summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/appl/kx
diff options
context:
space:
mode:
authorassar <assar@FreeBSD.org>2001-06-21 02:12:07 +0000
committerassar <assar@FreeBSD.org>2001-06-21 02:12:07 +0000
commit0c8fa354358381b3f1b92598e7f1b46f8cf744cc (patch)
treeed28ffb73cc0ae48a9892dab3f10b09bc36436d5 /crypto/heimdal/appl/kx
parent06c859ecf534f468a52f24a3eb14409d73a4907c (diff)
downloadFreeBSD-src-0c8fa354358381b3f1b92598e7f1b46f8cf744cc.zip
FreeBSD-src-0c8fa354358381b3f1b92598e7f1b46f8cf744cc.tar.gz
import of heimdal 0.3f
Diffstat (limited to 'crypto/heimdal/appl/kx')
-rw-r--r--crypto/heimdal/appl/kx/ChangeLog317
-rw-r--r--crypto/heimdal/appl/kx/Makefile.am73
-rw-r--r--crypto/heimdal/appl/kx/Makefile.in801
-rw-r--r--crypto/heimdal/appl/kx/common.c794
-rw-r--r--crypto/heimdal/appl/kx/context.c92
-rw-r--r--crypto/heimdal/appl/kx/krb4.c361
-rw-r--r--crypto/heimdal/appl/kx/krb5.c421
-rw-r--r--crypto/heimdal/appl/kx/kx.162
-rw-r--r--crypto/heimdal/appl/kx/kx.c765
-rw-r--r--crypto/heimdal/appl/kx/kx.cat139
-rw-r--r--crypto/heimdal/appl/kx/kx.h259
-rw-r--r--crypto/heimdal/appl/kx/kxd.853
-rw-r--r--crypto/heimdal/appl/kx/kxd.c754
-rw-r--r--crypto/heimdal/appl/kx/kxd.cat837
-rw-r--r--crypto/heimdal/appl/kx/rxtelnet.180
-rw-r--r--crypto/heimdal/appl/kx/rxtelnet.cat143
-rw-r--r--crypto/heimdal/appl/kx/rxtelnet.in63
-rw-r--r--crypto/heimdal/appl/kx/rxterm.177
-rw-r--r--crypto/heimdal/appl/kx/rxterm.cat141
-rw-r--r--crypto/heimdal/appl/kx/rxterm.in41
-rw-r--r--crypto/heimdal/appl/kx/tenletxr.161
-rw-r--r--crypto/heimdal/appl/kx/tenletxr.cat137
-rw-r--r--crypto/heimdal/appl/kx/tenletxr.in37
-rw-r--r--crypto/heimdal/appl/kx/writeauth.c73
24 files changed, 5381 insertions, 0 deletions
diff --git a/crypto/heimdal/appl/kx/ChangeLog b/crypto/heimdal/appl/kx/ChangeLog
new file mode 100644
index 0000000..3050e2e
--- /dev/null
+++ b/crypto/heimdal/appl/kx/ChangeLog
@@ -0,0 +1,317 @@
+2001-01-17 Johan Danielsson <joda@pdc.kth.se>
+
+ * common.c: don't write to string constants
+
+2000-12-31 Assar Westerlund <assar@sics.se>
+
+ * krb5.c (krb5_make_context): handle krb5_init_context failure
+ consistently
+
+2000-10-08 Assar Westerlund <assar@sics.se>
+
+ * kxd.c (doit_passive): check that fds are not too large to select
+ on
+ * kx.c (doit_active): check that fds are not too large to select
+ on
+ * krb5.c (krb5_copy_encrypted): check that fds are not too large
+ to select on
+ * krb4.c (krb4_copy_encrypted): check that fds are not too large
+ to select on
+
+2000-06-10 Assar Westerlund <assar@sics.se>
+
+ * Makefile.in: use INSTALL_SCRIPT for installing rxterm, rxtelnet,
+ tenletxr
+
+2000-04-19 Assar Westerlund <assar@sics.se>
+
+ * common.c: try hostname uncanonified if getaddrinfo() fails
+
+2000-02-06 Assar Westerlund <assar@sics.se>
+
+ * kx.h: remove old prorotypes
+
+2000-01-08 Assar Westerlund <assar@sics.se>
+
+ * common.c (match_local_auth): handle ai_canonname being set in
+ any of the addresses returnedby getaddrinfo. glibc apparently
+ returns the reverse lookup of every address in ai_canonname.
+
+1999-12-28 Assar Westerlund <assar@sics.se>
+
+ * kxd.c (main): call krb5_getportbyname with the default in
+ host-byte-order
+
+1999-12-17 Assar Westerlund <assar@sics.se>
+
+ * common.c (match_local_auth): remove extra brace. spotted by
+ Jakob Schlyter <jakob@cdg.chalmers.se>
+
+1999-12-16 Assar Westerlund <assar@sics.se>
+
+ * common.c (match_local_auth): handle ai_canonname not being set
+
+1999-12-06 Assar Westerlund <assar@sics.se>
+
+ * krb4.c (krb4_authenticate): the NAT address might not be the one
+ for the relevant realm, try anyway.
+ * kxd.c (recv_conn): type correctness
+ * kx.c (connect_host): typo
+
+1999-12-05 Assar Westerlund <assar@sics.se>
+
+ * common.c (INADDR_LOOPBACK): remove. now in roken.
+
+ * kxd.c (recv_conn): use getnameinfo_verified
+ * kxd.c (recv_conn): replace inaddr2str with getnameinfo
+
+1999-12-04 Assar Westerlund <assar@sics.se>
+
+ * kx.c (connect_host): use getaddrinfo
+ * common.c (find_auth_cookie, match_local_auth): re-write to use
+ getaddrinfo
+
+1999-11-27 Assar Westerlund <assar@sics.se>
+
+ * kxd.c (recv_conn): better errors when getting unrecognized data
+
+1999-11-25 Assar Westerlund <assar@sics.se>
+
+ * krb4.c (krb4_authenticate): obtain the `local' address when
+ doing NAT. also turn on passive mode. From <thn@stacken.kth.se>
+
+1999-11-18 Assar Westerlund <assar@sics.se>
+
+ * krb5.c (krb5_destroy): free the correct part of the context
+
+1999-11-02 Assar Westerlund <assar@sics.se>
+
+ * kx.c (main): redo the v4/v5 selection for consistency. -4 ->
+ try only v4 -5 -> try only v5 none, -45 -> try v5, v4
+
+1999-10-10 Assar Westerlund <assar@sics.se>
+
+ * Makefile.am (CLEANFILES): add generated files so that they get
+ cleaned away
+
+1999-09-29 Assar Westerlund <assar@sics.se>
+
+ * common.c (match_local_auth): only look for FamilyLocal (and
+ FamilyWild) cookies. This will not work when we start talking tcp
+ to the local X-server but `connect_local_xsocket' and the rest of
+ the code doesn't handle it anyway and the old code could (and did)
+ pick up the wrong cookie sometimes. If we have to match
+ FamilyInternet cookies, the search order has to be changed anyway
+
+1999-09-02 Assar Westerlund <assar@sics.se>
+
+ * kxd.c (childhandler): watch for child `wait_on_pid' to die.
+ (recv_conn): set `wait_on_pid' instead of looping on waitpid here
+ also. This should solve the problem of kxd looping which was
+ caused by the signal handler getting invoked before this waitpid
+ and reaping the child leaving this poor loop without any child
+
+1999-08-19 Assar Westerlund <assar@sics.se>
+
+ * kxd.c (recv_conn): give better error message
+ (doit_active): don't die if fork gives EAGAIN
+
+1999-08-19 Johan Danielsson <joda@pdc.kth.se>
+
+ * kxd.c (recv_conn): call setjob on crays;
+ (doit_passive): if fork fails with EAGAIN, don't shutdown, just close
+ the connection re-implement `-t' flag
+
+1999-07-12 Assar Westerlund <assar@sics.se>
+
+ * Makefile.am: handle not building X programs
+
+1999-06-23 Assar Westerlund <assar@sics.se>
+
+ * kx.c: conditionalize krb_enable_debug
+
+1999-06-20 Assar Westerlund <assar@sics.se>
+
+ * kxd.c (main): hopefully do inetd confusion right
+
+1999-06-15 Assar Westerlund <assar@sics.se>
+
+ * krb4.c (krb4_authenticate): get rid of a warning
+
+ * kx.h: const-pollution
+
+ * kx.c: use get_default_username and resulting const pollution
+
+ * context.c (context_set): const pollution
+
+1999-05-22 Assar Westerlund <assar@sics.se>
+
+ * kxd.c (recv_conn): fix syslog messages
+ (main): fix inetd_flag thinko
+
+1999-05-21 Assar Westerlund <assar@sics.se>
+
+ * kx.c (main): don't byte-swap the argument to krb5_getportbyname
+
+ * kx.c (main): try to use $USERNAME
+
+1999-05-10 Assar Westerlund <assar@sics.se>
+
+ * Makefile.in (SOURCES*): update sources list
+
+ * kx.c (main): forgot to conditionalize some KRB5 code
+
+ * kxd.c (main): use getarg
+ (*): handle v4 and/or v5
+
+ * kx.h: update
+
+ * kx.c (main): use getarg.
+ (*): handle v4 and/or v5
+
+ * common.c (do_enccopy, copy_encrypted): remove use
+ net_{read,write} instead of krb_net_{read,write}
+ (krb_get_int, krb_put_int): include fallback of these for when we
+ compile without krb4
+
+ * Makefile.am (*_SOURCES): remove encdata, add krb[45].c,
+ context.c
+ (LDADD): add krb5
+
+ * krb4.c, krb5.c, context.c: new files
+
+1999-05-08 Assar Westerlund <assar@sics.se>
+
+ * kxd.c (doit_passive): handle error code from
+ create_and_write_cookie
+
+ * kx.c (doit_active): handle error code from
+ create_and_write_cookie
+
+ * common.c (create_and_write_cookie): try to return better (and
+ correct) errors. Based on a patch from Love <lha@e.kth.se>
+
+ * common.c (try_pie): more braces
+ (match_local_auth): new function
+ (find_auth_cookie): new function
+ (replace_cookie): don't just take the first auth cookie. based on
+ patch from Ake Sandgren <ake@@cs.umu.se>
+
+Wed Apr 7 23:39:23 1999 Assar Westerlund <assar@sics.se>
+
+ * common.c (get_xsockets): init local variable to get rid of a gcc
+ warning
+
+Thu Apr 1 21:11:36 1999 Johan Danielsson <joda@hella.pdc.kth.se>
+
+ * Makefile.in: fix for writeauth.o
+
+Fri Mar 19 15:12:31 1999 Johan Danielsson <joda@hella.pdc.kth.se>
+
+ * kx.c: add gcc-braces
+
+Thu Mar 18 11:18:20 1999 Johan Danielsson <joda@hella.pdc.kth.se>
+
+ * Makefile.am: include Makefile.am.common
+
+Thu Mar 11 14:58:32 1999 Johan Danielsson <joda@hella.pdc.kth.se>
+
+ * writeauth.c: protoize
+
+ * common.c: fix some warnings
+
+Wed Mar 10 19:33:39 1999 Johan Danielsson <joda@hella.pdc.kth.se>
+
+ * kxd.c: openlog -> roken_openlog
+
+Wed Feb 3 22:01:55 1999 Assar Westerlund <assar@sics.se>
+
+ * rxtelnet.in: print out what telnet program we are running. From
+ <nissej@pdc.kth.se>
+
+ * tenletxr.in: add --version, [-h | --help], -v
+
+ * rxterm.in: add --version, [-h | --help], -v
+
+ * rxtelnet.in: add --version, [-h | --help], -v
+
+ * Makefile.in (rxterm, rxtelnet, telnetxr): substitute VERSION and
+ PACKAGE
+
+ * rxtelnet.in: update usage string
+
+Fri Jan 22 23:51:05 1999 Assar Westerlund <assar@sics.se>
+
+ * common.c (verify_and_remove_cookies): give back a meaningful
+ error message if we're using the wrong cookie
+
+Fri Dec 18 17:42:02 1998 Assar Westerlund <assar@sics.se>
+
+ * common.c (replace_cookie): try to handle the case of not finding
+ any cookies
+
+Sun Nov 22 10:31:53 1998 Assar Westerlund <assar@sics.se>
+
+ * Makefile.in (WFLAGS): set
+
+Wed Nov 18 20:25:37 1998 Assar Westerlund <assar@sics.se>
+
+ * rxtelnet.in: new argument -n for not starting any terminal
+ emulator
+
+ * kx.c (doit_passive): parse $DISPLAY correctly
+
+Fri Oct 2 06:34:51 1998 Assar Westerlund <assar@sics.se>
+
+ * kx.c (doit_active): check DISPLAY to figure out what local
+ socket to connect to. From Åke Sandgren <ake@cs.umu.se>
+
+Thu Oct 1 23:02:29 1998 Johan Danielsson <joda@hella.pdc.kth.se>
+
+ * kx.h: case MAY_HAVE_X11_PIPES with Solaris
+
+Tue Sep 29 02:22:44 1998 Assar Westerlund <assar@sics.se>
+
+ * kx.c: fix from Ake Sandgren <ake@cs.umu.se>
+
+Mon Sep 28 18:04:03 1998 Johan Danielsson <joda@hella.pdc.kth.se>
+
+ * common.c (try_pipe): return -1 if I_PUSH fails with ENOSYS
+
+Sat Sep 26 17:34:21 1998 Assar Westerlund <assar@sics.se>
+
+ * kxd.c: create sockets before setuid to handle Solaris' strange
+ permissions on /tmp/.X11-{unix,pipe}
+
+ * common.c (chown_xsockets): new function
+
+ * kx.h (chown_xsockets): new prototype
+
+Sun Aug 16 18:34:30 1998 Assar Westerlund <assar@sics.se>
+
+ * kxd.c (doit_passive): conditionalize stream pipe code
+
+ * implement support for Solaris's named-pipe X transport
+
+Thu May 28 17:20:39 1998 Johan Danielsson <joda@emma.pdc.kth.se>
+
+ * common.c: fix for (compiler?) bug in solaris 2.4 bind
+
+ * kx.c: get_xsockets returns int, not unsigned
+
+Wed May 27 04:20:20 1998 Assar Westerlund <assar@sics.se>
+
+ * kxd.c (doit): better error reporting
+
+Tue May 26 17:41:23 1998 Johan Danielsson <joda@emma.pdc.kth.se>
+
+ * kx.c: use krb_enable_debug
+
+Mon May 25 05:22:18 1998 Assar Westerlund <assar@sics.se>
+
+ * Makefile.in (clean): remove encdata.c
+
+Fri May 1 07:16:36 1998 Assar Westerlund <assar@sics.se>
+
+ * kx.c: unifdef -DHAVE_H_ERRNO
+
diff --git a/crypto/heimdal/appl/kx/Makefile.am b/crypto/heimdal/appl/kx/Makefile.am
new file mode 100644
index 0000000..ec3f249
--- /dev/null
+++ b/crypto/heimdal/appl/kx/Makefile.am
@@ -0,0 +1,73 @@
+# $Id: Makefile.am,v 1.12 2000/11/15 22:51:08 assar Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+INCLUDES += $(INCLUDE_krb4) $(X_CFLAGS)
+
+WFLAGS += $(WFLAGS_NOIMPLICITINT)
+
+if HAVE_X
+
+bin_PROGRAMS = kx
+bin_SCRIPTS = rxterm rxtelnet tenletxr
+libexec_PROGRAMS = kxd
+
+else
+
+bin_PROGRAMS =
+bin_SCRIPTS =
+libexec_PROGRAMS =
+
+endif
+
+CLEANFILES = rxterm rxtelnet tenletxr
+
+if NEED_WRITEAUTH
+XauWriteAuth_c = writeauth.c
+endif
+
+kx_SOURCES = \
+ kx.c \
+ kx.h \
+ common.c \
+ context.c \
+ krb4.c \
+ krb5.c \
+ $(XauWriteAuth_c)
+
+EXTRA_kx_SOURCES = writeauth.c
+
+kxd_SOURCES = \
+ kxd.c \
+ kx.h \
+ common.c \
+ context.c \
+ krb4.c \
+ krb5.c \
+ $(XauWriteAuth_c)
+
+EXTRA_kxd_SOURCES = writeauth.c
+
+EXTRA_DIST = rxterm.in rxtelnet.in tenletxr.in
+
+man_MANS = kx.1 rxtelnet.1 rxterm.1 tenletxr.1 kxd.8
+
+rxterm: rxterm.in
+ sed -e "s!%bindir%!$(bindir)!" $(srcdir)/rxterm.in > $@
+ chmod +x $@
+
+rxtelnet: rxtelnet.in
+ sed -e "s!%bindir%!$(bindir)!" $(srcdir)/rxtelnet.in > $@
+ chmod +x $@
+
+tenletxr: tenletxr.in
+ sed -e "s!%bindir%!$(bindir)!" $(srcdir)/tenletxr.in > $@
+ chmod +x $@
+
+LDADD = \
+ $(LIB_kafs) \
+ $(LIB_krb5) \
+ $(LIB_krb4) \
+ $(LIB_des) \
+ $(LIB_roken) \
+ $(X_LIBS) $(LIB_XauReadAuth) $(X_PRE_LIBS) $(X_EXTRA_LIBS)
diff --git a/crypto/heimdal/appl/kx/Makefile.in b/crypto/heimdal/appl/kx/Makefile.in
new file mode 100644
index 0000000..9d327ec
--- /dev/null
+++ b/crypto/heimdal/appl/kx/Makefile.in
@@ -0,0 +1,801 @@
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
+
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+SHELL = @SHELL@
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+
+bindir = @bindir@
+sbindir = @sbindir@
+libexecdir = @libexecdir@
+datadir = @datadir@
+sysconfdir = @sysconfdir@
+sharedstatedir = @sharedstatedir@
+localstatedir = @localstatedir@
+libdir = @libdir@
+infodir = @infodir@
+mandir = @mandir@
+includedir = @includedir@
+oldincludedir = /usr/include
+
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+
+top_builddir = ../..
+
+ACLOCAL = @ACLOCAL@
+AUTOCONF = @AUTOCONF@
+AUTOMAKE = @AUTOMAKE@
+AUTOHEADER = @AUTOHEADER@
+
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_FLAG =
+transform = @program_transform_name@
+
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+
+@SET_MAKE@
+host_alias = @host_alias@
+host_triplet = @host@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMDEP = @AMDEP@
+AMTAR = @AMTAR@
+AS = @AS@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CPP = @CPP@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+DBLIB = @DBLIB@
+DEPDIR = @DEPDIR@
+DIR_des = @DIR_des@
+DIR_roken = @DIR_roken@
+DLLTOOL = @DLLTOOL@
+EXEEXT = @EXEEXT@
+EXTRA_LIB45 = @EXTRA_LIB45@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_ = @INCLUDE_@
+LEX = @LEX@
+LIBOBJS = @LIBOBJS@
+LIBTOOL = @LIBTOOL@
+LIB_ = @LIB_@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_des = @LIB_des@
+LIB_des_appl = @LIB_des_appl@
+LIB_kdb = @LIB_kdb@
+LIB_otp = @LIB_otp@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
+NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
+NROFF = @NROFF@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+RANLIB = @RANLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+YACC = @YACC@
+dpagaix_CFLAGS = @dpagaix_CFLAGS@
+dpagaix_LDADD = @dpagaix_LDADD@
+install_sh = @install_sh@
+
+# $Id: Makefile.am,v 1.12 2000/11/15 22:51:08 assar Exp $
+
+
+# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
+
+
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
+
+
+AUTOMAKE_OPTIONS = foreign no-dependencies
+
+SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x
+
+INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) $(X_CFLAGS)
+
+AM_CFLAGS = $(WFLAGS)
+
+CP = cp
+
+COMPILE_ET = $(top_builddir)/lib/com_err/compile_et
+
+buildinclude = $(top_builddir)/include
+
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_crypt = @LIB_crypt@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_el_init = @LIB_el_init@
+LIB_getattr = @LIB_getattr@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_search = @LIB_res_search@
+LIB_setpcred = @LIB_setpcred@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+
+LIBS = @LIBS@
+
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+LIB_hesiod = @LIB_hesiod@
+
+INCLUDE_krb4 = @INCLUDE_krb4@
+LIB_krb4 = @LIB_krb4@
+
+INCLUDE_openldap = @INCLUDE_openldap@
+LIB_openldap = @LIB_openldap@
+
+INCLUDE_readline = @INCLUDE_readline@
+
+LEXLIB = @LEXLIB@
+
+NROFF_MAN = groff -mandoc -Tascii
+
+@KRB4_TRUE@LIB_kafs = @KRB4_TRUE@$(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+
+@KRB5_TRUE@LIB_krb5 = @KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
+@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
+
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
+CHECK_LOCAL = $(PROGRAMS)
+
+WFLAGS = @WFLAGS@ $(WFLAGS_NOIMPLICITINT)
+
+@HAVE_X_TRUE@bin_PROGRAMS = @HAVE_X_TRUE@kx
+@HAVE_X_FALSE@bin_PROGRAMS =
+@HAVE_X_TRUE@bin_SCRIPTS = @HAVE_X_TRUE@rxterm rxtelnet tenletxr
+@HAVE_X_FALSE@bin_SCRIPTS =
+@HAVE_X_TRUE@libexec_PROGRAMS = @HAVE_X_TRUE@kxd
+@HAVE_X_FALSE@libexec_PROGRAMS =
+
+CLEANFILES = rxterm rxtelnet tenletxr
+
+@NEED_WRITEAUTH_TRUE@XauWriteAuth_c = @NEED_WRITEAUTH_TRUE@writeauth.c
+
+kx_SOURCES = \
+ kx.c \
+ kx.h \
+ common.c \
+ context.c \
+ krb4.c \
+ krb5.c \
+ $(XauWriteAuth_c)
+
+
+EXTRA_kx_SOURCES = writeauth.c
+
+kxd_SOURCES = \
+ kxd.c \
+ kx.h \
+ common.c \
+ context.c \
+ krb4.c \
+ krb5.c \
+ $(XauWriteAuth_c)
+
+
+EXTRA_kxd_SOURCES = writeauth.c
+
+EXTRA_DIST = rxterm.in rxtelnet.in tenletxr.in
+
+man_MANS = kx.1 rxtelnet.1 rxterm.1 tenletxr.1 kxd.8
+
+LDADD = \
+ $(LIB_kafs) \
+ $(LIB_krb5) \
+ $(LIB_krb4) \
+ $(LIB_des) \
+ $(LIB_roken) \
+ $(X_LIBS) $(LIB_XauReadAuth) $(X_PRE_LIBS) $(X_EXTRA_LIBS)
+
+subdir = appl/kx
+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+CONFIG_HEADER = ../../include/config.h
+CONFIG_CLEAN_FILES =
+@HAVE_X_FALSE@bin_PROGRAMS =
+@HAVE_X_FALSE@libexec_PROGRAMS =
+PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS)
+
+
+DEFS = @DEFS@ -I. -I$(srcdir) -I../../include
+CPPFLAGS = @CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+X_CFLAGS = @X_CFLAGS@
+X_LIBS = @X_LIBS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+@NEED_WRITEAUTH_FALSE@am_kx_OBJECTS = kx.$(OBJEXT) common.$(OBJEXT) \
+@NEED_WRITEAUTH_FALSE@context.$(OBJEXT) krb4.$(OBJEXT) krb5.$(OBJEXT)
+@NEED_WRITEAUTH_TRUE@am_kx_OBJECTS = kx.$(OBJEXT) common.$(OBJEXT) \
+@NEED_WRITEAUTH_TRUE@context.$(OBJEXT) krb4.$(OBJEXT) krb5.$(OBJEXT) \
+@NEED_WRITEAUTH_TRUE@writeauth.$(OBJEXT)
+kx_OBJECTS = $(am_kx_OBJECTS)
+kx_LDADD = $(LDADD)
+@KRB4_FALSE@@KRB5_FALSE@kx_DEPENDENCIES =
+@KRB4_FALSE@@KRB5_TRUE@kx_DEPENDENCIES = \
+@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
+@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la
+@KRB4_TRUE@@KRB5_FALSE@kx_DEPENDENCIES = \
+@KRB4_TRUE@@KRB5_FALSE@$(top_builddir)/lib/kafs/libkafs.la
+@KRB4_TRUE@@KRB5_TRUE@kx_DEPENDENCIES = \
+@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/kafs/libkafs.la \
+@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
+@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la
+kx_LDFLAGS =
+@NEED_WRITEAUTH_FALSE@am_kxd_OBJECTS = kxd.$(OBJEXT) common.$(OBJEXT) \
+@NEED_WRITEAUTH_FALSE@context.$(OBJEXT) krb4.$(OBJEXT) krb5.$(OBJEXT)
+@NEED_WRITEAUTH_TRUE@am_kxd_OBJECTS = kxd.$(OBJEXT) common.$(OBJEXT) \
+@NEED_WRITEAUTH_TRUE@context.$(OBJEXT) krb4.$(OBJEXT) krb5.$(OBJEXT) \
+@NEED_WRITEAUTH_TRUE@writeauth.$(OBJEXT)
+kxd_OBJECTS = $(am_kxd_OBJECTS)
+kxd_LDADD = $(LDADD)
+@KRB4_FALSE@@KRB5_FALSE@kxd_DEPENDENCIES =
+@KRB4_FALSE@@KRB5_TRUE@kxd_DEPENDENCIES = \
+@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
+@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la
+@KRB4_TRUE@@KRB5_FALSE@kxd_DEPENDENCIES = \
+@KRB4_TRUE@@KRB5_FALSE@$(top_builddir)/lib/kafs/libkafs.la
+@KRB4_TRUE@@KRB5_TRUE@kxd_DEPENDENCIES = \
+@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/kafs/libkafs.la \
+@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
+@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la
+kxd_LDFLAGS =
+SCRIPTS = $(bin_SCRIPTS)
+
+COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CFLAGS = @CFLAGS@
+CCLD = $(CC)
+LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+DIST_SOURCES = $(kx_SOURCES) $(EXTRA_kx_SOURCES) $(kxd_SOURCES) \
+$(EXTRA_kxd_SOURCES)
+man1dir = $(mandir)/man1
+man8dir = $(mandir)/man8
+MANS = $(man_MANS)
+depcomp =
+DIST_COMMON = ChangeLog Makefile.am Makefile.in
+
+
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+
+GZIP_ENV = --best
+SOURCES = $(kx_SOURCES) $(EXTRA_kx_SOURCES) $(kxd_SOURCES) $(EXTRA_kxd_SOURCES)
+OBJECTS = $(am_kx_OBJECTS) $(am_kxd_OBJECTS)
+
+all: all-redirect
+.SUFFIXES:
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
+$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
+ cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/kx/Makefile
+
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ cd $(top_builddir) \
+ && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status
+
+
+mostlyclean-binPROGRAMS:
+
+clean-binPROGRAMS:
+ -test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
+
+distclean-binPROGRAMS:
+
+maintainer-clean-binPROGRAMS:
+
+install-binPROGRAMS: $(bin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ $(mkinstalldirs) $(DESTDIR)$(bindir)
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ if test -f $$p; then \
+ f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \
+ echo " $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(bindir)/$$f"; \
+ $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(bindir)/$$f; \
+ else :; fi; \
+ done
+
+uninstall-binPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \
+ echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
+ rm -f $(DESTDIR)$(bindir)/$$f; \
+ done
+
+mostlyclean-libexecPROGRAMS:
+
+clean-libexecPROGRAMS:
+ -test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS)
+
+distclean-libexecPROGRAMS:
+
+maintainer-clean-libexecPROGRAMS:
+
+install-libexecPROGRAMS: $(libexec_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ $(mkinstalldirs) $(DESTDIR)$(libexecdir)
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ if test -f $$p; then \
+ f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \
+ echo " $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libexecdir)/$$f"; \
+ $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libexecdir)/$$f; \
+ else :; fi; \
+ done
+
+uninstall-libexecPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \
+ echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \
+ rm -f $(DESTDIR)$(libexecdir)/$$f; \
+ done
+
+mostlyclean-compile:
+ -rm -f *.o core *.core
+ -rm -f *.$(OBJEXT)
+
+clean-compile:
+
+distclean-compile:
+ -rm -f *.tab.c
+
+maintainer-clean-compile:
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+distclean-libtool:
+
+maintainer-clean-libtool:
+
+kx$(EXEEXT): $(kx_OBJECTS) $(kx_DEPENDENCIES)
+ @rm -f kx$(EXEEXT)
+ $(LINK) $(kx_LDFLAGS) $(kx_OBJECTS) $(kx_LDADD) $(LIBS)
+
+kxd$(EXEEXT): $(kxd_OBJECTS) $(kxd_DEPENDENCIES)
+ @rm -f kxd$(EXEEXT)
+ $(LINK) $(kxd_LDFLAGS) $(kxd_OBJECTS) $(kxd_LDADD) $(LIBS)
+
+install-binSCRIPTS: $(bin_SCRIPTS)
+ @$(NORMAL_INSTALL)
+ $(mkinstalldirs) $(DESTDIR)$(bindir)
+ @list='$(bin_SCRIPTS)'; for p in $$list; do \
+ f="`echo $$p|sed '$(transform)'`"; \
+ if test -f $$p; then \
+ echo " $(INSTALL_SCRIPT) $$p $(DESTDIR)$(bindir)/$$f"; \
+ $(INSTALL_SCRIPT) $$p $(DESTDIR)$(bindir)/$$f; \
+ elif test -f $(srcdir)/$$p; then \
+ echo " $(INSTALL_SCRIPT) $(srcdir)/$$p $(DESTDIR)$(bindir)/$$f"; \
+ $(INSTALL_SCRIPT) $(srcdir)/$$p $(DESTDIR)$(bindir)/$$f; \
+ else :; fi; \
+ done
+
+uninstall-binSCRIPTS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(bin_SCRIPTS)'; for p in $$list; do \
+ f="`echo $$p|sed '$(transform)'`"; \
+ echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
+ rm -f $(DESTDIR)$(bindir)/$$f; \
+ done
+.c.o:
+ $(COMPILE) -c $<
+.c.obj:
+ $(COMPILE) -c `cygpath -w $<`
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+install-man1:
+ $(mkinstalldirs) $(DESTDIR)$(man1dir)
+ @list='$(man1_MANS)'; \
+ l2='$(man_MANS)'; for i in $$l2; do \
+ case "$$i" in \
+ *.1*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \
+ $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \
+ done
+
+uninstall-man1:
+ @list='$(man1_MANS)'; \
+ l2='$(man_MANS)'; for i in $$l2; do \
+ case "$$i" in \
+ *.1*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \
+ rm -f $(DESTDIR)$(man1dir)/$$inst; \
+ done
+
+install-man8:
+ $(mkinstalldirs) $(DESTDIR)$(man8dir)
+ @list='$(man8_MANS)'; \
+ l2='$(man_MANS)'; for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \
+ $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \
+ done
+
+uninstall-man8:
+ @list='$(man8_MANS)'; \
+ l2='$(man_MANS)'; for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \
+ rm -f $(DESTDIR)$(man8dir)/$$inst; \
+ done
+install-man: $(MANS)
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-man1 install-man8
+uninstall-man:
+ @$(NORMAL_UNINSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-man1 uninstall-man8
+
+tags: TAGS
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique $(LISP)
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
+ || etags $(ETAGS_ARGS) $$tags $$unique $(LISP)
+
+GTAGS:
+ here=`CDPATH=: && cd $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $$here
+
+mostlyclean-tags:
+
+clean-tags:
+
+distclean-tags:
+ -rm -f TAGS ID
+
+maintainer-clean-tags:
+
+distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir)
+
+distdir: $(DISTFILES)
+ @for file in $(DISTFILES); do \
+ d=$(srcdir); \
+ if test -d $$d/$$file; then \
+ cp -pR $$d/$$file $(distdir) \
+ || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook
+info-am:
+info: info-am
+dvi-am:
+dvi: dvi-am
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+installcheck-am:
+installcheck: installcheck-am
+install-exec-am: install-binPROGRAMS install-libexecPROGRAMS \
+ install-binSCRIPTS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+install-exec: install-exec-am
+
+install-data-am: install-man install-data-local
+install-data: install-data-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+install: install-am
+uninstall-am: uninstall-binPROGRAMS uninstall-libexecPROGRAMS \
+ uninstall-binSCRIPTS uninstall-man
+uninstall: uninstall-am
+all-am: Makefile $(PROGRAMS) $(SCRIPTS) $(MANS) all-local
+all-redirect: all-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_STRIP_FLAG=-s install
+installdirs:
+ $(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(libexecdir) \
+ $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 \
+ $(DESTDIR)$(mandir)/man8
+
+
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -rm -f Makefile $(CONFIG_CLEAN_FILES)
+ -rm -f config.cache config.log stamp-h stamp-h[0-9]*
+
+maintainer-clean-generic:
+ -rm -f Makefile.in
+mostlyclean-am: mostlyclean-binPROGRAMS mostlyclean-libexecPROGRAMS \
+ mostlyclean-compile mostlyclean-libtool \
+ mostlyclean-tags mostlyclean-generic
+
+mostlyclean: mostlyclean-am
+
+clean-am: clean-binPROGRAMS clean-libexecPROGRAMS clean-compile \
+ clean-libtool clean-tags clean-generic mostlyclean-am
+
+clean: clean-am
+
+distclean-am: distclean-binPROGRAMS distclean-libexecPROGRAMS \
+ distclean-compile distclean-libtool distclean-tags \
+ distclean-generic clean-am
+ -rm -f libtool
+
+distclean: distclean-am
+
+maintainer-clean-am: maintainer-clean-binPROGRAMS \
+ maintainer-clean-libexecPROGRAMS \
+ maintainer-clean-compile maintainer-clean-libtool \
+ maintainer-clean-tags maintainer-clean-generic \
+ distclean-am
+ @echo "This command is intended for maintainers to use;"
+ @echo "it deletes files that may require special tools to rebuild."
+
+maintainer-clean: maintainer-clean-am
+
+.PHONY: mostlyclean-binPROGRAMS distclean-binPROGRAMS clean-binPROGRAMS \
+maintainer-clean-binPROGRAMS uninstall-binPROGRAMS install-binPROGRAMS \
+mostlyclean-libexecPROGRAMS distclean-libexecPROGRAMS \
+clean-libexecPROGRAMS maintainer-clean-libexecPROGRAMS \
+uninstall-libexecPROGRAMS install-libexecPROGRAMS mostlyclean-compile \
+distclean-compile clean-compile maintainer-clean-compile \
+mostlyclean-libtool distclean-libtool clean-libtool \
+maintainer-clean-libtool uninstall-binSCRIPTS install-binSCRIPTS \
+install-man1 uninstall-man1 install-man8 uninstall-man8 install-man \
+uninstall-man tags mostlyclean-tags distclean-tags clean-tags \
+maintainer-clean-tags distdir info-am info dvi-am dvi check-local check \
+check-am installcheck-am installcheck install-exec-am install-exec \
+install-data-local install-data-am install-data install-am install \
+uninstall-am uninstall all-local all-redirect all-am all install-strip \
+installdirs mostlyclean-generic distclean-generic clean-generic \
+maintainer-clean-generic clean mostlyclean distclean maintainer-clean
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
+ @foo='$(include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-local: install-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+
+check-local::
+ @foo='$(CHECK_LOCAL)'; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if ./$$i --version > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0; \
+ fi
+
+rxterm: rxterm.in
+ sed -e "s!%bindir%!$(bindir)!" $(srcdir)/rxterm.in > $@
+ chmod +x $@
+
+rxtelnet: rxtelnet.in
+ sed -e "s!%bindir%!$(bindir)!" $(srcdir)/rxtelnet.in > $@
+ chmod +x $@
+
+tenletxr: tenletxr.in
+ sed -e "s!%bindir%!$(bindir)!" $(srcdir)/tenletxr.in > $@
+ chmod +x $@
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/crypto/heimdal/appl/kx/common.c b/crypto/heimdal/appl/kx/common.c
new file mode 100644
index 0000000..0d23169
--- /dev/null
+++ b/crypto/heimdal/appl/kx/common.c
@@ -0,0 +1,794 @@
+/*
+ * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kx.h"
+
+RCSID("$Id: common.c,v 1.62 2001/02/15 04:20:51 assar Exp $");
+
+char x_socket[MaxPathLen];
+
+u_int32_t display_num;
+char display[MaxPathLen];
+int display_size = sizeof(display);
+char xauthfile[MaxPathLen];
+int xauthfile_size = sizeof(xauthfile);
+u_char cookie[16];
+size_t cookie_len = sizeof(cookie);
+
+#ifndef X_UNIX_PATH
+#define X_UNIX_PATH "/tmp/.X11-unix/X"
+#endif
+
+#ifndef X_PIPE_PATH
+#define X_PIPE_PATH "/tmp/.X11-pipe/X"
+#endif
+
+/*
+ * Allocate a unix domain socket in `s' for display `dpy' and with
+ * filename `pattern'
+ *
+ * 0 if all is OK
+ * -1 if bind failed badly
+ * 1 if dpy is already used */
+
+static int
+try_socket (struct x_socket *s, int dpy, const char *pattern)
+{
+ struct sockaddr_un addr;
+ int fd;
+
+ fd = socket (AF_UNIX, SOCK_STREAM, 0);
+ if (fd < 0)
+ err (1, "socket AF_UNIX");
+ memset (&addr, 0, sizeof(addr));
+ addr.sun_family = AF_UNIX;
+ snprintf (addr.sun_path, sizeof(addr.sun_path), pattern, dpy);
+ if(bind(fd,
+ (struct sockaddr *)&addr,
+ sizeof(addr)) < 0) {
+ close (fd);
+ if (errno == EADDRINUSE ||
+ errno == EACCES /* Cray return EACCESS */
+#ifdef ENOTUNIQ
+ || errno == ENOTUNIQ /* bug in Solaris 2.4 */
+#endif
+ )
+ return 1;
+ else
+ return -1;
+ }
+ s->fd = fd;
+ s->pathname = strdup (addr.sun_path);
+ if (s->pathname == NULL)
+ errx (1, "strdup: out of memory");
+ s->flags = UNIX_SOCKET;
+ return 0;
+}
+
+#ifdef MAY_HAVE_X11_PIPES
+/*
+ * Allocate a stream (masqueraded as a named pipe)
+ *
+ * 0 if all is OK
+ * -1 if bind failed badly
+ * 1 if dpy is already used
+ */
+
+static int
+try_pipe (struct x_socket *s, int dpy, const char *pattern)
+{
+ char path[MAXPATHLEN];
+ int ret;
+ int fd;
+ int pipefd[2];
+
+ snprintf (path, sizeof(path), pattern, dpy);
+ fd = open (path, O_WRONLY | O_CREAT | O_EXCL, 0600);
+ if (fd < 0) {
+ if (errno == EEXIST)
+ return 1;
+ else
+ return -1;
+ }
+
+ close (fd);
+
+ ret = pipe (pipefd);
+ if (ret < 0)
+ err (1, "pipe");
+
+ ret = ioctl (pipefd[1], I_PUSH, "connld");
+ if (ret < 0) {
+ if(errno == ENOSYS)
+ return -1;
+ err (1, "ioctl I_PUSH");
+ }
+
+ ret = fattach (pipefd[1], path);
+ if (ret < 0)
+ err (1, "fattach %s", path);
+
+ s->fd = pipefd[0];
+ close (pipefd[1]);
+ s->pathname = strdup (path);
+ if (s->pathname == NULL)
+ errx (1, "strdup: out of memory");
+ s->flags = STREAM_PIPE;
+ return 0;
+}
+#endif /* MAY_HAVE_X11_PIPES */
+
+/*
+ * Try to create a TCP socket in `s' corresponding to display `dpy'.
+ *
+ * 0 if all is OK
+ * -1 if bind failed badly
+ * 1 if dpy is already used
+ */
+
+static int
+try_tcp (struct x_socket *s, int dpy)
+{
+ struct sockaddr_in tcpaddr;
+ struct in_addr local;
+ int one = 1;
+ int fd;
+
+ memset(&local, 0, sizeof(local));
+ local.s_addr = htonl(INADDR_LOOPBACK);
+
+ fd = socket (AF_INET, SOCK_STREAM, 0);
+ if (fd < 0)
+ err (1, "socket AF_INET");
+#if defined(TCP_NODELAY) && defined(HAVE_SETSOCKOPT)
+ setsockopt (fd, IPPROTO_TCP, TCP_NODELAY, (void *)&one,
+ sizeof(one));
+#endif
+ memset (&tcpaddr, 0, sizeof(tcpaddr));
+ tcpaddr.sin_family = AF_INET;
+ tcpaddr.sin_addr = local;
+ tcpaddr.sin_port = htons(6000 + dpy);
+ if (bind (fd, (struct sockaddr *)&tcpaddr,
+ sizeof(tcpaddr)) < 0) {
+ close (fd);
+ if (errno == EADDRINUSE)
+ return 1;
+ else
+ return -1;
+ }
+ s->fd = fd;
+ s->pathname = NULL;
+ s->flags = TCP;
+ return 0;
+}
+
+/*
+ * The potential places to create unix sockets.
+ */
+
+static char *x_sockets[] = {
+X_UNIX_PATH "%u",
+"/var/X/.X11-unix/X" "%u",
+"/usr/spool/sockets/X11/" "%u",
+NULL
+};
+
+/*
+ * Dito for stream pipes.
+ */
+
+#ifdef MAY_HAVE_X11_PIPES
+static char *x_pipes[] = {
+X_PIPE_PATH "%u",
+"/var/X/.X11-pipe/X" "%u",
+NULL
+};
+#endif
+
+/*
+ * Create the directory corresponding to dirname of `path' or fail.
+ */
+
+static void
+try_mkdir (const char *path)
+{
+ char *dir;
+ char *p;
+ int oldmask;
+
+ if((dir = strdup (path)) == NULL)
+ errx (1, "strdup: out of memory");
+ p = strrchr (dir, '/');
+ if (p)
+ *p = '\0';
+
+ oldmask = umask(0);
+ mkdir (dir, 01777);
+ umask (oldmask);
+ free (dir);
+}
+
+/*
+ * Allocate a display, returning the number of sockets in `number' and
+ * all the corresponding sockets in `sockets'. If `tcp_socket' is
+ * true, also allcoaet a TCP socket.
+ *
+ * The return value is the display allocated or -1 if an error occurred.
+ */
+
+int
+get_xsockets (int *number, struct x_socket **sockets, int tcp_socket)
+{
+ int dpy;
+ struct x_socket *s;
+ int n;
+ int i;
+
+ s = malloc (sizeof(*s) * 5);
+ if (s == NULL)
+ errx (1, "malloc: out of memory");
+
+ try_mkdir (X_UNIX_PATH);
+ try_mkdir (X_PIPE_PATH);
+
+ for(dpy = 4; dpy < 256; ++dpy) {
+ char **path;
+ int tmp = 0;
+
+ n = 0;
+ for (path = x_sockets; *path; ++path) {
+ tmp = try_socket (&s[n], dpy, *path);
+ if (tmp == -1) {
+ if (errno != ENOTDIR && errno != ENOENT)
+ return -1;
+ } else if (tmp == 1) {
+ while(--n >= 0) {
+ close (s[n].fd);
+ free (s[n].pathname);
+ }
+ break;
+ } else if (tmp == 0)
+ ++n;
+ }
+ if (tmp == 1)
+ continue;
+
+#ifdef MAY_HAVE_X11_PIPES
+ for (path = x_pipes; *path; ++path) {
+ tmp = try_pipe (&s[n], dpy, *path);
+ if (tmp == -1) {
+ if (errno != ENOTDIR && errno != ENOENT && errno != ENOSYS)
+ return -1;
+ } else if (tmp == 1) {
+ while (--n >= 0) {
+ close (s[n].fd);
+ free (s[n].pathname);
+ }
+ break;
+ } else if (tmp == 0)
+ ++n;
+ }
+
+ if (tmp == 1)
+ continue;
+#endif
+
+ if (tcp_socket) {
+ tmp = try_tcp (&s[n], dpy);
+ if (tmp == -1)
+ return -1;
+ else if (tmp == 1) {
+ while (--n >= 0) {
+ close (s[n].fd);
+ free (s[n].pathname);
+ }
+ break;
+ } else if (tmp == 0)
+ ++n;
+ }
+ break;
+ }
+ if (dpy == 256)
+ errx (1, "no free x-servers");
+ for (i = 0; i < n; ++i)
+ if (s[i].flags & LISTENP
+ && listen (s[i].fd, SOMAXCONN) < 0)
+ err (1, "listen %s", s[i].pathname ? s[i].pathname : "tcp");
+ *number = n;
+ *sockets = s;
+ return dpy;
+}
+
+/*
+ * Change owner on the `n' sockets in `sockets' to `uid', `gid'.
+ * Return 0 is succesful or -1 if an error occurred.
+ */
+
+int
+chown_xsockets (int n, struct x_socket *sockets, uid_t uid, gid_t gid)
+{
+ int i;
+
+ for (i = 0; i < n; ++i)
+ if (sockets[i].pathname != NULL)
+ if (chown (sockets[i].pathname, uid, gid) < 0)
+ return -1;
+ return 0;
+}
+
+/*
+ * Connect to local display `dnr' with local transport.
+ * Return a file descriptor.
+ */
+
+int
+connect_local_xsocket (unsigned dnr)
+{
+ int fd;
+ struct sockaddr_un addr;
+ char **path;
+
+ for (path = x_sockets; *path; ++path) {
+ fd = socket (AF_UNIX, SOCK_STREAM, 0);
+ if (fd < 0)
+ err (1, "socket AF_UNIX");
+ memset (&addr, 0, sizeof(addr));
+ addr.sun_family = AF_UNIX;
+ snprintf (addr.sun_path, sizeof(addr.sun_path), *path, dnr);
+ if (connect (fd, (struct sockaddr *)&addr, sizeof(addr)) == 0)
+ return fd;
+ }
+ err (1, "connecting to local display %u", dnr);
+}
+
+/*
+ * Create a cookie file with a random cookie for the localhost. The
+ * file name will be stored in `xauthfile' (but not larger than
+ * `xauthfile_size'), and the cookie returned in `cookie', `cookie_sz'.
+ * Return 0 if succesful, or errno.
+ */
+
+int
+create_and_write_cookie (char *xauthfile,
+ size_t xauthfile_size,
+ u_char *cookie,
+ size_t cookie_sz)
+{
+ Xauth auth;
+ char tmp[64];
+ int fd;
+ FILE *f;
+ char hostname[MaxHostNameLen];
+ struct in_addr loopback;
+ int saved_errno;
+
+ gethostname (hostname, sizeof(hostname));
+ loopback.s_addr = htonl(INADDR_LOOPBACK);
+
+ auth.family = FamilyLocal;
+ auth.address = hostname;
+ auth.address_length = strlen(auth.address);
+ snprintf (tmp, sizeof(tmp), "%d", display_num);
+ auth.number_length = strlen(tmp);
+ auth.number = tmp;
+ auth.name = COOKIE_TYPE;
+ auth.name_length = strlen(auth.name);
+ auth.data_length = cookie_sz;
+ auth.data = (char*)cookie;
+#ifdef HAVE_OPENSSL_DES_H
+ krb5_generate_random_block (cookie, cookie_sz);
+#else
+ des_rand_data (cookie, cookie_sz);
+#endif
+
+ strlcpy(xauthfile, "/tmp/AXXXXXX", xauthfile_size);
+ fd = mkstemp(xauthfile);
+ if(fd < 0) {
+ saved_errno = errno;
+ syslog(LOG_ERR, "create_and_write_cookie: mkstemp: %m");
+ return saved_errno;
+ }
+ f = fdopen(fd, "r+");
+ if(f == NULL){
+ saved_errno = errno;
+ close(fd);
+ return errno;
+ }
+ if(XauWriteAuth(f, &auth) == 0) {
+ saved_errno = errno;
+ fclose(f);
+ return saved_errno;
+ }
+
+ /*
+ * I would like to write a cookie for localhost:n here, but some
+ * stupid code in libX11 will not look for cookies of that type,
+ * so we are forced to use FamilyWild instead.
+ */
+
+ auth.family = FamilyWild;
+ auth.address_length = 0;
+
+#if 0 /* XXX */
+ auth.address = (char *)&loopback;
+ auth.address_length = sizeof(loopback);
+#endif
+
+ if (XauWriteAuth(f, &auth) == 0) {
+ saved_errno = errno;
+ fclose (f);
+ return saved_errno;
+ }
+
+ if(fclose(f))
+ return errno;
+ return 0;
+}
+
+/*
+ * Verify and remove cookies. Read and parse a X-connection from
+ * `fd'. Check the cookie used is the same as in `cookie'. Remove the
+ * cookie and copy the rest of it to `sock'.
+ * Expect cookies iff cookiesp.
+ * Return 0 iff ok.
+ *
+ * The protocol is as follows:
+ *
+ * C->S: [Bl] 1
+ * unused 1
+ * protocol major version 2
+ * protocol minor version 2
+ * length of auth protocol name(n) 2
+ * length of auth protocol data 2
+ * unused 2
+ * authorization protocol name n
+ * pad pad(n)
+ * authorization protocol data d
+ * pad pad(d)
+ *
+ * S->C: Failed
+ * 0 1
+ * length of reason 1
+ * protocol major version 2
+ * protocol minor version 2
+ * length in 4 bytes unit of
+ * additional data (n+p)/4 2
+ * reason n
+ * unused p = pad(n)
+ */
+
+int
+verify_and_remove_cookies (int fd, int sock, int cookiesp)
+{
+ u_char beg[12];
+ int bigendianp;
+ unsigned n, d, npad, dpad;
+ char *protocol_name, *protocol_data;
+ u_char zeros[6] = {0, 0, 0, 0, 0, 0};
+ u_char refused[20] = {0, 10,
+ 0, 0, /* protocol major version */
+ 0, 0, /* protocol minor version */
+ 0, 0, /* length of additional data / 4 */
+ 'b', 'a', 'd', ' ', 'c', 'o', 'o', 'k', 'i', 'e',
+ 0, 0};
+
+ if (net_read (fd, beg, sizeof(beg)) != sizeof(beg))
+ return 1;
+ if (net_write (sock, beg, 6) != 6)
+ return 1;
+ bigendianp = beg[0] == 'B';
+ if (bigendianp) {
+ n = (beg[6] << 8) | beg[7];
+ d = (beg[8] << 8) | beg[9];
+ } else {
+ n = (beg[7] << 8) | beg[6];
+ d = (beg[9] << 8) | beg[8];
+ }
+ npad = (4 - (n % 4)) % 4;
+ dpad = (4 - (d % 4)) % 4;
+ protocol_name = malloc(n + npad);
+ if (n + npad != 0 && protocol_name == NULL)
+ return 1;
+ protocol_data = malloc(d + dpad);
+ if (d + dpad != 0 && protocol_data == NULL) {
+ free (protocol_name);
+ return 1;
+ }
+ if (net_read (fd, protocol_name, n + npad) != n + npad)
+ goto fail;
+ if (net_read (fd, protocol_data, d + dpad) != d + dpad)
+ goto fail;
+ if (cookiesp) {
+ if (strncmp (protocol_name, COOKIE_TYPE, strlen(COOKIE_TYPE)) != 0)
+ goto refused;
+ if (d != cookie_len ||
+ memcmp (protocol_data, cookie, cookie_len) != 0)
+ goto refused;
+ }
+ free (protocol_name);
+ free (protocol_data);
+ if (net_write (sock, zeros, 6) != 6)
+ return 1;
+ return 0;
+refused:
+ refused[2] = beg[2];
+ refused[3] = beg[3];
+ refused[4] = beg[4];
+ refused[5] = beg[5];
+ if (bigendianp)
+ refused[7] = 3;
+ else
+ refused[6] = 3;
+
+ net_write (fd, refused, sizeof(refused));
+fail:
+ free (protocol_name);
+ free (protocol_data);
+ return 1;
+}
+
+/*
+ * Return 0 iff `cookie' is compatible with the cookie for the
+ * localhost with name given in `ai' (or `hostname') and display
+ * number in `disp_nr'.
+ */
+
+static int
+match_local_auth (Xauth* auth,
+ struct addrinfo *ai, const char *hostname, int disp_nr)
+{
+ int auth_disp;
+ char *tmp_disp;
+ struct addrinfo *a;
+
+ tmp_disp = strndup (auth->number, auth->number_length);
+ if (tmp_disp == NULL)
+ return -1;
+ auth_disp = atoi(tmp_disp);
+ free (tmp_disp);
+ if (auth_disp != disp_nr)
+ return 1;
+ for (a = ai; a != NULL; a = a->ai_next) {
+ if ((auth->family == FamilyLocal
+ || auth->family == FamilyWild)
+ && a->ai_canonname != NULL
+ && strncmp (auth->address,
+ a->ai_canonname,
+ auth->address_length) == 0)
+ return 0;
+ }
+ if (hostname != NULL
+ && (auth->family == FamilyLocal
+ || auth->family == FamilyWild)
+ && strncmp (auth->address, hostname, auth->address_length) == 0)
+ return 0;
+ return 1;
+}
+
+/*
+ * Find `our' cookie from the cookie file `f' and return it or NULL.
+ */
+
+static Xauth*
+find_auth_cookie (FILE *f)
+{
+ Xauth *ret = NULL;
+ char local_hostname[MaxHostNameLen];
+ char *display = getenv("DISPLAY");
+ char d[MaxHostNameLen + 4];
+ char *colon;
+ struct addrinfo *ai;
+ struct addrinfo hints;
+ int disp;
+ int error;
+
+ if(display == NULL)
+ display = ":0";
+ strlcpy(d, display, sizeof(d));
+ display = d;
+ colon = strchr (display, ':');
+ if (colon == NULL)
+ disp = 0;
+ else {
+ *colon = '\0';
+ disp = atoi (colon + 1);
+ }
+ if (strcmp (display, "") == 0
+ || strncmp (display, "unix", 4) == 0
+ || strncmp (display, "localhost", 9) == 0) {
+ gethostname (local_hostname, sizeof(local_hostname));
+ display = local_hostname;
+ }
+ memset (&hints, 0, sizeof(hints));
+ hints.ai_flags = AI_CANONNAME;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_protocol = IPPROTO_TCP;
+
+ error = getaddrinfo (display, NULL, &hints, &ai);
+ if (error)
+ ai = NULL;
+
+ for (; (ret = XauReadAuth (f)) != NULL; XauDisposeAuth(ret)) {
+ if (match_local_auth (ret, ai, display, disp) == 0) {
+ if (ai != NULL)
+ freeaddrinfo (ai);
+ return ret;
+ }
+ }
+ if (ai != NULL)
+ freeaddrinfo (ai);
+ return NULL;
+}
+
+/*
+ * Get rid of the cookie that we were sent and get the correct one
+ * from our own cookie file instead.
+ */
+
+int
+replace_cookie(int xserver, int fd, char *filename, int cookiesp) /* XXX */
+{
+ u_char beg[12];
+ int bigendianp;
+ unsigned n, d, npad, dpad;
+ FILE *f;
+ u_char zeros[6] = {0, 0, 0, 0, 0, 0};
+
+ if (net_read (fd, beg, sizeof(beg)) != sizeof(beg))
+ return 1;
+ if (net_write (xserver, beg, 6) != 6)
+ return 1;
+ bigendianp = beg[0] == 'B';
+ if (bigendianp) {
+ n = (beg[6] << 8) | beg[7];
+ d = (beg[8] << 8) | beg[9];
+ } else {
+ n = (beg[7] << 8) | beg[6];
+ d = (beg[9] << 8) | beg[8];
+ }
+ if (n != 0 || d != 0)
+ return 1;
+ f = fopen(filename, "r");
+ if (f != NULL) {
+ Xauth *auth = find_auth_cookie (f);
+ u_char len[6] = {0, 0, 0, 0, 0, 0};
+
+ fclose (f);
+
+ if (auth != NULL) {
+ n = auth->name_length;
+ d = auth->data_length;
+ } else {
+ n = 0;
+ d = 0;
+ }
+ if (bigendianp) {
+ len[0] = n >> 8;
+ len[1] = n & 0xFF;
+ len[2] = d >> 8;
+ len[3] = d & 0xFF;
+ } else {
+ len[0] = n & 0xFF;
+ len[1] = n >> 8;
+ len[2] = d & 0xFF;
+ len[3] = d >> 8;
+ }
+ if (net_write (xserver, len, 6) != 6) {
+ XauDisposeAuth(auth);
+ return 1;
+ }
+ if(n != 0 && net_write (xserver, auth->name, n) != n) {
+ XauDisposeAuth(auth);
+ return 1;
+ }
+ npad = (4 - (n % 4)) % 4;
+ if (npad && net_write (xserver, zeros, npad) != npad) {
+ XauDisposeAuth(auth);
+ return 1;
+ }
+ if (d != 0 && net_write (xserver, auth->data, d) != d) {
+ XauDisposeAuth(auth);
+ return 1;
+ }
+ XauDisposeAuth(auth);
+ dpad = (4 - (d % 4)) % 4;
+ if (dpad && net_write (xserver, zeros, dpad) != dpad)
+ return 1;
+ } else {
+ if(net_write(xserver, zeros, 6) != 6)
+ return 1;
+ }
+ return 0;
+}
+
+/*
+ * Some simple controls on the address and corresponding socket
+ */
+
+int
+suspicious_address (int sock, struct sockaddr_in addr)
+{
+ char data[40];
+ socklen_t len = sizeof(data);
+
+ return addr.sin_addr.s_addr != htonl(INADDR_LOOPBACK)
+#if defined(IP_OPTIONS) && defined(HAVE_GETSOCKOPT)
+ || getsockopt (sock, IPPROTO_IP, IP_OPTIONS, data, &len) < 0
+ || len != 0
+#endif
+ ;
+}
+
+/*
+ * This really sucks, but these functions are used and if we're not
+ * linking against libkrb they don't exist. Using the heimdal storage
+ * functions will not work either cause we do not always link with
+ * libkrb5 either.
+ */
+
+#ifndef KRB4
+
+int
+krb_get_int(void *f, u_int32_t *to, int size, int lsb)
+{
+ int i;
+ unsigned char *from = (unsigned char *)f;
+
+ *to = 0;
+ if(lsb){
+ for(i = size-1; i >= 0; i--)
+ *to = (*to << 8) | from[i];
+ }else{
+ for(i = 0; i < size; i++)
+ *to = (*to << 8) | from[i];
+ }
+ return size;
+}
+
+int
+krb_put_int(u_int32_t from, void *to, size_t rem, int size)
+{
+ int i;
+ unsigned char *p = (unsigned char *)to;
+
+ if (rem < size)
+ return -1;
+
+ for(i = size - 1; i >= 0; i--){
+ p[i] = from & 0xff;
+ from >>= 8;
+ }
+ return size;
+}
+
+#endif /* !KRB4 */
diff --git a/crypto/heimdal/appl/kx/context.c b/crypto/heimdal/appl/kx/context.c
new file mode 100644
index 0000000..bbc8da9
--- /dev/null
+++ b/crypto/heimdal/appl/kx/context.c
@@ -0,0 +1,92 @@
+/*
+ * Copyright (c) 1995 - 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kx.h"
+
+RCSID("$Id: context.c,v 1.4 1999/12/02 16:58:32 joda Exp $");
+
+/*
+ * Set the common part of the context `kc'
+ */
+
+void
+context_set (kx_context *kc, const char *host, const char *user, int port,
+ int debug_flag, int keepalive_flag, int tcp_flag)
+{
+ kc->host = host;
+ kc->user = user;
+ kc->port = port;
+ kc->debug_flag = debug_flag;
+ kc->keepalive_flag = keepalive_flag;
+ kc->tcp_flag = tcp_flag;
+}
+
+/*
+ * dispatch functions
+ */
+
+void
+context_destroy (kx_context *kc)
+{
+ (*kc->destroy)(kc);
+}
+
+int
+context_authenticate (kx_context *kc, int s)
+{
+ return (*kc->authenticate)(kc, s);
+}
+
+int
+context_userok (kx_context *kc, char *user)
+{
+ return (*kc->userok)(kc, user);
+}
+
+ssize_t
+kx_read (kx_context *kc, int fd, void *buf, size_t len)
+{
+ return (*kc->read)(kc, fd, buf, len);
+}
+
+ssize_t
+kx_write (kx_context *kc, int fd, const void *buf, size_t len)
+{
+ return (*kc->write)(kc, fd, buf, len);
+}
+
+int
+copy_encrypted (kx_context *kc, int fd1, int fd2)
+{
+ return (*kc->copy_encrypted)(kc, fd1, fd2);
+}
diff --git a/crypto/heimdal/appl/kx/krb4.c b/crypto/heimdal/appl/kx/krb4.c
new file mode 100644
index 0000000..07852c9
--- /dev/null
+++ b/crypto/heimdal/appl/kx/krb4.c
@@ -0,0 +1,361 @@
+/*
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kx.h"
+
+RCSID("$Id: krb4.c,v 1.8 2000/10/08 13:19:22 assar Exp $");
+
+#ifdef KRB4
+
+struct krb4_kx_context {
+ des_cblock key;
+ des_key_schedule schedule;
+ AUTH_DAT auth;
+};
+
+typedef struct krb4_kx_context krb4_kx_context;
+
+/*
+ * Destroy the krb4 context in `c'.
+ */
+
+static void
+krb4_destroy (kx_context *c)
+{
+ memset (c->data, 0, sizeof(krb4_kx_context));
+ free (c->data);
+}
+
+/*
+ * Read the authentication information from `s' and return 0 if
+ * succesful, else -1.
+ */
+
+static int
+krb4_authenticate (kx_context *kc, int s)
+{
+ CREDENTIALS cred;
+ KTEXT_ST text;
+ MSG_DAT msg;
+ int status;
+ krb4_kx_context *c = (krb4_kx_context *)kc->data;
+ const char *host = kc->host;
+
+#ifdef HAVE_KRB_GET_OUR_IP_FOR_REALM
+ if (krb_get_config_bool("nat_in_use")) {
+ struct in_addr natAddr;
+
+ if (krb_get_our_ip_for_realm(krb_realmofhost(kc->host),
+ &natAddr) == KSUCCESS
+ || krb_get_our_ip_for_realm (NULL, &natAddr) == KSUCCESS)
+ kc->thisaddr.sin_addr = natAddr;
+ }
+#endif
+
+ status = krb_sendauth (KOPT_DO_MUTUAL, s, &text, "rcmd",
+ (char *)host, krb_realmofhost (host),
+ getpid(), &msg, &cred, c->schedule,
+ &kc->thisaddr, &kc->thataddr, KX_VERSION);
+ if (status != KSUCCESS) {
+ warnx ("%s: %s\n", host, krb_get_err_text(status));
+ return -1;
+ }
+ memcpy (c->key, cred.session, sizeof(des_cblock));
+ return 0;
+}
+
+/*
+ * Read a krb4 priv packet from `fd' into `buf' (of size `len').
+ * Return the number of bytes read or 0 on EOF or -1 on error.
+ */
+
+static ssize_t
+krb4_read (kx_context *kc,
+ int fd, void *buf, size_t len)
+{
+ unsigned char tmp[4];
+ ssize_t ret;
+ size_t l;
+ int status;
+ krb4_kx_context *c = (krb4_kx_context *)kc->data;
+ MSG_DAT msg;
+
+ ret = krb_net_read (fd, tmp, 4);
+ if (ret == 0)
+ return ret;
+ if (ret != 4)
+ return -1;
+ l = (tmp[0] << 24) | (tmp[1] << 16) | (tmp[2] << 8) | tmp[3];
+ if (l > len)
+ return -1;
+ if (krb_net_read (fd, buf, l) != l)
+ return -1;
+ status = krb_rd_priv (buf, l, c->schedule, &c->key,
+ &kc->thataddr, &kc->thisaddr, &msg);
+ if (status != RD_AP_OK) {
+ warnx ("krb4_read: %s", krb_get_err_text(status));
+ return -1;
+ }
+ memmove (buf, msg.app_data, msg.app_length);
+ return msg.app_length;
+}
+
+/*
+ * Write a krb4 priv packet on `fd' with the data in `buf, len'.
+ * Return len or -1 on error
+ */
+
+static ssize_t
+krb4_write(kx_context *kc,
+ int fd, const void *buf, size_t len)
+{
+ void *outbuf;
+ krb4_kx_context *c = (krb4_kx_context *)kc->data;
+ int outlen;
+ unsigned char tmp[4];
+
+ outbuf = malloc (len + 30);
+ if (outbuf == NULL)
+ return -1;
+ outlen = krb_mk_priv ((void *)buf, outbuf, len, c->schedule, &c->key,
+ &kc->thisaddr, &kc->thataddr);
+ if (outlen < 0) {
+ free (outbuf);
+ return -1;
+ }
+ tmp[0] = (outlen >> 24) & 0xFF;
+ tmp[1] = (outlen >> 16) & 0xFF;
+ tmp[2] = (outlen >> 8) & 0xFF;
+ tmp[3] = (outlen >> 0) & 0xFF;
+
+ if (krb_net_write (fd, tmp, 4) != 4 ||
+ krb_net_write (fd, outbuf, outlen) != outlen) {
+ free (outbuf);
+ return -1;
+ }
+ free (outbuf);
+ return len;
+}
+
+/*
+ * Copy data from `fd1' to `fd2', {en,de}crypting with cfb64
+ * with `mode' and state stored in `iv', `schedule', and `num'.
+ * Return -1 if error, 0 if eof, else 1
+ */
+
+static int
+do_enccopy (int fd1, int fd2, int mode, des_cblock *iv,
+ des_key_schedule schedule, int *num)
+{
+ int ret;
+ u_char buf[BUFSIZ];
+
+ ret = read (fd1, buf, sizeof(buf));
+ if (ret == 0)
+ return 0;
+ if (ret < 0) {
+ warn ("read");
+ return ret;
+ }
+#ifndef NOENCRYPTION
+ des_cfb64_encrypt (buf, buf, ret, schedule, iv,
+ num, mode);
+#endif
+ ret = krb_net_write (fd2, buf, ret);
+ if (ret < 0) {
+ warn ("write");
+ return ret;
+ }
+ return 1;
+}
+
+/*
+ * Copy data between fd1 and fd2, encrypting one way and decrypting
+ * the other.
+ */
+
+static int
+krb4_copy_encrypted (kx_context *kc,
+ int fd1, int fd2)
+{
+ krb4_kx_context *c = (krb4_kx_context *)kc->data;
+ des_cblock iv1, iv2;
+ int num1 = 0, num2 = 0;
+
+ memcpy (iv1, c->key, sizeof(iv1));
+ memcpy (iv2, c->key, sizeof(iv2));
+ for (;;) {
+ fd_set fdset;
+ int ret;
+
+ if (fd1 >= FD_SETSIZE || fd2 >= FD_SETSIZE) {
+ warnx ("fd too large");
+ return 1;
+ }
+
+ FD_ZERO(&fdset);
+ FD_SET(fd1, &fdset);
+ FD_SET(fd2, &fdset);
+
+ ret = select (max(fd1, fd2)+1, &fdset, NULL, NULL, NULL);
+ if (ret < 0 && errno != EINTR) {
+ warn ("select");
+ return 1;
+ }
+ if (FD_ISSET(fd1, &fdset)) {
+ ret = do_enccopy (fd1, fd2, DES_ENCRYPT, &iv1, c->schedule, &num1);
+ if (ret <= 0)
+ return ret;
+ }
+ if (FD_ISSET(fd2, &fdset)) {
+ ret = do_enccopy (fd2, fd1, DES_DECRYPT, &iv2, c->schedule, &num2);
+ if (ret <= 0)
+ return ret;
+ }
+ }
+}
+
+/*
+ * Return 0 if the user authenticated on `kc' is allowed to login as
+ * `user'.
+ */
+
+static int
+krb4_userok (kx_context *kc, char *user)
+{
+ krb4_kx_context *c = (krb4_kx_context *)kc->data;
+ char *tmp;
+
+ tmp = krb_unparse_name_long (c->auth.pname,
+ c->auth.pinst,
+ c->auth.prealm);
+ kc->user = strdup (tmp);
+ if (kc->user == NULL)
+ err (1, "malloc");
+
+
+ return kuserok (&c->auth, user);
+}
+
+/*
+ * Create an instance of an krb4 context.
+ */
+
+void
+krb4_make_context (kx_context *kc)
+{
+ kc->authenticate = krb4_authenticate;
+ kc->userok = krb4_userok;
+ kc->read = krb4_read;
+ kc->write = krb4_write;
+ kc->copy_encrypted = krb4_copy_encrypted;
+ kc->destroy = krb4_destroy;
+ kc->user = NULL;
+ kc->data = malloc(sizeof(krb4_kx_context));
+
+ if (kc->data == NULL)
+ err (1, "malloc");
+}
+
+/*
+ * Receive authentication information on `sock' (first four bytes
+ * in `buf').
+ */
+
+int
+recv_v4_auth (kx_context *kc, int sock, u_char *buf)
+{
+ int status;
+ KTEXT_ST ticket;
+ char instance[INST_SZ + 1];
+ char version[KRB_SENDAUTH_VLEN + 1];
+ krb4_kx_context *c;
+ AUTH_DAT auth;
+ des_key_schedule schedule;
+
+ if (memcmp (buf, KRB_SENDAUTH_VERS, 4) != 0)
+ return -1;
+ if (net_read (sock, buf + 4, KRB_SENDAUTH_VLEN - 4) !=
+ KRB_SENDAUTH_VLEN - 4) {
+ syslog (LOG_ERR, "read: %m");
+ exit (1);
+ }
+ if (memcmp (buf, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN) != 0) {
+ syslog (LOG_ERR, "unrecognized auth protocol: %.8s", buf);
+ exit (1);
+ }
+
+ k_getsockinst (sock, instance, sizeof(instance));
+ status = krb_recvauth (KOPT_IGNORE_PROTOCOL | KOPT_DO_MUTUAL,
+ sock,
+ &ticket,
+ "rcmd",
+ instance,
+ &kc->thataddr,
+ &kc->thisaddr,
+ &auth,
+ "",
+ schedule,
+ version);
+ if (status != KSUCCESS) {
+ syslog (LOG_ERR, "krb_recvauth: %s", krb_get_err_text(status));
+ exit (1);
+ }
+ if (strncmp (version, KX_VERSION, KRB_SENDAUTH_VLEN) != 0) {
+ /* Try to be nice to old kx's */
+ if (strncmp (version, KX_OLD_VERSION, KRB_SENDAUTH_VLEN) == 0) {
+ char *old_errmsg = "\001Old version of kx. Please upgrade.";
+ char user[64];
+
+ syslog (LOG_ERR, "Old version client (%s)", version);
+
+ krb_net_read (sock, user, sizeof(user));
+ krb_net_write (sock, old_errmsg, strlen(old_errmsg) + 1);
+ exit (1);
+ } else {
+ syslog (LOG_ERR, "bad version: %s", version);
+ exit (1);
+ }
+ }
+
+ krb4_make_context (kc);
+ c = (krb4_kx_context *)kc->data;
+
+ c->auth = auth;
+ memcpy (c->key, &auth.session, sizeof(des_cblock));
+ memcpy (c->schedule, schedule, sizeof(schedule));
+
+ return 0;
+}
+
+#endif /* KRB4 */
diff --git a/crypto/heimdal/appl/kx/krb5.c b/crypto/heimdal/appl/kx/krb5.c
new file mode 100644
index 0000000..0b4a083
--- /dev/null
+++ b/crypto/heimdal/appl/kx/krb5.c
@@ -0,0 +1,421 @@
+/*
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kx.h"
+
+RCSID("$Id: krb5.c,v 1.7 2000/12/31 07:32:03 assar Exp $");
+
+#ifdef KRB5
+
+struct krb5_kx_context {
+ krb5_context context;
+ krb5_keyblock *keyblock;
+ krb5_crypto crypto;
+ krb5_principal client;
+};
+
+typedef struct krb5_kx_context krb5_kx_context;
+
+/*
+ * Destroy the krb5 context in `c'.
+ */
+
+static void
+krb5_destroy (kx_context *c)
+{
+ krb5_kx_context *kc = (krb5_kx_context *)c->data;
+
+ if (kc->keyblock)
+ krb5_free_keyblock (kc->context, kc->keyblock);
+ if (kc->crypto)
+ krb5_crypto_destroy (kc->context, kc->crypto);
+ if (kc->client)
+ krb5_free_principal (kc->context, kc->client);
+ if (kc->context)
+ krb5_free_context (kc->context);
+ free (kc);
+}
+
+/*
+ * Read the authentication information from `s' and return 0 if
+ * succesful, else -1.
+ */
+
+static int
+krb5_authenticate (kx_context *kc, int s)
+{
+ krb5_kx_context *c = (krb5_kx_context *)kc->data;
+ krb5_context context = c->context;
+ krb5_auth_context auth_context = NULL;
+ krb5_error_code ret;
+ krb5_principal server;
+ const char *host = kc->host;
+
+ ret = krb5_sname_to_principal (context,
+ host, "host", KRB5_NT_SRV_HST, &server);
+ if (ret) {
+ warnx ("krb5_sname_to_principal: %s: %s", host,
+ krb5_get_err_text(context, ret));
+ return 1;
+ }
+
+ ret = krb5_sendauth (context,
+ &auth_context,
+ &s,
+ KX_VERSION,
+ NULL,
+ server,
+ AP_OPTS_MUTUAL_REQUIRED,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
+ if (ret) {
+ warnx ("krb5_sendauth: %s: %s", host,
+ krb5_get_err_text(context, ret));
+ return 1;
+ }
+
+ ret = krb5_auth_con_getkey (context, auth_context, &c->keyblock);
+ if (ret) {
+ warnx ("krb5_auth_con_getkey: %s: %s", host,
+ krb5_get_err_text(context, ret));
+ krb5_auth_con_free (context, auth_context);
+ return 1;
+ }
+
+ ret = krb5_crypto_init (context, c->keyblock, 0, &c->crypto);
+ if (ret) {
+ warnx ("krb5_crypto_init: %s", krb5_get_err_text (context, ret));
+ krb5_auth_con_free (context, auth_context);
+ return 1;
+ }
+ return 0;
+}
+
+/*
+ * Read an encapsulated krb5 packet from `fd' into `buf' (of size
+ * `len'). Return the number of bytes read or 0 on EOF or -1 on
+ * error.
+ */
+
+static ssize_t
+krb5_read (kx_context *kc,
+ int fd, void *buf, size_t len)
+{
+ krb5_kx_context *c = (krb5_kx_context *)kc->data;
+ krb5_context context = c->context;
+ size_t data_len, outer_len;
+ krb5_error_code ret;
+ unsigned char tmp[4];
+ krb5_data data;
+ int l;
+
+ l = krb5_net_read (context, &fd, tmp, 4);
+ if (l == 0)
+ return l;
+ if (l != 4)
+ return -1;
+ data_len = (tmp[0] << 24) | (tmp[1] << 16) | (tmp[2] << 8) | tmp[3];
+ outer_len = krb5_get_wrapped_length (context, c->crypto, data_len);
+ if (outer_len > len)
+ return -1;
+ if (krb5_net_read (context, &fd, buf, outer_len) != outer_len)
+ return -1;
+
+ ret = krb5_decrypt (context, c->crypto, KRB5_KU_OTHER_ENCRYPTED,
+ buf, outer_len, &data);
+ if (ret) {
+ warnx ("krb5_decrypt: %s", krb5_get_err_text(context, ret));
+ return -1;
+ }
+ if (data_len > data.length) {
+ krb5_data_free (&data);
+ return -1;
+ }
+ memmove (buf, data.data, data_len);
+ krb5_data_free (&data);
+ return data_len;
+}
+
+/*
+ * Write an encapsulated krb5 packet on `fd' with the data in `buf,
+ * len'. Return len or -1 on error.
+ */
+
+static ssize_t
+krb5_write(kx_context *kc,
+ int fd, const void *buf, size_t len)
+{
+ krb5_kx_context *c = (krb5_kx_context *)kc->data;
+ krb5_context context = c->context;
+ krb5_data data;
+ krb5_error_code ret;
+ unsigned char tmp[4];
+ size_t outlen;
+
+ ret = krb5_encrypt (context, c->crypto, KRB5_KU_OTHER_ENCRYPTED,
+ (void *)buf, len, &data);
+ if (ret){
+ warnx ("krb5_write: %s", krb5_get_err_text (context, ret));
+ return -1;
+ }
+
+ outlen = data.length;
+ tmp[0] = (len >> 24) & 0xFF;
+ tmp[1] = (len >> 16) & 0xFF;
+ tmp[2] = (len >> 8) & 0xFF;
+ tmp[3] = (len >> 0) & 0xFF;
+
+ if (krb5_net_write (context, &fd, tmp, 4) != 4 ||
+ krb5_net_write (context, &fd, data.data, outlen) != outlen) {
+ krb5_data_free (&data);
+ return -1;
+ }
+ krb5_data_free (&data);
+ return len;
+}
+
+/*
+ * Copy from the unix socket `from_fd' encrypting to `to_fd'.
+ * Return 0, -1 or len.
+ */
+
+static int
+copy_out (kx_context *kc, int from_fd, int to_fd)
+{
+ char buf[32768];
+ ssize_t len;
+
+ len = read (from_fd, buf, sizeof(buf));
+ if (len == 0)
+ return 0;
+ if (len < 0) {
+ warn ("read");
+ return len;
+ }
+ return krb5_write (kc, to_fd, buf, len);
+}
+
+/*
+ * Copy from the socket `from_fd' decrypting to `to_fd'.
+ * Return 0, -1 or len.
+ */
+
+static int
+copy_in (kx_context *kc, int from_fd, int to_fd)
+{
+ krb5_kx_context *c = (krb5_kx_context *)kc->data;
+ char buf[33000]; /* XXX */
+
+ ssize_t len;
+
+ len = krb5_read (kc, from_fd, buf, sizeof(buf));
+ if (len == 0)
+ return 0;
+ if (len < 0) {
+ warn ("krb5_read");
+ return len;
+ }
+
+ return krb5_net_write (c->context, &to_fd, buf, len);
+}
+
+/*
+ * Copy data between `fd1' and `fd2', encrypting in one direction and
+ * decrypting in the other.
+ */
+
+static int
+krb5_copy_encrypted (kx_context *kc, int fd1, int fd2)
+{
+ for (;;) {
+ fd_set fdset;
+ int ret;
+
+ if (fd1 >= FD_SETSIZE || fd2 >= FD_SETSIZE) {
+ warnx ("fd too large");
+ return 1;
+ }
+
+ FD_ZERO(&fdset);
+ FD_SET(fd1, &fdset);
+ FD_SET(fd2, &fdset);
+
+ ret = select (max(fd1, fd2)+1, &fdset, NULL, NULL, NULL);
+ if (ret < 0 && errno != EINTR) {
+ warn ("select");
+ return 1;
+ }
+ if (FD_ISSET(fd1, &fdset)) {
+ ret = copy_out (kc, fd1, fd2);
+ if (ret <= 0)
+ return ret;
+ }
+ if (FD_ISSET(fd2, &fdset)) {
+ ret = copy_in (kc, fd2, fd1);
+ if (ret <= 0)
+ return ret;
+ }
+ }
+}
+
+/*
+ * Return 0 if the user authenticated on `kc' is allowed to login as
+ * `user'.
+ */
+
+static int
+krb5_userok (kx_context *kc, char *user)
+{
+ krb5_kx_context *c = (krb5_kx_context *)kc->data;
+ krb5_context context = c->context;
+ krb5_error_code ret;
+ char *tmp;
+
+ ret = krb5_unparse_name (context, c->client, &tmp);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_unparse_name");
+ kc->user = tmp;
+
+ return !krb5_kuserok (context, c->client, user);
+}
+
+/*
+ * Create an instance of an krb5 context.
+ */
+
+void
+krb5_make_context (kx_context *kc)
+{
+ krb5_kx_context *c;
+ krb5_error_code ret;
+
+ kc->authenticate = krb5_authenticate;
+ kc->userok = krb5_userok;
+ kc->read = krb5_read;
+ kc->write = krb5_write;
+ kc->copy_encrypted = krb5_copy_encrypted;
+ kc->destroy = krb5_destroy;
+ kc->user = NULL;
+ kc->data = malloc(sizeof(krb5_kx_context));
+
+ if (kc->data == NULL)
+ err (1, "malloc");
+ memset (kc->data, 0, sizeof(krb5_kx_context));
+ c = (krb5_kx_context *)kc->data;
+ ret = krb5_init_context (&c->context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+}
+
+/*
+ * Receive authentication information on `sock' (first four bytes
+ * in `buf').
+ */
+
+int
+recv_v5_auth (kx_context *kc, int sock, u_char *buf)
+{
+ u_int32_t len;
+ krb5_error_code ret;
+ krb5_kx_context *c;
+ krb5_context context;
+ krb5_principal server;
+ krb5_auth_context auth_context = NULL;
+ krb5_ticket *ticket;
+
+ if (memcmp (buf, "\x00\x00\x00\x13", 4) != 0)
+ return 1;
+ len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | (buf[3]);
+ if (net_read(sock, buf, len) != len) {
+ syslog (LOG_ERR, "read: %m");
+ exit (1);
+ }
+ if (len != sizeof(KRB5_SENDAUTH_VERSION)
+ || memcmp (buf, KRB5_SENDAUTH_VERSION, len) != 0) {
+ syslog (LOG_ERR, "bad sendauth version: %.8s", buf);
+ exit (1);
+ }
+
+ krb5_make_context (kc);
+ c = (krb5_kx_context *)kc->data;
+ context = c->context;
+
+ ret = krb5_sock_to_principal (context, sock, "host",
+ KRB5_NT_SRV_HST, &server);
+ if (ret) {
+ syslog (LOG_ERR, "krb5_sock_to_principal: %s",
+ krb5_get_err_text (context, ret));
+ exit (1);
+ }
+
+ ret = krb5_recvauth (context,
+ &auth_context,
+ &sock,
+ KX_VERSION,
+ server,
+ KRB5_RECVAUTH_IGNORE_VERSION,
+ NULL,
+ &ticket);
+ krb5_free_principal (context, server);
+ if (ret) {
+ syslog (LOG_ERR, "krb5_sock_to_principal: %s",
+ krb5_get_err_text (context, ret));
+ exit (1);
+ }
+
+ ret = krb5_auth_con_getkey (context, auth_context, &c->keyblock);
+ if (ret) {
+ syslog (LOG_ERR, "krb5_auth_con_getkey: %s",
+ krb5_get_err_text (context, ret));
+ exit (1);
+ }
+
+ ret = krb5_crypto_init (context, c->keyblock, 0, &c->crypto);
+ if (ret) {
+ syslog (LOG_ERR, "krb5_crypto_init: %s",
+ krb5_get_err_text (context, ret));
+ exit (1);
+ }
+
+ c->client = ticket->client;
+ ticket->client = NULL;
+ krb5_free_ticket (context, ticket);
+
+ return 0;
+}
+
+#endif /* KRB5 */
diff --git a/crypto/heimdal/appl/kx/kx.1 b/crypto/heimdal/appl/kx/kx.1
new file mode 100644
index 0000000..fe621d8
--- /dev/null
+++ b/crypto/heimdal/appl/kx/kx.1
@@ -0,0 +1,62 @@
+.\" $Id: kx.1,v 1.7 1997/09/01 15:59:07 assar Exp $
+.\"
+.Dd September 27, 1996
+.Dt KX 1
+.Os KTH-KRB
+.Sh NAME
+.Nm kx
+.Nd
+securely forward X conections
+.Sh SYNOPSIS
+.Ar kx
+.Op Fl l Ar username
+.Op Fl k
+.Op Fl d
+.Op Fl t
+.Op Fl p Ar port
+.Op Fl P
+.Ar host
+.Sh DESCRIPTION
+The
+.Nm
+program forwards a X connection from a remote client to a local screen
+through an authenticated and encrypted stream. Options supported by
+.Nm kx :
+.Bl -tag -width Ds
+.It Fl l
+Log in on remote the host as user
+.Ar username .
+.It Fl k
+Do not enable keep-alives on the TCP connections.
+.It Fl d
+Do not fork. This is mainly useful for debugging.
+.It Fl t
+Listen not only on a UNIX-domain socket but on a TCP socket as well.
+.It Fl p
+Use the port
+.Ar port .
+.It Fl P
+Force passive mode.
+.El
+.Pp
+This program is used by
+.Nm rxtelnet
+and
+.Nm rxterm
+and you should not need to run it directly.
+.Pp
+It connects to a
+.Nm kxd
+on the host
+.Ar host
+and then will relay the traffic from the remote X clients to the local
+server. When started, it prints the display and Xauthority-file to be
+used on host
+.Ar host
+and then goes to the background, waiting for connections from the
+remote
+.Nm kxd.
+.Sh SEE ALSO
+.Xr rxtelnet 1 ,
+.Xr rxterm 1 ,
+.Xr kxd 8
diff --git a/crypto/heimdal/appl/kx/kx.c b/crypto/heimdal/appl/kx/kx.c
new file mode 100644
index 0000000..63e1595
--- /dev/null
+++ b/crypto/heimdal/appl/kx/kx.c
@@ -0,0 +1,765 @@
+/*
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kx.h"
+
+RCSID("$Id: kx.c,v 1.68 2001/02/20 01:44:45 assar Exp $");
+
+static int nchild;
+static int donep;
+
+/*
+ * Signal handler that justs waits for the children when they die.
+ */
+
+static RETSIGTYPE
+childhandler (int sig)
+{
+ pid_t pid;
+ int status;
+
+ do {
+ pid = waitpid (-1, &status, WNOHANG|WUNTRACED);
+ if (pid > 0 && (WIFEXITED(status) || WIFSIGNALED(status)))
+ if (--nchild == 0 && donep)
+ exit (0);
+ } while(pid > 0);
+ signal (SIGCHLD, childhandler);
+ SIGRETURN(0);
+}
+
+/*
+ * Handler for SIGUSR1.
+ * This signal means that we should wait until there are no children
+ * left and then exit.
+ */
+
+static RETSIGTYPE
+usr1handler (int sig)
+{
+ donep = 1;
+
+ SIGRETURN(0);
+}
+
+/*
+ * Almost the same as for SIGUSR1, except we should exit immediately
+ * if there are no active children.
+ */
+
+static RETSIGTYPE
+usr2handler (int sig)
+{
+ donep = 1;
+ if (nchild == 0)
+ exit (0);
+
+ SIGRETURN(0);
+}
+
+/*
+ * Establish authenticated connection. Return socket or -1.
+ */
+
+static int
+connect_host (kx_context *kc)
+{
+ struct addrinfo *ai, *a;
+ struct addrinfo hints;
+ int error;
+ char portstr[NI_MAXSERV];
+ socklen_t addrlen;
+ int s;
+ struct sockaddr_storage thisaddr_ss;
+ struct sockaddr *thisaddr = (struct sockaddr *)&thisaddr_ss;
+
+ memset (&hints, 0, sizeof(hints));
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_protocol = IPPROTO_TCP;
+
+ snprintf (portstr, sizeof(portstr), "%u", ntohs(kc->port));
+
+ error = getaddrinfo (kc->host, portstr, &hints, &ai);
+ if (error) {
+ warnx ("%s: %s", kc->host, gai_strerror(error));
+ return -1;
+ }
+
+ for (a = ai; a != NULL; a = a->ai_next) {
+ s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
+ if (s < 0)
+ continue;
+ if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
+ warn ("connect(%s)", kc->host);
+ close (s);
+ continue;
+ }
+ break;
+ }
+
+ if (a == NULL) {
+ freeaddrinfo (ai);
+ return -1;
+ }
+
+ addrlen = a->ai_addrlen;
+ if (getsockname (s, thisaddr, &addrlen) < 0 ||
+ addrlen != a->ai_addrlen)
+ err(1, "getsockname(%s)", kc->host);
+ memcpy (&kc->thisaddr, thisaddr, sizeof(kc->thisaddr));
+ memcpy (&kc->thataddr, a->ai_addr, sizeof(kc->thataddr));
+ freeaddrinfo (ai);
+ if ((*kc->authenticate)(kc, s))
+ return -1;
+ return s;
+}
+
+/*
+ * Get rid of the cookie that we were sent and get the correct one
+ * from our own cookie file instead and then just copy data in both
+ * directions.
+ */
+
+static int
+passive_session (int xserver, int fd, kx_context *kc)
+{
+ if (replace_cookie (xserver, fd, XauFileName(), 1))
+ return 1;
+ else
+ return copy_encrypted (kc, xserver, fd);
+}
+
+static int
+active_session (int xserver, int fd, kx_context *kc)
+{
+ if (verify_and_remove_cookies (xserver, fd, 1))
+ return 1;
+ else
+ return copy_encrypted (kc, xserver, fd);
+}
+
+/*
+ * fork (unless debugp) and print the output that will be used by the
+ * script to capture the display, xauth cookie and pid.
+ */
+
+static void
+status_output (int debugp)
+{
+ if(debugp)
+ printf ("%u\t%s\t%s\n", (unsigned)getpid(), display, xauthfile);
+ else {
+ pid_t pid;
+
+ pid = fork();
+ if (pid < 0) {
+ err(1, "fork");
+ } else if (pid > 0) {
+ printf ("%u\t%s\t%s\n", (unsigned)pid, display, xauthfile);
+ exit (0);
+ } else {
+ fclose(stdout);
+ }
+ }
+}
+
+/*
+ * Obtain an authenticated connection on `kc'. Send a kx message
+ * saying we are `kc->user' and want to use passive mode. Wait for
+ * answer on that connection and fork of a child for every new
+ * connection we have to make.
+ */
+
+static int
+doit_passive (kx_context *kc)
+{
+ int otherside;
+ u_char msg[1024], *p;
+ int len;
+ u_int32_t tmp;
+ const char *host = kc->host;
+
+ otherside = connect_host (kc);
+
+ if (otherside < 0)
+ return 1;
+#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
+ if (kc->keepalive_flag) {
+ int one = 1;
+
+ setsockopt (otherside, SOL_SOCKET, SO_KEEPALIVE, (void *)&one,
+ sizeof(one));
+ }
+#endif
+
+ p = msg;
+ *p++ = INIT;
+ len = strlen(kc->user);
+ p += KRB_PUT_INT (len, p, sizeof(msg) - 1, 4);
+ memcpy(p, kc->user, len);
+ p += len;
+ *p++ = PASSIVE | (kc->keepalive_flag ? KEEP_ALIVE : 0);
+ if (kx_write (kc, otherside, msg, p - msg) != p - msg)
+ err (1, "write to %s", host);
+ len = kx_read (kc, otherside, msg, sizeof(msg));
+ if (len <= 0)
+ errx (1,
+ "error reading initial message from %s: "
+ "this probably means it's using an old version.",
+ host);
+ p = (u_char *)msg;
+ if (*p == ERROR) {
+ p++;
+ p += krb_get_int (p, &tmp, 4, 0);
+ errx (1, "%s: %.*s", host, (int)tmp, p);
+ } else if (*p != ACK) {
+ errx (1, "%s: strange msg %d", host, *p);
+ } else
+ p++;
+ p += krb_get_int (p, &tmp, 4, 0);
+ memcpy(display, p, tmp);
+ display[tmp] = '\0';
+ p += tmp;
+
+ p += krb_get_int (p, &tmp, 4, 0);
+ memcpy(xauthfile, p, tmp);
+ xauthfile[tmp] = '\0';
+ p += tmp;
+
+ status_output (kc->debug_flag);
+ for (;;) {
+ pid_t child;
+
+ len = kx_read (kc, otherside, msg, sizeof(msg));
+ if (len < 0)
+ err (1, "read from %s", host);
+ else if (len == 0)
+ return 0;
+
+ p = (u_char *)msg;
+ if (*p == ERROR) {
+ p++;
+ p += krb_get_int (p, &tmp, 4, 0);
+ errx (1, "%s: %.*s", host, (int)tmp, p);
+ } else if(*p != NEW_CONN) {
+ errx (1, "%s: strange msg %d", host, *p);
+ } else {
+ p++;
+ p += krb_get_int (p, &tmp, 4, 0);
+ }
+
+ ++nchild;
+ child = fork ();
+ if (child < 0) {
+ warn("fork");
+ continue;
+ } else if (child == 0) {
+ struct sockaddr_in addr;
+ int fd;
+ int xserver;
+
+ addr = kc->thataddr;
+ close (otherside);
+
+ addr.sin_port = htons(tmp);
+ fd = socket (AF_INET, SOCK_STREAM, 0);
+ if (fd < 0)
+ err(1, "socket");
+#if defined(TCP_NODELAY) && defined(HAVE_SETSOCKOPT)
+ {
+ int one = 1;
+
+ setsockopt (fd, IPPROTO_TCP, TCP_NODELAY, (void *)&one,
+ sizeof(one));
+ }
+#endif
+#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
+ if (kc->keepalive_flag) {
+ int one = 1;
+
+ setsockopt (fd, SOL_SOCKET, SO_KEEPALIVE, (void *)&one,
+ sizeof(one));
+ }
+#endif
+
+ if (connect (fd, (struct sockaddr *)&addr, sizeof(addr)) < 0)
+ err(1, "connect(%s)", host);
+ {
+ int d = 0;
+ char *s;
+
+ s = getenv ("DISPLAY");
+ if (s != NULL) {
+ s = strchr (s, ':');
+ if (s != NULL)
+ d = atoi (s + 1);
+ }
+
+ xserver = connect_local_xsocket (d);
+ if (xserver < 0)
+ return 1;
+ }
+ return passive_session (xserver, fd, kc);
+ } else {
+ }
+ }
+}
+
+/*
+ * Allocate a local pseudo-xserver and wait for connections
+ */
+
+static int
+doit_active (kx_context *kc)
+{
+ int otherside;
+ int nsockets;
+ struct x_socket *sockets;
+ u_char msg[1024], *p;
+ int len = strlen(kc->user);
+ int tmp, tmp2;
+ char *s;
+ int i;
+ size_t rem;
+ u_int32_t other_port;
+ int error;
+ const char *host = kc->host;
+
+ otherside = connect_host (kc);
+ if (otherside < 0)
+ return 1;
+#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
+ if (kc->keepalive_flag) {
+ int one = 1;
+
+ setsockopt (otherside, SOL_SOCKET, SO_KEEPALIVE, (void *)&one,
+ sizeof(one));
+ }
+#endif
+ p = msg;
+ rem = sizeof(msg);
+ *p++ = INIT;
+ --rem;
+ len = strlen(kc->user);
+ tmp = KRB_PUT_INT (len, p, rem, 4);
+ if (tmp < 0)
+ return 1;
+ p += tmp;
+ rem -= tmp;
+ memcpy(p, kc->user, len);
+ p += len;
+ rem -= len;
+ *p++ = (kc->keepalive_flag ? KEEP_ALIVE : 0);
+ --rem;
+
+ s = getenv("DISPLAY");
+ if (s == NULL || (s = strchr(s, ':')) == NULL)
+ s = ":0";
+ len = strlen (s);
+ tmp = KRB_PUT_INT (len, p, rem, 4);
+ if (tmp < 0)
+ return 1;
+ rem -= tmp;
+ p += tmp;
+ memcpy (p, s, len);
+ p += len;
+ rem -= len;
+
+ s = getenv("XAUTHORITY");
+ if (s == NULL)
+ s = "";
+ len = strlen (s);
+ tmp = KRB_PUT_INT (len, p, rem, 4);
+ if (tmp < 0)
+ return 1;
+ p += len;
+ rem -= len;
+ memcpy (p, s, len);
+ p += len;
+ rem -= len;
+
+ if (kx_write (kc, otherside, msg, p - msg) != p - msg)
+ err (1, "write to %s", host);
+
+ len = kx_read (kc, otherside, msg, sizeof(msg));
+ if (len < 0)
+ err (1, "read from %s", host);
+ p = (u_char *)msg;
+ if (*p == ERROR) {
+ u_int32_t u32;
+
+ p++;
+ p += krb_get_int (p, &u32, 4, 0);
+ errx (1, "%s: %.*s", host, (int)u32, p);
+ } else if (*p != ACK) {
+ errx (1, "%s: strange msg %d", host, *p);
+ } else
+ p++;
+
+ tmp2 = get_xsockets (&nsockets, &sockets, kc->tcp_flag);
+ if (tmp2 < 0)
+ return 1;
+ display_num = tmp2;
+ if (kc->tcp_flag)
+ snprintf (display, display_size, "localhost:%u", display_num);
+ else
+ snprintf (display, display_size, ":%u", display_num);
+ error = create_and_write_cookie (xauthfile, xauthfile_size,
+ cookie, cookie_len);
+ if (error) {
+ warnx ("failed creating cookie file: %s", strerror(error));
+ return 1;
+ }
+ status_output (kc->debug_flag);
+ for (;;) {
+ fd_set fdset;
+ pid_t child;
+ int fd, thisfd = -1;
+ socklen_t zero = 0;
+
+ FD_ZERO(&fdset);
+ for (i = 0; i < nsockets; ++i) {
+ if (sockets[i].fd >= FD_SETSIZE)
+ errx (1, "fd too large");
+ FD_SET(sockets[i].fd, &fdset);
+ }
+ if (select(FD_SETSIZE, &fdset, NULL, NULL, NULL) <= 0)
+ continue;
+ for (i = 0; i < nsockets; ++i)
+ if (FD_ISSET(sockets[i].fd, &fdset)) {
+ thisfd = sockets[i].fd;
+ break;
+ }
+ fd = accept (thisfd, NULL, &zero);
+ if (fd < 0) {
+ if (errno == EINTR)
+ continue;
+ else
+ err(1, "accept");
+ }
+
+ p = msg;
+ *p++ = NEW_CONN;
+ if (kx_write (kc, otherside, msg, p - msg) != p - msg)
+ err (1, "write to %s", host);
+ len = kx_read (kc, otherside, msg, sizeof(msg));
+ if (len < 0)
+ err (1, "read from %s", host);
+ p = (u_char *)msg;
+ if (*p == ERROR) {
+ u_int32_t val;
+
+ p++;
+ p += krb_get_int (p, &val, 4, 0);
+ errx (1, "%s: %.*s", host, (int)val, p);
+ } else if (*p != NEW_CONN) {
+ errx (1, "%s: strange msg %d", host, *p);
+ } else {
+ p++;
+ p += krb_get_int (p, &other_port, 4, 0);
+ }
+
+ ++nchild;
+ child = fork ();
+ if (child < 0) {
+ warn("fork");
+ continue;
+ } else if (child == 0) {
+ int s;
+ struct sockaddr_in addr;
+
+ for (i = 0; i < nsockets; ++i)
+ close (sockets[i].fd);
+
+ addr = kc->thataddr;
+ close (otherside);
+
+ addr.sin_port = htons(other_port);
+ s = socket (AF_INET, SOCK_STREAM, 0);
+ if (s < 0)
+ err(1, "socket");
+#if defined(TCP_NODELAY) && defined(HAVE_SETSOCKOPT)
+ {
+ int one = 1;
+
+ setsockopt (s, IPPROTO_TCP, TCP_NODELAY, (void *)&one,
+ sizeof(one));
+ }
+#endif
+#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
+ if (kc->keepalive_flag) {
+ int one = 1;
+
+ setsockopt (s, SOL_SOCKET, SO_KEEPALIVE, (void *)&one,
+ sizeof(one));
+ }
+#endif
+
+ if (connect (s, (struct sockaddr *)&addr, sizeof(addr)) < 0)
+ err(1, "connect");
+
+ return active_session (fd, s, kc);
+ } else {
+ close (fd);
+ }
+ }
+}
+
+/*
+ * Should we interpret `disp' as this being a passive call?
+ */
+
+static int
+check_for_passive (const char *disp)
+{
+ char local_hostname[MaxHostNameLen];
+
+ gethostname (local_hostname, sizeof(local_hostname));
+
+ return disp != NULL &&
+ (*disp == ':'
+ || strncmp(disp, "unix", 4) == 0
+ || strncmp(disp, "localhost", 9) == 0
+ || strncmp(disp, local_hostname, strlen(local_hostname)) == 0);
+}
+
+/*
+ * Set up signal handlers and then call the functions.
+ */
+
+static int
+doit (kx_context *kc, int passive_flag)
+{
+ signal (SIGCHLD, childhandler);
+ signal (SIGUSR1, usr1handler);
+ signal (SIGUSR2, usr2handler);
+ if (passive_flag)
+ return doit_passive (kc);
+ else
+ return doit_active (kc);
+}
+
+#ifdef KRB4
+
+/*
+ * Start a v4-authenticatated kx connection.
+ */
+
+static int
+doit_v4 (const char *host, int port, const char *user,
+ int passive_flag, int debug_flag, int keepalive_flag, int tcp_flag)
+{
+ int ret;
+ kx_context context;
+
+ krb4_make_context (&context);
+ context_set (&context,
+ host, user, port, debug_flag, keepalive_flag, tcp_flag);
+
+ ret = doit (&context, passive_flag);
+ context_destroy (&context);
+ return ret;
+}
+#endif /* KRB4 */
+
+#ifdef KRB5
+
+/*
+ * Start a v5-authenticatated kx connection.
+ */
+
+static int
+doit_v5 (const char *host, int port, const char *user,
+ int passive_flag, int debug_flag, int keepalive_flag, int tcp_flag)
+{
+ int ret;
+ kx_context context;
+
+ krb5_make_context (&context);
+ context_set (&context,
+ host, user, port, debug_flag, keepalive_flag, tcp_flag);
+
+ ret = doit (&context, passive_flag);
+ context_destroy (&context);
+ return ret;
+}
+#endif /* KRB5 */
+
+/*
+ * Variables set from the arguments
+ */
+
+#ifdef KRB4
+static int use_v4 = -1;
+#ifdef HAVE_KRB_ENABLE_DEBUG
+static int krb_debug_flag = 0;
+#endif /* HAVE_KRB_ENABLE_DEBUG */
+#endif /* KRB4 */
+#ifdef KRB5
+static int use_v5 = -1;
+#endif
+static char *port_str = NULL;
+static const char *user = NULL;
+static int tcp_flag = 0;
+static int passive_flag = 0;
+static int keepalive_flag = 1;
+static int debug_flag = 0;
+static int version_flag = 0;
+static int help_flag = 0;
+
+struct getargs args[] = {
+#ifdef KRB4
+ { "krb4", '4', arg_flag, &use_v4, "Use Kerberos V4",
+ NULL },
+#ifdef HAVE_KRB_ENABLE_DEBUG
+ { "krb4-debug", 'D', arg_flag, &krb_debug_flag,
+ "enable krb4 debugging" },
+#endif /* HAVE_KRB_ENABLE_DEBUG */
+#endif /* KRB4 */
+#ifdef KRB5
+ { "krb5", '5', arg_flag, &use_v5, "Use Kerberos V5",
+ NULL },
+#endif
+ { "port", 'p', arg_string, &port_str, "Use this port",
+ "number-of-service" },
+ { "user", 'l', arg_string, &user, "Run as this user",
+ NULL },
+ { "tcp", 't', arg_flag, &tcp_flag,
+ "Use a TCP connection for X11" },
+ { "passive", 'P', arg_flag, &passive_flag,
+ "Force a passive connection" },
+ { "keepalive", 'k', arg_negative_flag, &keepalive_flag,
+ "disable keep-alives" },
+ { "debug", 'd', arg_flag, &debug_flag,
+ "Enable debug information" },
+ { "version", 0, arg_flag, &version_flag, "Print version",
+ NULL },
+ { "help", 0, arg_flag, &help_flag, NULL,
+ NULL }
+};
+
+static void
+usage(int ret)
+{
+ arg_printusage (args,
+ sizeof(args) / sizeof(args[0]),
+ NULL,
+ "host");
+ exit (ret);
+}
+
+/*
+ * kx - forward an x-connection over a kerberos-encrypted channel.
+ */
+
+int
+main(int argc, char **argv)
+{
+ int port = 0;
+ int optind = 0;
+ int ret = 1;
+ char *host = NULL;
+
+ setprogname (argv[0]);
+
+ if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
+ &optind))
+ usage (1);
+
+ if (help_flag)
+ usage (0);
+
+ if (version_flag) {
+ print_version (NULL);
+ return 0;
+ }
+
+ if (optind != argc - 1)
+ usage (1);
+
+ host = argv[optind];
+
+ if (port_str) {
+ struct servent *s = roken_getservbyname (port_str, "tcp");
+
+ if (s)
+ port = s->s_port;
+ else {
+ char *ptr;
+
+ port = strtol (port_str, &ptr, 10);
+ if (port == 0 && ptr == port_str)
+ errx (1, "Bad port `%s'", port_str);
+ port = htons(port);
+ }
+ }
+
+ if (user == NULL) {
+ user = get_default_username ();
+ if (user == NULL)
+ errx (1, "who are you?");
+ }
+
+ if (!passive_flag)
+ passive_flag = check_for_passive (getenv("DISPLAY"));
+
+#if defined(HAVE_KERNEL_ENABLE_DEBUG)
+ if (krb_debug_flag)
+ krb_enable_debug ();
+#endif
+
+#if defined(KRB4) && defined(KRB5)
+ if(use_v4 == -1 && use_v5 == 1)
+ use_v4 = 0;
+ if(use_v5 == -1 && use_v4 == 1)
+ use_v5 = 0;
+#endif
+
+#ifdef KRB5
+ if (ret && use_v5) {
+ if (port == 0)
+ port = krb5_getportbyname(NULL, "kx", "tcp", KX_PORT);
+ ret = doit_v5 (host, port, user,
+ passive_flag, debug_flag, keepalive_flag, tcp_flag);
+ }
+#endif
+#ifdef KRB4
+ if (ret && use_v4) {
+ if (port == 0)
+ port = k_getportbyname("kx", "tcp", htons(KX_PORT));
+ ret = doit_v4 (host, port, user,
+ passive_flag, debug_flag, keepalive_flag, tcp_flag);
+ }
+#endif
+ return ret;
+}
diff --git a/crypto/heimdal/appl/kx/kx.cat1 b/crypto/heimdal/appl/kx/kx.cat1
new file mode 100644
index 0000000..ce22926
--- /dev/null
+++ b/crypto/heimdal/appl/kx/kx.cat1
@@ -0,0 +1,39 @@
+
+KX(1) UNIX Reference Manual KX(1)
+
+NNAAMMEE
+ kkxx - securely forward X conections
+
+SSYYNNOOPPSSIISS
+ _k_x [--ll _u_s_e_r_n_a_m_e] [--kk] [--dd] [--tt] [--pp _p_o_r_t] [--PP] _h_o_s_t
+
+DDEESSCCRRIIPPTTIIOONN
+ The kkxx program forwards a X connection from a remote client to a local
+ screen through an authenticated and encrypted stream. Options supported
+ by kkxx:
+
+ --ll Log in on remote the host as user _u_s_e_r_n_a_m_e.
+
+ --kk Do not enable keep-alives on the TCP connections.
+
+ --dd Do not fork. This is mainly useful for debugging.
+
+ --tt Listen not only on a UNIX-domain socket but on a TCP socket as
+ well.
+
+ --pp Use the port _p_o_r_t.
+
+ --PP Force passive mode.
+
+ This program is used by rrxxtteellnneett and rrxxtteerrmm and you should not need to
+ run it directly.
+
+ It connects to a kkxxdd on the host _h_o_s_t and then will relay the traffic
+ from the remote X clients to the local server. When started, it prints
+ the display and Xauthority-file to be used on host _h_o_s_t and then goes to
+ the background, waiting for connections from the remote kkxxdd..
+
+SSEEEE AALLSSOO
+ rxtelnet(1), rxterm(1), kxd(8)
+
+ KTH-KRB September 27, 1996 1
diff --git a/crypto/heimdal/appl/kx/kx.h b/crypto/heimdal/appl/kx/kx.h
new file mode 100644
index 0000000..fdda414
--- /dev/null
+++ b/crypto/heimdal/appl/kx/kx.h
@@ -0,0 +1,259 @@
+/*
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: kx.h,v 1.38 2000/02/06 05:52:03 assar Exp $ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif /* HAVE_CONFIG_H */
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
+#include <errno.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#ifdef HAVE_GRP_H
+#include <grp.h>
+#endif
+#ifdef HAVE_SYSLOG_H
+#include <syslog.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_TCP_H
+#include <netinet/tcp.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_SYS_UN_H
+#include <sys/un.h>
+#endif
+#include <X11/X.h>
+#include <X11/Xlib.h>
+#include <X11/Xauth.h>
+
+#ifdef HAVE_SYS_STREAM_H
+#include <sys/stream.h>
+#endif
+#ifdef HAVE_SYS_STROPTS_H
+#include <sys/stropts.h>
+#endif
+
+/* as far as we know, this is only used with later versions of Slowlaris */
+#if SunOS >= 50 && defined(HAVE_SYS_STROPTS_H) && defined(HAVE_FATTACH) && defined(I_PUSH)
+#define MAY_HAVE_X11_PIPES
+#endif
+
+#ifdef SOCKS
+#include <socks.h>
+/* This doesn't belong here. */
+struct tm *localtime(const time_t *);
+struct hostent *gethostbyname(const char *);
+#endif
+
+#ifdef KRB4
+#include <krb.h>
+#include <prot.h>
+#endif
+#ifdef KRB5
+#include <krb5.h>
+#endif
+
+#include <err.h>
+#include <getarg.h>
+#include <roken.h>
+
+struct x_socket {
+ char *pathname;
+ int fd;
+ enum {
+ LISTENP = 0x80,
+ TCP = LISTENP | 1,
+ UNIX_SOCKET = LISTENP | 2,
+ STREAM_PIPE = 3
+ } flags;
+};
+
+extern char x_socket[];
+extern u_int32_t display_num;
+extern char display[];
+extern int display_size;
+extern char xauthfile[];
+extern int xauthfile_size;
+extern u_char cookie[];
+extern size_t cookie_len;
+
+int get_xsockets (int *number, struct x_socket **sockets, int tcpp);
+int chown_xsockets (int n, struct x_socket *sockets, uid_t uid, gid_t gid);
+
+int connect_local_xsocket (unsigned dnr);
+int create_and_write_cookie (char *xauthfile,
+ size_t size,
+ u_char *cookie,
+ size_t sz);
+int verify_and_remove_cookies (int fd, int sock, int cookiesp);
+int replace_cookie(int xserver, int fd, char *filename, int cookiesp);
+
+int suspicious_address (int sock, struct sockaddr_in addr);
+
+#define KX_PORT 2111
+
+#define KX_OLD_VERSION "KXSERV.1"
+#define KX_VERSION "KXSERV.2"
+
+#define COOKIE_TYPE "MIT-MAGIC-COOKIE-1"
+
+enum { INIT = 0, ACK = 1, NEW_CONN = 2, ERROR = 3 };
+
+enum kx_flags { PASSIVE = 1, KEEP_ALIVE = 2 };
+
+typedef enum kx_flags kx_flags;
+
+struct kx_context {
+ int (*authenticate)(struct kx_context *kc, int s);
+ int (*userok)(struct kx_context *kc, char *user);
+ ssize_t (*read)(struct kx_context *kc,
+ int fd, void *buf, size_t len);
+ ssize_t (*write)(struct kx_context *kc,
+ int fd, const void *buf, size_t len);
+ int (*copy_encrypted)(struct kx_context *kc,
+ int fd1, int fd2);
+ void (*destroy)(struct kx_context *kc);
+ const char *host;
+ const char *user;
+ int port;
+ int debug_flag;
+ int keepalive_flag;
+ int tcp_flag;
+ struct sockaddr_in thisaddr, thataddr;
+ void *data;
+};
+
+typedef struct kx_context kx_context;
+
+void
+context_set (kx_context *kc, const char *host, const char *user, int port,
+ int debug_flag, int keepalive_flag, int tcp_flag);
+
+void
+context_destroy (kx_context *kc);
+
+int
+context_authenticate (kx_context *kc, int s);
+
+int
+context_userok (kx_context *kc, char *user);
+
+ssize_t
+kx_read (kx_context *kc, int fd, void *buf, size_t len);
+
+ssize_t
+kx_write (kx_context *kc, int fd, const void *buf, size_t len);
+
+int
+copy_encrypted (kx_context *kc, int fd1, int fd2);
+
+#ifdef KRB4
+
+void
+krb4_make_context (kx_context *c);
+
+int
+recv_v4_auth (kx_context *kc, int sock, u_char *buf);
+
+#endif
+
+#ifdef KRB5
+
+void
+krb5_make_context (kx_context *c);
+
+int
+recv_v5_auth (kx_context *kc, int sock, u_char *buf);
+
+#endif
+
+void
+fatal (kx_context *kc, int fd, char *format, ...)
+#ifdef __GNUC__
+__attribute__ ((format (printf, 3, 4)))
+#endif
+;
+
+#ifndef KRB4
+
+int
+krb_get_int(void *f, u_int32_t *to, int size, int lsb);
+
+int
+krb_put_int(u_int32_t from, void *to, size_t rem, int size);
+
+#endif
diff --git a/crypto/heimdal/appl/kx/kxd.8 b/crypto/heimdal/appl/kx/kxd.8
new file mode 100644
index 0000000..04b7db5
--- /dev/null
+++ b/crypto/heimdal/appl/kx/kxd.8
@@ -0,0 +1,53 @@
+.\" $Id: kxd.8,v 1.5 2001/01/11 16:16:26 assar Exp $
+.\"
+.Dd September 27, 1996
+.Dt KXD 8
+.Os KTH-KRB
+.Sh NAME
+.Nm kxd
+.Nd
+securely forward X conections
+.Sh SYNOPSIS
+.Ar kxd
+.Op Fl t
+.Op Fl i
+.Op Fl p Ar port
+.Sh DESCRIPTION
+This is the daemon for
+.Nm kx .
+.Pp
+Options supported by
+.Nm kxd :
+.Bl -tag -width Ds
+.It Fl t
+TCP. Normally
+.Nm kxd
+will only listen for X connections on a UNIX socket, but some machines
+(for example, Cray) have X libraries that are not able to use UNIX
+sockets and thus you need to use TCP to talk to the pseudo-xserver
+created by
+.Nm kxd.
+This option decreases the security significantly and should only be
+used when it is necessary and you have considered the consequences of
+doing so.
+.It Fl i
+Interactive. Do not expect to be started by
+.Nm inetd,
+but allocate and listen to the socket yourself. Handy for testing
+and debugging.
+.It Fl p
+Port. Listen on the port
+.Ar port .
+Only usable with
+.Fl i .
+.El
+.Sh EXAMPLES
+Put the following in
+.Pa /etc/inetd.conf :
+.Bd -literal
+kx stream tcp nowait root /usr/athena/libexec/kxd kxd
+.Ed
+.Sh SEE ALSO
+.Xr kx 1 ,
+.Xr rxtelnet 1 ,
+.Xr rxterm 1
diff --git a/crypto/heimdal/appl/kx/kxd.c b/crypto/heimdal/appl/kx/kxd.c
new file mode 100644
index 0000000..65f6165
--- /dev/null
+++ b/crypto/heimdal/appl/kx/kxd.c
@@ -0,0 +1,754 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kx.h"
+
+RCSID("$Id: kxd.c,v 1.69 2001/02/20 01:44:45 assar Exp $");
+
+static pid_t wait_on_pid = -1;
+static int done = 0;
+
+/*
+ * Signal handler that justs waits for the children when they die.
+ */
+
+static RETSIGTYPE
+childhandler (int sig)
+{
+ pid_t pid;
+ int status;
+
+ do {
+ pid = waitpid (-1, &status, WNOHANG|WUNTRACED);
+ if (pid > 0 && pid == wait_on_pid)
+ done = 1;
+ } while(pid > 0);
+ signal (SIGCHLD, childhandler);
+ SIGRETURN(0);
+}
+
+/*
+ * Print the error message `format' and `...' on fd and die.
+ */
+
+void
+fatal (kx_context *kc, int fd, char *format, ...)
+{
+ u_char msg[1024];
+ u_char *p;
+ va_list args;
+ int len;
+
+ va_start(args, format);
+ p = msg;
+ *p++ = ERROR;
+ vsnprintf ((char *)p + 4, sizeof(msg) - 5, format, args);
+ syslog (LOG_ERR, "%s", (char *)p + 4);
+ len = strlen ((char *)p + 4);
+ p += KRB_PUT_INT (len, p, 4, 4);
+ p += len;
+ kx_write (kc, fd, msg, p - msg);
+ va_end(args);
+ exit (1);
+}
+
+/*
+ * Remove all sockets and cookie files.
+ */
+
+static void
+cleanup(int nsockets, struct x_socket *sockets)
+{
+ int i;
+
+ if(xauthfile[0])
+ unlink(xauthfile);
+ for (i = 0; i < nsockets; ++i) {
+ if (sockets[i].pathname != NULL) {
+ unlink (sockets[i].pathname);
+ free (sockets[i].pathname);
+ }
+ }
+}
+
+/*
+ * Prepare to receive a connection on `sock'.
+ */
+
+static int
+recv_conn (int sock, kx_context *kc,
+ int *dispnr, int *nsockets, struct x_socket **sockets,
+ int tcp_flag)
+{
+ u_char msg[1024], *p;
+ char user[256];
+ socklen_t addrlen;
+ struct passwd *passwd;
+ struct sockaddr_in thisaddr, thataddr;
+ char remotehost[MaxHostNameLen];
+ char remoteaddr[INET6_ADDRSTRLEN];
+ int ret = 1;
+ int flags;
+ int len;
+ u_int32_t tmp32;
+
+ addrlen = sizeof(thisaddr);
+ if (getsockname (sock, (struct sockaddr *)&thisaddr, &addrlen) < 0 ||
+ addrlen != sizeof(thisaddr)) {
+ syslog (LOG_ERR, "getsockname: %m");
+ exit (1);
+ }
+ addrlen = sizeof(thataddr);
+ if (getpeername (sock, (struct sockaddr *)&thataddr, &addrlen) < 0 ||
+ addrlen != sizeof(thataddr)) {
+ syslog (LOG_ERR, "getpeername: %m");
+ exit (1);
+ }
+
+ kc->thisaddr = thisaddr;
+ kc->thataddr = thataddr;
+
+ getnameinfo_verified ((struct sockaddr *)&thataddr, addrlen,
+ remotehost, sizeof(remotehost),
+ NULL, 0, 0);
+
+ if (net_read (sock, msg, 4) != 4) {
+ syslog (LOG_ERR, "read: %m");
+ exit (1);
+ }
+
+#ifdef KRB5
+ if (ret && recv_v5_auth (kc, sock, msg) == 0)
+ ret = 0;
+#endif
+#ifdef KRB4
+ if (ret && recv_v4_auth (kc, sock, msg) == 0)
+ ret = 0;
+#endif
+ if (ret) {
+ syslog (LOG_ERR, "unrecognized auth protocol: %x %x %x %x",
+ msg[0], msg[1], msg[2], msg[3]);
+ exit (1);
+ }
+
+ len = kx_read (kc, sock, msg, sizeof(msg));
+ if (len < 0) {
+ syslog (LOG_ERR, "kx_read failed");
+ exit (1);
+ }
+ p = (u_char *)msg;
+ if (*p != INIT)
+ fatal(kc, sock, "Bad message");
+ p++;
+ p += krb_get_int (p, &tmp32, 4, 0);
+ len = min(sizeof(user), tmp32);
+ memcpy (user, p, len);
+ p += tmp32;
+ user[len] = '\0';
+
+ passwd = k_getpwnam (user);
+ if (passwd == NULL)
+ fatal (kc, sock, "cannot find uid for %s", user);
+
+ if (context_userok (kc, user) != 0)
+ fatal (kc, sock, "%s not allowed to login as %s",
+ kc->user, user);
+
+ flags = *p++;
+
+ if (flags & PASSIVE) {
+ pid_t pid;
+ int tmp;
+
+ tmp = get_xsockets (nsockets, sockets, tcp_flag);
+ if (tmp < 0) {
+ fatal (kc, sock, "Cannot create X socket(s): %s",
+ strerror(errno));
+ }
+ *dispnr = tmp;
+
+ if (chown_xsockets (*nsockets, *sockets,
+ passwd->pw_uid, passwd->pw_gid)) {
+ cleanup (*nsockets, *sockets);
+ fatal (kc, sock, "Cannot chown sockets: %s",
+ strerror(errno));
+ }
+
+ pid = fork();
+ if (pid == -1) {
+ cleanup (*nsockets, *sockets);
+ fatal (kc, sock, "fork: %s", strerror(errno));
+ } else if (pid != 0) {
+ wait_on_pid = pid;
+ while (!done)
+ pause ();
+ cleanup (*nsockets, *sockets);
+ exit (0);
+ }
+ }
+
+ if (setgid (passwd->pw_gid) ||
+ initgroups(passwd->pw_name, passwd->pw_gid) ||
+#ifdef HAVE_GETUDBNAM /* XXX this happens on crays */
+ setjob(passwd->pw_uid, 0) == -1 ||
+#endif
+ setuid(passwd->pw_uid)) {
+ syslog(LOG_ERR, "setting uid/groups: %m");
+ fatal (kc, sock, "cannot set uid");
+ }
+ inet_ntop (thataddr.sin_family,
+ &thataddr.sin_addr, remoteaddr, sizeof(remoteaddr));
+
+ syslog (LOG_INFO, "from %s(%s): %s -> %s",
+ remotehost, remoteaddr,
+ kc->user, user);
+ umask(077);
+ if (!(flags & PASSIVE)) {
+ p += krb_get_int (p, &tmp32, 4, 0);
+ len = min(tmp32, display_size);
+ memcpy (display, p, len);
+ display[len] = '\0';
+ p += tmp32;
+ p += krb_get_int (p, &tmp32, 4, 0);
+ len = min(tmp32, xauthfile_size);
+ memcpy (xauthfile, p, len);
+ xauthfile[len] = '\0';
+ p += tmp32;
+ }
+#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
+ if (flags & KEEP_ALIVE) {
+ int one = 1;
+
+ setsockopt (sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&one,
+ sizeof(one));
+ }
+#endif
+ return flags;
+}
+
+/*
+ *
+ */
+
+static int
+passive_session (kx_context *kc, int fd, int sock, int cookiesp)
+{
+ if (verify_and_remove_cookies (fd, sock, cookiesp))
+ return 1;
+ else
+ return copy_encrypted (kc, fd, sock);
+}
+
+/*
+ *
+ */
+
+static int
+active_session (kx_context *kc, int fd, int sock, int cookiesp)
+{
+ fd = connect_local_xsocket(0);
+
+ if (replace_cookie (fd, sock, xauthfile, cookiesp))
+ return 1;
+ else
+ return copy_encrypted (kc, fd, sock);
+}
+
+/*
+ * Handle a new connection.
+ */
+
+static int
+doit_conn (kx_context *kc,
+ int fd, int meta_sock, int flags, int cookiesp)
+{
+ int sock, sock2;
+ struct sockaddr_in addr;
+ struct sockaddr_in thisaddr;
+ socklen_t addrlen;
+ u_char msg[1024], *p;
+
+ sock = socket (AF_INET, SOCK_STREAM, 0);
+ if (sock < 0) {
+ syslog (LOG_ERR, "socket: %m");
+ return 1;
+ }
+#if defined(TCP_NODELAY) && defined(HAVE_SETSOCKOPT)
+ {
+ int one = 1;
+ setsockopt (sock, IPPROTO_TCP, TCP_NODELAY, (void *)&one, sizeof(one));
+ }
+#endif
+#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
+ if (flags & KEEP_ALIVE) {
+ int one = 1;
+
+ setsockopt (sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&one,
+ sizeof(one));
+ }
+#endif
+ memset (&addr, 0, sizeof(addr));
+ addr.sin_family = AF_INET;
+ if (bind (sock, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
+ syslog (LOG_ERR, "bind: %m");
+ return 1;
+ }
+ addrlen = sizeof(addr);
+ if (getsockname (sock, (struct sockaddr *)&addr, &addrlen) < 0) {
+ syslog (LOG_ERR, "getsockname: %m");
+ return 1;
+ }
+ if (listen (sock, SOMAXCONN) < 0) {
+ syslog (LOG_ERR, "listen: %m");
+ return 1;
+ }
+ p = msg;
+ *p++ = NEW_CONN;
+ p += KRB_PUT_INT (ntohs(addr.sin_port), p, 4, 4);
+
+ if (kx_write (kc, meta_sock, msg, p - msg) < 0) {
+ syslog (LOG_ERR, "write: %m");
+ return 1;
+ }
+
+ addrlen = sizeof(thisaddr);
+ sock2 = accept (sock, (struct sockaddr *)&thisaddr, &addrlen);
+ if (sock2 < 0) {
+ syslog (LOG_ERR, "accept: %m");
+ return 1;
+ }
+ close (sock);
+ close (meta_sock);
+
+ if (flags & PASSIVE)
+ return passive_session (kc, fd, sock2, cookiesp);
+ else
+ return active_session (kc, fd, sock2, cookiesp);
+}
+
+/*
+ * Is the current user the owner of the console?
+ */
+
+static void
+check_user_console (kx_context *kc, int fd)
+{
+ struct stat sb;
+
+ if (stat ("/dev/console", &sb) < 0)
+ fatal (kc, fd, "Cannot stat /dev/console: %s", strerror(errno));
+ if (getuid() != sb.st_uid)
+ fatal (kc, fd, "Permission denied");
+}
+
+/* close down the new connection with a reasonable error message */
+static void
+close_connection(int fd, const char *message)
+{
+ char buf[264]; /* max message */
+ char *p;
+ int lsb = 0;
+ size_t mlen;
+
+ mlen = strlen(message);
+ if(mlen > 255)
+ mlen = 255;
+
+ /* read first part of connection packet, to get byte order */
+ if(read(fd, buf, 6) != 6) {
+ close(fd);
+ return;
+ }
+ if(buf[0] == 0x6c)
+ lsb++;
+ p = buf;
+ *p++ = 0; /* failed */
+ *p++ = mlen; /* length of message */
+ p += 4; /* skip protocol version */
+ p += 2; /* skip additional length */
+ memcpy(p, message, mlen); /* copy message */
+ p += mlen;
+ while((p - buf) % 4) /* pad to multiple of 4 bytes */
+ *p++ = 0;
+
+ /* now fill in length of additional data */
+ if(lsb) {
+ buf[6] = (p - buf - 8) / 4;
+ buf[7] = 0;
+ }else{
+ buf[6] = 0;
+ buf[7] = (p - buf - 8) / 4;
+ }
+ write(fd, buf, p - buf);
+ close(fd);
+}
+
+
+/*
+ * Handle a passive session on `sock'
+ */
+
+static int
+doit_passive (kx_context *kc,
+ int sock,
+ int flags,
+ int dispnr,
+ int nsockets,
+ struct x_socket *sockets,
+ int tcp_flag)
+{
+ int tmp;
+ int len;
+ size_t rem;
+ u_char msg[1024], *p;
+ int error;
+
+ display_num = dispnr;
+ if (tcp_flag)
+ snprintf (display, display_size, "localhost:%u", display_num);
+ else
+ snprintf (display, display_size, ":%u", display_num);
+ error = create_and_write_cookie (xauthfile, xauthfile_size,
+ cookie, cookie_len);
+ if (error) {
+ cleanup(nsockets, sockets);
+ fatal (kc, sock, "Cookie-creation failed: %s", strerror(error));
+ return 1;
+ }
+
+ p = msg;
+ rem = sizeof(msg);
+ *p++ = ACK;
+ --rem;
+
+ len = strlen (display);
+ tmp = KRB_PUT_INT (len, p, rem, 4);
+ if (tmp < 0 || rem < len + 4) {
+ syslog (LOG_ERR, "doit: buffer too small");
+ cleanup(nsockets, sockets);
+ return 1;
+ }
+ p += tmp;
+ rem -= tmp;
+
+ memcpy (p, display, len);
+ p += len;
+ rem -= len;
+
+ len = strlen (xauthfile);
+ tmp = KRB_PUT_INT (len, p, rem, 4);
+ if (tmp < 0 || rem < len + 4) {
+ syslog (LOG_ERR, "doit: buffer too small");
+ cleanup(nsockets, sockets);
+ return 1;
+ }
+ p += tmp;
+ rem -= tmp;
+
+ memcpy (p, xauthfile, len);
+ p += len;
+ rem -= len;
+
+ if(kx_write (kc, sock, msg, p - msg) < 0) {
+ syslog (LOG_ERR, "write: %m");
+ cleanup(nsockets, sockets);
+ return 1;
+ }
+ for (;;) {
+ pid_t child;
+ int fd = -1;
+ fd_set fds;
+ int i;
+ int ret;
+ int cookiesp = TRUE;
+
+ FD_ZERO(&fds);
+ if (sock >= FD_SETSIZE) {
+ syslog (LOG_ERR, "fd too large");
+ cleanup(nsockets, sockets);
+ return 1;
+ }
+
+ FD_SET(sock, &fds);
+ for (i = 0; i < nsockets; ++i) {
+ if (sockets[i].fd >= FD_SETSIZE) {
+ syslog (LOG_ERR, "fd too large");
+ cleanup(nsockets, sockets);
+ return 1;
+ }
+ FD_SET(sockets[i].fd, &fds);
+ }
+ ret = select(FD_SETSIZE, &fds, NULL, NULL, NULL);
+ if(ret <= 0)
+ continue;
+ if(FD_ISSET(sock, &fds)){
+ /* there are no processes left on the remote side
+ */
+ cleanup(nsockets, sockets);
+ exit(0);
+ } else if(ret) {
+ for (i = 0; i < nsockets; ++i) {
+ if (FD_ISSET(sockets[i].fd, &fds)) {
+ if (sockets[i].flags == TCP) {
+ struct sockaddr_in peer;
+ socklen_t len = sizeof(peer);
+
+ fd = accept (sockets[i].fd,
+ (struct sockaddr *)&peer,
+ &len);
+ if (fd < 0 && errno != EINTR)
+ syslog (LOG_ERR, "accept: %m");
+
+ /* XXX */
+ if (fd >= 0 && suspicious_address (fd, peer)) {
+ close (fd);
+ fd = -1;
+ errno = EINTR;
+ }
+ } else if(sockets[i].flags == UNIX_SOCKET) {
+ socklen_t zero = 0;
+
+ fd = accept (sockets[i].fd, NULL, &zero);
+
+ if (fd < 0 && errno != EINTR)
+ syslog (LOG_ERR, "accept: %m");
+#ifdef MAY_HAVE_X11_PIPES
+ } else if(sockets[i].flags == STREAM_PIPE) {
+ /*
+ * this code tries to handle the
+ * send fd-over-pipe stuff for
+ * solaris
+ */
+
+ struct strrecvfd strrecvfd;
+
+ ret = ioctl (sockets[i].fd,
+ I_RECVFD, &strrecvfd);
+ if (ret < 0 && errno != EINTR) {
+ syslog (LOG_ERR, "ioctl I_RECVFD: %m");
+ }
+
+ /* XXX */
+ if (ret == 0) {
+ if (strrecvfd.uid != getuid()) {
+ close (strrecvfd.fd);
+ fd = -1;
+ errno = EINTR;
+ } else {
+ fd = strrecvfd.fd;
+ cookiesp = FALSE;
+ }
+ }
+#endif /* MAY_HAVE_X11_PIPES */
+ } else
+ abort ();
+ break;
+ }
+ }
+ }
+ if (fd < 0) {
+ if (errno == EINTR)
+ continue;
+ else
+ return 1;
+ }
+
+ child = fork ();
+ if (child < 0) {
+ syslog (LOG_ERR, "fork: %m");
+ if(errno != EAGAIN)
+ return 1;
+ close_connection(fd, strerror(errno));
+ } else if (child == 0) {
+ for (i = 0; i < nsockets; ++i)
+ close (sockets[i].fd);
+ return doit_conn (kc, fd, sock, flags, cookiesp);
+ } else {
+ close (fd);
+ }
+ }
+}
+
+/*
+ * Handle an active session on `sock'
+ */
+
+static int
+doit_active (kx_context *kc,
+ int sock,
+ int flags,
+ int tcp_flag)
+{
+ u_char msg[1024], *p;
+
+ check_user_console (kc, sock);
+
+ p = msg;
+ *p++ = ACK;
+
+ if(kx_write (kc, sock, msg, p - msg) < 0) {
+ syslog (LOG_ERR, "write: %m");
+ return 1;
+ }
+ for (;;) {
+ pid_t child;
+ int len;
+
+ len = kx_read (kc, sock, msg, sizeof(msg));
+ if (len < 0) {
+ syslog (LOG_ERR, "read: %m");
+ return 1;
+ }
+ p = (u_char *)msg;
+ if (*p != NEW_CONN) {
+ syslog (LOG_ERR, "bad_message: %d", *p);
+ return 1;
+ }
+
+ child = fork ();
+ if (child < 0) {
+ syslog (LOG_ERR, "fork: %m");
+ if (errno != EAGAIN)
+ return 1;
+ } else if (child == 0) {
+ return doit_conn (kc, sock, sock, flags, 1);
+ } else {
+ }
+ }
+}
+
+/*
+ * Receive a connection on `sock' and process it.
+ */
+
+static int
+doit(int sock, int tcp_flag)
+{
+ int ret;
+ kx_context context;
+ int dispnr;
+ int nsockets;
+ struct x_socket *sockets;
+ int flags;
+
+ flags = recv_conn (sock, &context, &dispnr, &nsockets, &sockets, tcp_flag);
+
+ if (flags & PASSIVE)
+ ret = doit_passive (&context, sock, flags, dispnr,
+ nsockets, sockets, tcp_flag);
+ else
+ ret = doit_active (&context, sock, flags, tcp_flag);
+ context_destroy (&context);
+ return ret;
+}
+
+static char *port_str = NULL;
+static int inetd_flag = 1;
+static int tcp_flag = 0;
+static int version_flag = 0;
+static int help_flag = 0;
+
+struct getargs args[] = {
+ { "inetd", 'i', arg_negative_flag, &inetd_flag,
+ "Not started from inetd" },
+ { "tcp", 't', arg_flag, &tcp_flag, "Use TCP" },
+ { "port", 'p', arg_string, &port_str, "Use this port",
+ "port" },
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 0, arg_flag, &help_flag }
+};
+
+static void
+usage(int ret)
+{
+ arg_printusage (args,
+ sizeof(args) / sizeof(args[0]),
+ NULL,
+ "host");
+ exit (ret);
+}
+
+/*
+ * kxd - receive a forwarded X conncection
+ */
+
+int
+main (int argc, char **argv)
+{
+ int port;
+ int optind = 0;
+
+ setprogname (argv[0]);
+ roken_openlog ("kxd", LOG_ODELAY | LOG_PID, LOG_DAEMON);
+
+ if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
+ &optind))
+ usage (1);
+
+ if (help_flag)
+ usage (0);
+
+ if (version_flag) {
+ print_version (NULL);
+ return 0;
+ }
+
+ if(port_str) {
+ struct servent *s = roken_getservbyname (port_str, "tcp");
+
+ if (s)
+ port = s->s_port;
+ else {
+ char *ptr;
+
+ port = strtol (port_str, &ptr, 10);
+ if (port == 0 && ptr == port_str)
+ errx (1, "bad port `%s'", port_str);
+ port = htons(port);
+ }
+ } else {
+#if defined(KRB5)
+ port = krb5_getportbyname(NULL, "kx", "tcp", KX_PORT);
+#elif defined(KRB4)
+ port = k_getportbyname ("kx", "tcp", htons(KX_PORT));
+#else
+#error define KRB4 or KRB5
+#endif
+ }
+
+ if (!inetd_flag)
+ mini_inetd (port);
+
+ signal (SIGCHLD, childhandler);
+ return doit(STDIN_FILENO, tcp_flag);
+}
diff --git a/crypto/heimdal/appl/kx/kxd.cat8 b/crypto/heimdal/appl/kx/kxd.cat8
new file mode 100644
index 0000000..e033cee
--- /dev/null
+++ b/crypto/heimdal/appl/kx/kxd.cat8
@@ -0,0 +1,37 @@
+
+KXD(8) UNIX System Manager's Manual KXD(8)
+
+NNAAMMEE
+ kkxxdd - securely forward X conections
+
+SSYYNNOOPPSSIISS
+ _k_x_d [--tt] [--ii] [--pp _p_o_r_t]
+
+DDEESSCCRRIIPPTTIIOONN
+ This is the daemon for kkxx.
+
+ Options supported by kkxxdd:
+
+ --tt TCP. Normally kkxxdd will only listen for X connections on a UNIX
+ socket, but some machines (for example, Cray) have X libraries
+ that are not able to use UNIX sockets and thus you need to use
+ TCP to talk to the pseudo-xserver created by kkxxdd.. This option de-
+ creases the security significantly and should only be used when
+ it is necessary and you have considered the consequences of doing
+ so.
+
+ --ii Interactive. Do not expect to be started by iinneettdd,, but allocate
+ and listen to the socket yourself. Handy for testing and debug-
+ ging.
+
+ --pp Port. Listen on the port _p_o_r_t. Only usable with --ii.
+
+EEXXAAMMPPLLEESS
+ Put the following in _/_e_t_c_/_i_n_e_t_d_._c_o_n_f:
+
+ kx stream tcp nowait root /usr/athena/libexec/kxd kxd
+
+SSEEEE AALLSSOO
+ kx(1), rxtelnet(1), rxterm(1)
+
+ KTH-KRB September 27, 1996 1
diff --git a/crypto/heimdal/appl/kx/rxtelnet.1 b/crypto/heimdal/appl/kx/rxtelnet.1
new file mode 100644
index 0000000..7c37a7a
--- /dev/null
+++ b/crypto/heimdal/appl/kx/rxtelnet.1
@@ -0,0 +1,80 @@
+.\" $Id: rxtelnet.1,v 1.6 2001/01/11 16:16:26 assar Exp $
+.\"
+.Dd September 27, 1996
+.Dt RXTELNET 1
+.Os KTH_KRB
+.Sh NAME
+.Nm rxtelnet
+.Nd
+start a telnet and forward X-connections.
+.Sh SYNOPSIS
+.Nm rxtelnet
+.Op Fl l Ar username
+.Op Fl k
+.Op Fl t Ar telnet_args
+.Op Fl x Ar xterm_args
+.Op Fl w Ar term_emulator
+.Op Fl n
+.Ar host
+.Op Ar port
+.Sh DESCRIPTION
+The
+.Nm
+program starts a
+.Nm xterm
+window with a telnet to host
+.Ar host .
+From this window you will also be able to run X clients that will be
+able to connect securily to your X server. If
+.Ar port
+is given, that port will be used instead of the default.
+.Pp
+The supported options are:
+.Bl -tag -width Ds
+.It Fl l
+Log in on the remote host as user
+.Ar username
+.It Fl k
+Disables keep-alives
+.It Fl t
+Send
+.Ar telnet_args
+as arguments to
+.Nm telnet
+.It Fl x
+Send
+.Ar xterm_args
+as arguments to
+.Nm xterm
+.It Fl w
+Use
+.Ar term_emulator
+instead of xterm.
+.It Fl n
+Do not start any terminal emulator.
+.El
+.Sh EXAMPLE
+To login from host
+.Va foo
+(where your display is)
+to host
+.Va bar ,
+you might do the following.
+.Bl -enum
+.It
+On foo:
+.Nm
+.Va bar
+.It
+You will get a new window with a
+.Nm telnet
+to
+.Va bar .
+In this window you will be able to start X clients.
+.El
+.Sh SEE ALSO
+.Xr rxterm 1 ,
+.Xr tenletxr 1 ,
+.Xr kx 1 ,
+.Xr kxd 8 ,
+.Xr telnet 1
diff --git a/crypto/heimdal/appl/kx/rxtelnet.cat1 b/crypto/heimdal/appl/kx/rxtelnet.cat1
new file mode 100644
index 0000000..ad3f420
--- /dev/null
+++ b/crypto/heimdal/appl/kx/rxtelnet.cat1
@@ -0,0 +1,43 @@
+
+RXTELNET(1) UNIX Reference Manual RXTELNET(1)
+
+NNAAMMEE
+ rrxxtteellnneett - start a telnet and forward X-connections.
+
+SSYYNNOOPPSSIISS
+ rrxxtteellnneett [--ll _u_s_e_r_n_a_m_e] [--kk] [--tt _t_e_l_n_e_t___a_r_g_s] [--xx _x_t_e_r_m___a_r_g_s] [--ww
+ _t_e_r_m___e_m_u_l_a_t_o_r] [--nn] _h_o_s_t [_p_o_r_t]
+
+DDEESSCCRRIIPPTTIIOONN
+ The rrxxtteellnneett program starts a xxtteerrmm window with a telnet to host _h_o_s_t.
+ From this window you will also be able to run X clients that will be able
+ to connect securily to your X server. If _p_o_r_t is given, that port will be
+ used instead of the default.
+
+ The supported options are:
+
+ --ll Log in on the remote host as user _u_s_e_r_n_a_m_e
+
+ --kk Disables keep-alives
+
+ --tt Send _t_e_l_n_e_t___a_r_g_s as arguments to tteellnneett
+
+ --xx Send _x_t_e_r_m___a_r_g_s as arguments to xxtteerrmm
+
+ --ww Use _t_e_r_m___e_m_u_l_a_t_o_r instead of xterm.
+
+ --nn Do not start any terminal emulator.
+
+EEXXAAMMPPLLEE
+ To login from host _f_o_o (where your display is) to host _b_a_r, you might do
+ the following.
+
+ 1. On foo: rrxxtteellnneett _b_a_r
+
+ 2. You will get a new window with a tteellnneett to _b_a_r. In this window you
+ will be able to start X clients.
+
+SSEEEE AALLSSOO
+ rxterm(1), tenletxr(1), kx(1), kxd(8), telnet(1)
+
+ KTH_KRB September 27, 1996 1
diff --git a/crypto/heimdal/appl/kx/rxtelnet.in b/crypto/heimdal/appl/kx/rxtelnet.in
new file mode 100644
index 0000000..233f10b
--- /dev/null
+++ b/crypto/heimdal/appl/kx/rxtelnet.in
@@ -0,0 +1,63 @@
+#!/bin/sh
+# $Id: rxtelnet.in,v 1.26 1999/02/04 21:19:50 assar Exp $
+#
+usage="Usage: $0 [-l username] [-k] [-t args_to_telnet] [-x args_to_xterm] [-w term_emulator] [-n] [-v] [-h | --help] [--version] host [port]"
+term=
+kx_args=-P
+while true
+do
+ case $1 in
+ -l) telnet_args="${telnet_args} -l $2 "; kx_args="${kx_args} -l $2"; title="${2}@"; shift 2;;
+ -t) telnet_args="${telnet_args} $2 "; shift 2;;
+ -x) xterm_args="${xterm_args} $2 "; shift 2;;
+ -k) kx_args="${kx_args} -k"; shift;;
+ -n) term=none; shift;;
+ -w) term=$2; shift 2;;
+ --version) echo "$0: %PACKAGE% %VERSION%"; exit 0;;
+ -h) echo $usage; exit 0;;
+ --help) echo $usage; exit 0;;
+ -v) set -x; verb=1; shift;;
+ -*) echo "$0: Bad option $1"; echo $usage; exit 1;;
+ *) break;;
+ esac
+done
+if test $# -lt 1; then
+ echo $usage
+ exit 1
+fi
+host=$1
+port=$2
+title="${title}${host}"
+bindir=%bindir%
+pdc_trams=`dirname $0`
+PATH=$pdc_trams:$bindir:$PATH
+export PATH
+set -- `kx $kx_args $host`
+if test $# -ne 3; then
+ exit 1
+fi
+screen=`echo $DISPLAY | sed -ne 's/[^:]*:[0-9]*\(\.[0-9]*\)/\1/p'`
+pid=$1
+disp=${2}${screen}
+auth=$3
+oldifs=$IFS
+IFS=:
+set -- $PATH
+IFS=$oldifs
+if test -z "$term"; then
+ for j in xterm dtterm aixterm dxterm hpterm; do
+ for i in $*; do
+ test -n "$i" || i="."
+ if test -x $i/$j; then
+ term=$j; break 2
+ fi
+ done
+ done
+fi
+test "$verb" && echo "Telnet command used is `type telnet`."
+if test -n "$term" -a "$term" != "none"; then
+ ($term -title $title -n $title $xterm_args -e env DISPLAY=$disp XAUTHORITY=$auth telnet -D $telnet_args $host $port; kill -USR2 $pid) &
+else
+ env DISPLAY=$disp XAUTHORITY=$auth telnet -D $telnet_args $host $port
+ kill -USR2 $pid
+fi
diff --git a/crypto/heimdal/appl/kx/rxterm.1 b/crypto/heimdal/appl/kx/rxterm.1
new file mode 100644
index 0000000..e8dd0c8
--- /dev/null
+++ b/crypto/heimdal/appl/kx/rxterm.1
@@ -0,0 +1,77 @@
+.\" $Id: rxterm.1,v 1.4 1997/06/03 00:58:23 assar Exp $
+.\"
+.Dd September 27, 1996
+.Dt RXTERM 1
+.Os KTH_KRB
+.Sh NAME
+.Nm rxterm
+.Nd
+start a secure remote xterm
+.Sh SYNOPSIS
+.Nm rxterm
+.Op Fl l Ar username
+.Op Fl k
+.Op Fl r Ar rsh_args
+.Op Fl x Ar xterm_args
+.Op Fl w Ar term_emulator
+.Ar host
+.Op Ar port
+.Sh DESCRIPTION
+The
+.Nm
+program starts a
+.Nm xterm
+window on host
+.Ar host .
+From this window you will also be able to run X clients that will be
+able to connect securily to your X server. If
+.Ar port
+is given, that port will be used instead of the default.
+.Pp
+The supported options are:
+.Bl -tag -width Ds
+.It Fl l
+Log in on the remote host as user
+.Ar username
+.It Fl k
+Disable keep-alives
+.It Fl r
+Send
+.Ar rsh_args
+as arguments to
+.Nm rsh
+.It Fl x
+Send
+.Ar xterm_args
+as arguments to
+.Nm xterm
+.It Fl w
+Use
+.Ar term_emulator
+instead of xterm.
+.El
+.Sh EXAMPLE
+To login from host
+.Va foo
+(where your display is)
+to host
+.Va bar ,
+you might do the following.
+.Bl -enum
+.It
+On foo:
+.Nm
+.Va bar
+.It
+You will get a new window running an
+.Nm xterm
+on host
+.Va bar .
+In this window you will be able to start X clients.
+.El
+.Sh SEE ALSO
+.Xr rxtelnet 1 ,
+.Xr tenletxr 1 ,
+.Xr kx 1 ,
+.Xr kxd 8 ,
+.Xr rsh 1
diff --git a/crypto/heimdal/appl/kx/rxterm.cat1 b/crypto/heimdal/appl/kx/rxterm.cat1
new file mode 100644
index 0000000..56eec66
--- /dev/null
+++ b/crypto/heimdal/appl/kx/rxterm.cat1
@@ -0,0 +1,41 @@
+
+RXTERM(1) UNIX Reference Manual RXTERM(1)
+
+NNAAMMEE
+ rrxxtteerrmm - start a secure remote xterm
+
+SSYYNNOOPPSSIISS
+ rrxxtteerrmm [--ll _u_s_e_r_n_a_m_e] [--kk] [--rr _r_s_h___a_r_g_s] [--xx _x_t_e_r_m___a_r_g_s] [--ww
+ _t_e_r_m___e_m_u_l_a_t_o_r] _h_o_s_t [_p_o_r_t]
+
+DDEESSCCRRIIPPTTIIOONN
+ The rrxxtteerrmm program starts a xxtteerrmm window on host _h_o_s_t. From this window
+ you will also be able to run X clients that will be able to connect se-
+ curily to your X server. If _p_o_r_t is given, that port will be used instead
+ of the default.
+
+ The supported options are:
+
+ --ll Log in on the remote host as user _u_s_e_r_n_a_m_e
+
+ --kk Disable keep-alives
+
+ --rr Send _r_s_h___a_r_g_s as arguments to rrsshh
+
+ --xx Send _x_t_e_r_m___a_r_g_s as arguments to xxtteerrmm
+
+ --ww Use _t_e_r_m___e_m_u_l_a_t_o_r instead of xterm.
+
+EEXXAAMMPPLLEE
+ To login from host _f_o_o (where your display is) to host _b_a_r, you might do
+ the following.
+
+ 1. On foo: rrxxtteerrmm _b_a_r
+
+ 2. You will get a new window running an xxtteerrmm on host _b_a_r. In this win-
+ dow you will be able to start X clients.
+
+SSEEEE AALLSSOO
+ rxtelnet(1), tenletxr(1), kx(1), kxd(8), rsh(1)
+
+ KTH_KRB September 27, 1996 1
diff --git a/crypto/heimdal/appl/kx/rxterm.in b/crypto/heimdal/appl/kx/rxterm.in
new file mode 100644
index 0000000..dab3645
--- /dev/null
+++ b/crypto/heimdal/appl/kx/rxterm.in
@@ -0,0 +1,41 @@
+#!/bin/sh
+# $Id: rxterm.in,v 1.20 1999/02/04 09:29:49 assar Exp $
+#
+usage="Usage: $0 [-l username] [-k] [-r rsh_args] [-x xterm_args] [-w term_emulator] [-v] [-h | --help] [--version] host"
+term=xterm
+while true
+do
+ case $1 in
+ -l) rsh_args="${rsh_args} -l $2 "; kx_args="${kx_args} -l $2"; title="${2}@"; shift 2;;
+ -r) rsh_args="${rsh_args} $2 "; shift 2;;
+ -x) xterm_args="${xterm_args} $2 "; shift 2;;
+ -k) kx_args="${kx_args} -k"; shift;;
+ -w) term=$2; shift 2;;
+ --version) echo "$0: %PACKAGE% %VERSION%"; exit 0;;
+ -h) echo $usage; exit 0;;
+ --help) echo $usage; exit 0;;
+ -v) set -x; shift;;
+ -*) echo "$0: Bad option $1"; echo $usage; exit 1;;
+ *) break;;
+ esac
+done
+if test $# -lt 1; then
+ echo "Usage: $0 host [arguments to $term]"
+ exit 1
+fi
+host=$1
+title="${title}${host}"
+bindir=%bindir%
+pdc_trams=`dirname $0`
+PATH=$pdc_trams:$bindir:$PATH
+export PATH
+set -- `kx $kx_args $host`
+if test $# -ne 3; then
+ exit 1
+fi
+screen=`echo $DISPLAY | sed -ne 's/[^:]*:[0-9]*\(\.[0-9]*\)/\1/p'`
+pid=$1
+disp=${2}${screen}
+auth=$3
+kill -USR1 $pid
+rsh -n $rsh_args $host "/bin/sh -c 'DISPLAY=$disp XAUTHORITY=$auth $term -T $title -n $title $xterm_args </dev/null >/dev/null 2>/dev/null &'"
diff --git a/crypto/heimdal/appl/kx/tenletxr.1 b/crypto/heimdal/appl/kx/tenletxr.1
new file mode 100644
index 0000000..ae7c858
--- /dev/null
+++ b/crypto/heimdal/appl/kx/tenletxr.1
@@ -0,0 +1,61 @@
+.\" $Id: tenletxr.1,v 1.2 1997/03/31 03:43:33 assar Exp $
+.\"
+.Dd March 31, 1997
+.Dt TENLETXR 1
+.Os KTH_KRB
+.Sh NAME
+.Nm tenletxr
+.Nd
+forward X-connections backwards.
+.Sh SYNOPSIS
+.Nm tenletxr
+.Op Fl l Ar username
+.Op Fl k
+.Ar host
+.Op Ar port
+.Sh DESCRIPTION
+The
+.Nm
+program
+enables forwarding of X-connections from this machine to host
+.Ar host .
+If
+.Ar port
+is given, that port will be used instead of the default.
+.Pp
+The supported options are:
+.Bl -tag -width Ds
+.It Fl l
+Log in on the remote host as user
+.Ar username
+.It Fl k
+Disables keep-alives.
+.El
+.Sh EXAMPLE
+To login from host
+.Va foo
+to host
+.Va bar
+(where your display is),
+you might do the following.
+.Bl -enum
+.It
+On foo:
+.Nm
+.Va bar
+.It
+You will get a new shell where you will be able to start X clients
+that will show their windows on
+.Va bar .
+.El
+.Sh BUGS
+It currently checks if you have permission to run it by checking if
+you own
+.Pa /dev/console
+on the remote host.
+.Sh SEE ALSO
+.Xr rxtelnet 1 ,
+.Xr rxterm 1 ,
+.Xr kx 1 ,
+.Xr kxd 8 ,
+.Xr telnet 1
diff --git a/crypto/heimdal/appl/kx/tenletxr.cat1 b/crypto/heimdal/appl/kx/tenletxr.cat1
new file mode 100644
index 0000000..c1714e7
--- /dev/null
+++ b/crypto/heimdal/appl/kx/tenletxr.cat1
@@ -0,0 +1,37 @@
+
+TENLETXR(1) UNIX Reference Manual TENLETXR(1)
+
+NNAAMMEE
+ tteennlleettxxrr - forward X-connections backwards.
+
+SSYYNNOOPPSSIISS
+ tteennlleettxxrr [--ll _u_s_e_r_n_a_m_e] [--kk] _h_o_s_t [_p_o_r_t]
+
+DDEESSCCRRIIPPTTIIOONN
+ The tteennlleettxxrr program enables forwarding of X-connections from this ma-
+ chine to host _h_o_s_t. If _p_o_r_t is given, that port will be used instead of
+ the default.
+
+ The supported options are:
+
+ --ll Log in on the remote host as user _u_s_e_r_n_a_m_e
+
+ --kk Disables keep-alives.
+
+EEXXAAMMPPLLEE
+ To login from host _f_o_o to host _b_a_r (where your display is), you might do
+ the following.
+
+ 1. On foo: tteennlleettxxrr _b_a_r
+
+ 2. You will get a new shell where you will be able to start X clients
+ that will show their windows on _b_a_r.
+
+BBUUGGSS
+ It currently checks if you have permission to run it by checking if you
+ own _/_d_e_v_/_c_o_n_s_o_l_e on the remote host.
+
+SSEEEE AALLSSOO
+ rxtelnet(1), rxterm(1), kx(1), kxd(8), telnet(1)
+
+ KTH_KRB March 31, 1997 1
diff --git a/crypto/heimdal/appl/kx/tenletxr.in b/crypto/heimdal/appl/kx/tenletxr.in
new file mode 100644
index 0000000..5c05dc9
--- /dev/null
+++ b/crypto/heimdal/appl/kx/tenletxr.in
@@ -0,0 +1,37 @@
+#!/bin/sh
+# $Id: tenletxr.in,v 1.3 1999/02/04 09:29:59 assar Exp $
+#
+usage="Usage: $0 [-l username] [-k] [-v] [-h | --help] [--version] host [port]"
+while true
+do
+ case $1 in
+ -l) kx_args="${kx_args} -l $2"; shift 2;;
+ -k) kx_args="${kx_args} -k"; shift;;
+ --version) echo "$0: %PACKAGE% %VERSION%"; exit 0;;
+ -h) echo $usage; exit 0;;
+ --help) echo $usage; exit 0;;
+ -v) set -x; shift;;
+ -*) echo "$0: Bad option $1"; echo $usage; exit 1;;
+ *) break;;
+ esac
+done
+if test $# -lt 1; then
+ echo $usage
+ exit 1
+fi
+host=$1
+port=$2
+bindir=%bindir%
+pdc_trams=`dirname $0`
+PATH=$pdc_trams:$bindir:$PATH
+export PATH
+set -- `kx $kx_args $host`
+if test $# -ne 3; then
+ exit 1
+fi
+screen=`echo $DISPLAY | sed -ne 's/[^:]*:[0-9]*\(\.[0-9]*\)/\1/p'`
+pid=$1
+disp=${2}${screen}
+auth=$3
+env DISPLAY=$disp XAUTHORITY=$auth $SHELL
+kill -USR2 $pid
diff --git a/crypto/heimdal/appl/kx/writeauth.c b/crypto/heimdal/appl/kx/writeauth.c
new file mode 100644
index 0000000..11dc72d
--- /dev/null
+++ b/crypto/heimdal/appl/kx/writeauth.c
@@ -0,0 +1,73 @@
+/* $XConsortium: AuWrite.c,v 1.6 94/04/17 20:15:45 gildea Exp $ */
+
+/*
+
+Copyright (c) 1988 X Consortium
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of the X Consortium shall not be
+used in advertising or otherwise to promote the sale, use or other dealings
+in this Software without prior written authorization from the X Consortium.
+
+*/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: writeauth.c,v 1.4 1999/05/12 17:59:44 assar Exp $");
+#endif
+
+#include <X11/Xauth.h>
+
+static int
+write_short (unsigned short s, FILE *file)
+{
+ unsigned char file_short[2];
+
+ file_short[0] = (s & (unsigned)0xff00) >> 8;
+ file_short[1] = s & 0xff;
+ if (fwrite (file_short, sizeof (file_short), 1, file) != 1)
+ return 0;
+ return 1;
+}
+
+static int
+write_counted_string (unsigned short count, char *string, FILE *file)
+{
+ if (write_short (count, file) == 0)
+ return 0;
+ if (fwrite (string, (int) sizeof (char), (int) count, file) != count)
+ return 0;
+ return 1;
+}
+
+int
+XauWriteAuth (FILE *auth_file, Xauth *auth)
+{
+ if (write_short (auth->family, auth_file) == 0)
+ return 0;
+ if (write_counted_string (auth->address_length, auth->address, auth_file) == 0)
+ return 0;
+ if (write_counted_string (auth->number_length, auth->number, auth_file) == 0)
+ return 0;
+ if (write_counted_string (auth->name_length, auth->name, auth_file) == 0)
+ return 0;
+ if (write_counted_string (auth->data_length, auth->data, auth_file) == 0)
+ return 0;
+ return 1;
+}
OpenPOWER on IntegriCloud