Initial import of KTH eBones. This has been cleaned up to only include

the "core" Kerberos functionality. The rest of the userland will get their
own changes later.

5 files changed, 722 insertions, 0 deletions

diff --git a/crypto/kerberosIV/kuser/Makefile.in b/crypto/kerberosIV/kuser/Makefile.in
new file mode 100644
index 0000000..aff8c19
--- /dev/null
+++ b/crypto/kerberosIV/kuser/Makefile.in
@@ -0,0 +1,92 @@
+# $Id: Makefile.in,v 1.23 1997/03/23 13:04:08 assar Exp $
+
+SHELL	= /bin/sh
+
+srcdir	= @srcdir@
+VPATH	= @srcdir@
+
+topdir	= ..
+
+CC		= @CC@
+AR		= ar
+RANLIB		= @RANLIB@
+DEFS		= @DEFS@
+CFLAGS		= @CFLAGS@
+LD_FLAGS	= @LD_FLAGS@
+INSTALL		= @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+LIBS		= @LIBS@
+KRB_KAFS_LIB	= @KRB_KAFS_LIB@
+MKINSTALLDIRS	= @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+bindir = @bindir@
+libdir = @libdir@
+transform=@program_transform_name@
+EXECSUFFIX=@EXECSUFFIX@
+
+PROGS = kinit$(EXECSUFFIX) \
+	kdestroy$(EXECSUFFIX) \
+	klist$(EXECSUFFIX)
+
+SOURCES = kinit.c kdestroy.c klist.c
+
+OBJECTS = kinit.o kdestroy.o klist.o
+
+all: $(PROGS)
+
+Wall:
+	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+	$(CC) -c $(CPPFLAGS) $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $<
+
+install: all
+	$(MKINSTALLDIRS) $(bindir)
+	for x in $(PROGS); do \
+	  $(INSTALL_PROGRAM) $$x $(bindir)/`echo $$x | sed '$(transform)'`; \
+	done
+
+uninstall:
+	for x in $(PROGS); do \
+	  rm -f $(bindir)/`echo $$x | sed '$(transform)'`; \
+	done
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+check:
+
+clean:
+	rm -f *.a *.o $(PROGS)
+
+mostlyclean: clean
+
+distclean: clean
+	rm -f Makefile *.tab.c *~
+
+realclean: distclean
+	rm -f TAGS
+
+dist: $(DISTFILES)
+	for file in $(DISTFILES); do \
+	  ln $$file ../`cat ../.fname`/lib \
+	    || cp -p $$file ../`cat ../.fname`/lib; \
+	done
+
+KLIB=-L../lib/krb -lkrb -L../lib/des -ldes
+LIBROKEN=-L../lib/roken -lroken
+
+kinit$(EXECSUFFIX): kinit.o
+	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kinit.o $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+kdestroy$(EXECSUFFIX): kdestroy.o
+	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdestroy.o $(KRB_KAFS_LIB) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+klist$(EXECSUFFIX): klist.o
+	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ klist.o $(KRB_KAFS_LIB) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+# su move to appl/bsd
+
+$(OBJECTS): ../include/config.h
diff --git a/crypto/kerberosIV/kuser/kdestroy.c b/crypto/kerberosIV/kuser/kdestroy.c
new file mode 100644
index 0000000..2fe36c3
--- /dev/null
+++ b/crypto/kerberosIV/kuser/kdestroy.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright 1987, 1988 by the Massachusetts Institute of Technology. 
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>. 
+ *
+ * This program causes Kerberos tickets to be destroyed.
+ * Options are: 
+ *
+ *   -q[uiet]	- no bell even if tickets not destroyed
+ *   -f[orce]	- no message printed at all 
+ *   -t		- do not destroy tokens
+ */
+
+#include "kuser_locl.h"
+#include <kafs.h>
+
+RCSID("$Id: kdestroy.c,v 1.8 1997/03/30 16:15:03 joda Exp $");
+
+static void
+usage(void)
+{
+    fprintf(stderr, "Usage: %s [-f] [-q] [-t]\n", __progname);
+    exit(1);
+}
+
+int
+main(int argc, char **argv)
+{
+    int fflag=0, tflag = 0, k_errno;
+    int c;
+
+    set_progname(argv[0]);
+
+    while((c = getopt(argc, argv, "fqt")) >= 0){
+	switch(c){
+	case 'f':
+	case 'q':
+	    fflag++;
+	    break;
+	case 't':
+	    tflag++;
+	    break;
+	default:
+	    usage();
+	}
+    }
+    if(argc - optind > 0)
+	usage();
+
+    k_errno = dest_tkt();
+
+    if(!tflag && k_hasafs())
+	k_unlog();
+
+    if (fflag) {
+	if (k_errno != 0 && k_errno != RET_TKFIL)
+	    exit(1);
+	else
+	    exit(0);
+    } else {
+	if (k_errno == 0)
+	    printf("Tickets destroyed.\n");
+	else if (k_errno == RET_TKFIL)
+	    printf("No tickets to destroy.\n");
+	else {
+	    printf("Tickets NOT destroyed.\n");
+	    exit(1);
+	}
+    }
+    exit(0);
+}
diff --git a/crypto/kerberosIV/kuser/kinit.c b/crypto/kerberosIV/kuser/kinit.c
new file mode 100644
index 0000000..64910b9
--- /dev/null
+++ b/crypto/kerberosIV/kuser/kinit.c
@@ -0,0 +1,158 @@
+/*
+ * Copyright 1987, 1988 by the Massachusetts Institute of Technology. 
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>. 
+ *
+ * Routine to initialize user to Kerberos.  Prompts optionally for
+ * user, instance and realm.  Authenticates user and gets a ticket
+ * for the Kerberos ticket-granting service for future use. 
+ *
+ * Options are: 
+ *
+ *   -i[instance]
+ *   -r[realm]
+ *   -v[erbose]
+ *   -l[ifetime]
+ *   -p
+ */
+
+#include "kuser_locl.h"
+
+RCSID("$Id: kinit.c,v 1.15 1997/03/30 18:58:46 assar Exp $");
+
+#define	LIFE	DEFAULT_TKT_LIFE /* lifetime of ticket in 5-minute units */
+#define CHPASSLIFE 2
+
+static void
+get_input(char *s, int size, FILE *stream)
+{
+    char *p;
+
+    if (fgets(s, size, stream) == NULL)
+	exit(1);
+    if ( (p = strchr(s, '\n')) != NULL)
+	*p = '\0';
+}
+
+
+static void
+usage(void)
+{
+    fprintf(stderr, "Usage: %s [-irvlp] [name]\n", __progname);
+    exit(1);
+}
+
+int
+main(int argc, char **argv)
+{
+    char    aname[ANAME_SZ];
+    char    inst[INST_SZ];
+    char    realm[REALM_SZ];
+    char    buf[MaxHostNameLen];
+    char    name[MAX_K_NAME_SZ];
+    char   *username = NULL;
+    int     iflag, rflag, vflag, lflag, pflag, lifetime, k_errno;
+    int	    i;
+
+    set_progname (argv[0]);
+
+    *inst = *realm = '\0';
+    iflag = rflag = vflag = lflag = pflag = 0;
+    lifetime = LIFE;
+    set_progname(argv[0]);
+
+    while (--argc) {
+	if ((*++argv)[0] != '-') {
+	    if (username)
+		usage();
+	    username = *argv;
+	    continue;
+	}
+	for (i = 1; (*argv)[i] != '\0'; i++)
+	    switch ((*argv)[i]) {
+	    case 'i':		/* Instance */
+		++iflag;
+		continue;
+	    case 'r':		/* Realm */
+		++rflag;
+		continue;
+	    case 'v':		/* Verbose */
+		++vflag;
+		continue;
+	    case 'l':
+		++lflag;
+		continue;
+	    case 'p':
+		++pflag;	/* chpass-tickets */
+		lifetime = CHPASSLIFE;
+		break;
+	    default:
+		usage();
+	    }
+    }
+    if (username &&
+	(k_errno = kname_parse(aname, inst, realm, username)) != KSUCCESS) {
+	warnx("%s", krb_get_err_text(k_errno));
+	iflag = rflag = 1;
+	username = NULL;
+    }
+    if (k_gethostname(buf, MaxHostNameLen)) 
+	err(1, "k_gethostname failed");
+    printf("%s (%s)\n", ORGANIZATION, buf);
+    if (username) {
+	printf("Kerberos Initialization for \"%s", aname);
+	if (*inst)
+	    printf(".%s", inst);
+	if (*realm)
+	    printf("@%s", realm);
+	printf("\"\n");
+    } else {
+	printf("Kerberos Initialization\n");
+	printf("Kerberos name: ");
+	get_input(name, sizeof(name), stdin);
+	if (!*name)
+	    return 0;
+	if ((k_errno = kname_parse(aname, inst, realm, name)) != KSUCCESS )
+	    errx(1, "%s", krb_get_err_text(k_errno));
+    }
+    /* optional instance */
+    if (iflag) {
+	printf("Kerberos instance: ");
+	get_input(inst, sizeof(inst), stdin);
+	if (!k_isinst(inst))
+	    errx(1, "bad Kerberos instance format");
+    }
+    if (rflag) {
+	printf("Kerberos realm: ");
+	get_input(realm, sizeof(realm), stdin);
+	if (!k_isrealm(realm))
+	    errx(1, "bad Kerberos realm format");
+    }
+    if (lflag) {
+	 printf("Kerberos ticket lifetime (minutes): ");
+	 get_input(buf, sizeof(buf), stdin);
+	 lifetime = atoi(buf);
+	 if (lifetime < 5)
+	      lifetime = 1;
+	 else
+	      lifetime = krb_time_to_life(0, lifetime*60);
+	 /* This should be changed if the maximum ticket lifetime */
+	 /* changes */
+	 if (lifetime > 255)
+	      lifetime = 255;
+    }
+    if (!*realm && krb_get_lrealm(realm, 1))
+	errx(1, "krb_get_lrealm failed");
+    k_errno = krb_get_pw_in_tkt(aname, inst, realm,
+				pflag ? PWSERV_NAME : 
+				KRB_TICKET_GRANTING_TICKET,
+				pflag ? KADM_SINST  : realm,
+				lifetime, 0);
+    if (vflag) {
+	printf("Kerberos realm %s:\n", realm);
+	printf("%s\n", krb_get_err_text(k_errno));
+    } else if (k_errno)
+	errx(1, "%s", krb_get_err_text(k_errno));
+    exit(0);
+}
diff --git a/crypto/kerberosIV/kuser/klist.c b/crypto/kerberosIV/kuser/klist.c
new file mode 100644
index 0000000..faf7d6b
--- /dev/null
+++ b/crypto/kerberosIV/kuser/klist.c
@@ -0,0 +1,314 @@
+/*
+ * Copyright 1987, 1988 by the Massachusetts Institute of Technology. 
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>. 
+ *
+ * Lists your current Kerberos tickets.
+ * Written by Bill Sommerfeld, MIT Project Athena.
+ */
+
+#include "kuser_locl.h"
+
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4
+#include <sys/ioctl.h>
+#endif
+
+#ifdef HAVE_SYS_IOCCOM_H
+#include <sys/ioccom.h>
+#endif
+
+#include <kafs.h>
+
+RCSID("$Id: klist.c,v 1.28 1997/05/26 17:33:50 bg Exp $");
+
+static int option_verbose = 0;
+
+static char *
+short_date(int32_t dp)
+{
+    char *cp;
+    time_t t = (time_t)dp;
+
+    if (t == (time_t)(-1L)) return "***  Never  *** ";
+    cp = ctime(&t) + 4;
+    cp[15] = '\0';
+    return (cp);
+}
+
+static void
+display_tktfile(char *file, int tgt_test, int long_form)
+{
+    krb_principal pr;
+    char    buf1[20], buf2[20];
+    int     k_errno;
+    CREDENTIALS c;
+    int     header = 1;
+
+    if ((file == NULL) && ((file = getenv("KRBTKFILE")) == NULL))
+	file = TKT_FILE;
+
+    if (long_form)
+	printf("Ticket file:	%s\n", file);
+
+    /* 
+     * Since krb_get_tf_realm will return a ticket_file error, 
+     * we will call tf_init and tf_close first to filter out
+     * things like no ticket file.  Otherwise, the error that 
+     * the user would see would be 
+     * klist: can't find realm of ticket file: No ticket file (tf_util)
+     * instead of
+     * klist: No ticket file (tf_util)
+     */
+
+    /* Open ticket file */
+    if ((k_errno = tf_init(file, R_TKT_FIL))) {
+	if (!tgt_test)
+	    warnx("%s", krb_get_err_text(k_errno));
+	exit(1);
+    }
+    /* Close ticket file */
+    tf_close();
+
+    /* 
+     * We must find the realm of the ticket file here before calling
+     * tf_init because since the realm of the ticket file is not
+     * really stored in the principal section of the file, the
+     * routine we use must itself call tf_init and tf_close.
+     */
+    if ((k_errno = krb_get_tf_realm(file, pr.realm)) != KSUCCESS) {
+	if (!tgt_test)
+	    warnx("can't find realm of ticket file: %s", 
+		  krb_get_err_text(k_errno));
+	exit(1);
+    }
+
+    /* Open ticket file */
+    if ((k_errno = tf_init(file, R_TKT_FIL))) {
+	if (!tgt_test)
+	    warnx("%s", krb_get_err_text(k_errno));
+	exit(1);
+    }
+    /* Get principal name and instance */
+    if ((k_errno = tf_get_pname(pr.name)) ||
+	(k_errno = tf_get_pinst(pr.instance))) {
+	if (!tgt_test)
+	    warnx("%s", krb_get_err_text(k_errno));
+	exit(1);
+    }
+
+    /* 
+     * You may think that this is the obvious place to get the
+     * realm of the ticket file, but it can't be done here as the
+     * routine to do this must open the ticket file.  This is why 
+     * it was done before tf_init.
+     */
+       
+    if (!tgt_test && long_form)
+	printf("Principal:\t%s\n\n", krb_unparse_name(&pr));
+    while ((k_errno = tf_get_cred(&c)) == KSUCCESS) {
+	if (!tgt_test && long_form && header) {
+	    printf("%-15s  %-15s  %s%s\n",
+		   "  Issued", "  Expires", "  Principal", 
+		   option_verbose ? " (kvno)" : "");
+	    header = 0;
+	}
+	if (tgt_test) {
+	    c.issue_date = krb_life_to_time(c.issue_date, c.lifetime);
+	    if (!strcmp(c.service, KRB_TICKET_GRANTING_TICKET) &&
+		!strcmp(c.instance, pr.realm)) {
+		if (time(0) < c.issue_date)
+		    exit(0);		/* tgt hasn't expired */
+		else
+		    exit(1);		/* has expired */
+	    }
+	    continue;			/* not a tgt */
+	}
+	if (long_form) {
+	    strcpy(buf1, short_date(c.issue_date));
+	    c.issue_date = krb_life_to_time(c.issue_date, c.lifetime);
+	    if (time(0) < (unsigned long) c.issue_date)
+	        strcpy(buf2, short_date(c.issue_date));
+	    else
+	        strcpy(buf2, ">>> Expired <<<");
+	    printf("%s  %s  ", buf1, buf2);
+	}
+	printf("%s", krb_unparse_name_long(c.service, c.instance, c.realm));
+	if(long_form && option_verbose)
+	  printf(" (%d)", c.kvno);
+	printf("\n");
+    }
+    if (tgt_test)
+	exit(1);			/* no tgt found */
+    if (header && long_form && k_errno == EOF) {
+	printf("No tickets in file.\n");
+    }
+}
+
+/* adapted from getst() in librkb */
+/*
+ * ok_getst() takes a file descriptor, a string and a count.  It reads
+ * from the file until either it has read "count" characters, or until
+ * it reads a null byte.  When finished, what has been read exists in
+ * the given string "s".  If "count" characters were actually read, the
+ * last is changed to a null, so the returned string is always null-
+ * terminated.  ok_getst() returns the number of characters read, including
+ * the null terminator.
+ *
+ * If there is a read error, it returns -1 (like the read(2) system call)
+ */
+
+static int
+ok_getst(int fd, char *s, int n)
+{
+    int count = n;
+    int err;
+    while ((err = read(fd, s, 1)) > 0 && --count)
+        if (*s++ == '\0')
+            return (n - count);
+    if (err < 0)
+	return(-1);
+    *s = '\0';
+    return (n - count);
+}
+
+static void
+display_tokens()
+{
+    u_int32_t i;
+    unsigned char t[128];
+    struct ViceIoctl parms;
+    struct ClearToken ct;
+    int size_secret_tok, size_public_tok;
+
+    parms.in = (void *)&i;
+    parms.in_size = sizeof(i);
+    parms.out = (void *)t;
+    parms.out_size = sizeof(t);
+
+    for (i = 0; k_pioctl(NULL, VIOCGETTOK, &parms, 0) == 0; i++) {
+        char *cell;
+	memcpy(&size_secret_tok, t, 4);
+	memcpy(&size_public_tok, t + 4 + size_secret_tok, 4);
+	memcpy(&ct, t + 4 + size_secret_tok + 4, size_public_tok);
+	cell = t + 4 + size_secret_tok + 4 + size_public_tok + 4;
+
+	printf("%-15s  ", short_date(ct.BeginTimestamp));
+	printf("%-15s  ", short_date(ct.EndTimestamp));
+	if ((ct.EndTimestamp - ct.BeginTimestamp) & 1)
+	  printf("User's (AFS ID %d) tokens for %s", ct.ViceId, cell);
+	else
+	  printf("Tokens for %s", cell);
+	if (option_verbose)
+	    printf(" (%d)", ct.AuthHandle);
+	putchar('\n');
+    }
+}
+
+static void
+display_srvtab(char *file)
+{
+    int stab;
+    char serv[SNAME_SZ];
+    char inst[INST_SZ];
+    char rlm[REALM_SZ];
+    unsigned char key[8];
+    unsigned char vno;
+    int count;
+
+    printf("Server key file:   %s\n", file);
+	
+    if ((stab = open(file, O_RDONLY, 0400)) < 0) {
+	perror(file);
+	exit(1);
+    }
+    printf("%-15s %-15s %-10s %s\n","Service","Instance","Realm",
+	   "Key Version");
+    printf("------------------------------------------------------\n");
+
+    /* argh. getst doesn't return error codes, it silently fails */
+    while (((count = ok_getst(stab, serv, SNAME_SZ)) > 0)
+	   && ((count = ok_getst(stab, inst, INST_SZ)) > 0)
+	   && ((count = ok_getst(stab, rlm, REALM_SZ)) > 0)) {
+	if (((count = read(stab,  &vno,1)) != 1) ||
+	     ((count = read(stab, key,8)) != 8)) {
+	    if (count < 0)
+		err(1, "reading from key file");
+	    else
+		errx(1, "key file truncated");
+	}
+	printf("%-15s %-15s %-15s %d\n",serv,inst,rlm,vno);
+    }
+    if (count < 0)
+	warn(file);
+    close(stab);
+}
+
+static void
+usage(void)
+{
+    fprintf(stderr,
+	    "Usage: %s [ -v | -s | -t ] [ -f filename ] [-tokens] [-srvtab ]\n",
+	    __progname);
+    exit(1);
+}
+
+/* ARGSUSED */
+int
+main(int argc, char **argv)
+{
+    int     long_form = 1;
+    int     tgt_test = 0;
+    int     do_srvtab = 0;
+    int     do_tokens = 0;
+    char   *tkt_file = NULL;
+
+    set_progname(argv[0]);
+
+    while (*(++argv)) {
+	if (!strcmp(*argv, "-v")) {
+	    option_verbose = 1;
+	    continue;
+	}
+	if (!strcmp(*argv, "-s")) {
+	    long_form = 0;
+	    continue;
+	}
+	if (!strcmp(*argv, "-t")) {
+	    tgt_test = 1;
+	    long_form = 0;
+	    continue;
+	}
+	if (strcmp(*argv, "-tokens") == 0
+	    || strcmp(*argv, "-T") == 0) {
+	    do_tokens = k_hasafs();
+	    continue;
+	}
+	if (!strcmp(*argv, "-l")) {	/* now default */
+	    continue;
+	}
+	if (!strncmp(*argv, "-f", 2)) {
+	    if (*(++argv)) {
+		tkt_file = *argv;
+		continue;
+	    } else
+		usage();
+	}
+	if (!strcmp(*argv, "-srvtab")) {
+		if (tkt_file == NULL)	/* if no other file spec'ed,
+					   set file to default srvtab */
+		    tkt_file = KEYFILE;
+		do_srvtab = 1;
+		continue;
+	}
+	usage();
+    }
+
+    if (do_srvtab)
+	display_srvtab(tkt_file);
+    else
+	display_tktfile(tkt_file, tgt_test, long_form);
+    if (long_form && do_tokens)
+	display_tokens();
+    exit(0);
+}
diff --git a/crypto/kerberosIV/kuser/kuser_locl.h b/crypto/kerberosIV/kuser/kuser_locl.h
new file mode 100644
index 0000000..514a0ac
--- /dev/null
+++ b/crypto/kerberosIV/kuser/kuser_locl.h
@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: kuser_locl.h,v 1.10 1997/05/20 18:40:43 bg Exp $ */
+
+#include "config.h"
+#include "protos.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#include <time.h>
+#ifdef HAVE_SYS_FILE_H
+#include <sys/file.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+#include <roken.h>
+
+#include <err.h>
+
+#include <krb.h>
+#include <krb_db.h>
+#include <kadm.h>
+#include <prot.h>