Clean import of KTH krb4-0.10.1.

12 files changed, 1506 insertions, 472 deletions

diff --git a/crypto/kerberosIV/lib/kafs/ChangeLog b/crypto/kerberosIV/lib/kafs/ChangeLog
new file mode 100644
index 0000000..e32b7ed
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/ChangeLog
@@ -0,0 +1,117 @@
+1999-07-22  Assar Westerlund  <assar@sics.se>
+
+	* afssysdefs.h: define AFS_SYSCALL to 73 for Solaris 2.7
+
+1999-07-07  Assar Westerlund  <assar@sics.se>
+
+	* afskrb5.c (krb5_realm_of_cell): new function
+
+	* afskrb.c (krb_realm_of_cell): new function
+	(afslog_uid_int): call krb_get_lrealm correctly
+
+1999-06-15  Assar Westerlund  <assar@sics.se>
+
+	* common.c (realm_of_cell): rename to _kafs_realm_of_cell and
+ 	un-staticize
+
+Fri Mar 19 14:52:29 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: add version-info
+
+Thu Mar 18 11:24:02 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: include Makefile.am.common
+
+Sat Feb 27 19:46:21 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: remove EXTRA_DATA (as of autoconf 2.13/automake
+ 	1.4)
+
+Thu Feb 11 22:57:37 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: set AIX_SRC also if !AIX
+
+Tue Dec  1 14:45:15 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: fix AIX linkage
+
+Sun Nov 22 10:40:44 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (WFLAGS): set
+
+Sat Nov 21 16:55:19 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* afskrb5.c: add homedir support
+
+Sun Sep  6 20:16:27 1998  Assar Westerlund  <assar@sics.se>
+
+	* add new functionality for specifying the homedir to krb_afslog
+ 	et al
+
+Thu Jul 16 01:27:19 1998  Assar Westerlund  <assar@sics.se>
+
+	* afssys.c: reorganize order of definitions.
+	(try_one, try_two): conditionalize
+
+Thu Jul  9 18:31:52 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* common.c (realm_of_cell): make the dns fallback work
+
+Wed Jul  8 01:39:44 1998  Assar Westerlund  <assar@sics.se>
+
+	* afssys.c (map_syscall_name_to_number): new function for finding
+ 	the number of a syscall given the name on solaris
+	(k_hasafs): try using map_syscall_name_to_number
+
+Tue Jun 30 17:19:00 1998  Assar Westerlund  <assar@sics.se>
+
+	* afssys.c: rewrite and add support for environment variable
+ 	AFS_SYSCALL
+
+	* Makefile.in (distclean): don't remove roken_rename.h
+
+Fri May 29 19:03:20 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (roken_rename.h): remove dependency
+
+Mon May 25 05:25:54 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (clean): try to remove shared library debris
+
+Sun Apr 19 09:58:40 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in: add symlink magic for linux
+
+Sat Apr  4 15:08:48 1998  Assar Westerlund  <assar@sics.se>
+
+	* kafs.h: add arla paths
+
+	* common.c (_kafs_afslog_all_local_cells): Try _PATH_ARLA_*
+	(_realm_of_cell): Try _PATH_ARLA_CELLSERVDB
+
+Thu Feb 19 14:50:22 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* common.c: Don't store expired tokens (this broke when using
+ 	pag-less rsh-sessions, and `non-standard' ticket files).
+
+Thu Feb 12 11:20:15 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* Makefile.in: Install/uninstall one library at a time.
+
+Thu Feb 12 05:38:58 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (install): one library at a time.
+
+Mon Feb  9 23:40:32 1998  Assar Westerlund  <assar@sics.se>
+
+	* common.c (find_cells): ignore empty lines
+
+Tue Jan  6 04:25:58 1998  Assar Westerlund  <assar@sics.se>
+
+	* afssysdefs.h (AFS_SYSCALL): add FreeBSD
+
+Fri Jan  2 17:08:24 1998  Assar Westerlund  <assar@sics.se>
+
+	* kafs.h: new VICEIOCTL's.  From <rb@stacken.kth.se>
+
+	* afssysdefs.h: Add OpenBSD
diff --git a/crypto/kerberosIV/lib/kafs/Makefile.am b/crypto/kerberosIV/lib/kafs/Makefile.am
new file mode 100644
index 0000000..f6afbc7
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/Makefile.am
@@ -0,0 +1,69 @@
+# $Id: Makefile.am,v 1.13 1999/03/21 14:08:14 joda Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+INCLUDES += $(INCLUDE_krb4) $(AFS_EXTRA_DEFS)
+
+if KRB4
+AFSLIBS = libkafs.la
+else
+AFSLIBS = 
+endif
+
+if AIX
+AFSL_EXP = $(srcdir)/afsl.exp
+
+if AIX4
+AFS_EXTRA_LD = -bnoentry
+else
+AFS_EXTRA_LD = -e _nostart
+endif
+
+if AIX_DYNAMIC_AFS
+if HAVE_DLOPEN
+AIX_SRC = 
+else
+AIX_SRC = dlfcn.c
+endif
+AFS_EXTRA_LIBS = afslib.so
+AFS_EXTRA_DEFS =
+else
+AIX_SRC = afslib.c
+AFS_EXTRA_LIBS = 
+AFS_EXTRA_DEFS = -DSTATIC_AFS
+endif
+
+else
+AFSL_EXP =
+AIX_SRC =
+endif # AIX
+
+
+lib_LTLIBRARIES = $(AFSLIBS)
+libkafs_la_LDFLAGS = -version-info 0:0:0
+foodir = $(libdir)
+foo_DATA = $(AFS_EXTRA_LIBS)
+# EXTRA_DATA = afslib.so
+
+CLEANFILES= $(AFS_EXTRA_LIBS)
+
+include_HEADERS = kafs.h
+
+if KRB5
+afskrb5_c = afskrb5.c
+endif
+
+libkafs_la_SOURCES = afssys.c afskrb.c $(afskrb5_c) common.c $(AIX_SRC) kafs_locl.h afssysdefs.h
+#afslib_so_SOURCES = afslib.c
+
+EXTRA_libkafs_la_SOURCES = afskrb5.c dlfcn.c afslib.c dlfcn.h
+
+EXTRA_DIST = README.dlfcn afsl.exp afslib.exp
+
+
+# AIX: this almost works with gcc, but somehow it fails to use the
+# correct ld, use ld instead
+afslib.so: afslib.o
+	ld -o $@ -bM:SRE -bI:$(srcdir)/afsl.exp -bE:$(srcdir)/afslib.exp $(AFS_EXTRA_LD) afslib.o -lc
+
+$(OBJECTS): ../../include/config.h
diff --git a/crypto/kerberosIV/lib/kafs/Makefile.in b/crypto/kerberosIV/lib/kafs/Makefile.in
index e9c9121..3a44f79 100644
--- a/crypto/kerberosIV/lib/kafs/Makefile.in
+++ b/crypto/kerberosIV/lib/kafs/Makefile.in
@@ -1,5 +1,5 @@
 #
-# $Id: Makefile.in,v 1.30 1997/05/06 03:47:35 assar Exp $
+# $Id: Makefile.in,v 1.49 1999/03/10 19:01:15 joda Exp $
 #
 
 SHELL = /bin/sh
@@ -8,10 +8,13 @@ srcdir = @srcdir@
 VPATH = @srcdir@
 
 CC = @CC@
+LINK = @LINK@
 AR = ar
 RANLIB = @RANLIB@
-DEFS = @DEFS@ -DLIBDIR='"$(libdir)"'
-CFLAGS = @CFLAGS@
+LN_S = @LN_S@
+DEFS = @DEFS@ -DROKEN_RENAME -DLIBDIR='"$(libdir)"' @AFS_EXTRA_DEFS@
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
 
 INSTALL = @INSTALL@
 INSTALL_DATA	= @INSTALL_DATA@
@@ -23,17 +26,26 @@ libdir = @libdir@
 
 PICFLAGS = @PICFLAGS@
  
+LIB_DEPS = @lib_deps_yes@ -lc
+build_symlink_command   = @build_symlink_command@
+install_symlink_command = @install_symlink_command@
+
 LIBNAME = $(LIBPREFIX)kafs
 LIBEXT = @LIBEXT@
 SHLIBEXT = @SHLIBEXT@
 LIBPREFIX = @LIBPREFIX@
 LDSHARED = @LDSHARED@
+AFS_EXTRA_OBJS	= @AFS_EXTRA_OBJS@
 AFS_EXTRA_LIBS	= @AFS_EXTRA_LIBS@
 LIB = $(LIBNAME).$(LIBEXT) $(AFS_EXTRA_LIBS)
 
-SOURCES = afssys.c afskrb.c afslib.c
+SOURCES = afssys.c afskrb.c common.c afslib.c
+
+EXTRA_SOURCE = issuid.c strcpy_truncate.c strcat_truncate.c
+
+EXTRA_OBJECT = issuid.o strcpy_truncate.o strcat_truncate.o
 
-OBJECTS = afssys.o afskrb.o
+OBJECTS = afssys.o afskrb.o common.o $(EXTRA_OBJECT) $(AFS_EXTRA_OBJS)
 
 all: $(LIB)
 
@@ -41,14 +53,19 @@ Wall:
 	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
 
 .c.o:
-	$(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $<
+	$(CC) -c $(DEFS) -I../../include -I$(srcdir) -I. $(CFLAGS) $(CPPFLAGS) $(PICFLAGS) $<
 
 install: all
-	$(MKINSTALLDIRS) $(libdir)
-	$(INSTALL_DATA) -m 0555 $(LIB) $(libdir)
+	$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
+	@for i in $(LIB); do \
+	echo "$(INSTALL) -m 0555 $$i $(DESTDIR)$(libdir)/$$i" ;\
+	$(INSTALL) -m 0555 $$i $(DESTDIR)$(libdir)/$$i ; done
+	@install_symlink_command@
 
 uninstall:
-	rm -f $(libdir)/$(LIB)
+	@for i in $(LIB); do \
+	echo "rm -f $(DESTDIR)$(libdir)/$$i" ;\
+	rm -f $(DESTDIR)$(libdir)/$$i ; done
 
 TAGS: $(SOURCES)
 	etags $(SOURCES)
@@ -56,35 +73,45 @@ TAGS: $(SOURCES)
 check:
 
 clean:
-	rm -f $(LIB) *.o *.a
+	rm -f $(LIB) *.o *.a *.so *.so.* so_locations $(EXTRA_SOURCE)
 
 mostlyclean: clean
 
 distclean: clean
-	rm -f Makefile *.tab.c *~
+	rm -f Makefile *.tab.c *~ roken_rename.h
 
 realclean: distclean
 	rm -f TAGS
 
-dist: $(DISTFILES)
-	for file in $(DISTFILES); do \
-	  ln $$file ../`cat ../.fname`/lib \
-	    || cp -p $$file ../`cat ../.fname`/lib; \
-	done
-
-$(LIBNAME).a: $(OBJECTS) @AFS_EXTRA_OBJS@
+$(LIBNAME).a: $(OBJECTS)
 	rm -f $@
-	$(AR) cr $@ $(OBJECTS) @AFS_EXTRA_OBJS@
+	$(AR) cr $@ $(OBJECTS)
 	-$(RANLIB) $@
 
 
 $(LIBNAME).$(SHLIBEXT): $(OBJECTS)
 	rm -f $@
-	$(LDSHARED) -o $@ $(OBJECTS)
+	$(LDSHARED) -o $@ $(OBJECTS) $(LIB_DEPS)
+	@build_symlink_command@
 
 # AIX: this almost works with gcc, but somehow it fails to use the
 # correct ld, use ld instead
 afslib.so: afslib.o
-	ld -o $@ -bM:SRE -bI:$(srcdir)/afsl.exp -bE:$(srcdir)/afslib.exp -bnoentry afslib.o
+	ld -o $@ -bM:SRE -bI:$(srcdir)/afsl.exp -bE:$(srcdir)/afslib.exp @AFS_EXTRA_LD@ afslib.o -lc
+
+$(OBJECTS): ../../include/config.h roken_rename.h
+
+roken_rename.h:
+	$(LN_S) $(srcdir)/../krb/roken_rename.h .
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
+
+issuid.c:
+	$(LN_S) $(srcdir)/../roken/issuid.c .
+
+strcat_truncate.c:
+	$(LN_S) $(srcdir)/../roken/strcat_truncate.c .
+
+strcpy_truncate.c:
+	$(LN_S) $(srcdir)/../roken/strcpy_truncate.c .
 
-$(OBJECTS): ../../include/config.h
diff --git a/crypto/kerberosIV/lib/kafs/README.dlfcn b/crypto/kerberosIV/lib/kafs/README.dlfcn
new file mode 100644
index 0000000..cee1b75
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/README.dlfcn
@@ -0,0 +1,246 @@
+Copyright (c) 1992,1993,1995,1996, Jens-Uwe Mager, Helios Software GmbH
+Not derived from licensed software.
+
+Permission is granted to freely use, copy, modify, and redistribute
+this software, provided that the author is not construed to be liable
+for any results of using the software, alterations are clearly marked
+as such, and this notice is not modified.
+
+libdl.a
+-------
+
+This is an emulation library to emulate the SunOS/System V.4 functions
+to access the runtime linker. The functions are emulated by using the
+AIX load() function and by reading the .loader section of the loaded
+module to find the exports. The to be loaded module should be linked as
+follows (if using AIX 3):
+
+	cc -o module.so -bM:SRE -bE:module.exp -e _nostart $(OBJS)
+
+For AIX 4:
+
+	cc -o module.so -bM:SRE -bE:module.exp -bnoentry $(OBJS)
+
+If you want to reference symbols from the main part of the program in a
+loaded module, you will have to link against the export file of the
+main part:
+
+	cc -o main -bE:main.exp $(MAIN_OBJS)
+	cc -o module.so -bM:SRE -bI:main.exp -bE:module.exp -bnoentry $(OBJS)
+
+Note that you explicitely have to specify what functions are supposed
+to be accessible from your loaded modules, this is different from
+SunOS/System V.4 where any global is automatically exported. If you
+want to export all globals, the following script might be of help:
+
+#!/bin/sh
+/usr/ucb/nm -g $* | awk '$2 == "B" || $2 == "D" { print $3 }'
+
+The module export file contains the symbols to be exported. Because
+this library uses the loader section, the final module.so file can be
+stripped. C++ users should build their shared objects using the script
+makeC++SharedLib (part of the IBM C++ compiler), this will make sure
+that constructors and destructors for static and global objects will be
+called upon loading and unloading the module. GNU C++ users should use
+the -shared option to g++ to link the shared object:
+
+	g++ -o module.so -shared $(OBJS)
+
+If the shared object does have permissions for anybody, the shared
+object will be loaded into the shared library segment and it will stay
+there even if the main application terminates. If you rebuild your
+shared object after a bugfix and you want to make sure that you really
+get the newest version you will have to use the "slibclean" command
+before starting the application again to garbage collect the shared
+library segment. If the performance utilities (bosperf) are installed
+you can use the following command to see what shared objects are
+loaded:
+
+/usr/lpp/bosperf/genkld | sort | uniq
+
+For easier debugging you can avoid loading the shared object into the
+shared library segment alltogether by removing permissions for others
+from the module.so file:
+
+chmod o-rwx module.so
+
+This will ensure you get a fresh copy of the shared object for every
+dlopen() call which is loaded into the application's data segment.
+
+Usage
+-----
+
+void *dlopen(const char *path, int mode);
+
+This routine loads the module pointed to by path and reads its export
+table. If the path does not contain a '/' character, dlopen will search
+for the module using the LIBPATH environment variable. It returns an
+opaque handle to the module or NULL on error. The mode parameter can be
+either RTLD_LAZY (for lazy function binding) or RTLD_NOW for immediate
+function binding. The AIX implementation currently does treat RTLD_NOW
+the same as RTLD_LAZY. The flag RTLD_GLOBAL might be or'ed into the
+mode parameter to allow loaded modules to bind to global variables or
+functions in other loaded modules loaded by dlopen(). If RTLD_GLOBAL is
+not specified, only globals from the main part of the executable or
+shared libraries are used to look for undefined symbols in loaded
+modules.
+
+
+void *dlsym(void *handle, const char *symbol);
+
+This routine searches for the symbol in the module referred to by
+handle and returns its address. If the symbol could not be found, the
+function returns NULL. The return value must be casted to a proper
+function pointer before it can be used. SunOS/System V.4 allows handle
+to be a NULL pointer to refer to the module the call is made from, this
+is not implemented.
+
+int dlclose(void *handle);
+
+This routine unloads the module referred to by the handle and disposes
+of any local storage. this function returns -1 on failure. Any function
+pointers obtained through dlsym() should be considered invalid after
+closing a module.
+
+As AIX caches shared objects in the shared library segment, function
+pointers obtained through dlsym() might still work even though the
+module has been unloaded. This can introduce subtle bugs that will
+segment fault later if AIX garbage collects or immediatly on
+SunOS/System V.4 as the text segment is unmapped.
+
+char *dlerror(void);
+
+This routine can be used to retrieve a text message describing the most
+recent error that occured on on of the above routines. This function
+returns NULL if there is no error information.
+
+Initialization and termination handlers
+---------------------------------------
+
+The emulation provides for an initialization and a termination
+handler.  The dlfcn.h file contains a structure declaration named
+dl_info with following members:
+
+	void (*init)(void);
+	void (*fini)(void);
+
+The init function is called upon first referencing the library. The
+fini function is called at dlclose() time or when the process exits.
+The module should declare a variable named dl_info that contains this
+structure which must be exported.  These functions correspond to the
+documented _init() and _fini() functions of SunOS 4.x, but these are
+appearently not implemented in SunOS.  When using SunOS 5.0, these
+correspond to #pragma init and #pragma fini respectively. At the same
+time any static or global C++ object's constructors or destructors will
+be called.
+
+BUGS
+----
+
+Please note that there is currently a problem with implicitely loaded
+shared C++ libaries: if you refer to a shared C++ library from a loaded
+module that is not yet used by the main program, the dlopen() emulator
+does not notice this and does not call the static constructors for the
+implicitely loaded library. This can be easily demonstrated by
+referencing the C++ standard streams from a loaded module if the main
+program is a plain C program.
+
+Jens-Uwe Mager
+
+HELIOS Software GmbH
+Lavesstr. 80
+30159 Hannover
+Germany
+
+Phone:		+49 511 36482-0
+FAX:		+49 511 36482-69
+AppleLink:	helios.de/jum
+Internet:	jum@helios.de
+
+Revison History
+---------------
+
+SCCS/s.dlfcn.h:
+
+D 1.4 95/04/25 09:36:52 jum 4 3	00018/00004/00028
+MRs:
+COMMENTS:
+added RTLD_GLOBAL, include and C++ guards
+
+D 1.3 92/12/27 20:58:32 jum 3 2	00001/00001/00031
+MRs:
+COMMENTS:
+we always have prototypes on RS/6000
+
+D 1.2 92/08/16 17:45:11 jum 2 1	00009/00000/00023
+MRs:
+COMMENTS:
+added dl_info structure to implement initialize and terminate functions
+
+D 1.1 92/08/02 18:08:45 jum 1 0	00023/00000/00000
+MRs:
+COMMENTS:
+Erstellungsdatum und -uhrzeit 92/08/02 18:08:45 von jum
+
+SCCS/s.dlfcn.c:
+
+D 1.11 96/04/10 20:12:51 jum 13 12	00037/00000/00533
+MRs:
+COMMENTS:
+Integrated the changes from John W. Eaton <jwe@bevo.che.wisc.edu> to initialize
+g++ generated shared objects.
+
+D 1.10 96/02/15 17:42:44 jum 12 10	00012/00007/00521
+MRs:
+COMMENTS:
+the C++ constructor and destructor chains are now called properly for either
+xlC 2 or xlC 3 (CSet++).
+
+D 1.9 95/09/22 11:09:38 markus 10 9	00001/00008/00527
+MRs:
+COMMENTS:
+Fix version number
+
+D 1.8 95/09/22 10:14:34 markus 9 8	00008/00001/00527
+MRs:
+COMMENTS:
+Added version number for dl lib
+
+D 1.7 95/08/14 19:08:38 jum 8 6	00026/00004/00502
+MRs:
+COMMENTS:
+Integrated the fixes from Kirk Benell (kirk@rsinc.com) to allow loading of
+shared objects generated under AIX 4. Fixed bug that symbols with exactly
+8 characters would use garbage characters from the following symbol value.
+
+D 1.6 95/04/25 09:38:03 jum 6 5	00046/00006/00460
+MRs:
+COMMENTS:
+added handling of C++ static constructors and destructors, added RTLD_GLOBAL to bind against other loaded modules
+
+D 1.5 93/02/14 20:14:17 jum 5 4	00002/00000/00464
+MRs:
+COMMENTS:
+added path to dlopen error message to make clear where there error occured.
+
+D 1.4 93/01/03 19:13:56 jum 4 3	00061/00005/00403
+MRs:
+COMMENTS:
+to allow calling symbols in the main module call load with L_NOAUTODEFER and 
+do a loadbind later with the main module.
+
+D 1.3 92/12/27 20:59:55 jum 3 2	00066/00008/00342
+MRs:
+COMMENTS:
+added search by L_GETINFO if module got loaded by LIBPATH
+
+D 1.2 92/08/16 17:45:43 jum 2 1	00074/00006/00276
+MRs:
+COMMENTS:
+implemented initialize and terminate functions, added reference counting to avoid multiple loads of the same library
+
+D 1.1 92/08/02 18:08:45 jum 1 0	00282/00000/00000
+MRs:
+COMMENTS:
+Erstellungsdatum und -uhrzeit 92/08/02 18:08:45 von jum
+
diff --git a/crypto/kerberosIV/lib/kafs/afskrb.c b/crypto/kerberosIV/lib/kafs/afskrb.c
index d979ac5..4da459c 100644
--- a/crypto/kerberosIV/lib/kafs/afskrb.c
+++ b/crypto/kerberosIV/lib/kafs/afskrb.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,336 +38,104 @@
 
 #include "kafs_locl.h"
 
-RCSID("$Id: afskrb.c,v 1.6 1997/05/26 17:38:24 bg Exp $");
+RCSID("$Id: afskrb.c,v 1.11 1999/07/07 12:29:33 assar Exp $");
 
-#define AUTH_SUPERUSER "afs"
-
-/*
- * Here only ASCII characters are relevant.
- */
-
-#define IsAsciiLower(c) ('a' <= (c) && (c) <= 'z')
-
-#define ToAsciiUpper(c) ((c) - 'a' + 'A')
-
-static void
-foldup(char *a, const char *b)
-{
-  for (; *b; a++, b++)
-    if (IsAsciiLower(*b))
-      *a = ToAsciiUpper(*b);
-    else
-      *a = *b;
-  *a = '\0';
-}
+struct krb_kafs_data {
+    const char *realm;
+};
 
 static int
-get_cred(const char *princ, const char *inst, const char *krealm, 
-	 CREDENTIALS *c, KTEXT_ST *tkt)
+get_cred(kafs_data *data, const char *name, const char *inst, 
+	 const char *realm, CREDENTIALS *c)
 {
-  int k_errno = krb_get_cred((char*)princ, (char*)inst, (char*)krealm, c);
-
-  if (k_errno != KSUCCESS)
-    {
-      k_errno = krb_mk_req(tkt, (char*)princ, (char*)inst, (char*)krealm, 0);
-      if (k_errno == KSUCCESS)
-	k_errno = krb_get_cred((char*)princ, (char*)inst, (char*)krealm, c);
+    KTEXT_ST tkt;
+    int ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, c);
+    
+    if (ret) {
+	ret = krb_mk_req(&tkt, (char*)name, (char*)inst, (char*)realm, 0);
+	if (ret == KSUCCESS)
+	    ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, c);
     }
-  return k_errno;
-}
-
-
-/* Convert a string to a 32 bit ip number in network byte order. 
-   Return 0 on error
-   */
-
-static u_int32_t
-ip_aton(char *ip)
-{
-  u_int32_t addr;
-  unsigned int a, b, c, d;
-
-  if(sscanf(ip, "%u.%u.%u.%u", &a, &b, &c, &d) != 4)
-      return 0;
-  if((a | b | c | d) > 255)
-      return 0;
-  addr = (a << 24) | (b << 16) | (c << 8) | d;
-  addr = htonl(addr);
-  return addr;
+    return ret;
 }
 
-/* Try to get a db-server for an AFS cell from a AFSDB record */
-
 static int
-dns_find_cell(const char *cell, char *dbserver)
+afslog_uid_int(kafs_data *data, const char *cell, uid_t uid,
+	       const char *homedir)
 {
-    struct dns_reply *r;
-    int ok = -1;
-    r = dns_lookup(cell, "afsdb");
-    if(r){
-	struct resource_record *rr = r->head;
-	while(rr){
-	    if(rr->type == T_AFSDB && rr->u.afsdb->preference == 1){
-		strncpy(dbserver, rr->u.afsdb->domain, MaxHostNameLen);
-		dbserver[MaxHostNameLen - 1] = 0;
-		ok = 0;
-		break;
-	    }
-	    rr = rr->next;
-	}
-	dns_free_data(r);
-    }
-    return ok;
-}
-
+    int ret;
+    CREDENTIALS c;
+    struct krb_kafs_data *d = data->data;
+    char realm[REALM_SZ], *lrealm;
+    
+    if (cell == 0 || cell[0] == 0)
+	return _kafs_afslog_all_local_cells (data, uid, homedir);
 
-/* Find the realm associated with cell. Do this by opening
-   /usr/vice/etc/CellServDB and getting the realm-of-host for the
-   first VL-server for the cell.
+    ret = krb_get_lrealm(realm, 1);
+    if(ret == KSUCCESS && (d->realm == NULL || strcmp(d->realm, realm)))
+	lrealm = realm;
+    else
+	lrealm = NULL;
 
-   This does not work when the VL-server is living in one cell, but
-   the cell it is serving is living in another cell.
-   */
+    ret = _kafs_get_cred(data, cell, d->realm, lrealm, &c);
+    
+    if(ret == 0)
+	ret = kafs_settoken(cell, uid, &c);
+    return ret;
+}
 
-static char*
-realm_of_cell(const char *cell)
+static char *
+get_realm(kafs_data *data, const char *host)
 {
-    FILE *F;
-    char buf[1024];
-    u_int32_t addr;
-    struct hostent *hp;
-    char *realm = NULL;
-
-    if((F = fopen(_PATH_CELLSERVDB, "r"))){
-	while(fgets(buf, sizeof(buf), F)){
-	    if(buf[0] != '>')
-		continue;
-	    if(strncmp(buf + 1, cell, strlen(cell)) == 0){
-		if(fgets(buf, sizeof(buf), F) == NULL)
-		    break;
-		addr = ip_aton(buf);
-		if(addr == 0)
-		    break;
-		hp = gethostbyaddr((char*)&addr, 4, AF_INET);
-		if(hp == NULL)
-		    break;
-		strncpy (buf, hp->h_name, sizeof(buf));
-		buf[sizeof(buf) - 1] = '\0';
-		realm = krb_realmofhost(buf);
-		break;
-	    }
-	}
-	fclose(F);
-    }
-    if(realm == NULL){
-	if(dns_find_cell(cell, buf) == 0)
-	    realm = krb_realmofhost(buf);
-    }
-    return realm;
+    char *r = krb_realmofhost(host);
+    if(r != NULL)
+	return strdup(r);
+    else
+	return NULL;
 }
 
-/*
- * Get tokens for all cells[]
- */
-static int
-k_afslog_cells(char *cells[], int max, const char *krealm, uid_t uid)
+int
+krb_afslog_uid_home(const char *cell, const char *realm, uid_t uid,
+		    const char *homedir)
 {
-    int err = KSUCCESS;
-    int i;
-    for(i = 0; i < max; i++)
-	err = k_afsklog_uid(cells[i], krealm, uid);
-    return err;
+    kafs_data kd;
+    struct krb_kafs_data d;
+
+    kd.afslog_uid = afslog_uid_int;
+    kd.get_cred = get_cred;
+    kd.get_realm = get_realm;
+    kd.data = &d;
+    d.realm = realm;
+    return afslog_uid_int(&kd, cell, uid, homedir);
 }
 
-/*
- * Try to find the cells we should try to klog to in "file".
- */
-static void
-k_find_cells(char *file, char *cells[], int size, int *index)
+int
+krb_afslog_uid(const char *cell, const char *realm, uid_t uid)
 {
-    FILE *f;
-    char cell[64];
-    int i;
-    f = fopen(file, "r");
-    if (f == NULL)
-	return;
-    while (*index < size && fgets(cell, sizeof(cell), f)) {
-	char *nl = strchr(cell, '\n');
-	if (nl) *nl = 0;
-	for(i = 0; i < *index; i++)
-	    if(strcmp(cells[i], cell) == 0)
-		break;
-	if(i == *index)
-	    cells[(*index)++] = strdup(cell);
-    }
-    fclose(f);
+    return krb_afslog_uid_home (cell, realm, uid, NULL);
 }
 
-static int
-k_afsklog_all_local_cells(const char *krealm, uid_t uid)
+int
+krb_afslog(const char *cell, const char *realm)
 {
-    int err;
-    char *cells[32]; /* XXX */
-    int num_cells = sizeof(cells) / sizeof(cells[0]);
-    int index = 0;
-
-    char *p;
-    
-    if ((p = getenv("HOME"))) {
-	char home[MaxPathLen];
-
-	if (k_concat(home, sizeof(home), p, "/.TheseCells", NULL) == 0)
-	    k_find_cells(home, cells, num_cells, &index);
-    }
-    k_find_cells(_PATH_THESECELLS, cells, num_cells, &index);
-    k_find_cells(_PATH_THISCELL, cells, num_cells, &index);
-    
-    err = k_afslog_cells(cells, index, krealm, uid);
-    while(index > 0)
-	free(cells[--index]);
-    return err;
+    return krb_afslog_uid (cell, realm, getuid());
 }
 
 int
-k_afsklog_uid(const char *cell, const char *krealm, uid_t uid)
+krb_afslog_home(const char *cell, const char *realm, const char *homedir)
 {
-  int k_errno;
-  CREDENTIALS c;
-  KTEXT_ST ticket;
-  char realm[REALM_SZ];
-  char *vl_realm; /* realm of vl-server */
-  char *lrealm; /* local realm */
-  char CELL[64];
-
-  if (cell == 0 || cell[0] == 0)
-    return k_afsklog_all_local_cells (krealm, uid);
-  foldup(CELL, cell);
-
-  k_errno = krb_get_lrealm(realm , 0);
-  if(k_errno == KSUCCESS && (krealm == NULL || strcmp(krealm, realm)))
-    lrealm = realm;
-  else
-    lrealm = NULL;
-
-  /* We're about to find the the realm that holds the key for afs in
-   * the specified cell. The problem is that null-instance
-   * afs-principals are common and that hitting the wrong realm might
-   * yield the wrong afs key. The following assumptions were made.
-   *
-   * Any realm passed to us is preferred.
-   *
-   * If there is a realm with the same name as the cell, it is most
-   * likely the correct realm to talk to.
-   *
-   * In most (maybe even all) cases the database servers of the cell
-   * will live in the realm we are looking for.
-   *
-   * Try the local realm, but if the previous cases fail, this is
-   * really a long shot.
-   *
-   */
-  
-  /* comments on the ordering of these tests */
-
-  /* If the user passes a realm, she probably knows something we don't
-   * know and we should try afs@krealm (otherwise we're talking with a
-   * blondino and she might as well have it.)
-   */
-  
-  k_errno = -1;
-  if(krealm){
-    k_errno = get_cred(AUTH_SUPERUSER, cell, krealm, &c, &ticket);
-    if(k_errno)
-      k_errno = get_cred(AUTH_SUPERUSER, "", krealm, &c, &ticket);
-  }
-
-  if(k_errno)
-    k_errno = get_cred(AUTH_SUPERUSER, cell, CELL, &c, &ticket);
-  if(k_errno)
-    k_errno = get_cred(AUTH_SUPERUSER, "", CELL, &c, &ticket);
-  
-  /* this might work in some conditions */
-  if(k_errno && (vl_realm = realm_of_cell(cell))){
-    k_errno = get_cred(AUTH_SUPERUSER, cell, vl_realm, &c, &ticket);
-    if(k_errno)
-      k_errno = get_cred(AUTH_SUPERUSER, "", vl_realm, &c, &ticket);
-  }
-  
-  if(k_errno && lrealm){
-    k_errno = get_cred(AUTH_SUPERUSER, cell, lrealm, &c, &ticket);
-#if 0
-    /* this is most likely never right anyway, but won't fail */
-    if(k_errno)
-      k_errno = get_cred(AUTH_SUPERUSER, "", lrealm, &c, &ticket);
-#endif
-  }
-  
-  if (k_errno == KSUCCESS)
-    {
-      struct ViceIoctl parms;
-      struct ClearToken ct;
-      int32_t sizeof_x;
-      char buf[2048], *t;
-
-      /*
-       * Build a struct ClearToken
-       */
-      ct.AuthHandle = c.kvno;
-      memcpy (ct.HandShakeKey, c.session, sizeof(c.session));
-      ct.ViceId = uid;	/* is this always valid? */
-      ct.BeginTimestamp = 1 + c.issue_date;
-      ct.EndTimestamp = krb_life_to_time(c.issue_date, c.lifetime);
-
-#define ODD(x) ((x) & 1)
-      /* If we don't know the numerical ID lifetime should be even? */
-      if (uid == 0 && ODD(ct.EndTimestamp - ct.BeginTimestamp))
-	ct.BeginTimestamp--;
-
-      t = buf;
-      /*
-       * length of secret token followed by secret token
-       */
-      sizeof_x = c.ticket_st.length;
-      memcpy(t, &sizeof_x, sizeof(sizeof_x));
-      t += sizeof(sizeof_x);
-      memcpy(t, c.ticket_st.dat, sizeof_x);
-      t += sizeof_x;
-      /*
-       * length of clear token followed by clear token
-       */
-      sizeof_x = sizeof(ct);
-      memcpy(t, &sizeof_x, sizeof(sizeof_x));
-      t += sizeof(sizeof_x);
-      memcpy(t, &ct, sizeof_x);
-      t += sizeof_x;
-
-      /*
-       * do *not* mark as primary cell
-       */
-      sizeof_x = 0;
-      memcpy(t, &sizeof_x, sizeof(sizeof_x));
-      t += sizeof(sizeof_x);
-      /*
-       * follow with cell name
-       */
-      sizeof_x = strlen(cell) + 1;
-      memcpy(t, cell, sizeof_x);
-      t += sizeof_x;
-
-      /*
-       * Build argument block
-       */
-      parms.in = buf;
-      parms.in_size = t - buf;
-      parms.out = 0;
-      parms.out_size = 0;
-      k_pioctl(0, VIOCSETTOK, &parms, 0);
-    }
-  return k_errno;
+    return krb_afslog_uid_home (cell, realm, getuid(), homedir);
 }
 
+/*
+ *
+ */
+
 int
-k_afsklog(const char *cell, const char *krealm)
+krb_realm_of_cell(const char *cell, char **realm)
 {
-  return k_afsklog_uid (cell, krealm, getuid());
+    kafs_data kd;
+
+    kd.get_realm = get_realm;
+    return _kafs_realm_of_cell(&kd, cell, realm);
 }
diff --git a/crypto/kerberosIV/lib/kafs/afskrb5.c b/crypto/kerberosIV/lib/kafs/afskrb5.c
new file mode 100644
index 0000000..a25dd7e
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/afskrb5.c
@@ -0,0 +1,177 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kafs_locl.h"
+
+RCSID("$Id: afskrb5.c,v 1.7 1999/07/07 12:30:06 assar Exp $");
+
+struct krb5_kafs_data {
+    krb5_context context;
+    krb5_ccache id;
+    krb5_const_realm realm;
+};
+
+static int
+get_cred(kafs_data *data, const char *name, const char *inst, 
+	 const char *realm, CREDENTIALS *c)
+{
+    krb5_error_code ret;
+    krb5_creds in_creds, *out_creds;
+    struct krb5_kafs_data *d = data->data;
+
+    memset(&in_creds, 0, sizeof(in_creds));
+    ret = krb5_425_conv_principal(d->context, name, inst, realm, 
+				  &in_creds.server);
+    if(ret)
+	return ret;
+    ret = krb5_cc_get_principal(d->context, d->id, &in_creds.client);
+    if(ret){
+	krb5_free_principal(d->context, in_creds.server);
+	return ret;
+    }
+    ret = krb5_get_credentials(d->context, 0, d->id, &in_creds, &out_creds);
+    krb5_free_principal(d->context, in_creds.server);
+    krb5_free_principal(d->context, in_creds.client);
+    if(ret)
+	return ret;
+    ret = krb524_convert_creds_kdc(d->context, out_creds, c);
+    krb5_free_creds(d->context, out_creds);
+    return ret;
+}
+
+static krb5_error_code
+afslog_uid_int(kafs_data *data, const char *cell, uid_t uid,
+	       const char *homedir)
+{
+    krb5_error_code ret;
+    CREDENTIALS c;
+    krb5_realm lrealm; /* local realm */
+    struct krb5_kafs_data *d = data->data;
+    
+    if (cell == 0 || cell[0] == 0)
+	return _kafs_afslog_all_local_cells (data, uid, homedir);
+
+    ret = krb5_get_default_realm(d->context, &lrealm);
+    if(ret || (d->realm && strcmp(d->realm, lrealm) == 0)){
+	free(lrealm);
+	lrealm = NULL;
+    }
+
+    ret = _kafs_get_cred(data, cell, d->realm, lrealm, &c);
+    if(lrealm)
+	free(lrealm);
+    
+    if(ret == 0)
+	ret = kafs_settoken(cell, uid, &c);
+    return ret;
+}
+
+static char *
+get_realm(kafs_data *data, const char *host)
+{
+    struct krb5_kafs_data *d = data->data;
+    krb5_realm *realms;
+    char *r;
+    if(krb5_get_host_realm(d->context, host, &realms))
+	return NULL;
+    r = strdup(realms[0]);
+    krb5_free_host_realm(d->context, realms);
+    return r;
+}
+
+krb5_error_code
+krb5_afslog_uid_home(krb5_context context,
+		     krb5_ccache id,
+		     const char *cell,
+		     krb5_const_realm realm,
+		     uid_t uid,
+		     const char *homedir)
+{
+    kafs_data kd;
+    struct krb5_kafs_data d;
+    kd.afslog_uid = afslog_uid_int;
+    kd.get_cred = get_cred;
+    kd.get_realm = get_realm;
+    kd.data = &d;
+    d.context = context;
+    d.id = id;
+    d.realm = realm;
+    return afslog_uid_int(&kd, cell, uid, homedir);
+}
+
+krb5_error_code
+krb5_afslog_uid(krb5_context context,
+		krb5_ccache id,
+		const char *cell,
+		krb5_const_realm realm,
+		uid_t uid)
+{
+    return krb5_afslog_uid_home (context, id, cell, realm, uid, NULL);
+}
+
+krb5_error_code
+krb5_afslog(krb5_context context,
+	    krb5_ccache id, 
+	    const char *cell,
+	    krb5_const_realm realm)
+{
+    return krb5_afslog_uid (context, id, cell, realm, getuid());
+}
+
+krb5_error_code
+krb5_afslog_home(krb5_context context,
+		 krb5_ccache id, 
+		 const char *cell,
+		 krb5_const_realm realm,
+		 const char *homedir)
+{
+    return krb5_afslog_uid_home (context, id, cell, realm, getuid(), homedir);
+}
+
+/*
+ *
+ */
+
+krb5_error_code
+krb5_realm_of_cell(const char *cell, char **realm)
+{
+    kafs_data kd;
+
+    kd.get_realm = get_realm;
+    return _kafs_realm_of_cell(&kd, cell, realm);
+}
diff --git a/crypto/kerberosIV/lib/kafs/afssys.c b/crypto/kerberosIV/lib/kafs/afssys.c
index 741225c..2c6e3af 100644
--- a/crypto/kerberosIV/lib/kafs/afssys.c
+++ b/crypto/kerberosIV/lib/kafs/afssys.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,28 +38,34 @@
 
 #include "kafs_locl.h"
 
-RCSID("$Id: afssys.c,v 1.53 1997/05/04 02:30:41 assar Exp $");
+RCSID("$Id: afssys.c,v 1.63 1999/05/08 02:24:32 assar Exp $");
+
+int _kafs_debug; /* this should be done in a better way */
+
+#define NO_ENTRY_POINT		0
+#define SINGLE_ENTRY_POINT	1
+#define MULTIPLE_ENTRY_POINT	2
+#define SINGLE_ENTRY_POINT2	3
+#define SINGLE_ENTRY_POINT3	4
+#define AIX_ENTRY_POINTS	5
+#define UNKNOWN_ENTRY_POINT	6
+static int afs_entry_point = UNKNOWN_ENTRY_POINT;
+static int afs_syscalls[2];
 
 /* Magic to get AIX syscalls to work */
 #ifdef _AIX
 
-static int (*Pioctl)(char*, int, void*, int);
+static int (*Pioctl)(char*, int, struct ViceIoctl*, int);
 static int (*Setpag)(void);
 
 #include "dlfcn.h"
 
-static int
-isSuid()
-{
-    int uid = getuid();
-    int gid = getgid();
-    int euid = getegid();
-    int egid = getegid();
-    return (uid != euid) || (gid != egid);
-}
+/*
+ *
+ */
 
 static int
-aix_setup(void)
+try_aix(void)
 {
 #ifdef STATIC_AFS_SYSCALLS
     Pioctl = aix_pioctl;
@@ -70,30 +76,63 @@ aix_setup(void)
     /*
      * If we are root or running setuid don't trust AFSLIBPATH!
      */
-    if (getuid() != 0 && !isSuid() && (p = getenv("AFSLIBPATH")) != NULL)
-	strcpy(path, p);
+    if (getuid() != 0 && !issuid() && (p = getenv("AFSLIBPATH")) != NULL)
+	strcpy_truncate(path, p, sizeof(path));
     else
 	snprintf(path, sizeof(path), "%s/afslib.so", LIBDIR);
 	
-    ptr = dlopen(path, 0);
-    if(ptr){
-	Setpag = (int (*)(void))dlsym(ptr, "aix_setpag");
-	Pioctl = (int (*)(char*, int, void*, int))dlsym(ptr, "aix_pioctl");
+    ptr = dlopen(path, RTLD_NOW);
+    if(ptr == NULL) {
+	if(_kafs_debug) {
+	    if(errno == ENOEXEC && (p = dlerror()) != NULL)
+		fprintf(stderr, "dlopen(%s): %s\n", path, p);
+	    else if (errno != ENOENT)
+		fprintf(stderr, "dlopen(%s): %s\n", path, strerror(errno));
+	}
+	return 1;
     }
+    Setpag = (int (*)(void))dlsym(ptr, "aix_setpag");
+    Pioctl = (int (*)(char*, int, 
+		      struct ViceIoctl*, int))dlsym(ptr, "aix_pioctl");
 #endif
+    afs_entry_point = AIX_ENTRY_POINTS;
+    return 0;
 }
 #endif /* _AIX */
 
-#define NO_ENTRY_POINT		0
-#define SINGLE_ENTRY_POINT	1
-#define MULTIPLE_ENTRY_POINT	2
-#define SINGLE_ENTRY_POINT2	3
-#define SINGLE_ENTRY_POINT3	4
-#define AIX_ENTRY_POINTS	5
-#define UNKNOWN_ENTRY_POINT	6
-static int afs_entry_point = UNKNOWN_ENTRY_POINT;
-static int afs_syscalls[2];
+/* 
+ * This probably only works under Solaris and could get confused if
+ * there's a /etc/name_to_sysnum file.  
+ */
+
+#define _PATH_ETC_NAME_TO_SYSNUM "/etc/name_to_sysnum"
 
+static int
+map_syscall_name_to_number (const char *str, int *res)
+{
+    FILE *f;
+    char buf[256];
+    size_t str_len = strlen (str);
+
+    f = fopen (_PATH_ETC_NAME_TO_SYSNUM, "r");
+    if (f == NULL)
+	return -1;
+    while (fgets (buf, sizeof(buf), f) != NULL) {
+	if (strncmp (str, buf, str_len) == 0) {
+	    char *begptr = buf + str_len;
+	    char *endptr;
+	    long val = strtol (begptr, &endptr, 0);
+
+	    if (val != 0 && endptr != begptr) {
+		fclose (f);
+		*res = val;
+		return 0;
+	    }
+	}
+    }
+    fclose (f);
+    return -1;
+}
 
 int
 k_pioctl(char *a_path,
@@ -191,12 +230,65 @@ SIGSYS_handler(int sig)
 
 #endif
 
+/*
+ * Try to see if `syscall' is a pioctl.  Return 0 iff succesful.
+ */
+
+#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3)
+static int
+try_one (int syscall_num)
+{
+    struct ViceIoctl parms;
+    memset(&parms, 0, sizeof(parms));
+
+    if (setjmp(catch_SIGSYS) == 0) {
+	syscall(syscall_num, AFSCALL_PIOCTL,
+		0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
+	if (errno == EINVAL) {
+	    afs_entry_point = SINGLE_ENTRY_POINT;
+	    afs_syscalls[0] = syscall_num;
+	    return 0;
+	}
+    }
+    return 1;
+}
+#endif
+
+/*
+ * Try to see if `syscall_pioctl' is a pioctl syscall.  Return 0 iff
+ * succesful.
+ *
+ */
+
+#ifdef AFS_PIOCTL
+static int
+try_two (int syscall_pioctl, int syscall_setpag)
+{
+    struct ViceIoctl parms;
+    memset(&parms, 0, sizeof(parms));
+
+    if (setjmp(catch_SIGSYS) == 0) {
+	syscall(syscall_pioctl,
+		0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
+	if (errno == EINVAL) {
+	    afs_entry_point = MULTIPLE_ENTRY_POINT;
+	    afs_syscalls[0] = syscall_pioctl;
+	    afs_syscalls[1] = syscall_setpag;
+	    return 0;
+	}
+    }
+    return 1;
+}
+#endif
+
 int
 k_hasafs(void)
 {
-    int saved_errno;
+#if !defined(NO_AFS) && defined(SIGSYS)
     RETSIGTYPE (*saved_func)();
-    struct ViceIoctl parms;
+#endif
+    int saved_errno;
+    char *env = getenv ("AFS_SYSCALL");
   
     /*
      * Already checked presence of AFS syscalls?
@@ -210,7 +302,6 @@ k_hasafs(void)
      * If the syscall is absent we recive a SIGSYS.
      */
     afs_entry_point = NO_ENTRY_POINT;
-    memset(&parms, 0, sizeof(parms));
   
     saved_errno = errno;
 #ifndef NO_AFS
@@ -218,69 +309,85 @@ k_hasafs(void)
     saved_func = signal(SIGSYS, SIGSYS_handler);
 #endif
 
-#ifdef AFS_SYSCALL
-    if (setjmp(catch_SIGSYS) == 0)
-	{
-	    syscall(AFS_SYSCALL, AFSCALL_PIOCTL,
-		    0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
-	    if (errno == EINVAL)
-		{
-		    afs_entry_point = SINGLE_ENTRY_POINT;
-		    afs_syscalls[0] = AFS_SYSCALL;
+#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3)
+    {
+	int tmp;
+
+	if (env != NULL) {
+	    if (sscanf (env, "%d", &tmp) == 1) {
+		if (try_one (tmp) == 0)
 		    goto done;
+	    } else {
+		char *end = NULL;
+		char *p;
+		char *s = strdup (env);
+
+		if (s != NULL) {
+		    for (p = strtok_r (s, ",", &end);
+			 p != NULL;
+			 p = strtok_r (NULL, ",", &end)) {
+			if (map_syscall_name_to_number (p, &tmp) == 0)
+			    if (try_one (tmp) == 0) {
+				free (s);
+				goto done;
+			    }
+		    }
+		    free (s);
 		}
+	    }
 	}
+    }
+#endif /* AFS_SYSCALL || AFS_SYSCALL2 || AFS_SYSCALL3 */
+
+#ifdef AFS_SYSCALL
+    if (try_one (AFS_SYSCALL) == 0)
+	goto done;
 #endif /* AFS_SYSCALL */
 
 #ifdef AFS_PIOCTL
-    if (setjmp(catch_SIGSYS) == 0)
-	{
-	    syscall(AFS_PIOCTL,
-		    0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
-	    if (errno == EINVAL)
-		{
-		    afs_entry_point = MULTIPLE_ENTRY_POINT;
-		    afs_syscalls[0] = AFS_PIOCTL;
-		    afs_syscalls[1] = AFS_SETPAG;
-		    goto done;
-		}
-	}
+    {
+	int tmp[2];
+
+	if (env != NULL && sscanf (env, "%d%d", &tmp[0], &tmp[1]) == 2)
+	    if (try_two (tmp[0], tmp[1]) == 2)
+		goto done;
+    }
+#endif /* AFS_PIOCTL */
+
+#ifdef AFS_PIOCTL
+    if (try_two (AFS_PIOCTL, AFS_SETPAG) == 0)
+	goto done;
 #endif /* AFS_PIOCTL */
 
 #ifdef AFS_SYSCALL2
-    if (setjmp(catch_SIGSYS) == 0)
-	{
-	    syscall(AFS_SYSCALL2, AFSCALL_PIOCTL,
-		    0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
-	    if (errno == EINVAL)
-		{
-		    afs_entry_point = SINGLE_ENTRY_POINT2;
-		    afs_syscalls[0] = AFS_SYSCALL2;
-		    goto done;
-		}
-	}
-#endif /* AFS_SYSCALL */
+    if (try_one (AFS_SYSCALL2) == 0)
+	goto done;
+#endif /* AFS_SYSCALL2 */
 
 #ifdef AFS_SYSCALL3
-    if (setjmp(catch_SIGSYS) == 0)
-	{
-	    syscall(AFS_SYSCALL3, AFSCALL_PIOCTL,
-		    0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
-	    if (errno == EINVAL)
-		{
-		    afs_entry_point = SINGLE_ENTRY_POINT3;
-		    afs_syscalls[0] = AFS_SYSCALL3;
+    if (try_one (AFS_SYSCALL3) == 0)
+	goto done;
+#endif /* AFS_SYSCALL3 */
+
+#ifdef _AIX
+#if 0
+    if (env != NULL) {
+	char *pos = NULL;
+	char *pioctl_name;
+	char *setpag_name;
+
+	pioctl_name = strtok_r (env, ", \t", &pos);
+	if (pioctl_name != NULL) {
+	    setpag_name = strtok_r (NULL, ", \t", &pos);
+	    if (setpag_name != NULL)
+		if (try_aix (pioctl_name, setpag_name) == 0)
 		    goto done;
-		}
 	}
-#endif /* AFS_SYSCALL */
+    }
+#endif
 
-#ifdef _AIX
-    aix_setup();
-    if(Pioctl != NULL && Setpag != NULL){
-	afs_entry_point = AIX_ENTRY_POINTS;
+    if(try_aix() == 0)
 	goto done;
-    }
 #endif
 
 done:
diff --git a/crypto/kerberosIV/lib/kafs/afssysdefs.h b/crypto/kerberosIV/lib/kafs/afssysdefs.h
index 028f9b3..7193eea 100644
--- a/crypto/kerberosIV/lib/kafs/afssysdefs.h
+++ b/crypto/kerberosIV/lib/kafs/afssysdefs.h
@@ -36,7 +36,7 @@
  * SUCH DAMAGE.
  */
 
-/* $Id: afssysdefs.h,v 1.15 1997/04/01 08:18:12 joda Exp $ */
+/* $Id: afssysdefs.h,v 1.19.4.1 1999/07/22 03:21:43 assar Exp $ */
 
 /*
  * This section is for machines using single entry point AFS syscalls!
@@ -47,17 +47,22 @@
  * entry point syscalls.
  */
 
-#if SunOS == 4
+#if SunOS == 40
 #define AFS_SYSCALL	31
 #endif
 
-#if SunOS == 5
+#if SunOS >= 50 && SunOS < 57
 #define AFS_SYSCALL	105
 #endif
 
+#if SunOS == 57
+#define AFS_SYSCALL	73
+#endif
+
 #if defined(__hpux)
 #define AFS_SYSCALL	50
 #define AFS_SYSCALL2	49
+#define AFS_SYSCALL3	48
 #endif
 
 #if defined(_AIX)
@@ -78,7 +83,7 @@
 #define AFS_SYSCALL	31
 #endif
 
-#if defined(__NetBSD__)
+#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
 #define AFS_SYSCALL 210
 #endif
 
diff --git a/crypto/kerberosIV/lib/kafs/common.c b/crypto/kerberosIV/lib/kafs/common.c
new file mode 100644
index 0000000..54d7b1b
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/common.c
@@ -0,0 +1,370 @@
+/*
+ * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "kafs_locl.h"
+
+RCSID("$Id: common.c,v 1.15 1999/06/09 22:41:41 assar Exp $");
+
+#define AUTH_SUPERUSER "afs"
+
+/*
+ * Here only ASCII characters are relevant.
+ */
+
+#define IsAsciiLower(c) ('a' <= (c) && (c) <= 'z')
+
+#define ToAsciiUpper(c) ((c) - 'a' + 'A')
+
+static void
+foldup(char *a, const char *b)
+{
+  for (; *b; a++, b++)
+    if (IsAsciiLower(*b))
+      *a = ToAsciiUpper(*b);
+    else
+      *a = *b;
+  *a = '\0';
+}
+
+int
+kafs_settoken(const char *cell, uid_t uid, CREDENTIALS *c)
+{
+    struct ViceIoctl parms;
+    struct ClearToken ct;
+    int32_t sizeof_x;
+    char buf[2048], *t;
+    int ret;
+    
+    /*
+     * Build a struct ClearToken
+     */
+    ct.AuthHandle = c->kvno;
+    memcpy (ct.HandShakeKey, c->session, sizeof(c->session));
+    ct.ViceId = uid;
+    ct.BeginTimestamp = c->issue_date;
+    ct.EndTimestamp = krb_life_to_time(c->issue_date, c->lifetime);
+    if(ct.EndTimestamp < time(NULL))
+	return 0; /* don't store tokens that has expired (and possibly
+		     overwriting valid tokens)*/
+
+#define ODD(x) ((x) & 1)
+    /* According to Transarc conventions ViceId is valid iff
+     * (EndTimestamp - BeginTimestamp) is odd. By decrementing EndTime
+     * the transformations:
+     *
+     * (issue_date, life) -> (StartTime, EndTime) -> (issue_date, life)
+     * preserves the original values.
+     */
+    if (uid != 0)		/* valid ViceId */
+      {
+	if (!ODD(ct.EndTimestamp - ct.BeginTimestamp))
+	  ct.EndTimestamp--;
+      }
+    else			/* not valid ViceId */
+      {
+	if (ODD(ct.EndTimestamp - ct.BeginTimestamp))
+	  ct.EndTimestamp--;
+      }
+
+    t = buf;
+    /*
+     * length of secret token followed by secret token
+     */
+    sizeof_x = c->ticket_st.length;
+    memcpy(t, &sizeof_x, sizeof(sizeof_x));
+    t += sizeof(sizeof_x);
+    memcpy(t, c->ticket_st.dat, sizeof_x);
+    t += sizeof_x;
+    /*
+     * length of clear token followed by clear token
+     */
+    sizeof_x = sizeof(ct);
+    memcpy(t, &sizeof_x, sizeof(sizeof_x));
+    t += sizeof(sizeof_x);
+    memcpy(t, &ct, sizeof_x);
+    t += sizeof_x;
+
+    /*
+     * do *not* mark as primary cell
+     */
+    sizeof_x = 0;
+    memcpy(t, &sizeof_x, sizeof(sizeof_x));
+    t += sizeof(sizeof_x);
+    /*
+     * follow with cell name
+     */
+    sizeof_x = strlen(cell) + 1;
+    memcpy(t, cell, sizeof_x);
+    t += sizeof_x;
+
+    /*
+     * Build argument block
+     */
+    parms.in = buf;
+    parms.in_size = t - buf;
+    parms.out = 0;
+    parms.out_size = 0;
+    ret = k_pioctl(0, VIOCSETTOK, &parms, 0);
+    return ret;
+}
+
+/* Try to get a db-server for an AFS cell from a AFSDB record */
+
+static int
+dns_find_cell(const char *cell, char *dbserver, size_t len)
+{
+    struct dns_reply *r;
+    int ok = -1;
+    r = dns_lookup(cell, "afsdb");
+    if(r){
+	struct resource_record *rr = r->head;
+	while(rr){
+	    if(rr->type == T_AFSDB && rr->u.afsdb->preference == 1){
+		strcpy_truncate(dbserver,
+				rr->u.afsdb->domain,
+				len);
+		ok = 0;
+		break;
+	    }
+	    rr = rr->next;
+	}
+	dns_free_data(r);
+    }
+    return ok;
+}
+
+
+/*
+ * Try to find the cells we should try to klog to in "file".
+ */
+static void
+find_cells(char *file, char ***cells, int *index)
+{
+    FILE *f;
+    char cell[64];
+    int i;
+    int ind = *index;
+
+    f = fopen(file, "r");
+    if (f == NULL)
+	return;
+    while (fgets(cell, sizeof(cell), f)) {
+	char *nl = strchr(cell, '\n');
+	if (nl)
+	    *nl = '\0';
+	if (cell[0] == '\0')
+	    continue;
+	for(i = 0; i < ind; i++)
+	    if(strcmp((*cells)[i], cell) == 0)
+		break;
+	if(i == ind){
+	    char **tmp;
+
+	    tmp = realloc(*cells, (ind + 1) * sizeof(**cells));
+	    if (tmp == NULL)
+		break;
+	    *cells = tmp;
+	    (*cells)[ind] = strdup(cell);
+	    if ((*cells)[ind] == NULL)
+		break;
+	    ++ind;
+	}
+    }
+    fclose(f);
+    *index = ind;
+}
+
+/*
+ * Get tokens for all cells[]
+ */
+static int
+afslog_cells(kafs_data *data, char **cells, int max, uid_t uid,
+	     const char *homedir)
+{
+    int ret = 0;
+    int i;
+    for(i = 0; i < max; i++)
+	ret = (*data->afslog_uid)(data, cells[i], uid, homedir);
+    return ret;
+}
+
+int
+_kafs_afslog_all_local_cells(kafs_data *data, uid_t uid, const char *homedir)
+{
+    int ret;
+    char **cells = NULL;
+    int index = 0;
+
+    if (homedir == NULL)
+	homedir = getenv("HOME");
+    if (homedir != NULL) {
+	char home[MaxPathLen];
+	snprintf(home, sizeof(home), "%s/.TheseCells", homedir);
+	find_cells(home, &cells, &index);
+    }
+    find_cells(_PATH_THESECELLS, &cells, &index);
+    find_cells(_PATH_THISCELL, &cells, &index);
+    find_cells(_PATH_ARLA_THESECELLS, &cells, &index);
+    find_cells(_PATH_ARLA_THISCELL, &cells, &index);
+    
+    ret = afslog_cells(data, cells, index, uid, homedir);
+    while(index > 0)
+	free(cells[--index]);
+    free(cells);
+    return ret;
+}
+
+
+/* Find the realm associated with cell. Do this by opening
+   /usr/vice/etc/CellServDB and getting the realm-of-host for the
+   first VL-server for the cell.
+
+   This does not work when the VL-server is living in one realm, but
+   the cell it is serving is living in another realm.
+
+   Return 0 on success, -1 otherwise.
+   */
+
+int
+_kafs_realm_of_cell(kafs_data *data, const char *cell, char **realm)
+{
+    FILE *F;
+    char buf[1024];
+    char *p;
+    int ret = -1;
+
+    if ((F = fopen(_PATH_CELLSERVDB, "r"))
+	|| (F = fopen(_PATH_ARLA_CELLSERVDB, "r"))) {
+	while (fgets(buf, sizeof(buf), F)) {
+	    if (buf[0] != '>')
+		continue; /* Not a cell name line, try next line */
+	    if (strncmp(buf + 1, cell, strlen(cell)) == 0) {
+		/*
+		 * We found the cell name we're looking for.
+		 * Read next line on the form ip-address '#' hostname
+		 */
+		if (fgets(buf, sizeof(buf), F) == NULL)
+		    break;	/* Read failed, give up */
+		p = strchr(buf, '#');
+		if (p == NULL)
+		    break;	/* No '#', give up */
+		p++;
+		if (buf[strlen(buf) - 1] == '\n')
+		    buf[strlen(buf) - 1] = '\0';
+		*realm = (*data->get_realm)(data, p);
+		if (*realm && **realm != '\0')
+		    ret = 0;
+		break;		/* Won't try any more */
+	    }
+	}
+	fclose(F);
+    }
+    if (*realm == NULL && dns_find_cell(cell, buf, sizeof(buf)) == 0) {
+	*realm = strdup(krb_realmofhost(buf));
+	if(*realm != NULL)
+	    ret = 0;
+    }
+    return ret;
+}
+
+int
+_kafs_get_cred(kafs_data *data,
+	      const char *cell, 
+	      const char *krealm, 
+	      const char *lrealm,
+	      CREDENTIALS *c)
+{
+    int ret = -1;
+    char *vl_realm;
+    char CELL[64];
+
+    /* We're about to find the the realm that holds the key for afs in
+     * the specified cell. The problem is that null-instance
+     * afs-principals are common and that hitting the wrong realm might
+     * yield the wrong afs key. The following assumptions were made.
+     *
+     * Any realm passed to us is preferred.
+     *
+     * If there is a realm with the same name as the cell, it is most
+     * likely the correct realm to talk to.
+     *
+     * In most (maybe even all) cases the database servers of the cell
+     * will live in the realm we are looking for.
+     *
+     * Try the local realm, but if the previous cases fail, this is
+     * really a long shot.
+     *
+     */
+  
+    /* comments on the ordering of these tests */
+
+    /* If the user passes a realm, she probably knows something we don't
+     * know and we should try afs@krealm (otherwise we're talking with a
+     * blondino and she might as well have it.)
+     */
+  
+    if (krealm) {
+	ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, krealm, c);
+	if (ret == 0) return 0;
+	ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", krealm, c);
+    }
+    if (ret == 0) return 0;
+
+    foldup(CELL, cell);
+
+    ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, CELL, c);
+    if (ret == 0) return 0;
+
+    ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", CELL, c);
+    if (ret == 0) return 0;
+    
+    /* this might work in some cases */
+    if (_kafs_realm_of_cell(data, cell, &vl_realm) == 0) {
+	ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, vl_realm, c);
+	if (ret)
+	    ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", vl_realm, c);
+	free(vl_realm);
+	if (ret == 0) return 0;
+    }
+    
+    if (lrealm)
+	ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, lrealm, c);
+    return ret;
+}
+
+
diff --git a/crypto/kerberosIV/lib/kafs/dlfcn.c b/crypto/kerberosIV/lib/kafs/dlfcn.c
index 3f4de92..98e081c 100644
--- a/crypto/kerberosIV/lib/kafs/dlfcn.c
+++ b/crypto/kerberosIV/lib/kafs/dlfcn.c
@@ -115,14 +115,12 @@ void *dlopen(const char *path, int mode)
 		}
 	if ((mp = (ModulePtr)calloc(1, sizeof(*mp))) == NULL) {
 		errvalid++;
-		strcpy(errbuf, "calloc: ");
-		strcat(errbuf, strerror(errno));
+		snprintf (errbuf, "calloc: %s", strerror(errno));
 		return NULL;
 	}
 	if ((mp->name = strdup(path)) == NULL) {
 		errvalid++;
-		strcpy(errbuf, "strdup: ");
-		strcat(errbuf, strerror(errno));
+		snprintf (errbuf, "strdup: %s", strerror(errno));
 		free(mp);
 		return NULL;
 	}
@@ -134,9 +132,8 @@ void *dlopen(const char *path, int mode)
 		free(mp->name);
 		free(mp);
 		errvalid++;
-		strcpy(errbuf, "dlopen: ");
-		strcat(errbuf, path);
-		strcat(errbuf, ": ");
+		snprintf (errbuf, sizeof(errbuf),
+			  "dlopen: %s: ", path);
 		/*
 		 * If AIX says the file is not executable, the error
 		 * can be further described by querying the loader about
@@ -145,14 +142,18 @@ void *dlopen(const char *path, int mode)
 		if (errno == ENOEXEC) {
 			char *tmp[BUFSIZ/sizeof(char *)];
 			if (loadquery(L_GETMESSAGES, tmp, sizeof(tmp)) == -1)
-				strcpy(errbuf, strerror(errno));
+				strcpy_truncate(errbuf,
+						strerror(errno),
+						sizeof(errbuf));
 			else {
 				char **p;
 				for (p = tmp; *p; p++)
 					caterr(*p);
 			}
 		} else
-			strcat(errbuf, strerror(errno));
+			strcat_truncate(errbuf,
+					strerror(errno),
+					sizeof(errbuf));
 		return NULL;
 	}
 	mp->refCnt = 1;
@@ -161,8 +162,8 @@ void *dlopen(const char *path, int mode)
 	if (loadbind(0, mainModule, mp->entry) == -1) {
 		dlclose(mp);
 		errvalid++;
-		strcpy(errbuf, "loadbind: ");
-		strcat(errbuf, strerror(errno));
+		snprintf (errbuf, sizeof(errbuf),
+			  "loadbind: %s", strerror(errno));
 		return NULL;
 	}
 	/*
@@ -175,8 +176,9 @@ void *dlopen(const char *path, int mode)
 			if (loadbind(0, mp1->entry, mp->entry) == -1) {
 				dlclose(mp);
 				errvalid++;
-				strcpy(errbuf, "loadbind: ");
-				strcat(errbuf, strerror(errno));
+				snprintf (errbuf, sizeof(errbuf),
+					  "loadbind: %s",
+					  strerror(errno));
 				return NULL;
 			}
 	}
@@ -229,29 +231,29 @@ static void caterr(char *s)
 		p++;
 	switch(atoi(s)) {
 	case L_ERROR_TOOMANY:
-		strcat(errbuf, "to many errors");
+		strcat_truncate(errbuf, "to many errors", sizeof(errbuf));
 		break;
 	case L_ERROR_NOLIB:
-		strcat(errbuf, "can't load library");
-		strcat(errbuf, p);
+		strcat_truncate(errbuf, "can't load library", sizeof(errbuf));
+		strcat_truncate(errbuf, p, sizeof(errbuf));
 		break;
 	case L_ERROR_UNDEF:
-		strcat(errbuf, "can't find symbol");
-		strcat(errbuf, p);
+		strcat_truncate(errbuf, "can't find symbol", sizeof(errbuf));
+		strcat_truncate(errbuf, p, sizeof(errbuf));
 		break;
 	case L_ERROR_RLDBAD:
-		strcat(errbuf, "bad RLD");
-		strcat(errbuf, p);
+		strcat_truncate(errbuf, "bad RLD", sizeof(errbuf));
+		strcat_truncate(errbuf, p, sizeof(errbuf));
 		break;
 	case L_ERROR_FORMAT:
-		strcat(errbuf, "bad exec format in");
-		strcat(errbuf, p);
+		strcat_truncate(errbuf, "bad exec format in", sizeof(errbuf));
+		strcat_truncate(errbuf, p, sizeof(errbuf));
 		break;
 	case L_ERROR_ERRNO:
-		strcat(errbuf, strerror(atoi(++p)));
+		strcat_truncate(errbuf, strerror(atoi(++p)), sizeof(errbuf));
 		break;
 	default:
-		strcat(errbuf, s);
+		strcat_truncate(errbuf, s, sizeof(errbuf));
 		break;
 	}
 }
@@ -270,8 +272,8 @@ void *dlsym(void *handle, const char *symbol)
 		if (strcmp(ep->name, symbol) == 0)
 			return ep->addr;
 	errvalid++;
-	strcpy(errbuf, "dlsym: undefined symbol ");
-	strcat(errbuf, symbol);
+	snprintf (errbuf, sizeof(errbuf),
+		  "dlsym: undefined symbol %s", symbol);		  
 	return NULL;
 }
 
@@ -311,7 +313,8 @@ int dlclose(void *handle)
 	result = unload(mp->entry);
 	if (result == -1) {
 		errvalid++;
-		strcpy(errbuf, strerror(errno));
+		snprintf (errbuf, sizeof(errbuf),
+			  "%s", strerror(errno));
 	}
 	if (mp->exports) {
 		ExportPtr ep;
@@ -360,8 +363,9 @@ static int readExports(ModulePtr mp)
 		int size = 4*1024;
 		if (errno != ENOENT) {
 			errvalid++;
-			strcpy(errbuf, "readExports: ");
-			strcat(errbuf, strerror(errno));
+			snprintf(errbuf, sizeof(errbuf),
+				 "readExports: %s",
+				 strerror(errno));
 			return -1;
 		}
 		/*
@@ -371,8 +375,9 @@ static int readExports(ModulePtr mp)
 		 */
 		if ((buf = malloc(size)) == NULL) {
 			errvalid++;
-			strcpy(errbuf, "readExports: ");
-			strcat(errbuf, strerror(errno));
+			snprintf(errbuf, sizeof(errbuf),
+				 "readExports: %s",
+				 strerror(errno));
 			return -1;
 		}
 		while ((i = loadquery(L_GETINFO, buf, size)) == -1 && errno == ENOMEM) {
@@ -380,15 +385,17 @@ static int readExports(ModulePtr mp)
 			size += 4*1024;
 			if ((buf = malloc(size)) == NULL) {
 				errvalid++;
-				strcpy(errbuf, "readExports: ");
-				strcat(errbuf, strerror(errno));
+				snprintf(errbuf, sizeof(errbuf),
+					 "readExports: %s",
+					 strerror(errno));
 				return -1;
 			}
 		}
 		if (i == -1) {
 			errvalid++;
-			strcpy(errbuf, "readExports: ");
-			strcat(errbuf, strerror(errno));
+			snprintf(errbuf, sizeof(errbuf),
+				 "readExports: %s",
+				 strerror(errno));
 			free(buf);
 			return -1;
 		}
@@ -411,14 +418,14 @@ static int readExports(ModulePtr mp)
 		free(buf);
 		if (!ldp) {
 			errvalid++;
-			strcpy(errbuf, "readExports: ");
-			strcat(errbuf, strerror(errno));
+			snprintf (errbuf, sizeof(errbuf),
+				  "readExports: %s", strerror(errno));
 			return -1;
 		}
 	}
 	if (TYPE(ldp) != U802TOCMAGIC) {
 		errvalid++;
-		strcpy(errbuf, "readExports: bad magic");
+		snprintf(errbuf, sizeof(errbuf), "readExports: bad magic");
 		while(ldclose(ldp) == FAILURE)
 			;
 		return -1;
@@ -430,14 +437,16 @@ static int readExports(ModulePtr mp)
 	 */
 	if (ldnshread(ldp, _DATA, &shdata) != SUCCESS) {
 		errvalid++;
-		strcpy(errbuf, "readExports: cannot read data section header");
+		snprintf(errbuf, sizeof(errbuf),
+			 "readExports: cannot read data section header");
 		while(ldclose(ldp) == FAILURE)
 			;
 		return -1;
 	}
 	if (ldnshread(ldp, _LOADER, &sh) != SUCCESS) {
 		errvalid++;
-		strcpy(errbuf, "readExports: cannot read loader section header");
+		snprintf(errbuf, sizeof(errbuf),
+			 "readExports: cannot read loader section header");
 		while(ldclose(ldp) == FAILURE)
 			;
 		return -1;
@@ -448,15 +457,16 @@ static int readExports(ModulePtr mp)
 	 */
 	if ((ldbuf = (char *)malloc(sh.s_size)) == NULL) {
 		errvalid++;
-		strcpy(errbuf, "readExports: ");
-		strcat(errbuf, strerror(errno));
+		snprintf (errbuf, sizeof(errbuf),
+			  "readExports: %s", strerror(errno));
 		while(ldclose(ldp) == FAILURE)
 			;
 		return -1;
 	}
 	if (FSEEK(ldp, sh.s_scnptr, BEGINNING) != OKFSEEK) {
 		errvalid++;
-		strcpy(errbuf, "readExports: cannot seek to loader section");
+		snprintf(errbuf, sizeof(errbuf),
+			 "readExports: cannot seek to loader section");
 		free(ldbuf);
 		while(ldclose(ldp) == FAILURE)
 			;
@@ -464,7 +474,8 @@ static int readExports(ModulePtr mp)
 	}
 	if (FREAD(ldbuf, sh.s_size, 1, ldp) != 1) {
 		errvalid++;
-		strcpy(errbuf, "readExports: cannot read loader section");
+		snprintf(errbuf, sizeof(errbuf),
+			 "readExports: cannot read loader section");
 		free(ldbuf);
 		while(ldclose(ldp) == FAILURE)
 			;
@@ -482,8 +493,8 @@ static int readExports(ModulePtr mp)
 	}
 	if ((mp->exports = (ExportPtr)calloc(mp->nExports, sizeof(*mp->exports))) == NULL) {
 		errvalid++;
-		strcpy(errbuf, "readExports: ");
-		strcat(errbuf, strerror(errno));
+		snprintf (errbuf, sizeof(errbuf),
+			  "readExports: %s", strerror(errno));
 		free(ldbuf);
 		while(ldclose(ldp) == FAILURE)
 			;
@@ -508,8 +519,8 @@ static int readExports(ModulePtr mp)
 			 * must copy the first SYMNMLEN chars and make
 			 * sure we have a zero byte at the end.
 			 */
-			strncpy(tmpsym, ls->l_name, SYMNMLEN);
-			tmpsym[SYMNMLEN] = '\0';
+		        strcpy_truncate (tmpsym, ls->l_name,
+					 SYMNMLEN + 1);
 			symname = tmpsym;
 		}
 		ep->name = strdup(symname);
@@ -537,8 +548,8 @@ static void * findMain(void)
 
 	if ((buf = malloc(size)) == NULL) {
 		errvalid++;
-		strcpy(errbuf, "findMain: ");
-		strcat(errbuf, strerror(errno));
+		snprintf (errbuf, sizeof(errbuf),
+			  "findMail: %s", strerror(errno));
 		return NULL;
 	}
 	while ((i = loadquery(L_GETINFO, buf, size)) == -1 && errno == ENOMEM) {
@@ -546,15 +557,15 @@ static void * findMain(void)
 		size += 4*1024;
 		if ((buf = malloc(size)) == NULL) {
 			errvalid++;
-			strcpy(errbuf, "findMain: ");
-			strcat(errbuf, strerror(errno));
+			snprintf (errbuf, sizeof(errbuf),
+				  "findMail: %s", strerror(errno));
 			return NULL;
 		}
 	}
 	if (i == -1) {
 		errvalid++;
-		strcpy(errbuf, "findMain: ");
-		strcat(errbuf, strerror(errno));
+		snprintf (errbuf, sizeof(errbuf),
+			  "findMail: %s", strerror(errno));
 		free(buf);
 		return NULL;
 	}
diff --git a/crypto/kerberosIV/lib/kafs/kafs.h b/crypto/kerberosIV/lib/kafs/kafs.h
index b3c53b5..cdf23cb 100644
--- a/crypto/kerberosIV/lib/kafs/kafs.h
+++ b/crypto/kerberosIV/lib/kafs/kafs.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -36,13 +36,13 @@
  * SUCH DAMAGE.
  */
 
-/* $Id: kafs.h,v 1.19 1997/05/14 17:41:02 joda Exp $ */
+/* $Id: kafs.h,v 1.31 1999/07/07 12:30:40 assar Exp $ */
 
 #ifndef __KAFS_H
 #define __KAFS_H
 
-#include <ktypes.h>
-#include <sys/cdefs.h>
+/* XXX must include krb5.h or krb.h */
+
 /* sys/ioctl.h must be included manually before kafs.h */
 
 /*
@@ -54,10 +54,39 @@
 #define _VICEIOCTL(id)  ((unsigned int ) _IOW('V', id, struct ViceIoctl))
 #endif /* _VICEIOCTL */
 
+#define VIOCSETAL		_VICEIOCTL(1)
+#define VIOCGETAL		_VICEIOCTL(2)
 #define VIOCSETTOK		_VICEIOCTL(3)
+#define VIOCGETVOLSTAT		_VICEIOCTL(4)
+#define VIOCSETVOLSTAT		_VICEIOCTL(5)
+#define VIOCFLUSH		_VICEIOCTL(6)
 #define VIOCGETTOK		_VICEIOCTL(8)
 #define VIOCUNLOG		_VICEIOCTL(9)
+#define VIOCCKSERV		_VICEIOCTL(10)
+#define VIOCCKBACK		_VICEIOCTL(11)
+#define VIOCCKCONN		_VICEIOCTL(12)
+#define VIOCWHEREIS		_VICEIOCTL(14)
+#define VIOCACCESS		_VICEIOCTL(20)
+#define VIOCUNPAG		_VICEIOCTL(21)
+#define VIOCGETFID		_VICEIOCTL(22)
+#define VIOCSETCACHESIZE	_VICEIOCTL(24)
+#define VIOCFLUSHCB		_VICEIOCTL(25)
+#define VIOCNEWCELL		_VICEIOCTL(26)
+#define VIOCGETCELL		_VICEIOCTL(27)
+#define VIOC_AFS_DELETE_MT_PT	_VICEIOCTL(28)
+#define VIOC_AFS_STAT_MT_PT	_VICEIOCTL(29)
 #define VIOC_FILE_CELL_NAME	_VICEIOCTL(30)
+#define VIOC_GET_WS_CELL	_VICEIOCTL(31)
+#define VIOC_AFS_MARINER_HOST	_VICEIOCTL(32)
+#define VIOC_GET_PRIMARY_CELL	_VICEIOCTL(33)
+#define VIOC_VENUSLOG		_VICEIOCTL(34)
+#define VIOC_GETCELLSTATUS	_VICEIOCTL(35)
+#define VIOC_SETCELLSTATUS	_VICEIOCTL(36)
+#define VIOC_FLUSHVOLUME	_VICEIOCTL(37)
+#define VIOC_AFS_SYSNAME	_VICEIOCTL(38)
+#define VIOC_EXPORTAFS		_VICEIOCTL(39)
+#define VIOCGETCACHEPARAMS	_VICEIOCTL(40)
+#define VIOC_GCPAGS		_VICEIOCTL(48) 
 
 struct ViceIoctl {
   caddr_t in, out;
@@ -73,17 +102,34 @@ struct ClearToken {
   int32_t EndTimestamp;
 };
 
+#ifdef __STDC__
 #ifndef __P
 #define __P(x) x
 #endif
+#else
+#ifndef __P
+#define __P(x) ()
+#endif
+#endif
 
 /* Use k_hasafs() to probe if the machine supports AFS syscalls.
    The other functions will generate a SIGSYS if AFS is not supported */
 
 int k_hasafs __P((void));
 
-int k_afsklog __P((const char *cell, const char *realm));
-int k_afsklog_uid __P((const char *cell, const char *realm, uid_t uid));
+int krb_afslog __P((const char *cell, const char *realm));
+int krb_afslog_uid __P((const char *cell, const char *realm, uid_t uid));
+int krb_afslog_home __P((const char *cell, const char *realm,
+			 const char *homedir));
+int krb_afslog_uid_home __P((const char *cell, const char *realm, uid_t uid,
+			     const char *homedir));
+
+int krb_realm_of_cell __P((const char *cell, char **realm));
+
+/* compat */
+#define k_afsklog krb_afslog
+#define k_afsklog_uid krb_afslog_uid
+
 int k_pioctl __P((char *a_path,
 		  int o_opcode,
 		  struct ViceIoctl *a_paramsP,
@@ -92,9 +138,59 @@ int k_unlog __P((void));
 int k_setpag __P((void));
 int k_afs_cell_of_file __P((const char *path, char *cell, int len));
 
+
+
+/* XXX */
+#ifdef KFAILURE
+#define KRB_H_INCLUDED
+#endif
+
+#ifdef KRB5_RECVAUTH_IGNORE_VERSION
+#define KRB5_H_INCLUDED
+#endif
+
+#ifdef KRB_H_INCLUDED
+int kafs_settoken __P((const char*, uid_t, CREDENTIALS*));
+#endif
+
+#ifdef KRB5_H_INCLUDED
+krb5_error_code krb5_afslog_uid __P((krb5_context context,
+				     krb5_ccache id,
+				     const char *cell,
+				     krb5_const_realm realm,
+				     uid_t uid));
+krb5_error_code krb5_afslog __P((krb5_context context,
+				 krb5_ccache id, 
+				 const char *cell,
+				 krb5_const_realm realm));
+krb5_error_code krb5_afslog_uid_home __P((krb5_context context,
+					  krb5_ccache id,
+					  const char *cell,
+					  krb5_const_realm realm,
+					  uid_t uid,
+					  const char *homedir));
+
+krb5_error_code krb5_afslog_home __P((krb5_context context,
+				      krb5_ccache id,
+				      const char *cell,
+				      krb5_const_realm realm,
+				      const char *homedir));
+
+krb5_error_code krb5_realm_of_cell __P((const char *cell, char **realm));
+
+#endif
+
+
 #define _PATH_VICE		"/usr/vice/etc/"
 #define _PATH_THISCELL 		_PATH_VICE "ThisCell"
 #define _PATH_CELLSERVDB 	_PATH_VICE "CellServDB"
 #define _PATH_THESECELLS	_PATH_VICE "TheseCells"
 
+#define _PATH_ARLA_VICE		"/usr/arla/etc/"
+#define _PATH_ARLA_THISCELL	_PATH_ARLA_VICE "ThisCell"
+#define _PATH_ARLA_CELLSERVDB 	_PATH_ARLA_VICE "CellServDB"
+#define _PATH_ARLA_THESECELLS	_PATH_ARLA_VICE "TheseCells"
+
+extern int _kafs_debug;
+
 #endif /* __KAFS_H */
diff --git a/crypto/kerberosIV/lib/kafs/kafs_locl.h b/crypto/kerberosIV/lib/kafs/kafs_locl.h
index 6ada6ab..6174f74 100644
--- a/crypto/kerberosIV/lib/kafs/kafs_locl.h
+++ b/crypto/kerberosIV/lib/kafs/kafs_locl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -36,13 +36,14 @@
  * SUCH DAMAGE.
  */
 
-/* $Id: kafs_locl.h,v 1.3 1997/05/04 23:04:44 assar Exp $ */
+/* $Id: kafs_locl.h,v 1.12.2.1 1999/07/22 03:22:05 assar Exp $ */
 
 #ifndef __KAFS_LOCL_H__
 #define __KAFS_LOCL_H__
 
+#ifdef HAVE_CONFIG_H
 #include <config.h>
-#include <protos.h>
+#endif
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -57,7 +58,7 @@
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
-#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
 #include <sys/ioctl.h>
 #endif
 #ifdef HAVE_SYS_FILIO_H
@@ -73,6 +74,13 @@
 #ifdef HAVE_NETINET_IN_H
 #include <netinet/in.h>
 #endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+
 #ifdef HAVE_NETDB_H
 #include <netdb.h>
 #endif
@@ -85,12 +93,45 @@
 #endif
 #include <roken.h>
 
+#ifdef KRB5
+#include <krb5.h>
+#endif
+#ifdef KRB4
 #include <krb.h>
+#endif
 #include <kafs.h>
 
 #include <resolve.h>
 
 #include "afssysdefs.h"
 
+struct kafs_data;
+typedef int (*afslog_uid_func_t)(struct kafs_data*, const char*, uid_t,
+				 const char *);
+
+typedef int (*get_cred_func_t)(struct kafs_data*, const char*, const char*, 
+				    const char*, CREDENTIALS*);
+
+typedef char* (*get_realm_func_t)(struct kafs_data*, const char*);
+
+typedef struct kafs_data {
+    afslog_uid_func_t afslog_uid;
+    get_cred_func_t get_cred;
+    get_realm_func_t get_realm;
+    void *data;
+} kafs_data;
+
+int _kafs_afslog_all_local_cells(kafs_data*, uid_t, const char*);
+
+int _kafs_get_cred(kafs_data*, const char*, const char*, const char *, 
+		  CREDENTIALS*);
+
+int
+_kafs_realm_of_cell(kafs_data *data, const char *cell, char **realm);
+
+#ifdef _AIX
+int aix_pioctl(char*, int, struct ViceIoctl*, int);
+int aix_setpag(void);
+#endif
 
 #endif /* __KAFS_LOCL_H__ */