer exceeded\n");
+ code = -1;
+ return;
+ }
+ }
+}
+
+/*
+ * get size of file on remote machine
+ */
+void
+sizecmd(int argc, char **argv)
+{
+
+ if (argc < 2 && !another(&argc, &argv, "filename")) {
+ printf("usage: %s filename\n", argv[0]);
+ code = -1;
+ return;
+ }
+ command("SIZE %s", argv[1]);
+}
+
+/*
+ * get last modification time of file on remote machine
+ */
+void
+modtime(int argc, char **argv)
+{
+ int overbose;
+
+ if (argc < 2 && !another(&argc, &argv, "filename")) {
+ printf("usage: %s filename\n", argv[0]);
+ code = -1;
+ return;
+ }
+ overbose = verbose;
+ if (debug == 0)
+ verbose = -1;
+ if (command("MDTM %s", argv[1]) == COMPLETE) {
+ int yy, mo, day, hour, min, sec;
+ sscanf(reply_string, "%*s %04d%02d%02d%02d%02d%02d", &yy, &mo,
+ &day, &hour, &min, &sec);
+ /* might want to print this in local time */
+ printf("%s\t%02d/%02d/%04d %02d:%02d:%02d GMT\n", argv[1],
+ mo, day, yy, hour, min, sec);
+ } else
+ printf("%s\n", reply_string);
+ verbose = overbose;
+}
+
+/*
+ * show status on reomte machine
+ */
+void
+rmtstatus(int argc, char **argv)
+{
+
+ command(argc > 1 ? "STAT %s" : "STAT" , argv[1]);
+}
+
+/*
+ * get file if modtime is more recent than current file
+ */
+void
+newer(int argc, char **argv)
+{
+
+ if (getit(argc, argv, -1, "w"))
+ printf("Local file \"%s\" is newer than remote file \"%s\"\n",
+ argv[2], argv[1]);
+}
diff --git a/crypto/kerberosIV/appl/ftp/ftp/cmdtab.c b/crypto/kerberosIV/appl/ftp/ftp/cmdtab.c
new file mode 100644
index 0000000..9567e3c
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/cmdtab.c
@@ -0,0 +1,193 @@
+/*
+ * Copyright (c) 1985, 1989, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ftp_locl.h"
+
+/*
+ * User FTP -- Command Tables.
+ */
+
+char accounthelp[] = "send account command to remote server";
+char appendhelp[] = "append to a file";
+char asciihelp[] = "set ascii transfer type";
+char beephelp[] = "beep when command completed";
+char binaryhelp[] = "set binary transfer type";
+char casehelp[] = "toggle mget upper/lower case id mapping";
+char cdhelp[] = "change remote working directory";
+char cduphelp[] = "change remote working directory to parent directory";
+char chmodhelp[] = "change file permissions of remote file";
+char connecthelp[] = "connect to remote tftp";
+char crhelp[] = "toggle carriage return stripping on ascii gets";
+char deletehelp[] = "delete remote file";
+char debughelp[] = "toggle/set debugging mode";
+char dirhelp[] = "list contents of remote directory";
+char disconhelp[] = "terminate ftp session";
+char domachelp[] = "execute macro";
+char formhelp[] = "set file transfer format";
+char globhelp[] = "toggle metacharacter expansion of local file names";
+char hashhelp[] = "toggle printing `#' for each buffer transferred";
+char helphelp[] = "print local help information";
+char idlehelp[] = "get (set) idle timer on remote side";
+char lcdhelp[] = "change local working directory";
+char lshelp[] = "list contents of remote directory";
+char macdefhelp[] = "define a macro";
+char mdeletehelp[] = "delete multiple files";
+char mdirhelp[] = "list contents of multiple remote directories";
+char mgethelp[] = "get multiple files";
+char mkdirhelp[] = "make directory on the remote machine";
+char mlshelp[] = "list contents of multiple remote directories";
+char modtimehelp[] = "show last modification time of remote file";
+char modehelp[] = "set file transfer mode";
+char mputhelp[] = "send multiple files";
+char newerhelp[] = "get file if remote file is newer than local file ";
+char nlisthelp[] = "nlist contents of remote directory";
+char nmaphelp[] = "set templates for default file name mapping";
+char ntranshelp[] = "set translation table for default file name mapping";
+char porthelp[] = "toggle use of PORT cmd for each data connection";
+char prompthelp[] = "force interactive prompting on multiple commands";
+char proxyhelp[] = "issue command on alternate connection";
+char pwdhelp[] = "print working directory on remote machine";
+char quithelp[] = "terminate ftp session and exit";
+char quotehelp[] = "send arbitrary ftp command";
+char receivehelp[] = "receive file";
+char regethelp[] = "get file restarting at end of local file";
+char remotehelp[] = "get help from remote server";
+char renamehelp[] = "rename file";
+char restarthelp[]= "restart file transfer at bytecount";
+char rmdirhelp[] = "remove directory on the remote machine";
+char rmtstatushelp[]="show status of remote machine";
+char runiquehelp[] = "toggle store unique for local files";
+char resethelp[] = "clear queued command replies";
+char sendhelp[] = "send one file";
+char passivehelp[] = "enter passive transfer mode";
+char sitehelp[] = "send site specific command to remote server\n\t\tTry \"rhelp site\" or \"site help\" for more information";
+char shellhelp[] = "escape to the shell";
+char sizecmdhelp[] = "show size of remote file";
+char statushelp[] = "show current status";
+char structhelp[] = "set file transfer structure";
+char suniquehelp[] = "toggle store unique on remote machine";
+char systemhelp[] = "show remote system type";
+char tenexhelp[] = "set tenex file transfer type";
+char tracehelp[] = "toggle packet tracing";
+char typehelp[] = "set file transfer type";
+char umaskhelp[] = "get (set) umask on remote side";
+char userhelp[] = "send new user information";
+char verbosehelp[] = "toggle verbose mode";
+
+char prothelp[] = "set protection level";
+char kauthhelp[] = "get remote tokens";
+char klisthelp[] = "show remote tickets";
+char aklog[] = "obtain remote AFS tokens";
+
+struct cmd cmdtab[] = {
+ { "!", shellhelp, 0, 0, 0, shell },
+ { "$", domachelp, 1, 0, 0, domacro },
+ { "account", accounthelp, 0, 1, 1, account},
+ { "append", appendhelp, 1, 1, 1, put },
+ { "ascii", asciihelp, 0, 1, 1, setascii },
+ { "bell", beephelp, 0, 0, 0, setbell },
+ { "binary", binaryhelp, 0, 1, 1, setbinary },
+ { "bye", quithelp, 0, 0, 0, quit },
+ { "case", casehelp, 0, 0, 1, setcase },
+ { "cd", cdhelp, 0, 1, 1, cd },
+ { "cdup", cduphelp, 0, 1, 1, cdup },
+ { "chmod", chmodhelp, 0, 1, 1, do_chmod },
+ { "close", disconhelp, 0, 1, 1, disconnect },
+ { "cr", crhelp, 0, 0, 0, setcr },
+ { "delete", deletehelp, 0, 1, 1, delete },
+ { "debug", debughelp, 0, 0, 0, setdebug },
+ { "dir", dirhelp, 1, 1, 1, ls },
+ { "disconnect", disconhelp, 0, 1, 1, disconnect },
+ { "form", formhelp, 0, 1, 1, setform },
+ { "get", receivehelp, 1, 1, 1, get },
+ { "glob", globhelp, 0, 0, 0, setglob },
+ { "hash", hashhelp, 0, 0, 0, sethash },
+ { "help", helphelp, 0, 0, 1, help },
+ { "idle", idlehelp, 0, 1, 1, ftp_idle },
+ { "image", binaryhelp, 0, 1, 1, setbinary },
+ { "lcd", lcdhelp, 0, 0, 0, lcd },
+ { "ls", lshelp, 1, 1, 1, ls },
+ { "macdef", macdefhelp, 0, 0, 0, macdef },
+ { "mdelete", mdeletehelp, 1, 1, 1, mdelete },
+ { "mdir", mdirhelp, 1, 1, 1, mls },
+ { "mget", mgethelp, 1, 1, 1, mget },
+ { "mkdir", mkdirhelp, 0, 1, 1, makedir },
+ { "mls", mlshelp, 1, 1, 1, mls },
+ { "mode", modehelp, 0, 1, 1, setftmode },
+ { "modtime", modtimehelp, 0, 1, 1, modtime },
+ { "mput", mputhelp, 1, 1, 1, mput },
+ { "newer", newerhelp, 1, 1, 1, newer },
+ { "nmap", nmaphelp, 0, 0, 1, setnmap },
+ { "nlist", nlisthelp, 1, 1, 1, ls },
+ { "ntrans", ntranshelp, 0, 0, 1, setntrans },
+ { "open", connecthelp, 0, 0, 1, setpeer },
+ { "passive", passivehelp, 0, 0, 0, setpassive },
+ { "prompt", prompthelp, 0, 0, 0, setprompt },
+ { "proxy", proxyhelp, 0, 0, 1, doproxy },
+ { "sendport", porthelp, 0, 0, 0, setport },
+ { "put", sendhelp, 1, 1, 1, put },
+ { "pwd", pwdhelp, 0, 1, 1, pwd },
+ { "quit", quithelp, 0, 0, 0, quit },
+ { "quote", quotehelp, 1, 1, 1, quote },
+ { "recv", receivehelp, 1, 1, 1, get },
+ { "reget", regethelp, 1, 1, 1, reget },
+ { "rstatus", rmtstatushelp, 0, 1, 1, rmtstatus },
+ { "rhelp", remotehelp, 0, 1, 1, rmthelp },
+ { "rename", renamehelp, 0, 1, 1, renamefile },
+ { "reset", resethelp, 0, 1, 1, reset },
+ { "restart", restarthelp, 1, 1, 1, restart },
+ { "rmdir", rmdirhelp, 0, 1, 1, removedir },
+ { "runique", runiquehelp, 0, 0, 1, setrunique },
+ { "send", sendhelp, 1, 1, 1, put },
+ { "site", sitehelp, 0, 1, 1, site },
+ { "size", sizecmdhelp, 1, 1, 1, sizecmd },
+ { "status", statushelp, 0, 0, 1, status },
+ { "struct", structhelp, 0, 1, 1, setstruct },
+ { "system", systemhelp, 0, 1, 1, syst },
+ { "sunique", suniquehelp, 0, 0, 1, setsunique },
+ { "tenex", tenexhelp, 0, 1, 1, settenex },
+ { "trace", tracehelp, 0, 0, 0, settrace },
+ { "type", typehelp, 0, 1, 1, settype },
+ { "user", userhelp, 0, 1, 1, user },
+ { "umask", umaskhelp, 0, 1, 1, do_umask },
+ { "verbose", verbosehelp, 0, 0, 0, setverbose },
+ { "?", helphelp, 0, 0, 1, help },
+
+ { "prot", prothelp, 0, 1, 0, sec_prot },
+ { "kauth", kauthhelp, 0, 1, 0, kauth },
+ { "klist", klisthelp, 0, 1, 0, klist },
+
+ { 0 },
+};
+
+int NCMDS = (sizeof (cmdtab) / sizeof (cmdtab[0])) - 1;
diff --git a/crypto/kerberosIV/appl/ftp/ftp/domacro.c b/crypto/kerberosIV/appl/ftp/ftp/domacro.c
new file mode 100644
index 0000000..f5a89b9
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/domacro.c
@@ -0,0 +1,138 @@
+/*
+ * Copyright (c) 1985, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ftp_locl.h"
+RCSID("$Id: domacro.c,v 1.5 1996/11/17 20:23:10 assar Exp $");
+
+void
+domacro(int argc, char **argv)
+{
+ int i, j, count = 2, loopflg = 0;
+ char *cp1, *cp2, line2[200];
+ struct cmd *c;
+
+ if (argc < 2 && !another(&argc, &argv, "macro name")) {
+ printf("Usage: %s macro_name.\n", argv[0]);
+ code = -1;
+ return;
+ }
+ for (i = 0; i < macnum; ++i) {
+ if (!strncmp(argv[1], macros[i].mac_name, 9)) {
+ break;
+ }
+ }
+ if (i == macnum) {
+ printf("'%s' macro not found.\n", argv[1]);
+ code = -1;
+ return;
+ }
+ strcpy(line2, line);
+TOP:
+ cp1 = macros[i].mac_start;
+ while (cp1 != macros[i].mac_end) {
+ while (isspace(*cp1)) {
+ cp1++;
+ }
+ cp2 = line;
+ while (*cp1 != '\0') {
+ switch(*cp1) {
+ case '\\':
+ *cp2++ = *++cp1;
+ break;
+ case '$':
+ if (isdigit(*(cp1+1))) {
+ j = 0;
+ while (isdigit(*++cp1)) {
+ j = 10*j + *cp1 - '0';
+ }
+ cp1--;
+ if (argc - 2 >= j) {
+ strcpy(cp2, argv[j+1]);
+ cp2 += strlen(argv[j+1]);
+ }
+ break;
+ }
+ if (*(cp1+1) == 'i') {
+ loopflg = 1;
+ cp1++;
+ if (count < argc) {
+ strcpy(cp2, argv[count]);
+ cp2 += strlen(argv[count]);
+ }
+ break;
+ }
+ /* intentional drop through */
+ default:
+ *cp2++ = *cp1;
+ break;
+ }
+ if (*cp1 != '\0') {
+ cp1++;
+ }
+ }
+ *cp2 = '\0';
+ makeargv();
+ c = getcmd(margv[0]);
+ if (c == (struct cmd *)-1) {
+ printf("?Ambiguous command\n");
+ code = -1;
+ }
+ else if (c == 0) {
+ printf("?Invalid command\n");
+ code = -1;
+ }
+ else if (c->c_conn && !connected) {
+ printf("Not connected.\n");
+ code = -1;
+ }
+ else {
+ if (verbose) {
+ printf("%s\n",line);
+ }
+ (*c->c_handler)(margc, margv);
+ if (bell && c->c_bell) {
+ putchar('\007');
+ }
+ strcpy(line, line2);
+ makeargv();
+ argc = margc;
+ argv = margv;
+ }
+ if (cp1 != macros[i].mac_end) {
+ cp1++;
+ }
+ }
+ if (loopflg && ++count < argc) {
+ goto TOP;
+ }
+}
diff --git a/crypto/kerberosIV/appl/ftp/ftp/extern.h b/crypto/kerberosIV/appl/ftp/ftp/extern.h
new file mode 100644
index 0000000..b830999
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/extern.h
@@ -0,0 +1,167 @@
+/*-
+ * Copyright (c) 1994 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)extern.h 8.3 (Berkeley) 10/9/94
+ */
+
+/* $Id: extern.h,v 1.13 1997/04/20 05:46:48 assar Exp $ */
+
+#include <setjmp.h>
+#include <stdlib.h>
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+
+void abort_remote (FILE *);
+void abortpt (int);
+void abortrecv (int);
+void account (int, char **);
+int another (int *, char ***, char *);
+void blkfree (char **);
+void cd (int, char **);
+void cdup (int, char **);
+void changetype (int, int);
+void cmdabort (int);
+void cmdscanner (int);
+int command (char *fmt, ...);
+int confirm (char *, char *);
+FILE *dataconn (char *);
+void delete (int, char **);
+void disconnect (int, char **);
+void do_chmod (int, char **);
+void do_umask (int, char **);
+void domacro (int, char **);
+char *domap (char *);
+void doproxy (int, char **);
+char *dotrans (char *);
+int empty (fd_set *, int);
+void fatal (char *);
+void get (int, char **);
+struct cmd *getcmd (char *);
+int getit (int, char **, int, char *);
+int getreply (int);
+int globulize (char **);
+char *gunique (char *);
+void help (int, char **);
+char *hookup (char *, int);
+void ftp_idle (int, char **);
+int initconn (void);
+void intr (int);
+void lcd (int, char **);
+int login (char *);
+RETSIGTYPE lostpeer (int);
+void ls (int, char **);
+void macdef (int, char **);
+void makeargv (void);
+void makedir (int, char **);
+void mdelete (int, char **);
+void mget (int, char **);
+void mls (int, char **);
+void modtime (int, char **);
+void mput (int, char **);
+char *onoff (int);
+void newer (int, char **);
+void proxtrans (char *, char *, char *);
+void psabort (int);
+void pswitch (int);
+void ptransfer (char *, long, struct timeval *, struct timeval *);
+void put (int, char **);
+void pwd (int, char **);
+void quit (int, char **);
+void quote (int, char **);
+void quote1 (char *, int, char **);
+void recvrequest (char *, char *, char *, char *, int);
+void reget (int, char **);
+char *remglob (char **, int);
+void removedir (int, char **);
+void renamefile (int, char **);
+void reset (int, char **);
+void restart (int, char **);
+void rmthelp (int, char **);
+void rmtstatus (int, char **);
+int ruserpass (char *, char **, char **, char **);
+void sendrequest (char *, char *, char *, int);
+void setascii (int, char **);
+void setbell (int, char **);
+void setbinary (int, char **);
+void setcase (int, char **);
+void setcr (int, char **);
+void setdebug (int, char **);
+void setform (int, char **);
+void setftmode (int, char **);
+void setglob (int, char **);
+void sethash (int, char **);
+void setnmap (int, char **);
+void setntrans (int, char **);
+void setpassive (int, char **);
+void setpeer (int, char **);
+void setport (int, char **);
+void setprompt (int, char **);
+void setrunique (int, char **);
+void setstruct (int, char **);
+void setsunique (int, char **);
+void settenex (int, char **);
+void settrace (int, char **);
+void settype (int, char **);
+void setverbose (int, char **);
+void shell (int, char **);
+void site (int, char **);
+void sizecmd (int, char **);
+char *slurpstring (void);
+void status (int, char **);
+void syst (int, char **);
+void tvsub (struct timeval *, struct timeval *, struct timeval *);
+void user (int, char **);
+
+extern jmp_buf abortprox;
+extern int abrtflag;
+extern struct cmd cmdtab[];
+extern FILE *cout;
+extern int data;
+extern char *home;
+extern jmp_buf jabort;
+extern int proxy;
+extern char reply_string[];
+extern off_t restart_point;
+extern int NCMDS;
+
+extern char username[32];
+extern char myhostname[];
+extern char *mydomain;
diff --git a/crypto/kerberosIV/appl/ftp/ftp/ftp.c b/crypto/kerberosIV/appl/ftp/ftp/ftp.c
new file mode 100644
index 0000000..cfabda6
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/ftp.c
@@ -0,0 +1,1658 @@
+/*
+ * Copyright (c) 1985, 1989, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ftp_locl.h"
+RCSID("$Id: ftp.c,v 1.44 1997/05/18 20:00:31 assar Exp $");
+
+struct sockaddr_in hisctladdr;
+struct sockaddr_in data_addr;
+int data = -1;
+int abrtflag = 0;
+jmp_buf ptabort;
+int ptabflg;
+int ptflag = 0;
+struct sockaddr_in myctladdr;
+off_t restart_point = 0;
+
+
+FILE *cin, *cout;
+
+typedef void (*sighand)(int);
+
+char *
+hookup(char *host, int port)
+{
+ struct hostent *hp = 0;
+ int s, len, tos;
+ static char hostnamebuf[80];
+
+ memset(&hisctladdr, 0, sizeof (hisctladdr));
+ if(inet_aton(host, &hisctladdr.sin_addr)){
+ hisctladdr.sin_family = AF_INET;
+ strncpy(hostnamebuf, host, sizeof(hostnamebuf));
+ } else {
+ hp = gethostbyname(host);
+ if (hp == NULL) {
+#ifdef HAVE_H_ERRNO
+ warnx("%s: %s", host, hstrerror(h_errno));
+#else
+ warnx("%s: %s", host, "unknown error");
+#endif
+ code = -1;
+ return NULL;
+ }
+ hisctladdr.sin_family = hp->h_addrtype;
+ memmove(&hisctladdr.sin_addr,
+ hp->h_addr_list[0],
+ sizeof(hisctladdr.sin_addr));
+ strncpy(hostnamebuf, hp->h_name, sizeof(hostnamebuf));
+ hostnamebuf[sizeof(hostnamebuf) - 1] = '\0';
+ }
+ hostname = hostnamebuf;
+ s = socket(hisctladdr.sin_family, SOCK_STREAM, 0);
+ if (s < 0) {
+ warn("socket");
+ code = -1;
+ return (0);
+ }
+ hisctladdr.sin_port = port;
+ while (connect(s, (struct sockaddr *)&hisctladdr, sizeof (hisctladdr)) < 0) {
+ if (hp && hp->h_addr_list[1]) {
+ int oerrno = errno;
+ char *ia;
+
+ ia = inet_ntoa(hisctladdr.sin_addr);
+ errno = oerrno;
+ warn("connect to address %s", ia);
+ hp->h_addr_list++;
+ memmove(&hisctladdr.sin_addr,
+ hp->h_addr_list[0],
+ sizeof(hisctladdr.sin_addr));
+ fprintf(stdout, "Trying %s...\n",
+ inet_ntoa(hisctladdr.sin_addr));
+ close(s);
+ s = socket(hisctladdr.sin_family, SOCK_STREAM, 0);
+ if (s < 0) {
+ warn("socket");
+ code = -1;
+ return (0);
+ }
+ continue;
+ }
+ warn("connect");
+ code = -1;
+ goto bad;
+ }
+ len = sizeof (myctladdr);
+ if (getsockname(s, (struct sockaddr *)&myctladdr, &len) < 0) {
+ warn("getsockname");
+ code = -1;
+ goto bad;
+ }
+#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
+ tos = IPTOS_LOWDELAY;
+ if (setsockopt(s, IPPROTO_IP, IP_TOS, (char *)&tos, sizeof(int)) < 0)
+ warn("setsockopt TOS (ignored)");
+#endif
+ cin = fdopen(s, "r");
+ cout = fdopen(s, "w");
+ if (cin == NULL || cout == NULL) {
+ warnx("fdopen failed.");
+ if (cin)
+ fclose(cin);
+ if (cout)
+ fclose(cout);
+ code = -1;
+ goto bad;
+ }
+ if (verbose)
+ printf("Connected to %s.\n", hostname);
+ if (getreply(0) > 2) { /* read startup message from server */
+ if (cin)
+ fclose(cin);
+ if (cout)
+ fclose(cout);
+ code = -1;
+ goto bad;
+ }
+#if defined(SO_OOBINLINE) && defined(HAVE_SETSOCKOPT)
+ {
+ int on = 1;
+
+ if (setsockopt(s, SOL_SOCKET, SO_OOBINLINE, (char *)&on, sizeof(on))
+ < 0 && debug) {
+ warn("setsockopt");
+ }
+ }
+#endif /* SO_OOBINLINE */
+
+ return (hostname);
+bad:
+ close(s);
+ return NULL;
+}
+
+int
+login(char *host)
+{
+ char tmp[80];
+ char defaultpass[128];
+ char *user, *pass, *acct;
+ int n, aflag = 0;
+
+ char *myname = NULL;
+ struct passwd *pw = k_getpwuid(getuid());
+ if (pw != NULL)
+ myname = pw->pw_name;
+
+ user = pass = acct = 0;
+
+ if(do_klogin(host))
+ printf("\n*** Using plaintext user and password ***\n\n");
+ else{
+ printf("Kerberos authentication successful.\n\n");
+ }
+
+ if (ruserpass(host, &user, &pass, &acct) < 0) {
+ code = -1;
+ return (0);
+ }
+ while (user == NULL) {
+ if (myname)
+ printf("Name (%s:%s): ", host, myname);
+ else
+ printf("Name (%s): ", host);
+ fgets(tmp, sizeof(tmp) - 1, stdin);
+ tmp[strlen(tmp) - 1] = '\0';
+ if (*tmp == '\0')
+ user = myname;
+ else
+ user = tmp;
+ }
+ strcpy(username, user);
+ n = command("USER %s", user);
+ if (n == CONTINUE) {
+ if(auth_complete)
+ pass = myname;
+ else if (pass == NULL) {
+ char prompt[128];
+ if(myname &&
+ (!strcmp(user, "ftp") || !strcmp(user, "anonymous"))){
+ snprintf(defaultpass, sizeof(defaultpass), "%s@%s", myname, mydomain);
+ snprintf(prompt, sizeof(prompt), "Password (%s): ", defaultpass);
+ }else{
+ strcpy(defaultpass, "");
+ snprintf(prompt, sizeof(prompt), "Password: ");
+ }
+ pass = defaultpass;
+ des_read_pw_string (tmp, sizeof(tmp), prompt, 0);
+ if(tmp[0])
+ pass = tmp;
+ }
+ n = command("PASS %s", pass);
+ }
+ if (n == CONTINUE) {
+ aflag++;
+ acct = tmp;
+ des_read_pw_string(acct, 128, "Account:", 0);
+ n = command("ACCT %s", acct);
+ }
+ if (n != COMPLETE) {
+ warnx("Login failed.");
+ return (0);
+ }
+ if (!aflag && acct != NULL)
+ command("ACCT %s", acct);
+ if (proxy)
+ return (1);
+ for (n = 0; n < macnum; ++n) {
+ if (!strcmp("init", macros[n].mac_name)) {
+ strcpy(line, "$init");
+ makeargv();
+ domacro(margc, margv);
+ break;
+ }
+ }
+ sec_set_protection_level();
+ return (1);
+}
+
+void
+cmdabort(int sig)
+{
+
+ printf("\n");
+ fflush(stdout);
+ abrtflag++;
+ if (ptflag)
+ longjmp(ptabort,1);
+}
+
+int
+command(char *fmt, ...)
+{
+ va_list ap;
+ int r;
+ sighand oldintr;
+
+ abrtflag = 0;
+ if (cout == NULL) {
+ warn("No control connection for command");
+ code = -1;
+ return (0);
+ }
+ oldintr = signal(SIGINT, cmdabort);
+ va_start(ap, fmt);
+ if(debug){
+ printf("---> ");
+ if (strncmp("PASS ", fmt, 5) == 0)
+ printf("PASS XXXX");
+ else
+ vfprintf(stdout, fmt, ap);
+ va_start(ap, fmt);
+ }
+ if(auth_complete)
+ krb4_write_enc(cout, fmt, ap);
+ else
+ vfprintf(cout, fmt, ap);
+ va_end(ap);
+ if(debug){
+ printf("\n");
+ fflush(stdout);
+ }
+ fprintf(cout, "\r\n");
+ fflush(cout);
+ cpend = 1;
+ r = getreply(!strcmp(fmt, "QUIT"));
+ if (abrtflag && oldintr != SIG_IGN)
+ (*oldintr)(SIGINT);
+ signal(SIGINT, oldintr);
+ return (r);
+}
+
+char reply_string[BUFSIZ]; /* last line of previous reply */
+
+int
+getreply(int expecteof)
+{
+ char *p;
+ char *lead_string;
+ int c;
+ struct sigaction sa, osa;
+ char buf[1024];
+
+ sigemptyset(&sa.sa_mask);
+ sa.sa_flags = 0;
+ sa.sa_handler = cmdabort;
+ sigaction(SIGINT, &sa, &osa);
+
+ p = buf;
+
+ while(1){
+ c = getc(cin);
+ switch(c){
+ case EOF:
+ if (expecteof) {
+ sigaction(SIGINT,&osa, NULL);
+ code = 221;
+ return 0;
+ }
+ lostpeer(0);
+ if (verbose) {
+ printf("421 Service not available, "
+ "remote server has closed connection\n");
+ fflush(stdout);
+ }
+ code = 421;
+ return (4);
+ break;
+ case IAC:
+ c = getc(cin);
+ if(c == WILL || c == WONT)
+ fprintf(cout, "%c%c%c", IAC, DONT, getc(cin));
+ if(c == DO || c == DONT)
+ fprintf(cout, "%c%c%c", IAC, WONT, getc(cin));
+ continue;
+ case '\n':
+ *p++ = 0;
+ if(isdigit(buf[0])){
+ sscanf(buf, "%d", &code);
+ if(code == 631){
+ krb4_read_mic(buf);
+ sscanf(buf, "%d", &code);
+ lead_string = "S:";
+ } else if(code == 632){
+ krb4_read_enc(buf);
+ sscanf(buf, "%d", &code);
+ lead_string = "P:";
+ }else if(code == 633){
+ printf("Received confidential reply!\n");
+ }else if(auth_complete)
+ lead_string = "!!";
+ else
+ lead_string = "";
+ if(verbose > 0 || (verbose > -1 && code > 499))
+ fprintf(stdout, "%s%s\n", lead_string, buf);
+ if(buf[3] == ' '){
+ strcpy(reply_string, buf);
+ if (code >= 200)
+ cpend = 0;
+ sigaction(SIGINT, &osa, NULL);
+ if (code == 421)
+ lostpeer(0);
+#if 1
+ if (abrtflag &&
+ osa.sa_handler != cmdabort &&
+ osa.sa_handler != SIG_IGN)
+ osa.sa_handler(SIGINT);
+#endif
+ if(code == 227){
+ char *p, *q;
+ pasv[0] = 0;
+ p = strchr(reply_string, '(');
+ if(p){
+ p++;
+ q = strchr(p, ')');
+ if(q){
+ strncpy(pasv, p, q - p);
+ pasv[q - p] = 0;
+ }
+ }
+ }
+ return code / 100;
+ }
+ }else{
+ if(verbose > 0 || (verbose > -1 && code > 499)){
+ if(auth_complete)
+ fprintf(stdout, "!!");
+ fprintf(stdout, "%s\n", buf);
+ }
+ }
+ p = buf;
+ continue;
+ default:
+ *p++ = c;
+ }
+ }
+
+}
+
+
+#if 0
+int
+getreply(int expecteof)
+{
+ int c, n;
+ int dig;
+ int originalcode = 0, continuation = 0;
+ sighand oldintr;
+ int pflag = 0;
+ char *cp, *pt = pasv;
+
+ oldintr = signal(SIGINT, cmdabort);
+ for (;;) {
+ dig = n = code = 0;
+ cp = reply_string;
+ while ((c = getc(cin)) != '\n') {
+ if (c == IAC) { /* handle telnet commands */
+ switch (c = getc(cin)) {
+ case WILL:
+ case WONT:
+ c = getc(cin);
+ fprintf(cout, "%c%c%c", IAC, DONT, c);
+ fflush(cout);
+ break;
+ case DO:
+ case DONT:
+ c = getc(cin);
+ fprintf(cout, "%c%c%c", IAC, WONT, c);
+ fflush(cout);
+ break;
+ default:
+ break;
+ }
+ continue;
+ }
+ dig++;
+ if (c == EOF) {
+ if (expecteof) {
+ signal(SIGINT,oldintr);
+ code = 221;
+ return (0);
+ }
+ lostpeer(0);
+ if (verbose) {
+ printf("421 Service not available, remote server has closed connection\n");
+ fflush(stdout);
+ }
+ code = 421;
+ return (4);
+ }
+ if (c != '\r' && (verbose > 0 ||
+ (verbose > -1 && n == '5' && dig > 4))) {
+ if (proxflag &&
+ (dig == 1 || dig == 5 && verbose == 0))
+ printf("%s:",hostname);
+ putchar(c);
+ }
+ if (dig < 4 && isdigit(c))
+ code = code * 10 + (c - '0');
+ if (!pflag && code == 227)
+ pflag = 1;
+ if (dig > 4 && pflag == 1 && isdigit(c))
+ pflag = 2;
+ if (pflag == 2) {
+ if (c != '\r' && c != ')')
+ *pt++ = c;
+ else {
+ *pt = '\0';
+ pflag = 3;
+ }
+ }
+ if (dig == 4 && c == '-') {
+ if (continuation)
+ code = 0;
+ continuation++;
+ }
+ if (n == 0)
+ n = c;
+ if (cp < &reply_string[sizeof(reply_string) - 1])
+ *cp++ = c;
+ }
+ if (verbose > 0 || verbose > -1 && n == '5') {
+ putchar(c);
+ fflush (stdout);
+ }
+ if (continuation && code != originalcode) {
+ if (originalcode == 0)
+ originalcode = code;
+ continue;
+ }
+ *cp = '\0';
+ if(auth_complete){
+ if(code == 631)
+ krb4_read_mic(reply_string);
+ else
+ krb4_read_enc(reply_string);
+ n = code / 100 + '0';
+ }
+
+ if (n != '1')
+ cpend = 0;
+ signal(SIGINT,oldintr);
+ if (code == 421 || originalcode == 421)
+ lostpeer(0);
+ if (abrtflag && oldintr != cmdabort && oldintr != SIG_IGN)
+ (*oldintr)(SIGINT);
+ return (n - '0');
+ }
+}
+#endif
+
+int
+empty(fd_set *mask, int sec)
+{
+ struct timeval t;
+
+ t.tv_sec = (long) sec;
+ t.tv_usec = 0;
+ return (select(32, mask, NULL, NULL, &t));
+}
+
+jmp_buf sendabort;
+
+static RETSIGTYPE
+abortsend(int sig)
+{
+
+ mflag = 0;
+ abrtflag = 0;
+ printf("\nsend aborted\nwaiting for remote to finish abort\n");
+ fflush(stdout);
+ longjmp(sendabort, 1);
+}
+
+#define HASHBYTES 1024
+
+static int
+copy_stream(FILE *from, FILE *to)
+{
+ static size_t bufsize;
+ static char *buf;
+ int n;
+ int bytes = 0;
+ int werr;
+ int hashbytes = HASHBYTES;
+ struct stat st;
+
+#ifdef HAVE_MMAP
+ void *chunk;
+
+#ifndef MAP_FAILED
+#define MAP_FAILED (-1)
+#endif
+
+ if(fstat(fileno(from), &st) == 0 && S_ISREG(st.st_mode)){
+ chunk = mmap(0, st.st_size, PROT_READ, MAP_SHARED, fileno(from), 0);
+ if (chunk != (void *)MAP_FAILED) {
+ int res;
+
+ res = sec_write(fileno(to), chunk, st.st_size);
+ if (munmap(chunk, st.st_size) < 0)
+ warn ("munmap");
+ sec_fflush(to);
+ return res;
+ }
+ }
+#endif
+
+ buf = alloc_buffer (buf, &bufsize,
+ fstat(fileno(from), &st) >= 0 ? &st : NULL);
+ if (buf == NULL)
+ return -1;
+
+ while((n = read(fileno(from), buf, bufsize)) > 0){
+ werr = sec_write(fileno(to), buf, n);
+ if(werr < 0)
+ break;
+ bytes += werr;
+ while(hash && bytes > hashbytes){
+ putchar('#');
+ hashbytes += HASHBYTES;
+ }
+ }
+ sec_fflush(to);
+ if(n < 0)
+ warn("local");
+
+ if(werr < 0){
+ if(errno != EPIPE)
+ warn("netout");
+ bytes = -1;
+ }
+ return bytes;
+}
+
+void
+sendrequest(char *cmd, char *local, char *remote, int printnames)
+{
+ struct stat st;
+ struct timeval start, stop;
+ int c, d;
+ FILE *fin, *dout = 0;
+ int (*closefunc) (FILE *);
+ RETSIGTYPE (*oldintr)(), (*oldintp)();
+ long bytes = 0, hashbytes = HASHBYTES;
+ char *lmode;
+
+ if (verbose && printnames) {
+ if (local && *local != '-')
+ printf("local: %s ", local);
+ if (remote)
+ printf("remote: %s\n", remote);
+ }
+ if (proxy) {
+ proxtrans(cmd, local, remote);
+ return;
+ }
+ if (curtype != type)
+ changetype(type, 0);
+ closefunc = NULL;
+ oldintr = NULL;
+ oldintp = NULL;
+ lmode = "w";
+ if (setjmp(sendabort)) {
+ while (cpend) {
+ getreply(0);
+ }
+ if (data >= 0) {
+ close(data);
+ data = -1;
+ }
+ if (oldintr)
+ signal(SIGINT,oldintr);
+ if (oldintp)
+ signal(SIGPIPE,oldintp);
+ code = -1;
+ return;
+ }
+ oldintr = signal(SIGINT, abortsend);
+ if (strcmp(local, "-") == 0)
+ fin = stdin;
+ else if (*local == '|') {
+ oldintp = signal(SIGPIPE,SIG_IGN);
+ fin = popen(local + 1, "r");
+ if (fin == NULL) {
+ warn("%s", local + 1);
+ signal(SIGINT, oldintr);
+ signal(SIGPIPE, oldintp);
+ code = -1;
+ return;
+ }
+ closefunc = pclose;
+ } else {
+ fin = fopen(local, "r");
+ if (fin == NULL) {
+ warn("local: %s", local);
+ signal(SIGINT, oldintr);
+ code = -1;
+ return;
+ }
+ closefunc = fclose;
+ if (fstat(fileno(fin), &st) < 0 ||
+ (st.st_mode&S_IFMT) != S_IFREG) {
+ fprintf(stdout, "%s: not a plain file.\n", local);
+ signal(SIGINT, oldintr);
+ fclose(fin);
+ code = -1;
+ return;
+ }
+ }
+ if (initconn()) {
+ signal(SIGINT, oldintr);
+ if (oldintp)
+ signal(SIGPIPE, oldintp);
+ code = -1;
+ if (closefunc != NULL)
+ (*closefunc)(fin);
+ return;
+ }
+ if (setjmp(sendabort))
+ goto abort;
+
+ if (restart_point &&
+ (strcmp(cmd, "STOR") == 0 || strcmp(cmd, "APPE") == 0)) {
+ int rc;
+
+ switch (curtype) {
+ case TYPE_A:
+ rc = fseek(fin, (long) restart_point, SEEK_SET);
+ break;
+ case TYPE_I:
+ case TYPE_L:
+ rc = lseek(fileno(fin), restart_point, SEEK_SET);
+ break;
+ }
+ if (rc < 0) {
+ warn("local: %s", local);
+ restart_point = 0;
+ if (closefunc != NULL)
+ (*closefunc)(fin);
+ return;
+ }
+ if (command("REST %ld", (long) restart_point)
+ != CONTINUE) {
+ restart_point = 0;
+ if (closefunc != NULL)
+ (*closefunc)(fin);
+ return;
+ }
+ restart_point = 0;
+ lmode = "r+w";
+ }
+ if (remote) {
+ if (command("%s %s", cmd, remote) != PRELIM) {
+ signal(SIGINT, oldintr);
+ if (oldintp)
+ signal(SIGPIPE, oldintp);
+ if (closefunc != NULL)
+ (*closefunc)(fin);
+ return;
+ }
+ } else
+ if (command("%s", cmd) != PRELIM) {
+ signal(SIGINT, oldintr);
+ if (oldintp)
+ signal(SIGPIPE, oldintp);
+ if (closefunc != NULL)
+ (*closefunc)(fin);
+ return;
+ }
+ dout = dataconn(lmode);
+ if (dout == NULL)
+ goto abort;
+ set_buffer_size(fileno(dout), 0);
+ gettimeofday(&start, (struct timezone *)0);
+ oldintp = signal(SIGPIPE, SIG_IGN);
+ switch (curtype) {
+
+ case TYPE_I:
+ case TYPE_L:
+ errno = d = c = 0;
+ bytes = copy_stream(fin, dout);
+ break;
+
+ case TYPE_A:
+ while ((c = getc(fin)) != EOF) {
+ if (c == '\n') {
+ while (hash && (bytes >= hashbytes)) {
+ putchar('#');
+ fflush(stdout);
+ hashbytes += HASHBYTES;
+ }
+ if (ferror(dout))
+ break;
+ sec_putc('\r', dout);
+ bytes++;
+ }
+ sec_putc(c, dout);
+ bytes++;
+ }
+ sec_fflush(dout);
+ if (hash) {
+ if (bytes < hashbytes)
+ putchar('#');
+ putchar('\n');
+ fflush(stdout);
+ }
+ if (ferror(fin))
+ warn("local: %s", local);
+ if (ferror(dout)) {
+ if (errno != EPIPE)
+ warn("netout");
+ bytes = -1;
+ }
+ break;
+ }
+ if (closefunc != NULL)
+ (*closefunc)(fin);
+ fclose(dout);
+ gettimeofday(&stop, (struct timezone *)0);
+ getreply(0);
+ signal(SIGINT, oldintr);
+ if (oldintp)
+ signal(SIGPIPE, oldintp);
+ if (bytes > 0)
+ ptransfer("sent", bytes, &start, &stop);
+ return;
+abort:
+ signal(SIGINT, oldintr);
+ if (oldintp)
+ signal(SIGPIPE, oldintp);
+ if (!cpend) {
+ code = -1;
+ return;
+ }
+ if (data >= 0) {
+ close(data);
+ data = -1;
+ }
+ if (dout)
+ fclose(dout);
+ getreply(0);
+ code = -1;
+ if (closefunc != NULL && fin != NULL)
+ (*closefunc)(fin);
+ gettimeofday(&stop, (struct timezone *)0);
+ if (bytes > 0)
+ ptransfer("sent", bytes, &start, &stop);
+}
+
+jmp_buf recvabort;
+
+void
+abortrecv(int sig)
+{
+
+ mflag = 0;
+ abrtflag = 0;
+ printf("\nreceive aborted\nwaiting for remote to finish abort\n");
+ fflush(stdout);
+ longjmp(recvabort, 1);
+}
+
+void
+recvrequest(char *cmd, char *local, char *remote, char *lmode, int printnames)
+{
+ FILE *fout, *din = 0;
+ int (*closefunc) (FILE *);
+ sighand oldintr, oldintp;
+ int c, d, is_retr, tcrflag, bare_lfs = 0;
+ static size_t bufsize;
+ static char *buf;
+ long bytes = 0, hashbytes = HASHBYTES;
+ struct timeval start, stop;
+ struct stat st;
+
+ is_retr = strcmp(cmd, "RETR") == 0;
+ if (is_retr && verbose && printnames) {
+ if (local && *local != '-')
+ printf("local: %s ", local);
+ if (remote)
+ printf("remote: %s\n", remote);
+ }
+ if (proxy && is_retr) {
+ proxtrans(cmd, local, remote);
+ return;
+ }
+ closefunc = NULL;
+ oldintr = NULL;
+ oldintp = NULL;
+ tcrflag = !crflag && is_retr;
+ if (setjmp(recvabort)) {
+ while (cpend) {
+ getreply(0);
+ }
+ if (data >= 0) {
+ close(data);
+ data = -1;
+ }
+ if (oldintr)
+ signal(SIGINT, oldintr);
+ code = -1;
+ return;
+ }
+ oldintr = signal(SIGINT, abortrecv);
+ if (strcmp(local, "-") && *local != '|') {
+ if (access(local, 2) < 0) {
+ char *dir = strrchr(local, '/');
+
+ if (errno != ENOENT && errno != EACCES) {
+ warn("local: %s", local);
+ signal(SIGINT, oldintr);
+ code = -1;
+ return;
+ }
+ if (dir != NULL)
+ *dir = 0;
+ d = access(dir ? local : ".", 2);
+ if (dir != NULL)
+ *dir = '/';
+ if (d < 0) {
+ warn("local: %s", local);
+ signal(SIGINT, oldintr);
+ code = -1;
+ return;
+ }
+ if (!runique && errno == EACCES &&
+ chmod(local, 0600) < 0) {
+ warn("local: %s", local);
+ signal(SIGINT, oldintr);
+ signal(SIGINT, oldintr);
+ code = -1;
+ return;
+ }
+ if (runique && errno == EACCES &&
+ (local = gunique(local)) == NULL) {
+ signal(SIGINT, oldintr);
+ code = -1;
+ return;
+ }
+ }
+ else if (runique && (local = gunique(local)) == NULL) {
+ signal(SIGINT, oldintr);
+ code = -1;
+ return;
+ }
+ }
+ if (!is_retr) {
+ if (curtype != TYPE_A)
+ changetype(TYPE_A, 0);
+ } else if (curtype != type)
+ changetype(type, 0);
+ if (initconn()) {
+ signal(SIGINT, oldintr);
+ code = -1;
+ return;
+ }
+ if (setjmp(recvabort))
+ goto abort;
+ if (is_retr && restart_point &&
+ command("REST %ld", (long) restart_point) != CONTINUE)
+ return;
+ if (remote) {
+ if (command("%s %s", cmd, remote) != PRELIM) {
+ signal(SIGINT, oldintr);
+ return;
+ }
+ } else {
+ if (command("%s", cmd) != PRELIM) {
+ signal(SIGINT, oldintr);
+ return;
+ }
+ }
+ din = dataconn("r");
+ if (din == NULL)
+ goto abort;
+ set_buffer_size(fileno(din), 1);
+ if (strcmp(local, "-") == 0)
+ fout = stdout;
+ else if (*local == '|') {
+ oldintp = signal(SIGPIPE, SIG_IGN);
+ fout = popen(local + 1, "w");
+ if (fout == NULL) {
+ warn("%s", local+1);
+ goto abort;
+ }
+ closefunc = pclose;
+ } else {
+ fout = fopen(local, lmode);
+ if (fout == NULL) {
+ warn("local: %s", local);
+ goto abort;
+ }
+ closefunc = fclose;
+ }
+ buf = alloc_buffer (buf, &bufsize,
+ fstat(fileno(fout), &st) >= 0 ? &st : NULL);
+ if (buf == NULL)
+ goto abort;
+
+ gettimeofday(&start, (struct timezone *)0);
+ switch (curtype) {
+
+ case TYPE_I:
+ case TYPE_L:
+ if (restart_point &&
+ lseek(fileno(fout), restart_point, SEEK_SET) < 0) {
+ warn("local: %s", local);
+ if (closefunc != NULL)
+ (*closefunc)(fout);
+ return;
+ }
+ errno = d = 0;
+ while ((c = sec_read(fileno(din), buf, bufsize)) > 0) {
+ if ((d = write(fileno(fout), buf, c)) != c)
+ break;
+ bytes += c;
+ if (hash) {
+ while (bytes >= hashbytes) {
+ putchar('#');
+ hashbytes += HASHBYTES;
+ }
+ fflush(stdout);
+ }
+ }
+ if (hash && bytes > 0) {
+ if (bytes < HASHBYTES)
+ putchar('#');
+ putchar('\n');
+ fflush(stdout);
+ }
+ if (c < 0) {
+ if (errno != EPIPE)
+ warn("netin");
+ bytes = -1;
+ }
+ if (d < c) {
+ if (d < 0)
+ warn("local: %s", local);
+ else
+ warnx("%s: short write", local);
+ }
+ break;
+
+ case TYPE_A:
+ if (restart_point) {
+ int i, n, ch;
+
+ if (fseek(fout, 0L, SEEK_SET) < 0)
+ goto done;
+ n = restart_point;
+ for (i = 0; i++ < n;) {
+ if ((ch = sec_getc(fout)) == EOF)
+ goto done;
+ if (ch == '\n')
+ i++;
+ }
+ if (fseek(fout, 0L, SEEK_CUR) < 0) {
+ done:
+ warn("local: %s", local);
+ if (closefunc != NULL)
+ (*closefunc)(fout);
+ return;
+ }
+ }
+
+ while ((c = sec_getc(din)) != EOF) {
+ if (c == '\n')
+ bare_lfs++;
+ while (c == '\r') {
+ while (hash && (bytes >= hashbytes)) {
+ putchar('#');
+ fflush(stdout);
+ hashbytes += HASHBYTES;
+ }
+ bytes++;
+ if ((c = sec_getc(din)) != '\n' || tcrflag) {
+ if (ferror(fout))
+ goto break2;
+ putc('\r', fout);
+ if (c == '\0') {
+ bytes++;
+ goto contin2;
+ }
+ if (c == EOF)
+ goto contin2;
+ }
+ }
+ putc(c, fout);
+ bytes++;
+ contin2: ;
+ }
+ break2:
+ if (bare_lfs) {
+ printf("WARNING! %d bare linefeeds received in ASCII mode\n",
+ bare_lfs);
+ printf("File may not have transferred correctly.\n");
+ }
+ if (hash) {
+ if (bytes < hashbytes)
+ putchar('#');
+ putchar('\n');
+ fflush(stdout);
+ }
+ if (ferror(din)) {
+ if (errno != EPIPE)
+ warn("netin");
+ bytes = -1;
+ }
+ if (ferror(fout))
+ warn("local: %s", local);
+ break;
+ }
+ if (closefunc != NULL)
+ (*closefunc)(fout);
+ signal(SIGINT, oldintr);
+ if (oldintp)
+ signal(SIGPIPE, oldintp);
+ fclose(din);
+ gettimeofday(&stop, (struct timezone *)0);
+ getreply(0);
+ if (bytes > 0 && is_retr)
+ ptransfer("received", bytes, &start, &stop);
+ return;
+abort:
+
+ /* abort using RFC959 recommended IP,SYNC sequence */
+
+ if (oldintp)
+ signal(SIGPIPE, oldintr);
+ signal(SIGINT, SIG_IGN);
+ if (!cpend) {
+ code = -1;
+ signal(SIGINT, oldintr);
+ return;
+ }
+
+ abort_remote(din);
+ code = -1;
+ if (data >= 0) {
+ close(data);
+ data = -1;
+ }
+ if (closefunc != NULL && fout != NULL)
+ (*closefunc)(fout);
+ if (din)
+ fclose(din);
+ gettimeofday(&stop, (struct timezone *)0);
+ if (bytes > 0)
+ ptransfer("received", bytes, &start, &stop);
+ signal(SIGINT, oldintr);
+}
+
+/*
+ * Need to start a listen on the data channel before we send the command,
+ * otherwise the server's connect may fail.
+ */
+int
+initconn(void)
+{
+ int result, len, tmpno = 0;
+ int on = 1;
+ int a0, a1, a2, a3, p0, p1;
+
+ if (passivemode) {
+ data = socket(AF_INET, SOCK_STREAM, 0);
+ if (data < 0) {
+ perror("ftp: socket");
+ return(1);
+ }
+#if defined(SO_DEBUG) && defined(HAVE_SETSOCKOPT)
+ if ((options & SO_DEBUG) &&
+ setsockopt(data, SOL_SOCKET, SO_DEBUG, (char *)&on,
+ sizeof (on)) < 0)
+ perror("ftp: setsockopt (ignored)");
+#endif
+ if (command("PASV") != COMPLETE) {
+ printf("Passive mode refused.\n");
+ goto bad;
+ }
+
+ /*
+ * What we've got at this point is a string of comma
+ * separated one-byte unsigned integer values.
+ * The first four are the an IP address. The fifth is
+ * the MSB of the port number, the sixth is the LSB.
+ * From that we'll prepare a sockaddr_in.
+ */
+
+ if (sscanf(pasv,"%d,%d,%d,%d,%d,%d",
+ &a0, &a1, &a2, &a3, &p0, &p1) != 6) {
+ printf("Passive mode address scan failure. "
+ "Shouldn't happen!\n");
+ goto bad;
+ }
+ if(a0 < 0 || a0 > 255 ||
+ a1 < 0 || a1 > 255 ||
+ a2 < 0 || a2 > 255 ||
+ a3 < 0 || a3 > 255 ||
+ p0 < 0 || p0 > 255 ||
+ p1 < 0 || p1 > 255){
+ printf("Can't parse passive mode string.\n");
+ goto bad;
+ }
+
+ memset(&data_addr, 0, sizeof(data_addr));
+ data_addr.sin_family = AF_INET;
+ data_addr.sin_addr.s_addr = htonl((a0 << 24) | (a1 << 16) |
+ (a2 << 8) | a3);
+ data_addr.sin_port = htons((p0 << 8) | p1);
+
+ if (connect(data, (struct sockaddr *)&data_addr,
+ sizeof(data_addr)) < 0) {
+ perror("ftp: connect");
+ goto bad;
+ }
+#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
+ on = IPTOS_THROUGHPUT;
+ if (setsockopt(data, IPPROTO_IP, IP_TOS, (char *)&on,
+ sizeof(int)) < 0)
+ perror("ftp: setsockopt TOS (ignored)");
+#endif
+ return(0);
+ }
+
+noport:
+ data_addr = myctladdr;
+ if (sendport)
+ data_addr.sin_port = 0; /* let system pick one */
+ if (data != -1)
+ close(data);
+ data = socket(AF_INET, SOCK_STREAM, 0);
+ if (data < 0) {
+ warn("socket");
+ if (tmpno)
+ sendport = 1;
+ return (1);
+ }
+#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT)
+ if (!sendport)
+ if (setsockopt(data, SOL_SOCKET, SO_REUSEADDR, (char *)&on, sizeof (on)) < 0) {
+ warn("setsockopt (reuse address)");
+ goto bad;
+ }
+#endif
+ if (bind(data, (struct sockaddr *)&data_addr, sizeof (data_addr)) < 0) {
+ warn("bind");
+ goto bad;
+ }
+#if defined(SO_DEBUG) && defined(HAVE_SETSOCKOPT)
+ if (options & SO_DEBUG &&
+ setsockopt(data, SOL_SOCKET, SO_DEBUG, (char *)&on, sizeof (on)) < 0)
+ warn("setsockopt (ignored)");
+#endif
+ len = sizeof (data_addr);
+ if (getsockname(data, (struct sockaddr *)&data_addr, &len) < 0) {
+ warn("getsockname");
+ goto bad;
+ }
+ if (listen(data, 1) < 0)
+ warn("listen");
+ if (sendport) {
+ unsigned int a = ntohl(data_addr.sin_addr.s_addr);
+ unsigned int p = ntohs(data_addr.sin_port);
+ result = command("PORT %d,%d,%d,%d,%d,%d",
+ (a >> 24) & 0xff,
+ (a >> 16) & 0xff,
+ (a >> 8) & 0xff,
+ a & 0xff,
+ (p >> 8) & 0xff,
+ p & 0xff);
+ if (result == ERROR && sendport == -1) {
+ sendport = 0;
+ tmpno = 1;
+ goto noport;
+ }
+ return (result != COMPLETE);
+ }
+ if (tmpno)
+ sendport = 1;
+#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
+ on = IPTOS_THROUGHPUT;
+ if (setsockopt(data, IPPROTO_IP, IP_TOS, (char *)&on, sizeof(int)) < 0)
+ warn("setsockopt TOS (ignored)");
+#endif
+ return (0);
+bad:
+ close(data), data = -1;
+ if (tmpno)
+ sendport = 1;
+ return (1);
+}
+
+FILE *
+dataconn(char *lmode)
+{
+ struct sockaddr_in from;
+ int s, fromlen = sizeof (from), tos;
+
+ if (passivemode)
+ return (fdopen(data, lmode));
+
+ s = accept(data, (struct sockaddr *) &from, &fromlen);
+ if (s < 0) {
+ warn("accept");
+ close(data), data = -1;
+ return (NULL);
+ }
+ close(data);
+ data = s;
+#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
+ tos = IPTOS_THROUGHPUT;
+ if (setsockopt(s, IPPROTO_IP, IP_TOS, (char *)&tos, sizeof(int)) < 0)
+ warn("setsockopt TOS (ignored)");
+#endif
+ return (fdopen(data, lmode));
+}
+
+void
+ptransfer(char *direction, long int bytes,
+ struct timeval *t0, struct timeval *t1)
+{
+ struct timeval td;
+ float s;
+ float bs;
+ int prec;
+ char *unit;
+
+ if (verbose) {
+ td.tv_sec = t1->tv_sec - t0->tv_sec;
+ td.tv_usec = t1->tv_usec - t0->tv_usec;
+ if(td.tv_usec < 0){
+ td.tv_sec--;
+ td.tv_usec += 1000000;
+ }
+ s = td.tv_sec + (td.tv_usec / 1000000.);
+ bs = bytes / (s?s:1);
+ if(bs >= 1048576){
+ bs /= 1048576;
+ unit = "M";
+ prec = 2;
+ }else if(bs >= 1024){
+ bs /= 1024;
+ unit = "k";
+ prec = 1;
+ }else{
+ unit = "";
+ prec = 0;
+ }
+
+ printf("%ld bytes %s in %.3g seconds (%.*f %sbyte/s)\n",
+ bytes, direction, s, prec, bs, unit);
+ }
+}
+
+void
+psabort(int sig)
+{
+
+ abrtflag++;
+}
+
+void
+pswitch(int flag)
+{
+ sighand oldintr;
+ static struct comvars {
+ int connect;
+ char name[MaxHostNameLen];
+ struct sockaddr_in mctl;
+ struct sockaddr_in hctl;
+ FILE *in;
+ FILE *out;
+ int tpe;
+ int curtpe;
+ int cpnd;
+ int sunqe;
+ int runqe;
+ int mcse;
+ int ntflg;
+ char nti[17];
+ char nto[17];
+ int mapflg;
+ char mi[MaxPathLen];
+ char mo[MaxPathLen];
+ } proxstruct, tmpstruct;
+ struct comvars *ip, *op;
+
+ abrtflag = 0;
+ oldintr = signal(SIGINT, psabort);
+ if (flag) {
+ if (proxy)
+ return;
+ ip = &tmpstruct;
+ op = &proxstruct;
+ proxy++;
+ } else {
+ if (!proxy)
+ return;
+ ip = &proxstruct;
+ op = &tmpstruct;
+ proxy = 0;
+ }
+ ip->connect = connected;
+ connected = op->connect;
+ if (hostname) {
+ strncpy(ip->name, hostname, sizeof(ip->name) - 1);
+ ip->name[strlen(ip->name)] = '\0';
+ } else
+ ip->name[0] = 0;
+ hostname = op->name;
+ ip->hctl = hisctladdr;
+ hisctladdr = op->hctl;
+ ip->mctl = myctladdr;
+ myctladdr = op->mctl;
+ ip->in = cin;
+ cin = op->in;
+ ip->out = cout;
+ cout = op->out;
+ ip->tpe = type;
+ type = op->tpe;
+ ip->curtpe = curtype;
+ curtype = op->curtpe;
+ ip->cpnd = cpend;
+ cpend = op->cpnd;
+ ip->sunqe = sunique;
+ sunique = op->sunqe;
+ ip->runqe = runique;
+ runique = op->runqe;
+ ip->mcse = mcase;
+ mcase = op->mcse;
+ ip->ntflg = ntflag;
+ ntflag = op->ntflg;
+ strncpy(ip->nti, ntin, 16);
+ (ip->nti)[strlen(ip->nti)] = '\0';
+ strcpy(ntin, op->nti);
+ strncpy(ip->nto, ntout, 16);
+ (ip->nto)[strlen(ip->nto)] = '\0';
+ strcpy(ntout, op->nto);
+ ip->mapflg = mapflag;
+ mapflag = op->mapflg;
+ strncpy(ip->mi, mapin, MaxPathLen - 1);
+ (ip->mi)[strlen(ip->mi)] = '\0';
+ strcpy(mapin, op->mi);
+ strncpy(ip->mo, mapout, MaxPathLen - 1);
+ (ip->mo)[strlen(ip->mo)] = '\0';
+ strcpy(mapout, op->mo);
+ signal(SIGINT, oldintr);
+ if (abrtflag) {
+ abrtflag = 0;
+ (*oldintr)(SIGINT);
+ }
+}
+
+void
+abortpt(int sig)
+{
+
+ printf("\n");
+ fflush(stdout);
+ ptabflg++;
+ mflag = 0;
+ abrtflag = 0;
+ longjmp(ptabort, 1);
+}
+
+void
+proxtrans(char *cmd, char *local, char *remote)
+{
+ sighand oldintr;
+ int secndflag = 0, prox_type, nfnd;
+ char *cmd2;
+ fd_set mask;
+
+ if (strcmp(cmd, "RETR"))
+ cmd2 = "RETR";
+ else
+ cmd2 = runique ? "STOU" : "STOR";
+ if ((prox_type = type) == 0) {
+ if (unix_server && unix_proxy)
+ prox_type = TYPE_I;
+ else
+ prox_type = TYPE_A;
+ }
+ if (curtype != prox_type)
+ changetype(prox_type, 1);
+ if (command("PASV") != COMPLETE) {
+ printf("proxy server does not support third party transfers.\n");
+ return;
+ }
+ pswitch(0);
+ if (!connected) {
+ printf("No primary connection\n");
+ pswitch(1);
+ code = -1;
+ return;
+ }
+ if (curtype != prox_type)
+ changetype(prox_type, 1);
+ if (command("PORT %s", pasv) != COMPLETE) {
+ pswitch(1);
+ return;
+ }
+ if (setjmp(ptabort))
+ goto abort;
+ oldintr = signal(SIGINT, abortpt);
+ if (command("%s %s", cmd, remote) != PRELIM) {
+ signal(SIGINT, oldintr);
+ pswitch(1);
+ return;
+ }
+ sleep(2);
+ pswitch(1);
+ secndflag++;
+ if (command("%s %s", cmd2, local) != PRELIM)
+ goto abort;
+ ptflag++;
+ getreply(0);
+ pswitch(0);
+ getreply(0);
+ signal(SIGINT, oldintr);
+ pswitch(1);
+ ptflag = 0;
+ printf("local: %s remote: %s\n", local, remote);
+ return;
+abort:
+ signal(SIGINT, SIG_IGN);
+ ptflag = 0;
+ if (strcmp(cmd, "RETR") && !proxy)
+ pswitch(1);
+ else if (!strcmp(cmd, "RETR") && proxy)
+ pswitch(0);
+ if (!cpend && !secndflag) { /* only here if cmd = "STOR" (proxy=1) */
+ if (command("%s %s", cmd2, local) != PRELIM) {
+ pswitch(0);
+ if (cpend)
+ abort_remote((FILE *) NULL);
+ }
+ pswitch(1);
+ if (ptabflg)
+ code = -1;
+ signal(SIGINT, oldintr);
+ return;
+ }
+ if (cpend)
+ abort_remote((FILE *) NULL);
+ pswitch(!proxy);
+ if (!cpend && !secndflag) { /* only if cmd = "RETR" (proxy=1) */
+ if (command("%s %s", cmd2, local) != PRELIM) {
+ pswitch(0);
+ if (cpend)
+ abort_remote((FILE *) NULL);
+ pswitch(1);
+ if (ptabflg)
+ code = -1;
+ signal(SIGINT, oldintr);
+ return;
+ }
+ }
+ if (cpend)
+ abort_remote((FILE *) NULL);
+ pswitch(!proxy);
+ if (cpend) {
+ FD_ZERO(&mask);
+ FD_SET(fileno(cin), &mask);
+ if ((nfnd = empty(&mask, 10)) <= 0) {
+ if (nfnd < 0) {
+ warn("abort");
+ }
+ if (ptabflg)
+ code = -1;
+ lostpeer(0);
+ }
+ getreply(0);
+ getreply(0);
+ }
+ if (proxy)
+ pswitch(0);
+ pswitch(1);
+ if (ptabflg)
+ code = -1;
+ signal(SIGINT, oldintr);
+}
+
+void
+reset(int argc, char **argv)
+{
+ fd_set mask;
+ int nfnd = 1;
+
+ FD_ZERO(&mask);
+ while (nfnd > 0) {
+ FD_SET(fileno(cin), &mask);
+ if ((nfnd = empty(&mask,0)) < 0) {
+ warn("reset");
+ code = -1;
+ lostpeer(0);
+ }
+ else if (nfnd) {
+ getreply(0);
+ }
+ }
+}
+
+char *
+gunique(char *local)
+{
+ static char new[MaxPathLen];
+ char *cp = strrchr(local, '/');
+ int d, count=0;
+ char ext = '1';
+
+ if (cp)
+ *cp = '\0';
+ d = access(cp ? local : ".", 2);
+ if (cp)
+ *cp = '/';
+ if (d < 0) {
+ warn("local: %s", local);
+ return NULL;
+ }
+ strcpy(new, local);
+ cp = new + strlen(new);
+ *cp++ = '.';
+ while (!d) {
+ if (++count == 100) {
+ printf("runique: can't find unique file name.\n");
+ return NULL;
+ }
+ *cp++ = ext;
+ *cp = '\0';
+ if (ext == '9')
+ ext = '0';
+ else
+ ext++;
+ if ((d = access(new, 0)) < 0)
+ break;
+ if (ext != '0')
+ cp--;
+ else if (*(cp - 2) == '.')
+ *(cp - 1) = '1';
+ else {
+ *(cp - 2) = *(cp - 2) + 1;
+ cp--;
+ }
+ }
+ return (new);
+}
+
+void
+abort_remote(FILE *din)
+{
+ char buf[BUFSIZ];
+ int nfnd;
+ fd_set mask;
+
+ /*
+ * send IAC in urgent mode instead of DM because 4.3BSD places oob mark
+ * after urgent byte rather than before as is protocol now
+ */
+ snprintf(buf, sizeof(buf), "%c%c%c", IAC, IP, IAC);
+ if (send(fileno(cout), buf, 3, MSG_OOB) != 3)
+ warn("abort");
+ fprintf(cout,"%cABOR\r\n", DM);
+ fflush(cout);
+ FD_ZERO(&mask);
+ FD_SET(fileno(cin), &mask);
+ if (din) {
+ FD_SET(fileno(din), &mask);
+ }
+ if ((nfnd = empty(&mask, 10)) <= 0) {
+ if (nfnd < 0) {
+ warn("abort");
+ }
+ if (ptabflg)
+ code = -1;
+ lostpeer(0);
+ }
+ if (din && FD_ISSET(fileno(din), &mask)) {
+ while (read(fileno(din), buf, BUFSIZ) > 0)
+ /* LOOP */;
+ }
+ if (getreply(0) == ERROR && code == 552) {
+ /* 552 needed for nic style abort */
+ getreply(0);
+ }
+ getreply(0);
+}
diff --git a/crypto/kerberosIV/appl/ftp/ftp/ftp_locl.h b/crypto/kerberosIV/appl/ftp/ftp/ftp_locl.h
new file mode 100644
index 0000000..6ead793
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/ftp_locl.h
@@ -0,0 +1,145 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: ftp_locl.h,v 1.29 1997/05/20 18:40:28 bg Exp $ */
+
+#ifndef __FTP_LOCL_H__
+#define __FTP_LOCL_H__
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <sys/cdefs.h>
+
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN_SYSTM_H
+#include <netinet/in_systm.h>
+#endif
+#ifdef HAVE_NETINET_IP_H
+#include <netinet/ip.h>
+#endif
+
+#ifdef HAVE_ARPA_FTP_H
+#include <arpa/ftp.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_ARPA_TELNET_H
+#include <arpa/telnet.h>
+#endif
+
+#include <errno.h>
+#include <ctype.h>
+#include <glob.h>
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+#ifdef HAVE_SYS_MMAN_H
+#include <sys/mman.h>
+#endif
+
+#include <err.h>
+
+#ifdef SOCKS
+#include <socks.h>
+extern int LIBPREFIX(fclose) __P((FILE *));
+#endif
+
+#include "ftp_var.h"
+#include "extern.h"
+#include "common.h"
+#include "pathnames.h"
+
+#include <des.h>
+
+#include <krb.h>
+
+#include "krb4.h"
+
+#include "roken.h"
+
+#if defined(__sun__) && !defined(__svr4)
+int fclose(FILE*);
+int pclose(FILE*);
+#endif
+
+#endif /* __FTP_LOCL_H__ */
diff --git a/crypto/kerberosIV/appl/ftp/ftp/ftp_var.h b/crypto/kerberosIV/appl/ftp/ftp/ftp_var.h
new file mode 100644
index 0000000..ffac59a
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/ftp_var.h
@@ -0,0 +1,127 @@
+/*
+ * Copyright (c) 1985, 1989, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)ftp_var.h 8.4 (Berkeley) 10/9/94
+ */
+
+/*
+ * FTP global variables.
+ */
+
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#include <setjmp.h>
+
+/*
+ * Options and other state info.
+ */
+extern int trace; /* trace packets exchanged */
+extern int hash; /* print # for each buffer transferred */
+extern int sendport; /* use PORT cmd for each data connection */
+extern int verbose; /* print messages coming back from server */
+extern int connected; /* connected to server */
+extern int fromatty; /* input is from a terminal */
+extern int interactive; /* interactively prompt on m* cmds */
+extern int debug; /* debugging level */
+extern int bell; /* ring bell on cmd completion */
+extern int doglob; /* glob local file names */
+extern int autologin; /* establish user account on connection */
+extern int proxy; /* proxy server connection active */
+extern int proxflag; /* proxy connection exists */
+extern int sunique; /* store files on server with unique name */
+extern int runique; /* store local files with unique name */
+extern int mcase; /* map upper to lower case for mget names */
+extern int ntflag; /* use ntin ntout tables for name translation */
+extern int mapflag; /* use mapin mapout templates on file names */
+extern int code; /* return/reply code for ftp command */
+extern int crflag; /* if 1, strip car. rets. on ascii gets */
+extern char pasv[64]; /* passive port for proxy data connection */
+extern int passivemode; /* passive mode enabled */
+extern char *altarg; /* argv[1] with no shell-like preprocessing */
+extern char ntin[17]; /* input translation table */
+extern char ntout[17]; /* output translation table */
+extern char mapin[MaxPathLen]; /* input map template */
+extern char mapout[MaxPathLen]; /* output map template */
+extern char typename[32]; /* name of file transfer type */
+extern int type; /* requested file transfer type */
+extern int curtype; /* current file transfer type */
+extern char structname[32]; /* name of file transfer structure */
+extern int stru; /* file transfer structure */
+extern char formname[32]; /* name of file transfer format */
+extern int form; /* file transfer format */
+extern char modename[32]; /* name of file transfer mode */
+extern int mode; /* file transfer mode */
+extern char bytename[32]; /* local byte size in ascii */
+extern int bytesize; /* local byte size in binary */
+
+extern char *hostname; /* name of host connected to */
+extern int unix_server; /* server is unix, can use binary for ascii */
+extern int unix_proxy; /* proxy is unix, can use binary for ascii */
+
+extern jmp_buf toplevel; /* non-local goto stuff for cmd scanner */
+
+extern char line[200]; /* input line buffer */
+extern char *stringbase; /* current scan point in line buffer */
+extern char argbuf[200]; /* argument storage buffer */
+extern char *argbase; /* current storage point in arg buffer */
+extern int margc; /* count of arguments on input line */
+extern char **margv; /* args parsed from input line */
+extern int margvlen; /* how large margv is currently */
+extern int cpend; /* flag: if != 0, then pending server reply */
+extern int mflag; /* flag: if != 0, then active multi command */
+
+extern int options; /* used during socket creation */
+
+/*
+ * Format of command table.
+ */
+struct cmd {
+ char *c_name; /* name of command */
+ char *c_help; /* help string */
+ char c_bell; /* give bell when command completes */
+ char c_conn; /* must be connected to use command */
+ char c_proxy; /* proxy server may execute */
+ void (*c_handler) (int, char **); /* function to call */
+};
+
+struct macel {
+ char mac_name[9]; /* macro name */
+ char *mac_start; /* start of macro in macbuf */
+ char *mac_end; /* end of macro in macbuf */
+};
+
+extern int macnum; /* number of defined macros */
+extern struct macel macros[16];
+extern char macbuf[4096];
+
+
diff --git a/crypto/kerberosIV/appl/ftp/ftp/globals.c b/crypto/kerberosIV/appl/ftp/ftp/globals.c
new file mode 100644
index 0000000..7199e65
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/globals.c
@@ -0,0 +1,76 @@
+#include "ftp_locl.h"
+RCSID("$Id: globals.c,v 1.6 1996/08/26 22:46:26 assar Exp $");
+
+/*
+ * Options and other state info.
+ */
+int trace; /* trace packets exchanged */
+int hash; /* print # for each buffer transferred */
+int sendport; /* use PORT cmd for each data connection */
+int verbose; /* print messages coming back from server */
+int connected; /* connected to server */
+int fromatty; /* input is from a terminal */
+int interactive; /* interactively prompt on m* cmds */
+int debug; /* debugging level */
+int bell; /* ring bell on cmd completion */
+int doglob; /* glob local file names */
+int autologin; /* establish user account on connection */
+int proxy; /* proxy server connection active */
+int proxflag; /* proxy connection exists */
+int sunique; /* store files on server with unique name */
+int runique; /* store local files with unique name */
+int mcase; /* map upper to lower case for mget names */
+int ntflag; /* use ntin ntout tables for name translation */
+int mapflag; /* use mapin mapout templates on file names */
+int code; /* return/reply code for ftp command */
+int crflag; /* if 1, strip car. rets. on ascii gets */
+char pasv[64]; /* passive port for proxy data connection */
+int passivemode; /* passive mode enabled */
+char *altarg; /* argv[1] with no shell-like preprocessing */
+char ntin[17]; /* input translation table */
+char ntout[17]; /* output translation table */
+char mapin[MaxPathLen]; /* input map template */
+char mapout[MaxPathLen]; /* output map template */
+char typename[32]; /* name of file transfer type */
+int type; /* requested file transfer type */
+int curtype; /* current file transfer type */
+char structname[32]; /* name of file transfer structure */
+int stru; /* file transfer structure */
+char formname[32]; /* name of file transfer format */
+int form; /* file transfer format */
+char modename[32]; /* name of file transfer mode */
+int mode; /* file transfer mode */
+char bytename[32]; /* local byte size in ascii */
+int bytesize; /* local byte size in binary */
+
+char *hostname; /* name of host connected to */
+int unix_server; /* server is unix, can use binary for ascii */
+int unix_proxy; /* proxy is unix, can use binary for ascii */
+
+jmp_buf toplevel; /* non-local goto stuff for cmd scanner */
+
+char line[200]; /* input line buffer */
+char *stringbase; /* current scan point in line buffer */
+char argbuf[200]; /* argument storage buffer */
+char *argbase; /* current storage point in arg buffer */
+int margc; /* count of arguments on input line */
+char **margv; /* args parsed from input line */
+int margvlen; /* how large margv is currently */
+int cpend; /* flag: if != 0, then pending server reply */
+int mflag; /* flag: if != 0, then active multi command */
+
+int options; /* used during socket creation */
+
+/*
+ * Format of command table.
+ */
+
+int macnum; /* number of defined macros */
+struct macel macros[16];
+char macbuf[4096];
+
+char username[32];
+
+/* these are set in ruserpass */
+char myhostname[MaxHostNameLen];
+char *mydomain;
diff --git a/crypto/kerberosIV/appl/ftp/ftp/kauth.c b/crypto/kerberosIV/appl/ftp/ftp/kauth.c
new file mode 100644
index 0000000..8bc9b9b
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/kauth.c
@@ -0,0 +1,145 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ftp_locl.h"
+RCSID("$Id: kauth.c,v 1.14 1997/05/11 04:08:04 assar Exp $");
+
+void kauth(int argc, char **argv)
+{
+ int ret;
+ char buf[1024];
+ des_cblock key;
+ des_key_schedule schedule;
+ KTEXT_ST tkt, tktcopy;
+ char *name;
+ char *p;
+ int overbose;
+ char passwd[100];
+ int tmp;
+
+ if(argc > 2){
+ printf("usage: %s [principal]\n", argv[0]);
+ code = -1;
+ return;
+ }
+ if(argc == 2)
+ name = argv[1];
+ else
+ name = username;
+
+ overbose = verbose;
+ verbose = 0;
+
+ ret = command("SITE KAUTH %s", name);
+ if(ret != CONTINUE){
+ verbose = overbose;
+ code = -1;
+ return;
+ }
+ verbose = overbose;
+ p = strstr(reply_string, "T=");
+ if(!p){
+ printf("Bad reply from server.\n");
+ code = -1;
+ return;
+ }
+ p += 2;
+ tmp = base64_decode(p, &tkt.dat);
+ if(tmp < 0){
+ printf("Failed to decode base64 in reply.\n");
+ code = -1;
+ return;
+ }
+ tkt.length = tmp;
+ tktcopy.length = tkt.length;
+
+ p = strstr(reply_string, "P=");
+ if(!p){
+ printf("Bad reply from server.\n");
+ verbose = overbose;
+ code = -1;
+ return;
+ }
+ name = p + 2;
+ for(; *p && *p != ' ' && *p != '\r' && *p != '\n'; p++);
+ *p = 0;
+
+ snprintf(buf, sizeof(buf), "Password for %s:", name);
+ if (des_read_pw_string (passwd, sizeof(passwd)-1, buf, 0))
+ *passwd = '\0';
+ des_string_to_key (passwd, &key);
+
+ des_key_sched(&key, schedule);
+
+ des_pcbc_encrypt((des_cblock*)tkt.dat, (des_cblock*)tktcopy.dat,
+ tkt.length,
+ schedule, &key, DES_DECRYPT);
+ if (strcmp ((char*)tktcopy.dat + 8,
+ KRB_TICKET_GRANTING_TICKET) != 0) {
+ afs_string_to_key (passwd, krb_realmofhost(hostname), &key);
+ des_key_sched (&key, schedule);
+ des_pcbc_encrypt((des_cblock*)tkt.dat, (des_cblock*)tktcopy.dat,
+ tkt.length,
+ schedule, &key, DES_DECRYPT);
+ }
+ memset(key, 0, sizeof(key));
+ memset(schedule, 0, sizeof(schedule));
+ memset(passwd, 0, sizeof(passwd));
+ base64_encode(tktcopy.dat, tktcopy.length, &p);
+ memset (tktcopy.dat, 0, tktcopy.length);
+ ret = command("SITE KAUTH %s %s", name, p);
+ free(p);
+ if(ret != COMPLETE){
+ code = -1;
+ return;
+ }
+ code = 0;
+}
+
+void klist(int argc, char **argv)
+{
+ int ret;
+ if(argc != 1){
+ printf("usage: %s\n", argv[0]);
+ code = -1;
+ return;
+ }
+
+ ret = command("SITE KLIST");
+ code = (ret == COMPLETE);
+}
diff --git a/crypto/kerberosIV/appl/ftp/ftp/krb4.c b/crypto/kerberosIV/appl/ftp/ftp/krb4.c
new file mode 100644
index 0000000..872c5bc
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/krb4.c
@@ -0,0 +1,567 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ftp_locl.h"
+
+RCSID("$Id: krb4.c,v 1.18 1997/05/11 04:08:05 assar Exp $");
+
+static KTEXT_ST krb4_adat;
+
+static des_cblock key;
+static des_key_schedule schedule;
+
+static char *data_buffer;
+
+extern struct sockaddr_in hisctladdr, myctladdr;
+
+int auth_complete;
+
+static int command_prot;
+
+static int auth_pbsz;
+static int data_prot;
+
+static int request_data_prot;
+
+
+static struct {
+ int level;
+ char *name;
+} level_names[] = {
+ { prot_clear, "clear" },
+ { prot_safe, "safe" },
+ { prot_confidential, "confidential" },
+ { prot_private, "private" }
+};
+
+static char *level_to_name(int level)
+{
+ int i;
+ for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++)
+ if(level_names[i].level == level)
+ return level_names[i].name;
+ return "unknown";
+}
+
+static int name_to_level(char *name)
+{
+ int i;
+ for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++)
+ if(!strncasecmp(level_names[i].name, name, strlen(name)))
+ return level_names[i].level;
+ return -1;
+}
+
+void sec_status(void)
+{
+ if(auth_complete){
+ printf("Using KERBEROS_V4 for authentication.\n");
+
+ command_prot = prot_private; /* this variable is not used */
+
+ printf("Using %s command channel.\n",
+ level_to_name(command_prot));
+
+ printf("Using %s data channel.\n",
+ level_to_name(data_prot));
+ if(auth_pbsz > 0)
+ printf("Protection buffer size: %d.\n", auth_pbsz);
+ }else{
+ printf("Not using any security mechanism.\n");
+ }
+}
+
+static int
+sec_prot_internal(int level)
+{
+ int ret;
+ char *p;
+ int s = 1048576;
+
+ int old_verbose = verbose;
+ verbose = 0;
+
+ if(!auth_complete){
+ printf("No security data exchange has taken place.\n");
+ return -1;
+ }
+
+ if(level){
+ ret = command("PBSZ %d", s);
+ if(ret != COMPLETE){
+ printf("Failed to set protection buffer size.\n");
+ return -1;
+ }
+ auth_pbsz = s;
+ p = strstr(reply_string, "PBSZ=");
+ if(p)
+ sscanf(p, "PBSZ=%d", &s);
+ if(s < auth_pbsz)
+ auth_pbsz = s;
+ if(data_buffer)
+ free(data_buffer);
+ data_buffer = malloc(auth_pbsz);
+ }
+ verbose = old_verbose;
+ ret = command("PROT %c", level["CSEP"]); /* XXX :-) */
+ if(ret != COMPLETE){
+ printf("Failed to set protection level.\n");
+ return -1;
+ }
+
+ data_prot = level;
+ return 0;
+}
+
+
+void
+sec_prot(int argc, char **argv)
+{
+ int level = -1;
+
+ if(argc != 2){
+ printf("usage: %s (clear | safe | confidential | private)\n",
+ argv[0]);
+ code = -1;
+ return;
+ }
+ if(!auth_complete){
+ printf("No security data exchange has taken place.\n");
+ code = -1;
+ return;
+ }
+ level = name_to_level(argv[1]);
+
+ if(level == -1){
+ printf("usage: %s (clear | safe | confidential | private)\n",
+ argv[0]);
+ code = -1;
+ return;
+ }
+
+ if(level == prot_confidential){
+ printf("Confidential protection is not defined with Kerberos.\n");
+ code = -1;
+ return;
+ }
+
+ if(sec_prot_internal(level) < 0){
+ code = -1;
+ return;
+ }
+ code = 0;
+}
+
+void
+sec_set_protection_level(void)
+{
+ if(auth_complete && data_prot != request_data_prot)
+ sec_prot_internal(request_data_prot);
+}
+
+
+int
+sec_request_prot(char *level)
+{
+ int l = name_to_level(level);
+ if(l == -1)
+ return -1;
+ request_data_prot = l;
+ return 0;
+}
+
+
+int sec_getc(FILE *F)
+{
+ if(auth_complete && data_prot)
+ return krb4_getc(F);
+ else
+ return getc(F);
+}
+
+int sec_read(int fd, void *data, int length)
+{
+ if(auth_complete && data_prot)
+ return krb4_read(fd, data, length);
+ else
+ return read(fd, data, length);
+}
+
+static int
+krb4_recv(int fd)
+{
+ int len;
+ MSG_DAT m;
+ int kerror;
+
+ krb_net_read(fd, &len, sizeof(len));
+ len = ntohl(len);
+ krb_net_read(fd, data_buffer, len);
+ if(data_prot == prot_safe)
+ kerror = krb_rd_safe(data_buffer, len, &key,
+ &hisctladdr, &myctladdr, &m);
+ else
+ kerror = krb_rd_priv(data_buffer, len, schedule, &key,
+ &hisctladdr, &myctladdr, &m);
+ if(kerror){
+ return -1;
+ }
+ memmove(data_buffer, m.app_data, m.app_length);
+ return m.app_length;
+}
+
+
+int krb4_getc(FILE *F)
+{
+ static int bytes;
+ static int index;
+ if(bytes == 0){
+ bytes = krb4_recv(fileno(F));
+ index = 0;
+ }
+ if(bytes){
+ bytes--;
+ return (unsigned char)data_buffer[index++];
+ }
+ return EOF;
+}
+
+int krb4_read(int fd, char *data, int length)
+{
+ static int left;
+ static int index;
+ static int eof;
+ int len = left;
+ int rx = 0;
+
+ if(eof){
+ eof = 0;
+ return 0;
+ }
+
+ if(left){
+ if(length < len)
+ len = length;
+ memmove(data, data_buffer + index, len);
+ length -= len;
+ index += len;
+ rx += len;
+ left -= len;
+ }
+
+ while(length){
+ len = krb4_recv(fd);
+ if(len == 0){
+ if(rx)
+ eof = 1;
+ return rx;
+ }
+ if(len > length){
+ left = len - length;
+ len = index = length;
+ }
+ memmove(data, data_buffer, len);
+ length -= len;
+ data += len;
+ rx += len;
+ }
+ return rx;
+}
+
+
+static int
+krb4_encode(char *from, char *to, int length)
+{
+ if(data_prot == prot_safe)
+ return krb_mk_safe(from, to, length, &key,
+ &myctladdr, &hisctladdr);
+ else
+ return krb_mk_priv(from, to, length, schedule, &key,
+ &myctladdr, &hisctladdr);
+}
+
+static int
+krb4_overhead(int len)
+{
+ if(data_prot == prot_safe)
+ return 31;
+ else
+ return 26;
+}
+
+static char p_buf[1024];
+static int p_index;
+
+int
+sec_putc(int c, FILE *F)
+{
+ if(data_prot){
+ if((c == '\n' && p_index) || p_index == sizeof(p_buf)){
+ sec_write(fileno(F), p_buf, p_index);
+ p_index = 0;
+ }
+ p_buf[p_index++] = c;
+ return c;
+ }
+ return putc(c, F);
+}
+
+static int
+sec_send(int fd, char *from, int length)
+{
+ int bytes;
+ bytes = krb4_encode(from, data_buffer, length);
+ bytes = htonl(bytes);
+ krb_net_write(fd, &bytes, sizeof(bytes));
+ krb_net_write(fd, data_buffer, ntohl(bytes));
+ return length;
+}
+
+int
+sec_fflush(FILE *F)
+{
+ if(data_prot){
+ if(p_index){
+ sec_write(fileno(F), p_buf, p_index);
+ p_index = 0;
+ }
+ sec_send(fileno(F), NULL, 0);
+ }
+ fflush(F);
+ return 0;
+}
+
+int
+sec_write(int fd, char *data, int length)
+{
+ int len = auth_pbsz;
+ int tx = 0;
+
+ if(data_prot == prot_clear)
+ return write(fd, data, length);
+
+ len -= krb4_overhead(len);
+ while(length){
+ if(length < len)
+ len = length;
+ sec_send(fd, data, len);
+ length -= len;
+ data += len;
+ tx += len;
+ }
+ return tx;
+}
+
+static int
+do_auth(char *service, char *host, int checksum)
+{
+ int ret;
+ CREDENTIALS cred;
+ char sname[SNAME_SZ], inst[INST_SZ], realm[REALM_SZ];
+ strcpy(sname, service);
+ strcpy(inst, krb_get_phost(host));
+ strcpy(realm, krb_realmofhost(host));
+ ret = krb_mk_req(&krb4_adat, sname, inst, realm, checksum);
+ if(ret)
+ return ret;
+ strcpy(sname, service);
+ strcpy(inst, krb_get_phost(host));
+ strcpy(realm, krb_realmofhost(host));
+ ret = krb_get_cred(sname, inst, realm, &cred);
+ memmove(&key, &cred.session, sizeof(des_cblock));
+ des_key_sched(&key, schedule);
+ memset(&cred, 0, sizeof(cred));
+ return ret;
+}
+
+
+int
+do_klogin(char *host)
+{
+ int ret;
+ char *p;
+ int len;
+ char adat[1024];
+ MSG_DAT msg_data;
+ int checksum;
+
+ int old_verbose = verbose;
+
+ verbose = 0;
+ printf("Trying KERBEROS_V4...\n");
+ ret = command("AUTH KERBEROS_V4");
+ if(ret != CONTINUE){
+ if(code == 504){
+ printf("Kerberos 4 is not supported by the server.\n");
+ }else if(code == 534){
+ printf("KERBEROS_V4 rejected as security mechanism.\n");
+ }else if(ret == ERROR)
+ printf("The server doesn't understand the FTP "
+ "security extensions.\n");
+ verbose = old_verbose;
+ return -1;
+ }
+
+ checksum = getpid();
+ ret = do_auth("ftp", host, checksum);
+ if(ret == KDC_PR_UNKNOWN)
+ ret = do_auth("rcmd", host, checksum);
+ if(ret){
+ printf("%s\n", krb_get_err_text(ret));
+ verbose = old_verbose;
+ return ret;
+ }
+
+ base64_encode(krb4_adat.dat, krb4_adat.length, &p);
+ ret = command("ADAT %s", p);
+ free(p);
+
+ if(ret != COMPLETE){
+ printf("Server didn't accept auth data.\n");
+ verbose = old_verbose;
+ return -1;
+ }
+
+ p = strstr(reply_string, "ADAT=");
+ if(!p){
+ printf("Remote host didn't send adat reply.\n");
+ verbose = old_verbose;
+ return -1;
+ }
+ p+=5;
+ len = base64_decode(p, adat);
+ if(len < 0){
+ printf("Failed to decode base64 from server.\n");
+ verbose = old_verbose;
+ return -1;
+ }
+ ret = krb_rd_safe(adat, len, &key,
+ &hisctladdr, &myctladdr, &msg_data);
+ if(ret){
+ printf("Error reading reply from server: %s.\n",
+ krb_get_err_text(ret));
+ verbose = old_verbose;
+ return -1;
+ }
+ {
+ /* the draft doesn't tell what size the return has */
+ int i;
+ u_int32_t cs = 0;
+ for(i = 0; i < msg_data.app_length; i++)
+ cs = (cs<<8) + msg_data.app_data[i];
+ if(cs - checksum != 1){
+ printf("Bad checksum returned from server.\n");
+ verbose = old_verbose;
+ return -1;
+ }
+ }
+ auth_complete = 1;
+ verbose = old_verbose;
+ return 0;
+}
+
+void
+krb4_quit(void)
+{
+ auth_complete = 0;
+}
+
+int krb4_write_enc(FILE *F, char *fmt, va_list ap)
+{
+ int len;
+ char *p;
+ char buf[1024];
+ char enc[1024];
+
+ vsnprintf(buf, sizeof(buf), fmt, ap);
+ len = krb_mk_priv(buf, enc, strlen(buf), schedule, &key,
+ &myctladdr, &hisctladdr);
+ base64_encode(enc, len, &p);
+
+ fprintf(F, "ENC %s", p);
+ free (p);
+ return 0;
+}
+
+
+int krb4_read_msg(char *s, int priv)
+{
+ int len;
+ int ret;
+ char buf[1024];
+ MSG_DAT m;
+ int code;
+
+ len = base64_decode(s + 4, buf);
+ if(priv)
+ ret = krb_rd_priv(buf, len, schedule, &key,
+ &hisctladdr, &myctladdr, &m);
+ else
+ ret = krb_rd_safe(buf, len, &key, &hisctladdr, &myctladdr, &m);
+ if(ret){
+ printf("%s\n", krb_get_err_text(ret));
+ return -1;
+ }
+
+ m.app_data[m.app_length] = 0;
+ if(m.app_data[3] == '-')
+ code = 0;
+ else
+ sscanf((char*)m.app_data, "%d", &code);
+ strncpy(s, (char*)m.app_data, strlen((char*)m.app_data));
+
+ s[m.app_length] = 0;
+ len = strlen(s);
+ if(s[len-1] == '\n')
+ s[len-1] = 0;
+
+ return code;
+}
+
+int
+krb4_read_mic(char *s)
+{
+ return krb4_read_msg(s, 0);
+}
+
+int
+krb4_read_enc(char *s)
+{
+ return krb4_read_msg(s, 1);
+}
+
diff --git a/crypto/kerberosIV/appl/ftp/ftp/krb4.h b/crypto/kerberosIV/appl/ftp/ftp/krb4.h
new file mode 100644
index 0000000..7cf8cec
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/krb4.h
@@ -0,0 +1,81 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: krb4.h,v 1.10 1997/04/01 08:17:22 joda Exp $ */
+
+#ifndef __KRB4_H__
+#define __KRB4_H__
+
+#include <stdio.h>
+#include <stdarg.h>
+
+extern int auth_complete;
+
+void sec_status(void);
+
+enum { prot_clear, prot_safe, prot_confidential, prot_private };
+
+void sec_prot(int, char**);
+
+int sec_getc(FILE *F);
+int sec_putc(int c, FILE *F);
+int sec_fflush(FILE *F);
+int sec_read(int fd, void *data, int length);
+int sec_write(int fd, char *data, int length);
+
+int krb4_getc(FILE *F);
+int krb4_read(int fd, char *data, int length);
+
+
+
+void sec_set_protection_level(void);
+int sec_request_prot(char *level);
+
+void kauth(int, char **);
+void klist(int, char **);
+
+void krb4_quit(void);
+
+int krb4_write_enc(FILE *F, char *fmt, va_list ap);
+int krb4_read_msg(char *s, int priv);
+int krb4_read_mic(char *s);
+int krb4_read_enc(char *s);
+
+int do_klogin(char *host);
+
+#endif /* __KRB4_H__ */
diff --git a/crypto/kerberosIV/appl/ftp/ftp/main.c b/crypto/kerberosIV/appl/ftp/ftp/main.c
new file mode 100644
index 0000000..4d1b6a5
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/main.c
@@ -0,0 +1,542 @@
+/*
+ * Copyright (c) 1985, 1989, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * FTP User Program -- Command Interface.
+ */
+
+#include "ftp_locl.h"
+RCSID("$Id: main.c,v 1.20 1997/04/20 16:14:55 joda Exp $");
+
+int
+main(int argc, char **argv)
+{
+ int ch, top;
+ struct passwd *pw = NULL;
+ char homedir[MaxPathLen];
+ struct servent *sp;
+
+ set_progname(argv[0]);
+
+ sp = getservbyname("ftp", "tcp");
+ if (sp == 0)
+ errx(1, "ftp/tcp: unknown service");
+ doglob = 1;
+ interactive = 1;
+ autologin = 1;
+
+ while ((ch = getopt(argc, argv, "dgintv")) != EOF) {
+ switch (ch) {
+ case 'd':
+ options |= SO_DEBUG;
+ debug++;
+ break;
+
+ case 'g':
+ doglob = 0;
+ break;
+
+ case 'i':
+ interactive = 0;
+ break;
+
+ case 'n':
+ autologin = 0;
+ break;
+
+ case 't':
+ trace++;
+ break;
+
+ case 'v':
+ verbose++;
+ break;
+
+ default:
+ fprintf(stderr,
+ "usage: ftp [-dgintv] [host [port]]\n");
+ exit(1);
+ }
+ }
+ argc -= optind;
+ argv += optind;
+
+ fromatty = isatty(fileno(stdin));
+ if (fromatty)
+ verbose++;
+ cpend = 0; /* no pending replies */
+ proxy = 0; /* proxy not active */
+ passivemode = 0; /* passive mode not active */
+ crflag = 1; /* strip c.r. on ascii gets */
+ sendport = -1; /* not using ports */
+ /*
+ * Set up the home directory in case we're globbing.
+ */
+ pw = k_getpwuid(getuid());
+ if (pw != NULL) {
+ home = homedir;
+ strcpy(home, pw->pw_dir);
+ }
+ if (argc > 0) {
+ char *xargv[5];
+
+ if (setjmp(toplevel))
+ exit(0);
+ signal(SIGINT, intr);
+ signal(SIGPIPE, lostpeer);
+ xargv[0] = (char*)__progname;
+ xargv[1] = argv[0];
+ xargv[2] = argv[1];
+ xargv[3] = argv[2];
+ xargv[4] = NULL;
+ setpeer(argc+1, xargv);
+ }
+ if(setjmp(toplevel) == 0)
+ top = 1;
+ else
+ top = 0;
+ if (top) {
+ signal(SIGINT, intr);
+ signal(SIGPIPE, lostpeer);
+ }
+ for (;;) {
+ cmdscanner(top);
+ top = 1;
+ }
+}
+
+void
+intr(int sig)
+{
+
+ longjmp(toplevel, 1);
+}
+
+#ifndef SHUT_RDWR
+#define SHUT_RDWR 2
+#endif
+
+RETSIGTYPE
+lostpeer(int sig)
+{
+
+ if (connected) {
+ if (cout != NULL) {
+ shutdown(fileno(cout), SHUT_RDWR);
+ fclose(cout);
+ cout = NULL;
+ }
+ if (data >= 0) {
+ shutdown(data, SHUT_RDWR);
+ close(data);
+ data = -1;
+ }
+ connected = 0;
+ }
+ pswitch(1);
+ if (connected) {
+ if (cout != NULL) {
+ shutdown(fileno(cout), SHUT_RDWR);
+ fclose(cout);
+ cout = NULL;
+ }
+ connected = 0;
+ }
+ proxflag = 0;
+ pswitch(0);
+ SIGRETURN(0);
+}
+
+/*
+char *
+tail(filename)
+ char *filename;
+{
+ char *s;
+
+ while (*filename) {
+ s = strrchr(filename, '/');
+ if (s == NULL)
+ break;
+ if (s[1])
+ return (s + 1);
+ *s = '\0';
+ }
+ return (filename);
+}
+*/
+
+#ifndef HAVE_READLINE
+
+static char *
+readline(char *prompt)
+{
+ char buf[BUFSIZ];
+ printf ("%s", prompt);
+ fflush (stdout);
+ if(fgets(buf, sizeof(buf), stdin) == NULL)
+ return NULL;
+ if (buf[strlen(buf) - 1] == '\n')
+ buf[strlen(buf) - 1] = '\0';
+ return strdup(buf);
+}
+
+static void
+add_history(char *p)
+{
+}
+
+#else
+
+/* These should not really be here */
+
+char *readline(char *);
+void add_history(char *);
+
+#endif
+
+/*
+ * Command parser.
+ */
+void
+cmdscanner(int top)
+{
+ struct cmd *c;
+ int l;
+
+ if (!top)
+ putchar('\n');
+ for (;;) {
+ if (fromatty) {
+ char *p;
+ p = readline("ftp> ");
+ if(p == NULL)
+ quit(0, 0);
+ strncpy(line, p, sizeof(line));
+ line[sizeof(line) - 1] = 0;
+ add_history(p);
+ free(p);
+ } else{
+ if (fgets(line, sizeof line, stdin) == NULL)
+ quit(0, 0);
+ }
+ /* XXX will break on long lines */
+ l = strlen(line);
+ if (l == 0)
+ break;
+ if (line[--l] == '\n') {
+ if (l == 0)
+ break;
+ line[l] = '\0';
+ } else if (l == sizeof(line) - 2) {
+ printf("sorry, input line too long\n");
+ while ((l = getchar()) != '\n' && l != EOF)
+ /* void */;
+ break;
+ } /* else it was a line without a newline */
+ makeargv();
+ if (margc == 0) {
+ continue;
+ }
+ c = getcmd(margv[0]);
+ if (c == (struct cmd *)-1) {
+ printf("?Ambiguous command\n");
+ continue;
+ }
+ if (c == 0) {
+ printf("?Invalid command\n");
+ continue;
+ }
+ if (c->c_conn && !connected) {
+ printf("Not connected.\n");
+ continue;
+ }
+ (*c->c_handler)(margc, margv);
+ if (bell && c->c_bell)
+ putchar('\007');
+ if (c->c_handler != help)
+ break;
+ }
+ signal(SIGINT, intr);
+ signal(SIGPIPE, lostpeer);
+}
+
+struct cmd *
+getcmd(char *name)
+{
+ char *p, *q;
+ struct cmd *c, *found;
+ int nmatches, longest;
+
+ longest = 0;
+ nmatches = 0;
+ found = 0;
+ for (c = cmdtab; (p = c->c_name); c++) {
+ for (q = name; *q == *p++; q++)
+ if (*q == 0) /* exact match? */
+ return (c);
+ if (!*q) { /* the name was a prefix */
+ if (q - name > longest) {
+ longest = q - name;
+ nmatches = 1;
+ found = c;
+ } else if (q - name == longest)
+ nmatches++;
+ }
+ }
+ if (nmatches > 1)
+ return ((struct cmd *)-1);
+ return (found);
+}
+
+/*
+ * Slice a string up into argc/argv.
+ */
+
+int slrflag;
+
+void
+makeargv(void)
+{
+ char **argp;
+
+ argp = margv;
+ stringbase = line; /* scan from first of buffer */
+ argbase = argbuf; /* store from first of buffer */
+ slrflag = 0;
+ for (margc = 0; ; margc++) {
+ /* Expand array if necessary */
+ if (margc == margvlen) {
+ margv = (margvlen == 0)
+ ? (char **)malloc(20 * sizeof(char *))
+ : (char **)realloc(margv,
+ (margvlen + 20)*sizeof(char *));
+ if (margv == NULL)
+ errx(1, "cannot realloc argv array");
+ margvlen += 20;
+ argp = margv + margc;
+ }
+
+ if ((*argp++ = slurpstring()) == NULL)
+ break;
+ }
+
+}
+
+/*
+ * Parse string into argbuf;
+ * implemented with FSM to
+ * handle quoting and strings
+ */
+char *
+slurpstring(void)
+{
+ int got_one = 0;
+ char *sb = stringbase;
+ char *ap = argbase;
+ char *tmp = argbase; /* will return this if token found */
+
+ if (*sb == '!' || *sb == '$') { /* recognize ! as a token for shell */
+ switch (slrflag) { /* and $ as token for macro invoke */
+ case 0:
+ slrflag++;
+ stringbase++;
+ return ((*sb == '!') ? "!" : "$");
+ /* NOTREACHED */
+ case 1:
+ slrflag++;
+ altarg = stringbase;
+ break;
+ default:
+ break;
+ }
+ }
+
+S0:
+ switch (*sb) {
+
+ case '\0':
+ goto OUT;
+
+ case ' ':
+ case '\t':
+ sb++; goto S0;
+
+ default:
+ switch (slrflag) {
+ case 0:
+ slrflag++;
+ break;
+ case 1:
+ slrflag++;
+ altarg = sb;
+ break;
+ default:
+ break;
+ }
+ goto S1;
+ }
+
+S1:
+ switch (*sb) {
+
+ case ' ':
+ case '\t':
+ case '\0':
+ goto OUT; /* end of token */
+
+ case '\\':
+ sb++; goto S2; /* slurp next character */
+
+ case '"':
+ sb++; goto S3; /* slurp quoted string */
+
+ default:
+ *ap++ = *sb++; /* add character to token */
+ got_one = 1;
+ goto S1;
+ }
+
+S2:
+ switch (*sb) {
+
+ case '\0':
+ goto OUT;
+
+ default:
+ *ap++ = *sb++;
+ got_one = 1;
+ goto S1;
+ }
+
+S3:
+ switch (*sb) {
+
+ case '\0':
+ goto OUT;
+
+ case '"':
+ sb++; goto S1;
+
+ default:
+ *ap++ = *sb++;
+ got_one = 1;
+ goto S3;
+ }
+
+OUT:
+ if (got_one)
+ *ap++ = '\0';
+ argbase = ap; /* update storage pointer */
+ stringbase = sb; /* update scan pointer */
+ if (got_one) {
+ return (tmp);
+ }
+ switch (slrflag) {
+ case 0:
+ slrflag++;
+ break;
+ case 1:
+ slrflag++;
+ altarg = (char *) 0;
+ break;
+ default:
+ break;
+ }
+ return NULL;
+}
+
+#define HELPINDENT ((int) sizeof ("directory"))
+
+/*
+ * Help command.
+ * Call each command handler with argc == 0 and argv[0] == name.
+ */
+void
+help(int argc, char **argv)
+{
+ struct cmd *c;
+
+ if (argc == 1) {
+ int i, j, w, k;
+ int columns, width = 0, lines;
+
+ printf("Commands may be abbreviated. Commands are:\n\n");
+ for (c = cmdtab; c < &cmdtab[NCMDS]; c++) {
+ int len = strlen(c->c_name);
+
+ if (len > width)
+ width = len;
+ }
+ width = (width + 8) &~ 7;
+ columns = 80 / width;
+ if (columns == 0)
+ columns = 1;
+ lines = (NCMDS + columns - 1) / columns;
+ for (i = 0; i < lines; i++) {
+ for (j = 0; j < columns; j++) {
+ c = cmdtab + j * lines + i;
+ if (c->c_name && (!proxy || c->c_proxy)) {
+ printf("%s", c->c_name);
+ }
+ else if (c->c_name) {
+ for (k=0; k < strlen(c->c_name); k++) {
+ putchar(' ');
+ }
+ }
+ if (c + lines >= &cmdtab[NCMDS]) {
+ printf("\n");
+ break;
+ }
+ w = strlen(c->c_name);
+ while (w < width) {
+ w = (w + 8) &~ 7;
+ putchar('\t');
+ }
+ }
+ }
+ return;
+ }
+ while (--argc > 0) {
+ char *arg;
+ arg = *++argv;
+ c = getcmd(arg);
+ if (c == (struct cmd *)-1)
+ printf("?Ambiguous help command %s\n", arg);
+ else if (c == (struct cmd *)0)
+ printf("?Invalid help command %s\n", arg);
+ else
+ printf("%-*s\t%s\n", HELPINDENT,
+ c->c_name, c->c_help);
+ }
+}
diff --git a/crypto/kerberosIV/appl/ftp/ftp/pathnames.h b/crypto/kerberosIV/appl/ftp/ftp/pathnames.h
new file mode 100644
index 0000000..f7c1fb3
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/pathnames.h
@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 1989, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)pathnames.h 8.1 (Berkeley) 6/6/93
+ */
+
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+
+#define _PATH_TMP_XXX "/tmp/ftpXXXXXX"
+
+#ifndef _PATH_BSHELL
+#define _PATH_BSHELL "/bin/sh"
+#endif
diff --git a/crypto/kerberosIV/appl/ftp/ftp/ruserpass.c b/crypto/kerberosIV/appl/ftp/ftp/ruserpass.c
new file mode 100644
index 0000000..8cea6d4
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/ruserpass.c
@@ -0,0 +1,274 @@
+/*
+ * Copyright (c) 1985, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ftp_locl.h"
+RCSID("$Id: ruserpass.c,v 1.10 1997/05/02 14:27:55 assar Exp $");
+
+static int token (void);
+static FILE *cfile;
+
+#define DEFAULT 1
+#define LOGIN 2
+#define PASSWD 3
+#define ACCOUNT 4
+#define MACDEF 5
+#define PROT 6
+#define ID 10
+#define MACH 11
+
+static char tokval[100];
+
+static struct toktab {
+ char *tokstr;
+ int tval;
+} toktab[]= {
+ { "default", DEFAULT },
+ { "login", LOGIN },
+ { "password", PASSWD },
+ { "passwd", PASSWD },
+ { "account", ACCOUNT },
+ { "machine", MACH },
+ { "macdef", MACDEF },
+ { "prot", PROT },
+ { NULL, 0 }
+};
+
+int
+ruserpass(char *host, char **aname, char **apass, char **aacct)
+{
+ char *hdir, buf[BUFSIZ], *tmp;
+ int t, i, c, usedefault = 0;
+ struct stat stb;
+
+ if(k_gethostname(myhostname, MaxHostNameLen) < 0)
+ strcpy(myhostname, "");
+ if((mydomain = strchr(myhostname, '.')) == NULL)
+ mydomain = myhostname;
+ else
+ mydomain++;
+ hdir = getenv("HOME");
+ if (hdir == NULL)
+ hdir = ".";
+ snprintf(buf, sizeof(buf), "%s/.netrc", hdir);
+ cfile = fopen(buf, "r");
+ if (cfile == NULL) {
+ if (errno != ENOENT)
+ warn("%s", buf);
+ return (0);
+ }
+
+next:
+ while ((t = token())) switch(t) {
+
+ case DEFAULT:
+ usedefault = 1;
+ /* FALL THROUGH */
+
+ case MACH:
+ if (!usedefault) {
+ if (token() != ID)
+ continue;
+ /*
+ * Allow match either for user's input host name
+ * or official hostname. Also allow match of
+ * incompletely-specified host in local domain.
+ */
+ if (strcasecmp(host, tokval) == 0)
+ goto match;
+ if (strcasecmp(hostname, tokval) == 0)
+ goto match;
+ if ((tmp = strchr(hostname, '.')) != NULL &&
+ tmp++ &&
+ strcasecmp(tmp, mydomain) == 0 &&
+ strncasecmp(hostname, tokval, tmp-hostname) == 0 &&
+ tokval[tmp - hostname] == '\0')
+ goto match;
+ if ((tmp = strchr(host, '.')) != NULL &&
+ tmp++ &&
+ strcasecmp(tmp, mydomain) == 0 &&
+ strncasecmp(host, tokval, tmp - host) == 0 &&
+ tokval[tmp - host] == '\0')
+ goto match;
+ continue;
+ }
+ match:
+ while ((t = token()) && t != MACH && t != DEFAULT) switch(t) {
+
+ case LOGIN:
+ if (token())
+ if (*aname == 0) {
+ *aname = strdup(tokval);
+ } else {
+ if (strcmp(*aname, tokval))
+ goto next;
+ }
+ break;
+ case PASSWD:
+ if ((*aname == NULL || strcmp(*aname, "anonymous")) &&
+ fstat(fileno(cfile), &stb) >= 0 &&
+ (stb.st_mode & 077) != 0) {
+ warnx("Error: .netrc file is readable by others.");
+ warnx("Remove password or make file unreadable by others.");
+ goto bad;
+ }
+ if (token() && *apass == 0) {
+ *apass = strdup(tokval);
+ }
+ break;
+ case ACCOUNT:
+ if (fstat(fileno(cfile), &stb) >= 0
+ && (stb.st_mode & 077) != 0) {
+ warnx("Error: .netrc file is readable by others.");
+ warnx("Remove account or make file unreadable by others.");
+ goto bad;
+ }
+ if (token() && *aacct == 0) {
+ *aacct = strdup(tokval);
+ }
+ break;
+ case MACDEF:
+ if (proxy) {
+ fclose(cfile);
+ return (0);
+ }
+ while ((c=getc(cfile)) != EOF && c == ' ' || c == '\t');
+ if (c == EOF || c == '\n') {
+ printf("Missing macdef name argument.\n");
+ goto bad;
+ }
+ if (macnum == 16) {
+ printf("Limit of 16 macros have already been defined\n");
+ goto bad;
+ }
+ tmp = macros[macnum].mac_name;
+ *tmp++ = c;
+ for (i=0; i < 8 && (c=getc(cfile)) != EOF &&
+ !isspace(c); ++i) {
+ *tmp++ = c;
+ }
+ if (c == EOF) {
+ printf("Macro definition missing null line terminator.\n");
+ goto bad;
+ }
+ *tmp = '\0';
+ if (c != '\n') {
+ while ((c=getc(cfile)) != EOF && c != '\n');
+ }
+ if (c == EOF) {
+ printf("Macro definition missing null line terminator.\n");
+ goto bad;
+ }
+ if (macnum == 0) {
+ macros[macnum].mac_start = macbuf;
+ }
+ else {
+ macros[macnum].mac_start = macros[macnum-1].mac_end + 1;
+ }
+ tmp = macros[macnum].mac_start;
+ while (tmp != macbuf + 4096) {
+ if ((c=getc(cfile)) == EOF) {
+ printf("Macro definition missing null line terminator.\n");
+ goto bad;
+ }
+ *tmp = c;
+ if (*tmp == '\n') {
+ if (*(tmp-1) == '\0') {
+ macros[macnum++].mac_end = tmp - 1;
+ break;
+ }
+ *tmp = '\0';
+ }
+ tmp++;
+ }
+ if (tmp == macbuf + 4096) {
+ printf("4K macro buffer exceeded\n");
+ goto bad;
+ }
+ break;
+ case PROT:
+ token();
+ if(sec_request_prot(tokval) < 0)
+ warnx("Unknown protection level \"%s\"", tokval);
+ break;
+ default:
+ warnx("Unknown .netrc keyword %s", tokval);
+ break;
+ }
+ goto done;
+ }
+done:
+ fclose(cfile);
+ return (0);
+bad:
+ fclose(cfile);
+ return (-1);
+}
+
+static int
+token(void)
+{
+ char *cp;
+ int c;
+ struct toktab *t;
+
+ if (feof(cfile) || ferror(cfile))
+ return (0);
+ while ((c = getc(cfile)) != EOF &&
+ (c == '\n' || c == '\t' || c == ' ' || c == ','))
+ continue;
+ if (c == EOF)
+ return (0);
+ cp = tokval;
+ if (c == '"') {
+ while ((c = getc(cfile)) != EOF && c != '"') {
+ if (c == '\\')
+ c = getc(cfile);
+ *cp++ = c;
+ }
+ } else {
+ *cp++ = c;
+ while ((c = getc(cfile)) != EOF
+ && c != '\n' && c != '\t' && c != ' ' && c != ',') {
+ if (c == '\\')
+ c = getc(cfile);
+ *cp++ = c;
+ }
+ }
+ *cp = 0;
+ if (tokval[0] == 0)
+ return (0);
+ for (t = toktab; t->tokstr; t++)
+ if (!strcmp(t->tokstr, tokval))
+ return (t->tval);
+ return (ID);
+}
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/Makefile.in b/crypto/kerberosIV/appl/ftp/ftpd/Makefile.in
new file mode 100644
index 0000000..55981de
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftpd/Makefile.in
@@ -0,0 +1,84 @@
+#
+# $Id: Makefile.in,v 1.31 1997/05/02 17:49:27 assar Exp $
+#
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+
+topdir = ../../..
+
+SHELL = /bin/sh
+
+CC = @CC@
+YACC = @YACC@
+RANLIB = @RANLIB@
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@
+LD_FLAGS = @LD_FLAGS@
+LIBS = @LIBS@
+LIB_DBM = @LIB_DBM@
+MKINSTALLDIRS = $(top_srcdir)/mkinstalldirs
+
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+libexecdir = @libexecdir@
+transform=@program_transform_name@
+EXECSUFFIX=@EXECSUFFIX@
+
+ATHENA = ../../..
+
+INCTOP = $(ATHENA)/include
+
+LIBTOP = $(ATHENA)/lib
+
+LIBKAFS = @KRB_KAFS_LIB@
+LIBKRB = -L$(LIBTOP)/krb -lkrb
+LIBDES = -L$(LIBTOP)/des -ldes
+LIBOTP = -L$(LIBTOP)/otp -lotp
+LIBROKEN= -L$(LIBTOP)/roken -lroken
+
+PROGS = ftpd$(EXECSUFFIX)
+
+ftpd_SOURCES = ftpd.c ftpcmd.c logwtmp.c popen.c auth.c krb4.c kauth.c
+ftpd_OBJS = ftpd.o ftpcmd.o logwtmp.o popen.o auth.o krb4.o kauth.o
+
+SOURCES = $(ftpd_SOURCES)
+OBJECTS = $(ftpd_OBJS)
+
+all: $(PROGS)
+
+.c.o:
+ $(CC) -c $(CFLAGS) -I$(srcdir) -I$(srcdir)/../common -I$(INCTOP) $(DEFS) $<
+
+install: all
+ $(MKINSTALLDIRS) $(libexecdir)
+ for x in $(PROGS); do \
+ $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x | sed '$(transform)'`; \
+ done
+
+uninstall:
+ for x in $(PROGS); do \
+ rm -f $(libexecdir)/`echo $$x | sed '$(transform)'`; \
+ done
+
+ftpd$(EXECSUFFIX): $(ftpd_OBJS)
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(ftpd_OBJS) -L../common -lcommon $(LIBKAFS) $(LIBKRB) $(LIBOTP) $(LIBDES) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
+
+ftpcmd.c: ftpcmd.y
+ $(YACC) $(YFLAGS) $<
+ chmod a-w y.tab.c
+ mv -f y.tab.c ftpcmd.c
+
+TAGS: $(SOURCES)
+ etags $(SOURCES)
+
+clean cleandir:
+ rm -f *~ *.o core ftpd ftpcmd.c \#*
+
+distclean:
+ rm -f Makefile
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/auth.c b/crypto/kerberosIV/appl/ftp/ftpd/auth.c
new file mode 100644
index 0000000..862eb6d
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftpd/auth.c
@@ -0,0 +1,249 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: auth.c,v 1.11 1997/05/04 23:09:00 assar Exp $");
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4
+#include <sys/ioctl.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#include "extern.h"
+#include "krb4.h"
+#include "auth.h"
+
+static struct at auth_types [] = {
+ { "KERBEROS_V4", krb4_auth, krb4_adat, krb4_pbsz, krb4_prot, krb4_ccc,
+ krb4_mic, krb4_conf, krb4_enc, krb4_read, krb4_write, krb4_userok,
+ krb4_vprintf },
+ { 0, 0, 0, 0, 0, 0, 0, 0, 0 }
+};
+
+struct at *ct;
+
+int data_protection;
+int buffer_size;
+unsigned char *data_buffer;
+int auth_complete;
+
+
+char *protection_names[] = {
+ "clear", "safe",
+ "confidential", "private"
+};
+
+
+void auth_init(void)
+{
+}
+
+char *ftp_command;
+int prot_level;
+
+void new_ftp_command(char *command)
+{
+ ftp_command = command;
+}
+
+void delete_ftp_command(void)
+{
+ if(ftp_command){
+ free(ftp_command);
+ ftp_command = NULL;
+ }
+}
+
+int auth_ok(void)
+{
+ return ct && auth_complete;
+}
+
+void auth(char *auth)
+{
+ for(ct=auth_types; ct->name; ct++){
+ if(!strcasecmp(auth, ct->name)){
+ ct->auth(auth);
+ return;
+ }
+ }
+ reply(504, "%s is not a known security mechanism", auth);
+}
+
+void adat(char *auth)
+{
+ if(ct && !auth_complete)
+ ct->adat(auth);
+ else
+ reply(503, "You must (re)issue an AUTH first.");
+}
+
+void pbsz(int size)
+{
+ int old = buffer_size;
+ if(auth_ok())
+ ct->pbsz(size);
+ else
+ reply(503, "Incomplete security data exchange.");
+ if(buffer_size != old){
+ if(data_buffer)
+ free(data_buffer);
+ data_buffer = malloc(buffer_size + 4);
+ }
+}
+
+void prot(char *pl)
+{
+ int p = -1;
+
+ if(buffer_size == 0){
+ reply(503, "No protection buffer size negotiated.");
+ return;
+ }
+
+ if(!strcasecmp(pl, "C"))
+ p = prot_clear;
+
+ if(!strcasecmp(pl, "S"))
+ p = prot_safe;
+
+ if(!strcasecmp(pl, "E"))
+ p = prot_confidential;
+
+ if(!strcasecmp(pl, "P"))
+ p = prot_private;
+
+ if(p == -1){
+ reply(504, "Unrecognized protection level.");
+ return;
+ }
+
+ if(auth_ok()){
+ if(ct->prot(p)){
+ reply(536, "%s does not support %s protection.",
+ ct->name, protection_names[p]);
+ }else{
+ data_protection = p;
+ reply(200, "Data protection is %s.",
+ protection_names[data_protection]);
+ }
+ }else{
+ reply(503, "Incomplete security data exchange.");
+ }
+}
+
+void ccc(void)
+{
+ if(auth_ok()){
+ if(!ct->ccc())
+ prot_level = prot_clear;
+ }else
+ reply(503, "Incomplete security data exchange.");
+}
+
+void mic(char *msg)
+{
+ if(auth_ok()){
+ if(!ct->mic(msg))
+ prot_level = prot_safe;
+ }else
+ reply(503, "Incomplete security data exchange.");
+}
+
+void conf(char *msg)
+{
+ if(auth_ok()){
+ if(!ct->conf(msg))
+ prot_level = prot_confidential;
+ }else
+ reply(503, "Incomplete security data exchange.");
+}
+
+void enc(char *msg)
+{
+ if(auth_ok()){
+ if(!ct->enc(msg))
+ prot_level = prot_private;
+ }else
+ reply(503, "Incomplete security data exchange.");
+}
+
+int auth_read(int fd, void *data, int length)
+{
+ if(auth_ok() && data_protection)
+ return ct->read(fd, data, length);
+ else
+ return read(fd, data, length);
+}
+
+int auth_write(int fd, void *data, int length)
+{
+ if(auth_ok() && data_protection)
+ return ct->write(fd, data, length);
+ else
+ return write(fd, data, length);
+}
+
+void auth_vprintf(const char *fmt, va_list ap)
+{
+ if(auth_ok() && prot_level){
+ ct->vprintf(fmt, ap);
+ }else
+ vprintf(fmt, ap);
+}
+
+void auth_printf(const char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ auth_vprintf(fmt, ap);
+ va_end(ap);
+}
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/auth.h b/crypto/kerberosIV/appl/ftp/ftpd/auth.h
new file mode 100644
index 0000000..17d9a13
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftpd/auth.h
@@ -0,0 +1,109 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: auth.h,v 1.9 1997/05/11 11:04:28 assar Exp $ */
+
+#ifndef __AUTH_H__
+#define __AUTH_H__
+
+#include <stdarg.h>
+
+struct at {
+ char *name;
+ int (*auth)(char*);
+ int (*adat)(char*);
+ int (*pbsz)(int);
+ int (*prot)(int);
+ int (*ccc)(void);
+ int (*mic)(char*);
+ int (*conf)(char*);
+ int (*enc)(char*);
+ int (*read)(int, void*, int);
+ int (*write)(int, void*, int);
+ int (*userok)(char*);
+ int (*vprintf)(const char*, va_list);
+};
+
+extern struct at *ct;
+
+enum protection_levels {
+ prot_clear, prot_safe, prot_confidential, prot_private
+};
+
+extern char *protection_names[];
+
+extern char *ftp_command;
+extern int prot_level;
+
+void delete_ftp_command(void);
+
+extern int data_protection;
+extern int buffer_size;
+extern unsigned char *data_buffer;
+extern int auth_complete;
+
+void auth_init(void);
+
+int auth_ok(void);
+
+void auth(char*);
+void adat(char*);
+void pbsz(int);
+void prot(char*);
+void ccc(void);
+void mic(char*);
+void conf(char*);
+void enc(char*);
+
+int auth_read(int, void*, int);
+int auth_write(int, void*, int);
+
+void auth_vprintf(const char *fmt, va_list ap)
+#ifdef __GNUC__
+__attribute__ ((format (printf, 1, 0)))
+#endif
+;
+void auth_printf(const char *fmt, ...)
+#ifdef __GNUC__
+__attribute__ ((format (printf, 1, 2)))
+#endif
+;
+
+void new_ftp_command(char *command);
+
+#endif /* __AUTH_H__ */
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/extern.h b/crypto/kerberosIV/appl/ftp/ftpd/extern.h
new file mode 100644
index 0000000..f9b800f
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftpd/extern.h
@@ -0,0 +1,141 @@
+/*-
+ * Copyright (c) 1992, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)extern.h 8.2 (Berkeley) 4/4/94
+ */
+
+#ifndef _EXTERN_H_
+#define _EXTERN_H_
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <setjmp.h>
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+void abor(void);
+void blkfree(char **);
+char **copyblk(char **);
+void cwd(char *);
+void do_delete(char *);
+void dologout(int);
+void fatal(char *);
+int filename_check(char *);
+int ftpd_pclose(FILE *);
+FILE *ftpd_popen(char *, char *, int, int);
+char *getline(char *, int);
+void logwtmp(char *, char *, char *);
+void lreply(int, const char *, ...)
+#ifdef __GNUC__
+__attribute__ ((format (printf, 2, 3)))
+#endif
+;
+void makedir(char *);
+void nack(char *);
+void nreply(const char *, ...)
+#ifdef __GNUC__
+__attribute__ ((format (printf, 1, 2)))
+#endif
+;
+void pass(char *);
+void passive(void);
+void perror_reply(int, char *);
+void pwd(void);
+void removedir(char *);
+void renamecmd(char *, char *);
+char *renamefrom(char *);
+void reply(int, const char *, ...)
+#ifdef __GNUC__
+__attribute__ ((format (printf, 2, 3)))
+#endif
+;
+void retrieve(char *, char *);
+void send_file_list(char *);
+void setproctitle(const char *, ...)
+#ifdef __GNUC__
+__attribute__ ((format (printf, 1, 2)))
+#endif
+;
+void statcmd(void);
+void statfilecmd(char *);
+void do_store(char *, char *, int);
+void upper(char *);
+void user(char *);
+void yyerror(char *);
+
+void kauth(char *, char*);
+void klist(void);
+
+int find(char *);
+
+int do_login(int code, char *passwd);
+int klogin(char *name, char *password);
+
+const char *ftp_rooted(const char *path);
+
+extern struct sockaddr_in ctrl_addr, his_addr;
+extern char hostname[];
+
+extern struct sockaddr_in data_dest;
+extern int logged_in;
+extern struct passwd *pw;
+extern int guest;
+extern int logging;
+extern int type;
+extern int oobflag;
+extern off_t file_size;
+extern off_t byte_count;
+extern jmp_buf urgcatch;
+
+extern int form;
+extern int debug;
+extern int ftpd_timeout;
+extern int maxtimeout;
+extern int pdata;
+extern char hostname[], remotehost[];
+extern char proctitle[];
+extern int usedefault;
+extern int transflag;
+extern char tmpline[];
+
+#endif /* _EXTERN_H_ */
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y b/crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y
new file mode 100644
index 0000000..9368cdb
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y
@@ -0,0 +1,1408 @@
+/* $NetBSD: ftpcmd.y,v 1.6 1995/06/03 22:46:45 mycroft Exp $ */
+
+/*
+ * Copyright (c) 1985, 1988, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)ftpcmd.y 8.3 (Berkeley) 4/6/94
+ */
+
+/*
+ * Grammar for FTP commands.
+ * See RFC 959.
+ */
+
+%{
+
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+RCSID("$Id: ftpcmd.y,v 1.35 1997/05/25 14:38:49 assar Exp $");
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_FTP_H
+#include <arpa/ftp.h>
+#endif
+
+#include <ctype.h>
+#include <errno.h>
+#include <glob.h>
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#include <setjmp.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef HAVE_SYSLOG_H
+#include <syslog.h>
+#endif
+#include <time.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#ifdef HAVE_BSD_BSD_H
+#include <bsd/bsd.h>
+#endif
+
+#include <roken.h>
+
+#ifdef SOCKS
+#include <socks.h>
+extern int LIBPREFIX(fclose) __P((FILE *));
+#endif
+
+#include "extern.h"
+#include "auth.h"
+
+off_t restart_point;
+
+static int cmd_type;
+static int cmd_form;
+static int cmd_bytesz;
+char cbuf[512];
+char *fromname;
+
+struct tab {
+ char *name;
+ short token;
+ short state;
+ short implemented; /* 1 if command is implemented */
+ char *help;
+};
+
+extern struct tab cmdtab[];
+extern struct tab sitetab[];
+
+static char *copy (char *);
+static void help (struct tab *, char *);
+static struct tab *
+ lookup (struct tab *, char *);
+static void sizecmd (char *);
+static void toolong (int);
+static int yylex (void);
+
+/* This is for bison */
+
+#if !defined(alloca) && !defined(HAVE_ALLOCA)
+#define alloca(x) malloc(x)
+#endif
+
+%}
+
+%union {
+ int i;
+ char *s;
+}
+
+%token
+ A B C E F I
+ L N P R S T
+
+ SP CRLF COMMA
+
+ USER PASS ACCT REIN QUIT PORT
+ PASV TYPE STRU MODE RETR STOR
+ APPE MLFL MAIL MSND MSOM MSAM
+ MRSQ MRCP ALLO REST RNFR RNTO
+ ABOR DELE CWD LIST NLST SITE
+ STAT HELP NOOP MKD RMD PWD
+ CDUP STOU SMNT SYST SIZE MDTM
+
+ UMASK IDLE CHMOD
+
+ AUTH ADAT PROT PBSZ CCC MIC
+ CONF ENC
+
+ KAUTH KLIST FIND URL
+
+ LEXERR
+
+%token <s> STRING
+%token <i> NUMBER
+
+%type <i> check_login check_login_no_guest octal_number byte_size
+%type <i> struct_code mode_code type_code form_code
+%type <s> pathstring pathname password username
+
+%start cmd_list
+
+%%
+
+cmd_list
+ : /* empty */
+ | cmd_list cmd
+ {
+ fromname = (char *) 0;
+ restart_point = (off_t) 0;
+ }
+ | cmd_list rcmd
+ ;
+
+cmd
+ : USER SP username CRLF
+ {
+ user($3);
+ free($3);
+ }
+ | AUTH SP STRING CRLF
+ {
+ auth($3);
+ free($3);
+ }
+ | ADAT SP STRING CRLF
+ {
+ adat($3);
+ free($3);
+ }
+ | PBSZ SP NUMBER CRLF
+ {
+ pbsz($3);
+ }
+ | PROT SP STRING CRLF
+ {
+ prot($3);
+ }
+ | CCC CRLF
+ {
+ ccc();
+ }
+ | MIC SP STRING CRLF
+ {
+ mic($3);
+ free($3);
+ }
+ | CONF SP STRING CRLF
+ {
+ conf($3);
+ free($3);
+ }
+ | PASS SP password CRLF
+ {
+ pass($3);
+ memset ($3, 0, strlen($3));
+ free($3);
+ }
+ | PORT SP host_port CRLF
+ {
+ usedefault = 0;
+ if (pdata >= 0) {
+ close(pdata);
+ pdata = -1;
+ }
+ reply(200, "PORT command successful.");
+ }
+ | PASV CRLF
+ {
+ passive();
+ }
+ | TYPE SP type_code CRLF
+ {
+ switch (cmd_type) {
+
+ case TYPE_A:
+ if (cmd_form == FORM_N) {
+ reply(200, "Type set to A.");
+ type = cmd_type;
+ form = cmd_form;
+ } else
+ reply(504, "Form must be N.");
+ break;
+
+ case TYPE_E:
+ reply(504, "Type E not implemented.");
+ break;
+
+ case TYPE_I:
+ reply(200, "Type set to I.");
+ type = cmd_type;
+ break;
+
+ case TYPE_L:
+#if NBBY == 8
+ if (cmd_bytesz == 8) {
+ reply(200,
+ "Type set to L (byte size 8).");
+ type = cmd_type;
+ } else
+ reply(504, "Byte size must be 8.");
+#else /* NBBY == 8 */
+ UNIMPLEMENTED for NBBY != 8
+#endif /* NBBY == 8 */
+ }
+ }
+ | STRU SP struct_code CRLF
+ {
+ switch ($3) {
+
+ case STRU_F:
+ reply(200, "STRU F ok.");
+ break;
+
+ default:
+ reply(504, "Unimplemented STRU type.");
+ }
+ }
+ | MODE SP mode_code CRLF
+ {
+ switch ($3) {
+
+ case MODE_S:
+ reply(200, "MODE S ok.");
+ break;
+
+ default:
+ reply(502, "Unimplemented MODE type.");
+ }
+ }
+ | ALLO SP NUMBER CRLF
+ {
+ reply(202, "ALLO command ignored.");
+ }
+ | ALLO SP NUMBER SP R SP NUMBER CRLF
+ {
+ reply(202, "ALLO command ignored.");
+ }
+ | RETR check_login SP pathname CRLF
+ {
+ if ($2 && $4 != NULL)
+ retrieve((char *) 0, $4);
+ if ($4 != NULL)
+ free($4);
+ }
+ | STOR check_login SP pathname CRLF
+ {
+ if ($2 && $4 != NULL)
+ do_store($4, "w", 0);
+ if ($4 != NULL)
+ free($4);
+ }
+ | APPE check_login SP pathname CRLF
+ {
+ if ($2 && $4 != NULL)
+ do_store($4, "a", 0);
+ if ($4 != NULL)
+ free($4);
+ }
+ | NLST check_login CRLF
+ {
+ if ($2)
+ send_file_list(".");
+ }
+ | NLST check_login SP STRING CRLF
+ {
+ if ($2 && $4 != NULL)
+ send_file_list($4);
+ if ($4 != NULL)
+ free($4);
+ }
+ | LIST check_login CRLF
+ {
+#ifdef HAVE_LS_A
+ char *cmd = "/bin/ls -lA";
+#else
+ char *cmd = "/bin/ls -la";
+#endif
+ if ($2)
+ retrieve(cmd, "");
+
+ }
+ | LIST check_login SP pathname CRLF
+ {
+#ifdef HAVE_LS_A
+ char *cmd = "/bin/ls -lA %s";
+#else
+ char *cmd = "/bin/ls -la %s";
+#endif
+ if ($2 && $4 != NULL)
+ retrieve(cmd, $4);
+ if ($4 != NULL)
+ free($4);
+ }
+ | STAT check_login SP pathname CRLF
+ {
+ if ($2 && $4 != NULL)
+ statfilecmd($4);
+ if ($4 != NULL)
+ free($4);
+ }
+ | STAT CRLF
+ {
+ if(oobflag){
+ if (file_size != (off_t) -1)
+ reply(213, "Status: %ld of %ld bytes transferred",
+ byte_count, file_size);
+ else
+ reply(213, "Status: %ld bytes transferred", byte_count);
+ }else
+ statcmd();
+ }
+ | DELE check_login_no_guest SP pathname CRLF
+ {
+ if ($2 && $4 != NULL)
+ do_delete($4);
+ if ($4 != NULL)
+ free($4);
+ }
+ | RNTO check_login_no_guest SP pathname CRLF
+ {
+ if($2){
+ if (fromname) {
+ renamecmd(fromname, $4);
+ free(fromname);
+ fromname = (char *) 0;
+ } else {
+ reply(503, "Bad sequence of commands.");
+ }
+ }
+ if ($4 != NULL)
+ free($4);
+ }
+ | ABOR CRLF
+ {
+ if(oobflag){
+ reply(426, "Transfer aborted. Data connection closed.");
+ reply(226, "Abort successful");
+ oobflag = 0;
+ longjmp(urgcatch, 1);
+ }else
+ reply(225, "ABOR command successful.");
+ }
+ | CWD check_login CRLF
+ {
+ if ($2)
+ cwd(pw->pw_dir);
+ }
+ | CWD check_login SP pathname CRLF
+ {
+ if ($2 && $4 != NULL)
+ cwd($4);
+ if ($4 != NULL)
+ free($4);
+ }
+ | HELP CRLF
+ {
+ help(cmdtab, (char *) 0);
+ }
+ | HELP SP STRING CRLF
+ {
+ char *cp = $3;
+
+ if (strncasecmp(cp, "SITE", 4) == 0) {
+ cp = $3 + 4;
+ if (*cp == ' ')
+ cp++;
+ if (*cp)
+ help(sitetab, cp);
+ else
+ help(sitetab, (char *) 0);
+ } else
+ help(cmdtab, $3);
+ }
+ | NOOP CRLF
+ {
+ reply(200, "NOOP command successful.");
+ }
+ | MKD check_login SP pathname CRLF
+ {
+ if ($2 && $4 != NULL)
+ makedir($4);
+ if ($4 != NULL)
+ free($4);
+ }
+ | RMD check_login_no_guest SP pathname CRLF
+ {
+ if ($2 && $4 != NULL)
+ removedir($4);
+ if ($4 != NULL)
+ free($4);
+ }
+ | PWD check_login CRLF
+ {
+ if ($2)
+ pwd();
+ }
+ | CDUP check_login CRLF
+ {
+ if ($2)
+ cwd("..");
+ }
+ | SITE SP HELP CRLF
+ {
+ help(sitetab, (char *) 0);
+ }
+ | SITE SP HELP SP STRING CRLF
+ {
+ help(sitetab, $5);
+ }
+ | SITE SP UMASK check_login CRLF
+ {
+ int oldmask;
+
+ if ($4) {
+ oldmask = umask(0);
+ umask(oldmask);
+ reply(200, "Current UMASK is %03o", oldmask);
+ }
+ }
+ | SITE SP UMASK check_login_no_guest SP octal_number CRLF
+ {
+ int oldmask;
+
+ if ($4) {
+ if (($6 == -1) || ($6 > 0777)) {
+ reply(501, "Bad UMASK value");
+ } else {
+ oldmask = umask($6);
+ reply(200,
+ "UMASK set to %03o (was %03o)",
+ $6, oldmask);
+ }
+ }
+ }
+ | SITE SP CHMOD check_login_no_guest SP octal_number SP pathname CRLF
+ {
+ if ($4 && $8 != NULL) {
+ if ($6 > 0777)
+ reply(501,
+ "CHMOD: Mode value must be between 0 and 0777");
+ else if (chmod($8, $6) < 0)
+ perror_reply(550, $8);
+ else
+ reply(200, "CHMOD command successful.");
+ }
+ if ($8 != NULL)
+ free($8);
+ }
+ | SITE SP IDLE CRLF
+ {
+ reply(200,
+ "Current IDLE time limit is %d seconds; max %d",
+ ftpd_timeout, maxtimeout);
+ }
+ | SITE SP IDLE SP NUMBER CRLF
+ {
+ if ($5 < 30 || $5 > maxtimeout) {
+ reply(501,
+ "Maximum IDLE time must be between 30 and %d seconds",
+ maxtimeout);
+ } else {
+ ftpd_timeout = $5;
+ alarm((unsigned) ftpd_timeout);
+ reply(200,
+ "Maximum IDLE time set to %d seconds",
+ ftpd_timeout);
+ }
+ }
+
+ | SITE SP KAUTH check_login SP STRING CRLF
+ {
+ char *p;
+
+ if(guest)
+ reply(500, "Can't be done as guest.");
+ else{
+ if($4 && $6 != NULL){
+ p = strpbrk($6, " \t");
+ if(p){
+ *p++ = 0;
+ kauth($6, p + strspn(p, " \t"));
+ }else
+ kauth($6, NULL);
+ }
+ }
+ if($6 != NULL)
+ free($6);
+ }
+ | SITE SP KLIST check_login CRLF
+ {
+ if($4)
+ klist();
+ }
+ | SITE SP FIND check_login SP STRING CRLF
+ {
+ if($4 && $6 != NULL)
+ find($6);
+ if($6 != NULL)
+ free($6);
+ }
+ | SITE SP URL CRLF
+ {
+ reply(200, "http://www.pdc.kth.se/kth-krb/");
+ }
+ | STOU check_login SP pathname CRLF
+ {
+ if ($2 && $4 != NULL)
+ do_store($4, "w", 1);
+ if ($4 != NULL)
+ free($4);
+ }
+ | SYST CRLF
+ {
+#if defined(unix) || defined(__unix__) || defined(__unix) || defined(_AIX) || defined(_CRAY)
+ reply(215, "UNIX Type: L%d", NBBY);
+#else
+ reply(215, "UNKNOWN Type: L%d", NBBY);
+#endif
+ }
+
+ /*
+ * SIZE is not in RFC959, but Postel has blessed it and
+ * it will be in the updated RFC.
+ *
+ * Return size of file in a format suitable for
+ * using with RESTART (we just count bytes).
+ */
+ | SIZE check_login SP pathname CRLF
+ {
+ if ($2 && $4 != NULL)
+ sizecmd($4);
+ if ($4 != NULL)
+ free($4);
+ }
+
+ /*
+ * MDTM is not in RFC959, but Postel has blessed it and
+ * it will be in the updated RFC.
+ *
+ * Return modification time of file as an ISO 3307
+ * style time. E.g. YYYYMMDDHHMMSS or YYYYMMDDHHMMSS.xxx
+ * where xxx is the fractional second (of any precision,
+ * not necessarily 3 digits)
+ */
+ | MDTM check_login SP pathname CRLF
+ {
+ if ($2 && $4 != NULL) {
+ struct stat stbuf;
+ if (stat($4, &stbuf) < 0)
+ reply(550, "%s: %s",
+ $4, strerror(errno));
+ else if (!S_ISREG(stbuf.st_mode)) {
+ reply(550, "%s: not a plain file.", $4);
+ } else {
+ struct tm *t;
+ t = gmtime(&stbuf.st_mtime);
+ reply(213,
+ "%04d%02d%02d%02d%02d%02d",
+ t->tm_year + 1900,
+ t->tm_mon + 1,
+ t->tm_mday,
+ t->tm_hour,
+ t->tm_min,
+ t->tm_sec);
+ }
+ }
+ if ($4 != NULL)
+ free($4);
+ }
+ | QUIT CRLF
+ {
+ reply(221, "Goodbye.");
+ dologout(0);
+ }
+ | error CRLF
+ {
+ yyerrok;
+ }
+ ;
+rcmd
+ : RNFR check_login_no_guest SP pathname CRLF
+ {
+ restart_point = (off_t) 0;
+ if ($2 && $4) {
+ fromname = renamefrom($4);
+ if (fromname == (char *) 0 && $4) {
+ free($4);
+ }
+ }
+ }
+ | REST SP byte_size CRLF
+ {
+ fromname = (char *) 0;
+ restart_point = $3; /* XXX $3 is only "int" */
+ reply(350, "Restarting at %ld. %s",
+ (long)restart_point,
+ "Send STORE or RETRIEVE to initiate transfer.");
+ }
+ | ENC SP STRING CRLF
+ {
+ enc($3);
+ free($3);
+ }
+ ;
+
+username
+ : STRING
+ ;
+
+password
+ : /* empty */
+ {
+ $$ = (char *)calloc(1, sizeof(char));
+ }
+ | STRING
+ ;
+
+byte_size
+ : NUMBER
+ ;
+
+host_port
+ : NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA
+ NUMBER COMMA NUMBER
+ {
+ data_dest.sin_family = AF_INET;
+ data_dest.sin_port = htons($9 * 256 + $11);
+ data_dest.sin_addr.s_addr =
+ htonl(($1 << 24) | ($3 << 16) | ($5 << 8) | $7);
+ }
+ ;
+
+form_code
+ : N
+ {
+ $$ = FORM_N;
+ }
+ | T
+ {
+ $$ = FORM_T;
+ }
+ | C
+ {
+ $$ = FORM_C;
+ }
+ ;
+
+type_code
+ : A
+ {
+ cmd_type = TYPE_A;
+ cmd_form = FORM_N;
+ }
+ | A SP form_code
+ {
+ cmd_type = TYPE_A;
+ cmd_form = $3;
+ }
+ | E
+ {
+ cmd_type = TYPE_E;
+ cmd_form = FORM_N;
+ }
+ | E SP form_code
+ {
+ cmd_type = TYPE_E;
+ cmd_form = $3;
+ }
+ | I
+ {
+ cmd_type = TYPE_I;
+ }
+ | L
+ {
+ cmd_type = TYPE_L;
+ cmd_bytesz = NBBY;
+ }
+ | L SP byte_size
+ {
+ cmd_type = TYPE_L;
+ cmd_bytesz = $3;
+ }
+ /* this is for a bug in the BBN ftp */
+ | L byte_size
+ {
+ cmd_type = TYPE_L;
+ cmd_bytesz = $2;
+ }
+ ;
+
+struct_code
+ : F
+ {
+ $$ = STRU_F;
+ }
+ | R
+ {
+ $$ = STRU_R;
+ }
+ | P
+ {
+ $$ = STRU_P;
+ }
+ ;
+
+mode_code
+ : S
+ {
+ $$ = MODE_S;
+ }
+ | B
+ {
+ $$ = MODE_B;
+ }
+ | C
+ {
+ $$ = MODE_C;
+ }
+ ;
+
+pathname
+ : pathstring
+ {
+ /*
+ * Problem: this production is used for all pathname
+ * processing, but only gives a 550 error reply.
+ * This is a valid reply in some cases but not in others.
+ */
+ if (logged_in && $1 && *$1 == '~') {
+ glob_t gl;
+ int flags =
+ GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
+
+ memset(&gl, 0, sizeof(gl));
+ if (glob($1, flags, NULL, &gl) ||
+ gl.gl_pathc == 0) {
+ reply(550, "not found");
+ $$ = NULL;
+ } else {
+ $$ = strdup(gl.gl_pathv[0]);
+ }
+ globfree(&gl);
+ free($1);
+ } else
+ $$ = $1;
+ }
+ ;
+
+pathstring
+ : STRING
+ ;
+
+octal_number
+ : NUMBER
+ {
+ int ret, dec, multby, digit;
+
+ /*
+ * Convert a number that was read as decimal number
+ * to what it would be if it had been read as octal.
+ */
+ dec = $1;
+ multby = 1;
+ ret = 0;
+ while (dec) {
+ digit = dec%10;
+ if (digit > 7) {
+ ret = -1;
+ break;
+ }
+ ret += digit * multby;
+ multby *= 8;
+ dec /= 10;
+ }
+ $$ = ret;
+ }
+ ;
+
+
+check_login_no_guest : check_login
+ {
+ $$ = $1 && !guest;
+ if($1 && !$$)
+ reply(550, "Permission denied");
+ }
+ ;
+
+check_login
+ : /* empty */
+ {
+ if(auth_complete && prot_level == prot_clear){
+ reply(533, "Command protection level denied for paranoid reasons.");
+ $$ = 0;
+ }else
+ if (logged_in)
+ $$ = 1;
+ else {
+ reply(530, "Please login with USER and PASS.");
+ $$ = 0;
+ }
+ }
+ ;
+
+%%
+
+extern jmp_buf errcatch;
+
+#define CMD 0 /* beginning of command */
+#define ARGS 1 /* expect miscellaneous arguments */
+#define STR1 2 /* expect SP followed by STRING */
+#define STR2 3 /* expect STRING */
+#define OSTR 4 /* optional SP then STRING */
+#define ZSTR1 5 /* SP then optional STRING */
+#define ZSTR2 6 /* optional STRING after SP */
+#define SITECMD 7 /* SITE command */
+#define NSTR 8 /* Number followed by a string */
+
+struct tab cmdtab[] = { /* In order defined in RFC 765 */
+ { "USER", USER, STR1, 1, "<sp> username" },
+ { "PASS", PASS, ZSTR1, 1, "<sp> password" },
+ { "ACCT", ACCT, STR1, 0, "(specify account)" },
+ { "SMNT", SMNT, ARGS, 0, "(structure mount)" },
+ { "REIN", REIN, ARGS, 0, "(reinitialize server state)" },
+ { "QUIT", QUIT, ARGS, 1, "(terminate service)", },
+ { "PORT", PORT, ARGS, 1, "<sp> b0, b1, b2, b3, b4" },
+ { "PASV", PASV, ARGS, 1, "(set server in passive mode)" },
+ { "TYPE", TYPE, ARGS, 1, "<sp> [ A | E | I | L ]" },
+ { "STRU", STRU, ARGS, 1, "(specify file structure)" },
+ { "MODE", MODE, ARGS, 1, "(specify transfer mode)" },
+ { "RETR", RETR, STR1, 1, "<sp> file-name" },
+ { "STOR", STOR, STR1, 1, "<sp> file-name" },
+ { "APPE", APPE, STR1, 1, "<sp> file-name" },
+ { "MLFL", MLFL, OSTR, 0, "(mail file)" },
+ { "MAIL", MAIL, OSTR, 0, "(mail to user)" },
+ { "MSND", MSND, OSTR, 0, "(mail send to terminal)" },
+ { "MSOM", MSOM, OSTR, 0, "(mail send to terminal or mailbox)" },
+ { "MSAM", MSAM, OSTR, 0, "(mail send to terminal and mailbox)" },
+ { "MRSQ", MRSQ, OSTR, 0, "(mail recipient scheme question)" },
+ { "MRCP", MRCP, STR1, 0, "(mail recipient)" },
+ { "ALLO", ALLO, ARGS, 1, "allocate storage (vacuously)" },
+ { "REST", REST, ARGS, 1, "<sp> offset (restart command)" },
+ { "RNFR", RNFR, STR1, 1, "<sp> file-name" },
+ { "RNTO", RNTO, STR1, 1, "<sp> file-name" },
+ { "ABOR", ABOR, ARGS, 1, "(abort operation)" },
+ { "DELE", DELE, STR1, 1, "<sp> file-name" },
+ { "CWD", CWD, OSTR, 1, "[ <sp> directory-name ]" },
+ { "XCWD", CWD, OSTR, 1, "[ <sp> directory-name ]" },
+ { "LIST", LIST, OSTR, 1, "[ <sp> path-name ]" },
+ { "NLST", NLST, OSTR, 1, "[ <sp> path-name ]" },
+ { "SITE", SITE, SITECMD, 1, "site-cmd [ <sp> arguments ]" },
+ { "SYST", SYST, ARGS, 1, "(get type of operating system)" },
+ { "STAT", STAT, OSTR, 1, "[ <sp> path-name ]" },
+ { "HELP", HELP, OSTR, 1, "[ <sp> <string> ]" },
+ { "NOOP", NOOP, ARGS, 1, "" },
+ { "MKD", MKD, STR1, 1, "<sp> path-name" },
+ { "XMKD", MKD, STR1, 1, "<sp> path-name" },
+ { "RMD", RMD, STR1, 1, "<sp> path-name" },
+ { "XRMD", RMD, STR1, 1, "<sp> path-name" },
+ { "PWD", PWD, ARGS, 1, "(return current directory)" },
+ { "XPWD", PWD, ARGS, 1, "(return current directory)" },
+ { "CDUP", CDUP, ARGS, 1, "(change to parent directory)" },
+ { "XCUP", CDUP, ARGS, 1, "(change to parent directory)" },
+ { "STOU", STOU, STR1, 1, "<sp> file-name" },
+ { "SIZE", SIZE, OSTR, 1, "<sp> path-name" },
+ { "MDTM", MDTM, OSTR, 1, "<sp> path-name" },
+
+ /* extensions from draft-ietf-cat-ftpsec-08 */
+ { "AUTH", AUTH, STR1, 1, "<sp> auth-type" },
+ { "ADAT", ADAT, STR1, 1, "<sp> auth-data" },
+ { "PBSZ", PBSZ, ARGS, 1, "<sp> buffer-size" },
+ { "PROT", PROT, STR1, 1, "<sp> prot-level" },
+ { "CCC", CCC, ARGS, 1, "" },
+ { "MIC", MIC, STR1, 1, "<sp> integrity command" },
+ { "CONF", CONF, STR1, 1, "<sp> confidentiality command" },
+ { "ENC", ENC, STR1, 1, "<sp> privacy command" },
+
+ { NULL, 0, 0, 0, 0 }
+};
+
+struct tab sitetab[] = {
+ { "UMASK", UMASK, ARGS, 1, "[ <sp> umask ]" },
+ { "IDLE", IDLE, ARGS, 1, "[ <sp> maximum-idle-time ]" },
+ { "CHMOD", CHMOD, NSTR, 1, "<sp> mode <sp> file-name" },
+ { "HELP", HELP, OSTR, 1, "[ <sp> <string> ]" },
+
+ { "KAUTH", KAUTH, STR1, 1, "<sp> principal [ <sp> ticket ]" },
+ { "KLIST", KLIST, ARGS, 1, "(show ticket file)" },
+
+ { "FIND", FIND, STR1, 1, "<sp> globexpr" },
+
+ { "URL", URL, ARGS, 1, "?" },
+
+ { NULL, 0, 0, 0, 0 }
+};
+
+static struct tab *
+lookup(struct tab *p, char *cmd)
+{
+
+ for (; p->name != NULL; p++)
+ if (strcmp(cmd, p->name) == 0)
+ return (p);
+ return (0);
+}
+
+#include <arpa/telnet.h>
+
+/*
+ * getline - a hacked up version of fgets to ignore TELNET escape codes.
+ */
+char *
+getline(char *s, int n)
+{
+ int c;
+ char *cs;
+
+ cs = s;
+/* tmpline may contain saved command from urgent mode interruption */
+ if(ftp_command){
+ strncpy(s, ftp_command, n);
+ if (debug)
+ syslog(LOG_DEBUG, "command: %s", s);
+#ifdef XXX
+ fprintf(stderr, "%s\n", s);
+#endif
+ return s;
+ }
+ prot_level = prot_clear;
+ while ((c = getc(stdin)) != EOF) {
+ c &= 0377;
+ if (c == IAC) {
+ if ((c = getc(stdin)) != EOF) {
+ c &= 0377;
+ switch (c) {
+ case WILL:
+ case WONT:
+ c = getc(stdin);
+ printf("%c%c%c", IAC, DONT, 0377&c);
+ fflush(stdout);
+ continue;
+ case DO:
+ case DONT:
+ c = getc(stdin);
+ printf("%c%c%c", IAC, WONT, 0377&c);
+ fflush(stdout);
+ continue;
+ case IAC:
+ break;
+ default:
+ continue; /* ignore command */
+ }
+ }
+ }
+ *cs++ = c;
+ if (--n <= 0 || c == '\n')
+ break;
+ }
+ if (c == EOF && cs == s)
+ return (NULL);
+ *cs++ = '\0';
+ if (debug) {
+ if (!guest && strncasecmp("pass ", s, 5) == 0) {
+ /* Don't syslog passwords */
+ syslog(LOG_DEBUG, "command: %.5s ???", s);
+ } else {
+ char *cp;
+ int len;
+
+ /* Don't syslog trailing CR-LF */
+ len = strlen(s);
+ cp = s + len - 1;
+ while (cp >= s && (*cp == '\n' || *cp == '\r')) {
+ --cp;
+ --len;
+ }
+ syslog(LOG_DEBUG, "command: %.*s", len, s);
+ }
+ }
+#ifdef XXX
+ fprintf(stderr, "%s\n", s);
+#endif
+ return (s);
+}
+
+static RETSIGTYPE
+toolong(int signo)
+{
+
+ reply(421,
+ "Timeout (%d seconds): closing control connection.",
+ ftpd_timeout);
+ if (logging)
+ syslog(LOG_INFO, "User %s timed out after %d seconds",
+ (pw ? pw -> pw_name : "unknown"), ftpd_timeout);
+ dologout(1);
+ SIGRETURN(0);
+}
+
+static int
+yylex(void)
+{
+ static int cpos, state;
+ char *cp, *cp2;
+ struct tab *p;
+ int n;
+ char c;
+
+ for (;;) {
+ switch (state) {
+
+ case CMD:
+ signal(SIGALRM, toolong);
+ alarm((unsigned) ftpd_timeout);
+ if (getline(cbuf, sizeof(cbuf)-1) == NULL) {
+ reply(221, "You could at least say goodbye.");
+ dologout(0);
+ }
+ alarm(0);
+#ifdef HASSETPROCTITLE
+ if (strncasecmp(cbuf, "PASS", 4) != NULL)
+ setproctitle("%s: %s", proctitle, cbuf);
+#endif /* HASSETPROCTITLE */
+ if ((cp = strchr(cbuf, '\r'))) {
+ *cp++ = '\n';
+ *cp = '\0';
+ }
+ if ((cp = strpbrk(cbuf, " \n")))
+ cpos = cp - cbuf;
+ if (cpos == 0)
+ cpos = 4;
+ c = cbuf[cpos];
+ cbuf[cpos] = '\0';
+ strupr(cbuf);
+ p = lookup(cmdtab, cbuf);
+ cbuf[cpos] = c;
+ if (p != 0) {
+ if (p->implemented == 0) {
+ nack(p->name);
+ longjmp(errcatch,0);
+ /* NOTREACHED */
+ }
+ state = p->state;
+ yylval.s = p->name;
+ return (p->token);
+ }
+ break;
+
+ case SITECMD:
+ if (cbuf[cpos] == ' ') {
+ cpos++;
+ return (SP);
+ }
+ cp = &cbuf[cpos];
+ if ((cp2 = strpbrk(cp, " \n")))
+ cpos = cp2 - cbuf;
+ c = cbuf[cpos];
+ cbuf[cpos] = '\0';
+ strupr(cp);
+ p = lookup(sitetab, cp);
+ cbuf[cpos] = c;
+ if (p != 0) {
+ if (p->implemented == 0) {
+ state = CMD;
+ nack(p->name);
+ longjmp(errcatch,0);
+ /* NOTREACHED */
+ }
+ state = p->state;
+ yylval.s = p->name;
+ return (p->token);
+ }
+ state = CMD;
+ break;
+
+ case OSTR:
+ if (cbuf[cpos] == '\n') {
+ state = CMD;
+ return (CRLF);
+ }
+ /* FALLTHROUGH */
+
+ case STR1:
+ case ZSTR1:
+ dostr1:
+ if (cbuf[cpos] == ' ') {
+ cpos++;
+ state = state == OSTR ? STR2 : ++state;
+ return (SP);
+ }
+ break;
+
+ case ZSTR2:
+ if (cbuf[cpos] == '\n') {
+ state = CMD;
+ return (CRLF);
+ }
+ /* FALLTHROUGH */
+
+ case STR2:
+ cp = &cbuf[cpos];
+ n = strlen(cp);
+ cpos += n - 1;
+ /*
+ * Make sure the string is nonempty and \n terminated.
+ */
+ if (n > 1 && cbuf[cpos] == '\n') {
+ cbuf[cpos] = '\0';
+ yylval.s = copy(cp);
+ cbuf[cpos] = '\n';
+ state = ARGS;
+ return (STRING);
+ }
+ break;
+
+ case NSTR:
+ if (cbuf[cpos] == ' ') {
+ cpos++;
+ return (SP);
+ }
+ if (isdigit(cbuf[cpos])) {
+ cp = &cbuf[cpos];
+ while (isdigit(cbuf[++cpos]))
+ ;
+ c = cbuf[cpos];
+ cbuf[cpos] = '\0';
+ yylval.i = atoi(cp);
+ cbuf[cpos] = c;
+ state = STR1;
+ return (NUMBER);
+ }
+ state = STR1;
+ goto dostr1;
+
+ case ARGS:
+ if (isdigit(cbuf[cpos])) {
+ cp = &cbuf[cpos];
+ while (isdigit(cbuf[++cpos]))
+ ;
+ c = cbuf[cpos];
+ cbuf[cpos] = '\0';
+ yylval.i = atoi(cp);
+ cbuf[cpos] = c;
+ return (NUMBER);
+ }
+ switch (cbuf[cpos++]) {
+
+ case '\n':
+ state = CMD;
+ return (CRLF);
+
+ case ' ':
+ return (SP);
+
+ case ',':
+ return (COMMA);
+
+ case 'A':
+ case 'a':
+ return (A);
+
+ case 'B':
+ case 'b':
+ return (B);
+
+ case 'C':
+ case 'c':
+ return (C);
+
+ case 'E':
+ case 'e':
+ return (E);
+
+ case 'F':
+ case 'f':
+ return (F);
+
+ case 'I':
+ case 'i':
+ return (I);
+
+ case 'L':
+ case 'l':
+ return (L);
+
+ case 'N':
+ case 'n':
+ return (N);
+
+ case 'P':
+ case 'p':
+ return (P);
+
+ case 'R':
+ case 'r':
+ return (R);
+
+ case 'S':
+ case 's':
+ return (S);
+
+ case 'T':
+ case 't':
+ return (T);
+
+ }
+ break;
+
+ default:
+ fatal("Unknown state in scanner.");
+ }
+ yyerror((char *) 0);
+ state = CMD;
+ longjmp(errcatch,0);
+ }
+}
+
+static char *
+copy(char *s)
+{
+ char *p;
+
+ p = strdup(s);
+ if (p == NULL)
+ fatal("Ran out of memory.");
+ return p;
+}
+
+static void
+help(struct tab *ctab, char *s)
+{
+ struct tab *c;
+ int width, NCMDS;
+ char *type;
+ char buf[1024];
+
+ if (ctab == sitetab)
+ type = "SITE ";
+ else
+ type = "";
+ width = 0, NCMDS = 0;
+ for (c = ctab; c->name != NULL; c++) {
+ int len = strlen(c->name);
+
+ if (len > width)
+ width = len;
+ NCMDS++;
+ }
+ width = (width + 8) &~ 7;
+ if (s == 0) {
+ int i, j, w;
+ int columns, lines;
+
+ lreply(214, "The following %scommands are recognized %s.",
+ type, "(* =>'s unimplemented)");
+ columns = 76 / width;
+ if (columns == 0)
+ columns = 1;
+ lines = (NCMDS + columns - 1) / columns;
+ for (i = 0; i < lines; i++) {
+ strcpy (buf, " ");
+ for (j = 0; j < columns; j++) {
+ c = ctab + j * lines + i;
+ snprintf (buf + strlen(buf), sizeof(buf) - strlen(buf),
+ "%s%c", c->name, c->implemented ? ' ' : '*');
+ if (c + lines >= &ctab[NCMDS])
+ break;
+ w = strlen(c->name) + 1;
+ while (w < width) {
+ strcat(buf, " ");
+ w++;
+ }
+ }
+ lreply(214, buf);
+ }
+ reply(214, "Direct comments to kth-krb-bugs@pdc.kth.se");
+ return;
+ }
+ strupr(s);
+ c = lookup(ctab, s);
+ if (c == (struct tab *)0) {
+ reply(502, "Unknown command %s.", s);
+ return;
+ }
+ if (c->implemented)
+ reply(214, "Syntax: %s%s %s", type, c->name, c->help);
+ else
+ reply(214, "%s%-*s\t%s; unimplemented.", type, width,
+ c->name, c->help);
+}
+
+static void
+sizecmd(char *filename)
+{
+ switch (type) {
+ case TYPE_L:
+ case TYPE_I: {
+ struct stat stbuf;
+ if (stat(filename, &stbuf) < 0 || !S_ISREG(stbuf.st_mode))
+ reply(550, "%s: not a plain file.", filename);
+ else
+ reply(213, "%lu", (unsigned long)stbuf.st_size);
+ break; }
+ case TYPE_A: {
+ FILE *fin;
+ int c;
+ off_t count;
+ struct stat stbuf;
+ fin = fopen(filename, "r");
+ if (fin == NULL) {
+ perror_reply(550, filename);
+ return;
+ }
+ if (fstat(fileno(fin), &stbuf) < 0 || !S_ISREG(stbuf.st_mode)) {
+ reply(550, "%s: not a plain file.", filename);
+ fclose(fin);
+ return;
+ }
+
+ count = 0;
+ while((c=getc(fin)) != EOF) {
+ if (c == '\n') /* will get expanded to \r\n */
+ count++;
+ count++;
+ }
+ fclose(fin);
+
+ reply(213, "%ld", count);
+ break; }
+ default:
+ reply(504, "SIZE not implemented for Type %c.", "?AEIL"[type]);
+ }
+}
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/ftpd.c b/crypto/kerberosIV/appl/ftp/ftpd/ftpd.c
new file mode 100644
index 0000000..17cd3b9
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftpd/ftpd.c
@@ -0,0 +1,2076 @@
+/*
+ * Copyright (c) 1985, 1988, 1990, 1992, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: ftpd.c,v 1.88 1997/06/01 03:13:48 assar Exp $");
+#endif
+
+/*
+ * FTP server.
+ */
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4
+#include <sys/ioctl.h>
+#endif
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN_SYSTM_H
+#include <netinet/in_systm.h>
+#endif
+#ifdef HAVE_NETINET_IP_H
+#include <netinet/ip.h>
+#endif
+
+#ifdef HAVE_SYS_MMAN_H
+#include <sys/mman.h>
+#endif
+
+#define FTP_NAMES
+#include <arpa/ftp.h>
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_ARPA_TELNET_H
+#include <arpa/telnet.h>
+#endif
+
+#include <ctype.h>
+#ifdef HAVE_DIRENT_H
+#include <dirent.h>
+#endif
+#include <errno.h>
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#include <glob.h>
+#include <limits.h>
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#include <setjmp.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#ifdef HAVE_SYSLOG_H
+#include <syslog.h>
+#endif
+#include <time.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_GRP_H
+#include <grp.h>
+#endif
+
+#include <err.h>
+
+#include "pathnames.h"
+#include "extern.h"
+#include "common.h"
+
+#include "auth.h"
+
+#include <krb.h>
+
+#include <kafs.h>
+#include "roken.h"
+
+#include <otp.h>
+
+#ifdef SOCKS
+#include <socks.h>
+extern int LIBPREFIX(fclose) __P((FILE *));
+#endif
+
+void yyparse();
+
+#ifndef LOG_FTP
+#define LOG_FTP LOG_DAEMON
+#endif
+
+static char version[] = "Version 6.00";
+
+extern off_t restart_point;
+extern char cbuf[];
+
+struct sockaddr_in ctrl_addr;
+struct sockaddr_in data_source;
+struct sockaddr_in data_dest;
+struct sockaddr_in his_addr;
+struct sockaddr_in pasv_addr;
+
+int data;
+jmp_buf errcatch, urgcatch;
+int oobflag;
+int logged_in;
+struct passwd *pw;
+int debug;
+int ftpd_timeout = 900; /* timeout after 15 minutes of inactivity */
+int maxtimeout = 7200;/* don't allow idle time to be set beyond 2 hours */
+int logging;
+int guest;
+int dochroot;
+int type;
+int form;
+int stru; /* avoid C keyword */
+int mode;
+int usedefault = 1; /* for data transfers */
+int pdata = -1; /* for passive mode */
+int transflag;
+off_t file_size;
+off_t byte_count;
+#if !defined(CMASK) || CMASK == 0
+#undef CMASK
+#define CMASK 027
+#endif
+int defumask = CMASK; /* default umask value */
+int guest_umask = 0777; /* Paranoia for anonymous users */
+char tmpline[10240];
+char hostname[MaxHostNameLen];
+char remotehost[MaxHostNameLen];
+static char ttyline[20];
+
+#define AUTH_PLAIN (1 << 0) /* allow sending passwords */
+#define AUTH_OTP (1 << 1) /* passwords are one-time */
+#define AUTH_FTP (1 << 2) /* allow anonymous login */
+
+static int auth_level = 0; /* Only allow kerberos login by default */
+
+/*
+ * Timeout intervals for retrying connections
+ * to hosts that don't accept PORT cmds. This
+ * is a kludge, but given the problems with TCP...
+ */
+#define SWAITMAX 90 /* wait at most 90 seconds */
+#define SWAITINT 5 /* interval between retries */
+
+int swaitmax = SWAITMAX;
+int swaitint = SWAITINT;
+
+#ifdef HAVE_SETPROCTITLE
+char proctitle[BUFSIZ]; /* initial part of title */
+#endif /* HAVE_SETPROCTITLE */
+
+#define LOGCMD(cmd, file) \
+ if (logging > 1) \
+ syslog(LOG_INFO,"%s %s%s", cmd, \
+ *(file) == '/' ? "" : curdir(), file);
+#define LOGCMD2(cmd, file1, file2) \
+ if (logging > 1) \
+ syslog(LOG_INFO,"%s %s%s %s%s", cmd, \
+ *(file1) == '/' ? "" : curdir(), file1, \
+ *(file2) == '/' ? "" : curdir(), file2);
+#define LOGBYTES(cmd, file, cnt) \
+ if (logging > 1) { \
+ if (cnt == (off_t)-1) \
+ syslog(LOG_INFO,"%s %s%s", cmd, \
+ *(file) == '/' ? "" : curdir(), file); \
+ else \
+ syslog(LOG_INFO, "%s %s%s = %ld bytes", \
+ cmd, (*(file) == '/') ? "" : curdir(), file, (long)cnt); \
+ }
+
+static void ack (char *);
+static void myoob (int);
+static int checkuser (char *, char *);
+static int checkaccess (char *);
+static FILE *dataconn (char *, off_t, char *);
+static void dolog (struct sockaddr_in *);
+static void end_login (void);
+static FILE *getdatasock (char *);
+static char *gunique (char *);
+static RETSIGTYPE lostconn (int);
+static int receive_data (FILE *, FILE *);
+static void send_data (FILE *, FILE *);
+static struct passwd * sgetpwnam (char *);
+static void usage(void);
+
+static char *
+curdir(void)
+{
+ static char path[MaxPathLen+1+1]; /* path + '/' + '\0' */
+
+ if (getcwd(path, sizeof(path)-2) == NULL)
+ return ("");
+ if (path[1] != '\0') /* special case for root dir. */
+ strcat(path, "/");
+ /* For guest account, skip / since it's chrooted */
+ return (guest ? path+1 : path);
+}
+
+#ifndef LINE_MAX
+#define LINE_MAX 1024
+#endif
+
+static int
+parse_auth_level(char *str)
+{
+ char *p;
+ int ret = 0;
+ char *foo = NULL;
+
+ for(p = strtok_r(str, ",", &foo);
+ p;
+ p = strtok_r(NULL, ",", &foo)) {
+ if(strcmp(p, "user") == 0)
+ ;
+ else if(strcmp(p, "otp") == 0)
+ ret |= AUTH_PLAIN|AUTH_OTP;
+ else if(strcmp(p, "ftp") == 0 ||
+ strcmp(p, "safe") == 0)
+ ret |= AUTH_FTP;
+ else if(strcmp(p, "plain") == 0)
+ ret |= AUTH_PLAIN;
+ else if(strcmp(p, "none") == 0)
+ ret |= AUTH_PLAIN|AUTH_FTP;
+ else
+ warnx("bad value for -a: `%s'", p);
+ }
+ return ret;
+}
+
+/*
+ * Print usage and die.
+ */
+
+static void
+usage (void)
+{
+ fprintf (stderr,
+ "Usage: %s [-d] [-i] [-g guest_umask] [-l] [-p port]"
+ " [-t timeout] [-T max_timeout] [-u umask] [-v]"
+ " [-a auth_level] \n",
+ __progname);
+ exit (1);
+}
+
+int
+main(int argc, char **argv)
+{
+ int addrlen, ch, on = 1, tos;
+ char *cp, line[LINE_MAX];
+ FILE *fd;
+ int not_inetd = 0;
+ int port;
+ struct servent *sp;
+ char tkfile[1024];
+
+ set_progname (argv[0]);
+
+ /* detach from any tickets and tokens */
+
+ snprintf(tkfile, sizeof(tkfile),
+ "/tmp/ftp_%u", (unsigned)getpid());
+ krb_set_tkt_string(tkfile);
+ if(k_hasafs())
+ k_setpag();
+
+ sp = getservbyname("ftp", "tcp");
+ if(sp)
+ port = sp->s_port;
+ else
+ port = htons(21);
+
+ while ((ch = getopt(argc, argv, "a:dg:ilp:t:T:u:v")) != EOF) {
+ switch (ch) {
+ case 'a':
+ auth_level = parse_auth_level(optarg);
+ break;
+ case 'd':
+ debug = 1;
+ break;
+
+ case 'i':
+ not_inetd = 1;
+ break;
+ case 'g':
+ {
+ long val = 0;
+
+ val = strtol(optarg, &optarg, 8);
+ if (*optarg != '\0' || val < 0)
+ warnx("bad value for -g");
+ else
+ guest_umask = val;
+ break;
+ }
+ case 'l':
+ logging++; /* > 1 == extra logging */
+ break;
+
+ case 'p':
+ sp = getservbyname(optarg, "tcp");
+ if(sp)
+ port = sp->s_port;
+ else
+ if(isdigit(optarg[0]))
+ port = htons(atoi(optarg));
+ else
+ warnx("bad value for -p");
+ break;
+
+ case 't':
+ ftpd_timeout = atoi(optarg);
+ if (maxtimeout < ftpd_timeout)
+ maxtimeout = ftpd_timeout;
+ break;
+
+ case 'T':
+ maxtimeout = atoi(optarg);
+ if (ftpd_timeout > maxtimeout)
+ ftpd_timeout = maxtimeout;
+ break;
+
+ case 'u':
+ {
+ long val = 0;
+
+ val = strtol(optarg, &optarg, 8);
+ if (*optarg != '\0' || val < 0)
+ warnx("bad value for -u");
+ else
+ defumask = val;
+ break;
+ }
+
+ case 'v':
+ debug = 1;
+ break;
+
+ default:
+ usage ();
+ }
+ }
+
+ if(not_inetd)
+ mini_inetd (port);
+
+ /*
+ * LOG_NDELAY sets up the logging connection immediately,
+ * necessary for anonymous ftp's that chroot and can't do it later.
+ */
+ openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_FTP);
+ addrlen = sizeof(his_addr);
+ if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) {
+ syslog(LOG_ERR, "getpeername (%s): %m",argv[0]);
+ exit(1);
+ }
+ addrlen = sizeof(ctrl_addr);
+ if (getsockname(0, (struct sockaddr *)&ctrl_addr, &addrlen) < 0) {
+ syslog(LOG_ERR, "getsockname (%s): %m",argv[0]);
+ exit(1);
+ }
+#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
+ tos = IPTOS_LOWDELAY;
+ if (setsockopt(0, IPPROTO_IP, IP_TOS, (void *)&tos, sizeof(int)) < 0)
+ syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
+#endif
+ data_source.sin_port = htons(ntohs(ctrl_addr.sin_port) - 1);
+ debug = 0;
+
+ /* set this here so it can be put in wtmp */
+ snprintf(ttyline, sizeof(ttyline), "ftp%u", (unsigned)getpid());
+
+
+ /* freopen(_PATH_DEVNULL, "w", stderr); */
+ signal(SIGPIPE, lostconn);
+ signal(SIGCHLD, SIG_IGN);
+#ifdef SIGURG
+ if (signal(SIGURG, myoob) == SIG_ERR)
+ syslog(LOG_ERR, "signal: %m");
+#endif
+
+ auth_init();
+
+ /* Try to handle urgent data inline */
+#if defined(SO_OOBINLINE) && defined(HAVE_SETSOCKOPT)
+ if (setsockopt(0, SOL_SOCKET, SO_OOBINLINE, (void *)&on,
+ sizeof(on)) < 0)
+ syslog(LOG_ERR, "setsockopt: %m");
+#endif
+
+#ifdef F_SETOWN
+ if (fcntl(fileno(stdin), F_SETOWN, getpid()) == -1)
+ syslog(LOG_ERR, "fcntl F_SETOWN: %m");
+#endif
+ dolog(&his_addr);
+ /*
+ * Set up default state
+ */
+ data = -1;
+ type = TYPE_A;
+ form = FORM_N;
+ stru = STRU_F;
+ mode = MODE_S;
+ tmpline[0] = '\0';
+
+ /* If logins are disabled, print out the message. */
+ if ((fd = fopen(_PATH_NOLOGIN,"r")) != NULL) {
+ while (fgets(line, sizeof(line), fd) != NULL) {
+ if ((cp = strchr(line, '\n')) != NULL)
+ *cp = '\0';
+ lreply(530, "%s", line);
+ }
+ fflush(stdout);
+ fclose(fd);
+ reply(530, "System not available.");
+ exit(0);
+ }
+ if ((fd = fopen(_PATH_FTPWELCOME, "r")) != NULL) {
+ while (fgets(line, sizeof(line), fd) != NULL) {
+ if ((cp = strchr(line, '\n')) != NULL)
+ *cp = '\0';
+ lreply(220, "%s", line);
+ }
+ fflush(stdout);
+ fclose(fd);
+ /* reply(220,) must follow */
+ }
+ k_gethostname(hostname, sizeof(hostname));
+ reply(220, "%s FTP server (%s+%s) ready.", hostname,
+ version, krb4_version);
+ setjmp(errcatch);
+ for (;;)
+ yyparse();
+ /* NOTREACHED */
+}
+
+static RETSIGTYPE
+lostconn(int signo)
+{
+
+ if (debug)
+ syslog(LOG_DEBUG, "lost connection");
+ dologout(-1);
+}
+
+/*
+ * Helper function for sgetpwnam().
+ */
+static char *
+sgetsave(char *s)
+{
+ char *new = strdup(s);
+
+ if (new == NULL) {
+ perror_reply(421, "Local resource failure: malloc");
+ dologout(1);
+ /* NOTREACHED */
+ }
+ return new;
+}
+
+/*
+ * Save the result of a getpwnam. Used for USER command, since
+ * the data returned must not be clobbered by any other command
+ * (e.g., globbing).
+ */
+static struct passwd *
+sgetpwnam(char *name)
+{
+ static struct passwd save;
+ struct passwd *p;
+
+ if ((p = k_getpwnam(name)) == NULL)
+ return (p);
+ if (save.pw_name) {
+ free(save.pw_name);
+ free(save.pw_passwd);
+ free(save.pw_gecos);
+ free(save.pw_dir);
+ free(save.pw_shell);
+ }
+ save = *p;
+ save.pw_name = sgetsave(p->pw_name);
+ save.pw_passwd = sgetsave(p->pw_passwd);
+ save.pw_gecos = sgetsave(p->pw_gecos);
+ save.pw_dir = sgetsave(p->pw_dir);
+ save.pw_shell = sgetsave(p->pw_shell);
+ return (&save);
+}
+
+static int login_attempts; /* number of failed login attempts */
+static int askpasswd; /* had user command, ask for passwd */
+static char curname[10]; /* current USER name */
+OtpContext otp_ctx;
+
+/*
+ * USER command.
+ * Sets global passwd pointer pw if named account exists and is acceptable;
+ * sets askpasswd if a PASS command is expected. If logged in previously,
+ * need to reset state. If name is "ftp" or "anonymous", the name is not in
+ * _PATH_FTPUSERS, and ftp account exists, set guest and pw, then just return.
+ * If account doesn't exist, ask for passwd anyway. Otherwise, check user
+ * requesting login privileges. Disallow anyone who does not have a standard
+ * shell as returned by getusershell(). Disallow anyone mentioned in the file
+ * _PATH_FTPUSERS to allow people such as root and uucp to be avoided.
+ */
+void
+user(char *name)
+{
+ char *cp, *shell;
+
+ if(auth_level == 0 && !auth_complete){
+ reply(530, "No login allowed without authorization.");
+ return;
+ }
+
+ if (logged_in) {
+ if (guest) {
+ reply(530, "Can't change user from guest login.");
+ return;
+ } else if (dochroot) {
+ reply(530, "Can't change user from chroot user.");
+ return;
+ }
+ end_login();
+ }
+
+ guest = 0;
+ if (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0) {
+ if ((auth_level & AUTH_FTP) == 0 ||
+ checkaccess("ftp") ||
+ checkaccess("anonymous"))
+ reply(530, "User %s access denied.", name);
+ else if ((pw = sgetpwnam("ftp")) != NULL) {
+ guest = 1;
+ defumask = guest_umask; /* paranoia for incoming */
+ askpasswd = 1;
+ reply(331, "Guest login ok, type your name as password.");
+ } else
+ reply(530, "User %s unknown.", name);
+ if (!askpasswd && logging)
+ syslog(LOG_NOTICE,
+ "ANONYMOUS FTP LOGIN REFUSED FROM %s(%s)",
+ remotehost, inet_ntoa(his_addr.sin_addr));
+ return;
+ }
+ if((auth_level & AUTH_PLAIN) == 0 && !auth_complete){
+ reply(530, "Only authorized and anonymous login allowed.");
+ return;
+ }
+ if ((pw = sgetpwnam(name))) {
+ if ((shell = pw->pw_shell) == NULL || *shell == 0)
+ shell = _PATH_BSHELL;
+ while ((cp = getusershell()) != NULL)
+ if (strcmp(cp, shell) == 0)
+ break;
+ endusershell();
+
+ if (cp == NULL || checkaccess(name)) {
+ reply(530, "User %s access denied.", name);
+ if (logging)
+ syslog(LOG_NOTICE,
+ "FTP LOGIN REFUSED FROM %s(%s), %s",
+ remotehost,
+ inet_ntoa(his_addr.sin_addr),
+ name);
+ pw = (struct passwd *) NULL;
+ return;
+ }
+ }
+ if (logging)
+ strncpy(curname, name, sizeof(curname)-1);
+ if(auth_ok())
+ ct->userok(name);
+ else {
+ char ss[256];
+
+ if (otp_challenge(&otp_ctx, name, ss, sizeof(ss)) == 0) {
+ reply(331, "Password %s for %s required.",
+ ss, name);
+ askpasswd = 1;
+ } else if ((auth_level & AUTH_OTP) == 0) {
+ reply(331, "Password required for %s.", name);
+ askpasswd = 1;
+ } else {
+ char *s;
+
+ if (s = otp_error (&otp_ctx))
+ lreply(530, "OTP: %s", s);
+ reply(530,
+ "Only authorized, anonymous and OTP "
+ "login allowed.");
+ }
+
+ }
+ /*
+ * Delay before reading passwd after first failed
+ * attempt to slow down passwd-guessing programs.
+ */
+ if (login_attempts)
+ sleep(login_attempts);
+}
+
+/*
+ * Check if a user is in the file "fname"
+ */
+static int
+checkuser(char *fname, char *name)
+{
+ FILE *fd;
+ int found = 0;
+ char *p, line[BUFSIZ];
+
+ if ((fd = fopen(fname, "r")) != NULL) {
+ while (fgets(line, sizeof(line), fd) != NULL)
+ if ((p = strchr(line, '\n')) != NULL) {
+ *p = '\0';
+ if (line[0] == '#')
+ continue;
+ if (strcmp(line, name) == 0) {
+ found = 1;
+ break;
+ }
+ }
+ fclose(fd);
+ }
+ return (found);
+}
+
+
+/*
+ * Determine whether a user has access, based on information in
+ * _PATH_FTPUSERS. The users are listed one per line, with `allow'
+ * or `deny' after the username. If anything other than `allow', or
+ * just nothing, is given after the username, `deny' is assumed.
+ *
+ * If the user is not found in the file, but the pseudo-user `*' is,
+ * the permission is taken from that line.
+ *
+ * This preserves the old semantics where if a user was listed in the
+ * file he was denied, otherwise he was allowed.
+ *
+ * Return 1 if the user is denied, or 0 if he is allowed. */
+
+static int
+match(const char *pattern, const char *string)
+{
+#ifdef HAVE_FNMATCH
+ return fnmatch(pattern, string, FNM_NOESCAPE);
+#else
+ return strcmp(pattern, "*") != 0 && strcmp(pattern, string) != 0;
+#endif
+}
+
+static int
+checkaccess(char *name)
+{
+#define ALLOWED 0
+#define NOT_ALLOWED 1
+ FILE *fd;
+ int allowed = ALLOWED;
+ char *user, *perm, line[BUFSIZ];
+ char *foo;
+
+ fd = fopen(_PATH_FTPUSERS, "r");
+
+ if(fd == NULL)
+ return allowed;
+
+ while (fgets(line, sizeof(line), fd) != NULL) {
+ foo = NULL;
+ user = strtok_r(line, " \t\n", &foo);
+ if (user == NULL || user[0] == '#')
+ continue;
+ perm = strtok_r(NULL, " \t\n", &foo);
+ if (match(user, name) == 0){
+ if(perm && strcmp(perm, "allow") == 0)
+ allowed = ALLOWED;
+ else
+ allowed = NOT_ALLOWED;
+ break;
+ }
+ }
+ fclose(fd);
+ return allowed;
+}
+#undef ALLOWED
+#undef NOT_ALLOWED
+
+int do_login(int code, char *passwd)
+{
+ FILE *fd;
+ login_attempts = 0; /* this time successful */
+ if (setegid((gid_t)pw->pw_gid) < 0) {
+ reply(550, "Can't set gid.");
+ return -1;
+ }
+ initgroups(pw->pw_name, pw->pw_gid);
+
+ /* open wtmp before chroot */
+ logwtmp(ttyline, pw->pw_name, remotehost);
+ logged_in = 1;
+
+ dochroot = checkuser(_PATH_FTPCHROOT, pw->pw_name);
+ if (guest) {
+ /*
+ * We MUST do a chdir() after the chroot. Otherwise
+ * the old current directory will be accessible as "."
+ * outside the new root!
+ */
+ if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) {
+ reply(550, "Can't set guest privileges.");
+ return -1;
+ }
+ } else if (dochroot) {
+ if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) {
+ reply(550, "Can't change root.");
+ return -1;
+ }
+ } else if (chdir(pw->pw_dir) < 0) {
+ if (chdir("/") < 0) {
+ reply(530, "User %s: can't change directory to %s.",
+ pw->pw_name, pw->pw_dir);
+ return -1;
+ } else
+ lreply(code, "No directory! Logging in with home=/");
+ }
+ if (seteuid((uid_t)pw->pw_uid) < 0) {
+ reply(550, "Can't set uid.");
+ return -1;
+ }
+ /*
+ * Display a login message, if it exists.
+ * N.B. reply(code,) must follow the message.
+ */
+ if ((fd = fopen(_PATH_FTPLOGINMESG, "r")) != NULL) {
+ char *cp, line[LINE_MAX];
+
+ while (fgets(line, sizeof(line), fd) != NULL) {
+ if ((cp = strchr(line, '\n')) != NULL)
+ *cp = '\0';
+ lreply(code, "%s", line);
+ }
+ }
+ if (guest) {
+ reply(code, "Guest login ok, access restrictions apply.");
+#ifdef HAVE_SETPROCTITLE
+ snprintf (proctitle, sizeof(proctitle),
+ "%s: anonymous/%s",
+ remotehost,
+ passwd);
+#endif /* HAVE_SETPROCTITLE */
+ if (logging)
+ syslog(LOG_INFO, "ANONYMOUS FTP LOGIN FROM %s(%s), %s",
+ remotehost,
+ inet_ntoa(his_addr.sin_addr),
+ passwd);
+ } else {
+ reply(code, "User %s logged in.", pw->pw_name);
+#ifdef HAVE_SETPROCTITLE
+ snprintf(proctitle, sizeof(proctitle), "%s: %s", remotehost, pw->pw_name);
+ setproctitle(proctitle);
+#endif /* HAVE_SETPROCTITLE */
+ if (logging)
+ syslog(LOG_INFO, "FTP LOGIN FROM %s(%s) as %s",
+ remotehost,
+ inet_ntoa(his_addr.sin_addr),
+ pw->pw_name);
+ }
+ umask(defumask);
+ return 0;
+}
+
+/*
+ * Terminate login as previous user, if any, resetting state;
+ * used when USER command is given or login fails.
+ */
+static void
+end_login(void)
+{
+
+ seteuid((uid_t)0);
+ if (logged_in)
+ logwtmp(ttyline, "", "");
+ pw = NULL;
+ logged_in = 0;
+ guest = 0;
+ dochroot = 0;
+}
+
+void
+pass(char *passwd)
+{
+ int rval;
+
+ /* some clients insists on sending a password */
+ if (logged_in && askpasswd == 0){
+ reply(230, "Dumpucko!");
+ return;
+ }
+
+ if (logged_in || askpasswd == 0) {
+ reply(503, "Login with USER first.");
+ return;
+ }
+ askpasswd = 0;
+ rval = 1;
+ if (!guest) { /* "ftp" is only account allowed no password */
+ if (pw == NULL)
+ rval = 1; /* failure below */
+ else if (otp_verify_user (&otp_ctx, passwd) == 0) {
+ rval = 0;
+ } else if((auth_level & AUTH_OTP) == 0) {
+ char realm[REALM_SZ];
+ if((rval = krb_get_lrealm(realm, 1)) == KSUCCESS)
+ rval = krb_verify_user(pw->pw_name, "", realm,
+ passwd, 1, NULL);
+ if (rval == KSUCCESS ){
+ if(k_hasafs())
+ k_afsklog(0, 0);
+ }else
+ rval = unix_verify_user(pw->pw_name, passwd);
+ } else {
+ char *s;
+
+ if (s = otp_error(&otp_ctx))
+ lreply(530, "OTP: %s", s);
+ }
+ memset (passwd, 0, strlen(passwd));
+
+ /*
+ * If rval == 1, the user failed the authentication
+ * check above. If rval == 0, either Kerberos or
+ * local authentication succeeded.
+ */
+ if (rval) {
+ reply(530, "Login incorrect.");
+ if (logging)
+ syslog(LOG_NOTICE,
+ "FTP LOGIN FAILED FROM %s(%s), %s",
+ remotehost,
+ inet_ntoa(his_addr.sin_addr),
+ curname);
+ pw = NULL;
+ if (login_attempts++ >= 5) {
+ syslog(LOG_NOTICE,
+ "repeated login failures from %s(%s)",
+ remotehost,
+ inet_ntoa(his_addr.sin_addr));
+ exit(0);
+ }
+ return;
+ }
+ }
+ if(!do_login(230, passwd))
+ return;
+
+ /* Forget all about it... */
+ end_login();
+}
+
+void
+retrieve(char *cmd, char *name)
+{
+ FILE *fin = NULL, *dout;
+ struct stat st;
+ int (*closefunc) (FILE *);
+ char line[BUFSIZ];
+
+
+ if (cmd == 0) {
+ fin = fopen(name, "r");
+ closefunc = fclose;
+ st.st_size = 0;
+ if(fin == NULL){
+ struct cmds {
+ char *ext;
+ char *cmd;
+ } cmds[] = {
+ {".tar", "/bin/gtar cPf - %s"},
+ {".tar.gz", "/bin/gtar zcPf - %s"},
+ {".tar.Z", "/bin/gtar ZcPf - %s"},
+ {".gz", "/bin/gzip -c %s"},
+ {".Z", "/bin/compress -c %s"},
+ {NULL, NULL}
+ };
+ struct cmds *p;
+ for(p = cmds; p->ext; p++){
+ char *tail = name + strlen(name) - strlen(p->ext);
+ char c = *tail;
+
+ if(strcmp(tail, p->ext) == 0 &&
+ (*tail = 0) == 0 &&
+ access(name, R_OK) == 0){
+ snprintf (line, sizeof(line), p->cmd, name);
+ *tail = c;
+ break;
+ }
+ *tail = c;
+ }
+ if(p->ext){
+ fin = ftpd_popen(line, "r", 0, 0);
+ closefunc = ftpd_pclose;
+ st.st_size = -1;
+ cmd = line;
+ }
+ }
+ } else {
+ snprintf(line, sizeof(line), cmd, name);
+ name = line;
+ fin = ftpd_popen(line, "r", 1, 0);
+ closefunc = ftpd_pclose;
+ st.st_size = -1;
+ }
+ if (fin == NULL) {
+ if (errno != 0) {
+ perror_reply(550, name);
+ if (cmd == 0) {
+ LOGCMD("get", name);
+ }
+ }
+ return;
+ }
+ byte_count = -1;
+ if (cmd == 0){
+ if(fstat(fileno(fin), &st) < 0 || !S_ISREG(st.st_mode)) {
+ reply(550, "%s: not a plain file.", name);
+ goto done;
+ }
+ }
+ if (restart_point) {
+ if (type == TYPE_A) {
+ off_t i, n;
+ int c;
+
+ n = restart_point;
+ i = 0;
+ while (i++ < n) {
+ if ((c=getc(fin)) == EOF) {
+ perror_reply(550, name);
+ goto done;
+ }
+ if (c == '\n')
+ i++;
+ }
+ } else if (lseek(fileno(fin), restart_point, SEEK_SET) < 0) {
+ perror_reply(550, name);
+ goto done;
+ }
+ }
+ dout = dataconn(name, st.st_size, "w");
+ if (dout == NULL)
+ goto done;
+ set_buffer_size(fileno(dout), 0);
+ send_data(fin, dout);
+ fclose(dout);
+ data = -1;
+ pdata = -1;
+done:
+ if (cmd == 0)
+ LOGBYTES("get", name, byte_count);
+ (*closefunc)(fin);
+}
+
+/* filename sanity check */
+
+int
+filename_check(char *filename)
+{
+ static const char good_chars[] = "+-=_,.";
+ char *p;
+
+ p = strrchr(filename, '/');
+ if(p)
+ filename = p + 1;
+
+ p = filename;
+
+ if(isalnum(*p)){
+ p++;
+ while(*p && (isalnum(*p) || strchr(good_chars, *p)))
+ p++;
+ if(*p == '\0')
+ return 0;
+ }
+ lreply(553, "\"%s\" is an illegal filename.", filename);
+ lreply(553, "The filename must start with an alphanumeric "
+ "character and must only");
+ reply(553, "consist of alphanumeric characters or any of the following: %s",
+ good_chars);
+ return 1;
+}
+
+void
+do_store(char *name, char *mode, int unique)
+{
+ FILE *fout, *din;
+ struct stat st;
+ int (*closefunc) (FILE *);
+
+ if(guest && filename_check(name))
+ return;
+ if (unique && stat(name, &st) == 0 &&
+ (name = gunique(name)) == NULL) {
+ LOGCMD(*mode == 'w' ? "put" : "append", name);
+ return;
+ }
+
+ if (restart_point)
+ mode = "r+";
+ fout = fopen(name, mode);
+ closefunc = fclose;
+ if (fout == NULL) {
+ perror_reply(553, name);
+ LOGCMD(*mode == 'w' ? "put" : "append", name);
+ return;
+ }
+ byte_count = -1;
+ if (restart_point) {
+ if (type == TYPE_A) {
+ off_t i, n;
+ int c;
+
+ n = restart_point;
+ i = 0;
+ while (i++ < n) {
+ if ((c=getc(fout)) == EOF) {
+ perror_reply(550, name);
+ goto done;
+ }
+ if (c == '\n')
+ i++;
+ }
+ /*
+ * We must do this seek to "current" position
+ * because we are changing from reading to
+ * writing.
+ */
+ if (fseek(fout, 0L, SEEK_CUR) < 0) {
+ perror_reply(550, name);
+ goto done;
+ }
+ } else if (lseek(fileno(fout), restart_point, SEEK_SET) < 0) {
+ perror_reply(550, name);
+ goto done;
+ }
+ }
+ din = dataconn(name, (off_t)-1, "r");
+ if (din == NULL)
+ goto done;
+ set_buffer_size(fileno(din), 1);
+ if (receive_data(din, fout) == 0) {
+ if (unique)
+ reply(226, "Transfer complete (unique file name:%s).",
+ name);
+ else
+ reply(226, "Transfer complete.");
+ }
+ fclose(din);
+ data = -1;
+ pdata = -1;
+done:
+ LOGBYTES(*mode == 'w' ? "put" : "append", name, byte_count);
+ (*closefunc)(fout);
+}
+
+static FILE *
+getdatasock(char *mode)
+{
+ int on = 1, s, t, tries;
+
+ if (data >= 0)
+ return (fdopen(data, mode));
+ seteuid((uid_t)0);
+ s = socket(AF_INET, SOCK_STREAM, 0);
+ if (s < 0)
+ goto bad;
+#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT)
+ if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
+ (void *) &on, sizeof(on)) < 0)
+ goto bad;
+#endif
+ /* anchor socket to avoid multi-homing problems */
+ data_source.sin_family = AF_INET;
+ data_source.sin_addr = ctrl_addr.sin_addr;
+ for (tries = 1; ; tries++) {
+ if (bind(s, (struct sockaddr *)&data_source,
+ sizeof(data_source)) >= 0)
+ break;
+ if (errno != EADDRINUSE || tries > 10)
+ goto bad;
+ sleep(tries);
+ }
+ seteuid((uid_t)pw->pw_uid);
+#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
+ on = IPTOS_THROUGHPUT;
+ if (setsockopt(s, IPPROTO_IP, IP_TOS, (void *)&on, sizeof(int)) < 0)
+ syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
+#endif
+ return (fdopen(s, mode));
+bad:
+ /* Return the real value of errno (close may change it) */
+ t = errno;
+ seteuid((uid_t)pw->pw_uid);
+ close(s);
+ errno = t;
+ return (NULL);
+}
+
+static FILE *
+dataconn(char *name, off_t size, char *mode)
+{
+ char sizebuf[32];
+ FILE *file;
+ int retry = 0, tos;
+
+ file_size = size;
+ byte_count = 0;
+ if (size != (off_t) -1)
+ snprintf(sizebuf, sizeof(sizebuf), " (%ld bytes)", size);
+ else
+ strcpy(sizebuf, "");
+ if (pdata >= 0) {
+ struct sockaddr_in from;
+ int s, fromlen = sizeof(from);
+
+ s = accept(pdata, (struct sockaddr *)&from, &fromlen);
+ if (s < 0) {
+ reply(425, "Can't open data connection.");
+ close(pdata);
+ pdata = -1;
+ return (NULL);
+ }
+ close(pdata);
+ pdata = s;
+#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
+ tos = IPTOS_THROUGHPUT;
+ setsockopt(s, IPPROTO_IP, IP_TOS, (void *)&tos,
+ sizeof(int));
+#endif
+ reply(150, "Opening %s mode data connection for '%s'%s.",
+ type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf);
+ return (fdopen(pdata, mode));
+ }
+ if (data >= 0) {
+ reply(125, "Using existing data connection for '%s'%s.",
+ name, sizebuf);
+ usedefault = 1;
+ return (fdopen(data, mode));
+ }
+ if (usedefault)
+ data_dest = his_addr;
+ usedefault = 1;
+ file = getdatasock(mode);
+ if (file == NULL) {
+ reply(425, "Can't create data socket (%s,%d): %s.",
+ inet_ntoa(data_source.sin_addr),
+ ntohs(data_source.sin_port), strerror(errno));
+ return (NULL);
+ }
+ data = fileno(file);
+ while (connect(data, (struct sockaddr *)&data_dest,
+ sizeof(data_dest)) < 0) {
+ if (errno == EADDRINUSE && retry < swaitmax) {
+ sleep((unsigned) swaitint);
+ retry += swaitint;
+ continue;
+ }
+ perror_reply(425, "Can't build data connection");
+ fclose(file);
+ data = -1;
+ return (NULL);
+ }
+ reply(150, "Opening %s mode data connection for '%s'%s.",
+ type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf);
+ return (file);
+}
+
+/*
+ * Tranfer the contents of "instr" to "outstr" peer using the appropriate
+ * encapsulation of the data subject * to Mode, Structure, and Type.
+ *
+ * NB: Form isn't handled.
+ */
+static void
+send_data(FILE *instr, FILE *outstr)
+{
+ int c, cnt, filefd, netfd;
+ static char *buf;
+ static size_t bufsize;
+ int i = 0;
+ char s[1024];
+
+ transflag++;
+ if (setjmp(urgcatch)) {
+ transflag = 0;
+ return;
+ }
+ switch (type) {
+
+ case TYPE_A:
+ while ((c = getc(instr)) != EOF) {
+ byte_count++;
+ if(i > 1022){
+ auth_write(fileno(outstr), s, i);
+ i = 0;
+ }
+ if(c == '\n')
+ s[i++] = '\r';
+ s[i++] = c;
+ }
+ if(i)
+ auth_write(fileno(outstr), s, i);
+ auth_write(fileno(outstr), s, 0);
+ fflush(outstr);
+ transflag = 0;
+ if (ferror(instr))
+ goto file_err;
+ if (ferror(outstr))
+ goto data_err;
+ reply(226, "Transfer complete.");
+ return;
+
+ case TYPE_I:
+ case TYPE_L:
+#ifdef HAVE_MMAP
+#ifndef MAP_FAILED
+#define MAP_FAILED (-1)
+#endif
+ {
+ struct stat st;
+ char *chunk;
+ int in = fileno(instr);
+ if(fstat(in, &st) == 0 && S_ISREG(st.st_mode)) {
+ chunk = mmap(0, st.st_size, PROT_READ, MAP_SHARED, in, 0);
+ if(chunk != (void *)MAP_FAILED) {
+ cnt = st.st_size - restart_point;
+ auth_write(fileno(outstr),
+ chunk + restart_point,
+ cnt);
+ munmap(chunk, st.st_size);
+ auth_write(fileno(outstr), NULL, 0);
+ byte_count = cnt;
+ transflag = 0;
+ }
+ }
+ }
+
+#endif
+ if(transflag){
+ struct stat st;
+
+ netfd = fileno(outstr);
+ filefd = fileno(instr);
+ buf = alloc_buffer (buf, &bufsize,
+ fstat(filefd, &st) >= 0 ? &st : NULL);
+ if (buf == NULL) {
+ transflag = 0;
+ perror_reply(451, "Local resource failure: malloc");
+ return;
+ }
+ while ((cnt = read(filefd, buf, bufsize)) > 0 &&
+ auth_write(netfd, buf, cnt) == cnt)
+ byte_count += cnt;
+ auth_write(netfd, buf, 0); /* to end an encrypted stream */
+ transflag = 0;
+ if (cnt != 0) {
+ if (cnt < 0)
+ goto file_err;
+ goto data_err;
+ }
+ }
+ reply(226, "Transfer complete.");
+ return;
+ default:
+ transflag = 0;
+ reply(550, "Unimplemented TYPE %d in send_data", type);
+ return;
+ }
+
+data_err:
+ transflag = 0;
+ perror_reply(426, "Data connection");
+ return;
+
+file_err:
+ transflag = 0;
+ perror_reply(551, "Error on input file");
+}
+
+/*
+ * Transfer data from peer to "outstr" using the appropriate encapulation of
+ * the data subject to Mode, Structure, and Type.
+ *
+ * N.B.: Form isn't handled.
+ */
+static int
+receive_data(FILE *instr, FILE *outstr)
+{
+ int cnt, bare_lfs = 0;
+ static char *buf;
+ static size_t bufsize;
+ struct stat st;
+
+ transflag++;
+ if (setjmp(urgcatch)) {
+ transflag = 0;
+ return (-1);
+ }
+
+ buf = alloc_buffer (buf, &bufsize,
+ fstat(fileno(outstr), &st) >= 0 ? &st : NULL);
+ if (buf == NULL) {
+ transflag = 0;
+ perror_reply(451, "Local resource failure: malloc");
+ return -1;
+ }
+
+ switch (type) {
+
+ case TYPE_I:
+ case TYPE_L:
+ while ((cnt = auth_read(fileno(instr), buf, bufsize)) > 0) {
+ if (write(fileno(outstr), buf, cnt) != cnt)
+ goto file_err;
+ byte_count += cnt;
+ }
+ if (cnt < 0)
+ goto data_err;
+ transflag = 0;
+ return (0);
+
+ case TYPE_E:
+ reply(553, "TYPE E not implemented.");
+ transflag = 0;
+ return (-1);
+
+ case TYPE_A:
+ {
+ char *p, *q;
+ int cr_flag = 0;
+ while ((cnt = auth_read(fileno(instr),
+ buf + cr_flag,
+ bufsize - cr_flag)) > 0){
+ byte_count += cnt;
+ cnt += cr_flag;
+ cr_flag = 0;
+ for(p = buf, q = buf; p < buf + cnt;) {
+ if(*p == '\n')
+ bare_lfs++;
+ if(*p == '\r')
+ if(p == buf + cnt - 1){
+ cr_flag = 1;
+ p++;
+ continue;
+ }else if(p[1] == '\n'){
+ *q++ = '\n';
+ p += 2;
+ continue;
+ }
+ *q++ = *p++;
+ }
+ fwrite(buf, q - buf, 1, outstr);
+ if(cr_flag)
+ buf[0] = '\r';
+ }
+ if(cr_flag)
+ putc('\r', outstr);
+ fflush(outstr);
+ if (ferror(instr))
+ goto data_err;
+ if (ferror(outstr))
+ goto file_err;
+ transflag = 0;
+ if (bare_lfs) {
+ lreply(226, "WARNING! %d bare linefeeds received in ASCII mode\r\n"
+ " File may not have transferred correctly.\r\n",
+ bare_lfs);
+ }
+ return (0);
+ }
+ default:
+ reply(550, "Unimplemented TYPE %d in receive_data", type);
+ transflag = 0;
+ return (-1);
+ }
+
+data_err:
+ transflag = 0;
+ perror_reply(426, "Data Connection");
+ return (-1);
+
+file_err:
+ transflag = 0;
+ perror_reply(452, "Error writing file");
+ return (-1);
+}
+
+void
+statfilecmd(char *filename)
+{
+ FILE *fin;
+ int c;
+ char line[LINE_MAX];
+
+ snprintf(line, sizeof(line), "/bin/ls -la %s", filename);
+ fin = ftpd_popen(line, "r", 1, 0);
+ lreply(211, "status of %s:", filename);
+ while ((c = getc(fin)) != EOF) {
+ if (c == '\n') {
+ if (ferror(stdout)){
+ perror_reply(421, "control connection");
+ ftpd_pclose(fin);
+ dologout(1);
+ /* NOTREACHED */
+ }
+ if (ferror(fin)) {
+ perror_reply(551, filename);
+ ftpd_pclose(fin);
+ return;
+ }
+ putc('\r', stdout);
+ }
+ putc(c, stdout);
+ }
+ ftpd_pclose(fin);
+ reply(211, "End of Status");
+}
+
+void
+statcmd(void)
+{
+#if 0
+ struct sockaddr_in *sin;
+ u_char *a, *p;
+
+ lreply(211, "%s FTP server status:", hostname, version);
+ printf(" %s\r\n", version);
+ printf(" Connected to %s", remotehost);
+ if (!isdigit(remotehost[0]))
+ printf(" (%s)", inet_ntoa(his_addr.sin_addr));
+ printf("\r\n");
+ if (logged_in) {
+ if (guest)
+ printf(" Logged in anonymously\r\n");
+ else
+ printf(" Logged in as %s\r\n", pw->pw_name);
+ } else if (askpasswd)
+ printf(" Waiting for password\r\n");
+ else
+ printf(" Waiting for user name\r\n");
+ printf(" TYPE: %s", typenames[type]);
+ if (type == TYPE_A || type == TYPE_E)
+ printf(", FORM: %s", formnames[form]);
+ if (type == TYPE_L)
+#if NBBY == 8
+ printf(" %d", NBBY);
+#else
+ printf(" %d", bytesize); /* need definition! */
+#endif
+ printf("; STRUcture: %s; transfer MODE: %s\r\n",
+ strunames[stru], modenames[mode]);
+ if (data != -1)
+ printf(" Data connection open\r\n");
+ else if (pdata != -1) {
+ printf(" in Passive mode");
+ sin = &pasv_addr;
+ goto printaddr;
+ } else if (usedefault == 0) {
+ printf(" PORT");
+ sin = &data_dest;
+printaddr:
+ a = (u_char *) &sin->sin_addr;
+ p = (u_char *) &sin->sin_port;
+#define UC(b) (((int) b) & 0xff)
+ printf(" (%d,%d,%d,%d,%d,%d)\r\n", UC(a[0]),
+ UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]), UC(p[1]));
+#undef UC
+ } else
+ printf(" No data connection\r\n");
+#endif
+ reply(211, "End of status");
+}
+
+void
+fatal(char *s)
+{
+
+ reply(451, "Error in server: %s\n", s);
+ reply(221, "Closing connection due to server error.");
+ dologout(0);
+ /* NOTREACHED */
+}
+
+static void
+int_reply(int, char *, const char *, va_list)
+#ifdef __GNUC__
+__attribute__ ((format (printf, 3, 0)))
+#endif
+;
+
+static void
+int_reply(int n, char *c, const char *fmt, va_list ap)
+{
+ char buf[10240];
+ char *p;
+ p=buf;
+ if(n){
+ snprintf(p, sizeof(buf), "%d%s", n, c);
+ p+=strlen(p);
+ }
+ vsnprintf(p, sizeof(buf) - strlen(p), fmt, ap);
+ p+=strlen(p);
+ snprintf(p, sizeof(buf) - strlen(p), "\r\n");
+ p+=strlen(p);
+ auth_printf("%s", buf);
+ fflush(stdout);
+ if (debug)
+ syslog(LOG_DEBUG, "<--- %s- ", buf);
+}
+
+void
+reply(int n, const char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ int_reply(n, " ", fmt, ap);
+ delete_ftp_command();
+ va_end(ap);
+}
+
+void
+lreply(int n, const char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ int_reply(n, "-", fmt, ap);
+ va_end(ap);
+}
+
+void
+nreply(const char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ int_reply(0, NULL, fmt, ap);
+ va_end(ap);
+}
+
+static void
+ack(char *s)
+{
+
+ reply(250, "%s command successful.", s);
+}
+
+void
+nack(char *s)
+{
+
+ reply(502, "%s command not implemented.", s);
+}
+
+/* ARGSUSED */
+void
+yyerror(char *s)
+{
+ char *cp;
+
+ if ((cp = strchr(cbuf,'\n')))
+ *cp = '\0';
+ reply(500, "'%s': command not understood.", cbuf);
+}
+
+void
+do_delete(char *name)
+{
+ struct stat st;
+
+ LOGCMD("delete", name);
+ if (stat(name, &st) < 0) {
+ perror_reply(550, name);
+ return;
+ }
+ if ((st.st_mode&S_IFMT) == S_IFDIR) {
+ if (rmdir(name) < 0) {
+ perror_reply(550, name);
+ return;
+ }
+ goto done;
+ }
+ if (unlink(name) < 0) {
+ perror_reply(550, name);
+ return;
+ }
+done:
+ ack("DELE");
+}
+
+void
+cwd(char *path)
+{
+
+ if (chdir(path) < 0)
+ perror_reply(550, path);
+ else
+ ack("CWD");
+}
+
+void
+makedir(char *name)
+{
+
+ LOGCMD("mkdir", name);
+ if(guest && filename_check(name))
+ return;
+ if (mkdir(name, 0777) < 0)
+ perror_reply(550, name);
+ else{
+ if(guest)
+ chmod(name, 0700); /* guest has umask 777 */
+ reply(257, "MKD command successful.");
+ }
+}
+
+void
+removedir(char *name)
+{
+
+ LOGCMD("rmdir", name);
+ if (rmdir(name) < 0)
+ perror_reply(550, name);
+ else
+ ack("RMD");
+}
+
+void
+pwd(void)
+{
+ char path[MaxPathLen + 1];
+ char *ret;
+
+ /* SunOS has a broken getcwd that does popen(pwd) (!!!), this
+ * failes miserably when running chroot
+ */
+ ret = getcwd(path, sizeof(path));
+ if (ret == NULL)
+ reply(550, "%s.", strerror(errno));
+ else
+ reply(257, "\"%s\" is current directory.", path);
+}
+
+char *
+renamefrom(char *name)
+{
+ struct stat st;
+
+ if (stat(name, &st) < 0) {
+ perror_reply(550, name);
+ return NULL;
+ }
+ reply(350, "File exists, ready for destination name");
+ return (name);
+}
+
+void
+renamecmd(char *from, char *to)
+{
+
+ LOGCMD2("rename", from, to);
+ if(guest && filename_check(to))
+ return;
+ if (rename(from, to) < 0)
+ perror_reply(550, "rename");
+ else
+ ack("RNTO");
+}
+
+static void
+dolog(struct sockaddr_in *sin)
+{
+ inaddr2str (sin->sin_addr, remotehost, sizeof(remotehost));
+#ifdef HAVE_SETPROCTITLE
+ snprintf(proctitle, sizeof(proctitle), "%s: connected", remotehost);
+ setproctitle(proctitle);
+#endif /* HAVE_SETPROCTITLE */
+
+ if (logging)
+ syslog(LOG_INFO, "connection from %s(%s)",
+ remotehost,
+ inet_ntoa(his_addr.sin_addr));
+}
+
+/*
+ * Record logout in wtmp file
+ * and exit with supplied status.
+ */
+void
+dologout(int status)
+{
+ transflag = 0;
+ if (logged_in) {
+ seteuid((uid_t)0);
+ logwtmp(ttyline, "", "");
+ dest_tkt();
+ if(k_hasafs())
+ k_unlog();
+ }
+ /* beware of flushing buffers after a SIGPIPE */
+#ifdef XXX
+ exit(status);
+#else
+ _exit(status);
+#endif
+}
+
+void abor(void)
+{
+}
+
+static void
+myoob(int signo)
+{
+#if 0
+ char *cp;
+#endif
+
+ /* only process if transfer occurring */
+ if (!transflag)
+ return;
+
+ /* This is all XXX */
+ oobflag = 1;
+ /* if the command resulted in a new command,
+ parse that as well */
+ do{
+ yyparse();
+ } while(ftp_command);
+ oobflag = 0;
+
+#if 0
+ cp = tmpline;
+ if (getline(cp, 7) == NULL) {
+ reply(221, "You could at least say goodbye.");
+ dologout(0);
+ }
+ upper(cp);
+ if (strcmp(cp, "ABOR\r\n") == 0) {
+ tmpline[0] = '\0';
+ reply(426, "Transfer aborted. Data connection closed.");
+ reply(226, "Abort successful");
+ longjmp(urgcatch, 1);
+ }
+ if (strcmp(cp, "STAT\r\n") == 0) {
+ if (file_size != (off_t) -1)
+ reply(213, "Status: %ld of %ld bytes transferred",
+ (long)byte_count,
+ (long)file_size);
+ else
+ reply(213, "Status: %ld bytes transferred"
+ (long)byte_count);
+ }
+#endif
+}
+
+/*
+ * Note: a response of 425 is not mentioned as a possible response to
+ * the PASV command in RFC959. However, it has been blessed as
+ * a legitimate response by Jon Postel in a telephone conversation
+ * with Rick Adams on 25 Jan 89.
+ */
+void
+passive(void)
+{
+ int len;
+ char *p, *a;
+
+ pdata = socket(AF_INET, SOCK_STREAM, 0);
+ if (pdata < 0) {
+ perror_reply(425, "Can't open passive connection");
+ return;
+ }
+ pasv_addr = ctrl_addr;
+ pasv_addr.sin_port = 0;
+ seteuid((uid_t)0);
+ if (bind(pdata, (struct sockaddr *)&pasv_addr, sizeof(pasv_addr)) < 0) {
+ seteuid((uid_t)pw->pw_uid);
+ goto pasv_error;
+ }
+ seteuid((uid_t)pw->pw_uid);
+ len = sizeof(pasv_addr);
+ if (getsockname(pdata, (struct sockaddr *) &pasv_addr, &len) < 0)
+ goto pasv_error;
+ if (listen(pdata, 1) < 0)
+ goto pasv_error;
+ a = (char *) &pasv_addr.sin_addr;
+ p = (char *) &pasv_addr.sin_port;
+
+#define UC(b) (((int) b) & 0xff)
+
+ reply(227, "Entering Passive Mode (%d,%d,%d,%d,%d,%d)", UC(a[0]),
+ UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]), UC(p[1]));
+ return;
+
+pasv_error:
+ close(pdata);
+ pdata = -1;
+ perror_reply(425, "Can't open passive connection");
+ return;
+}
+
+/*
+ * Generate unique name for file with basename "local".
+ * The file named "local" is already known to exist.
+ * Generates failure reply on error.
+ */
+static char *
+gunique(char *local)
+{
+ static char new[MaxPathLen];
+ struct stat st;
+ int count;
+ char *cp;
+
+ cp = strrchr(local, '/');
+ if (cp)
+ *cp = '\0';
+ if (stat(cp ? local : ".", &st) < 0) {
+ perror_reply(553, cp ? local : ".");
+ return NULL;
+ }
+ if (cp)
+ *cp = '/';
+ for (count = 1; count < 100; count++) {
+ snprintf (new, sizeof(new), "%s.%d", local, count);
+ if (stat(new, &st) < 0)
+ return (new);
+ }
+ reply(452, "Unique file name cannot be created.");
+ return (NULL);
+}
+
+/*
+ * Format and send reply containing system error number.
+ */
+void
+perror_reply(int code, char *string)
+{
+ reply(code, "%s: %s.", string, strerror(errno));
+}
+
+static char *onefile[] = {
+ "",
+ 0
+};
+
+void
+send_file_list(char *whichf)
+{
+ struct stat st;
+ DIR *dirp = NULL;
+ struct dirent *dir;
+ FILE *dout = NULL;
+ char **dirlist, *dirname;
+ int simple = 0;
+ int freeglob = 0;
+ glob_t gl;
+ char buf[MaxPathLen];
+
+ if (strpbrk(whichf, "~{[*?") != NULL) {
+ int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
+
+ memset(&gl, 0, sizeof(gl));
+ freeglob = 1;
+ if (glob(whichf, flags, 0, &gl)) {
+ reply(550, "not found");
+ goto out;
+ } else if (gl.gl_pathc == 0) {
+ errno = ENOENT;
+ perror_reply(550, whichf);
+ goto out;
+ }
+ dirlist = gl.gl_pathv;
+ } else {
+ onefile[0] = whichf;
+ dirlist = onefile;
+ simple = 1;
+ }
+
+ if (setjmp(urgcatch)) {
+ transflag = 0;
+ goto out;
+ }
+ while ((dirname = *dirlist++)) {
+ if (stat(dirname, &st) < 0) {
+ /*
+ * If user typed "ls -l", etc, and the client
+ * used NLST, do what the user meant.
+ */
+ if (dirname[0] == '-' && *dirlist == NULL &&
+ transflag == 0) {
+ retrieve("/bin/ls %s", dirname);
+ goto out;
+ }
+ perror_reply(550, whichf);
+ if (dout != NULL) {
+ fclose(dout);
+ transflag = 0;
+ data = -1;
+ pdata = -1;
+ }
+ goto out;
+ }
+
+ if (S_ISREG(st.st_mode)) {
+ if (dout == NULL) {
+ dout = dataconn("file list", (off_t)-1, "w");
+ if (dout == NULL)
+ goto out;
+ transflag++;
+ }
+ snprintf(buf, sizeof(buf), "%s%s\n", dirname,
+ type == TYPE_A ? "\r" : "");
+ auth_write(fileno(dout), buf, strlen(buf));
+ byte_count += strlen(dirname) + 1;
+ continue;
+ } else if (!S_ISDIR(st.st_mode))
+ continue;
+
+ if ((dirp = opendir(dirname)) == NULL)
+ continue;
+
+ while ((dir = readdir(dirp)) != NULL) {
+ char nbuf[MaxPathLen];
+
+ if (!strcmp(dir->d_name, "."))
+ continue;
+ if (!strcmp(dir->d_name, ".."))
+ continue;
+
+ snprintf(nbuf, sizeof(nbuf), "%s/%s", dirname, dir->d_name);
+
+ /*
+ * We have to do a stat to insure it's
+ * not a directory or special file.
+ */
+ if (simple || (stat(nbuf, &st) == 0 &&
+ S_ISREG(st.st_mode))) {
+ if (dout == NULL) {
+ dout = dataconn("file list", (off_t)-1, "w");
+ if (dout == NULL)
+ goto out;
+ transflag++;
+ }
+ if(strncmp(nbuf, "./", 2) == 0)
+ snprintf(buf, sizeof(buf), "%s%s\n", nbuf +2,
+ type == TYPE_A ? "\r" : "");
+ else
+ snprintf(buf, sizeof(buf), "%s%s\n", nbuf,
+ type == TYPE_A ? "\r" : "");
+ auth_write(fileno(dout), buf, strlen(buf));
+ byte_count += strlen(nbuf) + 1;
+ }
+ }
+ closedir(dirp);
+ }
+ if (dout == NULL)
+ reply(550, "No files found.");
+ else if (ferror(dout) != 0)
+ perror_reply(550, "Data connection");
+ else
+ reply(226, "Transfer complete.");
+
+ transflag = 0;
+ if (dout != NULL){
+ auth_write(fileno(dout), buf, 0); /* XXX flush */
+
+ fclose(dout);
+ }
+ data = -1;
+ pdata = -1;
+out:
+ if (freeglob) {
+ freeglob = 0;
+ globfree(&gl);
+ }
+}
+
+
+int
+find(char *pattern)
+{
+ char line[1024];
+ FILE *f;
+
+ snprintf(line, sizeof(line),
+ "/bin/locate -d %s %s",
+ ftp_rooted("/etc/locatedb"),
+ pattern);
+ f = ftpd_popen(line, "r", 1, 1);
+ if(f == NULL){
+ perror_reply(550, "/bin/locate");
+ return 1;
+ }
+ lreply(200, "Output from find.");
+ while(fgets(line, sizeof(line), f)){
+ if(line[strlen(line)-1] == '\n')
+ line[strlen(line)-1] = 0;
+ nreply("%s", line);
+ }
+ reply(200, "Done");
+ ftpd_pclose(f);
+ return 0;
+}
+
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/kauth.c b/crypto/kerberosIV/appl/ftp/ftpd/kauth.c
new file mode 100644
index 0000000..02d23d6
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftpd/kauth.c
@@ -0,0 +1,325 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+RCSID("$Id: kauth.c,v 1.14 1997/05/07 02:21:30 assar Exp $");
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <time.h>
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+#include <roken.h>
+
+#include <des.h>
+#include <krb.h>
+#include <kafs.h>
+
+#include "extern.h"
+#include "krb4.h"
+#include "auth.h"
+#include "base64.h"
+
+static KTEXT_ST cip;
+static unsigned int lifetime;
+static time_t local_time;
+
+static krb_principal pr;
+
+static int
+save_tkt(char *user, char *instance, char *realm, void *arg,
+ int (*key_proc)(char*, char*, char*, void*, des_cblock*), KTEXT *cipp)
+{
+ local_time = time(0);
+ memmove(&cip, *cipp, sizeof(cip));
+ return -1;
+}
+
+static int
+store_ticket(KTEXT cip)
+{
+ char *ptr;
+ des_cblock session;
+ krb_principal sp;
+ unsigned char kvno;
+ KTEXT_ST tkt;
+ int left = cip->length;
+
+ int kerror;
+
+ time_t kdc_time;
+
+ ptr = (char *) cip->dat;
+
+ /* extract session key */
+ memmove(session, ptr, 8);
+ ptr += 8;
+ left -= 8;
+
+ if (strnlen(ptr, left) == left)
+ return(INTK_BADPW);
+
+ /* extract server's name */
+ strcpy(sp.name, ptr);
+ ptr += strlen(sp.name) + 1;
+ left -= strlen(sp.name) + 1;
+
+ if (strnlen(ptr, left) == left)
+ return(INTK_BADPW);
+
+ /* extract server's instance */
+ strcpy(sp.instance, ptr);
+ ptr += strlen(sp.instance) + 1;
+ left -= strlen(sp.instance) + 1;
+
+ if (strnlen(ptr, left) == left)
+ return(INTK_BADPW);
+
+ /* extract server's realm */
+ strcpy(sp.realm,ptr);
+ ptr += strlen(sp.realm) + 1;
+ left -= strlen(sp.realm) + 1;
+
+ if(left < 3)
+ return INTK_BADPW;
+ /* extract ticket lifetime, server key version, ticket length */
+ /* be sure to avoid sign extension on lifetime! */
+ lifetime = (unsigned char) ptr[0];
+ kvno = (unsigned char) ptr[1];
+ tkt.length = (unsigned char) ptr[2];
+ ptr += 3;
+ left -= 3;
+
+ if (tkt.length > left)
+ return(INTK_BADPW);
+
+ /* extract ticket itself */
+ memmove(tkt.dat, ptr, tkt.length);
+ ptr += tkt.length;
+ left -= tkt.length;
+
+ /* Here is where the time should be verified against the KDC.
+ * Unfortunately everything is sent in host byte order (receiver
+ * makes wrong) , and at this stage there is no way for us to know
+ * which byteorder the KDC has. So we simply ignore the time,
+ * there are no security risks with this, the only thing that can
+ * happen is that we might receive a replayed ticket, which could
+ * at most be useless.
+ */
+
+#if 0
+ /* check KDC time stamp */
+ memmove(&kdc_time, ptr, sizeof(kdc_time));
+ if (swap_bytes) swap_u_long(kdc_time);
+
+ ptr += 4;
+
+ if (abs((int)(local_time - kdc_time)) > CLOCK_SKEW) {
+ return(RD_AP_TIME); /* XXX should probably be better
+ code */
+ }
+#endif
+
+ /* initialize ticket cache */
+
+ if (tf_create(TKT_FILE) != KSUCCESS)
+ return(INTK_ERR);
+
+ if (tf_put_pname(pr.name) != KSUCCESS ||
+ tf_put_pinst(pr.instance) != KSUCCESS) {
+ tf_close();
+ return(INTK_ERR);
+ }
+
+
+ kerror = tf_save_cred(sp.name, sp.instance, sp.realm, session,
+ lifetime, kvno, &tkt, local_time);
+ tf_close();
+
+ return(kerror);
+}
+
+void kauth(char *principal, char *ticket)
+{
+ char *p;
+ int ret;
+
+ ret = krb_parse_name(principal, &pr);
+ if(ret){
+ reply(500, "Bad principal: %s.", krb_get_err_text(ret));
+ return;
+ }
+ if(pr.realm[0] == 0)
+ krb_get_lrealm(pr.realm, 1);
+
+ if(ticket){
+ cip.length = base64_decode(ticket, &cip.dat);
+ if(cip.length == -1){
+ reply(500, "Failed to decode data.");
+ return;
+ }
+ ret = store_ticket(&cip);
+ if(ret){
+ reply(500, "Kerberos error: %s.", krb_get_err_text(ret));
+ memset(&cip, 0, sizeof(cip));
+ return;
+ }
+ if(k_hasafs())
+ k_afsklog(0, 0);
+ reply(200, "Tickets will be destroyed on exit.");
+ return;
+ }
+
+ ret = krb_get_in_tkt (pr.name,
+ pr.instance,
+ pr.realm,
+ KRB_TICKET_GRANTING_TICKET,
+ pr.realm,
+ DEFAULT_TKT_LIFE,
+ NULL, save_tkt, NULL);
+ if(ret != INTK_BADPW){
+ reply(500, "Kerberos error: %s.", krb_get_err_text(ret));
+ return;
+ }
+ base64_encode(cip.dat, cip.length, &p);
+ reply(300, "P=%s T=%s", krb_unparse_name(&pr), p);
+ free(p);
+ memset(&cip, 0, sizeof(cip));
+}
+
+
+static char *
+short_date(int32_t dp)
+{
+ char *cp;
+ time_t t = (time_t)dp;
+
+ if (t == (time_t)(-1L)) return "*** Never *** ";
+ cp = ctime(&t) + 4;
+ cp[15] = '\0';
+ return (cp);
+}
+
+void klist(void)
+{
+ int err;
+
+ char *file = tkt_string();
+
+ krb_principal pr;
+
+ char buf1[128], buf2[128];
+ int header = 1;
+ CREDENTIALS c;
+
+
+
+ err = tf_init(file, R_TKT_FIL);
+ if(err != KSUCCESS){
+ reply(500, "%s", krb_get_err_text(err));
+ return;
+ }
+ tf_close();
+
+ /*
+ * We must find the realm of the ticket file here before calling
+ * tf_init because since the realm of the ticket file is not
+ * really stored in the principal section of the file, the
+ * routine we use must itself call tf_init and tf_close.
+ */
+ err = krb_get_tf_realm(file, pr.realm);
+ if(err != KSUCCESS){
+ reply(500, "%s", krb_get_err_text(err));
+ return;
+ }
+
+ err = tf_init(file, R_TKT_FIL);
+ if(err != KSUCCESS){
+ reply(500, "%s", krb_get_err_text(err));
+ return;
+ }
+
+ err = tf_get_pname(pr.name);
+ if(err != KSUCCESS){
+ reply(500, "%s", krb_get_err_text(err));
+ return;
+ }
+ err = tf_get_pinst(pr.instance);
+ if(err != KSUCCESS){
+ reply(500, "%s", krb_get_err_text(err));
+ return;
+ }
+
+ /*
+ * You may think that this is the obvious place to get the
+ * realm of the ticket file, but it can't be done here as the
+ * routine to do this must open the ticket file. This is why
+ * it was done before tf_init.
+ */
+
+ lreply(200, "Principal: %s", krb_unparse_name(&pr));
+ while ((err = tf_get_cred(&c)) == KSUCCESS) {
+ if (header) {
+ lreply(200, "%-15s %-15s %s",
+ " Issued", " Expires", " Principal (kvno)");
+ header = 0;
+ }
+ strcpy(buf1, short_date(c.issue_date));
+ c.issue_date = krb_life_to_time(c.issue_date, c.lifetime);
+ if (time(0) < (unsigned long) c.issue_date)
+ strcpy(buf2, short_date(c.issue_date));
+ else
+ strcpy(buf2, ">>> Expired <<< ");
+ lreply(200, "%s %s %s (%d)", buf1, buf2,
+ krb_unparse_name_long(c.service, c.instance, c.realm), c.kvno);
+ }
+ if (header && err == EOF) {
+ lreply(200, "No tickets in file.");
+ }
+ reply(200, "");
+}
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/krb4.c b/crypto/kerberosIV/appl/ftp/ftpd/krb4.c
new file mode 100644
index 0000000..2457c61
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftpd/krb4.c
@@ -0,0 +1,372 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: krb4.c,v 1.19 1997/05/11 09:00:07 assar Exp $");
+#endif
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#ifdef HAVE_NETINET_IN_h
+#include <netinet/in.h>
+#endif
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <krb.h>
+
+#include "base64.h"
+#include "extern.h"
+#include "auth.h"
+#include "krb4.h"
+
+#include <roken.h>
+
+static AUTH_DAT auth_dat;
+static des_key_schedule schedule;
+
+int krb4_auth(char *auth)
+{
+ auth_complete = 0;
+ reply(334, "Using authentication type %s; ADAT must follow", auth);
+ return 0;
+}
+
+int krb4_adat(char *auth)
+{
+ KTEXT_ST tkt;
+ char *p;
+ int kerror;
+ u_int32_t cs;
+ char msg[35]; /* size of encrypted block */
+ int len;
+
+ char inst[INST_SZ];
+
+ memset(&tkt, 0, sizeof(tkt));
+ len = base64_decode(auth, tkt.dat);
+
+ if(len < 0){
+ reply(501, "Failed to decode base64 data.");
+ return -1;
+ }
+ tkt.length = len;
+
+ k_getsockinst(0, inst, sizeof(inst));
+ kerror = krb_rd_req(&tkt, "ftp", inst, 0, &auth_dat, "");
+ if(kerror == RD_AP_UNDEC){
+ k_getsockinst(0, inst, sizeof(inst));
+ kerror = krb_rd_req(&tkt, "rcmd", inst, 0, &auth_dat, "");
+ }
+
+ if(kerror){
+ reply(535, "Error reading request: %s.", krb_get_err_text(kerror));
+ return -1;
+ }
+
+ des_set_key(&auth_dat.session, schedule);
+
+ cs = auth_dat.checksum + 1;
+ {
+ unsigned char tmp[4];
+ tmp[0] = (cs >> 24) & 0xff;
+ tmp[1] = (cs >> 16) & 0xff;
+ tmp[2] = (cs >> 8) & 0xff;
+ tmp[3] = cs & 0xff;
+ len = krb_mk_safe(tmp, msg, 4, &auth_dat.session,
+ &ctrl_addr, &his_addr);
+ }
+ if(len < 0){
+ reply(535, "Error creating reply: %s.", strerror(errno));
+ return -1;
+ }
+ base64_encode(msg, len, &p);
+ reply(235, "ADAT=%s", p);
+ auth_complete = 1;
+ free(p);
+ return 0;
+}
+
+int krb4_pbsz(int size)
+{
+ if(size > 1048576) /* XXX arbitrary number */
+ size = 1048576;
+ buffer_size = size;
+ reply(200, "OK PBSZ=%d", buffer_size);
+ return 0;
+}
+
+int krb4_prot(int level)
+{
+ if(level == prot_confidential)
+ return -1;
+ return 0;
+}
+
+int krb4_ccc(void)
+{
+ reply(534, "Don't event think about it.");
+ return -1;
+}
+
+int krb4_mic(char *msg)
+{
+ int len;
+ int kerror;
+ MSG_DAT m_data;
+ char *tmp, *cmd;
+
+ cmd = strdup(msg);
+
+ len = base64_decode(msg, cmd);
+ if(len < 0){
+ reply(501, "Failed to decode base 64 data.");
+ free(cmd);
+ return -1;
+ }
+ kerror = krb_rd_safe(cmd, len, &auth_dat.session,
+ &his_addr, &ctrl_addr, &m_data);
+
+ if(kerror){
+ reply(535, "Error reading request: %s.", krb_get_err_text(kerror));
+ free(cmd);
+ return -1;
+ }
+
+ tmp = malloc(strlen(msg) + 1);
+ snprintf(tmp, strlen(msg) + 1, "%.*s", (int)m_data.app_length, m_data.app_data);
+ if(!strstr(tmp, "\r\n"))
+ strcat(tmp, "\r\n");
+ new_ftp_command(tmp);
+ free(cmd);
+ return 0;
+}
+
+int krb4_conf(char *msg)
+{
+ prot_level = prot_safe;
+
+ reply(537, "Protection level not supported.");
+ return -1;
+}
+
+int krb4_enc(char *msg)
+{
+ int len;
+ int kerror;
+ MSG_DAT m_data;
+ char *tmp, *cmd;
+
+ cmd = strdup(msg);
+
+ len = base64_decode(msg, cmd);
+ if(len < 0){
+ reply(501, "Failed to decode base 64 data.");
+ free(cmd);
+ return -1;
+ }
+ kerror = krb_rd_priv(cmd, len, schedule, &auth_dat.session,
+ &his_addr, &ctrl_addr, &m_data);
+
+ if(kerror){
+ reply(535, "Error reading request: %s.", krb_get_err_text(kerror));
+ free(cmd);
+ return -1;
+ }
+
+ tmp = strdup(msg);
+ snprintf(tmp, strlen(msg) + 1, "%.*s", (int)m_data.app_length, m_data.app_data);
+ if(!strstr(tmp, "\r\n"))
+ strcat(tmp, "\r\n");
+ new_ftp_command(tmp);
+ free(cmd);
+ return 0;
+}
+
+int krb4_read(int fd, void *data, int length)
+{
+ static int left;
+ static char *extra;
+ static int eof;
+ int len, bytes, tx = 0;
+
+ MSG_DAT m_data;
+ int kerror;
+
+ if(eof){ /* if we haven't reported an end-of-file, do so */
+ eof = 0;
+ return 0;
+ }
+
+ if(left){
+ if(length > left)
+ bytes = left;
+ else
+ bytes = length;
+ memmove(data, extra, bytes);
+ left -= bytes;
+ if(left)
+ memmove(extra, extra + bytes, left);
+ else
+ free(extra);
+ length -= bytes;
+ tx += bytes;
+ }
+
+ while(length){
+ unsigned char tmp[4];
+ if(krb_net_read(fd, tmp, 4) < 4){
+ reply(400, "Unexpected end of file.\n");
+ return -1;
+ }
+ len = (tmp[0] << 24) | (tmp[1] << 16) | (tmp[2] << 8) | tmp[3];
+ krb_net_read(fd, data_buffer, len);
+ if(data_protection == prot_safe)
+ kerror = krb_rd_safe(data_buffer, len, &auth_dat.session,
+ &his_addr, &ctrl_addr, &m_data);
+ else
+ kerror = krb_rd_priv(data_buffer, len, schedule, &auth_dat.session,
+ &his_addr, &ctrl_addr, &m_data);
+
+ if(kerror){
+ reply(400, "Failed to read data: %s.", krb_get_err_text(kerror));
+ return -1;
+ }
+
+ bytes = m_data.app_length;
+ if(bytes == 0){
+ if(tx) eof = 1;
+ return tx;
+ }
+ if(bytes > length){
+ left = bytes - length;
+ bytes = length;
+ extra = malloc(left);
+ memmove(extra, m_data.app_data + bytes, left);
+ }
+ memmove((unsigned char*)data + tx, m_data.app_data, bytes);
+ tx += bytes;
+ length -= bytes;
+ }
+ return tx;
+}
+
+int krb4_write(int fd, void *data, int length)
+{
+ int len, bytes, tx = 0;
+
+ len = buffer_size;
+ if(data_protection == prot_safe)
+ len -= 31; /* always 31 bytes overhead */
+ else
+ len -= 26; /* at most 26 bytes */
+
+ do{
+ if(length < len)
+ len = length;
+ if(data_protection == prot_safe)
+ bytes = krb_mk_safe(data, data_buffer+4, len, &auth_dat.session,
+ &ctrl_addr, &his_addr);
+ else
+ bytes = krb_mk_priv(data, data_buffer+4, len, schedule,
+ &auth_dat.session,
+ &ctrl_addr, &his_addr);
+ if(bytes == -1){
+ reply(535, "Failed to make packet: %s.", strerror(errno));
+ return -1;
+ }
+ data_buffer[0] = (bytes >> 24) & 0xff;
+ data_buffer[1] = (bytes >> 16) & 0xff;
+ data_buffer[2] = (bytes >> 8) & 0xff;
+ data_buffer[3] = bytes & 0xff;
+ if(krb_net_write(fd, data_buffer, bytes+4) < 0)
+ return -1;
+ length -= len;
+ data = (unsigned char*)data + len;
+ tx += len;
+ }while(length);
+ return tx;
+}
+
+int krb4_userok(char *name)
+{
+ if(!kuserok(&auth_dat, name)){
+ do_login(232, name);
+ }else{
+ reply(530, "User %s access denied.", name);
+ }
+ return 0;
+}
+
+
+int
+krb4_vprintf(const char *fmt, va_list ap)
+{
+ char buf[10240];
+ char *p;
+ char *enc;
+ int code;
+ int len;
+
+ vsnprintf (buf, sizeof(buf), fmt, ap);
+ enc = malloc(strlen(buf) + 31);
+ if(prot_level == prot_safe){
+ len = krb_mk_safe((u_char*)buf, (u_char*)enc, strlen(buf), &auth_dat.session,
+ &ctrl_addr, &his_addr);
+ code = 631;
+ }else if(prot_level == prot_private){
+ len = krb_mk_priv((u_char*)buf, (u_char*)enc, strlen(buf), schedule,
+ &auth_dat.session, &ctrl_addr, &his_addr);
+ code = 632;
+ }else{
+ len = 0; /* XXX */
+ code = 631;
+ }
+ base64_encode(enc, len, &p);
+ fprintf(stdout, "%d %s\r\n", code, p);
+ free(enc);
+ free(p);
+ return 0;
+}
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/krb4.h b/crypto/kerberosIV/appl/ftp/ftpd/krb4.h
new file mode 100644
index 0000000..f777dbd
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftpd/krb4.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: krb4.h,v 1.6 1997/04/01 08:17:29 joda Exp $ */
+
+#ifndef __KRB4_H__
+#define __KRB4_H__
+
+#include <stdarg.h>
+
+int krb4_auth(char *auth);
+int krb4_adat(char *auth);
+int krb4_pbsz(int size);
+int krb4_prot(int level);
+int krb4_ccc(void);
+int krb4_mic(char *msg);
+int krb4_conf(char *msg);
+int krb4_enc(char *msg);
+
+int krb4_read(int fd, void *data, int length);
+int krb4_write(int fd, void *data, int length);
+
+int krb4_userok(char *name);
+int krb4_vprintf(const char *fmt, va_list ap);
+
+#endif /* __KRB4_H__ */
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/logwtmp.c b/crypto/kerberosIV/appl/ftp/ftpd/logwtmp.c
new file mode 100644
index 0000000..95ab216
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftpd/logwtmp.c
@@ -0,0 +1,136 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: logwtmp.c,v 1.10 1997/05/25 15:17:56 assar Exp $");
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_UTMP_H
+#include <utmp.h>
+#endif
+#ifdef HAVE_UTMPX_H
+#include <utmpx.h>
+#endif
+#include "extern.h"
+
+#ifndef WTMP_FILE
+#ifdef _PATH_WTMP
+#define WTMP_FILE _PATH_WTMP
+#else
+#define WTMP_FILE "/var/adm/wtmp"
+#endif
+#endif
+
+void
+logwtmp(char *line, char *name, char *host)
+{
+ static int init = 0;
+ static int fd, fdx;
+ struct timeval tv;
+ struct utmp ut;
+#ifdef WTMPX_FILE
+ struct utmpx utx;
+#endif
+
+ memset(&ut, 0, sizeof(struct utmp));
+#ifdef HAVE_UT_TYPE
+ if(name[0])
+ ut.ut_type = USER_PROCESS;
+ else
+ ut.ut_type = DEAD_PROCESS;
+#endif
+ strncpy(ut.ut_line, line, sizeof(ut.ut_line));
+ strncpy(ut.ut_name, name, sizeof(ut.ut_name));
+#ifdef HAVE_UT_PID
+ ut.ut_pid = getpid();
+#endif
+#ifdef HAVE_UT_HOST
+ strncpy(ut.ut_host, host, sizeof(ut.ut_host));
+#endif
+ ut.ut_time = time(NULL);
+
+#ifdef WTMPX_FILE
+ strncpy(utx.ut_line, line, sizeof(utx.ut_line));
+ strncpy(utx.ut_user, name, sizeof(utx.ut_user));
+ strncpy(utx.ut_host, host, sizeof(utx.ut_host));
+#ifdef HAVE_UT_SYSLEN
+ utx.ut_syslen = strlen(host) + 1;
+ if (utx.ut_syslen > sizeof(utx.ut_host))
+ utx.ut_syslen = sizeof(utx.ut_host);
+#endif
+ gettimeofday (&tv, 0);
+ utx.ut_tv.tv_sec = tv.tv_sec;
+ utx.ut_tv.tv_usec = tv.tv_usec;
+
+ if(name[0])
+ utx.ut_type = USER_PROCESS;
+ else
+ utx.ut_type = DEAD_PROCESS;
+#endif
+
+ if(!init){
+ fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0);
+#ifdef WTMPX_FILE
+ fdx = open(WTMPX_FILE, O_WRONLY|O_APPEND, 0);
+#endif
+ init = 1;
+ }
+ if(fd >= 0) {
+ write(fd, &ut, sizeof(struct utmp)); /* XXX */
+#ifdef WTMPX_FILE
+ write(fdx, &utx, sizeof(struct utmpx));
+#endif
+ }
+}
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/pathnames.h b/crypto/kerberosIV/appl/ftp/ftpd/pathnames.h
new file mode 100644
index 0000000..1bd2be1
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftpd/pathnames.h
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 1989, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)pathnames.h 8.1 (Berkeley) 6/4/93
+ */
+
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+
+#ifndef _PATH_DEVNULL
+#define _PATH_DEVNULL "/dev/null"
+#endif
+
+#ifndef _PATH_NOLOGIN
+#define _PATH_NOLOGIN "/etc/nologin"
+#endif
+
+#ifndef _PATH_BSHELL
+#define _PATH_BSHELL "/bin/sh"
+#endif
+
+#define _PATH_FTPUSERS "/etc/ftpusers"
+#define _PATH_FTPCHROOT "/etc/ftpchroot"
+#define _PATH_FTPWELCOME "/etc/ftpwelcome"
+#define _PATH_FTPLOGINMESG "/etc/motd"
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/popen.c b/crypto/kerberosIV/appl/ftp/ftpd/popen.c
new file mode 100644
index 0000000..58c4985
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftpd/popen.c
@@ -0,0 +1,224 @@
+/*
+ * Copyright (c) 1988, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * This code is derived from software written by Ken Arnold and
+ * published in UNIX Review, Vol. 6, No. 8.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: popen.c,v 1.16 1997/06/01 03:14:06 assar Exp $");
+#endif
+
+#include <sys/types.h>
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif
+#include <sys/wait.h>
+
+#include <errno.h>
+#include <glob.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "extern.h"
+
+#include <roken.h>
+
+/*
+ * Special version of popen which avoids call to shell. This ensures
+ * no one may create a pipe to a hidden program as a side effect of a
+ * list or dir command.
+ */
+static int *pids;
+static int fds;
+
+extern int dochroot;
+
+/* return path prepended with ~ftp if that file exists, otherwise
+ * return path unchanged
+ */
+
+const char *
+ftp_rooted(const char *path)
+{
+ static char home[MaxPathLen] = "";
+ static char newpath[MaxPathLen];
+ struct passwd *pwd;
+
+ if(!home[0])
+ if((pwd = k_getpwnam("ftp")))
+ strcpy(home, pwd->pw_dir);
+ snprintf(newpath, sizeof(newpath), "%s/%s", home, path);
+ if(access(newpath, X_OK))
+ strcpy(newpath, path);
+ return newpath;
+}
+
+
+FILE *
+ftpd_popen(char *program, char *type, int do_stderr, int no_glob)
+{
+ char *cp;
+ FILE *iop;
+ int argc, gargc, pdes[2], pid;
+ char **pop, *argv[100], *gargv[1000];
+ char *foo;
+
+ if (strcmp(type, "r") && strcmp(type, "w"))
+ return (NULL);
+
+ if (!pids) {
+
+ /* This function is ugly and should be rewritten, in
+ * modern unices there is no such thing as a maximum
+ * filedescriptor.
+ */
+
+ fds = getdtablesize();
+ pids = (int*)calloc(fds, sizeof(int));
+ if(!pids)
+ return NULL;
+ }
+ if (pipe(pdes) < 0)
+ return (NULL);
+
+ /* break up string into pieces */
+ for (argc = 0, cp = program;; cp = NULL) {
+ foo = NULL;
+ if (!(argv[argc++] = strtok_r(cp, " \t\n", &foo)))
+ break;
+ }
+
+ gargv[0] = (char*)ftp_rooted(argv[0]);
+ /* glob each piece */
+ for (gargc = argc = 1; argv[argc]; argc++) {
+ glob_t gl;
+ int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
+
+ memset(&gl, 0, sizeof(gl));
+ if (no_glob || glob(argv[argc], flags, NULL, &gl))
+ gargv[gargc++] = strdup(argv[argc]);
+ else
+ for (pop = gl.gl_pathv; *pop; pop++)
+ gargv[gargc++] = strdup(*pop);
+ globfree(&gl);
+ }
+ gargv[gargc] = NULL;
+
+ iop = NULL;
+ switch(pid = fork()) {
+ case -1: /* error */
+ close(pdes[0]);
+ close(pdes[1]);
+ goto pfree;
+ /* NOTREACHED */
+ case 0: /* child */
+ if (*type == 'r') {
+ if (pdes[1] != STDOUT_FILENO) {
+ dup2(pdes[1], STDOUT_FILENO);
+ close(pdes[1]);
+ }
+ if(do_stderr)
+ dup2(STDOUT_FILENO, STDERR_FILENO);
+ close(pdes[0]);
+ } else {
+ if (pdes[0] != STDIN_FILENO) {
+ dup2(pdes[0], STDIN_FILENO);
+ close(pdes[0]);
+ }
+ close(pdes[1]);
+ }
+ execv(gargv[0], gargv);
+ gargv[0] = argv[0];
+ execv(gargv[0], gargv);
+ _exit(1);
+ }
+ /* parent; assume fdopen can't fail... */
+ if (*type == 'r') {
+ iop = fdopen(pdes[0], type);
+ close(pdes[1]);
+ } else {
+ iop = fdopen(pdes[1], type);
+ close(pdes[0]);
+ }
+ pids[fileno(iop)] = pid;
+
+pfree:
+ for (argc = 1; gargv[argc] != NULL; argc++)
+ free(gargv[argc]);
+
+
+ return (iop);
+}
+
+int
+ftpd_pclose(FILE *iop)
+{
+ int fdes, status;
+ pid_t pid;
+ sigset_t sigset, osigset;
+
+ /*
+ * pclose returns -1 if stream is not associated with a
+ * `popened' command, or, if already `pclosed'.
+ */
+ if (pids == 0 || pids[fdes = fileno(iop)] == 0)
+ return (-1);
+ fclose(iop);
+ sigemptyset(&sigset);
+ sigaddset(&sigset, SIGINT);
+ sigaddset(&sigset, SIGQUIT);
+ sigaddset(&sigset, SIGHUP);
+ sigprocmask(SIG_BLOCK, &sigset, &osigset);
+ while ((pid = waitpid(pids[fdes], &status, 0)) < 0 && errno == EINTR)
+ continue;
+ sigprocmask(SIG_SETMASK, &osigset, NULL);
+ pids[fdes] = 0;
+ if (pid < 0)
+ return (pid);
+ if (WIFEXITED(status))
+ return (WEXITSTATUS(status));
+ return (1);
+}
diff --git a/crypto/kerberosIV/appl/kauth/Makefile.in b/crypto/kerberosIV/appl/kauth/Makefile.in
new file mode 100644
index 0000000..97bfdb4
--- /dev/null
+++ b/crypto/kerberosIV/appl/kauth/Makefile.in
@@ -0,0 +1,112 @@
+# $Id: Makefile.in,v 1.33 1997/04/05 21:24:35 assar Exp $
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+topdir = ../..
+
+CC = @CC@
+AR = ar
+RANLIB = @RANLIB@
+DEFS = @DEFS@ -DBINDIR='"$(bindir)"'
+CFLAGS = @CFLAGS@
+LD_FLAGS = @LD_FLAGS@
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+LIBS = @LIBS@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+libexecdir = @libexecdir@
+bindir = @bindir@
+transform=@program_transform_name@
+EXECSUFFIX=@EXECSUFFIX@
+
+PROG_BIN = kauth$(EXECSUFFIX) ksrvtgt
+PROG_LIBEXEC = kauthd$(EXECSUFFIX)
+PROGS = $(PROG_BIN) $(PROG_LIBEXEC)
+
+SOURCES_KAUTH = kauth.c rkinit.c
+SOURCES_KAUTHD = kauthd.c
+SOURCES_COMMON = encdata.c marshall.c
+
+OBJECTS_KAUTH = kauth.o rkinit.o
+OBJECTS_KAUTHD = kauthd.o
+OBJECTS_COMMON = marshall.o encdata.o
+
+OBJECTS = $(OBJECTS_KAUTH) $(OBJECTS_KAUTHD)
+SOURCES = $(SOURCES_KAUTH) $(SOURCES_KAUTHD) $(SOURCES_COMMON)
+
+KRB_KAFS_LIB = @KRB_KAFS_LIB@
+
+all: $(PROGS)
+
+Wall:
+ make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+ $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $<
+
+install: all
+ $(MKINSTALLDIRS) $(bindir) $(libexecdir)
+ for x in $(PROG_BIN); do \
+ $(INSTALL_PROGRAM) $$x $(bindir)/`echo $$x| sed '$(transform)'`; \
+ done
+ if test -f $(bindir)/zrefresh -o -r $(bindir)/zrefresh; then \
+ true; \
+ else \
+ $(INSTALL_PROGRAM) $(srcdir)/zrefresh $(bindir)/`echo zrefresh | sed '$(transform)'`; \
+ fi
+ for x in $(PROG_LIBEXEC); do \
+ $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x| sed '$(transform)'`; \
+ done
+
+uninstall:
+ for x in $(PROG_BIN); do \
+ rm -f $(bindir)/`echo $$x| sed '$(transform)'`; \
+ done
+ for x in $(PROG_LIBEXEC); do \
+ rm -f $(libexecdir)/`echo $$x| sed '$(transform)'`; \
+ done
+
+TAGS: $(SOURCES)
+ etags $(SOURCES)
+
+check:
+
+clean:
+ rm -f *.a *.o $(PROGS)
+
+mostlyclean: clean
+
+distclean: clean
+ rm -f Makefile *.tab.c *~
+
+realclean: distclean
+ rm -f TAGS
+
+dist: $(DISTFILES)
+ for file in $(DISTFILES); do \
+ ln $$file ../`cat ../.fname`/lib \
+ || cp -p $$file ../`cat ../.fname`/lib; \
+ done
+
+KLIB=-L../../lib/krb -lkrb -L../../lib/des -ldes
+LIBROKEN=-L../../lib/roken -lroken
+
+kauth$(EXECSUFFIX): $(OBJECTS_KAUTH) $(OBJECTS_COMMON)
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KAUTH) $(OBJECTS_COMMON) $(KRB_KAFS_LIB) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+kauthd$(EXECSUFFIX): $(OBJECTS_KAUTHD) $(OBJECTS_COMMON)
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KAUTHD) $(OBJECTS_COMMON) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+ksrvtgt: ksrvtgt.in
+ sed -e "s!%bindir%!$(bindir)!" $(srcdir)/ksrvtgt.in > $@
+ chmod +x $@
+
+
+$(OBJECTS): ../../include/config.h
diff --git a/crypto/kerberosIV/appl/kauth/encdata.c b/crypto/kerberosIV/appl/kauth/encdata.c
new file mode 100644
index 0000000..800326a
--- /dev/null
+++ b/crypto/kerberosIV/appl/kauth/encdata.c
@@ -0,0 +1,101 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kauth.h"
+
+RCSID("$Id: encdata.c,v 1.9 1997/04/01 08:17:30 joda Exp $");
+
+int
+write_encrypted (int fd, void *buf, size_t len, des_key_schedule schedule,
+ des_cblock *session, struct sockaddr_in *me,
+ struct sockaddr_in *him)
+{
+ void *outbuf;
+ int32_t outlen, l;
+ int i;
+ unsigned char tmp[4];
+
+ outbuf = malloc(len + 30);
+ if (outbuf == NULL)
+ return -1;
+ outlen = krb_mk_priv (buf, outbuf, len, schedule, session, me, him);
+ if (outlen < 0) {
+ free(outbuf);
+ return -1;
+ }
+ l = outlen;
+ for(i = 3; i >= 0; i--, l = l >> 8)
+ tmp[i] = l & 0xff;
+ if (krb_net_write (fd, tmp, 4) != 4 ||
+ krb_net_write (fd, outbuf, outlen) != outlen) {
+ free(outbuf);
+ return -1;
+ }
+
+ free(outbuf);
+ return 0;
+}
+
+
+int
+read_encrypted (int fd, void *buf, size_t len, void **ret,
+ des_key_schedule schedule, des_cblock *session,
+ struct sockaddr_in *him, struct sockaddr_in *me)
+{
+ int status;
+ int32_t l;
+ MSG_DAT msg;
+ unsigned char tmp[4];
+
+ l = krb_net_read (fd, tmp, 4);
+ if (l != 4)
+ return l;
+ l = (tmp[0] << 24) | (tmp[1] << 16) | (tmp[2] << 8) | tmp[3];
+ if (l > len)
+ return -1;
+ if (krb_net_read (fd, buf, l) != l)
+ return -1;
+ status = krb_rd_priv (buf, l, schedule, session, him, me, &msg);
+ if (status != RD_AP_OK) {
+ fprintf (stderr, "read_encrypted: %s\n",
+ krb_get_err_text(status));
+ return -1;
+ }
+ *ret = msg.app_data;
+ return msg.app_length;
+}
diff --git a/crypto/kerberosIV/appl/kauth/kauth.c b/crypto/kerberosIV/appl/kauth/kauth.c
new file mode 100644
index 0000000..84614b0
--- /dev/null
+++ b/crypto/kerberosIV/appl/kauth/kauth.c
@@ -0,0 +1,312 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * Little program that reads an srvtab or password and
+ * creates a suitable ticketfile and associated AFS tokens.
+ *
+ * If an optional command is given the command is executed in a
+ * new PAG and when the command exits the tickets are destroyed.
+ */
+
+#include "kauth.h"
+
+RCSID("$Id: kauth.c,v 1.75 1997/05/02 15:09:24 assar Exp $");
+
+krb_principal princ;
+static char srvtab[MaxPathLen + 1];
+static int lifetime = DEFAULT_TKT_LIFE;
+static char remote_tktfile[MaxPathLen + 1];
+static char remoteuser[100];
+static char *cell = 0;
+
+static void
+usage(void)
+{
+ fprintf(stderr,
+ "Usage: %s [-n <name>] [-r remoteuser] [-t remote ticketfile]"
+ "[-l lifetime (in minutes) ] [-h hosts... ]"
+ "[-f srvtab ] [-c AFS cell name ] [command ... ]\n",
+ __progname);
+ fprintf(stderr, "\nA fully qualified name can be given user[.instance][@realm]\nRealm is converted to uppercase!\n");
+ exit(1);
+}
+
+static void
+doexec(int argc, char **argv)
+{
+ int status;
+ pid_t ret;
+
+ switch (fork()) {
+ case -1:
+ err (1, "fork");
+ break;
+ case 0:
+ /* in child */
+ execvp(argv[0], argv);
+ err (1, "Can't exec program ``%s''", argv[0]);
+ break;
+ default:
+ /* in parent */
+ do {
+ ret = wait(&status);
+ } while ((ret > 0 && !WIFEXITED(status)) || (ret < 0 && errno == EINTR));
+ if (ret < 0)
+ perror("wait");
+ dest_tkt();
+ if (k_hasafs())
+ k_unlog();
+ break;
+ }
+}
+
+static RETSIGTYPE
+renew(int sig)
+{
+ int code;
+
+ signal(SIGALRM, renew);
+
+ code = krb_get_svc_in_tkt(princ.name, princ.instance, princ.realm,
+ KRB_TICKET_GRANTING_TICKET,
+ princ.realm, lifetime, srvtab);
+ if (code)
+ warnx ("%s", krb_get_err_text(code));
+ else if (k_hasafs())
+ {
+ if ((code = k_afsklog(cell, NULL)) != 0 && code != KDC_PR_UNKNOWN) {
+ warnx ("%s", krb_get_err_text(code));
+ }
+ }
+
+ alarm(krb_life_to_time(0, lifetime)/2 - 60);
+ SIGRETURN(0);
+}
+
+static int
+zrefresh(void)
+{
+ switch (fork()) {
+ case -1:
+ err (1, "Warning: Failed to fork zrefresh");
+ return -1;
+ case 0:
+ /* Child */
+ execlp("zrefresh", "zrefresh", 0);
+ execl(BINDIR "/zrefresh", "zrefresh", 0);
+ exit(1);
+ default:
+ /* Parent */
+ break;
+ }
+ return 0;
+}
+
+static int
+key_to_key(char *user, char *instance, char *realm, void *arg,
+ des_cblock *key)
+{
+ memcpy(key, arg, sizeof(des_cblock));
+ return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+ int code, more_args;
+ int ret;
+ int c;
+ char *file;
+ int pflag = 0;
+ char passwd[100];
+ des_cblock key;
+ char **host;
+ int nhost;
+ char tf[MaxPathLen];
+
+ set_progname (argv[0]);
+
+ if ((file = getenv("KRBTKFILE")) == 0)
+ file = TKT_FILE;
+
+ memset(&princ, 0, sizeof(princ));
+ memset(srvtab, 0, sizeof(srvtab));
+ *remoteuser = '\0';
+ nhost = 0;
+
+ while ((c = getopt(argc, argv, "r:t:f:hl:n:c:")) != EOF)
+ switch (c) {
+ case 'f':
+ strncpy(srvtab, optarg, sizeof(srvtab));
+ break;
+ case 't':
+ strncpy(remote_tktfile, optarg, sizeof(remote_tktfile));
+ break;
+ case 'r':
+ strncpy(remoteuser, optarg, sizeof(remoteuser));
+ break;
+ case 'l':
+ lifetime = atoi(optarg);
+ if (lifetime == -1)
+ lifetime = 255;
+ else if (lifetime < 5)
+ lifetime = 1;
+ else
+ lifetime = krb_time_to_life(0, lifetime*60);
+ if (lifetime > 255)
+ lifetime = 255;
+ break;
+ case 'n':
+ if ((code = krb_parse_name(optarg, &princ)) != 0) {
+ warnx ("%s", krb_get_err_text(code));
+ usage();
+ }
+ strupr(princ.realm);
+ pflag = 1;
+ break;
+ case 'c':
+ cell = optarg;
+ break;
+ case 'h':
+ host = argv + optind;
+ for(nhost = 0; optind < argc && *argv[optind] != '-'; ++optind)
+ ++nhost;
+ break;
+ case '?':
+ default:
+ usage();
+ break;
+ }
+
+ /* Look for kerberos name */
+ if (!pflag && optind < argc && krb_parse_name(argv[optind], &princ) == 0) {
+ ++optind;
+ strupr(princ.realm);
+ }
+
+ if (princ.name[0] == '\0' && krb_get_default_principal (princ.name,
+ princ.instance,
+ princ.realm) < 0)
+ errx (1, "Could not get default principal");
+
+ if (*remoteuser == '\0')
+ strcpy (remoteuser, princ.name);
+
+ more_args = argc - optind;
+
+ if (princ.realm[0] == '\0')
+ if (krb_get_lrealm(princ.realm, 1) != KSUCCESS)
+ strcpy(princ.realm, KRB_REALM);
+
+ if (more_args) {
+ int f;
+
+ do{
+ snprintf(tf, sizeof(tf),
+ TKT_ROOT "%u_%u",
+ (unsigned)getuid(),
+ (unsigned)(getpid()*time(0)));
+ f = open(tf, O_CREAT|O_EXCL|O_RDWR);
+ }while(f < 0);
+ close(f);
+ unlink(tf);
+ setenv("KRBTKFILE", tf, 1);
+ krb_set_tkt_string (tf);
+ }
+
+ if (srvtab[0])
+ {
+ signal(SIGALRM, renew);
+
+ code = read_service_key (princ.name, princ.instance, princ.realm, 0,
+ srvtab, (char *)&key);
+ if (code == KSUCCESS)
+ code = krb_get_in_tkt(princ.name, princ.instance, princ.realm,
+ KRB_TICKET_GRANTING_TICKET,
+ princ.realm, lifetime,
+ key_to_key, NULL, key);
+ alarm(krb_life_to_time(0, lifetime)/2 - 60);
+ }
+ else {
+ char prompt[128];
+
+ snprintf(prompt, sizeof(prompt), "%s's Password: ", krb_unparse_name(&princ));
+ if (des_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0)){
+ memset(passwd, 0, sizeof(passwd));
+ exit(1);
+ }
+ des_string_to_key (passwd, &key);
+ code = krb_get_in_tkt (princ.name, princ.instance, princ.realm,
+ KRB_TICKET_GRANTING_TICKET,
+ princ.realm, lifetime,
+ key_to_key, NULL, key);
+ if(code == INTK_BADPW) {
+ afs_string_to_key (passwd, princ.realm, &key);
+ code = krb_get_in_tkt (princ.name, princ.instance, princ.realm,
+ KRB_TICKET_GRANTING_TICKET,
+ princ.realm, lifetime,
+ key_to_key, NULL, key);
+ }
+ memset(passwd, 0, sizeof(passwd));
+ }
+ if (code) {
+ memset (key, 0, sizeof(key));
+ errx (1, "%s", krb_get_err_text(code));
+ }
+
+ if (k_hasafs()) {
+ if (more_args)
+ k_setpag();
+ if ((code = k_afsklog(cell, NULL)) != 0 && code != KDC_PR_UNKNOWN)
+ warnx ("%s", krb_get_err_text(code));
+ }
+
+ for(ret = 0; nhost-- > 0; host++)
+ ret += rkinit(&princ, lifetime, remoteuser, remote_tktfile, &key, *host);
+
+ if (ret)
+ return ret;
+
+ if (more_args)
+ doexec(more_args, &argv[optind]);
+ else
+ zrefresh();
+
+ return 0;
+}
diff --git a/crypto/kerberosIV/appl/kauth/kauth.h b/crypto/kerberosIV/appl/kauth/kauth.h
new file mode 100644
index 0000000..2c48fcc
--- /dev/null
+++ b/crypto/kerberosIV/appl/kauth/kauth.h
@@ -0,0 +1,118 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: kauth.h,v 1.18 1997/05/20 18:40:31 bg Exp $ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif /* HAVE_CONFIG_H */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <string.h>
+#include <signal.h>
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#include <errno.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#ifdef HAVE_GRP_H
+#include <grp.h>
+#endif
+
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif /* HAVE_SYS_RESOURCE_H */
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+#include <err.h>
+
+#include <krb.h>
+#include <kafs.h>
+
+#include <roken.h>
+
+#define KAUTH_PORT 2120
+
+#define KAUTH_VERSION "RKINIT.0"
+
+int rkinit (krb_principal*, int, char*, char*, des_cblock*, char*);
+
+int write_encrypted (int, void*, size_t, des_key_schedule,
+ des_cblock*, struct sockaddr_in*, struct sockaddr_in*);
+
+int read_encrypted (int, void*, size_t, void **, des_key_schedule,
+ des_cblock*, struct sockaddr_in*, struct sockaddr_in*);
+
+unsigned pack_args (char *, krb_principal*, int, char*, char*);
+
+int unpack_args (char*, krb_principal*, int*, char*, char*);
diff --git a/crypto/kerberosIV/appl/kauth/kauthd.c b/crypto/kerberosIV/appl/kauth/kauthd.c
new file mode 100644
index 0000000..b6a40cf
--- /dev/null
+++ b/crypto/kerberosIV/appl/kauth/kauthd.c
@@ -0,0 +1,201 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kauth.h"
+
+RCSID("$Id: kauthd.c,v 1.22 1997/05/18 20:37:55 assar Exp $");
+
+krb_principal princ;
+static char locuser[SNAME_SZ + 1];
+static int lifetime;
+static char tktfile[MaxPathLen + 1];
+
+struct remote_args {
+ int sock;
+ des_key_schedule *schedule;
+ des_cblock *session;
+ struct sockaddr_in *me, *her;
+};
+
+static int
+decrypt_remote_tkt (char *user, char *inst, char *realm, void *varg,
+ key_proc_t key_proc, KTEXT *cipp)
+{
+ char buf[BUFSIZ];
+ void *ptr;
+ int len;
+ KTEXT cip = *cipp;
+ struct remote_args *args = (struct remote_args *)varg;
+
+ write_encrypted (args->sock, cip->dat, cip->length,
+ *args->schedule, args->session, args->me,
+ args->her);
+ len = read_encrypted (args->sock, buf, sizeof(buf), &ptr, *args->schedule,
+ args->session, args->her, args->me);
+ memcpy(cip->dat, ptr, cip->length);
+
+ return 0;
+}
+
+static int
+doit(int sock)
+{
+ int status;
+ KTEXT_ST ticket;
+ AUTH_DAT auth;
+ char instance[INST_SZ + 1];
+ des_key_schedule schedule;
+ struct sockaddr_in thisaddr, thataddr;
+ int addrlen;
+ int len;
+ char buf[BUFSIZ];
+ void *data;
+ struct passwd *passwd;
+ char version[KRB_SENDAUTH_VLEN + 1];
+ char remotehost[MaxHostNameLen];
+
+ addrlen = sizeof(thisaddr);
+ if (getsockname (sock, (struct sockaddr *)&thisaddr, &addrlen) < 0 ||
+ addrlen != sizeof(thisaddr)) {
+ return 1;
+ }
+ addrlen = sizeof(thataddr);
+ if (getpeername (sock, (struct sockaddr *)&thataddr, &addrlen) < 0 ||
+ addrlen != sizeof(thataddr)) {
+ return 1;
+ }
+
+ inaddr2str (thataddr.sin_addr, remotehost, sizeof(remotehost));
+
+ k_getsockinst (sock, instance, sizeof(instance));
+ status = krb_recvauth (KOPT_DO_MUTUAL, sock, &ticket, "rcmd", instance,
+ &thataddr, &thisaddr, &auth, "", schedule,
+ version);
+ if (status != KSUCCESS ||
+ strncmp(version, KAUTH_VERSION, KRB_SENDAUTH_VLEN) != 0) {
+ return 1;
+ }
+ len = read_encrypted (sock, buf, sizeof(buf), &data, schedule,
+ &auth.session, &thataddr, &thisaddr);
+ if (len < 0) {
+ write_encrypted (sock, "read_enc failed",
+ sizeof("read_enc failed") - 1, schedule,
+ &auth.session, &thisaddr, &thataddr);
+ return 1;
+ }
+ if (unpack_args(data, &princ, &lifetime, locuser,
+ tktfile)) {
+ write_encrypted (sock, "unpack_args failed",
+ sizeof("unpack_args failed") - 1, schedule,
+ &auth.session, &thisaddr, &thataddr);
+ return 1;
+ }
+
+ if( kuserok(&auth, locuser) != 0) {
+ snprintf(buf, sizeof(buf), "%s cannot get tickets for %s",
+ locuser, krb_unparse_name(&princ));
+ syslog (LOG_ERR, buf);
+ write_encrypted (sock, buf, strlen(buf), schedule,
+ &auth.session, &thisaddr, &thataddr);
+ return 1;
+ }
+ passwd = k_getpwnam (locuser);
+ if (passwd == NULL) {
+ snprintf (buf, sizeof(buf), "No user '%s'", locuser);
+ syslog (LOG_ERR, buf);
+ write_encrypted (sock, buf, strlen(buf), schedule,
+ &auth.session, &thisaddr, &thataddr);
+ return 1;
+ }
+ if (setgid (passwd->pw_gid) ||
+ initgroups(passwd->pw_name, passwd->pw_gid) ||
+ setuid(passwd->pw_uid)) {
+ snprintf (buf, sizeof(buf), "Could not change user");
+ syslog (LOG_ERR, buf);
+ write_encrypted (sock, buf, strlen(buf), schedule,
+ &auth.session, &thisaddr, &thataddr);
+ return 1;
+ }
+ write_encrypted (sock, "ok", sizeof("ok") - 1, schedule,
+ &auth.session, &thisaddr, &thataddr);
+
+ if (*tktfile == 0)
+ snprintf(tktfile, sizeof(tktfile), "%s%u", TKT_ROOT, (unsigned)getuid());
+ krb_set_tkt_string (tktfile);
+
+ {
+ struct remote_args arg;
+
+ arg.sock = sock;
+ arg.schedule = &schedule;
+ arg.session = &auth.session;
+ arg.me = &thisaddr;
+ arg.her = &thataddr;
+
+ status = krb_get_in_tkt (princ.name, princ.instance, princ.realm,
+ KRB_TICKET_GRANTING_TICKET,
+ princ.realm,
+ lifetime, NULL, decrypt_remote_tkt, &arg);
+ }
+ if (status == KSUCCESS) {
+ syslog (LOG_INFO, "from %s(%s): %s -> %s",
+ remotehost,
+ inet_ntoa(thataddr.sin_addr),
+ locuser,
+ krb_unparse_name (&princ));
+ write_encrypted (sock, "ok", sizeof("ok") - 1, schedule,
+ &auth.session, &thisaddr, &thataddr);
+ return 0;
+ } else {
+ snprintf (buf, sizeof(buf), "TGT failed: %s", krb_get_err_text(status));
+ syslog (LOG_NOTICE, buf);
+ write_encrypted (sock, buf, strlen(buf), schedule,
+ &auth.session, &thisaddr, &thataddr);
+ return 1;
+ }
+}
+
+int
+main (int argc, char **argv)
+{
+ openlog ("kauthd", LOG_ODELAY, LOG_AUTH);
+
+ if(argc > 1 && strcmp(argv[1], "-i") == 0)
+ mini_inetd (k_getportbyname("kauth", "tcp", htons(KAUTH_PORT)));
+ return doit(STDIN_FILENO);
+}
diff --git a/crypto/kerberosIV/appl/kauth/ksrvtgt.in b/crypto/kerberosIV/appl/kauth/ksrvtgt.in
new file mode 100644
index 0000000..30d9e15
--- /dev/null
+++ b/crypto/kerberosIV/appl/kauth/ksrvtgt.in
@@ -0,0 +1,14 @@
+#! /bin/sh
+# $Id: ksrvtgt.in,v 1.2 1997/04/05 21:29:17 assar Exp $
+
+usage="Usage: `basename $0` name instance [[realm] srvtab]"
+
+if [ $# -lt 2 -o $# -gt 4 ]; then
+ echo "$usage"
+ exit 1
+fi
+
+srvtab="${4-${3-/etc/srvtab}}"
+realm="${4+@$3}"
+
+%bindir%/kauth -n "$1.$2$realm" -l 5 -f "$srvtab "
diff --git a/crypto/kerberosIV/appl/kauth/marshall.c b/crypto/kerberosIV/appl/kauth/marshall.c
new file mode 100644
index 0000000..4f1bfeb
--- /dev/null
+++ b/crypto/kerberosIV/appl/kauth/marshall.c
@@ -0,0 +1,97 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kauth.h"
+
+RCSID("$Id: marshall.c,v 1.7 1997/04/01 08:17:32 joda Exp $");
+
+unsigned
+pack_args (char *buf, krb_principal *pr, int lifetime,
+ char *locuser, char *tktfile)
+{
+ char *p;
+
+ p = buf;
+ strcpy (p, pr->name);
+ p += strlen (pr->name) + 1;
+ strcpy (p, pr->instance);
+ p += strlen (pr->instance) + 1;
+ strcpy (p, pr->realm);
+ p += strlen (pr->realm) + 1;
+ *p++ = (unsigned char)lifetime;
+ strcpy(p, locuser);
+ p += strlen (locuser) + 1;
+ strcpy(p, tktfile);
+ p += strlen(tktfile) + 1;
+ return p - buf;
+}
+
+int
+unpack_args (char *buf, krb_principal *pr, int *lifetime,
+ char *locuser, char *tktfile)
+{
+ int len;
+
+ len = strlen(buf);
+ if (len > SNAME_SZ)
+ return -1;
+ strncpy(pr->name, buf, len + 1);
+ buf += len + 1;
+ len = strlen (buf);
+ if (len > INST_SZ)
+ return -1;
+ strncpy (pr->instance, buf, len + 1);
+ buf += len + 1;
+ len = strlen (buf);
+ if (len > REALM_SZ)
+ return -1;
+ strncpy (pr->realm, buf, len + 1);
+ buf += len + 1;
+ *lifetime = (unsigned char)*buf++;
+ len = strlen(buf);
+ if (len > SNAME_SZ)
+ return -1;
+ strncpy (locuser, buf, len + 1);
+ buf += len + 1;
+ len = strlen(buf);
+ if (len > MaxPathLen)
+ return -1;
+ strncpy (tktfile, buf, len + 1);
+ buf += len + 1;
+ return 0;
+}
diff --git a/crypto/kerberosIV/appl/kauth/rkinit.c b/crypto/kerberosIV/appl/kauth/rkinit.c
new file mode 100644
index 0000000..ec75d46
--- /dev/null
+++ b/crypto/kerberosIV/appl/kauth/rkinit.c
@@ -0,0 +1,222 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kauth.h"
+
+RCSID("$Id: rkinit.c,v 1.19 1997/04/01 08:17:33 joda Exp $");
+
+static struct in_addr *
+getalladdrs (char *hostname, unsigned *count)
+{
+ struct hostent *hostent;
+ struct in_addr **h;
+ struct in_addr *addr;
+ unsigned naddr;
+ unsigned maxaddr;
+
+ hostent = gethostbyname (hostname);
+ if (hostent == NULL) {
+ warnx ("gethostbyname '%s' failed: %s\n",
+ hostname,
+#ifdef HAVE_H_ERRNO
+ hstrerror(h_errno)
+#else
+ "unknown error"
+#endif
+ );
+ return NULL;
+ }
+ maxaddr = 1;
+ naddr = 0;
+ addr = malloc(sizeof(*addr) * maxaddr);
+ if (addr == NULL) {
+ warnx ("out of memory");
+ return NULL;
+ }
+ for (h = (struct in_addr **)(hostent->h_addr_list);
+ *h != NULL;
+ h++) {
+ if (naddr >= maxaddr) {
+ maxaddr *= 2;
+ addr = realloc (addr, sizeof(*addr) * maxaddr);
+ if (addr == NULL) {
+ warnx ("out of memory");
+ return NULL;
+ }
+ }
+ addr[naddr++] = **h;
+ }
+ addr = realloc (addr, sizeof(*addr) * naddr);
+ if (addr == NULL) {
+ warnx ("out of memory");
+ return NULL;
+ }
+ *count = naddr;
+ return addr;
+}
+
+static int
+doit_host (krb_principal *princ, int lifetime, char *locuser,
+ char *tktfile, des_cblock *key, int s, char *hostname)
+{
+ char buf[BUFSIZ];
+ int inlen;
+ KTEXT_ST text;
+ CREDENTIALS cred;
+ MSG_DAT msg;
+ int status;
+ des_key_schedule schedule;
+ struct sockaddr_in thisaddr, thataddr;
+ int addrlen;
+ void *ret;
+
+ addrlen = sizeof(thisaddr);
+ if (getsockname (s, (struct sockaddr *)&thisaddr, &addrlen) < 0 ||
+ addrlen != sizeof(thisaddr)) {
+ warn ("getsockname(%s)", hostname);
+ return 1;
+ }
+ addrlen = sizeof(thataddr);
+ if (getpeername (s, (struct sockaddr *)&thataddr, &addrlen) < 0 ||
+ addrlen != sizeof(thataddr)) {
+ warn ("getpeername(%s)", hostname);
+ return 1;
+ }
+
+ status = krb_sendauth (KOPT_DO_MUTUAL, s, &text, "rcmd",
+ hostname, krb_realmofhost (hostname),
+ getpid(), &msg, &cred, schedule,
+ &thisaddr, &thataddr, KAUTH_VERSION);
+ if (status != KSUCCESS) {
+ warnx ("%s: %s\n", hostname, krb_get_err_text(status));
+ return 1;
+ }
+ inlen = pack_args (buf, princ, lifetime, locuser, tktfile);
+
+ if (write_encrypted(s, buf, inlen, schedule, &cred.session,
+ &thisaddr, &thataddr) < 0) {
+ warn ("write to %s", hostname);
+ return 1;
+ }
+
+ inlen = read_encrypted (s, buf, sizeof(buf), &ret, schedule,
+ &cred.session, &thataddr, &thisaddr);
+ if (inlen < 0) {
+ warn ("read from %s failed", hostname);
+ return 1;
+ }
+
+ if (strncmp(ret, "ok", inlen) != 0) {
+ warnx ("error from %s: %.*s\n",
+ hostname, inlen, (char *)ret);
+ return 1;
+ }
+
+ inlen = read_encrypted (s, buf, sizeof(buf), &ret, schedule,
+ &cred.session, &thataddr, &thisaddr);
+ if (inlen < 0) {
+ warn ("read from %s", hostname);
+ return 1;
+ }
+
+ {
+ des_key_schedule key_s;
+
+ des_key_sched(key, key_s);
+ des_pcbc_encrypt(ret, ret, inlen, key_s, key, DES_DECRYPT);
+ memset(key_s, 0, sizeof(key_s));
+ }
+ write_encrypted (s, ret, inlen, schedule, &cred.session,
+ &thisaddr, &thataddr);
+
+ inlen = read_encrypted (s, buf, sizeof(buf), &ret, schedule,
+ &cred.session, &thataddr, &thisaddr);
+ if (inlen < 0) {
+ warn ("read from %s", hostname);
+ return 1;
+ }
+
+ if (strncmp(ret, "ok", inlen) != 0) {
+ warnx ("error from %s: %.*s\n",
+ hostname, inlen, (char *)ret);
+ return 1;
+ }
+ return 0;
+}
+
+int
+rkinit (krb_principal *princ, int lifetime, char *locuser,
+ char *tktfile, des_cblock *key, char *hostname)
+{
+ struct in_addr *addr;
+ unsigned naddr;
+ unsigned i;
+ int port;
+ int success;
+
+ addr = getalladdrs (hostname, &naddr);
+ if (addr == NULL)
+ return 1;
+ port = k_getportbyname ("kauth", "tcp", htons(KAUTH_PORT));
+ success = 0;
+ for (i = 0; !success && i < naddr; ++i) {
+ struct sockaddr_in a;
+ int s;
+
+ memset(&a, 0, sizeof(a));
+ a.sin_family = AF_INET;
+ a.sin_port = port;
+ a.sin_addr = addr[i];
+
+ s = socket (AF_INET, SOCK_STREAM, 0);
+ if (s < 0) {
+ warn("socket");
+ return 1;
+ }
+ if (connect(s, (struct sockaddr *)&a, sizeof(a)) < 0) {
+ warn("connect(%s)", hostname);
+ continue;
+ }
+
+ success = success || !doit_host (princ, lifetime,
+ locuser, tktfile, key,
+ s, hostname);
+ close (s);
+ }
+ return !success;
+}
diff --git a/crypto/kerberosIV/appl/kauth/zrefresh b/crypto/kerberosIV/appl/kauth/zrefresh
new file mode 100644
index 0000000..8347a1b
--- /dev/null
+++ b/crypto/kerberosIV/appl/kauth/zrefresh
@@ -0,0 +1,12 @@
+#!/bin/sh
+#
+# @(#) $Id: zrefresh,v 1.3 1996/06/09 19:21:59 joda Exp $
+#
+# Substitute this script with a real zrefresh if running Zephyr. For
+# instance:
+#
+# if [ -f "$WGFILE" ] ; then
+# zctl load
+# fi
+
+exit 0
diff --git a/crypto/kerberosIV/appl/kip/Makefile.in b/crypto/kerberosIV/appl/kip/Makefile.in
new file mode 100644
index 0000000..690a661
--- /dev/null
+++ b/crypto/kerberosIV/appl/kip/Makefile.in
@@ -0,0 +1,96 @@
+# $Id: Makefile.in,v 1.12 1997/03/23 13:04:03 assar Exp $
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+CC = @CC@
+AR = ar
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@
+LD_FLAGS = @LD_FLAGS@
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+LIBS = @LIBS@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libexecdir = @libexecdir@
+libdir = @libdir@
+bindir = @bindir@
+transform=@program_transform_name@
+EXECSUFFIX=@EXECSUFFIX@
+
+PROG_BIN = kip$(EXECSUFFIX)
+PROG_LIBEXEC = kipd$(EXECSUFFIX)
+PROGS = $(PROG_BIN) $(PROG_LIBEXEC)
+
+SOURCES_KIP = kip.c
+SOURCES_KIPD = kipd.c
+SOURCES_COMMON = common.c
+
+OBJECTS_KIP = kip.o common.o
+OBJECTS_KIPD = kipd.o common.o
+
+OBJECTS = $(OBJECTS_KIP) $(OBJECTS_KIPD)
+SOURCES = $(SOURCES_KIP) $(SOURCES_KIPD) $(SOURCES_COMMON)
+
+all: $(PROGS)
+
+Wall:
+ make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+ $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $<
+
+install: all
+ $(MKINSTALLDIRS) $(bindir) $(libexecdir)
+ for x in $(PROG_BIN); do \
+ $(INSTALL_PROGRAM) $$x $(bindir)/`echo $$x | sed '$(transform)'`; \
+ done
+ for x in $(PROG_LIBEXEC); do \
+ $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x | sed '$(transform)'`; \
+ done
+
+uninstall:
+ for x in $(PROG_BIN); do \
+ rm -f $(bindir)/`echo $$x | sed '$(transform)'`; \
+ done
+ for x in $(PROG_LIBEXEC); do \
+ rm -f $(libexecdir)/`echo $$x | sed '$(transform)'`; \
+ done
+
+TAGS: $(SOURCES)
+ etags $(SOURCES)
+
+check:
+
+clean:
+ rm -f *.a *.o $(PROGS)
+
+mostlyclean: clean
+
+distclean: clean
+ rm -f Makefile *.tab.c *~
+
+realclean: distclean
+ rm -f TAGS
+
+dist: $(DISTFILES)
+ for file in $(DISTFILES); do \
+ ln $$file ../`cat ../.fname`/lib \
+ || cp -p $$file ../`cat ../.fname`/lib; \
+ done
+
+KLIB=-L../../lib/krb -lkrb -L../../lib/des -ldes
+LIBROKEN=-L../../lib/roken -lroken
+
+kip$(EXECSUFFIX): $(OBJECTS_KIP)
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KIP) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+kipd$(EXECSUFFIX): $(OBJECTS_KIPD)
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KIPD) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+$(OBJECTS): ../../include/config.h
diff --git a/crypto/kerberosIV/appl/kip/common.c b/crypto/kerberosIV/appl/kip/common.c
new file mode 100644
index 0000000..b21d03d
--- /dev/null
+++ b/crypto/kerberosIV/appl/kip/common.c
@@ -0,0 +1,178 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kip.h"
+
+RCSID("$Id: common.c,v 1.12 1997/05/02 14:28:06 assar Exp $");
+
+/*
+ * Copy packets from `tundev' to `netdev' or vice versa.
+ * Mode is used when reading from `tundev'
+ */
+
+int
+copy_packets (int tundev, int netdev, int mtu, des_cblock *iv,
+ des_key_schedule schedule)
+{
+ des_cblock iv1, iv2;
+ int num1 = 0, num2 = 0;
+ u_char *buf;
+
+ buf = malloc (mtu + 2);
+ if (buf == NULL) {
+ warnx("malloc(%d) failed", mtu);
+ return 1;
+ }
+
+ memcpy (&iv1, iv, sizeof(iv1));
+ memcpy (&iv2, iv, sizeof(iv2));
+ for (;;) {
+ fd_set fdset;
+ int ret, len;
+
+ FD_ZERO(&fdset);
+ FD_SET(tundev, &fdset);
+ FD_SET(netdev, &fdset);
+
+ ret = select (max(tundev, netdev)+1, &fdset, NULL, NULL, NULL);
+ if (ret < 0 && errno != EINTR) {
+ warn ("select");
+ return 1;
+ }
+ if (FD_ISSET(tundev, &fdset)) {
+ ret = read (tundev, buf + 2, mtu);
+ if (ret == 0)
+ return 0;
+ if (ret < 0) {
+ if (errno == EINTR)
+ continue;
+ else {
+ warn("read");
+ return ret;
+ }
+ }
+ buf[0] = ret >> 8;
+ buf[1] = ret & 0xFF;
+ ret += 2;
+ des_cfb64_encrypt (buf, buf, ret, schedule,
+ &iv1, &num1, DES_ENCRYPT);
+ ret = krb_net_write (netdev, buf, ret);
+ if (ret < 0) {
+ warn("write");
+ return ret;
+ }
+ }
+ if (FD_ISSET(netdev, &fdset)) {
+ ret = read (netdev, buf, 2);
+ if (ret == 0)
+ return 0;
+ if (ret < 0) {
+ if (errno == EINTR)
+ continue;
+ else {
+ warn("read");
+ return ret;
+ }
+ }
+ des_cfb64_encrypt (buf, buf, 2, schedule,
+ &iv2, &num2, DES_DECRYPT);
+ len = (buf[0] << 8 ) | buf[1];
+ ret = krb_net_read (netdev, buf + 2, len);
+ if (ret == 0)
+ return 0;
+ if (ret < 0) {
+ if (errno == EINTR)
+ continue;
+ else {
+ warn("read");
+ return ret;
+ }
+ }
+ des_cfb64_encrypt (buf + 2, buf + 2, len, schedule,
+ &iv2, &num2, DES_DECRYPT);
+ ret = krb_net_write (tundev, buf + 2, len);
+ if (ret < 0) {
+ warn("write");
+ return ret;
+ }
+ }
+ }
+}
+
+/*
+ * Signal handler that justs waits for the children when they die.
+ */
+
+RETSIGTYPE
+childhandler (int sig)
+{
+ pid_t pid;
+ int status;
+
+ do {
+ pid = waitpid (-1, &status, WNOHANG|WUNTRACED);
+ } while(pid > 0);
+ signal (SIGCHLD, childhandler);
+ SIGRETURN(0);
+}
+
+/*
+ * Find a free tunnel device and open it.
+ */
+
+int
+tunnel_open (void)
+{
+ int fd;
+ int i;
+ char name[64];
+
+ for (i = 0; i < 256; ++i) {
+ snprintf (name, sizeof(name), "%s%s%d", _PATH_DEV, TUNDEV, i);
+ fd = open (name, O_RDWR, 0);
+ if (fd >= 0)
+ break;
+ if (errno == ENOENT || errno == ENODEV) {
+ warn("open %s", name);
+ return fd;
+ }
+ }
+ if (fd < 0)
+ warn("open %s" ,name);
+ return fd;
+}
diff --git a/crypto/kerberosIV/appl/kip/kip.c b/crypto/kerberosIV/appl/kip/kip.c
new file mode 100644
index 0000000..e324a28
--- /dev/null
+++ b/crypto/kerberosIV/appl/kip/kip.c
@@ -0,0 +1,179 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kip.h"
+
+RCSID("$Id: kip.c,v 1.15 1997/05/11 10:54:51 assar Exp $");
+
+static void
+usage()
+{
+ fprintf (stderr, "Usage: %s host\n",
+ __progname);
+ exit (1);
+}
+
+/*
+ * Establish authenticated connection
+ */
+
+static int
+connect_host (char *host, des_cblock *key, des_key_schedule schedule)
+{
+ CREDENTIALS cred;
+ KTEXT_ST text;
+ MSG_DAT msg;
+ int status;
+ struct sockaddr_in thisaddr, thataddr;
+ int addrlen;
+ struct hostent *hostent;
+ int s;
+ u_char b;
+ char **p;
+
+ hostent = gethostbyname (host);
+ if (hostent == NULL) {
+ warnx ("gethostbyname '%s': %s", host,
+#ifdef HAVE_H_ERRNO
+ hstrerror(h_errno)
+#else
+ "unknown error"
+#endif
+ );
+ return -1;
+ }
+
+ memset (&thataddr, 0, sizeof(thataddr));
+ thataddr.sin_family = AF_INET;
+ thataddr.sin_port = k_getportbyname ("kip", "tcp", htons(KIPPORT));
+
+ for(p = hostent->h_addr_list; *p; ++p) {
+ int one = 1;
+
+ memcpy (&thataddr.sin_addr, *p, sizeof(thataddr.sin_addr));
+
+ s = socket (AF_INET, SOCK_STREAM, 0);
+ if (s < 0) {
+ warn ("socket");
+ return -1;
+ }
+
+#if defined(TCP_NODELAY) && defined(HAVE_SETSOCKOPT)
+ setsockopt (s, IPPROTO_TCP, TCP_NODELAY, (void *)&one, sizeof(one));
+#endif
+
+ if (connect (s, (struct sockaddr *)&thataddr, sizeof(thataddr)) < 0) {
+ warn ("connect(%s)", host);
+ close (s);
+ continue;
+ } else {
+ break;
+ }
+ }
+ if (*p == NULL)
+ return -1;
+
+ addrlen = sizeof(thisaddr);
+ if (getsockname (s, (struct sockaddr *)&thisaddr, &addrlen) < 0 ||
+ addrlen != sizeof(thisaddr)) {
+ warn ("getsockname(%s)", host);
+ return -1;
+ }
+ status = krb_sendauth (KOPT_DO_MUTUAL, s, &text, "rcmd",
+ host, krb_realmofhost (host),
+ getpid(), &msg, &cred, schedule,
+ &thisaddr, &thataddr, KIP_VERSION);
+ if (status != KSUCCESS) {
+ warnx("%s: %s", host,
+ krb_get_err_text(status));
+ return -1;
+ }
+ if (read (s, &b, sizeof(b)) != sizeof(b)) {
+ warn ("read");
+ return -1;
+ }
+ if (b) {
+ char buf[BUFSIZ];
+
+ read (s, buf, sizeof(buf));
+ buf[BUFSIZ - 1] = '\0';
+
+ warnx ("%s: %s", host, buf);
+ return -1;
+ }
+
+ memcpy(key, &cred.session, sizeof(des_cblock));
+ return s;
+}
+
+/*
+ * Connect to the given host.
+ */
+
+static int
+doit (char *host)
+{
+ des_key_schedule schedule;
+ des_cblock iv;
+ int other, this;
+ struct ifreq ifreq;
+ int sock;
+
+ other = connect_host (host, &iv, schedule);
+ if (other < 0)
+ return 1;
+ this = tunnel_open ();
+ if (this < 0)
+ return 1;
+ return copy_packets (this, other, TUNMTU, &iv, schedule);
+}
+
+/*
+ * kip - forward IP packets over a kerberos-encrypted channel.
+ *
+ */
+
+int
+main(int argc, char **argv)
+{
+ set_progname (argv[0]);
+
+ if (argc != 2)
+ usage ();
+ return doit (argv[1]);
+}
diff --git a/crypto/kerberosIV/appl/kip/kip.h b/crypto/kerberosIV/appl/kip/kip.h
new file mode 100644
index 0000000..94e30a5
--- /dev/null
+++ b/crypto/kerberosIV/appl/kip/kip.h
@@ -0,0 +1,106 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: kip.h,v 1.16 1997/05/20 18:40:31 bg Exp $ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif /* HAVE_CONFIG_H */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+#include <pwd.h>
+#include <signal.h>
+#include <paths.h>
+#include <fcntl.h>
+#ifdef HAVE_SYSLOG_H
+#include <syslog.h>
+#endif
+#include <sys/types.h>
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#include <sys/wait.h>
+#include <sys/stat.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netdb.h>
+#include <sys/sockio.h>
+#include <net/if.h>
+#ifdef HAVE_NET_IF_VAR_H
+#include <net/if_var.h>
+#endif
+#include <net/if_tun.h>
+#include <err.h>
+
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+#include <krb.h>
+
+#include <roken.h>
+
+#define TUNDEV "tun"
+
+#define KIPPORT 2112
+
+#define KIP_VERSION "KIPSRV.0"
+
+int
+copy_packets (int tundev, int netdev, int mtu, des_cblock *iv,
+ des_key_schedule schedule);
+
+RETSIGTYPE childhandler (int);
+
+int
+tunnel_open (void);
diff --git a/crypto/kerberosIV/appl/kip/kipd.c b/crypto/kerberosIV/appl/kip/kipd.c
new file mode 100644
index 0000000..6d9d334
--- /dev/null
+++ b/crypto/kerberosIV/appl/kip/kipd.c
@@ -0,0 +1,128 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kip.h"
+
+RCSID("$Id: kipd.c,v 1.13 1997/05/18 20:38:01 assar Exp $");
+
+static int
+fatal (int fd, char *s)
+{
+ u_char err = 1;
+
+ write (fd, &err, sizeof(err));
+ write (fd, s, strlen(s)+1);
+ syslog(LOG_ERR, s);
+ return err;
+}
+
+static int
+recv_conn (int sock, des_cblock *key, des_key_schedule schedule,
+ struct sockaddr_in *retaddr)
+{
+ int status;
+ KTEXT_ST ticket;
+ AUTH_DAT auth;
+ char instance[INST_SZ + 1];
+ struct sockaddr_in thisaddr, thataddr;
+ int addrlen;
+ char version[KRB_SENDAUTH_VLEN + 1];
+ u_char ok = 0;
+ struct passwd *passwd;
+
+ addrlen = sizeof(thisaddr);
+ if (getsockname (sock, (struct sockaddr *)&thisaddr, &addrlen) < 0 ||
+ addrlen != sizeof(thisaddr)) {
+ return 1;
+ }
+ addrlen = sizeof(thataddr);
+ if (getpeername (sock, (struct sockaddr *)&thataddr, &addrlen) < 0 ||
+ addrlen != sizeof(thataddr)) {
+ return 1;
+ }
+
+ k_getsockinst (sock, instance, sizeof(instance));
+ status = krb_recvauth (KOPT_DO_MUTUAL, sock, &ticket, "rcmd", instance,
+ &thataddr, &thisaddr, &auth, "", schedule,
+ version);
+ if (status != KSUCCESS ||
+ strncmp(version, KIP_VERSION, KRB_SENDAUTH_VLEN) != 0) {
+ return 1;
+ }
+ passwd = k_getpwnam ("root");
+ if (passwd == NULL)
+ return fatal (sock, "Cannot find root");
+ if (kuserok(&auth, "root") != 0)
+ return fatal (sock, "Permission denied");
+ if (write (sock, &ok, sizeof(ok)) != sizeof(ok))
+ return 1;
+
+ memcpy(key, &auth.session, sizeof(des_cblock));
+ *retaddr = thataddr;
+ return 0;
+}
+
+static int
+doit(int sock)
+{
+ struct sockaddr_in thataddr;
+ des_key_schedule schedule;
+ des_cblock key;
+ int this;
+
+ if (recv_conn (sock, &key, schedule, &thataddr))
+ return 1;
+ this = tunnel_open ();
+ if (this < 0)
+ fatal (sock, "Cannot open " _PATH_DEV TUNDEV);
+ return copy_packets (this, sock, TUNMTU, &key, schedule);
+}
+
+/*
+ * kipd - receive forwarded IP
+ */
+
+int
+main (int argc, char **argv)
+{
+ set_progname (argv[0]);
+
+ openlog(__progname, LOG_PID|LOG_CONS, LOG_DAEMON);
+ signal (SIGCHLD, childhandler);
+ return doit(0);
+}
diff --git a/crypto/kerberosIV/config.guess b/crypto/kerberosIV/config.guess
new file mode 100644
index 0000000..74253c3
--- /dev/null
+++ b/crypto/kerberosIV/config.guess
@@ -0,0 +1,696 @@
+#! /bin/sh
+# Attempt to guess a canonical system name.
+# Copyright (C) 1992, 93, 94, 95, 1996 Free Software Foundation, Inc.
+#
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# Written by Per Bothner <bothner@cygnus.com>.
+# The master version of this file is at the FSF in /home/gd/gnu/lib.
+#
+# This script attempts to guess a canonical system name similar to
+# config.sub. If it succeeds, it prints the system name on stdout, and
+# exits with 0. Otherwise, it exits with 1.
+#
+# The plan is that this can be called by configure scripts if you
+# don't specify an explicit system type (host/target name).
+#
+# Only a few systems have been added to this list; please add others
+# (but try to keep the structure clean).
+#
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# (ghazi@noc.rutgers.edu 8/24/94.)
+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+ PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+trap 'rm -f dummy.c dummy.o dummy; exit 1' 1 2 15
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+ alpha:OSF1:*:*)
+ # A Vn.n version is a released version.
+ # A Tn.n version is a released field test version.
+ # A Xn.n version is an unreleased experimental baselevel.
+ # 1.2 uses "1.2" for uname -r.
+ echo alpha-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//'`
+ exit 0 ;;
+ 21064:Windows_NT:50:3)
+ echo alpha-dec-winnt3.5
+ exit 0 ;;
+ Amiga*:UNIX_System_V:4.0:*)
+ echo m68k-cbm-sysv4
+ exit 0;;
+ amiga:NetBSD:*:*)
+ echo m68k-cbm-netbsd${UNAME_RELEASE}
+ exit 0 ;;
+ amiga:OpenBSD:*:*)
+ echo m68k-cbm-openbsd${UNAME_RELEASE}
+ exit 0 ;;
+ arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+ echo arm-acorn-riscix${UNAME_RELEASE}
+ exit 0;;
+ Pyramid*:OSx*:*:*|MIS*:OSx*:*:*)
+ # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
+ if test "`(/bin/universe) 2>/dev/null`" = att ; then
+ echo pyramid-pyramid-sysv3
+ else
+ echo pyramid-pyramid-bsd
+ fi
+ exit 0 ;;
+ NILE:*:*:dcosx)
+ echo pyramid-pyramid-svr4
+ exit 0 ;;
+ sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+ echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit 0 ;;
+ i86pc:SunOS:5.*:*)
+ echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit 0 ;;
+ sun4*:SunOS:6*:*)
+ # According to config.sub, this is the proper way to canonicalize
+ # SunOS6. Hard to guess exactly what SunOS6 will be like, but
+ # it's likely to be more like Solaris than SunOS4.
+ echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit 0 ;;
+ sun4*:SunOS:*:*)
+ case "`/usr/bin/arch -k`" in
+ Series*|S4*)
+ UNAME_RELEASE=`uname -v`
+ ;;
+ esac
+ # Japanese Language versions have a version number like `4.1.3-JL'.
+ echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+ exit 0 ;;
+ sun3*:SunOS:*:*)
+ echo m68k-sun-sunos${UNAME_RELEASE}
+ exit 0 ;;
+ aushp:SunOS:*:*)
+ echo sparc-auspex-sunos${UNAME_RELEASE}
+ exit 0 ;;
+ atari*:NetBSD:*:*)
+ echo m68k-atari-netbsd${UNAME_RELEASE}
+ exit 0 ;;
+ atari*:OpenBSD:*:*)
+ echo m68k-atari-openbsd${UNAME_RELEASE}
+ exit 0 ;;
+ sun3*:NetBSD:*:*)
+ echo m68k-sun-netbsd${UNAME_RELEASE}
+ exit 0 ;;
+ sun3*:OpenBSD:*:*)
+ echo m68k-sun-openbsd${UNAME_RELEASE}
+ exit 0 ;;
+ mac68k:NetBSD:*:*)
+ echo m68k-apple-netbsd${UNAME_RELEASE}
+ exit 0 ;;
+ mac68k:OpenBSD:*:*)
+ echo m68k-apple-openbsd${UNAME_RELEASE}
+ exit 0 ;;
+ powerpc:machten:*:*)
+ echo powerpc-apple-machten${UNAME_RELEASE}
+ exit 0 ;;
+ RISC*:Mach:*:*)
+ echo mips-dec-mach_bsd4.3
+ exit 0 ;;
+ RISC*:ULTRIX:*:*)
+ echo mips-dec-ultrix${UNAME_RELEASE}
+ exit 0 ;;
+ VAX*:ULTRIX*:*:*)
+ echo vax-dec-ultrix${UNAME_RELEASE}
+ exit 0 ;;
+ mips:*:*:UMIPS | mips:*:*:RISCos)
+ sed 's/^ //' << EOF >dummy.c
+ int main (argc, argv) int argc; char **argv; {
+ #if defined (host_mips) && defined (MIPSEB)
+ #if defined (SYSTYPE_SYSV)
+ printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+ #endif
+ #if defined (SYSTYPE_SVR4)
+ printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+ #endif
+ #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+ printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+ #endif
+ #endif
+ exit (-1);
+ }
+EOF
+ ${CC-cc} dummy.c -o dummy \
+ && ./dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \
+ && rm dummy.c dummy && exit 0
+ rm -f dummy.c dummy
+ echo mips-mips-riscos${UNAME_RELEASE}
+ exit 0 ;;
+ Night_Hawk:Power_UNIX:*:*)
+ echo powerpc-harris-powerunix
+ exit 0 ;;
+ m88k:CX/UX:7*:*)
+ echo m88k-harris-cxux7
+ exit 0 ;;
+ m88k:*:4*:R4*)
+ echo m88k-motorola-sysv4
+ exit 0 ;;
+ m88k:*:3*:R3*)
+ echo m88k-motorola-sysv3
+ exit 0 ;;
+ AViiON:dgux:*:*)
+ # DG/UX returns AViiON for all architectures
+ UNAME_PROCESSOR=`/usr/bin/uname -p`
+ if [ $UNAME_PROCESSOR = mc88100 -o $UNAME_PROCESSOR = mc88110 ] ; then
+ if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx \
+ -o ${TARGET_BINARY_INTERFACE}x = x ] ; then
+ echo m88k-dg-dgux${UNAME_RELEASE}
+ else
+ echo m88k-dg-dguxbcs${UNAME_RELEASE}
+ fi
+ else echo i586-dg-dgux${UNAME_RELEASE}
+ fi
+ exit 0 ;;
+ M88*:DolphinOS:*:*) # DolphinOS (SVR3)
+ echo m88k-dolphin-sysv3
+ exit 0 ;;
+ M88*:*:R3*:*)
+ # Delta 88k system running SVR3
+ echo m88k-motorola-sysv3
+ exit 0 ;;
+ XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+ echo m88k-tektronix-sysv3
+ exit 0 ;;
+ Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+ echo m68k-tektronix-bsd
+ exit 0 ;;
+ *:IRIX*:*:*)
+ echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+ exit 0 ;;
+ ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+ echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
+ exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX '
+ i?86:AIX:*:*)
+ echo i386-ibm-aix
+ exit 0 ;;
+ *:AIX:2:3)
+ if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+ sed 's/^ //' << EOF >dummy.c
+ #include <sys/systemcfg.h>
+
+ main()
+ {
+ if (!__power_pc())
+ exit(1);
+ puts("powerpc-ibm-aix3.2.5");
+ exit(0);
+ }
+EOF
+ ${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0
+ rm -f dummy.c dummy
+ echo rs6000-ibm-aix3.2.5
+ elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+ echo rs6000-ibm-aix3.2.4
+ else
+ echo rs6000-ibm-aix3.2
+ fi
+ exit 0 ;;
+ *:AIX:*:4)
+ if /usr/sbin/lsattr -EHl proc0 | grep POWER >/dev/null 2>&1; then
+ IBM_ARCH=rs6000
+ else
+ IBM_ARCH=powerpc
+ fi
+ if [ -x /usr/bin/oslevel ] ; then
+ IBM_REV=`/usr/bin/oslevel`
+ else
+ IBM_REV=4.${UNAME_RELEASE}
+ fi
+ echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+ exit 0 ;;
+ *:AIX:*:*)
+ echo rs6000-ibm-aix
+ exit 0 ;;
+ ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+ echo romp-ibm-bsd4.4
+ exit 0 ;;
+ ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC NetBSD and
+ echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to
+ exit 0 ;; # report: romp-ibm BSD 4.3
+ *:BOSX:*:*)
+ echo rs6000-bull-bosx
+ exit 0 ;;
+ DPX/2?00:B.O.S.:*:*)
+ echo m68k-bull-sysv3
+ exit 0 ;;
+ 9000/[34]??:4.3bsd:1.*:*)
+ echo m68k-hp-bsd
+ exit 0 ;;
+ hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+ echo m68k-hp-bsd4.4
+ exit 0 ;;
+ 9000/[3478]??:HP-UX:*:*)
+ case "${UNAME_MACHINE}" in
+ 9000/31? ) HP_ARCH=m68000 ;;
+ 9000/[34]?? ) HP_ARCH=m68k ;;
+ 9000/7?? | 9000/8?[1679] ) HP_ARCH=hppa1.1 ;;
+ 9000/8?? ) HP_ARCH=hppa1.0 ;;
+ esac
+ HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+ echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+ exit 0 ;;
+ 3050*:HI-UX:*:*)
+ sed 's/^ //' << EOF >dummy.c
+ #include <unistd.h>
+ int
+ main ()
+ {
+ long cpu = sysconf (_SC_CPU_VERSION);
+ /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+ true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct
+ results, however. */
+ if (CPU_IS_PA_RISC (cpu))
+ {
+ switch (cpu)
+ {
+ case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+ case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+ case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+ default: puts ("hppa-hitachi-hiuxwe2"); break;
+ }
+ }
+ else if (CPU_IS_HP_MC68K (cpu))
+ puts ("m68k-hitachi-hiuxwe2");
+ else puts ("unknown-hitachi-hiuxwe2");
+ exit (0);
+ }
+EOF
+ ${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0
+ rm -f dummy.c dummy
+ echo unknown-hitachi-hiuxwe2
+ exit 0 ;;
+ 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+ echo hppa1.1-hp-bsd
+ exit 0 ;;
+ 9000/8??:4.3bsd:*:*)
+ echo hppa1.0-hp-bsd
+ exit 0 ;;
+ hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+ echo hppa1.1-hp-osf
+ exit 0 ;;
+ hp8??:OSF1:*:*)
+ echo hppa1.0-hp-osf
+ exit 0 ;;
+ i?86:OSF1:*:*)
+ if [ -x /usr/sbin/sysversion ] ; then
+ echo ${UNAME_MACHINE}-unknown-osf1mk
+ else
+ echo ${UNAME_MACHINE}-unknown-osf1
+ fi
+ exit 0 ;;
+ parisc*:Lites*:*:*)
+ echo hppa1.1-hp-lites
+ exit 0 ;;
+ C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+ echo c1-convex-bsd
+ exit 0 ;;
+ C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+ if getsysinfo -f scalar_acc
+ then echo c32-convex-bsd
+ else echo c2-convex-bsd
+ fi
+ exit 0 ;;
+ C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+ echo c34-convex-bsd
+ exit 0 ;;
+ C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+ echo c38-convex-bsd
+ exit 0 ;;
+ C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+ echo c4-convex-bsd
+ exit 0 ;;
+ CRAY*X-MP:*:*:*)
+ echo xmp-cray-unicos
+ exit 0 ;;
+ CRAY*Y-MP:*:*:*)
+ echo ymp-cray-unicos${UNAME_RELEASE}
+ exit 0 ;;
+ CRAY*[A-Z]90:*:*:*)
+ echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/
+ exit 0 ;;
+ CRAY*TS:*:*:*)
+ echo t90-cray-unicos${UNAME_RELEASE}
+ exit 0 ;;
+ CRAY-2:*:*:*)
+ echo cray2-cray-unicos
+ exit 0 ;;
+ F300:UNIX_System_V:*:*)
+ FUJITSU_SYS=`uname -p | tr [A-Z] [a-z] | sed -e 's/\///'`
+ FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+ echo "f300-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+ exit 0 ;;
+ F301:UNIX_System_V:*:*)
+ echo f301-fujitsu-uxpv`echo $UNAME_RELEASE | sed 's/ .*//'`
+ exit 0 ;;
+ hp3[0-9][05]:NetBSD:*:*)
+ echo m68k-hp-netbsd${UNAME_RELEASE}
+ exit 0 ;;
+ hp3[0-9][05]:OpenBSD:*:*)
+ echo m68k-hp-openbsd${UNAME_RELEASE}
+ exit 0 ;;
+ i?86:BSD/386:*:* | *:BSD/OS:*:*)
+ echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+ exit 0 ;;
+ *:FreeBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+ exit 0 ;;
+ *:NetBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-netbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+ exit 0 ;;
+ *:OpenBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-openbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+ exit 0 ;;
+ i*:CYGWIN*:*)
+ echo i386-pc-cygwin32
+ exit 0 ;;
+ p*:CYGWIN*:*)
+ echo powerpcle-unknown-cygwin32
+ exit 0 ;;
+ prep*:SunOS:5.*:*)
+ echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit 0 ;;
+ *:GNU:*:*)
+ echo `echo ${UNAME_MACHINE}|sed -e 's,/.*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+ exit 0 ;;
+ *:Linux:*:*)
+ # The BFD linker knows what the default object file format is, so
+ # first see if it will tell us.
+ ld_help_string=`ld --help 2>&1`
+ if echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: elf_i.86"; then
+ echo "${UNAME_MACHINE}-pc-linux-gnu" ; exit 0
+ elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: i.86linux"; then
+ echo "${UNAME_MACHINE}-pc-linux-gnuaout" ; exit 0
+ elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: i.86coff"; then
+ echo "${UNAME_MACHINE}-pc-linux-gnucoff" ; exit 0
+ elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: m68kelf"; then
+ echo "${UNAME_MACHINE}-unknown-linux-gnu" ; exit 0
+ elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: m68klinux"; then
+ echo "${UNAME_MACHINE}-unknown-linux-gnuaout" ; exit 0
+ elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: elf32ppc"; then
+ echo "powerpc-unknown-linux-gnu" ; exit 0
+ elif test "${UNAME_MACHINE}" = "alpha" ; then
+ echo alpha-unknown-linux-gnu ; exit 0
+ elif test "${UNAME_MACHINE}" = "sparc" ; then
+ echo sparc-unknown-linux-gnu ; exit 0
+ else
+ # Either a pre-BFD a.out linker (linux-gnuoldld) or one that does not give us
+ # useful --help. Gcc wants to distinguish between linux-gnuoldld and linux-gnuaout.
+ test ! -d /usr/lib/ldscripts/. \
+ && echo "${UNAME_MACHINE}-pc-linux-gnuoldld" && exit 0
+ # Determine whether the default compiler is a.out or elf
+ cat >dummy.c <<EOF
+main(argc, argv)
+int argc;
+char *argv[];
+{
+#ifdef __ELF__
+ printf ("%s-pc-linux-gnu\n", argv[1]);
+#else
+ printf ("%s-pc-linux-gnuaout\n", argv[1]);
+#endif
+ return 0;
+}
+EOF
+ ${CC-cc} dummy.c -o dummy 2>/dev/null && ./dummy "${UNAME_MACHINE}" && rm dummy.c dummy && exit 0
+ rm -f dummy.c dummy
+ fi ;;
+# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. earlier versions
+# are messed up and put the nodename in both sysname and nodename.
+ i?86:DYNIX/ptx:4*:*)
+ echo i386-sequent-sysv4
+ exit 0 ;;
+ i?86:*:4.*:* | i?86:SYSTEM_V:4.*:*)
+ if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+ echo ${UNAME_MACHINE}-univel-sysv${UNAME_RELEASE}
+ else
+ echo ${UNAME_MACHINE}-pc-sysv${UNAME_RELEASE}
+ fi
+ exit 0 ;;
+ i?86:*:3.2:*)
+ if test -f /usr/options/cb.name; then
+ UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+ echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+ elif /bin/uname -X 2>/dev/null >/dev/null ; then
+ UNAME_REL=`(/bin/uname -X|egrep Release|sed -e 's/.*= //')`
+ (/bin/uname -X|egrep i80486 >/dev/null) && UNAME_MACHINE=i486
+ (/bin/uname -X|egrep '^Machine.*Pentium' >/dev/null) \
+ && UNAME_MACHINE=i586
+ echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+ else
+ echo ${UNAME_MACHINE}-pc-sysv32
+ fi
+ exit 0 ;;
+ Intel:Mach:3*:*)
+ echo i386-pc-mach3
+ exit 0 ;;
+ paragon:*:*:*)
+ echo i860-intel-osf1
+ exit 0 ;;
+ i860:*:4.*:*) # i860-SVR4
+ if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+ echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+ else # Add other i860-SVR4 vendors below as they are discovered.
+ echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4
+ fi
+ exit 0 ;;
+ mini*:CTIX:SYS*5:*)
+ # "miniframe"
+ echo m68010-convergent-sysv
+ exit 0 ;;
+ M68*:*:R3V[567]*:*)
+ test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;;
+ 3[34]??:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 4850:*:4.0:3.0)
+ OS_REL=''
+ test -r /etc/.relid \
+ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && echo i486-ncr-sysv4.3${OS_REL} && exit 0
+ /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+ && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;;
+ 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && echo i486-ncr-sysv4 && exit 0 ;;
+ m68*:LynxOS:2.*:*)
+ echo m68k-unknown-lynxos${UNAME_RELEASE}
+ exit 0 ;;
+ mc68030:UNIX_System_V:4.*:*)
+ echo m68k-atari-sysv4
+ exit 0 ;;
+ i?86:LynxOS:2.*:*)
+ echo i386-unknown-lynxos${UNAME_RELEASE}
+ exit 0 ;;
+ TSUNAMI:LynxOS:2.*:*)
+ echo sparc-unknown-lynxos${UNAME_RELEASE}
+ exit 0 ;;
+ rs6000:LynxOS:2.*:* | PowerPC:LynxOS:2.*:*)
+ echo rs6000-unknown-lynxos${UNAME_RELEASE}
+ exit 0 ;;
+ SM[BE]S:UNIX_SV:*:*)
+ echo mips-dde-sysv${UNAME_RELEASE}
+ exit 0 ;;
+ RM*:SINIX-*:*:*)
+ echo mips-sni-sysv4
+ exit 0 ;;
+ *:SINIX-*:*:*)
+ if uname -p 2>/dev/null >/dev/null ; then
+ UNAME_MACHINE=`(uname -p) 2>/dev/null`
+ echo ${UNAME_MACHINE}-sni-sysv4
+ else
+ echo ns32k-sni-sysv
+ fi
+ exit 0 ;;
+ *:UNIX_System_V:4*:FTX*)
+ # From Gerald Hewes <hewes@openmarket.com>.
+ # How about differentiating between stratus architectures? -djm
+ echo hppa1.1-stratus-sysv4
+ exit 0 ;;
+ *:*:*:FTX*)
+ # From seanf@swdc.stratus.com.
+ echo i860-stratus-sysv4
+ exit 0 ;;
+ mc68*:A/UX:*:*)
+ echo m68k-apple-aux${UNAME_RELEASE}
+ exit 0 ;;
+ R3000:*System_V*:*:* | R4000:UNIX_SYSV:*:*)
+ if [ -d /usr/nec ]; then
+ echo mips-nec-sysv${UNAME_RELEASE}
+ else
+ echo mips-unknown-sysv${UNAME_RELEASE}
+ fi
+ exit 0 ;;
+ PENTIUM:CPunix:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+ # says <Richard.M.Bartel@ccMail.Census.GOV>
+ echo i586-unisys-sysv4
+ exit 0 ;;
+ *:OS/2:*:*)
+ echo ${UNAME_MACHINE}-pc-os2_emx
+ exit 0 ;;
+esac
+
+#echo '(No uname command or uname output not recognized.)' 1>&2
+#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
+
+cat >dummy.c <<EOF
+#ifdef _SEQUENT_
+# include <sys/types.h>
+# include <sys/utsname.h>
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+ /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed,
+ I don't know.... */
+ printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+ printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+ "4"
+#else
+ ""
+#endif
+ ); exit (0);
+#endif
+#endif
+
+#if defined (__arm) && defined (__acorn) && defined (__unix)
+ printf ("arm-acorn-riscix"); exit (0);
+#endif
+
+#if defined (hp300) && !defined (hpux)
+ printf ("m68k-hp-bsd\n"); exit (0);
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+ int version;
+ version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+ printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+ exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+ printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+ printf ("ns32k-encore-mach\n"); exit (0);
+#else
+ printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+ printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+ printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+ printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+ struct utsname un;
+
+ uname(&un);
+
+ if (strncmp(un.version, "V2", 2) == 0) {
+ printf ("i386-sequent-ptx2\n"); exit (0);
+ }
+ if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+ printf ("i386-sequent-ptx1\n"); exit (0);
+ }
+ printf ("i386-sequent-ptx\n"); exit (0);
+
+#endif
+
+#if defined (vax)
+#if !defined (ultrix)
+ printf ("vax-dec-bsd\n"); exit (0);
+#else
+ printf ("vax-dec-ultrix\n"); exit (0);
+#endif
+#endif
+
+#if defined (alliant) && defined (i860)
+ printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+ exit (1);
+}
+EOF
+
+${CC-cc} dummy.c -o dummy 2>/dev/null && ./dummy && rm dummy.c dummy && exit 0
+rm -f dummy.c dummy
+
+# Apollos put the system type in the environment.
+
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; }
+
+# Convex versions that predate uname can use getsysinfo(1)
+
+if [ -x /usr/convex/getsysinfo ]
+then
+ case `getsysinfo -f cpu_type` in
+ c1*)
+ echo c1-convex-bsd
+ exit 0 ;;
+ c2*)
+ if getsysinfo -f scalar_acc
+ then echo c32-convex-bsd
+ else echo c2-convex-bsd
+ fi
+ exit 0 ;;
+ c34*)
+ echo c34-convex-bsd
+ exit 0 ;;
+ c38*)
+ echo c38-convex-bsd
+ exit 0 ;;
+ c4*)
+ echo c4-convex-bsd
+ exit 0 ;;
+ esac
+fi
+
+#echo '(Unable to guess system type)' 1>&2
+
+exit 1
diff --git a/crypto/kerberosIV/config.sub b/crypto/kerberosIV/config.sub
new file mode 100644
index 0000000..75822a2
--- /dev/null
+++ b/crypto/kerberosIV/config.sub
@@ -0,0 +1,932 @@
+#! /bin/sh
+# Configuration validation subroutine script, version 1.1.
+# Copyright (C) 1991, 92, 93, 94, 95, 1996 Free Software Foundation, Inc.
+# This file is (in principle) common to ALL GNU software.
+# The presence of a machine in this file suggests that SOME GNU software
+# can handle that machine. It does not imply ALL GNU software can.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330,
+# Boston, MA 02111-1307, USA.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support. The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+if [ x$1 = x ]
+then
+ echo Configuration name missing. 1>&2
+ echo "Usage: $0 CPU-MFR-OPSYS" 1>&2
+ echo "or $0 ALIAS" 1>&2
+ echo where ALIAS is a recognized configuration type. 1>&2
+ exit 1
+fi
+
+# First pass through any local machine types.
+case $1 in
+ *local*)
+ echo $1
+ exit 0
+ ;;
+ *)
+ ;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+ linux-gnu*)
+ os=-$maybe_os
+ basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+ ;;
+ *)
+ basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+ if [ $basic_machine != $1 ]
+ then os=`echo $1 | sed 's/.*-/-/'`
+ else os=; fi
+ ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work. We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+ -sun*os*)
+ # Prevent following clause from handling this invalid input.
+ ;;
+ -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+ -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+ -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+ -apple)
+ os=
+ basic_machine=$1
+ ;;
+ -hiux*)
+ os=-hiuxwe2
+ ;;
+ -sco5)
+ os=sco3.2v5
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco4)
+ os=-sco3.2v4
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco3.2.[4-9]*)
+ os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco3.2v[4-9]*)
+ # Don't forget version if it is 3.2v4 or newer.
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco*)
+ os=-sco3.2v2
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -isc)
+ os=-isc2.2
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -clix*)
+ basic_machine=clipper-intergraph
+ ;;
+ -isc*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -lynx*)
+ os=-lynxos
+ ;;
+ -ptx*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+ ;;
+ -windowsnt*)
+ os=`echo $os | sed -e 's/windowsnt/winnt/'`
+ ;;
+ -psos*)
+ os=-psos
+ ;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+ # Recognize the basic CPU types without company name.
+ # Some are omitted here because they have special meanings below.
+ tahoe | i860 | m68k | m68000 | m88k | ns32k | arm \
+ | arme[lb] | pyramid \
+ | tron | a29k | 580 | i960 | h8300 | hppa | hppa1.0 | hppa1.1 \
+ | alpha | we32k | ns16k | clipper | i370 | sh \
+ | powerpc | powerpcle | 1750a | dsp16xx | mips64 | mipsel \
+ | pdp11 | mips64el | mips64orion | mips64orionel \
+ | sparc | sparclet | sparclite | sparc64)
+ basic_machine=$basic_machine-unknown
+ ;;
+ # We use `pc' rather than `unknown'
+ # because (1) that's what they normally are, and
+ # (2) the word "unknown" tends to confuse beginning users.
+ i[3456]86)
+ basic_machine=$basic_machine-pc
+ ;;
+ # Object if more than one company name word.
+ *-*-*)
+ echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+ exit 1
+ ;;
+ # Recognize the basic CPU types with company name.
+ vax-* | tahoe-* | i[3456]86-* | i860-* | m68k-* | m68000-* | m88k-* \
+ | sparc-* | ns32k-* | fx80-* | arm-* | c[123]* \
+ | mips-* | pyramid-* | tron-* | a29k-* | romp-* | rs6000-* | power-* \
+ | none-* | 580-* | cray2-* | h8300-* | i960-* | xmp-* | ymp-* \
+ | hppa-* | hppa1.0-* | hppa1.1-* | alpha-* | we32k-* | cydra-* | ns16k-* \
+ | pn-* | np1-* | xps100-* | clipper-* | orion-* | sparclite-* \
+ | pdp11-* | sh-* | powerpc-* | powerpcle-* | sparc64-* | mips64-* | mipsel-* \
+ | mips64el-* | mips64orion-* | mips64orionel-* | f301-*)
+ ;;
+ # Recognize the various machine names and aliases which stand
+ # for a CPU type and a company and sometimes even an OS.
+ 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+ basic_machine=m68000-att
+ ;;
+ 3b*)
+ basic_machine=we32k-att
+ ;;
+ alliant | fx80)
+ basic_machine=fx80-alliant
+ ;;
+ altos | altos3068)
+ basic_machine=m68k-altos
+ ;;
+ am29k)
+ basic_machine=a29k-none
+ os=-bsd
+ ;;
+ amdahl)
+ basic_machine=580-amdahl
+ os=-sysv
+ ;;
+ amiga | amiga-*)
+ basic_machine=m68k-cbm
+ ;;
+ amigados)
+ basic_machine=m68k-cbm
+ os=-amigados
+ ;;
+ amigaunix | amix)
+ basic_machine=m68k-cbm
+ os=-sysv4
+ ;;
+ apollo68)
+ basic_machine=m68k-apollo
+ os=-sysv
+ ;;
+ aux)
+ basic_machine=m68k-apple
+ os=-aux
+ ;;
+ balance)
+ basic_machine=ns32k-sequent
+ os=-dynix
+ ;;
+ convex-c1)
+ basic_machine=c1-convex
+ os=-bsd
+ ;;
+ convex-c2)
+ basic_machine=c2-convex
+ os=-bsd
+ ;;
+ convex-c32)
+ basic_machine=c32-convex
+ os=-bsd
+ ;;
+ convex-c34)
+ basic_machine=c34-convex
+ os=-bsd
+ ;;
+ convex-c38)
+ basic_machine=c38-convex
+ os=-bsd
+ ;;
+ cray | ymp)
+ basic_machine=ymp-cray
+ os=-unicos
+ ;;
+ cray2)
+ basic_machine=cray2-cray
+ os=-unicos
+ ;;
+ [ctj]90-cray)
+ #basic_machine=c90-cray
+ os=-unicos
+ ;;
+ crds | unos)
+ basic_machine=m68k-crds
+ ;;
+ da30 | da30-*)
+ basic_machine=m68k-da30
+ ;;
+ decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+ basic_machine=mips-dec
+ ;;
+ delta | 3300 | motorola-3300 | motorola-delta \
+ | 3300-motorola | delta-motorola)
+ basic_machine=m68k-motorola
+ ;;
+ delta88)
+ basic_machine=m88k-motorola
+ os=-sysv3
+ ;;
+ dpx20 | dpx20-*)
+ basic_machine=rs6000-bull
+ os=-bosx
+ ;;
+ dpx2* | dpx2*-bull)
+ basic_machine=m68k-bull
+ os=-sysv3
+ ;;
+ ebmon29k)
+ basic_machine=a29k-amd
+ os=-ebmon
+ ;;
+ elxsi)
+ basic_machine=elxsi-elxsi
+ os=-bsd
+ ;;
+ encore | umax | mmax)
+ basic_machine=ns32k-encore
+ ;;
+ fx2800)
+ basic_machine=i860-alliant
+ ;;
+ genix)
+ basic_machine=ns32k-ns
+ ;;
+ gmicro)
+ basic_machine=tron-gmicro
+ os=-sysv
+ ;;
+ h3050r* | hiux*)
+ basic_machine=hppa1.1-hitachi
+ os=-hiuxwe2
+ ;;
+ h8300hms)
+ basic_machine=h8300-hitachi
+ os=-hms
+ ;;
+ harris)
+ basic_machine=m88k-harris
+ os=-sysv3
+ ;;
+ hp300-*)
+ basic_machine=m68k-hp
+ ;;
+ hp300bsd)
+ basic_machine=m68k-hp
+ os=-bsd
+ ;;
+ hp300hpux)
+ basic_machine=m68k-hp
+ os=-hpux
+ ;;
+ hp9k2[0-9][0-9] | hp9k31[0-9])
+ basic_machine=m68000-hp
+ ;;
+ hp9k3[2-9][0-9])
+ basic_machine=m68k-hp
+ ;;
+ hp9k7[0-9][0-9] | hp7[0-9][0-9] | hp9k8[0-9]7 | hp8[0-9]7)
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[0-9][0-9] | hp8[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hppa-next)
+ os=-nextstep3
+ ;;
+ i370-ibm* | ibm*)
+ basic_machine=i370-ibm
+ os=-mvs
+ ;;
+# I'm not sure what "Sysv32" means. Should this be sysv3.2?
+ i[3456]86v32)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv32
+ ;;
+ i[3456]86v4*)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv4
+ ;;
+ i[3456]86v)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv
+ ;;
+ i[3456]86sol2)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-solaris2
+ ;;
+ iris | iris4d)
+ basic_machine=mips-sgi
+ case $os in
+ -irix*)
+ ;;
+ *)
+ os=-irix4
+ ;;
+ esac
+ ;;
+ isi68 | isi)
+ basic_machine=m68k-isi
+ os=-sysv
+ ;;
+ m88k-omron*)
+ basic_machine=m88k-omron
+ ;;
+ magnum | m3230)
+ basic_machine=mips-mips
+ os=-sysv
+ ;;
+ merlin)
+ basic_machine=ns32k-utek
+ os=-sysv
+ ;;
+ miniframe)
+ basic_machine=m68000-convergent
+ ;;
+ mips3*-*)
+ basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+ ;;
+ mips3*)
+ basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+ ;;
+ ncr3000)
+ basic_machine=i486-ncr
+ os=-sysv4
+ ;;
+ news | news700 | news800 | news900)
+ basic_machine=m68k-sony
+ os=-newsos
+ ;;
+ news1000)
+ basic_machine=m68030-sony
+ os=-newsos
+ ;;
+ news-3600 | risc-news)
+ basic_machine=mips-sony
+ os=-newsos
+ ;;
+ next | m*-next )
+ basic_machine=m68k-next
+ case $os in
+ -nextstep* )
+ ;;
+ -ns2*)
+ os=-nextstep2
+ ;;
+ *)
+ os=-nextstep3
+ ;;
+ esac
+ ;;
+ nh3000)
+ basic_machine=m68k-harris
+ os=-cxux
+ ;;
+ nh[45]000)
+ basic_machine=m88k-harris
+ os=-cxux
+ ;;
+ nindy960)
+ basic_machine=i960-intel
+ os=-nindy
+ ;;
+ np1)
+ basic_machine=np1-gould
+ ;;
+ pa-hitachi)
+ basic_machine=hppa1.1-hitachi
+ os=-hiuxwe2
+ ;;
+ paragon)
+ basic_machine=i860-intel
+ os=-osf
+ ;;
+ pbd)
+ basic_machine=sparc-tti
+ ;;
+ pbb)
+ basic_machine=m68k-tti
+ ;;
+ pc532 | pc532-*)
+ basic_machine=ns32k-pc532
+ ;;
+ pentium | p5)
+ basic_machine=i586-intel
+ ;;
+ pentiumpro | p6)
+ basic_machine=i686-intel
+ ;;
+ pentium-* | p5-*)
+ basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentiumpro-* | p6-*)
+ basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ k5)
+ # We don't have specific support for AMD's K5 yet, so just call it a Pentium
+ basic_machine=i586-amd
+ ;;
+ nexen)
+ # We don't have specific support for Nexgen yet, so just call it a Pentium
+ basic_machine=i586-nexgen
+ ;;
+ pn)
+ basic_machine=pn-gould
+ ;;
+ power) basic_machine=rs6000-ibm
+ ;;
+ ppc) basic_machine=powerpc-unknown
+ ;;
+ ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppcle | powerpclittle | ppc-le | powerpc-little)
+ basic_machine=powerpcle-unknown
+ ;;
+ ppcle-* | powerpclittle-*)
+ basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ps2)
+ basic_machine=i386-ibm
+ ;;
+ rm[46]00)
+ basic_machine=mips-siemens
+ ;;
+ rtpc | rtpc-*)
+ basic_machine=romp-ibm
+ ;;
+ sequent)
+ basic_machine=i386-sequent
+ ;;
+ sh)
+ basic_machine=sh-hitachi
+ os=-hms
+ ;;
+ sps7)
+ basic_machine=m68k-bull
+ os=-sysv2
+ ;;
+ spur)
+ basic_machine=spur-unknown
+ ;;
+ sun2)
+ basic_machine=m68000-sun
+ ;;
+ sun2os3)
+ basic_machine=m68000-sun
+ os=-sunos3
+ ;;
+ sun2os4)
+ basic_machine=m68000-sun
+ os=-sunos4
+ ;;
+ sun3os3)
+ basic_machine=m68k-sun
+ os=-sunos3
+ ;;
+ sun3os4)
+ basic_machine=m68k-sun
+ os=-sunos4
+ ;;
+ sun4os3)
+ basic_machine=sparc-sun
+ os=-sunos3
+ ;;
+ sun4os4)
+ basic_machine=sparc-sun
+ os=-sunos4
+ ;;
+ sun4sol2)
+ basic_machine=sparc-sun
+ os=-solaris2
+ ;;
+ sun3 | sun3-*)
+ basic_machine=m68k-sun
+ ;;
+ sun4)
+ basic_machine=sparc-sun
+ ;;
+ sun386 | sun386i | roadrunner)
+ basic_machine=i386-sun
+ ;;
+ symmetry)
+ basic_machine=i386-sequent
+ os=-dynix
+ ;;
+ tower | tower-32)
+ basic_machine=m68k-ncr
+ ;;
+ udi29k)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ ultra3)
+ basic_machine=a29k-nyu
+ os=-sym1
+ ;;
+ vaxv)
+ basic_machine=vax-dec
+ os=-sysv
+ ;;
+ vpp*|vx|vx-*)
+ basic_machine=f301-fujitsu
+ ;;
+ vms)
+ basic_machine=vax-dec
+ os=-vms
+ ;;
+ vpp*|vx|vx-*)
+ basic_machine=f301-fujitsu
+ ;;
+ vxworks960)
+ basic_machine=i960-wrs
+ os=-vxworks
+ ;;
+ vxworks68)
+ basic_machine=m68k-wrs
+ os=-vxworks
+ ;;
+ vxworks29k)
+ basic_machine=a29k-wrs
+ os=-vxworks
+ ;;
+ xmp)
+ basic_machine=xmp-cray
+ os=-unicos
+ ;;
+ xps | xps100)
+ basic_machine=xps100-honeywell
+ ;;
+ none)
+ basic_machine=none-none
+ os=-none
+ ;;
+
+# Here we handle the default manufacturer of certain CPU types. It is in
+# some cases the only manufacturer, in others, it is the most popular.
+ mips)
+ basic_machine=mips-mips
+ ;;
+ romp)
+ basic_machine=romp-ibm
+ ;;
+ rs6000)
+ basic_machine=rs6000-ibm
+ ;;
+ vax)
+ basic_machine=vax-dec
+ ;;
+ pdp11)
+ basic_machine=pdp11-dec
+ ;;
+ we32k)
+ basic_machine=we32k-att
+ ;;
+ sparc)
+ basic_machine=sparc-sun
+ ;;
+ cydra)
+ basic_machine=cydra-cydrome
+ ;;
+ orion)
+ basic_machine=orion-highlevel
+ ;;
+ orion105)
+ basic_machine=clipper-highlevel
+ ;;
+ *)
+ echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+ exit 1
+ ;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+ *-digital*)
+ basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+ ;;
+ *-commodore*)
+ basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+ ;;
+ *)
+ ;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+ # First match some system type aliases
+ # that might get confused with valid system types.
+ # -solaris* is a basic system type, with this one exception.
+ -solaris1 | -solaris1.*)
+ os=`echo $os | sed -e 's|solaris1|sunos4|'`
+ ;;
+ -solaris)
+ os=-solaris2
+ ;;
+ -unixware* | svr4*)
+ os=-sysv4
+ ;;
+ -gnu/linux*)
+ os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+ ;;
+ # First accept the basic system types.
+ # The portable systems comes first.
+ # Each alternative MUST END IN A *, to match a version number.
+ # -sysv* is not here because it comes later, after sysvr4.
+ -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+ | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
+ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
+ | -amigados* | -msdos* | -newsos* | -unicos* | -aof* | -aos* \
+ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+ | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \
+ | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* \
+ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+ | -cygwin32* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+ | -linux-gnu* | -uxpv*)
+ # Remember, each alternative MUST END IN *, to match a version number.
+ ;;
+ -linux*)
+ os=`echo $os | sed -e 's|linux|linux-gnu|'`
+ ;;
+ -sunos5*)
+ os=`echo $os | sed -e 's|sunos5|solaris2|'`
+ ;;
+ -sunos6*)
+ os=`echo $os | sed -e 's|sunos6|solaris3|'`
+ ;;
+ -osfrose*)
+ os=-osfrose
+ ;;
+ -osf*)
+ os=-osf
+ ;;
+ -utek*)
+ os=-bsd
+ ;;
+ -dynix*)
+ os=-bsd
+ ;;
+ -acis*)
+ os=-aos
+ ;;
+ -ctix* | -uts*)
+ os=-sysv
+ ;;
+ -ns2 )
+ os=-nextstep2
+ ;;
+ # Preserve the version number of sinix5.
+ -sinix5.*)
+ os=`echo $os | sed -e 's|sinix|sysv|'`
+ ;;
+ -sinix*)
+ os=-sysv4
+ ;;
+ -triton*)
+ os=-sysv3
+ ;;
+ -oss*)
+ os=-sysv3
+ ;;
+ -svr4)
+ os=-sysv4
+ ;;
+ -svr3)
+ os=-sysv3
+ ;;
+ -sysvr4)
+ os=-sysv4
+ ;;
+ # This must come after -sysvr4.
+ -sysv*)
+ ;;
+ -xenix)
+ os=-xenix
+ ;;
+ -os2*)
+ ;;
+ -none)
+ ;;
+ *)
+ # Get rid of the `-' at the beginning of $os.
+ os=`echo $os | sed 's/[^-]*-//'`
+ echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+ exit 1
+ ;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system. Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+ *-acorn)
+ os=-riscix1.2
+ ;;
+ arm*-semi)
+ os=-aout
+ ;;
+ pdp11-*)
+ os=-none
+ ;;
+ *-dec | vax-*)
+ os=-ultrix4.2
+ ;;
+ m68*-apollo)
+ os=-domain
+ ;;
+ i386-sun)
+ os=-sunos4.0.2
+ ;;
+ m68000-sun)
+ os=-sunos3
+ # This also exists in the configure program, but was not the
+ # default.
+ # os=-sunos4
+ ;;
+ *-tti) # must be before sparc entry or we get the wrong os.
+ os=-sysv3
+ ;;
+ sparc-* | *-sun)
+ os=-sunos4.1.1
+ ;;
+ *-ibm)
+ os=-aix
+ ;;
+ *-hp)
+ os=-hpux
+ ;;
+ *-hitachi)
+ os=-hiux
+ ;;
+ i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+ os=-sysv
+ ;;
+ *-cbm)
+ os=-amigados
+ ;;
+ *-dg)
+ os=-dgux
+ ;;
+ *-dolphin)
+ os=-sysv3
+ ;;
+ m68k-ccur)
+ os=-rtu
+ ;;
+ m88k-omron*)
+ os=-luna
+ ;;
+ *-next )
+ os=-nextstep
+ ;;
+ *-sequent)
+ os=-ptx
+ ;;
+ *-crds)
+ os=-unos
+ ;;
+ *-ns)
+ os=-genix
+ ;;
+ i370-*)
+ os=-mvs
+ ;;
+ *-next)
+ os=-nextstep3
+ ;;
+ *-gould)
+ os=-sysv
+ ;;
+ *-highlevel)
+ os=-bsd
+ ;;
+ *-encore)
+ os=-bsd
+ ;;
+ *-sgi)
+ os=-irix
+ ;;
+ *-siemens)
+ os=-sysv4
+ ;;
+ *-masscomp)
+ os=-rtu
+ ;;
+ f301-fujitsu)
+ os=-uxpv
+ ;;
+ *)
+ os=-none
+ ;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer. We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+ *-unknown)
+ case $os in
+ -riscix*)
+ vendor=acorn
+ ;;
+ -sunos*)
+ vendor=sun
+ ;;
+ -aix*)
+ vendor=ibm
+ ;;
+ -hpux*)
+ vendor=hp
+ ;;
+ -hiux*)
+ vendor=hitachi
+ ;;
+ -unos*)
+ vendor=crds
+ ;;
+ -dgux*)
+ vendor=dg
+ ;;
+ -luna*)
+ vendor=omron
+ ;;
+ -genix*)
+ vendor=ns
+ ;;
+ -mvs*)
+ vendor=ibm
+ ;;
+ -ptx*)
+ vendor=sequent
+ ;;
+ -vxsim* | -vxworks*)
+ vendor=wrs
+ ;;
+ -aux*)
+ vendor=apple
+ ;;
+ esac
+ basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+ ;;
+esac
+
+echo $basic_machine$os
diff --git a/crypto/kerberosIV/configure b/crypto/kerberosIV/configure
new file mode 100644
index 0000000..e6fefbf
--- /dev/null
+++ b/crypto/kerberosIV/configure
@@ -0,0 +1,9343 @@
+#! /bin/sh
+
+# From configure.in Revision: 1.285
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# Guess values for system-dependent variables and create Makefiles.
+# Generated automatically using autoconf version 2.12
+# Copyright (C) 1992, 93, 94, 95, 96 Free Software Foundation, Inc.
+#
+# This configure script is free software; the Free Software Foundation
+# gives unlimited permission to copy, distribute and modify it.
+
+# Defaults:
+ac_help=
+ac_default_prefix=/usr/local
+# Any additions from configure.in:
+ac_default_prefix=/usr/athena
+ac_help="$ac_help
+ --with-socks=dir use socks in dir"
+ac_help="$ac_help
+ --with-socks-lib=dir use socks-lib in dir"
+ac_help="$ac_help
+ --with-socks-include=dir use socks-include in dir"
+ac_help="$ac_help
+ --with-shared create shared libraries for Kerberos"
+ac_help="$ac_help
+ --with-cracklib=dir use the cracklib.a in dir"
+ac_help="$ac_help
+ --with-dictpath=path use this dictionary with cracklib
+"
+ac_help="$ac_help
+ --with-mailspool=dir this is the mail spool directory
+"
+ac_help="$ac_help
+ --enable-random-mkey use new code for master keys"
+ac_help="$ac_help
+ --with-mkey=file where to put the master key"
+ac_help="$ac_help
+ --without-berkeley-db if you don't want berkeley db"
+ac_help="$ac_help
+ --without-afs-support if you don't want support for afs"
+ac_help="$ac_help
+ --with-des-quad-checksum=kind
+ default checksum to use (new, old, or guess)"
+ac_help="$ac_help
+ --with-readline=dir use readline in dir"
+ac_help="$ac_help
+ --with-readline-lib=dir use readline-lib in dir"
+ac_help="$ac_help
+ --with-readline-include=dir use readline-include in dir"
+ac_help="$ac_help
+ --with-x use the X Window System"
+
+# Initialize some variables set by options.
+# The variables have the same names as the options, with
+# dashes changed to underlines.
+build=NONE
+cache_file=./config.cache
+exec_prefix=NONE
+host=NONE
+no_create=
+nonopt=NONE
+no_recursion=
+prefix=NONE
+program_prefix=NONE
+program_suffix=NONE
+program_transform_name=s,x,x,
+silent=
+site=
+srcdir=
+target=NONE
+verbose=
+x_includes=NONE
+x_libraries=NONE
+bindir='${exec_prefix}/bin'
+sbindir='${exec_prefix}/sbin'
+libexecdir='${exec_prefix}/libexec'
+datadir='${prefix}/share'
+sysconfdir='${prefix}/etc'
+sharedstatedir='${prefix}/com'
+localstatedir='${prefix}/var'
+libdir='${exec_prefix}/lib'
+includedir='${prefix}/include'
+oldincludedir='/usr/include'
+infodir='${prefix}/info'
+mandir='${prefix}/man'
+
+# Initialize some other variables.
+subdirs=
+MFLAGS= MAKEFLAGS=
+# Maximum number of lines to put in a shell here document.
+ac_max_here_lines=12
+
+ac_prev=
+for ac_option
+do
+
+ # If the previous option needs an argument, assign it.
+ if test -n "$ac_prev"; then
+ eval "$ac_prev=\$ac_option"
+ ac_prev=
+ continue
+ fi
+
+ case "$ac_option" in
+ -*=*) ac_optarg=`echo "$ac_option" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
+ *) ac_optarg= ;;
+ esac
+
+ # Accept the important Cygnus configure options, so we can diagnose typos.
+
+ case "$ac_option" in
+
+ -bindir | --bindir | --bindi | --bind | --bin | --bi)
+ ac_prev=bindir ;;
+ -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
+ bindir="$ac_optarg" ;;
+
+ -build | --build | --buil | --bui | --bu)
+ ac_prev=build ;;
+ -build=* | --build=* | --buil=* | --bui=* | --bu=*)
+ build="$ac_optarg" ;;
+
+ -cache-file | --cache-file | --cache-fil | --cache-fi \
+ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
+ ac_prev=cache_file ;;
+ -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
+ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
+ cache_file="$ac_optarg" ;;
+
+ -datadir | --datadir | --datadi | --datad | --data | --dat | --da)
+ ac_prev=datadir ;;
+ -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \
+ | --da=*)
+ datadir="$ac_optarg" ;;
+
+ -disable-* | --disable-*)
+ ac_feature=`echo $ac_option|sed -e 's/-*disable-//'`
+ # Reject names that are not valid shell variable names.
+ if test -n "`echo $ac_feature| sed 's/[-a-zA-Z0-9_]//g'`"; then
+ { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; }
+ fi
+ ac_feature=`echo $ac_feature| sed 's/-/_/g'`
+ eval "enable_${ac_feature}=no" ;;
+
+ -enable-* | --enable-*)
+ ac_feature=`echo $ac_option|sed -e 's/-*enable-//' -e 's/=.*//'`
+ # Reject names that are not valid shell variable names.
+ if test -n "`echo $ac_feature| sed 's/[-_a-zA-Z0-9]//g'`"; then
+ { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; }
+ fi
+ ac_feature=`echo $ac_feature| sed 's/-/_/g'`
+ case "$ac_option" in
+ *=*) ;;
+ *) ac_optarg=yes ;;
+ esac
+ eval "enable_${ac_feature}='$ac_optarg'" ;;
+
+ -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
+ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
+ | --exec | --exe | --ex)
+ ac_prev=exec_prefix ;;
+ -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
+ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
+ | --exec=* | --exe=* | --ex=*)
+ exec_prefix="$ac_optarg" ;;
+
+ -gas | --gas | --ga | --g)
+ # Obsolete; use --with-gas.
+ with_gas=yes ;;
+
+ -help | --help | --hel | --he)
+ # Omit some internal or obsolete options to make the list less imposing.
+ # This message is too long to be a string in the A/UX 3.1 sh.
+ cat << EOF
+Usage: configure [options] [host]
+Options: [defaults in brackets after descriptions]
+Configuration:
+ --cache-file=FILE cache test results in FILE
+ --help print this message
+ --no-create do not create output files
+ --quiet, --silent do not print \`checking...' messages
+ --version print the version of autoconf that created configure
+Directory and file names:
+ --prefix=PREFIX install architecture-independent files in PREFIX
+ [$ac_default_prefix]
+ --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
+ [same as prefix]
+ --bindir=DIR user executables in DIR [EPREFIX/bin]
+ --sbindir=DIR system admin executables in DIR [EPREFIX/sbin]
+ --libexecdir=DIR program executables in DIR [EPREFIX/libexec]
+ --datadir=DIR read-only architecture-independent data in DIR
+ [PREFIX/share]
+ --sysconfdir=DIR read-only single-machine data in DIR [PREFIX/etc]
+ --sharedstatedir=DIR modifiable architecture-independent data in DIR
+ [PREFIX/com]
+ --localstatedir=DIR modifiable single-machine data in DIR [PREFIX/var]
+ --libdir=DIR object code libraries in DIR [EPREFIX/lib]
+ --includedir=DIR C header files in DIR [PREFIX/include]
+ --oldincludedir=DIR C header files for non-gcc in DIR [/usr/include]
+ --infodir=DIR info documentation in DIR [PREFIX/info]
+ --mandir=DIR man documentation in DIR [PREFIX/man]
+ --srcdir=DIR find the sources in DIR [configure dir or ..]
+ --program-prefix=PREFIX prepend PREFIX to installed program names
+ --program-suffix=SUFFIX append SUFFIX to installed program names
+ --program-transform-name=PROGRAM
+ run sed PROGRAM on installed program names
+EOF
+ cat << EOF
+Host type:
+ --build=BUILD configure for building on BUILD [BUILD=HOST]
+ --host=HOST configure for HOST [guessed]
+ --target=TARGET configure for TARGET [TARGET=HOST]
+Features and packages:
+ --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
+ --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
+ --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
+ --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
+ --x-includes=DIR X include files are in DIR
+ --x-libraries=DIR X library files are in DIR
+EOF
+ if test -n "$ac_help"; then
+ echo "--enable and --with options recognized:$ac_help"
+ fi
+ exit 0 ;;
+
+ -host | --host | --hos | --ho)
+ ac_prev=host ;;
+ -host=* | --host=* | --hos=* | --ho=*)
+ host="$ac_optarg" ;;
+
+ -includedir | --includedir | --includedi | --included | --include \
+ | --includ | --inclu | --incl | --inc)
+ ac_prev=includedir ;;
+ -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
+ | --includ=* | --inclu=* | --incl=* | --inc=*)
+ includedir="$ac_optarg" ;;
+
+ -infodir | --infodir | --infodi | --infod | --info | --inf)
+ ac_prev=infodir ;;
+ -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
+ infodir="$ac_optarg" ;;
+
+ -libdir | --libdir | --libdi | --libd)
+ ac_prev=libdir ;;
+ -libdir=* | --libdir=* | --libdi=* | --libd=*)
+ libdir="$ac_optarg" ;;
+
+ -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
+ | --libexe | --libex | --libe)
+ ac_prev=libexecdir ;;
+ -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
+ | --libexe=* | --libex=* | --libe=*)
+ libexecdir="$ac_optarg" ;;
+
+ -localstatedir | --localstatedir | --localstatedi | --localstated \
+ | --localstate | --localstat | --localsta | --localst \
+ | --locals | --local | --loca | --loc | --lo)
+ ac_prev=localstatedir ;;
+ -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
+ | --localstate=* | --localstat=* | --localsta=* | --localst=* \
+ | --locals=* | --local=* | --loca=* | --loc=* | --lo=*)
+ localstatedir="$ac_optarg" ;;
+
+ -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
+ ac_prev=mandir ;;
+ -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
+ mandir="$ac_optarg" ;;
+
+ -nfp | --nfp | --nf)
+ # Obsolete; use --without-fp.
+ with_fp=no ;;
+
+ -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+ | --no-cr | --no-c)
+ no_create=yes ;;
+
+ -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
+ no_recursion=yes ;;
+
+ -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
+ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
+ | --oldin | --oldi | --old | --ol | --o)
+ ac_prev=oldincludedir ;;
+ -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
+ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
+ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
+ oldincludedir="$ac_optarg" ;;
+
+ -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
+ ac_prev=prefix ;;
+ -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
+ prefix="$ac_optarg" ;;
+
+ -program-prefix | --program-prefix | --program-prefi | --program-pref \
+ | --program-pre | --program-pr | --program-p)
+ ac_prev=program_prefix ;;
+ -program-prefix=* | --program-prefix=* | --program-prefi=* \
+ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
+ program_prefix="$ac_optarg" ;;
+
+ -program-suffix | --program-suffix | --program-suffi | --program-suff \
+ | --program-suf | --program-su | --program-s)
+ ac_prev=program_suffix ;;
+ -program-suffix=* | --program-suffix=* | --program-suffi=* \
+ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
+ program_suffix="$ac_optarg" ;;
+
+ -program-transform-name | --program-transform-name \
+ | --program-transform-nam | --program-transform-na \
+ | --program-transform-n | --program-transform- \
+ | --program-transform | --program-transfor \
+ | --program-transfo | --program-transf \
+ | --program-trans | --program-tran \
+ | --progr-tra | --program-tr | --program-t)
+ ac_prev=program_transform_name ;;
+ -program-transform-name=* | --program-transform-name=* \
+ | --program-transform-nam=* | --program-transform-na=* \
+ | --program-transform-n=* | --program-transform-=* \
+ | --program-transform=* | --program-transfor=* \
+ | --program-transfo=* | --program-transf=* \
+ | --program-trans=* | --program-tran=* \
+ | --progr-tra=* | --program-tr=* | --program-t=*)
+ program_transform_name="$ac_optarg" ;;
+
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil)
+ silent=yes ;;
+
+ -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+ ac_prev=sbindir ;;
+ -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+ | --sbi=* | --sb=*)
+ sbindir="$ac_optarg" ;;
+
+ -sharedstatedir | --sharedstatedir | --sharedstatedi \
+ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
+ | --sharedst | --shareds | --shared | --share | --shar \
+ | --sha | --sh)
+ ac_prev=sharedstatedir ;;
+ -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
+ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
+ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
+ | --sha=* | --sh=*)
+ sharedstatedir="$ac_optarg" ;;
+
+ -site | --site | --sit)
+ ac_prev=site ;;
+ -site=* | --site=* | --sit=*)
+ site="$ac_optarg" ;;
+
+ -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
+ ac_prev=srcdir ;;
+ -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
+ srcdir="$ac_optarg" ;;
+
+ -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
+ | --syscon | --sysco | --sysc | --sys | --sy)
+ ac_prev=sysconfdir ;;
+ -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
+ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
+ sysconfdir="$ac_optarg" ;;
+
+ -target | --target | --targe | --targ | --tar | --ta | --t)
+ ac_prev=target ;;
+ -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
+ target="$ac_optarg" ;;
+
+ -v | -verbose | --verbose | --verbos | --verbo | --verb)
+ verbose=yes ;;
+
+ -version | --version | --versio | --versi | --vers)
+ echo "configure generated by autoconf version 2.12"
+ exit 0 ;;
+
+ -with-* | --with-*)
+ ac_package=`echo $ac_option|sed -e 's/-*with-//' -e 's/=.*//'`
+ # Reject names that are not valid shell variable names.
+ if test -n "`echo $ac_package| sed 's/[-_a-zA-Z0-9]//g'`"; then
+ { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; }
+ fi
+ ac_package=`echo $ac_package| sed 's/-/_/g'`
+ case "$ac_option" in
+ *=*) ;;
+ *) ac_optarg=yes ;;
+ esac
+ eval "with_${ac_package}='$ac_optarg'" ;;
+
+ -without-* | --without-*)
+ ac_package=`echo $ac_option|sed -e 's/-*without-//'`
+ # Reject names that are not valid shell variable names.
+ if test -n "`echo $ac_package| sed 's/[-a-zA-Z0-9_]//g'`"; then
+ { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; }
+ fi
+ ac_package=`echo $ac_package| sed 's/-/_/g'`
+ eval "with_${ac_package}=no" ;;
+
+ --x)
+ # Obsolete; use --with-x.
+ with_x=yes ;;
+
+ -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
+ | --x-incl | --x-inc | --x-in | --x-i)
+ ac_prev=x_includes ;;
+ -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
+ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
+ x_includes="$ac_optarg" ;;
+
+ -x-libraries | --x-libraries | --x-librarie | --x-librari \
+ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
+ ac_prev=x_libraries ;;
+ -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
+ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
+ x_libraries="$ac_optarg" ;;
+
+ -*) { echo "configure: error: $ac_option: invalid option; use --help to show usage" 1>&2; exit 1; }
+ ;;
+
+ *)
+ if test -n "`echo $ac_option| sed 's/[-a-z0-9.]//g'`"; then
+ echo "configure: warning: $ac_option: invalid host type" 1>&2
+ fi
+ if test "x$nonopt" != xNONE; then
+ { echo "configure: error: can only configure for one host and one target at a time" 1>&2; exit 1; }
+ fi
+ nonopt="$ac_option"
+ ;;
+
+ esac
+done
+
+if test -n "$ac_prev"; then
+ { echo "configure: error: missing argument to --`echo $ac_prev | sed 's/_/-/g'`" 1>&2; exit 1; }
+fi
+
+trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15
+
+# File descriptor usage:
+# 0 standard input
+# 1 file creation
+# 2 errors and warnings
+# 3 some systems may open it to /dev/tty
+# 4 used on the Kubota Titan
+# 6 checking for... messages and results
+# 5 compiler messages saved in config.log
+if test "$silent" = yes; then
+ exec 6>/dev/null
+else
+ exec 6>&1
+fi
+exec 5>./config.log
+
+echo "\
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+" 1>&5
+
+# Strip out --no-create and --no-recursion so they do not pile up.
+# Also quote any args containing shell metacharacters.
+ac_configure_args=
+for ac_arg
+do
+ case "$ac_arg" in
+ -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+ | --no-cr | --no-c) ;;
+ -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) ;;
+ *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?]*)
+ ac_configure_args="$ac_configure_args '$ac_arg'" ;;
+ *) ac_configure_args="$ac_configure_args $ac_arg" ;;
+ esac
+done
+
+# NLS nuisances.
+# Only set these to C if already set. These must not be set unconditionally
+# because not all systems understand e.g. LANG=C (notably SCO).
+# Fixing LC_MESSAGES prevents Solaris sh from translating var values in `set'!
+# Non-C LC_CTYPE values break the ctype check.
+if test "${LANG+set}" = set; then LANG=C; export LANG; fi
+if test "${LC_ALL+set}" = set; then LC_ALL=C; export LC_ALL; fi
+if test "${LC_MESSAGES+set}" = set; then LC_MESSAGES=C; export LC_MESSAGES; fi
+if test "${LC_CTYPE+set}" = set; then LC_CTYPE=C; export LC_CTYPE; fi
+
+# confdefs.h avoids OS command line length limits that DEFS can exceed.
+rm -rf conftest* confdefs.h
+# AIX cpp loses on an empty file, so make sure it contains at least a newline.
+echo > confdefs.h
+
+# A filename unique to this package, relative to the directory that
+# configure is in, which we can look for to find out if srcdir is correct.
+ac_unique_file=lib/krb/getrealm.c
+
+# Find the source files, if location was not specified.
+if test -z "$srcdir"; then
+ ac_srcdir_defaulted=yes
+ # Try the directory containing this script, then its parent.
+ ac_prog=$0
+ ac_confdir=`echo $ac_prog|sed 's%/[^/][^/]*$%%'`
+ test "x$ac_confdir" = "x$ac_prog" && ac_confdir=.
+ srcdir=$ac_confdir
+ if test ! -r $srcdir/$ac_unique_file; then
+ srcdir=..
+ fi
+else
+ ac_srcdir_defaulted=no
+fi
+if test ! -r $srcdir/$ac_unique_file; then
+ if test "$ac_srcdir_defaulted" = yes; then
+ { echo "configure: error: can not find sources in $ac_confdir or .." 1>&2; exit 1; }
+ else
+ { echo "configure: error: can not find sources in $srcdir" 1>&2; exit 1; }
+ fi
+fi
+srcdir=`echo "${srcdir}" | sed 's%\([^/]\)/*$%\1%'`
+
+# Prefer explicitly selected file to automatically selected ones.
+if test -z "$CONFIG_SITE"; then
+ if test "x$prefix" != xNONE; then
+ CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site"
+ else
+ CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site"
+ fi
+fi
+for ac_site_file in $CONFIG_SITE; do
+ if test -r "$ac_site_file"; then
+ echo "loading site script $ac_site_file"
+ . "$ac_site_file"
+ fi
+done
+
+if test -r "$cache_file"; then
+ echo "loading cache $cache_file"
+ . $cache_file
+else
+ echo "creating cache $cache_file"
+ > $cache_file
+fi
+
+ac_ext=c
+# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options.
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5'
+ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5'
+cross_compiling=$ac_cv_prog_cc_cross
+
+if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then
+ # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu.
+ if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then
+ ac_n= ac_c='
+' ac_t=' '
+ else
+ ac_n=-n ac_c= ac_t=
+ fi
+else
+ ac_n= ac_c='\c' ac_t=
+fi
+
+
+
+
+
+PACKAGE=krb4
+VERSION=0.9.6
+# This may be overridden using --prefix=/usr to configure
+
+
+ac_aux_dir=
+for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do
+ if test -f $ac_dir/install-sh; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/install-sh -c"
+ break
+ elif test -f $ac_dir/install.sh; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/install.sh -c"
+ break
+ fi
+done
+if test -z "$ac_aux_dir"; then
+ { echo "configure: error: can not find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." 1>&2; exit 1; }
+fi
+ac_config_guess=$ac_aux_dir/config.guess
+ac_config_sub=$ac_aux_dir/config.sub
+ac_configure=$ac_aux_dir/configure # This should be Cygnus configure.
+
+
+# Make sure we can run config.sub.
+if $ac_config_sub sun4 >/dev/null 2>&1; then :
+else { echo "configure: error: can not run $ac_config_sub" 1>&2; exit 1; }
+fi
+
+echo $ac_n "checking host system type""... $ac_c" 1>&6
+echo "configure:648: checking host system type" >&5
+
+host_alias=$host
+case "$host_alias" in
+NONE)
+ case $nonopt in
+ NONE)
+ if host_alias=`$ac_config_guess`; then :
+ else { echo "configure: error: can not guess host type; you must specify one" 1>&2; exit 1; }
+ fi ;;
+ *) host_alias=$nonopt ;;
+ esac ;;
+esac
+
+host=`$ac_config_sub $host_alias`
+host_cpu=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
+host_vendor=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
+host_os=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
+echo "$ac_t""$host" 1>&6
+
+echo $ac_n "checking whether ${MAKE-make} sets \${MAKE}""... $ac_c" 1>&6
+echo "configure:669: checking whether ${MAKE-make} sets \${MAKE}" >&5
+set dummy ${MAKE-make}; ac_make=`echo "$2" | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_prog_make_${ac_make}_set'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftestmake <<\EOF
+all:
+ @echo 'ac_maketemp="${MAKE}"'
+EOF
+# GNU make sometimes prints "make[1]: Entering...", which would confuse us.
+eval `${MAKE-make} -f conftestmake 2>/dev/null | grep temp=`
+if test -n "$ac_maketemp"; then
+ eval ac_cv_prog_make_${ac_make}_set=yes
+else
+ eval ac_cv_prog_make_${ac_make}_set=no
+fi
+rm -f conftestmake
+fi
+if eval "test \"`echo '$ac_cv_prog_make_'${ac_make}_set`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ SET_MAKE=
+else
+ echo "$ac_t""no" 1>&6
+ SET_MAKE="MAKE=${MAKE-make}"
+fi
+
+if test "$program_transform_name" = s,x,x,; then
+ program_transform_name=
+else
+ # Double any \ or $. echo might interpret backslashes.
+ cat <<\EOF_SED > conftestsed
+s,\\,\\\\,g; s,\$,$$,g
+EOF_SED
+ program_transform_name="`echo $program_transform_name|sed -f conftestsed`"
+ rm -f conftestsed
+fi
+test "$program_prefix" != NONE &&
+ program_transform_name="s,^,${program_prefix},; $program_transform_name"
+# Use a double $ so make ignores it.
+test "$program_suffix" != NONE &&
+ program_transform_name="s,\$\$,${program_suffix},; $program_transform_name"
+
+# sed with no file args requires a program.
+test "$program_transform_name" = "" && program_transform_name="s,x,x,"
+
+
+# We want these before the checks, so the checks can modify their values.
+test -z "$LDFLAGS" && LDFLAGS=-g
+
+
+echo $ac_n "checking for ln -s or something else""... $ac_c" 1>&6
+echo "configure:720: checking for ln -s or something else" >&5
+if eval "test \"`echo '$''{'ac_cv_prog_LN_S'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ rm -f conftestdata
+if ln -s X conftestdata 2>/dev/null
+then
+ rm -f conftestdata
+ ac_cv_prog_LN_S="ln -s"
+else
+ touch conftestdata1
+ if ln conftestdata1 conftestdata2; then
+ rm -f conftestdata*
+ ac_cv_prog_LN_S=ln
+ else
+ ac_cv_prog_LN_S=cp
+ fi
+fi
+fi
+LN_S="$ac_cv_prog_LN_S"
+echo "$ac_t""$ac_cv_prog_LN_S" 1>&6
+
+# Extract the first word of "gcc", so it can be a program name with args.
+set dummy gcc; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+echo "configure:745: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:"
+ for ac_dir in $PATH; do
+ test -z "$ac_dir" && ac_dir=.
+ if test -f $ac_dir/$ac_word; then
+ ac_cv_prog_CC="gcc"
+ break
+ fi
+ done
+ IFS="$ac_save_ifs"
+fi
+fi
+CC="$ac_cv_prog_CC"
+if test -n "$CC"; then
+ echo "$ac_t""$CC" 1>&6
+else
+ echo "$ac_t""no" 1>&6
+fi
+
+if test -z "$CC"; then
+ # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+echo "configure:774: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:"
+ ac_prog_rejected=no
+ for ac_dir in $PATH; do
+ test -z "$ac_dir" && ac_dir=.
+ if test -f $ac_dir/$ac_word; then
+ if test "$ac_dir/$ac_word" = "/usr/ucb/cc"; then
+ ac_prog_rejected=yes
+ continue
+ fi
+ ac_cv_prog_CC="cc"
+ break
+ fi
+ done
+ IFS="$ac_save_ifs"
+if test $ac_prog_rejected = yes; then
+ # We found a bogon in the path, so make sure we never use it.
+ set dummy $ac_cv_prog_CC
+ shift
+ if test $# -gt 0; then
+ # We chose a different compiler from the bogus one.
+ # However, it has the same basename, so the bogon will be chosen
+ # first if we set CC to just the basename; use the full file name.
+ shift
+ set dummy "$ac_dir/$ac_word" "$@"
+ shift
+ ac_cv_prog_CC="$@"
+ fi
+fi
+fi
+fi
+CC="$ac_cv_prog_CC"
+if test -n "$CC"; then
+ echo "$ac_t""$CC" 1>&6
+else
+ echo "$ac_t""no" 1>&6
+fi
+
+ test -z "$CC" && { echo "configure: error: no acceptable cc found in \$PATH" 1>&2; exit 1; }
+fi
+
+echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6
+echo "configure:822: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5
+
+ac_ext=c
+# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options.
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5'
+ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5'
+cross_compiling=$ac_cv_prog_cc_cross
+
+cat > conftest.$ac_ext <<EOF
+#line 832 "configure"
+#include "confdefs.h"
+main(){return(0);}
+EOF
+if { (eval echo configure:836: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ ac_cv_prog_cc_works=yes
+ # If we can't run a trivial program, we are probably using a cross compiler.
+ if (./conftest; exit) 2>/dev/null; then
+ ac_cv_prog_cc_cross=no
+ else
+ ac_cv_prog_cc_cross=yes
+ fi
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ ac_cv_prog_cc_works=no
+fi
+rm -fr conftest*
+
+echo "$ac_t""$ac_cv_prog_cc_works" 1>&6
+if test $ac_cv_prog_cc_works = no; then
+ { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; }
+fi
+echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6
+echo "configure:856: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5
+echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6
+cross_compiling=$ac_cv_prog_cc_cross
+
+echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6
+echo "configure:861: checking whether we are using GNU C" >&5
+if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.c <<EOF
+#ifdef __GNUC__
+ yes;
+#endif
+EOF
+if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:870: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then
+ ac_cv_prog_gcc=yes
+else
+ ac_cv_prog_gcc=no
+fi
+fi
+
+echo "$ac_t""$ac_cv_prog_gcc" 1>&6
+
+if test $ac_cv_prog_gcc = yes; then
+ GCC=yes
+ ac_test_CFLAGS="${CFLAGS+set}"
+ ac_save_CFLAGS="$CFLAGS"
+ CFLAGS=
+ echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6
+echo "configure:885: checking whether ${CC-cc} accepts -g" >&5
+if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ echo 'void f(){}' > conftest.c
+if test -z "`${CC-cc} -g -c conftest.c 2>&1`"; then
+ ac_cv_prog_cc_g=yes
+else
+ ac_cv_prog_cc_g=no
+fi
+rm -f conftest*
+
+fi
+
+echo "$ac_t""$ac_cv_prog_cc_g" 1>&6
+ if test "$ac_test_CFLAGS" = set; then
+ CFLAGS="$ac_save_CFLAGS"
+ elif test $ac_cv_prog_cc_g = yes; then
+ CFLAGS="-g -O2"
+ else
+ CFLAGS="-O2"
+ fi
+else
+ GCC=
+ test "${CFLAGS+set}" = set || CFLAGS="-g"
+fi
+
+echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6
+echo "configure:913: checking how to run the C preprocessor" >&5
+# On Suns, sometimes $CPP names a directory.
+if test -n "$CPP" && test -d "$CPP"; then
+ CPP=
+fi
+if test -z "$CPP"; then
+if eval "test \"`echo '$''{'ac_cv_prog_CPP'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ # This must be in double quotes, not single quotes, because CPP may get
+ # substituted into the Makefile and "${CC-cc}" will confuse make.
+ CPP="${CC-cc} -E"
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp.
+ cat > conftest.$ac_ext <<EOF
+#line 928 "configure"
+#include "confdefs.h"
+#include <assert.h>
+Syntax Error
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:934: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out`
+if test -z "$ac_err"; then
+ :
+else
+ echo "$ac_err" >&5
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ CPP="${CC-cc} -E -traditional-cpp"
+ cat > conftest.$ac_ext <<EOF
+#line 945 "configure"
+#include "confdefs.h"
+#include <assert.h>
+Syntax Error
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:951: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out`
+if test -z "$ac_err"; then
+ :
+else
+ echo "$ac_err" >&5
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ CPP=/lib/cpp
+fi
+rm -f conftest*
+fi
+rm -f conftest*
+ ac_cv_prog_CPP="$CPP"
+fi
+ CPP="$ac_cv_prog_CPP"
+else
+ ac_cv_prog_CPP="$CPP"
+fi
+echo "$ac_t""$CPP" 1>&6
+
+echo $ac_n "checking for POSIXized ISC""... $ac_c" 1>&6
+echo "configure:974: checking for POSIXized ISC" >&5
+if test -d /etc/conf/kconfig.d &&
+ grep _POSIX_VERSION /usr/include/sys/unistd.h >/dev/null 2>&1
+then
+ echo "$ac_t""yes" 1>&6
+ ISC=yes # If later tests want to check for ISC.
+ cat >> confdefs.h <<\EOF
+#define _POSIX_SOURCE 1
+EOF
+
+ if test "$GCC" = yes; then
+ CC="$CC -posix"
+ else
+ CC="$CC -Xp"
+ fi
+else
+ echo "$ac_t""no" 1>&6
+ ISC=
+fi
+
+for ac_prog in byacc yacc 'bison -y'
+do
+# Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+echo "configure:999: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_prog_YACC'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ if test -n "$YACC"; then
+ ac_cv_prog_YACC="$YACC" # Let the user override the test.
+else
+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:"
+ for ac_dir in $PATH; do
+ test -z "$ac_dir" && ac_dir=.
+ if test -f $ac_dir/$ac_word; then
+ ac_cv_prog_YACC="$ac_prog"
+ break
+ fi
+ done
+ IFS="$ac_save_ifs"
+fi
+fi
+YACC="$ac_cv_prog_YACC"
+if test -n "$YACC"; then
+ echo "$ac_t""$YACC" 1>&6
+else
+ echo "$ac_t""no" 1>&6
+fi
+
+test -n "$YACC" && break
+done
+
+# Extract the first word of "flex", so it can be a program name with args.
+set dummy flex; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+echo "configure:1030: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_prog_LEX'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ if test -n "$LEX"; then
+ ac_cv_prog_LEX="$LEX" # Let the user override the test.
+else
+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:"
+ for ac_dir in $PATH; do
+ test -z "$ac_dir" && ac_dir=.
+ if test -f $ac_dir/$ac_word; then
+ ac_cv_prog_LEX="flex"
+ break
+ fi
+ done
+ IFS="$ac_save_ifs"
+ test -z "$ac_cv_prog_LEX" && ac_cv_prog_LEX="lex"
+fi
+fi
+LEX="$ac_cv_prog_LEX"
+if test -n "$LEX"; then
+ echo "$ac_t""$LEX" 1>&6
+else
+ echo "$ac_t""no" 1>&6
+fi
+
+if test -z "$LEXLIB"
+then
+ case "$LEX" in
+ flex*) ac_lib=fl ;;
+ *) ac_lib=l ;;
+ esac
+ echo $ac_n "checking for yywrap in -l$ac_lib""... $ac_c" 1>&6
+echo "configure:1063: checking for yywrap in -l$ac_lib" >&5
+ac_lib_var=`echo $ac_lib'_'yywrap | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ ac_save_LIBS="$LIBS"
+LIBS="-l$ac_lib $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 1071 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char yywrap();
+
+int main() {
+yywrap()
+; return 0; }
+EOF
+if { (eval echo configure:1082: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ LEXLIB="-l$ac_lib"
+else
+ echo "$ac_t""no" 1>&6
+fi
+
+fi
+
+# Extract the first word of "ranlib", so it can be a program name with args.
+set dummy ranlib; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+echo "configure:1107: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_prog_RANLIB'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ if test -n "$RANLIB"; then
+ ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
+else
+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:"
+ for ac_dir in $PATH; do
+ test -z "$ac_dir" && ac_dir=.
+ if test -f $ac_dir/$ac_word; then
+ ac_cv_prog_RANLIB="ranlib"
+ break
+ fi
+ done
+ IFS="$ac_save_ifs"
+ test -z "$ac_cv_prog_RANLIB" && ac_cv_prog_RANLIB=":"
+fi
+fi
+RANLIB="$ac_cv_prog_RANLIB"
+if test -n "$RANLIB"; then
+ echo "$ac_t""$RANLIB" 1>&6
+else
+ echo "$ac_t""no" 1>&6
+fi
+
+# Find a good install program. We prefer a C program (faster),
+# so one script is as good as another. But avoid the broken or
+# incompatible versions:
+# SysV /etc/install, /usr/sbin/install
+# SunOS /usr/etc/install
+# IRIX /sbin/install
+# AIX /bin/install
+# AFS /usr/afsws/bin/install, which mishandles nonexistent args
+# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
+# ./install, which can be erroneously created by make from ./install.sh.
+echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6
+echo "configure:1144: checking for a BSD compatible install" >&5
+if test -z "$INSTALL"; then
+if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ IFS="${IFS= }"; ac_save_IFS="$IFS"; IFS="${IFS}:"
+ for ac_dir in $PATH; do
+ # Account for people who put trailing slashes in PATH elements.
+ case "$ac_dir/" in
+ /|./|.//|/etc/*|/usr/sbin/*|/usr/etc/*|/sbin/*|/usr/afsws/bin/*|/usr/ucb/*) ;;
+ *)
+ # OSF1 and SCO ODT 3.0 have their own names for install.
+ for ac_prog in ginstall installbsd scoinst install; do
+ if test -f $ac_dir/$ac_prog; then
+ if test $ac_prog = install &&
+ grep dspmsg $ac_dir/$ac_prog >/dev/null 2>&1; then
+ # AIX install. It has an incompatible calling convention.
+ # OSF/1 installbsd also uses dspmsg, but is usable.
+ :
+ else
+ ac_cv_path_install="$ac_dir/$ac_prog -c"
+ break 2
+ fi
+ fi
+ done
+ ;;
+ esac
+ done
+ IFS="$ac_save_IFS"
+
+fi
+ if test "${ac_cv_path_install+set}" = set; then
+ INSTALL="$ac_cv_path_install"
+ else
+ # As a last resort, use the slow shell script. We don't cache a
+ # path for INSTALL within a source directory, because that will
+ # break other packages using the cache if that directory is
+ # removed, or if the path is relative.
+ INSTALL="$ac_install_sh"
+ fi
+fi
+echo "$ac_t""$INSTALL" 1>&6
+
+# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
+# It thinks the first close brace ends the variable substitution.
+test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
+
+test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
+
+# Extract the first word of "makeinfo", so it can be a program name with args.
+set dummy makeinfo; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+echo "configure:1196: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_prog_MAKEINFO'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ if test -n "$MAKEINFO"; then
+ ac_cv_prog_MAKEINFO="$MAKEINFO" # Let the user override the test.
+else
+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:"
+ for ac_dir in $PATH; do
+ test -z "$ac_dir" && ac_dir=.
+ if test -f $ac_dir/$ac_word; then
+ ac_cv_prog_MAKEINFO="makeinfo"
+ break
+ fi
+ done
+ IFS="$ac_save_ifs"
+ test -z "$ac_cv_prog_MAKEINFO" && ac_cv_prog_MAKEINFO=":"
+fi
+fi
+MAKEINFO="$ac_cv_prog_MAKEINFO"
+if test -n "$MAKEINFO"; then
+ echo "$ac_t""$MAKEINFO" 1>&6
+else
+ echo "$ac_t""no" 1>&6
+fi
+
+
+
+
+echo $ac_n "checking for socks""... $ac_c" 1>&6
+echo "configure:1226: checking for socks" >&5
+# Check whether --with-socks or --without-socks was given.
+if test "${with_socks+set}" = set; then
+ withval="$with_socks"
+ if test "$with_socks" = "no"; then
+ with_socks=
+fi
+
+fi
+
+# Check whether --with-socks-lib or --without-socks-lib was given.
+if test "${with_socks_lib+set}" = set; then
+ withval="$with_socks_lib"
+ if test "$withval" = "yes" -o "$withval" = "no"; then
+ { echo "configure: error: No argument for --with-socks-lib" 1>&2; exit 1; }
+elif test "X$with_socks" = "X"; then
+ with_socks=yes
+fi
+
+fi
+
+# Check whether --with-socks-include or --without-socks-include was given.
+if test "${with_socks_include+set}" = set; then
+ withval="$with_socks_include"
+ if test "$withval" = "yes" -o "$withval" = "no"; then
+ { echo "configure: error: No argument for --with-socks-include" 1>&2; exit 1; }
+elif test "X$with_socks" = "X"; then
+ with_socks=yes
+fi
+
+fi
+
+
+
+: << END
+@@@syms="$syms SOCKS"@@@
+END
+
+if test -n "$with_socks"; then
+ cat >> confdefs.h <<\EOF
+#define SOCKS 1
+EOF
+
+ if test "$with_socks" != "yes"; then
+ socks_dir=$with_socks
+ fi
+ if test -n "$with_socks_include"; then
+ trydir=$with_socks_include
+ elif test "$with_socks" != "yes"; then
+ trydir="$with_socks $with_socks/include"
+ else
+ trydir=
+ fi
+ found=
+ for i in $trydir ""; do
+ if test -n "$i"; then
+ if test -f $i/socks.h; then
+ found=yes; res=$i; break
+ fi
+ else
+ cat > conftest.$ac_ext <<EOF
+#line 1287 "configure"
+#include "confdefs.h"
+#include <socks.h>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:1292: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out`
+if test -z "$ac_err"; then
+ rm -rf conftest*
+ found=yes; res=$i; break
+else
+ echo "$ac_err" >&5
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+ fi
+ done
+ if test -n "$found"; then
+ socks_include=$res
+ else
+ { echo "configure: error: Cannot find socks.h" 1>&2; exit 1; }
+ fi
+ if test -n "$with_socks_lib"; then
+ trydir=$with_socks_lib
+ elif test "$with_socks" != "yes"; then
+ trydir="$with_socks $with_socks/lib"
+ else
+ trydir=
+ fi
+ found=
+ for i in $trydir ""; do
+ if test -n "$i"; then
+ if test -f $i/libsocks5.a; then
+ found=yes; res=$i; break
+ fi
+ else
+ old_LIBS=$LIBS
+ LIBS="-lsocks5 $LIBS"
+ cat > conftest.$ac_ext <<EOF
+#line 1327 "configure"
+#include "confdefs.h"
+
+int main() {
+
+; return 0; }
+EOF
+if { (eval echo configure:1334: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ found=yes; res=$i; LIBS=$old_LIBS; break
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+ LIBS=$old_LIBS
+ fi
+ done
+ if test -n "$found"; then
+ socks_lib=$res
+ else
+ { echo "configure: error: Cannot find libsocks5.a" 1>&2; exit 1; }
+ fi
+ echo "$ac_t""headers $socks_include, libraries $socks_lib" 1>&6
+ cat >> confdefs.h <<EOF
+#define SOCKS 1
+EOF
+
+ if test -n "$socks_include"; then
+ SOCKSINCLUDE="-I$socks_include"
+ fi
+
+ if test -n "$socks_lib"; then
+ SOCKSLIB="-L$socks_lib"
+ fi
+ SOCKSLIB="$SOCKSLIB -lsocks5"
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+
+
+CFLAGS="$SOCKSINCLUDE $CFLAGS"
+LIBS="$SOCKSLIB $LIBS"
+
+# Check whether --with-shared or --without-shared was given.
+if test "${with_shared+set}" = set; then
+ withval="$with_shared"
+ :
+fi
+
+
+# Check whether --with-cracklib or --without-cracklib was given.
+if test "${with_cracklib+set}" = set; then
+ withval="$with_cracklib"
+ :
+fi
+
+
+# Check whether --with-dictpath or --without-dictpath was given.
+if test "${with_dictpath+set}" = set; then
+ withval="$with_dictpath"
+ :
+fi
+
+
+(test -z "$with_cracklib" && test -n "$with_dictpath") ||
+(test -n "$with_cracklib" && test -z "$with_dictpath") &&
+{ echo "configure: error: --with-cracklib requires --with-dictpath and vice versa" 1>&2; exit 1; }
+test -n "$with_cracklib" &&
+CRACKLIB="-L$with_cracklib -lcrack" &&
+echo "$ac_t""Using cracklib in $with_cracklib" 1>&6
+test -n "$with_dictpath" &&
+echo "$ac_t""Using dictpath=$with_dictpath" 1>&6 &&
+cat >> confdefs.h <<EOF
+#define DICTPATH "$with_dictpath"
+EOF
+
+
+# Check whether --with-mailspool or --without-mailspool was given.
+if test "${with_mailspool+set}" = set; then
+ withval="$with_mailspool"
+ :
+fi
+
+
+test -n "$with_mailspool" &&
+cat >> confdefs.h <<EOF
+#define KRB4_MAILDIR "$with_mailspool"
+EOF
+
+
+# Check whether --enable-random-mkey or --disable-random-mkey was given.
+if test "${enable_random_mkey+set}" = set; then
+ enableval="$enable_random_mkey"
+
+if test "$enableval" = "yes"; then
+ cat >> confdefs.h <<\EOF
+#define RANDOM_MKEY 1
+EOF
+
+fi
+
+fi
+
+
+# Check whether --with-mkey or --without-mkey was given.
+if test "${with_mkey+set}" = set; then
+ withval="$with_mkey"
+
+if test -n "$withval"; then
+ cat >> confdefs.h <<EOF
+#define MKEYFILE "$withval"
+EOF
+
+fi
+
+fi
+
+
+berkeley_db=db
+# Check whether --with-berkeley-db or --without-berkeley-db was given.
+if test "${with_berkeley_db+set}" = set; then
+ withval="$with_berkeley_db"
+
+if test "$withval" = no; then
+ berkeley_db=""
+fi
+
+fi
+
+
+afs_support=yes
+# Check whether --with-afs-support or --without-afs-support was given.
+if test "${with_afs_support+set}" = set; then
+ withval="$with_afs_support"
+
+if test "$withval" = no; then
+ cat >> confdefs.h <<\EOF
+#define NO_AFS 1
+EOF
+
+ afs_support=no
+fi
+
+fi
+
+
+des_quad=guess
+# Check whether --with-des-quad-checksum or --without-des-quad-checksum was given.
+if test "${with_des_quad_checksum+set}" = set; then
+ withval="$with_des_quad_checksum"
+
+des_quad="$withval"
+
+fi
+
+if test "$des_quad" = "new"; then
+ cat >> confdefs.h <<\EOF
+#define DES_QUAD_DEFAULT DES_QUAD_NEW
+EOF
+
+elif test "$des_quad" = "old"; then
+ cat >> confdefs.h <<\EOF
+#define DES_QUAD_DEFAULT DES_QUAD_OLD
+EOF
+
+else
+ cat >> confdefs.h <<\EOF
+#define DES_QUAD_DEFAULT DES_QUAD_GUESS
+EOF
+
+fi
+
+
+echo $ac_n "checking for readline""... $ac_c" 1>&6
+echo "configure:1503: checking for readline" >&5
+# Check whether --with-readline or --without-readline was given.
+if test "${with_readline+set}" = set; then
+ withval="$with_readline"
+ if test "$with_readline" = "no"; then
+ with_readline=
+fi
+
+fi
+
+# Check whether --with-readline-lib or --without-readline-lib was given.
+if test "${with_readline_lib+set}" = set; then
+ withval="$with_readline_lib"
+ if test "$withval" = "yes" -o "$withval" = "no"; then
+ { echo "configure: error: No argument for --with-readline-lib" 1>&2; exit 1; }
+elif test "X$with_readline" = "X"; then
+ with_readline=yes
+fi
+
+fi
+
+# Check whether --with-readline-include or --without-readline-include was given.
+if test "${with_readline_include+set}" = set; then
+ withval="$with_readline_include"
+ if test "$withval" = "yes" -o "$withval" = "no"; then
+ { echo "configure: error: No argument for --with-readline-include" 1>&2; exit 1; }
+elif test "X$with_readline" = "X"; then
+ with_readline=yes
+fi
+
+fi
+
+
+
+: << END
+@@@syms="$syms READLINE"@@@
+END
+
+if test -n "$with_readline"; then
+ cat >> confdefs.h <<\EOF
+#define READLINE 1
+EOF
+
+ if test "$with_readline" != "yes"; then
+ readline_dir=$with_readline
+ fi
+ if test -n "$with_readline_include"; then
+ trydir=$with_readline_include
+ elif test "$with_readline" != "yes"; then
+ trydir="$with_readline $with_readline/include"
+ else
+ trydir=
+ fi
+ found=
+ for i in $trydir ""; do
+ if test -n "$i"; then
+ if test -f $i/readline.h; then
+ found=yes; res=$i; break
+ fi
+ else
+ cat > conftest.$ac_ext <<EOF
+#line 1564 "configure"
+#include "confdefs.h"
+#include <readline.h>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:1569: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out`
+if test -z "$ac_err"; then
+ rm -rf conftest*
+ found=yes; res=$i; break
+else
+ echo "$ac_err" >&5
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+ fi
+ done
+ if test -n "$found"; then
+ readline_include=$res
+ else
+ { echo "configure: error: Cannot find readline.h" 1>&2; exit 1; }
+ fi
+ if test -n "$with_readline_lib"; then
+ trydir=$with_readline_lib
+ elif test "$with_readline" != "yes"; then
+ trydir="$with_readline $with_readline/lib"
+ else
+ trydir=
+ fi
+ found=
+ for i in $trydir ""; do
+ if test -n "$i"; then
+ if test -f $i/libreadline.a; then
+ found=yes; res=$i; break
+ fi
+ else
+ old_LIBS=$LIBS
+ LIBS="-lreadline $LIBS"
+ cat > conftest.$ac_ext <<EOF
+#line 1604 "configure"
+#include "confdefs.h"
+
+int main() {
+
+; return 0; }
+EOF
+if { (eval echo configure:1611: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ found=yes; res=$i; LIBS=$old_LIBS; break
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+ LIBS=$old_LIBS
+ fi
+ done
+ if test -n "$found"; then
+ readline_lib=$res
+ else
+ { echo "configure: error: Cannot find libreadline.a" 1>&2; exit 1; }
+ fi
+ echo "$ac_t""headers $readline_include, libraries $readline_lib" 1>&6
+ cat >> confdefs.h <<EOF
+#define READLINE 1
+EOF
+
+ if test -n "$readline_include"; then
+ READLINEINCLUDE="-I$readline_include"
+ fi
+
+ if test -n "$readline_lib"; then
+ READLINELIB="-L$readline_lib"
+ fi
+ READLINELIB="$READLINELIB -lreadline"
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+
+
+
+
+
+case ${with_shared} in
+ yes ) with_shared=yes;;
+ no ) with_shared=no;;
+ * ) with_shared=no;;
+esac
+
+# NOTE: Building shared libraries may not work if you do not use gcc!
+#
+# OS $SHLIBEXT
+# HP-UX sl
+# Linux so
+# NetBSD so
+# FreeBSD so
+# OSF so
+# SunOS5 so
+# SunOS4 so.0.5
+# Irix so
+#
+# LIBEXT is the extension we should build (.a or $SHLIBEXT)
+REAL_PICFLAGS="-fpic"
+LDSHARED='$(CC) $(PICFLAGS) -shared'
+LIBPREFIX=lib
+REAL_SHLIBEXT=so
+SHLIB_VERSION=`echo $VERSION | sed 's/\([0-9.]*\).*/\1/'`
+case "${host}" in
+*-*-hpux*)
+ REAL_SHLIBEXT=sl
+ REAL_LD_FLAGS='-Wl,+b$(libdir)'
+ if test -z "$GCC"; then
+ LDSHARED="ld -b"
+ REAL_PICFLAGS="+z"
+ fi
+ ;;
+*-*-linux*)
+ REAL_LD_FLAGS='-Wl,-rpath,$(libdir)'
+ ;;
+*-*-*bsd*)
+ REAL_SHLIBEXT=so.$SHLIB_VERSION
+ LDSHARED='ld -Bshareable'
+ REAL_LD_FLAGS='-Wl,-R$(libdir)'
+ ;;
+*-*-osf*)
+ REAL_LD_FLAGS='-Wl,-rpath,$(libdir)'
+ REAL_PICFLAGS=
+ LDSHARED='ld -shared -expect_unresolved \*'
+ ;;
+*-*-solaris2*)
+ REAL_LD_FLAGS='-Wl,-R$(libdir)'
+ if test -z "$GCC"; then
+ LDSHARED='$(CC) -G'
+ REAL_PICFLAGS="-Kpic"
+ fi
+ ;;
+*-*-sunos*)
+ REAL_SHLIBEXT=so.$SHLIB_VERSION
+ REAL_LD_FLAGS='-Wl,-L$(libdir)'
+ ;;
+*-*-irix*)
+ REAL_LD_FLAGS='-Wl,-rpath,$(libdir)'
+ REAL_PICFLAGS=
+ ;;
+*-*-os2_emx*)
+ LD_FLAGS='-Zexe'
+ LIBPREFIX=
+ EXECSUFFIX='.exe'
+ RANLIB=EMXOMF
+ REAL_SHLIBEXT=nobuild
+ ;;
+*-*-cygwin32*)
+ EXECSUFFIX='.exe'
+ REAL_SHLIBEXT=nobuild
+ ;;
+*) REAL_SHLIBEXT=nobuild
+ REAL_PICFLAGS=
+ ;;
+esac
+
+if test "${with_shared}" != "yes" ; then
+ PICFLAGS=""
+ SHLIBEXT="nobuild"
+ LIBEXT="a"
+else
+ PICFLAGS="$REAL_PICFLAGS"
+ SHLIBEXT="$REAL_SHLIBEXT"
+ LIBEXT="$SHLIBEXT"
+ LD_FLAGS="$REAL_LD_FLAGS"
+fi
+
+
+
+
+
+if test "${with_shared}" = "yes"; then
+echo $ac_n "checking for pragma weak""... $ac_c" 1>&6
+echo "configure:1743: checking for pragma weak" >&5
+if eval "test \"`echo '$''{'ac_have_pragma_weak'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+ac_have_pragma_weak=no
+cat > conftest_foo.$ac_ext <<'EOF'
+#line 1750 "configure"
+#include "confdefs.h"
+#pragma weak foo = _foo
+int _foo = 17;
+EOF
+cat > conftest_bar.$ac_ext <<'EOF'
+#line 1756 "configure"
+#include "confdefs.h"
+extern int foo;
+
+int t() {
+ return foo;
+}
+
+int main() {
+ return t();
+}
+EOF
+if { (eval echo configure:1768: \"$'CC -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest_foo.$ac_ext conftest_bar.$ac_ext 1>&5'\") 1>&5; (eval $'CC -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest_foo.$ac_ext conftest_bar.$ac_ext 1>&5') 2>&5; }; then
+ac_have_pragma_weak=yes
+fi
+rm -rf conftest*
+
+fi
+
+if test "$ac_have_pragma_weak" = "yes"; then
+ cat >> confdefs.h <<\EOF
+#define HAVE_PRAGMA_WEAK 1
+EOF
+fi
+echo "$ac_t""$ac_have_pragma_weak" 1>&6
+fi
+
+
+echo $ac_n "checking whether byte ordering is bigendian""... $ac_c" 1>&6
+echo "configure:1785: checking whether byte ordering is bigendian" >&5
+if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ ac_cv_c_bigendian=unknown
+# See if sys/param.h defines the BYTE_ORDER macro.
+cat > conftest.$ac_ext <<EOF
+#line 1792 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <sys/param.h>
+int main() {
+
+#if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN
+ bogus endian macros
+#endif
+; return 0; }
+EOF
+if { (eval echo configure:1803: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+ # It does; now see whether it defined to BIG_ENDIAN or not.
+cat > conftest.$ac_ext <<EOF
+#line 1807 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <sys/param.h>
+int main() {
+
+#if BYTE_ORDER != BIG_ENDIAN
+ not big endian
+#endif
+; return 0; }
+EOF
+if { (eval echo configure:1818: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+ ac_cv_c_bigendian=yes
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ ac_cv_c_bigendian=no
+fi
+rm -f conftest*
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+if test $ac_cv_c_bigendian = unknown; then
+if test "$cross_compiling" = yes; then
+ { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
+else
+ cat > conftest.$ac_ext <<EOF
+#line 1838 "configure"
+#include "confdefs.h"
+main () {
+ /* Are we little or big endian? From Harbison&Steele. */
+ union
+ {
+ long l;
+ char c[sizeof (long)];
+ } u;
+ u.l = 1;
+ exit (u.c[sizeof (long) - 1] == 1);
+}
+EOF
+if { (eval echo configure:1851: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null
+then
+ ac_cv_c_bigendian=no
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -fr conftest*
+ ac_cv_c_bigendian=yes
+fi
+rm -fr conftest*
+fi
+
+fi
+fi
+
+echo "$ac_t""$ac_cv_c_bigendian" 1>&6
+if test $ac_cv_c_bigendian = yes; then
+ cat >> confdefs.h <<\EOF
+#define WORDS_BIGENDIAN 1
+EOF
+
+fi
+
+
+echo $ac_n "checking for working const""... $ac_c" 1>&6
+echo "configure:1876: checking for working const" >&5
+if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 1881 "configure"
+#include "confdefs.h"
+
+int main() {
+
+/* Ultrix mips cc rejects this. */
+typedef int charset[2]; const charset x;
+/* SunOS 4.1.1 cc rejects this. */
+char const *const *ccp;
+char **p;
+/* NEC SVR4.0.2 mips cc rejects this. */
+struct point {int x, y;};
+static struct point const zero = {0,0};
+/* AIX XL C 1.02.0.0 rejects this.
+ It does not let you subtract one const X* pointer from another in an arm
+ of an if-expression whose if-part is not a constant expression */
+const char *g = "string";
+ccp = &g + (g ? g-g : 0);
+/* HPUX 7.0 cc rejects these. */
+++ccp;
+p = (char**) ccp;
+ccp = (char const *const *) p;
+{ /* SCO 3.2v4 cc rejects this. */
+ char *t;
+ char const *s = 0 ? (char *) 0 : (char const *) 0;
+
+ *t++ = 0;
+}
+{ /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */
+ int x[] = {25, 17};
+ const int *foo = &x[0];
+ ++foo;
+}
+{ /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
+ typedef const int *iptr;
+ iptr p = 0;
+ ++p;
+}
+{ /* AIX XL C 1.02.0.0 rejects this saying
+ "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
+ struct s { int j; const int *ap[3]; };
+ struct s *b; b->j = 5;
+}
+{ /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
+ const int foo = 10;
+}
+
+; return 0; }
+EOF
+if { (eval echo configure:1930: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+ ac_cv_c_const=yes
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ ac_cv_c_const=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_c_const" 1>&6
+if test $ac_cv_c_const = no; then
+ cat >> confdefs.h <<\EOF
+#define const
+EOF
+
+fi
+
+
+
+
+echo $ac_n "checking for NEXTSTEP""... $ac_c" 1>&6
+echo "configure:1954: checking for NEXTSTEP" >&5
+if eval "test \"`echo '$''{'krb_cv_sys_nextstep'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 1959 "configure"
+#include "confdefs.h"
+#ifdef NeXT
+ yes
+#endif
+
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ egrep "yes" >/dev/null 2>&1; then
+ rm -rf conftest*
+ krb_cv_sys_nextstep=yes
+else
+ rm -rf conftest*
+ krb_cv_sys_nextstep=no
+fi
+rm -f conftest*
+
+fi
+
+if test "$krb_cv_sys_nextstep" = "yes"; then
+ CFLAGS="$CFLAGS -posix"
+ LIBS="$LIBS -posix"
+fi
+echo "$ac_t""$krb_cv_sys_nextstep" 1>&6
+
+
+echo $ac_n "checking for AIX""... $ac_c" 1>&6
+echo "configure:1986: checking for AIX" >&5
+if eval "test \"`echo '$''{'krb_cv_sys_aix'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 1991 "configure"
+#include "confdefs.h"
+#ifdef _AIX
+ yes
+#endif
+
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ egrep "yes" >/dev/null 2>&1; then
+ rm -rf conftest*
+ krb_cv_sys_aix=yes
+else
+ rm -rf conftest*
+ krb_cv_sys_aix=no
+fi
+rm -f conftest*
+
+fi
+
+echo "$ac_t""$krb_cv_sys_aix" 1>&6
+
+
+if test "$krb_cv_sys_aix" = yes ;then
+ AFS_EXTRA_OBJS='$(srcdir)/afsl.exp dlfcn.o'
+
+ AFS_EXTRA_LIBS=afslib.so
+
+fi
+
+#
+# AIX needs /lib/pse.exp for getmsg, but alas that file is broken in
+# AIX414
+#
+
+if test -f /lib/pse.exp ;then
+ LIBS="$LIBS -Wl,-bI:/lib/pse.exp"
+fi
+
+
+echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6
+echo "configure:2031: checking for ANSI C header files" >&5
+if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 2036 "configure"
+#include "confdefs.h"
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <float.h>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2044: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out`
+if test -z "$ac_err"; then
+ rm -rf conftest*
+ ac_cv_header_stdc=yes
+else
+ echo "$ac_err" >&5
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+if test $ac_cv_header_stdc = yes; then
+ # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+cat > conftest.$ac_ext <<EOF
+#line 2061 "configure"
+#include "confdefs.h"
+#include <string.h>
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ egrep "memchr" >/dev/null 2>&1; then
+ :
+else
+ rm -rf conftest*
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+ # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+cat > conftest.$ac_ext <<EOF
+#line 2079 "configure"
+#include "confdefs.h"
+#include <stdlib.h>
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ egrep "free" >/dev/null 2>&1; then
+ :
+else
+ rm -rf conftest*
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+ # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+if test "$cross_compiling" = yes; then
+ :
+else
+ cat > conftest.$ac_ext <<EOF
+#line 2100 "configure"
+#include "confdefs.h"
+#include <ctype.h>
+#define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+#define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
+int main () { int i; for (i = 0; i < 256; i++)
+if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2);
+exit (0); }
+
+EOF
+if { (eval echo configure:2111: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null
+then
+ :
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -fr conftest*
+ ac_cv_header_stdc=no
+fi
+rm -fr conftest*
+fi
+
+fi
+fi
+
+echo "$ac_t""$ac_cv_header_stdc" 1>&6
+if test $ac_cv_header_stdc = yes; then
+ cat >> confdefs.h <<\EOF
+#define STDC_HEADERS 1
+EOF
+
+fi
+
+
+for ac_hdr in arpa/ftp.h arpa/inet.h arpa/nameser.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2139: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 2144 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2149: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out`
+if test -z "$ac_err"; then
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=yes"
+else
+ echo "$ac_err" >&5
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_hdr in arpa/telnet.h bind/bitypes.h bsd/bsd.h bsdsetjmp.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2179: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 2184 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2189: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out`
+if test -z "$ac_err"; then
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=yes"
+else
+ echo "$ac_err" >&5
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_hdr in crypt.h dbm.h dirent.h err.h fcntl.h grp.h io.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2219: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 2224 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2229: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out`
+if test -z "$ac_err"; then
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=yes"
+else
+ echo "$ac_err" >&5
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_hdr in lastlog.h login.h maillock.h ndbm.h net/if.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2259: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 2264 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2269: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out`
+if test -z "$ac_err"; then
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=yes"
+else
+ echo "$ac_err" >&5
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_hdr in net/if_tun.h net/if_var.h netdb.h netinet/in.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2299: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 2304 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2309: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out`
+if test -z "$ac_err"; then
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=yes"
+else
+ echo "$ac_err" >&5
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_hdr in netinet/in6_machtypes.h netinet/in_systm.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2339: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 2344 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2349: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out`
+if test -z "$ac_err"; then
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=yes"
+else
+ echo "$ac_err" >&5
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_hdr in netinet/ip.h netinet/tcp.h paths.h pty.h pwd.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2379: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 2384 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2389: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out`
+if test -z "$ac_err"; then
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=yes"
+else
+ echo "$ac_err" >&5
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_hdr in resolv.h rpcsvc/dbm.h sac.h security/pam_modules.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2419: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 2424 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2429: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out`
+if test -z "$ac_err"; then
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=yes"
+else
+ echo "$ac_err" >&5
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_hdr in shadow.h siad.h signal.h stropts.h sys/bitypes.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2459: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 2464 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2469: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out`
+if test -z "$ac_err"; then
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=yes"
+else
+ echo "$ac_err" >&5
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_hdr in sys/category.h sys/cdefs.h sys/file.h sys/filio.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2499: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 2504 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2509: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out`
+if test -z "$ac_err"; then
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=yes"
+else
+ echo "$ac_err" >&5
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_hdr in sys/ioccom.h sys/ioctl.h sys/locking.h sys/mman.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2539: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 2544 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2549: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out`
+if test -z "$ac_err"; then
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=yes"
+else
+ echo "$ac_err" >&5
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_hdr in sys/param.h sys/proc.h sys/ptyio.h sys/ptyvar.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2579: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 2584 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2589: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out`
+if test -z "$ac_err"; then
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=yes"
+else
+ echo "$ac_err" >&5
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_hdr in sys/resource.h sys/select.h sys/socket.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2619: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 2624 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2629: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out`
+if test -z "$ac_err"; then
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=yes"
+else
+ echo "$ac_err" >&5
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_hdr in sys/sockio.h sys/stat.h sys/str_tty.h sys/stream.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2659: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 2664 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2669: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out`
+if test -z "$ac_err"; then
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=yes"
+else
+ echo "$ac_err" >&5
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_hdr in sys/stropts.h sys/strtty.h sys/syscall.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2699: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 2704 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2709: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out`
+if test -z "$ac_err"; then
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=yes"
+else
+ echo "$ac_err" >&5
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_hdr in sys/sysctl.h sys/termio.h sys/time.h sys/timeb.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2739: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 2744 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2749: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out`
+if test -z "$ac_err"; then
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=yes"
+else
+ echo "$ac_err" >&5
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_hdr in sys/times.h sys/tty.h sys/types.h sys/uio.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2779: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 2784 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2789: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out`
+if test -z "$ac_err"; then
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=yes"
+else
+ echo "$ac_err" >&5
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_hdr in sys/un.h sys/utsname.h sys/wait.h syslog.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2819: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 2824 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2829: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out`
+if test -z "$ac_err"; then
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=yes"
+else
+ echo "$ac_err" >&5
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_hdr in termio.h termios.h tmpdir.h ttyent.h udb.h ulimit.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2859: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 2864 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2869: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out`
+if test -z "$ac_err"; then
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=yes"
+else
+ echo "$ac_err" >&5
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_hdr in unistd.h userpw.h usersec.h util.h utime.h utmp.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2899: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 2904 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2909: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out`
+if test -z "$ac_err"; then
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=yes"
+else
+ echo "$ac_err" >&5
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_hdr in utmpx.h wait.h winsock.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2939: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 2944 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2949: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out`
+if test -z "$ac_err"; then
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=yes"
+else
+ echo "$ac_err" >&5
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+
+echo $ac_n "checking whether time.h and sys/time.h may both be included""... $ac_c" 1>&6
+echo "configure:2977: checking whether time.h and sys/time.h may both be included" >&5
+if eval "test \"`echo '$''{'ac_cv_header_time'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 2982 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <sys/time.h>
+#include <time.h>
+int main() {
+struct tm *tp;
+; return 0; }
+EOF
+if { (eval echo configure:2991: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+ ac_cv_header_time=yes
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ ac_cv_header_time=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_header_time" 1>&6
+if test $ac_cv_header_time = yes; then
+ cat >> confdefs.h <<\EOF
+#define TIME_WITH_SYS_TIME 1
+EOF
+
+fi
+
+echo $ac_n "checking for sys_siglist declaration in signal.h or unistd.h""... $ac_c" 1>&6
+echo "configure:3012: checking for sys_siglist declaration in signal.h or unistd.h" >&5
+if eval "test \"`echo '$''{'ac_cv_decl_sys_siglist'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 3017 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <signal.h>
+/* NetBSD declares sys_siglist in unistd.h. */
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+int main() {
+char *msg = *(sys_siglist + 1);
+; return 0; }
+EOF
+if { (eval echo configure:3029: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+ ac_cv_decl_sys_siglist=yes
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ ac_cv_decl_sys_siglist=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_decl_sys_siglist" 1>&6
+if test $ac_cv_decl_sys_siglist = yes; then
+ cat >> confdefs.h <<\EOF
+#define SYS_SIGLIST_DECLARED 1
+EOF
+
+fi
+
+
+
+for i in int8_t int16_t int32_t int64_t; do
+ echo $ac_n "checking for $i""... $ac_c" 1>&6
+echo "configure:3053: checking for $i" >&5
+
+if eval "test \"`echo '$''{'ac_cv_type_$i'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 3059 "configure"
+#include "confdefs.h"
+
+#include "confdefs.h"
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_BIND_BITYPES_H
+#include <bind/bitypes.h>
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+#include <netinet/in6_machtypes.h>
+#endif
+
+int main() {
+$i x;
+
+; return 0; }
+EOF
+if { (eval echo configure:3081: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+ eval ac_cv_type_$i=yes
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval ac_cv_type_$i=no
+fi
+rm -f conftest*
+fi
+
+ eval ac_res=\$ac_cv_type_$i
+ if test "$ac_res" = yes; then
+ type=HAVE_`echo $i | tr 'a-z' 'A-Z'`
+ cat >> confdefs.h <<EOF
+#define $type 1
+EOF
+
+ fi
+ echo "$ac_t""$ac_res" 1>&6
+done
+
+
+for i in u_int8_t u_int16_t u_int32_t u_int64_t; do
+ echo $ac_n "checking for $i""... $ac_c" 1>&6
+echo "configure:3107: checking for $i" >&5
+
+if eval "test \"`echo '$''{'ac_cv_type_$i'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 3113 "configure"
+#include "confdefs.h"
+
+#include "confdefs.h"
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_BIND_BITYPES_H
+#include <bind/bitypes.h>
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+#include <netinet/in6_machtypes.h>
+#endif
+
+int main() {
+$i x;
+
+; return 0; }
+EOF
+if { (eval echo configure:3135: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+ eval ac_cv_type_$i=yes
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval ac_cv_type_$i=no
+fi
+rm -f conftest*
+fi
+
+ eval ac_res=\$ac_cv_type_$i
+ if test "$ac_res" = yes; then
+ type=HAVE_`echo $i | tr 'a-z' 'A-Z'`
+ cat >> confdefs.h <<EOF
+#define $type 1
+EOF
+
+ fi
+ echo "$ac_t""$ac_res" 1>&6
+done
+
+
+
+
+
+
+
+echo $ac_n "checking for socket""... $ac_c" 1>&6
+echo "configure:3165: checking for socket" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_socket'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+if eval "test \"\$ac_cv_func_socket\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" socket; do
+ if test -n "$ac_lib"; then
+ ac_lib="-l$ac_lib"
+ LIBS="$ac_lib $ac_save_LIBS"
+ fi
+ cat > conftest.$ac_ext <<EOF
+#line 3178 "configure"
+#include "confdefs.h"
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+int main() {
+socket(0,0,0)
+; return 0; }
+EOF
+if { (eval echo configure:3190: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_socket=$ac_lib; else ac_cv_funclib_socket=yes; fi";break
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+ done
+ eval "ac_cv_funclib_socket=\${ac_cv_funclib_socket-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_socket"
+
+# autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs socket"@@@
+@@@libs="$libs socket"@@@
+END
+
+eval "ac_tr_func=HAVE_`echo socket | tr '[a-z]' '[A-Z]'`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+eval "LIB_socket=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_socket=yes"
+ eval "LIB_socket="
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ echo "$ac_t""yes" 1>&6
+ ;;
+ no)
+ eval "ac_cv_func_socket=no"
+ eval "LIB_socket="
+ echo "$ac_t""no" 1>&6
+ ;;
+ *)
+ eval "ac_cv_func_socket=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+ echo "$ac_t""yes, in $ac_res" 1>&6
+ ;;
+esac
+
+
+if test -n "$LIB_socket"; then
+ LIBS="$LIB_socket $LIBS"
+fi
+
+
+
+
+echo $ac_n "checking for gethostbyname""... $ac_c" 1>&6
+echo "configure:3257: checking for gethostbyname" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_gethostbyname'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+if eval "test \"\$ac_cv_func_gethostbyname\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" nsl; do
+ if test -n "$ac_lib"; then
+ ac_lib="-l$ac_lib"
+ LIBS="$ac_lib $ac_save_LIBS"
+ fi
+ cat > conftest.$ac_ext <<EOF
+#line 3270 "configure"
+#include "confdefs.h"
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+int main() {
+gethostbyname("foo")
+; return 0; }
+EOF
+if { (eval echo configure:3282: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_gethostbyname=$ac_lib; else ac_cv_funclib_gethostbyname=yes; fi";break
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+ done
+ eval "ac_cv_funclib_gethostbyname=\${ac_cv_funclib_gethostbyname-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_gethostbyname"
+
+# autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs gethostbyname"@@@
+@@@libs="$libs nsl"@@@
+END
+
+eval "ac_tr_func=HAVE_`echo gethostbyname | tr '[a-z]' '[A-Z]'`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+eval "LIB_gethostbyname=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_gethostbyname=yes"
+ eval "LIB_gethostbyname="
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ echo "$ac_t""yes" 1>&6
+ ;;
+ no)
+ eval "ac_cv_func_gethostbyname=no"
+ eval "LIB_gethostbyname="
+ echo "$ac_t""no" 1>&6
+ ;;
+ *)
+ eval "ac_cv_func_gethostbyname=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+ echo "$ac_t""yes, in $ac_res" 1>&6
+ ;;
+esac
+
+
+if test -n "$LIB_gethostbyname"; then
+ LIBS="$LIB_gethostbyname $LIBS"
+fi
+
+
+
+
+
+
+echo $ac_n "checking for odm_initialize""... $ac_c" 1>&6
+echo "configure:3351: checking for odm_initialize" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_odm_initialize'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+if eval "test \"\$ac_cv_func_odm_initialize\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" odm; do
+ if test -n "$ac_lib"; then
+ ac_lib="-l$ac_lib"
+ LIBS="$ac_lib $ac_save_LIBS"
+ fi
+ cat > conftest.$ac_ext <<EOF
+#line 3364 "configure"
+#include "confdefs.h"
+
+int main() {
+odm_initialize()
+; return 0; }
+EOF
+if { (eval echo configure:3371: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_odm_initialize=$ac_lib; else ac_cv_funclib_odm_initialize=yes; fi";break
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+ done
+ eval "ac_cv_funclib_odm_initialize=\${ac_cv_funclib_odm_initialize-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_odm_initialize"
+
+# autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs odm_initialize"@@@
+@@@libs="$libs odm"@@@
+END
+
+eval "ac_tr_func=HAVE_`echo odm_initialize | tr '[a-z]' '[A-Z]'`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+eval "LIB_odm_initialize=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_odm_initialize=yes"
+ eval "LIB_odm_initialize="
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ echo "$ac_t""yes" 1>&6
+ ;;
+ no)
+ eval "ac_cv_func_odm_initialize=no"
+ eval "LIB_odm_initialize="
+ echo "$ac_t""no" 1>&6
+ ;;
+ *)
+ eval "ac_cv_func_odm_initialize=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+ echo "$ac_t""yes, in $ac_res" 1>&6
+ ;;
+esac
+
+
+if test -n "$LIB_odm_initialize"; then
+ LIBS="$LIB_odm_initialize $LIBS"
+fi
+
+
+
+
+echo $ac_n "checking for getattr""... $ac_c" 1>&6
+echo "configure:3438: checking for getattr" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_getattr'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+if eval "test \"\$ac_cv_func_getattr\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" cfg; do
+ if test -n "$ac_lib"; then
+ ac_lib="-l$ac_lib"
+ LIBS="$ac_lib $ac_save_LIBS"
+ fi
+ cat > conftest.$ac_ext <<EOF
+#line 3451 "configure"
+#include "confdefs.h"
+
+int main() {
+getattr()
+; return 0; }
+EOF
+if { (eval echo configure:3458: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_getattr=$ac_lib; else ac_cv_funclib_getattr=yes; fi";break
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+ done
+ eval "ac_cv_funclib_getattr=\${ac_cv_funclib_getattr-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_getattr"
+
+# autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs getattr"@@@
+@@@libs="$libs cfg"@@@
+END
+
+eval "ac_tr_func=HAVE_`echo getattr | tr '[a-z]' '[A-Z]'`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+eval "LIB_getattr=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_getattr=yes"
+ eval "LIB_getattr="
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ echo "$ac_t""yes" 1>&6
+ ;;
+ no)
+ eval "ac_cv_func_getattr=no"
+ eval "LIB_getattr="
+ echo "$ac_t""no" 1>&6
+ ;;
+ *)
+ eval "ac_cv_func_getattr=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+ echo "$ac_t""yes, in $ac_res" 1>&6
+ ;;
+esac
+
+
+if test -n "$LIB_getattr"; then
+ LIBS="$LIB_getattr $LIBS"
+fi
+
+
+
+
+echo $ac_n "checking for setpcred""... $ac_c" 1>&6
+echo "configure:3525: checking for setpcred" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_setpcred'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+if eval "test \"\$ac_cv_func_setpcred\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" s; do
+ if test -n "$ac_lib"; then
+ ac_lib="-l$ac_lib"
+ LIBS="$ac_lib $ac_save_LIBS"
+ fi
+ cat > conftest.$ac_ext <<EOF
+#line 3538 "configure"
+#include "confdefs.h"
+
+int main() {
+setpcred()
+; return 0; }
+EOF
+if { (eval echo configure:3545: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_setpcred=$ac_lib; else ac_cv_funclib_setpcred=yes; fi";break
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+ done
+ eval "ac_cv_funclib_setpcred=\${ac_cv_funclib_setpcred-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_setpcred"
+
+# autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs setpcred"@@@
+@@@libs="$libs s"@@@
+END
+
+eval "ac_tr_func=HAVE_`echo setpcred | tr '[a-z]' '[A-Z]'`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+eval "LIB_setpcred=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_setpcred=yes"
+ eval "LIB_setpcred="
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ echo "$ac_t""yes" 1>&6
+ ;;
+ no)
+ eval "ac_cv_func_setpcred=no"
+ eval "LIB_setpcred="
+ echo "$ac_t""no" 1>&6
+ ;;
+ *)
+ eval "ac_cv_func_setpcred=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+ echo "$ac_t""yes, in $ac_res" 1>&6
+ ;;
+esac
+
+
+if test -n "$LIB_setpcred"; then
+ LIBS="$LIB_setpcred $LIBS"
+fi
+
+
+
+
+echo $ac_n "checking for logwtmp""... $ac_c" 1>&6
+echo "configure:3612: checking for logwtmp" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_logwtmp'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+if eval "test \"\$ac_cv_func_logwtmp\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" util; do
+ if test -n "$ac_lib"; then
+ ac_lib="-l$ac_lib"
+ LIBS="$ac_lib $ac_save_LIBS"
+ fi
+ cat > conftest.$ac_ext <<EOF
+#line 3625 "configure"
+#include "confdefs.h"
+
+int main() {
+logwtmp()
+; return 0; }
+EOF
+if { (eval echo configure:3632: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_logwtmp=$ac_lib; else ac_cv_funclib_logwtmp=yes; fi";break
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+ done
+ eval "ac_cv_funclib_logwtmp=\${ac_cv_funclib_logwtmp-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_logwtmp"
+
+# autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs logwtmp"@@@
+@@@libs="$libs util"@@@
+END
+
+eval "ac_tr_func=HAVE_`echo logwtmp | tr '[a-z]' '[A-Z]'`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+eval "LIB_logwtmp=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_logwtmp=yes"
+ eval "LIB_logwtmp="
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ echo "$ac_t""yes" 1>&6
+ ;;
+ no)
+ eval "ac_cv_func_logwtmp=no"
+ eval "LIB_logwtmp="
+ echo "$ac_t""no" 1>&6
+ ;;
+ *)
+ eval "ac_cv_func_logwtmp=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+ echo "$ac_t""yes, in $ac_res" 1>&6
+ ;;
+esac
+
+
+if test -n "$LIB_logwtmp"; then
+ LIBS="$LIB_logwtmp $LIBS"
+fi
+
+
+
+
+
+echo $ac_n "checking for logout""... $ac_c" 1>&6
+echo "configure:3700: checking for logout" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_logout'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+if eval "test \"\$ac_cv_func_logout\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" util; do
+ if test -n "$ac_lib"; then
+ ac_lib="-l$ac_lib"
+ LIBS="$ac_lib $ac_save_LIBS"
+ fi
+ cat > conftest.$ac_ext <<EOF
+#line 3713 "configure"
+#include "confdefs.h"
+
+int main() {
+logout()
+; return 0; }
+EOF
+if { (eval echo configure:3720: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_logout=$ac_lib; else ac_cv_funclib_logout=yes; fi";break
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+ done
+ eval "ac_cv_funclib_logout=\${ac_cv_funclib_logout-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_logout"
+
+# autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs logout"@@@
+@@@libs="$libs util"@@@
+END
+
+eval "ac_tr_func=HAVE_`echo logout | tr '[a-z]' '[A-Z]'`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+eval "LIB_logout=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_logout=yes"
+ eval "LIB_logout="
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ echo "$ac_t""yes" 1>&6
+ ;;
+ no)
+ eval "ac_cv_func_logout=no"
+ eval "LIB_logout="
+ echo "$ac_t""no" 1>&6
+ ;;
+ *)
+ eval "ac_cv_func_logout=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+ echo "$ac_t""yes, in $ac_res" 1>&6
+ ;;
+esac
+
+
+if test -n "$LIB_logout"; then
+ LIBS="$LIB_logout $LIBS"
+fi
+
+
+
+echo $ac_n "checking for tgetent""... $ac_c" 1>&6
+echo "configure:3786: checking for tgetent" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_tgetent'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+if eval "test \"\$ac_cv_func_tgetent\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" termcap; do
+ if test -n "$ac_lib"; then
+ ac_lib="-l$ac_lib"
+ LIBS="$ac_lib $ac_save_LIBS"
+ fi
+ cat > conftest.$ac_ext <<EOF
+#line 3799 "configure"
+#include "confdefs.h"
+
+int main() {
+tgetent()
+; return 0; }
+EOF
+if { (eval echo configure:3806: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_tgetent=$ac_lib; else ac_cv_funclib_tgetent=yes; fi";break
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+ done
+ eval "ac_cv_funclib_tgetent=\${ac_cv_funclib_tgetent-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_tgetent"
+
+# autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs tgetent"@@@
+@@@libs="$libs termcap"@@@
+END
+
+eval "ac_tr_func=HAVE_`echo tgetent | tr '[a-z]' '[A-Z]'`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+eval "LIB_tgetent=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_tgetent=yes"
+ eval "LIB_tgetent="
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ echo "$ac_t""yes" 1>&6
+ ;;
+ no)
+ eval "ac_cv_func_tgetent=no"
+ eval "LIB_tgetent="
+ echo "$ac_t""no" 1>&6
+ ;;
+ *)
+ eval "ac_cv_func_tgetent=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+ echo "$ac_t""yes, in $ac_res" 1>&6
+ ;;
+esac
+
+
+
+# If we find X, set shell vars x_includes and x_libraries to the
+# paths, otherwise set no_x=yes.
+# Uses ac_ vars as temps to allow command line to override cache and checks.
+# --without-x overrides everything else, but does not touch the cache.
+echo $ac_n "checking for X""... $ac_c" 1>&6
+echo "configure:3871: checking for X" >&5
+
+# Check whether --with-x or --without-x was given.
+if test "${with_x+set}" = set; then
+ withval="$with_x"
+ :
+fi
+
+# $have_x is `yes', `no', `disabled', or empty when we do not yet know.
+if test "x$with_x" = xno; then
+ # The user explicitly disabled X.
+ have_x=disabled
+else
+ if test "x$x_includes" != xNONE && test "x$x_libraries" != xNONE; then
+ # Both variables are already set.
+ have_x=yes
+ else
+if eval "test \"`echo '$''{'ac_cv_have_x'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ # One or both of the vars are not set, and there is no cached value.
+ac_x_includes=NO ac_x_libraries=NO
+rm -fr conftestdir
+if mkdir conftestdir; then
+ cd conftestdir
+ # Make sure to not put "make" in the Imakefile rules, since we grep it out.
+ cat > Imakefile <<'EOF'
+acfindx:
+ @echo 'ac_im_incroot="${INCROOT}"; ac_im_usrlibdir="${USRLIBDIR}"; ac_im_libdir="${LIBDIR}"'
+EOF
+ if (xmkmf) >/dev/null 2>/dev/null && test -f Makefile; then
+ # GNU make sometimes prints "make[1]: Entering...", which would confuse us.
+ eval `${MAKE-make} acfindx 2>/dev/null | grep -v make`
+ # Open Windows xmkmf reportedly sets LIBDIR instead of USRLIBDIR.
+ for ac_extension in a so sl; do
+ if test ! -f $ac_im_usrlibdir/libX11.$ac_extension &&
+ test -f $ac_im_libdir/libX11.$ac_extension; then
+ ac_im_usrlibdir=$ac_im_libdir; break
+ fi
+ done
+ # Screen out bogus values from the imake configuration. They are
+ # bogus both because they are the default anyway, and because
+ # using them would break gcc on systems where it needs fixed includes.
+ case "$ac_im_incroot" in
+ /usr/include) ;;
+ *) test -f "$ac_im_incroot/X11/Xos.h" && ac_x_includes="$ac_im_incroot" ;;
+ esac
+ case "$ac_im_usrlibdir" in
+ /usr/lib | /lib) ;;
+ *) test -d "$ac_im_usrlibdir" && ac_x_libraries="$ac_im_usrlibdir" ;;
+ esac
+ fi
+ cd ..
+ rm -fr conftestdir
+fi
+
+if test "$ac_x_includes" = NO; then
+ # Guess where to find include files, by looking for this one X11 .h file.
+ test -z "$x_direct_test_include" && x_direct_test_include=X11/Intrinsic.h
+
+ # First, try using that file with no special directory specified.
+cat > conftest.$ac_ext <<EOF
+#line 3933 "configure"
+#include "confdefs.h"
+#include <$x_direct_test_include>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:3938: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out`
+if test -z "$ac_err"; then
+ rm -rf conftest*
+ # We can compile using X headers with no special include directory.
+ac_x_includes=
+else
+ echo "$ac_err" >&5
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ # Look for the header file in a standard set of common directories.
+# Check X11 before X11Rn because it is often a symlink to the current release.
+ for ac_dir in \
+ /usr/X11/include \
+ /usr/X11R6/include \
+ /usr/X11R5/include \
+ /usr/X11R4/include \
+ \
+ /usr/include/X11 \
+ /usr/include/X11R6 \
+ /usr/include/X11R5 \
+ /usr/include/X11R4 \
+ \
+ /usr/local/X11/include \
+ /usr/local/X11R6/include \
+ /usr/local/X11R5/include \
+ /usr/local/X11R4/include \
+ \
+ /usr/local/include/X11 \
+ /usr/local/include/X11R6 \
+ /usr/local/include/X11R5 \
+ /usr/local/include/X11R4 \
+ \
+ /usr/X386/include \
+ /usr/x386/include \
+ /usr/XFree86/include/X11 \
+ \
+ /usr/include \
+ /usr/local/include \
+ /usr/unsupported/include \
+ /usr/athena/include \
+ /usr/local/x11r5/include \
+ /usr/lpp/Xamples/include \
+ \
+ /usr/openwin/include \
+ /usr/openwin/share/include \
+ ; \
+ do
+ if test -r "$ac_dir/$x_direct_test_include"; then
+ ac_x_includes=$ac_dir
+ break
+ fi
+ done
+fi
+rm -f conftest*
+fi # $ac_x_includes = NO
+
+if test "$ac_x_libraries" = NO; then
+ # Check for the libraries.
+
+ test -z "$x_direct_test_library" && x_direct_test_library=Xt
+ test -z "$x_direct_test_function" && x_direct_test_function=XtMalloc
+
+ # See if we find them without any special options.
+ # Don't add to $LIBS permanently.
+ ac_save_LIBS="$LIBS"
+ LIBS="-l$x_direct_test_library $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 4007 "configure"
+#include "confdefs.h"
+
+int main() {
+${x_direct_test_function}()
+; return 0; }
+EOF
+if { (eval echo configure:4014: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ LIBS="$ac_save_LIBS"
+# We can link X programs with no special library path.
+ac_x_libraries=
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ LIBS="$ac_save_LIBS"
+# First see if replacing the include by lib works.
+# Check X11 before X11Rn because it is often a symlink to the current release.
+for ac_dir in `echo "$ac_x_includes" | sed s/include/lib/` \
+ /usr/X11/lib \
+ /usr/X11R6/lib \
+ /usr/X11R5/lib \
+ /usr/X11R4/lib \
+ \
+ /usr/lib/X11 \
+ /usr/lib/X11R6 \
+ /usr/lib/X11R5 \
+ /usr/lib/X11R4 \
+ \
+ /usr/local/X11/lib \
+ /usr/local/X11R6/lib \
+ /usr/local/X11R5/lib \
+ /usr/local/X11R4/lib \
+ \
+ /usr/local/lib/X11 \
+ /usr/local/lib/X11R6 \
+ /usr/local/lib/X11R5 \
+ /usr/local/lib/X11R4 \
+ \
+ /usr/X386/lib \
+ /usr/x386/lib \
+ /usr/XFree86/lib/X11 \
+ \
+ /usr/lib \
+ /usr/local/lib \
+ /usr/unsupported/lib \
+ /usr/athena/lib \
+ /usr/local/x11r5/lib \
+ /usr/lpp/Xamples/lib \
+ /lib/usr/lib/X11 \
+ \
+ /usr/openwin/lib \
+ /usr/openwin/share/lib \
+ ; \
+do
+ for ac_extension in a so sl; do
+ if test -r $ac_dir/lib${x_direct_test_library}.$ac_extension; then
+ ac_x_libraries=$ac_dir
+ break 2
+ fi
+ done
+done
+fi
+rm -f conftest*
+fi # $ac_x_libraries = NO
+
+if test "$ac_x_includes" = NO || test "$ac_x_libraries" = NO; then
+ # Didn't find X anywhere. Cache the known absence of X.
+ ac_cv_have_x="have_x=no"
+else
+ # Record where we found X for the cache.
+ ac_cv_have_x="have_x=yes \
+ ac_x_includes=$ac_x_includes ac_x_libraries=$ac_x_libraries"
+fi
+fi
+ fi
+ eval "$ac_cv_have_x"
+fi # $with_x != no
+
+if test "$have_x" != yes; then
+ echo "$ac_t""$have_x" 1>&6
+ no_x=yes
+else
+ # If each of the values was on the command line, it overrides each guess.
+ test "x$x_includes" = xNONE && x_includes=$ac_x_includes
+ test "x$x_libraries" = xNONE && x_libraries=$ac_x_libraries
+ # Update the cache value to reflect the command line values.
+ ac_cv_have_x="have_x=yes \
+ ac_x_includes=$x_includes ac_x_libraries=$x_libraries"
+ echo "$ac_t""libraries $x_libraries, headers $x_includes" 1>&6
+fi
+
+if test "$no_x" = yes; then
+ # Not all programs may use this symbol, but it does not hurt to define it.
+ cat >> confdefs.h <<\EOF
+#define X_DISPLAY_MISSING 1
+EOF
+
+ X_CFLAGS= X_PRE_LIBS= X_LIBS= X_EXTRA_LIBS=
+else
+ if test -n "$x_includes"; then
+ X_CFLAGS="$X_CFLAGS -I$x_includes"
+ fi
+
+ # It would also be nice to do this for all -L options, not just this one.
+ if test -n "$x_libraries"; then
+ X_LIBS="$X_LIBS -L$x_libraries"
+ # For Solaris; some versions of Sun CC require a space after -R and
+ # others require no space. Words are not sufficient . . . .
+ case "`(uname -sr) 2>/dev/null`" in
+ "SunOS 5"*)
+ echo $ac_n "checking whether -R must be followed by a space""... $ac_c" 1>&6
+echo "configure:4120: checking whether -R must be followed by a space" >&5
+ ac_xsave_LIBS="$LIBS"; LIBS="$LIBS -R$x_libraries"
+ cat > conftest.$ac_ext <<EOF
+#line 4123 "configure"
+#include "confdefs.h"
+
+int main() {
+
+; return 0; }
+EOF
+if { (eval echo configure:4130: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ ac_R_nospace=yes
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ ac_R_nospace=no
+fi
+rm -f conftest*
+ if test $ac_R_nospace = yes; then
+ echo "$ac_t""no" 1>&6
+ X_LIBS="$X_LIBS -R$x_libraries"
+ else
+ LIBS="$ac_xsave_LIBS -R $x_libraries"
+ cat > conftest.$ac_ext <<EOF
+#line 4146 "configure"
+#include "confdefs.h"
+
+int main() {
+
+; return 0; }
+EOF
+if { (eval echo configure:4153: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ ac_R_space=yes
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ ac_R_space=no
+fi
+rm -f conftest*
+ if test $ac_R_space = yes; then
+ echo "$ac_t""yes" 1>&6
+ X_LIBS="$X_LIBS -R $x_libraries"
+ else
+ echo "$ac_t""neither works" 1>&6
+ fi
+ fi
+ LIBS="$ac_xsave_LIBS"
+ esac
+ fi
+
+ # Check for system-dependent libraries X programs must link with.
+ # Do this before checking for the system-independent R6 libraries
+ # (-lICE), since we may need -lsocket or whatever for X linking.
+
+ if test "$ISC" = yes; then
+ X_EXTRA_LIBS="$X_EXTRA_LIBS -lnsl_s -linet"
+ else
+ # Martyn.Johnson@cl.cam.ac.uk says this is needed for Ultrix, if the X
+ # libraries were built with DECnet support. And karl@cs.umb.edu says
+ # the Alpha needs dnet_stub (dnet does not exist).
+ echo $ac_n "checking for dnet_ntoa in -ldnet""... $ac_c" 1>&6
+echo "configure:4185: checking for dnet_ntoa in -ldnet" >&5
+ac_lib_var=`echo dnet'_'dnet_ntoa | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ ac_save_LIBS="$LIBS"
+LIBS="-ldnet $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 4193 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char dnet_ntoa();
+
+int main() {
+dnet_ntoa()
+; return 0; }
+EOF
+if { (eval echo configure:4204: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ X_EXTRA_LIBS="$X_EXTRA_LIBS -ldnet"
+else
+ echo "$ac_t""no" 1>&6
+fi
+
+ if test $ac_cv_lib_dnet_dnet_ntoa = no; then
+ echo $ac_n "checking for dnet_ntoa in -ldnet_stub""... $ac_c" 1>&6
+echo "configure:4226: checking for dnet_ntoa in -ldnet_stub" >&5
+ac_lib_var=`echo dnet_stub'_'dnet_ntoa | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ ac_save_LIBS="$LIBS"
+LIBS="-ldnet_stub $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 4234 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char dnet_ntoa();
+
+int main() {
+dnet_ntoa()
+; return 0; }
+EOF
+if { (eval echo configure:4245: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ X_EXTRA_LIBS="$X_EXTRA_LIBS -ldnet_stub"
+else
+ echo "$ac_t""no" 1>&6
+fi
+
+ fi
+
+ # msh@cis.ufl.edu says -lnsl (and -lsocket) are needed for his 386/AT,
+ # to get the SysV transport functions.
+ # chad@anasazi.com says the Pyramis MIS-ES running DC/OSx (SVR4)
+ # needs -lnsl.
+ # The nsl library prevents programs from opening the X display
+ # on Irix 5.2, according to dickey@clark.net.
+ echo $ac_n "checking for gethostbyname""... $ac_c" 1>&6
+echo "configure:4274: checking for gethostbyname" >&5
+if eval "test \"`echo '$''{'ac_cv_func_gethostbyname'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 4279 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char gethostbyname(); below. */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char gethostbyname();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_gethostbyname) || defined (__stub___gethostbyname)
+choke me
+#else
+gethostbyname();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:4302: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "ac_cv_func_gethostbyname=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_func_gethostbyname=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'gethostbyname`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ :
+else
+ echo "$ac_t""no" 1>&6
+fi
+
+ if test $ac_cv_func_gethostbyname = no; then
+ echo $ac_n "checking for gethostbyname in -lnsl""... $ac_c" 1>&6
+echo "configure:4323: checking for gethostbyname in -lnsl" >&5
+ac_lib_var=`echo nsl'_'gethostbyname | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ ac_save_LIBS="$LIBS"
+LIBS="-lnsl $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 4331 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char gethostbyname();
+
+int main() {
+gethostbyname()
+; return 0; }
+EOF
+if { (eval echo configure:4342: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ X_EXTRA_LIBS="$X_EXTRA_LIBS -lnsl"
+else
+ echo "$ac_t""no" 1>&6
+fi
+
+ fi
+
+ # lieder@skyler.mavd.honeywell.com says without -lsocket,
+ # socket/setsockopt and other routines are undefined under SCO ODT
+ # 2.0. But -lsocket is broken on IRIX 5.2 (and is not necessary
+ # on later versions), says simon@lia.di.epfl.ch: it contains
+ # gethostby* variants that don't use the nameserver (or something).
+ # -lsocket must be given before -lnsl if both are needed.
+ # We assume that if connect needs -lnsl, so does gethostbyname.
+ echo $ac_n "checking for connect""... $ac_c" 1>&6
+echo "configure:4372: checking for connect" >&5
+if eval "test \"`echo '$''{'ac_cv_func_connect'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 4377 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char connect(); below. */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char connect();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_connect) || defined (__stub___connect)
+choke me
+#else
+connect();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:4400: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "ac_cv_func_connect=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_func_connect=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'connect`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ :
+else
+ echo "$ac_t""no" 1>&6
+fi
+
+ if test $ac_cv_func_connect = no; then
+ echo $ac_n "checking for connect in -lsocket""... $ac_c" 1>&6
+echo "configure:4421: checking for connect in -lsocket" >&5
+ac_lib_var=`echo socket'_'connect | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ ac_save_LIBS="$LIBS"
+LIBS="-lsocket $X_EXTRA_LIBS $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 4429 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char connect();
+
+int main() {
+connect()
+; return 0; }
+EOF
+if { (eval echo configure:4440: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ X_EXTRA_LIBS="-lsocket $X_EXTRA_LIBS"
+else
+ echo "$ac_t""no" 1>&6
+fi
+
+ fi
+
+ # gomez@mi.uni-erlangen.de says -lposix is necessary on A/UX.
+ echo $ac_n "checking for remove""... $ac_c" 1>&6
+echo "configure:4464: checking for remove" >&5
+if eval "test \"`echo '$''{'ac_cv_func_remove'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 4469 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char remove(); below. */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char remove();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_remove) || defined (__stub___remove)
+choke me
+#else
+remove();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:4492: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "ac_cv_func_remove=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_func_remove=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'remove`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ :
+else
+ echo "$ac_t""no" 1>&6
+fi
+
+ if test $ac_cv_func_remove = no; then
+ echo $ac_n "checking for remove in -lposix""... $ac_c" 1>&6
+echo "configure:4513: checking for remove in -lposix" >&5
+ac_lib_var=`echo posix'_'remove | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ ac_save_LIBS="$LIBS"
+LIBS="-lposix $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 4521 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char remove();
+
+int main() {
+remove()
+; return 0; }
+EOF
+if { (eval echo configure:4532: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ X_EXTRA_LIBS="$X_EXTRA_LIBS -lposix"
+else
+ echo "$ac_t""no" 1>&6
+fi
+
+ fi
+
+ # BSDI BSD/OS 2.1 needs -lipc for XOpenDisplay.
+ echo $ac_n "checking for shmat""... $ac_c" 1>&6
+echo "configure:4556: checking for shmat" >&5
+if eval "test \"`echo '$''{'ac_cv_func_shmat'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 4561 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char shmat(); below. */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char shmat();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_shmat) || defined (__stub___shmat)
+choke me
+#else
+shmat();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:4584: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "ac_cv_func_shmat=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_func_shmat=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'shmat`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ :
+else
+ echo "$ac_t""no" 1>&6
+fi
+
+ if test $ac_cv_func_shmat = no; then
+ echo $ac_n "checking for shmat in -lipc""... $ac_c" 1>&6
+echo "configure:4605: checking for shmat in -lipc" >&5
+ac_lib_var=`echo ipc'_'shmat | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ ac_save_LIBS="$LIBS"
+LIBS="-lipc $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 4613 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char shmat();
+
+int main() {
+shmat()
+; return 0; }
+EOF
+if { (eval echo configure:4624: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ X_EXTRA_LIBS="$X_EXTRA_LIBS -lipc"
+else
+ echo "$ac_t""no" 1>&6
+fi
+
+ fi
+ fi
+
+ # Check for libraries that X11R6 Xt/Xaw programs need.
+ ac_save_LDFLAGS="$LDFLAGS"
+ test -n "$x_libraries" && LDFLAGS="$LDFLAGS -L$x_libraries"
+ # SM needs ICE to (dynamically) link under SunOS 4.x (so we have to
+ # check for ICE first), but we must link in the order -lSM -lICE or
+ # we get undefined symbols. So assume we have SM if we have ICE.
+ # These have to be linked with before -lX11, unlike the other
+ # libraries we check for below, so use a different variable.
+ # --interran@uluru.Stanford.EDU, kb@cs.umb.edu.
+ echo $ac_n "checking for IceConnectionNumber in -lICE""... $ac_c" 1>&6
+echo "configure:4657: checking for IceConnectionNumber in -lICE" >&5
+ac_lib_var=`echo ICE'_'IceConnectionNumber | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ ac_save_LIBS="$LIBS"
+LIBS="-lICE $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 4665 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char IceConnectionNumber();
+
+int main() {
+IceConnectionNumber()
+; return 0; }
+EOF
+if { (eval echo configure:4676: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ X_PRE_LIBS="$X_PRE_LIBS -lSM -lICE"
+else
+ echo "$ac_t""no" 1>&6
+fi
+
+ LDFLAGS="$ac_save_LDFLAGS"
+
+fi
+
+if test "$no_x" = "yes" ; then
+ MAKE_X_PROGS_BIN=""
+ MAKE_X_PROGS_LIBEXEC=""
+else
+ MAKE_X_PROGS_BIN='$(X_PROGS_BIN)'
+ MAKE_X_PROGS_LIBEXEC='$(X_PROGS_LIBEXEC)'
+fi
+
+save_CFLAGS="$CFLAGS"
+CFLAGS="$X_CFLAGS $CFLAGS"
+save_LIBS="$LIBS"
+LIBS="$X_PRE_LIBS $X_EXTRA_LIBS $LIBS"
+save_LDFLAGS="$LDFLAGS"
+LDFLAGS="$LDFLAGS $X_LIBS"
+
+
+
+echo $ac_n "checking for XauReadAuth""... $ac_c" 1>&6
+echo "configure:4718: checking for XauReadAuth" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_XauReadAuth'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+if eval "test \"\$ac_cv_func_XauReadAuth\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" Xau X11; do
+ if test -n "$ac_lib"; then
+ ac_lib="-l$ac_lib"
+ LIBS="$ac_lib $ac_save_LIBS"
+ fi
+ cat > conftest.$ac_ext <<EOF
+#line 4731 "configure"
+#include "confdefs.h"
+
+int main() {
+XauReadAuth()
+; return 0; }
+EOF
+if { (eval echo configure:4738: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauReadAuth=$ac_lib; else ac_cv_funclib_XauReadAuth=yes; fi";break
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+ done
+ eval "ac_cv_funclib_XauReadAuth=\${ac_cv_funclib_XauReadAuth-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_XauReadAuth"
+
+# autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs XauReadAuth"@@@
+@@@libs="$libs Xau X11"@@@
+END
+
+eval "ac_tr_func=HAVE_`echo XauReadAuth | tr '[a-z]' '[A-Z]'`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+eval "LIB_XauReadAuth=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_XauReadAuth=yes"
+ eval "LIB_XauReadAuth="
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ echo "$ac_t""yes" 1>&6
+ ;;
+ no)
+ eval "ac_cv_func_XauReadAuth=no"
+ eval "LIB_XauReadAuth="
+ echo "$ac_t""no" 1>&6
+ ;;
+ *)
+ eval "ac_cv_func_XauReadAuth=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+ echo "$ac_t""yes, in $ac_res" 1>&6
+ ;;
+esac
+
+
+ac_xxx="$LIBS"
+LIBS="$LIB_XauReadAuth $LIBS"
+for ac_func in XauWriteAuth
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:4802: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 4807 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func(); below. */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:4830: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+if test "$ac_cv_func_XauWriteAuth" != "yes"; then
+ XauWriteAuth_c=writeauth.c
+ XauWriteAuth_o=writeauth.o
+fi
+LIBS="$ac_xxx"
+
+CFLAGS=$save_CFLAGS
+LIBS=$save_LIBS
+LDFLAGS=$save_LDFLAGS
+
+
+save_LIBS="$LIBS"
+
+
+echo $ac_n "checking for dbopen""... $ac_c" 1>&6
+echo "configure:4869: checking for dbopen" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_dbopen'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+if eval "test \"\$ac_cv_func_dbopen\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" $berkeley_db; do
+ if test -n "$ac_lib"; then
+ ac_lib="-l$ac_lib"
+ LIBS="$ac_lib $ac_save_LIBS"
+ fi
+ cat > conftest.$ac_ext <<EOF
+#line 4882 "configure"
+#include "confdefs.h"
+
+int main() {
+dbopen()
+; return 0; }
+EOF
+if { (eval echo configure:4889: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_dbopen=$ac_lib; else ac_cv_funclib_dbopen=yes; fi";break
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+ done
+ eval "ac_cv_funclib_dbopen=\${ac_cv_funclib_dbopen-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_dbopen"
+
+# autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs dbopen"@@@
+@@@libs="$libs $berkeley_db"@@@
+END
+
+eval "ac_tr_func=HAVE_`echo dbopen | tr '[a-z]' '[A-Z]'`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+eval "LIB_dbopen=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_dbopen=yes"
+ eval "LIB_dbopen="
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ echo "$ac_t""yes" 1>&6
+ ;;
+ no)
+ eval "ac_cv_func_dbopen=no"
+ eval "LIB_dbopen="
+ echo "$ac_t""no" 1>&6
+ ;;
+ *)
+ eval "ac_cv_func_dbopen=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+ echo "$ac_t""yes, in $ac_res" 1>&6
+ ;;
+esac
+
+
+LIBS="$LIB_dbopen $LIBS"
+
+
+echo $ac_n "checking for dbm_firstkey""... $ac_c" 1>&6
+echo "configure:4952: checking for dbm_firstkey" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_dbm_firstkey'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+if eval "test \"\$ac_cv_func_dbm_firstkey\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" $berkeley_db gdbm ndbm; do
+ if test -n "$ac_lib"; then
+ ac_lib="-l$ac_lib"
+ LIBS="$ac_lib $ac_save_LIBS"
+ fi
+ cat > conftest.$ac_ext <<EOF
+#line 4965 "configure"
+#include "confdefs.h"
+
+int main() {
+dbm_firstkey()
+; return 0; }
+EOF
+if { (eval echo configure:4972: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_dbm_firstkey=$ac_lib; else ac_cv_funclib_dbm_firstkey=yes; fi";break
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+ done
+ eval "ac_cv_funclib_dbm_firstkey=\${ac_cv_funclib_dbm_firstkey-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_dbm_firstkey"
+
+# autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs dbm_firstkey"@@@
+@@@libs="$libs $berkeley_db gdbm ndbm"@@@
+END
+
+eval "ac_tr_func=HAVE_`echo dbm_firstkey | tr '[a-z]' '[A-Z]'`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+eval "LIB_dbm_firstkey=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_dbm_firstkey=yes"
+ eval "LIB_dbm_firstkey="
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ echo "$ac_t""yes" 1>&6
+ ;;
+ no)
+ eval "ac_cv_func_dbm_firstkey=no"
+ eval "LIB_dbm_firstkey="
+ echo "$ac_t""no" 1>&6
+ ;;
+ *)
+ eval "ac_cv_func_dbm_firstkey=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+ echo "$ac_t""yes, in $ac_res" 1>&6
+ ;;
+esac
+
+
+if test -n "$LIB_dbopen"; then
+ LIB_DBM="$LIB_dbopen"
+else
+ LIB_DBM="$LIB_dbm_firstkey"
+fi
+LIBS="$save_LIBS"
+
+
+
+
+echo $ac_n "checking for syslog""... $ac_c" 1>&6
+echo "configure:5042: checking for syslog" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_syslog'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+if eval "test \"\$ac_cv_func_syslog\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" syslog; do
+ if test -n "$ac_lib"; then
+ ac_lib="-l$ac_lib"
+ LIBS="$ac_lib $ac_save_LIBS"
+ fi
+ cat > conftest.$ac_ext <<EOF
+#line 5055 "configure"
+#include "confdefs.h"
+
+int main() {
+syslog()
+; return 0; }
+EOF
+if { (eval echo configure:5062: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_syslog=$ac_lib; else ac_cv_funclib_syslog=yes; fi";break
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+ done
+ eval "ac_cv_funclib_syslog=\${ac_cv_funclib_syslog-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_syslog"
+
+# autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs syslog"@@@
+@@@libs="$libs syslog"@@@
+END
+
+eval "ac_tr_func=HAVE_`echo syslog | tr '[a-z]' '[A-Z]'`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+eval "LIB_syslog=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_syslog=yes"
+ eval "LIB_syslog="
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ echo "$ac_t""yes" 1>&6
+ ;;
+ no)
+ eval "ac_cv_func_syslog=no"
+ eval "LIB_syslog="
+ echo "$ac_t""no" 1>&6
+ ;;
+ *)
+ eval "ac_cv_func_syslog=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+ echo "$ac_t""yes, in $ac_res" 1>&6
+ ;;
+esac
+
+
+if test -n "$LIB_syslog"; then
+ LIBS="$LIB_syslog $LIBS"
+fi
+
+
+echo $ac_n "checking for working snprintf""... $ac_c" 1>&6
+echo "configure:5127: checking for working snprintf" >&5
+if eval "test \"`echo '$''{'ac_cv_func_snprintf_working'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ ac_cv_func_snprintf_working=yes
+if test "$cross_compiling" = yes; then
+ :
+else
+ cat > conftest.$ac_ext <<EOF
+#line 5136 "configure"
+#include "confdefs.h"
+
+#include <stdio.h>
+#include <string.h>
+int main()
+{
+ char foo[3];
+ snprintf(foo, 2, "12");
+ return strcmp(foo, "1");
+}
+EOF
+if { (eval echo configure:5148: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null
+then
+ :
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -fr conftest*
+ ac_cv_func_snprintf_working=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$ac_cv_func_snprintf_working" 1>&6
+: << END
+@@@funcs="$funcs snprintf"@@@
+END
+if test "$ac_cv_func_snprintf_working" = yes; then
+ foo=HAVE_SNPRINTF
+ cat >> confdefs.h <<EOF
+#define $foo 1
+EOF
+
+fi
+
+for ac_func in asnprintf asprintf vasprintf vasnprintf vsnprintf
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:5177: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 5182 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func(); below. */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:5205: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+
+
+for ac_func in _getpty _scrsize _setsid _stricmp fchmod fcntl flock
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:5234: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 5239 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func(); below. */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:5262: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_func in forkpty frevoke gethostname getlogin getpriority getservbyname
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:5289: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 5294 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func(); below. */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:5317: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_func in getspnam getspuid gettimeofday getuid grantpt
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:5344: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 5349 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func(); below. */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:5372: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_func in innetgr iruserok mktime ptsname rand random
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:5399: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 5404 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func(); below. */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:5427: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_func in revoke setitimer setlogin setpgid setpriority
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:5454: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 5459 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func(); below. */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:5482: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_func in setproctitle setregid setresgid setresuid setreuid setsid
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:5509: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 5514 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func(); below. */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:5537: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_func in setutent swab ttyname ttyslot ulimit uname
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:5564: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 5569 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func(); below. */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:5592: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_func in unlockpt vhangup yp_get_default_domain
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:5619: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 5624 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func(); below. */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:5647: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+
+
+echo $ac_n "checking for getpwnam_r""... $ac_c" 1>&6
+echo "configure:5674: checking for getpwnam_r" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_getpwnam_r'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+if eval "test \"\$ac_cv_func_getpwnam_r\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" c_r; do
+ if test -n "$ac_lib"; then
+ ac_lib="-l$ac_lib"
+ LIBS="$ac_lib $ac_save_LIBS"
+ fi
+ cat > conftest.$ac_ext <<EOF
+#line 5687 "configure"
+#include "confdefs.h"
+
+int main() {
+getpwnam_r()
+; return 0; }
+EOF
+if { (eval echo configure:5694: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_getpwnam_r=$ac_lib; else ac_cv_funclib_getpwnam_r=yes; fi";break
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+ done
+ eval "ac_cv_funclib_getpwnam_r=\${ac_cv_funclib_getpwnam_r-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_getpwnam_r"
+
+# autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs getpwnam_r"@@@
+@@@libs="$libs c_r"@@@
+END
+
+eval "ac_tr_func=HAVE_`echo getpwnam_r | tr '[a-z]' '[A-Z]'`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+eval "LIB_getpwnam_r=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_getpwnam_r=yes"
+ eval "LIB_getpwnam_r="
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ echo "$ac_t""yes" 1>&6
+ ;;
+ no)
+ eval "ac_cv_func_getpwnam_r=no"
+ eval "LIB_getpwnam_r="
+ echo "$ac_t""no" 1>&6
+ ;;
+ *)
+ eval "ac_cv_func_getpwnam_r=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+ echo "$ac_t""yes, in $ac_res" 1>&6
+ ;;
+esac
+
+
+if test "$ac_cv_func_getpwnam_r" = yes; then
+ echo $ac_n "checking if getpwnam_r is posix""... $ac_c" 1>&6
+echo "configure:5755: checking if getpwnam_r is posix" >&5
+if eval "test \"`echo '$''{'ac_cv_func_getpwnam_r_posix'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ ac_libs="$LIBS"
+ LIBS="$LIBS $LIB_getpwnam_r"
+ if test "$cross_compiling" = yes; then
+ :
+else
+ cat > conftest.$ac_ext <<EOF
+#line 5765 "configure"
+#include "confdefs.h"
+
+#include <pwd.h>
+int main()
+{
+ struct passwd pw, *pwd;
+ return getpwnam_r("", &pw, NULL, 0, &pwd) < 0;
+}
+
+EOF
+if { (eval echo configure:5776: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null
+then
+ ac_cv_func_getpwnam_r_posix=yes
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -fr conftest*
+ ac_cv_func_getpwnam_r_posix=no
+fi
+rm -fr conftest*
+fi
+
+LIBS="$ac_libs"
+fi
+
+echo "$ac_t""$ac_cv_func_getpwnam_r_posix" 1>&6
+if test "$ac_cv_func_getpwnam_r_posix" = yes; then
+ cat >> confdefs.h <<\EOF
+#define POSIX_GETPWNAM_R 1
+EOF
+
+fi
+fi
+
+
+
+echo $ac_n "checking for getsockopt""... $ac_c" 1>&6
+echo "configure:5803: checking for getsockopt" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_getsockopt'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+if eval "test \"\$ac_cv_func_getsockopt\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" ; do
+ if test -n "$ac_lib"; then
+ ac_lib="-l$ac_lib"
+ LIBS="$ac_lib $ac_save_LIBS"
+ fi
+ cat > conftest.$ac_ext <<EOF
+#line 5816 "configure"
+#include "confdefs.h"
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+int main() {
+getsockopt(0,0,0,0,0)
+; return 0; }
+EOF
+if { (eval echo configure:5828: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_getsockopt=$ac_lib; else ac_cv_funclib_getsockopt=yes; fi";break
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+ done
+ eval "ac_cv_funclib_getsockopt=\${ac_cv_funclib_getsockopt-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_getsockopt"
+
+# autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs getsockopt"@@@
+@@@libs="$libs "@@@
+END
+
+eval "ac_tr_func=HAVE_`echo getsockopt | tr '[a-z]' '[A-Z]'`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+eval "LIB_getsockopt=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_getsockopt=yes"
+ eval "LIB_getsockopt="
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ echo "$ac_t""yes" 1>&6
+ ;;
+ no)
+ eval "ac_cv_func_getsockopt=no"
+ eval "LIB_getsockopt="
+ echo "$ac_t""no" 1>&6
+ ;;
+ *)
+ eval "ac_cv_func_getsockopt=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+ echo "$ac_t""yes, in $ac_res" 1>&6
+ ;;
+esac
+
+
+
+
+echo $ac_n "checking for setsockopt""... $ac_c" 1>&6
+echo "configure:5890: checking for setsockopt" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_setsockopt'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+if eval "test \"\$ac_cv_func_setsockopt\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" ; do
+ if test -n "$ac_lib"; then
+ ac_lib="-l$ac_lib"
+ LIBS="$ac_lib $ac_save_LIBS"
+ fi
+ cat > conftest.$ac_ext <<EOF
+#line 5903 "configure"
+#include "confdefs.h"
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+int main() {
+setsockopt(0,0,0,0,0)
+; return 0; }
+EOF
+if { (eval echo configure:5915: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_setsockopt=$ac_lib; else ac_cv_funclib_setsockopt=yes; fi";break
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+ done
+ eval "ac_cv_funclib_setsockopt=\${ac_cv_funclib_setsockopt-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_setsockopt"
+
+# autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs setsockopt"@@@
+@@@libs="$libs "@@@
+END
+
+eval "ac_tr_func=HAVE_`echo setsockopt | tr '[a-z]' '[A-Z]'`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+eval "LIB_setsockopt=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_setsockopt=yes"
+ eval "LIB_setsockopt="
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ echo "$ac_t""yes" 1>&6
+ ;;
+ no)
+ eval "ac_cv_func_setsockopt=no"
+ eval "LIB_setsockopt="
+ echo "$ac_t""no" 1>&6
+ ;;
+ *)
+ eval "ac_cv_func_setsockopt=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+ echo "$ac_t""yes, in $ac_res" 1>&6
+ ;;
+esac
+
+
+
+for ac_func in getudbnam setlim
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:5978: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 5983 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func(); below. */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:6006: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+
+
+
+
+echo $ac_n "checking for res_search""... $ac_c" 1>&6
+echo "configure:6035: checking for res_search" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_res_search'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+if eval "test \"\$ac_cv_func_res_search\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" resolv; do
+ if test -n "$ac_lib"; then
+ ac_lib="-l$ac_lib"
+ LIBS="$ac_lib $ac_save_LIBS"
+ fi
+ cat > conftest.$ac_ext <<EOF
+#line 6048 "configure"
+#include "confdefs.h"
+
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+#include <resolv.h>
+#endif
+
+int main() {
+res_search(0,0,0,0,0)
+; return 0; }
+EOF
+if { (eval echo configure:6069: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_res_search=$ac_lib; else ac_cv_funclib_res_search=yes; fi";break
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+ done
+ eval "ac_cv_funclib_res_search=\${ac_cv_funclib_res_search-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_res_search"
+
+# autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs res_search"@@@
+@@@libs="$libs resolv"@@@
+END
+
+eval "ac_tr_func=HAVE_`echo res_search | tr '[a-z]' '[A-Z]'`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+eval "LIB_res_search=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_res_search=yes"
+ eval "LIB_res_search="
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ echo "$ac_t""yes" 1>&6
+ ;;
+ no)
+ eval "ac_cv_func_res_search=no"
+ eval "LIB_res_search="
+ echo "$ac_t""no" 1>&6
+ ;;
+ *)
+ eval "ac_cv_func_res_search=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+ echo "$ac_t""yes, in $ac_res" 1>&6
+ ;;
+esac
+
+
+if test -n "$LIB_res_search"; then
+ LIBS="$LIB_res_search $LIBS"
+fi
+
+
+
+
+
+echo $ac_n "checking for dn_expand""... $ac_c" 1>&6
+echo "configure:6137: checking for dn_expand" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_dn_expand'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+if eval "test \"\$ac_cv_func_dn_expand\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" resolv; do
+ if test -n "$ac_lib"; then
+ ac_lib="-l$ac_lib"
+ LIBS="$ac_lib $ac_save_LIBS"
+ fi
+ cat > conftest.$ac_ext <<EOF
+#line 6150 "configure"
+#include "confdefs.h"
+
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+#include <resolv.h>
+#endif
+
+int main() {
+dn_expand(0,0,0,0,0)
+; return 0; }
+EOF
+if { (eval echo configure:6171: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_dn_expand=$ac_lib; else ac_cv_funclib_dn_expand=yes; fi";break
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+ done
+ eval "ac_cv_funclib_dn_expand=\${ac_cv_funclib_dn_expand-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_dn_expand"
+
+# autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs dn_expand"@@@
+@@@libs="$libs resolv"@@@
+END
+
+eval "ac_tr_func=HAVE_`echo dn_expand | tr '[a-z]' '[A-Z]'`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+eval "LIB_dn_expand=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_dn_expand=yes"
+ eval "LIB_dn_expand="
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ echo "$ac_t""yes" 1>&6
+ ;;
+ no)
+ eval "ac_cv_func_dn_expand=no"
+ eval "LIB_dn_expand="
+ echo "$ac_t""no" 1>&6
+ ;;
+ *)
+ eval "ac_cv_func_dn_expand=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+ echo "$ac_t""yes, in $ac_res" 1>&6
+ ;;
+esac
+
+
+if test -n "$LIB_dn_expand"; then
+ LIBS="$LIB_dn_expand $LIBS"
+fi
+
+
+
+for ac_hdr in unistd.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:6240: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 6245 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:6250: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out`
+if test -z "$ac_err"; then
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=yes"
+else
+ echo "$ac_err" >&5
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_func in getpagesize
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:6279: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 6284 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func(); below. */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:6307: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
+echo $ac_n "checking for working mmap""... $ac_c" 1>&6
+echo "configure:6332: checking for working mmap" >&5
+if eval "test \"`echo '$''{'ac_cv_func_mmap_fixed_mapped'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ if test "$cross_compiling" = yes; then
+ ac_cv_func_mmap_fixed_mapped=no
+else
+ cat > conftest.$ac_ext <<EOF
+#line 6340 "configure"
+#include "confdefs.h"
+
+/* Thanks to Mike Haertel and Jim Avera for this test.
+ Here is a matrix of mmap possibilities:
+ mmap private not fixed
+ mmap private fixed at somewhere currently unmapped
+ mmap private fixed at somewhere already mapped
+ mmap shared not fixed
+ mmap shared fixed at somewhere currently unmapped
+ mmap shared fixed at somewhere already mapped
+ For private mappings, we should verify that changes cannot be read()
+ back from the file, nor mmap's back from the file at a different
+ address. (There have been systems where private was not correctly
+ implemented like the infamous i386 svr4.0, and systems where the
+ VM page cache was not coherent with the filesystem buffer cache
+ like early versions of FreeBSD and possibly contemporary NetBSD.)
+ For shared mappings, we should conversely verify that changes get
+ propogated back to all the places they're supposed to be.
+
+ Grep wants private fixed already mapped.
+ The main things grep needs to know about mmap are:
+ * does it exist and is it safe to write into the mmap'd area
+ * how to use it (BSD variants) */
+#include <sys/types.h>
+#include <fcntl.h>
+#include <sys/mman.h>
+
+/* This mess was copied from the GNU getpagesize.h. */
+#ifndef HAVE_GETPAGESIZE
+# ifdef HAVE_UNISTD_H
+# include <unistd.h>
+# endif
+
+/* Assume that all systems that can run configure have sys/param.h. */
+# ifndef HAVE_SYS_PARAM_H
+# define HAVE_SYS_PARAM_H 1
+# endif
+
+# ifdef _SC_PAGESIZE
+# define getpagesize() sysconf(_SC_PAGESIZE)
+# else /* no _SC_PAGESIZE */
+# ifdef HAVE_SYS_PARAM_H
+# include <sys/param.h>
+# ifdef EXEC_PAGESIZE
+# define getpagesize() EXEC_PAGESIZE
+# else /* no EXEC_PAGESIZE */
+# ifdef NBPG
+# define getpagesize() NBPG * CLSIZE
+# ifndef CLSIZE
+# define CLSIZE 1
+# endif /* no CLSIZE */
+# else /* no NBPG */
+# ifdef NBPC
+# define getpagesize() NBPC
+# else /* no NBPC */
+# ifdef PAGESIZE
+# define getpagesize() PAGESIZE
+# endif /* PAGESIZE */
+# endif /* no NBPC */
+# endif /* no NBPG */
+# endif /* no EXEC_PAGESIZE */
+# else /* no HAVE_SYS_PARAM_H */
+# define getpagesize() 8192 /* punt totally */
+# endif /* no HAVE_SYS_PARAM_H */
+# endif /* no _SC_PAGESIZE */
+
+#endif /* no HAVE_GETPAGESIZE */
+
+#ifdef __cplusplus
+extern "C" { void *malloc(unsigned); }
+#else
+char *malloc();
+#endif
+
+int
+main()
+{
+ char *data, *data2, *data3;
+ int i, pagesize;
+ int fd;
+
+ pagesize = getpagesize();
+
+ /*
+ * First, make a file with some known garbage in it.
+ */
+ data = malloc(pagesize);
+ if (!data)
+ exit(1);
+ for (i = 0; i < pagesize; ++i)
+ *(data + i) = rand();
+ umask(0);
+ fd = creat("conftestmmap", 0600);
+ if (fd < 0)
+ exit(1);
+ if (write(fd, data, pagesize) != pagesize)
+ exit(1);
+ close(fd);
+
+ /*
+ * Next, try to mmap the file at a fixed address which
+ * already has something else allocated at it. If we can,
+ * also make sure that we see the same garbage.
+ */
+ fd = open("conftestmmap", O_RDWR);
+ if (fd < 0)
+ exit(1);
+ data2 = malloc(2 * pagesize);
+ if (!data2)
+ exit(1);
+ data2 += (pagesize - ((int) data2 & (pagesize - 1))) & (pagesize - 1);
+ if (data2 != mmap(data2, pagesize, PROT_READ | PROT_WRITE,
+ MAP_PRIVATE | MAP_FIXED, fd, 0L))
+ exit(1);
+ for (i = 0; i < pagesize; ++i)
+ if (*(data + i) != *(data2 + i))
+ exit(1);
+
+ /*
+ * Finally, make sure that changes to the mapped area
+ * do not percolate back to the file as seen by read().
+ * (This is a bug on some variants of i386 svr4.0.)
+ */
+ for (i = 0; i < pagesize; ++i)
+ *(data2 + i) = *(data2 + i) + 1;
+ data3 = malloc(pagesize);
+ if (!data3)
+ exit(1);
+ if (read(fd, data3, pagesize) != pagesize)
+ exit(1);
+ for (i = 0; i < pagesize; ++i)
+ if (*(data + i) != *(data3 + i))
+ exit(1);
+ close(fd);
+ unlink("conftestmmap");
+ exit(0);
+}
+
+EOF
+if { (eval echo configure:6480: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null
+then
+ ac_cv_func_mmap_fixed_mapped=yes
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -fr conftest*
+ ac_cv_func_mmap_fixed_mapped=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$ac_cv_func_mmap_fixed_mapped" 1>&6
+if test $ac_cv_func_mmap_fixed_mapped = yes; then
+ cat >> confdefs.h <<\EOF
+#define HAVE_MMAP 1
+EOF
+
+fi
+
+# The Ultrix 4.2 mips builtin alloca declared by alloca.h only works
+# for constant arguments. Useless!
+echo $ac_n "checking for working alloca.h""... $ac_c" 1>&6
+echo "configure:6505: checking for working alloca.h" >&5
+if eval "test \"`echo '$''{'ac_cv_header_alloca_h'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 6510 "configure"
+#include "confdefs.h"
+#include <alloca.h>
+int main() {
+char *p = alloca(2 * sizeof(int));
+; return 0; }
+EOF
+if { (eval echo configure:6517: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ ac_cv_header_alloca_h=yes
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ ac_cv_header_alloca_h=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_header_alloca_h" 1>&6
+if test $ac_cv_header_alloca_h = yes; then
+ cat >> confdefs.h <<\EOF
+#define HAVE_ALLOCA_H 1
+EOF
+
+fi
+
+echo $ac_n "checking for alloca""... $ac_c" 1>&6
+echo "configure:6538: checking for alloca" >&5
+if eval "test \"`echo '$''{'ac_cv_func_alloca_works'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 6543 "configure"
+#include "confdefs.h"
+
+#ifdef __GNUC__
+# define alloca __builtin_alloca
+#else
+# if HAVE_ALLOCA_H
+# include <alloca.h>
+# else
+# ifdef _AIX
+ #pragma alloca
+# else
+# ifndef alloca /* predefined by HP cc +Olibcalls */
+char *alloca ();
+# endif
+# endif
+# endif
+#endif
+
+int main() {
+char *p = (char *) alloca(1);
+; return 0; }
+EOF
+if { (eval echo configure:6566: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ ac_cv_func_alloca_works=yes
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ ac_cv_func_alloca_works=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_alloca_works" 1>&6
+if test $ac_cv_func_alloca_works = yes; then
+ cat >> confdefs.h <<\EOF
+#define HAVE_ALLOCA 1
+EOF
+
+fi
+
+if test $ac_cv_func_alloca_works = no; then
+ # The SVR3 libPW and SVR4 libucb both contain incompatible functions
+ # that cause trouble. Some versions do not even contain alloca or
+ # contain a buggy version. If you still want to use their alloca,
+ # use ar to extract alloca.o from them instead of compiling alloca.c.
+ ALLOCA=alloca.o
+ cat >> confdefs.h <<\EOF
+#define C_ALLOCA 1
+EOF
+
+
+echo $ac_n "checking whether alloca needs Cray hooks""... $ac_c" 1>&6
+echo "configure:6598: checking whether alloca needs Cray hooks" >&5
+if eval "test \"`echo '$''{'ac_cv_os_cray'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 6603 "configure"
+#include "confdefs.h"
+#if defined(CRAY) && ! defined(CRAY2)
+webecray
+#else
+wenotbecray
+#endif
+
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ egrep "webecray" >/dev/null 2>&1; then
+ rm -rf conftest*
+ ac_cv_os_cray=yes
+else
+ rm -rf conftest*
+ ac_cv_os_cray=no
+fi
+rm -f conftest*
+
+fi
+
+echo "$ac_t""$ac_cv_os_cray" 1>&6
+if test $ac_cv_os_cray = yes; then
+for ac_func in _getb67 GETB67 getb67; do
+ echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:6628: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 6633 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func(); below. */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:6656: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ cat >> confdefs.h <<EOF
+#define CRAY_STACKSEG_END $ac_func
+EOF
+
+ break
+else
+ echo "$ac_t""no" 1>&6
+fi
+
+done
+fi
+
+echo $ac_n "checking stack direction for C alloca""... $ac_c" 1>&6
+echo "configure:6683: checking stack direction for C alloca" >&5
+if eval "test \"`echo '$''{'ac_cv_c_stack_direction'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ if test "$cross_compiling" = yes; then
+ ac_cv_c_stack_direction=0
+else
+ cat > conftest.$ac_ext <<EOF
+#line 6691 "configure"
+#include "confdefs.h"
+find_stack_direction ()
+{
+ static char *addr = 0;
+ auto char dummy;
+ if (addr == 0)
+ {
+ addr = &dummy;
+ return find_stack_direction ();
+ }
+ else
+ return (&dummy > addr) ? 1 : -1;
+}
+main ()
+{
+ exit (find_stack_direction() < 0);
+}
+EOF
+if { (eval echo configure:6710: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null
+then
+ ac_cv_c_stack_direction=1
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -fr conftest*
+ ac_cv_c_stack_direction=-1
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$ac_cv_c_stack_direction" 1>&6
+cat >> confdefs.h <<EOF
+#define STACK_DIRECTION $ac_cv_c_stack_direction
+EOF
+
+fi
+
+
+#
+# Test for POSIX (broken) getlogin
+#
+
+if test "$ac_cv_func_getlogin" = yes; then
+echo $ac_n "checking if getlogin is posix""... $ac_c" 1>&6
+echo "configure:6738: checking if getlogin is posix" >&5
+if eval "test \"`echo '$''{'ac_cv_func_getlogin_posix'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+if test "$ac_cv_func_getlogin" = yes -a "$ac_cv_func_setlogin" = yes; then
+ ac_cv_func_getlogin_posix=no
+else
+ ac_cv_func_getlogin_posix=yes
+fi
+
+fi
+
+echo "$ac_t""$ac_cv_func_getlogin_posix" 1>&6
+if test "$ac_cv_func_getlogin_posix" = yes; then
+ cat >> confdefs.h <<\EOF
+#define POSIX_GETLOGIN 1
+EOF
+
+fi
+fi
+
+
+
+
+echo $ac_n "checking for hstrerror""... $ac_c" 1>&6
+echo "configure:6764: checking for hstrerror" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_hstrerror'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+if eval "test \"\$ac_cv_func_hstrerror\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" resolv; do
+ if test -n "$ac_lib"; then
+ ac_lib="-l$ac_lib"
+ LIBS="$ac_lib $ac_save_LIBS"
+ fi
+ cat > conftest.$ac_ext <<EOF
+#line 6777 "configure"
+#include "confdefs.h"
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+int main() {
+hstrerror(17)
+; return 0; }
+EOF
+if { (eval echo configure:6786: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_hstrerror=$ac_lib; else ac_cv_funclib_hstrerror=yes; fi";break
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+ done
+ eval "ac_cv_funclib_hstrerror=\${ac_cv_funclib_hstrerror-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_hstrerror"
+
+# autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs hstrerror"@@@
+@@@libs="$libs resolv"@@@
+END
+
+eval "ac_tr_func=HAVE_`echo hstrerror | tr '[a-z]' '[A-Z]'`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+eval "LIB_hstrerror=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_hstrerror=yes"
+ eval "LIB_hstrerror="
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ echo "$ac_t""yes" 1>&6
+ ;;
+ no)
+ eval "ac_cv_func_hstrerror=no"
+ eval "LIB_hstrerror="
+ echo "$ac_t""no" 1>&6
+ ;;
+ *)
+ eval "ac_cv_func_hstrerror=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+ echo "$ac_t""yes, in $ac_res" 1>&6
+ ;;
+esac
+
+
+if test -n "$LIB_hstrerror"; then
+ LIBS="$LIB_hstrerror $LIBS"
+fi
+
+if eval "test \"$ac_cv_func_hstrerror\" != yes"; then
+LIBOBJS="$LIBOBJS hstrerror.o"
+fi
+
+
+for ac_func in chown daemon err errx fchown getcwd getdtablesize getopt
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:6857: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 6862 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func(); below. */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:6885: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+
+ac_tr_func=HAVE_`echo $ac_func | tr '[a-z]' '[A-Z]'`
+cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+LIBOBJS="$LIBOBJS ${ac_func}.o"
+fi
+
+# autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs chown daemon err errx fchown getcwd getdtablesize getopt"@@@
+END
+done
+
+for ac_func in getusershell inet_aton initgroups lstat memmove mkstemp
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:6919: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 6924 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func(); below. */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:6947: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+
+ac_tr_func=HAVE_`echo $ac_func | tr '[a-z]' '[A-Z]'`
+cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+LIBOBJS="$LIBOBJS ${ac_func}.o"
+fi
+
+# autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs getusershell inet_aton initgroups lstat memmove mkstemp"@@@
+END
+done
+
+for ac_func in putenv rcmd setegid setenv seteuid strcasecmp strdup
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:6981: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 6986 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func(); below. */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:7009: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+
+ac_tr_func=HAVE_`echo $ac_func | tr '[a-z]' '[A-Z]'`
+cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+LIBOBJS="$LIBOBJS ${ac_func}.o"
+fi
+
+# autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs putenv rcmd setegid setenv seteuid strcasecmp strdup"@@@
+END
+done
+
+for ac_func in strerror strftime strlwr strnlen strtok_r strupr unsetenv
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:7043: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 7048 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func(); below. */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:7071: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+
+ac_tr_func=HAVE_`echo $ac_func | tr '[a-z]' '[A-Z]'`
+cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+LIBOBJS="$LIBOBJS ${ac_func}.o"
+fi
+
+# autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs strerror strftime strlwr strnlen strtok_r strupr unsetenv"@@@
+END
+done
+
+for ac_func in verr verrx vwarn vwarnx warn warnx
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:7105: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 7110 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func(); below. */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:7133: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+
+ac_tr_func=HAVE_`echo $ac_func | tr '[a-z]' '[A-Z]'`
+cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+LIBOBJS="$LIBOBJS ${ac_func}.o"
+fi
+
+# autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs verr verrx vwarn vwarnx warn warnx"@@@
+END
+done
+
+
+
+if test "$ac_cv_func_getcwd" = yes; then
+echo $ac_n "checking if getcwd is broken""... $ac_c" 1>&6
+echo "configure:7168: checking if getcwd is broken" >&5
+if eval "test \"`echo '$''{'ac_cv_func_getcwd_broken'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+ac_cv_func_getcwd_broken=no
+
+if test "$cross_compiling" = yes; then
+ :
+else
+ cat > conftest.$ac_ext <<EOF
+#line 7179 "configure"
+#include "confdefs.h"
+
+#include <errno.h>
+char *getcwd(char*, int);
+
+void *popen(char *cmd, char *mode)
+{
+ errno = ENOTTY;
+ return 0;
+}
+
+int main()
+{
+ char *ret;
+ ret = getcwd(0, 1024);
+ if(ret == 0 && errno == ENOTTY)
+ return 0;
+ return 1;
+}
+
+EOF
+if { (eval echo configure:7201: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null
+then
+ ac_cv_func_getcwd_broken=yes
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -fr conftest*
+ :
+fi
+rm -fr conftest*
+fi
+
+
+fi
+
+if test "$ac_cv_func_getcwd_broken" = yes; then
+ cat >> confdefs.h <<\EOF
+#define BROKEN_GETCWD 1
+EOF
+ LIBOBJS="$LIBOBJS getcwd.o"
+ echo "$ac_t""$ac_cv_func_getcwd_broken" 1>&6
+else
+ echo "$ac_t""seems ok" 1>&6
+fi
+fi
+
+
+
+echo $ac_n "checking which authentication modules should be built""... $ac_c" 1>&6
+echo "configure:7230: checking which authentication modules should be built" >&5
+
+LIB_AUTH_SUBDIRS=
+
+if test "$ac_cv_header_siad_h" = yes; then
+ LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS sia"
+fi
+
+if test "$ac_cv_header_security_pam_modules_h" = yes; then
+ LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS pam"
+fi
+
+case "${host}" in
+*-*-irix[56]*) LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS afskauthlib" ;;
+esac
+
+echo "$ac_t""$LIB_AUTH_SUBDIRS" 1>&6
+
+
+
+echo $ac_n "checking for tunnel devices""... $ac_c" 1>&6
+echo "configure:7251: checking for tunnel devices" >&5
+
+APPL_KIP_DIR=
+
+if test "$ac_cv_header_net_if_tun_h" = "yes"; then
+ APPL_KIP_DIR=kip
+fi
+
+echo "$ac_t""$ac_cv_header_net_if_tun_h" 1>&6
+
+
+
+
+echo $ac_n "checking if crypt needs a prototype""... $ac_c" 1>&6
+echo "configure:7265: checking if crypt needs a prototype" >&5
+if eval "test \"`echo '$''{'ac_cv_func_crypt_noproto'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 7270 "configure"
+#include "confdefs.h"
+
+#ifdef HAVE_CRYPT_H
+#include <crypt.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+int main() {
+struct foo { int foo; } xx;
+extern int crypt (struct foo*);
+crypt(&xx);
+
+; return 0; }
+EOF
+if { (eval echo configure:7287: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+ eval "ac_cv_func_crypt_noproto=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_func_crypt_noproto=no"
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_crypt_noproto" 1>&6
+
+if test "$ac_cv_func_crypt_noproto" = yes; then
+ cat >> confdefs.h <<\EOF
+#define NEED_CRYPT_PROTO 1
+EOF
+
+fi
+: << END
+@@@syms="$syms NEED_CRYPT_PROTO"@@@
+END
+
+
+
+
+echo $ac_n "checking if strtok_r needs a prototype""... $ac_c" 1>&6
+echo "configure:7315: checking if strtok_r needs a prototype" >&5
+if eval "test \"`echo '$''{'ac_cv_func_strtok_r_noproto'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 7320 "configure"
+#include "confdefs.h"
+
+#include <string.h>
+
+int main() {
+struct foo { int foo; } xx;
+extern int strtok_r (struct foo*);
+strtok_r(&xx);
+
+; return 0; }
+EOF
+if { (eval echo configure:7332: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+ eval "ac_cv_func_strtok_r_noproto=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_func_strtok_r_noproto=no"
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_strtok_r_noproto" 1>&6
+
+if test "$ac_cv_func_strtok_r_noproto" = yes; then
+ cat >> confdefs.h <<\EOF
+#define NEED_STRTOK_R_PROTO 1
+EOF
+
+fi
+: << END
+@@@syms="$syms NEED_STRTOK_R_PROTO"@@@
+END
+
+
+
+
+echo $ac_n "checking for h_errno""... $ac_c" 1>&6
+echo "configure:7360: checking for h_errno" >&5
+if eval "test \"`echo '$''{'ac_cv_var_h_errno'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+cat > conftest.$ac_ext <<EOF
+#line 7366 "configure"
+#include "confdefs.h"
+extern int h_errno;
+int foo() { return h_errno; }
+int main() {
+foo()
+; return 0; }
+EOF
+if { (eval echo configure:7374: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ ac_cv_var_h_errno=yes
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ ac_cv_var_h_errno=no
+fi
+rm -f conftest*
+
+fi
+
+eval "ac_tr_var=HAVE_H_ERRNO"
+
+
+: << END
+@@@syms="$syms HAVE_H_ERRNO"@@@
+END
+
+
+echo "$ac_t""`eval echo \\$ac_cv_var_h_errno`" 1>&6
+if test `eval echo \\$ac_cv_var_h_errno` = yes; then
+ cat >> confdefs.h <<EOF
+#define $ac_tr_var 1
+EOF
+
+
+echo $ac_n "checking if h_errno is properly declared""... $ac_c" 1>&6
+echo "configure:7403: checking if h_errno is properly declared" >&5
+if eval "test \"`echo '$''{'ac_cv_var_h_errno_declaration'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+cat > conftest.$ac_ext <<EOF
+#line 7409 "configure"
+#include "confdefs.h"
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+extern struct { int foo; } h_errno;
+int main() {
+h_errno.foo = 1;
+; return 0; }
+EOF
+if { (eval echo configure:7422: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+ eval "ac_cv_var_h_errno_declaration=no"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_var_h_errno_declaration=yes"
+fi
+rm -f conftest*
+
+fi
+
+
+ac_tr_var=HAVE_H_ERRNO_DECLARATION
+
+
+: << END
+@@@syms="$syms HAVE_H_ERRNO_DECLARATION"@@@
+END
+
+
+echo "$ac_t""$ac_cv_var_h_errno_declaration" 1>&6
+if eval "test \"\$ac_cv_var_h_errno_declaration\" = yes"; then
+ cat >> confdefs.h <<EOF
+#define $ac_tr_var 1
+EOF
+
+fi
+
+fi
+
+
+
+echo $ac_n "checking for h_errlist""... $ac_c" 1>&6
+echo "configure:7457: checking for h_errlist" >&5
+if eval "test \"`echo '$''{'ac_cv_var_h_errlist'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+cat > conftest.$ac_ext <<EOF
+#line 7463 "configure"
+#include "confdefs.h"
+extern int h_errlist;
+int foo() { return h_errlist; }
+int main() {
+foo()
+; return 0; }
+EOF
+if { (eval echo configure:7471: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ ac_cv_var_h_errlist=yes
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ ac_cv_var_h_errlist=no
+fi
+rm -f conftest*
+
+fi
+
+eval "ac_tr_var=HAVE_H_ERRLIST"
+
+
+: << END
+@@@syms="$syms HAVE_H_ERRLIST"@@@
+END
+
+
+echo "$ac_t""`eval echo \\$ac_cv_var_h_errlist`" 1>&6
+if test `eval echo \\$ac_cv_var_h_errlist` = yes; then
+ cat >> confdefs.h <<EOF
+#define $ac_tr_var 1
+EOF
+
+
+echo $ac_n "checking if h_errlist is properly declared""... $ac_c" 1>&6
+echo "configure:7500: checking if h_errlist is properly declared" >&5
+if eval "test \"`echo '$''{'ac_cv_var_h_errlist_declaration'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+cat > conftest.$ac_ext <<EOF
+#line 7506 "configure"
+#include "confdefs.h"
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+extern struct { int foo; } h_errlist;
+int main() {
+h_errlist.foo = 1;
+; return 0; }
+EOF
+if { (eval echo configure:7516: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+ eval "ac_cv_var_h_errlist_declaration=no"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_var_h_errlist_declaration=yes"
+fi
+rm -f conftest*
+
+fi
+
+
+ac_tr_var=HAVE_H_ERRLIST_DECLARATION
+
+
+: << END
+@@@syms="$syms HAVE_H_ERRLIST_DECLARATION"@@@
+END
+
+
+echo "$ac_t""$ac_cv_var_h_errlist_declaration" 1>&6
+if eval "test \"\$ac_cv_var_h_errlist_declaration\" = yes"; then
+ cat >> confdefs.h <<EOF
+#define $ac_tr_var 1
+EOF
+
+fi
+
+fi
+
+
+
+echo $ac_n "checking for h_nerr""... $ac_c" 1>&6
+echo "configure:7551: checking for h_nerr" >&5
+if eval "test \"`echo '$''{'ac_cv_var_h_nerr'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+cat > conftest.$ac_ext <<EOF
+#line 7557 "configure"
+#include "confdefs.h"
+extern int h_nerr;
+int foo() { return h_nerr; }
+int main() {
+foo()
+; return 0; }
+EOF
+if { (eval echo configure:7565: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ ac_cv_var_h_nerr=yes
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ ac_cv_var_h_nerr=no
+fi
+rm -f conftest*
+
+fi
+
+eval "ac_tr_var=HAVE_H_NERR"
+
+
+: << END
+@@@syms="$syms HAVE_H_NERR"@@@
+END
+
+
+echo "$ac_t""`eval echo \\$ac_cv_var_h_nerr`" 1>&6
+if test `eval echo \\$ac_cv_var_h_nerr` = yes; then
+ cat >> confdefs.h <<EOF
+#define $ac_tr_var 1
+EOF
+
+
+echo $ac_n "checking if h_nerr is properly declared""... $ac_c" 1>&6
+echo "configure:7594: checking if h_nerr is properly declared" >&5
+if eval "test \"`echo '$''{'ac_cv_var_h_nerr_declaration'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+cat > conftest.$ac_ext <<EOF
+#line 7600 "configure"
+#include "confdefs.h"
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+extern struct { int foo; } h_nerr;
+int main() {
+h_nerr.foo = 1;
+; return 0; }
+EOF
+if { (eval echo configure:7610: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+ eval "ac_cv_var_h_nerr_declaration=no"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_var_h_nerr_declaration=yes"
+fi
+rm -f conftest*
+
+fi
+
+
+ac_tr_var=HAVE_H_NERR_DECLARATION
+
+
+: << END
+@@@syms="$syms HAVE_H_NERR_DECLARATION"@@@
+END
+
+
+echo "$ac_t""$ac_cv_var_h_nerr_declaration" 1>&6
+if eval "test \"\$ac_cv_var_h_nerr_declaration\" = yes"; then
+ cat >> confdefs.h <<EOF
+#define $ac_tr_var 1
+EOF
+
+fi
+
+fi
+
+
+
+echo $ac_n "checking for __progname""... $ac_c" 1>&6
+echo "configure:7645: checking for __progname" >&5
+if eval "test \"`echo '$''{'ac_cv_var___progname'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+cat > conftest.$ac_ext <<EOF
+#line 7651 "configure"
+#include "confdefs.h"
+extern int __progname;
+int foo() { return __progname; }
+int main() {
+foo()
+; return 0; }
+EOF
+if { (eval echo configure:7659: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ ac_cv_var___progname=yes
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ ac_cv_var___progname=no
+fi
+rm -f conftest*
+
+fi
+
+eval "ac_tr_var=HAVE___PROGNAME"
+
+
+: << END
+@@@syms="$syms HAVE___PROGNAME"@@@
+END
+
+
+echo "$ac_t""`eval echo \\$ac_cv_var___progname`" 1>&6
+if test `eval echo \\$ac_cv_var___progname` = yes; then
+ cat >> confdefs.h <<EOF
+#define $ac_tr_var 1
+EOF
+
+
+echo $ac_n "checking if __progname is properly declared""... $ac_c" 1>&6
+echo "configure:7688: checking if __progname is properly declared" >&5
+if eval "test \"`echo '$''{'ac_cv_var___progname_declaration'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+cat > conftest.$ac_ext <<EOF
+#line 7694 "configure"
+#include "confdefs.h"
+#ifdef HAVE_ERR_H
+#include <err.h>
+#endif
+extern struct { int foo; } __progname;
+int main() {
+__progname.foo = 1;
+; return 0; }
+EOF
+if { (eval echo configure:7704: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+ eval "ac_cv_var___progname_declaration=no"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_var___progname_declaration=yes"
+fi
+rm -f conftest*
+
+fi
+
+
+ac_tr_var=HAVE___PROGNAME_DECLARATION
+
+
+: << END
+@@@syms="$syms HAVE___PROGNAME_DECLARATION"@@@
+END
+
+
+echo "$ac_t""$ac_cv_var___progname_declaration" 1>&6
+if eval "test \"\$ac_cv_var___progname_declaration\" = yes"; then
+ cat >> confdefs.h <<EOF
+#define $ac_tr_var 1
+EOF
+
+fi
+
+fi
+
+
+
+echo $ac_n "checking if optarg is properly declared""... $ac_c" 1>&6
+echo "configure:7739: checking if optarg is properly declared" >&5
+if eval "test \"`echo '$''{'ac_cv_var_optarg_declaration'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+cat > conftest.$ac_ext <<EOF
+#line 7745 "configure"
+#include "confdefs.h"
+#include <stdlib.h>
+extern struct { int foo; } optarg;
+int main() {
+optarg.foo = 1;
+; return 0; }
+EOF
+if { (eval echo configure:7753: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+ eval "ac_cv_var_optarg_declaration=no"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_var_optarg_declaration=yes"
+fi
+rm -f conftest*
+
+fi
+
+
+ac_tr_var=HAVE_OPTARG_DECLARATION
+
+
+: << END
+@@@syms="$syms HAVE_OPTARG_DECLARATION"@@@
+END
+
+
+echo "$ac_t""$ac_cv_var_optarg_declaration" 1>&6
+if eval "test \"\$ac_cv_var_optarg_declaration\" = yes"; then
+ cat >> confdefs.h <<EOF
+#define $ac_tr_var 1
+EOF
+
+fi
+
+
+echo $ac_n "checking if optind is properly declared""... $ac_c" 1>&6
+echo "configure:7785: checking if optind is properly declared" >&5
+if eval "test \"`echo '$''{'ac_cv_var_optind_declaration'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+cat > conftest.$ac_ext <<EOF
+#line 7791 "configure"
+#include "confdefs.h"
+#include <stdlib.h>
+extern struct { int foo; } optind;
+int main() {
+optind.foo = 1;
+; return 0; }
+EOF
+if { (eval echo configure:7799: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+ eval "ac_cv_var_optind_declaration=no"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_var_optind_declaration=yes"
+fi
+rm -f conftest*
+
+fi
+
+
+ac_tr_var=HAVE_OPTIND_DECLARATION
+
+
+: << END
+@@@syms="$syms HAVE_OPTIND_DECLARATION"@@@
+END
+
+
+echo "$ac_t""$ac_cv_var_optind_declaration" 1>&6
+if eval "test \"\$ac_cv_var_optind_declaration\" = yes"; then
+ cat >> confdefs.h <<EOF
+#define $ac_tr_var 1
+EOF
+
+fi
+
+
+echo $ac_n "checking if opterr is properly declared""... $ac_c" 1>&6
+echo "configure:7831: checking if opterr is properly declared" >&5
+if eval "test \"`echo '$''{'ac_cv_var_opterr_declaration'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+cat > conftest.$ac_ext <<EOF
+#line 7837 "configure"
+#include "confdefs.h"
+#include <stdlib.h>
+extern struct { int foo; } opterr;
+int main() {
+opterr.foo = 1;
+; return 0; }
+EOF
+if { (eval echo configure:7845: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+ eval "ac_cv_var_opterr_declaration=no"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_var_opterr_declaration=yes"
+fi
+rm -f conftest*
+
+fi
+
+
+ac_tr_var=HAVE_OPTERR_DECLARATION
+
+
+: << END
+@@@syms="$syms HAVE_OPTERR_DECLARATION"@@@
+END
+
+
+echo "$ac_t""$ac_cv_var_opterr_declaration" 1>&6
+if eval "test \"\$ac_cv_var_opterr_declaration\" = yes"; then
+ cat >> confdefs.h <<EOF
+#define $ac_tr_var 1
+EOF
+
+fi
+
+
+echo $ac_n "checking if optopt is properly declared""... $ac_c" 1>&6
+echo "configure:7877: checking if optopt is properly declared" >&5
+if eval "test \"`echo '$''{'ac_cv_var_optopt_declaration'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+cat > conftest.$ac_ext <<EOF
+#line 7883 "configure"
+#include "confdefs.h"
+#include <stdlib.h>
+extern struct { int foo; } optopt;
+int main() {
+optopt.foo = 1;
+; return 0; }
+EOF
+if { (eval echo configure:7891: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+ eval "ac_cv_var_optopt_declaration=no"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_var_optopt_declaration=yes"
+fi
+rm -f conftest*
+
+fi
+
+
+ac_tr_var=HAVE_OPTOPT_DECLARATION
+
+
+: << END
+@@@syms="$syms HAVE_OPTOPT_DECLARATION"@@@
+END
+
+
+echo "$ac_t""$ac_cv_var_optopt_declaration" 1>&6
+if eval "test \"\$ac_cv_var_optopt_declaration\" = yes"; then
+ cat >> confdefs.h <<EOF
+#define $ac_tr_var 1
+EOF
+
+fi
+
+
+echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6
+echo "configure:7923: checking return type of signal handlers" >&5
+if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 7928 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <signal.h>
+#ifdef signal
+#undef signal
+#endif
+#ifdef __cplusplus
+extern "C" void (*signal (int, void (*)(int)))(int);
+#else
+void (*signal ()) ();
+#endif
+
+int main() {
+int i;
+; return 0; }
+EOF
+if { (eval echo configure:7945: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+ ac_cv_type_signal=void
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ ac_cv_type_signal=int
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_type_signal" 1>&6
+cat >> confdefs.h <<EOF
+#define RETSIGTYPE $ac_cv_type_signal
+EOF
+
+
+if test "$ac_cv_type_signal" = "void" ; then
+ cat >> confdefs.h <<\EOF
+#define VOID_RETSIGTYPE 1
+EOF
+
+fi
+
+cat > conftest.$ac_ext <<EOF
+#line 7971 "configure"
+#include "confdefs.h"
+#include <utmp.h>
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ egrep "ut_user" >/dev/null 2>&1; then
+ rm -rf conftest*
+ cat >> confdefs.h <<\EOF
+#define HAVE_UT_USER 1
+EOF
+
+fi
+rm -f conftest*
+
+cat > conftest.$ac_ext <<EOF
+#line 7986 "configure"
+#include "confdefs.h"
+#include <utmp.h>
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ egrep "ut_host" >/dev/null 2>&1; then
+ rm -rf conftest*
+ cat >> confdefs.h <<\EOF
+#define HAVE_UT_HOST 1
+EOF
+
+fi
+rm -f conftest*
+
+cat > conftest.$ac_ext <<EOF
+#line 8001 "configure"
+#include "confdefs.h"
+#include <utmp.h>
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ egrep "ut_addr" >/dev/null 2>&1; then
+ rm -rf conftest*
+ cat >> confdefs.h <<\EOF
+#define HAVE_UT_ADDR 1
+EOF
+
+fi
+rm -f conftest*
+
+cat > conftest.$ac_ext <<EOF
+#line 8016 "configure"
+#include "confdefs.h"
+#include <utmp.h>
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ egrep "ut_type" >/dev/null 2>&1; then
+ rm -rf conftest*
+ cat >> confdefs.h <<\EOF
+#define HAVE_UT_TYPE 1
+EOF
+
+fi
+rm -f conftest*
+
+cat > conftest.$ac_ext <<EOF
+#line 8031 "configure"
+#include "confdefs.h"
+#include <utmp.h>
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ egrep "ut_pid" >/dev/null 2>&1; then
+ rm -rf conftest*
+ cat >> confdefs.h <<\EOF
+#define HAVE_UT_PID 1
+EOF
+
+fi
+rm -f conftest*
+
+cat > conftest.$ac_ext <<EOF
+#line 8046 "configure"
+#include "confdefs.h"
+#include <utmp.h>
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ egrep "ut_id" >/dev/null 2>&1; then
+ rm -rf conftest*
+ cat >> confdefs.h <<\EOF
+#define HAVE_UT_ID 1
+EOF
+
+fi
+rm -f conftest*
+
+cat > conftest.$ac_ext <<EOF
+#line 8061 "configure"
+#include "confdefs.h"
+#include <utmpx.h>
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ egrep "ut_syslen" >/dev/null 2>&1; then
+ rm -rf conftest*
+ cat >> confdefs.h <<\EOF
+#define HAVE_UT_SYSLEN 1
+EOF
+
+fi
+rm -f conftest*
+
+
+echo $ac_n "checking for st_blksize in struct stat""... $ac_c" 1>&6
+echo "configure:8077: checking for st_blksize in struct stat" >&5
+if eval "test \"`echo '$''{'ac_cv_struct_st_blksize'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 8082 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <sys/stat.h>
+int main() {
+struct stat s; s.st_blksize;
+; return 0; }
+EOF
+if { (eval echo configure:8090: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+ ac_cv_struct_st_blksize=yes
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ ac_cv_struct_st_blksize=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_struct_st_blksize" 1>&6
+if test $ac_cv_struct_st_blksize = yes; then
+ cat >> confdefs.h <<\EOF
+#define HAVE_ST_BLKSIZE 1
+EOF
+
+fi
+
+
+
+
+echo $ac_n "checking for struct winsize""... $ac_c" 1>&6
+echo "configure:8114: checking for struct winsize" >&5
+if eval "test \"`echo '$''{'ac_cv_struct_winsize'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+ac_cv_struct_winsize=no
+for i in sys/termios.h sys/ioctl.h; do
+cat > conftest.$ac_ext <<EOF
+#line 8122 "configure"
+#include "confdefs.h"
+#include <$i>
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ egrep "struct[ ]*winsize" >/dev/null 2>&1; then
+ rm -rf conftest*
+ ac_cv_struct_winsize=yes; break
+fi
+rm -f conftest*
+done
+
+fi
+
+if test "$ac_cv_struct_winsize" = "yes"; then
+ cat >> confdefs.h <<\EOF
+#define HAVE_STRUCT_WINSIZE 1
+EOF
+fi
+echo "$ac_t""$ac_cv_struct_winsize" 1>&6
+cat > conftest.$ac_ext <<EOF
+#line 8143 "configure"
+#include "confdefs.h"
+#include <termios.h>
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ egrep "ws_xpixel" >/dev/null 2>&1; then
+ rm -rf conftest*
+ cat >> confdefs.h <<\EOF
+#define HAVE_WS_XPIXEL 1
+EOF
+
+fi
+rm -f conftest*
+
+cat > conftest.$ac_ext <<EOF
+#line 8158 "configure"
+#include "confdefs.h"
+#include <termios.h>
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ egrep "ws_ypixel" >/dev/null 2>&1; then
+ rm -rf conftest*
+ cat >> confdefs.h <<\EOF
+#define HAVE_WS_YPIXEL 1
+EOF
+
+fi
+rm -f conftest*
+
+
+
+
+echo $ac_n "checking for pid_t""... $ac_c" 1>&6
+echo "configure:8176: checking for pid_t" >&5
+if eval "test \"`echo '$''{'ac_cv_type_pid_t'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 8181 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ egrep "pid_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
+ rm -rf conftest*
+ ac_cv_type_pid_t=yes
+else
+ rm -rf conftest*
+ ac_cv_type_pid_t=no
+fi
+rm -f conftest*
+
+fi
+echo "$ac_t""$ac_cv_type_pid_t" 1>&6
+if test $ac_cv_type_pid_t = no; then
+ cat >> confdefs.h <<\EOF
+#define pid_t int
+EOF
+
+fi
+
+echo $ac_n "checking for uid_t in sys/types.h""... $ac_c" 1>&6
+echo "configure:8209: checking for uid_t in sys/types.h" >&5
+if eval "test \"`echo '$''{'ac_cv_type_uid_t'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 8214 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ egrep "uid_t" >/dev/null 2>&1; then
+ rm -rf conftest*
+ ac_cv_type_uid_t=yes
+else
+ rm -rf conftest*
+ ac_cv_type_uid_t=no
+fi
+rm -f conftest*
+
+fi
+
+echo "$ac_t""$ac_cv_type_uid_t" 1>&6
+if test $ac_cv_type_uid_t = no; then
+ cat >> confdefs.h <<\EOF
+#define uid_t int
+EOF
+
+ cat >> confdefs.h <<\EOF
+#define gid_t int
+EOF
+
+fi
+
+echo $ac_n "checking for off_t""... $ac_c" 1>&6
+echo "configure:8243: checking for off_t" >&5
+if eval "test \"`echo '$''{'ac_cv_type_off_t'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 8248 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ egrep "off_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
+ rm -rf conftest*
+ ac_cv_type_off_t=yes
+else
+ rm -rf conftest*
+ ac_cv_type_off_t=no
+fi
+rm -f conftest*
+
+fi
+echo "$ac_t""$ac_cv_type_off_t" 1>&6
+if test $ac_cv_type_off_t = no; then
+ cat >> confdefs.h <<\EOF
+#define off_t long
+EOF
+
+fi
+
+echo $ac_n "checking for size_t""... $ac_c" 1>&6
+echo "configure:8276: checking for size_t" >&5
+if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 8281 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ egrep "size_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
+ rm -rf conftest*
+ ac_cv_type_size_t=yes
+else
+ rm -rf conftest*
+ ac_cv_type_size_t=no
+fi
+rm -f conftest*
+
+fi
+echo "$ac_t""$ac_cv_type_size_t" 1>&6
+if test $ac_cv_type_size_t = no; then
+ cat >> confdefs.h <<\EOF
+#define size_t unsigned
+EOF
+
+fi
+
+
+
+echo $ac_n "checking for sa_len in struct sockaddr""... $ac_c" 1>&6
+echo "configure:8311: checking for sa_len in struct sockaddr" >&5
+if eval "test \"`echo '$''{'krb_cv_struct_sockaddr_sa_len'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+cat > conftest.$ac_ext <<EOF
+#line 8317 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <sys/socket.h>
+int main() {
+struct sockaddr sa;
+int foo = sa.sa_len;
+; return 0; }
+EOF
+if { (eval echo configure:8326: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+ krb_cv_struct_sockaddr_sa_len=yes
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ krb_cv_struct_sockaddr_sa_len=no
+fi
+rm -f conftest*
+
+fi
+
+echo "$ac_t""$krb_cv_struct_sockaddr_sa_len" 1>&6
+if test "$krb_cv_struct_sockaddr_sa_len" = yes; then
+ cat >> confdefs.h <<\EOF
+#define SOCKADDR_HAS_SA_LEN 1
+EOF
+
+fi
+
+
+if test "$ac_cv_header_siad_h" = yes; then
+echo $ac_n "checking for ouid in struct siaentity""... $ac_c" 1>&6
+echo "configure:8350: checking for ouid in struct siaentity" >&5
+if eval "test \"`echo '$''{'krb_cv_struct_siaentity_ouid'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+cat > conftest.$ac_ext <<EOF
+#line 8356 "configure"
+#include "confdefs.h"
+#include <siad.h>
+
+int main() {
+SIAENTITY e;
+int foo = e.ouid;
+; return 0; }
+EOF
+if { (eval echo configure:8365: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+ krb_cv_struct_siaentity_ouid=yes
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ krb_cv_struct_siaentity_ouid=no
+fi
+rm -f conftest*
+
+fi
+
+echo "$ac_t""$krb_cv_struct_siaentity_ouid" 1>&6
+if test "$krb_cv_struct_siaentity_ouid" = yes; then
+ cat >> confdefs.h <<\EOF
+#define SIAENTITY_HAS_OUID 1
+EOF
+
+fi
+fi
+
+
+echo $ac_n "checking for working getmsg""... $ac_c" 1>&6
+echo "configure:8389: checking for working getmsg" >&5
+if eval "test \"`echo '$''{'ac_cv_func_getmsg'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ if test "$cross_compiling" = yes; then
+ ac_cv_func_getmsg=no
+else
+ cat > conftest.$ac_ext <<EOF
+#line 8397 "configure"
+#include "confdefs.h"
+
+#include <stdio.h>
+
+int main()
+{
+ getmsg(open("/dev/null", 0), NULL, NULL, NULL);
+ return 0;
+}
+
+EOF
+if { (eval echo configure:8409: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null
+then
+ ac_cv_func_getmsg=yes
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -fr conftest*
+ ac_cv_func_getmsg=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$ac_cv_func_getmsg" 1>&6
+test "$ac_cv_func_getmsg" = "yes" &&
+cat >> confdefs.h <<\EOF
+#define HAVE_GETMSG 1
+EOF
+
+
+
+save_LIBS="$LIBS"
+LIBS="$LIB_DBM $LIBS"
+echo $ac_n "checking for berkeley db""... $ac_c" 1>&6
+echo "configure:8434: checking for berkeley db" >&5
+if eval "test \"`echo '$''{'krb_cv_lib_berkeleydb'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ if test "$cross_compiling" = yes; then
+ krb_cv_lib_berkeleydb=no
+else
+ cat > conftest.$ac_ext <<EOF
+#line 8442 "configure"
+#include "confdefs.h"
+
+#include <unistd.h>
+#include <fcntl.h>
+#include <ndbm.h>
+int main()
+{
+ DBM *d;
+
+ d = dbm_open("conftest", O_RDWR | O_CREAT, 0666);
+ if(d == NULL)
+ return 1;
+ dbm_close(d);
+ return access("conftest.db", F_OK) != 0;
+}
+EOF
+if { (eval echo configure:8459: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null
+then
+ krb_cv_lib_berkeleydb=yes
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -fr conftest*
+ krb_cv_lib_berkeleydb=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$krb_cv_lib_berkeleydb" 1>&6
+test "$krb_cv_lib_berkeleydb" = "yes" &&
+cat >> confdefs.h <<\EOF
+#define HAVE_NEW_DB 1
+EOF
+
+LIBS="$save_LIBS"
+
+
+
+
+echo $ac_n "checking for el_init""... $ac_c" 1>&6
+echo "configure:8485: checking for el_init" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_el_init'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+if eval "test \"\$ac_cv_func_el_init\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" edit; do
+ if test -n "$ac_lib"; then
+ ac_lib="-l$ac_lib"
+ LIBS="$ac_lib $ac_save_LIBS"
+ fi
+ cat > conftest.$ac_ext <<EOF
+#line 8498 "configure"
+#include "confdefs.h"
+
+int main() {
+el_init()
+; return 0; }
+EOF
+if { (eval echo configure:8505: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_el_init=$ac_lib; else ac_cv_funclib_el_init=yes; fi";break
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+ done
+ eval "ac_cv_funclib_el_init=\${ac_cv_funclib_el_init-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_el_init"
+
+# autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs el_init"@@@
+@@@libs="$libs edit"@@@
+END
+
+eval "ac_tr_func=HAVE_`echo el_init | tr '[a-z]' '[A-Z]'`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+eval "LIB_el_init=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_el_init=yes"
+ eval "LIB_el_init="
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ echo "$ac_t""yes" 1>&6
+ ;;
+ no)
+ eval "ac_cv_func_el_init=no"
+ eval "LIB_el_init="
+ echo "$ac_t""no" 1>&6
+ ;;
+ *)
+ eval "ac_cv_func_el_init=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+ echo "$ac_t""yes, in $ac_res" 1>&6
+ ;;
+esac
+
+
+
+
+echo $ac_n "checking for readline""... $ac_c" 1>&6
+echo "configure:8567: checking for readline" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_readline'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+
+if eval "test \"\$ac_cv_func_readline\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" readline; do
+ if test -n "$ac_lib"; then
+ ac_lib="-l$ac_lib"
+ LIBS="$ac_lib $ac_save_LIBS"
+ fi
+ cat > conftest.$ac_ext <<EOF
+#line 8580 "configure"
+#include "confdefs.h"
+
+int main() {
+readline()
+; return 0; }
+EOF
+if { (eval echo configure:8587: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_readline=$ac_lib; else ac_cv_funclib_readline=yes; fi";break
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+ done
+ eval "ac_cv_funclib_readline=\${ac_cv_funclib_readline-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_readline"
+
+# autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs readline"@@@
+@@@libs="$libs readline"@@@
+END
+
+eval "ac_tr_func=HAVE_`echo readline | tr '[a-z]' '[A-Z]'`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+eval "LIB_readline=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_readline=yes"
+ eval "LIB_readline="
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ echo "$ac_t""yes" 1>&6
+ ;;
+ no)
+ eval "ac_cv_func_readline=no"
+ eval "LIB_readline="
+ echo "$ac_t""no" 1>&6
+ ;;
+ *)
+ eval "ac_cv_func_readline=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+ cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+ echo "$ac_t""yes, in $ac_res" 1>&6
+ ;;
+esac
+
+
+
+if test "$with_readline"; then
+ cat >> confdefs.h <<\EOF
+#define HAVE_READLINE 1
+EOF
+
+ editline_OBJS=
+ LIB_readline="$READLINELIB "'$(LIB_tgetent)'
+ INCLUDE_readline="$READLINEINCLUDE"
+elif test "$ac_cv_func_el_init" = yes; then
+ cat >> confdefs.h <<\EOF
+#define HAVE_READLINE 1
+EOF
+
+
+ editline_OBJS=edit_compat.o
+ LIB_readline='-L$(topdir)/lib/editline -leditline '"$LIB_el_init"' $(LIB_tgetent)'
+
+ INCLUDE_readline='-I$(topdir)/lib/editline -I$(top_srcdir)/lib/editline'
+elif test "$ac_cv_func_readline" = yes; then
+ cat >> confdefs.h <<\EOF
+#define HAVE_READLINE 1
+EOF
+
+ editline_OBJS=
+ LIB_readline='-lreadline $(LIB_tgetent)'
+ INCLUDE_readline=
+else
+ cat >> confdefs.h <<\EOF
+#define HAVE_READLINE 1
+EOF
+
+ editline_OBJS="editline.o complete.o sysunix.o"
+ LIB_readline='-L$(topdir)/lib/editline -leditline $(LIB_tgetent)'
+ INCLUDE_readline='-I$(topdir)/lib/editline -I$(top_srcdir)/lib/editline'
+fi
+
+
+
+
+
+cat >> confdefs.h <<\EOF
+#define AUTHENTICATION 1
+EOF
+cat >> confdefs.h <<\EOF
+#define KRB4 1
+EOF
+cat >> confdefs.h <<\EOF
+#define ENCRYPTION 1
+EOF
+cat >> confdefs.h <<\EOF
+#define DES_ENCRYPTION 1
+EOF
+cat >> confdefs.h <<\EOF
+#define DIAGNOSTICS 1
+EOF
+cat >> confdefs.h <<\EOF
+#define OLD_ENVIRON 1
+EOF
+
+# Simple test for streamspty, based on the existance of getmsg(), alas
+# this breaks on SunOS4 which have streams but BSD-like ptys
+#
+# And also something wierd has happend with dec-osf1, fallback to bsd-ptys
+
+echo $ac_n "checking for streamspty""... $ac_c" 1>&6
+echo "configure:8712: checking for streamspty" >&5
+case "`uname -sr`" in
+SunOS\ 4*|OSF1*|IRIX\ 4*|HP-UX\ ?.10.*)
+ krb_cv_sys_streamspty=no
+ ;;
+AIX*)
+ os_rel=`uname -v`.`uname -r`
+ if expr "$os_rel" : "3*" >/dev/null 2>&1; then
+ krb_cv_sys_streamspty=no
+ else
+ krb_cv_sys_streamspty="$ac_cv_func_getmsg"
+ fi
+ ;;
+*)
+ krb_cv_sys_streamspty="$ac_cv_func_getmsg"
+ ;;
+esac
+if test "$krb_cv_sys_streamspty" = yes; then
+ cat >> confdefs.h <<\EOF
+#define STREAMSPTY 1
+EOF
+
+fi
+echo "$ac_t""$krb_cv_sys_streamspty" 1>&6
+
+echo $ac_n "checking if /bin/ls takes -A""... $ac_c" 1>&6
+echo "configure:8738: checking if /bin/ls takes -A" >&5
+if /bin/ls -A > /dev/null 2>&1 ;then
+ cat >> confdefs.h <<\EOF
+#define HAVE_LS_A 1
+EOF
+
+ krb_ls_a=yes
+else
+ krb_ls_a=no
+fi
+echo "$ac_t""$krb_ls_a" 1>&6
+
+echo $ac_n "checking for suffix of preformatted manual pages""... $ac_c" 1>&6
+echo "configure:8751: checking for suffix of preformatted manual pages" >&5
+if eval "test \"`echo '$''{'krb_cv_sys_cat_suffix'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ if grep _version /etc/man.conf > /dev/null 2>&1; then
+ krb_cv_sys_cat_suffix=0
+else
+ krb_cv_sys_cat_suffix=number
+fi
+fi
+
+echo "$ac_t""$krb_cv_sys_cat_suffix" 1>&6
+if test "$krb_cv_sys_cat_suffix" = number; then
+ CATSUFFIX='$$s'
+else
+ CATSUFFIX=0
+fi
+
+
+
+KRB_KAFS_LIB='-L$(topdir)/lib/kafs -lkafs'
+if test "$krb_cv_sys_aix" = yes; then
+ KRB_KAFS_LIB="$KRB_KAFS_LIB -lld"
+fi
+
+
+
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+for i in bin lib libexec sbin; do
+ i=${i}dir
+ foo=`echo $i | tr 'xindiscernible' 'XINDISCERNIBLE'`
+ x="\$${i}"
+ eval y="$x"
+ while test "x$y" != "x$x"; do
+ x="$y"
+ eval y="$x"
+ done
+ cat >> confdefs.h <<EOF
+#define $foo "$x"
+EOF
+
+done
+
+trap '' 1 2 15
+cat > confcache <<\EOF
+# This file is a shell script that caches the results of configure
+# tests run on this system so they can be shared between configure
+# scripts and configure runs. It is not useful on other systems.
+# If it contains results you don't want to keep, you may remove or edit it.
+#
+# By default, configure uses ./config.cache as the cache file,
+# creating it if it does not exist already. You can give configure
+# the --cache-file=FILE option to use a different cache file; that is
+# what configure does when it calls configure scripts in
+# subdirectories, so they share the cache.
+# Giving --cache-file=/dev/null disables caching, for debugging configure.
+# config.status only pays attention to the cache file if you give it the
+# --recheck option to rerun configure.
+#
+EOF
+# The following way of writing the cache mishandles newlines in values,
+# but we know of no workaround that is simple, portable, and efficient.
+# So, don't put newlines in cache variables' values.
+# Ultrix sh set writes to stderr and can't be redirected directly,
+# and sets the high bit in the cache file unless we assign to the vars.
+(set) 2>&1 |
+ case `(ac_space=' '; set) 2>&1 | grep '^ac_space'` in
+ *ac_space=\ *)
+ # `set' does not quote correctly, so add quotes (double-quote substitution
+ # turns \\\\ into \\, and sed turns \\ into \).
+ sed -n \
+ -e "s/'/'\\\\''/g" \
+ -e "s/^\\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\\)=\\(.*\\)/\\1=\${\\1='\\2'}/p"
+ ;;
+ *)
+ # `set' quotes correctly as required by POSIX, so do not add quotes.
+ sed -n -e 's/^\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\)=\(.*\)/\1=${\1=\2}/p'
+ ;;
+ esac >> confcache
+if cmp -s $cache_file confcache; then
+ :
+else
+ if test -w $cache_file; then
+ echo "updating cache $cache_file"
+ cat confcache > $cache_file
+ else
+ echo "not updating unwritable cache $cache_file"
+ fi
+fi
+rm -f confcache
+
+trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+# Let make expand exec_prefix.
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+# Any assignment to VPATH causes Sun make to only execute
+# the first set of double-colon rules, so remove it if not needed.
+# If there is a colon in the path, we need to keep it.
+if test "x$srcdir" = x.; then
+ ac_vpsub='/^[ ]*VPATH[ ]*=[^:]*$/d'
+fi
+
+trap 'rm -f $CONFIG_STATUS conftest*; exit 1' 1 2 15
+
+DEFS=-DHAVE_CONFIG_H
+
+# Without the "./", some shells look in PATH for config.status.
+: ${CONFIG_STATUS=./config.status}
+
+echo creating $CONFIG_STATUS
+rm -f $CONFIG_STATUS
+cat > $CONFIG_STATUS <<EOF
+#! /bin/sh
+# Generated automatically by configure.
+# Run this file to recreate the current configuration.
+# This directory was configured as follows,
+# on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+#
+# $0 $ac_configure_args
+#
+# Compiler output produced by configure, useful for debugging
+# configure, is in ./config.log if it exists.
+
+ac_cs_usage="Usage: $CONFIG_STATUS [--recheck] [--version] [--help]"
+for ac_option
+do
+ case "\$ac_option" in
+ -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+ echo "running \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion"
+ exec \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion ;;
+ -version | --version | --versio | --versi | --vers | --ver | --ve | --v)
+ echo "$CONFIG_STATUS generated by autoconf version 2.12"
+ exit 0 ;;
+ -help | --help | --hel | --he | --h)
+ echo "\$ac_cs_usage"; exit 0 ;;
+ *) echo "\$ac_cs_usage"; exit 1 ;;
+ esac
+done
+
+ac_given_srcdir=$srcdir
+ac_given_INSTALL="$INSTALL"
+
+trap 'rm -fr `echo "\
+Makefile \
+include/Makefile \
+include/sys/Makefile \
+ \
+util/Makefile \
+util/et/Makefile \
+ \
+man/Makefile \
+ \
+lib/Makefile \
+lib/des/Makefile \
+lib/krb/Makefile \
+lib/kdb/Makefile \
+lib/kadm/Makefile \
+lib/acl/Makefile \
+lib/kafs/Makefile \
+lib/roken/Makefile \
+lib/otp/Makefile \
+lib/sl/Makefile \
+lib/editline/Makefile \
+lib/auth/Makefile \
+lib/auth/pam/Makefile \
+lib/auth/sia/Makefile \
+lib/auth/afskauthlib/Makefile \
+ \
+kuser/Makefile \
+server/Makefile \
+slave/Makefile \
+admin/Makefile \
+kadmin/Makefile \
+ \
+appl/Makefile \
+ \
+appl/afsutil/Makefile \
+appl/ftp/Makefile \
+appl/ftp/common/Makefile \
+appl/ftp/ftp/Makefile \
+appl/ftp/ftpd/Makefile \
+appl/telnet/Makefile \
+appl/telnet/libtelnet/Makefile \
+appl/telnet/telnet/Makefile \
+appl/telnet/telnetd/Makefile \
+appl/bsd/Makefile \
+appl/kauth/Makefile \
+appl/kpopper/Makefile \
+appl/movemail/Makefile \
+appl/sample/Makefile \
+appl/xnlock/Makefile \
+appl/kx/Makefile \
+appl/kip/Makefile \
+appl/otp/Makefile \
+doc/Makefile \
+ include/config.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15
+EOF
+cat >> $CONFIG_STATUS <<EOF
+
+# Protect against being on the right side of a sed subst in config.status.
+sed 's/%@/@@/; s/@%/@@/; s/%g\$/@g/; /@g\$/s/[\\\\&%]/\\\\&/g;
+ s/@@/%@/; s/@@/@%/; s/@g\$/%g/' > conftest.subs <<\\CEOF
+$ac_vpsub
+$extrasub
+s%@CFLAGS@%$CFLAGS%g
+s%@CPPFLAGS@%$CPPFLAGS%g
+s%@CXXFLAGS@%$CXXFLAGS%g
+s%@DEFS@%$DEFS%g
+s%@LDFLAGS@%$LDFLAGS%g
+s%@LIBS@%$LIBS%g
+s%@exec_prefix@%$exec_prefix%g
+s%@prefix@%$prefix%g
+s%@program_transform_name@%$program_transform_name%g
+s%@bindir@%$bindir%g
+s%@sbindir@%$sbindir%g
+s%@libexecdir@%$libexecdir%g
+s%@datadir@%$datadir%g
+s%@sysconfdir@%$sysconfdir%g
+s%@sharedstatedir@%$sharedstatedir%g
+s%@localstatedir@%$localstatedir%g
+s%@libdir@%$libdir%g
+s%@includedir@%$includedir%g
+s%@oldincludedir@%$oldincludedir%g
+s%@infodir@%$infodir%g
+s%@mandir@%$mandir%g
+s%@PACKAGE@%$PACKAGE%g
+s%@VERSION@%$VERSION%g
+s%@host@%$host%g
+s%@host_alias@%$host_alias%g
+s%@host_cpu@%$host_cpu%g
+s%@host_vendor@%$host_vendor%g
+s%@host_os@%$host_os%g
+s%@SET_MAKE@%$SET_MAKE%g
+s%@LN_S@%$LN_S%g
+s%@CC@%$CC%g
+s%@CPP@%$CPP%g
+s%@YACC@%$YACC%g
+s%@LEX@%$LEX%g
+s%@LEXLIB@%$LEXLIB%g
+s%@RANLIB@%$RANLIB%g
+s%@INSTALL_PROGRAM@%$INSTALL_PROGRAM%g
+s%@INSTALL_DATA@%$INSTALL_DATA%g
+s%@MAKEINFO@%$MAKEINFO%g
+s%@SOCKSINCLUDE@%$SOCKSINCLUDE%g
+s%@SOCKSLIB@%$SOCKSLIB%g
+s%@CRACKLIB@%$CRACKLIB%g
+s%@READLINEINCLUDE@%$READLINEINCLUDE%g
+s%@READLINELIB@%$READLINELIB%g
+s%@REAL_PICFLAGS@%$REAL_PICFLAGS%g
+s%@REAL_SHLIBEXT@%$REAL_SHLIBEXT%g
+s%@REAL_LD_FLAGS@%$REAL_LD_FLAGS%g
+s%@PICFLAGS@%$PICFLAGS%g
+s%@SHLIBEXT@%$SHLIBEXT%g
+s%@LDSHARED@%$LDSHARED%g
+s%@LD_FLAGS@%$LD_FLAGS%g
+s%@LIBEXT@%$LIBEXT%g
+s%@LIBPREFIX@%$LIBPREFIX%g
+s%@EXECSUFFIX@%$EXECSUFFIX%g
+s%@AFS_EXTRA_OBJS@%$AFS_EXTRA_OBJS%g
+s%@AFS_EXTRA_LIBS@%$AFS_EXTRA_LIBS%g
+s%@ac_cv_header_sys_cdefs_h@%$ac_cv_header_sys_cdefs_h%g
+s%@ac_cv_header_err_h@%$ac_cv_header_err_h%g
+s%@LIB_socket@%$LIB_socket%g
+s%@LIB_gethostbyname@%$LIB_gethostbyname%g
+s%@LIB_odm_initialize@%$LIB_odm_initialize%g
+s%@LIB_getattr@%$LIB_getattr%g
+s%@LIB_setpcred@%$LIB_setpcred%g
+s%@LIB_logwtmp@%$LIB_logwtmp%g
+s%@LIB_logout@%$LIB_logout%g
+s%@LIB_tgetent@%$LIB_tgetent%g
+s%@X_CFLAGS@%$X_CFLAGS%g
+s%@X_PRE_LIBS@%$X_PRE_LIBS%g
+s%@X_LIBS@%$X_LIBS%g
+s%@X_EXTRA_LIBS@%$X_EXTRA_LIBS%g
+s%@MAKE_X_PROGS_BIN@%$MAKE_X_PROGS_BIN%g
+s%@MAKE_X_PROGS_LIBEXEC@%$MAKE_X_PROGS_LIBEXEC%g
+s%@LIB_XauReadAuth@%$LIB_XauReadAuth%g
+s%@XauWriteAuth_c@%$XauWriteAuth_c%g
+s%@XauWriteAuth_o@%$XauWriteAuth_o%g
+s%@LIB_dbopen@%$LIB_dbopen%g
+s%@LIB_dbm_firstkey@%$LIB_dbm_firstkey%g
+s%@LIB_DBM@%$LIB_DBM%g
+s%@LIB_syslog@%$LIB_syslog%g
+s%@LIB_getpwnam_r@%$LIB_getpwnam_r%g
+s%@LIB_getsockopt@%$LIB_getsockopt%g
+s%@LIB_setsockopt@%$LIB_setsockopt%g
+s%@LIB_res_search@%$LIB_res_search%g
+s%@LIB_dn_expand@%$LIB_dn_expand%g
+s%@ALLOCA@%$ALLOCA%g
+s%@LIB_hstrerror@%$LIB_hstrerror%g
+s%@LIBOBJS@%$LIBOBJS%g
+s%@LIB_AUTH_SUBDIRS@%$LIB_AUTH_SUBDIRS%g
+s%@APPL_KIP_DIR@%$APPL_KIP_DIR%g
+s%@LIB_el_init@%$LIB_el_init%g
+s%@LIB_readline@%$LIB_readline%g
+s%@INCLUDE_readline@%$INCLUDE_readline%g
+s%@editline_OBJS@%$editline_OBJS%g
+s%@CATSUFFIX@%$CATSUFFIX%g
+s%@KRB_KAFS_LIB@%$KRB_KAFS_LIB%g
+
+CEOF
+EOF
+
+cat >> $CONFIG_STATUS <<\EOF
+
+# Split the substitutions into bite-sized pieces for seds with
+# small command number limits, like on Digital OSF/1 and HP-UX.
+ac_max_sed_cmds=90 # Maximum number of lines to put in a sed script.
+ac_file=1 # Number of current file.
+ac_beg=1 # First line for current file.
+ac_end=$ac_max_sed_cmds # Line after last line for current file.
+ac_more_lines=:
+ac_sed_cmds=""
+while $ac_more_lines; do
+ if test $ac_beg -gt 1; then
+ sed "1,${ac_beg}d; ${ac_end}q" conftest.subs > conftest.s$ac_file
+ else
+ sed "${ac_end}q" conftest.subs > conftest.s$ac_file
+ fi
+ if test ! -s conftest.s$ac_file; then
+ ac_more_lines=false
+ rm -f conftest.s$ac_file
+ else
+ if test -z "$ac_sed_cmds"; then
+ ac_sed_cmds="sed -f conftest.s$ac_file"
+ else
+ ac_sed_cmds="$ac_sed_cmds | sed -f conftest.s$ac_file"
+ fi
+ ac_file=`expr $ac_file + 1`
+ ac_beg=$ac_end
+ ac_end=`expr $ac_end + $ac_max_sed_cmds`
+ fi
+done
+if test -z "$ac_sed_cmds"; then
+ ac_sed_cmds=cat
+fi
+EOF
+
+cat >> $CONFIG_STATUS <<EOF
+
+CONFIG_FILES=\${CONFIG_FILES-"\
+Makefile \
+include/Makefile \
+include/sys/Makefile \
+ \
+util/Makefile \
+util/et/Makefile \
+ \
+man/Makefile \
+ \
+lib/Makefile \
+lib/des/Makefile \
+lib/krb/Makefile \
+lib/kdb/Makefile \
+lib/kadm/Makefile \
+lib/acl/Makefile \
+lib/kafs/Makefile \
+lib/roken/Makefile \
+lib/otp/Makefile \
+lib/sl/Makefile \
+lib/editline/Makefile \
+lib/auth/Makefile \
+lib/auth/pam/Makefile \
+lib/auth/sia/Makefile \
+lib/auth/afskauthlib/Makefile \
+ \
+kuser/Makefile \
+server/Makefile \
+slave/Makefile \
+admin/Makefile \
+kadmin/Makefile \
+ \
+appl/Makefile \
+ \
+appl/afsutil/Makefile \
+appl/ftp/Makefile \
+appl/ftp/common/Makefile \
+appl/ftp/ftp/Makefile \
+appl/ftp/ftpd/Makefile \
+appl/telnet/Makefile \
+appl/telnet/libtelnet/Makefile \
+appl/telnet/telnet/Makefile \
+appl/telnet/telnetd/Makefile \
+appl/bsd/Makefile \
+appl/kauth/Makefile \
+appl/kpopper/Makefile \
+appl/movemail/Makefile \
+appl/sample/Makefile \
+appl/xnlock/Makefile \
+appl/kx/Makefile \
+appl/kip/Makefile \
+appl/otp/Makefile \
+doc/Makefile \
+"}
+EOF
+cat >> $CONFIG_STATUS <<\EOF
+for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then
+ # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
+ case "$ac_file" in
+ *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'`
+ ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;;
+ *) ac_file_in="${ac_file}.in" ;;
+ esac
+
+ # Adjust a relative srcdir, top_srcdir, and INSTALL for subdirectories.
+
+ # Remove last slash and all that follows it. Not all systems have dirname.
+ ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'`
+ if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then
+ # The file is in a subdirectory.
+ test ! -d "$ac_dir" && mkdir "$ac_dir"
+ ac_dir_suffix="/`echo $ac_dir|sed 's%^\./%%'`"
+ # A "../" for each directory in $ac_dir_suffix.
+ ac_dots=`echo $ac_dir_suffix|sed 's%/[^/]*%../%g'`
+ else
+ ac_dir_suffix= ac_dots=
+ fi
+
+ case "$ac_given_srcdir" in
+ .) srcdir=.
+ if test -z "$ac_dots"; then top_srcdir=.
+ else top_srcdir=`echo $ac_dots|sed 's%/$%%'`; fi ;;
+ /*) srcdir="$ac_given_srcdir$ac_dir_suffix"; top_srcdir="$ac_given_srcdir" ;;
+ *) # Relative path.
+ srcdir="$ac_dots$ac_given_srcdir$ac_dir_suffix"
+ top_srcdir="$ac_dots$ac_given_srcdir" ;;
+ esac
+
+ case "$ac_given_INSTALL" in
+ [/$]*) INSTALL="$ac_given_INSTALL" ;;
+ *) INSTALL="$ac_dots$ac_given_INSTALL" ;;
+ esac
+
+ echo creating "$ac_file"
+ rm -f "$ac_file"
+ configure_input="Generated automatically from `echo $ac_file_in|sed 's%.*/%%'` by configure."
+ case "$ac_file" in
+ *Makefile*) ac_comsub="1i\\
+# $configure_input" ;;
+ *) ac_comsub= ;;
+ esac
+
+ ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"`
+ sed -e "$ac_comsub
+s%@configure_input@%$configure_input%g
+s%@srcdir@%$srcdir%g
+s%@top_srcdir@%$top_srcdir%g
+s%@INSTALL@%$INSTALL%g
+" $ac_file_inputs | (eval "$ac_sed_cmds") > $ac_file
+fi; done
+rm -f conftest.s*
+
+# These sed commands are passed to sed as "A NAME B NAME C VALUE D", where
+# NAME is the cpp macro being defined and VALUE is the value it is being given.
+#
+# ac_d sets the value in "#define NAME VALUE" lines.
+ac_dA='s%^\([ ]*\)#\([ ]*define[ ][ ]*\)'
+ac_dB='\([ ][ ]*\)[^ ]*%\1#\2'
+ac_dC='\3'
+ac_dD='%g'
+# ac_u turns "#undef NAME" with trailing blanks into "#define NAME VALUE".
+ac_uA='s%^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)'
+ac_uB='\([ ]\)%\1#\2define\3'
+ac_uC=' '
+ac_uD='\4%g'
+# ac_e turns "#undef NAME" without trailing blanks into "#define NAME VALUE".
+ac_eA='s%^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)'
+ac_eB='$%\1#\2define\3'
+ac_eC=' '
+ac_eD='%g'
+
+if test "${CONFIG_HEADERS+set}" != set; then
+EOF
+cat >> $CONFIG_STATUS <<EOF
+ CONFIG_HEADERS="include/config.h"
+EOF
+cat >> $CONFIG_STATUS <<\EOF
+fi
+for ac_file in .. $CONFIG_HEADERS; do if test "x$ac_file" != x..; then
+ # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
+ case "$ac_file" in
+ *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'`
+ ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;;
+ *) ac_file_in="${ac_file}.in" ;;
+ esac
+
+ echo creating $ac_file
+
+ rm -f conftest.frag conftest.in conftest.out
+ ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"`
+ cat $ac_file_inputs > conftest.in
+
+EOF
+
+# Transform confdefs.h into a sed script conftest.vals that substitutes
+# the proper values into config.h.in to produce config.h. And first:
+# Protect against being on the right side of a sed subst in config.status.
+# Protect against being in an unquoted here document in config.status.
+rm -f conftest.vals
+cat > conftest.hdr <<\EOF
+s/[\\&%]/\\&/g
+s%[\\$`]%\\&%g
+s%#define \([A-Za-z_][A-Za-z0-9_]*\) *\(.*\)%${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD}%gp
+s%ac_d%ac_u%gp
+s%ac_u%ac_e%gp
+EOF
+sed -n -f conftest.hdr confdefs.h > conftest.vals
+rm -f conftest.hdr
+
+# This sed command replaces #undef with comments. This is necessary, for
+# example, in the case of _POSIX_SOURCE, which is predefined and required
+# on some systems where configure will not decide to define it.
+cat >> conftest.vals <<\EOF
+s%^[ ]*#[ ]*undef[ ][ ]*[a-zA-Z_][a-zA-Z_0-9]*%/* & */%
+EOF
+
+# Break up conftest.vals because some shells have a limit on
+# the size of here documents, and old seds have small limits too.
+
+rm -f conftest.tail
+while :
+do
+ ac_lines=`grep -c . conftest.vals`
+ # grep -c gives empty output for an empty file on some AIX systems.
+ if test -z "$ac_lines" || test "$ac_lines" -eq 0; then break; fi
+ # Write a limited-size here document to conftest.frag.
+ echo ' cat > conftest.frag <<CEOF' >> $CONFIG_STATUS
+ sed ${ac_max_here_lines}q conftest.vals >> $CONFIG_STATUS
+ echo 'CEOF
+ sed -f conftest.frag conftest.in > conftest.out
+ rm -f conftest.in
+ mv conftest.out conftest.in
+' >> $CONFIG_STATUS
+ sed 1,${ac_max_here_lines}d conftest.vals > conftest.tail
+ rm -f conftest.vals
+ mv conftest.tail conftest.vals
+done
+rm -f conftest.vals
+
+cat >> $CONFIG_STATUS <<\EOF
+ rm -f conftest.frag conftest.h
+ echo "/* $ac_file. Generated automatically by configure. */" > conftest.h
+ cat conftest.in >> conftest.h
+ rm -f conftest.in
+ if cmp -s $ac_file conftest.h 2>/dev/null; then
+ echo "$ac_file is unchanged"
+ rm -f conftest.h
+ else
+ # Remove last slash and all that follows it. Not all systems have dirname.
+ ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'`
+ if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then
+ # The file is in a subdirectory.
+ test ! -d "$ac_dir" && mkdir "$ac_dir"
+ fi
+ rm -f $ac_file
+ mv conftest.h $ac_file
+ fi
+fi; done
+
+EOF
+cat >> $CONFIG_STATUS <<EOF
+
+EOF
+cat >> $CONFIG_STATUS <<\EOF
+
+exit 0
+EOF
+chmod +x $CONFIG_STATUS
+rm -fr confdefs* $ac_clean_files
+test "$no_create" = yes || ${CONFIG_SHELL-/bin/sh} $CONFIG_STATUS || exit 1
+
+KRB4VERSION="$PACKAGE-$VERSION"
+
+cat > include/newversion.h.in <<EOF
+char *krb4_long_version = "@(#)\$Version: $KRB4VERSION by @USER@ on @HOST@ ($host) @DATE@ \$";
+char *krb4_version = "$KRB4VERSION";
+EOF
+
+if test -f include/version.h && cmp -s include/newversion.h.in include/version.h.in; then
+ echo "include/version.h is unchanged"
+ rm -f include/newversion.h.in
+else
+ echo "creating include/version.h"
+ User=${USER-${LOGNAME}}
+ Host=`(hostname || uname -n) 2>/dev/null | sed 1q`
+ Date=`date`
+ mv -f include/newversion.h.in include/version.h.in
+ sed -e "s/@USER@/$User/" -e "s/@HOST@/$Host/" -e "s/@DATE@/$Date/" include/version.h.in > include/version.h
+fi
diff --git a/crypto/kerberosIV/configure.in b/crypto/kerberosIV/configure.in
new file mode 100644
index 0000000..9265666
--- /dev/null
+++ b/crypto/kerberosIV/configure.in
@@ -0,0 +1,970 @@
+dnl
+dnl *** PLEASE NOTE ***
+dnl *** PLEASE NOTE ***
+dnl *** PLEASE NOTE ***
+dnl
+dnl Update $VERSION before making a new release
+dnl
+
+dnl Process this file with autoconf to produce a configure script.
+dnl
+AC_REVISION($Revision: 1.285 $)
+AC_INIT(lib/krb/getrealm.c)
+AC_CONFIG_HEADER(include/config.h)
+
+dnl
+dnl definitions
+dnl
+
+PACKAGE=krb4
+AC_SUBST(PACKAGE)dnl
+VERSION=0.9.6
+AC_SUBST(VERSION)dnl
+# This may be overridden using --prefix=/usr to configure
+AC_PREFIX_DEFAULT(/usr/athena)
+
+AC_CANONICAL_HOST
+AC_PROG_MAKE_SET
+AC_ARG_PROGRAM
+
+# We want these before the checks, so the checks can modify their values.
+test -z "$LDFLAGS" && LDFLAGS=-g
+
+dnl
+dnl check for programs
+dnl
+
+AC_KRB_PROG_LN_S
+AC_PROG_CC
+AC_PROG_CPP
+AC_ISC_POSIX
+AC_KRB_PROG_YACC
+AC_PROG_LEX
+AC_PROG_RANLIB
+AC_PROG_INSTALL
+AC_CHECK_PROG(MAKEINFO, makeinfo, makeinfo, :)
+
+dnl
+dnl check for build options
+dnl
+
+AC_TEST_PACKAGE(socks,socks.h,libsocks5.a,-lsocks5)
+CFLAGS="$SOCKSINCLUDE $CFLAGS"
+LIBS="$SOCKSLIB $LIBS"
+
+dnl Check if we want to use shared libraries
+AC_ARG_WITH(shared,
+[ --with-shared create shared libraries for Kerberos])
+
+AC_ARG_WITH(cracklib,
+[ --with-cracklib=dir use the cracklib.a in dir],
+)
+
+AC_ARG_WITH(dictpath,
+[ --with-dictpath=path use this dictionary with cracklib]
+)
+
+(test -z "$with_cracklib" && test -n "$with_dictpath") ||
+(test -n "$with_cracklib" && test -z "$with_dictpath") &&
+AC_MSG_ERROR(--with-cracklib requires --with-dictpath and vice versa)
+test -n "$with_cracklib" &&
+CRACKLIB="-L$with_cracklib -lcrack" &&
+AC_MSG_RESULT(Using cracklib in $with_cracklib)
+AC_SUBST(CRACKLIB)dnl
+test -n "$with_dictpath" &&
+AC_MSG_RESULT(Using dictpath=$with_dictpath) &&
+AC_DEFINE_UNQUOTED(DICTPATH,"$with_dictpath")
+
+AC_ARG_WITH(mailspool,
+[ --with-mailspool=dir this is the mail spool directory]
+)
+
+test -n "$with_mailspool" &&
+AC_DEFINE_UNQUOTED(KRB4_MAILDIR, "$with_mailspool")
+
+AC_ARG_ENABLE(random-mkey,
+[ --enable-random-mkey use new code for master keys],[
+if test "$enableval" = "yes"; then
+ AC_DEFINE(RANDOM_MKEY,1)
+fi
+])
+
+AC_ARG_WITH(mkey,
+[ --with-mkey=file where to put the master key],[
+if test -n "$withval"; then
+ AC_DEFINE_UNQUOTED(MKEYFILE,"$withval")
+fi
+])
+
+berkeley_db=db
+AC_ARG_WITH(berkeley-db,
+[ --without-berkeley-db if you don't want berkeley db],[
+if test "$withval" = no; then
+ berkeley_db=""
+fi
+])
+
+afs_support=yes
+AC_ARG_WITH(afs-support,
+[ --without-afs-support if you don't want support for afs],[
+if test "$withval" = no; then
+ AC_DEFINE(NO_AFS)
+ afs_support=no
+fi
+])
+
+des_quad=guess
+AC_ARG_WITH(des-quad-checksum,
+[ --with-des-quad-checksum=kind
+ default checksum to use (new, old, or guess)],[
+des_quad="$withval"
+])
+if test "$des_quad" = "new"; then
+ AC_DEFINE(DES_QUAD_DEFAULT,DES_QUAD_NEW)
+elif test "$des_quad" = "old"; then
+ AC_DEFINE(DES_QUAD_DEFAULT,DES_QUAD_OLD)
+else
+ AC_DEFINE(DES_QUAD_DEFAULT,DES_QUAD_GUESS)
+fi
+
+AC_TEST_PACKAGE(readline,readline.h,libreadline.a,-lreadline)
+
+dnl
+dnl Shared library stuff has to be different everywhere
+dnl
+
+AC_SUBST(CFLAGS)dnl
+AC_SUBST(LDFLAGS)dnl
+
+case ${with_shared} in
+ yes ) with_shared=yes;;
+ no ) with_shared=no;;
+ * ) with_shared=no;;
+esac
+
+# NOTE: Building shared libraries may not work if you do not use gcc!
+#
+# OS $SHLIBEXT
+# HP-UX sl
+# Linux so
+# NetBSD so
+# FreeBSD so
+# OSF so
+# SunOS5 so
+# SunOS4 so.0.5
+# Irix so
+#
+# LIBEXT is the extension we should build (.a or $SHLIBEXT)
+REAL_PICFLAGS="-fpic"
+LDSHARED='$(CC) $(PICFLAGS) -shared'
+LIBPREFIX=lib
+REAL_SHLIBEXT=so
+changequote({,})dnl
+SHLIB_VERSION=`echo $VERSION | sed 's/\([0-9.]*\).*/\1/'`
+changequote([,])dnl
+case "${host}" in
+*-*-hpux*)
+ REAL_SHLIBEXT=sl
+ REAL_LD_FLAGS='-Wl,+b$(libdir)'
+ if test -z "$GCC"; then
+ LDSHARED="ld -b"
+ REAL_PICFLAGS="+z"
+ fi
+ ;;
+*-*-linux*)
+ REAL_LD_FLAGS='-Wl,-rpath,$(libdir)'
+ ;;
+*-*-*bsd*)
+ REAL_SHLIBEXT=so.$SHLIB_VERSION
+ LDSHARED='ld -Bshareable'
+ REAL_LD_FLAGS='-Wl,-R$(libdir)'
+ ;;
+*-*-osf*)
+ REAL_LD_FLAGS='-Wl,-rpath,$(libdir)'
+ REAL_PICFLAGS=
+ LDSHARED='ld -shared -expect_unresolved \*'
+ ;;
+*-*-solaris2*)
+ REAL_LD_FLAGS='-Wl,-R$(libdir)'
+ if test -z "$GCC"; then
+ LDSHARED='$(CC) -G'
+ REAL_PICFLAGS="-Kpic"
+ fi
+ ;;
+*-*-sunos*)
+ REAL_SHLIBEXT=so.$SHLIB_VERSION
+ REAL_LD_FLAGS='-Wl,-L$(libdir)'
+ ;;
+*-*-irix*)
+ REAL_LD_FLAGS='-Wl,-rpath,$(libdir)'
+ REAL_PICFLAGS=
+ ;;
+*-*-os2_emx*)
+ LD_FLAGS='-Zexe'
+ LIBPREFIX=
+ EXECSUFFIX='.exe'
+ RANLIB=EMXOMF
+ REAL_SHLIBEXT=nobuild
+ ;;
+*-*-cygwin32*)
+ EXECSUFFIX='.exe'
+ REAL_SHLIBEXT=nobuild
+ ;;
+*) REAL_SHLIBEXT=nobuild
+ REAL_PICFLAGS=
+ ;;
+esac
+
+if test "${with_shared}" != "yes" ; then
+ PICFLAGS=""
+ SHLIBEXT="nobuild"
+ LIBEXT="a"
+else
+ PICFLAGS="$REAL_PICFLAGS"
+ SHLIBEXT="$REAL_SHLIBEXT"
+ LIBEXT="$SHLIBEXT"
+ LD_FLAGS="$REAL_LD_FLAGS"
+fi
+
+AC_SUBST(REAL_PICFLAGS) dnl
+AC_SUBST(REAL_SHLIBEXT) dnl
+AC_SUBST(REAL_LD_FLAGS) dnl
+
+AC_SUBST(PICFLAGS) dnl
+AC_SUBST(SHLIBEXT) dnl
+AC_SUBST(LDSHARED) dnl
+AC_SUBST(LD_FLAGS) dnl
+AC_SUBST(LIBEXT) dnl
+AC_SUBST(LIBPREFIX) dnl
+AC_SUBST(EXECSUFFIX) dnl
+
+dnl
+dnl Check if we need to use weak-stuff
+dnl
+
+AC_HAVE_PRAGMA_WEAK
+
+dnl
+dnl Check for endian-ness, this breaks cross compilation
+dnl
+AC_C_BIGENDIAN
+
+dnl
+dnl Check for constness
+dnl
+AC_C_CONST
+
+dnl
+dnl Check for strange operating systems that you need to handle differently
+dnl
+
+AC_KRB_SYS_NEXTSTEP
+AC_KRB_SYS_AIX
+
+if test "$krb_cv_sys_aix" = yes ;then
+ AFS_EXTRA_OBJS='$(srcdir)/afsl.exp dlfcn.o'
+ AC_SUBST(AFS_EXTRA_OBJS)
+ AFS_EXTRA_LIBS=afslib.so
+ AC_SUBST(AFS_EXTRA_LIBS)
+fi
+
+#
+# AIX needs /lib/pse.exp for getmsg, but alas that file is broken in
+# AIX414
+#
+
+if test -f /lib/pse.exp ;then
+ LIBS="$LIBS -Wl,-bI:/lib/pse.exp"
+fi
+
+dnl
+dnl Various checks for headers and their contents
+dnl
+
+AC_HEADER_STDC
+
+AC_CHECK_HEADERS(arpa/ftp.h arpa/inet.h arpa/nameser.h)
+AC_CHECK_HEADERS(arpa/telnet.h bind/bitypes.h bsd/bsd.h bsdsetjmp.h)
+AC_CHECK_HEADERS(crypt.h dbm.h dirent.h err.h fcntl.h grp.h io.h)
+AC_CHECK_HEADERS(lastlog.h login.h maillock.h ndbm.h net/if.h)
+AC_CHECK_HEADERS(net/if_tun.h net/if_var.h netdb.h netinet/in.h)
+AC_CHECK_HEADERS(netinet/in6_machtypes.h netinet/in_systm.h)
+AC_CHECK_HEADERS(netinet/ip.h netinet/tcp.h paths.h pty.h pwd.h)
+AC_CHECK_HEADERS(resolv.h rpcsvc/dbm.h sac.h security/pam_modules.h)
+AC_CHECK_HEADERS(shadow.h siad.h signal.h stropts.h sys/bitypes.h)
+AC_CHECK_HEADERS(sys/category.h sys/cdefs.h sys/file.h sys/filio.h)
+AC_CHECK_HEADERS(sys/ioccom.h sys/ioctl.h sys/locking.h sys/mman.h)
+AC_CHECK_HEADERS(sys/param.h sys/proc.h sys/ptyio.h sys/ptyvar.h)
+AC_CHECK_HEADERS(sys/resource.h sys/select.h sys/socket.h)
+AC_CHECK_HEADERS(sys/sockio.h sys/stat.h sys/str_tty.h sys/stream.h)
+AC_CHECK_HEADERS(sys/stropts.h sys/strtty.h sys/syscall.h)
+AC_CHECK_HEADERS(sys/sysctl.h sys/termio.h sys/time.h sys/timeb.h)
+AC_CHECK_HEADERS(sys/times.h sys/tty.h sys/types.h sys/uio.h)
+AC_CHECK_HEADERS(sys/un.h sys/utsname.h sys/wait.h syslog.h)
+AC_CHECK_HEADERS(termio.h termios.h tmpdir.h ttyent.h udb.h ulimit.h)
+AC_CHECK_HEADERS(unistd.h userpw.h usersec.h util.h utime.h utmp.h)
+AC_CHECK_HEADERS(utmpx.h wait.h winsock.h)
+
+AC_HEADER_TIME
+AC_DECL_SYS_SIGLIST
+AC_SUBST(ac_cv_header_sys_cdefs_h)dnl
+AC_SUBST(ac_cv_header_err_h)dnl
+
+AC_GROK_TYPES(int8_t int16_t int32_t int64_t)
+AC_GROK_TYPES(u_int8_t u_int16_t u_int32_t u_int64_t)
+
+dnl
+dnl Various checks for libraries and their contents
+dnl
+
+dnl
+dnl System V is have misplaced the socket routines, should really be in libc
+dnl
+
+AC_FIND_FUNC(socket, socket,
+[#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif],
+[0,0,0])
+AC_FIND_FUNC(gethostbyname, nsl,
+[#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif],
+"foo")
+
+dnl
+dnl Horror AIX needs -lodm -lcfg to link login
+dnl
+
+AC_FIND_FUNC(odm_initialize, odm)
+AC_FIND_FUNC(getattr, cfg)
+AC_FIND_FUNC(setpcred, s)
+AC_FIND_FUNC(logwtmp, util)
+
+AC_FIND_FUNC(logout, util)
+AC_FIND_FUNC_NO_LIBS(tgetent, termcap)
+
+dnl
+dnl See if there is any X11 present
+dnl
+AC_PATH_XTRA
+if test "$no_x" = "yes" ; then
+ MAKE_X_PROGS_BIN=""
+ MAKE_X_PROGS_LIBEXEC=""
+else
+ MAKE_X_PROGS_BIN='$(X_PROGS_BIN)'
+ MAKE_X_PROGS_LIBEXEC='$(X_PROGS_LIBEXEC)'
+fi
+AC_SUBST(MAKE_X_PROGS_BIN)dnl
+AC_SUBST(MAKE_X_PROGS_LIBEXEC)dnl
+
+save_CFLAGS="$CFLAGS"
+CFLAGS="$X_CFLAGS $CFLAGS"
+save_LIBS="$LIBS"
+dnl LIBS="$X_LIBS $X_PRE_LIBS $X_EXTRA_LIBS $LIBS"
+LIBS="$X_PRE_LIBS $X_EXTRA_LIBS $LIBS"
+save_LDFLAGS="$LDFLAGS"
+LDFLAGS="$LDFLAGS $X_LIBS"
+
+AC_FIND_FUNC_NO_LIBS(XauReadAuth, Xau X11)
+ac_xxx="$LIBS"
+LIBS="$LIB_XauReadAuth $LIBS"
+AC_CHECK_FUNCS(XauWriteAuth)
+if test "$ac_cv_func_XauWriteAuth" != "yes"; then
+ XauWriteAuth_c=writeauth.c
+ XauWriteAuth_o=writeauth.o
+fi
+AC_SUBST(XauWriteAuth_c)dnl
+AC_SUBST(XauWriteAuth_o)dnl
+LIBS="$ac_xxx"
+
+CFLAGS=$save_CFLAGS
+LIBS=$save_LIBS
+LDFLAGS=$save_LDFLAGS
+
+dnl
+dnl Look for berkeley db, gdbm, and ndbm in that order.
+dnl
+
+save_LIBS="$LIBS"
+AC_FIND_FUNC_NO_LIBS(dbopen, $berkeley_db)
+LIBS="$LIB_dbopen $LIBS"
+AC_FIND_FUNC_NO_LIBS(dbm_firstkey, $berkeley_db gdbm ndbm)
+if test -n "$LIB_dbopen"; then
+ LIB_DBM="$LIB_dbopen"
+else
+ LIB_DBM="$LIB_dbm_firstkey"
+fi
+AC_SUBST(LIB_DBM)dnl
+LIBS="$save_LIBS"
+
+AC_FIND_FUNC(syslog, syslog)
+
+AC_CACHE_CHECK(for working snprintf,ac_cv_func_snprintf_working,
+ac_cv_func_snprintf_working=yes
+AC_TRY_RUN([
+#include <stdio.h>
+#include <string.h>
+int main()
+{
+changequote(`,')dnl
+ char foo[3];
+changequote([,])dnl
+ snprintf(foo, 2, "12");
+ return strcmp(foo, "1");
+}],:,ac_cv_func_snprintf_working=no,:))
+: << END
+@@@funcs="$funcs snprintf"@@@
+END
+if test "$ac_cv_func_snprintf_working" = yes; then
+ foo=HAVE_SNPRINTF
+ AC_DEFINE_UNQUOTED($foo)
+fi
+
+AC_CHECK_FUNCS(asnprintf asprintf vasprintf vasnprintf vsnprintf)
+
+
+AC_CHECK_FUNCS(_getpty _scrsize _setsid _stricmp fchmod fcntl flock)
+AC_CHECK_FUNCS(forkpty frevoke gethostname getlogin getpriority getservbyname)
+AC_CHECK_FUNCS(getspnam getspuid gettimeofday getuid grantpt)
+AC_CHECK_FUNCS(innetgr iruserok mktime ptsname rand random)
+AC_CHECK_FUNCS(revoke setitimer setlogin setpgid setpriority)
+AC_CHECK_FUNCS(setproctitle setregid setresgid setresuid setreuid setsid)
+AC_CHECK_FUNCS(setutent swab ttyname ttyslot ulimit uname)
+AC_CHECK_FUNCS(unlockpt vhangup yp_get_default_domain)
+AC_FIND_FUNC_NO_LIBS(getpwnam_r,c_r)
+if test "$ac_cv_func_getpwnam_r" = yes; then
+ AC_CACHE_CHECK(if getpwnam_r is posix,ac_cv_func_getpwnam_r_posix,
+ ac_libs="$LIBS"
+ LIBS="$LIBS $LIB_getpwnam_r"
+ AC_TRY_RUN([
+#include <pwd.h>
+int main()
+{
+ struct passwd pw, *pwd;
+ return getpwnam_r("", &pw, NULL, 0, &pwd) < 0;
+}
+],ac_cv_func_getpwnam_r_posix=yes,ac_cv_func_getpwnam_r_posix=no,:)
+LIBS="$ac_libs")
+if test "$ac_cv_func_getpwnam_r_posix" = yes; then
+ AC_DEFINE(POSIX_GETPWNAM_R)
+fi
+fi
+
+AC_FIND_FUNC_NO_LIBS(getsockopt, ,
+[#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif],
+[0,0,0,0,0])
+AC_FIND_FUNC_NO_LIBS(setsockopt, ,
+[#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif],
+[0,0,0,0,0])
+
+dnl Cray stuff
+AC_CHECK_FUNCS(getudbnam setlim)
+
+AC_FIND_FUNC(res_search, resolv,
+[
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+#include <resolv.h>
+#endif
+],
+[0,0,0,0,0])
+
+AC_FIND_FUNC(dn_expand, resolv,
+[
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+#include <resolv.h>
+#endif
+],
+[0,0,0,0,0])
+
+
+AC_FUNC_MMAP
+AC_FUNC_ALLOCA
+
+#
+# Test for POSIX (broken) getlogin
+#
+
+if test "$ac_cv_func_getlogin" = yes; then
+AC_CACHE_CHECK(if getlogin is posix, ac_cv_func_getlogin_posix, [
+if test "$ac_cv_func_getlogin" = yes -a "$ac_cv_func_setlogin" = yes; then
+ ac_cv_func_getlogin_posix=no
+else
+ ac_cv_func_getlogin_posix=yes
+fi
+])
+if test "$ac_cv_func_getlogin_posix" = yes; then
+ AC_DEFINE(POSIX_GETLOGIN, 1)
+fi
+fi
+
+AC_FIND_IF_NOT_BROKEN(hstrerror, resolv,
+[#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif],
+17)
+
+AC_BROKEN(chown daemon err errx fchown getcwd getdtablesize getopt)
+AC_BROKEN(getusershell inet_aton initgroups lstat memmove mkstemp)
+AC_BROKEN(putenv rcmd setegid setenv seteuid strcasecmp strdup)
+AC_BROKEN(strerror strftime strlwr strnlen strtok_r strupr unsetenv)
+AC_BROKEN(verr verrx vwarn vwarnx warn warnx)
+
+AC_KRB_FUNC_GETCWD_BROKEN
+
+dnl
+dnl Figure what authentication modules should be built
+dnl
+
+AC_MSG_CHECKING(which authentication modules should be built)
+
+LIB_AUTH_SUBDIRS=
+
+if test "$ac_cv_header_siad_h" = yes; then
+ LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS sia"
+fi
+
+if test "$ac_cv_header_security_pam_modules_h" = yes; then
+ LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS pam"
+fi
+
+case "${host}" in
+changequote(,)dnl
+*-*-irix[56]*) LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS afskauthlib" ;;
+changequote([,])dnl
+esac
+
+AC_MSG_RESULT($LIB_AUTH_SUBDIRS)
+
+AC_SUBST(LIB_AUTH_SUBDIRS)dnl
+
+dnl
+dnl Figure out if we have tunnels
+dnl
+
+AC_MSG_CHECKING(for tunnel devices)
+
+APPL_KIP_DIR=
+
+if test "$ac_cv_header_net_if_tun_h" = "yes"; then
+ APPL_KIP_DIR=kip
+fi
+
+AC_MSG_RESULT($ac_cv_header_net_if_tun_h)
+
+AC_SUBST(APPL_KIP_DIR)dnl
+
+dnl
+dnl Checks for prototypes and declarations
+dnl
+
+AC_NEED_PROTO([
+#ifdef HAVE_CRYPT_H
+#include <crypt.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+],
+crypt)
+
+AC_NEED_PROTO([
+#include <string.h>
+],
+strtok_r)
+
+AC_CHECK_VAR([#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif],
+h_errno)
+
+AC_CHECK_VAR([#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif],
+h_errlist)
+
+AC_CHECK_VAR([#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif],
+h_nerr)
+
+AC_CHECK_VAR([#ifdef HAVE_ERR_H
+#include <err.h>
+#endif],[__progname])
+
+AC_CHECK_DECLARATION([#include <stdlib.h>], optarg)
+AC_CHECK_DECLARATION([#include <stdlib.h>], optind)
+AC_CHECK_DECLARATION([#include <stdlib.h>], opterr)
+AC_CHECK_DECLARATION([#include <stdlib.h>], optopt)
+
+dnl
+dnl According to ANSI you are explicitly allowed to cast to void,
+dnl but the standard fails to say what should happen. Some compilers
+dnl think this is illegal:
+dnl
+dnl void foo(void)
+dnl {
+dnl return (void)0;
+dnl }
+dnl
+dnl Thus explicitly test for void
+dnl
+AC_TYPE_SIGNAL
+if test "$ac_cv_type_signal" = "void" ; then
+ AC_DEFINE(VOID_RETSIGTYPE, 1)
+fi
+
+dnl
+dnl Check for fields in struct utmp
+dnl
+AC_EGREP_HEADER(ut_user, utmp.h, AC_DEFINE(HAVE_UT_USER))
+AC_EGREP_HEADER(ut_host, utmp.h, AC_DEFINE(HAVE_UT_HOST))
+AC_EGREP_HEADER(ut_addr, utmp.h, AC_DEFINE(HAVE_UT_ADDR))
+AC_EGREP_HEADER(ut_type, utmp.h, AC_DEFINE(HAVE_UT_TYPE))
+AC_EGREP_HEADER(ut_pid, utmp.h, AC_DEFINE(HAVE_UT_PID))
+AC_EGREP_HEADER(ut_id, utmp.h, AC_DEFINE(HAVE_UT_ID))
+AC_EGREP_HEADER(ut_syslen, utmpx.h, AC_DEFINE(HAVE_UT_SYSLEN))
+
+AC_STRUCT_ST_BLKSIZE
+
+dnl
+dnl Check for struct winsize
+dnl
+
+AC_KRB_STRUCT_WINSIZE
+
+dnl
+dnl Check for some common types
+dnl
+
+AC_TYPE_PID_T
+AC_TYPE_UID_T
+AC_TYPE_OFF_T
+AC_TYPE_SIZE_T
+
+dnl
+dnl Check for sa_len in sys/socket.h
+dnl
+
+AC_MSG_CHECKING(for sa_len in struct sockaddr)
+AC_CACHE_VAL(krb_cv_struct_sockaddr_sa_len, [
+AC_TRY_COMPILE(
+[#include <sys/types.h>
+#include <sys/socket.h>],
+[struct sockaddr sa;
+int foo = sa.sa_len;],
+krb_cv_struct_sockaddr_sa_len=yes,
+krb_cv_struct_sockaddr_sa_len=no)
+])
+AC_MSG_RESULT($krb_cv_struct_sockaddr_sa_len)
+if test "$krb_cv_struct_sockaddr_sa_len" = yes; then
+ AC_DEFINE(SOCKADDR_HAS_SA_LEN)
+fi
+
+dnl
+dnl Check for ouid in sys/siad.h
+dnl
+
+if test "$ac_cv_header_siad_h" = yes; then
+AC_MSG_CHECKING(for ouid in struct siaentity)
+AC_CACHE_VAL(krb_cv_struct_siaentity_ouid, [
+AC_TRY_COMPILE(
+[#include <siad.h>
+],
+[SIAENTITY e;
+int foo = e.ouid;],
+krb_cv_struct_siaentity_ouid=yes,
+krb_cv_struct_siaentity_ouid=no)
+])
+AC_MSG_RESULT($krb_cv_struct_siaentity_ouid)
+if test "$krb_cv_struct_siaentity_ouid" = yes; then
+ AC_DEFINE(SIAENTITY_HAS_OUID)
+fi
+fi
+
+dnl
+dnl you can link with getmsg on AIX 3.2 but you cannot run the program
+dnl
+
+AC_CACHE_CHECK(for working getmsg, ac_cv_func_getmsg,
+AC_TRY_RUN(
+[
+#include <stdio.h>
+
+int main()
+{
+ getmsg(open("/dev/null", 0), NULL, NULL, NULL);
+ return 0;
+}
+], ac_cv_func_getmsg=yes, ac_cv_func_getmsg=no, ac_cv_func_getmsg=no))
+test "$ac_cv_func_getmsg" = "yes" &&
+AC_DEFINE(HAVE_GETMSG)
+
+dnl
+dnl Test if we are using berkeley db
+dnl
+
+save_LIBS="$LIBS"
+LIBS="$LIB_DBM $LIBS"
+AC_CACHE_CHECK(for berkeley db, krb_cv_lib_berkeleydb,
+AC_TRY_RUN(
+[
+#include <unistd.h>
+#include <fcntl.h>
+#include <ndbm.h>
+int main()
+{
+ DBM *d;
+
+ d = dbm_open("conftest", O_RDWR | O_CREAT, 0666);
+ if(d == NULL)
+ return 1;
+ dbm_close(d);
+ return access("conftest.db", F_OK) != 0;
+}], krb_cv_lib_berkeleydb=yes, krb_cv_lib_berkeleydb=no,
+krb_cv_lib_berkeleydb=no))
+test "$krb_cv_lib_berkeleydb" = "yes" &&
+AC_DEFINE(HAVE_NEW_DB)
+LIBS="$save_LIBS"
+
+dnl
+dnl Tests for editline
+dnl
+
+AC_FIND_FUNC_NO_LIBS(el_init, edit)
+AC_FIND_FUNC_NO_LIBS(readline, readline)
+
+if test "$with_readline"; then
+ AC_DEFINE(HAVE_READLINE, 1)
+ editline_OBJS=
+ LIB_readline="$READLINELIB "'$(LIB_tgetent)'
+ INCLUDE_readline="$READLINEINCLUDE"
+elif test "$ac_cv_func_el_init" = yes; then
+ AC_DEFINE(HAVE_READLINE, 1)
+
+ editline_OBJS=edit_compat.o
+ LIB_readline='-L$(topdir)/lib/editline -leditline '"$LIB_el_init"' $(LIB_tgetent)'
+
+ INCLUDE_readline='-I$(topdir)/lib/editline -I$(top_srcdir)/lib/editline'
+elif test "$ac_cv_func_readline" = yes; then
+ AC_DEFINE(HAVE_READLINE, 1)
+ editline_OBJS=
+ LIB_readline='-lreadline $(LIB_tgetent)'
+ INCLUDE_readline=
+else
+ AC_DEFINE(HAVE_READLINE, 1)
+ editline_OBJS="editline.o complete.o sysunix.o"
+ LIB_readline='-L$(topdir)/lib/editline -leditline $(LIB_tgetent)'
+ INCLUDE_readline='-I$(topdir)/lib/editline -I$(top_srcdir)/lib/editline'
+fi
+AC_SUBST(LIB_readline)
+AC_SUBST(INCLUDE_readline)
+AC_SUBST(editline_OBJS)
+
+dnl telnet muck --------------------------------------------------
+
+AC_DEFINE(AUTHENTICATION)dnl
+AC_DEFINE(KRB4)dnl
+AC_DEFINE(ENCRYPTION)dnl
+AC_DEFINE(DES_ENCRYPTION)dnl
+AC_DEFINE(DIAGNOSTICS)dnl
+AC_DEFINE(OLD_ENVIRON)dnl
+
+# Simple test for streamspty, based on the existance of getmsg(), alas
+# this breaks on SunOS4 which have streams but BSD-like ptys
+#
+# And also something wierd has happend with dec-osf1, fallback to bsd-ptys
+
+AC_MSG_CHECKING(for streamspty)
+case "`uname -sr`" in
+SunOS\ 4*|OSF1*|IRIX\ 4*|HP-UX\ ?.10.*)
+ krb_cv_sys_streamspty=no
+ ;;
+AIX*)
+ os_rel=`uname -v`.`uname -r`
+ if expr "$os_rel" : "3*" >/dev/null 2>&1; then
+ krb_cv_sys_streamspty=no
+ else
+ krb_cv_sys_streamspty="$ac_cv_func_getmsg"
+ fi
+ ;;
+*)
+ krb_cv_sys_streamspty="$ac_cv_func_getmsg"
+ ;;
+esac
+if test "$krb_cv_sys_streamspty" = yes; then
+ AC_DEFINE(STREAMSPTY)
+fi
+dnl AC_SUBST(STREAMSPTY)
+AC_MSG_RESULT($krb_cv_sys_streamspty)
+
+AC_MSG_CHECKING([if /bin/ls takes -A])
+if /bin/ls -A > /dev/null 2>&1 ;then
+ AC_DEFINE(HAVE_LS_A)
+ krb_ls_a=yes
+else
+ krb_ls_a=no
+fi
+AC_MSG_RESULT($krb_ls_a)
+
+dnl ------------------------------------------------------------
+AC_CACHE_CHECK(for suffix of preformatted manual pages, krb_cv_sys_cat_suffix,
+if grep _version /etc/man.conf > /dev/null 2>&1; then
+ krb_cv_sys_cat_suffix=0
+else
+ krb_cv_sys_cat_suffix=number
+fi)
+if test "$krb_cv_sys_cat_suffix" = number; then
+ CATSUFFIX='$$s'
+else
+ CATSUFFIX=0
+fi
+AC_SUBST(CATSUFFIX)
+
+dnl ------------------------------------------------------------
+
+KRB_KAFS_LIB='-L$(topdir)/lib/kafs -lkafs'
+if test "$krb_cv_sys_aix" = yes; then
+ KRB_KAFS_LIB="$KRB_KAFS_LIB -lld"
+fi
+AC_SUBST(KRB_KAFS_LIB)dnl
+
+dnl ------------------------------------------------------------
+
+
+dnl This is done by AC_OUTPUT but we need the result here.
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+for i in bin lib libexec sbin; do
+ i=${i}dir
+ foo=`echo $i | tr 'xindiscernible' 'XINDISCERNIBLE'`
+ x="\$${i}"
+ eval y="$x"
+ while test "x$y" != "x$x"; do
+ x="$y"
+ eval y="$x"
+ done
+ AC_DEFINE_UNQUOTED($foo,"$x")
+done
+
+dnl
+dnl We are all set to emit the Makefiles and config.h
+dnl
+AC_OUTPUT( \
+Makefile \
+include/Makefile \
+include/sys/Makefile \
+ \
+util/Makefile \
+util/et/Makefile \
+ \
+man/Makefile \
+ \
+lib/Makefile \
+lib/des/Makefile \
+lib/krb/Makefile \
+lib/kdb/Makefile \
+lib/kadm/Makefile \
+lib/acl/Makefile \
+lib/kafs/Makefile \
+lib/roken/Makefile \
+lib/otp/Makefile \
+lib/sl/Makefile \
+lib/editline/Makefile \
+lib/auth/Makefile \
+lib/auth/pam/Makefile \
+lib/auth/sia/Makefile \
+lib/auth/afskauthlib/Makefile \
+ \
+kuser/Makefile \
+server/Makefile \
+slave/Makefile \
+admin/Makefile \
+kadmin/Makefile \
+ \
+appl/Makefile \
+ \
+appl/afsutil/Makefile \
+appl/ftp/Makefile \
+appl/ftp/common/Makefile \
+appl/ftp/ftp/Makefile \
+appl/ftp/ftpd/Makefile \
+appl/telnet/Makefile \
+appl/telnet/libtelnet/Makefile \
+appl/telnet/telnet/Makefile \
+appl/telnet/telnetd/Makefile \
+appl/bsd/Makefile \
+appl/kauth/Makefile \
+appl/kpopper/Makefile \
+appl/movemail/Makefile \
+appl/sample/Makefile \
+appl/xnlock/Makefile \
+appl/kx/Makefile \
+appl/kip/Makefile \
+appl/otp/Makefile \
+doc/Makefile \
+) dnl end of AC_OUTPUT
+
+dnl
+dnl This is the release version name-number[beta]
+dnl Update before making a new release
+dnl
+KRB4VERSION="$PACKAGE-$VERSION"
+
+cat > include/newversion.h.in <<EOF
+char *krb4_long_version = "@(#)\$Version: $KRB4VERSION by @USER@ on @HOST@ ($host) @DATE@ \$";
+char *krb4_version = "$KRB4VERSION";
+EOF
+
+if test -f include/version.h && cmp -s include/newversion.h.in include/version.h.in; then
+ echo "include/version.h is unchanged"
+ rm -f include/newversion.h.in
+else
+ echo "creating include/version.h"
+ User=${USER-${LOGNAME}}
+ Host=`(hostname || uname -n) 2>/dev/null | sed 1q`
+ Date=`date`
+ mv -f include/newversion.h.in include/version.h.in
+ sed -e "s/@USER@/$User/" -e "s/@HOST@/$Host/" -e "s/@DATE@/$Date/" include/version.h.in > include/version.h
+fi
diff --git a/crypto/kerberosIV/doc/Makefile.in b/crypto/kerberosIV/doc/Makefile.in
new file mode 100644
index 0000000..5071e8e
--- /dev/null
+++ b/crypto/kerberosIV/doc/Makefile.in
@@ -0,0 +1,65 @@
+# $Id: Makefile.in,v 1.10 1997/05/06 03:05:55 joda Exp $
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+INSTALL = @INSTALL@
+INSTALL_DATA = $(INSTALL)
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+MAKEINFO = @MAKEINFO@
+TEXI2DVI = texi2dvi
+TEXI2HTML = texi2html
+
+prefix = @prefix@
+infodir = @infodir@
+
+all: info
+
+install: all installdirs
+ if test -f kth-krb.info; then \
+ $(INSTALL_DATA) kth-krb.info $(infodir)/kth-krb.info; \
+ else \
+ $(INSTALL_DATA) $(srcdir)/kth-krb.info $(infodir)/kth-krb.info; \
+ fi
+ if $(SHELL) -c 'install-info --version' >/dev/null 2>&1; then \
+ install-info --dir-file=$(infodir)/dir $(infodir)/kth-krb.info; \
+ else \
+ true; \
+ fi
+
+uninstall:
+ rm -f $(infodir)/kth-krb.info
+
+installdirs:
+ $(MKINSTALLDIRS) $(infodir)
+
+info: kth-krb.info
+
+kth-krb.info: kth-krb.texi
+ $(MAKEINFO) -I$(srcdir) -o $@ $(srcdir)/kth-krb.texi
+
+dvi: kth-krb.dvi
+
+kth-krb.dvi: kth-krb.texi
+ $(TEXI2DVI) $(srcdir)/kth-krb.texi
+
+html: kth-krb.html
+
+kth-krb.html: kth-krb.texi
+ $(TEXI2HTML) $(srcdir)/kth-krb.texi
+
+clean:
+ rm -f *.aux *.cp *.cps *.dvi *.fn *.ky *.log *.pg *.toc *.tp *.vr
+
+distclean: clean
+
+mostlyclean: clean
+
+maintainer-clean: clean
+ rm -f kth-krb.info
+
+check:
+
+.PHONY: install all installdirs uninstall info dvi html clean check distclean mostlyclean maintainer-clean
diff --git a/crypto/kerberosIV/doc/ack.texi b/crypto/kerberosIV/doc/ack.texi
new file mode 100644
index 0000000..388f644
--- /dev/null
+++ b/crypto/kerberosIV/doc/ack.texi
@@ -0,0 +1,80 @@
+@node Acknowledgments, Index, Resolving frequent problems, Top
+@comment node-name, next, previous, up
+@appendix Acknowledgments
+
+People from the MIT Athena project wrote the original code that this is
+based on. @w{Kerberos 4} @w{patch-level 9} was stripped of both the
+encryption functions and the calls to them. This was exported from the
+US as the ``Bones'' release. Eric Young put back the calls and hooked
+in his libdes, thereby creating the ``eBones'' release.
+@cindex Bones
+@cindex eBones
+
+The ``rcmd'' programs where initially developed at the University of
+California at Berkeley and then hacked on by the FreeBSD and NetBSD
+projects.
+
+Berkeley also wrote @code{ftp}, @code{ftpd}, @code{telnet}, and
+@code{telnetd}. The authentication and encryption code of @code{telnet}
+and @code{telnetd} was added by David Borman (then of Cray Research,
+Inc). The encryption code was removed when this was exported and then
+added back by Juha Eskelinen, @code{<esc@@magic.fi>}.
+
+The @code{popper} was also a Berkeley program initially.
+
+The @code{login} has the same origins but has received code written by
+Wietse Venema at Eindhoven University of Technology, The Netherlands.
+
+@code{movemail} was (at least partially) written by Jonathan Kamens,
+@code{<jik@@security.ov.com>}, and is Copyright @copyright{} 1986, 1991,
+1992, 1993, 1994 Free Software Foundation, Inc.
+
+@code{xnlock} was originally written by Dan Heller in 1985 for sunview.
+The X version was written by him in 1990.
+
+Some of the functions in @file{libroken} also come from Berkeley by the
+way of NetBSD/FreeBSD.
+
+The code to handle the dynamic loading of the AFS module for AIX is
+copyright @copyright{} 1992 HELIOS Software GmbH 30159 Hannover,
+Germany.
+
+@code{editline} was written by Simmule Turner and Rich Salz.
+
+Bugfixes and code has been contributed by:
+@table @asis
+@item Derrick J Brashear
+@code{<shadow@@dementia.org>}
+@item Anders Gertz
+@code{<gertz@@lysator.liu.se>}
+@item Dejan Ilic
+@code{<svedja@@lysator.liu.se>}
+@item Kent Engström
+@code{<kent@@lysator.liu.se>}
+@item Simon Josefsson
+@code{<jas@@pdc.kth.se>}
+@item Robert Malmgren
+@code{<rom@@incolumitas.se>}
+@item Fredrik Ljungberg
+@code{<flag@@it.kth.se>}
+@item Lars Malinowsky
+@code{<lama@@pdc.kth.se>}
+@item Fabien Coelho
+@code{<coelho@@cri.ensmp.fr>}
+@item and we hope that those not mentioned here will forgive us.
+@end table
+
+Ian Marsh @code{<ianm@@sics.se>} removed the worst abuses of the English
+language from this text.
+
+Ilja Hallberg @code{<iha@@incolumitas.se>} is still promising to help us
+finish the documentation.
+
+This work was supported in part by SUNET and the Centre for Parallel
+Computers at KTH.
+
+The port to Windows 95/NT was supported by the Computer Council at KTH
+and done by Jörgen Karlsson @code{<d93-jka@@nada.kth.se>}.
+
+All the bugs were introduced by ourselves.
+
diff --git a/crypto/kerberosIV/doc/index.texi b/crypto/kerberosIV/doc/index.texi
new file mode 100644
index 0000000..ebe5d91
--- /dev/null
+++ b/crypto/kerberosIV/doc/index.texi
@@ -0,0 +1,6 @@
+@node Index, , Acknowledgments, Top
+@comment node-name, next, previous, up
+@unnumbered Index
+
+@printindex cp
+
diff --git a/crypto/kerberosIV/doc/install.texi b/crypto/kerberosIV/doc/install.texi
new file mode 100644
index 0000000..240c04e
--- /dev/null
+++ b/crypto/kerberosIV/doc/install.texi
@@ -0,0 +1,368 @@
+@node Installing programs, How to set up a realm, What is Kerberos?, Top
+@chapter Installing programs
+
+You have a choise to either build the distribution from source code or
+to install binaries, if they are available for your machine.
+
+@c XXX
+
+We recommend building from sources, but using pre-compiled binaries
+might be easier. If there are no binaries available for your machine or
+you want to do some specific configuration, you will have to compile
+from source.
+
+@menu
+* Installing from source::
+* Installing a binary distribution::
+* Finishing the installation::
+* Authentication modules::
+@end menu
+
+@node Installing from source, Installing a binary distribution, Installing programs, Installing programs
+@comment node-name, next, previous, up
+@section Installing from source
+
+To build this software un-tar the distribution and run the
+@code{configure} script.
+
+To compile successfully, you will need an ANSI C compiler, such as
+@code{gcc}. Other compilers might also work, but setting the ``ANSI
+compliance'' too high, might break in parts of the code, not to mention
+the standard include files.
+
+To build in a separate build tree, run @code{configure} in the directory
+where the tree should reside. You will need a Make that understands
+VPATH correctly. GNU Make works fine.
+
+After building everything (which will take anywhere from a few minutes
+to a long time), you can install everything in @file{/usr/athena} with
+@kbd{make install} (running as root). It is possible to install in some
+other place, but it isn't recommended. To do this you will have to run
+@code{configure} with @samp{--prefix=/my/path}.
+
+If you need to change the default behavior, configure understands the
+following options:
+
+@table @asis
+@item @kbd{--with-shared}
+Create shared versions of the Kerberos libraries. Not really
+recommended and might not work on all systems.
+
+@item @kbd{--with-cracklib=}@var{dir}
+Use cracklib for password quality control in
+@pindex kadmind
+@code{kadmind}. This option requires
+@cindex cracklib
+cracklib with the patch from
+@code{ftp://ftp.pdc.kth.se/pub/krb/src/cracklib.patch}.
+
+@item @kbd{--with-dictpath=}@var{dictpath}
+This is the dictionary that cracklib should use.
+
+@item @kbd{--with-socks=}@var{dir}
+@cindex firewall
+@cindex socks
+If you have to traverse a firewall and it uses the SocksV5 protocol
+(@cite{RFC 1928}), you can build with socks-support. Point @var{dir} to
+the directory where you have socks5 installed. For more information
+about socks see @kbd{http://www.socks.nec.com/}.
+
+@item @kbd{--with-readline=}@var{dir}
+@cindex readline
+To enable history/line editing in @code{ftp} and @code{kadmin}, any
+present version of readline will be used. If you have readline
+installed but in a place where configure does not managed to find it,
+you can use this option. The code also looks for @code{libedit}. If
+there is no library at all, the bundled version of @code{editline} will
+be used.
+
+@item @kbd{--with-mailspool=}@var{dir}
+The configuration process tries to determine where your machine stores
+its incoming mail. This is typically @file{/usr/spool/mail} or
+@file{/var/mail}. If it does not work or you store your mail in some
+unusual directory, this option can be used to specify where the mail
+spool directory is located. This directory is only accessed by
+@pindex popper
+@code{popper}, and the mail check in
+@pindex login
+@code{login}.
+
+@c @item @kbd{--enable-random-mkey}
+@c Do not use this option unless you think you know what you are doing.
+
+@item @kbd{--with-mkey=}@var{file}
+Put the master key here, the default is @file{/.k}.
+
+@item @kbd{--without-berkeley-db}
+If you have
+@cindex Berkeley DB
+Berkeley DB installed, it is preferred over
+@c XXX
+dbm. If you already are running Kerberos this option might be useful,
+since there currently isn't an easy way to convert a dbm database to a
+db one (you have to dump the old database and then load it with the new
+binaries).
+@end table
+
+@node Installing a binary distribution, Finishing the installation, Installing from source, Installing programs
+@comment node-name, next, previous, up
+@section Installing a binary distribution
+
+The binary distribution is supposed to be installed in
+@file{/usr/athena}, installing in some other place may work but is not
+recommended. A symlink from @file{/usr/athena} to the install directory
+should be fine.
+
+@node Finishing the installation, Authentication modules, Installing a binary distribution, Installing programs
+@section Finishing the installation
+
+@pindex su
+The only program that needs to be installed setuid to root is @code{su}.
+
+If
+@pindex rlogin
+@pindex rsh
+@code{rlogin} and @code{rsh} are setuid to root they will fall back to
+non-kerberised protocols if the kerberised ones fail for some
+reason. The old protocols use reserved ports as security, and therefore
+the programs have to be setuid to root. If you don't need this
+functionality consider turning off the setuid bit.
+
+@pindex login
+@code{login} does not have to be setuid, as it is always run by root
+(users should use @code{su} rather than @code{login}). It will print a
+helpful message when not setuid to root and run by a user.
+
+The programs intended to be run by users are located in
+@file{/usr/athena/bin}. Inform your users to include
+@file{/usr/athena/bin} in their paths, or copy or symlink the binaries
+to some good place. The programs that you will want to use are:
+@code{kauth}/@code{kinit},
+@pindex kauth
+@pindex kinit
+@code{klist}, @code{kdestroy}, @code{kpasswd}, @code{ftp},
+@pindex klist
+@pindex kdestroy
+@pindex kpasswd
+@pindex ftp
+@code{telnet}, @code{rcp}, @code{rsh}, @code{rlogin}, @code{su},
+@pindex telnet
+@pindex rcp
+@pindex rsh
+@pindex rlogin
+@pindex su
+@pindex xnlock
+@pindex afslog
+@pindex pagsh
+@pindex rxtelnet
+@pindex tenletxr
+@pindex rxterm
+@code{rxtelnet}, @code{tenletxr}, @code{rxterm}, and
+@code{xnlock}. If you are using AFS, @code{afslog} and @code{pagsh}
+might also be useful. Administrators will want to use @code{kadmin} and
+@code{ksrvutil}, which are located in @file{/usr/athena/sbin}.
+@pindex kadmin
+@pindex ksrvutil
+
+@code{telnetd} and @code{rlogind} assume that @code{login} is located in
+@file{/usr/athena/bin} (or whatever path you used as
+@samp{--prefix}). If for some reason you want to move @code{login}, you
+will have to specify the new location with the @samp{-L} switch when
+configuring
+@pindex telnetd
+telnetd
+and
+@pindex rlogind
+rlogind
+in @file{inetd.conf}.
+
+It should be possible to replace the system's default @code{login} with
+the kerberised @code{login}. However some systems assume that login
+performs some serious amount of magic that our login might not do (although
+we've tried to do our best). So before replacing it on every machine,
+try and see what happens. Another thing to try is to use one of the
+authentication modules (@xref{Authentication modules}) supplied.
+
+The @code{login} program that we use was in an earlier life the standard
+login program from NetBSD. In order to use it with a lot of weird
+systems, it has been ``enhanced'' with features from many other logins
+(Solaris, SunOS, IRIX, AIX, and others). Some of these features are
+actually useful and you might want to use them even on other systems.
+
+@table @file
+@item /etc/fbtab
+@pindex fbtab
+@itemx /etc/logindevperm
+@pindex logindevperm
+Allows you to chown some devices when a user logs in on a certain
+terminal. Commonly used to change the ownership of @file{/dev/mouse},
+@file{/dev/kbd}, and other devices when someone logs in on
+@file{/dev/console}.
+
+@file{/etc/fbtab} is the SunOS file name and it is tried first. If
+there is no such file then the Solaris file name
+@file{/etc/logindevperm} is tried.
+@item /etc/environment
+@pindex environment
+This file specifies what environment variables should be set when a user
+logs in. (AIX-style)
+@item /etc/default/login
+@pindex default/login
+Almost the same as @file{/etc/environment}, but the System V style.
+@item /etc/login.access
+@pindex login.access
+Can be used to control who is allowed to login from where and on what
+ttys. (From Wietse Venema)
+@end table
+
+@menu
+* Authentication modules::
+@end menu
+
+@node Authentication modules, , Finishing the installation, Installing programs
+@comment node-name, next, previous, up
+@section Authentication modules
+The problem of having different authentication mechanisms has been
+recognised by several vendors, and several solutions has appeared. In
+most cases these solutions involve some kind of shared modules that are
+loaded at run-time. Modules for some of these systems can be found in
+@file{lib/auth}. Presently there are modules for Digital's SIA, Linux'
+PAM (might also work on Solaris, when PAM gets supported), and IRIX'
+@code{login} and @code{xdm} (in @file{lib/auth/afskauthlib}).
+
+@menu
+* Digital SIA::
+* IRIX::
+* PAM::
+@end menu
+
+@node Digital SIA, IRIX, Authentication modules, Authentication modules
+@subsection Digital SIA
+
+To install the SIA module you will have to do the following:
+
+@itemize @bullet
+
+@item
+Make sure @file{libsia_krb4.so} is available in
+@file{/usr/athena/lib}. If @file{/usr/athena} is not on local disk, you
+might want to put it in @file{/usr/shlib} or someplace else. If you do,
+you'll have to edit @file{krb4_matrix.conf} to reflect the new location
+(you will also have to do this if you installed in some other directory
+than @file{/usr/athena}).
+@item
+Copy (your possibly edited) @file{krb4_matrix.conf} to @file{/etc/sia}.
+@item
+Apply @file{security.patch} to @file{/sbin/init.d/security}.
+@item
+Turn on KRB4 security by issuing @kbd{rcmgr set SECURITY KRB4} and
+@kbd{rcmgr set KRB4_MATRIX_CONF krb4_matrix.conf}.
+@item
+Digital thinks you should reboot your machine, but that really shouldn't
+be necessary. It's usually sufficient just to run
+@kbd{/sbin/init.d/security start}.
+@end itemize
+
+Users with local passwords (like @samp{root}) should be able to login
+safely.
+
+When using Digital's xdm the @samp{KRBTKFILE} environment variable isn't
+passed along as it should (since xdm zaps the environment). Instead you
+have to set @samp{KRBTKFILE} to the correct value in
+@file{/usr/lib/X11/xdm/Xsession}. Add a line similar to
+@example
+KRBTKFILE=/tmp/tkt`id -u`_`ps -o ppid= -p $$`; export KRBTKFILE
+@end example
+
+There is currently no support for changing passwords. Use @file{kpasswd}
+instead.
+
+@subsubheading Notes to users with Enhanced security
+
+Digital's @samp{ENHANCED} (C2) security, and Kerberos solves two
+different problems. C2 deals with local security, adds better control of
+who can do what, auditing, and similar things. Kerberos deals with
+network security.
+
+To make C2 security work with Kerberos you will have to do the
+following.
+
+@itemize @bullet
+@item
+Replace all occurencies of @file{krb4_matrix.conf} with
+@file{krb4+c2_matrix.conf} in the directions above.
+@item
+You must enable ``vouching'' in the @samp{default} database. This will
+make the OSFC2 module trust other SIA modules, so you can login without
+giving your C2 password. To do this use @samp{edauth} to edit the
+default entry @kbd{/usr/tcb/bin/edauth -dd default}, and add a
+@samp{d_accept_alternate_vouching} capability, if not already present.
+@item
+For each user that does @emph{not} have a local C2 password, you should
+set the password expiration field to zero. You can do this for each
+user, or in the @samp{default} table. To to this use @samp{edauth} to
+set (or change) the @samp{u_exp} capability to @samp{u_exp#0}.
+@item
+You should make sure that you use Digital's login rather than the one
+distributed by us. The easiest way to do this is to replace
+@file{/usr/athena/bin/login} with @file{/bin/login}.
+@end itemize
+
+At present @samp{su} does not accept the vouching flag, so it will not
+work as expected.
+
+Also, kerberised ftp will not work with C2 passwords. You can solve this
+by using both Digital's ftpd and our on different ports.
+
+@strong{Remember}, if you do these changes you will get a system that
+most certainly does @emph{not} fulfill the requirements of a C2
+system. If C2 is what you want, for instance if someone else is forcing
+you to use it, you're out of luck. If you use enhanced security because
+you want a system that is more secure than it would otherwise be, you
+probably got an even more secure system. Passwords will not be sent in
+the clear, for instance.
+
+@node IRIX, PAM, Digital SIA, Authentication modules
+@subsection IRIX
+
+The IRIX support is a module that is compatible with Transarc's
+@file{afskauthlib.so}. It should work with all programs that use this
+library, this should include @file{login} and @file{xdm}.
+
+The interface is not very documented but it seems that you have to copy
+@file{libkafs.so}, @file{libkrb.so}, and @file{libdes.so} to
+@file{/usr/lib}, or build your @file{afskauthlib.so} statically.
+
+The @file{afskauthlib.so} itself is able to reside in
+@file{/usr/vice/etc}, @file{/usr/afsws/lib}, or the current directory
+(wherever that is).
+
+Appart from this it should ``just work'', there are no configuration
+files.
+
+@node PAM, , IRIX, Authentication modules
+@subsection PAM
+
+The PAM module was written more out of curiosity that anything else. It
+has not been updated for quite a while, since none of us are using
+Linux, and Solaris does not support PAM yet. We've had positive reports
+from at least one person using the module, though.
+
+To use this module you should:
+
+@itemize @bullet
+@item
+Make sure @file{pam_krb4.so} is available in @file{/usr/athena/lib}. You
+might actually want it on local disk, so @file{/lib/security} might be a
+better place if @file{/usr/athena} is not local.
+@item
+Look at @file{pam.conf.add} for examples of what to add to
+@file{/etc/pam.conf}.
+@end itemize
+
+There is currently no support for changing kerberos passwords. Use
+kpasswd instead.
+
+See also Derrick J Brashear's @code{<shadow@@dementia.org>} Kerberos PAM
+module at @kbd{ftp://ftp.dementia.org/pub/pam}. It has a lot more
+features, and it is also more in line with other PAM modules.
diff --git a/crypto/kerberosIV/doc/intro.texi b/crypto/kerberosIV/doc/intro.texi
new file mode 100644
index 0000000..830ca1a
--- /dev/null
+++ b/crypto/kerberosIV/doc/intro.texi
@@ -0,0 +1,69 @@
+@node Introduction, What is Kerberos?, Top, Top
+@comment node-name, next, previous, up
+@chapter Introduction
+
+This is an attempt at documenting the Kerberos 4 distribution from
+Kungliga Tekniska Högskolan (the Royal Institute of Technology in
+Stockholm, Sweden). This distribution is based on eBones, but has been
+improved in many ways. It is more portable, and several new features
+have been added. It currently runs on the following systems:
+
+@itemize @bullet
+@item
+AIX 4.1, 4.2
+@item
+BSD/OS 2.0, 2.1
+@item
+Digital UNIX 3.2, 4.0
+@item
+HP-UX 9, 10
+@item
+IRIX 4.0, 5.2, 5.3, 6.1, 6.2, 6.3, 6.4
+@item
+Linux 1.3, 2.0
+@item
+NetBSD 1.2
+@item
+FreeBSD 2.2
+@item
+SunOS 4.1
+@item
+SunOS 5.4/5.5 (aka Solaris 2.4/2.5)
+@item
+Ultrix 4.4
+@item
+Cray UNICOS 9.
+@item
+Fujitsu UXP/V 4.1.
+@end itemize
+
+Some part compile and work on:
+
+@itemize @bullet
+@item
+OS/2 with EMX
+@item
+Windows 95/NT with gnu-win32 (with the proper amount of magic the
+libraries should compile with Microsoft C as well)
+@end itemize
+
+It should work on anything that is almost POSIX, has an ANSI C
+compiler, a dbm library (for the server side), and BSD Sockets.
+
+A web-page is available at @kbd{http://www.pdc.kth.se/kth-krb/}.
+
+@heading Bug reports
+
+If you cannot build the programs or they do not behave as you think they
+should, please send us a bug report. The bug report should be sent to
+@code{<kth-krb-bugs@@nada.kth.se>}. Please include information on what
+machine and operating system (including version) you are running, what
+you are trying to do, what happens, what you think should have happened,
+an example for us to repeat, the output you get when trying the example,
+and a patch for the problem if you have one. Please make any patches
+with @code{diff -u} or @code{diff -c}. The more detailed the bug report
+is, the easier it will be for us to reproduce, understand, and fix it.
+
+Suggestions, comments and other non bug reports are welcome. Send them
+to @code{<kth-krb@@nada.kth.se>}.
+
diff --git a/crypto/kerberosIV/doc/kth-krb.texi b/crypto/kerberosIV/doc/kth-krb.texi
new file mode 100644
index 0000000..8b26349
--- /dev/null
+++ b/crypto/kerberosIV/doc/kth-krb.texi
@@ -0,0 +1,300 @@
+\input texinfo @c -*- texinfo -*-
+@c %**start of header
+@c $Id: kth-krb.texi,v 1.71 1997/05/25 21:31:00 assar Exp $
+@setfilename kth-krb.info
+@settitle KTH-KRB
+@iftex
+@afourpaper
+@end iftex
+@c some sensible characters, please?
+@tex
+\input latin1.tex
+@end tex
+@setchapternewpage on
+@syncodeindex pg cp
+@c %**end of header
+
+@dircategory Kerberos
+@direntry
+* Kth-krb: (kth-krb). The Kerberos IV distribution from KTH
+@end direntry
+
+@c title page
+@titlepage
+@title KTH-KRB
+@subtitle Kerberos 4 from KTH
+@subtitle Edition -1.0, for version 0.9.5
+@subtitle 1997
+@author Johan Danielsson
+@author Assar Westerlund
+@author last updated $Date: 1997/05/25 21:31:00 $
+
+@def@copynext{@vskip 20pt plus 1fil@penalty-1000}
+@def@copyrightstart{}
+@def@copyrightend{}
+@page
+@copyrightstart
+Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+(Royal Institute of Technology, Stockholm, Sweden).
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+3. All advertising materials mentioning features or use of this software
+ must display the following acknowledgement:
+ This product includes software developed by the Kungliga Tekniska
+ Högskolan and its contributors.
+
+4. Neither the name of the Institute nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+@copynext
+
+Copyright (C) 1995 Eric Young (eay@@mincom.oz.au)
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the copyright
+ notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+3. All advertising materials mentioning features or use of this software
+ must display the following acknowledgement:
+ This product includes software developed by Eric Young (eay@@mincom.oz.au)
+
+THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+@copynext
+
+Copyright (c) 1983, 1990 The Regents of the University of California.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+3. All advertising materials mentioning features or use of this software
+ must display the following acknowledgement:
+ This product includes software developed by the University of
+ California, Berkeley and its contributors.
+
+4. Neither the name of the University nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+@copynext
+
+Copyright (C) 1990 by the Massachusetts Institute of Technology
+
+Export of this software from the United States of America is assumed
+to require a specific license from the United States Government.
+It is the responsibility of any person or organization contemplating
+export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+@copynext
+
+Copyright 1987, 1989 by the Student Information Processing Board
+ of the Massachusetts Institute of Technology
+
+Permission to use, copy, modify, and distribute this software
+and its documentation for any purpose and without fee is
+hereby granted, provided that the above copyright notice
+appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation,
+and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
+used in advertising or publicity pertaining to distribution
+of the software without specific, written prior permission.
+M.I.T. and the M.I.T. S.I.P.B. make no representations about
+the suitability of this software for any purpose. It is
+provided "as is" without express or implied warranty.
+
+@copynext
+
+Copyright 1992 Simmule Turner and Rich Salz. All rights reserved.
+
+This software is not subject to any license of the American Telephone
+and Telegraph Company or of the Regents of the University of California.
+
+Permission is granted to anyone to use this software for any purpose on
+any computer system, and to alter it and redistribute it freely, subject
+to the following restrictions:
+
+1. The authors are not responsible for the consequences of use of this
+ software, no matter how awful, even if they arise from flaws in it.
+
+2. The origin of this software must not be misrepresented, either by
+ explicit claim or by omission. Since few users ever read sources,
+ credits must appear in the documentation.
+
+3. Altered versions must be plainly marked as such, and must not be
+ misrepresented as being the original software. Since few users
+ ever read sources, credits must appear in the documentation.
+
+4. This notice may not be removed or altered.
+
+@copyrightend
+@end titlepage
+
+@c Less filling! Tastes great!
+@iftex
+@parindent=0pt
+@global@parskip 6pt plus 1pt
+@global@chapheadingskip = 15pt plus 4pt minus 2pt
+@global@secheadingskip = 12pt plus 3pt minus 2pt
+@global@subsecheadingskip = 9pt plus 2pt minus 2pt
+@end iftex
+@ifinfo
+@paragraphindent 0
+@end ifinfo
+
+@ifinfo
+@node Top, Introduction, (dir), (dir)
+@top KTH-krb
+@end ifinfo
+
+@menu
+* Introduction::
+* What is Kerberos?::
+* Installing programs::
+* How to set up a realm::
+* One-Time Passwords::
+* Resolving frequent problems::
+* Acknowledgments::
+* Index::
+
+ --- The Detailed Node Listing ---
+
+Installing programs
+
+* Installing from source::
+* Installing a binary distribution::
+* Finishing the installation::
+* Authentication modules::
+
+Finishing the installation
+
+* Authentication modules::
+
+Authentication modules
+
+* Digital SIA::
+* IRIX::
+* PAM::
+
+How to set up a realm
+
+* How to set up the kerberos server::
+* Install the client programs::
+* Install the kerberised services::
+* Install a slave kerberos server::
+* Cross-realm functionality ::
+
+How to set up the kerberos server
+
+* Choose a realm name::
+* Choose a kerberos server::
+* Install the configuration files::
+* Install the /etc/services::
+* Install the kerberos server::
+* Set up the server::
+* Add a few important principals::
+* Start the server::
+* Try to get tickets::
+* Create initial ACL for the admin server::
+* Start the admin server::
+* Add users to the database::
+* Automate the startup of the servers::
+
+One-Time Passwords
+
+* What are one time passwords?::
+* When to use one time passwords?::
+* Configuring OTPs::
+
+Resolving frequent problems
+
+* Problems compiling Kerberos::
+* Common error messages::
+@end menu
+
+@include intro.texi
+@include whatis.texi
+@include install.texi
+@include setup.texi
+@include otp.texi
+@include problems.texi
+@include ack.texi
+@include index.texi
+
+@c @shortcontents
+@contents
+
+@bye
diff --git a/crypto/kerberosIV/doc/latin1.tex b/crypto/kerberosIV/doc/latin1.tex
new file mode 100644
index 0000000..e683dd2
--- /dev/null
+++ b/crypto/kerberosIV/doc/latin1.tex
@@ -0,0 +1,95 @@
+% ISO Latin 1 (ISO 8859/1) encoding for Computer Modern fonts.
+% Jan Michael Rynning <jmr@nada.kth.se> 1990-10-12
+\def\inmathmode#1{\relax\ifmmode#1\else$#1$\fi}
+\global\catcode`\^^a0=\active \global\let^^a0=~ % no-break space
+\global\catcode`\^^a1=\active \global\def^^a1{!`} % inverted exclamation mark
+\global\catcode`\^^a2=\active \global\def^^a2{{\rm\rlap/c}} % cent sign
+\global\catcode`\^^a3=\active \global\def^^a3{{\it\$}} % pound sign
+% currency sign, yen sign, broken bar
+\global\catcode`\^^a7=\active \global\let^^a7=\S % section sign
+\global\catcode`\^^a8=\active \global\def^^a8{\"{}} % diaeresis
+\global\catcode`\^^a9=\active \global\let^^a9=\copyright % copyright sign
+% feminine ordinal indicator, left angle quotation mark
+\global\catcode`\^^ac=\active \global\def^^ac{\inmathmode\neg}% not sign
+\global\catcode`\^^ad=\active \global\let^^ad=\- % soft hyphen
+% registered trade mark sign
+\global\catcode`\^^af=\active \global\def^^af{\={}} % macron
+% ...
+\global\catcode`\^^b1=\active \global\def^^b1{\inmathmode\pm} % plus minus
+\global\catcode`\^^b2=\active \global\def^^b2{\inmathmode{{^2}}}
+\global\catcode`\^^b3=\active \global\def^^b3{\inmathmode{{^3}}}
+\global\catcode`\^^b4=\active \global\def^^b4{\'{}} % acute accent
+\global\catcode`\^^b5=\active \global\def^^b5{\inmathmode\mu} % mu
+\global\catcode`\^^b6=\active \global\let^^b6=\P % pilcroy
+\global\catcode`\^^b7=\active \global\def^^b7{\inmathmode{{\cdot}}}
+\global\catcode`\^^b8=\active \global\def^^b8{\c{}} % cedilla
+\global\catcode`\^^b9=\active \global\def^^b9{\inmathmode{{^1}}}
+% ...
+\global\catcode`\^^bc=\active \global\def^^bc{\inmathmode{{1\over4}}}
+\global\catcode`\^^bd=\active \global\def^^bd{\inmathmode{{1\over2}}}
+\global\catcode`\^^be=\active \global\def^^be{\inmathmode{{3\over4}}}
+\global\catcode`\^^bf=\active \global\def^^bf{?`} % inverted question mark
+\global\catcode`\^^c0=\active \global\def^^c0{\`A}
+\global\catcode`\^^c1=\active \global\def^^c1{\'A}
+\global\catcode`\^^c2=\active \global\def^^c2{\^A}
+\global\catcode`\^^c3=\active \global\def^^c3{\~A}
+\global\catcode`\^^c4=\active \global\def^^c4{\"A} % capital a with diaeresis
+\global\catcode`\^^c5=\active \global\let^^c5=\AA % capital a with ring above
+\global\catcode`\^^c6=\active \global\let^^c6=\AE
+\global\catcode`\^^c7=\active \global\def^^c7{\c C}
+\global\catcode`\^^c8=\active \global\def^^c8{\`E}
+\global\catcode`\^^c9=\active \global\def^^c9{\'E}
+\global\catcode`\^^ca=\active \global\def^^ca{\^E}
+\global\catcode`\^^cb=\active \global\def^^cb{\"E}
+\global\catcode`\^^cc=\active \global\def^^cc{\`I}
+\global\catcode`\^^cd=\active \global\def^^cd{\'I}
+\global\catcode`\^^ce=\active \global\def^^ce{\^I}
+\global\catcode`\^^cf=\active \global\def^^cf{\"I}
+% capital eth
+\global\catcode`\^^d1=\active \global\def^^d1{\~N}
+\global\catcode`\^^d2=\active \global\def^^d2{\`O}
+\global\catcode`\^^d3=\active \global\def^^d3{\'O}
+\global\catcode`\^^d4=\active \global\def^^d4{\^O}
+\global\catcode`\^^d5=\active \global\def^^d5{\~O}
+\global\catcode`\^^d6=\active \global\def^^d6{\"O} % capital o with diaeresis
+\global\catcode`\^^d7=\active \global\def^^d7{\inmathmode\times}% multiplication sign
+\global\catcode`\^^d8=\active \global\let^^d8=\O
+\global\catcode`\^^d9=\active \global\def^^d9{\`U}
+\global\catcode`\^^da=\active \global\def^^da{\'U}
+\global\catcode`\^^db=\active \global\def^^db{\^U}
+\global\catcode`\^^dc=\active \global\def^^dc{\"U}
+\global\catcode`\^^dd=\active \global\def^^dd{\'Y}
+% capital thorn
+\global\catcode`\^^df=\active \global\def^^df{\ss}
+\global\catcode`\^^e0=\active \global\def^^e0{\`a}
+\global\catcode`\^^e1=\active \global\def^^e1{\'a}
+\global\catcode`\^^e2=\active \global\def^^e2{\^a}
+\global\catcode`\^^e3=\active \global\def^^e3{\~a}
+\global\catcode`\^^e4=\active \global\def^^e4{\"a} % small a with diaeresis
+\global\catcode`\^^e5=\active \global\let^^e5=\aa % small a with ring above
+\global\catcode`\^^e6=\active \global\let^^e6=\ae
+\global\catcode`\^^e7=\active \global\def^^e7{\c c}
+\global\catcode`\^^e8=\active \global\def^^e8{\`e}
+\global\catcode`\^^e9=\active \global\def^^e9{\'e}
+\global\catcode`\^^ea=\active \global\def^^ea{\^e}
+\global\catcode`\^^eb=\active \global\def^^eb{\"e}
+\global\catcode`\^^ec=\active \global\def^^ec{\`\i}
+\global\catcode`\^^ed=\active \global\def^^ed{\'\i}
+\global\catcode`\^^ee=\active \global\def^^ee{\^\i}
+\global\catcode`\^^ef=\active \global\def^^ef{\"\i}
+% small eth
+\global\catcode`\^^f1=\active \global\def^^f1{\~n}
+\global\catcode`\^^f2=\active \global\def^^f2{\`o}
+\global\catcode`\^^f3=\active \global\def^^f3{\'o}
+\global\catcode`\^^f4=\active \global\def^^f4{\^o}
+\global\catcode`\^^f5=\active \global\def^^f5{\~o}
+\global\catcode`\^^f6=\active \global\def^^f6{\"o} % small o with diaeresis
+\global\catcode`\^^f7=\active \global\def^^f7{\inmathmode\div}% division sign
+\global\catcode`\^^f8=\active \global\let^^f8=\o
+\global\catcode`\^^f9=\active \global\def^^f9{\`u}
+\global\catcode`\^^fa=\active \global\def^^fa{\'u}
+\global\catcode`\^^fb=\active \global\def^^fb{\^u}
+\global\catcode`\^^fc=\active \global\def^^fc{\"u}
+\global\catcode`\^^fd=\active \global\def^^fd{\'y}
+% capital thorn
+\global\catcode`\^^ff=\active \global\def^^ff{\"y}
diff --git a/crypto/kerberosIV/doc/otp.texi b/crypto/kerberosIV/doc/otp.texi
new file mode 100644
index 0000000..0a5929f
--- /dev/null
+++ b/crypto/kerberosIV/doc/otp.texi
@@ -0,0 +1,127 @@
+@node One-Time Passwords, Resolving frequent problems, How to set up a realm, Top
+@chapter One-Time Passwords
+
+@cindex OTP
+@cindex One time passwords
+There is also support for using @dfn{one time passwords} (OTP) in this
+package. Specifically @code{login}, @code{ftpd}, and @code{popper} have
+support for using them.
+
+@menu
+* What are one time passwords?::
+* When to use one time passwords?::
+* Configuring OTPs::
+@end menu
+
+@node What are one time passwords?, When to use one time passwords?, One-Time Passwords, One-Time Passwords
+@comment node-name, next, previous, up
+@section What are one time passwords?
+
+One time passwords are, as the name implies, passwords that can only
+be used once. This means that even if someone is eavesdropping on the
+network, they will not be able to make use of the passwords they steal.
+
+The OTPs used in this package support @cite{RFC 1938}. This standard is
+also backwards compatible with the well-known S/Key. There are lots of
+programs for generating these on everything from HP 48's to Crays.
+@cindex S/Key
+
+@node When to use one time passwords?, Configuring OTPs, What are one time passwords?, One-Time Passwords
+@comment node-name, next, previous, up
+@section When to use one time passwords?
+
+Why would you want to use OTPs instead of Kerberos? The advantage of
+OTPs is that they don't require a computer to operate. You can print
+out a list of passwords and take with you, or you could use your
+calculator or hand-held computer to generate them.
+
+The downside is that they only protect you against passive attacks.
+Only the initial connection is authenticated. After that, anyone can
+eavesdrop on your session, so you should not send or view any sensitive
+data (e.g. passwords) over a OTP-initiated link. You are also
+vulnerable to active attacks where intruders try to take over your
+TCP-session and/or introduce data in the middle of it. In other words,
+they provide initial authentication, but neither integrity nor
+confidentiality.
+
+The OTPs are generated from the tuple (@var{seed}, @var{sequence
+number}, @var{pass-phrase}). The seed and the sequence number will be
+printed as part of the @dfn{challenge} and you will have to generate the
+corresponding password or pick it from a list.
+
+In conclusion, they are simple and can be used everywhere but don't
+protect against all threats that Kerberos does. Use them when you can't
+use Kerberos.
+
+@node Configuring OTPs, , When to use one time passwords?, One-Time Passwords
+@comment node-name, next, previous, up
+@section Configuring OTPs
+
+@heading Initializing
+
+To initialize your OTPs use the @code{otp} program. This program will
+write an entry in a local file on this host with your current password
+(in this case the 100th) and the corresponding seed (@samp{foobar}).
+@pindex otp
+
+@example
+@cartouche
+datan:>otp 100 foobar
+Pass-phrase: <pass-phrase>
+Verifying password Pass-phrase: <pass-phrase>
+@end cartouche
+@end example
+
+@heading Generating
+
+To print out a list of them there is a program called
+@code{otpprint}.
+@pindex otpprint
+
+@example
+@cartouche
+datan:>otpprint 100 foobar
+Pass-phrase: <pass-phrase>
+91: SLAM BUY SUP DUSK SKY BEST
+92: DEEM SIGH ROB RASH JUG MAT
+93: DUET FISK HERS AREA TOLL SUP
+94: WOW RAIN LEAK SARA MARK WING
+95: COG YELL MILK CART ABE BAWL
+96: GROW SILK GIST OMEN CAM ANNE
+97: JAG QUAD NUT BEAT BHOY MAGI
+98: ADAM USED GENE NIP EYE SIS
+99: MY SUNG HERO AT DASH RAKE
+100: CORN KNIT BOTH TOGO SOUL BOG
+@end cartouche
+@end example
+
+@heading Using the OTPs
+
+When you try to use one and have initialized a series of
+one-time passwords for yourself you will get a challenge with the
+algorithm being used, the sequence number, and the seed. Enter those in
+your generator or find the corresponding password in your list.
+
+@example
+@cartouche
+login: assar
+assar's [ otp-md5 99 foobar ] Password: <MY SUNG HERO AT DASH RAKE>
+@end cartouche
+@end example
+
+The sequence number of the password will start at one less that the
+number you gave to @code{otp} and decrease by one every time you use it.
+You should try to keep track of which should be the current one so that
+you can be assured that nobody has stolen some of your passwords and
+used them. When the number has reached zero you need to acquire a new
+series of passwords.
+
+Once you have initialized your series of passwords, you can always use
+them at any password prompt where you get the challenge as shown above.
+
+@heading Configuring servers
+
+@code{ftpd}, @code{telnetd}, and @code{popper} can be configured to
+require one-time passwords when the connection has not been kerberos
+authenticated. Check the man pages for these programs for the correct
+options.
diff --git a/crypto/kerberosIV/doc/problems.texi b/crypto/kerberosIV/doc/problems.texi
new file mode 100644
index 0000000..9e3630e
--- /dev/null
+++ b/crypto/kerberosIV/doc/problems.texi
@@ -0,0 +1,156 @@
+@node Resolving frequent problems, Acknowledgments, One-Time Passwords, Top
+@chapter Resolving frequent problems
+
+@menu
+* Problems compiling Kerberos::
+* Common error messages::
+@end menu
+
+@node Problems compiling Kerberos, Common error messages, Resolving frequent problems, Resolving frequent problems
+@section Problems compiling Kerberos
+
+Many compilers require a switch to become ANSI compliant. Since kth-krb
+is written in ANSI C it is necessary to specify the name of the compiler
+to be used and the required switch to make it ANSI compliant. This is
+most easily done when running configure using the @kbd{env} command. For
+instance to build under HP-UX using the native compiler do:
+
+@cartouche
+@example
+datan$ env CC="cc -Ae" ./configure
+@end example
+@end cartouche
+
+In general @kbd{gcc} works. The following combinations have also been
+verified to successfully compile the distribution:
+
+@table @asis
+
+@item @samp{HP-UX}
+@kbd{cc -Ae}
+@item @samp{Digital UNIX}
+@kbd{cc -std1}
+@item @samp{AIX}
+@kbd{xlc}
+@item @samp{Solaris 2.x}
+@kbd{cc} (unbundled one)
+@item @samp{IRIX}
+@kbd{cc}
+
+@end table
+
+@subheading Linux problems
+
+Some systems have lost @file{/usr/include/ndbm.h} which is necessary to
+build kth-krb correctly. There is a @file{ndbm.h.Linux} right next to
+the source distribution.
+
+There has been reports of non-working @file{libdb} on some Linux
+distributions. If that happens, use the @kbd{--without-berkeley-db}
+when configuring.
+
+@subheading HP-UX problems
+
+The shared library @file{/usr/lib/libndbm.sl} doesn't exist on all
+systems. To make problems even worse, there is never an archive version
+for static linking either. Therefore, when building ``truly portable''
+binaries first install GNU gdbm or Berkeley DB, and make sure that you
+are linking against that library.
+
+@subheading Cray problems
+
+@kbd{rlogind} won't work on Crays until @code{forkpty()} has been
+ported, in the mean time use @kbd{telnetd}.
+
+@subheading AIX problems
+
+@kbd{gcc} version 2.7.2.1 has a bug which makes it miscompile
+@file{appl/telnet/telnetd/sys_term.c} (and possibily
+@file{appl/bsd/forkpty.c}), if used with too much optimization.
+
+@subheading C2 problems
+
+@cindex C2
+The programs that checks passwords works with @file{passwd}, OTP, and
+Kerberos paswords. This is problem if you use C2 security (or use some
+other password database), that normally keeps passwords in some obscure
+place. If you want to use Kerberos with C2 security you will have to
+think about what kind of changes are necessary. See also the discussion
+about Digital's SIA and C2 security, see @ref{Digital SIA}.
+
+@node Common error messages, , Problems compiling Kerberos, Resolving frequent problems
+@section Common error messages
+
+These are some of the more obscure error messages you might encounter:
+
+@table @asis
+
+@item @samp{Time is out of bounds}
+
+The time on your machine differs from the time on either the kerberos
+server or the machine you are trying to login to. If it isn't obvious
+that this is the case, remember that all times are compared in UTC.
+
+On unix systems you usually can find out what the local time is by doing
+@code{telnet machine daytime}. This time (again, usually is the keyword)
+is with correction for time-zone and daylight savings.
+
+If you have problem keeping your clocks synchronized, consider using a
+time keeping system such as NTP (see also the discussion in
+@ref{Install the client programs}).
+
+@item @samp{Ticket issue date too far in the future}
+
+The time on the kerberos server is more than five minutes ahead of the
+time on the server.
+
+@item @samp{Can't decode authenticator}
+
+This means that there is a mismatch between the service key in the
+kerberos server and the service key file on the specific machine.
+Either:
+@itemize @bullet
+@item
+the server couldn't find a service key matching the request
+@item
+the service key (or version number) does not match the key the packet
+was encrypted with
+@end itemize
+
+@item @samp{Incorrect network address}
+
+The address in the ticket does not match the address you sent the
+request from. This happens on systems with more than one network
+address, either physically or logically. You can list addresses which
+should be considered equal in @file{/etc/krb.equiv} on your servers.
+
+A note to programmers: a server should not pass @samp{*} as the instance
+to @samp{krb_rd_req}. It should try to figure out on which interface the
+request was received, for instance by using @samp{k_getsockinst}.
+
+If you change addresses on your computer you invalidate any tickets you
+might have. The easiest way to fix this is to get new tickets with the
+new address.
+
+@item @samp{Message integrity error}
+
+The packet is broken in some way:
+@itemize @bullet
+@item
+the lengths does not match the size of the packet, or
+@item
+the checksum does not match the contents of the packet
+@end itemize
+
+@item @samp{Can't send request}
+There is some problem contacting the kerberos server. Either the server
+is down, or it is using the wrong port (compare the entries for
+@samp{kerberos-iv} in @file{/etc/services}). The client might also have
+failed to guess what kerberos server to talk to (check
+@file{/etc/krb.conf} and @file{/etc/krb.realms}).
+
+@item @samp{Generic kerberos error}
+This is a generic catch-all error message.
+
+@end table
+
diff --git a/crypto/kerberosIV/doc/setup.texi b/crypto/kerberosIV/doc/setup.texi
new file mode 100644
index 0000000..1b4b395
--- /dev/null
+++ b/crypto/kerberosIV/doc/setup.texi
@@ -0,0 +1,794 @@
+@node How to set up a realm, One-Time Passwords, Installing programs, Top
+@chapter How to set up a realm
+
+@quotation
+@flushleft
+ Who willed you? or whose will stands but mine?
+ There's none protector of the realm but I.
+ Break up the gates, I'll be your warrantize.
+ Shall I be flouted thus by dunghill grooms?
+ --- King Henry VI, 6.1
+@end flushleft
+@end quotation
+
+@menu
+* How to set up the kerberos server::
+* Install the client programs::
+* Install the kerberised services::
+* Install a slave kerberos server::
+* Cross-realm functionality ::
+@end menu
+
+@node How to set up the kerberos server, Install the client programs, How to set up a realm, How to set up a realm
+@section How to set up the kerberos server
+
+@menu
+* Choose a realm name::
+* Choose a kerberos server::
+* Install the configuration files::
+* Install the /etc/services::
+* Install the kerberos server::
+* Set up the server::
+* Add a few important principals::
+* Start the server::
+* Try to get tickets::
+* Create initial ACL for the admin server::
+* Start the admin server::
+* Add users to the database::
+* Automate the startup of the servers::
+@end menu
+
+@node Choose a realm name, Choose a kerberos server, How to set up the kerberos server, How to set up the kerberos server
+@subsection Choose a realm name
+
+A
+@cindex realm
+realm is an administrative domain. Kerberos realms are usually
+written in uppercase and consist of a Internet domain
+name@footnote{Using lowercase characters in the realm name might break
+in mysterious ways. This really should have been fixed, but has not.}.
+Call your realm the same as your Internet domain name if you do not have
+strong reasons for not doing so. It will make life easier for you and
+everyone else.
+
+@node Choose a kerberos server, Install the configuration files, Choose a realm name, How to set up the kerberos server
+@subsection Choose a kerberos server
+
+You need to choose a machine to run the
+@pindex kerberos
+kerberos server program. If the kerberos database residing on this host
+is compromised, your entire realm will be compromised. Therefore, this
+machine must be as secure as possible. Preferably it should not run any
+services other than Kerberos. The secure-minded administrator might
+only allow logins on the console.
+
+This machine has also to be reliable. If it is down, you will not be
+able to use any kerberised services unless you have also configured a
+slave server (@xref{Install a slave kerberos server}).
+
+Running the kerberos server requires very little CPU power and a small
+amount of disk. An old PC with some hundreds of megabytes of free disk
+space should do fine. Most of the disk space will be used for various
+logs.
+
+@node Install the configuration files, Install the /etc/services, Choose a kerberos server, How to set up the kerberos server
+@subsection Install the configuration files
+
+There are two important configuration files: @file{/etc/krb.conf} and
+@file{/etc/krb.realms}.
+@pindex krb.conf
+@pindex krb.realms
+
+The @file{krb.conf} file determines which machines are servers for
+different realms. The format of this file is:
+
+@example
+THIS.REALM
+THIS.REALM kerberos.this.realm admin server
+THIS.REALM kerberos-1.this.realm
+ANOTHER.REALM kerberos.another.realm
+@end example
+
+The first line defines the name of the local realm. Line two defines the
+name of the master kerberos server and the database administration
+server for this realm. You can define any number of kerberos slave
+servers similar to the one defined in line three. The clients will try
+to contact the servers in the order they are defined in @file{krb.conf}.
+
+The @samp{admin server} clause at the first entry states that this is
+the master server
+@cindex master server
+(the one to contact when modifying the database, such as changing
+passwords). There should be only one such entry for each realm.
+
+In the original MIT Kerberos 4 (as in most others), the server
+specification could only take the form of a host-name. To facilitate
+having kerberos servers in odd places (such as behind a firewall),
+support has been added for ports other than the default (750), and
+protocols other than UDP.
+
+The formal syntax for an entry is now
+@samp{@var{[proto}/@var{]host[}:@var{port]}}. @var{proto} is either
+@samp{udp} or @samp{tcp}, and @var{port} is the port to talk to. Default
+value for @var{proto} is @samp{udp} and for @var{port} whatever
+@samp{kerberos-iv} is defined to be in @file{/etc/services} or 750 if
+undefined.
+
+If the information about a realm is missing from the @file{krb.conf}
+file, or if the information is wrong, the following methods will be
+tried in order.
+
+@enumerate
+@item
+If you have an SRV-record (@cite{RFC 2052}) for your realm it will be
+used. This record should be of the form
+@samp{kerberos-iv.@var{protocol}.@var{REALM}}, where @var{proto} is
+either @samp{udp} or @samp{tcp}. (Note: the current implementation does
+not look at priority or weight when deciding which server to talk to.)
+@item
+If there isn't any SRV-record, it tries to find a TXT-record for the
+same domain. The contents of the record should have the same format as the
+host specification in @file{krb.conf}. (Note: this is a temporary
+solution if your name server doesn't support SRV records. The clients
+should work fine with SRV records, so if your name server supports them,
+they are very much preferred.)
+@item
+If no valid kerberos server is found, it will try to talk udp to the
+service @samp{kerberos-iv} with fall-back to port 750 with
+@samp{kerberos.@var{REALM}} (which is also assumed to be the master
+server), and then @samp{kerberos-1.@var{REALM}},
+@samp{kerberos-2.@var{REALM}}, and so on.
+@end enumerate
+
+We strongly recommend that you add a CNAME @samp{kerberos.@var{REALM}}
+pointing to your kerberos master server.
+
+The @file{krb.realms} file is used to find out what realm a particular
+host belongs to. An example of this file could look like:
+
+@example
+this.realm THIS.REALM
+.this.realm THIS.REALM
+foo.com SOME.OTHER.REALM
+www.foo.com A.STRANGE.REALM
+.foo.com FOO.REALM
+@end example
+
+Entries starting with a dot are taken as the name of a domain. Entries
+not starting with a dot are taken as a host-name. The first entry matched
+is used. The entry for @samp{this.realm} is only necessary if there is a
+host named @samp{this.realm}.
+
+If no matching realm is found in @file{krb.realms}, DNS is searched for
+the correct realm. For example, if we are looking for host @samp{a.b.c},
+@samp{krb4-realm.a.b.c} is first tried and then @samp{krb4-realm.b.c}
+and so on. The entry should be a TXT record containing the name of the
+realm, such as:
+
+@example
+krb4-realm.pdc.kth.se. 7200 TXT "NADA.KTH.SE"
+@end example
+
+If this didn't help the domain name sans the first part in uppercase is
+tried.
+
+The plain vanilla version of Kerberos doesn't have any fancy methods of
+getting realms and servers so it is generally a good idea to keep
+@file{krb.conf} and @file{krb.realms} up to date.
+
+@node Install the /etc/services, Install the kerberos server, Install the configuration files, How to set up the kerberos server
+@subsection Updating /etc/services
+
+You should append or merge the contents of @file{services.append} to
+your @file{/etc/services} files or NIS-map. Remove any unused factory
+installed kerberos port definitions to avoid possible conflicts.
+@pindex services
+
+Most of the programs will fall back to the default ports if the port
+numbers are not found in @file{/etc/services}, but it is convenient to
+have them there anyway.
+
+@node Install the kerberos server, Set up the server, Install the /etc/services, How to set up the kerberos server
+@subsection Install the kerberos server
+
+You should have already chosen the machine where you want to run the
+kerberos server and the realm name. The machine should also be as
+secure as possible (@xref{Choose a kerberos server}) before installing
+the kerberos server. In this example, we will install a kerberos server
+for the realm @samp{FOO.SE} on a machine called @samp{hemlig.foo.se}.
+
+@node Set up the server, Add a few important principals, Install the kerberos server, How to set up the kerberos server
+@subsection Setup the server
+
+Login as root on the console of the kerberos server. Add
+@file{/usr/athena/bin} and @file{/usr/athena/sbin} to your path. Run
+@kbd{kdb_init}:
+@pindex kdb_init
+
+@example
+@cartouche
+hemlig# kdb_init
+Realm name [default FOO.SE ]:
+You will be prompted for the database Master Password.
+It is important that you NOT FORGET this password.
+
+Enter Kerberos master password:
+Verifying password
+Enter Kerberos master password:
+@end cartouche
+@end example
+
+If you have set up the configuration files correctly, @kbd{kdb_init}
+should choose the correct realm as the default, otherwise a (good) guess
+is made. Enter the master password.
+
+This password will only be used for encrypting the kerberos database on
+disk and for generating new random keys. You will not have to remember
+it, only to type it again when you run @kbd{kstash}. Choose something
+long and random. Now run @kbd{kstash} using the same password:
+@pindex kstash
+
+@example
+@cartouche
+hemlig# kstash
+
+Enter Kerberos master password:
+
+Current Kerberos master key version is 1.
+
+Master key entered. BEWARE!
+Wrote master key to /.k
+@end cartouche
+@end example
+
+After entering the same master password it will be saved in the file
+@file{/.k} and the kerberos server will read it when needed. Write down
+the master password and put it in a sealed envelope in a safe, you might
+need it if your disk crashes or should you want to set up a slave
+server.
+
+@code{kdb_init} initializes the database with a few entries:
+
+@table @samp
+@item krbtgt.@var{REALM}
+The key used for authenticating to the kerberos server.
+
+@item changepw.kerberos
+The key used for authenticating to the administrative server, i.e. when
+adding users, changing passwords, and so on.
+
+@item default
+This entry is copied to new items when these are added. Enter here the
+values you want new entries to have, particularly the expiry date.
+
+@item K.M
+This is the master key and it is only used to verify that the master key
+that is saved un-encrypted in @file{/.k} is correct and corresponds to
+this database.
+
+@end table
+
+@code{kstash} only reads the master password and writes it to
+@file{/.k}. This enables the kerberos server to start without you
+having to enter the master password. This file (@file{/.k}) is only
+readable by root and resides on a ``secure'' machine.
+
+@node Add a few important principals, Start the server, Set up the server, How to set up the kerberos server
+@subsection Add a few important principals
+
+Now the kerberos database has been created, containing only a few
+principals. The next step is to add a few more so that you can test
+that it works properly and so that you can administer your realm without
+having to use the console on the kerberos server. Use @kbd{kdb_edit}
+to edit the kerberos database directly on the server.
+@pindex kdb_edit
+
+@code{kdb_edit} is intended as a bootstrapping and fall-back mechanism
+for editing the database. For normal purposes, use the @code{kadmin}
+program (@xref{Add users to the database}).
+
+The following example shows the adding of the principal
+@samp{nisse.admin} into the kerberos database. This principal is used
+by @samp{nisse} when administrating the kerberos database. Later on the
+normal principal for @samp{nisse} will be created. Replace @samp{nisse}
+and @samp{password} with your own username and password.
+
+@example
+@cartouche
+hemlig# kdb_edit -n
+Opening database...
+Current Kerberos master key version is 1.
+
+Master key entered. BEWARE!
+Previous or default values are in [brackets] ,
+enter return to leave the same, or new value.
+
+Principal name: <nisse>
+Instance: <admin>
+
+<Not found>, Create [y] ? <>
+
+Principal: nisse, Instance: admin, kdc_key_ver: 1
+New Password: <password>
+Verifying password
+New Password: <password>
+
+Principal's new key version = 1
+Expiration date (enter yyyy-mm-dd) [ 2000-01-01 ] ? <>
+Max ticket lifetime (*5 minutes) [ 255 ] ? <>
+Attributes [ 0 ] ? <>
+Edit O.K.
+Principal name: <>
+@end cartouche
+@end example
+
+@code{kdb_edit} will loop until you hit the @kbd{return} key at the
+``Principal name'' prompt. Now you have added nisse as an administrator.
+
+@node Start the server, Try to get tickets, Add a few important principals, How to set up the kerberos server
+@subsection Start the server
+
+@pindex kerberos
+@example
+@cartouche
+hemlig# /usr/athena/libexec/kerberos &
+Kerberos server starting
+Sleep forever on error
+Log file is /var/log/kerberos.log
+Current Kerberos master key version is 1.
+
+Master key entered. BEWARE!
+
+Current Kerberos master key version is 1
+Local realm: FOO.SE
+@end cartouche
+@end example
+
+@node Try to get tickets, Create initial ACL for the admin server, Start the server, How to set up the kerberos server
+@subsection Try to get tickets
+
+You can now verify that these principals have been added and that the
+server is working correctly.
+
+@pindex kinit
+@example
+@cartouche
+hemlig# kinit
+eBones International (hemlig.foo.se)
+Kerberos Initialization
+Kerberos name: <nisse.admin>
+Password: <password>
+@end cartouche
+@end example
+
+If you do not get any error message from @code{kinit}, then everything
+is working (otherwise, see @ref{Common error messages}). Use
+@code{klist} to verify the tickets you acquired with @code{kinit}:
+
+@pindex klist
+@example
+@cartouche
+hemlig# klist
+Ticket file: /tmp/tkt0
+Principal: nisse.admin@@FOO.SE
+
+Issued Expires Principal
+May 24 21:06:03 May 25 07:06:03 krbtgt.FOO.SE@@FOO.SE
+@end cartouche
+@end example
+
+@node Create initial ACL for the admin server, Start the admin server, Try to get tickets, How to set up the kerberos server
+@subsection Create initial ACL for the admin server
+
+The admin server, @code{kadmind}, uses a series of files to determine who has
+@pindex kadmind
+the right to perform certain operations. The files are:
+@file{admin_acl.add}, @file{admin_acl.get}, @file{admin_acl.del}, and
+@file{admin_acl.mod}. Create these with @samp{nisse.admin@@FOO.SE} as
+the contents.
+@pindex admin_acl.add
+@pindex admin_acl.get
+@pindex admin_acl.del
+@pindex admin_acl.mod
+
+@example
+@cartouche
+hemlig# echo "nisse.admin@@FOO.SE" > /var/kerberos/admin_acl.add
+hemlig# echo "nisse.admin@@FOO.SE" > /var/kerberos/admin_acl.get
+hemlig# echo "nisse.admin@@FOO.SE" > /var/kerberos/admin_acl.mod
+hemlig# echo "nisse.admin@@FOO.SE" > /var/kerberos/admin_acl.del
+@end cartouche
+@end example
+
+Later on you may wish to add more users with administration
+privileges. Make sure that you create both the administration principals
+and add them to the admin server ACL.
+
+@node Start the admin server, Add users to the database, Create initial ACL for the admin server, How to set up the kerberos server
+@subsection Start the admin server
+
+@pindex kadmind
+@example
+@cartouche
+hemlig# /usr/athena/libexec/kadmind &
+KADM Server KADM0.0A initializing
+Please do not use 'kill -9' to kill this job, use a
+regular kill instead
+
+Current Kerberos master key version is 1.
+
+Master key entered. BEWARE!
+@end cartouche
+@end example
+
+@node Add users to the database, Automate the startup of the servers, Start the admin server, How to set up the kerberos server
+@subsection Add users to the database
+
+Use the @code{kadmin} client to add users to the database:
+@pindex kadmin
+
+@example
+@cartouche
+hemlig# kadmin -u nisse.admin -m
+Welcome to the Kerberos Administration Program, version 2
+Type "help" if you need it.
+admin: <add nisse>
+Admin password: <nisse.admin's password>
+Maximum ticket lifetime? (255) [Forever]
+Attributes? [0x00]
+Expiration date (enter yyyy-mm-dd) ? [Sat Jan 1 05:59:00 2000]
+Password for nisse:
+Verifying password Password for nisse:
+nisse added to database.
+@end cartouche
+@end example
+
+Add whatever other users you want to have in the same way. Verify that
+a user is in the database and check the database entry for that user:
+
+@example
+@cartouche
+admin: <get nisse>
+Info in Database for nisse.:
+Max Life: 255 (Forever) Exp Date: Sat Jan 1 05:59:59 2000
+
+Attribs: 00 key: 0 0
+admin: <^D>
+Cleaning up and exiting.
+@end cartouche
+@end example
+
+@node Automate the startup of the servers, , Add users to the database, How to set up the kerberos server
+@subsection Automate the startup of the servers
+
+Add the lines that were used to start the kerberos server and the
+admin server to your startup scripts (@file{/etc/rc} or similar).
+@pindex rc
+
+@node Install the client programs, Install the kerberised services, How to set up the kerberos server, How to set up a realm
+@section Install the client programs
+
+Making a machine a kerberos client only requires a few steps. First you
+might need to change the configuration files as with the kerberos
+server. (@xref{Install the configuration files} and @ref{Install the
+/etc/services}.) Also you need to make the programs in
+@file{/usr/athena/bin} available. This can be done by adding the
+@file{/usr/athena/bin} directory to the users' paths, by making symbolic
+links, or even by copying the programs.
+
+You should also verify that the local time on the client is synchronised
+with the time on the kerberos server by some means. The maximum allowed
+time difference between the participating servers and a client is 5
+minutes.
+@cindex NTP.
+One good way to synchronize the time is NTP (Network Time Protocol), see
+@code{http://www.eecis.udel.edu/~ntp/}.
+
+If you need to run the client programs on a machine where you do not
+have root-access, you can hopefully just use the binaries and no
+configuration will be needed. The heuristics used are mentioned above
+(see @ref{Install the configuration files}). If this is not the case
+and you need to have @file{krb.conf} and/or @file{krb.realms}, you can
+copy them into a directory of your choice and
+@pindex krb.conf
+@pindex krb.realms
+set the environment variable @var{KRBCONFDIR} to point at this
+@cindex KRBCONFDIR
+directory.
+
+To test the client functionality, run the @code{kinit} program:
+
+@example
+@cartouche
+foo$ kinit
+eBones International (foo.foo.se)
+Kerberos Initialization
+Kerberos name: <nisse>
+Password: <password>
+
+foo$ klist
+Ticket file: /tmp/tkt4711
+Principal: nisse@@FOO.SE
+
+Issued Expires Principal
+May 24 21:06:03 May 25 07:06:03 krbtgt.FOO.SE@@FOO.SE
+@end cartouche
+@end example
+
+@node Install the kerberised services, Install a slave kerberos server, Install the client programs, How to set up a realm
+@section Install the kerberised services
+
+These includes @code{rsh}, @code{rlogin}, @code{telnet}, @code{ftp},
+@code{rxtelnet}, and so on.
+@pindex rsh
+@pindex rlogin
+@pindex telnet
+@pindex ftp
+@pindex rxtelnet
+
+First follow the steps mentioned in the prior section to make it a
+client and verify its operation. Change @file{inetd.conf} next to use
+the new daemons. Look at the file
+@pindex inetd.conf
+@file{etc/inetd.conf.changes} to see the changes that we recommend you
+perform on @file{inetd.conf}.
+
+You should at this point decide what services you want to run on
+each machine.
+
+@subsection rsh, rlogin, and rcp
+@pindex rsh
+@pindex rlogin
+@pindex rcp
+
+These exist in kerberised versions and ``old-style'' versions. The
+different versions use different port numbers, so you can choose none,
+one, or both. If you do not want to use ``old-style'' r* services, you
+can let the programs output the text ``Remote host requires Kerberos
+authentication'' instead of just refusing connections to that port.
+This is enabled with the @samp{-v} option. The kerberised services
+exist in encrypted and non-encrypted versions. The encrypted services
+have an ``e'' prepended to the name and the programs take @samp{-x} as an
+option indicating encryption.
+
+Our recommendation is to only use the kerberised services and give
+explanation messages for the old ports.
+
+@subsection telnet
+@pindex telnet
+
+The telnet service always uses the same port and negotiates as to which
+authentication method should be used. The @code{telnetd} program has
+@pindex telnetd
+an option ``-a user'' that only allows kerberised and authenticated
+connections. If this is not included, it falls back to using clear text
+passwords. For obvious reasons, we recommend that you enable this
+option. If you want to use one-time passwords (@xref{One-Time
+Passwords}) you can use the ``-a otp'' option which will allow OTPs or
+kerberised connections.
+
+@subsection ftp
+@pindex ftp
+
+The ftp service works as telnet does, with just one port being used. By
+default only kerberos authenticated connections are allowed. You can
+specify additional levels that are thus allowed with these options:
+
+@table @asis
+@item @kbd{-a otp}
+Allow one-time passwords (@xref{One-Time Passwords}).
+@item @kbd{-a ftp}
+Allow anonymous login (as user ``ftp'' or ``anonymous'').
+@item @kbd{-a safe}
+The same as @kbd{-a ftp}, for backwards compatibility.
+@item @kbd{-a plain}
+Allow clear-text passwords.
+@item @kbd{-a none}
+The same as @kbd{-a ftp -a plain}.
+@item @kbd{-a user}
+A no-op, also there for backwards compatibility reasons.
+@end table
+
+When running anonymous ftp you should read the man page on @code{ftpd}
+which explains how to set it up.
+
+@subsection pop
+@pindex popper
+
+The Post Office Protocol (POP) is used to retrieve mail from the mail
+hub. The @code{popper} program implements the standard POP3 protocol
+and the kerberised KPOP. Use the @samp{-k} option to run the kerberos
+version of the protocol. This service should only be run on your mail
+hub.
+
+@subsection kx
+@pindex kx
+
+@code{kx} allows you to run X over a kerberos-authenticated and
+encrypted connection. This program is used by @code{rxtelnet},
+@code{tenletxr}, and @code{rxterm}.
+
+If you have some strange kind of operating system with X libraries that
+do not allow you to use unix-sockets, you need to specify the @samp{-t}
+@pindex kxd
+option to @code{kxd}. Otherwise it should be sufficient by adding the
+daemon in @file{inetd.conf}.
+
+@subsection kauth
+@pindex kauth
+
+This service allows you to create tickets on a remote host. To
+enable it just insert the corresponding line in @file{inetd.conf}.
+
+@section srvtabs
+@pindex srvtab
+
+In the same way every user needs to have a password registered with
+the kerberos server, every service needs to have a shared key with the
+kerberos server. The service keys are stored in a file, usually called
+@file{/etc/srvtab}. This file should not be readable to anyone but
+root, in order to keep the key from being divulged. The name of this principal
+in the kerberos database is usually the service and the host. The key
+for the pop service is called @samp{pop.@var{hostname}}. The one for
+rsh/rlogin/telnet is named @samp{rcmd.@var{hostname}}. (rcmd comes from
+``remote command''). To create these keys you will use the the
+@code{ksrvutil} program. Perform the
+@pindex ksrvutil
+following:
+
+@example
+@cartouche
+bar# ksrvutil -p nisse.admin get
+Name [rcmd]: <>
+Instance [bar]: <>
+Realm [FOO.SE]: <>
+Is this correct? (y,n) [y] <>
+Add more keys? (y,n) [n] <>
+Password for nisse.admin@@FOO.SE: <nisse.admin's password>
+Written rcmd.bar
+rcmd.bar@@FOO.SE
+Old keyfile in /etc/srvtab.old.
+@end cartouche
+@end example
+
+@subsection Complete test of the kerberised services
+
+Obtain a ticket on one machine (@samp{foo}) and use it to login with a
+kerberised service to a second machine (@samp{bar}). The test should
+look like this if successful:
+
+@example
+@cartouche
+foo$ kinit nisse
+eBones International (foo.foo.se)
+Kerberos Initialization for "nisse"
+Password: <nisse's password>
+foo$ klist
+Ticket file: /tmp/tkt4711
+Principal: nisse@@FOO.SE
+
+Issued Expires Principal
+May 30 13:48:03 May 30 23:48:03 krbtgt.FOO.SE@@FOO.SE
+foo$ telnet bar
+Trying 17.17.17.17...
+Connected to bar.foo.se
+Escape character is '^]'.
+[ Trying mutual KERBEROS4 ... ]
+[ Kerberos V4 accepts you ]
+[ Kerberos V4 challenge successful ]
+bar$
+@end cartouche
+@end example
+
+You can also try with @code{rsh}, @code{rcp}, @code{rlogin},
+@code{rlogin -x}, and some other commands to see that everything is
+working all right.
+
+@node Install a slave kerberos server, Cross-realm functionality , Install the kerberised services, How to set up a realm
+@section Install a slave kerberos server
+
+It is desirable to have at least one backup (slave) server in case the
+master server fails. It is possible to have any number of such slave
+servers but more than three usually doesn't buy much more redundancy.
+
+First select a good server machine. @xref{Choose a kerberos
+server}. Since the master and slave servers will use copies of the same
+database, they need to use the same master key.
+
+On the master, add a @samp{rcmd.kerberos} principal (using
+@samp{ksrvutil get}). The
+@pindex kprop
+@code{kprop} program, running on the master, will use this when
+authenticating to the
+@pindex kpropd
+@code{kpropd} daemons running on the slave servers.
+
+On your master server, create a file, e.g. @file{/var/kerberos/slaves},
+that contains the hostnames of your kerberos slave servers.
+
+Start @code{kpropd} with @samp{kpropd -i} on your slave servers.
+
+On your master server, create a dump of the database with @samp{kdb_util
+slave_dump /var/kerberos/slave_dump}, and then run @code{kprop}.
+
+You should now have copies of the database on your slave servers. You
+can verify this by issuing @samp{kdb_util dump @var{file}} on your
+slave servers, and comparing with the original file on the master
+server. Note that the entries will not be in the same order.
+
+This procedure should be automated with a script run regularly by cron,
+for instance once an hour.
+
+To start the kerberos server on slaves, you first have to copy the
+master key from the master server. You can do this either by remembering
+the master password and issuing @samp{kstash}, or you can just copy the
+keyfile. Remember that if you copy the file, do so on a safe media, not
+over the network. Good means include floppy or paper. Paper is better,
+since it is easier to swallow afterwards.
+
+The kerberos server should be started with @samp{-s} on the slave
+servers. This enables sanity checks, for example checking the time since
+the last update from the master.
+
+All changes to the database are made by @code{kadmind} at the master,
+and then propagated to the slaves, so you should @strong{not} run
+@code{kadmind} on the slaves.
+
+Finally add the slave servers to
+@file{/etc/krb.conf}. The clients will ask the servers in the order
+specified by that file.
+
+Consider adding CNAMEs to your slave servers, see @ref{Install the
+configuration files}.
+
+@node Cross-realm functionality , , Install a slave kerberos server, How to set up a realm
+@section Cross-realm functionality
+
+Suppose you are residing in the realm @samp{MY.REALM}, how do you
+authenticate to a server in @samp{OTHER.REALM}? Having valid tickets in
+@samp{MY.REALM} allows you to communicate with kerberised services in that
+realm. However, the computer in the other realm does not have a secret
+key shared with the kerberos server in your realm.
+
+It is possible to add a shared key between two realms that trust each
+other. When a client program, such as @code{telnet}, finds that the
+other computer is in a different realm, it will try to get a ticket
+granting ticket for that other realm, but from the local kerberos
+server. With that ticket granting ticket, it will then obtain service
+tickets from the kerberos server in the other realm.
+
+To add this functionality you have to add a principal to each realm. The
+principals should be @samp{krbtgt.OTHER.REALM} in @samp{MY.REALM}, and
+@samp{krbtgt.MY.REALM} in @samp{OTHER.REALM}. The two different
+principals should have the same key (and key version number). Remember
+to transfer this key in a safe manner. This is all that is required.
+
+@example
+@cartouche
+blubb$ klist
+Ticket file: /tmp/tkt3008
+Principal: joda@@NADA.KTH.SE
+
+ Issued Expires Principal
+Jun 7 02:26:23 Jun 7 12:26:23 krbtgt.NADA.KTH.SE@@NADA.KTH.SE
+blubb$ telnet agat.e.kth.se
+Trying 130.237.48.12...
+Connected to agat.e.kth.se.
+Escape character is '^]'.
+[ Trying mutual KERBEROS4 ... ]
+[ Kerberos V4 accepts you ]
+[ Kerberos V4 challenge successful ]
+Last login: Sun Jun 2 20:51:50 from emma.pdc.kth.se
+
+agat$ exit
+Connection closed by foreign host.
+blubb$ klist
+Ticket file: /tmp/tkt3008
+Principal: joda@@NADA.KTH.SE
+
+ Issued Expires Principal
+Jun 7 02:26:23 Jun 7 12:26:23 krbtgt.NADA.KTH.SE@@NADA.KTH.SE
+Jun 7 02:26:50 Jun 7 12:26:50 krbtgt.E.KTH.SE@@NADA.KTH.SE
+Jun 7 02:26:51 Jun 7 12:26:51 rcmd.agat@@E.KTH.SE
+@end cartouche
+@end example
diff --git a/crypto/kerberosIV/doc/whatis.texi b/crypto/kerberosIV/doc/whatis.texi
new file mode 100644
index 0000000..16989bb
--- /dev/null
+++ b/crypto/kerberosIV/doc/whatis.texi
@@ -0,0 +1,137 @@
+@node What is Kerberos?, Installing programs, Introduction, Top
+@chapter What is Kerberos?
+
+@quotation
+@flushleft
+ Now this Cerberus had three heads of dogs,
+ the tail of a dragon, and on his back the
+ heads of all sorts of snakes.
+ --- Pseudo-Apollodorus Library 2.5.12
+@end flushleft
+@end quotation
+
+Kerberos is a system for authenticating users and services on a network.
+It is built upon the assumption that the network is ``unsafe''. For
+example, data sent over the network can be eavesdropped and altered, and
+addresses can also be faked. Therefore they cannot be used for
+authentication purposes.
+@cindex authentication
+
+Kerberos is a trusted third-party service. That means that there is a
+third party (the kerberos server) that is trusted by all the entities on
+the network (users and services, usually called @dfn{principals}). All
+principals share a secret password (or key) with the kerberos server and
+this enables principals to verify that the messages from the kerberos
+server are authentic. Thus trusting the kerberos server, users and
+services can authenticate each other.
+
+@section Basic mechanism
+
+@ifinfo
+@macro sub{arg}
+<\arg\>
+@end macro
+@end ifinfo
+
+@tex
+@def@xsub#1{$_{#1}$}
+@global@let@sub=@xsub
+@end tex
+
+In Kerberos, principals use @dfn{tickets} to prove that they are who
+they claim to be. In the following example, @var{A} is the initiator of
+the authentication exchange, usually a user, and @var{B} is the service
+that @var{A} wishes to use.
+
+To obtain a ticket for a specific service, @var{A} sends a ticket
+request to the kerberos server. The request basically contains @var{A}'s
+and @var{B}'s names. The kerberos server checks that both @var{A} and
+@var{B} are valid principals.
+
+Having verified the validity of the principals, it creates a packet
+containing @var{A}'s and @var{B}'s names, @var{A}'s network address
+(@var{A@sub{addr}}), the current time (@var{t@sub{issue}}), the lifetime
+of the ticket (@var{life}), and a secret @dfn{session key}
+@cindex session key
+(@var{K@sub{AB}}). This packet is encrypted with @var{B}'s secret key
+(@var{K@sub{B}}). The actual ticket (@var{T@sub{AB}}) looks like this:
+(@{@var{A}, @var{B}, @var{A@sub{addr}}, @var{t@sub{issue}}, @var{life},
+@var{K@sub{AB}}@}@var{K@sub{B}}).
+
+The reply to @var{A} consists of the ticket (@var{T@sub{AB}}), @var{B}'s
+name, the current time, the lifetime of the ticket, and the session key, all
+encrypted in @var{A}'s secret key (@{@var{B}, @var{t@sub{issue}},
+@var{life}, @var{K@sub{AB}}, @var{T@sub{AB}}@}@var{K@sub{A}}). @var{A}
+decrypts the reply and retains it for later use.
+
+@sp 1
+
+Before sending a message to @var{B}, @var{A} creates an authenticator
+consisting of @var{A}'s name, @var{A}'s address, the current time, and a
+``checksum'' chosen by @var{A}, all encrypted with the secret session
+key (@{@var{A}, @var{A@sub{addr}}, @var{t@sub{current}},
+@var{checksum}@}@var{K@sub{AB}}). This is sent together with the ticket
+received from the kerberos server to @var{B}. Upon reception, @var{B}
+decrypts the ticket using @var{B}'s secret key. Since the ticket
+contains the session key that the authenticator was encrypted with,
+@var{B} can now also decrypt the authenticator. To verify that @var{A}
+really is @var{A}, @var{B} now has to compare the contents of the ticket
+with that of the authenticator. If everything matches, @var{B} now
+considers @var{A} as properly authenticated.
+
+@c (here we should have some more explanations)
+
+@section Different attacks
+
+@subheading Impersonating A
+
+An impostor, @var{C} could steal the authenticator and the ticket as it
+is transmitted across the network, and use them to impersonate
+@var{A}. The address in the ticket and the authenticator was added to
+make it more difficult to perform this attack. To succeed @var{C} will
+have to either use the same machine as @var{A} or fake the source
+addresses of the packets. By including the time stamp in the
+authenticator, @var{C} does not have much time in which to mount the
+attack.
+
+@subheading Impersonating B
+
+@var{C} can hijack @var{B}'s network address, and when @var{A} sends
+her credentials, @var{C} just pretend to verify them. @var{C} can't
+be sure that she is talking to @var{A}.
+
+@section Defense strategies
+
+It would be possible to add a @dfn{replay cache}
+@cindex replay cache
+to the server side. The idea is to save the authenticators sent during
+the last few minutes, so that @var{B} can detect when someone is trying
+to retransmit an already used message. This is somewhat impractical
+(mostly regarding efficiency), and is not part of Kerberos 4; MIT
+Kerberos 5 contains it.
+
+To authenticate @var{B}, @var{A} might request that @var{B} sends
+something back that proves that @var{B} has access to the session
+key. An example of this is the checksum that @var{A} sent as part of the
+authenticator. One typical procedure is to add one to the checksum,
+encrypt it with the session key and send it back to @var{A}. This is
+called @dfn{mutual authentication}.
+
+The session key can also be used to add cryptographic checksums to the
+messages sent between @var{A} and @var{B} (known as @dfn{message
+integrity}). Encryption can also be added (@dfn{message
+confidentiality}). This is probably the best approach in all cases.
+@cindex integrity
+@cindex confidentiality
+
+@section Further reading
+
+The original paper on Kerberos from 1988 is @cite{Kerberos: An
+Authentication Service for Open Network Systems}, by Jennifer Steiner,
+Clifford Neuman and Jeffrey I. Schiller.
+
+A less technical description can be found in @cite{Designing an
+Authentication System: a Dialogue in Four Scenes} by Bill Bryant, also
+from 1988.
+
+These and several other documents can be found on our web-page.
diff --git a/crypto/kerberosIV/eBones-p9.README b/crypto/kerberosIV/eBones-p9.README
new file mode 100644
index 0000000..8442985
--- /dev/null
+++ b/crypto/kerberosIV/eBones-p9.README
@@ -0,0 +1,26 @@
+The file eBones-p9.patch.Z is the compressed patch for Bones (patchlevel 9)
+that puts back the calls to the DES encryption libraries.
+
+eBones-p9-des.tar.Z is a compressed tar file of MIT compatible
+des encryption routines. Install these routines in src/lib/des.
+The des_quad_cksum is not compatible with the MIT version
+but I should fix that when I have access to ultrix 4
+* [It has now been fixed and is the same as MIT's]
+(it has a binary copy of libdes.a)). There are two extra routines,
+des_enc_read and des_enc_write. These routines are used in the
+kerberos rcp, rlogin and rlogind to encrypt all network traffic.
+
+eBones-p9.tar.Z is a compressed tar file of Bones (patchlevel 9)
+with the eBones-p9.patch applied and eBones-p9-des.tar.Z installed.
+
+When applying the patch to Bones, don't do a
+find src -name "*.orig" -exec /bin/rm {} \;
+There is a file called src/util/ss/ss.h.orig that is needed and
+the above find will remove it.
+
+The Imakefile in src/lib/des assumes you have gcc. If you don't,
+you will have to change the Imakefile. Compile this directory with
+the maximum optimization your compiler has available.
+
+These modifications have been successfully unpacked and compiled
+on a microvax 3600.
diff --git a/crypto/kerberosIV/etc/README b/crypto/kerberosIV/etc/README
new file mode 100644
index 0000000..68865ec
--- /dev/null
+++ b/crypto/kerberosIV/etc/README
@@ -0,0 +1,41 @@
+
+ How to update your files in the /etc directory!
+
+/etc/services (all machines)
+
+ The contents of services.append can probably just be appended to
+your local file. If you use NIS (YP) you need to do this on the NIS
+master. Delete and duplicate definitions to prevent inconsistencies.
+
+/etc/krb.conf (all machines)
+
+ Create a krb.conf file by substituting MY.REALM.NAME with your
+domain name. If you create a domain name alias (CNAME) kerberos.domain
+pointing to your master server, unconfigured clients will have a
+chance to find your realm.
+
+ It is no longer necessary to put each and every realm in
+krb.{conf,realms}. If the domain name matches your realm name and you
+have a CNAME kerberos.REALMNAME pointing at your kerberos server other
+sites will find your realm even if it is not listed in krb.conf.
+*** Please add this CNAME to your local DNS ***
+
+/etc/krb.realms (all machines)
+
+ Substitue MY.REALM.NAME in krb.realms with your domain name.
+ Not strictly necessary when domain and realm names match.
+
+/etc/inetd.conf (all machines supporting incoming telnet, rsh etc.)
+
+ Comment out the lines starting with shell, login and telnet and
+append inetd.conf.changes. Be carefull to check that there are no
+additional old entries of kshell, ekshell, klogin and eklogin left.
+
+ The -v option to rshd and rlogin turns off that service and echo
+an informational message to the user.
+
+/etc/srvtab
+
+ With 'ksrvutil get' you can add entries to the Kerberos database and
+put the service keys into your srvtab file.
+
diff --git a/crypto/kerberosIV/etc/default.login b/crypto/kerberosIV/etc/default.login
new file mode 100644
index 0000000..f01b2ee
--- /dev/null
+++ b/crypto/kerberosIV/etc/default.login
@@ -0,0 +1,47 @@
+#
+# Sample /etc/default/login file, read by the login program
+#
+# For more info consult SysV login(1)
+#
+# Most things are environment variables.
+# HZ and TZ are set only if they are still uninitialized.
+
+# This really variable TZ
+#TIMEZONE=EST5EDT
+
+#HZ=100
+
+# File size limit, se ulimit(2).
+# Note that the limit must be specified in units of 512-byte blocks.
+#ULIMIT=0
+
+# If CONSOLE is set, root can only login on that device.
+# When not set root can log in on any device.
+#CONSOLE=/dev/console
+
+# PASSREQ determines if login requires a password.
+PASSREQ=YES
+
+# ALTSHELL, really set SHELL=/bin/bash or other shell
+# Extension: when ALTSHELL=YES, we set the SHELL variable even if it is /bin/sh
+ALTSHELL=YES
+
+# Default PATH
+#PATH=/usr/bin:
+
+# Default PATH for root user
+#SUPATH=/usr/sbin:/usr/bin
+
+# TIMEOUT sets the number of seconds (between 0 and 900) to wait before
+# abandoning a login session.
+#
+#TIMEOUT=300
+
+# Use this for default umask(2) value
+#UMASK=022
+
+# Sleeptime between failed logins
+# SLEEPTIME
+
+# Maximum number of failed login attempts, well the user can always reconnect
+# MAXTRYS
diff --git a/crypto/kerberosIV/etc/fbtab b/crypto/kerberosIV/etc/fbtab
new file mode 100644
index 0000000..3e21376
--- /dev/null
+++ b/crypto/kerberosIV/etc/fbtab
@@ -0,0 +1,15 @@
+# Sample /etc/fbtab file read by the login program
+# This file can also be called /etc/logindevperm.
+
+# Use this to give away devices to the console user. The group of the
+# devices is set to the owner's group specified in /etc/passwd.
+#
+# First column specifies the console device.
+#
+# Second the mode bits of the given away devices
+#
+# Third is a : separated list of devices to give away
+
+# console mode devices
+/dev/console 0600 /dev/console:/dev/mouse
+/dev/console 0600 /dev/floppy
diff --git a/crypto/kerberosIV/etc/hosts.equiv b/crypto/kerberosIV/etc/hosts.equiv
new file mode 100644
index 0000000..2fbb50c
--- /dev/null
+++ b/crypto/kerberosIV/etc/hosts.equiv
@@ -0,0 +1 @@
+localhost
diff --git a/crypto/kerberosIV/etc/inetd.conf.changes b/crypto/kerberosIV/etc/inetd.conf.changes
new file mode 100644
index 0000000..a9721a0
--- /dev/null
+++ b/crypto/kerberosIV/etc/inetd.conf.changes
@@ -0,0 +1,33 @@
+#
+# $Id: inetd.conf.changes,v 1.12 1996/10/27 11:58:02 bg Exp $
+#
+# Turn off vanilla rshd and rlogind with an informational message.
+# If you really want this security problem remove the '-v' option!
+shell stream tcp nowait root /usr/athena/libexec/rshd rshd -l -L -v
+login stream tcp nowait root /usr/athena/libexec/rlogind rlogind -l -v
+#
+# Kerberos rsh
+kshell stream tcp nowait root /usr/athena/libexec/rshd rshd -L -k
+ekshell stream tcp nowait root /usr/athena/libexec/rshd rshd -L -k -x
+ekshell2 stream tcp nowait root /usr/athena/libexec/rshd rshd -L -k -x
+#
+# Kerberos rlogin
+klogin stream tcp nowait root /usr/athena/libexec/rlogind rlogind -k
+eklogin stream tcp nowait root /usr/athena/libexec/rlogind rlogind -k -x
+#
+# Kerberized telnet and ftp, consider adding '-a user' to
+# disallow cleartext passwords to both telnetd and ftpd.
+telnet stream tcp nowait root /usr/athena/libexec/telnetd telnetd -a none
+ftp stream tcp nowait root /usr/athena/libexec/ftpd ftpd -a none
+#
+# Kerberized POP. Server principal is pop.hostname, *not* rcmd.hostname!
+#kpop stream tcp nowait root /usr/athena/libexec/popper popper -k
+#
+# Old POP3 with passwords in clear (not recommended, uses cleartext passwords)
+#pop3 stream tcp nowait root /usr/athena/libexec/popper popper
+#
+# Kauthd, support for putting tickets on other machines in a secure fashion.
+kauth stream tcp nowait root /usr/athena/libexec/kauthd kauthd
+#
+# Encrypted X connections
+kx stream tcp nowait root /usr/athena/libexec/kxd kxd
diff --git a/crypto/kerberosIV/etc/krb.conf b/crypto/kerberosIV/etc/krb.conf
new file mode 100644
index 0000000..6114c85
--- /dev/null
+++ b/crypto/kerberosIV/etc/krb.conf
@@ -0,0 +1,56 @@
+MY.REALM.NAME
+MY.REALM.NAME kerberos.MY.REALM.NAME admin server
+SICS.SE kerberos.sics.se admin server
+NADA.KTH.SE kerberos.nada.kth.se admin server
+NADA.KTH.SE sysman.nada.kth.se
+NADA.KTH.SE server.nada.kth.se
+ADMIN.KTH.SE ulysses.admin.kth.se admin server
+ADMIN.KTH.SE graziano.admin.kth.se
+ADMIN.KTH.SE montano.admin.kth.se
+BION.KTH.SE chaplin.bion.kth.se admin server
+DSV.SU.SE ssi.dsv.su.se admin server
+DSV.SU.SE vall.dsv.su.se
+E.KTH.SE heimdal.e.kth.se admin server
+E.KTH.SE elixir.e.kth.se
+E.KTH.SE malt.e.kth.se
+IT.KTH.SE gaia.it.kth.se
+IT.KTH.SE isolde.it.kth.se
+IT.KTH.SE tristan.it.kth.se
+KTH.SE kth.se admin server
+ML.KVA.SE gustava.ml.kva.se admin server
+PI.SE liszt.adm.pi.se admin server
+STACKEN.KTH.SE linnea.stacken.kth.se admin server
+STACKEN.KTH.SE marcel.stacken.kth.se
+STACKEN.KTH.SE sune.stacken.kth.se
+SUNET.SE bar.pilsnet.sunet.se admin server
+CYGNUS.COM kerberos.cygnus.com admin server
+CYGNUS.COM kerberos-1.cygnus.com
+CYGNUS.COM dumb.cygnus.com
+DEVO.CYGNUS.COM dumber.cygnus.com admin server
+MIRKWOOD.CYGNUS.COM mirkwood.cygnus.com admin server
+KITHRUP.COM KITHRUP.COM admin server
+ATHENA.MIT.EDU kerberos.mit.edu admin server
+ATHENA.MIT.EDU kerberos-1.mit.edu
+ATHENA.MIT.EDU kerberos-2.mit.edu
+ATHENA.MIT.EDU kerberos-3.mit.edu
+LCS.MIT.EDU kerberos.lcs.mit.edu admin server
+SMS_TEST.MIT.EDU dodo.mit.edu admin server
+LS.MIT.EDU ls.mit.edu admin server
+IFS.UMICH.EDU kerberos.ifs.umich.edu
+CS.WASHINGTON.EDU hawk.cs.washington.edu
+CS.WASHINGTON.EDU aspen.cs.washington.edu
+CS.BERKELEY.EDU okeeffe.berkeley.edu
+SOUP.MIT.EDU soup.mit.edu admin server
+TELECOM.MIT.EDU bitsy.mit.edu
+MEDIA.MIT.EDU kerberos.media.mit.edu
+NEAR.NET kerberos.near.net
+CATS.UCSC.EDU mehitabel.ucsc.edu admin server
+CATS.UCSC.EDU ucsch.ucsc.edu
+WATCH.MIT.EDU kerberos.watch.mit.edu admin server
+TELEBIT.COM napa.telebit.com. admin server
+ARMADILLO.COM monad.armadillo.com admin server
+TOAD.COM toad.com admin server
+ZEN.ORG zen.org admin server
+LLOYD.COM harry.lloyd.com admin server
+EPRI.COM kerberos.epri.com admin server
+EPRI.COM kerberos-2.epri.com
diff --git a/crypto/kerberosIV/etc/krb.equiv b/crypto/kerberosIV/etc/krb.equiv
new file mode 100644
index 0000000..6205c1f
--- /dev/null
+++ b/crypto/kerberosIV/etc/krb.equiv
@@ -0,0 +1,14 @@
+# List of host with multiple adresses.
+#
+193.10.156.253 130.237.232.44 193.10.156.252 # scws scws-fddi scws-2.
+193.10.156.250 130.237.232.15 # salmon-sp salmon.
+#
+# new krb.equiv syntax for all of SP.
+#
+193.10.156.0/24 193.10.157.0/24 \ # syk-X.pdc.kth.se syk-X-hps.pdc.kth.se
+130.237.232.31 130.237.232.32 \ # syk-0101-fddi syk-0201-fddi
+130.237.232.38 130.237.232.39 \ # syk-0115-fddi syk-0116-fddi
+130.237.232.33 130.237.232.34 \ # syk-0301-fddi syk-0401-fddi
+130.237.232.35 130.237.232.36 \ # syk-0501-fddi syk-0601-fddi
+130.237.232.37 130.237.230.66 \ # syk-0602-fddi syk-0602-fcs
+130.237.230.36 # syk-0606-hippi.
diff --git a/crypto/kerberosIV/etc/krb.realms b/crypto/kerberosIV/etc/krb.realms
new file mode 100644
index 0000000..85e955a
--- /dev/null
+++ b/crypto/kerberosIV/etc/krb.realms
@@ -0,0 +1,51 @@
+.MY.REALM.NAME MY.REALM.NAME
+sics.se SICS.SE
+.sics.se SICS.SE
+nada.kth.se NADA.KTH.SE
+pdc.kth.se NADA.KTH.SE
+.hydro.kth.se NADA.KTH.SE
+.math.kth.se NADA.KTH.SE
+.mech.kth.se NADA.KTH.SE
+.nada.kth.se NADA.KTH.SE
+.pdc.kth.se NADA.KTH.SE
+.sans.kth.se NADA.KTH.SE
+.admin.kth.se ADMIN.KTH.SE
+.e.kth.se E.KTH.SE
+.electrum.kth.se IT.KTH.SE
+.it.kth.se IT.KTH.SE
+.sth.sunet.se SUNET.SE
+.pilsnet.sunet.se SUNET.SE
+.sunet.se SUNET.SE
+.ml.kva.se ML.KVA.SE
+pi.se PI.SE
+.pi.se PI.SE
+.adm.pi.se PI.SE
+.stacken.kth.se STACKEN.KTH.SE
+kth.se KTH.SE
+.kth.se KTH.SE
+.bion.kth.se BION.KTH.SE
+.dsv.su.se DSV.SU.SE
+.MIT.EDU ATHENA.MIT.EDU
+.MIT.EDU. ATHENA.MIT.EDU
+MIT.EDU ATHENA.MIT.EDU
+DODO.MIT.EDU SMS_TEST.MIT.EDU
+.UCSC.EDU CATS.UCSC.EDU
+.UCSC.EDU. CATS.UCSC.EDU
+CYGNUS.COM CYGNUS.COM
+.CYGNUS.COM CYGNUS.COM
+MIRKWOOD.CYGNUS.COM MIRKWOOD.CYGNUS.COM
+KITHRUP.COM KITHRUP.COM
+.KITHRUP.COM KITHRUP.COM
+.berkeley.edu EECS.BERKELEY.EDU
+.CS.berkeley.edu EECS.BERKELEY.EDU
+.MIT.EDU ATHENA.MIT.EDU
+.mit.edu ATHENA.MIT.EDU
+.BSDI.COM BSDI.COM
+ARMADILLO.COM ARMADILLO.COM
+.ARMADILLO.COM ARMADILLO.COM
+ZEN.ORG ZEN.ORG
+.ZEN.ORG ZEN.ORG
+toad.com TOAD.COM
+.toad.com TOAD.COM
+lloyd.com LLOYD.COM
+.lloyd.com LLOYD.COM
diff --git a/crypto/kerberosIV/etc/login.access b/crypto/kerberosIV/etc/login.access
new file mode 100644
index 0000000..f811616
--- /dev/null
+++ b/crypto/kerberosIV/etc/login.access
@@ -0,0 +1,54 @@
+# Sample /etc/login.access file read by the login program
+#
+# Login access control table.
+#
+# When someone logs in, the table is scanned for the first entry that
+# matches the (user, host) combination, or, in case of non-networked
+# logins, the first entry that matches the (user, tty) combination. The
+# permissions field of that table entry determines whether the login will
+# be accepted or refused.
+#
+# Format of the login access control table is three fields separated by a
+# ":" character:
+#
+# permission : users : origins
+#
+# The first field should be a "+" (access granted) or "-" (access denied)
+# character.
+#
+# The second field should be a list of one or more login names, group
+# names, or ALL (always matches). A pattern of the form user@host is
+# matched when the login name matches the "user" part, and when the
+# "host" part matches the local machine name.
+#
+# The third field should be a list of one or more tty names (for
+# non-networked logins), host names, domain names (begin with "."), host
+# addresses, internet network numbers (end with "."), ALL (always
+# matches) or LOCAL (matches any string that does not contain a "."
+# character).
+#
+# If you run NIS you can use @netgroupname in host or user patterns; this
+# even works for @usergroup@@hostgroup patterns. Weird.
+#
+# The EXCEPT operator makes it possible to write very compact rules.
+#
+# The group file is searched only when a name does not match that of the
+# logged-in user. Only groups are matched in which users are explicitly
+# listed: the program does not look at a user's primary group id value.
+#
+##############################################################################
+#
+# Disallow console logins to all but a few accounts.
+#
+-:ALL EXCEPT wheel shutdown sync:console
+#
+# Disallow non-local logins to privileged accounts (group wheel).
+#
+-:wheel:ALL EXCEPT LOCAL .win.tue.nl
+#
+# Some accounts are not allowed to login from anywhere:
+#
+-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL
+#
+# All other accounts are allowed to login from anywhere.
+#
diff --git a/crypto/kerberosIV/etc/services.append b/crypto/kerberosIV/etc/services.append
new file mode 100644
index 0000000..8101e72
--- /dev/null
+++ b/crypto/kerberosIV/etc/services.append
@@ -0,0 +1,22 @@
+#
+# Kerberos
+#
+# $Id: services.append,v 1.11 1996/10/18 15:25:17 bg Exp $
+#
+kerberos-sec 88/udp # Kerberos secondary port UDP
+kerberos-sec 88/tcp # Kerberos secondary port TCP
+klogin 543/tcp # Kerberos authenticated rlogin
+kshell 544/tcp krcmd # and remote shell
+ekshell 545/tcp # Kerberos encrypted remote shell -kfall
+ekshell2 2106/tcp # What U of Colorado @ Boulder uses?
+kerberos-iv 750/udp kerberos kdc # Kerberos authentication--udp
+kerberos-iv 750/tcp kerberos kdc # Kerberos authentication--tcp
+kerberos_master 751/udp # Kerberos authentication
+kerberos_master 751/tcp # Kerberos authentication
+krb_prop 754/tcp # Kerberos slave propagation
+kpop 1109/tcp # Pop with Kerberos
+eklogin 2105/tcp # Kerberos encrypted rlogin
+rkinit 2108/tcp # Kerberos remote kinit
+kx 2111/tcp # X over kerberos
+kip 2112/tcp # IP over kerberos
+kauth 2120/tcp # Remote kauth
diff --git a/crypto/kerberosIV/include/Makefile.in b/crypto/kerberosIV/include/Makefile.in
new file mode 100644
index 0000000..5061c08
--- /dev/null
+++ b/crypto/kerberosIV/include/Makefile.in
@@ -0,0 +1,147 @@
+# $Id: Makefile.in,v 1.36 1997/05/20 18:58:39 bg Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+SHELL = /bin/sh
+
+CC = @CC@
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@
+LD_FLAGS = @LD_FLAGS@
+
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+LN_S = @LN_S@
+EXECSUFFIX = @EXECSUFFIX@
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+includedir = @includedir@
+libdir = @libdir@
+
+HAVE_ERR_H = @ac_cv_header_err_h@
+
+@SET_MAKE@
+
+.c.o:
+ $(CC) -c $(CPPFLAGS) $(DEFS) -I. -I$(srcdir) $(CFLAGS) $(PICFLAGS) $<
+
+HEADERS = krb_err.h kadm_err.h acl.h com_err.h des.h kadm.h kafs.h \
+ kdc.h klog.h krb.h krb_db.h prot.h otp.h sl.h ktypes.h
+
+KTYPES_OBJECTS = ktypes.o
+
+SOURCES = ktypes.c
+
+LOCL_HEADERS = roken.h protos.h resolve.h xdbm.h
+
+MAYBE_HEADERS = err.h
+
+SUBDIRS = sys
+
+all: stamp-headers
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) all); done
+
+Wall:
+ $(MAKE) CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+ALL_INC = com_err.h des.h kadm.h kafs.h kdc.h klog.h krb.h krb_db.h otp.h
+
+install:
+ $(MKINSTALLDIRS) $(includedir)
+ for x in $(HEADERS); \
+ do $(INSTALL_DATA) $$x $(includedir)/$$x; done
+ -if test "$(HAVE_ERR_H)" != yes; then \
+ $(INSTALL_DATA) err.h $(includedir)/err.h; \
+ fi
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) install); done
+
+uninstall:
+ for x in $(HEADERS); do \
+ rm -f $(includedir)/$$x; \
+ done
+ -if test "$(HAVE_ERR_H)" != yes; then \
+ rm -f $(includedir)/err.h; \
+ fi
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done
+
+clean:
+ rm -f $(HEADERS) $(LOCL_HEADERS) $(MAYBE_HEADERS) *.o ktypes stamp-headers
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) clean); done
+
+mostlyclean: clean
+
+distclean:
+ $(MAKE) clean
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) distclean); done
+ rm -f Makefile config.status *~
+
+realclean:
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) realclean); done
+
+err.h:
+ if test "$(HAVE_ERR_H)" != yes; then \
+ $(LN_S) $(srcdir)/../lib/roken/err.h err.h; \
+ fi || true
+
+krb_err.h:
+ cd ../lib/krb && $(MAKE) krb_err.h
+ $(LN_S) ../lib/krb/krb_err.h .
+kadm_err.h:
+ cd ../lib/kadm && $(MAKE) kadm_err.h
+ $(LN_S) ../lib/kadm/kadm_err.h .
+acl.h:
+ $(LN_S) $(srcdir)/../lib/acl/acl.h .
+com_err.h:
+ $(LN_S) $(srcdir)/../util/et/com_err.h .
+des.h:
+ $(LN_S) $(srcdir)/../lib/des/des.h .
+kadm.h:
+ $(LN_S) $(srcdir)/../lib/kadm/kadm.h .
+kafs.h:
+ $(LN_S) $(srcdir)/../lib/kafs/kafs.h .
+kdc.h:
+ $(LN_S) $(srcdir)/../lib/kdb/kdc.h .
+klog.h:
+ $(LN_S) $(srcdir)/../lib/krb/klog.h .
+krb.h:
+ $(LN_S) $(srcdir)/../lib/krb/krb.h .
+resolve.h:
+ $(LN_S) $(srcdir)/../lib/krb/resolve.h .
+krb_db.h:
+ $(LN_S) $(srcdir)/../lib/kdb/krb_db.h .
+prot.h:
+ $(LN_S) $(srcdir)/../lib/krb/prot.h .
+
+protos.h:
+ $(LN_S) $(srcdir)/protos.H protos.h
+roken.h:
+ $(LN_S) $(srcdir)/../lib/roken/roken.h .
+xdbm.h:
+ $(LN_S) $(srcdir)/../lib/roken/xdbm.h .
+
+otp.h:
+ $(LN_S) $(srcdir)/../lib/otp/otp.h .
+
+sl.h:
+ $(LN_S) $(srcdir)/../lib/sl/sl.h .
+
+ktypes$(EXECSUFFIX): $(KTYPES_OBJECTS)
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(KTYPES_OBJECTS)
+
+ktypes.o: ktypes.c
+
+ktypes.h: ktypes$(EXECSUFFIX)
+ ./ktypes$(EXECSUFFIX) > $@
+
+stamp-headers: Makefile
+ $(MAKE) $(HEADERS) $(LOCL_HEADERS) $(MAYBE_HEADERS)
+ touch stamp-headers
diff --git a/crypto/kerberosIV/include/config.h.in b/crypto/kerberosIV/include/config.h.in
new file mode 100644
index 0000000..826dc76
--- /dev/null
+++ b/crypto/kerberosIV/include/config.h.in
@@ -0,0 +1,984 @@
+/* include/config.h.in. Generated automatically from configure.in by autoheader. */
+
+/* Define if using alloca.c. */
+#undef C_ALLOCA
+
+/* Define to empty if the keyword does not work. */
+#undef const
+
+/* Define to one of _getb67, GETB67, getb67 for Cray-2 and Cray-YMP systems.
+ This function is required for alloca.c support on those systems. */
+#undef CRAY_STACKSEG_END
+
+/* Define to `int' if <sys/types.h> doesn't define. */
+#undef gid_t
+
+/* Define if you have alloca, as a function or macro. */
+#undef HAVE_ALLOCA
+
+/* Define if you have <alloca.h> and it should be used (not on Ultrix). */
+#undef HAVE_ALLOCA_H
+
+/* Define if you have a working `mmap' system call. */
+#undef HAVE_MMAP
+
+/* Define if your struct stat has st_blksize. */
+#undef HAVE_ST_BLKSIZE
+
+/* Define to `long' if <sys/types.h> doesn't define. */
+#undef off_t
+
+/* Define to `int' if <sys/types.h> doesn't define. */
+#undef pid_t
+
+/* Define if you need to in order for stat and other things to work. */
+#undef _POSIX_SOURCE
+
+/* Define as the return type of signal handlers (int or void). */
+#undef RETSIGTYPE
+
+/* Define to `unsigned' if <sys/types.h> doesn't define. */
+#undef size_t
+
+/* If using the C implementation of alloca, define if you know the
+ direction of stack growth for your system; otherwise it will be
+ automatically deduced at run-time.
+ STACK_DIRECTION > 0 => grows toward higher addresses
+ STACK_DIRECTION < 0 => grows toward lower addresses
+ STACK_DIRECTION = 0 => direction of growth unknown
+ */
+#undef STACK_DIRECTION
+
+/* Define if you have the ANSI C header files. */
+#undef STDC_HEADERS
+
+/* Define if `sys_siglist' is declared by <signal.h>. */
+#undef SYS_SIGLIST_DECLARED
+
+/* Define if you can safely include both <sys/time.h> and <time.h>. */
+#undef TIME_WITH_SYS_TIME
+
+/* Define to `int' if <sys/types.h> doesn't define. */
+#undef uid_t
+
+/* Define if your processor stores words with the most significant
+ byte first (like Motorola and SPARC, unlike Intel and VAX). */
+#undef WORDS_BIGENDIAN
+
+/* Define if the X Window System is missing or not being used. */
+#undef X_DISPLAY_MISSING
+
+/* Define this if RETSIGTYPE == void */
+#undef VOID_RETSIGTYPE
+
+/* Define this if struct utmp have ut_user */
+#undef HAVE_UT_USER
+
+/* Define this if struct utmp have ut_host */
+#undef HAVE_UT_HOST
+
+/* Define this if struct utmp have ut_addr */
+#undef HAVE_UT_ADDR
+
+/* Define this if struct utmp have ut_type */
+#undef HAVE_UT_TYPE
+
+/* Define this if struct utmp have ut_pid */
+#undef HAVE_UT_PID
+
+/* Define this if struct utmp have ut_id */
+#undef HAVE_UT_ID
+
+/* Define this if struct utmpx have ut_syslen */
+#undef HAVE_UT_SYSLEN
+
+/* Define this if struct winsize is declared in sys/termios.h */
+#undef HAVE_STRUCT_WINSIZE
+
+/* Define this if struct winsize have ws_xpixel */
+#undef HAVE_WS_XPIXEL
+
+/* Define this if struct winsize have ws_ypixel */
+#undef HAVE_WS_YPIXEL
+
+/* Define this to be the directory where the dictionary for cracklib */
+/* resides */
+#undef DICTPATH
+
+/* Define this if you want to use SOCKS v5 */
+#undef SOCKS
+
+/* Define this to the path of the mail spool directory */
+#undef KRB4_MAILDIR
+
+/* Define this if `struct sockaddr' includes sa_len */
+#undef SOCKADDR_HAS_SA_LEN
+
+/* Define this if `struct siaentity' includes ouid */
+#undef SIAENTITY_HAS_OUID
+
+/* Define if getlogin has POSIX flavour, as opposed to BSD */
+#undef POSIX_GETLOGIN
+
+/* Define if getpwnam_r has POSIX flavour */
+#undef POSIX_GETPWNAM_R
+
+/* define if getcwd() is broken (such as in SunOS) */
+#undef BROKEN_GETCWD
+
+/* define if the system is missing a prototype for crypt() */
+#undef NEED_CRYPT_PROTO
+
+/* define if the system is missing a prototype for strtok_r() */
+#undef NEED_STRTOK_R_PROTO
+
+/* define if /bin/ls takes -A */
+#undef HAVE_LS_A
+
+/* define if you have h_errno */
+#undef HAVE_H_ERRNO
+
+/* define if you have h_errlist but not hstrerror */
+#undef HAVE_H_ERRLIST
+
+/* define if you have h_nerr but not hstrerror */
+#undef HAVE_H_NERR
+
+/* define if your system doesn't declare h_errlist */
+#undef HAVE_H_ERRLIST_DECLARATION
+
+/* define if your system doesn't declare h_nerr */
+#undef HAVE_H_NERR_DECLARATION
+
+/* define this if you need a declaration for h_errno */
+#undef HAVE_H_ERRNO_DECLARATION
+
+/* define if you need a declaration for optarg */
+#undef HAVE_OPTARG_DECLARATION
+
+/* define if you need a declaration for optind */
+#undef HAVE_OPTIND_DECLARATION
+
+/* define if you need a declaration for opterr */
+#undef HAVE_OPTERR_DECLARATION
+
+/* define if you need a declaration for optopt */
+#undef HAVE_OPTOPT_DECLARATION
+
+/* define if you need a declaration for __progname */
+#undef HAVE___PROGNAME_DECLARATION
+
+/* Define if you have the XauReadAuth function. */
+#undef HAVE_XAUREADAUTH
+
+/* Define if you have the XauWriteAuth function. */
+#undef HAVE_XAUWRITEAUTH
+
+/* Define if you have the _getpty function. */
+#undef HAVE__GETPTY
+
+/* Define if you have the _scrsize function. */
+#undef HAVE__SCRSIZE
+
+/* Define if you have the _setsid function. */
+#undef HAVE__SETSID
+
+/* Define if you have the _stricmp function. */
+#undef HAVE__STRICMP
+
+/* Define if you have the asnprintf function. */
+#undef HAVE_ASNPRINTF
+
+/* Define if you have the asprintf function. */
+#undef HAVE_ASPRINTF
+
+/* Define if you have the chown function. */
+#undef HAVE_CHOWN
+
+/* Define if you have the daemon function. */
+#undef HAVE_DAEMON
+
+/* Define if you have the dbm_firstkey function. */
+#undef HAVE_DBM_FIRSTKEY
+
+/* Define if you have the dbopen function. */
+#undef HAVE_DBOPEN
+
+/* Define if you have the dn_expand function. */
+#undef HAVE_DN_EXPAND
+
+/* Define if you have the el_init function. */
+#undef HAVE_EL_INIT
+
+/* Define if you have the err function. */
+#undef HAVE_ERR
+
+/* Define if you have the errx function. */
+#undef HAVE_ERRX
+
+/* Define if you have the fchmod function. */
+#undef HAVE_FCHMOD
+
+/* Define if you have the fchown function. */
+#undef HAVE_FCHOWN
+
+/* Define if you have the fcntl function. */
+#undef HAVE_FCNTL
+
+/* Define if you have the flock function. */
+#undef HAVE_FLOCK
+
+/* Define if you have the forkpty function. */
+#undef HAVE_FORKPTY
+
+/* Define if you have the frevoke function. */
+#undef HAVE_FREVOKE
+
+/* Define if you have the getattr function. */
+#undef HAVE_GETATTR
+
+/* Define if you have the getcwd function. */
+#undef HAVE_GETCWD
+
+/* Define if you have the getdtablesize function. */
+#undef HAVE_GETDTABLESIZE
+
+/* Define if you have the gethostbyname function. */
+#undef HAVE_GETHOSTBYNAME
+
+/* Define if you have the gethostname function. */
+#undef HAVE_GETHOSTNAME
+
+/* Define if you have the getlogin function. */
+#undef HAVE_GETLOGIN
+
+/* Define if you have the getopt function. */
+#undef HAVE_GETOPT
+
+/* Define if you have the getpagesize function. */
+#undef HAVE_GETPAGESIZE
+
+/* Define if you have the getpriority function. */
+#undef HAVE_GETPRIORITY
+
+/* Define if you have the getpwnam_r function. */
+#undef HAVE_GETPWNAM_R
+
+/* Define if you have the getservbyname function. */
+#undef HAVE_GETSERVBYNAME
+
+/* Define if you have the getsockopt function. */
+#undef HAVE_GETSOCKOPT
+
+/* Define if you have the getspnam function. */
+#undef HAVE_GETSPNAM
+
+/* Define if you have the getspuid function. */
+#undef HAVE_GETSPUID
+
+/* Define if you have the gettimeofday function. */
+#undef HAVE_GETTIMEOFDAY
+
+/* Define if you have the getudbnam function. */
+#undef HAVE_GETUDBNAM
+
+/* Define if you have the getuid function. */
+#undef HAVE_GETUID
+
+/* Define if you have the getusershell function. */
+#undef HAVE_GETUSERSHELL
+
+/* Define if you have the grantpt function. */
+#undef HAVE_GRANTPT
+
+/* Define if you have the hstrerror function. */
+#undef HAVE_HSTRERROR
+
+/* Define if you have the inet_aton function. */
+#undef HAVE_INET_ATON
+
+/* Define if you have the initgroups function. */
+#undef HAVE_INITGROUPS
+
+/* Define if you have the innetgr function. */
+#undef HAVE_INNETGR
+
+/* Define if you have the iruserok function. */
+#undef HAVE_IRUSEROK
+
+/* Define if you have the logout function. */
+#undef HAVE_LOGOUT
+
+/* Define if you have the logwtmp function. */
+#undef HAVE_LOGWTMP
+
+/* Define if you have the lstat function. */
+#undef HAVE_LSTAT
+
+/* Define if you have the memmove function. */
+#undef HAVE_MEMMOVE
+
+/* Define if you have the mkstemp function. */
+#undef HAVE_MKSTEMP
+
+/* Define if you have the mktime function. */
+#undef HAVE_MKTIME
+
+/* Define if you have the odm_initialize function. */
+#undef HAVE_ODM_INITIALIZE
+
+/* Define if you have the ptsname function. */
+#undef HAVE_PTSNAME
+
+/* Define if you have the putenv function. */
+#undef HAVE_PUTENV
+
+/* Define if you have the rand function. */
+#undef HAVE_RAND
+
+/* Define if you have the random function. */
+#undef HAVE_RANDOM
+
+/* Define if you have the rcmd function. */
+#undef HAVE_RCMD
+
+/* Define if you have the readline function. */
+#undef HAVE_READLINE
+
+/* Define if you have the res_search function. */
+#undef HAVE_RES_SEARCH
+
+/* Define if you have the revoke function. */
+#undef HAVE_REVOKE
+
+/* Define if you have the setegid function. */
+#undef HAVE_SETEGID
+
+/* Define if you have the setenv function. */
+#undef HAVE_SETENV
+
+/* Define if you have the seteuid function. */
+#undef HAVE_SETEUID
+
+/* Define if you have the setitimer function. */
+#undef HAVE_SETITIMER
+
+/* Define if you have the setlim function. */
+#undef HAVE_SETLIM
+
+/* Define if you have the setlogin function. */
+#undef HAVE_SETLOGIN
+
+/* Define if you have the setpcred function. */
+#undef HAVE_SETPCRED
+
+/* Define if you have the setpgid function. */
+#undef HAVE_SETPGID
+
+/* Define if you have the setpriority function. */
+#undef HAVE_SETPRIORITY
+
+/* Define if you have the setproctitle function. */
+#undef HAVE_SETPROCTITLE
+
+/* Define if you have the setregid function. */
+#undef HAVE_SETREGID
+
+/* Define if you have the setresgid function. */
+#undef HAVE_SETRESGID
+
+/* Define if you have the setresuid function. */
+#undef HAVE_SETRESUID
+
+/* Define if you have the setreuid function. */
+#undef HAVE_SETREUID
+
+/* Define if you have the setsid function. */
+#undef HAVE_SETSID
+
+/* Define if you have the setsockopt function. */
+#undef HAVE_SETSOCKOPT
+
+/* Define if you have the setutent function. */
+#undef HAVE_SETUTENT
+
+/* Define if you have the snprintf function. */
+#undef HAVE_SNPRINTF
+
+/* Define if you have the socket function. */
+#undef HAVE_SOCKET
+
+/* Define if you have the strcasecmp function. */
+#undef HAVE_STRCASECMP
+
+/* Define if you have the strdup function. */
+#undef HAVE_STRDUP
+
+/* Define if you have the strerror function. */
+#undef HAVE_STRERROR
+
+/* Define if you have the strftime function. */
+#undef HAVE_STRFTIME
+
+/* Define if you have the strlwr function. */
+#undef HAVE_STRLWR
+
+/* Define if you have the strnlen function. */
+#undef HAVE_STRNLEN
+
+/* Define if you have the strtok_r function. */
+#undef HAVE_STRTOK_R
+
+/* Define if you have the strupr function. */
+#undef HAVE_STRUPR
+
+/* Define if you have the swab function. */
+#undef HAVE_SWAB
+
+/* Define if you have the syslog function. */
+#undef HAVE_SYSLOG
+
+/* Define if you have the tgetent function. */
+#undef HAVE_TGETENT
+
+/* Define if you have the ttyname function. */
+#undef HAVE_TTYNAME
+
+/* Define if you have the ttyslot function. */
+#undef HAVE_TTYSLOT
+
+/* Define if you have the ulimit function. */
+#undef HAVE_ULIMIT
+
+/* Define if you have the uname function. */
+#undef HAVE_UNAME
+
+/* Define if you have the unlockpt function. */
+#undef HAVE_UNLOCKPT
+
+/* Define if you have the unsetenv function. */
+#undef HAVE_UNSETENV
+
+/* Define if you have the vasnprintf function. */
+#undef HAVE_VASNPRINTF
+
+/* Define if you have the vasprintf function. */
+#undef HAVE_VASPRINTF
+
+/* Define if you have the verr function. */
+#undef HAVE_VERR
+
+/* Define if you have the verrx function. */
+#undef HAVE_VERRX
+
+/* Define if you have the vhangup function. */
+#undef HAVE_VHANGUP
+
+/* Define if you have the vsnprintf function. */
+#undef HAVE_VSNPRINTF
+
+/* Define if you have the vwarn function. */
+#undef HAVE_VWARN
+
+/* Define if you have the vwarnx function. */
+#undef HAVE_VWARNX
+
+/* Define if you have the warn function. */
+#undef HAVE_WARN
+
+/* Define if you have the warnx function. */
+#undef HAVE_WARNX
+
+/* Define if you have the yp_get_default_domain function. */
+#undef HAVE_YP_GET_DEFAULT_DOMAIN
+
+/* Define if you have the <arpa/ftp.h> header file. */
+#undef HAVE_ARPA_FTP_H
+
+/* Define if you have the <arpa/inet.h> header file. */
+#undef HAVE_ARPA_INET_H
+
+/* Define if you have the <arpa/nameser.h> header file. */
+#undef HAVE_ARPA_NAMESER_H
+
+/* Define if you have the <arpa/telnet.h> header file. */
+#undef HAVE_ARPA_TELNET_H
+
+/* Define if you have the <bind/bitypes.h> header file. */
+#undef HAVE_BIND_BITYPES_H
+
+/* Define if you have the <bsd/bsd.h> header file. */
+#undef HAVE_BSD_BSD_H
+
+/* Define if you have the <bsdsetjmp.h> header file. */
+#undef HAVE_BSDSETJMP_H
+
+/* Define if you have the <crypt.h> header file. */
+#undef HAVE_CRYPT_H
+
+/* Define if you have the <dbm.h> header file. */
+#undef HAVE_DBM_H
+
+/* Define if you have the <dirent.h> header file. */
+#undef HAVE_DIRENT_H
+
+/* Define if you have the <err.h> header file. */
+#undef HAVE_ERR_H
+
+/* Define if you have the <fcntl.h> header file. */
+#undef HAVE_FCNTL_H
+
+/* Define if you have the <grp.h> header file. */
+#undef HAVE_GRP_H
+
+/* Define if you have the <io.h> header file. */
+#undef HAVE_IO_H
+
+/* Define if you have the <lastlog.h> header file. */
+#undef HAVE_LASTLOG_H
+
+/* Define if you have the <login.h> header file. */
+#undef HAVE_LOGIN_H
+
+/* Define if you have the <maillock.h> header file. */
+#undef HAVE_MAILLOCK_H
+
+/* Define if you have the <ndbm.h> header file. */
+#undef HAVE_NDBM_H
+
+/* Define if you have the <net/if.h> header file. */
+#undef HAVE_NET_IF_H
+
+/* Define if you have the <net/if_tun.h> header file. */
+#undef HAVE_NET_IF_TUN_H
+
+/* Define if you have the <net/if_var.h> header file. */
+#undef HAVE_NET_IF_VAR_H
+
+/* Define if you have the <netdb.h> header file. */
+#undef HAVE_NETDB_H
+
+/* Define if you have the <netinet/in.h> header file. */
+#undef HAVE_NETINET_IN_H
+
+/* Define if you have the <netinet/in6_machtypes.h> header file. */
+#undef HAVE_NETINET_IN6_MACHTYPES_H
+
+/* Define if you have the <netinet/in_systm.h> header file. */
+#undef HAVE_NETINET_IN_SYSTM_H
+
+/* Define if you have the <netinet/ip.h> header file. */
+#undef HAVE_NETINET_IP_H
+
+/* Define if you have the <netinet/tcp.h> header file. */
+#undef HAVE_NETINET_TCP_H
+
+/* Define if you have the <paths.h> header file. */
+#undef HAVE_PATHS_H
+
+/* Define if you have the <pty.h> header file. */
+#undef HAVE_PTY_H
+
+/* Define if you have the <pwd.h> header file. */
+#undef HAVE_PWD_H
+
+/* Define if you have the <resolv.h> header file. */
+#undef HAVE_RESOLV_H
+
+/* Define if you have the <rpcsvc/dbm.h> header file. */
+#undef HAVE_RPCSVC_DBM_H
+
+/* Define if you have the <sac.h> header file. */
+#undef HAVE_SAC_H
+
+/* Define if you have the <security/pam_modules.h> header file. */
+#undef HAVE_SECURITY_PAM_MODULES_H
+
+/* Define if you have the <shadow.h> header file. */
+#undef HAVE_SHADOW_H
+
+/* Define if you have the <siad.h> header file. */
+#undef HAVE_SIAD_H
+
+/* Define if you have the <signal.h> header file. */
+#undef HAVE_SIGNAL_H
+
+/* Define if you have the <stropts.h> header file. */
+#undef HAVE_STROPTS_H
+
+/* Define if you have the <sys/bitypes.h> header file. */
+#undef HAVE_SYS_BITYPES_H
+
+/* Define if you have the <sys/category.h> header file. */
+#undef HAVE_SYS_CATEGORY_H
+
+/* Define if you have the <sys/cdefs.h> header file. */
+#undef HAVE_SYS_CDEFS_H
+
+/* Define if you have the <sys/file.h> header file. */
+#undef HAVE_SYS_FILE_H
+
+/* Define if you have the <sys/filio.h> header file. */
+#undef HAVE_SYS_FILIO_H
+
+/* Define if you have the <sys/ioccom.h> header file. */
+#undef HAVE_SYS_IOCCOM_H
+
+/* Define if you have the <sys/ioctl.h> header file. */
+#undef HAVE_SYS_IOCTL_H
+
+/* Define if you have the <sys/locking.h> header file. */
+#undef HAVE_SYS_LOCKING_H
+
+/* Define if you have the <sys/mman.h> header file. */
+#undef HAVE_SYS_MMAN_H
+
+/* Define if you have the <sys/param.h> header file. */
+#undef HAVE_SYS_PARAM_H
+
+/* Define if you have the <sys/proc.h> header file. */
+#undef HAVE_SYS_PROC_H
+
+/* Define if you have the <sys/ptyio.h> header file. */
+#undef HAVE_SYS_PTYIO_H
+
+/* Define if you have the <sys/ptyvar.h> header file. */
+#undef HAVE_SYS_PTYVAR_H
+
+/* Define if you have the <sys/resource.h> header file. */
+#undef HAVE_SYS_RESOURCE_H
+
+/* Define if you have the <sys/select.h> header file. */
+#undef HAVE_SYS_SELECT_H
+
+/* Define if you have the <sys/socket.h> header file. */
+#undef HAVE_SYS_SOCKET_H
+
+/* Define if you have the <sys/sockio.h> header file. */
+#undef HAVE_SYS_SOCKIO_H
+
+/* Define if you have the <sys/stat.h> header file. */
+#undef HAVE_SYS_STAT_H
+
+/* Define if you have the <sys/str_tty.h> header file. */
+#undef HAVE_SYS_STR_TTY_H
+
+/* Define if you have the <sys/stream.h> header file. */
+#undef HAVE_SYS_STREAM_H
+
+/* Define if you have the <sys/stropts.h> header file. */
+#undef HAVE_SYS_STROPTS_H
+
+/* Define if you have the <sys/strtty.h> header file. */
+#undef HAVE_SYS_STRTTY_H
+
+/* Define if you have the <sys/syscall.h> header file. */
+#undef HAVE_SYS_SYSCALL_H
+
+/* Define if you have the <sys/sysctl.h> header file. */
+#undef HAVE_SYS_SYSCTL_H
+
+/* Define if you have the <sys/termio.h> header file. */
+#undef HAVE_SYS_TERMIO_H
+
+/* Define if you have the <sys/time.h> header file. */
+#undef HAVE_SYS_TIME_H
+
+/* Define if you have the <sys/timeb.h> header file. */
+#undef HAVE_SYS_TIMEB_H
+
+/* Define if you have the <sys/times.h> header file. */
+#undef HAVE_SYS_TIMES_H
+
+/* Define if you have the <sys/tty.h> header file. */
+#undef HAVE_SYS_TTY_H
+
+/* Define if you have the <sys/types.h> header file. */
+#undef HAVE_SYS_TYPES_H
+
+/* Define if you have the <sys/uio.h> header file. */
+#undef HAVE_SYS_UIO_H
+
+/* Define if you have the <sys/un.h> header file. */
+#undef HAVE_SYS_UN_H
+
+/* Define if you have the <sys/utsname.h> header file. */
+#undef HAVE_SYS_UTSNAME_H
+
+/* Define if you have the <sys/wait.h> header file. */
+#undef HAVE_SYS_WAIT_H
+
+/* Define if you have the <syslog.h> header file. */
+#undef HAVE_SYSLOG_H
+
+/* Define if you have the <termio.h> header file. */
+#undef HAVE_TERMIO_H
+
+/* Define if you have the <termios.h> header file. */
+#undef HAVE_TERMIOS_H
+
+/* Define if you have the <tmpdir.h> header file. */
+#undef HAVE_TMPDIR_H
+
+/* Define if you have the <ttyent.h> header file. */
+#undef HAVE_TTYENT_H
+
+/* Define if you have the <udb.h> header file. */
+#undef HAVE_UDB_H
+
+/* Define if you have the <ulimit.h> header file. */
+#undef HAVE_ULIMIT_H
+
+/* Define if you have the <unistd.h> header file. */
+#undef HAVE_UNISTD_H
+
+/* Define if you have the <userpw.h> header file. */
+#undef HAVE_USERPW_H
+
+/* Define if you have the <usersec.h> header file. */
+#undef HAVE_USERSEC_H
+
+/* Define if you have the <util.h> header file. */
+#undef HAVE_UTIL_H
+
+/* Define if you have the <utime.h> header file. */
+#undef HAVE_UTIME_H
+
+/* Define if you have the <utmp.h> header file. */
+#undef HAVE_UTMP_H
+
+/* Define if you have the <utmpx.h> header file. */
+#undef HAVE_UTMPX_H
+
+/* Define if you have the <wait.h> header file. */
+#undef HAVE_WAIT_H
+
+/* Define if you have the <winsock.h> header file. */
+#undef HAVE_WINSOCK_H
+
+/* Define if you have the X11 library (-lX11). */
+#undef HAVE_LIBX11
+
+/* Define if you have the Xau library (-lXau). */
+#undef HAVE_LIBXAU
+
+/* Define if you have the c_r library (-lc_r). */
+#undef HAVE_LIBC_R
+
+/* Define if you have the cfg library (-lcfg). */
+#undef HAVE_LIBCFG
+
+/* Define if you have the edit library (-ledit). */
+#undef HAVE_LIBEDIT
+
+/* Define if you have the gdbm library (-lgdbm). */
+#undef HAVE_LIBGDBM
+
+/* Define if you have the ndbm library (-lndbm). */
+#undef HAVE_LIBNDBM
+
+/* Define if you have the nsl library (-lnsl). */
+#undef HAVE_LIBNSL
+
+/* Define if you have the odm library (-lodm). */
+#undef HAVE_LIBODM
+
+/* Define if you have the readline library (-lreadline). */
+#undef HAVE_LIBREADLINE
+
+/* Define if you have the resolv library (-lresolv). */
+#undef HAVE_LIBRESOLV
+
+/* Define if you have the s library (-ls). */
+#undef HAVE_LIBS
+
+/* Define if you have the socket library (-lsocket). */
+#undef HAVE_LIBSOCKET
+
+/* Define if you have the syslog library (-lsyslog). */
+#undef HAVE_LIBSYSLOG
+
+/* Define if you have the termcap library (-ltermcap). */
+#undef HAVE_LIBTERMCAP
+
+/* Define if you have the util library (-lutil). */
+#undef HAVE_LIBUTIL
+
+#undef HAVE_INT8_T
+#undef HAVE_INT16_T
+#undef HAVE_INT32_T
+#undef HAVE_INT64_T
+#undef HAVE_U_INT8_T
+#undef HAVE_U_INT16_T
+#undef HAVE_U_INT32_T
+#undef HAVE_U_INT64_T
+
+#define RCSID(msg) \
+static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
+
+/*
+ * Set ORGANIZATION to be the desired organization string printed
+ * by the 'kinit' program. It may have spaces.
+ */
+#define ORGANIZATION "eBones International"
+
+#if 0
+#undef BINDIR
+#undef LIBDIR
+#undef LIBEXECDIR
+#undef SBINDIR
+#endif
+
+#if 0
+#define KRB_CNF_FILES { "/etc/krb.conf", "/etc/kerberosIV/krb.conf", 0}
+#define KRB_RLM_FILES { "/etc/krb.realms", "/etc/kerberosIV/krb.realms", 0}
+#define KRB_EQUIV "/etc/krb.equiv"
+
+#define KEYFILE "/etc/srvtab"
+
+#define KRBDIR "/var/kerberos"
+#define DBM_FILE KRBDIR "/principal"
+#define DEFAULT_ACL_DIR KRBDIR
+
+#define KRBLOG "/var/log/kerberos.log" /* master server */
+#define KRBSLAVELOG "/var/log/kerberos_slave.log" /* slave server */
+#define KADM_SYSLOG "/var/log/admin_server.syslog"
+#define K_LOGFIL "/var/log/kpropd.log"
+#endif
+
+/* Maximum values on all known systems */
+#define MaxHostNameLen (64+4)
+#define MaxPathLen (1024+4)
+
+/*
+ * Define NDBM if you are using the 4.3 ndbm library (which is part of
+ * libc). If not defined, 4.2 dbm will be assumed.
+ */
+#if defined(HAVE_DBM_FIRSTKEY)
+#define NDBM
+#endif
+
+/* ftp stuff -------------------------------------------------- */
+
+#define KERBEROS
+
+/* telnet stuff ----------------------------------------------- */
+
+/* define this if you have kerberos 4 */
+#undef KRB4
+
+/* define this if you want encryption */
+#undef ENCRYPTION
+
+/* define this if you want authentication */
+#undef AUTHENTICATION
+
+#if defined(ENCRYPTION) && !defined(AUTHENTICATION)
+#define AUTHENTICATION 1
+#endif
+
+/* Set this if you want des encryption */
+#undef DES_ENCRYPTION
+
+/* Set this to the default system lead string for telnetd
+ * can contain %-escapes: %s=sysname, %m=machine, %r=os-release
+ * %v=os-version, %t=tty, %h=hostname, %d=date and time
+ */
+#undef USE_IM
+
+/* define this if you want diagnostics in telnetd */
+#undef DIAGNOSTICS
+
+/* define this if you want support for broken ENV_{VALUE,VAR} systems */
+#undef ENV_HACK
+
+/* */
+#undef OLD_ENVIRON
+
+/* Used with login -p */
+#undef LOGIN_ARGS
+
+/* Define if there are working stream ptys */
+#undef STREAMSPTY
+
+/* set this to a sensible login */
+#ifndef LOGIN_PATH
+#define LOGIN_PATH BINDIR "/login"
+#endif
+
+
+/* ------------------------------------------------------------ */
+
+/*
+ * Define this if your ndbm-library really is berkeley db and creates
+ * files that ends in .db.
+ */
+#undef HAVE_NEW_DB
+
+/* Define this if you have a working getmsg */
+#undef HAVE_GETMSG
+
+/* Define to enable new master key code */
+#undef RANDOM_MKEY
+
+/* Location of the master key file, default value lives in <kdc.h> */
+#undef MKEYFILE
+
+/* Define if you don't want support for afs, might be a good idea on
+ AIX if you don't have afs */
+#undef NO_AFS
+
+/* Define if you have a readline compatible library */
+#undef HAVE_READLINE
+
+#ifdef VOID_RETSIGTYPE
+#define SIGRETURN(x) return
+#else
+#define SIGRETURN(x) return (RETSIGTYPE)(x)
+#endif
+
+/* Define this if your compiler supports '#pragma weak' */
+#undef HAVE_PRAGMA_WEAK
+
+/* Temporary fixes for krb_{rd,mk}_safe */
+#define DES_QUAD_GUESS 0
+#define DES_QUAD_NEW 1
+#define DES_QUAD_OLD 2
+
+/* Set this to one of the constants above to specify default checksum
+ type to emit */
+#undef DES_QUAD_DEFAULT
+
+/*
+ * AIX braindamage!
+ */
+#if _AIX
+#define _ALL_SOURCE
+#define _POSIX_SOURCE
+/* this is left for hysteric reasons :-) */
+#define unix /* well, ok... */
+#endif
+
+/*
+ * SunOS braindamage! (Sun include files are generally braindead)
+ */
+#if (defined(sun) || defined(__sun))
+#if defined(__svr4__) || defined(__SVR4)
+#define SunOS 5
+#else
+#define SunOS 4
+#endif
+#endif
+
+#if defined(__sgi) || defined(sgi)
+#if defined(__SYSTYPE_SVR4) || defined(_SYSTYPE_SVR4)
+#define IRIX 5
+#else
+#define IRIX 4
+#endif
+#endif
+
+/* IRIX 4 braindamage */
+#if IRIX == 4 && !defined(__STDC__)
+#define __STDC__ 0
+#endif
diff --git a/crypto/kerberosIV/include/ktypes.c b/crypto/kerberosIV/include/ktypes.c
new file mode 100644
index 0000000..eb6ad48
--- /dev/null
+++ b/crypto/kerberosIV/include/ktypes.c
@@ -0,0 +1,64 @@
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: ktypes.c,v 1.4 1997/05/31 08:52:09 bg Exp $");
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_BIND_BITYPES_H
+#include <bind/bitypes.h>
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+#include <netinet/in6_machtypes.h>
+#endif
+
+int
+main(void)
+{
+ printf ("/*\n"
+ " * This file was automatically generated by\n"
+ " * $Id: ktypes.c,v 1.4 1997/05/31 08:52:09 bg Exp $.\n"
+ " * Please do not edit\n"
+ " */\n\n");
+
+ printf ("#ifndef __KTYPES_H__\n"
+ "#define __KTYPES_H__\n\n");
+
+#ifdef HAVE_SYS_TYPES_H
+ printf("#include <sys/types.h>\n");
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+ printf("#include <sys/bitypes.h>\n");
+#endif
+#ifdef HAVE_BIND_BITYPES_H
+ printf("#include <bind/bitypes.h>\n");
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+ printf("#include <netinet/in6_machtypes.h>\n");
+#endif
+
+#ifndef HAVE_INT8_T
+ printf("typedef signed char int8_t;\n");
+#endif
+#ifndef HAVE_U_INT8_T
+ printf("typedef unsigned char u_int8_t;\n");
+#endif
+#ifndef HAVE_INT16_T
+ printf("typedef short int16_t;\n");
+#endif
+#ifndef HAVE_U_INT16_T
+ printf("typedef unsigned short u_int16_t;\n");
+#endif
+#ifndef HAVE_INT32_T
+ printf("typedef int int32_t;\n");
+#endif
+#ifndef HAVE_U_INT32_T
+ printf("typedef unsigned int u_int32_t;\n");
+#endif
+
+ printf("\n#endif /* __KTYPES_H__ */\n");
+ return 0;
+}
diff --git a/crypto/kerberosIV/include/protos.h b/crypto/kerberosIV/include/protos.h
new file mode 100644
index 0000000..0ceb122
--- /dev/null
+++ b/crypto/kerberosIV/include/protos.h
@@ -0,0 +1,276 @@
+/* -*- C -*-
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * Add here functions that don't have a prototype on your system.
+ *
+ * $Id: protos.H,v 1.43 1997/05/28 01:09:36 assar Exp $
+ */
+
+#ifdef NEED_CRYPT_PROTO
+char *crypt(const char*, const char*);
+#endif
+
+#ifdef NEED_STRTOK_R_PROTO
+char *strtok_r (char *s1, const char *s2, char **lasts);
+#endif
+
+#ifndef HAVE_OPTARG_DECLARATION
+extern char *optarg;
+#endif
+#ifndef HAVE_OPTERR_DECLARATION
+extern int opterr;
+#endif
+#ifndef HAVE_OPTIND_DECLARATION
+extern int optind;
+#endif
+#ifndef HAVE_OPTOPT_DECLARATION
+extern int optopt;
+#endif
+
+#if defined(__GNUC__) && SunOS == 4
+
+/* To get type fd_set */
+#include <sys/types.h>
+#include <sys/time.h>
+
+/* To get struct sockaddr, struct in_addr and struct hostent */
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netdb.h>
+
+/* To get struct stat */
+#include <sys/stat.h>
+
+/* To get struct utimbuf */
+#include <utime.h>
+
+int utime(const char *, struct utimbuf *);
+int syscall(int, ...);
+pid_t getpid(void);
+int ftruncate(int, off_t);
+int fchmod(int, mode_t);
+int fchown(int fd, int owner, int group);
+int fsync(int);
+int seteuid(uid_t);
+int setreuid(int, int);
+int flock(int, int);
+int gettimeofday(struct timeval *tp, struct timezone *tzp);
+int lstat(const char *, struct stat *);
+int ioctl(int, int, void *);
+int getpriority(int which, int who);
+int setpriority(int which, int who, int priority);
+int getdtablesize(void);
+int initgroups(const char *name, int basegid);
+long ulimit(int cmd, long newlimit);
+int vhangup(void);
+
+int sigblock(int);
+int sigsetmask(int);
+int setitimer(int which, struct itimerval *value, struct itimerval *ovalue);
+
+int munmap(caddr_t addr, int len);
+
+int socket(int, int, int);
+int setsockopt(int, int, int, void *, int);
+int bind(int, void *, int);
+int getsockname(int, struct sockaddr *, int *);
+int accept(int, struct sockaddr *, int *);
+int connect(int, struct sockaddr *, int);
+int listen(int, int);
+int recv(int s, void *buf, int len, int flags);
+int recvfrom(int, char *, int, int, void *, int *);
+int sendto(int, const char *, int, int, void *, int);
+int select(int, fd_set *, fd_set *, fd_set *, struct timeval *);
+int shutdown(int, int);
+int getpeername(int, struct sockaddr *, int *);
+int getsockopt(int, int, int, void *, int *);
+int send(int s, const void *msg, int len, int flags);
+struct strbuf;
+int getmsg(int fd, struct strbuf *ctlptr, struct strbuf *dataptr, int *flags);
+
+char *inet_ntoa(struct in_addr in);
+unsigned long inet_addr(const char *cp);
+int gethostname(char *, int);
+struct hostent *gethostbyname(const char *);
+int dn_expand(const u_char *msg,
+ const u_char *eomorig,
+ const u_char *comp_dn,
+ char *exp_dn,
+ int length);
+int res_search(const char *dname,
+ int class,
+ int type,
+ u_char *answer,
+ int anslen);
+
+int yp_get_default_domain (char **outdomain);
+int innetgr(const char *netgroup, const char *machine,
+ const char *user, const char *domain);
+
+char *getwd(char *pathname);
+
+void bzero(char *b, int length);
+int strcasecmp(const char *, const char *);
+void swab(const char *, char *, int);
+int atoi(const char *str);
+char *mktemp(char *);
+void srandom(int seed);
+int random(void);
+
+int rcmd(char **, unsigned short, char *, char *, char *, int *);
+int rresvport(int *);
+int openlog(const char *ident, int logopt, int facility);
+int syslog(int priority, const char *message, ...);
+int ttyslot(void);
+
+char *getpass(const char *);
+
+char *getusershell(void);
+void setpwent();
+void endpwent();
+
+#include <stdio.h>
+int fclose(FILE *);
+
+#endif /* SunOS4 */
+
+#if SunOS == 5
+
+#include <sys/types.h>
+#include <sys/resource.h>
+
+char *getusershell(void);
+char *strtok_r(char *, const char *, char **);
+int getpriority (int which, id_t who);
+int setpriority (int which, id_t who, int prio);
+int getdtablesize (void);
+char *getusershell(void);
+void setusershell(void);
+void endusershell(void);
+
+#if defined(__GNUC__)
+
+int syscall(int, ...);
+int gethostname(char *, int);
+
+struct timeval;
+int gettimeofday(struct timeval *tp, void *);
+
+#endif
+#endif
+
+#if defined(__osf__) /* OSF/1 */
+
+#if 0
+/* To get type fd_set */
+#include <sys/types.h>
+#include <sys/time.h>
+
+int select(int, fd_set *, fd_set *, fd_set *, struct timeval *);
+int fsync(int fildes);
+int gethostname(char *address, int address_len);
+int setreuid(int ruid, int euid);
+int ioctl(int d, unsigned long request, void * arg);
+#endif
+int flock(int fildes, int operation);
+int syscall(int, ...);
+
+unsigned short htons(unsigned short hostshort);
+unsigned int htonl(unsigned int hostint);
+unsigned short ntohs(unsigned short netshort);
+unsigned int ntohl(unsigned int netint);
+
+char *mktemp(char *template);
+char *getusershell(void);
+
+int rcmd(char **, unsigned short, char *, char *, char *, int *);
+int rresvport (int *port);
+
+#endif /* OSF/1 */
+
+#if defined(__sgi)
+#include <sys/types.h>
+
+char *ptsname(int fd);
+struct spwd *getspuid(uid_t);
+#endif /* IRIX */
+
+#if defined(__GNUC__) && defined(_AIX) /* AIX */
+
+struct timeval;
+struct timezone;
+int gettimeofday (struct timeval *Tp, void *Tzp);
+
+#endif /* AIX */
+
+#if defined(__GNUC__) && defined(__hpux) /* HP-UX */
+
+int syscall(int, ...);
+
+int vhangup(void);
+
+char *ptsname(int fildes);
+
+void utmpname(const char *file);
+
+int innetgr(const char *netgroup, const char *machine,
+ const char *user, const char *domain);
+
+int dn_comp(char *exp_dn, char *comp_dn, int length,
+ char **dnptrs, char **lastdnptr);
+
+int res_query(char *dname, int class, int type,
+ unsigned char *answer, int anslen);
+
+int dn_expand(char *msg, char *eomorig, char *comp_dn,
+ char *exp_dn, int length);
+
+int res_search(char *dname, int class, int type,
+ unsigned char *answer, int anslen);
+
+#endif /* HP-UX */
+
+#if defined(WIN32) /* Visual C++ 4.0 (Windows95/NT) */
+
+int open(const char *, int, ...);
+int close(int);
+int read(int, void *, unsigned int);
+int write(int, const void *, unsigned int);
+
+#endif /* WIN32 */
diff --git a/crypto/kerberosIV/include/sys/Makefile.in b/crypto/kerberosIV/include/sys/Makefile.in
new file mode 100644
index 0000000..d6a58e0
--- /dev/null
+++ b/crypto/kerberosIV/include/sys/Makefile.in
@@ -0,0 +1,53 @@
+# $Id: Makefile.in,v 1.18 1997/05/11 04:29:47 assar Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+SHELL = /bin/sh
+
+LN_S = @LN_S@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+includedir = @includedir@
+HAVE_CDEFS = @ac_cv_header_sys_cdefs_h@
+
+@SET_MAKE@
+
+HEADERS = cdefs.h
+
+all: stamp-headers
+
+Wall:
+ $(MAKE) CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+install: all
+ $(MKINSTALLDIRS) $(includedir)/sys
+ -if test "$(HAVE_CDEFS)" != yes; then \
+ $(INSTALL_DATA) cdefs.h $(includedir)/sys/cdefs.h ; \
+ fi
+
+uninstall:
+ -if test "$(HAVE_CDEFS)" != yes; then \
+ rm -f $(includedir)/sys/cdefs.h ; \
+ fi
+
+clean:
+ rm -f $(HEADERS) stamp-headers
+
+mostlyclean: clean
+distclean: clean
+ rm -f Makefile config.status *~
+
+realclean: clean
+
+cdefs.h:
+ if test "$(HAVE_CDEFS)" != yes; then \
+ $(LN_S) ${srcdir}/cdefs.H cdefs.h; \
+ fi || true
+
+stamp-headers:
+ $(MAKE) $(HEADERS)
+ touch stamp-headers
diff --git a/crypto/kerberosIV/include/sys/cdefs.H b/crypto/kerberosIV/include/sys/cdefs.H
new file mode 100644
index 0000000..196d476
--- /dev/null
+++ b/crypto/kerberosIV/include/sys/cdefs.H
@@ -0,0 +1,149 @@
+/* -*- C -*-
+ *
+ * ++Copyright++ 1991, 1993
+ * -
+ * Copyright (c) 1991, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * -
+ * Portions Copyright (c) 1993 by Digital Equipment Corporation.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies, and that
+ * the name of Digital Equipment Corporation not be used in advertising or
+ * publicity pertaining to distribution of the document or software without
+ * specific, written prior permission.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
+ * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
+ * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ * -
+ * --Copyright--
+ */
+
+/*
+ * @(#)cdefs.h 8.1 (Berkeley) 6/2/93
+ * $Id: cdefs.H,v 1.2 1995/09/10 20:18:56 d91-jda Exp $
+ */
+
+#ifndef _CDEFS_H_
+#define _CDEFS_H_
+
+#if defined(__cplusplus)
+#define __BEGIN_DECLS extern "C" {
+#define __END_DECLS };
+#else
+#define __BEGIN_DECLS
+#define __END_DECLS
+#endif
+
+/*
+ * The __CONCAT macro is used to concatenate parts of symbol names, e.g.
+ * with "#define OLD(foo) __CONCAT(old,foo)", OLD(foo) produces oldfoo.
+ * The __CONCAT macro is a bit tricky -- make sure you don't put spaces
+ * in between its arguments. __CONCAT can also concatenate double-quoted
+ * strings produced by the __STRING macro, but this only works with ANSI C.
+ */
+#if defined(__STDC__) || defined(__cplusplus)
+#ifndef __P /* it's quite popular to define this */
+#define __P(protos) protos /* full-blown ANSI C */
+#endif
+#define __CONCAT(x,y) x ## y
+#define __STRING(x) #x
+
+#define __const const /* define reserved names to standard */
+#define __signed signed
+#define __volatile volatile
+#if defined(__cplusplus)
+#define __inline inline /* convert to C++ keyword */
+#else
+#ifndef __GNUC__
+#define __inline /* delete GCC keyword */
+#endif /* !__GNUC__ */
+#endif /* !__cplusplus */
+
+#else /* !(__STDC__ || __cplusplus) */
+#ifndef __P
+#define __P(protos) () /* traditional C preprocessor */
+#endif
+#define __CONCAT(x,y) x/**/y
+#define __STRING(x) "x"
+
+#ifndef __GNUC__
+#define __const /* delete pseudo-ANSI C keywords */
+#define __inline
+#define __signed
+#define __volatile
+/*
+ * In non-ANSI C environments, new programs will want ANSI-only C keywords
+ * deleted from the program and old programs will want them left alone.
+ * When using a compiler other than gcc, programs using the ANSI C keywords
+ * const, inline etc. as normal identifiers should define -DNO_ANSI_KEYWORDS.
+ * When using "gcc -traditional", we assume that this is the intent; if
+ * __GNUC__ is defined but __STDC__ is not, we leave the new keywords alone.
+ */
+#ifndef NO_ANSI_KEYWORDS
+#define const /* delete ANSI C keywords */
+#define inline
+#define signed
+#define volatile
+#endif
+#endif /* !__GNUC__ */
+#endif /* !(__STDC__ || __cplusplus) */
+
+/*
+ * GCC1 and some versions of GCC2 declare dead (non-returning) and
+ * pure (no side effects) functions using "volatile" and "const";
+ * unfortunately, these then cause warnings under "-ansi -pedantic".
+ * GCC2 uses a new, peculiar __attribute__((attrs)) style. All of
+ * these work for GNU C++ (modulo a slight glitch in the C++ grammar
+ * in the distribution version of 2.5.5).
+ */
+#if !defined(__GNUC__) || __GNUC__ < 2 || __GNUC_MINOR__ < 5
+#define __attribute__(x) /* delete __attribute__ if non-gcc or gcc1 */
+#if defined(__GNUC__) && !defined(__STRICT_ANSI__)
+#define __dead __volatile
+#define __pure __const
+#endif
+#endif
+
+/* Delete pseudo-keywords wherever they are not available or needed. */
+#ifndef __dead
+#define __dead
+#define __pure
+#endif
+
+#endif /* !_CDEFS_H_ */
diff --git a/crypto/kerberosIV/install-sh b/crypto/kerberosIV/install-sh
new file mode 100644
index 0000000..ebc6691
--- /dev/null
+++ b/crypto/kerberosIV/install-sh
@@ -0,0 +1,250 @@
+#! /bin/sh
+#
+# install - install a program, script, or datafile
+# This comes from X11R5 (mit/util/scripts/install.sh).
+#
+# Copyright 1991 by the Massachusetts Institute of Technology
+#
+# Permission to use, copy, modify, distribute, and sell this software and its
+# documentation for any purpose is hereby granted without fee, provided that
+# the above copyright notice appear in all copies and that both that
+# copyright notice and this permission notice appear in supporting
+# documentation, and that the name of M.I.T. not be used in advertising or
+# publicity pertaining to distribution of the software without specific,
+# written prior permission. M.I.T. makes no representations about the
+# suitability of this software for any purpose. It is provided "as is"
+# without express or implied warranty.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch. It can only install one file at a time, a restriction
+# shared with many OS's install programs.
+
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit="${DOITPROG-}"
+
+
+# put in absolute paths if you don't have them in your path; or use env. vars.
+
+mvprog="${MVPROG-mv}"
+cpprog="${CPPROG-cp}"
+chmodprog="${CHMODPROG-chmod}"
+chownprog="${CHOWNPROG-chown}"
+chgrpprog="${CHGRPPROG-chgrp}"
+stripprog="${STRIPPROG-strip}"
+rmprog="${RMPROG-rm}"
+mkdirprog="${MKDIRPROG-mkdir}"
+
+transformbasename=""
+transform_arg=""
+instcmd="$mvprog"
+chmodcmd="$chmodprog 0755"
+chowncmd=""
+chgrpcmd=""
+stripcmd=""
+rmcmd="$rmprog -f"
+mvcmd="$mvprog"
+src=""
+dst=""
+dir_arg=""
+
+while [ x"$1" != x ]; do
+ case $1 in
+ -c) instcmd="$cpprog"
+ shift
+ continue;;
+
+ -d) dir_arg=true
+ shift
+ continue;;
+
+ -m) chmodcmd="$chmodprog $2"
+ shift
+ shift
+ continue;;
+
+ -o) chowncmd="$chownprog $2"
+ shift
+ shift
+ continue;;
+
+ -g) chgrpcmd="$chgrpprog $2"
+ shift
+ shift
+ continue;;
+
+ -s) stripcmd="$stripprog"
+ shift
+ continue;;
+
+ -t=*) transformarg=`echo $1 | sed 's/-t=//'`
+ shift
+ continue;;
+
+ -b=*) transformbasename=`echo $1 | sed 's/-b=//'`
+ shift
+ continue;;
+
+ *) if [ x"$src" = x ]
+ then
+ src=$1
+ else
+ # this colon is to work around a 386BSD /bin/sh bug
+ :
+ dst=$1
+ fi
+ shift
+ continue;;
+ esac
+done
+
+if [ x"$src" = x ]
+then
+ echo "install: no input file specified"
+ exit 1
+else
+ true
+fi
+
+if [ x"$dir_arg" != x ]; then
+ dst=$src
+ src=""
+
+ if [ -d $dst ]; then
+ instcmd=:
+ else
+ instcmd=mkdir
+ fi
+else
+
+# Waiting for this to be detected by the "$instcmd $src $dsttmp" command
+# might cause directories to be created, which would be especially bad
+# if $src (and thus $dsttmp) contains '*'.
+
+ if [ -f $src -o -d $src ]
+ then
+ true
+ else
+ echo "install: $src does not exist"
+ exit 1
+ fi
+
+ if [ x"$dst" = x ]
+ then
+ echo "install: no destination specified"
+ exit 1
+ else
+ true
+ fi
+
+# If destination is a directory, append the input filename; if your system
+# does not like double slashes in filenames, you may need to add some logic
+
+ if [ -d $dst ]
+ then
+ dst="$dst"/`basename $src`
+ else
+ true
+ fi
+fi
+
+## this sed command emulates the dirname command
+dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
+
+# Make sure that the destination directory exists.
+# this part is taken from Noah Friedman's mkinstalldirs script
+
+# Skip lots of stat calls in the usual case.
+if [ ! -d "$dstdir" ]; then
+defaultIFS='
+'
+IFS="${IFS-${defaultIFS}}"
+
+oIFS="${IFS}"
+# Some sh's can't handle IFS=/ for some reason.
+IFS='%'
+set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'`
+IFS="${oIFS}"
+
+pathcomp=''
+
+while [ $# -ne 0 ] ; do
+ pathcomp="${pathcomp}${1}"
+ shift
+
+ if [ ! -d "${pathcomp}" ] ;
+ then
+ $mkdirprog "${pathcomp}"
+ else
+ true
+ fi
+
+ pathcomp="${pathcomp}/"
+done
+fi
+
+if [ x"$dir_arg" != x ]
+then
+ $doit $instcmd $dst &&
+
+ if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi &&
+ if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi &&
+ if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi &&
+ if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi
+else
+
+# If we're going to rename the final executable, determine the name now.
+
+ if [ x"$transformarg" = x ]
+ then
+ dstfile=`basename $dst`
+ else
+ dstfile=`basename $dst $transformbasename |
+ sed $transformarg`$transformbasename
+ fi
+
+# don't allow the sed command to completely eliminate the filename
+
+ if [ x"$dstfile" = x ]
+ then
+ dstfile=`basename $dst`
+ else
+ true
+ fi
+
+# Make a temp file name in the proper directory.
+
+ dsttmp=$dstdir/#inst.$$#
+
+# Move or copy the file name to the temp name
+
+ $doit $instcmd $src $dsttmp &&
+
+ trap "rm -f ${dsttmp}" 0 &&
+
+# and set any options; do chmod last to preserve setuid bits
+
+# If any of these fail, we abort the whole thing. If we want to
+# ignore errors from any of these, just make sure not to ignore
+# errors from the above "$doit $instcmd $src $dsttmp" command.
+
+ if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi &&
+ if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi &&
+ if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi &&
+ if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi &&
+
+# Now rename the file to the real destination.
+
+ $doit $rmcmd -f $dstdir/$dstfile &&
+ $doit $mvcmd $dsttmp $dstdir/$dstfile
+
+fi &&
+
+
+exit 0
diff --git a/crypto/kerberosIV/kadmin/Design.txt b/crypto/kerberosIV/kadmin/Design.txt
new file mode 100644
index 0000000..7763a04
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/Design.txt
@@ -0,0 +1,23 @@
+// This file attempts to present the internal functioning of the new kerberos
+// admin server and interface..
+
+//
+// The calling side
+//
+
+// Outer interface (programmers interface)
+kadm_mod_entry(vals *old_dat, vals *new_dat) returns (vals *cur_dat)
+ // sends a command telling the server to change all entries which match
+ // old_dat to entries matching new_dat
+ // returns in cur_dat the actual current values of the modified records
+ // implemented with calls to _vals_to_stream, _send_out, _take_in, and
+ // _stream_to_vals, _interpret_ret
+
+// Inner calls
+_vals_to_stream (vals *, unsigned char *)
+ // converts a vals structure to a byte stream for transmission over the net
+
+_stream_to_vals (unsigned char *, vals *)
+ // converts a byte stream recieved into a vals structure
+
+
diff --git a/crypto/kerberosIV/kadmin/Makefile.in b/crypto/kerberosIV/kadmin/Makefile.in
new file mode 100644
index 0000000..947248e
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/Makefile.in
@@ -0,0 +1,125 @@
+# $Id: Makefile.in,v 1.37 1997/05/02 17:50:35 assar Exp $
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+topdir=..
+
+CC = @CC@
+AR = ar
+RANLIB = @RANLIB@
+LN_S = @LN_S@
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@
+LD_FLAGS = @LD_FLAGS@
+
+LIB_tgetent = @LIB_tgetent@
+LIB_readline = @LIB_readline@
+LIB_DBM = @LIB_DBM@
+LIBS = @LIBS@
+
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+CRACKLIB = @CRACKLIB@
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+libexecdir = @libexecdir@
+bindir = @bindir@
+sbindir = @sbindir@
+transform=@program_transform_name@
+EXECSUFFIX=@EXECSUFFIX@
+
+PROG_BIN = kpasswd$(EXECSUFFIX) \
+ kadmin$(EXECSUFFIX)
+PROG_SBIN = ksrvutil$(EXECSUFFIX)
+PROG_LIBEXEC = kadmind$(EXECSUFFIX)
+PROGS = $(PROG_BIN) $(PROG_SBIN) $(PROG_LIBEXEC)
+
+SOURCES = kpasswd.c kadmin.c kadm_server.c kadm_funcs.c pw_check.c \
+ admin_server.c kadm_ser_wrap.c ksrvutil.c ksrvutil_get.c \
+ new_pwd.c
+
+OBJECTS = kpasswd.o kadmin.o kadm_server.o kadm_funcs.o \
+ admin_server.o kadm_ser_wrap.o ksrvutil.o ksrvutil_get.o \
+ new_pwd.o
+
+all: $(PROGS)
+
+Wall:
+ make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+ $(CC) -c $(CPPFLAGS) $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $<
+
+install: all
+ $(MKINSTALLDIRS) $(bindir)
+ for x in $(PROG_BIN); do \
+ $(INSTALL_PROGRAM) $$x $(bindir)/`echo $$x | sed '$(transform)'`; \
+ done
+ $(MKINSTALLDIRS) $(sbindir)
+ for x in $(PROG_SBIN); do \
+ $(INSTALL_PROGRAM) $$x $(sbindir)/`echo $$x | sed '$(transform)'`; \
+ done
+ $(MKINSTALLDIRS) $(libexecdir)
+ for x in $(PROG_LIBEXEC); do \
+ $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x | sed '$(transform)'`; \
+ done
+ @rm -f $(prefix)/sbin/kadmin
+
+uninstall:
+ for x in $(PROG_BIN); do \
+ rm -f $(bindir)/`echo $$x | sed '$(transform)'`; \
+ done
+ for x in $(PROG_SBIN); do \
+ rm -f $(sbindir)/`echo $$x | sed '$(transform)'`; \
+ done
+ for x in $(PROG_LIBEXEC); do \
+ rm -f $(libexecdir)/`echo $$x | sed '$(transform)'`; \
+ done
+
+TAGS: $(SOURCES)
+ etags $(SOURCES)
+
+check:
+
+clean:
+ rm -f *.a *.o $(PROGS)
+
+mostlyclean: clean
+
+distclean: clean
+ rm -f Makefile *.tab.c *~
+
+realclean: distclean
+ rm -f TAGS
+
+dist: $(DISTFILES)
+ for file in $(DISTFILES); do \
+ ln $$file ../`cat ../.fname`/lib \
+ || cp -p $$file ../`cat ../.fname`/lib; \
+ done
+
+KLIB=-L../lib/kadm -lkadm -L../lib/krb -lkrb -L../lib/des -ldes -L../util/et -lcom_err
+LIBROKEN=-L../lib/roken -lroken
+
+kpasswd$(EXECSUFFIX): kpasswd.o new_pwd.o
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kpasswd.o new_pwd.o $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+kadmin$(EXECSUFFIX): kadmin.o new_pwd.o
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ new_pwd.o kadmin.o -L../lib/kadm -lkadm -L../lib/krb -lkrb -L../lib/des -ldes -L../lib/sl -lsl -L../util/et -lcom_err $(LIBROKEN) $(LIBS) $(LIB_readline) $(LIBROKEN)
+
+KADMIND_OBJECTS=kadm_server.o kadm_funcs.o admin_server.o kadm_ser_wrap.o pw_check.o
+
+kadmind$(EXECSUFFIX): $(KADMIND_OBJECTS)
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(KADMIND_OBJECTS) -L../lib/kdb -lkdb -L../lib/acl -lacl $(KLIB) $(CRACKLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
+
+ksrvutil$(EXECSUFFIX): ksrvutil.o ksrvutil_get.o
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ ksrvutil.o ksrvutil_get.o $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+$(OBJECTS): ../include/config.h
diff --git a/crypto/kerberosIV/kadmin/admin_server.c b/crypto/kerberosIV/kadmin/admin_server.c
new file mode 100644
index 0000000..2654c77
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/admin_server.c
@@ -0,0 +1,432 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+/*
+ * Top-level loop of the kerberos Administration server
+ */
+
+/*
+ admin_server.c
+ this holds the main loop and initialization and cleanup code for the server
+*/
+
+#include "kadm_locl.h"
+
+RCSID("$Id: admin_server.c,v 1.41 1997/05/27 15:52:53 bg Exp $");
+
+/* Almost all procs and such need this, so it is global */
+admin_params prm; /* The command line parameters struct */
+
+/* GLOBAL */
+char *acldir = DEFAULT_ACL_DIR;
+static char krbrlm[REALM_SZ];
+
+static unsigned pidarraysize = 0;
+static int *pidarray = (int *)0;
+
+static int exit_now = 0;
+
+static
+RETSIGTYPE
+doexit(int sig)
+{
+ exit_now = 1;
+ SIGRETURN(0);
+}
+
+static
+RETSIGTYPE
+do_child(int sig)
+{
+ int pid;
+ int i, j;
+
+ int status;
+
+ pid = wait(&status);
+
+ /* Reinstall signal handlers for SysV. Must be done *after* wait */
+ signal(SIGCHLD, do_child);
+
+ for (i = 0; i < pidarraysize; i++)
+ if (pidarray[i] == pid) {
+ /* found it */
+ for (j = i; j < pidarraysize-1; j++)
+ /* copy others down */
+ pidarray[j] = pidarray[j+1];
+ pidarraysize--;
+ if ((WIFEXITED(status) && WEXITSTATUS(status) != 0)
+ || WIFSIGNALED(status))
+ krb_log("child %d: termsig %d, retcode %d", pid,
+ WTERMSIG(status), WEXITSTATUS(status));
+ SIGRETURN(0);
+ }
+ krb_log("child %d not in list: termsig %d, retcode %d", pid,
+ WTERMSIG(status), WEXITSTATUS(status));
+ SIGRETURN(0);
+}
+
+static void
+kill_children(void)
+{
+ int i;
+
+ for (i = 0; i < pidarraysize; i++) {
+ kill(pidarray[i], SIGINT);
+ krb_log("killing child %d", pidarray[i]);
+ }
+}
+
+/* close the system log file */
+static void
+close_syslog(void)
+{
+ krb_log("Shutting down admin server");
+}
+
+static void
+byebye(void) /* say goodnight gracie */
+{
+ printf("Admin Server (kadm server) has completed operation.\n");
+}
+
+static void
+clear_secrets(void)
+{
+ memset(server_parm.master_key, 0, sizeof(server_parm.master_key));
+ memset(server_parm.master_key_schedule, 0,
+ sizeof(server_parm.master_key_schedule));
+ server_parm.master_key_version = 0L;
+}
+
+#ifdef DEBUG
+#define cleanexit(code) {kerb_fini(); return;}
+#endif
+
+#ifndef DEBUG
+static void
+cleanexit(int val)
+{
+ kerb_fini();
+ clear_secrets();
+ exit(val);
+}
+#endif
+
+static void
+process_client(int fd, struct sockaddr_in *who)
+{
+ u_char *dat;
+ int dat_len;
+ u_short dlen;
+ int retval;
+ int on = 1;
+ Principal service;
+ des_cblock skey;
+ int more;
+ int status;
+
+#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
+ if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, sizeof(on)) < 0)
+ krb_log("setsockopt keepalive: %d",errno);
+#endif
+
+ server_parm.recv_addr = *who;
+
+ if (kerb_init()) { /* Open as client */
+ krb_log("can't open krb db");
+ cleanexit(1);
+ }
+ /* need to set service key to changepw.KRB_MASTER */
+
+ status = kerb_get_principal(server_parm.sname, server_parm.sinst, &service,
+ 1, &more);
+ if (status == -1) {
+ /* db locked */
+ int32_t retcode = KADM_DB_INUSE;
+ char *pdat;
+
+ dat_len = KADM_VERSIZE + sizeof(retcode);
+ dat = (u_char *) malloc((unsigned)dat_len);
+ pdat = (char *) dat;
+ retcode = htonl((u_int32_t) KADM_DB_INUSE);
+ strncpy(pdat, KADM_ULOSE, KADM_VERSIZE);
+ memcpy(pdat+KADM_VERSIZE, &retcode, sizeof(retcode));
+ goto out;
+ } else if (!status) {
+ krb_log("no service %s.%s",server_parm.sname, server_parm.sinst);
+ cleanexit(2);
+ }
+
+ copy_to_key(&service.key_low, &service.key_high, skey);
+ memset(&service, 0, sizeof(service));
+ kdb_encrypt_key (&skey, &skey, &server_parm.master_key,
+ server_parm.master_key_schedule, DES_DECRYPT);
+ krb_set_key(skey, 0); /* if error, will show up when
+ rd_req fails */
+ memset(skey, 0, sizeof(skey));
+
+ while (1) {
+ if ((retval = krb_net_read(fd, &dlen, sizeof(u_short))) !=
+ sizeof(u_short)) {
+ if (retval < 0)
+ krb_log("dlen read: %s",error_message(errno));
+ else if (retval)
+ krb_log("short dlen read: %d",retval);
+ close(fd);
+ cleanexit(retval ? 3 : 0);
+ }
+ if (exit_now) {
+ cleanexit(0);
+ }
+ dat_len = ntohs(dlen);
+ dat = (u_char *) malloc(dat_len);
+ if (!dat) {
+ krb_log("malloc: No memory");
+ close(fd);
+ cleanexit(4);
+ }
+ if ((retval = krb_net_read(fd, dat, dat_len)) != dat_len) {
+ if (retval < 0)
+ krb_log("data read: %s",error_message(errno));
+ else
+ krb_log("short read: %d vs. %d", dat_len, retval);
+ close(fd);
+ cleanexit(5);
+ }
+ if (exit_now) {
+ cleanexit(0);
+ }
+ if ((retval = kadm_ser_in(&dat,&dat_len)) != KADM_SUCCESS)
+ krb_log("processing request: %s", error_message(retval));
+
+ /* kadm_ser_in did the processing and returned stuff in
+ dat & dat_len , return the appropriate data */
+
+ out:
+ dlen = htons(dat_len);
+
+ if (krb_net_write(fd, &dlen, sizeof(u_short)) < 0) {
+ krb_log("writing dlen to client: %s",error_message(errno));
+ close(fd);
+ cleanexit(6);
+ }
+
+ if (krb_net_write(fd, dat, dat_len) < 0) {
+ krb_log("writing to client: %s", error_message(errno));
+ close(fd);
+ cleanexit(7);
+ }
+ free(dat);
+ }
+ /*NOTREACHED*/
+}
+
+/*
+kadm_listen
+listen on the admin servers port for a request
+*/
+static int
+kadm_listen(void)
+{
+ int found;
+ int admin_fd;
+ int peer_fd;
+ fd_set mask, readfds;
+ struct sockaddr_in peer;
+ int addrlen;
+ int pid;
+
+ signal(SIGINT, doexit);
+ signal(SIGTERM, doexit);
+ signal(SIGHUP, doexit);
+ signal(SIGQUIT, doexit);
+ signal(SIGPIPE, SIG_IGN); /* get errors on write() */
+ signal(SIGALRM, doexit);
+ signal(SIGCHLD, do_child);
+ if (setsid() < 0)
+ krb_log("setsid() failed");
+
+ if ((admin_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
+ return KADM_NO_SOCK;
+#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT)
+ {
+ int one=1;
+ setsockopt(admin_fd, SOL_SOCKET, SO_REUSEADDR, (void *)&one,
+ sizeof(one));
+ }
+#endif
+ if (bind(admin_fd, (struct sockaddr *)&server_parm.admin_addr,
+ sizeof(struct sockaddr_in)) < 0)
+ return KADM_NO_BIND;
+ listen(admin_fd, 1);
+ FD_ZERO(&mask);
+ FD_SET(admin_fd, &mask);
+
+ for (;;) { /* loop nearly forever */
+ if (exit_now) {
+ clear_secrets();
+ kill_children();
+ return(0);
+ }
+ readfds = mask;
+ if ((found = select(admin_fd+1, &readfds, 0,
+ 0, (struct timeval *)0)) == 0)
+ continue; /* no things read */
+ if (found < 0) {
+ if (errno != EINTR)
+ krb_log("select: %s",error_message(errno));
+ continue;
+ }
+ if (FD_ISSET(admin_fd, &readfds)) {
+ /* accept the conn */
+ addrlen = sizeof(peer);
+ if ((peer_fd = accept(admin_fd, (struct sockaddr *)&peer,
+ &addrlen)) < 0) {
+ krb_log("accept: %s",error_message(errno));
+ continue;
+ }
+#ifndef DEBUG
+ /* if you want a sep daemon for each server */
+ if ((pid = fork())) {
+ /* parent */
+ if (pid < 0) {
+ krb_log("fork: %s",error_message(errno));
+ close(peer_fd);
+ continue;
+ }
+ /* fork succeded: keep tabs on child */
+ close(peer_fd);
+ if (pidarray) {
+ pidarray = (int *)realloc(pidarray, ++pidarraysize);
+ pidarray[pidarraysize-1] = pid;
+ } else {
+ pidarray = (int *)malloc(pidarraysize = 1);
+ pidarray[0] = pid;
+ }
+ } else {
+ /* child */
+ close(admin_fd);
+#endif /* DEBUG */
+ /*
+ * If we are multihomed we need to figure out which
+ * local address that is used this time since it is
+ * used in "direction" comparison.
+ */
+ getsockname(peer_fd,
+ (struct sockaddr *)&server_parm.admin_addr,
+ &addrlen);
+ /* do stuff */
+ process_client (peer_fd, &peer);
+#ifndef DEBUG
+ }
+#endif
+ } else {
+ krb_log("something else woke me up!");
+ return(0);
+ }
+ }
+ /*NOTREACHED*/
+}
+
+/*
+** Main does the logical thing, it sets up the database and RPC interface,
+** as well as handling the creation and maintenance of the syslog file...
+*/
+int
+main(int argc, char **argv) /* admin_server main routine */
+{
+ int errval;
+ int c;
+
+ set_progname (argv[0]);
+
+ umask(077); /* Create protected files */
+
+ /* initialize the admin_params structure */
+ prm.sysfile = KADM_SYSLOG; /* default file name */
+ prm.inter = 0;
+
+ memset(krbrlm, 0, sizeof(krbrlm));
+
+ while ((c = getopt(argc, argv, "f:hmnd:a:r:")) != EOF)
+ switch(c) {
+ case 'f': /* Syslog file name change */
+ prm.sysfile = optarg;
+ break;
+ case 'n':
+ prm.inter = 0;
+ break;
+ case 'm':
+ prm.inter = 1;
+ break;
+ case 'a': /* new acl directory */
+ acldir = optarg;
+ break;
+ case 'd':
+ /* put code to deal with alt database place */
+ if ((errval = kerb_db_set_name(optarg)))
+ errx (1, "opening database %s: %s",
+ optarg, error_message(errval));
+ break;
+ case 'r':
+ strncpy(krbrlm, optarg, sizeof(krbrlm) - 1);
+ break;
+ case 'h': /* get help on using admin_server */
+ default:
+ errx(1, "Usage: kadmind [-h] [-n] [-m] [-r realm] [-d dbname] [-f filename] [-a acldir]");
+ }
+
+ if (krbrlm[0] == 0)
+ if (krb_get_lrealm(krbrlm, 0) != KSUCCESS)
+ errx (1, "Unable to get local realm. Fix krb.conf or use -r.");
+
+ printf("KADM Server %s initializing\n",KADM_VERSTR);
+ printf("Please do not use 'kill -9' to kill this job, use a\n");
+ printf("regular kill instead\n\n");
+
+ kset_logfile(prm.sysfile);
+ krb_log("Admin server starting");
+
+ kerb_db_set_lockmode(KERB_DBL_NONBLOCKING);
+ errval = kerb_init(); /* Open the Kerberos database */
+ if (errval) {
+ warnx ("error: kerb_init() failed");
+ close_syslog();
+ byebye();
+ }
+ /* set up the server_parm struct */
+ if ((errval = kadm_ser_init(prm.inter, krbrlm))==KADM_SUCCESS) {
+ kerb_fini(); /* Close the Kerberos database--
+ will re-open later */
+ errval = kadm_listen(); /* listen for calls to server from
+ clients */
+ }
+ if (errval != KADM_SUCCESS) {
+ warnx("error: %s",error_message(errval));
+ kerb_fini(); /* Close if error */
+ }
+ close_syslog(); /* Close syslog file, print
+ closing note */
+ byebye(); /* Say bye bye on the terminal
+ in use */
+ exit(1);
+} /* procedure main */
diff --git a/crypto/kerberosIV/kadmin/kadm_funcs.c b/crypto/kerberosIV/kadmin/kadm_funcs.c
new file mode 100644
index 0000000..34a34b0
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/kadm_funcs.c
@@ -0,0 +1,411 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+*/
+
+/*
+ * Kerberos administration server-side database manipulation routines
+ */
+
+/*
+ * kadm_funcs.c
+ * the actual database manipulation code
+ */
+
+#include "kadm_locl.h"
+
+RCSID("$Id: kadm_funcs.c,v 1.16 1997/05/02 14:28:49 assar Exp $");
+
+static int
+check_access(char *pname, char *pinst, char *prealm, enum acl_types acltype)
+{
+ char checkname[MAX_K_NAME_SZ];
+ char filename[MaxPathLen];
+
+ snprintf(checkname, sizeof(checkname), "%s.%s@%s", pname, pinst, prealm);
+
+ switch (acltype) {
+ case ADDACL:
+ snprintf(filename, sizeof(filename), "%s%s", acldir, ADD_ACL_FILE);
+ break;
+ case GETACL:
+ snprintf(filename, sizeof(filename), "%s%s", acldir, GET_ACL_FILE);
+ break;
+ case MODACL:
+ snprintf(filename, sizeof(filename), "%s%s", acldir, MOD_ACL_FILE);
+ break;
+ case DELACL:
+ snprintf(filename, sizeof(filename), "%s%s", acldir, DEL_ACL_FILE);
+ break;
+ default:
+ krb_log("WARNING in check_access: default case in switch");
+ return 0;
+ }
+ return(acl_check(filename, checkname));
+}
+
+static int
+wildcard(char *str)
+{
+ if (!strcmp(str, WILDCARD_STR))
+ return(1);
+ return(0);
+}
+
+static int
+fail(int code, char *oper, char *princ)
+{
+ krb_log("ERROR: %s: %s (%s)", oper, princ, error_message(code));
+ return code;
+}
+
+#define failadd(code) { fail(code, "ADD", victim); return code; }
+#define faildelete(code) { fail(code, "DELETE", victim); return code; }
+#define failget(code) { fail(code, "GET", victim); return code; }
+#define failmod(code) { fail(code, "MOD", victim); return code; }
+#define failchange(code) { fail(code, "CHANGE", admin); return code; }
+
+int
+kadm_add_entry (char *rname, char *rinstance, char *rrealm,
+ Kadm_vals *valsin, Kadm_vals *valsout)
+{
+ long numfound; /* check how many we get written */
+ int more; /* pointer to more grabbed records */
+ Principal data_i, data_o; /* temporary principal */
+ u_char flags[4];
+ des_cblock newpw;
+ Principal default_princ;
+
+ char admin[MAX_K_NAME_SZ], victim[MAX_K_NAME_SZ];
+
+ strcpy(admin, krb_unparse_name_long(rname, rinstance, rrealm));
+ strcpy(victim, krb_unparse_name_long(valsin->name, valsin->instance, NULL));
+
+ krb_log("ADD: %s by %s", victim, admin);
+
+ if (!check_access(rname, rinstance, rrealm, ADDACL)) {
+ krb_log("WARNING: ADD: %s permission denied", admin);
+ return KADM_UNAUTH;
+ }
+
+ /* Need to check here for "legal" name and instance */
+ if (wildcard(valsin->name) || wildcard(valsin->instance)) {
+ failadd(KADM_ILL_WILDCARD);
+ }
+
+ numfound = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST,
+ &default_princ, 1, &more);
+ if (numfound == -1) {
+ failadd(KADM_DB_INUSE);
+ } else if (numfound != 1) {
+ failadd(KADM_UK_RERROR);
+ }
+
+ kadm_vals_to_prin(valsin->fields, &data_i, valsin);
+ strncpy(data_i.name, valsin->name, ANAME_SZ);
+ strncpy(data_i.instance, valsin->instance, INST_SZ);
+
+ if (!IS_FIELD(KADM_EXPDATE,valsin->fields))
+ data_i.exp_date = default_princ.exp_date;
+ if (!IS_FIELD(KADM_ATTR,valsin->fields))
+ data_i.attributes = default_princ.attributes;
+ if (!IS_FIELD(KADM_MAXLIFE,valsin->fields))
+ data_i.max_life = default_princ.max_life;
+
+ memset(&default_princ, 0, sizeof(default_princ));
+
+ /* convert to host order */
+ data_i.key_low = ntohl(data_i.key_low);
+ data_i.key_high = ntohl(data_i.key_high);
+
+
+ copy_to_key(&data_i.key_low, &data_i.key_high, newpw);
+
+ /* encrypt new key in master key */
+ kdb_encrypt_key (&newpw, &newpw, &server_parm.master_key,
+ server_parm.master_key_schedule, DES_ENCRYPT);
+ copy_from_key(newpw, &data_i.key_low, &data_i.key_high);
+ memset(newpw, 0, sizeof(newpw));
+
+ data_o = data_i;
+ numfound = kerb_get_principal(valsin->name, valsin->instance,
+ &data_o, 1, &more);
+ if (numfound == -1) {
+ failadd(KADM_DB_INUSE);
+ } else if (numfound) {
+ failadd(KADM_INUSE);
+ } else {
+ data_i.key_version++;
+ data_i.kdc_key_ver = server_parm.master_key_version;
+ strncpy(data_i.mod_name, rname, sizeof(data_i.mod_name)-1);
+ strncpy(data_i.mod_instance, rinstance,
+ sizeof(data_i.mod_instance)-1);
+
+ numfound = kerb_put_principal(&data_i, 1);
+ if (numfound == -1) {
+ failadd(KADM_DB_INUSE);
+ } else if (numfound) {
+ failadd(KADM_UK_SERROR);
+ } else {
+ numfound = kerb_get_principal(valsin->name, valsin->instance,
+ &data_o, 1, &more);
+ if ((numfound!=1) || (more!=0)) {
+ failadd(KADM_UK_RERROR);
+ }
+ memset(flags, 0, sizeof(flags));
+ SET_FIELD(KADM_NAME,flags);
+ SET_FIELD(KADM_INST,flags);
+ SET_FIELD(KADM_EXPDATE,flags);
+ SET_FIELD(KADM_ATTR,flags);
+ SET_FIELD(KADM_MAXLIFE,flags);
+ kadm_prin_to_vals(flags, valsout, &data_o);
+ krb_log("ADD: %s added", victim);
+ return KADM_DATA; /* Set all the appropriate fields */
+ }
+ }
+}
+
+int
+kadm_delete_entry (char *rname, char *rinstance, char *rrealm,
+ Kadm_vals *valsin)
+{
+ int ret;
+
+ char admin[MAX_K_NAME_SZ], victim[MAX_K_NAME_SZ];
+
+ strcpy(admin, krb_unparse_name_long(rname, rinstance, rrealm));
+ strcpy(victim, krb_unparse_name_long(valsin->name, valsin->instance, NULL));
+
+ krb_log("DELETE: %s by %s", victim, admin);
+
+ if (!check_access(rname, rinstance, rrealm, DELACL)) {
+ krb_log("WARNING: DELETE: %s permission denied", admin);
+ return KADM_UNAUTH;
+ }
+
+ /* Need to check here for "legal" name and instance */
+ if (wildcard(valsin->name) || wildcard(valsin->instance)) {
+ faildelete(KADM_ILL_WILDCARD);
+ }
+
+#define EQ(V,N,I) (strcmp((V)->name, (N)) == 0 && strcmp((V)->instance, (I)) == 0)
+
+ if(EQ(valsin, PWSERV_NAME, KRB_MASTER) ||
+ EQ(valsin, "K", "M") ||
+ EQ(valsin, "default", "") ||
+ EQ(valsin, KRB_TICKET_GRANTING_TICKET, server_parm.krbrlm)){
+ krb_log("WARNING: DELETE: %s is immutable", victim);
+ return KADM_IMMUTABLE; /* XXX */
+ }
+
+ ret = kerb_delete_principal(valsin->name, valsin->instance);
+ if(ret == -1)
+ return KADM_DB_INUSE; /* XXX */
+ krb_log("DELETE: %s removed.", victim);
+ return KADM_SUCCESS;
+}
+
+
+int
+kadm_get_entry (char *rname, char *rinstance, char *rrealm,
+ Kadm_vals *valsin, u_char *flags, Kadm_vals *valsout)
+{
+ long numfound; /* check how many were returned */
+ int more; /* To point to more name.instances */
+ Principal data_o; /* Data object to hold Principal */
+
+ char admin[MAX_K_NAME_SZ], victim[MAX_K_NAME_SZ];
+
+ strcpy(admin, krb_unparse_name_long(rname, rinstance, rrealm));
+ strcpy(victim, krb_unparse_name_long(valsin->name, valsin->instance, NULL));
+
+ krb_log("GET: %s by %s", victim, admin);
+
+ if (!check_access(rname, rinstance, rrealm, GETACL)) {
+ krb_log("WARNING: GET: %s permission denied", admin);
+ return KADM_UNAUTH;
+ }
+
+ if (wildcard(valsin->name) || wildcard(valsin->instance)) {
+ failget(KADM_ILL_WILDCARD);
+ }
+
+ /* Look up the record in the database */
+ numfound = kerb_get_principal(valsin->name, valsin->instance,
+ &data_o, 1, &more);
+ if (numfound == -1) {
+ failget(KADM_DB_INUSE);
+ } else if (numfound) { /* We got the record, let's return it */
+ kadm_prin_to_vals(flags, valsout, &data_o);
+ krb_log("GET: %s retrieved", victim);
+ return KADM_DATA; /* Set all the appropriate fields */
+ } else {
+ failget(KADM_NOENTRY); /* Else whimper and moan */
+ }
+}
+
+int
+kadm_mod_entry (char *rname, char *rinstance, char *rrealm,
+ Kadm_vals *valsin, Kadm_vals *valsin2, Kadm_vals *valsout)
+{
+ long numfound;
+ int more;
+ Principal data_o, temp_key;
+ u_char fields[4];
+ des_cblock newpw;
+
+ char admin[MAX_K_NAME_SZ], victim[MAX_K_NAME_SZ];
+
+ strcpy(admin, krb_unparse_name_long(rname, rinstance, rrealm));
+ strcpy(victim, krb_unparse_name_long(valsin->name, valsin->instance, NULL));
+
+ krb_log("MOD: %s by %s", victim, admin);
+
+ if (wildcard(valsin->name) || wildcard(valsin->instance)) {
+ failmod(KADM_ILL_WILDCARD);
+ }
+
+ if (!check_access(rname, rinstance, rrealm, MODACL)) {
+ krb_log("WARNING: MOD: %s permission denied", admin);
+ return KADM_UNAUTH;
+ }
+
+ numfound = kerb_get_principal(valsin->name, valsin->instance,
+ &data_o, 1, &more);
+ if (numfound == -1) {
+ failmod(KADM_DB_INUSE);
+ } else if (numfound) {
+ kadm_vals_to_prin(valsin2->fields, &temp_key, valsin2);
+ strncpy(data_o.name, valsin->name, ANAME_SZ);
+ strncpy(data_o.instance, valsin->instance, INST_SZ);
+ if (IS_FIELD(KADM_EXPDATE,valsin2->fields))
+ data_o.exp_date = temp_key.exp_date;
+ if (IS_FIELD(KADM_ATTR,valsin2->fields))
+ data_o.attributes = temp_key.attributes;
+ if (IS_FIELD(KADM_MAXLIFE,valsin2->fields))
+ data_o.max_life = temp_key.max_life;
+ if (IS_FIELD(KADM_DESKEY,valsin2->fields)) {
+ data_o.key_version++;
+ data_o.kdc_key_ver = server_parm.master_key_version;
+
+
+ /* convert to host order */
+ temp_key.key_low = ntohl(temp_key.key_low);
+ temp_key.key_high = ntohl(temp_key.key_high);
+
+
+ copy_to_key(&temp_key.key_low, &temp_key.key_high, newpw);
+
+ /* encrypt new key in master key */
+ kdb_encrypt_key (&newpw, &newpw, &server_parm.master_key,
+ server_parm.master_key_schedule, DES_ENCRYPT);
+ copy_from_key(newpw, &data_o.key_low, &data_o.key_high);
+ memset(newpw, 0, sizeof(newpw));
+ }
+ memset(&temp_key, 0, sizeof(temp_key));
+
+ strncpy(data_o.mod_name, rname, sizeof(data_o.mod_name)-1);
+ strncpy(data_o.mod_instance, rinstance,
+ sizeof(data_o.mod_instance)-1);
+ more = kerb_put_principal(&data_o, 1);
+
+ memset(&data_o, 0, sizeof(data_o));
+
+ if (more == -1) {
+ failmod(KADM_DB_INUSE);
+ } else if (more) {
+ failmod(KADM_UK_SERROR);
+ } else {
+ numfound = kerb_get_principal(valsin->name, valsin->instance,
+ &data_o, 1, &more);
+ if ((more!=0)||(numfound!=1)) {
+ failmod(KADM_UK_RERROR);
+ }
+ memset(fields, 0, sizeof(fields));
+ SET_FIELD(KADM_NAME,fields);
+ SET_FIELD(KADM_INST,fields);
+ SET_FIELD(KADM_EXPDATE,fields);
+ SET_FIELD(KADM_ATTR,fields);
+ SET_FIELD(KADM_MAXLIFE,fields);
+ kadm_prin_to_vals(fields, valsout, &data_o);
+ krb_log("MOD: %s modified", victim);
+ return KADM_DATA; /* Set all the appropriate fields */
+ }
+ }
+ else {
+ failmod(KADM_NOENTRY);
+ }
+}
+
+int
+kadm_change (char *rname, char *rinstance, char *rrealm, unsigned char *newpw)
+{
+ long numfound;
+ int more;
+ Principal data_o;
+ des_cblock local_pw;
+
+ char admin[MAX_K_NAME_SZ];
+
+ strcpy(admin, krb_unparse_name_long(rname, rinstance, rrealm));
+
+ krb_log("CHANGE: %s", admin);
+
+ if (strcmp(server_parm.krbrlm, rrealm)) {
+ krb_log("ERROR: CHANGE: request from wrong realm %s", rrealm);
+ return(KADM_WRONG_REALM);
+ }
+
+ if (wildcard(rname) || wildcard(rinstance)) {
+ failchange(KADM_ILL_WILDCARD);
+ }
+
+ memcpy(local_pw, newpw, sizeof(local_pw));
+
+ /* encrypt new key in master key */
+ kdb_encrypt_key (&local_pw, &local_pw, &server_parm.master_key,
+ server_parm.master_key_schedule, DES_ENCRYPT);
+
+ numfound = kerb_get_principal(rname, rinstance,
+ &data_o, 1, &more);
+ if (numfound == -1) {
+ failchange(KADM_DB_INUSE);
+ } else if (numfound) {
+ copy_from_key(local_pw, &data_o.key_low, &data_o.key_high);
+ data_o.key_version++;
+ data_o.kdc_key_ver = server_parm.master_key_version;
+ strncpy(data_o.mod_name, rname, sizeof(data_o.mod_name)-1);
+ strncpy(data_o.mod_instance, rinstance,
+ sizeof(data_o.mod_instance)-1);
+ more = kerb_put_principal(&data_o, 1);
+ memset(local_pw, 0, sizeof(local_pw));
+ memset(&data_o, 0, sizeof(data_o));
+ if (more == -1) {
+ failchange(KADM_DB_INUSE);
+ } else if (more) {
+ failchange(KADM_UK_SERROR);
+ } else {
+ krb_log("CHANGE: %s's password changed", admin);
+ return KADM_SUCCESS;
+ }
+ }
+ else {
+ failchange(KADM_NOENTRY);
+ }
+}
diff --git a/crypto/kerberosIV/kadmin/kadm_locl.h b/crypto/kerberosIV/kadmin/kadm_locl.h
new file mode 100644
index 0000000..07f9093
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/kadm_locl.h
@@ -0,0 +1,148 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: kadm_locl.h,v 1.25 1997/05/20 18:40:43 bg Exp $ */
+
+#include "config.h"
+#include "protos.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <string.h>
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
+#include <errno.h>
+#include <signal.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif /* HAVE_SYS_RESOURCE_H */
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+#ifdef HAVE_SYSLOG_H
+#include <syslog.h>
+#endif
+
+#include <err.h>
+
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+#include <roken.h>
+
+#include <com_err.h>
+#include <sl.h>
+
+#include <des.h>
+#include <krb.h>
+#include <krb_err.h>
+#include <krb_db.h>
+#include <kadm.h>
+#include <kadm_err.h>
+#include <acl.h>
+
+#include "kadm_server.h"
+#include "pw_check.h"
+
+/* from libacl */
+/* int acl_check(char *acl, char *principal); */
+
+/* GLOBALS */
+extern char *acldir;
+extern Kadm_Server server_parm;
+
+/* Utils */
+int kadm_change __P((char *, char *, char *, des_cblock));
+int kadm_add_entry __P((char *, char *, char *, Kadm_vals *, Kadm_vals *));
+int kadm_mod_entry __P((char *, char *, char *, Kadm_vals *, Kadm_vals *, Kadm_vals *));
+int kadm_get_entry __P((char *, char *, char *, Kadm_vals *, u_char *, Kadm_vals *));
+int kadm_delete_entry __P((char *, char *, char *, Kadm_vals *));
+int kadm_ser_cpw __P((u_char *, int, AUTH_DAT *, u_char **, int *));
+int kadm_ser_add __P((u_char *, int, AUTH_DAT *, u_char **, int *));
+int kadm_ser_mod __P((u_char *, int, AUTH_DAT *, u_char **, int *));
+int kadm_ser_get __P((u_char *, int, AUTH_DAT *, u_char **, int *));
+int kadm_ser_delete __P((u_char *, int, AUTH_DAT *, u_char **, int *));
+int kadm_ser_init __P((int inter, char realm[]));
+int kadm_ser_in __P((u_char **, int *));
+
+int get_pw_new_pwd __P((char *pword, int pwlen, krb_principal *pr, int print_realm));
+
+/* cracklib */
+char *FascistCheck __P((char *password, char *path, char **strings));
diff --git a/crypto/kerberosIV/kadmin/kadm_ser_wrap.c b/crypto/kerberosIV/kadmin/kadm_ser_wrap.c
new file mode 100644
index 0000000..6909a9f
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/kadm_ser_wrap.c
@@ -0,0 +1,213 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+/*
+ * Kerberos administration server-side support functions
+ */
+
+/*
+kadm_ser_wrap.c
+unwraps wrapped packets and calls the appropriate server subroutine
+*/
+
+#include "kadm_locl.h"
+
+RCSID("$Id: kadm_ser_wrap.c,v 1.20 1997/05/02 10:29:14 joda Exp $");
+
+/* GLOBAL */
+Kadm_Server server_parm;
+
+/*
+kadm_ser_init
+set up the server_parm structure
+*/
+int
+kadm_ser_init(int inter, char *realm)
+ /* interactive or from file */
+
+{
+ struct hostent *hp;
+ char hostname[MaxHostNameLen];
+
+ init_kadm_err_tbl();
+ init_krb_err_tbl();
+ if (k_gethostname(hostname, sizeof(hostname)))
+ return KADM_NO_HOSTNAME;
+
+ strcpy(server_parm.sname, PWSERV_NAME);
+ strcpy(server_parm.sinst, KRB_MASTER);
+ strcpy(server_parm.krbrlm, realm);
+
+ server_parm.admin_fd = -1;
+ /* setting up the addrs */
+ memset(&server_parm.admin_addr,0, sizeof(server_parm.admin_addr));
+
+ server_parm.admin_addr.sin_port = k_getportbyname (KADM_SNAME,
+ "tcp",
+ htons(751));
+ server_parm.admin_addr.sin_family = AF_INET;
+ if ((hp = gethostbyname(hostname)) == NULL)
+ return KADM_NO_HOSTNAME;
+ server_parm.admin_addr.sin_addr.s_addr = INADDR_ANY;
+ /* setting up the database */
+ if (kdb_get_master_key((inter==1), &server_parm.master_key,
+ server_parm.master_key_schedule) != 0)
+ return KADM_NO_MAST;
+ if ((server_parm.master_key_version =
+ kdb_verify_master_key(&server_parm.master_key,
+ server_parm.master_key_schedule,stderr))<0)
+ return KADM_NO_VERI;
+ return KADM_SUCCESS;
+}
+
+static void errpkt(u_char **dat, int *dat_len, int code)
+{
+ u_int32_t retcode;
+ char *pdat;
+
+ free(*dat); /* free up req */
+ *dat_len = KADM_VERSIZE + sizeof(u_int32_t);
+ *dat = (u_char *) malloc((unsigned)*dat_len);
+ pdat = (char *) *dat;
+ retcode = htonl((u_int32_t) code);
+ strncpy(pdat, KADM_ULOSE, KADM_VERSIZE);
+ memcpy(&pdat[KADM_VERSIZE], &retcode, sizeof(u_int32_t));
+ return;
+}
+
+/*
+kadm_ser_in
+unwrap the data stored in dat, process, and return it.
+*/
+int
+kadm_ser_in(u_char **dat, int *dat_len)
+{
+ u_char *in_st; /* pointer into the sent packet */
+ int in_len,retc; /* where in packet we are, for
+ returns */
+ u_int32_t r_len; /* length of the actual packet */
+ KTEXT_ST authent; /* the authenticator */
+ AUTH_DAT ad; /* who is this, klink */
+ u_int32_t ncksum; /* checksum of encrypted data */
+ des_key_schedule sess_sched; /* our schedule */
+ MSG_DAT msg_st;
+ u_char *retdat, *tmpdat;
+ int retval, retlen;
+
+ if (strncmp(KADM_VERSTR, (char *)*dat, KADM_VERSIZE)) {
+ errpkt(dat, dat_len, KADM_BAD_VER);
+ return KADM_BAD_VER;
+ }
+ in_len = KADM_VERSIZE;
+ /* get the length */
+ if ((retc = stv_long(*dat, &r_len, in_len, *dat_len)) < 0)
+ return KADM_LENGTH_ERROR;
+ in_len += retc;
+ authent.length = *dat_len - r_len - KADM_VERSIZE - sizeof(u_int32_t);
+ memcpy(authent.dat, (char *)(*dat) + in_len, authent.length);
+ authent.mbz = 0;
+ /* service key should be set before here */
+ if ((retc = krb_rd_req(&authent, server_parm.sname, server_parm.sinst,
+ server_parm.recv_addr.sin_addr.s_addr, &ad, NULL)))
+ {
+ errpkt(dat, dat_len,retc + krb_err_base);
+ return retc + krb_err_base;
+ }
+
+#define clr_cli_secrets() {memset(sess_sched, 0, sizeof(sess_sched)); memset(ad.session, 0,sizeof(ad.session));}
+
+ in_st = *dat + *dat_len - r_len;
+#ifdef NOENCRYPTION
+ ncksum = 0;
+#else
+ ncksum = des_quad_cksum((des_cblock *)in_st, (des_cblock *)0, (long) r_len, 0, &ad.session);
+#endif
+ if (ncksum!=ad.checksum) { /* yow, are we correct yet */
+ clr_cli_secrets();
+ errpkt(dat, dat_len,KADM_BAD_CHK);
+ return KADM_BAD_CHK;
+ }
+#ifdef NOENCRYPTION
+ memset(sess_sched, 0, sizeof(sess_sched));
+#else
+ des_key_sched(&ad.session, sess_sched);
+#endif
+ if ((retc = (int) krb_rd_priv(in_st, r_len, sess_sched, &ad.session,
+ &server_parm.recv_addr,
+ &server_parm.admin_addr, &msg_st))) {
+ clr_cli_secrets();
+ errpkt(dat, dat_len,retc + krb_err_base);
+ return retc + krb_err_base;
+ }
+ switch (msg_st.app_data[0]) {
+ case CHANGE_PW:
+ retval = kadm_ser_cpw(msg_st.app_data+1,(int) msg_st.app_length - 1,
+ &ad, &retdat, &retlen);
+ break;
+ case ADD_ENT:
+ retval = kadm_ser_add(msg_st.app_data+1,(int) msg_st.app_length - 1,
+ &ad, &retdat, &retlen);
+ break;
+ case GET_ENT:
+ retval = kadm_ser_get(msg_st.app_data+1,(int) msg_st.app_length - 1,
+ &ad, &retdat, &retlen);
+ break;
+ case MOD_ENT:
+ retval = kadm_ser_mod(msg_st.app_data+1,(int) msg_st.app_length - 1,
+ &ad, &retdat, &retlen);
+ break;
+ case DEL_ENT:
+ retval = kadm_ser_delete(msg_st.app_data + 1, msg_st.app_length - 1,
+ &ad, &retdat, &retlen);
+ break;
+ default:
+ clr_cli_secrets();
+ errpkt(dat, dat_len, KADM_NO_OPCODE);
+ return KADM_NO_OPCODE;
+ }
+ /* Now seal the response back into a priv msg */
+ free(*dat);
+ tmpdat = (u_char *) malloc((unsigned)(retlen + KADM_VERSIZE +
+ sizeof(u_int32_t)));
+ strncpy((char *)tmpdat, KADM_VERSTR, KADM_VERSIZE);
+ retval = htonl((u_int32_t)retval);
+ memcpy((char *)tmpdat + KADM_VERSIZE, &retval, sizeof(u_int32_t));
+ if (retlen) {
+ memcpy((char *)tmpdat + KADM_VERSIZE + sizeof(u_int32_t), retdat,
+ retlen);
+ free(retdat);
+ }
+ /* slop for mk_priv stuff */
+ *dat = (u_char *) malloc((unsigned) (retlen + KADM_VERSIZE +
+ sizeof(u_int32_t) + 200));
+ if ((*dat_len = krb_mk_priv(tmpdat, *dat,
+ (u_int32_t) (retlen + KADM_VERSIZE +
+ sizeof(u_int32_t)),
+ sess_sched,
+ &ad.session, &server_parm.admin_addr,
+ &server_parm.recv_addr)) < 0) {
+ clr_cli_secrets();
+ errpkt(dat, dat_len, KADM_NO_ENCRYPT);
+ return KADM_NO_ENCRYPT;
+ }
+ clr_cli_secrets();
+ return KADM_SUCCESS;
+}
diff --git a/crypto/kerberosIV/kadmin/kadm_server.c b/crypto/kerberosIV/kadmin/kadm_server.c
new file mode 100644
index 0000000..1006f20
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/kadm_server.c
@@ -0,0 +1,198 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+/*
+ * Kerberos administration server-side subroutines
+ */
+
+#include "kadm_locl.h"
+
+RCSID("$Id: kadm_server.c,v 1.9 1997/05/02 10:29:08 joda Exp $");
+
+/*
+kadm_ser_cpw - the server side of the change_password routine
+ recieves : KTEXT, {key}
+ returns : CKSUM, RETCODE
+ acl : caller can change only own password
+
+Replaces the password (i.e. des key) of the caller with that specified in key.
+Returns no actual data from the master server, since this is called by a user
+*/
+int
+kadm_ser_cpw(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, int *outlen)
+{
+ u_int32_t keylow, keyhigh;
+ des_cblock newkey;
+ int status;
+ int stvlen=0;
+ char *pw_msg;
+ char pword[MAX_KPW_LEN];
+ char *strings[4];
+
+ /* take key off the stream, and change the database */
+
+ if ((status = stv_long(dat, &keyhigh, 0, len)) < 0)
+ return(KADM_LENGTH_ERROR);
+ stvlen=status;
+ if ((status = stv_long(dat, &keylow, stvlen, len)) < 0)
+ return(KADM_LENGTH_ERROR);
+ stvlen+=status;
+
+ if((status = stv_string(dat, pword, stvlen, sizeof(pword), len))<0)
+ pword[0]=0;
+
+ keylow = ntohl(keylow);
+ keyhigh = ntohl(keyhigh);
+ memcpy(((char *)newkey) + 4, &keyhigh, 4);
+ memcpy(newkey, &keylow, 4);
+
+ strings[0] = ad->pname;
+ strings[1] = ad->pinst;
+ strings[2] = ad->prealm;
+ strings[3] = NULL;
+ status = kadm_pw_check(pword, &newkey, &pw_msg, strings);
+
+ memset(pword, 0, sizeof(pword));
+ memset(dat, 0, len);
+
+ if(status != KADM_SUCCESS){
+ *datout=malloc(0);
+ *outlen=vts_string(pw_msg, datout, 0);
+ return status;
+ }
+ *datout=0;
+ *outlen=0;
+
+ return(kadm_change(ad->pname, ad->pinst, ad->prealm, newkey));
+}
+
+
+/*
+kadm_ser_add - the server side of the add_entry routine
+ recieves : KTEXT, {values}
+ returns : CKSUM, RETCODE, {values}
+ acl : su, sms (as alloc)
+
+Adds and entry containing values to the database
+returns the values of the entry, so if you leave certain fields blank you will
+ be able to determine the default values they are set to
+*/
+int
+kadm_ser_add(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, int *outlen)
+{
+ Kadm_vals values, retvals;
+ long status;
+
+ if ((status = stream_to_vals(dat, &values, len)) < 0)
+ return(KADM_LENGTH_ERROR);
+ if ((status = kadm_add_entry(ad->pname, ad->pinst, ad->prealm,
+ &values, &retvals)) == KADM_DATA) {
+ *outlen = vals_to_stream(&retvals,datout);
+ return KADM_SUCCESS;
+ } else {
+ *outlen = 0;
+ return status;
+ }
+}
+
+/*
+kadm_ser_mod - the server side of the mod_entry routine
+ recieves : KTEXT, {values, values}
+ returns : CKSUM, RETCODE, {values}
+ acl : su, sms (as register or dealloc)
+
+Modifies all entries corresponding to the first values so they match the
+ second values.
+returns the values for the changed entries
+*/
+int
+kadm_ser_mod(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, int *outlen)
+{
+ Kadm_vals vals1, vals2, retvals;
+ int wh;
+ long status;
+
+ if ((wh = stream_to_vals(dat, &vals1, len)) < 0)
+ return KADM_LENGTH_ERROR;
+ if ((status = stream_to_vals(dat+wh,&vals2, len-wh)) < 0)
+ return KADM_LENGTH_ERROR;
+ if ((status = kadm_mod_entry(ad->pname, ad->pinst, ad->prealm, &vals1,
+ &vals2, &retvals)) == KADM_DATA) {
+ *outlen = vals_to_stream(&retvals,datout);
+ return KADM_SUCCESS;
+ } else {
+ *outlen = 0;
+ return status;
+ }
+}
+
+int
+kadm_ser_delete(u_char *dat, int len, AUTH_DAT *ad,
+ u_char **datout, int *outlen)
+{
+ Kadm_vals values;
+ int wh;
+ int status;
+
+ if((wh = stream_to_vals(dat, &values, len)) < 0)
+ return KADM_LENGTH_ERROR;
+ if(wh != len)
+ return KADM_LENGTH_ERROR;
+ status = kadm_delete_entry(ad->pname, ad->pinst, ad->prealm,
+ &values);
+ *outlen = 0;
+ return status;
+}
+
+/*
+kadm_ser_get
+ recieves : KTEXT, {values, flags}
+ returns : CKSUM, RETCODE, {count, values, values, values}
+ acl : su
+
+gets the fields requested by flags from all entries matching values
+returns this data for each matching recipient, after a count of how many such
+ matches there were
+*/
+int
+kadm_ser_get(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, int *outlen)
+{
+ Kadm_vals values, retvals;
+ u_char fl[FLDSZ];
+ int loop,wh;
+ long status;
+
+ if ((wh = stream_to_vals(dat, &values, len)) < 0)
+ return KADM_LENGTH_ERROR;
+ if (wh + FLDSZ > len)
+ return KADM_LENGTH_ERROR;
+ for (loop=FLDSZ-1; loop>=0; loop--)
+ fl[loop] = dat[wh++];
+ if ((status = kadm_get_entry(ad->pname, ad->pinst, ad->prealm,
+ &values, fl, &retvals)) == KADM_DATA) {
+ *outlen = vals_to_stream(&retvals,datout);
+ return KADM_SUCCESS;
+ } else {
+ *outlen = 0;
+ return status;
+ }
+}
+
diff --git a/crypto/kerberosIV/kadmin/kadm_server.h b/crypto/kerberosIV/kadmin/kadm_server.h
new file mode 100644
index 0000000..c730574
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/kadm_server.h
@@ -0,0 +1,66 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+/* $Id: kadm_server.h,v 1.10 1997/05/11 04:08:26 assar Exp $ */
+
+/*
+ * Definitions for Kerberos administration server & client
+ */
+
+#ifndef KADM_SERVER_DEFS
+#define KADM_SERVER_DEFS
+
+/*
+ * kadm_server.h
+ * Header file for the fourth attempt at an admin server
+ * Doug Church, December 28, 1989, MIT Project Athena
+ * ps. Yes that means this code belongs to athena etc...
+ * as part of our ongoing attempt to copyright all greek names
+ */
+
+typedef struct {
+ struct sockaddr_in admin_addr;
+ struct sockaddr_in recv_addr;
+ int recv_addr_len;
+ int admin_fd; /* our link to clients */
+ char sname[ANAME_SZ];
+ char sinst[INST_SZ];
+ char krbrlm[REALM_SZ];
+ des_cblock master_key;
+ des_cblock session_key;
+ des_key_schedule master_key_schedule;
+ long master_key_version;
+} Kadm_Server;
+
+/* the default syslog file */
+#ifndef KADM_SYSLOG
+#define KADM_SYSLOG "/var/log/admin_server.syslog"
+#endif /* KADM_SYSLOG */
+
+#ifndef DEFAULT_ACL_DIR
+#define DEFAULT_ACL_DIR "/var/kerberos"
+#endif /* DEFAULT_ACL_DIR */
+#define ADD_ACL_FILE "/admin_acl.add"
+#define GET_ACL_FILE "/admin_acl.get"
+#define MOD_ACL_FILE "/admin_acl.mod"
+#define DEL_ACL_FILE "/admin_acl.del"
+
+#endif /* KADM_SERVER_DEFS */
diff --git a/crypto/kerberosIV/kadmin/kadmin.c b/crypto/kerberosIV/kadmin/kadmin.c
new file mode 100644
index 0000000..f117b6b
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/kadmin.c
@@ -0,0 +1,845 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+/*
+ * Kerberos database administrator's tool.
+ *
+ * The default behavior of kadmin is if the -m option is given
+ * on the commandline, multiple requests are allowed to be given
+ * with one entry of the admin password (until the tickets expire).
+ */
+
+#include "kadm_locl.h"
+
+RCSID("$Id: kadmin.c,v 1.48 1997/05/13 09:43:06 bg Exp $");
+
+static void change_password(int argc, char **argv);
+static void change_key(int argc, char **argv);
+static void change_admin_password(int argc, char **argv);
+static void add_new_key(int argc, char **argv);
+static void del_entry(int argc, char **argv);
+static void get_entry(int argc, char **argv);
+static void mod_entry(int argc, char **argv);
+static void help(int argc, char **argv);
+static void clean_up_cmd(int argc, char **argv);
+static void quit_cmd(int argc, char **argv);
+
+static SL_cmd cmds[] = {
+ {"change_password", change_password, "Change a user's password"},
+ {"cpw"},
+ {"passwd"},
+ {"change_key", change_key, "Change a user's password as a DES binary key"},
+ {"ckey"},
+ {"change_admin_password", change_admin_password,
+ "Change your admin password"},
+ {"cap"},
+ {"add_new_key", add_new_key, "Add new user to kerberos database"},
+ {"ank"},
+ {"del_entry", del_entry, "Delete entry from database"},
+ {"del"},
+ {"delete"},
+ {"get_entry", get_entry, "Get entry from kerberos database"},
+ {"mod_entry", mod_entry, "Modify entry in kerberos database"},
+ {"destroy_tickets", clean_up_cmd, "Destroy admin tickets"},
+ {"exit", quit_cmd, "Exit program"},
+ {"quit"},
+ {"help", help, "Help"},
+ {"?"},
+ {NULL}
+};
+
+#define BAD_PW 1
+#define GOOD_PW 0
+#define FUDGE_VALUE 15 /* for ticket expiration time */
+#define PE_NO 0
+#define PE_YES 1
+#define PE_UNSURE 2
+
+/* for get_password, whether it should do the swapping...necessary for
+ using vals structure, unnecessary for change_pw requests */
+#define DONTSWAP 0
+#define SWAP 1
+
+static krb_principal pr;
+static char default_realm[REALM_SZ]; /* default kerberos realm */
+static char krbrlm[REALM_SZ]; /* current realm being administered */
+static int multiple = 0; /* Allow multiple requests per ticket */
+
+#ifdef NOENCRYPTION
+#define read_long_pw_string placebo_read_pw_string
+#else
+#define read_long_pw_string des_read_pw_string
+#endif
+
+static void
+get_maxlife(Kadm_vals *vals)
+{
+ char buff[BUFSIZ];
+ time_t life;
+ int l;
+
+ do {
+ printf("Maximum ticket lifetime? (%d) [%s] ",
+ vals->max_life, krb_life_to_atime(vals->max_life));
+ fflush(stdout);
+ if (fgets(buff, sizeof(buff), stdin) == NULL || *buff == '\n') {
+ clearerr(stdin);
+ return;
+ }
+ life = krb_atime_to_life(buff);
+ } while (life <= 0);
+
+ l = strlen(buff);
+ if (buff[l-2] == 'm')
+ life = krb_time_to_life(0L, life*60);
+ if (buff[l-2] == 'h')
+ life = krb_time_to_life(0L, life*60*60);
+
+ vals->max_life = life;
+ SET_FIELD(KADM_MAXLIFE,vals->fields);
+}
+
+static void
+get_attr(Kadm_vals *vals)
+{
+ char buff[BUFSIZ], *out;
+ int attr;
+
+ do {
+ printf("Attributes? [0x%.2x] ", vals->attributes);
+ fflush(stdout);
+ if (fgets(buff, sizeof(buff), stdin) == NULL || *buff == '\n') {
+ clearerr(stdin);
+ return;
+ }
+ attr = strtol(buff, &out, 0);
+ if (attr == 0 && out == buff)
+ attr = -1;
+ } while (attr < 0 || attr > 0xffff);
+
+ vals->attributes = attr;
+ SET_FIELD(KADM_ATTR,vals->fields);
+}
+
+static void
+get_expdate(Kadm_vals *vals)
+{
+ char buff[BUFSIZ];
+ struct tm edate;
+
+ memset(&edate, 0, sizeof(edate));
+ do {
+ printf("Expiration date (enter yyyy-mm-dd) ? [%.24s] ",
+ asctime(k_localtime(&vals->exp_date)));
+ fflush(stdout);
+ if (fgets(buff, sizeof(buff), stdin) == NULL || *buff == '\n') {
+ clearerr(stdin);
+ return;
+ }
+ if (sscanf(buff, "%d-%d-%d",
+ &edate.tm_year, &edate.tm_mon, &edate.tm_mday) == 3) {
+ edate.tm_mon--; /* January is 0, not 1 */
+ edate.tm_hour = 23; /* nearly midnight at the end of the */
+ edate.tm_min = 59; /* specified day */
+ }
+ } while (krb_check_tm (edate));
+
+ edate.tm_year -= 1900;
+ vals->exp_date = tm2time (edate, 1);
+ SET_FIELD(KADM_EXPDATE,vals->fields);
+}
+
+static int
+princ_exists(char *name, char *instance, char *realm)
+{
+ int status;
+
+ status = krb_get_pw_in_tkt(name, instance, realm,
+ KRB_TICKET_GRANTING_TICKET,
+ realm, 1, "");
+
+ if ((status == KSUCCESS) || (status == INTK_BADPW))
+ return(PE_YES);
+ else if (status == KDC_PR_UNKNOWN)
+ return(PE_NO);
+ else
+ return(PE_UNSURE);
+}
+
+static int
+get_password(u_int32_t *low, u_int32_t *high, char *prompt, int byteswap)
+{
+ char new_passwd[MAX_KPW_LEN]; /* new password */
+ des_cblock newkey;
+
+ if (read_long_pw_string(new_passwd, sizeof(new_passwd)-1, prompt, 1))
+ return(BAD_PW);
+ if (strlen(new_passwd) == 0) {
+ printf("Using random password.\n");
+#ifdef NOENCRYPTION
+ memset(newkey, 0, sizeof(newkey));
+#else
+ des_new_random_key(&newkey);
+#endif
+ } else {
+#ifdef NOENCRYPTION
+ memset(newkey, 0, sizeof(newkey));
+#else
+ des_string_to_key(new_passwd, &newkey);
+#endif
+ memset(new_passwd, 0, sizeof(new_passwd));
+ }
+
+ memcpy(low, newkey, 4);
+ memcpy(high, ((char *)newkey) + 4, 4);
+
+ memset(newkey, 0, sizeof(newkey));
+
+#ifdef NOENCRYPTION
+ *low = 1;
+#endif
+
+ if (byteswap != DONTSWAP) {
+ *low = htonl(*low);
+ *high = htonl(*high);
+ }
+ return(GOOD_PW);
+}
+
+static int
+get_admin_password(void)
+{
+ int status;
+ char admin_passwd[MAX_KPW_LEN]; /* Admin's password */
+ int ticket_life = 1; /* minimum ticket lifetime */
+ CREDENTIALS c;
+
+ if (multiple) {
+ /* If admin tickets exist and are valid, just exit. */
+ memset(&c, 0, sizeof(c));
+ if (krb_get_cred(PWSERV_NAME, KADM_SINST, krbrlm, &c) == KSUCCESS)
+ /*
+ * If time is less than lifetime - FUDGE_VALUE after issue date,
+ * tickets will probably last long enough for the next
+ * transaction.
+ */
+ if (time(0) < (c.issue_date + (5 * 60 * c.lifetime) - FUDGE_VALUE))
+ return(KADM_SUCCESS);
+ ticket_life = DEFAULT_TKT_LIFE;
+ }
+
+ if (princ_exists(pr.name, pr.instance, pr.realm) != PE_NO) {
+ char prompt[256];
+ snprintf(prompt, sizeof(prompt), "%s's Password: ", krb_unparse_name(&pr));
+ if (read_long_pw_string(admin_passwd,
+ sizeof(admin_passwd)-1,
+ prompt, 0)) {
+ warnx ("Error reading admin password.");
+ goto bad;
+ }
+ status = krb_get_pw_in_tkt(pr.name, pr.instance, pr.realm,
+ PWSERV_NAME, KADM_SINST,
+ ticket_life, admin_passwd);
+ memset(admin_passwd, 0, sizeof(admin_passwd));
+
+ /* Initialize non shared random sequence from session key. */
+ memset(&c, 0, sizeof(c));
+ krb_get_cred(PWSERV_NAME, KADM_SINST, krbrlm, &c);
+ des_init_random_number_generator(&c.session);
+ }
+ else
+ status = KDC_PR_UNKNOWN;
+
+ switch(status) {
+ case GT_PW_OK:
+ return(GOOD_PW);
+ case KDC_PR_UNKNOWN:
+ printf("Principal %s does not exist.\n", krb_unparse_name(&pr));
+ goto bad;
+ case GT_PW_BADPW:
+ printf("Incorrect admin password.\n");
+ goto bad;
+ default:
+ com_err("kadmin", status+krb_err_base,
+ "while getting password tickets");
+ goto bad;
+ }
+
+ bad:
+ memset(admin_passwd, 0, sizeof(admin_passwd));
+ dest_tkt();
+ return(BAD_PW);
+}
+
+static void
+usage(void)
+{
+ fprintf (stderr, "Usage: kadmin [[-u|-p] admin_name] [-r default_realm]"
+ " [-m]\n"
+ " -m allows multiple admin requests to be "
+ "serviced with one entry of admin\n"
+ " password.\n");
+ exit (1);
+}
+
+/* GLOBAL */
+static void
+clean_up()
+{
+ dest_tkt();
+}
+
+static void
+clean_up_cmd (int argc, char **argv)
+{
+ clean_up();
+}
+
+/* GLOBAL */
+static void
+quit()
+{
+ printf("Cleaning up and exiting.\n");
+ clean_up();
+ exit(0);
+}
+
+static void
+quit_cmd (int argc, char **argv)
+{
+ quit();
+}
+
+static void
+do_init(int argc, char **argv)
+{
+ int c;
+ int tflag = 0;
+ char tktstring[MaxPathLen];
+ int k_errno;
+
+ set_progname (argv[0]);
+
+ memset(&pr, 0, sizeof(pr));
+ if (krb_get_default_principal(pr.name, pr.instance, default_realm) < 0)
+ errx (1, "I could not even guess who you might be");
+ while ((c = getopt(argc, argv, "p:u:r:mt")) != EOF)
+ switch (c) {
+ case 'p':
+ case 'u':
+ if((k_errno = krb_parse_name(optarg, &pr)) != KSUCCESS)
+ errx (1, "%s", krb_get_err_text(k_errno));
+ break;
+ case 'r':
+ memset(default_realm, 0, sizeof(default_realm));
+ strncpy(default_realm, optarg, sizeof(default_realm) - 1);
+ break;
+ case 'm':
+ multiple++;
+ break;
+ case 't':
+ tflag++;
+ break;
+ default:
+ usage();
+ break;
+ }
+ if (optind < argc)
+ usage();
+ strcpy(krbrlm, default_realm);
+
+ if (kadm_init_link(PWSERV_NAME, KRB_MASTER, krbrlm) != KADM_SUCCESS)
+ *krbrlm = '\0';
+ if (pr.realm[0] == '\0')
+ strcpy (pr.realm, krbrlm);
+ if (pr.instance[0] == '\0')
+ strcpy(pr.instance, "admin");
+
+ if (!tflag) {
+ snprintf(tktstring, sizeof(tktstring), TKT_ROOT "_adm_%d",(int)getpid());
+ krb_set_tkt_string(tktstring);
+ }
+
+}
+
+int
+main(int argc, char **argv)
+{
+ do_init(argc, argv);
+
+ printf("Welcome to the Kerberos Administration Program, version 2\n");
+ printf("Type \"help\" if you need it.\n");
+ sl_loop (cmds, "kadmin: ");
+ printf("\n");
+ quit();
+ exit(0);
+}
+
+static int
+setvals(Kadm_vals *vals, char *string)
+{
+ char realm[REALM_SZ];
+ int status = KADM_SUCCESS;
+
+ memset(vals, 0, sizeof(*vals));
+ memset(realm, 0, sizeof(realm));
+
+ SET_FIELD(KADM_NAME,vals->fields);
+ SET_FIELD(KADM_INST,vals->fields);
+ if ((status = kname_parse(vals->name, vals->instance, realm, string))) {
+ printf("kerberos error: %s\n", krb_get_err_text(status));
+ return status;
+ }
+ if (!realm[0])
+ strcpy(realm, default_realm);
+ if (strcmp(realm, krbrlm)) {
+ strcpy(krbrlm, realm);
+ if ((status = kadm_init_link(PWSERV_NAME, KRB_MASTER, krbrlm))
+ != KADM_SUCCESS)
+ printf("kadm error for realm %s: %s\n",
+ krbrlm, error_message(status));
+ }
+ if (status)
+ return 1;
+ else
+ return KADM_SUCCESS;
+}
+
+static void
+change_password(int argc, char **argv)
+{
+ Kadm_vals old, new;
+ int status;
+ char pw_prompt[BUFSIZ];
+
+ if (argc != 2) {
+ printf("Usage: change_password loginname\n");
+ return;
+ }
+
+ if (setvals(&old, argv[1]) != KADM_SUCCESS)
+ return;
+
+ new = old;
+
+ SET_FIELD(KADM_DESKEY,new.fields);
+
+ if (princ_exists(old.name, old.instance, krbrlm) != PE_NO) {
+ /* get the admin's password */
+ if (get_admin_password() != GOOD_PW)
+ return;
+
+ /* get the new password */
+ snprintf(pw_prompt, sizeof(pw_prompt), "New password for %s:", argv[1]);
+
+ if (get_password(&new.key_low, &new.key_high,
+ pw_prompt, SWAP) == GOOD_PW) {
+ status = kadm_mod(&old, &new);
+ if (status == KADM_SUCCESS) {
+ printf("Password changed for %s.\n", argv[1]);
+ } else {
+ printf("kadmin: %s\nwhile changing password for %s",
+ error_message(status), argv[1]);
+ }
+ } else
+ printf("Error reading password; password unchanged\n");
+ memset(&new, 0, sizeof(new));
+ if (!multiple)
+ clean_up();
+ }
+ else
+ printf("kadmin: Principal %s does not exist.\n",
+ krb_unparse_name_long (old.name, old.instance, krbrlm));
+ return;
+}
+
+static int
+getkey(unsigned char *k)
+{
+ int i, c;
+ for (i = 0; i < 8; i++)
+ {
+ c = getchar();
+ if (c == EOF)
+ return 0;
+ else if (c == '\\')
+ {
+ int oct = -1;
+ scanf("%03o", &oct);
+ if (oct < 0 || oct > 255)
+ return 0;
+ k[i] = oct;
+ }
+ else if (!isalpha(c))
+ return 0;
+ else
+ k[i] = c;
+ }
+ c = getchar();
+ if (c != '\n')
+ return 0;
+ return 1; /* Success */
+}
+
+static void
+printkey(unsigned char *tkey)
+{
+ int j;
+ for(j = 0; j < 8; j++)
+ if(tkey[j] != '\\' && isalpha(tkey[j]) != 0)
+ printf("%c", tkey[j]);
+ else
+ printf("\\%03o",(unsigned char)tkey[j]);
+ printf("\n");
+}
+
+static void
+change_key(int argc, char **argv)
+{
+ Kadm_vals old, new;
+ unsigned char newkey[8];
+ int status;
+
+ if (argc != 2) {
+ printf("Usage: change_key principal-name\n");
+ return;
+ }
+
+ if (setvals(&old, argv[1]) != KADM_SUCCESS)
+ return;
+
+ new = old;
+
+ SET_FIELD(KADM_DESKEY,new.fields);
+
+ if (princ_exists(old.name, old.instance, krbrlm) != PE_NO) {
+ /* get the admin's password */
+ if (get_admin_password() != GOOD_PW)
+ return;
+
+ /* get the new password */
+ printf("New DES key for %s: ", argv[1]);
+
+ if (getkey(newkey)) {
+ memcpy(&new.key_low, newkey, 4);
+ memcpy(&new.key_high, ((char *)newkey) + 4, 4);
+ printf("Entered key for %s: ", argv[1]);
+ printkey(newkey);
+ memset(newkey, 0, sizeof(newkey));
+
+ status = kadm_mod(&old, &new);
+ if (status == KADM_SUCCESS) {
+ printf("Key changed for %s.\n", argv[1]);
+ } else {
+ printf("kadmin: %s\nwhile changing key for %s",
+ error_message(status), argv[1]);
+ }
+ } else
+ printf("Error reading key; key unchanged\n");
+ memset(&new, 0, sizeof(new));
+ if (!multiple)
+ clean_up();
+ }
+ else
+ printf("kadmin: Principal %s does not exist.\n",
+ krb_unparse_name_long (old.name, old.instance, krbrlm));
+ return;
+}
+
+static void
+change_admin_password(int argc, char **argv)
+{
+ des_cblock newkey;
+ int status;
+ char pword[MAX_KPW_LEN];
+ char *pw_msg;
+
+ if (argc != 1) {
+ printf("Usage: change_admin_password\n");
+ return;
+ }
+ if (get_pw_new_pwd(pword, sizeof(pword), &pr, 1) == 0) {
+ des_string_to_key(pword, &newkey);
+ status = kadm_change_pw_plain(newkey, pword, &pw_msg);
+ if(status == KADM_INSECURE_PW)
+ printf("Insecure password: %s\n", pw_msg);
+ else if (status == KADM_SUCCESS)
+ printf("Admin password changed\n");
+ else
+ printf("kadm error: %s\n",error_message(status));
+ memset(newkey, 0, sizeof(newkey));
+ memset(pword, 0, sizeof(pword));
+ }
+ if (!multiple)
+ clean_up();
+ return;
+}
+
+static void
+add_new_key(int argc, char **argv)
+{
+ Kadm_vals new;
+ char pw_prompt[BUFSIZ];
+ int status;
+
+ if (argc != 2) {
+ printf("Usage: add_new_key user_name.\n");
+ return;
+ }
+ if (setvals(&new, argv[1]) != KADM_SUCCESS)
+ return;
+
+ SET_FIELD(KADM_EXPDATE,new.fields);
+ SET_FIELD(KADM_ATTR,new.fields);
+ SET_FIELD(KADM_MAXLIFE,new.fields);
+ SET_FIELD(KADM_DESKEY,new.fields);
+
+ if (princ_exists(new.name, new.instance, krbrlm) != PE_YES) {
+ Kadm_vals vals;
+ u_char fields[4];
+ char n[ANAME_SZ + INST_SZ + 1];
+
+ /* get the admin's password */
+ if (get_admin_password() != GOOD_PW)
+ return;
+
+ memset(fields, 0, sizeof(fields));
+ SET_FIELD(KADM_NAME,fields);
+ SET_FIELD(KADM_INST,fields);
+ SET_FIELD(KADM_EXPDATE,fields);
+ SET_FIELD(KADM_ATTR,fields);
+ SET_FIELD(KADM_MAXLIFE,fields);
+ snprintf (n, sizeof(n), "default.%s", new.instance);
+ if (setvals(&vals, n) != KADM_SUCCESS)
+ return;
+
+ if (kadm_get(&vals, fields) != KADM_SUCCESS) {
+ if (setvals(&vals, "default") != KADM_SUCCESS)
+ return;
+ if ((status = kadm_get(&vals, fields)) != KADM_SUCCESS) {
+ printf ("kadm error: %s\n", error_message(status));
+ return;
+ }
+ }
+
+ if (vals.max_life == 255) /* Defaults not set! */ {
+ /* This is the default maximum lifetime for new principals. */
+ if (strcmp(new.instance, "admin") == 0)
+ vals.max_life = 1 + (CLOCK_SKEW/(5*60)); /* 5+5 minutes */
+ else if (strcmp(new.instance, "root") == 0)
+ vals.max_life = 96; /* 8 hours */
+ else if (krb_life_to_time(0, 162) >= 24*60*60)
+ vals.max_life = 162; /* ca 100 hours */
+ else
+ vals.max_life = 255; /* ca 21 hours (maximum) */
+
+ /* Also fix expiration date. */
+ if (strcmp(new.name, "rcmd") == 0)
+ vals.exp_date = 1104814999; /* Tue Jan 4 06:03:19 2005 */
+ else
+ vals.exp_date = time(0) + 2*(365*24*60*60); /* + ca 2 years */
+ }
+
+ new.max_life = vals.max_life;
+ new.exp_date = vals.exp_date;
+ new.attributes = vals.attributes;
+ get_maxlife(&new);
+ get_attr(&new);
+ get_expdate(&new);
+
+ /* get the new password */
+ snprintf(pw_prompt, sizeof(pw_prompt), "Password for %s:", argv[1]);
+
+ if (get_password(&new.key_low, &new.key_high,
+ pw_prompt, SWAP) == GOOD_PW) {
+ status = kadm_add(&new);
+ if (status == KADM_SUCCESS) {
+ printf("%s added to database.\n", argv[1]);
+ } else {
+ printf("kadm error: %s\n",error_message(status));
+ }
+ } else
+ printf("Error reading password; %s not added\n",argv[1]);
+ memset(&new, 0, sizeof(new));
+ if (!multiple)
+ clean_up();
+ }
+ else
+ printf("kadmin: Principal already exists.\n");
+ return;
+}
+
+static void
+del_entry(int argc, char **argv)
+{
+ int status;
+ Kadm_vals vals;
+
+ if (argc != 2) {
+ printf("Usage: del_entry username\n");
+ return;
+ }
+
+ if (setvals(&vals, argv[1]) != KADM_SUCCESS)
+ return;
+
+ if (princ_exists(vals.name, vals.instance, krbrlm) != PE_NO) {
+ /* get the admin's password */
+ if (get_admin_password() != GOOD_PW)
+ return;
+
+ if ((status = kadm_del(&vals)) == KADM_SUCCESS){
+ printf("%s removed from database.\n", argv[1]);
+ } else {
+ printf("kadm error: %s\n",error_message(status));
+ }
+
+ if (!multiple)
+ clean_up();
+ }
+ else
+ printf("kadmin: Principal %s does not exist.\n",
+ krb_unparse_name_long (vals.name, vals.instance, krbrlm));
+ return;
+}
+
+static void
+get_entry(int argc, char **argv)
+{
+ int status;
+ u_char fields[4];
+ Kadm_vals vals;
+
+ if (argc != 2) {
+ printf("Usage: get_entry username\n");
+ return;
+ }
+
+ memset(fields, 0, sizeof(fields));
+
+ SET_FIELD(KADM_NAME,fields);
+ SET_FIELD(KADM_INST,fields);
+ SET_FIELD(KADM_EXPDATE,fields);
+ SET_FIELD(KADM_ATTR,fields);
+ SET_FIELD(KADM_MAXLIFE,fields);
+#if 0
+ SET_FIELD(KADM_DESKEY,fields);
+#endif
+
+ if (setvals(&vals, argv[1]) != KADM_SUCCESS)
+ return;
+
+
+ if (princ_exists(vals.name, vals.instance, krbrlm) != PE_NO) {
+ /* get the admin's password */
+ if (get_admin_password() != GOOD_PW)
+ return;
+
+ if ((status = kadm_get(&vals, fields)) == KADM_SUCCESS)
+ prin_vals(&vals);
+ else
+ printf("kadm error: %s\n",error_message(status));
+
+ if (!multiple)
+ clean_up();
+ }
+ else
+ printf("kadmin: Principal %s does not exist.\n",
+ krb_unparse_name_long (vals.name, vals.instance, krbrlm));
+ return;
+}
+
+static void
+mod_entry(int argc, char **argv)
+{
+ int status;
+ u_char fields[4];
+ Kadm_vals ovals, nvals;
+
+ if (argc != 2) {
+ printf("Usage: mod_entry username\n");
+ return;
+ }
+
+ memset(fields, 0, sizeof(fields));
+
+ SET_FIELD(KADM_NAME,fields);
+ SET_FIELD(KADM_INST,fields);
+ SET_FIELD(KADM_EXPDATE,fields);
+ SET_FIELD(KADM_ATTR,fields);
+ SET_FIELD(KADM_MAXLIFE,fields);
+
+ if (setvals(&ovals, argv[1]) != KADM_SUCCESS)
+ return;
+
+ nvals = ovals;
+
+ if (princ_exists(ovals.name, ovals.instance, krbrlm) == PE_NO) {
+ printf("kadmin: Principal %s does not exist.\n",
+ krb_unparse_name_long (ovals.name, ovals.instance, krbrlm));
+ return;
+ }
+
+ /* get the admin's password */
+ if (get_admin_password() != GOOD_PW)
+ return;
+
+ if ((status = kadm_get(&ovals, fields)) != KADM_SUCCESS) {
+ printf("[ unable to retrieve current settings: %s ]\n",
+ error_message(status));
+ nvals.max_life = DEFAULT_TKT_LIFE;
+ nvals.exp_date = 0;
+ nvals.attributes = 0;
+ } else {
+ nvals.max_life = ovals.max_life;
+ nvals.exp_date = ovals.exp_date;
+ nvals.attributes = ovals.attributes;
+ }
+
+ get_maxlife(&nvals);
+ get_attr(&nvals);
+ get_expdate(&nvals);
+
+ if (IS_FIELD(KADM_MAXLIFE, nvals.fields) ||
+ IS_FIELD(KADM_ATTR, nvals.fields) ||
+ IS_FIELD(KADM_EXPDATE, nvals.fields)) {
+ if ((status = kadm_mod(&ovals, &nvals)) != KADM_SUCCESS) {
+ printf("kadm error: %s\n",error_message(status));
+ goto out;
+ }
+ if ((status = kadm_get(&ovals, fields)) != KADM_SUCCESS) {
+ printf("kadm error: %s\n",error_message(status));
+ goto out;
+ }
+ }
+ prin_vals(&ovals);
+
+out:
+ if (!multiple)
+ clean_up();
+ return;
+}
+
+static void
+help(int argc, char **argv)
+{
+ sl_help (cmds, argc, argv);
+}
diff --git a/crypto/kerberosIV/kadmin/kpasswd.c b/crypto/kerberosIV/kadmin/kpasswd.c
new file mode 100644
index 0000000..f4c0cda
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/kpasswd.c
@@ -0,0 +1,163 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+/*
+ * change your password with kerberos
+ */
+
+#include "kadm_locl.h"
+
+RCSID("$Id: kpasswd.c,v 1.25 1997/05/02 14:28:51 assar Exp $");
+
+static void
+usage(int value)
+{
+ fprintf(stderr, "Usage: ");
+ fprintf(stderr, "kpasswd [-h ] [-n user] [-i instance] [-r realm] ");
+ fprintf(stderr, "[-u fullname]\n");
+ exit(value);
+}
+
+int
+main(int argc, char **argv)
+{
+ krb_principal principal;
+ krb_principal default_principal;
+ int realm_given = 0; /* True if realm was give on cmdline */
+ int use_default = 1; /* True if we should use default name */
+ int status; /* return code */
+ char pword[MAX_KPW_LEN];
+ int c;
+ char tktstring[MaxPathLen];
+
+ set_progname (argv[0]);
+
+ memset (&principal, 0, sizeof(principal));
+ memset (&default_principal, 0, sizeof(default_principal));
+
+ krb_get_default_principal (default_principal.name,
+ default_principal.instance,
+ default_principal.realm);
+
+ while ((c = getopt(argc, argv, "u:n:i:r:h")) != EOF) {
+ switch (c) {
+ case 'u':
+ status = krb_parse_name (optarg, &principal);
+ if (status != KSUCCESS)
+ errx (2, "%s", krb_get_err_text(status));
+ if (principal.realm[0])
+ realm_given++;
+ else if (krb_get_lrealm(principal.realm, 1) != KSUCCESS)
+ errx (1, "Could not find default realm!");
+ break;
+ case 'n':
+ if (k_isname(optarg))
+ strncpy(principal.name, optarg, sizeof(principal.name) - 1);
+ else {
+ warnx("Bad name: %s", optarg);
+ usage(1);
+ }
+ break;
+ case 'i':
+ if (k_isinst(optarg))
+ strncpy(principal.instance,
+ optarg,
+ sizeof(principal.instance) - 1);
+ else {
+ warnx("Bad instance: %s", optarg);
+ usage(1);
+ }
+ break;
+ case 'r':
+ if (k_isrealm(optarg)) {
+ strncpy(principal.realm, optarg, sizeof(principal.realm) - 1);
+ realm_given++;
+ } else {
+ warnx("Bad realm: %s", optarg);
+ usage(1);
+ }
+ break;
+ case 'h':
+ usage(0);
+ break;
+ default:
+ usage(1);
+ break;
+ }
+ use_default = 0;
+ }
+ if (optind < argc) {
+ use_default = 0;
+ status = krb_parse_name (argv[optind], &principal);
+ if(status != KSUCCESS)
+ errx (1, "%s", krb_get_err_text (status));
+ }
+
+ if (use_default) {
+ strcpy(principal.name, default_principal.name);
+ strcpy(principal.instance, default_principal.instance);
+ strcpy(principal.realm, default_principal.realm);
+ } else {
+ if (!principal.name[0])
+ strcpy(principal.name, default_principal.name);
+ if (!principal.realm[0])
+ strcpy(principal.realm, default_principal.realm);
+ }
+
+ snprintf(tktstring, sizeof(tktstring),
+ TKT_ROOT "_cpw_%u", (unsigned)getpid());
+ krb_set_tkt_string(tktstring);
+
+ if (get_pw_new_pwd(pword, sizeof(pword), &principal,
+ realm_given)) {
+ dest_tkt ();
+ exit(1);
+ }
+
+ status = kadm_init_link (PWSERV_NAME, KRB_MASTER, principal.realm);
+ if (status != KADM_SUCCESS)
+ com_err(argv[0], status, "while initializing");
+ else {
+ des_cblock newkey;
+ char *pw_msg; /* message from server */
+
+ des_string_to_key(pword, &newkey);
+ status = kadm_change_pw_plain((unsigned char*)&newkey, pword, &pw_msg);
+ memset(newkey, 0, sizeof(newkey));
+
+ if (status == KADM_INSECURE_PW)
+ warnx ("Insecure password: %s", pw_msg);
+ else if (status != KADM_SUCCESS)
+ com_err(argv[0], status, " attempting to change password.");
+ }
+ memset(pword, 0, sizeof(pword));
+
+ if (status != KADM_SUCCESS)
+ fprintf(stderr,"Password NOT changed.\n");
+ else
+ printf("Password changed.\n");
+
+ dest_tkt();
+ if (status)
+ return 2;
+ else
+ return 0;
+}
diff --git a/crypto/kerberosIV/kadmin/ksrvutil.c b/crypto/kerberosIV/kadmin/ksrvutil.c
new file mode 100644
index 0000000..108481c
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/ksrvutil.c
@@ -0,0 +1,601 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+/*
+ * list and update contents of srvtab files
+ */
+
+/*
+ * ksrvutil
+ * list and update the contents of srvtab files
+ */
+
+#include "kadm_locl.h"
+
+RCSID("$Id: ksrvutil.c,v 1.39 1997/05/02 14:28:52 assar Exp $");
+
+#include "ksrvutil.h"
+
+#ifdef NOENCRYPTION
+#define read_long_pw_string placebo_read_pw_string
+#else /* NOENCRYPTION */
+#define read_long_pw_string des_read_pw_string
+#endif /* NOENCRYPTION */
+
+#define SRVTAB_MODE 0600 /* rw------- */
+#define PAD " "
+#define VNO_HEADER "Version"
+#define VNO_FORMAT "%4d "
+#define KEY_HEADER " Key " /* 17 characters long */
+#define PRINC_HEADER " Principal\n"
+#define PRINC_FORMAT "%s"
+
+char u_name[ANAME_SZ];
+char u_inst[INST_SZ];
+char u_realm[REALM_SZ];
+
+int destroyp = FALSE; /* Should the ticket file be destroyed? */
+
+static unsigned short
+get_mode(char *filename)
+{
+ struct stat statbuf;
+ unsigned short mode;
+
+ memset(&statbuf, 0, sizeof(statbuf));
+
+ if (stat(filename, &statbuf) < 0)
+ mode = SRVTAB_MODE;
+ else
+ mode = statbuf.st_mode;
+
+ return(mode);
+}
+
+static void
+copy_keyfile(char *keyfile, char *backup_keyfile)
+{
+ int keyfile_fd;
+ int backup_keyfile_fd;
+ int keyfile_mode;
+ char buf[BUFSIZ]; /* for copying keyfiles */
+ int rcount; /* for copying keyfiles */
+ int try_again;
+
+ memset(buf, 0, sizeof(buf));
+
+ do {
+ try_again = FALSE;
+ if ((keyfile_fd = open(keyfile, O_RDONLY, 0)) < 0) {
+ if (errno != ENOENT)
+ err (1, "read %s", keyfile);
+ else {
+ try_again = TRUE;
+ if ((keyfile_fd =
+ open(keyfile,
+ O_WRONLY | O_TRUNC | O_CREAT, SRVTAB_MODE)) < 0)
+ err(1, "create %s", keyfile);
+ else
+ if (close(keyfile_fd) < 0)
+ err (1, "close %s", keyfile);
+ }
+ }
+ } while(try_again);
+
+ keyfile_mode = get_mode(keyfile);
+
+ if ((backup_keyfile_fd =
+ open(backup_keyfile, O_WRONLY | O_TRUNC | O_CREAT,
+ keyfile_mode)) < 0)
+ err (1, "write %s", backup_keyfile);
+ do {
+ if ((rcount = read(keyfile_fd, buf, sizeof(buf))) < 0)
+ err (1, "read %s", keyfile);
+ if (rcount && (write(backup_keyfile_fd, buf, rcount) != rcount))
+ err (1, "write %s", backup_keyfile);
+ } while (rcount);
+ if (close(backup_keyfile_fd) < 0)
+ err(1, "close %s", backup_keyfile);
+ if (close(keyfile_fd) < 0)
+ err(1, "close %s", keyfile);
+}
+
+void
+leave(char *str, int x)
+{
+ if (str)
+ fprintf(stderr, "%s\n", str);
+ if (destroyp)
+ dest_tkt();
+ exit(x);
+}
+
+void
+safe_read_stdin(char *prompt, char *buf, size_t size)
+{
+ printf("%s", prompt);
+ fflush(stdout);
+ memset(buf, 0, size);
+ if (read(0, buf, size - 1) < 0) {
+ warn("read stdin");
+ leave(NULL, 1);
+ }
+ buf[strlen(buf)-1] = 0;
+}
+
+void
+safe_write(char *filename, int fd, void *buf, size_t len)
+{
+ if (write(fd, buf, len) != len) {
+ warn("write %s", filename);
+ close(fd);
+ leave("In progress srvtab in this file.", 1);
+ }
+}
+
+static int
+yes_no(char *string, int dflt)
+{
+ char ynbuf[5];
+
+ printf("%s (y,n) [%c]", string, dflt?'y':'n');
+ for (;;) {
+ safe_read_stdin("", ynbuf, sizeof(ynbuf));
+
+ if ((ynbuf[0] == 'n') || (ynbuf[0] == 'N'))
+ return(0);
+ else if ((ynbuf[0] == 'y') || (ynbuf[0] == 'Y'))
+ return(1);
+ else if(ynbuf[0] == 0)
+ return dflt;
+ else {
+ printf("Please enter 'y' or 'n': ");
+ fflush(stdout);
+ }
+ }
+}
+
+int yn(char *string)
+{
+ return yes_no(string, 1);
+}
+
+int ny(char *string)
+{
+ return yes_no(string, 0);
+}
+
+static void
+append_srvtab(char *filename, int fd, char *sname, char *sinst, char *srealm, unsigned char key_vno, unsigned char *key)
+{
+ /* Add one to append null */
+ safe_write(filename, fd, sname, strlen(sname) + 1);
+ safe_write(filename, fd, sinst, strlen(sinst) + 1);
+ safe_write(filename, fd, srealm, strlen(srealm) + 1);
+ safe_write(filename, fd, &key_vno, 1);
+ safe_write(filename, fd, key, sizeof(des_cblock));
+ fsync(fd);
+}
+
+static void
+print_key(unsigned char *key)
+{
+ int i;
+
+ for (i = 0; i < 4; i++)
+ printf("%02x", key[i]);
+ printf(" ");
+ for (i = 4; i < 8; i++)
+ printf("%02x", key[i]);
+}
+
+static void
+print_name(char *name, char *inst, char *realm)
+{
+ printf("%s", krb_unparse_name_long(name, inst, realm));
+}
+
+static int
+get_svc_new_key(des_cblock *new_key, char *sname, char *sinst,
+ char *srealm, char *keyfile)
+{
+ int status = KADM_SUCCESS;
+
+ if (((status = krb_get_svc_in_tkt(sname, sinst, srealm, PWSERV_NAME,
+ KADM_SINST, 1, keyfile)) == KSUCCESS) &&
+ ((status = kadm_init_link(PWSERV_NAME, KRB_MASTER, srealm)) ==
+ KADM_SUCCESS)) {
+#ifdef NOENCRYPTION
+ memset(new_key, 0, sizeof(des_cblock));
+ (*new_key)[0] = (unsigned char) 1;
+#else /* NOENCRYPTION */
+ des_new_random_key(new_key);
+#endif /* NOENCRYPTION */
+ return(KADM_SUCCESS);
+ }
+
+ return(status);
+}
+
+static void
+get_key_from_password(des_cblock (*key), char *cellname)
+{
+ char password[MAX_KPW_LEN]; /* storage for the password */
+
+ if (read_long_pw_string(password, sizeof(password)-1, "Password: ", 1))
+ leave("Error reading password.", 1);
+
+#ifdef NOENCRYPTION
+ memset(key, 0, sizeof(des_cblock));
+ (*key)[0] = (unsigned char) 1;
+#else /* NOENCRYPTION */
+ if (strlen(cellname) == 0)
+ des_string_to_key(password, key);
+ else
+ afs_string_to_key(password, cellname, key);
+#endif /* NOENCRYPTION */
+ memset(password, 0, sizeof(password));
+}
+
+static void
+usage(void)
+{
+ fprintf(stderr, "Usage: ksrvutil [-f keyfile] [-i] [-k] ");
+ fprintf(stderr, "[-p principal] [-r realm] ");
+ fprintf(stderr, "[-c AFS cellname] ");
+ fprintf(stderr, "{list | change | add | get}\n");
+ fprintf(stderr, " -i causes the program to ask for ");
+ fprintf(stderr, "confirmation before changing keys.\n");
+ fprintf(stderr, " -k causes the key to printed for list or ");
+ fprintf(stderr, "change.\n");
+ exit(1);
+}
+
+int
+main(int argc, char **argv)
+{
+ char sname[ANAME_SZ]; /* name of service */
+ char sinst[INST_SZ]; /* instance of service */
+ char srealm[REALM_SZ]; /* realm of service */
+ unsigned char key_vno; /* key version number */
+ int status; /* general purpose error status */
+ des_cblock new_key;
+ des_cblock old_key;
+ char change_tkt[MaxPathLen]; /* Ticket to use for key change */
+ char keyfile[MaxPathLen]; /* Original keyfile */
+ char work_keyfile[MaxPathLen]; /* Working copy of keyfile */
+ char backup_keyfile[MaxPathLen]; /* Backup copy of keyfile */
+ unsigned short keyfile_mode; /* Protections on keyfile */
+ int work_keyfile_fd = -1; /* Initialize so that */
+ int backup_keyfile_fd = -1; /* compiler doesn't complain */
+ char local_realm[REALM_SZ]; /* local kerberos realm */
+ char cellname[1024]; /* AFS cell name */
+ int c;
+ int interactive = FALSE;
+ int list = FALSE;
+ int change = FALSE;
+ int add = FALSE;
+ int get = FALSE;
+ int key = FALSE; /* do we show keys? */
+ int arg_entered = FALSE;
+ int change_this_key = FALSE;
+ char databuf[BUFSIZ];
+ int first_printed = FALSE; /* have we printed the first item? */
+
+ memset(sname, 0, sizeof(sname));
+ memset(sinst, 0, sizeof(sinst));
+ memset(srealm, 0, sizeof(srealm));
+
+ memset(change_tkt, 0, sizeof(change_tkt));
+ memset(keyfile, 0, sizeof(keyfile));
+ memset(work_keyfile, 0, sizeof(work_keyfile));
+ memset(backup_keyfile, 0, sizeof(backup_keyfile));
+ memset(local_realm, 0, sizeof(local_realm));
+ memset(cellname, 0, sizeof(cellname));
+
+ set_progname (argv[0]);
+
+ if (krb_get_default_principal(u_name, u_inst, u_realm) < 0)
+ errx (1, "could not get default principal");
+
+ /* This is used only as a default for adding keys */
+ if (krb_get_lrealm(local_realm, 1) != KSUCCESS)
+ strcpy(local_realm, KRB_REALM);
+
+ while((c = getopt(argc, argv, "ikc:f:p:r:")) != EOF) {
+ switch (c) {
+ case 'i':
+ interactive++;
+ break;
+ case 'k':
+ key++;
+ break;
+ case 'c':
+ strcpy(cellname, optarg);
+ break;
+ case 'f':
+ strcpy(keyfile, optarg);
+ break;
+ case 'p':
+ if((status = kname_parse (u_name, u_inst, u_realm, optarg)) !=
+ KSUCCESS)
+ errx (1, "principal %s: %s", optarg,
+ krb_get_err_text(status));
+ break;
+ case 'r':
+ strcpy(u_realm, optarg);
+ break;
+ case '?':
+ usage();
+ }
+ }
+ if (optind >= argc)
+ usage();
+ if (*u_realm == '\0')
+ strcpy (u_realm, local_realm);
+ if (strcmp(argv[optind], "list") == 0) {
+ if (arg_entered)
+ usage();
+ else {
+ arg_entered++;
+ list++;
+ }
+ }
+ else if (strcmp(argv[optind], "change") == 0) {
+ if (arg_entered)
+ usage();
+ else {
+ arg_entered++;
+ change++;
+ }
+ }
+ else if (strcmp(argv[optind], "add") == 0) {
+ if (arg_entered)
+ usage();
+ else {
+ arg_entered++;
+ add++;
+ }
+ }
+ else if (strcmp(argv[optind], "get") == 0) {
+ if (arg_entered)
+ usage();
+ else {
+ arg_entered++;
+ get++;
+ }
+ }
+ else
+ usage();
+ ++optind;
+
+ if (!arg_entered)
+ usage();
+
+ if (!keyfile[0])
+ strcpy(keyfile, KEYFILE);
+
+ strcpy(work_keyfile, keyfile);
+ strcpy(backup_keyfile, keyfile);
+
+ if (change || add || get) {
+ strcat(work_keyfile, ".work");
+ strcat(backup_keyfile, ".old");
+
+ copy_keyfile(keyfile, backup_keyfile);
+ }
+
+ if (add || get)
+ copy_keyfile(backup_keyfile, work_keyfile);
+
+ keyfile_mode = get_mode(keyfile);
+
+ if (change || list)
+ if ((backup_keyfile_fd = open(backup_keyfile, O_RDONLY, 0)) < 0)
+ err (1, "open %s", backup_keyfile);
+
+ if (change) {
+ if ((work_keyfile_fd =
+ open(work_keyfile, O_WRONLY | O_CREAT | O_TRUNC,
+ SRVTAB_MODE)) < 0)
+ err (1, "creat %s", work_keyfile);
+ }
+ else if (add) {
+ if ((work_keyfile_fd =
+ open(work_keyfile, O_APPEND | O_WRONLY, SRVTAB_MODE)) < 0)
+ err (1, "open with append %s", work_keyfile );
+ }
+ else if (get) {
+ if ((work_keyfile_fd =
+ open(work_keyfile, O_RDWR | O_CREAT, SRVTAB_MODE)) < 0)
+ err (1, "open for writing %s", work_keyfile);
+ }
+
+ if (change || list) {
+ while ((getst(backup_keyfile_fd, sname, SNAME_SZ) > 0) &&
+ (getst(backup_keyfile_fd, sinst, INST_SZ) > 0) &&
+ (getst(backup_keyfile_fd, srealm, REALM_SZ) > 0) &&
+ (read(backup_keyfile_fd, &key_vno, 1) > 0) &&
+ (read(backup_keyfile_fd, old_key, sizeof(old_key)) > 0)) {
+ if (list) {
+ if (!first_printed) {
+ printf(VNO_HEADER);
+ printf(PAD);
+ if (key) {
+ printf(KEY_HEADER);
+ printf(PAD);
+ }
+ printf(PRINC_HEADER);
+ first_printed = 1;
+ }
+ printf(VNO_FORMAT, key_vno);
+ printf(PAD);
+ if (key) {
+ print_key(old_key);
+ printf(PAD);
+ }
+ print_name(sname, sinst, srealm);
+ printf("\n");
+ }
+ else if (change) {
+ snprintf(change_tkt, sizeof(change_tkt),
+ TKT_ROOT "_ksrvutil.%u",
+ (unsigned)getpid());
+ krb_set_tkt_string(change_tkt);
+ destroyp = TRUE;
+
+ printf("\nPrincipal: ");
+ print_name(sname, sinst, srealm);
+ printf("; version %d\n", key_vno);
+ if (interactive)
+ change_this_key = yn("Change this key?");
+ else if (change)
+ change_this_key = 1;
+ else
+ change_this_key = 0;
+
+ if (change_this_key)
+ printf("Changing to version %d.\n", key_vno + 1);
+ else if (change)
+ printf("Not changing this key.\n");
+
+ if (change_this_key) {
+ /*
+ * This is not a good choice of seed when/if the
+ * key has been compromised so we also use a
+ * random sequence number!
+ */
+ des_init_random_number_generator(&old_key);
+ {
+ des_cblock seqnum;
+ des_generate_random_block(&seqnum);
+ des_set_sequence_number((unsigned char *)&seqnum);
+ }
+ /*
+ * Pick a new key and determine whether or not
+ * it is safe to change
+ */
+ if ((status =
+ get_svc_new_key(&new_key, sname, sinst,
+ srealm, keyfile)) == KADM_SUCCESS)
+ key_vno++;
+ else {
+ memcpy(new_key, old_key, sizeof(new_key));
+ warnx ("Key NOT changed: %s\n",
+ krb_get_err_text(status));
+ change_this_key = FALSE;
+ }
+ }
+ else
+ memcpy(new_key, old_key, sizeof(new_key));
+ append_srvtab(work_keyfile, work_keyfile_fd,
+ sname, sinst, srealm, key_vno, new_key);
+ if (key && change_this_key) {
+ printf("Old key: ");
+ print_key(old_key);
+ printf("; new key: ");
+ print_key(new_key);
+ printf("\n");
+ }
+ if (change_this_key) {
+ if ((status = kadm_change_pw(new_key)) == KADM_SUCCESS) {
+ printf("Key changed.\n");
+ dest_tkt();
+ }
+ else {
+ com_err(__progname, status,
+ " attempting to change password.");
+ dest_tkt();
+ /* XXX This knows the format of a keyfile */
+ if (lseek(work_keyfile_fd, -9, SEEK_CUR) >= 0) {
+ key_vno--;
+ safe_write(work_keyfile,
+ work_keyfile_fd, &key_vno, 1);
+ safe_write(work_keyfile, work_keyfile_fd,
+ old_key, sizeof(des_cblock));
+ fsync(work_keyfile_fd);
+ fprintf(stderr,"Key NOT changed.\n");
+ } else {
+ warn ("Unable to revert keyfile");
+ leave("", 1);
+ }
+ }
+ }
+ }
+ memset(old_key, 0, sizeof(des_cblock));
+ memset(new_key, 0, sizeof(des_cblock));
+ }
+ }
+ else if (add) {
+ do {
+ do {
+ safe_read_stdin("Name: ", databuf, sizeof(databuf));
+ strncpy(sname, databuf, sizeof(sname) - 1);
+ if (strchr(sname, '.') != 0) {
+ strcpy(sinst, strchr(sname, '.') + 1);
+ *(strchr(sname, '.')) = 0;
+ } else {
+ safe_read_stdin("Instance: ", databuf, sizeof(databuf));
+ strncpy(sinst, databuf, sizeof(sinst) - 1);
+ }
+ safe_read_stdin("Realm: ", databuf, sizeof(databuf));
+ strncpy(srealm, databuf, sizeof(srealm) - 1);
+ safe_read_stdin("Version number: ", databuf, sizeof(databuf));
+ key_vno = atoi(databuf);
+ if (key_vno == 0)
+ key_vno = 1; /* Version numbers are never 0 */
+ if (!srealm[0])
+ strcpy(srealm, local_realm);
+ printf("New principal: ");
+ print_name(sname, sinst, srealm);
+ printf("; version %d\n", key_vno);
+ } while (!yn("Is this correct?"));
+ get_key_from_password(&new_key, cellname);
+ if (key) {
+ printf("Key: ");
+ print_key(new_key);
+ printf("\n");
+ }
+ append_srvtab(work_keyfile, work_keyfile_fd,
+ sname, sinst, srealm, key_vno, new_key);
+ printf("Key successfully added.\n");
+ } while (yn("Would you like to add another key?"));
+ }
+ else if (get) {
+ ksrvutil_get(work_keyfile_fd, work_keyfile,
+ argc - optind, argv + optind);
+ }
+
+ if (change || list)
+ if (close(backup_keyfile_fd) < 0)
+ warn ("close %s", backup_keyfile);
+
+ if (change || add || get) {
+ if (close(work_keyfile_fd) < 0)
+ err (1, "close %s", work_keyfile);
+ if (rename(work_keyfile, keyfile) < 0)
+ err (1, "rename(%s, %s)", work_keyfile, keyfile);
+ chmod(backup_keyfile, keyfile_mode);
+ chmod(keyfile, keyfile_mode);
+ printf("Old keyfile in %s.\n", backup_keyfile);
+ }
+ return 0;
+}
diff --git a/crypto/kerberosIV/kadmin/ksrvutil.h b/crypto/kerberosIV/kadmin/ksrvutil.h
new file mode 100644
index 0000000..64e2fe4
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/ksrvutil.h
@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * $Id: ksrvutil.h,v 1.8 1997/04/01 03:58:55 assar Exp $
+ *
+ */
+
+extern char u_name[], u_inst[], u_realm[];
+extern int destroyp;
+
+void leave(char *str, int x);
+void safe_read_stdin(char *prompt, char *buf, size_t size);
+void safe_write(char *filename, int fd, void *buf, size_t len);
+
+int yn(char *string);
+int ny(char *string);
+
+void ksrvutil_get(int fd, char *filename, int argc, char **argv);
diff --git a/crypto/kerberosIV/kadmin/ksrvutil_get.c b/crypto/kerberosIV/kadmin/ksrvutil_get.c
new file mode 100644
index 0000000..7b97d35
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/ksrvutil_get.c
@@ -0,0 +1,400 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm_locl.h"
+#include "ksrvutil.h"
+
+RCSID("$Id: ksrvutil_get.c,v 1.32 1997/05/05 21:14:57 assar Exp $");
+
+#define BAD_PW 1
+#define GOOD_PW 0
+#define FUDGE_VALUE 15 /* for ticket expiration time */
+#define PE_NO 0
+#define PE_YES 1
+#define PE_UNSURE 2
+
+static char tktstring[128];
+
+static int
+princ_exists(char *name, char *instance, char *realm)
+{
+ int status;
+
+ status = krb_get_pw_in_tkt(name, instance, realm,
+ KRB_TICKET_GRANTING_TICKET,
+ realm, 1, "");
+
+ if ((status == KSUCCESS) || (status == INTK_BADPW))
+ return(PE_YES);
+ else if (status == KDC_PR_UNKNOWN)
+ return(PE_NO);
+ else
+ return(PE_UNSURE);
+}
+
+static int
+get_admin_password(char *myname, char *myinst, char *myrealm)
+{
+ int status;
+ char admin_passwd[MAX_KPW_LEN]; /* Admin's password */
+ int ticket_life = 1; /* minimum ticket lifetime */
+ char buf[1024];
+ CREDENTIALS c;
+
+ if (princ_exists(myname, myinst, myrealm) != PE_NO) {
+ snprintf(buf, sizeof(buf), "Password for %s: ",
+ krb_unparse_name_long (myname, myinst, myrealm));
+ if (des_read_pw_string(admin_passwd, sizeof(admin_passwd)-1,
+ buf, 0)) {
+ fprintf(stderr, "Error reading admin password.\n");
+ goto bad;
+ }
+ status = krb_get_pw_in_tkt(myname, myinst, myrealm, PWSERV_NAME,
+ KADM_SINST, ticket_life, admin_passwd);
+ memset(admin_passwd, 0, sizeof(admin_passwd));
+
+ /* Initialize non shared random sequence from session key. */
+ memset(&c, 0, sizeof(c));
+ krb_get_cred(PWSERV_NAME, KADM_SINST, myrealm, &c);
+ des_init_random_number_generator(&c.session);
+ }
+ else
+ status = KDC_PR_UNKNOWN;
+
+ switch(status) {
+ case GT_PW_OK:
+ return(GOOD_PW);
+ case KDC_PR_UNKNOWN:
+ printf("Principal %s does not exist.\n",
+ krb_unparse_name_long(myname, myinst, myrealm));
+ goto bad;
+ case GT_PW_BADPW:
+ printf("Incorrect admin password.\n");
+ goto bad;
+ default:
+ com_err("kadmin", status+krb_err_base,
+ "while getting password tickets");
+ goto bad;
+ }
+
+bad:
+ memset(admin_passwd, 0, sizeof(admin_passwd));
+ dest_tkt();
+ return(BAD_PW);
+}
+
+static void
+srvtab_put_key (int fd, char *filename, char *name, char *inst, char *realm,
+ int8_t kvno, des_cblock key)
+{
+ char sname[ANAME_SZ]; /* name of service */
+ char sinst[INST_SZ]; /* instance of service */
+ char srealm[REALM_SZ]; /* realm of service */
+ int8_t skvno;
+ des_cblock skey;
+
+ lseek(fd, 0, SEEK_SET);
+
+ while(getst(fd, sname, SNAME_SZ) > 0 &&
+ getst(fd, sinst, INST_SZ) > 0 &&
+ getst(fd, srealm, REALM_SZ) > 0 &&
+ read(fd, &skvno, sizeof(skvno)) > 0 &&
+ read(fd, skey, sizeof(skey)) > 0) {
+ if(strcmp(name, sname) == 0 &&
+ strcmp(inst, sinst) == 0 &&
+ strcmp(realm, srealm) == 0) {
+ lseek(fd, lseek(fd,0,SEEK_CUR)-(sizeof(skvno) + sizeof(skey)), SEEK_SET);
+ safe_write(filename, fd, &kvno, sizeof(kvno));
+ safe_write(filename, fd, key, sizeof(des_cblock));
+ return;
+ }
+ }
+ safe_write(filename, fd, name, strlen(name) + 1);
+ safe_write(filename, fd, inst, strlen(inst) + 1);
+ safe_write(filename, fd, realm, strlen(realm) + 1);
+ safe_write(filename, fd, &kvno, sizeof(kvno));
+ safe_write(filename, fd, key, sizeof(des_cblock));
+}
+
+/*
+ * node list of services
+ */
+
+struct srv_ent{
+ char name[SNAME_SZ];
+ char inst[INST_SZ];
+ char realm[REALM_SZ];
+ struct srv_ent *next;
+};
+
+static int
+key_to_key(char *user, char *instance, char *realm, void *arg,
+ des_cblock *key)
+{
+ memcpy(key, arg, sizeof(des_cblock));
+ return 0;
+}
+
+static void
+get_srvtab_ent(int fd, char *filename, char *name, char *inst, char *realm)
+{
+ char chname[128];
+ des_cblock newkey;
+ char old_tktfile[MaxPathLen], new_tktfile[MaxPathLen];
+ char garbage_name[ANAME_SZ];
+ char garbage_inst[ANAME_SZ];
+ CREDENTIALS c;
+ u_int8_t kvno;
+ Kadm_vals values;
+ int ret;
+
+ strncpy(chname, krb_get_phost(inst), sizeof(chname));
+ if(strcmp(inst, chname))
+ fprintf(stderr,
+ "Warning: Are you sure `%s' should not be `%s'?\n",
+ inst, chname);
+
+ memset(&values, 0, sizeof(values));
+ strcpy(values.name, name);
+ strcpy(values.instance, inst);
+ des_new_random_key(&newkey);
+ values.key_low = (newkey[0] << 24) | (newkey[1] << 16)
+ | (newkey[2] << 8) | (newkey[3] << 0);
+ values.key_high = (newkey[4] << 24) | (newkey[5] << 16)
+ | (newkey[6] << 8) | (newkey[7] << 0);
+
+ SET_FIELD(KADM_NAME,values.fields);
+ SET_FIELD(KADM_INST,values.fields);
+ SET_FIELD(KADM_DESKEY,values.fields);
+
+ ret = kadm_mod(&values, &values);
+ if(ret == KADM_NOENTRY)
+ ret = kadm_add(&values);
+ if (ret != KSUCCESS) {
+ warnx ("Couldn't get srvtab entry for %s.%s: %s",
+ name, inst, error_message(ret));
+ return;
+ }
+
+ values.key_low = values.key_high = 0;
+
+ /* get the key version number */
+
+ strcpy(old_tktfile, tkt_string());
+ snprintf(new_tktfile, sizeof(new_tktfile),
+ TKT_ROOT "_ksrvutil-get.%u",
+ (unsigned)getpid());
+ krb_set_tkt_string(new_tktfile);
+
+ ret = krb_get_in_tkt(name, inst, realm, name, inst,
+ 1, key_to_key, NULL, &newkey);
+
+ if (ret == KSUCCESS &&
+ (ret = tf_init(tkt_string(), R_TKT_FIL)) == KSUCCESS &&
+ (ret = tf_get_pname(garbage_name)) == KSUCCESS &&
+ (ret = tf_get_pinst(garbage_inst)) == KSUCCESS &&
+ (ret = tf_get_cred(&c)) == KSUCCESS)
+ kvno = c.kvno;
+ else {
+ warnx ("Could not find the cred in the ticket file");
+ return;
+ }
+
+ tf_close();
+ krb_set_tkt_string(old_tktfile);
+ unlink(new_tktfile);
+
+ if(ret != KSUCCESS) {
+ memset(&newkey, 0, sizeof(newkey));
+ warnx ("Could not get a ticket for %s: %s\n",
+ krb_unparse_name_long(name, inst, realm),
+ krb_get_err_text(ret));
+ return;
+ }
+
+ /* Write the new key & c:o to the srvtab file */
+
+ srvtab_put_key (fd, filename, name, inst, realm, kvno, newkey);
+ memset(&newkey, 0, sizeof(newkey));
+
+ fprintf (stderr, "Added %s\n", krb_unparse_name_long (name, inst, realm));
+}
+
+static void
+ksrvutil_kadm(int fd, char *filename, struct srv_ent *p)
+{
+ int ret;
+ CREDENTIALS c;
+
+ ret = kadm_init_link(PWSERV_NAME, KADM_SINST, u_realm);
+ if (ret != KADM_SUCCESS) {
+ warnx("Couldn't initialize kadmin link: %s", error_message(ret));
+ leave(NULL, 1);
+ }
+
+ ret = krb_get_cred (PWSERV_NAME, KADM_SINST, u_realm, &c);
+ if (ret == KSUCCESS)
+ des_init_random_number_generator (&c.session);
+ else {
+ umask(077);
+
+ /*
+ * create ticket file and get admin tickets
+ */
+ snprintf(tktstring, sizeof(tktstring), TKT_ROOT "_ksrvutil_%d", (int)getpid());
+ krb_set_tkt_string(tktstring);
+ destroyp = TRUE;
+
+ ret = get_admin_password(u_name, u_inst, u_realm);
+ if (ret) {
+ warnx("Couldn't get admin password.");
+ leave(NULL, 1);
+ }
+ }
+ for(;p;){
+ get_srvtab_ent(fd, filename, p->name, p->inst, p->realm);
+ p=p->next;
+ }
+ unlink(tktstring);
+}
+
+static void
+parseinput (char *result, size_t sz, char *val, char *def)
+{
+ char *lim;
+ int inq;
+
+ if (val[0] == '\0') {
+ strncpy (result, def, sz-1);
+ return;
+ }
+ lim = result + sz - 1;
+ inq = 0;
+ while(*val && result < lim) {
+ switch(*val) {
+ case '\'' :
+ inq = !inq;
+ ++val;
+ break;
+ case '\\' :
+ if(!inq)
+ val++;
+ default:
+ *result++ = *val++;
+ break;
+ }
+ }
+ *result = '\0';
+}
+
+void
+ksrvutil_get(int fd, char *filename, int argc, char **argv)
+{
+ char sname[ANAME_SZ]; /* name of service */
+ char sinst[INST_SZ]; /* instance of service */
+ char srealm[REALM_SZ]; /* realm of service */
+ char databuf[BUFSIZ];
+ char local_hostname[100];
+ char prompt[100];
+ struct srv_ent *head=NULL;
+ int i;
+
+ k_gethostname(local_hostname, sizeof(local_hostname));
+ strcpy(local_hostname, krb_get_phost(local_hostname));
+
+ if (argc)
+ for(i=0; i < argc; ++i) {
+ struct srv_ent *p=malloc(sizeof(*p));
+
+ if(p == NULL) {
+ warnx ("out of memory in malloc");
+ leave(NULL,1);
+ }
+ p->next = head;
+ strcpy (p->realm, u_realm);
+ if (kname_parse (p->name, p->inst, p->realm, argv[i]) !=
+ KSUCCESS) {
+ warnx ("parse error on '%s'\n", argv[i]);
+ free(p);
+ continue;
+ }
+ if (p->name[0] == '\0')
+ strcpy(p->name, "rcmd");
+ if (p->inst[0] == '\0')
+ strcpy(p->inst, local_hostname);
+ if (p->realm[0] == '\0')
+ strcpy(p->realm, u_realm);
+ head = p;
+ }
+
+ else
+ do{
+ safe_read_stdin("Name [rcmd]: ", databuf, sizeof(databuf));
+ parseinput (sname, sizeof(sname), databuf, "rcmd");
+
+ snprintf(prompt, sizeof(prompt), "Instance [%s]: ", local_hostname);
+ safe_read_stdin(prompt, databuf, sizeof(databuf));
+ parseinput (sinst, sizeof(sinst), databuf, local_hostname);
+
+ snprintf(prompt, sizeof(prompt), "Realm [%s]: ", u_realm);
+ safe_read_stdin(prompt, databuf, sizeof(databuf));
+ parseinput (srealm, sizeof(srealm), databuf, u_realm);
+
+ if(yn("Is this correct?")){
+ struct srv_ent *p=(struct srv_ent*)malloc(sizeof(struct srv_ent));
+ p->next=head;
+ head=p;
+ strcpy(p->name, sname);
+ strcpy(p->inst, sinst);
+ strcpy(p->realm, srealm);
+ }
+ }while(ny("Add more keys?"));
+
+
+ ksrvutil_kadm(fd, filename, head);
+
+ {
+ struct srv_ent *p=head, *q;
+ while(p){
+ q=p;
+ p=p->next;
+ free(q);
+ }
+ }
+
+}
diff --git a/crypto/kerberosIV/kadmin/new_pwd.c b/crypto/kerberosIV/kadmin/new_pwd.c
new file mode 100644
index 0000000..88fb7a9
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/new_pwd.c
@@ -0,0 +1,146 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm_locl.h"
+
+RCSID("$Id: new_pwd.c,v 1.11 1997/05/02 14:28:54 assar Exp $");
+
+#ifdef NOENCRYPTION
+#define read_long_pw_string placebo_read_pw_string
+#else
+#define read_long_pw_string des_read_pw_string
+#endif
+
+static char *
+check_pw (char *pword)
+{
+ if (strlen(pword) == 0)
+ return "Null passwords are not allowed - Please enter a longer password.";
+
+ if (strlen(pword) < MIN_KPW_LEN)
+ return "Password is to short - Please enter a longer password.";
+
+ /* Don't allow all lower case passwords regardless of length */
+ {
+ char *t;
+ for (t = pword; *t && islower(*t); t++)
+ ;
+ if (*t == 0)
+ return "Please don't use an all-lower case password.\n"
+ "\tUnusual capitalization, delimiter characters or "
+ "digits are suggested.";
+ }
+
+ return NULL;
+}
+
+int
+get_pw_new_pwd(char *pword, int pwlen, krb_principal *pr, int print_realm)
+{
+ char ppromp[40+ANAME_SZ+INST_SZ+REALM_SZ]; /* for the password prompt */
+ char npromp[40+ANAME_SZ+INST_SZ+REALM_SZ]; /* for the password prompt */
+
+ char p[MAX_K_NAME_SZ];
+
+ char local_realm[REALM_SZ];
+ int status;
+ char *expl;
+
+ /*
+ * We don't care about failure; this is to determine whether or
+ * not to print the realm in the prompt for a new password.
+ */
+ krb_get_lrealm(local_realm, 1);
+
+ if (strcmp(local_realm, pr->realm))
+ print_realm++;
+
+ {
+ char *q;
+ krb_unparse_name_r(pr, p);
+ if(print_realm == 0 && (q = strrchr(p, '@')))
+ *q = 0;
+ }
+
+ snprintf(ppromp, sizeof(ppromp), "Old password for %s:", p);
+ if (read_long_pw_string(pword, pwlen-1, ppromp, 0)) {
+ fprintf(stderr, "Error reading old password.\n");
+ return -1;
+ }
+
+ status = krb_get_pw_in_tkt(pr->name, pr->instance, pr->realm,
+ PWSERV_NAME, KADM_SINST, 1, pword);
+ if (status != KSUCCESS) {
+ if (status == INTK_BADPW) {
+ printf("Incorrect old password.\n");
+ return -1;
+ }
+ else {
+ fprintf(stderr, "Kerberos error: %s\n", krb_get_err_text(status));
+ return -1;
+ }
+ }
+ memset(pword, 0, pwlen);
+
+ do {
+ char verify[MAX_KPW_LEN];
+ snprintf(npromp, sizeof(npromp), "New Password for %s:",p);
+ if (read_long_pw_string(pword, pwlen-1, npromp, 0)) {
+ fprintf(stderr,
+ "Error reading new password, password unchanged.\n");
+ return -1;
+ }
+ expl = check_pw (pword);
+ if (expl) {
+ printf("\n\t%s\n\n", expl);
+ continue;
+ }
+ /* Now we got an ok password, verify it. */
+ snprintf(npromp, sizeof(npromp), "Verifying New Password for %s:", p);
+ if (read_long_pw_string(verify, MAX_KPW_LEN-1, npromp, 0)) {
+ fprintf(stderr,
+ "Error reading new password, password unchanged.\n");
+ return -1;
+ }
+ if (strcmp(pword, verify) != 0) {
+ printf("Verify failure - try again\n");
+ expl = ""; /* continue */
+ }
+ } while (expl);
+ return 0;
+}
diff --git a/crypto/kerberosIV/kadmin/pw_check.c b/crypto/kerberosIV/kadmin/pw_check.c
new file mode 100644
index 0000000..ac6912b
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/pw_check.c
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm_locl.h"
+
+RCSID("$Id: pw_check.c,v 1.13 1997/04/01 08:17:50 joda Exp $");
+
+/*
+ * kadm_pw_check
+ *
+ * pw : new password or "" if none passed
+ * newkey : key for pw as passed from client
+ * strings : interesting strings to check for
+ *
+ * returns NULL if pw is ok, else an explanatory string
+ */
+int
+kadm_pw_check(char *pw, des_cblock *newkey, char **pw_msg,
+ char **strings)
+{
+ des_cblock pwkey;
+ int status=KADM_SUCCESS;
+
+ if (pw == NULL || *pw == '\0')
+ return status; /* XXX - Change this later */
+
+#ifndef NO_PW_CHECK
+ *pw_msg = NULL;
+ des_string_to_key(pw, &pwkey); /* Check AFS string to key also! */
+ if (memcmp(pwkey, *newkey, sizeof(pwkey)) != 0)
+ {
+ /* no password or bad key */
+ status=KADM_PW_MISMATCH;
+ *pw_msg = "Password doesn't match supplied DES key";
+ }
+ else if (strlen(pw) < MIN_KPW_LEN)
+ {
+ status = KADM_INSECURE_PW;
+ *pw_msg="Password is too short";
+ }
+
+#ifdef DICTPATH
+ *pw_msg = FascistCheck(pw, DICTPATH, strings);
+ if (*pw_msg)
+ return KADM_INSECURE_PW;
+#endif
+
+ memset(pwkey, 0, sizeof(pwkey));
+#endif
+
+ return status;
+}
diff --git a/crypto/kerberosIV/kadmin/pw_check.h b/crypto/kerberosIV/kadmin/pw_check.h
new file mode 100644
index 0000000..c5a5d69
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/pw_check.h
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * $Id: pw_check.h,v 1.6 1997/04/01 08:17:50 joda Exp $
+ */
+
+int kadm_pw_check(char *pw, des_cblock *newkey,
+ char **pw_msg, char **strings);
+
diff --git a/crypto/kerberosIV/kuser/Makefile.in b/crypto/kerberosIV/kuser/Makefile.in
new file mode 100644
index 0000000..aff8c19
--- /dev/null
+++ b/crypto/kerberosIV/kuser/Makefile.in
@@ -0,0 +1,92 @@
+# $Id: Makefile.in,v 1.23 1997/03/23 13:04:08 assar Exp $
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+topdir = ..
+
+CC = @CC@
+AR = ar
+RANLIB = @RANLIB@
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@
+LD_FLAGS = @LD_FLAGS@
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+LIBS = @LIBS@
+KRB_KAFS_LIB = @KRB_KAFS_LIB@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+bindir = @bindir@
+libdir = @libdir@
+transform=@program_transform_name@
+EXECSUFFIX=@EXECSUFFIX@
+
+PROGS = kinit$(EXECSUFFIX) \
+ kdestroy$(EXECSUFFIX) \
+ klist$(EXECSUFFIX)
+
+SOURCES = kinit.c kdestroy.c klist.c
+
+OBJECTS = kinit.o kdestroy.o klist.o
+
+all: $(PROGS)
+
+Wall:
+ make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+ $(CC) -c $(CPPFLAGS) $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $<
+
+install: all
+ $(MKINSTALLDIRS) $(bindir)
+ for x in $(PROGS); do \
+ $(INSTALL_PROGRAM) $$x $(bindir)/`echo $$x | sed '$(transform)'`; \
+ done
+
+uninstall:
+ for x in $(PROGS); do \
+ rm -f $(bindir)/`echo $$x | sed '$(transform)'`; \
+ done
+
+TAGS: $(SOURCES)
+ etags $(SOURCES)
+
+check:
+
+clean:
+ rm -f *.a *.o $(PROGS)
+
+mostlyclean: clean
+
+distclean: clean
+ rm -f Makefile *.tab.c *~
+
+realclean: distclean
+ rm -f TAGS
+
+dist: $(DISTFILES)
+ for file in $(DISTFILES); do \
+ ln $$file ../`cat ../.fname`/lib \
+ || cp -p $$file ../`cat ../.fname`/lib; \
+ done
+
+KLIB=-L../lib/krb -lkrb -L../lib/des -ldes
+LIBROKEN=-L../lib/roken -lroken
+
+kinit$(EXECSUFFIX): kinit.o
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kinit.o $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+kdestroy$(EXECSUFFIX): kdestroy.o
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdestroy.o $(KRB_KAFS_LIB) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+klist$(EXECSUFFIX): klist.o
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ klist.o $(KRB_KAFS_LIB) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+# su move to appl/bsd
+
+$(OBJECTS): ../include/config.h
diff --git a/crypto/kerberosIV/kuser/kdestroy.c b/crypto/kerberosIV/kuser/kdestroy.c
new file mode 100644
index 0000000..2fe36c3
--- /dev/null
+++ b/crypto/kerberosIV/kuser/kdestroy.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * This program causes Kerberos tickets to be destroyed.
+ * Options are:
+ *
+ * -q[uiet] - no bell even if tickets not destroyed
+ * -f[orce] - no message printed at all
+ * -t - do not destroy tokens
+ */
+
+#include "kuser_locl.h"
+#include <kafs.h>
+
+RCSID("$Id: kdestroy.c,v 1.8 1997/03/30 16:15:03 joda Exp $");
+
+static void
+usage(void)
+{
+ fprintf(stderr, "Usage: %s [-f] [-q] [-t]\n", __progname);
+ exit(1);
+}
+
+int
+main(int argc, char **argv)
+{
+ int fflag=0, tflag = 0, k_errno;
+ int c;
+
+ set_progname(argv[0]);
+
+ while((c = getopt(argc, argv, "fqt")) >= 0){
+ switch(c){
+ case 'f':
+ case 'q':
+ fflag++;
+ break;
+ case 't':
+ tflag++;
+ break;
+ default:
+ usage();
+ }
+ }
+ if(argc - optind > 0)
+ usage();
+
+ k_errno = dest_tkt();
+
+ if(!tflag && k_hasafs())
+ k_unlog();
+
+ if (fflag) {
+ if (k_errno != 0 && k_errno != RET_TKFIL)
+ exit(1);
+ else
+ exit(0);
+ } else {
+ if (k_errno == 0)
+ printf("Tickets destroyed.\n");
+ else if (k_errno == RET_TKFIL)
+ printf("No tickets to destroy.\n");
+ else {
+ printf("Tickets NOT destroyed.\n");
+ exit(1);
+ }
+ }
+ exit(0);
+}
diff --git a/crypto/kerberosIV/kuser/kinit.c b/crypto/kerberosIV/kuser/kinit.c
new file mode 100644
index 0000000..64910b9
--- /dev/null
+++ b/crypto/kerberosIV/kuser/kinit.c
@@ -0,0 +1,158 @@
+/*
+ * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * Routine to initialize user to Kerberos. Prompts optionally for
+ * user, instance and realm. Authenticates user and gets a ticket
+ * for the Kerberos ticket-granting service for future use.
+ *
+ * Options are:
+ *
+ * -i[instance]
+ * -r[realm]
+ * -v[erbose]
+ * -l[ifetime]
+ * -p
+ */
+
+#include "kuser_locl.h"
+
+RCSID("$Id: kinit.c,v 1.15 1997/03/30 18:58:46 assar Exp $");
+
+#define LIFE DEFAULT_TKT_LIFE /* lifetime of ticket in 5-minute units */
+#define CHPASSLIFE 2
+
+static void
+get_input(char *s, int size, FILE *stream)
+{
+ char *p;
+
+ if (fgets(s, size, stream) == NULL)
+ exit(1);
+ if ( (p = strchr(s, '\n')) != NULL)
+ *p = '\0';
+}
+
+
+static void
+usage(void)
+{
+ fprintf(stderr, "Usage: %s [-irvlp] [name]\n", __progname);
+ exit(1);
+}
+
+int
+main(int argc, char **argv)
+{
+ char aname[ANAME_SZ];
+ char inst[INST_SZ];
+ char realm[REALM_SZ];
+ char buf[MaxHostNameLen];
+ char name[MAX_K_NAME_SZ];
+ char *username = NULL;
+ int iflag, rflag, vflag, lflag, pflag, lifetime, k_errno;
+ int i;
+
+ set_progname (argv[0]);
+
+ *inst = *realm = '\0';
+ iflag = rflag = vflag = lflag = pflag = 0;
+ lifetime = LIFE;
+ set_progname(argv[0]);
+
+ while (--argc) {
+ if ((*++argv)[0] != '-') {
+ if (username)
+ usage();
+ username = *argv;
+ continue;
+ }
+ for (i = 1; (*argv)[i] != '\0'; i++)
+ switch ((*argv)[i]) {
+ case 'i': /* Instance */
+ ++iflag;
+ continue;
+ case 'r': /* Realm */
+ ++rflag;
+ continue;
+ case 'v': /* Verbose */
+ ++vflag;
+ continue;
+ case 'l':
+ ++lflag;
+ continue;
+ case 'p':
+ ++pflag; /* chpass-tickets */
+ lifetime = CHPASSLIFE;
+ break;
+ default:
+ usage();
+ }
+ }
+ if (username &&
+ (k_errno = kname_parse(aname, inst, realm, username)) != KSUCCESS) {
+ warnx("%s", krb_get_err_text(k_errno));
+ iflag = rflag = 1;
+ username = NULL;
+ }
+ if (k_gethostname(buf, MaxHostNameLen))
+ err(1, "k_gethostname failed");
+ printf("%s (%s)\n", ORGANIZATION, buf);
+ if (username) {
+ printf("Kerberos Initialization for \"%s", aname);
+ if (*inst)
+ printf(".%s", inst);
+ if (*realm)
+ printf("@%s", realm);
+ printf("\"\n");
+ } else {
+ printf("Kerberos Initialization\n");
+ printf("Kerberos name: ");
+ get_input(name, sizeof(name), stdin);
+ if (!*name)
+ return 0;
+ if ((k_errno = kname_parse(aname, inst, realm, name)) != KSUCCESS )
+ errx(1, "%s", krb_get_err_text(k_errno));
+ }
+ /* optional instance */
+ if (iflag) {
+ printf("Kerberos instance: ");
+ get_input(inst, sizeof(inst), stdin);
+ if (!k_isinst(inst))
+ errx(1, "bad Kerberos instance format");
+ }
+ if (rflag) {
+ printf("Kerberos realm: ");
+ get_input(realm, sizeof(realm), stdin);
+ if (!k_isrealm(realm))
+ errx(1, "bad Kerberos realm format");
+ }
+ if (lflag) {
+ printf("Kerberos ticket lifetime (minutes): ");
+ get_input(buf, sizeof(buf), stdin);
+ lifetime = atoi(buf);
+ if (lifetime < 5)
+ lifetime = 1;
+ else
+ lifetime = krb_time_to_life(0, lifetime*60);
+ /* This should be changed if the maximum ticket lifetime */
+ /* changes */
+ if (lifetime > 255)
+ lifetime = 255;
+ }
+ if (!*realm && krb_get_lrealm(realm, 1))
+ errx(1, "krb_get_lrealm failed");
+ k_errno = krb_get_pw_in_tkt(aname, inst, realm,
+ pflag ? PWSERV_NAME :
+ KRB_TICKET_GRANTING_TICKET,
+ pflag ? KADM_SINST : realm,
+ lifetime, 0);
+ if (vflag) {
+ printf("Kerberos realm %s:\n", realm);
+ printf("%s\n", krb_get_err_text(k_errno));
+ } else if (k_errno)
+ errx(1, "%s", krb_get_err_text(k_errno));
+ exit(0);
+}
diff --git a/crypto/kerberosIV/kuser/klist.c b/crypto/kerberosIV/kuser/klist.c
new file mode 100644
index 0000000..faf7d6b
--- /dev/null
+++ b/crypto/kerberosIV/kuser/klist.c
@@ -0,0 +1,314 @@
+/*
+ * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * Lists your current Kerberos tickets.
+ * Written by Bill Sommerfeld, MIT Project Athena.
+ */
+
+#include "kuser_locl.h"
+
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4
+#include <sys/ioctl.h>
+#endif
+
+#ifdef HAVE_SYS_IOCCOM_H
+#include <sys/ioccom.h>
+#endif
+
+#include <kafs.h>
+
+RCSID("$Id: klist.c,v 1.28 1997/05/26 17:33:50 bg Exp $");
+
+static int option_verbose = 0;
+
+static char *
+short_date(int32_t dp)
+{
+ char *cp;
+ time_t t = (time_t)dp;
+
+ if (t == (time_t)(-1L)) return "*** Never *** ";
+ cp = ctime(&t) + 4;
+ cp[15] = '\0';
+ return (cp);
+}
+
+static void
+display_tktfile(char *file, int tgt_test, int long_form)
+{
+ krb_principal pr;
+ char buf1[20], buf2[20];
+ int k_errno;
+ CREDENTIALS c;
+ int header = 1;
+
+ if ((file == NULL) && ((file = getenv("KRBTKFILE")) == NULL))
+ file = TKT_FILE;
+
+ if (long_form)
+ printf("Ticket file: %s\n", file);
+
+ /*
+ * Since krb_get_tf_realm will return a ticket_file error,
+ * we will call tf_init and tf_close first to filter out
+ * things like no ticket file. Otherwise, the error that
+ * the user would see would be
+ * klist: can't find realm of ticket file: No ticket file (tf_util)
+ * instead of
+ * klist: No ticket file (tf_util)
+ */
+
+ /* Open ticket file */
+ if ((k_errno = tf_init(file, R_TKT_FIL))) {
+ if (!tgt_test)
+ warnx("%s", krb_get_err_text(k_errno));
+ exit(1);
+ }
+ /* Close ticket file */
+ tf_close();
+
+ /*
+ * We must find the realm of the ticket file here before calling
+ * tf_init because since the realm of the ticket file is not
+ * really stored in the principal section of the file, the
+ * routine we use must itself call tf_init and tf_close.
+ */
+ if ((k_errno = krb_get_tf_realm(file, pr.realm)) != KSUCCESS) {
+ if (!tgt_test)
+ warnx("can't find realm of ticket file: %s",
+ krb_get_err_text(k_errno));
+ exit(1);
+ }
+
+ /* Open ticket file */
+ if ((k_errno = tf_init(file, R_TKT_FIL))) {
+ if (!tgt_test)
+ warnx("%s", krb_get_err_text(k_errno));
+ exit(1);
+ }
+ /* Get principal name and instance */
+ if ((k_errno = tf_get_pname(pr.name)) ||
+ (k_errno = tf_get_pinst(pr.instance))) {
+ if (!tgt_test)
+ warnx("%s", krb_get_err_text(k_errno));
+ exit(1);
+ }
+
+ /*
+ * You may think that this is the obvious place to get the
+ * realm of the ticket file, but it can't be done here as the
+ * routine to do this must open the ticket file. This is why
+ * it was done before tf_init.
+ */
+
+ if (!tgt_test && long_form)
+ printf("Principal:\t%s\n\n", krb_unparse_name(&pr));
+ while ((k_errno = tf_get_cred(&c)) == KSUCCESS) {
+ if (!tgt_test && long_form && header) {
+ printf("%-15s %-15s %s%s\n",
+ " Issued", " Expires", " Principal",
+ option_verbose ? " (kvno)" : "");
+ header = 0;
+ }
+ if (tgt_test) {
+ c.issue_date = krb_life_to_time(c.issue_date, c.lifetime);
+ if (!strcmp(c.service, KRB_TICKET_GRANTING_TICKET) &&
+ !strcmp(c.instance, pr.realm)) {
+ if (time(0) < c.issue_date)
+ exit(0); /* tgt hasn't expired */
+ else
+ exit(1); /* has expired */
+ }
+ continue; /* not a tgt */
+ }
+ if (long_form) {
+ strcpy(buf1, short_date(c.issue_date));
+ c.issue_date = krb_life_to_time(c.issue_date, c.lifetime);
+ if (time(0) < (unsigned long) c.issue_date)
+ strcpy(buf2, short_date(c.issue_date));
+ else
+ strcpy(buf2, ">>> Expired <<<");
+ printf("%s %s ", buf1, buf2);
+ }
+ printf("%s", krb_unparse_name_long(c.service, c.instance, c.realm));
+ if(long_form && option_verbose)
+ printf(" (%d)", c.kvno);
+ printf("\n");
+ }
+ if (tgt_test)
+ exit(1); /* no tgt found */
+ if (header && long_form && k_errno == EOF) {
+ printf("No tickets in file.\n");
+ }
+}
+
+/* adapted from getst() in librkb */
+/*
+ * ok_getst() takes a file descriptor, a string and a count. It reads
+ * from the file until either it has read "count" characters, or until
+ * it reads a null byte. When finished, what has been read exists in
+ * the given string "s". If "count" characters were actually read, the
+ * last is changed to a null, so the returned string is always null-
+ * terminated. ok_getst() returns the number of characters read, including
+ * the null terminator.
+ *
+ * If there is a read error, it returns -1 (like the read(2) system call)
+ */
+
+static int
+ok_getst(int fd, char *s, int n)
+{
+ int count = n;
+ int err;
+ while ((err = read(fd, s, 1)) > 0 && --count)
+ if (*s++ == '\0')
+ return (n - count);
+ if (err < 0)
+ return(-1);
+ *s = '\0';
+ return (n - count);
+}
+
+static void
+display_tokens()
+{
+ u_int32_t i;
+ unsigned char t[128];
+ struct ViceIoctl parms;
+ struct ClearToken ct;
+ int size_secret_tok, size_public_tok;
+
+ parms.in = (void *)&i;
+ parms.in_size = sizeof(i);
+ parms.out = (void *)t;
+ parms.out_size = sizeof(t);
+
+ for (i = 0; k_pioctl(NULL, VIOCGETTOK, &parms, 0) == 0; i++) {
+ char *cell;
+ memcpy(&size_secret_tok, t, 4);
+ memcpy(&size_public_tok, t + 4 + size_secret_tok, 4);
+ memcpy(&ct, t + 4 + size_secret_tok + 4, size_public_tok);
+ cell = t + 4 + size_secret_tok + 4 + size_public_tok + 4;
+
+ printf("%-15s ", short_date(ct.BeginTimestamp));
+ printf("%-15s ", short_date(ct.EndTimestamp));
+ if ((ct.EndTimestamp - ct.BeginTimestamp) & 1)
+ printf("User's (AFS ID %d) tokens for %s", ct.ViceId, cell);
+ else
+ printf("Tokens for %s", cell);
+ if (option_verbose)
+ printf(" (%d)", ct.AuthHandle);
+ putchar('\n');
+ }
+}
+
+static void
+display_srvtab(char *file)
+{
+ int stab;
+ char serv[SNAME_SZ];
+ char inst[INST_SZ];
+ char rlm[REALM_SZ];
+ unsigned char key[8];
+ unsigned char vno;
+ int count;
+
+ printf("Server key file: %s\n", file);
+
+ if ((stab = open(file, O_RDONLY, 0400)) < 0) {
+ perror(file);
+ exit(1);
+ }
+ printf("%-15s %-15s %-10s %s\n","Service","Instance","Realm",
+ "Key Version");
+ printf("------------------------------------------------------\n");
+
+ /* argh. getst doesn't return error codes, it silently fails */
+ while (((count = ok_getst(stab, serv, SNAME_SZ)) > 0)
+ && ((count = ok_getst(stab, inst, INST_SZ)) > 0)
+ && ((count = ok_getst(stab, rlm, REALM_SZ)) > 0)) {
+ if (((count = read(stab, &vno,1)) != 1) ||
+ ((count = read(stab, key,8)) != 8)) {
+ if (count < 0)
+ err(1, "reading from key file");
+ else
+ errx(1, "key file truncated");
+ }
+ printf("%-15s %-15s %-15s %d\n",serv,inst,rlm,vno);
+ }
+ if (count < 0)
+ warn(file);
+ close(stab);
+}
+
+static void
+usage(void)
+{
+ fprintf(stderr,
+ "Usage: %s [ -v | -s | -t ] [ -f filename ] [-tokens] [-srvtab ]\n",
+ __progname);
+ exit(1);
+}
+
+/* ARGSUSED */
+int
+main(int argc, char **argv)
+{
+ int long_form = 1;
+ int tgt_test = 0;
+ int do_srvtab = 0;
+ int do_tokens = 0;
+ char *tkt_file = NULL;
+
+ set_progname(argv[0]);
+
+ while (*(++argv)) {
+ if (!strcmp(*argv, "-v")) {
+ option_verbose = 1;
+ continue;
+ }
+ if (!strcmp(*argv, "-s")) {
+ long_form = 0;
+ continue;
+ }
+ if (!strcmp(*argv, "-t")) {
+ tgt_test = 1;
+ long_form = 0;
+ continue;
+ }
+ if (strcmp(*argv, "-tokens") == 0
+ || strcmp(*argv, "-T") == 0) {
+ do_tokens = k_hasafs();
+ continue;
+ }
+ if (!strcmp(*argv, "-l")) { /* now default */
+ continue;
+ }
+ if (!strncmp(*argv, "-f", 2)) {
+ if (*(++argv)) {
+ tkt_file = *argv;
+ continue;
+ } else
+ usage();
+ }
+ if (!strcmp(*argv, "-srvtab")) {
+ if (tkt_file == NULL) /* if no other file spec'ed,
+ set file to default srvtab */
+ tkt_file = KEYFILE;
+ do_srvtab = 1;
+ continue;
+ }
+ usage();
+ }
+
+ if (do_srvtab)
+ display_srvtab(tkt_file);
+ else
+ display_tktfile(tkt_file, tgt_test, long_form);
+ if (long_form && do_tokens)
+ display_tokens();
+ exit(0);
+}
diff --git a/crypto/kerberosIV/kuser/kuser_locl.h b/crypto/kerberosIV/kuser/kuser_locl.h
new file mode 100644
index 0000000..514a0ac
--- /dev/null
+++ b/crypto/kerberosIV/kuser/kuser_locl.h
@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: kuser_locl.h,v 1.10 1997/05/20 18:40:43 bg Exp $ */
+
+#include "config.h"
+#include "protos.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#include <time.h>
+#ifdef HAVE_SYS_FILE_H
+#include <sys/file.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+#include <roken.h>
+
+#include <err.h>
+
+#include <krb.h>
+#include <krb_db.h>
+#include <kadm.h>
+#include <prot.h>
diff --git a/crypto/kerberosIV/lib/Makefile.in b/crypto/kerberosIV/lib/Makefile.in
new file mode 100644
index 0000000..b2e662c
--- /dev/null
+++ b/crypto/kerberosIV/lib/Makefile.in
@@ -0,0 +1,46 @@
+#
+# $Id: Makefile.in,v 1.21 1997/05/20 18:58:40 bg Exp $
+#
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+SHELL = /bin/sh
+
+@SET_MAKE@
+
+SUBDIRS = des krb kdb kadm acl kafs roken otp auth sl editline
+
+all:
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) all); done
+
+Wall:
+ make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+install:
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) install); done
+
+uninstall:
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done
+
+check: all
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) check); done
+
+clean:
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) clean); done
+
+mostlyclean: clean
+
+distclean:
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) distclean); done
+ rm -f Makefile config.status *~
+
+realclean:
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) realclean); done
diff --git a/crypto/kerberosIV/lib/acl/Makefile.in b/crypto/kerberosIV/lib/acl/Makefile.in
new file mode 100644
index 0000000..59894e4
--- /dev/null
+++ b/crypto/kerberosIV/lib/acl/Makefile.in
@@ -0,0 +1,84 @@
+#
+# $Id: Makefile.in,v 1.21 1997/05/06 03:46:37 assar Exp $
+#
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+CC = @CC@
+AR = ar
+RANLIB = @RANLIB@
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@
+
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+
+PICFLAGS = # @PICFLAGS@
+
+LIBNAME = $(LIBPREFIX)acl
+#LIBEXT = @LIBEXT@ Always build archive library!
+LIBEXT = a
+LIBPREFIX = @LIBPREFIX@
+SHLIBEXT = @SHLIBEXT@
+LDSHARED = @LDSHARED@
+LIB = $(LIBNAME).$(LIBEXT)
+
+SOURCES = acl_files.c
+
+OBJECTS = acl_files.o
+
+all: $(LIB)
+
+Wall:
+ make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+ $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $<
+
+install: all
+ $(MKINSTALLDIRS) $(libdir)
+ $(INSTALL_DATA) -m 0555 $(LIB) $(libdir)
+
+uninstall:
+ rm -f $(libdir)/$(LIB)
+
+TAGS: $(SOURCES)
+ etags $(SOURCES)
+
+check:
+
+clean:
+ rm -f $(LIB) *.o *.a
+
+mostlyclean: clean
+
+distclean: clean
+ rm -f Makefile *.tab.c *~
+
+realclean: distclean
+ rm -f TAGS
+
+dist: $(DISTFILES)
+ for file in $(DISTFILES); do \
+ ln $$file ../`cat ../.fname`/lib \
+ || cp -p $$file ../`cat ../.fname`/lib; \
+ done
+
+$(LIBNAME).a: $(OBJECTS)
+ rm -f $@
+ $(AR) cr $@ $(OBJECTS)
+ -$(RANLIB) $@
+
+$(LIBNAME).$(SHLIBEXT): $(OBJECTS)
+ rm -f $@
+ $(LDSHARED) -o $@ $(OBJECTS)
+
+$(OBJECTS): ../../include/config.h
diff --git a/crypto/kerberosIV/lib/acl/acl.h b/crypto/kerberosIV/lib/acl/acl.h
new file mode 100644
index 0000000..305b66c
--- /dev/null
+++ b/crypto/kerberosIV/lib/acl/acl.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: acl.h,v 1.5 1997/04/01 08:17:52 joda Exp $ */
+
+#ifndef __ACL_H
+#define __ACL_H
+
+#include <sys/cdefs.h>
+
+void acl_canonicalize_principal __P((char *principal, char *canon));
+int acl_initialize __P((char *acl_file, int perm));
+int acl_exact_match __P((char *acl, char *principal));
+int acl_check __P((char *acl, char *principal));
+int acl_add __P((char *acl, char *principal));
+int acl_delete __P((char *acl, char *principal));
+
+#endif /* __ACL_H */
diff --git a/crypto/kerberosIV/lib/acl/acl_files.c b/crypto/kerberosIV/lib/acl/acl_files.c
new file mode 100644
index 0000000..fc00b80
--- /dev/null
+++ b/crypto/kerberosIV/lib/acl/acl_files.c
@@ -0,0 +1,540 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+#include "config.h"
+#include "protos.h"
+
+RCSID("$Id: acl_files.c,v 1.10 1997/05/02 14:28:56 assar Exp $");
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#include <time.h>
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_SYS_FILE_H
+#include <sys/file.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
+#include <errno.h>
+#include <ctype.h>
+
+#include <roken.h>
+
+#include <krb.h>
+#include <acl.h>
+
+/*** Routines for manipulating access control list files ***/
+
+/* "aname.inst@realm" */
+#define MAX_PRINCIPAL_SIZE (ANAME_SZ + INST_SZ + REALM_SZ + 3)
+#define INST_SEP '.'
+#define REALM_SEP '@'
+
+#define LINESIZE 2048 /* Maximum line length in an acl file */
+
+#define NEW_FILE "%s.~NEWACL~" /* Format for name of altered acl file */
+#define WAIT_TIME 300 /* Maximum time allowed write acl file */
+
+#define CACHED_ACLS 8 /* How many acls to cache */
+ /* Each acl costs 1 open file descriptor */
+#define ACL_LEN 16 /* Twice a reasonable acl length */
+
+#define COR(a,b) ((a!=NULL)?(a):(b))
+
+/* Canonicalize a principal name */
+/* If instance is missing, it becomes "" */
+/* If realm is missing, it becomes the local realm */
+/* Canonicalized form is put in canon, which must be big enough to hold
+ MAX_PRINCIPAL_SIZE characters */
+void
+acl_canonicalize_principal(char *principal, char *canon)
+{
+ char *dot, *atsign, *end;
+ int len;
+
+ dot = strchr(principal, INST_SEP);
+ atsign = strchr(principal, REALM_SEP);
+
+ /* Maybe we're done already */
+ if(dot != NULL && atsign != NULL) {
+ if(dot < atsign) {
+ /* It's for real */
+ /* Copy into canon */
+ strncpy(canon, principal, MAX_PRINCIPAL_SIZE);
+ canon[MAX_PRINCIPAL_SIZE-1] = '\0';
+ return;
+ } else {
+ /* Nope, it's part of the realm */
+ dot = NULL;
+ }
+ }
+
+ /* No such luck */
+ end = principal + strlen(principal);
+
+ /* Get the principal name */
+ len = min(ANAME_SZ, COR(dot, COR(atsign, end)) - principal);
+ strncpy(canon, principal, len);
+ canon += len;
+
+ /* Add INST_SEP */
+ *canon++ = INST_SEP;
+
+ /* Get the instance, if it exists */
+ if(dot != NULL) {
+ ++dot;
+ len = min(INST_SZ, COR(atsign, end) - dot);
+ strncpy(canon, dot, len);
+ canon += len;
+ }
+
+ /* Add REALM_SEP */
+ *canon++ = REALM_SEP;
+
+ /* Get the realm, if it exists */
+ /* Otherwise, default to local realm */
+ if(atsign != NULL) {
+ ++atsign;
+ len = min(REALM_SZ, end - atsign);
+ strncpy(canon, atsign, len);
+ canon += len;
+ *canon++ = '\0';
+ } else if(krb_get_lrealm(canon, 1) != KSUCCESS) {
+ strcpy(canon, KRB_REALM);
+ }
+}
+
+/* Get a lock to modify acl_file */
+/* Return new FILE pointer */
+/* or NULL if file cannot be modified */
+/* REQUIRES WRITE PERMISSION TO CONTAINING DIRECTORY */
+static
+FILE *acl_lock_file(char *acl_file)
+{
+ struct stat s;
+ char new[LINESIZE];
+ int nfd;
+ FILE *nf;
+ int mode;
+
+ if(stat(acl_file, &s) < 0) return(NULL);
+ mode = s.st_mode;
+ snprintf(new, sizeof(new), NEW_FILE, acl_file);
+ for(;;) {
+ /* Open the new file */
+ if((nfd = open(new, O_WRONLY|O_CREAT|O_EXCL, mode)) < 0) {
+ if(errno == EEXIST) {
+ /* Maybe somebody got here already, maybe it's just old */
+ if(stat(new, &s) < 0) return(NULL);
+ if(time(0) - s.st_ctime > WAIT_TIME) {
+ /* File is stale, kill it */
+ unlink(new);
+ continue;
+ } else {
+ /* Wait and try again */
+ sleep(1);
+ continue;
+ }
+ } else {
+ /* Some other error, we lose */
+ return(NULL);
+ }
+ }
+
+ /* If we got to here, the lock file is ours and ok */
+ /* Reopen it under stdio */
+ if((nf = fdopen(nfd, "w")) == NULL) {
+ /* Oops, clean up */
+ unlink(new);
+ }
+ return(nf);
+ }
+}
+
+/* Abort changes to acl_file written onto FILE *f */
+/* Returns 0 if successful, < 0 otherwise */
+/* Closes f */
+static int
+acl_abort(char *acl_file, FILE *f)
+{
+ char new[LINESIZE];
+ int ret;
+ struct stat s;
+
+ /* make sure we aren't nuking someone else's file */
+ if(fstat(fileno(f), &s) < 0
+ || s.st_nlink == 0) {
+ fclose(f);
+ return(-1);
+ } else {
+ snprintf(new, sizeof(new), NEW_FILE, acl_file);
+ ret = unlink(new);
+ fclose(f);
+ return(ret);
+ }
+}
+
+/* Commit changes to acl_file written onto FILE *f */
+/* Returns zero if successful */
+/* Returns > 0 if lock was broken */
+/* Returns < 0 if some other error occurs */
+/* Closes f */
+static int
+acl_commit(char *acl_file, FILE *f)
+{
+ char new[LINESIZE];
+ int ret;
+ struct stat s;
+
+ snprintf(new, sizeof(new), NEW_FILE, acl_file);
+ if(fflush(f) < 0
+ || fstat(fileno(f), &s) < 0
+ || s.st_nlink == 0) {
+ acl_abort(acl_file, f);
+ return(-1);
+ }
+
+ ret = rename(new, acl_file);
+ fclose(f);
+ return(ret);
+}
+
+/* Initialize an acl_file */
+/* Creates the file with permissions perm if it does not exist */
+/* Erases it if it does */
+/* Returns return value of acl_commit */
+int
+acl_initialize(char *acl_file, int perm)
+{
+ FILE *new;
+ int fd;
+
+ /* Check if the file exists already */
+ if((new = acl_lock_file(acl_file)) != NULL) {
+ return(acl_commit(acl_file, new));
+ } else {
+ /* File must be readable and writable by owner */
+ if((fd = open(acl_file, O_CREAT|O_EXCL, perm|0600)) < 0) {
+ return(-1);
+ } else {
+ close(fd);
+ return(0);
+ }
+ }
+}
+
+/* Eliminate all whitespace character in buf */
+/* Modifies its argument */
+static void
+ nuke_whitespace(char *buf)
+{
+ char *pin, *pout;
+
+ for(pin = pout = buf; *pin != '\0'; pin++)
+ if(!isspace(*pin)) *pout++ = *pin;
+ *pout = '\0'; /* Terminate the string */
+}
+
+/* Hash table stuff */
+
+struct hashtbl {
+ int size; /* Max number of entries */
+ int entries; /* Actual number of entries */
+ char **tbl; /* Pointer to start of table */
+};
+
+/* Make an empty hash table of size s */
+static struct hashtbl *
+make_hash(int size)
+{
+ struct hashtbl *h;
+
+ if(size < 1) size = 1;
+ h = (struct hashtbl *) malloc(sizeof(struct hashtbl));
+ h->size = size;
+ h->entries = 0;
+ h->tbl = (char **) calloc(size, sizeof(char *));
+ return(h);
+}
+
+/* Destroy a hash table */
+static void
+destroy_hash(struct hashtbl *h)
+{
+ int i;
+
+ for(i = 0; i < h->size; i++) {
+ if(h->tbl[i] != NULL) free(h->tbl[i]);
+ }
+ free(h->tbl);
+ free(h);
+}
+
+/* Compute hash value for a string */
+static unsigned int
+hashval(char *s)
+{
+ unsigned hv;
+
+ for(hv = 0; *s != '\0'; s++) {
+ hv ^= ((hv << 3) ^ *s);
+ }
+ return(hv);
+}
+
+/* Add an element to a hash table */
+static void
+add_hash(struct hashtbl *h, char *el)
+{
+ unsigned hv;
+ char *s;
+ char **old;
+ int i;
+
+ /* Make space if it isn't there already */
+ if(h->entries + 1 > (h->size >> 1)) {
+ old = h->tbl;
+ h->tbl = (char **) calloc(h->size << 1, sizeof(char *));
+ for(i = 0; i < h->size; i++) {
+ if(old[i] != NULL) {
+ hv = hashval(old[i]) % (h->size << 1);
+ while(h->tbl[hv] != NULL) hv = (hv+1) % (h->size << 1);
+ h->tbl[hv] = old[i];
+ }
+ }
+ h->size = h->size << 1;
+ free(old);
+ }
+
+ hv = hashval(el) % h->size;
+ while(h->tbl[hv] != NULL && strcmp(h->tbl[hv], el)) hv = (hv+1) % h->size;
+ s = strdup(el);
+ h->tbl[hv] = s;
+ h->entries++;
+}
+
+/* Returns nonzero if el is in h */
+static int
+check_hash(struct hashtbl *h, char *el)
+{
+ unsigned hv;
+
+ for(hv = hashval(el) % h->size;
+ h->tbl[hv] != NULL;
+ hv = (hv + 1) % h->size) {
+ if(!strcmp(h->tbl[hv], el)) return(1);
+ }
+ return(0);
+}
+
+struct acl {
+ char filename[LINESIZE]; /* Name of acl file */
+ int fd; /* File descriptor for acl file */
+ struct stat status; /* File status at last read */
+ struct hashtbl *acl; /* Acl entries */
+};
+
+static struct acl acl_cache[CACHED_ACLS];
+
+static int acl_cache_count = 0;
+static int acl_cache_next = 0;
+
+/* Returns < 0 if unsuccessful in loading acl */
+/* Returns index into acl_cache otherwise */
+/* Note that if acl is already loaded, this is just a lookup */
+static int
+acl_load(char *name)
+{
+ int i;
+ FILE *f;
+ struct stat s;
+ char buf[MAX_PRINCIPAL_SIZE];
+ char canon[MAX_PRINCIPAL_SIZE];
+
+ /* See if it's there already */
+ for(i = 0; i < acl_cache_count; i++) {
+ if(!strcmp(acl_cache[i].filename, name)
+ && acl_cache[i].fd >= 0) goto got_it;
+ }
+
+ /* It isn't, load it in */
+ /* maybe there's still room */
+ if(acl_cache_count < CACHED_ACLS) {
+ i = acl_cache_count++;
+ } else {
+ /* No room, clean one out */
+ i = acl_cache_next;
+ acl_cache_next = (acl_cache_next + 1) % CACHED_ACLS;
+ close(acl_cache[i].fd);
+ if(acl_cache[i].acl) {
+ destroy_hash(acl_cache[i].acl);
+ acl_cache[i].acl = (struct hashtbl *) 0;
+ }
+ }
+
+ /* Set up the acl */
+ strcpy(acl_cache[i].filename, name);
+ if((acl_cache[i].fd = open(name, O_RDONLY, 0)) < 0) return(-1);
+ /* Force reload */
+ acl_cache[i].acl = (struct hashtbl *) 0;
+
+ got_it:
+ /*
+ * See if the stat matches
+ *
+ * Use stat(), not fstat(), as the file may have been re-created by
+ * acl_add or acl_delete. If this happens, the old inode will have
+ * no changes in the mod-time and the following test will fail.
+ */
+ if(stat(acl_cache[i].filename, &s) < 0) return(-1);
+ if(acl_cache[i].acl == (struct hashtbl *) 0
+ || s.st_nlink != acl_cache[i].status.st_nlink
+ || s.st_mtime != acl_cache[i].status.st_mtime
+ || s.st_ctime != acl_cache[i].status.st_ctime) {
+ /* Gotta reload */
+ if(acl_cache[i].fd >= 0) close(acl_cache[i].fd);
+ if((acl_cache[i].fd = open(name, O_RDONLY, 0)) < 0) return(-1);
+ if((f = fdopen(acl_cache[i].fd, "r")) == NULL) return(-1);
+ if(acl_cache[i].acl) destroy_hash(acl_cache[i].acl);
+ acl_cache[i].acl = make_hash(ACL_LEN);
+ while(fgets(buf, sizeof(buf), f) != NULL) {
+ nuke_whitespace(buf);
+ acl_canonicalize_principal(buf, canon);
+ add_hash(acl_cache[i].acl, canon);
+ }
+ fclose(f);
+ acl_cache[i].status = s;
+ }
+ return(i);
+}
+
+/* Returns nonzero if it can be determined that acl contains principal */
+/* Principal is not canonicalized, and no wildcarding is done */
+int
+acl_exact_match(char *acl, char *principal)
+{
+ int idx;
+
+ return((idx = acl_load(acl)) >= 0
+ && check_hash(acl_cache[idx].acl, principal));
+}
+
+/* Returns nonzero if it can be determined that acl contains principal */
+/* Recognizes wildcards in acl of the form
+ name.*@realm, *.*@realm, and *.*@* */
+int
+acl_check(char *acl, char *principal)
+{
+ char buf[MAX_PRINCIPAL_SIZE];
+ char canon[MAX_PRINCIPAL_SIZE];
+ char *realm;
+
+ acl_canonicalize_principal(principal, canon);
+
+ /* Is it there? */
+ if(acl_exact_match(acl, canon)) return(1);
+
+ /* Try the wildcards */
+ realm = strchr(canon, REALM_SEP);
+ *strchr(canon, INST_SEP) = '\0'; /* Chuck the instance */
+
+ snprintf(buf, sizeof(buf), "%s.*%s", canon, realm);
+ if(acl_exact_match(acl, buf)) return(1);
+
+ snprintf(buf, sizeof(buf), "*.*%s", realm);
+ if(acl_exact_match(acl, buf) || acl_exact_match(acl, "*.*@*")) return(1);
+
+ return(0);
+}
+
+/* Adds principal to acl */
+/* Wildcards are interpreted literally */
+int
+acl_add(char *acl, char *principal)
+{
+ int idx;
+ int i;
+ FILE *new;
+ char canon[MAX_PRINCIPAL_SIZE];
+
+ acl_canonicalize_principal(principal, canon);
+
+ if((new = acl_lock_file(acl)) == NULL) return(-1);
+ if((acl_exact_match(acl, canon))
+ || (idx = acl_load(acl)) < 0) {
+ acl_abort(acl, new);
+ return(-1);
+ }
+ /* It isn't there yet, copy the file and put it in */
+ for(i = 0; i < acl_cache[idx].acl->size; i++) {
+ if(acl_cache[idx].acl->tbl[i] != NULL) {
+ if(fputs(acl_cache[idx].acl->tbl[i], new) == EOF
+ || putc('\n', new) != '\n') {
+ acl_abort(acl, new);
+ return(-1);
+ }
+ }
+ }
+ fputs(canon, new);
+ putc('\n', new);
+ return(acl_commit(acl, new));
+}
+
+/* Removes principal from acl */
+/* Wildcards are interpreted literally */
+int
+acl_delete(char *acl, char *principal)
+{
+ int idx;
+ int i;
+ FILE *new;
+ char canon[MAX_PRINCIPAL_SIZE];
+
+ acl_canonicalize_principal(principal, canon);
+
+ if((new = acl_lock_file(acl)) == NULL) return(-1);
+ if((!acl_exact_match(acl, canon))
+ || (idx = acl_load(acl)) < 0) {
+ acl_abort(acl, new);
+ return(-1);
+ }
+ /* It isn't there yet, copy the file and put it in */
+ for(i = 0; i < acl_cache[idx].acl->size; i++) {
+ if(acl_cache[idx].acl->tbl[i] != NULL
+ && strcmp(acl_cache[idx].acl->tbl[i], canon)) {
+ fputs(acl_cache[idx].acl->tbl[i], new);
+ putc('\n', new);
+ }
+ }
+ return(acl_commit(acl, new));
+}
diff --git a/crypto/kerberosIV/lib/acl/acl_files.doc b/crypto/kerberosIV/lib/acl/acl_files.doc
new file mode 100644
index 0000000..78c448a
--- /dev/null
+++ b/crypto/kerberosIV/lib/acl/acl_files.doc
@@ -0,0 +1,107 @@
+PROTOTYPE ACL LIBRARY
+
+Introduction
+
+An access control list (ACL) is a list of principals, where each
+principal is is represented by a text string which cannot contain
+whitespace. The library allows application programs to refer to named
+access control lists to test membership and to atomically add and
+delete principals using a natural and intuitive interface. At
+present, the names of access control lists are required to be Unix
+filenames, and refer to human-readable Unix files; in the future, when
+a networked ACL server is implemented, the names may refer to a
+different namespace specific to the ACL service.
+
+
+Usage
+
+cc <files> -lacl -lkrb.
+
+
+
+Principal Names
+
+Principal names have the form
+
+<name>[.<instance>][@<realm>]
+
+e.g.
+
+asp
+asp.root
+asp@ATHENA.MIT.EDU
+asp.@ATHENA.MIT.EDU
+asp.root@ATHENA.MIT.EDU
+
+It is possible for principals to be underspecified. If instance is
+missing, it is assumed to be "". If realm is missing, it is assumed
+to be local_realm. The canonical form contains all of name, instance,
+and realm; the acl_add and acl_delete routines will always
+leave the file in that form. Note that the canonical form of
+asp@ATHENA.MIT.EDU is actually asp.@ATHENA.MIT.EDU.
+
+
+Routines
+
+acl_canonicalize_principal(principal, buf)
+char *principal;
+char *buf; /*RETVAL*/
+
+Store the canonical form of principal in buf. Buf must contain enough
+space to store a principal, given the limits on the sizes of name,
+instance, and realm specified in /usr/include/krb.h.
+
+acl_check(acl, principal)
+char *acl;
+char *principal;
+
+Returns nonzero if principal appears in acl. Returns 0 if principal
+does not appear in acl, or if an error occurs. Canonicalizes
+principal before checking, and allows the ACL to contain wildcards.
+
+acl_exact_match(acl, principal)
+char *acl;
+char *principal;
+
+Like acl_check, but does no canonicalization or wildcarding.
+
+acl_add(acl, principal)
+char *acl;
+char *principal;
+
+Atomically adds principal to acl. Returns 0 if successful, nonzero
+otherwise. It is considered a failure if principal is already in acl.
+This routine will canonicalize principal, but will treat wildcards
+literally.
+
+acl_delete(acl, principal)
+char *acl;
+char *principal;
+
+Atomically deletes principal from acl. Returns 0 if successful,
+nonzero otherwise. It is consider a failure if principal is not
+already in acl. This routine will canonicalize principal, but will
+treat wildcards literally.
+
+acl_initialize(acl, mode)
+char *acl;
+int mode;
+
+Initialize acl. If acl file does not exist, creates it with mode
+mode. If acl exists, removes all members. Returns 0 if successful,
+nonzero otherwise. WARNING: Mode argument is likely to change with
+the eventual introduction of an ACL service.
+
+
+Known problems
+
+In the presence of concurrency, there is a very small chance that
+acl_add or acl_delete could report success even though it would have
+had no effect. This is a necessary side effect of using lock files
+for concurrency control rather than flock(2), which is not supported
+by NFS.
+
+The current implementation caches ACLs in memory in a hash-table
+format for increased efficiency in checking membership; one effect of
+the caching scheme is that one file descriptor will be kept open for
+each ACL cached, up to a maximum of 8.
diff --git a/crypto/kerberosIV/lib/kadm/Makefile.in b/crypto/kerberosIV/lib/kadm/Makefile.in
new file mode 100644
index 0000000..1dafd4f
--- /dev/null
+++ b/crypto/kerberosIV/lib/kadm/Makefile.in
@@ -0,0 +1,92 @@
+#
+# $Id: Makefile.in,v 1.30 1997/05/06 03:47:28 assar Exp $
+#
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+CC = @CC@
+AR = ar
+RANLIB = @RANLIB@
+LN_S = @LN_S@
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@
+
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+COMPILE_ET = ../../util/et/compile_et$(EXECSUFFIX) -language ansi-c
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+
+PICFLAGS = @PICFLAGS@
+
+LIBNAME = $(LIBPREFIX)kadm
+LIBEXT = @LIBEXT@
+LIBPREFIX = @LIBPREFIX@
+EXECSUFFIX = @EXECSUFFIX@
+SHLIBEXT = @SHLIBEXT@
+LDSHARED = @LDSHARED@
+LIB = $(LIBNAME).$(LIBEXT)
+
+SOURCES = kadm_cli_wrap.c kadm_err.c kadm_stream.c kadm_supp.c
+
+OBJECTS = kadm_cli_wrap.o kadm_err.o kadm_stream.o kadm_supp.o
+
+all: $(LIB)
+
+Wall:
+ make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+ $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $<
+
+install: all
+ $(MKINSTALLDIRS) $(libdir)
+ $(INSTALL_DATA) -m 0555 $(LIB) $(libdir)
+
+uninstall:
+ rm -f $(libdir)/$(LIB)
+
+TAGS: $(SOURCES)
+ etags $(SOURCES)
+
+check:
+
+clean:
+ rm -f $(LIB) *.o *.a kadm_err.c kadm_err.h
+
+mostlyclean: clean
+
+distclean: clean
+ rm -f Makefile *.tab.c *~
+
+realclean: distclean
+ rm -f TAGS
+
+dist: $(DISTFILES)
+ for file in $(DISTFILES); do \
+ ln $$file ../`cat ../.fname`/lib \
+ || cp -p $$file ../`cat ../.fname`/lib; \
+ done
+
+$(LIBNAME).a: $(OBJECTS)
+ rm -f $@
+ $(AR) cr $@ $(OBJECTS)
+ -$(RANLIB) $@
+
+$(LIBNAME).$(SHLIBEXT): $(OBJECTS)
+ rm -f $@
+ $(LDSHARED) -o $@ $(OBJECTS)
+
+kadm_err.c kadm_err.h: kadm_err.et
+ test -r kadm_err.et || (rm -f kadm_err.et && $(LN_S) $(srcdir)/kadm_err.et .)
+ $(COMPILE_ET) kadm_err.et
+
+$(OBJECTS): ../../include/config.h
+$(OBJECTS): kadm_err.h kadm_locl.h
diff --git a/crypto/kerberosIV/lib/kadm/kadm.h b/crypto/kerberosIV/lib/kadm/kadm.h
new file mode 100644
index 0000000..d18f592
--- /dev/null
+++ b/crypto/kerberosIV/lib/kadm/kadm.h
@@ -0,0 +1,143 @@
+/*
+ * $Id: kadm.h,v 1.12 1996/11/17 20:04:39 assar Exp $
+ *
+ * Copyright 1988 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * Definitions for Kerberos administration server & client
+ */
+
+#ifndef KADM_DEFS
+#define KADM_DEFS
+
+/*
+ * kadm.h
+ * Header file for the fourth attempt at an admin server
+ * Doug Church, December 28, 1989, MIT Project Athena
+ */
+
+#include <krb_db.h>
+
+/* The global structures for the client and server */
+typedef struct {
+ struct sockaddr_in admin_addr;
+ struct sockaddr_in my_addr;
+ int my_addr_len;
+ int admin_fd; /* file descriptor for link to admin server */
+ char sname[ANAME_SZ]; /* the service name */
+ char sinst[INST_SZ]; /* the services instance */
+ char krbrlm[REALM_SZ];
+} Kadm_Client;
+
+typedef struct { /* status of the server, i.e the parameters */
+ int inter; /* Space for command line flags */
+ char *sysfile; /* filename of server */
+} admin_params; /* Well... it's the admin's parameters */
+
+/* Largest password length to be supported */
+#define MAX_KPW_LEN 128
+/* Minimum allowed password length */
+#define MIN_KPW_LEN 6
+
+/* Largest packet the admin server will ever allow itself to return */
+#define KADM_RET_MAX 2048
+
+/* That's right, versions are 8 byte strings */
+#define KADM_VERSTR "KADM0.0A"
+#define KADM_ULOSE "KYOULOSE" /* sent back when server can't
+ decrypt client's msg */
+#define KADM_VERSIZE strlen(KADM_VERSTR)
+
+/* the lookups for the server instances */
+#define PWSERV_NAME "changepw"
+#define KADM_SNAME "kerberos_master"
+#define KADM_PORT 751
+#define KADM_SINST "kerberos"
+
+/* Attributes fields constants and macros */
+#define ALLOC 2
+#define RESERVED 3
+#define DEALLOC 4
+#define DEACTIVATED 5
+#define ACTIVE 6
+
+/* Kadm_vals structure for passing db fields into the server routines */
+#define FLDSZ 4
+
+typedef struct {
+ u_int8_t fields[FLDSZ]; /* The active fields in this struct */
+ char name[ANAME_SZ];
+ char instance[INST_SZ];
+ u_int32_t key_low;
+ u_int32_t key_high;
+ u_int32_t exp_date;
+ u_int16_t attributes;
+ u_int8_t max_life;
+} Kadm_vals; /* The basic values structure in Kadm */
+
+/* Kadm_vals structure for passing db fields into the server routines */
+#define FLDSZ 4
+
+/* Need to define fields types here */
+#define KADM_NAME 31
+#define KADM_INST 30
+#define KADM_EXPDATE 29
+#define KADM_ATTR 28
+#define KADM_MAXLIFE 27
+#define KADM_DESKEY 26
+
+/* To set a field entry f in a fields structure d */
+#define SET_FIELD(f,d) (d[3-(f/8)]|=(1<<(f%8)))
+
+/* To set a field entry f in a fields structure d */
+#define CLEAR_FIELD(f,d) (d[3-(f/8)]&=(~(1<<(f%8))))
+
+/* Is field f in fields structure d */
+#define IS_FIELD(f,d) (d[3-(f/8)]&(1<<(f%8)))
+
+/* Various return codes */
+#define KADM_SUCCESS 0
+
+#define WILDCARD_STR "*"
+
+enum acl_types {
+ADDACL,
+GETACL,
+MODACL,
+STABACL, /* not used */
+DELACL
+};
+
+/* Various opcodes for the admin server's functions */
+#define CHANGE_PW 2
+#define ADD_ENT 3
+#define MOD_ENT 4
+#define GET_ENT 5
+#define CHECK_PW 6 /* not used */
+#define CHG_STAB 7 /* not used */
+#define DEL_ENT 8
+
+void prin_vals __P((Kadm_vals *));
+int stv_long __P((u_char *, u_int32_t *, int, int));
+int vts_long __P((u_int32_t, u_char **, int));
+int vts_string __P((char *, u_char **, int));
+int stv_string __P((u_char *, char *, int, int, int));
+
+int stream_to_vals __P((u_char *, Kadm_vals *, int));
+int vals_to_stream __P((Kadm_vals *, u_char **));
+
+int kadm_init_link __P((char *, char *, char *));
+int kadm_change_pw __P((unsigned char *));
+int kadm_change_pw_plain __P((unsigned char *, char *, char**));
+int kadm_mod __P((Kadm_vals *, Kadm_vals *));
+int kadm_get __P((Kadm_vals *, u_char *));
+int kadm_add __P((Kadm_vals *));
+int kadm_del __P((Kadm_vals *));
+void kadm_vals_to_prin __P((u_char *, Principal *, Kadm_vals *));
+void kadm_prin_to_vals __P((u_char *, Kadm_vals *, Principal *));
+
+
+
+#endif /* KADM_DEFS */
diff --git a/crypto/kerberosIV/lib/kadm/kadm_cli_wrap.c b/crypto/kerberosIV/lib/kadm/kadm_cli_wrap.c
new file mode 100644
index 0000000..1e5c4f3
--- /dev/null
+++ b/crypto/kerberosIV/lib/kadm/kadm_cli_wrap.c
@@ -0,0 +1,545 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+/*
+ * Kerberos administration server client-side routines
+ */
+
+/*
+ * kadm_cli_wrap.c the client side wrapping of the calls to the admin server
+ */
+
+#include "kadm_locl.h"
+
+RCSID("$Id: kadm_cli_wrap.c,v 1.21 1997/05/02 10:28:11 joda Exp $");
+
+#ifndef NULL
+#define NULL 0
+#endif
+
+static Kadm_Client client_parm;
+
+/* Macros for use in returning data... used in kadm_cli_send */
+#define RET_N_FREE(r) {clear_secrets(); free((char *)act_st); free((char *)priv_pak); return r;}
+
+/* Keys for use in the transactions */
+static des_cblock sess_key; /* to be filled in by kadm_cli_keyd */
+static des_key_schedule sess_sched;
+
+static void
+clear_secrets(void)
+{
+ memset(sess_key, 0, sizeof(sess_key));
+ memset(sess_sched, 0, sizeof(sess_sched));
+ return;
+}
+
+static RETSIGTYPE (*opipe)();
+
+static void
+kadm_cli_disconn(void)
+{
+ close(client_parm.admin_fd);
+ signal(SIGPIPE, opipe);
+ return;
+}
+
+/*
+ * kadm_init_link
+ * receives : name, inst, realm
+ *
+ * initializes client parm, the Kadm_Client structure which holds the
+ * data about the connection between the server and client, the services
+ * used, the locations and other fun things
+ */
+
+int
+kadm_init_link(char *n, char *i, char *r)
+{
+ struct hostent *hop; /* host we will talk to */
+ char adm_hostname[MaxHostNameLen];
+
+ init_kadm_err_tbl();
+ init_krb_err_tbl();
+ strcpy(client_parm.sname, n);
+ strcpy(client_parm.sinst, i);
+ strcpy(client_parm.krbrlm, r);
+ client_parm.admin_fd = -1;
+
+ /* set up the admin_addr - fetch name of admin host */
+ if (krb_get_admhst(adm_hostname, client_parm.krbrlm, 1) != KSUCCESS)
+ return KADM_NO_HOST;
+ if ((hop = gethostbyname(adm_hostname)) == NULL)
+ return KADM_UNK_HOST;
+ memset(&client_parm.admin_addr, 0, sizeof(client_parm.admin_addr));
+ client_parm.admin_addr.sin_port =
+ k_getportbyname(KADM_SNAME, "tcp", htons(KADM_PORT));
+ client_parm.admin_addr.sin_family = hop->h_addrtype;
+ memcpy(&client_parm.admin_addr.sin_addr, hop->h_addr,
+ sizeof(client_parm.admin_addr.sin_addr));
+
+ return KADM_SUCCESS;
+}
+
+static int
+kadm_cli_conn(void)
+{ /* this connects and sets my_addr */
+ int on = 1;
+
+ if ((client_parm.admin_fd =
+ socket(client_parm.admin_addr.sin_family, SOCK_STREAM,0)) < 0)
+ return KADM_NO_SOCK; /* couldnt create the socket */
+ if (connect(client_parm.admin_fd,
+ (struct sockaddr *) & client_parm.admin_addr,
+ sizeof(client_parm.admin_addr))) {
+ close(client_parm.admin_fd);
+ client_parm.admin_fd = -1;
+ return KADM_NO_CONN; /* couldnt get the connect */
+ }
+ opipe = signal(SIGPIPE, SIG_IGN);
+ client_parm.my_addr_len = sizeof(client_parm.my_addr);
+ if (getsockname(client_parm.admin_fd,
+ (struct sockaddr *) & client_parm.my_addr,
+ &client_parm.my_addr_len) < 0) {
+ close(client_parm.admin_fd);
+ client_parm.admin_fd = -1;
+ signal(SIGPIPE, opipe);
+ return KADM_NO_HERE; /* couldnt find out who we are */
+ }
+#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
+ if (setsockopt(client_parm.admin_fd, SOL_SOCKET, SO_KEEPALIVE,
+ (void *)&on,
+ sizeof(on)) < 0) {
+ close(client_parm.admin_fd);
+ client_parm.admin_fd = -1;
+ signal(SIGPIPE, opipe);
+ return KADM_NO_CONN; /* XXX */
+ }
+#endif
+ return KADM_SUCCESS;
+}
+
+/* takes in the sess_key and key_schedule and sets them appropriately */
+static int
+kadm_cli_keyd(des_cblock (*s_k), struct des_ks_struct *s_s)
+ /* session key */
+ /* session key schedule */
+{
+ CREDENTIALS cred; /* to get key data */
+ int stat;
+
+ /* want .sname and .sinst here.... */
+ if ((stat = krb_get_cred(client_parm.sname, client_parm.sinst,
+ client_parm.krbrlm, &cred)))
+ return stat + krb_err_base;
+ memcpy(s_k, cred.session, sizeof(des_cblock));
+ memset(cred.session, 0, sizeof(des_cblock));
+#ifdef NOENCRYPTION
+ memset(s_s, 0, sizeof(des_key_schedule));
+#else
+ if ((stat = des_key_sched(s_k,s_s)))
+ return(stat+krb_err_base);
+#endif
+ return KADM_SUCCESS;
+} /* This code "works" */
+
+static int
+kadm_cli_out(u_char *dat, int dat_len, u_char **ret_dat, int *ret_siz)
+{
+ u_int16_t dlen;
+ int retval;
+ char tmp[4];
+
+ dlen = (u_int16_t) dat_len;
+
+ if (dat_len != (int)dlen)
+ return (KADM_NO_ROOM);
+
+ tmp[0] = (dlen >> 8) & 0xff;
+ tmp[1] = dlen & 0xff;
+ if (krb_net_write(client_parm.admin_fd, tmp, 2) != 2)
+ return (errno); /* XXX */
+
+ if (krb_net_write(client_parm.admin_fd, (char *) dat, dat_len) < 0)
+ return (errno); /* XXX */
+
+
+ if ((retval = krb_net_read(client_parm.admin_fd, tmp, 2)) != 2){
+ if (retval < 0)
+ return(errno); /* XXX */
+ else
+ return(EPIPE); /* short read ! */
+ }
+ dlen = (tmp[0] << 8) | tmp[1];
+
+ *ret_dat = (u_char *)malloc((unsigned)dlen);
+ if (!*ret_dat)
+ return(KADM_NOMEM);
+
+ if ((retval = krb_net_read(client_parm.admin_fd, *ret_dat,
+ dlen) != dlen)) {
+ if (retval < 0)
+ return(errno); /* XXX */
+ else
+ return(EPIPE); /* short read ! */
+ }
+ *ret_siz = (int) dlen;
+ return KADM_SUCCESS;
+}
+
+/*
+ * kadm_cli_send
+ * recieves : opcode, packet, packet length, serv_name, serv_inst
+ * returns : return code from the packet build, the server, or
+ * something else
+ *
+ * It assembles a packet as follows:
+ * 8 bytes : VERSION STRING
+ * 4 bytes : LENGTH OF MESSAGE DATA and OPCODE
+ * : KTEXT
+ * : OPCODE \
+ * : DATA > Encrypted (with make priv)
+ * : ...... /
+ *
+ * If it builds the packet and it is small enough, then it attempts to open the
+ * connection to the admin server. If the connection is succesfully open
+ * then it sends the data and waits for a reply.
+ */
+static int
+kadm_cli_send(u_char *st_dat, int st_siz, u_char **ret_dat, int *ret_siz)
+ /* the actual data */
+ /* length of said data */
+ /* to give return info */
+ /* length of returned info */
+{
+ int act_len, retdat; /* current offset into packet, return
+ * data */
+ KTEXT_ST authent; /* the authenticator we will build */
+ u_char *act_st; /* the pointer to the complete packet */
+ u_char *priv_pak; /* private version of the packet */
+ int priv_len; /* length of private packet */
+ u_int32_t cksum; /* checksum of the packet */
+ MSG_DAT mdat;
+ u_char *return_dat;
+
+ act_st = (u_char *) malloc(KADM_VERSIZE); /* verstr stored first */
+ strncpy((char *)act_st, KADM_VERSTR, KADM_VERSIZE);
+ act_len = KADM_VERSIZE;
+
+ if ((retdat = kadm_cli_keyd(&sess_key, sess_sched)) != KADM_SUCCESS) {
+ free(act_st);
+ return retdat; /* couldnt get key working */
+ }
+ priv_pak = (u_char *) malloc((unsigned)(st_siz + 200));
+ /* 200 bytes for extra info case */
+ if ((priv_len = krb_mk_priv(st_dat, priv_pak, (u_int32_t)st_siz,
+ sess_sched, &sess_key, &client_parm.my_addr,
+ &client_parm.admin_addr)) < 0)
+ RET_N_FREE(KADM_NO_ENCRYPT); /* whoops... we got a lose
+ * here */
+ /* here is the length of priv data. receiver calcs
+ size of authenticator by subtracting vno size, priv size, and
+ sizeof(u_int32_t) (for the size indication) from total size */
+
+ act_len += vts_long((u_int32_t) priv_len, &act_st, act_len);
+#ifdef NOENCRYPTION
+ cksum = 0;
+#else
+ cksum = des_quad_cksum((des_cblock *)priv_pak, (des_cblock *)0, (long)priv_len, 0,
+ &sess_key);
+#endif
+ if ((retdat = krb_mk_req(&authent, client_parm.sname, client_parm.sinst,
+ client_parm.krbrlm, cksum))) {
+ /* authenticator? */
+ RET_N_FREE(retdat + krb_err_base);
+ }
+
+ act_st = (u_char *) realloc(act_st,
+ act_len + authent.length + priv_len);
+ if (!act_st) {
+ clear_secrets();
+ free(priv_pak);
+ return(KADM_NOMEM);
+ }
+ memcpy((char *)act_st + act_len, authent.dat, authent.length);
+ memcpy((char *)act_st + act_len + authent.length, priv_pak, priv_len);
+ free(priv_pak);
+ if ((retdat = kadm_cli_out(act_st,
+ act_len + authent.length + priv_len,
+ ret_dat, ret_siz)) != KADM_SUCCESS)
+ RET_N_FREE(retdat);
+ free(act_st);
+#define RET_N_FREE2(r) {free(*ret_dat); clear_secrets(); return(r);}
+
+ /* first see if it's a YOULOUSE */
+ if ((*ret_siz >= KADM_VERSIZE) &&
+ !strncmp(KADM_ULOSE, (char *)*ret_dat, KADM_VERSIZE)) {
+ unsigned char *p;
+ /* it's a youlose packet */
+ if (*ret_siz < KADM_VERSIZE + 4)
+ RET_N_FREE2(KADM_BAD_VER);
+ p = (*ret_dat)+KADM_VERSIZE;
+ retdat = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
+ RET_N_FREE2(retdat);
+ }
+ /* need to decode the ret_dat */
+ if ((retdat = krb_rd_priv(*ret_dat, (u_int32_t)*ret_siz, sess_sched,
+ &sess_key, &client_parm.admin_addr,
+ &client_parm.my_addr, &mdat)))
+ RET_N_FREE2(retdat+krb_err_base);
+ if (mdat.app_length < KADM_VERSIZE + 4)
+ /* too short! */
+ RET_N_FREE2(KADM_BAD_VER);
+ if (strncmp((char *)mdat.app_data, KADM_VERSTR, KADM_VERSIZE))
+ /* bad version */
+ RET_N_FREE2(KADM_BAD_VER);
+ {
+ unsigned char *p = mdat.app_data+KADM_VERSIZE;
+ retdat = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
+ }
+ {
+ int s=mdat.app_length - KADM_VERSIZE - 4;
+ if(s<=0) s=1;
+ if (!(return_dat = (u_char *)malloc(s)))
+ RET_N_FREE2(KADM_NOMEM);
+ }
+ memcpy(return_dat,
+ (char *) mdat.app_data + KADM_VERSIZE + 4,
+ mdat.app_length - KADM_VERSIZE - 4);
+ free(*ret_dat);
+ clear_secrets();
+ *ret_dat = return_dat;
+ *ret_siz = mdat.app_length - KADM_VERSIZE - 4;
+ return retdat;
+}
+
+
+
+/*
+ * kadm_change_pw_plain
+ *
+ * see kadm_change_pw
+ *
+ */
+int kadm_change_pw_plain(unsigned char *newkey, char *password, char **pw_msg)
+{
+ int stsize, retc; /* stream size and return code */
+ u_char *send_st; /* send stream */
+ u_char *ret_st;
+ int ret_sz;
+ int status;
+ static char msg[128];
+
+ if ((retc = kadm_cli_conn()) != KADM_SUCCESS)
+ return(retc);
+ /* possible problem with vts_long on a non-multiple of four boundary */
+
+ stsize = 0; /* start of our output packet */
+ send_st = (u_char *) malloc(1);/* to make it reallocable */
+ send_st[stsize++] = (u_char) CHANGE_PW;
+
+ /* change key to stream */
+
+ send_st = realloc(send_st, stsize + 8);
+ memcpy(send_st + stsize + 4, newkey, 4); /* yes, this is backwards */
+ memcpy(send_st + stsize, newkey + 4, 4);
+ stsize += 8;
+
+ if(password && *password)
+ stsize += vts_string(password, &send_st, stsize);
+
+ retc = kadm_cli_send(send_st, stsize, &ret_st, &ret_sz);
+ free(send_st);
+
+ if(retc != KADM_SUCCESS){
+ status = stv_string(ret_st, msg, 0, sizeof(msg), ret_sz);
+ if(status<0)
+ msg[0]=0;
+ *pw_msg=msg;
+ }
+
+ if (ret_st)
+ free(ret_st);
+
+ kadm_cli_disconn();
+ return(retc);
+}
+
+/*
+ * kadm_change_pw
+ * recieves : key
+ *
+ * Replaces the password (i.e. des key) of the caller with that specified in
+ * key. Returns no actual data from the master server, since this is called
+ * by a user
+ */
+
+int kadm_change_pw(unsigned char *newkey)
+{
+ char *pw_msg;
+ return kadm_change_pw_plain(newkey, "", &pw_msg);
+}
+
+/*
+ * kadm_add
+ * receives : vals
+ * returns : vals
+ *
+ * Adds and entry containing values to the database returns the values of the
+ * entry, so if you leave certain fields blank you will be able to determine
+ * the default values they are set to
+ */
+int
+kadm_add(Kadm_vals *vals)
+{
+ u_char *st, *st2; /* st will hold the stream of values */
+ int st_len; /* st2 the final stream with opcode */
+ int retc; /* return code from call */
+ u_char *ret_st;
+ int ret_sz;
+
+ if ((retc = kadm_cli_conn()) != KADM_SUCCESS)
+ return(retc);
+ st_len = vals_to_stream(vals, &st);
+ st2 = (u_char *) malloc((unsigned)(1 + st_len));
+ *st2 = (u_char) ADD_ENT; /* here's the opcode */
+ memcpy((char *) st2 + 1, st, st_len); /* append st on */
+ retc = kadm_cli_send(st2, st_len + 1, &ret_st, &ret_sz);
+ free(st);
+ free(st2);
+ if (retc == KADM_SUCCESS) {
+ /* ret_st has vals */
+ if (stream_to_vals(ret_st, vals, ret_sz) < 0)
+ retc = KADM_LENGTH_ERROR;
+ free(ret_st);
+ }
+ kadm_cli_disconn();
+ return(retc);
+}
+
+/*
+ * kadm_mod
+ * receives : KTEXT, {values, values}
+ * returns : CKSUM, RETCODE, {values}
+ * acl : su, sms (as register or dealloc)
+ *
+ * Modifies all entries corresponding to the first values so they match the
+ * second values. returns the values for the changed entries in vals2
+ */
+int
+kadm_mod(Kadm_vals *vals1, Kadm_vals *vals2)
+{
+ u_char *st, *st2; /* st will hold the stream of values */
+ int st_len, nlen; /* st2 the final stream with opcode */
+ u_char *ret_st;
+ int ret_sz;
+
+ /* nlen is the length of second vals */
+ int retc; /* return code from call */
+
+ if ((retc = kadm_cli_conn()) != KADM_SUCCESS)
+ return(retc);
+
+ st_len = vals_to_stream(vals1, &st);
+ st2 = (u_char *) malloc((unsigned)(1 + st_len));
+ *st2 = (u_char) MOD_ENT; /* here's the opcode */
+ memcpy((char *)st2 + 1, st, st_len++); /* append st on */
+ free(st);
+ nlen = vals_to_stream(vals2, &st);
+ st2 = (u_char *) realloc((char *) st2, (unsigned)(st_len + nlen));
+ memcpy((char *) st2 + st_len, st, nlen); /* append st on */
+ retc = kadm_cli_send(st2, st_len + nlen, &ret_st, &ret_sz);
+ free(st);
+ free(st2);
+ if (retc == KADM_SUCCESS) {
+ /* ret_st has vals */
+ if (stream_to_vals(ret_st, vals2, ret_sz) < 0)
+ retc = KADM_LENGTH_ERROR;
+ free(ret_st);
+ }
+ kadm_cli_disconn();
+ return(retc);
+}
+
+
+int
+kadm_del(Kadm_vals *vals)
+{
+ unsigned char *st, *st2; /* st will hold the stream of values */
+ int st_len; /* st2 the final stream with opcode */
+ int retc; /* return code from call */
+ u_char *ret_st;
+ int ret_sz;
+
+ if ((retc = kadm_cli_conn()) != KADM_SUCCESS)
+ return(retc);
+ st_len = vals_to_stream(vals, &st);
+ st2 = (unsigned char *) malloc(st_len + 1);
+ *st2 = DEL_ENT; /* here's the opcode */
+ memcpy(st2 + 1, st, st_len); /* append st on */
+ retc = kadm_cli_send(st2, st_len + 1, &ret_st, &ret_sz);
+ free(st);
+ free(st2);
+ kadm_cli_disconn();
+ return(retc);
+}
+
+
+/*
+ * kadm_get
+ * receives : KTEXT, {values, flags}
+ * returns : CKSUM, RETCODE, {count, values, values, values}
+ * acl : su
+ *
+ * gets the fields requested by flags from all entries matching values returns
+ * this data for each matching recipient, after a count of how many such
+ * matches there were
+ */
+int
+kadm_get(Kadm_vals *vals, u_char *fl)
+{
+ int loop; /* for copying the fields data */
+ u_char *st, *st2; /* st will hold the stream of values */
+ int st_len; /* st2 the final stream with opcode */
+ int retc; /* return code from call */
+ u_char *ret_st;
+ int ret_sz;
+
+ if ((retc = kadm_cli_conn()) != KADM_SUCCESS)
+ return(retc);
+ st_len = vals_to_stream(vals, &st);
+ st2 = (u_char *) malloc((unsigned)(1 + st_len + FLDSZ));
+ *st2 = (u_char) GET_ENT; /* here's the opcode */
+ memcpy((char *)st2 + 1, st, st_len); /* append st on */
+ for (loop = FLDSZ - 1; loop >= 0; loop--)
+ *(st2 + st_len + FLDSZ - loop) = fl[loop]; /* append the flags */
+ retc = kadm_cli_send(st2, st_len + 1 + FLDSZ, &ret_st, &ret_sz);
+ free(st);
+ free(st2);
+ if (retc == KADM_SUCCESS) {
+ /* ret_st has vals */
+ if (stream_to_vals(ret_st, vals, ret_sz) < 0)
+ retc = KADM_LENGTH_ERROR;
+ free(ret_st);
+ }
+ kadm_cli_disconn();
+ return(retc);
+}
diff --git a/crypto/kerberosIV/lib/kadm/kadm_err.et b/crypto/kerberosIV/lib/kadm/kadm_err.et
new file mode 100644
index 0000000..0a7c7b6
--- /dev/null
+++ b/crypto/kerberosIV/lib/kadm/kadm_err.et
@@ -0,0 +1,59 @@
+# $Id: kadm_err.et,v 1.4 1996/06/12 08:01:34 bg Exp $
+# $Author: bg $
+#
+# Copyright 1988 by the Massachusetts Institute of Technology.
+#
+# For copying and distribution information, please see the file
+# <mit-copyright.h>.
+#
+# Kerberos administration server error table
+#
+ et kadm
+
+# KADM_SUCCESS, as all success codes should be, is zero
+
+ec KADM_RCSID, "$Id: kadm_err.et,v 1.4 1996/06/12 08:01:34 bg Exp $"
+# /* Building and unbuilding the packet errors */
+ec KADM_NO_REALM, "Cannot fetch local realm"
+ec KADM_NO_CRED, "Unable to fetch credentials"
+ec KADM_BAD_KEY, "Bad key supplied"
+ec KADM_NO_ENCRYPT, "Can't encrypt data"
+ec KADM_NO_AUTH, "Cannot encode/decode authentication info"
+ec KADM_WRONG_REALM, "Principal attemping change is in wrong realm"
+ec KADM_NO_ROOM, "Packet is too large"
+ec KADM_BAD_VER, "Version number is incorrect"
+ec KADM_BAD_CHK, "Checksum does not match"
+ec KADM_NO_READ, "Unsealing private data failed"
+ec KADM_NO_OPCODE, "Unsupported operation"
+ec KADM_NO_HOST, "Could not find administrating host"
+ec KADM_UNK_HOST, "Administrating host name is unknown"
+ec KADM_NO_SERV, "Could not find service name in services database"
+ec KADM_NO_SOCK, "Could not create socket"
+ec KADM_NO_CONN, "Could not connect to server"
+ec KADM_NO_HERE, "Could not fetch local socket address"
+ec KADM_NO_MAST, "Could not fetch master key"
+ec KADM_NO_VERI, "Could not verify master key"
+
+# /* From the server side routines */
+ec KADM_INUSE, "Entry already exists in database"
+ec KADM_UK_SERROR, "Database store error"
+ec KADM_UK_RERROR, "Database read error"
+ec KADM_UNAUTH, "Insufficient access to perform requested operation"
+# KADM_DATA isn't really an error, but...
+ec KADM_DATA, "Data is available for return to client"
+ec KADM_NOENTRY, "No such entry in the database"
+
+ec KADM_NOMEM, "Memory exhausted"
+ec KADM_NO_HOSTNAME, "Could not fetch system hostname"
+ec KADM_NO_BIND, "Could not bind port"
+ec KADM_LENGTH_ERROR, "Length mismatch problem"
+ec KADM_ILL_WILDCARD, "Illegal use of wildcard"
+
+ec KADM_DB_INUSE, "Database is locked or in use--try again later"
+
+ec KADM_INSECURE_PW, "Insecure password rejected"
+ec KADM_PW_MISMATCH, "Cleartext password and DES key did not match"
+
+ec KADM_NOT_SERV_PRINC, "Invalid principal for change srvtab request"
+ec KADM_IMMUTABLE, "Attempt do delete immutable principal"
+end
diff --git a/crypto/kerberosIV/lib/kadm/kadm_locl.h b/crypto/kerberosIV/lib/kadm/kadm_locl.h
new file mode 100644
index 0000000..e6e374b
--- /dev/null
+++ b/crypto/kerberosIV/lib/kadm/kadm_locl.h
@@ -0,0 +1,90 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: kadm_locl.h,v 1.9 1997/05/20 18:40:44 bg Exp $ */
+
+#include "config.h"
+#include "protos.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include <signal.h>
+#include <time.h>
+#include <errno.h>
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+#include <roken.h>
+
+#include <des.h>
+#include <krb.h>
+#include <krb_err.h>
+#include <krb_db.h>
+#include <kadm.h>
+#include <kadm_err.h>
+
+int vts_long __P((u_int32_t, u_char **, int));
+int vals_to_stream __P((Kadm_vals *, u_char **));
+int stream_to_vals __P((u_char *, Kadm_vals *, int));
+
+int kadm_init_link __P((char n[], char i[], char r[]));
+int kadm_change_pw __P((des_cblock));
+int kadm_add __P((Kadm_vals *));
+int kadm_mod __P((Kadm_vals *, Kadm_vals *));
+int kadm_get __P((Kadm_vals *, u_char fl[4]));
+
+
diff --git a/crypto/kerberosIV/lib/kadm/kadm_stream.c b/crypto/kerberosIV/lib/kadm/kadm_stream.c
new file mode 100644
index 0000000..33fe177
--- /dev/null
+++ b/crypto/kerberosIV/lib/kadm/kadm_stream.c
@@ -0,0 +1,299 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+/*
+ * Stream conversion functions for Kerberos administration server
+ */
+
+/*
+ kadm_stream.c
+ this holds the stream support routines for the kerberos administration server
+
+ vals_to_stream: converts a vals struct to a stream for transmission
+ internals build_field_header, vts_[string, char, long, short]
+ stream_to_vals: converts a stream to a vals struct
+ internals check_field_header, stv_[string, char, long, short]
+ error: prints out a kadm error message, returns
+ fatal: prints out a kadm fatal error message, exits
+*/
+
+#include "kadm_locl.h"
+
+RCSID("$Id: kadm_stream.c,v 1.11 1997/05/02 10:28:05 joda Exp $");
+
+static int
+build_field_header(u_char *cont, u_char **st)
+ /* container for fields data */
+ /* stream */
+{
+ *st = (u_char *) malloc (4);
+ memcpy(*st, cont, 4);
+ return 4; /* return pointer to current stream location */
+}
+
+static int
+check_field_header(u_char *st, u_char *cont, int maxlen)
+ /* stream */
+ /* container for fields data */
+
+{
+ if (4 > maxlen)
+ return(-1);
+ memcpy(cont, st, 4);
+ return 4; /* return pointer to current stream location */
+}
+
+int
+vts_string(char *dat, u_char **st, int loc)
+ /* a string to put on the stream */
+ /* base pointer to the stream */
+ /* offset into the stream for current data */
+{
+ *st = (u_char *) realloc (*st, (unsigned) (loc + strlen(dat) + 1));
+ memcpy(*st + loc, dat, strlen(dat)+1);
+ return strlen(dat)+1;
+}
+
+
+static int
+vts_short(u_int16_t dat, u_char **st, int loc)
+ /* the attributes field */
+ /* a base pointer to the stream */
+ /* offset into the stream for current data */
+{
+ unsigned char *p;
+ p = realloc(*st, loc + 2);
+ if(p == NULL){
+ abort();
+ }
+ p[loc] = (dat >> 8) & 0xff;
+ p[loc+1] = dat & 0xff;
+ *st = p;
+ return 2;
+}
+
+static int
+vts_char(u_char dat, u_char **st, int loc)
+ /* the attributes field */
+ /* a base pointer to the stream */
+ /* offset into the stream for current data */
+{
+ unsigned char *p = realloc(*st, loc + 1);
+ if(p == NULL){
+ abort();
+ }
+ p[loc] = dat;
+ *st = p;
+ return 1;
+}
+
+int
+vts_long(u_int32_t dat, u_char **st, int loc)
+ /* the attributes field */
+ /* a base pointer to the stream */
+ /* offset into the stream for current data */
+{
+ unsigned char *p = realloc(*st, loc + 4);
+ if(p == NULL){
+ abort();
+ }
+ p[loc] = (dat >> 24) & 0xff;
+ p[loc+1] = (dat >> 16) & 0xff;
+ p[loc+2] = (dat >> 8) & 0xff;
+ p[loc+3] = dat & 0xff;
+ *st = p;
+ return 4;
+}
+
+int
+stv_string(u_char *st, /* base pointer to the stream */
+ char *dat, /* a string to read from the stream */
+ int loc, /* offset into the stream for current data */
+ int stlen, /* max length of string to copy in */
+ int maxlen) /* max length of input stream */
+{
+ int maxcount; /* max count of chars to copy */
+
+ maxcount = min(maxlen - loc, stlen);
+
+ if(maxcount <= 0)
+ return -1;
+
+ strncpy(dat, (char *)st + loc, maxcount);
+
+ if (dat[maxcount-1]) /* not null-term --> not enuf room */
+ return(-1);
+ return strlen(dat)+1;
+}
+
+static int
+stv_short(u_char *st, u_int16_t *dat, int loc, int maxlen)
+ /* a base pointer to the stream */
+ /* the attributes field */
+ /* offset into the stream for current data */
+
+{
+ if (maxlen - loc < 2)
+ return -1;
+
+ *dat = (st[loc] << 8) | st[loc + 1];
+ return 2;
+}
+
+int
+stv_long(u_char *st, u_int32_t *dat, int loc, int maxlen)
+ /* a base pointer to the stream */
+ /* the attributes field */
+ /* offset into the stream for current data */
+ /* maximum length of st */
+{
+ if (maxlen - loc < 4)
+ return -1;
+
+ *dat = (st[loc] << 24) | (st[loc+1] << 16) | (st[loc+2] << 8) | st[loc+3];
+ return 4;
+}
+
+static int
+stv_char(u_char *st, u_char *dat, int loc, int maxlen)
+ /* a base pointer to the stream */
+ /* the attributes field */
+ /* offset into the stream for current data */
+
+{
+ if (maxlen - loc < 1)
+ return -1;
+
+ *dat = st[loc];
+ return 1;
+}
+
+/*
+vals_to_stream
+ recieves : kadm_vals *, u_char *
+ returns : a realloced and filled in u_char *
+
+this function creates a byte-stream representation of the kadm_vals structure
+*/
+int
+vals_to_stream(Kadm_vals *dt_in, u_char **dt_out)
+{
+ int vsloop, stsize; /* loop counter, stream size */
+
+ stsize = build_field_header(dt_in->fields, dt_out);
+ for (vsloop=31; vsloop>=0; vsloop--)
+ if (IS_FIELD(vsloop,dt_in->fields)) {
+ switch (vsloop) {
+ case KADM_NAME:
+ stsize+=vts_string(dt_in->name, dt_out, stsize);
+ break;
+ case KADM_INST:
+ stsize+=vts_string(dt_in->instance, dt_out, stsize);
+ break;
+ case KADM_EXPDATE:
+ stsize+=vts_long(dt_in->exp_date, dt_out, stsize);
+ break;
+ case KADM_ATTR:
+ stsize+=vts_short(dt_in->attributes, dt_out, stsize);
+ break;
+ case KADM_MAXLIFE:
+ stsize+=vts_char(dt_in->max_life, dt_out, stsize);
+ break;
+ case KADM_DESKEY:
+ stsize+=vts_long(dt_in->key_high, dt_out, stsize);
+ stsize+=vts_long(dt_in->key_low, dt_out, stsize);
+ break;
+ default:
+ break;
+ }
+}
+ return(stsize);
+}
+
+/*
+stream_to_vals
+ recieves : u_char *, kadm_vals *
+ returns : a kadm_vals filled in according to u_char *
+
+this decodes a byte stream represntation of a vals struct into kadm_vals
+*/
+int
+stream_to_vals(u_char *dt_in, Kadm_vals *dt_out, int maxlen)
+
+
+ /* max length to use */
+{
+ int vsloop, stsize; /* loop counter, stream size */
+ int status;
+
+ memset(dt_out, 0, sizeof(*dt_out));
+
+ stsize = check_field_header(dt_in, dt_out->fields, maxlen);
+ if (stsize < 0)
+ return(-1);
+ for (vsloop=31; vsloop>=0; vsloop--)
+ if (IS_FIELD(vsloop,dt_out->fields))
+ switch (vsloop) {
+ case KADM_NAME:
+ if ((status = stv_string(dt_in, dt_out->name, stsize,
+ sizeof(dt_out->name), maxlen)) < 0)
+ return(-1);
+ stsize += status;
+ break;
+ case KADM_INST:
+ if ((status = stv_string(dt_in, dt_out->instance, stsize,
+ sizeof(dt_out->instance), maxlen)) < 0)
+ return(-1);
+ stsize += status;
+ break;
+ case KADM_EXPDATE:
+ if ((status = stv_long(dt_in, &dt_out->exp_date, stsize,
+ maxlen)) < 0)
+ return(-1);
+ stsize += status;
+ break;
+ case KADM_ATTR:
+ if ((status = stv_short(dt_in, &dt_out->attributes, stsize,
+ maxlen)) < 0)
+ return(-1);
+ stsize += status;
+ break;
+ case KADM_MAXLIFE:
+ if ((status = stv_char(dt_in, &dt_out->max_life, stsize,
+ maxlen)) < 0)
+ return(-1);
+ stsize += status;
+ break;
+ case KADM_DESKEY:
+ if ((status = stv_long(dt_in, &dt_out->key_high, stsize,
+ maxlen)) < 0)
+ return(-1);
+ stsize += status;
+ if ((status = stv_long(dt_in, &dt_out->key_low, stsize,
+ maxlen)) < 0)
+ return(-1);
+ stsize += status;
+ break;
+ default:
+ break;
+ }
+ return stsize;
+}
diff --git a/crypto/kerberosIV/lib/kadm/kadm_supp.c b/crypto/kerberosIV/lib/kadm/kadm_supp.c
new file mode 100644
index 0000000..9845267
--- /dev/null
+++ b/crypto/kerberosIV/lib/kadm/kadm_supp.c
@@ -0,0 +1,111 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+/*
+ * Support functions for Kerberos administration server & clients
+ */
+
+/*
+ kadm_supp.c
+ this holds the support routines for the kerberos administration server
+
+ error: prints out a kadm error message, returns
+ fatal: prints out a kadm fatal error message, exits
+ prin_vals: prints out data associated with a Principal in the vals
+ structure
+*/
+
+#include "kadm_locl.h"
+
+RCSID("$Id: kadm_supp.c,v 1.8 1997/05/02 10:27:58 joda Exp $");
+
+/*
+prin_vals:
+ recieves : a vals structure
+*/
+void
+prin_vals(Kadm_vals *vals)
+{
+ printf("Info in Database for %s.%s:\n", vals->name, vals->instance);
+ printf(" Max Life: %d (%s) Exp Date: %s\n",
+ vals->max_life,
+ krb_life_to_atime(vals->max_life),
+ asctime(k_localtime(&vals->exp_date)));
+ printf(" Attribs: %.2x key: %#lx %#lx\n",
+ vals->attributes,
+ (long)vals->key_low, (long)vals->key_high);
+}
+
+/* kadm_prin_to_vals takes a fields arguments, a Kadm_vals and a Principal,
+ it copies the fields in Principal specified by fields into Kadm_vals,
+ i.e from old to new */
+
+void
+kadm_prin_to_vals(u_char *fields, Kadm_vals *new, Principal *old)
+{
+ memset(new, 0, sizeof(*new));
+ if (IS_FIELD(KADM_NAME,fields)) {
+ strncpy(new->name, old->name, ANAME_SZ);
+ SET_FIELD(KADM_NAME, new->fields);
+ }
+ if (IS_FIELD(KADM_INST,fields)) {
+ strncpy(new->instance, old->instance, INST_SZ);
+ SET_FIELD(KADM_INST, new->fields);
+ }
+ if (IS_FIELD(KADM_EXPDATE,fields)) {
+ new->exp_date = old->exp_date;
+ SET_FIELD(KADM_EXPDATE, new->fields);
+ }
+ if (IS_FIELD(KADM_ATTR,fields)) {
+ new->attributes = old->attributes;
+ SET_FIELD(KADM_ATTR, new->fields);
+ }
+ if (IS_FIELD(KADM_MAXLIFE,fields)) {
+ new->max_life = old->max_life;
+ SET_FIELD(KADM_MAXLIFE, new->fields);
+ }
+ if (IS_FIELD(KADM_DESKEY,fields)) {
+ new->key_low = old->key_low;
+ new->key_high = old->key_high;
+ SET_FIELD(KADM_DESKEY, new->fields);
+ }
+}
+
+void
+kadm_vals_to_prin(u_char *fields, Principal *new, Kadm_vals *old)
+{
+
+ memset(new, 0, sizeof(*new));
+ if (IS_FIELD(KADM_NAME,fields))
+ strncpy(new->name, old->name, ANAME_SZ);
+ if (IS_FIELD(KADM_INST,fields))
+ strncpy(new->instance, old->instance, INST_SZ);
+ if (IS_FIELD(KADM_EXPDATE,fields))
+ new->exp_date = old->exp_date;
+ if (IS_FIELD(KADM_ATTR,fields))
+ new->attributes = old->attributes;
+ if (IS_FIELD(KADM_MAXLIFE,fields))
+ new->max_life = old->max_life;
+ if (IS_FIELD(KADM_DESKEY,fields)) {
+ new->key_low = old->key_low;
+ new->key_high = old->key_high;
+ }
+}
diff --git a/crypto/kerberosIV/lib/kafs/Makefile.in b/crypto/kerberosIV/lib/kafs/Makefile.in
new file mode 100644
index 0000000..e9c9121
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/Makefile.in
@@ -0,0 +1,90 @@
+#
+# $Id: Makefile.in,v 1.30 1997/05/06 03:47:35 assar Exp $
+#
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+CC = @CC@
+AR = ar
+RANLIB = @RANLIB@
+DEFS = @DEFS@ -DLIBDIR='"$(libdir)"'
+CFLAGS = @CFLAGS@
+
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+
+PICFLAGS = @PICFLAGS@
+
+LIBNAME = $(LIBPREFIX)kafs
+LIBEXT = @LIBEXT@
+SHLIBEXT = @SHLIBEXT@
+LIBPREFIX = @LIBPREFIX@
+LDSHARED = @LDSHARED@
+AFS_EXTRA_LIBS = @AFS_EXTRA_LIBS@
+LIB = $(LIBNAME).$(LIBEXT) $(AFS_EXTRA_LIBS)
+
+SOURCES = afssys.c afskrb.c afslib.c
+
+OBJECTS = afssys.o afskrb.o
+
+all: $(LIB)
+
+Wall:
+ make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+ $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $<
+
+install: all
+ $(MKINSTALLDIRS) $(libdir)
+ $(INSTALL_DATA) -m 0555 $(LIB) $(libdir)
+
+uninstall:
+ rm -f $(libdir)/$(LIB)
+
+TAGS: $(SOURCES)
+ etags $(SOURCES)
+
+check:
+
+clean:
+ rm -f $(LIB) *.o *.a
+
+mostlyclean: clean
+
+distclean: clean
+ rm -f Makefile *.tab.c *~
+
+realclean: distclean
+ rm -f TAGS
+
+dist: $(DISTFILES)
+ for file in $(DISTFILES); do \
+ ln $$file ../`cat ../.fname`/lib \
+ || cp -p $$file ../`cat ../.fname`/lib; \
+ done
+
+$(LIBNAME).a: $(OBJECTS) @AFS_EXTRA_OBJS@
+ rm -f $@
+ $(AR) cr $@ $(OBJECTS) @AFS_EXTRA_OBJS@
+ -$(RANLIB) $@
+
+
+$(LIBNAME).$(SHLIBEXT): $(OBJECTS)
+ rm -f $@
+ $(LDSHARED) -o $@ $(OBJECTS)
+
+# AIX: this almost works with gcc, but somehow it fails to use the
+# correct ld, use ld instead
+afslib.so: afslib.o
+ ld -o $@ -bM:SRE -bI:$(srcdir)/afsl.exp -bE:$(srcdir)/afslib.exp -bnoentry afslib.o
+
+$(OBJECTS): ../../include/config.h
diff --git a/crypto/kerberosIV/lib/kafs/afskrb.c b/crypto/kerberosIV/lib/kafs/afskrb.c
new file mode 100644
index 0000000..d979ac5
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/afskrb.c
@@ -0,0 +1,373 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kafs_locl.h"
+
+RCSID("$Id: afskrb.c,v 1.6 1997/05/26 17:38:24 bg Exp $");
+
+#define AUTH_SUPERUSER "afs"
+
+/*
+ * Here only ASCII characters are relevant.
+ */
+
+#define IsAsciiLower(c) ('a' <= (c) && (c) <= 'z')
+
+#define ToAsciiUpper(c) ((c) - 'a' + 'A')
+
+static void
+foldup(char *a, const char *b)
+{
+ for (; *b; a++, b++)
+ if (IsAsciiLower(*b))
+ *a = ToAsciiUpper(*b);
+ else
+ *a = *b;
+ *a = '\0';
+}
+
+static int
+get_cred(const char *princ, const char *inst, const char *krealm,
+ CREDENTIALS *c, KTEXT_ST *tkt)
+{
+ int k_errno = krb_get_cred((char*)princ, (char*)inst, (char*)krealm, c);
+
+ if (k_errno != KSUCCESS)
+ {
+ k_errno = krb_mk_req(tkt, (char*)princ, (char*)inst, (char*)krealm, 0);
+ if (k_errno == KSUCCESS)
+ k_errno = krb_get_cred((char*)princ, (char*)inst, (char*)krealm, c);
+ }
+ return k_errno;
+}
+
+
+/* Convert a string to a 32 bit ip number in network byte order.
+ Return 0 on error
+ */
+
+static u_int32_t
+ip_aton(char *ip)
+{
+ u_int32_t addr;
+ unsigned int a, b, c, d;
+
+ if(sscanf(ip, "%u.%u.%u.%u", &a, &b, &c, &d) != 4)
+ return 0;
+ if((a | b | c | d) > 255)
+ return 0;
+ addr = (a << 24) | (b << 16) | (c << 8) | d;
+ addr = htonl(addr);
+ return addr;
+}
+
+/* Try to get a db-server for an AFS cell from a AFSDB record */
+
+static int
+dns_find_cell(const char *cell, char *dbserver)
+{
+ struct dns_reply *r;
+ int ok = -1;
+ r = dns_lookup(cell, "afsdb");
+ if(r){
+ struct resource_record *rr = r->head;
+ while(rr){
+ if(rr->type == T_AFSDB && rr->u.afsdb->preference == 1){
+ strncpy(dbserver, rr->u.afsdb->domain, MaxHostNameLen);
+ dbserver[MaxHostNameLen - 1] = 0;
+ ok = 0;
+ break;
+ }
+ rr = rr->next;
+ }
+ dns_free_data(r);
+ }
+ return ok;
+}
+
+
+/* Find the realm associated with cell. Do this by opening
+ /usr/vice/etc/CellServDB and getting the realm-of-host for the
+ first VL-server for the cell.
+
+ This does not work when the VL-server is living in one cell, but
+ the cell it is serving is living in another cell.
+ */
+
+static char*
+realm_of_cell(const char *cell)
+{
+ FILE *F;
+ char buf[1024];
+ u_int32_t addr;
+ struct hostent *hp;
+ char *realm = NULL;
+
+ if((F = fopen(_PATH_CELLSERVDB, "r"))){
+ while(fgets(buf, sizeof(buf), F)){
+ if(buf[0] != '>')
+ continue;
+ if(strncmp(buf + 1, cell, strlen(cell)) == 0){
+ if(fgets(buf, sizeof(buf), F) == NULL)
+ break;
+ addr = ip_aton(buf);
+ if(addr == 0)
+ break;
+ hp = gethostbyaddr((char*)&addr, 4, AF_INET);
+ if(hp == NULL)
+ break;
+ strncpy (buf, hp->h_name, sizeof(buf));
+ buf[sizeof(buf) - 1] = '\0';
+ realm = krb_realmofhost(buf);
+ break;
+ }
+ }
+ fclose(F);
+ }
+ if(realm == NULL){
+ if(dns_find_cell(cell, buf) == 0)
+ realm = krb_realmofhost(buf);
+ }
+ return realm;
+}
+
+/*
+ * Get tokens for all cells[]
+ */
+static int
+k_afslog_cells(char *cells[], int max, const char *krealm, uid_t uid)
+{
+ int err = KSUCCESS;
+ int i;
+ for(i = 0; i < max; i++)
+ err = k_afsklog_uid(cells[i], krealm, uid);
+ return err;
+}
+
+/*
+ * Try to find the cells we should try to klog to in "file".
+ */
+static void
+k_find_cells(char *file, char *cells[], int size, int *index)
+{
+ FILE *f;
+ char cell[64];
+ int i;
+ f = fopen(file, "r");
+ if (f == NULL)
+ return;
+ while (*index < size && fgets(cell, sizeof(cell), f)) {
+ char *nl = strchr(cell, '\n');
+ if (nl) *nl = 0;
+ for(i = 0; i < *index; i++)
+ if(strcmp(cells[i], cell) == 0)
+ break;
+ if(i == *index)
+ cells[(*index)++] = strdup(cell);
+ }
+ fclose(f);
+}
+
+static int
+k_afsklog_all_local_cells(const char *krealm, uid_t uid)
+{
+ int err;
+ char *cells[32]; /* XXX */
+ int num_cells = sizeof(cells) / sizeof(cells[0]);
+ int index = 0;
+
+ char *p;
+
+ if ((p = getenv("HOME"))) {
+ char home[MaxPathLen];
+
+ if (k_concat(home, sizeof(home), p, "/.TheseCells", NULL) == 0)
+ k_find_cells(home, cells, num_cells, &index);
+ }
+ k_find_cells(_PATH_THESECELLS, cells, num_cells, &index);
+ k_find_cells(_PATH_THISCELL, cells, num_cells, &index);
+
+ err = k_afslog_cells(cells, index, krealm, uid);
+ while(index > 0)
+ free(cells[--index]);
+ return err;
+}
+
+int
+k_afsklog_uid(const char *cell, const char *krealm, uid_t uid)
+{
+ int k_errno;
+ CREDENTIALS c;
+ KTEXT_ST ticket;
+ char realm[REALM_SZ];
+ char *vl_realm; /* realm of vl-server */
+ char *lrealm; /* local realm */
+ char CELL[64];
+
+ if (cell == 0 || cell[0] == 0)
+ return k_afsklog_all_local_cells (krealm, uid);
+ foldup(CELL, cell);
+
+ k_errno = krb_get_lrealm(realm , 0);
+ if(k_errno == KSUCCESS && (krealm == NULL || strcmp(krealm, realm)))
+ lrealm = realm;
+ else
+ lrealm = NULL;
+
+ /* We're about to find the the realm that holds the key for afs in
+ * the specified cell. The problem is that null-instance
+ * afs-principals are common and that hitting the wrong realm might
+ * yield the wrong afs key. The following assumptions were made.
+ *
+ * Any realm passed to us is preferred.
+ *
+ * If there is a realm with the same name as the cell, it is most
+ * likely the correct realm to talk to.
+ *
+ * In most (maybe even all) cases the database servers of the cell
+ * will live in the realm we are looking for.
+ *
+ * Try the local realm, but if the previous cases fail, this is
+ * really a long shot.
+ *
+ */
+
+ /* comments on the ordering of these tests */
+
+ /* If the user passes a realm, she probably knows something we don't
+ * know and we should try afs@krealm (otherwise we're talking with a
+ * blondino and she might as well have it.)
+ */
+
+ k_errno = -1;
+ if(krealm){
+ k_errno = get_cred(AUTH_SUPERUSER, cell, krealm, &c, &ticket);
+ if(k_errno)
+ k_errno = get_cred(AUTH_SUPERUSER, "", krealm, &c, &ticket);
+ }
+
+ if(k_errno)
+ k_errno = get_cred(AUTH_SUPERUSER, cell, CELL, &c, &ticket);
+ if(k_errno)
+ k_errno = get_cred(AUTH_SUPERUSER, "", CELL, &c, &ticket);
+
+ /* this might work in some conditions */
+ if(k_errno && (vl_realm = realm_of_cell(cell))){
+ k_errno = get_cred(AUTH_SUPERUSER, cell, vl_realm, &c, &ticket);
+ if(k_errno)
+ k_errno = get_cred(AUTH_SUPERUSER, "", vl_realm, &c, &ticket);
+ }
+
+ if(k_errno && lrealm){
+ k_errno = get_cred(AUTH_SUPERUSER, cell, lrealm, &c, &ticket);
+#if 0
+ /* this is most likely never right anyway, but won't fail */
+ if(k_errno)
+ k_errno = get_cred(AUTH_SUPERUSER, "", lrealm, &c, &ticket);
+#endif
+ }
+
+ if (k_errno == KSUCCESS)
+ {
+ struct ViceIoctl parms;
+ struct ClearToken ct;
+ int32_t sizeof_x;
+ char buf[2048], *t;
+
+ /*
+ * Build a struct ClearToken
+ */
+ ct.AuthHandle = c.kvno;
+ memcpy (ct.HandShakeKey, c.session, sizeof(c.session));
+ ct.ViceId = uid; /* is this always valid? */
+ ct.BeginTimestamp = 1 + c.issue_date;
+ ct.EndTimestamp = krb_life_to_time(c.issue_date, c.lifetime);
+
+#define ODD(x) ((x) & 1)
+ /* If we don't know the numerical ID lifetime should be even? */
+ if (uid == 0 && ODD(ct.EndTimestamp - ct.BeginTimestamp))
+ ct.BeginTimestamp--;
+
+ t = buf;
+ /*
+ * length of secret token followed by secret token
+ */
+ sizeof_x = c.ticket_st.length;
+ memcpy(t, &sizeof_x, sizeof(sizeof_x));
+ t += sizeof(sizeof_x);
+ memcpy(t, c.ticket_st.dat, sizeof_x);
+ t += sizeof_x;
+ /*
+ * length of clear token followed by clear token
+ */
+ sizeof_x = sizeof(ct);
+ memcpy(t, &sizeof_x, sizeof(sizeof_x));
+ t += sizeof(sizeof_x);
+ memcpy(t, &ct, sizeof_x);
+ t += sizeof_x;
+
+ /*
+ * do *not* mark as primary cell
+ */
+ sizeof_x = 0;
+ memcpy(t, &sizeof_x, sizeof(sizeof_x));
+ t += sizeof(sizeof_x);
+ /*
+ * follow with cell name
+ */
+ sizeof_x = strlen(cell) + 1;
+ memcpy(t, cell, sizeof_x);
+ t += sizeof_x;
+
+ /*
+ * Build argument block
+ */
+ parms.in = buf;
+ parms.in_size = t - buf;
+ parms.out = 0;
+ parms.out_size = 0;
+ k_pioctl(0, VIOCSETTOK, &parms, 0);
+ }
+ return k_errno;
+}
+
+int
+k_afsklog(const char *cell, const char *krealm)
+{
+ return k_afsklog_uid (cell, krealm, getuid());
+}
diff --git a/crypto/kerberosIV/lib/kafs/afsl.exp b/crypto/kerberosIV/lib/kafs/afsl.exp
new file mode 100644
index 0000000..4d2b00e
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/afsl.exp
@@ -0,0 +1,6 @@
+#!/unix
+
+* This mumbo jumbo creates entry points to syscalls in _AIX
+
+lpioctl syscall
+lsetpag syscall
diff --git a/crypto/kerberosIV/lib/kafs/afslib.c b/crypto/kerberosIV/lib/kafs/afslib.c
new file mode 100644
index 0000000..12779bc
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/afslib.c
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * This file is only used with AIX
+ */
+
+#include "kafs_locl.h"
+
+RCSID("$Id: afslib.c,v 1.5 1997/04/20 13:21:15 joda Exp $");
+
+int
+aix_pioctl(char *a_path,
+ int o_opcode,
+ struct ViceIoctl *a_paramsP,
+ int a_followSymlinks)
+{
+ return lpioctl(a_path, o_opcode, a_paramsP, a_followSymlinks);
+}
+
+int
+aix_setpag(void)
+{
+ return lsetpag();
+}
diff --git a/crypto/kerberosIV/lib/kafs/afslib.exp b/crypto/kerberosIV/lib/kafs/afslib.exp
new file mode 100644
index 0000000..f288717
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/afslib.exp
@@ -0,0 +1,3 @@
+#!
+aix_pioctl
+aix_setpag
diff --git a/crypto/kerberosIV/lib/kafs/afssys.c b/crypto/kerberosIV/lib/kafs/afssys.c
new file mode 100644
index 0000000..741225c
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/afssys.c
@@ -0,0 +1,293 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kafs_locl.h"
+
+RCSID("$Id: afssys.c,v 1.53 1997/05/04 02:30:41 assar Exp $");
+
+/* Magic to get AIX syscalls to work */
+#ifdef _AIX
+
+static int (*Pioctl)(char*, int, void*, int);
+static int (*Setpag)(void);
+
+#include "dlfcn.h"
+
+static int
+isSuid()
+{
+ int uid = getuid();
+ int gid = getgid();
+ int euid = getegid();
+ int egid = getegid();
+ return (uid != euid) || (gid != egid);
+}
+
+static int
+aix_setup(void)
+{
+#ifdef STATIC_AFS_SYSCALLS
+ Pioctl = aix_pioctl;
+ Setpag = aix_setpag;
+#else
+ void *ptr;
+ char path[MaxPathLen], *p;
+ /*
+ * If we are root or running setuid don't trust AFSLIBPATH!
+ */
+ if (getuid() != 0 && !isSuid() && (p = getenv("AFSLIBPATH")) != NULL)
+ strcpy(path, p);
+ else
+ snprintf(path, sizeof(path), "%s/afslib.so", LIBDIR);
+
+ ptr = dlopen(path, 0);
+ if(ptr){
+ Setpag = (int (*)(void))dlsym(ptr, "aix_setpag");
+ Pioctl = (int (*)(char*, int, void*, int))dlsym(ptr, "aix_pioctl");
+ }
+#endif
+}
+#endif /* _AIX */
+
+#define NO_ENTRY_POINT 0
+#define SINGLE_ENTRY_POINT 1
+#define MULTIPLE_ENTRY_POINT 2
+#define SINGLE_ENTRY_POINT2 3
+#define SINGLE_ENTRY_POINT3 4
+#define AIX_ENTRY_POINTS 5
+#define UNKNOWN_ENTRY_POINT 6
+static int afs_entry_point = UNKNOWN_ENTRY_POINT;
+static int afs_syscalls[2];
+
+
+int
+k_pioctl(char *a_path,
+ int o_opcode,
+ struct ViceIoctl *a_paramsP,
+ int a_followSymlinks)
+{
+#ifndef NO_AFS
+ switch(afs_entry_point){
+#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3)
+ case SINGLE_ENTRY_POINT:
+ case SINGLE_ENTRY_POINT2:
+ case SINGLE_ENTRY_POINT3:
+ return syscall(afs_syscalls[0], AFSCALL_PIOCTL,
+ a_path, o_opcode, a_paramsP, a_followSymlinks);
+#endif
+#if defined(AFS_PIOCTL)
+ case MULTIPLE_ENTRY_POINT:
+ return syscall(afs_syscalls[0],
+ a_path, o_opcode, a_paramsP, a_followSymlinks);
+#endif
+#ifdef _AIX
+ case AIX_ENTRY_POINTS:
+ return Pioctl(a_path, o_opcode, a_paramsP, a_followSymlinks);
+#endif
+ }
+
+ errno = ENOSYS;
+#ifdef SIGSYS
+ kill(getpid(), SIGSYS); /* You loose! */
+#endif
+#endif /* NO_AFS */
+ return -1;
+}
+
+int
+k_afs_cell_of_file(const char *path, char *cell, int len)
+{
+ struct ViceIoctl parms;
+ parms.in = NULL;
+ parms.in_size = 0;
+ parms.out = cell;
+ parms.out_size = len;
+ return k_pioctl((char*)path, VIOC_FILE_CELL_NAME, &parms, 1);
+}
+
+int
+k_unlog(void)
+{
+ struct ViceIoctl parms;
+ memset(&parms, 0, sizeof(parms));
+ return k_pioctl(0, VIOCUNLOG, &parms, 0);
+}
+
+int
+k_setpag(void)
+{
+#ifndef NO_AFS
+ switch(afs_entry_point){
+#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3)
+ case SINGLE_ENTRY_POINT:
+ case SINGLE_ENTRY_POINT2:
+ case SINGLE_ENTRY_POINT3:
+ return syscall(afs_syscalls[0], AFSCALL_SETPAG);
+#endif
+#if defined(AFS_PIOCTL)
+ case MULTIPLE_ENTRY_POINT:
+ return syscall(afs_syscalls[1]);
+#endif
+#ifdef _AIX
+ case AIX_ENTRY_POINTS:
+ return Setpag();
+#endif
+ }
+
+ errno = ENOSYS;
+#ifdef SIGSYS
+ kill(getpid(), SIGSYS); /* You loose! */
+#endif
+#endif /* NO_AFS */
+ return -1;
+}
+
+static jmp_buf catch_SIGSYS;
+
+#ifdef SIGSYS
+
+static RETSIGTYPE
+SIGSYS_handler(int sig)
+{
+ errno = 0;
+ signal(SIGSYS, SIGSYS_handler); /* Need to reinstall handler on SYSV */
+ longjmp(catch_SIGSYS, 1);
+}
+
+#endif
+
+int
+k_hasafs(void)
+{
+ int saved_errno;
+ RETSIGTYPE (*saved_func)();
+ struct ViceIoctl parms;
+
+ /*
+ * Already checked presence of AFS syscalls?
+ */
+ if (afs_entry_point != UNKNOWN_ENTRY_POINT)
+ return afs_entry_point != NO_ENTRY_POINT;
+
+ /*
+ * Probe kernel for AFS specific syscalls,
+ * they (currently) come in two flavors.
+ * If the syscall is absent we recive a SIGSYS.
+ */
+ afs_entry_point = NO_ENTRY_POINT;
+ memset(&parms, 0, sizeof(parms));
+
+ saved_errno = errno;
+#ifndef NO_AFS
+#ifdef SIGSYS
+ saved_func = signal(SIGSYS, SIGSYS_handler);
+#endif
+
+#ifdef AFS_SYSCALL
+ if (setjmp(catch_SIGSYS) == 0)
+ {
+ syscall(AFS_SYSCALL, AFSCALL_PIOCTL,
+ 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
+ if (errno == EINVAL)
+ {
+ afs_entry_point = SINGLE_ENTRY_POINT;
+ afs_syscalls[0] = AFS_SYSCALL;
+ goto done;
+ }
+ }
+#endif /* AFS_SYSCALL */
+
+#ifdef AFS_PIOCTL
+ if (setjmp(catch_SIGSYS) == 0)
+ {
+ syscall(AFS_PIOCTL,
+ 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
+ if (errno == EINVAL)
+ {
+ afs_entry_point = MULTIPLE_ENTRY_POINT;
+ afs_syscalls[0] = AFS_PIOCTL;
+ afs_syscalls[1] = AFS_SETPAG;
+ goto done;
+ }
+ }
+#endif /* AFS_PIOCTL */
+
+#ifdef AFS_SYSCALL2
+ if (setjmp(catch_SIGSYS) == 0)
+ {
+ syscall(AFS_SYSCALL2, AFSCALL_PIOCTL,
+ 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
+ if (errno == EINVAL)
+ {
+ afs_entry_point = SINGLE_ENTRY_POINT2;
+ afs_syscalls[0] = AFS_SYSCALL2;
+ goto done;
+ }
+ }
+#endif /* AFS_SYSCALL */
+
+#ifdef AFS_SYSCALL3
+ if (setjmp(catch_SIGSYS) == 0)
+ {
+ syscall(AFS_SYSCALL3, AFSCALL_PIOCTL,
+ 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
+ if (errno == EINVAL)
+ {
+ afs_entry_point = SINGLE_ENTRY_POINT3;
+ afs_syscalls[0] = AFS_SYSCALL3;
+ goto done;
+ }
+ }
+#endif /* AFS_SYSCALL */
+
+#ifdef _AIX
+ aix_setup();
+ if(Pioctl != NULL && Setpag != NULL){
+ afs_entry_point = AIX_ENTRY_POINTS;
+ goto done;
+ }
+#endif
+
+done:
+#ifdef SIGSYS
+ signal(SIGSYS, saved_func);
+#endif
+#endif /* NO_AFS */
+ errno = saved_errno;
+ return afs_entry_point != NO_ENTRY_POINT;
+}
diff --git a/crypto/kerberosIV/lib/kafs/afssysdefs.h b/crypto/kerberosIV/lib/kafs/afssysdefs.h
new file mode 100644
index 0000000..028f9b3
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/afssysdefs.h
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: afssysdefs.h,v 1.15 1997/04/01 08:18:12 joda Exp $ */
+
+/*
+ * This section is for machines using single entry point AFS syscalls!
+ * and/or
+ * This section is for machines using multiple entry point AFS syscalls!
+ *
+ * SunOS 4 is an example of single entry point and sgi of multiple
+ * entry point syscalls.
+ */
+
+#if SunOS == 4
+#define AFS_SYSCALL 31
+#endif
+
+#if SunOS == 5
+#define AFS_SYSCALL 105
+#endif
+
+#if defined(__hpux)
+#define AFS_SYSCALL 50
+#define AFS_SYSCALL2 49
+#endif
+
+#if defined(_AIX)
+/* _AIX is too weird */
+#endif
+
+#if defined(__sgi)
+#define AFS_PIOCTL (64+1000)
+#define AFS_SETPAG (65+1000)
+#endif
+
+#if defined(__osf__)
+#define AFS_SYSCALL 232
+#define AFS_SYSCALL2 258
+#endif
+
+#if defined(__ultrix)
+#define AFS_SYSCALL 31
+#endif
+
+#if defined(__NetBSD__)
+#define AFS_SYSCALL 210
+#endif
+
+#ifdef SYS_afs_syscall
+#define AFS_SYSCALL3 SYS_afs_syscall
+#endif
diff --git a/crypto/kerberosIV/lib/kafs/dlfcn.c b/crypto/kerberosIV/lib/kafs/dlfcn.c
new file mode 100644
index 0000000..3f4de92
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/dlfcn.c
@@ -0,0 +1,570 @@
+/*
+ * @(#)dlfcn.c 1.11 revision of 96/04/10 20:12:51
+ * This is an unpublished work copyright (c) 1992 HELIOS Software GmbH
+ * 30159 Hannover, Germany
+ */
+
+/*
+ * Changes marked with `--jwe' were made on April 7 1996 by John W. Eaton
+ * <jwe@bevo.che.wisc.edu> to support g++ and/or use with Octave.
+ */
+
+/*
+ * This makes my life easier with Octave. --jwe
+ */
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/ldr.h>
+#include <a.out.h>
+#include <ldfcn.h>
+#include "dlfcn.h"
+
+/*
+ * We simulate dlopen() et al. through a call to load. Because AIX has
+ * no call to find an exported symbol we read the loader section of the
+ * loaded module and build a list of exported symbols and their virtual
+ * address.
+ */
+
+typedef struct {
+ char *name; /* the symbols's name */
+ void *addr; /* its relocated virtual address */
+} Export, *ExportPtr;
+
+/*
+ * xlC uses the following structure to list its constructors and
+ * destructors. This is gleaned from the output of munch.
+ */
+typedef struct {
+ void (*init)(void); /* call static constructors */
+ void (*term)(void); /* call static destructors */
+} Cdtor, *CdtorPtr;
+
+typedef void (*GccCDtorPtr)(void);
+
+/*
+ * The void * handle returned from dlopen is actually a ModulePtr.
+ */
+typedef struct Module {
+ struct Module *next;
+ char *name; /* module name for refcounting */
+ int refCnt; /* the number of references */
+ void *entry; /* entry point from load */
+ struct dl_info *info; /* optional init/terminate functions */
+ CdtorPtr cdtors; /* optional C++ constructors */
+ GccCDtorPtr gcc_ctor; /* g++ constructors --jwe */
+ GccCDtorPtr gcc_dtor; /* g++ destructors --jwe */
+ int nExports; /* the number of exports found */
+ ExportPtr exports; /* the array of exports */
+} Module, *ModulePtr;
+
+/*
+ * We keep a list of all loaded modules to be able to call the fini
+ * handlers and destructors at atexit() time.
+ */
+static ModulePtr modList;
+
+/*
+ * The last error from one of the dl* routines is kept in static
+ * variables here. Each error is returned only once to the caller.
+ */
+static char errbuf[BUFSIZ];
+static int errvalid;
+
+/*
+ * The `fixed' gcc header files on AIX 3.2.5 provide a prototype for
+ * strdup(). --jwe
+ */
+#ifndef HAVE_STRDUP
+extern char *strdup(const char *);
+#endif
+static void caterr(char *);
+static int readExports(ModulePtr);
+static void terminate(void);
+static void *findMain(void);
+
+void *dlopen(const char *path, int mode)
+{
+ ModulePtr mp;
+ static void *mainModule;
+
+ /*
+ * Upon the first call register a terminate handler that will
+ * close all libraries. Also get a reference to the main module
+ * for use with loadbind.
+ */
+ if (!mainModule) {
+ if ((mainModule = findMain()) == NULL)
+ return NULL;
+ atexit(terminate);
+ }
+ /*
+ * Scan the list of modules if we have the module already loaded.
+ */
+ for (mp = modList; mp; mp = mp->next)
+ if (strcmp(mp->name, path) == 0) {
+ mp->refCnt++;
+ return mp;
+ }
+ if ((mp = (ModulePtr)calloc(1, sizeof(*mp))) == NULL) {
+ errvalid++;
+ strcpy(errbuf, "calloc: ");
+ strcat(errbuf, strerror(errno));
+ return NULL;
+ }
+ if ((mp->name = strdup(path)) == NULL) {
+ errvalid++;
+ strcpy(errbuf, "strdup: ");
+ strcat(errbuf, strerror(errno));
+ free(mp);
+ return NULL;
+ }
+ /*
+ * load should be declared load(const char *...). Thus we
+ * cast the path to a normal char *. Ugly.
+ */
+ if ((mp->entry = (void *)load((char *)path, L_NOAUTODEFER, NULL)) == NULL) {
+ free(mp->name);
+ free(mp);
+ errvalid++;
+ strcpy(errbuf, "dlopen: ");
+ strcat(errbuf, path);
+ strcat(errbuf, ": ");
+ /*
+ * If AIX says the file is not executable, the error
+ * can be further described by querying the loader about
+ * the last error.
+ */
+ if (errno == ENOEXEC) {
+ char *tmp[BUFSIZ/sizeof(char *)];
+ if (loadquery(L_GETMESSAGES, tmp, sizeof(tmp)) == -1)
+ strcpy(errbuf, strerror(errno));
+ else {
+ char **p;
+ for (p = tmp; *p; p++)
+ caterr(*p);
+ }
+ } else
+ strcat(errbuf, strerror(errno));
+ return NULL;
+ }
+ mp->refCnt = 1;
+ mp->next = modList;
+ modList = mp;
+ if (loadbind(0, mainModule, mp->entry) == -1) {
+ dlclose(mp);
+ errvalid++;
+ strcpy(errbuf, "loadbind: ");
+ strcat(errbuf, strerror(errno));
+ return NULL;
+ }
+ /*
+ * If the user wants global binding, loadbind against all other
+ * loaded modules.
+ */
+ if (mode & RTLD_GLOBAL) {
+ ModulePtr mp1;
+ for (mp1 = mp->next; mp1; mp1 = mp1->next)
+ if (loadbind(0, mp1->entry, mp->entry) == -1) {
+ dlclose(mp);
+ errvalid++;
+ strcpy(errbuf, "loadbind: ");
+ strcat(errbuf, strerror(errno));
+ return NULL;
+ }
+ }
+ if (readExports(mp) == -1) {
+ dlclose(mp);
+ return NULL;
+ }
+ /*
+ * If there is a dl_info structure, call the init function.
+ */
+ if (mp->info = (struct dl_info *)dlsym(mp, "dl_info")) {
+ if (mp->info->init)
+ (*mp->info->init)();
+ } else
+ errvalid = 0;
+ /*
+ * If the shared object was compiled using xlC we will need
+ * to call static constructors (and later on dlclose destructors).
+ */
+ if (mp->cdtors = (CdtorPtr)dlsym(mp, "__cdtors")) {
+ CdtorPtr cp = mp->cdtors;
+ while (cp->init || cp->term) {
+ if (cp->init && cp->init != (void (*)(void))0xffffffff)
+ (*cp->init)();
+ cp++;
+ }
+ /*
+ * If the shared object was compiled using g++, we will need
+ * to call global constructors using the _GLOBAL__DI function,
+ * and later, global destructors using the _GLOBAL_DD
+ * funciton. --jwe
+ */
+ } else if (mp->gcc_ctor = (GccCDtorPtr)dlsym(mp, "_GLOBAL__DI")) {
+ (*mp->gcc_ctor)();
+ mp->gcc_dtor = (GccCDtorPtr)dlsym(mp, "_GLOBAL__DD");
+ } else
+ errvalid = 0;
+ return mp;
+}
+
+/*
+ * Attempt to decipher an AIX loader error message and append it
+ * to our static error message buffer.
+ */
+static void caterr(char *s)
+{
+ char *p = s;
+
+ while (*p >= '0' && *p <= '9')
+ p++;
+ switch(atoi(s)) {
+ case L_ERROR_TOOMANY:
+ strcat(errbuf, "to many errors");
+ break;
+ case L_ERROR_NOLIB:
+ strcat(errbuf, "can't load library");
+ strcat(errbuf, p);
+ break;
+ case L_ERROR_UNDEF:
+ strcat(errbuf, "can't find symbol");
+ strcat(errbuf, p);
+ break;
+ case L_ERROR_RLDBAD:
+ strcat(errbuf, "bad RLD");
+ strcat(errbuf, p);
+ break;
+ case L_ERROR_FORMAT:
+ strcat(errbuf, "bad exec format in");
+ strcat(errbuf, p);
+ break;
+ case L_ERROR_ERRNO:
+ strcat(errbuf, strerror(atoi(++p)));
+ break;
+ default:
+ strcat(errbuf, s);
+ break;
+ }
+}
+
+void *dlsym(void *handle, const char *symbol)
+{
+ ModulePtr mp = (ModulePtr)handle;
+ ExportPtr ep;
+ int i;
+
+ /*
+ * Could speed up the search, but I assume that one assigns
+ * the result to function pointers anyways.
+ */
+ for (ep = mp->exports, i = mp->nExports; i; i--, ep++)
+ if (strcmp(ep->name, symbol) == 0)
+ return ep->addr;
+ errvalid++;
+ strcpy(errbuf, "dlsym: undefined symbol ");
+ strcat(errbuf, symbol);
+ return NULL;
+}
+
+char *dlerror(void)
+{
+ if (errvalid) {
+ errvalid = 0;
+ return errbuf;
+ }
+ return NULL;
+}
+
+int dlclose(void *handle)
+{
+ ModulePtr mp = (ModulePtr)handle;
+ int result;
+ ModulePtr mp1;
+
+ if (--mp->refCnt > 0)
+ return 0;
+ if (mp->info && mp->info->fini)
+ (*mp->info->fini)();
+ if (mp->cdtors) {
+ CdtorPtr cp = mp->cdtors;
+ while (cp->init || cp->term) {
+ if (cp->term && cp->init != (void (*)(void))0xffffffff)
+ (*cp->term)();
+ cp++;
+ }
+ /*
+ * If the function to handle global destructors for g++
+ * exists, call it. --jwe
+ */
+ } else if (mp->gcc_dtor) {
+ (*mp->gcc_dtor)();
+ }
+ result = unload(mp->entry);
+ if (result == -1) {
+ errvalid++;
+ strcpy(errbuf, strerror(errno));
+ }
+ if (mp->exports) {
+ ExportPtr ep;
+ int i;
+ for (ep = mp->exports, i = mp->nExports; i; i--, ep++)
+ if (ep->name)
+ free(ep->name);
+ free(mp->exports);
+ }
+ if (mp == modList)
+ modList = mp->next;
+ else {
+ for (mp1 = modList; mp1; mp1 = mp1->next)
+ if (mp1->next == mp) {
+ mp1->next = mp->next;
+ break;
+ }
+ }
+ free(mp->name);
+ free(mp);
+ return result;
+}
+
+static void terminate(void)
+{
+ while (modList)
+ dlclose(modList);
+}
+
+/*
+ * Build the export table from the XCOFF .loader section.
+ */
+static int readExports(ModulePtr mp)
+{
+ LDFILE *ldp = NULL;
+ SCNHDR sh, shdata;
+ LDHDR *lhp;
+ char *ldbuf;
+ LDSYM *ls;
+ int i;
+ ExportPtr ep;
+
+ if ((ldp = ldopen(mp->name, ldp)) == NULL) {
+ struct ld_info *lp;
+ char *buf;
+ int size = 4*1024;
+ if (errno != ENOENT) {
+ errvalid++;
+ strcpy(errbuf, "readExports: ");
+ strcat(errbuf, strerror(errno));
+ return -1;
+ }
+ /*
+ * The module might be loaded due to the LIBPATH
+ * environment variable. Search for the loaded
+ * module using L_GETINFO.
+ */
+ if ((buf = malloc(size)) == NULL) {
+ errvalid++;
+ strcpy(errbuf, "readExports: ");
+ strcat(errbuf, strerror(errno));
+ return -1;
+ }
+ while ((i = loadquery(L_GETINFO, buf, size)) == -1 && errno == ENOMEM) {
+ free(buf);
+ size += 4*1024;
+ if ((buf = malloc(size)) == NULL) {
+ errvalid++;
+ strcpy(errbuf, "readExports: ");
+ strcat(errbuf, strerror(errno));
+ return -1;
+ }
+ }
+ if (i == -1) {
+ errvalid++;
+ strcpy(errbuf, "readExports: ");
+ strcat(errbuf, strerror(errno));
+ free(buf);
+ return -1;
+ }
+ /*
+ * Traverse the list of loaded modules. The entry point
+ * returned by load() does actually point to the data
+ * segment origin.
+ */
+ lp = (struct ld_info *)buf;
+ while (lp) {
+ if (lp->ldinfo_dataorg == mp->entry) {
+ ldp = ldopen(lp->ldinfo_filename, ldp);
+ break;
+ }
+ if (lp->ldinfo_next == 0)
+ lp = NULL;
+ else
+ lp = (struct ld_info *)((char *)lp + lp->ldinfo_next);
+ }
+ free(buf);
+ if (!ldp) {
+ errvalid++;
+ strcpy(errbuf, "readExports: ");
+ strcat(errbuf, strerror(errno));
+ return -1;
+ }
+ }
+ if (TYPE(ldp) != U802TOCMAGIC) {
+ errvalid++;
+ strcpy(errbuf, "readExports: bad magic");
+ while(ldclose(ldp) == FAILURE)
+ ;
+ return -1;
+ }
+ /*
+ * Get the padding for the data section. This is needed for
+ * AIX 4.1 compilers. This is used when building the final
+ * function pointer to the exported symbol.
+ */
+ if (ldnshread(ldp, _DATA, &shdata) != SUCCESS) {
+ errvalid++;
+ strcpy(errbuf, "readExports: cannot read data section header");
+ while(ldclose(ldp) == FAILURE)
+ ;
+ return -1;
+ }
+ if (ldnshread(ldp, _LOADER, &sh) != SUCCESS) {
+ errvalid++;
+ strcpy(errbuf, "readExports: cannot read loader section header");
+ while(ldclose(ldp) == FAILURE)
+ ;
+ return -1;
+ }
+ /*
+ * We read the complete loader section in one chunk, this makes
+ * finding long symbol names residing in the string table easier.
+ */
+ if ((ldbuf = (char *)malloc(sh.s_size)) == NULL) {
+ errvalid++;
+ strcpy(errbuf, "readExports: ");
+ strcat(errbuf, strerror(errno));
+ while(ldclose(ldp) == FAILURE)
+ ;
+ return -1;
+ }
+ if (FSEEK(ldp, sh.s_scnptr, BEGINNING) != OKFSEEK) {
+ errvalid++;
+ strcpy(errbuf, "readExports: cannot seek to loader section");
+ free(ldbuf);
+ while(ldclose(ldp) == FAILURE)
+ ;
+ return -1;
+ }
+ if (FREAD(ldbuf, sh.s_size, 1, ldp) != 1) {
+ errvalid++;
+ strcpy(errbuf, "readExports: cannot read loader section");
+ free(ldbuf);
+ while(ldclose(ldp) == FAILURE)
+ ;
+ return -1;
+ }
+ lhp = (LDHDR *)ldbuf;
+ ls = (LDSYM *)(ldbuf+LDHDRSZ);
+ /*
+ * Count the number of exports to include in our export table.
+ */
+ for (i = lhp->l_nsyms; i; i--, ls++) {
+ if (!LDR_EXPORT(*ls))
+ continue;
+ mp->nExports++;
+ }
+ if ((mp->exports = (ExportPtr)calloc(mp->nExports, sizeof(*mp->exports))) == NULL) {
+ errvalid++;
+ strcpy(errbuf, "readExports: ");
+ strcat(errbuf, strerror(errno));
+ free(ldbuf);
+ while(ldclose(ldp) == FAILURE)
+ ;
+ return -1;
+ }
+ /*
+ * Fill in the export table. All entries are relative to
+ * the entry point we got from load.
+ */
+ ep = mp->exports;
+ ls = (LDSYM *)(ldbuf+LDHDRSZ);
+ for (i = lhp->l_nsyms; i; i--, ls++) {
+ char *symname;
+ char tmpsym[SYMNMLEN+1];
+ if (!LDR_EXPORT(*ls))
+ continue;
+ if (ls->l_zeroes == 0)
+ symname = ls->l_offset+lhp->l_stoff+ldbuf;
+ else {
+ /*
+ * The l_name member is not zero terminated, we
+ * must copy the first SYMNMLEN chars and make
+ * sure we have a zero byte at the end.
+ */
+ strncpy(tmpsym, ls->l_name, SYMNMLEN);
+ tmpsym[SYMNMLEN] = '\0';
+ symname = tmpsym;
+ }
+ ep->name = strdup(symname);
+ ep->addr = (void *)((unsigned long)mp->entry +
+ ls->l_value - shdata.s_vaddr);
+ ep++;
+ }
+ free(ldbuf);
+ while(ldclose(ldp) == FAILURE)
+ ;
+ return 0;
+}
+
+/*
+ * Find the main modules entry point. This is used as export pointer
+ * for loadbind() to be able to resolve references to the main part.
+ */
+static void * findMain(void)
+{
+ struct ld_info *lp;
+ char *buf;
+ int size = 4*1024;
+ int i;
+ void *ret;
+
+ if ((buf = malloc(size)) == NULL) {
+ errvalid++;
+ strcpy(errbuf, "findMain: ");
+ strcat(errbuf, strerror(errno));
+ return NULL;
+ }
+ while ((i = loadquery(L_GETINFO, buf, size)) == -1 && errno == ENOMEM) {
+ free(buf);
+ size += 4*1024;
+ if ((buf = malloc(size)) == NULL) {
+ errvalid++;
+ strcpy(errbuf, "findMain: ");
+ strcat(errbuf, strerror(errno));
+ return NULL;
+ }
+ }
+ if (i == -1) {
+ errvalid++;
+ strcpy(errbuf, "findMain: ");
+ strcat(errbuf, strerror(errno));
+ free(buf);
+ return NULL;
+ }
+ /*
+ * The first entry is the main module. The entry point
+ * returned by load() does actually point to the data
+ * segment origin.
+ */
+ lp = (struct ld_info *)buf;
+ ret = lp->ldinfo_dataorg;
+ free(buf);
+ return ret;
+}
diff --git a/crypto/kerberosIV/lib/kafs/dlfcn.h b/crypto/kerberosIV/lib/kafs/dlfcn.h
new file mode 100644
index 0000000..5671e9c
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/dlfcn.h
@@ -0,0 +1,46 @@
+/*
+ * @(#)dlfcn.h 1.4 revision of 95/04/25 09:36:52
+ * This is an unpublished work copyright (c) 1992 HELIOS Software GmbH
+ * 30159 Hannover, Germany
+ */
+
+#ifndef __dlfcn_h__
+#define __dlfcn_h__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Mode flags for the dlopen routine.
+ */
+#define RTLD_LAZY 1 /* lazy function call binding */
+#define RTLD_NOW 2 /* immediate function call binding */
+#define RTLD_GLOBAL 0x100 /* allow symbols to be global */
+
+/*
+ * To be able to intialize, a library may provide a dl_info structure
+ * that contains functions to be called to initialize and terminate.
+ */
+struct dl_info {
+ void (*init)(void);
+ void (*fini)(void);
+};
+
+#if __STDC__ || defined(_IBMR2)
+void *dlopen(const char *path, int mode);
+void *dlsym(void *handle, const char *symbol);
+char *dlerror(void);
+int dlclose(void *handle);
+#else
+void *dlopen();
+void *dlsym();
+char *dlerror();
+int dlclose();
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __dlfcn_h__ */
diff --git a/crypto/kerberosIV/lib/kafs/kafs.h b/crypto/kerberosIV/lib/kafs/kafs.h
new file mode 100644
index 0000000..b3c53b5
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/kafs.h
@@ -0,0 +1,100 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: kafs.h,v 1.19 1997/05/14 17:41:02 joda Exp $ */
+
+#ifndef __KAFS_H
+#define __KAFS_H
+
+#include <ktypes.h>
+#include <sys/cdefs.h>
+/* sys/ioctl.h must be included manually before kafs.h */
+
+/*
+ */
+#define AFSCALL_PIOCTL 20
+#define AFSCALL_SETPAG 21
+
+#ifndef _VICEIOCTL
+#define _VICEIOCTL(id) ((unsigned int ) _IOW('V', id, struct ViceIoctl))
+#endif /* _VICEIOCTL */
+
+#define VIOCSETTOK _VICEIOCTL(3)
+#define VIOCGETTOK _VICEIOCTL(8)
+#define VIOCUNLOG _VICEIOCTL(9)
+#define VIOC_FILE_CELL_NAME _VICEIOCTL(30)
+
+struct ViceIoctl {
+ caddr_t in, out;
+ short in_size;
+ short out_size;
+};
+
+struct ClearToken {
+ int32_t AuthHandle;
+ char HandShakeKey[8];
+ int32_t ViceId;
+ int32_t BeginTimestamp;
+ int32_t EndTimestamp;
+};
+
+#ifndef __P
+#define __P(x) x
+#endif
+
+/* Use k_hasafs() to probe if the machine supports AFS syscalls.
+ The other functions will generate a SIGSYS if AFS is not supported */
+
+int k_hasafs __P((void));
+
+int k_afsklog __P((const char *cell, const char *realm));
+int k_afsklog_uid __P((const char *cell, const char *realm, uid_t uid));
+int k_pioctl __P((char *a_path,
+ int o_opcode,
+ struct ViceIoctl *a_paramsP,
+ int a_followSymlinks));
+int k_unlog __P((void));
+int k_setpag __P((void));
+int k_afs_cell_of_file __P((const char *path, char *cell, int len));
+
+#define _PATH_VICE "/usr/vice/etc/"
+#define _PATH_THISCELL _PATH_VICE "ThisCell"
+#define _PATH_CELLSERVDB _PATH_VICE "CellServDB"
+#define _PATH_THESECELLS _PATH_VICE "TheseCells"
+
+#endif /* __KAFS_H */
diff --git a/crypto/kerberosIV/lib/kafs/kafs_locl.h b/crypto/kerberosIV/lib/kafs/kafs_locl.h
new file mode 100644
index 0000000..6ada6ab
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/kafs_locl.h
@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: kafs_locl.h,v 1.3 1997/05/04 23:04:44 assar Exp $ */
+
+#ifndef __KAFS_LOCL_H__
+#define __KAFS_LOCL_H__
+
+#include <config.h>
+#include <protos.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
+#include <setjmp.h>
+#include <errno.h>
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4
+#include <sys/ioctl.h>
+#endif
+#ifdef HAVE_SYS_FILIO_H
+#include <sys/filio.h>
+#endif
+
+#ifdef HAVE_SYS_SYSCALL_H
+#include <sys/syscall.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+#include <resolv.h>
+#endif
+#include <roken.h>
+
+#include <krb.h>
+#include <kafs.h>
+
+#include <resolve.h>
+
+#include "afssysdefs.h"
+
+
+#endif /* __KAFS_LOCL_H__ */
diff --git a/crypto/kerberosIV/lib/kdb/Makefile.in b/crypto/kerberosIV/lib/kdb/Makefile.in
new file mode 100644
index 0000000..f6fb962
--- /dev/null
+++ b/crypto/kerberosIV/lib/kdb/Makefile.in
@@ -0,0 +1,83 @@
+#
+# $Id: Makefile.in,v 1.25 1997/05/06 03:47:39 assar Exp $
+#
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+CC = @CC@
+AR = ar
+RANLIB = @RANLIB@
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@
+
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+
+PICFLAGS = @PICFLAGS@
+
+LIBNAME = $(LIBPREFIX)kdb
+LIBEXT = @LIBEXT@
+SHLIBEXT = @SHLIBEXT@
+LIBPREFIX = @LIBPREFIX@
+LDSHARED = @LDSHARED@
+LIB = $(LIBNAME).$(LIBEXT)
+
+SOURCES = krb_cache.c krb_kdb_utils.c copykey.c krb_lib.c krb_dbm.c print_princ.c base64.c
+
+OBJECTS = krb_cache.o krb_kdb_utils.o copykey.o krb_lib.o krb_dbm.o print_princ.o base64.o
+
+all: $(LIB)
+
+Wall:
+ make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+ $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $<
+
+install: all
+ $(MKINSTALLDIRS) $(libdir)
+ $(INSTALL_DATA) -m 0555 $(LIB) $(libdir)
+
+uninstall:
+ rm -f $(libdir)/$(LIB)
+
+TAGS: $(SOURCES)
+ etags $(SOURCES)
+
+check:
+
+clean:
+ rm -f $(LIB) *.o *.a
+
+mostlyclean: clean
+
+distclean: clean
+ rm -f Makefile *.tab.c *~
+
+realclean: distclean
+ rm -f TAGS
+
+dist: $(DISTFILES)
+ for file in $(DISTFILES); do \
+ ln $$file ../`cat ../.fname`/lib \
+ || cp -p $$file ../`cat ../.fname`/lib; \
+ done
+
+$(LIBNAME).a: $(OBJECTS)
+ rm -f $@
+ $(AR) cr $@ $(OBJECTS)
+ -$(RANLIB) $@
+
+$(LIBNAME).$(SHLIBEXT): $(OBJECTS)
+ rm -f $@
+ $(LDSHARED) -o $@ $(OBJECTS)
+
+$(OBJECTS): ../../include/config.h
diff --git a/crypto/kerberosIV/lib/kdb/base64.c b/crypto/kerberosIV/lib/kdb/base64.c
new file mode 100644
index 0000000..d7e89c4
--- /dev/null
+++ b/crypto/kerberosIV/lib/kdb/base64.c
@@ -0,0 +1,150 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: base64.c,v 1.7 1997/04/01 08:18:16 joda Exp $");
+#endif
+
+#include <stdlib.h>
+#include <ctype.h>
+#include <string.h>
+#include "base64.h"
+
+static char base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+static int POS(char c)
+{
+ if(c == '=') return 64;
+ if(isupper(c))
+ return c - 'A';
+ if(islower(c))
+ return c - 'a' + 26;
+ if(isdigit(c))
+ return c - '0' + 52;
+ if(c == '+')
+ return 62;
+ if(c == '/')
+ return 63;
+ return -1;
+}
+
+char *base64_encode(const void *buf, int size)
+{
+ char *str = (char*)malloc((size+3)*4/3+1);
+ char *p=str;
+ unsigned char *q = (unsigned char*)buf;
+ int i;
+ int c;
+ i=0;
+ while(i<size){
+ c=q[i++];
+ c*=256;
+ if(i<size)
+ c+=q[i];
+ i++;
+ c*=256;
+ if(i<size)
+ c+=q[i];
+ i++;
+ p[0]=base64[(c&0x00fc0000) >> 18];
+ p[1]=base64[(c&0x0003f000) >> 12];
+ p[2]=base64[(c&0x00000fc0) >> 6];
+ p[3]=base64[(c&0x0000003f) >> 0];
+ if(i>size)
+ p[3]='=';
+ if(i>size+1)
+ p[2]='=';
+ p+=4;
+ }
+ *p=0;
+ return str;
+}
+
+/* convert string in s to binary data. s should be a multiple of 4
+ * bytes long. data should be at least len(s) * 3 / 4 bytes long.
+ * returns
+ */
+int base64_decode(char *s, void *data)
+{
+ char *p;
+ unsigned char *q;
+ int n[4];
+
+ if(strlen(s) % 4)
+ return -1;
+ q=(unsigned char*)data;
+ for(p=s; *p; p+=4){
+ n[0] = POS(p[0]);
+ n[1] = POS(p[1]);
+ n[2] = POS(p[2]);
+ n[3] = POS(p[3]);
+ if((n[0] | n[1] | n[2] | n[3]) < 0)
+ return -1;
+
+ if(n[0] == 64 || n[1] == 64)
+ return -1;
+ if(n[2] == 64 && n[3] < 64)
+ return -1;
+ q[0] = (n[0] << 2) + (n[1] >> 4);
+ if(n[2] < 64){
+ q[1] = ((n[1] & 15) << 4) + (n[2] >> 2);
+ }
+ if(n[3] < 64){
+ q[2] = ((n[2] & 3) << 6) + n[3];
+ }
+ q+=3;
+ }
+ q -= (n[2] == 64) + (n[3] == 64);
+ return q - (unsigned char*)data;
+}
+
+#ifdef TEST
+int main(int argc, char **argv)
+{
+ char str[128];
+ char buf[128];
+ char *p;
+ printf("base64_encode(\"%s\") = \"%s\"\n", argv[1],
+ p=base64_encode(argv[1], strlen(argv[1])));
+ printf("base64_decode(\"%s\") = %d", p, base64_decode(p, buf));
+ printf(" (\"%s\")\n", buf);
+ printf("base64_decode(\"%s\") = %d", argv[1], base64_decode(argv[1], buf));
+ printf(" (\"%s\")\n", buf);
+}
+#endif
diff --git a/crypto/kerberosIV/lib/kdb/base64.h b/crypto/kerberosIV/lib/kdb/base64.h
new file mode 100644
index 0000000..edfb344
--- /dev/null
+++ b/crypto/kerberosIV/lib/kdb/base64.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: base64.h,v 1.5 1997/04/01 08:18:16 joda Exp $ */
+
+#ifndef _BASE64_H_
+#define _BASE64_H_
+
+char *base64_encode(const void *buf, int size);
+int base64_decode(char *s, void *data);
+
+#endif
diff --git a/crypto/kerberosIV/lib/kdb/copykey.c b/crypto/kerberosIV/lib/kdb/copykey.c
new file mode 100644
index 0000000..a78baf7
--- /dev/null
+++ b/crypto/kerberosIV/lib/kdb/copykey.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kdb_locl.h"
+
+RCSID("$Id: copykey.c,v 1.10 1997/04/01 08:18:17 joda Exp $");
+
+void
+copy_from_key(des_cblock in, u_int32_t *lo, u_int32_t *hi)
+{
+ memcpy(lo, ((char *) in) + 0, 4);
+ memcpy(hi, ((char *) in) + 4, 4);
+}
+
+void
+copy_to_key(u_int32_t *lo, u_int32_t *hi, des_cblock out)
+{
+ memcpy(((char *)out) + 0, lo, 4);
+ memcpy(((char *)out) + 4, hi, 4);
+}
diff --git a/crypto/kerberosIV/lib/kdb/kdb_locl.h b/crypto/kerberosIV/lib/kdb/kdb_locl.h
new file mode 100644
index 0000000..fe4d079
--- /dev/null
+++ b/crypto/kerberosIV/lib/kdb/kdb_locl.h
@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: kdb_locl.h,v 1.9 1997/05/02 14:29:08 assar Exp $ */
+
+#ifndef __kdb_locl_h
+#define __kdb_locl_h
+
+#include "config.h"
+#include "protos.h"
+
+#include "base64.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <unistd.h>
+#include <errno.h>
+
+#include <sys/types.h>
+
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <utime.h>
+#include <sys/file.h>
+#include <roken.h>
+
+#include <krb.h>
+#include <krb_db.h>
+
+/* --- */
+
+/* Globals! */
+
+/* Utils */
+
+int kerb_db_set_lockmode __P((int));
+void kerb_db_fini __P((void));
+int kerb_db_init __P((void));
+int kerb_db_get_principal __P((char *name, char *, Principal *, unsigned int, int *));
+int kerb_db_get_dba __P((char *, char *, Dba *, unsigned int, int *));
+
+void delta_stat __P((DB_stat *, DB_stat *, DB_stat *));
+
+int kerb_cache_init __P((void));
+int kerb_cache_get_principal __P((char *name, char *, Principal *, unsigned int));
+int kerb_cache_put_principal __P((Principal *, unsigned int));
+int kerb_cache_get_dba __P((char *, char *, Dba *, unsigned int));
+int kerb_cache_put_dba __P((Dba *, unsigned int));
+
+void krb_print_principal __P((Principal *));
+
+#endif /* __kdb_locl_h */
diff --git a/crypto/kerberosIV/lib/kdb/kdc.h b/crypto/kerberosIV/lib/kdb/kdc.h
new file mode 100644
index 0000000..f404d11
--- /dev/null
+++ b/crypto/kerberosIV/lib/kdb/kdc.h
@@ -0,0 +1,34 @@
+/*
+ * $Id: kdc.h,v 1.8 1997/04/01 03:59:05 assar Exp $
+ *
+ * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * Include file for the Kerberos Key Distribution Center.
+ */
+
+#ifndef KDC_DEFS
+#define KDC_DEFS
+
+/* Don't depend on this! */
+#ifndef MKEYFILE
+#if 0
+#define MKEYFILE "/var/kerberos/master-key"
+#else
+#define MKEYFILE "/.k"
+#endif
+#endif
+#ifndef K_LOGFIL
+#define K_LOGFIL "/var/log/kpropd.log"
+#endif
+
+#define ONE_MINUTE 60
+#define FIVE_MINUTES (5 * ONE_MINUTE)
+#define ONE_HOUR (60 * ONE_MINUTE)
+#define ONE_DAY (24 * ONE_HOUR)
+#define THREE_DAYS (3 * ONE_DAY)
+
+#endif /* KDC_DEFS */
+
diff --git a/crypto/kerberosIV/lib/kdb/krb_cache.c b/crypto/kerberosIV/lib/kdb/krb_cache.c
new file mode 100644
index 0000000..ed4a5b1
--- /dev/null
+++ b/crypto/kerberosIV/lib/kdb/krb_cache.c
@@ -0,0 +1,189 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+/*
+ * This is where a cache would be implemented, if it were necessary.
+ */
+
+#include "kdb_locl.h"
+
+RCSID("$Id: krb_cache.c,v 1.6 1997/05/02 10:27:53 joda Exp $");
+
+#ifdef DEBUG
+extern int debug;
+extern long kerb_debug;
+#endif
+static int init = 0;
+
+/*
+ * initialization routine for cache
+ */
+
+int
+kerb_cache_init(void)
+{
+ init = 1;
+ return (0);
+}
+
+/*
+ * look up a principal in the cache returns number of principals found
+ */
+
+int
+kerb_cache_get_principal(char *serv, char *inst, Principal *principal, unsigned int max)
+ /* could have wild card */
+ /* could have wild card */
+
+ /* max number of name structs to return */
+
+{
+ int found = 0;
+
+ if (!init)
+ kerb_cache_init();
+#ifdef DEBUG
+ if (kerb_debug & 2)
+ fprintf(stderr, "cache_get_principal for %s %s max = %d\n",
+ serv, inst, max);
+#endif /* DEBUG */
+
+#ifdef DEBUG
+ if (kerb_debug & 2) {
+ if (found) {
+ fprintf(stderr, "cache get %s %s found %s %s sid = %d\n",
+ serv, inst, principal->name, principal->instance);
+ } else {
+ fprintf(stderr, "cache %s %s not found\n", serv,
+ inst);
+ }
+ }
+#endif
+ return (found);
+}
+
+/*
+ * insert/replace a principal in the cache returns number of principals
+ * inserted
+ */
+
+int
+kerb_cache_put_principal(Principal *principal, unsigned int max)
+
+ /* max number of principal structs to
+ * insert */
+
+{
+ u_long i;
+ int count = 0;
+
+ if (!init)
+ kerb_cache_init();
+
+#ifdef DEBUG
+ if (kerb_debug & 2) {
+ fprintf(stderr, "kerb_cache_put_principal max = %d",
+ max);
+ }
+#endif
+
+ for (i = 0; i < max; i++) {
+#ifdef DEBUG
+ if (kerb_debug & 2)
+ fprintf(stderr, "\n %s %s",
+ principal->name, principal->instance);
+#endif
+ /* DO IT */
+ count++;
+ principal++;
+ }
+ return count;
+}
+
+/*
+ * look up a dba in the cache returns number of dbas found
+ */
+
+int
+kerb_cache_get_dba(char *serv, char *inst, Dba *dba, unsigned int max)
+ /* could have wild card */
+ /* could have wild card */
+
+ /* max number of name structs to return */
+
+{
+ int found = 0;
+
+ if (!init)
+ kerb_cache_init();
+
+#ifdef DEBUG
+ if (kerb_debug & 2)
+ fprintf(stderr, "cache_get_dba for %s %s max = %d\n",
+ serv, inst, max);
+#endif
+
+#ifdef DEBUG
+ if (kerb_debug & 2) {
+ if (found) {
+ fprintf(stderr, "cache get %s %s found %s %s sid = %d\n",
+ serv, inst, dba->name, dba->instance);
+ } else {
+ fprintf(stderr, "cache %s %s not found\n", serv, inst);
+ }
+ }
+#endif
+ return (found);
+}
+
+/*
+ * insert/replace a dba in the cache returns number of dbas inserted
+ */
+
+int
+kerb_cache_put_dba(Dba *dba, unsigned int max)
+
+ /* max number of dba structs to insert */
+
+{
+ u_long i;
+ int count = 0;
+
+ if (!init)
+ kerb_cache_init();
+#ifdef DEBUG
+ if (kerb_debug & 2) {
+ fprintf(stderr, "kerb_cache_put_dba max = %d", max);
+ }
+#endif
+ for (i = 0; i < max; i++) {
+#ifdef DEBUG
+ if (kerb_debug & 2)
+ fprintf(stderr, "\n %s %s",
+ dba->name, dba->instance);
+#endif
+ /* DO IT */
+ count++;
+ dba++;
+ }
+ return count;
+}
+
diff --git a/crypto/kerberosIV/lib/kdb/krb_db.h b/crypto/kerberosIV/lib/kdb/krb_db.h
new file mode 100644
index 0000000..1a08b83
--- /dev/null
+++ b/crypto/kerberosIV/lib/kdb/krb_db.h
@@ -0,0 +1,137 @@
+/*
+ * $Id: krb_db.h,v 1.15 1996/12/17 20:34:32 assar Exp $
+ *
+ * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * spm Project Athena 8/85
+ *
+ * This file defines data structures for the kerberos
+ * authentication/authorization database.
+ *
+ * They MUST correspond to those defined in *.rel
+ */
+
+#ifndef KRB_DB_DEFS
+#define KRB_DB_DEFS
+
+#include <stdio.h>
+
+#define KERB_M_NAME "K" /* Kerberos */
+#define KERB_M_INST "M" /* Master */
+#define KERB_DEFAULT_NAME "default"
+#define KERB_DEFAULT_INST ""
+#ifndef DB_DIR
+#define DB_DIR "/var/kerberos"
+#endif
+#ifndef DBM_FILE
+#define DBM_FILE DB_DIR "/principal"
+#endif
+
+/* this also defines the number of queue headers */
+#define KERB_DB_HASH_MODULO 64
+
+
+/* Arguments to kerb_dbl_lock() */
+
+#define KERB_DBL_EXCLUSIVE 1
+#define KERB_DBL_SHARED 0
+
+/* arguments to kerb_db_set_lockmode() */
+
+#define KERB_DBL_BLOCKING 0
+#define KERB_DBL_NONBLOCKING 1
+
+/* arguments to kdb_get_master_key */
+
+#define KDB_GET_PROMPT 1
+#define KDB_GET_TWICE 2
+
+/* Principal defines the structure of a principal's name */
+
+typedef struct {
+ char name[ANAME_SZ];
+ char instance[INST_SZ];
+
+ u_int32_t key_low;
+ u_int32_t key_high;
+ u_int32_t exp_date;
+ char exp_date_txt[DATE_SZ];
+ u_int32_t mod_date;
+ char mod_date_txt[DATE_SZ];
+ u_int16_t attributes;
+ u_int8_t max_life;
+ u_int8_t kdc_key_ver;
+ u_int8_t key_version;
+
+ char mod_name[ANAME_SZ];
+ char mod_instance[INST_SZ];
+ char *old; /* cast to (Principal *); not in db,
+ * ptr to old vals */
+} Principal;
+
+typedef struct {
+ int32_t cpu;
+ int32_t elapsed;
+ int32_t dio;
+ int32_t pfault;
+ int32_t t_stamp;
+ int32_t n_retrieve;
+ int32_t n_replace;
+ int32_t n_append;
+ int32_t n_get_stat;
+ int32_t n_put_stat;
+} DB_stat;
+
+/* Dba defines the structure of a database administrator */
+
+typedef struct {
+ char name[ANAME_SZ];
+ char instance[INST_SZ];
+ u_int16_t attributes;
+ u_int32_t exp_date;
+ char exp_date_txt[DATE_SZ];
+ char *old; /*
+ * cast to (Dba *); not in db, ptr to
+ * old vals
+ */
+} Dba;
+
+typedef int (*k_iter_proc_t)(void*, Principal*);
+
+void copy_from_key __P((des_cblock in, u_int32_t *lo, u_int32_t *hi));
+void copy_to_key __P((u_int32_t *lo, u_int32_t *hi, des_cblock out));
+
+void kdb_encrypt_key __P((des_cblock *, des_cblock *, des_cblock *,
+ des_key_schedule, int));
+int kdb_get_master_key __P((int prompt, des_cblock *master_key,
+ des_key_schedule master_key_sched));
+int kdb_get_new_master_key __P((des_cblock *, des_key_schedule, int));
+int kdb_kstash __P((des_cblock *, char *));
+int kdb_new_get_master_key __P((des_cblock *, des_key_schedule));
+int kdb_new_get_new_master_key __P((des_cblock *key, des_key_schedule schedule, int verify));
+long kdb_verify_master_key __P((des_cblock *, des_key_schedule, FILE *));
+long *kerb_db_begin_update __P((void));
+int kerb_db_create __P((char *db_name));
+int kerb_db_delete_principal (char *name, char *inst);
+void kerb_db_end_update __P((long *db));
+int kerb_db_get_dba __P((char *, char *, Dba *, unsigned, int *));
+void kerb_db_get_stat __P((DB_stat *));
+int kerb_db_iterate __P((k_iter_proc_t, void*));
+int kerb_db_put_principal __P((Principal *, unsigned int));
+void kerb_db_put_stat __P((DB_stat *));
+int kerb_db_rename __P((char *, char *));
+int kerb_db_set_lockmode __P((int));
+int kerb_db_set_name __P((char *));
+int kerb_db_update __P((long *db, Principal *principal, unsigned int max));
+int kerb_delete_principal __P((char *name, char *inst));
+void kerb_fini __P((void));
+int kerb_get_dba __P((char *, char *, Dba *, unsigned int, int *));
+time_t kerb_get_db_age __P((void));
+int kerb_get_principal __P((char *, char *, Principal *, unsigned int, int *));
+int kerb_init __P((void));
+int kerb_put_principal __P((Principal *, unsigned int));
+
+#endif /* KRB_DB_DEFS */
diff --git a/crypto/kerberosIV/lib/kdb/krb_dbm.c b/crypto/kerberosIV/lib/kdb/krb_dbm.c
new file mode 100644
index 0000000..963656a
--- /dev/null
+++ b/crypto/kerberosIV/lib/kdb/krb_dbm.c
@@ -0,0 +1,823 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+#include "kdb_locl.h"
+
+RCSID("$Id: krb_dbm.c,v 1.27 1997/05/02 14:29:09 assar Exp $");
+
+#include <xdbm.h>
+
+#define KERB_DB_MAX_RETRY 5
+
+#ifdef DEBUG
+extern int debug;
+extern long kerb_debug;
+extern char *progname;
+#endif
+
+static int init = 0;
+static char default_db_name[] = DBM_FILE;
+static char *current_db_name = default_db_name;
+
+static struct timeval timestamp;/* current time of request */
+static int non_blocking = 0;
+
+/*
+ * This module contains all of the code which directly interfaces to
+ * the underlying representation of the Kerberos database; this
+ * implementation uses a DBM or NDBM indexed "file" (actually
+ * implemented as two separate files) to store the relations, plus a
+ * third file as a semaphore to allow the database to be replaced out
+ * from underneath the KDC server.
+ */
+
+/*
+ * Locking:
+ *
+ * There are two distinct locking protocols used. One is designed to
+ * lock against processes (the admin_server, for one) which make
+ * incremental changes to the database; the other is designed to lock
+ * against utilities (kdb_util, kpropd) which replace the entire
+ * database in one fell swoop.
+ *
+ * The first locking protocol is implemented using flock() in the
+ * krb_dbl_lock() and krb_dbl_unlock routines.
+ *
+ * The second locking protocol is necessary because DBM "files" are
+ * actually implemented as two separate files, and it is impossible to
+ * atomically rename two files simultaneously. It assumes that the
+ * database is replaced only very infrequently in comparison to the time
+ * needed to do a database read operation.
+ *
+ * A third file is used as a "version" semaphore; the modification
+ * time of this file is the "version number" of the database.
+ * At the start of a read operation, the reader checks the version
+ * number; at the end of the read operation, it checks again. If the
+ * version number changed, or if the semaphore was nonexistant at
+ * either time, the reader sleeps for a second to let things
+ * stabilize, and then tries again; if it does not succeed after
+ * KERB_DB_MAX_RETRY attempts, it gives up.
+ *
+ * On update, the semaphore file is deleted (if it exists) before any
+ * update takes place; at the end of the update, it is replaced, with
+ * a version number strictly greater than the version number which
+ * existed at the start of the update.
+ *
+ * If the system crashes in the middle of an update, the semaphore
+ * file is not automatically created on reboot; this is a feature, not
+ * a bug, since the database may be inconsistant. Note that the
+ * absence of a semaphore file does not prevent another _update_ from
+ * taking place later. Database replacements take place automatically
+ * only on slave servers; a crash in the middle of an update will be
+ * fixed by the next slave propagation. A crash in the middle of an
+ * update on the master would be somewhat more serious, but this would
+ * likely be noticed by an administrator, who could fix the problem and
+ * retry the operation.
+ */
+
+
+/*
+ * Utility routine: generate name of database file.
+ */
+
+static char *gen_dbsuffix (char *db_name, char *sfx);
+
+static char *
+gen_dbsuffix(char *db_name, char *sfx)
+{
+ char *dbsuffix;
+
+ if (sfx == NULL)
+ sfx = ".ok";
+
+ asprintf (&dbsuffix, "%s%s", db_name, sfx);
+ return dbsuffix;
+}
+
+static void
+decode_princ_key (datum *key, char *name, char *instance);
+
+static void
+decode_princ_key(datum *key, char *name, char *instance)
+{
+ strncpy(name, key->dptr, ANAME_SZ);
+ strncpy(instance, (char *)key->dptr + ANAME_SZ, INST_SZ);
+ name[ANAME_SZ - 1] = '\0';
+ instance[INST_SZ - 1] = '\0';
+}
+
+static void
+encode_princ_contents (datum *contents, Principal *principal);
+
+static void
+encode_princ_contents(datum *contents, Principal *principal)
+{
+ contents->dsize = sizeof(*principal);
+ contents->dptr = (char *) principal;
+}
+
+static void
+decode_princ_contents (datum *contents, Principal *principal)
+{
+ memcpy(principal, contents->dptr, sizeof(*principal));
+}
+
+static void
+encode_princ_key (datum *key, char *name, char *instance)
+{
+ static char keystring[ANAME_SZ + INST_SZ];
+
+ memset(keystring, 0, ANAME_SZ + INST_SZ);
+ strncpy(keystring, name, ANAME_SZ);
+ strncpy(&keystring[ANAME_SZ], instance, INST_SZ);
+ key->dptr = keystring;
+ key->dsize = ANAME_SZ + INST_SZ;
+}
+
+static int dblfd = -1; /* db LOCK fd */
+static int mylock = 0;
+static int inited = 0;
+
+static int
+kerb_dbl_init (void);
+
+static int
+kerb_dbl_init()
+{
+ if (!inited) {
+ char *filename = gen_dbsuffix (current_db_name, ".ok");
+ if ((dblfd = open(filename, O_RDWR)) < 0) {
+ fprintf(stderr, "kerb_dbl_init: couldn't open %s\n", filename);
+ fflush(stderr);
+ perror("open");
+ exit(1);
+ }
+ free(filename);
+ inited++;
+ }
+ return (0);
+}
+
+static void
+kerb_dbl_fini (void);
+
+static void
+kerb_dbl_fini()
+{
+ close(dblfd);
+ dblfd = -1;
+ inited = 0;
+ mylock = 0;
+}
+
+static int
+kerb_dbl_lock (int mode);
+
+static int
+kerb_dbl_lock(int mode)
+{
+ int flock_mode;
+
+ if (!inited)
+ kerb_dbl_init();
+ if (mylock) { /* Detect lock call when lock already
+ * locked */
+ fprintf(stderr, "Kerberos locking error (mylock)\n");
+ fflush(stderr);
+ exit(1);
+ }
+ switch (mode) {
+ case KERB_DBL_EXCLUSIVE:
+ flock_mode = K_LOCK_EX;
+ break;
+ case KERB_DBL_SHARED:
+ flock_mode = K_LOCK_SH;
+ break;
+ default:
+ fprintf(stderr, "invalid lock mode %d\n", mode);
+ abort();
+ }
+ if (non_blocking)
+ flock_mode |= K_LOCK_NB;
+
+ if (k_flock(dblfd, flock_mode) < 0)
+ return errno;
+ mylock++;
+ return 0;
+}
+
+static void kerb_dbl_unlock (void);
+
+static void
+kerb_dbl_unlock()
+{
+ if (!mylock) { /* lock already unlocked */
+ fprintf(stderr, "Kerberos database lock not locked when unlocking.\n");
+ fflush(stderr);
+ exit(1);
+ }
+ if (k_flock(dblfd, K_LOCK_UN) < 0) {
+ fprintf(stderr, "Kerberos database lock error. (unlocking)\n");
+ fflush(stderr);
+ perror("k_flock");
+ exit(1);
+ }
+ mylock = 0;
+}
+
+int
+kerb_db_set_lockmode (int mode);
+
+int
+kerb_db_set_lockmode(int mode)
+{
+ int old = non_blocking;
+ non_blocking = mode;
+ return old;
+}
+
+/*
+ * initialization for data base routines.
+ */
+
+int
+kerb_db_init (void);
+
+int
+kerb_db_init()
+{
+ init = 1;
+ return (0);
+}
+
+/*
+ * gracefully shut down database--must be called by ANY program that does
+ * a kerb_db_init
+ */
+
+void
+kerb_db_fini (void);
+
+void
+kerb_db_fini()
+{
+}
+
+/*
+ * Set the "name" of the current database to some alternate value.
+ *
+ * Passing a null pointer as "name" will set back to the default.
+ * If the alternate database doesn't exist, nothing is changed.
+ */
+
+int
+kerb_db_set_name (char *name);
+
+int
+kerb_db_set_name(char *name)
+{
+ DBM *db;
+
+ if (name == NULL)
+ name = default_db_name;
+ db = dbm_open(name, 0, 0);
+ if (db == NULL)
+ return errno;
+ dbm_close(db);
+ kerb_dbl_fini();
+ current_db_name = name;
+ return 0;
+}
+
+/*
+ * Return the last modification time of the database.
+ */
+
+time_t
+kerb_get_db_age (void);
+
+time_t
+kerb_get_db_age()
+{
+ struct stat st;
+ char *okname;
+ time_t age;
+
+ okname = gen_dbsuffix(current_db_name, ".ok");
+
+ if (stat (okname, &st) < 0)
+ age = 0;
+ else
+ age = st.st_mtime;
+
+ free (okname);
+ return age;
+}
+
+/*
+ * Remove the semaphore file; indicates that database is currently
+ * under renovation.
+ *
+ * This is only for use when moving the database out from underneath
+ * the server (for example, during slave updates).
+ */
+
+static time_t
+kerb_start_update (char *db_name);
+
+static time_t
+kerb_start_update(char *db_name)
+{
+ char *okname = gen_dbsuffix(db_name, ".ok");
+ time_t age = kerb_get_db_age();
+
+ if (unlink(okname) < 0
+ && errno != ENOENT) {
+ age = -1;
+ }
+ free (okname);
+ return age;
+}
+
+static int
+kerb_end_update (char *db_name, time_t age);
+
+static int
+kerb_end_update(char *db_name, time_t age)
+{
+ int fd;
+ int retval = 0;
+ char *new_okname = gen_dbsuffix(db_name, ".ok#");
+ char *okname = gen_dbsuffix(db_name, ".ok");
+
+ fd = open (new_okname, O_CREAT|O_RDWR|O_TRUNC, 0600);
+ if (fd < 0)
+ retval = errno;
+ else {
+ struct stat st;
+ struct utimbuf tv;
+ /* make sure that semaphore is "after" previous value. */
+ if (fstat (fd, &st) == 0
+ && st.st_mtime <= age) {
+ tv.actime = st.st_atime;
+ tv.modtime = age;
+ /* set times.. */
+ utime (new_okname, &tv);
+ fsync(fd);
+ }
+ close(fd);
+ if (rename (new_okname, okname) < 0)
+ retval = errno;
+ }
+
+ free (new_okname);
+ free (okname);
+
+ return retval;
+}
+
+static time_t
+kerb_start_read (void);
+
+static time_t
+kerb_start_read()
+{
+ return kerb_get_db_age();
+}
+
+static int kerb_end_read (time_t age);
+
+static int
+kerb_end_read(time_t age)
+{
+ if (kerb_get_db_age() != age || age == -1) {
+ return -1;
+ }
+ return 0;
+}
+
+/*
+ * Create the database, assuming it's not there.
+ */
+int
+kerb_db_create(char *db_name)
+{
+ char *okname = gen_dbsuffix(db_name, ".ok");
+ int fd;
+ int ret = 0;
+#ifdef NDBM
+ DBM *db;
+
+ db = dbm_open(db_name, O_RDWR|O_CREAT|O_EXCL, 0600);
+ if (db == NULL)
+ ret = errno;
+ else
+ dbm_close(db);
+#else
+ char *dirname = gen_dbsuffix(db_name, ".dir");
+ char *pagname = gen_dbsuffix(db_name, ".pag");
+
+ fd = open(dirname, O_RDWR|O_CREAT|O_EXCL, 0600);
+ if (fd < 0)
+ ret = errno;
+ else {
+ close(fd);
+ fd = open (pagname, O_RDWR|O_CREAT|O_EXCL, 0600);
+ if (fd < 0)
+ ret = errno;
+ else
+ close(fd);
+ }
+ if (dbminit(db_name) < 0)
+ ret = errno;
+#endif
+ if (ret == 0) {
+ fd = open (okname, O_CREAT|O_RDWR|O_TRUNC, 0600);
+ if (fd < 0)
+ ret = errno;
+ close(fd);
+ }
+ return ret;
+}
+
+/*
+ * "Atomically" rename the database in a way that locks out read
+ * access in the middle of the rename.
+ *
+ * Not perfect; if we crash in the middle of an update, we don't
+ * necessarily know to complete the transaction the rename, but...
+ */
+
+int
+kerb_db_rename(char *from, char *to)
+{
+#ifdef HAVE_NEW_DB
+ char *fromdb = gen_dbsuffix (from, ".db");
+ char *todb = gen_dbsuffix (to, ".db");
+#else
+ char *fromdir = gen_dbsuffix (from, ".dir");
+ char *todir = gen_dbsuffix (to, ".dir");
+ char *frompag = gen_dbsuffix (from , ".pag");
+ char *topag = gen_dbsuffix (to, ".pag");
+#endif
+ char *fromok = gen_dbsuffix(from, ".ok");
+ long trans = kerb_start_update(to);
+ int ok = 0;
+
+#ifdef HAVE_NEW_DB
+ if (rename (fromdb, todb) == 0) {
+ unlink (fromok);
+ ok = 1;
+ }
+ free (fromdb);
+ free (todb);
+#else
+ if ((rename (fromdir, todir) == 0)
+ && (rename (frompag, topag) == 0)) {
+ unlink (fromok);
+ ok = 1;
+ }
+ free (fromdir);
+ free (todir);
+ free (frompag);
+ free (topag);
+#endif
+ free (fromok);
+ if (ok)
+ return kerb_end_update(to, trans);
+ else
+ return -1;
+}
+
+int
+kerb_db_delete_principal (char *name, char *inst)
+{
+ DBM *db;
+ int try;
+ int done = 0;
+ int code;
+ datum key;
+
+ if(!init)
+ kerb_db_init();
+
+ for(try = 0; try < KERB_DB_MAX_RETRY; try++){
+ if((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0)
+ return -1;
+
+ db = dbm_open(current_db_name, O_RDWR, 0600);
+ if(db == NULL)
+ return -1;
+ encode_princ_key(&key, name, inst);
+ if(dbm_delete(db, key) == 0)
+ done = 1;
+
+ dbm_close(db);
+ kerb_dbl_unlock();
+ if(done)
+ break;
+ if(!non_blocking)
+ sleep(1);
+ }
+ if(!done)
+ return -1;
+ return 0;
+}
+
+
+/*
+ * look up a principal in the data base returns number of principals
+ * found , and whether there were more than requested.
+ */
+
+int
+kerb_db_get_principal (char *name, char *inst, Principal *principal,
+ unsigned int max, int *more)
+{
+ int found = 0, code;
+ int wildp, wildi;
+ datum key, contents;
+ char testname[ANAME_SZ], testinst[INST_SZ];
+ u_long trans;
+ int try;
+ DBM *db;
+
+ if (!init)
+ kerb_db_init(); /* initialize database routines */
+
+ for (try = 0; try < KERB_DB_MAX_RETRY; try++) {
+ trans = kerb_start_read();
+
+ if ((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0)
+ return -1;
+
+ db = dbm_open(current_db_name, O_RDONLY, 0600);
+
+ *more = 0;
+
+#ifdef DEBUG
+ if (kerb_debug & 2)
+ fprintf(stderr,
+ "%s: db_get_principal for %s %s max = %d",
+ progname, name, inst, max);
+#endif
+
+ wildp = !strcmp(name, "*");
+ wildi = !strcmp(inst, "*");
+
+ if (!wildi && !wildp) { /* nothing's wild */
+ encode_princ_key(&key, name, inst);
+ contents = dbm_fetch(db, key);
+ if (contents.dptr == NULL) {
+ found = 0;
+ goto done;
+ }
+ decode_princ_contents(&contents, principal);
+#ifdef DEBUG
+ if (kerb_debug & 1) {
+ fprintf(stderr, "\t found %s %s p_n length %d t_n length %d\n",
+ principal->name, principal->instance,
+ strlen(principal->name),
+ strlen(principal->instance));
+ }
+#endif
+ found = 1;
+ goto done;
+ }
+ /* process wild cards by looping through entire database */
+
+ for (key = dbm_firstkey(db); key.dptr != NULL;
+ key = dbm_next(db, key)) {
+ decode_princ_key(&key, testname, testinst);
+ if ((wildp || !strcmp(testname, name)) &&
+ (wildi || !strcmp(testinst, inst))) { /* have a match */
+ if (found >= max) {
+ *more = 1;
+ goto done;
+ } else {
+ found++;
+ contents = dbm_fetch(db, key);
+ decode_princ_contents(&contents, principal);
+#ifdef DEBUG
+ if (kerb_debug & 1) {
+ fprintf(stderr,
+ "\tfound %s %s p_n length %d t_n length %d\n",
+ principal->name, principal->instance,
+ strlen(principal->name),
+ strlen(principal->instance));
+ }
+#endif
+ principal++; /* point to next */
+ }
+ }
+ }
+
+ done:
+ kerb_dbl_unlock(); /* unlock read lock */
+ dbm_close(db);
+ if (kerb_end_read(trans) == 0)
+ break;
+ found = -1;
+ if (!non_blocking)
+ sleep(1);
+ }
+ return (found);
+}
+
+/* Use long * rather than DBM * so that the database structure is private */
+
+long *
+kerb_db_begin_update(void)
+{
+ int code;
+
+ gettimeofday(&timestamp, NULL);
+
+ if (!init)
+ kerb_db_init();
+
+ if ((code = kerb_dbl_lock(KERB_DBL_EXCLUSIVE)) != 0)
+ return 0;
+
+ return (long *) dbm_open(current_db_name, O_RDWR, 0600);
+}
+
+void
+kerb_db_end_update(long *db)
+{
+ dbm_close((DBM *)db);
+ kerb_dbl_unlock(); /* unlock database */
+}
+
+int
+kerb_db_update(long *db, Principal *principal, unsigned int max)
+{
+ int found = 0;
+ u_long i;
+ datum key, contents;
+
+#ifdef DEBUG
+ if (kerb_debug & 2)
+ fprintf(stderr, "%s: kerb_db_put_principal max = %d",
+ progname, max);
+#endif
+
+ /* for each one, stuff temps, and do replace/append */
+ for (i = 0; i < max; i++) {
+ encode_princ_contents(&contents, principal);
+ encode_princ_key(&key, principal->name, principal->instance);
+ dbm_store((DBM *)db, key, contents, DBM_REPLACE);
+#ifdef DEBUG
+ if (kerb_debug & 1) {
+ fprintf(stderr, "\n put %s %s\n",
+ principal->name, principal->instance);
+ }
+#endif
+ found++;
+ principal++; /* bump to next struct */
+ }
+ return found;
+}
+
+/*
+ * Update a name in the data base. Returns number of names
+ * successfully updated.
+ */
+
+int
+kerb_db_put_principal (Principal *principal, unsigned int max);
+
+int
+kerb_db_put_principal(Principal *principal,
+ unsigned max)
+
+{
+ int found;
+ long *db;
+
+ db = kerb_db_begin_update();
+ if (db == 0)
+ return -1;
+
+ found = kerb_db_update(db, principal, max);
+
+ kerb_db_end_update(db);
+ return (found);
+}
+
+void
+kerb_db_get_stat (DB_stat *s);
+
+void
+kerb_db_get_stat(DB_stat *s)
+{
+ gettimeofday(&timestamp, NULL);
+
+ s->cpu = 0;
+ s->elapsed = 0;
+ s->dio = 0;
+ s->pfault = 0;
+ s->t_stamp = timestamp.tv_sec;
+ s->n_retrieve = 0;
+ s->n_replace = 0;
+ s->n_append = 0;
+ s->n_get_stat = 0;
+ s->n_put_stat = 0;
+ /* update local copy too */
+}
+
+void
+kerb_db_put_stat (DB_stat *s);
+
+void
+kerb_db_put_stat(DB_stat *s)
+{
+}
+
+void
+delta_stat (DB_stat *a, DB_stat *b, DB_stat *c);
+
+void
+delta_stat(DB_stat *a, DB_stat *b, DB_stat *c)
+{
+ /* c = a - b then b = a for the next time */
+
+ c->cpu = a->cpu - b->cpu;
+ c->elapsed = a->elapsed - b->elapsed;
+ c->dio = a->dio - b->dio;
+ c->pfault = a->pfault - b->pfault;
+ c->t_stamp = a->t_stamp - b->t_stamp;
+ c->n_retrieve = a->n_retrieve - b->n_retrieve;
+ c->n_replace = a->n_replace - b->n_replace;
+ c->n_append = a->n_append - b->n_append;
+ c->n_get_stat = a->n_get_stat - b->n_get_stat;
+ c->n_put_stat = a->n_put_stat - b->n_put_stat;
+
+ memcpy(b, a, sizeof(DB_stat));
+ return;
+}
+
+/*
+ * look up a dba in the data base returns number of dbas found , and
+ * whether there were more than requested.
+ */
+
+int
+kerb_db_get_dba (char *dba_name, char *dba_inst, Dba *dba, unsigned int max, int *more);
+
+int
+kerb_db_get_dba(char *dba_name, char *dba_inst, Dba *dba,
+ unsigned max,
+ int *more)
+ /* could have wild card */
+ /* could have wild card */
+ /* max number of name structs to return */
+ /* where there more than 'max' tuples? */
+{
+ *more = 0;
+ return (0);
+}
+
+int
+kerb_db_iterate (k_iter_proc_t func, void *arg)
+{
+ datum key, contents;
+ Principal *principal;
+ int code;
+ DBM *db;
+
+ kerb_db_init(); /* initialize and open the database */
+ if ((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0)
+ return code;
+
+ db = dbm_open(current_db_name, O_RDONLY, 0600);
+
+ for (key = dbm_firstkey (db); key.dptr != NULL; key = dbm_next(db, key)) {
+ contents = dbm_fetch (db, key);
+ /* XXX may not be properly aligned */
+ principal = (Principal *) contents.dptr;
+ if ((code = (*func)(arg, principal)) != 0)
+ return code;
+ }
+ dbm_close(db);
+ kerb_dbl_unlock();
+ return 0;
+}
diff --git a/crypto/kerberosIV/lib/kdb/krb_kdb_utils.c b/crypto/kerberosIV/lib/kdb/krb_kdb_utils.c
new file mode 100644
index 0000000..f321e9f
--- /dev/null
+++ b/crypto/kerberosIV/lib/kdb/krb_kdb_utils.c
@@ -0,0 +1,261 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+/*
+ * Utility routines for Kerberos programs which directly access
+ * the database. This code was duplicated in too many places
+ * before I gathered it here.
+ *
+ * Jon Rochlis, MIT Telecom, March 1988
+ */
+
+#include "kdb_locl.h"
+
+#include <kdc.h>
+
+RCSID("$Id: krb_kdb_utils.c,v 1.23 1997/05/02 14:29:10 assar Exp $");
+
+/* always try /.k for backwards compatibility */
+static char *master_key_files[] = { MKEYFILE, "/.k", NULL };
+
+#ifdef HAVE_STRERROR
+#define k_strerror(e) strerror(e)
+#else
+static
+char *
+k_strerror(int eno)
+{
+ extern int sys_nerr;
+ extern char *sys_errlist[];
+
+ static char emsg[128];
+
+ if (eno < 0 || eno >= sys_nerr)
+ snprintf(emsg, sizeof(emsg), "Error %d occurred.", eno);
+ else
+ return sys_errlist[eno];
+
+ return emsg;
+}
+#endif
+
+int
+kdb_new_get_master_key(des_cblock *key, des_key_schedule schedule)
+{
+ int kfile;
+ int i;
+ char buf[1024];
+
+ char **mkey;
+
+ for(mkey = master_key_files; *mkey; mkey++){
+ kfile = open(*mkey, O_RDONLY);
+ if(kfile < 0 && errno != ENOENT)
+ fprintf(stderr, "Failed to open master key file \"%s\": %s\n",
+ *mkey,
+ k_strerror(errno));
+ if(kfile >= 0)
+ break;
+ }
+ if(*mkey){
+ int bytes;
+ bytes = read(kfile, (char*)key, sizeof(des_cblock));
+ close(kfile);
+ if(bytes == sizeof(des_cblock)){
+ des_key_sched(key, schedule);
+ return 0;
+ }
+ fprintf(stderr, "Could only read %d bytes from master key file %s\n",
+ bytes, *mkey);
+ }else{
+ fprintf(stderr, "No master key file found.\n");
+ }
+
+
+ i=0;
+ while(i < 3){
+ if(des_read_pw_string(buf, sizeof(buf), "Enter master password: ", 0))
+ break;
+
+ /* buffer now contains either an old format master key password or a
+ * new format base64 encoded master key
+ */
+
+ /* try to verify as old password */
+ des_string_to_key(buf, key);
+ des_key_sched(key, schedule);
+
+ if(kdb_verify_master_key(key, schedule, NULL) != -1){
+ memset(buf, 0, sizeof(buf));
+ return 0;
+ }
+
+ /* failed test, so must be base64 encoded */
+
+ if(base64_decode(buf, key) == 8){
+ des_key_sched(key, schedule);
+ if(kdb_verify_master_key(key, schedule, NULL) != -1){
+ memset(buf, 0, sizeof(buf));
+ return 0;
+ }
+ }
+
+ memset(buf, 0, sizeof(buf));
+ fprintf(stderr, "Failed to verify master key.\n");
+ i++;
+ }
+
+ /* life sucks */
+ fprintf(stderr, "You loose.\n");
+ exit(1);
+}
+
+int kdb_new_get_new_master_key(des_cblock *key, des_key_schedule schedule,
+ int verify)
+{
+#ifndef RANDOM_MKEY
+ des_read_password(key, "\nEnter Kerberos master password: ", verify);
+ printf ("\n");
+#else
+ char buf[1024];
+ des_generate_random_block (key);
+ des_key_sched(key, schedule);
+
+ des_read_pw_string(buf, sizeof(buf), "Enter master key seed: ", 0);
+ des_cbc_cksum((des_cblock*)buf, key, sizeof(buf), schedule, key);
+ memset(buf, 0, sizeof(buf));
+#endif
+ des_key_sched(key, schedule);
+ return 0;
+}
+
+int kdb_get_master_key(int prompt, des_cblock *master_key,
+ des_key_schedule master_key_sched)
+{
+ int ask = (prompt == KDB_GET_TWICE);
+#ifndef RANDOM_MKEY
+ ask |= (prompt == KDB_GET_PROMPT);
+#endif
+
+ if(ask)
+ kdb_new_get_new_master_key(master_key, master_key_sched,
+ prompt == KDB_GET_TWICE);
+ else
+ kdb_new_get_master_key(master_key, master_key_sched);
+ return 0;
+}
+
+int kdb_kstash(des_cblock *master_key, char *file)
+{
+ int kfile;
+ kfile = open(file, O_TRUNC | O_RDWR | O_CREAT, 0600);
+ if (kfile < 0) {
+ return -1;
+ }
+ if (write(kfile, master_key, sizeof(des_cblock)) != sizeof(des_cblock)) {
+ close(kfile);
+ return -1;
+ }
+ close(kfile);
+ return 0;
+}
+
+/* The old algorithm used the key schedule as the initial vector which
+ was byte order depedent ... */
+
+void
+kdb_encrypt_key (des_cblock (*in), des_cblock (*out),
+ des_cblock (*master_key),
+ des_key_schedule master_key_sched, int e_d_flag)
+{
+
+#ifdef NOENCRYPTION
+ memcpy(out, in, sizeof(des_cblock));
+#else
+ des_pcbc_encrypt(in,out,(long)sizeof(des_cblock),master_key_sched,master_key,
+ e_d_flag);
+#endif
+}
+
+/* The caller is reasponsible for cleaning up the master key and sched,
+ even if we can't verify the master key */
+
+/* Returns master key version if successful, otherwise -1 */
+
+long
+kdb_verify_master_key (des_cblock *master_key,
+ des_key_schedule master_key_sched,
+ FILE *out) /* NULL -> no output */
+{
+ des_cblock key_from_db;
+ Principal principal_data[1];
+ int n, more = 0;
+ long master_key_version;
+
+ /* lookup the master key version */
+ n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data,
+ 1 /* only one please */, &more);
+ if ((n != 1) || more) {
+ if (out != (FILE *) NULL)
+ fprintf(out,
+ "verify_master_key: %s, %d found.\n",
+ "Kerberos error on master key version lookup",
+ n);
+ return (-1);
+ }
+
+ master_key_version = (long) principal_data[0].key_version;
+
+ /* set up the master key */
+ if (out != (FILE *) NULL) /* should we punt this? */
+ fprintf(out, "Current Kerberos master key version is %d.\n",
+ principal_data[0].kdc_key_ver);
+
+ /*
+ * now use the master key to decrypt the key in the db, had better
+ * be the same!
+ */
+ copy_to_key(&principal_data[0].key_low,
+ &principal_data[0].key_high,
+ key_from_db);
+ kdb_encrypt_key (&key_from_db, &key_from_db,
+ master_key, master_key_sched, DES_DECRYPT);
+
+ /* the decrypted database key had better equal the master key */
+ n = memcmp(master_key, key_from_db, sizeof(master_key));
+ /* this used to zero the master key here! */
+ memset(key_from_db, 0, sizeof(key_from_db));
+ memset(principal_data, 0, sizeof (principal_data));
+
+ if (n && (out != (FILE *) NULL)) {
+ fprintf(out, "\n\07\07verify_master_key: Invalid master key; ");
+ fprintf(out, "does not match database.\n");
+ }
+ if(n)
+ return (-1);
+
+ if (out != (FILE *) NULL) {
+ fprintf(out, "\nMaster key entered. BEWARE!\07\07\n");
+ fflush(out);
+ }
+
+ return (master_key_version);
+}
diff --git a/crypto/kerberosIV/lib/kdb/krb_lib.c b/crypto/kerberosIV/lib/kdb/krb_lib.c
new file mode 100644
index 0000000..19bf316
--- /dev/null
+++ b/crypto/kerberosIV/lib/kdb/krb_lib.c
@@ -0,0 +1,259 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+#include "kdb_locl.h"
+
+RCSID("$Id: krb_lib.c,v 1.11 1997/05/07 01:36:08 assar Exp $");
+
+#ifdef DEBUG
+extern int debug;
+extern char *progname;
+long kerb_debug;
+#endif
+
+static int init = 0;
+
+/*
+ * initialization routine for data base
+ */
+
+int
+kerb_init(void)
+{
+#ifdef DEBUG
+ if (!init) {
+ char *dbg = getenv("KERB_DBG");
+ if (dbg)
+ sscanf(dbg, "%d", &kerb_debug);
+ init = 1;
+ }
+#endif
+ kerb_db_init();
+
+#ifdef CACHE
+ kerb_cache_init();
+#endif
+
+ /* successful init, return 0, else errcode */
+ return (0);
+}
+
+/*
+ * finalization routine for database -- NOTE: MUST be called by any
+ * program using kerb_init. ALSO will have to be modified to finalize
+ * caches, if they're ever really implemented.
+ */
+
+void
+kerb_fini(void)
+{
+ kerb_db_fini();
+}
+
+
+int
+kerb_delete_principal(char *name, char *inst)
+{
+ int ret;
+
+ if (!init)
+ kerb_init();
+
+ ret = kerb_db_delete_principal(name, inst);
+#ifdef CACHE
+ if(ret == 0){
+ kerb_cache_delete_principal(name, inst);
+ }
+#endif
+ return ret;
+}
+
+
+/*
+ * look up a principal in the cache or data base returns number of
+ * principals found
+ */
+
+int
+kerb_get_principal(char *name, char *inst, Principal *principal,
+ unsigned int max, int *more)
+ /* could have wild card */
+ /* could have wild card */
+
+ /* max number of name structs to return */
+ /* more tuples than room for */
+
+{
+ int found = 0;
+#ifdef CACHE
+ static int wild = 0;
+#endif
+ if (!init)
+ kerb_init();
+
+#ifdef DEBUG
+ if (kerb_debug & 1)
+ fprintf(stderr, "\n%s: kerb_get_principal for %s %s max = %d\n",
+ progname, name, inst, max);
+#endif
+
+ /*
+ * if this is a request including a wild card, have to go to db
+ * since the cache may not be exhaustive.
+ */
+
+ /* clear the principal area */
+ memset(principal, 0, max * sizeof(Principal));
+
+#ifdef CACHE
+ /*
+ * so check to see if the name contains a wildcard "*" or "?", not
+ * preceeded by a backslash.
+ */
+ wild = 0;
+ if (index(name, '*') || index(name, '?') ||
+ index(inst, '*') || index(inst, '?'))
+ wild = 1;
+
+ if (!wild) {
+ /* try the cache first */
+ found = kerb_cache_get_principal(name, inst, principal, max, more);
+ if (found)
+ return (found);
+ }
+#endif
+ /* If we didn't try cache, or it wasn't there, try db */
+ found = kerb_db_get_principal(name, inst, principal, max, more);
+ /* try to insert principal(s) into cache if it was found */
+#ifdef CACHE
+ if (found) {
+ kerb_cache_put_principal(principal, found);
+ }
+#endif
+ return (found);
+}
+
+/* principals */
+int
+kerb_put_principal(Principal *principal, unsigned int n)
+
+ /* number of principal structs to write */
+{
+ struct tm *tp;
+
+ /* set mod date */
+ principal->mod_date = time((time_t *)0);
+ /* and mod date string */
+
+ tp = k_localtime(&principal->mod_date);
+ snprintf(principal->mod_date_txt,
+ sizeof(principal->mod_date_txt),
+ "%4d-%2d-%2d",
+ tp->tm_year + 1900,
+ tp->tm_mon + 1, tp->tm_mday); /* January is 0, not 1 */
+#ifdef DEBUG
+ if (kerb_debug & 1) {
+ int i;
+ fprintf(stderr, "\nkerb_put_principal...");
+ for (i = 0; i < n; i++) {
+ krb_print_principal(&principal[i]);
+ }
+ }
+#endif
+ /* write database */
+ if (kerb_db_put_principal(principal, n) < 0) {
+#ifdef DEBUG
+ if (kerb_debug & 1)
+ fprintf(stderr, "\n%s: kerb_db_put_principal err", progname);
+ /* watch out for cache */
+#endif
+ return -1;
+ }
+#ifdef CACHE
+ /* write cache */
+ if (!kerb_cache_put_principal(principal, n)) {
+#ifdef DEBUG
+ if (kerb_debug & 1)
+ fprintf(stderr, "\n%s: kerb_cache_put_principal err", progname);
+#endif
+ return -1;
+ }
+#endif
+ return 0;
+}
+
+int
+kerb_get_dba(char *name, char *inst, Dba *dba, unsigned int max, int *more)
+ /* could have wild card */
+ /* could have wild card */
+
+ /* max number of name structs to return */
+ /* more tuples than room for */
+
+{
+ int found = 0;
+#ifdef CACHE
+ static int wild = 0;
+#endif
+ if (!init)
+ kerb_init();
+
+#ifdef DEBUG
+ if (kerb_debug & 1)
+ fprintf(stderr, "\n%s: kerb_get_dba for %s %s max = %d\n",
+ progname, name, inst, max);
+#endif
+ /*
+ * if this is a request including a wild card, have to go to db
+ * since the cache may not be exhaustive.
+ */
+
+ /* clear the dba area */
+ memset(dba, 0, max * sizeof(Dba));
+
+#ifdef CACHE
+ /*
+ * so check to see if the name contains a wildcard "*" or "?", not
+ * preceeded by a backslash.
+ */
+
+ wild = 0;
+ if (index(name, '*') || index(name, '?') ||
+ index(inst, '*') || index(inst, '?'))
+ wild = 1;
+
+ if (!wild) {
+ /* try the cache first */
+ found = kerb_cache_get_dba(name, inst, dba, max, more);
+ if (found)
+ return (found);
+ }
+#endif
+ /* If we didn't try cache, or it wasn't there, try db */
+ found = kerb_db_get_dba(name, inst, dba, max, more);
+#ifdef CACHE
+ /* try to insert dba(s) into cache if it was found */
+ if (found) {
+ kerb_cache_put_dba(dba, found);
+ }
+#endif
+ return (found);
+}
diff --git a/crypto/kerberosIV/lib/kdb/print_princ.c b/crypto/kerberosIV/lib/kdb/print_princ.c
new file mode 100644
index 0000000..786c5a9
--- /dev/null
+++ b/crypto/kerberosIV/lib/kdb/print_princ.c
@@ -0,0 +1,48 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+#include "kdb_locl.h"
+
+RCSID("$Id: print_princ.c,v 1.5 1997/05/07 01:37:13 assar Exp $");
+
+void
+krb_print_principal(Principal *a_n)
+{
+ struct tm *time_p;
+
+ /* run-time database does not contain string versions */
+ time_p = k_localtime(&(a_n->exp_date));
+
+ fprintf(stderr,
+ "\n%s %s expires %4d-%2d-%2d %2d:%2d, max_life %d*5 = %d min attr 0x%02x",
+ a_n->name, a_n->instance,
+ time_p->tm_year + 1900,
+ time_p->tm_mon + 1, time_p->tm_mday,
+ time_p->tm_hour, time_p->tm_min,
+ a_n->max_life, 5 * a_n->max_life, a_n->attributes);
+
+ fprintf(stderr,
+ "\n\tkey_ver %d k_low 0x%08lx k_high 0x%08lx akv %d exists %ld\n",
+ a_n->key_version, (long)a_n->key_low, (long)a_n->key_high,
+ a_n->kdc_key_ver, (long)a_n->old);
+
+ fflush(stderr);
+}
diff --git a/crypto/kerberosIV/lib/krb/Makefile.in b/crypto/kerberosIV/lib/krb/Makefile.in
new file mode 100644
index 0000000..8b34d65
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/Makefile.in
@@ -0,0 +1,269 @@
+#
+# $Id: Makefile.in,v 1.74 1997/05/19 03:03:05 assar Exp $
+#
+
+# Under SunOS-5.x it is necessary to link with -ldes to be binary compatible.
+LIBDES=`test -r /usr/lib/libkrb.so.1 && echo "-lresolv -L../des -ldes"; true`
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+CC = @CC@
+AR = ar
+RANLIB = @RANLIB@
+LN_S = @LN_S@
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@
+LD_FLAGS = @LD_FLAGS@
+EXECSUFFIX=@EXECSUFFIX@
+
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+COMPILE_ET = ../../util/et/compile_et$(EXECSUFFIX) -language ansi-c
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+
+PICFLAGS = @PICFLAGS@
+
+PROGS = sizetest$(EXEC_SUFFIX)
+LIBNAME = $(LIBPREFIX)krb
+LIBEXT = @LIBEXT@
+SHLIBEXT = @SHLIBEXT@
+LIBPREFIX = @LIBPREFIX@
+LDSHARED = @LDSHARED@
+LIB = $(LIBNAME).$(LIBEXT)
+
+SOURCES = cr_err_reply.c \
+ create_auth_reply.c \
+ create_ciph.c \
+ create_death_packet.c \
+ create_ticket.c \
+ dest_tkt.c \
+ get_in_tkt.c \
+ get_svc_in_tkt.c \
+ getrealm.c \
+ k_localtime.c \
+ krb_err_txt.c \
+ krb_get_in_tkt.c \
+ kuserok.c \
+ parse_name.c \
+ kntoln.c \
+ mk_auth.c \
+ krb_check_auth.c \
+ mk_err.c \
+ mk_safe.c \
+ rd_err.c \
+ rd_safe.c \
+ recvauth.c \
+ mk_priv.c \
+ rd_req.c \
+ decomp_ticket.c \
+ lifetime.c \
+ month_sname.c \
+ stime.c \
+ read_service_key.c \
+ getst.c \
+ sendauth.c \
+ netread.c \
+ netwrite.c \
+ rd_priv.c \
+ krb_equiv.c \
+ str2key.c \
+ get_ad_tkt.c \
+ mk_req.c \
+ get_cred.c \
+ get_tf_realm.c \
+ get_tf_fullname.c \
+ one.c \
+ save_credentials.c \
+ send_to_kdc.c \
+ get_host.c \
+ get_krbrlm.c \
+ k_gethostname.c \
+ tf_util.c \
+ debug_decl.c \
+ k_flock.c \
+ tkt_string.c \
+ getaddrs.c \
+ k_getsockinst.c \
+ k_getport.c \
+ lsb_addr_comp.c \
+ name2name.c \
+ get_default_principal.c \
+ realm_parse.c \
+ verify_user.c \
+ rw.c \
+ kdc_reply.c \
+ encrypt_ktext.c \
+ swab.c \
+ gettimeofday.c \
+ check_time.c \
+ krb_err.c \
+ et_list.c \
+ resolve.c \
+ unparse_name.c \
+ logging.c \
+ k_concat.c
+
+# these files reside in ../roken
+# snprintf.c \
+# strdup.c \
+# strtok_r.c \
+# strcasecmp.c
+
+OBJECTS = cr_err_reply.o \
+ create_auth_reply.o \
+ create_ciph.o \
+ create_death_packet.o \
+ create_ticket.o \
+ dest_tkt.o \
+ get_in_tkt.o \
+ get_svc_in_tkt.o \
+ getrealm.o \
+ k_localtime.o \
+ krb_err_txt.o \
+ krb_get_in_tkt.o \
+ kuserok.o \
+ parse_name.o \
+ kntoln.o \
+ mk_auth.o \
+ krb_check_auth.o \
+ mk_err.o \
+ mk_safe.o \
+ rd_err.o \
+ rd_safe.o \
+ recvauth.o \
+ mk_priv.o \
+ rd_req.o \
+ decomp_ticket.o \
+ lifetime.o \
+ month_sname.o \
+ stime.o \
+ read_service_key.o \
+ getst.o \
+ sendauth.o \
+ netread.o \
+ netwrite.o \
+ rd_priv.o \
+ krb_equiv.o \
+ str2key.o \
+ get_ad_tkt.o \
+ mk_req.o \
+ get_cred.o \
+ get_tf_realm.o \
+ get_tf_fullname.o \
+ one.o \
+ save_credentials.o \
+ send_to_kdc.o \
+ get_host.o \
+ get_krbrlm.o \
+ k_gethostname.o \
+ tf_util.o \
+ debug_decl.o \
+ k_flock.o \
+ tkt_string.o \
+ getaddrs.o \
+ k_getsockinst.o \
+ k_getport.o \
+ lsb_addr_comp.o \
+ name2name.o \
+ get_default_principal.o \
+ realm_parse.o \
+ verify_user.o \
+ rw.o \
+ kdc_reply.o \
+ encrypt_ktext.o \
+ swab.o \
+ gettimeofday.o \
+ check_time.o \
+ krb_err.o \
+ resolve.o \
+ unparse_name.o \
+ logging.o \
+ k_concat.o \
+ snprintf.o \
+ strdup.o \
+ strtok_r.o \
+ strcasecmp.o
+
+# This is only needed by some shared library implementations
+LDOBJ = et_list.o
+
+all: $(LIB) $(PROGS)
+
+Wall:
+ make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+ $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $<
+
+install: all
+ $(MKINSTALLDIRS) $(libdir)
+ $(INSTALL_DATA) -m 0555 $(LIB) $(libdir)
+
+uninstall:
+ rm -f $(libdir)/$(LIB)
+
+TAGS: $(SOURCES)
+ etags $(SOURCES)
+
+sizetest.o: sizetest.c
+ $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $<
+
+sizetest$(EXECSUFFIX): sizetest.o
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ sizetest.o
+
+check: sizetest$(EXECSUFFIX)
+ ./sizetest$(EXECSUFFIX)
+
+clean:
+ rm -f $(LIB) *.o *.a krb_err.c krb_err.h $(PROGS)
+
+mostlyclean: clean
+
+distclean: clean
+ rm -f Makefile *.tab.c *~
+
+realclean: distclean
+ rm -f TAGS
+
+dist: $(DISTFILES)
+ for file in $(DISTFILES); do \
+ ln $$file ../`cat ../.fname`/lib \
+ || cp -p $$file ../`cat ../.fname`/lib; \
+ done
+
+$(LIBNAME).a: $(OBJECTS)
+ rm -f $@
+ $(AR) cr $@ $(OBJECTS)
+ -$(RANLIB) $@
+
+$(LIBNAME).$(SHLIBEXT): $(OBJECTS) $(LDOBJ)
+ rm -f $@
+ $(LDSHARED) -o $@ $(OBJECTS) $(LDOBJ) $(LIBDES)
+
+krb_err.c krb_err.h: krb_err.et
+ test -r krb_err.et || (rm -f krb_err.et && $(LN_S) $(srcdir)/krb_err.et .)
+ $(COMPILE_ET) krb_err.et
+
+snprintf.c:
+ $(LN_S) $(srcdir)/../roken/snprintf.c .
+
+strdup.c:
+ $(LN_S) $(srcdir)/../roken/strdup.c .
+
+strtok_r.c:
+ $(LN_S) $(srcdir)/../roken/strtok_r.c .
+
+strcasecmp.c:
+ $(LN_S) $(srcdir)/../roken/strcasecmp.c .
+
+$(OBJECTS): ../../include/config.h
+$(OBJECTS): krb_locl.h krb.h krb_err.h
+one.o: ../../include/version.h
diff --git a/crypto/kerberosIV/lib/krb/check_time.c b/crypto/kerberosIV/lib/krb/check_time.c
new file mode 100644
index 0000000..3c3e6c0
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/check_time.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: check_time.c,v 1.4 1997/04/01 08:18:18 joda Exp $");
+
+int
+krb_check_tm (struct tm tm)
+{
+ return tm.tm_mon < 0
+ || tm.tm_mon > 11
+ || tm.tm_hour < 0
+ || tm.tm_hour > 23
+ || tm.tm_min < 0
+ || tm.tm_min > 59
+ || tm.tm_sec < 0
+ || tm.tm_sec > 59
+ || tm.tm_year < 1901
+ || tm.tm_year > 2038;
+}
diff --git a/crypto/kerberosIV/lib/krb/cr_err_reply.c b/crypto/kerberosIV/lib/krb/cr_err_reply.c
new file mode 100644
index 0000000..2c1956a
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/cr_err_reply.c
@@ -0,0 +1,99 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: cr_err_reply.c,v 1.9 1997/04/01 08:18:19 joda Exp $");
+
+/*
+ * This routine is used by the Kerberos authentication server to
+ * create an error reply packet to send back to its client.
+ *
+ * It takes a pointer to the packet to be built, the name, instance,
+ * and realm of the principal, the client's timestamp, an error code
+ * and an error string as arguments. Its return value is undefined.
+ *
+ * The packet is built in the following format:
+ *
+ * type variable data
+ * or constant
+ * ---- ----------- ----
+ *
+ * unsigned char req_ack_vno protocol version number
+ *
+ * unsigned char AUTH_MSG_ERR_REPLY protocol message type
+ *
+ * [least significant HOST_BYTE_ORDER sender's (server's) byte
+ * bit of above field] order
+ *
+ * string pname principal's name
+ *
+ * string pinst principal's instance
+ *
+ * string prealm principal's realm
+ *
+ * unsigned long time_ws client's timestamp
+ *
+ * unsigned long e error code
+ *
+ * string e_string error text
+ */
+
+void
+cr_err_reply(KTEXT pkt, char *pname, char *pinst, char *prealm,
+ u_int32_t time_ws, u_int32_t e, char *e_string)
+{
+ unsigned char *p = pkt->dat;
+
+ p += krb_put_int(KRB_PROT_VERSION, p, 1);
+ p += krb_put_int(AUTH_MSG_ERR_REPLY, p, 1);
+
+ if (pname == NULL) pname = "";
+ if (pinst == NULL) pinst = "";
+ if (prealm == NULL) prealm = "";
+
+ p += krb_put_nir(pname, pinst, prealm, p);
+
+ p += krb_put_int(time_ws, p, 4);
+
+ p += krb_put_int(e, p, 4);
+
+ p += krb_put_string(e_string, p);
+
+ pkt->length = p - pkt->dat;
+}
diff --git a/crypto/kerberosIV/lib/krb/create_auth_reply.c b/crypto/kerberosIV/lib/krb/create_auth_reply.c
new file mode 100644
index 0000000..4976c46
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/create_auth_reply.c
@@ -0,0 +1,131 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: create_auth_reply.c,v 1.11 1997/04/01 08:18:20 joda Exp $");
+
+/*
+ * This routine is called by the Kerberos authentication server
+ * to create a reply to an authentication request. The routine
+ * takes the user's name, instance, and realm, the client's
+ * timestamp, the number of tickets, the user's key version
+ * number and the ciphertext containing the tickets themselves.
+ * It constructs a packet and returns a pointer to it.
+ *
+ * Notes: The packet returned by this routine is static. Thus, if you
+ * intend to keep the result beyond the next call to this routine, you
+ * must copy it elsewhere.
+ *
+ * The packet is built in the following format:
+ *
+ * variable
+ * type or constant data
+ * ---- ----------- ----
+ *
+ * unsigned char KRB_PROT_VERSION protocol version number
+ *
+ * unsigned char AUTH_MSG_KDC_REPLY protocol message type
+ *
+ * [least significant HOST_BYTE_ORDER sender's (server's) byte
+ * bit of above field] order
+ *
+ * string pname principal's name
+ *
+ * string pinst principal's instance
+ *
+ * string prealm principal's realm
+ *
+ * unsigned long time_ws client's timestamp
+ *
+ * unsigned char n number of tickets
+ *
+ * unsigned long x_date expiration date
+ *
+ * unsigned char kvno master key version
+ *
+ * short w_1 cipher length
+ *
+ * --- cipher->dat cipher data
+ */
+
+KTEXT
+create_auth_reply(char *pname, /* Principal's name */
+ char *pinst, /* Principal's instance */
+ char *prealm, /* Principal's authentication domain */
+ int32_t time_ws, /* Workstation time */
+ int n, /* Number of tickets */
+ u_int32_t x_date, /* Principal's expiration date */
+ int kvno, /* Principal's key version number */
+ KTEXT cipher) /* Cipher text with tickets and session keys */
+{
+ static KTEXT_ST pkt_st;
+ KTEXT pkt = &pkt_st;
+
+ unsigned char *p = pkt->dat;
+
+ p += krb_put_int(KRB_PROT_VERSION, p, 1);
+ p += krb_put_int(AUTH_MSG_KDC_REPLY, p, 1);
+
+ if(n != 0){
+ /* barf on old code */
+ krb_warning("create_auth_reply: don't give me no krb3 crap!"
+ " (n == %d)\n", n);
+ return NULL;
+ }
+
+
+ p += krb_put_nir(pname, pinst, prealm, p);
+
+ p += krb_put_int(time_ws, p, 4);
+
+ p += krb_put_int(n, p, 1);
+
+ p += krb_put_int(x_date, p, 4);
+
+ p += krb_put_int(kvno, p, 1);
+
+ p += krb_put_int(cipher->length, p, 2);
+
+ memcpy(p, cipher->dat, cipher->length);
+ p += cipher->length;
+
+ pkt->length = p - pkt->dat;
+
+ return pkt;
+}
diff --git a/crypto/kerberosIV/lib/krb/create_ciph.c b/crypto/kerberosIV/lib/krb/create_ciph.c
new file mode 100644
index 0000000..27d27ff
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/create_ciph.c
@@ -0,0 +1,117 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: create_ciph.c,v 1.9 1997/04/01 08:18:20 joda Exp $");
+
+/*
+ * This routine is used by the authentication server to create
+ * a packet for its client, containing a ticket for the requested
+ * service (given in "tkt"), and some information about the ticket,
+ *
+ * Returns KSUCCESS no matter what.
+ *
+ * The length of the cipher is stored in c->length; the format of
+ * c->dat is as follows:
+ *
+ * variable
+ * type or constant data
+ * ---- ----------- ----
+ *
+ *
+ * 8 bytes session session key for client, service
+ *
+ * string service service name
+ *
+ * string instance service instance
+ *
+ * string realm KDC realm
+ *
+ * unsigned char life ticket lifetime
+ *
+ * unsigned char kvno service key version number
+ *
+ * unsigned char tkt->length length of following ticket
+ *
+ * data tkt->dat ticket for service
+ *
+ * 4 bytes kdc_time KDC's timestamp
+ *
+ * <=7 bytes null null pad to 8 byte multiple
+ *
+ */
+
+int
+create_ciph(KTEXT c, /* Text block to hold ciphertext */
+ unsigned char *session, /* Session key to send to user */
+ char *service, /* Service name on ticket */
+ char *instance, /* Instance name on ticket */
+ char *realm, /* Realm of this KDC */
+ u_int32_t life, /* Lifetime of the ticket */
+ int kvno, /* Key version number for service */
+ KTEXT tkt, /* The ticket for the service */
+ u_int32_t kdc_time, /* KDC time */
+ des_cblock *key) /* Key to encrypt ciphertext with */
+
+{
+ unsigned char *p = c->dat;
+
+ memset(c, 0, sizeof(KTEXT_ST));
+
+ memcpy(p, session, 8);
+ p += 8;
+
+ p += krb_put_nir(service, instance, realm, p);
+
+ p += krb_put_int(life, p, 1);
+ p += krb_put_int(kvno, p, 1);
+
+ p += krb_put_int(tkt->length, p, 1);
+
+ memcpy(p, tkt->dat, tkt->length);
+ p += tkt->length;
+
+ p += krb_put_int(kdc_time, p, 4);
+
+ /* multiple of eight bytes */
+ c->length = (p - c->dat + 7) & ~7;
+
+ encrypt_ktext(c, key, DES_ENCRYPT);
+ return KSUCCESS;
+}
diff --git a/crypto/kerberosIV/lib/krb/create_death_packet.c b/crypto/kerberosIV/lib/krb/create_death_packet.c
new file mode 100644
index 0000000..f74ba30
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/create_death_packet.c
@@ -0,0 +1,85 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: create_death_packet.c,v 1.8 1997/04/01 08:18:21 joda Exp $");
+
+/*
+ * This routine creates a packet to type AUTH_MSG_DIE which is sent to
+ * the Kerberos server to make it shut down. It is used only in the
+ * development environment.
+ *
+ * It takes a string "a_name" which is sent in the packet. A pointer
+ * to the packet is returned.
+ *
+ * The format of the killer packet is:
+ *
+ * type variable data
+ * or constant
+ * ---- ----------- ----
+ *
+ * unsigned char KRB_PROT_VERSION protocol version number
+ *
+ * unsigned char AUTH_MSG_DIE message type
+ *
+ * [least significant HOST_BYTE_ORDER byte order of sender
+ * bit of above field]
+ *
+ * string a_name presumably, name of
+ * principal sending killer
+ * packet
+ */
+
+#ifdef DEBUG
+KTEXT
+krb_create_death_packet(char *a_name)
+{
+ static KTEXT_ST pkt_st;
+ KTEXT pkt = &pkt_st;
+
+ unsigned char *p = pkt->dat;
+
+ p += krb_put_int(KRB_PROT_VERSION, p, 1);
+ p += krb_put_int(AUTH_MSG_DIE, p, 1);
+
+ p += krb_put_string(a_name, p);
+ pkt->length = p - pkt->dat;
+ return pkt;
+}
+#endif /* DEBUG */
diff --git a/crypto/kerberosIV/lib/krb/create_ticket.c b/crypto/kerberosIV/lib/krb/create_ticket.c
new file mode 100644
index 0000000..b469232
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/create_ticket.c
@@ -0,0 +1,134 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: create_ticket.c,v 1.12 1997/04/01 08:18:21 joda Exp $");
+
+/*
+ * Create ticket takes as arguments information that should be in a
+ * ticket, and the KTEXT object in which the ticket should be
+ * constructed. It then constructs a ticket and returns, leaving the
+ * newly created ticket in tkt.
+ * The length of the ticket is a multiple of
+ * eight bytes and is in tkt->length.
+ *
+ * If the ticket is too long, the ticket will contain nulls.
+ *
+ * The corresponding routine to extract information from a ticket it
+ * decomp_ticket. When changes are made to this routine, the
+ * corresponding changes should also be made to that file.
+ *
+ * The packet is built in the following format:
+ *
+ * variable
+ * type or constant data
+ * ---- ----------- ----
+ *
+ * tkt->length length of ticket (multiple of 8 bytes)
+ *
+ * tkt->dat:
+ *
+ * unsigned char flags namely, HOST_BYTE_ORDER
+ *
+ * string pname client's name
+ *
+ * string pinstance client's instance
+ *
+ * string prealm client's realm
+ *
+ * 4 bytes paddress client's address
+ *
+ * 8 bytes session session key
+ *
+ * 1 byte life ticket lifetime
+ *
+ * 4 bytes time_sec KDC timestamp
+ *
+ * string sname service's name
+ *
+ * string sinstance service's instance
+ *
+ * <=7 bytes null null pad to 8 byte multiple
+ *
+ */
+
+int
+krb_create_ticket(KTEXT tkt, /* Gets filled in by the ticket */
+ unsigned char flags, /* Various Kerberos flags */
+ char *pname, /* Principal's name */
+ char *pinstance, /* Principal's instance */
+ char *prealm, /* Principal's authentication domain */
+ int32_t paddress, /* Net address of requesting entity */
+ void *session, /* Session key inserted in ticket */
+ int16_t life, /* Lifetime of the ticket */
+ int32_t time_sec, /* Issue time and date */
+ char *sname, /* Service Name */
+ char *sinstance, /* Instance Name */
+ des_cblock *key) /* Service's secret key */
+{
+ unsigned char *p = tkt->dat;
+
+ memset(tkt, 0, sizeof(KTEXT_ST));
+
+ p += krb_put_int(flags, p, 1);
+ p += krb_put_nir(pname, pinstance, prealm, p);
+
+ p += krb_put_address(paddress, p);
+
+ memcpy(p, session, 8);
+ p += 8;
+
+ p += krb_put_int(life, p, 1);
+ p += krb_put_int(time_sec, p, 4);
+
+ p += krb_put_nir(sname, sinstance, NULL, p);
+
+ /* multiple of eight bytes */
+ tkt->length = (p - tkt->dat + 7) & ~7;
+
+ /* Check length of ticket */
+ if (tkt->length > (sizeof(KTEXT_ST) - 7)) {
+ memset(tkt->dat, 0, tkt->length);
+ tkt->length = 0;
+ return KFAILURE /* XXX */;
+ }
+
+ encrypt_ktext(tkt, key, DES_ENCRYPT);
+ return KSUCCESS;
+}
diff --git a/crypto/kerberosIV/lib/krb/debug_decl.c b/crypto/kerberosIV/lib/krb/debug_decl.c
new file mode 100644
index 0000000..5358bcb
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/debug_decl.c
@@ -0,0 +1,29 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: debug_decl.c,v 1.6 1997/03/23 03:53:07 joda Exp $");
+
+/* Declare global debugging variables. */
+
+int krb_ap_req_debug = 0;
+int krb_debug = 0;
diff --git a/crypto/kerberosIV/lib/krb/decomp_ticket.c b/crypto/kerberosIV/lib/krb/decomp_ticket.c
new file mode 100644
index 0000000..8e556a3
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/decomp_ticket.c
@@ -0,0 +1,119 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: decomp_ticket.c,v 1.16 1997/04/01 08:18:22 joda Exp $");
+
+/*
+ * This routine takes a ticket and pointers to the variables that
+ * should be filled in based on the information in the ticket. It
+ * fills in values for its arguments.
+ *
+ * The routine returns KFAILURE if any of the "pname", "pinstance",
+ * or "prealm" fields is too big, otherwise it returns KSUCCESS.
+ *
+ * The corresponding routine to generate tickets is create_ticket.
+ * When changes are made to this routine, the corresponding changes
+ * should also be made to that file.
+ *
+ * See create_ticket.c for the format of the ticket packet.
+ */
+
+int
+decomp_ticket(KTEXT tkt, /* The ticket to be decoded */
+ unsigned char *flags, /* Kerberos ticket flags */
+ char *pname, /* Authentication name */
+ char *pinstance, /* Principal's instance */
+ char *prealm, /* Principal's authentication domain */
+ u_int32_t *paddress,/* Net address of entity requesting ticket */
+ unsigned char *session, /* Session key inserted in ticket */
+ int *life, /* Lifetime of the ticket */
+ u_int32_t *time_sec, /* Issue time and date */
+ char *sname, /* Service name */
+ char *sinstance, /* Service instance */
+ des_cblock *key, /* Service's secret key (to decrypt the ticket) */
+ des_key_schedule schedule) /* The precomputed key schedule */
+
+{
+ unsigned char *p = tkt->dat;
+
+ int little_endian;
+
+ des_pcbc_encrypt((des_cblock *)tkt->dat, (des_cblock *)tkt->dat,
+ tkt->length, schedule, key, DES_DECRYPT);
+
+ tkt->mbz = 0;
+
+ *flags = *p++;
+
+ little_endian = (*flags >> K_FLAG_ORDER) & 1;
+
+ if(strlen((char*)p) > ANAME_SZ)
+ return KFAILURE;
+ p += krb_get_string(p, pname);
+
+ if(strlen((char*)p) > INST_SZ)
+ return KFAILURE;
+ p += krb_get_string(p, pinstance);
+
+ if(strlen((char*)p) > REALM_SZ)
+ return KFAILURE;
+ p += krb_get_string(p, prealm);
+
+ if(tkt->length - (p - tkt->dat) < 8 + 1 + 4)
+ return KFAILURE;
+ p += krb_get_address(p, paddress);
+
+ memcpy(session, p, 8);
+ p += 8;
+
+ *life = *p++;
+
+ p += krb_get_int(p, time_sec, 4, little_endian);
+
+ if(strlen((char*)p) > SNAME_SZ)
+ return KFAILURE;
+ p += krb_get_string(p, sname);
+
+ if(strlen((char*)p) > INST_SZ)
+ return KFAILURE;
+ p += krb_get_string(p, sinstance);
+
+ return KSUCCESS;
+}
diff --git a/crypto/kerberosIV/lib/krb/dest_tkt.c b/crypto/kerberosIV/lib/krb/dest_tkt.c
new file mode 100644
index 0000000..0487e6b
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/dest_tkt.c
@@ -0,0 +1,82 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: dest_tkt.c,v 1.11 1997/05/19 03:03:40 assar Exp $");
+
+/*
+ * dest_tkt() is used to destroy the ticket store upon logout.
+ * If the ticket file does not exist, dest_tkt() returns RET_TKFIL.
+ * Otherwise the function returns RET_OK on success, KFAILURE on
+ * failure.
+ *
+ * The ticket file (TKT_FILE) is defined in "krb.h".
+ */
+
+int
+dest_tkt(void)
+{
+ char *file = TKT_FILE;
+ int i,fd;
+ struct stat statb;
+ char buf[BUFSIZ];
+
+ errno = 0;
+ if (
+#ifdef HAVE_LSTAT
+ lstat
+#else
+ stat
+#endif
+ (file, &statb) < 0)
+ goto out;
+
+ if (!(statb.st_mode & S_IFREG)
+#ifdef notdef
+ || statb.st_mode & 077
+#endif
+ )
+ goto out;
+
+ if ((fd = open(file, O_RDWR, 0)) < 0)
+ goto out;
+
+ memset(buf, 0, BUFSIZ);
+
+ for (i = 0; i < statb.st_size; i += sizeof(buf))
+ if (write(fd, buf, sizeof(buf)) != sizeof(buf)) {
+ fsync(fd);
+ close(fd);
+ goto out;
+ }
+
+
+ fsync(fd);
+ close(fd);
+
+ unlink(file);
+
+out:
+ if (errno == ENOENT) return RET_TKFIL;
+ else if (errno != 0) return KFAILURE;
+ return(KSUCCESS);
+}
diff --git a/crypto/kerberosIV/lib/krb/dllmain.c b/crypto/kerberosIV/lib/krb/dllmain.c
new file mode 100644
index 0000000..e98b7dc
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/dllmain.c
@@ -0,0 +1,128 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* dllmain.c - main function to krb4.dll
+ * Author: J Karlsson <d93-jka@nada.kth.se>
+ * Date: June 1996
+ */
+
+#include "krb_locl.h"
+#include "ticket_memory.h"
+#include <Windows.h>
+
+RCSID("$Id: dllmain.c,v 1.6 1997/05/02 14:29:13 assar Exp $");
+
+void
+msg(char *text, int error)
+{
+ char *buf;
+
+ asprintf (&buf, "%s\nAn error of type: %d", text, error);
+
+ MessageBox(GetActiveWindow(),
+ buf ? buf : "can't tell you",
+ "kerberos message",
+ MB_OK|MB_APPLMODAL);
+ free (buf);
+}
+
+BOOL WINAPI
+DllMain (HANDLE hInst,
+ ULONG reason,
+ LPVOID lpReserved)
+{
+ WORD wVersionRequested;
+ WSADATA wsaData;
+ PROCESS_INFORMATION p;
+ int err;
+
+ switch(reason){
+ case DLL_PROCESS_ATTACH:
+ wVersionRequested = MAKEWORD(1, 1);
+ err = WSAStartup(wVersionRequested, &wsaData);
+ if (err != 0)
+ {
+ /* Tell the user that we couldn't find a useable */
+ /* winsock.dll. */
+ msg("Cannot find winsock.dll", err);
+ return FALSE;
+ }
+ if(newTktMem(0) != KSUCCESS)
+ {
+ /* Tell the user that we couldn't alloc shared memory. */
+ msg("Cannot allocate shared ticket memory", GetLastError());
+ return FALSE;
+ }
+ if(GetLastError() != ERROR_ALREADY_EXISTS)
+ {
+ STARTUPINFO s =
+ {
+ sizeof(s),
+ 0,
+ 0,
+ 0,
+ 0,0,
+ 0,0,
+ 0,0,
+ 0,
+ 0,
+ 0,
+ 0,0,
+ 0,0,0};
+
+ s.dwFlags = STARTF_USESHOWWINDOW;
+ s.wShowWindow = SW_HIDE;
+ if(!CreateProcess(0,"krbmanager",
+ 0,0,FALSE,0,0,
+ 0,&s, &p))
+ {
+ msg("Unable to create kerberos manager process.\n"
+ "Make sure krbmanager.exe is in your PATH.",
+ GetLastError());
+ return FALSE;
+ }
+ }
+ break;
+ case DLL_PROCESS_DETACH:
+ freeTktMem(0);
+ WSACleanup();
+ break;
+ }
+
+ return TRUE;
+}
diff --git a/crypto/kerberosIV/lib/krb/encrypt_ktext.c b/crypto/kerberosIV/lib/krb/encrypt_ktext.c
new file mode 100644
index 0000000..d97fcc7
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/encrypt_ktext.c
@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: encrypt_ktext.c,v 1.4 1997/04/01 08:18:26 joda Exp $");
+
+void
+encrypt_ktext(KTEXT cip, des_cblock *key, int encrypt)
+{
+ des_key_schedule schedule;
+ des_set_key(key, schedule);
+ des_pcbc_encrypt((des_cblock*)cip->dat, (des_cblock*)cip->dat,
+ cip->length, schedule, key, encrypt);
+ memset(schedule, 0, sizeof(des_key_schedule));
+}
diff --git a/crypto/kerberosIV/lib/krb/et_list.c b/crypto/kerberosIV/lib/krb/et_list.c
new file mode 100644
index 0000000..69d1c89
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/et_list.c
@@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * This is a hack to resolve the reference to _et_list when making a
+ * shared library under Psoriasis and possibly other systems. Presumably
+ * they define __ELF__, some people say Linux does so.
+ */
+
+#include "config.h"
+
+RCSID("$Id: et_list.c,v 1.12 1997/05/13 09:45:01 bg Exp $");
+
+struct et_list {
+ struct et_list *next;
+ const struct error_table *table;
+};
+
+#if defined(__GNUC__)
+
+#ifdef __FreeBSD__
+asm(".globl __et_list"); /* FreeBSD bug workaround */
+#endif
+struct et_list * _et_list __attribute__ ((weak)) = 0;
+
+#else /* !__GNUC__ */
+
+#ifdef HAVE_PRAGMA_WEAK
+
+#pragma weak _et_list = __et_list
+struct et_list * __et_list = 0;
+
+#else /* !HAVE_PRAGMA_WEAK */
+
+struct et_list * _et_list = 0;
+
+#endif /* !HAVE_PRAGMA_WEAK */
+
+#endif /* !__GNUC__ */
diff --git a/crypto/kerberosIV/lib/krb/get_ad_tkt.c b/crypto/kerberosIV/lib/krb/get_ad_tkt.c
new file mode 100644
index 0000000..9590760
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/get_ad_tkt.c
@@ -0,0 +1,190 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: get_ad_tkt.c,v 1.16 1997/05/30 17:43:34 bg Exp $");
+
+/*
+ * get_ad_tkt obtains a new service ticket from Kerberos, using
+ * the ticket-granting ticket which must be in the ticket file.
+ * It is typically called by krb_mk_req() when the client side
+ * of an application is creating authentication information to be
+ * sent to the server side.
+ *
+ * get_ad_tkt takes four arguments: three pointers to strings which
+ * contain the name, instance, and realm of the service for which the
+ * ticket is to be obtained; and an integer indicating the desired
+ * lifetime of the ticket.
+ *
+ * It returns an error status if the ticket couldn't be obtained,
+ * or AD_OK if all went well. The ticket is stored in the ticket
+ * cache.
+ *
+ * The request sent to the Kerberos ticket-granting service looks
+ * like this:
+ *
+ * pkt->dat
+ *
+ * TEXT original contents of authenticator+ticket
+ * pkt->dat built in krb_mk_req call
+ *
+ * 4 bytes time_ws always 0 (?)
+ * char lifetime lifetime argument passed
+ * string service service name argument
+ * string sinstance service instance arg.
+ *
+ * See "prot.h" for the reply packet layout and definitions of the
+ * extraction macros like pkt_version(), pkt_msg_type(), etc.
+ */
+
+int
+get_ad_tkt(char *service, char *sinstance, char *realm, int lifetime)
+{
+ static KTEXT_ST pkt_st;
+ KTEXT pkt = & pkt_st; /* Packet to KDC */
+ static KTEXT_ST rpkt_st;
+ KTEXT rpkt = &rpkt_st; /* Returned packet */
+
+ CREDENTIALS cr;
+ char lrealm[REALM_SZ];
+ u_int32_t time_ws = 0;
+ int kerror;
+ unsigned char *p;
+
+ /*
+ * First check if we have a "real" TGT for the corresponding
+ * realm, if we don't, use ordinary inter-realm authentication.
+ */
+
+ kerror = krb_get_cred(KRB_TICKET_GRANTING_TICKET, realm, realm, &cr);
+ if (kerror == KSUCCESS)
+ strncpy(lrealm, realm, REALM_SZ);
+ else
+ kerror = krb_get_tf_realm(TKT_FILE, lrealm);
+
+ if (kerror != KSUCCESS)
+ return(kerror);
+
+ /*
+ * Look for the session key (and other stuff we don't need)
+ * in the ticket file for krbtgt.realm@lrealm where "realm"
+ * is the service's realm (passed in "realm" argument) and
+ * lrealm is the realm of our initial ticket. If we don't
+ * have this, we will try to get it.
+ */
+
+ if ((kerror = krb_get_cred(KRB_TICKET_GRANTING_TICKET,
+ realm, lrealm, &cr)) != KSUCCESS) {
+ /*
+ * If realm == lrealm, we have no hope, so let's not even try.
+ */
+ if ((strncmp(realm, lrealm, REALM_SZ)) == 0)
+ return(AD_NOTGT);
+ else{
+ if ((kerror =
+ get_ad_tkt(KRB_TICKET_GRANTING_TICKET,
+ realm, lrealm, lifetime)) != KSUCCESS)
+ if (kerror == KDC_PR_UNKNOWN)
+ return(AD_INTR_RLM_NOTGT);
+ else
+ return(kerror);
+ if ((kerror = krb_get_cred(KRB_TICKET_GRANTING_TICKET,
+ realm, lrealm, &cr)) != KSUCCESS)
+ return(kerror);
+ }
+ }
+
+ /*
+ * Make up a request packet to the "krbtgt.realm@lrealm".
+ * Start by calling krb_mk_req() which puts ticket+authenticator
+ * into "pkt". Then tack other stuff on the end.
+ */
+
+ kerror = krb_mk_req(pkt,
+ KRB_TICKET_GRANTING_TICKET,
+ realm,lrealm,0L);
+
+ if (kerror)
+ return(AD_NOTGT);
+
+ p = pkt->dat + pkt->length;
+
+ p += krb_put_int(time_ws, p, 4);
+ p += krb_put_int(lifetime, p, 1);
+ p += krb_put_nir(service, sinstance, NULL, p);
+
+ pkt->length = p - pkt->dat;
+ rpkt->length = 0;
+
+ /* Send the request to the local ticket-granting server */
+ if ((kerror = send_to_kdc(pkt, rpkt, realm))) return(kerror);
+
+ /* check packet version of the returned packet */
+
+ {
+ KTEXT_ST cip;
+ CREDENTIALS cred;
+ struct timeval tv;
+
+ kerror = kdc_reply_cipher(rpkt, &cip);
+ if(kerror != KSUCCESS)
+ return kerror;
+
+ encrypt_ktext(&cip, &cr.session, DES_DECRYPT);
+
+ kerror = kdc_reply_cred(&cip, &cred);
+ if(kerror != KSUCCESS)
+ return kerror;
+
+ if (strcmp(cred.service, service) || strcmp(cred.instance, sinstance) ||
+ strcmp(cred.realm, realm)) /* not what we asked for */
+ return INTK_ERR; /* we need a better code here XXX */
+
+ gettimeofday(&tv, NULL);
+ if (abs((int)(tv.tv_sec - cred.issue_date)) > CLOCK_SKEW) {
+ return RD_AP_TIME; /* XXX should probably be better code */
+ }
+
+
+ kerror = save_credentials(cred.service, cred.instance, cred.realm,
+ cred.session, cred.lifetime, cred.kvno,
+ &cred.ticket_st, tv.tv_sec);
+ return kerror;
+ }
+}
diff --git a/crypto/kerberosIV/lib/krb/get_cred.c b/crypto/kerberosIV/lib/krb/get_cred.c
new file mode 100644
index 0000000..1a0016c
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/get_cred.c
@@ -0,0 +1,70 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: get_cred.c,v 1.6 1997/05/30 17:38:29 bg Exp $");
+
+/*
+ * krb_get_cred takes a service name, instance, and realm, and a
+ * structure of type CREDENTIALS to be filled in with ticket
+ * information. It then searches the ticket file for the appropriate
+ * ticket and fills in the structure with the corresponding
+ * information from the file. If successful, it returns KSUCCESS.
+ * On failure it returns a Kerberos error code.
+ */
+
+int
+krb_get_cred(char *service, /* Service name */
+ char *instance, /* Instance */
+ char *realm, /* Auth domain */
+ CREDENTIALS *c) /* Credentials struct */
+{
+ int tf_status; /* return value of tf function calls */
+ CREDENTIALS cr;
+
+ if (c == 0)
+ c = &cr;
+
+ /* Open ticket file and lock it for shared reading */
+ if ((tf_status = tf_init(TKT_FILE, R_TKT_FIL)) != KSUCCESS)
+ return(tf_status);
+
+ /* Copy principal's name and instance into the CREDENTIALS struc c */
+
+ if ( (tf_status = tf_get_pname(c->pname)) != KSUCCESS ||
+ (tf_status = tf_get_pinst(c->pinst)) != KSUCCESS )
+ return (tf_status);
+
+ /* Search for requested service credentials and copy into c */
+
+ while ((tf_status = tf_get_cred(c)) == KSUCCESS) {
+ if ((strcmp(c->service,service) == 0) &&
+ (strcmp(c->instance,instance) == 0) &&
+ (strcmp(c->realm,realm) == 0))
+ break;
+ }
+ tf_close();
+
+ if (tf_status == EOF)
+ return (GC_NOTKT);
+ return(tf_status);
+}
diff --git a/crypto/kerberosIV/lib/krb/get_default_principal.c b/crypto/kerberosIV/lib/krb/get_default_principal.c
new file mode 100644
index 0000000..3a111ea
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/get_default_principal.c
@@ -0,0 +1,94 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: get_default_principal.c,v 1.10 1997/04/01 08:18:28 joda Exp $");
+
+int
+krb_get_default_principal(char *name, char *instance, char *realm)
+{
+ char *file;
+ int ret;
+
+ char *p;
+
+ if ((file = getenv("KRBTKFILE")) == NULL)
+ file = TKT_FILE;
+
+ ret = krb_get_tf_fullname(file, name, instance, realm);
+ if(ret == KSUCCESS)
+ return 0;
+
+ p = getenv("KRB4PRINCIPAL");
+ if(p && kname_parse(name, instance, realm, p) == KSUCCESS)
+ return 1;
+
+
+#ifdef HAVE_PWD_H
+ {
+ struct passwd *pw;
+ pw = getpwuid(getuid());
+ if(pw == NULL){
+ return -1;
+ }
+
+ strcpy(name, pw->pw_name);
+ strcpy(instance, "");
+ krb_get_lrealm(realm, 1);
+
+ if(strcmp(name, "root") == 0){
+ p = NULL;
+#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN)
+ p = getlogin();
+#endif
+ if(p == NULL)
+ p = getenv("USER");
+ if(p == NULL)
+ p = getenv("LOGNAME");
+ if(p){
+ strncpy (name, p, ANAME_SZ);
+ name[ANAME_SZ - 1] = '\0';
+ strcpy(instance, "root");
+ }
+ }
+ return 1;
+ }
+#endif
+ return -1;
+}
diff --git a/crypto/kerberosIV/lib/krb/get_host.c b/crypto/kerberosIV/lib/krb/get_host.c
new file mode 100644
index 0000000..de80ac4
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/get_host.c
@@ -0,0 +1,292 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: get_host.c,v 1.30 1997/05/02 14:29:13 assar Exp $");
+
+static struct host_list {
+ struct krb_host *this;
+ struct host_list *next;
+} *hosts;
+
+static int krb_port = 0;
+
+static void
+free_hosts(struct host_list *h)
+{
+ struct host_list *t;
+ while(h){
+ if(h->this->realm)
+ free(h->this->realm);
+ if(h->this->host)
+ free(h->this->host);
+ t = h;
+ h = h->next;
+ free(t);
+ }
+}
+
+static int
+parse_address(char *address, int *proto, char **host, int *port)
+{
+ char *p, *q;
+ p = strchr(address, '/');
+ *proto = IPPROTO_UDP;
+ if(p){
+ char prot[32];
+ struct protoent *pp;
+ strncpy(prot, address, p - address);
+ prot[p - address] = 0;
+ if((pp = getprotobyname(prot)))
+ *proto = pp->p_proto;
+ else
+ krb_warning("Bad protocol name `%s', Using default `udp'.\n",
+ prot);
+ p++;
+ }else
+ p = address;
+ q = strchr(p, ':');
+ if(q){
+ *host = (char*)malloc(q - p + 1);
+ strncpy(*host, p, q - p);
+ (*host)[q - p] = 0;
+ q++;
+ {
+ struct servent *sp = getservbyname(q, NULL);
+ if(sp)
+ *port = ntohs(sp->s_port);
+ else
+ if(sscanf(q, "%d", port) != 1){
+ krb_warning("Bad port specification `%s', using port %d.",
+ q, krb_port);
+ *port = krb_port;
+ }
+ }
+ }else{
+ *host = strdup(p);
+ *port = krb_port;
+ }
+ return 0;
+}
+
+static int
+add_host(char *realm, char *address, int admin, int validate)
+{
+ struct krb_host *host;
+ struct host_list *p, **last = &hosts;
+ host = (struct krb_host*)malloc(sizeof(struct krb_host));
+ parse_address(address, &host->proto, &host->host, &host->port);
+ if(validate && gethostbyname(host->host) == NULL){
+ free(host->host);
+ free(host);
+ return 1;
+ }
+ host->admin = admin;
+ for(p = hosts; p; p = p->next){
+ if(strcmp(realm, p->this->realm) == 0 &&
+ strcmp(host->host, p->this->host) == 0 &&
+ host->proto == p->this->proto &&
+ host->port == p->this->port){
+ free(host->host);
+ free(host);
+ return 1;
+ }
+ last = &p->next;
+ }
+ host->realm = strdup(realm);
+ p = (struct host_list*)malloc(sizeof(struct host_list));
+ p->this = host;
+ p->next = NULL;
+ *last = p;
+ return 0;
+}
+
+
+
+static int
+read_file(const char *filename, const char *r)
+{
+ char line[1024];
+ char realm[1024];
+ char address[1024];
+ char scratch[1024];
+ int n;
+ int nhosts = 0;
+
+ FILE *f = fopen(filename, "r");
+ if(f == NULL)
+ return -1;
+ while(fgets(line, sizeof(line), f)){
+ n = sscanf(line, "%s %s admin %s", realm, address, scratch);
+ if(n == 2 || n == 3){
+ if(strcmp(realm, r))
+ continue;
+ if(add_host(realm, address, n == 3, 0) == 0)
+ nhosts++;
+ }
+ }
+ fclose(f);
+ return nhosts;
+}
+
+static int
+init_hosts(char *realm)
+{
+ static const char *files[] = KRB_CNF_FILES;
+ int i;
+ char *dir = getenv("KRBCONFDIR");
+
+ krb_port = ntohs(k_getportbyname (KRB_SERVICE, NULL, htons(KRB_PORT)));
+ if(dir){
+ char file[MaxPathLen];
+ if(k_concat(file, sizeof(file), dir, "/krb.conf", NULL) == 0)
+ read_file(file, realm);
+ }
+ for(i = 0; files[i]; i++)
+ read_file(files[i], realm);
+ return 0;
+}
+
+static void
+srv_find_realm(char *realm, char *proto, char *service)
+{
+ char *domain;
+ struct dns_reply *r;
+ struct resource_record *rr;
+
+ k_mconcat(&domain, 1024, service, ".", proto, ".", realm, ".", NULL);
+
+ if(domain == NULL)
+ return;
+
+ r = dns_lookup(domain, "srv");
+ if(r == NULL)
+ r = dns_lookup(domain, "txt");
+ if(r == NULL){
+ free(domain);
+ return;
+ }
+ for(rr = r->head; rr; rr = rr->next){
+ if(rr->type == T_SRV){
+ char buf[1024];
+
+ if (snprintf (buf,
+ sizeof(buf),
+ "%s/%s:%u",
+ proto,
+ rr->u.srv->target,
+ rr->u.srv->port) < sizeof(buf))
+ add_host(realm, buf, 0, 0);
+ }else if(rr->type == T_TXT)
+ add_host(realm, rr->u.txt, 0, 0);
+ }
+ dns_free_data(r);
+ free(domain);
+}
+
+struct krb_host*
+krb_get_host(int nth, char *realm, int admin)
+{
+ struct host_list *p;
+ static char orealm[REALM_SZ];
+ if(orealm[0] == 0 || strcmp(realm, orealm)){
+ /* quick optimization */
+ if(realm && realm[0]){
+ strncpy(orealm, realm, sizeof(orealm) - 1);
+ orealm[sizeof(orealm) - 1] = 0;
+ }else{
+ int ret = krb_get_lrealm(orealm, 1);
+ if(ret != KSUCCESS)
+ return NULL;
+ }
+
+ if(hosts){
+ free_hosts(hosts);
+ hosts = NULL;
+ }
+
+ init_hosts(orealm);
+
+ srv_find_realm(orealm, "udp", KRB_SERVICE);
+ srv_find_realm(orealm, "tcp", KRB_SERVICE);
+
+ {
+ /* XXX this assumes no one has more than 99999 kerberos
+ servers */
+ char host[REALM_SZ + sizeof("kerberos-XXXXX..")];
+ int i = 0;
+ sprintf(host, "kerberos.%s.", orealm);
+ add_host(orealm, host, 1, 1);
+ do{
+ i++;
+ sprintf(host, "kerberos-%d.%s.", i, orealm);
+ }while(i < 100000 && add_host(orealm, host, 0, 1) == 0);
+ }
+ }
+
+ for(p = hosts; p; p = p->next){
+ if(strcmp(orealm, p->this->realm) == 0 &&
+ (!admin || p->this->admin))
+ if(nth == 1)
+ return p->this;
+ else
+ nth--;
+ }
+ return NULL;
+}
+
+int
+krb_get_krbhst(char *host, char *realm, int nth)
+{
+ struct krb_host *p = krb_get_host(nth, realm, 0);
+ if(p == NULL)
+ return KFAILURE;
+ strcpy(host, p->host);
+ return KSUCCESS;
+}
+
+int
+krb_get_admhst(char *host, char *realm, int nth)
+{
+ struct krb_host *p = krb_get_host(nth, realm, 1);
+ if(p == NULL)
+ return KFAILURE;
+ strcpy(host, p->host);
+ return KSUCCESS;
+}
diff --git a/crypto/kerberosIV/lib/krb/get_in_tkt.c b/crypto/kerberosIV/lib/krb/get_in_tkt.c
new file mode 100644
index 0000000..435632a
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/get_in_tkt.c
@@ -0,0 +1,99 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: get_in_tkt.c,v 1.15 1997/03/23 03:53:08 joda Exp $");
+
+/*
+ * This file contains three routines: passwd_to_key() and
+ * passwd_to_afskey() converts a password into a DES key, using the
+ * normal strinttokey and the AFS one, respectively, and
+ * krb_get_pw_in_tkt() gets an initial ticket for a user.
+ */
+
+/*
+ * passwd_to_key() and passwd_to_afskey: given a password, return a DES key.
+ */
+
+int
+passwd_to_key(char *user, char *instance, char *realm, void *passwd,
+ des_cblock *key)
+{
+#ifndef NOENCRYPTION
+ des_string_to_key((char *)passwd, key);
+#endif
+ return 0;
+}
+
+
+int
+passwd_to_afskey(char *user, char *instance, char *realm, void *passwd,
+ des_cblock *key)
+{
+#ifndef NOENCRYPTION
+ afs_string_to_key((char *)passwd, realm, key);
+#endif
+ return (0);
+}
+
+/*
+ * krb_get_pw_in_tkt() takes the name of the server for which the initial
+ * ticket is to be obtained, the name of the principal the ticket is
+ * for, the desired lifetime of the ticket, and the user's password.
+ * It passes its arguments on to krb_get_in_tkt(), which contacts
+ * Kerberos to get the ticket, decrypts it using the password provided,
+ * and stores it away for future use.
+ *
+ * krb_get_pw_in_tkt() passes two additional arguments to krb_get_in_tkt():
+ * the name of a routine (passwd_to_key()) to be used to get the
+ * password in case the "password" argument is null and NULL for the
+ * decryption procedure indicating that krb_get_in_tkt should use the
+ * default method of decrypting the response from the KDC.
+ *
+ * The result of the call to krb_get_in_tkt() is returned.
+ */
+
+int
+krb_get_pw_in_tkt(char *user, char *instance, char *realm, char *service,
+ char *sinstance, int life, char *password)
+{
+ char pword[100]; /* storage for the password */
+ int code;
+
+ /* Only request password once! */
+ if (!password) {
+ if (des_read_pw_string(pword, sizeof(pword)-1, "Password: ", 0)){
+ memset(pword, 0, sizeof(pword));
+ return INTK_BADPW;
+ }
+ password = pword;
+ }
+
+ code = krb_get_in_tkt(user,instance,realm,service,sinstance,life,
+ passwd_to_key, NULL, password);
+ if (code == INTK_BADPW)
+ code = krb_get_in_tkt(user,instance,realm,service,sinstance,life,
+ passwd_to_afskey, NULL, password);
+ if (password == pword)
+ memset(pword, 0, sizeof(pword));
+ return(code);
+}
diff --git a/crypto/kerberosIV/lib/krb/get_krbrlm.c b/crypto/kerberosIV/lib/krb/get_krbrlm.c
new file mode 100644
index 0000000..8c5b0c9
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/get_krbrlm.c
@@ -0,0 +1,116 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: get_krbrlm.c,v 1.16 1997/05/02 01:26:22 assar Exp $");
+
+/*
+ * krb_get_lrealm takes a pointer to a string, and a number, n. It fills
+ * in the string, r, with the name of the nth realm specified on the
+ * first line of the kerberos config file (KRB_CONF, defined in "krb.h").
+ * It returns 0 (KSUCCESS) on success, and KFAILURE on failure. If the
+ * config file does not exist, and if n=1, a successful return will occur
+ * with r = KRB_REALM (also defined in "krb.h").
+ *
+ * NOTE: for archaic & compatibility reasons, this routine will only return
+ * valid results when n = 1.
+ *
+ * For the format of the KRB_CONF file, see comments describing the routine
+ * krb_get_krbhst().
+ */
+
+static int
+krb_get_lrealm_f(char *r, int n, const char *fname)
+{
+ FILE *f;
+ int ret = KFAILURE;
+ f = fopen(fname, "r");
+ if(f){
+ char buf[REALM_SZ];
+ if(fgets(buf, sizeof(buf), f)){
+ char *p = buf + strspn(buf, " \t");
+ p[strcspn(p, " \t\r\n")] = 0;
+ p[REALM_SZ - 1] = 0;
+ strcpy(r, p);
+ ret = KSUCCESS;
+ }
+ fclose(f);
+ }
+ return ret;
+}
+
+int
+krb_get_lrealm(char *r, int n)
+{
+ static const char *const files[] = KRB_CNF_FILES;
+ int i;
+
+ const char *dir = getenv("KRBCONFDIR");
+
+ if (n > 1)
+ return(KFAILURE); /* Temporary restriction */
+
+ /* First try user specified file */
+ if (dir != 0) {
+ char fname[MaxPathLen];
+ if(k_concat(fname, sizeof(fname), dir, "/krb.conf", NULL) == 0)
+ if (krb_get_lrealm_f(r, n, fname) == KSUCCESS)
+ return KSUCCESS;
+ }
+
+ for (i = 0; files[i] != 0; i++)
+ if (krb_get_lrealm_f(r, n, files[i]) == KSUCCESS)
+ return KSUCCESS;
+
+ /* If nothing else works try LOCALDOMAIN, if it exists */
+ if (n == 1)
+ {
+ char *t, hostname[MaxHostNameLen];
+ k_gethostname(hostname, sizeof(hostname));
+ t = krb_realmofhost(hostname);
+ if (t) {
+ strcpy (r, t);
+ return KSUCCESS;
+ }
+ t = strchr(hostname, '.');
+ if (t == 0)
+ return KFAILURE; /* No domain part, you loose */
+
+ t++; /* Skip leading dot and upcase the rest */
+ for (; *t; t++, r++)
+ *r = toupper(*t);
+ *r = 0;
+ return(KSUCCESS);
+ }
+ else
+ return(KFAILURE);
+}
+
+/* For SunOS5 compat. */
+char *
+krb_get_default_realm(void)
+{
+ static char local_realm[REALM_SZ]; /* local kerberos realm */
+ if (krb_get_lrealm(local_realm, 1) != KSUCCESS)
+ strcpy(local_realm, "NO.DEFAULT.REALM");
+ return local_realm;
+}
diff --git a/crypto/kerberosIV/lib/krb/get_svc_in_tkt.c b/crypto/kerberosIV/lib/krb/get_svc_in_tkt.c
new file mode 100644
index 0000000..c290524
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/get_svc_in_tkt.c
@@ -0,0 +1,76 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: get_svc_in_tkt.c,v 1.8 1997/03/23 03:53:09 joda Exp $");
+
+/*
+ * This file contains two routines: srvtab_to_key(), which gets
+ * a server's key from a srvtab file, and krb_get_svc_in_tkt() which
+ * gets an initial ticket for a server.
+ */
+
+/*
+ * srvtab_to_key(): given a "srvtab" file (where the keys for the
+ * service on a host are stored), return the private key of the
+ * given service (user.instance@realm).
+ *
+ * srvtab_to_key() passes its arguments on to read_service_key(),
+ * plus one additional argument, the key version number.
+ * (Currently, the key version number is always 0; this value
+ * is treated as a wildcard by read_service_key().)
+ *
+ * If the "srvtab" argument is null, KEYFILE (defined in "krb.h")
+ * is passed in its place.
+ *
+ * It returns the return value of the read_service_key() call.
+ * The service key is placed in "key".
+ */
+
+int
+srvtab_to_key(char *user, char *instance, char *realm, void *srvtab,
+ des_cblock *key)
+{
+ if (!srvtab)
+ srvtab = KEYFILE;
+
+ return(read_service_key(user, instance, realm, 0, (char *)srvtab,
+ (char *)key));
+}
+
+/*
+ * krb_get_svc_in_tkt() passes its arguments on to krb_get_in_tkt(),
+ * plus two additional arguments: a pointer to the srvtab_to_key()
+ * function to be used to get the key from the key file and a NULL
+ * for the decryption procedure indicating that krb_get_in_tkt should
+ * use the default method of decrypting the response from the KDC.
+ *
+ * It returns the return value of the krb_get_in_tkt() call.
+ */
+
+int
+krb_get_svc_in_tkt(char *user, char *instance, char *realm, char *service,
+ char *sinstance, int life, char *srvtab)
+{
+ return(krb_get_in_tkt(user, instance, realm, service, sinstance,
+ life, srvtab_to_key, NULL, srvtab));
+}
diff --git a/crypto/kerberosIV/lib/krb/get_tf_fullname.c b/crypto/kerberosIV/lib/krb/get_tf_fullname.c
new file mode 100644
index 0000000..33733d0
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/get_tf_fullname.c
@@ -0,0 +1,70 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: get_tf_fullname.c,v 1.6 1997/03/23 03:53:10 joda Exp $");
+
+/*
+ * This file contains a routine to extract the fullname of a user
+ * from the ticket file.
+ */
+
+/*
+ * krb_get_tf_fullname() takes four arguments: the name of the
+ * ticket file, and variables for name, instance, and realm to be
+ * returned in. Since the realm of a ticket file is not really fully
+ * supported, the realm used will be that of the the first ticket in
+ * the file as this is the one that was obtained with a password by
+ * krb_get_in_tkt().
+ */
+
+int
+krb_get_tf_fullname(char *ticket_file, char *name, char *instance, char *realm)
+{
+ int tf_status;
+ CREDENTIALS c;
+
+ if ((tf_status = tf_init(ticket_file, R_TKT_FIL)) != KSUCCESS)
+ return(tf_status);
+
+ if (((tf_status = tf_get_pname(c.pname)) != KSUCCESS) ||
+ ((tf_status = tf_get_pinst(c.pinst)) != KSUCCESS))
+ return (tf_status);
+
+ if (name)
+ strcpy(name, c.pname);
+ if (instance)
+ strcpy(instance, c.pinst);
+ if ((tf_status = tf_get_cred(&c)) == KSUCCESS) {
+ if (realm)
+ strcpy(realm, c.realm);
+ }
+ else {
+ if (tf_status == EOF)
+ return(KFAILURE);
+ else
+ return(tf_status);
+ }
+ tf_close();
+
+ return(tf_status);
+}
diff --git a/crypto/kerberosIV/lib/krb/get_tf_realm.c b/crypto/kerberosIV/lib/krb/get_tf_realm.c
new file mode 100644
index 0000000..1a3c7d1
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/get_tf_realm.c
@@ -0,0 +1,41 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: get_tf_realm.c,v 1.5 1997/03/23 03:53:10 joda Exp $");
+
+/*
+ * This file contains a routine to extract the realm of a kerberos
+ * ticket file.
+ */
+
+/*
+ * krb_get_tf_realm() takes two arguments: the name of a ticket
+ * and a variable to store the name of the realm in.
+ *
+ */
+
+int
+krb_get_tf_realm(char *ticket_file, char *realm)
+{
+ return(krb_get_tf_fullname(ticket_file, 0, 0, realm));
+}
diff --git a/crypto/kerberosIV/lib/krb/getaddrs.c b/crypto/kerberosIV/lib/krb/getaddrs.c
new file mode 100644
index 0000000..d25ec1b
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/getaddrs.c
@@ -0,0 +1,130 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: getaddrs.c,v 1.19 1997/04/01 08:18:29 joda Exp $");
+
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4
+#include <sys/ioctl.h>
+#endif
+#ifdef HAVE_NET_IF_H
+#include <net/if.h>
+#endif
+
+#ifdef HAVE_SYS_SOCKIO_H
+#include <sys/sockio.h>
+#endif /* HAVE_SYS_SOCKIO_H */
+
+/*
+ * Return number and list of all local adresses.
+ */
+
+int
+k_get_all_addrs (struct in_addr **l)
+{
+#if !defined(SIOCGIFCONF) || !defined(SIOCGIFFLAGS) || !defined(SIOCGIFADDR)
+ char name[MaxHostNameLen];
+ struct hostent *he;
+
+ if (k_gethostname(name, sizeof(name)) < 0)
+ return -1;
+ he = gethostbyname (name);
+ if (he == NULL)
+ return -1;
+ *l = malloc(sizeof(**l));
+ if (*l == NULL)
+ return -1;
+ memcpy (*l, he->h_addr_list[0], sizeof(*l));
+ return 1;
+#else
+ int fd;
+ char buf[BUFSIZ];
+ struct ifreq ifreq;
+ struct ifconf ifconf;
+ int num, j;
+ char *p;
+
+ fd = socket(AF_INET, SOCK_DGRAM, 0);
+ if (fd < 0)
+ return -1;
+
+ ifconf.ifc_len = sizeof(buf);
+ ifconf.ifc_buf = buf;
+ if(ioctl(fd, SIOCGIFCONF, &ifconf) < 0)
+ return -1;
+ num = ifconf.ifc_len / sizeof(struct ifreq);
+ *l = malloc(num * sizeof(struct in_addr));
+ if(*l == NULL) {
+ close (fd);
+ return -1;
+ }
+
+ j = 0;
+ ifreq.ifr_name[0] = '\0';
+ for (p = ifconf.ifc_buf; p < ifconf.ifc_buf + ifconf.ifc_len;) {
+ struct ifreq *ifr = (struct ifreq *)p;
+#ifdef SOCKADDR_HAS_SA_LEN
+ size_t sz = sizeof(ifr->ifr_name) + ifr->ifr_addr.sa_len;
+#else
+ size_t sz = sizeof(*ifr);
+#endif
+ if(strncmp(ifreq.ifr_name, ifr->ifr_name, sizeof(ifr->ifr_name))) {
+ if(ioctl(fd, SIOCGIFFLAGS, ifr) < 0) {
+ close (fd);
+ free (*l);
+ return -1;
+ }
+ if (ifr->ifr_flags & IFF_UP) {
+ if(ioctl(fd, SIOCGIFADDR, ifr) < 0) {
+ close (fd);
+ free (*l);
+ return -1;
+ }
+ (*l)[j++] = ((struct sockaddr_in *)&ifr->ifr_addr)->sin_addr;
+ }
+ ifreq = *ifr;
+ }
+ p = p + sz;
+ }
+ if (j != num)
+ *l = realloc (*l, j * sizeof(struct in_addr));
+ close (fd);
+ return j;
+#endif /* SIOCGIFCONF */
+}
diff --git a/crypto/kerberosIV/lib/krb/getrealm.c b/crypto/kerberosIV/lib/krb/getrealm.c
new file mode 100644
index 0000000..05dfdab
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/getrealm.c
@@ -0,0 +1,184 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: getrealm.c,v 1.25 1997/05/02 14:29:14 assar Exp $");
+
+#define MATCH_SUBDOMAINS 0
+
+/*
+ * krb_realmofhost.
+ * Given a fully-qualified domain-style primary host name,
+ * return the name of the Kerberos realm for the host.
+ * If the hostname contains no discernable domain, or an error occurs,
+ * return the local realm name, as supplied by get_krbrlm().
+ * If the hostname contains a domain, but no translation is found,
+ * the hostname's domain is converted to upper-case and returned.
+ *
+ * The format of each line of the translation file is:
+ * domain_name kerberos_realm
+ * -or-
+ * host_name kerberos_realm
+ *
+ * domain_name should be of the form .XXX.YYY (e.g. .LCS.MIT.EDU)
+ * host names should be in the usual form (e.g. FOO.BAR.BAZ)
+ */
+
+/* To automagically find the correct realm of a host (without
+ * krb.realms) add a text record for your domain with the name of your
+ * realm, like this:
+ *
+ * krb4-realm IN TXT FOO.SE
+ *
+ * The search is recursive, so you can also add entries for specific
+ * hosts. To find the realm of host a.b.c, it first tries
+ * krb4-realm.a.b.c, then krb4-realm.b.c and so on.
+ */
+
+static int
+dns_find_realm(char *hostname, char *realm)
+{
+ char domain[MaxHostNameLen + sizeof("krb4-realm..")];
+ char *p;
+ int level = 0;
+ struct dns_reply *r;
+
+ p = hostname;
+
+ while(1){
+ snprintf(domain, sizeof(domain), "krb4-realm.%s.", p);
+ r = dns_lookup(domain, "TXT");
+ if(r){
+ struct resource_record *rr = r->head;
+ while(rr){
+ if(rr->type == T_TXT){
+ strncpy(realm, rr->u.txt, REALM_SZ);
+ realm[REALM_SZ - 1] = 0;
+ dns_free_data(r);
+ return level;
+ }
+ rr = rr->next;
+ }
+ dns_free_data(r);
+ }
+ level++;
+ p = strchr(p, '.');
+ if(p == NULL)
+ break;
+ p++;
+ }
+ return -1;
+}
+
+
+static FILE *
+open_krb_realms(void)
+{
+ static const char *const files[] = KRB_RLM_FILES;
+ FILE *res;
+ int i;
+
+ const char *dir = getenv("KRBCONFDIR");
+
+ /* First try user specified file */
+ if (dir != 0) {
+ char fname[MaxPathLen];
+
+ if(k_concat(fname, sizeof(fname), dir, "/krb.realms", NULL) == 0)
+ if ((res = fopen(fname, "r")) != NULL)
+ return res;
+ }
+
+ for (i = 0; files[i] != 0; i++)
+ if ((res = fopen(files[i], "r")) != NULL)
+ return res;
+
+ return NULL;
+}
+
+char *
+krb_realmofhost(const char *host)
+{
+ static char ret_realm[REALM_SZ];
+ char *domain;
+ FILE *trans_file;
+ char trans_host[MaxHostNameLen];
+ char trans_realm[REALM_SZ];
+ char buf[1024];
+
+ char phost[MaxHostNameLen];
+
+ krb_name_to_name(host, phost, sizeof(phost));
+
+ domain = strchr(phost, '.');
+
+ /* prepare default */
+ if(dns_find_realm(phost, ret_realm) < 0){
+ if (domain) {
+ char *cp;
+
+ strncpy(ret_realm, &domain[1], REALM_SZ);
+ ret_realm[REALM_SZ - 1] = 0;
+ /* Upper-case realm */
+ for (cp = ret_realm; *cp; cp++)
+ *cp = toupper(*cp);
+ } else {
+ krb_get_lrealm(ret_realm, 1);
+ }
+ }
+
+ if ((trans_file = open_krb_realms()) == NULL)
+ return(ret_realm); /* krb_errno = KRB_NO_TRANS */
+
+ while (fgets(buf, sizeof(buf), trans_file)) {
+ char *save = NULL;
+ char *tok = strtok_r(buf, " \t\r\n", &save);
+ if(tok == NULL)
+ continue;
+ strncpy(trans_host, tok, MaxHostNameLen);
+ trans_host[MaxHostNameLen - 1] = 0;
+ tok = strtok_r(NULL, " \t\r\n", &save);
+ if(tok == NULL)
+ continue;
+ strcpy(trans_realm, tok);
+ trans_realm[REALM_SZ - 1] = 0;
+ if (!strcasecmp(trans_host, phost)) {
+ /* exact match of hostname, so return the realm */
+ strcpy(ret_realm, trans_realm);
+ fclose(trans_file);
+ return(ret_realm);
+ }
+ if ((trans_host[0] == '.') && domain) {
+ char *cp = domain;
+ do {
+ if(strcasecmp(trans_host, domain) == 0){
+ /* domain match, save for later */
+ strcpy(ret_realm, trans_realm);
+ break;
+ }
+ cp = strchr(cp + 1, '.');
+ } while(MATCH_SUBDOMAINS && cp);
+ }
+ }
+ fclose(trans_file);
+ return ret_realm;
+}
diff --git a/crypto/kerberosIV/lib/krb/getst.c b/crypto/kerberosIV/lib/krb/getst.c
new file mode 100644
index 0000000..de99962
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/getst.c
@@ -0,0 +1,45 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: getst.c,v 1.6 1997/03/23 03:53:11 joda Exp $");
+
+/*
+ * getst() takes a file descriptor, a string and a count. It reads
+ * from the file until either it has read "count" characters, or until
+ * it reads a null byte. When finished, what has been read exists in
+ * the given string "s". If "count" characters were actually read, the
+ * last is changed to a null, so the returned string is always null-
+ * terminated. getst() returns the number of characters read, including
+ * the null terminator.
+ */
+
+int
+getst(int fd, char *s, int n)
+{
+ int count = n;
+ while (read(fd, s, 1) > 0 && --count)
+ if (*s++ == '\0')
+ return (n - count);
+ *s = '\0';
+ return (n - count);
+}
diff --git a/crypto/kerberosIV/lib/krb/gettimeofday.c b/crypto/kerberosIV/lib/krb/gettimeofday.c
new file mode 100644
index 0000000..734ca59
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/gettimeofday.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+RCSID("$Id: gettimeofday.c,v 1.5 1997/04/01 08:18:29 joda Exp $");
+
+#ifndef HAVE_GETTIMEOFDAY
+/*
+ * Simple gettimeofday that only returns seconds.
+ */
+int
+gettimeofday (struct timeval *tp, void *ignore)
+{
+ time_t t;
+
+ t = time(NULL);
+ tp->tv_sec = t;
+ tp->tv_usec = 0;
+ return 0;
+}
+#endif
diff --git a/crypto/kerberosIV/lib/krb/k_concat.c b/crypto/kerberosIV/lib/krb/k_concat.c
new file mode 100644
index 0000000..e7daa5f
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/k_concat.c
@@ -0,0 +1,116 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: k_concat.c,v 1.5 1997/05/02 08:56:39 joda Exp $");
+
+int
+k_concat (char *s, size_t len, ...)
+{
+ int ret;
+ va_list args;
+
+ va_start(args, len);
+ ret = k_vconcat (s, len, args);
+ va_end(args);
+ return ret;
+}
+
+int
+k_vconcat (char *s, size_t len, va_list args)
+{
+ const char *a;
+
+ while ((a = va_arg(args, const char*))) {
+ size_t n = strlen (a);
+
+ if (n >= len)
+ return -1;
+ strncpy (s, a, n);
+ s += n;
+ len -= n;
+ }
+ *s = '\0';
+ return 0;
+}
+
+size_t
+k_vmconcat (char **s, size_t max_len, va_list args)
+{
+ const char *a;
+ char *p, *q;
+ size_t len = 0;
+ *s = NULL;
+ p = malloc(1);
+ if(p == NULL)
+ return 0;
+ *p = 0;
+ len = 1;
+ while ((a = va_arg(args, const char*))) {
+ size_t n = strlen (a);
+
+ if(max_len && len + n > max_len){
+ free(p);
+ return 0;
+ }
+ q = realloc(p, len + n);
+ if(q == NULL){
+ free(p);
+ return 0;
+ }
+ p = q;
+ len += n;
+ strcat(p, a);
+ }
+ *s = p;
+ return len;
+}
+
+size_t
+k_mconcat (char **s, size_t max_len, ...)
+{
+ int ret;
+ va_list args;
+
+ va_start(args, max_len);
+ ret = k_vmconcat (s, max_len, args);
+ va_end(args);
+ return ret;
+}
+
diff --git a/crypto/kerberosIV/lib/krb/k_flock.c b/crypto/kerberosIV/lib/krb/k_flock.c
new file mode 100644
index 0000000..844c34c
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/k_flock.c
@@ -0,0 +1,95 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: k_flock.c,v 1.8 1997/04/01 08:18:30 joda Exp $");
+
+#define K_OP_MASK (K_LOCK_SH | K_LOCK_EX | K_LOCK_UN)
+
+int
+k_flock(int fd, int operation)
+{
+#ifdef HAVE_FLOCK
+ int op = 0;
+ if (operation & K_LOCK_SH)
+ op |= LOCK_SH;
+ if (operation & K_LOCK_EX)
+ op |= LOCK_EX;
+ if (operation & K_LOCK_UN)
+ op |= LOCK_UN;
+ if (operation & K_LOCK_NB)
+ op |= LOCK_NB;
+
+ return flock(fd, op);
+#elif defined(HAVE_FCNTL) && defined(F_SETLK)
+ struct flock arg;
+ int code, cmd;
+
+ arg.l_whence = SEEK_SET;
+ arg.l_start = 0;
+ arg.l_len = 0; /* means to EOF */
+
+ if (operation & K_LOCK_NB)
+ cmd = F_SETLK;
+ else
+ cmd = F_SETLKW; /* Blocking */
+
+ switch (operation & K_OP_MASK) {
+ case K_LOCK_UN:
+ arg.l_type = F_UNLCK;
+ code = fcntl(fd, F_SETLK, &arg);
+ break;
+ case K_LOCK_SH:
+ arg.l_type = F_RDLCK;
+ code = fcntl(fd, cmd, &arg);
+ break;
+ case K_LOCK_EX:
+ arg.l_type = F_WRLCK;
+ code = fcntl(fd, cmd, &arg);
+ break;
+ default:
+ errno = EINVAL;
+ code = -1;
+ break;
+ }
+ return code;
+#else
+ return -1;
+#endif /* !HAVE_FLOCK */
+}
diff --git a/crypto/kerberosIV/lib/krb/k_gethostname.c b/crypto/kerberosIV/lib/krb/k_gethostname.c
new file mode 100644
index 0000000..0f4d57f
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/k_gethostname.c
@@ -0,0 +1,58 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+#include "krb_locl.h"
+RCSID("$Id: k_gethostname.c,v 1.10 1997/03/23 03:53:12 joda Exp $");
+
+#ifdef HAVE_SYS_UTSNAME_H
+#include <sys/utsname.h>
+#endif
+
+/*
+ * Return the local host's name in "name", up to "namelen" characters.
+ * "name" will be null-terminated if "namelen" is big enough.
+ * The return code is 0 on success, -1 on failure. (The calling
+ * interface is identical to gethostname(2).)
+ */
+
+int
+k_gethostname(char *name, int namelen)
+{
+#if defined(HAVE_GETHOSTNAME)
+ return gethostname(name, namelen);
+#elif defined(HAVE_UNAME)
+ {
+ struct utsname utsname;
+ int ret;
+
+ ret = uname (&utsname);
+ if (ret < 0)
+ return ret;
+ strncpy (name, utsname.nodename, namelen);
+ name[namelen-1] = '\0';
+ return 0;
+ }
+#else
+ strncpy (name, "some.random.host", namelen);
+ name[namelen-1] = '\0';
+ return 0;
+#endif
+}
diff --git a/crypto/kerberosIV/lib/krb/k_getport.c b/crypto/kerberosIV/lib/krb/k_getport.c
new file mode 100644
index 0000000..c5f9f15
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/k_getport.c
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: k_getport.c,v 1.10 1997/04/01 08:18:30 joda Exp $");
+
+int
+k_getportbyname (const char *service, const char *proto, int default_port)
+{
+#ifdef HAVE_GETSERVBYNAME
+ struct servent *sp;
+
+ sp = getservbyname(service, proto);
+ if(sp != NULL)
+ return sp->s_port;
+
+ krb_warning ("%s/%s unknown service, using default port %d\n",
+ service, proto ? proto : "*", ntohs(default_port));
+#endif
+ return default_port;
+}
diff --git a/crypto/kerberosIV/lib/krb/k_getsockinst.c b/crypto/kerberosIV/lib/krb/k_getsockinst.c
new file mode 100644
index 0000000..04676b1
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/k_getsockinst.c
@@ -0,0 +1,73 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: k_getsockinst.c,v 1.10 1997/05/02 14:29:17 assar Exp $");
+
+/*
+ * Return in inst the name of the local interface bound to socket
+ * fd. On Failure return the 'wildcard' instance "*".
+ */
+
+int
+k_getsockinst(int fd, char *inst, size_t inst_size)
+{
+ struct sockaddr_in addr;
+ int len = sizeof(addr);
+ struct hostent *hnam;
+
+ if (getsockname(fd, (struct sockaddr *)&addr, &len) < 0)
+ goto fail;
+
+ hnam = gethostbyaddr((char *)&addr.sin_addr,
+ sizeof(addr.sin_addr),
+ addr.sin_family);
+ if (hnam == 0)
+ goto fail;
+
+ strncpy (inst, hnam->h_name, inst_size);
+ inst[inst_size - 1] = '\0';
+ k_ricercar(inst); /* Canonicalize name */
+ return 0; /* Success */
+
+ fail:
+ inst[0] = '*';
+ inst[1] = 0;
+ return -1;
+}
diff --git a/crypto/kerberosIV/lib/krb/k_localtime.c b/crypto/kerberosIV/lib/krb/k_localtime.c
new file mode 100644
index 0000000..a6ffb9b
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/k_localtime.c
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: k_localtime.c,v 1.7 1997/04/01 08:18:31 joda Exp $");
+
+struct tm *k_localtime(u_int32_t *tp)
+{
+ time_t t;
+ t = *tp;
+ return localtime(&t);
+}
diff --git a/crypto/kerberosIV/lib/krb/kdc_reply.c b/crypto/kerberosIV/lib/krb/kdc_reply.c
new file mode 100644
index 0000000..aa012e0
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/kdc_reply.c
@@ -0,0 +1,131 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: kdc_reply.c,v 1.9 1997/04/15 21:52:14 assar Exp $");
+
+static int little_endian; /* XXX ugly */
+
+int
+kdc_reply_cred(KTEXT cip, CREDENTIALS *cred)
+{
+ unsigned char *p = cip->dat;
+
+ memcpy(cred->session, p, 8);
+ p += 8;
+
+ if(p + strlen((char*)p) > cip->dat + cip->length)
+ return INTK_BADPW;
+ p += krb_get_string(p, cred->service);
+
+ if(p + strlen((char*)p) > cip->dat + cip->length)
+ return INTK_BADPW;
+ p += krb_get_string(p, cred->instance);
+
+ if(p + strlen((char*)p) > cip->dat + cip->length)
+ return INTK_BADPW;
+ p += krb_get_string(p, cred->realm);
+
+ if(p + 3 > cip->dat + cip->length)
+ return INTK_BADPW;
+ cred->lifetime = *p++;
+ cred->kvno = *p++;
+ cred->ticket_st.length = *p++;
+
+ if(p + cred->ticket_st.length + 4 > cip->dat + cip->length)
+ return INTK_BADPW;
+ memcpy(cred->ticket_st.dat, p, cred->ticket_st.length);
+ p += cred->ticket_st.length;
+
+ p += krb_get_int(p, (u_int32_t *)&cred->issue_date, 4, little_endian);
+
+ return KSUCCESS;
+}
+
+int
+kdc_reply_cipher(KTEXT reply, KTEXT cip)
+{
+ unsigned char *p;
+ unsigned char pvno;
+ unsigned char type;
+
+ char aname[ANAME_SZ];
+ char inst[INST_SZ];
+ char realm[REALM_SZ];
+
+ u_int32_t kdc_time;
+ u_int32_t exp_date;
+ u_int32_t clen;
+
+ p = reply->dat;
+
+ pvno = *p++;
+
+ if (pvno != KRB_PROT_VERSION )
+ return INTK_PROT;
+
+ type = *p++;
+ little_endian = type & 1;
+
+ type &= ~1;
+
+ if(type == AUTH_MSG_ERR_REPLY){
+ u_int32_t code;
+ p += strlen((char*)p) + 1; /* name */
+ p += strlen((char*)p) + 1; /* instance */
+ p += strlen((char*)p) + 1; /* realm */
+ p += 4; /* time */
+ p += krb_get_int(p, &code, 4, little_endian);
+ return code;
+ }
+ if(type != AUTH_MSG_KDC_REPLY)
+ return INTK_PROT;
+
+ p += krb_get_nir(p, aname, inst, realm);
+ p += krb_get_int(p, &kdc_time, 4, little_endian);
+ p++; /* number of tickets */
+ p += krb_get_int(p, &exp_date, 4, little_endian);
+ p++; /* master key version number */
+ p += krb_get_int(p, &clen, 2, little_endian);
+ cip->length = clen;
+ memcpy(cip->dat, p, clen);
+ p += clen;
+
+ return KSUCCESS;
+}
diff --git a/crypto/kerberosIV/lib/krb/klog.h b/crypto/kerberosIV/lib/krb/klog.h
new file mode 100644
index 0000000..cee92d9
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/klog.h
@@ -0,0 +1,47 @@
+/*
+ * $Id: klog.h,v 1.5 1997/05/11 11:05:28 assar Exp $
+ *
+ * Copyright 1988 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * This file defines the types of log messages logged by klog. Each
+ * type of message may be selectively turned on or off.
+ */
+
+#ifndef KLOG_DEFS
+#define KLOG_DEFS
+
+#ifndef KRBLOG
+#define KRBLOG "/var/log/kerberos.log" /* master server */
+#endif
+#ifndef KRBSLAVELOG
+#define KRBSLAVELOG "/var/log/kerberos_slave.log" /* slave server */
+#endif
+#define NLOGTYPE 100 /* Maximum number of log msg types */
+
+#define L_NET_ERR 1 /* Error in network code */
+#define L_NET_INFO 2 /* Info on network activity */
+#define L_KRB_PERR 3 /* Kerberos protocol errors */
+#define L_KRB_PINFO 4 /* Kerberos protocol info */
+#define L_INI_REQ 5 /* Request for initial ticket */
+#define L_NTGT_INTK 6 /* Initial request not for TGT */
+#define L_DEATH_REQ 7 /* Request for server death */
+#define L_TKT_REQ 8 /* All ticket requests using a tgt */
+#define L_ERR_SEXP 9 /* Service expired */
+#define L_ERR_MKV 10 /* Master key version incorrect */
+#define L_ERR_NKY 11 /* User's key is null */
+#define L_ERR_NUN 12 /* Principal not unique */
+#define L_ERR_UNK 13 /* Principal Unknown */
+#define L_ALL_REQ 14 /* All requests */
+#define L_APPL_REQ 15 /* Application requests (using tgt) */
+#define L_KRB_PWARN 16 /* Protocol warning messages */
+
+char * klog __P((int type, const char *format, ...))
+#ifdef __GNUC__
+__attribute__ ((format (printf, 2, 3)))
+#endif
+;
+
+#endif /* KLOG_DEFS */
diff --git a/crypto/kerberosIV/lib/krb/kntoln.c b/crypto/kerberosIV/lib/krb/kntoln.c
new file mode 100644
index 0000000..88b8b25
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/kntoln.c
@@ -0,0 +1,180 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+/*
+ * krb_kntoln converts an auth name into a local name by looking up
+ * the auth name in the /etc/aname file. The format of the aname
+ * file is:
+ *
+ * +-----+-----+-----+-----+------+----------+-------+-------+
+ * | anl | inl | rll | lnl | name | instance | realm | lname |
+ * +-----+-----+-----+-----+------+----------+-------+-------+
+ * | 1by | 1by | 1by | 1by | name | instance | realm | lname |
+ * +-----+-----+-----+-----+------+----------+-------+-------+
+ *
+ * If the /etc/aname file can not be opened it will set the
+ * local name to the auth name. Thus, in this case it performs as
+ * the identity function.
+ *
+ * The name instance and realm are passed to krb_kntoln through
+ * the AUTH_DAT structure (ad).
+ *
+ * Now here's what it *really* does:
+ *
+ * Given a Kerberos name in an AUTH_DAT structure, check that the
+ * instance is null, and that the realm is the same as the local
+ * realm, and return the principal's name in "lname". Return
+ * KSUCCESS if all goes well, otherwise KFAILURE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: kntoln.c,v 1.7 1997/03/23 03:53:12 joda Exp $");
+
+int
+krb_kntoln(AUTH_DAT *ad, char *lname)
+{
+ static char lrealm[REALM_SZ] = "";
+
+ if (!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE))
+ return(KFAILURE);
+
+ if (strcmp(ad->pinst, ""))
+ return(KFAILURE);
+ if (strcmp(ad->prealm, lrealm))
+ return(KFAILURE);
+ strcpy(lname, ad->pname);
+ return(KSUCCESS);
+}
+
+#if 0
+/* Posted to usenet by "Derrick J. Brashear" <shadow+@andrew.cmu.edu> */
+
+#include <krb.h>
+#include <ndbm.h>
+#include <stdio.h>
+#include <sys/file.h>
+#include <strings.h>
+#include <sys/syslog.h>
+#include <sys/errno.h>
+
+extern int errno;
+/*
+ * antoln converts an authentication name into a local name by looking up
+ * the authentication name in the /etc/aname dbm database.
+ *
+ * If the /etc/aname file can not be opened it will set the
+ * local name to the principal name. Thus, in this case it performs as
+ * the identity function.
+ *
+ * The name instance and realm are passed to antoln through
+ * the AUTH_DAT structure (ad).
+ */
+
+static char lrealm[REALM_SZ] = "";
+
+an_to_ln(ad,lname)
+AUTH_DAT *ad;
+char *lname;
+{
+ static DBM *aname = NULL;
+ char keyname[ANAME_SZ+INST_SZ+REALM_SZ+2];
+
+ if(!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE))
+ return(KFAILURE);
+
+ if((strcmp(ad->pinst,"") && strcmp(ad->pinst,"root")) ||
+strcmp(ad->prealm,lrealm)) {
+ datum val;
+ datum key;
+ /*
+ * Non-local name (or) non-null and non-root instance.
+ * Look up in dbm file.
+ */
+ if (!aname) {
+ if ((aname = dbm_open("/etc/aname", O_RDONLY, 0))
+ == NULL) return (KFAILURE);
+ }
+ /* Construct dbm lookup key. */
+ an_to_a(ad, keyname);
+ key.dptr = keyname;
+ key.dsize = strlen(keyname)+1;
+ flock(dbm_dirfno(aname), LOCK_SH);
+ val = dbm_fetch(aname, key);
+ flock(dbm_dirfno(aname), LOCK_UN);
+ if (!val.dptr) {
+ dbm_close(aname);
+ return(KFAILURE);
+ }
+ /* Got it! */
+ strcpy(lname,val.dptr);
+ return(KSUCCESS);
+ } else strcpy(lname,ad->pname);
+ return(KSUCCESS);
+}
+
+an_to_a(ad, str)
+ AUTH_DAT *ad;
+ char *str;
+{
+ strcpy(str, ad->pname);
+ if(*ad->pinst) {
+ strcat(str, ".");
+ strcat(str, ad->pinst);
+ }
+ strcat(str, "@");
+ strcat(str, ad->prealm);
+}
+
+/*
+ * Parse a string of the form "user[.instance][@realm]"
+ * into a struct AUTH_DAT.
+ */
+
+a_to_an(str, ad)
+ AUTH_DAT *ad;
+ char *str;
+{
+ char *buf = (char *)malloc(strlen(str)+1);
+ char *rlm, *inst, *princ;
+
+ if(!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE)) {
+ free(buf);
+ return(KFAILURE);
+ }
+ /* destructive string hacking is more fun.. */
+ strcpy(buf, str);
+
+ if (rlm = index(buf, '@')) {
+ *rlm++ = '\0';
+ }
+ if (inst = index(buf, '.')) {
+ *inst++ = '\0';
+ }
+ strcpy(ad->pname, buf);
+ if(inst) strcpy(ad->pinst, inst);
+ else *ad->pinst = '\0';
+ if (rlm) strcpy(ad->prealm, rlm);
+ else strcpy(ad->prealm, lrealm);
+ free(buf);
+ return(KSUCCESS);
+}
+#endif
diff --git a/crypto/kerberosIV/lib/krb/krb.def b/crypto/kerberosIV/lib/krb/krb.def
new file mode 100644
index 0000000..da2e906
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/krb.def
@@ -0,0 +1,92 @@
+LIBRARY "krb" BASE=0x07000000
+
+DESCRIPTION "Dynamic link library for kerberos version 4"
+VERSION 1.0
+
+EXPORTS
+ krb_get_err_text
+
+ newTktMem
+ getTktMem
+ firstCred
+ nextCredIndex
+ currCredIndex
+ nextFreeIndex
+
+ k_flock
+ k_localtime
+ k_getsockinst
+ k_getportbyname
+ k_get_all_addrs
+
+ krb_equiv
+
+ afs_string_to_key
+
+ krb_life_to_time
+ krb_time_to_life
+ krb_life_to_atime
+ krb_atime_to_life
+
+ tf_get_cred
+ tf_get_pinst
+ tf_get_pname
+ tf_put_pinst
+ tf_put_pname
+ tf_init
+ tf_create
+ tf_save_cred
+ tf_close
+
+ krb_mk_priv
+ krb_rd_priv
+
+ create_auth_reply
+ krb_get_phost
+ krb_realmofhost
+ tkt_string
+ create_ciph
+ decomp_ticket
+ dest_tkt
+ get_ad_tkt
+ in_tkt
+ k_gethostname
+ k_isinst
+ k_isname
+ k_isrealm
+ kname_parse
+ krb_create_ticket
+ krb_get_admhst
+ krb_get_cred
+ krb_get_in_tkt
+ krb_get_krbhst
+ krb_get_lrealm
+ krb_get_default_realm
+ krb_get_pw_in_tkt
+ krb_get_svc_in_tkt
+ krb_get_tf_fullname
+ krb_get_tf_realm
+ krb_kntoln
+ krb_mk_req
+ krb_net_read
+ krb_net_write
+ krb_rd_err
+ krb_rd_req
+ krb_recvauth
+ krb_sendauth
+ krb_set_key
+ krb_set_lifetime
+ read_service_key
+ save_credentials
+ send_to_kdc
+ krb_mk_err
+ krb_mk_safe
+ krb_rd_safe
+ ad_print
+ cr_err_reply
+ krb_set_tkt_string
+ krb_get_default_principal
+ krb_realm_parse
+ krb_verify_user
+ kset_logfile
+ getst
diff --git a/crypto/kerberosIV/lib/krb/krb.h b/crypto/kerberosIV/lib/krb/krb.h
new file mode 100644
index 0000000..1ce349e
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/krb.h
@@ -0,0 +1,565 @@
+/*
+ * $Id: krb.h,v 1.76 1997/05/26 17:47:31 bg Exp $
+ *
+ * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * Include file for the Kerberos library.
+ */
+
+/* Only one time, please */
+#ifndef KRB_DEFS
+#define KRB_DEFS
+
+#include <ktypes.h>
+#include <sys/cdefs.h>
+#include <stdarg.h>
+#include <time.h>
+
+__BEGIN_DECLS
+
+#ifndef __P
+#define __P(x) x
+#endif
+
+/* Need some defs from des.h */
+#if !defined(NOPROTO) && !defined(__STDC__)
+#define NOPROTO
+#endif
+#include <des.h>
+
+/* Don't use these guys, they are only for compatibility with CNS. */
+#ifndef KRB_INT32
+#define KRB_INT32 int32_t
+#endif
+#ifndef KRB_UINT32
+#define KRB_UINT32 u_int32_t
+#endif
+
+/* Global library variables. */
+extern int krb_ignore_ip_address; /* To turn off IP address comparison */
+extern int krb_no_long_lifetimes; /* To disable AFS compatible lifetimes */
+extern int krbONE;
+#define HOST_BYTE_ORDER (* (char *) &krbONE)
+
+/* Text describing error codes */
+#define MAX_KRB_ERRORS 256
+extern const char *krb_err_txt[MAX_KRB_ERRORS];
+
+/* Use this function rather than indexing in krb_err_txt */
+const char *krb_get_err_text __P((int code));
+
+
+/* General definitions */
+#define KSUCCESS 0
+#define KFAILURE 255
+
+/*
+ * Kerberos specific definitions
+ *
+ * KRBLOG is the log file for the kerberos master server. KRB_CONF is
+ * the configuration file where different host machines running master
+ * and slave servers can be found. KRB_MASTER is the name of the
+ * machine with the master database. The admin_server runs on this
+ * machine, and all changes to the db (as opposed to read-only
+ * requests, which can go to slaves) must go to it. KRB_HOST is the
+ * default machine * when looking for a kerberos slave server. Other
+ * possibilities are * in the KRB_CONF file. KRB_REALM is the name of
+ * the realm.
+ */
+
+/* /etc/kerberosIV is only for backwards compatibility, don't use it! */
+#ifndef KRB_CONF
+#define KRB_CONF "/etc/krb.conf"
+#endif
+#ifndef KRB_RLM_TRANS
+#define KRB_RLM_TRANS "/etc/krb.realms"
+#endif
+#ifndef KRB_CNF_FILES
+#define KRB_CNF_FILES { KRB_CONF, "/etc/kerberosIV/krb.conf", 0}
+#endif
+#ifndef KRB_RLM_FILES
+#define KRB_RLM_FILES { KRB_RLM_TRANS, "/etc/kerberosIV/krb.realms", 0}
+#endif
+#ifndef KRB_EQUIV
+#define KRB_EQUIV "/etc/krb.equiv"
+#endif
+#define KRB_MASTER "kerberos"
+#ifndef KRB_REALM
+#define KRB_REALM (krb_get_default_realm())
+#endif
+
+/* The maximum sizes for aname, realm, sname, and instance +1 */
+#define ANAME_SZ 40
+#define REALM_SZ 40
+#define SNAME_SZ 40
+#define INST_SZ 40
+/* Leave space for quoting */
+#define MAX_K_NAME_SZ (2*ANAME_SZ + 2*INST_SZ + 2*REALM_SZ - 3)
+#define KKEY_SZ 100
+#define VERSION_SZ 1
+#define MSG_TYPE_SZ 1
+#define DATE_SZ 26 /* RTI date output */
+
+#define MAX_HSTNM 100 /* for compatibility */
+
+typedef struct krb_principal{
+ char name[ANAME_SZ];
+ char instance[INST_SZ];
+ char realm[REALM_SZ];
+}krb_principal;
+
+#ifndef DEFAULT_TKT_LIFE /* allow compile-time override */
+/* default lifetime for krb_mk_req & co., 10 hrs */
+#define DEFAULT_TKT_LIFE 120
+#endif
+
+#define KRB_TICKET_GRANTING_TICKET "krbtgt"
+
+/* Definition of text structure used to pass text around */
+#define MAX_KTXT_LEN 1250
+
+struct ktext {
+ unsigned int length; /* Length of the text */
+ unsigned char dat[MAX_KTXT_LEN]; /* The data itself */
+ u_int32_t mbz; /* zero to catch runaway strings */
+};
+
+typedef struct ktext *KTEXT;
+typedef struct ktext KTEXT_ST;
+
+
+/* Definitions for send_to_kdc */
+#define CLIENT_KRB_TIMEOUT 4 /* time between retries */
+#define CLIENT_KRB_RETRY 5 /* retry this many times */
+#define CLIENT_KRB_BUFLEN 512 /* max unfragmented packet */
+
+/* Definitions for ticket file utilities */
+#define R_TKT_FIL 0
+#define W_TKT_FIL 1
+
+/* Parameters for rd_ap_req */
+/* Maximum alloable clock skew in seconds */
+#define CLOCK_SKEW 5*60
+/* Filename for readservkey */
+#ifndef KEYFILE
+#define KEYFILE "/etc/srvtab"
+#endif
+
+/* Structure definition for rd_ap_req */
+
+struct auth_dat {
+ unsigned char k_flags; /* Flags from ticket */
+ char pname[ANAME_SZ]; /* Principal's name */
+ char pinst[INST_SZ]; /* His Instance */
+ char prealm[REALM_SZ]; /* His Realm */
+ u_int32_t checksum; /* Data checksum (opt) */
+ des_cblock session; /* Session Key */
+ int life; /* Life of ticket */
+ u_int32_t time_sec; /* Time ticket issued */
+ u_int32_t address; /* Address in ticket */
+ KTEXT_ST reply; /* Auth reply (opt) */
+};
+
+typedef struct auth_dat AUTH_DAT;
+
+/* Structure definition for credentials returned by get_cred */
+
+struct credentials {
+ char service[ANAME_SZ]; /* Service name */
+ char instance[INST_SZ]; /* Instance */
+ char realm[REALM_SZ]; /* Auth domain */
+ des_cblock session; /* Session key */
+ int lifetime; /* Lifetime */
+ int kvno; /* Key version number */
+ KTEXT_ST ticket_st; /* The ticket itself */
+ int32_t issue_date; /* The issue time */
+ char pname[ANAME_SZ]; /* Principal's name */
+ char pinst[INST_SZ]; /* Principal's instance */
+};
+
+typedef struct credentials CREDENTIALS;
+
+/* Structure definition for rd_private_msg and rd_safe_msg */
+
+struct msg_dat {
+ unsigned char *app_data; /* pointer to appl data */
+ u_int32_t app_length; /* length of appl data */
+ u_int32_t hash; /* hash to lookup replay */
+ int swap; /* swap bytes? */
+ int32_t time_sec; /* msg timestamp seconds */
+ unsigned char time_5ms; /* msg timestamp 5ms units */
+};
+
+typedef struct msg_dat MSG_DAT;
+
+struct krb_host {
+ char *realm;
+ char *host;
+ int proto;
+ int port;
+ int admin;
+};
+
+struct krb_host *krb_get_host __P((int, char*, int));
+
+
+/* Location of ticket file for save_cred and get_cred */
+#define TKT_FILE tkt_string()
+#define TKT_ROOT "/tmp/tkt"
+
+/* Error codes returned from the KDC */
+#define KDC_OK 0 /* Request OK */
+#define KDC_NAME_EXP 1 /* Principal expired */
+#define KDC_SERVICE_EXP 2 /* Service expired */
+#define KDC_AUTH_EXP 3 /* Auth expired */
+#define KDC_PKT_VER 4 /* Protocol version unknown */
+#define KDC_P_MKEY_VER 5 /* Wrong master key version */
+#define KDC_S_MKEY_VER 6 /* Wrong master key version */
+#define KDC_BYTE_ORDER 7 /* Byte order unknown */
+#define KDC_PR_UNKNOWN 8 /* Principal unknown */
+#define KDC_PR_N_UNIQUE 9 /* Principal not unique */
+#define KDC_NULL_KEY 10 /* Principal has null key */
+#define KDC_GEN_ERR 20 /* Generic error from KDC */
+
+
+/* Values returned by get_credentials */
+#define GC_OK 0 /* Retrieve OK */
+#define RET_OK 0 /* Retrieve OK */
+#define GC_TKFIL 21 /* Can't read ticket file */
+#define RET_TKFIL 21 /* Can't read ticket file */
+#define GC_NOTKT 22 /* Can't find ticket or TGT */
+#define RET_NOTKT 22 /* Can't find ticket or TGT */
+
+
+/* Values returned by mk_ap_req */
+#define MK_AP_OK 0 /* Success */
+#define MK_AP_TGTEXP 26 /* TGT Expired */
+
+/* Values returned by rd_ap_req */
+#define RD_AP_OK 0 /* Request authentic */
+#define RD_AP_UNDEC 31 /* Can't decode authenticator */
+#define RD_AP_EXP 32 /* Ticket expired */
+#define RD_AP_NYV 33 /* Ticket not yet valid */
+#define RD_AP_REPEAT 34 /* Repeated request */
+#define RD_AP_NOT_US 35 /* The ticket isn't for us */
+#define RD_AP_INCON 36 /* Request is inconsistent */
+#define RD_AP_TIME 37 /* delta_t too big */
+#define RD_AP_BADD 38 /* Incorrect net address */
+#define RD_AP_VERSION 39 /* protocol version mismatch */
+#define RD_AP_MSG_TYPE 40 /* invalid msg type */
+#define RD_AP_MODIFIED 41 /* message stream modified */
+#define RD_AP_ORDER 42 /* message out of order */
+#define RD_AP_UNAUTHOR 43 /* unauthorized request */
+
+/* Values returned by get_pw_tkt */
+#define GT_PW_OK 0 /* Got password changing tkt */
+#define GT_PW_NULL 51 /* Current PW is null */
+#define GT_PW_BADPW 52 /* Incorrect current password */
+#define GT_PW_PROT 53 /* Protocol Error */
+#define GT_PW_KDCERR 54 /* Error returned by KDC */
+#define GT_PW_NULLTKT 55 /* Null tkt returned by KDC */
+
+
+/* Values returned by send_to_kdc */
+#define SKDC_OK 0 /* Response received */
+#define SKDC_RETRY 56 /* Retry count exceeded */
+#define SKDC_CANT 57 /* Can't send request */
+
+/*
+ * Values returned by get_intkt
+ * (can also return SKDC_* and KDC errors)
+ */
+
+#define INTK_OK 0 /* Ticket obtained */
+#define INTK_W_NOTALL 61 /* Not ALL tickets returned */
+#define INTK_BADPW 62 /* Incorrect password */
+#define INTK_PROT 63 /* Protocol Error */
+#define INTK_ERR 70 /* Other error */
+
+/* Values returned by get_adtkt */
+#define AD_OK 0 /* Ticket Obtained */
+#define AD_NOTGT 71 /* Don't have tgt */
+#define AD_INTR_RLM_NOTGT 72 /* Can't get inter-realm tgt */
+
+/* Error codes returned by ticket file utilities */
+#define NO_TKT_FIL 76 /* No ticket file found */
+#define TKT_FIL_ACC 77 /* Couldn't access tkt file */
+#define TKT_FIL_LCK 78 /* Couldn't lock ticket file */
+#define TKT_FIL_FMT 79 /* Bad ticket file format */
+#define TKT_FIL_INI 80 /* tf_init not called first */
+
+/* Error code returned by kparse_name */
+#define KNAME_FMT 81 /* Bad Kerberos name format */
+
+/* Error code returned by krb_mk_safe */
+#define SAFE_PRIV_ERROR -1 /* syscall error */
+
+/*
+ * macros for byte swapping; also scratch space
+ * u_quad 0-->7, 1-->6, 2-->5, 3-->4, 4-->3, 5-->2, 6-->1, 7-->0
+ * u_int32_t 0-->3, 1-->2, 2-->1, 3-->0
+ * u_int16_t 0-->1, 1-->0
+ */
+
+#define swap_u_16(x) {\
+ u_int32_t _krb_swap_tmp[4];\
+ swab(((char *) x) +0, ((char *) _krb_swap_tmp) +14 ,2); \
+ swab(((char *) x) +2, ((char *) _krb_swap_tmp) +12 ,2); \
+ swab(((char *) x) +4, ((char *) _krb_swap_tmp) +10 ,2); \
+ swab(((char *) x) +6, ((char *) _krb_swap_tmp) +8 ,2); \
+ swab(((char *) x) +8, ((char *) _krb_swap_tmp) +6 ,2); \
+ swab(((char *) x) +10,((char *) _krb_swap_tmp) +4 ,2); \
+ swab(((char *) x) +12,((char *) _krb_swap_tmp) +2 ,2); \
+ swab(((char *) x) +14,((char *) _krb_swap_tmp) +0 ,2); \
+ memcpy(x, _krb_swap_tmp, 16);\
+ }
+
+#define swap_u_12(x) {\
+ u_int32_t _krb_swap_tmp[4];\
+ swab(( char *) x, ((char *) _krb_swap_tmp) +10 ,2); \
+ swab(((char *) x) +2, ((char *) _krb_swap_tmp) +8 ,2); \
+ swab(((char *) x) +4, ((char *) _krb_swap_tmp) +6 ,2); \
+ swab(((char *) x) +6, ((char *) _krb_swap_tmp) +4 ,2); \
+ swab(((char *) x) +8, ((char *) _krb_swap_tmp) +2 ,2); \
+ swab(((char *) x) +10,((char *) _krb_swap_tmp) +0 ,2); \
+ memcpy(x, _krb_swap_tmp, 12);\
+ }
+
+#define swap_C_Block(x) {\
+ u_int32_t _krb_swap_tmp[4];\
+ swab(( char *) x, ((char *) _krb_swap_tmp) +6 ,2); \
+ swab(((char *) x) +2,((char *) _krb_swap_tmp) +4 ,2); \
+ swab(((char *) x) +4,((char *) _krb_swap_tmp) +2 ,2); \
+ swab(((char *) x) +6,((char *) _krb_swap_tmp) ,2); \
+ memcpy(x, _krb_swap_tmp, 8);\
+ }
+#define swap_u_quad(x) {\
+ u_int32_t _krb_swap_tmp[4];\
+ swab(( char *) &x, ((char *) _krb_swap_tmp) +6 ,2); \
+ swab(((char *) &x) +2,((char *) _krb_swap_tmp) +4 ,2); \
+ swab(((char *) &x) +4,((char *) _krb_swap_tmp) +2 ,2); \
+ swab(((char *) &x) +6,((char *) _krb_swap_tmp) ,2); \
+ memcpy(x, _krb_swap_tmp, 8);\
+ }
+
+#define swap_u_long(x) {\
+ u_int32_t _krb_swap_tmp[4];\
+ swab((char *) &x, ((char *) _krb_swap_tmp) +2 ,2); \
+ swab(((char *) &x) +2,((char *) _krb_swap_tmp),2); \
+ x = _krb_swap_tmp[0]; \
+ }
+
+#define swap_u_short(x) {\
+ u_int16_t _krb_swap_sh_tmp; \
+ swab((char *) &x, ( &_krb_swap_sh_tmp) ,2); \
+ x = (u_int16_t) _krb_swap_sh_tmp; \
+ }
+/* Kerberos ticket flag field bit definitions */
+#define K_FLAG_ORDER 0 /* bit 0 --> lsb */
+#define K_FLAG_1 /* reserved */
+#define K_FLAG_2 /* reserved */
+#define K_FLAG_3 /* reserved */
+#define K_FLAG_4 /* reserved */
+#define K_FLAG_5 /* reserved */
+#define K_FLAG_6 /* reserved */
+#define K_FLAG_7 /* reserved, bit 7 --> msb */
+
+/* Defines for krb_sendauth and krb_recvauth */
+
+#define KOPT_DONT_MK_REQ 0x00000001 /* don't call krb_mk_req */
+#define KOPT_DO_MUTUAL 0x00000002 /* do mutual auth */
+
+#define KOPT_DONT_CANON 0x00000004 /*
+ * don't canonicalize inst as
+ * a hostname
+ */
+
+#define KRB_SENDAUTH_VLEN 8 /* length for version strings */
+
+
+/* File locking */
+#define K_LOCK_SH 1 /* Shared lock */
+#define K_LOCK_EX 2 /* Exclusive lock */
+#define K_LOCK_NB 4 /* Don't block when locking */
+#define K_LOCK_UN 8 /* Unlock */
+int k_flock __P((int fd, int operation));
+struct tm *k_localtime __P((u_int32_t *));
+int k_getsockinst __P((int fd, char *inst, size_t));
+int k_getportbyname __P((const char *service, const char *proto, int default_port));
+
+extern char *krb4_version;
+
+struct in_addr;
+
+int k_get_all_addrs __P((struct in_addr **l));
+
+/* Host address comparison */
+int krb_equiv __P((u_int32_t, u_int32_t));
+
+/* Password conversion */
+void mit_string_to_key __P((char *str, char *cell, des_cblock *key));
+void afs_string_to_key __P((char *str, char *cell, des_cblock *key));
+
+/* Lifetime conversion */
+u_int32_t krb_life_to_time __P((u_int32_t start, int life));
+int krb_time_to_life __P((u_int32_t start, u_int32_t end));
+char *krb_life_to_atime __P((int life));
+int krb_atime_to_life __P((char *atime));
+
+/* Ticket manipulation */
+int tf_get_cred __P((CREDENTIALS *));
+int tf_get_pinst __P((char *));
+int tf_get_pname __P((char *));
+int tf_put_pinst __P((char *));
+int tf_put_pname __P((char *));
+int tf_init __P((char *, int));
+int tf_create __P((char *));
+int tf_save_cred __P((char *, char *, char *, unsigned char *, int , int , KTEXT ticket, u_int32_t));
+void tf_close __P((void));
+int tf_setup __P((CREDENTIALS *cred, char *pname, char *pinst));
+
+/* Private communication */
+
+struct sockaddr_in;
+
+int32_t krb_mk_priv __P((void *, void *, u_int32_t, struct des_ks_struct *, des_cblock *, struct sockaddr_in *, struct sockaddr_in *));
+int32_t krb_rd_priv __P((void *, u_int32_t, struct des_ks_struct *, des_cblock *, struct sockaddr_in *, struct sockaddr_in *, MSG_DAT *));
+
+/* Misc */
+KTEXT create_auth_reply __P((char *, char *, char *, int32_t, int, u_int32_t, int, KTEXT));
+
+char *krb_get_phost __P((const char *));
+char *krb_realmofhost __P((const char *));
+char *tkt_string __P((void));
+
+int create_ciph __P((KTEXT, unsigned char *, char *, char *, char *, u_int32_t, int, KTEXT, u_int32_t, des_cblock *));
+int decomp_ticket __P((KTEXT, unsigned char *, char *, char *, char *, u_int32_t *, unsigned char *, int *, u_int32_t *, char *, char *, des_cblock *, struct des_ks_struct *));
+int dest_tkt __P((void));
+int get_ad_tkt __P((char *, char *, char *, int));
+int get_pw_tkt __P((char *, char *, char *, char *));
+int get_request __P((KTEXT, int, char **, char **));
+int in_tkt __P((char *, char *));
+int k_gethostname __P((char *, int ));
+int k_isinst __P((char *));
+int k_isname __P((char *));
+int k_isrealm __P((char *));
+int kname_parse __P((char *, char *, char *, char *));
+int krb_parse_name __P((const char*, krb_principal*));
+char *krb_unparse_name __P((krb_principal*));
+char *krb_unparse_name_r __P((krb_principal*, char*));
+char *krb_unparse_name_long __P((char*, char*, char*));
+char *krb_unparse_name_long_r __P((char *name, char *instance, char *realm, char *fullname));
+int krb_create_ticket __P((KTEXT, unsigned char, char *, char *, char *, int32_t, void *, int16_t, int32_t, char *, char *, des_cblock *));
+int krb_get_admhst __P((char *, char *, int));
+int krb_get_cred __P((char *, char *, char *, CREDENTIALS *));
+
+typedef int (*key_proc_t) __P((char*, char*, char*, void*, des_cblock*));
+
+typedef int (*decrypt_proc_t) __P((char*, char*, char*, void*,
+ key_proc_t, KTEXT*));
+
+int krb_get_in_tkt __P((char*, char*, char*, char*, char*, int, key_proc_t,
+ decrypt_proc_t, void*));
+
+int srvtab_to_key __P((char *, char *, char *, void *, des_cblock *));
+int passwd_to_key __P((char *, char *, char *, void *, des_cblock *));
+int passwd_to_afskey __P((char *, char *, char *, void *, des_cblock *));
+
+int krb_get_krbhst __P((char *, char *, int));
+int krb_get_lrealm __P((char *, int));
+char *krb_get_default_realm __P((void));
+int krb_get_pw_in_tkt __P((char *, char *, char *, char *, char *, int, char *));
+int krb_get_svc_in_tkt __P((char *, char *, char *, char *, char *, int, char *));
+int krb_get_tf_fullname __P((char *, char *, char *, char *));
+int krb_get_tf_realm __P((char *, char *));
+int krb_kntoln __P((AUTH_DAT *, char *));
+int krb_mk_req __P((KTEXT , char *, char *, char *, int32_t));
+int krb_net_read __P((int , void *, size_t));
+int krb_net_write __P((int , const void *, size_t));
+int krb_rd_err __P((u_char *, u_int32_t, int32_t *, MSG_DAT *));
+int krb_rd_req __P((KTEXT , char *, char *, int32_t, AUTH_DAT *, char *));
+int krb_recvauth __P((int32_t, int, KTEXT, char *, char *, struct sockaddr_in *, struct sockaddr_in *, AUTH_DAT *, char *, struct des_ks_struct *, char *));
+int krb_sendauth __P((int32_t, int, KTEXT, char *,char *, char *, u_int32_t, MSG_DAT *, CREDENTIALS *, struct des_ks_struct *, struct sockaddr_in *, struct sockaddr_in *, char *));
+int krb_mk_auth __P((int32_t, KTEXT, char *, char *, char *, u_int32_t, char *, KTEXT));
+int krb_check_auth __P((KTEXT, u_int32_t, MSG_DAT *, des_cblock *, struct des_ks_struct *, struct sockaddr_in *, struct sockaddr_in *));
+int krb_set_key __P((void *, int));
+int krb_set_lifetime __P((int));
+int krb_kuserok __P((char *name, char *inst, char *realm, char *luser));
+int kuserok __P((AUTH_DAT *, char *));
+int read_service_key __P((char *, char *, char *, int , char *, char *));
+int save_credentials __P((char *, char *, char *, unsigned char *, int , int , KTEXT , int32_t));
+int send_to_kdc __P((KTEXT , KTEXT , char *));
+
+int32_t krb_mk_err __P((u_char *, int32_t, char *));
+int32_t krb_mk_safe __P((void *, void *, u_int32_t, des_cblock *, struct sockaddr_in *, struct sockaddr_in *));
+int32_t krb_rd_safe __P((void *, u_int32_t, des_cblock *, struct sockaddr_in *, struct sockaddr_in *, MSG_DAT *));
+
+void ad_print __P((AUTH_DAT *));
+void cr_err_reply __P((KTEXT, char *, char *, char *, u_int32_t, u_int32_t, char *));
+void extract_ticket __P((KTEXT, int, char *, int *, int *, char *, KTEXT));
+void krb_set_tkt_string __P((char *));
+
+int krb_get_default_principal __P((char *, char *, char *));
+int krb_realm_parse __P((char *, int));
+int krb_verify_user __P((char*, char*, char*, char*, int, char *));
+
+/* logging.c */
+
+typedef int (*krb_log_func_t)(FILE *, const char *, va_list);
+
+typedef krb_log_func_t krb_warnfn_t;
+
+struct krb_log_facility;
+
+int krb_vlogger __P((struct krb_log_facility*, const char *, va_list))
+#ifdef __GNUC__
+__attribute__ ((format (printf, 2, 0)))
+#endif
+;
+int krb_logger __P((struct krb_log_facility*, const char *, ...))
+#ifdef __GNUC__
+__attribute__ ((format (printf, 2, 3)))
+#endif
+;
+int krb_openlog __P((struct krb_log_facility*, char*, FILE*, krb_log_func_t));
+
+void krb_set_warnfn __P((krb_warnfn_t));
+krb_warnfn_t krb_get_warnfn __P((void));
+void krb_warning __P((const char*, ...))
+#ifdef __GNUC__
+__attribute__ ((format (printf, 1, 2)))
+#endif
+;
+
+void kset_logfile __P((char*));
+void krb_log __P((const char*, ...))
+#ifdef __GNUC__
+__attribute__ ((format (printf, 1, 2)))
+#endif
+;
+char *klog __P((int, const char*, ...))
+#ifdef __GNUC__
+__attribute__ ((format (printf, 2, 3)))
+#endif
+;
+
+int getst __P((int, char *, int));
+const char *month_sname __P((int));
+const char *krb_stime __P((time_t *));
+int krb_check_tm __P((struct tm));
+
+int krb_get_int __P((void *from, u_int32_t *to, int size, int lsb));
+int krb_put_int __P((u_int32_t from, void *to, int size));
+int krb_get_address __P((void *from, u_int32_t *to));
+int krb_put_address __P((u_int32_t addr, void *to));
+int krb_put_string __P((char *from, void *to));
+int krb_get_string __P((void *from, char *to));
+int krb_get_nir __P((void *from, char *name, char *instance, char *realm));
+int krb_put_nir __P((char *name, char *instance, char *realm, void *to));
+
+__END_DECLS
+
+#endif /* KRB_DEFS */
diff --git a/crypto/kerberosIV/lib/krb/krb.mak b/crypto/kerberosIV/lib/krb/krb.mak
new file mode 100644
index 0000000..1236261
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/krb.mak
@@ -0,0 +1,3065 @@
+# Microsoft Developer Studio Generated NMAKE File, Format Version 4.10
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+!IF "$(CFG)" == ""
+CFG=krb - Win32 Debug
+!MESSAGE No configuration specified. Defaulting to krb - Win32 Debug.
+!ENDIF
+
+!IF "$(CFG)" != "krb - Win32 Release" && "$(CFG)" != "krb - Win32 Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE on this makefile
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "krb.mak" CFG="krb - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "krb - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "krb - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE
+!ERROR An invalid configuration is specified.
+!ENDIF
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE
+NULL=nul
+!ENDIF
+################################################################################
+# Begin Project
+# PROP Target_Last_Scanned "krb - Win32 Debug"
+RSC=rc.exe
+MTL=mktyplib.exe
+CPP=cl.exe
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Target_Dir ""
+OUTDIR=.\Release
+INTDIR=.\Release
+
+ALL : ".\Release\krb.dll"
+
+CLEAN :
+ -@erase ".\Release\cr_err_reply.obj"
+ -@erase ".\Release\create_auth_reply.obj"
+ -@erase ".\Release\create_ciph.obj"
+ -@erase ".\Release\create_ticket.obj"
+ -@erase ".\Release\debug_decl.obj"
+ -@erase ".\Release\decomp_ticket.obj"
+ -@erase ".\Release\dllmain.obj"
+ -@erase ".\Release\encrypt_ktext.obj"
+ -@erase ".\Release\et_list.obj"
+ -@erase ".\Release\get_ad_tkt.obj"
+ -@erase ".\Release\get_cred.obj"
+ -@erase ".\Release\get_default_principal.obj"
+ -@erase ".\Release\get_host.obj"
+ -@erase ".\Release\get_in_tkt.obj"
+ -@erase ".\Release\get_krbrlm.obj"
+ -@erase ".\Release\get_phost.obj"
+ -@erase ".\Release\get_svc_in_tkt.obj"
+ -@erase ".\Release\get_tf_fullname.obj"
+ -@erase ".\Release\get_tf_realm.obj"
+ -@erase ".\Release\getaddrs.obj"
+ -@erase ".\Release\getrealm.obj"
+ -@erase ".\Release\getst.obj"
+ -@erase ".\Release\k_flock.obj"
+ -@erase ".\Release\k_gethostname.obj"
+ -@erase ".\Release\k_getport.obj"
+ -@erase ".\Release\k_getsockinst.obj"
+ -@erase ".\Release\k_localtime.obj"
+ -@erase ".\Release\kdc_reply.obj"
+ -@erase ".\Release\kntoln.obj"
+ -@erase ".\Release\krb.dll"
+ -@erase ".\Release\krb.exp"
+ -@erase ".\Release\krb.lib"
+ -@erase ".\Release\krb_check_auth.obj"
+ -@erase ".\Release\krb_equiv.obj"
+ -@erase ".\Release\krb_err_txt.obj"
+ -@erase ".\Release\krb_get_in_tkt.obj"
+ -@erase ".\Release\lifetime.obj"
+ -@erase ".\Release\logging.obj"
+ -@erase ".\Release\lsb_addr_comp.obj"
+ -@erase ".\Release\mk_auth.obj"
+ -@erase ".\Release\mk_err.obj"
+ -@erase ".\Release\mk_priv.obj"
+ -@erase ".\Release\mk_req.obj"
+ -@erase ".\Release\mk_safe.obj"
+ -@erase ".\Release\month_sname.obj"
+ -@erase ".\Release\name2name.obj"
+ -@erase ".\Release\netread.obj"
+ -@erase ".\Release\netwrite.obj"
+ -@erase ".\Release\one.obj"
+ -@erase ".\Release\parse_name.obj"
+ -@erase ".\Release\rd_err.obj"
+ -@erase ".\Release\rd_priv.obj"
+ -@erase ".\Release\rd_req.obj"
+ -@erase ".\Release\rd_safe.obj"
+ -@erase ".\Release\read_service_key.obj"
+ -@erase ".\Release\realm_parse.obj"
+ -@erase ".\Release\recvauth.obj"
+ -@erase ".\Release\resolve.obj"
+ -@erase ".\Release\rw.obj"
+ -@erase ".\Release\save_credentials.obj"
+ -@erase ".\Release\send_to_kdc.obj"
+ -@erase ".\Release\sendauth.obj"
+ -@erase ".\Release\stime.obj"
+ -@erase ".\Release\str2key.obj"
+ -@erase ".\Release\swab.obj"
+ -@erase ".\Release\ticket_memory.obj"
+ -@erase ".\Release\tkt_string.obj"
+ -@erase ".\Release\unparse_name.obj"
+ -@erase ".\Release\util.obj"
+ -@erase ".\Release\verify_user.obj"
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /YX /c
+# ADD CPP /nologo /MT /W3 /GX /O2 /I "." /I "..\..\include" /I "..\..\include\win32" /I "..\des" /I "..\roken" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /c
+CPP_PROJ=/nologo /MT /W3 /GX /O2 /I "." /I "..\..\include" /I\
+ "..\..\include\win32" /I "..\des" /I "..\roken" /D "NDEBUG" /D "WIN32" /D\
+ "_WINDOWS" /D "HAVE_CONFIG_H" /Fp"$(INTDIR)/krb.pch" /YX /Fo"$(INTDIR)/" /c
+CPP_OBJS=.\Release/
+CPP_SBRS=.\.
+# ADD BASE MTL /nologo /D "NDEBUG" /win32
+# ADD MTL /nologo /D "NDEBUG" /win32
+MTL_PROJ=/nologo /D "NDEBUG" /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+BSC32_FLAGS=/nologo /o"$(OUTDIR)/krb.bsc"
+BSC32_SBRS= \
+
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386
+# ADD LINK32 ..\roken\Release\roken.lib ..\des\Release\des.lib wsock32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386
+LINK32_FLAGS=..\roken\Release\roken.lib ..\des\Release\des.lib wsock32.lib\
+ kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib\
+ shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo\
+ /subsystem:windows /dll /incremental:no /pdb:"$(OUTDIR)/krb.pdb" /machine:I386\
+ /def:".\krb.def" /out:"$(OUTDIR)/krb.dll" /implib:"$(OUTDIR)/krb.lib"
+DEF_FILE= \
+ ".\krb.def"
+LINK32_OBJS= \
+ ".\Release\cr_err_reply.obj" \
+ ".\Release\create_auth_reply.obj" \
+ ".\Release\create_ciph.obj" \
+ ".\Release\create_ticket.obj" \
+ ".\Release\debug_decl.obj" \
+ ".\Release\decomp_ticket.obj" \
+ ".\Release\dllmain.obj" \
+ ".\Release\encrypt_ktext.obj" \
+ ".\Release\et_list.obj" \
+ ".\Release\get_ad_tkt.obj" \
+ ".\Release\get_cred.obj" \
+ ".\Release\get_default_principal.obj" \
+ ".\Release\get_host.obj" \
+ ".\Release\get_in_tkt.obj" \
+ ".\Release\get_krbrlm.obj" \
+ ".\Release\get_phost.obj" \
+ ".\Release\get_svc_in_tkt.obj" \
+ ".\Release\get_tf_fullname.obj" \
+ ".\Release\get_tf_realm.obj" \
+ ".\Release\getaddrs.obj" \
+ ".\Release\getrealm.obj" \
+ ".\Release\getst.obj" \
+ ".\Release\k_flock.obj" \
+ ".\Release\k_gethostname.obj" \
+ ".\Release\k_getport.obj" \
+ ".\Release\k_getsockinst.obj" \
+ ".\Release\k_localtime.obj" \
+ ".\Release\kdc_reply.obj" \
+ ".\Release\kntoln.obj" \
+ ".\Release\krb_check_auth.obj" \
+ ".\Release\krb_equiv.obj" \
+ ".\Release\krb_err_txt.obj" \
+ ".\Release\krb_get_in_tkt.obj" \
+ ".\Release\lifetime.obj" \
+ ".\Release\logging.obj" \
+ ".\Release\lsb_addr_comp.obj" \
+ ".\Release\mk_auth.obj" \
+ ".\Release\mk_err.obj" \
+ ".\Release\mk_priv.obj" \
+ ".\Release\mk_req.obj" \
+ ".\Release\mk_safe.obj" \
+ ".\Release\month_sname.obj" \
+ ".\Release\name2name.obj" \
+ ".\Release\netread.obj" \
+ ".\Release\netwrite.obj" \
+ ".\Release\one.obj" \
+ ".\Release\parse_name.obj" \
+ ".\Release\rd_err.obj" \
+ ".\Release\rd_priv.obj" \
+ ".\Release\rd_req.obj" \
+ ".\Release\rd_safe.obj" \
+ ".\Release\read_service_key.obj" \
+ ".\Release\realm_parse.obj" \
+ ".\Release\recvauth.obj" \
+ ".\Release\resolve.obj" \
+ ".\Release\rw.obj" \
+ ".\Release\save_credentials.obj" \
+ ".\Release\send_to_kdc.obj" \
+ ".\Release\sendauth.obj" \
+ ".\Release\stime.obj" \
+ ".\Release\str2key.obj" \
+ ".\Release\swab.obj" \
+ ".\Release\ticket_memory.obj" \
+ ".\Release\tkt_string.obj" \
+ ".\Release\unparse_name.obj" \
+ ".\Release\util.obj" \
+ ".\Release\verify_user.obj"
+
+".\Release\krb.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Target_Dir ""
+OUTDIR=.\Debug
+INTDIR=.\Debug
+
+ALL : ".\Debug\krb.dll"
+
+CLEAN :
+ -@erase ".\Debug\cr_err_reply.obj"
+ -@erase ".\Debug\create_auth_reply.obj"
+ -@erase ".\Debug\create_ciph.obj"
+ -@erase ".\Debug\create_ticket.obj"
+ -@erase ".\Debug\debug_decl.obj"
+ -@erase ".\Debug\decomp_ticket.obj"
+ -@erase ".\Debug\dllmain.obj"
+ -@erase ".\Debug\encrypt_ktext.obj"
+ -@erase ".\Debug\et_list.obj"
+ -@erase ".\Debug\get_ad_tkt.obj"
+ -@erase ".\Debug\get_cred.obj"
+ -@erase ".\Debug\get_default_principal.obj"
+ -@erase ".\Debug\get_host.obj"
+ -@erase ".\Debug\get_in_tkt.obj"
+ -@erase ".\Debug\get_krbrlm.obj"
+ -@erase ".\Debug\get_phost.obj"
+ -@erase ".\Debug\get_svc_in_tkt.obj"
+ -@erase ".\Debug\get_tf_fullname.obj"
+ -@erase ".\Debug\get_tf_realm.obj"
+ -@erase ".\Debug\getaddrs.obj"
+ -@erase ".\Debug\getrealm.obj"
+ -@erase ".\Debug\getst.obj"
+ -@erase ".\Debug\k_flock.obj"
+ -@erase ".\Debug\k_gethostname.obj"
+ -@erase ".\Debug\k_getport.obj"
+ -@erase ".\Debug\k_getsockinst.obj"
+ -@erase ".\Debug\k_localtime.obj"
+ -@erase ".\Debug\kdc_reply.obj"
+ -@erase ".\Debug\kntoln.obj"
+ -@erase ".\Debug\krb.dll"
+ -@erase ".\Debug\krb.exp"
+ -@erase ".\Debug\krb.ilk"
+ -@erase ".\Debug\krb.lib"
+ -@erase ".\Debug\krb.pdb"
+ -@erase ".\Debug\krb_check_auth.obj"
+ -@erase ".\Debug\krb_equiv.obj"
+ -@erase ".\Debug\krb_err_txt.obj"
+ -@erase ".\Debug\krb_get_in_tkt.obj"
+ -@erase ".\Debug\lifetime.obj"
+ -@erase ".\Debug\logging.obj"
+ -@erase ".\Debug\lsb_addr_comp.obj"
+ -@erase ".\Debug\mk_auth.obj"
+ -@erase ".\Debug\mk_err.obj"
+ -@erase ".\Debug\mk_priv.obj"
+ -@erase ".\Debug\mk_req.obj"
+ -@erase ".\Debug\mk_safe.obj"
+ -@erase ".\Debug\month_sname.obj"
+ -@erase ".\Debug\name2name.obj"
+ -@erase ".\Debug\netread.obj"
+ -@erase ".\Debug\netwrite.obj"
+ -@erase ".\Debug\one.obj"
+ -@erase ".\Debug\parse_name.obj"
+ -@erase ".\Debug\rd_err.obj"
+ -@erase ".\Debug\rd_priv.obj"
+ -@erase ".\Debug\rd_req.obj"
+ -@erase ".\Debug\rd_safe.obj"
+ -@erase ".\Debug\read_service_key.obj"
+ -@erase ".\Debug\realm_parse.obj"
+ -@erase ".\Debug\recvauth.obj"
+ -@erase ".\Debug\resolve.obj"
+ -@erase ".\Debug\rw.obj"
+ -@erase ".\Debug\save_credentials.obj"
+ -@erase ".\Debug\send_to_kdc.obj"
+ -@erase ".\Debug\sendauth.obj"
+ -@erase ".\Debug\stime.obj"
+ -@erase ".\Debug\str2key.obj"
+ -@erase ".\Debug\swab.obj"
+ -@erase ".\Debug\ticket_memory.obj"
+ -@erase ".\Debug\tkt_string.obj"
+ -@erase ".\Debug\unparse_name.obj"
+ -@erase ".\Debug\util.obj"
+ -@erase ".\Debug\vc40.idb"
+ -@erase ".\Debug\vc40.pdb"
+ -@erase ".\Debug\verify_user.obj"
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /YX /c
+# ADD CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /I "." /I "..\..\include" /I "..\..\include\win32" /I "..\des" /I "..\roken" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /c
+CPP_PROJ=/nologo /MTd /W3 /Gm /GX /Zi /Od /I "." /I "..\..\include" /I\
+ "..\..\include\win32" /I "..\des" /I "..\roken" /D "_DEBUG" /D "WIN32" /D\
+ "_WINDOWS" /D "HAVE_CONFIG_H" /Fp"$(INTDIR)/krb.pch" /YX /Fo"$(INTDIR)/"\
+ /Fd"$(INTDIR)/" /c
+CPP_OBJS=.\Debug/
+CPP_SBRS=.\.
+# ADD BASE MTL /nologo /D "_DEBUG" /win32
+# ADD MTL /nologo /D "_DEBUG" /win32
+MTL_PROJ=/nologo /D "_DEBUG" /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+BSC32_FLAGS=/nologo /o"$(OUTDIR)/krb.bsc"
+BSC32_SBRS= \
+
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386
+# ADD LINK32 ..\roken\Debug\roken.lib ..\des\Debug\des.lib wsock32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386
+LINK32_FLAGS=..\roken\Debug\roken.lib ..\des\Debug\des.lib wsock32.lib\
+ kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib\
+ shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo\
+ /subsystem:windows /dll /incremental:yes /pdb:"$(OUTDIR)/krb.pdb" /debug\
+ /machine:I386 /def:".\krb.def" /out:"$(OUTDIR)/krb.dll"\
+ /implib:"$(OUTDIR)/krb.lib"
+DEF_FILE= \
+ ".\krb.def"
+LINK32_OBJS= \
+ ".\Debug\cr_err_reply.obj" \
+ ".\Debug\create_auth_reply.obj" \
+ ".\Debug\create_ciph.obj" \
+ ".\Debug\create_ticket.obj" \
+ ".\Debug\debug_decl.obj" \
+ ".\Debug\decomp_ticket.obj" \
+ ".\Debug\dllmain.obj" \
+ ".\Debug\encrypt_ktext.obj" \
+ ".\Debug\et_list.obj" \
+ ".\Debug\get_ad_tkt.obj" \
+ ".\Debug\get_cred.obj" \
+ ".\Debug\get_default_principal.obj" \
+ ".\Debug\get_host.obj" \
+ ".\Debug\get_in_tkt.obj" \
+ ".\Debug\get_krbrlm.obj" \
+ ".\Debug\get_phost.obj" \
+ ".\Debug\get_svc_in_tkt.obj" \
+ ".\Debug\get_tf_fullname.obj" \
+ ".\Debug\get_tf_realm.obj" \
+ ".\Debug\getaddrs.obj" \
+ ".\Debug\getrealm.obj" \
+ ".\Debug\getst.obj" \
+ ".\Debug\k_flock.obj" \
+ ".\Debug\k_gethostname.obj" \
+ ".\Debug\k_getport.obj" \
+ ".\Debug\k_getsockinst.obj" \
+ ".\Debug\k_localtime.obj" \
+ ".\Debug\kdc_reply.obj" \
+ ".\Debug\kntoln.obj" \
+ ".\Debug\krb_check_auth.obj" \
+ ".\Debug\krb_equiv.obj" \
+ ".\Debug\krb_err_txt.obj" \
+ ".\Debug\krb_get_in_tkt.obj" \
+ ".\Debug\lifetime.obj" \
+ ".\Debug\logging.obj" \
+ ".\Debug\lsb_addr_comp.obj" \
+ ".\Debug\mk_auth.obj" \
+ ".\Debug\mk_err.obj" \
+ ".\Debug\mk_priv.obj" \
+ ".\Debug\mk_req.obj" \
+ ".\Debug\mk_safe.obj" \
+ ".\Debug\month_sname.obj" \
+ ".\Debug\name2name.obj" \
+ ".\Debug\netread.obj" \
+ ".\Debug\netwrite.obj" \
+ ".\Debug\one.obj" \
+ ".\Debug\parse_name.obj" \
+ ".\Debug\rd_err.obj" \
+ ".\Debug\rd_priv.obj" \
+ ".\Debug\rd_req.obj" \
+ ".\Debug\rd_safe.obj" \
+ ".\Debug\read_service_key.obj" \
+ ".\Debug\realm_parse.obj" \
+ ".\Debug\recvauth.obj" \
+ ".\Debug\resolve.obj" \
+ ".\Debug\rw.obj" \
+ ".\Debug\save_credentials.obj" \
+ ".\Debug\send_to_kdc.obj" \
+ ".\Debug\sendauth.obj" \
+ ".\Debug\stime.obj" \
+ ".\Debug\str2key.obj" \
+ ".\Debug\swab.obj" \
+ ".\Debug\ticket_memory.obj" \
+ ".\Debug\tkt_string.obj" \
+ ".\Debug\unparse_name.obj" \
+ ".\Debug\util.obj" \
+ ".\Debug\verify_user.obj"
+
+".\Debug\krb.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+
+!ENDIF
+
+.c{$(CPP_OBJS)}.obj:
+ $(CPP) $(CPP_PROJ) $<
+
+.cpp{$(CPP_OBJS)}.obj:
+ $(CPP) $(CPP_PROJ) $<
+
+.cxx{$(CPP_OBJS)}.obj:
+ $(CPP) $(CPP_PROJ) $<
+
+.c{$(CPP_SBRS)}.sbr:
+ $(CPP) $(CPP_PROJ) $<
+
+.cpp{$(CPP_SBRS)}.sbr:
+ $(CPP) $(CPP_PROJ) $<
+
+.cxx{$(CPP_SBRS)}.sbr:
+ $(CPP) $(CPP_PROJ) $<
+
+################################################################################
+# Begin Target
+
+# Name "krb - Win32 Release"
+# Name "krb - Win32 Debug"
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+!ENDIF
+
+################################################################################
+# Begin Source File
+
+SOURCE=.\krb.def
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\get_tf_fullname.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_GET_T=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\get_tf_fullname.obj" : $(SOURCE) $(DEP_CPP_GET_T) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_GET_T=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\get_tf_fullname.obj" : $(SOURCE) $(DEP_CPP_GET_T) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\cr_err_reply.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_CR_ER=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\cr_err_reply.obj" : $(SOURCE) $(DEP_CPP_CR_ER) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_CR_ER=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\cr_err_reply.obj" : $(SOURCE) $(DEP_CPP_CR_ER) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\create_auth_reply.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_CREAT=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\create_auth_reply.obj" : $(SOURCE) $(DEP_CPP_CREAT) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_CREAT=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\create_auth_reply.obj" : $(SOURCE) $(DEP_CPP_CREAT) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\create_ciph.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_CREATE=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\create_ciph.obj" : $(SOURCE) $(DEP_CPP_CREATE) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_CREATE=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\create_ciph.obj" : $(SOURCE) $(DEP_CPP_CREATE) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\create_ticket.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_CREATE_=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\create_ticket.obj" : $(SOURCE) $(DEP_CPP_CREATE_) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_CREATE_=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\create_ticket.obj" : $(SOURCE) $(DEP_CPP_CREATE_) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\decomp_ticket.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_DECOM=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\decomp_ticket.obj" : $(SOURCE) $(DEP_CPP_DECOM) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_DECOM=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\decomp_ticket.obj" : $(SOURCE) $(DEP_CPP_DECOM) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\dllmain.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_DLLMA=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+ ".\ticket_memory.h"\
+
+
+".\Release\dllmain.obj" : $(SOURCE) $(DEP_CPP_DLLMA) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_DLLMA=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ ".\ticket_memory.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\dllmain.obj" : $(SOURCE) $(DEP_CPP_DLLMA) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\encrypt_ktext.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_ENCRY=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\encrypt_ktext.obj" : $(SOURCE) $(DEP_CPP_ENCRY) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_ENCRY=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\encrypt_ktext.obj" : $(SOURCE) $(DEP_CPP_ENCRY) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\et_list.c
+DEP_CPP_ET_LI=\
+ "..\..\include\win32\config.h"\
+
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+
+".\Release\et_list.obj" : $(SOURCE) $(DEP_CPP_ET_LI) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+
+".\Debug\et_list.obj" : $(SOURCE) $(DEP_CPP_ET_LI) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\get_ad_tkt.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_GET_A=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\get_ad_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_A) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_GET_A=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\get_ad_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_A) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\get_cred.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_GET_C=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\get_cred.obj" : $(SOURCE) $(DEP_CPP_GET_C) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_GET_C=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\get_cred.obj" : $(SOURCE) $(DEP_CPP_GET_C) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\get_default_principal.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_GET_D=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\get_default_principal.obj" : $(SOURCE) $(DEP_CPP_GET_D) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_GET_D=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\get_default_principal.obj" : $(SOURCE) $(DEP_CPP_GET_D) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\get_host.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_GET_H=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\get_host.obj" : $(SOURCE) $(DEP_CPP_GET_H) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_GET_H=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\get_host.obj" : $(SOURCE) $(DEP_CPP_GET_H) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\get_in_tkt.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_GET_I=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_I) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_GET_I=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_I) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\get_krbrlm.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_GET_K=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\get_krbrlm.obj" : $(SOURCE) $(DEP_CPP_GET_K) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_GET_K=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\get_krbrlm.obj" : $(SOURCE) $(DEP_CPP_GET_K) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\get_phos
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\get_svc_in_tkt.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_GET_S=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\get_svc_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_S) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_GET_S=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\get_svc_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_S) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\get_phost.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_GET_P=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\get_phost.obj" : $(SOURCE) $(DEP_CPP_GET_P) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_GET_P=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\get_phost.obj" : $(SOURCE) $(DEP_CPP_GET_P) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\krb_equiv.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_KRB_E=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\krb_equiv.obj" : $(SOURCE) $(DEP_CPP_KRB_E) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_KRB_E=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\krb_equiv.obj" : $(SOURCE) $(DEP_CPP_KRB_E) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\getaddrs.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_GETAD=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\getaddrs.obj" : $(SOURCE) $(DEP_CPP_GETAD) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_GETAD=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\getaddrs.obj" : $(SOURCE) $(DEP_CPP_GETAD) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\getrealm.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_GETRE=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\getrealm.obj" : $(SOURCE) $(DEP_CPP_GETRE) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_GETRE=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\getrealm.obj" : $(SOURCE) $(DEP_CPP_GETRE) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\getst.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_GETST=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\getst.obj" : $(SOURCE) $(DEP_CPP_GETST) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_GETST=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\getst.obj" : $(SOURCE) $(DEP_CPP_GETST) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\k_flock.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_K_FLO=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\k_flock.obj" : $(SOURCE) $(DEP_CPP_K_FLO) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_K_FLO=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\k_flock.obj" : $(SOURCE) $(DEP_CPP_K_FLO) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\k_gethostname.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_K_GET=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\k_gethostname.obj" : $(SOURCE) $(DEP_CPP_K_GET) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_K_GET=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\k_gethostname.obj" : $(SOURCE) $(DEP_CPP_K_GET) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\k_getport.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_K_GETP=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\k_getport.obj" : $(SOURCE) $(DEP_CPP_K_GETP) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_K_GETP=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\k_getport.obj" : $(SOURCE) $(DEP_CPP_K_GETP) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\k_getsockinst.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_K_GETS=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\k_getsockinst.obj" : $(SOURCE) $(DEP_CPP_K_GETS) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_K_GETS=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\k_getsockinst.obj" : $(SOURCE) $(DEP_CPP_K_GETS) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\k_localtime.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_K_LOC=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\k_localtime.obj" : $(SOURCE) $(DEP_CPP_K_LOC) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_K_LOC=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\k_localtime.obj" : $(SOURCE) $(DEP_CPP_K_LOC) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\kdc_reply.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_KDC_R=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\kdc_reply.obj" : $(SOURCE) $(DEP_CPP_KDC_R) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_KDC_R=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\kdc_reply.obj" : $(SOURCE) $(DEP_CPP_KDC_R) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\kntoln.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_KNTOL=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Release\kntoln.obj" : $(SOURCE) $(DEP_CPP_KNTOL) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_KNTOL=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\kntoln.obj" : $(SOURCE) $(DEP_CPP_KNTOL) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\krb_check_auth.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_KRB_C=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\krb_check_auth.obj" : $(SOURCE) $(DEP_CPP_KRB_C) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_KRB_C=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\krb_check_auth.obj" : $(SOURCE) $(DEP_CPP_KRB_C) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\get_tf_realm.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_GET_TF=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\get_tf_realm.obj" : $(SOURCE) $(DEP_CPP_GET_TF) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_GET_TF=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\get_tf_realm.obj" : $(SOURCE) $(DEP_CPP_GET_TF) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\rd_safe.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_RD_SA=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+ ".\lsb_addr_comp.h"\
+
+
+".\Release\rd_safe.obj" : $(SOURCE) $(DEP_CPP_RD_SA) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_RD_SA=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\lsb_addr_comp.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\rd_safe.obj" : $(SOURCE) $(DEP_CPP_RD_SA) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\krb_get_in_tkt.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_KRB_G=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\krb_get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_KRB_G) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_KRB_G=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\krb_get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_KRB_G) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\lifetime.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_LIFET=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\lifetime.obj" : $(SOURCE) $(DEP_CPP_LIFET) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_LIFET=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\lifetime.obj" : $(SOURCE) $(DEP_CPP_LIFET) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\lsb_addr_comp.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_LSB_A=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+ ".\lsb_addr_comp.h"\
+
+
+".\Release\lsb_addr_comp.obj" : $(SOURCE) $(DEP_CPP_LSB_A) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_LSB_A=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\lsb_addr_comp.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\lsb_addr_comp.obj" : $(SOURCE) $(DEP_CPP_LSB_A) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\mk_auth.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_MK_AU=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\mk_auth.obj" : $(SOURCE) $(DEP_CPP_MK_AU) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_MK_AU=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\mk_auth.obj" : $(SOURCE) $(DEP_CPP_MK_AU) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\mk_err.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_MK_ER=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\mk_err.obj" : $(SOURCE) $(DEP_CPP_MK_ER) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_MK_ER=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\mk_err.obj" : $(SOURCE) $(DEP_CPP_MK_ER) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\mk_priv.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_MK_PR=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+ ".\lsb_addr_comp.h"\
+
+
+".\Release\mk_priv.obj" : $(SOURCE) $(DEP_CPP_MK_PR) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_MK_PR=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\lsb_addr_comp.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\mk_priv.obj" : $(SOURCE) $(DEP_CPP_MK_PR) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\mk_req.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_MK_RE=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\mk_req.obj" : $(SOURCE) $(DEP_CPP_MK_RE) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_MK_RE=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\mk_req.obj" : $(SOURCE) $(DEP_CPP_MK_RE) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\mk_safe.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_MK_SA=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+ ".\lsb_addr_comp.h"\
+
+
+".\Release\mk_safe.obj" : $(SOURCE) $(DEP_CPP_MK_SA) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_MK_SA=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\lsb_addr_comp.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\mk_safe.obj" : $(SOURCE) $(DEP_CPP_MK_SA) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\month_sname.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_MONTH=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\month_sname.obj" : $(SOURCE) $(DEP_CPP_MONTH) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_MONTH=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\month_sname.obj" : $(SOURCE) $(DEP_CPP_MONTH) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\name2name.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_NAME2=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\name2name.obj" : $(SOURCE) $(DEP_CPP_NAME2) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_NAME2=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\name2name.obj" : $(SOURCE) $(DEP_CPP_NAME2) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\netread.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_NETRE=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\netread.obj" : $(SOURCE) $(DEP_CPP_NETRE) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_NETRE=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\netread.obj" : $(SOURCE) $(DEP_CPP_NETRE) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\netwrite.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_NETWR=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\netwrite.obj" : $(SOURCE) $(DEP_CPP_NETWR) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_NETWR=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\netwrite.obj" : $(SOURCE) $(DEP_CPP_NETWR) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\one.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+
+".\Release\one.obj" : $(SOURCE) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+
+".\Debug\one.obj" : $(SOURCE) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\parse_name.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_PARSE=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\parse_name.obj" : $(SOURCE) $(DEP_CPP_PARSE) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_PARSE=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\parse_name.obj" : $(SOURCE) $(DEP_CPP_PARSE) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\rd_err.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_RD_ER=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\rd_err.obj" : $(SOURCE) $(DEP_CPP_RD_ER) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_RD_ER=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\rd_err.obj" : $(SOURCE) $(DEP_CPP_RD_ER) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\rd_priv.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_RD_PR=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+ ".\lsb_addr_comp.h"\
+
+
+".\Release\rd_priv.obj" : $(SOURCE) $(DEP_CPP_RD_PR) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_RD_PR=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\lsb_addr_comp.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\rd_priv.obj" : $(SOURCE) $(DEP_CPP_RD_PR) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\rd_req.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_RD_RE=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\rd_req.obj" : $(SOURCE) $(DEP_CPP_RD_RE) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_RD_RE=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\rd_req.obj" : $(SOURCE) $(DEP_CPP_RD_RE) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\krb_err_txt.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_KRB_ER=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\krb_err_txt.obj" : $(SOURCE) $(DEP_CPP_KRB_ER) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_KRB_ER=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\krb_err_txt.obj" : $(SOURCE) $(DEP_CPP_KRB_ER) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\send_to_kdc.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_SEND_=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\send_to_kdc.obj" : $(SOURCE) $(DEP_CPP_SEND_) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_SEND_=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\send_to_kdc.obj" : $(SOURCE) $(DEP_CPP_SEND_) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\realm_parse.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_REALM=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\realm_parse.obj" : $(SOURCE) $(DEP_CPP_REALM) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_REALM=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\realm_parse.obj" : $(SOURCE) $(DEP_CPP_REALM) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\recvauth.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_RECVA=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\recvauth.obj" : $(SOURCE) $(DEP_CPP_RECVA) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_RECVA=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\recvauth.obj" : $(SOURCE) $(DEP_CPP_RECVA) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\resolve.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_RESOL=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+ ".\resolve.h"\
+
+
+".\Release\resolve.obj" : $(SOURCE) $(DEP_CPP_RESOL) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_RESOL=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\resolve.obj" : $(SOURCE) $(DEP_CPP_RESOL) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\rw.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_RW_C68=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\version.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\rw.obj" : $(SOURCE) $(DEP_CPP_RW_C68) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_RW_C68=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\des\version.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\rw.obj" : $(SOURCE) $(DEP_CPP_RW_C68) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\save_credentials.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_SAVE_=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\save_credentials.obj" : $(SOURCE) $(DEP_CPP_SAVE_) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_SAVE_=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\save_credentials.obj" : $(SOURCE) $(DEP_CPP_SAVE_) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\read_service_key.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_READ_=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\read_service_key.obj" : $(SOURCE) $(DEP_CPP_READ_) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_READ_=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\read_service_key.obj" : $(SOURCE) $(DEP_CPP_READ_) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\verify_user.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_VERIF=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\verify_user.obj" : $(SOURCE) $(DEP_CPP_VERIF) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_VERIF=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\verify_user.obj" : $(SOURCE) $(DEP_CPP_VERIF) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\stime.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_STIME=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\stime.obj" : $(SOURCE) $(DEP_CPP_STIME) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_STIME=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\stime.obj" : $(SOURCE) $(DEP_CPP_STIME) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\swab.c
+DEP_CPP_SWAB_=\
+ "..\..\include\win32\config.h"\
+
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+
+".\Release\swab.obj" : $(SOURCE) $(DEP_CPP_SWAB_) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+
+".\Debug\swab.obj" : $(SOURCE) $(DEP_CPP_SWAB_) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\ticket_memory.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_TICKE=\
+ ".\krb_locl.h"\
+ ".\ticket_memory.h"\
+
+
+".\Release\ticket_memory.obj" : $(SOURCE) $(DEP_CPP_TICKE) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_TICKE=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+ ".\ticket_memory.h"\
+
+
+".\Debug\ticket_memory.obj" : $(SOURCE) $(DEP_CPP_TICKE) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\tkt_string.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_TKT_S=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\tkt_string.obj" : $(SOURCE) $(DEP_CPP_TKT_S) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_TKT_S=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\tkt_string.obj" : $(SOURCE) $(DEP_CPP_TKT_S) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\unparse_name.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_UNPAR=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\unparse_name.obj" : $(SOURCE) $(DEP_CPP_UNPAR) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_UNPAR=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\unparse_name.obj" : $(SOURCE) $(DEP_CPP_UNPAR) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\util.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_UTIL_=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\util.obj" : $(SOURCE) $(DEP_CPP_UTIL_) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_UTIL_=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\util.obj" : $(SOURCE) $(DEP_CPP_UTIL_) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\sendauth.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_SENDA=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\sendauth.obj" : $(SOURCE) $(DEP_CPP_SENDA) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_SENDA=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\sendauth.obj" : $(SOURCE) $(DEP_CPP_SENDA) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\logging.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_LOGGI=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\klog.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\logging.obj" : $(SOURCE) $(DEP_CPP_LOGGI) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_LOGGI=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\klog.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\logging.obj" : $(SOURCE) $(DEP_CPP_LOGGI) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\str2key.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_STR2K=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\str2key.obj" : $(SOURCE) $(DEP_CPP_STR2K) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_STR2K=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\str2key.obj" : $(SOURCE) $(DEP_CPP_STR2K) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\debug_decl.c
+
+!IF "$(CFG)" == "krb - Win32 Release"
+
+DEP_CPP_DEBUG=\
+ "..\..\include\protos.h"\
+ "..\..\include\win32\config.h"\
+ ".\krb_locl.h"\
+
+
+".\Release\debug_decl.obj" : $(SOURCE) $(DEP_CPP_DEBUG) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "krb - Win32 Debug"
+
+DEP_CPP_DEBUG=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\roken\roken.h"\
+ ".\krb.h"\
+ ".\krb_locl.h"\
+ ".\prot.h"\
+ ".\resolve.h"\
+ {$(INCLUDE)}"\sys\STAT.H"\
+ {$(INCLUDE)}"\sys\TYPES.H"\
+
+
+".\Debug\debug_decl.obj" : $(SOURCE) $(DEP_CPP_DEBUG) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+# End Target
+# End Project
+################################################################################
diff --git a/crypto/kerberosIV/lib/krb/krb_check_auth.c b/crypto/kerberosIV/lib/krb/krb_check_auth.c
new file mode 100644
index 0000000..8bddbf5
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/krb_check_auth.c
@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: krb_check_auth.c,v 1.4 1997/04/01 08:18:33 joda Exp $");
+
+/*
+ *
+ * Receive an mutual-authenticator for a server in `packet', with
+ * `checksum', `session', and `schedule' having the appropriate values
+ * and return the data in `msg_data'.
+ *
+ * Return KSUCCESS if the received checksum is correct.
+ *
+ */
+
+int
+krb_check_auth(KTEXT packet,
+ u_int32_t checksum,
+ MSG_DAT *msg_data,
+ des_cblock *session,
+ struct des_ks_struct *schedule,
+ struct sockaddr_in *laddr,
+ struct sockaddr_in *faddr)
+{
+ int ret;
+ u_int32_t checksum2;
+
+ ret = krb_rd_priv (packet->dat, packet->length, schedule, session, faddr,
+ laddr, msg_data);
+ if (ret != RD_AP_OK)
+ return ret;
+ if (msg_data->app_length != 4)
+ return KFAILURE;
+ krb_get_int (msg_data->app_data, &checksum2, 4, 0);
+ if (checksum2 == checksum + 1)
+ return KSUCCESS;
+ else
+ return KFAILURE;
+}
diff --git a/crypto/kerberosIV/lib/krb/krb_equiv.c b/crypto/kerberosIV/lib/krb/krb_equiv.c
new file mode 100644
index 0000000..06f42f5
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/krb_equiv.c
@@ -0,0 +1,144 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * int krb_equiv(u_int32_t ipaddr_a, u_int32_t ipaddr_b);
+ *
+ * Given two IP adresses return true if they match
+ * or are considered to belong to the same host.
+ *
+ * For example if /etc/krb.equiv looks like
+ *
+ * 130.237.223.3 192.16.126.3 # alv alv1
+ * 130.237.223.4 192.16.126.4 # byse byse1
+ * 130.237.228.152 192.16.126.9 # topsy topsy1
+ *
+ * krb_equiv(alv, alv1) would return true but
+ * krb_equiv(alv, byse1) would not.
+ *
+ * A comment starts with an '#' and ends with '\n'.
+ *
+ */
+#include "krb_locl.h"
+
+RCSID("$Id: krb_equiv.c,v 1.13 1997/04/01 08:18:33 joda Exp $");
+
+int krb_ignore_ip_address = 0;
+
+int
+krb_equiv(u_int32_t a, u_int32_t b)
+{
+ FILE *fil;
+ char line[256];
+ int hit_a, hit_b;
+ int iscomment;
+
+ if (a == b) /* trivial match, also the common case */
+ return 1;
+
+ if (krb_ignore_ip_address)
+ return 1; /* if we have decided not to compare */
+
+ a = ntohl(a);
+ b = ntohl(b);
+
+ fil = fopen(KRB_EQUIV, "r");
+ if (fil == NULL) /* open failed */
+ return 0;
+
+ hit_a = hit_b = 0;
+ iscomment = 0;
+ while (fgets(line, sizeof(line)-1, fil) != NULL) /* for each line */
+ {
+ char *t = line;
+ int len = strlen(t);
+
+ /* for each item on this line */
+ while (*t != 0) /* more addresses on this line? */
+ if (*t == '\n') {
+ iscomment = hit_a = hit_b = 0;
+ break;
+ } else if (iscomment)
+ t = line + len - 1;
+ else if (*t == '#') { /* rest is comment */
+ iscomment = 1;
+ ++t;
+ } else if (*t == '\\' ) /* continuation */
+ break;
+ else if (isspace(*t)) /* skip space */
+ t++;
+ else if (isdigit(*t)) /* an address? */
+ {
+ u_int32_t tmp;
+ u_int32_t tmpa, tmpb, tmpc, tmpd;
+
+ sscanf(t, "%d.%d.%d.%d", &tmpa, &tmpb, &tmpc, &tmpd);
+ tmp = (tmpa << 24) | (tmpb << 16) | (tmpc << 8) | tmpd;
+
+ while (*t == '.' || isdigit(*t)) /* done with this address */
+ t++;
+
+ if (tmp != -1) { /* an address (and not broadcast) */
+ u_int32_t mask = (u_int32_t)~0;
+
+ if (*t == '/') {
+ ++t;
+ mask <<= 32 - atoi(t);
+
+ while(isdigit(*t))
+ ++t;
+ }
+
+ if ((tmp & mask) == (a & mask))
+ hit_a = 1;
+ if ((tmp & mask) == (b & mask))
+ hit_b = 1;
+ if (hit_a && hit_b) {
+ fclose(fil);
+ return 1;
+ }
+ }
+ }
+ else
+ ++t; /* garbage on this line, skip it */
+
+ }
+
+ fclose(fil);
+ return 0;
+}
diff --git a/crypto/kerberosIV/lib/krb/krb_err.et b/crypto/kerberosIV/lib/krb/krb_err.et
new file mode 100644
index 0000000..4e32aed
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/krb_err.et
@@ -0,0 +1,257 @@
+# Copyright 1987,1988 Massachusetts Institute of Technology
+#
+# For copying and distribution information, see the file
+# "mit-copyright.h".
+#
+# $Id: krb_err.et,v 1.4 1996/10/27 13:30:28 bg Exp $
+#
+ error_table krb
+
+ ec KRBET_KSUCCESS,
+ "Kerberos successful"
+
+ ec KRBET_KDC_NAME_EXP,
+ "Kerberos principal expired"
+
+ ec KRBET_KDC_SERVICE_EXP,
+ "Kerberos service expired"
+
+ ec KRBET_KDC_AUTH_EXP,
+ "Kerberos auth expired"
+
+ ec KRBET_KDC_PKT_VER,
+ "Incorrect kerberos master key version"
+
+ ec KRBET_KDC_P_MKEY_VER,
+ "Incorrect kerberos master key version"
+
+ ec KRBET_KDC_S_MKEY_VER,
+ "Incorrect kerberos master key version"
+
+ ec KRBET_KDC_BYTE_ORDER,
+ "Kerberos error: byte order unknown"
+
+ ec KRBET_KDC_PR_UNKNOWN,
+ "Kerberos principal unknown"
+
+ ec KRBET_KDC_PR_N_UNIQUE,
+ "Kerberos principal not unique"
+
+ ec KRBET_KDC_NULL_KEY,
+ "Kerberos principal has null key"
+
+ ec KRBET_KRB_RES11,
+ "Reserved 11"
+
+ ec KRBET_KRB_RES12,
+ "Reserved 12"
+
+ ec KRBET_KRB_RES13,
+ "Reserved 13"
+
+ ec KRBET_KRB_RES14,
+ "Reserved 14"
+
+ ec KRBET_KRB_RES15,
+ "Reserved 15"
+
+ ec KRBET_KRB_RES16,
+ "Reserved 16"
+
+ ec KRBET_KRB_RES17,
+ "Reserved 17"
+
+ ec KRBET_KRB_RES18,
+ "Reserved 18"
+
+ ec KRBET_KRB_RES19,
+ "Reserved 19"
+
+ ec KRBET_KDC_GEN_ERR,
+ "Generic error from Kerberos KDC"
+
+ ec KRBET_GC_TKFIL,
+ "Can't read Kerberos ticket file"
+
+ ec KRBET_GC_NOTKT,
+ "Can't find Kerberos ticket or TGT"
+
+ ec KRBET_KRB_RES23,
+ "Reserved 23"
+
+ ec KRBET_KRB_RES24,
+ "Reserved 24"
+
+ ec KRBET_KRB_RES25,
+ "Reserved 25"
+
+ ec KRBET_MK_AP_TGTEXP,
+ "Kerberos TGT Expired"
+
+ ec KRBET_KRB_RES27,
+ "Reserved 27"
+
+ ec KRBET_KRB_RES28,
+ "Reserved 28"
+
+ ec KRBET_KRB_RES29,
+ "Reserved 29"
+
+ ec KRBET_KRB_RES30,
+ "Reserved 30"
+
+ ec KRBET_RD_AP_UNDEC,
+ "Kerberos error: Can't decode authenticator"
+
+ ec KRBET_RD_AP_EXP,
+ "Kerberos ticket expired"
+
+ ec KRBET_RD_AP_NYV,
+ "Kerberos ticket not yet valid"
+
+ ec KRBET_RD_AP_REPEAT,
+ "Kerberos error: Repeated request"
+
+ ec KRBET_RD_AP_NOT_US,
+ "The kerberos ticket isn't for us"
+
+ ec KRBET_RD_AP_INCON,
+ "Kerberos request inconsistent"
+
+ ec KRBET_RD_AP_TIME,
+ "Kerberos error: delta_t too big"
+
+ ec KRBET_RD_AP_BADD,
+ "Kerberos error: incorrect net address"
+
+ ec KRBET_RD_AP_VERSION,
+ "Kerberos protocol version mismatch"
+
+ ec KRBET_RD_AP_MSG_TYPE,
+ "Kerberos error: invalid msg type"
+
+ ec KRBET_RD_AP_MODIFIED,
+ "Kerberos error: message stream modified"
+
+ ec KRBET_RD_AP_ORDER,
+ "Kerberos error: message out of order"
+
+ ec KRBET_RD_AP_UNAUTHOR,
+ "Kerberos error: unauthorized request"
+
+ ec KRBET_KRB_RES44,
+ "Reserved 44"
+
+ ec KRBET_KRB_RES45,
+ "Reserved 45"
+
+ ec KRBET_KRB_RES46,
+ "Reserved 46"
+
+ ec KRBET_KRB_RES47,
+ "Reserved 47"
+
+ ec KRBET_KRB_RES48,
+ "Reserved 48"
+
+ ec KRBET_KRB_RES49,
+ "Reserved 49"
+
+ ec KRBET_KRB_RES50,
+ "Reserved 50"
+
+ ec KRBET_GT_PW_NULL,
+ "Kerberos error: current PW is null"
+
+ ec KRBET_GT_PW_BADPW,
+ "Kerberos error: Incorrect current password"
+
+ ec KRBET_GT_PW_PROT,
+ "Kerberos protocol error"
+
+ ec KRBET_GT_PW_KDCERR,
+ "Error returned by Kerberos KDC"
+
+ ec KRBET_GT_PW_NULLTKT,
+ "Null Kerberos ticket returned by KDC"
+
+ ec KRBET_SKDC_RETRY,
+ "Kerberos error: Retry count exceeded"
+
+ ec KRBET_SKDC_CANT,
+ "Kerberos error: Can't send request"
+
+ ec KRBET_KRB_RES58,
+ "Reserved 58"
+
+ ec KRBET_KRB_RES59,
+ "Reserved 59"
+
+ ec KRBET_KRB_RES60,
+ "Reserved 60"
+
+ ec KRBET_INTK_W_NOTALL,
+ "Kerberos error: not all tickets returned"
+
+ ec KRBET_INTK_BADPW,
+ "Kerberos error: incorrect password"
+
+ ec KRBET_INTK_PROT,
+ "Kerberos error: Protocol Error"
+
+ ec KRBET_KRB_RES64,
+ "Reserved 64"
+
+ ec KRBET_KRB_RES65,
+ "Reserved 65"
+
+ ec KRBET_KRB_RES66,
+ "Reserved 66"
+
+ ec KRBET_KRB_RES67,
+ "Reserved 67"
+
+ ec KRBET_KRB_RES68,
+ "Reserved 68"
+
+ ec KRBET_KRB_RES69,
+ "Reserved 69"
+
+ ec KRBET_INTK_ERR,
+ "Other error"
+
+ ec KRBET_AD_NOTGT,
+ "Don't have Kerberos ticket-granting ticket"
+
+ ec KRBET_KRB_RES72,
+ "Can't get Kerberos inter-realm ticket-granting ticket"
+
+ ec KRBET_KRB_RES73,
+ "Reserved 73"
+
+ ec KRBET_KRB_RES74,
+ "Reserved 74"
+
+ ec KRBET_KRB_RES75,
+ "Reserved 75"
+
+ ec KRBET_NO_TKT_FIL,
+ "No ticket file found"
+
+ ec KRBET_TKT_FIL_ACC,
+ "Couldn't access ticket file"
+
+ ec KRBET_TKT_FIL_LCK,
+ "Couldn't lock ticket file"
+
+ ec KRBET_TKT_FIL_FMT,
+ "Bad ticket file format"
+
+ ec KRBET_TKT_FIL_INI,
+ "tf_init not called first"
+
+ ec KRBET_KNAME_FMT,
+ "Bad Kerberos name format"
+
+ end
+
diff --git a/crypto/kerberosIV/lib/krb/krb_err_txt.c b/crypto/kerberosIV/lib/krb/krb_err_txt.c
new file mode 100644
index 0000000..161aa0f
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/krb_err_txt.c
@@ -0,0 +1,299 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: krb_err_txt.c,v 1.12 1997/04/02 05:37:10 joda Exp $");
+
+/*
+ * This file contains an array of error text strings.
+ * The associated error codes (which are defined in "krb.h")
+ * follow the string in the comments at the end of each line.
+ */
+
+const char *krb_err_txt[256] = {
+ "OK", /* 000 */
+ "Principal expired (kerberos)", /* 001 */
+ "Service expired (kerberos)", /* 002 */
+ "Authentication expired (kerberos)", /* 003 */
+ "Unknown protocol version number (kerberos)", /* 004 */
+ "Principal: Incorrect master key version (kerberos)", /* 005 */
+ "Service: Incorrect master key version (kerberos)", /* 006 */
+ "Bad byte order (kerberos)", /* 007 */
+ "Principal unknown (kerberos)", /* 008 */
+ "Principal not unique (kerberos)", /* 009 */
+ "Principal has null key (kerberos)", /* 010 */
+ "Timeout in request (kerberos)", /* 011 */
+ "Reserved error message 12 (kerberos)", /* 012 */
+ "Reserved error message 13 (kerberos)", /* 013 */
+ "Reserved error message 14 (kerberos)", /* 014 */
+ "Reserved error message 15 (kerberos)", /* 015 */
+ "Reserved error message 16 (kerberos)", /* 016 */
+ "Reserved error message 17 (kerberos)", /* 017 */
+ "Reserved error message 18 (kerberos)", /* 018 */
+ "Reserved error message 19 (kerberos)", /* 019 */
+ "Permission Denied (kerberos)", /* 020 */
+ "Can't read ticket file (krb_get_cred)", /* 021 */
+ "Can't find ticket (krb_get_cred)", /* 022 */
+ "Reserved error message 23 (krb_get_cred)", /* 023 */
+ "Reserved error message 24 (krb_get_cred)", /* 024 */
+ "Reserved error message 25 (krb_get_cred)", /* 025 */
+ "Ticket granting ticket expired (krb_mk_req)", /* 026 */
+ "Reserved error message 27 (krb_mk_req)", /* 027 */
+ "Reserved error message 28 (krb_mk_req)", /* 028 */
+ "Reserved error message 29 (krb_mk_req)", /* 029 */
+ "Reserved error message 30 (krb_mk_req)", /* 030 */
+ "Can't decode authenticator (krb_rd_req)", /* 031 */
+ "Ticket expired (krb_rd_req)", /* 032 */
+ "Ticket issue date too far in the future (krb_rd_req)",/* 033 */
+ "Repeat request (krb_rd_req)", /* 034 */
+ "Ticket for wrong server (krb_rd_req)", /* 035 */
+ "Request inconsistent (krb_rd_req)", /* 036 */
+ "Time is out of bounds (krb_rd_req)", /* 037 */
+ "Incorrect network address (krb_rd_req)", /* 038 */
+ "Protocol version mismatch (krb_rd_req)", /* 039 */
+ "Illegal message type (krb_rd_req)", /* 040 */
+ "Message integrity error (krb_rd_req)", /* 041 */
+ "Message duplicate or out of order (krb_rd_req)", /* 042 */
+ "Unauthorized request (krb_rd_req)", /* 043 */
+ "Reserved error message 44 (krb_rd_req)", /* 044 */
+ "Reserved error message 45 (krb_rd_req)", /* 045 */
+ "Reserved error message 46 (krb_rd_req)", /* 046 */
+ "Reserved error message 47 (krb_rd_req)", /* 047 */
+ "Reserved error message 48 (krb_rd_req)", /* 048 */
+ "Reserved error message 49 (krb_rd_req)", /* 049 */
+ "Reserved error message 50 (krb_rd_req)", /* 050 */
+ "Current password is NULL (get_pw_tkt)", /* 051 */
+ "Current password incorrect (get_pw_tkt)", /* 052 */
+ "Protocol error (gt_pw_tkt)", /* 053 */
+ "Error returned by KDC (gt_pw_tkt)", /* 054 */
+ "Null ticket returned by KDC (gt_pw_tkt)", /* 055 */
+ "Retry count exceeded (send_to_kdc)", /* 056 */
+ "Can't send request (send_to_kdc)", /* 057 */
+ "Reserved error message 58 (send_to_kdc)", /* 058 */
+ "Reserved error message 59 (send_to_kdc)", /* 059 */
+ "Reserved error message 60 (send_to_kdc)", /* 060 */
+ "Warning: Not ALL tickets returned", /* 061 */
+ "Password incorrect", /* 062 */
+ "Protocol error (get_in_tkt)", /* 063 */
+ "Reserved error message 64 (get_in_tkt)", /* 064 */
+ "Reserved error message 65 (get_in_tkt)", /* 065 */
+ "Reserved error message 66 (get_in_tkt)", /* 066 */
+ "Reserved error message 67 (get_in_tkt)", /* 067 */
+ "Reserved error message 68 (get_in_tkt)", /* 068 */
+ "Reserved error message 69 (get_in_tkt)", /* 069 */
+ "Generic error (get_in_tkt)(can't write ticket file)", /* 070 */
+ "Don't have ticket granting ticket (get_ad_tkt)", /* 071 */
+ "Can't get inter-realm ticket granting ticket (get_ad_tkt)", /* 072 */
+ "Reserved error message 73 (get_ad_tkt)", /* 073 */
+ "Reserved error message 74 (get_ad_tkt)", /* 074 */
+ "Reserved error message 75 (get_ad_tkt)", /* 075 */
+ "No ticket file (tf_util)", /* 076 */
+ "Can't access ticket file (tf_util)", /* 077 */
+ "Can't lock ticket file; try later (tf_util)", /* 078 */
+ "Bad ticket file format (tf_util)", /* 079 */
+ "Read ticket file before tf_init (tf_util)", /* 080 */
+ "Bad Kerberos name format (kname_parse)", /* 081 */
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "(reserved)",
+ "Generic kerberos error (kfailure)", /* 255 */
+};
+
+static const char err_failure[] = "Illegal error code passed (krb_get_err_text)";
+
+const char *
+krb_get_err_text(int code)
+{
+ if(code < 0 || code >= MAX_KRB_ERRORS)
+ return err_failure;
+ return krb_err_txt[code];
+}
diff --git a/crypto/kerberosIV/lib/krb/krb_get_in_tkt.c b/crypto/kerberosIV/lib/krb/krb_get_in_tkt.c
new file mode 100644
index 0000000..d3e6cc1
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/krb_get_in_tkt.c
@@ -0,0 +1,175 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: krb_get_in_tkt.c,v 1.20 1997/04/01 08:18:34 joda Exp $");
+
+/*
+ * decrypt_tkt(): Given user, instance, realm, passwd, key_proc
+ * and the cipher text sent from the KDC, decrypt the cipher text
+ * using the key returned by key_proc.
+ */
+
+static int
+decrypt_tkt(char *user, char *instance, char *realm,
+ void *arg, key_proc_t key_proc, KTEXT *cip)
+{
+ des_cblock key; /* Key for decrypting cipher */
+ int ret;
+
+ ret = key_proc(user, instance, realm, arg, &key);
+ if (ret != 0)
+ return ret;
+
+ encrypt_ktext(*cip, &key, DES_DECRYPT);
+
+ memset(&key, 0, sizeof(key));
+ return 0;
+}
+
+/*
+ * krb_get_in_tkt() gets a ticket for a given principal to use a given
+ * service and stores the returned ticket and session key for future
+ * use.
+ *
+ * The "user", "instance", and "realm" arguments give the identity of
+ * the client who will use the ticket. The "service" and "sinstance"
+ * arguments give the identity of the server that the client wishes
+ * to use. (The realm of the server is the same as the Kerberos server
+ * to whom the request is sent.) The "life" argument indicates the
+ * desired lifetime of the ticket; the "key_proc" argument is a pointer
+ * to the routine used for getting the client's private key to decrypt
+ * the reply from Kerberos. The "decrypt_proc" argument is a pointer
+ * to the routine used to decrypt the reply from Kerberos; and "arg"
+ * is an argument to be passed on to the "key_proc" routine.
+ *
+ * If all goes well, krb_get_in_tkt() returns INTK_OK, otherwise it
+ * returns an error code: If an AUTH_MSG_ERR_REPLY packet is returned
+ * by Kerberos, then the error code it contains is returned. Other
+ * error codes returned by this routine include INTK_PROT to indicate
+ * wrong protocol version, INTK_BADPW to indicate bad password (if
+ * decrypted ticket didn't make sense), INTK_ERR if the ticket was for
+ * the wrong server or the ticket store couldn't be initialized.
+ *
+ * The format of the message sent to Kerberos is as follows:
+ *
+ * Size Variable Field
+ * ---- -------- -----
+ *
+ * 1 byte KRB_PROT_VERSION protocol version number
+ * 1 byte AUTH_MSG_KDC_REQUEST | message type
+ * HOST_BYTE_ORDER local byte order in lsb
+ * string user client's name
+ * string instance client's instance
+ * string realm client's realm
+ * 4 bytes tlocal.tv_sec timestamp in seconds
+ * 1 byte life desired lifetime
+ * string service service's name
+ * string sinstance service's instance
+ */
+
+int
+krb_get_in_tkt(char *user, char *instance, char *realm,
+ char *service, char *sinstance, int life,
+ key_proc_t key_proc, decrypt_proc_t decrypt_proc, void *arg)
+{
+ KTEXT_ST pkt_st;
+ KTEXT pkt = &pkt_st; /* Packet to KDC */
+ KTEXT_ST rpkt_st;
+ KTEXT rpkt = &rpkt_st; /* Returned packet */
+
+ int kerror;
+ struct timeval tv;
+
+ /* BUILD REQUEST PACKET */
+
+ unsigned char *p = pkt->dat;
+
+ p += krb_put_int(KRB_PROT_VERSION, p, 1);
+ p += krb_put_int(AUTH_MSG_KDC_REQUEST, p, 1);
+
+ p += krb_put_nir(user, instance, realm, p);
+
+ gettimeofday(&tv, NULL);
+ p += krb_put_int(tv.tv_sec, p, 4);
+ p += krb_put_int(life, p, 1);
+
+ p += krb_put_nir(service, sinstance, NULL, p);
+
+ pkt->length = p - pkt->dat;
+
+ rpkt->length = 0;
+
+ /* SEND THE REQUEST AND RECEIVE THE RETURN PACKET */
+
+ if ((kerror = send_to_kdc(pkt, rpkt, realm))) return(kerror);
+
+ p = rpkt->dat;
+
+ {
+ CREDENTIALS cred;
+ KTEXT_ST cip;
+ KTEXT foo = &cip; /* braindamage */
+
+ kerror = kdc_reply_cipher(rpkt, &cip);
+ if(kerror != KSUCCESS)
+ return kerror;
+
+ if (decrypt_proc == NULL)
+ decrypt_proc = decrypt_tkt;
+ (*decrypt_proc)(user, instance, realm, arg, key_proc, &foo);
+
+ kerror = kdc_reply_cred(&cip, &cred);
+ if(kerror != KSUCCESS)
+ return kerror;
+
+ if (strcmp(cred.service, service) ||
+ strcmp(cred.instance, sinstance) ||
+ strcmp(cred.realm, realm)) /* not what we asked for */
+ return INTK_ERR; /* we need a better code here XXX */
+
+ if (abs((int)(tv.tv_sec - cred.issue_date)) > CLOCK_SKEW) {
+ return RD_AP_TIME; /* XXX should probably be better code */
+ }
+
+ /* initialize ticket cache */
+
+ return tf_setup(&cred, user, instance);
+ }
+}
diff --git a/crypto/kerberosIV/lib/krb/krb_locl.h b/crypto/kerberosIV/lib/krb/krb_locl.h
new file mode 100644
index 0000000..4475883
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/krb_locl.h
@@ -0,0 +1,163 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: krb_locl.h,v 1.42 1997/05/20 18:40:45 bg Exp $ */
+
+#ifndef __krb_locl_h
+#define __krb_locl_h
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "protos.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <assert.h>
+#include <stdarg.h>
+
+#include <errno.h>
+
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+#ifdef HAVE_IO_H
+#include <io.h>
+#endif
+
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_SYS_FILE_H
+#include <sys/file.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+
+#ifdef HAVE_WINSOCK_H
+#include <winsock.h>
+#endif
+
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+#include <resolv.h>
+#endif
+
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+#include <roken.h>
+
+#include <krb.h>
+#include <prot.h>
+
+#include "resolve.h"
+
+/* --- */
+
+/* Globals! */
+extern int krb_debug;
+extern int krb_ap_req_debug;
+
+/* Utils */
+int krb_name_to_name(const char *, char *, size_t);
+
+void encrypt_ktext(KTEXT cip, des_cblock *key, int encrypt);
+int kdc_reply_cred(KTEXT cip, CREDENTIALS *cred);
+int kdc_reply_cipher(KTEXT reply, KTEXT cip);
+
+#ifndef HAVE_GETTIMEOFDAY
+int gettimeofday (struct timeval *, void *);
+#endif
+
+void k_ricercar(char*);
+
+/* safe multiple strcat */
+int k_concat(char*, size_t, ...);
+int k_vconcat(char*, size_t, va_list);
+
+/* mallocing versions of the above */
+size_t k_vmconcat (char**, size_t, va_list);
+size_t k_mconcat (char**, size_t, ...);
+
+/* used in rd_safe.c and mk_safe.c */
+
+void fixup_quad_cksum(void *start, size_t len, des_cblock *key,
+ void *new_checksum, void *old_checksum, int little);
+
+#endif /* __krb_locl_h */
diff --git a/crypto/kerberosIV/lib/krb/kuserok.c b/crypto/kerberosIV/lib/krb/kuserok.c
new file mode 100644
index 0000000..e3d5e6b
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/kuserok.c
@@ -0,0 +1,156 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: kuserok.c,v 1.21 1997/04/01 08:18:35 joda Exp $");
+
+#define OK 0
+#define NOTOK 1
+#define MAX_USERNAME 10
+
+/*
+ * Given a Kerberos principal and a local username, determine whether
+ * user is authorized to login according to the authorization file
+ * ("~luser/.klogin" by default). Returns OK if authorized, NOTOK if
+ * not authorized.
+ *
+ * IMPORTANT CHANGE: To eliminate the need of making a distinction
+ * between the 3 cases:
+ *
+ * 1. We can't verify that a .klogin file doesn't exist (no home dir).
+ * 2. It's there but we aren't allowed to read it.
+ * 3. We can read it and ~luser@LOCALREALM is (not) included.
+ *
+ * We instead make the assumption that luser@LOCALREALM is *always*
+ * included. Thus it is impossible to have an empty .klogin file and
+ * also to exclude luser@LOCALREALM from it. Root is treated differently
+ * since it's home should always be available.
+ *
+ * OLD STRATEGY:
+ * If there is no account for "luser" on the local machine, returns
+ * NOTOK. If there is no authorization file, and the given Kerberos
+ * name "kdata" translates to the same name as "luser" (using
+ * krb_kntoln()), returns OK. Otherwise, if the authorization file
+ * can't be accessed, returns NOTOK. Otherwise, the file is read for
+ * a matching principal name, instance, and realm. If one is found,
+ * returns OK, if none is found, returns NOTOK.
+ *
+ * The file entries are in the format:
+ *
+ * name.instance@realm
+ *
+ * one entry per line.
+ *
+ */
+
+int
+krb_kuserok(char *name, char *instance, char *realm, char *luser)
+{
+ struct passwd *pwd;
+ char lrealm[REALM_SZ];
+ FILE *f;
+ char line[1024];
+ char file[MaxPathLen];
+ struct stat st;
+
+ pwd = getpwnam(luser);
+ if(pwd == NULL)
+ return NOTOK;
+ if(krb_get_lrealm(lrealm, 1))
+ return NOTOK;
+ if(pwd->pw_uid != 0 &&
+ strcmp(name, luser) == 0 &&
+ strcmp(instance, "") == 0 &&
+ strcmp(realm, lrealm) == 0)
+ return OK;
+ strcpy(file, pwd->pw_dir);
+ strcat(file, "/.klogin");
+
+ f = fopen(file, "r");
+ if(f == NULL)
+ return NOTOK;
+
+ /* this is not a working test in filesystems like AFS and DFS */
+ if(fstat(fileno(f), &st) < 0){
+ fclose(f);
+ return NOTOK;
+ }
+
+ if(st.st_uid != pwd->pw_uid){
+ fclose(f);
+ return NOTOK;
+ }
+
+ while(fgets(line, sizeof(line), f)){
+ char fname[ANAME_SZ], finst[INST_SZ], frealm[REALM_SZ];
+ if(line[strlen(line) - 1] != '\n')
+ /* read till end of line */
+ while(1){
+ int c = fgetc(f);
+ if(c == '\n' || c == EOF)
+ break;
+ }
+ else
+ line[strlen(line) - 1] = 0;
+
+ if(kname_parse(fname, finst, frealm, line))
+ continue;
+ if(strcmp(name, fname))
+ continue;
+ if(strcmp(instance, finst))
+ continue;
+ if(frealm[0] == 0)
+ strcpy(frealm, lrealm);
+ if(strcmp(realm, frealm))
+ continue;
+ fclose(f);
+ return OK;
+ }
+ fclose(f);
+ return NOTOK;
+}
+
+/* compatibility interface */
+
+int
+kuserok(AUTH_DAT *auth, char *luser)
+{
+ return krb_kuserok(auth->pname, auth->pinst, auth->prealm, luser);
+}
+
diff --git a/crypto/kerberosIV/lib/krb/lifetime.c b/crypto/kerberosIV/lib/krb/lifetime.c
new file mode 100644
index 0000000..1866996
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/lifetime.c
@@ -0,0 +1,213 @@
+/*
+ * Ticket lifetime. This defines the table used to lookup lifetime
+ * for the fixed part of rande of the one byte lifetime field. Values
+ * less than 0x80 are intrpreted as the number of 5 minute intervals.
+ * Values from 0x80 to 0xBF should be looked up in this table. The
+ * value of 0x80 is the same using both methods: 10 and two-thirds
+ * hours . The lifetime of 0xBF is 30 days. The intervening values
+ * of have a fixed ratio of roughly 1.06914. The value 0xFF is
+ * defined to mean a ticket has no expiration time. This should be
+ * used advisedly since individual servers may impose defacto
+ * upperbounds on ticket lifetimes.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: lifetime.c,v 1.9 1997/05/02 14:29:18 assar Exp $");
+
+/* If you want to disable this feature */
+int krb_no_long_lifetimes = 0;
+
+#define TKTLIFENUMFIXED 64
+#define TKTLIFEMINFIXED 0x80
+#define TKTLIFEMAXFIXED 0xBF
+#define TKTLIFENOEXPIRE 0xFF
+#define MAXTKTLIFETIME (30*24*3600) /* 30 days */
+#ifndef NEVERDATE
+#define NEVERDATE ((unsigned long)0x7fffffffL)
+#endif
+
+static const int tkt_lifetimes[TKTLIFENUMFIXED] = {
+ 38400, /* 10.67 hours, 0.44 days */
+ 41055, /* 11.40 hours, 0.48 days */
+ 43894, /* 12.19 hours, 0.51 days */
+ 46929, /* 13.04 hours, 0.54 days */
+ 50174, /* 13.94 hours, 0.58 days */
+ 53643, /* 14.90 hours, 0.62 days */
+ 57352, /* 15.93 hours, 0.66 days */
+ 61318, /* 17.03 hours, 0.71 days */
+ 65558, /* 18.21 hours, 0.76 days */
+ 70091, /* 19.47 hours, 0.81 days */
+ 74937, /* 20.82 hours, 0.87 days */
+ 80119, /* 22.26 hours, 0.93 days */
+ 85658, /* 23.79 hours, 0.99 days */
+ 91581, /* 25.44 hours, 1.06 days */
+ 97914, /* 27.20 hours, 1.13 days */
+ 104684, /* 29.08 hours, 1.21 days */
+ 111922, /* 31.09 hours, 1.30 days */
+ 119661, /* 33.24 hours, 1.38 days */
+ 127935, /* 35.54 hours, 1.48 days */
+ 136781, /* 37.99 hours, 1.58 days */
+ 146239, /* 40.62 hours, 1.69 days */
+ 156350, /* 43.43 hours, 1.81 days */
+ 167161, /* 46.43 hours, 1.93 days */
+ 178720, /* 49.64 hours, 2.07 days */
+ 191077, /* 53.08 hours, 2.21 days */
+ 204289, /* 56.75 hours, 2.36 days */
+ 218415, /* 60.67 hours, 2.53 days */
+ 233517, /* 64.87 hours, 2.70 days */
+ 249664, /* 69.35 hours, 2.89 days */
+ 266926, /* 74.15 hours, 3.09 days */
+ 285383, /* 79.27 hours, 3.30 days */
+ 305116, /* 84.75 hours, 3.53 days */
+ 326213, /* 90.61 hours, 3.78 days */
+ 348769, /* 96.88 hours, 4.04 days */
+ 372885, /* 103.58 hours, 4.32 days */
+ 398668, /* 110.74 hours, 4.61 days */
+ 426234, /* 118.40 hours, 4.93 days */
+ 455705, /* 126.58 hours, 5.27 days */
+ 487215, /* 135.34 hours, 5.64 days */
+ 520904, /* 144.70 hours, 6.03 days */
+ 556921, /* 154.70 hours, 6.45 days */
+ 595430, /* 165.40 hours, 6.89 days */
+ 636601, /* 176.83 hours, 7.37 days */
+ 680618, /* 189.06 hours, 7.88 days */
+ 727680, /* 202.13 hours, 8.42 days */
+ 777995, /* 216.11 hours, 9.00 days */
+ 831789, /* 231.05 hours, 9.63 days */
+ 889303, /* 247.03 hours, 10.29 days */
+ 950794, /* 264.11 hours, 11.00 days */
+ 1016537, /* 282.37 hours, 11.77 days */
+ 1086825, /* 301.90 hours, 12.58 days */
+ 1161973, /* 322.77 hours, 13.45 days */
+ 1242318, /* 345.09 hours, 14.38 days */
+ 1328218, /* 368.95 hours, 15.37 days */
+ 1420057, /* 394.46 hours, 16.44 days */
+ 1518247, /* 421.74 hours, 17.57 days */
+ 1623226, /* 450.90 hours, 18.79 days */
+ 1735464, /* 482.07 hours, 20.09 days */
+ 1855462, /* 515.41 hours, 21.48 days */
+ 1983758, /* 551.04 hours, 22.96 days */
+ 2120925, /* 589.15 hours, 24.55 days */
+ 2267576, /* 629.88 hours, 26.25 days */
+ 2424367, /* 673.44 hours, 28.06 days */
+ 2592000}; /* 720.00 hours, 30.00 days */
+
+/*
+ * krb_life_to_time - takes a start time and a Kerberos standard
+ * lifetime char and returns the corresponding end time. There are
+ * four simple cases to be handled. The first is a life of 0xff,
+ * meaning no expiration, and results in an end time of 0xffffffff.
+ * The second is when life is less than the values covered by the
+ * table. In this case, the end time is the start time plus the
+ * number of 5 minute intervals specified by life. The third case
+ * returns start plus the MAXTKTLIFETIME if life is greater than
+ * TKTLIFEMAXFIXED. The last case, uses the life value (minus
+ * TKTLIFEMINFIXED) as an index into the table to extract the lifetime
+ * in seconds, which is added to start to produce the end time.
+ */
+u_int32_t
+krb_life_to_time(u_int32_t start, int life_)
+{
+ unsigned char life = (unsigned char) life_;
+
+ if (krb_no_long_lifetimes) return start + life*5*60;
+
+ if (life == TKTLIFENOEXPIRE) return NEVERDATE;
+ if (life < TKTLIFEMINFIXED) return start + life*5*60;
+ if (life > TKTLIFEMAXFIXED) return start + MAXTKTLIFETIME;
+ return start + tkt_lifetimes[life - TKTLIFEMINFIXED];
+}
+
+/*
+ * krb_time_to_life - takes start and end times for the ticket and
+ * returns a Kerberos standard lifetime char, possibily using the
+ * tkt_lifetimes table for lifetimes above 127*5 minutes. First, the
+ * special case of (end == NEVERDATE) is handled to mean no
+ * expiration. Then negative lifetimes and those greater than the
+ * maximum ticket lifetime are rejected. Then lifetimes less than the
+ * first table entry are handled by rounding the requested lifetime
+ * *up* to the next 5 minute interval. The final step is to search
+ * the table for the smallest entry *greater than or equal* to the
+ * requested entry.
+ */
+int krb_time_to_life(u_int32_t start, u_int32_t end)
+{
+ int i;
+ long lifetime = end - start;
+
+ if (krb_no_long_lifetimes) return (lifetime + 5*60 - 1)/(5*60);
+
+ if (end >= NEVERDATE) return TKTLIFENOEXPIRE;
+ if (lifetime > MAXTKTLIFETIME || lifetime <= 0) return 0;
+ if (lifetime < tkt_lifetimes[0]) return (lifetime + 5*60 - 1)/(5*60);
+ for (i=0; i<TKTLIFENUMFIXED; i++) {
+ if (lifetime <= tkt_lifetimes[i]) {
+ return i+TKTLIFEMINFIXED;
+ }
+ }
+ return 0;
+}
+
+char *
+krb_life_to_atime(int life)
+{
+ static char atime[11+1+2+1+2+1+2+1];
+ unsigned long when;
+ int secs, mins, hours;
+
+ if (life == TKTLIFENOEXPIRE && !krb_no_long_lifetimes)
+ return("Forever");
+ when = krb_life_to_time(0, life);
+ secs = when%60;
+ when /= 60;
+ mins = when%60;
+ when /= 60;
+ hours = when%24;
+ when /= 24;
+ snprintf(atime, sizeof(atime), "%d+%02d:%02d:%02d", (int)when, hours, mins, secs);
+ return(atime);
+}
+
+int
+krb_atime_to_life(char *atime)
+{
+ unsigned long when = 0;
+ char *cp;
+ int colon = 0, plus = 0;
+ int n = 0;
+
+ if (strcasecmp(atime, "forever") == 0)
+ return(TKTLIFENOEXPIRE);
+
+ for (cp=atime; *cp; cp++) {
+ switch(*cp) {
+ case '0': case '1': case '2': case '3': case '4':
+ case '5': case '6': case '7': case '8': case '9':
+ n = n*10 + *cp-'0';
+ break;
+ case '+':
+ plus++;
+ when += n;
+ when *= 24;
+ n = 0;
+ break;
+ case ':':
+ colon++;
+ when += n;
+ when *= 60;
+ n = 0;
+ break;
+ default:
+ break;
+ }
+ }
+ when += n;
+ if (plus == 0 && colon == 0)
+ return((unsigned char)when);
+ while (colon < 2) {
+ when *= 60;
+ colon++;
+ }
+ return(krb_time_to_life(0,when));
+}
diff --git a/crypto/kerberosIV/lib/krb/logging.c b/crypto/kerberosIV/lib/krb/logging.c
new file mode 100644
index 0000000..15e5bde
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/logging.c
@@ -0,0 +1,240 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+#include <klog.h>
+
+RCSID("$Id: logging.c,v 1.14 1997/05/11 09:01:40 assar Exp $");
+
+struct krb_log_facility {
+ char filename[MaxPathLen];
+ FILE *file;
+ krb_log_func_t func;
+};
+
+int
+krb_vlogger(struct krb_log_facility *f, const char *format, va_list args)
+{
+ FILE *file = NULL;
+ int ret;
+
+ if (f->file != NULL)
+ file = f->file;
+ else if (f->filename && f->filename[0])
+ file = fopen(f->filename, "a");
+
+ ret = f->func(file, format, args);
+
+ if (file != f->file)
+ fclose(file);
+ return ret;
+}
+
+int
+krb_logger(struct krb_log_facility *f, const char *format, ...)
+{
+ va_list args;
+ int ret;
+ va_start(args, format);
+ ret = krb_vlogger(f, format, args);
+ va_end(args);
+ return ret;
+}
+
+/*
+ * If FILE * is given log to it, otherwise, log to filename. When
+ * given a file name the file is opened and closed for each log
+ * record.
+ */
+int
+krb_openlog(struct krb_log_facility *f,
+ char *filename,
+ FILE *file,
+ krb_log_func_t func)
+{
+ strcpy(f->filename, filename);
+ f->file = file;
+ f->func = func;
+ return KSUCCESS;
+}
+
+/* ------------------------------------------------------------
+ Compatibility functions from warning.c
+ ------------------------------------------------------------ */
+
+static int
+log_tty(FILE *f, const char *format, va_list args)
+{
+ if (f != NULL && isatty(fileno(f)))
+ vfprintf(f, format, args);
+ return KSUCCESS;
+}
+
+/* stderr */
+static struct krb_log_facility std_log = { "/dev/tty", NULL, log_tty };
+
+static void
+init_std_log ()
+{
+ static int done = 0;
+
+ if (!done) {
+ std_log.file = stderr;
+ done = 1;
+ }
+}
+
+/*
+ *
+ */
+void
+krb_set_warnfn (krb_warnfn_t newfunc)
+{
+ init_std_log ();
+ std_log.func = newfunc;
+}
+
+/*
+ *
+ */
+krb_warnfn_t
+krb_get_warnfn (void)
+{
+ init_std_log ();
+ return std_log.func;
+}
+
+/*
+ * Log warnings to stderr if it's a tty.
+ */
+void
+krb_warning (const char *format, ...)
+{
+ va_list args;
+
+ init_std_log ();
+ va_start(args, format);
+ krb_vlogger(&std_log, format, args);
+ va_end(args);
+}
+
+/* ------------------------------------------------------------
+ Compatibility functions from klog.c and log.c
+ ------------------------------------------------------------ */
+
+/*
+ * Used by kerberos and kadmind daemons and in libkrb (rd_req.c).
+ *
+ * By default they log to the kerberos server log-file (KRBLOG) to be
+ * backwards compatible.
+ */
+
+static int
+log_with_timestamp_and_nl(FILE *file, const char *format, va_list args)
+{
+ time_t now;
+ if(file == NULL)
+ return KFAILURE;
+ time(&now);
+ fputs(krb_stime(&now), file);
+ fputs(": ", file);
+ vfprintf(file, format, args);
+ fputs("\n", file);
+ fflush(file);
+ return KSUCCESS;
+}
+
+static struct krb_log_facility
+file_log = { KRBLOG, NULL, log_with_timestamp_and_nl };
+
+/*
+ * kset_logfile() changes the name of the file to which
+ * messages are logged. If kset_logfile() is not called,
+ * the logfile defaults to KRBLOG, defined in "krb.h".
+ */
+
+void
+kset_logfile(char *filename)
+{
+ krb_openlog(&file_log, filename, NULL, log_with_timestamp_and_nl);
+}
+
+/*
+ * krb_log() and klog() is used to add entries to the logfile.
+ *
+ * The log entry consists of a timestamp and the given arguments
+ * printed according to the given "format" string.
+ *
+ * The log file is opened and closed for each log entry.
+ *
+ * If the given log type "type" is unknown, or if the log file
+ * cannot be opened, no entry is made to the log file.
+ *
+ * CHANGE: the type is always ignored
+ *
+ * The return value of klog() is always a pointer to the formatted log
+ * text string "logtxt".
+ */
+
+/* Used in kerberos.c only. */
+char *
+klog(int type, const char *format, ...)
+{
+ static char logtxt[1024];
+
+ va_list ap;
+
+ va_start(ap, format);
+ vsnprintf(logtxt, sizeof(logtxt), format, ap);
+ va_end(ap);
+
+ krb_logger(&file_log, "%s", logtxt);
+
+ return logtxt;
+}
+
+/* Used in kadmind and rd_req.c */
+void
+krb_log(const char *format, ...)
+{
+ va_list args;
+
+ va_start(args, format);
+ krb_vlogger(&file_log, format, args);
+ va_end(args);
+}
diff --git a/crypto/kerberosIV/lib/krb/lsb_addr_comp.c b/crypto/kerberosIV/lib/krb/lsb_addr_comp.c
new file mode 100644
index 0000000..bc3c484
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/lsb_addr_comp.c
@@ -0,0 +1,105 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: lsb_addr_comp.c,v 1.9 1997/04/01 08:18:37 joda Exp $");
+
+#include "lsb_addr_comp.h"
+
+int
+krb_lsb_antinet_ulong_cmp(u_int32_t x, u_int32_t y)
+{
+ int i;
+ u_int32_t a = 0, b = 0;
+ u_int8_t *p = (u_int8_t*) &x;
+ u_int8_t *q = (u_int8_t*) &y;
+
+ for(i = sizeof(u_int32_t) - 1; i >= 0; i--){
+ a = (a << 8) | p[i];
+ b = (b << 8) | q[i];
+ }
+ if(a > b)
+ return 1;
+ if(a < b)
+ return -1;
+ return 0;
+}
+
+int
+krb_lsb_antinet_ushort_cmp(u_int16_t x, u_int16_t y)
+{
+ int i;
+ u_int16_t a = 0, b = 0;
+ u_int8_t *p = (u_int8_t*) &x;
+ u_int8_t *q = (u_int8_t*) &y;
+
+ for(i = sizeof(u_int16_t) - 1; i >= 0; i--){
+ a = (a << 8) | p[i];
+ b = (b << 8) | q[i];
+ }
+ if(a > b)
+ return 1;
+ if(a < b)
+ return -1;
+ return 0;
+}
+
+u_int32_t
+lsb_time(time_t t, struct sockaddr_in *src, struct sockaddr_in *dst)
+{
+ /*
+ * direction bit is the sign bit of the timestamp. Ok until
+ * 2038??
+ */
+ /* For compatibility with broken old code, compares are done in VAX
+ byte order (LSBFIRST) */
+ if (krb_lsb_antinet_ulong_less(src->sin_addr.s_addr, /* src < recv */
+ dst->sin_addr.s_addr) < 0)
+ t = -t;
+ else if (krb_lsb_antinet_ulong_less(src->sin_addr.s_addr,
+ dst->sin_addr.s_addr)==0)
+ if (krb_lsb_antinet_ushort_less(src->sin_port, dst->sin_port) < 0)
+ t = -t;
+ /*
+ * all that for one tiny bit! Heaven help those that talk to
+ * themselves.
+ */
+ t = t & 0xffffffff;
+ return t;
+}
diff --git a/crypto/kerberosIV/lib/krb/lsb_addr_comp.h b/crypto/kerberosIV/lib/krb/lsb_addr_comp.h
new file mode 100644
index 0000000..21adf06
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/lsb_addr_comp.h
@@ -0,0 +1,26 @@
+/*
+ * $Id: lsb_addr_comp.h,v 1.6 1996/10/05 00:18:02 joda Exp $
+ *
+ * Copyright 1988 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * Comparison macros to emulate LSBFIRST comparison results of network
+ * byte-order quantities
+ */
+
+#ifndef LSB_ADDR_COMP_DEFS
+#define LSB_ADDR_COMP_DEFS
+
+/* Compare x and y in VAX byte order, result is -1, 0 or 1. */
+
+#define krb_lsb_antinet_ulong_less(x, y) (((x) == (y)) ? 0 : krb_lsb_antinet_ulong_cmp(x, y))
+
+#define krb_lsb_antinet_ushort_less(x, y) (((x) == (y)) ? 0 : krb_lsb_antinet_ushort_cmp(x, y))
+
+int krb_lsb_antinet_ulong_cmp(u_int32_t x, u_int32_t y);
+int krb_lsb_antinet_ushort_cmp(u_int16_t x, u_int16_t y);
+u_int32_t lsb_time(time_t t, struct sockaddr_in *src, struct sockaddr_in *dst);
+
+#endif /* LSB_ADDR_COMP_DEFS */
diff --git a/crypto/kerberosIV/lib/krb/mk_auth.c b/crypto/kerberosIV/lib/krb/mk_auth.c
new file mode 100644
index 0000000..7cfb36b
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/mk_auth.c
@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: mk_auth.c,v 1.4 1997/04/01 08:18:35 joda Exp $");
+
+/*
+ * Generate an authenticator for service.instance@realm.
+ * instance is canonicalized by `krb_get_phost'
+ * realm is set to the local realm if realm == NULL
+ * The ticket acquired by `krb_mk_req' is returned in `ticket' and the
+ * authenticator in `buf'.
+ * Options control the behaviour (see krb_sendauth).
+ */
+
+int
+krb_mk_auth(int32_t options,
+ KTEXT ticket,
+ char *service,
+ char *instance,
+ char *realm,
+ u_int32_t checksum,
+ char *version,
+ KTEXT buf)
+{
+ char realinst[INST_SZ];
+ char realrealm[REALM_SZ];
+ int ret;
+ unsigned char *p;
+
+ if (options & KOPT_DONT_CANON)
+ strncpy(realinst, instance, sizeof(realinst));
+ else
+ strncpy(realinst, krb_get_phost (instance), sizeof(realinst));
+
+ if (realm == NULL) {
+ ret = krb_get_lrealm (realrealm, 1);
+ if (ret != KSUCCESS)
+ return ret;
+ realm = realrealm;
+ }
+
+ if(!(options & KOPT_DONT_MK_REQ)) {
+ ret = krb_mk_req (ticket, service, realinst, realm, checksum);
+ if (ret != KSUCCESS)
+ return ret;
+ }
+
+ p = buf->dat;
+
+ memcpy (p, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN);
+ p += KRB_SENDAUTH_VLEN;
+ memcpy (p, version, KRB_SENDAUTH_VLEN);
+ p += KRB_SENDAUTH_VLEN;
+ p += krb_put_int(ticket->length, p, 4);
+ memcpy(p, ticket->dat, ticket->length);
+ p += ticket->length;
+ buf->length = p - buf->dat;
+ return KSUCCESS;
+}
diff --git a/crypto/kerberosIV/lib/krb/mk_err.c b/crypto/kerberosIV/lib/krb/mk_err.c
new file mode 100644
index 0000000..710587a
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/mk_err.c
@@ -0,0 +1,56 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: mk_err.c,v 1.6 1997/03/23 03:53:14 joda Exp $");
+
+/*
+ * This routine creates a general purpose error reply message. It
+ * doesn't use KTEXT because application protocol may have long
+ * messages, and may want this part of buffer contiguous to other
+ * stuff.
+ *
+ * The error reply is built in "p", using the error code "e" and
+ * error text "e_string" given. The length of the error reply is
+ * returned.
+ *
+ * The error reply is in the following format:
+ *
+ * unsigned char KRB_PROT_VERSION protocol version no.
+ * unsigned char AUTH_MSG_APPL_ERR message type
+ * (least significant
+ * bit of above) HOST_BYTE_ORDER local byte order
+ * 4 bytes e given error code
+ * string e_string given error text
+ */
+
+int32_t
+krb_mk_err(u_char *p, int32_t e, char *e_string)
+{
+ unsigned char *start = p;
+ p += krb_put_int(KRB_PROT_VERSION, p, 1);
+ p += krb_put_int(AUTH_MSG_APPL_ERR, p, 1);
+
+ p += krb_put_int(e, p, 4);
+ p += krb_put_string(e_string, p);
+ return p - start;
+}
diff --git a/crypto/kerberosIV/lib/krb/mk_priv.c b/crypto/kerberosIV/lib/krb/mk_priv.c
new file mode 100644
index 0000000..b6a9cc4
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/mk_priv.c
@@ -0,0 +1,125 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: mk_priv.c,v 1.18 1997/04/01 08:18:37 joda Exp $");
+
+/* application include files */
+#include "lsb_addr_comp.h"
+
+/*
+ * krb_mk_priv() constructs an AUTH_MSG_PRIVATE message. It takes
+ * some user data "in" of "length" bytes and creates a packet in "out"
+ * consisting of the user data, a timestamp, and the sender's network
+ * address.
+ * The packet is encrypted by pcbc_encrypt(), using the given
+ * "key" and "schedule".
+ * The length of the resulting packet "out" is
+ * returned.
+ *
+ * It is similar to krb_mk_safe() except for the additional key
+ * schedule argument "schedule" and the fact that the data is encrypted
+ * rather than appended with a checksum. The protocol version is
+ * KRB_PROT_VERSION, defined in "krb.h".
+ *
+ * The "out" packet consists of:
+ *
+ * Size Variable Field
+ * ---- -------- -----
+ *
+ * 1 byte KRB_PROT_VERSION protocol version number
+ * 1 byte AUTH_MSG_PRIVATE | message type plus local
+ * HOST_BYTE_ORDER byte order in low bit
+ *
+ * 4 bytes c_length length of data
+ * we encrypt from here with pcbc_encrypt
+ *
+ * 4 bytes length length of user data
+ * length in user data
+ * 1 byte msg_time_5ms timestamp milliseconds
+ * 4 bytes sender->sin.addr.s_addr sender's IP address
+ *
+ * 4 bytes msg_time_sec or timestamp seconds with
+ * -msg_time_sec direction in sign bit
+ *
+ * 0<=n<=7 bytes pad to 8 byte multiple zeroes
+ */
+
+int32_t
+krb_mk_priv(void *in, void *out, u_int32_t length,
+ struct des_ks_struct *schedule, des_cblock *key,
+ struct sockaddr_in *sender, struct sockaddr_in *receiver)
+{
+ unsigned char *p = (unsigned char*)out;
+ unsigned char *cipher;
+
+ struct timeval tv;
+ u_int32_t src_addr;
+ u_int32_t len;
+
+ p += krb_put_int(KRB_PROT_VERSION, p, 1);
+ p += krb_put_int(AUTH_MSG_PRIVATE, p, 1);
+
+ len = 4 + length + 1 + 4 + 4;
+ len = (len + 7) & ~7;
+ p += krb_put_int(len, p, 4);
+
+ cipher = p;
+
+ p += krb_put_int(length, p, 4);
+
+ memcpy(p, in, length);
+ p += length;
+
+ gettimeofday(&tv, NULL);
+
+ *p++ =tv.tv_usec / 5000;
+
+ src_addr = sender->sin_addr.s_addr;
+ p += krb_put_address(src_addr, p);
+
+ p += krb_put_int(lsb_time(tv.tv_sec, sender, receiver), p, 4);
+
+ memset(p, 0, 7);
+
+ des_pcbc_encrypt((des_cblock *)cipher, (des_cblock *)cipher,
+ len, schedule, key, DES_ENCRYPT);
+
+ return (cipher - (unsigned char*)out) + len;
+}
diff --git a/crypto/kerberosIV/lib/krb/mk_req.c b/crypto/kerberosIV/lib/krb/mk_req.c
new file mode 100644
index 0000000..313ea04
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/mk_req.c
@@ -0,0 +1,215 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: mk_req.c,v 1.17 1997/05/30 17:42:38 bg Exp $");
+
+static int lifetime = 255; /* But no longer than TGT says. */
+
+
+static void
+build_request(KTEXT req, char *name, char *inst, char *realm,
+ u_int32_t checksum)
+{
+ struct timeval tv;
+ unsigned char *p = req->dat;
+
+ p += krb_put_nir(name, inst, realm, p);
+
+ p += krb_put_int(checksum, p, 4);
+
+
+ /* Fill in the times on the request id */
+ gettimeofday(&tv, NULL);
+
+ *p++ = tv.tv_usec / 5000; /* 5ms */
+
+ p += krb_put_int(tv.tv_sec, p, 4);
+
+ /* Fill to a multiple of 8 bytes for DES */
+ req->length = ((p - req->dat + 7)/8) * 8;
+}
+
+
+/*
+ * krb_mk_req takes a text structure in which an authenticator is to
+ * be built, the name of a service, an instance, a realm,
+ * and a checksum. It then retrieves a ticket for
+ * the desired service and creates an authenticator in the text
+ * structure passed as the first argument. krb_mk_req returns
+ * KSUCCESS on success and a Kerberos error code on failure.
+ *
+ * The peer procedure on the other end is krb_rd_req. When making
+ * any changes to this routine it is important to make corresponding
+ * changes to krb_rd_req.
+ *
+ * The authenticator consists of the following:
+ *
+ * authent->dat
+ *
+ * unsigned char KRB_PROT_VERSION protocol version no.
+ * unsigned char AUTH_MSG_APPL_REQUEST message type
+ * (least significant
+ * bit of above) HOST_BYTE_ORDER local byte ordering
+ * unsigned char kvno from ticket server's key version
+ * string realm server's realm
+ * unsigned char tl ticket length
+ * unsigned char idl request id length
+ * text ticket->dat ticket for server
+ * text req_id->dat request id
+ *
+ * The ticket information is retrieved from the ticket cache or
+ * fetched from Kerberos. The request id (called the "authenticator"
+ * in the papers on Kerberos) contains the following:
+ *
+ * req_id->dat
+ *
+ * string cr.pname {name, instance, and
+ * string cr.pinst realm of principal
+ * string myrealm making this request}
+ * 4 bytes checksum checksum argument given
+ * unsigned char tv_local.tf_usec time (milliseconds)
+ * 4 bytes tv_local.tv_sec time (seconds)
+ *
+ * req_id->length = 3 strings + 3 terminating nulls + 5 bytes for time,
+ * all rounded up to multiple of 8.
+ */
+
+int
+krb_mk_req(KTEXT authent, char *service, char *instance, char *realm,
+ int32_t checksum)
+{
+ KTEXT_ST req_st;
+ KTEXT req_id = &req_st;
+
+ CREDENTIALS cr; /* Credentials used by retr */
+ KTEXT ticket = &(cr.ticket_st); /* Pointer to tkt_st */
+ int retval; /* Returned by krb_get_cred */
+
+ char myrealm[REALM_SZ];
+
+ unsigned char *p = authent->dat;
+
+ p += krb_put_int(KRB_PROT_VERSION, p, 1);
+
+ p += krb_put_int(AUTH_MSG_APPL_REQUEST, p, 1);
+
+ /* Get the ticket and move it into the authenticator */
+ if (krb_ap_req_debug)
+ krb_warning("Realm: %s\n", realm);
+
+ retval = krb_get_cred(service,instance,realm,&cr);
+
+ if (retval == RET_NOTKT) {
+ retval = get_ad_tkt(service, instance, realm, lifetime);
+ if (retval == KSUCCESS)
+ retval = krb_get_cred(service, instance, realm, &cr);
+ }
+
+ if (retval != KSUCCESS)
+ return retval;
+
+
+ /*
+ * With multi realm ticket files either find a matching TGT or
+ * else use the first TGT for inter-realm authentication.
+ *
+ * In myrealm hold the realm of the principal "owning" the
+ * corresponding ticket-granting-ticket.
+ */
+
+ retval = krb_get_cred(KRB_TICKET_GRANTING_TICKET, realm, realm, 0);
+ if (retval == KSUCCESS)
+ strncpy(myrealm, realm, REALM_SZ);
+ else
+ retval = krb_get_tf_realm(TKT_FILE, myrealm);
+
+ if (retval != KSUCCESS)
+ return retval;
+
+ if (krb_ap_req_debug)
+ krb_warning("serv=%s.%s@%s princ=%s.%s@%s\n", service, instance, realm,
+ cr.pname, cr.pinst, myrealm);
+
+ p += krb_put_int(cr.kvno, p, 1);
+
+ p += krb_put_string(realm, p);
+
+ p += krb_put_int(ticket->length, p, 1);
+
+ build_request(req_id, cr.pname, cr.pinst, myrealm, checksum);
+
+ encrypt_ktext(req_id, &cr.session, DES_ENCRYPT);
+
+ p += krb_put_int(req_id->length, p, 1);
+
+ memcpy(p, ticket->dat, ticket->length);
+
+ p += ticket->length;
+
+ memcpy(p, req_id->dat, req_id->length);
+
+ p += req_id->length;
+
+ authent->length = p - authent->dat;
+
+ memset(&cr, 0, sizeof(cr));
+ memset(&req_st, 0, sizeof(req_st));
+
+ if (krb_ap_req_debug)
+ krb_warning("Authent->length = %d\n", authent->length);
+
+ return KSUCCESS;
+}
+
+/*
+ * krb_set_lifetime sets the default lifetime for additional tickets
+ * obtained via krb_mk_req().
+ *
+ * It returns the previous value of the default lifetime.
+ */
+
+int
+krb_set_lifetime(int newval)
+{
+ int olife = lifetime;
+
+ lifetime = newval;
+ return(olife);
+}
diff --git a/crypto/kerberosIV/lib/krb/mk_safe.c b/crypto/kerberosIV/lib/krb/mk_safe.c
new file mode 100644
index 0000000..df5ca21
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/mk_safe.c
@@ -0,0 +1,131 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: mk_safe.c,v 1.21 1997/04/19 23:18:03 joda Exp $");
+
+/* application include files */
+#include "lsb_addr_comp.h"
+
+
+/* from rd_safe.c */
+extern int dqc_type;
+void fixup_quad_cksum(void*, size_t, des_cblock*, void*, void*, int);
+
+/*
+ * krb_mk_safe() constructs an AUTH_MSG_SAFE message. It takes some
+ * user data "in" of "length" bytes and creates a packet in "out"
+ * consisting of the user data, a timestamp, and the sender's network
+ * address, followed by a checksum computed on the above, using the
+ * given "key". The length of the resulting packet is returned.
+ *
+ * The "out" packet consists of:
+ *
+ * Size Variable Field
+ * ---- -------- -----
+ *
+ * 1 byte KRB_PROT_VERSION protocol version number
+ * 1 byte AUTH_MSG_SAFE | message type plus local
+ * HOST_BYTE_ORDER byte order in low bit
+ *
+ * ===================== begin checksum ================================
+ *
+ * 4 bytes length length of user data
+ * length in user data
+ * 1 byte msg_time_5ms timestamp milliseconds
+ * 4 bytes sender->sin.addr.s_addr sender's IP address
+ *
+ * 4 bytes msg_time_sec or timestamp seconds with
+ * -msg_time_sec direction in sign bit
+ *
+ * ======================= end checksum ================================
+ *
+ * 16 bytes big_cksum quadratic checksum of
+ * above using "key"
+ */
+
+int32_t
+krb_mk_safe(void *in, void *out, u_int32_t length, des_cblock *key,
+ struct sockaddr_in *sender, struct sockaddr_in *receiver)
+{
+ unsigned char * p = (unsigned char*)out;
+ struct timeval tv;
+ unsigned char *start;
+ u_int32_t src_addr;
+
+ p += krb_put_int(KRB_PROT_VERSION, p, 1);
+ p += krb_put_int(AUTH_MSG_SAFE, p, 1);
+
+ start = p;
+
+ p += krb_put_int(length, p, 4);
+
+ memcpy(p, in, length);
+ p += length;
+
+ gettimeofday(&tv, NULL);
+
+ *p++ = tv.tv_usec/5000; /* 5ms */
+
+ src_addr = sender->sin_addr.s_addr;
+ p += krb_put_address(src_addr, p);
+
+ p += krb_put_int(lsb_time(tv.tv_sec, sender, receiver), p, 4);
+
+ {
+ /* We are faking big endian mode, so we need to fix the
+ * checksum (that is byte order dependent). We always send a
+ * checksum of the new type, unless we know that we are
+ * talking to an old client (this requires a call to
+ * krb_rd_safe first).
+ */
+ unsigned char new_checksum[16];
+ unsigned char old_checksum[16];
+ fixup_quad_cksum(start, p - start, key, new_checksum, old_checksum, 0);
+
+ if((dqc_type == DES_QUAD_GUESS && DES_QUAD_DEFAULT == DES_QUAD_OLD) ||
+ dqc_type == DES_QUAD_OLD)
+ memcpy(p, old_checksum, 16);
+ else
+ memcpy(p, new_checksum, 16);
+ }
+ p += 16;
+
+ return p - (unsigned char*)out;
+}
diff --git a/crypto/kerberosIV/lib/krb/month_sname.c b/crypto/kerberosIV/lib/krb/month_sname.c
new file mode 100644
index 0000000..aaceee5
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/month_sname.c
@@ -0,0 +1,39 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: month_sname.c,v 1.5 1997/03/23 03:53:14 joda Exp $");
+
+/*
+ * Given an integer 1-12, month_sname() returns a string
+ * containing the first three letters of the corresponding
+ * month. Returns 0 if the argument is out of range.
+ */
+
+const char *month_sname(int n)
+{
+ static const char *name[] = {
+ "Jan","Feb","Mar","Apr","May","Jun",
+ "Jul","Aug","Sep","Oct","Nov","Dec"
+ };
+ return((n < 1 || n > 12) ? 0 : name [n-1]);
+}
diff --git a/crypto/kerberosIV/lib/krb/name2name.c b/crypto/kerberosIV/lib/krb/name2name.c
new file mode 100644
index 0000000..fa95b89
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/name2name.c
@@ -0,0 +1,102 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: name2name.c,v 1.15 1997/04/30 04:30:36 assar Exp $");
+
+/* convert host to a more fully qualified domain name, returns 0 if
+ * phost is the same as host, 1 otherwise. phost should be
+ * phost_size bytes long.
+ */
+
+int
+krb_name_to_name(const char *host, char *phost, size_t phost_size)
+{
+ struct hostent *hp;
+ struct in_addr adr;
+ const char *tmp;
+
+ adr.s_addr = inet_addr(host);
+ hp = gethostbyname(host);
+ if (hp == NULL && adr.s_addr != INADDR_NONE)
+ hp = gethostbyaddr((char *)&adr, sizeof(adr), AF_INET);
+ if (hp == NULL)
+ tmp = host;
+ else
+ tmp = hp->h_name;
+ strncpy (phost, tmp, phost_size);
+ phost[phost_size - 1] = '\0';
+
+ if (strcmp(phost, host) == 0)
+ return 0;
+ else
+ return 1;
+}
+
+/* lowercase and truncate */
+
+void
+k_ricercar(char *name)
+{
+ char *p = name;
+ while(*p && *p != '.'){
+ if(isupper(*p))
+ *p = tolower(*p);
+ p++;
+ }
+ if(*p == '.')
+ *p = 0;
+}
+
+/*
+ * This routine takes an alias for a host name and returns the first
+ * field, in lower case, of its domain name.
+ *
+ * Example: "fOo.BAR.com" -> "foo"
+ */
+
+char *
+krb_get_phost(const char *alias)
+{
+ static char phost[MaxHostNameLen+1];
+
+ krb_name_to_name(alias, phost, sizeof(phost));
+ k_ricercar(phost);
+ return phost;
+}
diff --git a/crypto/kerberosIV/lib/krb/netread.c b/crypto/kerberosIV/lib/krb/netread.c
new file mode 100644
index 0000000..cbc1bd1
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/netread.c
@@ -0,0 +1,55 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: netread.c,v 1.6 1997/03/23 03:53:15 joda Exp $");
+
+/*
+ * krb_net_read() reads from the file descriptor "fd" to the buffer
+ * "buf", until either 1) "len" bytes have been read or 2) cannot
+ * read anymore from "fd". It returns the number of bytes read
+ * or a read() error. (The calling interface is identical to
+ * read(2).)
+ *
+ * XXX must not use non-blocking I/O
+ */
+
+int
+krb_net_read (int fd, void *v, size_t len)
+{
+ int cc, len2 = 0;
+ char *buf = v;
+
+ do {
+ cc = read(fd, buf, len);
+ if (cc < 0)
+ return(cc); /* errno is already set */
+ else if (cc == 0) {
+ return(len2);
+ } else {
+ buf += cc;
+ len2 += cc;
+ len -= cc;
+ }
+ } while (len > 0);
+ return(len2);
+}
diff --git a/crypto/kerberosIV/lib/krb/netwrite.c b/crypto/kerberosIV/lib/krb/netwrite.c
new file mode 100644
index 0000000..0703d91
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/netwrite.c
@@ -0,0 +1,52 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: netwrite.c,v 1.7 1997/03/23 03:53:15 joda Exp $");
+
+/*
+ * krb_net_write() writes "len" bytes from "buf" to the file
+ * descriptor "fd". It returns the number of bytes written or
+ * a write() error. (The calling interface is identical to
+ * write(2).)
+ *
+ * XXX must not use non-blocking I/O
+ */
+
+int
+krb_net_write(int fd, const void *v, size_t len)
+{
+ int cc;
+ int wrlen = len;
+ const char *buf = (const char*)v;
+
+ do {
+ cc = write(fd, buf, wrlen);
+ if (cc < 0)
+ return(cc);
+ else {
+ buf += cc;
+ wrlen -= cc;
+ }
+ } while (wrlen > 0);
+ return(len);
+}
diff --git a/crypto/kerberosIV/lib/krb/one.c b/crypto/kerberosIV/lib/krb/one.c
new file mode 100644
index 0000000..d43b284
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/one.c
@@ -0,0 +1,27 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+ WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ distribute this software and its documentation for any purpose and
+ without fee is hereby granted, provided that the above copyright
+ notice appear in all copies and that both that copyright notice and
+ this permission notice appear in supporting documentation, and that
+ the name of M.I.T. not be used in advertising or publicity pertaining
+ to distribution of the software without specific, written prior
+ permission. M.I.T. makes no representations about the suitability of
+ this software for any purpose. It is provided "as is" without express
+ or implied warranty.
+
+ */
+
+/*
+ * definition of variable set to 1.
+ * used in krb_conf.h to determine host byte order.
+ */
+
+int krbONE = 1;
diff --git a/crypto/kerberosIV/lib/krb/parse_name.c b/crypto/kerberosIV/lib/krb/parse_name.c
new file mode 100644
index 0000000..1184330
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/parse_name.c
@@ -0,0 +1,199 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: parse_name.c,v 1.4 1997/04/01 08:18:39 joda Exp $");
+
+int
+krb_parse_name(const char *fullname, krb_principal *principal)
+{
+ const char *p;
+ char *ns, *np;
+ enum {n, i, r} pos = n;
+ int quote = 0;
+ ns = np = principal->name;
+
+ principal->name[0] = 0;
+ principal->instance[0] = 0;
+ principal->realm[0] = 0;
+
+ for(p = fullname; *p; p++){
+ if(np - ns == ANAME_SZ - 1) /* XXX they have the same size */
+ return KNAME_FMT;
+ if(quote){
+ *np++ = *p;
+ quote = 0;
+ continue;
+ }
+ if(*p == '\\')
+ quote = 1;
+ else if(*p == '.' && pos == n){
+ *np = 0;
+ ns = np = principal->instance;
+ pos = i;
+ }else if(*p == '@' && (pos == n || pos == i)){
+ *np = 0;
+ ns = np = principal->realm;
+ pos = r;
+ }else
+ *np++ = *p;
+ }
+ *np = 0;
+ if(quote || principal->name[0] == 0)
+ return KNAME_FMT;
+ return KSUCCESS;
+}
+
+int
+kname_parse(char *np, char *ip, char *rp, char *fullname)
+{
+ krb_principal p;
+ int ret;
+ if((ret = krb_parse_name(fullname, &p)) == 0){
+ strcpy(np, p.name);
+ strcpy(ip, p.instance);
+ if(p.realm[0])
+ strcpy(rp, p.realm);
+ }
+ return ret;
+}
+/*
+ * k_isname() returns 1 if the given name is a syntactically legitimate
+ * Kerberos name; returns 0 if it's not.
+ */
+
+int
+k_isname(char *s)
+{
+ char c;
+ int backslash = 0;
+
+ if (!*s)
+ return 0;
+ if (strlen(s) > ANAME_SZ - 1)
+ return 0;
+ while ((c = *s++)) {
+ if (backslash) {
+ backslash = 0;
+ continue;
+ }
+ switch(c) {
+ case '\\':
+ backslash = 1;
+ break;
+ case '.':
+ return 0;
+ /* break; */
+ case '@':
+ return 0;
+ /* break; */
+ }
+ }
+ return 1;
+}
+
+
+/*
+ * k_isinst() returns 1 if the given name is a syntactically legitimate
+ * Kerberos instance; returns 0 if it's not.
+ */
+
+int
+k_isinst(char *s)
+{
+ char c;
+ int backslash = 0;
+
+ if (strlen(s) > INST_SZ - 1)
+ return 0;
+ while ((c = *s++)) {
+ if (backslash) {
+ backslash = 0;
+ continue;
+ }
+ switch(c) {
+ case '\\':
+ backslash = 1;
+ break;
+ case '.':
+#if INSTANCE_DOTS_OK
+ break;
+#else /* INSTANCE_DOTS_OK */
+ return 0;
+#endif /* INSTANCE_DOTS_OK */
+ /* break; */
+ case '@':
+ return 0;
+ /* break; */
+ }
+ }
+ return 1;
+}
+
+/*
+ * k_isrealm() returns 1 if the given name is a syntactically legitimate
+ * Kerberos realm; returns 0 if it's not.
+ */
+
+int
+k_isrealm(char *s)
+{
+ char c;
+ int backslash = 0;
+
+ if (!*s)
+ return 0;
+ if (strlen(s) > REALM_SZ - 1)
+ return 0;
+ while ((c = *s++)) {
+ if (backslash) {
+ backslash = 0;
+ continue;
+ }
+ switch(c) {
+ case '\\':
+ backslash = 1;
+ break;
+ case '@':
+ return 0;
+ /* break; */
+ }
+ }
+ return 1;
+}
diff --git a/crypto/kerberosIV/lib/krb/prot.h b/crypto/kerberosIV/lib/krb/prot.h
new file mode 100644
index 0000000..e4825e1
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/prot.h
@@ -0,0 +1,105 @@
+/*
+ * $Id: prot.h,v 1.7 1997/03/23 03:52:27 joda Exp $
+ *
+ * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
+ * of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * Include file with authentication protocol information.
+ */
+
+#ifndef PROT_DEFS
+#define PROT_DEFS
+
+#define KRB_SERVICE "kerberos-iv"
+#define KRB_PORT 750 /* PC's don't have
+ * /etc/services */
+#define KRB_PROT_VERSION 4
+#define MAX_PKT_LEN 1000
+#define MAX_TXT_LEN 1000
+
+/* Macro's to obtain various fields from a packet */
+
+#define pkt_version(packet) (unsigned int) *(packet->dat)
+#define pkt_msg_type(packet) (unsigned int) *(packet->dat+1)
+#define pkt_a_name(packet) (packet->dat+2)
+#define pkt_a_inst(packet) \
+ (packet->dat+3+strlen((char *)pkt_a_name(packet)))
+#define pkt_a_realm(packet) \
+ (pkt_a_inst(packet)+1+strlen((char *)pkt_a_inst(packet)))
+
+/* Macro to obtain realm from application request */
+#define apreq_realm(auth) (auth->dat + 3)
+
+#define pkt_time_ws(packet) (char *) \
+ (packet->dat+5+strlen((char *)pkt_a_name(packet)) + \
+ strlen((char *)pkt_a_inst(packet)) + \
+ strlen((char *)pkt_a_realm(packet)))
+
+#define pkt_no_req(packet) (unsigned short) \
+ *(packet->dat+9+strlen((char *)pkt_a_name(packet)) + \
+ strlen((char *)pkt_a_inst(packet)) + \
+ strlen((char *)pkt_a_realm(packet)))
+#define pkt_x_date(packet) (char *) \
+ (packet->dat+10+strlen((char *)pkt_a_name(packet)) + \
+ strlen((char *)pkt_a_inst(packet)) + \
+ strlen((char *)pkt_a_realm(packet)))
+#define pkt_err_code(packet) ( (char *) \
+ (packet->dat+9+strlen((char *)pkt_a_name(packet)) + \
+ strlen((char *)pkt_a_inst(packet)) + \
+ strlen((char *)pkt_a_realm(packet))))
+#define pkt_err_text(packet) \
+ (packet->dat+13+strlen((char *)pkt_a_name(packet)) + \
+ strlen((char *)pkt_a_inst(packet)) + \
+ strlen((char *)pkt_a_realm(packet)))
+
+/* Routines to create and read packets may be found in prot.c */
+
+KTEXT create_auth_reply(char *pname, char *pinst, char *prealm,
+ int32_t time_ws, int n, u_int32_t x_date,
+ int kvno, KTEXT cipher);
+#ifdef DEBUG
+KTEXT krb_create_death_packet(char *a_name);
+#endif
+
+/* Message types , always leave lsb for byte order */
+
+#define AUTH_MSG_KDC_REQUEST 1<<1
+#define AUTH_MSG_KDC_REPLY 2<<1
+#define AUTH_MSG_APPL_REQUEST 3<<1
+#define AUTH_MSG_APPL_REQUEST_MUTUAL 4<<1
+#define AUTH_MSG_ERR_REPLY 5<<1
+#define AUTH_MSG_PRIVATE 6<<1
+#define AUTH_MSG_SAFE 7<<1
+#define AUTH_MSG_APPL_ERR 8<<1
+#define AUTH_MSG_KDC_FORWARD 9<<1
+#define AUTH_MSG_KDC_RENEW 10<<1
+#define AUTH_MSG_DIE 63<<1
+
+/* values for kerb error codes */
+
+#define KERB_ERR_OK 0
+#define KERB_ERR_NAME_EXP 1
+#define KERB_ERR_SERVICE_EXP 2
+#define KERB_ERR_AUTH_EXP 3
+#define KERB_ERR_PKT_VER 4
+#define KERB_ERR_NAME_MAST_KEY_VER 5
+#define KERB_ERR_SERV_MAST_KEY_VER 6
+#define KERB_ERR_BYTE_ORDER 7
+#define KERB_ERR_PRINCIPAL_UNKNOWN 8
+#define KERB_ERR_PRINCIPAL_NOT_UNIQUE 9
+#define KERB_ERR_NULL_KEY 10
+#define KERB_ERR_TIMEOUT 11
+
+/* sendauth - recvauth */
+
+/*
+ * If the protocol changes, you will need to change the version string
+ * be sure to support old versions of krb_sendauth!
+ */
+
+#define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN chars */
+
+#endif /* PROT_DEFS */
diff --git a/crypto/kerberosIV/lib/krb/rd_err.c b/crypto/kerberosIV/lib/krb/rd_err.c
new file mode 100644
index 0000000..3382eab
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/rd_err.c
@@ -0,0 +1,82 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: rd_err.c,v 1.8 1997/04/01 08:18:40 joda Exp $");
+
+/*
+ * Given an AUTH_MSG_APPL_ERR message, "in" and its length "in_length",
+ * return the error code from the message in "code" and the text in
+ * "m_data" as follows:
+ *
+ * m_data->app_data points to the error text
+ * m_data->app_length points to the length of the error text
+ *
+ * If all goes well, return RD_AP_OK. If the version number
+ * is wrong, return RD_AP_VERSION, and if it's not an AUTH_MSG_APPL_ERR
+ * type message, return RD_AP_MSG_TYPE.
+ *
+ * The AUTH_MSG_APPL_ERR message format can be found in mk_err.c
+ */
+
+int
+krb_rd_err(u_char *in, u_int32_t in_length, int32_t *code, MSG_DAT *m_data)
+{
+ unsigned char *p = (unsigned char*)in;
+
+ unsigned char pvno, type;
+ int little_endian;
+
+ pvno = *p++;
+ if(pvno != KRB_PROT_VERSION)
+ return RD_AP_VERSION;
+
+ type = *p++;
+ little_endian = type & 1;
+ type &= ~1;
+
+ if(type != AUTH_MSG_APPL_ERR)
+ return RD_AP_MSG_TYPE;
+
+ p += krb_get_int(p, (u_int32_t *)&code, 4, little_endian);
+
+ m_data->app_data = p;
+ m_data->app_length = in_length; /* XXX is this correct? */
+ return KSUCCESS;
+}
diff --git a/crypto/kerberosIV/lib/krb/rd_priv.c b/crypto/kerberosIV/lib/krb/rd_priv.c
new file mode 100644
index 0000000..58ecd9f
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/rd_priv.c
@@ -0,0 +1,129 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: rd_priv.c,v 1.24 1997/05/14 17:53:29 joda Exp $");
+
+/* application include files */
+#include "lsb_addr_comp.h"
+
+/*
+ * krb_rd_priv() decrypts and checks the integrity of an
+ * AUTH_MSG_PRIVATE message. Given the message received, "in",
+ * the length of that message, "in_length", the key "schedule"
+ * and "key", and the network addresses of the
+ * "sender" and "receiver" of the message, krb_rd_safe() returns
+ * RD_AP_OK if the message is okay, otherwise some error code.
+ *
+ * The message data retrieved from "in" are returned in the structure
+ * "m_data". The pointer to the application data
+ * (m_data->app_data) refers back to the appropriate place in "in".
+ *
+ * See the file "mk_priv.c" for the format of the AUTH_MSG_PRIVATE
+ * message. The structure containing the extracted message
+ * information, MSG_DAT, is defined in "krb.h".
+ */
+
+int32_t
+krb_rd_priv(void *in, u_int32_t in_length,
+ struct des_ks_struct *schedule, des_cblock *key,
+ struct sockaddr_in *sender, struct sockaddr_in *receiver,
+ MSG_DAT *m_data)
+{
+ unsigned char *p = (unsigned char*)in;
+ int little_endian;
+ u_int32_t clen;
+ struct timeval tv;
+ u_int32_t src_addr;
+ int delta_t;
+
+ unsigned char pvno, type;
+
+ pvno = *p++;
+ if(pvno != KRB_PROT_VERSION)
+ return RD_AP_VERSION;
+
+ type = *p++;
+ little_endian = type & 1;
+ type &= ~1;
+
+ p += krb_get_int(p, &clen, 4, little_endian);
+
+ if(clen + 2 > in_length)
+ return RD_AP_MODIFIED;
+
+ des_pcbc_encrypt((des_cblock*)p, (des_cblock*)p, clen,
+ schedule, key, DES_DECRYPT);
+
+ p += krb_get_int(p, &m_data->app_length, 4, little_endian);
+ if(m_data->app_length + 17 > in_length)
+ return RD_AP_MODIFIED;
+
+ m_data->app_data = p;
+ p += m_data->app_length;
+
+ m_data->time_5ms = *p++;
+
+ p += krb_get_address(p, &src_addr);
+
+ if (!krb_equiv(src_addr, sender->sin_addr.s_addr))
+ return RD_AP_BADD;
+
+ p += krb_get_int(p, (u_int32_t *)&m_data->time_sec, 4, little_endian);
+
+ m_data->time_sec = lsb_time(m_data->time_sec, sender, receiver);
+
+ gettimeofday(&tv, NULL);
+
+ /* check the time integrity of the msg */
+ delta_t = abs((int)((long) tv.tv_sec - m_data->time_sec));
+ if (delta_t > CLOCK_SKEW)
+ return RD_AP_TIME;
+ if (krb_debug)
+ krb_warning("\ndelta_t = %d", (int) delta_t);
+
+ /*
+ * caller must check timestamps for proper order and
+ * replays, since server might have multiple clients
+ * each with its own timestamps and we don't assume
+ * tightly synchronized clocks.
+ */
+
+ return KSUCCESS;
+}
diff --git a/crypto/kerberosIV/lib/krb/rd_req.c b/crypto/kerberosIV/lib/krb/rd_req.c
new file mode 100644
index 0000000..1a3e848
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/rd_req.c
@@ -0,0 +1,324 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: rd_req.c,v 1.24 1997/05/11 11:05:28 assar Exp $");
+
+static struct timeval t_local = { 0, 0 };
+
+/*
+ * Keep the following information around for subsequent calls
+ * to this routine by the same server using the same key.
+ */
+
+static des_key_schedule serv_key; /* Key sched to decrypt ticket */
+static des_cblock ky; /* Initialization vector */
+static int st_kvno; /* version number for this key */
+static char st_rlm[REALM_SZ]; /* server's realm */
+static char st_nam[ANAME_SZ]; /* service name */
+static char st_inst[INST_SZ]; /* server's instance */
+
+/*
+ * This file contains two functions. krb_set_key() takes a DES
+ * key or password string and returns a DES key (either the original
+ * key, or the password converted into a DES key) and a key schedule
+ * for it.
+ *
+ * krb_rd_req() reads an authentication request and returns information
+ * about the identity of the requestor, or an indication that the
+ * identity information was not authentic.
+ */
+
+/*
+ * krb_set_key() takes as its first argument either a DES key or a
+ * password string. The "cvt" argument indicates how the first
+ * argument "key" is to be interpreted: if "cvt" is null, "key" is
+ * taken to be a DES key; if "cvt" is non-null, "key" is taken to
+ * be a password string, and is converted into a DES key using
+ * string_to_key(). In either case, the resulting key is returned
+ * in the external static variable "ky". A key schedule is
+ * generated for "ky" and returned in the external static variable
+ * "serv_key".
+ *
+ * This routine returns the return value of des_key_sched.
+ *
+ * krb_set_key() needs to be in the same .o file as krb_rd_req() so that
+ * the key set by krb_set_key() is available in private storage for
+ * krb_rd_req().
+ */
+
+int
+krb_set_key(void *key, int cvt)
+{
+#ifdef NOENCRYPTION
+ memset(ky, 0, sizeof(ky));
+ return KSUCCESS;
+#else /* Encrypt */
+ if (cvt)
+ des_string_to_key((char*)key, &ky);
+ else
+ memcpy((char*)ky, key, 8);
+ return(des_key_sched(&ky, serv_key));
+#endif /* NOENCRYPTION */
+}
+
+
+/*
+ * krb_rd_req() takes an AUTH_MSG_APPL_REQUEST or
+ * AUTH_MSG_APPL_REQUEST_MUTUAL message created by krb_mk_req(),
+ * checks its integrity and returns a judgement as to the requestor's
+ * identity.
+ *
+ * The "authent" argument is a pointer to the received message.
+ * The "service" and "instance" arguments name the receiving server,
+ * and are used to get the service's ticket to decrypt the ticket
+ * in the message, and to compare against the server name inside the
+ * ticket. "from_addr" is the network address of the host from which
+ * the message was received; this is checked against the network
+ * address in the ticket. If "from_addr" is zero, the check is not
+ * performed. "ad" is an AUTH_DAT structure which is
+ * filled in with information about the sender's identity according
+ * to the authenticator and ticket sent in the message. Finally,
+ * "fn" contains the name of the file containing the server's key.
+ * (If "fn" is NULL, the server's key is assumed to have been set
+ * by krb_set_key(). If "fn" is the null string ("") the default
+ * file KEYFILE, defined in "krb.h", is used.)
+ *
+ * krb_rd_req() returns RD_AP_OK if the authentication information
+ * was genuine, or one of the following error codes (defined in
+ * "krb.h"):
+ *
+ * RD_AP_VERSION - wrong protocol version number
+ * RD_AP_MSG_TYPE - wrong message type
+ * RD_AP_UNDEC - couldn't decipher the message
+ * RD_AP_INCON - inconsistencies found
+ * RD_AP_BADD - wrong network address
+ * RD_AP_TIME - client time (in authenticator)
+ * too far off server time
+ * RD_AP_NYV - Kerberos time (in ticket) too
+ * far off server time
+ * RD_AP_EXP - ticket expired
+ *
+ * For the message format, see krb_mk_req().
+ *
+ * Mutual authentication is not implemented.
+ */
+
+int
+krb_rd_req(KTEXT authent, /* The received message */
+ char *service, /* Service name */
+ char *instance, /* Service instance */
+ int32_t from_addr, /* Net address of originating host */
+ AUTH_DAT *ad, /* Structure to be filled in */
+ char *fn) /* Filename to get keys from */
+{
+ static KTEXT_ST ticket; /* Temp storage for ticket */
+ static KTEXT tkt = &ticket;
+ static KTEXT_ST req_id_st; /* Temp storage for authenticator */
+ KTEXT req_id = &req_id_st;
+
+ char realm[REALM_SZ]; /* Realm of issuing kerberos */
+
+ unsigned char skey[KKEY_SZ]; /* Session key from ticket */
+ char sname[SNAME_SZ]; /* Service name from ticket */
+ char iname[INST_SZ]; /* Instance name from ticket */
+ char r_aname[ANAME_SZ]; /* Client name from authenticator */
+ char r_inst[INST_SZ]; /* Client instance from authenticator */
+ char r_realm[REALM_SZ]; /* Client realm from authenticator */
+ u_int32_t r_time_sec; /* Coarse time from authenticator */
+ unsigned long delta_t; /* Time in authenticator - local time */
+ long tkt_age; /* Age of ticket */
+ static unsigned char s_kvno;/* Version number of the server's key
+ * Kerberos used to encrypt ticket */
+
+ struct timeval tv;
+ int status;
+
+ int pvno;
+ int type;
+ int little_endian;
+
+ unsigned char *p;
+
+ if (authent->length <= 0)
+ return(RD_AP_MODIFIED);
+
+ p = authent->dat;
+
+ /* get msg version, type and byte order, and server key version */
+
+ pvno = *p++;
+
+ if(pvno != KRB_PROT_VERSION)
+ return RD_AP_VERSION;
+
+ type = *p++;
+
+ little_endian = type & 1;
+ type &= ~1;
+
+ if(type != AUTH_MSG_APPL_REQUEST && type != AUTH_MSG_APPL_REQUEST_MUTUAL)
+ return RD_AP_MSG_TYPE;
+
+ s_kvno = *p++;
+
+ p += krb_get_string(p, realm);
+
+ /*
+ * If "fn" is NULL, key info should already be set; don't
+ * bother with ticket file. Otherwise, check to see if we
+ * already have key info for the given server and key version
+ * (saved in the static st_* variables). If not, go get it
+ * from the ticket file. If "fn" is the null string, use the
+ * default ticket file.
+ */
+ if (fn && (strcmp(st_nam,service) || strcmp(st_inst,instance) ||
+ strcmp(st_rlm,realm) || (st_kvno != s_kvno))) {
+ if (*fn == 0) fn = KEYFILE;
+ st_kvno = s_kvno;
+ if (read_service_key(service, instance, realm, s_kvno,
+ fn, (char *)skey))
+ return(RD_AP_UNDEC);
+ if ((status = krb_set_key((char*)skey, 0)))
+ return(status);
+ strcpy(st_rlm, realm);
+ strcpy(st_nam, service);
+ strcpy(st_inst, instance);
+ }
+
+ tkt->length = *p++;
+
+ req_id->length = *p++;
+
+ if(tkt->length + (p - authent->dat) > authent->length)
+ return RD_AP_MODIFIED;
+
+ memcpy(tkt->dat, p, tkt->length);
+ p += tkt->length;
+
+ if (krb_ap_req_debug)
+ krb_log("ticket->length: %d",tkt->length);
+
+ /* Decrypt and take apart ticket */
+ if (decomp_ticket(tkt, &ad->k_flags, ad->pname, ad->pinst, ad->prealm,
+ &ad->address, ad->session, &ad->life,
+ &ad->time_sec, sname, iname, &ky, serv_key))
+ return RD_AP_UNDEC;
+
+ if (krb_ap_req_debug) {
+ krb_log("Ticket Contents.");
+ krb_log(" Aname: %s.%s",ad->pname, ad->prealm);
+ krb_log(" Service: %s", krb_unparse_name_long(sname, iname, NULL));
+ }
+
+ /* Extract the authenticator */
+
+ if(req_id->length + (p - authent->dat) > authent->length)
+ return RD_AP_MODIFIED;
+
+ memcpy(req_id->dat, p, req_id->length);
+ p = req_id->dat;
+
+#ifndef NOENCRYPTION
+ /* And decrypt it with the session key from the ticket */
+ if (krb_ap_req_debug) krb_log("About to decrypt authenticator");
+
+ encrypt_ktext(req_id, &ad->session, DES_DECRYPT);
+
+ if (krb_ap_req_debug) krb_log("Done.");
+#endif /* NOENCRYPTION */
+
+ /* cast req_id->length to int? */
+#define check_ptr() if ((ptr - (char *) req_id->dat) > req_id->length) return(RD_AP_MODIFIED);
+
+ p += krb_get_nir(p, r_aname, r_inst, r_realm); /* XXX no rangecheck */
+
+ p += krb_get_int(p, &ad->checksum, 4, little_endian);
+
+ p++; /* time_5ms is not used */
+
+ p += krb_get_int(p, &r_time_sec, 4, little_endian);
+
+ /* Check for authenticity of the request */
+ if (krb_ap_req_debug)
+ krb_log("Principal: %s.%s@%s / %s.%s@%s",ad->pname,ad->pinst, ad->prealm,
+ r_aname, r_inst, r_realm);
+ if (strcmp(ad->pname, r_aname) != 0 ||
+ strcmp(ad->pinst, r_inst) != 0 ||
+ strcmp(ad->prealm, r_realm) != 0)
+ return RD_AP_INCON;
+
+ if (krb_ap_req_debug)
+ krb_log("Address: %x %x", ad->address, from_addr);
+
+ if (from_addr && (!krb_equiv(ad->address, from_addr)))
+ return RD_AP_BADD;
+
+ gettimeofday(&tv, NULL);
+ delta_t = abs((int)(tv.tv_sec - r_time_sec));
+ if (delta_t > CLOCK_SKEW) {
+ if (krb_ap_req_debug)
+ krb_log("Time out of range: %lu - %lu = %lu",
+ (unsigned long)t_local.tv_sec,
+ (unsigned long)r_time_sec,
+ (unsigned long)delta_t);
+ return RD_AP_TIME;
+ }
+
+ /* Now check for expiration of ticket */
+
+ tkt_age = tv.tv_sec - ad->time_sec;
+ if (krb_ap_req_debug)
+ krb_log("Time: %ld Issue Date: %lu Diff: %ld Life %x",
+ (long)tv.tv_sec,
+ (unsigned long)ad->time_sec,
+ tkt_age,
+ ad->life);
+
+ if ((tkt_age < 0) && (-tkt_age > CLOCK_SKEW))
+ return RD_AP_NYV;
+
+ if (tv.tv_sec > krb_life_to_time(ad->time_sec, ad->life))
+ return RD_AP_EXP;
+
+ /* All seems OK */
+ ad->reply.length = 0;
+
+ return(RD_AP_OK);
+}
diff --git a/crypto/kerberosIV/lib/krb/rd_safe.c b/crypto/kerberosIV/lib/krb/rd_safe.c
new file mode 100644
index 0000000..8471df0
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/rd_safe.c
@@ -0,0 +1,178 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: rd_safe.c,v 1.24 1997/04/19 23:18:20 joda Exp $");
+
+/* application include files */
+#include "lsb_addr_comp.h"
+
+/* Generate two checksums in the given byteorder of the data, one
+ * new-form and one old-form. It has to be done this way to be
+ * compatible with the old version of des_quad_cksum.
+ */
+
+/* des_quad_chsum-type; 0 == unknown, 1 == new PL10++, 2 == old */
+int dqc_type = DES_QUAD_DEFAULT;
+
+void
+fixup_quad_cksum(void *start, size_t len, des_cblock *key,
+ void *new_checksum, void *old_checksum, int little)
+{
+ des_quad_cksum((des_cblock*)start, (des_cblock*)new_checksum, len, 2, key);
+ if(HOST_BYTE_ORDER){
+ if(little){
+ memcpy(old_checksum, new_checksum, 16);
+ }else{
+ u_int32_t *tmp = (u_int32_t*)new_checksum;
+ memcpy(old_checksum, new_checksum, 16);
+ swap_u_16(old_checksum);
+ swap_u_long(tmp[0]);
+ swap_u_long(tmp[1]);
+ swap_u_long(tmp[2]);
+ swap_u_long(tmp[3]);
+ }
+ }else{
+ if(little){
+ u_int32_t *tmp = (u_int32_t*)new_checksum;
+ swap_u_long(tmp[0]);
+ swap_u_long(tmp[1]);
+ swap_u_long(tmp[2]);
+ swap_u_long(tmp[3]);
+ memcpy(old_checksum, new_checksum, 16);
+ }else{
+ u_int32_t tmp[4];
+ tmp[0] = ((u_int32_t*)new_checksum)[3];
+ tmp[1] = ((u_int32_t*)new_checksum)[2];
+ tmp[2] = ((u_int32_t*)new_checksum)[1];
+ tmp[3] = ((u_int32_t*)new_checksum)[0];
+ memcpy(old_checksum, tmp, 16);
+ }
+ }
+}
+
+/*
+ * krb_rd_safe() checks the integrity of an AUTH_MSG_SAFE message.
+ * Given the message received, "in", the length of that message,
+ * "in_length", the "key" to compute the checksum with, and the
+ * network addresses of the "sender" and "receiver" of the message,
+ * krb_rd_safe() returns RD_AP_OK if message is okay, otherwise
+ * some error code.
+ *
+ * The message data retrieved from "in" is returned in the structure
+ * "m_data". The pointer to the application data (m_data->app_data)
+ * refers back to the appropriate place in "in".
+ *
+ * See the file "mk_safe.c" for the format of the AUTH_MSG_SAFE
+ * message. The structure containing the extracted message
+ * information, MSG_DAT, is defined in "krb.h".
+ */
+
+int32_t
+krb_rd_safe(void *in, u_int32_t in_length, des_cblock *key,
+ struct sockaddr_in *sender, struct sockaddr_in *receiver,
+ MSG_DAT *m_data)
+{
+ unsigned char *p = (unsigned char*)in, *start;
+
+ unsigned char pvno, type;
+ int little_endian;
+ struct timeval tv;
+ u_int32_t src_addr;
+ int delta_t;
+
+
+ pvno = *p++;
+ if(pvno != KRB_PROT_VERSION)
+ return RD_AP_VERSION;
+
+ type = *p++;
+ little_endian = type & 1;
+ type &= ~1;
+ if(type != AUTH_MSG_SAFE)
+ return RD_AP_MSG_TYPE;
+
+ start = p;
+
+ p += krb_get_int(p, &m_data->app_length, 4, little_endian);
+
+ if(m_data->app_length + 31 > in_length)
+ return RD_AP_MODIFIED;
+
+ m_data->app_data = p;
+
+ p += m_data->app_length;
+
+ m_data->time_5ms = *p++;
+
+ p += krb_get_address(p, &src_addr);
+
+ if (!krb_equiv(src_addr, sender->sin_addr.s_addr))
+ return RD_AP_BADD;
+
+ p += krb_get_int(p, (u_int32_t *)&m_data->time_sec, 4, little_endian);
+ m_data->time_sec = lsb_time(m_data->time_sec, sender, receiver);
+
+ gettimeofday(&tv, NULL);
+
+ delta_t = abs((int)((long) tv.tv_sec - m_data->time_sec));
+ if (delta_t > CLOCK_SKEW) return RD_AP_TIME;
+
+ /*
+ * caller must check timestamps for proper order and replays, since
+ * server might have multiple clients each with its own timestamps
+ * and we don't assume tightly synchronized clocks.
+ */
+
+ {
+ unsigned char new_checksum[16];
+ unsigned char old_checksum[16];
+ fixup_quad_cksum(start, p - start, key,
+ new_checksum, old_checksum, little_endian);
+ if((dqc_type == DES_QUAD_GUESS || dqc_type == DES_QUAD_NEW) &&
+ memcmp(new_checksum, p, 16) == 0)
+ dqc_type = DES_QUAD_NEW;
+ else if((dqc_type == DES_QUAD_GUESS || dqc_type == DES_QUAD_OLD) &&
+ memcmp(old_checksum, p, 16) == 0)
+ dqc_type = DES_QUAD_OLD;
+ else
+ return RD_AP_MODIFIED;
+ }
+ return KSUCCESS;
+}
diff --git a/crypto/kerberosIV/lib/krb/read_service_key.c b/crypto/kerberosIV/lib/krb/read_service_key.c
new file mode 100644
index 0000000..6de5db2
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/read_service_key.c
@@ -0,0 +1,116 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: read_service_key.c,v 1.8 1997/03/23 03:53:16 joda Exp $");
+
+/*
+ * The private keys for servers on a given host are stored in a
+ * "srvtab" file (typically "/etc/srvtab"). This routine extracts
+ * a given server's key from the file.
+ *
+ * read_service_key() takes the server's name ("service"), "instance",
+ * and "realm" and a key version number "kvno", and looks in the given
+ * "file" for the corresponding entry, and if found, returns the entry's
+ * key field in "key".
+ *
+ * If "instance" contains the string "*", then it will match
+ * any instance, and the chosen instance will be copied to that
+ * string. For this reason it is important that the there is enough
+ * space beyond the "*" to receive the entry.
+ *
+ * If "kvno" is 0, it is treated as a wild card and the first
+ * matching entry regardless of the "vno" field is returned.
+ *
+ * This routine returns KSUCCESS on success, otherwise KFAILURE.
+ *
+ * The format of each "srvtab" entry is as follows:
+ *
+ * Size Variable Field in file
+ * ---- -------- -------------
+ * string serv server name
+ * string inst server instance
+ * string realm server realm
+ * 1 byte vno server key version #
+ * 8 bytes key server's key
+ * ... ... ...
+ */
+
+
+int
+read_service_key(char *service, /* Service Name */
+ char *instance, /* Instance name or "*" */
+ char *realm, /* Realm */
+ int kvno, /* Key version number */
+ char *file, /* Filename */
+ char *key) /* Pointer to key to be filled in */
+{
+ char serv[SNAME_SZ];
+ char inst[INST_SZ];
+ char rlm[REALM_SZ];
+ unsigned char vno; /* Key version number */
+ int wcard;
+
+ int stab;
+
+ if ((stab = open(file, O_RDONLY, 0)) < 0)
+ return(KFAILURE);
+
+ wcard = (instance[0] == '*') && (instance[1] == '\0');
+
+ while (getst(stab,serv,SNAME_SZ) > 0) { /* Read sname */
+ getst(stab,inst,INST_SZ); /* Instance */
+ getst(stab,rlm,REALM_SZ); /* Realm */
+ /* Vers number */
+ if (read(stab, &vno, 1) != 1) {
+ close(stab);
+ return(KFAILURE);
+ }
+ /* Key */
+ if (read(stab,key,8) != 8) {
+ close(stab);
+ return(KFAILURE);
+ }
+ /* Is this the right service */
+ if (strcmp(serv,service))
+ continue;
+ /* How about instance */
+ if (!wcard && strcmp(inst,instance))
+ continue;
+ if (wcard)
+ strncpy(instance,inst,INST_SZ);
+ /* Is this the right realm */
+ if (strcmp(rlm,realm))
+ continue;
+
+ /* How about the key version number */
+ if (kvno && kvno != (int) vno)
+ continue;
+
+ close(stab);
+ return(KSUCCESS);
+ }
+
+ /* Can't find the requested service */
+ close(stab);
+ return(KFAILURE);
+}
diff --git a/crypto/kerberosIV/lib/krb/realm_parse.c b/crypto/kerberosIV/lib/krb/realm_parse.c
new file mode 100644
index 0000000..2ce852a
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/realm_parse.c
@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: realm_parse.c,v 1.10 1997/06/01 03:14:50 assar Exp $");
+
+static int
+realm_parse(char *realm, int length, const char *file)
+{
+ FILE *F;
+ char tr[128];
+ char *p;
+
+ if ((F = fopen(file,"r")) == NULL)
+ return -1;
+
+ while(fgets(tr, sizeof(tr), F)){
+ char *unused = NULL;
+ p = strtok_r(tr, " \t\n\r", &unused);
+ if(p && strcasecmp(p, realm) == 0){
+ fclose(F);
+ strncpy(realm, p, length);
+ return 0;
+ }
+ }
+ fclose(F);
+ return -1;
+}
+
+static const char *const files[] = KRB_CNF_FILES;
+
+int
+krb_realm_parse(char *realm, int length)
+{
+ int i;
+
+ const char *dir = getenv("KRBCONFDIR");
+
+ /* First try user specified file */
+ if (dir != 0) {
+ char fname[MaxPathLen];
+
+ if(k_concat(fname, sizeof(fname), dir, "/krb.conf", NULL) == 0)
+ if (realm_parse(realm, length, fname) == 0)
+ return 0;
+ }
+
+ for (i = 0; files[i] != NULL; i++)
+ if (realm_parse(realm, length, files[i]) == 0)
+ return 0;
+ return -1;
+}
diff --git a/crypto/kerberosIV/lib/krb/recvauth.c b/crypto/kerberosIV/lib/krb/recvauth.c
new file mode 100644
index 0000000..6c96897
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/recvauth.c
@@ -0,0 +1,190 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: recvauth.c,v 1.17 1997/03/23 03:53:16 joda Exp $");
+
+/*
+ * krb_recvauth() reads (and optionally responds to) a message sent
+ * using krb_sendauth(). The "options" argument is a bit-field of
+ * selected options (see "sendauth.c" for options description).
+ * The only option relevant to krb_recvauth() is KOPT_DO_MUTUAL
+ * (mutual authentication requested). The "fd" argument supplies
+ * a file descriptor to read from (and write to, if mutual authenti-
+ * cation is requested).
+ *
+ * Part of the received message will be a Kerberos ticket sent by the
+ * client; this is read into the "ticket" argument. The "service" and
+ * "instance" arguments supply the server's Kerberos name. If the
+ * "instance" argument is the string "*", it is treated as a wild card
+ * and filled in during the krb_rd_req() call (see read_service_key()).
+ *
+ * The "faddr" and "laddr" give the sending (client) and receiving
+ * (local server) network addresses. ("laddr" may be left NULL unless
+ * mutual authentication is requested, in which case it must be set.)
+ *
+ * The authentication information extracted from the message is returned
+ * in "kdata". The "filename" argument indicates the file where the
+ * server's key can be found. (It is passed on to krb_rd_req().) If
+ * left null, the default "/etc/srvtab" will be used.
+ *
+ * If mutual authentication is requested, the session key schedule must
+ * be computed in order to reply; this schedule is returned in the
+ * "schedule" argument. A string containing the application version
+ * number from the received message is returned in "version", which
+ * should be large enough to hold a KRB_SENDAUTH_VLEN-character string.
+ *
+ * See krb_sendauth() for the format of the received client message.
+ *
+ * krb_recvauth() first reads the protocol version string from the
+ * given file descriptor. If it doesn't match the current protocol
+ * version (KRB_SENDAUTH_VERS), the old-style format is assumed. In
+ * that case, the string of characters up to the first space is read
+ * and interpreted as the ticket length, then the ticket is read.
+ *
+ * If the first string did match KRB_SENDAUTH_VERS, krb_recvauth()
+ * next reads the application protocol version string. Then the
+ * ticket length and ticket itself are read.
+ *
+ * The ticket is decrypted and checked by the call to krb_rd_req().
+ * If no mutual authentication is required, the result of the
+ * krb_rd_req() call is retured by this routine. If mutual authenti-
+ * cation is required, a message in the following format is returned
+ * on "fd":
+ *
+ * Size Variable Field
+ * ---- -------- -----
+ *
+ * 4 bytes tkt_len length of ticket or -1
+ * if error occurred
+ *
+ * priv_len tmp_buf "private" message created
+ * by krb_mk_priv() which
+ * contains the incremented
+ * checksum sent by the client
+ * encrypted in the session
+ * key. (This field is not
+ * present in case of error.)
+ *
+ * If all goes well, KSUCCESS is returned; otherwise KFAILURE or some
+ * other error code is returned.
+ */
+
+static int
+send_error_reply(int fd)
+{
+ unsigned char tmp[4] = { 255, 255, 255, 255 };
+ if(krb_net_write(fd, tmp, sizeof(tmp)) != sizeof(tmp))
+ return -1;
+ return 0;
+}
+
+int
+krb_recvauth(int32_t options, /* bit-pattern of options */
+ int fd, /* file descr. to read from */
+ KTEXT ticket, /* storage for client's ticket */
+ char *service, /* service expected */
+ char *instance, /* inst expected (may be filled in) */
+ struct sockaddr_in *faddr, /* address of foreign host on fd */
+ struct sockaddr_in *laddr, /* local address */
+ AUTH_DAT *kdata, /* kerberos data (returned) */
+ char *filename, /* name of file with service keys */
+ struct des_ks_struct *schedule, /* key schedule (return) */
+ char *version) /* version string (filled in) */
+{
+ int cc;
+ char krb_vers[KRB_SENDAUTH_VLEN + 1]; /* + 1 for the null terminator */
+ int rem;
+ int32_t priv_len;
+ u_char tmp_buf[MAX_KTXT_LEN+max(KRB_SENDAUTH_VLEN+1,21)];
+
+ /* read the protocol version number */
+ if (krb_net_read(fd, krb_vers, KRB_SENDAUTH_VLEN) != KRB_SENDAUTH_VLEN)
+ return(errno);
+ krb_vers[KRB_SENDAUTH_VLEN] = '\0';
+
+ /* read the application version string */
+ if (krb_net_read(fd, version, KRB_SENDAUTH_VLEN) != KRB_SENDAUTH_VLEN)
+ return(errno);
+ version[KRB_SENDAUTH_VLEN] = '\0';
+
+ /* get the length of the ticket */
+ {
+ char tmp[4];
+ if (krb_net_read(fd, tmp, 4) != 4)
+ return -1;
+ krb_get_int(tmp, &ticket->length, 4, 0);
+ }
+
+ /* sanity check */
+ if (ticket->length <= 0 || ticket->length > MAX_KTXT_LEN) {
+ if (options & KOPT_DO_MUTUAL) {
+ if(send_error_reply(fd))
+ return -1;
+ return KFAILURE;
+ } else
+ return KFAILURE; /* XXX there may still be junk on the fd? */
+ }
+
+ /* read the ticket */
+ if (krb_net_read(fd, ticket->dat, ticket->length) != ticket->length)
+ return -1;
+ /*
+ * now have the ticket. decrypt it to get the authenticated
+ * data.
+ */
+ rem = krb_rd_req(ticket, service, instance, faddr->sin_addr.s_addr,
+ kdata, filename);
+
+ /* if we are doing mutual auth, compose a response */
+ if (options & KOPT_DO_MUTUAL) {
+ if (rem != KSUCCESS){
+ /* the krb_rd_req failed */
+ if(send_error_reply(fd))
+ return -1;
+ return rem;
+ }
+
+ /* add one to the (formerly) sealed checksum, and re-seal it
+ for return to the client */
+ {
+ unsigned char cs[4];
+ krb_put_int(kdata->checksum + 1, cs, 4);
+#ifndef NOENCRYPTION
+ des_key_sched(&kdata->session,schedule);
+#endif
+ priv_len = krb_mk_priv(cs,
+ tmp_buf+4,
+ 4,
+ schedule,
+ &kdata->session,
+ laddr,
+ faddr);
+ }
+ /* mk_priv will never fail */
+ priv_len += krb_put_int(priv_len, tmp_buf, 4);
+
+ if((cc = krb_net_write(fd, tmp_buf, priv_len)) != priv_len)
+ return -1;
+ }
+ return rem;
+}
diff --git a/crypto/kerberosIV/lib/krb/resolve.c b/crypto/kerberosIV/lib/krb/resolve.c
new file mode 100644
index 0000000..7777c0e
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/resolve.c
@@ -0,0 +1,288 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+#include "resolve.h"
+
+RCSID("$Id: resolve.c,v 1.11 1997/06/01 04:19:20 assar Exp $");
+
+#if defined(HAVE_RES_SEARCH) && defined(HAVE_DN_EXPAND)
+
+#define DECL(X) {#X, T_##X}
+
+static struct stot{
+ char *name;
+ int type;
+}stot[] = {
+ DECL(A),
+ DECL(NS),
+ DECL(CNAME),
+ DECL(PTR),
+ DECL(MX),
+ DECL(TXT),
+ DECL(AFSDB),
+ DECL(SRV),
+ {NULL, 0}
+};
+
+static int
+string_to_type(const char *name)
+{
+ struct stot *p = stot;
+ for(p = stot; p->name; p++)
+ if(strcasecmp(name, p->name) == 0)
+ return p->type;
+ return -1;
+}
+
+#if 0
+static char *
+type_to_string(int type)
+{
+ struct stot *p = stot;
+ for(p = stot; p->name; p++)
+ if(type == p->type)
+ return p->name;
+ return NULL;
+}
+#endif
+
+void
+dns_free_data(struct dns_reply *r)
+{
+ struct resource_record *rr;
+ if(r->q.domain)
+ free(r->q.domain);
+ for(rr = r->head; rr;){
+ struct resource_record *tmp = rr;
+ if(rr->domain)
+ free(rr->domain);
+ if(rr->u.data)
+ free(rr->u.data);
+ rr = rr->next;
+ free(tmp);
+ }
+ free (r);
+}
+
+static struct dns_reply*
+parse_reply(unsigned char *data, int len)
+{
+ unsigned char *p;
+ char host[128];
+ int status;
+
+ struct dns_reply *r;
+ struct resource_record **rr;
+
+ r = (struct dns_reply*)malloc(sizeof(struct dns_reply));
+ memset(r, 0, sizeof(struct dns_reply));
+
+ p = data;
+ memcpy(&r->h, p, sizeof(HEADER));
+ p += sizeof(HEADER);
+ status = dn_expand(data, data + len, p, host, sizeof(host));
+ if(status < 0){
+ dns_free_data(r);
+ return NULL;
+ }
+ r->q.domain = strdup(host);
+ p += status;
+ r->q.type = (p[0] << 8 | p[1]);
+ p += 2;
+ r->q.class = (p[0] << 8 | p[1]);
+ p += 2;
+ rr = &r->head;
+ while(p < data + len){
+ int type, class, ttl, size;
+ status = dn_expand(data, data + len, p, host, sizeof(host));
+ if(status < 0){
+ dns_free_data(r);
+ return NULL;
+ }
+ p += status;
+ type = (p[0] << 8) | p[1];
+ p += 2;
+ class = (p[0] << 8) | p[1];
+ p += 2;
+ ttl = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
+ p += 4;
+ size = (p[0] << 8) | p[1];
+ p += 2;
+ *rr = (struct resource_record*)calloc(1,
+ sizeof(struct resource_record));
+ (*rr)->domain = strdup(host);
+ (*rr)->type = type;
+ (*rr)->class = class;
+ (*rr)->ttl = ttl;
+ (*rr)->size = size;
+ switch(type){
+ case T_NS:
+ case T_CNAME:
+ case T_PTR:
+ status = dn_expand(data, data + len, p, host, sizeof(host));
+ if(status < 0){
+ dns_free_data(r);
+ return NULL;
+ }
+ (*rr)->u.txt = strdup(host);
+ break;
+ case T_MX:
+ case T_AFSDB:{
+ status = dn_expand(data, data + len, p + 2, host, sizeof(host));
+ if(status < 0){
+ dns_free_data(r);
+ return NULL;
+ }
+ (*rr)->u.mx = (struct mx_record*)malloc(sizeof(struct mx_record) +
+ strlen(host));
+ (*rr)->u.mx->preference = (p[0] << 8) | p[1];
+ strcpy((*rr)->u.mx->domain, host);
+ break;
+ }
+ case T_SRV:{
+ status = dn_expand(data, data + len, p + 6, host, sizeof(host));
+ if(status < 0){
+ dns_free_data(r);
+ return NULL;
+ }
+ (*rr)->u.srv =
+ (struct srv_record*)malloc(sizeof(struct srv_record) +
+ strlen(host));
+ (*rr)->u.srv->priority = (p[0] << 8) | p[1];
+ (*rr)->u.srv->weight = (p[2] << 8) | p[3];
+ (*rr)->u.srv->port = (p[4] << 8) | p[5];
+ strcpy((*rr)->u.srv->target, host);
+ break;
+ }
+ case T_TXT:{
+ (*rr)->u.txt = (char*)malloc(size + 1);
+ strncpy((*rr)->u.txt, (char*)p + 1, *p);
+ (*rr)->u.txt[*p] = 0;
+ break;
+ }
+
+ default:
+ (*rr)->u.data = (unsigned char*)malloc(size);
+ memcpy((*rr)->u.data, p, size);
+ }
+ p += size;
+ rr = &(*rr)->next;
+ }
+ *rr = NULL;
+ return r;
+}
+
+
+
+struct dns_reply *
+dns_lookup(const char *domain, const char *type_name)
+{
+ unsigned char reply[1024];
+ int len;
+ int type;
+ struct dns_reply *r = NULL;
+
+ type = string_to_type(type_name);
+ len = res_search(domain, C_IN, type, reply, sizeof(reply));
+ if(len >= 0)
+ r = parse_reply(reply, len);
+ return r;
+}
+
+#else /* defined(HAVE_RES_SEARCH) && defined(HAVE_DN_EXPAND) */
+
+struct dns_reply *
+dns_lookup(const char *domain, const char *type_name)
+{
+ return NULL;
+}
+
+void
+dns_free_data(struct dns_reply *r)
+{
+}
+
+#endif
+
+#ifdef TEST
+
+int
+main(int argc, char **argv)
+{
+ struct dns_reply *r;
+ struct resource_record *rr;
+ r = dns_lookup(argv[1], argv[2]);
+ if(r == NULL){
+ printf("No reply.\n");
+ return 1;
+ }
+ for(rr = r->head; rr;rr=rr->next){
+ printf("%s %s %d ", rr->domain, type_to_string(rr->type), rr->ttl);
+ switch(rr->type){
+ case T_NS:
+ printf("%s\n", (char*)rr->data);
+ break;
+ case T_A:
+ printf("%d.%d.%d.%d\n",
+ ((unsigned char*)rr->data)[0],
+ ((unsigned char*)rr->data)[1],
+ ((unsigned char*)rr->data)[2],
+ ((unsigned char*)rr->data)[3]);
+ break;
+ case T_MX:
+ case T_AFSDB:{
+ struct mx_record *mx = (struct mx_record*)rr->data;
+ printf("%d %s\n", mx->preference, mx->domain);
+ break;
+ }
+ case T_SRV:{
+ struct srv_record *srv = (struct srv_record*)rr->data;
+ printf("%d %d %d %s\n", srv->priority, srv->weight,
+ srv->port, srv->target);
+ break;
+ }
+ default:
+ printf("\n");
+ break;
+ }
+ }
+
+ return 0;
+}
+#endif
diff --git a/crypto/kerberosIV/lib/krb/resolve.h b/crypto/kerberosIV/lib/krb/resolve.h
new file mode 100644
index 0000000..dac9993
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/resolve.h
@@ -0,0 +1,110 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: resolve.h,v 1.5 1997/05/14 17:41:25 joda Exp $ */
+
+/* THIS IS NOT (yet) A PUBLIC INTERFACE */
+
+
+#ifndef __RESOLVE_H__
+#define __RESOLVE_H__
+
+/* We use these, but they are not always present in <arpa/nameser.h> */
+
+#ifndef T_TXT
+#define T_TXT 16
+#endif
+#ifndef T_AFSDB
+#define T_AFSDB 18
+#endif
+#ifndef T_SRV
+#define T_SRV 33
+#endif
+
+struct dns_query{
+ char *domain;
+ unsigned type;
+ unsigned class;
+};
+
+struct mx_record{
+ unsigned preference;
+ char domain[1];
+};
+
+struct srv_record{
+ unsigned priority;
+ unsigned weight;
+ unsigned port;
+ char target[1];
+};
+
+struct resource_record{
+ char *domain;
+ unsigned type;
+ unsigned class;
+ unsigned ttl;
+ unsigned size;
+ union {
+ void *data;
+ struct mx_record *mx;
+ struct mx_record *afsdb; /* mx and afsdb are identical */
+ struct srv_record *srv;
+ struct in_addr *a;
+ char *txt;
+ }u;
+ struct resource_record *next;
+};
+
+
+#ifndef HAVE_ARPA_NAMESER_H /* XXX */
+typedef int HEADER; /* will never be used */
+#endif
+
+struct dns_reply{
+ HEADER h;
+ struct dns_query q;
+ struct resource_record *head;
+};
+
+
+struct dns_reply* dns_lookup(const char *, const char *);
+
+void dns_free_data(struct dns_reply *r);
+
+#endif /* __RESOLVE_H__ */
diff --git a/crypto/kerberosIV/lib/krb/rw.c b/crypto/kerberosIV/lib/krb/rw.c
new file mode 100644
index 0000000..4b136aa
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/rw.c
@@ -0,0 +1,128 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* Almost all programs use these routines (implicitly) so it's a good
+ * place to put the version string. */
+
+#include "version.h"
+
+#include "krb_locl.h"
+
+RCSID("$Id: rw.c,v 1.8 1997/04/01 08:18:44 joda Exp $");
+
+int
+krb_get_int(void *f, u_int32_t *to, int size, int lsb)
+{
+ int i;
+ unsigned char *from = (unsigned char *)f;
+
+ *to = 0;
+ if(lsb){
+ for(i = size-1; i >= 0; i--)
+ *to = (*to << 8) | from[i];
+ }else{
+ for(i = 0; i < size; i++)
+ *to = (*to << 8) | from[i];
+ }
+ return size;
+}
+
+int
+krb_put_int(u_int32_t from, void *to, int size)
+{
+ int i;
+ unsigned char *p = (unsigned char *)to;
+ for(i = size - 1; i >= 0; i--){
+ p[i] = from & 0xff;
+ from >>= 8;
+ }
+ return size;
+}
+
+
+/* addresses are always sent in network byte order */
+
+int
+krb_get_address(void *from, u_int32_t *to)
+{
+ unsigned char *p = (unsigned char*)from;
+ *to = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]);
+ return 4;
+}
+
+int
+krb_put_address(u_int32_t addr, void *to)
+{
+ return krb_put_int(ntohl(addr), to, 4);
+}
+
+int
+krb_put_string(char *from, void *to)
+{
+ strcpy((char *)to, from);
+ return strlen(from) + 1;
+}
+
+int
+krb_get_string(void *from, char *to)
+{
+ return krb_put_string(from, to);
+}
+
+int
+krb_get_nir(void *from, char *name, char *instance, char *realm)
+{
+ char *p = (char *)from;
+
+ p += krb_get_string(p, name);
+ p += krb_get_string(p, instance);
+ if(realm)
+ p += krb_get_string(p, realm);
+ return p - (char *)from;
+}
+
+int
+krb_put_nir(char *name, char *instance, char *realm, void *to)
+{
+ char *p = (char *)to;
+ p += krb_put_string(name, p);
+ p += krb_put_string(instance, p);
+ if(realm)
+ p += krb_put_string(realm, p);
+ return p - (char *)to;
+}
diff --git a/crypto/kerberosIV/lib/krb/save_credentials.c b/crypto/kerberosIV/lib/krb/save_credentials.c
new file mode 100644
index 0000000..cfd6c07
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/save_credentials.c
@@ -0,0 +1,59 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: save_credentials.c,v 1.5 1997/03/23 03:53:17 joda Exp $");
+
+/*
+ * This routine takes a ticket and associated info and calls
+ * tf_save_cred() to store them in the ticket cache. The peer
+ * routine for extracting a ticket and associated info from the
+ * ticket cache is krb_get_cred(). When changes are made to
+ * this routine, the corresponding changes should be made
+ * in krb_get_cred() as well.
+ *
+ * Returns KSUCCESS if all goes well, otherwise an error returned
+ * by the tf_init() or tf_save_cred() routines.
+ */
+
+int
+save_credentials(char *service, /* Service name */
+ char *instance, /* Instance */
+ char *realm, /* Auth domain */
+ unsigned char *session, /* Session key */
+ int lifetime, /* Lifetime */
+ int kvno, /* Key version number */
+ KTEXT ticket, /* The ticket itself */
+ int32_t issue_date) /* The issue time */
+{
+ int tf_status; /* return values of the tf_util calls */
+
+ /* Open and lock the ticket file for writing */
+ if ((tf_status = tf_init(TKT_FILE, W_TKT_FIL)) != KSUCCESS)
+ return(tf_status);
+
+ /* Save credentials by appending to the ticket file */
+ tf_status = tf_save_cred(service, instance, realm, session,
+ lifetime, kvno, ticket, issue_date);
+ tf_close();
+ return (tf_status);
+}
diff --git a/crypto/kerberosIV/lib/krb/send_to_kdc.c b/crypto/kerberosIV/lib/krb/send_to_kdc.c
new file mode 100644
index 0000000..828b34d
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/send_to_kdc.c
@@ -0,0 +1,251 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: send_to_kdc.c,v 1.39 1997/05/15 21:02:31 joda Exp $");
+
+struct host {
+ struct sockaddr_in addr;
+ int proto;
+};
+
+static const char *prog = "send_to_kdc";
+static send_recv(KTEXT pkt, KTEXT rpkt, int f,
+ struct sockaddr_in *_to, struct host *addrs,
+ int h_hosts);
+
+/*
+ * This file contains two routines, send_to_kdc() and send_recv().
+ * send_recv() is a static routine used by send_to_kdc().
+ */
+
+/*
+ * send_to_kdc() sends a message to the Kerberos authentication
+ * server(s) in the given realm and returns the reply message.
+ * The "pkt" argument points to the message to be sent to Kerberos;
+ * the "rpkt" argument will be filled in with Kerberos' reply.
+ * The "realm" argument indicates the realm of the Kerberos server(s)
+ * to transact with. If the realm is null, the local realm is used.
+ *
+ * If more than one Kerberos server is known for a given realm,
+ * different servers will be queried until one of them replies.
+ * Several attempts (retries) are made for each server before
+ * giving up entirely.
+ *
+ * If an answer was received from a Kerberos host, KSUCCESS is
+ * returned. The following errors can be returned:
+ *
+ * SKDC_CANT - can't get local realm
+ * - can't find "kerberos" in /etc/services database
+ * - can't open socket
+ * - can't bind socket
+ * - all ports in use
+ * - couldn't find any Kerberos host
+ *
+ * SKDC_RETRY - couldn't get an answer from any Kerberos server,
+ * after several retries
+ */
+
+int
+send_to_kdc(KTEXT pkt, KTEXT rpkt, char *realm)
+{
+ int i;
+ int no_host; /* was a kerberos host found? */
+ int retry;
+ int n_hosts;
+ int retval;
+ struct hostent *host;
+ char lrealm[REALM_SZ];
+ struct krb_host *k_host;
+ struct host *hosts = malloc(sizeof(*hosts));
+
+ if (hosts == NULL)
+ return SKDC_CANT;
+
+ /*
+ * If "realm" is non-null, use that, otherwise get the
+ * local realm.
+ */
+ if (realm)
+ strcpy(lrealm, realm);
+ else
+ if (krb_get_lrealm(lrealm,1)) {
+ if (krb_debug)
+ krb_warning("%s: can't get local realm\n", prog);
+ return(SKDC_CANT);
+ }
+ if (krb_debug)
+ krb_warning("lrealm is %s\n", lrealm);
+
+ no_host = 1;
+ /* get an initial allocation */
+ n_hosts = 0;
+ for (i = 1; (k_host = krb_get_host(i, lrealm, 0)); ++i) {
+ char *p;
+
+ if (krb_debug)
+ krb_warning("Getting host entry for %s...", k_host->host);
+ host = gethostbyname(k_host->host);
+ if (krb_debug) {
+ krb_warning("%s.\n",
+ host ? "Got it" : "Didn't get it");
+ }
+ if (!host)
+ continue;
+ no_host = 0; /* found at least one */
+ while ((p = *(host->h_addr_list)++)) {
+ hosts = realloc(hosts, sizeof(*hosts) * (n_hosts + 1));
+ if (hosts == NULL)
+ return SKDC_CANT;
+ memset (&hosts[n_hosts].addr, 0, sizeof(hosts[n_hosts].addr));
+ hosts[n_hosts].addr.sin_family = host->h_addrtype;
+ hosts[n_hosts].addr.sin_port = htons(k_host->port);
+ hosts[n_hosts].proto = k_host->proto;
+ memcpy(&hosts[n_hosts].addr.sin_addr, p,
+ sizeof(hosts[n_hosts].addr.sin_addr));
+ ++n_hosts;
+ if (send_recv(pkt, rpkt, hosts[n_hosts-1].proto,
+ &hosts[n_hosts-1].addr, hosts, n_hosts)) {
+ retval = KSUCCESS;
+ goto rtn;
+ }
+ if (krb_debug) {
+ krb_warning("Timeout, error, or wrong descriptor\n");
+ }
+ }
+ }
+ if (no_host) {
+ if (krb_debug)
+ krb_warning("%s: can't find any Kerberos host.\n",
+ prog);
+ retval = SKDC_CANT;
+ goto rtn;
+ }
+ /* retry each host in sequence */
+ for (retry = 0; retry < CLIENT_KRB_RETRY; ++retry) {
+ for (i = 0; i < n_hosts; ++i) {
+ if (send_recv(pkt, rpkt,
+ hosts[i].proto,
+ &hosts[i].addr,
+ hosts,
+ n_hosts)) {
+ retval = KSUCCESS;
+ goto rtn;
+ }
+ }
+ }
+ retval = SKDC_RETRY;
+rtn:
+ free(hosts);
+ return(retval);
+}
+
+/*
+ * try to send out and receive message.
+ * return 1 on success, 0 on failure
+ */
+
+static int
+send_recv_it(KTEXT pkt, KTEXT rpkt, int stream, int f,
+ struct sockaddr_in *_to, struct host *addrs, int n_hosts)
+{
+ fd_set readfds;
+ int numsent;
+
+ /* CLIENT_KRB_TIMEOUT indicates the time to wait before
+ * retrying a server. It's defined in "krb.h".
+ */
+ struct timeval timeout;
+ timeout.tv_sec = CLIENT_KRB_TIMEOUT;
+ timeout.tv_usec = 0;
+
+ if (krb_debug) {
+ if (_to->sin_family == AF_INET)
+ krb_warning("Sending message to %s...",
+ inet_ntoa(_to->sin_addr));
+ else
+ krb_warning("Sending message...");
+ }
+ if(stream){
+ unsigned char tmp[4];
+ krb_put_int(pkt->length, tmp, 4);
+ if((numsent = send(f, tmp, 4, 0)) != 4){
+ if (krb_debug)
+ krb_warning("sent only %d/%d\n", numsent, 4);
+ return 0;
+ }
+ }
+ if ((numsent = send(f, pkt->dat, pkt->length, 0)) != pkt->length) {
+ if (krb_debug)
+ krb_warning("sent only %d/%d\n",numsent, pkt->length);
+ return 0;
+ }
+ if (krb_debug)
+ krb_warning("Sent\nWaiting for reply...");
+ FD_ZERO(&readfds);
+ FD_SET(f, &readfds);
+ /* select - either recv is ready, or timeout */
+ /* see if timeout or error or wrong descriptor */
+ if (select(f + 1, &readfds, 0, 0, &timeout) < 1
+ || !FD_ISSET(f, &readfds)) {
+ if (krb_debug)
+ krb_warning("select failed: errno = %d", errno);
+ return 0;
+ }
+ if(stream){
+ if(krb_net_read(f, rpkt->dat, sizeof(rpkt->dat)) <= 0)
+ return 0;
+ }else{
+ if (recv (f, rpkt->dat, sizeof(rpkt->dat), 0) < 0) {
+ if (krb_debug)
+ krb_warning("recvfrom: errno = %d\n", errno);
+ return 0;
+ }
+ }
+ return 1;
+}
+
+static int
+send_recv(KTEXT pkt, KTEXT rpkt, int proto, struct sockaddr_in *_to,
+ struct host *addrs, int n_hosts)
+{
+ int f;
+ int ret = 0;
+ if(proto == IPPROTO_UDP)
+ f = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+ else if(proto == IPPROTO_TCP)
+ f = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+ else{
+ krb_warning("Unknown protocol `%d'.\n", proto);
+ return 0;
+ }
+
+ if(connect(f, (struct sockaddr*)_to, sizeof(*_to)) < 0)
+ krb_warning("Connecting socket: errno = %d\n", errno);
+ else
+ ret = send_recv_it(pkt, rpkt, proto == IPPROTO_TCP, f,
+ _to, addrs, n_hosts);
+
+ close(f);
+ return ret;
+}
+
diff --git a/crypto/kerberosIV/lib/krb/sendauth.c b/crypto/kerberosIV/lib/krb/sendauth.c
new file mode 100644
index 0000000..4240bcf
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/sendauth.c
@@ -0,0 +1,163 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: sendauth.c,v 1.15 1997/04/18 14:11:36 joda Exp $");
+
+/*
+ * krb_sendauth() transmits a ticket over a file descriptor for a
+ * desired service, instance, and realm, doing mutual authentication
+ * with the server if desired.
+ */
+
+/*
+ * The first argument to krb_sendauth() contains a bitfield of
+ * options (the options are defined in "krb.h"):
+ *
+ * KOPT_DONT_CANON Don't canonicalize instance as a hostname.
+ * (If this option is not chosen, krb_get_phost()
+ * is called to canonicalize it.)
+ *
+ * KOPT_DONT_MK_REQ Don't request server ticket from Kerberos.
+ * A ticket must be supplied in the "ticket"
+ * argument.
+ * (If this option is not chosen, and there
+ * is no ticket for the given server in the
+ * ticket cache, one will be fetched using
+ * krb_mk_req() and returned in "ticket".)
+ *
+ * KOPT_DO_MUTUAL Do mutual authentication, requiring that the
+ * receiving server return the checksum+1 encrypted
+ * in the session key. The mutual authentication
+ * is done using krb_mk_priv() on the other side
+ * (see "recvauth.c") and krb_rd_priv() on this
+ * side.
+ *
+ * The "fd" argument is a file descriptor to write to the remote
+ * server on. The "ticket" argument is used to store the new ticket
+ * from the krb_mk_req() call. If the KOPT_DONT_MK_REQ options is
+ * chosen, the ticket must be supplied in the "ticket" argument.
+ * The "service", "inst", and "realm" arguments identify the ticket.
+ * If "realm" is null, the local realm is used.
+ *
+ * The following arguments are only needed if the KOPT_DO_MUTUAL option
+ * is chosen:
+ *
+ * The "checksum" argument is a number that the server will add 1 to
+ * to authenticate itself back to the client; the "msg_data" argument
+ * holds the returned mutual-authentication message from the server
+ * (i.e., the checksum+1); the "cred" structure is used to hold the
+ * session key of the server, extracted from the ticket file, for use
+ * in decrypting the mutual authentication message from the server;
+ * and "schedule" holds the key schedule for that decryption. The
+ * the local and server addresses are given in "laddr" and "faddr".
+ *
+ * The application protocol version number (of up to KRB_SENDAUTH_VLEN
+ * characters) is passed in "version".
+ *
+ * If all goes well, KSUCCESS is returned, otherwise some error code.
+ *
+ * The format of the message sent to the server is:
+ *
+ * Size Variable Field
+ * ---- -------- -----
+ *
+ * KRB_SENDAUTH_VLEN KRB_SENDAUTH_VER sendauth protocol
+ * bytes version number
+ *
+ * KRB_SENDAUTH_VLEN version application protocol
+ * bytes version number
+ *
+ * 4 bytes ticket->length length of ticket
+ *
+ * ticket->length ticket->dat ticket itself
+ */
+
+int
+krb_sendauth(int32_t options, /* bit-pattern of options */
+ int fd, /* file descriptor to write onto */
+ KTEXT ticket, /* where to put ticket (return); or
+ * supplied in case of KOPT_DONT_MK_REQ */
+ char *service, /* service name, instance, realm */
+ char *instance,
+ char *realm,
+ u_int32_t checksum, /* checksum to include in request */
+ MSG_DAT *msg_data, /* mutual auth MSG_DAT (return) */
+ CREDENTIALS *cred, /* credentials (return) */
+ struct des_ks_struct *schedule, /* key schedule (return) */
+ struct sockaddr_in *laddr, /* local address */
+ struct sockaddr_in *faddr, /* address of foreign host on fd */
+ char *version) /* version string */
+{
+ int ret;
+ KTEXT_ST buf;
+ char realrealm[REALM_SZ];
+
+ if (realm == NULL) {
+ ret = krb_get_lrealm (realrealm, 1);
+ if (ret != KSUCCESS)
+ return ret;
+ realm = realrealm;
+ }
+ ret = krb_mk_auth (options, ticket, service, instance, realm, checksum,
+ version, &buf);
+ if (ret != KSUCCESS)
+ return ret;
+ ret = krb_net_write(fd, buf.dat, buf.length);
+ if(ret < 0)
+ return -1;
+
+ if (options & KOPT_DO_MUTUAL) {
+ char tmp[4];
+ u_int32_t len;
+ char inst[INST_SZ];
+
+ ret = krb_net_read (fd, tmp, 4);
+ if (ret < 0)
+ return -1;
+
+ krb_get_int (tmp, &len, 4, 0);
+ if (len == 0xFFFFFFFF || len > sizeof(buf.dat))
+ return KFAILURE;
+ buf.length = len;
+ ret = krb_net_read (fd, buf.dat, len);
+ if (ret < 0)
+ return -1;
+
+ if (options & KOPT_DONT_CANON)
+ strncpy (inst, instance, sizeof(inst));
+ else
+ strncpy (inst, krb_get_phost(instance), sizeof(inst));
+
+ ret = krb_get_cred (service, inst, realm, cred);
+ if (ret != KSUCCESS)
+ return ret;
+
+ des_key_sched(&cred->session, schedule);
+
+ ret = krb_check_auth (&buf, checksum, msg_data, &cred->session,
+ schedule, laddr, faddr);
+ if (ret != KSUCCESS)
+ return ret;
+ }
+ return KSUCCESS;
+}
diff --git a/crypto/kerberosIV/lib/krb/sizetest.c b/crypto/kerberosIV/lib/krb/sizetest.c
new file mode 100644
index 0000000..d64bbeb
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/sizetest.c
@@ -0,0 +1,41 @@
+#include "krb_locl.h"
+
+RCSID("$Id: sizetest.c,v 1.5 1996/11/15 18:39:19 bg Exp $");
+
+static
+void
+err(const char *msg)
+{
+ fputs(msg, stderr);
+ exit(1);
+}
+
+int
+main()
+{
+ if (sizeof(u_int8_t) < 1)
+ err("sizeof(u_int8_t) is smaller than 1 byte\n");
+ if (sizeof(u_int16_t) < 2)
+ err("sizeof(u_int16_t) is smaller than 2 bytes\n");
+ if (sizeof(u_int32_t) < 4)
+ err("sizeof(u_int32_t) is smaller than 4 bytes\n");
+
+ if (sizeof(u_int8_t) > 1)
+ fputs("warning: sizeof(u_int8_t) is larger than 1 byte, "
+ "some stuff may not work properly!\n", stderr);
+
+ {
+ u_int8_t u = 1;
+ int i;
+ for (i = 0; u != 0 && i < 100; i++)
+ u <<= 1;
+
+ if (i < 8)
+ err("u_int8_t is smaller than 8 bits\n");
+ else if (i > 8)
+ fputs("warning: u_int8_t is larger than 8 bits, "
+ "some stuff may not work properly!\n", stderr);
+ }
+
+ exit(0);
+}
diff --git a/crypto/kerberosIV/lib/krb/stime.c b/crypto/kerberosIV/lib/krb/stime.c
new file mode 100644
index 0000000..ec57d8f
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/stime.c
@@ -0,0 +1,35 @@
+/*
+ * $Id: stime.c,v 1.6 1997/05/02 14:29:20 assar Exp $
+ *
+ * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
+ * of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: stime.c,v 1.6 1997/05/02 14:29:20 assar Exp $");
+
+/*
+ * Given a pointer to a long containing the number of seconds
+ * since the beginning of time (midnight 1 Jan 1970 GMT), return
+ * a string containing the local time in the form:
+ *
+ * "25-Jan-1988 10:17:56"
+ */
+
+const char *
+krb_stime(time_t *t)
+{
+ static char st[40];
+ struct tm *tm;
+
+ tm = localtime(t);
+ snprintf(st, sizeof(st),
+ "%2d-%s-%04d %02d:%02d:%02d",tm->tm_mday,
+ month_sname(tm->tm_mon + 1),tm->tm_year + 1900,
+ tm->tm_hour, tm->tm_min, tm->tm_sec);
+ return st;
+}
diff --git a/crypto/kerberosIV/lib/krb/str2key.c b/crypto/kerberosIV/lib/krb/str2key.c
new file mode 100644
index 0000000..2b00fc1
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/str2key.c
@@ -0,0 +1,103 @@
+/* This defines the Andrew string_to_key function. It accepts a password
+ * string as input and converts its via a one-way encryption algorithm to a DES
+ * encryption key. It is compatible with the original Andrew authentication
+ * service password database.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: str2key.c,v 1.10 1997/03/23 03:53:19 joda Exp $");
+
+static void
+mklower(char *s)
+{
+ for (; *s; s++)
+ if ('A' <= *s && *s <= 'Z')
+ *s = *s - 'A' + 'a';
+}
+
+/*
+ * Short passwords, i.e 8 characters or less.
+ */
+static void
+afs_cmu_StringToKey (char *str, char *cell, des_cblock *key)
+{
+ char password[8+1]; /* crypt is limited to 8 chars anyway */
+ int i;
+ int passlen;
+
+ memset (key, 0, sizeof(key));
+ memset(password, 0, sizeof(password));
+
+ strncpy (password, cell, 8);
+ passlen = strlen (str);
+ if (passlen > 8) passlen = 8;
+
+ for (i=0; i<passlen; i++)
+ password[i] = str[i] ^ cell[i]; /* make sure cell is zero padded */
+
+ for (i=0; i<8; i++)
+ if (password[i] == '\0') password[i] = 'X';
+
+ /* crypt only considers the first 8 characters of password but for some
+ reason returns eleven characters of result (plus the two salt chars). */
+ strncpy((char *)key, (char *)crypt(password, "#~") + 2, sizeof(des_cblock));
+
+ /* parity is inserted into the LSB so leftshift each byte up one bit. This
+ allows ascii characters with a zero MSB to retain as much significance
+ as possible. */
+ { char *keybytes = (char *)key;
+ unsigned int temp;
+
+ for (i = 0; i < 8; i++) {
+ temp = (unsigned int) keybytes[i];
+ keybytes[i] = (unsigned char) (temp << 1);
+ }
+ }
+ des_fixup_key_parity (key);
+}
+
+/*
+ * Long passwords, i.e 9 characters or more.
+ */
+static void
+afs_transarc_StringToKey (char *str, char *cell, des_cblock *key)
+{
+ des_key_schedule schedule;
+ des_cblock temp_key;
+ des_cblock ivec;
+ char password[512];
+ int passlen;
+
+ strncpy (password, str, sizeof(password));
+ if ((passlen = strlen (password)) < sizeof(password)-1)
+ strncat (password, cell, sizeof(password)-passlen);
+ if ((passlen = strlen(password)) > sizeof(password)) passlen = sizeof(password);
+
+ memcpy(&ivec, "kerberos", 8);
+ memcpy(&temp_key, "kerberos", 8);
+ des_fixup_key_parity (&temp_key);
+ des_key_sched (&temp_key, schedule);
+ des_cbc_cksum ((des_cblock *)password, &ivec, passlen, schedule, &ivec);
+
+ memcpy(&temp_key, &ivec, 8);
+ des_fixup_key_parity (&temp_key);
+ des_key_sched (&temp_key, schedule);
+ des_cbc_cksum ((des_cblock *)password, key, passlen, schedule, &ivec);
+
+ des_fixup_key_parity (key);
+}
+
+void
+afs_string_to_key(char *str, char *cell, des_cblock *key)
+{
+ char realm[REALM_SZ+1];
+ strncpy(realm, cell, REALM_SZ);
+ realm[REALM_SZ] = 0;
+ mklower(realm);
+
+ if (strlen(str) > 8)
+ afs_transarc_StringToKey (str, realm, key);
+ else
+ afs_cmu_StringToKey (str, realm, key);
+}
diff --git a/crypto/kerberosIV/lib/krb/swab.c b/crypto/kerberosIV/lib/krb/swab.c
new file mode 100644
index 0000000..d68ce3d
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/swab.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: swab.c,v 1.4 1997/04/01 08:18:45 joda Exp $");
+#endif
+
+#ifndef HAVE_SWAB
+void
+swab (char *from, char *to, int nbytes)
+{
+ while(nbytes >= 2) {
+ *(to + 1) = *from;
+ *to = *(from + 1);
+ to += 2;
+ from += 2;
+ nbytes -= 2;
+ }
+}
+#endif
diff --git a/crypto/kerberosIV/lib/krb/tf_util.c b/crypto/kerberosIV/lib/krb/tf_util.c
new file mode 100644
index 0000000..a196448
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/tf_util.c
@@ -0,0 +1,645 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: tf_util.c,v 1.24 1997/04/20 06:24:32 assar Exp $");
+
+
+#define TOO_BIG -1
+#define TF_LCK_RETRY ((unsigned)2) /* seconds to sleep before
+ * retry if ticket file is
+ * locked */
+#define TF_LCK_RETRY_COUNT (50) /* number of retries */
+
+#ifndef O_BINARY
+#define O_BINARY 0
+#endif
+
+/*
+ * fd must be initialized to something that won't ever occur as a real
+ * file descriptor. Since open(2) returns only non-negative numbers as
+ * valid file descriptors, and tf_init always stuffs the return value
+ * from open in here even if it is an error flag, we must
+ * a. Initialize fd to a negative number, to indicate that it is
+ * not initially valid.
+ * b. When checking for a valid fd, assume that negative values
+ * are invalid (ie. when deciding whether tf_init has been
+ * called.)
+ * c. In tf_close, be sure it gets reinitialized to a negative
+ * number.
+ */
+static int fd = -1;
+static int curpos; /* Position in tfbfr */
+static int lastpos; /* End of tfbfr */
+static char tfbfr[BUFSIZ]; /* Buffer for ticket data */
+
+static int tf_gets(char *s, int n);
+static int tf_read(void *s, int n);
+
+/*
+ * This file contains routines for manipulating the ticket cache file.
+ *
+ * The ticket file is in the following format:
+ *
+ * principal's name (null-terminated string)
+ * principal's instance (null-terminated string)
+ * CREDENTIAL_1
+ * CREDENTIAL_2
+ * ...
+ * CREDENTIAL_n
+ * EOF
+ *
+ * Where "CREDENTIAL_x" consists of the following fixed-length
+ * fields from the CREDENTIALS structure (see "krb.h"):
+ *
+ * char service[ANAME_SZ]
+ * char instance[INST_SZ]
+ * char realm[REALM_SZ]
+ * C_Block session
+ * int lifetime
+ * int kvno
+ * KTEXT_ST ticket_st
+ * u_int32_t issue_date
+ *
+ * Short description of routines:
+ *
+ * tf_init() opens the ticket file and locks it.
+ *
+ * tf_get_pname() returns the principal's name.
+ *
+ * tf_put_pname() writes the principal's name to the ticket file.
+ *
+ * tf_get_pinst() returns the principal's instance (may be null).
+ *
+ * tf_put_pinst() writes the instance.
+ *
+ * tf_get_cred() returns the next CREDENTIALS record.
+ *
+ * tf_save_cred() appends a new CREDENTIAL record to the ticket file.
+ *
+ * tf_close() closes the ticket file and releases the lock.
+ *
+ * tf_gets() returns the next null-terminated string. It's an internal
+ * routine used by tf_get_pname(), tf_get_pinst(), and tf_get_cred().
+ *
+ * tf_read() reads a given number of bytes. It's an internal routine
+ * used by tf_get_cred().
+ */
+
+/*
+ * tf_init() should be called before the other ticket file routines.
+ * It takes the name of the ticket file to use, "tf_name", and a
+ * read/write flag "rw" as arguments.
+ *
+ * It tries to open the ticket file, checks the mode, and if everything
+ * is okay, locks the file. If it's opened for reading, the lock is
+ * shared. If it's opened for writing, the lock is exclusive.
+ *
+ * Returns KSUCCESS if all went well, otherwise one of the following:
+ *
+ * NO_TKT_FIL - file wasn't there
+ * TKT_FIL_ACC - file was in wrong mode, etc.
+ * TKT_FIL_LCK - couldn't lock the file, even after a retry
+ */
+
+int
+tf_init(char *tf_name, int rw)
+{
+ /* Unix implementation */
+ int wflag;
+ struct stat stat_buf;
+ int i_retry;
+
+ switch (rw) {
+ case R_TKT_FIL:
+ wflag = 0;
+ break;
+ case W_TKT_FIL:
+ wflag = 1;
+ break;
+ default:
+ if (krb_debug)
+ krb_warning("tf_init: illegal parameter\n");
+ return TKT_FIL_ACC;
+ }
+ if (lstat(tf_name, &stat_buf) < 0)
+ switch (errno) {
+ case ENOENT:
+ return NO_TKT_FIL;
+ default:
+ return TKT_FIL_ACC;
+ }
+ /* The old code tried to guess when the calling program was
+ * running set-uid, this is now removed - the kerberos library
+ * does not (or shouldn't) know anything about user-ids.
+
+ * All library functions now assume that the right userids are set
+ * upon entry, therefore there is no need to test permissions like
+ * before. If the file is openable, just open it.
+ */
+
+ if(!S_ISREG(stat_buf.st_mode))
+ return TKT_FIL_ACC;
+
+
+ /*
+ * If "wflag" is set, open the ticket file in append-writeonly mode
+ * and lock the ticket file in exclusive mode. If unable to lock
+ * the file, sleep and try again. If we fail again, return with the
+ * proper error message.
+ */
+
+ curpos = sizeof(tfbfr);
+
+
+ if (wflag) {
+ fd = open(tf_name, O_RDWR | O_BINARY, 0600);
+ if (fd < 0) {
+ return TKT_FIL_ACC;
+ }
+ for (i_retry = 0; i_retry < TF_LCK_RETRY_COUNT; i_retry++) {
+ if (k_flock(fd, K_LOCK_EX | K_LOCK_NB) < 0) {
+ if (krb_debug)
+ krb_warning("tf_init: retry %d of write lock of `%s'.\n",
+ i_retry, tf_name);
+ sleep (TF_LCK_RETRY);
+ } else {
+ return KSUCCESS; /* all done */
+ }
+ }
+ close (fd);
+ fd = -1;
+ return TKT_FIL_LCK;
+ }
+ /*
+ * Otherwise "wflag" is not set and the ticket file should be opened
+ * for read-only operations and locked for shared access.
+ */
+
+ fd = open(tf_name, O_RDONLY | O_BINARY, 0600);
+ if (fd < 0) {
+ return TKT_FIL_ACC;
+ }
+
+ for (i_retry = 0; i_retry < TF_LCK_RETRY_COUNT; i_retry++) {
+ if (k_flock(fd, K_LOCK_SH | K_LOCK_NB) < 0) {
+ if (krb_debug)
+ krb_warning("tf_init: retry %d of read lock of `%s'.\n",
+ i_retry, tf_name);
+ sleep (TF_LCK_RETRY);
+ } else {
+ return KSUCCESS; /* all done */
+ }
+ }
+ /* failure */
+ close(fd);
+ fd = -1;
+ return TKT_FIL_LCK;
+}
+
+/*
+ * tf_create() should be called when creating a new ticket file.
+ * The only argument is the name of the ticket file.
+ * After calling this, it should be possible to use other tf_* functions.
+ *
+ * New algoritm for creating ticket file:
+ * 1. try to erase contents of existing file.
+ * 2. try to remove old file.
+ * 3. try to open with O_CREAT and O_EXCL
+ * 4. if this fails, someone has created a file in between 1 and 2 and
+ * we should fail. Otherwise, all is wonderful.
+ */
+
+int
+tf_create(char *tf_name)
+{
+ struct stat statbuf;
+ char garbage[BUFSIZ];
+
+ fd = open(tf_name, O_RDWR | O_BINARY, 0);
+ if (fd >= 0) {
+ if (fstat (fd, &statbuf) == 0) {
+ int i;
+
+ for (i = 0; i < statbuf.st_size; i += sizeof(garbage))
+ write (fd, garbage, sizeof(garbage));
+ }
+ close (fd);
+ }
+
+ if (unlink (tf_name) && errno != ENOENT)
+ return TKT_FIL_ACC;
+
+ fd = open(tf_name, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600);
+ if (fd < 0)
+ return TKT_FIL_ACC;
+ if (k_flock(fd, K_LOCK_EX | K_LOCK_NB) < 0) {
+ sleep(TF_LCK_RETRY);
+ if (k_flock(fd, K_LOCK_EX | K_LOCK_NB) < 0) {
+ close(fd);
+ fd = -1;
+ return TKT_FIL_LCK;
+ }
+ }
+ return KSUCCESS;
+}
+
+/*
+ * tf_get_pname() reads the principal's name from the ticket file. It
+ * should only be called after tf_init() has been called. The
+ * principal's name is filled into the "p" parameter. If all goes well,
+ * KSUCCESS is returned. If tf_init() wasn't called, TKT_FIL_INI is
+ * returned. If the name was null, or EOF was encountered, or the name
+ * was longer than ANAME_SZ, TKT_FIL_FMT is returned.
+ */
+
+int
+tf_get_pname(char *p)
+{
+ if (fd < 0) {
+ if (krb_debug)
+ krb_warning("tf_get_pname called before tf_init.\n");
+ return TKT_FIL_INI;
+ }
+ if (tf_gets(p, ANAME_SZ) < 2) /* can't be just a null */
+ {
+ if (krb_debug)
+ krb_warning ("tf_get_pname: pname < 2.\n");
+ return TKT_FIL_FMT;
+ }
+ return KSUCCESS;
+}
+
+/*
+ * tf_put_pname() sets the principal's name in the ticket file. Call
+ * after tf_create().
+ */
+
+int
+tf_put_pname(char *p)
+{
+ unsigned count;
+
+ if (fd < 0) {
+ if (krb_debug)
+ krb_warning("tf_put_pname called before tf_create.\n");
+ return TKT_FIL_INI;
+ }
+ count = strlen(p)+1;
+ if (write(fd,p,count) != count)
+ return(KFAILURE);
+ return KSUCCESS;
+}
+
+/*
+ * tf_get_pinst() reads the principal's instance from a ticket file.
+ * It should only be called after tf_init() and tf_get_pname() have been
+ * called. The instance is filled into the "inst" parameter. If all
+ * goes well, KSUCCESS is returned. If tf_init() wasn't called,
+ * TKT_FIL_INI is returned. If EOF was encountered, or the instance
+ * was longer than ANAME_SZ, TKT_FIL_FMT is returned. Note that the
+ * instance may be null.
+ */
+
+int
+tf_get_pinst(char *inst)
+{
+ if (fd < 0) {
+ if (krb_debug)
+ krb_warning("tf_get_pinst called before tf_init.\n");
+ return TKT_FIL_INI;
+ }
+ if (tf_gets(inst, INST_SZ) < 1)
+ {
+ if (krb_debug)
+ krb_warning("tf_get_pinst: inst_sz < 1.\n");
+ return TKT_FIL_FMT;
+ }
+ return KSUCCESS;
+}
+
+/*
+ * tf_put_pinst writes the principal's instance to the ticket file.
+ * Call after tf_create.
+ */
+
+int
+tf_put_pinst(char *inst)
+{
+ unsigned count;
+
+ if (fd < 0) {
+ if (krb_debug)
+ krb_warning("tf_put_pinst called before tf_create.\n");
+ return TKT_FIL_INI;
+ }
+ count = strlen(inst)+1;
+ if (write(fd,inst,count) != count)
+ return(KFAILURE);
+ return KSUCCESS;
+}
+
+/*
+ * tf_get_cred() reads a CREDENTIALS record from a ticket file and fills
+ * in the given structure "c". It should only be called after tf_init(),
+ * tf_get_pname(), and tf_get_pinst() have been called. If all goes well,
+ * KSUCCESS is returned. Possible error codes are:
+ *
+ * TKT_FIL_INI - tf_init wasn't called first
+ * TKT_FIL_FMT - bad format
+ * EOF - end of file encountered
+ */
+
+int
+tf_get_cred(CREDENTIALS *c)
+{
+ KTEXT ticket = &c->ticket_st; /* pointer to ticket */
+ int k_errno;
+
+ if (fd < 0) {
+ if (krb_debug)
+ krb_warning ("tf_get_cred called before tf_init.\n");
+ return TKT_FIL_INI;
+ }
+ if ((k_errno = tf_gets(c->service, SNAME_SZ)) < 2)
+ switch (k_errno) {
+ case TOO_BIG:
+ if (krb_debug)
+ krb_warning("tf_get_cred: too big service cred.\n");
+ case 1: /* can't be just a null */
+ tf_close();
+ if (krb_debug)
+ krb_warning("tf_get_cred: null service cred.\n");
+ return TKT_FIL_FMT;
+ case 0:
+ return EOF;
+ }
+ if ((k_errno = tf_gets(c->instance, INST_SZ)) < 1)
+ switch (k_errno) {
+ case TOO_BIG:
+ if (krb_debug)
+ krb_warning ("tf_get_cred: too big instance cred.\n");
+ return TKT_FIL_FMT;
+ case 0:
+ return EOF;
+ }
+ if ((k_errno = tf_gets(c->realm, REALM_SZ)) < 2)
+ switch (k_errno) {
+ case TOO_BIG:
+ if (krb_debug)
+ krb_warning ("tf_get_cred: too big realm cred.\n");
+ case 1: /* can't be just a null */
+ tf_close();
+ if (krb_debug)
+ krb_warning ("tf_get_cred: null realm cred.\n");
+ return TKT_FIL_FMT;
+ case 0:
+ return EOF;
+ }
+ if (
+ tf_read((c->session), DES_KEY_SZ) < 1 ||
+ tf_read(&(c->lifetime), sizeof(c->lifetime)) < 1 ||
+ tf_read(&(c->kvno), sizeof(c->kvno)) < 1 ||
+ tf_read(&(ticket->length), sizeof(ticket->length))
+ < 1 ||
+ /* don't try to read a silly amount into ticket->dat */
+ ticket->length > MAX_KTXT_LEN ||
+ tf_read((ticket->dat), ticket->length) < 1 ||
+ tf_read(&(c->issue_date), sizeof(c->issue_date)) < 1
+ ) {
+ tf_close();
+ if (krb_debug)
+ krb_warning ("tf_get_cred: failed tf_read.\n");
+ return TKT_FIL_FMT;
+ }
+ return KSUCCESS;
+}
+
+/*
+ * tf_close() closes the ticket file and sets "fd" to -1. If "fd" is
+ * not a valid file descriptor, it just returns. It also clears the
+ * buffer used to read tickets.
+ *
+ * The return value is not defined.
+ */
+
+void
+tf_close(void)
+{
+ if (!(fd < 0)) {
+ k_flock(fd, K_LOCK_UN);
+ close(fd);
+ fd = -1; /* see declaration of fd above */
+ }
+ memset(tfbfr, 0, sizeof(tfbfr));
+}
+
+/*
+ * tf_gets() is an internal routine. It takes a string "s" and a count
+ * "n", and reads from the file until either it has read "n" characters,
+ * or until it reads a null byte. When finished, what has been read exists
+ * in "s". If it encounters EOF or an error, it closes the ticket file.
+ *
+ * Possible return values are:
+ *
+ * n the number of bytes read (including null terminator)
+ * when all goes well
+ *
+ * 0 end of file or read error
+ *
+ * TOO_BIG if "count" characters are read and no null is
+ * encountered. This is an indication that the ticket
+ * file is seriously ill.
+ */
+
+static int
+tf_gets(char *s, int n)
+{
+ int count;
+
+ if (fd < 0) {
+ if (krb_debug)
+ krb_warning ("tf_gets called before tf_init.\n");
+ return TKT_FIL_INI;
+ }
+ for (count = n - 1; count > 0; --count) {
+ if (curpos >= sizeof(tfbfr)) {
+ lastpos = read(fd, tfbfr, sizeof(tfbfr));
+ curpos = 0;
+ }
+ if (curpos == lastpos) {
+ tf_close();
+ return 0;
+ }
+ *s = tfbfr[curpos++];
+ if (*s++ == '\0')
+ return (n - count);
+ }
+ tf_close();
+ return TOO_BIG;
+}
+
+/*
+ * tf_read() is an internal routine. It takes a string "s" and a count
+ * "n", and reads from the file until "n" bytes have been read. When
+ * finished, what has been read exists in "s". If it encounters EOF or
+ * an error, it closes the ticket file.
+ *
+ * Possible return values are:
+ *
+ * n the number of bytes read when all goes well
+ *
+ * 0 on end of file or read error
+ */
+
+static int
+tf_read(void *v, int n)
+{
+ char *s = (char *)v;
+ int count;
+
+ for (count = n; count > 0; --count) {
+ if (curpos >= sizeof(tfbfr)) {
+ lastpos = read(fd, tfbfr, sizeof(tfbfr));
+ curpos = 0;
+ }
+ if (curpos == lastpos) {
+ tf_close();
+ return 0;
+ }
+ *s++ = tfbfr[curpos++];
+ }
+ return n;
+}
+
+/*
+ * tf_save_cred() appends an incoming ticket to the end of the ticket
+ * file. You must call tf_init() before calling tf_save_cred().
+ *
+ * The "service", "instance", and "realm" arguments specify the
+ * server's name; "session" contains the session key to be used with
+ * the ticket; "kvno" is the server key version number in which the
+ * ticket is encrypted, "ticket" contains the actual ticket, and
+ * "issue_date" is the time the ticket was requested (local host's time).
+ *
+ * Returns KSUCCESS if all goes well, TKT_FIL_INI if tf_init() wasn't
+ * called previously, and KFAILURE for anything else that went wrong.
+ */
+
+int
+tf_save_cred(char *service, /* Service name */
+ char *instance, /* Instance */
+ char *realm, /* Auth domain */
+ unsigned char *session, /* Session key */
+ int lifetime, /* Lifetime */
+ int kvno, /* Key version number */
+ KTEXT ticket, /* The ticket itself */
+ u_int32_t issue_date) /* The issue time */
+{
+ int count; /* count for write */
+
+ if (fd < 0) { /* fd is ticket file as set by tf_init */
+ if (krb_debug)
+ krb_warning ("tf_save_cred called before tf_init.\n");
+ return TKT_FIL_INI;
+ }
+ /* Find the end of the ticket file */
+ lseek(fd, 0L, SEEK_END);
+
+ /* Write the ticket and associated data */
+ /* Service */
+ count = strlen(service) + 1;
+ if (write(fd, service, count) != count)
+ goto bad;
+ /* Instance */
+ count = strlen(instance) + 1;
+ if (write(fd, instance, count) != count)
+ goto bad;
+ /* Realm */
+ count = strlen(realm) + 1;
+ if (write(fd, realm, count) != count)
+ goto bad;
+ /* Session key */
+ if (write(fd, session, 8) != 8)
+ goto bad;
+ /* Lifetime */
+ if (write(fd, &lifetime, sizeof(int)) != sizeof(int))
+ goto bad;
+ /* Key vno */
+ if (write(fd, &kvno, sizeof(int)) != sizeof(int))
+ goto bad;
+ /* Tkt length */
+ if (write(fd, &(ticket->length), sizeof(int)) !=
+ sizeof(int))
+ goto bad;
+ /* Ticket */
+ count = ticket->length;
+ if (write(fd, ticket->dat, count) != count)
+ goto bad;
+ /* Issue date */
+ if (write(fd, &issue_date, sizeof(issue_date)) != sizeof(issue_date))
+ goto bad;
+
+ return (KSUCCESS);
+bad:
+ return (KFAILURE);
+}
+
+int
+tf_setup(CREDENTIALS *cred, char *pname, char *pinst)
+{
+ int ret;
+ ret = tf_create(tkt_string());
+ if (ret != KSUCCESS)
+ return ret;
+
+ if (tf_put_pname(pname) != KSUCCESS ||
+ tf_put_pinst(pinst) != KSUCCESS) {
+ tf_close();
+ return INTK_ERR;
+ }
+
+ ret = tf_save_cred(cred->service, cred->instance, cred->realm,
+ cred->session, cred->lifetime, cred->kvno,
+ &cred->ticket_st, cred->issue_date);
+ tf_close();
+ return ret;
+}
+
+int
+in_tkt(char *pname, char *pinst)
+{
+ int ret;
+
+ ret = tf_create (tkt_string());
+ if (ret != KSUCCESS)
+ return ret;
+
+ if (tf_put_pname(pname) != KSUCCESS ||
+ tf_put_pinst(pinst) != KSUCCESS) {
+ tf_close();
+ return INTK_ERR;
+ }
+
+ tf_close();
+ return KSUCCESS;
+}
diff --git a/crypto/kerberosIV/lib/krb/ticket_memory.c b/crypto/kerberosIV/lib/krb/ticket_memory.c
new file mode 100644
index 0000000..04e20b6
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/ticket_memory.c
@@ -0,0 +1,438 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* ticket_memory.c - Storage for tickets in memory
+ * Author: d93-jka@nada.kth.se - June 1996
+ */
+
+#define WIN32_LEAN_AND_MEAN
+#include <Windows.h>
+#include "krb_locl.h"
+#include "ticket_memory.h"
+
+RCSID("$Id: ticket_memory.c,v 1.9 1997/04/20 18:07:36 assar Exp $");
+
+void msg(char *text, int error);
+
+/* Global variables for memory mapping. */
+HANDLE SharedMemoryHandle;
+tktmem *SharedMemory;
+
+static int CredIndex = -1;
+
+int
+newTktMem(const char *tf_name)
+{
+ if(!SharedMemory)
+ {
+ unsigned int MemorySize = sizeof(tktmem);
+ unsigned int MemorySizeHi = sizeof(tktmem)>>16;
+ unsigned int MemorySizeLo = MemorySize&0xFFFF;
+ SharedMemoryHandle = CreateFileMapping((HANDLE)(int)-1, 0,
+ PAGE_READWRITE,
+ MemorySizeHi, MemorySizeLo,
+ "krb_memory");
+
+ if(!SharedMemoryHandle)
+ {
+ msg("Could not create shared memory.", GetLastError());
+ return KFAILURE;
+ }
+
+ SharedMemory = MapViewOfFile(SharedMemoryHandle,
+ FILE_MAP_WRITE, 0, 0, 0);
+ if(!SharedMemory)
+ {
+ msg("Unable to alloc shared memory.", GetLastError());
+ return KFAILURE;
+ }
+ if(GetLastError() != ERROR_ALREADY_EXISTS)
+ {
+ if(tf_name)
+ strcpy(SharedMemory->tmname, tf_name);
+ SharedMemory->last_cred_no = 0;
+ }
+ }
+
+ CredIndex = 0;
+ return KSUCCESS;
+}
+
+int
+freeTktMem(const char *tf_name)
+{
+ if(SharedMemory)
+ {
+ UnmapViewOfFile(SharedMemory);
+ CloseHandle(SharedMemoryHandle);
+ }
+ return KSUCCESS;
+}
+
+
+
+tktmem *
+getTktMem(const char *tf_name)
+{
+ return SharedMemory;
+}
+
+void
+firstCred(void)
+{
+ if(getTktMem(0)->last_cred_no > 0)
+ CredIndex = 0;
+ else
+ CredIndex = -1;
+}
+
+int
+nextCredIndex(void)
+{
+ const tktmem *mem;
+ int last;
+ mem = getTktMem(0);
+ last = mem->last_cred_no;
+ if(CredIndex >= 0 && CredIndex < last )
+ return CredIndex++;
+ else
+ return CredIndex = -1;
+}
+
+int
+currCredIndex(void)
+{
+ const tktmem *mem;
+ int last;
+ mem = getTktMem(0);
+ last = mem->last_cred_no;
+ if(CredIndex >= 0 && CredIndex < last)
+ return CredIndex;
+ else
+ return CredIndex = -1;
+}
+
+int
+nextFreeIndex(void)
+{
+ tktmem *mem = getTktMem(0);
+ if(mem->last_cred_no > CRED_VEC_SZ)
+ return -1;
+ else
+ return mem->last_cred_no++;
+}
+
+/*
+ * in_tkt() is used to initialize the ticket store. It creates the
+ * file to contain the tickets and writes the given user's name "pname"
+ * and instance "pinst" in the file. in_tkt() returns KSUCCESS on
+ * success, or KFAILURE if something goes wrong.
+ */
+
+int
+in_tkt(char *pname, char *pinst)
+{
+ /* Here goes code to initialize shared memory, to store tickets in. */
+ /* Implemented somewhere else. */
+ return KFAILURE;
+}
+
+/*
+ * dest_tkt() is used to destroy the ticket store upon logout.
+ * If the ticket file does not exist, dest_tkt() returns RET_TKFIL.
+ * Otherwise the function returns RET_OK on success, KFAILURE on
+ * failure.
+ *
+ * The ticket file (TKT_FILE) is defined in "krb.h".
+ */
+
+int
+dest_tkt(void)
+{
+ /* Here goes code to destroy tickets in shared memory. */
+ /* Not implemented yet. */
+ return KFAILURE;
+}
+
+/* Short description of routines:
+ *
+ * tf_init() opens the ticket file and locks it.
+ *
+ * tf_get_pname() returns the principal's name.
+ *
+ * tf_put_pname() writes the principal's name to the ticket file.
+ *
+ * tf_get_pinst() returns the principal's instance (may be null).
+ *
+ * tf_put_pinst() writes the instance.
+ *
+ * tf_get_cred() returns the next CREDENTIALS record.
+ *
+ * tf_save_cred() appends a new CREDENTIAL record to the ticket file.
+ *
+ * tf_close() closes the ticket file and releases the lock.
+ *
+ * tf_gets() returns the next null-terminated string. It's an internal
+ * routine used by tf_get_pname(), tf_get_pinst(), and tf_get_cred().
+ *
+ * tf_read() reads a given number of bytes. It's an internal routine
+ * used by tf_get_cred().
+ */
+
+/*
+ * tf_init() should be called before the other ticket file routines.
+ * It takes the name of the ticket file to use, "tf_name", and a
+ * read/write flag "rw" as arguments.
+ *
+ * Returns KSUCCESS if all went well, otherwise one of the following:
+ *
+ * NO_TKT_FIL - file wasn't there
+ * TKT_FIL_ACC - file was in wrong mode, etc.
+ * TKT_FIL_LCK - couldn't lock the file, even after a retry
+ */
+
+int
+tf_init(char *tf_name, int rw)
+{
+ if(!getTktMem(tf_name))
+ return NO_TKT_FIL;
+ firstCred();
+ return KSUCCESS;
+}
+
+/*
+ * tf_create() should be called when creating a new ticket file.
+ * The only argument is the name of the ticket file.
+ * After calling this, it should be possible to use other tf_* functions.
+ */
+
+int
+tf_create(char *tf_name)
+{
+ if(newTktMem(tf_name) != KSUCCESS)
+ return NO_TKT_FIL;
+ return KSUCCESS;
+}
+
+/*
+ * tf_get_pname() reads the principal's name from the ticket file. It
+ * should only be called after tf_init() has been called. The
+ * principal's name is filled into the "p" parameter. If all goes well,
+ * KSUCCESS is returned. If tf_init() wasn't called, TKT_FIL_INI is
+ * returned. If the name was null, or EOF was encountered, or the name
+ * was longer than ANAME_SZ, TKT_FIL_FMT is returned.
+ */
+
+int
+tf_get_pname(char *p)
+{
+ tktmem *TktStore;
+
+ if(!(TktStore = getTktMem(0)))
+ return KFAILURE;
+ if(!TktStore->pname)
+ return KFAILURE;
+ strcpy(p, TktStore->pname);
+ return KSUCCESS;
+}
+
+/*
+ * tf_put_pname() sets the principal's name in the ticket file. Call
+ * after tf_create().
+ */
+
+int
+tf_put_pname(char *p)
+{
+ tktmem *TktStore;
+
+ if(!(TktStore = getTktMem(0)))
+ return KFAILURE;
+ if(!TktStore->pname)
+ return KFAILURE;
+ strcpy(TktStore->pname, p);
+ return KSUCCESS;
+}
+
+/*
+ * tf_get_pinst() reads the principal's instance from a ticket file.
+ * It should only be called after tf_init() and tf_get_pname() have been
+ * called. The instance is filled into the "inst" parameter. If all
+ * goes well, KSUCCESS is returned. If tf_init() wasn't called,
+ * TKT_FIL_INI is returned. If EOF was encountered, or the instance
+ * was longer than ANAME_SZ, TKT_FIL_FMT is returned. Note that the
+ * instance may be null.
+ */
+
+int
+tf_get_pinst(char *inst)
+{
+ tktmem *TktStore;
+
+ if(!(TktStore = getTktMem(0)))
+ return KFAILURE;
+ if(!TktStore->pinst)
+ return KFAILURE;
+ strcpy(inst, TktStore->pinst);
+ return KSUCCESS;
+}
+
+/*
+ * tf_put_pinst writes the principal's instance to the ticket file.
+ * Call after tf_create.
+ */
+
+int
+tf_put_pinst(char *inst)
+{
+ tktmem *TktStore;
+
+ if(!(TktStore = getTktMem(0)))
+ return KFAILURE;
+ if(!TktStore->pinst)
+ return KFAILURE;
+ strcpy(TktStore->pinst, inst);
+ return KSUCCESS;
+}
+
+/*
+ * tf_get_cred() reads a CREDENTIALS record from a ticket file and fills
+ * in the given structure "c". It should only be called after tf_init(),
+ * tf_get_pname(), and tf_get_pinst() have been called. If all goes well,
+ * KSUCCESS is returned. Possible error codes are:
+ *
+ * TKT_FIL_INI - tf_init wasn't called first
+ * TKT_FIL_FMT - bad format
+ * EOF - end of file encountered
+ */
+
+int
+tf_get_cred(CREDENTIALS *c)
+{
+ int index;
+ CREDENTIALS *cred;
+ tktmem *TktStore;
+
+ if(!(TktStore = getTktMem(0)))
+ return KFAILURE;
+ if((index = nextCredIndex()) == -1)
+ return EOF;
+ if(!(cred = TktStore->cred_vec+index))
+ return KFAILURE;
+ if(!c)
+ return KFAILURE;
+ memcpy(c, cred, sizeof(*c));
+ return KSUCCESS;
+}
+
+/*
+ * tf_close() closes the ticket file and sets "fd" to -1. If "fd" is
+ * not a valid file descriptor, it just returns. It also clears the
+ * buffer used to read tickets.
+ */
+
+void
+tf_close(void)
+{
+}
+
+/*
+ * tf_save_cred() appends an incoming ticket to the end of the ticket
+ * file. You must call tf_init() before calling tf_save_cred().
+ *
+ * The "service", "instance", and "realm" arguments specify the
+ * server's name; "session" contains the session key to be used with
+ * the ticket; "kvno" is the server key version number in which the
+ * ticket is encrypted, "ticket" contains the actual ticket, and
+ * "issue_date" is the time the ticket was requested (local host's time).
+ *
+ * Returns KSUCCESS if all goes well, TKT_FIL_INI if tf_init() wasn't
+ * called previously, and KFAILURE for anything else that went wrong.
+ */
+
+int
+tf_save_cred(char *service, /* Service name */
+ char *instance, /* Instance */
+ char *realm, /* Auth domain */
+ unsigned char *session, /* Session key */
+ int lifetime, /* Lifetime */
+ int kvno, /* Key version number */
+ KTEXT ticket, /* The ticket itself */
+ u_int32_t issue_date) /* The issue time */
+{
+ CREDENTIALS *cred;
+ tktmem *mem = getTktMem(0);
+ int last = nextFreeIndex();
+
+ if(last == -1)
+ return KFAILURE;
+ cred = mem->cred_vec+last;
+ strcpy(cred->service, service);
+ strcpy(cred->instance, instance);
+ strcpy(cred->realm, realm);
+ strcpy(cred->session, session);
+ cred->lifetime = lifetime;
+ cred->kvno = kvno;
+ memcpy(&(cred->ticket_st), ticket, sizeof(*ticket));
+ cred->issue_date = issue_date;
+ strcpy(cred->pname, mem->pname);
+ strcpy(cred->pinst, mem->pinst);
+ return KSUCCESS;
+}
+
+
+int
+tf_setup(CREDENTIALS *cred, char *pname, char *pinst)
+{
+ int ret;
+ ret = tf_create(tkt_string());
+ if (ret != KSUCCESS)
+ return ret;
+
+ if (tf_put_pname(pname) != KSUCCESS ||
+ tf_put_pinst(pinst) != KSUCCESS) {
+ tf_close();
+ return INTK_ERR;
+ }
+
+ ret = tf_save_cred(cred->service, cred->instance, cred->realm,
+ cred->session, cred->lifetime, cred->kvno,
+ &cred->ticket_st, cred->issue_date);
+ tf_close();
+ return ret;
+}
diff --git a/crypto/kerberosIV/lib/krb/ticket_memory.h b/crypto/kerberosIV/lib/krb/ticket_memory.h
new file mode 100644
index 0000000..e85e1a4
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/ticket_memory.h
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* ticket_memory.h - Storage for tickets in memory
+ * Author: d93-jka@nada.kth.se - June 1996
+ */
+
+/* $Id: ticket_memory.h,v 1.6 1997/04/20 06:25:12 assar Exp $ */
+
+#ifndef TICKET_MEMORY_H
+#define TICKET_MEMORY_H
+
+#include "krb_locl.h"
+
+#define CRED_VEC_SZ 20
+
+typedef struct _tktmem
+{
+ char tmname[64];
+ char pname[ANAME_SZ]; /* Principal's name */
+ char pinst[INST_SZ]; /* Principal's instance */
+ int last_cred_no;
+ CREDENTIALS cred_vec[CRED_VEC_SZ];
+} tktmem;
+
+int newTktMem(const char *tf_name);
+int freeTktMem(const char *tf_name);
+tktmem *getTktMem(const char *tf_name);
+void firstCred(void);
+int nextCredIndex(void);
+int currCredIndex(void);
+int nextFreeIndex(void);
+
+#endif /* TICKET_MEMORY_H */
diff --git a/crypto/kerberosIV/lib/krb/tkt_string.c b/crypto/kerberosIV/lib/krb/tkt_string.c
new file mode 100644
index 0000000..2914abb
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/tkt_string.c
@@ -0,0 +1,85 @@
+/*
+ Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: tkt_string.c,v 1.10 1997/05/02 14:54:26 assar Exp $");
+
+/*
+ * This routine is used to generate the name of the file that holds
+ * the user's cache of server tickets and associated session keys.
+ *
+ * If it is set, krb_ticket_string contains the ticket file name.
+ * Otherwise, the filename is constructed as follows:
+ *
+ * If it is set, the environment variable "KRBTKFILE" will be used as
+ * the ticket file name. Otherwise TKT_ROOT (defined in "krb.h") and
+ * the user's uid are concatenated to produce the ticket file name
+ * (e.g., "/tmp/tkt123"). A pointer to the string containing the ticket
+ * file name is returned.
+ */
+
+static char krb_ticket_string[MaxPathLen] = "";
+
+#ifndef HAVE_GETUID
+int getuid(void)
+{
+ return 27;
+}
+#endif
+
+char *tkt_string(void)
+{
+ char *env;
+
+ if (!*krb_ticket_string) {
+ if ((env = getenv("KRBTKFILE"))) {
+ strncpy(krb_ticket_string, env,
+ sizeof(krb_ticket_string)-1);
+ krb_ticket_string[sizeof(krb_ticket_string)-1] = '\0';
+ } else {
+ snprintf(krb_ticket_string, sizeof(krb_ticket_string),
+ "%s%u",TKT_ROOT,(unsigned)getuid());
+ }
+ }
+ return krb_ticket_string;
+}
+
+/*
+ * This routine is used to set the name of the file that holds the user's
+ * cache of server tickets and associated session keys.
+ *
+ * The value passed in is copied into local storage.
+ *
+ * NOTE: This routine should be called during initialization, before other
+ * Kerberos routines are called; otherwise tkt_string() above may be called
+ * and return an undesired ticket file name until this routine is called.
+ */
+
+void
+krb_set_tkt_string(char *val)
+{
+
+ strncpy(krb_ticket_string, val, sizeof(krb_ticket_string)-1);
+ krb_ticket_string[sizeof(krb_ticket_string)-1] = '\0';
+
+ return;
+}
diff --git a/crypto/kerberosIV/lib/krb/unparse_name.c b/crypto/kerberosIV/lib/krb/unparse_name.c
new file mode 100644
index 0000000..ddb938f
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/unparse_name.c
@@ -0,0 +1,105 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: unparse_name.c,v 1.7 1997/04/01 08:18:46 joda Exp $");
+
+static void
+quote_string(char *quote, char *from, char *to)
+{
+ while(*from){
+ if(strchr(quote, *from))
+ *to++ = '\\';
+ *to++ = *from++;
+ }
+ *to = 0;
+}
+
+/* To be compatible with old functions, we quote differently in each
+ part of the principal*/
+
+char *
+krb_unparse_name_r(krb_principal *pr, char *fullname)
+{
+ quote_string("'@\\", pr->name, fullname);
+ if(pr->instance[0]){
+ strcat(fullname, ".");
+ quote_string("@\\", pr->instance, fullname + strlen(fullname));
+ }
+ if(pr->realm[0]){
+ strcat(fullname, "@");
+ quote_string("\\", pr->realm, fullname + strlen(fullname));
+ }
+ return fullname;
+}
+
+char *
+krb_unparse_name_long_r(char *name, char *instance, char *realm,
+ char *fullname)
+{
+ krb_principal pr;
+ memset(&pr, 0, sizeof(pr));
+ strcpy(pr.name, name);
+ if(instance)
+ strcpy(pr.instance, instance);
+ if(realm)
+ strcpy(pr.realm, realm);
+ return krb_unparse_name_r(&pr, fullname);
+}
+
+char *
+krb_unparse_name(krb_principal *pr)
+{
+ static char principal[MAX_K_NAME_SZ];
+ krb_unparse_name_r(pr, principal);
+ return principal;
+}
+
+char *
+krb_unparse_name_long(char *name, char *instance, char *realm)
+{
+ krb_principal pr;
+ memset(&pr, 0, sizeof(pr));
+ strcpy(pr.name, name);
+ if(instance)
+ strcpy(pr.instance, instance);
+ if(realm)
+ strcpy(pr.realm, realm);
+ return krb_unparse_name(&pr);
+}
diff --git a/crypto/kerberosIV/lib/krb/util.c b/crypto/kerberosIV/lib/krb/util.c
new file mode 100644
index 0000000..7b77bb8
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/util.c
@@ -0,0 +1,64 @@
+/*
+ *
+ * Copyright 1988 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * Miscellaneous debug printing utilities
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: util.c,v 1.6 1996/10/05 00:18:34 joda Exp $");
+
+/*
+ * Print some of the contents of the given authenticator structure
+ * (AUTH_DAT defined in "krb.h"). Fields printed are:
+ *
+ * pname, pinst, prealm, netaddr, flags, cksum, timestamp, session
+ */
+
+void
+ad_print(AUTH_DAT *x)
+{
+ /*
+ * Print the contents of an auth_dat struct.
+ */
+ struct in_addr address;
+ address.s_addr = x->address;
+ printf("\n%s %s %s %s flags %u cksum 0x%X\n\ttkt_tm 0x%X sess_key",
+ x->pname, x->pinst, x->prealm,
+ inet_ntoa(address), x->k_flags,
+ x->checksum, x->time_sec);
+ printf("[8] =");
+#ifdef NOENCRYPTION
+ placebo_cblock_print(x->session);
+#else
+ des_cblock_print_file(&x->session,stdout);
+#endif
+ /* skip reply for now */
+}
+
+/*
+ * Print in hex the 8 bytes of the given session key.
+ *
+ * Printed format is: " 0x { x, x, x, x, x, x, x, x }"
+ */
+
+#ifdef NOENCRYPTION
+placebo_cblock_print(x)
+ des_cblock x;
+{
+ unsigned char *y = (unsigned char *) x;
+ int i = 0;
+
+ printf(" 0x { ");
+
+ while (i++ <8) {
+ printf("%x",*y++);
+ if (i<8) printf(", ");
+ }
+ printf(" }");
+}
+#endif
diff --git a/crypto/kerberosIV/lib/krb/verify_user.c b/crypto/kerberosIV/lib/krb/verify_user.c
new file mode 100644
index 0000000..ce22b59
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/verify_user.c
@@ -0,0 +1,111 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: verify_user.c,v 1.8 1997/04/01 08:18:46 joda Exp $");
+
+/* Verify user with password. If secure, also verify against local
+ * service key, this can (usually) only be done by root.
+ *
+ * As a side effect, fresh tickets are obtained.
+ *
+ * Returns zero if ok, a positive kerberos error or -1 for system
+ * errors.
+ */
+
+int
+krb_verify_user(char *name, char *instance, char *realm, char *password,
+ int secure, char *linstance)
+{
+ int ret;
+ ret = krb_get_pw_in_tkt(name, instance, realm,
+ KRB_TICKET_GRANTING_TICKET,
+ realm,
+ DEFAULT_TKT_LIFE, password);
+ if(ret != KSUCCESS)
+ return ret;
+
+ if(secure){
+ struct hostent *hp;
+ int32_t addr;
+
+ KTEXT_ST ticket;
+ AUTH_DAT auth;
+
+ char lrealm[REALM_SZ];
+ char hostname[MaxHostNameLen];
+ char *phost;
+
+ if (k_gethostname(hostname, sizeof(hostname)) == -1) {
+ dest_tkt();
+ return -1;
+ }
+
+ hp = gethostbyname(hostname);
+ if(hp == NULL){
+ dest_tkt();
+ return -1;
+ }
+ memcpy(&addr, hp->h_addr, sizeof(addr));
+
+ ret = krb_get_lrealm(lrealm, 1);
+ if(ret != KSUCCESS){
+ dest_tkt();
+ return ret;
+ }
+ phost = krb_get_phost(hostname);
+
+ if (linstance == NULL)
+ linstance = "rcmd";
+
+ ret = krb_mk_req(&ticket, linstance, phost, lrealm, 33);
+ if(ret != KSUCCESS){
+ dest_tkt();
+ return ret;
+ }
+
+ ret = krb_rd_req(&ticket, linstance, phost, addr, &auth, "");
+ if(ret != KSUCCESS){
+ dest_tkt();
+ return ret;
+ }
+ }
+ return 0;
+}
+
diff --git a/crypto/kerberosIV/lib/roken/Makefile.in b/crypto/kerberosIV/lib/roken/Makefile.in
new file mode 100644
index 0000000..26f3142
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/Makefile.in
@@ -0,0 +1,94 @@
+#
+# $Id: Makefile.in,v 1.34 1997/05/28 05:23:39 assar Exp $
+#
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+CC = @CC@
+CPP = @CPP@
+AR = ar
+RANLIB = @RANLIB@
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@
+
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+
+PICFLAGS = # @PICFLAGS@
+
+LIBNAME = $(LIBPREFIX)roken
+#LIBEXT = @LIBEXT@ Always build archive library and don't install!
+LIBEXT = a
+LIBPREFIX = @LIBPREFIX@
+SHLIBEXT = @SHLIBEXT@
+LDSHARED = @LDSHARED@
+LIB = $(LIBNAME).$(LIBEXT)
+
+SOURCES = \
+ chown.c daemon.c err.c errx.c fchown.c get_window_size.c \
+ getcwd.c getdtablesize.c getopt.c getusershell.c \
+ hstrerror.c inaddr2str.c inet_aton.c \
+ initgroups.c k_getpwnam.c k_getpwuid.c lstat.c \
+ memmove.c mini_inetd.c mkstemp.c putenv.c rcmd.c setegid.c \
+ setenv.c seteuid.c signal.c snprintf.c \
+ strcasecmp.c strdup.c strerror.c strftime.c \
+ strlwr.c strnlen.c strtok_r.c strupr.c tm2time.c \
+ unsetenv.c verify.c verr.c verrx.c vwarn.c \
+ vwarnx.c warn.c warnerr.c warnx.c
+
+OBJECTS = k_getpwuid.o k_getpwnam.o signal.o tm2time.o \
+ verify.o inaddr2str.o mini_inetd.o get_window_size.o \
+ warnerr.o snprintf.o @LIBOBJS@
+
+all: $(LIB)
+
+Wall:
+ make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+ $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $<
+
+install: all
+
+uninstall:
+
+TAGS: $(SOURCES)
+ etags $(SOURCES)
+
+check:
+
+clean:
+ rm -f $(LIB) *.o *.a
+
+mostlyclean: clean
+
+distclean: clean
+ rm -f Makefile *.tab.c *~
+
+realclean: distclean
+ rm -f TAGS
+
+dist: $(DISTFILES)
+ for file in $(DISTFILES); do \
+ ln $$file ../`cat ../.fname`/lib \
+ || cp -p $$file ../`cat ../.fname`/lib; \
+ done
+
+$(LIBNAME).a: $(OBJECTS)
+ rm -f $@
+ $(AR) cr $@ $(OBJECTS)
+ -$(RANLIB) $@
+
+$(LIBNAME).$(SHLIBEXT): $(OBJECTS)
+ rm -f $@
+ $(LDSHARED) -o $@ $(OBJECTS)
+
+$(OBJECTS): ../../include/config.h
diff --git a/crypto/kerberosIV/lib/roken/chown.c b/crypto/kerberosIV/lib/roken/chown.c
new file mode 100644
index 0000000..28550d9
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/chown.c
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: chown.c,v 1.2 1997/04/01 08:18:58 joda Exp $");
+#endif
+
+#include "roken.h"
+
+int
+chown(const char *path, uid_t owner, gid_t group)
+{
+ return 0;
+}
diff --git a/crypto/kerberosIV/lib/roken/daemon.c b/crypto/kerberosIV/lib/roken/daemon.c
new file mode 100644
index 0000000..ffab298
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/daemon.c
@@ -0,0 +1,89 @@
+/*-
+ * Copyright (c) 1990, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)daemon.c 8.1 (Berkeley) 6/4/93";
+#endif /* LIBC_SCCS and not lint */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+RCSID("$Id: daemon.c,v 1.2 1997/05/28 05:38:09 assar Exp $");
+
+#ifndef HAVE_DAEMON
+
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#include "roken.h"
+
+int
+daemon(nochdir, noclose)
+ int nochdir, noclose;
+{
+ int fd;
+
+ switch (fork()) {
+ case -1:
+ return (-1);
+ case 0:
+ break;
+ default:
+ _exit(0);
+ }
+
+ if (setsid() == -1)
+ return (-1);
+
+ if (!nochdir)
+ (void)chdir("/");
+
+ if (!noclose && (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
+ (void)dup2(fd, STDIN_FILENO);
+ (void)dup2(fd, STDOUT_FILENO);
+ (void)dup2(fd, STDERR_FILENO);
+ if (fd > 2)
+ (void)close (fd);
+ }
+ return (0);
+}
+
+#endif /* HAVE_DAEMON */
diff --git a/crypto/kerberosIV/lib/roken/err.c b/crypto/kerberosIV/lib/roken/err.c
new file mode 100644
index 0000000..029faa9
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/err.c
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: err.c,v 1.5 1997/03/30 08:05:37 joda Exp $");
+#endif
+
+#include "err.h"
+
+void
+err(int eval, const char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ verr(eval, fmt, ap);
+ va_end(ap);
+}
diff --git a/crypto/kerberosIV/lib/roken/err.h b/crypto/kerberosIV/lib/roken/err.h
new file mode 100644
index 0000000..6f25435
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/err.h
@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: err.h,v 1.13 1997/05/02 14:29:30 assar Exp $ */
+
+#ifndef __ERR_H__
+#define __ERR_H__
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+
+extern const char *__progname;
+
+#if !defined(__GNUC__) && !defined(__attribute__)
+#define __attribute__(x)
+#endif
+
+void warnerr(int doexit, int eval, int doerrno, const char *fmt, va_list ap)
+ __attribute__ ((format (printf, 4, 0)));
+
+void verr(int eval, const char *fmt, va_list ap)
+ __attribute__ ((noreturn, format (printf, 2, 0)));
+void err(int eval, const char *fmt, ...)
+ __attribute__ ((noreturn, format (printf, 2, 3)));
+void verrx(int eval, const char *fmt, va_list ap)
+ __attribute__ ((noreturn, format (printf, 2, 0)));
+void errx(int eval, const char *fmt, ...)
+ __attribute__ ((noreturn, format (printf, 2, 3)));
+void vwarn(const char *fmt, va_list ap)
+ __attribute__ ((format (printf, 1, 0)));
+void warn(const char *fmt, ...)
+ __attribute__ ((format (printf, 1, 2)));
+void vwarnx(const char *fmt, va_list ap)
+ __attribute__ ((format (printf, 1, 0)));
+void warnx(const char *fmt, ...)
+ __attribute__ ((format (printf, 1, 2)));
+
+#endif /* __ERR_H__ */
diff --git a/crypto/kerberosIV/lib/roken/errx.c b/crypto/kerberosIV/lib/roken/errx.c
new file mode 100644
index 0000000..18969d5
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/errx.c
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: errx.c,v 1.5 1997/03/30 08:05:38 joda Exp $");
+#endif
+
+#include "err.h"
+
+void
+errx(int eval, const char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ verrx(eval, fmt, ap);
+ va_end(ap);
+}
diff --git a/crypto/kerberosIV/lib/roken/fchown.c b/crypto/kerberosIV/lib/roken/fchown.c
new file mode 100644
index 0000000..2a94e3a
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/fchown.c
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: fchown.c,v 1.2 1997/04/01 08:18:58 joda Exp $");
+#endif
+
+#include "roken.h"
+
+int
+fchown(int fd, uid_t owner, gid_t group)
+{
+ return 0;
+}
diff --git a/crypto/kerberosIV/lib/roken/get_window_size.c b/crypto/kerberosIV/lib/roken/get_window_size.c
new file mode 100644
index 0000000..d31d18d
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/get_window_size.c
@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: get_window_size.c,v 1.4 1997/04/01 08:18:59 joda Exp $");
+#endif
+
+#include <stdlib.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+#if 0 /* Where were those needed? /confused */
+#ifdef HAVE_SYS_PROC_H
+#include <sys/proc.h>
+#endif
+
+#ifdef HAVE_SYS_TTY_H
+#include <sys/tty.h>
+#endif
+#endif
+
+#ifdef HAVE_TERMIOS_H
+#include <termios.h>
+#endif
+
+#include <roken.h>
+
+int
+get_window_size(int fd, struct winsize *wp)
+{
+#if defined(TIOCGWINSZ)
+ return ioctl(fd, TIOCGWINSZ, wp);
+#elif defined(TIOCGSIZE)
+ struct ttysize ts;
+ int error;
+
+ if ((error = ioctl(0, TIOCGSIZE, &ts)) != 0)
+ return (error);
+ wp->ws_row = ts.ts_lines;
+ wp->ws_col = ts.ts_cols;
+ wp->ws_xpixel = 0;
+ wp->ws_ypixel = 0;
+ return 0;
+#elif defined(HAVE__SCRSIZE)
+ int dst[2];
+
+ _scrsize(dst);
+ wp->ws_row = dst[1];
+ wp->ws_col = dst[0];
+ wp->ws_xpixel = 0;
+ wp->ws_ypixel = 0;
+ return 0;
+#else
+ return -1;
+#endif
+}
diff --git a/crypto/kerberosIV/lib/roken/getcwd.c b/crypto/kerberosIV/lib/roken/getcwd.c
new file mode 100644
index 0000000..a27451f
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/getcwd.c
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: getcwd.c,v 1.7 1997/04/01 08:19:00 joda Exp $");
+#endif
+
+#include <unistd.h>
+#include <sys/param.h>
+
+#include "protos.h"
+#include "roken.h"
+
+char*
+getcwd(char *path, size_t size)
+{
+ char xxx[MaxPathLen];
+ char *ret;
+ ret = getwd(xxx);
+ if(ret)
+ strncpy(path, xxx, size);
+ return ret;
+}
diff --git a/crypto/kerberosIV/lib/roken/getdtablesize.c b/crypto/kerberosIV/lib/roken/getdtablesize.c
new file mode 100644
index 0000000..afd47d2b
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/getdtablesize.c
@@ -0,0 +1,102 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: getdtablesize.c,v 1.8 1997/04/20 05:51:06 assar Exp $");
+#endif
+
+#include "roken.h"
+
+#include <sys/types.h>
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#include <unistd.h>
+
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif
+
+#ifdef HAVE_SYS_SYSCTL_H
+#include <sys/sysctl.h>
+#endif
+
+int getdtablesize(void)
+{
+ int files = -1;
+#if defined(HAVE_SYSCONF) && defined(_SC_OPEN_MAX)
+ files = sysconf(_SC_OPEN_MAX);
+#else /* !defined(HAVE_SYSCONF) */
+#if defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE)
+ struct rlimit res;
+ if (getrlimit(RLIMIT_NOFILE, &res) == 0)
+ files = res.rlim_cur;
+#else /* !definded(HAVE_GETRLIMIT) */
+#if defined(HAVE_SYSCTL) && defined(CTL_KERN) && defined(KERN_MAXFILES)
+ int mib[2];
+ size_t len;
+
+ mib[0] = CTL_KERN;
+ mib[1] = KERN_MAXFILES;
+ len = sizeof(files);
+ sysctl(&mib, 2, &files, sizeof(nfil), NULL, 0);
+#endif /* defined(HAVE_SYSCTL) */
+#endif /* !definded(HAVE_GETRLIMIT) */
+#endif /* !defined(HAVE_SYSCONF) */
+
+#ifdef OPEN_MAX
+ if (files < 0)
+ files = OPEN_MAX;
+#endif
+
+#ifdef NOFILE
+ if (files < 0)
+ files = NOFILE;
+#endif
+
+ return files;
+}
diff --git a/crypto/kerberosIV/lib/roken/getopt.c b/crypto/kerberosIV/lib/roken/getopt.c
new file mode 100644
index 0000000..fea4635
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/getopt.c
@@ -0,0 +1,128 @@
+/*
+ * Copyright (c) 1987, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)getopt.c 8.1 (Berkeley) 6/4/93";
+#endif /* LIBC_SCCS and not lint */
+
+#ifndef __STDC__
+#define const
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+/*
+ * get option letter from argument vector
+ */
+int opterr = 1, /* if error message should be printed */
+ optind = 1, /* index into parent argv vector */
+ optopt, /* character checked for validity */
+ optreset; /* reset getopt */
+char *optarg; /* argument associated with option */
+
+#define BADCH (int)'?'
+#define BADARG (int)':'
+#define EMSG ""
+
+int
+getopt(nargc, nargv, ostr)
+ int nargc;
+ char * const *nargv;
+ const char *ostr;
+{
+ static char *place = EMSG; /* option letter processing */
+ char *oli; /* option letter list index */
+ char *p;
+
+ if (optreset || !*place) { /* update scanning pointer */
+ optreset = 0;
+ if (optind >= nargc || *(place = nargv[optind]) != '-') {
+ place = EMSG;
+ return(EOF);
+ }
+ if (place[1] && *++place == '-') { /* found "--" */
+ ++optind;
+ place = EMSG;
+ return(EOF);
+ }
+ } /* option letter okay? */
+ if ((optopt = (int)*place++) == (int)':' ||
+ !(oli = strchr(ostr, optopt))) {
+ /*
+ * if the user didn't specify '-' as an option,
+ * assume it means EOF.
+ */
+ if (optopt == (int)'-')
+ return(EOF);
+ if (!*place)
+ ++optind;
+ if (opterr && *ostr != ':') {
+ if (!(p = strrchr(*nargv, '/')))
+ p = *nargv;
+ else
+ ++p;
+ fprintf(stderr, "%s: illegal option -- %c\n",
+ p, optopt);
+ }
+ return(BADCH);
+ }
+ if (*++oli != ':') { /* don't need argument */
+ optarg = NULL;
+ if (!*place)
+ ++optind;
+ }
+ else { /* need an argument */
+ if (*place) /* no white space */
+ optarg = place;
+ else if (nargc <= ++optind) { /* no arg */
+ place = EMSG;
+ if (!(p = strrchr(*nargv, '/')))
+ p = *nargv;
+ else
+ ++p;
+ if (*ostr == ':')
+ return(BADARG);
+ if (opterr)
+ fprintf(stderr,
+ "%s: option requires an argument -- %c\n",
+ p, optopt);
+ return(BADCH);
+ }
+ else /* white space */
+ optarg = nargv[optind];
+ place = EMSG;
+ ++optind;
+ }
+ return(optopt); /* dump back option letter */
+}
diff --git a/crypto/kerberosIV/lib/roken/getusershell.c b/crypto/kerberosIV/lib/roken/getusershell.c
new file mode 100644
index 0000000..87a48ec
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/getusershell.c
@@ -0,0 +1,160 @@
+/*
+ * Copyright (c) 1985, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+RCSID("$Id: getusershell.c,v 1.8 1997/04/20 06:18:03 assar Exp $");
+
+#ifndef HAVE_GETUSERSHELL
+
+#include <stdio.h>
+#include <stdlib.h>
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+
+#ifndef _PATH_SHELLS
+#define _PATH_SHELLS "/etc/shells"
+#endif
+
+#ifndef _PATH_BSHELL
+#define _PATH_BSHELL "/bin/sh"
+#endif
+
+#ifndef _PATH_CSHELL
+#define _PATH_CSHELL "/bin/csh"
+#endif
+
+/*
+ * Local shells should NOT be added here. They should be added in
+ * /etc/shells.
+ */
+
+static char *okshells[] = { _PATH_BSHELL, _PATH_CSHELL, NULL };
+static char **curshell, **shells, *strings;
+static char **initshells (void);
+
+/*
+ * Get a list of shells from _PATH_SHELLS, if it exists.
+ */
+char *
+getusershell()
+{
+ char *ret;
+
+ if (curshell == NULL)
+ curshell = initshells();
+ ret = *curshell;
+ if (ret != NULL)
+ curshell++;
+ return (ret);
+}
+
+void
+endusershell()
+{
+
+ if (shells != NULL)
+ free(shells);
+ shells = NULL;
+ if (strings != NULL)
+ free(strings);
+ strings = NULL;
+ curshell = NULL;
+}
+
+void
+setusershell()
+{
+
+ curshell = initshells();
+}
+
+static char **
+initshells()
+{
+ char **sp, *cp;
+ FILE *fp;
+ struct stat statb;
+
+ if (shells != NULL)
+ free(shells);
+ shells = NULL;
+ if (strings != NULL)
+ free(strings);
+ strings = NULL;
+ if ((fp = fopen(_PATH_SHELLS, "r")) == NULL)
+ return (okshells);
+ if (fstat(fileno(fp), &statb) == -1) {
+ fclose(fp);
+ return (okshells);
+ }
+ if ((strings = malloc((u_int)statb.st_size)) == NULL) {
+ fclose(fp);
+ return (okshells);
+ }
+ shells = calloc((unsigned)statb.st_size / 3, sizeof (char *));
+ if (shells == NULL) {
+ fclose(fp);
+ free(strings);
+ strings = NULL;
+ return (okshells);
+ }
+ sp = shells;
+ cp = strings;
+ while (fgets(cp, MaxPathLen + 1, fp) != NULL) {
+ while (*cp != '#' && *cp != '/' && *cp != '\0')
+ cp++;
+ if (*cp == '#' || *cp == '\0')
+ continue;
+ *sp++ = cp;
+ while (!isspace(*cp) && *cp != '#' && *cp != '\0')
+ cp++;
+ *cp++ = '\0';
+ }
+ *sp = NULL;
+ fclose(fp);
+ return (shells);
+}
+#endif /* HAVE_GETUSERSHELL */
diff --git a/crypto/kerberosIV/lib/roken/hstrerror.c b/crypto/kerberosIV/lib/roken/hstrerror.c
new file mode 100644
index 0000000..9e47cb5
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/hstrerror.c
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: hstrerror.c,v 1.17 1997/06/01 03:37:25 assar Exp $");
+#endif
+
+#include "roken.h"
+
+#ifndef HAVE_HSTRERROR
+
+#include <stdio.h>
+#include <netdb.h>
+
+#ifndef HAVE_H_ERRNO
+int h_errno = -17; /* Some magic number */
+#endif
+
+#if !(defined(HAVE_H_ERRLIST) && defined(HAVE_H_NERR))
+static const char *const h_errlist[] = {
+ "Resolver Error 0 (no error)",
+ "Unknown host", /* 1 HOST_NOT_FOUND */
+ "Host name lookup failure", /* 2 TRY_AGAIN */
+ "Unknown server error", /* 3 NO_RECOVERY */
+ "No address associated with name", /* 4 NO_ADDRESS */
+};
+
+static
+const
+int h_nerr = { sizeof h_errlist / sizeof h_errlist[0] };
+#else
+
+#ifndef HAVE_H_ERRLIST_DECLARATION
+extern const char *h_errlist[];
+extern int h_nerr;
+#endif
+
+#endif
+
+char *
+hstrerror(int herr)
+{
+ if (0 <= herr && herr < h_nerr)
+ return (char *) h_errlist[herr];
+ else if(herr == -17)
+ return "unknown error";
+ else
+ return "Error number out of range (hstrerror)";
+}
+
+#endif
diff --git a/crypto/kerberosIV/lib/roken/inaddr2str.c b/crypto/kerberosIV/lib/roken/inaddr2str.c
new file mode 100644
index 0000000..af158aa
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/inaddr2str.c
@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: inaddr2str.c,v 1.6 1997/04/01 08:19:02 joda Exp $");
+#endif
+
+#include <stdlib.h>
+#include <string.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#include "roken.h"
+
+/*
+ * Get a verified name for `addr'.
+ * If unable to find it in the DNS, return x.y.z.a
+ */
+
+void
+inaddr2str(struct in_addr addr, char *s, size_t len)
+{
+ struct hostent *h;
+ char *p;
+
+ h = gethostbyaddr ((const char *)&addr, sizeof(addr), AF_INET);
+ if (h) {
+ h = gethostbyname (h->h_name);
+ if(h)
+ while ((p = *(h->h_addr_list)++))
+ if (memcmp (p, &addr, sizeof(addr)) == 0) {
+ strncpy (s, h->h_name, len);
+ s[len - 1] = '\0';
+ return;
+ }
+ }
+ strncpy (s, inet_ntoa (addr), len);
+ s[len - 1] = '\0';
+ return;
+}
diff --git a/crypto/kerberosIV/lib/roken/inet_aton.c b/crypto/kerberosIV/lib/roken/inet_aton.c
new file mode 100644
index 0000000..c97ef74
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/inet_aton.c
@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: inet_aton.c,v 1.10 1997/05/20 19:57:03 bg Exp $");
+#endif
+
+#include "roken.h"
+
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+
+/* Minimal implementation of inet_aton.
+ * Cannot distinguish between failure and a local broadcast address. */
+
+int
+inet_aton(const char *cp, struct in_addr *addr)
+{
+ addr->s_addr = inet_addr(cp);
+ return (addr->s_addr == INADDR_NONE) ? 0 : 1;
+}
diff --git a/crypto/kerberosIV/lib/roken/initgroups.c b/crypto/kerberosIV/lib/roken/initgroups.c
new file mode 100644
index 0000000..a68aa63
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/initgroups.c
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: initgroups.c,v 1.2 1997/04/01 08:19:03 joda Exp $");
+#endif
+
+#include "roken.h"
+
+int
+initgroups(const char *name, gid_t basegid)
+{
+ return 0;
+}
diff --git a/crypto/kerberosIV/lib/roken/k_getpwnam.c b/crypto/kerberosIV/lib/roken/k_getpwnam.c
new file mode 100644
index 0000000..580b1a2
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/k_getpwnam.c
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: k_getpwnam.c,v 1.6 1997/04/01 08:19:03 joda Exp $");
+#endif /* HAVE_CONFIG_H */
+
+#include "roken.h"
+#ifdef HAVE_SHADOW_H
+#include <shadow.h>
+#endif
+
+struct passwd *
+k_getpwnam (char *user)
+{
+ struct passwd *p;
+
+ p = getpwnam (user);
+#ifdef HAVE_GETSPNAM
+ if(p)
+ {
+ struct spwd *spwd;
+
+ spwd = getspnam (user);
+ if (spwd)
+ p->pw_passwd = spwd->sp_pwdp;
+ endspent ();
+ }
+#else
+ endpwent ();
+#endif
+ return p;
+}
diff --git a/crypto/kerberosIV/lib/roken/k_getpwuid.c b/crypto/kerberosIV/lib/roken/k_getpwuid.c
new file mode 100644
index 0000000..a3a8f04
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/k_getpwuid.c
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: k_getpwuid.c,v 1.6 1997/04/01 08:19:04 joda Exp $");
+#endif /* HAVE_CONFIG_H */
+
+#include "roken.h"
+#ifdef HAVE_SHADOW_H
+#include <shadow.h>
+#endif
+
+struct passwd *
+k_getpwuid (uid_t uid)
+{
+ struct passwd *p;
+
+ p = getpwuid (uid);
+#ifdef HAVE_GETSPUID
+ if (p)
+ {
+ struct spwd *spwd;
+
+ spwd = getspuid (uid);
+ if (spwd)
+ p->pw_passwd = spwd->sp_pwdp;
+ endspent ();
+ }
+#else
+ endpwent ();
+#endif
+ return p;
+}
diff --git a/crypto/kerberosIV/lib/roken/lstat.c b/crypto/kerberosIV/lib/roken/lstat.c
new file mode 100644
index 0000000..881ad9a
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/lstat.c
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: lstat.c,v 1.3 1997/04/01 08:19:04 joda Exp $");
+#endif
+
+#include "roken.h"
+
+int
+lstat(const char *path, struct stat *buf)
+{
+ return stat(path, buf);
+}
diff --git a/crypto/kerberosIV/lib/roken/memmove.c b/crypto/kerberosIV/lib/roken/memmove.c
new file mode 100644
index 0000000..315ff05
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/memmove.c
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: memmove.c,v 1.5 1997/04/01 08:19:05 joda Exp $");
+#endif
+
+/*
+ * memmove for systems that doesn't have it
+ */
+
+#include <sys/types.h>
+
+void* memmove(void *s1, const void *s2, size_t n)
+{
+ char *s=(char*)s2, *d=(char*)s1;
+
+ if(d > s){
+ s+=n-1;
+ d+=n-1;
+ while(n){
+ *d--=*s--;
+ n--;
+ }
+ }else if(d < s)
+ while(n){
+ *d++=*s++;
+ n--;
+ }
+ return s1;
+}
diff --git a/crypto/kerberosIV/lib/roken/mini_inetd.c b/crypto/kerberosIV/lib/roken/mini_inetd.c
new file mode 100644
index 0000000..ccfcfe7
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/mini_inetd.c
@@ -0,0 +1,99 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: mini_inetd.c,v 1.10 1997/05/02 14:30:07 assar Exp $");
+#endif
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+
+#include <roken.h>
+
+void
+mini_inetd (int port)
+{
+ struct sockaddr_in sa;
+ int s = socket(AF_INET, SOCK_STREAM, 0);
+ int s2;
+ int one = 1;
+ if(s < 0){
+ perror("socket");
+ exit(1);
+ }
+#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT)
+ if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&one,
+ sizeof(one)) < 0){
+ perror("setsockopt");
+ exit(1);
+ }
+#endif
+ memset(&sa, 0, sizeof(sa));
+ sa.sin_family = AF_INET;
+ sa.sin_port = port;
+ sa.sin_addr.s_addr = INADDR_ANY;
+ if(bind(s, (struct sockaddr*)&sa, sizeof(sa)) < 0){
+ perror("bind");
+ exit(1);
+ }
+ if(listen(s, SOMAXCONN) < 0){
+ perror("listen");
+ exit(1);
+ }
+ s2 = accept(s, NULL, 0);
+ if(s2 < 0){
+ perror("accept");
+ exit(1);
+ }
+ close(s);
+ dup2(s2, STDIN_FILENO);
+ dup2(s2, STDOUT_FILENO);
+ /* dup2(s2, STDERR_FILENO); */
+ close(s2);
+}
diff --git a/crypto/kerberosIV/lib/roken/mkstemp.c b/crypto/kerberosIV/lib/roken/mkstemp.c
new file mode 100644
index 0000000..e55398a
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/mkstemp.c
@@ -0,0 +1,89 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <string.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#include <errno.h>
+
+RCSID("$Id: mkstemp.c,v 1.2 1997/05/25 02:36:43 joda Exp $");
+
+#ifndef HAVE_MKSTEMP
+
+int
+mkstemp(char *template)
+{
+ int start, i;
+ pid_t val;
+ val = getpid();
+ start = strlen(template) - 1;
+ while(template[start] == 'X') {
+ template[start] = '0' + val % 10;
+ val /= 10;
+ start--;
+ }
+
+ do{
+ int fd;
+ fd = open(template, O_RDWR | O_CREAT | O_EXCL, 0600);
+ if(fd >= 0 || errno != EEXIST)
+ return fd;
+ i = start + 1;
+ do{
+ if(template[i] == 0)
+ return -1;
+ template[i]++;
+ if(template[i] == '9' + 1)
+ template[i] = 'a';
+ if(template[i] <= 'z')
+ break;
+ template[i] = 'a';
+ i++;
+ }while(1);
+ }while(1);
+}
+
+#endif
diff --git a/crypto/kerberosIV/lib/roken/putenv.c b/crypto/kerberosIV/lib/roken/putenv.c
new file mode 100644
index 0000000..20d5a10
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/putenv.c
@@ -0,0 +1,81 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: putenv.c,v 1.5 1997/04/01 08:19:06 joda Exp $");
+#endif
+
+#include <stdlib.h>
+
+extern char **environ;
+
+/*
+ * putenv --
+ * String points to a string of the form name=value.
+ *
+ * Makes the value of the environment variable name equal to
+ * value by altering an existing variable or creating a new one.
+ */
+int putenv(const char *string)
+{
+ int i;
+ int len;
+
+ len = string - strchr(string, '=') + 1;
+
+ if(environ == NULL){
+ environ = malloc(sizeof(char*));
+ if(environ == NULL)
+ return 1;
+ environ[0] = NULL;
+ }
+
+ for(i = 0; environ[i]; i++)
+ if(strncmp(string, environ[i], len)){
+ environ[len] = string;
+ return 0;
+ }
+ environ = realloc(environ, sizeof(char*) * (i + 1));
+ if(environ == NULL)
+ return 1;
+ environ[i] = string;
+ environ[i+1] = NULL;
+ return 0;
+}
+
diff --git a/crypto/kerberosIV/lib/roken/rcmd.c b/crypto/kerberosIV/lib/roken/rcmd.c
new file mode 100644
index 0000000..6064d50
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/rcmd.c
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: rcmd.c,v 1.2 1997/04/01 08:19:06 joda Exp $");
+#endif
+
+#include "roken.h"
+#include <stdio.h>
+
+int
+rcmd(char **ahost,
+ unsigned short inport,
+ const char *locuser,
+ const char *remuser,
+ const char *cmd,
+ int *fd2p)
+{
+ fprintf(stderr, "Only kerberized services are implemented\n");
+ return -1;
+}
diff --git a/crypto/kerberosIV/lib/roken/roken.def b/crypto/kerberosIV/lib/roken/roken.def
new file mode 100644
index 0000000..13e3572
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/roken.def
@@ -0,0 +1,4 @@
+LIBRARY roken
+EXPORTS
+ gettimeofday
+ strcasecmp
diff --git a/crypto/kerberosIV/lib/roken/roken.h b/crypto/kerberosIV/lib/roken/roken.h
new file mode 100644
index 0000000..1204e3e
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/roken.h
@@ -0,0 +1,338 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: roken.h,v 1.63 1997/05/28 05:38:09 assar Exp $ */
+
+#ifndef __ROKEN_H__
+#define __ROKEN_H__
+
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <signal.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_GRP_H
+#include <grp.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+
+#ifdef HAVE_TERMIOS_H
+#include <termios.h>
+#endif
+
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4
+#include <sys/ioctl.h>
+#endif
+
+#include "protos.h"
+
+#if !defined(HAVE_SETSID) && defined(HAVE__SETSID)
+#define setsid _setsid
+#endif
+
+#ifndef HAVE_PUTENV
+int putenv(const char *string);
+#endif
+
+#ifndef HAVE_SETENV
+int setenv(const char *var, const char *val, int rewrite);
+#endif
+
+#ifndef HAVE_UNSETENV
+void unsetenv(const char *name);
+#endif
+
+#ifndef HAVE_GETUSERSHELL
+char *getusershell(void);
+#endif
+
+#if !defined(__GNUC__) && !defined(__attribute__)
+#define __attribute__(x)
+#endif
+
+#ifndef HAVE_SNPRINTF
+int snprintf (char *str, size_t sz, const char *format, ...)
+ __attribute__ ((format (printf, 3, 4)));
+#endif
+
+#ifndef HAVE_VSNPRINTF
+int vsnprintf (char *str, size_t sz, const char *format, va_list ap)
+ __attribute__((format (printf, 3, 0)));
+#endif
+
+#ifndef HAVE_ASPRINTF
+int asprintf (char **ret, const char *format, ...)
+ __attribute__ ((format (printf, 2, 3)));
+#endif
+
+#ifndef HAVE_VASPRINTF
+int vasprintf (char **ret, const char *format, va_list ap)
+ __attribute__((format (printf, 2, 0)));
+#endif
+
+#ifndef HAVE_ASNPRINTF
+int asnprintf (char **ret, size_t max_sz, const char *format, ...)
+ __attribute__ ((format (printf, 3, 4)));
+#endif
+
+#ifndef HAVE_VASNPRINTF
+int vasnprintf (char **ret, size_t max_sz, const char *format, va_list ap)
+ __attribute__((format (printf, 3, 0)));
+#endif
+
+#ifndef HAVE_STRDUP
+char * strdup(const char *old);
+#endif
+
+#ifndef HAVE_STRLWR
+char * strlwr(char *);
+#endif
+
+#ifndef HAVE_STRNLEN
+int strnlen(char*, int);
+#endif
+
+#ifndef HAVE_STRTOK_R
+char *strtok_r(char *s1, const char *s2, char **lasts);
+#endif
+
+#ifndef HAVE_STRUPR
+char * strupr(char *);
+#endif
+
+#ifndef HAVE_GETDTABLESIZE
+int getdtablesize(void);
+#endif
+
+#if IRIX != 4 /* fix for compiler bug */
+#ifdef RETSIGTYPE
+typedef RETSIGTYPE (*SigAction)(/* int??? */);
+SigAction signal(int iSig, SigAction pAction); /* BSD compatible */
+#endif
+#endif
+
+#ifndef SIG_ERR
+#define SIG_ERR ((RETSIGTYPE (*)())-1)
+#endif
+
+#if !defined(HAVE_STRERROR) && !defined(strerror)
+char *strerror(int eno);
+#endif
+
+#ifndef HAVE_HSTRERROR
+char *hstrerror(int herr);
+#endif
+
+#ifndef HAVE_H_ERRNO_DECLARATION
+extern int h_errno;
+#endif
+
+#ifndef HAVE_INET_ATON
+/* Minimal implementation of inet_aton. Doesn't handle hex numbers. */
+int inet_aton(const char *cp, struct in_addr *adr);
+#endif
+
+#if !defined(HAVE_GETCWD)
+char* getcwd(char *path, size_t size);
+#endif
+
+#ifndef HAVE_GETENT
+int getent(char *cp, char *name);
+#endif
+
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+struct passwd *k_getpwnam (char *user);
+struct passwd *k_getpwuid (uid_t uid);
+#endif
+
+#ifndef HAVE_SETEUID
+int seteuid(int euid);
+#endif
+
+#ifndef HAVE_SETEGID
+int setegid(int egid);
+#endif
+
+#ifndef HAVE_LSTAT
+int lstat(const char *path, struct stat *buf);
+#endif
+
+#ifndef HAVE_MKSTEMP
+int mkstemp(char *);
+#endif
+
+#ifndef HAVE_INITGROUPS
+int initgroups(const char *name, gid_t basegid);
+#endif
+
+#ifndef HAVE_FCHOWN
+int fchown(int fd, uid_t owner, gid_t group);
+#endif
+
+#ifndef HAVE_CHOWN
+int chown(const char *path, uid_t owner, gid_t group);
+#endif
+
+#ifndef HAVE_RCMD
+int rcmd(char **ahost, unsigned short inport, const char *locuser,
+ const char *remuser, const char *cmd, int *fd2p);
+#endif
+
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+
+time_t tm2time (struct tm tm, int local);
+
+int unix_verify_user(char *user, char *password);
+
+void inaddr2str(struct in_addr addr, char *s, size_t len);
+
+void mini_inetd (int port);
+
+#ifndef HAVE_STRUCT_WINSIZE
+struct winsize {
+ unsigned short ws_row, ws_col;
+ unsigned short ws_xpixel, ws_ypixel;
+};
+#endif
+
+int get_window_size(int fd, struct winsize *);
+
+#ifndef INADDR_NONE
+#define INADDR_NONE 0xffffffff
+#endif
+
+#ifndef SOMAXCONN
+#define SOMAXCONN 5
+#endif
+
+#ifndef STDIN_FILENO
+#define STDIN_FILENO 0
+#endif
+
+#ifndef STDOUT_FILENO
+#define STDOUT_FILENO 1
+#endif
+
+#ifndef STDERR_FILENO
+#define STDERR_FILENO 2
+#endif
+
+#ifndef max
+#define max(a,b) (((a)>(b))?(a):(b))
+#endif
+
+#ifndef min
+#define min(a,b) (((a)<(b))?(a):(b))
+#endif
+
+#ifndef TRUE
+#define TRUE 1
+#endif
+
+#ifndef FALSE
+#define FALSE 0
+#endif
+
+#ifdef HAVE_SYSLOG_H
+#include <syslog.h>
+/* Misc definitions for old syslogs */
+
+#ifndef LOG_DAEMON
+#define openlog(id,option,facility) openlog((id),(option))
+#define LOG_DAEMON 0
+#endif
+#ifndef LOG_ODELAY
+#define LOG_ODELAY 0
+#endif
+#ifndef LOG_NDELAY
+#define LOG_NDELAY 0x08
+#endif
+#ifndef LOG_CONS
+#define LOG_CONS 0
+#endif
+#ifndef LOG_AUTH
+#define LOG_AUTH 0
+#endif
+#ifndef LOG_AUTHPRIV
+#define LOG_AUTHPRIV LOG_AUTH
+#endif
+#endif
+
+#ifndef HAVE_OPTARG_DECLARATION
+extern char *optarg;
+#endif
+#ifndef HAVE_OPTIND_DECLARATION
+extern int optind;
+#endif
+#ifndef HAVE_OPTERR_DECLARATION
+extern int opterr;
+#endif
+
+#ifndef HAVE___PROGNAME_DECLARATION
+extern const char *__progname;
+#endif
+
+void set_progname(char *argv0);
+
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+
+#ifndef _PATH_DEVNULL
+#define _PATH_DEVNULL "/dev/null"
+#endif
+
+#endif /* __ROKEN_H__ */
diff --git a/crypto/kerberosIV/lib/roken/roken.mak b/crypto/kerberosIV/lib/roken/roken.mak
new file mode 100644
index 0000000..d0c4a6f
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/roken.mak
@@ -0,0 +1,278 @@
+# Microsoft Developer Studio Generated NMAKE File, Format Version 4.10
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+!IF "$(CFG)" == ""
+CFG=roken - Win32 Debug
+!MESSAGE No configuration specified. Defaulting to roken - Win32 Debug.
+!ENDIF
+
+!IF "$(CFG)" != "roken - Win32 Release" && "$(CFG)" != "roken - Win32 Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE on this makefile
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "roken.mak" CFG="roken - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "roken - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "roken - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE
+!ERROR An invalid configuration is specified.
+!ENDIF
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE
+NULL=nul
+!ENDIF
+################################################################################
+# Begin Project
+# PROP Target_Last_Scanned "roken - Win32 Debug"
+RSC=rc.exe
+MTL=mktyplib.exe
+CPP=cl.exe
+
+!IF "$(CFG)" == "roken - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Target_Dir ""
+OUTDIR=.\Release
+INTDIR=.\Release
+
+ALL : ".\Release\roken.dll"
+
+CLEAN :
+ -@erase ".\Release\gettimeofday.obj"
+ -@erase ".\Release\roken.dll"
+ -@erase ".\Release\roken.exp"
+ -@erase ".\Release\roken.lib"
+ -@erase ".\Release\strcasecmp.obj"
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /YX /c
+# ADD CPP /nologo /MT /W3 /GX /O2 /I "..\krb" /I "..\des" /I "..\..\include" /I "..\..\include\win32" /I "." /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /c
+CPP_PROJ=/nologo /MT /W3 /GX /O2 /I "..\krb" /I "..\des" /I "..\..\include" /I\
+ "..\..\include\win32" /I "." /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D\
+ "HAVE_CONFIG_H" /Fp"$(INTDIR)/roken.pch" /YX /Fo"$(INTDIR)/" /c
+CPP_OBJS=.\Release/
+CPP_SBRS=.\.
+# ADD BASE MTL /nologo /D "NDEBUG" /win32
+# ADD MTL /nologo /D "NDEBUG" /win32
+MTL_PROJ=/nologo /D "NDEBUG" /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+BSC32_FLAGS=/nologo /o"$(OUTDIR)/roken.bsc"
+BSC32_SBRS= \
+
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386
+# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386
+LINK32_FLAGS=kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib\
+ advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib\
+ odbccp32.lib /nologo /subsystem:windows /dll /incremental:no\
+ /pdb:"$(OUTDIR)/roken.pdb" /machine:I386 /def:".\roken.def"\
+ /out:"$(OUTDIR)/roken.dll" /implib:"$(OUTDIR)/roken.lib"
+DEF_FILE= \
+ ".\roken.def"
+LINK32_OBJS= \
+ ".\Release\gettimeofday.obj" \
+ ".\Release\strcasecmp.obj"
+
+".\Release\roken.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+
+!ELSEIF "$(CFG)" == "roken - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Target_Dir ""
+OUTDIR=.\Debug
+INTDIR=.\Debug
+
+ALL : ".\Debug\roken.dll"
+
+CLEAN :
+ -@erase ".\Debug\gettimeofday.obj"
+ -@erase ".\Debug\roken.dll"
+ -@erase ".\Debug\roken.exp"
+ -@erase ".\Debug\roken.ilk"
+ -@erase ".\Debug\roken.lib"
+ -@erase ".\Debug\roken.pdb"
+ -@erase ".\Debug\strcasecmp.obj"
+ -@erase ".\Debug\vc40.idb"
+ -@erase ".\Debug\vc40.pdb"
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /YX /c
+# ADD CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /I "..\krb" /I "..\des" /I "..\..\include" /I "..\..\include\win32" /I "." /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /c
+CPP_PROJ=/nologo /MTd /W3 /Gm /GX /Zi /Od /I "..\krb" /I "..\des" /I\
+ "..\..\include" /I "..\..\include\win32" /I "." /D "_DEBUG" /D "WIN32" /D\
+ "_WINDOWS" /D "HAVE_CONFIG_H" /Fp"$(INTDIR)/roken.pch" /YX /Fo"$(INTDIR)/"\
+ /Fd"$(INTDIR)/" /c
+CPP_OBJS=.\Debug/
+CPP_SBRS=.\.
+# ADD BASE MTL /nologo /D "_DEBUG" /win32
+# ADD MTL /nologo /D "_DEBUG" /win32
+MTL_PROJ=/nologo /D "_DEBUG" /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+BSC32_FLAGS=/nologo /o"$(OUTDIR)/roken.bsc"
+BSC32_SBRS= \
+
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386
+# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386
+LINK32_FLAGS=kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib\
+ advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib\
+ odbccp32.lib /nologo /subsystem:windows /dll /incremental:yes\
+ /pdb:"$(OUTDIR)/roken.pdb" /debug /machine:I386 /def:".\roken.def"\
+ /out:"$(OUTDIR)/roken.dll" /implib:"$(OUTDIR)/roken.lib"
+DEF_FILE= \
+ ".\roken.def"
+LINK32_OBJS= \
+ ".\Debug\gettimeofday.obj" \
+ ".\Debug\strcasecmp.obj"
+
+".\Debug\roken.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+
+!ENDIF
+
+.c{$(CPP_OBJS)}.obj:
+ $(CPP) $(CPP_PROJ) $<
+
+.cpp{$(CPP_OBJS)}.obj:
+ $(CPP) $(CPP_PROJ) $<
+
+.cxx{$(CPP_OBJS)}.obj:
+ $(CPP) $(CPP_PROJ) $<
+
+.c{$(CPP_SBRS)}.sbr:
+ $(CPP) $(CPP_PROJ) $<
+
+.cpp{$(CPP_SBRS)}.sbr:
+ $(CPP) $(CPP_PROJ) $<
+
+.cxx{$(CPP_SBRS)}.sbr:
+ $(CPP) $(CPP_PROJ) $<
+
+################################################################################
+# Begin Target
+
+# Name "roken - Win32 Release"
+# Name "roken - Win32 Debug"
+
+!IF "$(CFG)" == "roken - Win32 Release"
+
+!ELSEIF "$(CFG)" == "roken - Win32 Debug"
+
+!ENDIF
+
+################################################################################
+# Begin Source File
+
+SOURCE=\TEMP\jimpa3\lib\krb\gettimeofday.c
+DEP_CPP_GETTI=\
+ "..\..\include\protos.h"\
+ "..\..\include\sys/bitypes.h"\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ "..\des\des.h"\
+ "..\krb\krb.h"\
+ "..\krb\krb_locl.h"\
+ "..\krb\prot.h"\
+ "..\krb\resolve.h"\
+ ".\roken.h"\
+ {$(INCLUDE)}"\sys\stat.h"\
+ {$(INCLUDE)}"\sys\types.h"\
+
+
+!IF "$(CFG)" == "roken - Win32 Release"
+
+
+".\Release\gettimeofday.obj" : $(SOURCE) $(DEP_CPP_GETTI) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "roken - Win32 Debug"
+
+
+".\Debug\gettimeofday.obj" : $(SOURCE) $(DEP_CPP_GETTI) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\roken.def
+
+!IF "$(CFG)" == "roken - Win32 Release"
+
+!ELSEIF "$(CFG)" == "roken - Win32 Debug"
+
+!ENDIF
+
+# End Source File
+################################################################################
+# Begin Source File
+
+SOURCE=.\strcasecmp.c
+DEP_CPP_STRCA=\
+ "..\..\include\sys/cdefs.h"\
+ "..\..\include\win32\config.h"\
+ {$(INCLUDE)}"\sys\types.h"\
+
+
+!IF "$(CFG)" == "roken - Win32 Release"
+
+
+".\Release\strcasecmp.obj" : $(SOURCE) $(DEP_CPP_STRCA) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "roken - Win32 Debug"
+
+
+".\Debug\strcasecmp.obj" : $(SOURCE) $(DEP_CPP_STRCA) "$(INTDIR)"
+
+
+!ENDIF
+
+# End Source File
+# End Target
+# End Project
+################################################################################
diff --git a/crypto/kerberosIV/lib/roken/setegid.c b/crypto/kerberosIV/lib/roken/setegid.c
new file mode 100644
index 0000000..b79bdd5
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/setegid.c
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: setegid.c,v 1.7 1997/04/01 08:19:07 joda Exp $");
+#endif
+
+#include <unistd.h>
+
+#include "roken.h"
+
+int
+setegid(int egid)
+{
+#ifdef HAVE_SETREGID
+ return setregid(-1, egid);
+#endif
+
+#ifdef HAVE_SETRESGID
+ return setresgid(-1, egid, -1);
+#endif
+
+ return -1;
+}
diff --git a/crypto/kerberosIV/lib/roken/setenv.c b/crypto/kerberosIV/lib/roken/setenv.c
new file mode 100644
index 0000000..c83591f
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/setenv.c
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: setenv.c,v 1.8 1997/05/02 14:29:32 assar Exp $");
+#endif
+
+#include "roken.h"
+
+#include <stdlib.h>
+#include <string.h>
+
+/*
+ * This is the easy way out, use putenv to implement setenv. We might
+ * leak some memory but that is ok since we are usally about to exec
+ * anyway.
+ */
+
+int
+setenv(const char *var, const char *val, int rewrite)
+{
+ char *t;
+
+ if (!rewrite && getenv(var) != 0)
+ return 0;
+
+ asprintf (&t, "%s=%s", var, val);
+ if (t == NULL)
+ return -1;
+
+ if (putenv(t) == 0)
+ return 0;
+ else
+ return -1;
+}
diff --git a/crypto/kerberosIV/lib/roken/seteuid.c b/crypto/kerberosIV/lib/roken/seteuid.c
new file mode 100644
index 0000000..b831318
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/seteuid.c
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: seteuid.c,v 1.7 1997/04/01 08:19:08 joda Exp $");
+#endif
+
+#include <unistd.h>
+
+#include "roken.h"
+
+int
+seteuid(int euid)
+{
+#ifdef HAVE_SETREUID
+ return setreuid(-1, euid);
+#endif
+
+#ifdef HAVE_SETRESUID
+ return setresuid(-1, euid, -1);
+#endif
+
+ return -1;
+}
diff --git a/crypto/kerberosIV/lib/roken/signal.c b/crypto/kerberosIV/lib/roken/signal.c
new file mode 100644
index 0000000..a39a194
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/signal.c
@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: signal.c,v 1.8 1997/04/01 08:19:09 joda Exp $");
+#endif
+
+#include <signal.h>
+
+/*
+ * We would like to always use this signal but there is a link error
+ * on NEXTSTEP
+ */
+#ifndef NeXT
+/*
+ * Bugs:
+ *
+ * Do we need any extra hacks for SIGCLD and/or SIGCHLD?
+ */
+
+typedef RETSIGTYPE (*SigAction)(/* int??? */);
+
+SigAction
+signal(int iSig, SigAction pAction)
+{
+ struct sigaction saNew, saOld;
+
+ saNew.sa_handler = pAction;
+ sigemptyset(&saNew.sa_mask);
+ saNew.sa_flags = 0;
+
+ if (iSig == SIGALRM)
+ {
+#ifdef SA_INTERRUPT
+ saNew.sa_flags |= SA_INTERRUPT;
+#endif
+ }
+ else
+ {
+#ifdef SA_RESTART
+ saNew.sa_flags |= SA_RESTART;
+#endif
+ }
+
+ if (sigaction(iSig, &saNew, &saOld) < 0)
+ return(SIG_ERR);
+
+ return(saOld.sa_handler);
+}
+#endif
diff --git a/crypto/kerberosIV/lib/roken/snprintf.c b/crypto/kerberosIV/lib/roken/snprintf.c
new file mode 100644
index 0000000..b0757e5
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/snprintf.c
@@ -0,0 +1,520 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: snprintf.c,v 1.13 1997/05/25 02:00:31 assar Exp $");
+#endif
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <roken.h>
+
+/*
+ * Common state
+ */
+
+struct state {
+ char *str;
+ char *s;
+ char *theend;
+ size_t sz;
+ size_t max_sz;
+ int (*append_char)(struct state *, char);
+ int (*reserve)(struct state *, size_t);
+ /* XXX - methods */
+};
+
+static int
+sn_reserve (struct state *state, size_t n)
+{
+ return state->s + n > state->theend;
+}
+
+static int
+sn_append_char (struct state *state, char c)
+{
+ if (sn_reserve (state, 1)) {
+ *state->s++ = '\0';
+ return 1;
+ } else {
+ *state->s++ = c;
+ return 0;
+ }
+}
+
+static int
+as_reserve (struct state *state, size_t n)
+{
+ while (state->s + n > state->theend) {
+ int off = state->s - state->str;
+ char *tmp;
+
+ if (state->max_sz && state->sz >= state->max_sz)
+ return 1;
+
+ if (state->max_sz)
+ state->sz = min(state->max_sz, state->sz*2);
+ else
+ state->sz *= 2;
+ tmp = realloc (state->str, state->sz);
+ if (tmp == NULL)
+ return 1;
+ state->str = tmp;
+ state->s = state->str + off;
+ state->theend = state->str + state->sz - 1;
+ }
+ return 0;
+}
+
+static int
+as_append_char (struct state *state, char c)
+{
+ if(as_reserve (state, 1))
+ return 1;
+ else {
+ *state->s++ = c;
+ return 0;
+ }
+}
+
+static int
+append_number (struct state *state,
+ unsigned long num, unsigned base, char *rep,
+ int width, int zerop, int minusp)
+{
+ int i, len;
+
+ len = 0;
+ if (num == 0) {
+ ++len;
+ if((*state->append_char) (state, '0'))
+ return 1;
+ }
+ while (num > 0) {
+ ++len;
+ if ((*state->append_char) (state, rep[num % base]))
+ return 1;
+ num /= base;
+ }
+ if (minusp) {
+ ++len;
+ if ((*state->append_char) (state, '-'))
+ return 1;
+ }
+
+ for (i = 0; i < len / 2; ++i) {
+ char c;
+
+ c = state->s[-i-1];
+ state->s[-i-1] = state->s[-len+i];
+ state->s[-len+i] = c;
+ }
+
+ if (width > len) {
+ if ((*state->reserve) (state, width - len))
+ return 1;
+
+#ifdef HAVE_MEMMOVE
+ memmove (state->s + width - 2 * len, state->s - len, len);
+#else
+ bcopy (state->s - len, state->s + width - 2 * len, len);
+#endif
+ for (i = 0; i < width - len; ++i)
+ state->s[-len+i] = (zerop ? '0' : ' ');
+ state->s += width - len;
+
+ }
+ return 0;
+}
+
+static int
+append_string (struct state *state,
+ char *arg,
+ int prec)
+{
+ if (prec) {
+ while (*arg && prec--)
+ if ((*state->append_char) (state, *arg++))
+ return 1;
+ } else {
+ while (*arg)
+ if ((*state->append_char) (state, *arg++))
+ return 1;
+ }
+ return 0;
+}
+
+/*
+ * This can't be made into a function...
+ */
+
+#define PARSE_INT_FORMAT(res, arg, unsig) \
+if (long_flag) \
+ res = va_arg(arg, unsig long); \
+else if (short_flag) \
+ res = va_arg(arg, unsig short); \
+else \
+ res = va_arg(arg, unsig int)
+
+/*
+ * zyxprintf - return 0 or -1
+ */
+
+static int
+xyzprintf (struct state *state, const char *format, va_list ap)
+{
+ char c;
+
+ while((c = *format++)) {
+ if (c == '%') {
+ int zerop = 0;
+ int width = 0;
+ int prec = 0;
+ int long_flag = 0;
+ int short_flag = 0;
+
+ c = *format++;
+
+ /* flags */
+ if (c == '0') {
+ zerop = 1;
+ c = *format++;
+ }
+
+ /* width */
+ if (isdigit(c))
+ do {
+ width = width * 10 + c - '0';
+ c = *format++;
+ } while(isdigit(c));
+ else if(c == '*') {
+ width = va_arg(ap, int);
+ c = *format++;
+ }
+
+ /* precision */
+ if (c == '.') {
+ c = *format++;
+ if (isdigit(c))
+ do {
+ prec = prec * 10 + c - '0';
+ c = *format++;
+ } while(isdigit(c));
+ else if (c == '*') {
+ prec = va_arg(ap, int);
+ c = *format++;
+ }
+ }
+
+ /* size */
+
+ if (c == 'h') {
+ short_flag = 1;
+ c = *format++;
+ } else if (c == 'l') {
+ long_flag = 1;
+ c = *format++;
+ }
+
+ switch (c) {
+ case 'c' :
+ if ((*state->append_char)(state, (unsigned char)va_arg(ap, int)))
+ return -1;
+ break;
+ case 's' :
+ if (append_string(state,
+ va_arg(ap, char*),
+ prec))
+ return -1;
+ break;
+ case 'd' :
+ case 'i' : {
+ long arg;
+ unsigned long num;
+ int minusp = 0;
+
+ PARSE_INT_FORMAT(arg, ap, );
+
+ if (arg < 0) {
+ minusp = 1;
+ num = -arg;
+ } else
+ num = arg;
+
+ if (append_number (state, num, 10, "0123456789",
+ width, zerop, minusp))
+ return -1;
+ break;
+ }
+ case 'u' : {
+ unsigned long arg;
+
+ PARSE_INT_FORMAT(arg, ap, unsigned);
+
+ if (append_number (state, arg, 10, "0123456789",
+ width, zerop, 0))
+ return -1;
+ break;
+ }
+ case 'o' : {
+ unsigned long arg;
+
+ PARSE_INT_FORMAT(arg, ap, unsigned);
+
+ if (append_number (state, arg, 010, "01234567",
+ width, zerop, 0))
+ return -1;
+ break;
+ }
+ case 'x' : {
+ unsigned long arg;
+
+ PARSE_INT_FORMAT(arg, ap, unsigned);
+
+ if (append_number (state, arg, 0x10, "0123456789abcdef",
+ width, zerop, 0))
+ return -1;
+ break;
+ }
+ case 'X' :{
+ unsigned long arg;
+
+ PARSE_INT_FORMAT(arg, ap, unsigned);
+
+ if (append_number (state, arg, 0x10, "0123456789ABCDEF",
+ width, zerop, 0))
+ return -1;
+ break;
+ }
+ case 'p' : {
+ unsigned long arg = (unsigned long)va_arg(ap, void*);
+
+ if (append_number (state, arg, 0x10, "0123456789ABCDEF",
+ width, zerop, 0))
+ return -1;
+ break;
+ }
+ case '%' :
+ if ((*state->append_char)(state, c))
+ return -1;
+ break;
+ default :
+ if ( (*state->append_char)(state, '%')
+ || (*state->append_char)(state, c))
+ return -1;
+ break;
+ }
+ } else
+ if ((*state->append_char) (state, c))
+ return -1;
+ }
+ return 0;
+}
+
+#ifndef HAVE_SNPRINTF
+int
+snprintf (char *str, size_t sz, const char *format, ...)
+{
+ va_list args;
+ int ret;
+
+ va_start(args, format);
+ ret = vsnprintf (str, sz, format, args);
+
+#ifdef PARANOIA
+ {
+ int ret2;
+ char *tmp;
+
+ tmp = malloc (sz);
+ if (tmp == NULL)
+ abort ();
+
+ ret2 = vsprintf (tmp, format, args);
+ if (ret != ret2 || strcmp(str, tmp))
+ abort ();
+ free (tmp);
+ }
+#endif
+
+ va_end(args);
+ return ret;
+}
+#endif
+
+#ifndef HAVE_ASPRINTF
+int
+asprintf (char **ret, const char *format, ...)
+{
+ va_list args;
+ int val;
+
+ va_start(args, format);
+ val = vasprintf (ret, format, args);
+
+#ifdef PARANOIA
+ {
+ int ret2;
+ char *tmp;
+ tmp = malloc (val + 1);
+ if (tmp == NULL)
+ abort ();
+
+ ret2 = vsprintf (tmp, format, args);
+ if (val != ret2 || strcmp(*ret, tmp))
+ abort ();
+ free (tmp);
+ }
+#endif
+
+ va_end(args);
+ return val;
+}
+#endif
+
+#ifndef HAVE_ASNPRINTF
+int
+asnprintf (char **ret, size_t max_sz, const char *format, ...)
+{
+ va_list args;
+ int val;
+
+ va_start(args, format);
+ val = vasnprintf (ret, max_sz, format, args);
+
+#ifdef PARANOIA
+ {
+ int ret2;
+ char *tmp;
+ tmp = malloc (val + 1);
+ if (tmp == NULL)
+ abort ();
+
+ ret2 = vsprintf (tmp, format, args);
+ if (val != ret2 || strcmp(*ret, tmp))
+ abort ();
+ free (tmp);
+ }
+#endif
+
+ va_end(args);
+ return val;
+}
+#endif
+
+#ifndef HAVE_VASPRINTF
+int
+vasprintf (char **ret, const char *format, va_list args)
+{
+ return vasnprintf (ret, 0, format, args);
+}
+#endif
+
+
+#ifndef HAVE_VASNPRINTF
+int
+vasnprintf (char **ret, size_t max_sz, const char *format, va_list args)
+{
+ int st;
+ size_t len;
+ struct state state;
+
+ state.max_sz = max_sz;
+ if (max_sz)
+ state.sz = min(1, max_sz);
+ else
+ state.sz = 1;
+ state.str = malloc(state.sz);
+ if (state.str == NULL) {
+ *ret = NULL;
+ return -1;
+ }
+ state.s = state.str;
+ state.theend = state.s + state.sz - 1;
+ state.append_char = as_append_char;
+ state.reserve = as_reserve;
+
+ st = xyzprintf (&state, format, args);
+ if (st) {
+ free (state.str);
+ *ret = NULL;
+ return -1;
+ } else {
+ char *tmp;
+
+ *state.s = '\0';
+ len = state.s - state.str;
+ tmp = realloc (state.str, len+1);
+ if (state.str == NULL) {
+ free (state.str);
+ *ret = NULL;
+ return -1;
+ }
+ *ret = tmp;
+ return len;
+ }
+}
+#endif
+
+#ifndef HAVE_VSNPRINTF
+int
+vsnprintf (char *str, size_t sz, const char *format, va_list args)
+{
+ struct state state;
+ int ret;
+
+ state.max_sz = 0;
+ state.sz = sz;
+ state.str = str;
+ state.s = str;
+ state.theend = str + sz - 1;
+ state.append_char = sn_append_char;
+ state.reserve = sn_reserve;
+
+ ret = xyzprintf (&state, format, args);
+ *state.s = '\0';
+ if (ret)
+ return sz;
+ else
+ return state.s - state.str;
+}
+#endif
+
diff --git a/crypto/kerberosIV/lib/roken/strcasecmp.c b/crypto/kerberosIV/lib/roken/strcasecmp.c
new file mode 100644
index 0000000..a268c29
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/strcasecmp.c
@@ -0,0 +1,118 @@
+/*
+ * Copyright (c) 1987, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strcasecmp.c,v 1.3 1997/04/20 18:04:23 assar Exp $");
+#endif
+
+#include <string.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#include <sys/cdefs.h>
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)strcasecmp.c 8.1 (Berkeley) 6/4/93";
+#endif /* LIBC_SCCS and not lint */
+
+/*
+ * This array is designed for mapping upper and lower case letter
+ * together for a case independent comparison. The mappings are
+ * based upon ascii character sequences.
+ */
+static const unsigned char charmap[] = {
+ '\000', '\001', '\002', '\003', '\004', '\005', '\006', '\007',
+ '\010', '\011', '\012', '\013', '\014', '\015', '\016', '\017',
+ '\020', '\021', '\022', '\023', '\024', '\025', '\026', '\027',
+ '\030', '\031', '\032', '\033', '\034', '\035', '\036', '\037',
+ '\040', '\041', '\042', '\043', '\044', '\045', '\046', '\047',
+ '\050', '\051', '\052', '\053', '\054', '\055', '\056', '\057',
+ '\060', '\061', '\062', '\063', '\064', '\065', '\066', '\067',
+ '\070', '\071', '\072', '\073', '\074', '\075', '\076', '\077',
+ '\100', '\141', '\142', '\143', '\144', '\145', '\146', '\147',
+ '\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157',
+ '\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167',
+ '\170', '\171', '\172', '\133', '\134', '\135', '\136', '\137',
+ '\140', '\141', '\142', '\143', '\144', '\145', '\146', '\147',
+ '\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157',
+ '\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167',
+ '\170', '\171', '\172', '\173', '\174', '\175', '\176', '\177',
+ '\200', '\201', '\202', '\203', '\204', '\205', '\206', '\207',
+ '\210', '\211', '\212', '\213', '\214', '\215', '\216', '\217',
+ '\220', '\221', '\222', '\223', '\224', '\225', '\226', '\227',
+ '\230', '\231', '\232', '\233', '\234', '\235', '\236', '\237',
+ '\240', '\241', '\242', '\243', '\244', '\245', '\246', '\247',
+ '\250', '\251', '\252', '\253', '\254', '\255', '\256', '\257',
+ '\260', '\261', '\262', '\263', '\264', '\265', '\266', '\267',
+ '\270', '\271', '\272', '\273', '\274', '\275', '\276', '\277',
+ '\300', '\301', '\302', '\303', '\304', '\305', '\306', '\307',
+ '\310', '\311', '\312', '\313', '\314', '\315', '\316', '\317',
+ '\320', '\321', '\322', '\323', '\324', '\325', '\326', '\327',
+ '\330', '\331', '\332', '\333', '\334', '\335', '\336', '\337',
+ '\340', '\341', '\342', '\343', '\344', '\345', '\346', '\347',
+ '\350', '\351', '\352', '\353', '\354', '\355', '\356', '\357',
+ '\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367',
+ '\370', '\371', '\372', '\373', '\374', '\375', '\376', '\377',
+};
+
+int
+strcasecmp(const char *s1, const char *s2)
+{
+ const unsigned char *cm = charmap,
+ *us1 = (const unsigned char *)s1,
+ *us2 = (const unsigned char *)s2;
+
+ while (cm[*us1] == cm[*us2++])
+ if (*us1++ == '\0')
+ return (0);
+ return (cm[*us1] - cm[*--us2]);
+}
+
+int
+strncasecmp(const char *s1, const char *s2, size_t n)
+{
+ if (n != 0) {
+ const unsigned char *cm = charmap,
+ *us1 = (const unsigned char *)s1,
+ *us2 = (const unsigned char *)s2;
+
+ do {
+ if (cm[*us1] != cm[*us2++])
+ return (cm[*us1] - cm[*--us2]);
+ if (*us1++ == '\0')
+ break;
+ } while (--n != 0);
+ }
+ return (0);
+}
diff --git a/crypto/kerberosIV/lib/roken/strdup.c b/crypto/kerberosIV/lib/roken/strdup.c
new file mode 100644
index 0000000..b16992f
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/strdup.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strdup.c,v 1.9 1997/04/01 08:19:10 joda Exp $");
+#endif
+#include <stdlib.h>
+#include <string.h>
+
+#ifndef HAVE_STRDUP
+char *
+strdup(const char *old)
+{
+ char *t = malloc(strlen(old)+1);
+ if (t != 0)
+ strcpy(t, old);
+ return t;
+}
+#endif
diff --git a/crypto/kerberosIV/lib/roken/strerror.c b/crypto/kerberosIV/lib/roken/strerror.c
new file mode 100644
index 0000000..3d7b45c
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/strerror.c
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strerror.c,v 1.8 1997/05/02 14:29:33 assar Exp $");
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+
+extern int sys_nerr;
+extern char *sys_errlist[];
+
+char*
+strerror(int eno)
+{
+ static char emsg[1024];
+
+ if(eno < 0 || eno >= sys_nerr)
+ snprintf(emsg, sizeof(emsg), "Error %d occurred.", eno);
+ else
+ strcpy(emsg, sys_errlist[eno]);
+
+ return emsg;
+}
diff --git a/crypto/kerberosIV/lib/roken/strftime.c b/crypto/kerberosIV/lib/roken/strftime.c
new file mode 100644
index 0000000..3473778
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/strftime.c
@@ -0,0 +1,299 @@
+/*
+ * Copyright (c) 1989, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <sys/types.h>
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#define TM_YEAR_BASE 1900 /* from <tzfile.h> */
+#include <string.h>
+
+static char *afmt[] = {
+ "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat",
+};
+static char *Afmt[] = {
+ "Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday",
+ "Saturday",
+};
+static char *bfmt[] = {
+ "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep",
+ "Oct", "Nov", "Dec",
+};
+static char *Bfmt[] = {
+ "January", "February", "March", "April", "May", "June", "July",
+ "August", "September", "October", "November", "December",
+};
+
+static size_t gsize;
+static char *pt;
+
+static int _add (char *);
+static int _conv (int, int, int);
+#ifdef HAVE_MKTIME
+static int _secs (const struct tm *);
+#endif /* HAVE_MKTIME */
+static size_t _fmt (const char *, const struct tm *);
+
+size_t
+strftime(char *s, size_t maxsize, const char *format, const struct tm *t)
+{
+
+ pt = s;
+ if ((gsize = maxsize) < 1)
+ return(0);
+ if (_fmt(format, t)) {
+ *pt = '\0';
+ return(maxsize - gsize);
+ }
+ return(0);
+}
+
+static size_t
+_fmt(const char *format, const struct tm *t)
+{
+ for (; *format; ++format) {
+ if (*format == '%')
+ switch(*++format) {
+ case '\0':
+ --format;
+ break;
+ case 'A':
+ if (t->tm_wday < 0 || t->tm_wday > 6)
+ return(0);
+ if (!_add(Afmt[t->tm_wday]))
+ return(0);
+ continue;
+ case 'a':
+ if (t->tm_wday < 0 || t->tm_wday > 6)
+ return(0);
+ if (!_add(afmt[t->tm_wday]))
+ return(0);
+ continue;
+ case 'B':
+ if (t->tm_mon < 0 || t->tm_mon > 11)
+ return(0);
+ if (!_add(Bfmt[t->tm_mon]))
+ return(0);
+ continue;
+ case 'b':
+ case 'h':
+ if (t->tm_mon < 0 || t->tm_mon > 11)
+ return(0);
+ if (!_add(bfmt[t->tm_mon]))
+ return(0);
+ continue;
+ case 'C':
+ if (!_fmt("%a %b %e %H:%M:%S %Y", t))
+ return(0);
+ continue;
+ case 'c':
+ if (!_fmt("%m/%d/%y %H:%M:%S", t))
+ return(0);
+ continue;
+ case 'D':
+ if (!_fmt("%m/%d/%y", t))
+ return(0);
+ continue;
+ case 'd':
+ if (!_conv(t->tm_mday, 2, '0'))
+ return(0);
+ continue;
+ case 'e':
+ if (!_conv(t->tm_mday, 2, ' '))
+ return(0);
+ continue;
+ case 'H':
+ if (!_conv(t->tm_hour, 2, '0'))
+ return(0);
+ continue;
+ case 'I':
+ if (!_conv(t->tm_hour % 12 ?
+ t->tm_hour % 12 : 12, 2, '0'))
+ return(0);
+ continue;
+ case 'j':
+ if (!_conv(t->tm_yday + 1, 3, '0'))
+ return(0);
+ continue;
+ case 'k':
+ if (!_conv(t->tm_hour, 2, ' '))
+ return(0);
+ continue;
+ case 'l':
+ if (!_conv(t->tm_hour % 12 ?
+ t->tm_hour % 12 : 12, 2, ' '))
+ return(0);
+ continue;
+ case 'M':
+ if (!_conv(t->tm_min, 2, '0'))
+ return(0);
+ continue;
+ case 'm':
+ if (!_conv(t->tm_mon + 1, 2, '0'))
+ return(0);
+ continue;
+ case 'n':
+ if (!_add("\n"))
+ return(0);
+ continue;
+ case 'p':
+ if (!_add(t->tm_hour >= 12 ? "PM" : "AM"))
+ return(0);
+ continue;
+ case 'R':
+ if (!_fmt("%H:%M", t))
+ return(0);
+ continue;
+ case 'r':
+ if (!_fmt("%I:%M:%S %p", t))
+ return(0);
+ continue;
+ case 'S':
+ if (!_conv(t->tm_sec, 2, '0'))
+ return(0);
+ continue;
+#ifdef HAVE_MKTIME
+ case 's':
+ if (!_secs(t))
+ return(0);
+ continue;
+#endif /* HAVE_MKTIME */
+ case 'T':
+ case 'X':
+ if (!_fmt("%H:%M:%S", t))
+ return(0);
+ continue;
+ case 't':
+ if (!_add("\t"))
+ return(0);
+ continue;
+ case 'U':
+ if (!_conv((t->tm_yday + 7 - t->tm_wday) / 7,
+ 2, '0'))
+ return(0);
+ continue;
+ case 'W':
+ if (!_conv((t->tm_yday + 7 -
+ (t->tm_wday ? (t->tm_wday - 1) : 6))
+ / 7, 2, '0'))
+ return(0);
+ continue;
+ case 'w':
+ if (!_conv(t->tm_wday, 1, '0'))
+ return(0);
+ continue;
+ case 'x':
+ if (!_fmt("%m/%d/%y", t))
+ return(0);
+ continue;
+ case 'y':
+ if (!_conv((t->tm_year + TM_YEAR_BASE)
+ % 100, 2, '0'))
+ return(0);
+ continue;
+ case 'Y':
+ if (!_conv(t->tm_year + TM_YEAR_BASE, 4, '0'))
+ return(0);
+ continue;
+#ifdef notdef
+ case 'Z':
+ if (!t->tm_zone || !_add(t->tm_zone))
+ return(0);
+ continue;
+#endif
+ case '%':
+ /*
+ * X311J/88-090 (4.12.3.5): if conversion char is
+ * undefined, behavior is undefined. Print out the
+ * character itself as printf(3) does.
+ */
+ default:
+ break;
+ }
+ if (!gsize--)
+ return(0);
+ *pt++ = *format;
+ }
+ return(gsize);
+}
+
+#ifdef HAVE_MKTIME
+static int
+_secs(const struct tm *t)
+{
+ static char buf[15];
+ time_t s;
+ char *p;
+ struct tm tmp;
+
+ /* Make a copy, mktime(3) modifies the tm struct. */
+ tmp = *t;
+ s = mktime(&tmp);
+ for (p = buf + sizeof(buf) - 2; s > 0 && p > buf; s /= 10)
+ *p-- = s % 10 + '0';
+ return(_add(++p));
+}
+#endif /* HAVE_MKTIME */
+
+static int
+_conv(int n, int digits, int pad)
+{
+ static char buf[10];
+ char *p;
+
+ for (p = buf + sizeof(buf) - 2; n > 0 && p > buf; n /= 10, --digits)
+ *p-- = n % 10 + '0';
+ while (p > buf && digits-- > 0)
+ *p-- = pad;
+ return(_add(++p));
+}
+
+static int
+_add(str)
+ char *str;
+{
+ for (;; ++pt, --gsize) {
+ if (!gsize)
+ return(0);
+ if (!(*pt = *str++))
+ return(1);
+ }
+}
diff --git a/crypto/kerberosIV/lib/roken/strlwr.c b/crypto/kerberosIV/lib/roken/strlwr.c
new file mode 100644
index 0000000..0222d8c
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/strlwr.c
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strlwr.c,v 1.3 1997/04/01 08:19:11 joda Exp $");
+#endif
+#include <string.h>
+#include <ctype.h>
+
+#include <roken.h>
+
+#ifndef HAVE_STRLWR
+char *
+strlwr(char *str)
+{
+ char *s;
+
+ for(s = str; *s; s++)
+ *s = tolower(*s);
+ return str;
+}
+#endif
diff --git a/crypto/kerberosIV/lib/roken/strnlen.c b/crypto/kerberosIV/lib/roken/strnlen.c
new file mode 100644
index 0000000..51588f6
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/strnlen.c
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strnlen.c,v 1.5 1997/04/01 08:19:11 joda Exp $");
+#endif
+
+#include "roken.h"
+
+int
+strnlen(char *s, int len)
+{
+ int i;
+ for(i = 0; i < len && s[i]; i++)
+ ;
+ return i;
+}
diff --git a/crypto/kerberosIV/lib/roken/strtok_r.c b/crypto/kerberosIV/lib/roken/strtok_r.c
new file mode 100644
index 0000000..49164d9
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/strtok_r.c
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strtok_r.c,v 1.4 1997/05/19 03:05:47 assar Exp $");
+#endif
+
+#include <string.h>
+
+#include "roken.h"
+
+#ifndef HAVE_STRTOK_R
+
+char *
+strtok_r(char *s1, const char *s2, char **lasts)
+{
+ char *ret;
+
+ if (s1 == NULL)
+ s1 = *lasts;
+ while(*s1 && strchr(s2, *s1))
+ ++s1;
+ if(*s1 == '\0')
+ return NULL;
+ ret = s1;
+ while(*s1 && !strchr(s2, *s1))
+ ++s1;
+ if(*s1)
+ *s1++ = '\0';
+ *lasts = s1;
+ return ret;
+}
+
+#endif /* HAVE_STRTOK_R */
diff --git a/crypto/kerberosIV/lib/roken/strupr.c b/crypto/kerberosIV/lib/roken/strupr.c
new file mode 100644
index 0000000..c5674f7
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/strupr.c
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strupr.c,v 1.3 1997/04/01 08:19:13 joda Exp $");
+#endif
+#include <string.h>
+#include <ctype.h>
+
+#include <roken.h>
+
+#ifndef HAVE_STRUPR
+char *
+strupr(char *str)
+{
+ char *s;
+
+ for(s = str; *s; s++)
+ *s = toupper(*s);
+ return str;
+}
+#endif
diff --git a/crypto/kerberosIV/lib/roken/tm2time.c b/crypto/kerberosIV/lib/roken/tm2time.c
new file mode 100644
index 0000000..f4423ff
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/tm2time.c
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: tm2time.c,v 1.6 1997/04/20 05:51:30 assar Exp $");
+#endif
+
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#include "roken.h"
+
+time_t
+tm2time (struct tm tm, int local)
+{
+ time_t t;
+
+ tm.tm_isdst = -1;
+
+ t = mktime (&tm);
+
+ if (!local)
+ t += t - mktime (gmtime (&t));
+ return t;
+}
diff --git a/crypto/kerberosIV/lib/roken/unsetenv.c b/crypto/kerberosIV/lib/roken/unsetenv.c
new file mode 100644
index 0000000..67fb750
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/unsetenv.c
@@ -0,0 +1,75 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: unsetenv.c,v 1.6 1997/04/01 08:19:14 joda Exp $");
+#endif
+
+#include <stdlib.h>
+#include <string.h>
+
+#include "roken.h"
+
+extern char **environ;
+
+/*
+ * unsetenv --
+ */
+void
+unsetenv(const char *name)
+{
+ int len;
+ const char *np;
+ char **p;
+
+ if (name == 0 || environ == 0)
+ return;
+
+ for (np = name; *np && *np != '='; np++)
+ /* nop */;
+ len = np - name;
+
+ for (p = environ; *p != 0; p++)
+ if (strncmp(*p, name, len) == 0 && (*p)[len] == '=')
+ break;
+
+ for (; *p != 0; p++)
+ *p = *(p + 1);
+}
+
diff --git a/crypto/kerberosIV/lib/roken/verify.c b/crypto/kerberosIV/lib/roken/verify.c
new file mode 100644
index 0000000..65eafcc
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/verify.c
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: verify.c,v 1.12 1997/04/01 08:19:15 joda Exp $");
+#endif
+
+#include <stdio.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_CRYPT_H
+#include <crypt.h>
+#endif
+#include "roken.h"
+
+int
+unix_verify_user(char *user, char *password)
+{
+ struct passwd *pw;
+
+ pw = k_getpwnam(user);
+ if(pw == NULL)
+ return -1;
+ if(strlen(pw->pw_passwd) == 0 && strlen(password) == 0)
+ return 0;
+ if(strcmp(crypt(password, pw->pw_passwd), pw->pw_passwd) == 0)
+ return 0;
+ return -1;
+}
+
diff --git a/crypto/kerberosIV/lib/roken/verr.c b/crypto/kerberosIV/lib/roken/verr.c
new file mode 100644
index 0000000..f5d8f25
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/verr.c
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: verr.c,v 1.6 1997/03/30 08:05:38 joda Exp $");
+#endif
+
+#include "err.h"
+
+void
+verr(int eval, const char *fmt, va_list ap)
+{
+ warnerr(1, eval, 1, fmt, ap);
+}
diff --git a/crypto/kerberosIV/lib/roken/verrx.c b/crypto/kerberosIV/lib/roken/verrx.c
new file mode 100644
index 0000000..bc25aa0
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/verrx.c
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: verrx.c,v 1.6 1997/03/30 08:05:39 joda Exp $");
+#endif
+
+#include "err.h"
+
+void
+verrx(int eval, const char *fmt, va_list ap)
+{
+ warnerr(1, eval, 0, fmt, ap);
+}
diff --git a/crypto/kerberosIV/lib/roken/vwarn.c b/crypto/kerberosIV/lib/roken/vwarn.c
new file mode 100644
index 0000000..144dd08
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/vwarn.c
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: vwarn.c,v 1.6 1997/03/30 08:05:39 joda Exp $");
+#endif
+
+#include "err.h"
+
+void
+vwarn(const char *fmt, va_list ap)
+{
+ warnerr(0, 0, 1, fmt, ap);
+}
diff --git a/crypto/kerberosIV/lib/roken/vwarnx.c b/crypto/kerberosIV/lib/roken/vwarnx.c
new file mode 100644
index 0000000..540c2a6
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/vwarnx.c
@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: vwarnx.c,v 1.6 1997/03/30 08:05:40 joda Exp $");
+#endif
+
+#include "err.h"
+
+void
+vwarnx(const char *fmt, va_list ap)
+{
+ warnerr(0, 0, 0, fmt, ap);
+}
+
diff --git a/crypto/kerberosIV/lib/roken/warn.c b/crypto/kerberosIV/lib/roken/warn.c
new file mode 100644
index 0000000..5af5d8d
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/warn.c
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: warn.c,v 1.5 1997/03/30 08:05:40 joda Exp $");
+#endif
+
+#include "err.h"
+
+void
+warn(const char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ vwarn(fmt, ap);
+ va_end(ap);
+}
diff --git a/crypto/kerberosIV/lib/roken/warnerr.c b/crypto/kerberosIV/lib/roken/warnerr.c
new file mode 100644
index 0000000..61fa26a
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/warnerr.c
@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: warnerr.c,v 1.6 1997/04/02 14:59:54 bg Exp $");
+#endif
+
+#include "roken.h"
+#include "err.h"
+
+#ifndef HAVE___PROGNAME
+const char *__progname;
+#endif
+
+void
+set_progname(char *argv0)
+{
+#ifndef HAVE___PROGNAME
+ char *p;
+ if(argv0 == NULL)
+ return;
+ p = strrchr(argv0, '/');
+ if(p == NULL)
+ p = argv0;
+ else
+ p++;
+ __progname = p;
+#endif
+}
+
+void
+warnerr(int doexit, int eval, int doerrno, const char *fmt, va_list ap)
+{
+ int sverrno = errno;
+ if(__progname != NULL){
+ fprintf(stderr, "%s", __progname);
+ if(fmt != NULL || doerrno)
+ fprintf(stderr, ": ");
+ }
+ if (fmt != NULL){
+ vfprintf(stderr, fmt, ap);
+ if(doerrno)
+ fprintf(stderr, ": ");
+ }
+ if(doerrno)
+ fprintf(stderr, "%s", strerror(sverrno));
+ fprintf(stderr, "\n");
+ if(doexit)
+ exit(eval);
+}
diff --git a/crypto/kerberosIV/lib/roken/warnx.c b/crypto/kerberosIV/lib/roken/warnx.c
new file mode 100644
index 0000000..bf7b076
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/warnx.c
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: warnx.c,v 1.5 1997/03/30 08:05:41 joda Exp $");
+#endif
+
+#include "err.h"
+
+void
+warnx(const char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ vwarnx(fmt, ap);
+ va_end(ap);
+}
diff --git a/crypto/kerberosIV/lib/roken/xdbm.h b/crypto/kerberosIV/lib/roken/xdbm.h
new file mode 100644
index 0000000..c3e4781
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/xdbm.h
@@ -0,0 +1,75 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: xdbm.h,v 1.2 1997/04/01 08:19:16 joda Exp $ */
+
+/* Generic *dbm include file */
+
+#ifndef __XDBM_H__
+#define __XDBM_H__
+
+#ifdef HAVE_NDBM_H
+#include <ndbm.h>
+#elif defined(HAVE_DBM_H)
+#include <dbm.h>
+#elif defined(HAVE_RPCSVC_DBM_H)
+#include <rpcsvc/dbm.h>
+#endif
+
+/* Macros to convert ndbm names to dbm names.
+ * Note that dbm_nextkey() cannot be simply converted using a macro, since
+ * it is invoked giving the database, and nextkey() needs the previous key.
+ *
+ * Instead, all routines call "dbm_next" instead.
+ */
+
+#ifndef NDBM
+typedef char DBM;
+
+#define dbm_open(file, flags, mode) ((dbminit(file) == 0)?"":((char *)0))
+#define dbm_fetch(db, key) fetch(key)
+#define dbm_store(db, key, content, flag) store(key, content)
+#define dbm_delete(db, key) delete(key)
+#define dbm_firstkey(db) firstkey()
+#define dbm_next(db,key) nextkey(key)
+#define dbm_close(db) dbmclose()
+#else
+#define dbm_next(db,key) dbm_nextkey(db)
+#endif
+
+#endif /* __XDBM_H__ */
diff --git a/crypto/kerberosIV/lib/sl/Makefile.in b/crypto/kerberosIV/lib/sl/Makefile.in
new file mode 100644
index 0000000..b89799b
--- /dev/null
+++ b/crypto/kerberosIV/lib/sl/Makefile.in
@@ -0,0 +1,84 @@
+#
+# $Id: Makefile.in,v 1.8 1997/05/06 03:47:56 assar Exp $
+#
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+CC = @CC@
+AR = ar
+RANLIB = @RANLIB@
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@
+
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+
+PICFLAGS = @PICFLAGS@
+
+LIBNAME = $(LIBPREFIX)sl
+LIBEXT = @LIBEXT@
+SHLIBEXT = @SHLIBEXT@
+LIBPREFIX = @LIBPREFIX@
+LDSHARED = @LDSHARED@
+LIB = $(LIBNAME).$(LIBEXT)
+PROGS =
+
+LIB_SOURCES = sl.c
+
+SOURCES = $(LIB_SOURCES)
+
+LIB_OBJECTS = sl.o
+
+OBJECTS = $(LIB_OBJECTS)
+
+all: $(LIB) $(PROGS)
+
+Wall:
+ make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+ $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) -I$(srcdir)/../des $(CFLAGS) $(PICFLAGS) $<
+
+install: all
+ $(MKINSTALLDIRS) $(libdir)
+ $(INSTALL_DATA) -m 0555 $(LIB) $(libdir)
+
+uninstall:
+ rm -f $(libdir)/$(LIB)
+
+TAGS: $(SOURCES)
+ etags $(SOURCES)
+
+check:
+
+clean:
+ rm -f $(LIB) $(PROGS) *.o *.a
+
+mostlyclean: clean
+
+distclean: clean
+ rm -f Makefile *~
+
+realclean: distclean
+ rm -f TAGS
+
+$(LIBNAME).a: $(LIB_OBJECTS)
+ rm -f $@
+ $(AR) cr $@ $(LIB_OBJECTS)
+ -$(RANLIB) $@
+
+$(LIBNAME).$(SHLIBEXT): $(LIB_OBJECTS)
+ rm -f $@
+ $(LDSHARED) -o $@ $(LIB_OBJECTS)
+
+$(OBJECTS): ../../include/config.h
+
+.PHONY: all install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/lib/sl/sl.c b/crypto/kerberosIV/lib/sl/sl.c
new file mode 100644
index 0000000..adf71f5
--- /dev/null
+++ b/crypto/kerberosIV/lib/sl/sl.c
@@ -0,0 +1,190 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: sl.c,v 1.12 1997/06/01 03:15:07 assar Exp $");
+#endif
+
+#include "sl_locl.h"
+
+static SL_cmd *
+sl_match (SL_cmd *cmds, char *cmd, int exactp)
+{
+ SL_cmd *c, *current = NULL, *partial_cmd = NULL;
+ int partial_match = 0;
+
+ for (c = cmds; c->name; ++c) {
+ if (c->func)
+ current = c;
+ if (strcmp (cmd, c->name) == 0)
+ return current;
+ else if (strncmp (cmd, c->name, strlen(cmd)) == 0 &&
+ partial_cmd != current) {
+ ++partial_match;
+ partial_cmd = current;
+ }
+ }
+ if (partial_match == 1 && !exactp)
+ return partial_cmd;
+ else
+ return NULL;
+}
+
+void
+sl_help (SL_cmd *cmds, int argc, char **argv)
+{
+ SL_cmd *c, *prev_c;
+
+ if (argc == 1) {
+ prev_c = NULL;
+ for (c = cmds; c->name; ++c) {
+ if (c->func) {
+ if(prev_c)
+ printf ("\n\t%s%s", prev_c->usage ? prev_c->usage : "",
+ prev_c->usage ? "\n" : "");
+ prev_c = c;
+ printf ("%s", c->name);
+ } else
+ printf (", %s", c->name);
+ }
+ if(prev_c)
+ printf ("\n\t%s%s", prev_c->usage ? prev_c->usage : "",
+ prev_c->usage ? "\n" : "");
+ } else {
+ c = sl_match (cmds, argv[1], 0);
+ if (c == NULL)
+ printf ("No such command: %s. Try \"help\" for a list of all commands\n",
+ argv[1]);
+ else {
+ printf ("%s\t%s", c->name, c->usage);
+ if((++c)->name && c->func == NULL) {
+ printf ("\nSynonyms:");
+ while (c->name && c->func == NULL)
+ printf ("\t%s", (c++)->name);
+ }
+ printf ("\n");
+ }
+ }
+}
+
+#ifdef HAVE_READLINE
+
+char *readline(char *prompt);
+void add_history(char *p);
+
+#else
+
+static char *
+readline(char *prompt)
+{
+ char buf[BUFSIZ];
+ printf ("%s", prompt);
+ fflush (stdout);
+ if(fgets(buf, sizeof(buf), stdin) == NULL)
+ return NULL;
+ if (buf[strlen(buf) - 1] == '\n')
+ buf[strlen(buf) - 1] = '\0';
+ return strdup(buf);
+}
+
+static void
+add_history(char *p)
+{
+}
+
+#endif
+
+int
+sl_loop (SL_cmd *cmds, char *prompt)
+{
+ unsigned max_count;
+ char **ptr;
+
+ max_count = 17;
+ ptr = malloc(max_count * sizeof(*ptr));
+ if (ptr == NULL) {
+ printf ("sl_loop: failed to allocate %u bytes of memory\n",
+ (int) max_count * sizeof(*ptr));
+ return -1;
+ }
+
+ for (;;) {
+ char *buf;
+ unsigned count;
+ SL_cmd *c;
+
+ buf = readline(prompt);
+ if(buf == NULL)
+ break;
+
+ if(*buf)
+ add_history(buf);
+ count = 0;
+ {
+ char *foo = NULL;
+ char *p;
+
+ for(p = strtok_r (buf, " \t", &foo);
+ p;
+ p = strtok_r (NULL, " \t", &foo)) {
+ if(count == max_count) {
+ max_count *= 2;
+ ptr = realloc (ptr, max_count * sizeof(*ptr));
+ if (ptr == NULL) {
+ printf ("sl_loop: failed to allocate %u "
+ "bytes of memory\n",
+ (unsigned) max_count * sizeof(*ptr));
+ return -1;
+ }
+ }
+ ptr[count++] = p;
+ }
+ }
+ if (count > 0) {
+ c = sl_match (cmds, ptr[0], 0);
+ if (c)
+ (*c->func)(count, ptr);
+ else
+ printf ("Unrecognized command: %s\n", ptr[0]);
+ }
+ free(buf);
+ }
+ free (ptr);
+ return 0;
+}
diff --git a/crypto/kerberosIV/lib/sl/sl.h b/crypto/kerberosIV/lib/sl/sl.h
new file mode 100644
index 0000000..158e590
--- /dev/null
+++ b/crypto/kerberosIV/lib/sl/sl.h
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: sl.h,v 1.2 1997/04/01 08:19:18 joda Exp $ */
+
+#ifndef _SL_H
+#define _SL_H
+
+typedef void (*cmd_func)(int, char **);
+
+struct sl_cmd {
+ char *name;
+ cmd_func func;
+ char *usage;
+ char *help;
+};
+
+typedef struct sl_cmd SL_cmd;
+
+void sl_help (SL_cmd *, int argc, char **argv);
+int sl_loop (SL_cmd *, char *prompt);
+
+#endif /* _SL_H */
diff --git a/crypto/kerberosIV/lib/sl/sl_locl.h b/crypto/kerberosIV/lib/sl/sl_locl.h
new file mode 100644
index 0000000..ddf25bb
--- /dev/null
+++ b/crypto/kerberosIV/lib/sl/sl_locl.h
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: sl_locl.h,v 1.3 1997/04/01 08:19:18 joda Exp $ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <roken.h>
+#include <protos.h>
+
+#include <sl.h>
diff --git a/crypto/kerberosIV/man/Makefile.in b/crypto/kerberosIV/man/Makefile.in
new file mode 100644
index 0000000..a1b6e74
--- /dev/null
+++ b/crypto/kerberosIV/man/Makefile.in
@@ -0,0 +1,95 @@
+# Makefile.in,v 1.2 1994/05/13 05:02:46 assar Exp
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+SHELL = /bin/sh
+
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+mandir = @mandir@
+transform=@program_transform_name@
+EXECSUFFIX=@EXECSUFFIX@
+
+MANRX = .*\.\([0-9]\)
+CATRX = \(.*\)\.cat\([0-9]\)
+CATSUFFIX=@CATSUFFIX@
+
+MAN1 = afslog.1 kauth.1 ftp.1 kdestroy.1 kinit.1 kpasswd.1 \
+ login.1 rlogin.1 su.1 kerberos.1 klist.1 ksrvtgt.1 pagsh.1 \
+ rcp.1 rsh.1 telnet.1 kx.1 rxterm.1 rxtelnet.1 tenletxr.1 \
+ des.1 movemail.1 \
+ otp.1 otpprint.1
+
+CAT1 = afslog.cat1 kauth.cat1 ftp.cat1 login.cat1 \
+ pagsh.cat1 rcp.cat1 rlogin.cat1 rsh.cat1 su.cat1 telnet.cat1 kx.cat1 \
+ rxterm.cat1 rxtelnet.cat1 tenletxr.cat1 movemail.cat1 \
+ otp.cat1 otpprint.cat1
+
+MAN3 = acl_check.3 kafs.3 kerberos.3 krb_set_tkt_string.3 des_crypt.3 \
+ krb_realmofhost.3 kuserok.3 getusershell.3 krb_sendauth.3 \
+ tf_util.3
+
+CAT3 = getusershell.cat3 kafs.cat3
+
+MAN5 = krb.conf.5 krb.realms.5 krb.equiv.5 login.access.5 ftpusers.5
+
+CAT5 = login.access.cat5 krb.equiv.cat5 ftpusers.cat5
+
+MAN8 = ext_srvtab.8 kdb_destroy.8 kdb_util.8 ksrvutil.8 telnetd.8 rlogind.8 \
+ kadmin.8 kdb_edit.8 kstash.8 kadmind.8 kdb_init.8 rshd.8 kauthd.8 \
+ popper.8 kxd.8 kerberos.8
+
+CAT8 = ftpd.cat8 rshd.cat8 telnetd.cat8 ksrvutil.cat8 rlogind.cat8 \
+ kauthd.cat8 kprop.cat8 kpropd.cat8 kxd.cat8 kerberos.cat8
+
+all:
+
+cat: $(CAT1) $(CAT3) $(CAT5) $(CAT8)
+
+%.cat1: %.1
+ `grog -Tascii $<` > $@
+%.cat3: %.3
+ `grog -Tascii $<` > $@
+%.cat5: %.5
+ `grog -Tascii $<` > $@
+%.cat8: %.8
+ `grog -Tascii $<` > $@
+
+
+Wall:
+
+install: all
+ for x in man1 man3 man5 man8 cat1 cat3 cat5 cat8; do \
+ $(MKINSTALLDIRS) $(mandir)/$$x; done
+ (cd $(srcdir); \
+ for x in $(MAN1) $(MAN3) $(MAN5) $(MAN8); do \
+ s=`echo $$x | sed 's!$(MANRX)!\1!'` ; \
+ $(INSTALL_DATA) $$x $(mandir)/man$$s; done ;\
+ for x in $(CAT1) $(CAT3) $(CAT5) $(CAT8); do \
+ s=`echo $$x | sed 's!$(CATRX)!\2!'`; \
+ b=`echo $$x | sed 's!$(CATRX)!\1!'`; \
+ $(INSTALL_DATA) $$x $(mandir)/cat$$s/$$b.$(CATSUFFIX);\
+ done )
+
+uninstall:
+ for x in $(MAN1) $(MAN3) $(MAN5) $(MAN8); do \
+ s=`echo $$x | sed 's!$(MANRX)!\1!'` ; \
+ rm -f $(mandir)/man$$s/$$x; done
+ for x in $(CAT1) $(CAT3) $(CAT5) $(CAT8); do \
+ s=`echo $$x | sed 's!$(CATRX)!\2!'`; \
+ b=`echo $$x | sed 's!$(CATRX)!\1!'`; \
+ rm -f $(mandir)/cat$$s/$$b.$(CATSUFFIX); done
+
+clean:
+
+mostlyclean: clean
+
+distclean:
+ rm -f Makefile *~
+
+realclean:
+
diff --git a/crypto/kerberosIV/man/acl_check.3 b/crypto/kerberosIV/man/acl_check.3
new file mode 100644
index 0000000..53bb7c8
--- /dev/null
+++ b/crypto/kerberosIV/man/acl_check.3
@@ -0,0 +1,182 @@
+.\" $Id: acl_check.3,v 1.2 1996/06/12 21:29:08 bg Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH ACL_CHECK 3 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+acl_canonicalize_principal, acl_check, acl_exact_match, acl_add,
+acl_delete, acl_initialize \- Access control list routines
+.SH SYNOPSIS
+.nf
+.nj
+.ft B
+cc <files> \-lacl \-lkrb
+.PP
+.ft B
+#include <krb.h>
+.PP
+.ft B
+acl_canonicalize_principal(principal, buf)
+char *principal;
+char *buf;
+.PP
+.ft B
+acl_check(acl, principal)
+char *acl;
+char *principal;
+.PP
+.ft B
+acl_exact_match(acl, principal)
+char *acl;
+char *principal;
+.PP
+.ft B
+acl_add(acl, principal)
+char *acl;
+char *principal;
+.PP
+.ft B
+acl_delete(acl, principal)
+char *acl;
+char *principal;
+.PP
+.ft B
+acl_initialize(acl_file, mode)
+char *acl_file;
+int mode;
+.fi
+.ft R
+.SH DESCRIPTION
+.SS Introduction
+.PP
+An access control list (ACL) is a list of principals, where each
+principal is represented by a text string which cannot contain
+whitespace. The library allows application programs to refer to named
+access control lists to test membership and to atomically add and
+delete principals using a natural and intuitive interface. At
+present, the names of access control lists are required to be Unix
+filenames, and refer to human-readable Unix files; in the future, when
+a networked ACL server is implemented, the names may refer to a
+different namespace specific to the ACL service.
+.PP
+.SS Principal Names
+.PP
+Principal names have the form
+.nf
+.in +5n
+<name>[.<instance>][@<realm>]
+.in -5n
+e.g.:
+.in +5n
+asp
+asp.root
+asp@ATHENA.MIT.EDU
+asp.@ATHENA.MIT.EDU
+asp.root@ATHENA.MIT.EDU
+.in -5n
+.fi
+It is possible for principals to be underspecified. If an instance is
+missing, it is assumed to be "". If realm is missing, it is assumed
+to be the local realm as determined by
+.IR krb_get_lrealm (3).
+The canonical form contains all of name, instance,
+and realm; the acl_add and acl_delete routines will always
+leave the file in that form. Note that the canonical form of
+asp@ATHENA.MIT.EDU is actually asp.@ATHENA.MIT.EDU.
+.SS Routines
+.PP
+.I acl_canonicalize_principal
+stores the canonical form of
+.I principal
+in
+.IR buf .
+.I Buf
+must contain enough
+space to store a principal, given the limits on the sizes of name,
+instance, and realm specified as ANAME_SZ, INST_SZ, and REALM_SZ,
+respectively, in
+.IR /usr/include/krb.h .
+.PP
+.I acl_check
+returns nonzero if
+.I principal
+appears in
+.IR acl .
+Returns 0 if principal
+does not appear in acl, or if an error occurs. Canonicalizes
+principal before checking, and allows the ACL to contain wildcards. The
+only supported wildcards are entries of the form
+name.*@realm, *.*@realm, and *.*@*. An asterisk matches any value for the
+its component field. For example, "jtkohl.*@*" would match principal
+jtkohl, with any instance and any realm.
+.PP
+.I acl_exact_match
+performs like
+.IR acl_check ,
+but does no canonicalization or wildcard matching.
+.PP
+.I acl_add
+atomically adds
+.I principal
+to
+.IR acl .
+Returns 0 if successful, nonzero otherwise. It is considered a failure
+if
+.I principal
+is already in
+.IR acl .
+This routine will canonicalize
+.IR principal ,
+but will treat wildcards literally.
+.PP
+.I acl_delete
+atomically deletes
+.I principal
+from
+.IR acl .
+Returns 0 if successful,
+nonzero otherwise. It is considered a failure if
+.I principal
+is not
+already in
+.IR acl .
+This routine will canonicalize
+.IR principal ,
+but will treat wildcards literally.
+.PP
+.I acl_initialize
+initializes
+.IR acl_file .
+If the file
+.I acl_file
+does not exist,
+.I acl_initialize
+creates it with mode
+.IR mode .
+If the file
+.I acl_file
+exists,
+.I acl_initialize
+removes all members. Returns 0 if successful,
+nonzero otherwise. WARNING: Mode argument is likely to change with
+the eventual introduction of an ACL service.
+.SH NOTES
+In the presence of concurrency, there is a very small chance that
+.I acl_add
+or
+.I acl_delete
+could report success even though it would have
+had no effect. This is a necessary side effect of using lock files
+for concurrency control rather than flock(2), which is not supported
+by NFS.
+.PP
+The current implementation caches ACLs in memory in a hash-table
+format for increased efficiency in checking membership; one effect of
+the caching scheme is that one file descriptor will be kept open for
+each ACL cached, up to a maximum of 8.
+.SH SEE ALSO
+kerberos(3), krb_get_lrealm(3)
+.SH AUTHOR
+James Aspnes (MIT Project Athena)
diff --git a/crypto/kerberosIV/man/ext_srvtab.8 b/crypto/kerberosIV/man/ext_srvtab.8
new file mode 100644
index 0000000..4f2c120
--- /dev/null
+++ b/crypto/kerberosIV/man/ext_srvtab.8
@@ -0,0 +1,62 @@
+.\" $Id: ext_srvtab.8,v 1.3 1997/04/02 21:09:51 assar Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH EXT_SRVTAB 8 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+ext_srvtab \- extract service key files from Kerberos key distribution center database
+.SH SYNOPSIS
+ext_srvtab [
+.B \-n
+] [
+.B \-r realm
+] [
+.B hostname ...
+]
+.SH DESCRIPTION
+.I ext_srvtab
+extracts service key files from the Kerberos key distribution center
+(KDC) database.
+.PP
+Upon execution, it prompts the user to enter the master key string for
+the database. If the
+.B \-n
+option is specified, the master key is instead fetched from the master
+key cache file.
+.PP
+For each
+.I hostname
+specified on the command line,
+.I ext_srvtab
+creates the service key file
+.IR hostname -new-srvtab,
+containing all the entries in the database with an instance field of
+.I hostname.
+This new file contains all the keys registered for Kerberos-mediated
+service providing programs which use the
+.IR krb_get_phost (3)
+principal and instance conventions to run on the host
+.IR hostname .
+If the
+.B \-r
+option is specified, the realm fields in the extracted file will
+match the given realm rather than the local realm.
+.SH DIAGNOSTICS
+.TP 20n
+"verify_master_key: Invalid master key, does not match database."
+The master key string entered was incorrect.
+.SH FILES
+.TP 20n
+.IR hostname -new-srvtab
+Service key file generated for
+.I hostname
+.TP
+/var/kerberos/principal.pag, /var/kerberos/principal.dir
+DBM files containing database
+.TP
+/.k
+Master key cache file.
+.SH SEE ALSO
+read_service_key(3), krb_get_phost(3)
diff --git a/crypto/kerberosIV/man/getusershell.3 b/crypto/kerberosIV/man/getusershell.3
new file mode 100644
index 0000000..84dc3ad
--- /dev/null
+++ b/crypto/kerberosIV/man/getusershell.3
@@ -0,0 +1,99 @@
+.\" $NetBSD: getusershell.3,v 1.3 1995/02/27 04:13:24 cgd Exp $
+.\"
+.\" Copyright (c) 1985, 1991, 1993
+.\" The Regents of the University of California. All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\" must display the following acknowledgement:
+.\" This product includes software developed by the University of
+.\" California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" @(#)getusershell.3 8.1 (Berkeley) 6/4/93
+.\"
+.Dd June 4, 1993
+.Dt GETUSERSHELL 3
+.Os BSD 4.3
+.Sh NAME
+.Nm getusershell ,
+.Nm setusershell ,
+.Nm endusershell
+.Nd get legal user shells
+.Sh SYNOPSIS
+.Ft char *
+.Fn getusershell void
+.Ft void
+.Fn setusershell void
+.Ft void
+.Fn endusershell void
+.Sh DESCRIPTION
+The
+.Fn getusershell
+function
+returns a pointer to a legal user shell as defined by the
+system manager in the file
+.Pa /etc/shells .
+If
+.Pa /etc/shells
+is unreadable or does not exist,
+.Fn getusershell
+behaves as if
+.Pa /bin/sh
+and
+.Pa /bin/csh
+were listed in the file.
+.Pp
+The
+.Fn getusershell
+function
+reads the next
+line (opening the file if necessary);
+.Fn setusershell
+rewinds the file;
+.Fn endusershell
+closes it.
+.Sh FILES
+.Bl -tag -width /etc/shells -compact
+.It Pa /etc/shells
+.El
+.Sh DIAGNOSTICS
+The routine
+.Fn getusershell
+returns a null pointer (0) on
+.Dv EOF .
+.Sh SEE ALSO
+.Xr shells 5
+.Sh HISTORY
+The
+.Fn getusershell
+function appeared in
+.Bx 4.3 .
+.Sh BUGS
+The
+.Fn getusershell
+function leaves its result in an internal static object and returns
+a pointer to that object. Subsequent calls to
+.Fn getusershell
+will modify the same object.
diff --git a/crypto/kerberosIV/man/kadmin.8 b/crypto/kerberosIV/man/kadmin.8
new file mode 100644
index 0000000..3139b25
--- /dev/null
+++ b/crypto/kerberosIV/man/kadmin.8
@@ -0,0 +1,176 @@
+.\" $Id: kadmin.8,v 1.4 1997/04/02 21:09:53 assar Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KADMIN 8 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+kadmin \- network utility for Kerberos database administration
+.SH SYNOPSIS
+.B kadmin [-u user] [-r default_realm] [-m] [-t]
+.SH DESCRIPTION
+This utility provides a unified administration interface to
+the
+Kerberos
+master database.
+Kerberos
+administrators
+use
+.I kadmin
+to register new users and services to the master database,
+and to change information about existing database entries.
+For instance, an administrator can use
+.I kadmin
+to change a user's
+Kerberos
+password.
+A Kerberos administrator is a user with an ``admin'' instance
+whose name appears on one of the Kerberos administration access control
+lists. If the \-u option is used,
+.I user
+will be used as the administrator instead of the local user.
+If the \-r option is used,
+.I default_realm
+will be used as the default realm for transactions. Otherwise,
+the local realm will be used by default.
+If the \-m option is used, multiple requests will be permitted
+on only one entry of the admin password. Some sites won't
+support this option. The \-t option is used to tell kadmin to use the
+existing ticket file instead of creating a new one.
+
+The
+.I kadmin
+program communicates over the network with the
+.I kadmind
+program, which runs on the machine housing the Kerberos master
+database.
+The
+.I kadmind
+creates new entries and makes modifications to the database.
+
+When you enter the
+.I kadmin
+command,
+the program displays a message that welcomes you and explains
+how to ask for help.
+Then
+.I kadmin
+waits for you to enter commands (which are described below).
+It then asks you for your
+.I admin
+password before accessing the database.
+
+All commands can be abbreviated as long as they are unique. Some
+short versions of the commands are also recognized for backwards
+compatibility.
+
+Use the
+.I add_new_key
+(or
+.I ank
+for short)
+command to register a new principal
+with the master database.
+The command requires one argument,
+the principal's name. The name
+given can be fully qualified using
+the standard
+.I name.instance@realm
+convention.
+You are asked to enter your
+.I admin
+password,
+then prompted twice to enter the principal's
+new password. If no realm is specified,
+the local realm is used unless another was
+given on the commandline with the \-r flag.
+If no instance is
+specified, a null instance is used. If
+a realm other than the default realm is specified,
+you will need to supply your admin password for
+the other realm.
+
+Use the
+.I change_password (cpw)
+to change a principal's
+Kerberos
+password.
+The command requires one argument,
+the principal's
+name.
+You are asked to enter your
+.I admin
+password,
+then prompted twice to enter the principal's new password.
+The name
+given can be fully qualified using
+the standard
+.I name.instance@realm
+convention.
+
+Use the
+.I change_key (ckey)
+if you have a need to change the raw key of a particular principal.
+In other words, if you do not want to input a DES key instead of a
+password that will get converted into a DES key.
+
+Use the
+.I change_admin_password (cap)
+to change your
+.I admin
+instance password.
+This command requires no arguments.
+It prompts you for your old
+.I admin
+password, then prompts you twice to enter the new
+.I admin
+password. If this is your first command,
+the default realm is used. Otherwise, the realm
+used in the last command is used.
+
+Use the
+.I del_entry (del)
+to remove an entry from the kerberos database.
+
+Use the
+.I mod_entry (mod)
+to modify a particular entry, for example to change the expire date.
+
+Use the
+.I destroy_tickets (dest)
+command to destroy your admin tickets explicitly.
+
+Use the
+.I list_requests (lr)
+command to get a list of possible commands.
+
+Use the
+.I help
+command to display
+.IR kadmin's
+various help messages.
+If entered without an argument,
+.I help
+displays a general help message.
+You can get detailed information on specific
+.I kadmin
+commands
+by entering
+.I help
+.IR command_name .
+
+To quit the program, type
+.IR quit .
+
+.SH BUGS
+The user interface is primitive, and the command names could be better.
+
+.SH "SEE ALSO"
+kerberos(1), kadmind(8), kpasswd(1), ksrvutil(8)
+.br
+``A Subsystem Utilities Package for UNIX'' by Ken Raeburn
+.SH AUTHORS
+Jeffrey I. Schiller, MIT Project Athena
+.br
+Emanuel Jay Berkenbilt, MIT Project Athena
diff --git a/crypto/kerberosIV/man/kadmind.8 b/crypto/kerberosIV/man/kadmind.8
new file mode 100644
index 0000000..477511b
--- /dev/null
+++ b/crypto/kerberosIV/man/kadmind.8
@@ -0,0 +1,125 @@
+.\" $Id: kadmind.8,v 1.4 1997/04/02 21:09:53 assar Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KADMIND 8 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+kadmind \- network daemon for Kerberos database administration
+.SH SYNOPSIS
+.B kadmind
+[
+.B \-n
+] [
+.B \-m
+] [
+.B \-h
+] [
+.B \-r realm
+] [
+.B \-f filename
+] [
+.B \-d dbname
+] [
+.B \-a acldir
+]
+.SH DESCRIPTION
+.I kadmind
+is the network database server for the Kerberos password-changing and
+administration tools.
+.PP
+Upon execution, it fetches the master key from the key cache file.
+.PP
+If the
+.B \-m
+option is specified, it instead prompts the user to enter the master
+key string for the database.
+.PP
+The
+.B \-n
+option is a no-op and is left for compatibility reasons.
+.PP
+If the
+.B \-r
+.I realm
+option is specified, the admin server will pretend that its
+local realm is
+.I realm
+instead of the actual local realm of the host it is running on.
+This makes it possible to run a server for a foreign kerberos
+realm.
+.PP
+If the
+.B \-f
+.I filename
+option is specified, then that file is used to hold the log information
+instead of the default.
+.PP
+If the
+.B \-d
+.I dbname
+option is specified, then that file is used as the database name instead
+of the default.
+.PP
+If the
+.B \-a
+.I acldir
+option is specified, then
+.I acldir
+is used as the directory in which to search for access control lists
+instead of the default.
+.PP
+If the
+.B \-h
+option is specified,
+.I kadmind
+prints out a short summary of the permissible control arguments, and
+then exits.
+.PP
+When performing requests on behalf of clients,
+.I kadmind
+checks access control lists (ACLs) to determine the authorization of the client
+to perform the requested action.
+Currently four distinct access types are supported:
+.TP 1i
+Addition
+(.add ACL file). If a principal is on this list, it may add new
+principals to the database.
+.TP
+Retrieval
+(.get ACL file). If a principal is on this list, it may retrieve
+database entries. NOTE: A principal's private key is never returned by
+the get functions.
+.TP
+Modification
+(.mod ACL file). If a principal is on this list, it may modify entries
+in the database.
+.TP
+Deletions
+(.del ACL file). If a principal is on this list, if may delete
+entries from the database.
+.PP
+A principal is always granted authorization to change its own password.
+.SH FILES
+.TP 20n
+/kerberos/admin_server.syslog
+Default log file.
+.TP
+/kerberos
+Default access control list directory.
+.TP
+admin_acl.{add,get,mod}
+Access control list files (within the directory)
+.TP
+/kerberos/principal.pag, /kerberos/principal.dir
+Default DBM files containing database
+.TP
+/.k
+Master key cache file.
+.SH "SEE ALSO"
+kerberos(1), kpasswd(1), kadmin(8), acl_check(3)
+.SH AUTHORS
+Douglas A. Church, MIT Project Athena
+.br
+John T. Kohl, Project Athena/Digital Equipment Corporation
diff --git a/crypto/kerberosIV/man/kafs.3 b/crypto/kerberosIV/man/kafs.3
new file mode 100644
index 0000000..041fd23
--- /dev/null
+++ b/crypto/kerberosIV/man/kafs.3
@@ -0,0 +1,122 @@
+.\" $Id: kafs.3,v 1.1 1997/05/07 21:49:02 joda Exp $
+.\"
+.Dd May 7, 1997
+.Os KTH-KRB
+.Dt KAFS 3
+.Sh NAME
+.Nm k_hasafs ,
+.Nm k_afsklog ,
+.Nm k_afsklog_uid ,
+.Nm k_pioctl ,
+.Nm k_unlog ,
+.Nm k_setpag ,
+.Nm k_afs_cell_of_file
+.Nd AFS library
+.Sh SYNOPSIS
+.Fd #include <kafs.h>
+.Ft int
+.Fn k_afsklog "char *cell" "char *realm"
+.Ft int
+.Fn k_afsklog_uid "char *cell" "char *realm" "uid_t uid"
+.Ft int
+.Fn k_afs_cell_of_file "const char *path" "char *cell" "int len"
+.Ft int
+.Fn k_hasafs
+.Ft int
+.Fn k_pioctl "char *a_path" "int o_opcode" "struct ViceIoctl *a_paramsP" "int a_followSymlinks"
+.Ft int
+.Fn k_setpag
+.Ft int
+.Fn k_unlog
+.Sh DESCRIPTION
+.Fn k_hasafs
+initializes some library internal structures, and tests for the
+presense of AFS in the kernel, none of the other functions should be
+called before
+.Fn k_hasafs
+is called, or if it fails.
+
+.Fn k_afsklog ,
+and
+.Fn k_afsklog_uid
+obtains new tokens (and possibly tickets) for the specified
+.Fa cell
+and
+.Fa realm .
+If
+.Fa cell
+is
+.Dv NULL ,
+the local cell is used. If
+.Fa realm
+is
+.Dv NULL ,
+the function tries to guess what realm to use. Unless you have some good knowledge of what cell or realm to use, you should pass
+.Dv NULL .
+.Fn k_afsklog
+will use the real user-id for the
+.Dv ViceId
+field in the token,
+.Fn k_afsklog_uid
+will use
+.Fa uid .
+
+.Fn k_afs_cell_of_file
+will in
+.Fa cell
+return the cell of a specified file, no more than
+.Fa len
+characters is put in
+.Fa cell .
+
+.Fn k_pioctl
+does a
+.Fn pioctl
+syscall with the specified arguments. This function is equivalent to
+.Fn lpioctl .
+
+.Fn k_setpag
+initializes a new PAG.
+
+.Fn k_unlog
+removes destroys all tokens in the current PAG.
+
+.Sh RETURN VALUES
+.Fn k_hasafs
+returns 1 if AFS is present in the kernel, 0 otherwise.
+.Fn k_afsklog
+and
+.Fn k_afsklog_uid
+returns 0 on success, or a kerberos error number on failure.
+.Fn k_afs_cell_of_file ,
+.Fn k_pioctl ,
+.Fn k_setpag ,
+and
+.Fn k_unlog
+all return the value of the underlaying system call, 0 on success.
+.Sh EXAMPLES
+The following code from
+.Nm login
+will obtain a new PAG and tokens for the local cell and the cell of
+the users home directory.
+.Bd -literal
+if (k_hasafs()) {
+ char cell[64];
+ k_setpag();
+ if(k_afs_cell_of_file(pwd->pw_dir, cell, sizeof(cell)) == 0)
+ k_afsklog(cell, 0);
+ k_afsklog(0, 0);
+}
+.Ed
+.Sh ERRORS
+If any of these functions (appart from
+.Fn k_hasafs )
+is called without AFS beeing present in the kernel, the process will
+usually (depending on the operating system) receive a SIGSYS signal.
+.Sh SEE ALSO
+.Rs
+.%A Transarc Corporation
+.%J AFS-3 Programmer's Reference
+.%T File Server/Cache Manager Interface
+.%D 1991
+.Re \ No newline at end of file
diff --git a/crypto/kerberosIV/man/kauth.1 b/crypto/kerberosIV/man/kauth.1
new file mode 100644
index 0000000..cc71b29
--- /dev/null
+++ b/crypto/kerberosIV/man/kauth.1
@@ -0,0 +1,65 @@
+.\" $Id: kauth.1,v 1.1 1996/05/04 01:49:34 d91-jda Exp $
+.\"
+.Dd May 4, 1996
+.Dt KAUTH 1
+.Os KTH-KRB
+.Sh NAME
+.Nm kauth
+.Nd
+overworked Kerberos login program
+.Sh SYNOPSIS
+.Nm
+.Op Fl n Ar name
+.Op Fl r Ar remote user
+.Op Fl t Pa remote ticket file
+.Op Fl h Ar hosts...
+.Op Fl l Ar lifetime
+.Op Fl f Pa srvtab
+.Op Fl c Ar cell
+.Op Ar command ...
+.Sh DESCRIPTION
+The
+.Nm
+command obtains ticket granting tickets as well as AFS ticket and
+tokens. It also does a whole lot of other stuff.
+.Pp
+The following flags are supported:
+.Bl -tag -width xxxx
+.It Fl n
+Principal to get tickets for. If no other arguments are present this
+can be given without the
+.Fl n
+flag.
+.It Fl h
+Remote hosts to obtain tickets for. This works similar to the MIT
+Athena Kerberos 4 patchlevel 10 command
+.Xr rkinit 1 ,
+however not in a compatible way. It requires that the remote host runs
+the
+.Xr kauthd 8 ,
+server. The
+.Fl r
+and
+.Fl t
+flags are useful only with this option.
+.It Fl r
+User on the remote host that should own the ticket file.
+.It Fl t
+Ticket file on remote host.
+.It Fl l
+Lifetime of tickets i minutes
+.It Fl f
+Srvtab to get service keys from. Default is
+.Pa /etc/srvtab .
+This is mainly used with batch services that need to run
+authenticated. If any command is given, it will be executed in an
+authenticated fashion and when the program exits the tickets are
+destroyed. For long running jobs the tickets will be renewed.
+.It Fl c
+AFS cell to get tokens for, default is your local cell.
+.El
+.Sh SEE ALSO
+.Xr kinit 1 ,
+.Xr kauthd 8
+.Sh BUGS
+There is no help-switch.
diff --git a/crypto/kerberosIV/man/kauthd.8 b/crypto/kerberosIV/man/kauthd.8
new file mode 100644
index 0000000..4978ff2
--- /dev/null
+++ b/crypto/kerberosIV/man/kauthd.8
@@ -0,0 +1,27 @@
+.\" $Id: kauthd.8,v 1.2 1996/09/28 22:04:48 assar Exp $
+.\"
+.Dd September 27, 1996
+.Dt KAUTHD 8
+.Os KTH-KRB
+.Sh NAME
+.Nm kauthd
+.Nd
+remote Kerberos login daemon
+.Sh SYNOPSIS
+.Nm
+.Sh DESCRIPTION
+Daemon for the
+.Xr kauth 1
+command.
+.Pp
+Options supported by
+.Nm kauthd :
+.Bl -tag -width Ds
+.It Fl i
+Interactive. Do not expect to be started by
+.Nm inetd,
+but allocate and listen to the socket yourself. Handy for testing
+and debugging.
+.El
+.Sh SEE ALSO
+.Xr kauth 1
diff --git a/crypto/kerberosIV/man/kdb_destroy.8 b/crypto/kerberosIV/man/kdb_destroy.8
new file mode 100644
index 0000000..c6e4739
--- /dev/null
+++ b/crypto/kerberosIV/man/kdb_destroy.8
@@ -0,0 +1,32 @@
+.\" $Id: kdb_destroy.8,v 1.3 1997/04/02 21:09:54 assar Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KDB_DESTROY 8 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+kdb_destroy \- destroy Kerberos key distribution center database
+.SH SYNOPSIS
+kdb_destroy
+.SH DESCRIPTION
+.I kdb_destroy
+deletes a Kerberos key distribution center database.
+.PP
+The user is prompted to verify that the database should be destroyed. A
+response beginning with `y' or `Y' confirms deletion.
+Any other response aborts deletion.
+.SH DIAGNOSTICS
+.TP 20n
+"Database cannot be deleted at /var/kerberos/principal"
+The attempt to delete the database failed (probably due to a system or
+access permission error).
+.TP
+"Database not deleted."
+The user aborted the deletion.
+.SH FILES
+.TP 20n
+/var/kerberos/principal.pag, /var/kerberos/principal.dir
+DBM files containing database
+.SH SEE ALSO
+kdb_init(8)
diff --git a/crypto/kerberosIV/man/kdb_edit.8 b/crypto/kerberosIV/man/kdb_edit.8
new file mode 100644
index 0000000..14f7e92
--- /dev/null
+++ b/crypto/kerberosIV/man/kdb_edit.8
@@ -0,0 +1,54 @@
+.\" $Id: kdb_edit.8,v 1.3 1997/04/02 21:09:54 assar Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KDB_EDIT 8 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+kdb_edit \- Kerberos key distribution center database editing utility
+.SH SYNOPSIS
+kdb_edit [
+.B \-n
+]
+.SH DESCRIPTION
+.I kdb_edit
+is used to create or change principals stored in the Kerberos key
+distribution center (KDC) database.
+.PP
+When executed,
+.I kdb_edit
+prompts for the master key string and verifies that it matches the
+master key stored in the database.
+If the
+.B \-n
+option is specified, the master key is instead fetched from the master
+key cache file.
+.PP
+Once the master key has been verified,
+.I kdb_edit
+begins a prompt loop. The user is prompted for the principal and
+instance to be modified. If the entry is not found the user may create
+it.
+Once an entry is found or created, the user may set the password,
+expiration date, maximum ticket lifetime, and attributes.
+Default expiration dates, maximum ticket lifetimes, and attributes are
+presented in brackets; if the user presses return the default is selected.
+There is no default password.
+The password RANDOM is interpreted specially, and if entered
+the user may have the program select a random DES key for the
+principal.
+.PP
+Upon successfully creating or changing the entry, ``Edit O.K.'' is
+printed.
+.SH DIAGNOSTICS
+.TP 20n
+"verify_master_key: Invalid master key, does not match database."
+The master key string entered was incorrect.
+.SH FILES
+.TP 20n
+/var/kerberos/principal.pag, /var/kerberos/principal.dir
+DBM files containing database
+.TP
+/.k
+Master key cache file.
diff --git a/crypto/kerberosIV/man/kdb_init.8 b/crypto/kerberosIV/man/kdb_init.8
new file mode 100644
index 0000000..f019dd4
--- /dev/null
+++ b/crypto/kerberosIV/man/kdb_init.8
@@ -0,0 +1,37 @@
+.\" $Id: kdb_init.8,v 1.3 1997/04/02 21:09:54 assar Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KDB_INIT 8 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+kdb_init \- Initialize Kerberos key distribution center database
+.SH SYNOPSIS
+kdb_init [
+.B realm
+]
+.SH DESCRIPTION
+.I kdb_init
+initializes a Kerberos key distribution center database, creating the
+necessary principals.
+.PP
+If the optional
+.I realm
+argument is not present,
+.I kdb_init
+prompts for a realm name.
+After determining the realm to be created, it prompts for
+a master key password. The master key password is used to encrypt
+every encryption key stored in the database.
+.SH DIAGNOSTICS
+.TP 20n
+"/var/kerberos/principal: File exists"
+An attempt was made to create a database on a machine which already had
+an existing database.
+.SH FILES
+.TP 20n
+/var/kerberos/principal.pag, /var/kerberos/principal.dir
+DBM files containing database
+.SH SEE ALSO
+kdb_destroy(8)
diff --git a/crypto/kerberosIV/man/kdb_util.8 b/crypto/kerberosIV/man/kdb_util.8
new file mode 100644
index 0000000..0e3c201
--- /dev/null
+++ b/crypto/kerberosIV/man/kdb_util.8
@@ -0,0 +1,68 @@
+.\" $Id: kdb_util.8,v 1.3 1997/04/02 20:45:38 assar Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KDB_UTIL 8 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+kdb_util \- Kerberos key distribution center database utility
+.SH SYNOPSIS
+kdb_util
+.B operation filename
+.SH DESCRIPTION
+.I kdb_util
+allows the Kerberos key distribution center (KDC) database administrator to
+perform utility functions on the database.
+.PP
+.I Operation
+must be one of the following:
+.TP 10n
+.I load
+initializes the KDC database with the records described by the
+text contained in the file
+.IR filename .
+Any existing database is overwritten.
+.TP
+.I dump
+dumps the KDC database into a text representation in the file
+.IR filename .
+.TP
+.I slave_dump
+performs a database dump like the
+.I dump
+operation, and additionally creates a semaphore file signalling the
+propagation software that an update is available for distribution to
+slave KDC databases.
+.TP
+.I merge
+merges in the entries from
+.IR filename
+into the database.
+.TP
+.I new_master_key
+prompts for the old and new master key strings, and then dumps the KDC
+database into a text representation in the file
+.IR filename .
+The keys in the text representation are encrypted in the new master key.
+.TP
+.I convert_old_db
+prompts for the master key string, and then dumps the KDC database into
+a text representation in the file
+.IR filename .
+The existing database is assumed to be encrypted using the old format
+(encrypted by the key schedule of the master key); the dumped database
+is encrypted using the new format (encrypted directly with master key).
+.PP
+.SH DIAGNOSTICS
+.TP 20n
+"verify_master_key: Invalid master key, does not match database."
+The master key string entered was incorrect.
+.SH FILES
+.TP 20n
+/kerberos/principal.pag, /kerberos/principal.dir
+DBM files containing database
+.TP
+.IR filename .ok
+semaphore file created by
+.IR slave_dump.
diff --git a/crypto/kerberosIV/man/kdestroy.1 b/crypto/kerberosIV/man/kdestroy.1
new file mode 100644
index 0000000..66ffd39
--- /dev/null
+++ b/crypto/kerberosIV/man/kdestroy.1
@@ -0,0 +1,88 @@
+.\" $Id: kdestroy.1,v 1.3 1996/06/12 21:29:16 bg Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KDESTROY 1 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+kdestroy \- destroy Kerberos tickets
+.SH SYNOPSIS
+.B kdestroy
+[
+.B \-f
+]
+[
+.B \-q
+]
+[
+.B \-t
+]
+.SH DESCRIPTION
+The
+.I kdestroy
+utility destroys the user's active
+Kerberos
+authorization tickets by writing zeros to the file that contains them.
+If the ticket file does not exist,
+.I kdestroy
+displays a message to that effect.
+.PP
+After overwriting the file,
+.I kdestroy
+removes the file from the system.
+The utility
+displays a message indicating the success or failure of the
+operation.
+If
+.I kdestroy
+is unable to destroy the ticket file,
+the utility will warn you by making your terminal beep.
+.PP
+In the Athena workstation environment,
+the
+.I toehold
+service automatically destroys your tickets when you
+end a workstation session.
+If your site does not provide a similar ticket-destroying mechanism,
+you can place the
+.I kdestroy
+command in your
+.I .logout
+file so that your tickets are destroyed automatically
+when you logout.
+.PP
+The options to
+.I kdestroy
+are as follows:
+.TP 7
+.B \-f
+.I kdestroy
+runs without displaying the status message.
+.TP
+.B \-q
+.I kdestroy
+will not make your terminal beep if it fails to destroy the tickets.
+.TP
+.B \-t
+.I kdestroy
+will not remove any afs-tokens. Without this flag the tokens
+associated with the current PAG is destroyed.
+.SH FILES
+KRBTKFILE environment variable if set, otherwise
+.br
+/tmp/tkt[uid]
+.SH SEE ALSO
+kerberos(1), kinit(1), klist(1)
+.SH BUGS
+.PP
+Only the tickets in the user's current ticket file are destroyed.
+Separate ticket files are used to hold root instance and password
+changing tickets. These files should probably be destroyed too, or
+all of a user's tickets kept in a single ticket file.
+.SH AUTHORS
+Steve Miller, MIT Project Athena/Digital Equipment Corporation
+.br
+Clifford Neuman, MIT Project Athena
+.br
+Bill Sommerfeld, MIT Project Athena
diff --git a/crypto/kerberosIV/man/kerberos.1 b/crypto/kerberosIV/man/kerberos.1
new file mode 100644
index 0000000..aced5a5
--- /dev/null
+++ b/crypto/kerberosIV/man/kerberos.1
@@ -0,0 +1,258 @@
+.\" $Id: kerberos.1,v 1.2 1996/06/12 21:29:16 bg Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KERBEROS 1 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+kerberos \- introduction to the Kerberos system
+
+.SH DESCRIPTION
+The
+Kerberos
+system authenticates
+individual users in a network environment.
+After authenticating yourself to
+Kerberos,
+you can use network utilities such as
+.IR rlogin ,
+.IR rcp ,
+and
+.IR rsh
+without
+having to present passwords to remote hosts and without having to bother
+with
+.I \.rhosts
+files.
+Note that these utilities will work without passwords only if
+the remote machines you deal with
+support the
+Kerberos
+system.
+All Athena timesharing machines and public workstations support
+Kerberos.
+.PP
+Before you can use
+Kerberos,
+you must register as an Athena user,
+and you must make sure you have been added to
+the
+Kerberos
+database.
+You can use the
+.I kinit
+command to find out.
+This command
+tries to log you into the
+Kerberos
+system.
+.I kinit
+will prompt you for a username and password.
+Enter your username and password.
+If the utility lets you login without giving you a message,
+you have already been registered.
+.PP
+If you enter your username and
+.I kinit
+responds with this message:
+.nf
+
+Principal unknown (kerberos)
+
+.fi
+you haven't been registered as a
+Kerberos
+user.
+See your system administrator.
+.PP
+A Kerberos name contains three parts.
+The first is the
+.I principal name,
+which is usually a user's or service's name.
+The second is the
+.I instance,
+which in the case of a user is usually null.
+Some users may have privileged instances, however,
+such as ``root'' or ``admin''.
+In the case of a service, the instance is the
+name of the machine on which it runs; i.e. there
+can be an
+.I rlogin
+service running on the machine ABC, which
+is different from the rlogin service running on
+the machine XYZ.
+The third part of a Kerberos name
+is the
+.I realm.
+The realm corresponds to the Kerberos service providing
+authentication for the principal.
+For example, at MIT there is a Kerberos running at the
+Laboratory for Computer Science and one running at
+Project Athena.
+.PP
+When writing a Kerberos name, the principal name is
+separated from the instance (if not null) by a period,
+and the realm (if not the local realm) follows, preceded by
+an ``@'' sign.
+The following are examples of valid Kerberos names:
+.sp
+.nf
+.in +8
+billb
+jis.admin
+srz@lcs.mit.edu
+treese.root@athena.mit.edu
+.in -8
+.fi
+.PP
+When you authenticate yourself with
+Kerberos,
+through either the workstation
+.I toehold
+system or the
+.I kinit
+command,
+Kerberos
+gives you an initial
+Kerberos
+.IR ticket .
+(A
+Kerberos
+ticket
+is an encrypted protocol message that provides authentication.)
+Kerberos
+uses this ticket for network utilities
+such as
+.I rlogin
+and
+.IR rcp .
+The ticket transactions are done transparently,
+so you don't have to worry about their management.
+.PP
+Note, however, that tickets expire.
+Privileged tickets, such as root instance tickets,
+expire in a few minutes, while tickets that carry more ordinary
+privileges may be good for several hours or a day, depending on the
+installation's policy.
+If your login session extends beyond the time limit,
+you will have to re-authenticate yourself to
+Kerberos
+to get new tickets.
+Use the
+.IR kinit
+command to re-authenticate yourself.
+.PP
+If you use the
+.I kinit
+command to get your tickets,
+make sure you use the
+.I kdestroy
+command
+to destroy your tickets before you end your login session.
+You should probably put the
+.I kdestroy
+command in your
+.I \.logout
+file so that your tickets will be destroyed automatically when you logout.
+For more information about the
+.I kinit
+and
+.I kdestroy
+commands,
+see the
+.I kinit(1)
+and
+.I kdestroy(1)
+manual pages.
+.PP
+Currently,
+Kerberos
+supports the following network services:
+.IR rlogin ,
+.IR rsh ,
+and
+.IR rcp .
+Other services are being worked on,
+such as the
+.IR pop
+mail system and NFS (network file system),
+but are not yet available.
+
+.SH "SEE ALSO"
+kdestroy(1), kinit(1), klist(1), kpasswd(1), des_crypt(3), kerberos(3),
+kadmin(8)
+.SH BUGS
+Kerberos
+will not do authentication forwarding.
+In other words,
+if you use
+.I rlogin
+to login to a remote host,
+you cannot use
+Kerberos
+services from that host
+until you authenticate yourself explicitly on that host.
+Although you may need to authenticate yourself on the remote
+host,
+be aware that when you do so,
+.I rlogin
+sends your password across the network in clear text.
+
+.SH AUTHORS
+Steve Miller, MIT Project Athena/Digital Equipment Corporation
+.br
+Clifford Neuman, MIT Project Athena
+
+The following people helped out on various aspects of the system:
+
+Jeff Schiller designed and wrote the administration server and its
+user interface, kadmin.
+He also wrote the dbm version of the database management system.
+
+Mark Colan developed the
+Kerberos
+versions of
+.IR rlogin ,
+.IR rsh ,
+and
+.IR rcp ,
+as well as contributing work on the servers.
+
+John Ostlund developed the
+Kerberos
+versions of
+.I passwd
+and
+.IR userreg .
+
+Stan Zanarotti pioneered Kerberos in a foreign realm (LCS),
+and made many contributions based on that experience.
+
+Many people contributed code and/or useful ideas, including
+Jim Aspnes,
+Bob Baldwin,
+John Barba,
+Richard Basch,
+Jim Bloom,
+Bill Bryant,
+Rob French,
+Dan Geer,
+David Jedlinsky,
+John Kohl,
+John Kubiatowicz,
+Bob McKie,
+Brian Murphy,
+Ken Raeburn,
+Chris Reed,
+Jon Rochlis,
+Mike Shanzer,
+Bill Sommerfeld,
+Jennifer Steiner,
+Ted Ts'o,
+and
+Win Treese.
+
+.SH RESTRICTIONS
+
+COPYRIGHT 1985,1986 Massachusetts Institute of Technology
diff --git a/crypto/kerberosIV/man/kerberos.3 b/crypto/kerberosIV/man/kerberos.3
new file mode 100644
index 0000000..71da54d
--- /dev/null
+++ b/crypto/kerberosIV/man/kerberos.3
@@ -0,0 +1,460 @@
+.\" $Id: kerberos.3,v 1.2 1996/06/12 21:29:18 bg Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KERBEROS 3 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+krb_mk_req, krb_rd_req, krb_kntoln, krb_set_key, krb_get_cred,
+krb_mk_priv, krb_rd_priv, krb_mk_safe, krb_rd_safe, krb_mk_err,
+krb_rd_err, krb_ck_repl \- Kerberos authentication library
+.SH SYNOPSIS
+.nf
+.nj
+.ft B
+#include <des.h>
+#include <krb.h>
+.PP
+.ft B
+extern char *krb_err_txt[];
+.PP
+.ft B
+int krb_mk_req(authent,service,instance,realm,checksum)
+KTEXT authent;
+char *service;
+char *instance;
+char *realm;
+u_long checksum;
+.PP
+.ft B
+int krb_rd_req(authent,service,instance,from_addr,ad,fn)
+KTEXT authent;
+char *service;
+char *instance;
+u_long from_addr;
+AUTH_DAT *ad;
+char *fn;
+.PP
+.ft B
+int krb_kntoln(ad,lname)
+AUTH_DAT *ad;
+char *lname;
+.PP
+.ft B
+int krb_set_key(key,cvt)
+char *key;
+int cvt;
+.PP
+.ft B
+int krb_get_cred(service,instance,realm,c)
+char *service;
+char *instance;
+char *realm;
+CREDENTIALS *c;
+.PP
+.ft B
+long krb_mk_priv(in,out,in_length,schedule,key,sender,receiver)
+u_char *in;
+u_char *out;
+u_long in_length;
+des_cblock key;
+des_key_schedule schedule;
+struct sockaddr_in *sender;
+struct sockaddr_in *receiver;
+.PP
+.ft B
+long krb_rd_priv(in,in_length,schedule,key,sender,receiver,msg_data)
+u_char *in;
+u_long in_length;
+Key_schedule schedule;
+des_cblock key;
+struct sockaddr_in *sender;
+struct sockaddr_in *receiver;
+MSG_DAT *msg_data;
+.PP
+.ft B
+long krb_mk_safe(in,out,in_length,key,sender,receiver)
+u_char *in;
+u_char *out;
+u_long in_length;
+des_cblock key;
+struct sockaddr_in *sender;
+struct sockaddr_in *receiver;
+.PP
+.ft B
+long krb_rd_safe(in,length,key,sender,receiver,msg_data)
+u_char *in;
+u_long length;
+des_cblock key;
+struct sockaddr_in *sender;
+struct sockaddr_in *receiver;
+MSG_DAT *msg_data;
+.PP
+.ft B
+long krb_mk_err(out,code,string)
+u_char *out;
+long code;
+char *string;
+.PP
+.ft B
+long krb_rd_err(in,length,code,msg_data)
+u_char *in;
+u_long length;
+long code;
+MSG_DAT *msg_data;
+.fi
+.ft R
+.SH DESCRIPTION
+This library supports network authentication and various related
+operations. The library contains many routines beyond those described
+in this man page, but they are not intended to be used directly.
+Instead, they are called by the routines that are described, the
+authentication server and the login program.
+.PP
+.I krb_err_txt[]
+contains text string descriptions of various Kerberos error codes returned
+by some of the routines below.
+.PP
+.I krb_mk_req
+takes a pointer to a text structure in which an authenticator is to be
+built. It also takes the name, instance, and realm of the service to be
+used and an optional checksum. It is up to the application to decide
+how to generate the checksum.
+.I krb_mk_req
+then retrieves a ticket for the desired service and creates an
+authenticator. The authenticator is built in
+.I authent
+and is accessible
+to the calling procedure.
+.PP
+It is up to the application to get the authenticator to the service
+where it will be read by
+.I krb_rd_req.
+Unless an attacker posesses the session key contained in the ticket, it
+will be unable to modify the authenticator. Thus, the checksum can be
+used to verify the authenticity of the other data that will pass through
+a connection.
+.PP
+.I krb_rd_req
+takes an authenticator of type
+.B KTEXT,
+a service name, an instance, the address of the
+host originating the request, and a pointer to a structure of type
+.B AUTH_DAT
+which is filled in with information obtained from the authenticator.
+It also optionally takes the name of the file in which it will find the
+secret key(s) for the service.
+If the supplied
+.I instance
+contains "*", then the first service key with the same service name
+found in the service key file will be used, and the
+.I instance
+argument will be filled in with the chosen instance. This means that
+the caller must provide space for such an instance name.
+.PP
+It is used to find out information about the principal when a request
+has been made to a service. It is up to the application protocol to get
+the authenticator from the client to the service. The authenticator is
+then passed to
+.I krb_rd_req
+to extract the desired information.
+.PP
+.I krb_rd_req
+returns zero (RD_AP_OK) upon successful authentication. If a packet was
+forged, modified, or replayed, authentication will fail. If the
+authentication fails, a non-zero value is returned indicating the
+particular problem encountered. See
+.I krb.h
+for the list of error codes.
+.PP
+If the last argument is the null string (""), krb_rd_req will use the
+file /etc/srvtab to find its keys. If the last argument is NULL, it
+will assume that the key has been set by
+.I krb_set_key
+and will not bother looking further.
+.PP
+.I krb_kntoln
+converts a Kerberos name to a local name. It takes a structure
+of type AUTH_DAT and uses the name and instance to look in the database
+/etc/aname to find the corresponding local name. The local name is
+returned and can be used by an application to change uids, directories,
+or other parameters. It is not an integral part of Kerberos, but is
+instead provided to support the use of Kerberos in existing utilities.
+.PP
+.I krb_set_key
+takes as an argument a des key. It then creates
+a key schedule from it and saves the original key to be used as an
+initialization vector.
+It is used to set the server's key which
+must be used to decrypt tickets.
+.PP
+If called with a non-zero second argument,
+.I krb_set_key
+will first convert the input from a string of arbitrary length to a DES
+key by encrypting it with a one-way function.
+.PP
+In most cases it should not be necessary to call
+.I krb_set_key.
+The necessary keys will usually be obtained and set inside
+.I krb_rd_req. krb_set_key
+is provided for those applications that do not wish to place the
+application keys on disk.
+.PP
+.I krb_get_cred
+searches the caller's ticket file for a ticket for the given service, instance,
+and realm; and, if a ticket is found, fills in the given CREDENTIALS structure
+with the ticket information.
+.PP
+If the ticket was found,
+.I krb_get_cred
+returns GC_OK.
+If the ticket file can't be found, can't be read, doesn't belong to
+the user (other than root), isn't a regular file, or is in the wrong
+mode, the error GC_TKFIL is returned.
+.PP
+.I krb_mk_priv
+creates an encrypted, authenticated
+message from any arbitrary application data, pointed to by
+.I in
+and
+.I in_length
+bytes long.
+The private session key, pointed to by
+.I key
+and the key schedule,
+.I schedule,
+are used to encrypt the data and some header information using
+.I pcbc_encrypt.
+.I sender
+and
+.I receiver
+point to the Internet address of the two parties.
+In addition to providing privacy, this protocol message protects
+against modifications, insertions or replays. The encapsulated message and
+header are placed in the area pointed to by
+.I out
+and the routine returns the length of the output, or -1 indicating
+an error.
+.PP
+.I krb_rd_priv
+decrypts and authenticates a received
+.I krb_mk_priv
+message.
+.I in
+points to the beginning of the received message, whose length
+is specified in
+.I in_length.
+The private session key, pointed to by
+.I key,
+and the key schedule,
+.I schedule,
+are used to decrypt and verify the received message.
+.I msg_data
+is a pointer to a
+.I MSG_DAT
+struct, defined in
+.I krb.h.
+The routine fills in the
+.I app_data
+field with a pointer to the decrypted application data,
+.I app_length
+with the length of the
+.I app_data
+field,
+.I time_sec
+and
+.I time_5ms
+with the timestamps in the message, and
+.I swap
+with a 1 if the byte order of the receiver is different than that of
+the sender. (The application must still determine if it is appropriate
+to byte-swap application data; the Kerberos protocol fields are already taken
+care of). The
+.I hash
+field returns a value useful as input to the
+.I krb_ck_repl
+routine.
+
+The routine returns zero if ok, or a Kerberos error code. Modified messages
+and old messages cause errors, but it is up to the caller to
+check the time sequence of messages, and to check against recently replayed
+messages using
+.I krb_ck_repl
+if so desired.
+.PP
+.I krb_mk_safe
+creates an authenticated, but unencrypted message from any arbitrary
+application data,
+pointed to by
+.I in
+and
+.I in_length
+bytes long.
+The private session key, pointed to by
+.I key,
+is used to seed the
+.I quad_cksum()
+checksum algorithm used as part of the authentication.
+.I sender
+and
+.I receiver
+point to the Internet address of the two parties.
+This message does not provide privacy, but does protect (via detection)
+against modifications, insertions or replays. The encapsulated message and
+header are placed in the area pointed to by
+.I out
+and the routine returns the length of the output, or -1 indicating
+an error.
+The authentication provided by this routine is not as strong as that
+provided by
+.I krb_mk_priv
+or by computing the checksum using
+.I cbc_cksum
+instead, both of which authenticate via DES.
+.PP
+
+.I krb_rd_safe
+authenticates a received
+.I krb_mk_safe
+message.
+.I in
+points to the beginning of the received message, whose length
+is specified in
+.I in_length.
+The private session key, pointed to by
+.I key,
+is used to seed the quad_cksum() routine as part of the authentication.
+.I msg_data
+is a pointer to a
+.I MSG_DAT
+struct, defined in
+.I krb.h .
+The routine fills in these
+.I MSG_DAT
+fields:
+the
+.I app_data
+field with a pointer to the application data,
+.I app_length
+with the length of the
+.I app_data
+field,
+.I time_sec
+and
+.I time_5ms
+with the timestamps in the message, and
+.I swap
+with a 1 if the byte order of the receiver is different than that of
+the sender.
+(The application must still determine if it is appropriate
+to byte-swap application data; the Kerberos protocol fields are already taken
+care of). The
+.I hash
+field returns a value useful as input to the
+.I krb_ck_repl
+routine.
+
+The routine returns zero if ok, or a Kerberos error code. Modified messages
+and old messages cause errors, but it is up to the caller to
+check the time sequence of messages, and to check against recently replayed
+messages using
+.I krb_ck_repl
+if so desired.
+.PP
+.I krb_mk_err
+constructs an application level error message that may be used along
+with
+.I krb_mk_priv
+or
+.I krb_mk_safe.
+.I out
+is a pointer to the output buffer,
+.I code
+is an application specific error code, and
+.I string
+is an application specific error string.
+
+.PP
+.I krb_rd_err
+unpacks a received
+.I krb_mk_err
+message.
+.I in
+points to the beginning of the received message, whose length
+is specified in
+.I in_length.
+.I code
+is a pointer to a value to be filled in with the error
+value provided by the application.
+.I msg_data
+is a pointer to a
+.I MSG_DAT
+struct, defined in
+.I krb.h .
+The routine fills in these
+.I MSG_DAT
+fields: the
+.I app_data
+field with a pointer to the application error text,
+.I app_length
+with the length of the
+.I app_data
+field, and
+.I swap
+with a 1 if the byte order of the receiver is different than that of
+the sender. (The application must still determine if it is appropriate
+to byte-swap application data; the Kerberos protocol fields are already taken
+care of).
+
+The routine returns zero if the error message has been successfully received,
+or a Kerberos error code.
+.PP
+The
+.I KTEXT
+structure is used to pass around text of varying lengths. It consists
+of a buffer for the data, and a length. krb_rd_req takes an argument of this
+type containing the authenticator, and krb_mk_req returns the
+authenticator in a structure of this type. KTEXT itself is really a
+pointer to the structure. The actual structure is of type KTEXT_ST.
+.PP
+The
+.I AUTH_DAT
+structure is filled in by krb_rd_req. It must be allocated before
+calling krb_rd_req, and a pointer to it is passed. The structure is
+filled in with data obtained from Kerberos.
+.I MSG_DAT
+structure is filled in by either krb_rd_priv, krb_rd_safe, or
+krb_rd_err. It must be allocated before the call and a pointer to it
+is passed. The structure is
+filled in with data obtained from Kerberos.
+.PP
+.SH FILES
+/usr/include/krb.h
+.br
+/usr/lib/libkrb.a
+.br
+/usr/include/des.h
+.br
+/usr/lib/libdes.a
+.br
+/etc/aname
+.br
+/etc/srvtab
+.br
+/tmp/tkt[uid]
+.SH "SEE ALSO"
+kerberos(1), des_crypt(3)
+.SH DIAGNOSTICS
+.SH BUGS
+The caller of
+.I krb_rd_req, krb_rd_priv, and krb_rd_safe
+must check time order and for replay attempts.
+.I krb_ck_repl
+is not implemented yet.
+.SH AUTHORS
+Clifford Neuman, MIT Project Athena
+.br
+Steve Miller, MIT Project Athena/Digital Equipment Corporation
+.SH RESTRICTIONS
+COPYRIGHT 1985,1986,1989 Massachusetts Institute of Technology
diff --git a/crypto/kerberosIV/man/kerberos.8 b/crypto/kerberosIV/man/kerberos.8
new file mode 100644
index 0000000..6a64c57
--- /dev/null
+++ b/crypto/kerberosIV/man/kerberos.8
@@ -0,0 +1,44 @@
+.\" $Id: kerberos.8,v 1.1 1996/11/14 22:14:55 assar Exp $
+.\"
+.Dd November 14, 1996
+.Dt KERBEROS 8
+.Os KTH-KRB
+.Sh NAME
+.Nm kerberos
+.Nd The kerberos daemon
+.Sh SYNPOSIS
+.Nm
+.Op Fl snm
+.Op Fl p Ar pause
+.Op Fl a Ar max age
+.Op Fl l Ar log
+.Op Fl r Ar realm
+.Ar database
+.Sh DESCRIPTION
+This is the
+.Nm
+daemon.
+.Pp
+Options:
+.Bl -tag -width -ident
+.It Fl s
+Set slave parameters. This will enable check to see if data is
+getting too stale relative to the master.
+.It Fl n
+Do not check max age.
+.It Fl m
+Run manually and prompt for master key.
+.It Fl p
+Pause for
+.Ar pause
+before dying.
+.It Fl a
+Set the
+.Ar max age
+before the database is considered stale.
+.It Fl l
+Write the log to
+.Ar log
+.It Fl r
+Run as a server for realm
+.Ar realm
diff --git a/crypto/kerberosIV/man/kinit.1 b/crypto/kerberosIV/man/kinit.1
new file mode 100644
index 0000000..b70ce4b
--- /dev/null
+++ b/crypto/kerberosIV/man/kinit.1
@@ -0,0 +1,136 @@
+.\" $Id: kinit.1,v 1.3 1997/04/02 21:09:55 assar Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KINIT 1 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+kinit \- Kerberos login utility
+.SH SYNOPSIS
+.B kinit
+[
+.B \-irvlp
+]
+.SH DESCRIPTION
+The
+.I kinit
+command is used to login to the
+Kerberos
+authentication and authorization system.
+Note that only registered
+Kerberos
+users can use the
+Kerberos
+system.
+For information about registering as a
+Kerberos
+user,
+see the
+.I kerberos(1)
+manual page.
+.PP
+If you are logged in to a workstation that is running the
+.I toehold
+service,
+you do not have to use
+.I kinit.
+The
+.I toehold
+login procedure will log you into
+Kerberos
+automatically.
+You will need to use
+.I kinit
+only in those situations in which
+your original tickets have expired.
+(Tickets expire in about a day.)
+Note as well that
+.I toehold
+will automatically destroy your tickets when you logout from the workstation.
+.PP
+When you use
+.I kinit
+without options,
+the utility
+prompts for your username and Kerberos password,
+and tries to authenticate your login with the local
+Kerberos
+server.
+.PP
+If
+Kerberos
+authenticates the login attempt,
+.I kinit
+retrieves your initial ticket and puts it in the ticket file specified by
+your KRBTKFILE environment variable.
+If this variable is undefined,
+your ticket will be stored in the
+.IR /tmp
+directory,
+in the file
+.I tktuid ,
+where
+.I uid
+specifies your user identification number.
+.PP
+If you have logged in to
+Kerberos
+without the benefit of the workstation
+.I toehold
+system,
+make sure you use the
+.I kdestroy
+command to destroy any active tickets before you end your login session.
+You may want to put the
+.I kdestroy
+command in your
+.I \.logout
+file so that your tickets will be destroyed automatically when you logout.
+.PP
+The options to
+.I kinit
+are as follows:
+.TP 7
+.B \-i
+.I kinit
+prompts you for a
+Kerberos
+instance.
+.TP
+.B \-r
+.I kinit
+prompts you for a
+Kerberos
+realm.
+This option lets you authenticate yourself with a remote
+Kerberos
+server.
+.TP
+.B \-v
+Verbose mode.
+.I kinit
+prints the name of the ticket file used, and
+a status message indicating the success or failure of
+your login attempt.
+.TP
+.B \-l
+.I kinit
+prompts you for a ticket lifetime in minutes. Due to protocol
+restrictions in Kerberos Version 4, this value must be between 5 and
+1275 minutes.
+.TP
+.B \-p
+.I kinit
+will acquires a ticket for chpass.kerberos.
+.SH SEE ALSO
+.PP
+kerberos(1), kdestroy(1), klist(1), toehold(1)
+.SH BUGS
+The
+.B \-r
+option has not been fully implemented.
+.SH AUTHORS
+Steve Miller, MIT Project Athena/Digital Equipment Corporation
+.br
+Clifford Neuman, MIT Project Athena
diff --git a/crypto/kerberosIV/man/klist.1 b/crypto/kerberosIV/man/klist.1
new file mode 100644
index 0000000..76dec02
--- /dev/null
+++ b/crypto/kerberosIV/man/klist.1
@@ -0,0 +1,83 @@
+.\" $Id: klist.1,v 1.2 1996/06/12 21:29:19 bg Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KLIST 1 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+klist \- list currently held Kerberos tickets
+.SH SYNOPSIS
+.B klist
+[
+\fB\-s \fR|\fB \-t\fR
+] [
+.B \-file
+name ] [
+.B \-srvtab
+]
+.br
+.SH DESCRIPTION
+.I klist
+prints the name of the tickets file and the
+identity of the principal the tickets are for (as listed in the
+tickets file), and
+lists the principal names of all Kerberos tickets currently held by
+the user, along with the issue and expire time for each authenticator.
+Principal names are listed in the form
+.I name.instance@realm,
+with the '.' omitted if the instance is null,
+and the '@' omitted if the realm is null.
+
+If given the
+.B \-s
+option,
+.I klist
+does not print the issue and expire times, the name of the tickets file,
+or the identity of the principal.
+
+If given the
+.B \-t
+option,
+.B klist
+checks for the existence of a non-expired ticket-granting-ticket in the
+ticket file. If one is present, it exits with status 0, else it exits
+with status 1. No output is generated when this option is specified.
+
+If given the
+.B \-file
+option, the following argument is used as the ticket file.
+Otherwise, if the
+.B KRBTKFILE
+environment variable is set, it is used.
+If this environment variable
+is not set, the file
+.B /tmp/tkt[uid]
+is used, where
+.B uid
+is the current user-id of the user.
+
+If given the
+.B \-srvtab
+option, the file is treated as a service key file, and the names of the
+keys contained therein are printed. If no file is
+specified with a
+.B \-file
+option, the default is
+.IR /etc/srvtab .
+.SH FILES
+.TP 2i
+/etc/krb.conf
+to get the name of the local realm
+.TP
+/tmp/tkt[uid]
+as the default ticket file ([uid] is the decimal UID of the user).
+.TP
+/etc/srvtab
+as the default service key file
+.SH SEE ALSO
+.PP
+kerberos(1), kinit(1), kdestroy(1)
+.SH BUGS
+When reading a file as a service key file, very little sanity or error
+checking is performed.
diff --git a/crypto/kerberosIV/man/kprop.8 b/crypto/kerberosIV/man/kprop.8
new file mode 100644
index 0000000..376f715
--- /dev/null
+++ b/crypto/kerberosIV/man/kprop.8
@@ -0,0 +1,58 @@
+.\" $Id: kprop.8,v 1.2 1996/06/15 17:03:22 assar Exp $
+.\"
+.Dd June 7, 1996
+.Dt KPROP 8
+.Os KTH-KRB
+.Sh NAME
+.Nm kprop
+.Nd
+the kerberos slave server update client
+.Sh SYNOPSIS
+.Nm
+.Op Fl force
+.Op Fl realm Ar realm
+.Op Ar dump-file
+.Op Ar slave-file
+.Sh DESCRIPTION
+Changes to the database, such as changed passwords, are only made to
+the master server through the
+.Nm kadmind
+service. To propagate these changes to the slave servers,
+.Nm
+should be run regularly on the master server.
+
+The following options are recognised.
+
+.Bl -tag -width -force
+.It Fl force
+Propagate even if there hasn't been an update to the dump file since
+last time.
+.It Fl realm
+Realm if other than the default.
+.It dump-file
+is a file created with
+.Ic kdb_util slave_dump ,
+default is
+.Pa /var/kerberos/slave_dump .
+.It slave-file
+Contains the names of the slave servers. Default is
+.Pa /var/kerberos/slaves .
+.El
+
+.Nm
+will use the principal
+.Nm rcmd.kerberos
+to authenticate to the master servers. This principal has to be added
+to the database, and it should also be put into the service key file
+on the master server.
+
+.Sh FILES
+.Bl -tag -width indent -compact
+.It Pa /var/kerberos/slave_dump
+.It Pa /var/kerberos/slaves
+.It Pa /etc/srvtab
+.El
+.Sh SEE ALSO
+.Xr kpropd 8 ,
+.Xr kerberos 8 ,
+.Xr kadmind 8
diff --git a/crypto/kerberosIV/man/kpropd.8 b/crypto/kerberosIV/man/kpropd.8
new file mode 100644
index 0000000..d1dbd16
--- /dev/null
+++ b/crypto/kerberosIV/man/kpropd.8
@@ -0,0 +1,63 @@
+.\" $Id: kpropd.8,v 1.2 1997/02/07 22:04:55 assar Exp $
+.\"
+.Dd June 7, 1996
+.Dt KPROPD 8
+.Os KTH-KRB
+.Sh NAME
+.Nm kpropd
+.Nd
+the kerberos slave server update facility
+.Sh SYNOPSIS
+.Nm
+.Op Fl i
+.Op Fl d Ar database
+.Op Fl l Ar logfile
+.Op Fl m
+.Op Fl p Ar kdb_util
+.Op Fl r Ar realm
+.Op Fl s Ar srvtab
+.Sh DESCRIPTION
+The
+.Nm
+responds to database update requests from the
+.Nm kprop
+command. It can either be started from
+.Nm inetd
+or as an ordinary program.
+
+The following options are recognised:
+
+.Bl -tag -width xxxx
+.It Fl i
+Run stand-alone. If this flag is not given, it is assumed to have
+been started by
+.Nm inetd .
+.It Fl d
+What database file to use, default is
+.Pa /var/kerberos/principal .
+.It Fl l
+Logfile to use, default is
+.Pa /var/log/kpropd.log .
+.It Fl m
+Treat data as changes to the database rather than a complete database.
+.It Fl p
+The path to
+.Nm kdb_util ,
+default is
+.Pa /usr/athena/sbin/kdb_util .
+.It Fl r
+Realm if other than the default realm.
+.It Fl s
+Srvtab if other than
+.Pa /etc/srvtab .
+.El
+.Sh FILES
+.Bl -tag -width indent -compact
+.It Pa /var/kerberos/principal.{db,dir,pag}
+.It Pa /var/log/kpropd.log
+.It Pa /etc/srvtab
+.El
+.Sh SEE ALSO
+.Xr kprop 8 ,
+.Xr kerberos 8 ,
+.Xr kadmind 8
diff --git a/crypto/kerberosIV/man/krb.conf.5 b/crypto/kerberosIV/man/krb.conf.5
new file mode 100644
index 0000000..b122b9c
--- /dev/null
+++ b/crypto/kerberosIV/man/krb.conf.5
@@ -0,0 +1,31 @@
+.\" $Id: krb.conf.5,v 1.2 1996/06/12 21:29:21 bg Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KRB.CONF 5 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+/etc/krb.conf \- Kerberos configuration file
+.SH DESCRIPTION
+.I krb.conf
+contains configuration information describing the Kerberos realm and the
+Kerberos key distribution center (KDC) servers for known realms.
+.PP
+.I krb.conf
+contains the name of the local realm in the first
+line, followed by lines indicating realm/host
+entries. The first token is a realm name, and the second is the hostname
+of a host running a KDC for that realm.
+The words "admin server" following the hostname indicate that
+the host also provides an administrative database server.
+For example:
+.nf
+.in +1i
+ATHENA.MIT.EDU
+ATHENA.MIT.EDU kerberos-1.mit.edu admin server
+ATHENA.MIT.EDU kerberos-2.mit.edu
+LCS.MIT.EDU kerberos.lcs.mit.edu admin server
+.in -1i
+.SH SEE ALSO
+krb.realms(5), krb_get_krbhst(3), krb_get_lrealm(3)
diff --git a/crypto/kerberosIV/man/krb.equiv.5 b/crypto/kerberosIV/man/krb.equiv.5
new file mode 100644
index 0000000..e38f94b
--- /dev/null
+++ b/crypto/kerberosIV/man/krb.equiv.5
@@ -0,0 +1,28 @@
+.\" $Id: krb.equiv.5,v 1.3 1996/06/18 16:26:20 joda Exp $
+.\"
+.Dd June 18, 1996
+.Dt KRB.EQUIV 5
+.Os KTH-KRB
+.Sh NAME
+.Nm krb.equiv
+.Nd
+Kerberos equivalent hosts file
+.Sh DESCRIPTION
+.Nm
+contains a list of IP addresses that is to be considered being the
+same host for Kerberos purposes. Plain addresses match a single
+host. Addresses followed by a slash (/) and a number is taken as a
+sub-network that should be considered equal.
+.Pp
+Hash (#) starts a comment. Backslash (\\) is a continuation character.
+.Sh EXAMPLES
+.Bd -literal
+# A machine with two interfaces.
+130.237.232.113 130.237.221.42 # emma emma-ether
+# A machine with *many* interfaces
+193.10.156.0/24 193.10.157.0/24 # syk-* syk-*-hps
+.Ed
+.Sh SEE ALSO
+.Xr krb_equiv 3 ,
+.Xr krb.conf 5 ,
+.Xr krb.realms 5
diff --git a/crypto/kerberosIV/man/krb.realms.5 b/crypto/kerberosIV/man/krb.realms.5
new file mode 100644
index 0000000..427c455
--- /dev/null
+++ b/crypto/kerberosIV/man/krb.realms.5
@@ -0,0 +1,38 @@
+.\" $Id: krb.realms.5,v 1.2 1996/06/12 21:29:22 bg Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KRB.REALMS 5 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+/etc/krb.realms \- host to Kerberos realm translation file
+.SH DESCRIPTION
+.I krb.realms
+provides a translation from a hostname to the Kerberos realm name for
+the services provided by that host.
+.PP
+Each line of the translation file is in one of the following forms
+(domain_name should be of the form .XXX.YYY, e.g. .LCS.MIT.EDU):
+.nf
+.in +5n
+host_name kerberos_realm
+domain_name kerberos_realm
+.in -5n
+.fi
+If a hostname exactly matches the
+.I host_name
+field in a line of the first
+form, the corresponding realm is the realm of the host.
+If a hostname does not match any
+.I host_name
+in the file, but its
+domain exactly matches the
+.I domain_name
+field in a line of the second
+form, the corresponding realm is the realm of the host.
+.PP
+If no translation entry applies, the host's realm is considered to be
+the hostname's domain portion converted to upper case.
+.SH SEE ALSO
+krb_realmofhost(3)
diff --git a/crypto/kerberosIV/man/krb_realmofhost.3 b/crypto/kerberosIV/man/krb_realmofhost.3
new file mode 100644
index 0000000..ddbda74
--- /dev/null
+++ b/crypto/kerberosIV/man/krb_realmofhost.3
@@ -0,0 +1,160 @@
+.\" $Id: krb_realmofhost.3,v 1.2 1996/06/12 21:29:23 bg Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KRB_REALMOFHOST 3 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+krb_realmofhost, krb_get_phost, krb_get_krbhst, krb_get_admhst,
+krb_get_lrealm \- additional Kerberos utility routines
+.SH SYNOPSIS
+.nf
+.nj
+.ft B
+#include <krb.h>
+#include <des.h>
+#include <netinet/in.h>
+.PP
+.ft B
+char *krb_realmofhost(host)
+char *host;
+.PP
+.ft B
+char *krb_get_phost(alias)
+char *alias;
+.PP
+.ft B
+krb_get_krbhst(host,realm,n)
+char *host;
+char *realm;
+int n;
+.PP
+.ft B
+krb_get_admhst(host,realm,n)
+char *host;
+char *realm;
+int n;
+.PP
+.ft B
+krb_get_lrealm(realm,n)
+char *realm;
+int n;
+.fi
+.ft R
+.SH DESCRIPTION
+.I krb_realmofhost
+returns the Kerberos realm of the host
+.IR host ,
+as determined by the translation table
+.IR /etc/krb.realms .
+.I host
+should be the fully-qualified domain-style primary host name of the host
+in question. In order to prevent certain security attacks, this routine
+must either have
+.I a priori
+knowledge of a host's realm, or obtain such information securely.
+.PP
+The format of the translation file is described by
+.IR krb.realms (5).
+If
+.I host
+exactly matches a host_name line, the corresponding realm
+is returned.
+Otherwise, if the domain portion of
+.I host
+matches a domain_name line, the corresponding realm
+is returned.
+If
+.I host
+contains a domain, but no translation is found,
+.IR host 's
+domain is converted to upper-case and returned.
+If
+.I host
+contains no discernable domain, or an error occurs,
+the local realm name, as supplied by
+.IR krb_get_lrealm (3),
+is returned.
+.PP
+.I krb_get_phost
+converts the hostname
+.I alias
+(which can be either an official name or an alias) into the instance
+name to be used in obtaining Kerberos tickets for most services,
+including the Berkeley rcmd suite (rlogin, rcp, rsh).
+.br
+The current convention is to return the first segment of the official
+domain-style name after conversion to lower case.
+.PP
+.I krb_get_krbhst
+fills in
+.I host
+with the hostname of the
+.IR n th
+host running a Kerberos key distribution center (KDC)
+for realm
+.IR realm ,
+as specified in the configuration file (\fI/etc/krb.conf\fR).
+The configuration file is described by
+.IR krb.conf (5).
+If the host is successfully filled in, the routine
+returns KSUCCESS.
+If the file cannot be opened, and
+.I n
+equals 1, then the value of KRB_HOST as defined in
+.I <krb.h>
+is filled in, and KSUCCESS is returned. If there are fewer than
+.I n
+hosts running a Kerberos KDC for the requested realm, or the
+configuration file is malformed, the routine
+returns KFAILURE.
+.PP
+.I krb_get_admhst
+fills in
+.I host
+with the hostname of the
+.IR n th
+host running a Kerberos KDC database administration server
+for realm
+.IR realm ,
+as specified in the configuration file (\fI/etc/krb.conf\fR).
+If the file cannot be opened or is malformed, or there are fewer than
+.I n
+hosts running a Kerberos KDC database administration server,
+the routine returns KFAILURE.
+.PP
+The character arrays used as return values for
+.IR krb_get_krbhst ,
+.IR krb_get_admhst ,
+should be large enough to
+hold any hostname (MAXHOSTNAMELEN from <sys/param.h>).
+.PP
+.I krb_get_lrealm
+fills in
+.I realm
+with the
+.IR n th
+realm of the local host, as specified in the configuration file.
+.I realm
+should be at least REALM_SZ (from
+.IR <krb.h>) characters long.
+.PP
+.SH SEE ALSO
+kerberos(3), krb.conf(5), krb.realms(5)
+.SH FILES
+.TP 20n
+/etc/krb.realms
+translation file for host-to-realm mapping.
+.TP
+/etc/krb.conf
+local realm-name and realm/server configuration file.
+.SH BUGS
+The current convention for instance names is too limited; the full
+domain name should be used.
+.PP
+.I krb_get_lrealm
+currently only supports
+.I n
+= 1. It should really consult the user's ticket cache to determine the
+user's current realm, rather than consulting a file on the host.
diff --git a/crypto/kerberosIV/man/krb_sendauth.3 b/crypto/kerberosIV/man/krb_sendauth.3
new file mode 100644
index 0000000..208b6bc
--- /dev/null
+++ b/crypto/kerberosIV/man/krb_sendauth.3
@@ -0,0 +1,347 @@
+.\" $Id: krb_sendauth.3,v 1.2 1996/06/12 21:29:24 bg Exp $
+.\" Copyright 1988 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KRB_SENDAUTH 3 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+krb_sendauth, krb_recvauth, krb_net_write, krb_net_read \-
+Kerberos routines for sending authentication via network stream sockets
+.SH SYNOPSIS
+.nf
+.nj
+.ft B
+#include <krb.h>
+#include <des.h>
+#include <netinet/in.h>
+.PP
+.fi
+.HP 1i
+.ft B
+int krb_sendauth(options, fd, ktext, service, inst, realm, checksum,
+msg_data, cred, schedule, laddr, faddr, version)
+.nf
+.RS 0
+.ft B
+long options;
+int fd;
+KTEXT ktext;
+char *service, *inst, *realm;
+u_long checksum;
+MSG_DAT *msg_data;
+CREDENTIALS *cred;
+Key_schedule schedule;
+struct sockaddr_in *laddr, *faddr;
+char *version;
+.PP
+.fi
+.HP 1i
+.ft B
+int krb_recvauth(options, fd, ktext, service, inst, faddr, laddr,
+auth_data, filename, schedule, version)
+.nf
+.RS 0
+.ft B
+long options;
+int fd;
+KTEXT ktext;
+char *service, *inst;
+struct sockaddr_in *faddr, *laddr;
+AUTH_DAT *auth_data;
+char *filename;
+Key_schedule schedule;
+char *version;
+.PP
+.ft B
+int krb_net_write(fd, buf, len)
+int fd;
+char *buf;
+int len;
+.PP
+.ft B
+int krb_net_read(fd, buf, len)
+int fd;
+char *buf;
+int len;
+.fi
+.SH DESCRIPTION
+.PP
+These functions,
+which are built on top of the core Kerberos library,
+provide a convenient means for client and server
+programs to send authentication messages
+to one another through network connections.
+The
+.I krb_sendauth
+function sends an authenticated ticket from the client program to
+the server program by writing the ticket to a network socket.
+The
+.I krb_recvauth
+function receives the ticket from the client by
+reading from a network socket.
+
+.SH KRB_SENDAUTH
+.PP
+This function writes the ticket to
+the network socket specified by the
+file descriptor
+.IR fd,
+returning KSUCCESS if the write proceeds successfully,
+and an error code if it does not.
+
+The
+.I ktext
+argument should point to an allocated KTEXT_ST structure.
+The
+.IR service,
+.IR inst,
+and
+.IR realm
+arguments specify the server program's Kerberos principal name,
+instance, and realm.
+If you are writing a client that uses the local realm exclusively,
+you can set the
+.I realm
+argument to NULL.
+
+The
+.I version
+argument allows the client program to pass an application-specific
+version string that the server program can then match against
+its own version string.
+The
+.I version
+string can be up to KSEND_VNO_LEN (see
+.IR <krb.h> )
+characters in length.
+
+The
+.I checksum
+argument can be used to pass checksum information to the
+server program.
+The client program is responsible for specifying this information.
+This checksum information is difficult to corrupt because
+.I krb_sendauth
+passes it over the network in encrypted form.
+The
+.I checksum
+argument is passed as the checksum argument to
+.IR krb_mk_req .
+
+You can set
+.IR krb_sendauth's
+other arguments to NULL unless you want the
+client and server programs to mutually authenticate
+themselves.
+In the case of mutual authentication,
+the client authenticates itself to the server program,
+and demands that the server in turn authenticate itself to
+the client.
+
+.SH KRB_SENDAUTH AND MUTUAL AUTHENTICATION
+.PP
+If you want mutual authentication,
+make sure that you read all pending data from the local socket
+before calling
+.IR krb_sendauth.
+Set
+.IR krb_sendauth's
+.I options
+argument to
+.BR KOPT_DO_MUTUAL
+(this macro is defined in the
+.IR krb.h
+file);
+make sure that the
+.I laddr
+argument points to
+the address of the local socket,
+and that
+.I faddr
+points to the foreign socket's network address.
+
+.I Krb_sendauth
+fills in the other arguments--
+.IR msg_data ,
+.IR cred ,
+and
+.IR schedule --before
+sending the ticket to the server program.
+You must, however, allocate space for these arguments
+before calling the function.
+
+.I Krb_sendauth
+supports two other options:
+.BR KOPT_DONT_MK_REQ,
+and
+.BR KOPT_DONT_CANON.
+If called with
+.I options
+set as KOPT_DONT_MK_REQ,
+.I krb_sendauth
+will not use the
+.I krb_mk_req
+function to retrieve the ticket from the Kerberos server.
+The
+.I ktext
+argument must point to an existing ticket and authenticator (such as
+would be created by
+.IR krb_mk_req ),
+and the
+.IR service,
+.IR inst,
+and
+.IR realm
+arguments can be set to NULL.
+
+If called with
+.I options
+set as KOPT_DONT_CANON,
+.I krb_sendauth
+will not convert the service's instance to canonical form using
+.IR krb_get_phost (3).
+
+If you want to call
+.I krb_sendauth
+with a multiple
+.I options
+specification,
+construct
+.I options
+as a bitwise-OR of the options you want to specify.
+
+.SH KRB_RECVAUTH
+.PP
+The
+.I krb_recvauth
+function
+reads a ticket/authenticator pair from the socket pointed to by the
+.I fd
+argument.
+Set the
+.I options
+argument
+as a bitwise-OR of the options desired.
+Currently only KOPT_DO_MUTUAL is useful to the receiver.
+
+The
+.I ktext
+argument
+should point to an allocated KTEXT_ST structure.
+.I Krb_recvauth
+fills
+.I ktext
+with the
+ticket/authenticator pair read from
+.IR fd ,
+then passes it to
+.IR krb_rd_req .
+
+The
+.I service
+and
+.I inst
+arguments
+specify the expected service and instance for which the ticket was
+generated. They are also passed to
+.IR krb_rd_req.
+The
+.I inst
+argument may be set to "*" if the caller wishes
+.I krb_mk_req
+to fill in the instance used (note that there must be space in the
+.I inst
+argument to hold a full instance name, see
+.IR krb_mk_req (3)).
+
+The
+.I faddr
+argument
+should point to the address of the peer which is presenting the ticket.
+It is also passed to
+.IR krb_rd_req .
+
+If the client and server plan to mutually authenticate
+one another,
+the
+.I laddr
+argument
+should point to the local address of the file descriptor.
+Otherwise you can set this argument to NULL.
+
+The
+.I auth_data
+argument
+should point to an allocated AUTH_DAT area.
+It is passed to and filled in by
+.IR krb_rd_req .
+The checksum passed to the corresponding
+.I krb_sendauth
+is available as part of the filled-in AUTH_DAT area.
+
+The
+.I filename
+argument
+specifies the filename
+which the service program should use to obtain its service key.
+.I Krb_recvauth
+passes
+.I filename
+to the
+.I krb_rd_req
+function.
+If you set this argument to "",
+.I krb_rd_req
+looks for the service key in the file
+.IR /etc/srvtab.
+
+If the client and server are performing mutual authenication,
+the
+.I schedule
+argument
+should point to an allocated Key_schedule.
+Otherwise it is ignored and may be NULL.
+
+The
+.I version
+argument should point to a character array of at least KSEND_VNO_LEN
+characters. It is filled in with the version string passed by the client to
+.IR krb_sendauth.
+.PP
+.SH KRB_NET_WRITE AND KRB_NET_READ
+.PP
+The
+.I krb_net_write
+function
+emulates the write(2) system call, but guarantees that all data
+specified is written to
+.I fd
+before returning, unless an error condition occurs.
+.PP
+The
+.I krb_net_read
+function
+emulates the read(2) system call, but guarantees that the requested
+amount of data is read from
+.I fd
+before returning, unless an error condition occurs.
+.PP
+.SH BUGS
+.IR krb_sendauth,
+.IR krb_recvauth,
+.IR krb_net_write,
+and
+.IR krb_net_read
+will not work properly on sockets set to non-blocking I/O mode.
+
+.SH SEE ALSO
+
+krb_mk_req(3), krb_rd_req(3), krb_get_phost(3)
+
+.SH AUTHOR
+John T. Kohl, MIT Project Athena
+.SH RESTRICTIONS
+Copyright 1988, Massachusetts Instititute of Technology.
+For copying and distribution information,
+please see the file <mit-copyright.h>.
diff --git a/crypto/kerberosIV/man/krb_set_tkt_string.3 b/crypto/kerberosIV/man/krb_set_tkt_string.3
new file mode 100644
index 0000000..9d94143
--- /dev/null
+++ b/crypto/kerberosIV/man/krb_set_tkt_string.3
@@ -0,0 +1,42 @@
+.\" $Id: krb_set_tkt_string.3,v 1.2 1996/06/12 21:29:24 bg Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KRB_SET_TKT_STRING 3 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+krb_set_tkt_string \- set Kerberos ticket cache file name
+.SH SYNOPSIS
+.nf
+.nj
+.ft B
+#include <krb.h>
+.PP
+.ft B
+void krb_set_tkt_string(filename)
+char *filename;
+.fi
+.ft R
+.SH DESCRIPTION
+.I krb_set_tkt_string
+sets the name of the file that holds the user's
+cache of Kerberos server tickets and associated session keys.
+.PP
+The string
+.I filename
+passed in is copied into local storage.
+Only MAXPATHLEN-1 (see <sys/param.h>) characters of the filename are
+copied in for use as the cache file name.
+.PP
+This routine should be called during initialization, before other
+Kerberos routines are called; otherwise the routines which fetch the
+ticket cache file name may be called and return an undesired ticket file
+name until this routine is called.
+.SH FILES
+.TP 20n
+/tmp/tkt[uid]
+default ticket file name, unless the environment variable KRBTKFILE is set.
+[uid] denotes the user's uid, in decimal.
+.SH SEE ALSO
+kerberos(3), setenv(3)
diff --git a/crypto/kerberosIV/man/ksrvtgt.1 b/crypto/kerberosIV/man/ksrvtgt.1
new file mode 100644
index 0000000..ff8563c
--- /dev/null
+++ b/crypto/kerberosIV/man/ksrvtgt.1
@@ -0,0 +1,50 @@
+.\" $Id: ksrvtgt.1,v 1.2 1996/06/12 21:29:26 bg Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KSRVTGT 1 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+ksrvtgt \- fetch and store Kerberos ticket-granting-ticket using a
+service key
+.SH SYNOPSIS
+.B ksrvtgt
+name instance [[realm] srvtab]
+.SH DESCRIPTION
+.I ksrvtgt
+retrieves a ticket-granting ticket with a lifetime of five (5) minutes
+for the principal
+.I name.instance@realm
+(or
+.I name.instance@localrealm
+if
+.I realm
+is not supplied on the command line), decrypts the response using
+the service key found in
+.I srvtab
+(or in
+.B /etc/srvtab
+if
+.I srvtab
+is not specified on the command line), and stores the ticket in the
+standard ticket cache.
+.PP
+This command is intended primarily for use in shell scripts and other
+batch-type facilities.
+.SH DIAGNOSTICS
+"Generic kerberos failure (kfailure)" can indicate a whole range of
+problems, the most common of which is the inability to read the service
+key file.
+.SH FILES
+.TP 2i
+/etc/krb.conf
+to get the name of the local realm.
+.TP
+/tmp/tkt[uid]
+The default ticket file.
+.TP
+/etc/srvtab
+The default service key file.
+.SH SEE ALSO
+kerberos(1), kinit(1), kdestroy(1)
diff --git a/crypto/kerberosIV/man/ksrvutil.8 b/crypto/kerberosIV/man/ksrvutil.8
new file mode 100644
index 0000000..fdc99e6
--- /dev/null
+++ b/crypto/kerberosIV/man/ksrvutil.8
@@ -0,0 +1,104 @@
+.\" $Id: ksrvutil.8,v 1.3 1996/06/12 21:29:27 bg Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.Dd May 4, 1996
+.Dt KSRVUTIL 8
+.Os KTH-KRB
+
+.Sh NAME
+.Nm ksrvutil
+host kerberos keyfile (srvtab) manipulation utility
+.Sh SYNOPSIS
+.Nm
+.Op Fl f Pa keyfile
+.Op Fl i
+.Op Fl k
+.Op Fl p Ar principal
+.Op Fl r Ar realm
+.Ar operation
+
+.Sh DESCRIPTION
+.Nm
+allows a system manager to list or change keys currently in his
+keyfile or to add new keys to the keyfile.
+.Pp
+Operation must be one of the following:
+.Bl -tag -width indent
+.It list
+lists the keys in a keyfile showing version number and principal name.
+If the
+.Fl k
+option is given, keys will also be shown.
+.It change
+changes all the keys in the keyfile by using the regular admin
+protocol. If the
+.Fl i
+flag is given,
+.Nm ksrvutil
+will prompt for yes or no before changing each key. If the
+.Fl k
+option is used, the old and new keys will be displayed.
+.It add
+allows the user to add a key.
+add
+prompts for name, instance, realm, and key version number, asks
+for confirmation, and then asks for a password.
+.Nm
+then converts the password to a key and appends the keyfile with the
+new information. If the
+.Fl k
+option is used, the key is displayed.
+.It get
+gets a service from the Kerberos server, possibly creating the
+principal. Names, instances and realms for the service keys to get are
+prompted for. The default principal used in the kadmin transcation is
+your root instance. This can be changed with the
+.Fl p
+option.
+.El
+.Pp
+In all cases, the default file used is KEY_FILE as defined in krb.h
+unless this is overridden by the
+.Fl f
+option.
+.Pp
+A good use for
+.Nm
+would be for adding keys to a keyfile. A system manager could
+ask a kerberos administrator to create a new service key with
+.Xr kadmin 8
+and could supply an initial password. Then, he could use
+.Nm
+to add the key to the keyfile and then to change the key so that it
+will be random and unknown to either the system manager or the
+kerberos administrator.
+
+.Nm
+always makes a backup copy of the keyfile before making any changes.
+
+.Sh DIAGNOSTICS
+If
+.Nm
+should exit on an error condition at any time during a change or add,
+a copy of the original keyfile can be found in
+.Pa filename Ns .old
+where
+.Pa filename
+is the name of the keyfile, and a copy of the file with all new
+keys changed or added so far can be found in
+.Pa filename Ns .work.
+The original keyfile is left unmodified until the program exits at
+which point it is removed and replaced it with the workfile.
+Appending the workfile to the backup copy and replacing the keyfile
+with the result should always give a usable keyfile, although the
+resulting keyfile will have some out of date keys in it.
+
+.Sh SEE ALSO
+.Xr kadmin 8 ,
+.Xr ksrvtgt 1
+
+.Sh AUTHOR
+Emanuel Jay Berkenbilt, MIT Project Athena
diff --git a/crypto/kerberosIV/man/kstash.8 b/crypto/kerberosIV/man/kstash.8
new file mode 100644
index 0000000..0197a3d
--- /dev/null
+++ b/crypto/kerberosIV/man/kstash.8
@@ -0,0 +1,40 @@
+.\" $Id: kstash.8,v 1.3 1997/04/02 21:09:56 assar Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KSTASH 8 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+kstash \- stash Kerberos key distribution center database master key
+.SH SYNOPSIS
+kstash
+.SH DESCRIPTION
+.I kstash
+saves the Kerberos key distribution center (KDC) database master key in
+the master key cache file.
+.PP
+The user is prompted to enter the key, to verify the authenticity of the
+key and the authorization to store the key in the file.
+.SH DIAGNOSTICS
+.TP 20n
+"verify_master_key: Invalid master key, does not match database."
+The master key string entered was incorrect.
+.TP
+"kstash: Unable to open master key file"
+The attempt to open the cache file for writing failed (probably due to a
+system or access permission error).
+.TP
+"kstash: Write I/O error on master key file"
+The
+.BR write (2)
+system call returned an error while
+.I kstash
+was attempting to write the key to the file.
+.SH FILES
+.TP 20n
+/var/kerberos/principal.pag, /var/kerberos/principal.dir
+DBM files containing database
+.TP
+/.k
+Master key cache file.
diff --git a/crypto/kerberosIV/man/kuserok.3 b/crypto/kerberosIV/man/kuserok.3
new file mode 100644
index 0000000..0987308
--- /dev/null
+++ b/crypto/kerberosIV/man/kuserok.3
@@ -0,0 +1,66 @@
+.\" $Id: kuserok.3,v 1.3 1996/10/13 17:51:18 bg Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KUSEROK 3 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+kuserok \- Kerberos version of ruserok
+.SH SYNOPSIS
+.nf
+.nj
+.ft B
+#include <krb.h>
+.PP
+.ft B
+kuserok(kdata, localuser)
+AUTH_DAT *auth_data;
+char *localuser;
+.fi
+.ft R
+.SH DESCRIPTION
+.I kuserok
+determines whether a Kerberos principal described by the structure
+.I auth_data
+is authorized to login as user
+.I localuser
+according to the authorization file
+("~\fIlocaluser\fR/.klogin" by default). It returns 0 (zero) if authorized,
+1 (one) if not authorized.
+.PP
+If there is no account for
+.I localuser
+on the local machine, authorization is not granted.
+If there is no authorization file, and the Kerberos principal described
+by
+.I auth_data
+translates to
+.I localuser
+(using
+.IR krb_kntoln (3)),
+authorization is granted.
+If the authorization file
+can't be accessed, or the file is not owned by
+.IR localuser,
+authorization is denied. Otherwise, the file is searched for
+a matching principal name, instance, and realm. If a match is found,
+authorization is granted, else authorization is denied.
+.PP
+The file entries are in the format:
+.nf
+.in +5n
+ name.instance@realm
+.in -5n
+.fi
+with one entry per line.
+
+For convenience ~localuser@LOCALREALM is
+always considered to be an entry in the file even when there is no
+file or the file is unreadable.
+.SH SEE ALSO
+kerberos(3), ruserok(3), krb_kntoln(3)
+.SH FILES
+.TP 20n
+~\fIlocaluser\fR/.klogin
+authorization list
diff --git a/crypto/kerberosIV/man/tf_util.3 b/crypto/kerberosIV/man/tf_util.3
new file mode 100644
index 0000000..3f98321
--- /dev/null
+++ b/crypto/kerberosIV/man/tf_util.3
@@ -0,0 +1,150 @@
+.\" $Id: tf_util.3,v 1.2 1996/06/12 21:29:29 bg Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH TF_UTIL 3 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+tf_init, tf_get_pname, tf_get_pinst, tf_get_cred, tf_close \
+\- Routines for manipulating a Kerberos ticket file
+.SH SYNOPSIS
+.nf
+.nj
+.ft B
+#include <krb.h>
+.PP
+.ft B
+extern char *krb_err_txt[];
+.PP
+.ft B
+tf_init(tf_name, rw)
+char *tf_name;
+int rw;
+.PP
+.ft B
+tf_get_pname(pname)
+char *pname;
+.PP
+.ft B
+tf_get_pinst(pinst)
+char *pinst;
+.PP
+.ft B
+tf_get_cred(c)
+CREDENTIALS *c;
+.PP
+.ft B
+tf_close()
+.PP
+.fi
+.SH DESCRIPTION
+This group of routines are provided to manipulate the Kerberos tickets
+file. A ticket file has the following format:
+.nf
+.in +4
+.sp
+principal's name (null-terminated string)
+principal's instance (null-terminated string)
+CREDENTIAL_1
+CREDENTIAL_2
+ ...
+CREDENTIAL_n
+EOF
+.sp
+.in -4
+.LP
+Where "CREDENTIAL_x" consists of the following fixed-length
+fields from the CREDENTIALS structure (defined in <krb.h>):
+.nf
+.sp
+.in +4
+ char service[ANAME_SZ]
+ char instance[INST_SZ]
+ char realm[REALM_SZ]
+ des_cblock session
+ int lifetime
+ int kvno
+ KTEXT_ST ticket_st
+ long issue_date
+.in -4
+.sp
+.fi
+.PP
+.I tf_init
+must be called before the other ticket file
+routines.
+It takes the name of the ticket file to use,
+and a read/write flag as arguments.
+It tries to open the ticket file, checks the mode and if
+everything is okay, locks the file. If it's opened for
+reading, the lock is shared. If it's opened for writing,
+the lock is exclusive.
+KSUCCESS is returned if all went well, otherwise one of the
+following:
+.nf
+.sp
+NO_TKT_FIL - file wasn't there
+TKT_FIL_ACC - file was in wrong mode, etc.
+TKT_FIL_LCK - couldn't lock the file, even after a retry
+.sp
+.fi
+.PP
+The
+.I tf_get_pname
+reads the principal's name from a ticket file.
+It should only be called after tf_init has been called. The
+principal's name is filled into the
+.I pname
+parameter. If all goes
+well, KSUCCESS is returned.
+If tf_init wasn't called, TKT_FIL_INI
+is returned.
+If the principal's name was null, or EOF was encountered, or the
+name was longer than ANAME_SZ, TKT_FIL_FMT is returned.
+.PP
+The
+.I tf_get_pinst
+reads the principal's instance from a ticket file.
+It should only be called after tf_init and tf_get_pname
+have been called.
+The principal's instance is filled into the
+.I pinst
+parameter.
+If all goes
+well, KSUCCESS is returned.
+If tf_init wasn't called, TKT_FIL_INI
+is returned.
+If EOF was encountered, or the
+name was longer than INST_SZ, TKT_FIL_FMT is returned.
+Note that, unlike the principal name, the instance name may be null.
+.PP
+The
+.I tf_get_cred
+routine reads a CREDENTIALS record from a ticket file and
+fills in the given structure.
+It should only be called after
+tf_init, tf_get_pname, and tf_get_pinst have been called.
+If all goes well, KSUCCESS is returned. Possible error codes
+are:
+.nf
+.sp
+TKT_FIL_INI - tf_init wasn't called first
+TKT_FIL_FMT - bad format
+EOF - end of file encountered
+.sp
+.fi
+.PP
+.I tf_close
+closes the ticket file and releases the lock on it.
+.SH "SEE ALSO"
+krb(3)
+.SH DIAGNOSTICS
+.SH BUGS
+The ticket file routines have to be called in a certain order.
+.SH AUTHORS
+Jennifer Steiner, MIT Project Athena
+.br
+Bill Bryant, MIT Project Athena
+.SH RESTRICTIONS
+Copyright 1987 Massachusetts Institute of Technology
diff --git a/crypto/kerberosIV/mkinstalldirs b/crypto/kerberosIV/mkinstalldirs
new file mode 100644
index 0000000..1c13a50
--- /dev/null
+++ b/crypto/kerberosIV/mkinstalldirs
@@ -0,0 +1,40 @@
+#! /bin/sh
+# mkinstalldirs --- make directory hierarchy
+# Author: Noah Friedman <friedman@prep.ai.mit.edu>
+# Created: 1993-05-16
+# Public domain
+
+# $Id: mkinstalldirs,v 1.1 1996/06/27 01:12:51 joda Exp $
+
+errstatus=0
+
+for file
+do
+ set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'`
+ shift
+
+ pathcomp=
+ for d
+ do
+ pathcomp="$pathcomp$d"
+ case "$pathcomp" in
+ -* ) pathcomp=./$pathcomp ;;
+ esac
+
+ if test ! -d "$pathcomp"; then
+ echo "mkdir $pathcomp" 1>&2
+
+ mkdir "$pathcomp" || lasterr=$?
+
+ if test ! -d "$pathcomp"; then
+ errstatus=$lasterr
+ fi
+ fi
+
+ pathcomp="$pathcomp/"
+ done
+done
+
+exit $errstatus
+
+# mkinstalldirs ends here
diff --git a/crypto/kerberosIV/server/Makefile.in b/crypto/kerberosIV/server/Makefile.in
new file mode 100644
index 0000000..64e7eb1
--- /dev/null
+++ b/crypto/kerberosIV/server/Makefile.in
@@ -0,0 +1,79 @@
+# $Id: Makefile.in,v 1.24 1997/05/02 17:52:00 assar Exp $
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+CC = @CC@
+AR = ar
+RANLIB = @RANLIB@
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@
+LD_FLAGS = @LD_FLAGS@
+
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+LIBS = @LIBS@
+LIB_DBM = @LIB_DBM@
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+libexecdir = @libexecdir@
+transform=@program_transform_name@
+EXECSUFFIX=@EXECSUFFIX@
+
+PROGS = kerberos$(EXECSUFFIX)
+
+SOURCES = kerberos.c
+
+OBJECTS = kerberos.o
+
+all: $(PROGS)
+
+Wall:
+ make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+ $(CC) -c $(CPPFLAGS) $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $<
+
+install: all
+ $(MKINSTALLDIRS) $(libexecdir)
+ for x in $(PROGS); do \
+ $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x | sed '$(transform)'`; \
+ done
+
+uninstall:
+ for x in $(PROGS); do \
+ rm -f $(libexecdir)/`echo $$x | sed '$(transform)'`; \
+ done
+
+TAGS: $(SOURCES)
+ etags $(SOURCES)
+
+check:
+
+clean:
+ rm -f *.a *.o $(PROGS)
+
+mostlyclean: clean
+
+distclean: clean
+ rm -f Makefile *.tab.c *~
+
+realclean: distclean
+ rm -f TAGS
+
+dist: $(DISTFILES)
+ for file in $(DISTFILES); do \
+ ln $$file ../`cat ../.fname`/lib \
+ || cp -p $$file ../`cat ../.fname`/lib; \
+ done
+
+kerberos$(EXECSUFFIX): kerberos.o
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kerberos.o -L../lib/kdb -lkdb -L../lib/krb -lkrb -L../lib/des -ldes -L../lib/roken -lroken $(LIB_DBM) $(LIBS) -lroken
+
+$(OBJECTS): ../include/config.h
diff --git a/crypto/kerberosIV/server/kerberos.c b/crypto/kerberosIV/server/kerberos.c
new file mode 100644
index 0000000..405e48d
--- /dev/null
+++ b/crypto/kerberosIV/server/kerberos.c
@@ -0,0 +1,846 @@
+/*
+ * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
+ * of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ */
+
+#include "config.h"
+#include "protos.h"
+
+RCSID("$Id: kerberos.c,v 1.64 1997/05/20 18:40:46 bg Exp $");
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+
+#include <errno.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4
+#include <sys/ioctl.h>
+#endif
+#ifdef HAVE_SYS_FILIO_H
+#include <sys/filio.h>
+#endif /* HAVE_SYS_FILIO_H */
+
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#include <err.h>
+
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+#include <roken.h>
+
+#include <des.h>
+#include <krb.h>
+#include <krb_db.h>
+#include <prot.h>
+#include <klog.h>
+
+#include <kdc.h>
+
+static des_key_schedule master_key_schedule;
+static des_cblock master_key;
+
+static struct timeval kerb_time;
+static u_char master_key_version;
+static char k_instance[INST_SZ];
+static char *lt;
+static int more;
+
+static int mflag; /* Are we invoked manually? */
+static char *log_file; /* name of alt. log file */
+static int nflag; /* don't check max age */
+static int rflag; /* alternate realm specified */
+
+/* fields within the received request packet */
+static char *req_name_ptr;
+static char *req_inst_ptr;
+static char *req_realm_ptr;
+static u_int32_t req_time_ws;
+
+static char local_realm[REALM_SZ];
+
+/* options */
+static int max_age = -1;
+static int pause_int = -1;
+
+/*
+ * Print usage message and exit.
+ */
+static void
+usage(void)
+{
+ fprintf(stderr, "Usage: %s [-s] [-m] [-n] [-p pause_seconds]"
+ " [-a max_age] [-l log_file] [-r realm] [database_pathname]\n",
+ __progname);
+ exit(1);
+}
+
+/*
+ * kerb_err_reply creates an error reply packet and sends it to the
+ * client.
+ */
+
+static void
+kerb_err_reply(int f, struct sockaddr_in *client, int err, char *string)
+{
+ static KTEXT_ST e_pkt_st;
+ KTEXT e_pkt = &e_pkt_st;
+ static char e_msg[128];
+
+ strcpy(e_msg, "\nKerberos error -- ");
+ strcat(e_msg, string);
+ cr_err_reply(e_pkt, req_name_ptr, req_inst_ptr, req_realm_ptr,
+ req_time_ws, err, e_msg);
+ sendto(f, (char*)e_pkt->dat, e_pkt->length, 0, (struct sockaddr *)client,
+ sizeof(*client));
+}
+
+static void
+hang(void)
+{
+ if (pause_int == -1) {
+ klog(L_KRB_PERR, "Kerberos will pause so as not to loop init");
+ for (;;)
+ pause();
+ } else {
+ char buf[256];
+ snprintf(buf, sizeof(buf),
+ "Kerberos will wait %d seconds before dying so as not to loop init",
+ pause_int);
+ klog(L_KRB_PERR, buf);
+ sleep(pause_int);
+ klog(L_KRB_PERR, "Do svedania....\n");
+ exit(1);
+ }
+}
+
+static int
+check_princ(char *p_name, char *instance, unsigned int lifetime, Principal *p)
+{
+ static int n;
+ static int more;
+
+ n = kerb_get_principal(p_name, instance, p, 1, &more);
+
+ if (n < 0) {
+ lt = klog(L_KRB_PERR, "Database unavailable!");
+ hang();
+ }
+
+ /*
+ * if more than one p_name, pick one, randomly create a session key,
+ * compute maximum lifetime, lookup authorizations if applicable,
+ * and stuff into cipher.
+ */
+ if (n == 0) {
+ /* service unknown, log error, skip to next request */
+ lt = klog(L_ERR_UNK, "UNKNOWN %s.%s", p_name, instance);
+ return KERB_ERR_PRINCIPAL_UNKNOWN;
+ }
+ if (more) {
+ /* not unique, log error */
+ lt = klog(L_ERR_NUN, "Principal not unique %s.%s", p_name, instance);
+ return KERB_ERR_PRINCIPAL_NOT_UNIQUE;
+ }
+ /* If the user's key is null, we want to return an error */
+ if ((p->key_low == 0) && (p->key_high == 0)) {
+ /* User has a null key */
+ lt = klog(L_ERR_NKY, "Null key %s.%s", p_name, instance);
+ return KERB_ERR_NULL_KEY;
+ }
+ if (master_key_version != p->kdc_key_ver) {
+ /* log error reply */
+ lt = klog(L_ERR_MKV,
+ "Incorrect master key version for %s.%s: %d (should be %d)",
+ p->name, p->instance, p->kdc_key_ver, master_key_version);
+ return KERB_ERR_NAME_MAST_KEY_VER;
+ }
+ /* make sure the service hasn't expired */
+ if ((u_int32_t) p->exp_date < (u_int32_t) kerb_time.tv_sec) {
+ /* service did expire, log it */
+ time_t t = p->exp_date;
+ lt = klog(L_ERR_SEXP,
+ "Principal %s.%s expired at %s", p->name, p->instance,
+ krb_stime(&t));
+ return KERB_ERR_NAME_EXP;
+ }
+ /* ok is zero */
+ return 0;
+}
+
+static void
+unseal(des_cblock *key)
+{
+ kdb_encrypt_key(key, key, &master_key, master_key_schedule, DES_DECRYPT);
+}
+
+
+/* Set the key for krb_rd_req so we can check tgt */
+static int
+set_tgtkey(char *r)
+ /* Realm for desired key */
+{
+ int n;
+ static char lastrealm[REALM_SZ];
+ Principal p_st;
+ Principal *p = &p_st;
+ des_cblock key;
+
+ if (!strcmp(lastrealm, r))
+ return (KSUCCESS);
+
+ klog(L_ALL_REQ, "Getting key for %s", r);
+
+ n = kerb_get_principal(KRB_TICKET_GRANTING_TICKET, r, p, 1, &more);
+ if (n == 0)
+ return (KFAILURE);
+
+ /* unseal tgt key from master key */
+ copy_to_key(&p->key_low, &p->key_high, key);
+ unseal(&key);
+ krb_set_key(key, 0);
+ strcpy(lastrealm, r);
+ return (KSUCCESS);
+}
+
+
+static int
+kerberos(unsigned char *buf, int len, struct in_addr client, KTEXT rpkt)
+{
+ int pvno;
+ int msg_type;
+ int lsb;
+ int life;
+ int flags = 0;
+ char name[ANAME_SZ], inst[INST_SZ], realm[REALM_SZ];
+ char service[SNAME_SZ], sinst[INST_SZ];
+ u_int32_t req_time;
+ static KTEXT_ST ticket, cipher, adat;
+ KTEXT tk = &ticket, ciph = &cipher, auth = &adat;
+ AUTH_DAT ad;
+ des_cblock session, key;
+ int err;
+ Principal a_name, s_name;
+
+ char *msg;
+
+
+ unsigned char *p = buf;
+ if(len < 2){
+ strcpy((char*)rpkt->dat, "Packet too short");
+ return KFAILURE;
+ }
+
+ gettimeofday(&kerb_time, NULL);
+
+ pvno = *p++;
+ if(pvno != KRB_PROT_VERSION){
+ msg = klog(L_KRB_PERR, "KRB protocol version mismatch (%d)", pvno);
+ strcpy((char*)rpkt->dat, msg);
+ return KERB_ERR_PKT_VER;
+ }
+ msg_type = *p++;
+ lsb = msg_type & 1;
+ msg_type &= ~1;
+ switch(msg_type){
+ case AUTH_MSG_KDC_REQUEST:
+ /* XXX range check */
+ p += krb_get_nir(p, name, inst, realm);
+ p += krb_get_int(p, &req_time, 4, lsb);
+ life = *p++;
+ p += krb_get_nir(p, service, sinst, NULL);
+ klog(L_INI_REQ, "AS REQ %s.%s@%s for %s.%s from %s",
+ name, inst, realm, service, sinst, inet_ntoa(client));
+ if((err = check_princ(name, inst, 0, &a_name))){
+ strcpy((char*)rpkt->dat, krb_get_err_text(err));
+ return err;
+ }
+ tk->length = 0;
+ if((err = check_princ(service, sinst, 0, &s_name))){
+ strcpy((char*)rpkt->dat, krb_get_err_text(err));
+ return err;
+ }
+ life = min(life, s_name.max_life);
+ life = min(life, a_name.max_life);
+
+ des_new_random_key(&session);
+ copy_to_key(&s_name.key_low, &s_name.key_high, key);
+ unseal(&key);
+ krb_create_ticket(tk, flags, a_name.name, a_name.instance,
+ local_realm, client.s_addr, session,
+ life, kerb_time.tv_sec,
+ s_name.name, s_name.instance, &key);
+ copy_to_key(&a_name.key_low, &a_name.key_high, key);
+ unseal(&key);
+ create_ciph(ciph, session, s_name.name, s_name.instance,
+ local_realm, life, s_name.key_version, tk,
+ kerb_time.tv_sec, &key);
+ memset(&session, 0, sizeof(session));
+ memset(&key, 0, sizeof(key));
+ {
+ KTEXT r;
+ r = create_auth_reply(name, inst, realm, req_time, 0,
+ a_name.exp_date, a_name.key_version, ciph);
+ memcpy(rpkt, r, sizeof(*rpkt));
+ }
+ return 0;
+ case AUTH_MSG_APPL_REQUEST:
+ strcpy(realm, (char*)buf + 3);
+ if((err = set_tgtkey(realm))){
+ msg = klog(L_ERR_UNK, "Unknown realm %s from %s",
+ realm, inet_ntoa(client));
+ strcpy((char*)rpkt->dat, msg);
+ return err;
+ }
+ p = buf + strlen(realm) + 4;
+ p = p + p[0] + p[1] + 2;
+ auth->length = p - buf;
+ memcpy(auth->dat, buf, auth->length);
+ err = krb_rd_req(auth, KRB_TICKET_GRANTING_TICKET,
+ realm, client.s_addr, &ad, 0);
+ if(err){
+ msg = klog(L_ERR_UNK, "krb_rd_req from %s: %s",
+ inet_ntoa(client), krb_get_err_text(err));
+ strcpy((char*)rpkt->dat, msg);
+ return err;
+ }
+ p += krb_get_int(p, &req_time, 4, lsb);
+ life = *p++;
+ p += krb_get_nir(p, service, sinst, NULL);
+ klog(L_APPL_REQ, "APPL REQ %s.%s@%s for %s.%s from %s",
+ ad.pname, ad.pinst, ad.prealm,
+ service, sinst,
+ inet_ntoa(client));
+ if(strcmp(ad.prealm, realm)){
+ msg = klog(L_ERR_UNK, "Can't hop realms: %s -> %s",
+ realm, ad.prealm);
+ strcpy((char*)rpkt->dat, msg);
+ return KERB_ERR_PRINCIPAL_UNKNOWN;
+ }
+
+ if(!strcmp(service, "changepw")){
+ strcpy((char*)rpkt->dat,
+ "Can't authorize password changed based on TGT");
+ return KERB_ERR_PRINCIPAL_UNKNOWN;
+ }
+
+ err = check_princ(service, sinst, life, &s_name);
+ if(err){
+ strcpy((char*)rpkt->dat, krb_get_err_text(err));
+ return err;
+ }
+ life = min(life,
+ krb_time_to_life(kerb_time.tv_sec,
+ krb_life_to_time(ad.time_sec,
+ ad.life)));
+ life = min(life, s_name.max_life);
+ copy_to_key(&s_name.key_low, &s_name.key_high, key);
+ unseal(&key);
+ des_new_random_key(&session);
+ krb_create_ticket(tk, flags, ad.pname, ad.pinst, ad.prealm,
+ client.s_addr, &session, life, kerb_time.tv_sec,
+ s_name.name, s_name.instance,
+ &key);
+
+ memset(&key, 0, sizeof(key));
+
+ create_ciph(ciph, session, service, sinst, local_realm,
+ life, s_name.key_version, tk,
+ kerb_time.tv_sec, &ad.session);
+
+ memset(&session, 0, sizeof(session));
+ memset(ad.session, 0, sizeof(ad.session));
+ {
+ KTEXT r;
+ r =create_auth_reply(ad.pname, ad.pinst, ad.prealm,
+ req_time, 0, 0, 0, ciph);
+ memcpy(rpkt, r, sizeof(*rpkt));
+ }
+ memset(&s_name, 0, sizeof(s_name));
+ return 0;
+
+ case AUTH_MSG_ERR_REPLY:
+ return -1;
+ default:
+ msg = klog(L_KRB_PERR, "Unknown message type: %d from %s",
+ msg_type, inet_ntoa(client));
+ strcpy((char*)rpkt->dat, msg);
+ return KFAILURE;
+ }
+}
+
+
+static void
+kerberos_wrap(int s, KTEXT data, struct sockaddr_in *client)
+{
+ KTEXT_ST pkt;
+ int err = kerberos(data->dat, data->length, client->sin_addr, &pkt);
+ if(err == -1)
+ return;
+ if(err){
+ kerb_err_reply(s, client, err, (char*)pkt.dat);
+ return;
+ }
+ sendto(s, pkt.dat, pkt.length, 0, (struct sockaddr *)client,
+ sizeof(*client));
+}
+
+
+/*
+ * setup_disc
+ *
+ * disconnect all descriptors, remove ourself from the process
+ * group that spawned us.
+ */
+
+static void
+setup_disc(void)
+{
+ int s;
+
+ for (s = 0; s < 3; s++) {
+ close(s);
+ }
+
+ open("/dev/null", 0);
+ dup2(0, 1);
+ dup2(0, 2);
+
+ setsid();
+
+ chdir("/tmp");
+ return;
+}
+
+/*
+ * Make sure that database isn't stale.
+ *
+ * Exit if it is; we don't want to tell lies.
+ */
+
+static void
+check_db_age(void)
+{
+ long age;
+
+ if (max_age != -1) {
+ /* Requires existance of kerb_get_db_age() */
+ gettimeofday(&kerb_time, 0);
+ age = kerb_get_db_age();
+ if (age == 0) {
+ klog(L_KRB_PERR, "Database currently being updated!");
+ hang();
+ }
+ if ((age + max_age) < kerb_time.tv_sec) {
+ klog(L_KRB_PERR, "Database out of date!");
+ hang();
+ /* NOTREACHED */
+ }
+ }
+}
+
+struct descr{
+ int s;
+ KTEXT_ST buf;
+ int type;
+ int timeout;
+};
+
+static void
+mksocket(struct descr *d, struct in_addr addr, int type,
+ const char *service, int port)
+{
+ struct sockaddr_in sina;
+ int on = 1;
+ int sock;
+
+ memset(d, 0, sizeof(struct descr));
+ if ((sock = socket(AF_INET, type, 0)) < 0)
+ err (1, "socket");
+#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT)
+ if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on,
+ sizeof(on)) < 0)
+ warn ("setsockopt (SO_REUSEADDR)");
+#endif
+ memset(&sina, 0, sizeof(sina));
+ sina.sin_family = AF_INET;
+ sina.sin_port = port;
+ sina.sin_addr = addr;
+ if (bind(sock, (struct sockaddr *)&sina, sizeof(sina)) < 0)
+ err (1, "bind '%s/%s' (%d)",
+ service, (type == SOCK_DGRAM) ? "udp" : "tcp",
+ ntohs(sina.sin_port));
+
+ if(type == SOCK_STREAM)
+ listen(sock, SOMAXCONN);
+ d->s = sock;
+ d->type = type;
+}
+
+
+static void loop(struct descr *fds, int maxfd);
+
+int
+main(int argc, char **argv)
+{
+ int child;
+ int c;
+ struct descr *fds;
+ int nfds;
+ int i;
+ int n;
+ int kerror;
+
+ umask(077); /* Create protected files */
+
+ set_progname (argv[0]);
+
+ while ((c = getopt(argc, argv, "snmp:a:l:r:")) != EOF) {
+ switch(c) {
+ case 's':
+ /*
+ * Set parameters to slave server defaults.
+ */
+ if (max_age == -1 && !nflag)
+ max_age = ONE_DAY; /* 24 hours */
+ if (pause_int == -1)
+ pause_int = FIVE_MINUTES; /* 5 minutes */
+#if 0
+ if (log_file == NULL) {
+ /* this is only silly */
+ log_file = KRBSLAVELOG;
+ }
+#endif
+ break;
+ case 'n':
+ max_age = -1; /* don't check max age. */
+ nflag++;
+ break;
+ case 'm':
+ mflag++; /* running manually; prompt for master key */
+ break;
+ case 'p':
+ /* Set pause interval. */
+ if (!isdigit(optarg[0]))
+ usage();
+ pause_int = atoi(optarg);
+ if ((pause_int < 5) || (pause_int > ONE_HOUR)) {
+ fprintf(stderr, "pause_int must be between 5 and 3600 seconds.\n");
+ usage();
+ }
+ break;
+ case 'a':
+ /* Set max age. */
+ if (!isdigit(optarg[0]))
+ usage();
+ max_age = atoi(optarg);
+ if ((max_age < ONE_HOUR) || (max_age > THREE_DAYS)) {
+ fprintf(stderr, "max_age must be between one hour and three days, in seconds\n");
+ usage();
+ }
+ break;
+ case 'l':
+ /* Set alternate log file */
+ log_file = optarg;
+ break;
+ case 'r':
+ /* Set realm name */
+ rflag++;
+ strcpy(local_realm, optarg);
+ break;
+ default:
+ usage();
+ break;
+ }
+ }
+
+ if(log_file == NULL)
+ log_file = KRBLOG;
+
+ if (optind == (argc-1)) {
+ if (kerb_db_set_name(argv[optind]) != 0) {
+ fprintf(stderr, "Could not set alternate database name\n");
+ exit(1);
+ }
+ optind++;
+ }
+
+ if (optind != argc)
+ usage();
+
+ printf("Kerberos server starting\n");
+
+ if ((!nflag) && (max_age != -1))
+ printf("\tMaximum database age: %d seconds\n", max_age);
+ if (pause_int != -1)
+ printf("\tSleep for %d seconds on error\n", pause_int);
+ else
+ printf("\tSleep forever on error\n");
+ if (mflag)
+ printf("\tMaster key will be entered manually\n");
+
+ printf("\tLog file is %s\n", log_file);
+
+ kset_logfile(log_file);
+
+ /* find our hostname, and use it as the instance */
+ if (k_gethostname(k_instance, INST_SZ))
+ err (1, "gethostname");
+
+ /*
+ * Yes this looks backwards but it has to be this way to enable a
+ * smooth migration to the new port 88.
+ */
+ {
+ int p1, p2;
+ struct in_addr *a;
+
+ p1 = k_getportbyname ("kerberos-iv", "udp", htons(750));
+ p2 = k_getportbyname ("kerberos-sec", "udp", htons(88));
+
+ if (p1 == p2)
+ {
+ fprintf(stderr, "Either define kerberos-iv/udp as 750\n");
+ fprintf(stderr, " and kerberos-sec/udp as 88\n");
+ fprintf(stderr, "or the other way around!");
+ exit(1);
+ }
+
+ nfds = k_get_all_addrs (&a);
+ if (nfds < 0) {
+ struct in_addr any;
+
+ any.s_addr = INADDR_ANY;
+
+ fprintf (stderr, "Could not get local addresses, "
+ "binding to INADDR_ANY\n");
+ nfds = 1;
+ a = malloc(sizeof(*a) * nfds);
+ memcpy(a, &any, sizeof(struct in_addr));
+ }
+ nfds *= 4;
+ fds = (struct descr*)malloc(nfds * sizeof(struct descr));
+ for (i = 0; i < nfds/4; i++) {
+ mksocket(fds + 4 * i + 0, a[i], SOCK_DGRAM, "kerberos-iv", p1);
+ mksocket(fds + 4 * i + 1, a[i], SOCK_DGRAM, "kerberos-sec", p2);
+ mksocket(fds + 4 * i + 2, a[i], SOCK_STREAM, "kerberos-iv", p1);
+ mksocket(fds + 4 * i + 3, a[i], SOCK_STREAM, "kerberos-sec", p2);
+ }
+ free (a);
+ }
+ /* do all the database and cache inits */
+ if ((n = kerb_init())) {
+ if (mflag) {
+ printf("Kerberos db and cache init ");
+ printf("failed = %d ...exiting\n", n);
+ exit (1);
+ } else {
+ klog(L_KRB_PERR,
+ "Kerberos db and cache init failed = %d ...exiting", n);
+ hang();
+ }
+ }
+
+ /* Make sure database isn't stale */
+ check_db_age();
+
+ /* setup master key */
+ if (kdb_get_master_key (mflag, &master_key, master_key_schedule) != 0) {
+ klog (L_KRB_PERR, "kerberos: couldn't get master key.\n");
+ exit (1);
+ }
+ kerror = kdb_verify_master_key (&master_key, master_key_schedule, stdout);
+ if (kerror < 0) {
+ klog (L_KRB_PERR, "Can't verify master key.");
+ memset(master_key, 0, sizeof (master_key));
+ memset (master_key_schedule, 0, sizeof (master_key_schedule));
+ exit (1);
+ }
+
+ master_key_version = (u_char) kerror;
+
+ fprintf(stdout, "\nCurrent Kerberos master key version is %d\n",
+ master_key_version);
+ des_init_random_number_generator(&master_key);
+
+ if (!rflag) {
+ /* Look up our local realm */
+ krb_get_lrealm(local_realm, 1);
+ }
+ fprintf(stdout, "Local realm: %s\n", local_realm);
+ fflush(stdout);
+
+ if (set_tgtkey(local_realm)) {
+ /* Ticket granting service unknown */
+ klog(L_KRB_PERR, "Ticket granting ticket service unknown");
+ fprintf(stderr, "Ticket granting ticket service unknown\n");
+ exit(1);
+ }
+ if (mflag) {
+ if ((child = fork()) != 0) {
+ printf("Kerberos started, PID=%d\n", child);
+ exit(0);
+ }
+ setup_disc();
+ }
+
+ klog(L_ALL_REQ, "Starting Kerberos for %s (kvno %d)",
+ local_realm, master_key_version);
+
+ /* receive loop */
+ loop(fds, nfds);
+ exit(1);
+}
+
+
+static void
+loop(struct descr *fds, int nfds)
+{
+ for (;;) {
+ int ret;
+ fd_set readfds;
+ struct timeval tv;
+ int maxfd = 0;
+ struct descr *n, *minfree;
+
+ FD_ZERO(&readfds);
+ gettimeofday(&tv, NULL);
+ maxfd = 0;
+ minfree = NULL;
+ /* Remove expired TCP sockets, and add all other
+ to the set we are selecting on */
+ for(n = fds; n < fds + nfds; n++){
+ if(n->s >= 0 && n->timeout && tv.tv_sec > n->timeout){
+ kerb_err_reply(n->s, NULL, KERB_ERR_TIMEOUT, "Timeout");
+ close(n->s);
+ n->s = -1;
+ }
+ if(n->s < 0){
+ if(minfree == NULL) minfree = n;
+ continue;
+ }
+ FD_SET(n->s, &readfds);
+ maxfd = max(maxfd, n->s);
+ }
+ /* add more space for sockets */
+ if(minfree == NULL){
+ int i = nfds;
+ struct descr *new;
+ nfds *=2;
+ new = realloc(fds, sizeof(struct descr) * nfds);
+ if(new){
+ fds = new;
+ minfree = fds + i;
+ for(; i < nfds; i++) fds[i].s = -1;
+ }
+ }
+ ret = select(maxfd + 1, &readfds, 0, 0, 0);
+ for (n = fds; n < fds + nfds; n++){
+ if(n->s < 0) continue;
+ if (FD_ISSET(n->s, &readfds)){
+ if(n->type == SOCK_STREAM && n->timeout == 0){
+ /* add accepted socket to list of sockets we are
+ selecting on */
+ int s = accept(n->s, NULL, 0);
+ if(minfree == NULL){
+ kerb_err_reply(s, NULL, KFAILURE, "Out of memory");
+ close(s);
+ }else{
+ minfree->s = s;
+ minfree->type = SOCK_STREAM;
+ gettimeofday(&tv, NULL);
+ minfree->timeout = tv.tv_sec + 4; /* XXX */
+ }
+ }else{
+ int b;
+ struct sockaddr_in from;
+ int fromlen = sizeof(from);
+ b = recvfrom(n->s, n->buf.dat + n->buf.length,
+ MAX_PKT_LEN - n->buf.length, 0,
+ (struct sockaddr *)&from, &fromlen);
+ if(b < 0){
+ if(n->type == SOCK_STREAM){
+ close(n->s);
+ n->s = -1;
+ }
+ n->buf.length = 0;
+ continue;
+ }
+ n->buf.length += b;
+ if(n->type == SOCK_STREAM){
+ if(n->buf.length >= 4 && n->buf.dat[0] == 0){
+ /* if this is a new type of packet (with
+ the length attached to the head of the
+ packet), and there is no more data to
+ be read, fake an old packet, so the
+ code below will work */
+ u_int32_t len;
+ krb_get_int(n->buf.dat, &len, 4, 0);
+ if(n->buf.length == len + 4){
+ memmove(n->buf.dat, n->buf.dat + 4, len);
+ b = 0;
+ }
+ }
+ if(b == 0){
+ /* handle request if there are
+ no more bytes to read */
+ fromlen = sizeof(from);
+ getpeername(n->s,(struct sockaddr*)&from, &fromlen);
+ kerberos_wrap(n->s, &n->buf, &from);
+ n->buf.length = 0;
+ close(n->s);
+ n->s = -1;
+ }
+ }else{
+ /* udp packets are atomic */
+ kerberos_wrap(n->s, &n->buf, &from);
+ n->buf.length = 0;
+ }
+ }
+ }
+ }
+ }
+}
diff --git a/crypto/kerberosIV/slave/Makefile.in b/crypto/kerberosIV/slave/Makefile.in
new file mode 100644
index 0000000..ce35546
--- /dev/null
+++ b/crypto/kerberosIV/slave/Makefile.in
@@ -0,0 +1,82 @@
+# $Id: Makefile.in,v 1.27 1997/05/04 04:16:28 assar Exp $
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+CC = @CC@
+AR = ar
+RANLIB = @RANLIB@
+DEFS = @DEFS@ -DSBINDIR=\"$(sbindir)\"
+CFLAGS = @CFLAGS@
+LD_FLAGS = @LD_FLAGS@
+
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+LIBS = @LIBS@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+libexecdir = @libexecdir@
+sbindir = @sbindir@
+transform=@program_transform_name@
+EXECSUFFIX=@EXECSUFFIX@
+
+PROGS = kpropd$(EXECSUFFIX) \
+ kprop$(EXECSUFFIX)
+
+SOURCES = kpropd.c kprop.c
+
+OBJECTS = kpropd.o kprop.o
+
+all: $(PROGS)
+
+Wall:
+ make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+ $(CC) -c $(CPPFLAGS) $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $<
+
+install: all
+ $(MKINSTALLDIRS) $(libexecdir)
+ for x in $(PROGS); do \
+ $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x | sed '$(transform)'`; \
+ done
+
+uninstall:
+ for x in $(PROGS); do \
+ rm -f $(libexecdir)/`echo $$x | sed '$(transform)'`; \
+ done
+
+TAGS: $(SOURCES)
+ etags $(SOURCES)
+
+check:
+
+clean:
+ rm -f *.a *.o $(PROGS)
+
+mostlyclean: clean
+
+distclean: clean
+ rm -f Makefile *.tab.c *~
+
+realclean: distclean
+ rm -f TAGS
+
+dist: $(DISTFILES)
+ for file in $(DISTFILES); do \
+ ln $$file ../`cat ../.fname`/lib \
+ || cp -p $$file ../`cat ../.fname`/lib; \
+ done
+
+kprop$(EXECSUFFIX): kprop.o
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kprop.o -L../lib/krb -lkrb -L../lib/des -ldes -L../lib/roken -lroken $(LIBS) -lroken
+
+kpropd$(EXECSUFFIX): kpropd.o
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kpropd.o -L../lib/krb -lkrb -L../lib/des -ldes -L../lib/roken -lroken $(LIBS) -lroken
+
+$(OBJECTS): ../include/config.h
diff --git a/crypto/kerberosIV/slave/kprop.c b/crypto/kerberosIV/slave/kprop.c
new file mode 100644
index 0000000..8901121
--- /dev/null
+++ b/crypto/kerberosIV/slave/kprop.c
@@ -0,0 +1,530 @@
+/*
+
+Copyright 1987, 1988 by the Student Information Processing Board
+ of the Massachusetts Institute of Technology
+
+Permission to use, copy, modify, and distribute this software
+and its documentation for any purpose and without fee is
+hereby granted, provided that the above copyright notice
+appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation,
+and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
+used in advertising or publicity pertaining to distribution
+of the software without specific, written prior permission.
+M.I.T. and the M.I.T. S.I.P.B. make no representations about
+the suitability of this software for any purpose. It is
+provided "as is" without express or implied warranty.
+
+*/
+
+#include "slav_locl.h"
+
+RCSID("$Id: kprop.c,v 1.29 1997/05/25 02:43:54 joda Exp $");
+
+#include "kprop.h"
+
+static char kprop_version[KPROP_PROT_VERSION_LEN] = KPROP_PROT_VERSION;
+
+int debug = 0;
+
+char my_realm[REALM_SZ];
+int princ_data_size = 3 * sizeof(int32_t) + 3 * sizeof(unsigned char);
+short transfer_mode, net_transfer_mode;
+int force_flag;
+static char ok[] = ".dump_ok";
+
+struct slave_host {
+ u_int32_t net_addr;
+ char *name;
+ char *instance;
+ char *realm;
+ int not_time_yet;
+ int succeeded;
+ struct slave_host *next;
+};
+
+static
+int get_slaves(struct slave_host **psl, char *file, time_t ok_mtime)
+{
+ FILE *fin;
+ char namebuf[128], *inst;
+ char *pc;
+ struct hostent *host;
+ struct slave_host **th;
+ char path[256];
+ char *ppath;
+ struct stat stbuf;
+
+ if ((fin = fopen(file, "r")) == NULL)
+ err (1, "open(%s)", file);
+ strcpy(path, file);
+ if ((ppath = strrchr(path, '/'))) {
+ ppath += 1;
+ } else {
+ ppath = path;
+ }
+ th = psl;
+ while(fgets(namebuf, sizeof(namebuf), fin)){
+ if ((pc = strchr(namebuf, '\n'))) {
+ *pc = '\0';
+ } else {
+ if(strlen(namebuf) == sizeof(namebuf) - 1){
+ warnx ("Hostname too long (>= %d chars) in '%s'.",
+ (int) sizeof(namebuf), file);
+ do{
+ if(fgets(namebuf, sizeof(namebuf), fin) == NULL)
+ break;
+ }while(strchr(namebuf, '\n') == NULL);
+ continue;
+ }
+ }
+ if(namebuf[0] == 0 || namebuf[0] == '#')
+ continue;
+ host = gethostbyname(namebuf);
+ if (host == NULL) {
+ warnx ("Ignoring host '%s' in '%s': %s",
+ namebuf, file,
+#ifdef HAVE_H_ERRNO
+ hstrerror(h_errno)
+#else
+ "unknown error"
+#endif
+ );
+ continue;
+ }
+ (*th) = (struct slave_host *) malloc(sizeof(struct slave_host));
+ if (!*th)
+ errx (1, "No memory reading host list from '%s'.",
+ file);
+ memset(*th, 0, sizeof(struct slave_host));
+ (*th)->name = strdup(namebuf);
+ if ((*th)->name == NULL)
+ errx (1, "No memory reading host list from '%s'.",
+ file);
+ /* get kerberos cannonical instance name */
+ inst = krb_get_phost ((*th)->name);
+ (*th)->instance = strdup(inst);
+ if ((*th)->instance == NULL)
+ errx (1, "No memory reading host list from '%s'.",
+ file);
+ /* what a concept, slave servers in different realms! */
+ (*th)->realm = my_realm;
+ memcpy(&(*th)->net_addr, host->h_addr, sizeof((*th)->net_addr));
+ (*th)->not_time_yet = 0;
+ (*th)->succeeded = 0;
+ (*th)->next = NULL;
+ strcat(strcpy(ppath, (*th)->name), "-last-prop");
+ if (!force_flag && !stat(path, &stbuf) && stbuf.st_mtime > ok_mtime) {
+ (*th)->not_time_yet = 1;
+ (*th)->succeeded = 1; /* no change since last success */
+ }
+ th = &(*th)->next;
+ }
+ fclose(fin);
+ return (1);
+}
+
+/* The master -> slave protocol looks like this:
+ 1) 8 byte version string
+ 2) 2 bytes of "transfer mode" (net byte order of course)
+ 3) ticket/authentication send by sendauth
+ 4) 4 bytes of "block" length (u_int32_t)
+ 5) data
+
+ 4 and 5 repeat til EOF ...
+*/
+
+static int
+prop_to_slaves(struct slave_host *sl, int fd, char *fslv)
+{
+ u_char buf[KPROP_BUFSIZ];
+ u_char obuf[KPROP_BUFSIZ + 64]; /* leave room for private msg overhead */
+ struct sockaddr_in sin, my_sin;
+ int i, n, s;
+ struct slave_host *cs; /* current slave */
+ char path[256], my_host_name[MaxHostNameLen], *p_my_host_name;
+ char kprop_service_instance[INST_SZ];
+ char *pc;
+ u_int32_t cksum;
+ u_int32_t length, nlength;
+ long kerror;
+ KTEXT_ST ticket;
+ CREDENTIALS cred;
+ MSG_DAT msg_dat;
+ static char tkstring[] = "/tmp/kproptktXXXXXX";
+
+ des_key_schedule session_sched;
+
+ close(mkstemp(tkstring));
+ krb_set_tkt_string(tkstring);
+
+ memset(&sin, 0, sizeof sin);
+ sin.sin_family = AF_INET;
+ sin.sin_port = k_getportbyname ("krb_prop", "tcp", htons(KPROP_PORT));
+ sin.sin_addr.s_addr = INADDR_ANY;
+
+ strcpy(path, fslv);
+ if ((pc = strrchr(path, '/'))) {
+ pc += 1;
+ } else {
+ pc = path;
+ }
+
+ for (i = 0; i < 5; i++) { /* try each slave five times max */
+ for (cs = sl; cs; cs = cs->next) {
+ if (!cs->succeeded) {
+ if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0)
+ err (1, "socket");
+ memcpy(&sin.sin_addr, &cs->net_addr,
+ sizeof cs->net_addr);
+
+ if (connect(s, (struct sockaddr *) &sin, sizeof sin) < 0) {
+ warn ("connect(%s)", cs->name);
+ close(s);
+ continue; /*** NEXT SLAVE ***/
+ }
+
+ /* for krb_mk_{priv, safe} */
+ memset(&my_sin, 0, sizeof my_sin);
+ n = sizeof my_sin;
+ if (getsockname (s, (struct sockaddr *) &my_sin, &n) != 0) {
+ warn ("getsockname(%s)", cs->name);
+ close (s);
+ continue; /*** NEXT SLAVE ***/
+ }
+ if (n != sizeof (my_sin)) {
+ warnx ("can't get socketname %s length", cs->name);
+ close (s);
+ continue; /*** NEXT SLAVE ***/
+ }
+
+ /* Get ticket */
+ kerror = krb_mk_req (&ticket, KPROP_SERVICE_NAME,
+ cs->instance, cs->realm, (u_int32_t) 0);
+ /* if ticket has expired try to get a new one, but
+ * first get a TGT ...
+ */
+ if (kerror != MK_AP_OK) {
+ if (k_gethostname (my_host_name, sizeof(my_host_name)) != 0) {
+ warnx ("gethostname(%s): %s",
+ my_host_name,
+#ifdef HAVE_H_ERRNO
+ hstrerror(h_errno)
+#else
+ "unknown error"
+#endif
+ );
+ close (s);
+ break; /* next one can't work either! */
+ }
+ /* get canonical kerberos service instance name */
+ p_my_host_name = krb_get_phost (my_host_name);
+ /* copy it to make sure gethostbyname static doesn't
+ * screw us. */
+ strcpy (kprop_service_instance, p_my_host_name);
+ kerror = krb_get_svc_in_tkt (KPROP_SERVICE_NAME,
+#if 0
+ kprop_service_instance,
+#else
+ KRB_MASTER,
+#endif
+ my_realm,
+ KRB_TICKET_GRANTING_TICKET,
+ my_realm,
+ 96,
+ KPROP_SRVTAB);
+ if (kerror != INTK_OK) {
+ warnx ("%s: %s. While getting initial ticket\n",
+ cs->name, krb_get_err_text(kerror));
+ close (s);
+ goto punt;
+ }
+ kerror = krb_mk_req (&ticket, KPROP_SERVICE_NAME,
+ cs->instance, cs->realm, (u_int32_t) 0);
+ }
+ if (kerror != MK_AP_OK) {
+ warnx ("%s: krb_mk_req: %s",
+ cs->name, krb_get_err_text(kerror));
+ close (s);
+ continue; /*** NEXT SLAVE ***/
+ }
+
+ if (write(s, kprop_version, sizeof(kprop_version))
+ != sizeof(kprop_version)) {
+ warn ("%s", cs->name);
+ close (s);
+ continue; /*** NEXT SLAVE ***/
+ }
+
+ net_transfer_mode = htons (transfer_mode);
+ if (write(s, &net_transfer_mode, sizeof(net_transfer_mode))
+ != sizeof(net_transfer_mode)) {
+ warn ("write(%s)", cs->name);
+ close (s);
+ continue; /*** NEXT SLAVE ***/
+ }
+
+ kerror = krb_get_cred (KPROP_SERVICE_NAME, cs->instance,
+ cs->realm, &cred);
+ if (kerror != KSUCCESS) {
+ warnx ("%s: %s. Getting session key.",
+ cs->name, krb_get_err_text(kerror));
+ close (s);
+ continue; /*** NEXT SLAVE ***/
+ }
+#ifdef NOENCRYPTION
+ memset(session_sched, 0, sizeof(session_sched));
+#else
+ if (des_key_sched (&cred.session, session_sched)) {
+ warnx ("%s: can't make key schedule.",
+ cs->name);
+ close (s);
+ continue; /*** NEXT SLAVE ***/
+ }
+#endif
+ /* SAFE (quad_cksum) and CLEAR are just not good enough */
+ cksum = 0;
+#ifdef not_working_yet
+ if (transfer_mode != KPROP_TRANSFER_PRIVATE) {
+ cksum = get_data_checksum(fd, session_sched);
+ lseek(fd, 0L, 0);
+ }
+ else
+#endif
+ {
+ struct stat st;
+ fstat (fd, &st);
+ cksum = st.st_size;
+ }
+ kerror = krb_sendauth(KOPT_DO_MUTUAL,
+ s,
+ &ticket,
+ KPROP_SERVICE_NAME,
+ cs->instance,
+ cs->realm,
+ cksum,
+ &msg_dat,
+ &cred,
+ session_sched,
+ &my_sin,
+ &sin,
+ KPROP_PROT_VERSION);
+ if (kerror != KSUCCESS) {
+ warnx ("%s: krb_sendauth: %s.",
+ cs->name, krb_get_err_text(kerror));
+ close (s);
+ continue; /*** NEXT SLAVE ***/
+ }
+
+ lseek(fd, 0L, SEEK_SET); /* Rewind file before rereading it. */
+ while ((n = read(fd, buf, sizeof buf))) {
+ if (n < 0)
+ err (1, "read");
+ switch (transfer_mode) {
+ case KPROP_TRANSFER_PRIVATE:
+ case KPROP_TRANSFER_SAFE:
+ if (transfer_mode == KPROP_TRANSFER_PRIVATE)
+ length = krb_mk_priv (buf, obuf, n,
+ session_sched, &cred.session,
+ &my_sin, &sin);
+ else
+ length = krb_mk_safe (buf, obuf, n,
+ &cred.session,
+ &my_sin, &sin);
+ if (length == -1) {
+ warnx ("%s: %s failed.",
+ cs->name,
+ (transfer_mode == KPROP_TRANSFER_PRIVATE)
+ ? "krb_rd_priv" : "krb_rd_safe");
+ close (s);
+ continue; /*** NEXT SLAVE ***/
+ }
+ nlength = htonl(length);
+ if (write(s, &nlength, sizeof nlength)
+ != sizeof nlength) {
+ warn ("write(%s)", cs->name);
+ close (s);
+ continue; /*** NEXT SLAVE ***/
+ }
+ if (write(s, obuf, length) != length) {
+ warn ("write(%s)", cs->name);
+ close(s);
+ continue; /*** NEXT SLAVE ***/
+ }
+ break;
+ case KPROP_TRANSFER_CLEAR:
+ if (write(s, buf, n) != n) {
+ warn ("write(%s)", cs->name);
+ close(s);
+ continue; /*** NEXT SLAVE ***/
+ }
+ break;
+ }
+ }
+ close(s);
+ cs->succeeded = 1;
+ fprintf(stderr, "%s: success.\n", cs->name);
+ strcat(strcpy(pc, cs->name), "-last-prop");
+ unlink(path);
+ close(creat(path, 0600));
+ }
+ }
+ }
+punt:
+
+ dest_tkt();
+ for (cs = sl; cs; cs = cs->next) {
+ if (!cs->succeeded)
+ return (0); /* didn't get this slave */
+ }
+ return (1);
+}
+
+static void
+usage()
+{
+ /* already got floc and fslv, what is this? */
+ fprintf(stderr,
+ "\nUsage: kprop [-force] [-realm realm] [-private"
+#ifdef not_safe_yet
+ "|-safe|-clear"
+#endif
+ "] [data_file [slaves_file]]\n\n");
+ exit(1);
+}
+
+
+int
+main(int argc, char **argv)
+{
+ int fd, i;
+ char *floc, *floc_ok;
+ char *fslv;
+ struct stat stbuf, stbuf_ok;
+ time_t l_init, l_final;
+ char *pc;
+ int l_diff;
+ static struct slave_host *slave_host_list = NULL;
+ struct slave_host *sh;
+
+ set_progname (argv[0]);
+
+ transfer_mode = KPROP_TRANSFER_PRIVATE;
+
+ time(&l_init);
+ pc = ctime(&l_init);
+ pc[strlen(pc) - 1] = '\0';
+ printf("\nStart slave propagation: %s\n", pc);
+
+ floc = NULL;
+ fslv = NULL;
+
+ if (krb_get_lrealm(my_realm,1) != KSUCCESS)
+ errx (1, "Getting my kerberos realm. Check krb.conf");
+
+ for (i = 1; i < argc; i++)
+ switch (argv[i][0]) {
+ case '-':
+ if (strcmp (argv[i], "-private") == 0)
+ transfer_mode = KPROP_TRANSFER_PRIVATE;
+#ifdef not_safe_yet
+ else if (strcmp (argv[i], "-safe") == 0)
+ transfer_mode = KPROP_TRANSFER_SAFE;
+ else if (strcmp (argv[i], "-clear") == 0)
+ transfer_mode = KPROP_TRANSFER_CLEAR;
+#endif
+ else if (strcmp (argv[i], "-realm") == 0) {
+ i++;
+ if (i < argc)
+ strcpy(my_realm, argv[i]);
+ else
+ usage();
+ } else if (strcmp (argv[i], "-force") == 0)
+ force_flag++;
+ else {
+ warnx("unknown control argument %s.", argv[i]);
+ usage ();
+ }
+ break;
+ default:
+ /* positional arguments are marginal at best ... */
+ if (floc == NULL)
+ floc = argv[i];
+ else {
+ if (fslv == NULL)
+ fslv = argv[i];
+ else
+ usage();
+ }
+ }
+ if(floc == NULL)
+ floc = DB_DIR "/slave_dump";
+ if(fslv == NULL)
+ fslv = DB_DIR "/slaves";
+
+ asprintf (&floc_ok, "%s%s", floc, ok);
+ if (floc_ok == NULL)
+ errx (1, "out of memory in copying %s", floc);
+
+ if ((fd = open(floc, O_RDONLY)) < 0)
+ err (1, "open(%s)", floc);
+ if (k_flock(fd, K_LOCK_SH | K_LOCK_NB))
+ err (1, "flock(%s)", floc);
+ if (stat(floc, &stbuf))
+ err (1, "stat(%s)", floc);
+ if (stat(floc_ok, &stbuf_ok))
+ err (1, "stat(%s)", floc_ok);
+ if (stbuf.st_mtime > stbuf_ok.st_mtime)
+ errx (1, "'%s' more recent than '%s'.", floc, floc_ok);
+ if (!get_slaves(&slave_host_list, fslv, stbuf_ok.st_mtime))
+ errx (1, "can't read slave host file '%s'.", fslv);
+#ifdef KPROP_DBG
+ {
+ struct slave_host *sh;
+ int i;
+ fprintf(stderr, "\n\n");
+ fflush(stderr);
+ for (sh = slave_host_list; sh; sh = sh->next) {
+ fprintf(stderr, "slave %d: %s, %s", i++, sh->name,
+ inet_ntoa(sh->net_addr));
+ fflush(stderr);
+ }
+ }
+#endif /* KPROP_DBG */
+
+ if (!prop_to_slaves(slave_host_list, fd, fslv))
+ errx (1, "propagation failed.");
+ if (k_flock(fd, K_LOCK_UN))
+ err (1, "flock(%s, LOCK_UN)", floc);
+ fprintf(stderr, "\n\n");
+ for (sh = slave_host_list; sh; sh = sh->next) {
+ fprintf(stderr, "%s:\t\t%s\n", sh->name,
+ (sh->not_time_yet? "Not time yet" : (sh->succeeded ? "Succeeded" : "FAILED")));
+ }
+
+ time(&l_final);
+ l_diff = l_final - l_init;
+ printf("propagation finished, %d:%02d:%02d elapsed\n",
+ l_diff / 3600, (l_diff % 3600) / 60, l_diff % 60);
+
+ exit(0);
+}
+
+#ifdef doesnt_work_yet
+u_long get_data_checksum(fd, key_sched)
+ int fd;
+ des_key_schedule key_sched;
+{
+ u_int32_t cksum = 0;
+ int n;
+ char buf[BUFSIZ];
+ u_int32_t obuf[2];
+
+ while (n = read(fd, buf, sizeof buf)) {
+ if (n < 0)
+ err (1, "read");
+ cksum = cbc_cksum(buf, obuf, n, key_sched, key_sched);
+ }
+ return cksum;
+}
+#endif
diff --git a/crypto/kerberosIV/slave/kprop.h b/crypto/kerberosIV/slave/kprop.h
new file mode 100644
index 0000000..d66f63f
--- /dev/null
+++ b/crypto/kerberosIV/slave/kprop.h
@@ -0,0 +1,19 @@
+/*
+ * Copyright 1987 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information,
+ * please see the file <mit-copyright.h>.
+ *
+ * $Id: kprop.h,v 1.5 1997/02/07 21:39:52 assar Exp $
+ *
+ */
+
+#define KPROP_SERVICE_NAME "rcmd"
+#define KPROP_SRVTAB "/etc/srvtab"
+#define KPROP_PROT_VERSION_LEN 8
+#define KPROP_PROT_VERSION "kprop01"
+#define KPROP_TRANSFER_PRIVATE 1
+#define KPROP_TRANSFER_SAFE 2
+#define KPROP_TRANSFER_CLEAR 3
+#define KPROP_BUFSIZ 32768
+#define KPROP_PORT 754
diff --git a/crypto/kerberosIV/slave/kpropd.c b/crypto/kerberosIV/slave/kpropd.c
new file mode 100644
index 0000000..e2b5f0a
--- /dev/null
+++ b/crypto/kerberosIV/slave/kpropd.c
@@ -0,0 +1,301 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "slav_locl.h"
+
+#include "kprop.h"
+
+RCSID("$Id: kpropd.c,v 2.21 1997/05/02 17:52:13 assar Exp $");
+
+#ifndef SBINDIR
+#define SBINDIR "/usr/athena/sbin"
+#endif
+
+struct sockaddr_in master, slave;
+
+char *database = DBM_FILE;
+
+char *lockfile = DB_DIR "/slave_propagation";
+
+char *logfile = K_LOGFIL;
+
+char *kdb_util = SBINDIR "/kdb_util";
+
+char *kdb_util_command = "load";
+
+char *srvtab = "";
+
+char realm[REALM_SZ];
+
+static
+int
+copy_data(int from, int to, des_cblock *session, des_key_schedule schedule)
+{
+ unsigned char tmp[4];
+ char buf[KPROP_BUFSIZ + 26];
+ u_int32_t length;
+ int n;
+
+ int kerr;
+ MSG_DAT m;
+
+ while(1){
+ n = krb_net_read(from, tmp, 4);
+ if(n == 0)
+ break;
+ if(n < 0){
+ klog(L_KRB_PERR, "krb_net_read: %s", strerror(errno));
+ return -1;
+ }
+ if(n != 4){
+ klog(L_KRB_PERR, "Premature end of data");
+ return -1;
+ }
+ length = (tmp[0] << 24) | (tmp[1] << 16) | (tmp[2] << 8) | tmp[3];
+ if(length > sizeof(buf)){
+ klog(L_KRB_PERR, "Giant packet received: %d", length);
+ return -1;
+ }
+ if(krb_net_read(from, buf, length) != length){
+ klog(L_KRB_PERR, "Premature end of data");
+ return -1;
+ }
+ kerr = krb_rd_priv (buf, length, schedule, session, &master, &slave, &m);
+ if(kerr != KSUCCESS){
+ klog(L_KRB_PERR, "Kerberos error: %s", krb_get_err_text(kerr));
+ return -1;
+ }
+ write(to, m.app_data, m.app_length);
+ }
+ return 0;
+}
+
+
+static
+int
+kprop(int s)
+{
+ char buf[128];
+ int n;
+ KTEXT_ST ticket;
+ AUTH_DAT ad;
+ char sinst[INST_SZ];
+ char command[1024];
+ des_key_schedule schedule;
+ int mode;
+ int kerr;
+ int lock;
+
+ n = sizeof(master);
+ if(getpeername(s, (struct sockaddr*)&master, &n) < 0){
+ klog(L_KRB_PERR, "getpeername: %s", strerror(errno));
+ return 1;
+ }
+
+ n = sizeof(slave);
+ if(getsockname(s, (struct sockaddr*)&slave, &n) < 0){
+ klog(L_KRB_PERR, "getsockname: %s", strerror(errno));
+ return 1;
+ }
+
+ klog(L_KRB_PERR, "Connection from %s", inet_ntoa(master.sin_addr));
+
+ n = krb_net_read(s, buf, KPROP_PROT_VERSION_LEN + 2);
+ if(n < KPROP_PROT_VERSION_LEN + 2){
+ klog(L_KRB_PERR, "Premature end of data");
+ return 1;
+ }
+ if(memcmp(buf, KPROP_PROT_VERSION, KPROP_PROT_VERSION_LEN) != 0){
+ klog(L_KRB_PERR, "Bad protocol version string received");
+ return 1;
+ }
+ mode = (buf[n-2] << 8) | buf[n-1];
+ if(mode != KPROP_TRANSFER_PRIVATE){
+ klog(L_KRB_PERR, "Bad transfer mode received: %d", mode);
+ return 1;
+ }
+ k_getsockinst(s, sinst, sizeof(sinst));
+ kerr = krb_recvauth(KOPT_DO_MUTUAL, s, &ticket,
+ KPROP_SERVICE_NAME, sinst,
+ &master, &slave,
+ &ad, srvtab, schedule,
+ buf);
+ if(kerr != KSUCCESS){
+ klog(L_KRB_PERR, "Kerberos error: %s", krb_get_err_text(kerr));
+ return 1;
+ }
+ des_set_key(&ad.session, schedule);
+
+ lock = open(lockfile, O_WRONLY|O_CREAT, 0600);
+ if(lock < 0){
+ klog(L_KRB_PERR, "Failed to open file: %s", strerror(errno));
+ return 1;
+ }
+ if(k_flock(lock, K_LOCK_EX | K_LOCK_NB)){
+ close(lock);
+ klog(L_KRB_PERR, "Failed to lock file: %s", strerror(errno));
+ return 1;
+ }
+
+ if(ftruncate(lock, 0) < 0){
+ close(lock);
+ klog(L_KRB_PERR, "Failed to lock file: %s", strerror(errno));
+ return 1;
+ }
+
+ if(copy_data(s, lock, &ad.session, schedule)){
+ close(lock);
+ return 1;
+ }
+ close(lock);
+ snprintf(command, sizeof(command),
+ "%s %s %s %s", kdb_util, kdb_util_command,
+ lockfile, database);
+ if(system(command) == 0){
+ klog(L_KRB_PERR, "Propagation finished successfully");
+ return 0;
+ }
+ klog(L_KRB_PERR, "*** Propagation failed ***");
+ return 1;
+}
+
+static int
+doit(void)
+{
+ return kprop(0);
+}
+
+static int
+doit_interactive(void)
+{
+ struct sockaddr_in sa;
+ int salen;
+ int s, s2;
+ int ret;
+
+ s = socket(AF_INET, SOCK_STREAM, 0);
+ if(s < 0){
+ klog(L_KRB_PERR, "socket: %s", strerror(errno));
+ return 1;
+ }
+ memset(&sa, 0, sizeof(sa));
+ sa.sin_family = AF_INET;
+ sa.sin_port = k_getportbyname ("krb_prop", "tcp", htons(KPROP_PORT));
+ ret = bind(s, (struct sockaddr*)&sa, sizeof(sa));
+ if (ret < 0) {
+ klog(L_KRB_PERR, "bind: %s", strerror(errno));
+ return 1;
+ }
+ ret = listen(s, SOMAXCONN);
+ if (ret < 0) {
+ klog(L_KRB_PERR, "listen: %s", strerror(errno));
+ return 1;
+ }
+ for(;;) {
+ salen = sizeof(sa);
+ s2 = accept(s, (struct sockaddr*)&sa, &salen);
+ switch(fork()){
+ case -1:
+ klog(L_KRB_PERR, "fork: %s", strerror(errno));
+ return 1;
+ case 0:
+ close(s);
+ kprop(s2);
+ return 1;
+ default: {
+ int status;
+ close(s2);
+ wait(&status);
+ }
+ }
+ }
+}
+
+static void
+usage (void)
+{
+ fprintf (stderr,
+ "Usage: kpropd [-i] [-d database] [-l log] [-m] [-[p|P] program]"
+ " [-r realm] [-s srvtab]\n");
+ exit (1);
+}
+
+int
+main(int argc, char **argv)
+{
+ int opt;
+ int interactive = 0;
+
+ krb_get_lrealm(realm, 1);
+
+ while((opt = getopt(argc, argv, ":d:l:mp:P:r:s:i")) >= 0){
+ switch(opt){
+ case 'd':
+ database = optarg;
+ break;
+ case 'l':
+ logfile = optarg;
+ break;
+ case 'm':
+ kdb_util_command = "merge";
+ break;
+ case 'p':
+ case 'P':
+ kdb_util = optarg;
+ break;
+ case 'r':
+ strcpy(realm, optarg);
+ break;
+ case 's':
+ srvtab = optarg;
+ break;
+ case 'i':
+ interactive = 1;
+ break;
+ default:
+ klog(L_KRB_PERR, "Bad option: -%c", optopt);
+ usage ();
+ exit(1);
+ }
+ }
+ kset_logfile(logfile);
+ if (interactive)
+ return doit_interactive ();
+ else
+ return doit ();
+}
diff --git a/crypto/kerberosIV/slave/slav_locl.h b/crypto/kerberosIV/slave/slav_locl.h
new file mode 100644
index 0000000..760fb9d
--- /dev/null
+++ b/crypto/kerberosIV/slave/slav_locl.h
@@ -0,0 +1,101 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: slav_locl.h,v 1.11 1997/05/20 18:40:47 bg Exp $ */
+
+#ifndef __slav_locl_h
+#define __slav_locl_h
+
+#include "config.h"
+#include "protos.h"
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+
+#include <errno.h>
+#include <unistd.h>
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#include <time.h>
+#ifdef HAVE_SYS_FILE_H
+#include <sys/file.h>
+#endif
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#include <err.h>
+
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+#include <roken.h>
+
+#include <krb.h>
+#include <krb_db.h>
+#include <klog.h>
+#include <prot.h>
+#include <kdc.h>
+
+#include "kprop.h"
+
+#endif /* __slav_locl_h */
OpenPOWER on IntegriCloud